Add serialization module and simplify lib.rs

Adam Gibson · Adam Gibson · commit 5fba3ec78a54 · 2024-11-12T15:27:56.000-06:00
This commit substantially refactors the parts of the code concerned with
serializing and deserializing keys and points, and isolates the handling
of the conversion between BIP340 and ark-ec to a module "serialization".
diff --git a/src/autctactions.rs b/src/autctactions.rs
@@ -7,7 +7,7 @@ use crate::key_processing::create_fake_privkeys_values_files;
 use crate::rpcclient;
 //use crate::rpcserver;
 use crate::config::{AutctConfig, get_params_from_config_string};
-use crate::utils::write_file_string;
+use crate::serialization::{write_file_string, read_file_string};
 use std::io::Write;
 use std::error::Error;
 use base64::prelude::*;
@@ -42,7 +42,7 @@ pub async fn create_test_data(autctcfg: AutctConfig) -> Result<(), Box<dyn Error
 pub async fn request_encrypt_key(autctcfg: AutctConfig) -> Result<(), Box<dyn Error>>  {
     let password = rpassword::prompt_password("Enter a password to encrypt the private key: ").unwrap();
     let privkey_file_str = autctcfg.privkey_file_str.clone().unwrap();
-    let plaintext_priv_wif = crate::utils::read_file_string(&privkey_file_str)?;
+    let plaintext_priv_wif = read_file_string(&privkey_file_str)?;
     let mut buf: Vec<u8> = Vec::new();
     write!(&mut buf, "{}", plaintext_priv_wif)?;
     let encrypted_data = encrypt(&buf, &password.as_bytes())?;
diff --git a/src/key_processing.rs b/src/key_processing.rs
@@ -1,33 +1,25 @@
 #![allow(non_snake_case)]
 
-/// Processing bitcoin private keys, public keys
-/// Two main tasks are addressed by this module:
-/// 1. creating sets of privkey test values and the
-/// corresponding pubkey files.
-/// 2. handling conversions between WIF, hex BIP340
-/// and ark_ec serialization formats.
+/// Processing bitcoin private key files
 
 extern crate bulletproofs;
 extern crate merlin;
 extern crate rand;
 
-use ark_ec::{AffineRepr, CurveGroup};
+use ark_ec::AffineRepr;
 use ark_serialize::CanonicalSerialize;
 use bitcoin::secp256k1::All;
 use rand::Rng;
 use std::iter::zip;
 
 use std::error::Error;
-use std::ops::{Mul, Add};
 use std::io::Write;
 use ark_ec::short_weierstrass::Affine;
 use ark_secp256k1::Config as SecpConfig;
-use ark_secp256k1::Fq as SecpBase;
-use bitcoin::key::{Secp256k1, TapTweak, UntweakedKeypair};
-use bitcoin::{PrivateKey, XOnlyPublicKey};
+use bitcoin::key::Secp256k1;
+use bitcoin::PrivateKey;
 use crate::auditor::get_audit_generators;
-use crate::utils::*;
-use ark_ff::BigInteger256;
+use crate::serialization::{self, *};
 
 
 type F = <ark_secp256k1::Affine as AffineRepr>::ScalarField;
@@ -52,7 +44,7 @@ pub fn create_fake_privkeys_values_files(num_privs: u64,
             &buf, bitcoin::Network::Signet).unwrap();
         let privhex = hex::encode(&privk2.to_bytes());
     
-        let x = decode_hex_le_to_F::<F>(&privhex);
+        let x = decode_hex_le_to_F::<F>(&privhex)?;
         privkey_wifs.push(get_wif_from_field_elem(x)?);
     }
 
@@ -121,29 +113,6 @@ output_filename: &str) -> Result<(), Box<dyn Error>> {
     write_file_string(output_filename, buf);
     Ok(())  
 }
-/// Currently not in use:
-/// A functoin to write the commitments to a keyset
-/// file, but in BIP340 format:
-pub fn write_keyset_file_from_commitments_UNUSED(comms: Vec<Affine<SecpConfig>>,
-    output_filename: &str) -> Result<(), Box<dyn Error>> {
-    let mut buf: Vec<u8> = Vec::new();
-    let mut commslist: Vec<String> = Vec::new();
-    for comm in comms {
-        let mut buf2: Vec<u8> = Vec::new();
-        comm.serialize_with_mode(&mut buf2,
-            ark_serialize::Compress::Yes)?;
-        // ignore the final byte which is the sign byte in ark:
-        let buf3  = &mut buf2[0..32];
-        // ark uses LE, so stop that nonsense:
-        buf3.reverse();
-        let bin_bip340_pubkey = XOnlyPublicKey::from_slice(&buf3)?.serialize();
-        let hex_bip340_pubkey = hex::encode(bin_bip340_pubkey);
-        commslist.push(hex_bip340_pubkey);  
-    }
-    write!(&mut buf, "{}", commslist.join(" "))?;
-    write_file_string(output_filename, buf);
-    Ok(())
-}
 
 pub fn get_commitments_from_wif_and_sats_file(privkeys_values_file_loc: &str,
 secp: &Secp256k1::<All>) -> Result<
@@ -158,60 +127,15 @@ pub fn get_commitments_from_wif_and_sats(privkeys_wif: Vec<String>,
     values: Vec<u64>, secp: &Secp256k1<All>)
 -> Result<Vec<Affine<SecpConfig>>, Box<dyn Error>> {
     let (_, J) = get_audit_generators();
-    //Form list of commitments as xG + vJ
     let mut comms: Vec<Affine<SecpConfig>> = Vec::new();
     for i in 0..privkeys_wif.len() {
-        let privk2: PrivateKey = PrivateKey::from_wif(
-            &privkeys_wif[i])?;
-        let untweaked_key_pair: UntweakedKeypair =
-        UntweakedKeypair::from_secret_key(
-            &secp, &privk2.inner);
-        let tweaked_key_pair = untweaked_key_pair
-        .tap_tweak(&secp, None);
-        let privkey_bytes = tweaked_key_pair
-        .to_inner().secret_bytes();
-        let privhex = hex::encode(&privkey_bytes);
-         let x: F = decode_hex_le_to_F(&privhex);
-        let v = F::from(values[i]);
-        let P: Affine<SecpConfig>;
-        (_, P) = get_pub_and_flip_if_necessary(x)?;
-        // C = xG + vJ (note *un*blinded)
-        comms.push(P.add(J.mul(v)).into_affine());
+        let (_, comm) = serialization::privkey_val_to_taproot_ark_ec(
+            &privkeys_wif[i], values[i], J, secp)?;
+        comms.push(comm);
     }
     Ok(comms)
 }
 
-pub fn get_wif_from_field_elem(x: F) -> Result<String, Box<dyn Error>>{
-    let mut buf: Vec<u8> = Vec::new();
-    x.serialize_compressed(&mut buf)?;
-    buf.reverse();
-    let privk2: PrivateKey = PrivateKey::from_slice(&buf, bitcoin::Network::Signet).unwrap();
-    return Ok(privk2.to_wif());
-}
-
-pub fn get_field_elem_from_wif(wif: &String) -> Result<F, Box<dyn Error>> {
-    let privk = PrivateKey::from_wif(wif)?;
-    let privkey_bytes = privk.to_bytes();
-    let privhex = hex::encode(&privkey_bytes);
-    Ok(decode_hex_le_to_F::<F>(&privhex))
-}
-
-/// Since we are using BIP340 pubkeys on chain, we must use the correct
-/// sign of x, such that the parity of x*G is even.
-/// This is because, the public servers/verifiers have no choice
-/// but to assume that the public representation (a BIP340 key)
-/// corresponds to that parity, when they do the P +vG arithmetic.
-pub fn get_pub_and_flip_if_necessary(mut x: F) -> Result<(F, Affine<SecpConfig>), Box<dyn Error>> {
-    let (G, _) = get_audit_generators();
-    let mut P = G.mul(x).into_affine();
-    let yval: SecpBase = *P.y().unwrap();
-    let yvalint: BigInteger256 = BigInteger256::from(yval);
-    if yvalint.0[0] % 2 == 1 {
-        x = -x;
-        P = -P;}
-    Ok((x, P))
-}
-
 pub fn get_privkeys_and_values(fileloc: &str) -> Result<(Vec<String>, Vec<u64>), Box<dyn Error>>{
     let ptext = read_file_string(&fileloc)?;
     let lines = ptext.lines();
diff --git a/src/keyimagestore.rs b/src/keyimagestore.rs
@@ -11,7 +11,8 @@ use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
 
 use crate::config::AutctConfig;
 use crate::utils::{APP_DOMAIN_LABEL,
-    get_generators, write_file_string2};
+    get_generators};
+use crate::serialization::write_file_string2;
 
 pub const KEYIMAGE_FILE_EXTENSION: &[u8] = b".aki";
 
diff --git a/src/lib.rs b/src/lib.rs
@@ -13,6 +13,7 @@ pub mod generalschnorr;
 pub mod key_processing;
 pub mod sumrangeproof;
 pub mod auditor;
+pub mod serialization;
 extern crate rand;
 extern crate alloc;
 extern crate ark_secp256k1;
@@ -55,8 +56,8 @@ pub mod rpc {
 
     use super::*;
     use std::{sync::{Arc, Mutex}, u64};
-    use ark_ff::BigInteger256;
     use relations::curve_tree::{CurveTree, SelRerandParameters};
+    use serialization::privkey_val_to_taproot_ark_ec;
 
     pub struct RPCProverVerifierArgs {
                 pub keyset_file_locs: Vec<String>,
@@ -138,7 +139,8 @@ impl Clone for RPCProverVerifierArgs {
                     // failing is a logic error):
                     let encrypted_data = encrypt(&buf, &args.encryption_password.as_bytes())
                     .expect("Failed to encrypt");
-                    write_file_string(&resp.privkey_file_loc.clone().unwrap(), encrypted_data);
+                    serialization::write_file_string(&resp.privkey_file_loc.clone().unwrap(),
+                    encrypted_data);
                     let secp = Secp256k1::new();
                     // this is the standard way to generate plain-vanilla taproot addresses:
                     // it is not "raw" (rawtr in descriptors) but it applies a merkle root of
@@ -215,61 +217,20 @@ impl Clone for RPCProverVerifierArgs {
                     type F = <ark_secp256k1::Affine as AffineRepr>::ScalarField;
                     let mut privkeys: Vec<F> = Vec::new();
                     for i in 0..privkeys_wif.len() {
-                        let privkeyres1 =
-                        PrivateKey::from_wif(
-                            &privkeys_wif[i]);
-                        let privkey: PrivateKey = privkeyres1.unwrap();
-                        let untweaked_key_pair: UntweakedKeypair =
-                        UntweakedKeypair::from_secret_key(
-                            &secp, &privkey.inner);
-                        let tweaked_key_pair =
-                        untweaked_key_pair.tap_tweak(&secp, None);
-                        let privkey_bytes = tweaked_key_pair.
-                        to_inner().secret_bytes();
-                        let privhex = hex::encode(&privkey_bytes);
-    
-                        let mut x =
-                        decode_hex_le_to_F::<F>(&privhex);
-                        let mut P = G.mul(x).into_affine();
-                        // Since we are using BIP340 pubkeys on chain, we must use the correct
-                        // sign of x, such that the parity of x*G is even.
-                        // This is because, the public servers/verifiers have no choice
-                        // but to assume that the public representation (a BIP340 key)
-                        // corresponds to that parity, when they do the P +vG arithmetic.
-                        // TODO refactor this, it is reused in key_processing.rs:
-                        let yval: SecpBase = *P.y().unwrap();
-                        let yvalint: BigInteger256 = BigInteger256::from(yval);
-                        if yvalint.0[0] % 2 == 1 {
-                            x = -x;
-                            P = -P;}
+                        let pvres = privkey_val_to_taproot_ark_ec(
+                            &privkeys_wif[i], values[i], J, &secp);
+                        if pvres.is_err(){
+                            resp.accepted = -1;
+                            return Ok(resp);
+                        }
+                        let (x, comm) = pvres.unwrap();
                         privkeys.push(x);
-                        let v = F::from(values[i]);
-                        // C = xG + vJ (note *un*blinded)
-                        comms.push(P.add(J.mul(v)).into_affine());
+                        comms.push(comm);
                     }
                     // 1b. Find the indices of each of the above commitments
                     // in the pks file.
-                    /*
-                    let filestr:String = read_file_string(&keyset)
-                    .expect("Failed to read pubkey file");
-                    let hex_keys_vec = filestr.split_whitespace().collect::<Vec<_>>();
-                    // replace with convert_pt_to_hex_bip340
-                    let hex_bip340_pubkey = match convert_pt_to_hex_bip340(P) {
-                        Err(_) => {resp.accepted = -8;
-                            return Ok(resp);}
-                            Ok(hp) => hp
-                    };
-                    let key_index =
-                    match get_key_index_from_hex_leaves(
-                        &hex_keys_vec, hex_bip340_pubkey){
-                            Err(_) => {resp.accepted = -8;
-                                return Ok(resp);}
-                                Ok(ki) =>
-                                ki
-                        };
-                     */
                     let mut comms_indices: Vec<i32> = Vec::new();
-                    let filestr = read_file_string(&pva.keyset_file_locs[0])
+                    let filestr = serialization::read_file_string(&pva.keyset_file_locs[0])
                     .expect("Failed to read pubkey file");
                     let hex_keys_vec = filestr.split_whitespace().collect::<Vec<_>>();
                     // for each of the points in comms, search for its serialization
@@ -324,7 +285,6 @@ impl Clone for RPCProverVerifierArgs {
                         resp.accepted = -2;
                         return Ok(resp);
                     }
-                    //let verifres = auditproof
                     // 5. Update the response object and return the serialization of the proof.
                     let mut buf = Vec::with_capacity(prf.serialized_size(Compress::Yes));
                     if prf.serialize_compressed(&mut buf).is_err(){
@@ -467,7 +427,12 @@ impl Clone for RPCProverVerifierArgs {
                     let privkey_bytes = tweaked_key_pair.to_inner().secret_bytes();
                     let privhex = hex::encode(&privkey_bytes);
 
-                    let x = decode_hex_le_to_F::<F>(&privhex);
+                    let xres = serialization::decode_hex_le_to_F::<F>(&privhex);
+                    if xres.is_err(){
+                        resp.accepted = -7;
+                        return Ok(resp);
+                    }
+                    let x = xres.unwrap();
                     let G = SecpConfig::GENERATOR;
                     let P = G.mul(x).into_affine();
                     print_affine_compressed(P, "request pubkey");
@@ -478,11 +443,11 @@ impl Clone for RPCProverVerifierArgs {
                     // TODO the correct solution here is to make all serializations
                     // read at this level be ark- type and in binary and relegate
                     // both hex and BIP340 formats to external modules.
-                    let filestr:String = read_file_string(&keyset)
+                    let filestr:String = serialization::read_file_string(&keyset)
                     .expect("Failed to read pubkey file");
                     let hex_keys_vec = filestr.split_whitespace().collect::<Vec<_>>();
-                    // replace with convert_pt_to_hex_bip340
-                    let hex_bip340_pubkey = match convert_pt_to_hex_bip340(P) {
+                    let hex_bip340_pubkey = match
+                    serialization::convert_pt_to_hex_bip340(P) {
                         Err(_) => {resp.accepted = -8;
                             return Ok(resp);}
                             Ok(hp) => hp
diff --git a/src/rpcserver.rs b/src/rpcserver.rs
@@ -4,8 +4,8 @@ use ark_serialize::{ CanonicalDeserialize,
     Compress, Validate};
 use crate::rpc::{RPCAuditProofVerifier, RPCAuditProver,
     RPCCreateKeys, RPCProverVerifierArgs, RPCEcho};
-use crate::utils::{get_curve_tree,
-    convert_keys, APP_DOMAIN_LABEL};
+use crate::utils::{get_curve_tree, APP_DOMAIN_LABEL};
+use crate::serialization::convert_keys;
 use tokio::{task, net::TcpListener};
 use std::fs;
 use std::error::Error;
diff --git a/src/serialization.rs b/src/serialization.rs
diff --git a/src/utils.rs b/src/utils.rs
