fixes

aptos-labs · Feb 3, 2025 · 887f89c · 887f89c
1 parent 21cb43e
commit 887f89c
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 30 deletions.
diff --git a/aptos-move/aptos-gas-schedule/src/gas_schedule/aptos_framework.rs b/aptos-move/aptos-gas-schedule/src/gas_schedule/aptos_framework.rs
@@ -243,7 +243,7 @@ crate::gas_schedule::macros::define_gas_parameters!(
         // Bulletproofs gas parameters end.
 
         // Bulletproofs batch vrfy gas parameters begin.
-        // Generated at time 1738278510.3867955 by `scripts/algebra-gas/update_bulletproofs_batch_vrfy_gas_params.py` with gas_per_ns=295.16.
+        // Generated at time 1738278510.3867955 by `scripts/algebra-gas/update_bulletproofs_batch_verify_gas_params.py` with gas_per_ns=295.16.
         [bulletproofs_verify_base_batch_1_bits_8: InternalGas, { RELEASE_V1_27.. => "bulletproofs.verify.base_batch_1_bits_8" }, 133_731_503],
         [bulletproofs_verify_base_batch_1_bits_16: InternalGas, { RELEASE_V1_27.. => "bulletproofs.verify.base_batch_1_bits_16" }, 195_542_132],
         [bulletproofs_verify_base_batch_1_bits_32: InternalGas, { RELEASE_V1_27.. => "bulletproofs.verify.base_batch_1_bits_32" }, 310_976_813],

diff --git a/aptos-move/framework/aptos-stdlib/doc/ristretto255_bulletproofs.md b/aptos-move/framework/aptos-stdlib/doc/ristretto255_bulletproofs.md
@@ -86,7 +86,17 @@ The native functions have not been rolled out yet.
 The range proof system only supports batch sizes of 1, 2, 4, 8, and 16.
 
 
-<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_BATCH_SIZE_NOT_SUPPORTED">E_BATCH_SIZE_NOT_SUPPORTED</a>: u64 = 3;
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_BATCH_SIZE_NOT_SUPPORTED">E_BATCH_SIZE_NOT_SUPPORTED</a>: u64 = 4;
+</code></pre>
+
+
+
+<a id="0x1_ristretto255_bulletproofs_E_DESERIALIZE_RANGE_PROOF"></a>
+
+There was an error deserializing the range proof.
+
+
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_DESERIALIZE_RANGE_PROOF">E_DESERIALIZE_RANGE_PROOF</a>: u64 = 1;
 </code></pre>
 
 
@@ -96,7 +106,7 @@ The range proof system only supports batch sizes of 1, 2, 4, 8, and 16.
 The range proof system only supports proving ranges of type $[0, 2^b)$ where $b \in \{8, 16, 32, 64\}$.
 
 
-<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>: u64 = 2;
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>: u64 = 3;
 </code></pre>
 
 
@@ -106,7 +116,7 @@ The range proof system only supports proving ranges of type $[0, 2^b)$ where $b
 The committed value given to the prover is too large.
 
 
-<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VALUE_OUTSIDE_RANGE">E_VALUE_OUTSIDE_RANGE</a>: u64 = 1;
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VALUE_OUTSIDE_RANGE">E_VALUE_OUTSIDE_RANGE</a>: u64 = 2;
 </code></pre>
 
 
@@ -116,7 +126,7 @@ The committed value given to the prover is too large.
 The vector lengths of values and blinding factors do not match.
 
 
-<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VECTOR_LENGTHS_MISMATCH">E_VECTOR_LENGTHS_MISMATCH</a>: u64 = 4;
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VECTOR_LENGTHS_MISMATCH">E_VECTOR_LENGTHS_MISMATCH</a>: u64 = 5;
 </code></pre>
 
 
@@ -286,8 +296,9 @@ for some randomness <code>r</code>) satisfies <code>v</code> in <code>[0, 2^num_
 
 ## Function `verify_batch_range_proof_pedersen`
 
-Verifies a zero-knowledge range proof for a batch of Pedersen commitments <code>comms</code>, ensuring that all values
-<code>v</code> satisfy <code>v</code> in <code>[0, 2^num_bits)</code>.
+Verifies a zero-knowledge range proof for a batch of Pedersen commitments <code>comms</code>
+(under the default Bulletproofs commitment key; see <code>pedersen::new_commitment_for_bulletproof</code>),
+ensuring that all values <code>v</code> satisfy <code>v</code> in <code>[0, 2^num_bits)</code>.
 Only works for <code>num_bits</code> in <code>{8, 16, 32, 64}</code> and batch size (length of <code>comms</code>) in <code>{1, 2, 4, 8, 16}</code>.
 
 
@@ -304,14 +315,12 @@ Only works for <code>num_bits</code> in <code>{8, 16, 32, 64}</code> and batch s
     comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;pedersen::Commitment&gt;, proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">RangeProof</a>,
     num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
 {
-    <b>assert</b>!(<a href="../../move-stdlib/doc/features.md#0x1_features_bulletproofs_batch_enabled">features::bulletproofs_batch_enabled</a>(), <a href="../../move-stdlib/doc/error.md#0x1_error_invalid_state">error::invalid_state</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_NATIVE_FUN_NOT_AVAILABLE">E_NATIVE_FUN_NOT_AVAILABLE</a>));
-
-    <b>let</b> comms = std::vector::map_ref(comms, |com| <a href="ristretto255.md#0x1_ristretto255_point_to_bytes">ristretto255::point_to_bytes</a>(&pedersen::commitment_as_compressed_point(com)));
-
-    <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal">verify_batch_range_proof_internal</a>(
-        comms,
+    <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof">verify_batch_range_proof</a>(
+        &std::vector::map_ref(comms, |com| <a href="ristretto255.md#0x1_ristretto255_point_clone">ristretto255::point_clone</a>(pedersen::commitment_as_point(com))),
         &<a href="ristretto255.md#0x1_ristretto255_basepoint">ristretto255::basepoint</a>(), &<a href="ristretto255.md#0x1_ristretto255_hash_to_point_base">ristretto255::hash_to_point_base</a>(),
-        proof.bytes, num_bits, dst
+        proof,
+        num_bits,
+        dst
     )
 }
 </code></pre>
@@ -329,7 +338,7 @@ Only works for <code>num_bits</code> in <code>{8, 16, 32, 64}</code> and batch s
 (length of the <code>comms</code>) in <code>{1, 2, 4, 8, 16}</code>.
 
 
-<pre><code><b>public</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof">verify_batch_range_proof</a>(comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;<a href="ristretto255_pedersen.md#0x1_ristretto255_pedersen_Commitment">ristretto255_pedersen::Commitment</a>&gt;, val_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, rand_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">ristretto255_bulletproofs::RangeProof</a>, num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
+<pre><code><b>public</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof">verify_batch_range_proof</a>(comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>&gt;, val_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, rand_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">ristretto255_bulletproofs::RangeProof</a>, num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
 </code></pre>
 
 
@@ -339,13 +348,13 @@ Only works for <code>num_bits</code> in <code>{8, 16, 32, 64}</code> and batch s
 
 
 <pre><code><b>public</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof">verify_batch_range_proof</a>(
-    comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;pedersen::Commitment&gt;,
+    comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;RistrettoPoint&gt;,
     val_base: &RistrettoPoint, rand_base: &RistrettoPoint,
     proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">RangeProof</a>, num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
 {
     <b>assert</b>!(<a href="../../move-stdlib/doc/features.md#0x1_features_bulletproofs_batch_enabled">features::bulletproofs_batch_enabled</a>(), <a href="../../move-stdlib/doc/error.md#0x1_error_invalid_state">error::invalid_state</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_NATIVE_FUN_NOT_AVAILABLE">E_NATIVE_FUN_NOT_AVAILABLE</a>));
 
-    <b>let</b> comms = std::vector::map_ref(comms, |com| <a href="ristretto255.md#0x1_ristretto255_point_to_bytes">ristretto255::point_to_bytes</a>(&pedersen::commitment_as_compressed_point(com)));
+    <b>let</b> comms = std::vector::map_ref(comms, |com| <a href="ristretto255.md#0x1_ristretto255_point_to_bytes">ristretto255::point_to_bytes</a>(&<a href="ristretto255.md#0x1_ristretto255_point_compress">ristretto255::point_compress</a>(com)));
 
     <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal">verify_batch_range_proof_internal</a>(
         comms,
@@ -363,6 +372,8 @@ Only works for <code>num_bits</code> in <code>{8, 16, 32, 64}</code> and batch s
 
 ## Function `verify_range_proof_internal`
 
+Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_DESERIALIZE_RANGE_PROOF">E_DESERIALIZE_RANGE_PROOF</a>)</code> if <code>proof</code> is not a valid serialization of a
+range proof.
 Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>)</code> if an unsupported <code>num_bits</code> is provided.
 
 
@@ -392,6 +403,8 @@ Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argu
 
 ## Function `verify_batch_range_proof_internal`
 
+Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_DESERIALIZE_RANGE_PROOF">E_DESERIALIZE_RANGE_PROOF</a>)</code> if <code>proof</code> is not a valid serialization of a
+range proof.
 Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>)</code> if an unsupported <code>num_bits</code> is provided.
 Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_BATCH_SIZE_NOT_SUPPORTED">E_BATCH_SIZE_NOT_SUPPORTED</a>)</code> if an unsupported batch size is provided.
 Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VECTOR_LENGTHS_MISMATCH">E_VECTOR_LENGTHS_MISMATCH</a>)</code> if the vector lengths of <code>comms</code> and <code>proof</code> do not match.

diff --git a/crates/aptos-crypto/Cargo.toml b/crates/aptos-crypto/Cargo.toml
@@ -101,7 +101,7 @@ name = "bulletproofs"
 harness = false
 
 [[bench]]
-name = "bulletproofs_batch_vrfy"
+name = "bulletproofs_batch_verify"
 harness = false
 
 [[bench]]

diff --git a/crates/aptos-crypto/benches/bulletproofs.rs b/crates/aptos-crypto/benches/bulletproofs.rs
@@ -17,7 +17,7 @@ fn get_values(num_bits: usize, batch_size: usize) -> (Vec<u64>, Vec<Scalar>) {
         .map(|_| rng.gen_range(0u64, (2u128.pow(num_bits as u32) - 1u128) as u64))
         .collect::<Vec<u64>>();
 
-    // Sigh, some RngCore incompatibilites I don't want to deal with right now.
+    // Sigh, some RngCore incompatibilities I don't want to deal with right now.
     let b = (0..batch_size)
         .map(|_| Scalar::hash_from_bytes::<sha3::Sha3_512>(b"some random blinder"))
         .collect::<Vec<Scalar>>();

diff --git a/...crypto/benches/bulletproofs_batch_vrfy.rs → ...ypto/benches/bulletproofs_batch_verify.rs b/...crypto/benches/bulletproofs_batch_vrfy.rs → ...ypto/benches/bulletproofs_batch_verify.rs
@@ -10,6 +10,7 @@ use criterion::{measurement::Measurement, BenchmarkGroup, BenchmarkId, Criterion
 use curve25519_dalek_ng::scalar::Scalar;
 use merlin::Transcript;
 use rand::{thread_rng, Rng};
+use rand_core::RngCore;
 
 fn get_values(num_bits: usize, batch_size: usize) -> (Vec<u64>, Vec<Scalar>) {
     let mut rng = thread_rng();
@@ -18,28 +19,33 @@ fn get_values(num_bits: usize, batch_size: usize) -> (Vec<u64>, Vec<Scalar>) {
         .map(|_| rng.gen_range(0u64, (2u128.pow(num_bits as u32) - 1u128) as u64))
         .collect::<Vec<u64>>();
 
-    // Sigh, some RngCore incompatibilites I don't want to deal with right now.
+    // Sigh, some RngCore incompatibilities I don't want to deal with right now.
     let b = (0..batch_size)
-        .map(|_| Scalar::hash_from_bytes::<sha3::Sha3_512>(b"some random blinder"))
+        .map(|_| {
+            let mut scalar = [0u8; 32];
+            rng.fill_bytes(&mut scalar);
+
+            Scalar::from_bytes_mod_order(scalar)
+        })
         .collect::<Vec<Scalar>>();
 
     (v, b)
 }
 
 fn bench_group(c: &mut Criterion) {
-    let mut group = c.benchmark_group("bulletproofs_batch_vrfy");
+    let mut group = c.benchmark_group("bulletproofs_batch_verify");
 
     for batch_size in [1, 2, 4, 8, 16] {
         for num_bits in [8, 16, 32, 64] {
-            range_prove(&mut group, num_bits, batch_size);
-            range_verify(&mut group, num_bits, batch_size);
+            range_batch_prove(&mut group, num_bits, batch_size);
+            range_batch_verify(&mut group, num_bits, batch_size);
         }
     }
 
     group.finish();
 }
 
-fn range_prove<M: Measurement>(g: &mut BenchmarkGroup<M>, num_bits: usize, batch_size: usize) {
+fn range_batch_prove<M: Measurement>(g: &mut BenchmarkGroup<M>, num_bits: usize, batch_size: usize) {
     let pg = PedersenGens::default();
     let bg = BulletproofGens::new(MAX_RANGE_BITS, 16);
 
@@ -66,7 +72,7 @@ fn range_prove<M: Measurement>(g: &mut BenchmarkGroup<M>, num_bits: usize, batch
     );
 }
 
-fn range_verify<M: Measurement>(g: &mut BenchmarkGroup<M>, num_bits: usize, batch_size: usize) {
+fn range_batch_verify<M: Measurement>(g: &mut BenchmarkGroup<M>, num_bits: usize, batch_size: usize) {
     let bp_gens = BulletproofGens::new(MAX_RANGE_BITS, 16);
     let pc_gens = PedersenGens::default();
 

diff --git a/...ate_bulletproofs_batch_vrfy_gas_params.py → ...e_bulletproofs_batch_verify_gas_params.py b/...ate_bulletproofs_batch_vrfy_gas_params.py → ...e_bulletproofs_batch_verify_gas_params.py
@@ -29,7 +29,7 @@ def get_bulletproofs_lines(gas_per_ns):
 
     for batch_size in [1, 2, 4, 8, 16]:
         for num_bits in [8, 16, 32, 64]:
-            ns = load_bench_ns.main(f'target/criterion/bulletproofs_batch_vrfy/range_verify/batch={batch_size}_bits={num_bits}')
+            ns = load_bench_ns.main(f'target/criterion/bulletproofs_batch_verify/range_verify/batch={batch_size}_bits={num_bits}')
 
             nanoseconds[f'bulletproofs_verify_base_batch_{batch_size}_bits_{num_bits}'] = ns
 
@@ -46,9 +46,9 @@ def get_bulletproofs_lines(gas_per_ns):
 def main(gas_per_ns):
     path = Path('aptos-move/aptos-gas-schedule/src/gas_schedule/aptos_framework.rs')
     lines = path.read_text().split('\n')
-    line_id_begin = lines.index('        // Bulletproofs batch vrfy gas parameters begin.')
-    line_id_end = lines.index('        // Bulletproofs batch vrfy gas parameters end.')
-    generator_note_line = f'        // Generated at time {time()} by `scripts/algebra-gas/update_bulletproofs_batch_vrfy_gas_params.py` with gas_per_ns={gas_per_ns}.'
+    line_id_begin = lines.index('        // Bulletproofs batch verify gas parameters begin.')
+    line_id_end = lines.index('        // Bulletproofs batch verify gas parameters end.')
+    generator_note_line = f'        // Generated at time {time()} by `scripts/algebra-gas/update_bulletproofs_batch_verify_gas_params.py` with gas_per_ns={gas_per_ns}.'
     new_lines = lines[:line_id_begin+1] + [generator_note_line] + get_bulletproofs_lines(gas_per_ns) + lines[line_id_end:]
     path.write_text('\n'.join(new_lines))