Export components used in encryption, prove encryption is valid as ZKP

logproof/Cargo.toml

@@ -9,6 +9,7 @@ edition = "2021"
 ark-poly = { workspace = true }
 ark-ff = { workspace = true }
 bitvec = { workspace = true }
+crypto-bigint = { workspace = true }
 curve25519-dalek = { workspace = true }
 merlin = { workspace = true }
 sha3 = { workspace = true }
@@ -17,6 +18,7 @@ rand = { workspace = true }
 rayon = { workspace = true }
 serde = { workspace = true }
 sunscreen_math = { workspace = true }
+seal_fhe = { workspace = true }
 
 [dev-dependencies]
 bincode = { workspace = true }

logproof/src/fields.rs

@@ -1,8 +1,8 @@
 use std::borrow::Borrow;
 
 use ark_ff::{
-    BigInt, BigInteger, Fp, Fp128, Fp256, Fp64, FpConfig, MontBackend, MontConfig, One as ArkOne,
-    PrimeField, Zero as ArkZero,
+    BigInt, BigInteger, Fp, Fp128, Fp192, Fp256, Fp64, FpConfig, MontBackend, MontConfig,
+    One as ArkOne, PrimeField, Zero as ArkZero,
 };
 use curve25519_dalek::scalar::Scalar;
 
@@ -48,10 +48,15 @@ where
  *
  * SEAL uses Q =
  * 0x7fffffd8001 * 0x7fffffc8001 * 0xfffffffc001 * 0xffffff6c001 * 0xfffffebc001
+ *
+ * This can be derived by running
+ * `CoefficientModulus::bfv_default(8192, SecurityLevel::TC128)`
+ * or by running the underlying SEAL function
+ * `CoeffModulus::BFVDefault(8192, sec_level_type::tc128)`
  */
 #[derive(MontConfig)]
-#[modulus = "421249101157150430150591791601812858371395928330411389778873040897"]
 #[generator = "3"]
+#[modulus = "23945240908173643396739775218143152511335532357255169"]
 pub struct SealQ128_8192 {}
 
 /**
@@ -62,24 +67,34 @@ pub struct SealQ128_8192 {}
  *
  * SEAL uses Q =
  * 0xffffee001, 0xffffc4001, 0x1ffffe0001
+ *
+ * This can be derived by running
+ * `CoefficientModulus::bfv_default(4096, SecurityLevel::TC128)`
+ * or by running the underlying SEAL function
+ * `CoeffModulus::BFVDefault(4096, sec_level_type::tc128)`
  */
 #[derive(MontConfig)]
 #[generator = "3"]
-#[modulus = "649033470896967801447398927572993"]
+#[modulus = "4722344527977019809793"]
 pub struct SealQ128_4096 {}
 
 /**
  * The configuration type for q modulus SEAL BFV uses with 128-bit security
- * an lattice dimension 4096.
+ * an lattice dimension 2048.
  *
  * # Remarks
  *
  * SEAL uses Q =
- * 0xffffee001, 0xffffc4001, 0x1ffffe0001
+ * 0x3fffffff000001
+ *
+ * This can be derived by running
+ * `CoefficientModulus::bfv_default(2048, SecurityLevel::TC128)`
+ * or by running the underlying SEAL function
+ * `CoeffModulus::BFVDefault(2048, sec_level_type::tc128)`
  */
 #[derive(MontConfig)]
 #[generator = "3"]
-#[modulus = "4611686014132420865"]
+#[modulus = "18014398492704769"]
 pub struct SealQ128_2048 {}
 
 /**
@@ -89,11 +104,16 @@ pub struct SealQ128_2048 {}
  * # Remarks
  *
  * SEAL uses Q =
- * 0xffffee001, 0xffffc4001, 0x1ffffe0001
+ * 0x7e00001
+ *
+ * This can be derived by running
+ * `CoefficientModulus::bfv_default(1024, SecurityLevel::TC128)`
+ * or by running the underlying SEAL function
+ * `CoeffModulus::BFVDefault(1024, sec_level_type::tc128)`
  */
 #[derive(MontConfig)]
 #[generator = "3"]
-#[modulus = "33822867713"]
+#[modulus = "132120577"]
 pub struct SealQ128_1024 {}
 
 #[allow(unused)]
@@ -105,7 +125,7 @@ pub struct SealQ128_1024 {}
  * Fp expects the modulus to be prime, but ours isn't. We need to be good
  * children and not use anything that relies on field primality.
  */
-pub type FqSeal128_8192 = Fp256<MontBackend<SealQ128_8192, 4>>;
+pub type FqSeal128_8192 = Fp192<MontBackend<SealQ128_8192, 3>>;
 
 #[allow(unused)]
 /**
@@ -371,7 +391,10 @@ mod tests {
 
         let b: FpRistretto = a.mod_switch_unsigned();
 
-        assert_eq!(MontBackend::into_bigint(a), MontBackend::into_bigint(b));
+        assert_eq!(
+            extend_bigint(&MontBackend::into_bigint(a)),
+            MontBackend::into_bigint(b)
+        );
     }
 
     #[test]
@@ -396,7 +419,7 @@ mod tests {
     #[test]
     fn can_log_2_modulus() {
         let modulus: BigInt<4> = FqSeal128_8192::field_modulus();
-        assert_eq!(Log2::log2(&modulus), 217);
+        assert_eq!(Log2::log2(&modulus), 173);
     }
 
     #[test]

logproof/src/lib.rs

@@ -48,7 +48,7 @@ pub mod linear_algebra;
  */
 mod linear_relation;
 pub use linear_relation::{
-    LogProof, ProverKnowledge as LogProofProverKnowledge,
+    Bounds, LogProof, ProverKnowledge as LogProofProverKnowledge,
     VerifierKnowledge as LogProofVerifierKnowledge,
 };
 
@@ -62,3 +62,10 @@ pub mod fields;
  */
 pub mod math;
 mod transcript;
+
+pub use transcript::LogProofTranscript;
+
+/**
+ * Components that are helpful for testing but should not be used in production.
+ */
+pub mod test;

logproof/src/linear_algebra.rs

@@ -881,7 +881,7 @@ impl<F: Field> std::fmt::Display for &Matrix<DensePolynomial<F>> {
 
 #[cfg(test)]
 mod tests {
-    use crate::fields::{FpRistretto, FqSeal128_8192};
+    use crate::fields::{extend_bigint, FpRistretto, FqSeal128_8192};
 
     use super::*;
     use ark_ff::{FpConfig, MontBackend};
@@ -984,7 +984,7 @@ mod tests {
         for i in 0..a.rows {
             for j in 0..a.cols {
                 assert_eq!(
-                    MontBackend::into_bigint(a[(i, j)]),
+                    extend_bigint(&MontBackend::into_bigint(a[(i, j)])),
                     MontBackend::into_bigint(b[(i, j)])
                 );
             }

logproof/src/linear_relation.rs

@@ -38,7 +38,11 @@ use crate::{
 };
 
 type MatrixPoly<Q> = Matrix<DensePolynomial<Q>>;
-type Bounds = Vec<u64>;
+
+/**
+ * Bounds on the coefficients in the secret S
+ */
+pub type Bounds = Vec<u64>;
 
 impl Zero for Bounds {
     // The empty vector could be seen as no bounds. Also follows the field
@@ -1122,22 +1126,12 @@ mod test {
         fields::FqSeal128_8192,
         linear_algebra::ScalarRem,
         math::{make_poly, next_higher_power_of_two, Zero},
+        test::LatticeProblem,
         LogProofGenerators,
     };
 
     use super::*;
 
-    struct LatticeProblem<Q>
-    where
-        Q: Field + Zero + Clone + FftField,
-    {
-        a: MatrixPoly<Q>,
-        s: MatrixPoly<Q>,
-        t: MatrixPoly<Q>,
-        f: DensePolynomial<Q>,
-        b: Matrix<Bounds>,
-    }
-
     fn test_lattice<Q>(k: usize) -> LatticeProblem<Q>
     where
         Q: Field + Zero + Clone + FftField,

logproof/src/math.rs

@@ -712,14 +712,9 @@ mod test {
     #[test]
     fn modulus_in_standard_form() {
         let m = FqSeal128_8192::field_modulus();
-        // 0x3fffff5_9001c92abc42a839_730ec3bf0a9c26b9_923cfd7defdc4001
-        // == 421249101157150430150591791601812858371395928330411389778873040897
-        let expected = BigInt::new([
-            0x923cfd7defdc4001,
-            0x730ec3bf0a9c26b9,
-            0x9001c92abc42a839,
-            0x3fffff5,
-        ]);
+        // [0x1b9f30440ff08001, 0x25d3e81a62469512, 0x3fffffaa0018]
+        // == 23945240908173643396739775218143152511335532357255169
+        let expected = BigInt::new([0x1b9f30440ff08001, 0x25d3e81a62469512, 0x3fffffaa0018]);
 
         assert_eq!(m, expected);
     }
@@ -728,15 +723,10 @@ mod test {
     fn field_modulus_div_2_in_standard_form() {
         let m = FqSeal128_8192::field_modulus_div_2();
 
-        // 421249101157150430150591791601812858371395928330411389778873040897 / 2
-        // = 210624550578575215075295895800906429185697964165205694889436520448
-        // = 0x1fffffa_c800e4955e21541c_b98761df854e135c_c91e7ebef7ee2000
-        let expected = BigInt::new([
-            0xc91e7ebef7ee2000,
-            0xb98761df854e135c,
-            0xc800e4955e21541c,
-            0x1fffffa,
-        ]);
+        // 23945240908173643396739775218143152511335532357255169 / 2
+        // = 11972620454086821698369887609071576255667766178627584
+        // = [0xdcf982207f84000, 0x12e9f40d31234a89, 0x1fffffd5000c]
+        let expected = BigInt::new([0xdcf982207f84000, 0x12e9f40d31234a89, 0x1fffffd5000c]);
 
         assert_eq!(m, expected);
     }