RingCT_Implementation

Description

This is a toy implementation of our work under MatRiCT (Matric+) and MatRiCT+ (Matric+_plus). Please do NOT use this in production environment.

The balance proof and one-out-of-many proof are implemented separately to compare the performance in more details.

Package Required

• The ring operations are provided from LAGO. Please run git get github.com/dedis/lago before testing.

Remarks

• As the algorithm 9 and 10 in MatRiCT (also in MatRiCT+) only support less than two outputs and one input (embedding corrector values in binary proofs), BalanceProof function returns directly when dealing with more inputs/outputs. The balance proof verification, BalanceVerify, will fail when removing the check of S amd M in BalanceProof, unless corrector values happen to be binaries (in {-1, 0, 1} for MatRiCT+).
• There is a BUG in the MulPoly function of LAGO. Specifically, when dealing with same inputs, p.MulPoly(p1, p1), p1 will run two times of NTT instead of one. Thus, MulPolyBug is used in this package to indicate whether this bug is fixed or not. This package will work when directly setting this value to true without fixing. Alternatively, fixing the bug as follows will make this package more efficient:

func (p *Poly) MulPoly(p1, p2 *Poly) (*Poly, error) {
    if p.n != p1.n || !p.q.EqualTo(&p1.q) {
        return nil, errors.New("unmatched degree or module")
    }
    p1.NTT()
    if p1 != p2 {
        p2.NTT()
    }
    p.MulCoeffs(p1, p2)
    p.Mod(p, p.q)
    p.InverseNTT()
    if p != p1 {
        p1.InverseNTT()
    }
    if p != p2 && p1 != p2 {
        p2.InverseNTT()
    }
    return p, nil
}