[cryptography/bls12381] Batched Threshold Encryption #2184
Conversation
Deploying monorepo with
|
| Latest commit: |
f973caa
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://a781e8fa.monorepo-eu0.pages.dev |
| Branch Preview URL: | https://batched-tdh.monorepo-eu0.pages.dev |
| for &participants in PARTICIPANTS.iter() { | ||
| let threshold = quorum(participants); | ||
| for &size in SIZES.iter() { | ||
| let id = format!("bte_decrypt/n={participants}/threads={threads}"); |
There was a problem hiding this comment.
fix the formatting of this
| let public = PublicKey::<MinSig>::new(*commitment.constant()); | ||
| let message = vec![0x42u8; 64]; | ||
|
|
||
| c.bench_function(module_path!(), |b| { |
There was a problem hiding this comment.
fix the formatting of this
| use thiserror::Error; | ||
|
|
||
| /// Transcript namespace for ciphertext Chaum–Pedersen proofs. | ||
| const CT_TRANSCRIPT: &[u8] = b"commonware.bls12381.bte.ct"; |
|
|
||
| /// Public key for TDH encryption (the commitment's constant term). | ||
| #[derive(Clone, Copy, Debug, PartialEq, Eq)] | ||
| pub struct PublicKey<V: Variant> { |
There was a problem hiding this comment.
nit: shouldn't need this
| //! The resulting `h^r` values are re-used in the TDH KDF to unmask the original | ||
| //! plaintexts. Malformed ciphertexts simply appear as missing indices in the | ||
| //! canonical batch, so a byzantine sender cannot block honest decryptions. | ||
| //! |
There was a problem hiding this comment.
nit: add a "usage" section that defines how you would use this in a p2p network (each server generates request/response from a block and then sends response to all other players).
| }); | ||
| }); | ||
| } | ||
| #[cfg(not(feature = "std"))] |
There was a problem hiding this comment.
do we need to support no-std?
| .collect() | ||
| } | ||
|
|
||
| fn keystream<V: Variant>(hr: &V::Public, label: &[u8], len: usize) -> Vec<u8> { |
There was a problem hiding this comment.
nit: move these to proper utilities (may be useful elsewhere)
| } | ||
|
|
||
| let mut sorted = share_indices.to_vec(); | ||
| sorted.sort_unstable(); |
There was a problem hiding this comment.
use .sort() instead
| const PARTICIPANTS: [u32; 2] = [10, 100]; | ||
| const THREADS: [usize; 2] = [1, 8]; | ||
|
|
||
| struct BenchmarkData { |
There was a problem hiding this comment.
nit: just call this Data
| pub struct BatchResponse<V: Variant> { | ||
| pub index: u32, | ||
| /// Positions of ciphertexts (0-indexed) that the server included in this proof. | ||
| pub valid_indices: Vec<u32>, |
patrick-ogrady
changed the title
Codecov Report❌ Patch coverage is
@@ Coverage Diff @@
## main #2184 +/- ##
========================================
Coverage 92.21% 92.22%
========================================
Files 316 317 +1
Lines 86325 87109 +784
========================================
+ Hits 79607 80336 +729
- Misses 6718 6773 +55
Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
|
This made me think of #2187 (comment) as a better way to handle parallelism in general. |
| /// Derive the per-ciphertext batching scalars used for the Chaum–Pedersen folding trick. | ||
| /// | ||
| /// The transcript binds: | ||
| /// * `context` – caller-chosen batch domain (e.g., request id) so coefficients cannot be replayed |
There was a problem hiding this comment.
Confirm this has equivalent security to https://eprint.iacr.org/2025/279
There was a problem hiding this comment.
The proof of correctness may be tied to a context but the actual partials could be useful without it?
| .valid_indices | ||
| .iter() | ||
| .map(|idx| { | ||
| let mut partial = request.ciphertexts[*idx as usize].header; |
There was a problem hiding this comment.
This permits the partial to be used across requests?
There was a problem hiding this comment.
(meaning we could only release once we know for sure it is finalized -> can't do during our finalize vote)
Summary
Fixes: #2182
Adds TDH2-based Threshold Encryption support for BLS12-381 (with support for batch decryption via DLEQ).
Initial Benchmarks