improvements

Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>

Author: adecaro

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/IBM/idemix v0.0.2-0.20250313153527-832db18b9478
 	github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478
-	github.com/IBM/mathlib v0.0.3-0.20251208124832-1dd505f14350
+	github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2
 	github.com/dgraph-io/ristretto/v2 v2.3.0
 	github.com/gin-gonic/gin v1.10.0
 	github.com/hashicorp/go-uuid v1.0.3

go.sum

@@ -650,8 +650,8 @@ github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478 h
 github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478/go.mod h1:k4Q5EYKRnYC6t80ipSCY3G8H4FdcxRa8jjlsJdGfNCY=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478 h1:Uzmcb4pNb54/fbAjnrZTiJwWV74+twP60N4qBGm4PvU=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478/go.mod h1:Pi1QIuIZ+1OXIbnYe27vNwJOnSq2WvkHRT/sfweTw8E=
-github.com/IBM/mathlib v0.0.3-0.20251208124832-1dd505f14350 h1:1DF5XTkBuJSRRW2gk+mFrcc+uqvMK6SH39t3qCbtPD8=
-github.com/IBM/mathlib v0.0.3-0.20251208124832-1dd505f14350/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
+github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2 h1:xxqXQL645JpGvuUqWdNUHCY/6EwxqsmuBuiEUsbswQU=
+github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
 github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=

token/core/zkatdlog/nogh/v1/crypto/common/array.go

@@ -7,6 +7,8 @@ SPDX-License-Identifier: Apache-2.0
 package common
 
 import (
+	"hash"
+
 	math "github.com/IBM/mathlib"
 	"github.com/hyperledger-labs/fabric-smart-client/pkg/utils/errors"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/core/common/crypto"
@@ -52,3 +54,12 @@ func GetG1Array(elements ...[]*math.G1) *G1Array {
 	a := G1Array(array)
 	return &a
 }
+
+func HashG1Array(h hash.Hash, elements ...*math.G1) []byte {
+	h.Reset()
+
+	for _, e := range elements {
+		h.Write(e.Bytes())
+	}
+	return h.Sum(nil)
+}

token/core/zkatdlog/nogh/v1/crypto/rp/bulletproof_test.go

@@ -7,23 +7,42 @@ SPDX-License-Identifier: Apache-2.0
 package rp_test
 
 import (
+	"math/bits"
+	"math/rand"
 	"strconv"
 	"testing"
 
 	math "github.com/IBM/mathlib"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/core/zkatdlog/nogh/v1/crypto/rp"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
-func TestBFProofVerify(t *testing.T) {
-	curve := math.Curves[1]
-	nr := uint64(3)
-	l := uint64(1 << nr)
+type bfSetup struct {
+	com       *math.G1
+	Q         *math.G1
+	P         *math.G1
+	H         *math.G1
+	G         *math.G1
+	bf        *math.Zr
+	leftGens  []*math.G1
+	rightGens []*math.G1
+	nr        uint64
+	l         uint64
+	curve     *math.Curve
+}
+
+func NewBfSetup(curveID math.CurveID) (*bfSetup, error) {
+	curve := math.Curves[curveID]
+	l := uint64(64)
+	nr := 63 - uint64(bits.LeadingZeros64(l))
 	leftGens := make([]*math.G1, l)
 	rightGens := make([]*math.G1, l)
 
 	rand, err := curve.Rand()
-	assert.NoError(t, err)
+	if err != nil {
+		return nil, err
+	}
 
 	Q := curve.GenG1.Mul(curve.NewRandomZr(rand))
 	P := curve.GenG1.Mul(curve.NewRandomZr(rand))
@@ -36,12 +55,85 @@ func TestBFProofVerify(t *testing.T) {
 	bf := curve.NewRandomZr(rand)
 	com := G.Mul(curve.NewZrFromInt(115))
 	com.Add(H.Mul(bf))
-	prover := rp.NewRangeProver(com, 115, []*math.G1{G, H}, bf, leftGens, rightGens, P, Q, nr, l, curve)
-	verifier := rp.NewRangeVerifier(com, []*math.G1{G, H}, leftGens, rightGens, P, Q, nr, l, curve)
 
+	return &bfSetup{
+		com:       com,
+		Q:         Q,
+		P:         P,
+		H:         H,
+		G:         G,
+		bf:        bf,
+		leftGens:  leftGens,
+		rightGens: rightGens,
+		nr:        nr,
+		l:         l,
+		curve:     curve,
+	}, nil
+}
+
+func TestBFProofVerify(t *testing.T) {
+	setup, err := NewBfSetup(math.BLS12_381_BBS_GURVY)
+	require.NoError(t, err)
+
+	prover := rp.NewRangeProver(
+		setup.com,
+		115,
+		[]*math.G1{setup.G, setup.H},
+		setup.bf,
+		setup.leftGens,
+		setup.rightGens,
+		setup.P,
+		setup.Q,
+		setup.nr,
+		setup.l,
+		setup.curve,
+	)
 	proof, err := prover.Prove()
 	assert.NoError(t, err)
 	assert.NotNil(t, proof)
+
+	verifier := rp.NewRangeVerifier(
+		setup.com,
+		[]*math.G1{setup.G, setup.H},
+		setup.leftGens,
+		setup.rightGens,
+		setup.P,
+		setup.Q,
+		setup.nr,
+		setup.l,
+		setup.curve,
+	)
 	err = verifier.Verify(proof)
 	assert.NoError(t, err)
 }
+
+func BenchmarkBFProver(b *testing.B) {
+	envs := make([]*bfSetup, 0, 128)
+	for i := 0; i < 128; i++ {
+		setup, err := NewBfSetup(math.BLS12_381_BBS_GURVY)
+		require.NoError(b, err)
+		envs = append(envs, setup)
+	}
+
+	b.Run("bench", func(b *testing.B) {
+		for b.Loop() {
+			setup := envs[rand.Intn(len(envs))]
+			prover := rp.NewRangeProver(
+				setup.com,
+				115,
+				[]*math.G1{setup.G, setup.H},
+				setup.bf,
+				setup.leftGens,
+				setup.rightGens,
+				setup.P,
+				setup.Q,
+				setup.nr,
+				setup.l,
+				setup.curve,
+			)
+			proof, err := prover.Prove()
+			assert.NoError(b, err)
+			assert.NotNil(b, proof)
+		}
+	})
+}

token/core/zkatdlog/nogh/v1/crypto/rp/ipa.go

@@ -154,6 +154,7 @@ func (p *ipaProver) Prove() (*IPA, error) {
 	}
 	// compute first challenge
 	x := p.Curve.HashToZr(raw)
+
 	// compute a commitment to inner product value and the vectors
 	C := p.Q.Mul(p.Curve.ModMul(x, p.InnerProduct, p.Curve.GroupOrder))
 	C.Add(p.Commitment)
@@ -172,14 +173,13 @@ func (p *ipaProver) Prove() (*IPA, error) {
 // of the left vector and right is a function of right vector.
 // Both vectors are committed in com which is passed as a parameter to reduce
 func (p *ipaProver) reduce(X, com *mathlib.G1) (*mathlib.Zr, *mathlib.Zr, []*mathlib.G1, []*mathlib.G1, error) {
-	var leftGen, rightGen []*mathlib.G1
-	var left, right []*mathlib.Zr
-
-	leftGen = p.LeftGenerators
-	rightGen = p.RightGenerators
+	leftGen := make([]*mathlib.G1, len(p.LeftGenerators))
+	copy(leftGen, p.LeftGenerators)
+	rightGen := make([]*mathlib.G1, len(p.RightGenerators))
+	copy(rightGen, p.RightGenerators)
 
-	left = p.leftVector
-	right = p.rightVector
+	left := p.leftVector
+	right := p.rightVector
 
 	LArray := make([]*mathlib.G1, p.NumberOfRounds)
 	RArray := make([]*mathlib.G1, p.NumberOfRounds)
@@ -324,8 +324,7 @@ func (v *ipaVerifier) Verify(proof *IPA) error {
 		xSquareInv := xSquare.Copy()
 		xSquareInv.InvModP(v.Curve.GroupOrder)
 		// compute a commitment to the reduced vectors and their inner product
-		CPrime := proof.L[i].Mul(xSquare)
-		CPrime.Add(proof.R[i].Mul(xSquareInv))
+		CPrime := proof.L[i].Mul2(xSquare, proof.R[i], xSquareInv)
 		CPrime.Add(C)
 		C = CPrime.Copy()
 		// reduce the generators by 1/2, as a function of the old generators and x and 1/x
@@ -360,15 +359,14 @@ func reduceVectors(left, right []*mathlib.Zr, x, xInv *mathlib.Zr, c *mathlib.Cu
 // reduceGenerators reduces the number of generators passed in the parameters by 1/2,
 // as a function of the old generators,  x and 1/x
 func reduceGenerators(leftGen, rightGen []*mathlib.G1, x, xInv *mathlib.Zr) ([]*mathlib.G1, []*mathlib.G1) {
-	leftGenPrime := make([]*mathlib.G1, len(leftGen)/2)
-	rightGenPrime := make([]*mathlib.G1, len(rightGen)/2)
-	for i := 0; i < len(leftGenPrime); i++ {
+	l := len(leftGen) / 2
+	for i := 0; i < l; i++ {
 		// G_i = G_i^x*G_{i+len(left)/2}^{1/x}
-		leftGenPrime[i] = leftGen[i].Mul2(xInv, leftGen[i+len(leftGenPrime)], x)
+		leftGen[i] = leftGen[i].Mul2(xInv, leftGen[i+l], x)
 		// H_i = H_i^{1/x}*H_{i+len(right)/2}^{x}
-		rightGenPrime[i] = rightGen[i].Mul2(x, rightGen[i+len(rightGenPrime)], xInv)
+		rightGen[i] = rightGen[i].Mul2(x, rightGen[i+l], xInv)
 	}
-	return leftGenPrime, rightGenPrime
+	return leftGen[:l], rightGen[:l]
 }
 
 func innerProduct(left []*mathlib.Zr, right []*mathlib.Zr, c *mathlib.Curve) *mathlib.Zr {

token/core/zkatdlog/nogh/v1/crypto/rp/ipa_test.go

@@ -7,11 +7,13 @@ SPDX-License-Identifier: Apache-2.0
 package rp_test
 
 import (
+	"math/bits"
 	"math/rand"
 	"strconv"
 	"testing"
 
 	math "github.com/IBM/mathlib"
+	"github.com/hyperledger-labs/fabric-smart-client/node/start/profile"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/core/zkatdlog/nogh/v1/crypto/rp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -30,8 +32,8 @@ type ipaSetup struct {
 
 func NewIpaSetup(curveID math.CurveID) (*ipaSetup, error) {
 	curve := math.Curves[curveID]
-	nr := uint64(6)
-	l := uint64(1 << nr)
+	l := uint64(64)
+	nr := 63 - uint64(bits.LeadingZeros64(l))
 	leftGens := make([]*math.G1, l)
 	rightGens := make([]*math.G1, l)
 	left := make([]*math.Zr, l)
@@ -96,6 +98,10 @@ func TestIPAProofVerify(t *testing.T) {
 }
 
 func BenchmarkIPAProver(b *testing.B) {
+	pp, err := profile.New(profile.WithAll(), profile.WithPath("./profile"))
+	require.NoError(b, err)
+	require.NoError(b, pp.Start())
+	defer pp.Stop()
 	envs := make([]*ipaSetup, 0, 128)
 	for i := 0; i < 128; i++ {
 		setup, err := NewIpaSetup(math.BLS12_381_BBS_GURVY)

token/services/identity/storage/kvs/hashicorp/go.mod

@@ -21,7 +21,7 @@ require (
 	github.com/IBM/idemix v0.0.2-0.20250313153527-832db18b9478 // indirect
 	github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478 // indirect
 	github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478 // indirect
-	github.com/IBM/mathlib v0.0.3-0.20251208124832-1dd505f14350 // indirect
+	github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.20.0 // indirect

token/services/identity/storage/kvs/hashicorp/go.sum

@@ -11,8 +11,8 @@ github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478 h
 github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478/go.mod h1:k4Q5EYKRnYC6t80ipSCY3G8H4FdcxRa8jjlsJdGfNCY=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478 h1:Uzmcb4pNb54/fbAjnrZTiJwWV74+twP60N4qBGm4PvU=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478/go.mod h1:Pi1QIuIZ+1OXIbnYe27vNwJOnSq2WvkHRT/sfweTw8E=
-github.com/IBM/mathlib v0.0.3-0.20251208124832-1dd505f14350 h1:1DF5XTkBuJSRRW2gk+mFrcc+uqvMK6SH39t3qCbtPD8=
-github.com/IBM/mathlib v0.0.3-0.20251208124832-1dd505f14350/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
+github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2 h1:xxqXQL645JpGvuUqWdNUHCY/6EwxqsmuBuiEUsbswQU=
+github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=