improvements

Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>

Author: adecaro

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/IBM/idemix v0.0.2-0.20250313153527-832db18b9478
 	github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478
-	github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2
+	github.com/IBM/mathlib v0.0.3-0.20251210060400-7e58831c9abe
 	github.com/dgraph-io/ristretto/v2 v2.3.0
 	github.com/gin-gonic/gin v1.10.0
 	github.com/google/pprof v0.0.0-20250403155104-27863c87afa6

go.sum

@@ -643,8 +643,8 @@ github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478 h
 github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478/go.mod h1:k4Q5EYKRnYC6t80ipSCY3G8H4FdcxRa8jjlsJdGfNCY=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478 h1:Uzmcb4pNb54/fbAjnrZTiJwWV74+twP60N4qBGm4PvU=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478/go.mod h1:Pi1QIuIZ+1OXIbnYe27vNwJOnSq2WvkHRT/sfweTw8E=
-github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2 h1:xxqXQL645JpGvuUqWdNUHCY/6EwxqsmuBuiEUsbswQU=
-github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
+github.com/IBM/mathlib v0.0.3-0.20251210060400-7e58831c9abe h1:EwFXJqfqz0lnsOtqSEswQ0kond3a8waLUfIXbaTgB4A=
+github.com/IBM/mathlib v0.0.3-0.20251210060400-7e58831c9abe/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
 github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=

token/core/zkatdlog/nogh/v1/crypto/rp/bulletproof.go

@@ -241,7 +241,7 @@ func (p *rangeProver) Prove() (*RangeProof, error) {
 	}
 	// compute the commitment to left and right
 	com := commitVector(left, right, p.LeftGenerators, rightGeneratorsPrime, p.Curve)
-	rp.Data.InnerProduct = innerProduct(left, right, p.Curve)
+	rp.Data.InnerProduct = InnerProduct(left, right, p.Curve)
 	// produce the IPA
 	ipp := NewIPAProver(
 		rp.Data.InnerProduct,
@@ -337,18 +337,18 @@ func (p *rangeProver) preprocess() ([]*math.Zr, []*math.Zr, *math.Zr, *RangeProo
 	}
 
 	// compute \sum y^iV_i(L_i-z)
-	t1 := innerProduct(leftPrime, randRightPrime, p.Curve)
+	t1 := InnerProduct(leftPrime, randRightPrime, p.Curve)
 	// compute \sum y^i(V_i(L_i-z) + (R_i +z)U_i)
-	t1 = p.Curve.ModAdd(t1, innerProduct(rightPrime, randomLeft, p.Curve), p.Curve.GroupOrder)
+	t1 = p.Curve.ModAdd(t1, InnerProduct(rightPrime, randomLeft, p.Curve), p.Curve.GroupOrder)
 	// compute \sum y^i(V_i(L_i-z) + (R_i+z)U_i) + U_i2^iz^2
-	t1 = p.Curve.ModAdd(t1, innerProduct(zPrime, randomLeft, p.Curve), p.Curve.GroupOrder)
+	t1 = p.Curve.ModAdd(t1, InnerProduct(zPrime, randomLeft, p.Curve), p.Curve.GroupOrder)
 	// commit to t1
 	tau1 := p.Curve.NewRandomZr(rand)
 	T1 := p.CommitmentGenerators[0].Mul(t1)
 	T1.Add(p.CommitmentGenerators[1].Mul(tau1))
 
 	// compute = \sum y^iU_iV_i
-	t2 := innerProduct(randomLeft, randRightPrime, p.Curve)
+	t2 := InnerProduct(randomLeft, randRightPrime, p.Curve)
 	// commit to t2
 	tau2 := p.Curve.NewRandomZr(rand)
 	T2 := p.CommitmentGenerators[0].Mul(t2)

token/core/zkatdlog/nogh/v1/crypto/rp/ipa.go

@@ -173,10 +173,7 @@ func (p *ipaProver) Prove() (*IPA, error) {
 // of the left vector and right is a function of right vector.
 // Both vectors are committed in com which is passed as a parameter to reduce
 func (p *ipaProver) reduce(X, com *mathlib.G1) (*mathlib.Zr, *mathlib.Zr, []*mathlib.G1, []*mathlib.G1, error) {
-	leftGen := make([]*mathlib.G1, len(p.LeftGenerators))
-	copy(leftGen, p.LeftGenerators)
-	rightGen := make([]*mathlib.G1, len(p.RightGenerators))
-	copy(rightGen, p.RightGenerators)
+	leftGen, rightGen := cloneGenerators(p.LeftGenerators, p.RightGenerators)
 
 	left := p.leftVector
 	right := p.rightVector
@@ -186,8 +183,8 @@ func (p *ipaProver) reduce(X, com *mathlib.G1) (*mathlib.Zr, *mathlib.Zr, []*mat
 	for i := range p.NumberOfRounds {
 		// in each round the size of the vector is reduced by 2
 		n := len(leftGen) / 2
-		leftIP := innerProduct(left[:n], right[n:], p.Curve)
-		rightIP := innerProduct(left[n:], right[:n], p.Curve)
+		leftIP := InnerProduct(left[:n], right[n:], p.Curve)
+		rightIP := InnerProduct(left[n:], right[:n], p.Curve)
 		// LArray[i] is a commitment to left[:n], right[n:] and their inner product
 		LArray[i] = commitVector(left[:n], right[n:], leftGen[n:], rightGen[:n], p.Curve)
 		LArray[i].Add(X.Mul(leftIP))
@@ -298,10 +295,7 @@ func (v *ipaVerifier) Verify(proof *IPA) error {
 
 	X := v.Q.Mul(x)
 
-	leftGen := make([]*mathlib.G1, len(v.LeftGenerators))
-	copy(leftGen, v.LeftGenerators)
-	rightGen := make([]*mathlib.G1, len(v.RightGenerators))
-	copy(rightGen, v.RightGenerators)
+	leftGen, rightGen := cloneGenerators(v.LeftGenerators, v.RightGenerators)
 
 	for i := range v.NumberOfRounds {
 		// check well-formedness
@@ -343,17 +337,17 @@ func (v *ipaVerifier) Verify(proof *IPA) error {
 // reduceVectors reduces the size of the vectors passed in the parameters by 1/2,
 // as a function of the old vectors, x and 1/x
 func reduceVectors(left, right []*mathlib.Zr, x, xInv *mathlib.Zr, c *mathlib.Curve) ([]*mathlib.Zr, []*mathlib.Zr) {
-	leftPrime := make([]*mathlib.Zr, len(left)/2)
-	rightPrime := make([]*mathlib.Zr, len(right)/2)
-	for i := 0; i < len(leftPrime); i++ {
+	l := len(left) / 2
+	leftPrime := make([]*mathlib.Zr, l)
+	rightPrime := make([]*mathlib.Zr, l)
+	for i := 0; i < l; i++ {
 		// a_i = a_ix + a_{i+len(left)/2}x^{-1}
-		leftPrime[i] = c.ModMul(left[i], x, c.GroupOrder)
-		leftPrime[i] = c.ModAdd(leftPrime[i], c.ModMul(left[i+len(leftPrime)], xInv, c.GroupOrder), c.GroupOrder)
+		leftPrime[i] = c.ModAddMul2(left[i], x, left[i+l], xInv, c.GroupOrder)
 
 		// b_i = b_ix^{-1} + b_{i+len(right)/2}x
-		rightPrime[i] = c.ModMul(right[i], xInv, c.GroupOrder)
-		rightPrime[i] = c.ModAdd(rightPrime[i], c.ModMul(right[i+len(rightPrime)], x, c.GroupOrder), c.GroupOrder)
+		rightPrime[i] = c.ModAddMul2(right[i], xInv, right[i+l], x, c.GroupOrder)
 	}
+
 	return leftPrime, rightPrime
 }
 
@@ -363,19 +357,20 @@ func reduceGenerators(leftGen, rightGen []*mathlib.G1, x, xInv *mathlib.Zr) ([]*
 	l := len(leftGen) / 2
 	for i := 0; i < l; i++ {
 		// G_i = G_i^x*G_{i+len(left)/2}^{1/x}
-		leftGen[i] = leftGen[i].Mul2(xInv, leftGen[i+l], x)
+		leftGen[i].Mul2InPlace(xInv, leftGen[i+l], x)
 		// H_i = H_i^{1/x}*H_{i+len(right)/2}^{x}
-		rightGen[i] = rightGen[i].Mul2(x, rightGen[i+l], xInv)
+		rightGen[i].Mul2InPlace(x, rightGen[i+l], xInv)
 	}
 	return leftGen[:l], rightGen[:l]
 }
 
-func innerProduct(left []*mathlib.Zr, right []*mathlib.Zr, c *mathlib.Curve) *mathlib.Zr {
-	ip := c.NewZrFromInt(0)
-	for i, l := range left {
-		ip = c.ModAdd(ip, c.ModMul(l, right[i], c.GroupOrder), c.GroupOrder)
-	}
-	return ip
+func InnerProduct(left []*mathlib.Zr, right []*mathlib.Zr, c *mathlib.Curve) *mathlib.Zr {
+	return c.ModAddMul(left, right, c.GroupOrder)
+	// ip := c.NewZrFromInt(0)
+	// for i, l := range left {
+	// 	ip = c.ModAdd(ip, c.ModMul(l, right[i], c.GroupOrder), c.GroupOrder)
+	// }
+	// return ip
 }
 
 func commitVector(left []*mathlib.Zr, right []*mathlib.Zr, leftgen []*mathlib.G1, rightgen []*mathlib.G1, c *mathlib.Curve) *mathlib.G1 {
@@ -385,3 +380,15 @@ func commitVector(left []*mathlib.Zr, right []*mathlib.Zr, leftgen []*mathlib.G1
 	}
 	return com
 }
+
+func cloneGenerators(LeftGenerators, RightGenerators []*mathlib.G1) ([]*mathlib.G1, []*mathlib.G1) {
+	leftGen := make([]*mathlib.G1, len(LeftGenerators))
+	for i := 0; i < len(LeftGenerators); i++ {
+		leftGen[i] = LeftGenerators[i].Copy()
+	}
+	rightGen := make([]*mathlib.G1, len(RightGenerators))
+	for i := 0; i < len(RightGenerators); i++ {
+		rightGen[i] = RightGenerators[i].Copy()
+	}
+	return leftGen, rightGen
+}

token/core/zkatdlog/nogh/v1/crypto/rp/ipa_test.go

@@ -70,7 +70,7 @@ func TestIPAProofVerify(t *testing.T) {
 	require.NoError(t, err)
 
 	prover := rp.NewIPAProver(
-		innerProduct(setup.left, setup.right, setup.curve),
+		rp.InnerProduct(setup.left, setup.right, setup.curve),
 		setup.left,
 		setup.right,
 		setup.Q,
@@ -85,7 +85,7 @@ func TestIPAProofVerify(t *testing.T) {
 	assert.NotNil(t, proof)
 
 	verifier := rp.NewIPAVerifier(
-		innerProduct(setup.left, setup.right, setup.curve),
+		rp.InnerProduct(setup.left, setup.right, setup.curve),
 		setup.Q,
 		setup.leftGens,
 		setup.rightGens,
@@ -113,7 +113,7 @@ func BenchmarkIPAProver(b *testing.B) {
 		for b.Loop() {
 			setup := envs[rand.Intn(len(envs))]
 			prover := rp.NewIPAProver(
-				innerProduct(setup.left, setup.right, setup.curve),
+				rp.InnerProduct(setup.left, setup.right, setup.curve),
 				setup.left,
 				setup.right,
 				setup.Q,
@@ -129,11 +129,3 @@ func BenchmarkIPAProver(b *testing.B) {
 		}
 	})
 }
-
-func innerProduct(left []*math.Zr, right []*math.Zr, c *math.Curve) *math.Zr {
-	ip := c.NewZrFromInt(0)
-	for i, l := range left {
-		ip = c.ModAdd(ip, c.ModMul(l, right[i], c.GroupOrder), c.GroupOrder)
-	}
-	return ip
-}

token/core/zkatdlog/nogh/v1/issue/issuer_test.go

@@ -24,7 +24,7 @@ import (
 // TestProverVerifier exercises a full prover -> verifier round-trip for
 // a generated ZK-issue proof using the given curve and output count.
 func TestProverVerifier(t *testing.T) {
-	prover, verifier := prepareZKIssue(t, 32, math.BN254, 2)
+	prover, verifier := prepareZKIssue(t, 32, math.BLS12_381_BBS_GURVY, 2)
 	proof, err := prover.Prove()
 	assert.NoError(t, err)
 	assert.NotNil(t, proof)
@@ -35,7 +35,7 @@ func TestProverVerifier(t *testing.T) {
 // TestIssuer tests the high-level issuer API: generating a ZK issue
 // action and verifying the resulting proof.
 func TestIssuer(t *testing.T) {
-	pp := setup(t, 32, math.BN254)
+	pp := setup(t, 32, math.BLS12_381_BBS_GURVY)
 	issuer := issue2.NewIssuer("ABC", &mock.SigningIdentity{}, pp)
 	action, _, err := issuer.GenerateZKIssue([]uint64{10, 20}, [][]byte{[]byte("alice"), []byte("bob")})
 	require.NoError(t, err)

token/services/identity/storage/kvs/hashicorp/go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/IBM/idemix v0.0.2-0.20250313153527-832db18b9478 // indirect
 	github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478 // indirect
 	github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478 // indirect
-	github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2 // indirect
+	github.com/IBM/mathlib v0.0.3-0.20251210060400-7e58831c9abe // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.20.0 // indirect

token/services/identity/storage/kvs/hashicorp/go.sum

@@ -11,8 +11,8 @@ github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478 h
 github.com/IBM/idemix/bccsp/schemes/weak-bb v0.0.0-20250313153527-832db18b9478/go.mod h1:k4Q5EYKRnYC6t80ipSCY3G8H4FdcxRa8jjlsJdGfNCY=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478 h1:Uzmcb4pNb54/fbAjnrZTiJwWV74+twP60N4qBGm4PvU=
 github.com/IBM/idemix/bccsp/types v0.0.0-20250313153527-832db18b9478/go.mod h1:Pi1QIuIZ+1OXIbnYe27vNwJOnSq2WvkHRT/sfweTw8E=
-github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2 h1:xxqXQL645JpGvuUqWdNUHCY/6EwxqsmuBuiEUsbswQU=
-github.com/IBM/mathlib v0.0.3-0.20251209063833-bdbf97a6c3d2/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
+github.com/IBM/mathlib v0.0.3-0.20251210060400-7e58831c9abe h1:EwFXJqfqz0lnsOtqSEswQ0kond3a8waLUfIXbaTgB4A=
+github.com/IBM/mathlib v0.0.3-0.20251210060400-7e58831c9abe/go.mod h1:rq67W1H6L1eorrE7DZ/HcSY/pfMDjbPWOx12SeUfQDk=
 github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=