Add group-specific serialization for Ristretto and BLS12-381

- Introduced GroupSerialization trait to abstract serialization logic
- Implemented Ristretto and BLS12-381 (G1Projective) serializers
- Integrated into SchnorrProof's serialize/deserialize methods

Author: GOURIOU Lénaïck

src/toolbox/sigma/group_serialisation.rs

@@ -0,0 +1,69 @@
+use std::convert::TryInto;
+
+use curve25519_dalek::{ristretto::{CompressedRistretto, RistrettoPoint}, scalar::Scalar as RistrettoScalar};
+use bls12_381::{G1Affine, G1Projective, Scalar as BlsScalar};
+use ff::PrimeField;
+use super::r#trait::GroupSerialisation;
+
+pub struct RistrettoSerialisation;
+
+impl GroupSerialisation<RistrettoPoint> for RistrettoSerialisation {
+    type Scalar = RistrettoScalar;
+
+    fn serialize_element(point: &RistrettoPoint) -> Vec<u8> {
+        point.compress().to_bytes().to_vec()
+    }
+    
+    fn deserialize_element(bytes: &[u8]) -> Option<RistrettoPoint> {
+        let point_size = 32;
+        if bytes.len() != point_size {
+            return None;
+        }
+        let mut buf = [0u8; 32];
+        buf.copy_from_slice(bytes);
+        CompressedRistretto(buf).decompress()
+    }
+    
+    fn serialize_scalar(scalar: &Self::Scalar) -> Vec<u8> {
+        scalar.to_bytes().to_vec()
+    }
+    
+    fn deserialize_scalar(bytes: &[u8]) -> Option<Self::Scalar> {
+        if bytes.len() != 32 {
+            return None;
+        }
+        let mut buf = [0u8; 32];
+        buf.copy_from_slice(bytes);
+        RistrettoScalar::from_canonical_bytes(buf).into()
+    }
+}
+
+pub struct Bls12381Serialisation;
+
+impl GroupSerialisation<G1Projective> for Bls12381Serialisation {
+    type Scalar = BlsScalar;
+
+    fn serialize_element(point: &G1Projective) -> Vec<u8> {
+        let affine = G1Affine::from(point);
+        affine.to_compressed().as_ref().to_vec()
+    }
+
+    fn deserialize_element(bytes: &[u8]) -> Option<G1Projective> {
+        if bytes.len() != 48 {
+            return None;
+        }
+        let mut buf = [0u8; 48];
+        buf.copy_from_slice(bytes);
+        let affine = G1Affine::from_compressed(&buf).into_option()?;
+        Some(G1Projective::from(&affine))
+    }
+
+    fn serialize_scalar(scalar: &Self::Scalar) -> Vec<u8> {
+        scalar.to_repr().as_ref().to_vec()
+    }
+
+    fn deserialize_scalar(bytes: &[u8]) -> Option<Self::Scalar> {
+        let repr = bytes.try_into().ok()?;
+        BlsScalar::from_repr(repr).into_option()
+    }    
+}

src/toolbox/sigma/mod.rs

@@ -5,6 +5,7 @@ pub mod group_morphism;
 pub mod schnorr_proof;
 /// Defines the transcript for a Sigma Protocol
 pub mod transcript;
+pub mod group_serialisation;
 
 pub use r#trait::{SigmaProtocol, SigmaProtocolSimulator};
 pub use proof_composition::{AndProtocol, OrProtocol};

src/toolbox/sigma/schnorr_proof.rs

@@ -9,12 +9,19 @@ use group::{Group, GroupEncoding};
 use ff::{PrimeField,Field};
 use crate::{toolbox::sigma::{GroupMorphismPreimage, SigmaProtocol}, ProofError};
 
+use super::r#trait::GroupSerialisation;
+
 /// A Schnorr protocol proving knowledge some discrete logarithm relation.
 ///
 /// The specific proof instance is defined by a [`GroupMorphismPreimage`] over a group `G`.
-pub struct SchnorrProof<G: Group + GroupEncoding> {
+pub struct SchnorrProof<G, S>
+where 
+    G: Group + GroupEncoding,
+    S: GroupSerialisation<G, Scalar = G::Scalar>
+{
     /// The public instance and its associated group morphism.
     pub morphismp: GroupMorphismPreimage<G>,
+    _marker: std::marker::PhantomData<S>
 }
 
 /// Internal prover state during the protocol execution: (random nonce, witness)
@@ -25,10 +32,11 @@ pub struct SchnorrState<S> {
     pub witness: Vec<S>,
 }
 
-impl<G> SigmaProtocol for SchnorrProof<G>
+impl<G, S> SigmaProtocol for SchnorrProof<G,S>
 where
     G: Group + GroupEncoding, 
     G::Scalar: Field + Clone,
+    S: GroupSerialisation<G, Scalar = G::Scalar>
 {
     type Commitment = Vec<G>;
     type ProverState = (Vec<<G as Group>::Scalar>, Vec<<G as Group>::Scalar>);
@@ -97,12 +105,12 @@ where
 
         // Serialize commitments
         for commit in commitment.iter().take(point_nb) {
-            bytes.extend_from_slice(commit.to_bytes().as_ref());
+            bytes.extend_from_slice(&S::serialize_element(commit));
         }
 
         // Serialize responses
         for response in response.iter().take(scalar_nb) {
-            bytes.extend_from_slice(response.to_repr().as_ref());
+            bytes.extend_from_slice(&S::serialize_scalar(response));
         }
         bytes
     }
@@ -114,6 +122,7 @@ where
     {
         let scalar_nb = self.morphismp.morphism.num_scalars;
         let point_nb = self.morphismp.morphism.num_statements();
+
         let point_size = G::generator().to_bytes().as_ref().len();
         let scalar_size = <<G as Group>::Scalar as PrimeField>::Repr::default().as_ref().len();
 
@@ -129,35 +138,17 @@ where
             let start = i * point_size;
             let end = start + point_size;
 
-            let mut buf = vec![0u8; point_size];
-            buf.copy_from_slice(&data[start..end]);
-
-            let mut repr_array = G::Repr::default();
-            repr_array.as_mut().copy_from_slice(&buf);
-    
-            let elem_ct = G::from_bytes(&repr_array);
-            if !bool::from(elem_ct.is_some()) {           
-                return None;
-            }
-            let elem = elem_ct.unwrap();
+            let slice = &data[start..end];
+            let elem = S::deserialize_element(slice)?;
             commitments.push(elem);
         }
 
         for i in 0..scalar_nb {
             let start = point_nb * point_size + i * scalar_size;
             let end = start + scalar_size;
 
-            let mut buf = vec![0u8; scalar_size];
-            buf.copy_from_slice(&data[start..end]);
-            
-            let mut repr_array = <<G as Group>::Scalar as PrimeField>::Repr::default();
-            repr_array.as_mut().copy_from_slice(&buf);
-            
-            let scalar_ct = G::Scalar::from_repr(repr_array);
-            if !bool::from(scalar_ct.is_some()) {           
-                return None;
-            }
-            let scalar = scalar_ct.unwrap();
+            let slice = &data[start..end];
+            let scalar = S::deserialize_scalar(slice)?;
             responses.push(scalar);
         }
 

src/toolbox/sigma/trait.rs

@@ -2,6 +2,7 @@
 //!
 //! This module defines the `SigmaProtocol` trait, a generic interface for 3-message Sigma protocols.
 
+use group::Group;
 use rand::{Rng, CryptoRng};
 use crate::ProofError;
 
@@ -120,4 +121,18 @@ pub trait SigmaProtocolSimulator: SigmaProtocol {
     ) -> (Self::Commitment, Self::Challenge, Self::Response) {
         panic!("simulatable_transcription not implemented for this protocol")
     }
+}
+
+pub trait GroupSerialisation<G>
+where 
+    G: Group,
+{
+    type Scalar: ff::PrimeField;
+
+    fn serialize_element(point: &G) -> Vec<u8>;
+    fn deserialize_element(bytes: &[u8]) -> Option<G>;
+
+    fn serialize_scalar(scalar: &Self::Scalar) -> Vec<u8>;
+    fn deserialize_scalar(bytes: &[u8]) -> Option<Self::Scalar>;
+
 }