batch_evaluate without alloc (#48)

daxpedda · web-flow · commit d316ce4c8d7e · 2021-12-29T03:14:28.000-05:00
* `no_alloc` alternative to `VerifiableServer::batch_evaluate()`

* Rename `PreparedT` to `PreparedTscalar`
diff --git a/src/lib.rs b/src/lib.rs
@@ -331,13 +331,10 @@
 //! this case. In the following example, we show how to use the batch API to
 //! produce a single proof for 10 parallel VOPRF evaluations.
 //!
-//! This requires the crate feature `alloc`.
-//!
 //! First, the client produces 10 blindings, storing their resulting states and
 //! messages:
 //!
 //! ```
-//! # #[cfg(feature = "alloc")] {
 //! # #[cfg(feature = "ristretto255")]
 //! # type Group = curve25519_dalek::ristretto::RistrettoPoint;
 //! # #[cfg(feature = "ristretto255")]
@@ -358,13 +355,54 @@
 //!     client_states.push(client_blind_result.state);
 //!     client_messages.push(client_blind_result.message);
 //! }
+//! ```
+//!
+//! Next, the server calls the [VerifiableServer::batch_evaluate_prepare] and
+//! [VerifiableServer::batch_evaluate_finish] function on a set of client
+//! messages, to produce a corresponding set of messages to be returned to the
+//! client (returned in the same order), along with a single proof:
+//!
+//! ```
+//! # #[cfg(feature = "ristretto255")]
+//! # type Group = curve25519_dalek::ristretto::RistrettoPoint;
+//! # #[cfg(feature = "ristretto255")]
+//! # type Hash = sha2::Sha512;
+//! # #[cfg(all(feature = "p256", not(feature = "ristretto255")))]
+//! # type Group = p256_::ProjectivePoint;
+//! # #[cfg(all(feature = "p256", not(feature = "ristretto255")))]
+//! # type Hash = sha2::Sha256;
+//! # use voprf::{VerifiableServerBatchEvaluatePrepareResult, VerifiableServerBatchEvaluateFinishResult, VerifiableClient};
+//! # use rand::{rngs::OsRng, RngCore};
+//! #
+//! # let mut client_rng = OsRng;
+//! # let mut client_states = vec![];
+//! # let mut client_messages = vec![];
+//! # for _ in 0..10 {
+//! #     let client_blind_result = VerifiableClient::<Group, Hash>::blind(
+//! #         b"input",
+//! #        &mut client_rng,
+//! #     ).expect("Unable to construct client");
+//! #     client_states.push(client_blind_result.state);
+//! #     client_messages.push(client_blind_result.message);
 //! # }
+//! # use voprf::VerifiableServer;
+//! let mut server_rng = OsRng;
+//! # let server = VerifiableServer::<Group, Hash>::new(&mut server_rng)
+//! #   .expect("Unable to construct server");
+//! let VerifiableServerBatchEvaluatePrepareResult {
+//!     prepared_evaluation_elements,
+//!     t,
+//! } = server
+//!     .batch_evaluate_prepare(client_messages.iter(), None)
+//!     .expect("Unable to perform server batch evaluate");
+//! let prepared_elements: Vec<_> = prepared_evaluation_elements.collect();
+//! let VerifiableServerBatchEvaluateFinishResult { messages, proof } = VerifiableServer::batch_evaluate_finish(&mut server_rng, client_messages.iter(), &prepared_elements, &t)
+//!     .expect("Unable to perform server batch evaluate");
+//! let messages: Vec<_> = messages.collect();
 //! ```
 //!
-//! Next, the server calls the [VerifiableServer::batch_evaluate] function on a
-//! set of client messages, to produce a corresponding set of messages to be
-//! returned to the client (returned in the same order), along with a single
-//! proof:
+//! If [`alloc`] is available, [VerifiableServer::batch_evaluate] can be called
+//! to avoid having to collect output manually:
 //!
 //! ```
 //! # #[cfg(feature = "alloc")] {
@@ -376,7 +414,7 @@
 //! # type Group = p256_::ProjectivePoint;
 //! # #[cfg(all(feature = "p256", not(feature = "ristretto255")))]
 //! # type Hash = sha2::Sha256;
-//! # use voprf::VerifiableClient;
+//! # use voprf::{VerifiableServerBatchEvaluateResult, VerifiableClient};
 //! # use rand::{rngs::OsRng, RngCore};
 //! #
 //! # let mut client_rng = OsRng;
@@ -394,7 +432,7 @@
 //! let mut server_rng = OsRng;
 //! # let server = VerifiableServer::<Group, Hash>::new(&mut server_rng)
 //! #   .expect("Unable to construct server");
-//! let server_batch_evaluate_result = server
+//! let VerifiableServerBatchEvaluateResult { messages, proof } = server
 //!     .batch_evaluate(&mut server_rng, &client_messages, None)
 //!     .expect("Unable to perform server batch evaluate");
 //! # }
@@ -415,7 +453,7 @@
 //! # type Group = p256_::ProjectivePoint;
 //! # #[cfg(all(feature = "p256", not(feature = "ristretto255")))]
 //! # type Hash = sha2::Sha256;
-//! # use voprf::VerifiableClient;
+//! # use voprf::{VerifiableServerBatchEvaluateResult, VerifiableClient};
 //! # use rand::{rngs::OsRng, RngCore};
 //! #
 //! # let mut client_rng = OsRng;
@@ -430,19 +468,17 @@
 //! #     client_messages.push(client_blind_result.message);
 //! # }
 //! # use voprf::VerifiableServer;
-//! let mut server_rng = OsRng;
+//! # let mut server_rng = OsRng;
 //! # let server = VerifiableServer::<Group, Hash>::new(&mut server_rng)
 //! #   .expect("Unable to construct server");
-//! # let server_batch_evaluate_result = server.batch_evaluate(
-//! #     &mut server_rng,
-//! #     &client_messages,
-//! #     None,
-//! # ).expect("Unable to perform server batch evaluate");
+//! # let VerifiableServerBatchEvaluateResult { messages, proof } = server
+//! #     .batch_evaluate(&mut server_rng, &client_messages, None)
+//! #     .expect("Unable to perform server batch evaluate");
 //! let client_batch_finalize_result = VerifiableClient::batch_finalize(
 //!     &[b"input"; 10],
 //!     &client_states,
-//!     &server_batch_evaluate_result.messages,
-//!     &server_batch_evaluate_result.proof,
+//!     &messages,
+//!     &proof,
 //!     server.get_public_key(),
 //!     None,
 //! )
@@ -527,7 +563,8 @@ pub use crate::group::Group;
 pub use crate::voprf::VerifiableServerBatchEvaluateResult;
 pub use crate::voprf::{
     BlindedElement, EvaluationElement, NonVerifiableClient, NonVerifiableClientBlindResult,
-    NonVerifiableServer, NonVerifiableServerEvaluateResult, Proof, VerifiableClient,
-    VerifiableClientBatchFinalizeResult, VerifiableClientBlindResult, VerifiableServer,
-    VerifiableServerEvaluateResult,
+    NonVerifiableServer, NonVerifiableServerEvaluateResult, PreparedEvaluationElement,
+    PreparedTscalar, Proof, VerifiableClient, VerifiableClientBatchFinalizeResult,
+    VerifiableClientBlindResult, VerifiableServer, VerifiableServerBatchEvaluateFinishResult,
+    VerifiableServerBatchEvaluatePrepareResult, VerifiableServerEvaluateResult,
 };
diff --git a/src/tests/mod.rs b/src/tests/mod.rs
@@ -5,7 +5,6 @@
 // License, Version 2.0 found in the LICENSE-APACHE file in the root directory
 // of this source tree.
 
-#[cfg(feature = "alloc")]
 mod mock_rng;
 mod parser;
 mod voprf_test_vectors;
diff --git a/src/tests/voprf_test_vectors.rs b/src/tests/voprf_test_vectors.rs
@@ -8,18 +8,14 @@
 use alloc::string::{String, ToString};
 use alloc::vec;
 use alloc::vec::Vec;
+use core::ops::Add;
 
 use digest::core_api::BlockSizeUser;
 use digest::{Digest, FixedOutputReset};
-use generic_array::GenericArray;
+use generic_array::typenum::Sum;
+use generic_array::{ArrayLength, GenericArray};
 use json::JsonValue;
-#[cfg(feature = "alloc")]
-use ::{
-    core::ops::Add,
-    generic_array::{typenum::Sum, ArrayLength},
-};
 
-#[cfg(feature = "alloc")]
 use crate::tests::mock_rng::CycleRng;
 use crate::tests::parser::*;
 use crate::{
@@ -38,7 +34,6 @@ struct VOPRFTestVectorParameters {
     blinded_element: Vec<Vec<u8>>,
     evaluation_element: Vec<Vec<u8>>,
     proof: Vec<u8>,
-    #[cfg(feature = "alloc")]
     proof_random_scalar: Vec<u8>,
     output: Vec<Vec<u8>>,
 }
@@ -54,7 +49,6 @@ fn populate_test_vectors(values: &JsonValue) -> VOPRFTestVectorParameters {
         blinded_element: decode_vec(values, "BlindedElement"),
         evaluation_element: decode_vec(values, "EvaluationElement"),
         proof: decode(values, "Proof"),
-        #[cfg(feature = "alloc")]
         proof_random_scalar: decode(values, "ProofRandomScalar"),
         output: decode_vec(values, "Output"),
     }
@@ -118,7 +112,6 @@ fn test_vectors() -> Result<()> {
 
         test_verifiable_seed_to_key::<RistrettoPoint, Sha512>(&ristretto_verifiable_tvs)?;
         test_verifiable_blind::<RistrettoPoint, Sha512>(&ristretto_verifiable_tvs)?;
-        #[cfg(feature = "alloc")]
         test_verifiable_evaluate::<RistrettoPoint, Sha512>(&ristretto_verifiable_tvs)?;
         test_verifiable_finalize::<RistrettoPoint, Sha512>(&ristretto_verifiable_tvs)?;
     }
@@ -253,14 +246,17 @@ fn test_base_evaluate<G: Group, H: BlockSizeUser + Digest + FixedOutputReset>(
     Ok(())
 }
 
-#[cfg(feature = "alloc")]
 fn test_verifiable_evaluate<G: Group, H: BlockSizeUser + Digest + FixedOutputReset>(
     tvs: &[VOPRFTestVectorParameters],
 ) -> Result<()>
 where
     G::ScalarLen: Add<G::ScalarLen>,
     Sum<G::ScalarLen, G::ScalarLen>: ArrayLength<u8>,
 {
+    use crate::{
+        VerifiableServerBatchEvaluateFinishResult, VerifiableServerBatchEvaluatePrepareResult,
+    };
+
     for parameters in tvs {
         let mut rng = CycleRng::new(parameters.proof_random_scalar.clone());
         let server = VerifiableServer::<G, H>::new_with_key(&parameters.sksm)?;
@@ -270,20 +266,25 @@ where
             blinded_elements.push(BlindedElement::deserialize(blinded_element_bytes)?);
         }
 
-        let batch_evaluate_result =
-            server.batch_evaluate(&mut rng, &blinded_elements, Some(&parameters.info))?;
+        let VerifiableServerBatchEvaluatePrepareResult {
+            prepared_evaluation_elements,
+            t,
+        } = server.batch_evaluate_prepare(blinded_elements.iter(), Some(&parameters.info))?;
+        let prepared_elements: Vec<_> = prepared_evaluation_elements.collect();
+        let VerifiableServerBatchEvaluateFinishResult { messages, proof } =
+            VerifiableServer::batch_evaluate_finish(
+                &mut rng,
+                blinded_elements.iter(),
+                &prepared_elements,
+                &t,
+            )?;
+        let messages: Vec<_> = messages.collect();
 
-        for i in 0..parameters.evaluation_element.len() {
-            assert_eq!(
-                &parameters.evaluation_element[i],
-                &batch_evaluate_result.messages[i].serialize().as_slice(),
-            );
+        for (parameter, message) in parameters.evaluation_element.iter().zip(messages) {
+            assert_eq!(&parameter, &message.serialize().as_slice(),);
         }
 
-        assert_eq!(
-            &parameters.proof,
-            &batch_evaluate_result.proof.serialize().as_slice()
-        );
+        assert_eq!(&parameters.proof, &proof.serialize().as_slice());
     }
     Ok(())
 }
diff --git a/src/voprf.rs b/src/voprf.rs
