secret mul as a macro

Author: davxy

src/ietf.rs

@@ -91,8 +91,8 @@ impl<S: IetfSuite> Prover<S> for Secret<S> {
     fn prove(&self, input: Input<S>, output: Output<S>, ad: impl AsRef<[u8]>) -> Proof<S> {
         let k = S::nonce(&self.scalar, input);
 
-        let k_b = utils::mul_secret::<S>(S::generator(), k).into_affine();
-        let k_h = utils::mul_secret::<S>(input.0, k).into_affine();
+        let k_b = smul!(S::generator(), k).into_affine();
+        let k_h = smul!(input.0, k).into_affine();
 
         let c = S::challenge(
             &[&self.public.0, &input.0, &output.0, &k_b, &k_h],

src/lib.rs

@@ -37,8 +37,7 @@ pub mod ring;
 #[cfg(test)]
 mod testing;
 
-// Re-export stuff that may be useful downstream.
-#[doc(hidden)]
+use codec::Codec;
 pub mod reexports {
     pub use ark_ec;
     pub use ark_ff;
@@ -47,14 +46,12 @@ pub mod reexports {
 }
 
 pub type AffinePoint<S> = <S as Suite>::Affine;
-
 pub type BaseField<S> = <AffinePoint<S> as AffineRepr>::BaseField;
 pub type ScalarField<S> = <AffinePoint<S> as AffineRepr>::ScalarField;
 pub type CurveConfig<S> = <AffinePoint<S> as AffineRepr>::Config;
 
 pub type HashOutput<S> = digest::Output<<S as Suite>::Hasher>;
 
-pub use codec::Codec;
 
 #[derive(Debug)]
 pub enum Error {
@@ -242,7 +239,7 @@ impl<S: Suite> Secret<S> {
 
     /// Get the VRF output point relative to input.
     pub fn output(&self, input: Input<S>) -> Output<S> {
-        Output(utils::mul_secret::<S>(input.0, self.scalar).into_affine())
+        Output(smul!(input.0, self.scalar).into_affine())
     }
 }
 

src/pedersen.rs

@@ -89,17 +89,17 @@ impl<S: PedersenSuite> Prover<S> for Secret<S> {
         let kb = S::nonce(&blinding, input);
 
         // Yb = x*G + b*B
-        let xg = utils::mul_secret::<S>(S::generator(), self.scalar);
-        let bb = utils::mul_secret::<S>(S::BLINDING_BASE, blinding);
+        let xg = smul!(S::generator(), self.scalar);
+        let bb = smul!(S::BLINDING_BASE, blinding);
         let pk_com = (xg + bb).into_affine();
 
         // R = k*G + kb*B
-        let kg = utils::mul_secret::<S>(S::generator(), k);
-        let kbb = utils::mul_secret::<S>(S::BLINDING_BASE, kb);
+        let kg = smul!(S::generator(), k);
+        let kbb = smul!(S::BLINDING_BASE, kb);
         let r = (kg + kbb).into_affine();
 
         // Ok = k*I
-        let ok = utils::mul_secret::<S>(input.0, k).into_affine();
+        let ok = smul!(input.0, k).into_affine();
 
         // c = Hash(Yb, I, O, R, Ok, ad)
         let c = S::challenge(&[&pk_com, &input.0, &output.0, &r, &ok], ad.as_ref());

src/ring.rs

@@ -734,7 +734,6 @@ pub(crate) mod testing {
         while !pks.is_empty() {
             let chunk_len = 1 + random_val::<usize>(Some(rng)) % 5;
             let chunk = pks.drain(..pks.len().min(chunk_len)).collect::<Vec<_>>();
-            println!("Appending {} items", chunk.len());
             vk_builder.append(&chunk[..], &loader).unwrap();
             assert_eq!(vk_builder.free_slots(), pks.len());
         }

src/utils/mod.rs

@@ -8,29 +8,35 @@ pub use common::*;
 /// Twisted Edwards to Short Weierstrass mapping.
 pub use te_sw_map::*;
 
-use crate::{AffinePoint, ScalarField, Suite};
-use ark_ec::AffineRepr;
-
-type Projective<S> = <AffinePoint<S> as AffineRepr>::Group;
-
-/// Point scalar multiplication with secret splitting.
+/// Point scalar multiplication with optional secret splitting.
 ///
 /// Secret scalar split into the sum of two scalars, which randomly mutate but
 /// retain the same sum. Incurs 2x penalty in scalar multiplications, but provides
 /// side channel defenses.
-#[cfg(feature = "secret-split")]
-#[inline(always)]
-pub(crate) fn mul_secret<S: Suite>(p: AffinePoint<S>, s: ScalarField<S>) -> Projective<S> {
-    use ark_std::UniformRand;
-    let mut rng = ark_std::rand::rngs::OsRng;
-    let x1 = ScalarField::<S>::rand(&mut rng);
-    let x2 = s - x1;
-    p * x1 + p * x2
-}
+///
+/// Note: actual secret splitting is enabled via the `secret-split` feature.
+mod secret_split {
+    #[cfg(feature = "secret-split")]
+    #[doc(hidden)]
+    #[macro_export]
+    macro_rules! smul {
+        ($p:expr, $s:expr) => {{
+            #[inline(always)]
+            fn get_rand<T: ark_std::UniformRand>(_: &T) -> T {
+                T::rand(&mut ark_std::rand::rngs::OsRng)
+            }
+            let x1 = get_rand(&$s);
+            let x2 = $s - x1;
+            $p * x1 + $p * x2
+        }};
+    }
 
-/// Point scalar multiplication with no secret splitting.
-#[cfg(not(feature = "secret-split"))]
-#[inline(always)]
-pub(crate) fn mul_secret<S: Suite>(p: AffinePoint<S>, s: ScalarField<S>) -> Projective<S> {
-    p * s
+    #[cfg(not(feature = "secret-split"))]
+    #[doc(hidden)]
+    #[macro_export]
+    macro_rules! smul {
+        ($p:expr, $s:expr) => {
+            $p * $s
+        };
+    }
 }