Only construct proof system once

The proof system is a static element and can be reused several times.
3 years ago · cabf0efb8c
parent 84bc2c82b7
commit cabf0efb8c
3 changed files with 22 additions and 32 deletions
--- a/swap/src/protocol.rs
+++ b/swap/src/protocol.rs
@ -1,6 +1,20 @@
+use conquer_once::Lazy;
+use ecdsa_fun::fun::marker::Mark;
+use sha2::Sha256;
+use sigma_fun::{ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQ, HashTranscript};
+
 pub mod alice;
 pub mod bob;

+pub static CROSS_CURVE_PROOF_SYSTEM: Lazy<
+    CrossCurveDLEQ<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>,
+> = Lazy::new(|| {
+    CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
+        (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
+        curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
+    )
+});
+
 #[derive(Debug, Copy, Clone)]
 pub struct StartingBalances {
    pub xmr: crate::monero::Amount,
--- a/swap/src/protocol/alice/state.rs
+++ b/swap/src/protocol/alice/state.rs
@ -11,19 +11,19 @@ use crate::{
    protocol::{
        alice::{Message1, Message3, TransferProof},
        bob::{EncryptedSignature, Message0, Message2, Message4},
+        CROSS_CURVE_PROOF_SYSTEM,
    },
 };
 use anyhow::{anyhow, bail, Context, Result};
 use ecdsa_fun::{
    adaptor::{Adaptor, HashTranscript},
-    fun::marker::Mark,
    nonce::Deterministic,
 };
 use libp2p::PeerId;
 use rand::{CryptoRng, RngCore};
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
-use sigma_fun::ext::dl_secp256k1_ed25519_eq::{CrossCurveDLEQ, CrossCurveDLEQProof};
+use sigma_fun::ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQProof;
 use std::fmt;

 #[derive(Debug)]
@ -116,14 +116,8 @@ impl State0 {
        let redeem_address = bitcoin_wallet.new_address().await?;
        let punish_address = redeem_address.clone();

-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
        let s_a = monero::Scalar::random(rng);
-        let (dleq_proof_s_a, (S_a_bitcoin, S_a_monero)) = dleq_proof_system.prove(&s_a, rng);
+        let (dleq_proof_s_a, (S_a_bitcoin, S_a_monero)) = CROSS_CURVE_PROOF_SYSTEM.prove(&s_a, rng);

        Ok(Self {
            a,
@ -144,13 +138,7 @@ impl State0 {
    }

    pub fn receive(self, msg: Message0) -> Result<State1> {
-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
-        let valid = dleq_proof_system.verify(
+        let valid = CROSS_CURVE_PROOF_SYSTEM.verify(
            &msg.dleq_proof_s_b,
            (
                msg.S_b_bitcoin.into(),
--- a/swap/src/protocol/bob/state.rs
+++ b/swap/src/protocol/bob/state.rs
@ -12,12 +12,12 @@ use crate::{
    protocol::{
        alice::{Message1, Message3},
        bob::{EncryptedSignature, Message0, Message2, Message4},
+        CROSS_CURVE_PROOF_SYSTEM,
    },
 };
 use anyhow::{anyhow, bail, Result};
 use ecdsa_fun::{
    adaptor::{Adaptor, HashTranscript},
-    fun::marker::Mark,
    nonce::Deterministic,
    Signature,
 };
@ -25,7 +25,7 @@ use monero_harness::rpc::wallet::BlockHeight;
 use rand::{CryptoRng, RngCore};
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
-use sigma_fun::ext::dl_secp256k1_ed25519_eq::{CrossCurveDLEQ, CrossCurveDLEQProof};
+use sigma_fun::ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQProof;
 use std::fmt;

 #[derive(Debug, Clone)]
@ -109,13 +109,7 @@ impl State0 {
        let s_b = monero::Scalar::random(rng);
        let v_b = monero::PrivateViewKey::new_random(rng);

-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
-        let (dleq_proof_s_b, (S_b_bitcoin, S_b_monero)) = dleq_proof_system.prove(&s_b, rng);
+        let (dleq_proof_s_b, (S_b_bitcoin, S_b_monero)) = CROSS_CURVE_PROOF_SYSTEM.prove(&s_b, rng);

        Self {
            b,
@ -150,13 +144,7 @@ impl State0 {
    where
        W: BuildTxLockPsbt + GetNetwork,
    {
-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
-        let valid = dleq_proof_system.verify(
+        let valid = CROSS_CURVE_PROOF_SYSTEM.verify(
            &msg.dleq_proof_s_a,
            (
                msg.S_a_bitcoin.clone().into(),