From cabf0efb8c325fa1f602d4b4561937a499e88f44 Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Fri, 19 Feb 2021 12:22:55 +1100
Subject: [PATCH] Only construct proof system once

The proof system is a static element and can be reused several times.
---
 swap/src/protocol.rs             | 14 ++++++++++++++
 swap/src/protocol/alice/state.rs | 20 ++++----------------
 swap/src/protocol/bob/state.rs   | 20 ++++----------------
 3 files changed, 22 insertions(+), 32 deletions(-)

diff --git a/swap/src/protocol.rs b/swap/src/protocol.rs
index abb8f314..23d3ac66 100644
--- a/swap/src/protocol.rs
+++ b/swap/src/protocol.rs
@@ -1,6 +1,20 @@
+use conquer_once::Lazy;
+use ecdsa_fun::fun::marker::Mark;
+use sha2::Sha256;
+use sigma_fun::{ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQ, HashTranscript};
+
 pub mod alice;
 pub mod bob;
 
+pub static CROSS_CURVE_PROOF_SYSTEM: Lazy<
+    CrossCurveDLEQ<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>,
+> = Lazy::new(|| {
+    CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
+        (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
+        curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
+    )
+});
+
 #[derive(Debug, Copy, Clone)]
 pub struct StartingBalances {
     pub xmr: crate::monero::Amount,
diff --git a/swap/src/protocol/alice/state.rs b/swap/src/protocol/alice/state.rs
index 32acba0d..9538e84e 100644
--- a/swap/src/protocol/alice/state.rs
+++ b/swap/src/protocol/alice/state.rs
@@ -11,19 +11,19 @@ use crate::{
     protocol::{
         alice::{Message1, Message3, TransferProof},
         bob::{EncryptedSignature, Message0, Message2, Message4},
+        CROSS_CURVE_PROOF_SYSTEM,
     },
 };
 use anyhow::{anyhow, bail, Context, Result};
 use ecdsa_fun::{
     adaptor::{Adaptor, HashTranscript},
-    fun::marker::Mark,
     nonce::Deterministic,
 };
 use libp2p::PeerId;
 use rand::{CryptoRng, RngCore};
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
-use sigma_fun::ext::dl_secp256k1_ed25519_eq::{CrossCurveDLEQ, CrossCurveDLEQProof};
+use sigma_fun::ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQProof;
 use std::fmt;
 
 #[derive(Debug)]
@@ -116,14 +116,8 @@ impl State0 {
         let redeem_address = bitcoin_wallet.new_address().await?;
         let punish_address = redeem_address.clone();
 
-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
         let s_a = monero::Scalar::random(rng);
-        let (dleq_proof_s_a, (S_a_bitcoin, S_a_monero)) = dleq_proof_system.prove(&s_a, rng);
+        let (dleq_proof_s_a, (S_a_bitcoin, S_a_monero)) = CROSS_CURVE_PROOF_SYSTEM.prove(&s_a, rng);
 
         Ok(Self {
             a,
@@ -144,13 +138,7 @@ impl State0 {
     }
 
     pub fn receive(self, msg: Message0) -> Result<State1> {
-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
-        let valid = dleq_proof_system.verify(
+        let valid = CROSS_CURVE_PROOF_SYSTEM.verify(
             &msg.dleq_proof_s_b,
             (
                 msg.S_b_bitcoin.into(),
diff --git a/swap/src/protocol/bob/state.rs b/swap/src/protocol/bob/state.rs
index 0b2ca99d..5f33db16 100644
--- a/swap/src/protocol/bob/state.rs
+++ b/swap/src/protocol/bob/state.rs
@@ -12,12 +12,12 @@ use crate::{
     protocol::{
         alice::{Message1, Message3},
         bob::{EncryptedSignature, Message0, Message2, Message4},
+        CROSS_CURVE_PROOF_SYSTEM,
     },
 };
 use anyhow::{anyhow, bail, Result};
 use ecdsa_fun::{
     adaptor::{Adaptor, HashTranscript},
-    fun::marker::Mark,
     nonce::Deterministic,
     Signature,
 };
@@ -25,7 +25,7 @@ use monero_harness::rpc::wallet::BlockHeight;
 use rand::{CryptoRng, RngCore};
 use serde::{Deserialize, Serialize};
 use sha2::Sha256;
-use sigma_fun::ext::dl_secp256k1_ed25519_eq::{CrossCurveDLEQ, CrossCurveDLEQProof};
+use sigma_fun::ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQProof;
 use std::fmt;
 
 #[derive(Debug, Clone)]
@@ -109,13 +109,7 @@ impl State0 {
         let s_b = monero::Scalar::random(rng);
         let v_b = monero::PrivateViewKey::new_random(rng);
 
-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
-        let (dleq_proof_s_b, (S_b_bitcoin, S_b_monero)) = dleq_proof_system.prove(&s_b, rng);
+        let (dleq_proof_s_b, (S_b_bitcoin, S_b_monero)) = CROSS_CURVE_PROOF_SYSTEM.prove(&s_b, rng);
 
         Self {
             b,
@@ -150,13 +144,7 @@ impl State0 {
     where
         W: BuildTxLockPsbt + GetNetwork,
     {
-        let dleq_proof_system =
-            CrossCurveDLEQ::<HashTranscript<Sha256, rand_chacha::ChaCha20Rng>>::new(
-                (*ecdsa_fun::fun::G).mark::<ecdsa_fun::fun::marker::Normal>(),
-                curve25519_dalek::constants::ED25519_BASEPOINT_POINT,
-            );
-
-        let valid = dleq_proof_system.verify(
+        let valid = CROSS_CURVE_PROOF_SYSTEM.verify(
             &msg.dleq_proof_s_a,
             (
                 msg.S_a_bitcoin.clone().into(),