Audit 3.0

x/keyshare/keeper/process_queues.go

@@ -188,7 +188,7 @@ func (k Keeper) ProcessPrivateSignalQueue(ctx sdk.Context) error {
 				)
 			}
 		}
-		k.pepKeeper.RemoveSignalQueueEntry(ctx, req.GetIdentity())
+		k.pepKeeper.RemovePrivateSignalQueueEntry(ctx, req.GetIdentity())
 	}
 	return nil
 }

x/zkp/keeper/query_grpc_test.go

@@ -257,7 +257,7 @@ func TestDirectKeeperGRPCCompositeProofsRequireBindingFields(t *testing.T) {
 		})
 		require.NoError(t, err)
 		require.False(t, resp.Valid)
-		require.Equal(t, "transfer binding verification failed: missing or invalid pubkey/balance fields (expected 32-byte values)", resp.Error)
+		require.Equal(t, "transfer proof verification failed: missing or invalid pubkey/balance fields (expected 32-byte values)", resp.Error)
 	})
 
 	t.Run("withdraw proof bundle requires binding fields", func(t *testing.T) {
@@ -267,7 +267,7 @@ func TestDirectKeeperGRPCCompositeProofsRequireBindingFields(t *testing.T) {
 		})
 		require.NoError(t, err)
 		require.False(t, resp.Valid)
-		require.Equal(t, "withdraw binding verification failed: missing or invalid pubkey/ciphertext fields (expected 32-byte values)", resp.Error)
+		require.Equal(t, "withdraw proof verification failed: missing or invalid pubkey/ciphertext fields (expected 32-byte values)", resp.Error)
 	})
 }
 
@@ -332,7 +332,7 @@ func TestDirectKeeperGRPCCompositeProofsBindingAndVerificationFailures(t *testin
 		})
 		require.NoError(t, err)
 		require.False(t, resp.Valid)
-		require.Equal(t, "transfer binding verification failed: sender pubkey mismatch", resp.Error)
+		require.Equal(t, "transfer proof verification failed: sender pubkey mismatch", resp.Error)
 	})
 
 	t.Run("transfer proof bundle verification stage", func(t *testing.T) {
@@ -347,7 +347,7 @@ func TestDirectKeeperGRPCCompositeProofsBindingAndVerificationFailures(t *testin
 		})
 		require.NoError(t, err)
 		require.False(t, resp.Valid)
-		require.Equal(t, "equality proof verification failed: algebraic relation failed", resp.Error)
+		require.Equal(t, "transfer proof verification failed: algebraic relation failed", resp.Error)
 	})
 
 	t.Run("withdraw proof bundle nonce mismatch", func(t *testing.T) {
@@ -361,7 +361,7 @@ func TestDirectKeeperGRPCCompositeProofsBindingAndVerificationFailures(t *testin
 		})
 		require.NoError(t, err)
 		require.False(t, resp.Valid)
-		require.Equal(t, "withdraw binding verification failed: withdraw equality proof nonce mismatch", resp.Error)
+		require.Equal(t, "withdraw proof verification failed: withdraw equality proof nonce mismatch", resp.Error)
 	})
 
 	t.Run("withdraw proof bundle verification stage", func(t *testing.T) {
@@ -375,6 +375,6 @@ func TestDirectKeeperGRPCCompositeProofsBindingAndVerificationFailures(t *testin
 		})
 		require.NoError(t, err)
 		require.False(t, resp.Valid)
-		require.Equal(t, "equality proof verification failed: algebraic relation failed", resp.Error)
+		require.Equal(t, "withdraw proof verification failed: algebraic relation failed", resp.Error)
 	})
 }

x/zkp/keeper/query_proof_verification.go

@@ -396,11 +396,11 @@ func (k Keeper) VerifyTransferProofs(goCtx context.Context, req *types.QueryVeri
 		len(req.CurrentBalanceCommitment) != 32 || len(req.CurrentBalanceHandle) != 32 {
 		return &types.QueryVerifyTransferProofsResponse{
 			Valid: false,
-			Error: "transfer binding verification failed: missing or invalid pubkey/balance fields (expected 32-byte values)",
+			Error: "transfer proof verification failed: missing or invalid pubkey/balance fields (expected 32-byte values)",
 		}, nil
 	}
 
-	err := transferctx.VerifyBindings(
+	err := transferctx.VerifyTransferProofs(
 		&equalityProofData,
 		&rangeProofData,
 		&validityProofData,
@@ -412,31 +412,7 @@ func (k Keeper) VerifyTransferProofs(goCtx context.Context, req *types.QueryVeri
 	if err != nil {
 		return &types.QueryVerifyTransferProofsResponse{
 			Valid: false,
-			Error: "transfer binding verification failed: " + err.Error(),
-		}, nil
-	}
-
-	err = commitment.VerifyEqualityProof(&equalityProofData)
-	if err != nil {
-		return &types.QueryVerifyTransferProofsResponse{
-			Valid: false,
-			Error: "equality proof verification failed: " + err.Error(),
-		}, nil
-	}
-
-	err = rangeproof.VerifyTransferRange(&rangeProofData)
-	if err != nil {
-		return &types.QueryVerifyTransferProofsResponse{
-			Valid: false,
-			Error: "range proof verification failed: " + err.Error(),
-		}, nil
-	}
-
-	err = validity.VerifyValidityProof(&validityProofData)
-	if err != nil {
-		return &types.QueryVerifyTransferProofsResponse{
-			Valid: false,
-			Error: "validity proof verification failed: " + err.Error(),
+			Error: "transfer proof verification failed: " + err.Error(),
 		}, nil
 	}
 
@@ -539,11 +515,11 @@ func (k Keeper) VerifyWithdrawProofs(goCtx context.Context, req *types.QueryVeri
 	if len(req.UserPubkey) != 32 || len(req.CiphertextCommitment) != 32 || len(req.CiphertextHandle) != 32 {
 		return &types.QueryVerifyWithdrawProofsResponse{
 			Valid: false,
-			Error: "withdraw binding verification failed: missing or invalid pubkey/ciphertext fields (expected 32-byte values)",
+			Error: "withdraw proof verification failed: missing or invalid pubkey/ciphertext fields (expected 32-byte values)",
 		}, nil
 	}
 
-	err := withdrawctx.VerifyBindings(
+	err := withdrawctx.VerifyWithdrawProofs(
 		&equalityProofData,
 		&rangeProofData,
 		req.UserPubkey,
@@ -554,23 +530,7 @@ func (k Keeper) VerifyWithdrawProofs(goCtx context.Context, req *types.QueryVeri
 	if err != nil {
 		return &types.QueryVerifyWithdrawProofsResponse{
 			Valid: false,
-			Error: "withdraw binding verification failed: " + err.Error(),
-		}, nil
-	}
-
-	err = commitment.VerifyWithdrawEqualityProof(&equalityProofData)
-	if err != nil {
-		return &types.QueryVerifyWithdrawProofsResponse{
-			Valid: false,
-			Error: "equality proof verification failed: " + err.Error(),
-		}, nil
-	}
-
-	err = rangeproof.VerifyWithdrawRangeWithNonce(&rangeProofData)
-	if err != nil {
-		return &types.QueryVerifyWithdrawProofsResponse{
-			Valid: false,
-			Error: "range proof verification failed: " + err.Error(),
+			Error: "withdraw proof verification failed: " + err.Error(),
 		}, nil
 	}
 

x/zkp/keeper/zkp_verification_vectors_test.go

@@ -177,9 +177,7 @@ func zkpMutationErrMatches(actual, needle string) bool {
 			strings.Contains(la, "invalid equality proof data length") ||
 			strings.Contains(la, "invalid range proof data length") ||
 			strings.Contains(la, "invalid validity proof data length") ||
-			strings.Contains(la, "equality proof verification failed:") ||
-			strings.Contains(la, "range proof verification failed:") ||
-			strings.Contains(la, "validity proof verification failed:")
+			strings.Contains(la, "transfer proof verification failed:")
 	case "deserialization":
 		return strings.Contains(la, "deserialization") ||
 			strings.Contains(la, "algebraic relation failed") ||

x/zkp/verification/commitment/commitment.go

@@ -289,6 +289,14 @@ func (ep EqualityProof) Verify(
 
 func VerifyEqualityProof(
 	pd *CiphertextCommitmentEqualityProofData,
+) error {
+	t := NewEqualityInstructionTranscript(&pd.Context)
+	return VerifyEqualityProofWithTranscript(pd, t)
+}
+
+func VerifyEqualityProofWithTranscript(
+	pd *CiphertextCommitmentEqualityProofData,
+	t *merlin.Transcript,
 ) error {
 	var pk ElGamalPubkey
 	if err := pk.FromPod(pd.Context.Pubkey); err != nil {
@@ -311,8 +319,6 @@ func VerifyEqualityProof(
 		return ErrProofDeserialization
 	}
 
-	t := NewEqualityInstructionTranscript(&pd.Context)
-
 	if err := proof.Verify(&pk, &ct, cm, t); err != nil {
 		return ErrProofAlgebraic
 	}
@@ -379,6 +385,13 @@ type WithdrawCiphertextCommitmentEqualityProofData struct {
 }
 
 func VerifyWithdrawEqualityProof(pd *WithdrawCiphertextCommitmentEqualityProofData) error {
+	return VerifyWithdrawEqualityProofWithTranscript(pd, newWithdrawSplTranscript(&pd.Context))
+}
+
+func VerifyWithdrawEqualityProofWithTranscript(
+	pd *WithdrawCiphertextCommitmentEqualityProofData,
+	t *merlin.Transcript,
+) error {
 	var pk ElGamalPubkey
 	if err := pk.FromPod(pd.Context.Pubkey); err != nil {
 		return ErrProofDeserialization
@@ -400,8 +413,6 @@ func VerifyWithdrawEqualityProof(pd *WithdrawCiphertextCommitmentEqualityProofDa
 		return ErrProofDeserialization
 	}
 
-	t := newWithdrawSplTranscript(&pd.Context)
-
 	if err := proof.Verify(&pk, &ct, cm, t); err != nil {
 		return ErrProofAlgebraic
 	}

x/zkp/verification/range/range.go

@@ -922,6 +922,10 @@ type WithdrawBatchedRangeProofU64Data struct {
 
 
 func VerifyWithdrawRangeWithNonce(pd *WithdrawBatchedRangeProofU64Data) error {
+	return VerifyWithdrawRangeWithNonceWithTranscript(pd, newWithdrawTranscriptRange(&pd.Context))
+}
+
+func VerifyWithdrawRangeWithNonceWithTranscript(pd *WithdrawBatchedRangeProofU64Data, t *merlin.Transcript) error {
 	baseCtx := BatchedRangeProofContext{
 		Commitments: pd.Context.Commitments,
 		BitLengths:  pd.Context.BitLengths,
@@ -931,8 +935,6 @@ func VerifyWithdrawRangeWithNonce(pd *WithdrawBatchedRangeProofU64Data) error {
 		return perr
 	}
 
-	t := newWithdrawTranscriptRange(&pd.Context)
-
 	rp, err := RangeProofFromPodU64(pd.Proof)
 	if err != nil {
 		return ProofErrDeserialization
@@ -979,13 +981,15 @@ func BatchedRangeStatement(ctx *BatchedRangeProofContext, maxBL uint8) ([]Peders
 }
 
 func VerifyTransferRange(pd *BatchedRangeProofU128Data) error {
+	return VerifyTransferRangeWithTranscript(pd, NewBatchedRangeInstructionTranscript(&pd.Context))
+}
+
+func VerifyTransferRangeWithTranscript(pd *BatchedRangeProofU128Data, t *merlin.Transcript) error {
 	commitments, bitLengths, perr := collectRangeCtx(&pd.Context, 64)
 	if perr != 0 {
 		return perr
 	}
 
-	t := NewBatchedRangeInstructionTranscript(&pd.Context)
-
 	rp, err := RangeProofFromPodU128(pd.Proof)
 	if err != nil {
 		return ProofErrDeserialization

x/zkp/verification/transferctx/transferctx.go

@@ -10,6 +10,7 @@ import (
 	"github.com/Fairblock/fairyring/x/zkp/verification/common"
 	rangeproof "github.com/Fairblock/fairyring/x/zkp/verification/range"
 	"github.com/Fairblock/fairyring/x/zkp/verification/validity"
+	"github.com/gtank/merlin"
 )
 
 // VerifyBindings checks consistency between proofs and expected pubkeys / encrypted balance
@@ -63,6 +64,73 @@ func VerifyBindings(
 	return nil
 }
 
+func NewTransferInstructionTranscript(
+	eq *commitment.CiphertextCommitmentEqualityProofData,
+	rp *rangeproof.BatchedRangeProofU128Data,
+	vp *validity.BatchedGroupedCiphertext2HandlesValidityProofData,
+	currentC1, currentC2, senderPK, recipientPK []byte,
+) *merlin.Transcript {
+	t := merlin.NewTranscript("transfer-proof-instruction")
+
+	t.AppendMessage([]byte("sender-pubkey"), senderPK)
+	t.AppendMessage([]byte("recipient-pubkey"), recipientPK)
+
+	var currentCt [64]byte
+	copy(currentCt[0:32], currentC1)
+	copy(currentCt[32:64], currentC2)
+	t.AppendMessage([]byte("current-ciphertext"), currentCt[:])
+
+	t.AppendMessage([]byte("equality-pubkey"), eq.Context.Pubkey.Bytes[:])
+	var eqCt [64]byte
+	copy(eqCt[0:32], eq.Context.Ciphertext.Commitment[:])
+	copy(eqCt[32:64], eq.Context.Ciphertext.Handle[:])
+	t.AppendMessage([]byte("equality-ciphertext"), eqCt[:])
+	t.AppendMessage([]byte("equality-commitment"), eq.Context.Commitment.Bytes[:])
+
+	var rangeCommits [8 * 32]byte
+	for i := 0; i < 8; i++ {
+		copy(rangeCommits[32*i:32*(i+1)], rp.Context.Commitments[i].Bytes[:])
+	}
+	t.AppendMessage([]byte("range-commitments"), rangeCommits[:])
+
+	var rangeBits [8]byte
+	for i := 0; i < 8; i++ {
+		rangeBits[i] = rp.Context.BitLengths[i]
+	}
+	t.AppendMessage([]byte("range-bit-lengths"), rangeBits[:])
+
+	t.AppendMessage([]byte("validity-first-pubkey"), vp.Context.FirstPubkey.Bytes[:])
+	t.AppendMessage([]byte("validity-second-pubkey"), vp.Context.SecondPubkey.Bytes[:])
+	t.AppendMessage([]byte("grouped-ciphertext-lo"), vp.Context.GroupedCiphertextLo.Bytes[:])
+	t.AppendMessage([]byte("grouped-ciphertext-hi"), vp.Context.GroupedCiphertextHi.Bytes[:])
+
+	return t
+}
+
+func VerifyTransferProofs(
+	eq *commitment.CiphertextCommitmentEqualityProofData,
+	rp *rangeproof.BatchedRangeProofU128Data,
+	vp *validity.BatchedGroupedCiphertext2HandlesValidityProofData,
+	currentC1, currentC2, senderPK, recipientPK []byte,
+) error {
+	if err := VerifyBindings(eq, rp, vp, currentC1, currentC2, senderPK, recipientPK); err != nil {
+		return err
+	}
+
+	transcript := NewTransferInstructionTranscript(eq, rp, vp, currentC1, currentC2, senderPK, recipientPK)
+
+	if err := commitment.VerifyEqualityProofWithTranscript(eq, transcript); err != nil {
+		return err
+	}
+	if err := rangeproof.VerifyTransferRangeWithTranscript(rp, transcript); err != nil {
+		return err
+	}
+	if err := validity.VerifyValidityProofWithTranscript(vp, transcript); err != nil {
+		return err
+	}
+	return nil
+}
+
 func homomorphicSub(aC1, aC2, bC1, bC2 []byte) ([32]byte, [32]byte, error) {
 	var zero [32]byte
 	ac, err := common.PedersenCommitmentFromBytes(aC1)

x/zkp/verification/validity/validity.go

@@ -375,8 +375,13 @@ func (ctx *BatchedGroupedCiphertext2HandlesValidityProofContext) NewTranscript()
 func VerifyValidityProof(
 	p *BatchedGroupedCiphertext2HandlesValidityProofData,
 ) error {
-	transcript := p.Context.NewTranscript()
+	return VerifyValidityProofWithTranscript(p, p.Context.NewTranscript())
+}
 
+func VerifyValidityProofWithTranscript(
+	p *BatchedGroupedCiphertext2HandlesValidityProofData,
+	transcript *merlin.Transcript,
+) error {
 	var firstPubkey ElGamalPubkey
 	if err := firstPubkey.FromPod(p.Context.FirstPubkey); err != nil {
 		return ErrValidityInvalidProof