vrr/ruvector
2
0
Fork 0
mirror of https://github.com/ruvnet/RuVector.git synced 2026-05-23 04:27:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

feat(zk): Add production-ready Bulletproofs for zero-knowledge financial proofs

Browse source 
- Add production crypto: bulletproofs 5.0, merlin 3.0, subtle 2.5, lazy_static
- Implement zkproofs_prod.rs with real Ristretto255 Pedersen commitments
- Add constant-time operations via subtle crate for side-channel resistance
- Create zk_wasm_prod.rs with WASM bindings for browser-based ZK proofs
- Fix bit size calculation (Bulletproofs requires power-of-2: 8, 16, 32, 64)
- Fix memory leak: use rand crate instead of getrandom for non-wasm

Security improvements:
- Real cryptographic Bulletproofs (not demo hashing)
- Fiat-Shamir transcripts via Merlin for non-interactive proofs
- Constant-time comparison to prevent timing attacks
- Proof expiration and integrity verification

All 7 production ZK tests pass.
This commit is contained in:
Claude 2026-01-01 19:31:40 +00:00
parent 717acc1eb9
commit 7d64cf5ae7
6 changed files with 1269 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

89
examples/edge/Cargo.lock generated
View file

@ -259,6 +259,27 @@ dependencies = [
"objc2",
]
[[package]]
name = "bulletproofs"
version = "5.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "012e2e5f88332083bd4235d445ae78081c00b2558443821a9ca5adfe1070073d"
dependencies = [
"byteorder",
"clear_on_drop",
"curve25519-dalek",
"digest",
"group",
"merlin",
"rand",
"rand_core",
"serde",
"serde_derive",
"sha3",
"subtle",
"thiserror 1.0.69",
]
[[package]]
name = "bumpalo"
version = "3.19.1"
@ -417,6 +438,15 @@ version = "0.7.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d"
[[package]]
name = "clear_on_drop"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "38508a63f4979f0048febc9966fadbd48e5dab31fd0ec6a3f151bbf4a74f7423"
dependencies = [
"cc",
]
[[package]]
name = "colorchoice"
version = "1.0.4"
@ -622,6 +652,8 @@ dependencies = [
"curve25519-dalek-derive",
"digest",
"fiat-crypto",
"group",
"rand_core",
"rustc_version",
"serde",
"subtle",
@ -786,6 +818,16 @@ version = "2.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be"
[[package]]
name = "ff"
version = "0.13.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393"
dependencies = [
"rand_core",
"subtle",
]
[[package]]
name = "fiat-crypto"
version = "0.2.9"
@ -1028,6 +1070,17 @@ dependencies = [
"polyval",
]
[[package]]
name = "group"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
dependencies = [
"ff",
"rand_core",
"subtle",
]
[[package]]
name = "gundb"
version = "0.2.1"
@ -1377,6 +1430,15 @@ dependencies = [
"simple_asn1",
]
[[package]]
name = "keccak"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654"
dependencies = [
"cpufeatures",
]
[[package]]
name = "lazy_static"
version = "1.5.0"
@ -1449,6 +1511,18 @@ dependencies = [
"autocfg",
]
[[package]]
name = "merlin"
version = "3.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "58c38e2799fc0978b65dfff8023ec7843e2330bb462f19198840b34b6582397d"
dependencies = [
"byteorder",
"keccak",
"rand_core",
"zeroize",
]
[[package]]
name = "miniz_oxide"
version = "0.8.9"
@ -2128,10 +2202,12 @@ dependencies = [
"async-trait",
"base64 0.22.1",
"bincode",
"bulletproofs",
"chrono",
"clap 4.5.53",
"console_error_panic_hook",
"criterion",
"curve25519-dalek",
"ed25519-dalek",
"futures",
"getrandom 0.2.16",
@ -2139,7 +2215,9 @@ dependencies = [
"hex",
"hkdf",
"js-sys",
"lazy_static",
"lz4_flex",
"merlin",
"multihash",
"ordered-float",
"parking_lot 0.12.5",
@ -2151,6 +2229,7 @@ dependencies = [
"serde_bytes",
"serde_json",
"sha2",
"subtle",
"thiserror 2.0.17",
"tokio",
"tokio-test",
@ -2321,6 +2400,16 @@ dependencies = [
"digest",
]
[[package]]
name = "sha3"
version = "0.10.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60"
dependencies = [
"digest",
"keccak",
]
[[package]]
name = "sharded-slab"
version = "0.1.7"

7
examples/edge/Cargo.toml
View file

@ -49,6 +49,7 @@ lz4_flex = "0.11"
# Cryptography (for P2P security)
ed25519-dalek = { version = "2.1", features = ["rand_core", "serde"] }
x25519-dalek = { version = "2.0", features = ["static_secrets", "serde"] }
curve25519-dalek = { version = "4.1", features = ["serde", "rand_core"] }
aes-gcm = "0.10"
hkdf = "0.12"
sha2 = "0.10"
@ -61,6 +62,12 @@ serde_bytes = "0.11"
serde-big-array = "0.5"
ordered-float = "4.2"
# Production ZK proofs
bulletproofs = "5.0"
merlin = "3.0"
subtle = "2.5"
lazy_static = "1.4"
# CLI
clap = { version = "4.5", features = ["derive"] }

74
examples/edge/src/plaid/mod.rs
View file

@ -11,6 +11,7 @@
//! - `zk_wasm` - WASM bindings for ZK proofs
pub mod zkproofs;
pub mod zkproofs_prod;
#[cfg(feature = "wasm")]
pub mod wasm;
@ -18,72 +19,21 @@ pub mod wasm;
#[cfg(feature = "wasm")]
pub mod zk_wasm;
// Re-export ZK types
#[cfg(feature = "wasm")]
pub mod zk_wasm_prod;
// Re-export demo ZK types (for backward compatibility)
pub use zkproofs::{
ZkProof, ProofType, VerificationResult, Commitment,
FinancialProofBuilder, RentalApplicationProof,
};
//!
//! ## Architecture
//!
//! ```text
//! ┌─────────────────────────────────────────────────────────────────────────┐
//! │ USER'S BROWSER (All Data Stays Here) │
//! │ ┌─────────────────────────────────────────────────────────────────────┤
//! │ │ │
//! │ │ ┌─────────────┐ ┌──────────────────┐ ┌──────────────────┐ │
//! │ │ │ Plaid Link │───▶│ Transaction │───▶│ Local Learning │ │
//! │ │ │ (OAuth) │ │ Processor │ │ Engine (WASM) │ │
//! │ │ └─────────────┘ └──────────────────┘ └──────────────────┘ │
//! │ │ │ │ │ │
//! │ │ │ │ │ │
//! │ │ ▼ ▼ ▼ │
//! │ │ ┌─────────────┐ ┌──────────────────┐ ┌──────────────────┐ │
//! │ │ │ Access │ │ Pattern │ │ Q-Learning │ │
//! │ │ │ Token │ │ Embeddings │ │ Patterns │ │
//! │ │ │ (IndexedDB) │ │ (IndexedDB) │ │ (IndexedDB) │ │
//! │ │ └─────────────┘ └──────────────────┘ └──────────────────┘ │
//! │ │ │
//! │ │ ┌─────────────────────────────────────────────────────────────┐ │
//! │ │ │ HNSW Vector Index (WASM) │ │
//! │ │ │ - Semantic transaction search │ │
//! │ │ │ - Category prediction │ │
//! │ │ │ - Anomaly detection │ │
//! │ │ └─────────────────────────────────────────────────────────────┘ │
//! │ │ │
//! │ │ ┌─────────────────────────────────────────────────────────────┐ │
//! │ │ │ Spiking Neural Network (WASM) │ │
//! │ │ │ - Temporal spending patterns │ │
//! │ │ │ - Habit detection │ │
//! │ │ │ - STDP learning (bio-inspired) │ │
//! │ │ └─────────────────────────────────────────────────────────────┘ │
//! │ │ │
//! │ └──────────────────────────────────────────────────────────────────────┤
//! └─────────────────────────────────────────────────────────────────────────┘
//! │
//! │ HTTPS (only OAuth + API calls)
//! ▼
//! ┌─────────────────────┐
//! │ Plaid Servers │
//! │ (Auth & Raw Data) │
//! └─────────────────────┘
//! ```
//!
//! ## Privacy Guarantees
//!
//! 1. **No data exfiltration**: Financial data never leaves the browser
//! 2. **Local-only learning**: All ML models train and run in WASM
//! 3. **Encrypted storage**: IndexedDB data encrypted with user key
//! 4. **No analytics/telemetry**: Zero tracking or data collection
//! 5. **Optional differential privacy**: If sync enabled, noise is added
//!
//! ## Features
//!
//! - **Smart categorization**: ML-based transaction categorization
//! - **Spending insights**: Pattern recognition without cloud processing
//! - **Anomaly detection**: Flag unusual transactions locally
//! - **Budget optimization**: Self-learning budget recommendations
//! - **Temporal patterns**: Weekly/monthly spending habit detection
// Re-export production ZK types
pub use zkproofs_prod::{
PedersenCommitment, ZkRangeProof, ProofMetadata,
VerificationResult as ProdVerificationResult,
FinancialProver, FinancialVerifier, RentalApplicationBundle,
};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;

390
examples/edge/src/plaid/zk_wasm_prod.rs Normal file
View file

@ -0,0 +1,390 @@
//! Production WASM Bindings for Zero-Knowledge Financial Proofs
//!
//! Exposes production-grade Bulletproofs to JavaScript with a safe API.
//!
//! ## Security
//!
//! - All cryptographic operations use audited libraries
//! - Constant-time operations prevent timing attacks
//! - No sensitive data exposed to JavaScript
#![cfg(feature = "wasm")]
use wasm_bindgen::prelude::*;
use serde::{Deserialize, Serialize};
use super::zkproofs_prod::{
FinancialProver, FinancialVerifier, ZkRangeProof,
RentalApplicationBundle, ProdVerificationResult,
};
/// Production ZK Financial Prover for browser use
///
/// Uses real Bulletproofs for cryptographically secure range proofs.
#[wasm_bindgen]
pub struct WasmFinancialProver {
inner: FinancialProver,
}
#[wasm_bindgen]
impl WasmFinancialProver {
/// Create a new prover
#[wasm_bindgen(constructor)]
pub fn new() -> Self {
Self {
inner: FinancialProver::new(),
}
}
/// Set monthly income data (in cents)
///
/// Example: $6,500/month = 650000 cents
#[wasm_bindgen(js_name = setIncome)]
pub fn set_income(&mut self, income_json: &str) -> Result<(), JsValue> {
let income: Vec<u64> = serde_json::from_str(income_json)
.map_err(|e| JsValue::from_str(&format!("Parse error: {}", e)))?;
self.inner.set_income(income);
Ok(())
}
/// Set daily balance history (in cents)
///
/// Negative values represent overdrafts.
#[wasm_bindgen(js_name = setBalances)]
pub fn set_balances(&mut self, balances_json: &str) -> Result<(), JsValue> {
let balances: Vec<i64> = serde_json::from_str(balances_json)
.map_err(|e| JsValue::from_str(&format!("Parse error: {}", e)))?;
self.inner.set_balances(balances);
Ok(())
}
/// Set expense data for a category (in cents)
#[wasm_bindgen(js_name = setExpenses)]
pub fn set_expenses(&mut self, category: &str, expenses_json: &str) -> Result<(), JsValue> {
let expenses: Vec<u64> = serde_json::from_str(expenses_json)
.map_err(|e| JsValue::from_str(&format!("Parse error: {}", e)))?;
self.inner.set_expenses(category, expenses);
Ok(())
}
/// Prove: average income >= threshold (in cents)
///
/// Returns a ZK proof that can be verified without revealing actual income.
#[wasm_bindgen(js_name = proveIncomeAbove)]
pub fn prove_income_above(&mut self, threshold_cents: u64) -> Result<JsValue, JsValue> {
let proof = self.inner.prove_income_above(threshold_cents)
.map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&ProofResult::from_proof(proof))
.map_err(|e| JsValue::from_str(&e.to_string()))
}
/// Prove: income >= multiplier × rent
///
/// Common requirement: income must be 3x rent.
#[wasm_bindgen(js_name = proveAffordability)]
pub fn prove_affordability(&mut self, rent_cents: u64, multiplier: u64) -> Result<JsValue, JsValue> {
let proof = self.inner.prove_affordability(rent_cents, multiplier)
.map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&ProofResult::from_proof(proof))
.map_err(|e| JsValue::from_str(&e.to_string()))
}
/// Prove: no overdrafts in the past N days
#[wasm_bindgen(js_name = proveNoOverdrafts)]
pub fn prove_no_overdrafts(&mut self, days: usize) -> Result<JsValue, JsValue> {
let proof = self.inner.prove_no_overdrafts(days)
.map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&ProofResult::from_proof(proof))
.map_err(|e| JsValue::from_str(&e.to_string()))
}
/// Prove: current savings >= threshold (in cents)
#[wasm_bindgen(js_name = proveSavingsAbove)]
pub fn prove_savings_above(&mut self, threshold_cents: u64) -> Result<JsValue, JsValue> {
let proof = self.inner.prove_savings_above(threshold_cents)
.map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&ProofResult::from_proof(proof))
.map_err(|e| JsValue::from_str(&e.to_string()))
}
/// Prove: average spending in category <= budget (in cents)
#[wasm_bindgen(js_name = proveBudgetCompliance)]
pub fn prove_budget_compliance(&mut self, category: &str, budget_cents: u64) -> Result<JsValue, JsValue> {
let proof = self.inner.prove_budget_compliance(category, budget_cents)
.map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&ProofResult::from_proof(proof))
.map_err(|e| JsValue::from_str(&e.to_string()))
}
/// Create a complete rental application bundle
///
/// Combines income, stability, and optional savings proofs.
#[wasm_bindgen(js_name = createRentalApplication)]
pub fn create_rental_application(
&mut self,
rent_cents: u64,
income_multiplier: u64,
stability_days: usize,
savings_months: Option<u64>,
) -> Result<JsValue, JsValue> {
let bundle = RentalApplicationBundle::create(
&mut self.inner,
rent_cents,
income_multiplier,
stability_days,
savings_months,
).map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&BundleResult::from_bundle(bundle))
.map_err(|e| JsValue::from_str(&e.to_string()))
}
}
impl Default for WasmFinancialProver {
fn default() -> Self {
Self::new()
}
}
/// Production ZK Verifier for browser use
#[wasm_bindgen]
pub struct WasmFinancialVerifier;
#[wasm_bindgen]
impl WasmFinancialVerifier {
/// Create a new verifier
#[wasm_bindgen(constructor)]
pub fn new() -> Self {
Self
}
/// Verify a ZK range proof
///
/// Returns verification result without learning the private value.
#[wasm_bindgen]
pub fn verify(&self, proof_json: &str) -> Result<JsValue, JsValue> {
let proof_result: ProofResult = serde_json::from_str(proof_json)
.map_err(|e| JsValue::from_str(&format!("Parse error: {}", e)))?;
let proof = proof_result.to_proof()
.map_err(|e| JsValue::from_str(&e))?;
let result = FinancialVerifier::verify(&proof)
.map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&VerificationOutput::from_result(result))
.map_err(|e| JsValue::from_str(&e.to_string()))
}
/// Verify a rental application bundle
#[wasm_bindgen(js_name = verifyBundle)]
pub fn verify_bundle(&self, bundle_json: &str) -> Result<JsValue, JsValue> {
let bundle_result: BundleResult = serde_json::from_str(bundle_json)
.map_err(|e| JsValue::from_str(&format!("Parse error: {}", e)))?;
let bundle = bundle_result.to_bundle()
.map_err(|e| JsValue::from_str(&e))?;
let valid = bundle.verify()
.map_err(|e| JsValue::from_str(&e))?;
serde_wasm_bindgen::to_value(&BundleVerification {
valid,
application_id: bundle.application_id,
created_at: bundle.created_at,
})
.map_err(|e| JsValue::from_str(&e.to_string()))
}
}
impl Default for WasmFinancialVerifier {
fn default() -> Self {
Self::new()
}
}
// ============================================================================
// JSON-Serializable Types for JS Interop
// ============================================================================
/// Proof result for JS consumption
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ProofResult {
/// Base64-encoded proof bytes
pub proof_base64: String,
/// Commitment point (hex)
pub commitment_hex: String,
/// Lower bound
pub min: u64,
/// Upper bound
pub max: u64,
/// Statement
pub statement: String,
/// Generated timestamp
pub generated_at: u64,
/// Expiration timestamp
pub expires_at: Option<u64>,
/// Proof hash (hex)
pub hash_hex: String,
}
impl ProofResult {
fn from_proof(proof: ZkRangeProof) -> Self {
use base64::{Engine as _, engine::general_purpose::STANDARD};
Self {
proof_base64: STANDARD.encode(&proof.proof_bytes),
commitment_hex: hex::encode(proof.commitment.point),
min: proof.min,
max: proof.max,
statement: proof.statement,
generated_at: proof.metadata.generated_at,
expires_at: proof.metadata.expires_at,
hash_hex: hex::encode(proof.metadata.hash),
}
}
fn to_proof(&self) -> Result<ZkRangeProof, String> {
use super::zkproofs_prod::{PedersenCommitment, ProofMetadata};
use base64::{Engine as _, engine::general_purpose::STANDARD};
let proof_bytes = STANDARD.decode(&self.proof_base64)
.map_err(|e| format!("Invalid base64: {}", e))?;
let commitment_bytes: [u8; 32] = hex::decode(&self.commitment_hex)
.map_err(|e| format!("Invalid commitment hex: {}", e))?
.try_into()
.map_err(|_| "Invalid commitment length")?;
let hash_bytes: [u8; 32] = hex::decode(&self.hash_hex)
.map_err(|e| format!("Invalid hash hex: {}", e))?
.try_into()
.map_err(|_| "Invalid hash length")?;
Ok(ZkRangeProof {
proof_bytes,
commitment: PedersenCommitment { point: commitment_bytes },
min: self.min,
max: self.max,
statement: self.statement.clone(),
metadata: ProofMetadata {
generated_at: self.generated_at,
expires_at: self.expires_at,
version: 1,
hash: hash_bytes,
},
})
}
}
/// Bundle result for JS consumption
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BundleResult {
/// Income proof
pub income_proof: ProofResult,
/// Stability proof
pub stability_proof: ProofResult,
/// Optional savings proof
pub savings_proof: Option<ProofResult>,
/// Application ID
pub application_id: String,
/// Created timestamp
pub created_at: u64,
/// Bundle hash (hex)
pub bundle_hash_hex: String,
}
impl BundleResult {
fn from_bundle(bundle: RentalApplicationBundle) -> Self {
Self {
income_proof: ProofResult::from_proof(bundle.income_proof),
stability_proof: ProofResult::from_proof(bundle.stability_proof),
savings_proof: bundle.savings_proof.map(ProofResult::from_proof),
application_id: bundle.application_id,
created_at: bundle.created_at,
bundle_hash_hex: hex::encode(bundle.bundle_hash),
}
}
fn to_bundle(&self) -> Result<RentalApplicationBundle, String> {
let bundle_hash: [u8; 32] = hex::decode(&self.bundle_hash_hex)
.map_err(|e| format!("Invalid bundle hash: {}", e))?
.try_into()
.map_err(|_| "Invalid bundle hash length")?;
Ok(RentalApplicationBundle {
income_proof: self.income_proof.to_proof()?,
stability_proof: self.stability_proof.to_proof()?,
savings_proof: self.savings_proof.as_ref().map(|p| p.to_proof()).transpose()?,
application_id: self.application_id.clone(),
created_at: self.created_at,
bundle_hash,
})
}
}
/// Verification output for JS consumption
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct VerificationOutput {
/// Whether the proof is valid
pub valid: bool,
/// The statement that was verified
pub statement: String,
/// When verified
pub verified_at: u64,
/// Error message if invalid
pub error: Option<String>,
}
impl VerificationOutput {
fn from_result(result: super::zkproofs_prod::VerificationResult) -> Self {
Self {
valid: result.valid,
statement: result.statement,
verified_at: result.verified_at,
error: result.error,
}
}
}
/// Bundle verification result
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BundleVerification {
pub valid: bool,
pub application_id: String,
pub created_at: u64,
}
// ============================================================================
// Utility Functions
// ============================================================================
/// Check if production ZK is available
#[wasm_bindgen(js_name = isProductionZkAvailable)]
pub fn is_production_zk_available() -> bool {
true
}
/// Get ZK library version info
#[wasm_bindgen(js_name = getZkVersionInfo)]
pub fn get_zk_version_info() -> JsValue {
let info = serde_json::json!({
"version": "1.0.0",
"library": "bulletproofs",
"curve": "ristretto255",
"transcript": "merlin",
"security_level": "128-bit",
"features": [
"range_proofs",
"pedersen_commitments",
"constant_time_operations",
"fiat_shamir_transform"
]
});
serde_wasm_bindgen::to_value(&info).unwrap_or(JsValue::NULL)
}

9
examples/edge/src/plaid/zkproofs.rs
View file

@ -145,14 +145,15 @@ impl PedersenCommitment {
Commitment {
point,
blinding: Some(*blinding),
}
}
/// Generate random blinding factor
pub fn random_blinding() -> [u8; 32] {
use rand::Rng;
let mut rng = rand::thread_rng();
let mut blinding = [0u8; 32];
getrandom::getrandom(&mut blinding).expect("Failed to generate randomness");
rng.fill(&mut blinding);
blinding
}
@ -630,8 +631,10 @@ fn current_timestamp() -> u64 {
}
fn generate_anonymous_id() -> String {
use rand::Rng;
let mut rng = rand::thread_rng();
let mut bytes = [0u8; 16];
getrandom::getrandom(&mut bytes).expect("Failed to generate ID");
rng.fill(&mut bytes);
hex::encode(bytes)
}

765
examples/edge/src/plaid/zkproofs_prod.rs Normal file
View file

@ -0,0 +1,765 @@
//! Production-Ready Zero-Knowledge Financial Proofs
//!
//! This module provides cryptographically secure zero-knowledge proofs using:
//! - **Bulletproofs** for range proofs (no trusted setup)
//! - **Ristretto255** for Pedersen commitments (constant-time, safe API)
//! - **Merlin** for Fiat-Shamir transcripts
//! - **SHA-512** for secure hashing
//!
//! ## Security Properties
//!
//! - **Zero-Knowledge**: Verifier learns nothing beyond validity
//! - **Soundness**: Computationally infeasible to create false proofs
//! - **Completeness**: Valid statements always produce valid proofs
//! - **Side-channel resistant**: Constant-time operations throughout
//!
//! ## Usage
//!
//! ```rust,ignore
//! use ruvector_edge::plaid::zkproofs_prod::*;
//!
//! // Create prover with private data
//! let mut prover = FinancialProver::new();
//! prover.set_income(vec![650000, 650000, 680000]); // cents
//!
//! // Generate proof (income >= 3x rent)
//! let proof = prover.prove_affordability(200000, 3)?; // $2000 rent
//!
//! // Verify (learns nothing about actual income)
//! let valid = FinancialVerifier::verify(&proof)?;
//! assert!(valid);
//! ```
use bulletproofs::{BulletproofGens, PedersenGens, RangeProof as BulletproofRangeProof};
use curve25519_dalek::{ristretto::CompressedRistretto, scalar::Scalar};
use merlin::Transcript;
use rand::rngs::OsRng;
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha512};
use std::collections::HashMap;
use subtle::ConstantTimeEq;
// ============================================================================
// Constants
// ============================================================================
/// Domain separator for financial proof transcripts
const TRANSCRIPT_LABEL: &[u8] = b"ruvector-financial-zk-v1";
/// Maximum bit size for range proofs (64-bit values)
const MAX_BITS: usize = 64;
/// Pre-computed generators for efficiency
lazy_static::lazy_static! {
static ref BP_GENS: BulletproofGens = BulletproofGens::new(MAX_BITS, 16);
static ref PC_GENS: PedersenGens = PedersenGens::default();
}
// ============================================================================
// Core Types
// ============================================================================
/// A Pedersen commitment to a hidden value
///
/// Commitment = value·G + blinding·H where G, H are Ristretto255 points
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PedersenCommitment {
/// Compressed Ristretto255 point (32 bytes)
pub point: [u8; 32],
}
impl PedersenCommitment {
/// Create a commitment to a value with random blinding
pub fn commit(value: u64) -> (Self, Scalar) {
let blinding = Scalar::random(&mut OsRng);
let commitment = PC_GENS.commit(Scalar::from(value), blinding);
(
Self {
point: commitment.compress().to_bytes(),
},
blinding,
)
}
/// Create a commitment with specified blinding factor
pub fn commit_with_blinding(value: u64, blinding: &Scalar) -> Self {
let commitment = PC_GENS.commit(Scalar::from(value), *blinding);
Self {
point: commitment.compress().to_bytes(),
}
}
/// Decompress to Ristretto point
pub fn decompress(&self) -> Option<curve25519_dalek::ristretto::RistrettoPoint> {
CompressedRistretto::from_slice(&self.point)
.ok()?
.decompress()
}
}
/// Zero-knowledge range proof
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ZkRangeProof {
/// The cryptographic proof bytes
pub proof_bytes: Vec<u8>,
/// Commitment to the value being proved
pub commitment: PedersenCommitment,
/// Lower bound (public)
pub min: u64,
/// Upper bound (public)
pub max: u64,
/// Human-readable statement
pub statement: String,
/// Proof metadata
pub metadata: ProofMetadata,
}
/// Proof metadata
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ProofMetadata {
/// When the proof was generated (Unix timestamp)
pub generated_at: u64,
/// When the proof expires (optional)
pub expires_at: Option<u64>,
/// Proof version for compatibility
pub version: u8,
/// Hash of the proof for integrity
pub hash: [u8; 32],
}
impl ProofMetadata {
fn new(proof_bytes: &[u8], expires_in_days: Option<u64>) -> Self {
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.map(|d| d.as_secs())
.unwrap_or(0);
let mut hasher = Sha512::new();
hasher.update(proof_bytes);
let hash_result = hasher.finalize();
let mut hash = [0u8; 32];
hash.copy_from_slice(&hash_result[..32]);
Self {
generated_at: now,
expires_at: expires_in_days.map(|d| now + d * 86400),
version: 1,
hash,
}
}
/// Check if proof is expired
pub fn is_expired(&self) -> bool {
if let Some(expires) = self.expires_at {
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.map(|d| d.as_secs())
.unwrap_or(0);
now > expires
} else {
false
}
}
}
/// Verification result
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct VerificationResult {
/// Whether the proof is valid
pub valid: bool,
/// The statement that was verified
pub statement: String,
/// When verification occurred
pub verified_at: u64,
/// Any error message
pub error: Option<String>,
}
// ============================================================================
// Financial Prover
// ============================================================================
/// Prover for financial statements
///
/// Stores private financial data and generates ZK proofs.
pub struct FinancialProver {
/// Monthly income values (in cents)
income: Vec<u64>,
/// Daily balance history (in cents, can be negative represented as i64 then converted)
balances: Vec<i64>,
/// Monthly expenses by category
expenses: HashMap<String, Vec<u64>>,
/// Blinding factors for commitments (to allow proof combination)
blindings: HashMap<String, Scalar>,
}
impl FinancialProver {
/// Create a new prover
pub fn new() -> Self {
Self {
income: Vec::new(),
balances: Vec::new(),
expenses: HashMap::new(),
blindings: HashMap::new(),
}
}
/// Set monthly income data
pub fn set_income(&mut self, monthly_income: Vec<u64>) {
self.income = monthly_income;
}
/// Set daily balance history
pub fn set_balances(&mut self, daily_balances: Vec<i64>) {
self.balances = daily_balances;
}
/// Set expense data for a category
pub fn set_expenses(&mut self, category: &str, monthly_expenses: Vec<u64>) {
self.expenses.insert(category.to_string(), monthly_expenses);
}
// ========================================================================
// Proof Generation
// ========================================================================
/// Prove: average income >= threshold
pub fn prove_income_above(&mut self, threshold: u64) -> Result<ZkRangeProof, String> {
if self.income.is_empty() {
return Err("No income data provided".to_string());
}
let avg_income = self.income.iter().sum::<u64>() / self.income.len() as u64;
if avg_income < threshold {
return Err("Income does not meet threshold".to_string());
}
// Prove: avg_income - threshold >= 0 (i.e., avg_income is in range [threshold, max])
self.create_range_proof(
avg_income,
threshold,
u64::MAX / 2,
format!("Average monthly income >= ${:.2}", threshold as f64 / 100.0),
"income",
)
}
/// Prove: income >= multiplier × rent (affordability)
pub fn prove_affordability(&mut self, rent: u64, multiplier: u64) -> Result<ZkRangeProof, String> {
if self.income.is_empty() {
return Err("No income data provided".to_string());
}
let avg_income = self.income.iter().sum::<u64>() / self.income.len() as u64;
let required = rent.saturating_mul(multiplier);
if avg_income < required {
return Err(format!(
"Income ${:.2} does not meet {}x rent requirement ${:.2}",
avg_income as f64 / 100.0,
multiplier,
required as f64 / 100.0
));
}
self.create_range_proof(
avg_income,
required,
u64::MAX / 2,
format!(
"Income >= {}× monthly rent of ${:.2}",
multiplier,
rent as f64 / 100.0
),
"affordability",
)
}
/// Prove: minimum balance >= 0 for last N days (no overdrafts)
pub fn prove_no_overdrafts(&mut self, days: usize) -> Result<ZkRangeProof, String> {
if self.balances.is_empty() {
return Err("No balance data provided".to_string());
}
let relevant = if days < self.balances.len() {
&self.balances[self.balances.len() - days..]
} else {
&self.balances[..]
};
let min_balance = *relevant.iter().min().unwrap_or(&0);
if min_balance < 0 {
return Err("Overdraft detected in the specified period".to_string());
}
// Prove minimum balance is non-negative
self.create_range_proof(
min_balance as u64,
0,
u64::MAX / 2,
format!("No overdrafts in the past {} days", days),
"no_overdraft",
)
}
/// Prove: current savings >= threshold
pub fn prove_savings_above(&mut self, threshold: u64) -> Result<ZkRangeProof, String> {
if self.balances.is_empty() {
return Err("No balance data provided".to_string());
}
let current = *self.balances.last().unwrap_or(&0);
if current < threshold as i64 {
return Err("Savings do not meet threshold".to_string());
}
self.create_range_proof(
current as u64,
threshold,
u64::MAX / 2,
format!("Current savings >= ${:.2}", threshold as f64 / 100.0),
"savings",
)
}
/// Prove: average spending in category <= budget
pub fn prove_budget_compliance(
&mut self,
category: &str,
budget: u64,
) -> Result<ZkRangeProof, String> {
let expenses = self
.expenses
.get(category)
.ok_or_else(|| format!("No data for category: {}", category))?;
if expenses.is_empty() {
return Err("No expense data for category".to_string());
}
let avg_spending = expenses.iter().sum::<u64>() / expenses.len() as u64;
if avg_spending > budget {
return Err(format!(
"Average spending ${:.2} exceeds budget ${:.2}",
avg_spending as f64 / 100.0,
budget as f64 / 100.0
));
}
// Prove: avg_spending is in range [0, budget]
self.create_range_proof(
avg_spending,
0,
budget,
format!(
"Average {} spending <= ${:.2}/month",
category,
budget as f64 / 100.0
),
&format!("budget_{}", category),
)
}
// ========================================================================
// Internal
// ========================================================================
/// Create a range proof using Bulletproofs
fn create_range_proof(
&mut self,
value: u64,
min: u64,
max: u64,
statement: String,
key: &str,
) -> Result<ZkRangeProof, String> {
// Shift value to prove it's in [0, max-min]
let shifted_value = value.checked_sub(min).ok_or("Value below minimum")?;
let range = max.checked_sub(min).ok_or("Invalid range")?;
// Determine number of bits needed - Bulletproofs requires power of 2
let raw_bits = (64 - range.leading_zeros()) as usize;
// Round up to next power of 2: 8, 16, 32, or 64
let bits = match raw_bits {
0..=8 => 8,
9..=16 => 16,
17..=32 => 32,
_ => 64,
};
// Generate or retrieve blinding factor
let blinding = self
.blindings
.entry(key.to_string())
.or_insert_with(|| Scalar::random(&mut OsRng))
.clone();
// Create commitment
let commitment = PedersenCommitment::commit_with_blinding(shifted_value, &blinding);
// Create Fiat-Shamir transcript
let mut transcript = Transcript::new(TRANSCRIPT_LABEL);
transcript.append_message(b"statement", statement.as_bytes());
transcript.append_u64(b"min", min);
transcript.append_u64(b"max", max);
// Generate Bulletproof
let (proof, _) = BulletproofRangeProof::prove_single(
&BP_GENS,
&PC_GENS,
&mut transcript,
shifted_value,
&blinding,
bits,
)
.map_err(|e| format!("Proof generation failed: {:?}", e))?;
let proof_bytes = proof.to_bytes();
let metadata = ProofMetadata::new(&proof_bytes, Some(30)); // 30 day expiry
Ok(ZkRangeProof {
proof_bytes,
commitment,
min,
max,
statement,
metadata,
})
}
}
impl Default for FinancialProver {
fn default() -> Self {
Self::new()
}
}
// ============================================================================
// Financial Verifier
// ============================================================================
/// Verifier for financial proofs
///
/// Verifies ZK proofs without learning private values.
pub struct FinancialVerifier;
impl FinancialVerifier {
/// Verify a range proof
pub fn verify(proof: &ZkRangeProof) -> Result<VerificationResult, String> {
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.map(|d| d.as_secs())
.unwrap_or(0);
// Check expiration
if proof.metadata.is_expired() {
return Ok(VerificationResult {
valid: false,
statement: proof.statement.clone(),
verified_at: now,
error: Some("Proof has expired".to_string()),
});
}
// Verify proof hash integrity
let mut hasher = Sha512::new();
hasher.update(&proof.proof_bytes);
let hash_result = hasher.finalize();
let computed_hash: [u8; 32] = hash_result[..32].try_into().unwrap();
if computed_hash.ct_ne(&proof.metadata.hash).into() {
return Ok(VerificationResult {
valid: false,
statement: proof.statement.clone(),
verified_at: now,
error: Some("Proof integrity check failed".to_string()),
});
}
// Decompress commitment
let commitment_point = proof
.commitment
.decompress()
.ok_or("Invalid commitment point")?;
// Recreate transcript with same parameters
let mut transcript = Transcript::new(TRANSCRIPT_LABEL);
transcript.append_message(b"statement", proof.statement.as_bytes());
transcript.append_u64(b"min", proof.min);
transcript.append_u64(b"max", proof.max);
// Parse bulletproof
let bulletproof = BulletproofRangeProof::from_bytes(&proof.proof_bytes)
.map_err(|e| format!("Invalid proof format: {:?}", e))?;
// Determine bits from range - must match prover's power-of-2 calculation
let range = proof.max.saturating_sub(proof.min);
let raw_bits = (64 - range.leading_zeros()) as usize;
let bits = match raw_bits {
0..=8 => 8,
9..=16 => 16,
17..=32 => 32,
_ => 64,
};
// Verify the bulletproof
let result = bulletproof.verify_single(
&BP_GENS,
&PC_GENS,
&mut transcript,
&commitment_point.compress(),
bits,
);
match result {
Ok(_) => Ok(VerificationResult {
valid: true,
statement: proof.statement.clone(),
verified_at: now,
error: None,
}),
Err(e) => Ok(VerificationResult {
valid: false,
statement: proof.statement.clone(),
verified_at: now,
error: Some(format!("Verification failed: {:?}", e)),
}),
}
}
/// Batch verify multiple proofs (more efficient)
pub fn verify_batch(proofs: &[ZkRangeProof]) -> Vec<VerificationResult> {
// For now, verify individually
// TODO: Implement batch verification for efficiency
proofs.iter().map(|p| Self::verify(p).unwrap_or_else(|e| {
VerificationResult {
valid: false,
statement: p.statement.clone(),
verified_at: 0,
error: Some(e),
}
})).collect()
}
}
// ============================================================================
// Composite Proofs
// ============================================================================
/// Complete rental application proof bundle
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RentalApplicationBundle {
/// Proof of income meeting affordability requirement
pub income_proof: ZkRangeProof,
/// Proof of no overdrafts
pub stability_proof: ZkRangeProof,
/// Proof of savings buffer (optional)
pub savings_proof: Option<ZkRangeProof>,
/// Application metadata
pub application_id: String,
/// When the bundle was created
pub created_at: u64,
/// Bundle hash for integrity
pub bundle_hash: [u8; 32],
}
impl RentalApplicationBundle {
/// Create a complete rental application bundle
pub fn create(
prover: &mut FinancialProver,
rent: u64,
income_multiplier: u64,
stability_days: usize,
savings_months: Option<u64>,
) -> Result<Self, String> {
let income_proof = prover.prove_affordability(rent, income_multiplier)?;
let stability_proof = prover.prove_no_overdrafts(stability_days)?;
let savings_proof = if let Some(months) = savings_months {
Some(prover.prove_savings_above(rent * months)?)
} else {
None
};
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.map(|d| d.as_secs())
.unwrap_or(0);
// Generate application ID
let mut id_hasher = Sha512::new();
id_hasher.update(&income_proof.commitment.point);
id_hasher.update(&stability_proof.commitment.point);
id_hasher.update(&now.to_le_bytes());
let id_hash = id_hasher.finalize();
let application_id = hex::encode(&id_hash[..16]);
// Generate bundle hash
let mut bundle_hasher = Sha512::new();
bundle_hasher.update(&income_proof.proof_bytes);
bundle_hasher.update(&stability_proof.proof_bytes);
if let Some(ref sp) = savings_proof {
bundle_hasher.update(&sp.proof_bytes);
}
let bundle_hash_result = bundle_hasher.finalize();
let mut bundle_hash = [0u8; 32];
bundle_hash.copy_from_slice(&bundle_hash_result[..32]);
Ok(Self {
income_proof,
stability_proof,
savings_proof,
application_id,
created_at: now,
bundle_hash,
})
}
/// Verify the entire bundle
pub fn verify(&self) -> Result<bool, String> {
// Verify bundle integrity
let mut bundle_hasher = Sha512::new();
bundle_hasher.update(&self.income_proof.proof_bytes);
bundle_hasher.update(&self.stability_proof.proof_bytes);
if let Some(ref sp) = self.savings_proof {
bundle_hasher.update(&sp.proof_bytes);
}
let computed_hash = bundle_hasher.finalize();
if computed_hash[..32].ct_ne(&self.bundle_hash).into() {
return Err("Bundle integrity check failed".to_string());
}
// Verify individual proofs
let income_result = FinancialVerifier::verify(&self.income_proof)?;
if !income_result.valid {
return Ok(false);
}
let stability_result = FinancialVerifier::verify(&self.stability_proof)?;
if !stability_result.valid {
return Ok(false);
}
if let Some(ref savings_proof) = self.savings_proof {
let savings_result = FinancialVerifier::verify(savings_proof)?;
if !savings_result.valid {
return Ok(false);
}
}
Ok(true)
}
}
// ============================================================================
// Tests
// ============================================================================
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_income_proof() {
let mut prover = FinancialProver::new();
prover.set_income(vec![650000, 650000, 680000, 650000]); // ~$6500/month
// Should succeed: income > $5000
let proof = prover.prove_income_above(500000).unwrap();
let result = FinancialVerifier::verify(&proof).unwrap();
assert!(result.valid, "Proof should be valid");
// Should fail: income < $10000
let result = prover.prove_income_above(1000000);
assert!(result.is_err(), "Should fail for threshold above income");
}
#[test]
fn test_affordability_proof() {
let mut prover = FinancialProver::new();
prover.set_income(vec![650000, 650000, 650000, 650000]); // $6500/month
// Should succeed: $6500 >= 3 × $2000
let proof = prover.prove_affordability(200000, 3).unwrap();
let result = FinancialVerifier::verify(&proof).unwrap();
assert!(result.valid);
// Should fail: $6500 < 3 × $3000
let result = prover.prove_affordability(300000, 3);
assert!(result.is_err());
}
#[test]
fn test_no_overdraft_proof() {
let mut prover = FinancialProver::new();
prover.set_balances(vec![100000, 80000, 120000, 50000, 90000]); // All positive
let proof = prover.prove_no_overdrafts(5).unwrap();
let result = FinancialVerifier::verify(&proof).unwrap();
assert!(result.valid);
}
#[test]
fn test_overdraft_fails() {
let mut prover = FinancialProver::new();
prover.set_balances(vec![100000, -5000, 120000]); // Has overdraft
let result = prover.prove_no_overdrafts(3);
assert!(result.is_err());
}
#[test]
fn test_rental_application_bundle() {
let mut prover = FinancialProver::new();
prover.set_income(vec![650000, 650000, 680000, 650000]);
prover.set_balances(vec![500000, 520000, 480000, 510000, 530000]);
let bundle = RentalApplicationBundle::create(
&mut prover,
200000, // $2000 rent
3, // 3x income
30, // 30 days stability
Some(2), // 2 months savings
)
.unwrap();
assert!(bundle.verify().unwrap());
}
#[test]
fn test_proof_expiration() {
let mut prover = FinancialProver::new();
prover.set_income(vec![650000]);
let mut proof = prover.prove_income_above(500000).unwrap();
// Manually expire the proof
proof.metadata.expires_at = Some(0);
let result = FinancialVerifier::verify(&proof).unwrap();
assert!(!result.valid);
assert!(result.error.as_ref().unwrap().contains("expired"));
}
#[test]
fn test_proof_integrity() {
let mut prover = FinancialProver::new();
prover.set_income(vec![650000]);
let mut proof = prover.prove_income_above(500000).unwrap();
// Tamper with the proof
if !proof.proof_bytes.is_empty() {
proof.proof_bytes[0] ^= 0xFF;
}
let result = FinancialVerifier::verify(&proof).unwrap();
assert!(!result.valid);
}
}