├── .editorconfig ├── .gitignore ├── .travis.yml ├── Cargo.toml ├── LICENSE ├── README.md ├── rust-toolchain ├── rustfmt.toml └── src ├── lib.rs └── sip.rs /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | [*.rs] 3 | indent_style=space 4 | indent_size=4 5 | tab_width=8 6 | end_of_line=lf 7 | charset=utf-8 8 | trim_trailing_whitespace=true 9 | max_line_length=120 10 | insert_final_newline=true 11 | 12 | [.travis.yml] 13 | indent_style=space 14 | indent_size=2 15 | tab_width=8 16 | end_of_line=lf 17 | charset=utf-8 18 | trim_trailing_whitespace=true 19 | insert_final_newline=true 20 | 21 | [*.toml] 22 | indent_style=space 23 | indent_size=4 24 | tab_width=8 25 | end_of_line=lf 26 | charset=utf-8 27 | trim_trailing_whitespace=true 28 | insert_final_newline=true 29 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | /target 3 | **/*.rs.bk 4 | Cargo.lock 5 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: rust 2 | rust: 3 | - stable 4 | - beta 5 | - nightly 6 | install: 7 | - rustup toolchain install nightly-2019-10-13 8 | - rustup component add rustfmt --toolchain nightly-2019-10-13 9 | - rustup component add clippy --toolchain nightly-2019-10-13 10 | script: 11 | - cargo +nightly-2019-10-13 fmt -- --check 12 | - cargo +nightly-2019-10-13 clippy --all --all-targets -- -D warnings 13 | - RUST_BACKTRACE=1 cargo test --verbose 14 | matrix: 15 | allow_failures: 16 | - rust: nightly 17 | fast_finish: true 18 | cache: cargo 19 | git: 20 | depth: 1 21 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cuckoo" 3 | version = "0.1.0" 4 | license = "MIT" 5 | authors = ["CodeChain Team "] 6 | 7 | [dependencies] 8 | byteorder = "1.2.3" 9 | rust-crypto = "0.2.36" 10 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2018 Kodebox, Inc. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Rust Cuckoo Cycle [![Build Status](https://travis-ci.org/CodeChain-io/rust-cuckoo.svg?branch=master)](https://travis-ci.org/CodeChain-io/rust-cuckoo) 2 | 3 | [Cuckoo Cycle](https://github.com/tromp/cuckoo) implementation in Rust. 4 | -------------------------------------------------------------------------------- /rust-toolchain: -------------------------------------------------------------------------------- 1 | 1.38.0 2 | -------------------------------------------------------------------------------- /rustfmt.toml: -------------------------------------------------------------------------------- 1 | indent_style = "Block" 2 | use_small_heuristics = "Off" # "Default" 3 | binop_separator = "Front" 4 | # combine_control_expr = true 5 | comment_width = 120 # 80 6 | condense_wildcard_suffixes = true # false 7 | control_brace_style = "AlwaysSameLine" 8 | # disable_all_formatting = false 9 | error_on_line_overflow = false # true 10 | # error_on_unformatted = false 11 | fn_args_layout = "Tall" 12 | brace_style = "PreferSameLine" # "SameLineWhere" 13 | empty_item_single_line = true 14 | enum_discrim_align_threshold = 0 15 | fn_single_line = false 16 | # where_single_line = false 17 | force_explicit_abi = true 18 | format_strings = false 19 | format_macro_matchers = false 20 | format_macro_bodies = true 21 | hard_tabs = false 22 | imports_indent = "Block" # "Visual" 23 | imports_layout = "Mixed" 24 | merge_imports = false 25 | match_block_trailing_comma = false 26 | max_width = 120 # 100 27 | merge_derives = true 28 | # force_multiline_blocks = false 29 | newline_style = "Unix" 30 | normalize_comments = false 31 | remove_nested_parens = true 32 | reorder_imports = true 33 | reorder_modules = true 34 | # reorder_impl_items = false 35 | # report_todo = "Never" 36 | # report_fixme = "Never" 37 | # skip_children = false 38 | space_after_colon = true 39 | space_before_colon = false 40 | struct_field_align_threshold = 0 41 | spaces_around_ranges = false 42 | ## struct_lit_single_line = true 43 | tab_spaces = 4 44 | trailing_comma = "Vertical" 45 | trailing_semicolon = false # true 46 | # type_punctuation_density = "Wide" 47 | use_field_init_shorthand = true # false 48 | use_try_shorthand = true # false 49 | # format_code_in_doc_comments = false 50 | wrap_comments = false 51 | match_arm_blocks = true 52 | overflow_delimited_expr = true 53 | blank_lines_upper_bound = 2 # 1 54 | blank_lines_lower_bound = 0 55 | # required_version 56 | hide_parse_errors = false 57 | color = "Always" # "Auto" 58 | unstable_features = false 59 | # license_template_path 60 | # ignore 61 | edition = "2018" 62 | # version 63 | normalize_doc_attributes = true # false 64 | inline_attribute_width = 0 65 | -------------------------------------------------------------------------------- /src/lib.rs: -------------------------------------------------------------------------------- 1 | extern crate byteorder; 2 | extern crate crypto; 3 | 4 | mod sip; 5 | 6 | use std::collections::HashMap; 7 | 8 | use byteorder::{ByteOrder, NativeEndian}; 9 | use crypto::blake2b::Blake2b; 10 | use crypto::digest::Digest; 11 | 12 | use sip::CuckooSip; 13 | 14 | pub struct Cuckoo { 15 | max_vertex: usize, 16 | max_edge: usize, 17 | cycle_length: usize, 18 | } 19 | 20 | impl Cuckoo { 21 | pub fn new(max_vertex: usize, max_edge: usize, cycle_length: usize) -> Self { 22 | Self { 23 | max_vertex, 24 | max_edge, 25 | cycle_length, 26 | } 27 | } 28 | 29 | pub fn verify(&self, message: &[u8], proof: &[u32]) -> bool { 30 | if proof.len() != self.cycle_length { 31 | return false 32 | } 33 | 34 | // Check if proof values are in valid range 35 | if proof.iter().any(|i| *i >= self.max_edge as u32) { 36 | return false 37 | } 38 | 39 | let keys = { 40 | let mut blake_hasher = Blake2b::new(32); 41 | let mut result = vec![0u8; 32]; 42 | blake_hasher.input(message); 43 | blake_hasher.result(&mut result); 44 | 45 | [ 46 | NativeEndian::read_u64(&result[0..8]).to_le(), 47 | NativeEndian::read_u64(&result[8..16]).to_le(), 48 | NativeEndian::read_u64(&result[16..24]).to_le(), 49 | NativeEndian::read_u64(&result[24..32]).to_le(), 50 | ] 51 | }; 52 | 53 | let mut from_upper: HashMap<_, Vec<_>> = HashMap::new(); 54 | let mut from_lower: HashMap<_, Vec<_>> = HashMap::new(); 55 | for (u, v) in proof.iter().map(|i| self.edge(&keys, *i)) { 56 | from_upper.entry(u).or_default().push(v); 57 | from_lower.entry(v).or_default().push(u); 58 | } 59 | if from_upper.values().any(|list| list.len() != 2) { 60 | return false 61 | } 62 | if from_lower.values().any(|list| list.len() != 2) { 63 | return false 64 | } 65 | 66 | let mut cycle_length = 0; 67 | let mut cur_edge = self.edge(&keys, proof[0]); 68 | let start = cur_edge.0; 69 | loop { 70 | let next_lower = *from_upper[&cur_edge.0].iter().find(|v| **v != cur_edge.1).unwrap(); 71 | let next_upper = *from_lower[&next_lower].iter().find(|u| **u != cur_edge.0).unwrap(); 72 | cur_edge = (next_upper, next_lower); 73 | cycle_length += 2; 74 | 75 | if start == cur_edge.0 { 76 | break 77 | } 78 | } 79 | cycle_length == self.cycle_length 80 | } 81 | 82 | pub fn solve(&self, message: &[u8]) -> Option> { 83 | let mut graph = vec![0; self.max_vertex].into_boxed_slice(); 84 | let keys = { 85 | let mut blake_hasher = Blake2b::new(32); 86 | let mut result = vec![0u8; 32]; 87 | blake_hasher.input(message); 88 | blake_hasher.result(&mut result); 89 | 90 | [ 91 | NativeEndian::read_u64(&result[0..8]).to_le(), 92 | NativeEndian::read_u64(&result[8..16]).to_le(), 93 | NativeEndian::read_u64(&result[16..24]).to_le(), 94 | NativeEndian::read_u64(&result[24..32]).to_le(), 95 | ] 96 | }; 97 | 98 | for nonce in 0..self.max_edge { 99 | let (u, v) = { 100 | let edge = self.edge(&keys, nonce as u32); 101 | #[allow(clippy::identity_op)] 102 | (2 * edge.0 + 0, 2 * edge.1 + 1) 103 | }; 104 | if u == 0 { 105 | continue 106 | } 107 | let path_u = Cuckoo::path(&graph, u); 108 | let path_v = Cuckoo::path(&graph, v); 109 | if path_u.last().unwrap() == path_v.last().unwrap() { 110 | let common = path_u.iter().rev().zip(path_v.iter().rev()).take_while(|(u, v)| u == v).count(); 111 | if (path_u.len() - common) + (path_v.len() - common) + 1 == self.cycle_length { 112 | let mut cycle: Vec<_> = { 113 | let mut list = Vec::new(); 114 | list.extend(path_u.iter().take(path_u.len() - common + 1)); 115 | list.extend(path_v.iter().rev().skip(common)); 116 | list.push(u); 117 | list.windows(2).map(|edge| (edge[0], edge[1])).collect() 118 | }; 119 | let mut result = Vec::new(); 120 | for n in 0..self.max_edge { 121 | let cur_edge = { 122 | let edge = self.edge(&keys, n as u32); 123 | #[allow(clippy::identity_op)] 124 | (2 * edge.0 + 0, 2 * edge.1 + 1) 125 | }; 126 | for i in 0..cycle.len() { 127 | let cycle_edge = cycle[i]; 128 | if cycle_edge == cur_edge || (cycle_edge.1, cycle_edge.0) == cur_edge { 129 | result.push(n as u32); 130 | cycle.remove(i); 131 | break 132 | } 133 | } 134 | } 135 | return Some(result) 136 | } 137 | } else if path_u.len() < path_v.len() { 138 | for edge in path_u.windows(2) { 139 | graph[edge[1] as usize] = edge[0]; 140 | } 141 | graph[u as usize] = v; 142 | } else { 143 | for edge in path_v.windows(2) { 144 | graph[edge[1] as usize] = edge[0]; 145 | } 146 | graph[v as usize] = u; 147 | } 148 | } 149 | None 150 | } 151 | 152 | fn path(graph: &[u64], start: u64) -> Vec { 153 | let mut node = start; 154 | let mut path = vec![start]; 155 | loop { 156 | node = graph[node as usize]; 157 | if node != 0 { 158 | path.push(node); 159 | } else { 160 | break 161 | } 162 | } 163 | path 164 | } 165 | 166 | fn edge(&self, keys: &[u64; 4], index: u32) -> (u64, u64) { 167 | let hasher = CuckooSip::new(keys[0], keys[1], keys[2], keys[3]); 168 | #[allow(clippy::identity_op)] 169 | let upper = hasher.hash(2 * (index as u64) + 0) % ((self.max_vertex as u64) / 2); 170 | let lower = hasher.hash(2 * (index as u64) + 1) % ((self.max_vertex as u64) / 2); 171 | 172 | (upper, lower) 173 | } 174 | } 175 | 176 | #[cfg(test)] 177 | mod test { 178 | use super::Cuckoo; 179 | 180 | const TESTSET: [([u8; 80], [u32; 6]); 3] = [ 181 | ( 182 | [ 183 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185 | 0, 0, 0, 0, 0, 0, 0, 0, 0x1c, 0, 0, 0, 186 | ], 187 | [0, 1, 2, 4, 5, 6], 188 | ), 189 | ( 190 | [ 191 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 192 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 193 | 0, 0, 0, 0, 0, 0, 0, 0, 0x36, 0, 0, 0, 194 | ], 195 | [0, 1, 2, 3, 4, 7], 196 | ), 197 | ( 198 | [ 199 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 200 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 201 | 0, 0, 0, 0, 0, 0, 0, 0, 0xf6, 0, 0, 0, 202 | ], 203 | [0, 1, 2, 4, 5, 7], 204 | ), 205 | ]; 206 | 207 | #[test] 208 | fn solve_cuckoo() { 209 | let cuckoo = Cuckoo::new(16, 8, 6); 210 | for (message, proof) in TESTSET.iter() { 211 | assert_eq!(cuckoo.solve(message).unwrap(), proof); 212 | } 213 | } 214 | 215 | #[test] 216 | fn verify_cuckoo() { 217 | let cuckoo = Cuckoo::new(16, 8, 6); 218 | for (message, proof) in TESTSET.iter() { 219 | assert!(cuckoo.verify(message, proof)); 220 | } 221 | } 222 | } 223 | -------------------------------------------------------------------------------- /src/sip.rs: -------------------------------------------------------------------------------- 1 | pub struct CuckooSip { 2 | keys: [u64; 4], 3 | } 4 | 5 | impl CuckooSip { 6 | pub fn new(key0: u64, key1: u64, key2: u64, key3: u64) -> Self { 7 | Self { 8 | keys: [key0, key1, key2, key3], 9 | } 10 | } 11 | 12 | pub fn hash(&self, val: u64) -> u64 { 13 | let mut v0 = self.keys[0]; 14 | let mut v1 = self.keys[1]; 15 | let mut v2 = self.keys[2]; 16 | let mut v3 = self.keys[3] ^ val; 17 | CuckooSip::sipround(&mut v0, &mut v1, &mut v2, &mut v3); 18 | CuckooSip::sipround(&mut v0, &mut v1, &mut v2, &mut v3); 19 | v0 ^= val; 20 | v2 ^= 0xff; 21 | CuckooSip::sipround(&mut v0, &mut v1, &mut v2, &mut v3); 22 | CuckooSip::sipround(&mut v0, &mut v1, &mut v2, &mut v3); 23 | CuckooSip::sipround(&mut v0, &mut v1, &mut v2, &mut v3); 24 | CuckooSip::sipround(&mut v0, &mut v1, &mut v2, &mut v3); 25 | 26 | v0 ^ v1 ^ v2 ^ v3 27 | } 28 | 29 | fn sipround(v0: &mut u64, v1: &mut u64, v2: &mut u64, v3: &mut u64) { 30 | *v0 = v0.wrapping_add(*v1); 31 | *v2 = v2.wrapping_add(*v3); 32 | *v1 = v1.rotate_left(13); 33 | 34 | *v3 = v3.rotate_left(16); 35 | *v1 ^= *v0; 36 | *v3 ^= *v2; 37 | 38 | *v0 = v0.rotate_left(32); 39 | *v2 = v2.wrapping_add(*v1); 40 | *v0 = v0.wrapping_add(*v3); 41 | 42 | *v1 = v1.rotate_left(17); 43 | *v3 = v3.rotate_left(21); 44 | 45 | *v1 ^= *v2; 46 | *v3 ^= *v0; 47 | *v2 = v2.rotate_left(32); 48 | } 49 | } 50 | --------------------------------------------------------------------------------