update

aptos-move/framework/aptos-stdlib/doc/ristretto255_bulletproofs.md

@@ -9,6 +9,10 @@ A Bulletproof-based zero-knowledge range proof is a proof that a Pedersen commit
 $c = v G + r H$ commits to an $n$-bit value $v$ (i.e., $v \in [0, 2^n)$). Currently, this module only supports
 $n \in \{8, 16, 32, 64\}$ for the number of bits.
 
+The module also supports batch range proofs, allowing verification of multiple commitments in a single proof.
+Each commitment in the batch must satisfy the same range constraint $v \in [0, 2^n)$, and the supported batch
+sizes are limited to $\{1, 2, 4, 8, 16\}$.
+
 
 -  [Struct `RangeProof`](#0x1_ristretto255_bulletproofs_RangeProof)
 -  [Constants](#@Constants_0)
@@ -17,7 +21,10 @@ $n \in \{8, 16, 32, 64\}$ for the number of bits.
 -  [Function `range_proof_to_bytes`](#0x1_ristretto255_bulletproofs_range_proof_to_bytes)
 -  [Function `verify_range_proof_pedersen`](#0x1_ristretto255_bulletproofs_verify_range_proof_pedersen)
 -  [Function `verify_range_proof`](#0x1_ristretto255_bulletproofs_verify_range_proof)
+-  [Function `verify_batch_range_proof_pedersen`](#0x1_ristretto255_bulletproofs_verify_batch_range_proof_pedersen)
+-  [Function `verify_batch_range_proof`](#0x1_ristretto255_bulletproofs_verify_batch_range_proof)
 -  [Function `verify_range_proof_internal`](#0x1_ristretto255_bulletproofs_verify_range_proof_internal)
+-  [Function `verify_batch_range_proof_internal`](#0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal)
 -  [Specification](#@Specification_1)
     -  [Function `verify_range_proof_internal`](#@Specification_1_verify_range_proof_internal)
 
@@ -74,12 +81,12 @@ The native functions have not been rolled out yet.
 
 
 
-<a id="0x1_ristretto255_bulletproofs_E_DESERIALIZE_RANGE_PROOF"></a>
+<a id="0x1_ristretto255_bulletproofs_E_BATCH_SIZE_NOT_SUPPORTED"></a>
 
-There was an error deserializing the range proof.
+The range proof system only supports batch sizes of 1, 2, 4, 8, and 16.
 
 
-<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_DESERIALIZE_RANGE_PROOF">E_DESERIALIZE_RANGE_PROOF</a>: u64 = 1;
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_BATCH_SIZE_NOT_SUPPORTED">E_BATCH_SIZE_NOT_SUPPORTED</a>: u64 = 3;
 </code></pre>
 
 
@@ -89,7 +96,7 @@ There was an error deserializing the range proof.
 The range proof system only supports proving ranges of type $[0, 2^b)$ where $b \in \{8, 16, 32, 64\}$.
 
 
-<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>: u64 = 3;
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>: u64 = 2;
 </code></pre>
 
 
@@ -99,7 +106,17 @@ The range proof system only supports proving ranges of type $[0, 2^b)$ where $b
 The committed value given to the prover is too large.
 
 
-<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VALUE_OUTSIDE_RANGE">E_VALUE_OUTSIDE_RANGE</a>: u64 = 2;
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VALUE_OUTSIDE_RANGE">E_VALUE_OUTSIDE_RANGE</a>: u64 = 1;
+</code></pre>
+
+
+
+<a id="0x1_ristretto255_bulletproofs_E_VECTOR_LENGTHS_MISMATCH"></a>
+
+The vector lengths of values and blinding factors do not match.
+
+
+<pre><code><b>const</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VECTOR_LENGTHS_MISMATCH">E_VECTOR_LENGTHS_MISMATCH</a>: u64 = 4;
 </code></pre>
 
 
@@ -265,14 +282,89 @@ for some randomness <code>r</code>) satisfies <code>v</code> in <code>[0, 2^num_
 
 
 
+</details>
+
+<a id="0x1_ristretto255_bulletproofs_verify_batch_range_proof_pedersen"></a>
+
+## Function `verify_batch_range_proof_pedersen`
+
+Verifies a zero-knowledge range proof for a batch of Pedersen commitments <code>comms</code>, ensuring that all values
+<code>v</code> satisfy <code>v</code> in <code>[0, 2^num_bits)</code>.
+Only works for <code>num_bits</code> in <code>{8, 16, 32, 64}</code> and batch size (length of <code>comms</code>) in <code>{1, 2, 4, 8, 16}</code>.
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_pedersen">verify_batch_range_proof_pedersen</a>(comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;<a href="ristretto255_pedersen.md#0x1_ristretto255_pedersen_Commitment">ristretto255_pedersen::Commitment</a>&gt;, proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">ristretto255_bulletproofs::RangeProof</a>, num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_pedersen">verify_batch_range_proof_pedersen</a>(
+    comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;pedersen::Commitment&gt;, proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">RangeProof</a>,
+    num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
+{
+    <b>assert</b>!(<a href="../../move-stdlib/doc/features.md#0x1_features_bulletproofs_batch_enabled">features::bulletproofs_batch_enabled</a>(), <a href="../../move-stdlib/doc/error.md#0x1_error_invalid_state">error::invalid_state</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_NATIVE_FUN_NOT_AVAILABLE">E_NATIVE_FUN_NOT_AVAILABLE</a>));
+
+    <b>let</b> comms = std::vector::map_ref(comms, |com| <a href="ristretto255.md#0x1_ristretto255_point_to_bytes">ristretto255::point_to_bytes</a>(&pedersen::commitment_as_compressed_point(com)));
+
+    <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal">verify_batch_range_proof_internal</a>(
+        comms,
+        &<a href="ristretto255.md#0x1_ristretto255_basepoint">ristretto255::basepoint</a>(), &<a href="ristretto255.md#0x1_ristretto255_hash_to_point_base">ristretto255::hash_to_point_base</a>(),
+        proof.bytes, num_bits, dst
+    )
+}
+</code></pre>
+
+
+
+</details>
+
+<a id="0x1_ristretto255_bulletproofs_verify_batch_range_proof"></a>
+
+## Function `verify_batch_range_proof`
+
+<code>v * val_base + r * rand_base</code>), ensuring that all values <code>v</code> satisfy
+<code>v</code> in <code>[0, 2^num_bits)</code>. Only works for <code>num_bits</code> in <code>{8, 16, 32, 64}</code> and batch size
+(length of the <code>comms</code>) in <code>{1, 2, 4, 8, 16}</code>.
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof">verify_batch_range_proof</a>(comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;<a href="ristretto255_pedersen.md#0x1_ristretto255_pedersen_Commitment">ristretto255_pedersen::Commitment</a>&gt;, val_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, rand_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">ristretto255_bulletproofs::RangeProof</a>, num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof">verify_batch_range_proof</a>(
+    comms: &<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;pedersen::Commitment&gt;,
+    val_base: &RistrettoPoint, rand_base: &RistrettoPoint,
+    proof: &<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_RangeProof">RangeProof</a>, num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
+{
+    <b>assert</b>!(<a href="../../move-stdlib/doc/features.md#0x1_features_bulletproofs_batch_enabled">features::bulletproofs_batch_enabled</a>(), <a href="../../move-stdlib/doc/error.md#0x1_error_invalid_state">error::invalid_state</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_NATIVE_FUN_NOT_AVAILABLE">E_NATIVE_FUN_NOT_AVAILABLE</a>));
+
+    <b>let</b> comms = std::vector::map_ref(comms, |com| <a href="ristretto255.md#0x1_ristretto255_point_to_bytes">ristretto255::point_to_bytes</a>(&pedersen::commitment_as_compressed_point(com)));
+
+    <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal">verify_batch_range_proof_internal</a>(
+        comms,
+        val_base, rand_base,
+        proof.bytes, num_bits, dst
+    )
+}
+</code></pre>
+
+
+
 </details>
 
 <a id="0x1_ristretto255_bulletproofs_verify_range_proof_internal"></a>
 
 ## Function `verify_range_proof_internal`
 
-Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_DESERIALIZE_RANGE_PROOF">E_DESERIALIZE_RANGE_PROOF</a>)</code> if <code>proof</code> is not a valid serialization of a
-range proof.
 Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>)</code> if an unsupported <code>num_bits</code> is provided.
 
 
@@ -296,6 +388,37 @@ Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argu
 
 
 
+</details>
+
+<a id="0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal"></a>
+
+## Function `verify_batch_range_proof_internal`
+
+Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_RANGE_NOT_SUPPORTED">E_RANGE_NOT_SUPPORTED</a>)</code> if an unsupported <code>num_bits</code> is provided.
+Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_BATCH_SIZE_NOT_SUPPORTED">E_BATCH_SIZE_NOT_SUPPORTED</a>)</code> if an unsupported batch size is provided.
+Aborts with <code><a href="../../move-stdlib/doc/error.md#0x1_error_invalid_argument">error::invalid_argument</a>(<a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_E_VECTOR_LENGTHS_MISMATCH">E_VECTOR_LENGTHS_MISMATCH</a>)</code> if the vector lengths of <code>comms</code> and <code>proof</code> do not match.
+
+
+<pre><code><b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal">verify_batch_range_proof_internal</a>(comms: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;&gt;, val_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, rand_base: &<a href="ristretto255.md#0x1_ristretto255_RistrettoPoint">ristretto255::RistrettoPoint</a>, proof: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;, num_bits: u64, dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>native</b> <b>fun</b> <a href="ristretto255_bulletproofs.md#0x1_ristretto255_bulletproofs_verify_batch_range_proof_internal">verify_batch_range_proof_internal</a>(
+    comms: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;<a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;&gt;,
+    val_base: &RistrettoPoint,
+    rand_base: &RistrettoPoint,
+    proof: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
+    num_bits: u64,
+    dst: <a href="../../move-stdlib/doc/vector.md#0x1_vector">vector</a>&lt;u8&gt;): bool;
+</code></pre>
+
+
+
 </details>
 
 <a id="@Specification_1"></a>

aptos-move/framework/move-stdlib/doc/features.md

@@ -139,6 +139,8 @@ return true.
 -  [Function `is_permissioned_signer_enabled`](#0x1_features_is_permissioned_signer_enabled)
 -  [Function `get_account_abstraction_feature`](#0x1_features_get_account_abstraction_feature)
 -  [Function `is_account_abstraction_enabled`](#0x1_features_is_account_abstraction_enabled)
+-  [Function `get_bulletproofs_batch_feature`](#0x1_features_get_bulletproofs_batch_feature)
+-  [Function `bulletproofs_batch_enabled`](#0x1_features_bulletproofs_batch_enabled)
 -  [Function `change_feature_flags`](#0x1_features_change_feature_flags)
 -  [Function `change_feature_flags_internal`](#0x1_features_change_feature_flags_internal)
 -  [Function `change_feature_flags_for_next_epoch`](#0x1_features_change_feature_flags_for_next_epoch)
@@ -326,6 +328,17 @@ Lifetime: transient
 
 
 
+<a id="0x1_features_BULLETPROOFS_BATCH_NATIVES"></a>
+
+Whether the batch Bulletproofs native functions are available. This is needed because of the introduction of a new native function.
+Lifetime: transient
+
+
+<pre><code><b>const</b> <a href="features.md#0x1_features_BULLETPROOFS_BATCH_NATIVES">BULLETPROOFS_BATCH_NATIVES</a>: u64 = 87;
+</code></pre>
+
+
+
 <a id="0x1_features_BULLETPROOFS_NATIVES"></a>
 
 Whether the Bulletproofs zero-knowledge range proof module is enabled, and the related native function is
@@ -3447,6 +3460,52 @@ Deprecated feature
 
 
 
+</details>
+
+<a id="0x1_features_get_bulletproofs_batch_feature"></a>
+
+## Function `get_bulletproofs_batch_feature`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_bulletproofs_batch_feature">get_bulletproofs_batch_feature</a>(): u64
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_bulletproofs_batch_feature">get_bulletproofs_batch_feature</a>(): u64 { <a href="features.md#0x1_features_BULLETPROOFS_BATCH_NATIVES">BULLETPROOFS_BATCH_NATIVES</a> }
+</code></pre>
+
+
+
+</details>
+
+<a id="0x1_features_bulletproofs_batch_enabled"></a>
+
+## Function `bulletproofs_batch_enabled`
+
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_bulletproofs_batch_enabled">bulletproofs_batch_enabled</a>(): bool
+</code></pre>
+
+
+
+<details>
+<summary>Implementation</summary>
+
+
+<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_bulletproofs_batch_enabled">bulletproofs_batch_enabled</a>(): bool <b>acquires</b> <a href="features.md#0x1_features_Features">Features</a> {
+    <a href="features.md#0x1_features_is_enabled">is_enabled</a>(<a href="features.md#0x1_features_BULLETPROOFS_BATCH_NATIVES">BULLETPROOFS_BATCH_NATIVES</a>)
+}
+</code></pre>
+
+
+
 </details>
 
 <a id="0x1_features_change_feature_flags"></a>

crates/aptos-crypto/src/secp256r1_ecdsa/secp256r1_ecdsa_sigs.rs

@@ -35,19 +35,6 @@ impl Signature {
 
     /// Deserialize an P256Signature, without checking for malleability
     /// Uses the SEC1 serialization format.
-    #[cfg(not(feature = "fuzzing"))]
-    pub(crate) fn from_bytes_unchecked(
-        bytes: &[u8],
-    ) -> std::result::Result<Signature, CryptoMaterialError> {
-        match p256::ecdsa::Signature::try_from(bytes) {
-            Ok(p256_signature) => Ok(Signature(p256_signature)),
-            Err(_) => Err(CryptoMaterialError::DeserializationError),
-        }
-    }
-
-    /// Deserialize an P256Signature, without checking for malleability
-    /// Uses the SEC1 serialization format.
-    #[cfg(any(test, feature = "fuzzing"))]
     pub fn from_bytes_unchecked(
         bytes: &[u8],
     ) -> std::result::Result<Signature, CryptoMaterialError> {