Update beta size

2026-01-09 21:18:01 -05:00 · 2024-08-16 17:33:02 -04:00
parent 2d99aebe26
commit 52505f3e92
4 changed files with 22 additions and 20 deletions
--- a/src/config.nim
+++ b/src/config.nim
@@ -5,7 +5,7 @@ const
  L* = 3 # Path length
  powSize* = 12 # 4 byte nonce + 8 byte timestamp
  alphaSize* = 32 # Group element
-  betaSize* = 208 # (2r+t)k bytes
+  betaSize* = ((r * (t + 1)) + 1) * k # (r(t+1)+1)k bytes
  gammaSize* = 16 # Output of HMAC-SHA-256, truncated to 16 bytes
  headerSize* = alphaSize + betaSize + gammaSize  # Total header size
  delaySize* = 2 # Delay size
--- a/src/serialization.nim
+++ b/src/serialization.nim
@@ -78,17 +78,17 @@ proc serializeRoutingInfo*(info: RoutingInfo): seq[byte] =
    let addrBytes = serializeHop(info.Addr)
    assert len(info.Delay) == delaySize, "Delay must be exactly " & $delaySize & " bytes"
    assert len(info.Gamma) == gammaSize, "Gamma must be exactly " & $gammaSize & " bytes"
-    assert len(info.Beta) == ((2 * r) - 1) * k, "Beta must be exactly " & $(((2 * r) - 1) * k) & " bytes"
+    assert len(info.Beta) == (((r * (t+1)) - t) * k), "Beta must be exactly " & $(((r * (t+1)) - t) * k) & " bytes"
    
    result = addrBytes & info.Delay & info.Gamma & info.Beta

 proc deserializeRoutingInfo*(data: openArray[byte]): RoutingInfo =
-    assert len(data) == betaSize, "Data must be exactly " & $betaSize & " bytes"
+    assert len(data) == betaSize + ((t + 1) * k), "Data must be exactly " & $(betaSize + ((t + 1) * k)) & " bytes"

    result.Addr = deserializeHop(data[0..addrSize - 1])
    result.Delay = data[addrSize..(addrSize + delaySize - 1)]
    result.Gamma = data[(addrSize + delaySize)..(addrSize + delaySize + gammaSize - 1)]
-    result.Beta = data[(addrSize + delaySize + gammaSize)..^1]
+    result.Beta = data[(addrSize + delaySize + gammaSize)..(((r * (t+1))+t+2) * k) - 1]

 type
    SphinxPacket* = object
--- a/src/sphinx.nim
+++ b/src/sphinx.nim
@@ -58,7 +58,7 @@ proc computeFillerStrings(s: seq[seq[byte]]): seq[byte] =
        let iv = kdf(deriveKeyMaterial("filler_iv", s[i-1]))
        
        # Compute filler string
-        let fillerLength = 2 * k
+        let fillerLength = (t + 1) * k
        let zeroPadding = newSeq[byte](fillerLength)
        filler = aes_ctr(aes_key, iv, filler & zeroPadding)
    return filler
@@ -106,16 +106,13 @@ proc computeBetaGammaDelta(s: seq[seq[byte]], hop: openArray[Hop], msg: Message,

        # Compute Beta and Gamma
        if i == sLen - 1:
-            var paddingLength: int
-            var zeroPadding: seq[byte]
-
-            paddingLength = ((2 * (r - sLen)) + t + 2) * k
-            zeroPadding = newSeq[byte](paddingLength)
+            let paddingLength = (((t + 1) * (r - L)) + t + 2) * k
+            let zeroPadding = newSeq[byte](paddingLength)
            beta = aes_ctr(beta_aes_key, beta_iv, zeroPadding) & filler

            delta = aes_ctr(delta_aes_key, delta_iv, serializeMessage(msg)) 
        else:
-            let routingInfo = initRoutingInfo(hop[i+1], delay, gamma, beta[0..(((2 * r) - 1) * k) - 1])
+            let routingInfo = initRoutingInfo(hop[i+1], delay, gamma, beta[0..(((r * (t+1)) - t) * k) - 1])
            beta = aes_ctr(beta_aes_key, beta_iv, serializeRoutingInfo(routingInfo))

            delta = aes_ctr(delta_aes_key, delta_iv, delta)
@@ -173,20 +170,23 @@ proc processSphinxPacket*(serSphinxPacket: seq[byte], privateKey: FieldElement):
    let delta_prime = aes_ctr(delta_aes_key, delta_iv, payload)

    # Compute B
-    let B = aes_ctr(beta_aes_key, beta_iv, beta)
+    var paddingLength: int
+    var zeroPadding: seq[byte]
+    paddingLength = (t + 1) * k
+    zeroPadding = newSeq[byte](paddingLength)
+    let B = aes_ctr(beta_aes_key, beta_iv, beta & zeroPadding)

-    # Check if B has the required prefix
-    let prefixLength = (2 * (r - L) + t + 2) * k
-    let expectedPrefix = newSeq[byte](prefixLength)
+    # Check if B has the required prefix for the original message
+    paddingLength = (((t + 1) * (r - L)) + t + 2) * k
+    zeroPadding = newSeq[byte](paddingLength)
    
-    if B[0..prefixLength-1] == expectedPrefix:
+    if B[0..paddingLength - 1] == zeroPadding:
        return (Hop(), @[], getMessage(deserializeMessage(delta_prime)), Success)
        
    else:
        # Extract routing information from B
        let routingInfo = deserializeRoutingInfo(B)
        let (address, delay, gamma_prime, beta_prime) = getRoutingInfo(routingInfo)
-        echo B.len, " ", beta_prime.len
        
        # Compute alpha
        let blinder = bytesToFieldElement(sha256_hash(alpha & sBytes))
--- a/tests/test_serialization.nim
+++ b/tests/test_serialization.nim
@@ -31,17 +31,19 @@ suite "serialization_tests":
      initHop(newSeq[byte](addrSize)),
      newSeq[byte](delaySize),
      newSeq[byte](gammaSize),
-      newSeq[byte](((2 * r) - 1) * k)
+      newSeq[byte](((r * (t+1)) - t) * k)
    )
    let serialized = serializeRoutingInfo(routingInfo)
-    let deserialized = deserializeRoutingInfo(serialized)
+    let suffixLength = (t + 1) * k
+    let suffix = newSeq[byte](suffixLength)
+    let deserialized = deserializeRoutingInfo(serialized & suffix)
    let (hop, delay, gamma, beta) = getRoutingInfo(routingInfo)
    let (dHop, dDelay, dGamma, dBeta) = getRoutingInfo(deserialized)

    assert getHop(hop) == getHop(dHop), "Deserialized multiaddress does not match the original multiaddress"
    assert delay == dDelay, "Deserialized delay does not match the original delay"
    assert gamma == dGamma, "Deserialized gamma does not match the original gamma"
-    assert beta == dBeta, "Deserialized beta does not match the original beta"
+    assert beta == dBeta[0..(((r * (t+1)) - t) * k) - 1], "Deserialized beta does not match the original beta"

  test "serialize_and_deserialize_sphinx_packet":
    let header = initHeader(