wyatt-howe
commented
5 months ago Hi! Thanks for using oblivious!
Good catch. There is not a glitch in the type casting of the scalar that the overloaded scalar + scalar addition method returns, because there isn't such a method to begin with, in Ristretto255. Specifically, oblivious.bn254 supports operating over the full ring of scalars, that is, both additive and multiplicative group operations, while oblivious.ristretto only supports the multiplicative ones.
More clearly, oblivious.ristretto.scalar objects can only be multiplied and inverted (s * s or ~s as you've seen), and doing s + s returns a byte string of length 64 (double the length of a 32-byte, 255-bit scalar) from the byte string concatenation.
It's a good catch because, implicitly casting to bytes and concatenation is not the expected behavior by any means. In the next version, we will either have evaluating the expression s + s raise an exception saying "+ is not implemented yet" or simply implement/bring all of BN254's nice scalar arithmetic that is currently lacking from Ristretto255 into oblivious.ristretto for your use.
rashmibhle
When I try to find an inverse of a scalar, it doesn't work as expected while using the Oblivious.ristretto library.
I tried couple of variations to test out the discrepancy in the behavior.
Here are few of those instances:
Some scalar s
s = scalar.hash("s".encode())
The scalars for which I am able to get an inverse: ~(s) ~(s * s)
But, if the scalar is of the form (s + s'), I am not able to get the inverse of it. It throws - TypeError: bad operand type for unary ~: 'bytes'. I also tried using the inverse() method but that failed to work too.
Surprisingly, this error seems to be localised only within the Oblivious.ristretto library. The Oblivious.bn254 works well and behaves as expected.
We tested out these instances on google colab. Adding python code here for reference.
Do let me know if you need more context.