Documentation
¶
Index ¶
- Variables
- func CommitG1(ec elliptic.Curve, x, r *big.Int, h *curve.Point) (*curve.Point, error)
- func Decompose(x *big.Int, u int64, l int64) ([]int64, error)
- func HashBP(ha gost3410.HashAlgorithm, A, S *curve.Point) (*big.Int, *big.Int, error)
- func IsPowerOfTwo(x int64) bool
- func ScalarProduct(ec elliptic.Curve, a, b []*big.Int) (*big.Int, error)
- func SetupGeneric(context *gost3410.Context, a, b int64) (*bprp, error)
- func VectorAdd(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)
- func VectorConvertToBig(a []int64, n int64) ([]*big.Int, error)
- func VectorCopy(a *big.Int, n int64) ([]*big.Int, error)
- func VectorECAdd(ec elliptic.Curve, a, b []*curve.Point) ([]*curve.Point, error)
- func VectorExp(ec elliptic.Curve, a []*curve.Point, b []*big.Int) (*curve.Point, error)
- func VectorMul(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)
- func VectorScalarMul(ec elliptic.Curve, a []*big.Int, b *big.Int) ([]*big.Int, error)
- func VectorSub(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)
- type BulletProof
- type BulletProofSetupParams
- type InnerProductParams
- type InnerProductProof
- type MPCPContext
- type ProofBPRP
Constants ¶
This section is empty.
Variables ¶
var MAX_RANGE_END int64 = 4294967296 // 2**32
var MAX_RANGE_END_EXPONENT = 32 // 2**32
var SEEDH = "BulletproofsDoesNotNeedTrustedSetupH"
var SEEDU = "BulletproofsDoesNotNeedTrustedSetupU"
Functions ¶
func CommitG1 ¶
CommitG1 method corresponds to the Pedersen commitment scheme. Namely, given input message x, and randomness r, it outputs g^x.h^r.
func Decompose ¶
Decompose receives as input a bigint x and outputs an array of integers such that x = sum(xi.u^i), i.e. it returns the decomposition of x into base u.
func IsPowerOfTwo ¶
IsPowerOfTwo returns true for arguments that are a power of 2, false otherwise. https://stackoverflow.com/a/600306/844313
func ScalarProduct ¶
ScalarProduct return the inner product between a and b.
func SetupGeneric ¶
SetupGeneric is responsible for calling the Setup algorithm for each BulletProof.
func VectorConvertToBig ¶
VectorConvertToBig converts an array of int64 to an array of big.Int.
func VectorCopy ¶
VectorCopy returns a vector composed by copies of a.
func VectorECAdd ¶
VectorECMul computes vector EC addition componentwisely.
func VectorScalarMul ¶
VectorScalarMul computes vector scalar multiplication componentwisely.
Types ¶
type BulletProof ¶
type BulletProof struct {
V *curve.Point
A *curve.Point
S *curve.Point
T1 *curve.Point
T2 *curve.Point
Taux *big.Int
Mu *big.Int
Tprime *big.Int
InnerProductProof InnerProductProof
Commit *curve.Point
Params BulletProofSetupParams
}
BulletProofs structure contains the elements that are necessary for the verification of the Zero Knowledge Proof.
func AggregateProofs ¶
func AggregateProofs(inContext *MPCPContext, tauxs []*big.Int, params BulletProofSetupParams) (BulletProof, error)
func Prove ¶
func Prove(context *gost3410.Context, secret *big.Int, params BulletProofSetupParams) (BulletProof, error)
Prove computes the ZK rangeproof. The documentation and comments are based on eprint version of Bulletproofs papers: https://eprint.iacr.org/2017/1066.pdf
func (*BulletProof) Verify ¶
func (proof *BulletProof) Verify(context *gost3410.Context) (bool, error)
Verify returns true if and only if the proof is valid.
type BulletProofSetupParams ¶
type BulletProofSetupParams struct {
// N is the bit-length of the range.
N int64
// G is the Elliptic Curve generator.
G *curve.Point
// H is a new generator, computed using MapToGroup function,
// such that there is no discrete logarithm relation with G.
H *curve.Point
// Gg and Hh are sets of new generators obtained using MapToGroup.
// They are used to compute Pedersen Vector Commitments.
Gg []*curve.Point
Hh []*curve.Point
// InnerProductParams is the setup parameters for the inner product proof.
InnerProductParams InnerProductParams
}
BulletProofSetupParams is the structure that stores the parameters for the Zero Knowledge Proof system.
func Setup ¶
func Setup(context *gost3410.Context, b int64) (BulletProofSetupParams, error)
SetupInnerProduct is responsible for computing the common parameters. Only works for ranges to 0 to 2^n, where n is a power of 2 and n <= 32 TODO: allow n > 32 (need uint64 for that).
type InnerProductParams ¶
type InnerProductParams struct {
N int64
Cc *big.Int
Uu *curve.Point
H *curve.Point
Gg []*curve.Point
Hh []*curve.Point
P *curve.Point
}
InnerProductParams contains elliptic curve generators used to compute Pedersen commitments.
type InnerProductProof ¶
type InnerProductProof struct {
N int64
Ls []*curve.Point
Rs []*curve.Point
U *curve.Point
P *curve.Point
Gg *curve.Point
Hh *curve.Point
A *big.Int
B *big.Int
Params InnerProductParams
}
InnerProductProof contains the elements used to verify the Inner Product Proof.
func (InnerProductProof) Verify ¶
func (proof InnerProductProof) Verify(context *gost3410.Context) (bool, error)
Verify is responsible for the verification of the Inner Product Proof.
type MPCPContext ¶
type MPCPContext struct {
V *curve.Point
A *curve.Point
S *curve.Point
T1 *curve.Point
T2 *curve.Point
Mu *big.Int
Tprime *big.Int
InnerProductProof InnerProductProof
Commit *curve.Point
// contains filtered or unexported fields
}
func PartialPreProve ¶
func PartialPreProve(context *gost3410.Context, params BulletProofSetupParams) (mpcpContext *MPCPContext, publicTau1 *curve.Point, publicTau2 *curve.Point)
func PartialProve ¶
func PartialProve(context *gost3410.Context, secret *big.Int, gamma *big.Int, inContext *MPCPContext, publicTau1s []*curve.Point, publicTau2s []*curve.Point, params BulletProofSetupParams) (outContext *MPCPContext, taux *big.Int, err error)
type ProofBPRP ¶
type ProofBPRP struct {
P1 BulletProof
P2 BulletProof
}
ProofBPRP stores the generic ZKRP.
func ProveGeneric ¶
BulletProof only works for interval in the format [0, 2^N). In order to allow generic intervals in the format [A, B) it is necessary to use 2 BulletProofs, as explained in Section 4.3 from the following paper: https://infoscience.epfl.ch/record/128718/files/CCS08.pdf
Source Files