Documentation ¶
Index ¶
- Variables
- func CommitG1(ec elliptic.Curve, x, r *big.Int, h *curve.Point) (*curve.Point, error)
- func Decompose(x *big.Int, u int64, l int64) ([]int64, error)
- func HashBP(ha gost3410.HashAlgorithm, A, S *curve.Point) (*big.Int, *big.Int, error)
- func IsPowerOfTwo(x int64) bool
- func ScalarProduct(ec elliptic.Curve, a, b []*big.Int) (*big.Int, error)
- func SetupGeneric(context *gost3410.Context, a, b int64) (*bprp, error)
- func VectorAdd(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)
- func VectorConvertToBig(a []int64, n int64) ([]*big.Int, error)
- func VectorCopy(a *big.Int, n int64) ([]*big.Int, error)
- func VectorECAdd(ec elliptic.Curve, a, b []*curve.Point) ([]*curve.Point, error)
- func VectorExp(ec elliptic.Curve, a []*curve.Point, b []*big.Int) (*curve.Point, error)
- func VectorMul(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)
- func VectorScalarMul(ec elliptic.Curve, a []*big.Int, b *big.Int) ([]*big.Int, error)
- func VectorSub(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)
- type BulletProof
- type BulletProofSetupParams
- type InnerProductParams
- type InnerProductProof
- type MPCPContext
- type ProofBPRP
Constants ¶
This section is empty.
Variables ¶
var MAX_RANGE_END int64 = 4294967296 // 2**32
var MAX_RANGE_END_EXPONENT = 32 // 2**32
var SEEDH = "BulletproofsDoesNotNeedTrustedSetupH"
var SEEDU = "BulletproofsDoesNotNeedTrustedSetupU"
Functions ¶
func CommitG1 ¶
CommitG1 method corresponds to the Pedersen commitment scheme. Namely, given input message x, and randomness r, it outputs g^x.h^r.
func Decompose ¶
Decompose receives as input a bigint x and outputs an array of integers such that x = sum(xi.u^i), i.e. it returns the decomposition of x into base u.
func IsPowerOfTwo ¶
IsPowerOfTwo returns true for arguments that are a power of 2, false otherwise. https://stackoverflow.com/a/600306/844313
func ScalarProduct ¶
ScalarProduct return the inner product between a and b.
func SetupGeneric ¶
SetupGeneric is responsible for calling the Setup algorithm for each BulletProof.
func VectorConvertToBig ¶
VectorConvertToBig converts an array of int64 to an array of big.Int.
func VectorCopy ¶
VectorCopy returns a vector composed by copies of a.
func VectorECAdd ¶
VectorECMul computes vector EC addition componentwisely.
func VectorScalarMul ¶
VectorScalarMul computes vector scalar multiplication componentwisely.
Types ¶
type BulletProof ¶
type BulletProof struct { V *curve.Point A *curve.Point S *curve.Point T1 *curve.Point T2 *curve.Point Taux *big.Int Mu *big.Int Tprime *big.Int InnerProductProof InnerProductProof Commit *curve.Point Params BulletProofSetupParams }
BulletProofs structure contains the elements that are necessary for the verification of the Zero Knowledge Proof.
func AggregateProofs ¶
func AggregateProofs(inContext *MPCPContext, tauxs []*big.Int, params BulletProofSetupParams) (BulletProof, error)
func Prove ¶
func Prove(context *gost3410.Context, secret *big.Int, params BulletProofSetupParams) (BulletProof, error)
Prove computes the ZK rangeproof. The documentation and comments are based on eprint version of Bulletproofs papers: https://eprint.iacr.org/2017/1066.pdf
func (*BulletProof) Verify ¶
func (proof *BulletProof) Verify(context *gost3410.Context) (bool, error)
Verify returns true if and only if the proof is valid.
type BulletProofSetupParams ¶
type BulletProofSetupParams struct { // N is the bit-length of the range. N int64 // G is the Elliptic Curve generator. G *curve.Point // H is a new generator, computed using MapToGroup function, // such that there is no discrete logarithm relation with G. H *curve.Point // Gg and Hh are sets of new generators obtained using MapToGroup. // They are used to compute Pedersen Vector Commitments. Gg []*curve.Point Hh []*curve.Point // InnerProductParams is the setup parameters for the inner product proof. InnerProductParams InnerProductParams }
BulletProofSetupParams is the structure that stores the parameters for the Zero Knowledge Proof system.
func Setup ¶
func Setup(context *gost3410.Context, b int64) (BulletProofSetupParams, error)
SetupInnerProduct is responsible for computing the common parameters. Only works for ranges to 0 to 2^n, where n is a power of 2 and n <= 32 TODO: allow n > 32 (need uint64 for that).
type InnerProductParams ¶
type InnerProductParams struct { N int64 Cc *big.Int Uu *curve.Point H *curve.Point Gg []*curve.Point Hh []*curve.Point P *curve.Point }
InnerProductParams contains elliptic curve generators used to compute Pedersen commitments.
type InnerProductProof ¶
type InnerProductProof struct { N int64 Ls []*curve.Point Rs []*curve.Point U *curve.Point P *curve.Point Gg *curve.Point Hh *curve.Point A *big.Int B *big.Int Params InnerProductParams }
InnerProductProof contains the elements used to verify the Inner Product Proof.
func (InnerProductProof) Verify ¶
func (proof InnerProductProof) Verify(context *gost3410.Context) (bool, error)
Verify is responsible for the verification of the Inner Product Proof.
type MPCPContext ¶
type MPCPContext struct { V *curve.Point A *curve.Point S *curve.Point T1 *curve.Point T2 *curve.Point Mu *big.Int Tprime *big.Int InnerProductProof InnerProductProof Commit *curve.Point // contains filtered or unexported fields }
func PartialPreProve ¶
func PartialPreProve(context *gost3410.Context, params BulletProofSetupParams) (mpcpContext *MPCPContext, publicTau1 *curve.Point, publicTau2 *curve.Point)
func PartialProve ¶
func PartialProve(context *gost3410.Context, secret *big.Int, gamma *big.Int, inContext *MPCPContext, publicTau1s []*curve.Point, publicTau2s []*curve.Point, params BulletProofSetupParams) (outContext *MPCPContext, taux *big.Int, err error)
type ProofBPRP ¶
type ProofBPRP struct { P1 BulletProof P2 BulletProof }
ProofBPRP stores the generic ZKRP.
func ProveGeneric ¶
BulletProof only works for interval in the format [0, 2^N). In order to allow generic intervals in the format [A, B) it is necessary to use 2 BulletProofs, as explained in Section 4.3 from the following paper: https://infoscience.epfl.ch/record/128718/files/CCS08.pdf