crypto

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2022 License: GPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Bn256 param
View Source 
var G = MapIntoGroup("g")

compute a global generator G instead of BN128 generator g

View Source 
var MAX = new(big.Int).SetInt64(4294967296)
View Source 
var ORDER = BN256().N

Functions

func AggBpProve_s 

func AggBpProve_s(instance *AggBpStatement, wit []*big.Int) (string, error)

generate string proof

func AggBpVerify 

func AggBpVerify(proof *AggBulletProof, instance *AggBpStatement) (bool, error)

verify proof.tHat is valid

func AggBpVerify_s 

func AggBpVerify_s(proof string, instance *AggBpStatement) (bool, error)

the proof input is string

func AggProofMarshal 

func AggProofMarshal(proof *AggBulletProof) (string, error)

aggproof marshal and unmarshal method

func BN256 

func BN256() param

func Bij 

func Bij(i, j uint64) (int64, error)

func CXtilde 

func CXtilde(v, bTf *big.Int, P0 [][]*big.Int, P1 [][]*big.Int, N, m int64, omega []*big.Int, D *bn256.G1, l0, l1 int64) ([]*bn256.G1, error)

compute proof CXk

func CalculatetEval 

func CalculatetEval(T1, T2 *bn256.G1, x *big.Int) *bn256.G1

tEval = T1^x T2^{x^2}

func ComputeAR 

func ComputeAR(x []*big.Int) []*big.Int

aR = aL - 1^n

func ComputeAggDelta 

func ComputeAggDelta(y, z *big.Int, n, m int64) *big.Int

compute delta = (z-z^2)*<1^nm,y^nm>- sum[z^(j+2)*<1^n,2^n>]

func ComputeAggLx 

func ComputeAggLx(aL, sL []*big.Int, x, z *big.Int, nMulm int64) (lx []*big.Int, err error)

compute l(x)

func ComputeAggRx 

func ComputeAggRx(aR, sR []*big.Int, x, y, z *big.Int, n, m int64) (rx []*big.Int, err error)

compute r(x)

func ComputeAt 

func ComputeAt(aggBp *AggBpStatement, c, omega, tHat, stau, delta, sb, x *big.Int, m int64, T1, T2 *bn256.G1) *bn256.G1

func ComputeDelta 

func ComputeDelta(y, z *big.Int, n int64) *big.Int

delta(y,z) = (z-z^2) . < 1^n, y^n > - z^3 . < 1^n, 2^n >

func ComputeLx 

func ComputeLx(aL, sL []*big.Int, z, x *big.Int) ([]*big.Int, error)

l(X) = (aL - z *1^n) +sL *X

func ComputeRx 

func ComputeRx(aR, sR []*big.Int, z, y, x *big.Int) ([]*big.Int, error)

rPloyX = y^n 。 (aR + z . 1^n + x . sR ) + z^2 * 2^n

func Computet0 

func Computet0(aL, aR, sR []*big.Int, y, z *big.Int, n, m int64) (*big.Int, error)

compute t0 = l0 * r0

func Computet1 

func Computet1(aL, aR, sL, sR []*big.Int, y, z *big.Int, n, m int64) (*big.Int, error)

compute t1 = l0*r1+l1*r0

func Computet2 

func Computet2(sL, aR, sR []*big.Int, y, z *big.Int, n, m int64) (*big.Int, error)

compute t2 = l1*r1

func Dec 

func Dec(c *Ciphertext, sk *big.Int) *bn256.G1

func Decompose 

func Decompose(v *big.Int, u int64, l int64) []*big.Int

Decompose receives as input a bigint x and outputs an array of integers such that x = sum(xi.u^i), i.e. it returns the decomposition of x into base u.

func GenerateAggA 

func GenerateAggA(instance *AggBpStatement, witness *AggBpWitness) (aL, aR []*big.Int, alpha *big.Int, A *bn256.G1, err error)

compute aggregate bulletproof A

func GenerateAggS 

func GenerateAggS(instance *AggBpStatement) (sL, sR []*big.Int, rho *big.Int, S *bn256.G1, err error)

compute aggregate bulletproof S

func GenerateAggT1T2 

func GenerateAggT1T2(instance *AggBpStatement, aL, aR, sL, sR []*big.Int, y, z *big.Int) (T1, T2 *bn256.G1, tau1, tau2 *big.Int, err error)

compute aggregate bulletproof T1 and T2

func GenerateAggTaux 

func GenerateAggTaux(tau1, tau2, x, z *big.Int, m int64, vectorGamma []*big.Int) (tauX *big.Int)

compute aggregate bulletproof taux

func GenerateAggtHat 

func GenerateAggtHat(aL, aR, sL, sR []*big.Int, x, y, z *big.Int, n, m int64) (lx, rx []*big.Int, tHat *big.Int, err error)

compute aggregate bulletproof tHat

func GenerateAggyz 

func GenerateAggyz(A, S *bn256.G1) (y, z *big.Int)

compute aggregate bulletproof challenge y and z

func GenerateBurnyz 

func GenerateBurnyz(A, S, cLn, cRn, pub *bn256.G1, epoch *big.Int, sender []byte) (y, z *big.Int)

func GenerateChallenge 

func GenerateChallenge(msg []byte, order *big.Int) *big.Int

compute challenge

func GenerateHprime 

func GenerateHprime(h []*bn256.G1, y *big.Int) []*bn256.G1

GenerateHprime is responsible for computing generators in the following format: [h_1, h_2^(y^-1), ..., h_n^(y^(-n+1))], where [h_1, h_2, ..., h_n] is the original vector of generators. This method is used both by prover and verifier.

func GenerateKexi 

func GenerateKexi(v *big.Int, N int64) []*big.Int

generate kexi = [1,1,v,v^2,..,v^(N-2)]

func GenerateKey 

func GenerateKey(p param, rand io.Reader) (*big.Int, error)

GenerateKey generates private key

func GenerateTFv 

func GenerateTFv(tfStatement *TransferStatement, BpA, BpS, A, B *bn256.G1) (*big.Int, error)

generate challenge v = H(statementHash||BpA||BpS||A||B)

func GenerateTfC 

func GenerateTfC(x *big.Int, Ay, AD, Ab, AX, At, Au *bn256.G1) *big.Int

generate transfer proof c

func GenerateTfOmega 

func GenerateTfOmega(v *big.Int, CLnTilde, CRnTilde, C0Tilde, Dtilde, Tfy0Tilde, TfgTilde, CXtilde, TfyXtilde []*bn256.G1) *big.Int

generate omega

func GenerateWithdrawCh 

func GenerateWithdrawCh(x *big.Int, Rpub, Rb, RtHat, Ru *bn256.G1) *big.Int

func Generatex 

func Generatex(T1, T2 *bn256.G1, z *big.Int) *big.Int

compute challenge x = H(T1||T2||z)

func Generateyz 

func Generateyz(A, S *bn256.G1) (y, z *big.Int)

compute bulletproof challenge y and z

func GetGenerator 

func GetGenerator(param AggBpStatement) (*bn256.G1, *bn256.G1, []*bn256.G1, []*bn256.G1)

func InnerProductVerifier 

func InnerProductVerifier(instance *InnerProductStatement, proof *InnerProductProof, c *big.Int, previousChallenge *big.Int) (bool, error)

func IpVerify 

func IpVerify(n int64, gVector, hVector []*bn256.G1, p, u *bn256.G1, ipProof *InnerProductProof, tHat, previousChallenge *big.Int) (bool, error)

func IsPowOfTwo 

func IsPowOfTwo(n int64) bool

n ?= 2^x

func LPolyCoeff 

func LPolyCoeff(aL []*big.Int, z *big.Int, nm int64) (lZero []*big.Int, err error)

compute polynomial l(X) coefficients l0, since l1 = sL, we do not add into this function

func MapIntoGroup 

func MapIntoGroup(s string) *bn256.G1

MapIntoGroup returns a valid elliptic curve point given as input a string.

https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/?include_text=1

func MultiVectorT 

func MultiVectorT(vector [][]*big.Int) [][]*big.Int

multidimensional vector transpose

func PointToInt 

func PointToInt(p *bn256.G1) *big.Int

func PolyCoefficientsT1 

func PolyCoefficientsT1(sL, sR, aL, aR []*big.Int, y, z *big.Int) (*big.Int, error)

t1: < aL - z.1^n, y^n 。 sR > + < sL, y^n 。 (aR + z . 1^n) > + <sL, z^2 * 2^n >

func PolyCoefficientsT2 

func PolyCoefficientsT2(sL, sR []*big.Int, y *big.Int) *big.Int

compute t2: < sL, y^n 。 sR >

func PolyEvaluate 

func PolyEvaluate(coefficients []*big.Int, x *big.Int) *big.Int

PolyEvaluate returns a polynomial: c[0]+c[1]*x + c[2]*x^2 +...

func PolyEvaluateField 

func PolyEvaluateField(coefficients []*big.Int, x *big.Int) *big.Int

PolyEvaluateField returns a polynomial: c[0]+c[1]*x + c[2]*x^2 +...

func PolyProduct 

func PolyProduct(a, b []*big.Int, field *big.Int) []*big.Int

func PowerOf 

func PowerOf(a *big.Int, n int64) []*big.Int

a^n =(a^0,a^1...,a^{n-1})

func ReadBalance 

func ReadBalance(m *bn256.G1, a, b *big.Int) (*big.Int, error)

func RpolyCoeff 

func RpolyCoeff(aR, sR []*big.Int, y, z *big.Int, n, m int64) (rZero []*big.Int, rOne []*big.Int, err error)

compute polynomial r(x) coefficients

func SchnorrVerify 

func SchnorrVerify(pub *bn256.G1, msg []byte, sigma *Signature) bool

func SigmaProve 

func SigmaProve(g, h, cRn *bn256.G1, epoch, x, z, taux *big.Int, wit *WithdrawWitness) (c, ssk, sb, stau *big.Int, err error)

func SignMarshal 

func SignMarshal(sigma *Signature) ([]byte, error)

encode signature into []byte

func SignMarshal1 

func SignMarshal1(sigma *Signature) ([]byte, []byte, error)

func TFf 

func TFf(F1Coeff [][2]*big.Int, omega *big.Int) (f []*big.Int)

compute proof TFf []*big.Int where flk = Flk1(omega)

func TfPolyCoeffF0 

func TfPolyCoeffF0(a []*big.Int, lBits []*big.Int, m int64) ([][2]*big.Int, error)

compute F0k0 = (1-b0k) * W - a0k or F1k0 where a can be a0 or a1, lBits can be l0Bits or l1Bits

func TfPolyCoeffF1 

func TfPolyCoeffF1(a []*big.Int, lBits []*big.Int, m int64) ([][2]*big.Int, error)

F0k1 or F1k1, where a can be a0 or a1, lBits can be l0Bits or l1Bits

func TfPolyP 

func TfPolyP(Flk0Coeff, Flk1Coeff [][2]*big.Int, N, m int64) [][]*big.Int

TfPolyP is to compute Polynomial P0 or P1, where the input is F0k0Coeff and F0k1Coeff or F1k0Coeff and F1k1Coeff, the result is polynomials of length N, and every polynomial coefficient length is m, namely res =[N][m]*big.Int

func TfProofMarshal 

func TfProofMarshal(TfProof *TransferProof) string

transferproof marshal and unmarshal method

func TfSampleRandomVector 

func TfSampleRandomVector(m int64) (phi, chi, psi, omega []*big.Int)

func TfStatmentMarshal 

func TfStatmentMarshal(tfStatment *TransferStatement) ([]byte, error)

Marshal TransferStatement which will be used to generate challenge

func TfVerifier 

func TfVerifier(AnonPk, CLnNew, CRnNew, CVector []*bn256.G1, D, NonceU *bn256.G1, epoch *big.Int, proof *TransferProof) (bool, error)

verify transfer proof

func TfyXline 

func TfyXline(PolyP0Coeff [][]*big.Int, PolyP1Coeff [][]*big.Int, N, m int64, AnonPk []*bn256.G1, v, challOmega *big.Int, omega []*big.Int) (*bn256.G1, error)

compute TfyXline

func TransferVerify 

func TransferVerify(tfStatement *TransferStatement, tfProof *TransferProof) (bool, error)

func UpdateAggP 

func UpdateAggP(A, S, h *bn256.G1, gVector, hprime []*bn256.G1, x, y, z, mu *big.Int, n, m int64) (*bn256.G1, error)

compute P, where P = A .S^x. g^(-z).hprime ^{ z.y^nm + sum(hprime[(j-1)*n:jn-1]^(z^(j+1)*2^n))} * h{-mu}

func UpdateP 

func UpdateP(A, S *bn256.G1, g, hprime []*bn256.G1, h *bn256.G1, x, z, y, mu *big.Int) *bn256.G1

UpdateP compute P ,where P = A .S^x. g^(-z).hprime ^{ z.y^n + z^2.2^n} * h{-mu}

func VectorAdd 

func VectorAdd(a, b []*big.Int) ([]*big.Int, error)

VectorAdd computes vector addition: a[]+b[]

func VectorCommitMuliExp 

func VectorCommitMuliExp(P0 [][]*big.Int, Cipher []*bn256.G1, m int64, Publ0 *bn256.G1, phi []*big.Int) ([]*bn256.G1, error)

P0 is N*m, len(C) = N, MultiVectorT(P0) is m*N this function can compute proof CLnk, CRnk, C0k, Tfy0k

func VectorDecompose 

func VectorDecompose(v []*big.Int, u, n, m int64) []*big.Int

compute aL, where <2^n, aL[(j-1)n:jn-1]> = v[j]

func VectorEcAdd 

func VectorEcAdd(a, b []*bn256.G1) ([]*bn256.G1, error)

VectorEcAdd computes vector add: a[] + b[],where a[i] is *bn256.G1

func VectorHadamard 

func VectorHadamard(a, b []*big.Int) ([]*big.Int, error)

VectorHadamard computes vector Hadamard: a[]。b[]

func VectorInnerProduct 

func VectorInnerProduct(a, b []*big.Int) (*big.Int, error)

VectorInnerProduct computes vector innerproduct: <a[],b[]>

func VectorInv 

func VectorInv(sVector []*big.Int) (sInv []*big.Int)

sVector[i]^-1=sInv[i]

func VectorLine 

func VectorLine(point *bn256.G1, pub *bn256.G1, r []*big.Int, w *big.Int, m int64) (*bn256.G1, error)

compute CRnLine, DLine, y0Line, gLine

func VectorMuliExpShift 

func VectorMuliExpShift(vectorPoint []*bn256.G1, kexi, polyP0, polyP1 []*big.Int, N int64) (*bn256.G1, error)

compute CXline and yXline left part which includes MultiExp and shift algorithm, where polyP0= P0i, polyP1=P1i

func VectorNeg 

func VectorNeg(a []*big.Int) []*big.Int

VectorNeg computes vector neg: -a[]

func VectorPolyEvaluate 

func VectorPolyEvaluate(PolyCoeff [][]*big.Int, x *big.Int) []*big.Int

Given polynomials coefficients, compute polynomial value

func VectorScalarExp 

func VectorScalarExp(gVector []*bn256.G1, x *big.Int) []*bn256.G1

compute res[i] = {gVector[i]}^x, i in [1,n]

func VectorScalarMul 

func VectorScalarMul(a []*big.Int, b *big.Int) []*big.Int

VectorScalarMul computes vector scalar multiplication: b*a[]

func VectorScalarMulG 

func VectorScalarMulG(G *bn256.G1, randNum []*big.Int) []*bn256.G1

compute Dtilde or tfgTilde

func VectorScalarMulSum 

func VectorScalarMulSum(aVector []*big.Int, gVector []*bn256.G1) (*bn256.G1, error)

compute sum(aVector[i] * gVector[i])

func VectorShift 

func VectorShift(vector []*big.Int, shift int64) []*big.Int

compute circularly Shift vector

func VectorSub 

func VectorSub(a, b []*big.Int) ([]*big.Int, error)

VectorSub computes vector sub: a[] - b[]

func VerifierCommit 

func VerifierCommit(f []*big.Int, A, B *bn256.G1, m int64, zA, challOmega *big.Int, aggBp *AggBpStatement) (bool, error)

func VerifierF0Coeff 

func VerifierF0Coeff(f []*big.Int, challOmega *big.Int) []*big.Int

given flk1, compute the flk0 = w - flk1, where f is flk1, challOmega is w

func VerifierPolyCoeff 

func VerifierPolyCoeff(flk0, flk1 []*big.Int, N, m int64) []*big.Int

Given flk0 and flk1 where their length is m instead of 2m, the output is polyli = \PI(flkk_i)

func VerifierVectorLine 

func VerifierVectorLine(vectorPoint, vectorTilde []*bn256.G1, coeff []*big.Int, omega *big.Int) (*bn256.G1, error)

compute CLnLine which includes MultiExp and VectorTilde algorithms, line 104-109

func VerifierVectorTilde 

func VerifierVectorTilde(vectorTilde []*bn256.G1, omega *big.Int) (*bn256.G1, error)

this function is to compute \Pi(vectorTilde[k] *(-omega^k))

func VerifyAggIpp 

func VerifyAggIpp(proof *AggBulletProof, instance *AggBpStatement) (bool, error)

verify the aggregate bulletproof

func VerifyThat 

func VerifyThat(proof *BulletProof, params BulletProofParams) bool

Verify g^that h^taux = V^{z^2}g^delta(y,z) T1^x T2^{x^2}

func WdPointMarshal 

func WdPointMarshal(point []*bn256.G1) []byte

func WdPointUnMarshal 

func WdPointUnMarshal(res []byte) ([]*bn256.G1, error)

func WithdrawVerify 

func WithdrawVerify(statement *WithdrawStatement, proof *WithdrawProof) (bool, error)

Types

type ABProofMarshal 

type ABProofMarshal struct {
	//a tuple of V[i]=g*v[i] + h*gamma[i]
	V    []byte
	A    []byte
	S    []byte
	T1   []byte
	T2   []byte
	Taux *big.Int
	//taux              []byte
	Mu                *big.Int
	THat              *big.Int
	InnerProductProof []byte
}

aggbulletproof marshal struct

type AggBpStatement 

type AggBpStatement struct {
	// contains filtered or unexported fields
}

func AggBp 

func AggBp() AggBpStatement

func GenerateAggBpStatement 

func GenerateAggBpStatement(m, n int64) *AggBpStatement

func GenerateAggBpStatement_range added in v1.1.0 

func GenerateAggBpStatement_range(m, n int64, range_hash []byte) *AggBpStatement

func NewAggBpStatement 

func NewAggBpStatement(m int64, aggbppram AggBpStatement) *AggBpStatement

only for withdrawproof

type AggBpWitness 

type AggBpWitness struct {
	// contains filtered or unexported fields
}

func NewAggBpWitness 

func NewAggBpWitness(Wit []*big.Int) *AggBpWitness

only for withdrawproof of clientcmd

type AggBulletProof 

type AggBulletProof struct {
	//a tuple of V[i]=g*v[i] + h*gamma[i]
	V  []*bn256.G1
	A  *bn256.G1
	S  *bn256.G1
	T1 *bn256.G1
	T2 *bn256.G1
	// contains filtered or unexported fields
}

func AggBpProve 

func AggBpProve(instance *AggBpStatement, witness *AggBpWitness) (*AggBulletProof, error)

generate aggregate bulletproof which can be considered as 4 rounds prove phases and 2 rounds of challenge

func AggProofUnMarshal 

func AggProofUnMarshal(str string) (*AggBulletProof, error)

func (*AggBulletProof) VectorvCommit 

func (aggreBp *AggBulletProof) VectorvCommit(param BulletProofParams, v []*big.Int, m int64) (vectorV []*bn256.G1, vectorGamma []*big.Int, err error)

compute commitment for a tuple of v[i], i in [1,m]

func (*AggBulletProof) VerifyAggtHat 

func (proof *AggBulletProof) VerifyAggtHat(instance *AggBpStatement) (bool, error)

verify proof.InnerProductProof is valid

type BulletProof 

type BulletProof struct {
	V  *bn256.G1
	A  *bn256.G1
	S  *bn256.G1
	T1 *bn256.G1
	T2 *bn256.G1
	// contains filtered or unexported fields
}

BulletProof structure contains the elements that are necessary for the verification of the Zero Knowledge Proof.

func Prove 

func Prove(witness *big.Int, params BulletProofParams) (*BulletProof, error)

Prove computes the ZK rangeproof.

func (*BulletProof) Verify 

func (proof *BulletProof) Verify(param BulletProofParams) (bool, error)

Verify returns true if and only if the proof is valid.

type BulletProofParams 

type BulletProofParams struct {
	// contains filtered or unexported fields
}

BulletProofParams is the structure that stores the parameters for the Zero Knowledge Proof system.

func Bp 

func Bp() BulletProofParams

func GenerateBpParam 

func GenerateBpParam(n int64) *BulletProofParams

init params

type Ciphertext 

type Ciphertext struct {
	C *bn256.G1
	D *bn256.G1
}

func Enc 

func Enc(rand io.Reader, pk *bn256.G1, b *big.Int) (*Ciphertext, error)

func Newciphertext 

func Newciphertext(C, D *bn256.G1) *Ciphertext

func (*Ciphertext) Marshal 

func (c *Ciphertext) Marshal() ([]byte, error)

func (*Ciphertext) UnMarshal 

func (c *Ciphertext) UnMarshal(res []byte) error

type IPproofMarshal 

type IPproofMarshal struct {
	A  *big.Int
	B  *big.Int
	LS []byte
	RS []byte
}

type InnerProductProof 

type InnerProductProof struct {

	//len(LS)=len(RS)=log_2(n)
	LS []*bn256.G1
	RS []*bn256.G1
	// contains filtered or unexported fields
}

func GenerateAggIpp 

func GenerateAggIpp(instance *AggBpStatement, A, S *bn256.G1, x, y, z, mu, tHat *big.Int, lx, rx []*big.Int) (*InnerProductProof, error)

compute aggregate bulletproof InnerProductProof

func InnerProductProver 

func InnerProductProver(instance *InnerProductStatement, witness *InnerProductWitness, tHat *big.Int, previousChallenge *big.Int) (proof *InnerProductProof, err error)

func IpProve 

func IpProve(n int64, GVector, HVector []*bn256.G1, p, u *bn256.G1, l, r []*big.Int, tHat *big.Int, challenge *big.Int) (proof *InnerProductProof, err error)

type InnerProductStatement 

type InnerProductStatement struct {
	// contains filtered or unexported fields
}

func Protocol1 

func Protocol1(instance *InnerProductStatement, c *big.Int, previousChallenge *big.Int) (*InnerProductStatement, *big.Int)

instance = (gVector, hVector, P, c=<aVector, bVector>); witness = (aVector, bVector) after protocol1: P'= P + x * c * u, where x is challenge, c is the innerproduct instance' = (gVector, hVector, u*x, P'); witness' = (aVector, bVector)

type InnerProductWitness 

type InnerProductWitness struct {
	// contains filtered or unexported fields
}

type KeyPair 

type KeyPair struct {
	// contains filtered or unexported fields
}

func NewKeyPair 

func NewKeyPair(rand io.Reader) (*KeyPair, error)

func (*KeyPair) GetPrivateKey 

func (key *KeyPair) GetPrivateKey() *big.Int

func (*KeyPair) GetPublicKey 

func (key *KeyPair) GetPublicKey() (*bn256.G1, error)

func (*KeyPair) NewPrivateKey 

func (key *KeyPair) NewPrivateKey(a *big.Int)

func (*KeyPair) NewPublicKey 

func (key *KeyPair) NewPublicKey(s string) error

type PedersenCommitment 

type PedersenCommitment struct {
	// contains filtered or unexported fields
}

PedersenCommitment structure

func NewPedersenCommitment 

func NewPedersenCommitment(p BulletProofParams, x *big.Int) *PedersenCommitment

NewPedersenCommitment returns a PedersenCommitment

func (*PedersenCommitment) Commit 

func (commit *PedersenCommitment) Commit() *bn256.G1

Commit returns a PedersenCommitment: V = r*h + v*g

type Signature 

type Signature struct {
	R *big.Int
	S *big.Int
}

func SchnorrSign 

func SchnorrSign(rand io.Reader, key *KeyPair, msg []byte) (*Signature, error)

func SchnorrTest 

func SchnorrTest(rand io.Reader, sk *big.Int, pk *bn256.G1, msg []byte) (*Signature, error)

func SignUnMarshal 

func SignUnMarshal(res []byte) (*Signature, error)

decode []byte as signature

type TfPMarshal 

type TfPMarshal struct {
	BpA       []byte
	BpS       []byte
	A         []byte
	B         []byte
	CLnTilde  []byte
	CRnTilde  []byte
	C0Tilde   []byte
	Dtilde    []byte
	Tfy0Tilde []byte
	TfgTilde  []byte
	CXtilde   []byte
	TfyXtilde []byte
	Tff       []*big.Int
	TfzA      *big.Int
	BpT1      []byte
	BpT2      []byte
	BpThat    *big.Int
	BpMu      *big.Int
	Tfc       *big.Int
	TfSsk     *big.Int
	TfSr      *big.Int
	TfSb      *big.Int
	TfStau    *big.Int
	Ia        *big.Int
	Ib        *big.Int
	LS        []byte
	RS        []byte
}

tfProofMarshal struct

type TfSMarshal 

type TfSMarshal struct {
	AnonPk  []byte
	CLnNew  []byte
	CRnNew  []byte
	CVector []byte
	D       []byte
	NonceU  []byte
	Epoch   []byte
}

type TransferProof 

type TransferProof struct {
	BpA       *bn256.G1
	BpS       *bn256.G1
	A         *bn256.G1
	B         *bn256.G1
	CLnTilde  []*bn256.G1
	CRnTilde  []*bn256.G1
	C0Tilde   []*bn256.G1
	Dtilde    []*bn256.G1
	Tfy0Tilde []*bn256.G1
	TfgTilde  []*bn256.G1
	CXtilde   []*bn256.G1
	TfyXtilde []*bn256.G1
	Tff       []*big.Int
	TfzA      *big.Int
	BpT1      *bn256.G1
	BpT2      *bn256.G1
	BpThat    *big.Int
	BpMu      *big.Int
	Tfc       *big.Int
	TfSsk     *big.Int
	TfSr      *big.Int
	TfSb      *big.Int
	TfStau    *big.Int
	IpProof   *InnerProductProof
}

func TfProofUnMarshal 

func TfProofUnMarshal(str string) (*TransferProof, error)

func TfProver 

func TfProver(AnonPk, CLnNew, CRnNew, CVector []*bn256.G1, D, NonceU *bn256.G1, epoch *big.Int, sk, bTf, bDiff, r, l0, l1 *big.Int) (*TransferProof, error)

generate transfer proof

func TransferProve 

func TransferProve(tfStatement *TransferStatement, tfWit *TransferWitness) (*TransferProof, error)

type TransferStatement 

type TransferStatement struct {
	//N is the length of Anonymous pk set and N must be 2^m
	//N int64
	AnonPk  []*bn256.G1
	CLnNew  []*bn256.G1
	CRnNew  []*bn256.G1
	CVector []*bn256.G1
	D       *bn256.G1
	NonceU  *bn256.G1
	Epoch   *big.Int
}

type TransferWitness 

type TransferWitness struct {
	// contains filtered or unexported fields
}

type VectorCommitment 

type VectorCommitment struct {
	// contains filtered or unexported fields
}

VectorCommitment structure

func NewVectorCommitment 

func NewVectorCommitment(p BulletProofParams, a, b []*big.Int) *VectorCommitment

NewVectorCommitment returns a VectorCommitment

func (*VectorCommitment) Commit 

func (commit *VectorCommitment) Commit() (*bn256.G1, error)

Commit returns a VectorCommitment: V = r*h + aL*G + aR*H

type WdProofMarshal 

type WdProofMarshal struct {
	A    []byte
	S    []byte
	T1   []byte
	T2   []byte
	That *big.Int
	Mu   *big.Int
	C    *big.Int
	Ssk  *big.Int
	Sb   *big.Int
	Stau *big.Int
	Ia   *big.Int
	Ib   *big.Int
	LS   []byte
	RS   []byte
}

type WithdrawProof 

type WithdrawProof struct {
	A  *bn256.G1
	S  *bn256.G1
	T1 *bn256.G1
	T2 *bn256.G1
	// contains filtered or unexported fields
}

func WdProofUnMarshal 

func WdProofUnMarshal(str string) (*WithdrawProof, error)

func WithdrawProve 

func WithdrawProve(cLn, cRn, pub *bn256.G1, epoch *big.Int, sender []byte, witness *WithdrawWitness) (*WithdrawProof, error)

func (*WithdrawProof) WdProofMarshal 

func (wdProof *WithdrawProof) WdProofMarshal() string

type WithdrawStatement 

type WithdrawStatement struct {
	// contains filtered or unexported fields
}

func NewWithdrawStatement 

func NewWithdrawStatement(cLn, cRn, pub, u *bn256.G1, epoch *big.Int, sender []byte) *WithdrawStatement

type WithdrawWitness 

type WithdrawWitness struct {
	// contains filtered or unexported fields
}

func NewWithdrawWit 

func NewWithdrawWit(Priv *big.Int, Vdiff *AggBpWitness) *WithdrawWitness

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.