Documentation ¶
Index ¶
- Constants
- func GenRootOfUnityQuasiPrimitive(suite *bn256.Suite, d uint16) (kyber.Scalar, []kyber.Scalar)
- type TrustedSetup
- func TrustedSetupFromBytes(suite *bn256.Suite, data []byte) (*TrustedSetup, error)
- func TrustedSetupFromFile(suite *bn256.Suite, fname string) (*TrustedSetup, error)
- func TrustedSetupFromSecretNaturalDomain(suite *bn256.Suite, d uint16, secret kyber.Scalar) (*TrustedSetup, error)
- func TrustedSetupFromSecretPowers(suite *bn256.Suite, d uint16, omega, secret kyber.Scalar) (*TrustedSetup, error)
- func TrustedSetupFromSeed(suite *bn256.Suite, d uint16, seed []byte) (*TrustedSetup, error)
- func (sd *TrustedSetup) Bytes() []byte
- func (sd *TrustedSetup) Commit(vect []kyber.Scalar) kyber.Point
- func (sd *TrustedSetup) CommitAll(vect []kyber.Scalar) (kyber.Point, []kyber.Point)
- func (sd *TrustedSetup) Prove(vect []kyber.Scalar, i int) kyber.Point
- func (sd *TrustedSetup) Verify(c, pi kyber.Point, v kyber.Scalar, atIndex int) bool
- func (sd *TrustedSetup) VerifyVector(vect []kyber.Scalar, c kyber.Point) bool
Constants ¶
const FACTOR = 5743
factor of order-1
Variables ¶
This section is empty.
Functions ¶
func GenRootOfUnityQuasiPrimitive ¶
GenRootOfUnityQuasiPrimitive generates random roots of unity based on FACTOR until all its powers up to D-1 are long enough thus excluding also 1. Note that the generated root of unity may not be primitive wrt FACTOR
Types ¶
type TrustedSetup ¶
type TrustedSetup struct { Suite *bn256.Suite D uint16 Omega kyber.Scalar // persistent LagrangeBasis []kyber.Point // persistent. TLi = [l<i>(secret)]1 Diff2 []kyber.Point // persistent // auxiliary, precalculated values Domain []kyber.Scalar // non-persistent. if omega != 0, domain_i = omega^i, otherwise domain_i = i. AprimeDomainI []kyber.Scalar // A'(i) ZeroG1 kyber.Scalar // aux OneG1 kyber.Scalar // aux // contains filtered or unexported fields }
TrustedSetup is a trusted setup for KZG calculations with degree D. The domain of Lagrange polynomials is either defined by powers of omega, assuming omega^i != 1 for any 0<=i<D or, of omega == 0, it is 0, 1, 2, ..., D-1 The secret itself must be destroyed immediately after trusted setup is generated. The trusted setup is a public value stored for example in a file. It is impossible to restore secret from the trusted setup [x]1 means a projection of scalar x to the G1 curve. [x]1 = xG, where G is the generating element [x]2 means a projection of scalar x to the G2 curve. [x]2 = xH, where H is the generating element
func TrustedSetupFromBytes ¶
func TrustedSetupFromBytes(suite *bn256.Suite, data []byte) (*TrustedSetup, error)
TrustedSetupFromBytes unmarshals trusted setup from binary representation
func TrustedSetupFromFile ¶
func TrustedSetupFromFile(suite *bn256.Suite, fname string) (*TrustedSetup, error)
TrustedSetupFromFile restores trusted setup from file
func TrustedSetupFromSecretNaturalDomain ¶
func TrustedSetupFromSecretNaturalDomain(suite *bn256.Suite, d uint16, secret kyber.Scalar) (*TrustedSetup, error)
TrustedSetupFromSecretNaturalDomain uses 0,1,2,.. domain instead of omega
func TrustedSetupFromSecretPowers ¶
func TrustedSetupFromSecretPowers(suite *bn256.Suite, d uint16, omega, secret kyber.Scalar) (*TrustedSetup, error)
TrustedSetupFromSecretPowers calculates TrustedSetup from secret and omega It uses powers of the omega as a domain for Lagrange basis Only used once after what secret must be destroyed
func TrustedSetupFromSeed ¶
TrustedSetupFromSeed for testing only
func (*TrustedSetup) Bytes ¶
func (sd *TrustedSetup) Bytes() []byte
Bytes marshals the trusted setup
func (*TrustedSetup) Commit ¶
func (sd *TrustedSetup) Commit(vect []kyber.Scalar) kyber.Point
Commit commits to vector vect[0], ...., vect[D-1] it is [f(s)]1 where f is polynomial in evaluation (Lagrange) form, i.e. with f(rou[i]) = vect[i], i = 0..D-1 vect[k] == nil equivalent to 0
func (*TrustedSetup) CommitAll ¶
func (sd *TrustedSetup) CommitAll(vect []kyber.Scalar) (kyber.Point, []kyber.Point)
CommitAll return commit to the whole vector and to each of values of it Generate commitment to the vector and proofs to all values. Expensive. Usually used only in tests
func (*TrustedSetup) Prove ¶
func (sd *TrustedSetup) Prove(vect []kyber.Scalar, i int) kyber.Point
Prove returns pi = [(f(s)-vect<index>)/(s-rou<index>)]1 This is the proof sent to verifier
func (*TrustedSetup) Verify ¶
func (sd *TrustedSetup) Verify(c, pi kyber.Point, v kyber.Scalar, atIndex int) bool
Verify verifies KZG proof that polynomial f committed with C has f(rou<atIndex>) = v c is commitment to the polynomial pi is commitment to the value point (proof) value is the value of the polynomial adIndex is index of the root of unity where polynomial is expected to have value = v
func (*TrustedSetup) VerifyVector ¶
func (sd *TrustedSetup) VerifyVector(vect []kyber.Scalar, c kyber.Point) bool
VerifyVector calculates proofs and verifies all elements in the vector against commitment C