Documentation ¶
Index ¶
- func AddVectors(a []*big.Int, b []*big.Int) []*big.Int
- func AddVectors3(a []*big.Int, b []*big.Int, c []*big.Int) []*big.Int
- func ComputeChallenges(V, g *ECPoint, proof BulletProof) (*big.Int, *big.Int, *big.Int, *big.Int, []*big.Int)
- func Dot(a, b []*big.Int) *big.Int
- func GetB32(num *big.Int) [32]byte
- func Hadamard(a, b []*big.Int) []*big.Int
- func HashToScalars(seed [32]byte, idx uint32) (*big.Int, *big.Int)
- func Inv(z *big.Int) *big.Int
- func IsQuadraticResidue(y *big.Int) bool
- func ModSqrtFast(x *big.Int) *big.Int
- func ModSqrtOrig(x *big.Int) *big.Int
- func Mul(nums ...*big.Int) *big.Int
- func Neg(z *big.Int) *big.Int
- func Ones(n int) []*big.Int
- func ScalarMul(vector []*big.Int, scalar *big.Int) []*big.Int
- func SerializePoints(points []*ECPoint) []byte
- func Square(z *big.Int) *big.Int
- func SubScalars(a, b *big.Int) *big.Int
- func SubVectors(a, b []*big.Int) []*big.Int
- func Sum(nums ...*big.Int) *big.Int
- func VectorOf(n int, v *big.Int) []*big.Int
- type BulletProof
- type ECPoint
- func DeserializePoints(buf []byte, num uint) ([]*ECPoint, error)
- func EncodeFieldElementToCurve(t *big.Int) *ECPoint
- func GeneratorsCreate(n int) []*ECPoint
- func HadamardP(a []*ECPoint, b []*ECPoint) []*ECPoint
- func ScalarMulPoint(point *ECPoint, scalar *big.Int) *ECPoint
- func ScalarMulPoints(scalars []*big.Int, points []*ECPoint) *ECPoint
- func ScalarMultAll(scalar *big.Int, points ...*ECPoint) *ECPoint
- func ScalarMultArray(xi *big.Int, points []*ECPoint) []*ECPoint
- func SumPoints(points ...*ECPoint) *ECPoint
- type Prover
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddVectors ¶
AddVectors returns the vector z = a + b. This function will panic if the vectors are of different length.
func AddVectors3 ¶
AddVectors3 returns the vector z = a + b + c.
func ComputeChallenges ¶
func ComputeChallenges(V, g *ECPoint, proof BulletProof) (*big.Int, *big.Int, *big.Int, *big.Int, []*big.Int)
ComputeChallenges computes non-interactive challenges in the same way that is used in rangeProofCreate.
func Dot ¶
Dot computes the inner product of two vectors of length n: a · b = a_1 * b_1 + a_2 * b_2 + ··· + a_n * b_n.
func GetB32 ¶
GetB32 returns a fixed size 32-byte slice containing the big-endian representation of num. This function will panic if the given number does not fit into 32 bytes.
func Hadamard ¶
Hadamard computes the vector given by element-wise multiplication of the two given vectors. a ○ b = (a_0*b_0 a_1*b_1 ... a_n*b_n). This function will panic if the vectors have different lengths.
func HashToScalars ¶
This mirrors the behaviour of secp256k1_scalar_chacha20 in libsecp256k1.
func Inv ¶
Inv returns the multiplicative inverse of z modulo the group order, i.e. z^-1 such that z * z^-1 = 1 mod N.
func IsQuadraticResidue ¶
IsQuadraticResidue returns true if there exists some x such that x*x = y mod P.
func ModSqrtFast ¶
ModSqrtFast returns a value v such that v*v = x mod P. This is about twice as fast as ModSqrtOrig. See: https://bitcointalk.org/index.php?topic=162805.msg1712294#msg1712294
func ModSqrtOrig ¶
ModSqrtOrig returns a value v such that v*v = x mod P.
func Neg ¶
Neg returns the additive inverse of z modulo the group order, i.e. -z such that z + (-z) = 0 mod N.
func ScalarMul ¶
ScalarMul returns the vector that is the result of the scalar multiplication of vector and scalar.
func SerializePoints ¶
SerializePoints returns a byte slice containing a bit vector that indicates whether the points
func SubVectors ¶
SubVectors returns the vector a - b. This function will panic if the vectors are of different lengths.
Types ¶
type BulletProof ¶
type BulletProof struct { T1 *ECPoint // A commitment to the t_1 coefficient of t(X). T2 *ECPoint // A commitment to the t_2 coefficient of t(X). A *ECPoint // A commitment to aL and aR. S *ECPoint // A commitment to the blinding vectors sL and sR. Ls, Rs []*ECPoint // The log(n) points from the inner product proof. // contains filtered or unexported fields }
BulletProof is a zero knowledge argument of knowledge that a committed value lies withing a specific range. See rangeProofCreate for a full explanation of these values.
type ECPoint ¶
ECPoint is a group element of the secp256k1 curve in affine coordinates.
func DeserializePoints ¶
DeserializePoints parses num points that have been serialized using SerializePoints.
func EncodeFieldElementToCurve ¶
EncodeFieldElementToCurve uses the Shallue–van de Woestijne encoding from the paper "Indifferentiable Hashing to Barreto-Naehrig Curves" to map the given field element to a point on secp256k1. Note that this implementation is not constant time.
func GeneratorsCreate ¶
GeneratorsCreate creates and returns a list of nothing-up-my-sleeve generator points.
func HadamardP ¶
HadamardP computes the element-wise point addition of the two vectors. This function will panic if the vectors have different lengths.
func ScalarMulPoint ¶
ScalarMulPoint multiplies a point by a scalar.
func ScalarMulPoints ¶
ScalarMulPoints multiplies each point with the corresponding scalar and sums the results. This function will panic if the number of scalars and points differ.
func ScalarMultAll ¶
ScalarMultAll multiplies all points by the given scalar and sums the results.
func ScalarMultArray ¶
ScalarMultArray multiplies each point in the vector points by the scalar xi and returns them as a vector.
func (*ECPoint) Bytes ¶
Vector Pedersen Commitment Given an array of values, we commit the array with different generators for each element and for each randomness.
Bytes compresses and serializes the point.
type Prover ¶
type Prover struct {
G, H []*ECPoint // a set of nothing-up-my-sleeve generator points on secp256k1.
ValueGenerator *ECPoint // the generator point used for committing to a value.
BlindingGenerator *ECPoint // the generator point used for blinding factors.
// contains filtered or unexported fields
}
Prover is a range proof prover and verifier.
func NewProver ¶
NewProver returns a new instance of a range proof Prover that supports proving and verifying values up to 2^n-1.
func (*Prover) CreateRangeProof ¶
func (v *Prover) CreateRangeProof(V *ECPoint, value, gamma *big.Int, nonce [32]byte, message [16]byte) (BulletProof, error)
CreateRangeProof creates a zero knowledge argument of knowledge that convinces a verifier that the committed value lies within a specific range.