bulletproofs

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2021 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var MAX_RANGE_END int64 = 4294967296 // 2**32
View Source 
var MAX_RANGE_END_EXPONENT = 32 // 2**32
View Source 
var SEEDH = "BulletproofsDoesNotNeedTrustedSetupH"
View Source 
var SEEDU = "BulletproofsDoesNotNeedTrustedSetupU"

Functions

func CommitG1 

func CommitG1(ec elliptic.Curve, x, r *big.Int, h *curve.Point) (*curve.Point, error)

CommitG1 method corresponds to the Pedersen commitment scheme. Namely, given input message x, and randomness r, it outputs g^x.h^r.

func Decompose 

func Decompose(x *big.Int, u int64, l int64) ([]int64, error)

Decompose receives as input a bigint x and outputs an array of integers such that x = sum(xi.u^i), i.e. it returns the decomposition of x into base u.

func HashBP 

func HashBP(ha gost3410.HashAlgorithm, A, S *curve.Point) (*big.Int, *big.Int, error)

Hash is responsible for the computing a Zp element given elements from GT and G1.

func IsPowerOfTwo 

func IsPowerOfTwo(x int64) bool

IsPowerOfTwo returns true for arguments that are a power of 2, false otherwise. https://stackoverflow.com/a/600306/844313

func ScalarProduct 

func ScalarProduct(ec elliptic.Curve, a, b []*big.Int) (*big.Int, error)

ScalarProduct return the inner product between a and b.

func SetupGeneric 

func SetupGeneric(context *gost3410.Context, a, b int64) (*bprp, error)

SetupGeneric is responsible for calling the Setup algorithm for each BulletProof.

func VectorAdd 

func VectorAdd(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)

VectorAdd computes vector addition componentwisely.

func VectorConvertToBig 

func VectorConvertToBig(a []int64, n int64) ([]*big.Int, error)

VectorConvertToBig converts an array of int64 to an array of big.Int.

func VectorCopy 

func VectorCopy(a *big.Int, n int64) ([]*big.Int, error)

VectorCopy returns a vector composed by copies of a.

func VectorECAdd 

func VectorECAdd(ec elliptic.Curve, a, b []*curve.Point) ([]*curve.Point, error)

VectorECMul computes vector EC addition componentwisely.

func VectorExp 

func VectorExp(ec elliptic.Curve, a []*curve.Point, b []*big.Int) (*curve.Point, error)

VectorExp computes Prod_i^n{a[i]^b[i]}.

func VectorMul 

func VectorMul(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)

VectorMul computes vector multiplication componentwisely.

func VectorScalarMul 

func VectorScalarMul(ec elliptic.Curve, a []*big.Int, b *big.Int) ([]*big.Int, error)

VectorScalarMul computes vector scalar multiplication componentwisely.

func VectorSub 

func VectorSub(ec elliptic.Curve, a, b []*big.Int) ([]*big.Int, error)

VectorSub computes vector addition componentwisely.

Types

type BulletProof 

type BulletProof struct {
	V                 *curve.Point
	A                 *curve.Point
	S                 *curve.Point
	T1                *curve.Point
	T2                *curve.Point
	Taux              *big.Int
	Mu                *big.Int
	Tprime            *big.Int
	InnerProductProof InnerProductProof
	Commit            *curve.Point
	Params            BulletProofSetupParams
}

BulletProofs structure contains the elements that are necessary for the verification of the Zero Knowledge Proof.

func AggregateProofs 

func AggregateProofs(inContext *MPCPContext, tauxs []*big.Int, params BulletProofSetupParams) (BulletProof, error)

func Prove 

func Prove(context *gost3410.Context, secret *big.Int, params BulletProofSetupParams) (BulletProof, error)

Prove computes the ZK rangeproof. The documentation and comments are based on eprint version of Bulletproofs papers: https://eprint.iacr.org/2017/1066.pdf

func (*BulletProof) Verify 

func (proof *BulletProof) Verify(context *gost3410.Context) (bool, error)

Verify returns true if and only if the proof is valid.

type BulletProofSetupParams 

type BulletProofSetupParams struct {
	// N is the bit-length of the range.
	N int64
	// G is the Elliptic Curve generator.
	G *curve.Point
	// H is a new generator, computed using MapToGroup function,
	// such that there is no discrete logarithm relation with G.
	H *curve.Point
	// Gg and Hh are sets of new generators obtained using MapToGroup.
	// They are used to compute Pedersen Vector Commitments.
	Gg []*curve.Point
	Hh []*curve.Point
	// InnerProductParams is the setup parameters for the inner product proof.
	InnerProductParams InnerProductParams
}

BulletProofSetupParams is the structure that stores the parameters for the Zero Knowledge Proof system.

func Setup 

func Setup(context *gost3410.Context, b int64) (BulletProofSetupParams, error)

SetupInnerProduct is responsible for computing the common parameters. Only works for ranges to 0 to 2^n, where n is a power of 2 and n <= 32 TODO: allow n > 32 (need uint64 for that).

type InnerProductParams 

type InnerProductParams struct {
	N  int64
	Cc *big.Int
	Uu *curve.Point
	H  *curve.Point
	Gg []*curve.Point
	Hh []*curve.Point
	P  *curve.Point
}

InnerProductParams contains elliptic curve generators used to compute Pedersen commitments.

type InnerProductProof 

type InnerProductProof struct {
	N      int64
	Ls     []*curve.Point
	Rs     []*curve.Point
	U      *curve.Point
	P      *curve.Point
	Gg     *curve.Point
	Hh     *curve.Point
	A      *big.Int
	B      *big.Int
	Params InnerProductParams
}

InnerProductProof contains the elements used to verify the Inner Product Proof.

func (InnerProductProof) Verify 

func (proof InnerProductProof) Verify(context *gost3410.Context) (bool, error)

Verify is responsible for the verification of the Inner Product Proof.

type MPCPContext 

type MPCPContext struct {
	V                 *curve.Point
	A                 *curve.Point
	S                 *curve.Point
	T1                *curve.Point
	T2                *curve.Point
	Mu                *big.Int
	Tprime            *big.Int
	InnerProductProof InnerProductProof
	Commit            *curve.Point
	// contains filtered or unexported fields
}

func PartialPreProve 

func PartialPreProve(context *gost3410.Context, params BulletProofSetupParams) (mpcpContext *MPCPContext, publicTau1 *curve.Point, publicTau2 *curve.Point)

func PartialProve 

func PartialProve(context *gost3410.Context, secret *big.Int, gamma *big.Int, inContext *MPCPContext, publicTau1s []*curve.Point, publicTau2s []*curve.Point, params BulletProofSetupParams) (outContext *MPCPContext, taux *big.Int, err error)

type ProofBPRP 

type ProofBPRP struct {
	P1 BulletProof
	P2 BulletProof
}

ProofBPRP stores the generic ZKRP.

func ProveGeneric 

func ProveGeneric(context *gost3410.Context, secret *big.Int, params *bprp) (ProofBPRP, error)

BulletProof only works for interval in the format [0, 2^N). In order to allow generic intervals in the format [A, B) it is necessary to use 2 BulletProofs, as explained in Section 4.3 from the following paper: https://infoscience.epfl.ch/record/128718/files/CCS08.pdf

func (ProofBPRP) Verify 

func (proof ProofBPRP) Verify(context *gost3410.Context) (bool, error)

Verify call the Verification algorithm for each BulletProof argument.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.