zkproofs

package
v0.0.0-...-9e00f6c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 9, 2021 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ORDER = CURVE.N
	SEEDH = "BulletproofsDoesNotNeedTrustedSetupH"
	SEEDU = "BulletproofsDoesNotNeedTrustedSetupU"
	SAVE  = true
)
View Source 
var (
	CURVE = secp256k1.S256()
	GX    = CURVE.Gx
	GY    = CURVE.Gy
)
View Source 
var (
	G1 = new(bn256.G1).ScalarBaseMult(new(big.Int).SetInt64(1))
	G2 = new(bn256.G2).ScalarBaseMult(new(big.Int).SetInt64(1))
	E  = bn256.Pair(G1, G2)
)

Constants that are going to be used frequently, then we just need to compute them once.

Functions

func Add 

func Add(x *big.Int, y *big.Int) *big.Int

func BIP 

func BIP(a, b []*big.Int, g, h []*p256, u, P *p256, n int64, Ls, Rs []*p256) (proofBip, error)

BIP is the main recursive function that will be used to compute the inner product argument.

func CalculateHash 

func CalculateHash(b1 *big.Int, b2 *big.Int) (*big.Int, error)

func Commit 

func Commit(x, r *big.Int, h *bn256.G2) (*bn256.G2, error)

Commit method corresponds to the Pedersen commitment scheme. Namely, given input message x, and randomness r, it outputs g^x.h^r.

func CommitG1 

func CommitG1(x, r *big.Int, h *p256) (*p256, error)

CommitG1 method corresponds to the Pedersen commitment scheme. Namely, given input message x, and randomness r, it outputs g^x.h^r.

func CommitInnerProduct 

func CommitInnerProduct(g, h []*p256, a, b []*big.Int) (*p256, error)

CommitInnerProduct is responsible for calculating g^a.h^b.

func CommitVector 

func CommitVector(aL, aR []int64, alpha *big.Int, G, H *p256, g, h []*p256, n int64) (*p256, error)

Commitvector computes a commitment to the bit of the secret.

func CommitVectorBig 

func CommitVectorBig(aL, aR []*big.Int, alpha *big.Int, G, H *p256, g, h []*p256, n int64) (*p256, error)

func ComputeAR 

func ComputeAR(x []int64) ([]int64, error)

aR = aL - 1^n

func Decompose 

func Decompose(x *big.Int, u int64, l int64) ([]int64, error)

Decompose receives as input a bigint x and outputs an array of integers such that x = sum(xi.u^i), i.e. it returns the decomposition of x into base u.

func DumpProof 

func DumpProof(t *big.Int, h []*p256, p *p256, proof *proofBP) ([]byte, error)

func F 

func F(x *big.Int) (*big.Int, error)

F receives a big integer x as input and return x^3 + 7 mod ORDER.

func GetBigInt 

func GetBigInt(value string) *big.Int

Read big integer in base 10 from string.

func Hash 

func Hash(a []*bn256.GT, D *bn256.G2) (*big.Int, error)

Hash is responsible for the computing a Zp element given elements from GT and G2.

func HashBP 

func HashBP(A, S *p256) (*big.Int, *big.Int, error)

Hash is responsible for the computing a Zp element given elements from GT and G1.

func HashIP 

func HashIP(g, h []*p256, P *p256, c *big.Int, n int64) (*big.Int, error)

HashIP is responsible for the computing a Zp element given elements from GT and G1.

func HashSet 

func HashSet(a *bn256.GT, D *bn256.G2) (*big.Int, error)

HashSet is responsible for the computing a Zp element given elements from GT and G2.

func HashToInt 

func HashToInt(b bytes.Buffer) (*big.Int, error)

Hash is responsible for the computing a Zp element given the input string.

func LoadProofFromDisk 

func LoadProofFromDisk(s string) (*proofBP, error)

LoadProofFromDisk reads the generator from a file.

func MapToGroup 

func MapToGroup(m string) (*p256, error)

MapToGroup is a hash function that returns a valid elliptic curve point given as input a string. It is also known as hash-to-point and is used to obtain a generator that has no discrete logarithm known relation, thus addressing the concept of NUMS (nothing up my sleeve). This implementation is based on the paper: Short signatures from the Weil pairing Boneh, Lynn and Shacham Journal of Cryptology, September 2004, Volume 17, Issue 4, pp 297–319

func Mod 

func Mod(base *big.Int, modulo *big.Int) *big.Int

func ModInverse 

func ModInverse(base *big.Int, modulo *big.Int) *big.Int

func ModPow 

func ModPow(base *big.Int, exponent *big.Int, modulo *big.Int) *big.Int

*

  • Returns base**exponent mod |modulo| also works for negative exponent (contrary to big.Int.Exp)

func Mult 

func Mult(a *p256, n *big.Int) *p256

func Multiply 

func Multiply(factor1 *big.Int, factor2 *big.Int) *big.Int

func PowerOf 

func PowerOf(x *big.Int, n int64) ([]*big.Int, error)

PowerOf returns a vector composed by powers of x.

func ProveSet 

func ProveSet(x int64, r *big.Int, p paramsSet) (proofSet, error)

ProveSet method is used to produce the ZK Set Membership proof.

func ProveUL 

func ProveUL(x, r *big.Int, p paramsUL) (proofUL, error)

ProveUL method is used to produce the ZKRP proof that secret x belongs to the interval [0,U^L].

func ScalarProduct 

func ScalarProduct(a, b []*big.Int) (*big.Int, error)

ScalarProduct return the inner product between a and b.

func SetupSet 

func SetupSet(s []int64) (paramsSet, error)

SetupSet generates the signature for the elements in the set.

func SetupUL 

func SetupUL(u, l int64) (paramsUL, error)

SetupUL generates the signature for the interval [0,u^l). The value of u should be roughly b/log(b), but we can choose smaller values in order to get smaller parameters, at the cost of having worse performance.

func Sub 

func Sub(x *big.Int, y *big.Int) *big.Int

func VectorAdd 

func VectorAdd(a, b []*big.Int) ([]*big.Int, error)

VectorAdd computes vector addition componentwisely.

func VectorConvertToBig 

func VectorConvertToBig(a []int64, n int64) ([]*big.Int, error)

VectorConvertToBig converts an array of int64 to an array of big.Int.

func VectorCopy 

func VectorCopy(a *big.Int, n int64) ([]*big.Int, error)

VectorCopy returns a vector composed by copies of a.

func VectorECAdd 

func VectorECAdd(a, b []*p256) ([]*p256, error)

VectorECMul computes vector EC addition componentwisely.

func VectorExp 

func VectorExp(a []*p256, b []*big.Int) (*p256, error)

VectorExp computes Prod_i^n{a[i]^b[i]}.

func VectorG1Copy 

func VectorG1Copy(a *p256, n int64) ([]*p256, error)

VectorCopy returns a vector composed by copies of a.

func VectorMul 

func VectorMul(a, b []*big.Int) ([]*big.Int, error)

VectorMul computes vector multiplication componentwisely.

func VectorScalarExp 

func VectorScalarExp(a []*p256, b *big.Int) ([]*p256, error)

VectorScalarExp computes a[i]^b for each i.

func VectorScalarMul 

func VectorScalarMul(a []*big.Int, b *big.Int) ([]*big.Int, error)

VectorScalarMul computes vector scalar multiplication componentwisely.

func VectorSub 

func VectorSub(a, b []*big.Int) ([]*big.Int, error)

VectorSub computes vector addition componentwisely.

func VerifyPedersenCommitment 

func VerifyPedersenCommitment(input, output []*PedersenCommitment, blindDiff *big.Int) bool

Pedersen Commitment verification, check input_sum == output_sum ?

func VerifySet 

func VerifySet(proof_out *proofSet, p *paramsSet) (bool, error)

VerifySet is used to validate the ZK Set Membership proof. It returns true iff the proof is valid.

func VerifyUL 

func VerifyUL(proof_out *proofUL, p *paramsUL) (bool, error)

VerifyUL is used to validate the ZKRP proof. It returns true iff the proof is valid.

Types

type Bp 

type Bp struct {
	N    int64 // n 位
	G    *p256 // 曲线上的点 G 和 H
	H    *p256
	Gg   []*p256
	Hh   []*p256
	Zkip bip
}

Bulletproofs parameters.

func GetVerifier 

func GetVerifier(t *big.Int, h []*p256, p *p256) *Bp

Get zkrp verifier

func GetZkrp 

func GetZkrp() *Bp

Get common base

func LoadParamFromDisk 

func LoadParamFromDisk(s string) (*Bp, error)

LoadGenFromDisk reads the generator from a file.

func LoadProof 

func LoadProof(data []byte) (*Bp, *proofBP, error)

func (*Bp) Delta 

func (zkrp *Bp) Delta(y, z *big.Int) (*big.Int, error)

delta(y,z) = (z-z^2) . < 1^n, y^n > - z^3 . < 1^n, 2^n >

func (*Bp) GenerateProof 

func (zkrp *Bp) GenerateProof(secret *big.Int) (*big.Int, *big.Int, []*p256, *p256, proofBP, error)

Prove computes the ZK proof.

func (*Bp) MarshalJSON 

func (s *Bp) MarshalJSON() ([]byte, error)

func (*Bp) SaveToDisk 

func (zkrp *Bp) SaveToDisk(s string, p *proofBP) error

SaveToDisk is responsible for saving the generator to disk, such it is possible to then later.

func (*Bp) Setup 

func (zkrp *Bp) Setup(a, b int64)

Setup is responsible for computing the common parameters.

func (*Bp) SetupPre 

func (zkrp *Bp) SetupPre(a, b int64)

SetupPre is responsible for computing the common parameters.

func (*Bp) UnmarshalJSON 

func (s *Bp) UnmarshalJSON(data []byte) error

func (*Bp) Verify 

func (zkrp *Bp) Verify(proof proofBP) (bool, error)

Verify returns true if and only if the proof is valid.

type PedersenCommitment 

type PedersenCommitment = p256

type ProofData 

type ProofData struct {
	Proof *proofBP
	T     *big.Int
	Hh    []*p256
	P     *p256
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.