zkbpp

package
v0.0.0-...-cbd876d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

README

zkbpp

Brief description

The package zkbpp offers an implementation of all the required building blocks to instantiate ZKCE circuits with preprocessing.

Overview

  • circuit.go: datatypes and util functions definition such as circuit creation, circuit mode selectors and random generators
  • circuit_gates.go: gates that can be used to describe circuits, unless described in the function name such as Rq or Z2, those are assumed to work in the modular arithmetic ring
  • circuit_var.go: datatype to describe a variable embedding its value and/or shares
  • crisp.go: CRISP specific gates
  • gates_z2_[rq, z2, basic, bitdec, sha, shaFast, zq].go: implementation of evaluation and verification of helper [rq, z2, basic, bitdec, sha, shaFast, zq] gates
  • proof.go: proof generation and verification
  • sha.go: sha implementations
  • z2Ring.go: basic Z2 ring implementation

Documentation

Overview

Package zkbpp implement a ZKCE with preprocessing based on CHASE, Melissa, et al. Post-quantum zero-knowledge and signatures from symmetric-key primitives. BAUM, Carsten et NOF, Ariel. Concretely-efficient zero-knowledge arguments for arithmetic circuits and their application to lattice-based cryptography.

Index

Constants

View Source 
const SECURITY_LEVEL = 16

Security level of seeds, in bytes. 128 bits = 16 bytes, 256 bits = 32 bytes

Variables

This section is empty.

Functions

func Copy 

func Copy(src *big.Int) (dst *big.Int)

Copy copies a bigInt and returns it

func DefaultParamsCRISP 

func DefaultParamsCRISP() *ckks.Parameters

DefaultParamsCRISP returns the default parameters of a CKKS scheme

func Preprocess 

func Preprocess(c *Circuit, input []ZKBVar, nbIterations int) (ctx *KKWContext, p KKWProof)

Preprocess runs the preprocessing of a ZKB++ proof on a circuit c with input input for nbIterations. Returns a KKWContext for the main proof, and a KKWProof for the preprocessing commitment

func PreprocessChallenge 

func PreprocessChallenge(nbIterations, nbOpenings int) (openList, closedList []uint32)

PreprocessChallenge generates the list of index for closed and open iterations for the preprocessing, given the number of iterations needed for each. Used by the verifier

func Prove 

func Prove(c *Circuit, input []ZKBVar, ctx *KKWContext, challengesIndex, closedIndex []uint32) (p ZKBProof, output []ZKBVar)

Prove computes the ZKB++ proof of circuit c, given input input, KKWContext ctx, and the list of open and closed iterations. Returns a ZKBProof and the output of circuit.

func Reduce32 

func Reduce32(x *big.Int) (z *big.Int)

Reduce32 reduces a big.Int modulo 2^32, i.e. on 32 bits

func RightRotate32 

func RightRotate32(x *big.Int, n uint) (z *big.Int)

RightRotate32 rotates a bigInt x for n positions, wrapping after 32 bits meant to operate on SHA word, i.e 32 bits. Will fail for other big int

func Verify 

func Verify(p ZKBProof, kkwP KKWProof, challengesIndex, closedIndex []uint32) bool

Verify verifies a ZKBProof p and KKWProof kkwP, given open and closed index list. Returns true iff the proof is valid

func Xor 

func Xor(xs ...*big.Int) (z *big.Int)

Xor xors all given arguments and returns the results

Types

type Circuit 

type Circuit struct {
	Description CircuitDescription

	//rings
	Rq *lr.Ring

	*cr.Ring
	// contains filtered or unexported fields
}

Circuit is a struct representing a circuit for ZKCE

func NewCircuit 

func NewCircuit(ring *cr.Ring) *Circuit

NewCircuit instantiates a new circuit with given ring

func (*Circuit) CKKSDecrypt 

func (c *Circuit) CKKSDecrypt(ct0, ct1 *lr.Poly, sk *lr.Poly) (pt *lr.Poly)

CKKSDecrypt decrypt ct0 and ct1 with secret key sk

func (*Circuit) CopyVar 

func (c *Circuit) CopyVar(v ZKBVar) (z ZKBVar)

Copy copies var v and returns it

func (*Circuit) MpcAdd 

func (c *Circuit) MpcAdd(x ZKBVar, y ZKBVar) (z ZKBVar)

MpcAdd adds *big.Int x to *big.Int y and returns the result

func (*Circuit) MpcAddK 

func (c *Circuit) MpcAddK(x ZKBVar, k *big.Int) (z ZKBVar)

MpcAddK adds *big.Int x to constant k and returns the result

func (*Circuit) MpcBdop 

func (c *Circuit) MpcBdop(rc []ZKBVar, r0, e0, e1 ZKBVar, a1, a2 [][]*lr.Poly) (c1, c2 []ZKBVar)

MpcBdop computes the BDOP commitment for r0, e0, e1, given secret parameters rc and public matrices a1 and a2 MpcBdop will panic if the dimension of a1,a2 and rc does not match

func (*Circuit) MpcBitDec 

func (c *Circuit) MpcBitDec(x ZKBVar) (z ZKBVar)

MpcBitdec transforms a additive secrect sharing into a XOR secrect sharing Use to go from ring Zq to ring Z2

func (*Circuit) MpcCKKSEncrypt 

func (c *Circuit) MpcCKKSEncrypt(pt, r0, e0, e1 ZKBVar, pk [2]*lr.Poly) (ct0, ct1 ZKBVar)

MpcCKKSEncrypt encrypt pt with public key, using encryption noise r0,e0 and e1 pt should be a ZKBVar with shares in Rq ct0 and ct1 are ZKBVar with shares in Rq

func (*Circuit) MpcCRISP 

func (c *Circuit) MpcCRISP(r0, e0, e1 ZKBVar, message, rc []ZKBVar, a1, a2 [][]*lr.Poly, pk [2]*lr.Poly) (ct0, ct1 ZKBVar, bdop1, bdop2 []ZKBVar, h []ZKBVar)

MpcCRISP runs the CRISP circuit

func (*Circuit) MpcMult 

func (c *Circuit) MpcMult(x ZKBVar, y ZKBVar) (z ZKBVar)

MpcMult multiplies *big.Int x to *big.Int y and returns the result

func (*Circuit) MpcMultK 

func (c *Circuit) MpcMultK(x ZKBVar, k *big.Int) (z ZKBVar)

MpcMultK multiplies *big.Int x to constant k and returns the result

func (*Circuit) MpcRqAdd 

func (c *Circuit) MpcRqAdd(x ZKBVar, y ZKBVar) (z ZKBVar)

MpcRqAdd adds poly x to poly y and returns the result

func (*Circuit) MpcRqAddK 

func (c *Circuit) MpcRqAddK(x ZKBVar, k *lr.Poly) (z ZKBVar)

MpcRqAddK adds poly x to constant k and returns the result

func (*Circuit) MpcRqMultK 

func (c *Circuit) MpcRqMultK(x ZKBVar, k *lr.Poly) (z ZKBVar)

MpcRqMultK multiplies poly x to constant k and returns the result

func (*Circuit) MpcSub 

func (c *Circuit) MpcSub(x ZKBVar, y ZKBVar) (z ZKBVar)

MpcSub subtract *big.Int y from *big.Int x and returns the result

func (*Circuit) MpcSubK 

func (c *Circuit) MpcSubK(x ZKBVar, k *big.Int) (z ZKBVar)

MpcAddK adds *big.Int x to constant k and returns the result

func (*Circuit) MpcZ2Add 

func (c *Circuit) MpcZ2Add(x, y ZKBVar) (z ZKBVar)

MpcZ2And add var x and y, and returns the result

func (*Circuit) MpcZ2AddK 

func (c *Circuit) MpcZ2AddK(x ZKBVar, k *big.Int) (z ZKBVar)

MpcZ2And add var x and constant k, and returns the result

func (*Circuit) MpcZ2And 

func (c *Circuit) MpcZ2And(x, y ZKBVar) (z ZKBVar)

MpcZ2And computes the and of var x and y, and returns the result

func (*Circuit) MpcZ2Not 

func (c *Circuit) MpcZ2Not(x ZKBVar) (z ZKBVar)

MpcZ2Not computes the not of var x and returns the result

func (*Circuit) MpcZ2RightShift 

func (c *Circuit) MpcZ2RightShift(x ZKBVar, i uint) (z ZKBVar)

MpcZ2RightShift rightshift var x by i and returns the result

func (*Circuit) MpcZ2Sha 

func (circ *Circuit) MpcZ2Sha(x ZKBVar) (z ZKBVar)

MpcZ2Sha compute the SHA-256 of X in a mpc manner. Note that the output value has a bitlen of 256, independent of log(Q)

func (*Circuit) MpcZ2ShaFast 

func (circ *Circuit) MpcZ2ShaFast(x ZKBVar) (z ZKBVar)

MpcZ2ShaFast compute the SHA-256 of X in a mpc manner, using uint32 for shorter runtime. Note that the output value has a bitlen of 256, independent of log(Q)

func (*Circuit) MpcZ2Xor 

func (c *Circuit) MpcZ2Xor(x, y ZKBVar) (z ZKBVar)

MpcZ2Xor computes the xor of var x and y, and returns the result

func (*Circuit) RqVar 

func (c *Circuit) RqVar(coeffs []uint64) ZKBVar

RqVar returns a new var with coefficients coeffs, in ring Rq

func (*Circuit) RqVarFromZqArray 

func (c *Circuit) RqVarFromZqArray(coeffs []ZKBVar) ZKBVar

RQVarFromZqArray transforms an array of ZKBVar with shares in Zq into a ZKBVar with shares in Rq

func (*Circuit) SetDescription 

func (c *Circuit) SetDescription(d CircuitDescription)

SetDescription sets the description of circuit c to d

func (*Circuit) Sha 

func (circ *Circuit) Sha(x *big.Int) (z *big.Int)

Sha computes the sha of big.Int x

func (*Circuit) Var 

func (c *Circuit) Var(x *big.Int) ZKBVar

Var returns a new var with value x, in ring Zq

func (*Circuit) VarFromPoly 

func (c *Circuit) VarFromPoly(x *lr.Poly) []ZKBVar

VarFromPoly transforms a poly into an array of ZKBVar with value in Zq

func (*Circuit) VarUint64 

func (c *Circuit) VarUint64(x uint64) ZKBVar

VarUint64 returns a new var with value x, in ring Zq

func (*Circuit) Z2Var 

func (c *Circuit) Z2Var(value string) ZKBVar

Z2Var returns a new var with value value, in ring Z2

type CircuitDescription 

type CircuitDescription func(input []ZKBVar) []ZKBVar

CircuitDescription represents a function acting as a Circuit description

type KKWContext 

type KKWContext struct {
	// contains filtered or unexported fields
}

KKWContext is a struct holding the information needed from the preprocessing phase

type KKWProof 

type KKWProof struct {
	// contains filtered or unexported fields
}

KKWProof is a struct holding the first round of commitment for a cut & choose protocol

type ZKBProof 

type ZKBProof struct {
	// contains filtered or unexported fields
}

ZKBProof is a struct holding a ZKBProof with cut&choose preprocessing

type ZKBVar 

type ZKBVar struct {
	//Zq elems
	Value *big.Int

	//Z2 elems
	Z2Value *big.Int

	//Rq elems
	RqValue *lr.Poly
	// contains filtered or unexported fields
}

ZKBVar is a struct to represent an input variable to a Circuit.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.