bpacc

package
v0.0.0-...-b4c52af Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2022 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const NFILES = 16
View Source 
const PED_VRK_KEA_NAME = "/ped-vrk-kea-%02d.data"
View Source 
const PED_VRK_NAME = "/ped-vrk-%02d.data"
View Source 
const PRK_NAME = "/prk-%02d.data"
View Source 
const SPARE = 10
View Source 
const TRAPDOORNAME = "/trapdoors.data"
View Source 
const VRK_KEA_NAME = "/vrk-kea-%02d.data"
View Source 
const VRK_NAME = "/vrk-%02d.data"

Variables

View Source 
var NCORES uint8

Functions

func BoundsPrint 

func BoundsPrint(start, stop uint64) string

func ComputeYs 

func ComputeYs(product mcl.Fr, I []mcl.Fr) []mcl.Fr

Given a_1, a_2, a_3, a_4. Let A = a_1 * a_2 * a_3 * a_4. Computes Y_1 = A / a_1, Y_2 = A / a_2, Y_3 = A / a_3, Y_4 = A / a_4

func ComputeYsVec 

func ComputeYsVec(subProdTree [][][]mcl.Fr) [][]mcl.Fr

Turns out this is slower than naively using compting I(s) and dividing by y_i. Similar to ComputeYs. However each a_i is a monomials of the form (x - a_i) Assumed that subproduct tree is correct.

func FrInvVec 

func FrInvVec(a []mcl.Fr) []mcl.Fr

func FrMulVec 

func FrMulVec(I []mcl.Fr) mcl.Fr

Compute \prod_{i=0}^{N-1}I_i

func FrPow 

func FrPow(a mcl.Fr, n int64) mcl.Fr

Computes the a^x, where a is mcl.Fr and x is int64

func GetFrByteSize 

func GetFrByteSize() int

func GetG1ByteSize 

func GetG1ByteSize() int

func GetG2ByteSize 

func GetG2ByteSize() int

func GetGTByteSize 

func GetGTByteSize() int

func HashPoEParamsG1 

func HashPoEParamsG1(w mcl.G1, u mcl.G1, v []mcl.Fr) []mcl.Fr

Return (x - l)

func HashPoEParamsG2 

func HashPoEParamsG2(w mcl.G2, u mcl.G2, v []mcl.Fr) []mcl.Fr

Return (x - l)

func IsPowOf2 

func IsPowOf2(m uint64) bool

func MultiPairing2 

func MultiPairing2(P1 mcl.G1, Q1 mcl.G2, P2 mcl.G1, Q2 mcl.G2) bool

Goal is to check if e(P1, Q1) = e(P2, Q2). It converts it into: e(P1, Q1) e(P2, Q2^{-1}) = 1. This uses multi-pairing No need to use this for mem verify. Mem-verify is already hand optimized.

func MultiPairingN 

func MultiPairingN(P0 mcl.G1, Q0 mcl.G2, Ps []mcl.G1, Qs []mcl.G2) bool

Goal is to check if e(P0, Q0) = e(P1, Q1)e(P2, Q2)e(P3, Q4)...e(PN, QN) It converts it into: e(P0, Q0^{-1})e(P1, Q1)e(P2, Q2)e(P3, Q4)...e(PN, QN) = 1. This uses multi-pairing

func NextPowOf2 

func NextPowOf2(v uint64) uint64

func PolyMulScalar 

func PolyMulScalar(a []mcl.Fr, b *mcl.Fr) []mcl.Fr

func PopulateRandom 

func PopulateRandom(n uint64) []mcl.Fr

For a give N, compute N uniquely random field elements

func SeedToFr 

func SeedToFr(seed string) mcl.Fr

Converts a string to Fr element

Types

type BpAcc 

type BpAcc struct {
	ELL uint64
	Q   uint64 // Limit on the q-SDH, thus degree bound is q+1
	S   mcl.Fr // Trapdoor

	G mcl.G1 // Generator for G1
	H mcl.G2 // Generator for G2

	Gneg    mcl.G1 // Contains g^{-1}
	Hneg    mcl.G2 // Contains h^{-1}H
	IdGT    mcl.GT // Contains e(g, h)
	InvIdGT mcl.GT // Contains e(g, h)^-1

	// Probably a misnomer
	PK []mcl.G1 // g, g^s, g^s^2, g^s^3 .... g^s^q
	VK []mcl.G2 // h, h^s, h^s^2, h^s^3 .... h^s^q

	Alpha mcl.Fr // KEA

	PKAlpha []mcl.G1 // Going to store only g^a aka this is going to be size 1.
	VKAlpha []mcl.G2 // h^a, h^s^a, h^s^2^a, h^s^3^a .... h^s^q^a

	PedH       mcl.G2   // Generator for Ped. Only fo internal uses.
	PedVK      []mcl.G2 // h_x, h_x^s, h_x^s^2, h_x^s^3 .... h_x^s^q
	PedVKAlpha []mcl.G2 // h_x^a, h_x^s^a, h_x^s^2^a, h_x^s^3^a .... h_x^s^q^a

	// Extra generators
	A []mcl.G1
	B []mcl.G2
	// contains filtered or unexported fields
}

func (*BpAcc) AggMemProve 

func (self *BpAcc) AggMemProve(I []mcl.Fr, proofs []mcl.G1) (mcl.G1, []mcl.Fr)

Takes |I| elements and its membership proofs Returns the aggergate for set I Compute subproduct tree |I|log^2|I| Compute differentiation |I| Compute PolyMultiEvaluate |I|log^2|I| Compute |I| FrInv Compute |I| multi-exp

func (*BpAcc) AggMemProvePoE 

func (self *BpAcc) AggMemProvePoE(digest mcl.G1, I []mcl.Fr, proofs []mcl.G1) (mcl.G1, mcl.G1, mcl.G2, []mcl.Fr)

func (*BpAcc) AggMemVerify 

func (self *BpAcc) AggMemVerify(digest mcl.G1, I []mcl.Fr, proof mcl.G1) bool

func (*BpAcc) AggMemVerifyPoE 

func (self *BpAcc) AggMemVerifyPoE(digest mcl.G1, I []mcl.Fr, proof mcl.G1, Q1 mcl.G1, Q2 mcl.G2) bool

func (*BpAcc) AggNonMemProve 

func (self *BpAcc) AggNonMemProve(I []mcl.Fr, proofs []NonMemProof) (mcl.G2, mcl.G1, []mcl.Fr)

Takes |I| elements and its nonmembership proofs Returns the aggergate for set I Compute subproduct tree |I|log^2|I| Compute differentiation |I| Compute PolyMultiEvaluate |I|log^2|I| Compute |I| FrInv Compute |I| long divisions 2 x Compute |I| scalar multiplications of size |I| Compute |I| G2 Multi-exp

func (*BpAcc) AggNonMemProvePoE 

func (self *BpAcc) AggNonMemProvePoE(I []mcl.Fr, proofs []NonMemProof) (mcl.G2, mcl.G1, mcl.G1, mcl.G1, mcl.G2, []mcl.Fr)

func (*BpAcc) AggNonMemVerify 

func (self *BpAcc) AggNonMemVerify(digest mcl.G1, alphaOfS mcl.G2, betaOfS mcl.G1, I []mcl.Fr) bool

func (*BpAcc) AggNonMemVerifyPoE 

func (self *BpAcc) AggNonMemVerifyPoE(digest mcl.G1, alphaOfS mcl.G2, betaOfS mcl.G1,
	Q1 mcl.G1, Q2 mcl.G1, w mcl.G2, I []mcl.Fr) bool

func (*BpAcc) Commit 

func (self *BpAcc) Commit(elements []mcl.Fr) (mcl.G1, []mcl.Fr)

Add a bunch of elements to the accumulator and returns the digest and the accumulator polynomial Compute Subproduct tree from the roots |I|log^2|I| Computes |I| exponentiations.

func (*BpAcc) CommitFakeG1 

func (self *BpAcc) CommitFakeG1(elements []mcl.Fr) (mcl.G1, []mcl.Fr)

Computes the commitment using trapdoor.

func (*BpAcc) CommitFakeG2 

func (self *BpAcc) CommitFakeG2(elements []mcl.Fr) (mcl.G2, []mcl.Fr)

Computes the commitment using trapdoor.

func (*BpAcc) G1Load 

func (self *BpAcc) G1Load(files []string, varG []mcl.G1)

func (*BpAcc) G1ParallelLoad 

func (self *BpAcc) G1ParallelLoad(
	fileName string,
	varG []mcl.G1,
	index uint8,
	start uint64,
	stop uint64,
	wg *sync.WaitGroup)

func (*BpAcc) G2Load 

func (self *BpAcc) G2Load(files []string, varH []mcl.G2)

func (*BpAcc) G2ParallelLoad 

func (self *BpAcc) G2ParallelLoad(
	fileName string,
	varH []mcl.G2,
	index uint8,
	start uint64,
	stop uint64,
	wg *sync.WaitGroup)

func (*BpAcc) Init 

func (self *BpAcc) Init(L uint64, seed string, folderPath string)

func (*BpAcc) IsParamsCorrect 

func (self *BpAcc) IsParamsCorrect() bool

func (*BpAcc) KeyGen 

func (self *BpAcc) KeyGen(ncores uint8,
	L uint64, seed string, folderPath string)

func (*BpAcc) KeyGenLoad 

func (self *BpAcc) KeyGenLoad(ncores uint8,
	L uint64, seed string, folderPath string)

func (*BpAcc) LoadTrapdoor 

func (self *BpAcc) LoadTrapdoor(L uint64)

func (*BpAcc) MemProve 

func (self *BpAcc) MemProve(X []mcl.Fr, I []mcl.Fr) []mcl.G1

Takes two sets as inputs: X and I Return proof of all elements in I Compute Subproduct tree from the roots |X + I|log^2|X + I| Computes |I| long divisions Computes |I| multi-exp each of size |I| - 1

func (*BpAcc) MemVerifySingle 

func (self *BpAcc) MemVerifySingle(digest mcl.G1, I mcl.Fr, proof mcl.G1) bool

func (*BpAcc) NiPoEProveG1 

func (self *BpAcc) NiPoEProveG1(w mcl.G1, u mcl.G1, v []mcl.Fr) (mcl.G1, mcl.G2)

Actual protocol is in the paper. Notice that proving in G1 implies one G1 and one G2 element as proof. But proving in G2 implies, two G1 elements as proof.

func (*BpAcc) NiPoEProveG2 

func (self *BpAcc) NiPoEProveG2(w mcl.G2, u mcl.G2, v []mcl.Fr) (mcl.G1, mcl.G1)

Actual protocol is in the paper. Notice that proving in G1 implies one G1 and one G2 element as proof. But proving in G2 implies, two G1 elements as proof.

func (*BpAcc) NiPoEVerifyG1 

func (self *BpAcc) NiPoEVerifyG1(Q1 mcl.G1, Q2 mcl.G2, w mcl.G1, u mcl.G1, v []mcl.Fr) bool

Actual protocol is in the paper. Notice that proving in G1 implies one G1 and one G2 element as proof. But proving in G2 implies, two G1 elements as proof.

func (*BpAcc) NiPoEVerifyG2 

func (self *BpAcc) NiPoEVerifyG2(Q1 mcl.G1, Q2 mcl.G1, w mcl.G2, u mcl.G2, v []mcl.Fr) bool

Actual protocol is in the paper. Notice that proving in G1 implies one G1 and one G2 element as proof. But proving in G2 implies, two G1 elements as proof.

func (*BpAcc) NonMemProve 

func (self *BpAcc) NonMemProve(X []mcl.Fr, I []mcl.Fr) []NonMemProof

Takes two disjoint sets as inputs: X and I Return proof of nonmembership for all elements in I Compute Subproduct tree from the roots |X|log^2|X| Computes |I| xGCD Computes |I| multi-exp each of size |I| - 1

func (*BpAcc) NonMemVerifySingle 

func (self *BpAcc) NonMemVerifySingle(digest mcl.G1, y mcl.Fr, pi *NonMemProof) bool

func (*BpAcc) PedersenG2 

func (self *BpAcc) PedersenG2(elements []mcl.Fr, G []mcl.G2, random mcl.Fr, h mcl.G2) mcl.G2

func (*BpAcc) PrkVrkGen 

func (self *BpAcc) PrkVrkGen()

func (*BpAcc) PrkVrkParallel 

func (self *BpAcc) PrkVrkParallel(
	index uint8, start uint64, stop uint64, wg *sync.WaitGroup)

func (*BpAcc) ProveBatchNonMemFake 

func (self *BpAcc) ProveBatchNonMemFake(X []mcl.Fr, I []mcl.Fr) (mcl.G2, mcl.G1)

Computes the non-membership proof for all elements in set I using the trapdoor.

func (*BpAcc) ProveMemFake 

func (self *BpAcc) ProveMemFake(X []mcl.Fr, I []mcl.Fr) []mcl.G1

Computes the membership proof for all elements in set I using the trapdoor.

func (*BpAcc) ProveNonMemFake 

func (self *BpAcc) ProveNonMemFake(X []mcl.Fr, I []mcl.Fr) []NonMemProof

Computes the non-membership proof for all elements in set I using the trapdoor.

func (*BpAcc) SaveTrapdoor 

func (self *BpAcc) SaveTrapdoor()

func (*BpAcc) Setup 

func (self *BpAcc) Setup(l uint64, seed string)

Single threaded version. Defunct now. Since parallel save and load performs the same role.

func (*BpAcc) TrapdoorsGen 

func (self *BpAcc) TrapdoorsGen()

func (*BpAcc) ZKDegCheckElementsProver 

func (self *BpAcc) ZKDegCheckElementsProver(C_I PedG2, elements []mcl.Fr, transcript [32]byte) ZKDegCheckProof

func (*BpAcc) ZKDegCheckProver 

func (self *BpAcc) ZKDegCheckProver(C_I PedG2, accPoly []mcl.Fr, transcript [32]byte) ZKDegCheckProof

Takes the polynomial I(x), rather than computing I(x) from I

func (*BpAcc) ZKDegCheckVerifier 

func (self *BpAcc) ZKDegCheckVerifier(C_I mcl.G2, proof ZKDegCheckProof, transcript [32]byte) bool

func (*BpAcc) ZKMemProver 

func (self *BpAcc) ZKMemProver(C_I PedG2, Pi_I mcl.G1, transcript [32]byte) zkMemProof

func (*BpAcc) ZKMemVerifier 

func (self *BpAcc) ZKMemVerifier(proof zkMemProof, A_X mcl.G1, C_I mcl.G2, transcript [32]byte) bool

func (*BpAcc) ZKNonMemProver 

func (self *BpAcc) ZKNonMemProver(digest mcl.G1, C_I PedG2, A mcl.G2, B mcl.G1, transcript [32]byte) zkNonMemProof

func (*BpAcc) ZKNonMemVerifier 

func (self *BpAcc) ZKNonMemVerifier(proof zkNonMemProof, digest mcl.G1, C_I mcl.G2, transcript [32]byte) bool

type NonMemProof 

type NonMemProof struct {
	Alpha mcl.Fr // Variable is exported, thus Alpha, not alpha
	Beta  mcl.G1 // Variable is exported, thus Beta, not beta
}

type PedG2 

type PedG2 struct {
	Com mcl.G2
	R   mcl.Fr
}

type ZKDegCheckProof 

type ZKDegCheckProof struct {
	D   uint64
	C_f mcl.G2
	C   mcl.G2
	Ca  mcl.G2
}

func (*ZKDegCheckProof) ByteSize 

func (self *ZKDegCheckProof) ByteSize() uint64

func (*ZKDegCheckProof) FiatShamir 

func (self *ZKDegCheckProof) FiatShamir(transcript [32]byte) []byte

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.