Documentation
¶
Overview ¶
Package bulletproof implements the zero knowledge protocol bulletproofs as defined in https://eprint.iacr.org/2017/1066.pdf
Package bulletproof implements the zero knowledge protocol bulletproofs as defined in https://eprint.iacr.org/2017/1066.pdf
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type InnerProductProof ¶
type InnerProductProof struct {
// contains filtered or unexported fields
}
InnerProductProof contains necessary output for the inner product proof a and b are the final input vectors of scalars, they should be of length 1 Ls and Rs are calculated per recursion of the IPP and are necessary for verification See section 3.1 on pg 15 of https://eprint.iacr.org/2017/1066.pdf
func NewInnerProductProof ¶
func NewInnerProductProof(curve *curves.Curve) *InnerProductProof
NewInnerProductProof initializes a new InnerProductProof for a specified curve This should be used in tandem with UnmarshalBinary() to convert a marshaled proof into the struct
func (*InnerProductProof) MarshalBinary ¶
func (proof *InnerProductProof) MarshalBinary() []byte
MarshalBinary takes an inner product proof and marshals into bytes
func (*InnerProductProof) UnmarshalBinary ¶
func (proof *InnerProductProof) UnmarshalBinary(data []byte) error
UnmarshalBinary takes bytes of a marshaled proof and writes them into an inner product proof The inner product proof used should be from the output of NewInnerProductProof()
type InnerProductProver ¶
type InnerProductProver struct {
// contains filtered or unexported fields
}
InnerProductProver is the struct used to create InnerProductProofs It specifies which curve to use and holds precomputed generators See NewInnerProductProver() for prover initialization
func NewInnerProductProver ¶
func NewInnerProductProver(maxVectorLength int, domain []byte, curve curves.Curve) (*InnerProductProver, error)
NewInnerProductProver initializes a new prover It uses the specified domain to generate generators for vectors of at most maxVectorLength A prover can be used to construct inner product proofs for vectors of length less than or equal to maxVectorLength A prover is defined by an explicit curve
func (*InnerProductProver) Prove ¶
func (prover *InnerProductProver) Prove(a, b []curves.Scalar, u curves.Point, transcript *merlin.Transcript) (*InnerProductProof, error)
Prove executes the prover protocol on pg 16 of https://eprint.iacr.org/2017/1066.pdf It generates an inner product proof for vectors a and b, using u to blind the inner product in P A transcript is used for the Fiat Shamir heuristic
type InnerProductVerifier ¶
type InnerProductVerifier struct {
// contains filtered or unexported fields
}
InnerProductVerifier is the struct used to verify inner product proofs It specifies which curve to use and holds precomputed generators See NewInnerProductProver() for prover initialization
func NewInnerProductVerifier ¶
func NewInnerProductVerifier(maxVectorLength int, domain []byte, curve curves.Curve) (*InnerProductVerifier, error)
NewInnerProductVerifier initializes a new verifier It uses the specified domain to generate generators for vectors of at most maxVectorLength A verifier can be used to verify inner product proofs for vectors of length less than or equal to maxVectorLength A verifier is defined by an explicit curve
func (*InnerProductVerifier) Verify ¶
func (verifier *InnerProductVerifier) Verify(capP, u curves.Point, proof *InnerProductProof, transcript *merlin.Transcript) (bool, error)
Verify verifies the given proof inputs It implements the final comparison of section 3.1 on pg17 of https://eprint.iacr.org/2017/1066.pdf
func (*InnerProductVerifier) VerifyFromRangeProof ¶
func (verifier *InnerProductVerifier) VerifyFromRangeProof(proofG, proofH []curves.Point, capPhmuinv, u curves.Point, tHat curves.Scalar, proof *InnerProductProof, transcript *merlin.Transcript) (bool, error)
Verify verifies the given proof inputs It implements the final comparison of section 3.1 on pg17 of https://eprint.iacr.org/2017/1066.pdf
type RangeProof ¶
type RangeProof struct {
// contains filtered or unexported fields
}
RangeProof is the struct used to hold a range proof capA is a commitment to a_L and a_R using randomness alpha capS is a commitment to s_L and s_R using randomness rho capTau1,2 are commitments to t1,t2 respectively using randomness tau_1,2 tHat represents t(X) as defined on page 19 taux is the blinding factor for tHat ipp is the inner product proof used for compacting the transfer of l,r (See 4.2 on pg20)
func NewRangeProof ¶
func NewRangeProof(curve *curves.Curve) *RangeProof
NewRangeProof initializes a new RangeProof for a specified curve This should be used in tandem with UnmarshalBinary() to convert a marshaled proof into the struct
func (*RangeProof) MarshalBinary ¶
func (proof *RangeProof) MarshalBinary() []byte
MarshalBinary takes a range proof and marshals into bytes
func (*RangeProof) UnmarshalBinary ¶
func (proof *RangeProof) UnmarshalBinary(data []byte) error
UnmarshalBinary takes bytes of a marshaled proof and writes them into a range proof The range proof used should be from the output of NewRangeProof()
type RangeProver ¶
type RangeProver struct {
// contains filtered or unexported fields
}
RangeProver is the struct used to create RangeProofs It specifies which curve to use and holds precomputed generators See NewRangeProver() for prover initialization
func NewRangeProver ¶
func NewRangeProver(maxVectorLength int, rangeDomain, ippDomain []byte, curve curves.Curve) (*RangeProver, error)
NewRangeProver initializes a new prover It uses the specified domain to generate generators for vectors of at most maxVectorLength A prover can be used to construct range proofs for vectors of length less than or equal to maxVectorLength A prover is defined by an explicit curve
func (*RangeProver) Prove ¶
func (prover *RangeProver) Prove(v, gamma curves.Scalar, n int, g, h, u curves.Point, transcript *merlin.Transcript) (*RangeProof, error)
Prove uses the range prover to prove that some value v is within the range [0, 2^n] It implements the protocol defined on pgs 19,20 in https://eprint.iacr.org/2017/1066.pdf v is the value of which to prove the range n is the power that specifies the upper bound of the range, ie. 2^n gamma is a scalar used for as a blinding factor g, h, u are unique points used as generators for the blinding factor transcript is a merlin transcript to be used for the fiat shamir heuristic
type RangeVerifier ¶
type RangeVerifier struct {
// contains filtered or unexported fields
}
RangeVerifier is the struct used to verify RangeProofs It specifies which curve to use and holds precomputed generators See NewRangeVerifier() for verifier initialization
func NewRangeVerifier ¶
func NewRangeVerifier(maxVectorLength int, rangeDomain, ippDomain []byte, curve curves.Curve) (*RangeVerifier, error)
NewRangeVerifier initializes a new verifier It uses the specified domain to generate generators for vectors of at most maxVectorLength A verifier can be used to verify range proofs for vectors of length less than or equal to maxVectorLength A verifier is defined by an explicit curve
func (*RangeVerifier) Verify ¶
func (verifier *RangeVerifier) Verify(proof *RangeProof, capV, g, h, u curves.Point, n int, transcript *merlin.Transcript) (bool, error)
Verify verifies the given range proof inputs It implements the checking of L65 on pg 20 It also verifies the dot product of <l,r> using the inner product proof\ capV is a commitment to v using blinding factor gamma n is the power that specifies the upper bound of the range, ie. 2^n g, h, u are unique points used as generators for the blinding factor transcript is a merlin transcript to be used for the fiat shamir heuristic
Source Files