Documentation ¶
Overview ¶
Package ec2 MPC gg18 algorithm
Index ¶
- Constants
- Variables
- func CalcHPoint(keytype string) (*big.Int, *big.Int, error)
- func CalcRoh(n *big.Int, num *big.Int) []*big.Int
- func CalcX(n *big.Int, num *big.Int) []*big.Int
- func CheckPrime(Ntilde *big.Int) bool
- func Combine2(keytype string, shares []*ShareStruct2) (*big.Int, error)
- func ContainsDuplicate(ids []*big.Int) (bool, error)
- func CreatPair(length int) (*PublicKey, *PrivateKey)
- func EuclideanAlgorithm(a *big.Int, b *big.Int) (*big.Int, *big.Int, *big.Int)
- func GenRandomSafePrime()
- func GenerateKeyPair(length int) (*PublicKey, *PrivateKey, *big.Int, *big.Int)
- func GetHoeffdingBound() *big.Int
- func GetP(q *big.Int) *big.Int
- func GetRandomPositiveInt(upper *big.Int) *big.Int
- func GetRandomPositiveRelativelyPrimeInt(n *big.Int) *big.Int
- func GetRandomPrime() (*big.Int, *big.Int)
- func GetRandomValuesFromJN(N *big.Int) []*big.Int
- func GetSharesID(ss *ShareStruct2) *big.Int
- func GetTheQuadraticResidueInt(roh *big.Int, N *big.Int, p *big.Int, q *big.Int) (*big.Int, *big.Int, *big.Int, *big.Int)
- func HvVerify(n *big.Int, num *big.Int, proof *HvProof) bool
- func IsNumberInMultiplicativeGroup(n, v *big.Int) bool
- func IsPerfectPower(Ntilde *big.Int) *big.Int
- func IsPerfectPowerOfPrime(Ntilde *big.Int) bool
- func ModInt(mod *big.Int) *modInt
- func MustGetRandomInt(bits int) *big.Int
- func PDLwSlackVerify(keytype string, st *PDLwSlackStatement, p *PDLwSlackProof) bool
- func ProtoDecode(data []byte) (string, error)
- func ProtoEncode(num string) ([]byte, error)
- func STVerify(keytype string, S1X *big.Int, S1Y *big.Int, T1X *big.Int, T1Y *big.Int, ...) bool
- func Sha512_256(in ...*big.Int) *big.Int
- func SquareFreeVerify(n *big.Int, num *big.Int, proof *SquareFreeProof) bool
- func TVerify(keytype string, t1X *big.Int, t1Y *big.Int, hx *big.Int, hy *big.Int, ...) bool
- func Vss2Init(keytype string, secret *big.Int, t int) (*PolyStruct2, *PolyGStruct2, error)
- func ZkUVerify(keytype string, uG []*big.Int, zkUProof *ZkUProof) bool
- func ZkXiVerify(keytype string, xiG []*big.Int, zkXiProof *ZkXiProof) bool
- type BigInt
- type Commitment
- type HvProof
- type MtARangeProof
- type MtARespZKProof
- type MtAwcRespZKProof
- type NtildeH1H2
- type NtildePrivData
- type NtildeProof
- type PDLwSlackProof
- type PDLwSlackStatement
- type PDLwSlackWitness
- type PolyGStruct2
- type PolyStruct2
- type PrivateKey
- type PublicKey
- func (publicKey *PublicKey) Encrypt(mBigInt *big.Int) (*big.Int, *big.Int, error)
- func (publicKey *PublicKey) HomoAdd(c1, c2 *big.Int) *big.Int
- func (publicKey *PublicKey) HomoMul(cipher, k *big.Int) *big.Int
- func (publicKey *PublicKey) MarshalJSON() ([]byte, error)
- func (publicKey *PublicKey) UnmarshalJSON(raw []byte) error
- type RohData
- type STProof
- type SafePrime
- type ShareStruct2
- type SquareFreeProof
- type TProof
- type ZkUProof
- type ZkXiProof
Constants ¶
const (
HoeffdingBoundParam = 128
)
const (
// Iterations iter times
Iterations = 128
)
const (
PDLwSlackMarshalledParts = 11
)
const (
// PrimeTestTimes the times to try to juede weather is prime
PrimeTestTimes = 30
)
Variables ¶
var ErrMessageTooLong = errors.New("[ERROR]: message is too long")
ErrMessageTooLong error info to print
var File_int_proto protoreflect.FileDescriptor
var ( // SafePrimeCh the channel to save safeprime SafePrimeCh = make(chan SafePrime, 4) )
Functions ¶
func CalcHPoint ¶
CalcHPoint returns a shared point of unknown discrete logarithm for the curve Mimics the KZen-networks/curv impl: https://git.io/JfwSa Not so efficient due to 3x sha256 but it's only used once during a signing round.
func CalcRoh ¶
CalcRoh return m random int: ROHi belong to JN len(ROHi) = n.BitLen() n is the paillier pubKey.N or Ntilde ....
func CalcX ¶
CalcX return m random int: Xi belong to ZN* len(Xi) == n.BitLen() n is the paillier pubKey.N
func CheckPrime ¶
CheckPrime Check Ntilde: 1. Ntilde > 0 2. Ntilde is odd 3. Ntilde is not a prime 4. Ntilde is not a prime perfect power
func Combine2 ¶
func Combine2(keytype string, shares []*ShareStruct2) (*big.Int, error)
Combine2 Calculating Lagrange interpolation formula
func ContainsDuplicate ¶
ContainsDuplicate judge weather contain duplicate element in ids array
func CreatPair ¶
func CreatPair(length int) (*PublicKey, *PrivateKey)
CreatPair create paillier pubkey/private key
func EuclideanAlgorithm ¶
EuclideanAlgorithm get (d,x,y) such as: d = gcd(a,b) and ax + by = d a >= b, x and y are integer
func GenRandomSafePrime ¶
func GenRandomSafePrime()
GenRandomSafePrime Generate 4 random large host primes
func GenerateKeyPair ¶
GenerateKeyPair create paillier pubkey and private key
func GetHoeffdingBound ¶
GetHoeffdingBound get hoeffding bound m = T κ·32·ln2 T k default set 128
func GetRandomPositiveInt ¶
GetRandomPositiveInt get a random number in (0,upper)
func GetRandomPositiveRelativelyPrimeInt ¶
GetRandomPositiveRelativelyPrimeInt Generate a random element in the group of all the elements in Z/nZ that has a multiplicative inverse.
func GetRandomValuesFromJN ¶
GetRandomValuesFromJN get m random values from JN
func GetTheQuadraticResidueInt ¶
func GetTheQuadraticResidueInt(roh *big.Int, N *big.Int, p *big.Int, q *big.Int) (*big.Int, *big.Int, *big.Int, *big.Int)
GetTheQuadraticResidueInt get the roots of x^2 = roh (mod N) N = p*q , p and q are odd prime, p >= q gcd(roh,N) = 1, 1 <= roh < N return 4 roots: (x,-x,y,-y) x^2 = roh (mod p) -------------> r x^2 = roh (mod q) -------------> s get g,c,d by Euclidean Algorithm,such as: g = gcd(p,q),pc + qd = g so: x = r*d*q + s*c*p y = r*d*q − s*c*p
func HvVerify ¶
HvVerify for N = p*q verifier check: 1. Ni > 0 2. Ni is a positive odd integer and is not a prime or a prime power 3. the count of xij != 0 >= 3*m/8 4. xij^2 = ROHij (mod Ni) for every xij != 0 (j = 1,2,...m) (i = 0,1,2,3,4) 5 nodes for example.
func IsNumberInMultiplicativeGroup ¶
IsNumberInMultiplicativeGroup judge weather gcd(n,v) = 1
func IsPerfectPower ¶
IsPerfectPower find two integers a and b,such as: Ntilde = a ^ b,and return a ( 2 =< b <= logNtilde ) if not found a,return nil
func IsPerfectPowerOfPrime ¶
Ntilde == p ^ k ?? p is prime 2 <= k <= logNtilde
func MustGetRandomInt ¶
MustGetRandomInt panics if it is unable to gather entropy from `rand.Reader` or when `bits` is <= 0
func PDLwSlackVerify ¶
func PDLwSlackVerify(keytype string, st *PDLwSlackStatement, p *PDLwSlackProof) bool
PDLwSlackVerify verify PDLwSlackProof
func ProtoDecode ¶
func ProtoEncode ¶
func Sha512_256 ¶
Sha512_256 get a hash value with input and add the custom domain separator to hash computations.
func SquareFreeVerify ¶
SquareFreeVerify check: N > 0 , N mod p != 0, p is prime, p < alpha N > sigmai > 0 verifier check sigmai^N = Xi (mod N)
func TVerify ¶
func TVerify(keytype string, t1X *big.Int, t1Y *big.Int, hx *big.Int, hy *big.Int, proof *TProof) bool
TVerify add for gg20: calculate T_i = g^sigma_i * h^l_i = sigma_i*G + l_i*h*G
func Vss2Init ¶
func Vss2Init(keytype string, secret *big.Int, t int) (*PolyStruct2, *PolyGStruct2, error)
Vss2Init Initialize Lagrange polynomial coefficients
Types ¶
type BigInt ¶
type BigInt struct { Bigint string `protobuf:"bytes,1,opt,name=bigint,proto3" json:"bigint,omitempty"` // contains filtered or unexported fields }
this is a comment
func (*BigInt) Descriptor
deprecated
func (*BigInt) ProtoMessage ¶
func (*BigInt) ProtoMessage()
func (*BigInt) ProtoReflect ¶
func (x *BigInt) ProtoReflect() protoreflect.Message
type Commitment ¶
Commitment commitment data
func (*Commitment) Commit ¶
func (commitment *Commitment) Commit(secrets ...*big.Int) *Commitment
Commit Generate commitment data by secrets
func (*Commitment) DeCommit ¶
func (commitment *Commitment) DeCommit(keytype string) (bool, []*big.Int)
DeCommit get commitment data secrets
func (*Commitment) Verify ¶
func (commitment *Commitment) Verify(keytype string) bool
Verify Verify commitment data
type HvProof ¶
HvProof see Paper: Attacking Threshold Wallets* JP Aumasson and Omer Shlomovits Taurus Group, Switzerland ZenGo X, Israel section 5 The Golden Shoe Attack Mitigation: The fix is simple: Ntilde,h1,h2 must be validated on the receiving end.For Ntilde,the sender must attach a proof that Ntilde is a valid RSA modulus from two safe primes.For h1,h2, there is a nice trick in [FO97]: pick h1 at random and h2 = h1^alpha and prove to the receiver the knowledge of alpha with respect to h1, h2. see Paper : Efficient Noninteractive Certification of RSA Moduli and Beyond Sharon Goldberg*, Leonid Reyzin*, Omar Sagga*, and Foteini Baldimtsi Boston University, Boston, MA, USA George Mason University, Fairfax, VA, USA foteini@gmu.edu October 3, 2019 section 3.4 HVZK Proof for a Product of Two Primes
func HvProve ¶
HvProve get quadratic residue x for ROH1,ROH2,ROH3 ..... ROHm For every ROHj belong to QRn,the Prover sends back xj(belong to Z*) such that xj^2 mod N = ROHj, Of the four square roots, the Prover chooses one at random. For other ROHj,the prover sends back 0.
func (*HvProof) MarshalJSON ¶
MarshalJSON marshal HvProof to json bytes
func (*HvProof) UnmarshalJSON ¶
UnmarshalJSON unmarshal raw to HvProof
type MtARangeProof ¶
MtARangeProof GG18 A.1 Range Proof in MtA protocol
func MtARangeProofProve ¶
func MtARangeProofProve(keytype string, c *big.Int, m *big.Int, r *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtARangeProof
MtARangeProofProve GG18 A.1 Range Proof in MtA protocol This proof is run by Alice (the initiator) in both MtA and MtAwc protocols. The input for this proof is a Paillier public key (N,G) and a value c ∈ ZN^2.The prover knows m ∈ Zq and r ∈ Z* such that c = G^m*r^N mod N^2,where q is the order of the DSA group. At the end of the protocol the Verifier is convinced that m ∈ [−q^3 , q^3]
func (*MtARangeProof) MarshalJSON ¶
func (mtAZKProof *MtARangeProof) MarshalJSON() ([]byte, error)
MarshalJSON marshal MtARangeProof to json bytes
func (*MtARangeProof) MtARangeProofVerify ¶
func (mtAZKProof *MtARangeProof) MtARangeProofVerify(keytype string, c *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool
MtARangeProofVerify GG18 A.1 Range Proof in MtA protocol This proof is run by Alice (the initiator) in both MtA and MtAwc protocols. The input for this proof is a Paillier public key (N,G) and a value c ∈ ZN^2.The prover knows m ∈ Zq and r ∈ Z* such that c = G^m*r^N mod N^2,where q is the order of the DSA group. At the end of the protocol the Verifier is convinced that m ∈ [−q^3 , q^3] The Verifier checks that s1 ≤ q^3, u = G^s1*s^N*c^-e mod N^2, h1^s1*h2^s2*z^-e = w mod Ntilde
func (*MtARangeProof) UnmarshalJSON ¶
func (mtAZKProof *MtARangeProof) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to MtARangeProof
type MtARespZKProof ¶
type MtARespZKProof struct { Z *big.Int ZBar *big.Int T *big.Int V *big.Int W *big.Int S *big.Int S1 *big.Int S2 *big.Int T1 *big.Int T2 *big.Int }
MtARespZKProof GG18 A.3 Respondent ZK Proof for MtA
func MtARespZKProofProve ¶
func MtARespZKProofProve(keytype string, x *big.Int, y *big.Int, r *big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtARespZKProof
MtARespZKProofProve GG18 A.3 Respondent ZK Proof for MtA This proof is run by Bob (the responder) in the MtA protocol where Bob only proves that x is small (without proving that it is the discrete log of any public value). The input for this proof is a Paillier public key (N,G) and two values c1 , c2 ∈ ZN2. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z*,such that c2 = c1^x*G^y*r^N mod N^2, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3].
func (*MtARespZKProof) MarshalJSON ¶
func (mtAZK2Proof *MtARespZKProof) MarshalJSON() ([]byte, error)
MarshalJSON marshal MtARespZKProof to json bytes
func (*MtARespZKProof) MtARespZKProofVerify ¶
func (mtAZK2Proof *MtARespZKProof) MtARespZKProofVerify(keytype string, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool
MtARespZKProofVerify GG18 A.3 Respondent ZK Proof for MtA This proof is run by Bob (the responder) in the MtA protocol where Bob only proves that x is small (without proving that it is the discrete log of any public value). The input for this proof is a Paillier public key (N,G) and two values c1 , c2 ∈ ZN2. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z*,such that c2 = c1^x*G^y*r^N mod N^2, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3]. The Verifier checks that s1 ≤ q^3, h1^s1*h2^s2 = z^e*zBar mod Ntilde, h1^t1*h2^t2 = t^e*w mode Ntilde, c1^s1*s^N*G^t1 = c2^e*v mod N^2
func (*MtARespZKProof) UnmarshalJSON ¶
func (mtAZK2Proof *MtARespZKProof) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to MtARespZKProof
type MtAwcRespZKProof ¶
type MtAwcRespZKProof struct { Ux *big.Int Uy *big.Int Z *big.Int ZBar *big.Int T *big.Int V *big.Int W *big.Int S *big.Int S1 *big.Int S2 *big.Int T1 *big.Int T2 *big.Int }
MtAwcRespZKProof GG18 A.2 Respondent ZK Proof for MtAwc
func MtAwcRespZKProofProve ¶
func MtAwcRespZKProofProve(keytype string, x *big.Int, y *big.Int, r *big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) *MtAwcRespZKProof
MtAwcRespZKProofProve GG18 A.2 Respondent ZK Proof for MtAwc This proof is run by Bob (the responder) in the MtAwc protocol. The input for this proof is a Paillier public key (N,G) and two values c1, c2 ∈ ZN2, together with a value X in curve the DSA group. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z* such that c2 = c1^x*G^y*r^N mod N^2, and X = g^x on the curve, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3].
func (*MtAwcRespZKProof) MarshalJSON ¶
func (mtAZK3Proof *MtAwcRespZKProof) MarshalJSON() ([]byte, error)
MarshalJSON marshal MtAZK3Proofnhh to json bytes
func (*MtAwcRespZKProof) MtAwcRespZKProofVefify ¶
func (mtAZK3Proof *MtAwcRespZKProof) MtAwcRespZKProofVefify(keytype string, xG []*big.Int, c1 *big.Int, c2 *big.Int, publicKey *PublicKey, ntildeH1H2 *NtildeH1H2) bool
MtAwcRespZKProofVefify GG18 A.2 Respondent ZK Proof for MtAwc This proof is run by Bob (the responder) in the MtAwc protocol. The input for this proof is a Paillier public key (N,G) and two values c1, c2 ∈ ZN2, together with a value X in curve the DSA group. The Prover knows x ∈ Zq , y ∈ ZN and r ∈ Z* such that c2 = c1^x*G^y*r^N mod N^2, and X = g^x on the curve, where q is the order of the DSA group. At the end of the protocol the Verifier is convinced of the above and that x ∈ [−q^3 , q^3]. The Verifier checks that s1 ≤ q^3, g^s1 = X^e*u on the curve, h1^s1*h2^s2 = z^e*zBar mode Ntilde, h1^t1*h2^t2 = t^e*w mod Ntilde, and c1^s1*s^N*G^t1 = c2^e*v mod N^2.
func (*MtAwcRespZKProof) UnmarshalJSON ¶
func (mtAZK3Proof *MtAwcRespZKProof) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to MtAZK3Proofnhh
type NtildeH1H2 ¶
NtildeH1H2 ntilde data
func GenerateNtildeH1H2 ¶
func GenerateNtildeH1H2(length int) (*NtildeH1H2, *big.Int, *big.Int, *big.Int, *big.Int, *big.Int, *big.Int)
GenerateNtildeH1H2 create ntilde data
func (*NtildeH1H2) MarshalJSON ¶
func (ntilde *NtildeH1H2) MarshalJSON() ([]byte, error)
MarshalJSON marshal NtildeH1H2 to json bytes
func (*NtildeH1H2) UnmarshalJSON ¶
func (ntilde *NtildeH1H2) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to NtildeH1H2
type NtildePrivData ¶
func (*NtildePrivData) MarshalJSON ¶
func (priv *NtildePrivData) MarshalJSON() ([]byte, error)
MarshalJSON marshal PrivateKey to json bytes
func (*NtildePrivData) UnmarshalJSON ¶
func (priv *NtildePrivData) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to PrivateKey
type NtildeProof ¶
type NtildeProof struct { Alpha, T [Iterations]*big.Int }
NtildeProof ntilde zk proof
func NewNtildeProof ¶
func NewNtildeProof(h1, h2, x, p, q, N *big.Int) *NtildeProof
NewNtildeProof create ntilde proof
func (*NtildeProof) MarshalJSON ¶
func (p *NtildeProof) MarshalJSON() ([]byte, error)
MarshalJSON marshal NtildeProof to json bytes
func (*NtildeProof) UnmarshalJSON ¶
func (p *NtildeProof) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to NtildeProof
type PDLwSlackProof ¶
func NewPDLwSlackProof ¶
func NewPDLwSlackProof(keytype string, wit *PDLwSlackWitness, st *PDLwSlackStatement) *PDLwSlackProof
NewPDLwSlackProof new PDLwSlackProof
func (*PDLwSlackProof) MarshalJSON ¶
func (p *PDLwSlackProof) MarshalJSON() ([]byte, error)
MarshalJSON marshal PDLwSlackProof to json bytes
func (*PDLwSlackProof) UnmarshalJSON ¶
func (p *PDLwSlackProof) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to PDLwSlackProof
type PDLwSlackStatement ¶
type PDLwSlackWitness ¶
type PDLwSlackWitness struct {
K1, K1Ra *big.Int // X R
SK *PrivateKey
}
type PolyStruct2 ¶
PolyStruct2 coefficient set
func (*PolyStruct2) Vss2 ¶
func (polyStruct *PolyStruct2) Vss2(keytype string, ids []*big.Int) ([]*ShareStruct2, error)
Vss2 Calculate Lagrange polynomial value
type PrivateKey ¶
type PrivateKey struct { Length string `json:"Length"` PublicKey L *big.Int `json:"L"` // (p-1)*(q-1) U *big.Int `json:"U"` // L^-1 mod N }
PrivateKey the paillier private key
func (*PrivateKey) MarshalJSON ¶
func (privateKey *PrivateKey) MarshalJSON() ([]byte, error)
MarshalJSON marshal PrivateKey to json bytes
func (*PrivateKey) UnmarshalJSON ¶
func (privateKey *PrivateKey) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to PrivateKey
type PublicKey ¶
type PublicKey struct { Length string `json:"Length"` N *big.Int `json:"N"` // n = p*q, where p and q are prime G *big.Int `json:"G"` // in practical, G = N + 1 N2 *big.Int `json:"N2"` // N2 = N * N }
PublicKey the paillier pubkey
func (*PublicKey) MarshalJSON ¶
MarshalJSON marshal PublicKey to json bytes
func (*PublicKey) UnmarshalJSON ¶
UnmarshalJSON unmarshal raw to PublicKey
type STProof ¶
type STProof struct { AlphaX *big.Int AlphaY *big.Int BetaX *big.Int BetaY *big.Int T *big.Int U *big.Int }
ZK proof for knowledge of sigma_i, l_i such that S_i = R^sigma_i, T_i = g^sigma_i h^l_i (GG20)
func NewSTProof ¶
func NewSTProof(keytype string, T1X *big.Int, T1Y *big.Int, S1X *big.Int, S1Y *big.Int, Rx *big.Int, Ry *big.Int, hGx *big.Int, hGy *big.Int, sigma1 *big.Int, l1 *big.Int) *STProof
NewSTProof new STProof
func (*STProof) MarshalJSON ¶
MarshalJSON marshal STProof to json bytes
func (*STProof) UnmarshalJSON ¶
UnmarshalJSON unmarshal raw to STProof
type SafePrime ¶
type SafePrime struct {
// contains filtered or unexported fields
}
SafePrime prime
func (*SafePrime) CheckValidate ¶
CheckValidate check p < 2^(L/2) ? p = 2*q + 1
type ShareStruct2 ¶
type ShareStruct2 struct {}
ShareStruct2 f(xi)
func (*ShareStruct2) Verify2 ¶
func (share *ShareStruct2) Verify2(keytype string, polyG *PolyGStruct2) bool
Verify2 Verify Lagrange polynomial value
type SquareFreeProof ¶
SquareFreeProof add for GG20: keygen phase 3. Each player Pi proves in ZK that Ni is square-free using the proof of Gennaro, Micciancio, and Rabin [30] An Efficient Non-Interactive Statistical Zero-Knowledge Proof System for Quasi-Safe Prime Products, section 3.1
func SquareFreeProve ¶
SquareFreeProve chooses m random value Xi belong to ZN* prover compute M = N^-1 mod OuLa(N) and output sigmai = Xi^M mod N for every Xi
func (*SquareFreeProof) MarshalJSON ¶
func (sfpf *SquareFreeProof) MarshalJSON() ([]byte, error)
MarshalJSON marshal SquareFreeProof to json bytes
func (*SquareFreeProof) UnmarshalJSON ¶
func (sfpf *SquareFreeProof) UnmarshalJSON(raw []byte) error
UnmarshalJSON unmarshal raw to SquareFreeProof
type TProof ¶
ZK proof of knowledge of sigma_i, l_i such that T_i = g^sigma_i, h^l_i (GG20)
func TProve ¶
func TProve(keytype string, t1X *big.Int, t1Y *big.Int, hx *big.Int, hy *big.Int, sigma1 *big.Int, l1 *big.Int) *TProof
TProve add for gg20: calculate T_i = g^sigma_i * h^l_i = sigma_i*G + l_i*h*G
func (*TProof) MarshalJSON ¶
MarshalJSON marshal TProof to json bytes
func (*TProof) UnmarshalJSON ¶
UnmarshalJSON unmarshal raw to TProof
type ZkUProof ¶
ZkUProof the ZK that he knows u using Schnorr’s protocol
func (*ZkUProof) MarshalJSON ¶
MarshalJSON marshal ZkUProof to json bytes
func (*ZkUProof) UnmarshalJSON ¶
UnmarshalJSON unmarshal raw to ZkUProof
type ZkXiProof ¶
ZkXiProof the ZK that he knows xi using Schnorr’s protocol
func (*ZkXiProof) MarshalJSON ¶
MarshalJSON marshal ZkXiProof to json bytes
func (*ZkXiProof) UnmarshalJSON ¶
UnmarshalJSON unmarshal raw to ZkXiProof