Documentation
¶
Overview ¶
* The MIT License (MIT)
Copyright (c) 2018 SmartContract ChainLink, Ltd.
* The MIT License (MIT)
Copyright (c) 2018 SmartContract ChainLink, Ltd.
* The MIT License (MIT)
Copyright (c) 2018 SmartContract ChainLink, Ltd.
* The MIT License (MIT)
Copyright (c) 2018 SmartContract ChainLink, Ltd.
* The MIT License (MIT)
Copyright (c) 2018 SmartContract ChainLink, Ltd.
Index ¶
- Variables
- func FieldHash(msg []byte) *big.Int
- func FinalSeed(s PreSeedData) (finalSeed *big.Int)
- func HashToCurve(p kyber.Point, input *big.Int, ordinates func(x *big.Int)) (kyber.Point, error)
- func IsCurveXOrdinate(x *big.Int) bool
- func IsSquare(x *big.Int) bool
- func ProjectiveECAdd(p, q kyber.Point) (x, y, z fieldElt)
- func ScalarFromCurvePoints(hash, pk, gamma kyber.Point, uWitness [20]byte, v kyber.Point) (*big.Int, error)
- func SquareRoot(x *big.Int) *big.Int
- func YSquared(x *big.Int) *big.Int
- type KeyV2
- type PreSeedData
- type Proof
- type Raw
- type Seed
- type SolidityProof
Constants ¶
This section is empty.
Variables ¶
var ( // FieldSize is number of elements in secp256k1's base field, i.e. GF(FieldSize) FieldSize = utils.HexToBig( "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", ) Secp256k1Curve = &secp256k1.Secp256k1{} Generator = Secp256k1Curve.Point().Base() ErrCGammaEqualsSHash = fmt.Errorf("pick a different nonce; c*gamma = s*hash, with this one") // RandomOutputHashPrefix is a domain-separation tag for the hash used to // compute the final VRF random output RandomOutputHashPrefix = common.BigToHash(utils.Three).Bytes() )
Functions ¶
func FieldHash ¶
FieldHash hashes xs uniformly into {0, ..., fieldSize-1}. msg is assumed to already be a 256-bit hash
func FinalSeed ¶
func FinalSeed(s PreSeedData) (finalSeed *big.Int)
FinalSeed is the seed which is actually passed to the VRF proof generator, given the pre-seed and the hash of the block in which the VRFCoordinator emitted the log for the request this is responding to.
func HashToCurve ¶
HashToCurve is a cryptographic hash function which outputs a secp256k1 point, or an error. It passes each candidate x ordinate to ordinates function.
func IsCurveXOrdinate ¶
IsCurveXOrdinate returns true iff there is y s.t. y^2=x^3+7
func ProjectiveECAdd ¶
func ProjectiveECAdd(p, q kyber.Point) (x, y, z fieldElt)
ProjectiveECAdd(px, py, qx, qy) duplicates the calculation in projective coordinates of VRF.sol#projectiveECAdd, so we can reliably get the denominator (i.e, z)
func ScalarFromCurvePoints ¶
func ScalarFromCurvePoints( hash, pk, gamma kyber.Point, uWitness [20]byte, v kyber.Point) (*big.Int, error)
ScalarFromCurve returns a hash for the curve points. Corresponds to the hash computed in VRF.sol#ScalarFromCurvePoints
func SquareRoot ¶
SquareRoot returns a s.t. a^2=x, as long as x is a square
Types ¶
type KeyV2 ¶
func (KeyV2) GenerateProof ¶
GenerateProof returns gamma, plus proof that gamma was constructed from seed as mandated from the given secretKey, with public key secretKey*Generator
secretKey and seed must be less than secp256k1 group order. (Without this constraint on the seed, the samples and the possible public keys would deviate very slightly from uniform distribution.)
func (KeyV2) GenerateProofWithNonce ¶
GenerateProofWithNonce allows external nonce generation for testing purposes
As with signatures, using nonces which are in any way predictable to an adversary will leak your secret key! Most people should use GenerateProof instead.
type PreSeedData ¶
type PreSeedData struct {
PreSeed Seed // Seed to be mixed with hash of containing block
BlockHash common.Hash // Hash of block containing VRF request
BlockNum uint64 // Cardinal number of block containing VRF request
SubId uint64
CallbackGasLimit uint32
NumWords uint32
Sender common.Address
}
PreSeedData contains the data the VRF provider needs to compute the final VRF output and marshal the proof for transmission to the VRFCoordinator contract.
type Proof ¶
type Proof struct {
PublicKey kyber.Point // secp256k1 public key of private key used in proof
Gamma kyber.Point
C *big.Int
S *big.Int
Seed *big.Int // Seed input to verifiable random function
Output *big.Int // verifiable random function output;, uniform uint256 sample
}
Proof represents a proof that Gamma was constructed from the Seed according to the process mandated by the PublicKey.
N.B.: The kyber.Point fields must contain secp256k1.secp256k1Point values, C, S and Seed must be secp256k1Point, and Output must be at most 256 bits. See Proof.WellFormed.
func (*Proof) VerifyVRFProof ¶
VerifyProof is true iff gamma was generated in the mandated way from the given publicKey and seed, and no error was encountered
func (*Proof) WellFormed ¶
WellFormed is true iff p's attributes satisfy basic domain checks
type Seed ¶
type Seed [32]byte
Seed represents a VRF seed as a serialized uint256
type SolidityProof ¶
type SolidityProof struct {
P *Proof // The core proof
UWitness common.Address // Address of P.C*P.PK+P.S*G
CGammaWitness, SHashWitness kyber.Point // P.C*P.Gamma, P.S*HashToCurve(P.Seed)
ZInv *big.Int // Inverse of Z coord from ProjectiveECAdd(CGammaWitness, SHashWitness)
}
SolidityProof contains precalculations which VRF.sol needs to verify proofs
func SolidityPrecalculations ¶
func SolidityPrecalculations(p *Proof) (*SolidityProof, error)
SolidityPrecalculations returns the precomputed values needed by the solidity verifier, or an error on failure.
func (*SolidityProof) String ¶
func (p *SolidityProof) String() string
String returns the values in p, in hexadecimal format
Source Files