Documentation
¶
Overview ¶
Package bulletproof implements the zero knowledge protocol bulletproofs as defined in https://eprint.iacr.org/2017/1066.pdf
Package bulletproof implements the zero knowledge protocol bulletproofs as defined in https://eprint.iacr.org/2017/1066.pdf
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type InnerProductProof ¶
type InnerProductProof struct {
// contains filtered or unexported fields
}
InnerProductProof contains necessary output for the inner product proof a and b are the final input vectors of scalars, they should be of length 1 Ls and Rs are calculated per recursion of the IPP and are necessary for verification See section 3.1 on pg 15 of https://eprint.iacr.org/2017/1066.pdf
func NewInnerProductProof ¶
func NewInnerProductProof(curve *curves.Curve) *InnerProductProof
NewInnerProductProof initializes a new InnerProductProof for a specified curve This should be used in tandem with UnmarshalBinary() to convert a marshaled proof into the struct.
func (*InnerProductProof) MarshalBinary ¶
func (proof *InnerProductProof) MarshalBinary() []byte
MarshalBinary takes an inner product proof and marshals into bytes.
func (*InnerProductProof) UnmarshalBinary ¶
func (proof *InnerProductProof) UnmarshalBinary(data []byte) error
UnmarshalBinary takes bytes of a marshaled proof and writes them into an inner product proof The inner product proof used should be from the output of NewInnerProductProof().
type InnerProductProver ¶
type InnerProductProver struct {
// contains filtered or unexported fields
}
InnerProductProver is the struct used to create InnerProductProofs It specifies which curve to use and holds precomputed generators See NewInnerProductProver() for prover initialization.
func NewInnerProductProver ¶
func NewInnerProductProver(maxVectorLength int, domain []byte, curve curves.Curve) (*InnerProductProver, error)
NewInnerProductProver initializes a new prover It uses the specified domain to generate generators for vectors of at most maxVectorLength A prover can be used to construct inner product proofs for vectors of length less than or equal to maxVectorLength A prover is defined by an explicit curve.
func (*InnerProductProver) Prove ¶
func (prover *InnerProductProver) Prove(a, b []curves.Scalar, u curves.Point, transcript *merlin.Transcript) (*InnerProductProof, error)
Prove executes the prover protocol on pg 16 of https://eprint.iacr.org/2017/1066.pdf It generates an inner product proof for vectors a and b, using u to blind the inner product in P A transcript is used for the Fiat Shamir heuristic.
type InnerProductVerifier ¶
type InnerProductVerifier struct {
// contains filtered or unexported fields
}
InnerProductVerifier is the struct used to verify inner product proofs It specifies which curve to use and holds precomputed generators See NewInnerProductProver() for prover initialization.
func NewInnerProductVerifier ¶
func NewInnerProductVerifier(maxVectorLength int, domain []byte, curve curves.Curve) (*InnerProductVerifier, error)
NewInnerProductVerifier initializes a new verifier It uses the specified domain to generate generators for vectors of at most maxVectorLength A verifier can be used to verify inner product proofs for vectors of length less than or equal to maxVectorLength A verifier is defined by an explicit curve.
func (*InnerProductVerifier) Verify ¶
func (verifier *InnerProductVerifier) Verify(capP, u curves.Point, proof *InnerProductProof, transcript *merlin.Transcript) (bool, error)
Verify verifies the given proof inputs It implements the final comparison of section 3.1 on pg17 of https://eprint.iacr.org/2017/1066.pdf
func (*InnerProductVerifier) VerifyFromRangeProof ¶
func (verifier *InnerProductVerifier) VerifyFromRangeProof(proofG, proofH []curves.Point, capPhmuinv, u curves.Point, tHat curves.Scalar, proof *InnerProductProof, transcript *merlin.Transcript) (bool, error)
Verify verifies the given proof inputs It implements the final comparison of section 3.1 on pg17 of https://eprint.iacr.org/2017/1066.pdf
type RangeProof ¶
type RangeProof struct {
// contains filtered or unexported fields
}
RangeProof is the struct used to hold a range proof capA is a commitment to a_L and a_R using randomness alpha capS is a commitment to s_L and s_R using randomness rho capTau1,2 are commitments to t1,t2 respectively using randomness tau_1,2 tHat represents t(X) as defined on page 19 taux is the blinding factor for tHat ipp is the inner product proof used for compacting the transfer of l,r (See 4.2 on pg20).
func NewRangeProof ¶
func NewRangeProof(curve *curves.Curve) *RangeProof
NewRangeProof initializes a new RangeProof for a specified curve This should be used in tandem with UnmarshalBinary() to convert a marshaled proof into the struct.
func (*RangeProof) MarshalBinary ¶
func (proof *RangeProof) MarshalBinary() []byte
MarshalBinary takes a range proof and marshals into bytes.
func (*RangeProof) UnmarshalBinary ¶
func (proof *RangeProof) UnmarshalBinary(data []byte) error
UnmarshalBinary takes bytes of a marshaled proof and writes them into a range proof The range proof used should be from the output of NewRangeProof().
type RangeProofGenerators ¶
type RangeProofGenerators struct {
// contains filtered or unexported fields
}
type RangeProver ¶
type RangeProver struct {
// contains filtered or unexported fields
}
RangeProver is the struct used to create RangeProofs It specifies which curve to use and holds precomputed generators See NewRangeProver() for prover initialization.
func NewRangeProver ¶
func NewRangeProver(maxVectorLength int, rangeDomain, ippDomain []byte, curve curves.Curve) (*RangeProver, error)
NewRangeProver initializes a new prover It uses the specified domain to generate generators for vectors of at most maxVectorLength A prover can be used to construct range proofs for vectors of length less than or equal to maxVectorLength A prover is defined by an explicit curve.
func (*RangeProver) BatchProve ¶
func (prover *RangeProver) BatchProve(v, gamma []curves.Scalar, n int, proofGenerators RangeProofGenerators, transcript *merlin.Transcript) (*RangeProof, error)
BatchProve proves that a list of scalars v are in the range n. It implements the aggregating logarithmic proofs defined on pg21. Instead of taking a single value and a single blinding factor, BatchProve takes in a list of values and list of blinding factors.
func (*RangeProver) Prove ¶
func (prover *RangeProver) Prove(v, gamma curves.Scalar, n int, proofGenerators RangeProofGenerators, transcript *merlin.Transcript) (*RangeProof, error)
Prove uses the range prover to prove that some value v is within the range [0, 2^n] It implements the protocol defined on pgs 19,20 in https://eprint.iacr.org/2017/1066.pdf v is the value of which to prove the range n is the power that specifies the upper bound of the range, ie. 2^n gamma is a scalar used for as a blinding factor g, h, u are unique points used as generators for the blinding factor transcript is a merlin transcript to be used for the fiat shamir heuristic.
type RangeVerifier ¶
type RangeVerifier struct {
// contains filtered or unexported fields
}
RangeVerifier is the struct used to verify RangeProofs It specifies which curve to use and holds precomputed generators See NewRangeVerifier() for verifier initialization.
func NewRangeVerifier ¶
func NewRangeVerifier(maxVectorLength int, rangeDomain, ippDomain []byte, curve curves.Curve) (*RangeVerifier, error)
NewRangeVerifier initializes a new verifier It uses the specified domain to generate generators for vectors of at most maxVectorLength A verifier can be used to verify range proofs for vectors of length less than or equal to maxVectorLength A verifier is defined by an explicit curve.
func (*RangeVerifier) Verify ¶
func (verifier *RangeVerifier) Verify(proof *RangeProof, capV curves.Point, proofGenerators RangeProofGenerators, n int, transcript *merlin.Transcript) (bool, error)
Verify verifies the given range proof inputs It implements the checking of L65 on pg 20 It also verifies the dot product of <l,r> using the inner product proof\ capV is a commitment to v using blinding factor gamma n is the power that specifies the upper bound of the range, ie. 2^n g, h, u are unique points used as generators for the blinding factor transcript is a merlin transcript to be used for the fiat shamir heuristic.
func (*RangeVerifier) VerifyBatched ¶
func (verifier *RangeVerifier) VerifyBatched(proof *RangeProof, capV []curves.Point, proofGenerators RangeProofGenerators, n int, transcript *merlin.Transcript) (bool, error)
VerifyBatched verifies a given batched range proof. It takes in a list of commitments to the secret values as capV instead of a single commitment to a single point when compared to the unbatched single range proof case.
Source Files