Documentation ¶
Index ¶
- Constants
- Variables
- func BlindGeneratorBlindSum(context *Context, value []uint64, generatorblind [][]byte, ...) (blindout [32]byte, err error)
- func BlindSum(context *Context, posblinds [][]byte, negblinds [][]byte) (sum [32]byte, err error)
- func CommitmentSerialize(context *Context, commit *Commitment) (data [33]byte, err error)
- func ContextDestroy(ctx *Context)
- func ContextRandomize(ctx *Context, seed32 [32]byte) int
- func EcPrivKeyNegate(ctx *Context, seckey []byte) (int, error)
- func EcPrivKeyTweakAdd(ctx *Context, seckey []byte, tweak []byte) (int, error)
- func EcPrivKeyTweakMul(ctx *Context, seckey []byte, tweak []byte) (int, error)
- func EcPubKeyNegate(ctx *Context, pubkey *PublicKey) (int, error)
- func EcPubKeyTweakAdd(ctx *Context, pk *PublicKey, tweak []byte) (int, error)
- func EcPubkeySerialize(ctx *Context, publicKey *PublicKey, flags uint) (int, []byte, error)
- func Ecdh(ctx *Context, pubKey *PublicKey, privKey []byte) (int, []byte, error)
- func FixedAssetTagSerialize(asset *FixedAssetTag) (data [32]byte, err error)
- func GeneratorSerialize(context *Context, generator *Generator) (bytes [33]byte)
- func RangeProofInfo(context *Context, proof []byte) (exp, mantissa int, minValue, maxValue uint64, err error)
- func RangeProofRewind(context *Context, commit *Commitment, proof []byte, nonce [32]byte, ...) (blindingFactor [32]byte, value, minValue, maxValue uint64, message []byte, ...)
- func RangeProofSign(context *Context, minValue uint64, commit *Commitment, blindingFactor [32]byte, ...) ([]byte, error)
- func RangeProofVerify(context *Context, proof []byte, commit *Commitment, extraCommit []byte, ...) (bool, int, int)
- func SurjectionProofDestroy(proof *SurjectionProof)
- func SurjectionProofGenerate(context *Context, proof *SurjectionProof, ephemeralInputTags []*Generator, ...) error
- func SurjectionProofNTotalInputs(context *Context, proof *SurjectionProof) (number int)
- func SurjectionProofNUsedInputs(context *Context, proof *SurjectionProof) (number int)
- func SurjectionProofSerializationBytesCalc(nInputs int, nUsedInputs int) int
- func SurjectionProofSerialize(context *Context, proof *SurjectionProof) (bytes []byte, err error)
- func SurjectionProofVerify(context *Context, proof *SurjectionProof, ephemeralInputTags []*Generator, ...) bool
- type Commitment
- type Context
- type FixedAssetTag
- type Generator
- func GeneratorFromBytes(bytes []byte) (gen *Generator, err error)
- func GeneratorFromString(str string) (gen *Generator, err error)
- func GeneratorGenerate(ctx *Context, seed []byte) (*Generator, error)
- func GeneratorGenerateBlinded(ctx *Context, seed []byte, blind []byte) (*Generator, error)
- func GeneratorParse(context *Context, bytes []byte) (generator *Generator, err error)
- type PublicKey
- type SurjectionProof
- func SurjectionProofAllocateInitialized(context *Context, fixedInputTags []*FixedAssetTag, nInputTagsToUse int, ...) (int, *SurjectionProof, int, error)
- func SurjectionProofFromString(str string) (proof *SurjectionProof, err error)
- func SurjectionProofInitialize(context *Context, fixedInputTags []*FixedAssetTag, nInputTagsToUse int, ...) (*SurjectionProof, int, error)
- func SurjectionProofParse(context *Context, bytes []byte) (proof *SurjectionProof, err error)
Constants ¶
const ( // Flags for EcPubkeySerialize EcCompressed = uint(C.SECP256K1_EC_COMPRESSED) EcUncompressed = uint(C.SECP256K1_EC_UNCOMPRESSED) // Length of elements byte representations LenPrivateKey int = 32 LenCompressed int = 33 LenUncompressed int = 65 ErrorPrivateKeySize string = "private key must be exactly 32 bytes" ErrorEcdh string = "unable to do ecdh" ErrorPublicKeyCreate string = "unable to produce public key" ErrorPublicKeySize string = "public key must be 33 or 65 bytes" ErrorPublicKeyParse string = "unable to parse this public key" ErrorTweakingPublicKey string = "unable to tweak this public key" ErrorTweakSize string = "tweak must be exactly 32 bytes" ErrorPublicKeyCombine string = "unable to combine public key" ErrorTweakingPrivateKey string = "unable to tweak this private key" )
const ( ErrGeneratorParse string = "failed to parse data as a generator" ErrGeneratorGenerate string = "failed to create a generator" )
const ( ErrCommitmentParse string = "unable to parse the data as a commitment" ErrCommitmentSerialize string = "unable to serialize commitment" ErrCommitmentCount string = "number of elements differ in input arrays" // ErrCommitmentTally string = "sums of inputs and outputs are not equal" ErrCommitmentCommit string = "failed to create a commitment" ErrCommitmentBlindSum string = "failed to calculate sum of blinding factors" ErrCommitmentPubkey string = "failed to create public key from commitment" )
const ( // MaxRangeProofSize is the max size in bytes of a range proof MaxRangeProofSize = 5134 ErrRangeProof string = "failed to create a range proof" ErrRangeProofInfo string = "failed to retrieve info for range proof" ErrRangeProofRewind string = "failed to recover information about author of range proof" )
const ( // ContextNone wraps the SECP256K1_CONTEXT_NONE constant ContextNone = uint(C.SECP256K1_CONTEXT_NONE) // ContextSign wraps the SECP256K1_CONTEXT_SIGN constant ContextSign = uint(C.SECP256K1_CONTEXT_SIGN) // ContextVerify wraps the SECP256K1_CONTEXT_VERIFY constant ContextVerify = uint(C.SECP256K1_CONTEXT_VERIFY) // ContextBoth includes all context types ContextBoth = ContextSign | ContextVerify )
const ( // SurjectionProofSerializationBytesMax is the maximum number of bytes a serialized surjection proof requires SurjectionProofSerializationBytesMax = C.SECP256K1_SURJECTIONPROOF_SERIALIZATION_BYTES_MAX // ErrSurjectionProofParsing error message for proof parsing function ErrSurjectionProofParsing string = "surjection proof parsing failed" // ErrSurjectionProofGeneration error message for proof generation function ErrSurjectionProofGeneration string = "surjection proof generation failed" // ErrSurjectionProofAllocation error message for proof allocation function ErrSurjectionProofAllocation string = "surjection proof allocation/initialization failed" // ErrSurjectionProofInitialization error message for proof initilization function ErrSurjectionProofInitialization string = "surjection proof initialization failed" // ErrSurjectionProofSerialization error message for proof serialization function ErrSurjectionProofSerialization string = "surjection proof serialization failed" )
Variables ¶
var ( // GeneratorH wraps the secp256k1 generator from Elements Alpha GeneratorH = Generator{C.secp256k1_generator_h} )
Functions ¶
func BlindGeneratorBlindSum ¶
func BlindGeneratorBlindSum( context *Context, value []uint64, generatorblind [][]byte, blindingfactor [][]byte, ninputs int, ) ( blindout [32]byte, err error, )
BlindGeneratorBlindSum sets the final Pedersen blinding factor correctly when the generators themselves have blinding factors.
Consider a generator of the form A' = A + rG, where A is the "real" generator but A' is the generator provided to verifiers. Then a Pedersen commitment P = vA' + r'G really has the form vA + (vr + r')G. To get all these (vr + r') to sum to zero for multiple commitments, we take three arrays consisting of the `v`s, `r`s, and `r'`s, respectively called `value`s, `generator_blind`s and `blinding_factor`s, and sum them.
The function then subtracts the sum of all (vr + r') from the last element of the `blinding_factor` array, setting the total sum to zero.
Returns 1: Blinding factor successfully computed.
0: Error. A blinding_factor or generator_blind are larger than the group order (probability for random 32 byte number < 2^-127). Retry with different values.
In: ctx: pointer to a context object
value: array of asset values, `v` in the above paragraph. May not be NULL unless `n_total` is 0. generator_blind: array of asset blinding factors, `r` in the above paragraph May not be NULL unless `n_total` is 0. n_total: Total size of the above arrays n_inputs: How many of the initial array elements represent commitments that will be negated in the final sum
In/Out: blinding_factor: array of commitment blinding factors, `r'` in the above paragraph
May not be NULL unless `n_total` is 0. the last value will be modified to get the total sum to zero.
func BlindSum ¶
func BlindSum( context *Context, posblinds [][]byte, negblinds [][]byte, ) ( sum [32]byte, err error, )
BlindSum computes the sum of multiple positive and negative blinding factors.
Returns 1: Sum successfully computed. 0: Error. A blinding factor is larger than the group order (probability for random 32 byte number < 2^-127). Retry with different factors. In: ctx: pointer to a context object (cannot be NULL) blinds: pointer to pointers to 32-byte character arrays for blinding factors. (cannot be NULL) n: number of factors pointed to by blinds. npositive: how many of the input factors should be treated with a positive sign. Out: blind_out: pointer to a 32-byte array for the sum (cannot be NULL)
func CommitmentSerialize ¶
func CommitmentSerialize( context *Context, commit *Commitment, ) ( data [33]byte, err error, )
CommitmentSerialize serializes a commitment into sequence of bytes.
Returns: 1 always. Args: ctx: a secp256k1 context object. In: Commitment a commitment object Out: serialized data: 33-byte byte array
func ContextDestroy ¶
func ContextDestroy(ctx *Context)
ContextDestroy destroys the context. The provided context must not be NULL.
func ContextRandomize ¶
ContextRandomize accepts a [32]byte seed in order to update the context randomization. NULL may be passed to reset to initial state. The context pointer must not be null.
func EcPrivKeyNegate ¶
EcPrivKeyNegate will negate a public key in place. The return code is 1 if the operation was successful, or 0 if the length was invalid.
func EcPrivKeyTweakAdd ¶
EcPrivKeyTweakAdd modifies the provided `seckey` by adding tweak to it. The return code is 0 if `tweak` was out of range (chance of around 1 in 2^128 for uniformly random 32-byte arrays), or if the resulting private key would be invalid (only when the tweak is the complement of the private key). The return code is 1 otherwise.
func EcPrivKeyTweakMul ¶
EcPrivKeyTweakMul tweak a private key by multiplying it by a tweak. The return code is 0 if the tweak was out of range (chance of around 1 in 2^128 for uniformly random 32-byte arrays) or zero. The code is 1 otherwise.
func EcPubKeyNegate ¶
EcPubKeyNegate will negate a public key object in place. The return code is always 1.
func EcPubKeyTweakAdd ¶
Tweak a public key by adding tweak times the generator to it. The return code is 0 if the tweak was out of range (chance of around 1 in 2^128 for uniformly random 32-byte arrays) or if the resulting public key would be invalid. The return code is 1 otherwise.
func EcPubkeySerialize ¶
EcPubkeySerialize serializes a pubkey object into a []byte. The output is an array of 65-bytes (if compressed==0), or 33-bytes (if compressed==1). Use EcCompressed or EcUncompressed to request a certain format. The function will always return 1, because the only public key objects are valid ones.
func Ecdh ¶
Compute an EC Diffie-Hellman secret in constant time. Return code is 1 if exponentiation was successful, or 0 if the scalar was invalid.
func FixedAssetTagSerialize ¶
func FixedAssetTagSerialize( asset *FixedAssetTag, ) ( data [32]byte, err error, )
FixedAssetTagSerialize serializes FixedAssetTag into sequence of bytes.
Returns: 1 always. In: FixedAssetTag - fixed asset tag object Out: serialized data: 32-byte byte array
func GeneratorSerialize ¶
GeneratorSerialize serializes a 33-byte generator into a serialized byte sequence
-> context non-NULL context -> generator generator object <- bytes 33 bytes of data
func RangeProofInfo ¶
func RangeProofInfo( context *Context, proof []byte, ) (exp, mantissa int, minValue, maxValue uint64, err error)
RangeProofInfo extracts some basic information from a range-proof.
Returns 1: Information successfully extracted. 0: Decode failed. In: ctx: pointer to a context object proof: pointer to character array with the proof. Out: exp: Exponent used in the proof (-1 means the value isn't private). mantissa: Number of bits covered by the proof. min_value: pointer to an unsigned int64 which will be updated with the minimum value that commit could have. (cannot be NULL) max_value: pointer to an unsigned int64 which will be updated with the maximum value that commit could have. (cannot be NULL)
func RangeProofRewind ¶
func RangeProofRewind( context *Context, commit *Commitment, proof []byte, nonce [32]byte, extraCommit []byte, gen *Generator, ) ( blindingFactor [32]byte, value, minValue, maxValue uint64, message []byte, err error, )
RangeProofRewind verifies a range proof and rewind the proof to recover information sent by its author.
Returns 1: Value is within the range [0..2^64), the specifically proven range is in the min/max value outputs, and the value and blinding were recovered. 0: Proof failed, rewind failed, or other error. In: ctx: pointer to a context object, initialized for range-proof and Pedersen commitment (cannot be NULL) commit: the commitment being proved. (cannot be NULL) proof: pointer to character array with the proof. (cannot be NULL) nonce: 32-byte secret nonce used by the prover (cannot be NULL) extra_commit: additional data covered in rangeproof signature gen: additional generator 'h' In/Out: blind_out: storage for the 32-byte blinding factor used for the commitment value_out: pointer to an unsigned int64 which has the exact value of the commitment. message_out: pointer to a 4096 byte character array to receive message data from the proof author. outlen: length of message data written to message_out. min_value: pointer to an unsigned int64 which will be updated with the minimum value that commit could have. (cannot be NULL) max_value: pointer to an unsigned int64 which will be updated with the maximum value that commit could have. (cannot be NULL)
func RangeProofSign ¶
func RangeProofSign( context *Context, minValue uint64, commit *Commitment, blindingFactor [32]byte, nonce [32]byte, exp, minBits int, value uint64, message []byte, extraCommit []byte, generator *Generator, ) ([]byte, error)
RangeProofSign authors a proof that a committed value is within a range.
Returns 1: Proof successfully created. 0: Error In: ctx: pointer to a context object, initialized for range-proof, signing, and Pedersen commitment (cannot be NULL) proof: pointer to array to receive the proof, can be up to 5134 bytes. (cannot be NULL) min_value: constructs a proof where the verifer can tell the minimum value is at least the specified amount. commit: the commitment being proved. blind: 32-byte blinding factor used by commit. nonce: 32-byte secret nonce used to initialize the proof (value can be reverse-engineered out of the proof if this secret is known.) exp: Base-10 exponent. Digits below above will be made public, but the proof will be made smaller. Allowed range is -1 to 18. (-1 is a special case that makes the value public. 0 is the most private.) min_bits: Number of bits of the value to keep private. (0 = auto/minimal, - 64). value: Actual value of the commitment. message: pointer to a byte array of data to be embedded in the rangeproof that can be recovered by rewinding the proof extra_commit: additional data to be covered in rangeproof signature gen: additional generator 'h'
If min_value or exp is non-zero then the value must be on the range [0, 2^63) to prevent the proof range from spanning past 2^64.
If exp is -1 the value is revealed by the proof (e.g. it proves that the proof is a blinding of a specific value, without revealing the blinding key.)
This can randomly fail with probability around one in 2^100. If this happens, buy a lottery ticket and retry with a different nonce or blinding.
func RangeProofVerify ¶
func RangeProofVerify(context *Context, proof []byte, commit *Commitment, extraCommit []byte, generator *Generator) (bool, int, int)
RangeProofVerify verifies a proof that a committed value is within a range.
Returns 1: Value is within the range [0..2^64), the specifically proven range is in the min/max value outputs. 0: Proof failed or other error. In: ctx: pointer to a context object, initialized for range-proof and commitment (cannot be NULL) commit: the commitment being proved. (cannot be NULL) proof: pointer to character array with the proof. (cannot be NULL) extra_commit: additional data covered in rangeproof signature gen: additional generator 'h' Out: min_value: pointer to a unsigned int64 which will be updated with the minimum value that commit could have. (cannot be NULL) max_value: pointer to a unsigned int64 which will be updated with the maximum value that commit could have. (cannot be NULL)
func SurjectionProofDestroy ¶
func SurjectionProofDestroy( proof *SurjectionProof, )
SurjectionProofDestroy proof destroy function deallocates the struct that was allocated with secp256k1_surjectionproof_allocate_initialized
In: proof: pointer to SurjectionProof struct
func SurjectionProofGenerate ¶
func SurjectionProofGenerate(context *Context, proof *SurjectionProof, ephemeralInputTags []*Generator, ephemeralOutputTag *Generator, inputIndex int, inputBlindingKey []byte, outputBlindingKey []byte, ) error
SurjectionProofGenerate proof generation function
Returns 0: proof could not be created 1: proof was successfully created In: ctx: pointer to a context object, initialized for signing and verification ephemeral_input_tags: the ephemeral asset tag of all inputs ephemeral_output_tag: the ephemeral asset tag of the output input_index: the index of the input that actually maps to the output input_blinding_key: the blinding key of the input output_blinding_key: the blinding key of the output In/Out: proof: the produced surjection proof. Must have already gone through SurjectionProofGenerate
func SurjectionProofNTotalInputs ¶
func SurjectionProofNTotalInputs( context *Context, proof *SurjectionProof, ) ( number int, )
SurjectionProofNTotalInputs returns the total number of inputs a proof expects to be over.
Returns: the number of inputs for the given proof In: ctx: pointer to a context object proof: a pointer to a proof object
func SurjectionProofNUsedInputs ¶
func SurjectionProofNUsedInputs( context *Context, proof *SurjectionProof, ) ( number int, )
SurjectionProofNUsedInputs returns the actual number of inputs that a proof uses
Returns: the number of inputs for the given proof In: ctx: pointer to a context object proof: a pointer to a proof object
func SurjectionProofSerializationBytesCalc ¶
SurjectionProofSerializationBytesCalc calculates the number of bytes a serialized surjection proof requires given the number of inputs and the number of used inputs.
func SurjectionProofSerialize ¶
func SurjectionProofSerialize( context *Context, proof *SurjectionProof, ) ( bytes []byte, err error, )
SurjectionProofSerialize serializes a surjection proof
Returns: 1 if enough space was available to serialize, 0 otherwise Args: ctx: a secp256k1 context object Out: output: a pointer to an array to store the serialization In/Out: outputlen: a pointer to an integer which is initially set to the size of output, and is overwritten with the written size. In: proof: a pointer to an initialized proof object
See secp256k1_surjectionproof_parse for details about the encoding.
func SurjectionProofVerify ¶
func SurjectionProofVerify( context *Context, proof *SurjectionProof, ephemeralInputTags []*Generator, ephemeralOutputTag *Generator, ) bool
SurjectionProofVerify proof verification function
Returns 0: proof was invalid 1: proof was valid In: ctx: pointer to a context object, initialized for signing and verification proof: proof to be verified ephemeral_input_tags: the ephemeral asset tag of all inputs n_ephemeral_input_tags: the number of entries in the ephemeral_input_tags array ephemeral_output_tag: the ephemeral asset tag of the output
Types ¶
type Commitment ¶
type Commitment struct {
// contains filtered or unexported fields
}
Commitment cointains a pointer to opaque data structure that stores a base point The exact representation of data inside is implementation defined and not guaranteed to be portable between different platforms or versions. It is however guaranteed to be 64 bytes in size, and can be safely copied/moved. If you need to convert to a format suitable for storage, transmission, or comparison, use appropriate serialize and parse functions.
func Commit ¶
func Commit( context *Context, blind []byte, value uint64, valuegen *Generator, ) ( commit *Commitment, err error, )
Commit generates a commitment
Returns: 1: Commitment successfully created. 0: Error. The blinding factor is larger than the group order * (probability for random 32 byte number < 2^-127) or results in the point at infinity. Retry with a different factor. Args ctx: pointer to a context object (cannot be NULL) Out: commit: pointer to the commitment (cannot be NULL) In: blind: 32-byte blinding factor (cannot be NULL) value: unsigned 64-bit integer value to commit to. value_gen: value generator 'h'
Blinding factors can be generated and verified in the same way as secp256k1 private keys for ECDSA.
func CommitmentFromString ¶
func CommitmentFromString(str string) (com *Commitment, err error)
CommitmentFromString takes a commitment in hex encoded format and returns a commitment object
func CommitmentParse ¶
func CommitmentParse( context *Context, data33 []byte, ) ( *Commitment, error, )
CommitmentParse parses a sequence of bytes as a Pedersen commitment. Returns: 1 if input contains a valid commitment. Args: ctx: a secp256k1 context object. In: data: pointer to a 33-byte serialized data Out: nil/Commitment
func (*Commitment) Bytes ¶
func (commit *Commitment) Bytes() (bytes [33]byte)
Bytes converts a commitment object to array of bytes
func (*Commitment) String ¶
func (commit *Commitment) String() string
String converts a commitment object to an hex encoded string
type Context ¶
type Context struct {
// contains filtered or unexported fields
}
Context wraps a *secp256k1_context, required to use all functions. It can be initialized for signing, verification, or both.
func ContextClone ¶
ContextClone makes a copy of the provided *Context. The provided context must not be NULL.
func ContextCreate ¶
ContextCreate produces a new *Context, initialized with a bitmask of flags depending on it's intended usage. The supported flags are currently ContextSign and ContextVerify. Although expressed in the return type signature, the function does not currently return an error.
func SharedContext ¶
SharedContext returns a managed context
type FixedAssetTag ¶
type FixedAssetTag struct {
// contains filtered or unexported fields
}
FixedAssetTag holds a fixed asset tag. This data type is//not* opaque. It will always be 32 bytes of whatever data the API user wants to use as an asset tag. Its contents have no semantic meaning to libsecp whatsoever.
func FixedAssetTagFromHex ¶
func FixedAssetTagFromHex(str string) (com *FixedAssetTag, err error)
FixedAssetTagFromHex parses a string a a FixedAssetTag
func FixedAssetTagParse ¶
func FixedAssetTagParse( data32 []byte, ) ( *FixedAssetTag, error, )
FixedAssetTagParse parses a sequence of bytes as a FixedAssetTag
Returns: 1 if input contains a valid FixedAssetTag In: data32: pointer to a 33-byte serialized data Out: nil/FixedAssetTag
func (*FixedAssetTag) Bytes ¶
func (asset *FixedAssetTag) Bytes() (bytes [32]byte)
Bytes converts a fixed asset tag object to a 32-byte array
func (*FixedAssetTag) Hex ¶
func (asset *FixedAssetTag) Hex() string
Hex converts a surjection proof object to an hex encoded string
func (*FixedAssetTag) Slice ¶
func (asset *FixedAssetTag) Slice() []byte
Slice converts a fixed asset tag object to a byte slice
type Generator ¶
type Generator struct {
// contains filtered or unexported fields
}
Generator contains a pointer to opaque data structure that stores a base point The exact representation of data inside is implementation defined and not guaranteed to be portable between different platforms or versions. It is however guaranteed to be 64 bytes in size, and can be safely copied/moved. If you need to convert to a format suitable for storage, transmission, or comparison, use secp256k1_generator_serialize and secp256k1_generator_parse.
func GeneratorFromBytes ¶
GeneratorFromBytes returns a generator object from an array of bytes
func GeneratorFromString ¶
GeneratorFromString returns a generator object from a hex encoded string
func GeneratorGenerate ¶
GeneratorGenerate generates a generator for the curve.
Returns: 0 in the highly unlikely case the seed is not acceptable, 1 otherwise. Args: ctx: a secp256k1 context object Out: gen: a generator object In: seed32: a 32-byte seed If successful a valid generator will be placed in gen. The produced generators are distributed uniformly over the curve, and will not have a known discrete logarithm with respect to any other generator produced, or to the base generator G.
func GeneratorGenerateBlinded ¶
GeneratorGenerateBlinded generates a blinded generator for the curve.
Returns: 0 in the highly unlikely case the seed is not acceptable or when blind is out of range. 1 otherwise. Args: ctx: a secp256k1 context object, initialized for signing Out: gen: a generator object In: seed32: a 32-byte seed blind32: a 32-byte secret value to blind the genesizeofrator with. The result is equivalent to first calling secp256k1_gensizeoferator_generate, converting the result to a public key, calling secp256k1_ec_pubkey_tweak_add, and then converting back to generator form.sizeof
func GeneratorParse ¶
GeneratorParse parses a 33-byte generator byte sequence into a generator object. -> context a secp256k1 context object. -> bytes 33-byte slice of data <- generator pointer to a generator object <- err nil if success or an error object
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey wraps a *secp256k1_pubkey, which contains the prefix plus the X+Y coordidnates
func EcPubKeyCombine ¶
EcPubKeyCombine will compute sum of all the provided public keys, returning a new point. The error code is 1 if the sum is valid, 0 otherwise. There must be at least one public key.
func EcPubkeyCreate ¶
EcPubkeyCreate will compute the public key for a secret key. The return code is 1 and the key returned if the secret was valid. Otherwise, the return code is 0, and an error is returned. The key length must be 32-bytes.
func EcPubkeyParse ¶
EcPubkeyParse deserializes a variable-length public key into a *Pubkey object. The function will reject any input of zero bytes in length. This function supports parsing compressed (33 bytes, header byte 0x02 or 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header byte 0x06 or 0x07) format public keys. The return code is 1 if the public key was fully valid, or 0 if the public key was invalid or could not be parsed.
type SurjectionProof ¶
type SurjectionProof struct {
// contains filtered or unexported fields
}
SurjectionProof opaque data structure that holds a parsed surjection proof
The exact representation of data inside is implementation defined and not guaranteed to be portable between different platforms or versions. Nor is it guaranteed to have any particular size, nor that identical proofs will have identical representation. (That is, memcmp may return nonzero even for identical proofs.) To obtain these properties, instead use secp256k1_surjectionproof_parse and secp256k1_surjectionproof_serialize to encode/decode proofs into a well-defined format. The representation is exposed to allow creation of these objects on the stack; please *do not* use these internals directly.
func SurjectionProofAllocateInitialized ¶
func SurjectionProofAllocateInitialized( context *Context, fixedInputTags []*FixedAssetTag, nInputTagsToUse int, fixedOutputTag *FixedAssetTag, nMaxIterations int, seed32 []byte, ) ( int, *SurjectionProof, int, error, )
SurjectionProofAllocateInitialized proof allocation and initialization function; decides on inputs to use
Returns 0: inputs could not be selected, or malloc failure n: inputs were selected after n iterations of random selection In: ctx: pointer to a context object proof_out_p: a pointer to a pointer to `secp256k1_surjectionproof*`. the newly-allocated struct pointer will be saved here. fixed_input_tags: fixed input tags `A_i` for all inputs. (If the fixed tag is not known, e.g. in a coinjoin with others' inputs, an ephemeral tag can be given; this won't match the output tag but might be used in the anonymity set.) n_input_tags_to_use: the number of inputs to select randomly to put in the anonymity set fixed_output_tag: fixed output tag max_n_iterations: the maximum number of iterations to do before giving up. Because the maximum number of inputs (SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS) is limited to 256 the probability of giving up is smaller than (255/256)^(n_input_tags_to_use*max_n_iterations). random_seed32: a random seed to be used for input selection Out: proof_out_p: The pointer to newly-allocated proof whose bitvector will be initialized. In case of failure, the pointer will be NULL. input_index: The index of the actual input that is secretly mapped to the output
func SurjectionProofFromString ¶
func SurjectionProofFromString(str string) (proof *SurjectionProof, err error)
SurjectionProofFromString returns a surjection proof object from an hex encoded string
func SurjectionProofInitialize ¶
func SurjectionProofInitialize( context *Context, fixedInputTags []*FixedAssetTag, nInputTagsToUse int, fixedOutputTag *FixedAssetTag, nMaxIterations int, seed32 []byte, ) (*SurjectionProof, int, error)
SurjectionProofInitialize proof initialization function; decides on inputs to use To be used to initialize stack-allocated secp256k1_surjectionproof struct
Returns 0: inputs could not be selected n: inputs were selected after n iterations of random selection In: ctx: pointer to a context object fixed_input_tags: fixed input tags `A_i` for all inputs. (If the fixed tag is not known, e.g. in a coinjoin with others' inputs, an ephemeral tag can be given; this won't match the output tag but might be used in the anonymity set.) n_input_tags_to_use: the number of inputs to select randomly to put in the anonymity set Must be <= SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS fixed_output_tag: fixed output tag max_n_iterations: the maximum number of iterations to do before giving up. Because the maximum number of inputs (SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS) is limited to 256 the probability of giving up is smaller than (255/256)^(n_input_tags_to_use*max_n_iterations). random_seed32: a random seed to be used for input selection Out: proof: The proof whose bitvector will be initialized. In case of failure, the state of the proof is undefined. input_index: The index of the actual input that is secretly mapped to the output
func SurjectionProofParse ¶
func SurjectionProofParse( context *Context, bytes []byte, ) ( proof *SurjectionProof, err error, )
SurjectionProofParse parses a surjection proof
Returns: 1: when the proof could be parsed 0: otherwise Args: ctx: a secp256k1 context object Out: proof: a pointer to a proof object In: input: a pointer to the array to parse inputlen: length of the array pointed to by input The proof must consist of: - A 2-byte little-endian total input count `n` - A ceil(n/8)-byte bitmap indicating which inputs are used. - A big-endian 32-byte borromean signature e0 value - `m` big-endian 32-byte borromean signature s values, where `m` is the number of set bits in the bitmap
func (*SurjectionProof) Bytes ¶
func (proof *SurjectionProof) Bytes() (bytes []byte)
Bytes converts a surjection proof object to a byte slice
func (*SurjectionProof) String ¶
func (proof *SurjectionProof) String() string
String converts a surjection proof object to an hex encoded string