secp256k1

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2021 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Flags for EcPubkeySerialize
	EcCompressed   = uint(C.SECP256K1_EC_COMPRESSED)
	EcUncompressed = uint(C.SECP256K1_EC_UNCOMPRESSED)

	// Length of elements byte representations
	LenPrivateKey   int = 32
	LenCompressed   int = 33
	LenUncompressed int = 65

	ErrorPrivateKeySize     string = "private key must be exactly 32 bytes"
	ErrorEcdh               string = "unable to do ecdh"
	ErrorPublicKeyCreate    string = "unable to produce public key"
	ErrorPublicKeySize      string = "public key must be 33 or 65 bytes"
	ErrorPublicKeyParse     string = "unable to parse this public key"
	ErrorTweakingPublicKey  string = "unable to tweak this public key"
	ErrorTweakSize          string = "tweak must be exactly 32 bytes"
	ErrorPublicKeyCombine   string = "unable to combine public key"
	ErrorTweakingPrivateKey string = "unable to tweak this private key"
)
View Source 
const (
	ErrGeneratorParse    string = "failed to parse data as a generator"
	ErrGeneratorGenerate string = "failed to create a generator"
)
View Source 
const (
	ErrCommitmentParse     string = "unable to parse the data as a commitment"
	ErrCommitmentSerialize string = "unable to serialize commitment"
	ErrCommitmentCount     string = "number of elements differ in input arrays"
	// ErrCommitmentTally     string = "sums of inputs and outputs are not equal"
	ErrCommitmentCommit   string = "failed to create a commitment"
	ErrCommitmentBlindSum string = "failed to calculate sum of blinding factors"
	ErrCommitmentPubkey   string = "failed to create public key from commitment"
)
View Source 
const (
	// MaxRangeProofSize is the max size in bytes of a range proof
	MaxRangeProofSize = 5134

	ErrRangeProof       string = "failed to create a range proof"
	ErrRangeProofInfo   string = "failed to retrieve info for range proof"
	ErrRangeProofRewind string = "failed to recover information about author of range proof"
)
View Source 
const (
	// ContextNone wraps the SECP256K1_CONTEXT_NONE constant
	ContextNone = uint(C.SECP256K1_CONTEXT_NONE)
	// ContextSign wraps the SECP256K1_CONTEXT_SIGN constant
	ContextSign = uint(C.SECP256K1_CONTEXT_SIGN)
	// ContextVerify wraps the SECP256K1_CONTEXT_VERIFY constant
	ContextVerify = uint(C.SECP256K1_CONTEXT_VERIFY)
	// ContextBoth includes all context types
	ContextBoth = ContextSign | ContextVerify
)
View Source 
const (
	// SurjectionProofSerializationBytesMax is the maximum number of bytes a serialized surjection proof requires
	SurjectionProofSerializationBytesMax = C.SECP256K1_SURJECTIONPROOF_SERIALIZATION_BYTES_MAX

	// ErrSurjectionProofParsing error message for proof parsing function
	ErrSurjectionProofParsing string = "surjection proof parsing failed"
	// ErrSurjectionProofGeneration error message for proof generation function
	ErrSurjectionProofGeneration string = "surjection proof generation failed"
	// ErrSurjectionProofAllocation error message for proof allocation function
	ErrSurjectionProofAllocation string = "surjection proof allocation/initialization failed"
	// ErrSurjectionProofInitialization error message for proof initilization function
	ErrSurjectionProofInitialization string = "surjection proof initialization failed"
	// ErrSurjectionProofSerialization error message for proof serialization function
	ErrSurjectionProofSerialization string = "surjection proof serialization failed"
)

Variables

View Source 
var (
	// GeneratorH wraps the secp256k1 generator from Elements Alpha
	GeneratorH = Generator{C.secp256k1_generator_h}
)

Functions

func BlindGeneratorBlindSum 

func BlindGeneratorBlindSum(
	context *Context,
	value []uint64,
	generatorblind [][]byte,
	blindingfactor [][]byte,
	ninputs int,
) (
	blindout [32]byte,
	err error,
)

BlindGeneratorBlindSum sets the final Pedersen blinding factor correctly when the generators themselves have blinding factors.

Consider a generator of the form A' = A + rG, where A is the "real" generator but A' is the generator provided to verifiers. Then a Pedersen commitment P = vA' + r'G really has the form vA + (vr + r')G. To get all these (vr + r') to sum to zero for multiple commitments, we take three arrays consisting of the `v`s, `r`s, and `r'`s, respectively called `value`s, `generator_blind`s and `blinding_factor`s, and sum them.

The function then subtracts the sum of all (vr + r') from the last element of the `blinding_factor` array, setting the total sum to zero.

Returns 1: Blinding factor successfully computed. 

0: Error. A blinding_factor or generator_blind are larger than the group
   order (probability for random 32 byte number < 2^-127). Retry with
   different values.

In: ctx: pointer to a context object 

          value: array of asset values, `v` in the above paragraph.
                 May not be NULL unless `n_total` is 0.
generator_blind: array of asset blinding factors, `r` in the above paragraph
                 May not be NULL unless `n_total` is 0.
        n_total: Total size of the above arrays
       n_inputs: How many of the initial array elements represent commitments that
                 will be negated in the final sum

In/Out: blinding_factor: array of commitment blinding factors, `r'` in the above paragraph 

May not be NULL unless `n_total` is 0.
the last value will be modified to get the total sum to zero.

func BlindSum 

func BlindSum(
	context *Context,
	posblinds [][]byte,
	negblinds [][]byte,
) (
	sum [32]byte,
	err error,
)

BlindSum computes the sum of multiple positive and negative blinding factors. 

Returns 1: Sum successfully computed.
        0: Error. A blinding factor is larger than the group order
           (probability for random 32 byte number < 2^-127). Retry with
           different factors.

In:     ctx:        pointer to a context object (cannot be NULL)
        blinds:     pointer to pointers to 32-byte character arrays for blinding factors. (cannot be NULL)
        n:          number of factors pointed to by blinds.
        npositive:  how many of the input factors should be treated with a positive sign.

Out:    blind_out:  pointer to a 32-byte array for the sum (cannot be NULL)

func CommitmentSerialize 

func CommitmentSerialize(
	context *Context,
	commit *Commitment,
) (
	data [33]byte,
	err error,
)

CommitmentSerialize serializes a commitment into sequence of bytes. 

Returns: 1 always.
Args:   ctx:        a secp256k1 context object.
In:     Commitment  a commitment object
Out:    serialized data: 33-byte byte array

func ContextDestroy 

func ContextDestroy(ctx *Context)

ContextDestroy destroys the context. The provided context must not be NULL.

func ContextRandomize 

func ContextRandomize(ctx *Context, seed32 [32]byte) int

ContextRandomize accepts a [32]byte seed in order to update the context randomization. NULL may be passed to reset to initial state. The context pointer must not be null.

func EcPrivKeyNegate 

func EcPrivKeyNegate(ctx *Context, seckey []byte) (int, error)

EcPrivKeyNegate will negate a public key in place. The return code is 1 if the operation was successful, or 0 if the length was invalid.

func EcPrivKeyTweakAdd 

func EcPrivKeyTweakAdd(ctx *Context, seckey []byte, tweak []byte) (int, error)

EcPrivKeyTweakAdd modifies the provided `seckey` by adding tweak to it. The return code is 0 if `tweak` was out of range (chance of around 1 in 2^128 for uniformly random 32-byte arrays), or if the resulting private key would be invalid (only when the tweak is the complement of the private key). The return code is 1 otherwise.

func EcPrivKeyTweakMul 

func EcPrivKeyTweakMul(ctx *Context, seckey []byte, tweak []byte) (int, error)

EcPrivKeyTweakMul tweak a private key by multiplying it by a tweak. The return code is 0 if the tweak was out of range (chance of around 1 in 2^128 for uniformly random 32-byte arrays) or zero. The code is 1 otherwise.

func EcPubKeyNegate 

func EcPubKeyNegate(ctx *Context, pubkey *PublicKey) (int, error)

EcPubKeyNegate will negate a public key object in place. The return code is always 1.

func EcPubKeyTweakAdd 

func EcPubKeyTweakAdd(ctx *Context, pk *PublicKey, tweak []byte) (int, error)

Tweak a public key by adding tweak times the generator to it. The return code is 0 if the tweak was out of range (chance of around 1 in 2^128 for uniformly random 32-byte arrays) or if the resulting public key would be invalid. The return code is 1 otherwise.

func EcPubkeySerialize 

func EcPubkeySerialize(ctx *Context, publicKey *PublicKey, flags uint) (int, []byte, error)

EcPubkeySerialize serializes a pubkey object into a []byte. The output is an array of 65-bytes (if compressed==0), or 33-bytes (if compressed==1). Use EcCompressed or EcUncompressed to request a certain format. The function will always return 1, because the only public key objects are valid ones.

func Ecdh 

func Ecdh(ctx *Context, pubKey *PublicKey, privKey []byte) (int, []byte, error)

Compute an EC Diffie-Hellman secret in constant time. Return code is 1 if exponentiation was successful, or 0 if the scalar was invalid.

func FixedAssetTagSerialize 

func FixedAssetTagSerialize(
	asset *FixedAssetTag,
) (
	data [32]byte,
	err error,
)

FixedAssetTagSerialize serializes FixedAssetTag into sequence of bytes. 

Returns: 1 always.
In:      FixedAssetTag - fixed asset tag object
Out:     serialized data: 32-byte byte array

func GeneratorSerialize 

func GeneratorSerialize(
	context *Context,
	generator *Generator,
) (
	bytes [33]byte,
)

GeneratorSerialize serializes a 33-byte generator into a serialized byte sequence 

-> context   non-NULL context
-> generator generator object
<- bytes     33 bytes of data

func RangeProofInfo 

func RangeProofInfo(
	context *Context,
	proof []byte,
) (exp, mantissa int, minValue, maxValue uint64, err error)

RangeProofInfo extracts some basic information from a range-proof. 

	 Returns 1: Information successfully extracted.
        	 0: Decode failed.
	 In:   	 ctx: pointer to a context object
      	 	 proof: pointer to character array with the proof.
	 Out:  	 exp: Exponent used in the proof (-1 means the value isn't private).
      	 	 mantissa: Number of bits covered by the proof.
      	 	 min_value: pointer to an unsigned int64 which will be updated with the minimum value that commit could have. (cannot be NULL)
      	 	 max_value: pointer to an unsigned int64 which will be updated with the maximum value that commit could have. (cannot be NULL)

func RangeProofRewind 

func RangeProofRewind(
	context *Context,
	commit *Commitment,
	proof []byte,
	nonce [32]byte,
	extraCommit []byte,
	gen *Generator,
) (
	blindingFactor [32]byte,
	value, minValue, maxValue uint64,
	message []byte,
	err error,
)

RangeProofRewind verifies a range proof and rewind the proof to recover information sent by its author. 

	 Returns 1: Value is within the range [0..2^64), the specifically proven range is in the min/max value outputs, and the value and blinding were recovered.
          0: Proof failed, rewind failed, or other error.
	 In:   	 ctx: pointer to a context object, initialized for range-proof and Pedersen commitment (cannot be NULL)
       	 commit: the commitment being proved. (cannot be NULL)
       	 proof: pointer to character array with the proof. (cannot be NULL)
       	 nonce: 32-byte secret nonce used by the prover (cannot be NULL)
       	 extra_commit: additional data covered in rangeproof signature
       	 gen: additional generator 'h'
	 In/Out: blind_out: storage for the 32-byte blinding factor used for the commitment
       	 value_out: pointer to an unsigned int64 which has the exact value of the commitment.
       	 message_out: pointer to a 4096 byte character array to receive message data from the proof author.
       	 outlen:  length of message data written to message_out.
       	 min_value: pointer to an unsigned int64 which will be updated with the minimum value that commit could have. (cannot be NULL)
       	 max_value: pointer to an unsigned int64 which will be updated with the maximum value that commit could have. (cannot be NULL)

func RangeProofSign 

func RangeProofSign(
	context *Context,
	minValue uint64,
	commit *Commitment,
	blindingFactor [32]byte,
	nonce [32]byte,
	exp, minBits int,
	value uint64,
	message []byte,
	extraCommit []byte,
	generator *Generator,
) ([]byte, error)

RangeProofSign authors a proof that a committed value is within a range. 

	 Returns 1: Proof successfully created.
          0: Error
	 In:     ctx:    pointer to a context object, initialized for range-proof, signing, and Pedersen commitment (cannot be NULL)
          proof:  pointer to array to receive the proof, can be up to 5134 bytes. (cannot be NULL)
          min_value: constructs a proof where the verifer can tell the minimum value is at least the specified amount.
          commit: the commitment being proved.
          blind:  32-byte blinding factor used by commit.
          nonce:  32-byte secret nonce used to initialize the proof (value can be reverse-engineered out of the proof if this secret is known.)
          exp:    Base-10 exponent. Digits below above will be made public, but the proof will be made smaller. Allowed range is -1 to 18.
                  (-1 is a special case that makes the value public. 0 is the most private.)
          min_bits: Number of bits of the value to keep private. (0 = auto/minimal, - 64).
          value:  Actual value of the commitment.
          message: pointer to a byte array of data to be embedded in the rangeproof that can be recovered by rewinding the proof
          extra_commit: additional data to be covered in rangeproof signature
          gen: additional generator 'h'

If min_value or exp is non-zero then the value must be on the range [0, 2^63) to prevent the proof range from spanning past 2^64.

If exp is -1 the value is revealed by the proof (e.g. it proves that the proof is a blinding of a specific value, without revealing the blinding key.)

This can randomly fail with probability around one in 2^100. If this happens, buy a lottery ticket and retry with a different nonce or blinding.

func RangeProofVerify 

func RangeProofVerify(context *Context, proof []byte, commit *Commitment, extraCommit []byte, generator *Generator) (bool, int, int)

RangeProofVerify verifies a proof that a committed value is within a range. 

	 Returns 1: Value is within the range [0..2^64), the specifically proven range is in the min/max value outputs.
        	 0: Proof failed or other error.
	 In:   	 ctx: pointer to a context object, initialized for range-proof and commitment (cannot be NULL)
      	 	 commit: the commitment being proved. (cannot be NULL)
      	 	 proof: pointer to character array with the proof. (cannot be NULL)
     	 	 extra_commit: additional data covered in rangeproof signature
      	 	 gen: additional generator 'h'
	 Out:  	 min_value: pointer to a unsigned int64 which will be updated with the minimum value that commit could have. (cannot be NULL)
      	 	 max_value: pointer to a unsigned int64 which will be updated with the maximum value that commit could have. (cannot be NULL)

func SurjectionProofDestroy 

func SurjectionProofDestroy(
	proof *SurjectionProof,
)

SurjectionProofDestroy proof destroy function deallocates the struct that was allocated with secp256k1_surjectionproof_allocate_initialized 

In: proof: pointer to SurjectionProof struct

func SurjectionProofGenerate 

func SurjectionProofGenerate(context *Context,
	proof *SurjectionProof,
	ephemeralInputTags []*Generator,
	ephemeralOutputTag *Generator,
	inputIndex int,
	inputBlindingKey []byte,
	outputBlindingKey []byte,
) error

SurjectionProofGenerate proof generation function 

	 Returns 0: proof could not be created
        	 1: proof was successfully created
	 In:     ctx: pointer to a context object, initialized for signing and verification
     	 	 ephemeral_input_tags: the ephemeral asset tag of all inputs
     		 ephemeral_output_tag: the ephemeral asset tag of the output
          input_index: the index of the input that actually maps to the output
       	 input_blinding_key: the blinding key of the input
      		 output_blinding_key: the blinding key of the output
	 In/Out: proof: the produced surjection proof. Must have already gone through SurjectionProofGenerate

func SurjectionProofNTotalInputs 

func SurjectionProofNTotalInputs(
	context *Context,
	proof *SurjectionProof,
) (
	number int,
)

SurjectionProofNTotalInputs returns the total number of inputs a proof expects to be over. 

	 Returns: the number of inputs for the given proof
	 In:   		ctx: pointer to a context object
    				proof: a pointer to a proof object

func SurjectionProofNUsedInputs 

func SurjectionProofNUsedInputs(
	context *Context,
	proof *SurjectionProof,
) (
	number int,
)

SurjectionProofNUsedInputs returns the actual number of inputs that a proof uses 

	 Returns: the number of inputs for the given proof
	 In:   	 	ctx: pointer to a context object
    			 	proof: a pointer to a proof object

func SurjectionProofSerializationBytesCalc 

func SurjectionProofSerializationBytesCalc(nInputs int, nUsedInputs int) int

SurjectionProofSerializationBytesCalc calculates the number of bytes a serialized surjection proof requires given the number of inputs and the number of used inputs.

func SurjectionProofSerialize 

func SurjectionProofSerialize(
	context *Context,
	proof *SurjectionProof,
) (
	bytes []byte,
	err error,
)

SurjectionProofSerialize serializes a surjection proof 

Returns: 1 if enough space was available to serialize, 0 otherwise
Args:    ctx: a secp256k1 context object
Out:     output: a pointer to an array to store the serialization
In/Out:  outputlen: a pointer to an integer which is initially set to the
                    size of output, and is overwritten with the written
                    size.
In:      proof: a pointer to an initialized proof object

See secp256k1_surjectionproof_parse for details about the encoding.

func SurjectionProofVerify 

func SurjectionProofVerify(
	context *Context,
	proof *SurjectionProof,
	ephemeralInputTags []*Generator,
	ephemeralOutputTag *Generator,
) bool

SurjectionProofVerify proof verification function 

	 Returns 0: proof was invalid
        	 1: proof was valid
	 In:     ctx: pointer to a context object, initialized for signing and verification
        	 proof: proof to be verified
     		 ephemeral_input_tags: the ephemeral asset tag of all inputs
   	  	 n_ephemeral_input_tags: the number of entries in the ephemeral_input_tags array
     	 	 ephemeral_output_tag: the ephemeral asset tag of the output

Types

type Commitment 

type Commitment struct {
	// contains filtered or unexported fields
}

Commitment cointains a pointer to opaque data structure that stores a base point The exact representation of data inside is implementation defined and not guaranteed to be portable between different platforms or versions. It is however guaranteed to be 64 bytes in size, and can be safely copied/moved. If you need to convert to a format suitable for storage, transmission, or comparison, use appropriate serialize and parse functions.

func Commit 

func Commit(
	context *Context,
	blind []byte,
	value uint64,
	valuegen *Generator,
) (
	commit *Commitment,
	err error,
)

Commit generates a commitment 

			Returns: 1:  Commitment successfully created.
  						 0:  Error. The blinding factor is larger than the group order *
      						 (probability for random 32 byte number < 2^-127) or results in the
      						 point at infinity. Retry with a different factor.

     Args ctx:  pointer to a context object (cannot be NULL)
			Out: commit:  pointer to the commitment (cannot be NULL)
     In:  blind:  32-byte blinding factor (cannot be NULL)
  				 value:  unsigned 64-bit integer value to commit to.
	 				 value_gen:  value generator 'h'

Blinding factors can be generated and verified in the same way as secp256k1 private keys for ECDSA.

func CommitmentFromString 

func CommitmentFromString(str string) (com *Commitment, err error)

CommitmentFromString takes a commitment in hex encoded format and returns a commitment object

func CommitmentParse 

func CommitmentParse(
	context *Context,
	data33 []byte,
) (
	*Commitment,
	error,
)

CommitmentParse parses a sequence of bytes as a Pedersen commitment. Returns: 1 if input contains a valid commitment. Args: ctx: a secp256k1 context object. In: data: pointer to a 33-byte serialized data Out: nil/Commitment

func (*Commitment) Bytes 

func (commit *Commitment) Bytes() (bytes [33]byte)

Bytes converts a commitment object to array of bytes

func (*Commitment) String 

func (commit *Commitment) String() string

String converts a commitment object to an hex encoded string

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context wraps a *secp256k1_context, required to use all functions. It can be initialized for signing, verification, or both.

func ContextClone 

func ContextClone(ctx *Context) (*Context, error)

ContextClone makes a copy of the provided *Context. The provided context must not be NULL.

func ContextCreate 

func ContextCreate(flags uint) (*Context, error)

ContextCreate produces a new *Context, initialized with a bitmask of flags depending on it's intended usage. The supported flags are currently ContextSign and ContextVerify. Although expressed in the return type signature, the function does not currently return an error.

func SharedContext 

func SharedContext(flags uint) (context *Context)

SharedContext returns a managed context

type FixedAssetTag 

type FixedAssetTag struct {
	// contains filtered or unexported fields
}

FixedAssetTag holds a fixed asset tag. This data type is//not* opaque. It will always be 32 bytes of whatever data the API user wants to use as an asset tag. Its contents have no semantic meaning to libsecp whatsoever.

func FixedAssetTagFromHex 

func FixedAssetTagFromHex(str string) (com *FixedAssetTag, err error)

FixedAssetTagFromHex parses a string a a FixedAssetTag

func FixedAssetTagParse 

func FixedAssetTagParse(
	data32 []byte,
) (
	*FixedAssetTag,
	error,
)

FixedAssetTagParse parses a sequence of bytes as a FixedAssetTag 

	 Returns: 1 if input contains a valid FixedAssetTag
  In:   		data32: pointer to a 33-byte serialized data
  Out:  		nil/FixedAssetTag

func (*FixedAssetTag) Bytes 

func (asset *FixedAssetTag) Bytes() (bytes [32]byte)

Bytes converts a fixed asset tag object to a 32-byte array

func (*FixedAssetTag) Hex 

func (asset *FixedAssetTag) Hex() string

Hex converts a surjection proof object to an hex encoded string

func (*FixedAssetTag) Slice 

func (asset *FixedAssetTag) Slice() []byte

Slice converts a fixed asset tag object to a byte slice

type Generator 

type Generator struct {
	// contains filtered or unexported fields
}

Generator contains a pointer to opaque data structure that stores a base point The exact representation of data inside is implementation defined and not guaranteed to be portable between different platforms or versions. It is however guaranteed to be 64 bytes in size, and can be safely copied/moved. If you need to convert to a format suitable for storage, transmission, or comparison, use secp256k1_generator_serialize and secp256k1_generator_parse.

func GeneratorFromBytes 

func GeneratorFromBytes(bytes []byte) (gen *Generator, err error)

GeneratorFromBytes returns a generator object from an array of bytes

func GeneratorFromString 

func GeneratorFromString(str string) (gen *Generator, err error)

GeneratorFromString returns a generator object from a hex encoded string

func GeneratorGenerate 

func GeneratorGenerate(ctx *Context, seed []byte) (*Generator, error)

GeneratorGenerate generates a generator for the curve. 

Returns: 0 in the highly unlikely case the seed is not acceptable,
         1 otherwise.
Args: ctx:     a secp256k1 context object
Out:  gen:     a generator object
In:   seed32:  a 32-byte seed

If successful a valid generator will be placed in gen. The produced
generators are distributed uniformly over the curve, and will not have a
known discrete logarithm with respect to any other generator produced,
or to the base generator G.

func GeneratorGenerateBlinded 

func GeneratorGenerateBlinded(ctx *Context, seed []byte, blind []byte) (*Generator, error)

GeneratorGenerateBlinded generates a blinded generator for the curve. 

 		Returns: 0 in the highly unlikely case the seed is not acceptable or when
              blind is out of range.
							 1 otherwise.
     Args: ctx:     a secp256k1 context object, initialized for signing
     Out:  gen:     a generator object
     In:   seed32:  a 32-byte seed
           blind32: a 32-byte secret value to blind the genesizeofrator with.

     The result is equivalent to first calling secp256k1_gensizeoferator_generate,
     converting the result to a public key, calling secp256k1_ec_pubkey_tweak_add,
     and then converting back to generator form.sizeof

func GeneratorParse 

func GeneratorParse(
	context *Context,
	bytes []byte,
) (
	generator *Generator,
	err error,
)

GeneratorParse parses a 33-byte generator byte sequence into a generator object. -> context a secp256k1 context object. -> bytes 33-byte slice of data <- generator pointer to a generator object <- err nil if success or an error object

func (*Generator) Bytes 

func (gen *Generator) Bytes() (bytes [33]byte)

Bytes converts generator object to array of bytes

func (*Generator) String 

func (gen *Generator) String() string

String serializes generator as a hex string

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey wraps a *secp256k1_pubkey, which contains the prefix plus the X+Y coordidnates

func EcPubKeyCombine 

func EcPubKeyCombine(ctx *Context, vPk []*PublicKey) (int, *PublicKey, error)

EcPubKeyCombine will compute sum of all the provided public keys, returning a new point. The error code is 1 if the sum is valid, 0 otherwise. There must be at least one public key.

func EcPubkeyCreate 

func EcPubkeyCreate(ctx *Context, seckey []byte) (int, *PublicKey, error)

EcPubkeyCreate will compute the public key for a secret key. The return code is 1 and the key returned if the secret was valid. Otherwise, the return code is 0, and an error is returned. The key length must be 32-bytes.

func EcPubkeyParse 

func EcPubkeyParse(ctx *Context, publicKey []byte) (int, *PublicKey, error)

EcPubkeyParse deserializes a variable-length public key into a *Pubkey object. The function will reject any input of zero bytes in length. This function supports parsing compressed (33 bytes, header byte 0x02 or 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header byte 0x06 or 0x07) format public keys. The return code is 1 if the public key was fully valid, or 0 if the public key was invalid or could not be parsed.

type SurjectionProof 

type SurjectionProof struct {
	// contains filtered or unexported fields
}

SurjectionProof opaque data structure that holds a parsed surjection proof 

The exact representation of data inside is implementation defined and not
guaranteed to be portable between different platforms or versions. Nor is
it guaranteed to have any particular size, nor that identical proofs
will have identical representation. (That is, memcmp may return nonzero
even for identical proofs.)

To obtain these properties, instead use secp256k1_surjectionproof_parse
and secp256k1_surjectionproof_serialize to encode/decode proofs into a
well-defined format.

The representation is exposed to allow creation of these objects on the
stack; please *do not* use these internals directly.

func SurjectionProofAllocateInitialized 

func SurjectionProofAllocateInitialized(
	context *Context,
	fixedInputTags []*FixedAssetTag,
	nInputTagsToUse int,
	fixedOutputTag *FixedAssetTag,
	nMaxIterations int,
	seed32 []byte,
) (
	int,
	*SurjectionProof,
	int,
	error,
)

SurjectionProofAllocateInitialized proof allocation and initialization function; decides on inputs to use 

	 Returns 0: inputs could not be selected, or malloc failure
        	 n: inputs were selected after n iterations of random selection
	 In:     ctx: pointer to a context object
          proof_out_p: a pointer to a pointer to `secp256k1_surjectionproof*`.
                       the newly-allocated struct pointer will be saved here.
     		 fixed_input_tags: fixed input tags `A_i` for all inputs. (If the fixed tag is not known,
                       		 e.g. in a coinjoin with others' inputs, an ephemeral tag can be given;
                       		 this won't match the output tag but might be used in the anonymity set.)
     		 n_input_tags_to_use: the number of inputs to select randomly to put in the anonymity set
     		 fixed_output_tag: fixed output tag
     		 max_n_iterations: the maximum number of iterations to do before giving up. Because the
                       		 maximum number of inputs (SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS) is
                       	 	 limited to 256 the probability of giving up is smaller than
                       		 (255/256)^(n_input_tags_to_use*max_n_iterations).
        	 random_seed32: a random seed to be used for input selection
	 Out:    proof_out_p: The pointer to newly-allocated proof whose bitvector will be initialized.
                       In case of failure, the pointer will be NULL.
          input_index: The index of the actual input that is secretly mapped to the output

func SurjectionProofFromString 

func SurjectionProofFromString(str string) (proof *SurjectionProof, err error)

SurjectionProofFromString returns a surjection proof object from an hex encoded string

func SurjectionProofInitialize 

func SurjectionProofInitialize(
	context *Context,
	fixedInputTags []*FixedAssetTag,
	nInputTagsToUse int,
	fixedOutputTag *FixedAssetTag,
	nMaxIterations int,
	seed32 []byte,
) (*SurjectionProof, int, error)

SurjectionProofInitialize proof initialization function; decides on inputs to use To be used to initialize stack-allocated secp256k1_surjectionproof struct 

	 Returns 0: inputs could not be selected
        	 n: inputs were selected after n iterations of random selection
	 In:		 ctx: pointer to a context object
     		 fixed_input_tags: fixed input tags `A_i` for all inputs. (If the fixed tag is not known,
                       		 e.g. in a coinjoin with others' inputs, an ephemeral tag can be given;
                       		 this won't match the output tag but might be used in the anonymity set.)
  				 n_input_tags_to_use: the number of inputs to select randomly to put in the anonymity set
                       				Must be <= SECP256K1_SURJECTIONPROOF_MAX_USED_INPUTS
     		 fixed_output_tag: fixed output tag
     		 max_n_iterations: the maximum number of iterations to do before giving up. Because the
                       		 maximum number of inputs (SECP256K1_SURJECTIONPROOF_MAX_N_INPUTS) is
                       		 limited to 256 the probability of giving up is smaller than
                       		 (255/256)^(n_input_tags_to_use*max_n_iterations).
        	 random_seed32: a random seed to be used for input selection
	 Out:    proof: The proof whose bitvector will be initialized. In case of failure,
                 the state of the proof is undefined.
          input_index: The index of the actual input that is secretly mapped to the output

func SurjectionProofParse 

func SurjectionProofParse(
	context *Context,
	bytes []byte,
) (
	proof *SurjectionProof,
	err error,
)

SurjectionProofParse parses a surjection proof 

  Returns: 1: when the proof could be parsed
						0: otherwise
  Args: 		ctx: a secp256k1 context object
  Out:  		proof: a pointer to a proof object
  In:   		input: a pointer to the array to parse
       		inputlen: length of the array pointed to by input

 The proof must consist of:
   - A 2-byte little-endian total input count `n`
   - A ceil(n/8)-byte bitmap indicating which inputs are used.
   - A big-endian 32-byte borromean signature e0 value
   - `m` big-endian 32-byte borromean signature s values, where `m`
     is the number of set bits in the bitmap

func (*SurjectionProof) Bytes 

func (proof *SurjectionProof) Bytes() (bytes []byte)

Bytes converts a surjection proof object to a byte slice

func (*SurjectionProof) String 

func (proof *SurjectionProof) String() string

String converts a surjection proof object to an hex encoded string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.