df

package
v0.0.0-...-5bb28f7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2018 License: Apache-2.0 Imports: 4 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewLagrange 

func NewLagrange() *lagrange

NewLagrange initializes lagrange array with zero values

Types

type Committer 

type Committer struct {
	B int      // 2^B is upper bound estimation for group order, it can be len(RSASpecial.N) - 2
	T *big.Int // we can commit to values between -T and T
	// contains filtered or unexported fields
}

func NewCommitter 

func NewCommitter(n, g, h, t *big.Int, k int) *Committer

TODO: switch h and g

func (*Committer) ComputeCommit 

func (df *Committer) ComputeCommit(a, r *big.Int) *big.Int

ComputeCommit returns G^a * H^r % group.N for a given a and r. Note that this is exactly the commitment, but with a given a and r. It serves as a helper function for associated proofs where g^x * h^y % group.N needs to be computed several times.

func (*Committer) GetCommitMsg 

func (c *Committer) GetCommitMsg(a *big.Int) (*big.Int, error)

TODO: the naming is not OK because it also sets committer.committedValue and committer.r

func (*Committer) GetCommitMsgWithGivenR 

func (c *Committer) GetCommitMsgWithGivenR(a, r *big.Int) (*big.Int, error)

func (*Committer) GetDecommitMsg 

func (c *Committer) GetDecommitMsg() (*big.Int, *big.Int)

type EqualityProof 

type EqualityProof struct {
	ProofRandomData1 *big.Int
	ProofRandomData2 *big.Int
	Challenge        *big.Int
	ProofData1       *big.Int
	ProofData21      *big.Int
	ProofData22      *big.Int
}

EqualityProof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewEqualityProof 

func NewEqualityProof(proofRandomData1, proofRandomData2, challenge, proofData1, proofData21,
	proofData22 *big.Int) *EqualityProof

type EqualityProver 

type EqualityProver struct {
	// contains filtered or unexported fields
}

func NewEqualityProver 

func NewEqualityProver(committer1, committer2 *Committer,
	challengeSpaceSize int) *EqualityProver

func (*EqualityProver) GetProofData 

func (p *EqualityProver) GetProofData(challenge *big.Int) (*big.Int,
	*big.Int, *big.Int)

func (*EqualityProver) GetProofRandomData 

func (p *EqualityProver) GetProofRandomData() (*big.Int, *big.Int)

type EqualityVerifier 

type EqualityVerifier struct {
	// contains filtered or unexported fields
}

func NewEqualityVerifier 

func NewEqualityVerifier(receiver1, receiver2 *Receiver,
	challengeSpaceSize int) *EqualityVerifier

func (*EqualityVerifier) GetChallenge 

func (v *EqualityVerifier) GetChallenge() *big.Int

func (*EqualityVerifier) SetChallenge 

func (v *EqualityVerifier) SetChallenge(challenge *big.Int)

SetChallenge is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*EqualityVerifier) SetProofRandomData 

func (v *EqualityVerifier) SetProofRandomData(proofRandomData1,
	proofRandomData2 *big.Int)

func (*EqualityVerifier) Verify 

func (v *EqualityVerifier) Verify(s1, s21, s22 *big.Int) bool

type MultiplicationProof 

type MultiplicationProof struct {
	ProofRandomData1 *big.Int
	ProofRandomData2 *big.Int
	Challenge        *big.Int
	ProofDataU1      *big.Int
	ProofDataU       *big.Int
	ProofDataV1      *big.Int
	ProofDataV2      *big.Int
	ProofDataV3      *big.Int
}

MultiplicationProof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewMultiplicationProof 

func NewMultiplicationProof(proofRandomData1, proofRandomData2, challenge, proofDataU1, proofDataU,
	proofDataV1, proofDataV2, proofDataV3 *big.Int) *MultiplicationProof

type MultiplicationProver 

type MultiplicationProver struct {
	// contains filtered or unexported fields
}

MultiplicationProver proves for given commitments c1 = g^x1 * h^r1, c2 = g^x2 * h^r2, c3 = g^x3 * h^r3 that x3 = x1 * x2. Proof consists of three parallel proofs: (1) proof that we can open c1 (2) proof that we can open c2 (3) proof that we can open c3, where c3 is seen as c3 = G^x3 * H^r3 = G^(x1*x2) * H^r1*x2 * H^(r3 - r1*x2) = c1^x2 * H^(r3 - r1*x2), thus a new "G" is c1, "x" is x2, and "r3" is r3 - r1*x2.

func NewMultiplicationProver 

func NewMultiplicationProver(committer1, committer2,
	committer3 *Committer,
	challengeSpaceSize int) *MultiplicationProver

func (*MultiplicationProver) GetProofData 

func (p *MultiplicationProver) GetProofData(challenge *big.Int) (*big.Int, *big.Int,
	*big.Int, *big.Int, *big.Int)

func (*MultiplicationProver) GetProofRandomData 

func (p *MultiplicationProver) GetProofRandomData() (*big.Int, *big.Int, *big.Int)

type MultiplicationVerifier 

type MultiplicationVerifier struct {
	// contains filtered or unexported fields
}

func NewMultiplicationVerifier 

func NewMultiplicationVerifier(receiver1, receiver2,
	receiver3 *Receiver,
	challengeSpaceSize int) *MultiplicationVerifier

func (*MultiplicationVerifier) GetChallenge 

func (v *MultiplicationVerifier) GetChallenge() *big.Int

func (*MultiplicationVerifier) SetChallenge 

func (v *MultiplicationVerifier) SetChallenge(challenge *big.Int)

SetChallenge is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*MultiplicationVerifier) SetProofRandomData 

func (v *MultiplicationVerifier) SetProofRandomData(d1, d2, d3 *big.Int)

func (*MultiplicationVerifier) Verify 

func (v *MultiplicationVerifier) Verify(u1, u, v1, v2, v3 *big.Int) bool

type OpeningProof 

type OpeningProof struct {
	ProofRandomData *big.Int
	Challenge       *big.Int
	ProofData1      *big.Int
	ProofData2      *big.Int
}

OpeningProof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewOpeningProof 

func NewOpeningProof(proofRandomData, challenge, proofData1, proofData2 *big.Int) *OpeningProof

type OpeningProver 

type OpeningProver struct {
	// contains filtered or unexported fields
}

func NewOpeningProver 

func NewOpeningProver(committer *Committer,
	challengeSpaceSize int) *OpeningProver

func (*OpeningProver) GetProofData 

func (p *OpeningProver) GetProofData(challenge *big.Int) (*big.Int, *big.Int)

func (*OpeningProver) GetProofRandomData 

func (p *OpeningProver) GetProofRandomData() *big.Int

type OpeningVerifier 

type OpeningVerifier struct {
	// contains filtered or unexported fields
}

func NewOpeningVerifier 

func NewOpeningVerifier(receiver *Receiver,
	challengeSpaceSize int) *OpeningVerifier

func (*OpeningVerifier) GetChallenge 

func (v *OpeningVerifier) GetChallenge() *big.Int

func (*OpeningVerifier) SetChallenge 

func (v *OpeningVerifier) SetChallenge(challenge *big.Int)

SetChallenge is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*OpeningVerifier) SetProofRandomData 

func (v *OpeningVerifier) SetProofRandomData(proofRandomData *big.Int)

func (*OpeningVerifier) Verify 

func (v *OpeningVerifier) Verify(s1, s2 *big.Int) bool

type PositiveProof 

type PositiveProof struct {
	ProofRandomData []*big.Int
	Challenges      []*big.Int
	ProofData       []*big.Int
}

PositiveProof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewPositiveProof 

func NewPositiveProof(proofRandomData, challenges, proofData []*big.Int) *PositiveProof

type PositiveProver 

type PositiveProver struct {
	// contains filtered or unexported fields
}

PositiveProver proves that the commitment hides the positive number. Given c, prove that c = g^x * h^r (mod n) where x >= 0.

func NewPositiveProver 

func NewPositiveProver(committer *Committer,
	x, r *big.Int, challengeSpaceSize int) (*PositiveProver, error)

func (*PositiveProver) GetProofData 

func (p *PositiveProver) GetProofData(challenges []*big.Int) []*big.Int

func (*PositiveProver) GetProofRandomData 

func (p *PositiveProver) GetProofRandomData() []*big.Int

func (*PositiveProver) GetVerifierInitializationData 

func (p *PositiveProver) GetVerifierInitializationData() ([]*big.Int, []*big.Int)

GetVerifierInitializationData returns data that are needed by PositiveVerifier and are known only after the initialization of PositiveProver.

type PositiveVerifier 

type PositiveVerifier struct {
	// contains filtered or unexported fields
}

func NewPositiveVerifier 

func NewPositiveVerifier(receiver *Receiver,
	receiverCommitment *big.Int, smallCommitments, bigCommitments []*big.Int,
	challengeSpaceSize int) (*PositiveVerifier, error)

func (*PositiveVerifier) GetChallenges 

func (v *PositiveVerifier) GetChallenges() []*big.Int

func (*PositiveVerifier) SetChallenges 

func (v *PositiveVerifier) SetChallenges(challenges []*big.Int)

SetChallenges is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*PositiveVerifier) SetProofRandomData 

func (v *PositiveVerifier) SetProofRandomData(proofRandomData []*big.Int) error

func (*PositiveVerifier) Verify 

func (v *PositiveVerifier) Verify(proofData []*big.Int) bool

type RangeProof 

type RangeProof struct {
	ProofRandomData1 []*big.Int
	ProofRandomData2 []*big.Int
	Challenges1      []*big.Int
	Challenges2      []*big.Int
	ProofData1       []*big.Int
	ProofData2       []*big.Int
}

RangeProof presents all three messages in sigma protocol - useful when challenge is generated by prover via Fiat-Shamir.

func NewRangeProof 

func NewRangeProof(proofRandomData1, proofRandomData2, challenges1, challenges2, proofData1,
	proofData2 []*big.Int) *RangeProof

type RangeProver 

type RangeProver struct {
	// contains filtered or unexported fields
}

RangeProver proves that the commitment hides a number x such that a <= x <= b. Given c, prove that c = g^x * h^r (mod n) where a <= x <= b.

func NewRangeProver 

func NewRangeProver(committer *Committer,
	x, a, b *big.Int, challengeSpaceSize int) (*RangeProver, error)

func (*RangeProver) GetProofData 

func (p *RangeProver) GetProofData(challenges1, challenges2 []*big.Int) ([]*big.Int, []*big.Int, error)

func (*RangeProver) GetProofRandomData 

func (p *RangeProver) GetProofRandomData() ([]*big.Int, []*big.Int)

func (*RangeProver) GetVerifierInitializationData 

func (p *RangeProver) GetVerifierInitializationData() ([]*big.Int, []*big.Int, []*big.Int,
	[]*big.Int)

GetVerifierInitializationData returns data that are needed by RangeVerifier and are known only after the initialization of RangeProver.

type RangeVerifier 

type RangeVerifier struct {
	// contains filtered or unexported fields
}

func NewRangeVerifier 

func NewRangeVerifier(receiver *Receiver, a, b *big.Int,
	smallCommitments1, bigCommitments1, smallCommitments2, bigCommitments2 []*big.Int,
	challengeSpaceSize int) (*RangeVerifier, error)

func (*RangeVerifier) GetChallenges 

func (v *RangeVerifier) GetChallenges() ([]*big.Int, []*big.Int)

func (*RangeVerifier) SetChallenges 

func (v *RangeVerifier) SetChallenges(challenges1, challenges2 []*big.Int)

SetChallenges is used when Fiat-Shamir is used - when challenge is generated using hash by the prover.

func (*RangeVerifier) SetProofRandomData 

func (v *RangeVerifier) SetProofRandomData(proofRandomData1, proofRandomData2 []*big.Int) error

func (*RangeVerifier) Verify 

func (v *RangeVerifier) Verify(proofData1, proofData2 []*big.Int) (bool, error)

type Receiver 

type Receiver struct {
	Commitment *big.Int
	// contains filtered or unexported fields
}

func NewReceiver 

func NewReceiver(safePrimeBitLength, k int) (*Receiver, error)

NewReceiver receives two parameters: safePrimeBitLength tells the length of the primes in RSASpecial group and should be at least 1024, k is security parameter on which it depends the hiding property (commitment c = G^a * H^r where r is chosen randomly from (0, 2^(B+k)) - the distribution of c is statistically close to uniform, 2^B is upper bound estimation for group order).

func NewReceiverFromParams 

func NewReceiverFromParams(specialRSAPrimes *qr.RSASpecialPrimes, g, h *big.Int,
	k int) (
	*Receiver, error)

NewReceiverFromParams returns an instance of a receiver with the parameters as given by input. Different instances are needed because each sets its own Commitment value.

func (*Receiver) CheckDecommitment 

func (r *Receiver) CheckDecommitment(R, a *big.Int) bool

func (*Receiver) ComputeCommit 

func (df *Receiver) ComputeCommit(a, r *big.Int) *big.Int

ComputeCommit returns G^a * H^r % group.N for a given a and r. Note that this is exactly the commitment, but with a given a and r. It serves as a helper function for associated proofs where g^x * h^y % group.N needs to be computed several times.

func (*Receiver) SetCommitment 

func (r *Receiver) SetCommitment(c *big.Int)

When receiver receives a commitment, it stores the value using SetCommitment method.

type SquareProver 

type SquareProver struct {
	*EqualityProver
	// We have two commitments with the same value: SmallCommitment = g^x * h^r1 and
	// c = SmallCommitment^x * h^r2. Also c = g^(x^2) * h^r.
	SmallCommitment *big.Int
}

SquareProver proves that the commitment hides the square. Given c, prove that c = g^(x^2) * h^r (mod n).

func NewSquareProver 

func NewSquareProver(committer *Committer,
	x *big.Int, challengeSpaceSize int) (*SquareProver, error)

type SquareVerifier 

type SquareVerifier struct {
	*EqualityVerifier
}

func NewSquareVerifier 

func NewSquareVerifier(receiver *Receiver,
	c1 *big.Int, challengeSpaceSize int) (*SquareVerifier, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.