Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ProveBitCommitment ¶
ProveBitCommitment demonstrates how committer can prove that a commitment contains 0 or 1. This is achieved by using PartialPreimageProver.
func ProveMultiplicationCommitment ¶
ProveMultiplicationCommitment demonstrates how, given commitments A, B, C, prover can prove that C = A * B. Note that the proof should work also for other commitments that are based on q-one-way Homomorphism, not only for our RSA-based Committer.
Types ¶
type Committer ¶
Committer implements commitment scheme based on RSA based q-one-way Group Homomorphism (scheme proposed by Cramer and Damgard). Commitment schemes based on q-one-way Homomorphism have some nice properties - it can be proved in zero knowledge that a commitment contains 0 or 1 (see ProveBitCommitment) and it can be proved for A, B, C that C is commitment for a * b where A is commitment to a and B commitment to B.
func NewCommitter ¶
NewCommitter takes qOneWay and y generated by the Receiver.
func (*Committer) GetCommitmentToMultiplication ¶
GetCommitmentToMultiplication receives a, b, u where u is a random integer used in commitment B to b (B = y^b * QOneWayHomomorphism(u)). It returns commitment C to c = a * b mod Q, random integer o where C = y^(a*b) * QOneWayHomomorphism(o), and integer t such that C = B^a * QOneWayHomomorphism(t).
type MultiplicationProver ¶
type MultiplicationProver struct {
QOneWayHomomorphism func(*big.Int) *big.Int
QOneWayHomomorphismInv func(*big.Int) *big.Int // works only for y^Q, takes y as input
H crypto.Group
Q *big.Int
Y *big.Int
A *big.Int // commitments to a
B *big.Int // commitment to b
C *big.Int // commitment to c = a * b mod Q
// contains filtered or unexported fields
}
func NewMultiplicationProver ¶
func (*MultiplicationProver) GetProofData ¶
func (*MultiplicationProver) GetProofRandomData ¶
type MultiplicationVerifier ¶
type MultiplicationVerifier struct {
QOneWayHomomorphism func(*big.Int) *big.Int
H crypto.Group
Q *big.Int
Y *big.Int
A *big.Int
B *big.Int
C *big.Int
// contains filtered or unexported fields
}
func (*MultiplicationVerifier) GetChallenge ¶
func (v *MultiplicationVerifier) GetChallenge() *big.Int
func (*MultiplicationVerifier) SetProofRandomData ¶
func (v *MultiplicationVerifier) SetProofRandomData(m1, m2, m3 *big.Int)
type RSABased ¶
type RSABased struct {
Group *rsa.Group
// Q is a random number > Group.N.
Q *big.Int
// Homomorphism is q-one-way Homomorphism f: x -> x^Q mod N.
// It is difficult to compute a preimage of y^i for i < Q, but easy for i = Q.
// Computing preimage of y^Q for RSA-based q-one-way is trivial: it is y.
Homomorphism func(*big.Int) *big.Int
// HomomorphismInv can compute x such that Homomorphism(x) = y^Q, given y^Q.
// Note: we assume that HomomorphismInv takes y as input, not y^Q.
// In our case (RSA-based q-one-way), HomomorphismInv is trivial: identity.
// For other QOneHomomorphisms it might be different.
HomomorphismInv func(*big.Int) *big.Int
}
RSABased represents RSA-based q-one-way.
func NewRSABased ¶
NewRSABased generates a new instance of RSABased q-one-way. It takes bit length for instantiating the underlying rsa.Group.
type Receiver ¶
func NewReceiver ¶
func (*Receiver) SetCommitment ¶
When receiver receives a commitment, it stores the value using SetCommitment method.
Source Files