gitee.com/lh-her-team/common@v1.5.1/crypto/bulletproofs/bulletproofs_slow.go (about) 1 //go:build !linux || !amd64 2 // +build !linux !amd64 3 4 package bulletproofs 5 6 import "gitee.com/lh-her-team/common/crypto/bulletproofs/bulletproofs_nocgo" 7 8 // ProveRandomOpening Generate proof with randomly pick opening 9 // x: prove x is in the range [0, 2^64) 10 // return 1: proof in []byte 11 // return 2: commitment of x: xB + rB' 12 // return 3: opening, the randomness r used to commit x (secret key) 13 func ProveRandomOpening(x uint64) ([]byte, []byte, []byte, error) { 14 return bulletproofs_nocgo.ProveRandomOpening(x) 15 } 16 17 // ProveSpecificOpening Generate proof with a chosen opening 18 // x: prove x is in the range [0, 2^64) 19 // opening: the chosen randomness to commit x (secret key) 20 // return 1: proof in []byte 21 // return 2: commitment of x using opening 22 func ProveSpecificOpening(x uint64, opening []byte) ([]byte, []byte, error) { 23 return bulletproofs_nocgo.ProveSpecificOpening(x, opening) 24 } 25 26 // Verify Verify the validity of a proof 27 // proof: the zero-knowledge proof proving the number committed in commitment is in the range [0, 2^64) 28 // commitment: commitment bindingly hiding the number x 29 // return: true on valid proof, false otherwise 30 func Verify(proof []byte, commitment []byte) (bool, error) { 31 return bulletproofs_nocgo.Verify(proof, commitment) 32 } 33 34 // ProveAfterAddNum Update a commitment of x (xB + rB') to x + y and generate a proof of it with the same opening 35 // x, y: prove x + y is in the range [0, 2^64) 36 // openingX: the randomness r used to commit x, also used in the new proof 37 // commitmentX: commitment of x: xB + rB' 38 // return 1: proof in []byte 39 // return 2: commitment of x + y: (x + y)B + rB' 40 func ProveAfterAddNum(x, y uint64, openingX, commitmentX []byte) ([]byte, []byte, error) { 41 return bulletproofs_nocgo.ProveAfterAddNum(x, y, openingX, commitmentX) 42 } 43 44 // ProveAfterAddCommitment Update commitments of x (xB + rB') and y (yB + sB') to x + y and 45 // generate a proof of it with the sum of the two opening 46 // x, y: prove x + y is in the range [0, 2^64) 47 // openingX: the randomness r used to commit x 48 // openingY: the randomness s used to commit y 49 // commitmentX: commitment of x: xB + rB' 50 // commitmentX: commitment of y: yB + sB' 51 // return 1: proof in []byte 52 // return 2: commitment of x + y: (x + y)B + (r + s)B' 53 // return 3: new opening for the result commitment (r + s) 54 func ProveAfterAddCommitment(x, y uint64, openingX, openingY, commitmentX, commitmentY []byte) ( 55 []byte, []byte, []byte, error) { 56 return bulletproofs_nocgo.ProveAfterAddCommitment(x, y, openingX, openingY, commitmentX, commitmentY) 57 } 58 59 // ProveAfterSubNum Update a commitment of x (xB + rB') to x - y and generate a proof of it with the same opening 60 // x, y: prove x - y is in the range [0, 2^64) 61 // openingX: the randomness r used to commit x, also used in the new proof 62 // commitmentX: commitment of x (old commitment) 63 // return 1: proof in []byte 64 // return 2: commitment of x - y: (x - y)B + rB' 65 func ProveAfterSubNum(x, y uint64, openingX, commitmentX []byte) ([]byte, []byte, error) { 66 return bulletproofs_nocgo.ProveAfterSubNum(x, y, openingX, commitmentX) 67 } 68 69 // ProveAfterSubCommitment Update commitments of x (xB + rB') and y (yB + sB') to x - y and generate a proof of 70 // it with the subtraction of the two openings 71 // x, y: prove x + y is in the range [0, 2^64) 72 // openingX: the randomness r used to commit x 73 // openingY: the randomness s used to commit y 74 // commitmentX: commitment of x: xB + rB' 75 // commitmentX: commitment of y: yB + sB' 76 // return 1: proof in []byte 77 // return 2: commitment of x - y: (x - y)B + (r - s)B' 78 // return 3: new opening for the result commitment (r - s) 79 func ProveAfterSubCommitment(x, y uint64, openingX, openingY, commitmentX, commitmentY []byte) ( 80 []byte, []byte, []byte, error) { 81 return bulletproofs_nocgo.ProveAfterSubCommitment(x, y, openingX, openingY, commitmentX, commitmentY) 82 } 83 84 // ProveAfterMulNum Update commitment of x (xB + rB') to commitment of x * y and generate a proof of it with the 85 // updated opening, where y is a value 86 // x, y: prove x * y is in the range [0, 2^64) 87 // openingX: the randomness r used to commit x 88 // commitmentX: commitment of x: xB + rB' 89 // return 1: proof in []byte 90 // return 2: commitment of x * y: (x * y)B + (r * y)B' 91 // return 3: new opening for the result commitment: r * y 92 func ProveAfterMulNum(x, y uint64, openingX, commitmentX []byte) ([]byte, []byte, []byte, error) { 93 return bulletproofs_nocgo.ProveAfterMulNum(x, y, openingX, commitmentX) 94 } 95 96 // PedersenRNG generate a truly random scalar (which can be used as an opening to generate a commitment). 97 // return: a random scalar in []byte format 98 func PedersenRNG() ([]byte, error) { 99 return bulletproofs_nocgo.PedersenRNG() 100 } 101 102 // PedersenCommitRandomOpening compute Pedersen commitment on a value x with a randomly chosen opening 103 // x: the value to commit 104 // return1: commitment C = xB + rB' 105 // return2: opening r (randomly picked) 106 func PedersenCommitRandomOpening(x uint64) ([]byte, []byte, error) { 107 return bulletproofs_nocgo.PedersenCommitRandomOpening(x) 108 } 109 110 // PedersenCommitSpecificOpening compute Pedersen commitment on a value x with a given opening 111 // x: the value to commit 112 // return1: commitment C = xB + rB' 113 func PedersenCommitSpecificOpening(x uint64, r []byte) ([]byte, error) { 114 return bulletproofs_nocgo.PedersenCommitSpecificOpening(x, r) 115 } 116 117 // PedersenVerify verify the validity of a commitment with respect to a value-opening pair 118 // commitment: the commitment to be opened or verified: xB + rB' 119 // opening: the opening of the commitment: r 120 // value: the value claimed being binding to commitment: x 121 // return1: true if commitment is valid, false otherwise 122 func PedersenVerify(commitment, opening []byte, value uint64) (bool, error) { 123 return bulletproofs_nocgo.PedersenVerify(commitment, opening, value) 124 } 125 126 // PedersenNeg Compute a commitment to -x from a commitment to x without revealing the value x 127 // commitment: C = xB + rB' 128 // value: the value y 129 // return1: the new commitment to x + y: C' = (x + y)B + rB' 130 func PedersenNeg(commitment []byte) ([]byte, error) { 131 return bulletproofs_nocgo.PedersenNeg(commitment) 132 } 133 134 // PedersenNegOpening Compute the negation of opening. Openings are big numbers with 256 bits. 135 // opening: the opening r to be negated 136 // return: the result opening: -r 137 func PedersenNegOpening(opening []byte) ([]byte, error) { 138 return bulletproofs_nocgo.PedersenNegOpening(opening) 139 } 140 141 // PedersenAddNum Compute a commitment to x + y from a commitment to x without revealing the value x, 142 // where y is a scalar 143 // commitment: C = xB + rB' 144 // value: the value y 145 // return1: the new commitment to x + y: C' = (x + y)B + rB' 146 func PedersenAddNum(commitment []byte, value uint64) ([]byte, error) { 147 return bulletproofs_nocgo.PedersenAddNum(commitment, value) 148 } 149 150 // PedersenAddCommitment Compute a commitment to x + y from commitments to x and y, without revealing the value x and y 151 // commitment1: commitment to x: Cx = xB + rB' 152 // commitment2: commitment to y: Cy = yB + sB' 153 // return: commitment to x + y: C = (x + y)B + (r + s)B' 154 func PedersenAddCommitment(commitment1, commitment2 []byte) ([]byte, error) { 155 return bulletproofs_nocgo.PedersenAddCommitment(commitment1, commitment2) 156 } 157 158 // PedersenAddOpening Compute the sum of two openings. Openings are big numbers with 256 bits. 159 // opening1, opening2: the two openings r and s to be summed 160 // return: the result opening: r + s 161 func PedersenAddOpening(opening1, opening2 []byte) ([]byte, error) { 162 return bulletproofs_nocgo.PedersenAddOpening(opening1, opening2) 163 } 164 165 // PedersenAddCommitmentWithOpening Compute a commitment to x + y without revealing the value x and y 166 // commitment1: commitment to x: Cx = xB + rB' 167 // commitment2: commitment to y: Cy = yB + sB' 168 // return1: the new commitment to x + y: C' = (x + y)B + rB' 169 // return2: the new opening r + s 170 func PedersenAddCommitmentWithOpening(commitment1, commitment2, opening1, opening2 []byte) ([]byte, []byte, error) { 171 return bulletproofs_nocgo.PedersenAddCommitmentWithOpening(commitment1, commitment2, opening1, opening2) 172 } 173 174 // PedersenSubNum Compute a commitment to x - y from a commitment to x without revealing the value x, 175 // where y is a scalar 176 // commitment: C = xB + rB' 177 // value: the value y 178 // return1: the new commitment to x - y: C' = (x - y)B + rB' 179 func PedersenSubNum(commitment []byte, value uint64) ([]byte, error) { 180 return bulletproofs_nocgo.PedersenSubNum(commitment, value) 181 } 182 183 // PedersenSubCommitment Compute a commitment to x - y from commitments to x and y, without revealing the value x and y 184 // commitment1: commitment to x: Cx = xB + rB' 185 // commitment2: commitment to y: Cy = yB + sB' 186 // return: commitment to x - y: C = (x - y)B + (r - s)B' 187 func PedersenSubCommitment(commitment1, commitment2 []byte) ([]byte, error) { 188 return bulletproofs_nocgo.PedersenSubCommitment(commitment1, commitment2) 189 } 190 191 // PedersenSubOpening Compute opening1 - opening2. Openings are big numbers with 256 bits. 192 // opening1, opening2: two openings r and s 193 // return: the result opening r - s 194 func PedersenSubOpening(opening1, opening2 []byte) ([]byte, error) { 195 return bulletproofs_nocgo.PedersenSubOpening(opening1, opening2) 196 } 197 198 // PedersenSubCommitmentWithOpening Compute a commitment to x - y without from two commitments of x and y respectively 199 // commitment1: commitment to x: Cx = xB + rB' 200 // commitment2: commitment to y: Cy = yB + sB' 201 // return1: the new commitment to x - y: C' = (x - y)B + (r - s)B' 202 // return2: the new opening r - s 203 func PedersenSubCommitmentWithOpening(commitment1, commitment2, opening1, opening2 []byte) ([]byte, []byte, error) { 204 return bulletproofs_nocgo.PedersenSubCommitmentWithOpening(commitment1, commitment2, opening1, opening2) 205 } 206 207 // PedersenMulNum Compute a commitment to x * y from a commitment to x and an integer y, 208 // without revealing the value x and y 209 // commitment1: commitment to x: Cx = xB + rB' 210 // value: integer value y 211 // return: commitment to x * y: C = (x * y)B + (r * y)B' 212 func PedersenMulNum(commitment1 []byte, value uint64) ([]byte, error) { 213 return bulletproofs_nocgo.PedersenMulNum(commitment1, value) 214 } 215 216 // PedersenMulOpening Compute opening1 * integer. Openings are big numbers with 256 bits. 217 // opening1: the input opening r 218 // value: the input integer value y 219 // return: the multiplication r * y as a big number with 256 bits in []byte form 220 func PedersenMulOpening(opening1 []byte, value uint64) ([]byte, error) { 221 return bulletproofs_nocgo.PedersenMulOpening(opening1, value) 222 } 223 224 // PedersenMulNumWithOpening Compute a commitment to x * y from a commitment to x and an integer y, 225 // without revealing the value x and y 226 // commitment: commitment to x: Cx = xB + rB' 227 // opening: opening to Cx: r 228 // value: integer value y 229 // return1: commitment to x * y: C = (x * y)B + (r * y)B' 230 // return2: opening to the result commitment: r * y 231 func PedersenMulNumWithOpening(commitment []byte, opening []byte, value uint64) ([]byte, []byte, error) { 232 return bulletproofs_nocgo.PedersenMulNumWithOpening(commitment, opening, value) 233 }