[−][src]Struct bulletproofs::range_proof::RangeProof
The RangeProof
struct represents a proof that one or more values
are in a range.
The RangeProof
struct contains functions for creating and
verifying aggregated range proofs. The single-value case is
implemented as a special case of aggregated range proofs.
The bitsize of the range, as well as the list of commitments to the values, are not included in the proof, and must be known to the verifier.
This implementation requires that both the bitsize n
and the
aggregation size m
be powers of two, so that n = 8, 16, 32, 64
and m = 1, 2, 4, 8, 16, ...
. Note that the aggregation size is
not given as an explicit parameter, but is determined by the
number of values or commitments passed to the prover or verifier.
Note
For proving, these functions run the multiparty aggregation
protocol locally. That API is exposed in the aggregation
module and can be used to perform online aggregation between
parties without revealing secret values to each other.
Fields
A: CompressedRistretto
Commitment to the bits of the value
S: CompressedRistretto
Commitment to the blinding factors
T_1: CompressedRistretto
Commitment to the \(t_1\) coefficient of \( t(x) \)
T_2: CompressedRistretto
Commitment to the \(t_2\) coefficient of \( t(x) \)
t_x: Scalar
Evaluation of the polynomial \(t(x)\) at the challenge point \(x\)
t_x_blinding: Scalar
Blinding factor for the synthetic commitment to \(t(x)\)
e_blinding: Scalar
Blinding factor for the synthetic commitment to the inner-product arguments
ipp_proof: InnerProductProof
Proof data for the inner-product argument.
Methods
impl RangeProof
[src]
pub fn prove_single(
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
v: u64,
v_blinding: &Scalar,
n: usize
) -> Result<(RangeProof, CompressedRistretto), ProofError>
[src]
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
v: u64,
v_blinding: &Scalar,
n: usize
) -> Result<(RangeProof, CompressedRistretto), ProofError>
Create a rangeproof for a given pair of value v
and
blinding scalar v_blinding
.
This is a convenience wrapper around RangeProof::prove_multiple
.
Example
extern crate rand; use rand::thread_rng; extern crate curve25519_dalek; use curve25519_dalek::scalar::Scalar; extern crate merlin; use merlin::Transcript; extern crate bulletproofs; use bulletproofs::{BulletproofGens, PedersenGens, RangeProof}; // Generators for Pedersen commitments. These can be selected // independently of the Bulletproofs generators. let pc_gens = PedersenGens::default(); // Generators for Bulletproofs, valid for proofs up to bitsize 64 // and aggregation size up to 1. let bp_gens = BulletproofGens::new(64, 1); // A secret value we want to prove lies in the range [0, 2^32) let secret_value = 1037578891u64; // The API takes a blinding factor for the commitment. let blinding = Scalar::random(&mut thread_rng()); // The proof can be chained to an existing transcript. // Here we create a transcript with a doctest domain separator. let mut prover_transcript = Transcript::new(b"doctest example"); // Create a 32-bit rangeproof. let (proof, committed_value) = RangeProof::prove_single( &bp_gens, &pc_gens, &mut prover_transcript, secret_value, &blinding, 32, ).expect("A real program could handle errors"); // Verification requires a transcript with identical initial state: let mut verifier_transcript = Transcript::new(b"doctest example"); assert!( proof .verify_single(&bp_gens, &pc_gens, &mut verifier_transcript, &committed_value, 32) .is_ok() );
pub fn prove_multiple(
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
values: &[u64],
blindings: &[Scalar],
n: usize
) -> Result<(RangeProof, Vec<CompressedRistretto>), ProofError>
[src]
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
values: &[u64],
blindings: &[Scalar],
n: usize
) -> Result<(RangeProof, Vec<CompressedRistretto>), ProofError>
Create a rangeproof for a set of values.
Example
extern crate rand; use rand::thread_rng; extern crate curve25519_dalek; use curve25519_dalek::scalar::Scalar; extern crate merlin; use merlin::Transcript; extern crate bulletproofs; use bulletproofs::{BulletproofGens, PedersenGens, RangeProof}; // Generators for Pedersen commitments. These can be selected // independently of the Bulletproofs generators. let pc_gens = PedersenGens::default(); // Generators for Bulletproofs, valid for proofs up to bitsize 64 // and aggregation size up to 16. let bp_gens = BulletproofGens::new(64, 16); // Four secret values we want to prove lie in the range [0, 2^32) let secrets = [4242344947u64, 3718732727u64, 2255562556u64, 2526146994u64]; // The API takes blinding factors for the commitments. let blindings: Vec<_> = (0..4).map(|_| Scalar::random(&mut thread_rng())).collect(); // The proof can be chained to an existing transcript. // Here we create a transcript with a doctest domain separator. let mut prover_transcript = Transcript::new(b"doctest example"); // Create an aggregated 32-bit rangeproof and corresponding commitments. let (proof, commitments) = RangeProof::prove_multiple( &bp_gens, &pc_gens, &mut prover_transcript, &secrets, &blindings, 32, ).expect("A real program could handle errors"); // Verification requires a transcript with identical initial state: let mut verifier_transcript = Transcript::new(b"doctest example"); assert!( proof .verify_multiple(&bp_gens, &pc_gens, &mut verifier_transcript, &commitments, 32) .is_ok() );
pub fn verify_single(
&self,
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
V: &CompressedRistretto,
n: usize
) -> Result<(), ProofError>
[src]
&self,
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
V: &CompressedRistretto,
n: usize
) -> Result<(), ProofError>
Verifies a rangeproof for a given value commitment \(V\).
This is a convenience wrapper around verify_multiple
for the m=1
case.
pub fn verify_multiple(
&self,
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
value_commitments: &[CompressedRistretto],
n: usize
) -> Result<(), ProofError>
[src]
&self,
bp_gens: &BulletproofGens,
pc_gens: &PedersenGens,
transcript: &mut Transcript,
value_commitments: &[CompressedRistretto],
n: usize
) -> Result<(), ProofError>
Verifies an aggregated rangeproof for the given value commitments.
pub fn to_bytes(&self) -> Vec<u8>
[src]
Serializes the proof into a byte array of \(2 \lg n + 9\) 32-byte elements, where \(n\) is the number of secret bits.
Layout
The layout of the range proof encoding is:
- four compressed Ristretto points \(A,S,T_1,T_2\),
- three scalars \(t_x, \tilde{t}_x, \tilde{e}\),
- \(n\) pairs of compressed Ristretto points \(L_0,R_0\dots,L_{n-1},R_{n-1}\),
- two scalars \(a, b\).
pub fn from_bytes(slice: &[u8]) -> Result<RangeProof, ProofError>
[src]
Deserializes the proof from a byte slice.
Returns an error if the byte slice cannot be parsed into a RangeProof
.
Trait Implementations
impl Clone for RangeProof
[src]
fn clone(&self) -> RangeProof
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
impl Debug for RangeProof
[src]
impl<'de> Deserialize<'de> for RangeProof
[src]
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> where
D: Deserializer<'de>,
[src]
D: Deserializer<'de>,
fn deserialize_in_place<D>(
deserializer: D,
place: &mut Self
) -> Result<(), <D as Deserializer<'de>>::Error> where
D: Deserializer<'de>,
[src]
deserializer: D,
place: &mut Self
) -> Result<(), <D as Deserializer<'de>>::Error> where
D: Deserializer<'de>,
impl Serialize for RangeProof
[src]
Auto Trait Implementations
impl RefUnwindSafe for RangeProof
impl Send for RangeProof
impl Sync for RangeProof
impl Unpin for RangeProof
impl UnwindSafe for RangeProof
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> DeserializeOwned for T where
T: Deserialize<'de>,
[src]
T: Deserialize<'de>,
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = !
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,