[−][src]Trait zkp::toolbox::TranscriptProtocol
This trait defines the wire format for how the constraint system interacts with the proof transcript.
Required methods
fn domain_sep(&mut self, label: &'static [u8])
Appends label to the transcript as a domain separator.
fn append_scalar_var(&mut self, label: &'static [u8])
Append the label for a scalar variable to the transcript.
Note: this does not commit its assignment, which is secret, and only serves to bind the proof to the variable allocations.
fn append_point_var(
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto
Append a point variable to the transcript, for use by a prover.
Returns the compressed point encoding to allow reusing the result of the encoding computation; the return value can be discarded if it's unused.
fn validate_and_append_point_var(
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>
Check that point variable is not the identity and append it to the transcript, for use by a verifier.
Returns Ok(()) if the point is not the identity point (and
therefore generates the full ristretto255 group).
Using this function prevents small-subgroup attacks.
fn append_blinding_commitment(
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto
Append a blinding factor commitment to the transcript, for use by a prover.
Returns the compressed point encoding to allow reusing the result of the encoding computation; the return value can be discarded if it's unused.
fn validate_and_append_blinding_commitment(
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>
Check that a blinding factor commitment is not the identity and commit it to the transcript, for use by a verifier.
Returns Ok(()) if the point is not the identity point (and
therefore generates the full ristretto255 group).
Using this function prevents small-subgroup attacks.
fn get_challenge(&mut self, label: &'static [u8]) -> Scalar
Get a scalar challenge from the transcript.
Implementors
impl TranscriptProtocol for Transcript[src]
fn domain_sep(&mut self, label: &'static [u8])[src]
fn append_scalar_var(&mut self, label: &'static [u8])[src]
fn append_point_var(
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto[src]
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto
fn validate_and_append_point_var(
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>[src]
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>
fn append_blinding_commitment(
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto[src]
&mut self,
label: &'static [u8],
point: &RistrettoPoint
) -> CompressedRistretto
fn validate_and_append_blinding_commitment(
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>[src]
&mut self,
label: &'static [u8],
point: &CompressedRistretto
) -> Result<(), ProofError>