Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Module 0x1::sigma_protocol_proof 

use 0x1::error;
use 0x1::ristretto255;
use 0x1::sigma_protocol_utils;
use 0x1::sigma_protocol_witness;

Struct Proof

A sigma protocol proof always consists of:

  1. a commitment $A \in \mathbb{G}^m$
  2. a compressed commitment (redundant, for faster Fiat-Shamir)
  3. a response $\sigma \in \mathbb{F}^k$
struct Proof has drop
Fields
comm_A: vector<ristretto255::RistrettoPoint>
compressed_comm_A: vector<ristretto255::CompressedRistretto>
resp_sigma: vector<ristretto255::Scalar>

Constants

When creating a Proof, the # of commitment points must match the # of compressed commitment points.

const E_MISMATCHED_NUMBER_OF_COMPRESSED_POINTS: u64 = 1;

Function new_proof

Creates a new proof consisting of the commitment $A \in \mathbb{G}^m$ and the scalars $\sigma \in \mathbb{F}^k$.

public(friend) fun new_proof(_A: vector<ristretto255::RistrettoPoint>, compressed_A: vector<ristretto255::CompressedRistretto>, sigma: vector<ristretto255::Scalar>): sigma_protocol_proof::Proof
Implementation 
public(friend) fun new_proof(
    _A: vector<RistrettoPoint>,
    compressed_A: vector<CompressedRistretto>,
    sigma: vector<Scalar>
): Proof {
    assert!(_A.length() == compressed_A.length(), error::invalid_argument(E_MISMATCHED_NUMBER_OF_COMPRESSED_POINTS));

    Proof {
        comm_A: _A,
        compressed_comm_A: compressed_A,
        resp_sigma: sigma,
    }
}

Function new_proof_from_bytes

Deserializes the elliptic curve points and scalars and then calls new_proof.

public(friend) fun new_proof_from_bytes(_A_bytes: vector<vector<u8>>, sigma_bytes: vector<vector<u8>>): sigma_protocol_proof::Proof
Implementation 
public(friend) fun new_proof_from_bytes(
    _A_bytes: vector<vector<u8>>,
    sigma_bytes: vector<vector<u8>>
): Proof {
    let (_A, compressed_A) = sigma_protocol_utils::deserialize_points(_A_bytes);

    new_proof(_A, compressed_A, sigma_protocol_utils::deserialize_scalars(sigma_bytes))
}

Function response_to_witness

Returns a Witness with the w field set to the proof’s $\sigma$ field. This is needed during proof verification: when calling the homomorphism on the Proof’s $\sigma$, it expects a Witness not a vector<Scalar>.

public(friend) fun response_to_witness(self: &sigma_protocol_proof::Proof): sigma_protocol_witness::Witness
Implementation 
public(friend) fun response_to_witness(self: &Proof): Witness {
    new_secret_witness(self.resp_sigma)
}

Function get_commitment 

public(friend) fun get_commitment(self: &sigma_protocol_proof::Proof): &vector<ristretto255::RistrettoPoint>
Implementation 
public(friend) fun get_commitment(self: &Proof): &vector<RistrettoPoint> {
    &self.comm_A
}

Function get_compressed_commitment 

public(friend) fun get_compressed_commitment(self: &sigma_protocol_proof::Proof): &vector<ristretto255::CompressedRistretto>
Implementation 
public(friend) fun get_compressed_commitment(self: &Proof): &vector<CompressedRistretto> {
    &self.compressed_comm_A
}

Function get_response_length 

public(friend) fun get_response_length(self: &sigma_protocol_proof::Proof): u64
Implementation 
public(friend) fun get_response_length(self: &Proof): u64 {
    self.resp_sigma.length()
}