chaum_pedersen/lib.rs
1//! # Chaum-Pedersen Zero-Knowledge Protocol Library
2//!
3//! ## Overview
4//!
5//! The Chaum-Pedersen protocol allows a prover to demonstrate knowledge of a discrete logarithm
6//! `x` such that `y1 = g^x` and `y2 = h^x` without revealing `x` itself. This implementation
7//! supports both interactive and non-interactive (Fiat-Shamir) proof variants.
8//!
9//! ## Features
10//!
11//! - **Ristretto255 implementation**: Fast, prime-order elliptic curve group
12//! - **Constant-time operations**: Protection against timing attacks
13//! - **Memory zeroization**: Automatic clearing of sensitive data
14//! - **Fiat-Shamir transform**: Non-interactive proofs with transcript support
15//! - **gRPC support**: Optional client-server authentication system
16//! - **Batch verification**: Efficient verification of multiple proofs
17//!
18//! ## Quick Start
19//!
20//! ```rust
21//! use chaum_pedersen::{
22//! Ristretto255, SecureRng, Parameters, Witness, Statement, Prover, Verifier, Transcript
23//! };
24//!
25//! let params = Parameters::new();
26//! let mut rng = SecureRng::new();
27//!
28//! // Prover: Generate secret and create statement
29//! let x = Ristretto255::random_scalar(&mut rng);
30//! let witness = Witness::new(x);
31//! let statement = Statement::from_witness(¶ms, &witness);
32//!
33//! // Prover: Generate proof with Fiat-Shamir
34//! let mut transcript = Transcript::new();
35//! let proof = Prover::new(params.clone(), witness)
36//! .prove_with_transcript(&mut rng, &mut transcript)
37//! .unwrap();
38//!
39//! // Verifier: Verify the proof
40//! let mut verify_transcript = Transcript::new();
41//! let verifier = Verifier::new(params, statement);
42//! assert!(verifier.verify_with_transcript(&proof, &mut verify_transcript).is_ok());
43//! ```
44//!
45//! ## Security Considerations
46//!
47//! - **Randomness**: Use `SecureRng` for all random scalar generation
48//! - **Transcript binding**: Use unique context data to prevent replay attacks
49//! - **Single-use challenges**: Never reuse challenges or proofs across sessions
50//! - **Constant-time**: All group operations are designed to resist timing attacks
51//!
52//! ## Performance
53//!
54//! Benchmark results on M-series Mac:
55//! - Proof generation: ~144 microseconds
56//! - Proof verification: ~159 microseconds
57//! - Serialization/deserialization: ~7 microseconds
58//!
59//! ## Feature Flags
60//!
61//! - `server`: Enable server-side state management
62//! - `grpc`: Enable gRPC service definitions and implementations
63
64#![forbid(unsafe_code)]
65#![warn(missing_docs, clippy::all)]
66
67pub mod error;
68pub mod primitives;
69pub mod prover;
70pub mod verifier;
71
72#[cfg(feature = "grpc")]
73/// Generated protobuf types.
74#[allow(missing_docs)]
75pub mod proto {
76 include!("auth.rs");
77}
78
79pub use error::Error;
80pub use primitives::{
81 Commitment, Element, Parameters, Proof, Response, Ristretto255, Scalar, SecureRng, Statement,
82 Transcript, Witness,
83};
84pub use prover::Prover;
85pub use verifier::{BatchVerifier, Verifier};
86
87/// Result type for Chaum-Pedersen operations.
88pub type Result<T> = core::result::Result<T, Error>;