proof_system

The goal of this crate is to allow creating and combining zero knowledge proofs by executing several protocols as sub-protocols. The idea is to represent each relation to be proved as a Statement, and any relations between Statements as a MetaStatement. Both of these types contain public (known to both prover and verifier) information and are contained in a ProofSpec whose goal is to unambiguously define what needs to be proven. The prover then uses a Witness per Statement and creates a StatementProof per Statement. All StatementProofs are grouped together in a Proof and the verifier then uses the ProofSpec and Proof to verify the proof. Currently it is assumed that there is one StatementProof per Statement and one Witness per Statement and StatementProofs appear in the same order in Proof as Statements do in ProofSpec. Statement, Witness and StatementProof are enums whose variants will be entities from different protocols. Each of these protocols are variants of the enum SubProtocol. Currently supports proof of knowledge of BBS+ signature, accumulator membership, accumulator non-membership, and Pedersen commitment pre-image. The tests show how to create a proof that combines several proofs of knowledge. BBS+ signature and prove equality between the messages and also proof that combines proof of knowledge of BBS+ signature, accumulator membership,accumulator non-membership, and Pedersend commitment pre-image. See tests for examples.

Note: This design is largely inspired from my work at Hyperledger Ursa.

Note: The design is tentative and will likely change as more protocols are integrated.

License: Apache-2.0