si-commitment-scheme 0.1.0

Pedersen commitments, Blake3-based polynomial commitments, batch opening/verification with binding and hiding properties
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

//! Batch opening and verification of commitments.
//!
//! Efficiently open and verify multiple Pedersen commitments at once.

use crate::pedersen::{PedersenCommitment, PedersenOpening, PedersenParams};
use curve25519_dalek::scalar::Scalar;
use rand::rngs::OsRng;

/// A batch of commitment openings.
#[derive(Debug, Clone)]
pub struct BatchCommitment {
    /// Commitments in this batch.
    pub commitments: Vec<PedersenCommitment>,
    /// Openings for each commitment.
    pub openings: Vec<PedersenOpening>,
}

impl BatchCommitment {
    /// Create a batch of commitments to random values.
    pub fn commit_batch(params: &PedersenParams, values: &[Scalar]) -> Self {
        let mut commitments = Vec::with_capacity(values.len());
        let mut openings = Vec::with_capacity(values.len());
        for value in values {
            let (c, o) = PedersenCommitment::commit(params, value);
            commitments.push(c);
            openings.push(o);
        }
        BatchCommitment { commitments, openings }
    }

    /// Create a batch of commitments to u64 values.
    pub fn commit_batch_u64(params: &PedersenParams, values: &[u64]) -> Self {
        let scalars: Vec<Scalar> = values.iter().map(|&v| Scalar::from(v)).collect();
        Self::commit_batch(params, &scalars)
    }

    /// Verify all openings in the batch.
    pub fn verify_all(&self, params: &PedersenParams) -> bool {
        if self.commitments.len() != self.openings.len() {
            return false;
        }
        self.commitments
            .iter()
            .zip(&self.openings)
            .all(|(c, o)| PedersenCommitment::verify(params, o, c))
    }

    /// Number of commitments in the batch.
    pub fn len(&self) -> usize {
        self.commitments.len()
    }

    /// Whether the batch is empty.
    pub fn is_empty(&self) -> bool {
        self.commitments.is_empty()
    }

    /// Aggregate all commitments using random linear combination.
    /// Returns (aggregated_commitment, aggregated_opening).
    pub fn aggregate(&self) -> (PedersenCommitment, PedersenOpening) {
        assert!(!self.commitments.is_empty());
        let mut agg_point = self.commitments[0].point;
        let mut agg_value = self.openings[0].value;
        let mut agg_randomness = self.openings[0].randomness;

        for i in 1..self.commitments.len() {
            let challenge = Scalar::random(&mut OsRng);
            agg_point += challenge * self.commitments[i].point;
            agg_value += challenge * self.openings[i].value;
            agg_randomness += challenge * self.openings[i].randomness;
        }

        (
            PedersenCommitment {
                point: agg_point,
                compressed: agg_point.compress(),
            },
            PedersenOpening {
                value: agg_value,
                randomness: agg_randomness,
            },
        )
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn batch_commit_and_verify() {
        let params = PedersenParams::default();
        let batch = BatchCommitment::commit_batch_u64(&params, &[10, 20, 30, 40]);
        assert!(batch.verify_all(&params));
        assert_eq!(batch.len(), 4);
    }

    #[test]
    fn batch_single_commitment() {
        let params = PedersenParams::default();
        let batch = BatchCommitment::commit_batch_u64(&params, &[42]);
        assert!(batch.verify_all(&params));
        assert_eq!(batch.len(), 1);
    }

    #[test]
    fn batch_tampered_opening_fails() {
        let params = PedersenParams::default();
        let mut batch = BatchCommitment::commit_batch_u64(&params, &[10, 20, 30]);
        batch.openings[1].value = Scalar::from(999u64);
        assert!(!batch.verify_all(&params));
    }

    #[test]
    fn batch_aggregate_verifies() {
        let params = PedersenParams::default();
        let batch = BatchCommitment::commit_batch_u64(&params, &[10, 20, 30]);
        let (agg_comm, agg_open) = batch.aggregate();
        assert!(PedersenCommitment::verify(&params, &agg_open, &agg_comm));
    }
}