triptych 0.1.1

An experimental Rust implementation of the Triptych zero-knowledge proving system
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

// Copyright (c) 2024, The Tari Project
// SPDX-License-Identifier: BSD-3-Clause

//! # Overview
//!
//! It's possible to extend Triptych proving functionality to the case where each element of an input set if composed of
//! two keys, a verification key and an auxiliary verification key. This enables additional functionality.
//!
//! More formally, let `G`, `G1`, and `U` be fixed independent generators of the Ristretto group.
//! Let `N = n**m`, where `n, m > 1` are fixed parameters.
//! The parallel Triptych proving system protocol is a sigma protocol for the following relation, where `M` and `M1` are
//! both `N`-vectors of group elements:
//!
//! `{ M, M1, offset, J ; (l, r, r1) : M[l] = r*G, M1[l] - offset = r1*G1, r*J = U }`
//!
//! # Example
//!
//! Here's a complete example of how to generate and verify a parallel Triptych proof; see the documentation for
//! additional functionality.
//!
//! ```
//! # #[cfg(feature = "rand")]
//! # {
//! # extern crate alloc;
//! use alloc::sync::Arc;
//!
//! use curve25519_dalek::{RistrettoPoint, Scalar};
//! use rand_core::OsRng;
//! use triptych::{parallel::*, Transcript};
//!
//! let mut rng = OsRng;
//!
//! // Generate parameters
//! // This is `Arc`-wrapped to facilitate efficient reuse!
//! const n: u32 = 2;
//! const m: u32 = 3;
//! let params = Arc::new(TriptychParameters::new(n, m).unwrap());
//!
//! // Generate a random witness, which includes the signing key, auxiliary key, and an index where they will appear
//! let witness = TriptychWitness::random(&params, &mut rng);
//!
//! // Select a random offset
//! let offset = Scalar::random(&mut rng) * params.get_G1();
//!
//! // Generate an input set of random verification keys, placing ours at the chosen index
//! // This is `Arc`-wrapped to facilitate efficient reuse!
//! let M = (0..params.get_N())
//!     .map(|i| {
//!         if i == witness.get_l() {
//!             witness.compute_verification_key()
//!         } else {
//!             RistrettoPoint::random(&mut rng)
//!         }
//!     })
//!     .collect::<Vec<RistrettoPoint>>();
//! let M1 = (0..params.get_N())
//!     .map(|i| {
//!         if i == witness.get_l() {
//!             // This ensures that `M1[l] - offset = r1 * G1` to satisfy the proving relation
//!             witness.compute_auxiliary_verification_key() + offset
//!         } else {
//!             RistrettoPoint::random(&mut rng)
//!         }
//!     })
//!     .collect::<Vec<RistrettoPoint>>();
//! let input_set = Arc::new(TriptychInputSet::new(&M, &M1).unwrap());
//!
//! // Generate the statement, which includes the verification key vectors and linking tag
//! let J = witness.compute_linking_tag();
//! let statement = TriptychStatement::new(&params, &input_set, &offset, &J).unwrap();
//!
//! // Generate a transcript
//! let mut transcript = Transcript::new(b"Test transcript");
//!
//! // Generate a proof from the witness
//! let proof = TriptychProof::prove(&witness, &statement, &mut transcript.clone()).unwrap();
//!
//! // The proof should verify against the same statement and transcript
//! assert!(proof.verify(&statement, &mut transcript).is_ok());
//! # }
//! ```

/// Public parameters used for generating and verifying Triptych proofs.
pub mod parameters;
pub use parameters::TriptychParameters;
/// Triptych proofs.
pub mod proof;
pub use proof::TriptychProof;
/// Triptych proof statements.
pub mod statement;
pub use statement::{TriptychInputSet, TriptychStatement};
/// Triptych proof transcripts.
pub mod transcript;
/// Triptych proof witnesses.
pub mod witness;
pub use witness::TriptychWitness;