Struct dalek_rangeproofs::RangeProof
[−]
[src]
pub struct RangeProof { /* fields omitted */ }A Back-Maxwell rangeproof, which proves in zero knowledge that a
number is in a range [0,m^n]. We hardcode m = 3 as this is
the most efficient.
The size of the proof and the cost of verification are
proportional to n.
Methods
impl RangeProof[src]
fn verify(
&self,
n: usize,
G: &DecafBasepointTable,
H: &DecafPoint
) -> Option<DecafPoint>
&self,
n: usize,
G: &DecafBasepointTable,
H: &DecafPoint
) -> Option<DecafPoint>
Verify the rangeproof, returning a Pedersen commitment to the in-range value if successful.
fn create_vartime<T: Rng>(
n: usize,
value: u64,
G: &DecafBasepointTable,
H: &DecafPoint,
csprng: &mut T
) -> Option<(RangeProof, DecafPoint, Scalar)>
n: usize,
value: u64,
G: &DecafBasepointTable,
H: &DecafPoint,
csprng: &mut T
) -> Option<(RangeProof, DecafPoint, Scalar)>
Construct a rangeproof for value, in variable time.
Inputs
n, so that the range is[0,3^n]withn < RANGEPROOF_MAX_N;- The
valueto prove within range[0,3^n]; csprng, an implementation ofrand::Rng, which should be cryptographically secure.
Returns
If value is not in the range [0,3^n], return None.
Otherwise, returns Some((proof, commitment, blinding)), where:
proof is the rangeproof, and commitment = blinding*G + value*H.
Only the RangeProof should be sent to the verifier. The
commitment and blinding are for the use of the prover.
fn create<T: Rng>(
n: usize,
value: u64,
G: &DecafBasepointTable,
H: &DecafPoint,
csprng: &mut T
) -> Option<(RangeProof, DecafPoint, Scalar)>
n: usize,
value: u64,
G: &DecafBasepointTable,
H: &DecafPoint,
csprng: &mut T
) -> Option<(RangeProof, DecafPoint, Scalar)>
Construct a rangeproof for value, in constant time.
This function is roughly three times slower (since m = 3) than the
variable time version, for all values of n.
Inputs
n, so that the range is[0,3^n]withn < RANGEPROOF_MAX_N;- The
valueto prove within range[0,3^n]; csprng, an implementation ofrand::Rng, which should be cryptographically secure.
Returns
If value is not in the range [0,3^n], return None.
Note that this function is designed to execute in constant
time for all valid inputs. Passing an out-of-range value
will cause it to return None early.
Otherwise, returns Some((proof, commitment, blinding)), where:
proof is the rangeproof, and commitment = blinding*G + value*H.
Only the RangeProof should be sent to the verifier. The
commitment and blinding are for the use of the prover.
Note
Even when passing a deterministic CSPRNG generated with identical seeds,
e.g. two instances of rand::chacha::ChaChaRng::new_unseeded(), and
seeking to prove the same value, one cannot expect the RangeProofs
generated with RangeProof::create_vartime() and RangeProof::create()
to be identical. The values in the eventual proofs will differ, since
this constant time version makes additional calls to the csprng which
are thrown away in some conditions.