Struct secp256k1zkp::Secp256k1

source ·

pub struct Secp256k1 { /* private fields */ }

Expand description

The secp256k1 engine, used to execute all signature operations

Implementations§

source §

impl Secp256k1

source

pub fn verify_from_commit( &self, msg: &Message, sig: &Signature, commit: &Commitment ) -> Result<(), Error>

verify commitment

source

pub fn commit(&self, value: u64, blind: SecretKey) -> Result<Commitment, Error>

Creates a pedersen commitment from a value and a blinding factor

source

pub fn commit_blind( &self, value: SecretKey, blind: SecretKey ) -> Result<Commitment, Error>

Creates a pedersen commitment from a two blinding factors

source

pub fn commit_value(&self, value: u64) -> Result<Commitment, Error>

Convenience method to Create a pedersen commitment only from a value, with a zero blinding factor

source

pub fn verify_commit_sum( &self, positive: Vec<Commitment>, negative: Vec<Commitment> ) -> bool

Taking vectors of positive and negative commitments as well as an expected excess, verifies that it all sums to zero.

source

pub fn commit_sum( &self, positive: Vec<Commitment>, negative: Vec<Commitment> ) -> Result<Commitment, Error>

Computes the sum of multiple positive and negative pedersen commitments.

source

pub fn blind_sum( &self, positive: Vec<SecretKey>, negative: Vec<SecretKey> ) -> Result<SecretKey, Error>

Computes the sum of multiple positive and negative blinding factors.

source

pub fn blind_switch( &self, value: u64, blind: SecretKey ) -> Result<SecretKey, Error>

Compute a blinding factor using a switch commitment

source

pub fn nonce(&self) -> [u8; 32]

Convenience function for generating a random nonce for a range proof. We will need the nonce later if we want to rewind the range proof.

source

pub fn range_proof( &self, min: u64, value: u64, blind: SecretKey, commit: Commitment, message: ProofMessage ) -> RangeProof

Produces a range proof for the provided value, using min and max bounds, relying on the blinding factor and commitment.

source

pub fn verify_range_proof( &self, commit: Commitment, proof: RangeProof ) -> Result<ProofRange, Error>

Verify a proof that a committed value is within a range.

source

pub fn rewind_range_proof( &self, commit: Commitment, proof: RangeProof, nonce: SecretKey ) -> ProofInfo

Verify a range proof and rewind the proof to recover information sent by its author.

source

pub fn range_proof_info(&self, proof: RangeProof) -> ProofInfo

General information extracted from a range proof. Does not provide any information about the value or the message (see rewind).

source

pub fn bullet_proof( &self, value: u64, blind: SecretKey, rewind_nonce: SecretKey, private_nonce: SecretKey, extra_data_in: Option<Vec<u8>>, message: Option<ProofMessage> ) -> RangeProof

Produces a bullet proof for the provided value, using min and max bounds, relying on the blinding factor and value. If a message is passed, it will be truncated or padded to exactly BULLET_PROOF_MSG_SIZE bytes

source

pub fn bullet_proof_multisig( &self, value: u64, blind: SecretKey, nonce: SecretKey, extra_data_in: Option<Vec<u8>>, message: Option<ProofMessage>, tau_x: Option<&mut SecretKey>, t_one: Option<&mut PublicKey>, t_two: Option<&mut PublicKey>, commits: Vec<Commitment>, private_nonce: Option<&SecretKey>, step: u8 ) -> Option<RangeProof>

Produces a bullet proof for multi-party commitment

source

pub fn verify_bullet_proof( &self, commit: Commitment, proof: RangeProof, extra_data_in: Option<Vec<u8>> ) -> Result<ProofRange, Error>

Verify with bullet proof that a committed value is positive

source

pub fn verify_bullet_proof_multi( &self, commits: Vec<Commitment>, proofs: Vec<RangeProof>, extra_data_in: Option<Vec<Vec<u8>>> ) -> Result<ProofRange, Error>

Verify with bullet proof that a committed value is positive

source

pub fn rewind_bullet_proof( &self, commit: Commitment, nonce: SecretKey, extra_data_in: Option<Vec<u8>>, proof: RangeProof ) -> Result<ProofInfo, Error>

Rewind a bullet proof to get the value and Blinding factor back out

source §

impl Secp256k1

source

pub fn new() -> Secp256k1

Creates a new Secp256k1 context

source

pub fn with_caps(caps: ContextFlag) -> Secp256k1

Creates a new Secp256k1 context with the specified capabilities

source

pub fn without_caps() -> Secp256k1

Creates a new Secp256k1 context with no capabilities (just de/serialization)

source

pub fn randomize<R: Rng>(&mut self, rng: &mut R)

(Re)randomizes the Secp256k1 context for cheap sidechannel resistence; see comment in libsecp256k1 commit d2275795f by Gregory Maxwell

source

pub fn generate_keypair<R: Rng>( &self, rng: &mut R ) -> Result<(SecretKey, PublicKey), Error>

Generates a random keypair. Convenience function for key::SecretKey::new and key::PublicKey::from_secret_key; call those functions directly for batch key generation. Requires a signing-capable context.

source

pub fn sign(&self, msg: &Message, sk: &SecretKey) -> Result<Signature, Error>

Constructs a signature for msg using the secret key sk and RFC6979 nonce Requires a signing-capable context.

source

pub fn sign_recoverable( &self, msg: &Message, sk: &SecretKey ) -> Result<RecoverableSignature, Error>

Constructs a signature for msg using the secret key sk and RFC6979 nonce Requires a signing-capable context.

source

pub fn recover( &self, msg: &Message, sig: &RecoverableSignature ) -> Result<PublicKey, Error>

Determines the public key for which sig is a valid signature for msg. Requires a verify-capable context.

source

pub fn verify( &self, msg: &Message, sig: &Signature, pk: &PublicKey ) -> Result<(), Error>

Checks that sig is a valid ECDSA signature for msg using the public key pubkey. Returns Ok(true) on success. Note that this function cannot be used for Bitcoin consensus checking since there may exist signatures which OpenSSL would verify but not libsecp256k1, or vice-versa. Requires a verify-capable context.