Crate lib_q_lattice_zkp 

Module-lattice commitments, QROM Fiat–Shamir sigma protocols, and BLNS-style batching hooks.

Wire v0 (lattice_zkp_wire_v0) freezes profiles, encodings, and KAT fixtures. Security targets the same (R_q = \mathbb{Z}_q[X]/(X^{256}+1)) field as ML-DSA via lib_q_ring.

Re-exports

pub use blind::BLIND_ISSUER_FS_LABEL;

pub use blind::BlindIssuance;

pub use blind::BlindIssuerKeypair;

pub use blind::BlindRequest;

pub use blind::BlindResponse;

pub use blind::BlindSignature;

pub use blind::BlindUserState;

pub use blind::ISSUER_PARAMS_DIGEST_DOMAIN;

pub use blind::IssuerCommitmentParams;

pub use blind::UnblindedBlindSignature;

pub use blind::UnblindedIssuance;

pub use blind::add_module_vec;

pub use blind::aggregate_opening;

pub use blind::blind_message_digest;

pub use blind::blinded_commitment;

pub use blind::blinded_commitment_digest;

pub use blind::issuance_blind_message_extra;

pub use blind::issuance_transcript_ctx;

pub use budget::AmortisationBudget;

pub use budget::measured_opening_wire_body_bytes;

pub use challenge::MlDsaCompatibleChallenge;

pub use commitment::AjtaiCommitment;

pub use commitment::AjtaiCommitmentKey;

pub use commitment::AjtaiOpening;

pub use commitment::commit;

pub use error::ProofError;

pub use error::VerifyError;

pub use params::AjtaiParameters;

pub use profile::LATTICE_ZKP_WIRE_VERSION_V0;

pub use profile::LatticeZkpProfileV0;

pub use profile::PROFILE_ID_PVTN_MEMBERSHIP_V0;

pub use profile::PROFILE_ID_SELECTIVE_DISCLOSURE_V0;

pub use profile::PROFILE_ID_TOKEN_SPEND_V0;

pub use profile::RQ_COEFF_PACK_BITS;

pub use profile::WIRE_BUDGET_PRESENTATION_BYTES;

pub use profile::WIRE_BUDGET_PRESENTATION_HARD_CAP_BYTES;

pub use profile::WIRE_BUDGET_PVTN_MEMBERSHIP_BYTES;

pub use wire::BlindIssuanceWireV0;

pub use wire::MAX_WIRE_BYTES_AMORTISED_V0;

pub use wire::MAX_WIRE_BYTES_BLIND_ISSUANCE_V0;

pub use wire::MAX_WIRE_BYTES_DUAL_RING_V0;

pub use wire::MAX_WIRE_BYTES_LINEAR_V0;

pub use wire::MAX_WIRE_BYTES_NULLIFIER_V0;

pub use wire::MAX_WIRE_BYTES_OPENING_V0;

pub use wire::MAX_WIRE_BYTES_PVTN_V0;

pub use wire::MAX_WIRE_BYTES_SPENDING_V0;

pub use wire::ProofKindV0;

pub use wire::WIRE_ENVELOPE_HEADER_LEN;

pub use wire::decode_amortised_proof_v0;

pub use wire::decode_blind_issuance_v0;

pub use wire::decode_dual_ring_opening_proof_v0;

pub use wire::decode_linear_relation_proof_v0;

pub use wire::decode_nullifier_opening_proof_v0;

pub use wire::decode_opening_proof_v0;

pub use wire::decode_private_membership_proof_v0;

pub use wire::decode_spending_proof_v0;

pub use wire::decode_witness_nullifier_opening_proof_v0;

pub use wire::encode_amortised_proof_v0;

pub use wire::encode_blind_issuance_v0;

pub use wire::encode_dual_ring_opening_proof_v0;

pub use wire::encode_linear_relation_proof_v0;

pub use wire::encode_nullifier_opening_proof_v0;

pub use wire::encode_opening_proof_v0;

pub use wire::encode_private_membership_proof_v0;

pub use wire::encode_spending_proof_v0;

pub use wire::encode_witness_nullifier_opening_proof_v0;

pub use wire::wire_byte_len;

pub use sigma::hierarchical::PVTN_PATH_INDEX_COMMIT_DOMAIN;

pub use sigma::hierarchical::merkle_direction_at;

pub use sigma::hierarchical::path_index_commitment;

pub use sigma::hierarchical::recover_clearance_level;

pub use sigma::hierarchical::recover_path_index;

pub use sigma::hierarchical::verify_merkle_path_from_index;

pub use sigma::opening::QROM_FS_W_DIGEST_DOMAIN;

pub use sigma::opening::fs_w_digest;

pub use sigma::AmortisedProof;

pub use sigma::BatchPresentationState;

pub use sigma::CrtPackedNormProof;

pub use sigma::DualRingOpeningProof;

pub use sigma::HierarchicalAuthProof;

pub use sigma::LinearRelationProof;

pub use sigma::MerklePath;

pub use sigma::NullifierOpeningProof;

pub use sigma::OpeningProof;

pub use sigma::PVTN_CLEARANCE_MARGIN_NORM_BETA;

pub use sigma::PrivateMembershipProof;

pub use sigma::WitnessNullifierOpeningProof;

pub use sigma::aggregate_proofs;

pub use sigma::amortise;

pub use sigma::amortise;

pub use sigma::encode_pvtn_leaf;

pub use sigma::hierarchical;

pub use sigma::hierarchical_opening_ctx;

pub use sigma::leaf_clearance_level;

pub use sigma::leaf_hash;

pub use sigma::linear;

pub use sigma::node_hash;

pub use sigma::norm;

pub use sigma::opening;

pub use sigma::opening_ctx_with_nullifier;

pub use sigma::opening_ctx_with_witness_nullifier;

pub use sigma::private_membership_opening_ctx;

pub use sigma::prove_dual_ring_opening;

pub use sigma::prove_inf_norm;

pub use sigma::prove_level_membership;

pub use sigma::prove_linear;

pub use sigma::prove_nullifier_opening;

pub use sigma::prove_opening;

pub use sigma::prove_private_membership;

pub use sigma::prove_witness_nullifier_opening;

pub use sigma::registry_nullifier;

pub use sigma::uniqueness;

pub use sigma::uniqueness_amortisation_label;

pub use sigma::verify_aggregate;

pub use sigma::verify_dual_ring_opening;

pub use sigma::verify_hierarchical_membership;

pub use sigma::verify_inf_norm;

pub use sigma::verify_inf_norm_proof;

pub use sigma::verify_level_membership;

pub use sigma::verify_linear;

pub use sigma::verify_merkle_path;

pub use sigma::verify_nullifier_opening;

pub use sigma::verify_opening;

pub use sigma::verify_private_membership;

pub use sigma::verify_witness_nullifier_opening;

pub use sigma::witness_nullifier;

pub use sigma::witness_uniqueness_amortisation_label;

pub use sigma::witness_wire;

pub use token::AnonymousToken;

pub use token::SpendingProof;

pub use token::TOKEN_EPOCH_LEN;

pub use token::TOKEN_ORIGIN_LEN;

pub use token::TOKEN_SERIAL_LEN;

pub use token::opening_from_token_fields;

Modules

blind

Homomorphic blinding for issuer-keyed Ajtai commitments (wire v0 blind issuance).

budget

Transcript footprint model aligned with lattice_zkp_wire_v0 encoded sizes.

challenge

ML-DSA–compatible sparse ternary challenges.

commitment

Ajtai commitment com = A · (r || m).

error

Error types for proving and verification.

params

Public parameters.

profile

Frozen wire parameter profiles (LatticeZkpProfileV0).

serialize

Minimal deterministic serialization (big-endian u32 length prefixes + coefficient bytes).

sigma

Fiat–Shamir sigma protocols over module-SIS/Ajtai commitments.

token

Anonymous rate-limit token layout and spending transcript binding.

util

Vector helpers over lib_q_ring::Poly.

wire

lattice_zkp_wire_v0 canonical encodings (version byte + profile id + tagged payload).

Structs

Zeroizing

Zeroizing is a a wrapper for any Z: Zeroize type which implements a Drop handler which zeroizes dropped values.