Function secp256k1_zkp_sys::secp256k1_pedersen_blind_generator_blind_sum [−][src]
pub unsafe extern "C" fn secp256k1_pedersen_blind_generator_blind_sum(
ctx: *const Context,
value: *const u64,
generator_blind: *const *const c_uchar,
blinding_factor: *const *mut c_uchar,
n_total: size_t,
n_inputs: size_t
) -> c_int
Sets the final Pedersen blinding factor correctly when the generators themselves have blinding factors.
Consider a generator of the form A’ = A + rG, where A is the “real” generator
but A’ is the generator provided to verifiers. Then a Pedersen commitment
P = vA’ + r’G really has the form vA + (vr + r’)G. To get all these (vr + r’)
to sum to zero for multiple commitments, we take three arrays consisting of
the v
s, r
s, and r'
s, respectively called value
s, generator_blind
s
and blinding_factor
s, and sum them.
The function then subtracts the sum of all (vr + r’) from the last element
of the blinding_factor
array, setting the total sum to zero.
Returns 1: Blinding factor successfully computed. 0: Error. A blinding_factor or generator_blind are larger than the group order (probability for random 32 byte number < 2^-127). Retry with different values.
In: ctx: pointer to a context object
value: array of asset values, v
in the above paragraph.
May not be NULL unless n_total
is 0.
generator_blind: array of asset blinding factors, r
in the above paragraph
May not be NULL unless n_total
is 0.
n_total: Total size of the above arrays
n_inputs: How many of the initial array elements represent commitments that
will be negated in the final sum
In/Out: blinding_factor: array of commitment blinding factors, r'
in the above paragraph
May not be NULL unless n_total
is 0.
the last value will be modified to get the total sum to zero.