Skip to main content

SigmaProtocolSimulator

sigma_proofs::traits

Trait SigmaProtocolSimulator 

Source 
pub trait SigmaProtocolSimulator: SigmaProtocol {
    // Required methods
    fn simulate_response(&self, rng: &mut impl ScalarRng) -> Vec<Self::Response>;
    fn simulate_commitment(
        &self,
        challenge: &Self::Challenge,
        response: &[Self::Response],
    ) -> Result<Vec<Self::Commitment>>;
    fn simulate_transcript(
        &self,
        rng: &mut impl ScalarRng,
    ) -> Result<Transcript<Self>>;
}
Expand description

A trait defining the behavior of a Sigma protocol for which simulation of transcripts is necessary.

Every Sigma protocol can be simulated, but in practice, this is primarily used for proving security properties (zero-knowledge, soundness, etc.).

Some protocols (e.g. OR compositions) require simulation capabilities during actual proof generation.

§Minimal Implementation

Types implementing SigmaProtocolSimulator must define:

  • simulate_proof
  • simulate_transcript

Required Methods§

Source

fn simulate_response(&self, rng: &mut impl ScalarRng) -> Vec<Self::Response>

Generates a random response (e.g. for simulation or OR composition).

Typically used to simulate a proof without a witness.

Source

fn simulate_commitment( &self, challenge: &Self::Challenge, response: &[Self::Response], ) -> Result<Vec<Self::Commitment>>

Simulates a commitment for which (‘commitment’, ‘challenge’, ‘response’) is a valid transcript.

This function allows to omit commitment in compact proofs of the type (‘challenge’, ‘response’).

Source

fn simulate_transcript( &self, rng: &mut impl ScalarRng, ) -> Result<Transcript<Self>>

Generates a full simulated proof transcript (commitment, challenge, response) without requiring knowledge of a witness.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§