Skip to main content

sigma_proofs/
lib.rs

1//! # Σ-rs: Sigma Protocols in Rust
2//!
3//! **Σ-rs** is a Rust library for constructing zero-knowledge proofs using Sigma protocols (Σ-protocols).
4//! It allows proving knowledge of secret data without revealing the data itself.
5//!
6//! ---
7//!
8//! ## What are Sigma Protocols?
9//!
10//! Sigma protocols are interactive cryptographic protocols that allow a prover to convince
11//! a verifier they know a secret (like a private key) without revealing the secret itself.
12//! They follow a simple three-step pattern: commitment, challenge, response.
13//!
14//! ---
15//!
16//! ## Basic Usage
17//!
18//! ```rust
19//! # #[cfg(feature = "curve25519-dalek")] {
20//! # use curve25519_dalek::ristretto::RistrettoPoint;
21//! # use curve25519_dalek::scalar::Scalar;
22//! # use group::Group;
23//! let mut instance = sigma_proofs::LinearRelation::new();
24//! let mut rng = rand::thread_rng();
25//!
26//! // Define the statement:
27//! // Prove knowledge of (x, r) such that C = x·G + r·H (Pedersen commitment)
28//! let [var_x, var_r] = instance.allocate_scalars();
29//! let [var_G, var_H] = instance.allocate_elements();
30//! instance.allocate_eq(var_G * var_x + var_H * var_r);
31//! instance.set_elements([(var_G, RistrettoPoint::generator()), (var_H, RistrettoPoint::random(&mut rng))]);
32//!
33//! // Assign the image of the linear map.
34//! let witness = vec![Scalar::random(&mut rng), Scalar::random(&mut rng)];
35//! instance.compute_image(&witness);
36//!
37//! // Create a non-interactive argument for the instance.
38//! let nizk = instance.into_nizk(b"your session identifier").unwrap();
39//! let narg_string: Vec<u8> = nizk.prove_batchable(&witness, &mut rng).unwrap();
40//! // Print the narg string.
41//! println!("{}", hex::encode(narg_string));
42//! # }
43//! ```
44//!
45//! The library provides building blocks for creating zero-knowledge proofs:
46//!
47//! 1. Define your mathematical relation using [`LinearRelation`]
48//! 2. Convert to non-interactive using [`fiat_shamir::Nizk`]
49//! 3. Generate and verify proofs.
50//!
51//! ---
52//!
53//! ## Core Components
54//!
55//! - **[`traits::SigmaProtocol`]**: The fundamental three-move protocol interface
56//! - **[`linear_relation::LinearRelation`]**: Express mathematical relations over groups
57//! - **[`fiat_shamir::Nizk`]**: Convert interactive proofs to standalone proofs
58//! - **[`composition::ComposedRelation`]**: Combine multiple proofs together
59//!
60//! ---
61//!
62//! Σ-rs is designed to be modular, extensible, and easy to integrate into different
63//! groups, protocols depending on sigma protocols, and other proof systems.
64
65#![cfg_attr(not(feature = "std"), no_std)]
66#![allow(non_snake_case)]
67#![doc(html_logo_url = "https://mmaker.github.io/sigma-rs/")]
68#![deny(unused_variables)]
69#![deny(unused_mut)]
70
71extern crate alloc;
72
73pub mod composition;
74pub mod errors;
75pub mod group;
76pub mod linear_relation;
77pub mod rng;
78pub mod traits;
79
80pub(crate) mod fiat_shamir;
81pub(crate) mod schnorr_protocol;
82
83pub use fiat_shamir::Nizk;
84pub use group::msm::MultiScalarMul;
85pub use linear_relation::LinearRelation;
86
87#[deprecated = "Use sigma_proofs::group::serialization instead"]
88pub use group::serialization;