pub struct BulletproofGens<P: Precomputable> {
pub gens_capacity: usize,
pub party_capacity: usize,
/* private fields */
}
Expand description
The BulletproofGens
struct contains all the generators needed for aggregating up to m
range proofs of up to n
bits each.
Extensible Generator Generation
Instead of constructing a single vector of size m*n
, as described in the Bulletproofs paper, we construct each
party’s generators separately.
To construct an arbitrary-length chain of generators, we apply SHAKE256 to a domain separator label, and feed each
64 bytes of XOF output into the curve hash-to-group function. Each of the m
parties’ generators are
constructed using a different domain separation label, and proving and verification uses the first n
elements of
the arbitrary-length chain.
This means that the aggregation size (number of parties) is orthogonal to the rangeproof size (number of bits),
and allows using the same BulletproofGens
object for different proving parameters.
This construction is also forward-compatible with constraint system proofs, which use a much larger slice of the generator chain, and even forward-compatible to multiparty aggregation of constraint system proofs, since the generators are namespaced by their party index.
Fields§
§gens_capacity: usize
The maximum number of usable generators for each party.
party_capacity: usize
Number of values or parties
Implementations§
source§impl<P: FromUniformBytes + Precomputable> BulletproofGens<P>
impl<P: FromUniformBytes + Precomputable> BulletproofGens<P>
sourcepub fn new(gens_capacity: usize, party_capacity: usize) -> Self
pub fn new(gens_capacity: usize, party_capacity: usize) -> Self
Create a new BulletproofGens
object.
Inputs
-
gens_capacity
is the number of generators to precompute for each party. For rangeproofs, it is sufficient to pass64
, the maximum bitsize of the rangeproofs. For circuit proofs, the capacity must be greater than the number of multipliers, rounded up to the next power of two. -
party_capacity
is the maximum number of parties that can produce an aggregated proof.