winter_crypto/
commitment.rs

1// Copyright (c) Facebook, Inc. and its affiliates.
2//
3// This source code is licensed under the MIT license found in the
4// LICENSE file in the root directory of this source tree.
5
6use alloc::vec::Vec;
7use core::fmt::Debug;
8
9use utils::{Deserializable, Serializable};
10
11use crate::Hasher;
12
13/// A vector commitment (VC) scheme.
14///
15/// This is a cryptographic primitive allowing one to commit, using a commitment string `com`, to
16/// a vector of values (v_0, ..., v_{n-1}) such that one can later reveal the value at the i-th
17/// position.
18///
19/// This is achieved by providing the value `v_i` together with a proof `proof_i` such that anyone
20/// possessing `com` can be convinced, with high confidence, that the claim is true.
21///
22/// Vector commitment schemes usually have some batching properties in the sense that opening
23/// proofs for a number of `(i, v_i)` can be batched together into one batch opening proof in order
24/// to optimize both the proof size as well as the verification time.
25///
26/// The current implementation restricts both of the commitment string as well as the leaf values
27/// to be `H::Digest` where `H` is a type parameter such that `H: Hasher`.
28pub trait VectorCommitment<H: Hasher>: Sized {
29    /// Options defining the VC i.e., public parameters.
30    type Options: Default;
31    /// Opening proof of some value at some position index.
32    type Proof: Clone + Serializable + Deserializable;
33    /// Batch opening proof of a number of {(i, v_i)}_{i ∈ S} for an index set.
34    type MultiProof: Serializable + Deserializable;
35    /// Error returned by the scheme.
36    type Error: Debug;
37
38    /// Creates a commitment to a vector of values (v_0, ..., v_{n-1}) using the default
39    /// options.
40    fn new(items: Vec<H::Digest>) -> Result<Self, Self::Error> {
41        Self::with_options(items, Self::Options::default())
42    }
43
44    /// Creates a commitment to a vector of values (v_0, ..., v_{n-1}) given a set of
45    /// options.
46    fn with_options(items: Vec<H::Digest>, options: Self::Options) -> Result<Self, Self::Error>;
47
48    /// Returns the commitment string to the committed values.
49    fn commitment(&self) -> H::Digest;
50
51    /// Returns the length of the vector committed to for `Self`.
52    fn domain_len(&self) -> usize;
53
54    /// Returns the length of the vector committed to for `Self::Proof`.
55    fn get_proof_domain_len(proof: &Self::Proof) -> usize;
56
57    /// Returns the length of the vector committed to for `Self::MultiProof`.
58    fn get_multiproof_domain_len(proof: &Self::MultiProof) -> usize;
59
60    /// Opens the value at a given index and provides a proof for the correctness of claimed value.
61    fn open(&self, index: usize) -> Result<(H::Digest, Self::Proof), Self::Error>;
62
63    /// Opens the values at a given index set and provides a proof for the correctness of claimed
64    /// values.
65    #[allow(clippy::type_complexity)]
66    fn open_many(
67        &self,
68        indexes: &[usize],
69    ) -> Result<(Vec<H::Digest>, Self::MultiProof), Self::Error>;
70
71    /// Verifies that the claimed value is at the given index using a proof.
72    fn verify(
73        commitment: H::Digest,
74        index: usize,
75        item: H::Digest,
76        proof: &Self::Proof,
77    ) -> Result<(), Self::Error>;
78
79    /// Verifies that the claimed values are at the given set of indices using a batch proof.
80    fn verify_many(
81        commitment: H::Digest,
82        indexes: &[usize],
83        items: &[H::Digest],
84        proof: &Self::MultiProof,
85    ) -> Result<(), Self::Error>;
86}