diff options
| author | Özgür Kesim <oec@kesim.org> | 2024-03-29 17:25:57 +0100 |
|---|---|---|
| committer | Özgür Kesim <oec@kesim.org> | 2024-03-29 17:25:57 +0100 |
| commit | 610efa378df18ca37367838acd9a133f4dcbf3c2 (patch) | |
| tree | 59e0c2eff36ce52c89f9a9716a149b1667c1d2fe | |
| parent | 5afef29a7e6f17dfd9e52cff4b835f844d8f05b9 (diff) | |
stage2: WiP, intro and proof not ready yet
| -rw-r--r-- | nizk/stage2/stage2.go | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/nizk/stage2/stage2.go b/nizk/stage2/stage2.go new file mode 100644 index 0000000..699e994 --- /dev/null +++ b/nizk/stage2/stage2.go @@ -0,0 +1,172 @@ +package stage2 + +import ( + . "kesim.org/seal/nizk" +) + +// Implements the proof and verification of statements of the following form: +// TODO + +type Type int + +const ( + None Type = iota + Unset + Set +) + +type Statement struct { + typ Type + a *Scalar + b *Scalar + x *Scalar + y *Scalar + r *Scalar + x_ *Scalar + y_ *Scalar + r_ *Scalar + *Commitment +} + +type Commitment struct { + A *Point + B *Point + C *Point + R *Point + X *Point + Y *Point + Z *Point + R_ *Point + X_ *Point + Y_ *Point + Z_ *Point +} + +func NewStatement(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Statement { + if typ > Set || typ < None { + panic("unknown type") + } + + return &Statement{ + typ: typ, + a: a, + b: b, + x: x, + y: y, + r: r, + x_: x_, + y_: y_, + r_: r_, + Commitment: commitment(typ, a, b, x, y, r, x_, y_, r_), + } +} + +func commitment(typ Type, a, b, x, y, r, x_, y_, r_ *Scalar) *Commitment { + var Z, Z_ *Point + c := a.Mul(b) + + switch typ { + case None: + Z = G.Exp(x.Mul(y)) + Z_ = G.Exp(x_.Mul(y_)) + case Set: + Z = G.Exp(x.Mul(r)) + Z_ = G.Exp(x_.Mul(r_)) + c = c.Add(One) + case Unset: + Z = G.Exp(x.Mul(y)) + Z_ = G.Exp(x_.Mul(r_)) + default: + panic("not possible") + } + + return &Commitment{ + A: G.Exp(a), + B: G.Exp(b), + C: G.Exp(c), + R: G.Exp(r), + X: G.Exp(x), + Y: G.Exp(y), + Z: Z, + X_: G.Exp(x_), + Y_: G.Exp(y_), + Z_: Z_, + } +} + +func (s *Statement) Commit() *Commitment { + return s.Commitment +} + +type Proof struct { + Ch [3]*Scalar + R1 [3]*Scalar + R2 [3]*Scalar + R3 [2]*Scalar +} + +func (s *Statement) Proof() *Proof { + var ( + e1, e1_ [3]*Point + e2, e2_ [3]*Point + e3, e3_ [2]*Point + ) + + // TODO + + points := []*Point{G, s.A, s.B, s.C, s.R, s.X, s.Y, s.Z, s.R_, s.X_, s.Y_, s.Z_} + points = append(points, e1[:]...) + points = append(points, e2[:]...) + points = append(points, e3[:]...) + points = append(points, e1_[:]...) + points = append(points, e2_[:]...) + points = append(points, e3_[:]...) + + _ = Challenge(points...) + + // TODO + + return nil +} + +func (c *Commitment) Verify(p *Proof) bool { + var ( + e1, e1_ [3]*Point + e2, e2_ [3]*Point + e3, e3_ [2]*Point + ) + e1[0] = G.Exp(p.R1[0]).Mul(c.X.Exp(p.Ch[0])) + e1[1] = G.Exp(p.R1[1]).Mul(c.X_.Exp(p.Ch[0])) + e1[2] = G.Exp(p.R1[2]).Mul(c.A.Exp(p.Ch[0])) + + e1_[0] = c.R.Exp(p.R1[0]).Mul(c.Z.Exp(p.Ch[0])) + e1_[1] = c.R_.Exp(p.R1[1]).Mul(c.Z_.Exp(p.Ch[0])) + e1_[2] = c.B.Exp(p.R1[2]).Mul(c.C.Div(G).Exp(p.Ch[0])) + + e2[0] = G.Exp(p.R2[0]).Mul(c.X.Exp(p.Ch[1])) + e2[1] = G.Exp(p.R2[1]).Mul(c.X_.Exp(p.Ch[1])) + e2[2] = G.Exp(p.R2[2]).Mul(c.A.Exp(p.Ch[1])) + + e2_[0] = c.Y.Exp(p.R2[0]).Mul(c.Z.Exp(p.Ch[1])) + e2_[1] = c.R_.Exp(p.R2[1]).Mul(c.Z_.Exp(p.Ch[1])) + e2_[2] = c.B.Exp(p.R2[2]).Mul(c.C.Exp(p.Ch[1])) + + e3[0] = G.Exp(p.R3[0]).Mul(c.X.Exp(p.Ch[2])) + e3[1] = G.Exp(p.R3[1]).Mul(c.X_.Exp(p.Ch[2])) + + e3_[0] = c.Y.Exp(p.R3[0]).Mul(c.Z.Exp(p.Ch[2])) + e3_[1] = c.Y_.Exp(p.R3[1]).Mul(c.Z_.Exp(p.Ch[2])) + + points := []*Point{G, c.A, c.B, c.C, c.R, c.X, c.Y, c.Z, c.R_, c.X_, c.Y_, c.Z_} + points = append(points, e1[:]...) + points = append(points, e2[:]...) + points = append(points, e3[:]...) + points = append(points, e1_[:]...) + points = append(points, e2_[:]...) + points = append(points, e3_[:]...) + + ch := Challenge(points...) + + return p.Ch[0].Add(p.Ch[1]).Add(p.Ch[2]).Equal(ch) + +} |