zk

package

v0.0.0-...-37b37ea Latest Latest Go to latest Published: Nov 16, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Caqil/mpc-tss

Links

Open Source Insights

Documentation ¶

Overview ¶

Package zk implements zero-knowledge proof systems for MPC-TSS

Index ¶

Variables
func VerifyCompactSchnorr(proof *CompactSchnorrProof, publicPoint *curve.Point, c curve.Curve, ...) bool
type BitProof
- func (bp *BitProof) Verify(bitCommitment *commitment.PedersenCommitment, gp *commitment.GeneratorPair) bool
type CompactSchnorrProof
type DLogEqualityProof
- func ProveDLogEquality(secret *big.Int, base1, base2, public1, public2 *curve.Point, c curve.Curve, ...) (*DLogEqualityProof, error)
- func (dep *DLogEqualityProof) Verify(base1, base2, public1, public2 *curve.Point, context []byte) bool
type RangeProof
- func ProveRange(value *big.Int, valueCommitment *commitment.PedersenCommitment, ...) (*RangeProof, error)
- func (rp *RangeProof) Verify(valueCommitment *commitment.PedersenCommitment, gp *commitment.GeneratorPair) bool
type SchnorrBatchProof
- func ProveBatchSchnorr(secrets []*big.Int, publicPoints []*curve.Point, c curve.Curve, context []byte) (*SchnorrBatchProof, error)
- func (sbp *SchnorrBatchProof) VerifyBatch(publicPoints []*curve.Point, context []byte) bool
type SchnorrProof
- func ProveSchnorr(secret *big.Int, publicPoint *curve.Point, c curve.Curve, context []byte) (*SchnorrProof, error)
- func (sp *SchnorrProof) ToCompact() *CompactSchnorrProof
- func (sp *SchnorrProof) Verify(publicPoint *curve.Point, context []byte) bool

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNilSecret is returned when a nil secret is provided
	ErrNilSecret = errors.New("secret cannot be nil")

	// ErrNilPublicPoint is returned when a nil public point is provided
	ErrNilPublicPoint = errors.New("public point cannot be nil")

	// ErrNilCurve is returned when a nil curve is provided
	ErrNilCurve = errors.New("curve cannot be nil")

	// ErrInvalidWitness is returned when the witness doesn't satisfy the relation
	ErrInvalidWitness = errors.New("invalid witness: does not satisfy the relation")

	// ErrInvalidProof is returned when proof verification fails
	ErrInvalidProof = errors.New("invalid proof")

	// ErrMismatchedLengths is returned when array lengths don't match
	ErrMismatchedLengths = errors.New("mismatched array lengths")

	// ErrInvalidRange is returned when a value is outside valid range
	ErrInvalidRange = errors.New("value outside valid range")

	// ErrNilValue is returned when a nil value is provided
	ErrNilValue = errors.New("value cannot be nil")

	// ErrInvalidCommitment is returned when a commitment is invalid
	ErrInvalidCommitment = errors.New("invalid commitment")
)

Functions ¶

func VerifyCompactSchnorr ¶

func VerifyCompactSchnorr(proof *CompactSchnorrProof, publicPoint *curve.Point, c curve.Curve, context []byte) bool

VerifyCompact verifies a compact proof

Types ¶

type BitProof ¶

type BitProof struct {
	// Proof0 is a Schnorr proof assuming bit = 0
	Proof0 *SchnorrProof

	// Proof1 is a Schnorr proof assuming bit = 1
	Proof1 *SchnorrProof

	// Challenge is the Fiat-Shamir challenge
	Challenge *big.Int
}

BitProof proves a committed value is either 0 or 1

func (*BitProof) Verify ¶

func (bp *BitProof) Verify(bitCommitment *commitment.PedersenCommitment, gp *commitment.GeneratorPair) bool

Verify verifies a bit proof

type CompactSchnorrProof ¶

type CompactSchnorrProof struct {
	Challenge *big.Int
	Response  *big.Int
}

CompactSchnorrProof is a space-optimized Schnorr proof Only stores Response and Challenge (Commitment can be recomputed)

type DLogEqualityProof ¶

type DLogEqualityProof struct {
	// Commitment1 is k*G1
	Commitment1 *curve.Point

	// Commitment2 is k*G2
	Commitment2 *curve.Point

	// Challenge is the Fiat-Shamir challenge
	Challenge *big.Int

	// Response is z = k + e*x
	Response *big.Int

	// Curve for operations
	Curve curve.Curve
}

DLogEqualityProof proves that two points have the same discrete log Proves: Y1 = x*G1 and Y2 = x*G2 for the same secret x

func ProveDLogEquality ¶

func ProveDLogEquality(secret *big.Int, base1, base2, public1, public2 *curve.Point, c curve.Curve, context []byte) (*DLogEqualityProof, error)

ProveDLogEquality creates a proof that two points share the same discrete log

func (*DLogEqualityProof) Verify ¶

func (dep *DLogEqualityProof) Verify(base1, base2, public1, public2 *curve.Point, context []byte) bool

Verify verifies the discrete log equality proof

type RangeProof ¶

type RangeProof struct {
	// BitCommitments are Pedersen commitments to each bit
	BitCommitments []*commitment.PedersenCommitment

	// BitProofs prove each commitment opens to 0 or 1
	BitProofs []*BitProof

	// AggregateProof proves the bits sum to the committed value
	AggregateProof *SchnorrProof

	// NumBits is the bit length (value < 2^NumBits)
	NumBits int
}

RangeProof proves that a committed value is in a specific range [0, 2^n) without revealing the value itself

func ProveRange ¶

func ProveRange(value *big.Int, valueCommitment *commitment.PedersenCommitment, gp *commitment.GeneratorPair, numBits int) (*RangeProof, error)

ProveRange creates a range proof for a committed value Proves that value ∈ [0, 2^numBits) without revealing value

func (*RangeProof) Verify ¶

func (rp *RangeProof) Verify(valueCommitment *commitment.PedersenCommitment, gp *commitment.GeneratorPair) bool

Verify verifies the range proof

type SchnorrBatchProof ¶

type SchnorrBatchProof struct {
	// Proofs is the list of individual proofs
	Proofs []*SchnorrProof

	// AggregateChallenge is the combined challenge (optional optimization)
	AggregateChallenge *big.Int
}

SchnorrBatchProof represents a batch Schnorr proof for multiple secrets

func ProveBatchSchnorr ¶

func ProveBatchSchnorr(secrets []*big.Int, publicPoints []*curve.Point, c curve.Curve, context []byte) (*SchnorrBatchProof, error)

ProveBatchSchnorr creates proofs for multiple discrete logs efficiently

func (*SchnorrBatchProof) VerifyBatch ¶

func (sbp *SchnorrBatchProof) VerifyBatch(publicPoints []*curve.Point, context []byte) bool

VerifyBatch verifies all proofs in the batch

type SchnorrProof ¶

type SchnorrProof struct {
	// Commitment is the prover's commitment R = k*G
	Commitment *curve.Point

	// Challenge is the Fiat-Shamir challenge e = H(G, Y, R, context)
	Challenge *big.Int

	// Response is z = k + e*x mod n
	Response *big.Int

	// Curve is the elliptic curve being used
	Curve curve.Curve
}

SchnorrProof represents a Schnorr proof of knowledge of discrete logarithm Proves knowledge of x such that Y = x*G without revealing x

func ProveSchnorr ¶

func ProveSchnorr(secret *big.Int, publicPoint *curve.Point, c curve.Curve, context []byte) (*SchnorrProof, error)

ProveSchnorr creates a Schnorr proof of knowledge of discrete log Proves knowledge of secret such that publicPoint = secret * G Uses Fiat-Shamir heuristic for non-interactive proof

func (*SchnorrProof) ToCompact ¶

func (sp *SchnorrProof) ToCompact() *CompactSchnorrProof

ToCompact converts a standard proof to compact form

func (*SchnorrProof) Verify ¶

func (sp *SchnorrProof) Verify(publicPoint *curve.Point, context []byte) bool

VerifySchnorr verifies a Schnorr proof Checks that z*G = R + e*Y

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL