bulletproofs-0.2.0

Safe HaskellNone
LanguageHaskell2010

Bulletproofs.InnerProductProof

Synopsis

Documentation

generateProof Source #

Arguments

:: InnerProductBase

Generators Gs, Hs, h

-> Point

Commitment P = A + xS − zG + (z*y^n + z^2 * 2^n) * hs' of vectors l and r whose inner product is t

-> InnerProductWitness

Vectors l and r that hide bit vectors aL and aR, respectively

-> InnerProductProof 

Generate proof that a witness l, r satisfies the inner product relation on public input (Gs, Hs, h)

verifyProof Source #

Arguments

:: Integer

Range upper bound

-> InnerProductBase

Generators Gs, Hs, h

-> Point

Commitment P

-> InnerProductProof

Proof that a secret committed value lies in a certain interval

-> Bool 

Optimized non-interactive verifier using multi-exponentiation and batch verification

data InnerProductProof Source #

Constructors

InnerProductProof 

Fields

  • lCommits :: [Point]

    Vector of commitments of the elements in the original vector l whose size is the logarithm of base 2 of the size of vector l

  • rCommits :: [Point]

    Vector of commitments of the elements in the original vector r whose size is the logarithm of base 2 of the size of vector r

  • l :: Fq

    Remaining element of vector l at the end of the recursive algorithm that generates the inner-product proof

  • r :: Fq

    Remaining element of vector r at the end of the recursive algorithm that generates the inner-product proof

data InnerProductBase Source #

Constructors

InnerProductBase 

Fields

  • bGs :: [Point]

    Independent generator Gs ∈ G^n

  • bHs :: [Point]

    Independent generator Hs ∈ G^n

  • bH :: Point

    Internally fixed group element H ∈ G for which there is no known discrete-log relation among Gs, Hs, bG

data InnerProductWitness Source #

Constructors

InnerProductWitness 

Fields

  • ls :: [Fq]

    Vector of values l that the prover uses to compute lCommits in the recursive inner product algorithm

  • rs :: [Fq]

    Vector of values r that the prover uses to compute rCommits in the recursive inner product algorithm