pedersen-commitment-0.2.0: An implementation of Pedersen commitment schemes

Safe HaskellNone




The Pedersen commitment scheme has three operations:

  • Setup
  • Commit
  • Open


Safe Prime Field Pedersen Commitments

data Pedersen Source #



data CommitParams Source #




newtype Commitment Source #



data Reveal Source #




setup :: MonadRandom m => Int -> m (Integer, CommitParams) Source #

Generates a Safe Prime Field (p,q,g) and a random value \(a \in Z_q\) such that \(g^a = h\), where g and h are the bases to be used in the pedersen commit function.

commit :: MonadRandom m => Integer -> CommitParams -> m Pedersen Source #

Commit a value by generating a random number \(r \in Z_q\) and computing \(C(x) = g^x \cdot h^r\) where x is the value to commit

open :: CommitParams -> Commitment -> Reveal -> Bool Source #

Open the commit by supplying the value commited, x, the random value r and the pedersen bases g and h, and verifying that \(C(x) \overset{!}{=} g^x * h^r\)

addCommitments :: CommitParams -> Commitment -> Commitment -> Commitment Source #

This addition should be recorded as the previous commits are unable to be extracted from this new commitment. The only way to open this commiment is to tell the committing party the two commitments that were added so that the commitment can be validated and opening parameters can be created.

verifyAddCommitments :: CommitParams -> Pedersen -> Pedersen -> Pedersen Source #

This function validates a homomorphic addition of two commitments using the original pedersen commits and reveals to compute the new commitment without homomorphic addition.

verifyCommitParams :: Integer -> CommitParams -> Bool Source #

Check that `g^a = h` to verify integrity of a counterparty's commitment

Elliptic Curve Pedersen Commitments

data ECCommitParams Source #




ecSetup :: MonadRandom m => Maybe CurveName -> m ECCommitParams Source #

Setup EC Pedersen commit params, defaults to curve secp256k1

ecAddCommitments :: ECCommitParams -> ECCommitment -> ECCommitment -> ECCommitment Source #

In order for this resulting commitment to be opened, the commiter must construct a new set of reveal parameters. The new reveal is then sent to the counterparty to open the homomorphically added commitment.

ecVerifyAddCommitments :: ECCommitParams -> ECPedersen -> ECPedersen -> ECPedersen Source #

Verify the addition of two EC Pedersen Commitments by constructing the new Pedersen commitment on the uncommitted values.

ecAddInteger :: ECCommitParams -> ECCommitment -> Integer -> ECCommitment Source #

Add an integer to the committed value. The committer should be informed of the integer added to the commitment so that a valid pedersen reveal can be constructed and the resulting commitment can be opened