pedersen-commitment-0.2.0: An implementation of Pedersen commitment schemes

Pedersen

Description

The Pedersen commitment scheme has three operations:

• Setup
• Commit
• Open

Synopsis

## Safe Prime Field Pedersen Commitments

data Pedersen Source #

Constructors

 Pedersen Fieldscommitment :: Commitment reveal :: Reveal

Constructors

 CommitParams FieldspedersenSPF :: SPFSafe prime field for pedersen commitmentpedersenH :: Integer$$h = g^a \mod p$$ where a is random

newtype Commitment Source #

Constructors

 Commitment FieldsunCommitment :: Integer

Instances

 Source # Methods

data Reveal Source #

Constructors

 Reveal FieldsrevealVal :: IntegerOriginal value comittedrevealExp :: Integerrandom exponent r, $$g^x \cdot h^r$$

setup :: MonadRandom m => Int -> m (Integer, CommitParams) Source #

Generates a Safe Prime Field (p,q,g) and a random value $$a \in Z_q$$ such that $$g^a = h$$, where g and h are the bases to be used in the pedersen commit function.

Commit a value by generating a random number $$r \in Z_q$$ and computing $$C(x) = g^x \cdot h^r$$ where x is the value to commit

Open the commit by supplying the value commited, x, the random value r and the pedersen bases g and h, and verifying that $$C(x) \overset{!}{=} g^x * h^r$$

This addition should be recorded as the previous commits are unable to be extracted from this new commitment. The only way to open this commiment is to tell the committing party the two commitments that were added so that the commitment can be validated and opening parameters can be created.

This function validates a homomorphic addition of two commitments using the original pedersen commits and reveals to compute the new commitment without homomorphic addition.

Check that g^a = h to verify integrity of a counterparty's commitment

## Elliptic Curve Pedersen Commitments

Constructors

 ECPedersen Fields

Constructors

 ECCommitParams FieldsecCurve :: Curve ecH :: Point

Constructors

 ECCommitment FieldsunECCommitment :: Point

Instances

 Source # Methods

data ECReveal Source #

Constructors

 ECReveal Fields

Setup EC Pedersen commit params, defaults to curve secp256k1

In order for this resulting commitment to be opened, the commiter must construct a new set of reveal parameters. The new reveal is then sent to the counterparty to open the homomorphically added commitment.

Verify the addition of two EC Pedersen Commitments by constructing the new Pedersen commitment on the uncommitted values.

Add an integer to the committed value. The committer should be informed of the integer added to the commitment so that a valid pedersen reveal can be constructed and the resulting commitment can be opened