Documentation
¶
Overview ¶
Package commitment provides cryptographic commitment schemes for zero-knowledge proofs and secure multi-party computation
Index ¶
- Variables
- func VerifyCommitmentToCurvePoint(commitmentBytes []byte, point *curve.Point, decommit []byte, c curve.Curve, ...) bool
- func VerifyHashCommitment(commitmentHash, value, nonce []byte, timestamp int64, context []byte) bool
- type Commitment
- type GeneratorPair
- type HashCommitment
- type PedersenCommitment
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNilCurve is returned when a nil curve is provided ErrNilCurve = errors.New("curve cannot be nil") // ErrNilValue is returned when a nil value is provided ErrNilValue = errors.New("value cannot be nil") // ErrNilScalar is returned when a nil scalar is provided ErrNilScalar = errors.New("scalar cannot be nil") // ErrEmptyValue is returned when an empty value is provided ErrEmptyValue = errors.New("value cannot be empty") // ErrEmptyValues is returned when an empty values slice is provided ErrEmptyValues = errors.New("values cannot be empty") // ErrNilCommitment is returned when a nil commitment is provided ErrNilCommitment = errors.New("commitment cannot be nil") // ErrCurveMismatch is returned when commitments use different curves ErrCurveMismatch = errors.New("commitments must use the same curve") // ErrInvalidOpening is returned when commitment opening verification fails ErrInvalidOpening = errors.New("commitment opening verification failed") // ErrInvalidCommitment is returned when a commitment is invalid ErrInvalidCommitment = errors.New("invalid commitment") )
Functions ¶
Types ¶
type Commitment ¶
type Commitment struct {
// C is the commitment value (point on curve)
C *curve.Point
// Curve is the elliptic curve being used
Curve curve.Curve
}
Commitment represents a cryptographic commitment
type GeneratorPair ¶
type GeneratorPair struct {
G curve.Curve // Primary generator (base point)
H *curve.Point // Secondary generator
}
GeneratorPair represents a pair of generators for Pedersen commitments
func NewGeneratorPair ¶
func NewGeneratorPair(c curve.Curve) (*GeneratorPair, error)
NewGeneratorPair creates a new generator pair for Pedersen commitments H is derived deterministically from G using RFC 9380 hash-to-curve
func (*GeneratorPair) BatchCommit ¶
func (gp *GeneratorPair) BatchCommit(values []*big.Int) ([]*PedersenCommitment, error)
BatchCommit creates commitments for multiple values with a single blinding factor This is more efficient for batch operations
func (*GeneratorPair) Commit ¶
func (gp *GeneratorPair) Commit(value *big.Int, blinding *big.Int) (*PedersenCommitment, error)
Commit creates a Pedersen commitment: C = value*G + blinding*H If blinding is nil, a random blinding factor is generated
type HashCommitment ¶
type HashCommitment struct {
// CommitmentHash is the cryptographic commitment
CommitmentHash []byte
// Nonce is the opening nonce (kept secret until reveal)
Nonce []byte
// Value is the committed value (kept secret until reveal)
Value []byte
// Timestamp prevents replay attacks
Timestamp int64
// Context provides domain separation
Context []byte
}
HashCommitment represents a hash-based commitment with proper structure
func BatchHashCommit ¶
func BatchHashCommit(values [][]byte, context []byte) ([]*HashCommitment, error)
BatchHashCommit creates multiple hash commitments efficiently
func NewHashCommitment ¶
func NewHashCommitment(value []byte, context []byte) (*HashCommitment, error)
NewHashCommitment creates a production-grade hash-based commitment Uses HMAC-SHA256 with domain separation and replay protection
func (*HashCommitment) GetCommitmentValue ¶
func (hc *HashCommitment) GetCommitmentValue() []byte
GetCommitmentValue returns the commitment hash (safe to share publicly)
func (*HashCommitment) Reveal ¶
func (hc *HashCommitment) Reveal() (value, nonce []byte, timestamp int64, context []byte)
Reveal returns the opening information for verification
func (*HashCommitment) Verify ¶
func (hc *HashCommitment) Verify() bool
Verify verifies a hash commitment with all security checks
type PedersenCommitment ¶
type PedersenCommitment struct {
*Commitment
// Value is the committed value
Value *big.Int
// Blinding is the random blinding factor
Blinding *big.Int
}
PedersenCommitment represents a Pedersen commitment with its opening
func AddCommitments ¶
func AddCommitments(c1, c2 *PedersenCommitment) (*PedersenCommitment, error)
AddCommitments adds two Pedersen commitments homomorphically C1 + C2 = (v1*G + r1*H) + (v2*G + r2*H) = (v1+v2)*G + (r1+r2)*H
func CommitToCurvePoint ¶
func CommitToCurvePoint(point *curve.Point, c curve.Curve, context []byte) (*PedersenCommitment, []byte, error)
CommitToCurvePoint creates a hash commitment to a curve point Returns (commitment, decommitment, error) The decommitment includes both nonce and timestamp
func ScalarMulCommitment ¶
func ScalarMulCommitment(commitment *PedersenCommitment, scalar *big.Int) (*PedersenCommitment, error)
ScalarMulCommitment multiplies a commitment by a scalar k*C = k*(v*G + r*H) = (k*v)*G + (k*r)*H
func (*PedersenCommitment) Bytes ¶
func (pc *PedersenCommitment) Bytes() []byte
Bytes returns the serialized commitment
func (*PedersenCommitment) GetCommitment ¶
func (pc *PedersenCommitment) GetCommitment() *Commitment
GetCommitment returns just the commitment (without opening information)
func (*PedersenCommitment) Verify ¶
func (pc *PedersenCommitment) Verify(gp *GeneratorPair) bool
Verify verifies that the commitment opens to the given value and blinding
Source Files