Zero Knowledge Proofs #2
Conversation
pkg/encryption/elgamal/common.go
Outdated
| @@ -12,6 +14,11 @@ import ( | |||
| // H_STRING H is a random point on the elliptic curve that is unrelated to G. | |||
| const H_STRING = "gPt25pi0eDphSiXWu0BIeIvyVATCtwhslTqfqvNhW2c" | |||
|
|
|||
| // GenerateKey generates a new ECDSA key pair. | |||
| func GenerateKey() (*ecdsa.PrivateKey, error) { | |||
There was a problem hiding this comment.
This seems to be useful more as a testing function? Should we still export this?
There was a problem hiding this comment.
If we do want to export it we could consider renaming it since it may be misleading
There was a problem hiding this comment.
This is used for testing, but across multiple packages.
There was a problem hiding this comment.
Gotcha, any way to rename this or move this to some test utils file?
This is exposed to user as elgamal.GenerateKey(), which might be confusing (since it might suggest the generation of a el gamal Private Key or el gamal Public Key). Maybe just rename to GenerateEcdsaKey?
pkg/zkproofs/range.go
Outdated
| } | ||
|
|
||
| // VerifyRangeProof verifies the range proof for the given ciphertext | ||
| func VerifyRangeProof(proof *RangeProof, ciphertext *elgamal.Ciphertext) (bool, error) { |
There was a problem hiding this comment.
Similar comment as above, we could consider adding the upperBound to this method as well, since it should be up to the verifier to determine what upper bound they want to check for (just that the associated proof should not work if it's not meant for that upper bound)
|
@mj850 addressed most comments. Ptal |
| // Step 0: Recompute the challenge using the Fiat-Shamir heuristic. | ||
| transcript := NewProofTranscript() | ||
| transcript.AppendMessage("C1", proof.Commitment1.ToAffineCompressed()) | ||
| transcript.AppendMessage("C2", proof.Commitment2.ToAffineCompressed()) |
There was a problem hiding this comment.
Think we want to add ct.C and ct.D to the challenge as well so the proof can only be used as for the specific ciphertext.
| // the proof cannot be for some other set of values. | ||
| transcript := NewProofTranscript() | ||
| transcript.AppendMessage("C1", Commitment1.ToAffineCompressed()) | ||
| transcript.AppendMessage("C2", Commitment2.ToAffineCompressed()) |
There was a problem hiding this comment.
Think we need to add ciphertext.C and ciphertext.D to the challenge transcript here as well to bind the proof to the specific ciphertext.
| @@ -0,0 +1,39 @@ | |||
| package zkproofs | |||
There was a problem hiding this comment.
Nit: Should we rename this file to proof_transcript.go
|
@mj850 addressed comments, please have another look |
This PR contains the following zero knowledge proofs:
Tests: