pedersen commitment combination证明
程序员文章站
2022-07-09 11:50:23
...
1. Zexe中的pedersen commitment
Zexe中基于的是pairing based曲线。
Zexe中的pedersen commitment 为Pedersen CRH,当做时,若的值大于15(如3*6=18时),则assert失败。细节原因待查?
以下代码可证明
let input = [1u8;1];
let rng = &mut thread_rng();
type TestCOMM = PedersenCommitment<JubJub, Window>;
type TestCOMMGadget = PedersenCommitmentGadget<JubJub, Fq, JubJubGadget>;
let randomness = PedersenRandomness(Fr::rand(rng));
let parameters = PedersenCommitment::<JubJub, Window>::setup(rng).unwrap();
let primitive_result =
PedersenCommitment::<JubJub, Window>::commit(¶meters, &input, &randomness).unwrap();
let input_2 = [2u8;1];
let randomness_2 = PedersenRandomness(Fr::rand(rng));
let primitive_result_2 =
PedersenCommitment::<JubJub, Window>::commit(¶meters, &input_2, &randomness_2).unwrap();
let randomness_3 = PedersenRandomness(randomness.0 + &randomness_2.0);
let input_3 = [3u8;1];
let primitive_result_3 =
PedersenCommitment::<JubJub, Window>::commit(¶meters, &input_3, &randomness_3).unwrap();
assert_eq!(primitive_result+&primitive_result_2, primitive_result_3);
2. Qesa中的pedersen commitment
Qesa中基于的是curve25519。
任意取值均可通过
#[test]
fn test_commitment_combination() {
let n = 1;
let mut rng = rand::thread_rng();
let G: Vec<RistrettoPoint> = (0..n).map(|_| RistrettoPoint::random(&mut rng)).collect();
let G0: RistrettoPoint = RistrettoPoint::random(&mut rng);
let w_1 = Scalar::random(&mut rng);
let w_2 = Scalar::random(&mut rng);
let r_1 = Scalar::random(&mut rng);
let r_2 = Scalar::random(&mut rng);
let c_1 = pedersen_commit(&G0, &G.clone(), &vec![w_1.clone()], &r_1);
let c_2 = pedersen_commit(&G0, &G.clone(), &vec![w_2.clone()], &r_2);
let a_1 = &Scalar::random(&mut rng);
let a_2 = &Scalar::random(&mut rng);
let w_combined = &w_1 * a_1 + &w_2 * a_2;
let r_combined = &r_1 * a_1 + &r_2 * a_2;
let c_combined = pedersen_commit(&G0, &G.clone(), &vec![w_combined.clone()], &r_combined);
assert_eq!(a_1 * &c_1 + a_2*&c_2, c_combined);
}
上一篇: 数字签名加密
下一篇: Avro Schemas