@cloudflare/zkp-ecdsa
Version:
zkp-ecdsa: A Typescript Implementation of ZKAttest
82 lines • 3.77 kB
JavaScript
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
import { Group, hashPoints } from '../curves/group.js';
import { MultiMult, Relation } from '../curves/multimult.js';
import { jsonMember, jsonObject, toJson } from 'typedjson';
import { rnd } from '../bignum/big.js';
let EqualityProof = class EqualityProof {
constructor(A_1, A_2, t_x, t_r1, t_r2) {
this.A_1 = A_1;
this.A_2 = A_2;
this.t_x = t_x;
this.t_r1 = t_r1;
this.t_r2 = t_r2;
}
eq(o) {
return (this.A_1.eq(o.A_1) &&
this.A_2.eq(o.A_2) &&
this.t_x.eq(o.t_x) &&
this.t_r1.eq(o.t_r1) &&
this.t_r2.eq(o.t_r2));
}
};
__decorate([
jsonMember({ constructor: Group.Point, isRequired: true }),
__metadata("design:type", Group.Point)
], EqualityProof.prototype, "A_1", void 0);
__decorate([
jsonMember({ constructor: Group.Point, isRequired: true }),
__metadata("design:type", Group.Point)
], EqualityProof.prototype, "A_2", void 0);
__decorate([
jsonMember({ constructor: Group.Scalar, isRequired: true }),
__metadata("design:type", Group.Scalar)
], EqualityProof.prototype, "t_x", void 0);
__decorate([
jsonMember({ constructor: Group.Scalar, isRequired: true }),
__metadata("design:type", Group.Scalar)
], EqualityProof.prototype, "t_r1", void 0);
__decorate([
jsonMember({ constructor: Group.Scalar, isRequired: true }),
__metadata("design:type", Group.Scalar)
], EqualityProof.prototype, "t_r2", void 0);
EqualityProof = __decorate([
jsonObject,
toJson,
__metadata("design:paramtypes", [Group.Point, Group.Point, Group.Scalar, Group.Scalar, Group.Scalar])
], EqualityProof);
export { EqualityProof };
export async function proveEquality(params, x, C1, C2) {
const k = rnd(params.c.order), A1 = params.commit(k), A2 = params.commit(k), c = await hashPoints('SHA-256', [C1.p, C2.p, A1.p, A2.p]), cc = params.c.newScalar(c), xx = params.c.newScalar(x), kk = params.c.newScalar(k), tx = kk.sub(cc.mul(xx)), tr1 = A1.r.sub(cc.mul(C1.r)), tr2 = A2.r.sub(cc.mul(C2.r));
return new EqualityProof(A1.p, A2.p, tx, tr1, tr2);
}
export async function verifyEquality(params, C1, C2, pi) {
const multi = new MultiMult(params.c), ok = await aggregateEquality(params, C1, C2, pi, multi);
if (!ok) {
return false;
}
return multi.evaluate().isIdentity();
}
export async function aggregateEquality(params, C1, C2, pi, multi) {
const challenge = await hashPoints('SHA-256', [C1, C2, pi.A_1, pi.A_2]), cc = params.c.newScalar(challenge), A1rel = new Relation(params.c);
A1rel.insert(params.g, pi.t_x);
A1rel.insert(params.h, pi.t_r1);
A1rel.insert(C1, cc);
A1rel.insert(pi.A_1.neg(), params.c.newScalar(BigInt(1)));
const A2rel = new Relation(params.c);
A2rel.insert(params.g, pi.t_x);
A2rel.insert(params.h, pi.t_r2);
A2rel.insert(C2, cc);
A2rel.insert(pi.A_2.neg(), params.c.newScalar(BigInt(1)));
A1rel.drain(multi);
A2rel.drain(multi);
return true;
}
//# sourceMappingURL=equality.js.map