UNPKG

@cloudflare/zkp-ecdsa

Version:

zkp-ecdsa: A Typescript Implementation of ZKAttest

github.com/cloudflare/zkp-ecdsa

cloudflare/zkp-ecdsa

133 lines 6.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; import { Group, hashPoints } from '../curves/group.js'; import { MultiMult, Relation } from '../curves/multimult.js'; import { jsonMember, jsonObject, toJson } from 'typedjson'; import { rnd } from '../bignum/big.js'; let MultProof = class MultProof { constructor(C_4, A_x, A_y, A_z, A_4_1, A_4_2, t_x, t_y, t_z, t_rx, t_ry, t_rz, t_r4) { this.C_4 = C_4; this.A_x = A_x; this.A_y = A_y; this.A_z = A_z; this.A_4_1 = A_4_1; this.A_4_2 = A_4_2; this.t_x = t_x; this.t_y = t_y; this.t_z = t_z; this.t_rx = t_rx; this.t_ry = t_ry; this.t_rz = t_rz; this.t_r4 = t_r4; } eq(o) { return (this.C_4.eq(o.C_4) && this.A_x.eq(o.A_x) && this.A_y.eq(o.A_y) && this.A_z.eq(o.A_z) && this.A_4_1.eq(o.A_4_1) && this.A_4_2.eq(o.A_4_2) && this.t_x.eq(o.t_x) && this.t_y.eq(o.t_y) && this.t_z.eq(o.t_z) && this.t_rx.eq(o.t_rx) && this.t_ry.eq(o.t_ry) && this.t_rz.eq(o.t_rz) && this.t_r4.eq(o.t_r4)); } }; __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], MultProof.prototype, "C_4", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], MultProof.prototype, "A_x", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], MultProof.prototype, "A_y", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], MultProof.prototype, "A_z", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], MultProof.prototype, "A_4_1", void 0); __decorate([ jsonMember({ constructor: Group.Point, isRequired: true }), __metadata("design:type", Group.Point) ], MultProof.prototype, "A_4_2", void 0); __decorate([ jsonMember({ constructor: Group.Scalar, isRequired: true }), __metadata("design:type", Group.Scalar) ], MultProof.prototype, "t_x", void 0); __decorate([ jsonMember({ constructor: Group.Scalar, isRequired: true }), __metadata("design:type", Group.Scalar) ], MultProof.prototype, "t_y", void 0); __decorate([ jsonMember({ constructor: Group.Scalar, isRequired: true }), __metadata("design:type", Group.Scalar) ], MultProof.prototype, "t_z", void 0); __decorate([ jsonMember({ constructor: Group.Scalar, isRequired: true }), __metadata("design:type", Group.Scalar) ], MultProof.prototype, "t_rx", void 0); __decorate([ jsonMember({ constructor: Group.Scalar, isRequired: true }), __metadata("design:type", Group.Scalar) ], MultProof.prototype, "t_ry", void 0); __decorate([ jsonMember({ constructor: Group.Scalar, isRequired: true }), __metadata("design:type", Group.Scalar) ], MultProof.prototype, "t_rz", void 0); __decorate([ jsonMember({ constructor: Group.Scalar, isRequired: true }), __metadata("design:type", Group.Scalar) ], MultProof.prototype, "t_r4", void 0); MultProof = __decorate([ jsonObject, toJson, __metadata("design:paramtypes", [Group.Point, Group.Point, Group.Point, Group.Point, Group.Point, Group.Point, Group.Scalar, Group.Scalar, Group.Scalar, Group.Scalar, Group.Scalar, Group.Scalar, Group.Scalar]) ], MultProof); export { MultProof }; export async function proveMult(params, x, y, z, Cx, Cy, Cz) { const xx = params.c.newScalar(x), C4 = Cy.p.mul(xx), r4 = Cy.r.mul(xx), k_x = rnd(params.c.order), k_y = rnd(params.c.order), k_z = rnd(params.c.order), kx = params.c.newScalar(k_x), Ax = params.commit(k_x), Ay = params.commit(k_y), Az = params.commit(k_z), A4_1 = params.commit(k_z), A4_2 = Cy.p.mul(kx), c = await hashPoints('SHA-256', [Cx.p, Cy.p, Cz.p, C4, Ax.p, Ay.p, Az.p, A4_1.p, A4_2]), cc = params.c.newScalar(c), ky = params.c.newScalar(k_y), kz = params.c.newScalar(k_z), yy = params.c.newScalar(y), zz = params.c.newScalar(z), t_x = kx.sub(cc.mul(xx)), t_y = ky.sub(cc.mul(yy)), t_z = kz.sub(cc.mul(zz)), t_rx = Ax.r.sub(cc.mul(Cx.r)), t_ry = Ay.r.sub(cc.mul(Cy.r)), t_rz = Az.r.sub(cc.mul(Cz.r)), t_r4 = A4_1.r.sub(cc.mul(r4)); return new MultProof(C4, Ax.p, Ay.p, Az.p, A4_1.p, A4_2, t_x, t_y, t_z, t_rx, t_ry, t_rz, t_r4); } export async function verifyMult(params, Cx, Cy, Cz, pi) { const multi = new MultiMult(params.c), ok = await aggregateMult(params, Cx, Cy, Cz, pi, multi); if (!ok) { return false; } return multi.evaluate().isIdentity(); } export async function aggregateMult(params, Cx, Cy, Cz, pi, multi) { const challenge = await hashPoints('SHA-256', [Cx, Cy, Cz, pi.C_4, pi.A_x, pi.A_y, pi.A_z, pi.A_4_1, pi.A_4_2]), cc = params.c.newScalar(challenge), A_xrel = new Relation(params.c); A_xrel.insertM([params.g, params.h, Cx, pi.A_x.neg()], [pi.t_x, pi.t_rx, cc, params.c.newScalar(BigInt(1))]); const A_yrel = new Relation(params.c); A_yrel.insertM([params.g, params.h, Cy, pi.A_y.neg()], [pi.t_y, pi.t_ry, cc, params.c.newScalar(BigInt(1))]); const A_zrel = new Relation(params.c); A_zrel.insertM([params.g, params.h, Cz, pi.A_z.neg()], [pi.t_z, pi.t_rz, cc, params.c.newScalar(BigInt(1))]); const A_4_1rel = new Relation(params.c); A_4_1rel.insertM([params.g, params.h, pi.C_4, pi.A_4_1.neg()], [pi.t_z, pi.t_r4, cc, params.c.newScalar(BigInt(1))]); const A_4_2rel = new Relation(params.c); A_4_2rel.insertM([Cy, pi.C_4, pi.A_4_2.neg()], [pi.t_x, cc, params.c.newScalar(BigInt(1))]); A_xrel.drain(multi); A_yrel.drain(multi); A_zrel.drain(multi); A_4_1rel.drain(multi); A_4_2rel.drain(multi); return true; } //# sourceMappingURL=mult.js.map