Loading...
Searching...
No Matches
secp256k1_mpt.h File Reference
#include <secp256k1.h>#include <stdint.h>
Include dependency graph for secp256k1_mpt.h:
This graph shows which files directly or indirectly include this file:
Go to the source code of this file.
Functions | |
| SECP256K1_API int | secp256k1_elgamal_generate_keypair (const secp256k1_context *ctx, unsigned char *privkey, secp256k1_pubkey *pubkey) |
| Generates a new secp256k1 key pair. | |
| SECP256K1_API int | secp256k1_elgamal_encrypt (const secp256k1_context *ctx, secp256k1_pubkey *c1, secp256k1_pubkey *c2, const secp256k1_pubkey *pubkey_Q, uint64_t amount, const unsigned char *blinding_factor) |
| Encrypts a 64-bit amount using ElGamal. | |
| SECP256K1_API int | secp256k1_elgamal_decrypt (const secp256k1_context *ctx, uint64_t *amount, const secp256k1_pubkey *c1, const secp256k1_pubkey *c2, const unsigned char *privkey) |
| Decrypts an ElGamal ciphertext to recover the amount. | |
| SECP256K1_API int | secp256k1_elgamal_add (const secp256k1_context *ctx, secp256k1_pubkey *sum_c1, secp256k1_pubkey *sum_c2, const secp256k1_pubkey *a_c1, const secp256k1_pubkey *a_c2, const secp256k1_pubkey *b_c1, const secp256k1_pubkey *b_c2) |
| Homomorphically adds two ElGamal ciphertexts. | |
| SECP256K1_API int | secp256k1_elgamal_subtract (const secp256k1_context *ctx, secp256k1_pubkey *diff_c1, secp256k1_pubkey *diff_c2, const secp256k1_pubkey *a_c1, const secp256k1_pubkey *a_c2, const secp256k1_pubkey *b_c1, const secp256k1_pubkey *b_c2) |
| Homomorphically subtracts two ElGamal ciphertexts. | |
| SECP256K1_API int | generate_canonical_encrypted_zero (const secp256k1_context *ctx, secp256k1_pubkey *enc_zero_c1, secp256k1_pubkey *enc_zero_c2, const secp256k1_pubkey *pubkey, const unsigned char *account_id, const unsigned char *mpt_issuance_id) |
| Generates the canonical encrypted zero for a given MPT token instance. | |
| SECP256K1_API int | secp256k1_equality_plaintext_prove (const secp256k1_context *ctx, unsigned char *proof, const secp256k1_pubkey *c1, const secp256k1_pubkey *c2, const secp256k1_pubkey *pk_recipient, uint64_t amount, const unsigned char *randomness_r, const unsigned char *tx_context_id) |
| Generates a proof that an ElGamal ciphertext correctly encrypts a known plaintext m and that the prover knows the randomness r. | |
| SECP256K1_API int | secp256k1_equality_plaintext_verify (const secp256k1_context *ctx, const unsigned char *proof, const secp256k1_pubkey *c1, const secp256k1_pubkey *c2, const secp256k1_pubkey *pk_recipient, uint64_t amount, const unsigned char *tx_context_id) |
| Verifies a proof of knowledge of plaintext and randomness. | |
| SECP256K1_API int | secp256k1_mpt_prove_same_plaintext (const secp256k1_context *ctx, unsigned char *proof_out, const secp256k1_pubkey *R1, const secp256k1_pubkey *S1, const secp256k1_pubkey *P1, const secp256k1_pubkey *R2, const secp256k1_pubkey *S2, const secp256k1_pubkey *P2, uint64_t amount_m, const unsigned char *randomness_r1, const unsigned char *randomness_r2, const unsigned char *tx_context_id) |
| Generates a proof that two ciphertexts (under different keys) encrypt the same secret amount 'm'. | |
| SECP256K1_API int | secp256k1_mpt_verify_same_plaintext (const secp256k1_context *ctx, const unsigned char *proof, const secp256k1_pubkey *R1, const secp256k1_pubkey *S1, const secp256k1_pubkey *P1, const secp256k1_pubkey *R2, const secp256k1_pubkey *S2, const secp256k1_pubkey *P2, const unsigned char *tx_context_id) |
| Verifies a proof that two ciphertexts encrypt the same secret amount. | |
| SECP256K1_API size_t | secp256k1_mpt_prove_same_plaintext_multi_size (size_t n_ciphertexts) |
| Calculates the expected proof size for a given number of ciphertexts. | |
| SECP256K1_API int | secp256k1_mpt_prove_same_plaintext_multi (const secp256k1_context *ctx, unsigned char *proof_out, size_t *proof_len, uint64_t amount_m, size_t n_ciphertexts, const secp256k1_pubkey *R_array, const secp256k1_pubkey *S_array, const secp256k1_pubkey *Pk_array, const unsigned char *r_array, const unsigned char *tx_context_id) |
| Generates a proof that N ciphertexts encrypt the same secret amount 'm'. | |
| SECP256K1_API int | secp256k1_mpt_verify_same_plaintext_multi (const secp256k1_context *ctx, const unsigned char *proof, size_t proof_len, size_t n_ciphertexts, const secp256k1_pubkey *R_array, const secp256k1_pubkey *S_array, const secp256k1_pubkey *Pk_array, const unsigned char *tx_context_id) |
| Verifies a proof that N ciphertexts encrypt the same secret amount. | |
| SECP256K1_API int | secp256k1_bulletproof_create_commitment (const secp256k1_context *ctx, secp256k1_pubkey *commitment_C, uint64_t value, const unsigned char *blinding_factor, const secp256k1_pubkey *pk_base) |
| Computes a Pedersen Commitment: C = value*G + blinding_factor*Pk_base. | |
| int | secp256k1_bulletproof_prove (const secp256k1_context *ctx, unsigned char *proof_out, size_t *proof_len, uint64_t value, const unsigned char *blinding_factor, const secp256k1_pubkey *pk_base, const unsigned char *context_id, unsigned int proof_type) |
| int | secp256k1_bulletproof_verify (const secp256k1_context *ctx, const secp256k1_pubkey *G_vec, const secp256k1_pubkey *H_vec, const unsigned char *proof, size_t proof_len, const secp256k1_pubkey *commitment_C, const secp256k1_pubkey *pk_base, const unsigned char *context_id) |
| int | secp256k1_elgamal_pedersen_link_prove (const secp256k1_context *ctx, unsigned char *proof, const secp256k1_pubkey *c1, const secp256k1_pubkey *c2, const secp256k1_pubkey *pk, const secp256k1_pubkey *pcm, uint64_t amount, const unsigned char *r, const unsigned char *rho, const unsigned char *context_id) |
| Proves the link between an ElGamal ciphertext and a Pedersen commitment. | |
| int | secp256k1_elgamal_pedersen_link_verify (const secp256k1_context *ctx, const unsigned char *proof, const secp256k1_pubkey *c1, const secp256k1_pubkey *c2, const secp256k1_pubkey *pk, const secp256k1_pubkey *pcm, const unsigned char *context_id) |
| Verifies the link proof between ElGamal and Pedersen commitments. | |
| int | secp256k1_elgamal_verify_encryption (const secp256k1_context *ctx, const secp256k1_pubkey *c1, const secp256k1_pubkey *c2, const secp256k1_pubkey *pubkey_Q, uint64_t amount, const unsigned char *blinding_factor) |
| int | secp256k1_mpt_pok_sk_prove (const secp256k1_context *ctx, unsigned char *proof, const secp256k1_pubkey *pk, const unsigned char *sk, const unsigned char *context_id) |
| int | secp256k1_mpt_pok_sk_verify (const secp256k1_context *ctx, const unsigned char *proof, const secp256k1_pubkey *pk, const unsigned char *context_id) |
| int | secp256k1_mpt_pedersen_commit (const secp256k1_context *ctx, secp256k1_pubkey *commitment, uint64_t amount, const unsigned char *blinding_factor_rho) |
| Creates a Pedersen Commitment C = amount*G + rho*H. | |
| int | secp256k1_mpt_get_h_generator (const secp256k1_context *ctx, secp256k1_pubkey *h) |
| Derives the secondary base point (H) for Pedersen commitments. | |
| int | secp256k1_mpt_get_generator_vector (const secp256k1_context *ctx, secp256k1_pubkey *vec, size_t n, const unsigned char *label, size_t label_len) |
| Generates a vector of N independent NUMS generators. | |
| void | secp256k1_mpt_scalar_add (unsigned char *res, const unsigned char *a, const unsigned char *b) |
| void | secp256k1_mpt_scalar_mul (unsigned char *res, const unsigned char *a, const unsigned char *b) |
| void | secp256k1_mpt_scalar_inverse (unsigned char *res, const unsigned char *in) |
| void | secp256k1_mpt_scalar_negate (unsigned char *res, const unsigned char *in) |
| void | secp256k1_mpt_scalar_reduce32 (unsigned char out32[32], const unsigned char in32[32]) |
| size_t | secp256k1_mpt_proof_equality_shared_r_size (size_t n) |
| int | secp256k1_mpt_prove_equality_shared_r (const secp256k1_context *ctx, unsigned char *proof_out, uint64_t amount, const unsigned char *r_shared, size_t n, const secp256k1_pubkey *C1, const secp256k1_pubkey *C2_vec, const secp256k1_pubkey *Pk_vec, const unsigned char *context_id) |
| int | secp256k1_mpt_verify_equality_shared_r (const secp256k1_context *ctx, const unsigned char *proof, size_t n, const secp256k1_pubkey *C1, const secp256k1_pubkey *C2_vec, const secp256k1_pubkey *Pk_vec, const unsigned char *context_id) |
| int | secp256k1_bulletproof_prove_agg (const secp256k1_context *ctx, unsigned char *proof_out, size_t *proof_len, const uint64_t *values, const unsigned char *blindings_flat, size_t m, const secp256k1_pubkey *pk_base, const unsigned char *context_id) |
| int | secp256k1_bulletproof_verify_agg (const secp256k1_context *ctx, const secp256k1_pubkey *G_vec, const secp256k1_pubkey *H_vec, const unsigned char *proof, size_t proof_len, const secp256k1_pubkey *commitment_C_vec, size_t m, const secp256k1_pubkey *pk_base, const unsigned char *context_id) |
Function Documentation
◆ generate_canonical_encrypted_zero()
| SECP256K1_API int generate_canonical_encrypted_zero | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | enc_zero_c1, | ||
| secp256k1_pubkey * | enc_zero_c2, | ||
| const secp256k1_pubkey * | pubkey, | ||
| const unsigned char * | account_id, | ||
| const unsigned char * | mpt_issuance_id ) |
Generates the canonical encrypted zero for a given MPT token instance.
This ciphertext represents a zero balance for a specific account's holding of a token defined by its MPTokenIssuanceID.
- Parameters
-
[in] ctx A pointer to a valid secp256k1 context. [out] enc_zero_c1 The C1 component of the canonical ciphertext. [out] enc_zero_c2 The C2 component of the canonical ciphertext. [in] pubkey The ElGamal public key of the account holder. [in] account_id A pointer to the 20-byte AccountID. [in] mpt_issuance_id A pointer to the 24-byte MPTokenIssuanceID.
- Returns
- 1 on success, 0 on failure.
Definition at line 211 of file elgamal.c.
Here is the call graph for this function:
◆ secp256k1_bulletproof_create_commitment()
| SECP256K1_API int secp256k1_bulletproof_create_commitment | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | commitment_C, | ||
| uint64_t | value, | ||
| const unsigned char * | blinding_factor, | ||
| const secp256k1_pubkey * | pk_base ) |
Computes a Pedersen Commitment: C = value*G + blinding_factor*Pk_base.
This function creates the commitment point (C) that the Bulletproof proves the range of. Pk_base is the dynamic secondary generator (H).
- Parameters
-
[in] ctx A pointer to the context. [out] commitment_C The resulting commitment point C. [in] value The secret amount v (uint64_t). [in] blinding_factor The secret randomness r (32 bytes). [in] pk_base The recipient's public key (used as the H generator).
- Returns
- 1 on success, 0 on failure.
Computes the Pedersen Commitment: C = value*G + blinding_factor*Pk_base.
Definition at line 1061 of file bulletproof_aggregated.c.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ secp256k1_bulletproof_prove()
| int secp256k1_bulletproof_prove | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof_out, | ||
| size_t * | proof_len, | ||
| uint64_t | value, | ||
| const unsigned char * | blinding_factor, | ||
| const secp256k1_pubkey * | pk_base, | ||
| const unsigned char * | context_id, | ||
| unsigned int | proof_type ) |
◆ secp256k1_bulletproof_prove_agg()
| int secp256k1_bulletproof_prove_agg | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof_out, | ||
| size_t * | proof_len, | ||
| const uint64_t * | values, | ||
| const unsigned char * | blindings_flat, | ||
| size_t | m, | ||
| const secp256k1_pubkey * | pk_base, | ||
| const unsigned char * | context_id ) |
Generates an aggregated Bulletproof for m values.
This function constructs a range proof asserting that all m values are within the [0, 2^64) range. The proof is serialized into proof_out.
Inputs:
- values: Array of m 64-bit integers to prove.
- blindings_flat: Array of m 32-byte blinding factors (one per value).
- m: Number of values to aggregate (must be a power of 2).
- pk_base: Generator H used for the commitments (C = vG + rH).
- context_id: Optional 32-byte unique ID to bind the proof to a context.
Outputs:
- proof_out: Buffer to receive the serialized proof.
- proof_len: On input, size of proof_out. On output, actual proof size.
Returns 1 on success, 0 on failure.
Definition at line 1114 of file bulletproof_aggregated.c.
Here is the call graph for this function:
◆ secp256k1_bulletproof_verify()
| int secp256k1_bulletproof_verify | ( | const secp256k1_context * | ctx, |
| const secp256k1_pubkey * | G_vec, | ||
| const secp256k1_pubkey * | H_vec, | ||
| const unsigned char * | proof, | ||
| size_t | proof_len, | ||
| const secp256k1_pubkey * | commitment_C, | ||
| const secp256k1_pubkey * | pk_base, | ||
| const unsigned char * | context_id ) |
◆ secp256k1_bulletproof_verify_agg()
| int secp256k1_bulletproof_verify_agg | ( | const secp256k1_context * | ctx, |
| const secp256k1_pubkey * | G_vec, | ||
| const secp256k1_pubkey * | H_vec, | ||
| const unsigned char * | proof, | ||
| size_t | proof_len, | ||
| const secp256k1_pubkey * | commitment_C_vec, | ||
| size_t | m, | ||
| const secp256k1_pubkey * | pk_base, | ||
| const unsigned char * | context_id ) |
Verifies an aggregated Bulletproof range proof for m commitments.
Checks that the values committed in commitment_C_vec are all within the [0, 2^64) range.
Usage Notes:
- The generator vectors G_vec and H_vec must have length n = 64 * m.
- The commitment array commitment_C_vec must contain m elements. (For a single proof where m=1, pass a pointer to the single commitment).
- To bind commitments to the proof transcript, include them in the context_id hash before calling this function.
Serialized Proof Format:
- A, S, T1, T2 (4 * 33 bytes)
- L_vec (rounds * 33 bytes)
- R_vec (rounds * 33 bytes)
- a, b (2 * 32 bytes)
- t_hat, tau_x, mu (3 * 32 bytes)
Total Size: 292 + (66 * rounds) bytes, where rounds = log2(64 * m).
Returns 1 if valid, 0 otherwise.
Definition at line 1715 of file bulletproof_aggregated.c.
Here is the call graph for this function:
◆ secp256k1_elgamal_add()
| SECP256K1_API int secp256k1_elgamal_add | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | sum_c1, | ||
| secp256k1_pubkey * | sum_c2, | ||
| const secp256k1_pubkey * | a_c1, | ||
| const secp256k1_pubkey * | a_c2, | ||
| const secp256k1_pubkey * | b_c1, | ||
| const secp256k1_pubkey * | b_c2 ) |
◆ secp256k1_elgamal_decrypt()
| SECP256K1_API int secp256k1_elgamal_decrypt | ( | const secp256k1_context * | ctx, |
| uint64_t * | amount, | ||
| const secp256k1_pubkey * | c1, | ||
| const secp256k1_pubkey * | c2, | ||
| const unsigned char * | privkey ) |
◆ secp256k1_elgamal_encrypt()
| SECP256K1_API int secp256k1_elgamal_encrypt | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | c1, | ||
| secp256k1_pubkey * | c2, | ||
| const secp256k1_pubkey * | pubkey_Q, | ||
| uint64_t | amount, | ||
| const unsigned char * | blinding_factor ) |
◆ secp256k1_elgamal_generate_keypair()
| SECP256K1_API int secp256k1_elgamal_generate_keypair | ( | const secp256k1_context * | ctx, |
| unsigned char * | privkey, | ||
| secp256k1_pubkey * | pubkey ) |
◆ secp256k1_elgamal_pedersen_link_prove()
| int secp256k1_elgamal_pedersen_link_prove | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof, | ||
| const secp256k1_pubkey * | c1, | ||
| const secp256k1_pubkey * | c2, | ||
| const secp256k1_pubkey * | pk, | ||
| const secp256k1_pubkey * | pcm, | ||
| uint64_t | amount, | ||
| const unsigned char * | r, | ||
| const unsigned char * | rho, | ||
| const unsigned char * | context_id ) |
Proves the link between an ElGamal ciphertext and a Pedersen commitment.
- Formal Statement: Knowledge of (m, r, rho) such that: C1 = r*G, C2 = m*G + r*Pk, and PCm = m*G + rho*H.
- Parameters
-
ctx Pointer to a secp256k1 context object. proof [OUT] Pointer to 195-byte buffer for the proof output. c1 Pointer to the ElGamal C1 point (r*G). c2 Pointer to the ElGamal C2 point (m*G + r*Pk). pk Pointer to the recipient's public key. pcm Pointer to the Pedersen Commitment (m*G + rho*H). amount The plaintext amount (m). r The 32-byte secret ElGamal blinding factor. rho The 32-byte secret Pedersen blinding factor. context_id 32-byte unique transaction context identifier.
- Returns
- 1 on success, 0 on failure.
Definition at line 108 of file proof_link.c.
Here is the call graph for this function:
◆ secp256k1_elgamal_pedersen_link_verify()
| int secp256k1_elgamal_pedersen_link_verify | ( | const secp256k1_context * | ctx, |
| const unsigned char * | proof, | ||
| const secp256k1_pubkey * | c1, | ||
| const secp256k1_pubkey * | c2, | ||
| const secp256k1_pubkey * | pk, | ||
| const secp256k1_pubkey * | pcm, | ||
| const unsigned char * | context_id ) |
Verifies the link proof between ElGamal and Pedersen commitments.
- Returns
- 1 if the proof is valid, 0 otherwise.
Definition at line 212 of file proof_link.c.
Here is the call graph for this function:
◆ secp256k1_elgamal_subtract()
| SECP256K1_API int secp256k1_elgamal_subtract | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | diff_c1, | ||
| secp256k1_pubkey * | diff_c2, | ||
| const secp256k1_pubkey * | a_c1, | ||
| const secp256k1_pubkey * | a_c2, | ||
| const secp256k1_pubkey * | b_c1, | ||
| const secp256k1_pubkey * | b_c2 ) |
◆ secp256k1_elgamal_verify_encryption()
| int secp256k1_elgamal_verify_encryption | ( | const secp256k1_context * | ctx, |
| const secp256k1_pubkey * | c1, | ||
| const secp256k1_pubkey * | c2, | ||
| const secp256k1_pubkey * | pubkey_Q, | ||
| uint64_t | amount, | ||
| const unsigned char * | blinding_factor ) |
◆ secp256k1_equality_plaintext_prove()
| SECP256K1_API int secp256k1_equality_plaintext_prove | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof, | ||
| const secp256k1_pubkey * | c1, | ||
| const secp256k1_pubkey * | c2, | ||
| const secp256k1_pubkey * | pk_recipient, | ||
| uint64_t | amount, | ||
| const unsigned char * | randomness_r, | ||
| const unsigned char * | tx_context_id ) |
Generates a proof that an ElGamal ciphertext correctly encrypts a known plaintext m and that the prover knows the randomness r.
- Parameters
-
[in] ctx A pointer to a valid secp256k1 context object, initialized for signing. [out] proof A pointer to a 98-byte buffer to store the proof (T1 [33 bytes] || T2 [33 bytes] || s [32 bytes]). [in] c1 The C1 component of the ciphertext (r*G). [in] c2 The C2 component of the ciphertext (m*G + r*Pk). [in] pk_recipient The public key used for encryption. [in] amount The known plaintext value m. [in] randomness_r The 32-byte secret random scalar r used in encryption. [in] tx_context_id A 32-byte unique identifier for the transaction context.
- Returns
- 1 on success, 0 on failure.
Definition at line 115 of file equality_proof.c.
Here is the call graph for this function:
◆ secp256k1_equality_plaintext_verify()
| SECP256K1_API int secp256k1_equality_plaintext_verify | ( | const secp256k1_context * | ctx, |
| const unsigned char * | proof, | ||
| const secp256k1_pubkey * | c1, | ||
| const secp256k1_pubkey * | c2, | ||
| const secp256k1_pubkey * | pk_recipient, | ||
| uint64_t | amount, | ||
| const unsigned char * | tx_context_id ) |
Verifies a proof of knowledge of plaintext and randomness.
Checks if the proof correctly demonstrates that (C1, C2) encrypts m under pk_recipient.
- Parameters
-
[in] ctx A pointer to a valid secp256k1 context object, initialized for verification. [in] proof A pointer to the 98-byte proof to verify. [in] c1 The C1 component of the ciphertext. [in] c2 The C2 component of the ciphertext. [in] pk_recipient The public key used for encryption. [in] amount The known plaintext value m. [in] tx_context_id A 32-byte unique identifier for the transaction context.
- Returns
- 1 if the proof is valid, 0 otherwise.
Definition at line 181 of file equality_proof.c.
Here is the call graph for this function:
◆ secp256k1_mpt_get_generator_vector()
| int secp256k1_mpt_get_generator_vector | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | vec, | ||
| size_t | n, | ||
| const unsigned char * | label, | ||
| size_t | label_len ) |
Generates a vector of N independent NUMS generators.
- Used to populate the G_i and H_i vectors for Bulletproofs. Each point is derived deterministically from the provided label and its index.
- Parameters
-
ctx secp256k1 context. vec Array to store the resulting generators. n Number of generators to derive. label The label string ("G" or "H"). label_len Length of the label string.
- Returns
- 1 on success, 0 on failure.
Definition at line 124 of file commitments.c.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ secp256k1_mpt_get_h_generator()
| int secp256k1_mpt_get_h_generator | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | h ) |
Derives the secondary base point (H) for Pedersen commitments.
Get the standardized H generator for Pedersen Commitments
- This derives a NUMS point using the label "H" at index 0. This H is used alongside the standard generator G to form the commitment C = v*G + r*H. Using a NUMS point ensures that the discrete logarithm of H with respect to G is unknown.
- Parameters
-
ctx secp256k1 context. h The resulting H generator public key.
- Returns
- 1 on success, 0 on failure.
Definition at line 108 of file commitments.c.
Here is the call graph for this function:
Here is the caller graph for this function:
◆ secp256k1_mpt_pedersen_commit()
| int secp256k1_mpt_pedersen_commit | ( | const secp256k1_context * | ctx, |
| secp256k1_pubkey * | commitment, | ||
| uint64_t | amount, | ||
| const unsigned char * | rho ) |
Creates a Pedersen Commitment C = amount*G + rho*H.
Compute a Pedersen Commitment: PC = m*G + rho*H Returns 1 on success, 0 on failure.
- Parameters
-
ctx secp256k1 context. commitment Output commitment public key. amount The value to commit to. rho The blinding factor (randomness).
- Returns
- 1 on success, 0 on failure.
Definition at line 149 of file commitments.c.
Here is the call graph for this function:
◆ secp256k1_mpt_pok_sk_prove()
| int secp256k1_mpt_pok_sk_prove | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof, | ||
| const secp256k1_pubkey * | pk, | ||
| const unsigned char * | sk, | ||
| const unsigned char * | context_id ) |
Proof of Knowledge of Secret Key for Registration
Definition at line 92 of file proof_pok_sk.c.
Here is the call graph for this function:
◆ secp256k1_mpt_pok_sk_verify()
| int secp256k1_mpt_pok_sk_verify | ( | const secp256k1_context * | ctx, |
| const unsigned char * | proof, | ||
| const secp256k1_pubkey * | pk, | ||
| const unsigned char * | context_id ) |
◆ secp256k1_mpt_proof_equality_shared_r_size()
| size_t secp256k1_mpt_proof_equality_shared_r_size | ( | size_t | n | ) |
Returns the size of the serialized proof for N recipients. Size: (1 + N) * 33 bytes for points + 2 * 32 bytes for scalars.
Definition at line 61 of file proof_same_plaintext_multi_shared_r.c.
Here is the caller graph for this function:
◆ secp256k1_mpt_prove_equality_shared_r()
| int secp256k1_mpt_prove_equality_shared_r | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof_out, | ||
| uint64_t | amount, | ||
| const unsigned char * | r_shared, | ||
| size_t | n, | ||
| const secp256k1_pubkey * | C1, | ||
| const secp256k1_pubkey * | C2_vec, | ||
| const secp256k1_pubkey * | Pk_vec, | ||
| const unsigned char * | context_id ) |
Generates a proof that multiple ciphertexts encrypt the same amount m using the SAME shared randomness r.
Definition at line 123 of file proof_same_plaintext_multi_shared_r.c.
Here is the call graph for this function:
◆ secp256k1_mpt_prove_same_plaintext()
| SECP256K1_API int secp256k1_mpt_prove_same_plaintext | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof_out, | ||
| const secp256k1_pubkey * | R1, | ||
| const secp256k1_pubkey * | S1, | ||
| const secp256k1_pubkey * | P1, | ||
| const secp256k1_pubkey * | R2, | ||
| const secp256k1_pubkey * | S2, | ||
| const secp256k1_pubkey * | P2, | ||
| uint64_t | amount_m, | ||
| const unsigned char * | randomness_r1, | ||
| const unsigned char * | randomness_r2, | ||
| const unsigned char * | tx_context_id ) |
Generates a proof that two ciphertexts (under different keys) encrypt the same secret amount 'm'.
- Parameters
-
[in] ctx A pointer to a valid secp256k1 context. [out] proof_out A pointer to a 261-byte buffer to store the proof. [in] R1,S1,P1 The first ciphertext (R1, S1) and its public key (P1). [in] R2,S2,P2 The second ciphertext (R2, S2) and its public key (P2). [in] amount_m The secret common uint64_t plaintext value 'm'. [in] randomness_r1 The 32-byte secret random scalar 'r1' for C1. [in] randomness_r2 The 32-byte secret random scalar 'r2' for C2. [in] tx_context_id A 32-byte unique identifier for the transaction.
- Returns
- 1 on success, 0 on failure.
Definition at line 117 of file proof_same_plaintext.c.
Here is the call graph for this function:
◆ secp256k1_mpt_prove_same_plaintext_multi()
| SECP256K1_API int secp256k1_mpt_prove_same_plaintext_multi | ( | const secp256k1_context * | ctx, |
| unsigned char * | proof_out, | ||
| size_t * | proof_len, | ||
| uint64_t | amount_m, | ||
| size_t | n_ciphertexts, | ||
| const secp256k1_pubkey * | R_array, | ||
| const secp256k1_pubkey * | S_array, | ||
| const secp256k1_pubkey * | Pk_array, | ||
| const unsigned char * | r_array, | ||
| const unsigned char * | tx_context_id ) |
Generates a proof that N ciphertexts encrypt the same secret amount 'm'.
- Parameters
-
[in] ctx A pointer to a valid secp256k1 context. [out] proof_out A pointer to a buffer to store the proof. [in,out] proof_len Input: buffer size. Output: actual proof size. [in] amount_m The secret common uint64_t plaintext value 'm'. [in] n_ciphertexts The number (N) of ciphertexts. [in] R_array Array of N 'R' points (C1 components). [in] S_array Array of N 'S' points (C2 components). [in] Pk_array Array of N recipient public keys. [in] r_array Array of N 32-byte secret scalars (randomness). [in] tx_context_id 32-byte unique transaction identifier.
- Returns
- 1 on success, 0 on failure.
Definition at line 135 of file proof_same_plaintext_multi.c.
Here is the call graph for this function:
◆ secp256k1_mpt_prove_same_plaintext_multi_size()
| SECP256K1_API size_t secp256k1_mpt_prove_same_plaintext_multi_size | ( | size_t | n_ciphertexts | ) |
Calculates the expected proof size for a given number of ciphertexts.
Definition at line 130 of file proof_same_plaintext_multi.c.
Here is the caller graph for this function:
◆ secp256k1_mpt_scalar_add()
| void secp256k1_mpt_scalar_add | ( | unsigned char * | res, |
| const unsigned char * | a, | ||
| const unsigned char * | b ) |
◆ secp256k1_mpt_scalar_inverse()
| void secp256k1_mpt_scalar_inverse | ( | unsigned char * | res, |
| const unsigned char * | in ) |
◆ secp256k1_mpt_scalar_mul()
| void secp256k1_mpt_scalar_mul | ( | unsigned char * | res, |
| const unsigned char * | a, | ||
| const unsigned char * | b ) |
◆ secp256k1_mpt_scalar_negate()
| void secp256k1_mpt_scalar_negate | ( | unsigned char * | res, |
| const unsigned char * | in ) |
◆ secp256k1_mpt_scalar_reduce32()
| void secp256k1_mpt_scalar_reduce32 | ( | unsigned char | out32[32], |
| const unsigned char | in32[32] ) |
◆ secp256k1_mpt_verify_equality_shared_r()
| int secp256k1_mpt_verify_equality_shared_r | ( | const secp256k1_context * | ctx, |
| const unsigned char * | proof, | ||
| size_t | n, | ||
| const secp256k1_pubkey * | C1, | ||
| const secp256k1_pubkey * | C2_vec, | ||
| const secp256k1_pubkey * | Pk_vec, | ||
| const unsigned char * | context_id ) |
Verifies the proof of equality with shared randomness.
Definition at line 234 of file proof_same_plaintext_multi_shared_r.c.
Here is the call graph for this function:
◆ secp256k1_mpt_verify_same_plaintext()
| SECP256K1_API int secp256k1_mpt_verify_same_plaintext | ( | const secp256k1_context * | ctx, |
| const unsigned char * | proof, | ||
| const secp256k1_pubkey * | R1, | ||
| const secp256k1_pubkey * | S1, | ||
| const secp256k1_pubkey * | P1, | ||
| const secp256k1_pubkey * | R2, | ||
| const secp256k1_pubkey * | S2, | ||
| const secp256k1_pubkey * | P2, | ||
| const unsigned char * | tx_context_id ) |
Verifies a proof that two ciphertexts encrypt the same secret amount.
- Parameters
-
[in] ctx A pointer to a valid secp256k1 context. [in] proof A pointer to the 261-byte proof to verify. [in] R1,S1,P1 The first ciphertext (R1, S1) and its public key (P1). [in] R2,S2,P2 The second ciphertext (R2, S2) and its public key (P2). [in] tx_context_id A 32-byte unique identifier for the transaction.
- Returns
- 1 if the proof is valid, 0 otherwise.
Definition at line 201 of file proof_same_plaintext.c.
Here is the call graph for this function:
◆ secp256k1_mpt_verify_same_plaintext_multi()
| SECP256K1_API int secp256k1_mpt_verify_same_plaintext_multi | ( | const secp256k1_context * | ctx, |
| const unsigned char * | proof, | ||
| size_t | proof_len, | ||
| size_t | n_ciphertexts, | ||
| const secp256k1_pubkey * | R_array, | ||
| const secp256k1_pubkey * | S_array, | ||
| const secp256k1_pubkey * | Pk_array, | ||
| const unsigned char * | tx_context_id ) |
Verifies a proof that N ciphertexts encrypt the same secret amount.
Definition at line 250 of file proof_same_plaintext_multi.c.
Here is the call graph for this function:
