Skip to content
Aptos Documentation

sigma_protocol_proof - [devnet]

 
use 0x1::option;
use 0x1::ristretto255;
use 0x1::sigma_protocol_witness;
use 0x1::vector;

Constants

When creating a Proof, the # of commitment points must match the # of compressed commitment points.

const E_MISMATCHED_NUMBER_OF_COMPRESSED_POINTS: u64 = 1;

Structs

Proof

A sigma protocol proof always consists of:

  1. a commitment AGmA \in \mathbb{G}^m
  2. a compressed commitment (redundant, for faster Fiat-Shamir)
  3. a response σFk\sigma \in \mathbb{F}^k
struct Proof has drop
Fields
comm_A: vector<ristretto255::RistrettoPoint>
compressed_comm_A: vector<ristretto255::CompressedRistretto>
resp_sigma: vector<ristretto255::Scalar>

Functions

new_proof

Creates a new proof consisting of the commitment AGmA \in \mathbb{G}^m and the scalars σFk\sigma \in \mathbb{F}^k.

public(friend) fun new_proof(_A: vector<ristretto255::RistrettoPoint>, compressed_A: vector<ristretto255::CompressedRistretto>, sigma: vector<ristretto255::Scalar>): sigma_protocol_proof::Proof
Implementation 
public(friend) fun new_proof(
    _A: vector<RistrettoPoint>,
    compressed_A: vector<CompressedRistretto>,
    sigma: vector<Scalar>
): Proof {
    assert!(_A.length() == compressed_A.length(), error::invalid_argument(E_MISMATCHED_NUMBER_OF_COMPRESSED_POINTS));


    Proof {
        comm_A: _A,
        compressed_comm_A: compressed_A,
        resp_sigma: sigma,
    }
}

new_proof_from_bytes

Deserializes the elliptic curve points and scalars and then calls new_proof.

public(friend) fun new_proof_from_bytes(_A_bytes: vector<vector<u8>>, sigma_bytes: vector<vector<u8>>): sigma_protocol_proof::Proof
Implementation 
public(friend) fun new_proof_from_bytes(
    _A_bytes: vector<vector<u8>>,
    sigma_bytes: vector<vector<u8>>
): Proof {
    let (_A, compressed_A) = sigma_protocol_utils::deserialize_points(_A_bytes);


    new_proof(_A, compressed_A, sigma_protocol_utils::deserialize_scalars(sigma_bytes))
}

response_to_witness

Returns a Witness with the w field set to the proof’s σ\sigma field. This is needed during proof verification: when calling the homomorphism on the Proof’s σ\sigma, it expects a Witness not a vector<Scalar>.

public(friend) fun response_to_witness(self: &sigma_protocol_proof::Proof): sigma_protocol_witness::Witness
Implementation 
public(friend) fun response_to_witness(self: &Proof): Witness {
    new_secret_witness(self.resp_sigma)
}

get_commitment

public(friend) fun get_commitment(self: &sigma_protocol_proof::Proof): &vector<ristretto255::RistrettoPoint>
Implementation 
public(friend) fun get_commitment(self: &Proof): &vector<RistrettoPoint> {
    &self.comm_A
}

get_compressed_commitment

public(friend) fun get_compressed_commitment(self: &sigma_protocol_proof::Proof): &vector<ristretto255::CompressedRistretto>
Implementation 
public(friend) fun get_compressed_commitment(self: &Proof): &vector<CompressedRistretto> {
    &self.compressed_comm_A
}

get_response_length

public(friend) fun get_response_length(self: &sigma_protocol_proof::Proof): u64
Implementation 
public(friend) fun get_response_length(self: &Proof): u64 {
    self.resp_sigma.length()
}