ristretto255_pedersen - [mainnet]
This module implements a Pedersen commitment API, over the Ristretto255 curve, that can be used with the Bulletproofs module.
A Pedersen commitment to a value v under commitment key (g, h) is v * g + r * h, for a random scalar r.
use 0x1::option;use 0x1::ristretto255;Constants
The default Pedersen randomness base h used in our underlying Bulletproofs library.
This is obtained by hashing the compressed Ristretto255 basepoint using SHA3-512 (not SHA2-512).
const BULLETPROOF_DEFAULT_PEDERSEN_RAND_BASE: vector<u8> = [140, 146, 64, 180, 86, 169, 230, 220, 101, 195, 119, 161, 4, 141, 116, 95, 148, 160, 140, 219, 127, 68, 203, 205, 123, 70, 243, 64, 72, 135, 17, 52];Structs
Commitment
A Pedersen commitment to some value with some randomness.
struct Commitment has dropFields
-
point: ristretto255::RistrettoPoint
Functions
new_commitment_from_bytes
Creates a new public key from a serialized Ristretto255 point.
public fun new_commitment_from_bytes(bytes: vector<u8>): option::Option<ristretto255_pedersen::Commitment>Implementation
public fun new_commitment_from_bytes(bytes: vector<u8>): Option<Commitment> { let point = ristretto255::new_point_from_bytes(bytes); if (point.is_some()) { let comm = Commitment { point: point.extract() }; std::option::some(comm) } else { std::option::none<Commitment>() }}commitment_to_bytes
Returns a commitment as a serialized byte array
public fun commitment_to_bytes(comm: &ristretto255_pedersen::Commitment): vector<u8>Implementation
public fun commitment_to_bytes(comm: &Commitment): vector<u8> { ristretto255::point_to_bytes(&ristretto255::point_compress(&comm.point))}commitment_from_point
Moves a Ristretto point into a Pedersen commitment.
public fun commitment_from_point(point: ristretto255::RistrettoPoint): ristretto255_pedersen::CommitmentImplementation
public fun commitment_from_point(point: RistrettoPoint): Commitment { Commitment { point }}commitment_from_compressed
Deserializes a commitment from a compressed Ristretto point.
public fun commitment_from_compressed(point: &ristretto255::CompressedRistretto): ristretto255_pedersen::CommitmentImplementation
public fun commitment_from_compressed(point: &CompressedRistretto): Commitment { Commitment { point: ristretto255::point_decompress(point) }}new_commitment
Returns a commitment v * val_base + r * rand_base where (val_base, rand_base) is the commitment key.
public fun new_commitment(v: &ristretto255::Scalar, val_base: &ristretto255::RistrettoPoint, r: &ristretto255::Scalar, rand_base: &ristretto255::RistrettoPoint): ristretto255_pedersen::CommitmentImplementation
public fun new_commitment(v: &Scalar, val_base: &RistrettoPoint, r: &Scalar, rand_base: &RistrettoPoint): Commitment { Commitment { point: ristretto255::double_scalar_mul(v, val_base, r, rand_base) }}new_commitment_with_basepoint
Returns a commitment v * G + r * rand_base where G is the Ristretto255 basepoint.
public fun new_commitment_with_basepoint(v: &ristretto255::Scalar, r: &ristretto255::Scalar, rand_base: &ristretto255::RistrettoPoint): ristretto255_pedersen::CommitmentImplementation
public fun new_commitment_with_basepoint(v: &Scalar, r: &Scalar, rand_base: &RistrettoPoint): Commitment { Commitment { point: ristretto255::basepoint_double_mul(r, rand_base, v) }}new_commitment_for_bulletproof
Returns a commitment v * G + r * H where G is the Ristretto255 basepoint and H is the default randomness
base used in the Bulletproofs library (i.e., BULLETPROOF_DEFAULT_PEDERSEN_RAND_BASE).
public fun new_commitment_for_bulletproof(v: &ristretto255::Scalar, r: &ristretto255::Scalar): ristretto255_pedersen::CommitmentImplementation
public fun new_commitment_for_bulletproof(v: &Scalar, r: &Scalar): Commitment { let rand_base = ristretto255::new_point_from_bytes(BULLETPROOF_DEFAULT_PEDERSEN_RAND_BASE); let rand_base = rand_base.extract();
Commitment { point: ristretto255::basepoint_double_mul(r, &rand_base, v) }}commitment_add
Homomorphically combines two commitments lhs and rhs as lhs + rhs.
Useful for re-randomizing the commitment or updating the committed value.
public fun commitment_add(lhs: &ristretto255_pedersen::Commitment, rhs: &ristretto255_pedersen::Commitment): ristretto255_pedersen::CommitmentImplementation
public fun commitment_add(lhs: &Commitment, rhs: &Commitment): Commitment { Commitment { point: ristretto255::point_add(&lhs.point, &rhs.point) }}commitment_add_assign
Like commitment_add but assigns lhs = lhs + rhs.
public fun commitment_add_assign(lhs: &mut ristretto255_pedersen::Commitment, rhs: &ristretto255_pedersen::Commitment)Implementation
public fun commitment_add_assign(lhs: &mut Commitment, rhs: &Commitment) { ristretto255::point_add_assign(&mut lhs.point, &rhs.point);}commitment_sub
Homomorphically combines two commitments lhs and rhs as lhs - rhs.
Useful for re-randomizing the commitment or updating the committed value.
public fun commitment_sub(lhs: &ristretto255_pedersen::Commitment, rhs: &ristretto255_pedersen::Commitment): ristretto255_pedersen::CommitmentImplementation
public fun commitment_sub(lhs: &Commitment, rhs: &Commitment): Commitment { Commitment { point: ristretto255::point_sub(&lhs.point, &rhs.point) }}commitment_sub_assign
Like commitment_add but assigns lhs = lhs - rhs.
public fun commitment_sub_assign(lhs: &mut ristretto255_pedersen::Commitment, rhs: &ristretto255_pedersen::Commitment)Implementation
public fun commitment_sub_assign(lhs: &mut Commitment, rhs: &Commitment) { ristretto255::point_sub_assign(&mut lhs.point, &rhs.point);}commitment_clone
Creates a copy of this commitment.
public fun commitment_clone(c: &ristretto255_pedersen::Commitment): ristretto255_pedersen::CommitmentImplementation
public fun commitment_clone(c: &Commitment): Commitment { Commitment { point: ristretto255::point_clone(&c.point) }}commitment_equals
Returns true if the two commitments are identical: i.e., same value and same randomness.
public fun commitment_equals(lhs: &ristretto255_pedersen::Commitment, rhs: &ristretto255_pedersen::Commitment): boolImplementation
public fun commitment_equals(lhs: &Commitment, rhs: &Commitment): bool { ristretto255::point_equals(&lhs.point, &rhs.point)}commitment_as_point
Returns the underlying elliptic curve point representing the commitment as an in-memory RistrettoPoint.
public fun commitment_as_point(c: &ristretto255_pedersen::Commitment): &ristretto255::RistrettoPointImplementation
public fun commitment_as_point(c: &Commitment): &RistrettoPoint { &c.point}commitment_as_compressed_point
Returns the Pedersen commitment as a CompressedRistretto point.
public fun commitment_as_compressed_point(c: &ristretto255_pedersen::Commitment): ristretto255::CompressedRistrettoImplementation
public fun commitment_as_compressed_point(c: &Commitment): CompressedRistretto { point_compress(&c.point)}commitment_into_point
Moves the Commitment into a CompressedRistretto point.
public fun commitment_into_point(c: ristretto255_pedersen::Commitment): ristretto255::RistrettoPointImplementation
public fun commitment_into_point(c: Commitment): RistrettoPoint { let Commitment { point } = c; point}commitment_into_compressed_point
Moves the Commitment into a CompressedRistretto point.
public fun commitment_into_compressed_point(c: ristretto255_pedersen::Commitment): ristretto255::CompressedRistrettoImplementation
public fun commitment_into_compressed_point(c: Commitment): CompressedRistretto { point_compress(&c.point)}randomness_base_for_bulletproof
Returns the randomness base compatible with the Bulletproofs module.
Recal that a Bulletproof range proof attests, in zero-knowledge, that a value v inside a Pedersen commitment
v * g + r * h is sufficiently “small” (e.g., is 32-bits wide). Here, h is referred to as the
“randomness base” of the commitment scheme.
Bulletproof has a default choice for g and h and this function returns the default h as used in the
Bulletproofs Move module.
public fun randomness_base_for_bulletproof(): ristretto255::RistrettoPointImplementation
public fun randomness_base_for_bulletproof(): RistrettoPoint { ristretto255::new_point_from_bytes(BULLETPROOF_DEFAULT_PEDERSEN_RAND_BASE).extract()}