README
¶
Commitments
Interfaces and utilities for commitment schemes plus concrete hash-based and Pedersen implementations.
Overview
- Core interfaces:
Committer,Verifier,Scheme, andReRandomisableCommitment. - Generic helpers allow swapping in different schemes while keeping a consistent API.
- Subpackages:
hash: simple HMAC-based commitments over random nonces.pedersen: homomorphic Pedersen commitments over prime-order groups.
Key Concepts
Message: plaintext being committed.Witness: randomness that hides the message.Commitment: the resulting binding/hiding value.Scheme: bundles the committer, verifier, and key/CRS.
Usage
- Pick a scheme and construct it with its key/CRS.
- Obtain a
Committerviascheme.Committer()and callCommit(orCommitWithWitness). - Verify using
scheme.Verifier().Verify(commitment, message, witness). - For schemes that support it, use
ReRandomiseto reblind commitments without changing the message.
Documentation
¶
Overview ¶
Package commitments provides interfaces and utilities for commitment schemes plus concrete hash-based and Pedersen implementations.
See README.md for details.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var (
ErrVerificationFailed = errs.New("verification failed")
)
Functions ¶
This section is empty.
Types ¶
type Commitment ¶
Commitment is the opaque commitment value.
type Committer ¶
type Committer[W Witness, M Message, C Commitment[C]] interface { // Commit samples fresh randomness and commits to a message, returning the commitment and witness. Commit(message M, prng io.Reader) (C, W, error) // CommitWithWitness commits to a message using caller-supplied witness randomness. CommitWithWitness(message M, W W) (C, error) }
Committer produces commitments from messages (and optionally supplied witnesses).
type CommitterOption ¶
type CommitterOption[ COM Committer[W, M, C], W Witness, M Message, C Commitment[C], ] = func(COM) error
CommitterOption is a functional option for configuring committers.
type GenericVerifier ¶
type GenericVerifier[T Committer[W, M, C], W Witness, M Message, C Commitment[C]] struct { // contains filtered or unexported fields }
func NewGenericVerifier ¶
func NewGenericVerifier[T Committer[W, M, C], W Witness, M Message, C Commitment[C]](committer T) *GenericVerifier[T, W, M, C]
func (*GenericVerifier[T, W, M, C]) Verify ¶
func (v *GenericVerifier[T, W, M, C]) Verify(commitment C, message M, witness W) error
Verify verifies correctness of the commitment.
type GroupHomomorphicScheme ¶
type GroupHomomorphicScheme[ K Key, W interface { Witness algebra.HomomorphicLike[W, WT] }, WT algebra.UintLike[WT], M interface { Message algebra.HomomorphicLike[M, MT] }, MT algebra.UintLike[MT], C interface { Commitment[C] algebra.HomomorphicLike[C, CT] algebra.Actable[C, M] }, CT algebra.AbelianGroupElement[CT, WT], CO Committer[W, M, C], VF Verifier[W, M, C], G algebra.AbelianGroup[CT, WT], ] interface { HomomorphicScheme[K, W, WT, M, MT, C, CT, CO, VF] // Group exposes the group structure. Group() G }
type HomomorphicScheme ¶
type HomomorphicScheme[ K Key, W interface { Witness algebra.HomomorphicLike[W, WT] }, WT algebra.GroupElement[WT], M interface { Message algebra.HomomorphicLike[M, MT] }, MT algebra.GroupElement[MT], C interface { Commitment[C] algebra.HomomorphicLike[C, CT] algebra.Actable[C, M] }, CT algebra.GroupElement[CT], CO Committer[W, M, C], VF Verifier[W, M, C], ] Scheme[K, W, M, C, CO, VF]
type ReRandomisableCommitment ¶
type ReRandomisableCommitment[C Commitment[C], W Witness, K Key] interface { Commitment[C] // ReRandomiseWithWitness re-randomises an existing commitment using caller-supplied witness shift. ReRandomiseWithWitness(K, W) (C, error) // ReRandomise re-randomises an existing commitment using fresh randomness shift. ReRandomise(K, io.Reader) (C, W, error) }
ReRandomisableCommitment supports re-randomisation of an existing commitment.
type Scheme ¶
type Scheme[K Key, W Witness, M Message, C Commitment[C], COM Committer[W, M, C], VF Verifier[W, M, C]] interface { // Name returns the identifier of the commitment scheme. Name() Name // Committer returns a committer configured with the scheme. Committer(...CommitterOption[COM, W, M, C]) (COM, error) // Verifier returns a verifier compatible with commitments produced by the scheme. Verifier(...VerifierOption[VF, W, M, C]) (VF, error) // Key exposes the scheme key. Key() K }
Scheme exposes a commitment protocol with its committer, verifier, and key material.
type Verifier ¶
type Verifier[W Witness, M Message, C Commitment[C]] interface { // Verify checks commitments against provided messages and witnesses. Verify(commitment C, message M, witness W) error }
Verifier checks commitments against messages and witnesses.
type VerifierOption ¶
type VerifierOption[ VF Verifier[W, M, C], W Witness, M Message, C Commitment[C], ] = func(VF) error
VerifierOption is a functional option for configuring verifiers.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package hash_comm provides a simple, non-homomorphic commitment scheme built from a keyed BLAKE2b-256 hash (HMAC-style).
|
Package hash_comm provides a simple, non-homomorphic commitment scheme built from a keyed BLAKE2b-256 hash (HMAC-style). |
|
Package indcpacom implements a commitment scheme based on IND-CPA secure encryption.
|
Package indcpacom implements a commitment scheme based on IND-CPA secure encryption. |
|
Package pedersen provides pedersen commitments are perfectly hiding and computationally binding.
|
Package pedersen provides pedersen commitments are perfectly hiding and computationally binding. |
Click to show internal directories.
Click to hide internal directories.