Struct private_currency::crypto::Commitment

pub struct Commitment { /* fields omitted */ }

Pedersen commitment to an integer value.

Theory

A Pedersen commitment has the form (in the additive notation)

Comm(x; r) = xG + rH,

where

• G and H are two generators in a prime-order group Q, with unknown discrete logarithm relationships among them (i.e., nobody knows k such as G = kH)
• x is the committed value (it’s a residue class modulo the group order |Q|, but we may essentially treat it as an integer)
• r is the blinding factor (also a residue class modulo the group order |Q|). Usually, it’s chosen randomly from a cryptographically secure RNG.

Q, G and H are public parameters of the scheme shared among all commitments, while x and r are private. (x, r) is called an opening to the commitment; knowing the opening, it’s easy to check if it corresponds to the given commitment.

Under common security assumptions, a Pedersen commitment is

• perfectly hiding (a party not knowing x and r cannot find them out from Comm(..)), and
• computationally binding (a party cannot produce (x', r') != (x, r) such that they will open to the same commitment).

Commitment arithmetic

It is possible to add and subtract Pedersen commitments; the result is a commitment to the sum / difference of corresponding values. This fact is what allows using commitments in private currency.

Implementation details

We use a Ristretto group built on top of Curve25519 as Q. Generators G and H are constructed according to the default scheme in the bulletproofs implementation.

Examples

let (mut commitment, mut opening) = Commitment::new(42);
assert_eq!(opening.value, 42);
assert_eq!(commitment, Commitment::from_opening(&opening));

let (other_commitment, other_opening) = Commitment::new(23);
commitment -= other_commitment;
opening -= other_opening;
assert_eq!(opening.value, 19);
assert_eq!(commitment, Commitment::from_opening(&opening));

Methods

impl Commitment

pub fn new(value: u64) -> (Self, Opening)

Creates a commitment with a randomly chosen blinding.

Return value

Returns the created commitment and the corresponding opening for it.

pub fn from_opening(opening: &Opening) -> Self

Creates a commitment from the given opening.

pub fn with_no_blinding(value: u64) -> Self

Creates a commitment with no blinding factor.

Warning. The commitments created in this way are not hiding. Use them only if you know what you’re doing.

pub fn from_slice(slice: &[u8]) -> Option<Self>

Attempts to deserialize a commitment from byte slice.

pub fn to_bytes(&self) -> Vec<u8>

Serializes this commitment to bytes.

Implementation details

The commitment is serialized as a single compressed Ristretto point (i.e., 32 bytes).

pub fn verify(&self, opening: &Opening) -> bool

Verifies if this commitment corresponds to the provided opening.

Trait Implementations

impl Clone for Commitment

fn clone(&self) -> Commitment

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Eq for Commitment

impl PartialEq<Commitment> for Commitment

fn eq(&self, other: &Commitment) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Commitment) -> bool

This method tests for !=.

impl Debug for Commitment

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Sub<Commitment> for Commitment

type Output = Commitment

The resulting type after applying the - operator.

fn sub(self, rhs: Self) -> Commitment

Performs the - operation.

impl<'a, 'b> Sub<&'b Commitment> for &'a Commitment

type Output = Commitment

The resulting type after applying the - operator.

fn sub(self, rhs: &'b Commitment) -> Commitment

Performs the - operation.

impl Add<Commitment> for Commitment

type Output = Commitment

The resulting type after applying the + operator.

fn add(self, rhs: Self) -> Commitment

Performs the + operation.

impl<'a, 'b> Add<&'b Commitment> for &'a Commitment

type Output = Commitment

The resulting type after applying the + operator.

fn add(self, rhs: &'b Commitment) -> Commitment

Performs the + operation.

impl SubAssign<Commitment> for Commitment

fn sub_assign(&mut self, rhs: Self)

Performs the -= operation.

impl ExonumJson for Commitment

fn deserialize_field<B: WriteBufferWrapper>(     value: &Value,     buffer: &mut B,     from: u32,     to: u32 ) -> Result<(), Box<dyn Error>>

write deserialized field in buffer on place.

fn serialize_field(&self) -> Result<Value, Box<dyn Error + Send + Sync>>

serialize field as json::Value

impl<'a> Field<'a> for Commitment

fn field_size() -> u32

Field's header size.

unsafe fn read(buffer: &'a [u8], from: u32, to: u32) -> Self

Read Field from buffer, with given position, beware of memory unsafety, you should check Field before read.

fn write(&self, buffer: &mut Vec<u8>, from: u32, to: u32)

Write Field to buffer, in given position write doesn't lead to memory unsafety.

fn check(     buffer: &'a [u8],     from: CheckedOffset,     to: CheckedOffset,     latest_segment: CheckedOffset ) -> CheckResult

Checks if data in the buffer could be deserialized. Returns an index of latest data seen. Default implementation simply checks that the length of segment equals field size.

impl FromHex for Commitment

type Error = String

fn from_hex<T: AsRef<[u8]>>(hex: T) -> Result<Self, Self::Error>

Creates an instance of type Self from the given hex string, or fails with a custom error type.

impl CryptoHash for Commitment

fn hash(&self) -> Hash

Returns a hash of the value.

impl StorageValue for Commitment

fn into_bytes(self) -> Vec<u8>

Serialize a value into a vector of bytes.

fn from_bytes(value: Cow<[u8]>) -> Self

Deserialize a value from bytes.