4 * @brief Commitment and CommitmentProof classes for the Zerocoin library.
6 * @author Ian Miers, Christina Garman and Matthew Green
9 * @copyright Copyright 2013 Ian Miers, Christina Garman and Matthew Green
10 * @license This project is released under the MIT license.
17 #include "../serialize.h"
19 // We use a SHA256 hash for our PoK challenges. Update the following
20 // if we ever change hash functions.
21 #define COMMITMENT_EQUALITY_CHALLENGE_SIZE 256
23 // A 512-bit security parameter for the statistical ZK PoK.
24 #define COMMITMENT_EQUALITY_SECMARGIN 512
26 namespace libzerocoin {
29 * A commitment, complete with contents and opening randomness.
30 * These should remain secret. Publish only the commitment value.
34 /**Generates a Pedersen commitment to the given value.
36 * @param p the group parameters for the coin
37 * @param value the value to commit to
39 Commitment(const IntegerGroupParams* p, const Bignum& value);
40 const Bignum& getCommitmentValue() const;
41 const Bignum& getRandomness() const;
42 const Bignum& getContents() const;
44 const IntegerGroupParams *params;
45 Bignum commitmentValue;
47 const Bignum contents;
50 READWRITE(commitmentValue);
51 READWRITE(randomness);
56 /**Proof that two commitments open to the same value.
59 class CommitmentProofOfKnowledge {
61 CommitmentProofOfKnowledge(const IntegerGroupParams* ap, const IntegerGroupParams* bp);
62 /** Generates a proof that two commitments, a and b, open to the same value.
64 * @param ap the IntegerGroup for commitment a
65 * @param bp the IntegerGroup for commitment b
66 * @param a the first commitment
67 * @param b the second commitment
69 CommitmentProofOfKnowledge(const IntegerGroupParams* aParams, const IntegerGroupParams* bParams, const Commitment& a, const Commitment& b);
70 //FIXME: is it best practice that this is here?
71 template<typename Stream>
72 CommitmentProofOfKnowledge(const IntegerGroupParams* aParams,
73 const IntegerGroupParams* bParams, Stream& strm): ap(aParams), bp(bParams)
78 const Bignum calculateChallenge(const Bignum& a, const Bignum& b, const Bignum &commitOne, const Bignum &commitTwo) const;
82 * @return true if the proof is valid.
84 /**Verifies the proof of equality of the two commitments
86 * @param A value of commitment one
87 * @param B value of commitment two
90 bool Verify(const Bignum& A, const Bignum& B) const;
99 const IntegerGroupParams *ap, *bp;
101 Bignum S1, S2, S3, challenge;
104 } /* namespace libzerocoin */
105 #endif /* COMMITMENT_H_ */