Add Bulletproof rewind functionality

This is closely modelled on Grin's solution, but using two private keys: - Interfaces: - create a rewindable ZK proof with up to 23 bytes additional embedded proof data - extract the value and 23 bytes proof data only - extract the value, blinding factor and 23 bytes proof data - Required: - two rewind nonces, based on two public rewind keys and the value commitment - two blinding nonces, based on the two private rewind keys and the value commitment - Use: - the two rewind nonces are used to extract the value and 23 bytes embedded proof data - the two rewind nonces and two blinding nonces are used to extract the value, blinding factor and 23 bytes embedded proof data
dalek-cryptography · Jan 8, 2021 · 2337fb9 · 2337fb9
1 parent 464acb7
commit 2337fb9
Show file tree

Hide file tree

Showing 6 changed files with 1,030 additions and 13 deletions.
diff --git a/src/errors.rs b/src/errors.rs
@@ -45,6 +45,18 @@ pub enum ProofError {
     /// consider its errors to be internal errors.
     #[cfg_attr(feature = "std", error("Internal error during proof creation: {0}"))]
     ProvingError(MPCError),
+    /// This error results from trying to rewind a proof with the wrong rewind nonce
+    #[cfg_attr(
+        feature = "std",
+        error("Rewinding the proof failed, invalid commitment extracted")
+    )]
+    InvalidCommitmentExtracted,
+    /// This error results from trying to rewind a proof with an invalid rewind key separator
+    #[cfg_attr(
+        feature = "std",
+        error("Trying to rewind a proof with the wrong rewind key separator")
+    )]
+    InvalidRewindKeySeparator,
 }
 
 impl From<MPCError> for ProofError {

diff --git a/src/lib.rs b/src/lib.rs
@@ -31,7 +31,8 @@ mod notes {
 mod errors;
 mod generators;
 mod inner_product_proof;
-mod range_proof;
+// TODO: Do not expose `range_proof` publicly
+pub mod range_proof;
 mod transcript;
 
 pub use crate::errors::ProofError;