-
Notifications
You must be signed in to change notification settings - Fork 5
/
commitment.go
67 lines (51 loc) · 1.34 KB
/
commitment.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package ozcoin
import (
"crypto/elliptic"
"math/big"
)
var (
CURVE = elliptic.P256()
H = computeH()
)
type Commitment struct {
ECCPoint
RangeProof
}
func RangeCommit(amt uint64, targetBlind *big.Int) Commitment {
rp := RangeSign(amt, targetBlind)
x, y := &big.Int{}, &big.Int{}
for i := uint64(0); i < RANGE_PROOF_LENGTH; i++ {
pk := rp.PKs[i][0]
x, y = CURVE.Params().Add(x, y, pk.X, pk.Y)
}
return Commitment{
ECCPoint: ECCPoint{x, y},
RangeProof: rp,
}
}
func computeH() ECCPoint {
hx, hy := CURVE.Params().ScalarBaseMult(big.NewInt(11235).Bytes())
if !CURVE.Params().IsOnCurve(hx, hy) {
panic("hx, hy is not on the curve")
}
return ECCPoint{hx, hy}
}
func PedersenSum(blind, amt []byte) ECCPoint {
return PedersenSumPK(blind, amt, H)
}
func PedersenSumPK(blind, amt []byte, pk ECCPoint) ECCPoint {
xGx, xGy := CURVE.Params().ScalarBaseMult(blind)
ePx, ePy := CURVE.Params().ScalarMult(pk.X, pk.Y, amt)
x, y := CURVE.Params().Add(xGx, xGy, ePx, ePy)
return ECCPoint{x, y}
}
func PedersenDiff(blind, amt []byte) ECCPoint {
return PedersenDiffPK(blind, amt, H)
}
func PedersenDiffPK(blind, amt []byte, pk ECCPoint) ECCPoint {
xGx, xGy := CURVE.Params().ScalarBaseMult(blind)
ePx, ePy := CURVE.Params().ScalarMult(pk.X, pk.Y, amt)
ePy.Neg(ePy)
x, y := CURVE.Params().Add(xGx, xGy, ePx, ePy)
return ECCPoint{x, y}
}