Substitute Deserialize* nodes with deserialized subtrees We can estimate cost of the tree evaluation only after this step.
Substitute Deserialize* nodes with deserialized subtrees We can estimate cost of the tree evaluation only after this step.
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given.
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given. Useful for distributed signature applications.
See DistributedSigSpecification for examples of usage.
- context used to reduce the proposition
- public key (in form of a sigma-tree)
- signature for the key
- public keys of secrets with real proofs
- public keys of secrets with simulated proofs
- bag of OtherSecretProven and OtherCommitment hints
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given.
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given. Useful for distributed signature applications.
See DistributedSigSpecification for examples of usage.
- context used to reduce the proposition
- proposition to reduce
- proof for reduced proposition
- public keys of secrets with real proofs
- public keys of secrets with simulated proofs
- bag of OtherSecretProven and OtherCommitment hints
Verifier Step 4: For every leaf node, compute the commitment a from the challenge e and response $z$, per the verifier algorithm of the leaf's Sigma-protocol.
Verifier Step 4: For every leaf node, compute the commitment a from the challenge e and response $z$, per the verifier algorithm of the leaf's Sigma-protocol. If the verifier algorithm of the Sigma-protocol for any of the leaves rejects, then reject the entire proof.
Deserializes given script bytes using ValueSerializer (i.e.
Deserializes given script bytes using ValueSerializer (i.e. assuming expression tree format).
It also measures tree complexity adding to the total estimated cost of script execution.
The new returned context contains increased initCost
and should be used for further processing.
The method SHOULD be called only inside trySoftForkable scope, to make deserialization soft-forkable.
NOTE: While ErgoTree is always of type SigmaProp, ValueSerializer can serialize expression of any type. So it cannot be replaced with ErgoTreeSerializer here.
Full reduction of initial expression given in the ErgoTree form to a SigmaBoolean value (which encodes whether a sigma-protocol proposition or a boolean value, so true or false).
Full reduction of initial expression given in the ErgoTree form to a SigmaBoolean value (which encodes whether a sigma-protocol proposition or a boolean value, so true or false).
Works as follows: 1) parse ErgoTree instance into a typed AST 2) go bottom-up the tree to replace DeserializeContext nodes only 3) estimate cost and reduce the AST to a SigmaBoolean instance (so sigma-tree or trivial boolean value)
- input ErgoTree expression to reduce
- context used in reduction
- script environment
sigma boolean and the updated cost counter after reduction
A method which is is generating commitments for all the public keys provided.
A method which is is generating commitments for all the public keys provided.
Currently only keys in form of ProveDlog and ProveDiffieHellman are supported, not more complex subtrees.
- crypto-tree
- public keys for which commitments should be generated
generated commitments (private, containing secret randomness, and public, containing only commitments)
Generate commitments for a given ergoTree (mixed-tree) and public keys.
Generate commitments for a given ergoTree (mixed-tree) and public keys.
First, the given tree is to be reduced to crypto-tree (sigma-tree) by using context provided.
Extracts proposition for ErgoTree handing soft-fork condition.
Extracts proposition for ErgoTree handing soft-fork condition.
soft-fork handler
This method is used in both prover and verifier to compute SigmaBoolean value.
This method is used in both prover and verifier to compute SigmaBoolean value.
As the first step the cost of computing the exp
expression in the given context is estimated.
If cost is above limit
then exception is returned and exp
is not executed
else exp
is computed in the given context and the resulting SigmaBoolean returned.
the context in which exp
should be executed
environment of system variables used by the interpreter internally
expression to be executed in the given context
result of script reduction
ReductionResult
call back to setup new context (with updated cost limit) to be passed next time
Executes the script in a given context.
Executes the script in a given context.
Step 1: Deserialize context variables
Step 2: Evaluate expression and produce SigmaProp value, which is zero-knowledge statement (see also SigmaBoolean
).
Step 3: Verify that the proof is presented to satisfy SigmaProp conditions.
environment of system variables used by the interpreter internally
ErgoTree expression to execute in the given context and verify its result
the context in which exp
should be executed
The proof of knowledge of the secrets which is expected by the resulting SigmaProp
message bytes, which are used in verification of the proof
verification result or Exception.
If if the estimated cost of execution of the exp
exceeds the limit (given in context
),
then exception if thrown and packed in Try.
If left component is false, then:
1) script executed to false or
2) the given proof failed to validate resulting SigmaProp conditions.
reduceToCrypto
Verify a signature on given (arbitrary) message for a given public key.
Verify a signature on given (arbitrary) message for a given public key.
- public key (represented as a tree)
- message
- signature for the message
- whether signature is valid or not