ProverInterpreter
Related Doc:
package interpreter
The cost of Value[T] deserialization is O(n), where n is the length of its bytes array.
The cost of Value[T] deserialization is O(n), where n is the length of its bytes array. To evaluate DeserializeContext and sigmastate.utxo.DeserializeRegister we add the following cost of deserialization for each byte.
The cost of substituting DeserializeContext and sigmastate.utxo.DeserializeRegister nodes with the deserialized expression is O(n), where n is the number of bytes in ErgoTree.
The cost of substituting DeserializeContext and sigmastate.utxo.DeserializeRegister nodes with the deserialized expression is O(n), where n is the number of bytes in ErgoTree. The following is the cost added for each ErgoTree.bytes.
Adds the cost to verify sigma protocol proposition.
Adds the cost to verify sigma protocol proposition. This is AOT part of JITC-based interpreter, it predicts the cost of crypto verification, which is asymptotically much faster and protects from spam scripts.
result of JIT-based reduction
total cost limit to check and raise exception if exceeded
computed jitRes.cost + crypto verification cost
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given.
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given. Useful for distributed signature applications.
See DistributedSigSpecification for examples of usage.
- context used to reduce the proposition
- public key (in form of a sigma-tree)
- signature for the key
- public keys of secrets with real proofs
- public keys of secrets with simulated proofs
- bag of OtherSecretProven and OtherCommitment hints
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given.
A method which is extracting partial proofs of secret knowledge for particular secrets with their respective public images given. Useful for distributed signature applications.
See DistributedSigSpecification for examples of usage.
- context used to reduce the proposition
- proposition to reduce
- proof for reduced proposition
- public keys of secrets with real proofs
- public keys of secrets with simulated proofs
- bag of OtherSecretProven and OtherCommitment hints
Checks the possible soft-fork condition.
Checks the possible soft-fork condition.
contract which needs to be executed
evaluation context to use for detecting soft-fork condition
None, if no soft-fork has been detected and ErgoTree execution can proceed normally
Some(true -> context.initCost), if soft-fork has been detected, but we
cannot proceed with ErgoTree, however can accept relying on 90% of upgraded
nodes (due to activation has already been done).
InterpreterException when cannot proceed and no activation yet.
Deserializes given script bytes using ValueSerializer (i.e.
Deserializes given script bytes using ValueSerializer (i.e. assuming expression tree format).
It also measures tree complexity adding to the total estimated cost of script execution.
The new returned context contains increased initCost and should be used for further processing.
The method SHOULD be called only inside trySoftForkable scope, to make deserialization soft-forkable.
NOTE: While ErgoTree is always of type SigmaProp, ValueSerializer can serialize expression of any type. So it cannot be replaced with ErgoTreeSerializer here.
Evaluation settings used by ErgoTreeEvaluator which is used by this interpreter to perform fullReduction.
Evaluation settings used by ErgoTreeEvaluator which is used by this interpreter to perform fullReduction.
Full reduction of contract proposition given in the ErgoTree form to a SigmaBoolean value which encodes either a sigma-protocol proposition or a boolean (true or false) value.
Full reduction of contract proposition given in the ErgoTree form to a SigmaBoolean value which encodes either a sigma-protocol proposition or a boolean (true or false) value. See other overload for details.
Full reduction of contract proposition given in the ErgoTree form to a SigmaBoolean value which encodes either a sigma-protocol proposition or a boolean (true or false) value.
Full reduction of contract proposition given in the ErgoTree form to a SigmaBoolean value which encodes either a sigma-protocol proposition or a boolean (true or false) value.
Works as follows: 1) parse ErgoTree instance into a typed AST 2) go bottom-up the tree to replace DeserializeContext nodes only 3) estimate cost and reduce the AST to a SigmaBoolean instance (either sigma-tree or trivial boolean value)
input ErgoTree expression to reduce
context used in reduction
script environment
reduction result as a pair of sigma boolean and the accumulated cost counter after reduction
Generate commitments for given crypto-tree (sigma-tree) for prover's secrets.
Generate commitments for given ergo tree for prover's secrets.
Generate commitments for given ergo tree for prover's secrets. The prover is reducing the given tree to crypto-tree by using the given context, and then generates commitments.
A method which is is generating commitments for all the public keys provided.
A method which is is generating commitments for all the public keys provided.
Currently only keys in form of ProveDlog and ProveDiffieHellman are supported, not more complex subtrees.
- crypto-tree
- public keys for which commitments should be generated
generated commitments (private, containing secret randomness, and public, containing only commitments)
Generate commitments for a given ergoTree (mixed-tree) and public keys.
Generate commitments for a given ergoTree (mixed-tree) and public keys.
First, the given tree is to be reduced to crypto-tree (sigma-tree) by using context provided.
Logs the given message string.
Logs the given message string. Can be overridden in the derived interpreter classes to redefine the default behavior.
Prover Step 1: This step will mark as "real" every node for which the prover can produce a real proof.
Prover Step 1: This step will mark as "real" every node for which the prover can produce a real proof. This step may mark as "real" more nodes than necessary if the prover has more than the minimal necessary number of witnesses (for example, more than one child of an OR). This will be corrected in the next step. In a bottom-up traversal of the tree, do the following for each node:
Prover Step 3: This step will change some "real" nodes to "simulated" to make sure each node has the right number of simulated children.
Prover Step 3: This step will change some "real" nodes to "simulated" to make sure each node has the right number of simulated children. Also, children will get proper position set during this step. In a top-down traversal of the tree, do the following for each node:
Extracts proposition for ErgoTree handing soft-fork condition.
Extracts proposition for ErgoTree handing soft-fork condition.
soft-fork handler
The comments in this section are taken from the algorithm for the Sigma-protocol prover as described in the ErgoScript white-paper https://ergoplatform.org/docs/ErgoScript.pdf , Appendix A
The comments in this section are taken from the algorithm for the Sigma-protocol prover as described in the ErgoScript white-paper https://ergoplatform.org/docs/ErgoScript.pdf , Appendix A
Prover Step 9: Perform a top-down traversal of only the portion of the tree marked "real" in order to compute the challenge e for every node marked "real" below the root and, additionally, the response z for every leaf marked "real"
Public keys of prover's secrets.
Public keys of prover's secrets. This operation can be costly if there are many secrets the prover knows, consider re-implementation of this field then.
This method uses the new JIT costing with direct ErgoTree execution.
This method uses the new JIT costing with direct ErgoTree execution. It is used in
both prover and verifier to compute SigmaProp value.
As the first step the cost of computing the exp expression in the given context is
estimated.
If cost is above limit then exception is returned and exp is not executed
else exp is computed in the given context and the resulting SigmaBoolean returned.
the context in which exp should be executed
environment of system variables used by the interpreter internally
expression to be executed in the given context
result of script reduction
ReductionResult
Set positions for children of a unproven inner node (conjecture, so AND/OR/THRESHOLD)
Set positions for children of a unproven inner node (conjecture, so AND/OR/THRESHOLD)
Sign arbitrary message under a key representing a statement provable via a sigma-protocol.
Sign arbitrary message under a key representing a statement provable via a sigma-protocol.
- public key
- message to sign
- additional hints for a signer (useful for distributed signing)
- signature or error
Prover Step 4: In a top-down traversal of the tree, compute the challenges e for simulated children of every node Prover Step 5: For every leaf marked "simulated", use the simulator of the Sigma-protocol for that leaf to compute the commitment $a$ and the response z, given the challenge e that is already stored in the leaf.
Prover Step 4: In a top-down traversal of the tree, compute the challenges e for simulated children of every node Prover Step 5: For every leaf marked "simulated", use the simulator of the Sigma-protocol for that leaf to compute the commitment $a$ and the response z, given the challenge e that is already stored in the leaf. Prover Step 6: For every leaf marked "real", use the first prover step of the Sigma-protocol for that leaf to compute the commitment a.
call back to setup new context (with updated cost limit) to be passed next time
Executes the script in a given context.
Executes the script in a given context.
Step 1: Deserialize context variables
Step 2: Evaluate expression and produce SigmaProp value, which is zero-knowledge
statement (see also SigmaBoolean).
Step 3: Verify that the proof is presented to satisfy SigmaProp conditions.
NOTE, ergoTree.complexity is not added to the cost when v5.0 is activated
environment of system variables used by the interpreter internally
ErgoTree expression to execute in the given context and verify its result
the context in which exp should be executed
The proof of knowledge of the secrets which is expected by the resulting SigmaProp
message bytes, which are used in verification of the proof
verification result or Exception.
If if the estimated cost of execution of the exp exceeds the limit (given
in context), then exception if thrown and packed in Try.
If the first component is false, then:
1) script executed to false or
2) the given proof failed to validate resulting SigmaProp conditions.
reduceToCrypto
Verify a signature on given (arbitrary) message for a given public key.
Verify a signature on given (arbitrary) message for a given public key.
public key (represented as a tree)
message
signature for the message
optional evaluator (can be null) which is used for profiling of operations.
When E is null, then profiling is turned-off and has no effect on
the execution.
whether signature is valid or not
Interpreter with enhanced functionality to prove statements.