sigma_rs::traits

Trait SigmaProtocol

pub trait SigmaProtocol {
    type Commitment;
    type ProverState;
    type Response;
    type Witness;
    type Challenge;

    // Required methods
    fn prover_commit(
        &self,
        witness: &Self::Witness,
        rng: &mut (impl Rng + CryptoRng),
    ) -> Result<(Self::Commitment, Self::ProverState), Error>;
    fn prover_response(
        &self,
        state: Self::ProverState,
        challenge: &Self::Challenge,
    ) -> Result<Self::Response, Error>;
    fn verifier(
        &self,
        commitment: &Self::Commitment,
        challenge: &Self::Challenge,
        response: &Self::Response,
    ) -> Result<(), Error>;
    fn serialize_commitment(&self, commitment: &Self::Commitment) -> Vec<u8> ⓘ;
    fn serialize_challenge(&self, challenge: &Self::Challenge) -> Vec<u8> ⓘ;
    fn serialize_response(&self, response: &Self::Response) -> Vec<u8> ⓘ;
    fn deserialize_commitment(
        &self,
        data: &[u8],
    ) -> Result<Self::Commitment, Error>;
    fn deserialize_challenge(
        &self,
        data: &[u8],
    ) -> Result<Self::Challenge, Error>;
    fn deserialize_response(&self, data: &[u8]) -> Result<Self::Response, Error>;
    fn protocol_identifier(&self) -> impl AsRef<[u8]>;
    fn instance_label(&self) -> impl AsRef<[u8]>;
}

Expand description

A trait defining the behavior of a generic Sigma protocol.

A Sigma protocol is a 3-message proof protocol where a prover can convince a verifier of knowledge of a witness for a given public statement without revealing the witness.

§Associated Types

Commitment: The prover’s initial commitment.
ProverState: The prover’s internal state needed to compute a response.
Response: The prover’s response to a verifier’s challenge.
Witness: The prover’s secret knowledge.
Challenge: The verifier’s challenge value.

§Minimal Implementation

Types implementing SigmaProtocol must define:

prover_commit — Generates a commitment and internal state.
prover_response — Computes a response to a challenge.
verifier — Verifies a full transcript (commitment, challenge, response).

§Serialization

Implementors must also provide methods for serialization and deserialization of each component of the proof. Required methods:

serialize_commitment / deserialize_commitment
serialize_challenge / deserialize_challenge
serialize_response / deserialize_response

These functions should encode/decode each component into/from a compact binary format.

§Identification

To allow transcript hash binding and protocol distinction, implementors must provide:

protocol_identifier — A fixed byte identifier of the protocol.
instance_label — A label specific to the instance being proven.

Required Associated Types§

type Commitment

type ProverState

type Response

type Witness

type Challenge

Required Methods§

fn prover_commit( &self, witness: &Self::Witness, rng: &mut (impl Rng + CryptoRng), ) -> Result<(Self::Commitment, Self::ProverState), Error>

First step of the protocol. Given the witness and RNG, this generates:

A public commitment to send to the verifier.
The internal state to use when computing the response.

fn prover_response( &self, state: Self::ProverState, challenge: &Self::Challenge, ) -> Result<Self::Response, Error>

Computes the prover’s response to a challenge based on the prover state.

fn verifier( &self, commitment: &Self::Commitment, challenge: &Self::Challenge, response: &Self::Response, ) -> Result<(), Error>

Final step of the protocol: checks that the commitment, challenge, and response form a valid transcript.

Returns:

Ok(()) if the transcript is valid.
Err(()) otherwise.

fn serialize_commitment(&self, commitment: &Self::Commitment) -> Vec<u8> ⓘ

Serializes a commitment to bytes.

fn serialize_challenge(&self, challenge: &Self::Challenge) -> Vec<u8> ⓘ

Serializes a challenge to bytes.

fn serialize_response(&self, response: &Self::Response) -> Vec<u8> ⓘ

Serializes a response to bytes.

fn deserialize_commitment(&self, data: &[u8]) -> Result<Self::Commitment, Error>

Deserializes a commitment from bytes.

fn deserialize_challenge(&self, data: &[u8]) -> Result<Self::Challenge, Error>

Deserializes a challenge from bytes.

fn deserialize_response(&self, data: &[u8]) -> Result<Self::Response, Error>

Deserializes a response from bytes.

fn protocol_identifier(&self) -> impl AsRef<[u8]>

fn instance_label(&self) -> impl AsRef<[u8]>

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§

impl<G> SigmaProtocol for SchnorrProof<G>
where G: Group + GroupEncoding,

type Commitment = Vec<G>

type ProverState = (Vec<<G as Group>::Scalar>, Vec<<G as Group>::Scalar>)

type Response = Vec<<G as Group>::Scalar>

type Witness = Vec<<G as Group>::Scalar>

type Challenge = <G as Group>::Scalar

impl<G: Group + GroupEncoding> SigmaProtocol for Protocol<G>

type Commitment = ProtocolCommitment<G>

type ProverState = ProtocolProverState<G>

type Response = ProtocolResponse<G>

type Witness = ProtocolWitness<G>

type Challenge = <SchnorrProof<G> as SigmaProtocol>::Challenge