package octez-libs

  1. Overview
  2. Docs
package octez-libs
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module Tezos_sapling.RustzcashSource

include Rustzcash_sig.T
Sourcetype ask
Sourcetype ak
Sourcetype nsk
Sourcetype nk
Sourcetype ovk
Sourcetype diversifier
Sourcetype pkd
Sourcetype nullifier
Sourcetype commitment
Sourcetype epk
Sourcetype symkey
Sourcetype sighash
Sourcetype spend_sig
Sourcetype hash
Sourcetype cv
Sourcetype rk
Sourcetype spend_proof
Sourcetype binding_sig
Sourcetype output_proof
Sourcetype ivk
Sourcetype ar
Sourcetype rcm
Sourcetype esk
Sourcetype diversifier_index
Sourceval compare_diversifier_index : diversifier_index -> diversifier_index -> int
Sourcetype expanded_spending_key = {
  1. ask : ask;
  2. nsk : nsk;
  3. ovk : ovk;
}
Sourcetype zip32_expanded_spending_key = {
  1. depth : Bytes.t;
  2. parent_fvk_tag : Bytes.t;
  3. child_index : Bytes.t;
  4. chain_code : Bytes.t;
  5. expsk : expanded_spending_key;
  6. dk : Bytes.t;
}
Sourcetype full_viewing_key = {
  1. ak : ak;
  2. nk : nk;
  3. ovk : ovk;
}
Sourcetype zip32_full_viewing_key = {
  1. depth : Bytes.t;
  2. parent_fvk_tag : Bytes.t;
  3. child_index : Bytes.t;
  4. chain_code : Bytes.t;
  5. fvk : full_viewing_key;
  6. dk : Bytes.t;
}
Sourceval to_nk : Bytes.t -> nk
Sourceval to_ak : Bytes.t -> ak
Sourceval to_ask : Bytes.t -> ask
Sourceval to_nsk : Bytes.t -> nsk
Sourceval to_pkd : Bytes.t -> pkd
Sourceval to_ovk : Bytes.t -> ovk
Sourceval to_nullifier : Bytes.t -> nullifier
Sourceval to_commitment : Bytes.t -> commitment
Sourceval to_symkey : Bytes.t -> symkey
Sourceval to_epk : Bytes.t -> epk
Sourceval to_spend_sig : Bytes.t -> spend_sig
Sourceval to_hash : Bytes.t -> hash
Sourceval to_cv : Bytes.t -> cv
Sourceval to_rk : Bytes.t -> rk
Sourceval to_spend_proof : Bytes.t -> spend_proof
Sourceval to_output_proof : Bytes.t -> output_proof
Sourceval to_sighash : Bytes.t -> sighash
Sourceval to_binding_sig : Bytes.t -> binding_sig
Sourceval to_diversifier : Bytes.t -> diversifier option
Sourceval to_diversifier_index : Bytes.t -> diversifier_index
Sourceval to_ar : Bytes.t -> ar
Sourceval to_rcm : Bytes.t -> rcm
Sourceval to_esk : Bytes.t -> esk
Sourceval to_ivk : Bytes.t -> ivk
Sourceval to_expanded_spending_key : Bytes.t -> expanded_spending_key
Sourceval to_zip32_expanded_spending_key : Bytes.t -> zip32_expanded_spending_key
Sourceval to_full_viewing_key : Bytes.t -> full_viewing_key
Sourceval to_zip32_full_viewing_key : Bytes.t -> zip32_full_viewing_key
Sourceval of_nk : nk -> Bytes.t
Sourceval of_ak : ak -> Bytes.t
Sourceval of_ask : ask -> Bytes.t
Sourceval of_nsk : nsk -> Bytes.t
Sourceval of_pkd : pkd -> Bytes.t
Sourceval of_ovk : ovk -> Bytes.t
Sourceval of_nullifier : nullifier -> Bytes.t
Sourceval of_commitment : commitment -> Bytes.t
Sourceval of_symkey : symkey -> Bytes.t
Sourceval of_epk : epk -> Bytes.t
Sourceval of_spend_sig : spend_sig -> Bytes.t
Sourceval of_hash : hash -> Bytes.t
Sourceval of_cv : cv -> Bytes.t
Sourceval of_rk : rk -> Bytes.t
Sourceval of_spend_proof : spend_proof -> Bytes.t
Sourceval of_output_proof : output_proof -> Bytes.t
Sourceval of_sighash : sighash -> Bytes.t
Sourceval of_binding_sig : binding_sig -> Bytes.t
Sourceval of_diversifier : diversifier -> Bytes.t
Sourceval of_diversifier_index : diversifier_index -> Bytes.t
Sourceval of_ar : ar -> Bytes.t
Sourceval of_rcm : rcm -> Bytes.t
Sourceval of_esk : esk -> Bytes.t
Sourceval of_ivk : ivk -> Bytes.t
Sourceval of_expanded_spending_key : expanded_spending_key -> Bytes.t
Sourceval of_zip32_expanded_spending_key : zip32_expanded_spending_key -> Bytes.t
Sourceval of_full_viewing_key : full_viewing_key -> Bytes.t
Sourceval of_zip32_full_viewing_key : zip32_full_viewing_key -> Bytes.t
Sourceval hash_compare : hash -> hash -> int
Sourceval hash_of_commitment : commitment -> hash
Sourceval commitment_of_hash : hash -> commitment
Sourceval max_amount : int64
Sourceval valid_position : int64 -> bool

In principle the definition of a valid position depends on the data structure that holds it, so it should be defined in storage.ml. However librustzcash imposes a particular tree structure of depth 32, so we hardcode it here.

Sourceval valid_amount : int64 -> bool
Sourceval valid_balance : int64 -> bool
Sourceexception Params_not_found of string list

Raised by init_params if it failed to find parameters.

The string list is the list of locations where they were looked up.

Sourcetype parameter_files = {
  1. spend_path : string;
  2. output_path : string;
}

Location of parameter files for our instance of Groth16.

We are only using and loading sapling parameters.

Sourceval find_params : ?getenv_opt:(string -> string option) -> ?getcwd:(unit -> string) -> ?file_exists:(string -> bool) -> unit -> parameter_files

Find parameter files.

The parameters are searched in:

  • $XDG_DATA_HOME/.local/share/zcash-params;
  • $XDG_DATA_DIRS/zcash-params (splitting on the : character);
  • $OPAM_SWITCH_PREFIX/share/zcash-params;
  • _opam/share/zcash-params;
  • $HOME/.zcash-params;
  • $HOME/.local/share/zcash-params;
  • /usr/local/share/zcash-params;
  • /usr/share/zcash-params; in this order.

This function uses getenv_opt, getcwd and file_exists from the Sys module. You can use the corresponding optional arguments to override their behavior, for instance with a mock for testing purposes.

  • raises Params_not_found

    if parameters could not be found at any of those locations.

Sourceval init_params : unit -> unit

Load parameter files.

  • raises Params_not_found

    if parameters could not be found (see find_params for information regarding how parameter files are looked up).

Sourceval nsk_to_nk : nsk -> nk

Derives the nullifier pk corresponding to a nullifier sk

Sourceval ask_to_ak : ask -> ak

Derives the spending/signing pk corresponding to a secret spending/signing sk

Sourceval crh_ivk : ak -> nk -> ivk

Derives the incoming viewing key

Sourceval check_diversifier : diversifier -> bool

Checks that a potential diversifier respects the needed properties

Sourceval ivk_to_pkd : ivk -> diversifier -> pkd

Computes a diversified pk that the payee gives to the payer offline.

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval generate_r : unit -> Bytes.t

Gives a random scalar

Sourceval compute_nf : diversifier -> pkd -> amount:int64 -> rcm -> ak -> nk -> position:int64 -> nullifier

Computes a nullifier. The first int64 is the amount of the note, the second is the position you want it inserted in. The rcm should be the same as the one to compute cm and the spend or output proof, and should be generated using generate_r.

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval compute_cm : diversifier -> pkd -> amount:int64 -> rcm -> commitment

Computes a commitment. The int64 is the amount, and the rcm is the same than for the nullifier and output or spend proof. It should be generated at random using generate_r.

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval ka_agree_sender : pkd -> esk -> symkey

Computes the shared secret of a Diffie Hellman key exchange (on the JubJub curve) with base depending on the diversifier. For the sender the epk is the pkd of the receiver, the esk was generated by him using generate_r. For the receiver the epk is the one published by the sender, and the secret is his ivk.

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval ka_agree_receiver : epk -> ivk -> symkey
Sourceval ka_derivepublic : diversifier -> esk -> epk

Computes the ephemeral pk from the ephemeral sk for a Diffie Hellman key exchange. This is used by the sender. The esk should be generated using generate_r

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval spend_sig : ask -> ar -> sighash -> spend_sig

Creates the spend sig for an input. The sighash argument is the hash of the input ie. cv,cm,... This has to be generated using generate_r

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourcetype proving_ctx
Sourceval proving_ctx_init : unit -> proving_ctx

Creates and frees a proving context. The proving context has to be created before creating proofs for inputs and outputs. It is then used to create the binding sig, and freed. It is a rust pointer to a scalar and an elliptic curve point

Sourceval proving_ctx_free : proving_ctx -> unit
Sourceval with_proving_ctx : (proving_ctx -> 'a) -> 'a

Evaluates a function that needs a proving context. This function takes care of allocating and freeing it. The context should not escape the scope of the given function and should not be freed during its execution.

Sourceval make_binding_sig : proving_ctx -> balance:int64 -> sighash -> binding_sig

Creates the binding signature for a transaction. It is effectively a zk proof that the sum of the amounts of a list of inputs and outputs is the same as the given balance. The necessary information is stored in the proving context when creating the proofs for inputs and outputs. The proving context has to be freed after calling this function.

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval output_proof : proving_ctx -> esk -> diversifier -> pkd -> rcm -> amount:int64 -> cv * output_proof

Creates proof and sig for an output

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval spend_proof : proving_ctx -> ak -> nsk -> diversifier -> rcm -> ar -> amount:int64 -> root:hash -> witness:Bytes.t -> cv * rk * spend_proof

Creates the zk proof and sig for an input. The first is the same as the one for the commitment and nullifier. The second one is the same as for the binding sig. This function can panic (e.g. if the arguments are not coherent).

  • raises Assert_failure

    if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval to_scalar : Bytes.t -> Bytes.t

Reduces mod r_j, takes a 64 bytes input

Sourcetype verification_ctx
Sourceval verification_ctx_init : unit -> verification_ctx

Creates and frees a verifying context. The proving context has to be created before verifying proofs the inputs and outputs. It is then used to verify the binding sig, and freed. It is a rust pointer to an elliptic curve point

Sourceval verification_ctx_free : verification_ctx -> unit
Sourceval with_verification_ctx : (verification_ctx -> 'a) -> 'a

Evaluates a function that needs a verification context. This function takes care of allocating and freeing it. The context should not escape the scope of the given function and should not be freed during its execution.

Sourceval check_output : verification_ctx -> cv -> commitment -> epk -> output_proof -> bool
Sourceval check_spend : verification_ctx -> cv -> hash -> nullifier -> rk -> spend_proof -> spend_sig -> sighash -> bool
Sourceval merkle_hash : height:int -> hash -> hash -> hash
Sourceval tree_uncommitted : hash
Sourceval final_check : verification_ctx -> int64 -> binding_sig -> sighash -> bool
Sourceval zip32_xsk_master : Bytes.t -> zip32_expanded_spending_key
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct