Module `Tezos_sapling.Rustzcash`Source

include Rustzcash_sig.T

Sourcetype ask

Sourcetype ak

Sourcetype nsk

Sourcetype nk

Sourcetype ovk

Sourcetype diversifier

Sourcetype pkd

Sourcetype nullifier

Sourcetype commitment

Sourcetype epk

Sourcetype symkey

Sourcetype sighash

Sourcetype spend_sig

Sourcetype hash

Sourcetype cv

Sourcetype rk

Sourcetype spend_proof

Sourcetype binding_sig

Sourcetype output_proof

Sourcetype ivk

Sourcetype ar

Sourcetype rcm

Sourcetype esk

Sourcetype diversifier_index

Sourceval compare_diversifier_index : diversifier_index -> diversifier_index -> int

Sourcetype expanded_spending_key = {

ask : ask;
nsk : nsk;
ovk : ovk;

}

Sourcetype zip32_expanded_spending_key = {

depth : Bytes.t;
parent_fvk_tag : Bytes.t;
child_index : Bytes.t;
chain_code : Bytes.t;
expsk : expanded_spending_key;
dk : Bytes.t;

}

Sourcetype full_viewing_key = {

ak : ak;
nk : nk;
ovk : ovk;

}

Sourcetype zip32_full_viewing_key = {

depth : Bytes.t;
parent_fvk_tag : Bytes.t;
child_index : Bytes.t;
chain_code : Bytes.t;
fvk : full_viewing_key;
dk : Bytes.t;

}

Sourceval to_nk : Bytes.t -> nk

Sourceval to_ak : Bytes.t -> ak

Sourceval to_ask : Bytes.t -> ask

Sourceval to_nsk : Bytes.t -> nsk

Sourceval to_pkd : Bytes.t -> pkd

Sourceval to_ovk : Bytes.t -> ovk

Sourceval to_nullifier : Bytes.t -> nullifier

Sourceval to_commitment : Bytes.t -> commitment

Sourceval to_symkey : Bytes.t -> symkey

Sourceval to_epk : Bytes.t -> epk

Sourceval to_spend_sig : Bytes.t -> spend_sig

Sourceval to_hash : Bytes.t -> hash

Sourceval to_cv : Bytes.t -> cv

Sourceval to_rk : Bytes.t -> rk

Sourceval to_spend_proof : Bytes.t -> spend_proof

Sourceval to_output_proof : Bytes.t -> output_proof

Sourceval to_sighash : Bytes.t -> sighash

Sourceval to_binding_sig : Bytes.t -> binding_sig

Sourceval to_diversifier : Bytes.t -> diversifier option

Sourceval to_diversifier_index : Bytes.t -> diversifier_index

Sourceval to_ar : Bytes.t -> ar

Sourceval to_rcm : Bytes.t -> rcm

Sourceval to_esk : Bytes.t -> esk

Sourceval to_ivk : Bytes.t -> ivk

Sourceval to_expanded_spending_key : Bytes.t -> expanded_spending_key

Sourceval to_zip32_expanded_spending_key : Bytes.t -> zip32_expanded_spending_key

Sourceval to_full_viewing_key : Bytes.t -> full_viewing_key

Sourceval to_zip32_full_viewing_key : Bytes.t -> zip32_full_viewing_key

Sourceval of_nk : nk -> Bytes.t

Sourceval of_ak : ak -> Bytes.t

Sourceval of_ask : ask -> Bytes.t

Sourceval of_nsk : nsk -> Bytes.t

Sourceval of_pkd : pkd -> Bytes.t

Sourceval of_ovk : ovk -> Bytes.t

Sourceval of_nullifier : nullifier -> Bytes.t

Sourceval of_commitment : commitment -> Bytes.t

Sourceval of_symkey : symkey -> Bytes.t

Sourceval of_epk : epk -> Bytes.t

Sourceval of_spend_sig : spend_sig -> Bytes.t

Sourceval of_hash : hash -> Bytes.t

Sourceval of_cv : cv -> Bytes.t

Sourceval of_rk : rk -> Bytes.t

Sourceval of_spend_proof : spend_proof -> Bytes.t

Sourceval of_output_proof : output_proof -> Bytes.t

Sourceval of_sighash : sighash -> Bytes.t

Sourceval of_binding_sig : binding_sig -> Bytes.t

Sourceval of_diversifier : diversifier -> Bytes.t

Sourceval of_diversifier_index : diversifier_index -> Bytes.t

Sourceval of_ar : ar -> Bytes.t

Sourceval of_rcm : rcm -> Bytes.t

Sourceval of_esk : esk -> Bytes.t

Sourceval of_ivk : ivk -> Bytes.t

Sourceval of_expanded_spending_key : expanded_spending_key -> Bytes.t

Sourceval of_zip32_expanded_spending_key : zip32_expanded_spending_key -> Bytes.t

Sourceval of_full_viewing_key : full_viewing_key -> Bytes.t

Sourceval of_zip32_full_viewing_key : zip32_full_viewing_key -> Bytes.t

Sourceval hash_compare : hash -> hash -> int

Sourceval hash_of_commitment : commitment -> hash

Sourceval commitment_of_hash : hash -> commitment

Sourceval max_amount : int64

Sourceval valid_position : int64 -> bool

In principle the definition of a valid position depends on the data structure that holds it, so it should be defined in storage.ml. However librustzcash imposes a particular tree structure of depth 32, so we hardcode it here.

Sourceval valid_amount : int64 -> bool

Sourceval valid_balance : int64 -> bool

Sourceexception Params_not_found of string list

Raised by init_params if it failed to find parameters.

The string list is the list of locations where they were looked up.

Sourcetype parameter_files = {

spend_path : string;
output_path : string;

}

Location of parameter files for our instance of Groth16.

We are only using and loading sapling parameters.

Source

val find_params : 
  ?getenv_opt:(string -> string option) ->
  ?getcwd:(unit -> string) ->
  ?file_exists:(string -> bool) ->
  unit ->
  parameter_files

Find parameter files.

The parameters are searched in:

$XDG_DATA_HOME/.local/share/zcash-params;
$XDG_DATA_DIRS/zcash-params (splitting on the : character);
$OPAM_SWITCH_PREFIX/share/zcash-params;
_opam/share/zcash-params;
$HOME/.zcash-params;
$HOME/.local/share/zcash-params;
/usr/local/share/zcash-params;
/usr/share/zcash-params; in this order.

This function uses getenv_opt, getcwd and file_exists from the Sys module. You can use the corresponding optional arguments to override their behavior, for instance with a mock for testing purposes.

raises Params_not_found
if parameters could not be found at any of those locations.

Sourceval init_params : unit -> unit

Load parameter files.

raises Params_not_found
if parameters could not be found (see find_params for information regarding how parameter files are looked up).

Sourceval nsk_to_nk : nsk -> nk

Derives the nullifier pk corresponding to a nullifier sk

Sourceval ask_to_ak : ask -> ak

Derives the spending/signing pk corresponding to a secret spending/signing sk

Sourceval crh_ivk : ak -> nk -> ivk

Derives the incoming viewing key

Sourceval check_diversifier : diversifier -> bool

Checks that a potential diversifier respects the needed properties

Sourceval ivk_to_pkd : ivk -> diversifier -> pkd

Computes a diversified pk that the payee gives to the payer offline.

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval generate_r : unit -> Bytes.t

Gives a random scalar

Source

val compute_nf : 
  diversifier ->
  pkd ->
  amount:int64 ->
  rcm ->
  ak ->
  nk ->
  position:int64 ->
  nullifier

Computes a nullifier. The first int64 is the amount of the note, the second is the position you want it inserted in. The rcm should be the same as the one to compute cm and the spend or output proof, and should be generated using generate_r.

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval compute_cm : diversifier -> pkd -> amount:int64 -> rcm -> commitment

Computes a commitment. The int64 is the amount, and the rcm is the same than for the nullifier and output or spend proof. It should be generated at random using generate_r.

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval ka_agree_sender : pkd -> esk -> symkey

Computes the shared secret of a Diffie Hellman key exchange (on the JubJub curve) with base depending on the diversifier. For the sender the epk is the pkd of the receiver, the esk was generated by him using generate_r. For the receiver the epk is the one published by the sender, and the secret is his ivk.

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval ka_agree_receiver : epk -> ivk -> symkey

Sourceval ka_derivepublic : diversifier -> esk -> epk

Computes the ephemeral pk from the ephemeral sk for a Diffie Hellman key exchange. This is used by the sender. The esk should be generated using generate_r

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval spend_sig : ask -> ar -> sighash -> spend_sig

Creates the spend sig for an input. The sighash argument is the hash of the input ie. cv,cm,... This has to be generated using generate_r

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourcetype proving_ctx

Sourceval proving_ctx_init : unit -> proving_ctx

Creates and frees a proving context. The proving context has to be created before creating proofs for inputs and outputs. It is then used to create the binding sig, and freed. It is a rust pointer to a scalar and an elliptic curve point

Sourceval proving_ctx_free : proving_ctx -> unit

Sourceval with_proving_ctx : (proving_ctx -> 'a) -> 'a

Evaluates a function that needs a proving context. This function takes care of allocating and freeing it. The context should not escape the scope of the given function and should not be freed during its execution.

Sourceval make_binding_sig : proving_ctx -> balance:int64 -> sighash -> binding_sig

Creates the binding signature for a transaction. It is effectively a zk proof that the sum of the amounts of a list of inputs and outputs is the same as the given balance. The necessary information is stored in the proving context when creating the proofs for inputs and outputs. The proving context has to be freed after calling this function.

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Source

val output_proof : 
  proving_ctx ->
  esk ->
  diversifier ->
  pkd ->
  rcm ->
  amount:int64 ->
  cv * output_proof

Creates proof and sig for an output

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Source

val spend_proof : 
  proving_ctx ->
  ak ->
  nsk ->
  diversifier ->
  rcm ->
  ar ->
  amount:int64 ->
  root:hash ->
  witness:Bytes.t ->
  cv * rk * spend_proof

Creates the zk proof and sig for an input. The first is the same as the one for the commitment and nullifier. The second one is the same as for the binding sig. This function can panic (e.g. if the arguments are not coherent).

raises Assert_failure
if the underlying binding in rust indicates a failure, which only happens if the arguments are not valid representations for their expected type, which can only happen if there's an error in the constructors for these abstract types.

Sourceval to_scalar : Bytes.t -> Bytes.t

Reduces mod r_j, takes a 64 bytes input

Sourcetype verification_ctx

Sourceval verification_ctx_init : unit -> verification_ctx

Creates and frees a verifying context. The proving context has to be created before verifying proofs the inputs and outputs. It is then used to verify the binding sig, and freed. It is a rust pointer to an elliptic curve point

Sourceval verification_ctx_free : verification_ctx -> unit

Sourceval with_verification_ctx : (verification_ctx -> 'a) -> 'a

Evaluates a function that needs a verification context. This function takes care of allocating and freeing it. The context should not escape the scope of the given function and should not be freed during its execution.

Source

val check_output : 
  verification_ctx ->
  cv ->
  commitment ->
  epk ->
  output_proof ->
  bool

Source

val check_spend : 
  verification_ctx ->
  cv ->
  hash ->
  nullifier ->
  rk ->
  spend_proof ->
  spend_sig ->
  sighash ->
  bool

Sourceval merkle_hash : height:int -> hash -> hash -> hash

Sourceval tree_uncommitted : hash

Sourceval final_check : verification_ctx -> int64 -> binding_sig -> sighash -> bool

Sourceval zip32_xsk_master : Bytes.t -> zip32_expanded_spending_key

Source

val zip32_xfvk_address : 
  zip32_full_viewing_key ->
  diversifier_index ->
  (diversifier_index * diversifier * pkd) option

Source

val zip32_xsk_derive : 
  zip32_expanded_spending_key ->
  Int32.t ->
  zip32_expanded_spending_key

Source

val zip32_xfvk_derive : 
  zip32_full_viewing_key ->
  Int32.t ->
  zip32_full_viewing_key

Install

Dune Dependency

Authors

Maintainers

Sources

doc/octez-libs.tezos-sapling/Tezos_sapling/Rustzcash/index.html

Module `Tezos_sapling.Rustzcash`Source

package octez-libs

Install

Dune Dependency

Authors

Maintainers

Sources

doc/octez-libs.tezos-sapling/Tezos_sapling/Rustzcash/index.html

Module Tezos_sapling.RustzcashSource

Module `Tezos_sapling.Rustzcash`Source