Legend:
Library
Module
Module type
Parameter
Class
Class type
Library
Module
Module type
Parameter
Class
Class type
Initial values to parametrize dal cryptographic primitives. It used to build a value of type t
Encapsulates parameters required to use the cryptographic primitives exported by this module. A value of type t
contains both initial parameters
and computed values depending on it.
Because of the shell/protocol separation, cryptographic primitives need to be splitted. An interface, called the Verifier
aims to be provided for the economic protocol. The other interface, called the Builder
is for the shell.
A Verifier
, as hinted by the name, mainly needs to check proofs:
1. A proof that a commitment is valid
2. A proof that a page is valid
A technicality is that the economic protocol is able to configure those cryptographic primitives via several constants. Also, an SRS (aka trusted setup) is required.
It is the responsibility of the shell and the protocol to ensure that both the Verifier
and the Builder
are instantiated with the same parameters and use the same trusted setup.
module Verifier :
Cryptobox_intf.VERIFIER
with type t = t
and type parameters = parameters
and type commitment = commitment
and type commitment_proof = commitment_proof
and type page_proof = page_proof
include Cryptobox_intf.VERIFIER
with type t := t
and type parameters := parameters
and type commitment := commitment
and type commitment_proof := commitment_proof
and type page_proof := page_proof
val parameters_encoding : parameters Data_encoding.t
An encoding for values of type parameters
.
val make : parameters -> (t, [> `Fail of string ]) result
make
precomputes the set of values needed by the cryptographic primitives defined in this module and stores them in a value of type t
val parameters : t -> parameters
parameters t
returns the parameters given when t
was initialised with the function make
module Commitment_proof :
Cryptobox_intf.COMMITMENT_PROOF with type t := commitment_proof
val verify_commitment : t -> commitment -> commitment_proof -> bool
verify_commitment t commitment proof
checks whether commitment
is valid. In particular, it checks that the size of the data committed via commitment
does not exceed t.slot_size
. The verification time is constant.
Fails if the size of the srs on the group G2 is too small.
The original slot can be split into a list of pages of fixed size. This size is given by the parameter page_size
given to the function make
.
val page_proof_encoding : page_proof Data_encoding.t
An encoding for the proof of a page.
val pages_per_slot : parameters -> int
pages_per_slot t
returns the number of expected pages per slot.
val verify_page :
t ->
commitment ->
page_index:int ->
page ->
page_proof ->
(bool, [> `Segment_index_out_of_range | `Page_length_mismatch ]) Result.t
verify_page t srs commitment page page_proof
returns Ok true
if the proof
certifies that the slot_page
is indeed included in the slot committed with commitment commitment
. Returns Ok
false
otherwise.
Fails if the index of the page is out of range or if the page is not of the expected length page_size
given for the initialisation of t
.
The primitives exposed in this modules require some preprocessing. This preprocessing generates data from an unknown secret. For the security of those primitives, it is important that the secret is unknown.
module Commitment : sig ... end
A polynomial is another representation for a slot. One advantage of this representation is that a commitment can be computed from a polynomial. A commitment has nice properties:
1. A commitment ensures that the size of the slot
has a bounded size (typically slot_size
).
2. A commitment can be used to verify that a page of fixed size (typically page_size
) is part of the original slot.
val polynomial_degree : polynomial -> int
polynomial_degree polynomial
returns the degree of the polynomial.
val polynomial_evaluate : polynomial -> scalar -> scalar
polynomial_evaluate polynomial x
evaluates polynomial(x)
.
val polynomial_from_slot :
t ->
bytes ->
(polynomial, [> `Slot_wrong_size of string ]) Result.t
polynomial_from_slot t slot
returns a polynomial from the a slot slot
.
Fails with `Slot_wrong_size
when the slot size is different from CONFIGURATION.slot_size
.
val polynomial_to_bytes : t -> polynomial -> bytes
polynomial_to_slot t polynomial
returns a slot from a polynomial
.
val commit : t -> polynomial -> commitment
commit polynomial
returns the commitment associated to a polynomial p
.
Fails with `Degree_exceeds_srs_length
if the degree of p
exceeds the SRS size.
A portion of the data represented by a polynomial.
Encoding of a share.
A shard is share with its index (see shards_from_polynomial
).
val shard_encoding : shard Data_encoding.t
An encoding of a share.
encoded_share_size t
returns the size of a share in byte depending on t
val polynomial_from_shards :
t ->
shard Seq.t ->
(polynomial, [> `Invert_zero of string | `Not_enough_shards of string ])
result
polynomial_from_shards t shares
computes the original polynomial from shares
. The proportion of shares needed is 1
over C.redundancy_factor
the total number of shards. It is guaranteed that for any share with different indices, if there is more than the number of required shards, then the original data can be recomputed.
val shards_from_polynomial : t -> polynomial -> shard Seq.t
shards_from_polynomial t polynomial
computes all the shards encoding the original polynomial
.
val verify_shard : t -> commitment -> shard -> shard_proof -> bool
verify_shard t commitment shard proof
allows to check whether shard
is a portion of the data corresponding to the commitment
using proof
. The verification time is constant. The srs
should be the same as the one used to produce the commitment.
val prove_commitment : t -> polynomial -> commitment_proof
prove_commitment t polynomial
produces a proof that the slot represented by polynomial
has its size bounded by t.slot_size
.
val prove_page :
t ->
polynomial ->
int ->
(page_proof, [> `Segment_index_out_of_range ]) result
prove_page
produces a proof that the n
th page computed is part of a commitment. This page corresponds to the original data and are split into C.page_size
.
val prove_shards : t -> polynomial -> shard_proof array
prove_shards
computes the proofs for all the shards
that each shard
is a valid piece of data associated to a polynomial and its commitment. Only the commitment is needed to check the proof.
module Internal_for_tests : sig ... end
module Config : sig ... end
node parameters for the DAL.