This crate generates parameters for Pointproofs vector commitment schemes.
init params.out parameter_n
Generate starting parameters (with no entropy) for parameter_n and stores them in params.out.
evolve id_string params.in params.out
Reads old params from params.in, rerandomizes them and writes them (with a proof of knowledge of the mixed-in exponent) to params.out, using id_string as your identity.
verify id_string params.old params.new
Given assumed-good old params and a newly rerandomized version (with a proof of knowledge of the mixed-in exponent), verify that the new parameters were rerandomized correctly (i.e., check that the parameters are self-consistent and that the proof is correct for prover identity id_string).
finalize beacon_value params.in params.final
Given assumed-good params in params.in and the value of the shared random beacon, output the final set of parameters to params.final.
A sample file crs.param is provided for testing purpose. It supports vectors
of dimensions = 8. This file shall NOT be used in products.
-
The "evolve" operation is NOT CONSTANT TIME and should not be run in a setting where an attacker can precisely measure runtime.
-
consistencycheck.pdf contains a description and security proof for the probabilistic consistency check used as part of the
verifyoperation. -
usage.md describes how to carry out a secure multiparty computation to generate parameters using this tool.
-
security.pdf gives a security proof of said multiparty protocol.
-
This code is NOT production ready yet. It passed one external audit, but additional auditing and testing is required before deployment.