{-# LANGUAGE RecordWildCards, MultiWayIf, NamedFieldPuns #-}
module Bulletproofs.MultiRangeProof.Verifier (
verifyProof,
verifyTPoly,
verifyLRCommitment,
) where
import Protolude
import Prelude (zipWith3)
import qualified Crypto.PubKey.ECC.Generate as Crypto
import qualified Crypto.PubKey.ECC.Prim as Crypto
import qualified Crypto.PubKey.ECC.Types as Crypto
import Bulletproofs.RangeProof.Internal
import Bulletproofs.Curve
import Bulletproofs.Utils
import Bulletproofs.InnerProductProof as IPP hiding (verifyProof)
import qualified Bulletproofs.InnerProductProof as IPP
verifyProof
:: (AsInteger f, Eq f, Field f, Show f)
=> Integer
-> [Crypto.Point]
-> RangeProof f
-> Bool
verifyProof upperBound vCommits proof@RangeProof{..}
= and
[ verifyTPoly n vCommitsExp2 proof x y z
, verifyLRCommitment n mExp2 proof x y z
]
where
x = shamirX aCommit sCommit t1Commit t2Commit y z
y = shamirY aCommit sCommit
z = shamirZ aCommit sCommit y
n = logBase2 upperBound
m = length vCommits
vCommitsExp2 = vCommits ++ residueCommits
residueCommits = replicate (2 ^ log2Ceil m - m) Crypto.PointO
mExp2 = fromIntegral $ length vCommitsExp2
verifyTPoly
:: (AsInteger f, Eq f, Field f)
=> Integer
-> [Crypto.Point]
-> RangeProof f
-> f
-> f
-> f
-> Bool
verifyTPoly n vCommits proof@RangeProof{..} x y z
= lhs == rhs
where
m = fromIntegral $ length vCommits
lhs = commit t tBlinding
rhs =
foldl' addP Crypto.PointO ( zipWith mulP ((*) (fSquare z) <$> powerVector z m) vCommits )
`addP`
(delta n m y z `mulP` g)
`addP`
(x `mulP` t1Commit)
`addP`
(fSquare x `mulP` t2Commit)
verifyLRCommitment
:: (AsInteger f, Eq f, Field f, Show f)
=> Integer
-> Integer
-> RangeProof f
-> f
-> f
-> f
-> Bool
verifyLRCommitment n m proof@RangeProof{..} x y z
= IPP.verifyProof
nm
IPP.InnerProductBase { bGs = gs, bHs = hs', bH = u }
commitmentLR
productProof
where
commitmentLR = computeLRCommitment n m aCommit sCommit t tBlinding mu x y z hs'
hs' = zipWith (\yi hi-> recip yi `mulP` hi) (powerVector y nm) hs
uChallenge = shamirU tBlinding mu t
u = uChallenge `mulP` g
nm = n * m