pedersen.pedersen_commitment_scheme module

File containing the Pedersen commitment scheme

class pedersen.pedersen_commitment_scheme.PedersenCommitment(value, modulus)[source]

Bases: SupportsMultiplicationAndAddition

Output for Pedersen scheme. A separate class in which all additions and multiplications are performed under the specified modulus.

property modulus: int

The modulus under which all operations are performed.

Returns:

The modulus

to_bytes()[source]

Creates a bytes object containing the Pedersen commitment value.

Return type:

bytes

Returns:

A bytes object of the commitment

class pedersen.pedersen_commitment_scheme.PedersenCommitmentInput(vector_input, reveal_information, scheme)[source]

Bases: HomomorphismInput[int]

Input for the Pedersen homomorphism. Can be split into two (almost) equal parts. When split in half, the right half keeps the original reveal information, while the left half gets assigned reveal information 0.

property input_vector: list[int]

The input vector that contains the preimage.

Returns:

The input vector

property reveal_information: int

The reveal information to open the commitment.

Returns:

The reveal information corresponding to this input

split_in_half()[source]

Split the input vector into two halves. If the length is odd, a 0 is first prepended to make the length even. The right half keeps the original reveal information, while the left half gets assigned reveal information 0.

Return type:

tuple[PedersenCommitmentInput, PedersenCommitmentInput]

Returns:

Tuple of commitment inputs representing the left and right half respectively.

class pedersen.pedersen_commitment_scheme.PedersenVectorCommitmentScheme(vector_length, modulus, input_modulus, generator_gs, generator_h)[source]

Bases: CompressibleHomomorphism[int, PedersenCommitment, int]

A Pedersen scheme which operates on a group. The Pedersen scheme evaluates the result as $h^u g_1^{x_1} g_2^{x_2} … g_n^{x^n}$, where $x$ is the vector input of length $n$, $u$ is the reveal information and the $g_i$ and $h$ are generators. The Pedersen scheme can also be split into two halves. If the length is odd a 1 is prepended to make the Pedersen scheme of even length. When split in half, the generators $g_i$ are split, and both halves keep the same generator $h$.

challenge_from_bytes(hash_bytes)[source]

Create a challenge from a bytes object. The bytes object is generated as a hash of a previous Pedersen commitment. This challenge is used to make the protocol non-interactive.

Parameters:

hash_bytes (bytes) – A bytes object created by a hash function

Return type:

int

Returns:

A challenge to use in the sigma protocol

evaluate(homomorphism_input)[source]

Apply the Pedersen scheme to the homomorphism input. The result is $h^u g_1^{x_1} g_2^{x_2} … g_n^{x^n}$, where $x$ is the vector input of length $n$, $u$ is the reveal information and the $g_i$ and $h$ are generators.

Parameters:

homomorphism_input (HomomorphismInput[int]) – The input for the Pedersen scheme

Return type:

PedersenCommitment

Returns:

PedersenCommitment representing the result of the input applied to the homomorphism

Raises:

  • ValueError – When the input length is not of the expected input size

  • TypeError – When the input is not a PedersenCommitmentInput

classmethod from_security_param(key_length, vector_length=1, input_modulus=None)[source]

Create a Pedersen commitment scheme using the security parameters provided.

Parameters:

  • key_length (int) – The length of the key in bits

  • vector_length (int) – The length of the input vector on which the scheme can be applied

  • input_modulus (int | None) – The modulus for the input elements in the input vector. If not given the value modulus is the modulus of the generated prime.

Return type:

PedersenVectorCommitmentScheme

Returns:

A Pedersen commitment scheme with the provided parameters

static get_prime_subgroup_generator(p, q, input_modulus)[source]

Given a finite multiplicative group and a prime, sample a random nontrivial element (which is also a generator) of the prime order subgroup. Based on the fact that all nontrivial elements of a prime order group have that prime as order.

Parameters:

  • order (group) – Order of the group

  • prime – Prime number

Return type:

int

Returns:

A randomly generated nontrivial element of prime order subgroup

property input_size: int

The length any input vector should have. This is equal to the number of generators in the Pedersen scheme.

Returns:

The input size

property modulus: int

Modulus of the group used during the pedersen commitment scheme.

Returns:

The modulus

output_to_bytes(output)[source]

Create a bytes object of a Pedersen output. Is used to create a hash of a Pedersen commitment, which is used as a challenge to make the protocol non-interactive.

Parameters:

output (PedersenCommitment) – A Pedersen commitment

Return type:

bytes

Returns:

A bytes object of the output

random_input()[source]

Generate a random input that can be used in the Pedersen scheme.

Return type:

PedersenCommitmentInput

Returns:

a random PedersenCommitmentInput

split_in_half()[source]

Split the generators of the Pedersen scheme into two halves. If the length is odd, a 1 is first prepended to make the length even. Both halves keep the same generator $h$.

Return type:

tuple[PedersenVectorCommitmentScheme, PedersenVectorCommitmentScheme]

Returns:

Tuple of commitment schemes representing the left and right half respectively.