templates.sigma_protocol module

The sigma protocol classes which are used to generate a proof of knowledge.

class templates.sigma_protocol.BaseSigmaProtocol(homomorphism, image_to_prove, commitment, response, hash_algorithm)[source]

Bases: Generic[InputElementT, HomomorphismOutputT, ChallengeT, ResponseT, HomomorphismT]

Abstract class defining the methods provided by a sigma protocol.

__init__(homomorphism, image_to_prove, commitment, response, hash_algorithm)[source]

Create a Sigma Protocol instantiation. The instantiation contains all elements needed for verification. To generate a proof of knowledge see the method generate_proof.

Parameters:

  • homomorphism (TypeVar(HomomorphismT, bound= Homomorphism[Any, Any, Any])) – Homomorphism which is used for the evaluation.

  • image_to_prove (TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition)) – The image created by applying the homomorphism on the secret input.

  • commitment (TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition)) – Evaluation of $psi(r)$, where $r$ is the random input used during proof generation.

  • response (TypeVar(ResponseT, bound= HomomorphismInput[Any])) – The response $z$.

  • hash_algorithm (str) – The hash algorithm used to generate the challenge from the hashlib library.

property commitment: HomomorphismOutputT
The commitment from the prover to a random vector $r$. The commitment is represented as

variable $A$ in the basic sigma protocol.

Returns:

Evaluation of $psi(r)$, where $r$ is the random input used during proof generation.

property hash_algorithm: str

Hash algorithm used for the Fiat-Shamir transformation. The Fiat-Shamir transformation makes the proof non-interactive.

The choice of the hash algorithm determines the number of bytes, which are available to generate a challenge.

Returns:

A string with the name of the hash algorithm

property homomorphism: HomomorphismT

The homomorphism function used in this sigma protocol

Returns:

Homomorphism corresponding to this sigma protocol

property image_to_prove: HomomorphismOutputT

Evaluation of the input by the homomorphism. This evaluation results in the input $P$ for the sigma protocol.

Returns:

A homomorphism output representing $psi(x)$, where x is the input vector and $psi$ the homomorphism.

property response: ResponseT

Response of the prover, which is used to verify the proof of knowledge. This corresponds to the variable $z$ of the sigma protocol. The evaluation of $z$ by the homomorphism is used to verify the proof of knowledge.

In the basic sigma protocol the response corresponds to $z= r + cx$, where $r$ is a vector of random elements, $c$ is the challenge from the verifier and $x$ is the input vector.

Returns:

A list of input elements representing the response of the prover.

verify()[source]

Validate the sigma protocol and determine whether the verifier is convinced of the proof of knowledge.

Return type:

bool

Returns:

True if the verifier is convinced otherwise False

class templates.sigma_protocol.CompressedSigmaProtocol(homomorphism, image_to_prove, response, commitment, transcript, hash_algorithm)[source]

Bases: Generic[InputElementT, HomomorphismOutputT, ChallengeT], BaseSigmaProtocol[InputElementT, HomomorphismOutputT, ChallengeT, CompressibleHomomorphismInput[InputElementT], CompressibleHomomorphism[InputElementT, HomomorphismOutputT, ChallengeT]]

Sigma protocol which has been compressed. A compressed sigma protocol can be created by applying the compression mechanism to the sigma-protocol.

__init__(homomorphism, image_to_prove, response, commitment, transcript, hash_algorithm)[source]

Initialization function for a compressed sigma protocol. To create a compressed sigma- protocol use the compress function from the compression mechanism.

Parameters:

  • homomorphism (CompressibleHomomorphism[TypeVar(InputElementT), TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition), TypeVar(ChallengeT, covariant=True)]) – The compressible homomorphism used by the sigma protocol.

  • image_to_prove (TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition)) – image generated by applying the homomorphism to the secret input

  • response (CompressibleHomomorphismInput[TypeVar(InputElementT)]) – a compressed response

  • commitment (TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition)) – the initial commitment from the sigma protocol

  • transcript (list[tuple[TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition), TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition)]]) – the transcript of $A_i$ and $B_i$

  • hash_algorithm (str) – the hash algorithm used to generate the challenges

property transcript: list[tuple[HomomorphismOutputT, HomomorphismOutputT]]

Transcript of the tuple consisting of the $A_i$ and $B_i$ elements. The elements are used during the verification to generate the corresponding challenges and to verify the result.

Returns:

A list of tuples corresponding to the $A$’s and $B$’s.

verify()[source]

Validate the sigma protocol and determine whether the verifier is convinced of the proof of knowledge.

Return type:

bool

Returns:

True if the verifier is convinced otherwise False

class templates.sigma_protocol.StandardSigmaProtocol(homomorphism, image_to_prove, commitment, response, hash_algorithm)[source]

Bases: Generic[InputElementT, HomomorphismOutputT, ChallengeT], BaseSigmaProtocol[InputElementT, HomomorphismOutputT, ChallengeT, HomomorphismInput[InputElementT], Homomorphism[InputElementT, HomomorphismOutputT, ChallengeT]]

Sigma protocol which consists of three steps. The sigma protocol enables the user to generate a proof of knowledge and verify it. The proof of knowledge is over a vector of InputElement’s.

classmethod generate_proof(homomorphism, private_input, hash_function)[source]

Generate a zero-knowledge proof for the provided input and the homomorphism.

Parameters:

  • homomorphism (Homomorphism[TypeVar(InputElementT), TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition), TypeVar(ChallengeT, covariant=True)]) – The homomorphism used during the sigma protocol

  • private_input (HomomorphismInput[TypeVar(InputElementT)]) – The input for which a proof is generated

  • hash_function (str) – The hash function name from hashlib used to create the challenge

Return type:

Self

Returns:

A sigma protocol which can be verified.

Raises:

ValueError – When the input length vector is not equal to the expected input size

verify()[source]

Validate the sigma protocol and determine whether the verifier is convinced of the proof of knowledge.

Return type:

bool

Returns:

True if the verifier is convinced otherwise False

templates.sigma_protocol.create_challenge(hash_function_name, create_bytes_from, homomorphism)[source]

Create a challenge from homomorphism output using the hash function. The challenge is used in the sigma-protocol to make it non-interactive.

Parameters:

  • hash_function_name (str) – Name of hash function in the hashlib library

  • create_bytes_from (Union[TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition), Iterable[TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition)]]) – homomorphism output(s) from which the challenge is made

  • homomorphism (Homomorphism[TypeVar(InputElementT), TypeVar(HomomorphismOutputT, bound= SupportsMultiplicationAndAddition), TypeVar(ChallengeT, covariant=True)]) – the corresponding homomorphism which creates a challenge from bytes

Return type:

TypeVar(ChallengeT, covariant=True)

Returns:

A challenge derived from the bytes of the hash function applied to the homomorphism output(s).