- Generated by
1.9.8
|
purify
C++ Purify implementation with native circuit and BPP support
|
Namespaces | |
| namespace | bppp |
| namespace | capi_detail |
| namespace | core_api_detail |
| namespace | detail |
| namespace | puresign |
| namespace | puresign_plusplus |
Data Structures | |
| struct | AffinePoint |
| Affine point representation used for serialization and lookup tables. More... | |
| class | bad_expected_access |
| struct | BigUInt |
| Little-endian fixed-width unsigned integer with simple arithmetic utilities. More... | |
| struct | Bip340Key |
| Canonical BIP340 keypair derived deterministically from a packed Purify secret. More... | |
| struct | BulletproofAssignmentData |
| Columnar witness assignment compatible with the native Bulletproof circuit layout. More... | |
| struct | BulletproofBackendResourceDeleter |
| class | BulletproofTranscript |
| Lowering helper that converts a symbolic transcript into native Bulletproof witness and circuit forms. More... | |
| struct | BulletproofWitnessData |
| Complete witness bundle for evaluating and proving a Purify instance. More... | |
| struct | CircuitMainResult |
| Result bundle returned by the main symbolic Purify circuit construction. More... | |
| struct | CompleteProjectivePoint |
| Projective point used by the hardened secret-scalar multiplication path. More... | |
| class | EllipticCurve |
| Minimal elliptic-curve arithmetic over the Purify base field. More... | |
| struct | Error |
| Compact error object returned by checked APIs. More... | |
| class | Expected |
| Purify result carrier that either holds a value or an error. More... | |
| class | Expected< void, E > |
| class | ExperimentalBulletproofBackendCache |
| Caller-owned cache for reusable legacy Bulletproof backend resources keyed by gate count. More... | |
| struct | ExperimentalBulletproofProof |
| Experimental single-proof wrapper over the imported legacy Bulletproof circuit backend. More... | |
| class | Expr |
| Symbolic affine expression over indexed variables and field coefficients. More... | |
| class | ExprBuilder |
| Small runtime builder that flattens affine combinations into one expression. More... | |
| struct | ExprLess |
| struct | ExprPairLess |
| class | FieldElement |
| Field element modulo the backend scalar field used by this implementation. More... | |
| struct | GeneratedKey |
| Derived Purify keypair bundle with an owned packed secret and its matching public key. More... | |
| struct | JacobianPoint |
| Jacobian point representation used for curve arithmetic. More... | |
| struct | NativeBulletproofCircuit |
| Native in-memory representation of a Bulletproof-style arithmetic circuit. More... | |
| struct | NativeBulletproofCircuitRow |
| One sparse row of circuit coefficients. More... | |
| class | NativeBulletproofCircuitTemplate |
| Public-key-agnostic native verifier-circuit template. More... | |
| struct | NativeBulletproofCircuitTerm |
| One sparse matrix entry in a native circuit row. More... | |
| struct | SecpContextDeleter |
| class | SecretKey |
| Move-only packed Purify secret stored in dedicated heap memory. More... | |
| class | SpanAtLeast |
| Checked span wrapper that guarantees a minimum runtime length. More... | |
| struct | Symbol |
| Compact symbolic variable identifier used inside expressions and transcripts. More... | |
| struct | SymbolLess |
| class | TaggedHash |
| Reusable BIP340-style tagged SHA-256 helper. More... | |
| class | Transcript |
| Mutable transcript used to record symbolic multiplication, division, and boolean constraints. More... | |
| struct | unexpect_t |
| class | Unexpected |
Concepts | |
| concept | NoexceptByteFill |
| Callable concept for byte-fill RNG adapters that cannot fail. | |
| concept | NoexceptCheckedByteFill |
Callable concept for byte-fill RNG adapters that report failure via Status. | |
Typedefs | |
| using | KeySeed = SpanAtLeast< 16, const unsigned char > |
| Minimum-length checked wrapper for deterministic key-generation seed material. | |
| using | BulletproofScalarBytes = std::array< unsigned char, 32 > |
| using | BulletproofPointBytes = std::array< unsigned char, 33 > |
| using | BulletproofGeneratorBytes = std::array< unsigned char, 33 > |
| using | ExprPoint = std::pair< Expr, Expr > |
| Symbolic affine point represented as independent x and y expressions. | |
| using | SecpContextPtr = std::unique_ptr< purify_secp_context, SecpContextDeleter > |
| using | Bytes = std::vector< unsigned char > |
| Dynamically sized byte string used for messages, serialized witnesses, and proofs. | |
| template<typename T > | |
| using | Result = Expected< T, Error > |
| Expected-returning convenience alias for Purify value-producing APIs. | |
| using | Status = Expected< void, Error > |
| Expected-returning convenience alias for Purify status-only APIs. | |
| using | WitnessAssignments = std::vector< std::optional< FieldElement > > |
| Partial witness assignment vector indexed by transcript witness id. | |
| using | UInt256 = BigUInt< 4 > |
| 256-bit unsigned integer used for field elements and curve orders. | |
| using | UInt320 = BigUInt< 5 > |
| 320-bit unsigned integer used during hash-to-curve sampling. | |
| using | UInt512 = BigUInt< 8 > |
| 512-bit unsigned integer used for private and packed public keys. | |
| using | BulletproofBackendResourcePtr = std::unique_ptr< purify_bulletproof_backend_resources, BulletproofBackendResourceDeleter > |
Enumerations | |
| enum class | ErrorCategory : std::uint8_t { Natural , Usage , Internal } |
| High-level classification for all recoverable Purify errors. More... | |
| enum class | ErrorCode : std::uint16_t { InvalidHex , InvalidHexLength , InvalidFixedSize , Overflow , Underflow , NarrowingOverflow , DivisionByZero , BitIndexOutOfRange , RangeViolation , EmptyInput , SizeMismatch , MissingValue , InvalidSymbol , UnsupportedSymbol , UninitializedState , IndexOutOfRange , InvalidDimensions , NonBooleanValue , EquationMismatch , BindingMismatch , IoOpenFailed , IoWriteFailed , EntropyUnavailable , BackendRejectedInput , HashToCurveExhausted , UnexpectedSize , GeneratorOrderCheckFailed , InternalMismatch , TranscriptCheckFailed } |
| Machine-readable error codes shared across the library. More... | |
| enum class | SymbolKind : std::uint8_t { Witness = 0 , Left = 1 , Right = 2 , Output = 3 , Commitment = 4 } |
| Symbol classes used while deriving witness and Bulletproof wire relations. More... | |
Functions | |
| Result< GeneratedKey > | derive_key (const SecretKey &secret) |
| Derives the packed public key corresponding to a packed secret. | |
| Result< GeneratedKey > | derive_key (SecretKey &&secret) |
| Derives the packed public key corresponding to a packed secret. | |
| Result< Bip340Key > | derive_bip340_key (const SecretKey &secret, purify_secp_context *secp_context) |
| Derives a canonical BIP340 signing keypair from an owned Purify secret. | |
| UInt512 | key_space_size () |
| Returns the size of the packed Purify secret-key space. | |
| Status | fill_secure_random (std::span< unsigned char > bytes) noexcept |
| Fills a buffer with operating-system randomness. | |
| template<typename FillRandom > requires NoexceptCheckedByteFill<FillRandom> | |
| Result< UInt512 > | random_below (const UInt512 &range, FillRandom &&fill_random) |
| Samples a uniformly random packed secret below a range using a checked byte-fill source. | |
| template<typename FillRandom > requires NoexceptByteFill<FillRandom> | |
| Result< UInt512 > | random_below (const UInt512 &range, FillRandom &&fill_random) |
| Samples a uniformly random packed secret below a range using a no-fail byte-fill source. | |
| Result< UInt512 > | random_below (const UInt512 &range) |
| Samples a uniformly random packed secret below a range using the built-in OS RNG. | |
| Result< GeneratedKey > | generate_key () |
| Generates a random Purify keypair using the built-in OS RNG. | |
| Result< GeneratedKey > | generate_key (KeySeed seed) |
| Deterministically derives a Purify keypair from seed material. | |
| Result< GeneratedKey > | generate_key (std::span< const unsigned char > seed) |
| Deterministically derives a Purify keypair from seed material. | |
| template<typename FillRandom > requires (NoexceptByteFill<FillRandom> || NoexceptCheckedByteFill<FillRandom>) | |
| Result< GeneratedKey > | generate_key (FillRandom &&fill_random) |
| Generates a random Purify keypair using a caller-supplied byte-fill routine. | |
| Result< FieldElement > | eval (const SecretKey &secret, const Bytes &message) |
| Evaluates the Purify PRF for an owned secret key and message. | |
| Result< std::string > | verifier (const Bytes &message, const UInt512 &pubkey) |
| Builds the legacy serialized verifier description for a message and public key. | |
| Result< NativeBulletproofCircuit > | verifier_circuit (const Bytes &message, const UInt512 &pubkey) |
| Builds the native verifier circuit for a message and public key. | |
| Result< BulletproofWitnessData > | prove_assignment_data (const Bytes &message, const SecretKey &secret) |
| Computes the native Purify witness for a message and secret. | |
| Result< bool > | evaluate_verifier_circuit (const Bytes &message, const BulletproofWitnessData &witness) |
| Evaluates the generated verifier circuit against an explicit witness. | |
| Result< bool > | evaluate_verifier_circuit (const Bytes &message, const SecretKey &secret) |
| Evaluates the generated verifier circuit using a witness derived from a secret. | |
| Result< Bytes > | prove_assignment (const Bytes &message, const SecretKey &secret) |
| Serializes the witness assignment produced for a message and secret. | |
| Result< ExperimentalBulletproofProof > | prove_experimental_circuit (const NativeBulletproofCircuit &circuit, const BulletproofAssignmentData &assignment, const BulletproofScalarBytes &nonce, const BulletproofGeneratorBytes &value_generator, purify_secp_context *secp_context, std::span< const unsigned char > statement_binding={}, std::optional< BulletproofScalarBytes > blind=std::nullopt, ExperimentalBulletproofBackendCache *backend_cache=nullptr) |
| Proves a native circuit with the experimental imported Bulletproof circuit backend. | |
| Result< ExperimentalBulletproofProof > | prove_experimental_circuit (const NativeBulletproofCircuit::PackedWithSlack &circuit, const BulletproofAssignmentData &assignment, const BulletproofScalarBytes &nonce, const BulletproofGeneratorBytes &value_generator, purify_secp_context *secp_context, std::span< const unsigned char > statement_binding={}, std::optional< BulletproofScalarBytes > blind=std::nullopt, ExperimentalBulletproofBackendCache *backend_cache=nullptr) |
| Result< bool > | verify_experimental_circuit (const NativeBulletproofCircuit &circuit, const ExperimentalBulletproofProof &proof, const BulletproofGeneratorBytes &value_generator, purify_secp_context *secp_context, std::span< const unsigned char > statement_binding={}, ExperimentalBulletproofBackendCache *backend_cache=nullptr) |
Verifies a proof produced by prove_experimental_circuit against the same one-commitment native circuit. | |
| Result< bool > | verify_experimental_circuit (const NativeBulletproofCircuit::PackedWithSlack &circuit, const ExperimentalBulletproofProof &proof, const BulletproofGeneratorBytes &value_generator, purify_secp_context *secp_context, std::span< const unsigned char > statement_binding={}, ExperimentalBulletproofBackendCache *backend_cache=nullptr) |
| Result< NativeBulletproofCircuitTemplate > | verifier_circuit_template (const Bytes &message) |
| Builds a reusable public-key-agnostic verifier-circuit template for a message. | |
| Expr | circuit_1bit (const std::array< FieldElement, 2 > &values, Transcript &transcript, const Expr &x) |
| Selects one of two field constants using a single boolean expression bit. | |
| Expr | circuit_2bit (const std::array< FieldElement, 4 > &values, Transcript &transcript, const Expr &x, const Expr &y) |
| Selects one of four field constants using two boolean expression bits. | |
| Expr | circuit_3bit (const std::array< FieldElement, 8 > &values, Transcript &transcript, const Expr &x, const Expr &y, const Expr &z) |
| Selects one of eight field constants using three boolean expression bits. | |
| ExprPoint | circuit_1bit_point (const EllipticCurve &curve, const std::array< JacobianPoint, 2 > &points, Transcript &transcript, const Expr &b0) |
| Selects between two affine point constants using one boolean expression bit. | |
| ExprPoint | circuit_2bit_point (const EllipticCurve &curve, const std::array< JacobianPoint, 4 > &points, Transcript &transcript, const Expr &b0, const Expr &b1) |
| Selects between four affine point constants using two boolean expression bits. | |
| ExprPoint | circuit_3bit_point (const EllipticCurve &curve, const std::array< JacobianPoint, 8 > &points, Transcript &transcript, const Expr &b0, const Expr &b1, const Expr &b2) |
| Selects between eight affine point constants using three boolean expression bits. | |
| ExprPoint | circuit_optionally_negate_ec (const ExprPoint &point, Transcript &transcript, const Expr &negate_bit) |
| Conditionally negates an elliptic-curve point encoded as symbolic affine expressions. | |
| ExprPoint | circuit_ec_add (Transcript &transcript, const ExprPoint &p1, const ExprPoint &p2) |
| Symbolically adds two affine elliptic-curve points. | |
| Expr | circuit_ec_add_x (Transcript &transcript, const ExprPoint &p1, const ExprPoint &p2) |
| Symbolically adds two affine points and returns only the resulting x-coordinate. | |
| Expr | circuit_ec_multiply_x (const EllipticCurve &curve, Transcript &transcript, const JacobianPoint &point, const std::vector< Expr > &bits) |
| Builds the symbolic x-coordinate multiplication gadget for one curve point. | |
| Expr | circuit_combine (Transcript &transcript, const Expr &x1, const Expr &x2) |
| Builds the symbolic Purify output combiner over two x-coordinates. | |
| Result< CircuitMainResult > | circuit_main (Transcript &transcript, const JacobianPoint &m1, const JacobianPoint &m2, const std::optional< UInt256 > &z1=std::nullopt, const std::optional< UInt256 > &z2=std::nullopt) |
| Builds the full symbolic Purify circuit from message points and optional witness scalars. | |
| SecpContextPtr | make_secp_context () noexcept |
| Status | require_secp_context (const purify_secp_context *context, const char *error_context) |
| bool | checked_add_size (std::size_t lhs, std::size_t rhs, std::size_t &out) noexcept |
| bool | checked_mul_size (std::size_t lhs, std::size_t rhs, std::size_t &out) noexcept |
| bool | size_fits_u32 (std::size_t value) noexcept |
| bool | size_fits_u64 (std::size_t value) noexcept |
| Result< std::uint64_t > | narrow_size_to_u64 (std::size_t value, const char *context) |
| bool | is_power_of_two_size (std::size_t value) noexcept |
| template<typename T > | |
| void | best_effort_reserve_add (std::vector< T > &out, std::size_t lhs, std::size_t rhs) |
| Reserve capacity when the size arithmetic fits, otherwise skip the hint. | |
| template<typename T > | |
| void | best_effort_reserve_mul (std::vector< T > &out, std::size_t lhs, std::size_t rhs) |
| Bytes | bytes_from_ascii (std::string_view input) |
| Encodes an ASCII string as a byte vector. | |
| Bytes | operator+ (Bytes lhs, const Bytes &rhs) |
| Concatenates two byte vectors. | |
| std::uint64_t | ceil_div (std::uint64_t lhs, std::uint64_t rhs) |
| Computes ceiling division for unsigned 64-bit values. | |
| Bytes | hmac_sha256 (const Bytes &key, const Bytes &data) |
| Computes an HMAC-SHA256 digest using the secp bridge implementation. | |
| Bytes | hkdf (std::size_t length, const Bytes &ikm, const Bytes &salt={}, const Bytes &info={}) |
| Expands input key material using HKDF-SHA256. | |
| template<std::size_t Words> | |
| std::optional< BigUInt< Words > > | hash_to_int (const Bytes &data, const BigUInt< Words > &range, const Bytes &info={}) |
Rejection-samples a uniformly distributed integer below range. | |
| template<std::size_t Words> | |
| std::optional< BigUInt< Words > > | tagged_hash_to_int (std::span< const unsigned char > data, const BigUInt< Words > &range, const TaggedHash &tag, std::span< const unsigned char > info={}) |
Rejection-samples a uniformly distributed integer below range using repeated tagged hashes. | |
| const UInt256 & | order_n1 () |
| Returns the subgroup order for the first curve. | |
| const UInt256 & | order_n2 () |
| Returns the subgroup order for the second curve. | |
| const UInt256 & | half_n1 () |
Returns floor(order_n1 / 2). | |
| const UInt256 & | half_n2 () |
Returns floor(order_n2 / 2). | |
| const UInt512 & | packed_secret_key_space_size () |
| Returns the size of the packed secret-key encoding space. | |
| const UInt512 & | packed_public_key_space_size () |
| Returns the size of the packed public-key encoding space. | |
| const UInt320 & | two_p () |
Returns 2 * prime_p() as a widened integer for hash-to-curve sampling. | |
| FieldElement | field_a () |
Returns the shared Weierstrass a coefficient used by Purify. | |
| FieldElement | field_b () |
Returns the shared Weierstrass b coefficient used by Purify. | |
| FieldElement | field_d () |
| Returns the twist factor used to derive the second curve. | |
| FieldElement | field_di () |
| Returns the inverse of the twist factor in the field. | |
| const EllipticCurve & | curve1 () |
| Returns the first Purify curve instance. | |
| const EllipticCurve & | curve2 () |
| Returns the second Purify curve instance. | |
| Result< JacobianPoint > | hash_to_curve (const Bytes &data, const EllipticCurve &curve) |
| Hashes arbitrary data onto the supplied curve by rejection sampling x-coordinates. | |
| const JacobianPoint & | generator1 () |
| Returns the fixed generator for the first curve. | |
| const JacobianPoint & | generator2 () |
| Returns the fixed generator for the second curve. | |
| bool | is_valid_secret_key (const UInt512 &z) |
| Returns true when a packed secret is encoded canonically. | |
| bool | is_valid_public_key (const UInt512 &packed) |
| Returns true when a packed public key is encoded canonically. | |
| Status | validate_secret_key (const UInt512 &z) |
| Validates the packed secret-key encoding range. | |
| Status | validate_public_key (const UInt512 &packed) |
| Validates the packed public-key encoding range. | |
| Result< std::pair< UInt256, UInt256 > > | unpack_secret (const UInt512 &z) |
| Splits a packed private key into its two per-curve secret scalars. | |
| Result< std::pair< UInt256, UInt256 > > | unpack_public (const UInt512 &packed) |
| Splits a packed public key into its two x-coordinates. | |
| UInt512 | pack_public (const UInt256 &x1, const UInt256 &x2) |
| Packs two x-coordinates into the reference 512-bit public-key encoding. | |
| FieldElement | combine (const FieldElement &x1, const FieldElement &x2) |
| Applies the Purify curve-combination map to two x-coordinates. | |
| Result< std::vector< int > > | key_to_bits (UInt256 n, const UInt256 &max_value) |
| Encodes a scalar into the signed 3-bit window bit schedule used by the circuit. | |
| constexpr ErrorCategory | error_category (ErrorCode code) noexcept |
| Returns the high-level category for a concrete error code. | |
| constexpr std::string_view | to_string (ErrorCategory category) noexcept |
| Returns a stable programmatic name for an error category. | |
| constexpr std::string_view | to_string (ErrorCode code) noexcept |
| Returns a stable programmatic name for an error code. | |
| constexpr std::string_view | error_message (ErrorCode code) noexcept |
| Returns the human-facing description for an error code. | |
| constexpr Unexpected< Error > | unexpected_error (ErrorCode code, const char *context=nullptr) |
| Constructs an unexpected Error value from a machine-readable code. | |
| constexpr Unexpected< Error > | unexpected_error (Error error, const char *context=nullptr) |
| Re-wraps an existing Error value for propagation through another Result. | |
| bool | operator< (const Symbol &lhs, const Symbol &rhs) noexcept |
| std::ostream & | operator<< (std::ostream &out, const Expr &expr) |
| Streams the human-readable expression form to an output stream. | |
| Expr | operator+ (const Expr &lhs, const Expr &rhs) |
| Expr | operator+ (const Expr &lhs, std::int64_t rhs) |
| Expr | operator+ (std::int64_t lhs, const Expr &rhs) |
| Expr | operator- (const Expr &lhs, const Expr &rhs) |
| Expr | operator- (const Expr &lhs, std::int64_t rhs) |
| Expr | operator- (std::int64_t lhs, const Expr &rhs) |
| Expr | operator- (const Expr &value) |
| Expr | operator* (const Expr &expr, const FieldElement &scalar) |
| Expr | operator* (const FieldElement &scalar, const Expr &expr) |
| Expr | operator* (const Expr &expr, std::int64_t scalar) |
| Expr | operator* (std::int64_t scalar, const Expr &expr) |
| bool | operator== (const Expr &lhs, const Expr &rhs) |
| bool | operator< (const Expr &lhs, const Expr &rhs) |
| template<std::size_t OutWords, std::size_t InWords> | |
| BigUInt< OutWords > | widen (const BigUInt< InWords > &value) |
| Widens an integer to a larger limb count by zero-extending high limbs. | |
| template<std::size_t OutWords, std::size_t InWords> | |
| Result< BigUInt< OutWords > > | try_narrow (const BigUInt< InWords > &value) |
| Narrows an integer to a smaller limb count, rejecting truncated high bits. | |
| template<std::size_t OutWords, std::size_t InWords> | |
| BigUInt< OutWords > | narrow (const BigUInt< InWords > &value) |
| Narrows an integer to a smaller limb count, requiring that no high bits are lost. | |
| template<std::size_t Words> | |
| Result< std::pair< BigUInt< Words >, BigUInt< Words > > > | try_divmod_same (const BigUInt< Words > &numerator, const BigUInt< Words > &denominator) |
| Performs long division where numerator and denominator have the same width. | |
| template<std::size_t Words> | |
| std::pair< BigUInt< Words >, BigUInt< Words > > | divmod_same (const BigUInt< Words > &numerator, const BigUInt< Words > &denominator) |
| Performs long division where numerator and denominator have the same width. | |
| template<std::size_t LeftWords, std::size_t RightWords> | |
| BigUInt< LeftWords+RightWords > | multiply (const BigUInt< LeftWords > &lhs, const BigUInt< RightWords > &rhs) |
| Multiplies two fixed-width integers and returns the full-width product. | |
| const UInt256 & | prime_p () |
| Returns the Purify base-field modulus. | |
| FieldElement | square (const FieldElement &value) |
| Squares a field element. | |
| int | legendre_symbol (const FieldElement &value) |
Returns 0 for zero, 1 for quadratic residues, and -1 for non-residues. | |
| Result< ExperimentalBulletproofProof > | prove_experimental_circuit_assume_valid (const NativeBulletproofCircuit::PackedWithSlack &circuit, const BulletproofAssignmentData &assignment, const BulletproofScalarBytes &nonce, const BulletproofGeneratorBytes &value_generator, purify_secp_context *secp_context, std::span< const unsigned char > statement_binding, std::optional< BulletproofScalarBytes > blind, ExperimentalBulletproofBackendCache *backend_cache) |
| Result< Bytes > | experimental_circuit_binding_digest (const NativeBulletproofCircuit &circuit, std::span< const unsigned char > statement_binding) |
| Result< Bytes > | experimental_circuit_binding_digest (const NativeBulletproofCircuit::PackedWithSlack &circuit, std::span< const unsigned char > statement_binding) |
| bool | operator== (const FieldElement &lhs, const FieldElement &rhs) |
| bool | operator!= (const FieldElement &lhs, const FieldElement &rhs) |
| FieldElement | operator+ (const FieldElement &lhs, const FieldElement &rhs) |
| FieldElement | operator- (const FieldElement &lhs, const FieldElement &rhs) |
| FieldElement | operator* (const FieldElement &lhs, const FieldElement &rhs) |
| Result< Bytes > | bytes_from_hex (std::string_view hex) |
| Parses a hexadecimal string into raw bytes. | |
| template<std::size_t N> | |
| Result< std::array< unsigned char, N > > | array_from_hex (std::string_view hex) |
| Parses a fixed-size hexadecimal string into an array. | |
| template<typename ByteContainer > | |
| std::string | hex_from_bytes (const ByteContainer &bytes) |
| Encodes a byte container as lowercase hexadecimal. | |
| Status | write_file (const std::string &path, const Bytes &bytes) |
| Writes a byte buffer to disk. | |
| Status | prove (const Bytes &message, const SecretKey &secret, const std::string &output_path="prove.assn") |
| Writes a serialized witness assignment for a message and secret. | |
| int | run_cli (int argc, char **argv) |
| Dispatches the purify_cpp command-line interface. | |
Variables | |
| constexpr unexpect_t | unexpect {} |
| using purify::BulletproofBackendResourcePtr = typedef std::unique_ptr<purify_bulletproof_backend_resources, BulletproofBackendResourceDeleter> |
Definition at line 33 of file bulletproof.cpp.
| using purify::BulletproofGeneratorBytes = typedef std::array<unsigned char, 33> |
Definition at line 33 of file bulletproof.hpp.
| using purify::BulletproofPointBytes = typedef std::array<unsigned char, 33> |
Definition at line 32 of file bulletproof.hpp.
| using purify::BulletproofScalarBytes = typedef std::array<unsigned char, 32> |
Definition at line 31 of file bulletproof.hpp.
| using purify::Bytes = typedef std::vector<unsigned char> |
Definition at line 99 of file common.hpp.
| using purify::ExprPoint = typedef std::pair<Expr, Expr> |
Definition at line 492 of file bulletproof.hpp.
| using purify::KeySeed = typedef SpanAtLeast<16, const unsigned char> |
| using purify::Result = typedef Expected<T, Error> |
| using purify::SecpContextPtr = typedef std::unique_ptr<purify_secp_context, SecpContextDeleter> |
Definition at line 50 of file common.hpp.
| using purify::Status = typedef Expected<void, Error> |
| using purify::UInt256 = typedef BigUInt<4> |
Definition at line 798 of file numeric.hpp.
| using purify::UInt320 = typedef BigUInt<5> |
Definition at line 800 of file numeric.hpp.
| using purify::UInt512 = typedef BigUInt<8> |
Definition at line 802 of file numeric.hpp.
| using purify::WitnessAssignments = typedef std::vector<std::optional<FieldElement> > |
|
strong |
Natural errors can happen in valid operation and should be surfaced in checked APIs. Usage errors mean the caller supplied malformed input or violated a documented contract. Internal errors indicate a broken library invariant and should generally map to debug assertions or unchecked fast-fail paths instead of normal error returns.
| Enumerator | |
|---|---|
| Natural | |
| Usage | |
| Internal | |
|
strong |
The intent is that checked APIs list the exact ErrorCode values they may return, while the category helpers below make it obvious whether each error is a normal runtime condition, caller misuse, or a library defect.
|
strong |
|
inline |
| N | Required byte length. |
| hex | Input hex string. |
Definition at line 73 of file purify_runtime.hpp.
References bytes_from_hex(), purify::Expected< T, E >::error(), purify::Expected< T, E >::has_value(), InvalidFixedSize, and unexpected_error().
|
inline |
Reserve is only a performance hint. Callers use this when overflow should not change semantics.
Definition at line 107 of file common.hpp.
References checked_add_size().
Referenced by purify::detail::tagged_eval_input().
|
inline |
Definition at line 115 of file common.hpp.
References best_effort_reserve_mul(), and checked_mul_size().
Referenced by best_effort_reserve_mul().
| Bytes purify::bytes_from_ascii | ( | std::string_view | input | ) |
Definition at line 163 of file curve.cpp.
Referenced by generator1(), generator2(), main(), and purify_derive_bip340_key().
| hex | Input hex string; ASCII whitespace is ignored. |
Definition at line 31 of file purify_runtime.hpp.
References InvalidHex, InvalidHexLength, and unexpected_error().
Referenced by array_from_hex(), and run_cli().
| std::uint64_t purify::ceil_div | ( | std::uint64_t | lhs, |
| std::uint64_t | rhs | ||
| ) |
|
inlinenoexcept |
Definition at line 63 of file common.hpp.
References checked_add_size().
Referenced by best_effort_reserve_add(), checked_add_size(), purify::NativeBulletproofCircuit::PackedWithSlack::from_circuit(), purify::bppp::prove_experimental_circuit_zk_norm_arg_impl(), purify::BulletproofAssignmentData::serialize(), purify::ExperimentalBulletproofProof::serialize(), purify::puresign_plusplus::NonceProof::serialize(), purify::puresign_plusplus::ProvenSignature::serialize(), purify::puresign::NonceProof::serialize(), and purify::puresign::ProvenSignature::serialize().
|
inlinenoexcept |
Definition at line 71 of file common.hpp.
References checked_mul_size().
Referenced by best_effort_reserve_mul(), checked_mul_size(), purify::BulletproofAssignmentData::serialize(), purify::bppp::verify_experimental_circuit_norm_arg(), and purify::bppp::verify_experimental_circuit_zk_norm_arg_impl().
| Expr purify::circuit_1bit | ( | const std::array< FieldElement, 2 > & | values, |
| Transcript & | transcript, | ||
| const Expr & | x | ||
| ) |
Definition at line 2112 of file bulletproof.cpp.
References purify::ExprBuilder::add(), purify::ExprBuilder::add_scaled(), purify::ExprBuilder::build(), purify::Expr::linear(), and purify::ExprBuilder::reserved().
Referenced by circuit_1bit_point().
| ExprPoint purify::circuit_1bit_point | ( | const EllipticCurve & | curve, |
| const std::array< JacobianPoint, 2 > & | points, | ||
| Transcript & | transcript, | ||
| const Expr & | b0 | ||
| ) |
Definition at line 2147 of file bulletproof.cpp.
References purify::EllipticCurve::affine(), and circuit_1bit().
Referenced by circuit_ec_multiply_x().
| Expr purify::circuit_2bit | ( | const std::array< FieldElement, 4 > & | values, |
| Transcript & | transcript, | ||
| const Expr & | x, | ||
| const Expr & | y | ||
| ) |
Definition at line 2119 of file bulletproof.cpp.
References purify::ExprBuilder::add(), purify::ExprBuilder::add_scaled(), purify::ExprBuilder::build(), purify::Expr::linear(), purify::Transcript::mul(), and purify::ExprBuilder::reserved().
Referenced by circuit_2bit_point().
| ExprPoint purify::circuit_2bit_point | ( | const EllipticCurve & | curve, |
| const std::array< JacobianPoint, 4 > & | points, | ||
| Transcript & | transcript, | ||
| const Expr & | b0, | ||
| const Expr & | b1 | ||
| ) |
Definition at line 2156 of file bulletproof.cpp.
References purify::EllipticCurve::affine(), and circuit_2bit().
Referenced by circuit_ec_multiply_x().
| Expr purify::circuit_3bit | ( | const std::array< FieldElement, 8 > & | values, |
| Transcript & | transcript, | ||
| const Expr & | x, | ||
| const Expr & | y, | ||
| const Expr & | z | ||
| ) |
Definition at line 2129 of file bulletproof.cpp.
References purify::ExprBuilder::add(), purify::ExprBuilder::add_scaled(), purify::ExprBuilder::build(), purify::Expr::linear(), purify::Transcript::mul(), and purify::ExprBuilder::reserved().
Referenced by circuit_3bit_point().
| ExprPoint purify::circuit_3bit_point | ( | const EllipticCurve & | curve, |
| const std::array< JacobianPoint, 8 > & | points, | ||
| Transcript & | transcript, | ||
| const Expr & | b0, | ||
| const Expr & | b1, | ||
| const Expr & | b2 | ||
| ) |
Definition at line 2165 of file bulletproof.cpp.
References purify::EllipticCurve::affine(), and circuit_3bit().
Referenced by circuit_ec_multiply_x().
| Expr purify::circuit_combine | ( | Transcript & | transcript, |
| const Expr & | x1, | ||
| const Expr & | x2 | ||
| ) |
Definition at line 2266 of file bulletproof.cpp.
References purify::ExprBuilder::add(), purify::ExprBuilder::add_scaled(), purify::ExprBuilder::build(), purify::Transcript::div(), field_a(), field_b(), field_di(), purify::FieldElement::from_int(), purify::Expr::linear(), purify::Transcript::mul(), purify::ExprBuilder::reserved(), and purify::ExprBuilder::subtract().
Referenced by circuit_main().
| ExprPoint purify::circuit_ec_add | ( | Transcript & | transcript, |
| const ExprPoint & | p1, | ||
| const ExprPoint & | p2 | ||
| ) |
Definition at line 2185 of file bulletproof.cpp.
References purify::ExprBuilder::add(), purify::ExprBuilder::build(), purify::Transcript::div(), purify::Expr::linear(), purify::Transcript::mul(), purify::ExprBuilder::reserved(), and purify::ExprBuilder::subtract().
Referenced by circuit_ec_multiply_x().
| Expr purify::circuit_ec_add_x | ( | Transcript & | transcript, |
| const ExprPoint & | p1, | ||
| const ExprPoint & | p2 | ||
| ) |
Definition at line 2205 of file bulletproof.cpp.
References purify::ExprBuilder::add(), purify::ExprBuilder::build(), purify::Transcript::div(), purify::Expr::linear(), purify::Transcript::mul(), purify::ExprBuilder::reserved(), and purify::ExprBuilder::subtract().
Referenced by circuit_ec_multiply_x().
| Expr purify::circuit_ec_multiply_x | ( | const EllipticCurve & | curve, |
| Transcript & | transcript, | ||
| const JacobianPoint & | point, | ||
| const std::vector< Expr > & | bits | ||
| ) |
Definition at line 2215 of file bulletproof.cpp.
References purify::EllipticCurve::add(), circuit_1bit_point(), circuit_2bit_point(), circuit_3bit_point(), circuit_ec_add(), circuit_ec_add_x(), circuit_optionally_negate_ec(), and purify::EllipticCurve::double_point().
Referenced by circuit_main().
| Result< CircuitMainResult > purify::circuit_main | ( | Transcript & | transcript, |
| const JacobianPoint & | m1, | ||
| const JacobianPoint & | m2, | ||
| const std::optional< UInt256 > & | z1 = std::nullopt, |
||
| const std::optional< UInt256 > & | z2 = std::nullopt |
||
| ) |
Definition at line 2292 of file bulletproof.cpp.
References bit(), purify::BigUInt< Words >::bit_length(), purify::Transcript::boolean(), circuit_combine(), circuit_ec_multiply_x(), curve1(), curve2(), purify::Expected< T, E >::error(), purify::FieldElement::from_int(), generator1(), generator2(), half_n1(), half_n2(), purify::Expected< T, E >::has_value(), key_to_bits(), purify::NativeBulletproofCircuit::n_bits, purify::Transcript::secret(), and unexpected_error().
Referenced by prove_assignment_data(), verifier(), and verifier_circuit_template().
| ExprPoint purify::circuit_optionally_negate_ec | ( | const ExprPoint & | point, |
| Transcript & | transcript, | ||
| const Expr & | negate_bit | ||
| ) |
Definition at line 2181 of file bulletproof.cpp.
References purify::Transcript::mul().
Referenced by circuit_ec_multiply_x().
| FieldElement purify::combine | ( | const FieldElement & | x1, |
| const FieldElement & | x2 | ||
| ) |
Definition at line 345 of file curve.cpp.
References purify_curve_combine().
Referenced by prove_assignment_data(), and purify_eval().
| const EllipticCurve & purify::curve1 | ( | ) |
Definition at line 256 of file curve.cpp.
References field_a(), field_b(), and order_n1().
Referenced by circuit_main(), purify::capi_detail::derive_public_key_from_secret(), generator1(), prove_assignment_data(), purify_eval(), verifier(), and verifier_circuit_template().
| const EllipticCurve & purify::curve2 | ( | ) |
Definition at line 261 of file curve.cpp.
References field_a(), field_b(), field_d(), and order_n2().
Referenced by circuit_main(), purify::capi_detail::derive_public_key_from_secret(), generator2(), prove_assignment_data(), purify_eval(), verifier(), and verifier_circuit_template().
| Result< Bip340Key > purify::derive_bip340_key | ( | const SecretKey & | secret, |
| purify_secp_context * | secp_context | ||
| ) |
The derivation is deterministic and domain-separated from the Purify public key derivation.
Definition at line 161 of file api.cpp.
References purify::core_api_detail::from_core_error_code(), purify::SecretKey::packed(), purify_derive_bip340_key(), PURIFY_ERROR_OK, purify::detail::secure_clear_bytes(), purify::BigUInt< Words >::to_bytes_be(), and unexpected_error().
Referenced by purify::puresign_plusplus::api_impl::derive_public_key(), purify::puresign::api_impl::derive_public_key(), purify::puresign_plusplus::api_impl::sign_message_with_prepared(), purify::puresign::api_impl::sign_message_with_prepared(), purify::puresign_plusplus::KeyPair::sign_message_with_prepared(), purify::puresign::KeyPair::sign_message_with_prepared(), purify::puresign_plusplus::api_impl::sign_with_prepared_topic(), purify::puresign::api_impl::sign_with_prepared_topic(), purify::puresign_plusplus::KeyPair::sign_with_prepared_topic(), and purify::puresign::KeyPair::sign_with_prepared_topic().
| Result< GeneratedKey > purify::derive_key | ( | const SecretKey & | secret | ) |
| secret | Owned secret to clone into the returned key bundle. |
secret. Definition at line 142 of file api.cpp.
References purify::SecretKey::clone(), derive_key(), and PURIFY_ASSIGN_OR_RETURN.
Referenced by derive_key(), purify::puresign_plusplus::api_impl::derive_public_key(), purify::puresign::api_impl::derive_public_key(), generate_key(), and run_cli().
| Result< GeneratedKey > purify::derive_key | ( | SecretKey && | secret | ) |
| secret | Owned secret to move into the returned key bundle. |
secret. Definition at line 147 of file api.cpp.
References purify::BigUInt< 8 >::from_bytes_be(), purify::core_api_detail::from_core_error_code(), purify_derive_public_key(), PURIFY_ERROR_OK, purify::detail::secure_clear_bytes(), and unexpected_error().
| std::pair< BigUInt< Words >, BigUInt< Words > > purify::divmod_same | ( | const BigUInt< Words > & | numerator, |
| const BigUInt< Words > & | denominator | ||
| ) |
Definition at line 769 of file numeric.hpp.
References purify::Expected< T, E >::has_value(), and try_divmod_same().
|
constexprnoexcept |
Definition at line 105 of file error.hpp.
References BackendRejectedInput, BindingMismatch, BitIndexOutOfRange, DivisionByZero, EmptyInput, EntropyUnavailable, EquationMismatch, GeneratorOrderCheckFailed, HashToCurveExhausted, IndexOutOfRange, Internal, InternalMismatch, InvalidDimensions, InvalidFixedSize, InvalidHex, InvalidHexLength, InvalidSymbol, IoOpenFailed, IoWriteFailed, MissingValue, NarrowingOverflow, Natural, NonBooleanValue, Overflow, RangeViolation, SizeMismatch, TranscriptCheckFailed, Underflow, UnexpectedSize, UninitializedState, UnsupportedSymbol, and Usage.
Referenced by purify::Error::category().
|
constexprnoexcept |
Definition at line 224 of file error.hpp.
References BackendRejectedInput, BindingMismatch, BitIndexOutOfRange, DivisionByZero, EmptyInput, EntropyUnavailable, EquationMismatch, GeneratorOrderCheckFailed, HashToCurveExhausted, IndexOutOfRange, InternalMismatch, InvalidDimensions, InvalidFixedSize, InvalidHex, InvalidHexLength, InvalidSymbol, IoOpenFailed, IoWriteFailed, MissingValue, NarrowingOverflow, NonBooleanValue, Overflow, RangeViolation, SizeMismatch, TranscriptCheckFailed, Underflow, UnexpectedSize, UninitializedState, and UnsupportedSymbol.
Referenced by purify::Error::message().
| Result< FieldElement > purify::eval | ( | const SecretKey & | secret, |
| const Bytes & | message | ||
| ) |
| secret | Owned secret key. |
| message | Message bytes to evaluate. |
ErrorCode::HashToCurveExhausted. Definition at line 177 of file api.cpp.
References purify::core_api_detail::from_core_error_code(), purify::SecretKey::packed(), PURIFY_ERROR_OK, purify_eval(), purify::detail::secure_clear_bytes(), purify::BigUInt< Words >::to_bytes_be(), purify::FieldElement::try_from_bytes32(), and unexpected_error().
Referenced by run_cli().
| Result< bool > purify::evaluate_verifier_circuit | ( | const Bytes & | message, |
| const BulletproofWitnessData & | witness | ||
| ) |
| message | Message baked into the verifier circuit. |
| witness | Witness bundle to validate. |
ErrorCode::HashToCurveExhausted. Definition at line 282 of file api.cpp.
References purify::BulletproofWitnessData::assignment, purify::BulletproofWitnessData::public_key, PURIFY_ASSIGN_OR_RETURN, and verifier_circuit().
Referenced by evaluate_verifier_circuit().
| Result< bool > purify::evaluate_verifier_circuit | ( | const Bytes & | message, |
| const SecretKey & | secret | ||
| ) |
| message | Message baked into the verifier circuit. |
| secret | Owned secret key. |
ErrorCode::HashToCurveExhausted. Definition at line 288 of file api.cpp.
References evaluate_verifier_circuit(), prove_assignment_data(), and PURIFY_ASSIGN_OR_RETURN.
| Result< Bytes > purify::experimental_circuit_binding_digest | ( | const NativeBulletproofCircuit & | circuit, |
| std::span< const unsigned char > | statement_binding | ||
| ) |
Definition at line 2332 of file bulletproof.cpp.
Referenced by purify::bppp::prove_experimental_circuit_zk_norm_arg_impl(), and purify::bppp::verify_experimental_circuit_zk_norm_arg_impl().
| Result< Bytes > purify::experimental_circuit_binding_digest | ( | const NativeBulletproofCircuit::PackedWithSlack & | circuit, |
| std::span< const unsigned char > | statement_binding | ||
| ) |
Definition at line 2338 of file bulletproof.cpp.
| FieldElement purify::field_a | ( | ) |
Definition at line 239 of file curve.cpp.
References purify_curve_field_a().
Referenced by circuit_combine(), curve1(), and curve2().
| FieldElement purify::field_b | ( | ) |
Definition at line 243 of file curve.cpp.
References purify_curve_field_b().
Referenced by circuit_combine(), curve1(), and curve2().
| FieldElement purify::field_d | ( | ) |
Definition at line 247 of file curve.cpp.
References purify_curve_field_d().
Referenced by curve2().
| FieldElement purify::field_di | ( | ) |
Definition at line 251 of file curve.cpp.
References purify_curve_field_di().
Referenced by circuit_combine().
|
noexcept |
| bytes | Buffer to fill. |
ErrorCode::EntropyUnavailable. Definition at line 103 of file api.cpp.
References purify_fill_secure_random().
Referenced by random_below().
| Result< GeneratedKey > purify::generate_key | ( | ) |
Definition at line 112 of file api.cpp.
References purify::Expected< T, E >::error(), purify::core_api_detail::from_core_error_code(), purify::Expected< T, E >::has_value(), PURIFY_ERROR_OK, purify_generate_key(), and unexpected_error().
Referenced by generate_key(), and run_cli().
| Result< GeneratedKey > purify::generate_key | ( | FillRandom && | fill_random | ) |
| fill_random | Callable that fills the supplied byte span. |
Definition at line 213 of file api.hpp.
References derive_key(), purify::SecretKey::from_packed(), key_space_size(), PURIFY_ASSIGN_OR_RETURN, and random_below().
| Result< GeneratedKey > purify::generate_key | ( | KeySeed | seed | ) |
| seed | Seed bytes. Inputs shorter than 16 bytes are rejected. |
Definition at line 127 of file api.cpp.
References purify::SpanAtLeast< MinSize, T >::data(), purify::Expected< T, E >::error(), purify::core_api_detail::from_core_error_code(), purify::Expected< T, E >::has_value(), PURIFY_ERROR_OK, purify_generate_key_from_seed(), purify::SpanAtLeast< MinSize, T >::size(), and unexpected_error().
|
inline |
| seed | Seed bytes. Inputs shorter than 16 bytes are rejected. |
Definition at line 201 of file api.hpp.
References generate_key(), PURIFY_ASSIGN_OR_RETURN, and purify::SpanAtLeast< MinSize, T >::try_from().
| const JacobianPoint & purify::generator1 | ( | ) |
Definition at line 277 of file curve.cpp.
References bytes_from_ascii(), curve1(), purify::Expected< T, E >::has_value(), hash_to_curve(), and order_n1().
Referenced by circuit_main(), purify::capi_detail::derive_public_key_from_secret(), and prove_assignment_data().
| const JacobianPoint & purify::generator2 | ( | ) |
Definition at line 288 of file curve.cpp.
References bytes_from_ascii(), curve2(), purify::Expected< T, E >::has_value(), hash_to_curve(), and order_n2().
Referenced by circuit_main(), purify::capi_detail::derive_public_key_from_secret(), and prove_assignment_data().
| const UInt256 & purify::half_n1 | ( | ) |
Definition at line 214 of file curve.cpp.
References purify_curve_half_n1().
Referenced by circuit_main().
| const UInt256 & purify::half_n2 | ( | ) |
Definition at line 219 of file curve.cpp.
References purify_curve_half_n2().
Referenced by circuit_main().
| Result< JacobianPoint > purify::hash_to_curve | ( | const Bytes & | data, |
| const EllipticCurve & | curve | ||
| ) |
Definition at line 268 of file curve.cpp.
References purify::EllipticCurve::a_, purify::EllipticCurve::b_, HashToCurveExhausted, purify::EllipticCurve::n_, purify_curve_hash_to_curve(), and unexpected_error().
Referenced by generator1(), generator2(), prove_assignment_data(), purify_eval(), verifier(), and verifier_circuit_template().
|
inline |
| ByteContainer | Container with byte-like values. |
| bytes | Input bytes. |
Definition at line 93 of file purify_runtime.hpp.
Referenced by run_cli().
| Bytes purify::hkdf | ( | std::size_t | length, |
| const Bytes & | ikm, | ||
| const Bytes & | salt = {}, |
||
| const Bytes & | info = {} |
||
| ) |
Definition at line 182 of file curve.cpp.
References ceil_div(), and hmac_sha256().
|
inlinenoexcept |
Definition at line 94 of file common.hpp.
References is_power_of_two_size().
Referenced by is_power_of_two_size(), purify::bppp::prove_experimental_circuit_norm_arg_to_commitment(), purify::bppp::prove_experimental_circuit_zk_norm_arg_impl(), purify::detail::validate_proof_cache_circuit(), verify_experimental_circuit(), verify_experimental_circuit(), purify::bppp::verify_experimental_circuit_norm_arg(), and purify::bppp::verify_experimental_circuit_zk_norm_arg_impl().
| bool purify::is_valid_public_key | ( | const UInt512 & | packed | ) |
Definition at line 303 of file curve.cpp.
References purify::BigUInt< Words >::limbs, and purify_curve_is_valid_public_key().
Referenced by validate_public_key().
| bool purify::is_valid_secret_key | ( | const UInt512 & | z | ) |
Definition at line 299 of file curve.cpp.
References purify::BigUInt< Words >::limbs, and purify_curve_is_valid_secret_key().
Referenced by validate_secret_key().
|
inline |
Definition at line 101 of file api.hpp.
References packed_secret_key_space_size().
Referenced by generate_key().
Definition at line 353 of file curve.cpp.
References purify::BigUInt< Words >::bit_length(), purify::BigUInt< Words >::limbs, purify_curve_key_to_bits(), RangeViolation, and unexpected_error().
Referenced by circuit_main().
| int purify::legendre_symbol | ( | const FieldElement & | value | ) |
Definition at line 190 of file numeric.cpp.
References purify_fe_legendre_symbol().
|
inlinenoexcept |
Definition at line 52 of file common.hpp.
References purify_secp_context_create().
Referenced by run_cli().
| BigUInt< LeftWords+RightWords > purify::multiply | ( | const BigUInt< LeftWords > & | lhs, |
| const BigUInt< RightWords > & | rhs | ||
| ) |
Definition at line 777 of file numeric.hpp.
References purify::detail::UInt128::add_u64(), purify::detail::UInt128::high64(), purify::BigUInt< Words >::limbs, purify::detail::UInt128::low64(), purify::detail::UInt128::mul_u64(), and purify_u512_multiply_u256().
| BigUInt< OutWords > purify::narrow | ( | const BigUInt< InWords > & | value | ) |
Definition at line 721 of file numeric.hpp.
References purify::Expected< T, E >::has_value().
|
inline |
Definition at line 87 of file common.hpp.
References narrow_size_to_u64(), size_fits_u64(), unexpected_error(), and UnexpectedSize.
Referenced by narrow_size_to_u64().
| bool purify::operator!= | ( | const FieldElement & | lhs, |
| const FieldElement & | rhs | ||
| ) |
Definition at line 163 of file numeric.cpp.
| Expr purify::operator* | ( | const Expr & | expr, |
| const FieldElement & | scalar | ||
| ) |
| FieldElement purify::operator* | ( | const FieldElement & | lhs, |
| const FieldElement & | rhs | ||
| ) |
Definition at line 177 of file numeric.cpp.
| Expr purify::operator* | ( | const FieldElement & | scalar, |
| const Expr & | expr | ||
| ) |
| FieldElement purify::operator+ | ( | const FieldElement & | lhs, |
| const FieldElement & | rhs | ||
| ) |
Definition at line 167 of file numeric.cpp.
| FieldElement purify::operator- | ( | const FieldElement & | lhs, |
| const FieldElement & | rhs | ||
| ) |
Definition at line 173 of file numeric.cpp.
| std::ostream & purify::operator<< | ( | std::ostream & | out, |
| const Expr & | expr | ||
| ) |
Definition at line 373 of file expr.cpp.
References operator<<(), and purify::Expr::to_string().
Referenced by operator<<().
| bool purify::operator== | ( | const FieldElement & | lhs, |
| const FieldElement & | rhs | ||
| ) |
Definition at line 159 of file numeric.cpp.
| const UInt256 & purify::order_n1 | ( | ) |
Definition at line 204 of file curve.cpp.
References purify_curve_order_n1().
Referenced by curve1(), and generator1().
| const UInt256 & purify::order_n2 | ( | ) |
Definition at line 209 of file curve.cpp.
References purify_curve_order_n2().
Referenced by curve2(), and generator2().
Definition at line 339 of file curve.cpp.
References purify::BigUInt< Words >::limbs, and purify_curve_pack_public().
Referenced by purify::capi_detail::derive_public_key_from_secret(), and prove_assignment_data().
| const UInt512 & purify::packed_public_key_space_size | ( | ) |
Definition at line 229 of file curve.cpp.
References purify_curve_packed_public_key_space_size().
| const UInt512 & purify::packed_secret_key_space_size | ( | ) |
Definition at line 224 of file curve.cpp.
References purify_curve_packed_secret_key_space_size().
Referenced by key_space_size().
| const UInt256 & purify::prime_p | ( | ) |
Definition at line 199 of file curve.cpp.
References purify_curve_prime_p().
|
inline |
| message | Message bytes to evaluate. |
| secret | Owned secret key. |
| output_path | Destination path for the witness blob. |
Definition at line 125 of file purify_runtime.hpp.
References purify::Expected< T, E >::error(), purify::Expected< T, E >::has_value(), prove_assignment(), unexpected_error(), and write_file().
Referenced by run_cli().
| message | Message bytes to evaluate. |
| secret | Owned secret key. |
ErrorCode::HashToCurveExhausted. Definition at line 294 of file api.cpp.
References purify::Expected< T, E >::has_value(), InternalMismatch, prove_assignment_data(), PURIFY_ASSIGN_OR_RETURN, and unexpected_error().
Referenced by prove().
| Result< BulletproofWitnessData > purify::prove_assignment_data | ( | const Bytes & | message, |
| const SecretKey & | secret | ||
| ) |
| message | Message bytes to evaluate. |
| secret | Owned secret key. |
ErrorCode::HashToCurveExhausted. Definition at line 236 of file api.cpp.
References purify::BulletproofTranscript::add_pubkey_and_out(), purify::BulletproofTranscript::assignment_data(), circuit_main(), combine(), curve1(), curve2(), purify::Transcript::evaluate(), purify::BulletproofTranscript::evaluate(), purify::BulletproofTranscript::from_transcript(), generator1(), generator2(), purify::Expected< T, E >::has_value(), hash_to_curve(), InternalMismatch, pack_public(), purify::SecretKey::packed(), PURIFY_ASSIGN_OR_RETURN, PURIFY_RETURN_IF_ERROR, TranscriptCheckFailed, unexpected_error(), unpack_secret(), and purify::Transcript::varmap().
Referenced by purify::bppp::commit_output_witness(), evaluate_verifier_circuit(), prove_assignment(), and run_cli().
| Result< ExperimentalBulletproofProof > purify::prove_experimental_circuit | ( | const NativeBulletproofCircuit & | circuit, |
| const BulletproofAssignmentData & | assignment, | ||
| const BulletproofScalarBytes & | nonce, | ||
| const BulletproofGeneratorBytes & | value_generator, | ||
| purify_secp_context * | secp_context, | ||
| std::span< const unsigned char > | statement_binding = {}, |
||
| std::optional< BulletproofScalarBytes > | blind = std::nullopt, |
||
| ExperimentalBulletproofBackendCache * | backend_cache = nullptr |
||
| ) |
This wrapper only supports circuits with exactly one committed scalar. Providing blind = std::nullopt yields the exact public point commitment assignment.commitments[0] * value_generator, which is the form needed for R = rG style statements.
Definition at line 1533 of file bulletproof.cpp.
References nonce.
Referenced by main().
| Result< ExperimentalBulletproofProof > purify::prove_experimental_circuit | ( | const NativeBulletproofCircuit::PackedWithSlack & | circuit, |
| const BulletproofAssignmentData & | assignment, | ||
| const BulletproofScalarBytes & | nonce, | ||
| const BulletproofGeneratorBytes & | value_generator, | ||
| purify_secp_context * | secp_context, | ||
| std::span< const unsigned char > | statement_binding = {}, |
||
| std::optional< BulletproofScalarBytes > | blind = std::nullopt, |
||
| ExperimentalBulletproofBackendCache * | backend_cache = nullptr |
||
| ) |
Definition at line 1553 of file bulletproof.cpp.
References nonce.
| Result< ExperimentalBulletproofProof > purify::prove_experimental_circuit_assume_valid | ( | const NativeBulletproofCircuit::PackedWithSlack & | circuit, |
| const BulletproofAssignmentData & | assignment, | ||
| const BulletproofScalarBytes & | nonce, | ||
| const BulletproofGeneratorBytes & | value_generator, | ||
| purify_secp_context * | secp_context, | ||
| std::span< const unsigned char > | statement_binding, | ||
| std::optional< BulletproofScalarBytes > | blind, | ||
| ExperimentalBulletproofBackendCache * | backend_cache | ||
| ) |
Definition at line 1573 of file bulletproof.cpp.
References nonce.
| range | Exclusive upper bound. |
[0, range). Definition at line 108 of file api.cpp.
References fill_secure_random(), and random_below().
| Result< UInt512 > purify::random_below | ( | const UInt512 & | range, |
| FillRandom && | fill_random | ||
| ) |
| range | Exclusive upper bound. |
| fill_random | Callable with signature Status(std::span<unsigned char>) noexcept. |
[0, range). Definition at line 132 of file api.hpp.
References purify::BigUInt< Words >::bit_length(), purify::BigUInt< Words >::compare(), purify::BigUInt< 8 >::from_bytes_be(), purify::BigUInt< Words >::is_zero(), purify::BigUInt< Words >::mask_bits(), PURIFY_RETURN_IF_ERROR, RangeViolation, and unexpected_error().
Referenced by generate_key(), and random_below().
| Result< UInt512 > purify::random_below | ( | const UInt512 & | range, |
| FillRandom && | fill_random | ||
| ) |
| range | Exclusive upper bound. |
| fill_random | Callable with signature void(std::span<unsigned char>) noexcept. |
[0, range). Definition at line 158 of file api.hpp.
References purify::BigUInt< Words >::bit_length(), purify::BigUInt< Words >::compare(), purify::BigUInt< 8 >::from_bytes_be(), purify::BigUInt< Words >::is_zero(), purify::BigUInt< Words >::mask_bits(), RangeViolation, and unexpected_error().
|
inline |
Definition at line 56 of file common.hpp.
References MissingValue, require_secp_context(), and unexpected_error().
Referenced by purify::bppp::commit_norm_arg_with_cache(), purify::bppp::create_generators(), purify::puresign_plusplus::PublicKey::deserialize(), purify::puresign_plusplus::Nonce::deserialize(), purify::puresign_plusplus::Signature::deserialize(), purify::puresign_plusplus::NonceProof::deserialize(), purify::puresign::PublicKey::deserialize(), purify::puresign::Nonce::deserialize(), purify::puresign::Signature::deserialize(), purify::bppp::pedersen_commit_char(), purify::bppp::prove_norm_arg_to_commitment_with_cache(), require_secp_context(), purify::puresign_plusplus::PreparedNonce::sign_message(), purify::puresign::PreparedNonce::sign_message(), purify::puresign_plusplus::PreparedNonce::sign_topic_message(), purify::puresign::PreparedNonce::sign_topic_message(), verify_experimental_circuit(), verify_experimental_circuit(), purify::puresign_plusplus::api_impl::verify_signature(), and purify::puresign::api_impl::verify_signature().
|
inline |
| argc | Argument count. |
| argv | Argument vector. |
Definition at line 139 of file purify_runtime.hpp.
References BackendRejectedInput, bytes_from_hex(), purify::bppp::commit_output_witness(), derive_key(), purify::Expected< T, E >::error(), eval(), purify::SecretKey::from_hex(), generate_key(), purify::Expected< T, E >::has_value(), hex_from_bytes(), make_secp_context(), prove(), prove_assignment_data(), purify::BigUInt< 8 >::try_from_hex(), verifier(), and verifier_circuit().
Referenced by main().
|
inlinenoexcept |
Definition at line 79 of file common.hpp.
References size_fits_u32().
Referenced by purify::BulletproofAssignmentData::serialize(), and size_fits_u32().
|
inlinenoexcept |
Definition at line 83 of file common.hpp.
References size_fits_u64().
Referenced by narrow_size_to_u64(), purify::BulletproofAssignmentData::serialize(), and size_fits_u64().
| FieldElement purify::square | ( | const FieldElement & | value | ) |
Definition at line 183 of file numeric.cpp.
References purify_fe_square().
| std::optional< BigUInt< Words > > purify::tagged_hash_to_int | ( | std::span< const unsigned char > | data, |
| const BigUInt< Words > & | range, | ||
| const TaggedHash & | tag, | ||
| std::span< const unsigned char > | info = {} |
||
| ) |
|
constexprnoexcept |
Definition at line 146 of file error.hpp.
References Internal, Natural, and Usage.
Referenced by purify::Error::name(), and purify::BulletproofTranscript::to_string().
|
constexprnoexcept |
Definition at line 159 of file error.hpp.
References BackendRejectedInput, BindingMismatch, BitIndexOutOfRange, DivisionByZero, EmptyInput, EntropyUnavailable, EquationMismatch, GeneratorOrderCheckFailed, HashToCurveExhausted, IndexOutOfRange, InternalMismatch, InvalidDimensions, InvalidFixedSize, InvalidHex, InvalidHexLength, InvalidSymbol, IoOpenFailed, IoWriteFailed, MissingValue, NarrowingOverflow, NonBooleanValue, Overflow, RangeViolation, SizeMismatch, TranscriptCheckFailed, Underflow, UnexpectedSize, UninitializedState, and UnsupportedSymbol.
| Result< std::pair< BigUInt< Words >, BigUInt< Words > > > purify::try_divmod_same | ( | const BigUInt< Words > & | numerator, |
| const BigUInt< Words > & | denominator | ||
| ) |
Definition at line 729 of file numeric.hpp.
References purify::BigUInt< Words >::bit_length(), purify::BigUInt< Words >::compare(), DivisionByZero, InternalMismatch, purify::BigUInt< Words >::is_zero(), purify::BigUInt< Words >::limbs, purify_u512_try_divmod_same(), purify::BigUInt< Words >::shift_right_one(), purify::BigUInt< Words >::shifted_left(), purify::BigUInt< Words >::try_set_bit(), purify::BigUInt< Words >::try_sub_assign(), and unexpected_error().
Referenced by divmod_same().
| Result< BigUInt< OutWords > > purify::try_narrow | ( | const BigUInt< InWords > & | value | ) |
Definition at line 695 of file numeric.hpp.
References purify::BigUInt< Words >::limbs, NarrowingOverflow, purify_u256_try_narrow_u320(), purify_u256_try_narrow_u512(), and unexpected_error().
| const UInt320 & purify::two_p | ( | ) |
Definition at line 234 of file curve.cpp.
References purify_curve_two_p().
|
constexpr |
|
constexpr |
context is reserved for future diagnostic plumbing and must have static lifetime.
Definition at line 293 of file error.hpp.
Referenced by purify::BulletproofTranscript::add_pubkey_and_out(), array_from_hex(), purify::puresign_plusplus::TopicProofCache::build(), purify::puresign::api_impl::build_topic_proof_cache(), bytes_from_hex(), circuit_main(), purify::ExperimentalBulletproofBackendCache::clone_for_thread(), purify::bppp::ExperimentalCircuitCache::clone_line_for_thread(), purify::bppp::commit_norm_arg_with_cache(), purify::bppp::create_generators(), derive_bip340_key(), derive_key(), purify::ExperimentalBulletproofProof::deserialize(), purify::puresign_plusplus::PublicKey::deserialize(), purify::puresign_plusplus::Nonce::deserialize(), purify::puresign_plusplus::Signature::deserialize(), purify::puresign_plusplus::NonceProof::deserialize(), purify::puresign_plusplus::ProvenSignature::deserialize(), purify::puresign::PublicKey::deserialize(), purify::puresign::Nonce::deserialize(), purify::puresign::Signature::deserialize(), purify::puresign::NonceProof::deserialize(), purify::puresign::ProvenSignature::deserialize(), eval(), purify::NativeBulletproofCircuitTemplate::final_evaluate(), purify::NativeBulletproofCircuit::PackedWithSlack::from_circuit(), purify::BulletproofTranscript::from_transcript(), generate_key(), generate_key(), hash_to_curve(), purify::NativeBulletproofCircuitTemplate::instantiate(), purify::NativeBulletproofCircuitTemplate::instantiate_packed(), purify::NativeBulletproofCircuitTemplate::integrity_digest(), key_to_bits(), purify::EllipticCurve::mul_secret_affine(), narrow_size_to_u64(), purify::capi_detail::parse_public_key(), purify::capi_detail::parse_secret_key(), purify::NativeBulletproofCircuitTemplate::partial_evaluate(), purify::bppp::pedersen_commit_char(), prove(), prove_assignment(), prove_assignment_data(), purify::bppp::prove_experimental_circuit_norm_arg_to_commitment(), purify::bppp::prove_experimental_circuit_zk_norm_arg_impl(), purify::bppp::prove_norm_arg_to_commitment_with_cache(), random_below(), require_secp_context(), purify::BulletproofAssignmentData::serialize(), purify::ExperimentalBulletproofProof::serialize(), purify::puresign_plusplus::NonceProof::serialize(), purify::puresign_plusplus::ProvenSignature::serialize(), purify::puresign::NonceProof::serialize(), purify::puresign::ProvenSignature::serialize(), purify::BulletproofTranscript::serialize_assignment(), purify::puresign_plusplus::PreparedNonce::sign_message(), purify::puresign::PreparedNonce::sign_message(), purify::puresign_plusplus::PreparedNonceWithProof::sign_message(), purify::puresign::PreparedNonceWithProof::sign_message(), purify::puresign_plusplus::PreparedNonce::sign_topic_message(), purify::puresign::PreparedNonce::sign_topic_message(), purify::puresign_plusplus::PreparedNonceWithProof::sign_topic_message(), purify::puresign::PreparedNonceWithProof::sign_topic_message(), try_divmod_same(), purify::SpanAtLeast< MinSize, T >::try_from(), purify::FieldElement::try_from_bytes32(), purify::BigUInt< Words >::try_from_hex(), try_narrow(), purify::NativeBulletproofCircuit::PackedWithSlack::unpack(), unpack_public(), unpack_secret(), purify::detail::validate_message_proof_cache(), purify::detail::validate_proof_cache_circuit(), validate_public_key(), validate_secret_key(), purify::detail::validate_topic_proof_cache(), verify_experimental_circuit(), verify_experimental_circuit(), purify::bppp::verify_experimental_circuit_norm_arg(), purify::bppp::verify_experimental_circuit_zk_norm_arg_impl(), purify::puresign_plusplus::api_impl::verify_signature(), purify::puresign::api_impl::verify_signature(), purify::puresign_plusplus::api_impl::verify_topic_nonce_proof(), purify::puresign::api_impl::verify_topic_nonce_proof(), and write_file().
Definition at line 330 of file curve.cpp.
References purify::BigUInt< Words >::limbs, purify_curve_unpack_public(), RangeViolation, and unexpected_error().
Referenced by purify::BulletproofTranscript::add_pubkey_and_out(), purify::NativeBulletproofCircuitTemplate::final_evaluate(), and purify::NativeBulletproofCircuitTemplate::instantiate_packed().
Definition at line 321 of file curve.cpp.
References purify::BigUInt< Words >::limbs, purify_curve_unpack_secret(), RangeViolation, and unexpected_error().
Referenced by purify::capi_detail::derive_public_key_from_secret(), prove_assignment_data(), and purify_eval().
Definition at line 314 of file curve.cpp.
References is_valid_public_key(), RangeViolation, and unexpected_error().
Referenced by purify::puresign_plusplus::PublicKey::deserialize(), purify::puresign::PublicKey::deserialize(), purify::puresign_plusplus::api_impl::verify_signature(), and purify::puresign::api_impl::verify_signature().
Definition at line 307 of file curve.cpp.
References is_valid_secret_key(), RangeViolation, and unexpected_error().
Referenced by purify::SecretKey::from_packed().
| message | Message bytes baked into the verifier. |
| pubkey | Packed public key. |
ErrorCode::HashToCurveExhausted. Definition at line 190 of file api.cpp.
References purify::BulletproofTranscript::add_pubkey_and_out(), circuit_main(), curve1(), curve2(), purify::BulletproofTranscript::from_transcript(), hash_to_curve(), PURIFY_ASSIGN_OR_RETURN, PURIFY_RETURN_IF_ERROR, and purify::BulletproofTranscript::to_string().
Referenced by run_cli().
| Result< NativeBulletproofCircuit > purify::verifier_circuit | ( | const Bytes & | message, |
| const UInt512 & | pubkey | ||
| ) |
| message | Message bytes baked into the circuit. |
| pubkey | Packed public key. |
ErrorCode::HashToCurveExhausted. Definition at line 204 of file api.cpp.
References PURIFY_ASSIGN_OR_RETURN, and verifier_circuit_template().
Referenced by evaluate_verifier_circuit(), main(), run_cli(), purify::puresign_plusplus::api_impl::verify_message_nonce_proof(), purify::puresign::api_impl::verify_message_nonce_proof(), purify::puresign_plusplus::api_impl::verify_topic_nonce_proof(), and purify::puresign::api_impl::verify_topic_nonce_proof().
| Result< NativeBulletproofCircuitTemplate > purify::verifier_circuit_template | ( | const Bytes & | message | ) |
Definition at line 210 of file api.cpp.
References circuit_main(), curve1(), curve2(), purify::NativeBulletproofCircuitTemplate::from_parts(), purify::BulletproofTranscript::from_transcript(), hash_to_curve(), purify::NativeBulletproofCircuit::n_commitments, purify::NativeBulletproofCircuit::n_gates, purify::BulletproofTranscript::native_circuit(), purify::NativeBulletproofCircuit::pack_with_slack(), PURIFY_ASSIGN_OR_RETURN, PURIFY_RETURN_IF_ERROR, and purify::BulletproofTranscript::replace_expr_v_with_bp_var().
Referenced by purify::puresign_plusplus::MessageProofCache::build(), purify::puresign_plusplus::TopicProofCache::build(), purify::puresign::api_impl::build_message_proof_cache(), purify::puresign::api_impl::build_topic_proof_cache(), main(), and verifier_circuit().
| Result< bool > purify::verify_experimental_circuit | ( | const NativeBulletproofCircuit & | circuit, |
| const ExperimentalBulletproofProof & | proof, | ||
| const BulletproofGeneratorBytes & | value_generator, | ||
| purify_secp_context * | secp_context, | ||
| std::span< const unsigned char > | statement_binding = {}, |
||
| ExperimentalBulletproofBackendCache * | backend_cache = nullptr |
||
| ) |
Definition at line 1593 of file bulletproof.cpp.
References binding_digest, purify::ExperimentalBulletproofProof::commitment, EmptyInput, purify::NativeBulletproofCircuit::has_valid_shape(), InvalidDimensions, is_power_of_two_size(), purify::NativeBulletproofCircuit::n_commitments, purify::NativeBulletproofCircuit::n_gates, purify::ExperimentalBulletproofProof::proof, PURIFY_ASSIGN_OR_RETURN, purify_bulletproof_verify_circuit(), purify_bulletproof_verify_circuit_with_resources(), PURIFY_RETURN_IF_ERROR, require_secp_context(), and unexpected_error().
Referenced by main().
| Result< bool > purify::verify_experimental_circuit | ( | const NativeBulletproofCircuit::PackedWithSlack & | circuit, |
| const ExperimentalBulletproofProof & | proof, | ||
| const BulletproofGeneratorBytes & | value_generator, | ||
| purify_secp_context * | secp_context, | ||
| std::span< const unsigned char > | statement_binding = {}, |
||
| ExperimentalBulletproofBackendCache * | backend_cache = nullptr |
||
| ) |
Definition at line 1634 of file bulletproof.cpp.
References binding_digest, purify::ExperimentalBulletproofProof::commitment, EmptyInput, purify::NativeBulletproofCircuit::PackedWithSlack::has_valid_shape(), InvalidDimensions, is_power_of_two_size(), purify::NativeBulletproofCircuit::PackedWithSlack::n_commitments(), purify::NativeBulletproofCircuit::PackedWithSlack::n_gates(), purify::ExperimentalBulletproofProof::proof, PURIFY_ASSIGN_OR_RETURN, purify_bulletproof_verify_circuit(), purify_bulletproof_verify_circuit_with_resources(), PURIFY_RETURN_IF_ERROR, require_secp_context(), and unexpected_error().
| BigUInt< OutWords > purify::widen | ( | const BigUInt< InWords > & | value | ) |
Definition at line 678 of file numeric.hpp.
References purify::BigUInt< Words >::limbs, purify_u320_widen_u256(), and purify_u512_widen_u256().
| path | Output file path. |
| bytes | Bytes to write. |
Definition at line 107 of file purify_runtime.hpp.
References IoOpenFailed, IoWriteFailed, and unexpected_error().
Referenced by prove().
|
inlineconstexpr |
Definition at line 26 of file expected.hpp.
1.9.8