 |
Anoncoin
0.9.4
P2P Digital Currency
|
Classes | |
| class | Accumulator |
| Implementation of the RSA-based accumulator. More... | |
| class | AccumulatorAndProofParams |
| class | AccumulatorProofOfKnowledge |
| A prove that a value insde the commitment commitmentToCoin is in an accumulator a. More... | |
| class | AccumulatorWitness |
| A witness that a PublicCoin is in the accumulation of a set of coins. More... | |
| class | CoinDenomination |
| class | CoinSpend |
| The complete proof needed to spend a zerocoin. More... | |
| class | Commitment |
| A commitment, complete with contents and opening randomness. More... | |
| class | CommitmentProofOfKnowledge |
| Proof that two commitments open to the same value. More... | |
| class | IntegerGroupParams |
| class | Params |
| class | PrivateCoin |
| A private coin. More... | |
| class | PublicCoin |
| A Public coin is the part of a coin that is published to the network and what is handled by other clients. More... | |
| class | SerialNumberSignatureOfKnowledge |
| A Signature of knowledge on the hash of metadata attesting that the signer knows the values necessary to open a commitment which contains a coin(which it self is of course a commitment) with a given serial number. More... | |
| class | SpendMetaData |
| Any meta data needed for Anoncoin integration. More... | |
Functions | |
| void | CalculateParams (Params ¶ms, Bignum N, string aux, uint32_t securityLevel) |
| uint256 | calculateGeneratorSeed (Bignum serialNumber, string label, uint32_t index, uint32_t count) |
| Format a seed string by hashing several values. More... | |
| uint256 | calculateGeneratorSeed (uint256 seed, uint256 pSeed, uint256 qSeed, string label, uint32_t index, uint32_t count) |
| Format a seed string by hashing several values. More... | |
| uint256 | calculateSeed (Bignum modulus, string auxString, uint32_t securityLevel, string groupName) |
| Format a seed string by hashing several values. More... | |
| uint256 | calculateHash (uint256 input) |
| void | calculateGroupParamLengths (uint32_t maxPLen, uint32_t securityLevel, uint32_t *pLen, uint32_t *qLen) |
| Calculate field/group parameter sizes based on a security level. More... | |
| IntegerGroupParams | deriveIntegerGroupParams (uint256 seed, uint32_t pLen, uint32_t qLen) |
| Deterministically compute a set of group parameters using NIST procedures. More... | |
| IntegerGroupParams | deriveIntegerGroupFromOrder (Bignum &groupOrder) |
| Deterministically compute a set of group parameters with a specified order. More... | |
| void | calculateGroupModulusAndOrder (uint256 seed, uint32_t pLen, uint32_t qLen, Bignum *resultModulus, Bignum *resultGroupOrder, uint256 *resultPseed, uint256 *resultQseed) |
| Deterministically compute a group description using NIST procedures. More... | |
| void | deriveGeneratorsFromSerialNumber (Bignum serialNumber, Bignum modulus, Bignum groupOrder, Bignum &g_out, Bignum &h_out) |
| Deterministically derives coin commitment group generators g & h from a serial number (and group modulus and order). More... | |
| Bignum | calculateGroupGenerator (Bignum serialNumber, uint256 seed, uint256 pSeed, uint256 qSeed, Bignum modulus, Bignum groupOrder, uint32_t index) |
| Deterministically compute a generator for a given group. More... | |
| Bignum | generateRandomPrime (uint32_t primeBitLen, uint256 in_seed, uint256 *out_seed, uint32_t *prime_gen_counter) |
| Deterministically compute a random prime number. More... | |
| Bignum | generateIntegerFromSeed (uint32_t numBits, uint256 seed, uint32_t *numIterations) |
| bool | primalityTestByTrialDivision (uint32_t candidate) |
| Determines whether a uint32_t is a prime through trial division. More... | |
| Bignum | calculateRawUFO (uint32_t ufoIndex, uint32_t numBits) |
| Deterministically calculates a "raw" UFO by concatenating the bits of SHA-256 hashes. More... | |
| void | CalculateParams (Params ¶ms, Bignum N, std::string aux, uint32_t securityLevel) |
| uint256 | calculateSeed (Bignum modulus, std::string auxString, uint32_t securityLevel, std::string groupName) |
| uint256 | calculateGeneratorSeed (uint256 seed, uint256 pSeed, uint256 qSeed, std::string label, uint32_t index, uint32_t count) |
| uint256 libzerocoin::calculateGeneratorSeed | ( | uint256 | seed, |
| uint256 | pSeed, | ||
| uint256 | qSeed, | ||
| std::string | label, | ||
| uint32_t | index, | ||
| uint32_t | count | ||
| ) |
| uint256 libzerocoin::calculateGeneratorSeed | ( | Bignum | serialNumber, |
| string | label, | ||
| uint32_t | index, | ||
| uint32_t | count | ||
| ) |
Format a seed string by hashing several values.
TODO documentation
| bignum_error | and whatever CHashWriter throws? |
Returns the hash of the value.
Definition at line 151 of file ParamGeneration.cpp.
| uint256 libzerocoin::calculateGeneratorSeed | ( | uint256 | seed, |
| uint256 | pSeed, | ||
| uint256 | qSeed, | ||
| string | label, | ||
| uint32_t | index, | ||
| uint32_t | count | ||
| ) |
Format a seed string by hashing several values.
TODO documentation
| bignum_error | and whatever CHashWriter throws? |
Returns the hash of the value.
Definition at line 175 of file ParamGeneration.cpp.
| Bignum libzerocoin::calculateGroupGenerator | ( | Bignum | serialNumber, |
| uint256 | seed, | ||
| uint256 | pSeed, | ||
| uint256 | qSeed, | ||
| Bignum | modulus, | ||
| Bignum | groupOrder, | ||
| uint32_t | index | ||
| ) |
Deterministically compute a generator for a given group.
| serialNumber | For coin commitment group. *seed params used iff zero. |
| seed | A first seed for the process. |
| pSeed | A second seed for the process. |
| qSeed | A third seed for the process. |
| modulus | Proposed prime modulus for the field. |
| groupOrder | Proposed order of the group. |
| index | Index value, selects which generator you're building. |
| A | ZerocoinException if error. |
Generates a random group generator deterministically as a function of either (serialNumber) or (seed,pSeed,qSeed) Uses the algorithm described in FIPS 186-3 Appendix A.2.3.
Definition at line 532 of file ParamGeneration.cpp.
| void libzerocoin::calculateGroupModulusAndOrder | ( | uint256 | seed, |
| uint32_t | pLen, | ||
| uint32_t | qLen, | ||
| Bignum * | resultModulus, | ||
| Bignum * | resultGroupOrder, | ||
| uint256 * | resultPseed, | ||
| uint256 * | resultQseed | ||
| ) |
Deterministically compute a group description using NIST procedures.
| seed | A byte string seeding the process. |
| pLen | The desired length of the modulus "p" in bits |
| qLen | The desired length of the order "q" in bits |
| resultModulus | A value "p" describing a finite field "F_p" |
| resultGroupOrder | A value "q" describing the order of a subgroup |
| resultDomainParameterSeed | A resulting seed for use in later calculations. |
Calculates the description of a group G of prime order "q" embedded within a field "F_p". The input to this routine is in arbitrary seed. It uses the algorithms described in FIPS 186-3 Appendix A.1.2 to calculate primes "p" and "q".
Definition at line 402 of file ParamGeneration.cpp.
| void libzerocoin::calculateGroupParamLengths | ( | uint32_t | maxPLen, |
| uint32_t | securityLevel, | ||
| uint32_t * | pLen, | ||
| uint32_t * | qLen | ||
| ) |
Calculate field/group parameter sizes based on a security level.
| maxPLen | Maximum size of the field (modulus "p") in bits. |
| securityLevel | Required security level in bits (at least 80) |
| pLen | Result: length of "p" in bits |
| qLen | Result: length of "q" in bits |
| ZerocoinException | if the process fails |
Calculates the appropriate sizes of "p" and "q" for a prime-order subgroup of order "q" embedded within a field "F_p". The sizes are based on a 'securityLevel' provided in symmetric-equivalent bits. Our choices slightly exceed the specs in FIPS 186-3:
securityLevel = 80: pLen = 1024, qLen = 256 securityLevel = 112: pLen = 2048, qLen = 256 securityLevel = 128: qLen = 3072, qLen = 320
If the length of "p" exceeds the length provided in "maxPLen", or if "securityLevel < 80" this routine throws an exception.
Definition at line 254 of file ParamGeneration.cpp.
Definition at line 224 of file ParamGeneration.cpp.
| void libzerocoin::CalculateParams | ( | Params & | params, |
| Bignum | N, | ||
| std::string | aux, | ||
| uint32_t | securityLevel | ||
| ) |
| void libzerocoin::CalculateParams | ( | Params & | params, |
| Bignum | N, | ||
| string | aux, | ||
| uint32_t | securityLevel | ||
| ) |
Definition at line 55 of file ParamGeneration.cpp.
| Bignum libzerocoin::calculateRawUFO | ( | uint32_t | ufoIndex, |
| uint32_t | numBits | ||
| ) |
Deterministically calculates a "raw" UFO by concatenating the bits of SHA-256 hashes.
| ufoIndex | The index of this UFO. Start at 0. |
| numBits | Number of bits of SHA-256 data to use. |
Using only one of these UFOs is insecure, since there is a non-negligible probability that it can be factored. To use securely, about 13 ~3800-bit UFOs are required, after filtering out those that can be completely factorized, as well as those that can be significantly reduced by removing small factors (a threshold number of bits should be chosen at the beginning; if the product of all small factors has a log_2 greater than this threshold, the candidate should be rejected).
This relies on HASH_OUTPUT_BITS matching the bit length from CHashWriter.
Definition at line 748 of file ParamGeneration.cpp.
| uint256 libzerocoin::calculateSeed | ( | Bignum | modulus, |
| std::string | auxString, | ||
| uint32_t | securityLevel, | ||
| std::string | groupName | ||
| ) |
| uint256 libzerocoin::calculateSeed | ( | Bignum | modulus, |
| string | auxString, | ||
| uint32_t | securityLevel, | ||
| string | groupName | ||
| ) |
Format a seed string by hashing several values.
| N | A Bignum |
| aux | An auxiliary string |
| securityLevel | The security level in bits |
| groupName | A group description string |
| bignum_error | and whatever CHashWriter throws? TODO |
Returns the hash of the value.
Definition at line 206 of file ParamGeneration.cpp.
| void libzerocoin::deriveGeneratorsFromSerialNumber | ( | Bignum | serialNumber, |
| Bignum | modulus, | ||
| Bignum | groupOrder, | ||
| Bignum & | g_out, | ||
| Bignum & | h_out | ||
| ) |
Deterministically derives coin commitment group generators g & h from a serial number (and group modulus and order).
| serialNumber | Serial number of the ZC spend. |
| modulus | Prime modulus for the field. |
| groupOrder | Order of the group. |
| g_out | Out param for g generator. |
| h_out | Out param for h generator. |
| A | ZerocoinException if error. |
The purpose of having different generators for each ZC spend is to prevent one solution of the discrete log problem from allowing infinite double spends. See "Rational Zero" by Garman et al., section 4.4 for more.
Unlike the other functions in this file, this is called after initial setup of Zerocoin parameters (i.e., it is called during minting, spending, and verifying).
Definition at line 505 of file ParamGeneration.cpp.
| IntegerGroupParams libzerocoin::deriveIntegerGroupFromOrder | ( | Bignum & | groupOrder | ) |
Deterministically compute a set of group parameters with a specified order.
| groupOrder | The order of the group |
Given "q" calculates the description of a group G of prime order "q" embedded within a field "F_p".
Definition at line 338 of file ParamGeneration.cpp.
| IntegerGroupParams libzerocoin::deriveIntegerGroupParams | ( | uint256 | seed, |
| uint32_t | pLen, | ||
| uint32_t | qLen | ||
| ) |
Deterministically compute a set of group parameters using NIST procedures.
| seedStr | A byte string seeding the process. |
| pLen | The desired length of the modulus "p" in bits |
| qLen | The desired length of the order "q" in bits |
Calculates the description of a group G of prime order "q" embedded within a field "F_p". The input to this routine is in arbitrary seed. It uses the algorithms described in FIPS 186-3 Appendix A.1.2 to calculate primes "p" and "q". It uses the procedure in Appendix A.2.3 to derive two generators "g", "h".
Definition at line 292 of file ParamGeneration.cpp.
| Bignum libzerocoin::generateIntegerFromSeed | ( | uint32_t | numBits, |
| uint256 | seed, | ||
| uint32_t * | numIterations | ||
| ) |
Definition at line 694 of file ParamGeneration.cpp.
| Bignum libzerocoin::generateRandomPrime | ( | uint32_t | primeBitLen, |
| uint256 | in_seed, | ||
| uint256 * | out_seed, | ||
| uint32_t * | prime_gen_counter | ||
| ) |
Deterministically compute a random prime number.
| primeBitLen | Desired bit length of the prime. |
| in_seed | Input seed for the process. |
| out_seed | Result: output seed from the process. |
| prime_gen_counter | Result: number of iterations required. |
| A | ZerocoinException if error. |
Generates a random prime number of primeBitLen bits from a given input seed. Uses the Shawe-Taylor algorithm as described in FIPS 186-3 Appendix C.6. This is a recursive function.
Definition at line 577 of file ParamGeneration.cpp.
| bool libzerocoin::primalityTestByTrialDivision | ( | uint32_t | candidate | ) |
Determines whether a uint32_t is a prime through trial division.
| candidate | Candidate to test. |
Performs trial division to determine whether a uint32_t is prime.
Definition at line 724 of file ParamGeneration.cpp.
1.8.9.1
