-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlocally_redactable_nizk.zok
52 lines (30 loc) · 1.4 KB
/
locally_redactable_nizk.zok
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import "./commitment" as Commitment
import "hashes/sha256/512bitPacked" as sha256packed
/*
* c0 - First part of the hash c_k_i (collision key)
* c1 - Second part of the collision key
* keyIndex - The i-th key (probably unused)
* blockNumber - The redactable-blockchain block number
* commitment - the c0 commitment (collision key)
* G, H - public parameter of the commitment scheme
*
* message - committed message (c0)
* randomness - randomness of the committed message
*/
def main(field c0, field c1, field keyIndex, field blockNumber, field commitment, field G, field H, private field message, private field randomness) -> (bool):
//Check that the committed message is the same (assertion)
new_commitment = Commitment(G, H, message, randomness)
bool result = if new_commitment == commitment then true else false fi
//Initialize the array to zero
field[2] init_value = [0, 0]
field[4][2] h = [init_value; 4]
field[2] first_chain_element = sha256packed([0, 0, blockNumber, message])
h[0] = first_chain_element
for field i in 1..3 do
field h0 = h[i-1][0]
field h1 = h[i-1][1]
tmp = sha256packed([0, blockNumber, h0, h1])
h[i] = tmp
endfor
return if result && h[keyIndex][0] == c0 && h[keyIndex][1] == c1 then true else false fi
//return h