Giter Club home page Giter Club logo

triptych's Introduction

Triptych

An experimental Rust implementation of the Triptych zero-knowledge proving system.

Overview

Triptych is a zero-knowledge proving system designed to function as a linkable ring signature. This is a construction that allows a signer to sign a message against a set of arbitrary verification keys. Successful verification of a signature means that the signer knew the signing key corresponding to one of the verification keys, but does not reveal which. It also produces a linking tag; if any two verified signatures have the same linking tag, they were produced using the same signing key. However, it is not possible to determine the signing key associated to a linking tag, nor the corresponding verification key.

More formally, let G and U be fixed independent generators of the Ristretto group. Let N = n**m, where n, m > 1 are fixed parameters. The Triptych proving system protocol is a sigma protocol for the following relation, where M is an N-vector of group elements:

{ M, J ; (l, r) : M[l] = r*G, r*J = U }

It's possible to use the Fiat-Shamir transformation to produce a non-interactive protocol that can additionally bind an arbitrary message into the proof. This produces the linkable ring signature.

Implementation notes

This implementation makes several opinionated choices:

  • It uses Ristretto for group operations.
  • It uses Merlin for Fiat-Shamir transcript operations.
  • It uses BLAKE3 for other cryptographic hashing operations.

It's possible to generalize these if done safely, but the implementation doesn't (yet) do this.

The implementation keeps dependencies to a minimum, and is no_std right out of the box. You can enable the optional serde feature for proof (de)serialization support.

Security

The implementation uses zeroize to securely wipe the signing key r after use. However, it does not do so for the index l.

Care is taken to keep signing key operations constant time to avoid leaking key data. However, index-related operations may not be constant time.

Warning

While this implementation is written with security in mind, it is currently experimental and not suitable for production use.

triptych's People

Contributors

aaronfeickert avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.