README
¶
Hash-Based Commitments
This package provides a simple, non-homomorphic commitment scheme built from a keyed BLAKE2b-256 hash (HMAC-style). A random witness is mixed with the message and keyed hash to produce a binding digest.
Overview
- Commitment to
messagewith randomnesswitness:C = HMAC_key(witness || message)using BLAKE2b-256 by default. - Key is derived from a session identifier (SID), domain separation tag, and optional CRS transcripts.
- Witness randomness is always 32 bytes; the resulting commitment digest is 32 bytes.
- All types are Go value types suitable for copying and CBOR/binary transport via their byte representations.
Types
Key: 32-byte secret key for the HMAC; derive withNewKeyFromCRSBytes.Message: arbitrary byte slice to commit.Witness: 32-byte nonce mixed into the commitment.Commitment: 32-byte digest output.Scheme: convenience wrapper exposing a committer and verifier bound to aKey.
Algorithms
- NewKeyFromCRSBytes(sid, dst, crs...): derives the commitment key from the SID, domain separation tag, and optional CRS blobs.
- Commit(message, prng): samples a fresh witness from
prng, returns(commitment, witness). - CommitWithWitness(message, witness): deterministic commitment using caller-provided randomness.
- Verify(commitment, message, witness): recomputes the digest and checks equality.
Notes
HmacFuncis configurable for testing; it defaults toblake2b.New256.- The scheme is computationally binding and hiding assuming the PRF security of the keyed hash and the unpredictability of the witness.
Documentation
¶
Overview ¶
Package hash_comm provides a simple, non-homomorphic commitment scheme built from a keyed BLAKE2b-256 hash (HMAC-style).
See README.md for details.
Index ¶
Constants ¶
const ( KeySize = 32 DigestSize = 32 // Name identifies the hash-based commitment scheme. Name commitments.Name = "KMACBasedCommitmentScheme" )
Variables ¶
var ( ErrInvalidArgument = errs.New("invalid argument") ErrFailed = errs.New("failed") )
var ( // HmacFunc defines the hash function used to instantiate the HMAC-based commitments. HmacFunc = blake2b.New256 )
Functions ¶
This section is empty.
Types ¶
type Commitment ¶
type Commitment [DigestSize]byte
Commitment is the hash digest produced by the commitment algorithm.
func (Commitment) Bytes ¶
func (c Commitment) Bytes() []byte
Bytes returns the raw commitment digest bytes.
func (Commitment) Equal ¶
func (c Commitment) Equal(other Commitment) bool
type Committer ¶
type Committer struct {
// contains filtered or unexported fields
}
Committer computes hash-based commitments with an HMAC keyed by the CRS output.
func (*Committer) Commit ¶
func (c *Committer) Commit(message Message, prng io.Reader) (commitment Commitment, witness Witness, err error)
Commit samples fresh witness randomness and computes a commitment to the message.
func (*Committer) CommitWithWitness ¶
func (c *Committer) CommitWithWitness(message Message, witness Witness) (commitment Commitment, err error)
CommitWithWitness commits to the message using caller-supplied witness randomness.
type CommitterOption ¶
CommitterOption is a functional option for configuring committers.
type Scheme ¶
type Scheme struct {
// contains filtered or unexported fields
}
Scheme bundles the hash-based committer and verifier using a shared key.
func (*Scheme) Committer ¶
func (s *Scheme) Committer(opts ...CommitterOption) (*Committer, error)
Committer returns a committer initialised with the scheme key.
func (*Scheme) Name ¶
func (*Scheme) Name() commitments.Name
Name returns the identifier of the hash-based commitment scheme.
type Verifier ¶
type Verifier struct {
commitments.GenericVerifier[*Committer, Witness, Message, Commitment]
}
Verifier checks commitments against provided messages and witnesses.
type VerifierOption ¶
VerifierOption is a functional option for configuring verifiers.
Source Files