This Git repo has been constructed for organizing research and development (R&D) into cryptographic protocols, including multi-party signatures, adaptor signatures, zero-knowledge proofs, and "scriptless" scripts.
An additional research focus is on applications to cross-blockchain operations, including blockchain-agnostic (universal) atomic swaps and zero-knowledge contingent payment (zkCP) protocols.
DISCLAIMER: This codebase is presently in an early pre-Alpha version status focused on R&D, has not yet undergone any in-depth security audits, and as such should not be used in any Production system.
- Please refer to the attached Mozilla Public License v2.0 (LICENSE) for an associated disclaimer of any and all liability or warrantability related to its use.
NOTE: R&D-only Status (see above disclaimer)
Digital Signatures (single-party) [scriptless_zkp.ecc.signatures]
- Schnorr Signatures on Elliptic Curves (ECC Schnorr) [
scriptless_zkp.ecc.signatures.schnorr]- Supported elliptic curves: NIST P-256 (
secp256r1), NIST P-384 (secp384r1), NIST P-521 (secp521r1)
- Supported elliptic curves: NIST P-256 (
- Adaptor Signatures for ECC Schnorr (a.k.a. Verifiable Encrypted Signatures) [
scriptless_zkp.ecc.signatures.adaptor_schnorr]- Supported elliptic curves: NIST P-256 (
secp256r1), NIST P-384 (secp384r1), NIST P-521 (secp521r1)
- Supported elliptic curves: NIST P-256 (
Two-Party Digital Signatures [scriptless_zkp.ecc.signatures]
- Two-Party ECC Schnorr Signatures [
scriptless_zkp.ecc.signatures.two_party_schnorr]- Features verification via a joint public key & indistinguishability from single-party ECC Schnorr signatures.
Elliptic Curve Cryptography (ECC) [scriptless_zkp.ecc]
- Support for prime-order elliptic curves (Weierstrass form) [
scriptless_zkp.ecc.weierstrass_curves]- NIST P-256 (
secp256r1), NIST P-384 (secp384r1), NIST P-521 (secp521r1)
- NIST P-256 (
- Support derivation of effectively-independent ECC generator points [
scriptless_zkp.ecc.generators]- Generation of elliptic curve generator points for which nobody knows the discrete logarithm w.r.t. the base
point
G.
- Generation of elliptic curve generator points for which nobody knows the discrete logarithm w.r.t. the base
point
Cryptographic Commitments (Elliptic Curve-based) [scriptless_zkp.ecc.commitments]
- Pedersen Commitments (over Elliptic Curves) [
scriptless_zkp.ecc.commitments.pedersen]
Cryptographic Commitments [scriptless_zkp.commitments]
- HMAC-based & Blake2b-based Keyed-Hash Commitments [
scriptless_zkp.commitments.hmac_commitments]
Homomorphic Encryption (HE) [scriptless_zkp.he]
- Paillier (Additively) Homomorphic Encryption [
scriptless_zkp.he.paillier]- Support for Paillier encryption, decryption, and homomorphic operations (addition, multiplication by a scalar).
Non-Interactive Zero-Knowledge (NIZK) Proofs (over Elliptic Curves) [scriptless_zkp.ecc.zkp]
- NIZK Proofs of Knowledge (PoKs) of a Discrete Logarithm [
scriptless_zkp.ecc.zkp.nizk_dlog_proof] - NIZK Proofs of Knowledge (PoKs) of Equal Discrete Logarithms
[
scriptless_zkp.ecc.zkp.nizk_equal_dlogs_proof]- Based on the Chaum-Pedersen protocol adapted for elliptic curves, generalized from 2 equal discrete logs to support from 1 to N equal discrete logs, and made non-interactive via the Fiat-Shamir transform.
- ZK Proof-Commitments for NIZK Proofs of Knowledge (PoKs) of a Discrete Logarithm
[
scriptless_zkp.ecc.zkp.nizk_dlog_proof_commitments]- Combines an NIZK proof and a cryptographic commitment to the proof & its public parameters, which is useful in multi-party protocols involving ZK proofs (e.g., for ensuring correct protocol execution by each party).
Pedersen Commitments (over Elliptic Curves)- Vector Pedersen Commitments (over Elliptic Curves)
Adaptor Signatures for ECC Schnorr (single-party)- Two-Party Adaptor Signatures for ECC Schnorr
- Support BIP-340 (Bitcoin standard) compatible ECC Schnorr Signatures
- Using the
secp256k1elliptic curve used by the Bitcoin & Ethereum blockchains, and incorporating specific Bitcoin BIP-340 standard domain separation tags into the various cryptographic hash operations.
- Using the
- Support BIP-340 compatible Two-Party ECC Schnorr Signatures
- Prerequisites:
Paillier (Additively) Homomorphic Encryption- Zero-Knowledge Range Proofs (based on Y. Lindell's Paillier-based ZKP protocol (see: Appendix A))
- Two-Party ECDSA Signatures (based on Y. Lindell's protocol)
- Two-Party Adaptor Signatures for ECDSA
- Revise Two-Party ECC Schnorr and NIZK PoKs of Discrete Log modules:
- To support additional prime-order elliptic curves:
- NIST P-384 (
secp384r1) - NIST P-521 (
secp521r1)
- NIST P-384 (
- To support additional prime-order elliptic curves:
- Prerequisites:
- Verifiable Delay Functions (VDFs) and Verifiable Timed Discrete Logs (VTDs)
- Universal Atomic Swaps (UAS) protocol (based on S.A. Thyagarajan, et al)
- Oblivious Transfer (OT)
- Private Information Retrieval (PIR)