• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
      • Kestrel-books
        • Crypto-hdwallet
        • Apt
        • Error-checking
        • Fty-extensions
        • Isar
        • Kestrel-utilities
        • Soft
        • Bv
        • Imp-language
        • C
        • Event-macros
        • Java
        • Bitcoin
        • Ethereum
          • Mmp-trees
          • Semaphore
            • Verify-semaphore-r1cs
            • Mimc
            • Semaphore-specification
              • Prime-field-abbreviations
              • Pedersen-hash
                • Pedersen-scalar
                • Pedersen-generator
                  • Pedersen-enc
                  • Pedersen-pad
                  • Pedersen
                  • Pedersen-addend
                • Pedersen-hash-base-points
                • Baby-jubjub
              • Semaphore-proofs
            • Database
            • Cryptography
            • Rlp
            • Transactions
            • Hex-prefix
            • Basics
            • Addresses
          • Yul
          • Zcash
          • ACL2-programming-language
          • Prime-fields
          • Json
          • Syntheto
          • File-io-light
          • Number-theory
          • Cryptography
          • Lists-light
          • Builtins
          • Axe
          • Solidity
          • Helpers
          • Htclient
          • Typed-lists-light
          • Arithmetic-light
        • X86isa
        • Axe
        • Execloader
      • Math
      • Testing-utilities
    • Pedersen-hash

    Pedersen-generator

    Generator points for Pedersen hash.

    Signature
    (pedersen-generator i) → point
    Arguments
    i — Guard (natp i).
    Returns
    point — Type (baby-jubjub-pointp point).

    The scalars returned by pedersen-scalar are used to multiply a sequence of BabyJubjub points, and the resulting points are added up together. This is described by equation (1) in [IS], and by the double summation in [ES]. The points are denoted P_0,\ldots,P_l in [IS] and g_s in [ES]. These points are fixed for Semaphore, so they can be precomputed.

    We have precomputed the points in pedersen-hash-base-points. The constant *pedersen-base-points-for-semaphore* lists them. Even though Pedersen hash should allow any number of points in general, for Semaphore we only need ten points (the ones in the list constant). The outer summation in [ES] goes from 0 to S-1, and Sleq10.

    We define this function to return one of the ten points when the index is below 10, or the zero point otherwise. The index will always be below 10, when used in the Semaphore.

    Definitions and Theorems

    Function: pedersen-generator

    (defun pedersen-generator (i)
  (declare (xargs :guard (natp i)))
  (let ((acl2::__function__ 'pedersen-generator))
    (declare (ignorable acl2::__function__))
    (b* ((i (nfix i)))
      (if (< i 10)
          (nth i *pedersen-base-points-for-semaphore*)
        (ecurve::twisted-edwards-zero)))))

    Theorem: baby-jubjub-pointp-of-pedersen-generator

    (defthm baby-jubjub-pointp-of-pedersen-generator
  (b* ((point (pedersen-generator i)))
    (baby-jubjub-pointp point))
  :rule-classes :rewrite)