Longfellow ZK 0290cb32
Loading...
Searching...
No Matches
merkle_commitment.h
1// Copyright 2025 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#ifndef PRIVACY_PROOFS_ZK_LIB_MERKLE_MERKLE_COMMITMENT_H_
16#define PRIVACY_PROOFS_ZK_LIB_MERKLE_MERKLE_COMMITMENT_H_
17
18#include <stddef.h>
19#include <stdint.h>
20
21#include <cstring>
22#include <functional>
23#include <vector>
24
25#include "merkle/merkle_tree.h"
26#include "random/random.h"
27#include "util/crypto.h"
28
29namespace proofs {
30
31struct MerkleNonce {
32 static constexpr size_t kLength = kSHA256DigestSize;
33 uint8_t bytes[kLength];
34};
35
36struct MerkleProof {
37 explicit MerkleProof(size_t nreq) : nonce(nreq), path() {}
38
39 std::vector<MerkleNonce> nonce; // [nreq]
40 std::vector<Digest> path; // variable size, but < nreq * mt_pathlen
41};
42
43inline size_t merkle_commitment_len(size_t n) { return merkle_tree_len(n); }
44
45// prover-side
46class MerkleCommitment {
47 public:
48 explicit MerkleCommitment(size_t n) : n_(n), mt_(n), nonce_(n) {}
49
50 Digest commit(const std::function<void(size_t, SHA256 &)> &updhash,
51 RandomEngine &rng) {
52 for (size_t i = 0; i < n_; ++i) {
53 SHA256 sha;
54 rng.bytes(nonce_[i].bytes, MerkleNonce::kLength);
55 sha.Update(nonce_[i].bytes, MerkleNonce::kLength);
56 updhash(i, sha);
57
58 Digest dig;
59 sha.DigestData(dig.data);
60 mt_.set_leaf(i, dig);
61 }
62
63 return mt_.build_tree();
64 }
65
66 void open(MerkleProof &proof, const size_t pos[/*np*/], size_t np) {
67 // fill in the nonces of the opening
68 for (size_t i = 0; i < np; ++i) {
69 proof.nonce[i] = nonce_[pos[i]];
70 }
71
72 (void)mt_.generate_compressed_proof(proof.path, pos, np);
73 }
74
75 private:
76 size_t n_;
77 MerkleTree mt_;
78 std::vector<MerkleNonce> nonce_;
79};
80
81// Declare a class for symmetry, but this class is never instantiated
82class MerkleCommitmentVerifier {
83 public:
84 static bool verify(size_t n, const Digest &root, const MerkleProof &proof,
85 const size_t pos[/*nreq*/], size_t nreq,
86 const std::function<void(size_t, SHA256 &)> &updhash) {
87 // Assemble the expected leaf values
88 std::vector<Digest> leaves(nreq);
89 for (size_t r = 0; r < nreq; ++r) {
90 SHA256 sha;
91 sha.Update(proof.nonce[r].bytes, MerkleNonce::kLength);
92 updhash(r, sha);
93 sha.DigestData(leaves[r].data);
94 }
95
96 MerkleTreeVerifier mtv(n, root);
97 return mtv.verify_compressed_proof(proof.path.data(), proof.path.size(),
98 &leaves[0], pos, nreq);
99 }
100};
101
102} // namespace proofs
103
104#endif // PRIVACY_PROOFS_ZK_LIB_MERKLE_MERKLE_COMMITMENT_H_
proofs::MerkleCommitmentVerifier
Definition merkle_commitment.h:82
proofs::MerkleTreeVerifier
Definition merkle_tree.h:153
proofs::MerkleTree
Definition merkle_tree.h:88
proofs::RandomEngine
Definition random.h:32
proofs::SHA256
Definition crypto.h:40
proofs::Digest
Definition merkle_tree.h:33
proofs::MerkleNonce
Definition merkle_commitment.h:31
proofs::MerkleProof
Definition merkle_commitment.h:36
Generated by doxygen 1.15.0