123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157(*****************************************************************************)(* *)(* Open Source License *)(* Copyright (c) 2022 Nomadic Labs <contact@nomadic-labs.com> *)(* *)(* Permission is hereby granted, free of charge, to any person obtaining a *)(* copy of this software and associated documentation files (the "Software"),*)(* to deal in the Software without restriction, including without limitation *)(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *)(* and/or sell copies of the Software, and to permit persons to whom the *)(* Software is furnished to do so, subject to the following conditions: *)(* *)(* The above copyright notice and this permission notice shall be included *)(* in all copies or substantial portions of the Software. *)(* *)(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*)(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *)(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *)(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*)(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *)(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *)(* DEALINGS IN THE SOFTWARE. *)(* *)(*****************************************************************************)moduletypeCOMMITMENT=sig(** Commitment to a polynomial. *)typet(** An encoding for a commitment. *)valencoding:tData_encoding.t(** [to_b58check commitment] returns a b58 representation
of [commitment]. *)valto_b58check:t->string(** [of_b58check_opt bytes] computes a commitment from
its b58 representation. Returns [None] if it is not a valid
representation. *)valof_b58check_opt:string->toption(** [of_b58check bytes] computes a commitment from its b58
representation. Returns [Error _] if it is not a valid representation. *)valof_b58check:string->tError_monad.tzresultvalpp:Format.formatter->t->unitvalequal:t->t->boolvalcompare:t->t->intvalzero:tendmoduletypeCOMMITMENT_PROOF=sig(** A commitment proof. *)typet(** An encoding for a commitment proof. This encoding is bounded. *)valencoding:tData_encoding.tvalzero:tendmoduletypeVERIFIER=sig(** A precomputed set of constants *)typet(** Parameters to build a value of type [t] *)typeparameters=Dal_config.parameters={redundancy_factor:int;page_size:int;slot_size:int;number_of_shards:int;}type('a,'b)error_container={given:'a;expected:'b}(** An encoding for values of type {!type-parameters}. *)valparameters_encoding:parametersData_encoding.t(** [make] precomputes the set of values needed by the cryptographic
primitives defined in this module and stores them in a value of type [t] *)valmake:parameters->(t,[>`Failofstring])result(** [parameters t] returns the parameters given when [t] was
initialised with the function {!val:make} *)valparameters:t->parameters(** Commitment to a polynomial. *)typecommitmentmoduleCommitment:COMMITMENTwithtypet:=commitment(** A proof that the polynomial associated to some commitment is
bounded by a constant. *)typecommitment_proofmoduleCommitment_proof:COMMITMENT_PROOFwithtypet:=commitment_proof(** [verify_commitment t commitment proof] returns [true] if and only if the
size of the data committed via [commitment] does not exceed the
[slot_size] declared in [t].
The verification time is constant. *)valverify_commitment:t->commitment->commitment_proof->bool(** The original slot can be split into a list of pages of fixed
size. This size is given by the parameter [page_size] given to the
function {!val:make}. *)typepage=bytes(** A proof that the evaluation of points of a polynomial is part of
a commitment. *)typepage_proof(** An encoding for the proof of a page. *)valpage_proof_encoding:page_proofData_encoding.t(** [pages_per_slot t] returns the number of expected pages per slot. *)valpages_per_slot:parameters->int(** [verify_page t commitment ~page_index page proof] returns [Ok ()]
if the [proof] certifies that the [page] is the [page_index]-th page
of the slot with the given [commitment].
Fails with:
- [Error `Invalid_page] if the verification Fails
- [Error `Invalid_degree_strictly_less_than_expected _] if the SRS
contained in [t] is too small to proceed with the verification
- [Error `Page_length_mismatch] if the page is not of the expected
length [page_size] given for the initialisation of [t]
- [Error `Page_index_out_of_range] if [page_index] is out of the
range [0, slot_size/page_size - 1] where [slot_size] and [page_size]
are given for the initialisation of [t]
Ensures:
- [verify_page t commitment ~page_index page proof = Ok ()] if
and only if
[page = Bytes.sub slot (page_index * t.page_size) t.page_size]),
[proof = prove_page t polynomial page_index],
[p = polynomial_from_slot t slot],
and [commitment = commit t p]. *)valverify_page:t->commitment->page_index:int->page->page_proof->(unit,[>`Invalid_degree_strictly_less_than_expectedof(int,int)error_container|`Invalid_page|`Page_length_mismatch|`Page_index_out_of_range])Result.tend