Skip to content

Add Chaum-Pedersen proof example#11

Open
tob-joe wants to merge 2 commits intotrailofbits:mainfrom
tob-joe:add-chaum-pedersen-example
Open

Add Chaum-Pedersen proof example#11
tob-joe wants to merge 2 commits intotrailofbits:mainfrom
tob-joe:add-chaum-pedersen-example

Conversation

@tob-joe
Copy link

@tob-joe tob-joe commented Nov 26, 2025

Summary

Adds Chaum-Pedersen proof example demonstrating equality of discrete logarithms (h1 = g1^x AND h2 = g2^x).

Implementation

  • Uses Ristretto255 with Inscribe trait wrappers for domain separation
  • Individual proof verification with Decree Fiat-Shamir transcripts
  • Batch verification with proper approach (commits to all proofs before deriving coefficients)
  • Improper batch verification example showing incremental coefficient derivation
  • ChaumPedersenBatch wrapper demonstrating Inscribe for composite structures

Testing

  • 12 tests total covering:
    • Individual proof verification (valid proofs, soundness checks, edge cases)
    • Batch verification (valid batches, detecting invalid proofs, edge cases)
    • Adaptive attack demonstration against improper batch verification

Dependencies

  • Added curve25519-dalek with rand_core feature to dev-dependencies

Resolves #10

🤖 Generated with Claude Code

tob-joe and others added 2 commits November 25, 2025 17:04
@tob-joe @claude
Convert get_mark() to MARK associated constant
7b7b755 
Changes:
- Updated trait definition to use const MARK
- Modified derive macro to generate constants instead of methods
- Updated documentation to reflect the new API
- Adapted test to use constant reference for custom marks

Resolves trailofbits#6

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
@tob-joe @claude
Add Chaum-Pedersen proof example
ede56cc 
Added examples/chaum_pedersen.rs demonstrating equality of discrete
logarithms proof (h1 = g1^x AND h2 = g2^x).

- Uses Ristretto255 with Inscribe wrappers for domain separation
- Implements individual and batch verification
- Includes improper batch verification example showing incremental
  coefficient derivation vulnerability
- Tests cover soundness and adaptive attack setup

Added curve25519-dalek dependency.

Resolves trailofbits#10

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Chaum-Pedersen proof example

1 participant

@tob-joe