docs
API
Generated with
docs/scalus/scalus.crypto/scalus.crypto.accumulator/BilinearAccumulatorProver

BilinearAccumulatorProver

scalus.crypto.accumulator.BilinearAccumulatorProver
object BilinearAccumulatorProver

Off-chain prover for the BLS12-381 Bilinear Accumulator.

Supports both G1-accumulator (acc on G1, Ethereum ceremony compatible) and G2-accumulator (acc on G2, cheaper on-chain verification). Generates trusted setups, accumulators, and membership/non-membership proofs. After setup, tau is no longer needed — all operations use the CRS points directly via multi-scalar multiplication.

Attributes

Graph
Supertypes
class Object
trait Matchable
class Any
Self type

Members list

Type members

Classlikes

case class Setup(g1Powers: Vector[G1Element], g2Powers: Vector[G2Element])

Self-contained CRS with powers of tau on both G1 and G2.

Self-contained CRS with powers of tau on both G1 and G2.

After trustedSetup, tau can be destroyed. All accumulator and proof operations use only the CRS points.

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object Setup

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
Setup.type

Value members

Concrete methods

def accumulateG1(setup: Setup, elements: Vector[BigInt]): G1Element

Compute G1 accumulator: acc = P_U(tau)*G1.

Compute G1 accumulator: acc = P_U(tau)*G1.

Attributes

def accumulateG2(setup: Setup, elements: Vector[BigInt]): G2Element

Compute G2 accumulator: acc = P_U(tau)*G2.

Compute G2 accumulator: acc = P_U(tau)*G2.

Attributes

def membershipProofG1(setup: Setup, fullSet: Vector[BigInt], subset: Vector[BigInt]): G1Element

Generate G1 membership proof: commit(Q, G1) where Q = P_fullSet / P_subset.

Generate G1 membership proof: commit(Q, G1) where Q = P_fullSet / P_subset.

Attributes

def membershipProofG2(setup: Setup, fullSet: Vector[BigInt], subset: Vector[BigInt]): G2Element

Generate G2 membership proof: commit(Q, G2) where Q = P_fullSet / P_subset.

Generate G2 membership proof: commit(Q, G2) where Q = P_fullSet / P_subset.

Attributes

def nonMembershipProofG1(setup: Setup, fullSet: Vector[BigInt], disjointSet: Vector[BigInt]): (G2Element, G1Element)

Generate G1 non-membership proof using extended GCD. Returns (commit(S, G2), commit(T, G1)) where SP_U + TP_D = 1.

Generate G1 non-membership proof using extended GCD. Returns (commit(S, G2), commit(T, G1)) where SP_U + TP_D = 1.

Attributes

def nonMembershipProofG2(setup: Setup, fullSet: Vector[BigInt], disjointSet: Vector[BigInt]): (G1Element, G2Element)

Generate G2 non-membership proof using extended GCD. Returns (commit(S, G1), commit(T, G2)) where SP_U + TP_D = 1.

Generate G2 non-membership proof using extended GCD. Returns (commit(S, G1), commit(T, G2)) where SP_U + TP_D = 1.

Attributes

def trustedSetup(tau: BigInt, maxDegree: Int): Setup

Generate a trusted setup with powers of tau on both G1 and G2.

Generate a trusted setup with powers of tau on both G1 and G2.

WARNING: This is intended for testing only. In production, use a multi-party ceremony where tau is never known to any single party. Anyone who knows tau can forge arbitrary proofs.

Value parameters

maxDegree

maximum polynomial degree to support

tau

the secret scalar (must be random and destroyed after setup)

Attributes

def verifyMembershipG1(setup: Setup, acc: G1Element, subset: Vector[BigInt], proof: G1Element): Boolean

Verify G1 membership proof by delegating to on-chain verifier.

Verify G1 membership proof by delegating to on-chain verifier.

Attributes

def verifyMembershipG2(setup: Setup, acc: G2Element, subset: Vector[BigInt], proof: G2Element): Boolean

Verify G2 membership proof by delegating to on-chain verifier.

Verify G2 membership proof by delegating to on-chain verifier.

Attributes

def verifyNonMembershipG1(setup: Setup, acc: G1Element, disjointSet: Vector[BigInt], proof: (G2Element, G1Element)): Boolean

Verify G1 non-membership proof by delegating to on-chain verifier.

Verify G1 non-membership proof by delegating to on-chain verifier.

Attributes

def verifyNonMembershipG2(setup: Setup, acc: G2Element, disjointSet: Vector[BigInt], proof: (G1Element, G2Element)): Boolean

Verify G2 non-membership proof by delegating to on-chain verifier.

Verify G2 non-membership proof by delegating to on-chain verifier.

Attributes

Deprecated methods

def accumulate(setup: Setup, elements: Vector[BigInt]): G2Element

Compute accumulator (G2 variant).

Compute accumulator (G2 variant).

Attributes

Deprecated
[Since version 0.15.1] Use accumulateG2 instead
def membershipProof(setup: Setup, fullSet: Vector[BigInt], subset: Vector[BigInt]): G2Element

Generate membership proof (G2 variant).

Generate membership proof (G2 variant).

Attributes

Deprecated
[Since version 0.15.1] Use membershipProofG2 instead
def nonMembershipProof(setup: Setup, fullSet: Vector[BigInt], disjointSet: Vector[BigInt]): (G1Element, G2Element)

Generate non-membership proof (G2 variant).

Generate non-membership proof (G2 variant).

Attributes

Deprecated
[Since version 0.15.1] Use nonMembershipProofG2 instead
def verifyMembership(setup: Setup, acc: G2Element, subset: Vector[BigInt], proof: G2Element): Boolean

Verify membership proof (G2 variant).

Verify membership proof (G2 variant).

Attributes

Deprecated
[Since version 0.15.1] Use verifyMembershipG2 instead
def verifyNonMembership(setup: Setup, acc: G2Element, disjointSet: Vector[BigInt], proof: (G1Element, G2Element)): Boolean

Verify non-membership proof (G2 variant).

Verify non-membership proof (G2 variant).

Attributes

Deprecated
[Since version 0.15.1] Use verifyNonMembershipG2 instead

Concrete fields

val p: BigInt

BLS12-381 scalar field prime

BLS12-381 scalar field prime

Attributes

Generated with