A Rust implementation of Pedersen Vector Commitments with logarithmic-sized Inner Product Arguments (IPA). This library provides efficient zero-knowledge proofs for inner product relations between committed vectors.
This library implements Pedersen Vector Commitments with Inner Product Proofs, a cryptographic primitive that allows:
- Creating compact commitments to vectors of arbitrary length
- Proving knowledge of vectors satisfying specific inner product relations
- Generating logarithmic-sized proofs (O(log n) complexity instead of O(n))
The implementation is based on the Bulletproofs inner product argument and uses the Ristretto255 prime-order group via the curve25519-dalek library.
- Pedersen Vector Commitments: Efficiently commit to multiple vectors with a single group element
- Logarithmic-sized Proofs: Proofs are O(log n) size regardless of vector length
- Zero-Knowledge: Prove inner product relations without revealing the vectors
- Built on
curve25519-dalek: Leverages high-quality cryptographic primitives - Fiat-Shamir Transformation: Non-interactive proofs using the Merlin transcript protocol
Add this to your Cargo.toml:
[dependencies]
pipf = "0.1.0"
curve25519-dalek = "4.0"
merlin = "3.0"
rand = "0.8"use pipf::{create_generators, Generators};
// Create generators for vectors of size 8 (must be power of 2)
let n = 8;
let gens = create_generators(n);use curve25519_dalek::scalar::Scalar;
use rand::rngs::OsRng;
use pipf::{pedersen_vector_commitment};
// Create random vectors a and b
let a: Vec<Scalar> = (0..n).map(|_| Scalar::random(&mut OsRng)).collect();
let b: Vec<Scalar> = (0..n).map(|_| Scalar::random(&mut OsRng)).collect();
let r = Scalar::random(&mut OsRng);
// Create commitment P = sum(a_i * G_i + b_i * H_i) + r * G
let P = pedersen_vector_commitment(&a, &b, r, &gens);use pipf::inner_product;
// Calculate inner product c = <a,b>
let c = inner_product(&a, &b);use merlin::Transcript;
use pipf::generate_inner_product_proof;
// Create a transcript for the Fiat-Shamir transformation
let mut prover_transcript = Transcript::new(b"example-inner-product");
// Generate a proof that vectors a and b satisfy <a,b> = c
let proof = generate_inner_product_proof(a, b, r, &gens, &mut prover_transcript);use pipf::verify_inner_product_proof;
// Create a fresh transcript for verification
let mut verifier_transcript = Transcript::new(b"example-inner-product");
// Verify the proof
let valid = verify_inner_product_proof(P, c, &proof, &gens, &mut verifier_transcript);
assert!(valid, "Proof verification failed!");Run the test suite:
cargo testTo run the example:
cargo run --features="example"The implementation provides the following performance characteristics (on a typical modern machine):
| Vector Size | Proof Generation | Verification | Proof Size |
|---|---|---|---|
| 8 | ~0.5 ms | ~0.5 ms | ~192 bytes |
| 16 | ~1.0 ms | ~1.0 ms | ~224 bytes |
| 32 | ~2.0 ms | ~2.0 ms | ~256 bytes |
| 64 | ~4.0 ms | ~4.0 ms | ~288 bytes |
| 128 | ~8.0 ms | ~8.0 ms | ~320 bytes |
This library is useful for:
- Zero-knowledge range proofs
- Private smart contracts
- Anonymous credentials
- Confidential transaction systems
- Privacy-preserving protocols
The library implements the inner product argument from Bulletproofs, which allows proving that:
- The prover knows vectors a, b such that <a,b> = c
- The vectors are correctly committed in a Pedersen commitment
The proof system recursively reduces the problem size by half in each round, resulting in logarithmic-sized proofs.
This implementation provides:
- Soundness: A valid proof convinces the verifier with overwhelming probability if the statement is true
- Zero-Knowledge: The proof reveals nothing about the committed vectors beyond the claimed inner product
- Binding: The prover cannot change the committed vectors after creating the commitment
This project is licensed under the MIT License - see the LICENSE file for details.
- Bulletproofs: Short Proofs for Confidential Transactions and More (IEEE S&P 2018)
- Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting (EUROCRYPT 2016)