Twilight
Search…
Core Concepts

Ristretto Curves

    1.
    Rust: curve25519_dalek : primarily used for Bulletproofs
    2.
    Go: ristretto255 : used for quisquis keys and proofs
    3.
    JS: ristretto255-js : used for signing txs in metamask snaps plugin

Generator Points

1
// byte codes of static points on the curve are hard-coded as here
2
gBasePointBytes := []byte{226, 242, 174, 10, 106, 188, 78, 113, 168, 132, 169, 97, 197, 0, 81, 95, 88, 227, 11, 106, 165, 130, 221, 141, 182, 166, 89, 69, 224, 141, 45, 118}
3
hBasePointBytes := []byte{140, 146, 64, 180, 86, 169, 230, 220, 101, 195, 119, 161, 4, 141, 116, 95, 148, 160, 140, 219, 127, 68, 203, 205, 123, 70, 243, 64, 72, 135, 17, 52}
Copied!
Every point is a generator point in Ristretto group. Two generator points, g and h , are hard-coded s.t. the discreet log between them is unknown and are used for generating keys, commitments and proofs.

Scalar

A scalar is an integer modulo the Ristretto group order |G| = 2^252 + 27742317777372353535851937790883648493

Point

A point is a group element in the Ristretto group.

Pedersen Commitment

Pedersen commitment is a point s.t.
com=gvhrcom=g^vh^r
where g and h are globally available generator points, v is the secret scalar value and r is the blinding factor.

Fiat-Shamir Transform

Twilight uses merlin to generate random challenge scalars, instantiated using Keccak-f[1600] at 128 bits security level, to convert interactive sigma protocols to non-interactive proofs.

Bulletproofs

Twilight uses rust implementation of bulletproofs via a CGO bridge to generate 32bit range proofs.
Last modified 1yr ago