Twilight

Searchâ€¦

Core Concepts

- 1.
- 2.
- 3.

// byte codes of static points on the curve are hard-coded as here

gBasePointBytes := []byte{226, 242, 174, 10, 106, 188, 78, 113, 168, 132, 169, 97, 197, 0, 81, 95, 88, 227, 11, 106, 165, 130, 221, 141, 182, 166, 89, 69, 224, 141, 45, 118}

hBasePointBytes := []byte{140, 146, 64, 180, 86, 169, 230, 220, 101, 195, 119, 161, 4, 141, 116, 95, 148, 160, 140, 219, 127, 68, 203, 205, 123, 70, 243, 64, 72, 135, 17, 52}

Every point is a generator point in Ristretto group. Two generator points,

`g`

and `h`

, are hard-coded s.t. the discreet log between them is unknown and are used for generating keys, commitments and proofs. A

`scalar`

is an integer modulo the Ristretto group order `|G| = 2^252 + 27742317777372353535851937790883648493`

A point is a group element in the Ristretto group.

Pedersen commitment is a point s.t.

$com=g^vh^r$

where

`g`

and `h`

are globally available generator points, `v`

is the secret scalar value and `r`

is the blinding factor.Twilight uses

`merlin`

to generate random challenge scalars, instantiated using Keccak-f[1600] at 128 bits security level, to convert interactive sigma protocols to non-interactive proofs. Last modified 1yr ago

Copy link

On this page

Ristretto Curves

Generator Points

Scalar

Point

Pedersen Commitment

Fiat-Shamir Transform

Bulletproofs