Core Concepts

Ristretto Curves

Rust: curve25519_dalek : primarily used for Bulletproofs
Go: ristretto255 : used for quisquis keys and proofs
JS: ristretto255-js : used for signing txs in metamask snaps plugin

Generator Points

// byte codes of static points on the curve are hard-coded as here
gBasePointBytes := []byte{226, 242, 174, 10, 106, 188, 78, 113, 168, 132, 169, 97, 197, 0, 81, 95, 88, 227, 11, 106, 165, 130, 221, 141, 182, 166, 89, 69, 224, 141, 45, 118}
hBasePointBytes := []byte{140, 146, 64, 180, 86, 169, 230, 220, 101, 195, 119, 161, 4, 141, 116, 95, 148, 160, 140, 219, 127, 68, 203, 205, 123, 70, 243, 64, 72, 135, 17, 52}

Every point is a generator point in Ristretto group. Two generator points, g and h , are hard-coded s.t. the discreet log between them is unknown and are used for generating keys, commitments and proofs.

Scalar

A scalar is an integer modulo the Ristretto group order |G| = 2^252 + 27742317777372353535851937790883648493

Point

A point is a group element in the Ristretto group.

Pedersen Commitment

Pedersen commitment is a point s.t.

com=g^vh^r

where g and h are globally available generator points, v is the secret scalar value and r is the blinding factor.

Fiat-Shamir Transform

Twilight uses merlin to generate random challenge scalars, instantiated using Keccak-f[1600] at 128 bits security level, to convert interactive sigma protocols to non-interactive proofs.

Bulletproofs

Twilight uses rust implementation of bulletproofs via a CGO bridge to generate 32bit range proofs.

PreviousUse Cases NextAccounts

Last updated 3 years ago