(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[22120],{6685:function(s,e,i){(window.__NEXT_P=window.__NEXT_P||[]).push(["/en/build/smart-contracts/cryptography",function(){return i(87532)}])},87532:function(s,e,i){"use strict";i.r(e),i.d(e,{useTOC:function(){return d}});var n=i(31549),r=i(82910),t=i(1117),a=i(46977),l=i(13844),h=i(83185);function d(s){let e={code:"code",...(0,a.a)()};return[{value:"Cryptographic primitives",id:"cryptographic-primitives",depth:2},{value:"Cryptographic hash functions",id:"cryptographic-hash-functions",depth:2},{value:"Digital signature verification",id:"digital-signature-verification",depth:2},{value:"Elliptic curve arithmetic",id:"elliptic-curve-arithmetic",depth:2},{value:"Ristretto255 arithmetic",id:"ristretto255-arithmetic",depth:3},{value:"Generic elliptic curve arithmetic",id:"generic-elliptic-curve-arithmetic",depth:3},{value:"Building powerful cryptographic applications",id:"building-powerful-cryptographic-applications",depth:2},{value:"Veiled coins",id:"veiled-coins",depth:3},{value:"Groth16 zkSNARK verifier",id:"groth16-zksnark-verifier",depth:3},{value:(0,n.jsxs)(n.Fragment,{children:["Verifying randomness from the ",(0,n.jsx)(e.code,{children:"drand"})," beacon"]}),id:"verifying-randomness-from-the-drand-beacon",depth:3}]}e.default=(0,r.c)(function(s){let{toc:e=d(s)}=s,i={a:"a",annotation:"annotation",code:"code",em:"em",h1:"h1",h2:"h2",h3:"h3",li:"li",math:"math",mi:"mi",mn:"mn",mo:"mo",mrow:"mrow",msup:"msup",ol:"ol",p:"p",pre:"pre",section:"section",semantics:"semantics",span:"span",strong:"strong",sup:"sup",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,a.a)(),...s.components};return(0,n.jsxs)(n.Fragment,{children:[(0,n.jsx)(i.h1,{children:"Cryptography in Move"}),"\n",(0,n.jsx)(i.p,{children:"Cryptography plays an integral role in ensuring the security, integrity, confidentiality, and immutability of data in blockchain systems. The Aptos adapter for Move provides developers with an array of cryptographic primitives to cater to this need. This document delves into the cryptographic functionalities offered by Move on Aptos and elucidates the principles that drive their design."}),"\n",(0,n.jsx)(i.h2,{id:e[0].id,children:e[0].value}),"\n",(0,n.jsx)(i.p,{children:"Move, through the Aptos adapter, encompasses several fundamental cryptographic tools:"}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.a,{href:"#cryptographic-hash-functions",children:"Cryptographic Hash Functions"})," – Algorithms that produce a fixed-size output (hash) from variable-sized input data. Supported functions include SHA2-256, SHA3-256, Keccak256, and Blake2b-256."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.a,{href:"#digital-signature-verification",children:"Digital Signature Verification"})," – Algorithms for signing a message to ensure its integrity, authenticate its sender, ensure non-repudiation, or any combination thereof. Supported signature schemes include Ed25519, ECDSA, and BLS."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.a,{href:"#elliptic-curve-arithmetic",children:"Elliptic Curve Arithmetic"})," – Elliptic curves are one of the building blocks of advanced cryptographic primitives, such as digital signatures, public-key encryption or verifiable secret sharing. Supported curves include Ristretto255 and BLS12-381."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.a,{href:"#building-powerful-cryptographic-applications",children:"Zero-Knowledge Proofs (ZKP)"})," – These cryptographic techniques enable a party to prove that a relation ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsxs)(i.mrow,{children:[(0,n.jsx)(i.mi,{children:"R"}),(0,n.jsx)(i.mo,{stretchy:"false",children:"("}),(0,n.jsx)(i.mi,{children:"x"}),(0,n.jsx)(i.mo,{separator:"true",children:";"}),(0,n.jsx)(i.mi,{children:"w"}),(0,n.jsx)(i.mo,{stretchy:"false",children:")"})]}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"R(x; w)"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"1em",verticalAlign:"-0.25em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",style:{marginRight:"0.00773em"},children:"R"}),(0,n.jsx)(i.span,{className:"mopen",children:"("}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"x"}),(0,n.jsx)(i.span,{className:"mpunct",children:";"}),(0,n.jsx)(i.span,{className:"mspace",style:{marginRight:"0.1667em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",style:{marginRight:"0.02691em"},children:"w"}),(0,n.jsx)(i.span,{className:"mclose",children:")"})]})})]})," is satisfied on a public statement ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"x"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"x"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4306em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"x"})]})})]})," without leaking the secret witness ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"w"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"w"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4306em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",style:{marginRight:"0.02691em"},children:"w"})]})})]})," that makes it hold. Currently, we support Groth16 ZKP verification and Bulletproofs ZK range proof verification."]}),"\n"]}),"\n",(0,n.jsx)(i.p,{children:"Three fundamental principles guide the design and integration of the Aptos cryptographic extensions into Move:"}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Economic Gas Usage"})," – Striving to minimize gas costs for Move developers by implementing key primitives as ",(0,n.jsx)(i.a,{href:"book/functions#native-functions",children:"Move native functions"}),". For example, see the module for ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/bls12381.move",children:"BLS signatures over BLS12-381 elliptic curves"}),"."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Type-Safe APIs"})," – Ensuring that APIs are resistant to common mistakes, type-safety enhances code reliability and promotes an efficient development process. For an example, see the ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/ed25519.move",children:"Ed25519 signature module"}),"."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Empowerment of Developers"})," – In instances where native functions are unavailable, we empower developers to build their own cryptographic primitives on top of abstract cryptographic building blocks such as ",(0,n.jsx)(i.em,{children:"finite fields"})," and ",(0,n.jsx)(i.em,{children:"Abelian groups"}),". Refer to the ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/crypto_algebra.move",children:(0,n.jsx)(i.code,{children:"aptos_std::crypto_algebra"})})," module for more insights."]}),"\n"]}),"\n",(0,n.jsxs)(i.p,{children:["Continue reading to delve a bit deeper and uncover some of the intricacies behind these extensions, as well as the range of applications they empower. For the most comprehensive understanding of this subject, refer to the ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/tree/main/aptos-move/framework/aptos-stdlib/sources/cryptography",children:"cryptography Move modules code"}),"."]}),"\n",(0,n.jsx)(i.h2,{id:e[1].id,children:e[1].value}),"\n",(0,n.jsxs)(i.p,{children:["Developers can now use more cryptographic hash functions in Move via the ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/hash.move",children:(0,n.jsx)(i.code,{children:"aptos_std::aptos_hash"})})," module:"]}),"\n",(0,n.jsxs)(i.table,{children:[(0,n.jsx)(i.thead,{children:(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.th,{children:"Hash function"}),(0,n.jsx)(i.th,{children:"Hash size (bits)"}),(0,n.jsx)(i.th,{children:"Cost for hashing 1KiB (in internal gas units)"}),(0,n.jsx)(i.th,{children:"Collision-resistance security (bits)"})]})}),(0,n.jsxs)(i.tbody,{children:[(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:"Keccak256"}),(0,n.jsx)(i.td,{children:"256"}),(0,n.jsx)(i.td,{children:"1,001,600"}),(0,n.jsx)(i.td,{children:"128"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:"SHA2-256"}),(0,n.jsx)(i.td,{children:"256"}),(0,n.jsx)(i.td,{children:"1,084,000"}),(0,n.jsx)(i.td,{children:"128"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:"SHA2-512"}),(0,n.jsx)(i.td,{children:"512"}),(0,n.jsx)(i.td,{children:"1,293,600"}),(0,n.jsx)(i.td,{children:"256"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:"SHA3-256"}),(0,n.jsx)(i.td,{children:"256"}),(0,n.jsx)(i.td,{children:"1,001,600"}),(0,n.jsx)(i.td,{children:"128"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:"SHA3-512"}),(0,n.jsx)(i.td,{children:"512"}),(0,n.jsx)(i.td,{children:"1,114,000"}),(0,n.jsx)(i.td,{children:"256"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:"RIPEMD160"}),(0,n.jsx)(i.td,{children:"160"}),(0,n.jsx)(i.td,{children:"1,084,000"}),(0,n.jsxs)(i.td,{children:["80 (",(0,n.jsx)(i.strong,{children:"weak"}),")"]})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:"Blake2b-256"}),(0,n.jsx)(i.td,{children:"256"}),(0,n.jsx)(i.td,{children:"342,200"}),(0,n.jsx)(i.td,{children:"128"})]})]})]}),"\n",(0,n.jsx)(i.p,{children:"All hash functions have the same security properties (e.g., one-wayness, collision resistance, etc.), but their security levels are different."}),"\n",(0,n.jsx)(l.U,{type:"warning",children:(0,n.jsx)(i.p,{children:"RIPEMD160 should be avoided as a collision-resistant function due to its 80-bit security level. It is mainly supported for backward-compatibility reasons: e.g., Bitcoin address derivation relies on RIPEMD160."})}),"\n",(0,n.jsxs)(i.p,{children:["Some of these functions can be used for interoperability with other chains (e.g., verifying Ethereum Merkle proofs via ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/137acee4c6dddb1c86398dce25b041d78a3028d3/aptos-move/framework/aptos-stdlib/sources/hash.move#L35",children:(0,n.jsx)(i.code,{children:"aptos_std::aptos_hash::keccak256"})}),").\nOthers, have lower gas costs, such as ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/137acee4c6dddb1c86398dce25b041d78a3028d3/aptos-move/framework/aptos-stdlib/sources/hash.move#L69",children:(0,n.jsx)(i.code,{children:"aptos_std::aptos_hash::blake2b_256"})}),".\nIn general, a wider variety of hash functions give developers additional freedom in terms of both security and interoperability with other off-chain cryptographic systems."]}),"\n",(0,n.jsx)(i.h2,{id:e[2].id,children:e[2].value}),"\n",(0,n.jsxs)(i.p,{children:["Developers can now use a ",(0,n.jsx)(i.em,{children:"type-safe"})," API for verifying many kinds of digital signatures in Move:"]}),"\n",(0,n.jsxs)(i.table,{children:[(0,n.jsx)(i.thead,{children:(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.th,{children:"Signature scheme"}),(0,n.jsx)(i.th,{children:"Curve"}),(0,n.jsx)(i.th,{children:"Sig. size (bytes)"}),(0,n.jsx)(i.th,{children:"PK size (bytes)"}),(0,n.jsx)(i.th,{children:"Malleability"}),(0,n.jsx)(i.th,{children:"Assumptions"}),(0,n.jsx)(i.th,{children:"Pros"}),(0,n.jsx)(i.th,{children:"Cons"})]})}),(0,n.jsxs)(i.tbody,{children:[(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/secp256k1.move",children:"ECDSA"})}),(0,n.jsx)(i.td,{children:"secp256k1"}),(0,n.jsx)(i.td,{children:"64"}),(0,n.jsx)(i.td,{children:"64"}),(0,n.jsx)(i.td,{children:"Yes"}),(0,n.jsx)(i.td,{children:"GGM"}),(0,n.jsx)(i.td,{children:"Wide adoption"}),(0,n.jsx)(i.td,{children:"Security proof"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/ed25519.move",children:"Ed25519"})}),(0,n.jsx)(i.td,{children:"Edwards 25519"}),(0,n.jsx)(i.td,{children:"64"}),(0,n.jsx)(i.td,{children:"32"}),(0,n.jsx)(i.td,{children:"No"}),(0,n.jsx)(i.td,{children:"DLA, ROM"}),(0,n.jsx)(i.td,{children:"Fast"}),(0,n.jsx)(i.td,{children:"Subtleties"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/multi_ed25519.move",children:"MultiEd25519"})}),(0,n.jsx)(i.td,{children:"Edwards 25519"}),(0,n.jsx)(i.td,{children:(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsxs)(i.mrow,{children:[(0,n.jsx)(i.mn,{children:"4"}),(0,n.jsx)(i.mo,{children:"+"}),(0,n.jsx)(i.mi,{children:"t"}),(0,n.jsx)(i.mo,{children:"⋅"}),(0,n.jsx)(i.mn,{children:"64"})]}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"4 + t \\cdot 64"})]})})}),(0,n.jsxs)(i.span,{className:"katex-html","aria-hidden":"true",children:[(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.7278em",verticalAlign:"-0.0833em"}}),(0,n.jsx)(i.span,{className:"mord",children:"4"}),(0,n.jsx)(i.span,{className:"mspace",style:{marginRight:"0.2222em"}}),(0,n.jsx)(i.span,{className:"mbin",children:"+"}),(0,n.jsx)(i.span,{className:"mspace",style:{marginRight:"0.2222em"}})]}),(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.6151em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"t"}),(0,n.jsx)(i.span,{className:"mspace",style:{marginRight:"0.2222em"}}),(0,n.jsx)(i.span,{className:"mbin",children:"⋅"}),(0,n.jsx)(i.span,{className:"mspace",style:{marginRight:"0.2222em"}})]}),(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.6444em"}}),(0,n.jsx)(i.span,{className:"mord",children:"64"})]})]})]})}),(0,n.jsx)(i.td,{children:(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsxs)(i.mrow,{children:[(0,n.jsx)(i.mi,{children:"n"}),(0,n.jsx)(i.mo,{children:"⋅"}),(0,n.jsx)(i.mn,{children:"32"})]}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"n \\cdot 32"})]})})}),(0,n.jsxs)(i.span,{className:"katex-html","aria-hidden":"true",children:[(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4445em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"n"}),(0,n.jsx)(i.span,{className:"mspace",style:{marginRight:"0.2222em"}}),(0,n.jsx)(i.span,{className:"mbin",children:"⋅"}),(0,n.jsx)(i.span,{className:"mspace",style:{marginRight:"0.2222em"}})]}),(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.6444em"}}),(0,n.jsx)(i.span,{className:"mord",children:"32"})]})]})]})}),(0,n.jsx)(i.td,{children:"No"}),(0,n.jsx)(i.td,{children:"DLA, ROM"}),(0,n.jsx)(i.td,{children:"Easy-to-adopt"}),(0,n.jsx)(i.td,{children:"Large sig. size"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/bls12381.move",children:"MinPK BLS"})}),(0,n.jsx)(i.td,{children:"BLS12-381"}),(0,n.jsx)(i.td,{children:"96"}),(0,n.jsx)(i.td,{children:"48"}),(0,n.jsx)(i.td,{children:"No"}),(0,n.jsx)(i.td,{children:"CDH, ROM"}),(0,n.jsx)(i.td,{children:"Versatile"}),(0,n.jsx)(i.td,{children:"Slower verification"})]}),(0,n.jsxs)(i.tr,{children:[(0,n.jsx)(i.td,{children:(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/7d4fb98c6604c67e526a96f55668e7add7aaebf6/aptos-move/move-examples/drand/sources/drand.move#L57",children:"MinSig BLS"})}),(0,n.jsx)(i.td,{children:"BLS12-381"}),(0,n.jsx)(i.td,{children:"48"}),(0,n.jsx)(i.td,{children:"96"}),(0,n.jsx)(i.td,{children:"No"}),(0,n.jsx)(i.td,{children:"CDH, ROM"}),(0,n.jsx)(i.td,{children:"Versatile"}),(0,n.jsx)(i.td,{children:"Slower verification"})]})]})]}),"\n",(0,n.jsx)(l.U,{type:"info",children:(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["CDH stands for the ",(0,n.jsx)(i.em,{children:"“Computational Diffie-Hellman Assumption”"})]}),"\n",(0,n.jsxs)(i.li,{children:["DLA stands for the ",(0,n.jsx)(i.em,{children:"“Discrete Log Assumption”"})]}),"\n",(0,n.jsxs)(i.li,{children:["GGM stands for the ",(0,n.jsx)(i.em,{children:"“Generic Group Model”"})]}),"\n",(0,n.jsxs)(i.li,{children:["ROM stands for the ",(0,n.jsx)(i.em,{children:"“Random Oracle Model”"})]}),"\n"]})}),"\n",(0,n.jsx)(i.p,{children:"The digital signature modules above can be used to build smart contract-based wallets, secure claiming mechanisms for airdrops, or any digital-signature-based access-control mechanism for dapps."}),"\n",(0,n.jsx)(i.p,{children:"The right choice of a signature scheme in your dapp could depend on many factors:"}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Backwards-compatibility"}),"\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["If your dapp’s user base predominantly uses a particular signing mechanism, it would be prudent to support that mechanism for ease of transition and adoption.","\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsx)(i.li,{children:"Example: If users mainly sign using Ed25519, it becomes a logical choice."}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Ease-of-implementation"}),"\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["While theoretically sound, complex protocols may be challenging to implement in practice.","\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["Example: Even though ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"t"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"t"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.6151em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"t"})]})})]}),"-out-of-",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"n"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"n"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4306em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"n"})]})})]})," threshold protocols for Ed25519 exist, their intricacy on the signer’s side might push developers toward MultiEd25519 due to its more straightforward signing implementation."]}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Efficiency"}),"\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["Depending on the dapp’s requirements, you might prioritize one aspect of efficiency over another.","\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsx)(i.li,{children:"Signature size vs. public key size: Some applications might prioritize a smaller signature footprint, while others might emphasize a compact PK."}),"\n",(0,n.jsx)(i.li,{children:"Signing time vs. verification time: For certain dapps, the signing speed might be more crucial, while for others, rapid signature verification could be the priority."}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Security analysis"}),"\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["It is essential to consider the underlying assumptions and potential vulnerabilities of a signature scheme.","\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsx)(i.li,{children:"Example: ECDSA’s security is proven under strong assumptions such as the Generic Group Model (GGM)."}),"\n",(0,n.jsxs)(i.li,{children:["Malleability concerns: Some signature schemes are susceptible to malleability, where a valid signature, ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"σ"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"\\sigma"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4306em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",style:{marginRight:"0.03588em"},children:"σ"})]})})]}),", can be mauled into a different yet still valid signature, ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"σ"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"\\sigma"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4306em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",style:{marginRight:"0.03588em"},children:"σ"})]})})]}),", for the same message ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"m"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"m"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4306em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"m"})]})})]}),"."]}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Versatility"}),"\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["The adaptability and flexibility of signature schemes are important to consider, so you may properly accommodate the cryptographic needs of your dapp.","\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsxs)(i.li,{children:["Example: ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"t"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"t"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.6151em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"t"})]})})]}),"-out-of-",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{children:"n"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"n"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4306em"}}),(0,n.jsx)(i.span,{className:"mord mathnormal",children:"n"})]})})]})," threshold BLS signatures are very simple to implement."]}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n"]}),"\n",(0,n.jsx)(l.U,{type:"warning",children:(0,n.jsxs)(i.p,{children:["Despite its careful, principled design",(0,n.jsx)(i.sup,{children:(0,n.jsx)(i.a,{href:"#user-content-fn-ed25519",id:"user-content-fnref-ed25519","data-footnote-ref":!0,"aria-describedby":"footnote-label",children:"1"})}),", Ed25519 has known implementation subtleties. For example, different implementations could easily disagree on the validity of signatures, especially when batch verification is employed",(0,n.jsx)(i.sup,{children:(0,n.jsx)(i.a,{href:"#user-content-fn-devalence",id:"user-content-fnref-devalence","data-footnote-ref":!0,"aria-describedby":"footnote-label",children:"2"})}),(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsxs)(i.msup,{children:[(0,n.jsx)(i.mrow,{}),(0,n.jsx)(i.mo,{separator:"true",children:","})]})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"^,"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.4369em"}}),(0,n.jsxs)(i.span,{className:"mord",children:[(0,n.jsx)(i.span,{}),(0,n.jsx)(i.span,{className:"msupsub",children:(0,n.jsx)(i.span,{className:"vlist-t",children:(0,n.jsx)(i.span,{className:"vlist-r",children:(0,n.jsx)(i.span,{className:"vlist",style:{height:"0.4369em"},children:(0,n.jsxs)(i.span,{style:{top:"-3.063em",marginRight:"0.05em"},children:[(0,n.jsx)(i.span,{className:"pstrut",style:{height:"2.7em"}}),(0,n.jsx)(i.span,{className:"sizing reset-size6 size3 mtight",children:(0,n.jsx)(i.span,{className:"mpunct mtight",children:","})})]})})})})})]})]})})]}),(0,n.jsx)(i.sup,{children:(0,n.jsx)(i.a,{href:"#user-content-fn-eddsa",id:"user-content-fnref-eddsa","data-footnote-ref":!0,"aria-describedby":"footnote-label",children:"3"})}),"."]})}),"\n",(0,n.jsx)(l.U,{type:"info",children:(0,n.jsxs)(i.p,{children:["Our ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/bls12381.move",children:(0,n.jsx)(i.code,{children:"aptos_std::bls12381"})})," module for ",(0,n.jsx)(i.a,{href:"https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05#name-variants",children:"MinPK BLS"})," supports verification of individual signatures, ",(0,n.jsx)(i.strong,{children:"multi"}),"-signatures, ",(0,n.jsx)(i.strong,{children:"aggregate"})," signatures and ",(0,n.jsx)(i.strong,{children:"threshold"})," signatures."]})}),"\n",(0,n.jsx)(i.h2,{id:e[3].id,children:e[3].value}),"\n",(0,n.jsxs)(i.p,{children:["While the ",(0,n.jsx)(i.a,{href:"#cryptographic-hash-functions",children:"hash function"})," and ",(0,n.jsx)(i.a,{href:"#digital-signature-verification",children:"digital signature"})," modules should provide enough functionality for most applications, some applications will require more powerful cryptography.\nNormally, developers of such applications would have to wait until their desired cryptographic functionality is implemented efficiently as a ",(0,n.jsx)(i.a,{href:"book/functions#native-functions",children:"Move native function"})," in the ",(0,n.jsx)(i.a,{href:"../../network/blockchain/move",children:"Aptos Move framework"}),".\nInstead, we expose basic building blocks that developers can use to implement their own cryptographic primitives directly in the Move language and do so ",(0,n.jsx)(i.strong,{children:"efficiently"}),"."]}),"\n",(0,n.jsx)(i.p,{children:"Specifically, we currently expose low-level arithmetic operations on two popular elliptic curve groups and their associated finite fields:"}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{children:["Ristretto255, via ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/ristretto255.move",children:(0,n.jsx)(i.code,{children:"aptos_std::ristretto255"})})]}),"\n",(0,n.jsxs)(i.li,{children:["BLS12-381, via ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/crypto_algebra.move",children:(0,n.jsx)(i.code,{children:"aptos_std::crypto_algebra"})}),"\nand ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/bls12381_algebra.move",children:(0,n.jsx)(i.code,{children:"aptos_std::bls12381_algebra"})})]}),"\n"]}),"\n",(0,n.jsx)(i.p,{children:"These modules support low-level operations such as:"}),"\n",(0,n.jsxs)(i.ul,{children:["\n",(0,n.jsx)(i.li,{children:"scalar multiplication of elliptic curve points"}),"\n",(0,n.jsx)(i.li,{children:"multi-scalar multiplications (MSMs)"}),"\n",(0,n.jsx)(i.li,{children:"pairings"}),"\n",(0,n.jsx)(i.li,{children:"scalar addition, multiplication, inversion"}),"\n",(0,n.jsx)(i.li,{children:"hashing to a scalar or to a point"}),"\n",(0,n.jsx)(i.li,{children:"and many more"}),"\n"]}),"\n",(0,n.jsx)(i.p,{children:"Examples of powerful applications that can be built on top include:"}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Validity rollups"})," – See the ",(0,n.jsxs)(i.a,{href:"#groth16-zksnark-verifier",children:[(0,n.jsx)(i.code,{children:"groth16"})," zkSNARK verifier example"]}),"."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Randomness-based games"})," – See the ",(0,n.jsxs)(i.a,{href:"#verifying-randomness-from-the-drand-beacon",children:[(0,n.jsx)(i.code,{children:"drand"})," verifier example"]}),"."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Privacy-preserving applications"})," – See the ",(0,n.jsxs)(i.a,{href:"#veiled-coins",children:[(0,n.jsx)(i.code,{children:"veiled_coin"})," example"]}),"."]}),"\n"]}),"\n",(0,n.jsx)(i.h3,{id:e[4].id,children:e[4].value}),"\n",(0,n.jsxs)(i.p,{children:["The ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/ristretto255.move",children:(0,n.jsx)(i.code,{children:"aptos_std::ristretto255"})})," module provides support for elliptic curve arithmetic on the popular ",(0,n.jsx)(i.a,{href:"https://ristretto.group/",children:"Ristretto255 curve"}),".\nOne of the main advantages of Ristretto255 is that it is a prime order group (unlike the Edwards 25519 curve), which obviates small-subgroup attacks on higher-level cryptosystems built on top of it.\nFurthermore, Ristretto255 serialization is canonical and deserialization only accepts canonical encodings, which obviates malleability issues in higher-level protocols."]}),"\n",(0,n.jsx)(i.p,{children:"This module has proven useful for implementing several cryptographic primitives:"}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{children:[(0,n.jsxs)(i.strong,{children:["Zero-knowledge ",(0,n.jsxs)(i.span,{className:"katex",children:[(0,n.jsx)(i.span,{className:"katex-mathml",children:(0,n.jsx)(i.math,{xmlns:"http://www.w3.org/1998/Math/MathML",children:(0,n.jsxs)(i.semantics,{children:[(0,n.jsx)(i.mrow,{children:(0,n.jsx)(i.mi,{mathvariant:"normal",children:"Σ"})}),(0,n.jsx)(i.annotation,{encoding:"application/x-tex",children:"\\Sigma"})]})})}),(0,n.jsx)(i.span,{className:"katex-html","aria-hidden":"true",children:(0,n.jsxs)(i.span,{className:"base",children:[(0,n.jsx)(i.span,{className:"strut",style:{height:"0.6833em"}}),(0,n.jsx)(i.span,{className:"mord",children:"Σ"})]})})]}),"-protocols"]})," – See the ",(0,n.jsxs)(i.a,{href:"#veiled-coins",children:[(0,n.jsx)(i.code,{children:"veiled_coin"})," example"]}),"."]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"ElGamal"})," encryption – See ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/ristretto255_elgamal.move",children:(0,n.jsx)(i.code,{children:"aptos_std::ristretto255_elgamal"})})]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Pedersen"})," commitments – See ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/ristretto255_pedersen.move",children:(0,n.jsx)(i.code,{children:"aptos_std::ristretto255_pedersen"})})]}),"\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.strong,{children:"Bulletproofs"})," ZK range proofs",(0,n.jsx)(i.sup,{children:(0,n.jsx)(i.a,{href:"#user-content-fn-bulletproofs",id:"user-content-fnref-bulletproofs","data-footnote-ref":!0,"aria-describedby":"footnote-label",children:"4"})})," – See ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/ristretto255_bulletproofs.move",children:(0,n.jsx)(i.code,{children:"aptos_std::ristretto255_bulletproofs"})})]}),"\n"]}),"\n",(0,n.jsxs)(i.p,{children:["Need ideas for a cryptosystem to build on top of ",(0,n.jsx)(i.code,{children:"ristretto255"}),"?\nA popular primitive that you could easily build would be the ",(0,n.jsx)(i.a,{href:"https://github.com/w3f/schnorrkel",children:"schnorrkel"})," signature scheme, which is a hardened version of Schnorr signatures over Ristretto255 groups."]}),"\n",(0,n.jsx)(i.h3,{id:e[5].id,children:e[5].value}),"\n",(0,n.jsx)(i.p,{children:"What is better than one curve? More curves!"}),"\n",(0,n.jsxs)(i.p,{children:["The ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/crypto_algebra.move",children:(0,n.jsx)(i.code,{children:"aptos_std::crypto_algebra"})})," provides elliptic curve arithmetic operations for ",(0,n.jsx)(i.strong,{children:"any"})," supported elliptic curve, including pairing-friendly curves.\nAs a consequence, Move developers can implement a cryptosystem generically over ",(0,n.jsx)(i.strong,{children:"any"})," curve that is or will be supported in the future.\nCompared to fixing a particular curve in the code (e.g., by implementing against the ",(0,n.jsx)(i.a,{href:"#ristretto255-arithmetic",children:"Ristretto255 module"}),"), this approach provides more flexibility and lowers development time when migrating to a different curve."]}),"\n",(0,n.jsxs)(i.p,{children:["Although currently the ",(0,n.jsx)(i.code,{children:"crypto_algebra"})," module only supports arithmetic over BLS12-381 curves (via the marker types declared in ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-stdlib/sources/cryptography/bls12381_algebra.move",children:(0,n.jsx)(i.code,{children:"aptos_std::bls12381_algebra"})}),"), more curves will be supported into the future (e.g., BN254, Ristretto255, BLS12-377, BW6-761, secp256k1, secp256r1)."]}),"\n",(0,n.jsxs)(i.p,{children:["As an example, a Move developer can implement the popular Boneh-Lynn-Shacham (BLS) signature scheme generically over ",(0,n.jsx)(i.strong,{children:"any"})," curve by using ",(0,n.jsx)(i.a,{href:"book/functions#type-parameters",children:"type arguments"})," for the curve type in their implementation:"]}),"\n",(0,n.jsx)(i.pre,{icon:h.Ub,tabIndex:"0","data-language":"rust","data-word-wrap":"","data-copy":"",children:(0,n.jsxs)(i.code,{children:[(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"use"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:" std"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"::"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"option;"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"use"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:" aptos_std"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"::"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"crypto_algebra"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"::"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"{eq, pairing, one, deserialize, hash_to};"})]}),"\n",(0,n.jsx)(i.span,{children:" "}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"/// Example of a BLS signature verification function that works over any pairing-friendly"})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"/// group triple `Gr1`, `Gr2`, `GrT` where signatures are in `Gr1` and PKs in `Gr2`."})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"/// Points are serialized using the format in `FormatG1` and `FormatG2` and the hashing"})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"/// method is `HashMethod`."})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"///"})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"/// WARNING: This example is type-unsafe and probably not a great fit for production code."})}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"public fun bls_verify_sig<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"GrT"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"HashMethod"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">("})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    dst"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:":"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"        vector<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"u8"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">,"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    signature"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:":"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"  vector<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"u8"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">,"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    message"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:":"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    vector<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"u8"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">,"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    public_key"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:":"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:" vector<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"u8"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">)"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:":"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:" bool"})]}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"{"})}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"    let"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:" sig  "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"="}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:" option"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"::"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"extract"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"("}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&mut"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:" deserialize<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">("}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"signature));"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"    let"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:" pk   "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"="}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:" option"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"::"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"extract"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"("}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&mut"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:" deserialize<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">("}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"public_key));"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"    let"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:" hash "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"="}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:" hash_to<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"HashMethod"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">("}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"dst, "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"message);"})]}),"\n",(0,n.jsx)(i.span,{children:" "}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"    // Checks if $e(H(m), pk) = e(sig, g_2)$, where $g_2$ generates $\\mathbb{G}_2$"})}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"    eq"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"("})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"        &"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"pairing<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"GrT"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">("}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"hash, "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"pk),"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"        &"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"pairing<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"GrT"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">("}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"sig, "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"&"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"one<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gr2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">())"})]}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    )"})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"}"})})]})}),"\n",(0,n.jsxs)(i.p,{children:["Using the ",(0,n.jsx)(i.code,{children:"bls_verify_sig"})," ",(0,n.jsx)(i.em,{children:"generic"})," function from above, developers can verify BLS signatures over ",(0,n.jsx)(i.strong,{children:"any"})," of the supported (pairing-friendly) curves.\nFor example, one can verify ",(0,n.jsx)(i.a,{href:"https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-bls-signature-05#name-variants",children:"MinSig BLS"})," signatures over BLS12-381 curves by calling the function above with the right BLS12-381 marker types as its type arguments:"]}),"\n",(0,n.jsx)(i.pre,{icon:h.Ub,tabIndex:"0","data-language":"rust","data-word-wrap":"","data-copy":"",children:(0,n.jsxs)(i.code,{children:[(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"use"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:" aptos_std"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"::"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"bls12381_algebra"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#D73A49","--shiki-dark":"#F97583"},children:"::"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"{"})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"    G1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"G2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gt"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG1Compr"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG2Compr"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"HashG1XmdSha256SswuRo"})]}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"};"})}),"\n",(0,n.jsx)(i.span,{children:" "}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#6A737D","--shiki-dark":"#6A737D"},children:"// Aborts with code 1 if the MinSig BLS signature over the BLS12-381 curve fails to verify."})}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"assert"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"("})]}),"\n",(0,n.jsxs)(i.span,{children:[(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    bls_verify_sig<"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"G1"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"G2"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"Gt"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG1Compr"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"FormatG2Compr"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:", "}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#6F42C1","--shiki-dark":"#B392F0"},children:"HashG1XmdSha256SswuRo"}),(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:">("})]}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"        dst, signature, message, public_key"})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:"    ),"})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#005CC5","--shiki-dark":"#79B8FF"},children:"    1"})}),"\n",(0,n.jsx)(i.span,{children:(0,n.jsx)(i.span,{style:{"--shiki-light":"#24292E","--shiki-dark":"#E1E4E8"},children:");"})})]})}),"\n",(0,n.jsxs)(i.p,{children:["For more use cases of the ",(0,n.jsx)(i.code,{children:"crypto_algebra"})," module, check out some Move examples:"]}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{children:[(0,n.jsx)(i.a,{href:"#groth16-zksnark-verifier",children:"Verifying Groth16 zkSNARK proofs"})," over ",(0,n.jsx)(i.strong,{children:"any"})," curve"]}),"\n",(0,n.jsx)(i.li,{children:(0,n.jsxs)(i.a,{href:"#verifying-randomness-from-the-drand-beacon",children:["Verifying randomness from the ",(0,n.jsx)(i.code,{children:"drand"})," beacon"]})}),"\n"]}),"\n",(0,n.jsx)(i.h2,{id:e[6].id,children:e[6].value}),"\n",(0,n.jsx)(i.h3,{id:e[7].id,children:e[7].value}),"\n",(0,n.jsxs)(i.p,{children:["The ",(0,n.jsxs)(i.a,{href:"https://github.com/aptos-labs/aptos-core/tree/main/aptos-move/move-examples/veiled_coin/sources",children:[(0,n.jsx)(i.code,{children:"veiled_coin"})," example"]})," demonstrates how to use ",(0,n.jsx)(i.a,{href:"#ristretto255-arithmetic",children:"the Ristretto255 modules from above"})," to add a reasonable layer of confidentiality to coin balances and transactions."]}),"\n",(0,n.jsxs)(i.p,{children:["Specifically, users can ",(0,n.jsx)(i.strong,{children:"veil"})," their balance, keeping it hidden from everyone, including validators.\nFurthermore, a user can send a ",(0,n.jsx)(i.strong,{children:"veiled transaction"})," that hides the transaction amount from everybody, including validators.\nAn important caveat is that veiled transactions do ",(0,n.jsx)(i.strong,{children:"not"})," hide the identities of the sender or the recipient."]}),"\n",(0,n.jsx)(l.U,{type:"error",children:(0,n.jsxs)(i.p,{children:["This module is educational. It is ",(0,n.jsx)(i.strong,{children:"not"})," production-ready. Using it could lead to loss of funds."]})}),"\n",(0,n.jsx)(i.h3,{id:e[8].id,children:e[8].value}),"\n",(0,n.jsxs)(i.p,{children:["The ",(0,n.jsxs)(i.a,{href:"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/move-examples/groth16_example/sources/groth16.move",children:[(0,n.jsx)(i.code,{children:"groth16"})," example"]})," demonstrates how to verify Groth16 zkSNARK proofs",(0,n.jsx)(i.sup,{children:(0,n.jsx)(i.a,{href:"#user-content-fn-groth16",id:"user-content-fnref-groth16","data-footnote-ref":!0,"aria-describedby":"footnote-label",children:"5"})}),", which are the shortest, fastest-to-verify, general-purpose zero-knowledge proofs.\nImportantly, as explained ",(0,n.jsx)(i.a,{href:"#generic-elliptic-curve-arithmetic",children:"above"}),", this implementation is ",(0,n.jsx)(i.em,{children:"generic"})," over ",(0,n.jsx)(i.strong,{children:"any"})," curve, making it very easy for Move developers to use it with their favorite (supported) curves."]}),"\n",(0,n.jsx)(l.U,{type:"warn",children:(0,n.jsx)(i.p,{children:"This code has not been audited by a third-party organization. If using it in a production system, proceed at your own risk."})}),"\n",(0,n.jsx)(i.h3,{id:e[9].id,children:e[9].value}),"\n",(0,n.jsxs)(i.p,{children:["The ",(0,n.jsxs)(i.a,{href:"https://github.com/aptos-labs/aptos-core/tree/main/aptos-move/move-examples/drand/sources",children:[(0,n.jsx)(i.code,{children:"drand"})," example"]})," shows how to verify public randomness from the ",(0,n.jsx)(i.a,{href:"https://drand.love",children:"drand"})," randomness beacon.\nThis randomness can be used in games or any other chance-based smart contract.\nWe give a simple example of a lottery implemented on top of ",(0,n.jsx)(i.code,{children:"drand"})," randomness in ",(0,n.jsx)(i.a,{href:"https://github.com/aptos-labs/aptos-core/tree/main/aptos-move/move-examples/drand/sources/lottery.move",children:(0,n.jsx)(i.code,{children:"lottery.move"})}),"."]}),"\n",(0,n.jsx)(l.U,{type:"warn",children:(0,n.jsx)(i.p,{children:"This code has not been audited by a third-party organization. If using it in a production system, proceed at your own risk."})}),"\n",(0,n.jsxs)(i.p,{children:["Another application that can be built on top of ",(0,n.jsx)(i.code,{children:"drand"})," is time-lock encryption",(0,n.jsx)(i.sup,{children:(0,n.jsx)(i.a,{href:"#user-content-fn-tlock",id:"user-content-fnref-tlock","data-footnote-ref":!0,"aria-describedby":"footnote-label",children:"6"})}),", which allows users to encrypt information such that it can only be decrypted in a future block.\nWe do not currently have an implementation but the reader is encouraged to write one!"]}),"\n",(0,n.jsxs)(i.section,{"data-footnotes":!0,className:"footnotes",children:[(0,n.jsx)(i.h2,{className:"sr-only",id:"footnote-label",children:"Footnotes"}),"\n",(0,n.jsxs)(i.ol,{children:["\n",(0,n.jsxs)(i.li,{id:"user-content-fn-ed25519",children:["\n",(0,n.jsxs)(i.p,{children:[(0,n.jsx)(i.em,{children:"ed25519:"})," ",(0,n.jsx)(i.strong,{children:"Ed25519: high-speed high-security signatures"}),", by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin Yang, ",(0,n.jsx)(i.a,{href:"https://ed25519.cr.yp.to/",children:"https://ed25519.cr.yp.to/"})," ",(0,n.jsx)(i.a,{href:"#user-content-fnref-ed25519","data-footnote-backref":"","aria-label":"Back to reference 1",className:"data-footnote-backref",children:"↩"})]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{id:"user-content-fn-devalence",children:["\n",(0,n.jsxs)(i.p,{children:[(0,n.jsx)(i.em,{children:"devalence:"})," ",(0,n.jsx)(i.strong,{children:"It’s 255:19AM. Do you know what your validation criteria are?"}),", by Henry de Valence, ",(0,n.jsx)(i.a,{href:"https://hdevalence.ca/blog/2020-10-04-its-25519am",children:"https://hdevalence.ca/blog/2020-10-04-its-25519am"})," ",(0,n.jsx)(i.a,{href:"#user-content-fnref-devalence","data-footnote-backref":"","aria-label":"Back to reference 2",className:"data-footnote-backref",children:"↩"})]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{id:"user-content-fn-eddsa",children:["\n",(0,n.jsxs)(i.p,{children:[(0,n.jsx)(i.em,{children:"eddsa:"})," ",(0,n.jsx)(i.strong,{children:"Taming the Many EdDSAs"}),", by Konstantinos Chalkias, Fran\xe7ois Garillot, Valeria Nikolaenko, in SSR 2020, ",(0,n.jsx)(i.a,{href:"https://dl.acm.org/doi/abs/10.1007/978-3-030-64357-7_4",children:"https://dl.acm.org/doi/abs/10.1007/978-3-030-64357-7_4"})," ",(0,n.jsx)(i.a,{href:"#user-content-fnref-eddsa","data-footnote-backref":"","aria-label":"Back to reference 3",className:"data-footnote-backref",children:"↩"})]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{id:"user-content-fn-bulletproofs",children:["\n",(0,n.jsxs)(i.p,{children:[(0,n.jsx)(i.em,{children:"bulletproofs:"})," ",(0,n.jsx)(i.strong,{children:"Bulletproofs: Short Proofs for Confidential Transactions and More"}),"; by B. B\xfcnz and J. Bootle and D. Boneh and A. Poelstra and P. Wuille and G. Maxwell; in 2018 IEEE Symposium on Security and Privacy ",(0,n.jsx)(i.a,{href:"#user-content-fnref-bulletproofs","data-footnote-backref":"","aria-label":"Back to reference 4",className:"data-footnote-backref",children:"↩"})]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{id:"user-content-fn-groth16",children:["\n",(0,n.jsxs)(i.p,{children:[(0,n.jsx)(i.em,{children:"groth16:"})," ",(0,n.jsx)(i.strong,{children:"On the Size of Pairing-Based Non-interactive Arguments"}),"; by Groth, Jens; in EUROCRYPT 2016 ",(0,n.jsx)(i.a,{href:"#user-content-fnref-groth16","data-footnote-backref":"","aria-label":"Back to reference 5",className:"data-footnote-backref",children:"↩"})]}),"\n"]}),"\n",(0,n.jsxs)(i.li,{id:"user-content-fn-tlock",children:["\n",(0,n.jsxs)(i.p,{children:[(0,n.jsx)(i.em,{children:"tlock:"})," ",(0,n.jsx)(i.strong,{children:"tlock: Practical Timelock Encryption from Threshold BLS"}),"; by Nicolas Gailly and Kelsey Melissaris and Yolan Romailler; ",(0,n.jsx)(i.a,{href:"https://eprint.iacr.org/2023/189",children:"https://eprint.iacr.org/2023/189"})," ",(0,n.jsx)(i.a,{href:"#user-content-fnref-tlock","data-footnote-backref":"","aria-label":"Back to reference 6",className:"data-footnote-backref",children:"↩"})]}),"\n"]}),"\n"]}),"\n"]})]})},"/en/build/smart-contracts/cryptography",{filePath:"pages/en/build/smart-contracts/cryptography.mdx",timestamp:1728425436e3,pageMap:t.v,frontMatter:{title:"Cryptography"},title:"Cryptography"},"undefined"==typeof RemoteContent?d:RemoteContent.useTOC)},13844:function(s,e,i){"use strict";i.d(e,{U:function(){return h}});var n=i(31549),r=i(78364),t=i(83185);let a={default:"\uD83D\uDCA1",error:"\uD83D\uDEAB",info:(0,n.jsx)(t.AV,{className:"_mt-1"}),warning:"⚠️"},l={default:(0,r.Z)("_border-orange-100 _bg-orange-50 _text-orange-800 dark:_border-orange-400/30 dark:_bg-orange-400/20 dark:_text-orange-300"),error:(0,r.Z)("_border-red-200 _bg-red-100 _text-red-900 dark:_border-red-200/30 dark:_bg-red-900/30 dark:_text-red-200"),info:(0,r.Z)("_border-blue-200 _bg-blue-100 _text-blue-900 dark:_border-blue-200/30 dark:_bg-blue-900/30 dark:_text-blue-200"),warning:(0,r.Z)("_border-yellow-100 _bg-yellow-50 _text-yellow-900 dark:_border-yellow-200/30 dark:_bg-yellow-700/30 dark:_text-yellow-200")};function h({children:s,type:e="default",emoji:i=a[e]}){return(0,n.jsxs)("div",{className:(0,r.Z)("nextra-callout _overflow-x-auto _mt-6 _flex _rounded-lg _border _py-2 ltr:_pr-4 rtl:_pl-4","contrast-more:_border-current contrast-more:dark:_border-current",l[e]),children:[(0,n.jsx)("div",{className:"_select-none _text-xl ltr:_pl-3 ltr:_pr-2 rtl:_pr-3 rtl:_pl-2",style:{fontFamily:'"Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"'},children:i}),(0,n.jsx)("div",{className:"_w-full _min-w-0 _leading-7",children:s})]})}},82910:function(s,e,i){"use strict";i.d(e,{c:function(){return h}});var n=i(31549),r=i(74271),t=i(14553),a=i(55754),l=i(46977);function h(s,e,i,n){let t=globalThis[r.ud];return t.route=e,t.pageMap=i.pageMap,t.context[e]={Content:s,pageOpts:i,useTOC:n},d}function d({__nextra_pageMap:s=[],__nextra_dynamic_opts:e,...i}){let l=globalThis[r.ud],{Layout:h,themeConfig:d}=l,{route:o,locale:p}=(0,t.t)(),x=l.context[o];if(!x)throw Error(`No content found for the "${o}" route. Please report it as a bug.`);let{pageOpts:m,useTOC:j,Content:k}=x;if(o.startsWith("/["))m.pageMap=s;else for(let{route:e,children:i}of s){let s=e.split("/").slice(p?2:1);(function s(e,[i,...n]){for(let r of e)if("children"in r&&i===r.name)return n.length?s(r.children,n):r})(m.pageMap,s).children=i}if(e){let{title:s,frontMatter:i}=e;m={...m,title:s,frontMatter:i}}return(0,n.jsx)(h,{themeConfig:d,pageOpts:m,pageProps:i,children:(0,n.jsx)(a.F,{value:i,children:(0,n.jsx)(c,{useTOC:j,children:(0,n.jsx)(k,{...i})})})})}function c({children:s,useTOC:e}){let{wrapper:i}=(0,l.a)();return(0,n.jsx)(o,{useTOC:e,wrapper:i,children:s})}function o({children:s,useTOC:e,wrapper:i,...r}){let t=e(r);return i?(0,n.jsx)(i,{toc:t,children:s}):s}}},function(s){s.O(0,[68889,1117,92888,49774,40179],function(){return s(s.s=6685)}),_N_E=s.O()}]);