mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-04-27 17:33:47 +02:00
62 lines
2 KiB
C++
62 lines
2 KiB
C++
/*
|
|
* Copyright (c)2013-2021 ZeroTier, Inc.
|
|
*
|
|
* Use of this software is governed by the Business Source License included
|
|
* in the LICENSE.TXT file in the project's root directory.
|
|
*
|
|
* Change Date: 2026-01-01
|
|
*
|
|
* On the date above, in accordance with the Business Source License, use
|
|
* of this software will be governed by version 2.0 of the Apache License.
|
|
*/
|
|
/****/
|
|
|
|
#ifndef ZT_MIMC52_HPP
|
|
#define ZT_MIMC52_HPP
|
|
|
|
#include "Constants.hpp"
|
|
|
|
/*
|
|
* This is a verifiable delay function (or serial proof of work) based on
|
|
* the MIMC prime field hash construction. MIMC is very fast to execute in
|
|
* one direction and inherently a lot slower in another, allowing expensive
|
|
* work to be quickly verified. The 52-bit algorithm implemented here can
|
|
* run very fast on a variety of systems by taking advantage of the
|
|
* interesting double precision FPU modular multiplication hack described
|
|
* here:
|
|
*
|
|
* https://stackoverflow.com/a/50479693
|
|
*
|
|
* 52 bits is not sufficient for high strength cryptographic applications
|
|
* like block chains, but is good enough to add a deterministic delay to
|
|
* identity generation. That's its only purpose here. This is used as the
|
|
* delay function for "type 1" identities to replace the ad-hoc memory hard
|
|
* hash used in "type 0." This is both simpler and faster to verify.
|
|
*/
|
|
|
|
namespace ZeroTier {
|
|
namespace MIMC52 {
|
|
|
|
/**
|
|
* Compute proof of execution for the delay function
|
|
*
|
|
* @param challenge 256-bit challenge input to randomize algorithm, making it a unique function
|
|
* @param rounds Number of rounds
|
|
* @return Proof of execution of delay function (only least significant 52 bits are meaningful)
|
|
*/
|
|
uint64_t delay(const uint8_t challenge[32], unsigned long rounds);
|
|
|
|
/**
|
|
* Verify a proof of execution
|
|
*
|
|
* @param challenge 256-bit challenge
|
|
* @param rounds Number of rounds
|
|
* @param proof Proof from delay()
|
|
* @return True if proof is valid
|
|
*/
|
|
bool verify(const uint8_t challenge[32], unsigned long rounds, uint64_t proof);
|
|
|
|
} // namespace MIMC52
|
|
} // namespace ZeroTier
|
|
|
|
#endif
|