Copying over pedersen commitment from crypto lib (#6238)

include/xrpl/protocol/ConfidentialTransfer.h

@@ -109,9 +109,6 @@ verifyClawbackEqualityProof(
     Slice const& ciphertext,
     uint256 const& contextHash);
 
-std::vector<Buffer>
-getEqualityProofs(Slice const& zkp);
-
 NotTEC
 checkEncryptedAmountFormat(STObject const& object);
 
@@ -130,24 +127,18 @@ verifyRevealedAmount(
     EncryptedAmountInfo const& issuer,
     std::optional<EncryptedAmountInfo> const& auditor);
 
-// returns the number of entries
-size_t inline getEqualityProofSize(bool const hasAuditor)
-{
-    // Be careful if we ever need to change the numbers below, it will be a
-    // breaking change!
-    return (hasAuditor ? 3 : 2);
-}
-
-// returns the total byte length of all the equality proofs combined
-size_t inline getEqualityProofLength(bool const hasAuditor)
-{
-    return getEqualityProofSize(hasAuditor) * ecEqualityProofLength;
-}
-
 // generates a 32 byte randomness factor to be used in encryption and proofs
 Buffer
 generateBlindingFactor();
 
+TER
+verifyPedersenLinkage(
+    Slice const& proof,
+    Slice const& encAmt,
+    Slice const& pubKeySlice,
+    Slice const& pcmSlice,
+    uint256 const& contextHash);
+
 // The following functions belong to the mpt-crypto library,
 // they will be finally removed and we will use conan2 to manage the dependency.
 /**
@@ -346,6 +337,61 @@ secp256k1_elgamal_verify_encryption(
     uint64_t amount,
     unsigned char const* blinding_factor);
 
+/**
+ * @brief Proves the link between an ElGamal ciphertext and a Pedersen
+ * commitment.
+ * * Formal Statement: Knowledge of (m, r, rho) such that:
+ * C1 = r*G, C2 = m*G + r*Pk, and PCm = m*G + rho*H.
+ * * @param ctx         Pointer to a secp256k1 context object.
+ * @param proof       [OUT] Pointer to 195-byte buffer for the proof output.
+ * @param c1          Pointer to the ElGamal C1 point (r*G).
+ * @param c2          Pointer to the ElGamal C2 point (m*G + r*Pk).
+ * @param pk          Pointer to the recipient's public key.
+ * @param pcm         Pointer to the Pedersen Commitment (m*G + rho*H).
+ * @param amount      The plaintext amount (m).
+ * @param r           The 32-byte secret ElGamal blinding factor.
+ * @param rho         The 32-byte secret Pedersen blinding factor.
+ * @param context_id  32-byte unique transaction context identifier.
+ * @return 1 on success, 0 on failure.
+ */
+int
+secp256k1_elgamal_pedersen_link_prove(
+    secp256k1_context const* ctx,
+    unsigned char* proof,
+    secp256k1_pubkey const* c1,
+    secp256k1_pubkey const* c2,
+    secp256k1_pubkey const* pk,
+    secp256k1_pubkey const* pcm,
+    uint64_t amount,
+    unsigned char const* r,
+    unsigned char const* rho,
+    unsigned char const* context_id);
+
+/**
+ * @brief Verifies the link proof between ElGamal and Pedersen commitments.
+ * * @return 1 if the proof is valid, 0 otherwise.
+ */
+int
+secp256k1_elgamal_pedersen_link_verify(
+    secp256k1_context const* ctx,
+    unsigned char const* proof,
+    secp256k1_pubkey const* c1,
+    secp256k1_pubkey const* c2,
+    secp256k1_pubkey const* pk,
+    secp256k1_pubkey const* pcm,
+    unsigned char const* context_id);
+
+/**
+ * Compute a Pedersen Commitment: PC = m*G + rho*H
+ * Returns 1 on success, 0 on failure.
+ */
+int
+secp256k1_mpt_pedersen_commit(
+    secp256k1_context const* ctx,
+    secp256k1_pubkey* commitment,
+    uint64_t amount,
+    unsigned char const* blinding_factor_rho /* 32 bytes */
+);
 }  // namespace ripple
 
 #endif

include/xrpl/protocol/Protocol.h

@@ -317,6 +317,9 @@ std::size_t constexpr ecBlindingFactorLength = 32;
 
 /** Length of Schnorr ZKProof for public key registration */
 std::size_t constexpr ecSchnorrProofLength = 65;
+
+/** Length of ElGamal Pedersen linkage proof */
+std::size_t constexpr ecPedersenProofLength = 195;
 }  // namespace ripple
 
 #endif