* @file factoring_zk.h
* @brief ZK proof of knowledge of factoring declarations
#include "amcl/amcl.h"
#include "amcl/big_1024_58.h"
#include "amcl/ff_2048.h"
#ifdef __cplusplus
extern "C"
#ifndef FS_2048
#define FS_2048 MODBYTES_1024_58 * FFLEN_2048 /**< 2048 field size in bytes */
#ifndef HFS_2048
#define HFS_2048 MODBYTES_1024_58 * HFLEN_2048 /**< Half 2048 field size in bytes */
#define FACTORING_ZK_A FS_2048 /**< Proof, length in bytes */
#define FACTORING_ZK_B 16 /**< Security parameter, length in bytes */
#define FACTORING_ZK_OK 0 /**< Proof successfully verified */
#define FACTORING_ZK_FAIL 91 /**< Invalid proof */
#define FACTORING_ZK_OUT_OF_BOUNDS 92 /**< Invalid proof bounds */
/** \brief Prove knowledge of the modulus m in ZK
* @param RNG Cryptographically secure PRNG
* @param P First prime of the factorization
* @param Q Second prime of the factorization
* @param R Random value used in the proof. If RNG is NULL this is read
* @param E First component of the ZK proof
* @param Y Second component of the ZK proof
void FACTORING_ZK_prove(csprng *RNG, octet *P, octet *Q, octet *R, octet *E, octet *Y);
/** \brief Verify ZK proof of knowledge of factoring of N
* Verify that (E, Y) is a valid proof of knowledge of factoring of N
* @param N Public integer, the RSA modulus
* @param E Fisrt component of the ZK proof
* @param Y Second component of the ZK proof
* @return 1 if the proof is valid, 0 otherwise
int FACTORING_ZK_verify(octet *N, octet *E, octet *Y);
#ifdef __cplusplus