2020-08-22 13:15:39 -07:00
|
|
|
//! This module provides an implementation of a variant of (Turbo)[PLONK][plonk]
|
|
|
|
//! that is designed specifically for the polynomial commitment scheme described
|
|
|
|
//! in the [Halo][halo] paper.
|
|
|
|
//!
|
|
|
|
//! [halo]: https://eprint.iacr.org/2019/1021
|
|
|
|
//! [plonk]: https://eprint.iacr.org/2019/953
|
|
|
|
|
2021-02-11 06:30:26 -08:00
|
|
|
use blake2b_simd::Params as Blake2bParams;
|
|
|
|
|
|
|
|
use crate::arithmetic::{CurveAffine, FieldExt};
|
2021-01-12 07:28:35 -08:00
|
|
|
use crate::poly::{
|
2021-02-17 14:15:08 -08:00
|
|
|
commitment::Params, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, LagrangeCoeff,
|
|
|
|
PinnedEvaluationDomain, Polynomial,
|
2021-01-12 07:28:35 -08:00
|
|
|
};
|
2021-02-08 22:01:33 -08:00
|
|
|
use crate::transcript::{ChallengeScalar, Transcript};
|
2020-08-22 13:15:39 -07:00
|
|
|
|
|
|
|
mod circuit;
|
2020-09-29 07:25:04 -07:00
|
|
|
mod keygen;
|
2020-11-30 22:53:20 -08:00
|
|
|
mod lookup;
|
2020-12-21 21:56:30 -08:00
|
|
|
pub(crate) mod permutation;
|
2020-12-02 07:16:37 -08:00
|
|
|
mod vanishing;
|
|
|
|
|
2020-08-22 13:15:39 -07:00
|
|
|
mod prover;
|
|
|
|
mod verifier;
|
|
|
|
|
|
|
|
pub use circuit::*;
|
2020-09-29 07:25:04 -07:00
|
|
|
pub use keygen::*;
|
2020-08-22 13:15:39 -07:00
|
|
|
pub use prover::*;
|
|
|
|
pub use verifier::*;
|
|
|
|
|
2021-01-12 07:28:35 -08:00
|
|
|
use std::io;
|
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
/// This is a verifying key which allows for the verification of proofs for a
|
|
|
|
/// particular circuit.
|
2020-08-22 13:15:39 -07:00
|
|
|
#[derive(Debug)]
|
2020-09-29 07:25:04 -07:00
|
|
|
pub struct VerifyingKey<C: CurveAffine> {
|
2020-08-22 13:15:39 -07:00
|
|
|
domain: EvaluationDomain<C::Scalar>,
|
2020-08-22 15:10:27 -07:00
|
|
|
fixed_commitments: Vec<C>,
|
2020-11-30 18:09:03 -08:00
|
|
|
permutations: Vec<permutation::VerifyingKey<C>>,
|
2020-09-29 07:25:04 -07:00
|
|
|
cs: ConstraintSystem<C::Scalar>,
|
|
|
|
}
|
|
|
|
|
2021-01-12 07:28:35 -08:00
|
|
|
impl<C: CurveAffine> VerifyingKey<C> {
|
|
|
|
/// Writes a verifying key to a buffer.
|
|
|
|
pub fn write<W: io::Write>(&self, writer: &mut W) -> io::Result<()> {
|
|
|
|
for commitment in &self.fixed_commitments {
|
|
|
|
writer.write_all(&commitment.to_bytes())?;
|
|
|
|
}
|
|
|
|
for permutation in &self.permutations {
|
|
|
|
permutation.write(writer)?;
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Reads a verification key from a buffer.
|
|
|
|
pub fn read<R: io::Read, ConcreteCircuit: Circuit<C::Scalar>>(
|
|
|
|
reader: &mut R,
|
|
|
|
params: &Params<C>,
|
|
|
|
) -> io::Result<Self> {
|
|
|
|
let (domain, cs, _) = keygen::create_domain::<C, ConcreteCircuit>(params);
|
|
|
|
|
2021-01-21 15:40:25 -08:00
|
|
|
let fixed_commitments: Vec<_> = (0..cs.num_fixed_columns)
|
|
|
|
.map(|_| C::read(reader))
|
|
|
|
.collect::<Result<_, _>>()?;
|
2021-01-12 07:28:35 -08:00
|
|
|
|
2021-01-21 15:40:25 -08:00
|
|
|
let permutations: Vec<_> = cs
|
|
|
|
.permutations
|
|
|
|
.iter()
|
|
|
|
.map(|argument| permutation::VerifyingKey::read(reader, argument))
|
|
|
|
.collect::<Result<_, _>>()?;
|
2021-01-12 07:28:35 -08:00
|
|
|
|
|
|
|
Ok(VerifyingKey {
|
|
|
|
domain,
|
|
|
|
fixed_commitments,
|
|
|
|
permutations,
|
|
|
|
cs,
|
|
|
|
})
|
|
|
|
}
|
2021-02-08 22:01:33 -08:00
|
|
|
|
|
|
|
/// Hashes a verification key into a transcript.
|
2021-02-15 09:09:54 -08:00
|
|
|
pub fn hash_into<T: Transcript<C>>(&self, transcript: &mut T) -> io::Result<()> {
|
2021-02-11 06:30:26 -08:00
|
|
|
let mut hasher = Blake2bParams::new()
|
|
|
|
.hash_length(64)
|
2021-02-17 14:17:23 -08:00
|
|
|
.personal(b"Halo2-Verify-Key")
|
2021-02-11 06:30:26 -08:00
|
|
|
.to_state();
|
|
|
|
|
2021-02-17 14:15:08 -08:00
|
|
|
let s = format!("{:?}", self.pinned());
|
2021-02-11 06:30:26 -08:00
|
|
|
|
2021-02-17 09:46:20 -08:00
|
|
|
hasher.update(&(s.len() as u64).to_le_bytes());
|
|
|
|
hasher.update(s.as_bytes());
|
2021-02-08 22:01:33 -08:00
|
|
|
|
2021-02-11 06:30:26 -08:00
|
|
|
// Hash in final Blake2bState
|
2021-02-17 12:55:38 -08:00
|
|
|
transcript.common_scalar(C::Scalar::from_bytes_wide(hasher.finalize().as_array()))?;
|
2021-02-11 06:30:26 -08:00
|
|
|
|
2021-02-08 22:01:33 -08:00
|
|
|
Ok(())
|
|
|
|
}
|
2021-02-17 14:15:08 -08:00
|
|
|
|
|
|
|
/// Obtains a pinned representation of this verification key that contains
|
|
|
|
/// the minimal information necessary to reconstruct the verification key.
|
|
|
|
pub fn pinned(&self) -> PinnedVerificationKey<'_, C> {
|
|
|
|
PinnedVerificationKey {
|
2021-02-18 06:51:41 -08:00
|
|
|
base_modulus: C::Base::MODULUS,
|
|
|
|
scalar_modulus: C::Scalar::MODULUS,
|
2021-02-17 14:15:08 -08:00
|
|
|
domain: self.domain.pinned(),
|
|
|
|
fixed_commitments: &self.fixed_commitments,
|
|
|
|
permutations: &self.permutations,
|
|
|
|
cs: self.cs.pinned(),
|
|
|
|
}
|
|
|
|
}
|
2021-01-12 07:28:35 -08:00
|
|
|
}
|
|
|
|
|
2021-02-17 14:15:08 -08:00
|
|
|
/// Minimal representation of a verification key that can be used to identify
|
|
|
|
/// its active contents.
|
2021-02-18 06:51:41 -08:00
|
|
|
#[derive(Debug)]
|
2021-02-17 14:15:08 -08:00
|
|
|
pub struct PinnedVerificationKey<'a, C: CurveAffine> {
|
2021-02-18 06:51:41 -08:00
|
|
|
base_modulus: &'static str,
|
|
|
|
scalar_modulus: &'static str,
|
2021-02-17 14:15:08 -08:00
|
|
|
domain: PinnedEvaluationDomain<'a, C::Scalar>,
|
2021-02-18 06:51:41 -08:00
|
|
|
cs: PinnedConstraintSystem<'a, C::Scalar>,
|
2021-02-17 14:15:08 -08:00
|
|
|
fixed_commitments: &'a Vec<C>,
|
|
|
|
permutations: &'a Vec<permutation::VerifyingKey<C>>,
|
2021-02-17 09:46:20 -08:00
|
|
|
}
|
2020-09-29 07:25:04 -07:00
|
|
|
/// This is a proving key which allows for the creation of proofs for a
|
|
|
|
/// particular circuit.
|
|
|
|
#[derive(Debug)]
|
|
|
|
pub struct ProvingKey<C: CurveAffine> {
|
|
|
|
vk: VerifyingKey<C>,
|
|
|
|
// TODO: get rid of this?
|
|
|
|
l0: Polynomial<C::Scalar, ExtendedLagrangeCoeff>,
|
2020-11-30 22:35:56 -08:00
|
|
|
fixed_values: Vec<Polynomial<C::Scalar, LagrangeCoeff>>,
|
2020-09-07 09:22:25 -07:00
|
|
|
fixed_polys: Vec<Polynomial<C::Scalar, Coeff>>,
|
|
|
|
fixed_cosets: Vec<Polynomial<C::Scalar, ExtendedLagrangeCoeff>>,
|
2020-11-30 18:09:03 -08:00
|
|
|
permutations: Vec<permutation::ProvingKey<C>>,
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/// This is an error that could occur during proving or circuit synthesis.
|
|
|
|
// TODO: these errors need to be cleaned up
|
|
|
|
#[derive(Debug)]
|
|
|
|
pub enum Error {
|
|
|
|
/// This is an error that can occur during synthesis of the circuit, for
|
|
|
|
/// example, when the witness is not present.
|
|
|
|
SynthesisError,
|
|
|
|
/// The structured reference string or the parameters are not compatible
|
|
|
|
/// with the circuit being synthesized.
|
|
|
|
IncompatibleParams,
|
|
|
|
/// The constraint system is not satisfied.
|
|
|
|
ConstraintSystemFailure,
|
2020-08-22 15:10:27 -07:00
|
|
|
/// Out of bounds index passed to a backend
|
|
|
|
BoundsFailure,
|
2020-09-15 16:32:39 -07:00
|
|
|
/// Opening error
|
|
|
|
OpeningError,
|
2020-10-14 16:35:06 -07:00
|
|
|
/// Transcript error
|
|
|
|
TranscriptError,
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
impl<C: CurveAffine> ProvingKey<C> {
|
2020-09-29 07:28:00 -07:00
|
|
|
/// Get the underlying [`VerifyingKey`].
|
2020-09-29 07:25:04 -07:00
|
|
|
pub fn get_vk(&self) -> &VerifyingKey<C> {
|
|
|
|
&self.vk
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl<C: CurveAffine> VerifyingKey<C> {
|
2020-09-29 07:28:00 -07:00
|
|
|
/// Get the underlying [`EvaluationDomain`].
|
2020-09-29 07:25:04 -07:00
|
|
|
pub fn get_domain(&self) -> &EvaluationDomain<C::Scalar> {
|
|
|
|
&self.domain
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-30 22:44:14 -08:00
|
|
|
#[derive(Clone, Copy, Debug)]
|
|
|
|
struct Theta;
|
|
|
|
type ChallengeTheta<F> = ChallengeScalar<F, Theta>;
|
|
|
|
|
2020-11-25 11:26:31 -08:00
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct Beta;
|
|
|
|
type ChallengeBeta<F> = ChallengeScalar<F, Beta>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct Gamma;
|
|
|
|
type ChallengeGamma<F> = ChallengeScalar<F, Gamma>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct Y;
|
|
|
|
type ChallengeY<F> = ChallengeScalar<F, Y>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct X;
|
|
|
|
type ChallengeX<F> = ChallengeScalar<F, X>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
2020-08-22 13:15:39 -07:00
|
|
|
#[test]
|
|
|
|
fn test_proving() {
|
2020-11-12 16:08:08 -08:00
|
|
|
use crate::arithmetic::{Curve, FieldExt};
|
2020-12-21 15:00:39 -08:00
|
|
|
use crate::dev::MockProver;
|
2021-01-27 02:30:39 -08:00
|
|
|
use crate::pasta::{EqAffine, Fp};
|
2020-12-23 08:45:16 -08:00
|
|
|
use crate::poly::{
|
|
|
|
commitment::{Blind, Params},
|
|
|
|
Rotation,
|
|
|
|
};
|
2021-01-27 02:30:39 -08:00
|
|
|
use crate::transcript::{Blake2bRead, Blake2bWrite};
|
2020-12-04 20:51:28 -08:00
|
|
|
use circuit::{Advice, Column, Fixed};
|
2020-08-27 10:43:08 -07:00
|
|
|
use std::marker::PhantomData;
|
2020-08-22 13:15:39 -07:00
|
|
|
const K: u32 = 5;
|
|
|
|
|
2020-11-05 19:13:54 -08:00
|
|
|
/// This represents an advice column at a certain row in the ConstraintSystem
|
2020-08-31 09:01:09 -07:00
|
|
|
#[derive(Copy, Clone, Debug)]
|
2020-11-05 19:25:50 -08:00
|
|
|
pub struct Variable(Column<Advice>, usize);
|
2020-08-31 09:01:09 -07:00
|
|
|
|
2020-08-22 13:15:39 -07:00
|
|
|
// Initialize the polynomial commitment parameters
|
2020-12-23 15:09:17 -08:00
|
|
|
let params: Params<EqAffine> = Params::new(K);
|
2020-08-22 13:15:39 -07:00
|
|
|
|
2021-01-20 05:48:51 -08:00
|
|
|
#[derive(Copy, Clone)]
|
2020-08-27 10:43:08 -07:00
|
|
|
struct PLONKConfig {
|
2020-11-05 19:25:50 -08:00
|
|
|
a: Column<Advice>,
|
|
|
|
b: Column<Advice>,
|
|
|
|
c: Column<Advice>,
|
|
|
|
d: Column<Advice>,
|
|
|
|
e: Column<Advice>,
|
|
|
|
|
|
|
|
sa: Column<Fixed>,
|
|
|
|
sb: Column<Fixed>,
|
|
|
|
sc: Column<Fixed>,
|
|
|
|
sm: Column<Fixed>,
|
|
|
|
sp: Column<Fixed>,
|
2020-12-01 11:48:19 -08:00
|
|
|
sl: Column<Fixed>,
|
|
|
|
sl2: Column<Fixed>,
|
2020-08-31 09:01:09 -07:00
|
|
|
|
|
|
|
perm: usize,
|
2020-09-07 08:37:49 -07:00
|
|
|
perm2: usize,
|
2020-08-22 15:10:27 -07:00
|
|
|
}
|
2020-08-27 10:43:08 -07:00
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
trait StandardCS<FF: FieldExt> {
|
2020-08-27 10:43:08 -07:00
|
|
|
fn raw_multiply<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
where
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>;
|
|
|
|
fn raw_add<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
where
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>;
|
2020-09-19 12:31:56 -07:00
|
|
|
fn copy(&mut self, a: Variable, b: Variable) -> Result<(), Error>;
|
|
|
|
fn public_input<F>(&mut self, f: F) -> Result<Variable, Error>
|
2020-09-17 21:02:48 -07:00
|
|
|
where
|
2020-09-19 12:31:56 -07:00
|
|
|
F: FnOnce() -> Result<FF, Error>;
|
2020-12-01 11:48:19 -08:00
|
|
|
fn lookup_table(&mut self, values: &[Vec<FF>]) -> Result<(), Error>;
|
2020-08-27 10:43:08 -07:00
|
|
|
}
|
|
|
|
|
2021-01-20 05:48:51 -08:00
|
|
|
#[derive(Clone)]
|
2020-11-12 16:08:08 -08:00
|
|
|
struct MyCircuit<F: FieldExt> {
|
2020-08-22 13:15:39 -07:00
|
|
|
a: Option<F>,
|
2020-12-01 11:48:19 -08:00
|
|
|
lookup_tables: Vec<Vec<F>>,
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
struct StandardPLONK<'a, F: FieldExt, CS: Assignment<F> + 'a> {
|
2020-08-27 10:43:08 -07:00
|
|
|
cs: &'a mut CS,
|
|
|
|
config: PLONKConfig,
|
|
|
|
current_gate: usize,
|
|
|
|
_marker: PhantomData<F>,
|
|
|
|
}
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
impl<'a, FF: FieldExt, CS: Assignment<FF>> StandardPLONK<'a, FF, CS> {
|
2020-08-27 10:43:08 -07:00
|
|
|
fn new(cs: &'a mut CS, config: PLONKConfig) -> Self {
|
|
|
|
StandardPLONK {
|
|
|
|
cs,
|
|
|
|
config,
|
|
|
|
current_gate: 0,
|
|
|
|
_marker: PhantomData,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
impl<'a, FF: FieldExt, CS: Assignment<FF>> StandardCS<FF> for StandardPLONK<'a, FF, CS> {
|
2020-08-27 10:43:08 -07:00
|
|
|
fn raw_multiply<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
where
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>,
|
|
|
|
{
|
|
|
|
let index = self.current_gate;
|
|
|
|
self.current_gate += 1;
|
|
|
|
let mut value = None;
|
2021-01-22 08:57:38 -08:00
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "lhs",
|
|
|
|
self.config.a,
|
|
|
|
index,
|
|
|
|
|| {
|
|
|
|
value = Some(f()?);
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.0)
|
|
|
|
},
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "lhs^4",
|
|
|
|
self.config.d,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.0.square().square()),
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "rhs",
|
|
|
|
self.config.b,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.1),
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "rhs^4",
|
|
|
|
self.config.e,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.1.square().square()),
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "out",
|
|
|
|
self.config.c,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.2),
|
|
|
|
)?;
|
2020-08-27 10:43:08 -07:00
|
|
|
|
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "a", self.config.sa, index, || Ok(FF::zero()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "b", self.config.sb, index, || Ok(FF::zero()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "c", self.config.sc, index, || Ok(FF::one()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "a * b", self.config.sm, index, || Ok(FF::one()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
Ok((
|
2020-08-31 09:01:09 -07:00
|
|
|
Variable(self.config.a, index),
|
|
|
|
Variable(self.config.b, index),
|
|
|
|
Variable(self.config.c, index),
|
2020-08-27 10:43:08 -07:00
|
|
|
))
|
|
|
|
}
|
|
|
|
fn raw_add<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
where
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>,
|
|
|
|
{
|
|
|
|
let index = self.current_gate;
|
|
|
|
self.current_gate += 1;
|
|
|
|
let mut value = None;
|
2021-01-22 08:57:38 -08:00
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "lhs",
|
|
|
|
self.config.a,
|
|
|
|
index,
|
|
|
|
|| {
|
|
|
|
value = Some(f()?);
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.0)
|
|
|
|
},
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "lhs^4",
|
|
|
|
self.config.d,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.0.square().square()),
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "rhs",
|
|
|
|
self.config.b,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.1),
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "rhs^4",
|
|
|
|
self.config.e,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.1.square().square()),
|
|
|
|
)?;
|
|
|
|
self.cs.assign_advice(
|
|
|
|
|| "out",
|
|
|
|
self.config.c,
|
|
|
|
index,
|
|
|
|
|| Ok(value.ok_or(Error::SynthesisError)?.2),
|
|
|
|
)?;
|
2020-08-27 10:43:08 -07:00
|
|
|
|
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "a", self.config.sa, index, || Ok(FF::one()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "b", self.config.sb, index, || Ok(FF::one()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "c", self.config.sc, index, || Ok(FF::one()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "a * b", self.config.sm, index, || Ok(FF::zero()))?;
|
2020-08-27 10:43:08 -07:00
|
|
|
Ok((
|
2020-08-31 09:01:09 -07:00
|
|
|
Variable(self.config.a, index),
|
|
|
|
Variable(self.config.b, index),
|
|
|
|
Variable(self.config.c, index),
|
2020-08-27 10:43:08 -07:00
|
|
|
))
|
|
|
|
}
|
2020-09-19 12:31:56 -07:00
|
|
|
fn copy(&mut self, left: Variable, right: Variable) -> Result<(), Error> {
|
2020-11-05 19:13:54 -08:00
|
|
|
let left_column = match left.0 {
|
2020-09-19 12:31:56 -07:00
|
|
|
x if x == self.config.a => 0,
|
|
|
|
x if x == self.config.b => 1,
|
|
|
|
x if x == self.config.c => 2,
|
2020-08-31 09:01:09 -07:00
|
|
|
_ => unreachable!(),
|
|
|
|
};
|
2020-11-05 19:13:54 -08:00
|
|
|
let right_column = match right.0 {
|
2020-09-19 12:31:56 -07:00
|
|
|
x if x == self.config.a => 0,
|
|
|
|
x if x == self.config.b => 1,
|
|
|
|
x if x == self.config.c => 2,
|
2020-08-31 09:01:09 -07:00
|
|
|
_ => unreachable!(),
|
|
|
|
};
|
|
|
|
|
|
|
|
self.cs
|
2020-11-05 19:13:54 -08:00
|
|
|
.copy(self.config.perm, left_column, left.1, right_column, right.1)?;
|
|
|
|
self.cs.copy(
|
|
|
|
self.config.perm2,
|
|
|
|
left_column,
|
|
|
|
left.1,
|
|
|
|
right_column,
|
|
|
|
right.1,
|
|
|
|
)
|
2020-08-31 09:01:09 -07:00
|
|
|
}
|
2020-09-19 12:31:56 -07:00
|
|
|
fn public_input<F>(&mut self, f: F) -> Result<Variable, Error>
|
2020-09-17 21:02:48 -07:00
|
|
|
where
|
2020-09-19 12:31:56 -07:00
|
|
|
F: FnOnce() -> Result<FF, Error>,
|
2020-09-17 21:02:48 -07:00
|
|
|
{
|
|
|
|
let index = self.current_gate;
|
|
|
|
self.current_gate += 1;
|
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_advice(|| "value", self.config.a, index, || f())?;
|
|
|
|
self.cs
|
|
|
|
.assign_fixed(|| "public", self.config.sp, index, || Ok(FF::one()))?;
|
2020-09-19 12:31:56 -07:00
|
|
|
|
|
|
|
Ok(Variable(self.config.a, index))
|
2020-09-17 21:02:48 -07:00
|
|
|
}
|
2020-12-01 11:48:19 -08:00
|
|
|
fn lookup_table(&mut self, values: &[Vec<FF>]) -> Result<(), Error> {
|
|
|
|
for (&value_0, &value_1) in values[0].iter().zip(values[1].iter()) {
|
|
|
|
let index = self.current_gate;
|
|
|
|
|
|
|
|
self.current_gate += 1;
|
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "table col 1", self.config.sl, index, || Ok(value_0))?;
|
2020-12-01 11:48:19 -08:00
|
|
|
self.cs
|
2021-01-22 08:57:38 -08:00
|
|
|
.assign_fixed(|| "table col 2", self.config.sl2, index, || Ok(value_1))?;
|
2020-12-01 11:48:19 -08:00
|
|
|
}
|
|
|
|
Ok(())
|
|
|
|
}
|
2020-08-27 10:43:08 -07:00
|
|
|
}
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
impl<F: FieldExt> Circuit<F> for MyCircuit<F> {
|
2020-08-27 10:43:08 -07:00
|
|
|
type Config = PLONKConfig;
|
2020-08-22 14:09:47 -07:00
|
|
|
|
2020-09-11 16:18:41 -07:00
|
|
|
fn configure(meta: &mut ConstraintSystem<F>) -> PLONKConfig {
|
2020-11-05 19:13:54 -08:00
|
|
|
let e = meta.advice_column();
|
|
|
|
let a = meta.advice_column();
|
|
|
|
let b = meta.advice_column();
|
|
|
|
let sf = meta.fixed_column();
|
|
|
|
let c = meta.advice_column();
|
|
|
|
let d = meta.advice_column();
|
2021-02-14 09:30:36 -08:00
|
|
|
let p = meta.instance_column();
|
2020-08-22 15:10:27 -07:00
|
|
|
|
2021-02-17 05:13:25 -08:00
|
|
|
let perm = meta.permutation(&[a.into(), b.into(), c.into()]);
|
|
|
|
let perm2 = meta.permutation(&[a.into(), b.into(), c.into()]);
|
2020-08-31 09:01:09 -07:00
|
|
|
|
2020-11-05 19:13:54 -08:00
|
|
|
let sm = meta.fixed_column();
|
|
|
|
let sa = meta.fixed_column();
|
|
|
|
let sb = meta.fixed_column();
|
|
|
|
let sc = meta.fixed_column();
|
|
|
|
let sp = meta.fixed_column();
|
2020-12-01 11:48:19 -08:00
|
|
|
let sl = meta.fixed_column();
|
|
|
|
let sl2 = meta.fixed_column();
|
|
|
|
|
|
|
|
/*
|
2021-02-14 09:30:36 -08:00
|
|
|
* A B ... sl sl2
|
2020-12-01 11:48:19 -08:00
|
|
|
* [
|
2021-02-14 09:30:36 -08:00
|
|
|
* instance 0 ... 0 0
|
|
|
|
* a a ... 0 0
|
|
|
|
* a a^2 ... 0 0
|
|
|
|
* a a ... 0 0
|
|
|
|
* a a^2 ... 0 0
|
|
|
|
* ... ... ... ... ...
|
|
|
|
* ... ... ... instance 0
|
|
|
|
* ... ... ... a a
|
|
|
|
* ... ... ... a a^2
|
|
|
|
* ... ... ... 0 0
|
2020-12-01 11:48:19 -08:00
|
|
|
* ]
|
|
|
|
*/
|
2020-12-04 20:51:28 -08:00
|
|
|
meta.lookup(&[a.into()], &[sl.into()]);
|
|
|
|
meta.lookup(&[a.into(), b.into()], &[sl.into(), sl2.into()]);
|
2020-08-22 15:10:27 -07:00
|
|
|
|
2021-01-22 11:46:06 -08:00
|
|
|
meta.create_gate("Combined add-mult", |meta| {
|
2020-12-23 08:45:16 -08:00
|
|
|
let d = meta.query_advice(d, Rotation::next());
|
|
|
|
let a = meta.query_advice(a, Rotation::cur());
|
|
|
|
let sf = meta.query_fixed(sf, Rotation::cur());
|
|
|
|
let e = meta.query_advice(e, Rotation::prev());
|
|
|
|
let b = meta.query_advice(b, Rotation::cur());
|
|
|
|
let c = meta.query_advice(c, Rotation::cur());
|
|
|
|
|
|
|
|
let sa = meta.query_fixed(sa, Rotation::cur());
|
|
|
|
let sb = meta.query_fixed(sb, Rotation::cur());
|
|
|
|
let sc = meta.query_fixed(sc, Rotation::cur());
|
|
|
|
let sm = meta.query_fixed(sm, Rotation::cur());
|
2020-09-19 12:31:56 -07:00
|
|
|
|
|
|
|
a.clone() * sa + b.clone() * sb + a * b * sm + (c * sc * (-F::one())) + sf * (d * e)
|
|
|
|
});
|
|
|
|
|
2021-01-22 11:46:06 -08:00
|
|
|
meta.create_gate("Public input", |meta| {
|
2020-12-23 08:45:16 -08:00
|
|
|
let a = meta.query_advice(a, Rotation::cur());
|
2021-02-14 09:30:36 -08:00
|
|
|
let p = meta.query_instance(p, Rotation::cur());
|
2020-12-23 08:45:16 -08:00
|
|
|
let sp = meta.query_fixed(sp, Rotation::cur());
|
2020-09-19 12:31:56 -07:00
|
|
|
|
|
|
|
sp * (a + p * (-F::one()))
|
2020-08-24 07:28:42 -07:00
|
|
|
});
|
|
|
|
|
2020-08-27 10:43:08 -07:00
|
|
|
PLONKConfig {
|
2020-08-22 15:10:27 -07:00
|
|
|
a,
|
|
|
|
b,
|
|
|
|
c,
|
2020-09-06 13:10:25 -07:00
|
|
|
d,
|
|
|
|
e,
|
2020-08-22 15:10:27 -07:00
|
|
|
sa,
|
|
|
|
sb,
|
|
|
|
sc,
|
|
|
|
sm,
|
2020-09-19 12:31:56 -07:00
|
|
|
sp,
|
2020-12-01 11:48:19 -08:00
|
|
|
sl,
|
|
|
|
sl2,
|
2020-08-31 09:01:09 -07:00
|
|
|
perm,
|
2020-09-07 08:37:49 -07:00
|
|
|
perm2,
|
2020-08-22 15:10:27 -07:00
|
|
|
}
|
2020-08-22 14:09:47 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
fn synthesize(
|
|
|
|
&self,
|
2020-09-11 16:18:41 -07:00
|
|
|
cs: &mut impl Assignment<F>,
|
2020-08-27 10:43:08 -07:00
|
|
|
config: PLONKConfig,
|
2020-08-22 14:09:47 -07:00
|
|
|
) -> Result<(), Error> {
|
2020-08-27 10:43:08 -07:00
|
|
|
let mut cs = StandardPLONK::new(cs, config);
|
|
|
|
|
2020-09-19 12:31:56 -07:00
|
|
|
let _ = cs.public_input(|| Ok(F::one() + F::one()))?;
|
|
|
|
|
2020-08-22 15:10:27 -07:00
|
|
|
for _ in 0..10 {
|
2020-08-27 10:43:08 -07:00
|
|
|
let mut a_squared = None;
|
2020-09-05 11:56:45 -07:00
|
|
|
let (a0, _, c0) = cs.raw_multiply(|| {
|
2020-08-27 10:43:08 -07:00
|
|
|
a_squared = self.a.map(|a| a.square());
|
|
|
|
Ok((
|
|
|
|
self.a.ok_or(Error::SynthesisError)?,
|
|
|
|
self.a.ok_or(Error::SynthesisError)?,
|
|
|
|
a_squared.ok_or(Error::SynthesisError)?,
|
|
|
|
))
|
|
|
|
})?;
|
2020-09-05 11:56:45 -07:00
|
|
|
let (a1, b1, _) = cs.raw_add(|| {
|
2020-08-27 10:43:08 -07:00
|
|
|
let fin = a_squared.and_then(|a2| self.a.map(|a| a + a2));
|
|
|
|
Ok((
|
|
|
|
self.a.ok_or(Error::SynthesisError)?,
|
|
|
|
a_squared.ok_or(Error::SynthesisError)?,
|
|
|
|
fin.ok_or(Error::SynthesisError)?,
|
|
|
|
))
|
|
|
|
})?;
|
2020-09-19 12:31:56 -07:00
|
|
|
cs.copy(a0, a1)?;
|
|
|
|
cs.copy(b1, c0)?;
|
2020-08-22 15:10:27 -07:00
|
|
|
}
|
|
|
|
|
2020-12-01 11:48:19 -08:00
|
|
|
cs.lookup_table(&self.lookup_tables)?;
|
|
|
|
|
2020-08-22 13:15:39 -07:00
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-02-17 09:46:20 -08:00
|
|
|
let a = Fp::from_u64(2834758237) * Fp::ZETA;
|
2020-12-01 11:48:19 -08:00
|
|
|
let a_squared = a * &a;
|
2021-02-14 09:30:36 -08:00
|
|
|
let instance = Fp::one() + Fp::one();
|
|
|
|
let lookup_table = vec![instance, a, a, Fp::zero()];
|
2020-12-01 11:48:19 -08:00
|
|
|
let lookup_table_2 = vec![Fp::zero(), a, a_squared, Fp::zero()];
|
|
|
|
|
|
|
|
let empty_circuit: MyCircuit<Fp> = MyCircuit {
|
|
|
|
a: None,
|
|
|
|
lookup_tables: vec![lookup_table.clone(), lookup_table_2.clone()],
|
2020-09-19 12:31:56 -07:00
|
|
|
};
|
|
|
|
|
2020-12-01 11:48:19 -08:00
|
|
|
let circuit: MyCircuit<Fp> = MyCircuit {
|
|
|
|
a: Some(a),
|
|
|
|
lookup_tables: vec![lookup_table, lookup_table_2],
|
|
|
|
};
|
2020-08-24 07:36:41 -07:00
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
// Initialize the proving key
|
2021-01-13 09:23:01 -08:00
|
|
|
let vk = keygen_vk(¶ms, &empty_circuit).expect("keygen_vk should not fail");
|
|
|
|
let pk = keygen_pk(¶ms, vk, &empty_circuit).expect("keygen_pk should not fail");
|
2020-08-22 13:15:39 -07:00
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
let mut pubinputs = pk.get_vk().get_domain().empty_lagrange();
|
2021-02-14 09:30:36 -08:00
|
|
|
pubinputs[0] = instance;
|
2020-09-19 12:31:56 -07:00
|
|
|
let pubinput = params
|
2020-09-25 08:58:19 -07:00
|
|
|
.commit_lagrange(&pubinputs, Blind::default())
|
2020-09-19 12:31:56 -07:00
|
|
|
.to_affine();
|
2020-09-17 21:02:48 -07:00
|
|
|
|
2020-12-21 15:00:39 -08:00
|
|
|
// Check this circuit is satisfied.
|
2021-01-05 14:51:40 -08:00
|
|
|
let prover = match MockProver::run(K, &circuit, vec![pubinputs.to_vec()]) {
|
2020-12-21 15:00:39 -08:00
|
|
|
Ok(prover) => prover,
|
|
|
|
Err(e) => panic!("{:?}", e),
|
|
|
|
};
|
|
|
|
assert_eq!(prover.verify(), Ok(()));
|
|
|
|
|
2020-09-05 10:40:25 -07:00
|
|
|
for _ in 0..100 {
|
2021-01-27 02:30:39 -08:00
|
|
|
let mut transcript = Blake2bWrite::init(vec![]);
|
2020-09-05 10:40:25 -07:00
|
|
|
// Create a proof
|
2020-12-23 12:03:31 -08:00
|
|
|
create_proof(
|
2020-09-17 21:02:48 -07:00
|
|
|
¶ms,
|
2020-09-29 07:25:04 -07:00
|
|
|
&pk,
|
2021-01-20 05:48:51 -08:00
|
|
|
&[circuit.clone(), circuit.clone()],
|
|
|
|
&[&[pubinputs.clone()], &[pubinputs.clone()]],
|
2020-12-23 12:03:31 -08:00
|
|
|
&mut transcript,
|
2020-09-17 21:02:48 -07:00
|
|
|
)
|
|
|
|
.expect("proof generation should not fail");
|
2020-12-23 12:03:31 -08:00
|
|
|
let proof: Vec<u8> = transcript.finalize();
|
2020-08-22 13:15:39 -07:00
|
|
|
|
2020-10-07 09:21:32 -07:00
|
|
|
let pubinput_slice = &[pubinput];
|
2021-01-20 05:48:51 -08:00
|
|
|
let pubinput_slice_copy = &[pubinput];
|
2020-09-15 16:32:39 -07:00
|
|
|
let msm = params.empty_msm();
|
2021-01-27 02:30:39 -08:00
|
|
|
let mut transcript = Blake2bRead::init(&proof[..]);
|
2021-01-20 05:48:51 -08:00
|
|
|
let guard = verify_proof(
|
|
|
|
¶ms,
|
|
|
|
pk.get_vk(),
|
|
|
|
msm,
|
|
|
|
&[pubinput_slice, pubinput_slice_copy],
|
|
|
|
&mut transcript,
|
|
|
|
)
|
|
|
|
.unwrap();
|
2020-09-15 16:32:39 -07:00
|
|
|
{
|
|
|
|
let msm = guard.clone().use_challenges();
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
|
|
|
{
|
|
|
|
let g = guard.compute_g();
|
|
|
|
let (msm, _) = guard.clone().use_g(g);
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
|
|
|
let msm = guard.clone().use_challenges();
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.clone().eval());
|
2021-01-27 02:30:39 -08:00
|
|
|
let mut transcript = Blake2bRead::init(&proof[..]);
|
2021-01-12 07:28:35 -08:00
|
|
|
let mut vk_buffer = vec![];
|
|
|
|
pk.get_vk().write(&mut vk_buffer).unwrap();
|
|
|
|
let vk = VerifyingKey::<EqAffine>::read::<_, MyCircuit<Fp>>(&mut &vk_buffer[..], ¶ms)
|
|
|
|
.unwrap();
|
2021-01-20 05:48:51 -08:00
|
|
|
let guard = verify_proof(
|
|
|
|
¶ms,
|
|
|
|
&vk,
|
|
|
|
msm,
|
|
|
|
&[pubinput_slice, pubinput_slice_copy],
|
|
|
|
&mut transcript,
|
|
|
|
)
|
|
|
|
.unwrap();
|
2020-09-15 16:32:39 -07:00
|
|
|
{
|
|
|
|
let msm = guard.clone().use_challenges();
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
|
|
|
{
|
|
|
|
let g = guard.compute_g();
|
|
|
|
let (msm, _) = guard.clone().use_g(g);
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
2020-09-05 10:40:25 -07:00
|
|
|
}
|
2021-02-17 14:38:43 -08:00
|
|
|
|
|
|
|
// Check that the verification key has not changed unexpectedly
|
|
|
|
{
|
|
|
|
assert_eq!(
|
|
|
|
format!("{:#?}", pk.vk.pinned()),
|
|
|
|
r#####"PinnedVerificationKey {
|
|
|
|
base_modulus: "0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001",
|
|
|
|
scalar_modulus: "0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001",
|
|
|
|
domain: PinnedEvaluationDomain {
|
|
|
|
k: 5,
|
|
|
|
extended_k: 7,
|
|
|
|
omega: 0x0cc3380dc616f2e1daf29ad1560833ed3baea3393eceb7bc8fa36376929b78cc,
|
|
|
|
},
|
|
|
|
cs: PinnedConstraintSystem {
|
|
|
|
num_fixed_columns: 8,
|
|
|
|
num_advice_columns: 5,
|
|
|
|
num_instance_columns: 1,
|
|
|
|
gates: [
|
|
|
|
Sum(
|
|
|
|
Sum(
|
|
|
|
Sum(
|
|
|
|
Sum(
|
|
|
|
Product(
|
|
|
|
Advice(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
Fixed(
|
|
|
|
3,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
Product(
|
|
|
|
Advice(
|
|
|
|
1,
|
|
|
|
),
|
|
|
|
Fixed(
|
|
|
|
4,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
Product(
|
|
|
|
Product(
|
|
|
|
Advice(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
Advice(
|
|
|
|
1,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
Fixed(
|
|
|
|
6,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
Scaled(
|
|
|
|
Product(
|
|
|
|
Advice(
|
|
|
|
2,
|
|
|
|
),
|
|
|
|
Fixed(
|
|
|
|
5,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
0x40000000000000000000000000000000224698fc094cf91b992d30ed00000000,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
Product(
|
|
|
|
Fixed(
|
|
|
|
2,
|
|
|
|
),
|
|
|
|
Product(
|
|
|
|
Advice(
|
|
|
|
3,
|
|
|
|
),
|
|
|
|
Advice(
|
|
|
|
4,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
Product(
|
|
|
|
Fixed(
|
|
|
|
7,
|
|
|
|
),
|
|
|
|
Sum(
|
|
|
|
Advice(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
Scaled(
|
|
|
|
Instance(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
0x40000000000000000000000000000000224698fc094cf91b992d30ed00000000,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
),
|
|
|
|
],
|
|
|
|
advice_queries: [
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 1,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 2,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 3,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 4,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
1,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 0,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
-1,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
],
|
|
|
|
instance_queries: [
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 0,
|
|
|
|
column_type: Instance,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
],
|
|
|
|
fixed_queries: [
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 6,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 7,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 0,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 2,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 3,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 4,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 1,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
(
|
|
|
|
Column {
|
|
|
|
index: 5,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Rotation(
|
|
|
|
0,
|
|
|
|
),
|
|
|
|
),
|
|
|
|
],
|
|
|
|
permutations: [
|
|
|
|
Argument {
|
|
|
|
columns: [
|
|
|
|
Column {
|
|
|
|
index: 1,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Column {
|
|
|
|
index: 2,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Column {
|
|
|
|
index: 3,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
],
|
|
|
|
},
|
|
|
|
Argument {
|
|
|
|
columns: [
|
|
|
|
Column {
|
|
|
|
index: 1,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Column {
|
|
|
|
index: 2,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Column {
|
|
|
|
index: 3,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
],
|
|
|
|
},
|
|
|
|
],
|
|
|
|
lookups: [
|
|
|
|
Argument {
|
|
|
|
input_columns: [
|
|
|
|
Column {
|
|
|
|
index: 1,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
],
|
|
|
|
table_columns: [
|
|
|
|
Column {
|
|
|
|
index: 6,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
],
|
|
|
|
},
|
|
|
|
Argument {
|
|
|
|
input_columns: [
|
|
|
|
Column {
|
|
|
|
index: 1,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
Column {
|
|
|
|
index: 2,
|
|
|
|
column_type: Advice,
|
|
|
|
},
|
|
|
|
],
|
|
|
|
table_columns: [
|
|
|
|
Column {
|
|
|
|
index: 6,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
Column {
|
|
|
|
index: 7,
|
|
|
|
column_type: Fixed,
|
|
|
|
},
|
|
|
|
],
|
|
|
|
},
|
|
|
|
],
|
|
|
|
},
|
|
|
|
fixed_commitments: [
|
|
|
|
(0x3710f15f98bf0a7421343fdf390b9519506c67431a5c78678fbcc4db815c8547, 0x0a3c77f30ab2a2741b21cd45326c87dc7f7050b1a5e8c181a534b9c84a09cb02),
|
|
|
|
(0x115235d6bd2467772db857d66e7f44837cd38bb6ac0c7b412c2997dd47cbbc3c, 0x0f339c20c40e10bed476699e2ddb88256092447582b250f329b0cbf6c3f66f17),
|
|
|
|
(0x2a9ba245dcce53752e1de999b45c975472bb33b58aed8bcebdfcd185627895f0, 0x1252bf596b7acd19625f68845749f6672b99e71238cfabe91ca545103168d0f0),
|
|
|
|
(0x2a9ba245dcce53752e1de999b45c975472bb33b58aed8bcebdfcd185627895f0, 0x1252bf596b7acd19625f68845749f6672b99e71238cfabe91ca545103168d0f0),
|
|
|
|
(0x241d6d9c2060ce821d4b05ff2f9566c3947541f3d14a9aabcdb96c19158e8bc7, 0x39582cc6bdb1a4a88e89c050ad6db0ade34f45ec5791b07de6e694e9627ca66a),
|
|
|
|
(0x1ee805e20232ba31eeae1fa345bd88ac7df81dc43ffb3967a218ea4defc9d17d, 0x2838c83c064d44e87e5c8d05a234ad24d2d4a502a370acb514b430f516c0f0bf),
|
|
|
|
(0x37ead9904c760201ec4734ef398f0bdb5fe5a5e6e9db19c85e6b5483bdeb0a0b, 0x1dc08c38ed713b14f7a21a891a83b52160a3ffb0dccfbd70db7c7eb235dd193e),
|
|
|
|
(0x2dc3d20553691216c988ecbb596c4bda329f27d50bd8a7c2fb0d84b423da3cb4, 0x025b40e800020458e15e3a57268562e6c08c6971d71262bd67c72437cfc60b4c),
|
|
|
|
],
|
|
|
|
permutations: [
|
|
|
|
VerifyingKey {
|
|
|
|
commitments: [
|
|
|
|
(0x289f468bca3471a3d240169ec65047d0c4bb5e1135e81822523c74b596139fed, 0x1a585c821c71fb49c883859f1389bcae45f17593ddb5f9fee1781b27129e1b06),
|
|
|
|
(0x096ef96a7725c636e7ca645dfe539694cf2a988da1ca50a468320f419d008054, 0x1ac0b48a254f8e2311081f81aa4a8ff39e37e40aa4c003325f1ac1219d231818),
|
|
|
|
(0x254c9f0088599aba37607cfd1700c653ef3ec21bfd60b98c3d725678540bc4df, 0x134d9818929589052f3cd80d50140b851db26231b2b784a6b2528a64805598dc),
|
|
|
|
],
|
|
|
|
},
|
|
|
|
VerifyingKey {
|
|
|
|
commitments: [
|
|
|
|
(0x289f468bca3471a3d240169ec65047d0c4bb5e1135e81822523c74b596139fed, 0x1a585c821c71fb49c883859f1389bcae45f17593ddb5f9fee1781b27129e1b06),
|
|
|
|
(0x096ef96a7725c636e7ca645dfe539694cf2a988da1ca50a468320f419d008054, 0x1ac0b48a254f8e2311081f81aa4a8ff39e37e40aa4c003325f1ac1219d231818),
|
|
|
|
(0x254c9f0088599aba37607cfd1700c653ef3ec21bfd60b98c3d725678540bc4df, 0x134d9818929589052f3cd80d50140b851db26231b2b784a6b2528a64805598dc),
|
|
|
|
],
|
|
|
|
},
|
|
|
|
],
|
2021-02-17 14:40:41 -08:00
|
|
|
}"#####
|
|
|
|
);
|
2021-02-17 14:38:43 -08:00
|
|
|
}
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|