2020-08-22 13:15:39 -07:00
|
|
|
//! This module provides an implementation of a variant of (Turbo)[PLONK][plonk]
|
|
|
|
|
//! that is designed specifically for the polynomial commitment scheme described
|
|
|
|
|
//! in the [Halo][halo] paper.
|
|
|
|
|
//!
|
|
|
|
|
//! [halo]: https://eprint.iacr.org/2019/1021
|
|
|
|
|
//! [plonk]: https://eprint.iacr.org/2019/953
|
|
|
|
|
|
|
|
|
|
use crate::arithmetic::CurveAffine;
|
2020-12-01 14:40:54 -08:00
|
|
|
use crate::poly::{multiopen, Coeff, EvaluationDomain, ExtendedLagrangeCoeff, Polynomial};
|
|
|
|
|
use crate::transcript::ChallengeScalar;
|
2020-08-22 13:15:39 -07:00
|
|
|
|
|
|
|
|
mod circuit;
|
2020-09-29 07:25:04 -07:00
|
|
|
mod keygen;
|
2020-11-24 16:49:52 -08:00
|
|
|
mod permutation;
|
2020-08-22 13:15:39 -07:00
|
|
|
mod prover;
|
|
|
|
|
mod verifier;
|
|
|
|
|
|
|
|
|
|
pub use circuit::*;
|
2020-09-29 07:25:04 -07:00
|
|
|
pub use keygen::*;
|
2020-08-22 13:15:39 -07:00
|
|
|
pub use prover::*;
|
|
|
|
|
pub use verifier::*;
|
|
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
/// This is a verifying key which allows for the verification of proofs for a
|
|
|
|
|
/// particular circuit.
|
2020-08-22 13:15:39 -07:00
|
|
|
#[derive(Debug)]
|
2020-09-29 07:25:04 -07:00
|
|
|
pub struct VerifyingKey<C: CurveAffine> {
|
2020-08-22 13:15:39 -07:00
|
|
|
domain: EvaluationDomain<C::Scalar>,
|
2020-08-22 15:10:27 -07:00
|
|
|
fixed_commitments: Vec<C>,
|
2020-11-30 18:09:03 -08:00
|
|
|
permutations: Vec<permutation::VerifyingKey<C>>,
|
2020-09-29 07:25:04 -07:00
|
|
|
cs: ConstraintSystem<C::Scalar>,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// This is a proving key which allows for the creation of proofs for a
|
|
|
|
|
/// particular circuit.
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
pub struct ProvingKey<C: CurveAffine> {
|
|
|
|
|
vk: VerifyingKey<C>,
|
|
|
|
|
// TODO: get rid of this?
|
|
|
|
|
l0: Polynomial<C::Scalar, ExtendedLagrangeCoeff>,
|
2020-09-07 09:22:25 -07:00
|
|
|
fixed_polys: Vec<Polynomial<C::Scalar, Coeff>>,
|
|
|
|
|
fixed_cosets: Vec<Polynomial<C::Scalar, ExtendedLagrangeCoeff>>,
|
2020-11-30 18:09:03 -08:00
|
|
|
permutations: Vec<permutation::ProvingKey<C>>,
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// This is an object which represents a (Turbo)PLONK proof.
|
2020-08-22 15:10:27 -07:00
|
|
|
// This structure must never allow points at infinity.
|
2020-08-22 13:15:39 -07:00
|
|
|
#[derive(Debug, Clone)]
|
|
|
|
|
pub struct Proof<C: CurveAffine> {
|
2020-08-22 15:10:27 -07:00
|
|
|
advice_commitments: Vec<C>,
|
2020-08-22 13:15:39 -07:00
|
|
|
h_commitments: Vec<C>,
|
2020-11-24 16:49:52 -08:00
|
|
|
permutations: Option<permutation::Proof<C>>,
|
2020-08-27 09:25:36 -07:00
|
|
|
advice_evals: Vec<C::Scalar>,
|
2020-09-17 09:33:42 -07:00
|
|
|
aux_evals: Vec<C::Scalar>,
|
2020-08-27 09:25:36 -07:00
|
|
|
fixed_evals: Vec<C::Scalar>,
|
|
|
|
|
h_evals: Vec<C::Scalar>,
|
2020-09-29 00:23:41 -07:00
|
|
|
multiopening: multiopen::Proof<C>,
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// This is an error that could occur during proving or circuit synthesis.
|
|
|
|
|
// TODO: these errors need to be cleaned up
|
|
|
|
|
#[derive(Debug)]
|
|
|
|
|
pub enum Error {
|
|
|
|
|
/// This is an error that can occur during synthesis of the circuit, for
|
|
|
|
|
/// example, when the witness is not present.
|
|
|
|
|
SynthesisError,
|
|
|
|
|
/// The structured reference string or the parameters are not compatible
|
|
|
|
|
/// with the circuit being synthesized.
|
|
|
|
|
IncompatibleParams,
|
|
|
|
|
/// The constraint system is not satisfied.
|
|
|
|
|
ConstraintSystemFailure,
|
2020-08-22 15:10:27 -07:00
|
|
|
/// Out of bounds index passed to a backend
|
|
|
|
|
BoundsFailure,
|
2020-09-15 16:32:39 -07:00
|
|
|
/// Opening error
|
|
|
|
|
OpeningError,
|
2020-10-14 16:35:06 -07:00
|
|
|
/// Transcript error
|
|
|
|
|
TranscriptError,
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|
|
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
impl<C: CurveAffine> ProvingKey<C> {
|
2020-09-29 07:28:00 -07:00
|
|
|
/// Get the underlying [`VerifyingKey`].
|
2020-09-29 07:25:04 -07:00
|
|
|
pub fn get_vk(&self) -> &VerifyingKey<C> {
|
|
|
|
|
&self.vk
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl<C: CurveAffine> VerifyingKey<C> {
|
2020-09-29 07:28:00 -07:00
|
|
|
/// Get the underlying [`EvaluationDomain`].
|
2020-09-29 07:25:04 -07:00
|
|
|
pub fn get_domain(&self) -> &EvaluationDomain<C::Scalar> {
|
|
|
|
|
&self.domain
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-25 11:26:31 -08:00
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct Beta;
|
|
|
|
|
type ChallengeBeta<F> = ChallengeScalar<F, Beta>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
|
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct Gamma;
|
|
|
|
|
type ChallengeGamma<F> = ChallengeScalar<F, Gamma>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
|
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct Y;
|
|
|
|
|
type ChallengeY<F> = ChallengeScalar<F, Y>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
|
|
|
|
#[derive(Clone, Copy, Debug)]
|
2020-12-01 13:14:14 -08:00
|
|
|
struct X;
|
|
|
|
|
type ChallengeX<F> = ChallengeScalar<F, X>;
|
2020-11-25 11:26:31 -08:00
|
|
|
|
2020-08-22 13:15:39 -07:00
|
|
|
#[test]
|
|
|
|
|
fn test_proving() {
|
2020-11-12 16:08:08 -08:00
|
|
|
use crate::arithmetic::{Curve, FieldExt};
|
2020-09-17 21:02:48 -07:00
|
|
|
use crate::poly::commitment::{Blind, Params};
|
2020-08-22 13:15:39 -07:00
|
|
|
use crate::transcript::DummyHash;
|
2020-11-12 12:13:13 -08:00
|
|
|
use crate::tweedle::{EqAffine, Fp, Fq};
|
2020-11-05 19:25:50 -08:00
|
|
|
use circuit::{Advice, Column, Fixed};
|
2020-08-27 10:43:08 -07:00
|
|
|
use std::marker::PhantomData;
|
2020-08-22 13:15:39 -07:00
|
|
|
const K: u32 = 5;
|
|
|
|
|
|
2020-11-05 19:13:54 -08:00
|
|
|
/// This represents an advice column at a certain row in the ConstraintSystem
|
2020-08-31 09:01:09 -07:00
|
|
|
#[derive(Copy, Clone, Debug)]
|
2020-11-05 19:25:50 -08:00
|
|
|
pub struct Variable(Column<Advice>, usize);
|
2020-08-31 09:01:09 -07:00
|
|
|
|
2020-08-22 13:15:39 -07:00
|
|
|
// Initialize the polynomial commitment parameters
|
|
|
|
|
let params: Params<EqAffine> = Params::new::<DummyHash<Fq>>(K);
|
|
|
|
|
|
2020-08-27 10:43:08 -07:00
|
|
|
struct PLONKConfig {
|
2020-11-05 19:25:50 -08:00
|
|
|
a: Column<Advice>,
|
|
|
|
|
b: Column<Advice>,
|
|
|
|
|
c: Column<Advice>,
|
|
|
|
|
d: Column<Advice>,
|
|
|
|
|
e: Column<Advice>,
|
|
|
|
|
|
|
|
|
|
sa: Column<Fixed>,
|
|
|
|
|
sb: Column<Fixed>,
|
|
|
|
|
sc: Column<Fixed>,
|
|
|
|
|
sm: Column<Fixed>,
|
|
|
|
|
sp: Column<Fixed>,
|
2020-08-31 09:01:09 -07:00
|
|
|
|
|
|
|
|
perm: usize,
|
2020-09-07 08:37:49 -07:00
|
|
|
perm2: usize,
|
2020-08-22 15:10:27 -07:00
|
|
|
}
|
2020-08-27 10:43:08 -07:00
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
trait StandardCS<FF: FieldExt> {
|
2020-08-27 10:43:08 -07:00
|
|
|
fn raw_multiply<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
|
where
|
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>;
|
|
|
|
|
fn raw_add<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
|
where
|
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>;
|
2020-09-19 12:31:56 -07:00
|
|
|
fn copy(&mut self, a: Variable, b: Variable) -> Result<(), Error>;
|
|
|
|
|
fn public_input<F>(&mut self, f: F) -> Result<Variable, Error>
|
2020-09-17 21:02:48 -07:00
|
|
|
where
|
2020-09-19 12:31:56 -07:00
|
|
|
F: FnOnce() -> Result<FF, Error>;
|
2020-08-27 10:43:08 -07:00
|
|
|
}
|
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
struct MyCircuit<F: FieldExt> {
|
2020-08-22 13:15:39 -07:00
|
|
|
a: Option<F>,
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
struct StandardPLONK<'a, F: FieldExt, CS: Assignment<F> + 'a> {
|
2020-08-27 10:43:08 -07:00
|
|
|
cs: &'a mut CS,
|
|
|
|
|
config: PLONKConfig,
|
|
|
|
|
current_gate: usize,
|
|
|
|
|
_marker: PhantomData<F>,
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
impl<'a, FF: FieldExt, CS: Assignment<FF>> StandardPLONK<'a, FF, CS> {
|
2020-08-27 10:43:08 -07:00
|
|
|
fn new(cs: &'a mut CS, config: PLONKConfig) -> Self {
|
|
|
|
|
StandardPLONK {
|
|
|
|
|
cs,
|
|
|
|
|
config,
|
|
|
|
|
current_gate: 0,
|
|
|
|
|
_marker: PhantomData,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
impl<'a, FF: FieldExt, CS: Assignment<FF>> StandardCS<FF> for StandardPLONK<'a, FF, CS> {
|
2020-08-27 10:43:08 -07:00
|
|
|
fn raw_multiply<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
|
where
|
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>,
|
|
|
|
|
{
|
|
|
|
|
let index = self.current_gate;
|
|
|
|
|
self.current_gate += 1;
|
|
|
|
|
let mut value = None;
|
|
|
|
|
self.cs.assign_advice(self.config.a, index, || {
|
|
|
|
|
value = Some(f()?);
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.0)
|
|
|
|
|
})?;
|
2020-09-06 13:10:25 -07:00
|
|
|
self.cs.assign_advice(self.config.d, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.0.square().square())
|
|
|
|
|
})?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs.assign_advice(self.config.b, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.1)
|
|
|
|
|
})?;
|
2020-09-06 13:10:25 -07:00
|
|
|
self.cs.assign_advice(self.config.e, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.1.square().square())
|
|
|
|
|
})?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs.assign_advice(self.config.c, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.2)
|
|
|
|
|
})?;
|
|
|
|
|
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sa, index, || Ok(FF::zero()))?;
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sb, index, || Ok(FF::zero()))?;
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sc, index, || Ok(FF::one()))?;
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sm, index, || Ok(FF::one()))?;
|
|
|
|
|
Ok((
|
2020-08-31 09:01:09 -07:00
|
|
|
Variable(self.config.a, index),
|
|
|
|
|
Variable(self.config.b, index),
|
|
|
|
|
Variable(self.config.c, index),
|
2020-08-27 10:43:08 -07:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
fn raw_add<F>(&mut self, f: F) -> Result<(Variable, Variable, Variable), Error>
|
|
|
|
|
where
|
|
|
|
|
F: FnOnce() -> Result<(FF, FF, FF), Error>,
|
|
|
|
|
{
|
|
|
|
|
let index = self.current_gate;
|
|
|
|
|
self.current_gate += 1;
|
|
|
|
|
let mut value = None;
|
|
|
|
|
self.cs.assign_advice(self.config.a, index, || {
|
|
|
|
|
value = Some(f()?);
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.0)
|
|
|
|
|
})?;
|
2020-09-06 13:10:25 -07:00
|
|
|
self.cs.assign_advice(self.config.d, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.0.square().square())
|
|
|
|
|
})?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs.assign_advice(self.config.b, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.1)
|
|
|
|
|
})?;
|
2020-09-06 13:10:25 -07:00
|
|
|
self.cs.assign_advice(self.config.e, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.1.square().square())
|
|
|
|
|
})?;
|
2020-08-27 10:43:08 -07:00
|
|
|
self.cs.assign_advice(self.config.c, index, || {
|
|
|
|
|
Ok(value.ok_or(Error::SynthesisError)?.2)
|
|
|
|
|
})?;
|
|
|
|
|
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sa, index, || Ok(FF::one()))?;
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sb, index, || Ok(FF::one()))?;
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sc, index, || Ok(FF::one()))?;
|
|
|
|
|
self.cs
|
|
|
|
|
.assign_fixed(self.config.sm, index, || Ok(FF::zero()))?;
|
|
|
|
|
Ok((
|
2020-08-31 09:01:09 -07:00
|
|
|
Variable(self.config.a, index),
|
|
|
|
|
Variable(self.config.b, index),
|
|
|
|
|
Variable(self.config.c, index),
|
2020-08-27 10:43:08 -07:00
|
|
|
))
|
|
|
|
|
}
|
2020-09-19 12:31:56 -07:00
|
|
|
fn copy(&mut self, left: Variable, right: Variable) -> Result<(), Error> {
|
2020-11-05 19:13:54 -08:00
|
|
|
let left_column = match left.0 {
|
2020-09-19 12:31:56 -07:00
|
|
|
x if x == self.config.a => 0,
|
|
|
|
|
x if x == self.config.b => 1,
|
|
|
|
|
x if x == self.config.c => 2,
|
2020-08-31 09:01:09 -07:00
|
|
|
_ => unreachable!(),
|
|
|
|
|
};
|
2020-11-05 19:13:54 -08:00
|
|
|
let right_column = match right.0 {
|
2020-09-19 12:31:56 -07:00
|
|
|
x if x == self.config.a => 0,
|
|
|
|
|
x if x == self.config.b => 1,
|
|
|
|
|
x if x == self.config.c => 2,
|
2020-08-31 09:01:09 -07:00
|
|
|
_ => unreachable!(),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
self.cs
|
2020-11-05 19:13:54 -08:00
|
|
|
.copy(self.config.perm, left_column, left.1, right_column, right.1)?;
|
|
|
|
|
self.cs.copy(
|
|
|
|
|
self.config.perm2,
|
|
|
|
|
left_column,
|
|
|
|
|
left.1,
|
|
|
|
|
right_column,
|
|
|
|
|
right.1,
|
|
|
|
|
)
|
2020-08-31 09:01:09 -07:00
|
|
|
}
|
2020-09-19 12:31:56 -07:00
|
|
|
fn public_input<F>(&mut self, f: F) -> Result<Variable, Error>
|
2020-09-17 21:02:48 -07:00
|
|
|
where
|
2020-09-19 12:31:56 -07:00
|
|
|
F: FnOnce() -> Result<FF, Error>,
|
2020-09-17 21:02:48 -07:00
|
|
|
{
|
|
|
|
|
let index = self.current_gate;
|
|
|
|
|
self.current_gate += 1;
|
2020-09-19 12:31:56 -07:00
|
|
|
self.cs.assign_advice(self.config.a, index, || f())?;
|
2020-09-17 21:02:48 -07:00
|
|
|
self.cs
|
2020-09-19 12:31:56 -07:00
|
|
|
.assign_fixed(self.config.sp, index, || Ok(FF::one()))?;
|
|
|
|
|
|
|
|
|
|
Ok(Variable(self.config.a, index))
|
2020-09-17 21:02:48 -07:00
|
|
|
}
|
2020-08-27 10:43:08 -07:00
|
|
|
}
|
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
impl<F: FieldExt> Circuit<F> for MyCircuit<F> {
|
2020-08-27 10:43:08 -07:00
|
|
|
type Config = PLONKConfig;
|
2020-08-22 14:09:47 -07:00
|
|
|
|
2020-09-11 16:18:41 -07:00
|
|
|
fn configure(meta: &mut ConstraintSystem<F>) -> PLONKConfig {
|
2020-11-05 19:13:54 -08:00
|
|
|
let e = meta.advice_column();
|
|
|
|
|
let a = meta.advice_column();
|
|
|
|
|
let b = meta.advice_column();
|
|
|
|
|
let sf = meta.fixed_column();
|
|
|
|
|
let c = meta.advice_column();
|
|
|
|
|
let d = meta.advice_column();
|
|
|
|
|
let p = meta.aux_column();
|
2020-08-22 15:10:27 -07:00
|
|
|
|
2020-09-19 12:31:56 -07:00
|
|
|
let perm = meta.permutation(&[a, b, c]);
|
|
|
|
|
let perm2 = meta.permutation(&[a, b, c]);
|
2020-08-31 09:01:09 -07:00
|
|
|
|
2020-11-05 19:13:54 -08:00
|
|
|
let sm = meta.fixed_column();
|
|
|
|
|
let sa = meta.fixed_column();
|
|
|
|
|
let sb = meta.fixed_column();
|
|
|
|
|
let sc = meta.fixed_column();
|
|
|
|
|
let sp = meta.fixed_column();
|
2020-08-22 15:10:27 -07:00
|
|
|
|
2020-08-24 07:28:42 -07:00
|
|
|
meta.create_gate(|meta| {
|
2020-09-06 13:10:25 -07:00
|
|
|
let d = meta.query_advice(d, 1);
|
2020-08-24 07:28:42 -07:00
|
|
|
let a = meta.query_advice(a, 0);
|
2020-09-06 13:10:25 -07:00
|
|
|
let sf = meta.query_fixed(sf, 0);
|
|
|
|
|
let e = meta.query_advice(e, -1);
|
2020-08-24 07:28:42 -07:00
|
|
|
let b = meta.query_advice(b, 0);
|
|
|
|
|
let c = meta.query_advice(c, 0);
|
|
|
|
|
|
|
|
|
|
let sa = meta.query_fixed(sa, 0);
|
|
|
|
|
let sb = meta.query_fixed(sb, 0);
|
|
|
|
|
let sc = meta.query_fixed(sc, 0);
|
|
|
|
|
let sm = meta.query_fixed(sm, 0);
|
2020-09-19 12:31:56 -07:00
|
|
|
|
|
|
|
|
a.clone() * sa + b.clone() * sb + a * b * sm + (c * sc * (-F::one())) + sf * (d * e)
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
meta.create_gate(|meta| {
|
|
|
|
|
let a = meta.query_advice(a, 0);
|
|
|
|
|
let p = meta.query_aux(p, 0);
|
|
|
|
|
let sp = meta.query_fixed(sp, 0);
|
|
|
|
|
|
|
|
|
|
sp * (a + p * (-F::one()))
|
2020-08-24 07:28:42 -07:00
|
|
|
});
|
|
|
|
|
|
2020-08-27 10:43:08 -07:00
|
|
|
PLONKConfig {
|
2020-08-22 15:10:27 -07:00
|
|
|
a,
|
|
|
|
|
b,
|
|
|
|
|
c,
|
2020-09-06 13:10:25 -07:00
|
|
|
d,
|
|
|
|
|
e,
|
2020-08-22 15:10:27 -07:00
|
|
|
sa,
|
|
|
|
|
sb,
|
|
|
|
|
sc,
|
|
|
|
|
sm,
|
2020-09-19 12:31:56 -07:00
|
|
|
sp,
|
2020-08-31 09:01:09 -07:00
|
|
|
perm,
|
2020-09-07 08:37:49 -07:00
|
|
|
perm2,
|
2020-08-22 15:10:27 -07:00
|
|
|
}
|
2020-08-22 14:09:47 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn synthesize(
|
|
|
|
|
&self,
|
2020-09-11 16:18:41 -07:00
|
|
|
cs: &mut impl Assignment<F>,
|
2020-08-27 10:43:08 -07:00
|
|
|
config: PLONKConfig,
|
2020-08-22 14:09:47 -07:00
|
|
|
) -> Result<(), Error> {
|
2020-08-27 10:43:08 -07:00
|
|
|
let mut cs = StandardPLONK::new(cs, config);
|
|
|
|
|
|
2020-09-19 12:31:56 -07:00
|
|
|
let _ = cs.public_input(|| Ok(F::one() + F::one()))?;
|
|
|
|
|
|
2020-08-22 15:10:27 -07:00
|
|
|
for _ in 0..10 {
|
2020-08-27 10:43:08 -07:00
|
|
|
let mut a_squared = None;
|
2020-09-05 11:56:45 -07:00
|
|
|
let (a0, _, c0) = cs.raw_multiply(|| {
|
2020-08-27 10:43:08 -07:00
|
|
|
a_squared = self.a.map(|a| a.square());
|
|
|
|
|
Ok((
|
|
|
|
|
self.a.ok_or(Error::SynthesisError)?,
|
|
|
|
|
self.a.ok_or(Error::SynthesisError)?,
|
|
|
|
|
a_squared.ok_or(Error::SynthesisError)?,
|
|
|
|
|
))
|
|
|
|
|
})?;
|
2020-09-05 11:56:45 -07:00
|
|
|
let (a1, b1, _) = cs.raw_add(|| {
|
2020-08-27 10:43:08 -07:00
|
|
|
let fin = a_squared.and_then(|a2| self.a.map(|a| a + a2));
|
|
|
|
|
Ok((
|
|
|
|
|
self.a.ok_or(Error::SynthesisError)?,
|
|
|
|
|
a_squared.ok_or(Error::SynthesisError)?,
|
|
|
|
|
fin.ok_or(Error::SynthesisError)?,
|
|
|
|
|
))
|
|
|
|
|
})?;
|
2020-09-19 12:31:56 -07:00
|
|
|
cs.copy(a0, a1)?;
|
|
|
|
|
cs.copy(b1, c0)?;
|
2020-08-22 15:10:27 -07:00
|
|
|
}
|
|
|
|
|
|
2020-08-22 13:15:39 -07:00
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-19 12:31:56 -07:00
|
|
|
let circuit: MyCircuit<Fp> = MyCircuit {
|
2020-11-12 16:08:08 -08:00
|
|
|
a: Some(Fp::rand()),
|
2020-09-19 12:31:56 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let empty_circuit: MyCircuit<Fp> = MyCircuit { a: None };
|
2020-08-24 07:36:41 -07:00
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
// Initialize the proving key
|
|
|
|
|
let pk = keygen(¶ms, &empty_circuit).expect("keygen should not fail");
|
2020-08-22 13:15:39 -07:00
|
|
|
|
2020-09-29 07:25:04 -07:00
|
|
|
let mut pubinputs = pk.get_vk().get_domain().empty_lagrange();
|
2020-09-19 12:31:56 -07:00
|
|
|
pubinputs[0] = Fp::one();
|
|
|
|
|
pubinputs[0] += Fp::one();
|
|
|
|
|
let pubinput = params
|
2020-09-25 08:58:19 -07:00
|
|
|
.commit_lagrange(&pubinputs, Blind::default())
|
2020-09-19 12:31:56 -07:00
|
|
|
.to_affine();
|
2020-09-17 21:02:48 -07:00
|
|
|
|
2020-09-05 10:40:25 -07:00
|
|
|
for _ in 0..100 {
|
|
|
|
|
// Create a proof
|
2020-09-17 21:02:48 -07:00
|
|
|
let proof = Proof::create::<DummyHash<Fq>, DummyHash<Fp>, _>(
|
|
|
|
|
¶ms,
|
2020-09-29 07:25:04 -07:00
|
|
|
&pk,
|
2020-09-17 21:02:48 -07:00
|
|
|
&circuit,
|
2020-09-19 12:31:56 -07:00
|
|
|
&[pubinputs.clone()],
|
2020-09-17 21:02:48 -07:00
|
|
|
)
|
|
|
|
|
.expect("proof generation should not fail");
|
2020-08-22 13:15:39 -07:00
|
|
|
|
2020-10-07 09:21:32 -07:00
|
|
|
let pubinput_slice = &[pubinput];
|
2020-09-15 16:32:39 -07:00
|
|
|
let msm = params.empty_msm();
|
|
|
|
|
let guard = proof
|
2020-10-07 09:21:32 -07:00
|
|
|
.verify::<DummyHash<Fq>, DummyHash<Fp>>(¶ms, pk.get_vk(), msm, pubinput_slice)
|
2020-09-13 08:10:06 -07:00
|
|
|
.unwrap();
|
2020-09-15 16:32:39 -07:00
|
|
|
{
|
|
|
|
|
let msm = guard.clone().use_challenges();
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
let g = guard.compute_g();
|
|
|
|
|
let (msm, _) = guard.clone().use_g(g);
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
|
|
|
|
let msm = guard.clone().use_challenges();
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.clone().eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
let guard = proof
|
2020-10-07 09:21:32 -07:00
|
|
|
.verify::<DummyHash<Fq>, DummyHash<Fp>>(¶ms, pk.get_vk(), msm, pubinput_slice)
|
2020-09-15 16:32:39 -07:00
|
|
|
.unwrap();
|
|
|
|
|
{
|
|
|
|
|
let msm = guard.clone().use_challenges();
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
let g = guard.compute_g();
|
|
|
|
|
let (msm, _) = guard.clone().use_g(g);
|
2020-09-20 12:09:03 -07:00
|
|
|
assert!(msm.eval());
|
2020-09-15 16:32:39 -07:00
|
|
|
}
|
2020-09-05 10:40:25 -07:00
|
|
|
}
|
2020-08-22 13:15:39 -07:00
|
|
|
}
|
