diff --git a/examples/sha256/benches.rs b/examples/sha256/benches.rs index 25d2d68f..60f6e053 100644 --- a/examples/sha256/benches.rs +++ b/examples/sha256/benches.rs @@ -128,7 +128,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) { // Create a proof let proof_path = Path::new("./benches/sha256_assets/sha256_proof"); if File::open(&proof_path).is_err() { - let mut transcript = Blake2bWrite::<_, _, Challenge255>::init(vec![]); + let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]); create_proof(¶ms, &pk, &[circuit], &[], &mut transcript) .expect("proof generation should not fail"); let proof: Vec = transcript.finalize(); @@ -145,7 +145,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) { c.bench_function(&verifier_name, |b| { b.iter(|| { let msm = params.empty_msm(); - let mut transcript = Blake2bRead::<_, _, Challenge255>::init(&proof[..]); + let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]); let guard = verify_proof(¶ms, pk.get_vk(), msm, &[], &mut transcript).unwrap(); let msm = guard.clone().use_challenges(); assert!(msm.eval()); diff --git a/src/plonk.rs b/src/plonk.rs index 3be83ea2..05b79029 100644 --- a/src/plonk.rs +++ b/src/plonk.rs @@ -79,7 +79,7 @@ impl VerifyingKey { } /// Hashes a verification key into a transcript. - pub fn hash_into, T: Transcript>( + pub fn hash_into, T: Transcript>( &self, transcript: &mut T, ) -> io::Result<()> { diff --git a/src/plonk/lookup/prover.rs b/src/plonk/lookup/prover.rs index fa2f1df4..a2528bf2 100644 --- a/src/plonk/lookup/prover.rs +++ b/src/plonk/lookup/prover.rs @@ -75,9 +75,8 @@ impl Argument { pub(in crate::plonk) fn commit_permuted< 'a, C, - I, - E: EncodedChallenge, - T: TranscriptWrite, + E: EncodedChallenge, + T: TranscriptWrite, >( &self, pk: &ProvingKey, @@ -250,11 +249,7 @@ impl Permuted { /// grand product polynomial over the lookup. The grand product polynomial /// is used to populate the Product struct. The Product struct is /// added to the Lookup and finally returned by the method. - pub(in crate::plonk) fn commit_product< - I, - E: EncodedChallenge, - T: TranscriptWrite, - >( + pub(in crate::plonk) fn commit_product, T: TranscriptWrite>( self, pk: &ProvingKey, params: &Params, @@ -498,7 +493,7 @@ impl<'a, C: CurveAffine> Committed { } impl Constructed { - pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( + pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( self, pk: &ProvingKey, x: ChallengeX, diff --git a/src/plonk/lookup/verifier.rs b/src/plonk/lookup/verifier.rs index 44b542eb..10c9f8d0 100644 --- a/src/plonk/lookup/verifier.rs +++ b/src/plonk/lookup/verifier.rs @@ -34,9 +34,8 @@ pub struct Evaluated { impl Argument { pub(in crate::plonk) fn read_permuted_commitments< C: CurveAffine, - I, - E: EncodedChallenge, - T: TranscriptRead, + E: EncodedChallenge, + T: TranscriptRead, >( &self, transcript: &mut T, @@ -57,9 +56,8 @@ impl Argument { impl PermutationCommitments { pub(in crate::plonk) fn read_product_commitment< - I, - E: EncodedChallenge, - T: TranscriptRead, + E: EncodedChallenge, + T: TranscriptRead, >( self, transcript: &mut T, @@ -76,7 +74,7 @@ impl PermutationCommitments { } impl Committed { - pub(crate) fn evaluate, T: TranscriptRead>( + pub(crate) fn evaluate, T: TranscriptRead>( self, transcript: &mut T, ) -> Result, Error> { diff --git a/src/plonk/permutation/prover.rs b/src/plonk/permutation/prover.rs index bc338e8a..70928906 100644 --- a/src/plonk/permutation/prover.rs +++ b/src/plonk/permutation/prover.rs @@ -34,9 +34,8 @@ pub(crate) struct Evaluated { impl Argument { pub(in crate::plonk) fn commit< C: CurveAffine, - I, - E: EncodedChallenge, - T: TranscriptWrite, + E: EncodedChallenge, + T: TranscriptWrite, >( &self, params: &Params, @@ -258,7 +257,7 @@ impl super::ProvingKey { } impl Constructed { - pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( + pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( self, pk: &plonk::ProvingKey, pkey: &ProvingKey, diff --git a/src/plonk/permutation/verifier.rs b/src/plonk/permutation/verifier.rs index 7fd776fa..c19a7b7a 100644 --- a/src/plonk/permutation/verifier.rs +++ b/src/plonk/permutation/verifier.rs @@ -24,9 +24,8 @@ pub struct Evaluated { impl Argument { pub(crate) fn read_product_commitment< C: CurveAffine, - I, - E: EncodedChallenge, - T: TranscriptRead, + E: EncodedChallenge, + T: TranscriptRead, >( &self, transcript: &mut T, @@ -42,7 +41,7 @@ impl Argument { } impl Committed { - pub(crate) fn evaluate, T: TranscriptRead>( + pub(crate) fn evaluate, T: TranscriptRead>( self, vkey: &VerifyingKey, transcript: &mut T, diff --git a/src/plonk/prover.rs b/src/plonk/prover.rs index b6fdf7b7..fa321f4f 100644 --- a/src/plonk/prover.rs +++ b/src/plonk/prover.rs @@ -20,8 +20,8 @@ use crate::transcript::{EncodedChallenge, TranscriptWrite}; /// generated previously for the same circuit. pub fn create_proof< C: CurveAffine, - E: EncodedChallenge, - T: TranscriptWrite, + E: EncodedChallenge, + T: TranscriptWrite, ConcreteCircuit: Circuit, >( params: &Params, diff --git a/src/plonk/vanishing/prover.rs b/src/plonk/vanishing/prover.rs index e2d67eb6..f4e8070f 100644 --- a/src/plonk/vanishing/prover.rs +++ b/src/plonk/vanishing/prover.rs @@ -23,7 +23,7 @@ pub(in crate::plonk) struct Evaluated { } impl Argument { - pub(in crate::plonk) fn construct, T: TranscriptWrite>( + pub(in crate::plonk) fn construct, T: TranscriptWrite>( params: &Params, domain: &EvaluationDomain, expressions: impl Iterator>, @@ -69,7 +69,7 @@ impl Argument { } impl Constructed { - pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( + pub(in crate::plonk) fn evaluate, T: TranscriptWrite>( self, x: ChallengeX, transcript: &mut T, diff --git a/src/plonk/vanishing/verifier.rs b/src/plonk/vanishing/verifier.rs index 9c2f5a44..d9e68f31 100644 --- a/src/plonk/vanishing/verifier.rs +++ b/src/plonk/vanishing/verifier.rs @@ -20,11 +20,7 @@ pub struct Evaluated { } impl Argument { - pub(in crate::plonk) fn read_commitments< - I, - E: EncodedChallenge, - T: TranscriptRead, - >( + pub(in crate::plonk) fn read_commitments, T: TranscriptRead>( vk: &VerifyingKey, transcript: &mut T, ) -> Result, Error> { @@ -37,7 +33,7 @@ impl Argument { } impl Committed { - pub(in crate::plonk) fn evaluate, T: TranscriptRead>( + pub(in crate::plonk) fn evaluate, T: TranscriptRead>( self, transcript: &mut T, ) -> Result, Error> { diff --git a/src/plonk/verifier.rs b/src/plonk/verifier.rs index 7b82b80c..a9f89cca 100644 --- a/src/plonk/verifier.rs +++ b/src/plonk/verifier.rs @@ -13,18 +13,13 @@ use crate::poly::{ use crate::transcript::{read_n_points, read_n_scalars, EncodedChallenge, TranscriptRead}; /// Returns a boolean indicating whether or not the proof is valid -pub fn verify_proof< - 'a, - C: CurveAffine, - E: EncodedChallenge, - T: TranscriptRead, ->( +pub fn verify_proof<'a, C: CurveAffine, E: EncodedChallenge, T: TranscriptRead>( params: &'a Params, vk: &VerifyingKey, msm: MSM<'a, C>, instance_commitments: &[&[C]], transcript: &mut T, -) -> Result, Error> { +) -> Result, Error> { // Check that instance_commitments matches the expected number of instance columns for instance_commitments in instance_commitments.iter() { if instance_commitments.len() != vk.cs.num_instance_columns { diff --git a/src/poly/commitment.rs b/src/poly/commitment.rs index 74ee85e9..5f832be4 100644 --- a/src/poly/commitment.rs +++ b/src/poly/commitment.rs @@ -326,7 +326,7 @@ fn test_opening_proof() { let p = params.commit(&px, blind).to_affine(); - let mut transcript = Blake2bWrite::, EpAffine, Challenge255>::init(vec![]); + let mut transcript = Blake2bWrite::, EpAffine, Challenge255>::init(vec![]); transcript.write_point(p).unwrap(); let x = transcript.squeeze_challenge_scalar::<()>(); // Evaluate the polynomial @@ -340,7 +340,7 @@ fn test_opening_proof() { }; // Verify the opening proof - let mut transcript = Blake2bRead::<&[u8], EpAffine, Challenge255>::init(&proof[..]); + let mut transcript = Blake2bRead::<&[u8], EpAffine, Challenge255>::init(&proof[..]); let p_prime = transcript.read_point().unwrap(); assert_eq!(p, p_prime); let x_prime = transcript.squeeze_challenge_scalar::<()>(); diff --git a/src/poly/commitment/prover.rs b/src/poly/commitment/prover.rs index cdc8daad..00a6b523 100644 --- a/src/poly/commitment/prover.rs +++ b/src/poly/commitment/prover.rs @@ -23,7 +23,7 @@ use std::io; /// opening v, and the point x. It's probably also nice for the transcript /// to have seen the elliptic curve description and the URS, if you want to /// be rigorous. -pub fn create_proof, T: TranscriptWrite>( +pub fn create_proof, T: TranscriptWrite>( params: &Params, transcript: &mut T, px: &Polynomial, diff --git a/src/poly/commitment/verifier.rs b/src/poly/commitment/verifier.rs index 16716a9e..a8bbe5d2 100644 --- a/src/poly/commitment/verifier.rs +++ b/src/poly/commitment/verifier.rs @@ -1,6 +1,5 @@ use ff::Field; use group::Curve; -use std::marker::PhantomData; use super::super::Error; use super::{Params, MSM}; @@ -10,27 +9,25 @@ use crate::arithmetic::{best_multiexp, BatchInvert, CurveAffine}; /// A guard returned by the verifier #[derive(Debug, Clone)] -pub struct Guard<'a, C: CurveAffine, I, E: EncodedChallenge> { +pub struct Guard<'a, C: CurveAffine, E: EncodedChallenge> { msm: MSM<'a, C>, neg_a: C::Scalar, challenges: Vec, challenges_packed: Vec, - _marker: PhantomData, } /// An accumulator instance consisting of an evaluation claim and a proof. #[derive(Debug, Clone)] -pub struct Accumulator> { +pub struct Accumulator> { /// The claimed output of the linear-time polycommit opening protocol pub g: C, /// A vector of 128-bit challenges sampled by the verifier, to be used in /// computing g. pub challenges_packed: Vec, - _marker: PhantomData, } -impl<'a, C: CurveAffine, I, E: EncodedChallenge> Guard<'a, C, I, E> { +impl<'a, C: CurveAffine, E: EncodedChallenge> Guard<'a, C, E> { /// Lets caller supply the challenges and obtain an MSM with updated /// scalars and points. pub fn use_challenges(mut self) -> MSM<'a, C> { @@ -43,13 +40,12 @@ impl<'a, C: CurveAffine, I, E: EncodedChallenge> Guard<'a, C, I, E> { /// Lets caller supply the purported G point and simply appends /// [-a] G to return an updated MSM. - pub fn use_g(mut self, g: C) -> (MSM<'a, C>, Accumulator) { + pub fn use_g(mut self, g: C) -> (MSM<'a, C>, Accumulator) { self.msm.append_term(self.neg_a, g); let accumulator = Accumulator { g, challenges_packed: self.challenges_packed, - _marker: PhantomData, }; (self.msm, accumulator) @@ -68,19 +64,13 @@ impl<'a, C: CurveAffine, I, E: EncodedChallenge> Guard<'a, C, I, E> { /// Checks to see if the proof represented within `transcript` is valid, and a /// point `x` that the polynomial commitment `P` opens purportedly to the value /// `v`. The provided `msm` should evaluate to the commitment `P` being opened. -pub fn verify_proof< - 'a, - C: CurveAffine, - I, - E: EncodedChallenge, - T: TranscriptRead, ->( +pub fn verify_proof<'a, C: CurveAffine, E: EncodedChallenge, T: TranscriptRead>( params: &'a Params, mut msm: MSM<'a, C>, transcript: &mut T, x: C::Scalar, v: C::Scalar, -) -> Result, Error> { +) -> Result, Error> { let k = params.k as usize; // P - [v] G_0 + S * iota @@ -153,7 +143,6 @@ pub fn verify_proof< neg_a, challenges, challenges_packed, - _marker: PhantomData, }; Ok(guard) diff --git a/src/poly/multiopen.rs b/src/poly/multiopen.rs index 78317db3..eed97b80 100644 --- a/src/poly/multiopen.rs +++ b/src/poly/multiopen.rs @@ -245,7 +245,7 @@ fn test_roundtrip() { let bvx = eval_polynomial(&bx, x); let cvy = eval_polynomial(&cx, y); - let mut transcript = crate::transcript::Blake2bWrite::<_, _, Challenge255>::init(vec![]); + let mut transcript = crate::transcript::Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]); create_proof( ¶ms, &mut transcript, @@ -271,7 +271,8 @@ fn test_roundtrip() { { let mut proof = &proof[..]; - let mut transcript = crate::transcript::Blake2bRead::<_, _, Challenge255>::init(&mut proof); + let mut transcript = + crate::transcript::Blake2bRead::<_, _, Challenge255<_>>::init(&mut proof); let msm = params.empty_msm(); let guard = verify_proof( @@ -304,7 +305,8 @@ fn test_roundtrip() { { let mut proof = &proof[..]; - let mut transcript = crate::transcript::Blake2bRead::<_, _, Challenge255>::init(&mut proof); + let mut transcript = + crate::transcript::Blake2bRead::<_, _, Challenge255<_>>::init(&mut proof); let msm = params.empty_msm(); let guard = verify_proof( diff --git a/src/poly/multiopen/prover.rs b/src/poly/multiopen/prover.rs index 033d6d61..77e315df 100644 --- a/src/poly/multiopen/prover.rs +++ b/src/poly/multiopen/prover.rs @@ -24,14 +24,7 @@ struct CommitmentData { } /// Create a multi-opening proof -pub fn create_proof< - 'a, - I, - IN, - C: CurveAffine, - E: EncodedChallenge, - T: TranscriptWrite, ->( +pub fn create_proof<'a, I, C: CurveAffine, E: EncodedChallenge, T: TranscriptWrite>( params: &Params, transcript: &mut T, queries: I, diff --git a/src/poly/multiopen/verifier.rs b/src/poly/multiopen/verifier.rs index 98dc7685..b02f5c2d 100644 --- a/src/poly/multiopen/verifier.rs +++ b/src/poly/multiopen/verifier.rs @@ -22,16 +22,15 @@ pub fn verify_proof< 'b, 'a: 'b, I, - IN, C: CurveAffine, - E: EncodedChallenge, - T: TranscriptRead, + E: EncodedChallenge, + T: TranscriptRead, >( params: &'a Params, transcript: &mut T, queries: I, mut msm: MSM<'a, C>, -) -> Result, Error> +) -> Result, Error> where I: IntoIterator> + Clone, { diff --git a/src/transcript.rs b/src/transcript.rs index 5d4ea14b..cff815c1 100644 --- a/src/transcript.rs +++ b/src/transcript.rs @@ -11,7 +11,7 @@ use std::io::{self, Read, Write}; use std::marker::PhantomData; /// Generic transcript view (from either the prover or verifier's perspective) -pub trait Transcript> { +pub trait Transcript> { /// Squeeze an encoded verifier challenge from the transcript. fn squeeze_challenge(&mut self) -> E; @@ -34,9 +34,7 @@ pub trait Transcript> { /// Transcript view from the perspective of a verifier that has access to an /// input stream of data from the prover to the verifier. -pub trait TranscriptRead>: - Transcript -{ +pub trait TranscriptRead>: Transcript { /// Read a curve point from the prover. fn read_point(&mut self) -> io::Result; @@ -46,9 +44,7 @@ pub trait TranscriptRead>: /// Transcript view from the perspective of a prover that has access to an /// output stream of messages from the prover to the verifier. -pub trait TranscriptWrite>: - Transcript -{ +pub trait TranscriptWrite>: Transcript { /// Write a curve point to the proof and the transcript. fn write_point(&mut self, point: C) -> io::Result<()>; @@ -58,14 +54,14 @@ pub trait TranscriptWrite>: /// We will replace BLAKE2b with an algebraic hash function in a later version. #[derive(Debug, Clone)] -pub struct Blake2bRead> { +pub struct Blake2bRead> { state: Blake2bState, reader: R, _marker_c: PhantomData, _marker_e: PhantomData, } -impl> Blake2bRead { +impl> Blake2bRead { /// Initialize a transcript given an input buffer and a key. pub fn init(reader: R) -> Self { Blake2bRead { @@ -80,8 +76,8 @@ impl> Blake2bRead> TranscriptRead - for Blake2bRead +impl TranscriptRead> + for Blake2bRead> { fn read_point(&mut self) -> io::Result { let mut compressed = C::Repr::default(); @@ -109,14 +105,14 @@ impl> TranscriptRead> Transcript - for Blake2bRead +impl Transcript> + for Blake2bRead> { - fn squeeze_challenge(&mut self) -> E { + fn squeeze_challenge(&mut self) -> Challenge255 { let hasher = self.state.clone(); let result: [u8; 64] = hasher.finalize().as_bytes().try_into().unwrap(); self.state.update(&result[..]); - E::new(&result) + Challenge255::::new(&result) } fn common_point(&mut self, point: C) -> io::Result<()> { @@ -141,14 +137,14 @@ impl> Transcript> { +pub struct Blake2bWrite> { state: Blake2bState, writer: W, _marker_c: PhantomData, _marker_e: PhantomData, } -impl> Blake2bWrite { +impl> Blake2bWrite { /// Initialize a transcript given an output buffer and a key. pub fn init(writer: W) -> Self { Blake2bWrite { @@ -169,8 +165,8 @@ impl> Blake2bWrite> TranscriptWrite - for Blake2bWrite +impl TranscriptWrite> + for Blake2bWrite> { fn write_point(&mut self, point: C) -> io::Result<()> { self.common_point(point)?; @@ -184,14 +180,14 @@ impl> TranscriptWrite } } -impl> Transcript - for Blake2bWrite +impl Transcript> + for Blake2bWrite> { - fn squeeze_challenge(&mut self) -> E { + fn squeeze_challenge(&mut self) -> Challenge255 { let hasher = self.state.clone(); let result: [u8; 64] = hasher.finalize().as_bytes().try_into().unwrap(); self.state.update(&result[..]); - E::new(&result) + Challenge255::::new(&result) } fn common_point(&mut self, point: C) -> io::Result<()> { @@ -238,12 +234,17 @@ impl std::ops::Deref for ChallengeScalar { } } -/// `EncodedChallenge` defines a challenge encoding where `I` is the input +/// `EncodedChallenge` defines a challenge encoding with a [`Self::Input`] /// that is used to derive the challenge encoding and `get_challenge` obtains /// the _real_ `C::Scalar` that the challenge encoding represents. -pub trait EncodedChallenge { +pub trait EncodedChallenge { + /// The Input type used to derive the challenge encoding. For example, + /// an input from the Poseidon hash would be a base field element; + /// an input from the Blake2b hash would be a [u8; 64]. + type Input; + /// Get an encoded challenge from a given input challenge. - fn new(challenge_input: &I) -> Self; + fn new(challenge_input: &Self::Input) -> Self; /// Get a scalar field element from an encoded challenge. fn get_scalar(&self) -> C::Scalar; @@ -270,7 +271,9 @@ impl std::ops::Deref for Challenge128 { } } -impl EncodedChallenge for Challenge128 { +impl EncodedChallenge for Challenge128 { + type Input = C::Base; + fn new(challenge_input: &C::Base) -> Self { Challenge128(challenge_input.get_lower_128()) } @@ -298,9 +301,9 @@ impl EncodedChallenge for Challenge128 { /// A 255-bit challenge. #[derive(Copy, Clone, Debug)] -pub struct Challenge255([u8; 32]); +pub struct Challenge255([u8; 32], PhantomData); -impl std::ops::Deref for Challenge255 { +impl std::ops::Deref for Challenge255 { type Target = [u8; 32]; fn deref(&self) -> &Self::Target { @@ -308,33 +311,28 @@ impl std::ops::Deref for Challenge255 { } } -impl EncodedChallenge for Challenge255 { +impl EncodedChallenge for Challenge255 { + type Input = [u8; 64]; + fn new(challenge_input: &[u8; 64]) -> Self { - Challenge255(C::Scalar::from_bytes_wide(challenge_input).to_bytes()) + Challenge255( + C::Scalar::from_bytes_wide(challenge_input).to_bytes(), + PhantomData, + ) } fn get_scalar(&self) -> C::Scalar { C::Scalar::from_bytes(&self.0).unwrap() } } -pub(crate) fn read_n_points< - C: CurveAffine, - I, - E: EncodedChallenge, - T: TranscriptRead, ->( +pub(crate) fn read_n_points, T: TranscriptRead>( transcript: &mut T, n: usize, ) -> io::Result> { (0..n).map(|_| transcript.read_point()).collect() } -pub(crate) fn read_n_scalars< - C: CurveAffine, - I, - E: EncodedChallenge, - T: TranscriptRead, ->( +pub(crate) fn read_n_scalars, T: TranscriptRead>( transcript: &mut T, n: usize, ) -> io::Result> { diff --git a/tests/plonk_api.rs b/tests/plonk_api.rs index b478a091..8665ba77 100644 --- a/tests/plonk_api.rs +++ b/tests/plonk_api.rs @@ -397,7 +397,7 @@ fn plonk_api() { assert_eq!(prover.verify(), Ok(())); for _ in 0..10 { - let mut transcript = Blake2bWrite::<_, _, Challenge255>::init(vec![]); + let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]); // Create a proof create_proof( ¶ms, @@ -412,7 +412,7 @@ fn plonk_api() { let pubinput_slice = &[pubinput]; let pubinput_slice_copy = &[pubinput]; let msm = params.empty_msm(); - let mut transcript = Blake2bRead::<_, _, Challenge255>::init(&proof[..]); + let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]); let guard = verify_proof( ¶ms, pk.get_vk(), @@ -432,7 +432,7 @@ fn plonk_api() { } let msm = guard.clone().use_challenges(); assert!(msm.clone().eval()); - let mut transcript = Blake2bRead::<_, _, Challenge255>::init(&proof[..]); + let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]); let mut vk_buffer = vec![]; pk.get_vk().write(&mut vk_buffer).unwrap(); let vk = VerifyingKey::::read::<_, MyCircuit>(&mut &vk_buffer[..], ¶ms)