zec
/
halo2
mirror of https://github.com/zcash/halo2.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Input as associated type on EncodedChallenge 

Use Input as an associated type instead of a type parameter, to
reduce infection

Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
This commit is contained in:
therealyingtong 2021-05-07 22:21:54 +08:00
parent da82ecb086
commit 502f0c85dc
18 changed files with 88 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/sha256/benches.rs
View File

@ -128,7 +128,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
// Create a proof
let proof_path = Path::new("./benches/sha256_assets/sha256_proof");
if File::open(&proof_path).is_err() {
let mut transcript = Blake2bWrite::<_, _, Challenge255>::init(vec![]);
let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
create_proof(&params, &pk, &[circuit], &[], &mut transcript)
.expect("proof generation should not fail");
let proof: Vec<u8> = transcript.finalize();
@ -145,7 +145,7 @@ fn bench(name: &str, k: u32, c: &mut Criterion) {
c.bench_function(&verifier_name, |b| {
b.iter(|| {
let msm = params.empty_msm();
let mut transcript = Blake2bRead::<_, _, Challenge255>::init(&proof[..]);
let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
let guard = verify_proof(&params, pk.get_vk(), msm, &[], &mut transcript).unwrap();
let msm = guard.clone().use_challenges();
assert!(msm.eval());

2
src/plonk.rs
View File

@ -79,7 +79,7 @@ impl<C: CurveAffine> VerifyingKey<C> {
}
/// Hashes a verification key into a transcript.
pub fn hash_into<E: EncodedChallenge<C, [u8; 64]>, T: Transcript<C, [u8; 64], E>>(
pub fn hash_into<E: EncodedChallenge<C>, T: Transcript<C, E>>(
&self,
transcript: &mut T,
) -> io::Result<()> {

13
src/plonk/lookup/prover.rs
View File

@ -75,9 +75,8 @@ impl<F: FieldExt> Argument<F> {
pub(in crate::plonk) fn commit_permuted<
'a,
C,
I,
E: EncodedChallenge<C, I>,
T: TranscriptWrite<C, I, E>,
E: EncodedChallenge<C>,
T: TranscriptWrite<C, E>,
>(
&self,
pk: &ProvingKey<C>,
@ -250,11 +249,7 @@ impl<C: CurveAffine> Permuted<C> {
/// grand product polynomial over the lookup. The grand product polynomial
/// is used to populate the Product<C> struct. The Product<C> struct is
/// added to the Lookup and finally returned by the method.
pub(in crate::plonk) fn commit_product<
I,
E: EncodedChallenge<C, I>,
T: TranscriptWrite<C, I, E>,
>(
pub(in crate::plonk) fn commit_product<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
self,
pk: &ProvingKey<C>,
params: &Params<C>,
@ -498,7 +493,7 @@ impl<'a, C: CurveAffine> Committed<C> {
}
impl<C: CurveAffine> Constructed<C> {
pub(in crate::plonk) fn evaluate<I, E: EncodedChallenge<C, I>, T: TranscriptWrite<C, I, E>>(
pub(in crate::plonk) fn evaluate<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
self,
pk: &ProvingKey<C>,
x: ChallengeX<C>,

12
src/plonk/lookup/verifier.rs
View File

@ -34,9 +34,8 @@ pub struct Evaluated<C: CurveAffine> {
impl<F: FieldExt> Argument<F> {
pub(in crate::plonk) fn read_permuted_commitments<
C: CurveAffine,
I,
E: EncodedChallenge<C, I>,
T: TranscriptRead<C, I, E>,
E: EncodedChallenge<C>,
T: TranscriptRead<C, E>,
>(
&self,
transcript: &mut T,
@ -57,9 +56,8 @@ impl<F: FieldExt> Argument<F> {
impl<C: CurveAffine> PermutationCommitments<C> {
pub(in crate::plonk) fn read_product_commitment<
I,
E: EncodedChallenge<C, I>,
T: TranscriptRead<C, I, E>,
E: EncodedChallenge<C>,
T: TranscriptRead<C, E>,
>(
self,
transcript: &mut T,
@ -76,7 +74,7 @@ impl<C: CurveAffine> PermutationCommitments<C> {
}
impl<C: CurveAffine> Committed<C> {
pub(crate) fn evaluate<I, E: EncodedChallenge<C, I>, T: TranscriptRead<C, I, E>>(
pub(crate) fn evaluate<E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
self,
transcript: &mut T,
) -> Result<Evaluated<C>, Error> {

7
src/plonk/permutation/prover.rs
View File

@ -34,9 +34,8 @@ pub(crate) struct Evaluated<C: CurveAffine> {
impl Argument {
pub(in crate::plonk) fn commit<
C: CurveAffine,
I,
E: EncodedChallenge<C, I>,
T: TranscriptWrite<C, I, E>,
E: EncodedChallenge<C>,
T: TranscriptWrite<C, E>,
>(
&self,
params: &Params<C>,
@ -258,7 +257,7 @@ impl<C: CurveAffine> super::ProvingKey<C> {
}
impl<C: CurveAffine> Constructed<C> {
pub(in crate::plonk) fn evaluate<I, E: EncodedChallenge<C, I>, T: TranscriptWrite<C, I, E>>(
pub(in crate::plonk) fn evaluate<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
self,
pk: &plonk::ProvingKey<C>,
pkey: &ProvingKey<C>,

7
src/plonk/permutation/verifier.rs
View File

@ -24,9 +24,8 @@ pub struct Evaluated<C: CurveAffine> {
impl Argument {
pub(crate) fn read_product_commitment<
C: CurveAffine,
I,
E: EncodedChallenge<C, I>,
T: TranscriptRead<C, I, E>,
E: EncodedChallenge<C>,
T: TranscriptRead<C, E>,
>(
&self,
transcript: &mut T,
@ -42,7 +41,7 @@ impl Argument {
}
impl<C: CurveAffine> Committed<C> {
pub(crate) fn evaluate<I, E: EncodedChallenge<C, I>, T: TranscriptRead<C, I, E>>(
pub(crate) fn evaluate<E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
self,
vkey: &VerifyingKey<C>,
transcript: &mut T,

4
src/plonk/prover.rs
View File

@ -20,8 +20,8 @@ use crate::transcript::{EncodedChallenge, TranscriptWrite};
/// generated previously for the same circuit.
pub fn create_proof<
C: CurveAffine,
E: EncodedChallenge<C, [u8; 64]>,
T: TranscriptWrite<C, [u8; 64], E>,
E: EncodedChallenge<C>,
T: TranscriptWrite<C, E>,
ConcreteCircuit: Circuit<C::Scalar>,
>(
params: &Params<C>,

4
src/plonk/vanishing/prover.rs
View File

@ -23,7 +23,7 @@ pub(in crate::plonk) struct Evaluated<C: CurveAffine> {
}
impl<C: CurveAffine> Argument<C> {
pub(in crate::plonk) fn construct<I, E: EncodedChallenge<C, I>, T: TranscriptWrite<C, I, E>>(
pub(in crate::plonk) fn construct<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
params: &Params<C>,
domain: &EvaluationDomain<C::Scalar>,
expressions: impl Iterator<Item = Polynomial<C::Scalar, ExtendedLagrangeCoeff>>,
@ -69,7 +69,7 @@ impl<C: CurveAffine> Argument<C> {
}
impl<C: CurveAffine> Constructed<C> {
pub(in crate::plonk) fn evaluate<I, E: EncodedChallenge<C, I>, T: TranscriptWrite<C, I, E>>(
pub(in crate::plonk) fn evaluate<E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
self,
x: ChallengeX<C>,
transcript: &mut T,

8
src/plonk/vanishing/verifier.rs
View File

@ -20,11 +20,7 @@ pub struct Evaluated<C: CurveAffine> {
}
impl<C: CurveAffine> Argument<C> {
pub(in crate::plonk) fn read_commitments<
I,
E: EncodedChallenge<C, I>,
T: TranscriptRead<C, I, E>,
>(
pub(in crate::plonk) fn read_commitments<E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
vk: &VerifyingKey<C>,
transcript: &mut T,
) -> Result<Committed<C>, Error> {
@ -37,7 +33,7 @@ impl<C: CurveAffine> Argument<C> {
}
impl<C: CurveAffine> Committed<C> {
pub(in crate::plonk) fn evaluate<I, E: EncodedChallenge<C, I>, T: TranscriptRead<C, I, E>>(
pub(in crate::plonk) fn evaluate<E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
self,
transcript: &mut T,
) -> Result<Evaluated<C>, Error> {

9
src/plonk/verifier.rs
View File

@ -13,18 +13,13 @@ use crate::poly::{
use crate::transcript::{read_n_points, read_n_scalars, EncodedChallenge, TranscriptRead};
/// Returns a boolean indicating whether or not the proof is valid
pub fn verify_proof<
'a,
C: CurveAffine,
E: EncodedChallenge<C, [u8; 64]>,
T: TranscriptRead<C, [u8; 64], E>,
>(
pub fn verify_proof<'a, C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
params: &'a Params<C>,
vk: &VerifyingKey<C>,
msm: MSM<'a, C>,
instance_commitments: &[&[C]],
transcript: &mut T,
) -> Result<Guard<'a, C, [u8; 64], E>, Error> {
) -> Result<Guard<'a, C, E>, Error> {
// Check that instance_commitments matches the expected number of instance columns
for instance_commitments in instance_commitments.iter() {
if instance_commitments.len() != vk.cs.num_instance_columns {

4
src/poly/commitment.rs
View File

@ -326,7 +326,7 @@ fn test_opening_proof() {
let p = params.commit(&px, blind).to_affine();
let mut transcript = Blake2bWrite::<Vec<u8>, EpAffine, Challenge255>::init(vec![]);
let mut transcript = Blake2bWrite::<Vec<u8>, EpAffine, Challenge255<EpAffine>>::init(vec![]);
transcript.write_point(p).unwrap();
let x = transcript.squeeze_challenge_scalar::<()>();
// Evaluate the polynomial
@ -340,7 +340,7 @@ fn test_opening_proof() {
};
// Verify the opening proof
let mut transcript = Blake2bRead::<&[u8], EpAffine, Challenge255>::init(&proof[..]);
let mut transcript = Blake2bRead::<&[u8], EpAffine, Challenge255<EpAffine>>::init(&proof[..]);
let p_prime = transcript.read_point().unwrap();
assert_eq!(p, p_prime);
let x_prime = transcript.squeeze_challenge_scalar::<()>();

2
src/poly/commitment/prover.rs
View File

@ -23,7 +23,7 @@ use std::io;
/// opening v, and the point x. It's probably also nice for the transcript
/// to have seen the elliptic curve description and the URS, if you want to
/// be rigorous.
pub fn create_proof<C: CurveAffine, I, E: EncodedChallenge<C, I>, T: TranscriptWrite<C, I, E>>(
pub fn create_proof<C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
params: &Params<C>,
transcript: &mut T,
px: &Polynomial<C::Scalar, Coeff>,

23
src/poly/commitment/verifier.rs
View File

@ -1,6 +1,5 @@
use ff::Field;
use group::Curve;
use std::marker::PhantomData;
use super::super::Error;
use super::{Params, MSM};
@ -10,27 +9,25 @@ use crate::arithmetic::{best_multiexp, BatchInvert, CurveAffine};
/// A guard returned by the verifier
#[derive(Debug, Clone)]
pub struct Guard<'a, C: CurveAffine, I, E: EncodedChallenge<C, I>> {
pub struct Guard<'a, C: CurveAffine, E: EncodedChallenge<C>> {
msm: MSM<'a, C>,
neg_a: C::Scalar,
challenges: Vec<C::Scalar>,
challenges_packed: Vec<E>,
_marker: PhantomData<I>,
}
/// An accumulator instance consisting of an evaluation claim and a proof.
#[derive(Debug, Clone)]
pub struct Accumulator<C: CurveAffine, I, E: EncodedChallenge<C, I>> {
pub struct Accumulator<C: CurveAffine, E: EncodedChallenge<C>> {
/// The claimed output of the linear-time polycommit opening protocol
pub g: C,
/// A vector of 128-bit challenges sampled by the verifier, to be used in
/// computing g.
pub challenges_packed: Vec<E>,
_marker: PhantomData<I>,
}
impl<'a, C: CurveAffine, I, E: EncodedChallenge<C, I>> Guard<'a, C, I, E> {
impl<'a, C: CurveAffine, E: EncodedChallenge<C>> Guard<'a, C, E> {
/// Lets caller supply the challenges and obtain an MSM with updated
/// scalars and points.
pub fn use_challenges(mut self) -> MSM<'a, C> {
@ -43,13 +40,12 @@ impl<'a, C: CurveAffine, I, E: EncodedChallenge<C, I>> Guard<'a, C, I, E> {
/// Lets caller supply the purported G point and simply appends
/// [-a] G to return an updated MSM.
pub fn use_g(mut self, g: C) -> (MSM<'a, C>, Accumulator<C, I, E>) {
pub fn use_g(mut self, g: C) -> (MSM<'a, C>, Accumulator<C, E>) {
self.msm.append_term(self.neg_a, g);
let accumulator = Accumulator {
g,
challenges_packed: self.challenges_packed,
_marker: PhantomData,
};
(self.msm, accumulator)
@ -68,19 +64,13 @@ impl<'a, C: CurveAffine, I, E: EncodedChallenge<C, I>> Guard<'a, C, I, E> {
/// Checks to see if the proof represented within `transcript` is valid, and a
/// point `x` that the polynomial commitment `P` opens purportedly to the value
/// `v`. The provided `msm` should evaluate to the commitment `P` being opened.
pub fn verify_proof<
'a,
C: CurveAffine,
I,
E: EncodedChallenge<C, I>,
T: TranscriptRead<C, I, E>,
>(
pub fn verify_proof<'a, C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
params: &'a Params<C>,
mut msm: MSM<'a, C>,
transcript: &mut T,
x: C::Scalar,
v: C::Scalar,
) -> Result<Guard<'a, C, I, E>, Error> {
) -> Result<Guard<'a, C, E>, Error> {
let k = params.k as usize;
// P - [v] G_0 + S * iota
@ -153,7 +143,6 @@ pub fn verify_proof<
neg_a,
challenges,
challenges_packed,
_marker: PhantomData,
};
Ok(guard)

8
src/poly/multiopen.rs
View File

@ -245,7 +245,7 @@ fn test_roundtrip() {
let bvx = eval_polynomial(&bx, x);
let cvy = eval_polynomial(&cx, y);
let mut transcript = crate::transcript::Blake2bWrite::<_, _, Challenge255>::init(vec![]);
let mut transcript = crate::transcript::Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
create_proof(
&params,
&mut transcript,
@ -271,7 +271,8 @@ fn test_roundtrip() {
{
let mut proof = &proof[..];
let mut transcript = crate::transcript::Blake2bRead::<_, _, Challenge255>::init(&mut proof);
let mut transcript =
crate::transcript::Blake2bRead::<_, _, Challenge255<_>>::init(&mut proof);
let msm = params.empty_msm();
let guard = verify_proof(
@ -304,7 +305,8 @@ fn test_roundtrip() {
{
let mut proof = &proof[..];
let mut transcript = crate::transcript::Blake2bRead::<_, _, Challenge255>::init(&mut proof);
let mut transcript =
crate::transcript::Blake2bRead::<_, _, Challenge255<_>>::init(&mut proof);
let msm = params.empty_msm();
let guard = verify_proof(

9
src/poly/multiopen/prover.rs
View File

@ -24,14 +24,7 @@ struct CommitmentData<C: CurveAffine> {
}
/// Create a multi-opening proof
pub fn create_proof<
'a,
I,
IN,
C: CurveAffine,
E: EncodedChallenge<C, IN>,
T: TranscriptWrite<C, IN, E>,
>(
pub fn create_proof<'a, I, C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptWrite<C, E>>(
params: &Params<C>,
transcript: &mut T,
queries: I,

7
src/poly/multiopen/verifier.rs
View File

@ -22,16 +22,15 @@ pub fn verify_proof<
'b,
'a: 'b,
I,
IN,
C: CurveAffine,
E: EncodedChallenge<C, IN>,
T: TranscriptRead<C, IN, E>,
E: EncodedChallenge<C>,
T: TranscriptRead<C, E>,
>(
params: &'a Params<C>,
transcript: &mut T,
queries: I,
mut msm: MSM<'a, C>,
) -> Result<Guard<'a, C, IN, E>, Error>
) -> Result<Guard<'a, C, E>, Error>
where
I: IntoIterator<Item = VerifierQuery<'b, C>> + Clone,
{

84
src/transcript.rs
View File

@ -11,7 +11,7 @@ use std::io::{self, Read, Write};
use std::marker::PhantomData;
/// Generic transcript view (from either the prover or verifier's perspective)
pub trait Transcript<C: CurveAffine, I, E: EncodedChallenge<C, I>> {
pub trait Transcript<C: CurveAffine, E: EncodedChallenge<C>> {
/// Squeeze an encoded verifier challenge from the transcript.
fn squeeze_challenge(&mut self) -> E;
@ -34,9 +34,7 @@ pub trait Transcript<C: CurveAffine, I, E: EncodedChallenge<C, I>> {
/// Transcript view from the perspective of a verifier that has access to an
/// input stream of data from the prover to the verifier.
pub trait TranscriptRead<C: CurveAffine, I, E: EncodedChallenge<C, I>>:
Transcript<C, I, E>
{
pub trait TranscriptRead<C: CurveAffine, E: EncodedChallenge<C>>: Transcript<C, E> {
/// Read a curve point from the prover.
fn read_point(&mut self) -> io::Result<C>;
@ -46,9 +44,7 @@ pub trait TranscriptRead<C: CurveAffine, I, E: EncodedChallenge<C, I>>:
/// Transcript view from the perspective of a prover that has access to an
/// output stream of messages from the prover to the verifier.
pub trait TranscriptWrite<C: CurveAffine, I, E: EncodedChallenge<C, I>>:
Transcript<C, I, E>
{
pub trait TranscriptWrite<C: CurveAffine, E: EncodedChallenge<C>>: Transcript<C, E> {
/// Write a curve point to the proof and the transcript.
fn write_point(&mut self, point: C) -> io::Result<()>;
@ -58,14 +54,14 @@ pub trait TranscriptWrite<C: CurveAffine, I, E: EncodedChallenge<C, I>>:
/// We will replace BLAKE2b with an algebraic hash function in a later version.
#[derive(Debug, Clone)]
pub struct Blake2bRead<R: Read, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> {
pub struct Blake2bRead<R: Read, C: CurveAffine, E: EncodedChallenge<C>> {
state: Blake2bState,
reader: R,
_marker_c: PhantomData<C>,
_marker_e: PhantomData<E>,
}
impl<R: Read, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> Blake2bRead<R, C, E> {
impl<R: Read, C: CurveAffine, E: EncodedChallenge<C>> Blake2bRead<R, C, E> {
/// Initialize a transcript given an input buffer and a key.
pub fn init(reader: R) -> Self {
Blake2bRead {
@ -80,8 +76,8 @@ impl<R: Read, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> Blake2bRead<R, C
}
}
impl<R: Read, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> TranscriptRead<C, [u8; 64], E>
for Blake2bRead<R, C, E>
impl<R: Read, C: CurveAffine> TranscriptRead<C, Challenge255<C>>
for Blake2bRead<R, C, Challenge255<C>>
{
fn read_point(&mut self) -> io::Result<C> {
let mut compressed = C::Repr::default();
@ -109,14 +105,14 @@ impl<R: Read, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> TranscriptRead<C
}
}
impl<R: Read, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> Transcript<C, [u8; 64], E>
for Blake2bRead<R, C, E>
impl<R: Read, C: CurveAffine> Transcript<C, Challenge255<C>>
for Blake2bRead<R, C, Challenge255<C>>
{
fn squeeze_challenge(&mut self) -> E {
fn squeeze_challenge(&mut self) -> Challenge255<C> {
let hasher = self.state.clone();
let result: [u8; 64] = hasher.finalize().as_bytes().try_into().unwrap();
self.state.update(&result[..]);
E::new(&result)
Challenge255::<C>::new(&result)
}
fn common_point(&mut self, point: C) -> io::Result<()> {
@ -141,14 +137,14 @@ impl<R: Read, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> Transcript<C, [u
/// We will replace BLAKE2b with an algebraic hash function in a later version.
#[derive(Debug, Clone)]
pub struct Blake2bWrite<W: Write, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> {
pub struct Blake2bWrite<W: Write, C: CurveAffine, E: EncodedChallenge<C>> {
state: Blake2bState,
writer: W,
_marker_c: PhantomData<C>,
_marker_e: PhantomData<E>,
}
impl<W: Write, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> Blake2bWrite<W, C, E> {
impl<W: Write, C: CurveAffine, E: EncodedChallenge<C>> Blake2bWrite<W, C, E> {
/// Initialize a transcript given an output buffer and a key.
pub fn init(writer: W) -> Self {
Blake2bWrite {
@ -169,8 +165,8 @@ impl<W: Write, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> Blake2bWrite<W,
}
}
impl<W: Write, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> TranscriptWrite<C, [u8; 64], E>
for Blake2bWrite<W, C, E>
impl<W: Write, C: CurveAffine> TranscriptWrite<C, Challenge255<C>>
for Blake2bWrite<W, C, Challenge255<C>>
{
fn write_point(&mut self, point: C) -> io::Result<()> {
self.common_point(point)?;
@ -184,14 +180,14 @@ impl<W: Write, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> TranscriptWrite
}
}
impl<W: Write, C: CurveAffine, E: EncodedChallenge<C, [u8; 64]>> Transcript<C, [u8; 64], E>
for Blake2bWrite<W, C, E>
impl<W: Write, C: CurveAffine> Transcript<C, Challenge255<C>>
for Blake2bWrite<W, C, Challenge255<C>>
{
fn squeeze_challenge(&mut self) -> E {
fn squeeze_challenge(&mut self) -> Challenge255<C> {
let hasher = self.state.clone();
let result: [u8; 64] = hasher.finalize().as_bytes().try_into().unwrap();
self.state.update(&result[..]);
E::new(&result)
Challenge255::<C>::new(&result)
}
fn common_point(&mut self, point: C) -> io::Result<()> {
@ -238,12 +234,17 @@ impl<C: CurveAffine, T> std::ops::Deref for ChallengeScalar<C, T> {
}
}
/// `EncodedChallenge<C, I>` defines a challenge encoding where `I` is the input
/// `EncodedChallenge<C>` defines a challenge encoding with a [`Self::Input`]
/// that is used to derive the challenge encoding and `get_challenge` obtains
/// the _real_ `C::Scalar` that the challenge encoding represents.
pub trait EncodedChallenge<C: CurveAffine, I> {
pub trait EncodedChallenge<C: CurveAffine> {
/// The Input type used to derive the challenge encoding. For example,
/// an input from the Poseidon hash would be a base field element;
/// an input from the Blake2b hash would be a [u8; 64].
type Input;
/// Get an encoded challenge from a given input challenge.
fn new(challenge_input: &I) -> Self;
fn new(challenge_input: &Self::Input) -> Self;
/// Get a scalar field element from an encoded challenge.
fn get_scalar(&self) -> C::Scalar;
@ -270,7 +271,9 @@ impl std::ops::Deref for Challenge128 {
}
}
impl<C: CurveAffine> EncodedChallenge<C, C::Base> for Challenge128 {
impl<C: CurveAffine> EncodedChallenge<C> for Challenge128 {
type Input = C::Base;
fn new(challenge_input: &C::Base) -> Self {
Challenge128(challenge_input.get_lower_128())
}
@ -298,9 +301,9 @@ impl<C: CurveAffine> EncodedChallenge<C, C::Base> for Challenge128 {
/// A 255-bit challenge.
#[derive(Copy, Clone, Debug)]
pub struct Challenge255([u8; 32]);
pub struct Challenge255<C: CurveAffine>([u8; 32], PhantomData<C>);
impl std::ops::Deref for Challenge255 {
impl<C: CurveAffine> std::ops::Deref for Challenge255<C> {
type Target = [u8; 32];
fn deref(&self) -> &Self::Target {
@ -308,33 +311,28 @@ impl std::ops::Deref for Challenge255 {
}
}
impl<C: CurveAffine> EncodedChallenge<C, [u8; 64]> for Challenge255 {
impl<C: CurveAffine> EncodedChallenge<C> for Challenge255<C> {
type Input = [u8; 64];
fn new(challenge_input: &[u8; 64]) -> Self {
Challenge255(C::Scalar::from_bytes_wide(challenge_input).to_bytes())
Challenge255(
C::Scalar::from_bytes_wide(challenge_input).to_bytes(),
PhantomData,
)
}
fn get_scalar(&self) -> C::Scalar {
C::Scalar::from_bytes(&self.0).unwrap()
}
}
pub(crate) fn read_n_points<
C: CurveAffine,
I,
E: EncodedChallenge<C, I>,
T: TranscriptRead<C, I, E>,
>(
pub(crate) fn read_n_points<C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
transcript: &mut T,
n: usize,
) -> io::Result<Vec<C>> {
(0..n).map(|_| transcript.read_point()).collect()
}
pub(crate) fn read_n_scalars<
C: CurveAffine,
I,
E: EncodedChallenge<C, I>,
T: TranscriptRead<C, I, E>,
>(
pub(crate) fn read_n_scalars<C: CurveAffine, E: EncodedChallenge<C>, T: TranscriptRead<C, E>>(
transcript: &mut T,
n: usize,
) -> io::Result<Vec<C::Scalar>> {

6
tests/plonk_api.rs
View File

@ -397,7 +397,7 @@ fn plonk_api() {
assert_eq!(prover.verify(), Ok(()));
for _ in 0..10 {
let mut transcript = Blake2bWrite::<_, _, Challenge255>::init(vec![]);
let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
// Create a proof
create_proof(
&params,
@ -412,7 +412,7 @@ fn plonk_api() {
let pubinput_slice = &[pubinput];
let pubinput_slice_copy = &[pubinput];
let msm = params.empty_msm();
let mut transcript = Blake2bRead::<_, _, Challenge255>::init(&proof[..]);
let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
let guard = verify_proof(
&params,
pk.get_vk(),
@ -432,7 +432,7 @@ fn plonk_api() {
}
let msm = guard.clone().use_challenges();
assert!(msm.clone().eval());
let mut transcript = Blake2bRead::<_, _, Challenge255>::init(&proof[..]);
let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
let mut vk_buffer = vec![];
pk.get_vk().write(&mut vk_buffer).unwrap();
let vk = VerifyingKey::<EqAffine>::read::<_, MyCircuit<Fp>>(&mut &vk_buffer[..], &params)