Sean Bowe
3cae0d5f19
Merge the common pieces of the permutation argument into a separate proof component.
2021-07-15 14:30:52 -06:00
Sean Bowe
0a3ae6f1eb
Add clarifying comment.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-14 10:17:44 -06:00
Sean Bowe
bbe06ac61e
Add clarifying comment.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-07-14 10:08:49 -06:00
Sean Bowe
af01af8fa5
Remove unnecessary collect.
2021-07-14 10:07:30 -06:00
Sean Bowe
11a1fc7d4a
Fix stale comment
2021-07-14 09:48:56 -06:00
Sean Bowe
74f3e1c6d9
Fix omitted notation to explicitly designate l_last and l_blind as polynomials.
2021-07-13 16:30:52 -06:00
Sean Bowe
1be7bf1df0
Address review comments from @daira.
2021-07-10 08:12:08 -06:00
Sean Bowe
7c66323d87
Rename l_cover to l_blind for clarity.
2021-07-09 09:22:25 -06:00
Sean Bowe
7afe549524
clippy fixes
2021-07-02 16:33:22 -06:00
Sean Bowe
32df26d881
Make permutation argument perfectly complete and zero-knowledge.
2021-07-02 16:20:36 -06:00
Sean Bowe
1c586c081c
Switch directionality of the permutation argument's constraints.
2021-07-01 13:47:03 -06:00
Sean Bowe
fd91b6b42c
Allow MSMs to be queried and not just raw commitments.
...
This allows us to avoid some interstitial arithmetic in the vanishing argument.
2021-07-01 12:42:24 -06:00
therealyingtong
502f0c85dc
Input as associated type on EncodedChallenge
...
Use Input as an associated type instead of a type parameter, to
reduce infection
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
2021-05-07 22:21:54 +08:00
therealyingtong
32f011d52d
Replace ChallengeSpace with EncodedChallenge API
...
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
2021-05-01 09:30:08 +08:00
therealyingtong
1a61eaa5d9
Propagate type changes
2021-04-23 19:18:41 +08:00
Jack Grigg
b4ed5295fe
Migrate to group traits
...
The `Curve` trait is now `CurveExt: group::prime::PrimeCurve`, and
`CurveAffine` is now `CurveAffine: group::prime::PrimeCurveAffine`.
There is no `CurveAffine` trait in `group`, and it's a widely-used
trait in this crate, so we don't rename it to `CurveAffineExt`.
2021-02-22 20:20:23 +00:00
therealyingtong
a19dc68dee
Use Column<Any> in Permutation::Argument
2021-02-17 21:32:17 +08:00
therealyingtong
ffdd739f85
Only write k in Params; calculate n when reading
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-01-24 08:07:30 +08:00
therealyingtong
58479fbcc3
Refactor keygen to generate pk from vk.
2021-01-24 08:07:30 +08:00
Kris Nuttycombe
74b2aa715f
Require Rotation instead of i32 for relative rows in circuits.
...
Co-authored-by: str4d <thestr4d@gmail.com>
2021-01-14 11:57:32 -07:00
Sean Bowe
e4dac4f621
clippy: remove unnecessarily explicit lifetimes and return types
2021-01-14 08:53:19 -07:00
Jack Grigg
d95e4e4724
clippy: Remove unnecessary Result
2021-01-14 08:46:25 -07:00
Sean Bowe
ec2d8db8cb
Multiopen prover never needed evals to be specified.
...
The Lagrange interpolation we were doing was pointless. kate_division sheds the constant
term off each time it is invoked because the quotient polynomial isn't affected by it.
This means we were modifying coefficients that end up getting discarded anyway; the
quotient polynomial coefficients are already determined exactly by the leading coefficients
and the fact that a root exists at each of the points.
2021-01-13 17:22:32 -07:00
ebfull
ccca639591
Merge pull request #111 from zcash/transcript-api-2
...
New Transcript API (and modified commitment scheme)
2021-01-13 16:50:47 -07:00
Sean Bowe
775151a67d
Change absorb_ to read_ in subprotocols.
2021-01-13 15:47:35 -07:00
Jack Grigg
64b06735bf
Expose MockProver in crate, and add documentation
2021-01-06 21:52:56 +00:00
therealyingtong
fb939f17a9
Add permutation check to MockProver
2021-01-06 21:52:56 +00:00
Sean Bowe
c5e0364962
Remove the Read/Write type parameters from Transcript{Read,Write}.
2021-01-06 10:45:11 -07:00
Sean Bowe
06552eec44
Update the PLONK implementation to adapt to the new transcript API.
2021-01-06 10:45:11 -07:00
Jack Grigg
f49e1e6177
Fix breakage of trait resolution in Rust 1.49.0
...
Previously, `ChallengeScalar` could use the operator traits defined on
the `F: Field` type it wrapped, due to its `impl Deref<Target = F>`.
This was technically ambiguous, and Rust 1.49.0 makes that ambiguity an
error.
We could fix this by adding operator impls with `ChallengeScalar` on the
RHS, but that would conflict with zcash/halo2#111 . Instead we manually
dereference every challenge scalar when used in an arithmetic operation.
2021-01-06 00:48:29 +00:00
Jack Grigg
90c50fdd11
Refactor permutation proofs to reflect the separate permutations
2020-12-22 23:51:32 +00:00
Jack Grigg
62cace289b
Add a few comments to the permutation construction code
...
We mainly point at the design document that describes the algorithm.
2020-12-22 20:25:33 +00:00
Jack Grigg
838d21f2be
Refactor permutation keygen to reflect the separate permutations
2020-12-22 18:11:42 +00:00
Sean Bowe
2e65229920
Remove unnecessary Clone impl from plonk::permutation::prover::Committed.
2020-12-02 09:50:45 -07:00
Jack Grigg
3d6afd7b8e
permutation: Clean up opening chains
2020-12-01 22:09:50 +00:00
Jack Grigg
dd3d1dd68b
Small type annotation cleanups
2020-12-01 21:49:07 +00:00
Jack Grigg
a63e6e25d8
Restrict visibility of PLONK challenges to plonk module
2020-12-01 21:14:14 +00:00
Jack Grigg
7422efca72
s/permutation::Proof::commit/permutation::Argument::commit
...
Once we refactor the permutation argument implementation to be integrated
as Vec<permutation::Proof>, we can change this again to just map from the
Vec<permutation::Argument> inside ConstraintSystem.
2020-12-01 21:10:31 +00:00
Jack Grigg
66240800a3
Move permutation keygen into plonk::permutation::keygen
2020-12-01 21:10:31 +00:00
Jack Grigg
f63f3ff2af
Introduce typed challenge scalars
...
This also centralises the challenge generation logic in Challenge::get,
ensuring it is consistent across the codebase.
2020-12-01 21:09:03 +00:00
Jack Grigg
4a3b830165
Extract permutation argument into a submodule
2020-12-01 21:03:31 +00:00