5f89227cdd
Merge pull request #135 from zcash/serialize-params
...
Serialize params
2021-01-30 11:43:55 -07:00
7448f9b930
Merge pull request #156 from zcash/clippy-fixes
...
Clippy lint fixes
2021-01-30 13:14:46 +13:00
8b2082877e
Remove unnecessary let bindings
2021-01-29 23:43:13 +00:00
2255fbec8b
Make RegionShape struct public
2021-01-28 10:55:17 +08:00
faf5da15c9
Track column usage in RegionShape.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-01-28 10:55:02 +08:00
ffdd739f85
Only write k in Params; calculate n when reading
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-01-24 08:07:30 +08:00
e0f9fe1dcf
Clippy fixes + address review comments
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-01-24 08:07:30 +08:00
58479fbcc3
Refactor keygen to generate pk from vk.
2021-01-24 08:07:30 +08:00
b9737ada93
Add serialization support for polycommit Params.
2021-01-24 08:05:58 +08:00
ba591c3b39
Add serialization support for PLONK verifying keys.
2021-01-24 08:05:58 +08:00
a0d7998785
Add implementations of read/write to CurveAffine and FieldExt.
2021-01-24 08:05:58 +08:00
d9d20bfe36
Break out domain creation logic into separate method.
2021-01-24 08:04:13 +08:00
963a91464a
Merge pull request #120 from daira/sqrt_ratio
...
Add sqrt_ratio implementation.
2021-01-24 07:58:14 +13:00
c7a12ee178
Add documentation of perfect hash parameters.
2021-01-17 02:24:09 +00:00
adc3c9c2ea
Fix incorrect variable name in a comment.
...
Co-authored-by: str4d <thestr4d@gmail.com>
2021-01-17 01:52:49 +00:00
94dd9cc421
Fix doctests.
2021-01-14 13:31:48 -07:00
74b2aa715f
Require Rotation instead of i32 for relative rows in circuits.
...
Co-authored-by: str4d <thestr4d@gmail.com>
2021-01-14 11:57:32 -07:00
483cb1139f
Remove rotations from ConstraintSystem
2021-01-14 11:35:23 -07:00
e4dac4f621
clippy: remove unnecessarily explicit lifetimes and return types
2021-01-14 08:53:19 -07:00
d95e4e4724
clippy: Remove unnecessary Result
2021-01-14 08:46:25 -07:00
ec8c925587
doc: Fix broken intra-doc link
2021-01-14 08:46:25 -07:00
95314d0f69
clippy: Add type definitions for complex types
2021-01-14 08:46:23 -07:00
75915f67ed
clippy: Small cleanups
2021-01-14 08:43:25 -07:00
6dd7595438
clippy: Remove useless actions
...
- Dropping a reference does nothing.
- Dropping a Copy type drops a copy.
- No need to clone the last usage of a variable.
2021-01-14 08:43:25 -07:00
6983bd1bbc
clippy: Use Option::ok_or_else to construct errors from functions
2021-01-14 08:43:25 -07:00
288a21ef1e
Replace the Tonelli-Shanks sqrt algorithm with the table-based one.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-14 02:34:43 +00:00
c5e48fdd06
Address @ebfull's review comments.
...
Co-authored-by: Sean Bowe <sean@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-14 02:34:43 +00:00
af9834d68c
Implement `sqrt_alt`, a more efficient way of doing `sqrt_ratio(num, one())`.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-14 02:34:43 +00:00
806748fbc4
Use addition chains for powering by (T-1)/2.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-14 02:34:43 +00:00
227025b7b3
Avoid exposing implementation details of the square root implementation.
...
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-14 02:34:43 +00:00
e13ee2c8ff
Add sqrt_ratio implementation.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-14 02:34:43 +00:00
ec2d8db8cb
Multiopen prover never needed evals to be specified.
...
The Lagrange interpolation we were doing was pointless. kate_division sheds the constant
term off each time it is invoked because the quotient polynomial isn't affected by it.
This means we were modifying coefficients that end up getting discarded anyway; the
quotient polynomial coefficients are already determined exactly by the leading coefficients
and the fact that a root exists at each of the points.
2021-01-13 17:22:32 -07:00
ccca639591
Merge pull request #111 from zcash/transcript-api-2
...
New Transcript API (and modified commitment scheme)
2021-01-13 16:50:47 -07:00
1f510016d8
Simplifications to some logic.
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2021-01-13 15:51:48 -07:00
775151a67d
Change absorb_ to read_ in subprotocols.
2021-01-13 15:47:35 -07:00
9a26ef1acd
Refactor the Committed structure.
2021-01-13 15:44:37 -07:00
cc6b0bb7f2
Rename blind to \xi for consistency.
2021-01-13 15:24:44 -07:00
47d021ceb3
Add reference to issue in TODO comment.
2021-01-13 08:41:14 -07:00
1e4b449934
Merge pull request #125 from zcash/circuit-traits
...
Circuit component traits
2021-01-12 09:23:21 -07:00
e1a772d6e1
Remove transcript forking API.
2021-01-12 07:40:31 -07:00
f308eb969c
Remove deterministic square root calculation as it's no longer needed.
2021-01-12 07:40:26 -07:00
98c1d80c90
Avoid square challenges and forking in inner product argument
...
This modifies the scheme to be almost identical to the construction
outlined in Appenix A.2 of "Proof-Carrying Data from Accumulation
Schemes" (https://eprint.iacr.org/2020/499 ). The only remaining
difference is that we do not compute [v] U but instead subtract
[v] G_0 from the commitment before opening.
2021-01-12 07:40:20 -07:00
d94e9b3daf
Remove unnecessary trailing semicolon
2021-01-08 02:22:16 +00:00
f24b60b5b0
Add a placeholder module for gadgets
2021-01-08 01:55:10 +00:00
7e2406cc77
Implement a simple single-chip layouter
2021-01-08 01:54:44 +00:00
17da891b25
General traits and structs for implementing circuits
2021-01-08 01:54:18 +00:00
08da49353e
Fix clippy lints in MockProver
2021-01-07 12:42:04 +00:00
8590211585
Remove unnecessary parts from MockProver per review comments
2021-01-06 21:52:56 +00:00
49f1598c0e
Add example to MockProver documentation
...
Also fixes a bug in MockProver::verify (which was exposing an internal
implementation detail as an incorrect row numbering).
2021-01-06 21:52:56 +00:00
64b06735bf
Expose MockProver in crate, and add documentation
2021-01-06 21:52:56 +00:00
fb939f17a9
Add permutation check to MockProver
2021-01-06 21:52:56 +00:00
6eebf3994b
Add MockProver for developing circuits
2021-01-06 21:52:56 +00:00
c8dedf2ec3
Fix challenge multiplications as per #119 .
2021-01-06 10:47:06 -07:00
c5e0364962
Remove the Read/Write type parameters from Transcript{Read,Write}.
2021-01-06 10:45:11 -07:00
dff5a3a692
Generate the URS using a homebrew mixture of blake2b and try-and-increment.
2021-01-06 10:45:11 -07:00
a2999accb5
Rename DummyHash{Reader,Writer} to DummyHash{Read,Write}.
2021-01-06 10:45:11 -07:00
7ffd28a1b5
Remove unnecessary separate msm from commitment::verify_proof.
2021-01-06 10:45:11 -07:00
4ecbfb548e
Remove unnecessary lifetimes.
2021-01-06 10:45:11 -07:00
06552eec44
Update the PLONK implementation to adapt to the new transcript API.
2021-01-06 10:45:11 -07:00
5be7d9525d
Update multiopen APIs to reflect changes made to Transcript APIs
2021-01-06 10:45:10 -07:00
d30c6b62e4
Modification of the polynomial commitment scheme to compensate for Transcript API changes.
2021-01-06 10:40:26 -07:00
fb232ddec0
Change API for dealing with transcripts to integrate proof reading/writing.
2021-01-06 10:39:11 -07:00
f49e1e6177
Fix breakage of trait resolution in Rust 1.49.0
...
Previously, `ChallengeScalar` could use the operator traits defined on
the `F: Field` type it wrapped, due to its `impl Deref<Target = F>`.
This was technically ambiguous, and Rust 1.49.0 makes that ambiguity an
error.
We could fix this by adding operator impls with `ChallengeScalar` on the
RHS, but that would conflict with zcash/halo2#111 . Instead we manually
dereference every challenge scalar when used in an arithmetic operation.
2021-01-06 00:48:29 +00:00
90c50fdd11
Refactor permutation proofs to reflect the separate permutations
2020-12-22 23:51:32 +00:00
62cace289b
Add a few comments to the permutation construction code
...
We mainly point at the design document that describes the algorithm.
2020-12-22 20:25:33 +00:00
838d21f2be
Refactor permutation keygen to reflect the separate permutations
2020-12-22 18:11:42 +00:00
9df7b5386f
Account more rigorously for the degrees of permutations' and lookups' constraints.
2020-12-22 08:59:08 -07:00
65ed1d8568
Check h_evals/h_commitments lengths in vanishing argument verifier.
2020-12-22 08:59:06 -07:00
8389389d37
model: metrics 0.13.0-alpha.13
2020-12-22 12:27:36 +00:00
c25b7e7d09
cargo fmt
2020-12-13 10:37:32 -07:00
7c0e56a44e
Merge pull request #84 from zcash/pasta-curves
...
Replace Tweedle curves with Pasta curves
2020-12-13 08:51:52 -07:00
1c0daa5478
Add leading zeroes to hex in some constants.
2020-12-11 13:25:18 -07:00
0101014268
Use constants where applicable in field implementations
...
Co-authored-by: str4d <jack@electriccoin.co>
2020-12-11 11:54:32 -07:00
8360b94f89
Extract plonk::vanishing::{Argument, Proof} from prover and verifier
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2020-12-08 00:57:14 +08:00
81345e0cf1
Change ZETA constant of Fp to make it consistent with the endomorphism over Fq.
2020-12-07 09:42:33 -07:00
e5f55a8576
Abstract add_rotation() helper in plonk::circuit
2020-12-06 07:19:44 +08:00
4273bbb2ba
[Documentation] Consistently use zero-based numbering
2020-12-06 07:10:09 +08:00
30c13d5a6a
Further cleanups
...
Co-authored-by: ebfull <ewillbefull@gmail.com>
2020-12-05 13:14:50 +08:00
e7c4213537
Remove duplicative from_bytes_wide method in fq.rs; it already exists in the trait impl for FieldExt.
2020-12-04 17:22:02 -07:00
3b91899a19
Make comment consistent between fq.rs / fp.rs
2020-12-04 15:01:44 -07:00
ecc805fa35
Correct privacy of lookup structs + minor cleanups
...
Co-authored-by: str4d <jack@electriccoin.co>
2020-12-04 09:19:15 +08:00
6c0e6f7348
cargo fmt
2020-12-03 13:59:17 -07:00
95e41fcfcf
Rename curves to Pallas/Vesta (Pasta).
2020-12-03 13:47:47 -07:00
7536af8b69
Implement Fp/Fq for the Pallas and Vesta curves.
...
Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>
2020-12-03 13:46:13 -07:00
2284bbd0d8
Deduplicate Argument::commit_permuted() and rename {input,table}_values -> {input,table}_columns
2020-12-03 14:00:16 +08:00
9a3d1b1d05
Optimisations and documentation updates
2020-12-03 12:54:25 +08:00
e51ab7eaa7
Linearise state transition from Argument -> Permuted -> Committed
2020-12-03 12:11:00 +08:00
0a85e93714
Add lookup to circuit and test
2020-12-03 10:50:20 +08:00
0c81e9adab
Use lookup mod in plonk::prover and plonk::verifier
2020-12-03 10:50:20 +08:00
19c1b20063
Add lookup::verifier methods
2020-12-03 10:50:20 +08:00
c692311a12
Add Evaluated::open() and Evaluated::build() to lookup::prover
2020-12-03 10:50:20 +08:00
6ccf58fc7c
Add Constructed::evaluate() to lookup::prover
2020-12-03 10:50:20 +08:00
39df4954b5
Add Committed::construct() to lookup::prover
2020-12-03 10:50:20 +08:00
2d0f4a11e3
Add commit_product() to lookup::prover
2020-12-03 10:50:20 +08:00
46eed7be93
Add commit_permuted() in lookup::prover
2020-12-03 10:50:20 +08:00
02344eb711
Add lookup mod and structs
2020-12-03 10:50:20 +08:00
2ba44cff9f
Add theta challenge
2020-12-03 10:50:20 +08:00
5d891e029d
Add fixed_values to ProvingKey
2020-12-03 10:50:20 +08:00
2e65229920
Remove unnecessary Clone impl from plonk::permutation::prover::Committed.
2020-12-02 09:50:45 -07:00
4d4c79be58
Move Challenge and ChallengeScalar into the transcript module
2020-12-01 22:40:54 +00:00
2e6ca274a4
Fix challenge types in poly::multiopen and poly::commitment
...
The argument to the poly::commitment prover and verifier was mistakenly
represented as a challenge, when in fact the commitments may be opened at
any scalar (which just happens to be a challenge within poly::multiopen).
The poly::commitment APIs are now public again.
2020-12-01 22:34:18 +00:00
3d6afd7b8e
permutation: Clean up opening chains
2020-12-01 22:09:50 +00:00
dd3d1dd68b
Small type annotation cleanups
2020-12-01 21:49:07 +00:00
f0723dbbcc
multiopen: Rename [x_4, x_5] challenges to [x_1, x_2]
...
Also added types for these challenges, even though it's not technically
necessary yet because we don't pass these around anywhere.
2020-12-01 21:42:32 +00:00
eb7ce442f9
Rename ChallengeX6 to ChallengeZ
2020-12-01 21:40:16 +00:00
a63e6e25d8
Restrict visibility of PLONK challenges to plonk module
2020-12-01 21:14:14 +00:00
7422efca72
s/permutation::Proof::commit/permutation::Argument::commit
...
Once we refactor the permutation argument implementation to be integrated
as Vec<permutation::Proof>, we can change this again to just map from the
Vec<permutation::Argument> inside ConstraintSystem.
2020-12-01 21:10:31 +00:00
66240800a3
Move permutation keygen into plonk::permutation::keygen
2020-12-01 21:10:31 +00:00
f63f3ff2af
Introduce typed challenge scalars
...
This also centralises the challenge generation logic in Challenge::get,
ensuring it is consistent across the codebase.
2020-12-01 21:09:03 +00:00
63e3bc1e15
Remove unnecessary Transcript::init_with_hashers constructor
2020-12-01 21:03:31 +00:00
4a3b830165
Extract permutation argument into a submodule
2020-12-01 21:03:31 +00:00
cdbc41148a
Migrate to ff traits
...
The `Field` trait in this crate is now `FieldExt: ff::PrimeField`.
2020-12-01 20:55:03 +00:00
72471dc07e
Clippy fixes
2020-11-30 23:57:48 +08:00
0b2ec8965f
Update documentation in polycommit verifier
2020-11-30 15:28:19 +08:00
d168f5c21b
Parallelize and rename methods in msm.rs
2020-11-30 15:28:19 +08:00
a0a9538132
Use renamed broken_intra_doc_links lint
2020-11-27 14:40:37 +00:00
e5e6700e10
Pin most recent metrics alpha
2020-11-25 19:56:52 +00:00
875c223748
Simplify h_poly expression evaluation in Proof::create
2020-11-24 23:43:48 +00:00
61c9392475
Remove query allocations from Proof::create
...
multiopen::Proof::create takes `instances: IntoIterator`, so we can just
pass it an iterator directly.
2020-11-24 18:25:55 +00:00
6360da1f4e
Remove query allocations from Proof::verify
...
multiopen::Proof::verify takes `queries: IntoIterator`, so we can just
pass it an iterator directly.
2020-11-24 18:23:27 +00:00
7f29ab913d
Simplify h(x_3) computation in verifier using Horner's rule
...
Closes zcash/halo2#45
2020-11-24 18:18:45 +00:00
feba8e2fdf
Allocate permutation_modified_advice once in Proof::create
2020-11-24 18:18:45 +00:00
cc5f45231d
Merge pull request #42 from zcash/plonk-benches
...
PLONK benchmarks
2020-11-24 18:14:07 +00:00
9a4f27056c
Fix clippy lint in metrics model doctest
2020-11-24 17:56:33 +00:00
3eb6712c6c
Add aux information to metrics
2020-11-24 09:39:34 +08:00
236b3a6692
Collect some verifier metrics
2020-11-23 12:47:51 +00:00
d4424db8d4
Collect some prover metrics
2020-11-23 12:47:51 +00:00
fb8f67dfe5
Add a simple metrics Recorder for counting things in models
2020-11-23 12:47:42 +00:00
bffab9953e
Conditionally squeeze scalar hasher before interacting with base hasher
2020-11-16 21:28:37 +00:00
15682bf16f
Make init_with_hashers() internal to transcript crate
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2020-11-16 21:28:37 +00:00
7822201c9c
Remove redundant point checks in commitment verifier
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2020-11-16 21:28:37 +00:00
2375507f4f
Update error handling
2020-11-16 21:26:46 +00:00
43337dea1b
Make Transcript generic over curve points
...
Co-authored-by: Jack Grigg <jack@electriccoin.co>
2020-11-16 21:26:46 +00:00
71111e88b7
Type aliases for the tweedle groups
2020-11-12 21:45:56 +00:00
3407d13e4b
Move curves and fields into tweedle module
2020-11-12 21:36:59 +00:00
f4c15760f2
Use explicit trait paths in arithmetic macros
2020-11-12 19:38:27 +00:00
5a2f474616
Merge pull request #56 from zcash/coset-docs
...
Add to documentation for coset evaluation domain
2020-11-11 08:56:03 -07:00
5d1e1a29db
Merge pull request #51 from zcash/update-ci
...
Update Actions CI with improved workflow
2020-11-11 08:52:59 -07:00
a856137619
Minor refactors
...
Co-authored-by: str4d <jack@electriccoin.co>
2020-11-11 13:56:34 +08:00
28e07eab16
Add to documentation for coset evaluation domain
2020-11-10 13:44:52 +08:00
766caf9214
Make getters for column index() and column_type()
2020-11-10 00:45:52 +08:00
0519a522aa
Use TryFrom to convert Column<Any> to other column types
2020-11-10 00:39:08 +08:00
22b6d5bd70
Cleanups in circuit.rs
2020-11-07 14:27:38 +08:00
34c6cba537
Add generic query_any_index() and get_any_query_index methods
2020-11-06 12:39:51 +08:00
075988ae4e
Introduce Column struct and ColumnType trait
2020-11-06 11:29:42 +08:00
2034179d82
Rename wire -> column
2020-11-06 11:18:12 +08:00
10676657f4
Fix stable clippy lints
2020-10-30 01:29:05 +00:00
5a6a45c6a8
Fix deref breakage with nightly-2020-10-06
...
I think this is related to rust-lang/rust#77638
2020-10-30 01:21:09 +00:00
011132337f
Remove notes on multiopen module
2020-10-20 08:57:48 -06:00
3761419ebc
Add documentation for multiopen.rs
2020-10-18 20:09:44 +08:00
a30719c245
Minor changes to multiopen
...
Co-authored-by: ebfull <ewillbefull@gmail.com>
2020-10-18 20:09:40 +08:00
1e9f7f37c6
Minor improvements to multiopen.
2020-10-15 17:16:44 -06:00
9d572c181d
Remove unnecessary enumeration in multiopen prover.
2020-10-15 17:12:17 -06:00
685bf79613
Relocate x_5 challenge sampling location to simplify logic.
2020-10-15 17:11:06 -06:00
123cacc7cc
Remove additional unnecessary vector clone from multiopen prover.
2020-10-15 17:06:35 -06:00
55ef4ea1f7
Unify the construct_intermediate_sets function between multiopen prover and verifier.
2020-10-15 17:01:30 -06:00
d3f593e89c
Avoid unnecessary enumeration.
2020-10-15 14:18:02 -06:00
3955da435c
Avoid unnecessary vector cloning in multiopen.
2020-10-15 14:17:03 -06:00
588de0e024
Add test for lagrange interpolation.
2020-10-15 14:15:03 -06:00
63d7de3bc2
Perform inversions in lagrange_interpolate as part of a batch.
2020-10-15 14:08:13 -06:00
5c563eca12
Do not enumerate product inside of lagrange_interpolate.
2020-10-15 13:57:04 -06:00
2f7b46ffa1
Remove use of parallelize() from multiopen::prover
2020-10-14 08:16:14 +08:00
742c15bb51
Minor changes and documentation
2020-10-14 08:15:00 +08:00
24b85dec67
Remove q_evals.len() = rotations.len() check
...
q_evals should now have the same length as point_sets, which is only constructed in the multiopen verifier.
2020-10-14 00:43:48 +08:00
b62d113031
Refactor to use fold() in multiple places
2020-10-14 00:35:36 +08:00
79cabb3d8d
Move random scaling of MSM into multiopen verifier
...
Co-authored-by: Sean Bowe <ewillbefull@gmail.com>
2020-10-14 00:35:36 +08:00
088118cc5d
Refactor lagrange_interpolate() method
...
Co-authored-by: daira <daira@electriccoin.co>
Co-authored-by: str4d <jack@z.cash>
2020-10-14 00:35:36 +08:00
1441193de1
Refactoring from initial code review
...
Co-authored-by: ebfull <ewillbefull@gmail.com>
2020-10-14 00:35:36 +08:00
6f6378b2ea
More idiomatic implementation of Ord for Field
...
Co-authored-by: str4d <jack@z.cash>
2020-10-14 00:35:36 +08:00
89fd6e4d44
Use map_err() when handling multiopen::Proof::create()
...
Co-authored-by: Daira Hopwood <daira@electriccoin.co>
2020-10-14 00:35:36 +08:00
5181ca56f1
Bind &[pubinput] in plonk test_proving()
2020-10-14 00:35:36 +08:00
97873fa6ea
Use VerifierQuery and construct_intermediate_sets() in verifier
2020-10-14 00:35:36 +08:00
6cd74999ff
Use ProverQuery and construct_intermediate_sets() in prover
2020-10-14 00:35:25 +08:00
9378d0cc70
Define construct_intermediate_sets() helper method for multiopen prover and verifier
2020-10-14 00:35:25 +08:00
cbe4415870
Introduce Query and CommitmentData structs for multiopen
2020-10-14 00:35:25 +08:00
1e21c08acd
Implement Ord and PartialOrd for Field
2020-10-14 00:35:25 +08:00
07e2d390a9
Introduce Lagrange interpolation method in arithmetic.rs
2020-10-14 00:35:25 +08:00
c3d0a172a7
Create multiopen abstraction
2020-10-14 00:35:25 +08:00
67b35954f4
Move MSM into submodule.
2020-10-13 08:16:20 -06:00
2ccddac674
Split proof/input length checks into separate method of verifier
2020-09-29 17:35:24 -06:00
9672bf9725
Minor improvements to check_hx()
2020-09-29 17:14:37 -06:00
7d8daa5d05
Refactor h_eval computation into separate, more functional code.
...
Co-authored-by: str4d <thestr4d@gmail.com>
2020-09-29 16:56:21 -06:00
e275d78c7d
Simplify permutations field of ConstraintSystem
...
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
2020-09-29 08:51:00 -06:00
7a3caaad59
Fix comments
2020-09-29 08:28:00 -06:00
c97da352ee
Remove SRS and replace with ProvingKey/VerifyingKey abstractions
...
Co-authored-by: therealyingtong <yingtong@electriccoin.co>
2020-09-29 08:25:04 -06:00
4a37e05f49
cargo fmt
2020-09-25 10:21:54 -06:00
6d41693af5
Use Blind::default().
2020-09-25 10:21:15 -06:00
56b6d8bd03
Auxilary wires in PLONK are foux blinded just like fixed wires.
2020-09-25 10:21:15 -06:00
316a027784
Modify commitment opening argument so that G element can be foux blinded to align with wire blinding in PLONK.
2020-09-25 10:21:15 -06:00
3db368b40e
Move `Guard` and `Accumulator` implementations into `verifier` submodule.
2020-09-25 10:21:13 -06:00
2d1f69328f
Rename `OpeningProof` to just `Proof`.
2020-09-25 09:39:32 -06:00
a37c926a89
Address clippy lints
2020-09-20 13:09:03 -06:00
60aa2918c3
Remove get_g_scalars() from MSM.
2020-09-19 13:52:33 -06:00
6620817d81
Return errors from verifier instead of assuming points aren't at infinity in the proof.
2020-09-19 13:47:37 -06:00
73d494a72d
Various changes, including restoring permutation argument to advice wires only for now.
2020-09-19 13:31:56 -06:00
e8839a7579
Refactor wire pattern matching when computing permutation product
2020-09-19 12:39:04 -06:00
24fe3fae29
Remove aux_commitments computation from Prover; remove blinding factor when accumulator aux_evals
2020-09-19 12:39:04 -06:00
c772801f8f
Pass aux_lagrange_polys to prover as a slice
2020-09-19 12:39:04 -06:00
fd094fccd8
Add aux_commitments and aux_evals to test_proving() example
2020-09-19 12:39:04 -06:00
9482202a98
Update PLONK test_proving() example
2020-09-19 12:39:04 -06:00
ebfull
str4d
therealyingtong
Daira Hopwood
Kris Nuttycombe
therealyingtong