From c8a7f74753300842f0211339633aee007b3d3349 Mon Sep 17 00:00:00 2001 From: Sean Bowe Date: Tue, 25 Apr 2017 09:51:07 -0600 Subject: [PATCH] Add streaming prover. --- .../r1cs_ppzksnark/r1cs_ppzksnark.hpp | 6 ++ .../r1cs_ppzksnark/r1cs_ppzksnark.tcc | 70 +++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp b/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp index 36f6c1499..96bc36504 100644 --- a/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp +++ b/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp @@ -397,6 +397,12 @@ r1cs_ppzksnark_proof r1cs_ppzksnark_prover(const r1cs_ppzksnark_proving_key const r1cs_ppzksnark_auxiliary_input &auxiliary_input, const r1cs_ppzksnark_constraint_system &constraint_system); +template +r1cs_ppzksnark_proof r1cs_ppzksnark_prover_streaming(std::ifstream &proving_key_file, + const r1cs_ppzksnark_primary_input &primary_input, + const r1cs_ppzksnark_auxiliary_input &auxiliary_input, + const r1cs_ppzksnark_constraint_system &constraint_system); + /* Below are four variants of verifier algorithm for the R1CS ppzkSNARK. diff --git a/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc b/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc index 697395931..84db9fc1a 100644 --- a/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc +++ b/src/snark/src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc @@ -584,6 +584,76 @@ r1cs_ppzksnark_proof r1cs_ppzksnark_prover(const r1cs_ppzksnark_proving_key return proof; } +template +r1cs_ppzksnark_proof r1cs_ppzksnark_prover_streaming(std::ifstream &proving_key_file, + const r1cs_ppzksnark_primary_input &primary_input, + const r1cs_ppzksnark_auxiliary_input &auxiliary_input, + const r1cs_ppzksnark_constraint_system &constraint_system) +{ + enter_block("Call to r1cs_ppzksnark_prover_streaming"); + + const Fr d1 = Fr::random_element(), + d2 = Fr::random_element(), + d3 = Fr::random_element(); + + enter_block("Compute the polynomial H"); + const qap_witness > qap_wit = r1cs_to_qap_witness_map(constraint_system, primary_input, auxiliary_input, d1, d2, d3); + leave_block("Compute the polynomial H"); + + enter_block("Compute the proof"); + + r1cs_ppzksnark_proof proof; + + enter_block("Compute answer to A-query", false); + { + knowledge_commitment_vector, G1 > A_query; + proving_key_file >> A_query; + proof.g_A = r1cs_compute_proof_kc, G1 >(qap_wit, A_query, qap_wit.d1); + } + leave_block("Compute answer to A-query", false); + + enter_block("Compute answer to B-query", false); + { + knowledge_commitment_vector, G1 > B_query; + proving_key_file >> B_query; + proof.g_B = r1cs_compute_proof_kc, G1 >(qap_wit, B_query, qap_wit.d2); + } + leave_block("Compute answer to B-query", false); + + enter_block("Compute answer to C-query", false); + { + knowledge_commitment_vector, G1 > C_query; + proving_key_file >> C_query; + proof.g_C = r1cs_compute_proof_kc, G1 >(qap_wit, C_query, qap_wit.d3); + } + leave_block("Compute answer to C-query", false); + + enter_block("Compute answer to H-query", false); + { + G1_vector H_query; + proving_key_file >> H_query; + proof.g_H = r1cs_compute_proof_H(qap_wit, H_query); + } + leave_block("Compute answer to H-query", false); + + enter_block("Compute answer to K-query", false); + { + G1_vector K_query; + proving_key_file >> K_query; + G1 zk_shift = qap_wit.d1*K_query[qap_wit.num_variables()+1] + + qap_wit.d2*K_query[qap_wit.num_variables()+2] + + qap_wit.d3*K_query[qap_wit.num_variables()+3]; + proof.g_K = r1cs_compute_proof_K(qap_wit, K_query, zk_shift); + } + leave_block("Compute answer to K-query", false); + + leave_block("Compute the proof"); + + leave_block("Call to r1cs_ppzksnark_prover_streaming"); + + return proof; +} + template r1cs_ppzksnark_processed_verification_key r1cs_ppzksnark_verifier_process_vk(const r1cs_ppzksnark_verification_key &vk) {