Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Setup ¶ added in v0.5.0
func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error)
Setup sets proving and verifying keys
func Verify ¶ added in v0.5.0
func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_377witness.Witness) error
Types ¶
type Proof ¶ added in v0.5.0
type Proof struct {
// Commitments to the solution vectors
LRO [3]kzg.Digest
// Commitment to Z, the permutation polynomial
Z kzg.Digest
// Commitments to h1, h2, h3 such that h = h1 + Xh2 + X**2h3 is the quotient polynomial
H [3]kzg.Digest
// Batch opening proof of h1 + zeta*h2 + zeta**2h3, linearizedPolynomial, l, r, o, s1, s2
BatchedProof kzg.BatchOpeningProof
// Opening proof of Z at zeta*mu
ZShiftedOpening kzg.OpeningProof
}
func Prove ¶ added in v0.5.0
func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bls12_377witness.Witness) (*Proof, error)
Prove from the public data
type ProvingKey ¶ added in v0.5.0
type ProvingKey struct {
// Verifying Key is embedded into the proving key (needed by Prove)
Vk *VerifyingKey
// qr,ql,qm,qo (in canonical basis).
Ql, Qr, Qm, Qo polynomial.Polynomial
// LQk (CQk) qk in Lagrange basis (canonical basis), prepended with as many zeroes as public inputs.
// Storing LQk in Lagrange basis saves a fft...
CQk, LQk polynomial.Polynomial
// Domains used for the FFTs
DomainNum, DomainH fft.Domain
// s1, s2, s3 (L=Lagrange basis, C=canonical basis)
LS1, LS2, LS3 polynomial.Polynomial
CS1, CS2, CS3 polynomial.Polynomial
// position -> permuted position (position in [0,3*sizeSystem-1])
Permutation []int64
}
ProvingKey stores the data needed to generate a proof: * the commitment scheme * ql, prepended with as many ones as they are public inputs * qr, qm, qo prepended with as many zeroes as there are public inputs. * qk, prepended with as many zeroes as public inputs, to be completed by the prover with the list of public inputs. * sigma_1, sigma_2, sigma_3 in both basis * the copy constraint permutation
func (*ProvingKey) InitKZG ¶ added in v0.5.0
func (pk *ProvingKey) InitKZG(srs kzgg.SRS) error
InitKZG inits pk.Vk.KZG using pk.DomainNum cardinality and provided SRS
This should be used after deserializing a ProvingKey as pk.Vk.KZG is NOT serialized
func (*ProvingKey) ReadFrom ¶ added in v0.5.0
func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)
ReadFrom reads from binary representation in r into ProvingKey
func (*ProvingKey) VerifyingKey ¶ added in v0.5.0
func (pk *ProvingKey) VerifyingKey() interface{}
VerifyingKey returns pk.Vk
type VerifyingKey ¶ added in v0.5.0
type VerifyingKey struct {
// Size circuit
Size uint64
SizeInv fr.Element
Generator fr.Element
NbPublicVariables uint64
// shifters for extending the permutation set: from s=<1,z,..,z**n-1>,
// extended domain = s || shifter[0].s || shifter[1].s
Shifter [2]fr.Element
// Commitment scheme that is used for an instantiation of PLONK
KZGSRS *kzg.SRS
// S commitments to S1, S2, S3
S [3]kzg.Digest
// Commitments to ql, qr, qm, qo prepended with as many zeroes (ones for l) as there are public inputs.
// In particular Qk is not complete.
Ql, Qr, Qm, Qo, Qk kzg.Digest
}
VerifyingKey stores the data needed to verify a proof: * The commitment scheme * Commitments of ql prepended with as many ones as there are public inputs * Commitments of qr, qm, qo, qk prepended with as many zeroes as there are public inputs * Commitments to S1, S2, S3
func (*VerifyingKey) InitKZG ¶ added in v0.5.0
func (vk *VerifyingKey) InitKZG(srs kzgg.SRS) error
InitKZG inits vk.KZG using provided SRS
This should be used after deserializing a VerifyingKey as vk.KZG is NOT serialized
Note that this instantiate a new FFT domain using vk.Size
func (*VerifyingKey) NbPublicWitness ¶ added in v0.5.0
func (vk *VerifyingKey) NbPublicWitness() int
NbPublicWitness returns the expected public witness size (number of field elements)
Source Files