plonk

package
v0.9.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 18, 2023 License: Apache-2.0 Imports: 22 Imported by: 11

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildTrace

func BuildTrace(spr *cs.SparseR1CS, pt *Trace)

BuildTrace fills the constant columns ql, qr, qm, qo, qk from the sparser1cs. Size is the size of the system that is nb_constraints+nb_public_variables

func Setup

func Setup(spr *cs.SparseR1CS, kzgSrs kzg.SRS) (*ProvingKey, *VerifyingKey, error)

func Verify

func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error

Types

type Proof

type Proof struct {

	// Commitments to the solution vectors
	LRO [3]kzg.Digest

	// Commitment to Z, the permutation polynomial
	Z kzg.Digest

	// Commitments to h1, h2, h3 such that h = h1 + Xh2 + X**2h3 is the quotient polynomial
	H [3]kzg.Digest

	Bsb22Commitments []kzg.Digest

	// Batch opening proof of h1 + zeta*h2 + zeta**2h3, linearizedPolynomial, l, r, o, s1, s2, qCPrime
	BatchedProof kzg.BatchOpeningProof

	// Opening proof of Z at zeta*mu
	ZShiftedOpening kzg.OpeningProof
}

func Prove

func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness witness.Witness, opts ...backend.ProverOption) (*Proof, error)

func (*Proof) ReadFrom

func (proof *Proof) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads binary representation of Proof from r

func (*Proof) WriteRawTo

func (proof *Proof) WriteRawTo(w io.Writer) (int64, error)

WriteRawTo writes binary encoding of Proof to w without point compression

func (*Proof) WriteTo

func (proof *Proof) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of Proof to w with point compression

type ProvingKey

type ProvingKey struct {
	Kzg kzg.ProvingKey

	// Verifying Key is embedded into the proving key (needed by Prove)
	Vk *VerifyingKey

	// Domains used for the FFTs.
	// Domain[0] = small Domain
	// Domain[1] = big Domain
	Domain [2]fft.Domain
	// contains filtered or unexported fields
}

ProvingKey stores the data needed to generate a proof: * the commitment scheme * ql, prepended with as many ones as they are public inputs * qr, qm, qo prepended with as many zeroes as there are public inputs. * qk, prepended with as many zeroes as public inputs, to be completed by the prover with the list of public inputs. * sigma_1, sigma_2, sigma_3 in both basis * the copy constraint permutation

func (*ProvingKey) ReadFrom

func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads from binary representation in r into ProvingKey

func (*ProvingKey) UnsafeReadFrom

func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)

UnsafeReadFrom reads from binary representation in r into ProvingKey without subgroup checks

func (*ProvingKey) VerifyingKey

func (pk *ProvingKey) VerifyingKey() interface{}

VerifyingKey returns pk.Vk

func (*ProvingKey) WriteRawTo

func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of ProvingKey to w without point compression

func (*ProvingKey) WriteTo

func (pk *ProvingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of ProvingKey to w

type Trace

type Trace struct {

	// Constants describing a plonk circuit. The first entries
	// of LQk (whose index correspond to the public inputs) are set to 0, and are to be
	// completed by the prover. At those indices i (so from 0 to nb_public_variables), LQl[i]=-1
	// so the first nb_public_variables constraints look like this:
	// -1*Wire[i] + 0* + 0 . It is zero when the constant coefficient is replaced by Wire[i].
	Ql, Qr, Qm, Qo, Qk *iop.Polynomial
	Qcp                []*iop.Polynomial

	// Polynomials representing the splitted permutation. The full permutation's support is 3*N where N=nb wires.
	// The set of interpolation is <g> of size N, so to represent the permutation S we let S acts on the
	// set A=(<g>, u*<g>, u^{2}*<g>) of size 3*N, where u is outside <g> (its use is to shift the set <g>).
	// We obtain a permutation of A, A'. We split A' in 3 (A'_{1}, A'_{2}, A'_{3}), and S1, S2, S3 are
	// respectively the interpolation of A'_{1}, A'_{2}, A'_{3} on <g>.
	S1, S2, S3 *iop.Polynomial

	// S full permutation, i -> S[i]
	S []int64
}

Trace stores a plonk trace as columns

type VerifyingKey

type VerifyingKey struct {

	// Size circuit
	Size              uint64
	SizeInv           fr.Element
	Generator         fr.Element
	NbPublicVariables uint64

	// Commitment scheme that is used for an instantiation of PLONK
	Kzg kzg.VerifyingKey

	// cosetShift generator of the coset on the small domain
	CosetShift fr.Element

	// S commitments to S1, S2, S3
	S [3]kzg.Digest

	// Commitments to ql, qr, qm, qo, qcp prepended with as many zeroes (ones for l) as there are public inputs.
	// In particular Qk is not complete.
	Ql, Qr, Qm, Qo, Qk kzg.Digest
	Qcp                []kzg.Digest

	CommitmentConstraintIndexes []uint64
}

VerifyingKey stores the data needed to verify a proof: * The commitment scheme * Commitments of ql prepended with as many ones as there are public inputs * Commitments of qr, qm, qo, qk prepended with as many zeroes as there are public inputs * Commitments to S1, S2, S3

func (*VerifyingKey) ExportSolidity

func (vk *VerifyingKey) ExportSolidity(w io.Writer) error

ExportSolidity not implemented for BLS12-377

func (*VerifyingKey) NbPublicWitness

func (vk *VerifyingKey) NbPublicWitness() int

NbPublicWitness returns the expected public witness size (number of field elements)

func (*VerifyingKey) ReadFrom

func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads from binary representation in r into VerifyingKey

func (*VerifyingKey) WriteRawTo

func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error)

WriteRawTo writes binary encoding of VerifyingKey to w without point compression

func (*VerifyingKey) WriteTo

func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of VerifyingKey to w

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL