Documentation
¶
Index ¶
- func Compile(blowUpFactor int, options ...VortexOp) func(*wizard.CompiledIOP)
- type Ctx
- func (ctx *Ctx) AssignColumn(round int) func(*wizard.ProverRuntime)
- func (ctx *Ctx) CommitmentName(round int) ifaces.ColID
- func (ctx *Ctx) ComputeLinearComb(pr *wizard.ProverRuntime)
- func (ctx *Ctx) GnarkRecoverSelectedColumns(api frontend.API, vr *wizard.WizardVerifierCircuit) [][][]frontend.Variable
- func (ctx *Ctx) GnarkVerify(api frontend.API, vr *wizard.WizardVerifierCircuit)
- func (ctx *Ctx) IsCommitToPrecomputed() bool
- func (ctx *Ctx) LinCombName() ifaces.ColID
- func (ctx *Ctx) LinCombRandCoinName() coin.Name
- func (ctx *Ctx) MerkleProofName() ifaces.ColID
- func (ctx *Ctx) MerkleProofSize() int
- func (ctx *Ctx) MerkleRootName(round int) ifaces.ColID
- func (ctx *Ctx) MerkleTreeName(round int) string
- func (ctx *Ctx) NbColsToOpen() int
- func (ctx *Ctx) NumCommittedRounds() int
- func (ctx *Ctx) NumEncodedCols() int
- func (ctx *Ctx) OpenSelectedColumns(pr *wizard.ProverRuntime)
- func (ctx *Ctx) PrecomputedCommitmentNameWithoutMerkle() ifaces.ColID
- func (ctx *Ctx) PrecomputedMerkleRootName() ifaces.ColID
- func (ctx *Ctx) PrecomputedSisDigestNameWithMerkle() ifaces.ColID
- func (ctx *Ctx) RandColSelectionName() coin.Name
- func (ctx *Ctx) RecoverSelectedColumns(vr *wizard.VerifierRuntime, entryList []int) [][][]field.Element
- func (ctx *Ctx) SelectedColName(num int) ifaces.ColID
- func (ctx *Ctx) Verify(vr *wizard.VerifierRuntime) error
- func (ctx *Ctx) VortexProverStateName(round int) string
- type VortexOp
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Compile ¶
func Compile(blowUpFactor int, options ...VortexOp) func(*wizard.CompiledIOP)
Applies the Vortex compiler over the current polynomial-IOP
- blowUpFactor : inverse rate of the reed-solomon code to use
- dryTreshold : minimal number of polynomial in rounds to consider applying the Vortex transform (i.e. using Vortex). Implicitly, we consider that applying Vortex over too few vectors is not worth it. For these rounds all the "Committed" columns are swithed to "prover"
There are the following requirements:
- FOR NON-DRY ROUNDS, all the polynomials must have the same size
- The inbound wizard-IOP must be a single-point polynomial-IOP
Types ¶
type Ctx ¶
type Ctx struct {
// snapshot the self-recursion count immediately
// when the context is created
SelfRecursionCount int
// Flag indicating that we want to replace SIS by MiMC
ReplaceSisByMimc bool
// The (verifiedly) unique polynomial query
Query query.UnivariateEval
PolynomialsTouchedByTheQuery map[ifaces.ColID]struct{}
ShadowCols map[ifaces.ColID]struct{}
// Public parameters of the commitment scheme
BlowUpFactor int
DryTreshold int
CommittedRowsCount int
NumCols int
MaxCommittedRound int
VortexParams *vortex.Params
SisParams *ringsis.Params
// By rounds commitments : if a round is dried we make an empty sublist.
// Inversely, for the `driedByRounds` which track the dried commitments.
CommitmentsByRounds collection.VecVec[ifaces.ColID]
DriedByRounds collection.VecVec[ifaces.ColID]
// Items created by Vortex, includes the proof message and the coins
Items struct {
// List of items used only if the CommitPrecomputed flag is set
Precomputeds struct {
// List of the precomputeds columns that we are compiling if the
// the precomputed flag is set.
PrecomputedColums []ifaces.Column
// Merkle Root of the precomputeds columns
MerkleRoot ifaces.Column
// List of the column hashes for the precomputed columns
Dh ifaces.Column
// Committed matrix (rs encoded) of the precomputed columns
CommittedMatrix vortex.EncodedMatrix
// colHashes used in self recursion
DhWithMerkle []field.Element
// contains filtered or unexported fields
}
// (not used in the Merkle proof version)
Dh []ifaces.Column
// Alpha is a random combination linear coin
Alpha coin.Info
// Linear combination of the row-encoded matrix
Ualpha ifaces.Column
// Random column selection
Q coin.Info
// Opened columns
OpenedColumns []ifaces.Column
// MerkleProof (only used with the MerkleProof version)
// We represents all the Merkle proof as specfied here:
MerkleProofs ifaces.Column
// The Merkle roots are represented by a size 1 column
// in the wizard.
MerkleRoots []ifaces.Column
}
// Skip verification is a flag that tells the verifier Vortex to perform a
// NO-OP. This flags is can be activated by the self-recursion layer (whose
// goal is already to ensure that the verification was passing). This only
// concerns the "Vortex" part of the verification all the dried rounds are
// still explicitly verified by the verifier.
IsSelfrecursed bool
// contains filtered or unexported fields
}
Placeholder for variable commonly used within the vortex compilation
func (*Ctx) AssignColumn ¶
func (ctx *Ctx) AssignColumn(round int) func(*wizard.ProverRuntime)
Prover steps of Vortex that is run in place of committing to polynomials
func (*Ctx) CommitmentName ¶
returns a formatted message name for the commitment of the given round
func (*Ctx) ComputeLinearComb ¶
func (ctx *Ctx) ComputeLinearComb(pr *wizard.ProverRuntime)
Prover steps of Vortex that is run when committing to the linear combination
func (*Ctx) GnarkRecoverSelectedColumns ¶
func (ctx *Ctx) GnarkRecoverSelectedColumns(api frontend.API, vr *wizard.WizardVerifierCircuit) [][][]frontend.Variable
Returns the opened columns from the messages. The returned columns are split "by-commitment-round".
func (*Ctx) GnarkVerify ¶
func (ctx *Ctx) GnarkVerify(api frontend.API, vr *wizard.WizardVerifierCircuit)
func (*Ctx) IsCommitToPrecomputed ¶
Create a method to decide when to commit to the precomputed
func (*Ctx) LinCombName ¶
return the name of the random linear combination randomness
func (*Ctx) LinCombRandCoinName ¶
return the name of the linear combination random coin
func (*Ctx) MerkleProofName ¶
returns the name of the vector containing all the Merkle proofs
func (*Ctx) MerkleProofSize ¶
MerkleProofSize Returns the size of the allocated Merkle proof vector
func (*Ctx) MerkleRootName ¶
returns the name of the vector containing all the Merkle proofs
func (*Ctx) MerkleTreeName ¶
returns the name of a prover state for a given round of Vortex
func (*Ctx) NumCommittedRounds ¶
Returns the number of committed rounds. Must be called after the method compileRound has been executed. Otherwise, it will output zero.
func (*Ctx) NumEncodedCols ¶
Returns the number of encoded columns in the vortex commitment. NB: it overlaps with `vortex.Params.NumEncodedCols` but we need a separate function because we need to call it at a moment where the vortex.Params are not all available.
func (*Ctx) OpenSelectedColumns ¶
func (ctx *Ctx) OpenSelectedColumns(pr *wizard.ProverRuntime)
Prover steps of Vortex where he opens the columns selected by the verifier
func (*Ctx) PrecomputedCommitmentNameWithoutMerkle ¶
returns the name of the precomputed commitment when Merkle is not applied
func (*Ctx) PrecomputedMerkleRootName ¶
returns the name of the precomputed Merkle root when Merkle is applied
func (*Ctx) PrecomputedSisDigestNameWithMerkle ¶
returns the name of the precomputed sis digest when Merkle is applied
func (*Ctx) RandColSelectionName ¶
return the name of the linear combination
func (*Ctx) RecoverSelectedColumns ¶
func (ctx *Ctx) RecoverSelectedColumns(vr *wizard.VerifierRuntime, entryList []int) [][][]field.Element
Returns the opened columns from the messages. The returned columns are split "by-commitment-round".
func (*Ctx) SelectedColName ¶
return the name of the i-th randomly selected columns
func (*Ctx) VortexProverStateName ¶
returns the name of a prover state for a given round of Vortex
type VortexOp ¶
type VortexOp func(ctx *Ctx)
Option to be passed to vortex
func ForceNumOpenedColumns ¶
Overrides the number of opened columns (should not be used in production)
func WithDryThreshold ¶
Allows skipping rounds when there are not many polynomials
func WithSISParams ¶
Allows passing a SIS instance
Source Files