plonk

package
v2.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 18, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Setup

func Setup(spr *cs.SparseR1CS, srs, srsLagrange kzg.SRS) (*ProvingKey, *VerifyingKey, error)

func Verify

func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector, opts ...backend.VerifierOption) error

Types

type Proof

type Proof struct {

	// Commitments to the solution vectors
	LRO [3]kzg.Digest

	// Commitment to Z, the permutation polynomial
	Z kzg.Digest

	// Commitments to h1, h2, h3 such that h = h1 + Xⁿ⁺²*h2 + X²⁽ⁿ⁺²⁾*h3 is the quotient polynomial
	H [3]kzg.Digest

	Bsb22Commitments []kzg.Digest

	// Batch opening proof of linearizedPolynomial, l, r, o, s1, s2, qCPrime
	BatchedProof kzg.BatchOpeningProof

	// Opening proof of Z at zeta*mu
	ZShiftedOpening kzg.OpeningProof
}

func Prove

func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness witness.Witness, opts ...backend.ProverOption) (*Proof, error)

func (*Proof) ReadFrom

func (proof *Proof) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads binary representation of Proof from r

func (*Proof) WriteRawTo

func (proof *Proof) WriteRawTo(w io.Writer) (int64, error)

WriteRawTo writes binary encoding of Proof to w without point compression

func (*Proof) WriteTo

func (proof *Proof) WriteTo(w io.Writer) (int64, error)

WriteTo writes binary encoding of Proof to w with point compression

type ProvingKey

type ProvingKey struct {
	Kzg, KzgLagrange kzg.ProvingKey

	// Verifying Key is embedded into the proving key (needed by Prove)
	Vk *VerifyingKey
}

ProvingKey stores the data needed to generate a proof

func (*ProvingKey) ReadFrom

func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads from binary representation in r into ProvingKey

func (*ProvingKey) UnsafeReadFrom

func (pk *ProvingKey) UnsafeReadFrom(r io.Reader) (int64, error)

UnsafeReadFrom reads from binary representation in r into ProvingKey without subgroup checks

func (*ProvingKey) VerifyingKey

func (pk *ProvingKey) VerifyingKey() interface{}

VerifyingKey returns pk.Vk

func (*ProvingKey) WriteRawTo

func (pk *ProvingKey) WriteRawTo(w io.Writer) (n int64, err error)

WriteRawTo writes binary encoding of ProvingKey to w without point compression

func (*ProvingKey) WriteTo

func (pk *ProvingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of ProvingKey to w

type Trace

type Trace struct {
	// Constants describing a plonk circuit. The first entries
	// of LQk (whose index correspond to the public inputs) are set to 0, and are to be
	// completed by the prover. At those indices i (so from 0 to nb_public_variables), LQl[i]=-1
	// so the first nb_public_variables constraints look like this:
	// -1*Wire[i] + 0* + 0 . It is zero when the constant coefficient is replaced by Wire[i].
	Ql, Qr, Qm, Qo, Qk *iop.Polynomial
	Qcp                []*iop.Polynomial

	// Polynomials representing the splitted permutation. The full permutation's support is 3*N where N=nb wires.
	// The set of interpolation is <g> of size N, so to represent the permutation S we let S acts on the
	// set A=(<g>, u*<g>, u^{2}*<g>) of size 3*N, where u is outside <g> (its use is to shift the set <g>).
	// We obtain a permutation of A, A'. We split A' in 3 (A'_{1}, A'_{2}, A'_{3}), and S1, S2, S3 are
	// respectively the interpolation of A'_{1}, A'_{2}, A'_{3} on <g>.
	S1, S2, S3 *iop.Polynomial

	// S full permutation, i -> S[i]
	S []int64
}

Trace stores a plonk trace as columns

func NewTrace

func NewTrace(spr *cs.SparseR1CS, domain *fft.Domain) *Trace

NewTrace returns a new Trace object from the constraint system. It fills the constant columns ql, qr, qm, qo, qk, and qcp with the coefficients of the constraints. Size is the size of the system that is next power of 2 (nb_constraints+nb_public_variables) The permutation is also computed and stored in the Trace.

type VerifyingKey

type VerifyingKey struct {
	// Size circuit
	Size              uint64
	SizeInv           fr.Element
	Generator         fr.Element
	NbPublicVariables uint64

	// Commitment scheme that is used for an instantiation of PLONK
	Kzg kzg.VerifyingKey

	// cosetShift generator of the coset on the small domain
	CosetShift fr.Element

	// S commitments to S1, S2, S3
	S [3]kzg.Digest

	// Commitments to ql, qr, qm, qo, qcp prepended with as many zeroes (ones for l) as there are public inputs.
	// In particular Qk is not complete.
	Ql, Qr, Qm, Qo, Qk kzg.Digest
	Qcp                []kzg.Digest

	CommitmentConstraintIndexes []uint64
}

VerifyingKey stores the data needed to verify a proof: * The commitment scheme * Commitments of ql prepended with as many ones as there are public inputs * Commitments of qr, qm, qo, qk prepended with as many zeroes as there are public inputs * Commitments to S1, S2, S3

func (*VerifyingKey) ExportSolidity

func (vk *VerifyingKey) ExportSolidity(w io.Writer) error

ExportSolidity not implemented for BLS12-381

func (*VerifyingKey) NbPublicWitness

func (vk *VerifyingKey) NbPublicWitness() int

NbPublicWitness returns the expected public witness size (number of field elements)

func (*VerifyingKey) ReadFrom

func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error)

ReadFrom reads from binary representation in r into VerifyingKey

func (*VerifyingKey) UnsafeReadFrom

func (vk *VerifyingKey) UnsafeReadFrom(r io.Reader) (int64, error)

UnsafeReadFrom reads from binary representation in r into VerifyingKey. Current implementation is a passthrough to ReadFrom

func (*VerifyingKey) WriteRawTo

func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error)

WriteRawTo writes binary encoding of VerifyingKey to w without point compression

func (*VerifyingKey) WriteTo

func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error)

WriteTo writes binary encoding of VerifyingKey to w

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL