You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

163 lines
5.8 KiB

  1. //! This module implements the R1CS equivalent of `crate`.
  2. //!
  3. //! It implements field variables for `crate::{Fq, Fq2, Fq6, Fq12}`,
  4. //! group variables for `crate::{G1, G2}`, and implements constraint
  5. //! generation for computing `Bls12_377::pairing`.
  6. //!
  7. //! The field underlying these constraints is `crate::Fq`.
  8. //!
  9. //! # Examples
  10. //!
  11. //! One can perform standard algebraic operations on `FqVar`:
  12. //!
  13. //! ```
  14. //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
  15. //! use ark_std::UniformRand;
  16. //! use ark_relations::r1cs::*;
  17. //! use ark_r1cs_std::prelude::*;
  18. //! use ark_bls12_377::{*, constraints::*};
  19. //!
  20. //! let cs = ConstraintSystem::<Fq>::new_ref();
  21. //! // This rng is just for test purposes; do not use it
  22. //! // in real applications.
  23. //! let mut rng = ark_std::test_rng();
  24. //!
  25. //! // Generate some random `Fq` elements.
  26. //! let a_native = Fq::rand(&mut rng);
  27. //! let b_native = Fq::rand(&mut rng);
  28. //!
  29. //! // Allocate `a_native` and `b_native` as witness variables in `cs`.
  30. //! let a = FqVar::new_witness(ark_relations::ns!(cs, "generate_a"), || Ok(a_native))?;
  31. //! let b = FqVar::new_witness(ark_relations::ns!(cs, "generate_b"), || Ok(b_native))?;
  32. //!
  33. //! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
  34. //! // constraints or variables.
  35. //! let a_const = FqVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
  36. //! let b_const = FqVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
  37. //!
  38. //! let one = FqVar::one();
  39. //! let zero = FqVar::zero();
  40. //!
  41. //! // Sanity check one + one = two
  42. //! let two = &one + &one + &zero;
  43. //! two.enforce_equal(&one.double()?)?;
  44. //!
  45. //! assert!(cs.is_satisfied()?);
  46. //!
  47. //! // Check that the value of &a + &b is correct.
  48. //! assert_eq!((&a + &b).value()?, a_native + &b_native);
  49. //!
  50. //! // Check that the value of &a * &b is correct.
  51. //! assert_eq!((&a * &b).value()?, a_native * &b_native);
  52. //!
  53. //! // Check that operations on variables and constants are equivalent.
  54. //! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
  55. //! assert!(cs.is_satisfied()?);
  56. //! # Ok(())
  57. //! # }
  58. //! ```
  59. //!
  60. //! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
  61. //!
  62. //! ```
  63. //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
  64. //! # use ark_std::UniformRand;
  65. //! # use ark_relations::r1cs::*;
  66. //! # use ark_r1cs_std::prelude::*;
  67. //! # use ark_bls12_377::{*, constraints::*};
  68. //!
  69. //! # let cs = ConstraintSystem::<Fq>::new_ref();
  70. //! # let mut rng = ark_std::test_rng();
  71. //!
  72. //! // Generate some random `G1` elements.
  73. //! let a_native = G1Projective::rand(&mut rng);
  74. //! let b_native = G1Projective::rand(&mut rng);
  75. //!
  76. //! // Allocate `a_native` and `b_native` as witness variables in `cs`.
  77. //! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
  78. //! let b = G1Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
  79. //!
  80. //! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
  81. //! // constraints or variables.
  82. //! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
  83. //! let b_const = G1Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
  84. //!
  85. //! // This returns the identity of `G1`.
  86. //! let zero = G1Var::zero();
  87. //!
  88. //! // Sanity check one + one = two
  89. //! let two_a = &a + &a + &zero;
  90. //! two_a.enforce_equal(&a.double()?)?;
  91. //!
  92. //! assert!(cs.is_satisfied()?);
  93. //!
  94. //! // Check that the value of &a + &b is correct.
  95. //! assert_eq!((&a + &b).value()?, a_native + &b_native);
  96. //!
  97. //! // Check that operations on variables and constants are equivalent.
  98. //! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
  99. //! assert!(cs.is_satisfied()?);
  100. //! # Ok(())
  101. //! # }
  102. //! ```
  103. //!
  104. //! Finally, one can check pairing computations as well:
  105. //!
  106. //! ```
  107. //! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
  108. //! # use ark_std::UniformRand;
  109. //! # use ark_ec::PairingEngine;
  110. //! # use ark_relations::r1cs::*;
  111. //! # use ark_r1cs_std::prelude::*;
  112. //! # use ark_bls12_377::{*, constraints::*};
  113. //!
  114. //! # let cs = ConstraintSystem::<Fq>::new_ref();
  115. //! # let mut rng = ark_std::test_rng();
  116. //!
  117. //! // Generate random `G1` and `G2` elements.
  118. //! let a_native = G1Projective::rand(&mut rng);
  119. //! let b_native = G2Projective::rand(&mut rng);
  120. //!
  121. //! // Allocate `a_native` and `b_native` as witness variables in `cs`.
  122. //! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
  123. //! let b = G2Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
  124. //!
  125. //! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
  126. //! // constraints or variables.
  127. //! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
  128. //! let b_const = G2Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
  129. //!
  130. //! let pairing_result_native = Bls12_377::pairing(a_native, b_native);
  131. //!
  132. //! // Prepare `a` and `b` for pairing.
  133. //! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
  134. //! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
  135. //! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
  136. //!
  137. //! // Check that the value of &a + &b is correct.
  138. //! assert_eq!(pairing_result.value()?, pairing_result_native);
  139. //!
  140. //! // Check that operations on variables and constants are equivalent.
  141. //! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
  142. //! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
  143. //! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
  144. //! println!("Done here 3");
  145. //!
  146. //! pairing_result.enforce_equal(&pairing_result_const)?;
  147. //! assert!(cs.is_satisfied()?);
  148. //! # Ok(())
  149. //! # }
  150. //! ```
  151. mod fields;
  152. pub use fields::*;
  153. #[cfg(feature = "curve")]
  154. mod curves;
  155. #[cfg(feature = "curve")]
  156. mod pairing;
  157. #[cfg(feature = "curve")]
  158. pub use curves::*;
  159. #[cfg(feature = "curve")]
  160. pub use pairing::*;