Implement conditional_check_verify for NIZKs (#195)

* Implement `ToBitsGadget` for `UInt8` and `Vec<UInt8>` * Add `kary_or` function to `Boolean`.
2026-01-10 16:01:28 +01:00 · 2020-04-22 21:30:33 +01:00
parent 5cc094be6b
commit bbb7d75ec8
7 changed files with 97 additions and 5 deletions
--- a/crypto-primitives/src/nizk/constraints.rs
+++ b/crypto-primitives/src/nizk/constraints.rs
@@ -20,4 +20,16 @@ pub trait NIZKVerifierGadget<N: NIZK, ConstraintF: Field> {
        CS: ConstraintSystem<ConstraintF>,
        I: Iterator<Item = &'a T>,
        T: 'a + ToBitsGadget<ConstraintF> + ?Sized;
+
+    fn conditional_check_verify<'a, CS, I, T>(
+        cs: CS,
+        verification_key: &Self::VerificationKeyGadget,
+        input: I,
+        proof: &Self::ProofGadget,
+        condition: &Boolean,
+    ) -> Result<(), SynthesisError>
+    where
+        CS: ConstraintSystem<ConstraintF>,
+        I: Iterator<Item = &'a T>,
+        T: 'a + ToBitsGadget<ConstraintF> + ?Sized;
 }
--- a/crypto-primitives/src/nizk/gm17/constraints.rs
+++ b/crypto-primitives/src/nizk/gm17/constraints.rs
@@ -109,10 +109,31 @@ where
    type ProofGadget = ProofGadget<PairingE, ConstraintF, P>;

    fn check_verify<'a, CS, I, T>(
+        cs: CS,
+        vk: &Self::VerificationKeyGadget,
+        public_inputs: I,
+        proof: &Self::ProofGadget,
+    ) -> Result<(), SynthesisError>
+    where
+        CS: ConstraintSystem<ConstraintF>,
+        I: Iterator<Item = &'a T>,
+        T: 'a + ToBitsGadget<ConstraintF> + ?Sized,
+    {
+        <Self as NIZKVerifierGadget<Gm17<PairingE, C, V>, ConstraintF>>::conditional_check_verify(
+            cs,
+            vk,
+            public_inputs,
+            proof,
+            &Boolean::constant(true),
+        )
+    }
+
+    fn conditional_check_verify<'a, CS, I, T>(
        mut cs: CS,
        vk: &Self::VerificationKeyGadget,
        mut public_inputs: I,
        proof: &Self::ProofGadget,
+        condition: &Boolean,
    ) -> Result<(), SynthesisError>
    where
        CS: ConstraintSystem<ConstraintF>,
@@ -189,8 +210,8 @@ where
        let test2 = P::final_exponentiation(cs.ns(|| "Final Exp 2"), &test2_exp)?;

        let one = P::GTGadget::one(cs.ns(|| "GT One"))?;
-        test1.enforce_equal(cs.ns(|| "Test 1"), &one)?;
-        test2.enforce_equal(cs.ns(|| "Test 2"), &one)?;
+        test1.conditional_enforce_equal(cs.ns(|| "Test 1"), &one, condition)?;
+        test2.conditional_enforce_equal(cs.ns(|| "Test 2"), &one, condition)?;
        Ok(())
    }
 }
--- a/crypto-primitives/src/nizk/gm17/mod.rs
+++ b/crypto-primitives/src/nizk/gm17/mod.rs
@@ -35,10 +35,10 @@ impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::
 {
    type Circuit = C;
    type AssignedCircuit = C;
+    type VerifierInput = V;
    type ProvingParameters = Parameters<E>;
    type VerificationParameters = VerifyingKey<E>;
    type PreparedVerificationParameters = PreparedVerifyingKey<E>;
-    type VerifierInput = V;
    type Proof = Proof<E>;

    fn setup<R: Rng>(
--- a/crypto-primitives/src/nizk/groth16/constraints.rs
+++ b/crypto-primitives/src/nizk/groth16/constraints.rs
@@ -110,10 +110,31 @@ where
    type ProofGadget = ProofGadget<PairingE, ConstraintF, P>;

    fn check_verify<'a, CS, I, T>(
+        cs: CS,
+        vk: &Self::VerificationKeyGadget,
+        public_inputs: I,
+        proof: &Self::ProofGadget,
+    ) -> Result<(), SynthesisError>
+    where
+        CS: ConstraintSystem<ConstraintF>,
+        I: Iterator<Item = &'a T>,
+        T: 'a + ToBitsGadget<ConstraintF> + ?Sized,
+    {
+        <Self as NIZKVerifierGadget<Groth16<PairingE, C, V>, ConstraintF>>::conditional_check_verify(
+            cs,
+            vk,
+            public_inputs,
+            proof,
+            &Boolean::constant(true),
+        )
+    }
+
+    fn conditional_check_verify<'a, CS, I, T>(
        mut cs: CS,
        vk: &Self::VerificationKeyGadget,
        mut public_inputs: I,
        proof: &Self::ProofGadget,
+        condition: &Boolean,
    ) -> Result<(), SynthesisError>
    where
        CS: ConstraintSystem<ConstraintF>,
@@ -161,7 +182,7 @@ where

        let test = P::final_exponentiation(cs.ns(|| "Final Exp"), &test_exp).unwrap();

-        test.enforce_equal(cs.ns(|| "Test 1"), &pvk.alpha_g1_beta_g2)?;
+        test.conditional_enforce_equal(cs.ns(|| "Test 1"), &pvk.alpha_g1_beta_g2, condition)?;
        Ok(())
    }
 }
--- a/crypto-primitives/src/nizk/groth16/mod.rs
+++ b/crypto-primitives/src/nizk/groth16/mod.rs
@@ -35,10 +35,10 @@ impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::
 {
    type Circuit = C;
    type AssignedCircuit = C;
+    type VerifierInput = V;
    type ProvingParameters = Parameters<E>;
    type VerificationParameters = VerifyingKey<E>;
    type PreparedVerificationParameters = PreparedVerifyingKey<E>;
-    type VerifierInput = V;
    type Proof = Proof<E>;

    fn setup<R: Rng>(