mirror of
https://github.com/arnaucube/sonobe.git
synced 2026-01-28 06:53:48 +01:00
Compute Decider's CM challenges in Groth16 circuit, link G16 & KZG proofs in Onchain Decider, refactor CommitmentScheme trait (#79)
* Compute Decider's CM challenges in Groth16 circuit, link G16 & KZG proofs in Onchain Decider, refactor CommitmentScheme trait - Refactor commitment package - Refactor `Commitment` trait and the kzg, ipa, pedersen impls - Add methods to prove & verify given challenges (not computing them in-method) - Add KZG challenges computation in decider_eth_circuit - Add cmE & cmW KZG proving & verification in DeciderEth - Link Decider's Groth16 proof & KZG proofs data - Fix point to bytes arkworks inconsistency - Patch ark_curves to use a cherry-picked version with bn254::constraints & grumpkin for v0.4.0 (once arkworks v0.5.0 is released this will no longer be needed) * DeciderEthCircuit: Add check eval=p(c) for E & W The check is temporary disabled due https://github.com/privacy-scaling-explorations/folding-schemes/issues/80, but the public inputs and logic are there, to be able to continue the other parts development while issue #80 is solved.
This commit is contained in:
arnaucube
@@ -21,6 +21,7 @@ pub mod utils;
|
||||
|
||||
#[derive(Debug, Error)]
|
||||
pub enum Error {
|
||||
// Wrappers on top of other errors
|
||||
#[error("ark_relations::r1cs::SynthesisError")]
|
||||
SynthesisError(#[from] ark_relations::r1cs::SynthesisError),
|
||||
#[error("ark_serialize::SerializationError")]
|
||||
@@ -29,27 +30,16 @@ pub enum Error {
|
||||
PolyCommitError(#[from] ark_poly_commit::Error),
|
||||
#[error("crate::utils::espresso::virtual_polynomial::ArithErrors")]
|
||||
ArithError(#[from] utils::espresso::virtual_polynomial::ArithErrors),
|
||||
#[error(transparent)]
|
||||
ProtoGalaxy(folding::protogalaxy::ProtoGalaxyError),
|
||||
#[error("{0}")]
|
||||
Other(String),
|
||||
|
||||
// Relation errors
|
||||
#[error("Relation not satisfied")]
|
||||
NotSatisfied,
|
||||
#[error("Not equal")]
|
||||
NotEqual,
|
||||
#[error("Vectors should have the same length ({0}: {1}, {2}: {3})")]
|
||||
NotSameLength(String, usize, String, usize),
|
||||
#[error("Vector's length ({0}) is not the expected ({1})")]
|
||||
NotExpectedLength(usize, usize),
|
||||
#[error("Vector ({0}) length ({1}) is not a power of two")]
|
||||
NotPowerOfTwo(String, usize),
|
||||
#[error("Can not be empty")]
|
||||
Empty,
|
||||
#[error("Pedersen parameters length is not sufficient (generators.len={0} < vector.len={1} unsatisfied)")]
|
||||
PedersenParamsLen(usize, usize),
|
||||
#[error("Randomness for blinding not found")]
|
||||
MissingRandomness,
|
||||
#[error("Commitment verification failed")]
|
||||
CommitmentVerificationFail,
|
||||
#[error("SNARK verification failed")]
|
||||
SNARKVerificationFail,
|
||||
#[error("IVC verification failed")]
|
||||
IVCVerificationFail,
|
||||
#[error("R1CS instance is expected to not be relaxed")]
|
||||
@@ -60,17 +50,42 @@ pub enum Error {
|
||||
SumCheckProveError(String),
|
||||
#[error("Sum-check verify failed: {0}")]
|
||||
SumCheckVerifyError(String),
|
||||
|
||||
// Comparators errors
|
||||
#[error("Not equal")]
|
||||
NotEqual,
|
||||
#[error("Vectors should have the same length ({0}: {1}, {2}: {3})")]
|
||||
NotSameLength(String, usize, String, usize),
|
||||
#[error("Vector's length ({0}) is not the expected ({1})")]
|
||||
NotExpectedLength(usize, usize),
|
||||
#[error("Vector ({0}) length ({1}) is not a power of two")]
|
||||
NotPowerOfTwo(String, usize),
|
||||
#[error("Can not be empty")]
|
||||
Empty,
|
||||
#[error("Value out of bounds")]
|
||||
OutOfBounds,
|
||||
#[error("Could not construct the Evaluation Domain")]
|
||||
NewDomainFail,
|
||||
|
||||
// Commitment errors
|
||||
#[error("Pedersen parameters length is not sufficient (generators.len={0} < vector.len={1} unsatisfied)")]
|
||||
PedersenParamsLen(usize, usize),
|
||||
#[error("Blinding factor not 0 for Commitment without hiding")]
|
||||
BlindingNotZero,
|
||||
#[error("Commitment verification failed")]
|
||||
CommitmentVerificationFail,
|
||||
|
||||
// Other
|
||||
#[error("Randomness for blinding not found")]
|
||||
MissingRandomness,
|
||||
#[error("Missing value: {0}")]
|
||||
MissingValue(String),
|
||||
#[error("Feature '{0}' not supported yet")]
|
||||
NotSupportedYet(String),
|
||||
#[error("Feature '{0}' is not supported and it will not be")]
|
||||
NotSupported(String),
|
||||
#[error("max i-th step reached (usize limit reached)")]
|
||||
MaxStep,
|
||||
|
||||
#[error(transparent)]
|
||||
ProtoGalaxy(folding::protogalaxy::ProtoGalaxyError),
|
||||
}
|
||||
|
||||
/// FoldingScheme defines trait that is implemented by the diverse folding schemes. It is defined
|
||||
@@ -138,24 +153,25 @@ pub trait Decider<
|
||||
C2::BaseField: PrimeField,
|
||||
{
|
||||
type ProverParam: Clone;
|
||||
type Proof: Clone;
|
||||
type Proof;
|
||||
type VerifierParam;
|
||||
type PublicInput: Debug;
|
||||
type CommittedInstanceWithWitness: Debug;
|
||||
type CommittedInstance: Clone + Debug;
|
||||
|
||||
fn prove(
|
||||
pp: &Self::ProverParam,
|
||||
pp: Self::ProverParam,
|
||||
rng: impl RngCore + CryptoRng,
|
||||
folding_scheme: FS,
|
||||
) -> Result<Self::Proof, Error>;
|
||||
|
||||
fn verify(
|
||||
vp: &Self::VerifierParam,
|
||||
vp: Self::VerifierParam,
|
||||
i: C1::ScalarField,
|
||||
z_0: Vec<C1::ScalarField>,
|
||||
z_i: Vec<C1::ScalarField>,
|
||||
running_instance: &Self::CommittedInstance,
|
||||
incoming_instance: &Self::CommittedInstance,
|
||||
proof: Self::Proof,
|
||||
// returns `Result<bool, Error>` to differentiate between an error occurred while performing
|
||||
// the verification steps, and the verification logic of the scheme not passing.
|
||||
|
||||
Reference in New Issue
Block a user