arnaucube
/
testudo
mirror of https://github.com/arnaucube/testudo.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

support for stable Rust (#51) 

* support for stable Rust

* add no default to stable

* add no default to stable

* update CI
master
Srinath Setty 2 years ago
committed by maramihali
parent
e1383ff248
commit
4f56acf724
11 changed files with 154 additions and 153 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      .github/workflows/rust.yml
  2. +1
    -1
      Cargo.toml
  3. +1
    -1
      src/dense_mlpoly.rs
  4. +0
    -2
      src/lib.rs
  5. +11
    -0
      src/math.rs
  6. +43
    -13
      src/nizk/bullet.rs
  7. +62
    -84
      src/nizk/mod.rs
  8. +6
    -5
      src/product_tree.rs
  9. +8
    -8
      src/r1csinstance.rs
  10. +8
    -25
      src/r1csproof.rs
  11. +13
    -13
      src/sparse_mlpoly.rs

+ 1
- 1
.github/workflows/rust.yml
View File

@ -7,7 +7,7 @@ on:
branches: [ master ] branches: [ master ]
jobs: jobs:
build:
build_nightly:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2

+ 1
- 1
Cargo.toml
View File

@ -2,7 +2,7 @@
name = "spartan" name = "spartan"
version = "0.6.0" version = "0.6.0"
authors = ["Srinath Setty <srinath@microsoft.com>"] authors = ["Srinath Setty <srinath@microsoft.com>"]
edition = "2018"
edition = "2021"
description = "High-speed zkSNARKs without trusted setup" description = "High-speed zkSNARKs without trusted setup"
documentation = "https://docs.rs/spartan/" documentation = "https://docs.rs/spartan/"
readme = "README.md" readme = "README.md"

+ 1
- 1
src/dense_mlpoly.rs
View File

@ -121,7 +121,7 @@ impl IdentityPolynomial {
impl DensePolynomial { impl DensePolynomial {
pub fn new(Z: Vec<Scalar>) -> Self { pub fn new(Z: Vec<Scalar>) -> Self {
DensePolynomial { DensePolynomial {
num_vars: Z.len().log2() as usize,
num_vars: Z.len().log_2() as usize,
len: Z.len(), len: Z.len(),
Z, Z,
} }

+ 0
- 2
src/lib.rs
View File

@ -1,6 +1,4 @@
#![allow(non_snake_case)] #![allow(non_snake_case)]
#![feature(test)]
#![feature(int_log)]
#![doc = include_str!("../README.md")] #![doc = include_str!("../README.md")]
#![deny(missing_docs)] #![deny(missing_docs)]
#![allow(clippy::assertions_on_result_states)] #![allow(clippy::assertions_on_result_states)]

+ 11
- 0
src/math.rs
View File

@ -2,6 +2,7 @@ pub trait Math {
fn square_root(self) -> usize; fn square_root(self) -> usize;
fn pow2(self) -> usize; fn pow2(self) -> usize;
fn get_bits(self, num_bits: usize) -> Vec<bool>; fn get_bits(self, num_bits: usize) -> Vec<bool>;
fn log_2(self) -> usize;
} }
impl Math for usize { impl Math for usize {
@ -22,4 +23,14 @@ impl Math for usize {
.map(|shift_amount| ((self & (1 << (num_bits - shift_amount - 1))) > 0)) .map(|shift_amount| ((self & (1 << (num_bits - shift_amount - 1))) > 0))
.collect::<Vec<bool>>() .collect::<Vec<bool>>()
} }
fn log_2(self) -> usize {
assert_ne!(self, 0);
if self.is_power_of_two() {
(1usize.leading_zeros() - self.leading_zeros()) as usize
} else {
(0usize.leading_zeros() - self.leading_zeros()) as usize
}
}
} }

+ 43
- 13
src/nizk/bullet.rs
View File

@ -4,15 +4,19 @@
#![allow(clippy::type_complexity)] #![allow(clippy::type_complexity)]
#![allow(clippy::too_many_arguments)] #![allow(clippy::too_many_arguments)]
use super::super::errors::ProofVerifyError; use super::super::errors::ProofVerifyError;
use super::super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul, CompressGroupElement, DecompressGroupElement};
use super::super::group::{
CompressGroupElement, CompressedGroup, DecompressGroupElement, GroupElement,
VartimeMultiscalarMul,
};
use super::super::math::Math;
use super::super::scalar::Scalar; use super::super::scalar::Scalar;
use super::super::transcript::ProofTranscript; use super::super::transcript::ProofTranscript;
use ark_ff::{fields, Field};
use ark_serialize::*;
use ark_std::{One, Zero};
use core::iter; use core::iter;
use std::ops::MulAssign;
use merlin::Transcript; use merlin::Transcript;
use ark_serialize::*;
use ark_ff::{Field, fields};
use ark_std::{One, Zero};
use std::ops::MulAssign;
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)] #[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
pub struct BulletReductionProof { pub struct BulletReductionProof {
@ -58,7 +62,7 @@ impl BulletReductionProof {
// All of the input vectors must have a length that is a power of two. // All of the input vectors must have a length that is a power of two.
let mut n = G.len(); let mut n = G.len();
assert!(n.is_power_of_two()); assert!(n.is_power_of_two());
let lg_n = n.log2() as usize;
let lg_n = n.log_2() as usize;
// All of the input vectors must have the same length. // All of the input vectors must have the same length.
assert_eq!(G.len(), n); assert_eq!(G.len(), n);
@ -86,16 +90,34 @@ impl BulletReductionProof {
a_L a_L
.iter() .iter()
.chain(iter::once(&c_L)) .chain(iter::once(&c_L))
.chain(iter::once(blind_L)).map(|s| *s).collect::<Vec<Scalar>>().as_slice(),
G_R.iter().chain(iter::once(Q)).chain(iter::once(H)).map(|p| *p).collect::<Vec<GroupElement>>().as_slice(),
.chain(iter::once(blind_L))
.map(|s| *s)
.collect::<Vec<Scalar>>()
.as_slice(),
G_R
.iter()
.chain(iter::once(Q))
.chain(iter::once(H))
.map(|p| *p)
.collect::<Vec<GroupElement>>()
.as_slice(),
); );
let R = GroupElement::vartime_multiscalar_mul( let R = GroupElement::vartime_multiscalar_mul(
a_R a_R
.iter() .iter()
.chain(iter::once(&c_R)) .chain(iter::once(&c_R))
.chain(iter::once(blind_R)).map(|s| *s).collect::<Vec<Scalar>>().as_slice(),
G_L.iter().chain(iter::once(Q)).chain(iter::once(H)).map(|p| *p).collect::<Vec<GroupElement>>().as_slice(),
.chain(iter::once(blind_R))
.map(|s| *s)
.collect::<Vec<Scalar>>()
.as_slice(),
G_L
.iter()
.chain(iter::once(Q))
.chain(iter::once(H))
.map(|p| *p)
.collect::<Vec<GroupElement>>()
.as_slice(),
); );
transcript.append_point(b"L", &L.compress()); transcript.append_point(b"L", &L.compress());
@ -161,7 +183,7 @@ impl BulletReductionProof {
// 2. Compute 1/(u_k...u_1) and 1/u_k, ..., 1/u_1 // 2. Compute 1/(u_k...u_1) and 1/u_k, ..., 1/u_1
let mut challenges_inv: Vec<Scalar> = challenges.clone(); let mut challenges_inv: Vec<Scalar> = challenges.clone();
ark_ff::fields::batch_inversion(&mut challenges_inv); ark_ff::fields::batch_inversion(&mut challenges_inv);
let mut allinv: Scalar = Scalar::one(); let mut allinv: Scalar = Scalar::one();
for c in challenges.iter().filter(|s| !s.is_zero()) { for c in challenges.iter().filter(|s| !s.is_zero()) {
@ -225,8 +247,16 @@ impl BulletReductionProof {
u_sq u_sq
.iter() .iter()
.chain(u_inv_sq.iter()) .chain(u_inv_sq.iter())
.chain(iter::once(&Scalar::one())).map(|s| *s).collect::<Vec<Scalar>>().as_slice(),
Ls.iter().chain(Rs.iter()).chain(iter::once(Gamma)).map(|p| *p).collect::<Vec<GroupElement>>().as_slice(),
.chain(iter::once(&Scalar::one()))
.map(|s| *s)
.collect::<Vec<Scalar>>()
.as_slice(),
Ls.iter()
.chain(Rs.iter())
.chain(iter::once(Gamma))
.map(|p| *p)
.collect::<Vec<GroupElement>>()
.as_slice(),
); );
Ok((G_hat, Gamma_hat, a_hat)) Ok((G_hat, Gamma_hat, a_hat))

+ 62
- 84
src/nizk/mod.rs
View File

@ -2,15 +2,18 @@
use super::commitments::{Commitments, MultiCommitGens}; use super::commitments::{Commitments, MultiCommitGens};
use super::errors::ProofVerifyError; use super::errors::ProofVerifyError;
use super::group::{ use super::group::{
CompressedGroup, CompressGroupElement, UnpackGroupElement, GroupElement, DecompressGroupElement, GroupElementAffine};
CompressGroupElement, CompressedGroup, DecompressGroupElement, GroupElement, GroupElementAffine,
UnpackGroupElement,
};
use super::math::Math;
use super::random::RandomTape; use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::transcript::{AppendToTranscript, ProofTranscript}; use super::transcript::{AppendToTranscript, ProofTranscript};
use ark_ec::group::Group; use ark_ec::group::Group;
use merlin::Transcript;
use ark_serialize::*;
use ark_ec::ProjectiveCurve; use ark_ec::ProjectiveCurve;
use ark_ff::PrimeField; use ark_ff::PrimeField;
use ark_serialize::*;
use merlin::Transcript;
mod bullet; mod bullet;
use bullet::BulletReductionProof; use bullet::BulletReductionProof;
@ -49,7 +52,7 @@ impl KnowledgeProof {
let c = transcript.challenge_scalar(b"c"); let c = transcript.challenge_scalar(b"c");
let z1 = c * x + t1; let z1 = c * x + t1;
let z2 = c * r + t2;
let z2 = c * r + t2;
(KnowledgeProof { alpha, z1, z2 }, C) (KnowledgeProof { alpha, z1, z2 }, C)
} }
@ -58,8 +61,7 @@ impl KnowledgeProof {
&self, &self,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
C: &
CompressedGroup,
C: &CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
transcript.append_protocol_name(KnowledgeProof::protocol_name()); transcript.append_protocol_name(KnowledgeProof::protocol_name());
C.append_to_transcript(b"C", transcript); C.append_to_transcript(b"C", transcript);
@ -68,7 +70,7 @@ impl KnowledgeProof {
let c = transcript.challenge_scalar(b"c"); let c = transcript.challenge_scalar(b"c");
let lhs = self.z1.commit(&self.z2, gens_n).compress(); let lhs = self.z1.commit(&self.z2, gens_n).compress();
let rhs = ( C.unpack()?.mul(c.into_repr()) + self.alpha.unpack()?).compress();
let rhs = (C.unpack()?.mul(c.into_repr()) + self.alpha.unpack()?).compress();
if lhs == rhs { if lhs == rhs {
Ok(()) Ok(())
@ -80,8 +82,7 @@ impl KnowledgeProof {
#[derive(CanonicalSerialize, CanonicalDeserialize, Debug)] #[derive(CanonicalSerialize, CanonicalDeserialize, Debug)]
pub struct EqualityProof { pub struct EqualityProof {
alpha:
CompressedGroup,
alpha: CompressedGroup,
z: Scalar, z: Scalar,
} }
@ -98,9 +99,7 @@ impl EqualityProof {
s1: &Scalar, s1: &Scalar,
v2: &Scalar, v2: &Scalar,
s2: &Scalar, s2: &Scalar,
) -> (EqualityProof,
CompressedGroup,
CompressedGroup) {
) -> (EqualityProof, CompressedGroup, CompressedGroup) {
transcript.append_protocol_name(EqualityProof::protocol_name()); transcript.append_protocol_name(EqualityProof::protocol_name());
// produce a random Scalar // produce a random Scalar
@ -126,10 +125,8 @@ impl EqualityProof {
&self, &self,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
C1: &
CompressedGroup,
C2: &
CompressedGroup,
C1: &CompressedGroup,
C2: &CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
transcript.append_protocol_name(EqualityProof::protocol_name()); transcript.append_protocol_name(EqualityProof::protocol_name());
C1.append_to_transcript(b"C1", transcript); C1.append_to_transcript(b"C1", transcript);
@ -155,12 +152,9 @@ impl EqualityProof {
#[derive(CanonicalSerialize, CanonicalDeserialize, Debug)] #[derive(CanonicalSerialize, CanonicalDeserialize, Debug)]
pub struct ProductProof { pub struct ProductProof {
alpha:
CompressedGroup,
beta:
CompressedGroup,
delta:
CompressedGroup,
alpha: CompressedGroup,
beta: CompressedGroup,
delta: CompressedGroup,
z: Vec<Scalar>, z: Vec<Scalar>,
} }
@ -181,11 +175,8 @@ impl ProductProof {
rZ: &Scalar, rZ: &Scalar,
) -> ( ) -> (
ProductProof, ProductProof,
CompressedGroup, CompressedGroup,
CompressedGroup, CompressedGroup,
CompressedGroup, CompressedGroup,
) { ) {
transcript.append_protocol_name(ProductProof::protocol_name()); transcript.append_protocol_name(ProductProof::protocol_name());
@ -197,16 +188,14 @@ impl ProductProof {
let b4 = random_tape.random_scalar(b"b4"); let b4 = random_tape.random_scalar(b"b4");
let b5 = random_tape.random_scalar(b"b5"); let b5 = random_tape.random_scalar(b"b5");
let X_unc = x.commit(rX, gens_n);
let X_unc = x.commit(rX, gens_n);
let X = X_unc.compress(); let X = X_unc.compress();
X.append_to_transcript(b"X", transcript); X.append_to_transcript(b"X", transcript);
let X_new = GroupElement::decompress(&X); let X_new = GroupElement::decompress(&X);
assert_eq!(X_unc, X_new.unwrap()); assert_eq!(X_unc, X_new.unwrap());
let Y = y.commit(rY, gens_n).compress(); let Y = y.commit(rY, gens_n).compress();
Y.append_to_transcript(b"Y", transcript); Y.append_to_transcript(b"Y", transcript);
@ -253,17 +242,17 @@ impl ProductProof {
} }
fn check_equality( fn check_equality(
P: &
CompressedGroup,
X: &
CompressedGroup,
P: &CompressedGroup,
X: &CompressedGroup,
c: &Scalar, c: &Scalar,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
z1: &Scalar, z1: &Scalar,
z2: &Scalar, z2: &Scalar,
) -> bool { ) -> bool {
println!("{:?}", X); println!("{:?}", X);
let lhs = (GroupElement::decompress(P).unwrap() + GroupElement::decompress(X).unwrap().mul(c.into_repr())).compress();
let lhs = (GroupElement::decompress(P).unwrap()
+ GroupElement::decompress(X).unwrap().mul(c.into_repr()))
.compress();
let rhs = z1.commit(z2, gens_n).compress(); let rhs = z1.commit(z2, gens_n).compress();
lhs == rhs lhs == rhs
@ -273,12 +262,9 @@ impl ProductProof {
&self, &self,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
X: &
CompressedGroup,
Y: &
CompressedGroup,
Z: &
CompressedGroup,
X: &CompressedGroup,
Y: &CompressedGroup,
Z: &CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
transcript.append_protocol_name(ProductProof::protocol_name()); transcript.append_protocol_name(ProductProof::protocol_name());
@ -321,10 +307,8 @@ impl ProductProof {
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)] #[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
pub struct DotProductProof { pub struct DotProductProof {
delta:
CompressedGroup,
beta:
CompressedGroup,
delta: CompressedGroup,
beta: CompressedGroup,
z: Vec<Scalar>, z: Vec<Scalar>,
z_delta: Scalar, z_delta: Scalar,
z_beta: Scalar, z_beta: Scalar,
@ -350,9 +334,7 @@ impl DotProductProof {
a_vec: &[Scalar], a_vec: &[Scalar],
y: &Scalar, y: &Scalar,
blind_y: &Scalar, blind_y: &Scalar,
) -> (DotProductProof,
CompressedGroup,
CompressedGroup) {
) -> (DotProductProof, CompressedGroup, CompressedGroup) {
transcript.append_protocol_name(DotProductProof::protocol_name()); transcript.append_protocol_name(DotProductProof::protocol_name());
let n = x_vec.len(); let n = x_vec.len();
@ -409,10 +391,8 @@ impl DotProductProof {
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
a: &[Scalar], a: &[Scalar],
Cx: &
CompressedGroup,
Cy: &
CompressedGroup,
Cx: &CompressedGroup,
Cy: &CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
assert_eq!(gens_n.n, a.len()); assert_eq!(gens_n.n, a.len());
assert_eq!(gens_1.n, 1); assert_eq!(gens_1.n, 1);
@ -426,11 +406,12 @@ impl DotProductProof {
let c = transcript.challenge_scalar(b"c"); let c = transcript.challenge_scalar(b"c");
let mut result =
Cx.unpack()?.mul(c.into_repr()) + self.delta.unpack()? == self.z.commit(&self.z_delta, gens_n);
let mut result = Cx.unpack()?.mul(c.into_repr()) + self.delta.unpack()?
== self.z.commit(&self.z_delta, gens_n);
let dotproduct_z_a = DotProductProof::compute_dotproduct(&self.z, a); let dotproduct_z_a = DotProductProof::compute_dotproduct(&self.z, a);
result &= Cy.unpack()?.mul(c.into_repr()) + self.beta.unpack()? == dotproduct_z_a.commit(&self.z_beta, gens_1);
result &= Cy.unpack()?.mul(c.into_repr()) + self.beta.unpack()?
== dotproduct_z_a.commit(&self.z_beta, gens_1);
if result { if result {
Ok(()) Ok(())
} else { } else {
@ -455,10 +436,8 @@ impl DotProductProofGens {
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)] #[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
pub struct DotProductProofLog { pub struct DotProductProofLog {
bullet_reduction_proof: BulletReductionProof, bullet_reduction_proof: BulletReductionProof,
delta:
CompressedGroup,
beta:
CompressedGroup,
delta: CompressedGroup,
beta: CompressedGroup,
z1: Scalar, z1: Scalar,
z2: Scalar, z2: Scalar,
} }
@ -482,9 +461,7 @@ impl DotProductProofLog {
a_vec: &[Scalar], a_vec: &[Scalar],
y: &Scalar, y: &Scalar,
blind_y: &Scalar, blind_y: &Scalar,
) -> (DotProductProofLog,
CompressedGroup,
CompressedGroup) {
) -> (DotProductProofLog, CompressedGroup, CompressedGroup) {
transcript.append_protocol_name(DotProductProofLog::protocol_name()); transcript.append_protocol_name(DotProductProofLog::protocol_name());
let n = x_vec.len(); let n = x_vec.len();
@ -496,8 +473,8 @@ impl DotProductProofLog {
let r_delta = random_tape.random_scalar(b"r_delta"); let r_delta = random_tape.random_scalar(b"r_delta");
let r_beta = random_tape.random_scalar(b"r_delta"); let r_beta = random_tape.random_scalar(b"r_delta");
let blinds_vec = { let blinds_vec = {
let v1 = random_tape.random_vector(b"blinds_vec_1", 2 * n.log2() as usize);
let v2 = random_tape.random_vector(b"blinds_vec_2", 2 * n.log2() as usize);
let v1 = random_tape.random_vector(b"blinds_vec_1", 2 * n.log_2());
let v2 = random_tape.random_vector(b"blinds_vec_2", 2 * n.log_2());
(0..v1.len()) (0..v1.len())
.map(|i| (v1[i], v2[i])) .map(|i| (v1[i], v2[i]))
.collect::<Vec<(Scalar, Scalar)>>() .collect::<Vec<(Scalar, Scalar)>>()
@ -562,10 +539,8 @@ impl DotProductProofLog {
gens: &DotProductProofGens, gens: &DotProductProofGens,
transcript: &mut Transcript, transcript: &mut Transcript,
a: &[Scalar], a: &[Scalar],
Cx: &
CompressedGroup,
Cy: &
CompressedGroup,
Cx: &CompressedGroup,
Cy: &CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
assert_eq!(gens.n, n); assert_eq!(gens.n, n);
assert_eq!(a.len(), n); assert_eq!(a.len(), n);
@ -593,8 +568,11 @@ impl DotProductProofLog {
let z1_s = &self.z1; let z1_s = &self.z1;
let z2_s = &self.z2; let z2_s = &self.z2;
let lhs = ((Gamma_hat.mul(c_s.into_repr()) + beta_s).mul(a_hat_s.into_repr()) + delta_s).compress();
let rhs = ((g_hat + gens.gens_1.G[0].mul(a_hat_s.into_repr())).mul(z1_s.into_repr()) + gens.gens_1.h.mul(z2_s.into_repr())).compress();
let lhs =
((Gamma_hat.mul(c_s.into_repr()) + beta_s).mul(a_hat_s.into_repr()) + delta_s).compress();
let rhs = ((g_hat + gens.gens_1.G[0].mul(a_hat_s.into_repr())).mul(z1_s.into_repr())
+ gens.gens_1.h.mul(z2_s.into_repr()))
.compress();
assert_eq!(lhs, rhs); assert_eq!(lhs, rhs);
@ -610,15 +588,15 @@ impl DotProductProofLog {
mod tests { mod tests {
use std::marker::PhantomData; use std::marker::PhantomData;
use crate::group::VartimeMultiscalarMul;
use crate::group::VartimeMultiscalarMul;
use super::*;
use ark_bls12_377::{G1Affine, Fq, FqParameters};
use ark_ff::{Fp384, BigInteger384};
use ark_std::{UniformRand};
use super::*;
use ark_bls12_377::{Fq, FqParameters, G1Affine};
use ark_ff::{BigInteger384, Fp384};
use ark_std::UniformRand;
#[test] #[test]
fn check_knowledgeproof() { fn check_knowledgeproof() {
let mut rng = ark_std::rand::thread_rng();
let mut rng = ark_std::rand::thread_rng();
let gens_1 = MultiCommitGens::new(1, b"test-knowledgeproof"); let gens_1 = MultiCommitGens::new(1, b"test-knowledgeproof");
@ -638,7 +616,7 @@ use ark_std::{UniformRand};
#[test] #[test]
fn check_equalityproof() { fn check_equalityproof() {
let mut rng = ark_std::rand::thread_rng();
let mut rng = ark_std::rand::thread_rng();
let gens_1 = MultiCommitGens::new(1, b"test-equalityproof"); let gens_1 = MultiCommitGens::new(1, b"test-equalityproof");
let v1 = Scalar::rand(&mut rng); let v1 = Scalar::rand(&mut rng);
@ -663,14 +641,14 @@ use ark_std::{UniformRand};
.verify(&gens_1, &mut verifier_transcript, &C1, &C2) .verify(&gens_1, &mut verifier_transcript, &C1, &C2)
.is_ok()); .is_ok());
} }
#[test] #[test]
fn check_productproof() { fn check_productproof() {
let mut rng = ark_std::rand::thread_rng();
let pt = GroupElement::rand(&mut rng);
let pt_c = pt.compress();
let pt2 = GroupElement::decompress(&pt_c).unwrap();
assert_eq!(pt, pt2);
let mut rng = ark_std::rand::thread_rng();
let pt = GroupElement::rand(&mut rng);
let pt_c = pt.compress();
let pt2 = GroupElement::decompress(&pt_c).unwrap();
assert_eq!(pt, pt2);
let gens_1 = MultiCommitGens::new(1, b"test-productproof"); let gens_1 = MultiCommitGens::new(1, b"test-productproof");
let x = Scalar::rand(&mut rng); let x = Scalar::rand(&mut rng);
@ -702,7 +680,7 @@ use ark_std::{UniformRand};
#[test] #[test]
fn check_dotproductproof() { fn check_dotproductproof() {
let mut rng = ark_std::rand::thread_rng();
let mut rng = ark_std::rand::thread_rng();
let n = 1024; let n = 1024;
@ -741,7 +719,7 @@ use ark_std::{UniformRand};
#[test] #[test]
fn check_dotproductproof_log() { fn check_dotproductproof_log() {
let mut rng = ark_std::rand::thread_rng();
let mut rng = ark_std::rand::thread_rng();
let n = 1024; let n = 1024;

+ 6
- 5
src/product_tree.rs
View File

@ -1,6 +1,7 @@
#![allow(dead_code)] #![allow(dead_code)]
use super::dense_mlpoly::DensePolynomial; use super::dense_mlpoly::DensePolynomial;
use super::dense_mlpoly::EqPolynomial; use super::dense_mlpoly::EqPolynomial;
use super::math::Math;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::sumcheck::SumcheckInstanceProof; use super::sumcheck::SumcheckInstanceProof;
use super::transcript::ProofTranscript; use super::transcript::ProofTranscript;
@ -37,7 +38,7 @@ impl ProductCircuit {
let mut left_vec: Vec<DensePolynomial> = Vec::new(); let mut left_vec: Vec<DensePolynomial> = Vec::new();
let mut right_vec: Vec<DensePolynomial> = Vec::new(); let mut right_vec: Vec<DensePolynomial> = Vec::new();
let num_layers = poly.len().log2() as usize;
let num_layers = poly.len().log_2() as usize;
let (outp_left, outp_right) = poly.split(poly.len() / 2); let (outp_left, outp_right) = poly.split(poly.len() / 2);
left_vec.push(outp_left); left_vec.push(outp_left);
@ -182,7 +183,7 @@ impl ProductCircuitEvalProof {
let mut poly_C = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals()); let mut poly_C = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals());
assert_eq!(poly_C.len(), len / 2); assert_eq!(poly_C.len(), len / 2);
let num_rounds_prod = poly_C.len().log2() as usize;
let num_rounds_prod = poly_C.len().log_2() as usize;
let comb_func_prod = |poly_A_comp: &Scalar, let comb_func_prod = |poly_A_comp: &Scalar,
poly_B_comp: &Scalar, poly_B_comp: &Scalar,
poly_C_comp: &Scalar| poly_C_comp: &Scalar|
@ -223,7 +224,7 @@ impl ProductCircuitEvalProof {
len: usize, len: usize,
transcript: &mut Transcript, transcript: &mut Transcript,
) -> (Scalar, Vec<Scalar>) { ) -> (Scalar, Vec<Scalar>) {
let num_layers = len.log2() as usize;
let num_layers = len.log_2() as usize;
let mut claim = eval; let mut claim = eval;
let mut rand: Vec<Scalar> = Vec::new(); let mut rand: Vec<Scalar> = Vec::new();
//let mut num_rounds = 0; //let mut num_rounds = 0;
@ -279,7 +280,7 @@ impl ProductCircuitEvalProofBatched {
let mut poly_C_par = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals()); let mut poly_C_par = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals());
assert_eq!(poly_C_par.len(), len / 2); assert_eq!(poly_C_par.len(), len / 2);
let num_rounds_prod = poly_C_par.len().log2() as usize;
let num_rounds_prod = poly_C_par.len().log_2() as usize;
let comb_func_prod = |poly_A_comp: &Scalar, let comb_func_prod = |poly_A_comp: &Scalar,
poly_B_comp: &Scalar, poly_B_comp: &Scalar,
poly_C_comp: &Scalar| poly_C_comp: &Scalar|
@ -389,7 +390,7 @@ impl ProductCircuitEvalProofBatched {
len: usize, len: usize,
transcript: &mut Transcript, transcript: &mut Transcript,
) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>) { ) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>) {
let num_layers = len.log2() as usize;
let num_layers = len.log_2() as usize;
let mut rand: Vec<Scalar> = Vec::new(); let mut rand: Vec<Scalar> = Vec::new();
//let mut num_rounds = 0; //let mut num_rounds = 0;
assert_eq!(self.proof.len(), num_layers); assert_eq!(self.proof.len(), num_layers);

+ 8
- 8
src/r1csinstance.rs
View File

@ -46,8 +46,8 @@ impl R1CSCommitmentGens {
num_nz_entries: usize, num_nz_entries: usize,
) -> R1CSCommitmentGens { ) -> R1CSCommitmentGens {
assert!(num_inputs < num_vars); assert!(num_inputs < num_vars);
let num_poly_vars_x = num_cons.log2() as usize;
let num_poly_vars_y = (2 * num_vars).log2() as usize;
let num_poly_vars_x = num_cons.log_2() as usize;
let num_poly_vars_y = (2 * num_vars).log_2() as usize;
let gens = let gens =
SparseMatPolyCommitmentGens::new(label, num_poly_vars_x, num_poly_vars_y, num_nz_entries, 3); SparseMatPolyCommitmentGens::new(label, num_poly_vars_x, num_poly_vars_y, num_nz_entries, 3);
R1CSCommitmentGens { gens } R1CSCommitmentGens { gens }
@ -115,8 +115,8 @@ impl R1CSInstance {
assert!(num_inputs < num_vars); assert!(num_inputs < num_vars);
// no errors, so create polynomials // no errors, so create polynomials
let num_poly_vars_x = num_cons.log2() as usize;
let num_poly_vars_y = (2 * num_vars).log2() as usize;
let num_poly_vars_x = num_cons.log_2() as usize;
let num_poly_vars_y = (2 * num_vars).log_2() as usize;
let mat_A = (0..A.len()) let mat_A = (0..A.len())
.map(|i| SparseMatEntry::new(A[i].0, A[i].1, A[i].2)) .map(|i| SparseMatEntry::new(A[i].0, A[i].1, A[i].2))
@ -166,8 +166,8 @@ impl R1CSInstance {
let mut rng = ark_std::rand::thread_rng(); let mut rng = ark_std::rand::thread_rng();
// assert num_cons and num_vars are power of 2 // assert num_cons and num_vars are power of 2
assert_eq!((num_cons.log2() as usize).pow2(), num_cons);
assert_eq!((num_vars.log2() as usize).pow2(), num_vars);
assert_eq!((num_cons.log_2() as usize).pow2(), num_cons);
assert_eq!((num_vars.log_2() as usize).pow2(), num_vars);
// num_inputs + 1 <= num_vars // num_inputs + 1 <= num_vars
assert!(num_inputs < num_vars); assert!(num_inputs < num_vars);
@ -214,8 +214,8 @@ impl R1CSInstance {
Timer::print(&format!("number_non-zero_entries_B {}", B.len())); Timer::print(&format!("number_non-zero_entries_B {}", B.len()));
Timer::print(&format!("number_non-zero_entries_C {}", C.len())); Timer::print(&format!("number_non-zero_entries_C {}", C.len()));
let num_poly_vars_x = num_cons.log2() as usize;
let num_poly_vars_y = (2 * num_vars).log2() as usize;
let num_poly_vars_x = num_cons.log_2() as usize;
let num_poly_vars_y = (2 * num_vars).log_2() as usize;
let poly_A = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, A); let poly_A = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, A);
let poly_B = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, B); let poly_B = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, B);
let poly_C = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, C); let poly_C = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, C);

+ 8
- 25
src/r1csproof.rs
View File

@ -10,6 +10,7 @@ use super::errors::ProofVerifyError;
use super::group::{ use super::group::{
CompressGroupElement, DecompressGroupElement, GroupElement, VartimeMultiscalarMul, CompressGroupElement, DecompressGroupElement, GroupElement, VartimeMultiscalarMul,
}; };
use super::math::Math;
use super::nizk::{EqualityProof, KnowledgeProof, ProductProof}; use super::nizk::{EqualityProof, KnowledgeProof, ProductProof};
use super::r1csinstance::R1CSInstance; use super::r1csinstance::R1CSInstance;
use super::random::RandomTape; use super::random::RandomTape;
@ -65,7 +66,7 @@ pub struct R1CSGens {
impl R1CSGens { impl R1CSGens {
pub fn new(label: &'static [u8], _num_cons: usize, num_vars: usize) -> Self { pub fn new(label: &'static [u8], _num_cons: usize, num_vars: usize) -> Self {
let num_poly_vars = num_vars.log2() as usize;
let num_poly_vars = num_vars.log_2() as usize;
let gens_pc = PolyCommitmentGens::new(num_poly_vars, label); let gens_pc = PolyCommitmentGens::new(num_poly_vars, label);
let gens_sc = R1CSSumcheckGens::new(label, &gens_pc.gens.gens_1); let gens_sc = R1CSSumcheckGens::new(label, &gens_pc.gens.gens_1);
R1CSGens { gens_sc, gens_pc } R1CSGens { gens_sc, gens_pc }
@ -154,8 +155,10 @@ impl R1CSProof {
}; };
// derive the verifier's challenge tau // derive the verifier's challenge tau
let (num_rounds_x, num_rounds_y) =
(inst.get_num_cons().log2() as usize, z.len().log2() as usize);
let (num_rounds_x, num_rounds_y) = (
inst.get_num_cons().log_2() as usize,
z.len().log_2() as usize,
);
let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x); let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x);
// compute the initial evaluation table for R(\tau, x) // compute the initial evaluation table for R(\tau, x)
let mut poly_tau = DensePolynomial::new(EqPolynomial::new(tau).evals()); let mut poly_tau = DensePolynomial::new(EqPolynomial::new(tau).evals());
@ -247,7 +250,7 @@ impl R1CSProof {
let n = num_vars; let n = num_vars;
let (num_rounds_x, num_rounds_y) = (num_cons.log2() as usize, (2 * num_vars).log2() as usize);
let (num_rounds_x, num_rounds_y) = (num_cons.log_2() as usize, (2 * num_vars).log_2() as usize);
// derive the verifier's challenge tau // derive the verifier's challenge tau
let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x); let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x);
@ -278,30 +281,10 @@ impl R1CSProof {
let claim_phase2 = r_A * Az_claim + r_B * Bz_claim + r_C * Cz_claim; let claim_phase2 = r_A * Az_claim + r_B * Bz_claim + r_C * Cz_claim;
// verify the joint claim with a sum-check protocol // verify the joint claim with a sum-check protocol
<<<<<<< HEAD
let (claim_post_phase2, ry) = let (claim_post_phase2, ry) =
self self
.sc_proof_phase2 .sc_proof_phase2
.verify(claim_phase2, num_rounds_y, 2, transcript)?; .verify(claim_phase2, num_rounds_y, 2, transcript)?;
=======
let (comm_claim_post_phase2, ry) = self.sc_proof_phase2.verify(
&comm_claim_phase2,
num_rounds_y,
2,
&gens.gens_sc.gens_1,
&gens.gens_sc.gens_3,
transcript,
)?;
// verify Z(ry) proof against the initial commitment
self.proof_eval_vars_at_ry.verify(
&gens.gens_pc,
transcript,
&ry[1..],
&self.comm_vars_at_ry,
&self.comm_vars,
)?;
>>>>>>> clippy fixes (#50)
let poly_input_eval = { let poly_input_eval = {
// constant term // constant term
@ -312,7 +295,7 @@ impl R1CSProof {
.map(|i| SparsePolyEntry::new(i + 1, input[i])) .map(|i| SparsePolyEntry::new(i + 1, input[i]))
.collect::<Vec<SparsePolyEntry>>(), .collect::<Vec<SparsePolyEntry>>(),
); );
SparsePolynomial::new(n.log2() as usize, input_as_sparse_poly_entries).evaluate(&ry[1..])
SparsePolynomial::new(n.log_2() as usize, input_as_sparse_poly_entries).evaluate(&ry[1..])
}; };
let eval_Z_at_ry = (Scalar::one() - ry[0]) * self.eval_vars_at_ry + ry[0] * poly_input_eval; let eval_Z_at_ry = (Scalar::one() - ry[0]) * self.eval_vars_at_ry + ry[0] * poly_input_eval;

+ 13
- 13
src/sparse_mlpoly.rs
View File

@ -92,7 +92,7 @@ impl DerefsEvalProof {
) -> PolyEvalProof { ) -> PolyEvalProof {
assert_eq!( assert_eq!(
joint_poly.get_num_vars(), joint_poly.get_num_vars(),
r.len() + evals.len().log2() as usize
r.len() + evals.len().log_2() as usize
); );
// append the claimed evaluations to transcript // append the claimed evaluations to transcript
@ -101,7 +101,7 @@ impl DerefsEvalProof {
// n-to-1 reduction // n-to-1 reduction
let (r_joint, eval_joint) = { let (r_joint, eval_joint) = {
let challenges = let challenges =
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log2() as usize);
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log_2() as usize);
let mut poly_evals = DensePolynomial::new(evals); let mut poly_evals = DensePolynomial::new(evals);
for i in (0..challenges.len()).rev() { for i in (0..challenges.len()).rev() {
poly_evals.bound_poly_var_bot(&challenges[i]); poly_evals.bound_poly_var_bot(&challenges[i]);
@ -167,7 +167,7 @@ impl DerefsEvalProof {
// n-to-1 reduction // n-to-1 reduction
let challenges = let challenges =
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log2() as usize);
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log_2() as usize);
let mut poly_evals = DensePolynomial::new(evals); let mut poly_evals = DensePolynomial::new(evals);
for i in (0..challenges.len()).rev() { for i in (0..challenges.len()).rev() {
poly_evals.bound_poly_var_bot(&challenges[i]); poly_evals.bound_poly_var_bot(&challenges[i]);
@ -301,15 +301,15 @@ impl SparseMatPolyCommitmentGens {
num_nz_entries: usize, num_nz_entries: usize,
batch_size: usize, batch_size: usize,
) -> SparseMatPolyCommitmentGens { ) -> SparseMatPolyCommitmentGens {
let num_vars_ops = num_nz_entries.next_power_of_two().log2() as usize
+ (batch_size * 5).next_power_of_two().log2() as usize;
let num_vars_ops = num_nz_entries.next_power_of_two().log_2() as usize
+ (batch_size * 5).next_power_of_two().log_2() as usize;
let num_vars_mem = if num_vars_x > num_vars_y { let num_vars_mem = if num_vars_x > num_vars_y {
num_vars_x num_vars_x
} else { } else {
num_vars_y num_vars_y
} + 1; } + 1;
let num_vars_derefs = num_nz_entries.next_power_of_two().log2() as usize
+ (batch_size * 2).next_power_of_two().log2() as usize;
let num_vars_derefs = num_nz_entries.next_power_of_two().log_2() as usize
+ (batch_size * 2).next_power_of_two().log_2() as usize;
let gens_ops = PolyCommitmentGens::new(num_vars_ops, label); let gens_ops = PolyCommitmentGens::new(num_vars_ops, label);
let gens_mem = PolyCommitmentGens::new(num_vars_mem, label); let gens_mem = PolyCommitmentGens::new(num_vars_mem, label);
@ -781,7 +781,7 @@ impl HashLayerProof {
evals_ops.append_to_transcript(b"claim_evals_ops", transcript); evals_ops.append_to_transcript(b"claim_evals_ops", transcript);
let challenges_ops = transcript.challenge_vector( let challenges_ops = transcript.challenge_vector(
b"challenge_combine_n_to_one", b"challenge_combine_n_to_one",
evals_ops.len().log2() as usize,
evals_ops.len().log_2() as usize,
); );
let mut poly_evals_ops = DensePolynomial::new(evals_ops); let mut poly_evals_ops = DensePolynomial::new(evals_ops);
@ -810,7 +810,7 @@ impl HashLayerProof {
evals_mem.append_to_transcript(b"claim_evals_mem", transcript); evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
let challenges_mem = transcript.challenge_vector( let challenges_mem = transcript.challenge_vector(
b"challenge_combine_two_to_one", b"challenge_combine_two_to_one",
evals_mem.len().log2() as usize,
evals_mem.len().log_2() as usize,
); );
let mut poly_evals_mem = DensePolynomial::new(evals_mem); let mut poly_evals_mem = DensePolynomial::new(evals_mem);
@ -955,7 +955,7 @@ impl HashLayerProof {
evals_ops.append_to_transcript(b"claim_evals_ops", transcript); evals_ops.append_to_transcript(b"claim_evals_ops", transcript);
let challenges_ops = transcript.challenge_vector( let challenges_ops = transcript.challenge_vector(
b"challenge_combine_n_to_one", b"challenge_combine_n_to_one",
evals_ops.len().log2() as usize,
evals_ops.len().log_2() as usize,
); );
let mut poly_evals_ops = DensePolynomial::new(evals_ops); let mut poly_evals_ops = DensePolynomial::new(evals_ops);
@ -981,7 +981,7 @@ impl HashLayerProof {
evals_mem.append_to_transcript(b"claim_evals_mem", transcript); evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
let challenges_mem = transcript.challenge_vector( let challenges_mem = transcript.challenge_vector(
b"challenge_combine_two_to_one", b"challenge_combine_two_to_one",
evals_mem.len().log2() as usize,
evals_mem.len().log_2() as usize,
); );
let mut poly_evals_mem = DensePolynomial::new(evals_mem); let mut poly_evals_mem = DensePolynomial::new(evals_mem);
@ -1632,8 +1632,8 @@ use rand::RngCore;
let num_nz_entries: usize = 256; let num_nz_entries: usize = 256;
let num_rows: usize = 256; let num_rows: usize = 256;
let num_cols: usize = 256; let num_cols: usize = 256;
let num_vars_x: usize = num_rows.log2() as usize;
let num_vars_y: usize = num_cols.log2() as usize;
let num_vars_x: usize = num_rows.log_2() as usize;
let num_vars_y: usize = num_cols.log_2() as usize;
let mut M: Vec<SparseMatEntry> = Vec::new(); let mut M: Vec<SparseMatEntry> = Vec::new();

Write Preview
Loading…
Cancel
Save