arnaucube/testudo
1
0
Fork 0
mirror of https://github.com/arnaucube/testudo.git synced 2026-01-12 16:51:28 +01:00
Code Issues Projects Releases Wiki Activity

support for stable Rust (#51)

Browse Source 
* support for stable Rust

* add no default to stable

* add no default to stable

* update CI
This commit is contained in:
Srinath Setty
2022-08-01 18:50:04 -07:00
committed by maramihali
parent e1383ff248
commit 4f56acf724
11 changed files with 155 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/rust.yml vendored
View File

@@ -7,7 +7,7 @@ on:
branches: [ master ] branches: [ master ]
jobs: jobs:
build: build_nightly:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2

2
Cargo.toml
View File

@@ -2,7 +2,7 @@
name = "spartan" name = "spartan"
version = "0.6.0" version = "0.6.0"
authors = ["Srinath Setty <srinath@microsoft.com>"] authors = ["Srinath Setty <srinath@microsoft.com>"]
edition = "2018" edition = "2021"
description = "High-speed zkSNARKs without trusted setup" description = "High-speed zkSNARKs without trusted setup"
documentation = "https://docs.rs/spartan/" documentation = "https://docs.rs/spartan/"
readme = "README.md" readme = "README.md"

2
src/dense_mlpoly.rs
View File

@@ -121,7 +121,7 @@ impl IdentityPolynomial {
impl DensePolynomial { impl DensePolynomial {
pub fn new(Z: Vec<Scalar>) -> Self { pub fn new(Z: Vec<Scalar>) -> Self {
DensePolynomial { DensePolynomial {
num_vars: Z.len().log2() as usize, num_vars: Z.len().log_2() as usize,
len: Z.len(), len: Z.len(),
Z, Z,
} }

2
src/lib.rs
View File

@@ -1,6 +1,4 @@
#![allow(non_snake_case)] #![allow(non_snake_case)]
#![feature(test)]
#![feature(int_log)]
#![doc = include_str!("../README.md")] #![doc = include_str!("../README.md")]
#![deny(missing_docs)] #![deny(missing_docs)]
#![allow(clippy::assertions_on_result_states)] #![allow(clippy::assertions_on_result_states)]

11
src/math.rs
View File

@@ -2,6 +2,7 @@ pub trait Math {
fn square_root(self) -> usize; fn square_root(self) -> usize;
fn pow2(self) -> usize; fn pow2(self) -> usize;
fn get_bits(self, num_bits: usize) -> Vec<bool>; fn get_bits(self, num_bits: usize) -> Vec<bool>;
fn log_2(self) -> usize;
} }
impl Math for usize { impl Math for usize {
@@ -22,4 +23,14 @@ impl Math for usize {
.map(|shift_amount| ((self & (1 << (num_bits - shift_amount - 1))) > 0)) .map(|shift_amount| ((self & (1 << (num_bits - shift_amount - 1))) > 0))
.collect::<Vec<bool>>() .collect::<Vec<bool>>()
} }
fn log_2(self) -> usize {
assert_ne!(self, 0);
if self.is_power_of_two() {
(1usize.leading_zeros() - self.leading_zeros()) as usize
} else {
(0usize.leading_zeros() - self.leading_zeros()) as usize
}
}
} }

58
src/nizk/bullet.rs
View File

@@ -4,15 +4,19 @@
#![allow(clippy::type_complexity)] #![allow(clippy::type_complexity)]
#![allow(clippy::too_many_arguments)] #![allow(clippy::too_many_arguments)]
use super::super::errors::ProofVerifyError; use super::super::errors::ProofVerifyError;
use super::super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul, CompressGroupElement, DecompressGroupElement}; use super::super::group::{
CompressGroupElement, CompressedGroup, DecompressGroupElement, GroupElement,
VartimeMultiscalarMul,
};
use super::super::math::Math;
use super::super::scalar::Scalar; use super::super::scalar::Scalar;
use super::super::transcript::ProofTranscript; use super::super::transcript::ProofTranscript;
use core::iter; use ark_ff::{fields, Field};
use std::ops::MulAssign;
use merlin::Transcript;
use ark_serialize::*; use ark_serialize::*;
use ark_ff::{Field, fields}; use ark_std::{One, Zero};
use ark_std::{One, Zero}; use core::iter;
use merlin::Transcript;
use std::ops::MulAssign;
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)] #[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
pub struct BulletReductionProof { pub struct BulletReductionProof {
@@ -58,7 +62,7 @@ impl BulletReductionProof {
// All of the input vectors must have a length that is a power of two. // All of the input vectors must have a length that is a power of two.
let mut n = G.len(); let mut n = G.len();
assert!(n.is_power_of_two()); assert!(n.is_power_of_two());
let lg_n = n.log2() as usize; let lg_n = n.log_2() as usize;
// All of the input vectors must have the same length. // All of the input vectors must have the same length.
assert_eq!(G.len(), n); assert_eq!(G.len(), n);
@@ -86,16 +90,34 @@ impl BulletReductionProof {
a_L a_L
.iter() .iter()
.chain(iter::once(&c_L)) .chain(iter::once(&c_L))
.chain(iter::once(blind_L)).map(|s| *s).collect::<Vec<Scalar>>().as_slice(), .chain(iter::once(blind_L))
G_R.iter().chain(iter::once(Q)).chain(iter::once(H)).map(|p| *p).collect::<Vec<GroupElement>>().as_slice(), .map(|s| *s)
.collect::<Vec<Scalar>>()
.as_slice(),
G_R
.iter()
.chain(iter::once(Q))
.chain(iter::once(H))
.map(|p| *p)
.collect::<Vec<GroupElement>>()
.as_slice(),
); );
let R = GroupElement::vartime_multiscalar_mul( let R = GroupElement::vartime_multiscalar_mul(
a_R a_R
.iter() .iter()
.chain(iter::once(&c_R)) .chain(iter::once(&c_R))
.chain(iter::once(blind_R)).map(|s| *s).collect::<Vec<Scalar>>().as_slice(), .chain(iter::once(blind_R))
G_L.iter().chain(iter::once(Q)).chain(iter::once(H)).map(|p| *p).collect::<Vec<GroupElement>>().as_slice(), .map(|s| *s)
.collect::<Vec<Scalar>>()
.as_slice(),
G_L
.iter()
.chain(iter::once(Q))
.chain(iter::once(H))
.map(|p| *p)
.collect::<Vec<GroupElement>>()
.as_slice(),
); );
transcript.append_point(b"L", &L.compress()); transcript.append_point(b"L", &L.compress());
@@ -161,7 +183,7 @@ impl BulletReductionProof {
// 2. Compute 1/(u_k...u_1) and 1/u_k, ..., 1/u_1 // 2. Compute 1/(u_k...u_1) and 1/u_k, ..., 1/u_1
let mut challenges_inv: Vec<Scalar> = challenges.clone(); let mut challenges_inv: Vec<Scalar> = challenges.clone();
ark_ff::fields::batch_inversion(&mut challenges_inv); ark_ff::fields::batch_inversion(&mut challenges_inv);
let mut allinv: Scalar = Scalar::one(); let mut allinv: Scalar = Scalar::one();
for c in challenges.iter().filter(|s| !s.is_zero()) { for c in challenges.iter().filter(|s| !s.is_zero()) {
@@ -225,8 +247,16 @@ impl BulletReductionProof {
u_sq u_sq
.iter() .iter()
.chain(u_inv_sq.iter()) .chain(u_inv_sq.iter())
.chain(iter::once(&Scalar::one())).map(|s| *s).collect::<Vec<Scalar>>().as_slice(), .chain(iter::once(&Scalar::one()))
Ls.iter().chain(Rs.iter()).chain(iter::once(Gamma)).map(|p| *p).collect::<Vec<GroupElement>>().as_slice(), .map(|s| *s)
.collect::<Vec<Scalar>>()
.as_slice(),
Ls.iter()
.chain(Rs.iter())
.chain(iter::once(Gamma))
.map(|p| *p)
.collect::<Vec<GroupElement>>()
.as_slice(),
); );
Ok((G_hat, Gamma_hat, a_hat)) Ok((G_hat, Gamma_hat, a_hat))

146
src/nizk/mod.rs
View File

@@ -2,15 +2,18 @@
use super::commitments::{Commitments, MultiCommitGens}; use super::commitments::{Commitments, MultiCommitGens};
use super::errors::ProofVerifyError; use super::errors::ProofVerifyError;
use super::group::{ use super::group::{
CompressedGroup, CompressGroupElement, UnpackGroupElement, GroupElement, DecompressGroupElement, GroupElementAffine}; CompressGroupElement, CompressedGroup, DecompressGroupElement, GroupElement, GroupElementAffine,
UnpackGroupElement,
};
use super::math::Math;
use super::random::RandomTape; use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::transcript::{AppendToTranscript, ProofTranscript}; use super::transcript::{AppendToTranscript, ProofTranscript};
use ark_ec::group::Group; use ark_ec::group::Group;
use merlin::Transcript;
use ark_serialize::*;
use ark_ec::ProjectiveCurve; use ark_ec::ProjectiveCurve;
use ark_ff::PrimeField; use ark_ff::PrimeField;
use ark_serialize::*;
use merlin::Transcript;
mod bullet; mod bullet;
use bullet::BulletReductionProof; use bullet::BulletReductionProof;
@@ -49,7 +52,7 @@ impl KnowledgeProof {
let c = transcript.challenge_scalar(b"c"); let c = transcript.challenge_scalar(b"c");
let z1 = c * x + t1; let z1 = c * x + t1;
let z2 = c * r + t2; let z2 = c * r + t2;
(KnowledgeProof { alpha, z1, z2 }, C) (KnowledgeProof { alpha, z1, z2 }, C)
} }
@@ -58,8 +61,7 @@ impl KnowledgeProof {
&self, &self,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
C: & C: &CompressedGroup,
CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
transcript.append_protocol_name(KnowledgeProof::protocol_name()); transcript.append_protocol_name(KnowledgeProof::protocol_name());
C.append_to_transcript(b"C", transcript); C.append_to_transcript(b"C", transcript);
@@ -68,7 +70,7 @@ impl KnowledgeProof {
let c = transcript.challenge_scalar(b"c"); let c = transcript.challenge_scalar(b"c");
let lhs = self.z1.commit(&self.z2, gens_n).compress(); let lhs = self.z1.commit(&self.z2, gens_n).compress();
let rhs = ( C.unpack()?.mul(c.into_repr()) + self.alpha.unpack()?).compress(); let rhs = (C.unpack()?.mul(c.into_repr()) + self.alpha.unpack()?).compress();
if lhs == rhs { if lhs == rhs {
Ok(()) Ok(())
@@ -80,8 +82,7 @@ impl KnowledgeProof {
#[derive(CanonicalSerialize, CanonicalDeserialize, Debug)] #[derive(CanonicalSerialize, CanonicalDeserialize, Debug)]
pub struct EqualityProof { pub struct EqualityProof {
alpha: alpha: CompressedGroup,
CompressedGroup,
z: Scalar, z: Scalar,
} }
@@ -98,9 +99,7 @@ impl EqualityProof {
s1: &Scalar, s1: &Scalar,
v2: &Scalar, v2: &Scalar,
s2: &Scalar, s2: &Scalar,
) -> (EqualityProof, ) -> (EqualityProof, CompressedGroup, CompressedGroup) {
CompressedGroup,
CompressedGroup) {
transcript.append_protocol_name(EqualityProof::protocol_name()); transcript.append_protocol_name(EqualityProof::protocol_name());
// produce a random Scalar // produce a random Scalar
@@ -126,10 +125,8 @@ impl EqualityProof {
&self, &self,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
C1: & C1: &CompressedGroup,
CompressedGroup, C2: &CompressedGroup,
C2: &
CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
transcript.append_protocol_name(EqualityProof::protocol_name()); transcript.append_protocol_name(EqualityProof::protocol_name());
C1.append_to_transcript(b"C1", transcript); C1.append_to_transcript(b"C1", transcript);
@@ -155,12 +152,9 @@ impl EqualityProof {
#[derive(CanonicalSerialize, CanonicalDeserialize, Debug)] #[derive(CanonicalSerialize, CanonicalDeserialize, Debug)]
pub struct ProductProof { pub struct ProductProof {
alpha: alpha: CompressedGroup,
CompressedGroup, beta: CompressedGroup,
beta: delta: CompressedGroup,
CompressedGroup,
delta:
CompressedGroup,
z: Vec<Scalar>, z: Vec<Scalar>,
} }
@@ -181,11 +175,8 @@ impl ProductProof {
rZ: &Scalar, rZ: &Scalar,
) -> ( ) -> (
ProductProof, ProductProof,
CompressedGroup, CompressedGroup,
CompressedGroup, CompressedGroup,
CompressedGroup, CompressedGroup,
) { ) {
transcript.append_protocol_name(ProductProof::protocol_name()); transcript.append_protocol_name(ProductProof::protocol_name());
@@ -197,16 +188,14 @@ impl ProductProof {
let b4 = random_tape.random_scalar(b"b4"); let b4 = random_tape.random_scalar(b"b4");
let b5 = random_tape.random_scalar(b"b5"); let b5 = random_tape.random_scalar(b"b5");
let X_unc = x.commit(rX, gens_n); let X_unc = x.commit(rX, gens_n);
let X = X_unc.compress(); let X = X_unc.compress();
X.append_to_transcript(b"X", transcript); X.append_to_transcript(b"X", transcript);
let X_new = GroupElement::decompress(&X); let X_new = GroupElement::decompress(&X);
assert_eq!(X_unc, X_new.unwrap()); assert_eq!(X_unc, X_new.unwrap());
let Y = y.commit(rY, gens_n).compress(); let Y = y.commit(rY, gens_n).compress();
Y.append_to_transcript(b"Y", transcript); Y.append_to_transcript(b"Y", transcript);
@@ -253,17 +242,17 @@ impl ProductProof {
} }
fn check_equality( fn check_equality(
P: & P: &CompressedGroup,
CompressedGroup, X: &CompressedGroup,
X: &
CompressedGroup,
c: &Scalar, c: &Scalar,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
z1: &Scalar, z1: &Scalar,
z2: &Scalar, z2: &Scalar,
) -> bool { ) -> bool {
println!("{:?}", X); println!("{:?}", X);
let lhs = (GroupElement::decompress(P).unwrap() + GroupElement::decompress(X).unwrap().mul(c.into_repr())).compress(); let lhs = (GroupElement::decompress(P).unwrap()
+ GroupElement::decompress(X).unwrap().mul(c.into_repr()))
.compress();
let rhs = z1.commit(z2, gens_n).compress(); let rhs = z1.commit(z2, gens_n).compress();
lhs == rhs lhs == rhs
@@ -273,12 +262,9 @@ impl ProductProof {
&self, &self,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
X: & X: &CompressedGroup,
CompressedGroup, Y: &CompressedGroup,
Y: & Z: &CompressedGroup,
CompressedGroup,
Z: &
CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
transcript.append_protocol_name(ProductProof::protocol_name()); transcript.append_protocol_name(ProductProof::protocol_name());
@@ -321,10 +307,8 @@ impl ProductProof {
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)] #[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
pub struct DotProductProof { pub struct DotProductProof {
delta: delta: CompressedGroup,
CompressedGroup, beta: CompressedGroup,
beta:
CompressedGroup,
z: Vec<Scalar>, z: Vec<Scalar>,
z_delta: Scalar, z_delta: Scalar,
z_beta: Scalar, z_beta: Scalar,
@@ -350,9 +334,7 @@ impl DotProductProof {
a_vec: &[Scalar], a_vec: &[Scalar],
y: &Scalar, y: &Scalar,
blind_y: &Scalar, blind_y: &Scalar,
) -> (DotProductProof, ) -> (DotProductProof, CompressedGroup, CompressedGroup) {
CompressedGroup,
CompressedGroup) {
transcript.append_protocol_name(DotProductProof::protocol_name()); transcript.append_protocol_name(DotProductProof::protocol_name());
let n = x_vec.len(); let n = x_vec.len();
@@ -409,10 +391,8 @@ impl DotProductProof {
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
a: &[Scalar], a: &[Scalar],
Cx: & Cx: &CompressedGroup,
CompressedGroup, Cy: &CompressedGroup,
Cy: &
CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
assert_eq!(gens_n.n, a.len()); assert_eq!(gens_n.n, a.len());
assert_eq!(gens_1.n, 1); assert_eq!(gens_1.n, 1);
@@ -426,11 +406,12 @@ impl DotProductProof {
let c = transcript.challenge_scalar(b"c"); let c = transcript.challenge_scalar(b"c");
let mut result = let mut result = Cx.unpack()?.mul(c.into_repr()) + self.delta.unpack()?
Cx.unpack()?.mul(c.into_repr()) + self.delta.unpack()? == self.z.commit(&self.z_delta, gens_n); == self.z.commit(&self.z_delta, gens_n);
let dotproduct_z_a = DotProductProof::compute_dotproduct(&self.z, a); let dotproduct_z_a = DotProductProof::compute_dotproduct(&self.z, a);
result &= Cy.unpack()?.mul(c.into_repr()) + self.beta.unpack()? == dotproduct_z_a.commit(&self.z_beta, gens_1); result &= Cy.unpack()?.mul(c.into_repr()) + self.beta.unpack()?
== dotproduct_z_a.commit(&self.z_beta, gens_1);
if result { if result {
Ok(()) Ok(())
} else { } else {
@@ -455,10 +436,8 @@ impl DotProductProofGens {
#[derive(Debug, CanonicalSerialize, CanonicalDeserialize)] #[derive(Debug, CanonicalSerialize, CanonicalDeserialize)]
pub struct DotProductProofLog { pub struct DotProductProofLog {
bullet_reduction_proof: BulletReductionProof, bullet_reduction_proof: BulletReductionProof,
delta: delta: CompressedGroup,
CompressedGroup, beta: CompressedGroup,
beta:
CompressedGroup,
z1: Scalar, z1: Scalar,
z2: Scalar, z2: Scalar,
} }
@@ -482,9 +461,7 @@ impl DotProductProofLog {
a_vec: &[Scalar], a_vec: &[Scalar],
y: &Scalar, y: &Scalar,
blind_y: &Scalar, blind_y: &Scalar,
) -> (DotProductProofLog, ) -> (DotProductProofLog, CompressedGroup, CompressedGroup) {
CompressedGroup,
CompressedGroup) {
transcript.append_protocol_name(DotProductProofLog::protocol_name()); transcript.append_protocol_name(DotProductProofLog::protocol_name());
let n = x_vec.len(); let n = x_vec.len();
@@ -496,8 +473,8 @@ impl DotProductProofLog {
let r_delta = random_tape.random_scalar(b"r_delta"); let r_delta = random_tape.random_scalar(b"r_delta");
let r_beta = random_tape.random_scalar(b"r_delta"); let r_beta = random_tape.random_scalar(b"r_delta");
let blinds_vec = { let blinds_vec = {
let v1 = random_tape.random_vector(b"blinds_vec_1", 2 * n.log2() as usize); let v1 = random_tape.random_vector(b"blinds_vec_1", 2 * n.log_2());
let v2 = random_tape.random_vector(b"blinds_vec_2", 2 * n.log2() as usize); let v2 = random_tape.random_vector(b"blinds_vec_2", 2 * n.log_2());
(0..v1.len()) (0..v1.len())
.map(|i| (v1[i], v2[i])) .map(|i| (v1[i], v2[i]))
.collect::<Vec<(Scalar, Scalar)>>() .collect::<Vec<(Scalar, Scalar)>>()
@@ -562,10 +539,8 @@ impl DotProductProofLog {
gens: &DotProductProofGens, gens: &DotProductProofGens,
transcript: &mut Transcript, transcript: &mut Transcript,
a: &[Scalar], a: &[Scalar],
Cx: & Cx: &CompressedGroup,
CompressedGroup, Cy: &CompressedGroup,
Cy: &
CompressedGroup,
) -> Result<(), ProofVerifyError> { ) -> Result<(), ProofVerifyError> {
assert_eq!(gens.n, n); assert_eq!(gens.n, n);
assert_eq!(a.len(), n); assert_eq!(a.len(), n);
@@ -593,8 +568,11 @@ impl DotProductProofLog {
let z1_s = &self.z1; let z1_s = &self.z1;
let z2_s = &self.z2; let z2_s = &self.z2;
let lhs = ((Gamma_hat.mul(c_s.into_repr()) + beta_s).mul(a_hat_s.into_repr()) + delta_s).compress(); let lhs =
let rhs = ((g_hat + gens.gens_1.G[0].mul(a_hat_s.into_repr())).mul(z1_s.into_repr()) + gens.gens_1.h.mul(z2_s.into_repr())).compress(); ((Gamma_hat.mul(c_s.into_repr()) + beta_s).mul(a_hat_s.into_repr()) + delta_s).compress();
let rhs = ((g_hat + gens.gens_1.G[0].mul(a_hat_s.into_repr())).mul(z1_s.into_repr())
+ gens.gens_1.h.mul(z2_s.into_repr()))
.compress();
assert_eq!(lhs, rhs); assert_eq!(lhs, rhs);
@@ -610,15 +588,15 @@ impl DotProductProofLog {
mod tests { mod tests {
use std::marker::PhantomData; use std::marker::PhantomData;
use crate::group::VartimeMultiscalarMul; use crate::group::VartimeMultiscalarMul;
use super::*; use super::*;
use ark_bls12_377::{G1Affine, Fq, FqParameters}; use ark_bls12_377::{Fq, FqParameters, G1Affine};
use ark_ff::{Fp384, BigInteger384}; use ark_ff::{BigInteger384, Fp384};
use ark_std::{UniformRand}; use ark_std::UniformRand;
#[test] #[test]
fn check_knowledgeproof() { fn check_knowledgeproof() {
let mut rng = ark_std::rand::thread_rng(); let mut rng = ark_std::rand::thread_rng();
let gens_1 = MultiCommitGens::new(1, b"test-knowledgeproof"); let gens_1 = MultiCommitGens::new(1, b"test-knowledgeproof");
@@ -638,7 +616,7 @@ use ark_std::{UniformRand};
#[test] #[test]
fn check_equalityproof() { fn check_equalityproof() {
let mut rng = ark_std::rand::thread_rng(); let mut rng = ark_std::rand::thread_rng();
let gens_1 = MultiCommitGens::new(1, b"test-equalityproof"); let gens_1 = MultiCommitGens::new(1, b"test-equalityproof");
let v1 = Scalar::rand(&mut rng); let v1 = Scalar::rand(&mut rng);
@@ -663,14 +641,14 @@ use ark_std::{UniformRand};
.verify(&gens_1, &mut verifier_transcript, &C1, &C2) .verify(&gens_1, &mut verifier_transcript, &C1, &C2)
.is_ok()); .is_ok());
} }
#[test] #[test]
fn check_productproof() { fn check_productproof() {
let mut rng = ark_std::rand::thread_rng(); let mut rng = ark_std::rand::thread_rng();
let pt = GroupElement::rand(&mut rng); let pt = GroupElement::rand(&mut rng);
let pt_c = pt.compress(); let pt_c = pt.compress();
let pt2 = GroupElement::decompress(&pt_c).unwrap(); let pt2 = GroupElement::decompress(&pt_c).unwrap();
assert_eq!(pt, pt2); assert_eq!(pt, pt2);
let gens_1 = MultiCommitGens::new(1, b"test-productproof"); let gens_1 = MultiCommitGens::new(1, b"test-productproof");
let x = Scalar::rand(&mut rng); let x = Scalar::rand(&mut rng);
@@ -702,7 +680,7 @@ use ark_std::{UniformRand};
#[test] #[test]
fn check_dotproductproof() { fn check_dotproductproof() {
let mut rng = ark_std::rand::thread_rng(); let mut rng = ark_std::rand::thread_rng();
let n = 1024; let n = 1024;
@@ -741,7 +719,7 @@ use ark_std::{UniformRand};
#[test] #[test]
fn check_dotproductproof_log() { fn check_dotproductproof_log() {
let mut rng = ark_std::rand::thread_rng(); let mut rng = ark_std::rand::thread_rng();
let n = 1024; let n = 1024;

11
src/product_tree.rs
View File

@@ -1,6 +1,7 @@
#![allow(dead_code)] #![allow(dead_code)]
use super::dense_mlpoly::DensePolynomial; use super::dense_mlpoly::DensePolynomial;
use super::dense_mlpoly::EqPolynomial; use super::dense_mlpoly::EqPolynomial;
use super::math::Math;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::sumcheck::SumcheckInstanceProof; use super::sumcheck::SumcheckInstanceProof;
use super::transcript::ProofTranscript; use super::transcript::ProofTranscript;
@@ -37,7 +38,7 @@ impl ProductCircuit {
let mut left_vec: Vec<DensePolynomial> = Vec::new(); let mut left_vec: Vec<DensePolynomial> = Vec::new();
let mut right_vec: Vec<DensePolynomial> = Vec::new(); let mut right_vec: Vec<DensePolynomial> = Vec::new();
let num_layers = poly.len().log2() as usize; let num_layers = poly.len().log_2() as usize;
let (outp_left, outp_right) = poly.split(poly.len() / 2); let (outp_left, outp_right) = poly.split(poly.len() / 2);
left_vec.push(outp_left); left_vec.push(outp_left);
@@ -182,7 +183,7 @@ impl ProductCircuitEvalProof {
let mut poly_C = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals()); let mut poly_C = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals());
assert_eq!(poly_C.len(), len / 2); assert_eq!(poly_C.len(), len / 2);
let num_rounds_prod = poly_C.len().log2() as usize; let num_rounds_prod = poly_C.len().log_2() as usize;
let comb_func_prod = |poly_A_comp: &Scalar, let comb_func_prod = |poly_A_comp: &Scalar,
poly_B_comp: &Scalar, poly_B_comp: &Scalar,
poly_C_comp: &Scalar| poly_C_comp: &Scalar|
@@ -223,7 +224,7 @@ impl ProductCircuitEvalProof {
len: usize, len: usize,
transcript: &mut Transcript, transcript: &mut Transcript,
) -> (Scalar, Vec<Scalar>) { ) -> (Scalar, Vec<Scalar>) {
let num_layers = len.log2() as usize; let num_layers = len.log_2() as usize;
let mut claim = eval; let mut claim = eval;
let mut rand: Vec<Scalar> = Vec::new(); let mut rand: Vec<Scalar> = Vec::new();
//let mut num_rounds = 0; //let mut num_rounds = 0;
@@ -279,7 +280,7 @@ impl ProductCircuitEvalProofBatched {
let mut poly_C_par = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals()); let mut poly_C_par = DensePolynomial::new(EqPolynomial::new(rand.clone()).evals());
assert_eq!(poly_C_par.len(), len / 2); assert_eq!(poly_C_par.len(), len / 2);
let num_rounds_prod = poly_C_par.len().log2() as usize; let num_rounds_prod = poly_C_par.len().log_2() as usize;
let comb_func_prod = |poly_A_comp: &Scalar, let comb_func_prod = |poly_A_comp: &Scalar,
poly_B_comp: &Scalar, poly_B_comp: &Scalar,
poly_C_comp: &Scalar| poly_C_comp: &Scalar|
@@ -389,7 +390,7 @@ impl ProductCircuitEvalProofBatched {
len: usize, len: usize,
transcript: &mut Transcript, transcript: &mut Transcript,
) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>) { ) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>) {
let num_layers = len.log2() as usize; let num_layers = len.log_2() as usize;
let mut rand: Vec<Scalar> = Vec::new(); let mut rand: Vec<Scalar> = Vec::new();
//let mut num_rounds = 0; //let mut num_rounds = 0;
assert_eq!(self.proof.len(), num_layers); assert_eq!(self.proof.len(), num_layers);

16
src/r1csinstance.rs
View File

@@ -46,8 +46,8 @@ impl R1CSCommitmentGens {
num_nz_entries: usize, num_nz_entries: usize,
) -> R1CSCommitmentGens { ) -> R1CSCommitmentGens {
assert!(num_inputs < num_vars); assert!(num_inputs < num_vars);
let num_poly_vars_x = num_cons.log2() as usize; let num_poly_vars_x = num_cons.log_2() as usize;
let num_poly_vars_y = (2 * num_vars).log2() as usize; let num_poly_vars_y = (2 * num_vars).log_2() as usize;
let gens = let gens =
SparseMatPolyCommitmentGens::new(label, num_poly_vars_x, num_poly_vars_y, num_nz_entries, 3); SparseMatPolyCommitmentGens::new(label, num_poly_vars_x, num_poly_vars_y, num_nz_entries, 3);
R1CSCommitmentGens { gens } R1CSCommitmentGens { gens }
@@ -115,8 +115,8 @@ impl R1CSInstance {
assert!(num_inputs < num_vars); assert!(num_inputs < num_vars);
// no errors, so create polynomials // no errors, so create polynomials
let num_poly_vars_x = num_cons.log2() as usize; let num_poly_vars_x = num_cons.log_2() as usize;
let num_poly_vars_y = (2 * num_vars).log2() as usize; let num_poly_vars_y = (2 * num_vars).log_2() as usize;
let mat_A = (0..A.len()) let mat_A = (0..A.len())
.map(|i| SparseMatEntry::new(A[i].0, A[i].1, A[i].2)) .map(|i| SparseMatEntry::new(A[i].0, A[i].1, A[i].2))
@@ -166,8 +166,8 @@ impl R1CSInstance {
let mut rng = ark_std::rand::thread_rng(); let mut rng = ark_std::rand::thread_rng();
// assert num_cons and num_vars are power of 2 // assert num_cons and num_vars are power of 2
assert_eq!((num_cons.log2() as usize).pow2(), num_cons); assert_eq!((num_cons.log_2() as usize).pow2(), num_cons);
assert_eq!((num_vars.log2() as usize).pow2(), num_vars); assert_eq!((num_vars.log_2() as usize).pow2(), num_vars);
// num_inputs + 1 <= num_vars // num_inputs + 1 <= num_vars
assert!(num_inputs < num_vars); assert!(num_inputs < num_vars);
@@ -214,8 +214,8 @@ impl R1CSInstance {
Timer::print(&format!("number_non-zero_entries_B {}", B.len())); Timer::print(&format!("number_non-zero_entries_B {}", B.len()));
Timer::print(&format!("number_non-zero_entries_C {}", C.len())); Timer::print(&format!("number_non-zero_entries_C {}", C.len()));
let num_poly_vars_x = num_cons.log2() as usize; let num_poly_vars_x = num_cons.log_2() as usize;
let num_poly_vars_y = (2 * num_vars).log2() as usize; let num_poly_vars_y = (2 * num_vars).log_2() as usize;
let poly_A = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, A); let poly_A = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, A);
let poly_B = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, B); let poly_B = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, B);
let poly_C = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, C); let poly_C = SparseMatPolynomial::new(num_poly_vars_x, num_poly_vars_y, C);

33
src/r1csproof.rs
View File

@@ -10,6 +10,7 @@ use super::errors::ProofVerifyError;
use super::group::{ use super::group::{
CompressGroupElement, DecompressGroupElement, GroupElement, VartimeMultiscalarMul, CompressGroupElement, DecompressGroupElement, GroupElement, VartimeMultiscalarMul,
}; };
use super::math::Math;
use super::nizk::{EqualityProof, KnowledgeProof, ProductProof}; use super::nizk::{EqualityProof, KnowledgeProof, ProductProof};
use super::r1csinstance::R1CSInstance; use super::r1csinstance::R1CSInstance;
use super::random::RandomTape; use super::random::RandomTape;
@@ -65,7 +66,7 @@ pub struct R1CSGens {
impl R1CSGens { impl R1CSGens {
pub fn new(label: &'static [u8], _num_cons: usize, num_vars: usize) -> Self { pub fn new(label: &'static [u8], _num_cons: usize, num_vars: usize) -> Self {
let num_poly_vars = num_vars.log2() as usize; let num_poly_vars = num_vars.log_2() as usize;
let gens_pc = PolyCommitmentGens::new(num_poly_vars, label); let gens_pc = PolyCommitmentGens::new(num_poly_vars, label);
let gens_sc = R1CSSumcheckGens::new(label, &gens_pc.gens.gens_1); let gens_sc = R1CSSumcheckGens::new(label, &gens_pc.gens.gens_1);
R1CSGens { gens_sc, gens_pc } R1CSGens { gens_sc, gens_pc }
@@ -154,8 +155,10 @@ impl R1CSProof {
}; };
// derive the verifier's challenge tau // derive the verifier's challenge tau
let (num_rounds_x, num_rounds_y) = let (num_rounds_x, num_rounds_y) = (
(inst.get_num_cons().log2() as usize, z.len().log2() as usize); inst.get_num_cons().log_2() as usize,
z.len().log_2() as usize,
);
let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x); let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x);
// compute the initial evaluation table for R(\tau, x) // compute the initial evaluation table for R(\tau, x)
let mut poly_tau = DensePolynomial::new(EqPolynomial::new(tau).evals()); let mut poly_tau = DensePolynomial::new(EqPolynomial::new(tau).evals());
@@ -247,7 +250,7 @@ impl R1CSProof {
let n = num_vars; let n = num_vars;
let (num_rounds_x, num_rounds_y) = (num_cons.log2() as usize, (2 * num_vars).log2() as usize); let (num_rounds_x, num_rounds_y) = (num_cons.log_2() as usize, (2 * num_vars).log_2() as usize);
// derive the verifier's challenge tau // derive the verifier's challenge tau
let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x); let tau = transcript.challenge_vector(b"challenge_tau", num_rounds_x);
@@ -278,30 +281,10 @@ impl R1CSProof {
let claim_phase2 = r_A * Az_claim + r_B * Bz_claim + r_C * Cz_claim; let claim_phase2 = r_A * Az_claim + r_B * Bz_claim + r_C * Cz_claim;
// verify the joint claim with a sum-check protocol // verify the joint claim with a sum-check protocol
<<<<<<< HEAD
let (claim_post_phase2, ry) = let (claim_post_phase2, ry) =
self self
.sc_proof_phase2 .sc_proof_phase2
.verify(claim_phase2, num_rounds_y, 2, transcript)?; .verify(claim_phase2, num_rounds_y, 2, transcript)?;
=======
let (comm_claim_post_phase2, ry) = self.sc_proof_phase2.verify(
&comm_claim_phase2,
num_rounds_y,
2,
&gens.gens_sc.gens_1,
&gens.gens_sc.gens_3,
transcript,
)?;
// verify Z(ry) proof against the initial commitment
self.proof_eval_vars_at_ry.verify(
&gens.gens_pc,
transcript,
&ry[1..],
&self.comm_vars_at_ry,
&self.comm_vars,
)?;
>>>>>>> clippy fixes (#50)
let poly_input_eval = { let poly_input_eval = {
// constant term // constant term
@@ -312,7 +295,7 @@ impl R1CSProof {
.map(|i| SparsePolyEntry::new(i + 1, input[i])) .map(|i| SparsePolyEntry::new(i + 1, input[i]))
.collect::<Vec<SparsePolyEntry>>(), .collect::<Vec<SparsePolyEntry>>(),
); );
SparsePolynomial::new(n.log2() as usize, input_as_sparse_poly_entries).evaluate(&ry[1..]) SparsePolynomial::new(n.log_2() as usize, input_as_sparse_poly_entries).evaluate(&ry[1..])
}; };
let eval_Z_at_ry = (Scalar::one() - ry[0]) * self.eval_vars_at_ry + ry[0] * poly_input_eval; let eval_Z_at_ry = (Scalar::one() - ry[0]) * self.eval_vars_at_ry + ry[0] * poly_input_eval;

26
src/sparse_mlpoly.rs
View File

@@ -92,7 +92,7 @@ impl DerefsEvalProof {
) -> PolyEvalProof { ) -> PolyEvalProof {
assert_eq!( assert_eq!(
joint_poly.get_num_vars(), joint_poly.get_num_vars(),
r.len() + evals.len().log2() as usize r.len() + evals.len().log_2() as usize
); );
// append the claimed evaluations to transcript // append the claimed evaluations to transcript
@@ -101,7 +101,7 @@ impl DerefsEvalProof {
// n-to-1 reduction // n-to-1 reduction
let (r_joint, eval_joint) = { let (r_joint, eval_joint) = {
let challenges = let challenges =
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log2() as usize); transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log_2() as usize);
let mut poly_evals = DensePolynomial::new(evals); let mut poly_evals = DensePolynomial::new(evals);
for i in (0..challenges.len()).rev() { for i in (0..challenges.len()).rev() {
poly_evals.bound_poly_var_bot(&challenges[i]); poly_evals.bound_poly_var_bot(&challenges[i]);
@@ -167,7 +167,7 @@ impl DerefsEvalProof {
// n-to-1 reduction // n-to-1 reduction
let challenges = let challenges =
transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log2() as usize); transcript.challenge_vector(b"challenge_combine_n_to_one", evals.len().log_2() as usize);
let mut poly_evals = DensePolynomial::new(evals); let mut poly_evals = DensePolynomial::new(evals);
for i in (0..challenges.len()).rev() { for i in (0..challenges.len()).rev() {
poly_evals.bound_poly_var_bot(&challenges[i]); poly_evals.bound_poly_var_bot(&challenges[i]);
@@ -301,15 +301,15 @@ impl SparseMatPolyCommitmentGens {
num_nz_entries: usize, num_nz_entries: usize,
batch_size: usize, batch_size: usize,
) -> SparseMatPolyCommitmentGens { ) -> SparseMatPolyCommitmentGens {
let num_vars_ops = num_nz_entries.next_power_of_two().log2() as usize let num_vars_ops = num_nz_entries.next_power_of_two().log_2() as usize
+ (batch_size * 5).next_power_of_two().log2() as usize; + (batch_size * 5).next_power_of_two().log_2() as usize;
let num_vars_mem = if num_vars_x > num_vars_y { let num_vars_mem = if num_vars_x > num_vars_y {
num_vars_x num_vars_x
} else { } else {
num_vars_y num_vars_y
} + 1; } + 1;
let num_vars_derefs = num_nz_entries.next_power_of_two().log2() as usize let num_vars_derefs = num_nz_entries.next_power_of_two().log_2() as usize
+ (batch_size * 2).next_power_of_two().log2() as usize; + (batch_size * 2).next_power_of_two().log_2() as usize;
let gens_ops = PolyCommitmentGens::new(num_vars_ops, label); let gens_ops = PolyCommitmentGens::new(num_vars_ops, label);
let gens_mem = PolyCommitmentGens::new(num_vars_mem, label); let gens_mem = PolyCommitmentGens::new(num_vars_mem, label);
@@ -781,7 +781,7 @@ impl HashLayerProof {
evals_ops.append_to_transcript(b"claim_evals_ops", transcript); evals_ops.append_to_transcript(b"claim_evals_ops", transcript);
let challenges_ops = transcript.challenge_vector( let challenges_ops = transcript.challenge_vector(
b"challenge_combine_n_to_one", b"challenge_combine_n_to_one",
evals_ops.len().log2() as usize, evals_ops.len().log_2() as usize,
); );
let mut poly_evals_ops = DensePolynomial::new(evals_ops); let mut poly_evals_ops = DensePolynomial::new(evals_ops);
@@ -810,7 +810,7 @@ impl HashLayerProof {
evals_mem.append_to_transcript(b"claim_evals_mem", transcript); evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
let challenges_mem = transcript.challenge_vector( let challenges_mem = transcript.challenge_vector(
b"challenge_combine_two_to_one", b"challenge_combine_two_to_one",
evals_mem.len().log2() as usize, evals_mem.len().log_2() as usize,
); );
let mut poly_evals_mem = DensePolynomial::new(evals_mem); let mut poly_evals_mem = DensePolynomial::new(evals_mem);
@@ -955,7 +955,7 @@ impl HashLayerProof {
evals_ops.append_to_transcript(b"claim_evals_ops", transcript); evals_ops.append_to_transcript(b"claim_evals_ops", transcript);
let challenges_ops = transcript.challenge_vector( let challenges_ops = transcript.challenge_vector(
b"challenge_combine_n_to_one", b"challenge_combine_n_to_one",
evals_ops.len().log2() as usize, evals_ops.len().log_2() as usize,
); );
let mut poly_evals_ops = DensePolynomial::new(evals_ops); let mut poly_evals_ops = DensePolynomial::new(evals_ops);
@@ -981,7 +981,7 @@ impl HashLayerProof {
evals_mem.append_to_transcript(b"claim_evals_mem", transcript); evals_mem.append_to_transcript(b"claim_evals_mem", transcript);
let challenges_mem = transcript.challenge_vector( let challenges_mem = transcript.challenge_vector(
b"challenge_combine_two_to_one", b"challenge_combine_two_to_one",
evals_mem.len().log2() as usize, evals_mem.len().log_2() as usize,
); );
let mut poly_evals_mem = DensePolynomial::new(evals_mem); let mut poly_evals_mem = DensePolynomial::new(evals_mem);
@@ -1632,8 +1632,8 @@ use rand::RngCore;
let num_nz_entries: usize = 256; let num_nz_entries: usize = 256;
let num_rows: usize = 256; let num_rows: usize = 256;
let num_cols: usize = 256; let num_cols: usize = 256;
let num_vars_x: usize = num_rows.log2() as usize; let num_vars_x: usize = num_rows.log_2() as usize;
let num_vars_y: usize = num_cols.log2() as usize; let num_vars_y: usize = num_cols.log_2() as usize;
let mut M: Vec<SparseMatEntry> = Vec::new(); let mut M: Vec<SparseMatEntry> = Vec::new();