arnaucube
/
testudo
mirror of https://github.com/arnaucube/testudo.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

introduce a separate type RandomTape atop Transcript (#13)

master
Srinath Setty 4 years ago
parent
456970e710
commit
958e9450db
12 changed files with 99 additions and 146 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -12
      benches/polycommit.rs
  2. +3
    -12
      benches/r1csproof.rs
  3. +3
    -13
      benches/sumcheck.rs
  4. +5
    -11
      src/dense_mlpoly.rs
  5. +1
    -0
      src/lib.rs
  6. +27
    -51
      src/nizk.rs
  7. +2
    -1
      src/r1csinstance.rs
  8. +10
    -14
      src/r1csproof.rs
  9. +28
    -0
      src/random.rs
  10. +7
    -11
      src/sparse_mlpoly.rs
  11. +3
    -15
      src/spartan.rs
  12. +7
    -6
      src/sumcheck.rs

+ 3
- 12
benches/polycommit.rs
View File

@ -10,6 +10,7 @@ extern crate sha3;
use criterion::*; use criterion::*;
use libspartan::dense_mlpoly::{DensePolynomial, PolyCommitmentGens, PolyEvalProof}; use libspartan::dense_mlpoly::{DensePolynomial, PolyCommitmentGens, PolyEvalProof};
use libspartan::math::Math; use libspartan::math::Math;
use libspartan::random::RandomTape;
use libspartan::scalar::Scalar; use libspartan::scalar::Scalar;
use libspartan::transcript::ProofTranscript; use libspartan::transcript::ProofTranscript;
use merlin::Transcript; use merlin::Transcript;
@ -101,12 +102,7 @@ fn evalproof_benchmark(c: &mut Criterion) {
let name = format!("polycommit_evalproof_{}", n); let name = format!("polycommit_evalproof_{}", n);
group.bench_function(&name, move |b| { group.bench_function(&name, move |b| {
b.iter(|| { b.iter(|| {
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
PolyEvalProof::prove( PolyEvalProof::prove(
black_box(&poly), black_box(&poly),
@ -151,12 +147,7 @@ fn evalproofverify_benchmark(c: &mut Criterion) {
let (poly_commitment, blinds) = poly.commit(false, &gens, None); let (poly_commitment, blinds) = poly.commit(false, &gens, None);
let eval = poly.evaluate(&r); let eval = poly.evaluate(&r);
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, c_zr) = PolyEvalProof::prove( let (proof, c_zr) = PolyEvalProof::prove(
black_box(&poly), black_box(&poly),

+ 3
- 12
benches/r1csproof.rs
View File

@ -11,6 +11,7 @@ use libspartan::dense_mlpoly::EqPolynomial;
use libspartan::math::Math; use libspartan::math::Math;
use libspartan::r1csinstance::R1CSInstance; use libspartan::r1csinstance::R1CSInstance;
use libspartan::r1csproof::{R1CSGens, R1CSProof}; use libspartan::r1csproof::{R1CSGens, R1CSProof};
use libspartan::random::RandomTape;
use libspartan::scalar::Scalar; use libspartan::scalar::Scalar;
use libspartan::transcript::ProofTranscript; use libspartan::transcript::ProofTranscript;
use merlin::Transcript; use merlin::Transcript;
@ -35,12 +36,7 @@ fn prove_benchmark(c: &mut Criterion) {
let name = format!("r1cs_prove_{}", n); let name = format!("r1cs_prove_{}", n);
group.bench_function(&name, move |b| { group.bench_function(&name, move |b| {
b.iter(|| { b.iter(|| {
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
R1CSProof::prove( R1CSProof::prove(
black_box(&inst), black_box(&inst),
@ -69,12 +65,7 @@ fn verify_benchmark(c: &mut Criterion) {
let n = inst.get_num_vars(); let n = inst.get_num_vars();
let gens = R1CSGens::new(num_cons, num_vars, b"test-m"); let gens = R1CSGens::new(num_cons, num_vars, b"test-m");
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, rx, ry) = R1CSProof::prove( let (proof, rx, ry) = R1CSProof::prove(
&inst, &inst,

+ 3
- 13
benches/sumcheck.rs
View File

@ -14,6 +14,7 @@ use libspartan::commitments::MultiCommitGens;
use libspartan::dense_mlpoly::DensePolynomial; use libspartan::dense_mlpoly::DensePolynomial;
use libspartan::math::Math; use libspartan::math::Math;
use libspartan::nizk::DotProductProof; use libspartan::nizk::DotProductProof;
use libspartan::random::RandomTape;
use libspartan::scalar::Scalar; use libspartan::scalar::Scalar;
use libspartan::sumcheck::ZKSumcheckInstanceProof; use libspartan::sumcheck::ZKSumcheckInstanceProof;
use libspartan::transcript::ProofTranscript; use libspartan::transcript::ProofTranscript;
@ -53,12 +54,7 @@ fn prove_benchmark(c: &mut Criterion) {
let name = format!("zksumcheck_prove_{}", n); let name = format!("zksumcheck_prove_{}", n);
group.bench_function(&name, move |b| { group.bench_function(&name, move |b| {
b.iter(|| { b.iter(|| {
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
ZKSumcheckInstanceProof::prove_quad( ZKSumcheckInstanceProof::prove_quad(
black_box(&claim), black_box(&claim),
@ -105,13 +101,7 @@ fn verify_benchmark(c: &mut Criterion) {
let comb_func = let comb_func =
|poly_A_comp: &Scalar, poly_B_comp: &Scalar| -> Scalar { poly_A_comp * poly_B_comp }; |poly_A_comp: &Scalar, poly_B_comp: &Scalar| -> Scalar { poly_A_comp * poly_B_comp };
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, _r, _v, _blind_post_claim) = ZKSumcheckInstanceProof::prove_quad( let (proof, _r, _v, _blind_post_claim) = ZKSumcheckInstanceProof::prove_quad(
&claim, &claim,

+ 5
- 11
src/dense_mlpoly.rs
View File

@ -3,6 +3,7 @@ use super::errors::ProofVerifyError;
use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul}; use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul};
use super::math::Math; use super::math::Math;
use super::nizk::{DotProductProofGens, DotProductProofLog}; use super::nizk::{DotProductProofGens, DotProductProofLog};
use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::transcript::{AppendToTranscript, ProofTranscript}; use super::transcript::{AppendToTranscript, ProofTranscript};
use core::ops::Index; use core::ops::Index;
@ -230,7 +231,7 @@ impl DensePolynomial {
&self, &self,
hiding: bool, hiding: bool,
gens: &PolyCommitmentGens, gens: &PolyCommitmentGens,
random_tape: Option<&mut Transcript>,
random_tape: Option<&mut RandomTape>,
) -> (PolyCommitment, PolyCommitmentBlinds) { ) -> (PolyCommitment, PolyCommitmentBlinds) {
let n = self.Z.len(); let n = self.Z.len();
let ell = self.get_num_vars(); let ell = self.get_num_vars();
@ -243,9 +244,7 @@ impl DensePolynomial {
let blinds = match hiding { let blinds = match hiding {
true => PolyCommitmentBlinds { true => PolyCommitmentBlinds {
blinds: random_tape
.unwrap()
.challenge_vector(b"poly_blinds", L_size),
blinds: random_tape.unwrap().random_vector(b"poly_blinds", L_size),
}, },
false => PolyCommitmentBlinds { false => PolyCommitmentBlinds {
blinds: vec![Scalar::zero(); L_size], blinds: vec![Scalar::zero(); L_size],
@ -380,7 +379,7 @@ impl PolyEvalProof {
blind_Zr_opt: Option<&Scalar>, // specifies a blind for Zr blind_Zr_opt: Option<&Scalar>, // specifies a blind for Zr
gens: &PolyCommitmentGens, gens: &PolyCommitmentGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> (PolyEvalProof, CompressedGroup) { ) -> (PolyEvalProof, CompressedGroup) {
transcript.append_protocol_name(PolyEvalProof::protocol_name()); transcript.append_protocol_name(PolyEvalProof::protocol_name());
@ -714,12 +713,7 @@ mod tests {
let gens = PolyCommitmentGens::new(poly.get_num_vars(), b"test-two"); let gens = PolyCommitmentGens::new(poly.get_num_vars(), b"test-two");
let (poly_commitment, blinds) = poly.commit(false, &gens, None); let (poly_commitment, blinds) = poly.commit(false, &gens, None);
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, C_Zr) = PolyEvalProof::prove( let (proof, C_Zr) = PolyEvalProof::prove(
&poly, &poly,

+ 1
- 0
src/lib.rs
View File

@ -21,6 +21,7 @@ pub mod nizk;
mod product_tree; mod product_tree;
pub mod r1csinstance; pub mod r1csinstance;
pub mod r1csproof; pub mod r1csproof;
pub mod random;
pub mod scalar; pub mod scalar;
mod scalar_25519; mod scalar_25519;
pub mod sparse_mlpoly; pub mod sparse_mlpoly;

+ 27
- 51
src/nizk.rs
View File

@ -3,6 +3,7 @@ use super::commitments::{Commitments, MultiCommitGens};
use super::errors::ProofVerifyError; use super::errors::ProofVerifyError;
use super::group::CompressedGroup; use super::group::CompressedGroup;
use super::math::Math; use super::math::Math;
use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::transcript::{AppendToTranscript, ProofTranscript}; use super::transcript::{AppendToTranscript, ProofTranscript};
use merlin::Transcript; use merlin::Transcript;
@ -23,15 +24,15 @@ impl KnowledgeProof {
pub fn prove( pub fn prove(
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
x: &Scalar, x: &Scalar,
r: &Scalar, r: &Scalar,
) -> (KnowledgeProof, CompressedGroup) { ) -> (KnowledgeProof, CompressedGroup) {
transcript.append_protocol_name(KnowledgeProof::protocol_name()); transcript.append_protocol_name(KnowledgeProof::protocol_name());
// produce two random Scalars // produce two random Scalars
let t1 = random_tape.challenge_scalar(b"t1");
let t2 = random_tape.challenge_scalar(b"t2");
let t1 = random_tape.random_scalar(b"t1");
let t2 = random_tape.random_scalar(b"t2");
let C = x.commit(&r, gens_n).compress(); let C = x.commit(&r, gens_n).compress();
C.append_to_transcript(b"C", transcript); C.append_to_transcript(b"C", transcript);
@ -89,7 +90,7 @@ impl EqualityProof {
pub fn prove( pub fn prove(
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
v1: &Scalar, v1: &Scalar,
s1: &Scalar, s1: &Scalar,
v2: &Scalar, v2: &Scalar,
@ -98,7 +99,7 @@ impl EqualityProof {
transcript.append_protocol_name(EqualityProof::protocol_name()); transcript.append_protocol_name(EqualityProof::protocol_name());
// produce a random Scalar // produce a random Scalar
let r = random_tape.challenge_scalar(b"r");
let r = random_tape.random_scalar(b"r");
let C1 = v1.commit(&s1, gens_n).compress(); let C1 = v1.commit(&s1, gens_n).compress();
C1.append_to_transcript(b"C1", transcript); C1.append_to_transcript(b"C1", transcript);
@ -160,7 +161,7 @@ impl ProductProof {
pub fn prove( pub fn prove(
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
x: &Scalar, x: &Scalar,
rX: &Scalar, rX: &Scalar,
y: &Scalar, y: &Scalar,
@ -176,11 +177,11 @@ impl ProductProof {
transcript.append_protocol_name(ProductProof::protocol_name()); transcript.append_protocol_name(ProductProof::protocol_name());
// produce five random Scalar // produce five random Scalar
let b1 = random_tape.challenge_scalar(b"b1");
let b2 = random_tape.challenge_scalar(b"b2");
let b3 = random_tape.challenge_scalar(b"b3");
let b4 = random_tape.challenge_scalar(b"b4");
let b5 = random_tape.challenge_scalar(b"b5");
let b1 = random_tape.random_scalar(b"b1");
let b2 = random_tape.random_scalar(b"b2");
let b3 = random_tape.random_scalar(b"b3");
let b4 = random_tape.random_scalar(b"b4");
let b5 = random_tape.random_scalar(b"b5");
let X = x.commit(&rX, gens_n).compress(); let X = x.commit(&rX, gens_n).compress();
X.append_to_transcript(b"X", transcript); X.append_to_transcript(b"X", transcript);
@ -317,7 +318,7 @@ impl DotProductProof {
gens_1: &MultiCommitGens, gens_1: &MultiCommitGens,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
x: &Vec<Scalar>, x: &Vec<Scalar>,
r_x: &Scalar, r_x: &Scalar,
a: &Vec<Scalar>, a: &Vec<Scalar>,
@ -332,9 +333,9 @@ impl DotProductProof {
assert_eq!(gens_1.n, 1); assert_eq!(gens_1.n, 1);
// produce randomness for the proofs // produce randomness for the proofs
let d = random_tape.challenge_vector(b"d", n);
let r_delta = random_tape.challenge_scalar(b"r_delta");
let r_beta = random_tape.challenge_scalar(b"r_beta");
let d = random_tape.random_vector(b"d", n);
let r_delta = random_tape.random_scalar(b"r_delta");
let r_beta = random_tape.random_scalar(b"r_beta");
let Cx = x.commit(&r_x, gens_n).compress(); let Cx = x.commit(&r_x, gens_n).compress();
Cx.append_to_transcript(b"Cx", transcript); Cx.append_to_transcript(b"Cx", transcript);
@ -442,7 +443,7 @@ impl DotProductProofLog {
pub fn prove( pub fn prove(
gens: &DotProductProofGens, gens: &DotProductProofGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
x: &Vec<Scalar>, x: &Vec<Scalar>,
r_x: &Scalar, r_x: &Scalar,
a: &Vec<Scalar>, a: &Vec<Scalar>,
@ -456,12 +457,12 @@ impl DotProductProofLog {
assert_eq!(gens.n, n); assert_eq!(gens.n, n);
// produce randomness for generating a proof // produce randomness for generating a proof
let d = random_tape.challenge_scalar(b"d");
let r_delta = random_tape.challenge_scalar(b"r_delta");
let r_beta = random_tape.challenge_scalar(b"r_delta");
let d = random_tape.random_scalar(b"d");
let r_delta = random_tape.random_scalar(b"r_delta");
let r_beta = random_tape.random_scalar(b"r_delta");
let blinds_vec = { let blinds_vec = {
let v1 = random_tape.challenge_vector(b"blinds_vec_1", 2 * n.log2());
let v2 = random_tape.challenge_vector(b"blinds_vec_2", 2 * n.log2());
let v1 = random_tape.random_vector(b"blinds_vec_1", 2 * n.log2());
let v2 = random_tape.random_vector(b"blinds_vec_2", 2 * n.log2());
(0..v1.len()) (0..v1.len())
.map(|i| (v1[i], v2[i])) .map(|i| (v1[i], v2[i]))
.collect::<Vec<(Scalar, Scalar)>>() .collect::<Vec<(Scalar, Scalar)>>()
@ -579,12 +580,7 @@ mod tests {
let x = Scalar::random(&mut csprng); let x = Scalar::random(&mut csprng);
let r = Scalar::random(&mut csprng); let r = Scalar::random(&mut csprng);
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, committed_value) = let (proof, committed_value) =
KnowledgeProof::prove(&gens_1, &mut prover_transcript, &mut random_tape, &x, &r); KnowledgeProof::prove(&gens_1, &mut prover_transcript, &mut random_tape, &x, &r);
@ -605,12 +601,7 @@ mod tests {
let s1 = Scalar::random(&mut csprng); let s1 = Scalar::random(&mut csprng);
let s2 = Scalar::random(&mut csprng); let s2 = Scalar::random(&mut csprng);
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, C1, C2) = EqualityProof::prove( let (proof, C1, C2) = EqualityProof::prove(
&gens_1, &gens_1,
@ -640,12 +631,7 @@ mod tests {
let z = x * y; let z = x * y;
let rZ = Scalar::random(&mut csprng); let rZ = Scalar::random(&mut csprng);
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, X, Y, Z) = ProductProof::prove( let (proof, X, Y, Z) = ProductProof::prove(
&gens_1, &gens_1,
@ -684,12 +670,7 @@ mod tests {
let r_x = Scalar::random(&mut csprng); let r_x = Scalar::random(&mut csprng);
let r_y = Scalar::random(&mut csprng); let r_y = Scalar::random(&mut csprng);
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, Cx, Cy) = DotProductProof::prove( let (proof, Cx, Cy) = DotProductProof::prove(
&gens_1, &gens_1,
@ -724,12 +705,7 @@ mod tests {
let r_x = Scalar::random(&mut csprng); let r_x = Scalar::random(&mut csprng);
let r_y = Scalar::random(&mut csprng); let r_y = Scalar::random(&mut csprng);
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, Cx, Cy) = DotProductProofLog::prove( let (proof, Cx, Cy) = DotProductProofLog::prove(
&gens, &gens,

+ 2
- 1
src/r1csinstance.rs
View File

@ -1,6 +1,7 @@
use super::dense_mlpoly::DensePolynomial; use super::dense_mlpoly::DensePolynomial;
use super::errors::ProofVerifyError; use super::errors::ProofVerifyError;
use super::math::Math; use super::math::Math;
use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::sparse_mlpoly::{ use super::sparse_mlpoly::{
MultiSparseMatPolynomialAsDense, SparseMatEntry, SparseMatPolyCommitment, MultiSparseMatPolynomialAsDense, SparseMatEntry, SparseMatPolyCommitment,
@ -307,7 +308,7 @@ impl R1CSEvalProof {
evals: &R1CSInstanceEvals, evals: &R1CSInstanceEvals,
gens: &R1CSCommitmentGens, gens: &R1CSCommitmentGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> R1CSEvalProof { ) -> R1CSEvalProof {
let timer = Timer::new("R1CSEvalProof::prove"); let timer = Timer::new("R1CSEvalProof::prove");
let proof = SparseMatPolyEvalProof::prove( let proof = SparseMatPolyEvalProof::prove(

+ 10
- 14
src/r1csproof.rs
View File

@ -7,6 +7,7 @@ use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul};
use super::math::Math; use super::math::Math;
use super::nizk::{EqualityProof, KnowledgeProof, ProductProof}; use super::nizk::{EqualityProof, KnowledgeProof, ProductProof};
use super::r1csinstance::{R1CSInstance, R1CSInstanceEvals}; use super::r1csinstance::{R1CSInstance, R1CSInstanceEvals};
use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::sparse_mlpoly::{SparsePolyEntry, SparsePolynomial}; use super::sparse_mlpoly::{SparsePolyEntry, SparsePolynomial};
use super::sumcheck::ZKSumcheckInstanceProof; use super::sumcheck::ZKSumcheckInstanceProof;
@ -81,7 +82,7 @@ impl R1CSProof {
evals_Cz: &mut DensePolynomial, evals_Cz: &mut DensePolynomial,
gens: &R1CSSumcheckGens, gens: &R1CSSumcheckGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> (ZKSumcheckInstanceProof, Vec<Scalar>, Vec<Scalar>, Scalar) { ) -> (ZKSumcheckInstanceProof, Vec<Scalar>, Vec<Scalar>, Scalar) {
let comb_func = |poly_A_comp: &Scalar, let comb_func = |poly_A_comp: &Scalar,
poly_B_comp: &Scalar, poly_B_comp: &Scalar,
@ -116,7 +117,7 @@ impl R1CSProof {
evals_ABC: &mut DensePolynomial, evals_ABC: &mut DensePolynomial,
gens: &R1CSSumcheckGens, gens: &R1CSSumcheckGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> (ZKSumcheckInstanceProof, Vec<Scalar>, Vec<Scalar>, Scalar) { ) -> (ZKSumcheckInstanceProof, Vec<Scalar>, Vec<Scalar>, Scalar) {
let comb_func = let comb_func =
|poly_A_comp: &Scalar, poly_B_comp: &Scalar| -> Scalar { poly_A_comp * poly_B_comp }; |poly_A_comp: &Scalar, poly_B_comp: &Scalar| -> Scalar { poly_A_comp * poly_B_comp };
@ -146,7 +147,7 @@ impl R1CSProof {
input: &Vec<Scalar>, input: &Vec<Scalar>,
gens: &R1CSGens, gens: &R1CSGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> (R1CSProof, Vec<Scalar>, Vec<Scalar>) { ) -> (R1CSProof, Vec<Scalar>, Vec<Scalar>) {
let timer_prove = Timer::new("R1CSProof::prove"); let timer_prove = Timer::new("R1CSProof::prove");
transcript.append_protocol_name(R1CSProof::protocol_name()); transcript.append_protocol_name(R1CSProof::protocol_name());
@ -208,10 +209,10 @@ impl R1CSProof {
let (tau_claim, Az_claim, Bz_claim, Cz_claim) = let (tau_claim, Az_claim, Bz_claim, Cz_claim) =
(&poly_tau[0], &poly_Az[0], &poly_Bz[0], &poly_Cz[0]); (&poly_tau[0], &poly_Az[0], &poly_Bz[0], &poly_Cz[0]);
let (Az_blind, Bz_blind, Cz_blind, prod_Az_Bz_blind) = ( let (Az_blind, Bz_blind, Cz_blind, prod_Az_Bz_blind) = (
random_tape.challenge_scalar(b"Az_blind"),
random_tape.challenge_scalar(b"Bz_blind"),
random_tape.challenge_scalar(b"Cz_blind"),
random_tape.challenge_scalar(b"prod_Az_Bz_blind"),
random_tape.random_scalar(b"Az_blind"),
random_tape.random_scalar(b"Bz_blind"),
random_tape.random_scalar(b"Cz_blind"),
random_tape.random_scalar(b"prod_Az_Bz_blind"),
); );
let (pok_Cz_claim, comm_Cz_claim) = { let (pok_Cz_claim, comm_Cz_claim) = {
@ -294,7 +295,7 @@ impl R1CSProof {
let timer_polyeval = Timer::new("polyeval"); let timer_polyeval = Timer::new("polyeval");
let eval_vars_at_ry = poly_vars.evaluate(&ry[1..].to_vec()); let eval_vars_at_ry = poly_vars.evaluate(&ry[1..].to_vec());
let blind_eval = random_tape.challenge_scalar(b"blind_eval");
let blind_eval = random_tape.random_scalar(b"blind_eval");
let (proof_eval_vars_at_ry, comm_vars_at_ry) = PolyEvalProof::prove( let (proof_eval_vars_at_ry, comm_vars_at_ry) = PolyEvalProof::prove(
&poly_vars, &poly_vars,
Some(&blinds_vars), Some(&blinds_vars),
@ -597,12 +598,7 @@ mod tests {
let gens = R1CSGens::new(num_cons, num_vars, b"test-m"); let gens = R1CSGens::new(num_cons, num_vars, b"test-m");
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let (proof, rx, ry) = R1CSProof::prove( let (proof, rx, ry) = R1CSProof::prove(
&inst, &inst,

+ 28
- 0
src/random.rs
View File

@ -0,0 +1,28 @@
use super::scalar::Scalar;
use super::transcript::ProofTranscript;
use merlin::Transcript;
use rand::rngs::OsRng;
pub struct RandomTape {
tape: Transcript,
}
impl RandomTape {
pub fn new(name: &'static [u8]) -> Self {
let tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(name);
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
Self { tape }
}
pub fn random_scalar(&mut self, label: &'static [u8]) -> Scalar {
self.tape.challenge_scalar(label)
}
pub fn random_vector(&mut self, label: &'static [u8], len: usize) -> Vec<Scalar> {
self.tape.challenge_vector(label, len)
}
}

+ 7
- 11
src/sparse_mlpoly.rs
View File

@ -5,6 +5,7 @@ use super::dense_mlpoly::{
use super::errors::ProofVerifyError; use super::errors::ProofVerifyError;
use super::math::Math; use super::math::Math;
use super::product_tree::{DotProductCircuit, ProductCircuit, ProductCircuitEvalProofBatched}; use super::product_tree::{DotProductCircuit, ProductCircuit, ProductCircuitEvalProofBatched};
use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::timer::Timer; use super::timer::Timer;
use super::transcript::{AppendToTranscript, ProofTranscript}; use super::transcript::{AppendToTranscript, ProofTranscript};
@ -78,7 +79,7 @@ impl DerefsEvalProof {
evals: Vec<Scalar>, evals: Vec<Scalar>,
gens: &PolyCommitmentGens, gens: &PolyCommitmentGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> PolyEvalProof { ) -> PolyEvalProof {
assert_eq!(joint_poly.get_num_vars(), r.len() + evals.len().log2()); assert_eq!(joint_poly.get_num_vars(), r.len() + evals.len().log2());
@ -122,7 +123,7 @@ impl DerefsEvalProof {
r: &Vec<Scalar>, r: &Vec<Scalar>,
gens: &PolyCommitmentGens, gens: &PolyCommitmentGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> Self { ) -> Self {
transcript.append_protocol_name(DerefsEvalProof::protocol_name()); transcript.append_protocol_name(DerefsEvalProof::protocol_name());
@ -752,7 +753,7 @@ impl HashLayerProof {
derefs: &Derefs, derefs: &Derefs,
gens: &SparseMatPolyCommitmentGens, gens: &SparseMatPolyCommitmentGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> Self { ) -> Self {
transcript.append_protocol_name(HashLayerProof::protocol_name()); transcript.append_protocol_name(HashLayerProof::protocol_name());
@ -1361,7 +1362,7 @@ impl PolyEvalNetworkProof {
evals: &Vec<Scalar>, evals: &Vec<Scalar>,
gens: &SparseMatPolyCommitmentGens, gens: &SparseMatPolyCommitmentGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> Self { ) -> Self {
transcript.append_protocol_name(PolyEvalNetworkProof::protocol_name()); transcript.append_protocol_name(PolyEvalNetworkProof::protocol_name());
@ -1493,7 +1494,7 @@ impl SparseMatPolyEvalProof {
evals: &Vec<Scalar>, // a vector evaluation of \widetilde{M}(r = (rx,ry)) for each M evals: &Vec<Scalar>, // a vector evaluation of \widetilde{M}(r = (rx,ry)) for each M
gens: &SparseMatPolyCommitmentGens, gens: &SparseMatPolyCommitmentGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> SparseMatPolyEvalProof { ) -> SparseMatPolyEvalProof {
transcript.append_protocol_name(SparseMatPolyEvalProof::protocol_name()); transcript.append_protocol_name(SparseMatPolyEvalProof::protocol_name());
@ -1689,12 +1690,7 @@ mod tests {
let eval = poly_M.evaluate(&rx, &ry); let eval = poly_M.evaluate(&rx, &ry);
let evals = vec![eval, eval, eval]; let evals = vec![eval, eval, eval];
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"proof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
let mut prover_transcript = Transcript::new(b"example"); let mut prover_transcript = Transcript::new(b"example");
let proof = SparseMatPolyEvalProof::prove( let proof = SparseMatPolyEvalProof::prove(
&dense, &dense,

+ 3
- 15
src/spartan.rs
View File

@ -5,11 +5,11 @@ use super::r1csinstance::{
R1CSInstanceEvals, R1CSInstanceEvals,
}; };
use super::r1csproof::{R1CSGens, R1CSProof}; use super::r1csproof::{R1CSGens, R1CSProof};
use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::timer::Timer; use super::timer::Timer;
use super::transcript::{AppendToTranscript, ProofTranscript}; use super::transcript::{AppendToTranscript, ProofTranscript};
use merlin::Transcript; use merlin::Transcript;
use rand::rngs::OsRng;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
pub struct SNARKGens { pub struct SNARKGens {
@ -57,13 +57,7 @@ impl SNARK {
) -> Self { ) -> Self {
// we create a Transcript object seeded with a random Scalar // we create a Transcript object seeded with a random Scalar
// to aid the prover produce its randomness // to aid the prover produce its randomness
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"SpartanSNARKProof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
transcript.append_protocol_name(SNARK::protocol_name()); transcript.append_protocol_name(SNARK::protocol_name());
let (r1cs_sat_proof, rx, ry) = { let (r1cs_sat_proof, rx, ry) = {
let (proof, rx, ry) = R1CSProof::prove( let (proof, rx, ry) = R1CSProof::prove(
@ -190,13 +184,7 @@ impl NIZK {
) -> Self { ) -> Self {
// we create a Transcript object seeded with a random Scalar // we create a Transcript object seeded with a random Scalar
// to aid the prover produce its randomness // to aid the prover produce its randomness
let mut random_tape = {
let mut csprng: OsRng = OsRng;
let mut tape = Transcript::new(b"SpartanNIZKProof");
tape.append_scalar(b"init_randomness", &Scalar::random(&mut csprng));
tape
};
let mut random_tape = RandomTape::new(b"proof");
transcript.append_protocol_name(NIZK::protocol_name()); transcript.append_protocol_name(NIZK::protocol_name());
let (r1cs_sat_proof, rx, ry) = { let (r1cs_sat_proof, rx, ry) = {
let (proof, rx, ry) = R1CSProof::prove( let (proof, rx, ry) = R1CSProof::prove(

+ 7
- 6
src/sumcheck.rs
View File

@ -3,6 +3,7 @@ use super::dense_mlpoly::DensePolynomial;
use super::errors::ProofVerifyError; use super::errors::ProofVerifyError;
use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul}; use super::group::{CompressedGroup, GroupElement, VartimeMultiscalarMul};
use super::nizk::DotProductProof; use super::nizk::DotProductProof;
use super::random::RandomTape;
use super::scalar::Scalar; use super::scalar::Scalar;
use super::transcript::{AppendToTranscript, ProofTranscript}; use super::transcript::{AppendToTranscript, ProofTranscript};
use super::unipoly::{CompressedUniPoly, UniPoly}; use super::unipoly::{CompressedUniPoly, UniPoly};
@ -567,14 +568,14 @@ impl ZKSumcheckInstanceProof {
gens_1: &MultiCommitGens, gens_1: &MultiCommitGens,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> (Self, Vec<Scalar>, Vec<Scalar>, Scalar) ) -> (Self, Vec<Scalar>, Vec<Scalar>, Scalar)
where where
F: Fn(&Scalar, &Scalar) -> Scalar, F: Fn(&Scalar, &Scalar) -> Scalar,
{ {
let (blinds_poly, blinds_evals) = ( let (blinds_poly, blinds_evals) = (
random_tape.challenge_vector(b"blinds_poly", num_rounds),
random_tape.challenge_vector(b"blinds_evals", num_rounds),
random_tape.random_vector(b"blinds_poly", num_rounds),
random_tape.random_vector(b"blinds_evals", num_rounds),
); );
let mut claim_per_round = *claim; let mut claim_per_round = *claim;
let mut comm_claim_per_round = claim_per_round.commit(&blind_claim, &gens_1).compress(); let mut comm_claim_per_round = claim_per_round.commit(&blind_claim, &gens_1).compress();
@ -729,14 +730,14 @@ impl ZKSumcheckInstanceProof {
gens_1: &MultiCommitGens, gens_1: &MultiCommitGens,
gens_n: &MultiCommitGens, gens_n: &MultiCommitGens,
transcript: &mut Transcript, transcript: &mut Transcript,
random_tape: &mut Transcript,
random_tape: &mut RandomTape,
) -> (Self, Vec<Scalar>, Vec<Scalar>, Scalar) ) -> (Self, Vec<Scalar>, Vec<Scalar>, Scalar)
where where
F: Fn(&Scalar, &Scalar, &Scalar, &Scalar) -> Scalar, F: Fn(&Scalar, &Scalar, &Scalar, &Scalar) -> Scalar,
{ {
let (blinds_poly, blinds_evals) = ( let (blinds_poly, blinds_evals) = (
random_tape.challenge_vector(b"blinds_poly", num_rounds),
random_tape.challenge_vector(b"blinds_evals", num_rounds),
random_tape.random_vector(b"blinds_poly", num_rounds),
random_tape.random_vector(b"blinds_evals", num_rounds),
); );
let mut claim_per_round = *claim; let mut claim_per_round = *claim;

Write Preview
Loading…
Cancel
Save