sha256_aux.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2018-2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2020-2021 Nikita Kaskov <nbering@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 // @file Declaration of interfaces for auxiliary components for the SHA256 component.
26 //---------------------------------------------------------------------------//
27 
28 #ifndef CRYPTO3_ZK_BLUEPRINT_SHA256_AUX_HPP
29 #define CRYPTO3_ZK_BLUEPRINT_SHA256_AUX_HPP
30 
31 #include <nil/crypto3/zk/components/packing.hpp>
32 #include <nil/crypto3/zk/components/blueprint_variable.hpp>
33 
34 namespace nil {
35  namespace crypto3 {
36  namespace zk {
37  namespace components {
38 
39  template<typename FieldType>
40  class lastbits_component : public component<FieldType> {
41  public:
42  blueprint_variable<FieldType> X;
43  std::size_t X_bits;
44  blueprint_variable<FieldType> result;
45  blueprint_linear_combination_vector<FieldType> result_bits;
46 
47  blueprint_linear_combination_vector<FieldType> full_bits;
48  std::shared_ptr<packing_component<FieldType>> unpack_bits;
49  std::shared_ptr<packing_component<FieldType>> pack_result;
50 
51  lastbits_component(blueprint<FieldType> &bp,
52  const blueprint_variable<FieldType> &X,
53  std::size_t X_bits,
54  const blueprint_variable<FieldType> &result,
55  const blueprint_linear_combination_vector<FieldType> &result_bits) :
56  component<FieldType>(bp),
57  X(X), X_bits(X_bits), result(result), result_bits(result_bits) {
58 
59  full_bits = result_bits;
60  for (std::size_t i = result_bits.size(); i < X_bits; ++i) {
61  blueprint_variable<FieldType> full_bits_overflow;
62  full_bits_overflow.allocate(bp);
63  full_bits.emplace_back(full_bits_overflow);
64  }
65 
66  unpack_bits.reset(new packing_component<FieldType>(bp, full_bits, X));
67  pack_result.reset(new packing_component<FieldType>(bp, result_bits, result));
68  }
69 
70  void generate_r1cs_constraints() {
71  unpack_bits->generate_r1cs_constraints(true);
72  pack_result->generate_r1cs_constraints(false);
73  }
74 
75  void generate_r1cs_witness() {
76  unpack_bits->generate_r1cs_witness_from_packed();
77  pack_result->generate_r1cs_witness_from_bits();
78  }
79  };
80 
81  template<typename FieldType>
82  class XOR3_component : public component<FieldType> {
83  private:
84  blueprint_variable<FieldType> tmp;
85 
86  public:
87  blueprint_linear_combination<FieldType> A;
88  blueprint_linear_combination<FieldType> B;
89  blueprint_linear_combination<FieldType> C;
90  bool assume_C_is_zero;
91  blueprint_linear_combination<FieldType> out;
92 
93  XOR3_component(blueprint<FieldType> &bp,
94  const blueprint_linear_combination<FieldType> &A,
95  const blueprint_linear_combination<FieldType> &B,
96  const blueprint_linear_combination<FieldType> &C,
97  bool assume_C_is_zero,
98  const blueprint_linear_combination<FieldType> &out) :
99  component<FieldType>(bp),
100  A(A), B(B), C(C), assume_C_is_zero(assume_C_is_zero), out(out) {
101  if (!assume_C_is_zero) {
102  tmp.allocate(bp);
103  }
104  }
105 
106  void generate_r1cs_constraints() {
107  /*
108  tmp = A + B - 2AB i.e. tmp = A xor B
109  out = tmp + C - 2tmp C i.e. out = tmp xor C
110  */
111  if (assume_C_is_zero) {
112  this->bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(2 * A, B, A + B - out));
113  } else {
114  this->bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(2 * A, B, A + B - tmp));
115  this->bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(2 * tmp, C, tmp + C - out));
116  }
117  }
118 
119  void generate_r1cs_witness() {
120  if (assume_C_is_zero) {
121  this->bp.lc_val(out) =
122  this->bp.lc_val(A) + this->bp.lc_val(B) -
123  typename FieldType::value_type(0x02) * this->bp.lc_val(A) * this->bp.lc_val(B);
124  } else {
125  this->bp.val(tmp) =
126  this->bp.lc_val(A) + this->bp.lc_val(B) -
127  typename FieldType::value_type(0x02) * this->bp.lc_val(A) * this->bp.lc_val(B);
128  this->bp.lc_val(out) =
129  this->bp.val(tmp) + this->bp.lc_val(C) -
130  typename FieldType::value_type(0x02) * this->bp.val(tmp) * this->bp.lc_val(C);
131  }
132  }
133  };
134 
135 #define SHA256_COMPONENT_ROTR(A, i, k) A[((i) + (k)) % 32]
136 
137  /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */
138  template<typename FieldType>
139  class small_sigma_component : public component<FieldType> {
140  private:
141  blueprint_variable_vector<FieldType> W;
142  blueprint_variable<FieldType> result;
143 
144  public:
145  blueprint_variable_vector<FieldType> result_bits;
146  std::vector<std::shared_ptr<XOR3_component<FieldType>>> compute_bits;
147  std::shared_ptr<packing_component<FieldType>> pack_result;
148 
149  small_sigma_component(blueprint<FieldType> &bp,
150  const blueprint_variable_vector<FieldType> &W,
151  const blueprint_variable<FieldType> &result,
152  std::size_t rot1,
153  std::size_t rot2,
154  std::size_t shift) :
155  component<FieldType>(bp),
156  W(W), result(result) {
157 
158  result_bits.allocate(bp, 32);
159  compute_bits.resize(32);
160  for (std::size_t i = 0; i < 32; ++i) {
161  compute_bits[i].reset(new XOR3_component<FieldType>(
162  bp, SHA256_COMPONENT_ROTR(W, i, rot1), SHA256_COMPONENT_ROTR(W, i, rot2),
163  (i + shift < 32 ? W[i + shift] : blueprint_variable<FieldType>(0)), (i + shift >= 32),
164  result_bits[i]));
165  }
166  pack_result.reset(new packing_component<FieldType>(bp, result_bits, result));
167  }
168 
169  void generate_r1cs_constraints() {
170  for (std::size_t i = 0; i < 32; ++i) {
171  compute_bits[i]->generate_r1cs_constraints();
172  }
173 
174  pack_result->generate_r1cs_constraints(false);
175  }
176 
177  void generate_r1cs_witness() {
178  for (std::size_t i = 0; i < 32; ++i) {
179  compute_bits[i]->generate_r1cs_witness();
180  }
181 
182  pack_result->generate_r1cs_witness_from_bits();
183  }
184  };
185 
186  /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */
187  template<typename FieldType>
188  class big_sigma_component : public component<FieldType> {
189  private:
190  blueprint_linear_combination_vector<FieldType> W;
191  blueprint_variable<FieldType> result;
192 
193  public:
194  blueprint_variable_vector<FieldType> result_bits;
195  std::vector<std::shared_ptr<XOR3_component<FieldType>>> compute_bits;
196  std::shared_ptr<packing_component<FieldType>> pack_result;
197 
198  big_sigma_component(blueprint<FieldType> &bp,
199  const blueprint_linear_combination_vector<FieldType> &W,
200  const blueprint_variable<FieldType> &result,
201  std::size_t rot1,
202  std::size_t rot2,
203  std::size_t rot3) :
204  component<FieldType>(bp),
205  W(W), result(result) {
206 
207  result_bits.allocate(bp, 32);
208  compute_bits.resize(32);
209  for (std::size_t i = 0; i < 32; ++i) {
210  compute_bits[i].reset(new XOR3_component<FieldType>(
211  bp, SHA256_COMPONENT_ROTR(W, i, rot1), SHA256_COMPONENT_ROTR(W, i, rot2),
212  SHA256_COMPONENT_ROTR(W, i, rot3), false, result_bits[i]));
213  }
214 
215  pack_result.reset(new packing_component<FieldType>(bp, result_bits, result));
216  }
217 
218  void generate_r1cs_constraints() {
219  for (std::size_t i = 0; i < 32; ++i) {
220  compute_bits[i]->generate_r1cs_constraints();
221  }
222 
223  pack_result->generate_r1cs_constraints(false);
224  }
225 
226  void generate_r1cs_witness() {
227  for (std::size_t i = 0; i < 32; ++i) {
228  compute_bits[i]->generate_r1cs_witness();
229  }
230 
231  pack_result->generate_r1cs_witness_from_bits();
232  }
233  };
234 
235  /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */
236  template<typename FieldType>
237  class choice_component : public component<FieldType> {
238  private:
239  blueprint_variable_vector<FieldType> result_bits;
240 
241  public:
242  blueprint_linear_combination_vector<FieldType> X;
243  blueprint_linear_combination_vector<FieldType> Y;
244  blueprint_linear_combination_vector<FieldType> Z;
245  blueprint_variable<FieldType> result;
246  std::shared_ptr<packing_component<FieldType>> pack_result;
247 
248  choice_component(blueprint<FieldType> &bp,
249  const blueprint_linear_combination_vector<FieldType> &X,
250  const blueprint_linear_combination_vector<FieldType> &Y,
251  const blueprint_linear_combination_vector<FieldType> &Z,
252  const blueprint_variable<FieldType> &result) :
253  component<FieldType>(bp),
254  X(X), Y(Y), Z(Z), result(result) {
255 
256  result_bits.allocate(bp, 32);
257  pack_result.reset(new packing_component<FieldType>(bp, result_bits, result));
258  }
259 
260  void generate_r1cs_constraints() {
261  for (std::size_t i = 0; i < 32; ++i) {
262  /*
263  result = x * y + (1-x) * z
264  result - z = x * (y - z)
265  */
266  this->bp.add_r1cs_constraint(
267  snark::r1cs_constraint<FieldType>(X[i], Y[i] - Z[i], result_bits[i] - Z[i]));
268  }
269  pack_result->generate_r1cs_constraints(false);
270  }
271 
272  void generate_r1cs_witness() {
273  for (std::size_t i = 0; i < 32; ++i) {
274  this->bp.val(result_bits[i]) =
275  this->bp.lc_val(X[i]) * this->bp.lc_val(Y[i]) +
276  (FieldType::value_type::one() - this->bp.lc_val(X[i])) * this->bp.lc_val(Z[i]);
277  }
278  pack_result->generate_r1cs_witness_from_bits();
279  }
280  };
281 
282  /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */
283  template<typename FieldType>
284  class majority_component : public component<FieldType> {
285  private:
286  blueprint_variable_vector<FieldType> result_bits;
287  std::shared_ptr<packing_component<FieldType>> pack_result;
288 
289  public:
290  blueprint_linear_combination_vector<FieldType> X;
291  blueprint_linear_combination_vector<FieldType> Y;
292  blueprint_linear_combination_vector<FieldType> Z;
293  blueprint_variable<FieldType> result;
294 
295  majority_component(blueprint<FieldType> &bp,
296  const blueprint_linear_combination_vector<FieldType> &X,
297  const blueprint_linear_combination_vector<FieldType> &Y,
298  const blueprint_linear_combination_vector<FieldType> &Z,
299  const blueprint_variable<FieldType> &result) :
300  component<FieldType>(bp),
301  X(X), Y(Y), Z(Z), result(result) {
302  result_bits.allocate(bp, 32);
303  pack_result.reset(new packing_component<FieldType>(bp, result_bits, result));
304  }
305 
306  void generate_r1cs_constraints() {
307  for (std::size_t i = 0; i < 32; ++i) {
308  /*
309  2*result + aux = x + y + z
310  x, y, z, aux -- bits
311  aux = x + y + z - 2*result
312  */
313  generate_boolean_r1cs_constraint<FieldType>(this->bp, result_bits[i]);
314  this->bp.add_r1cs_constraint(
315  snark::r1cs_constraint<FieldType>(X[i] + Y[i] + Z[i] - 2 * result_bits[i],
316  1 - (X[i] + Y[i] + Z[i] - 2 * result_bits[i]), 0));
317  }
318  pack_result->generate_r1cs_constraints(false);
319  }
320 
321  void generate_r1cs_witness() {
322 
323  // temporary added until fixed-precision modular adaptor is ready:
324  typedef nil::crypto3::multiprecision::number<
325  nil::crypto3::multiprecision::backends::cpp_int_backend<>>
326  non_fixed_precision_integral_type;
327 
328  using integral_type = typename FieldType::integral_type;
329 
330  for (std::size_t i = 0; i < 32; ++i) {
331  const non_fixed_precision_integral_type v = non_fixed_precision_integral_type(
332  (this->bp.lc_val(X[i]) + this->bp.lc_val(Y[i]) + this->bp.lc_val(Z[i])).data);
333  this->bp.val(result_bits[i]) = typename FieldType::value_type(integral_type(v / 2));
334  }
335 
336  pack_result->generate_r1cs_witness_from_bits();
337  }
338  };
339 
340  } // namespace components
341  } // namespace zk
342  } // namespace crypto3
343 } // namespace nil
344 
345 #endif // CRYPTO3_ZK_BLUEPRINT_SHA256_AUX_HPP
blueprint_variable.hpp
nil::crypto3::zk::components::XOR3_component
Definition: sha256_aux.hpp:82
nil::crypto3::zk::components::XOR3_component::B
blueprint_linear_combination< FieldType > B
Definition: sha256_aux.hpp:88
nil::crypto3::zk::components::XOR3_component::C
blueprint_linear_combination< FieldType > C
Definition: sha256_aux.hpp:89
nil::crypto3::zk::components::XOR3_component::XOR3_component
XOR3_component(blueprint< FieldType > &bp, const blueprint_linear_combination< FieldType > &A, const blueprint_linear_combination< FieldType > &B, const blueprint_linear_combination< FieldType > &C, bool assume_C_is_zero, const blueprint_linear_combination< FieldType > &out)
Definition: sha256_aux.hpp:93
nil::crypto3::zk::components::XOR3_component::assume_C_is_zero
bool assume_C_is_zero
Definition: sha256_aux.hpp:90
nil::crypto3::zk::components::XOR3_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_aux.hpp:106
nil::crypto3::zk::components::XOR3_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_aux.hpp:119
nil::crypto3::zk::components::XOR3_component::A
blueprint_linear_combination< FieldType > A
Definition: sha256_aux.hpp:87
nil::crypto3::zk::components::XOR3_component::out
blueprint_linear_combination< FieldType > out
Definition: sha256_aux.hpp:91
nil::crypto3::zk::components::big_sigma_component
Definition: sha256_aux.hpp:188
nil::crypto3::zk::components::big_sigma_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_aux.hpp:218
nil::crypto3::zk::components::big_sigma_component::compute_bits
std::vector< std::shared_ptr< XOR3_component< FieldType > > > compute_bits
Definition: sha256_aux.hpp:195
nil::crypto3::zk::components::big_sigma_component::pack_result
std::shared_ptr< packing_component< FieldType > > pack_result
Definition: sha256_aux.hpp:196
nil::crypto3::zk::components::big_sigma_component::big_sigma_component
big_sigma_component(blueprint< FieldType > &bp, const blueprint_linear_combination_vector< FieldType > &W, const blueprint_variable< FieldType > &result, std::size_t rot1, std::size_t rot2, std::size_t rot3)
Definition: sha256_aux.hpp:198
nil::crypto3::zk::components::big_sigma_component::result_bits
blueprint_variable_vector< FieldType > result_bits
Definition: sha256_aux.hpp:194
nil::crypto3::zk::components::big_sigma_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_aux.hpp:226
nil::crypto3::zk::components::blueprint_linear_combination_vector
Definition: blueprint_linear_combination.hpp:115
nil::crypto3::zk::components::blueprint_linear_combination
Definition: blueprint_linear_combination.hpp:47
nil::crypto3::zk::components::blueprint_variable_vector
Definition: blueprint_variable.hpp:57
nil::crypto3::zk::components::blueprint_variable_vector::allocate
void allocate(blueprint< field_type > &bp, const std::size_t n)
Definition: blueprint_variable.hpp:91
nil::crypto3::zk::components::blueprint_variable
Definition: blueprint_variable.hpp:46
nil::crypto3::zk::components::blueprint_variable::allocate
void allocate(blueprint< FieldType > &bp)
Definition: blueprint_variable.hpp:51
nil::crypto3::zk::components::blueprint
Definition: blueprint.hpp:46
nil::crypto3::zk::components::choice_component
Definition: sha256_aux.hpp:237
nil::crypto3::zk::components::choice_component::Y
blueprint_linear_combination_vector< FieldType > Y
Definition: sha256_aux.hpp:243
nil::crypto3::zk::components::choice_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_aux.hpp:260
nil::crypto3::zk::components::choice_component::pack_result
std::shared_ptr< packing_component< FieldType > > pack_result
Definition: sha256_aux.hpp:246
nil::crypto3::zk::components::choice_component::choice_component
choice_component(blueprint< FieldType > &bp, const blueprint_linear_combination_vector< FieldType > &X, const blueprint_linear_combination_vector< FieldType > &Y, const blueprint_linear_combination_vector< FieldType > &Z, const blueprint_variable< FieldType > &result)
Definition: sha256_aux.hpp:248
nil::crypto3::zk::components::choice_component::result
blueprint_variable< FieldType > result
Definition: sha256_aux.hpp:245
nil::crypto3::zk::components::choice_component::X
blueprint_linear_combination_vector< FieldType > X
Definition: sha256_aux.hpp:242
nil::crypto3::zk::components::choice_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_aux.hpp:272
nil::crypto3::zk::components::choice_component::Z
blueprint_linear_combination_vector< FieldType > Z
Definition: sha256_aux.hpp:244
nil::crypto3::zk::components::component
Definition: component.hpp:37
nil::crypto3::zk::components::component::bp
blueprint< FieldType > & bp
Definition: component.hpp:39
nil::crypto3::zk::components::lastbits_component
Definition: sha256_aux.hpp:40
nil::crypto3::zk::components::lastbits_component::X_bits
std::size_t X_bits
Definition: sha256_aux.hpp:43
nil::crypto3::zk::components::lastbits_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_aux.hpp:75
nil::crypto3::zk::components::lastbits_component::result
blueprint_variable< FieldType > result
Definition: sha256_aux.hpp:44
nil::crypto3::zk::components::lastbits_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_aux.hpp:70
nil::crypto3::zk::components::lastbits_component::result_bits
blueprint_linear_combination_vector< FieldType > result_bits
Definition: sha256_aux.hpp:45
nil::crypto3::zk::components::lastbits_component::lastbits_component
lastbits_component(blueprint< FieldType > &bp, const blueprint_variable< FieldType > &X, std::size_t X_bits, const blueprint_variable< FieldType > &result, const blueprint_linear_combination_vector< FieldType > &result_bits)
Definition: sha256_aux.hpp:51
nil::crypto3::zk::components::lastbits_component::unpack_bits
std::shared_ptr< packing_component< FieldType > > unpack_bits
Definition: sha256_aux.hpp:48
nil::crypto3::zk::components::lastbits_component::X
blueprint_variable< FieldType > X
Definition: sha256_aux.hpp:42
nil::crypto3::zk::components::lastbits_component::full_bits
blueprint_linear_combination_vector< FieldType > full_bits
Definition: sha256_aux.hpp:47
nil::crypto3::zk::components::lastbits_component::pack_result
std::shared_ptr< packing_component< FieldType > > pack_result
Definition: sha256_aux.hpp:49
nil::crypto3::zk::components::majority_component
Definition: sha256_aux.hpp:284
nil::crypto3::zk::components::majority_component::result
blueprint_variable< FieldType > result
Definition: sha256_aux.hpp:293
nil::crypto3::zk::components::majority_component::X
blueprint_linear_combination_vector< FieldType > X
Definition: sha256_aux.hpp:290
nil::crypto3::zk::components::majority_component::Z
blueprint_linear_combination_vector< FieldType > Z
Definition: sha256_aux.hpp:292
nil::crypto3::zk::components::majority_component::majority_component
majority_component(blueprint< FieldType > &bp, const blueprint_linear_combination_vector< FieldType > &X, const blueprint_linear_combination_vector< FieldType > &Y, const blueprint_linear_combination_vector< FieldType > &Z, const blueprint_variable< FieldType > &result)
Definition: sha256_aux.hpp:295
nil::crypto3::zk::components::majority_component::Y
blueprint_linear_combination_vector< FieldType > Y
Definition: sha256_aux.hpp:291
nil::crypto3::zk::components::majority_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_aux.hpp:321
nil::crypto3::zk::components::majority_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_aux.hpp:306
nil::crypto3::zk::components::packing_component
Definition: packing.hpp:57
nil::crypto3::zk::components::small_sigma_component
Definition: sha256_aux.hpp:139
nil::crypto3::zk::components::small_sigma_component::small_sigma_component
small_sigma_component(blueprint< FieldType > &bp, const blueprint_variable_vector< FieldType > &W, const blueprint_variable< FieldType > &result, std::size_t rot1, std::size_t rot2, std::size_t shift)
Definition: sha256_aux.hpp:149
nil::crypto3::zk::components::small_sigma_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: sha256_aux.hpp:169
nil::crypto3::zk::components::small_sigma_component::pack_result
std::shared_ptr< packing_component< FieldType > > pack_result
Definition: sha256_aux.hpp:147
nil::crypto3::zk::components::small_sigma_component::result_bits
blueprint_variable_vector< FieldType > result_bits
Definition: sha256_aux.hpp:145
nil::crypto3::zk::components::small_sigma_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: sha256_aux.hpp:177
nil::crypto3::zk::components::small_sigma_component::compute_bits
std::vector< std::shared_ptr< XOR3_component< FieldType > > > compute_bits
Definition: sha256_aux.hpp:146
nil
Definition: pair.hpp:31
SHA256_COMPONENT_ROTR
#define SHA256_COMPONENT_ROTR(A, i, k)
Definition: sha256_aux.hpp:135
nil::crypto3::zk::snark::r1cs_constraint
Definition: r1cs.hpp:60