Namespaces | |
components | |
detail | |
reductions | |
Typedefs | |
typedef std::vector< std::map< std::size_t, bool > > | as_waksman_routing |
typedef std::vector< std::vector< std::pair< std::size_t, std::size_t > > > | as_waksman_topology |
template<typename FieldType > | |
using | bacs_auxiliary_input = bacs_variable_assignment< FieldType > |
template<typename ProvingKey , typename VerificationKey > | |
using | bacs_ppzksnark_keypair = std::pair< ProvingKey, VerificationKey > |
template<typename FieldType > | |
using | bacs_primary_input = bacs_variable_assignment< FieldType > |
template<typename FieldType > | |
using | bacs_variable_assignment = std::vector< typename FieldType::value_type > |
typedef std::vector< std::vector< bool > > | benes_routing |
typedef std::vector< std::vector< std::pair< std::size_t, std::size_t > > > | benes_topology |
typedef long | integer_coeff_t |
template<typename CurveType , typename Generator , typename Prover , typename Verifier > | |
using | is_aggregate_mode = typename std::bool_constant< std::is_same< r1cs_gg_ppzksnark_generator< CurveType, ProvingMode::Aggregate >, Generator >::value &&std::is_same< r1cs_gg_ppzksnark_prover< CurveType, ProvingMode::Aggregate >, Prover >::value &&std::is_same< r1cs_gg_ppzksnark_verifier_strong_input_consistency< CurveType, ProvingMode::Aggregate >, Verifier >::value > |
template<typename CurveType , typename Generator , typename Prover , typename Verifier > | |
using | is_basic_mode = typename std::bool_constant< std::is_same< r1cs_gg_ppzksnark_generator< CurveType, ProvingMode::Basic >, Generator >::value &&std::is_same< r1cs_gg_ppzksnark_prover< CurveType, ProvingMode::Basic >, Prover >::value &&(std::is_same< r1cs_gg_ppzksnark_verifier_weak_input_consistency< CurveType, ProvingMode::Basic >, Verifier >::value||std::is_same< r1cs_gg_ppzksnark_verifier_strong_input_consistency< CurveType, ProvingMode::Basic >, Verifier >::value)> |
template<typename CurveType , typename Generator , typename Prover , typename Verifier > | |
using | is_encrypted_input_mode = typename std::bool_constant< std::is_same< r1cs_gg_ppzksnark_generator< CurveType, ProvingMode::EncryptedInput >, Generator >::value &&std::is_same< r1cs_gg_ppzksnark_prover< CurveType, ProvingMode::EncryptedInput >, Prover >::value &&std::is_same< r1cs_gg_ppzksnark_verifier_strong_input_consistency< CurveType, ProvingMode::EncryptedInput >, Verifier >::value > |
template<typename ZkScheme > | |
using | keypair = std::pair< typename ZkScheme::proving_key, typename ZkScheme::verification_key > |
template<typename Type1 , typename Type2 > | |
using | knowledge_commitment_vector = sparse_vector< knowledge_commitment< Type1, Type2 > > |
template<typename GroupType > | |
using | kzg_opening = std::pair< typename GroupType::value_type, typename GroupType::value_type > |
typedef std::vector< bool > | merkle_authentication_node |
typedef std::vector< merkle_authentication_node > | merkle_authentication_path |
template<typename FieldType > | |
using | r1cs_auxiliary_input = std::vector< typename FieldType::value_type > |
template<typename CurveType > | |
using | r1cs_gg_ppzksnark_ipp2_commitment_output = std::pair< typename CurveType::gt_type::value_type, typename CurveType::gt_type::value_type > |
Both commitment outputs a pair of $F_q^k$ element. More... | |
template<typename CurveType > | |
using | r1cs_gg_ppzksnark_ipp2_vkey = r1cs_gg_ppzksnark_ipp2_commitment_key< typename CurveType::template g2_type<> > |
template<typename CurveType > | |
using | r1cs_gg_ppzksnark_ipp2_wkey = r1cs_gg_ppzksnark_ipp2_commitment_key< typename CurveType::template g1_type<> > |
template<typename ProvingKey , typename VerificationKey > | |
using | r1cs_gg_ppzksnark_keypair = std::pair< ProvingKey, VerificationKey > |
template<typename PCD_ppT > | |
using | r1cs_mp_ppzkpcd_auxiliary_input = r1cs_pcd_compliance_predicate_auxiliary_input< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_mp_ppzkpcd_compliance_predicate = r1cs_pcd_compliance_predicate< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_mp_ppzkpcd_local_data = r1cs_pcd_local_data< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_mp_ppzkpcd_message = r1cs_pcd_message< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_mp_ppzkpcd_primary_input = r1cs_pcd_compliance_predicate_primary_input< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_mp_ppzkpcd_variable_assignment = r1cs_variable_assignment< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename FieldType > | |
using | r1cs_pcd_witness = std::vector< typename FieldType::value_type > |
template<typename ProvingKey , typename VerificationKey > | |
using | r1cs_ppzksnark_keypair = std::pair< ProvingKey, VerificationKey > |
template<typename FieldType > | |
using | r1cs_primary_input = std::vector< typename FieldType::value_type > |
template<typename ProvingKey , typename VerificationKey > | |
using | r1cs_se_ppzksnark_keypair = std::pair< ProvingKey, VerificationKey > |
template<typename PCD_ppT > | |
using | r1cs_sp_ppzkpcd_auxiliary_input = r1cs_pcd_compliance_predicate_auxiliary_input< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_sp_ppzkpcd_compliance_predicate = r1cs_pcd_compliance_predicate< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_sp_ppzkpcd_local_data = r1cs_pcd_local_data< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_sp_ppzkpcd_message = r1cs_pcd_message< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_sp_ppzkpcd_primary_input = r1cs_pcd_compliance_predicate_primary_input< algebra::Fr< typename PCD_ppT::curve_A_pp > > |
template<typename PCD_ppT > | |
using | r1cs_sp_ppzkpcd_proof = typename r1cs_ppzksnark< typename PCD_ppT::curve_B_pp >::proof_type |
template<typename FieldType > | |
using | r1cs_variable_assignment = std::vector< typename FieldType::value_type > |
typedef std::vector< bool > | set_commitment |
typedef tbcs_variable_assignment | tbcs_auxiliary_input |
template<typename ProvingKey , typename VerificationKey > | |
using | tbcs_ppzksnark_keypair = std::pair< ProvingKey, VerificationKey > |
typedef tbcs_variable_assignment | tbcs_primary_input |
typedef std::vector< bool > | tbcs_variable_assignment |
typedef std::size_t | tbcs_wire_t |
template<typename FieldType > | |
using | uscs_auxiliary_input = std::vector< typename FieldType::value_type > |
template<typename FieldType > | |
using | uscs_constraint = linear_combination< FieldType > |
template<typename ProvingKey , typename VerificationKey > | |
using | uscs_ppzksnark_keypair = std::pair< ProvingKey, VerificationKey > |
template<typename FieldType > | |
using | uscs_primary_input = std::vector< typename FieldType::value_type > |
template<typename FieldType > | |
using | uscs_variable_assignment = std::vector< typename FieldType::value_type > |
Enumerations | |
enum class | ProvingMode { Basic , Aggregate , EncryptedInput } |
enum | tbcs_gate_type { TBCS_GATE_CONSTANT_0 = 0 , TBCS_GATE_AND = 1 , TBCS_GATE_X_AND_NOT_Y = 2 , TBCS_GATE_X = 3 , TBCS_GATE_NOT_X_AND_Y = 4 , TBCS_GATE_Y = 5 , TBCS_GATE_XOR = 6 , TBCS_GATE_OR = 7 , TBCS_GATE_NOR = 8 , TBCS_GATE_EQUIVALENCE = 9 , TBCS_GATE_NOT_Y = 10 , TBCS_GATE_IF_Y_THEN_X = 11 , TBCS_GATE_NOT_X = 12 , TBCS_GATE_IF_X_THEN_Y = 13 , TBCS_GATE_NAND = 14 , TBCS_GATE_CONSTANT_1 = 15 } |
Functions | |
template<typename ProofSystemType , template< typename T > class ProofRange> | |
bool | aggregate (const typename ProofSystemType::processed_verification_key_type &pvk, const typename ProofSystemType::primary_input_type &primary_input, const typename ProofSystemType::proof_type &proof) |
template<typename CurveType , typename Hash = hashes::sha2<256>, typename InputTranscriptIncludeIterator , typename InputProofIterator > | |
std::enable_if< std::is_same< std::uint8_t, typename std::iterator_traits< InputTranscriptIncludeIterator >::value_type >::value &&std::is_same< typename std::iterator_traits< InputProofIterator >::value_type, r1cs_gg_ppzksnark_proof< CurveType > >::value, r1cs_gg_ppzksnark_aggregate_proof< CurveType > >::type | aggregate_proofs (const r1cs_gg_ppzksnark_aggregate_proving_srs< CurveType > &srs, InputTranscriptIncludeIterator tr_include_first, InputTranscriptIncludeIterator tr_include_last, InputProofIterator proofs_first, InputProofIterator proofs_last) |
Aggregate n zkSnark proofs, where n must be a power of two. More... | |
std::size_t | as_waksman_get_canonical_row_idx (size_t row_offset, std::size_t row_idx) |
bool | as_waksman_get_switch_setting_from_top_bottom_decision (size_t row_offset, std::size_t packet_idx, bool use_top) |
bool | as_waksman_get_top_bottom_decision_from_switch_setting (size_t row_offset, std::size_t packet_idx, bool switch_setting) |
std::size_t | as_waksman_num_columns (size_t num_packets) |
std::size_t | as_waksman_other_input_position (size_t row_offset, std::size_t packet_idx) |
std::size_t | as_waksman_other_output_position (size_t row_offset, std::size_t packet_idx) |
void | as_waksman_route_inner (size_t left, std::size_t right, std::size_t lo, std::size_t hi, const integer_permutation &permutation, const integer_permutation &permutation_inv, as_waksman_routing &routing) |
std::size_t | as_waksman_switch_input (size_t num_packets, std::size_t row_offset, std::size_t row_idx, bool use_top) |
std::size_t | as_waksman_switch_output (size_t num_packets, std::size_t row_offset, std::size_t row_idx, bool use_top) |
std::size_t | as_waksman_top_height (const std::size_t num_packets) |
std::size_t | benes_cross_edge_mask (size_t dimension, std::size_t column_idx) |
bool | benes_get_switch_setting_from_subnetwork (size_t dimension, std::size_t column_idx, std::size_t row_idx, bool use_top) |
std::size_t | benes_lhs_packet_destination (size_t dimension, std::size_t column_idx, std::size_t row_idx, bool use_top) |
std::size_t | benes_num_columns (std::size_t num_packets) |
std::size_t | benes_packet_cross_destination (size_t dimension, std::size_t column_idx, std::size_t row_idx) |
std::size_t | benes_packet_cross_source (size_t dimension, std::size_t column_idx, std::size_t packet_idx) |
std::size_t | benes_rhs_packet_source (size_t dimension, std::size_t column_idx, std::size_t row_idx, bool use_top) |
template<typename CurveType , typename InputRange , typename ValueType = typename std::iterator_traits<typename InputRange::iterator>::value_type> | |
std::enable_if< std::is_same< typename CurveType::template g1_type<>::value_type, ValueType >::value||std::is_same< typename CurveType::template g2_type<>::value_type, ValueType >::value||std::is_same< typename CurveType::scalar_field_type::value_type, ValueType >::value >::type | compress (InputRange &vec, std::size_t split, const typename CurveType::scalar_field_type::value_type &scalar) |
void | construct_as_waksman_inner (size_t left, std::size_t right, std::size_t lo, std::size_t hi, const std::vector< std::size_t > &rhs_dests, as_waksman_topology &neighbors) |
template<typename ProofSystemType , typename KeyPairType = typename ProofSystemType::keypair_type> | |
KeyPairType | generate (const typename ProofSystemType::circuit_type &circuit) |
template<typename ProofSystemType , typename KeyPairType = typename ProofSystemType::keypair_type> | |
KeyPairType | generate (const typename ProofSystemType::constraint_system_type &constraint_system) |
template<typename ProofSystemType > | |
ProofSystemType::srs_pair_type | generate (std::size_t num_proofs) |
as_waksman_topology | generate_as_waksman_topology (size_t num_packets) |
benes_topology | generate_benes_topology (std::size_t num_packets) |
as_waksman_routing | get_as_waksman_routing (const integer_permutation &permutation) |
benes_routing | get_benes_routing (const integer_permutation &permutation) |
template<typename CurveType > | |
snark::r1cs_primary_input< typename CurveType::scalar_field_type > | get_mp_compliance_step_pcd_circuit_input (const set_commitment &commitment_to_translation_step_r1cs_vks, const r1cs_pcd_compliance_predicate_primary_input< typename CurveType::scalar_field_type > &primary_input) |
template<typename CurveType > | |
snark::r1cs_primary_input< typename CurveType::scalar_field_type > | get_mp_translation_step_pcd_circuit_input (const set_commitment &commitment_to_translation_step_r1cs_vks, const r1cs_pcd_compliance_predicate_primary_input< other_curve< CurveType >::scalar_field_type > &primary_input) |
template<typename CurveType > | |
snark::r1cs_primary_input< typename CurveType::scalar_field_type > | get_mp_translation_step_pcd_circuit_input (const set_commitment &commitment_to_translation_step_r1cs_vks, const r1cs_pcd_compliance_predicate_primary_input< other_curve< CurveType >::scalar_field_type::value_type &primary_input) |
template<typename CurveType > | |
r1cs_primary_input< typename CurveType::scalar_field_type > | get_sp_compliance_step_pcd_circuit_input (const std::vector< bool > &sp_translation_step_vk_bits, const r1cs_pcd_compliance_predicate_primary_input< typename CurveType::scalar_field_type > &primary_input) |
template<typename CurveType > | |
r1cs_primary_input< typename CurveType::scalar_field_type > | get_sp_translation_step_pcd_circuit_input (const std::vector< bool > &sp_translation_step_vk_bits, const r1cs_pcd_compliance_predicate_primary_input< other_curve< CurveType >::scalar_field_type::value_type > &primary_input) |
template<typename CurveType , typename Hash = hashes::sha2<256>, typename InputG1Iterator1 , typename InputG2Iterator , typename InputG1Iterator2 , typename InputScalarIterator > | |
std::enable_if< std::is_same< typename CurveType::template g1_type<>::value_type, typename std::iterator_traits< InputG1Iterator1 >::value_type >::value &&std::is_same< typename CurveType::template g2_type<>::value_type, typename std::iterator_traits< InputG2Iterator >::value_type >::value &&std::is_same< typename CurveType::scalar_field_type::value_type, typename std::iterator_traits< InputScalarIterator >::value_type >::value &&std::is_same< typename CurveType::template g1_type<>::value_type, typename std::iterator_traits< InputG1Iterator2 >::value_type >::value, std::tuple< gipa_proof< CurveType >, std::vector< typename CurveType::scalar_field_type::value_type >, std::vector< typename CurveType::scalar_field_type::value_type > > >::type | gipa_tipp_mipp (transcript< CurveType, Hash > &tr, InputG1Iterator1 a_first, InputG1Iterator1 a_last, InputG2Iterator b_first, InputG2Iterator b_last, InputG1Iterator2 c_first, InputG1Iterator2 c_last, const r1cs_gg_ppzksnark_ipp2_vkey< CurveType > &vkey_input, const r1cs_gg_ppzksnark_ipp2_wkey< CurveType > &wkey_input, InputScalarIterator r_first, InputScalarIterator r_last) |
template<typename CurveType , typename Hash = hashes::sha2<256>> | |
std::tuple< gipa_tuz< CurveType >, typename CurveType::scalar_field_type::value_type, std::vector< typename CurveType::scalar_field_type::value_type >, std::vector< typename CurveType::scalar_field_type::value_type > > | gipa_verify_tipp_mipp (transcript< CurveType, Hash > &tr, const r1cs_gg_ppzksnark_aggregate_proof< CurveType > &proof, const typename CurveType::scalar_field_type::value_type &r_shift) |
template<typename T1 , typename T2 , typename FieldType > | |
knowledge_commitment_vector< T1, T2 > | kc_batch_exp (const std::size_t scalar_size, const std::size_t T1_window, const std::size_t T2_window, const algebra::window_table< T1 > &T1_table, const algebra::window_table< T2 > &T2_table, const typename FieldType::value_type &T1_coeff, const typename FieldType::value_type &T2_coeff, const std::vector< typename FieldType::value_type > &v, const std::size_t suggested_num_chunks) |
template<typename T1 , typename T2 , typename FieldType > | |
knowledge_commitment_vector< T1, T2 > | kc_batch_exp_internal (const std::size_t scalar_size, const std::size_t T1_window, const std::size_t T2_window, const algebra::window_table< T1 > &T1_table, const algebra::window_table< T2 > &T2_table, const typename FieldType::value_type &T1_coeff, const typename FieldType::value_type &T2_coeff, const std::vector< typename FieldType::value_type > &v, const std::size_t start_pos, const std::size_t end_pos, const std::size_t expected_size) |
template<typename MultiexpMethod , typename T1 , typename T2 , typename InputFieldIterator > | |
knowledge_commitment< T1, T2 >::value_type | kc_multiexp_with_mixed_addition (const knowledge_commitment_vector< T1, T2 > &vec, const std::size_t min_idx, const std::size_t max_idx, InputFieldIterator scalar_start, InputFieldIterator scalar_end, const std::size_t chunks) |
template<typename FieldType > | |
linear_term< FieldType > | operator* (const integer_coeff_t int_coeff, const variable< FieldType > &var) |
template<typename FieldType > | |
linear_combination< FieldType > | operator* (const typename FieldType::value_type &field_coeff, const linear_combination< FieldType > &lc) |
template<typename FieldType > | |
linear_term< FieldType > | operator* (const typename FieldType::value_type &field_coeff, const linear_term< FieldType > <) |
template<typename FieldType > | |
linear_term< FieldType > | operator* (const typename FieldType::value_type &field_coeff, const variable< FieldType > &var) |
template<typename FieldType > | |
linear_combination< FieldType > | operator* (integer_coeff_t int_coeff, const linear_combination< FieldType > &lc) |
template<typename FieldType > | |
linear_term< FieldType > | operator* (integer_coeff_t int_coeff, const linear_term< FieldType > <) |
template<typename FieldType > | |
linear_combination< FieldType > | operator+ (const integer_coeff_t int_coeff, const linear_term< FieldType > <) |
template<typename FieldType > | |
linear_combination< FieldType > | operator+ (const integer_coeff_t int_coeff, const variable< FieldType > &var) |
template<typename FieldType > | |
linear_combination< FieldType > | operator+ (const typename FieldType::value_type &field_coeff, const linear_combination< FieldType > &lc) |
template<typename FieldType > | |
linear_combination< FieldType > | operator+ (const typename FieldType::value_type &field_coeff, const linear_term< FieldType > <) |
template<typename FieldType > | |
linear_combination< FieldType > | operator+ (const typename FieldType::value_type &field_coeff, const variable< FieldType > &var) |
template<typename FieldType > | |
linear_combination< FieldType > | operator+ (integer_coeff_t int_coeff, const linear_combination< FieldType > &lc) |
template<typename FieldType > | |
linear_combination< FieldType > | operator- (const integer_coeff_t int_coeff, const linear_term< FieldType > <) |
template<typename FieldType > | |
linear_combination< FieldType > | operator- (const integer_coeff_t int_coeff, const variable< FieldType > &var) |
template<typename FieldType > | |
linear_combination< FieldType > | operator- (const typename FieldType::value_type &field_coeff, const linear_combination< FieldType > &lc) |
template<typename FieldType > | |
linear_combination< FieldType > | operator- (const typename FieldType::value_type &field_coeff, const linear_term< FieldType > <) |
template<typename FieldType > | |
linear_combination< FieldType > | operator- (const typename FieldType::value_type &field_coeff, const variable< FieldType > &var) |
template<typename FieldType > | |
linear_combination< FieldType > | operator- (integer_coeff_t int_coeff, const linear_combination< FieldType > &lc) |
template<typename T1 , typename T2 , typename Backend , multiprecision::expression_template_option ExpressionTemplates> | |
knowledge_commitment< T1, T2 >::value_type | opt_window_wnaf_exp (const typename knowledge_commitment< T1, T2 >::value_type &base, const multiprecision::number< Backend, ExpressionTemplates > &scalar, const std::size_t scalar_bits) |
template<typename FieldType , typename InputFieldValueIterator > | |
std::enable_if< std::is_same< typename std::iterator_traits< InputFieldValueIterator >::value_type, typename FieldType::value_type >::value, std::vector< typename FieldType::value_type > >::type | polynomial_coefficients_from_transcript (InputFieldValueIterator transcript_first, InputFieldValueIterator transcript_last, const typename FieldType::value_type &r_shift) |
template<typename FieldType , typename InputFieldValueIterator > | |
std::enable_if< std::is_same< typename std::iterator_traits< InputFieldValueIterator >::value_type, typename FieldType::value_type >::value, typename FieldType::value_type >::type | polynomial_evaluation_product_form_from_transcript (InputFieldValueIterator transcript_first, InputFieldValueIterator transcript_last, const typename FieldType::value_type &z, const typename FieldType::value_type &r_shift) |
template<typename ProofSystemType , typename PublicKey , typename ScalarValue > | |
ProofSystemType::proof_type | prove (const typename ProofSystemType::proving_key_type &pk, const PublicKey &pubkey, const typename ProofSystemType::primary_input_type &primary_input, const typename ProofSystemType::auxiliary_input_type &auxiliary_input, const ScalarValue &r) |
template<typename ProofSystemType > | |
ProofSystemType::proof_type | prove (const typename ProofSystemType::proving_key_type &pk, const typename ProofSystemType::primary_input_type &primary_input, const typename ProofSystemType::auxiliary_input_type &auxiliary_input) |
template<typename ProofSystemType , typename Hash , typename InputTranscriptIncludeIterator , typename InputProofIterator > | |
ProofSystemType::proof_type | prove (const typename ProofSystemType::proving_srs_type &srs, InputTranscriptIncludeIterator transcript_include_first, InputTranscriptIncludeIterator transcript_include_last, InputProofIterator proofs_first, InputProofIterator proofs_last) |
template<typename GroupType , typename InputGroupIterator , typename InputScalarRange > | |
std::enable_if< std::is_same< typename GroupType::value_type, typename std::iterator_traits< InputGroupIterator >::value_type >::value &&std::is_same< typename GroupType::curve_type::scalar_field_type::value_type, typename std::iterator_traits< typename InputScalarRange::iterator >::value_type >::value, kzg_opening< GroupType > >::type | prove_commitment_key_kzg_opening (InputGroupIterator srs_powers_alpha_first, InputGroupIterator srs_powers_alpha_last, InputGroupIterator srs_powers_beta_first, InputGroupIterator srs_powers_beta_last, const InputScalarRange &poly, const typename GroupType::curve_type::scalar_field_type::value_type &eval_poly, const typename GroupType::curve_type::scalar_field_type::value_type &kzg_challenge) |
template<typename CurveType , typename InputG2Iterator , typename InputScalarIterator > | |
std::enable_if< std::is_same< typename CurveType::template g2_type<>::value_type, typename std::iterator_traits< InputG2Iterator >::value_type >::value &&std::is_same< typename CurveType::scalar_field_type::value_type, typename std::iterator_traits< InputScalarIterator >::value_type >::value, kzg_opening< typename CurveType::template g2_type<> > >::type | prove_commitment_v (InputG2Iterator srs_powers_alpha_first, InputG2Iterator srs_powers_alpha_last, InputG2Iterator srs_powers_beta_first, InputG2Iterator srs_powers_beta_last, InputScalarIterator transcript_first, InputScalarIterator transcript_last, const typename CurveType::scalar_field_type::value_type &kzg_challenge) |
template<typename CurveType , typename InputG1Iterator , typename InputScalarIterator > | |
std::enable_if< std::is_same< typename CurveType::template g1_type<>::value_type, typename std::iterator_traits< InputG1Iterator >::value_type >::value &&std::is_same< typename CurveType::scalar_field_type::value_type, typename std::iterator_traits< InputScalarIterator >::value_type >::value, kzg_opening< typename CurveType::template g1_type<> > >::type | prove_commitment_w (InputG1Iterator srs_powers_alpha_first, InputG1Iterator srs_powers_alpha_last, InputG1Iterator srs_powers_beta_first, InputG1Iterator srs_powers_beta_last, InputScalarIterator transcript_first, InputScalarIterator transcript_last, typename CurveType::scalar_field_type::value_type r_shift, const typename CurveType::scalar_field_type::value_type &kzg_challenge) |
template<typename CurveType , typename Hash = hashes::sha2<256>, typename InputG1Iterator1 , typename InputG2Iterator , typename InputG1Iterator2 , typename InputScalarIterator > | |
std::enable_if< std::is_same< typename CurveType::template g1_type<>::value_type, typename std::iterator_traits< InputG1Iterator1 >::value_type >::value &&std::is_same< typename CurveType::template g2_type<>::value_type, typename std::iterator_traits< InputG2Iterator >::value_type >::value &&std::is_same< typename CurveType::template g1_type<>::value_type, typename std::iterator_traits< InputG1Iterator2 >::value_type >::value &&std::is_same< typename CurveType::scalar_field_type::value_type, typename std::iterator_traits< InputScalarIterator >::value_type >::value, tipp_mipp_proof< CurveType > >::type | prove_tipp_mipp (const r1cs_gg_ppzksnark_aggregate_proving_srs< CurveType > &srs, transcript< CurveType, Hash > &tr, InputG1Iterator1 a_first, InputG1Iterator1 a_last, InputG2Iterator b_first, InputG2Iterator b_last, InputG1Iterator2 c_first, InputG1Iterator2 c_last, const r1cs_gg_ppzksnark_ipp2_wkey< CurveType > &wkey, InputScalarIterator r_first, InputScalarIterator r_last) |
template<typename PCD_ppT > | |
r1cs_mp_ppzkpcd_keypair< PCD_ppT > | r1cs_mp_ppzkpcd_generator (const std::vector< r1cs_mp_ppzkpcd_compliance_predicate< PCD_ppT >> &compliance_predicates) |
template<typename PCD_ppT > | |
bool | r1cs_mp_ppzkpcd_online_verifier (const r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > &pvk, const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_mp_ppzkpcd_proof< PCD_ppT > &proof) |
template<typename PCD_ppT > | |
r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > | r1cs_mp_ppzkpcd_process_vk (const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &vk) |
template<typename PCD_ppT > | |
r1cs_mp_ppzkpcd_proof< PCD_ppT > | r1cs_mp_ppzkpcd_prover (const r1cs_mp_ppzkpcd_proving_key< PCD_ppT > &pk, const std::size_t compliance_predicate_name, const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_mp_ppzkpcd_auxiliary_input< PCD_ppT > &auxiliary_input, const std::vector< r1cs_mp_ppzkpcd_proof< PCD_ppT >> &incoming_proofs) |
template<typename PCD_ppT > | |
bool | r1cs_mp_ppzkpcd_verifier (const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &vk, const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_mp_ppzkpcd_proof< PCD_ppT > &proof) |
template<typename PCD_ppT > | |
r1cs_sp_ppzkpcd_keypair< PCD_ppT > | r1cs_sp_ppzkpcd_generator (const r1cs_sp_ppzkpcd_compliance_predicate< PCD_ppT > &compliance_predicate) |
template<typename PCD_ppT > | |
bool | r1cs_sp_ppzkpcd_online_verifier (const r1cs_sp_ppzkpcd_processed_verification_key< PCD_ppT > &pvk, const r1cs_sp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_sp_ppzkpcd_proof< PCD_ppT > &proof) |
template<typename PCD_ppT > | |
r1cs_sp_ppzkpcd_processed_verification_key< PCD_ppT > | r1cs_sp_ppzkpcd_process_vk (const r1cs_sp_ppzkpcd_verification_key< PCD_ppT > &vk) |
template<typename PCD_ppT > | |
r1cs_sp_ppzkpcd_proof< PCD_ppT > | r1cs_sp_ppzkpcd_prover (const r1cs_sp_ppzkpcd_proving_key< PCD_ppT > &pk, const r1cs_sp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_sp_ppzkpcd_auxiliary_input< PCD_ppT > &auxiliary_input, const std::vector< r1cs_sp_ppzkpcd_proof< PCD_ppT >> &incoming_proofs) |
template<typename PCD_ppT > | |
bool | r1cs_sp_ppzkpcd_verifier (const r1cs_sp_ppzkpcd_verification_key< PCD_ppT > &vk, const r1cs_sp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_sp_ppzkpcd_proof< PCD_ppT > &proof) |
void | route_benes_inner (size_t dimension, const integer_permutation &permutation, const integer_permutation &permutation_inv, std::size_t column_idx_start, std::size_t column_idx_end, std::size_t subnetwork_offset, std::size_t subnetwork_size, benes_routing &routing) |
template<typename T > | |
std::vector< std::vector< T > > | route_by_benes (const benes_routing &routing, const std::vector< T > &start) |
template<typename CurveType > | |
bool | sigBatchVerif (const r1cs_ppzkadsnark_vkT< CurveType > &vk, const std::vector< label_type > &labels, const std::vector< typename CurveType::g2_type::value_type > &Lambdas, const std::vector< r1cs_ppzkadsnark_signature< CurveType >> &sigs) |
template<typename CurveType > | |
kpT< CurveType > | sigGen (void) |
template<typename CurveType > | |
r1cs_ppzkadsnark_signature< CurveType > | sigSign (const r1cs_ppzkadsnark_secret_key< CurveType > &sk, const label_type &label, const typename CurveType::g2_type::value_type &Lambda) |
template<typename CurveType > | |
bool | sigVerif (const r1cs_ppzkadsnark_vkT< CurveType > &vk, const label_type &label, const typename CurveType::g2_type::value_type &Lambda, const r1cs_ppzkadsnark_signature< CurveType > &sig) |
template<typename GroupType , typename ScalarFieldType = typename GroupType::curve_type::scalar_field_type> | |
std::vector< typename GroupType::value_type > | structured_generators_scalar_power (std::size_t n, const typename ScalarFieldType::value_type &s) |
template<typename FieldType > | |
std::vector< typename FieldType::value_type > | structured_scalar_power (std::size_t num, const typename FieldType::value_type &s) |
template<typename Hash > | |
Hash::digest_type | two_to_one_CRH (const typename Hash::digest_type &l, const typename Hash::digest_type &r) |
template<typename Hash > | |
Hash::hash_value_type | two_to_one_CRH (const typename Hash::hash_value_type &l, const typename Hash::hash_value_type &r) |
bool | valid_as_waksman_routing (const integer_permutation &permutation, const as_waksman_routing &routing) |
bool | valid_benes_routing (const integer_permutation &permutation, const benes_routing &routing) |
template<typename ProofSystemType > | |
bool | verify (const typename ProofSystemType::processed_verification_key_type &pvk, const typename ProofSystemType::primary_input_type &primary_input, const typename ProofSystemType::proof_type &proof) |
template<typename ProofSystemType > | |
bool | verify (const typename ProofSystemType::verification_key_type &vk, const typename ProofSystemType::primary_input_type &primary_input, const typename ProofSystemType::proof_type &proof) |
template<typename ProofSystemType , typename DistributionType , typename GeneratorType , typename Hash , typename InputPrimaryInputRange , typename InputIterator > | |
bool | verify (const typename ProofSystemType::verification_srs_type &ip_verifier_srs, const typename ProofSystemType::verification_key_type &pvk, const InputPrimaryInputRange &public_inputs, const typename ProofSystemType::proof_type &proof, InputIterator transcript_include_first, InputIterator transcript_include_last) |
template<typename CurveType , typename DistributionType = boost::random::uniform_int_distribution< typename CurveType::scalar_field_type::integral_type>, typename GeneratorType = boost::random::mt19937, typename Hash = hashes::sha2<256>, typename InputRangesRange , typename InputIterator > | |
std::enable_if< std::is_same< typename CurveType::scalar_field_type::value_type, typename std::iterator_traits< typename std::iterator_traits< typename InputRangesRange::iterator >::value_type::iterator >::value_type >::value &&std::is_same< std::uint8_t, typename std::iterator_traits< InputIterator >::value_type >::value, bool >::type | verify_aggregate_proof (const r1cs_gg_ppzksnark_aggregate_verification_srs< CurveType > &ip_verifier_srs, const r1cs_gg_ppzksnark_aggregate_verification_key< CurveType > &pvk, const InputRangesRange &public_inputs, const r1cs_gg_ppzksnark_aggregate_proof< CurveType > &proof, InputIterator transcript_include_first, InputIterator transcript_include_last) |
template<typename CurveType , typename DistributionType , typename GeneratorType , typename InputScalarIterator > | |
std::enable_if< std::is_same< typename CurveType::scalar_field_type::value_type, typename std::iterator_traits< InputScalarIterator >::value_type >::value >::type | verify_kzg_v (const r1cs_gg_ppzksnark_aggregate_verification_srs< CurveType > &v_srs, const std::pair< typename CurveType::template g2_type<>::value_type, typename CurveType::template g2_type<>::value_type > &final_vkey, const kzg_opening< typename CurveType::template g2_type<>> &vkey_opening, InputScalarIterator challenges_first, InputScalarIterator challenges_last, const typename CurveType::scalar_field_type::value_type &kzg_challenge, pairing_check< CurveType, DistributionType, GeneratorType > &pc) |
template<typename CurveType , typename DistributionType , typename GeneratorType , typename InputScalarIterator > | |
std::enable_if< std::is_same< typename CurveType::scalar_field_type::value_type, typename std::iterator_traits< InputScalarIterator >::value_type >::value >::type | verify_kzg_w (const r1cs_gg_ppzksnark_aggregate_verification_srs< CurveType > &v_srs, const std::pair< typename CurveType::template g1_type<>::value_type, typename CurveType::template g1_type<>::value_type > &final_wkey, const kzg_opening< typename CurveType::template g1_type<>> &wkey_opening, InputScalarIterator challenges_first, InputScalarIterator challenges_last, const typename CurveType::scalar_field_type::value_type &r_shift, const typename CurveType::scalar_field_type::value_type &kzg_challenge, pairing_check< CurveType, DistributionType, GeneratorType > &pc) |
Similar to verify_kzg_opening_g2 but for g1. More... | |
template<typename CurveType , typename DistributionType , typename GeneratorType , typename Hash = hashes::sha2<256>> | |
void | verify_tipp_mipp (transcript< CurveType, Hash > &tr, const r1cs_gg_ppzksnark_aggregate_verification_srs< CurveType > &v_srs, const r1cs_gg_ppzksnark_aggregate_proof< CurveType > &proof, const typename CurveType::scalar_field_type::value_type &r_shift, pairing_check< CurveType, DistributionType, GeneratorType > &pc) |
Typedef Documentation
◆ as_waksman_routing
typedef std::vector<std::map<std::size_t, bool> > nil::crypto3::zk::snark::as_waksman_routing |
A routing assigns a bit to each switch in the AS-Waksman routing network.
More precisely:
- as_waksman_routing[column_idx][packet_idx]=false, if switch with canonical position of (column_idx,packet_idx) is set to "straight" setting, and
- as_waksman_routing[column_idx][packet_idx]=true, if switch with canonical position of (column_idx,packet_idx) is set to "cross" setting.
Note that as_waksman_routing[column_idx][packet_idx] does contain entries for the positions associated with the bottom ports of the switches, i.e. only canonical positions are present.
◆ as_waksman_topology
typedef std::vector<std::vector<std::pair<std::size_t, std::size_t> > > nil::crypto3::zk::snark::as_waksman_topology |
When laid out on num_packets \times num_columns grid, each switch occupies two positions: its top input and output ports are at position (column_idx, row_idx) and the bottom input and output ports are at position (column_idx, row_idx+1).
We call the position assigned to the top ports of a switch its "canonical" position. A data structure that stores the topology of an AS-Waksman network.
For a given column index column_idx and packet index packet_idx, as_waksman_topology[column_idx][packet_idx] specifies the two possible destinations at column_idx+1-th column where the packet_idx-th packet in the column_idx-th column could be routed after passing the switch, which has (column_idx, packet_idx) as one of its occupied positions.
This information is stored as a pair of indices, where:
- the first index denotes the destination when the switch is operated in "straight" setting, and
- the second index denotes the destination when the switch is operated in "cross" setting.
If no switch occupies a position (column_idx, packet_idx), i.e. there is just a wire passing through that position, then the two indices are set to be equal and the packet is always routed to the specified destination at the column_idx+1-th column.
◆ bacs_auxiliary_input
using nil::crypto3::zk::snark::bacs_auxiliary_input = typedef bacs_variable_assignment<FieldType> |
A BACS auxiliary input is a BACS variable assigment.
◆ bacs_ppzksnark_keypair
using nil::crypto3::zk::snark::bacs_ppzksnark_keypair = typedef std::pair<ProvingKey, VerificationKey> |
◆ bacs_primary_input
using nil::crypto3::zk::snark::bacs_primary_input = typedef bacs_variable_assignment<FieldType> |
A BACS primary input is a BACS variable assignment.
◆ bacs_variable_assignment
using nil::crypto3::zk::snark::bacs_variable_assignment = typedef std::vector<typename FieldType::value_type> |
A BACS variable assignment is a vector of field elements.
◆ benes_routing
typedef std::vector<std::vector<bool> > nil::crypto3::zk::snark::benes_routing |
A routing assigns a bit to each switch in a Benes network.
For a d-dimensional Benes network, the switch bits are stored in a vector consisting of 2*d entries, and each entry contains 2^d bits. That is, we have one switch per packet, but switch settings are not independent.
◆ benes_topology
typedef std::vector<std::vector<std::pair<std::size_t, std::size_t> > > nil::crypto3::zk::snark::benes_topology |
A data structure that stores the topology of a Benes network.
For a given column index column_idx and packet index packet_idx, benes_topology[column_idx][packet_idx] specifies the two possible destinations where the packet_idx-th packet in the column_idx-th column could be routed. This information is stored as a pair of indices, where:
- the first index denotes the destination when the switch is in "straight" mode, and
- the second index denotes the destination when the switch is in "cross" mode.
(The topology has a very succinct description and can be easily queried at an arbitrary position, see implementation of generate_benes_topology for details.)
◆ integer_coeff_t
typedef long nil::crypto3::zk::snark::integer_coeff_t |
Mnemonic typedefs.
◆ is_aggregate_mode
using nil::crypto3::zk::snark::is_aggregate_mode = typedef typename std::bool_constant< std::is_same<r1cs_gg_ppzksnark_generator<CurveType, ProvingMode::Aggregate>, Generator>::value && std::is_same<r1cs_gg_ppzksnark_prover<CurveType, ProvingMode::Aggregate>, Prover>::value && std::is_same<r1cs_gg_ppzksnark_verifier_strong_input_consistency<CurveType, ProvingMode::Aggregate>, Verifier>::value> |
◆ is_basic_mode
using nil::crypto3::zk::snark::is_basic_mode = typedef typename std::bool_constant< std::is_same<r1cs_gg_ppzksnark_generator<CurveType, ProvingMode::Basic>, Generator>::value && std::is_same<r1cs_gg_ppzksnark_prover<CurveType, ProvingMode::Basic>, Prover>::value && (std::is_same<r1cs_gg_ppzksnark_verifier_weak_input_consistency<CurveType, ProvingMode::Basic>, Verifier>::value || std::is_same<r1cs_gg_ppzksnark_verifier_strong_input_consistency<CurveType, ProvingMode::Basic>, Verifier>::value )> |
◆ is_encrypted_input_mode
using nil::crypto3::zk::snark::is_encrypted_input_mode = typedef typename std::bool_constant< std::is_same<r1cs_gg_ppzksnark_generator<CurveType, ProvingMode::EncryptedInput>, Generator>::value && std::is_same<r1cs_gg_ppzksnark_prover<CurveType, ProvingMode::EncryptedInput>, Prover>::value && std::is_same< r1cs_gg_ppzksnark_verifier_strong_input_consistency<CurveType, ProvingMode::EncryptedInput>, Verifier>::value> |
◆ keypair
using nil::crypto3::zk::snark::keypair = typedef std::pair<typename ZkScheme::proving_key, typename ZkScheme::verification_key> |
◆ knowledge_commitment_vector
using nil::crypto3::zk::snark::knowledge_commitment_vector = typedef sparse_vector<knowledge_commitment<Type1, Type2> > |
A knowledge commitment vector is a sparse vector of knowledge commitments.
◆ kzg_opening
using nil::crypto3::zk::snark::kzg_opening = typedef std::pair<typename GroupType::value_type, typename GroupType::value_type> |
KZGOpening represents the KZG opening of a commitment key (which is a tuple given commitment keys are a tuple).
◆ merkle_authentication_node
typedef std::vector< bool > nil::crypto3::zk::snark::merkle_authentication_node |
A Merkle tree is maintained as two maps:
- a map from addresses to values, and
- a map from addresses to hashes.
The second map maintains the intermediate hashes of a Merkle tree built atop the values currently stored in the tree (the implementation admits a very efficient support for sparse trees). Besides offering methods to load and store values, the class offers methods to retrieve the root of the Merkle tree and to obtain the authentication paths for (the value at) a given address.
◆ merkle_authentication_path
typedef std::vector< merkle_authentication_node > nil::crypto3::zk::snark::merkle_authentication_path |
◆ r1cs_auxiliary_input
using nil::crypto3::zk::snark::r1cs_auxiliary_input = typedef std::vector<typename FieldType::value_type> |
◆ r1cs_gg_ppzksnark_ipp2_commitment_output
using nil::crypto3::zk::snark::r1cs_gg_ppzksnark_ipp2_commitment_output = typedef std::pair<typename CurveType::gt_type::value_type, typename CurveType::gt_type::value_type> |
Both commitment outputs a pair of $F_q^k$ element.
◆ r1cs_gg_ppzksnark_ipp2_vkey
using nil::crypto3::zk::snark::r1cs_gg_ppzksnark_ipp2_vkey = typedef r1cs_gg_ppzksnark_ipp2_commitment_key<typename CurveType::template g2_type<> > |
_{i=1}^n$
◆ r1cs_gg_ppzksnark_ipp2_wkey
using nil::crypto3::zk::snark::r1cs_gg_ppzksnark_ipp2_wkey = typedef r1cs_gg_ppzksnark_ipp2_commitment_key<typename CurveType::template g1_type<> > |
_{i=1}^n$
◆ r1cs_gg_ppzksnark_keypair
using nil::crypto3::zk::snark::r1cs_gg_ppzksnark_keypair = typedef std::pair<ProvingKey, VerificationKey> |
◆ r1cs_mp_ppzkpcd_auxiliary_input
using nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_auxiliary_input = typedef r1cs_pcd_compliance_predicate_auxiliary_input<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_mp_ppzkpcd_compliance_predicate
using nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_compliance_predicate = typedef r1cs_pcd_compliance_predicate<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_mp_ppzkpcd_local_data
using nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_local_data = typedef r1cs_pcd_local_data<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_mp_ppzkpcd_message
using nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_message = typedef r1cs_pcd_message<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_mp_ppzkpcd_primary_input
using nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_primary_input = typedef r1cs_pcd_compliance_predicate_primary_input<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_mp_ppzkpcd_variable_assignment
using nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_variable_assignment = typedef r1cs_variable_assignment<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_pcd_witness
using nil::crypto3::zk::snark::r1cs_pcd_witness = typedef std::vector<typename FieldType::value_type> |
◆ r1cs_ppzksnark_keypair
using nil::crypto3::zk::snark::r1cs_ppzksnark_keypair = typedef std::pair<ProvingKey, VerificationKey> |
◆ r1cs_primary_input
using nil::crypto3::zk::snark::r1cs_primary_input = typedef std::vector<typename FieldType::value_type> |
A R1CS variable assignment is a vector of <FieldType> elements that represents a candidate solution to a R1CS constraint system (see below).
◆ r1cs_se_ppzksnark_keypair
using nil::crypto3::zk::snark::r1cs_se_ppzksnark_keypair = typedef std::pair<ProvingKey, VerificationKey> |
◆ r1cs_sp_ppzkpcd_auxiliary_input
using nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_auxiliary_input = typedef r1cs_pcd_compliance_predicate_auxiliary_input<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_sp_ppzkpcd_compliance_predicate
using nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_compliance_predicate = typedef r1cs_pcd_compliance_predicate<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_sp_ppzkpcd_local_data
using nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_local_data = typedef r1cs_pcd_local_data<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_sp_ppzkpcd_message
using nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_message = typedef r1cs_pcd_message<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_sp_ppzkpcd_primary_input
using nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_primary_input = typedef r1cs_pcd_compliance_predicate_primary_input<algebra::Fr<typename PCD_ppT::curve_A_pp> > |
◆ r1cs_sp_ppzkpcd_proof
using nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_proof = typedef typename r1cs_ppzksnark<typename PCD_ppT::curve_B_pp>::proof_type |
A proof for the R1CS (single-predicate) ppzkPCD.
◆ r1cs_variable_assignment
using nil::crypto3::zk::snark::r1cs_variable_assignment = typedef std::vector<typename FieldType::value_type> |
◆ set_commitment
typedef std::vector< bool > nil::crypto3::zk::snark::set_commitment |
◆ tbcs_auxiliary_input
A TBCS auxiliary input is a TBCS variable assignment.
◆ tbcs_ppzksnark_keypair
using nil::crypto3::zk::snark::tbcs_ppzksnark_keypair = typedef std::pair<ProvingKey, VerificationKey> |
A key pair for the TBCS ppzkSNARK, which consists of a proving key and a verification key.
◆ tbcs_primary_input
A TBCS primary input is a TBCS variable assignment.
◆ tbcs_variable_assignment
typedef std::vector<bool> nil::crypto3::zk::snark::tbcs_variable_assignment |
A TBCS variable assignment is a vector of bools.
◆ tbcs_wire_t
typedef std::size_t nil::crypto3::zk::snark::tbcs_wire_t |
◆ uscs_auxiliary_input
using nil::crypto3::zk::snark::uscs_auxiliary_input = typedef std::vector<typename FieldType::value_type> |
◆ uscs_constraint
using nil::crypto3::zk::snark::uscs_constraint = typedef linear_combination<FieldType> |
A USCS constraint is a formal expression of the form
\sum_{i=1}^{m} a_i * x_{i} ,
where each a_i is in <FieldType> and each x_{i} is a formal variable.
A USCS constraint is used to construct a USCS constraint system (see below).
◆ uscs_ppzksnark_keypair
using nil::crypto3::zk::snark::uscs_ppzksnark_keypair = typedef std::pair<ProvingKey, VerificationKey> |
◆ uscs_primary_input
using nil::crypto3::zk::snark::uscs_primary_input = typedef std::vector<typename FieldType::value_type> |
A USCS variable assignment is a vector of <FieldType> elements that represents a candidate solution to a USCS constraint system (see below).
◆ uscs_variable_assignment
using nil::crypto3::zk::snark::uscs_variable_assignment = typedef std::vector<typename FieldType::value_type> |
Enumeration Type Documentation
◆ ProvingMode
|
strong |
◆ tbcs_gate_type
Types of TBCS gates (2-input boolean gates).
The order and names used below is taken from page 4 of [1].
Note that each gate's truth table is encoded in its 4-bit opcode. Namely, if g(X,Y) denotes the output of gate g with inputs X and Y, then OPCODE(g) = (g(0,0),g(0,1),g(1,0),g(1,1)) For example, if g is of type IF_X_THEN_Y, which has opcode 13, then the truth table of g is 1101 (13 in binary).
(Note that MSB above is g(0,0) and LSB is g(1,1))
References:
[1] = https://mitpress.mit.edu/sites/default/files/titles/content/9780262640688_sch_0001.pdf
Function Documentation
◆ aggregate()
bool nil::crypto3::zk::snark::aggregate | ( | const typename ProofSystemType::processed_verification_key_type & | pvk, |
const typename ProofSystemType::primary_input_type & | primary_input, | ||
const typename ProofSystemType::proof_type & | proof | ||
) |
◆ aggregate_proofs()
std::enable_if< std::is_same<std::uint8_t, typename std::iterator_traits<InputTranscriptIncludeIterator>::value_type>::value && std::is_same<typename std::iterator_traits<InputProofIterator>::value_type, r1cs_gg_ppzksnark_proof<CurveType> >::value, r1cs_gg_ppzksnark_aggregate_proof<CurveType> >::type nil::crypto3::zk::snark::aggregate_proofs | ( | const r1cs_gg_ppzksnark_aggregate_proving_srs< CurveType > & | srs, |
InputTranscriptIncludeIterator | tr_include_first, | ||
InputTranscriptIncludeIterator | tr_include_last, | ||
InputProofIterator | proofs_first, | ||
InputProofIterator | proofs_last | ||
) |
Aggregate n
zkSnark proofs, where n
must be a power of two.
◆ as_waksman_get_canonical_row_idx()
std::size_t nil::crypto3::zk::snark::as_waksman_get_canonical_row_idx | ( | size_t | row_offset, |
std::size_t | row_idx | ||
) |
Given either a position occupied either by its top or bottom ports, return the row index of its canonical position.
This function is agnostic to column_idx, given row_offset, so we omit column_idx.
◆ as_waksman_get_switch_setting_from_top_bottom_decision()
bool nil::crypto3::zk::snark::as_waksman_get_switch_setting_from_top_bottom_decision | ( | size_t | row_offset, |
std::size_t | packet_idx, | ||
bool | use_top | ||
) |
Return a switch value that makes switch row_idx = as_waksman_switch_position_from_wire_position(row_offset, packet_idx) to route the wire packet_idx via the top (if top = true), resp., bottom (if top = false) subnetwork.
NOTE: pos is assumed to be
- the input position for the LHS switches, and
- the output position for the RHS switches.
◆ as_waksman_get_top_bottom_decision_from_switch_setting()
bool nil::crypto3::zk::snark::as_waksman_get_top_bottom_decision_from_switch_setting | ( | size_t | row_offset, |
std::size_t | packet_idx, | ||
bool | switch_setting | ||
) |
Return true if the switch with input port at (column_idx, row_idx) when set to "straight" (if top = true), resp., "cross" (if top = false), routes the packet at (column_idx, row_idx) via the top subnetwork.
NOTE: packet_idx is assumed to be
- the input position for the RHS switches, and
- the output position for the LHS switches.
◆ as_waksman_num_columns()
std::size_t nil::crypto3::zk::snark::as_waksman_num_columns | ( | size_t | num_packets | ) |
Return the number of (switch) columns in a AS-Waksman network for a given number of packets.
For example:
- as_waksman_num_columns(2) = 1,
- as_waksman_num_columns(3) = 3,
- as_waksman_num_columns(4) = 3, and so on.
◆ as_waksman_other_input_position()
std::size_t nil::crypto3::zk::snark::as_waksman_other_input_position | ( | size_t | row_offset, |
std::size_t | packet_idx | ||
) |
Given an input wire of a LHS switch, compute and return the input position of the other wire also connected to this switch.
◆ as_waksman_other_output_position()
std::size_t nil::crypto3::zk::snark::as_waksman_other_output_position | ( | size_t | row_offset, |
std::size_t | packet_idx | ||
) |
Given an output wire of a RHS switch, compute and return the output position of the other wire also connected to this switch.
◆ as_waksman_route_inner()
void nil::crypto3::zk::snark::as_waksman_route_inner | ( | size_t | left, |
std::size_t | right, | ||
std::size_t | lo, | ||
std::size_t | hi, | ||
const integer_permutation & | permutation, | ||
const integer_permutation & | permutation_inv, | ||
as_waksman_routing & | routing | ||
) |
Compute AS-Waksman switch settings for the subnetwork occupying switch columns [left,left+1,...,right] that will route
- from left-hand side inputs [lo,lo+1,...,hi]
- to right-hand side destinations pi[lo],pi[lo+1],...,pi[hi].
The permutation
- pi maps [lo, lo+1, ... hi] to itself, offset by lo, and
- piinv is the inverse of pi.
NOTE: due to offsets, neither pi or piinv are instances of integer_permutation.
If there is more space for the routing network than required, then the topology for this subnetwork includes straight edges along its sides and no switches, so it suffices to recurse.
Non-trivial base case: switch settings for a 2-element permutation
The algorithm first assigns a setting to a LHS switch, route its target to RHS, which will enforce a RHS switch setting. Then, it back-routes the RHS value back to LHS. If this enforces a LHS switch setting, then forward-route that; otherwise we will select the next value from LHS to route.
ODD CASE: we first deal with the bottom-most straight wire, which is not connected to any of the switches at this level of recursion and just passed into the lower subnetwork.
Easy sub-case: it is routed directly to the bottom-most wire on RHS, so no switches need to be touched.
Other sub-case: the straight wire is routed to a switch on RHS, so route the other value from that switch using the lower subnetwork.
EVEN CASE: the bottom-most switch is fixed to a constant straight setting. So we route wire hi accordingly.
INVARIANT: the wire ‘to_route’ on LHS (if route_left = true), resp., RHS (if route_left = false) can be routed.
We have routed to the straight wire for the odd case, so now we back-route from it.
We know that the corresponding switch on the right-hand side cannot be set, so we set it according to the incoming wire.
We have arrived on the right-hand side, so the switch setting is fixed. Next, we back route from here.
◆ as_waksman_switch_input()
std::size_t nil::crypto3::zk::snark::as_waksman_switch_input | ( | size_t | num_packets, |
std::size_t | row_offset, | ||
std::size_t | row_idx, | ||
bool | use_top | ||
) |
Return the input wire of a right-hand side switch of an AS-Waksman network for a given number of packets.
This function is analogous to as_waksman_switch_output above.
◆ as_waksman_switch_output()
std::size_t nil::crypto3::zk::snark::as_waksman_switch_output | ( | size_t | num_packets, |
std::size_t | row_offset, | ||
std::size_t | row_idx, | ||
bool | use_top | ||
) |
Return the input wire of a left-hand side switch of an AS-Waksman network for a given number of packets.
A switch is specified by a row index row_idx, relative to a "row_offset" that records the level of recursion. (The corresponding column index column_idx can be inferred from row_offset and num_packets, and it is easier to reason about implicitly.)
If top = true, return the top wire, otherwise return bottom wire.
◆ as_waksman_top_height()
std::size_t nil::crypto3::zk::snark::as_waksman_top_height | ( | const std::size_t | num_packets | ) |
Return the height of the AS-Waksman network's top sub-network.
◆ benes_cross_edge_mask()
std::size_t nil::crypto3::zk::snark::benes_cross_edge_mask | ( | size_t | dimension, |
std::size_t | column_idx | ||
) |
Compute the mask for all the cross edges originating at a particular column.
Namely, the packet (column_idx, row_idx) (with column_idx < num_columns) can be routed to two destinations:
- (column_idx+1, row_idx), if the switch handling that packet is set to the "straight" setting, and
- (column_idx+1, row_idx XOR benes_cross_edge_mask(dimension, column_idx)) if the switch handling that packet is set to "cross" setting.
For example, all cross edges in the 0-th column flip the most significant bit of row_idx.
◆ benes_get_switch_setting_from_subnetwork()
bool nil::crypto3::zk::snark::benes_get_switch_setting_from_subnetwork | ( | size_t | dimension, |
std::size_t | column_idx, | ||
std::size_t | row_idx, | ||
bool | use_top | ||
) |
For a switch located at column_idx-th column and row_idx-th row, return the switch setting that would route its packet using the top subnetwork.
◆ benes_lhs_packet_destination()
std::size_t nil::crypto3::zk::snark::benes_lhs_packet_destination | ( | size_t | dimension, |
std::size_t | column_idx, | ||
std::size_t | row_idx, | ||
bool | use_top | ||
) |
Return the specified destination of packet of the left-hand side of the routing network, based on the subnetwork (recall that each packet has two possible destinations – one at the top subnetwork and one at the bottom subnetwork).
That is for a packet located at column_idx-th column and row_idx-th row, return:
- row_idx' of the destination packet (column_idx+1, row_idx') at the top subnetwork (if use_top = true)
- row_idx' of the destination packet (column_idx+1, row_idx') at the bottom subnetwork (if use_top = false)
◆ benes_num_columns()
std::size_t nil::crypto3::zk::snark::benes_num_columns | ( | std::size_t | num_packets | ) |
Return the number of (switch) columns in a Benes network for a given number of packets.
For example:
- benes_num_columns(2) = 2,
- benes_num_columns(4) = 4,
- benes_num_columns(8) = 6, and so on.
◆ benes_packet_cross_destination()
std::size_t nil::crypto3::zk::snark::benes_packet_cross_destination | ( | size_t | dimension, |
std::size_t | column_idx, | ||
std::size_t | row_idx | ||
) |
A packet column_idx-th column and row_idx-th row of the routing network has two destinations (see comment by benes_cross_edge_mask), this returns row_idx' of the "cross" destination.
◆ benes_packet_cross_source()
std::size_t nil::crypto3::zk::snark::benes_packet_cross_source | ( | size_t | dimension, |
std::size_t | column_idx, | ||
std::size_t | packet_idx | ||
) |
A packet column_idx-th column and row_idx-th row of the routing network has two source packets that could give rise to it (see comment by benes_cross_edge_mask), this returns row_idx' of the "cross" source packet.
◆ benes_rhs_packet_source()
std::size_t nil::crypto3::zk::snark::benes_rhs_packet_source | ( | size_t | dimension, |
std::size_t | column_idx, | ||
std::size_t | row_idx, | ||
bool | use_top | ||
) |
Return the specified source of packet of the right-hand side of the routing network, based on the subnetwork (recall that each packet has two possible source packets – one at the top subnetwork and one at the bottom subnetwork).
That is for a packet located at column_idx-th column and row_idx-th row, return:
- row_idx' of the destination packet (column_idx-1, row_idx') at the top subnetwork (if use_top = true)
- row_idx' of the destination packet (column_idx-1, row_idx') at the bottom subnetwork (if use_top = false)
◆ compress()
std::enable_if< std::is_same<typename CurveType::template g1_type<>::value_type, ValueType>::value || std::is_same<typename CurveType::template g2_type<>::value_type, ValueType>::value || std::is_same<typename CurveType::scalar_field_type::value_type, ValueType>::value>::type nil::crypto3::zk::snark::compress | ( | InputRange & | vec, |
std::size_t | split, | ||
const typename CurveType::scalar_field_type::value_type & | scalar | ||
) |
compress is similar to commit::{V,W}KEY::compress: it modifies the vec
vector by setting the value at index $i:0 -> split$ $vec[i] = vec[i] + vec[i+split]^scaler$. The vec
vector is half of its size after this call.
◆ construct_as_waksman_inner()
void nil::crypto3::zk::snark::construct_as_waksman_inner | ( | size_t | left, |
std::size_t | right, | ||
std::size_t | lo, | ||
std::size_t | hi, | ||
const std::vector< std::size_t > & | rhs_dests, | ||
as_waksman_topology & | neighbors | ||
) |
Construct AS-Waksman subnetwork occupying switch columns [left,left+1, ..., right] that will route
- from left-hand side inputs [lo,lo+1,...,hi]
- to right-hand side destinations rhs_dests[0],rhs_dests[1],...,rhs_dests[hi-lo+1]. That is, rhs_dests are 0-indexed w.r.t. row_offset of lo.
Note that rhs_dests is not a permutation of [lo, lo+1, ... hi].
This function fills out neighbors[left] and neighbors[right-1].
If there is more space for the routing network than needed, just add straight edges. This also handles the size-1 base case.
Networks of size sz > 2 are handled by adding two columns of switches alongside the network and recursing.
This adds floor(sz/2) switches alongside the network.
As per the AS-Waksman construction, one of the switches in the even case can be eliminated (i.e., set to a constant). We handle this later.
Odd special case: the last wire is not connected to any switch, and the wire is merely routed "straight".
Even special case: fix the bottom-most left-hand-side switch to a constant "straight" setting.
◆ generate() [1/3]
KeyPairType nil::crypto3::zk::snark::generate | ( | const typename ProofSystemType::circuit_type & | circuit | ) |
◆ generate() [2/3]
KeyPairType nil::crypto3::zk::snark::generate | ( | const typename ProofSystemType::constraint_system_type & | constraint_system | ) |
◆ generate() [3/3]
ProofSystemType::srs_pair_type nil::crypto3::zk::snark::generate | ( | std::size_t | num_proofs | ) |
◆ generate_as_waksman_topology()
as_waksman_topology nil::crypto3::zk::snark::generate_as_waksman_topology | ( | size_t | num_packets | ) |
Return the topology of an AS-Waksman network for a given number of packets.
See as_waksman_topology (above) for details.
◆ generate_benes_topology()
benes_topology nil::crypto3::zk::snark::generate_benes_topology | ( | std::size_t | num_packets | ) |
Return the topology of a Benes network for a given number of packets.
See benes_topology (above) for details.
◆ get_as_waksman_routing()
as_waksman_routing nil::crypto3::zk::snark::get_as_waksman_routing | ( | const integer_permutation & | permutation | ) |
Route the given permutation on an AS-Waksman network of suitable size.
◆ get_benes_routing()
benes_routing nil::crypto3::zk::snark::get_benes_routing | ( | const integer_permutation & | permutation | ) |
Route the given permutation on a Benes network of suitable size.
◆ get_mp_compliance_step_pcd_circuit_input()
snark::r1cs_primary_input< typename CurveType::scalar_field_type > nil::crypto3::zk::snark::get_mp_compliance_step_pcd_circuit_input | ( | const set_commitment & | commitment_to_translation_step_r1cs_vks, |
const r1cs_pcd_compliance_predicate_primary_input< typename CurveType::scalar_field_type > & | primary_input | ||
) |
Obtain the primary input for a compliance-step PCD circuit.
◆ get_mp_translation_step_pcd_circuit_input() [1/2]
snark::r1cs_primary_input<typename CurveType::scalar_field_type> nil::crypto3::zk::snark::get_mp_translation_step_pcd_circuit_input | ( | const set_commitment & | commitment_to_translation_step_r1cs_vks, |
const r1cs_pcd_compliance_predicate_primary_input< other_curve< CurveType >::scalar_field_type > & | primary_input | ||
) |
Obtain the primary input for a translation-step PCD circuit.
◆ get_mp_translation_step_pcd_circuit_input() [2/2]
snark::r1cs_primary_input<typename CurveType::scalar_field_type> nil::crypto3::zk::snark::get_mp_translation_step_pcd_circuit_input | ( | const set_commitment & | commitment_to_translation_step_r1cs_vks | ) |
◆ get_sp_compliance_step_pcd_circuit_input()
r1cs_primary_input< typename CurveType::scalar_field_type > nil::crypto3::zk::snark::get_sp_compliance_step_pcd_circuit_input | ( | const std::vector< bool > & | sp_translation_step_vk_bits, |
const r1cs_pcd_compliance_predicate_primary_input< typename CurveType::scalar_field_type > & | primary_input | ||
) |
Obtain the primary input for a compliance-step PCD circuit.
◆ get_sp_translation_step_pcd_circuit_input()
r1cs_primary_input< typename CurveType::scalar_field_type > nil::crypto3::zk::snark::get_sp_translation_step_pcd_circuit_input | ( | const std::vector< bool > & | sp_translation_step_vk_bits, |
const r1cs_pcd_compliance_predicate_primary_input< other_curve< CurveType >::scalar_field_type::value_type > & | primary_input | ||
) |
Obtain the primary input for a translation-step PCD circuit.
◆ gipa_tipp_mipp()
std::enable_if< std::is_same<typename CurveType::template g1_type<>::value_type, typename std::iterator_traits<InputG1Iterator1>::value_type>::value && std::is_same<typename CurveType::template g2_type<>::value_type, typename std::iterator_traits<InputG2Iterator>::value_type>::value && std::is_same<typename CurveType::scalar_field_type::value_type, typename std::iterator_traits<InputScalarIterator>::value_type>::value && std::is_same<typename CurveType::template g1_type<>::value_type, typename std::iterator_traits<InputG1Iterator2>::value_type>::value, std::tuple<gipa_proof<CurveType>, std::vector<typename CurveType::scalar_field_type::value_type>, std::vector<typename CurveType::scalar_field_type::value_type> > >::type nil::crypto3::zk::snark::gipa_tipp_mipp | ( | transcript< CurveType, Hash > & | tr, |
InputG1Iterator1 | a_first, | ||
InputG1Iterator1 | a_last, | ||
InputG2Iterator | b_first, | ||
InputG2Iterator | b_last, | ||
InputG1Iterator2 | c_first, | ||
InputG1Iterator2 | c_last, | ||
const r1cs_gg_ppzksnark_ipp2_vkey< CurveType > & | vkey_input, | ||
const r1cs_gg_ppzksnark_ipp2_wkey< CurveType > & | wkey_input, | ||
InputScalarIterator | r_first, | ||
InputScalarIterator | r_last | ||
) |
gipa_tipp_mipp peforms the recursion of the GIPA protocol for TIPP and MIPP. It returns a proof containing all intermdiate committed values, as well as the challenges generated necessary to do the polynomial commitment proof later in TIPP.
◆ gipa_verify_tipp_mipp()
|
inline |
gipa_verify_tipp_mipp recurse on the proof and statement and produces the final values to be checked by TIPP and MIPP verifier, namely, for TIPP for example:
- T,U: the final commitment values of A and B
- Z the final product between A and B.
- Challenges are returned in inverse order as well to avoid repeating the operation multiple times later on.
- There are T,U,Z vectors as well for the MIPP relationship. Both TIPP and MIPP share the same challenges however, enabling to re-use common operations between them, such as the KZG proof for commitment keys.
◆ kc_batch_exp()
knowledge_commitment_vector<T1, T2> nil::crypto3::zk::snark::kc_batch_exp | ( | const std::size_t | scalar_size, |
const std::size_t | T1_window, | ||
const std::size_t | T2_window, | ||
const algebra::window_table< T1 > & | T1_table, | ||
const algebra::window_table< T2 > & | T2_table, | ||
const typename FieldType::value_type & | T1_coeff, | ||
const typename FieldType::value_type & | T2_coeff, | ||
const std::vector< typename FieldType::value_type > & | v, | ||
const std::size_t | suggested_num_chunks | ||
) |
◆ kc_batch_exp_internal()
knowledge_commitment_vector<T1, T2> nil::crypto3::zk::snark::kc_batch_exp_internal | ( | const std::size_t | scalar_size, |
const std::size_t | T1_window, | ||
const std::size_t | T2_window, | ||
const algebra::window_table< T1 > & | T1_table, | ||
const algebra::window_table< T2 > & | T2_table, | ||
const typename FieldType::value_type & | T1_coeff, | ||
const typename FieldType::value_type & | T2_coeff, | ||
const std::vector< typename FieldType::value_type > & | v, | ||
const std::size_t | start_pos, | ||
const std::size_t | end_pos, | ||
const std::size_t | expected_size | ||
) |
◆ kc_multiexp_with_mixed_addition()
knowledge_commitment<T1, T2>::value_type nil::crypto3::zk::snark::kc_multiexp_with_mixed_addition | ( | const knowledge_commitment_vector< T1, T2 > & | vec, |
const std::size_t | min_idx, | ||
const std::size_t | max_idx, | ||
InputFieldIterator | scalar_start, | ||
InputFieldIterator | scalar_end, | ||
const std::size_t | chunks | ||
) |
◆ operator*() [1/6]
linear_term<FieldType> nil::crypto3::zk::snark::operator* | ( | const integer_coeff_t | int_coeff, |
const variable< FieldType > & | var | ||
) |
◆ operator*() [2/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator* | ( | const typename FieldType::value_type & | field_coeff, |
const linear_combination< FieldType > & | lc | ||
) |
◆ operator*() [3/6]
linear_term<FieldType> nil::crypto3::zk::snark::operator* | ( | const typename FieldType::value_type & | field_coeff, |
const linear_term< FieldType > & | lt | ||
) |
◆ operator*() [4/6]
linear_term<FieldType> nil::crypto3::zk::snark::operator* | ( | const typename FieldType::value_type & | field_coeff, |
const variable< FieldType > & | var | ||
) |
◆ operator*() [5/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator* | ( | integer_coeff_t | int_coeff, |
const linear_combination< FieldType > & | lc | ||
) |
◆ operator*() [6/6]
linear_term<FieldType> nil::crypto3::zk::snark::operator* | ( | integer_coeff_t | int_coeff, |
const linear_term< FieldType > & | lt | ||
) |
◆ operator+() [1/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator+ | ( | const integer_coeff_t | int_coeff, |
const linear_term< FieldType > & | lt | ||
) |
◆ operator+() [2/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator+ | ( | const integer_coeff_t | int_coeff, |
const variable< FieldType > & | var | ||
) |
◆ operator+() [3/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator+ | ( | const typename FieldType::value_type & | field_coeff, |
const linear_combination< FieldType > & | lc | ||
) |
◆ operator+() [4/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator+ | ( | const typename FieldType::value_type & | field_coeff, |
const linear_term< FieldType > & | lt | ||
) |
◆ operator+() [5/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator+ | ( | const typename FieldType::value_type & | field_coeff, |
const variable< FieldType > & | var | ||
) |
◆ operator+() [6/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator+ | ( | integer_coeff_t | int_coeff, |
const linear_combination< FieldType > & | lc | ||
) |
◆ operator-() [1/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator- | ( | const integer_coeff_t | int_coeff, |
const linear_term< FieldType > & | lt | ||
) |
◆ operator-() [2/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator- | ( | const integer_coeff_t | int_coeff, |
const variable< FieldType > & | var | ||
) |
◆ operator-() [3/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator- | ( | const typename FieldType::value_type & | field_coeff, |
const linear_combination< FieldType > & | lc | ||
) |
◆ operator-() [4/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator- | ( | const typename FieldType::value_type & | field_coeff, |
const linear_term< FieldType > & | lt | ||
) |
◆ operator-() [5/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator- | ( | const typename FieldType::value_type & | field_coeff, |
const variable< FieldType > & | var | ||
) |
◆ operator-() [6/6]
linear_combination<FieldType> nil::crypto3::zk::snark::operator- | ( | integer_coeff_t | int_coeff, |
const linear_combination< FieldType > & | lc | ||
) |
◆ opt_window_wnaf_exp()
knowledge_commitment<T1, T2>::value_type nil::crypto3::zk::snark::opt_window_wnaf_exp | ( | const typename knowledge_commitment< T1, T2 >::value_type & | base, |
const multiprecision::number< Backend, ExpressionTemplates > & | scalar, | ||
const std::size_t | scalar_bits | ||
) |
◆ polynomial_coefficients_from_transcript()
std::enable_if<std::is_same<typename std::iterator_traits<InputFieldValueIterator>::value_type, typename FieldType::value_type>::value, std::vector<typename FieldType::value_type> >::type nil::crypto3::zk::snark::polynomial_coefficients_from_transcript | ( | InputFieldValueIterator | transcript_first, |
InputFieldValueIterator | transcript_last, | ||
const typename FieldType::value_type & | r_shift | ||
) |
◆ polynomial_evaluation_product_form_from_transcript()
std::enable_if<std::is_same<typename std::iterator_traits<InputFieldValueIterator>::value_type, typename FieldType::value_type>::value, typename FieldType::value_type>::type nil::crypto3::zk::snark::polynomial_evaluation_product_form_from_transcript | ( | InputFieldValueIterator | transcript_first, |
InputFieldValueIterator | transcript_last, | ||
const typename FieldType::value_type & | z, | ||
const typename FieldType::value_type & | r_shift | ||
) |
It returns the evaluation of the polynomial $\prod (1 + x_{l-j}(rX)^{2j}$ at the point z, where transcript contains the reversed order of all challenges (the x). The challenges must be in reversed order for the correct evaluation of the polynomial in O(logn)
◆ prove() [1/3]
ProofSystemType::proof_type nil::crypto3::zk::snark::prove | ( | const typename ProofSystemType::proving_key_type & | pk, |
const PublicKey & | pubkey, | ||
const typename ProofSystemType::primary_input_type & | primary_input, | ||
const typename ProofSystemType::auxiliary_input_type & | auxiliary_input, | ||
const ScalarValue & | r | ||
) |
◆ prove() [2/3]
ProofSystemType::proof_type nil::crypto3::zk::snark::prove | ( | const typename ProofSystemType::proving_key_type & | pk, |
const typename ProofSystemType::primary_input_type & | primary_input, | ||
const typename ProofSystemType::auxiliary_input_type & | auxiliary_input | ||
) |
◆ prove() [3/3]
ProofSystemType::proof_type nil::crypto3::zk::snark::prove | ( | const typename ProofSystemType::proving_srs_type & | srs, |
InputTranscriptIncludeIterator | transcript_include_first, | ||
InputTranscriptIncludeIterator | transcript_include_last, | ||
InputProofIterator | proofs_first, | ||
InputProofIterator | proofs_last | ||
) |
◆ prove_commitment_key_kzg_opening()
std::enable_if< std::is_same<typename GroupType::value_type, typename std::iterator_traits<InputGroupIterator>::value_type>::value && std::is_same< typename GroupType::curve_type::scalar_field_type::value_type, typename std::iterator_traits<typename InputScalarRange::iterator>::value_type>::value, kzg_opening<GroupType> >::type nil::crypto3::zk::snark::prove_commitment_key_kzg_opening | ( | InputGroupIterator | srs_powers_alpha_first, |
InputGroupIterator | srs_powers_alpha_last, | ||
InputGroupIterator | srs_powers_beta_first, | ||
InputGroupIterator | srs_powers_beta_last, | ||
const InputScalarRange & | poly, | ||
const typename GroupType::curve_type::scalar_field_type::value_type & | eval_poly, | ||
const typename GroupType::curve_type::scalar_field_type::value_type & | kzg_challenge | ||
) |
Returns the KZG opening proof for the given commitment key. Specifically, it returns $g^{f(alpha) - f(z) / (alpha - z)}$ for $a$ and $b$.
◆ prove_commitment_v()
std::enable_if< std::is_same<typename CurveType::template g2_type<>::value_type, typename std::iterator_traits<InputG2Iterator>::value_type>::value && std::is_same<typename CurveType::scalar_field_type::value_type, typename std::iterator_traits<InputScalarIterator>::value_type>::value, kzg_opening<typename CurveType::template g2_type<> > >::type nil::crypto3::zk::snark::prove_commitment_v | ( | InputG2Iterator | srs_powers_alpha_first, |
InputG2Iterator | srs_powers_alpha_last, | ||
InputG2Iterator | srs_powers_beta_first, | ||
InputG2Iterator | srs_powers_beta_last, | ||
InputScalarIterator | transcript_first, | ||
InputScalarIterator | transcript_last, | ||
const typename CurveType::scalar_field_type::value_type & | kzg_challenge | ||
) |
◆ prove_commitment_w()
std::enable_if< std::is_same<typename CurveType::template g1_type<>::value_type, typename std::iterator_traits<InputG1Iterator>::value_type>::value && std::is_same<typename CurveType::scalar_field_type::value_type, typename std::iterator_traits<InputScalarIterator>::value_type>::value, kzg_opening<typename CurveType::template g1_type<> > >::type nil::crypto3::zk::snark::prove_commitment_w | ( | InputG1Iterator | srs_powers_alpha_first, |
InputG1Iterator | srs_powers_alpha_last, | ||
InputG1Iterator | srs_powers_beta_first, | ||
InputG1Iterator | srs_powers_beta_last, | ||
InputScalarIterator | transcript_first, | ||
InputScalarIterator | transcript_last, | ||
typename CurveType::scalar_field_type::value_type | r_shift, | ||
const typename CurveType::scalar_field_type::value_type & | kzg_challenge | ||
) |
◆ prove_tipp_mipp()
std::enable_if< std::is_same<typename CurveType::template g1_type<>::value_type, typename std::iterator_traits<InputG1Iterator1>::value_type>::value && std::is_same<typename CurveType::template g2_type<>::value_type, typename std::iterator_traits<InputG2Iterator>::value_type>::value && std::is_same<typename CurveType::template g1_type<>::value_type, typename std::iterator_traits<InputG1Iterator2>::value_type>::value && std::is_same<typename CurveType::scalar_field_type::value_type, typename std::iterator_traits<InputScalarIterator>::value_type>::value, tipp_mipp_proof<CurveType> >::type nil::crypto3::zk::snark::prove_tipp_mipp | ( | const r1cs_gg_ppzksnark_aggregate_proving_srs< CurveType > & | srs, |
transcript< CurveType, Hash > & | tr, | ||
InputG1Iterator1 | a_first, | ||
InputG1Iterator1 | a_last, | ||
InputG2Iterator | b_first, | ||
InputG2Iterator | b_last, | ||
InputG1Iterator2 | c_first, | ||
InputG1Iterator2 | c_last, | ||
const r1cs_gg_ppzksnark_ipp2_wkey< CurveType > & | wkey, | ||
InputScalarIterator | r_first, | ||
InputScalarIterator | r_last | ||
) |
Proves a TIPP relation between A and B as well as a MIPP relation with C and r. Commitment keys must be of size of A, B and C. In the context of Groth16 aggregation, we have that B = B^r and wkey is scaled by r^{-1}. The commitment key v is used to commit to A and C recursively in GIPA such that only one KZG proof is needed for v. In the original paper version, since the challenges of GIPA would be different, two KZG proofs would be needed.
◆ r1cs_mp_ppzkpcd_generator()
r1cs_mp_ppzkpcd_keypair< PCD_ppT > nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_generator | ( | const std::vector< r1cs_mp_ppzkpcd_compliance_predicate< PCD_ppT >> & | compliance_predicates | ) |
A generator algorithm for the R1CS (multi-predicate) ppzkPCD.
Given a vector of compliance predicates, this algorithm produces proving and verification keys for the vector.
◆ r1cs_mp_ppzkpcd_online_verifier()
bool nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_online_verifier | ( | const r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > & | pvk, |
const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > & | primary_input, | ||
const r1cs_mp_ppzkpcd_proof< PCD_ppT > & | proof | ||
) |
A verifier algorithm for the R1CS (multi-predicate) ppzkPCD that accepts a processed verification key.
◆ r1cs_mp_ppzkpcd_process_vk()
r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_process_vk | ( | const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > & | vk | ) |
Convert a (non-processed) verification key into a processed verification key.
◆ r1cs_mp_ppzkpcd_prover()
r1cs_mp_ppzkpcd_proof< PCD_ppT > nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_prover | ( | const r1cs_mp_ppzkpcd_proving_key< PCD_ppT > & | pk, |
const std::size_t | compliance_predicate_name, | ||
const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > & | primary_input, | ||
const r1cs_mp_ppzkpcd_auxiliary_input< PCD_ppT > & | auxiliary_input, | ||
const std::vector< r1cs_mp_ppzkpcd_proof< PCD_ppT >> & | incoming_proofs | ||
) |
A prover algorithm for the R1CS (multi-predicate) ppzkPCD.
Given a proving key, name of chosen compliance predicate, inputs for the compliance predicate, and proofs for the predicate's input messages, this algorithm produces a proof (of knowledge) that attests to the compliance of the output message.
◆ r1cs_mp_ppzkpcd_verifier()
bool nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verifier | ( | const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > & | vk, |
const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > & | primary_input, | ||
const r1cs_mp_ppzkpcd_proof< PCD_ppT > & | proof | ||
) |
A verifier algorithm for the R1CS (multi-predicate) ppzkPCD that accepts a non-processed verification key.
◆ r1cs_sp_ppzkpcd_generator()
r1cs_sp_ppzkpcd_keypair< PCD_ppT > nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_generator | ( | const r1cs_sp_ppzkpcd_compliance_predicate< PCD_ppT > & | compliance_predicate | ) |
A generator algorithm for the R1CS (single-predicate) ppzkPCD.
Given a compliance predicate, this algorithm produces proving and verification keys for the predicate.
◆ r1cs_sp_ppzkpcd_online_verifier()
bool nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_online_verifier | ( | const r1cs_sp_ppzkpcd_processed_verification_key< PCD_ppT > & | pvk, |
const r1cs_sp_ppzkpcd_primary_input< PCD_ppT > & | primary_input, | ||
const r1cs_sp_ppzkpcd_proof< PCD_ppT > & | proof | ||
) |
A verifier algorithm for the R1CS (single-predicate) ppzkPCD that accepts a processed verification key.
◆ r1cs_sp_ppzkpcd_process_vk()
r1cs_sp_ppzkpcd_processed_verification_key< PCD_ppT > nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_process_vk | ( | const r1cs_sp_ppzkpcd_verification_key< PCD_ppT > & | vk | ) |
Convert a (non-processed) verification key into a processed verification key.
◆ r1cs_sp_ppzkpcd_prover()
r1cs_sp_ppzkpcd_proof<PCD_ppT> nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_prover | ( | const r1cs_sp_ppzkpcd_proving_key< PCD_ppT > & | pk, |
const r1cs_sp_ppzkpcd_primary_input< PCD_ppT > & | primary_input, | ||
const r1cs_sp_ppzkpcd_auxiliary_input< PCD_ppT > & | auxiliary_input, | ||
const std::vector< r1cs_sp_ppzkpcd_proof< PCD_ppT >> & | incoming_proofs | ||
) |
A prover algorithm for the R1CS (single-predicate) ppzkPCD.
Given a proving key, inputs for the compliance predicate, and proofs for the predicate's input messages, this algorithm produces a proof (of knowledge) that attests to the compliance of the output message.
◆ r1cs_sp_ppzkpcd_verifier()
bool nil::crypto3::zk::snark::r1cs_sp_ppzkpcd_verifier | ( | const r1cs_sp_ppzkpcd_verification_key< PCD_ppT > & | vk, |
const r1cs_sp_ppzkpcd_primary_input< PCD_ppT > & | primary_input, | ||
const r1cs_sp_ppzkpcd_proof< PCD_ppT > & | proof | ||
) |
A verifier algorithm for the R1CS (single-predicate) ppzkPCD that accepts a non-processed verification key.
◆ route_benes_inner()
void nil::crypto3::zk::snark::route_benes_inner | ( | size_t | dimension, |
const integer_permutation & | permutation, | ||
const integer_permutation & | permutation_inv, | ||
std::size_t | column_idx_start, | ||
std::size_t | column_idx_end, | ||
std::size_t | subnetwork_offset, | ||
std::size_t | subnetwork_size, | ||
benes_routing & | routing | ||
) |
Auxiliary function used in get_benes_routing (see below).
The network from t_start to t_end is the part of the Benes network that needs to be routed according to the permutation pi.
The permutation
- pi maps [subnetwork_offset..subnetwork_offset+subnetwork_size-1] to itself, offset by subnetwork_offset, and
- piinv is the inverse of pi.
INVARIANT: node w from left hand side can always be routed to the right-hand side using the upper network.
◆ route_by_benes()
std::vector<std::vector<T> > nil::crypto3::zk::snark::route_by_benes | ( | const benes_routing & | routing, |
const std::vector< T > & | start | ||
) |
◆ sigBatchVerif()
bool nil::crypto3::zk::snark::sigBatchVerif | ( | const r1cs_ppzkadsnark_vkT< CurveType > & | vk, |
const std::vector< label_type > & | labels, | ||
const std::vector< typename CurveType::g2_type::value_type > & | Lambdas, | ||
const std::vector< r1cs_ppzkadsnark_signature< CurveType >> & | sigs | ||
) |
◆ sigGen()
kpT<CurveType> nil::crypto3::zk::snark::sigGen | ( | void | ) |
◆ sigSign()
r1cs_ppzkadsnark_signature<CurveType> nil::crypto3::zk::snark::sigSign | ( | const r1cs_ppzkadsnark_secret_key< CurveType > & | sk, |
const label_type & | label, | ||
const typename CurveType::g2_type::value_type & | Lambda | ||
) |
◆ sigVerif()
bool nil::crypto3::zk::snark::sigVerif | ( | const r1cs_ppzkadsnark_vkT< CurveType > & | vk, |
const label_type & | label, | ||
const typename CurveType::g2_type::value_type & | Lambda, | ||
const r1cs_ppzkadsnark_signature< CurveType > & | sig | ||
) |
◆ structured_generators_scalar_power()
std::vector<typename GroupType::value_type> nil::crypto3::zk::snark::structured_generators_scalar_power | ( | std::size_t | n, |
const typename ScalarFieldType::value_type & | s | ||
) |
◆ structured_scalar_power()
std::vector<typename FieldType::value_type> nil::crypto3::zk::snark::structured_scalar_power | ( | std::size_t | num, |
const typename FieldType::value_type & | s | ||
) |
Returns the vector used for the linear combination fo the inner pairing product between A and B for the Groth16 aggregation: A^r * B. It is required as it is not enough to simply prove the ipp of A*B, we need a random linear combination of those.
◆ two_to_one_CRH() [1/2]
Hash::digest_type nil::crypto3::zk::snark::two_to_one_CRH | ( | const typename Hash::digest_type & | l, |
const typename Hash::digest_type & | r | ||
) |
◆ two_to_one_CRH() [2/2]
Hash::hash_value_type nil::crypto3::zk::snark::two_to_one_CRH | ( | const typename Hash::hash_value_type & | l, |
const typename Hash::hash_value_type & | r | ||
) |
◆ valid_as_waksman_routing()
bool nil::crypto3::zk::snark::valid_as_waksman_routing | ( | const integer_permutation & | permutation, |
const as_waksman_routing & | routing | ||
) |
Check if a routing "implements" the given permutation.
◆ valid_benes_routing()
bool nil::crypto3::zk::snark::valid_benes_routing | ( | const integer_permutation & | permutation, |
const benes_routing & | routing | ||
) |
Check if a routing "implements" the given permutation.
◆ verify() [1/3]
bool nil::crypto3::zk::snark::verify | ( | const typename ProofSystemType::processed_verification_key_type & | pvk, |
const typename ProofSystemType::primary_input_type & | primary_input, | ||
const typename ProofSystemType::proof_type & | proof | ||
) |
◆ verify() [2/3]
bool nil::crypto3::zk::snark::verify | ( | const typename ProofSystemType::verification_key_type & | vk, |
const typename ProofSystemType::primary_input_type & | primary_input, | ||
const typename ProofSystemType::proof_type & | proof | ||
) |
◆ verify() [3/3]
bool nil::crypto3::zk::snark::verify | ( | const typename ProofSystemType::verification_srs_type & | ip_verifier_srs, |
const typename ProofSystemType::verification_key_type & | pvk, | ||
const InputPrimaryInputRange & | public_inputs, | ||
const typename ProofSystemType::proof_type & | proof, | ||
InputIterator | transcript_include_first, | ||
InputIterator | transcript_include_last | ||
) |
◆ verify_aggregate_proof()
|
inline |
Verifies the aggregated proofs thanks to the Groth16 verifying key, the verifier SRS from the aggregation scheme, all the public inputs of the proofs and the aggregated proof. WARNING: transcript_include represents everything that should be included in the transcript from outside the boundary of this function. This is especially relevant for ALL public inputs of ALL individual proofs. In the regular case, one should input ALL public inputs from ALL proofs aggregated. However, IF ALL the public inputs are fixed, and public before the aggregation time, then there is no need to hash those. The reason we specify this extra assumption is because hashing the public inputs from the decoded form can take quite some time depending on the number of proofs and public inputs (+100ms in our case). In the case of Filecoin, the only non-fixed part of the public inputs are the challenges derived from a seed. Even though this seed comes from a random beeacon, we are hashing this as a safety precaution.
◆ verify_kzg_v()
|
inline |
verify_kzg_opening_g2 takes a KZG opening, the final commitment key, SRS and any shift (in TIPP we shift the v commitment by r^-1) and returns a pairing tuple to check if the opening is correct or not.
◆ verify_kzg_w()
|
inline |
Similar to verify_kzg_opening_g2 but for g1.
◆ verify_tipp_mipp()
|
inline |
verify_tipp_mipp returns a pairing equation to check the tipp proof. $r$ is the randomness used to produce a random linear combination of A and B and used in the MIPP part with C