blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2018-2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2020-2021 Nikita Kaskov <nbering@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 // @file Declaration of interfaces for the the R1CS ppzkSNARK verifier component.
26 //
27 // The component r1cs_ppzksnark_verifier_component verifiers correct computation of
28 // r1cs_ppzksnark::verifier_strong_input_consistency. The component is built from two main sub-components:
29 // - r1cs_ppzksnark_verifier_process_vk_component, which verifies correct computation of
30 // r1cs_ppzksnark_verifier_process_vk, and
31 // - r1cs_ppzksnark_online_verifier_component, which verifies correct computation of
32 // r1cs_ppzksnark_online_verifier_strong_input_consistency. See r1cs_ppzksnark.hpp for description of the aforementioned
33 // functions.
34 //---------------------------------------------------------------------------//
35 
36 #ifndef CRYPTO3_ZK_BLUEPRINT_R1CS_PPZKSNARK_VERIFIER_COMPONENT_HPP
37 #define CRYPTO3_ZK_BLUEPRINT_R1CS_PPZKSNARK_VERIFIER_COMPONENT_HPP
38 
39 #include <nil/crypto3/algebra/algorithms/pair.hpp>
40 
41 #include <nil/crypto3/zk/components/packing.hpp>
42 #include <nil/crypto3/zk/components/conjunction.hpp>
43 #include <nil/crypto3/zk/components/algebra/curves/weierstrass/element_g1.hpp>
44 #include <nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp>
45 #include <nil/crypto3/zk/components/algebra/pairing/pairing_checks.hpp>
46 //#include <nil/crypto3/zk/components/algebra/pairing/pairing_params.hpp>
47 #include <nil/crypto3/zk/snark/schemes/ppzksnark/r1cs_ppzksnark.hpp>
48 
49 namespace nil {
50  namespace crypto3 {
51  namespace zk {
52  namespace snark {
53  namespace components {
54 
55  using namespace nil::crypto3::algebra::pairing;
56 
57  template<typename CurveType>
58  class r1cs_ppzksnark_proof_variable : public component<typename CurveType::scalar_field_type> {
59  public:
60  typedef typename CurveType::scalar_field_type FieldType;
61 
62  std::shared_ptr<element_g1<CurveType>> g_A_g;
63  std::shared_ptr<element_g1<CurveType>> g_A_h;
64  std::shared_ptr<element_g2<CurveType>> g_B_g;
65  std::shared_ptr<element_g1<CurveType>> g_B_h;
66  std::shared_ptr<element_g1<CurveType>> g_C_g;
67  std::shared_ptr<element_g1<CurveType>> g_C_h;
68  std::shared_ptr<element_g1<CurveType>> g_H;
69  std::shared_ptr<element_g1<CurveType>> g_K;
70 
71  std::vector<std::shared_ptr<element_g1<CurveType>>> all_G1_vars;
72  std::vector<std::shared_ptr<element_g2<CurveType>>> all_G2_vars;
73 
74  std::vector<std::shared_ptr<element_g1_is_well_formed<CurveType>>> all_G1_checkers;
75  std::shared_ptr<element_g2_is_well_formed<CurveType>> G2_checker;
76 
77  blueprint_variable_vector<FieldType> proof_contents;
78 
79  r1cs_ppzksnark_proof_variable(blueprint<FieldType> &bp) : component<FieldType>(bp) {
80  const std::size_t num_G1 = 7;
81  const std::size_t num_G2 = 1;
82 
83  g_A_g.reset(new element_g1<CurveType>(bp));
84  g_A_h.reset(new element_g1<CurveType>(bp));
85  g_B_g.reset(new element_g2<CurveType>(bp));
86  g_B_h.reset(new element_g1<CurveType>(bp));
87  g_C_g.reset(new element_g1<CurveType>(bp));
88  g_C_h.reset(new element_g1<CurveType>(bp));
89  g_H.reset(new element_g1<CurveType>(bp));
90  g_K.reset(new element_g1<CurveType>(bp));
91 
92  all_G1_vars = {g_A_g, g_A_h, g_B_h, g_C_g, g_C_h, g_H, g_K};
93  all_G2_vars = {g_B_g};
94 
95  all_G1_checkers.resize(all_G1_vars.size());
96 
97  for (std::size_t i = 0; i < all_G1_vars.size(); ++i) {
98  all_G1_checkers[i].reset(new element_g1_is_well_formed<CurveType>(bp, *all_G1_vars[i]));
99  }
100  G2_checker.reset(new element_g2_is_well_formed<CurveType>(bp, *g_B_g));
101 
102  assert(all_G1_vars.size() == num_G1);
103  assert(all_G2_vars.size() == num_G2);
104  }
105  void generate_r1cs_constraints() {
106  for (auto &G1_checker : all_G1_checkers) {
107  G1_checker->generate_r1cs_constraints();
108  }
109 
110  G2_checker->generate_r1cs_constraints();
111  }
112  void generate_r1cs_witness(
113  const typename r1cs_ppzksnark<typename CurveType::pairing::pair_curve_type>::proof_type
114  &proof) {
115  std::vector<typename CurveType::pairing::pair_curve_type::g1_type> G1_elems;
116  std::vector<typename CurveType::pairing::pair_curve_type::g2_type> G2_elems;
117 
118  G1_elems = {proof.g_A.g, proof.g_A.h, proof.g_B.h, proof.g_C.g,
119  proof.g_C.h, proof.g_H, proof.g_K};
120  G2_elems = {proof.g_B.g};
121 
122  assert(G1_elems.size() == all_G1_vars.size());
123  assert(G2_elems.size() == all_G2_vars.size());
124 
125  for (std::size_t i = 0; i < G1_elems.size(); ++i) {
126  all_G1_vars[i]->generate_r1cs_witness(G1_elems[i]);
127  }
128 
129  for (std::size_t i = 0; i < G2_elems.size(); ++i) {
130  all_G2_vars[i]->generate_r1cs_witness(G2_elems[i]);
131  }
132 
133  for (auto &G1_checker : all_G1_checkers) {
134  G1_checker->generate_r1cs_witness();
135  }
136 
137  G2_checker->generate_r1cs_witness();
138  }
139  static std::size_t size() {
140  const std::size_t num_G1 = 7;
141  const std::size_t num_G2 = 1;
142  return (num_G1 * element_g1<CurveType>::num_field_elems +
143  num_G2 * element_g2<CurveType>::num_field_elems);
144  }
145  };
146 
147  template<typename CurveType>
148  class r1cs_ppzksnark_verification_key_variable
149  : public component<typename CurveType::scalar_field_type> {
150  public:
151  typedef typename CurveType::scalar_field_type FieldType;
152 
153  std::shared_ptr<element_g2<CurveType>> alphaA_g2;
154  std::shared_ptr<element_g1<CurveType>> alphaB_g1;
155  std::shared_ptr<element_g2<CurveType>> alphaC_g2;
156  std::shared_ptr<element_g2<CurveType>> gamma_g2;
157  std::shared_ptr<element_g1<CurveType>> gamma_beta_g1;
158  std::shared_ptr<element_g2<CurveType>> gamma_beta_g2;
159  std::shared_ptr<element_g2<CurveType>> rC_Z_g2;
160  std::shared_ptr<element_g1<CurveType>> encoded_IC_base;
161  std::vector<std::shared_ptr<element_g1<CurveType>>> encoded_IC_query;
162 
163  blueprint_variable_vector<FieldType> all_bits;
164  blueprint_linear_combination_vector<FieldType> all_vars;
165  std::size_t input_size;
166 
167  std::vector<std::shared_ptr<element_g1<CurveType>>> all_G1_vars;
168  std::vector<std::shared_ptr<element_g2<CurveType>>> all_G2_vars;
169 
170  std::shared_ptr<multipacking_component<FieldType>> packer;
171 
172  // Unfortunately, g++ 4.9 and g++ 5.0 have a bug related to
173  // incorrect inlining of small functions:
174  // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65307, which
175  // produces wrong assembly even at -O1. The test case at the bug
176  // report is directly derived from this code here. As a temporary
177  // work-around we mark the key functions noinline to hint compiler
178  // that inlining should not be performed.
179 
180  // TODO: remove later, when g++ developers fix the bug.
181 
182  __attribute__((noinline))
183  r1cs_ppzksnark_verification_key_variable(blueprint<FieldType> &bp,
184  const blueprint_variable_vector<FieldType> &all_bits,
185  const std::size_t input_size) :
186  component<FieldType>(bp),
187  all_bits(all_bits), input_size(input_size) {
188  const std::size_t num_G1 = 2 + (input_size + 1);
189  const std::size_t num_G2 = 5;
190 
191  assert(all_bits.size() == (element_g1<CurveType>::size_in_bits() * num_G1 +
192  element_g2<CurveType>::size_in_bits() * num_G2));
193 
194  this->alphaA_g2.reset(new element_g2<CurveType>(bp));
195  this->alphaB_g1.reset(new element_g1<CurveType>(bp));
196  this->alphaC_g2.reset(new element_g2<CurveType>(bp));
197  this->gamma_g2.reset(new element_g2<CurveType>(bp));
198  this->gamma_beta_g1.reset(new element_g1<CurveType>(bp));
199  this->gamma_beta_g2.reset(new element_g2<CurveType>(bp));
200  this->rC_Z_g2.reset(new element_g2<CurveType>(bp));
201 
202  all_G1_vars = {this->alphaB_g1, this->gamma_beta_g1};
203  all_G2_vars = {this->alphaA_g2, this->alphaC_g2, this->gamma_g2, this->gamma_beta_g2,
204  this->rC_Z_g2};
205 
206  this->encoded_IC_query.resize(input_size);
207  this->encoded_IC_base.reset(new element_g1<CurveType>(bp));
208  this->all_G1_vars.emplace_back(this->encoded_IC_base);
209 
210  for (std::size_t i = 0; i < input_size; ++i) {
211  this->encoded_IC_query[i].reset(new element_g1<CurveType>(bp));
212  all_G1_vars.emplace_back(this->encoded_IC_query[i]);
213  }
214 
215  for (auto &G1_var : all_G1_vars) {
216  all_vars.insert(all_vars.end(), G1_var->all_vars.begin(), G1_var->all_vars.end());
217  }
218 
219  for (auto &G2_var : all_G2_vars) {
220  all_vars.insert(all_vars.end(), G2_var->all_vars.begin(), G2_var->all_vars.end());
221  }
222 
223  assert(all_G1_vars.size() == num_G1);
224  assert(all_G2_vars.size() == num_G2);
225  assert(all_vars.size() == (num_G1 * element_g1<CurveType>::num_variables() +
226  num_G2 * element_g2<CurveType>::num_variables()));
227 
228  packer.reset(new multipacking_component<FieldType>(
229  bp, all_bits, all_vars, FieldType::size_in_bits()));
230  }
231  void generate_r1cs_constraints(const bool enforce_bitness) {
232  packer->generate_r1cs_constraints(enforce_bitness);
233  }
234  void generate_r1cs_witness(
235  const typename r1cs_ppzksnark<
236  typename CurveType::pairing::pair_curve_type>::verification_key_type &vk) {
237  std::vector<typename CurveType::pairing::pair_curve_type::g1_type> G1_elems;
238  std::vector<typename CurveType::pairing::pair_curve_type::g2_type> G2_elems;
239 
240  G1_elems = {vk.alphaB_g1, vk.gamma_beta_g1};
241  G2_elems = {vk.alphaA_g2, vk.alphaC_g2, vk.gamma_g2, vk.gamma_beta_g2, vk.rC_Z_g2};
242 
243  assert(vk.encoded_IC_query.rest.indices.size() == input_size);
244  G1_elems.emplace_back(vk.encoded_IC_query.first);
245  for (std::size_t i = 0; i < input_size; ++i) {
246  assert(vk.encoded_IC_query.rest.indices[i] == i);
247  G1_elems.emplace_back(vk.encoded_IC_query.rest.values[i]);
248  }
249 
250  assert(G1_elems.size() == all_G1_vars.size());
251  assert(G2_elems.size() == all_G2_vars.size());
252 
253  for (std::size_t i = 0; i < G1_elems.size(); ++i) {
254  all_G1_vars[i]->generate_r1cs_witness(G1_elems[i]);
255  }
256 
257  for (std::size_t i = 0; i < G2_elems.size(); ++i) {
258  all_G2_vars[i]->generate_r1cs_witness(G2_elems[i]);
259  }
260 
261  packer->generate_r1cs_witness_from_packed();
262  }
263  void generate_r1cs_witness(const std::vector<bool> &vk_bits) {
264  all_bits.fill_with_bits(this->bp, vk_bits);
265  packer->generate_r1cs_witness_from_bits();
266  }
267 
268  std::vector<bool> get_bits() const {
269  return all_bits.get_bits(this->bp);
270  }
271 
272  static std::size_t __attribute__((noinline)) size_in_bits(const std::size_t input_size) {
273  const std::size_t num_G1 = 2 + (input_size + 1);
274  const std::size_t num_G2 = 5;
275  const std::size_t result = element_g1<CurveType>::size_in_bits() * num_G1 +
276  element_g2<CurveType>::size_in_bits() * num_G2;
277  return result;
278  }
279 
280  static std::vector<bool> get_verification_key_bits(
281  const typename r1cs_ppzksnark<
282  typename CurveType::pairing::pair_curve_type>::verification_key_type &r1cs_vk) {
283 
284  typedef typename CurveType::scalar_field_type FieldType;
285 
286  const std::size_t input_size_in_elts =
287  r1cs_vk.encoded_IC_query.rest.indices
288  .size(); // this might be approximate for bound verification keys, however they
289  // are not
290  // supported by r1cs_ppzksnark_verification_key_variable
291  const std::size_t vk_size_in_bits =
292  r1cs_ppzksnark_verification_key_variable<CurveType>::size_in_bits(input_size_in_elts);
293 
294  blueprint<FieldType> bp;
295  blueprint_variable_vector<FieldType> vk_bits;
296  vk_bits.allocate(bp, vk_size_in_bits);
297  r1cs_ppzksnark_verification_key_variable<CurveType> vk(bp, vk_bits, input_size_in_elts);
298  vk.generate_r1cs_witness(r1cs_vk);
299 
300  return vk.get_bits();
301  }
302  };
303 
304  template<typename CurveType>
305  class r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable {
306  public:
307  typedef typename CurveType::scalar_field_type FieldType;
308 
309  std::shared_ptr<element_g1<CurveType>> encoded_IC_base;
310  std::vector<std::shared_ptr<element_g1<CurveType>>> encoded_IC_query;
311 
312  std::shared_ptr<g1_precomputation<CurveType>> vk_alphaB_g1_precomp;
313  std::shared_ptr<g1_precomputation<CurveType>> vk_gamma_beta_g1_precomp;
314 
315  std::shared_ptr<g2_precomputation<CurveType>> pp_G2_one_precomp;
316  std::shared_ptr<g2_precomputation<CurveType>> vk_alphaA_g2_precomp;
317  std::shared_ptr<g2_precomputation<CurveType>> vk_alphaC_g2_precomp;
318  std::shared_ptr<g2_precomputation<CurveType>> vk_gamma_beta_g2_precomp;
319  std::shared_ptr<g2_precomputation<CurveType>> vk_gamma_g2_precomp;
320  std::shared_ptr<g2_precomputation<CurveType>> vk_rC_Z_g2_precomp;
321 
322  r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable() {
323  // will be allocated outside
324  }
325 
326  r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable(
327  blueprint<FieldType> &bp,
328  const typename r1cs_ppzksnark<
329  typename CurveType::pairing::pair_curve_type>::verification_key &r1cs_vk) {
330 
331  encoded_IC_base.reset(new element_g1<CurveType>(bp, r1cs_vk.encoded_IC_query.first));
332  encoded_IC_query.resize(r1cs_vk.encoded_IC_query.rest.indices.size());
333  for (std::size_t i = 0; i < r1cs_vk.encoded_IC_query.rest.indices.size(); ++i) {
334  assert(r1cs_vk.encoded_IC_query.rest.indices[i] == i);
335  encoded_IC_query[i].reset(
336  new element_g1<CurveType>(bp, r1cs_vk.encoded_IC_query.rest.values[i]));
337  }
338 
339  vk_alphaB_g1_precomp.reset(new g1_precomputation<CurveType>(bp, r1cs_vk.alphaB_g1));
340  vk_gamma_beta_g1_precomp.reset(new g1_precomputation<CurveType>(bp, r1cs_vk.gamma_beta_g1));
341 
342  pp_G2_one_precomp.reset(new g2_precomputation<CurveType>(
343  bp, CurveType::pairing::pair_curve_type::template g2_type<>::value_type::one()));
344  vk_alphaA_g2_precomp.reset(new g2_precomputation<CurveType>(bp, r1cs_vk.alphaA_g2));
345  vk_alphaC_g2_precomp.reset(new g2_precomputation<CurveType>(bp, r1cs_vk.alphaC_g2));
346  vk_gamma_beta_g2_precomp.reset(new g2_precomputation<CurveType>(bp, r1cs_vk.gamma_beta_g2));
347  vk_gamma_g2_precomp.reset(new g2_precomputation<CurveType>(bp, r1cs_vk.gamma_g2));
348  vk_rC_Z_g2_precomp.reset(new g2_precomputation<CurveType>(bp, r1cs_vk.rC_Z_g2));
349  }
350  };
351 
352  template<typename CurveType>
353  class r1cs_ppzksnark_verifier_process_vk_component
354  : public component<typename CurveType::scalar_field_type> {
355  public:
356  typedef typename CurveType::scalar_field_type FieldType;
357 
358  std::shared_ptr<precompute_G1_component<CurveType>> compute_vk_alphaB_g1_precomp;
359  std::shared_ptr<precompute_G1_component<CurveType>> compute_vk_gamma_beta_g1_precomp;
360 
361  std::shared_ptr<precompute_G2_component<CurveType>> compute_vk_alphaA_g2_precomp;
362  std::shared_ptr<precompute_G2_component<CurveType>> compute_vk_alphaC_g2_precomp;
363  std::shared_ptr<precompute_G2_component<CurveType>> compute_vk_gamma_beta_g2_precomp;
364  std::shared_ptr<precompute_G2_component<CurveType>> compute_vk_gamma_g2_precomp;
365  std::shared_ptr<precompute_G2_component<CurveType>> compute_vk_rC_Z_g2_precomp;
366 
367  r1cs_ppzksnark_verification_key_variable<CurveType> vk;
368  r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable<CurveType>
369  &pvk; // important to have a reference here
370 
371  r1cs_ppzksnark_verifier_process_vk_component(
372  blueprint<FieldType> &bp,
373  const r1cs_ppzksnark_verification_key_variable<CurveType> &vk,
374  r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable<CurveType> &pvk) :
375  component<FieldType>(bp),
376  vk(vk), pvk(pvk) {
377  pvk.encoded_IC_base = vk.encoded_IC_base;
378  pvk.encoded_IC_query = vk.encoded_IC_query;
379 
380  pvk.vk_alphaB_g1_precomp.reset(new g1_precomputation<CurveType>());
381  pvk.vk_gamma_beta_g1_precomp.reset(new g1_precomputation<CurveType>());
382 
383  pvk.pp_G2_one_precomp.reset(new g2_precomputation<CurveType>());
384  pvk.vk_alphaA_g2_precomp.reset(new g2_precomputation<CurveType>());
385  pvk.vk_alphaC_g2_precomp.reset(new g2_precomputation<CurveType>());
386  pvk.vk_gamma_beta_g2_precomp.reset(new g2_precomputation<CurveType>());
387  pvk.vk_gamma_g2_precomp.reset(new g2_precomputation<CurveType>());
388  pvk.vk_rC_Z_g2_precomp.reset(new g2_precomputation<CurveType>());
389 
390  compute_vk_alphaB_g1_precomp.reset(
391  new precompute_G1_component<CurveType>(bp, *vk.alphaB_g1, *pvk.vk_alphaB_g1_precomp));
392  compute_vk_gamma_beta_g1_precomp.reset(new precompute_G1_component<CurveType>(
393  bp, *vk.gamma_beta_g1, *pvk.vk_gamma_beta_g1_precomp));
394 
395  pvk.pp_G2_one_precomp.reset(new g2_precomputation<CurveType>(
396  bp, CurveType::pairing::pair_curve_type::template g2_type<>::value_type::one()));
397  compute_vk_alphaA_g2_precomp.reset(
398  new precompute_G2_component<CurveType>(bp, *vk.alphaA_g2, *pvk.vk_alphaA_g2_precomp));
399  compute_vk_alphaC_g2_precomp.reset(
400  new precompute_G2_component<CurveType>(bp, *vk.alphaC_g2, *pvk.vk_alphaC_g2_precomp));
401  compute_vk_gamma_beta_g2_precomp.reset(new precompute_G2_component<CurveType>(
402  bp, *vk.gamma_beta_g2, *pvk.vk_gamma_beta_g2_precomp));
403  compute_vk_gamma_g2_precomp.reset(
404  new precompute_G2_component<CurveType>(bp, *vk.gamma_g2, *pvk.vk_gamma_g2_precomp));
405  compute_vk_rC_Z_g2_precomp.reset(
406  new precompute_G2_component<CurveType>(bp, *vk.rC_Z_g2, *pvk.vk_rC_Z_g2_precomp));
407  }
408 
409  void generate_r1cs_constraints() {
410  compute_vk_alphaB_g1_precomp->generate_r1cs_constraints();
411  compute_vk_gamma_beta_g1_precomp->generate_r1cs_constraints();
412 
413  compute_vk_alphaA_g2_precomp->generate_r1cs_constraints();
414  compute_vk_alphaC_g2_precomp->generate_r1cs_constraints();
415  compute_vk_gamma_beta_g2_precomp->generate_r1cs_constraints();
416  compute_vk_gamma_g2_precomp->generate_r1cs_constraints();
417  compute_vk_rC_Z_g2_precomp->generate_r1cs_constraints();
418  }
419 
420  void generate_r1cs_witness() {
421  compute_vk_alphaB_g1_precomp->generate_r1cs_witness();
422  compute_vk_gamma_beta_g1_precomp->generate_r1cs_witness();
423 
424  compute_vk_alphaA_g2_precomp->generate_r1cs_witness();
425  compute_vk_alphaC_g2_precomp->generate_r1cs_witness();
426  compute_vk_gamma_beta_g2_precomp->generate_r1cs_witness();
427  compute_vk_gamma_g2_precomp->generate_r1cs_witness();
428  compute_vk_rC_Z_g2_precomp->generate_r1cs_witness();
429  }
430  };
431 
432  template<typename CurveType>
433  class r1cs_ppzksnark_online_verifier_component
434  : public component<typename CurveType::scalar_field_type> {
435  public:
436  typedef typename CurveType::scalar_field_type FieldType;
437 
438  r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable<CurveType> pvk;
439 
440  blueprint_variable_vector<FieldType> input;
441  std::size_t elt_size;
442  r1cs_ppzksnark_proof_variable<CurveType> proof;
443  blueprint_variable<FieldType> result;
444  const std::size_t input_len;
445 
446  std::shared_ptr<element_g1<CurveType>> acc;
447  std::shared_ptr<G1_multiscalar_mul_component<CurveType>> accumulate_input;
448 
449  std::shared_ptr<element_g1<CurveType>> proof_g_A_g_acc;
450  std::shared_ptr<element_g1_add<CurveType>> compute_proof_g_A_g_acc;
451  std::shared_ptr<element_g1<CurveType>> proof_g_A_g_acc_C;
452  std::shared_ptr<element_g1_add<CurveType>> compute_proof_g_A_g_acc_C;
453 
454  std::shared_ptr<g1_precomputation<CurveType>> proof_g_A_h_precomp;
455  std::shared_ptr<g1_precomputation<CurveType>> proof_g_A_g_acc_C_precomp;
456  std::shared_ptr<g1_precomputation<CurveType>> proof_g_A_g_acc_precomp;
457  std::shared_ptr<g1_precomputation<CurveType>> proof_g_A_g_precomp;
458  std::shared_ptr<g1_precomputation<CurveType>> proof_g_B_h_precomp;
459  std::shared_ptr<g1_precomputation<CurveType>> proof_g_C_h_precomp;
460  std::shared_ptr<g1_precomputation<CurveType>> proof_g_C_g_precomp;
461  std::shared_ptr<g1_precomputation<CurveType>> proof_g_K_precomp;
462  std::shared_ptr<g1_precomputation<CurveType>> proof_g_H_precomp;
463 
464  std::shared_ptr<g2_precomputation<CurveType>> proof_g_B_g_precomp;
465 
466  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_A_h_precomp;
467  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_A_g_acc_C_precomp;
468  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_A_g_acc_precomp;
469  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_A_g_precomp;
470  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_B_h_precomp;
471  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_C_h_precomp;
472  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_C_g_precomp;
473  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_K_precomp;
474  std::shared_ptr<precompute_G1_component<CurveType>> compute_proof_g_H_precomp;
475 
476  std::shared_ptr<precompute_G2_component<CurveType>> compute_proof_g_B_g_precomp;
477 
478  std::shared_ptr<check_e_equals_e_component<CurveType>> check_kc_A_valid;
479  std::shared_ptr<check_e_equals_e_component<CurveType>> check_kc_B_valid;
480  std::shared_ptr<check_e_equals_e_component<CurveType>> check_kc_C_valid;
481  std::shared_ptr<check_e_equals_ee_component<CurveType>> check_QAP_valid;
482  std::shared_ptr<check_e_equals_ee_component<CurveType>> check_CC_valid;
483 
484  blueprint_variable<FieldType> kc_A_valid;
485  blueprint_variable<FieldType> kc_B_valid;
486  blueprint_variable<FieldType> kc_C_valid;
487  blueprint_variable<FieldType> QAP_valid;
488  blueprint_variable<FieldType> CC_valid;
489 
490  blueprint_variable_vector<FieldType> all_test_results;
491  std::shared_ptr<conjunction<FieldType>> all_tests_pass;
492 
493  r1cs_ppzksnark_online_verifier_component(
494  blueprint<FieldType> &bp,
495  const r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable<CurveType> &pvk,
496  const blueprint_variable_vector<FieldType> &input,
497  const std::size_t elt_size,
498  const r1cs_ppzksnark_proof_variable<CurveType> &proof,
499  const blueprint_variable<FieldType> &result) :
500  component<FieldType>(bp),
501  pvk(pvk), input(input), elt_size(elt_size), proof(proof), result(result),
502  input_len(input.size()) {
503  // accumulate input and store base in acc
504  acc.reset(new element_g1<CurveType>(bp));
505  std::vector<element_g1<CurveType>> IC_terms;
506  for (std::size_t i = 0; i < pvk.encoded_IC_query.size(); ++i) {
507  IC_terms.emplace_back(*(pvk.encoded_IC_query[i]));
508  }
509  accumulate_input.reset(new G1_multiscalar_mul_component<CurveType>(
510  bp, *(pvk.encoded_IC_base), input, elt_size, IC_terms, *acc));
511 
512  // allocate results for precomputation
513  proof_g_A_h_precomp.reset(new g1_precomputation<CurveType>());
514  proof_g_A_g_acc_C_precomp.reset(new g1_precomputation<CurveType>());
515  proof_g_A_g_acc_precomp.reset(new g1_precomputation<CurveType>());
516  proof_g_A_g_precomp.reset(new g1_precomputation<CurveType>());
517  proof_g_B_h_precomp.reset(new g1_precomputation<CurveType>());
518  proof_g_C_h_precomp.reset(new g1_precomputation<CurveType>());
519  proof_g_C_g_precomp.reset(new g1_precomputation<CurveType>());
520  proof_g_K_precomp.reset(new g1_precomputation<CurveType>());
521  proof_g_H_precomp.reset(new g1_precomputation<CurveType>());
522 
523  proof_g_B_g_precomp.reset(new g2_precomputation<CurveType>());
524 
525  // do the necessary precomputations
526  // compute things not available in plain from proof/vk
527  proof_g_A_g_acc.reset(new element_g1<CurveType>(bp));
528  compute_proof_g_A_g_acc.reset(
529  new element_g1_add<CurveType>(bp, *(proof.g_A_g), *acc, *proof_g_A_g_acc));
530  proof_g_A_g_acc_C.reset(new element_g1<CurveType>(bp));
531  compute_proof_g_A_g_acc_C.reset(new element_g1_add<CurveType>(
532  bp, *proof_g_A_g_acc, *(proof.g_C_g), *proof_g_A_g_acc_C));
533 
534  compute_proof_g_A_g_acc_precomp.reset(
535  new precompute_G1_component<CurveType>(bp, *proof_g_A_g_acc, *proof_g_A_g_acc_precomp));
536  compute_proof_g_A_g_acc_C_precomp.reset(new precompute_G1_component<CurveType>(
537  bp, *proof_g_A_g_acc_C, *proof_g_A_g_acc_C_precomp));
538 
539  // do other precomputations
540  compute_proof_g_A_h_precomp.reset(
541  new precompute_G1_component<CurveType>(bp, *(proof.g_A_h), *proof_g_A_h_precomp));
542  compute_proof_g_A_g_precomp.reset(
543  new precompute_G1_component<CurveType>(bp, *(proof.g_A_g), *proof_g_A_g_precomp));
544  compute_proof_g_B_h_precomp.reset(
545  new precompute_G1_component<CurveType>(bp, *(proof.g_B_h), *proof_g_B_h_precomp));
546  compute_proof_g_C_h_precomp.reset(
547  new precompute_G1_component<CurveType>(bp, *(proof.g_C_h), *proof_g_C_h_precomp));
548  compute_proof_g_C_g_precomp.reset(
549  new precompute_G1_component<CurveType>(bp, *(proof.g_C_g), *proof_g_C_g_precomp));
550  compute_proof_g_H_precomp.reset(
551  new precompute_G1_component<CurveType>(bp, *(proof.g_H), *proof_g_H_precomp));
552  compute_proof_g_K_precomp.reset(
553  new precompute_G1_component<CurveType>(bp, *(proof.g_K), *proof_g_K_precomp));
554  compute_proof_g_B_g_precomp.reset(
555  new precompute_G2_component<CurveType>(bp, *(proof.g_B_g), *proof_g_B_g_precomp));
556 
557  // check validity of A knowledge commitment
558  kc_A_valid.allocate(bp);
559  check_kc_A_valid.reset(
560  new check_e_equals_e_component<CurveType>(bp,
561  *proof_g_A_g_precomp,
562  *(pvk.vk_alphaA_g2_precomp),
563  *proof_g_A_h_precomp,
564  *(pvk.pp_G2_one_precomp),
565  kc_A_valid));
566 
567  // check validity of B knowledge commitment
568  kc_B_valid.allocate(bp);
569  check_kc_B_valid.reset(
570  new check_e_equals_e_component<CurveType>(bp,
571  *(pvk.vk_alphaB_g1_precomp),
572  *proof_g_B_g_precomp,
573  *proof_g_B_h_precomp,
574  *(pvk.pp_G2_one_precomp),
575  kc_B_valid));
576 
577  // check validity of C knowledge commitment
578  kc_C_valid.allocate(bp);
579  check_kc_C_valid.reset(
580  new check_e_equals_e_component<CurveType>(bp,
581  *proof_g_C_g_precomp,
582  *(pvk.vk_alphaC_g2_precomp),
583  *proof_g_C_h_precomp,
584  *(pvk.pp_G2_one_precomp),
585  kc_C_valid));
586 
587  // check QAP divisibility
588  QAP_valid.allocate(bp);
589  check_QAP_valid.reset(new check_e_equals_ee_component<CurveType>(bp,
590  *proof_g_A_g_acc_precomp,
591  *proof_g_B_g_precomp,
592  *proof_g_H_precomp,
593  *(pvk.vk_rC_Z_g2_precomp),
594  *proof_g_C_g_precomp,
595  *(pvk.pp_G2_one_precomp),
596  QAP_valid));
597 
598  // check coefficients
599  CC_valid.allocate(bp);
600  check_CC_valid.reset(
601  new check_e_equals_ee_component<CurveType>(bp,
602  *proof_g_K_precomp,
603  *(pvk.vk_gamma_g2_precomp),
604  *proof_g_A_g_acc_C_precomp,
605  *(pvk.vk_gamma_beta_g2_precomp),
606  *(pvk.vk_gamma_beta_g1_precomp),
607  *proof_g_B_g_precomp,
608  CC_valid));
609 
610  // final constraint
611  all_test_results.emplace_back(kc_A_valid);
612  all_test_results.emplace_back(kc_B_valid);
613  all_test_results.emplace_back(kc_C_valid);
614  all_test_results.emplace_back(QAP_valid);
615  all_test_results.emplace_back(CC_valid);
616 
617  all_tests_pass.reset(new conjunction<FieldType>(bp, all_test_results, result));
618  }
619 
620  void generate_r1cs_constraints() {
621  accumulate_input->generate_r1cs_constraints();
622 
623  compute_proof_g_A_g_acc->generate_r1cs_constraints();
624  compute_proof_g_A_g_acc_C->generate_r1cs_constraints();
625 
626  compute_proof_g_A_g_acc_precomp->generate_r1cs_constraints();
627  compute_proof_g_A_g_acc_C_precomp->generate_r1cs_constraints();
628 
629  compute_proof_g_A_h_precomp->generate_r1cs_constraints();
630  compute_proof_g_A_g_precomp->generate_r1cs_constraints();
631  compute_proof_g_B_h_precomp->generate_r1cs_constraints();
632  compute_proof_g_C_h_precomp->generate_r1cs_constraints();
633  compute_proof_g_C_g_precomp->generate_r1cs_constraints();
634  compute_proof_g_H_precomp->generate_r1cs_constraints();
635  compute_proof_g_K_precomp->generate_r1cs_constraints();
636  compute_proof_g_B_g_precomp->generate_r1cs_constraints();
637 
638  check_kc_A_valid->generate_r1cs_constraints();
639  check_kc_B_valid->generate_r1cs_constraints();
640  check_kc_C_valid->generate_r1cs_constraints();
641  check_QAP_valid->generate_r1cs_constraints();
642  check_CC_valid->generate_r1cs_constraints();
643 
644  all_tests_pass->generate_r1cs_constraints();
645  }
646 
647  void generate_r1cs_witness() {
648  accumulate_input->generate_r1cs_witness();
649 
650  compute_proof_g_A_g_acc->generate_r1cs_witness();
651  compute_proof_g_A_g_acc_C->generate_r1cs_witness();
652 
653  compute_proof_g_A_g_acc_precomp->generate_r1cs_witness();
654  compute_proof_g_A_g_acc_C_precomp->generate_r1cs_witness();
655 
656  compute_proof_g_A_h_precomp->generate_r1cs_witness();
657  compute_proof_g_A_g_precomp->generate_r1cs_witness();
658  compute_proof_g_B_h_precomp->generate_r1cs_witness();
659  compute_proof_g_C_h_precomp->generate_r1cs_witness();
660  compute_proof_g_C_g_precomp->generate_r1cs_witness();
661  compute_proof_g_H_precomp->generate_r1cs_witness();
662  compute_proof_g_K_precomp->generate_r1cs_witness();
663  compute_proof_g_B_g_precomp->generate_r1cs_witness();
664 
665  check_kc_A_valid->generate_r1cs_witness();
666  check_kc_B_valid->generate_r1cs_witness();
667  check_kc_C_valid->generate_r1cs_witness();
668  check_QAP_valid->generate_r1cs_witness();
669  check_CC_valid->generate_r1cs_witness();
670 
671  all_tests_pass->generate_r1cs_witness();
672  }
673  };
674 
675  template<typename CurveType>
676  class r1cs_ppzksnark_verifier_component : public component<typename CurveType::scalar_field_type> {
677  public:
678  typedef typename CurveType::scalar_field_type FieldType;
679 
680  std::shared_ptr<r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable<CurveType>>
681  pvk;
682  std::shared_ptr<r1cs_ppzksnark_verifier_process_vk_component<CurveType>> compute_pvk;
683  std::shared_ptr<r1cs_ppzksnark_online_verifier_component<CurveType>> online_verifier;
684 
685  r1cs_ppzksnark_verifier_component(blueprint<FieldType> &bp,
686  const r1cs_ppzksnark_verification_key_variable<CurveType> &vk,
687  const blueprint_variable_vector<FieldType> &input,
688  const std::size_t elt_size,
689  const r1cs_ppzksnark_proof_variable<CurveType> &proof,
690  const blueprint_variable<FieldType> &result) :
691  component<FieldType>(bp) {
692  pvk.reset(
693  new r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable<CurveType>());
694  compute_pvk.reset(
695  new r1cs_ppzksnark_verifier_process_vk_component<CurveType>(bp, vk, *pvk));
696  online_verifier.reset(new r1cs_ppzksnark_online_verifier_component<CurveType>(
697  bp, *pvk, input, elt_size, proof, result));
698  }
699 
700  void generate_r1cs_constraints() {
701  compute_pvk->generate_r1cs_constraints();
702 
703  online_verifier->generate_r1cs_constraints();
704  }
705 
706  void generate_r1cs_witness() {
707  compute_pvk->generate_r1cs_witness();
708  online_verifier->generate_r1cs_witness();
709  }
710  };
711  } // namespace components
712  } // namespace snark
713  } // namespace zk
714  } // namespace crypto3
715 } // namespace nil
716 
717 #endif // CRYPTO3_ZK_BLUEPRINT_R1CS_PPZKSNARK_VERIFIER_COMPONENT_HPP
element_g1.hpp
element_g2.hpp
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:434
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::CC_valid
blueprint_variable< FieldType > CC_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:488
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_C_h_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_C_h_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:459
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_A_g_acc_C
std::shared_ptr< element_g1< CurveType > > proof_g_A_g_acc_C
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:451
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_C_g_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_C_g_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:472
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::check_CC_valid
std::shared_ptr< check_e_equals_ee_component< CurveType > > check_CC_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:482
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_A_g_acc_C
std::shared_ptr< element_g1_add< CurveType > > compute_proof_g_A_g_acc_C
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:452
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_A_h_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_A_h_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:466
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::all_test_results
blueprint_variable_vector< FieldType > all_test_results
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:490
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_B_g_precomp
std::shared_ptr< precompute_G2_component< CurveType > > compute_proof_g_B_g_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:476
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_A_g_acc
std::shared_ptr< element_g1_add< CurveType > > compute_proof_g_A_g_acc
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:450
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_A_g_acc_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_A_g_acc_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:456
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_A_g_acc_C_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_A_g_acc_C_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:467
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::input
blueprint_variable_vector< FieldType > input
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:440
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::check_kc_A_valid
std::shared_ptr< check_e_equals_e_component< CurveType > > check_kc_A_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:478
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_A_g_acc_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_A_g_acc_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:468
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::check_kc_B_valid
std::shared_ptr< check_e_equals_e_component< CurveType > > check_kc_B_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:479
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:620
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::kc_B_valid
blueprint_variable< FieldType > kc_B_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:485
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_B_g_precomp
std::shared_ptr< g2_precomputation< CurveType > > proof_g_B_g_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:464
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::accumulate_input
std::shared_ptr< G1_multiscalar_mul_component< CurveType > > accumulate_input
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:447
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_K_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_K_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:473
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_H_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_H_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:462
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_A_g_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_A_g_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:457
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::result
blueprint_variable< FieldType > result
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:443
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::check_kc_C_valid
std::shared_ptr< check_e_equals_e_component< CurveType > > check_kc_C_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:480
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_H_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_H_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:474
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::all_tests_pass
std::shared_ptr< conjunction< FieldType > > all_tests_pass
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:491
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_B_h_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_B_h_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:458
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_C_g_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_C_g_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:460
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_K_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_K_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:461
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_A_h_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_A_h_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:454
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::elt_size
std::size_t elt_size
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:441
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::kc_A_valid
blueprint_variable< FieldType > kc_A_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:484
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::pvk
r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable< CurveType > pvk
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:438
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_C_h_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_C_h_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:471
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::QAP_valid
blueprint_variable< FieldType > QAP_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:487
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof
r1cs_ppzksnark_proof_variable< CurveType > proof
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:442
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_A_g_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_A_g_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:469
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:647
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::compute_proof_g_B_h_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_proof_g_B_h_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:470
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::kc_C_valid
blueprint_variable< FieldType > kc_C_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:486
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::acc
std::shared_ptr< element_g1< CurveType > > acc
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:446
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::FieldType
CurveType::scalar_field_type FieldType
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:436
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_A_g_acc
std::shared_ptr< element_g1< CurveType > > proof_g_A_g_acc
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:449
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::check_QAP_valid
std::shared_ptr< check_e_equals_ee_component< CurveType > > check_QAP_valid
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:481
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::input_len
const std::size_t input_len
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:444
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::r1cs_ppzksnark_online_verifier_component
r1cs_ppzksnark_online_verifier_component(blueprint< FieldType > &bp, const r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable< CurveType > &pvk, const blueprint_variable_vector< FieldType > &input, const std::size_t elt_size, const r1cs_ppzksnark_proof_variable< CurveType > &proof, const blueprint_variable< FieldType > &result)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:493
nil::crypto3::zk::snark::components::r1cs_ppzksnark_online_verifier_component::proof_g_A_g_acc_C_precomp
std::shared_ptr< g1_precomputation< CurveType > > proof_g_A_g_acc_C_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:455
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:305
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::vk_alphaB_g1_precomp
std::shared_ptr< g1_precomputation< CurveType > > vk_alphaB_g1_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:312
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable
r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:322
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::vk_alphaA_g2_precomp
std::shared_ptr< g2_precomputation< CurveType > > vk_alphaA_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:316
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable
r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable(blueprint< FieldType > &bp, const typename r1cs_ppzksnark< typename CurveType::pairing::pair_curve_type >::verification_key &r1cs_vk)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:326
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::vk_rC_Z_g2_precomp
std::shared_ptr< g2_precomputation< CurveType > > vk_rC_Z_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:320
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::encoded_IC_base
std::shared_ptr< element_g1< CurveType > > encoded_IC_base
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:309
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::vk_gamma_beta_g1_precomp
std::shared_ptr< g1_precomputation< CurveType > > vk_gamma_beta_g1_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:313
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::FieldType
CurveType::scalar_field_type FieldType
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:307
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::vk_gamma_beta_g2_precomp
std::shared_ptr< g2_precomputation< CurveType > > vk_gamma_beta_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:318
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::encoded_IC_query
std::vector< std::shared_ptr< element_g1< CurveType > > > encoded_IC_query
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:310
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::vk_alphaC_g2_precomp
std::shared_ptr< g2_precomputation< CurveType > > vk_alphaC_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:317
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::pp_G2_one_precomp
std::shared_ptr< g2_precomputation< CurveType > > pp_G2_one_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:315
nil::crypto3::zk::snark::components::r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable::vk_gamma_g2_precomp
std::shared_ptr< g2_precomputation< CurveType > > vk_gamma_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:319
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:58
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::generate_r1cs_witness
void generate_r1cs_witness(const typename r1cs_ppzksnark< typename CurveType::pairing::pair_curve_type >::proof_type &proof)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:112
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::all_G2_vars
std::vector< std::shared_ptr< element_g2< CurveType > > > all_G2_vars
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:72
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::proof_contents
blueprint_variable_vector< FieldType > proof_contents
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:77
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::all_G1_checkers
std::vector< std::shared_ptr< element_g1_is_well_formed< CurveType > > > all_G1_checkers
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:74
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_A_h
std::shared_ptr< element_g1< CurveType > > g_A_h
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:63
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_A_g
std::shared_ptr< element_g1< CurveType > > g_A_g
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:62
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:105
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_H
std::shared_ptr< element_g1< CurveType > > g_H
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:68
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_B_h
std::shared_ptr< element_g1< CurveType > > g_B_h
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:65
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_B_g
std::shared_ptr< element_g2< CurveType > > g_B_g
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:64
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_K
std::shared_ptr< element_g1< CurveType > > g_K
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:69
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::G2_checker
std::shared_ptr< element_g2_is_well_formed< CurveType > > G2_checker
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:75
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::FieldType
CurveType::scalar_field_type FieldType
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:60
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_C_g
std::shared_ptr< element_g1< CurveType > > g_C_g
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:66
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::size
static std::size_t size()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:139
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::all_G1_vars
std::vector< std::shared_ptr< element_g1< CurveType > > > all_G1_vars
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:71
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::r1cs_ppzksnark_proof_variable
r1cs_ppzksnark_proof_variable(blueprint< FieldType > &bp)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:79
nil::crypto3::zk::snark::components::r1cs_ppzksnark_proof_variable::g_C_h
std::shared_ptr< element_g1< CurveType > > g_C_h
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:67
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:149
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::input_size
std::size_t input_size
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:165
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::generate_r1cs_constraints
void generate_r1cs_constraints(const bool enforce_bitness)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:231
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::rC_Z_g2
std::shared_ptr< element_g2< CurveType > > rC_Z_g2
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:159
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::encoded_IC_query
std::vector< std::shared_ptr< element_g1< CurveType > > > encoded_IC_query
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:161
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::alphaA_g2
std::shared_ptr< element_g2< CurveType > > alphaA_g2
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:153
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::gamma_beta_g1
std::shared_ptr< element_g1< CurveType > > gamma_beta_g1
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:157
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::gamma_beta_g2
std::shared_ptr< element_g2< CurveType > > gamma_beta_g2
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:158
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::packer
std::shared_ptr< multipacking_component< FieldType > > packer
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:170
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::get_bits
std::vector< bool > get_bits() const
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:268
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::FieldType
CurveType::scalar_field_type FieldType
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:151
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::all_G2_vars
std::vector< std::shared_ptr< element_g2< CurveType > > > all_G2_vars
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:168
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::all_vars
blueprint_linear_combination_vector< FieldType > all_vars
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:164
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::encoded_IC_base
std::shared_ptr< element_g1< CurveType > > encoded_IC_base
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:160
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::get_verification_key_bits
static std::vector< bool > get_verification_key_bits(const typename r1cs_ppzksnark< typename CurveType::pairing::pair_curve_type >::verification_key_type &r1cs_vk)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:280
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::__attribute__
static std::size_t __attribute__((noinline)) size_in_bits(const std
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:272
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::alphaC_g2
std::shared_ptr< element_g2< CurveType > > alphaC_g2
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:155
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::all_bits
blueprint_variable_vector< FieldType > all_bits
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:163
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::__attribute__
__attribute__((noinline)) r1cs_ppzksnark_verification_key_variable(blueprint< FieldType > &bp
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::alphaB_g1
std::shared_ptr< element_g1< CurveType > > alphaB_g1
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:154
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::gamma_g2
std::shared_ptr< element_g2< CurveType > > gamma_g2
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:156
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::generate_r1cs_witness
void generate_r1cs_witness(const std::vector< bool > &vk_bits)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:263
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::generate_r1cs_witness
void generate_r1cs_witness(const typename r1cs_ppzksnark< typename CurveType::pairing::pair_curve_type >::verification_key_type &vk)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:234
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verification_key_variable::all_G1_vars
std::vector< std::shared_ptr< element_g1< CurveType > > > all_G1_vars
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:167
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:676
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component::online_verifier
std::shared_ptr< r1cs_ppzksnark_online_verifier_component< CurveType > > online_verifier
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:683
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component::FieldType
CurveType::scalar_field_type FieldType
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:678
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component::pvk
std::shared_ptr< r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable< CurveType > > pvk
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:681
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:700
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component::r1cs_ppzksnark_verifier_component
r1cs_ppzksnark_verifier_component(blueprint< FieldType > &bp, const r1cs_ppzksnark_verification_key_variable< CurveType > &vk, const blueprint_variable_vector< FieldType > &input, const std::size_t elt_size, const r1cs_ppzksnark_proof_variable< CurveType > &proof, const blueprint_variable< FieldType > &result)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:685
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component::compute_pvk
std::shared_ptr< r1cs_ppzksnark_verifier_process_vk_component< CurveType > > compute_pvk
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:682
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:706
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:354
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::compute_vk_rC_Z_g2_precomp
std::shared_ptr< precompute_G2_component< CurveType > > compute_vk_rC_Z_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:365
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::FieldType
CurveType::scalar_field_type FieldType
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:356
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:420
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::compute_vk_alphaC_g2_precomp
std::shared_ptr< precompute_G2_component< CurveType > > compute_vk_alphaC_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:362
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::vk
r1cs_ppzksnark_verification_key_variable< CurveType > vk
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:367
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::compute_vk_alphaB_g1_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_vk_alphaB_g1_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:358
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::pvk
r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable< CurveType > & pvk
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:369
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::r1cs_ppzksnark_verifier_process_vk_component
r1cs_ppzksnark_verifier_process_vk_component(blueprint< FieldType > &bp, const r1cs_ppzksnark_verification_key_variable< CurveType > &vk, r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable< CurveType > &pvk)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:371
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::compute_vk_gamma_beta_g1_precomp
std::shared_ptr< precompute_G1_component< CurveType > > compute_vk_gamma_beta_g1_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:359
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::compute_vk_alphaA_g2_precomp
std::shared_ptr< precompute_G2_component< CurveType > > compute_vk_alphaA_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:361
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::compute_vk_gamma_g2_precomp
std::shared_ptr< precompute_G2_component< CurveType > > compute_vk_gamma_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:364
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:409
nil::crypto3::zk::snark::components::r1cs_ppzksnark_verifier_process_vk_component::compute_vk_gamma_beta_g2_precomp
std::shared_ptr< precompute_G2_component< CurveType > > compute_vk_gamma_beta_g2_precomp
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/r1cs_pp_zksnark/verifier.hpp:363
nil::crypto3::zk::snark::proof
Definition: snark/proof.hpp:37
nil::crypto3::zk::snark::r1cs_ppzksnark_proof
Definition: snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp:43
nil::crypto3::zk::snark::r1cs_ppzksnark
ppzkSNARK for R1CS
Definition: r1cs_ppzksnark.hpp:70
nil::crypto3::algebra::pairing
Definition: pairing/alt_bn128.hpp:42
nil
Definition: pair.hpp:31
nil::crypto3::zk::snark::verification_key
Definition: zk/include/nil/crypto3/zk/snark/verification_key.hpp:35