r1cs_mp_ppzkpcd.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2018-2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2020-2021 Nikita Kaskov <nbering@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 // @file Declaration of interfaces for a *multi-predicate* ppzkPCD for R1CS.
26 //
27 // This includes:
28 // - class for proving key
29 // - class for verification key
30 // - class for processed verification key
31 // - class for key pair (proving key & verification key)
32 // - class for proof
33 // - generator algorithm
34 // - prover algorithm
35 // - verifier algorithm
36 // - online verifier algorithm
37 //
38 // The implementation follows, extends, and optimizes the approach described
39 // in \[CTV15]. Thus, PCD is constructed from two "matched" ppzkSNARKs for R1CS.
40 //
41 // Acronyms:
42 //
43 // "R1CS" = "Rank-1 Constraint Systems"
44 // "ppzkSNARK" = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge"
45 // "ppzkPCD" = "Pre-Processing Zero-Knowledge Proof-Carrying Data"
46 //
47 // References:
48 //
49 // \[CTV15]:
50 // "Cluster Computing in Zero Knowledge",
51 // Alessandro Chiesa, Eran Tromer, Madars Virza,
52 //---------------------------------------------------------------------------//
53 
54 #ifndef CRYPTO3_R1CS_MP_PPZKPCD_HPP
55 #define CRYPTO3_R1CS_MP_PPZKPCD_HPP
56 
57 #include <memory>
58 #include <vector>
59 
60 #include <nil/crypto3/zk/snark/set_commitment.hpp>
61 
62 #include <nil/crypto3/zk/snark/schemes/pcd/r1cs_pcd/ppzkpcd_compliance_predicate.hpp>
63 #include <nil/crypto3/zk/snark/schemes/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd_params.hpp>
64 
65 #include <nil/crypto3/zk/snark/schemes/ppzksnark/r1cs_ppzksnark.hpp>
66 
67 namespace nil {
68  namespace crypto3 {
69  namespace zk {
70  namespace snark {
71 
72  /******************************** Proving key ********************************/
73 
77  template<typename PCD_ppT>
78  class r1cs_mp_ppzkpcd_proving_key {
79  public:
80  typedef typename PCD_ppT::curve_A_pp A_pp;
81  typedef typename PCD_ppT::curve_B_pp B_pp;
82 
83  std::vector<r1cs_mp_ppzkpcd_compliance_predicate<PCD_ppT>> compliance_predicates;
84 
85  std::vector<typename r1cs_ppzksnark<A_pp>::proving_key_type> compliance_step_r1cs_pks;
86  std::vector<typename r1cs_ppzksnark<B_pp>::proving_key_type> translation_step_r1cs_pks;
87 
88  std::vector<typename r1cs_ppzksnark<A_pp>::verification_key_type> compliance_step_r1cs_vks;
89  std::vector<typename r1cs_ppzksnark<B_pp>::verification_key_type> translation_step_r1cs_vks;
90 
91  set_commitment commitment_to_translation_step_r1cs_vks;
92  std::vector<set_membership_proof> compliance_step_r1cs_vk_membership_proofs;
93 
94  std::map<std::size_t, std::size_t> compliance_predicate_name_to_idx;
95 
96  r1cs_mp_ppzkpcd_proving_key() {};
97  r1cs_mp_ppzkpcd_proving_key(const r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &other) = default;
98  r1cs_mp_ppzkpcd_proving_key(r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &&other) = default;
99  r1cs_mp_ppzkpcd_proving_key(
100  const std::vector<r1cs_mp_ppzkpcd_compliance_predicate<PCD_ppT>> &compliance_predicates,
101  const std::vector<typename r1cs_ppzksnark<A_pp>::proving_key_type> &compliance_step_r1cs_pk,
102  const std::vector<typename r1cs_ppzksnark<B_pp>::proving_key_type> &translation_step_r1cs_pk,
103  const std::vector<typename r1cs_ppzksnark<A_pp>::verification_key_type>
104  &compliance_step_r1cs_vk,
105  const std::vector<typename r1cs_ppzksnark<B_pp>::verification_key_type>
106  &translation_step_r1cs_vk,
107  const set_commitment &commitment_to_translation_step_r1cs_vks,
108  const std::vector<set_membership_proof> &compliance_step_r1cs_vk_membership_proofs,
109  const std::map<std::size_t, std::size_t> &compliance_predicate_name_to_idx) :
110  compliance_predicates(compliance_predicates),
111  compliance_step_r1cs_pks(compliance_step_r1cs_pks),
112  translation_step_r1cs_pks(translation_step_r1cs_pks),
113  compliance_step_r1cs_vks(compliance_step_r1cs_vks),
114  translation_step_r1cs_vks(translation_step_r1cs_vks),
115  commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks),
116  compliance_step_r1cs_vk_membership_proofs(compliance_step_r1cs_vk_membership_proofs),
117  compliance_predicate_name_to_idx(compliance_predicate_name_to_idx) {
118  }
119 
120  r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &
121  operator=(const r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &other) = default;
122 
123  std::size_t size_in_bits() const;
124 
125  bool is_well_formed() const;
126 
127  bool operator==(const r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &other) const;
128  };
129 
130  /******************************* Verification key ****************************/
131 
135  template<typename PCD_ppT>
136  class r1cs_mp_ppzkpcd_verification_key {
137  public:
138  typedef typename PCD_ppT::curve_A_pp A_pp;
139  typedef typename PCD_ppT::curve_B_pp B_pp;
140 
141  std::vector<typename r1cs_ppzksnark<A_pp>::verification_key_type> compliance_step_r1cs_vks;
142  std::vector<typename r1cs_ppzksnark<B_pp>::verification_key_type> translation_step_r1cs_vks;
143  set_commitment commitment_to_translation_step_r1cs_vks;
144 
145  r1cs_mp_ppzkpcd_verification_key() = default;
146  r1cs_mp_ppzkpcd_verification_key(const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &other) = default;
147  r1cs_mp_ppzkpcd_verification_key(r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &&other) = default;
148  r1cs_mp_ppzkpcd_verification_key(
149  const std::vector<typename r1cs_ppzksnark<A_pp>::verification_key_type>
150  &compliance_step_r1cs_vks,
151  const std::vector<typename r1cs_ppzksnark<B_pp>::verification_key_type>
152  &translation_step_r1cs_vks,
153  const set_commitment &commitment_to_translation_step_r1cs_vks) :
154  compliance_step_r1cs_vks(compliance_step_r1cs_vks),
155  translation_step_r1cs_vks(translation_step_r1cs_vks),
156  commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks) {
157  }
158 
159  r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &
160  operator=(const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &other) = default;
161 
162  std::size_t size_in_bits() const;
163 
164  bool operator==(const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &other) const;
165  };
166 
167  /************************* Processed verification key **************************/
168 
176  template<typename PCD_ppT>
177  class r1cs_mp_ppzkpcd_processed_verification_key {
178  public:
179  typedef typename PCD_ppT::curve_A_pp A_pp;
180  typedef typename PCD_ppT::curve_B_pp B_pp;
181 
182  std::vector<typename r1cs_ppzksnark<A_pp>::processed_verification_key_type>
183  compliance_step_r1cs_pvks;
184  std::vector<typename r1cs_ppzksnark<B_pp>::processed_verification_key_type>
185  translation_step_r1cs_pvks;
186  set_commitment commitment_to_translation_step_r1cs_vks;
187 
188  r1cs_mp_ppzkpcd_processed_verification_key() = default;
189  r1cs_mp_ppzkpcd_processed_verification_key(
190  const r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &other) = default;
191  r1cs_mp_ppzkpcd_processed_verification_key(
192  r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &&other) = default;
193  r1cs_mp_ppzkpcd_processed_verification_key(
194  std::vector<typename r1cs_ppzksnark<A_pp>::processed_verification_key_type>
195  &&compliance_step_r1cs_pvks,
196  std::vector<typename r1cs_ppzksnark<B_pp>::processed_verification_key_type>
197  &&translation_step_r1cs_pvks,
198  const set_commitment &commitment_to_translation_step_r1cs_vks) :
199  compliance_step_r1cs_pvks(std::move(compliance_step_r1cs_pvks)),
200  translation_step_r1cs_pvks(std::move(translation_step_r1cs_pvks)),
201  commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks) {};
202 
203  r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &
204  operator=(const r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &other) = default;
205 
206  std::size_t size_in_bits() const;
207 
208  bool operator==(const r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &other) const;
209  };
210 
211  /********************************** Key pair *********************************/
212 
217  template<typename PCD_ppT>
218  class r1cs_mp_ppzkpcd_keypair {
219  public:
220  r1cs_mp_ppzkpcd_proving_key<PCD_ppT> pk;
221  r1cs_mp_ppzkpcd_verification_key<PCD_ppT> vk;
222 
223  r1cs_mp_ppzkpcd_keypair() = default;
224  r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_keypair<PCD_ppT> &&other) = default;
225  r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &&pk,
226  r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &&vk) :
227  pk(std::move(pk)),
228  vk(std::move(vk)) {};
229  };
230 
231  /*********************************** Proof ***********************************/
232 
236  template<typename PCD_ppT>
237  class r1cs_mp_ppzkpcd_proof {
238  public:
239  std::size_t compliance_predicate_idx;
240  typename r1cs_ppzksnark<typename PCD_ppT::curve_B_pp>::proof_type r1cs_proof;
241 
242  r1cs_mp_ppzkpcd_proof() = default;
243  r1cs_mp_ppzkpcd_proof(
244  const std::size_t compliance_predicate_idx,
245  const typename r1cs_ppzksnark<typename PCD_ppT::curve_B_pp>::proof_type &r1cs_proof) :
246  compliance_predicate_idx(compliance_predicate_idx),
247  r1cs_proof(r1cs_proof) {
248  }
249 
250  std::size_t size_in_bits() const;
251 
252  bool operator==(const r1cs_mp_ppzkpcd_proof<PCD_ppT> &other) const;
253  };
254 
255  /***************************** Main algorithms *******************************/
256 
263  template<typename PCD_ppT>
264  r1cs_mp_ppzkpcd_keypair<PCD_ppT> r1cs_mp_ppzkpcd_generator(
265  const std::vector<r1cs_mp_ppzkpcd_compliance_predicate<PCD_ppT>> &compliance_predicates);
266 
275  template<typename PCD_ppT>
276  r1cs_mp_ppzkpcd_proof<PCD_ppT>
277  r1cs_mp_ppzkpcd_prover(const r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &pk,
278  const std::size_t compliance_predicate_name,
279  const r1cs_mp_ppzkpcd_primary_input<PCD_ppT> &primary_input,
280  const r1cs_mp_ppzkpcd_auxiliary_input<PCD_ppT> &auxiliary_input,
281  const std::vector<r1cs_mp_ppzkpcd_proof<PCD_ppT>> &incoming_proofs);
282 
283  /*
284  Below are two variants of verifier algorithm for the R1CS (multi-predicate) ppzkPCD.
285 
286  These are the two cases that arise from whether the verifier accepts a
287  (non-processed) verification key or, instead, a processed verification key.
288  In the latter case, we call the algorithm an "online verifier".
289  */
290 
295  template<typename PCD_ppT>
296  bool r1cs_mp_ppzkpcd_verifier(const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &vk,
297  const r1cs_mp_ppzkpcd_primary_input<PCD_ppT> &primary_input,
298  const r1cs_mp_ppzkpcd_proof<PCD_ppT> &proof);
299 
303  template<typename PCD_ppT>
304  r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT>
305  r1cs_mp_ppzkpcd_process_vk(const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &vk);
306 
311  template<typename PCD_ppT>
312  bool r1cs_mp_ppzkpcd_online_verifier(const r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &pvk,
313  const r1cs_mp_ppzkpcd_primary_input<PCD_ppT> &primary_input,
314  const r1cs_mp_ppzkpcd_proof<PCD_ppT> &proof);
315 
316  template<typename PCD_ppT>
317  std::size_t r1cs_mp_ppzkpcd_proving_key<PCD_ppT>::size_in_bits() const {
318  const std::size_t num_predicates = compliance_predicates.size();
319 
320  std::size_t result = 0;
321  for (std::size_t i = 0; i < num_predicates; ++i) {
322  result +=
323  (compliance_predicates[i].size_in_bits() + compliance_step_r1cs_pks[i].size_in_bits() +
324  translation_step_r1cs_pks[i].size_in_bits() + compliance_step_r1cs_vks[i].size_in_bits() +
325  translation_step_r1cs_vks[i].size_in_bits() +
326  compliance_step_r1cs_vk_membership_proofs[i].size_in_bits());
327  }
328  result += commitment_to_translation_step_r1cs_vks.size();
329 
330  return result;
331  }
332 
333  template<typename PCD_ppT>
334  bool r1cs_mp_ppzkpcd_proving_key<PCD_ppT>::is_well_formed() const {
335  const std::size_t num_predicates = compliance_predicates.size();
336 
337  bool result;
338  result = result && (compliance_step_r1cs_pks.size() == num_predicates);
339  result = result && (translation_step_r1cs_pks.size() == num_predicates);
340  result = result && (compliance_step_r1cs_vks.size() == num_predicates);
341  result = result && (translation_step_r1cs_vks.size() == num_predicates);
342  result = result && (compliance_step_r1cs_vk_membership_proofs.size() == num_predicates);
343 
344  return result;
345  }
346 
347  template<typename PCD_ppT>
348  bool r1cs_mp_ppzkpcd_proving_key<PCD_ppT>::operator==(
349  const r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &other) const {
350  return (this->compliance_predicates == other.compliance_predicates &&
351  this->compliance_step_r1cs_pks == other.compliance_step_r1cs_pks &&
352  this->translation_step_r1cs_pks == other.translation_step_r1cs_pks &&
353  this->compliance_step_r1cs_vks == other.compliance_step_r1cs_vks &&
354  this->translation_step_r1cs_vks == other.translation_step_r1cs_vks &&
355  this->commitment_to_translation_step_r1cs_vks ==
356  other.commitment_to_translation_step_r1cs_vks &&
357  this->compliance_step_r1cs_vk_membership_proofs ==
358  other.compliance_step_r1cs_vk_membership_proofs &&
359  this->compliance_predicate_name_to_idx == other.compliance_predicate_name_to_idx);
360  }
361 
362  template<typename PCD_ppT>
363  std::size_t r1cs_mp_ppzkpcd_verification_key<PCD_ppT>::size_in_bits() const {
364  const std::size_t num_predicates = compliance_step_r1cs_vks.size();
365 
366  std::size_t result = 0;
367  for (std::size_t i = 0; i < num_predicates; ++i) {
368  result +=
369  (compliance_step_r1cs_vks[i].size_in_bits() + translation_step_r1cs_vks[i].size_in_bits());
370  }
371 
372  result += commitment_to_translation_step_r1cs_vks.size();
373 
374  return result;
375  }
376 
377  template<typename PCD_ppT>
378  bool r1cs_mp_ppzkpcd_verification_key<PCD_ppT>::operator==(
379  const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &other) const {
380  return (this->compliance_step_r1cs_vks == other.compliance_step_r1cs_vks &&
381  this->translation_step_r1cs_vks == other.translation_step_r1cs_vks &&
382  this->commitment_to_translation_step_r1cs_vks ==
383  other.commitment_to_translation_step_r1cs_vks);
384  }
385 
386  template<typename PCD_ppT>
387  std::size_t r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT>::size_in_bits() const {
388  const std::size_t num_predicates = compliance_step_r1cs_pvks.size();
389 
390  std::size_t result = 0;
391  for (std::size_t i = 0; i < num_predicates; ++i) {
392  result += (compliance_step_r1cs_pvks[i].size_in_bits() +
393  translation_step_r1cs_pvks[i].size_in_bits());
394  }
395 
396  result += commitment_to_translation_step_r1cs_vks.size();
397 
398  return result;
399  }
400 
401  template<typename PCD_ppT>
402  bool r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT>::operator==(
403  const r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &other) const {
404  return (this->compliance_step_r1cs_pvks == other.compliance_step_r1cs_pvks &&
405  this->translation_step_r1cs_pvks == other.translation_step_r1cs_pvks &&
406  this->commitment_to_translation_step_r1cs_vks ==
407  other.commitment_to_translation_step_r1cs_vks);
408  }
409 
410  template<typename PCD_ppT>
411  bool r1cs_mp_ppzkpcd_proof<PCD_ppT>::operator==(const r1cs_mp_ppzkpcd_proof<PCD_ppT> &other) const {
412  return (this->compliance_predicate_idx == other.compliance_predicate_idx &&
413  this->r1cs_proof == other.r1cs_proof);
414  }
415 
416  template<typename PCD_ppT>
417  r1cs_mp_ppzkpcd_keypair<PCD_ppT> r1cs_mp_ppzkpcd_generator(
418  const std::vector<r1cs_mp_ppzkpcd_compliance_predicate<PCD_ppT>> &compliance_predicates) {
419  assert(algebra::Fr<typename PCD_ppT::curve_A_pp>::mod ==
420  algebra::Fq<typename PCD_ppT::curve_B_pp>::mod);
421  assert(algebra::Fq<typename PCD_ppT::curve_A_pp>::mod ==
422  algebra::Fr<typename PCD_ppT::curve_B_pp>::mod);
423 
424  typedef typename PCD_ppT::curve_A_pp curve_A_pp;
425  typedef typename PCD_ppT::curve_B_pp curve_B_pp;
426 
427  typedef typename curve_A_pp::scalar_field_type FieldT_A;
428  typedef typename curve_B_pp::scalar_field_type FieldT_B;
429 
430  std::cout << "Call to r1cs_mp_ppzkpcd_generator" << std::endl;
431 
432  r1cs_mp_ppzkpcd_keypair<PCD_ppT> keypair;
433  const std::size_t translation_input_size =
434  mp_translation_step_pcd_circuit_maker<curve_B_pp>::input_size_in_elts();
435  const std::size_t vk_size_in_bits =
436  r1cs_ppzksnark_verification_key_variable<curve_A_pp>::size_in_bits(translation_input_size);
437  printf("%zu %zu\n", translation_input_size, vk_size_in_bits);
438 
439  set_commitment_accumulator<crh_with_bit_out_component<FieldT_A>> all_translation_vks(
440  compliance_predicates.size(), vk_size_in_bits);
441 
442  std::cout << "Perform type checks" << std::endl;
443  std::map<std::size_t, std::size_t> type_counts;
444 
445  for (auto &cp : compliance_predicates) {
446  type_counts[cp.type] += 1;
447  }
448 
449  for (auto &cp : compliance_predicates) {
450  if (cp.relies_on_same_type_inputs) {
451  for (std::size_t type : cp.accepted_input_types) {
452  assert(type_counts[type] == 1); /* each of accepted_input_types must be unique */
453  }
454  } else {
455  assert(cp.accepted_input_types.empty());
456  }
457  }
458 
459  for (std::size_t i = 0; i < compliance_predicates.size(); ++i) {
460  std::cout << FMT("",
461  "Process predicate %zu (with name %zu and type %zu)",
462  i,
463  compliance_predicates[i].name,
464  compliance_predicates[i].type)
465  << std::endl;
466  assert(compliance_predicates[i].is_well_formed());
467 
468  std::cout << "Construct compliance step PCD circuit" << std::endl;
469  mp_compliance_step_pcd_circuit_maker<curve_A_pp> mp_compliance_step_pcd_circuit(
470  compliance_predicates[i], compliance_predicates.size());
471  mp_compliance_step_pcd_circuit.generate_r1cs_constraints();
472  r1cs_constraint_system<FieldT_A> mp_compliance_step_pcd_circuit_cs =
473  mp_compliance_step_pcd_circuit.get_circuit();
474 
475  std::cout << "Generate key pair for compliance step PCD circuit" << std::endl;
476  typename r1cs_ppzksnark<curve_A_pp>::keypair_type mp_compliance_step_keypair =
477  r1cs_ppzksnark<curve_A_pp>::generator(mp_compliance_step_pcd_circuit_cs);
478 
479  std::cout << "Construct translation step PCD circuit" << std::endl;
480  mp_translation_step_pcd_circuit_maker<curve_B_pp> mp_translation_step_pcd_circuit(
481  mp_compliance_step_keypair.vk);
482  mp_translation_step_pcd_circuit.generate_r1cs_constraints();
483  r1cs_constraint_system<FieldT_B> mp_translation_step_pcd_circuit_cs =
484  mp_translation_step_pcd_circuit.get_circuit();
485 
486  std::cout << "Generate key pair for translation step PCD circuit" << std::endl;
487  typename r1cs_ppzksnark<curve_B_pp>::keypair_type mp_translation_step_keypair =
488  r1cs_ppzksnark<curve_B_pp>::generator(mp_translation_step_pcd_circuit_cs);
489 
490  std::cout << "Augment set of translation step verification keys" << std::endl;
491  const std::vector<bool> vk_bits =
492  r1cs_ppzksnark_verification_key_variable<curve_A_pp>::get_verification_key_bits(
493  mp_translation_step_keypair.vk);
494  all_translation_vks.add(vk_bits);
495 
496  std::cout << "Update r1cs_mp_ppzkpcd keypair" << std::endl;
497  keypair.pk.compliance_predicates.emplace_back(compliance_predicates[i]);
498  keypair.pk.compliance_step_r1cs_pks.emplace_back(mp_compliance_step_keypair.pk);
499  keypair.pk.translation_step_r1cs_pks.emplace_back(mp_translation_step_keypair.pk);
500  keypair.pk.compliance_step_r1cs_vks.emplace_back(mp_compliance_step_keypair.vk);
501  keypair.pk.translation_step_r1cs_vks.emplace_back(mp_translation_step_keypair.vk);
502  const std::size_t cp_name = compliance_predicates[i].name;
503  assert(keypair.pk.compliance_predicate_name_to_idx.find(cp_name) ==
504  keypair.pk.compliance_predicate_name_to_idx.end()); // all names must be distinct
505  keypair.pk.compliance_predicate_name_to_idx[cp_name] = i;
506 
507  keypair.vk.compliance_step_r1cs_vks.emplace_back(mp_compliance_step_keypair.vk);
508  keypair.vk.translation_step_r1cs_vks.emplace_back(mp_translation_step_keypair.vk);
509  }
510 
511  std::cout << "Compute set commitment and corresponding membership proofs" << std::endl;
512  const set_commitment cm = all_translation_vks.get_commitment();
513  keypair.pk.commitment_to_translation_step_r1cs_vks = cm;
514  keypair.vk.commitment_to_translation_step_r1cs_vks = cm;
515  for (std::size_t i = 0; i < compliance_predicates.size(); ++i) {
516  const std::vector<bool> vk_bits =
517  r1cs_ppzksnark_verification_key_variable<curve_A_pp>::get_verification_key_bits(
518  keypair.vk.translation_step_r1cs_vks[i]);
519  const set_membership_proof proof = all_translation_vks.get_membership_proof(vk_bits);
520 
521  keypair.pk.compliance_step_r1cs_vk_membership_proofs.emplace_back(proof);
522  }
523 
524  return keypair;
525  }
526 
527  template<typename PCD_ppT>
528  r1cs_mp_ppzkpcd_proof<PCD_ppT>
529  r1cs_mp_ppzkpcd_prover(const r1cs_mp_ppzkpcd_proving_key<PCD_ppT> &pk,
530  const std::size_t compliance_predicate_name,
531  const r1cs_mp_ppzkpcd_primary_input<PCD_ppT> &primary_input,
532  const r1cs_mp_ppzkpcd_auxiliary_input<PCD_ppT> &auxiliary_input,
533  const std::vector<r1cs_mp_ppzkpcd_proof<PCD_ppT>> &prev_proofs) {
534  typedef typename PCD_ppT::curve_A_pp curve_A_pp;
535  typedef typename PCD_ppT::curve_B_pp curve_B_pp;
536 
537  typedef typename curve_A_pp::scalar_field_type FieldT_A;
538  typedef typename curve_B_pp::scalar_field_type FieldT_B;
539 
540  std::cout << "Call to r1cs_mp_ppzkpcd_prover" << std::endl;
541 
542  auto it = pk.compliance_predicate_name_to_idx.find(compliance_predicate_name);
543  assert(it != pk.compliance_predicate_name_to_idx.end());
544  const std::size_t compliance_predicate_idx = it->second;
545 
546  std::cout << "Prove compliance step" << std::endl;
547  assert(compliance_predicate_idx < pk.compliance_predicates.size());
548  assert(prev_proofs.size() <= pk.compliance_predicates[compliance_predicate_idx].max_arity);
549 
550  const std::size_t arity = prev_proofs.size();
551  const std::size_t max_arity = pk.compliance_predicates[compliance_predicate_idx].max_arity;
552 
553  if (pk.compliance_predicates[compliance_predicate_idx].relies_on_same_type_inputs) {
554  const std::size_t input_predicate_idx = prev_proofs[0].compliance_predicate_idx;
555  for (std::size_t i = 1; i < arity; ++i) {
556  assert(prev_proofs[i].compliance_predicate_idx == input_predicate_idx);
557  }
558  }
559 
560  std::vector<typename r1cs_ppzksnark<curve_B_pp>::proof_type> padded_proofs(max_arity);
561  for (std::size_t i = 0; i < arity; ++i) {
562  padded_proofs[i] = prev_proofs[i].r1cs_proof;
563  }
564 
565  std::vector<typename r1cs_ppzksnark<curve_B_pp>::verification_key_type> translation_step_vks;
566  std::vector<set_membership_proof> membership_proofs;
567 
568  for (std::size_t i = 0; i < arity; ++i) {
569  const std::size_t input_predicate_idx = prev_proofs[i].compliance_predicate_idx;
570  translation_step_vks.emplace_back(pk.translation_step_r1cs_vks[input_predicate_idx]);
571  membership_proofs.emplace_back(
572  pk.compliance_step_r1cs_vk_membership_proofs[input_predicate_idx]);
573 
574 #ifdef DEBUG
575  if (auxiliary_input.incoming_messages[i]->type != 0) {
576  printf("check proof for message %zu\n", i);
577  const r1cs_primary_input<FieldT_B> translated_msg =
578  get_mp_translation_step_pcd_circuit_input<curve_B_pp>(
579  pk.commitment_to_translation_step_r1cs_vks, auxiliary_input.incoming_messages[i]);
580  const bool bit = r1cs_ppzksnark<curve_B_pp>::verifier_strong_input_consistency(
581  translation_step_vks[i], translated_msg, padded_proofs[i]);
582  assert(bit);
583  } else {
584  printf("message %zu is base case\n", i);
585  }
586 #endif
587  }
588 
589  /* pad with dummy vks/membership proofs */
590  for (std::size_t i = arity; i < max_arity; ++i) {
591  printf("proof %zu will be a dummy\n", arity);
592  translation_step_vks.emplace_back(pk.translation_step_r1cs_vks[0]);
593  membership_proofs.emplace_back(pk.compliance_step_r1cs_vk_membership_proofs[0]);
594  }
595 
596  mp_compliance_step_pcd_circuit_maker<curve_A_pp> mp_compliance_step_pcd_circuit(
597  pk.compliance_predicates[compliance_predicate_idx], pk.compliance_predicates.size());
598 
599  mp_compliance_step_pcd_circuit.generate_r1cs_witness(pk.commitment_to_translation_step_r1cs_vks,
600  translation_step_vks,
601  membership_proofs,
602  primary_input,
603  auxiliary_input,
604  padded_proofs);
605 
606  const r1cs_primary_input<FieldT_A> compliance_step_primary_input =
607  mp_compliance_step_pcd_circuit.get_primary_input();
608  const r1cs_auxiliary_input<FieldT_A> compliance_step_auxiliary_input =
609  mp_compliance_step_pcd_circuit.get_auxiliary_input();
610  const typename r1cs_ppzksnark<curve_A_pp>::proof_type compliance_step_proof =
611  r1cs_ppzksnark<curve_A_pp>::prover(pk.compliance_step_r1cs_pks[compliance_predicate_idx],
612  compliance_step_primary_input,
613  compliance_step_auxiliary_input);
614 
615 #ifdef DEBUG
616  const r1cs_primary_input<FieldT_A> compliance_step_input =
617  get_mp_compliance_step_pcd_circuit_input<curve_A_pp>(pk.commitment_to_translation_step_r1cs_vks,
618  primary_input.outgoing_message);
619  const bool compliance_step_ok = r1cs_ppzksnark<curve_A_pp>::verifier_strong_input_consistency(
620  pk.compliance_step_r1cs_vks[compliance_predicate_idx],
621  compliance_step_input,
622  compliance_step_proof);
623  assert(compliance_step_ok);
624 #endif
625 
626  std::cout << "Prove translation step" << std::endl;
627  mp_translation_step_pcd_circuit_maker<curve_B_pp> mp_translation_step_pcd_circuit(
628  pk.compliance_step_r1cs_vks[compliance_predicate_idx]);
629 
630  const r1cs_primary_input<FieldT_B> translation_step_primary_input =
631  get_mp_translation_step_pcd_circuit_input<curve_B_pp>(
632  pk.commitment_to_translation_step_r1cs_vks, primary_input);
633  mp_translation_step_pcd_circuit.generate_r1cs_witness(translation_step_primary_input,
634  compliance_step_proof);
635  const r1cs_auxiliary_input<FieldT_B> translation_step_auxiliary_input =
636  mp_translation_step_pcd_circuit.get_auxiliary_input();
637 
638  const typename r1cs_ppzksnark<curve_B_pp>::proof_type translation_step_proof =
639  r1cs_ppzksnark<curve_B_pp>::prover(pk.translation_step_r1cs_pks[compliance_predicate_idx],
640  translation_step_primary_input,
641  translation_step_auxiliary_input);
642 
643 #ifdef DEBUG
644  const bool translation_step_ok = r1cs_ppzksnark<curve_B_pp>::verifier_strong_input_consistency(
645  pk.translation_step_r1cs_vks[compliance_predicate_idx],
646  translation_step_primary_input,
647  translation_step_proof);
648  assert(translation_step_ok);
649 #endif
650 
651  r1cs_mp_ppzkpcd_proof<PCD_ppT> result;
652  result.compliance_predicate_idx = compliance_predicate_idx;
653  result.r1cs_proof = translation_step_proof;
654  return result;
655  }
656 
657  template<typename PCD_ppT>
658  bool r1cs_mp_ppzkpcd_online_verifier(const r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> &pvk,
659  const r1cs_mp_ppzkpcd_primary_input<PCD_ppT> &primary_input,
660  const r1cs_mp_ppzkpcd_proof<PCD_ppT> &proof) {
661  typedef typename PCD_ppT::curve_B_pp curve_B_pp;
662 
663  std::cout << "Call to r1cs_mp_ppzkpcd_online_verifier" << std::endl;
664  const r1cs_primary_input<typename curve_B_pp::scalar_field_type> r1cs_input =
665  get_mp_translation_step_pcd_circuit_input<curve_B_pp>(
666  pvk.commitment_to_translation_step_r1cs_vks, primary_input);
667  const bool result = r1cs_ppzksnark::online_verifier_strong_input_consistency(
668  pvk.translation_step_r1cs_pvks[proof.compliance_predicate_idx], r1cs_input, proof.r1cs_proof);
669 
670  return result;
671  }
672 
673  template<typename PCD_ppT>
674  r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT>
675  r1cs_mp_ppzkpcd_process_vk(const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &vk) {
676  typedef typename PCD_ppT::curve_A_pp curve_A_pp;
677  typedef typename PCD_ppT::curve_B_pp curve_B_pp;
678 
679  std::cout << "Call to r1cs_mp_ppzkpcd_processed_verification_key" << std::endl;
680 
681  r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> result;
682  result.commitment_to_translation_step_r1cs_vks = vk.commitment_to_translation_step_r1cs_vks;
683 
684  for (std::size_t i = 0; i < vk.compliance_step_r1cs_vks.size(); ++i) {
685  const typename r1cs_ppzksnark<curve_A_pp>::processed_verification_key_type
686  compliance_step_r1cs_pvk =
687  r1cs_ppzksnark<curve_A_pp>::verifier_process_vk(vk.compliance_step_r1cs_vks[i]);
688  const typename r1cs_ppzksnark<curve_B_pp>::processed_verification_key
689  translation_step_r1cs_pvk =
690  r1cs_ppzksnark<curve_B_pp>::verifier_process_vk(vk.translation_step_r1cs_vks[i]);
691 
692  result.compliance_step_r1cs_pvks.emplace_back(compliance_step_r1cs_pvk);
693  result.translation_step_r1cs_pvks.emplace_back(translation_step_r1cs_pvk);
694  }
695 
696  return result;
697  }
698 
699  template<typename PCD_ppT>
700  bool r1cs_mp_ppzkpcd_verifier(const r1cs_mp_ppzkpcd_verification_key<PCD_ppT> &vk,
701  const r1cs_mp_ppzkpcd_primary_input<PCD_ppT> &primary_input,
702  const r1cs_mp_ppzkpcd_proof<PCD_ppT> &proof) {
703  std::cout << "Call to r1cs_mp_ppzkpcd_verifier" << std::endl;
704  r1cs_mp_ppzkpcd_processed_verification_key<PCD_ppT> pvk = r1cs_mp_ppzkpcd_process_vk(vk);
705  const bool result = r1cs_mp_ppzkpcd_online_verifier(pvk, primary_input, proof);
706 
707  return result;
708  }
709 
710  } // namespace snark
711  } // namespace zk
712  } // namespace crypto3
713 } // namespace nil
714 
715 #endif // CRYPTO3_R1CS_MP_PPZKPCD_HPP
nil::crypto3::zk::snark::mp_compliance_step_pcd_circuit_maker
Definition: mp_pcd_circuits.hpp:65
nil::crypto3::zk::snark::mp_compliance_step_pcd_circuit_maker::get_auxiliary_input
snark::r1cs_auxiliary_input< FieldType > get_auxiliary_input() const
Definition: mp_pcd_circuits.hpp:524
nil::crypto3::zk::snark::mp_compliance_step_pcd_circuit_maker::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: mp_pcd_circuits.hpp:428
nil::crypto3::zk::snark::mp_compliance_step_pcd_circuit_maker::get_primary_input
snark::r1cs_primary_input< FieldType > get_primary_input() const
Definition: mp_pcd_circuits.hpp:518
nil::crypto3::zk::snark::mp_compliance_step_pcd_circuit_maker::generate_r1cs_witness
void generate_r1cs_witness(const set_commitment &commitment_to_translation_step_r1cs_vks, const std::vector< r1cs_ppzksnark_verification_key< other_curve< CurveType >>> &mp_translation_step_pcd_circuit_vks, const std::vector< set_membership_proof > &vk_membership_proofs, const r1cs_pcd_compliance_predicate_primary_input< FieldType > &compliance_predicate_primary_input, const r1cs_pcd_compliance_predicate_auxiliary_input< FieldType > &compliance_predicate_auxiliary_input, const std::vector< r1cs_ppzksnark_proof< other_curve< CurveType >>> &translation_step_proofs)
Definition: mp_pcd_circuits.hpp:529
nil::crypto3::zk::snark::mp_compliance_step_pcd_circuit_maker::get_circuit
snark::r1cs_constraint_system< FieldType > get_circuit() const
Definition: mp_pcd_circuits.hpp:512
nil::crypto3::zk::snark::mp_translation_step_pcd_circuit_maker
Definition: mp_pcd_circuits.hpp:168
nil::crypto3::zk::snark::mp_translation_step_pcd_circuit_maker::input_size_in_elts
static std::size_t input_size_in_elts()
Definition: mp_pcd_circuits.hpp:718
nil::crypto3::zk::snark::mp_translation_step_pcd_circuit_maker::get_auxiliary_input
snark::r1cs_auxiliary_input< FieldType > get_auxiliary_input() const
Definition: mp_pcd_circuits.hpp:703
nil::crypto3::zk::snark::mp_translation_step_pcd_circuit_maker::generate_r1cs_witness
void generate_r1cs_witness(const snark::r1cs_primary_input< typename CurveType::scalar_field_type > translation_step_input, const r1cs_ppzksnark_proof< other_curve< CurveType >> &prev_proof)
Definition: mp_pcd_circuits.hpp:683
nil::crypto3::zk::snark::mp_translation_step_pcd_circuit_maker::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: mp_pcd_circuits.hpp:668
nil::crypto3::zk::snark::mp_translation_step_pcd_circuit_maker::get_circuit
snark::r1cs_constraint_system< FieldType > get_circuit() const
Definition: mp_pcd_circuits.hpp:678
nil::crypto3::zk::snark::proof
Definition: snark/proof.hpp:37
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_keypair
Definition: r1cs_mp_ppzkpcd.hpp:218
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_keypair::r1cs_mp_ppzkpcd_keypair
r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_keypair< PCD_ppT > &&other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_keypair::r1cs_mp_ppzkpcd_keypair
r1cs_mp_ppzkpcd_keypair()=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_keypair::pk
r1cs_mp_ppzkpcd_proving_key< PCD_ppT > pk
Definition: r1cs_mp_ppzkpcd.hpp:220
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_keypair::r1cs_mp_ppzkpcd_keypair
r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_proving_key< PCD_ppT > &&pk, r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &&vk)
Definition: r1cs_mp_ppzkpcd.hpp:225
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_keypair::vk
r1cs_mp_ppzkpcd_verification_key< PCD_ppT > vk
Definition: r1cs_mp_ppzkpcd.hpp:221
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key
Definition: r1cs_mp_ppzkpcd.hpp:177
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::A_pp
PCD_ppT::curve_A_pp A_pp
Definition: r1cs_mp_ppzkpcd.hpp:179
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::operator==
bool operator==(const r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > &other) const
Definition: r1cs_mp_ppzkpcd.hpp:402
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::r1cs_mp_ppzkpcd_processed_verification_key
r1cs_mp_ppzkpcd_processed_verification_key(const r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > &other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::size_in_bits
std::size_t size_in_bits() const
Definition: r1cs_mp_ppzkpcd.hpp:387
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::r1cs_mp_ppzkpcd_processed_verification_key
r1cs_mp_ppzkpcd_processed_verification_key()=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::operator=
r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > & operator=(const r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > &other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::compliance_step_r1cs_pvks
std::vector< typename r1cs_ppzksnark< A_pp >::processed_verification_key_type > compliance_step_r1cs_pvks
Definition: r1cs_mp_ppzkpcd.hpp:183
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::commitment_to_translation_step_r1cs_vks
set_commitment commitment_to_translation_step_r1cs_vks
Definition: r1cs_mp_ppzkpcd.hpp:186
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::B_pp
PCD_ppT::curve_B_pp B_pp
Definition: r1cs_mp_ppzkpcd.hpp:180
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::r1cs_mp_ppzkpcd_processed_verification_key
r1cs_mp_ppzkpcd_processed_verification_key(r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > &&other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::translation_step_r1cs_pvks
std::vector< typename r1cs_ppzksnark< B_pp >::processed_verification_key_type > translation_step_r1cs_pvks
Definition: r1cs_mp_ppzkpcd.hpp:185
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_processed_verification_key::r1cs_mp_ppzkpcd_processed_verification_key
r1cs_mp_ppzkpcd_processed_verification_key(std::vector< typename r1cs_ppzksnark< A_pp >::processed_verification_key_type > &&compliance_step_r1cs_pvks, std::vector< typename r1cs_ppzksnark< B_pp >::processed_verification_key_type > &&translation_step_r1cs_pvks, const set_commitment &commitment_to_translation_step_r1cs_vks)
Definition: r1cs_mp_ppzkpcd.hpp:193
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proof
Definition: r1cs_mp_ppzkpcd.hpp:237
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proof::r1cs_proof
r1cs_ppzksnark< typename PCD_ppT::curve_B_pp >::proof_type r1cs_proof
Definition: r1cs_mp_ppzkpcd.hpp:240
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proof::compliance_predicate_idx
std::size_t compliance_predicate_idx
Definition: r1cs_mp_ppzkpcd.hpp:239
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proof::size_in_bits
std::size_t size_in_bits() const
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proof::r1cs_mp_ppzkpcd_proof
r1cs_mp_ppzkpcd_proof()=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proof::operator==
bool operator==(const r1cs_mp_ppzkpcd_proof< PCD_ppT > &other) const
Definition: r1cs_mp_ppzkpcd.hpp:411
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proof::r1cs_mp_ppzkpcd_proof
r1cs_mp_ppzkpcd_proof(const std::size_t compliance_predicate_idx, const typename r1cs_ppzksnark< typename PCD_ppT::curve_B_pp >::proof_type &r1cs_proof)
Definition: r1cs_mp_ppzkpcd.hpp:243
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key
Definition: r1cs_mp_ppzkpcd.hpp:78
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::is_well_formed
bool is_well_formed() const
Definition: r1cs_mp_ppzkpcd.hpp:334
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::size_in_bits
std::size_t size_in_bits() const
Definition: r1cs_mp_ppzkpcd.hpp:317
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::translation_step_r1cs_vks
std::vector< typename r1cs_ppzksnark< B_pp >::verification_key_type > translation_step_r1cs_vks
Definition: r1cs_mp_ppzkpcd.hpp:89
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::r1cs_mp_ppzkpcd_proving_key
r1cs_mp_ppzkpcd_proving_key()
Definition: r1cs_mp_ppzkpcd.hpp:96
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::compliance_predicate_name_to_idx
std::map< std::size_t, std::size_t > compliance_predicate_name_to_idx
Definition: r1cs_mp_ppzkpcd.hpp:94
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::r1cs_mp_ppzkpcd_proving_key
r1cs_mp_ppzkpcd_proving_key(r1cs_mp_ppzkpcd_proving_key< PCD_ppT > &&other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::operator==
bool operator==(const r1cs_mp_ppzkpcd_proving_key< PCD_ppT > &other) const
Definition: r1cs_mp_ppzkpcd.hpp:348
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::B_pp
PCD_ppT::curve_B_pp B_pp
Definition: r1cs_mp_ppzkpcd.hpp:81
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::r1cs_mp_ppzkpcd_proving_key
r1cs_mp_ppzkpcd_proving_key(const std::vector< r1cs_mp_ppzkpcd_compliance_predicate< PCD_ppT >> &compliance_predicates, const std::vector< typename r1cs_ppzksnark< A_pp >::proving_key_type > &compliance_step_r1cs_pk, const std::vector< typename r1cs_ppzksnark< B_pp >::proving_key_type > &translation_step_r1cs_pk, const std::vector< typename r1cs_ppzksnark< A_pp >::verification_key_type > &compliance_step_r1cs_vk, const std::vector< typename r1cs_ppzksnark< B_pp >::verification_key_type > &translation_step_r1cs_vk, const set_commitment &commitment_to_translation_step_r1cs_vks, const std::vector< set_membership_proof > &compliance_step_r1cs_vk_membership_proofs, const std::map< std::size_t, std::size_t > &compliance_predicate_name_to_idx)
Definition: r1cs_mp_ppzkpcd.hpp:99
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::compliance_step_r1cs_vk_membership_proofs
std::vector< set_membership_proof > compliance_step_r1cs_vk_membership_proofs
Definition: r1cs_mp_ppzkpcd.hpp:92
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::compliance_predicates
std::vector< r1cs_mp_ppzkpcd_compliance_predicate< PCD_ppT > > compliance_predicates
Definition: r1cs_mp_ppzkpcd.hpp:83
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::translation_step_r1cs_pks
std::vector< typename r1cs_ppzksnark< B_pp >::proving_key_type > translation_step_r1cs_pks
Definition: r1cs_mp_ppzkpcd.hpp:86
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::r1cs_mp_ppzkpcd_proving_key
r1cs_mp_ppzkpcd_proving_key(const r1cs_mp_ppzkpcd_proving_key< PCD_ppT > &other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::compliance_step_r1cs_vks
std::vector< typename r1cs_ppzksnark< A_pp >::verification_key_type > compliance_step_r1cs_vks
Definition: r1cs_mp_ppzkpcd.hpp:88
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::A_pp
PCD_ppT::curve_A_pp A_pp
Definition: r1cs_mp_ppzkpcd.hpp:80
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::compliance_step_r1cs_pks
std::vector< typename r1cs_ppzksnark< A_pp >::proving_key_type > compliance_step_r1cs_pks
Definition: r1cs_mp_ppzkpcd.hpp:85
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::commitment_to_translation_step_r1cs_vks
set_commitment commitment_to_translation_step_r1cs_vks
Definition: r1cs_mp_ppzkpcd.hpp:91
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_proving_key::operator=
r1cs_mp_ppzkpcd_proving_key< PCD_ppT > & operator=(const r1cs_mp_ppzkpcd_proving_key< PCD_ppT > &other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key
Definition: r1cs_mp_ppzkpcd.hpp:136
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::B_pp
PCD_ppT::curve_B_pp B_pp
Definition: r1cs_mp_ppzkpcd.hpp:139
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::translation_step_r1cs_vks
std::vector< typename r1cs_ppzksnark< B_pp >::verification_key_type > translation_step_r1cs_vks
Definition: r1cs_mp_ppzkpcd.hpp:142
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::r1cs_mp_ppzkpcd_verification_key
r1cs_mp_ppzkpcd_verification_key(const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::r1cs_mp_ppzkpcd_verification_key
r1cs_mp_ppzkpcd_verification_key()=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::A_pp
PCD_ppT::curve_A_pp A_pp
Definition: r1cs_mp_ppzkpcd.hpp:138
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::commitment_to_translation_step_r1cs_vks
set_commitment commitment_to_translation_step_r1cs_vks
Definition: r1cs_mp_ppzkpcd.hpp:143
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::size_in_bits
std::size_t size_in_bits() const
Definition: r1cs_mp_ppzkpcd.hpp:363
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::compliance_step_r1cs_vks
std::vector< typename r1cs_ppzksnark< A_pp >::verification_key_type > compliance_step_r1cs_vks
Definition: r1cs_mp_ppzkpcd.hpp:141
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::operator==
bool operator==(const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &other) const
Definition: r1cs_mp_ppzkpcd.hpp:378
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::r1cs_mp_ppzkpcd_verification_key
r1cs_mp_ppzkpcd_verification_key(const std::vector< typename r1cs_ppzksnark< A_pp >::verification_key_type > &compliance_step_r1cs_vks, const std::vector< typename r1cs_ppzksnark< B_pp >::verification_key_type > &translation_step_r1cs_vks, const set_commitment &commitment_to_translation_step_r1cs_vks)
Definition: r1cs_mp_ppzkpcd.hpp:148
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::r1cs_mp_ppzkpcd_verification_key
r1cs_mp_ppzkpcd_verification_key(r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &&other)=default
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verification_key::operator=
r1cs_mp_ppzkpcd_verification_key< PCD_ppT > & operator=(const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &other)=default
nil::crypto3::zk::snark::r1cs_pcd_compliance_predicate_auxiliary_input
Definition: r1cs_pcd_params.hpp:54
nil::crypto3::zk::snark::r1cs_pcd_compliance_predicate_auxiliary_input::incoming_messages
std::vector< std::shared_ptr< r1cs_pcd_message< FieldType > > > incoming_messages
Definition: r1cs_pcd_params.hpp:56
nil::crypto3::zk::snark::r1cs_pcd_compliance_predicate_primary_input
Definition: r1cs_pcd_params.hpp:40
nil::crypto3::zk::snark::r1cs_pcd_compliance_predicate_primary_input::outgoing_message
std::shared_ptr< r1cs_pcd_message< FieldType > > outgoing_message
Definition: r1cs_pcd_params.hpp:42
nil::crypto3::zk::snark::r1cs_pcd_compliance_predicate
Definition: compliance_predicate.hpp:123
nil::crypto3::zk::snark::r1cs_ppzksnark_processed_verification_key
Definition: zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verification_key.hpp:102
nil::crypto3::zk::snark::r1cs_ppzksnark_proof
Definition: snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp:43
nil::crypto3::zk::snark::r1cs_ppzksnark
ppzkSNARK for R1CS
Definition: r1cs_ppzksnark.hpp:70
nil::crypto3::zk::snark::r1cs_ppzksnark::keypair_type
policy_type::keypair_type keypair_type
Definition: r1cs_ppzksnark.hpp:86
nil::crypto3::zk::snark::set_commitment_accumulator
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/set_commitment.hpp:57
nil::crypto3::zk::snark::set_commitment_accumulator::add
void add(const std::vector< bool > &value)
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/set_commitment.hpp:75
nil::crypto3::zk::snark::set_commitment_accumulator::get_membership_proof
set_membership_proof get_membership_proof(const std::vector< bool > &value) const
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/set_commitment.hpp:95
nil::crypto3::zk::snark::set_commitment_accumulator::get_commitment
set_commitment get_commitment() const
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/set_commitment.hpp:91
nil::crypto3::algebra::vector
vector(T, U...) -> vector< std::enable_if_t<(std::is_same_v< T, U > &&...), T >, 1+sizeof...(U)>
deduction guide for uniform initialization
nil::crypto3::block::move
OutputIterator move(const SinglePassRange &rng, OutputIterator result)
Definition: move.hpp:45
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_prover
r1cs_mp_ppzkpcd_proof< PCD_ppT > r1cs_mp_ppzkpcd_prover(const r1cs_mp_ppzkpcd_proving_key< PCD_ppT > &pk, const std::size_t compliance_predicate_name, const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_mp_ppzkpcd_auxiliary_input< PCD_ppT > &auxiliary_input, const std::vector< r1cs_mp_ppzkpcd_proof< PCD_ppT >> &incoming_proofs)
Definition: r1cs_mp_ppzkpcd.hpp:529
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_process_vk
r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > r1cs_mp_ppzkpcd_process_vk(const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &vk)
Definition: r1cs_mp_ppzkpcd.hpp:675
nil::crypto3::zk::snark::r1cs_auxiliary_input
std::vector< typename FieldType::value_type > r1cs_auxiliary_input
Definition: r1cs.hpp:104
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_verifier
bool r1cs_mp_ppzkpcd_verifier(const r1cs_mp_ppzkpcd_verification_key< PCD_ppT > &vk, const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_mp_ppzkpcd_proof< PCD_ppT > &proof)
Definition: r1cs_mp_ppzkpcd.hpp:700
nil::crypto3::zk::snark::keypair
std::pair< typename ZkScheme::proving_key, typename ZkScheme::verification_key > keypair
Definition: keypair.hpp:35
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_generator
r1cs_mp_ppzkpcd_keypair< PCD_ppT > r1cs_mp_ppzkpcd_generator(const std::vector< r1cs_mp_ppzkpcd_compliance_predicate< PCD_ppT >> &compliance_predicates)
Definition: r1cs_mp_ppzkpcd.hpp:417
nil::crypto3::zk::snark::r1cs_mp_ppzkpcd_online_verifier
bool r1cs_mp_ppzkpcd_online_verifier(const r1cs_mp_ppzkpcd_processed_verification_key< PCD_ppT > &pvk, const r1cs_mp_ppzkpcd_primary_input< PCD_ppT > &primary_input, const r1cs_mp_ppzkpcd_proof< PCD_ppT > &proof)
Definition: r1cs_mp_ppzkpcd.hpp:658
nil::crypto3::zk::snark::r1cs_primary_input
std::vector< typename FieldType::value_type > r1cs_primary_input
Definition: r1cs.hpp:101
nil::crypto3::zk::snark::set_commitment
std::vector< bool > set_commitment
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/set_commitment.hpp:37
nil
Definition: pair.hpp:31
nil::crypto3::zk::snark::r1cs_constraint_system
Definition: r1cs.hpp:124
nil::crypto3::zk::snark::set_membership_proof
Definition: blueprint/include/nil/crypto3/zk/components/schemes/snark/set_commitment.hpp:39
set_commitment.hpp