mirror of
https://github.com/exfinen/zk-toolkit.git
synced 2026-01-09 12:07:57 -05:00
clean up
This commit is contained in:
exfinen
@@ -61,7 +61,6 @@ impl CRS {
|
||||
// derive values from random values
|
||||
let r_y = &(r_v * r_w);
|
||||
let g1_v = &(g1 * r_v);
|
||||
let g2_v = &(g2 * r_v);
|
||||
let g1_w = &(g1 * r_w);
|
||||
let g2_w = &(g2 * r_w);
|
||||
let g_y = &(g1 * r_y);
|
||||
@@ -76,7 +75,7 @@ impl CRS {
|
||||
let io = (0..mid_beg).collect::<Vec<usize>>();
|
||||
(mid, io)
|
||||
};
|
||||
let s = &f.elem(&42u8); // &f.rand_elem(true);
|
||||
let s = &f.rand_elem(true);
|
||||
|
||||
// compute evaluation keys
|
||||
println!("----> Computing evaluation keys...");
|
||||
|
||||
@@ -4,17 +4,17 @@ use crate::building_block::curves::bls12_381::{
|
||||
};
|
||||
|
||||
pub struct PinocchioProof {
|
||||
pub g_v_v_mid_s: G1Point,
|
||||
pub g1_w_w_mid_s: G1Point,
|
||||
pub g2_w_w_mid_s: G2Point,
|
||||
pub g_y_y_mid_s: G1Point,
|
||||
pub v_mid_s: G1Point,
|
||||
pub g1_w_mid_s: G1Point,
|
||||
pub g2_w_mid_s: G2Point,
|
||||
pub y_mid_s: G1Point,
|
||||
|
||||
pub g_h_s: G2Point,
|
||||
pub h_s: G2Point,
|
||||
|
||||
pub g_v_alpha_v_mid_s: G1Point,
|
||||
pub g_w_alpha_w_mid_s: G1Point,
|
||||
pub g_y_alpha_y_mid_s: G1Point,
|
||||
pub alpha_v_mid_s: G1Point,
|
||||
pub alpha_w_mid_s: G1Point,
|
||||
pub alpha_y_mid_s: G1Point,
|
||||
|
||||
pub g_beta_vwy_mid_s: G1Point,
|
||||
pub beta_vwy_mid_s: G1Point,
|
||||
}
|
||||
|
||||
|
||||
@@ -93,31 +93,31 @@ impl PinocchioProver {
|
||||
|
||||
let ek = &crs.ek;
|
||||
|
||||
let mut g_v_v_mid_s = G1Point::zero();
|
||||
let mut g1_w_w_mid_s = G1Point::zero();
|
||||
let mut g2_w_w_mid_s = G2Point::zero();
|
||||
let mut g_y_y_mid_s = G1Point::zero();
|
||||
let mut g_v_alpha_v_mid_s = G1Point::zero();
|
||||
let mut g_w_alpha_w_mid_s = G1Point::zero();
|
||||
let mut g_y_alpha_y_mid_s = G1Point::zero();
|
||||
let mut g_beta_vwy_mid_s = G1Point::zero();
|
||||
let mut v_mid_s = G1Point::zero();
|
||||
let mut g1_w_mid_s = G1Point::zero();
|
||||
let mut g2_w_mid_s = G2Point::zero();
|
||||
let mut y_mid_s = G1Point::zero();
|
||||
let mut alpha_v_mid_s = G1Point::zero();
|
||||
let mut alpha_w_mid_s = G1Point::zero();
|
||||
let mut alpha_y_mid_s = G1Point::zero();
|
||||
let mut beta_vwy_mid_s = G1Point::zero();
|
||||
|
||||
for i in 0..witness_mid.size_in_usize() {
|
||||
let w = &witness_mid[&i];
|
||||
|
||||
g_v_v_mid_s = &g_v_v_mid_s + &ek.g_v_v_k_mid[i] * w;
|
||||
g1_w_w_mid_s = &g1_w_w_mid_s + &ek.g1_w_w_k_mid[i] * w;
|
||||
g2_w_w_mid_s = &g2_w_w_mid_s + &ek.g2_w_w_k_mid[i] * w;
|
||||
g_y_y_mid_s = &g_y_y_mid_s + &ek.g_y_y_k_mid[i] * w;
|
||||
v_mid_s = &v_mid_s + &ek.g_v_v_k_mid[i] * w;
|
||||
g1_w_mid_s = &g1_w_mid_s + &ek.g1_w_w_k_mid[i] * w;
|
||||
g2_w_mid_s = &g2_w_mid_s + &ek.g2_w_w_k_mid[i] * w;
|
||||
y_mid_s = &y_mid_s + &ek.g_y_y_k_mid[i] * w;
|
||||
|
||||
g_v_alpha_v_mid_s = &g_v_alpha_v_mid_s + &ek.g_v_alpha_v_k_mid[i] * w;
|
||||
g_w_alpha_w_mid_s = &g_w_alpha_w_mid_s + &ek.g_w_alpha_w_k_mid[i] * w;
|
||||
g_y_alpha_y_mid_s = &g_y_alpha_y_mid_s + &ek.g_y_alpha_y_k_mid[i] * w;
|
||||
alpha_v_mid_s = &alpha_v_mid_s + &ek.g_v_alpha_v_k_mid[i] * w;
|
||||
alpha_w_mid_s = &alpha_w_mid_s + &ek.g_w_alpha_w_k_mid[i] * w;
|
||||
alpha_y_mid_s = &alpha_y_mid_s + &ek.g_y_alpha_y_k_mid[i] * w;
|
||||
|
||||
g_beta_vwy_mid_s = &g_beta_vwy_mid_s + &ek.g_vwy_beta_vwy_k_mid[i] * w;
|
||||
beta_vwy_mid_s = &beta_vwy_mid_s + &ek.g_vwy_beta_vwy_k_mid[i] * w;
|
||||
}
|
||||
|
||||
let g_h_s = {
|
||||
let h_s = {
|
||||
let h = match self.p.divide_by(&self.t) {
|
||||
DivResult::Quotient(q) => q,
|
||||
_ => panic!("p should be divisible by t"),
|
||||
@@ -126,15 +126,15 @@ impl PinocchioProver {
|
||||
};
|
||||
|
||||
PinocchioProof {
|
||||
g_v_v_mid_s,
|
||||
g1_w_w_mid_s,
|
||||
g2_w_w_mid_s,
|
||||
g_y_y_mid_s,
|
||||
g_h_s,
|
||||
g_v_alpha_v_mid_s,
|
||||
g_w_alpha_w_mid_s,
|
||||
g_y_alpha_y_mid_s,
|
||||
g_beta_vwy_mid_s,
|
||||
v_mid_s,
|
||||
g1_w_mid_s,
|
||||
g2_w_mid_s,
|
||||
y_mid_s,
|
||||
h_s,
|
||||
alpha_v_mid_s,
|
||||
alpha_w_mid_s,
|
||||
alpha_y_mid_s,
|
||||
beta_vwy_mid_s,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,55 +34,57 @@ impl PinocchioVerifier {
|
||||
witness_io: &SparseVec,
|
||||
) -> bool {
|
||||
println!("--> Verifying Pinnochio proof...");
|
||||
let e = |a, b| self.pairing.tate(a, b);
|
||||
let e = |a: &G1Point, b: &G2Point| self.pairing.tate(a, b);
|
||||
|
||||
let (p, vk) = (&proof, &crs.vk);
|
||||
|
||||
// KC of v * w * y
|
||||
let g_vwd_mid_s = &p.g_v_v_mid_s + &p.g1_w_w_mid_s + &p.g_y_y_mid_s;
|
||||
{
|
||||
let lhs = e(&p.g_beta_vwy_mid_s, &vk.g_gamma);
|
||||
let rhs = e(&g_vwd_mid_s, &vk.g_beta_gamma);
|
||||
let vwd_mid_s = &p.v_mid_s + &p.g1_w_mid_s + &p.y_mid_s;
|
||||
let lhs = e(&p.beta_vwy_mid_s, &vk.g_gamma);
|
||||
let rhs = e(&vwd_mid_s, &vk.g_beta_gamma);
|
||||
if lhs != rhs { return false; }
|
||||
}
|
||||
|
||||
// KC of v, w and y
|
||||
{
|
||||
let lhs = e(&p.g_v_alpha_v_mid_s, &vk.one_g2);
|
||||
let rhs = e(&p.g_v_v_mid_s, &vk.g_alpha_v);
|
||||
let lhs = e(&p.alpha_v_mid_s, &vk.one_g2);
|
||||
let rhs = e(&p.v_mid_s, &vk.g_alpha_v);
|
||||
if lhs != rhs { return false; }
|
||||
}
|
||||
{
|
||||
let lhs = e(&p.g_w_alpha_w_mid_s, &vk.one_g2);
|
||||
let rhs = e(&p.g1_w_w_mid_s, &vk.g2_alpha_w);
|
||||
let lhs = e(&p.alpha_w_mid_s, &vk.one_g2);
|
||||
let rhs = e(&p.g1_w_mid_s, &vk.g2_alpha_w);
|
||||
if lhs != rhs { return false; }
|
||||
}
|
||||
{
|
||||
let lhs = e(&p.g_y_alpha_y_mid_s, &vk.one_g2);
|
||||
let rhs = e(&p.g_y_y_mid_s, &vk.g2_alpha_y);
|
||||
let lhs = e(&p.alpha_y_mid_s, &vk.one_g2);
|
||||
let rhs = e(&p.y_mid_s, &vk.g2_alpha_y);
|
||||
if lhs != rhs { return false; }
|
||||
}
|
||||
|
||||
// QAP divisibility check
|
||||
let mut v_io: G1Point = G1Point::zero();
|
||||
let mut w_io: G2Point = G2Point::zero();
|
||||
let mut y_io: G1Point = G1Point::zero();
|
||||
{
|
||||
let mut v_io: G1Point = G1Point::zero();
|
||||
let mut w_io: G2Point = G2Point::zero();
|
||||
let mut y_io: G1Point = G1Point::zero();
|
||||
|
||||
for i in 0..witness_io.size_in_usize() {
|
||||
let w = &witness_io[&i];
|
||||
v_io = v_io + &vk.g_v_v_k_io[i] * w;
|
||||
w_io = w_io + &vk.g_w_w_k_io[i] * w;
|
||||
y_io = y_io + &vk.g_y_y_k_io[i] * w;
|
||||
for i in 0..witness_io.size_in_usize() {
|
||||
let w = &witness_io[&i];
|
||||
v_io = v_io + &vk.g_v_v_k_io[i] * w;
|
||||
w_io = w_io + &vk.g_w_w_k_io[i] * w;
|
||||
y_io = y_io + &vk.g_y_y_k_io[i] * w;
|
||||
}
|
||||
|
||||
let v_s = &v_io + &p.v_mid_s;
|
||||
let w_s = &w_io + &p.g2_w_mid_s;
|
||||
let y_s = &y_io + &p.y_mid_s;
|
||||
|
||||
let lhs = e(&v_s, &w_s) ;
|
||||
let rhs = e(&vk.g_y_t, &p.h_s) * e(&y_s, &vk.one_g2);
|
||||
|
||||
lhs == rhs
|
||||
}
|
||||
|
||||
let v_s = &v_io + &p.g_v_v_mid_s;
|
||||
let w_s = &w_io + &p.g2_w_w_mid_s;
|
||||
let y_s = &y_io + &p.g_y_y_mid_s;
|
||||
|
||||
let lhs = e(&v_s, &w_s) ;
|
||||
let rhs = e(&vk.g_y_t, &p.g_h_s) * e(&y_s, &vk.one_g2);
|
||||
|
||||
lhs == rhs
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user