github/zk-toolkit
1
1
Fork 0
mirror of https://github.com/exfinen/zk-toolkit.git synced 2026-01-09 12:07:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

add kc for v, w, y

Browse Source
This commit is contained in:
exfinen
2023-11-01 15:34:25 +09:00
parent eefac54238
commit a5059bbf5d
3 changed files with 52 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/zk/w_trusted_setup/pinocchio/crs.rs
View File

@@ -22,7 +22,7 @@ pub struct VerificationKeys {
pub one_g1: G1Point,
pub one_g2: G2Point,
pub alpha_v: G2Point,
pub alpha_w: G2Point,
pub alpha_w: G1Point,
pub alpha_y: G2Point,
pub gamma: G2Point,
pub beta_gamma: G2Point,
@@ -30,6 +30,9 @@ pub struct VerificationKeys {
pub vk_io: Vec<G1Point>,
pub wk_io: Vec<G2Point>,
pub yk_io: Vec<G1Point>,
pub alpha_v_t: G1Point,
pub alpha_y_t: G1Point,
}
pub struct CRS {
@@ -100,9 +103,9 @@ impl CRS {
println!("----> Computing verification keys...");
let one_g1 = g1 * f.elem(&1u8);
let one_g2 = g2 * f.elem(&1u8);
let alpha_v = g2 * alpha_v;
let alpha_w = g2 * alpha_w;
let alpha_y = g2 * alpha_y;
let alpha_v_pt = g2 * alpha_v;
let alpha_w = g1 * alpha_w;
let alpha_y_pt = g2 * alpha_y;
let gamma_pt = g2 * gamma;
let beta_gamma = g2 * gamma * beta;
@@ -123,18 +126,23 @@ impl CRS {
beta_vwy_k_mid,
};
let alpha_v_t: G1Point = &t * alpha_v;
let alpha_y_t: G1Point = &t * alpha_y;
let vk = VerificationKeys {
one_g1,
one_g2,
alpha_v,
alpha_v: alpha_v_pt,
alpha_w,
alpha_y,
alpha_y: alpha_y_pt,
gamma: gamma_pt,
beta_gamma,
t,
vk_io,
wk_io,
yk_io,
alpha_v_t,
alpha_y_t,
};
CRS {

11
src/zk/w_trusted_setup/pinocchio/pinocchio_prover.rs
View File

@@ -91,17 +91,16 @@ impl PinocchioProver {
println!("--> Generating proof...");
let witness_mid = &self.witness.mid();
let ek = &crs.ek;
let (ek, vk) = (&crs.ek, &crs.vk);
let delta_v = &self.f.rand_elem(true);
let delta_y = &self.f.rand_elem(true);
let t = &crs.vk.t;
let mut v_mid_s = t * delta_v; // randomize v
let mut v_mid_s = &vk.t * delta_v; // randomize v
let mut w_mid_s = G2Point::zero();
let mut y_mid_s = t * delta_y; // randomize y
let mut alpha_v_mid_s = t * delta_v; // G1Point::zero();
let mut y_mid_s = &vk.t * delta_y; // randomize y
let mut alpha_v_mid_s = &vk.alpha_v_t * delta_v;
let mut alpha_w_mid_s = G1Point::zero();
let mut alpha_y_mid_s = G1Point::zero();
let mut alpha_y_mid_s = &vk.alpha_y_t * delta_y;
let mut beta_vwy_mid_s = G1Point::zero();
for i in 0..witness_mid.size_in_usize() {

65
src/zk/w_trusted_setup/pinocchio/pinocchio_verifier.rs
View File

@@ -44,40 +44,41 @@ impl PinocchioVerifier {
// }
// KC of v, w and y
// {
// let lhs = e(&p.alpha_v_mid_s, &vk.one_g2);
// let rhs = e(&p.v_mid_s, &vk.alpha_v);
// if lhs != rhs { return false; }
// }
// {
// let lhs = e(&p.alpha_w_mid_s, &vk.one_g2);
// let rhs = e(&p.g1_w_mid_s, &vk.alpha_w);
// if lhs != rhs { return false; }
// }
// {
// let lhs = e(&p.alpha_y_mid_s, &vk.one_g2);
// let rhs = e(&p.y_mid_s, &vk.alpha_y);
// if lhs != rhs { return false; }
// }
{
let lhs = e(&p.alpha_v_mid_s, &vk.one_g2);
let rhs = e(&p.v_mid_s, &vk.alpha_v);
if lhs != rhs { return false; }
}
{
let lhs = e(&p.alpha_w_mid_s, &vk.one_g2);
let rhs = e(&vk.alpha_w, &p.w_mid_s);
if lhs != rhs { return false; }
}
{
let lhs = e(&p.alpha_y_mid_s, &vk.one_g2);
let rhs = e(&p.y_mid_s, &vk.alpha_y);
if lhs != rhs { return false; }
}
true
// QAP divisibility check
{
let mut v_s = p.v_mid_s.clone();
let mut w_s = p.w_mid_s.clone();
let mut y_s = p.y_mid_s.clone();
for i in 0..witness_io.size_in_usize() {
let w = &witness_io[&i];
v_s = v_s + &vk.vk_io[i] * w;
w_s = w_s + &vk.wk_io[i] * w;
y_s = y_s + &vk.yk_io[i] * w;
}
let lhs = e(&v_s, &w_s);
let rhs = e(&vk.t, &p.h_s) * e(&y_s, &vk.one_g2);
lhs == rhs
}
// {
// let mut v_s = p.v_mid_s.clone();
// let mut w_s = p.w_mid_s.clone();
// let mut y_s = p.y_mid_s.clone();
//
// for i in 0..witness_io.size_in_usize() {
// let w = &witness_io[&i];
// v_s = v_s + &vk.vk_io[i] * w;
// w_s = w_s + &vk.wk_io[i] * w;
// y_s = y_s + &vk.yk_io[i] * w;
// }
//
// let lhs = e(&v_s, &w_s);
// let rhs = e(&vk.t, &p.h_s) * e(&y_s, &vk.one_g2);
//
// lhs == rhs
// }
}
}