github/zk-toolkit
1
1
Fork 0
mirror of https://github.com/exfinen/zk-toolkit.git synced 2026-01-09 12:07:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
exfinen
2023-11-01 14:49:13 +09:00
parent dab0e5ec3c
commit eefac54238
4 changed files with 61 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/zk/w_trusted_setup/pinocchio/crs.rs
View File

@@ -9,8 +9,7 @@ use crate::{
pub struct EvaluationKeys {
pub vk_mid: Vec<G1Point>,
pub g1_wk_mid: Vec<G1Point>,
pub g2_wk_mid: Vec<G2Point>,
pub wk_mid: Vec<G2Point>,
pub yk_mid: Vec<G1Point>,
pub alpha_vk_mid: Vec<G1Point>,
pub alpha_wk_mid: Vec<G1Point>,
@@ -27,7 +26,7 @@ pub struct VerificationKeys {
pub alpha_y: G2Point,
pub gamma: G2Point,
pub beta_gamma: G2Point,
pub yt: G1Point,
pub t: G1Point,
pub vk_io: Vec<G1Point>,
pub wk_io: Vec<G2Point>,
pub yk_io: Vec<G1Point>,
@@ -79,8 +78,7 @@ impl CRS {
// compute evaluation keys
println!("----> Computing evaluation keys...");
let vk_mid: Vec<G1Point> = mid.iter().map(|i| { g1_v * &p.vi[*i].eval_at(s) }).collect();
let g1_wk_mid: Vec<G1Point> = mid.iter().map(|i| { g1_w * &p.wi[*i].eval_at(s) }).collect();
let g2_wk_mid: Vec<G2Point> = mid.iter().map(|i| { g2_w * &p.wi[*i].eval_at(s) }).collect();
let wk_mid: Vec<G2Point> = mid.iter().map(|i| { g2_w * &p.wi[*i].eval_at(s) }).collect();
let yk_mid: Vec<G1Point> = mid.iter().map(|i| { g_y * &p.yi[*i].eval_at(s) }).collect();
let alpha_vk_mid: Vec<G1Point> = mid.iter().map(|i| { g1_v * alpha_v * &p.vi[*i].eval_at(s) }).collect();
@@ -88,7 +86,6 @@ impl CRS {
let alpha_yk_mid: Vec<G1Point> = mid.iter().map(|i| { g_y * alpha_y * &p.yi[*i].eval_at(s) }).collect();
let s_pows = &s.pow_seq(&p.max_degree);
//let g1_si: Vec<G1Point> = s_pows.iter().map(|pow| { g1 * pow }).collect();
let si: Vec<G2Point> = s_pows.iter().map(|pow| { g2 * pow }).collect();
let beta_vwy_k_mid: Vec<G1Point> = {
@@ -109,7 +106,7 @@ impl CRS {
let gamma_pt = g2 * gamma;
let beta_gamma = g2 * gamma * beta;
let yt = g_y * p.t.eval_at(s);
let t = g_y * p.t.eval_at(s);
let vk_io: Vec<G1Point> = io.iter().map(|i| { g1_v * &p.vi[*i].eval_at(s) }).collect();
let wk_io: Vec<G2Point> = io.iter().map(|i| { g2_w * &p.wi[*i].eval_at(s) }).collect();
@@ -117,8 +114,7 @@ impl CRS {
let ek = EvaluationKeys {
vk_mid,
g1_wk_mid,
g2_wk_mid,
wk_mid,
yk_mid,
alpha_vk_mid,
alpha_wk_mid,
@@ -135,7 +131,7 @@ impl CRS {
alpha_y,
gamma: gamma_pt,
beta_gamma,
yt,
t,
vk_io,
wk_io,
yk_io,

3
src/zk/w_trusted_setup/pinocchio/pinocchio_proof.rs
View File

@@ -5,8 +5,7 @@ use crate::building_block::curves::bls12_381::{
pub struct PinocchioProof {
pub v_mid_s: G1Point,
pub g1_w_mid_s: G1Point,
pub g2_w_mid_s: G2Point,
pub w_mid_s: G2Point,
pub y_mid_s: G1Point,
pub h_s: G2Point,

32
src/zk/w_trusted_setup/pinocchio/pinocchio_prover.rs
View File

@@ -92,12 +92,14 @@ impl PinocchioProver {
let witness_mid = &self.witness.mid();
let ek = &crs.ek;
let delta_v = &self.f.rand_elem(true);
let delta_y = &self.f.rand_elem(true);
let t = &crs.vk.t;
let mut v_mid_s = G1Point::zero();
let mut g1_w_mid_s = G1Point::zero();
let mut g2_w_mid_s = G2Point::zero();
let mut y_mid_s = G1Point::zero();
let mut alpha_v_mid_s = G1Point::zero();
let mut v_mid_s = t * delta_v; // randomize v
let mut w_mid_s = G2Point::zero();
let mut y_mid_s = t * delta_y; // randomize y
let mut alpha_v_mid_s = t * delta_v; // G1Point::zero();
let mut alpha_w_mid_s = G1Point::zero();
let mut alpha_y_mid_s = G1Point::zero();
let mut beta_vwy_mid_s = G1Point::zero();
@@ -106,8 +108,7 @@ impl PinocchioProver {
let w = &witness_mid[&i];
v_mid_s = &v_mid_s + &ek.vk_mid[i] * w;
g1_w_mid_s = &g1_w_mid_s + &ek.g1_wk_mid[i] * w;
g2_w_mid_s = &g2_w_mid_s + &ek.g2_wk_mid[i] * w;
w_mid_s = &w_mid_s + &ek.wk_mid[i] * w;
y_mid_s = &y_mid_s + &ek.yk_mid[i] * w;
alpha_v_mid_s = &alpha_v_mid_s + &ek.alpha_vk_mid[i] * w;
@@ -117,20 +118,27 @@ impl PinocchioProver {
beta_vwy_mid_s = &beta_vwy_mid_s + &ek.beta_vwy_k_mid[i] * w;
}
let h_s = {
let adj_h_s = {
let h = match self.p.divide_by(&self.t) {
DivResult::Quotient(q) => q,
_ => panic!("p should be divisible by t"),
};
h.eval_with_g2_hidings(&ek.si)
let h_s = h.eval_with_g2_hidings(&ek.si);
let witness_io = &self.witness.io();
let mut w_s = w_mid_s.clone();
for i in 0..crs.vk.wk_io.len() {
w_s = &w_s + &crs.vk.wk_io[i] * &witness_io[&i];
}
h_s + w_s * delta_v + -(&crs.vk.one_g2 * delta_y)
};
PinocchioProof {
v_mid_s,
g1_w_mid_s,
g2_w_mid_s,
w_mid_s,
y_mid_s,
h_s,
h_s: adj_h_s,
alpha_v_mid_s,
alpha_w_mid_s,
alpha_y_mid_s,

75
src/zk/w_trusted_setup/pinocchio/pinocchio_verifier.rs
View File

@@ -1,11 +1,8 @@
use crate::{
building_block::{
curves::bls12_381::{
g1_point::G1Point,
g2_point::G2Point,
pairing::Pairing,
},
zero::Zero,
building_block::curves::bls12_381::{
g1_point::G1Point,
g2_point::G2Point,
pairing::Pairing,
},
zk::w_trusted_setup::pinocchio::{
crs::CRS,
@@ -39,49 +36,45 @@ impl PinocchioVerifier {
let (p, vk) = (&proof, &crs.vk);
// KC of v * w * y
{
let vwd_mid_s = &p.v_mid_s + &p.g1_w_mid_s + &p.y_mid_s;
let lhs = e(&p.beta_vwy_mid_s, &vk.gamma);
let rhs = e(&vwd_mid_s, &vk.beta_gamma);
if lhs != rhs { return false; }
}
// {
// let vwd_mid_s = &p.v_mid_s + &p.g1_w_mid_s + &p.y_mid_s;
// let lhs = e(&p.beta_vwy_mid_s, &vk.gamma);
// let rhs = e(&vwd_mid_s, &vk.beta_gamma);
// if lhs != rhs { return false; }
// }
// KC of v, w and y
{
let lhs = e(&p.alpha_v_mid_s, &vk.one_g2);
let rhs = e(&p.v_mid_s, &vk.alpha_v);
if lhs != rhs { return false; }
}
{
let lhs = e(&p.alpha_w_mid_s, &vk.one_g2);
let rhs = e(&p.g1_w_mid_s, &vk.alpha_w);
if lhs != rhs { return false; }
}
{
let lhs = e(&p.alpha_y_mid_s, &vk.one_g2);
let rhs = e(&p.y_mid_s, &vk.alpha_y);
if lhs != rhs { return false; }
}
// {
// let lhs = e(&p.alpha_v_mid_s, &vk.one_g2);
// let rhs = e(&p.v_mid_s, &vk.alpha_v);
// if lhs != rhs { return false; }
// }
// {
// let lhs = e(&p.alpha_w_mid_s, &vk.one_g2);
// let rhs = e(&p.g1_w_mid_s, &vk.alpha_w);
// if lhs != rhs { return false; }
// }
// {
// let lhs = e(&p.alpha_y_mid_s, &vk.one_g2);
// let rhs = e(&p.y_mid_s, &vk.alpha_y);
// if lhs != rhs { return false; }
// }
// QAP divisibility check
{
let mut v_io: G1Point = G1Point::zero();
let mut w_io: G2Point = G2Point::zero();
let mut y_io: G1Point = G1Point::zero();
let mut v_s = p.v_mid_s.clone();
let mut w_s = p.w_mid_s.clone();
let mut y_s = p.y_mid_s.clone();
for i in 0..witness_io.size_in_usize() {
let w = &witness_io[&i];
v_io = v_io + &vk.vk_io[i] * w;
w_io = w_io + &vk.wk_io[i] * w;
y_io = y_io + &vk.yk_io[i] * w;
v_s = v_s + &vk.vk_io[i] * w;
w_s = w_s + &vk.wk_io[i] * w;
y_s = y_s + &vk.yk_io[i] * w;
}
let v_s = &v_io + &p.v_mid_s;
let w_s = &w_io + &p.g2_w_mid_s;
let y_s = &y_io + &p.y_mid_s;
let lhs = e(&v_s, &w_s) ;
let rhs = e(&vk.yt, &p.h_s) * e(&y_s, &vk.one_g2);
let lhs = e(&v_s, &w_s);
let rhs = e(&vk.t, &p.h_s) * e(&y_s, &vk.one_g2);
lhs == rhs
}