forked from w3f/apk-proofs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
lib.rs
145 lines (117 loc) · 4.02 KB
/
lib.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
//! Succinct proofs of a BLS public key being an aggregate key of a subset of signers given a commitment to the set of all signers' keys
use ark_bls12_377::G1Affine;
use ark_bw6_761::{BW6_761, Fr};
use ark_ec::CurveGroup;
use ark_ff::MontFp;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use fflonk::pcs::kzg::KZG;
pub use bitmask::Bitmask;
pub use keyset::{Keyset, KeysetCommitment};
use crate::piop::{RegisterCommitments, RegisterEvaluations};
use crate::piop::affine_addition::{PartialSumsAndBitmaskCommitments, PartialSumsCommitments};
use crate::piop::basic::AffineAdditionEvaluationsWithoutBitmask;
use crate::piop::bitmask_packing::{BitmaskPackingCommitments, SuccinctAccountableRegisterEvaluations};
use crate::piop::counting::{CountingCommitments, CountingEvaluations};
pub use self::prover::*;
pub use self::verifier::*;
mod prover;
mod verifier;
pub mod endo;
pub mod utils;
pub mod bls;
mod transcript;
mod fsrng;
pub mod domains;
mod piop;
pub mod setup;
mod bitmask;
mod keyset;
pub mod test_helpers; //TODO: cfgtest
type NewKzgBw6 = KZG<BW6_761>;
// TODO: 1. From trait?
// TODO: 2. remove refs/clones
pub trait PublicInput : CanonicalSerialize + CanonicalDeserialize {
fn new(apk: &G1Affine, bitmask: &Bitmask) -> Self;
}
// Used in 'basic' and 'packed' schemes
#[derive(CanonicalSerialize, CanonicalDeserialize)]
pub struct AccountablePublicInput {
pub apk: G1Affine,
pub bitmask: Bitmask,
}
impl PublicInput for AccountablePublicInput {
fn new(apk: &G1Affine, bitmask: &Bitmask) -> Self {
AccountablePublicInput {
apk: apk.clone(),
bitmask: bitmask.clone(),
}
}
}
// Used in 'counting' scheme
#[derive(CanonicalSerialize, CanonicalDeserialize)]
pub struct CountingPublicInput {
pub apk: G1Affine,
pub count: usize,
}
impl PublicInput for CountingPublicInput {
fn new(apk: &G1Affine, bitmask: &Bitmask) -> Self {
CountingPublicInput {
apk: apk.clone(),
count: bitmask.count_ones(),
}
}
}
#[derive(CanonicalSerialize, CanonicalDeserialize)]
pub struct Proof<E: RegisterEvaluations, C: RegisterCommitments, AC: RegisterCommitments> {
register_commitments: C,
// 2nd round commitments, used in "packed" scheme after get the bitmask aggregation challenge is received
additional_commitments: AC,
// Prover receives \phi, the constraint polynomials batching challenge, here
q_comm: ark_bw6_761::G1Affine,
// Prover receives \zeta, the evaluation point challenge, here
register_evaluations: E,
q_zeta: Fr,
r_zeta_omega: Fr,
// Prover receives \nu, the KZG opening batching challenge, here
w_at_zeta_proof: ark_bw6_761::G1Affine,
r_at_zeta_omega_proof: ark_bw6_761::G1Affine,
}
pub type SimpleProof = Proof<AffineAdditionEvaluationsWithoutBitmask, PartialSumsCommitments, ()>;
pub type PackedProof = Proof<SuccinctAccountableRegisterEvaluations, PartialSumsAndBitmaskCommitments, BitmaskPackingCommitments>;
pub type CountingProof = Proof<CountingEvaluations, CountingCommitments, ()>;
const H_X: Fr = MontFp!("0");
const H_Y: Fr = MontFp!("1");
fn point_in_g1_complement() -> ark_bls12_377::G1Affine {
ark_bls12_377::G1Affine::new_unchecked(H_X, H_Y)
}
// TODO: switch to better hash to curve when available
pub fn hash_to_curve<G: CurveGroup>(message: &[u8]) -> G {
use blake2::Digest;
use ark_std::rand::SeedableRng;
let seed = blake2::Blake2s::digest(message);
let rng = &mut rand::rngs::StdRng::from_seed(seed.into());
G::rand(rng)
}
#[cfg(test)]
mod tests {
use crate::test_helpers;
use super::*;
#[test]
fn h_is_not_in_g1() {
let h = point_in_g1_complement();
assert!(h.is_on_curve());
assert!(!h.is_in_correct_subgroup_assuming_on_curve());
}
#[test]
fn test_simple_scheme() {
test_helpers::test_simple_scheme(8);
}
#[test]
fn test_packed_scheme() {
test_helpers::test_packed_scheme(8);
}
#[test]
fn test_counting_scheme() {
test_helpers::test_counting_scheme(8);
}
}