Struct snarkvm_algorithms::snark::marlin::ahp::ahp::AHPForR1CS

source · 
pub struct AHPForR1CS<F: Field, MM: MarlinMode> { /* private fields */ }
Expand description

The algebraic holographic proof defined in CHMMVW19. Currently, this AHP only supports inputs of size one less than a power of 2 (i.e., of the form 2^n - 1).

Implementations§

source§

impl<F: PrimeField, MM: MarlinMode> AHPForR1CS<F, MM>

source

pub const LC_WITH_ZERO_EVAL: [&'static str; 2] = _

The linear combinations that are statically known to evaluate to zero. These correspond to the virtual commitments as noted in the Aleo marlin protocol docs

source

pub fn zk_bound() -> Option<usize>

source

pub fn num_formatted_public_inputs_is_admissible( num_inputs: usize ) -> Result<(), AHPError>

Check that the (formatted) public input is of the form 2^n for some integer n.

source

pub fn formatted_public_input_is_admissible(input: &[F]) -> Result<(), AHPError>

Check that the (formatted) public input is of the form 2^n for some integer n.

source

pub fn max_degree( num_constraints: usize, num_variables: usize, num_non_zero: usize ) -> Result<usize, AHPError>

The maximum degree of polynomials produced by the indexer and prover of this protocol. The number of the variables must include the “one” variable. That is, it must be with respect to the number of formatted public inputs.

source

pub fn get_degree_bounds(info: &CircuitInfo) -> [usize; 4]

Get all the strict degree bounds enforced in the AHP.

source

pub fn fft_precomputation( constraint_domain_size: usize, non_zero_a_domain_size: usize, non_zero_b_domain_size: usize, non_zero_c_domain_size: usize ) -> Option<(FFTPrecomputation<F>, IFFTPrecomputation<F>)>

source

pub fn construct_linear_combinations<E: EvaluationsProvider<F>>( public_inputs: &BTreeMap<CircuitId, Vec<Vec<F>>>, evals: &E, prover_third_message: &ThirdMessage<F>, state: &State<F, MM> ) -> Result<BTreeMap<String, LinearCombination<F>>, AHPError>

Construct the linear combinations that are checked by the AHP. Public input should be unformatted. We construct the linear combinations as per section 5 of our protocol documentation. We can distinguish between: (1) simple comitments: ${\cm{g_A}, \cm{g_B}, \cm{g_C}}$ and ${\cm{\hat{z}{B,i,j}}}{i \in {[\mathcal{D}]}}$, $\cm{g_1}$ (2) virtual commitments for the lincheck_sumcheck and matrix_sumcheck. These are linear combinations of the simple commitments

source§

impl<F: PrimeField, MM: MarlinMode> AHPForR1CS<F, MM>

source

pub fn index<C: ConstraintSynthesizer<F>>(c: &C) -> Result<Circuit<F, MM>>

Generate the index for this constraint system.

source

pub fn index_polynomial_info<'a>( circuit_ids: impl Iterator<Item = &'a CircuitId> + 'a ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

source

pub fn index_polynomial_labels<'a>( matrices: &'a [&str], ids: impl Iterator<Item = &'a CircuitId> + 'a ) -> impl Iterator<Item = PolynomialLabel> + 'a

source

pub fn evaluate_index_polynomials<C: ConstraintSynthesizer<F>>( c: &C, id: &CircuitId, point: F ) -> Result<impl Iterator<Item = F>, AHPError>

source§

impl<F: PrimeField, MM: MarlinMode> AHPForR1CS<F, MM>

source

pub fn num_first_round_oracles(total_batch_size: usize) -> usize

Output the number of oracles sent by the prover in the first round.

source

pub fn first_round_polynomial_info<'a>( circuits: impl Iterator<Item = (&'a CircuitId, &'a usize)> ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the first round.

source

pub fn prover_first_round<'a, R: RngCore>( state: State<'a, F, MM>, rng: &mut R ) -> Result<State<'a, F, MM>, AHPError>

Output the first round message and the next state.

source§

impl<F: PrimeField, MM: MarlinMode> AHPForR1CS<F, MM>

source

pub fn num_fourth_round_oracles() -> usize

Output the number of oracles sent by the prover in the third round.

source

pub fn prover_fourth_round<R: RngCore>( verifier_message: ThirdMessage<F>, state: State<'_, F, MM>, _r: &mut R ) -> Result<FourthOracles<F>, AHPError>

Output the fourth round message and the next state.

source

pub fn fourth_round_polynomial_info( ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the third round.

source§

impl<F: PrimeField, MM: MarlinMode> AHPForR1CS<F, MM>

source

pub fn num_second_round_oracles() -> usize

Output the number of oracles sent by the prover in the second round.

source

pub fn second_round_polynomial_info( constraint_domain_size: usize ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the first round.

source

pub fn prover_second_round<'a, R: RngCore>( verifier_message: &FirstMessage<F>, state: State<'a, F, MM>, _r: &mut R ) -> (SecondOracles<F>, State<'a, F, MM>)

Output the second round message and the next state.

source§

impl<F: PrimeField, MM: MarlinMode> AHPForR1CS<F, MM>

source

pub fn num_third_round_oracles(circuits: usize) -> usize

Output the number of oracles sent by the prover in the third round.

source

pub fn third_round_polynomial_info<'a>( circuits: impl Iterator<Item = (CircuitId, &'a CircuitInfo)> ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the third round.

source

pub fn prover_third_round<'a, R: RngCore>( verifier_message: &SecondMessage<F>, state: State<'a, F, MM>, _r: &mut R ) -> Result<(ThirdMessage<F>, ThirdOracles<F>, State<'a, F, MM>), AHPError>

Output the third round message and the next state.

source§

impl<F: PrimeField, MM: MarlinMode> AHPForR1CS<F, MM>

source

pub fn init_prover<'a, C: ConstraintSynthesizer<F>>( circuits_to_constraints: &BTreeMap<&'a Circuit<F, MM>, &[C]> ) -> Result<State<'a, F, MM>, AHPError>

Initialize the AHP prover.

source§

impl<TargetField: PrimeField, MM: MarlinMode> AHPForR1CS<TargetField, MM>

source

pub fn verifier_first_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( batch_sizes: &BTreeMap<CircuitId, usize>, circuit_infos: &BTreeMap<CircuitId, &CircuitInfo>, max_constraint_domain: EvaluationDomain<TargetField>, largest_non_zero_domain: EvaluationDomain<TargetField>, fs_rng: &mut R ) -> Result<(FirstMessage<TargetField>, State<TargetField, MM>), AHPError>

Output the first message and next round state.

source

pub fn verifier_second_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( state: State<TargetField, MM>, fs_rng: &mut R ) -> Result<(SecondMessage<TargetField>, State<TargetField, MM>), AHPError>

Output the second message and next round state.

source

pub fn verifier_third_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( state: State<TargetField, MM>, fs_rng: &mut R ) -> Result<(ThirdMessage<TargetField>, State<TargetField, MM>), AHPError>

Output the third message and next round state.

source

pub fn verifier_fourth_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( state: State<TargetField, MM>, fs_rng: &mut R ) -> Result<State<TargetField, MM>, AHPError>

Output the next round state.

source

pub fn verifier_query_set( state: State<TargetField, MM> ) -> (QuerySet<TargetField>, State<TargetField, MM>)

Output the query state and next round state.

Auto Trait Implementations§

§

impl<F, MM> RefUnwindSafe for AHPForR1CS<F, MM>where F: RefUnwindSafe, MM: RefUnwindSafe,

§

impl<F, MM> Send for AHPForR1CS<F, MM>

§

impl<F, MM> Sync for AHPForR1CS<F, MM>

§

impl<F, MM> Unpin for AHPForR1CS<F, MM>where F: Unpin, MM: Unpin,

§

impl<F, MM> UnwindSafe for AHPForR1CS<F, MM>where F: UnwindSafe, MM: UnwindSafe,

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T> Pointable for T

§

const ALIGN: usize = mem::align_of::<T>()

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V