Struct snarkvm_algorithms::snark::varuna::ahp::ahp::AHPForR1CS

pub struct AHPForR1CS<F: Field, SM: SNARKMode> { /* private fields */ }

The algebraic holographic proof defined in CHMMVW19. Currently, this AHP only supports inputs of size one less than a power of 2 (i.e., of the form 2^n - 1).

Implementations

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub const LC_WITH_ZERO_EVAL: [&'static str; 3] = _

The linear combinations that are statically known to evaluate to zero. These correspond to the virtual commitments as noted in the Aleo varuna protocol docs

pub fn zk_bound() -> Option<usize>

pub fn num_formatted_public_inputs_is_admissible( num_inputs: usize ) -> Result<(), AHPError>

Check that the (formatted) public input is of the form 2^n for some integer n.

pub fn formatted_public_input_is_admissible(input: &[F]) -> Result<(), AHPError>

Check that the (formatted) public input is of the form 2^n for some integer n.

pub fn max_degree( num_constraints: usize, num_variables: usize, num_non_zero: usize ) -> Result<usize, AHPError>

The maximum degree of polynomials produced by the indexer and prover of this protocol. The number of the variables must include the “one” variable. That is, it must be with respect to the number of formatted public inputs.

pub fn get_degree_bounds(info: &CircuitInfo) -> [usize; 4]

Get all the strict degree bounds enforced in the AHP.

pub fn fft_precomputation( constraint_domain_size: usize, variable_domain_size: usize, non_zero_a_domain_size: usize, non_zero_b_domain_size: usize, non_zero_c_domain_size: usize ) -> Option<(FFTPrecomputation<F>, IFFTPrecomputation<F>)>

pub fn construct_linear_combinations<E: EvaluationsProvider<F>>( public_inputs: &BTreeMap<CircuitId, Vec<Vec<F>>>, evals: &E, prover_third_message: &ThirdMessage<F>, prover_fourth_message: &FourthMessage<F>, state: &State<F, SM> ) -> Result<BTreeMap<String, LinearCombination<F>>, AHPError>

Construct the linear combinations that are checked by the AHP. Public input should be unformatted. We construct the linear combinations as per section 5 of our protocol documentation. We can distinguish between: (1) simple comitments: ${\cm{g_A}, \cm{g_B}, \cm{g_C}}$ and ${\cm{\hat{z}{B,i,j}}}{i \in {[\mathcal{D}]}}$, $\cm{g_1}$ (2) virtual commitments for the lincheck_sumcheck and matrix_sumcheck. These are linear combinations of the simple commitments

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub fn index<C: ConstraintSynthesizer<F>>(c: &C) -> Result<Circuit<F, SM>>

Generate the index polynomials for this constraint system.

pub fn index_polynomial_info<'a>( circuit_ids: impl Iterator<Item = &'a CircuitId> + 'a ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

pub fn index_polynomial_labels<'a>( matrices: &'a [&str], ids: impl Iterator<Item = &'a CircuitId> + 'a ) -> impl Iterator<Item = PolynomialLabel> + 'a

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub const fn num_fifth_round_oracles() -> usize

Output the number of oracles sent by the prover in this round.

pub fn prover_fifth_round<R: RngCore>( verifier_message: FourthMessage<F>, state: State<'_, F, SM>, _r: &mut R ) -> Result<FifthOracles<F>, AHPError>

Output the fifth round message and the next state.

pub fn fifth_round_polynomial_info( ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the last round.

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub fn num_first_round_oracles(total_batch_size: usize) -> usize

Output the number of oracles sent by the prover in the first round.

pub fn first_round_polynomial_info<'a>( circuits: impl Iterator<Item = (&'a CircuitId, &'a usize)> ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the first round.

pub fn prover_first_round<'a, R: RngCore>( state: State<'a, F, SM>, rng: &mut R ) -> Result<State<'a, F, SM>, AHPError>

Output the first round message and the next state.

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub const fn num_fourth_round_oracles(circuits: usize) -> usize

Output the number of oracles sent by the prover in the fourth round.

pub fn fourth_round_polynomial_info<'a>( circuits: impl Iterator<Item = (CircuitId, &'a CircuitInfo)> ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the fourth round.

pub fn prover_fourth_round<'a, R: RngCore>( second_message: &SecondMessage<F>, third_message: &ThirdMessage<F>, state: State<'a, F, SM>, _r: &mut R ) -> Result<(FourthMessage<F>, FourthOracles<F>, State<'a, F, SM>), AHPError>

Output the fourth round message and the next state.

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub const fn num_second_round_oracles() -> usize

Output the number of oracles sent by the prover in the second round.

pub fn second_round_polynomial_info( ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the second round.

pub fn prover_second_round<'a, R: RngCore>( verifier_message: &FirstMessage<F>, state: State<'a, F, SM>, _r: &mut R ) -> Result<(SecondOracles<F>, State<'a, F, SM>)>

Output the second round message and the next state.

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub const fn num_third_round_oracles() -> usize

Output the number of oracles sent by the prover in the third round.

pub fn third_round_polynomial_info( variable_domain_size: usize ) -> BTreeMap<PolynomialLabel, PolynomialInfo>

Output the degree bounds of oracles in the first round.

pub fn prover_third_round<'a, R: RngCore>( verifier_message: &FirstMessage<F>, verifier_second_message: &SecondMessage<F>, state: State<'a, F, SM>, _r: &mut R ) -> Result<(ThirdMessage<F>, ThirdOracles<F>, State<'a, F, SM>), AHPError>

Output the third round message and the next state.

impl<F: PrimeField, SM: SNARKMode> AHPForR1CS<F, SM>

pub fn init_prover<'a, C: ConstraintSynthesizer<F>, R: Rng + CryptoRng>( circuits_to_constraints: &BTreeMap<&'a Circuit<F, SM>, &[C]>, rng: &mut R ) -> Result<State<'a, F, SM>, AHPError>

Initialize the AHP prover.

impl<TargetField: PrimeField, SM: SNARKMode> AHPForR1CS<TargetField, SM>

pub fn verifier_first_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( batch_sizes: &BTreeMap<CircuitId, usize>, circuit_infos: &BTreeMap<CircuitId, &CircuitInfo>, max_constraint_domain: EvaluationDomain<TargetField>, max_variable_domain: EvaluationDomain<TargetField>, max_non_zero_domain: EvaluationDomain<TargetField>, fs_rng: &mut R ) -> Result<(FirstMessage<TargetField>, State<TargetField, SM>), AHPError>

Output the first message and next round state.

pub fn verifier_second_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( state: State<TargetField, SM>, fs_rng: &mut R ) -> Result<(SecondMessage<TargetField>, State<TargetField, SM>), AHPError>

Output the second message and next round state.

pub fn verifier_third_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( state: State<TargetField, SM>, fs_rng: &mut R ) -> Result<(ThirdMessage<TargetField>, State<TargetField, SM>), AHPError>

Output the third message and next round state.

pub fn verifier_fourth_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( state: State<TargetField, SM>, fs_rng: &mut R ) -> Result<(FourthMessage<TargetField>, State<TargetField, SM>), AHPError>

Output the fourth message and next round state.

pub fn verifier_fifth_round<BaseField: PrimeField, R: AlgebraicSponge<BaseField, 2>>( state: State<TargetField, SM>, fs_rng: &mut R ) -> Result<State<TargetField, SM>, AHPError>

Output the next round state.

pub fn verifier_query_set( state: State<TargetField, SM> ) -> (QuerySet<TargetField>, State<TargetField, SM>)

Output the query state and next round state.