diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/algorithms/pair.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/algorithms/pair.hpp index 2e11ff807d..93b4db9cb8 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/algorithms/pair.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/algorithms/pair.hpp @@ -28,32 +28,12 @@ #include +#include + namespace nil { namespace crypto3 { namespace algebra { - // template - // typename PairingCurveType::pairing::affine_ate_g1_precomp - // affine_ate_precompute_g1(const typename PairingCurveType::pairing::g1_type::value_type &P) { - - // return PairingCurveType::pairing::affine_ate_precompute_g1(P); - // } - - // template - // typename PairingCurveType::pairing::affine_ate_g2_precomp - // affine_ate_precompute_g2(const typename PairingCurveType::pairing::g2_type::value_type &P) { - - // return PairingCurveType::pairing::affine_ate_precompute_g2(P); - // } - - // template - // typename PairingCurveType::pairing::gt_type::value_type - // affine_ate_miller_loop(const typename PairingCurveType::pairing::affine_ate_g1_precomp &prec_P, - // const typename PairingCurveType::pairing::affine_ate_g2_precomp &prec_Q) { - - // return PairingCurveType::pairing::affine_ate_miller_loop(prec_P, prec_Q); - // } - template> typename PairingPolicy::g1_precomputed_type precompute_g1(const typename PairingCurveType::template g1_type<>::value_type &P) { @@ -89,7 +69,7 @@ namespace nil { #endif template> - typename PairingCurveType::gt_type::value_type + std::optional pair_reduced(const typename PairingCurveType::template g1_type<>::value_type &v1, const typename PairingCurveType::template g2_type<>::value_type &v2) { @@ -111,7 +91,7 @@ namespace nil { } template> - typename PairingCurveType::gt_type::value_type + std::optional final_exponentiation(const typename PairingCurveType::gt_type::value_type &elt) { return PairingPolicy::final_exponentiation::process(elt); diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/alt_bn128/254/short_weierstrass_params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/alt_bn128/254/short_weierstrass_params.hpp index 182890a06c..dd1cafa846 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/alt_bn128/254/short_weierstrass_params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/alt_bn128/254/short_weierstrass_params.hpp @@ -43,12 +43,11 @@ namespace nil { using base_field_type = typename alt_bn128_types<254>::base_field_type; using scalar_field_type = typename alt_bn128_types<254>::scalar_field_type; - constexpr static const typename alt_bn128_types<254>::integral_type a = - typename alt_bn128_types<254>::integral_type( - 0x00); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename alt_bn128_types<254>::integral_type b = - typename alt_bn128_types<254>::integral_type( - 0x03); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename alt_bn128_types<254>::base_field_type::value_type + a = 0x00; + constexpr static const typename alt_bn128_types<254>::base_field_type::value_type + b = 0x03; }; template<> @@ -104,9 +103,9 @@ namespace nil { 0x90689D0585FF075EC9E99AD690C3395BC4B313370B38EF355ACDADCD122975B_cppui_modular254)}; }; - constexpr typename alt_bn128_types<254>::integral_type const + constexpr typename alt_bn128_types<254>::base_field_type::value_type const alt_bn128_params<254, forms::short_weierstrass>::a; - constexpr typename alt_bn128_types<254>::integral_type const + constexpr typename alt_bn128_types<254>::base_field_type::value_type const alt_bn128_params<254, forms::short_weierstrass>::b; constexpr std::array< diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/babyjubjub/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/babyjubjub/params.hpp index 8bd22b5027..70aa0e6550 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/babyjubjub/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/babyjubjub/params.hpp @@ -42,18 +42,18 @@ namespace nil { using scalar_field_type = typename babyjubjub_types::scalar_field_type; // Edwards representation constants a and d - constexpr static const typename babyjubjub_types::integral_type + constexpr static const typename babyjubjub_types::base_field_type::value_type a = ///< twisted Edwards elliptic curve 0x292FC_cppui_modular18; ///< described by equation ax^2 + y^2 = 1 + dx^2y^2 - constexpr static const typename babyjubjub_types::integral_type + constexpr static const typename babyjubjub_types::base_field_type::value_type d = ///< twisted Edwards elliptic curve 0x292F8_cppui_modular18; ///< described by equation ax^2 + y^2 = 1 + dx^2y^2 }; constexpr - typename babyjubjub_types::integral_type const babyjubjub_params::a; + typename babyjubjub_types::base_field_type::value_type const babyjubjub_params::a; constexpr - typename babyjubjub_types::integral_type const babyjubjub_params::d; + typename babyjubjub_types::base_field_type::value_type const babyjubjub_params::d; template<> struct babyjubjub_params { @@ -61,16 +61,16 @@ namespace nil { using scalar_field_type = typename babyjubjub_types::scalar_field_type; // Montgomery representation constants A and B - constexpr static const typename babyjubjub_types::integral_type + constexpr static const typename babyjubjub_types::base_field_type::value_type A = ///< Montgomery elliptic curve 0x292FA_cppui_modular18; ///< described by equation b*y^2 = x^3 + a*x^2 + x - constexpr static const typename babyjubjub_types::integral_type + constexpr static const typename babyjubjub_types::base_field_type::value_type B = ///< Montgomery elliptic curve 0x01; ///< described by equation b*y^2 = x^3 + a*x^2 + x }; - constexpr typename babyjubjub_types::integral_type const babyjubjub_params::A; - constexpr typename babyjubjub_types::integral_type const babyjubjub_params::B; + constexpr typename babyjubjub_types::base_field_type::value_type const babyjubjub_params::A; + constexpr typename babyjubjub_types::base_field_type::value_type const babyjubjub_params::B; template<> struct babyjubjub_g1_params diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/377/short_weierstrass_params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/377/short_weierstrass_params.hpp index 3decc06905..be2827e9c1 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/377/short_weierstrass_params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/377/short_weierstrass_params.hpp @@ -43,12 +43,11 @@ namespace nil { using base_field_type = typename bls12_types<377>::base_field_type; using scalar_field_type = typename bls12_types<377>::scalar_field_type; - constexpr static const typename bls12_types<377>::integral_type a = - typename bls12_types<377>::integral_type( - 0x00); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename bls12_types<377>::integral_type b = - typename bls12_types<377>::integral_type( - 0x01); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename bls12_types<377>::base_field_type::value_type + a = 0x00; + constexpr static const typename bls12_types<377>::base_field_type::value_type + b = 0x01; }; template<> @@ -109,9 +108,9 @@ namespace nil { }; constexpr - typename bls12_types<377>::integral_type const bls12_params<377, forms::short_weierstrass>::a; + typename bls12_types<377>::base_field_type::value_type const bls12_params<377, forms::short_weierstrass>::a; constexpr - typename bls12_types<377>::integral_type const bls12_params<377, forms::short_weierstrass>::b; + typename bls12_types<377>::base_field_type::value_type const bls12_params<377, forms::short_weierstrass>::b; constexpr std::array< typename bls12_g1_params<377, forms::short_weierstrass>::field_type::value_type, diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/381/short_weierstrass_params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/381/short_weierstrass_params.hpp index 3a79fd35ea..2b75c6a8ce 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/381/short_weierstrass_params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/bls12/381/short_weierstrass_params.hpp @@ -43,12 +43,11 @@ namespace nil { using base_field_type = typename bls12_types<381>::base_field_type; using scalar_field_type = typename bls12_types<381>::scalar_field_type; - constexpr static const typename bls12_types<381>::integral_type a = - typename bls12_types<381>::integral_type( - 0x00); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename bls12_types<381>::integral_type b = - typename bls12_types<381>::integral_type( - 0x04); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename bls12_types<381>::base_field_type::value_type + a = 0x00; + constexpr static const typename bls12_types<381>::base_field_type::value_type + b = 0x04; }; template<> @@ -109,9 +108,9 @@ namespace nil { }; constexpr - typename bls12_types<381>::integral_type const bls12_params<381, forms::short_weierstrass>::a; + typename bls12_types<381>::base_field_type::value_type const bls12_params<381, forms::short_weierstrass>::a; constexpr - typename bls12_types<381>::integral_type const bls12_params<381, forms::short_weierstrass>::b; + typename bls12_types<381>::base_field_type::value_type const bls12_params<381, forms::short_weierstrass>::b; constexpr typename bls12_g2_params<381, forms::short_weierstrass>::field_type::value_type const bls12_g2_params<381, forms::short_weierstrass>::b; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/curve25519/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/curve25519/params.hpp index 6f4e5f972a..2b494f73cf 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/curve25519/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/curve25519/params.hpp @@ -83,20 +83,14 @@ namespace nil { using scalar_field_type = typename curve25519_types::scalar_field_type; #ifdef __ZKLLVM__ #else - constexpr static typename curve25519_types::integral_type a = typename curve25519_types::integral_type( - 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec_cppui_modular255); ///< coefficient - ///< of - ///< Twisted - ///< Edwards - ///< curves - ///< $a*x^2+y^2=1+d*x^2*y^2$ - constexpr static typename curve25519_types::integral_type d = typename curve25519_types::integral_type( - 0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3_cppui_modular255); ///< coefficient - ///< of - ///< Twisted - ///< Edwards - ///< curves - ///< $a*x^2+y^2=1+d*x^2*y^2$ + /* Coefficients of Twisted Edwards form: + * a*x^2 + y^2 = 1 + d * x^2 * y^2 + * a = -1, d = -121665/121666 + * */ + constexpr static typename base_field_type::value_type a = + base_field_type::modulus - 1; + constexpr static typename base_field_type::value_type d = + - base_field_type::value_type(121665) / base_field_type::value_type(121666); #endif }; @@ -136,8 +130,8 @@ namespace nil { constexpr std::array::field_type::value_type, 2> curve25519_g1_params::one_fill; - constexpr typename curve25519_types::integral_type curve25519_params::a; - constexpr typename curve25519_types::integral_type curve25519_params::d; + constexpr typename curve25519_types::base_field_type::value_type curve25519_params::a; + constexpr typename curve25519_types::base_field_type::value_type curve25519_params::d; constexpr std::array::field_type::value_type, 2> diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/montgomery/element_g1_affine.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/montgomery/element_g1_affine.hpp index 2e4df89d8b..8139ee992b 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/montgomery/element_g1_affine.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/montgomery/element_g1_affine.hpp @@ -273,16 +273,20 @@ namespace nil { * @return doubled element from group G1 */ constexpr void double_inplace() { - if ( 2 * params_type::B * this->Y == field_value_type::zero() ) { + const field_value_type two(2u); + const field_value_type twoBY = two * params_type::B * this->Y; + + if ( twoBY == field_value_type::zero() ) { this->is_inf_point = true; + return; } + if (!this->is_zero()) { - const field_value_type two(2u); const field_value_type three(3u); const field_value_type A(params_type::A); const field_value_type B(params_type::B); - const field_value_type temp1i = (two * B * this->Y).inversed(); + const field_value_type temp1i = twoBY.inversed(); const field_value_type temp2 = three * this->X.squared() + two * A * this->X + field_value_type::one(); const field_value_type temp1i_sqr = temp1i.squared(); diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/twisted_edwards/extended_with_a_minus_1/element_g1.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/twisted_edwards/extended_with_a_minus_1/element_g1.hpp index e963914b47..3d4f9213ea 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/twisted_edwards/extended_with_a_minus_1/element_g1.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/forms/twisted_edwards/extended_with_a_minus_1/element_g1.hpp @@ -229,10 +229,6 @@ namespace nil { return *this; } - static curve_element from_affine(curve_element const &other) { - return curve_element(other.X, other.Y, other.X*other.Y, field_value_type::one()); - } - template constexpr const curve_element& operator=( diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_iso_map.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_iso_map.hpp index 559116ce44..72f6b766bb 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_iso_map.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_iso_map.hpp @@ -51,8 +51,7 @@ namespace nil { typedef typename suite_type::field_value_type field_value_type; typedef typename suite_type::integral_type integral_type; - // TODO: change integral_type on field_value_type when constexpr will be finished - constexpr static std::array k_x_num = { + constexpr static std::array k_x_num = { 0x11a05f2b1e833340b809101dd99815856b303e88a2d7005ff2627b56cdb4e2c85610c2d5f2e62d6eaeac1662734649b7_cppui_modular381, 0x17294ed3e943ab2f0588bab22147a81c7c17e75b2f6a8417f565e33c70d1e86b4838f2a6f318c356e834eef1b3cb83bb_cppui_modular381, 0xd54005db97678ec1d1048c5d10a9a1bce032473295983e56878e501ec68e25c958c3e3d2a09729fe0179f9dac9edcb0_cppui_modular381, @@ -66,7 +65,7 @@ namespace nil { 0x10321da079ce07e272d8ec09d2565b0dfa7dccdde6787f96d50af36003b14866f69b771f8c285decca67df3f1605fb7b_cppui_modular381, 0x6e08c248e260e70bd1e962381edee3d31d79d7e22c837bc23c0bf1bc24c6b68c24b1b80b64d391fa9c8ba2e8ba2d229_cppui_modular381}; - constexpr static std::array k_x_den = { + constexpr static std::array k_x_den = { 0x8ca8d548cff19ae18b2e62f4bd3fa6f01d5ef4ba35b48ba9c9588617fc8ac62b558d681be343df8993cf9fa40d21b1c_cppui_modular381, 0x12561a5deb559c4348b4711298e536367041e8ca0cf0800c0126c2588c48bf5713daa8846cb026e9e5c8276ec82b3bff_cppui_modular381, 0xb2962fe57a3225e8137e629bff2991f6f89416f5a718cd1fca64e00b11aceacd6a3d0967c94fedcfcc239ba5cb83e19_cppui_modular381, @@ -78,7 +77,7 @@ namespace nil { 0xa10ecf6ada54f825e920b3dafc7a3cce07f8d1d7161366b74100da67f39883503826692abba43704776ec3a79a1d641_cppui_modular381, 0x95fc13ab9e92ad4476d6e3eb3a56680f682b4ee96f7d03776df533978f31c1593174e4b4b7865002d6384d168ecdd0a_cppui_modular381}; - constexpr static std::array k_y_num = { + constexpr static std::array k_y_num = { 0x90d97c81ba24ee0259d1f094980dcfa11ad138e48a869522b52af6c956543d3cd0c7aee9b3ba3c2be9845719707bb33_cppui_modular381, 0x134996a104ee5811d51036d776fb46831223e96c254f383d0f906343eb67ad34d6c56711962fa8bfe097e75a2e41c696_cppui_modular381, 0xcc786baa966e66f4a384c86a3b49942552e2d658a31ce2c344be4b91400da7d26d521628b00523b8dfe240c72de1f6_cppui_modular381, @@ -96,7 +95,7 @@ namespace nil { 0x5c129645e44cf1102a159f748c4a3fc5e673d81d7e86568d9ab0f5d396a7ce46ba1049b6579afb7866b1e715475224b_cppui_modular381, 0x15e6be4e990f03ce4ea50b3b42df2eb5cb181d8f84965a3957add4fa95af01b2b665027efec01c7704b456be69c8b604_cppui_modular381}; - constexpr static std::array k_y_den = { + constexpr static std::array k_y_den = { 0x16112c4c3a9c98b252181140fad0eae9601a6de578980be6eec3232b5be72e7a07f3688ef60c206d01479253b03663c1_cppui_modular381, 0x1962d75c2381201e1a0cbd6c43c348b885c84ff731c4d59ca4a10356f453e01f78a4260763529e3532f6102c2e49a03d_cppui_modular381, 0x58df3306640da276faaae7d6e8eb15778c4855551ae7f310c35a5dd279cd2eca6757cd636f96f891e2538b53dbf67f2_cppui_modular381, @@ -165,8 +164,7 @@ namespace nil { typedef typename suite_type::field_value_type field_value_type; typedef typename suite_type::integral_type integral_type; - // TODO: change integral_type on field_value_type when constexpr will be finished - constexpr static std::array, 4> k_x_num = { + constexpr static std::array, 4> k_x_num = { {{{0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6_cppui_modular381, 0x5c759507e8e333ebb5b7a9a47d7ed8532c52d39fd3a042a88b58423c50ae15d5c2638e343d9c71c6238aaaaaaaa97d6_cppui_modular381}}, {{0, @@ -176,13 +174,13 @@ namespace nil { {{0x171d6541fa38ccfaed6dea691f5fb614cb14b4e7f4e810aa22d6108f142b85757098e38d0f671c7188e2aaaaaaaa5ed1_cppui_modular381, 0}}}}; - constexpr static std::array, 2> k_x_den = { + constexpr static std::array, 2> k_x_den = { {{{0, 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa63_cppui_modular381}}, {{0xc, 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaa9f_cppui_modular381}}}}; - constexpr static std::array, 4> k_y_num = { + constexpr static std::array, 4> k_y_num = { {{{0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706_cppui_modular381, 0x1530477c7ab4113b59a4c18b076d11930f7da5d4a07f649bf54439d87d27e500fc8c25ebf8c92f6812cfc71c71c6d706_cppui_modular381}}, {{0, @@ -192,7 +190,7 @@ namespace nil { {{0x124c9ad43b6cf79bfbf7043de3811ad0761b0f37a1e26286b0e977c69aa274524e79097a56dc4bd9e1b371c71c718b10_cppui_modular381, 0}}}}; - constexpr static std::array, 3> k_y_den = { + constexpr static std::array, 3> k_y_den = { {{{0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb_cppui_modular381, 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffa8fb_cppui_modular381}}, {{0, diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_m2c.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_m2c.hpp index 789c4f30b7..27f25d76db 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_m2c.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/h2c/h2c_m2c.hpp @@ -45,14 +45,14 @@ namespace nil { typedef typename suite_type::field_value_type field_value_type; static inline group_value_type process(const field_value_type &u) { - // TODO: We assume that Z meets the following criteria -- correct for predefined suites, - // but wrong in general case + // Simple SWU method works only with specific Z - see RFC // https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-10#section-6.6.2 // Preconditions: // 1. Z is non-square in F, // 2. Z != -1 in F, // 3. the polynomial g(x) - Z is irreducible over F, and // 4. g(B / (Z * A)) is square in F. + // Currently it is implemented only for BLS12 curves, Z is fine. static const field_value_type one = field_value_type::one(); field_value_type tv1 = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/jubjub/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/jubjub/params.hpp index 2809c48026..3ec0fff689 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/jubjub/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/jubjub/params.hpp @@ -41,48 +41,39 @@ namespace nil { using base_field_type = typename jubjub_types::base_field_type; using scalar_field_type = typename jubjub_types::scalar_field_type; - // Edwards representation constants a and d - constexpr static const typename jubjub_types::integral_type - a = ///< twisted Edwards elliptic curve - 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000000_cppui_modular255; ///< described - ///< by - ///< equation - ///< ax^2 + - ///< y^2 = 1 - ///< + - ///< dx^2y^2 - constexpr static const typename jubjub_types::integral_type - d = ///< twisted Edwards elliptic curve - 0x2A9318E74BFA2B48F5FD9207E6BD7FD4292D7F6D37579D2601065FD6D6343EB1_cppui_modular254; ///< described - ///< by - ///< equation - ///< ax^2 + - ///< y^2 = 1 - ///< + - ///< dx^2y^2 + // Twisted Edwards representation: + // a x^2 + y^2 = 1 + d x^2 y^2 + // Constants a (-1) and d (-10240/10241) + constexpr static const typename jubjub_types::base_field_type::value_type + a = base_field_type::modulus - 1; + constexpr static const typename jubjub_types::base_field_type::value_type + d = - base_field_type::value_type(10240) / base_field_type::value_type(10241); static constexpr std::size_t cofactor = 8; }; - constexpr typename jubjub_types::integral_type const jubjub_params::a; - constexpr typename jubjub_types::integral_type const jubjub_params::d; + constexpr typename jubjub_types::base_field_type::value_type const jubjub_params::a; + constexpr typename jubjub_types::base_field_type::value_type const jubjub_params::d; template<> struct jubjub_params { using base_field_type = typename jubjub_types::base_field_type; using scalar_field_type = typename jubjub_types::scalar_field_type; - // Montgomery representation constants A and B - constexpr static const typename jubjub_types::integral_type - A = ///< Montgomery elliptic curve - 0xA002_cppui_modular16; ///< described by equation b*y^2 = x^3 + a*x^2 + x - constexpr static const typename jubjub_types::integral_type - B = ///< Montgomery elliptic curve - 0x01; ///< described by equation b*y^2 = x^3 + a*x^2 + x + // Montgomery representation: + // B * y^2 = x^3 + A * x^2 + x + // https://en.wikipedia.org/wiki/Montgomery_curve#Equivalence_with_twisted_Edwards_curves + // constants A and B + // A = 2 (a + d) / (a - d) + // B = 4 / (a - d) + constexpr static const typename jubjub_types::base_field_type::value_type + A = 0xA002_cppui_modular255; + constexpr static const typename jubjub_types::base_field_type::value_type + B = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfefffffffeffff5ffd_cppui_modular255; static constexpr std::size_t cofactor = 8; }; - constexpr typename jubjub_types::integral_type const jubjub_params::A; - constexpr typename jubjub_types::integral_type const jubjub_params::B; + constexpr typename jubjub_types::base_field_type::value_type const jubjub_params::A; + constexpr typename jubjub_types::base_field_type::value_type const jubjub_params::B; template<> struct jubjub_g1_params : public jubjub_params { @@ -115,12 +106,21 @@ namespace nil { template using group_type = jubjub_types::g1_type; - // TODO: check correctness of the base point coordinates + /* Generator in Montgomery form + * Birational equivalence with Twisted Edwards form: + * https://en.wikipedia.org/wiki/Montgomery_curve#Equivalence_with_twisted_Edwards_curves + * + * M(u,v) from E(x,y): + * + * (u,v) = ( (1+y)/(1-y), (1+y)/(x*(1-y)) ) + * + * These coordinates are acquired from generator defined above. + */ constexpr static const std::array one_fill = { typename field_type::value_type( 0x52a47af6ec47deb77d663b6a45b148d1ccdaa4e2299ecfbd5504c409b3ea62c0_cppui_modular255), typename field_type::value_type( - 0x399b020832f6a499ba9d5334ca932dc9faaeea860e9a49a8f8854f55f3b676d4_cppui_modular254)}; + 0x20bc4f2e8cff38006618840fd0f9b6d6e8ddec99c37916874e2fd6d5c6558938_cppui_modular254)}; }; constexpr std::array::base_field_type::value_type, diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/marshalling.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/marshalling.hpp deleted file mode 100644 index 644dbea620..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/marshalling.hpp +++ /dev/null @@ -1,343 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_ALGEBRA_CURVES_HPP -#define CRYPTO3_MARSHALLING_ALGEBRA_CURVES_HPP - -#include - -#include - -#include - -#include - -namespace nil { - namespace marshalling { - - using namespace nil::crypto3; - - template - class curve_element_serializer { }; - - // ZCash serialization format for BLS12-381 - // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-09#appendix-C - template<> - class curve_element_serializer { - public: - typedef algebra::curves::bls12_381 curve_type; - - typedef typename curve_type::template g1_type<>::value_type g1_value_type; - typedef typename curve_type::template g2_type<>::value_type g2_value_type; - - typedef typename curve_type::template g1_type::value_type - g1_affine_value_type; - typedef typename curve_type::template g2_type::value_type - g2_affine_value_type; - - typedef typename g1_value_type::field_type::value_type g1_field_value_type; - typedef typename g2_value_type::field_type::value_type g2_field_value_type; - - typedef typename g1_field_value_type::integral_type integral_type; - - constexpr static const unsigned sizeof_field_element = 48; - typedef std::array compressed_g1_octets; - typedef std::array uncompressed_g1_octets; - typedef std::array compressed_g2_octets; - typedef std::array uncompressed_g2_octets; - - // Serialization procedure according to - // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-09#appendix-C.1 - static inline compressed_g1_octets point_to_octets_compress(const g1_value_type &point) { - compressed_g1_octets result = {0}; - g1_affine_value_type point_affine = point.to_affine(); - auto m_byte = evaluate_m_byte(point, point_affine, true); - // TODO: check possibilities for TA - if (!(I_bit & m_byte)) { - boost::multiprecision::export_bits( - point_affine.X.data.template convert_to(), result.rbegin(), 8, false); - } - result[0] |= m_byte; - return result; - } - - static inline uncompressed_g1_octets point_to_octets(const g1_value_type &point) { - uncompressed_g1_octets result = {0}; - g1_affine_value_type point_affine = point.to_affine(); - auto m_byte = evaluate_m_byte(point, point_affine, false); - // TODO: check possibilities for TA - if (!(I_bit & m_byte)) { - boost::multiprecision::export_bits( - point_affine.Y.data.template convert_to(), result.rbegin(), 8, false); - boost::multiprecision::export_bits(point_affine.X.data.template convert_to(), - result.rbegin() + sizeof_field_element, - 8, - false); - } - result[0] |= m_byte; - return result; - } - - static inline compressed_g2_octets point_to_octets_compress(const g2_value_type &point) { - compressed_g2_octets result = {0}; - g2_affine_value_type point_affine = point.to_affine(); - auto m_byte = evaluate_m_byte(point, point_affine, true); - // TODO: check possibilities for TA - if (!(I_bit & m_byte)) { - boost::multiprecision::export_bits( - point_affine.X.data[0].data.template convert_to(), result.rbegin(), 8, false); - boost::multiprecision::export_bits(point_affine.X.data[1].data.template convert_to(), - result.rbegin() + sizeof_field_element, - 8, - false); - } - result[0] |= m_byte; - return result; - } - - static inline uncompressed_g2_octets point_to_octets(const g2_value_type &point) { - uncompressed_g2_octets result = {0}; - g2_affine_value_type point_affine = point.to_affine(); - auto m_byte = evaluate_m_byte(point, point_affine, false); - // TODO: check possibilities for TA - if (!(I_bit & m_byte)) { - boost::multiprecision::export_bits( - point_affine.Y.data[0].data.template convert_to(), result.rbegin(), 8, false); - boost::multiprecision::export_bits(point_affine.Y.data[1].data.template convert_to(), - result.rbegin() + sizeof_field_element, - 8, - false); - boost::multiprecision::export_bits(point_affine.X.data[0].data.template convert_to(), - result.rbegin() + 2 * sizeof_field_element, - 8, - false); - boost::multiprecision::export_bits(point_affine.X.data[1].data.template convert_to(), - result.rbegin() + 3 * sizeof_field_element, - 8, - false); - } - result[0] |= m_byte; - return result; - } - - // TODO: use iterators - // Deserialization procedure according to - // https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-09#appendix-C.2 - template::value>::type> - static inline g1_value_type octets_to_g1_point(const PointOctetsRange &octets) { - BOOST_CONCEPT_ASSERT((boost::SinglePassRangeConcept)); - - const std::uint8_t m_byte = *octets.begin() & 0xE0; - BOOST_ASSERT(m_byte != 0x20 && m_byte != 0x60 && m_byte != 0xE0); - - PointOctetsRange point_octets = octets; - *point_octets.begin() &= 0x1F; - - if (m_byte & C_bit) { - return compressed_to_g1_point(point_octets, m_byte); - } - return uncompressed_to_g1_point(point_octets, m_byte); - } - - // TODO: use iterators - template::value>::type> - static inline g2_value_type octets_to_g2_point(const PointOctetsRange &octets) { - BOOST_CONCEPT_ASSERT((boost::SinglePassRangeConcept)); - - const std::uint8_t m_byte = *octets.begin() & 0xE0; - BOOST_ASSERT(m_byte != 0x20 && m_byte != 0x60 && m_byte != 0xE0); - - PointOctetsRange point_octets; - std::copy(octets.begin(), octets.end(), point_octets.begin()); - *point_octets.begin() &= 0x1F; - - if (m_byte & C_bit) { - return compressed_to_g2_point(point_octets, m_byte); - } - return uncompressed_to_g2_point(point_octets, m_byte); - } - - protected: - constexpr static const std::uint8_t C_bit = 0x80; - constexpr static const std::uint8_t I_bit = 0x40; - constexpr static const std::uint8_t S_bit = 0x20; - // constexpr static const typename g1_field_value_type::integral_type half_p = - // (g1_field_value_type::modulus - integral_type(1)) / integral_type(2); - - template::value>::type> - static inline g1_value_type compressed_to_g1_point(PointOctetsRange &point_octets, std::uint8_t m_byte) { - BOOST_ASSERT(std::distance(point_octets.begin(), point_octets.end()) == sizeof_field_element); - - if (m_byte & I_bit) { - BOOST_ASSERT(point_octets.end() == std::find(point_octets.begin(), point_octets.end(), true)); - return g1_value_type(); // point at infinity - } - - integral_type x; - boost::multiprecision::import_bits(x, point_octets.rbegin(), point_octets.rend(), 8, false); - g1_field_value_type x_mod(x); - g1_field_value_type y2_mod = x_mod.pow(3u) + g1_field_value_type(4u); - BOOST_ASSERT(y2_mod.is_square()); - g1_field_value_type y_mod = y2_mod.sqrt(); - bool Y_bit = sign_gf_p(y_mod); - if (Y_bit == bool(m_byte & S_bit)) { - g1_value_type result(x_mod, y_mod, g1_field_value_type::one()); - BOOST_ASSERT(result.is_well_formed()); - return result; - } - g1_value_type result(x_mod, -y_mod, g1_field_value_type::one()); - BOOST_ASSERT(result.is_well_formed()); - return result; - } - - template::value>::type> - static inline g1_value_type uncompressed_to_g1_point(PointOctetsRange &point_octets, std::uint8_t m_byte) { - BOOST_ASSERT(std::distance(point_octets.begin(), point_octets.end()) == 2 * sizeof_field_element); - - if (m_byte & I_bit) { - BOOST_ASSERT(point_octets.end() == std::find(point_octets.begin(), point_octets.end(), true)); - return g1_value_type(); // point at infinity - } - - integral_type x, y; - boost::multiprecision::import_bits( - y, point_octets.rbegin(), point_octets.rbegin() + sizeof_field_element, 8, false); - boost::multiprecision::import_bits( - x, point_octets.rbegin() + sizeof_field_element, point_octets.rend(), 8, false); - g1_value_type result(g1_field_value_type(x), g1_field_value_type(y), g1_field_value_type::one()); - BOOST_ASSERT(result.is_well_formed()); - return result; - } - - template::value>::type> - static inline g2_value_type compressed_to_g2_point(PointOctetsRange &point_octets, std::uint8_t m_byte) { - BOOST_ASSERT(std::distance(point_octets.begin(), point_octets.end()) == 2 * sizeof_field_element); - - if (m_byte & I_bit) { - BOOST_ASSERT(point_octets.end() == std::find(point_octets.begin(), point_octets.end(), true)); - return g2_value_type(); // point at infinity - } - - integral_type x_0, x_1; - boost::multiprecision::import_bits( - x_0, point_octets.rbegin(), point_octets.rbegin() + sizeof_field_element, 8, false); - boost::multiprecision::import_bits( - x_1, point_octets.rbegin() + sizeof_field_element, point_octets.rend(), 8, false); - g2_field_value_type x_mod(x_0, x_1); - g2_field_value_type y2_mod = x_mod.pow(3u) + g2_field_value_type(4u, 4u); - BOOST_ASSERT(y2_mod.is_square()); - g2_field_value_type y_mod = y2_mod.sqrt(); - bool Y_bit = sign_gf_p(y_mod); - if (Y_bit == bool(m_byte & S_bit)) { - g2_value_type result(x_mod, y_mod, g2_field_value_type::one()); - BOOST_ASSERT(result.is_well_formed()); - return result; - } - g2_value_type result(x_mod, -y_mod, g2_field_value_type::one()); - BOOST_ASSERT(result.is_well_formed()); - return result; - } - - template::value>::type> - static inline g2_value_type uncompressed_to_g2_point(PointOctetsRange &point_octets, std::uint8_t m_byte) { - BOOST_ASSERT(std::distance(point_octets.begin(), point_octets.end()) == 4 * sizeof_field_element); - - if (m_byte & I_bit) { - BOOST_ASSERT(point_octets.end() == std::find(point_octets.begin(), point_octets.end(), true)); - return g2_value_type(); // point at infinity - } - - integral_type x_0, x_1, y_0, y_1; - boost::multiprecision::import_bits( - y_0, point_octets.rbegin(), point_octets.rbegin() + sizeof_field_element, 8, false); - boost::multiprecision::import_bits(y_1, - point_octets.rbegin() + sizeof_field_element, - point_octets.rbegin() + 2 * sizeof_field_element, - 8, - false); - boost::multiprecision::import_bits(x_0, - point_octets.rbegin() + 2 * sizeof_field_element, - point_octets.rbegin() + 3 * sizeof_field_element, - 8, - false); - boost::multiprecision::import_bits( - x_1, point_octets.rbegin() + 3 * sizeof_field_element, point_octets.rend(), 8, false); - g2_value_type result(g2_field_value_type(g1_field_value_type(x_0), g1_field_value_type(x_1)), - g2_field_value_type(g1_field_value_type(y_0), g1_field_value_type(y_1)), - g2_field_value_type::one()); - BOOST_ASSERT(result.is_well_formed()); - return result; - } - - static inline bool sign_gf_p(const g1_field_value_type &v) { - static const typename g1_field_value_type::integral_type half_p = - (g1_field_value_type::modulus - integral_type(1)) / integral_type(2); - - if (v > half_p) { - return true; - } - return false; - } - - static inline bool sign_gf_p(const g2_field_value_type &v) { - if (v.data[1] == 0u) { - return sign_gf_p(v.data[0]); - } - return sign_gf_p(v.data[1]); - } - - template - static inline std::uint8_t evaluate_m_byte(const GroupValueType &point, - const GroupAffineValueType &point_affine, - bool compression) { - std::uint8_t result = 0; - if (compression) { - result |= C_bit; - } - // TODO: check condition of infinite point - if (point.is_zero()) { - result |= I_bit; - } else if (compression && sign_gf_p(point_affine.Y)) { - result |= S_bit; - } - return result; - } - }; - } // namespace marshalling -} // namespace nil - -#endif // CRYPTO3_MARSHALLING_ALGEBRA_CURVES_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt4/298/short_weierstrass_params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt4/298/short_weierstrass_params.hpp index 3f844bc3a0..55fcdb6ff5 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt4/298/short_weierstrass_params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt4/298/short_weierstrass_params.hpp @@ -43,12 +43,11 @@ namespace nil { using base_field_type = typename mnt4_types<298>::base_field_type; using scalar_field_type = typename mnt4_types<298>::scalar_field_type; - constexpr static const typename mnt4_types<298>::integral_type a = - typename mnt4_types<298>::integral_type( - 0x02); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename mnt4_types<298>::integral_type b = - typename mnt4_types<298>::integral_type( - 0x3545A27639415585EA4D523234FC3EDD2A2070A085C7B980F4E9CD21A515D4B0EF528EC0FD5_cppui_modular298); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename mnt4_types<298>::base_field_type::value_type + a = 0x02; + constexpr static const typename mnt4_types<298>::base_field_type::value_type + b = 0x3545A27639415585EA4D523234FC3EDD2A2070A085C7B980F4E9CD21A515D4B0EF528EC0FD5_cppui_modular298; }; template<> @@ -118,9 +117,9 @@ namespace nil { }; constexpr - typename mnt4_types<298>::integral_type const mnt4_params<298, forms::short_weierstrass>::a; + typename mnt4_types<298>::base_field_type::value_type const mnt4_params<298, forms::short_weierstrass>::a; constexpr - typename mnt4_types<298>::integral_type const mnt4_params<298, forms::short_weierstrass>::b; + typename mnt4_types<298>::base_field_type::value_type const mnt4_params<298, forms::short_weierstrass>::b; constexpr typename mnt4_g2_params<298, forms::short_weierstrass>::field_type::value_type const mnt4_g2_params<298, forms::short_weierstrass>::a; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt6/298/short_weierstrass_params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt6/298/short_weierstrass_params.hpp index 43fd9cadfb..94e18751f8 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt6/298/short_weierstrass_params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/mnt6/298/short_weierstrass_params.hpp @@ -43,12 +43,11 @@ namespace nil { using base_field_type = typename mnt6_types<298>::base_field_type; using scalar_field_type = typename mnt6_types<298>::scalar_field_type; - constexpr static const typename mnt6_types<298>::integral_type a = - typename mnt6_types<298>::integral_type( - 0x0B); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename mnt6_types<298>::integral_type b = - typename mnt6_types<298>::integral_type( - 0xD68C7B1DC5DD042E957B71C44D3D6C24E683FC09B420B1A2D263FDE47DDBA59463D0C65282_cppui_modular296); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename mnt6_types<298>::base_field_type::value_type + a = 0x0B; + constexpr static const typename mnt6_types<298>::base_field_type::value_type + b = 0xD68C7B1DC5DD042E957B71C44D3D6C24E683FC09B420B1A2D263FDE47DDBA59463D0C65282_cppui_modular296; }; template<> @@ -111,9 +110,9 @@ namespace nil { }; constexpr - typename mnt6_types<298>::integral_type const mnt6_params<298, forms::short_weierstrass>::a; + typename mnt6_types<298>::base_field_type::value_type const mnt6_params<298, forms::short_weierstrass>::a; constexpr - typename mnt6_types<298>::integral_type const mnt6_params<298, forms::short_weierstrass>::b; + typename mnt6_types<298>::base_field_type::value_type const mnt6_params<298, forms::short_weierstrass>::b; constexpr typename mnt6_g2_params<298, forms::short_weierstrass>::field_type::value_type const mnt6_g2_params<298, forms::short_weierstrass>::a; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/pallas/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/pallas/params.hpp index 09c0747012..c3f864ca24 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/pallas/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/pallas/params.hpp @@ -36,7 +36,6 @@ namespace nil { namespace algebra { namespace curves { namespace detail { - /** * @brief https://zips.z.cash/protocol/protocol.pdf#pallasandvesta @@ -47,17 +46,9 @@ namespace nil { using scalar_field_type = typename pallas_types::scalar_field_type; #ifdef __ZKLLVM__ #else - constexpr static typename pallas_types::integral_type a = typename pallas_types::integral_type(0) ; ///< coefficient - ///< Short - ///< Weierstrass - ///< curves - ///< y^2=x^3+a*x+b - constexpr static typename pallas_types::integral_type b = typename pallas_types::integral_type(5) ; ///< coefficient - ///< of - ///< Short - ///< Weierstrass - ///< curves - ///< y^2=x^^3+a*x+b + /* Short Weierstrass curve: y^2 = x^3 + a*x +b */ + constexpr static typename pallas_types::base_field_type::value_type a = 0u; + constexpr static typename pallas_types::base_field_type::value_type b = 5u; #endif }; @@ -80,19 +71,17 @@ namespace nil { field_type::value_type::zero(), field_type::value_type::zero()}; #endif + // Generator: (-1, 2) constexpr static std::array one_fill = { - // TODO(martun): This is "modulus - 1". Figure out what are the other commented constants below. - 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000000_cppui_modular255, - //0x7706c37b5a84128a3884a5d71811f1b55da3230ffb17a8ab0b32e48d31a6685c_cppui_modular255), + field_type::modulus - 1, typename field_type::value_type(2u)}; - //0x0f60480c7a5c0e1140340adc79d6a2bf0cb57ad049d025dc38d80c77985f0329_cppui_modular255)}; #endif }; #ifdef __ZKLLVM__ #else - constexpr typename pallas_types::integral_type pallas_params::a; - constexpr typename pallas_types::integral_type pallas_params::b; + constexpr typename pallas_types::base_field_type::value_type pallas_params::a; + constexpr typename pallas_types::base_field_type::value_type pallas_params::b; constexpr std::array::field_type::value_type, 2> pallas_g1_params::zero_fill; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/scalar_mul.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/scalar_mul.hpp index a9e09fc7eb..0b9b217399 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/scalar_mul.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/scalar_mul.hpp @@ -42,43 +42,43 @@ namespace nil { namespace algebra { namespace curves { namespace detail { - template - CurveElementType constexpr scalar_mul(const CurveElementType &base, - const boost::multiprecision::number &scalar) { + + template + constexpr void scalar_mul_inplace( + CurveElementType &base, + boost::multiprecision::number> const& scalar) + { if (scalar.is_zero()) { - return CurveElementType::zero(); + base = CurveElementType::zero(); + return; } const size_t window_size = 3; auto naf = boost::multiprecision::eval_find_wnaf_a(window_size + 1, scalar.backend()); std::array table; - CurveElementType tmp = base; CurveElementType dbl = base; dbl.double_inplace(); for (size_t i = 0; i < 1ul << window_size; ++i) { - table[i] = tmp; - tmp += dbl; + table[i] = base; + base += dbl; } - CurveElementType res = CurveElementType::zero(); + base = CurveElementType::zero(); bool found_nonzero = false; for (long i = naf.size() - 1; i >= 0; --i) { if (found_nonzero) { - res.double_inplace(); + base.double_inplace(); } if (naf[i] != 0) { found_nonzero = true; if (naf[i] > 0) { - res += table[naf[i] / 2]; + base += table[naf[i] / 2]; } else { - res -= table[(-naf[i]) / 2]; + base -= table[(-naf[i]) / 2]; } } } - return res; } template @@ -86,122 +86,61 @@ namespace nil { CurveElementType& point, typename CurveElementType::params_type::scalar_field_type::value_type const& scalar) { - return point *= static_cast(scalar.data); - } - - template - constexpr CurveElementType& operator *= ( - CurveElementType& point, - const boost::multiprecision::number &scalar) - { - if (scalar.is_zero()) { - point = CurveElementType::zero(); - return point; - } - - const size_t window_size = 3; - auto naf = boost::multiprecision::eval_find_wnaf_a(window_size + 1, scalar.backend()); - std::array table; - CurveElementType tmp = point; - CurveElementType dbl = point; - dbl.double_inplace(); - for (size_t i = 0; i < 1ul << window_size; ++i) { - table[i] = tmp; - tmp += dbl; - } - - CurveElementType res = CurveElementType::zero(); - bool found_nonzero = false; - for (long i = naf.size() - 1; i >= 0; --i) { - if (found_nonzero) { - res.double_inplace(); - } - - if (naf[i] != 0) { - found_nonzero = true; - if (naf[i] > 0) { - res += table[naf[i] / 2]; - } else { - res -= table[(-naf[i]) / 2]; - } - } - } - - point = res; + using scalar_integral_type = typename CurveElementType::params_type::scalar_field_type::integral_type; + scalar_mul_inplace(point, static_cast(scalar.data)); return point; } - template - constexpr GroupValueType - operator*(const GroupValueType &left, - const boost::multiprecision::number, ExpressionTemplates> &right) { - return scalar_mul(left, right); - } - - template - typename std::enable_if< - is_curve_group::value && - !is_field::value, - GroupValueType>::type - constexpr operator*(const GroupValueType &left, - const boost::multiprecision::number &right) { - return scalar_mul(left, right); + template + constexpr CurveElementType operator * ( + CurveElementType const& point, + typename CurveElementType::params_type::scalar_field_type::value_type const& scalar) + { + using scalar_integral_type = typename CurveElementType::params_type::scalar_field_type::integral_type; + CurveElementType res = point; + scalar_mul_inplace(res, static_cast(scalar.data)); + return res; } - template - typename std::enable_if< - is_curve_group::value && - !is_field::value, - GroupValueType>::type - constexpr operator*(const boost::multiprecision::number &left, - const GroupValueType &right) { - return scalar_mul(right, left); + template + constexpr CurveElementType operator * ( + typename CurveElementType::params_type::scalar_field_type::value_type const& scalar, + CurveElementType const& point) + { + using scalar_integral_type = typename CurveElementType::params_type::scalar_field_type::integral_type; + CurveElementType res = point; + scalar_mul_inplace(res, static_cast(scalar.data)); + return res; } - template - typename std::enable_if::value && - !is_field::value && - is_field::value && - !is_extended_field::value, - GroupValueType>::type - operator*(const GroupValueType &left, const FieldValueType &right) { - - // TODO(martun): consider deleting this function, and forcing all the callers to convert to the - // required type before multiplication. - return left * static_cast( - typename FieldValueType::integral_type(right.data)); + template + std::enable_if_t::value, CurveElementType> + constexpr operator * ( + const CurveElementType &point, + const std::size_t &multiplier) + { + typename CurveElementType::params_type::scalar_field_type::value_type scalar(multiplier); + return point * scalar; } - template - typename std::enable_if::value && - !is_field::value && - is_field::value && - !is_extended_field::value, - GroupValueType>::type - operator*(const FieldValueType &left, const GroupValueType &right) { - - return right * left; + template + std::enable_if_t::value, CurveElementType> + constexpr operator * ( + const std::size_t &multiplier, + const CurveElementType &point) + { + typename CurveElementType::params_type::scalar_field_type::value_type scalar(multiplier); + return point * scalar; } - template - constexpr GroupValueType operator*(const GroupValueType &left, const std::size_t &right) { - - return scalar_mul(left, typename GroupValueType::field_type::integral_type::value_type(right)); + template + std::enable_if_t::value, bool> + subgroup_check(CurveElementType point) { + auto scalar_modulus = CurveElementType::group_type::curve_type::scalar_field_type::modulus; + scalar_mul_inplace(point, scalar_modulus); + return point.is_zero(); } - template - constexpr GroupValueType operator*(const std::size_t &left, const GroupValueType &right) { - - return right * left; - } } // namespace detail } // namespace curves } // namespace algebra diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_k1/256/short_weierstrass_params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_k1/256/short_weierstrass_params.hpp index 5166f7c3fe..21bb4615e9 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_k1/256/short_weierstrass_params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_k1/256/short_weierstrass_params.hpp @@ -42,12 +42,11 @@ namespace nil { using base_field_type = typename secp_k1_types<160>::base_field_type; using scalar_field_type = typename secp_k1_types<160>::scalar_field_type; - constexpr static const typename secp_k1_types<160>::integral_type a = - typename secp_k1_types<160>::integral_type( - 0x00); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename secp_k1_types<160>::integral_type b = - typename secp_k1_types<160>::integral_type( - 0x07); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_k1_types<160>::base_field_type::value_type + a = 0x00; + constexpr static const typename secp_k1_types<160>::base_field_type::value_type + b = 0x07; }; template<> @@ -72,9 +71,9 @@ namespace nil { typename field_type::value_type(0x938cf935318fdced6bc28286531733c3f03c4fee_cppui_modular160)}; }; - constexpr typename secp_k1_types<160>::integral_type const + constexpr typename secp_k1_types<160>::base_field_type::value_type const secp_k1_params<160, forms::short_weierstrass>::a; - constexpr typename secp_k1_types<160>::integral_type const + constexpr typename secp_k1_types<160>::base_field_type::value_type const secp_k1_params<160, forms::short_weierstrass>::b; constexpr std::array< @@ -90,12 +89,11 @@ namespace nil { using base_field_type = typename secp_k1_types<192>::base_field_type; using scalar_field_type = typename secp_k1_types<192>::scalar_field_type; - constexpr static const typename secp_k1_types<192>::integral_type a = - typename secp_k1_types<192>::integral_type( - 0x00); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename secp_k1_types<192>::integral_type b = - typename secp_k1_types<192>::integral_type( - 0x3); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_k1_types<192>::base_field_type::value_type + a = 0x00; + constexpr static const typename secp_k1_types<192>::base_field_type::value_type + b = 0x3; }; template<> @@ -124,9 +122,9 @@ namespace nil { 0x9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d_cppui_modular192)}; }; - constexpr typename secp_k1_types<192>::integral_type const + constexpr typename secp_k1_types<192>::base_field_type::value_type const secp_k1_params<192, forms::short_weierstrass>::a; - constexpr typename secp_k1_types<192>::integral_type const + constexpr typename secp_k1_types<192>::base_field_type::value_type const secp_k1_params<192, forms::short_weierstrass>::b; constexpr std::array< @@ -142,12 +140,11 @@ namespace nil { using base_field_type = typename secp_k1_types<224>::base_field_type; using scalar_field_type = typename secp_k1_types<224>::scalar_field_type; - constexpr static const typename secp_k1_types<224>::integral_type a = - typename secp_k1_types<224>::integral_type( - 0x00); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename secp_k1_types<224>::integral_type b = - typename secp_k1_types<224>::integral_type( - 0x5); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_k1_types<224>::base_field_type::value_type + a = 0x00; + constexpr static const typename secp_k1_types<224>::base_field_type::value_type + b = 0x5; }; template<> @@ -174,9 +171,9 @@ namespace nil { 0x7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5_cppui_modular224)}; }; - constexpr typename secp_k1_types<224>::integral_type const + constexpr typename secp_k1_types<224>::base_field_type::value_type const secp_k1_params<224, forms::short_weierstrass>::a; - constexpr typename secp_k1_types<224>::integral_type const + constexpr typename secp_k1_types<224>::base_field_type::value_type const secp_k1_params<224, forms::short_weierstrass>::b; constexpr std::array< @@ -192,12 +189,11 @@ namespace nil { using base_field_type = typename secp_k1_types<256>::base_field_type; using scalar_field_type = typename secp_k1_types<256>::scalar_field_type; - constexpr static const typename secp_k1_types<256>::integral_type a = - typename secp_k1_types<256>::integral_type( - 0x00); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ - constexpr static const typename secp_k1_types<256>::integral_type b = - typename secp_k1_types<256>::integral_type( - 0x07); ///< coefficient of short Weierstrass curve $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_k1_types<256>::base_field_type::value_type + a = 0x00; + constexpr static const typename secp_k1_types<256>::base_field_type::value_type + b = 0x07; }; template<> @@ -224,9 +220,9 @@ namespace nil { 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8_cppui_modular256)}; }; - constexpr typename secp_k1_types<256>::integral_type const + constexpr typename secp_k1_types<256>::base_field_type::value_type const secp_k1_params<256, forms::short_weierstrass>::a; - constexpr typename secp_k1_types<256>::integral_type const + constexpr typename secp_k1_types<256>::base_field_type::value_type const secp_k1_params<256, forms::short_weierstrass>::b; constexpr std::array< diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_r1/256/short_weierstrass_params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_r1/256/short_weierstrass_params.hpp index ed525e8c1b..89fe04d5aa 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_r1/256/short_weierstrass_params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/secp_r1/256/short_weierstrass_params.hpp @@ -42,22 +42,11 @@ namespace nil { using base_field_type = typename secp_r1_types<160>::base_field_type; using scalar_field_type = typename secp_r1_types<160>::scalar_field_type; - constexpr static const typename secp_r1_types<160>::integral_type a = - typename secp_r1_types<160>::integral_type( - 0xffffffffffffffffffffffffffffffff7ffffffc_cppui_modular160); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ - constexpr static const typename secp_r1_types<160>::integral_type b = - typename secp_r1_types<160>::integral_type( - 0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45_cppui_modular160); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_r1_types<160>::base_field_type::value_type + a = 0xffffffffffffffffffffffffffffffff7ffffffc_cppui_modular160; + constexpr static const typename secp_r1_types<160>::base_field_type::value_type + b = 0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45_cppui_modular160; }; template<> @@ -82,9 +71,9 @@ namespace nil { typename field_type::value_type(0x23a628553168947d59dcc912042351377ac5fb32_cppui_modular160)}; }; - constexpr typename secp_r1_types<160>::integral_type const + constexpr typename secp_r1_types<160>::base_field_type::value_type const secp_r1_params<160, forms::short_weierstrass>::a; - constexpr typename secp_r1_types<160>::integral_type const + constexpr typename secp_r1_types<160>::base_field_type::value_type const secp_r1_params<160, forms::short_weierstrass>::b; constexpr std::array< @@ -100,22 +89,11 @@ namespace nil { using base_field_type = typename secp_r1_types<192>::base_field_type; using scalar_field_type = typename secp_r1_types<192>::scalar_field_type; - constexpr static const typename secp_r1_types<192>::integral_type a = - typename secp_r1_types<192>::integral_type( - 0xfffffffffffffffffffffffffffffffefffffffffffffffc_cppui_modular192); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ - constexpr static const typename secp_r1_types<192>::integral_type b = - typename secp_r1_types<192>::integral_type( - 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1_cppui_modular192); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_r1_types<192>::base_field_type::value_type + a = 0xfffffffffffffffffffffffffffffffefffffffffffffffc_cppui_modular192; + constexpr static const typename secp_r1_types<192>::base_field_type::value_type + b = 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1_cppui_modular192; }; template<> @@ -142,9 +120,9 @@ namespace nil { 0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811_cppui_modular192)}; }; - constexpr typename secp_r1_types<192>::integral_type const + constexpr typename secp_r1_types<192>::base_field_type::value_type const secp_r1_params<192, forms::short_weierstrass>::a; - constexpr typename secp_r1_types<192>::integral_type const + constexpr typename secp_r1_types<192>::base_field_type::value_type const secp_r1_params<192, forms::short_weierstrass>::b; constexpr std::array< @@ -160,22 +138,11 @@ namespace nil { using base_field_type = typename secp_r1_types<224>::base_field_type; using scalar_field_type = typename secp_r1_types<224>::scalar_field_type; - constexpr static const typename secp_r1_types<224>::integral_type a = - typename secp_r1_types<224>::integral_type( - 0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe_cppui_modular224); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ - constexpr static const typename secp_r1_types<224>::integral_type b = - typename secp_r1_types<224>::integral_type( - 0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4_cppui_modular224); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_r1_types<224>::base_field_type::value_type + a = 0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe_cppui_modular224; + constexpr static const typename secp_r1_types<224>::base_field_type::value_type + b = 0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4_cppui_modular224; }; template<> @@ -202,9 +169,9 @@ namespace nil { 0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34_cppui_modular224)}; }; - constexpr typename secp_r1_types<224>::integral_type const + constexpr typename secp_r1_types<224>::base_field_type::value_type const secp_r1_params<224, forms::short_weierstrass>::a; - constexpr typename secp_r1_types<224>::integral_type const + constexpr typename secp_r1_types<224>::base_field_type::value_type const secp_r1_params<224, forms::short_weierstrass>::b; constexpr std::array< @@ -220,22 +187,11 @@ namespace nil { using base_field_type = typename secp_r1_types<256>::base_field_type; using scalar_field_type = typename secp_r1_types<256>::scalar_field_type; - constexpr static const typename secp_r1_types<256>::integral_type a = - typename secp_r1_types<256>::integral_type( - 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc_cppui_modular256); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ - constexpr static const typename secp_r1_types<256>::integral_type b = - typename secp_r1_types<256>::integral_type( - 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b_cppui_modular256); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_r1_types<256>::base_field_type::value_type + a = 0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc_cppui_modular256; + constexpr static const typename secp_r1_types<256>::base_field_type::value_type + b = 0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b_cppui_modular256; }; template<> @@ -250,7 +206,7 @@ namespace nil { #ifdef STANDARD_EC_INF_POINTS_ENABLED constexpr static const std::array zero_fill = { field_type::value_type::zero(), field_type::value_type::one()}; -#else +#else constexpr static const std::array zero_fill = { field_type::value_type::zero(), field_type::value_type::zero()}; #endif @@ -261,9 +217,9 @@ namespace nil { 0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5_cppui_modular256)}; }; - constexpr typename secp_r1_types<256>::integral_type const + constexpr typename secp_r1_types<256>::base_field_type::value_type const secp_r1_params<256, forms::short_weierstrass>::a; - constexpr typename secp_r1_types<256>::integral_type const + constexpr typename secp_r1_types<256>::base_field_type::value_type const secp_r1_params<256, forms::short_weierstrass>::b; constexpr std::array< @@ -279,22 +235,11 @@ namespace nil { using base_field_type = typename secp_r1_types<384>::base_field_type; using scalar_field_type = typename secp_r1_types<384>::scalar_field_type; - constexpr static const typename secp_r1_types<384>::integral_type a = - typename secp_r1_types<384>::integral_type( - 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc_cppui_modular384); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ - constexpr static const typename secp_r1_types<384>::integral_type b = - typename secp_r1_types<384>::integral_type( - 0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef_cppui_modular384); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_r1_types<384>::base_field_type::value_type + a = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc_cppui_modular384; + constexpr static const typename secp_r1_types<384>::base_field_type::value_type + b = 0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef_cppui_modular384; }; template<> @@ -321,9 +266,9 @@ namespace nil { 0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f_cppui_modular384)}; }; - constexpr typename secp_r1_types<384>::integral_type const + constexpr typename secp_r1_types<384>::base_field_type::value_type const secp_r1_params<384, forms::short_weierstrass>::a; - constexpr typename secp_r1_types<384>::integral_type const + constexpr typename secp_r1_types<384>::base_field_type::value_type const secp_r1_params<384, forms::short_weierstrass>::b; constexpr std::array< @@ -339,22 +284,11 @@ namespace nil { using base_field_type = typename secp_r1_types<521>::base_field_type; using scalar_field_type = typename secp_r1_types<521>::scalar_field_type; - constexpr static const typename secp_r1_types<521>::integral_type a = - typename secp_r1_types<521>::integral_type( - 0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc_cppui_modular521); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ - constexpr static const typename secp_r1_types<521>::integral_type b = - typename secp_r1_types<521>::integral_type( - 0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00_cppui_modular521); ///< coefficient - ///< of - ///< short - ///< Weierstrass - ///< curve - ///< $y^2=x^3+a*x+b$ + ///< coefficients of short Weierstrass curve $y^2=x^3+a*x+b$ + constexpr static const typename secp_r1_types<521>::base_field_type::value_type + a = 0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc_cppui_modular521; + constexpr static const typename secp_r1_types<521>::base_field_type::value_type + b = 0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00_cppui_modular521; }; template<> @@ -381,9 +315,9 @@ namespace nil { 0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650_cppui_modular521)}; }; - constexpr typename secp_r1_types<521>::integral_type const + constexpr typename secp_r1_types<521>::base_field_type::value_type const secp_r1_params<521, forms::short_weierstrass>::a; - constexpr typename secp_r1_types<521>::integral_type const + constexpr typename secp_r1_types<521>::base_field_type::value_type const secp_r1_params<521, forms::short_weierstrass>::b; constexpr std::array< diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/subgroup_check.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/subgroup_check.hpp deleted file mode 100644 index fc0fcc6235..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/subgroup_check.hpp +++ /dev/null @@ -1,49 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_CURVES_SUBGROUP_CHECK_HPP -#define CRYPTO3_ALGEBRA_CURVES_SUBGROUP_CHECK_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace curves { - namespace detail { - // TODO: temporary implementation due to absence of GroupValueType type_trait - // Should be implemented as class method - template::value && - !is_field::value>::type> - bool subgroup_check(const GroupValueType &p) { - return (p * GroupValueType::group_type::curve_type::q).is_zero(); - } - } // namespace detail - } // namespace curves - } // namespace algebra - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_ALGEBRA_CURVES_SUBGROUP_CHECK_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/vesta/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/vesta/params.hpp index 2c68e40e39..e07e7d0573 100755 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/vesta/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/detail/vesta/params.hpp @@ -36,7 +36,6 @@ namespace nil { namespace algebra { namespace curves { namespace detail { - /** * @brief https://zips.z.cash/protocol/protocol.pdf#pallasandvesta @@ -48,17 +47,9 @@ namespace nil { using scalar_field_type = typename vesta_types::scalar_field_type; #ifdef __ZKLLVM__ #else - constexpr static typename vesta_types::integral_type a = typename vesta_types::integral_type(0) ; ///< coefficient - ///< Short - ///< Weierstrass - ///< curves - ///< y^2=x^3+a*x+b - constexpr static typename vesta_types::integral_type b = typename vesta_types::integral_type(5) ; ///< coefficient - ///< of - ///< Short - ///< Weierstrass - ///< curves - ///< y^2=x^3+a*x+b + /* Short Weierstrass curve: y^2 = x^3 + a*x +b */ + constexpr static typename vesta_types::base_field_type::value_type a = 0u; + constexpr static typename vesta_types::base_field_type::value_type b = 5u; #endif }; @@ -81,19 +72,17 @@ namespace nil { field_type::value_type::zero(), field_type::value_type::zero()}; #endif + // Generator: (-1, 2) constexpr static std::array one_fill = { - // TODO(martun): This is "modulus - 1". Figure out what are the other commented constants below. - 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000000_cppui_modular255, - //0x7706c37b5a84128a3884a5d71811f1b55da3230ffb17a8ab0b32e48d31a6685c_cppui_modular255), + field_type::modulus - 1, typename field_type::value_type(2u)}; - //0x0f60480c7a5c0e1140340adc79d6a2bf0cb57ad049d025dc38d80c77985f0329_cppui_modular255)}; #endif }; #ifdef __ZKLLVM__ #else - constexpr typename vesta_types::integral_type vesta_params::a; - constexpr typename vesta_types::integral_type vesta_params::b; + constexpr typename vesta_types::base_field_type::value_type vesta_params::a; + constexpr typename vesta_types::base_field_type::value_type vesta_params::b; constexpr std::array::field_type::value_type, 2> vesta_g1_params::zero_fill; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/forms.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/forms.hpp index 907b19fc9f..c2e2e6d589 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/forms.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/forms.hpp @@ -33,48 +33,21 @@ namespace nil { struct forms { - /* @brief Curve Doubling-oriented Doche–Icart–Kohel form. - * Description: http://www.hyperelliptic.org/EFD/g1p/auto-2dik.html - */ - struct doubling_oriented_doche_icart_kohel { }; - /* @brief Curve Tripling-oriented Doche–Icart–Kohel form. - * Description: http://www.hyperelliptic.org/EFD/g1p/auto-3dik.html - */ - struct tripling_oriented_doche_icart_kohel { }; - /* @brief Curve Edwards form. - * Description: http://www.hyperelliptic.org/EFD/g1p/auto-edwards.html - */ - struct edwards { }; - /* @brief Curve Hessian form. - * Description: http://www.hyperelliptic.org/EFD/g1p/auto-hessian.html - */ - struct hessian { }; - /* @brief Curve Jacobi intersections form. - * Description: http://www.hyperelliptic.org/EFD/g1p/auto-jintersect.html - */ - struct jacobi_intersections { }; - /* @brief Curve Jacobi quartics form. - * Description: http://www.hyperelliptic.org/EFD/g1p/auto-jquartic.html - */ - struct jacobi_quatrics { }; /* @brief Curve Montgomery form. * Description: http://www.hyperelliptic.org/EFD/g1p/auto-montgom.html */ struct montgomery { }; + /* @brief Curve Short Weierstrass form. * Description: http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html */ struct short_weierstrass { }; + /* @brief Curve Twisted Edwards form. * Description: http://www.hyperelliptic.org/EFD/g1p/auto-twisted.html */ struct twisted_edwards { }; - /* @brief Curve Twisted Hessian form. - * Description: http://www.hyperelliptic.org/EFD/g1p/auto-twistedhessian.html - */ - struct twisted_hessian { }; }; - } // namespace curves } // namespace algebra } // namespace crypto3 diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/params/multiexp/bn128.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/params/multiexp/bn128.hpp deleted file mode 100644 index 43ac8bbe43..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/params/multiexp/bn128.hpp +++ /dev/null @@ -1,155 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_CURVES_BN128_MULTIEXP_PARAMS_HPP -#define CRYPTO3_ALGEBRA_CURVES_BN128_MULTIEXP_PARAMS_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace curves { - - template - struct multiexp_params; - - /************************* BN128-254 ***********************************/ - - template<> - struct multiexp_params::g1_type<>> { - - constexpr static const std::array fixed_base_exp_window_table = { - // window 1 is unbeaten in [-inf, 4.24] - 1, - // window 2 is unbeaten in [4.24, 10.43] - 4, - // window 3 is unbeaten in [10.43, 24.88] - 10, - // window 4 is unbeaten in [24.88, 62.10] - 25, - // window 5 is unbeaten in [62.10, 157.80] - 62, - // window 6 is unbeaten in [157.80, 362.05] - 158, - // window 7 is unbeaten in [362.05, 806.67] - 362, - // window 8 is unbeaten in [806.67, 2090.34] - 807, - // window 9 is unbeaten in [2090.34, 4459.58] - 2090, - // window 10 is unbeaten in [4459.58, 9280.12] - 4460, - // window 11 is unbeaten in [9280.12, 43302.64] - 9280, - // window 12 is unbeaten in [43302.64, 210998.73] - 43303, - // window 13 is never the best - 0, - // window 14 is never the best - 0, - // window 15 is unbeaten in [210998.73, 506869.47] - 210999, - // window 16 is unbeaten in [506869.47, 930023.36] - 506869, - // window 17 is unbeaten in [930023.36, 8350812.20] - 930023, - // window 18 is never the best - 0, - // window 19 is never the best - 0, - // window 20 is unbeaten in [8350812.20, 21708138.87] - 8350812, - // window 21 is unbeaten in [21708138.87, 29482995.52] - 21708139, - // window 22 is unbeaten in [29482995.52, inf] - 29482996}; - }; - - template<> - struct multiexp_params::g2_type<>> { - - constexpr static const std::array fixed_base_exp_window_table = { - // window 1 is unbeaten in [-inf, 4.13] - 1, - // window 2 is unbeaten in [4.13, 10.72] - 4, - // window 3 is unbeaten in [10.72, 25.60] - 11, - // window 4 is unbeaten in [25.60, 60.99] - 26, - // window 5 is unbeaten in [60.99, 153.66] - 61, - // window 6 is unbeaten in [153.66, 353.13] - 154, - // window 7 is unbeaten in [353.13, 771.87] - 353, - // window 8 is unbeaten in [771.87, 2025.85] - 772, - // window 9 is unbeaten in [2025.85, 4398.65] - 2026, - // window 10 is unbeaten in [4398.65, 10493.42] - 4399, - // window 11 is unbeaten in [10493.42, 37054.73] - 10493, - // window 12 is unbeaten in [37054.73, 49928.78] - 37055, - // window 13 is unbeaten in [49928.78, 114502.82] - 49929, - // window 14 is unbeaten in [114502.82, 161445.26] - 114503, - // window 15 is unbeaten in [161445.26, 470648.01] - 161445, - // window 16 is unbeaten in [470648.01, 1059821.87] - 470648, - // window 17 is unbeaten in [1059821.87, 5450848.25] - 1059822, - // window 18 is never the best - 0, - // window 19 is unbeaten in [5450848.25, 5566795.57] - 5450848, - // window 20 is unbeaten in [5566795.57, 33055217.52] - 5566796, - // window 21 is never the best - 0, - // window 22 is unbeaten in [33055217.52, inf] - 33055218}; - }; - - /************************* BN128-254 definitions ***********************************/ - - constexpr std::array const - multiexp_params::g1_type<>>::fixed_base_exp_window_table; - constexpr std::array const - multiexp_params::g2_type<>>::fixed_base_exp_window_table; - - } // namespace curves - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_CURVES_BN128_MULTIEXP_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/params/wnaf/bn128.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/params/wnaf/bn128.hpp deleted file mode 100644 index 9cb6d37f0d..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/curves/params/wnaf/bn128.hpp +++ /dev/null @@ -1,67 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_CURVES_BN128_WNAF_PARAMS_HPP -#define CRYPTO3_ALGEBRA_CURVES_BN128_WNAF_PARAMS_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace curves { - - template - struct wnaf_params; - - /************************* BN128-254 ***********************************/ - - template<> - struct wnaf_params::g1_type<>> { - - constexpr static const std::array wnaf_window_table = {10, 24, 40, 132}; - }; - - template<> - struct wnaf_params::g2_type<>> { - - constexpr static const std::array wnaf_window_table = {7, 18, 35, 116}; - }; - - /************************* BN128-254 definitions ***********************************/ - - constexpr std::array const - wnaf_params::g1_type<>>::wnaf_window_table; - constexpr std::array const - wnaf_params::g2_type<>>::wnaf_window_table; - - } // namespace curves - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_CURVES_BN128_WNAF_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/base_field.hpp index 3c31e48647..2cee7ea128 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/base_field.hpp @@ -50,8 +50,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/scalar_field.hpp index 8b3c481c96..05d747f36d 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/scalar_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/alt_bn128/scalar_field.hpp @@ -52,8 +52,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/alt_bn128.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/alt_bn128.hpp index 6d404930dd..e54942f94b 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/alt_bn128.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/alt_bn128.hpp @@ -81,7 +81,9 @@ namespace nil { typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>>; constexpr static const std::size_t s = 0x04; constexpr static const extended_integral_type t = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/bls12.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/bls12.hpp index 279c0986b8..ddf9a10023 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/bls12.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/bls12.hpp @@ -83,7 +83,9 @@ namespace nil { typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>>; constexpr static const std::size_t s = 0x03; constexpr static const extended_integral_type t = @@ -177,7 +179,9 @@ namespace nil { typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>>; constexpr static const std::size_t s = 0x2F; constexpr static const extended_integral_type t = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/bn128.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/bn128.hpp deleted file mode 100644 index 17a19394ac..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/bn128.hpp +++ /dev/null @@ -1,215 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_BN128_ARITHMETIC_PARAMS_HPP -#define CRYPTO3_ALGEBRA_FIELDS_BN128_ARITHMETIC_PARAMS_HPP - -#include - -#include -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - template - struct arithmetic_params> : public params> { - private: - typedef params> policy_type; - - public: - typedef typename policy_type::modular_type modular_type; - typedef typename policy_type::modular_backend modular_backend; - typedef typename policy_type::integral_type integral_type; - - constexpr static const std::size_t s = 0x01; - constexpr static const integral_type t = - 0x183227397098D014DC2822DB40C0AC2ECBC0B548B438E5469E10460B6C3E7EA3_cppui_modular253; - constexpr static const integral_type t_minus_1_over_2 = - 0xC19139CB84C680A6E14116DA060561765E05AA45A1C72A34F082305B61F3F51_cppui_modular252; - constexpr static const integral_type arithmetic_generator = 0x01; - constexpr static const integral_type geometric_generator = 0x02; - constexpr static const integral_type multiplicative_generator = 0x03; - constexpr static const integral_type root_of_unity = - 0x30644E72E131A029B85045B68181585D97816A916871CA8D3C208C16D87CFD46_cppui_modular254; - constexpr static const integral_type nqr = 0x03; - constexpr static const integral_type nqr_to_t = - 0x30644E72E131A029B85045B68181585D97816A916871CA8D3C208C16D87CFD46_cppui_modular254; - constexpr static const integral_type Rsquared = - 0x6D89F71CAB8351F47AB1EFF0A417FF6B5E71911D44501FBF32CFC5B538AFA89_cppui_modular251; - constexpr static const integral_type Rcubed = - 0x20FD6E902D592544EF7F0B0C0ADA0AFB62F210E6A7283DB6B1CD6DAFDA1530DF_cppui_modular254; - - constexpr static const integral_type modulus = policy_type::modulus; - constexpr static const integral_type group_order = - 0x183227397098D014DC2822DB40C0AC2ECBC0B548B438E5469E10460B6C3E7EA3_cppui_modular254; - }; - - template - struct arithmetic_params>> : public params> { - private: - typedef params> policy_type; - - public: - typedef typename policy_type::modular_type modular_type; - typedef typename policy_type::modular_backend modular_backend; - typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t s = 0x04; - constexpr static const extended_integral_type t = - 0x925C4B8763CBF9C599A6F7C0348D21CB00B85511637560626EDFA5C34C6B38D04689E957A1242C84A50189C6D96CADCA602072D09EAC1013B5458A2275D69B_cppui_modular504; - constexpr static const extended_integral_type t_minus_1_over_2 = - 0x492E25C3B1E5FCE2CCD37BE01A4690E5805C2A88B1BAB031376FD2E1A6359C682344F4ABD09216425280C4E36CB656E5301039684F560809DAA2C5113AEB4D_cppui_modular503; - constexpr static const std::array nqr = {0x02, 0x01}; - constexpr static const std::array nqr_to_t = { - 0xB20DCB5704E326A0DD3ECD4F30515275398A41A4E1DC5D347CFBBEDDA71CF82_cppui_modular252, - 0xB1FFEFD8885BF22252522C29527D19F05CFC50E9715370AB0F3A6CA462390C_cppui_modular248}; - - constexpr static const integral_type modulus = policy_type::modulus; - constexpr static const extended_integral_type group_order = - 0x492E25C3B1E5FCE2CCD37BE01A4690E5805C2A88B1BAB031376FD2E1A6359C682344F4ABD09216425280C4E36CB656E5301039684F560809DAA2C5113AEB4D8_cppui_modular507; - }; - - template - struct arithmetic_params> : public params> { - private: - typedef params> policy_type; - - public: - typedef typename policy_type::modular_type modular_type; - typedef typename policy_type::modular_backend modular_backend; - typedef typename policy_type::integral_type integral_type; - - constexpr static const std::size_t s = 0x1C; - constexpr static const integral_type t = - 0x30644E72E131A029B85045B68181585D2833E84879B9709143E1F593F_cppui_modular226; - constexpr static const integral_type t_minus_1_over_2 = - 0x183227397098D014DC2822DB40C0AC2E9419F4243CDCB848A1F0FAC9F_cppui_modular225; - constexpr static const integral_type arithmetic_generator = 0x01; - constexpr static const integral_type geometric_generator = 0x02; - constexpr static const integral_type multiplicative_generator = 0x05; - constexpr static const integral_type root_of_unity = - 0x2A3C09F0A58A7E8500E0A7EB8EF62ABC402D111E41112ED49BD61B6E725B19F0_cppui_modular254; - constexpr static const integral_type nqr = 0x05; - constexpr static const integral_type nqr_to_t = - 0x2A3C09F0A58A7E8500E0A7EB8EF62ABC402D111E41112ED49BD61B6E725B19F0_cppui_modular254; - constexpr static const integral_type Rsquared = - 0x216D0B17F4E44A58C49833D53BB808553FE3AB1E35C59E31BB8E645AE216DA7_cppui_modular250; - constexpr static const integral_type Rcubed = - 0xCF8594B7FCC657C893CC664A19FCFED2A489CBE1CFBB6B85E94D8E1B4BF0040_cppui_modular252; - - constexpr static const integral_type modulus = policy_type::modulus; - constexpr static const integral_type group_order = - 0x183227397098D014DC2822DB40C0AC2E9419F4243CDCB848A1F0FAC9F8000000_cppui_modular254; - }; - - constexpr std::size_t const arithmetic_params>::s; - constexpr std::size_t const arithmetic_params>>::s; - constexpr std::size_t const arithmetic_params>::s; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::t; - constexpr typename arithmetic_params>>::extended_integral_type const - arithmetic_params>>::t; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::t; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::t_minus_1_over_2; - constexpr typename arithmetic_params>>::extended_integral_type const - arithmetic_params>>::t_minus_1_over_2; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::t_minus_1_over_2; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::arithmetic_generator; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::arithmetic_generator; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::geometric_generator; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::geometric_generator; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::multiplicative_generator; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::multiplicative_generator; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::root_of_unity; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::root_of_unity; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::nqr; - constexpr std::array>>::integral_type, 2> const - arithmetic_params>>::nqr; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::nqr; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::nqr_to_t; - constexpr std::array>>::integral_type, 2> const - arithmetic_params>>::nqr_to_t; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::nqr_to_t; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::Rsquared; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::Rsquared; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::Rcubed; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::Rcubed; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::modulus; - constexpr typename arithmetic_params>>::integral_type const - arithmetic_params>>::modulus; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::modulus; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::group_order; - constexpr typename arithmetic_params>>::extended_integral_type const - arithmetic_params>>::group_order; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::group_order; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_BN128_ARITHMETIC_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/dsa_botan.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/dsa_botan.hpp deleted file mode 100644 index 22e291639d..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/dsa_botan.hpp +++ /dev/null @@ -1,93 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_DSA_BOTAN_ARITHMETIC_PARAMS_HPP -#define CRYPTO3_ALGEBRA_FIELDS_DSA_BOTAN_ARITHMETIC_PARAMS_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - template<> - struct arithmetic_params> : public params> { - private: - typedef params> policy_type; - - public: - typedef typename policy_type::modular_type modular_type; - typedef typename policy_type::modular_backend modular_backend; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type mul_generator = - 0xD9F5E0761B4DBD1833D6AB1A961A0996C5F22303F72D84C140F67C431D94AB5715BEA81A0C98D39CE4BCF78D6B9EBC895D34FE89D94091D5848615EF15F5E86F11D96F6C969E203DDFA58356420A49CB444B595B901A933CFE0767B594F18A07B7F91DECDBA446B88990F78F2FF91F2FE7CD43FD2E46D18EADA1F7BB6602C617F6EF3A4B284F2FD9BA10A36042DE8FA87A2CA36597FEC81157A1485E44041DF02830111CB880BBE6ED494814886F965CDC3135F5CCF1383728BF65B806F9692C0B10D6C4C09C75A6CA3B4013CB16AB2C105F6BE23AEA9000EAB2178985F972C98057E1C86E44E7218688EA4AE0F3636DCCA745C9DCD4E6AFFB67CCBC13D6131_cppui_modular2048; - - constexpr static const integral_type modulus = policy_type::modulus; - constexpr static const integral_type group_order = - 0x8CD7D450F86F0AD94EEE4CE469A8756D1EBD1058241943EAFFB0B354585E924D_cppui_modular256; - }; - - template<> - struct arithmetic_params> : public params> { - private: - typedef params> policy_type; - - public: - typedef typename policy_type::modular_type modular_type; - typedef typename policy_type::modular_backend modular_backend; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type mul_generator = - 0x2BED21EEF83964A230AE89BBA71D9F7C39C52FC8229B4E3BC7E5944D329DA10F010EAC9E7BAF6C009FC4EB2960723E2B56DF4663E4C3AC800E9258DE2F7649D206782893F865EFCA498D2EEF30074EA5E8A7AB262712A4D94A2F3B0B9A92EE400FB38A3CC59A5DC7E436D5C004B22E35028381B51C93407EB32D4AE0FD42CB45E12D0ECEE8A26238EDE2082A7B1522113C66CEF8D745C6CF3CB945F84D2F4DE16D44A71DE198270E13F03553C88B8D323AD0B948A1BF2103A949979B6ED16FB5F3C953D95B7C8E88CA67DCF5A636FB9CA39D924215F7A884ED6C7EE3C96D8D9715427974B7C4351282E13D3773F7D28B452F10892A13C7587328DEA4827B6B369B2A8DC172ADC583F51F2A6598C5483E5BC467B02F91D059C402D18E2C2680F776AA06F49280A2C72C17CC42D5B6E740C5C4B1AB3C51C2ED092BE2A2D8B053AE5773D1425ED2B08F06E2DD50592DF1A478C15591CDFD11564FF88FF38B721D42392FDA473212DCFD8D2D88A976A00AFFE6FFFB430A359E64CA2B351CA2412394_cppui_modular3072; - - constexpr static const integral_type modulus = policy_type::modulus; - constexpr static const integral_type group_order = - 0xB3EBD364EC69EF8CF3BAF643B75734B16339B2E49E5CDE1B59C1E9FB40EE0C5B_cppui_modular256; - }; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::group_order; - - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::group_order; - - // TODO: mul_generator should be renamed - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::mul_generator; - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::mul_generator; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_ALGEBRA_FIELDS_DSA_BOTAN_ARITHMETIC_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/dsa_jce.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/dsa_jce.hpp deleted file mode 100644 index 8e354063f4..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/dsa_jce.hpp +++ /dev/null @@ -1,72 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_DSA_JCE_ARITHMETIC_PARAMS_HPP -#define CRYPTO3_ALGEBRA_FIELDS_DSA_JCE_ARITHMETIC_PARAMS_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - template - struct arithmetic_params> : public params> { - private: - typedef params> policy_type; - - public: - typedef typename policy_type::modular_type modular_type; - typedef typename policy_type::modular_backend modular_backend; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type mul_generator = - 0x469603512E30278CD3947595DB22EEC9826A6322ADC97344F41D740C325724C8F9EFBAA7D4D803FF8C609DCD100EBC5BDFCFAD7C6A425FAEA786EA2050EBE98351EA1FDA1FDF24D6947AA6B9AA23766953802F4D7D4A8ECBA06D19768A2491FFB16D0EF9C43A99B5F71672FF6F0A24B444D0736D04D38A1A1322DAF6CDD88C9D_cppui_modular1024; - - constexpr static const integral_type modulus = policy_type::modulus; - constexpr static const integral_type group_order = - 0x9760508F15230BCCB292B982A2EB840BF0581CF5_cppui_modular160; - }; - - template - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::group_order; - - template - constexpr typename arithmetic_params>::integral_type const - arithmetic_params>::mul_generator; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_DSA_JCE_ARITHMETIC_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt4.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt4.hpp index 28680b788e..463336da34 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt4.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt4.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_ALGEBRA_FIELDS_MNT4_ARITHMETIC_PARAMS_HPP #include -#include #include #include @@ -82,7 +81,8 @@ namespace nil { typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>>; constexpr static const std::size_t s = 0x12; constexpr static const extended_integral_type t = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt6.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt6.hpp index e47cfe293f..ca0eb1eed6 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt6.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/arithmetic_params/mnt6.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_ALGEBRA_FIELDS_MNT6_ARITHMETIC_PARAMS_HPP #include -#include #include #include @@ -82,7 +81,8 @@ namespace nil { typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<3 * policy_type::modulus_bits>>; constexpr static const std::size_t s = 0x22; constexpr static const extended_integral_type t = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/babyjubjub/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/babyjubjub/scalar_field.hpp index b66e5da8c0..cecac86ac6 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/babyjubjub/scalar_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/babyjubjub/scalar_field.hpp @@ -47,8 +47,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/base_field.hpp index 56e5e6caa1..f1037f5c60 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/base_field.hpp @@ -53,7 +53,6 @@ namespace nil { constexpr static const std::size_t arity = 1; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ typedef __zkllvm_field_bls12381_base value_type; #else @@ -86,7 +85,6 @@ namespace nil { constexpr static const std::size_t arity = 1; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ // typedef __zkllvm_field_bls12377_base value_type; #else diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/scalar_field.hpp index d2e0c746a3..aedd96d8b4 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/scalar_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bls12/scalar_field.hpp @@ -55,7 +55,6 @@ namespace nil { constexpr static const std::size_t arity = 1; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ typedef __zkllvm_field_bls12381_scalar value_type; #else @@ -88,7 +87,6 @@ namespace nil { constexpr static const std::size_t arity = 1; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ // typedef __zkllvm_field__bls377_scalar value_type; #else diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bn128/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bn128/base_field.hpp deleted file mode 100644 index 81c144a818..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bn128/base_field.hpp +++ /dev/null @@ -1,99 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_BN128_BASE_FIELD_HPP -#define CRYPTO3_ALGEBRA_FIELDS_BN128_BASE_FIELD_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief IETF IPsec groups - * @tparam Version - */ - template - struct bn128_base_field; - - template<> - struct bn128_base_field<254> : public field<254> { - typedef field<254> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0x30644E72E131A029B85045B68181585D97816A916871CA8D3C208C16D87CFD47_cppui_modular254; - constexpr static const integral_type group_order_minus_one_half = (modulus - 1) / 2; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename std::size_t const bn128_base_field<254>::modulus_bits; - - constexpr typename std::size_t const bn128_base_field<254>::number_bits; - - constexpr typename std::size_t const bn128_base_field<254>::value_bits; - - constexpr typename bn128_base_field<254>::integral_type const bn128_base_field<254>::modulus; - - constexpr - typename bn128_base_field<254>::modular_params_type const bn128_base_field<254>::modulus_params; - - template - using bn128_fq = bn128_base_field; - - template - using bn128 = bn128_base_field; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_BN128_BASE_FIELD_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bn128/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bn128/scalar_field.hpp deleted file mode 100644 index 64f60ab5a4..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/bn128/scalar_field.hpp +++ /dev/null @@ -1,96 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_BN128_SCALAR_FIELD_HPP -#define CRYPTO3_ALGEBRA_FIELDS_BN128_SCALAR_FIELD_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief IETF IPsec groups - * @tparam Version - */ - template - struct bn128_scalar_field; - - template<> - struct bn128_scalar_field<254> : public field<254> { - typedef field<254> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0x30644E72E131A029B85045B68181585D2833E84879B9709143E1F593F0000001_cppui_modular254; - constexpr static const integral_type group_order_minus_one_half = (modulus - 1) / 2; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename std::size_t const bn128_scalar_field<254>::modulus_bits; - - constexpr typename std::size_t const bn128_scalar_field<254>::number_bits; - - constexpr typename std::size_t const bn128_scalar_field<254>::value_bits; - - constexpr typename bn128_scalar_field<254>::integral_type const bn128_scalar_field<254>::modulus; - - constexpr - typename bn128_scalar_field<254>::modular_params_type const bn128_scalar_field<254>::modulus_params; - - template - using bn128_fr = bn128_scalar_field; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_BN128_SCALAR_FIELD_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/base_field.hpp index 9881b69590..fd87f46b55 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/base_field.hpp @@ -51,12 +51,13 @@ namespace nil { constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const std::size_t value_bits = modulus_bits; constexpr static const std::size_t arity = 1; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>>; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ typedef __zkllvm_field_curve25519_base value_type; -#else +#else constexpr static const integral_type modulus = 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed_cppui_modular255; constexpr static const integral_type group_order_minus_one_half = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/scalar_field.hpp index c04b503a34..2cf3fba0c1 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/scalar_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/curve25519/scalar_field.hpp @@ -51,9 +51,10 @@ namespace nil { constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const std::size_t value_bits = modulus_bits; constexpr static const std::size_t arity = 1; - + typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>>; #ifdef __ZKLLVM__ typedef __zkllvm_field_curve25519_scalar value_type; #else diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp12_2over3over2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp12_2over3over2.hpp index 0880580bde..ba3e3483b4 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp12_2over3over2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp12_2over3over2.hpp @@ -143,11 +143,6 @@ namespace nil { return *this; } - element_fp12_2over3over2 sqrt() const { - - // TODO: compute squared root with Tonelli--Shanks - } - element_fp12_2over3over2 squared() const { return (*this) * (*this); // maybe can be done more effective @@ -177,9 +172,6 @@ namespace nil { template element_fp12_2over3over2 Frobenius_map(const PowerType &pwr) const { - // return element_fp12_2over3over2(data[0].Frobenius_map(pwr), - // policy_type::Frobenius_coeffs_c1[pwr % 12] * - // data[1].Frobenius_map(pwr)}); return element_fp12_2over3over2(data[0].Frobenius_map(pwr), typename policy_type::non_residue_type( policy_type::Frobenius_coeffs_c1[(pwr % 12) * 2], @@ -280,7 +272,6 @@ namespace nil { } return res; - // return *this; } /** @brief multiply by [ [c0, 0, 0], [c3, c4, 0] ] */ @@ -331,13 +322,6 @@ namespace nil { const typename underlying_type::underlying_type &ell_VW, const typename underlying_type::underlying_type &ell_VV) const { - // element_fp12_2over3over2 a( - // underlying_type(ell_VW, underlying_type::underlying_type::zero(), - // underlying_type::underlying_type::zero()), - // underlying_type(underlying_type::underlying_type::zero(), ell_0, ell_VV)); - // - // return (*this) * a; - typename underlying_type::underlying_type z0 = this->data[0].data[0]; typename underlying_type::underlying_type z1 = this->data[0].data[1]; typename underlying_type::underlying_type z2 = this->data[0].data[2]; @@ -352,9 +336,8 @@ namespace nil { typename underlying_type::underlying_type t0, t1, t2, t3, t4, t5; typename underlying_type::underlying_type tmp1, tmp2; - // TODO: non_residue should be used as static - tmp1 = element_fp12_2over3over2().non_residue * x4; - tmp2 = element_fp12_2over3over2().non_residue * x5; + tmp1 = element_fp12_2over3over2::non_residue * x4; + tmp2 = element_fp12_2over3over2::non_residue * x5; t0 = x0 * z0 + tmp1 * z4 + tmp2 * z3; t1 = x0 * z1 + tmp1 * z5 + tmp2 * z4; @@ -378,42 +361,8 @@ namespace nil { return (*this) * a; } - /*element_fp12_2over3over2 sqru() { - element_fp2 &z0(a_.a_); - element_fp2 &z4(a_.b_); - element_fp2 &z3(a_.c_); - element_fp2 &z2(b_.a_); - element_fp2 &z1(b_.b_); - element_fp2 &z5(b_.c_); - element_fp4 t0t1; - element_fp2 t0 = t0t1.data[0], t1 = t0t1.data[1]; - - t0t1 = sq_Fp4UseDbl({z0, z1}); // a^2 = t0 + t1*y - // For A - z0 = t0 - z0; - z0 += z0; - z0 += t0; - - z1 = (t1 + z1).doubled() + t1; - - // t0 and t1 are unnecessary from here. - element_fp2 t2, t3; - t0t1 = sq_Fp4UseDbl({z2, z3}); // b^2 = t0 + t1*y - t0t1 = sq_Fp4UseDbl({z4, z5}); // c^2 = t2 + t3*y - // For C - z4 = (t0 - z4).doubled() + t0; - z5 = (t1 + z5).doubled() + t1; - - // For B - t0 = t3.mul_xi(); - - z2 = (t0 + z2).doubled() + t0; - - z3 = (t2 - z3).doubled() + t2; - }*/ - - /*inline static*/ underlying_type mul_by_non_residue(const underlying_type &A) const { + inline static underlying_type mul_by_non_residue(const underlying_type &A) { return underlying_type(non_residue * A.data[2], A.data[0], A.data[1]); } }; @@ -464,79 +413,6 @@ namespace nil { return rhs * lhs; } - /* - (a + bw) -> (a - bw) gammar - */ - /*template - element_fp12_2over3over2 Frobenius(element_fp12_2over3over2 A) { - // this assumes (q-1)/6 is odd - - z.a_.a_.a_ = A.a_.a_.a_; - z.a_.b_.a_ = A.a_.b_.a_; - z.a_.c_.a_ = A.a_.c_.a_; - z.b_.a_.a_ = A.b_.a_.a_; - z.b_.b_.a_ = A.b_.b_.a_; - z.b_.c_.a_ = A.b_.c_.a_; - - z.a_.a_.b_ = -A.a_.a_.b_; - z.a_.b_.b_ = -A.a_.b_.b_; - z.a_.c_.b_ = -A.a_.c_.b_; - z.b_.a_.b_ = -A.b_.a_.b_; - z.b_.b_.b_ = -A.b_.b_.b_; - z.b_.c_.b_ = -A.b_.c_.b_; - - z.a_.b_ *= Param::gammar[1]; - z.a_.c_ *= Param::gammar[3]; - - z.b_.a_ *= Param::gammar[0]; - z.b_.b_ *= Param::gammar[2]; - z.b_.c_ *= Param::gammar[4]; - }*/ - - /* - gammar = c + dw - a + bw -> t = (a - bw)(c + dw) - ~t = (a + bw)(c - dw) - ~t * (c + dw) = (a + bw) * ((c + dw)(c - dw)) - gammar2 = (c + dw)(c - dw) in Fp6 - */ - /*template - element_fp12_2over3over2 Frobenius2(element_fp12_2over3over2 A) { - - z.a_.a_ = A.a_.a_; - - z.a_.a_ = A.a_.a_; - z.a_.b_ = A.a_.b_.mul_Fp_0(Param::gammar2[1].a_); - z.a_.c_ = A.a_.c_.mul_Fp_0(Param::gammar2[3].a_); - z.b_.a_ = A.b_.a_.mul_Fp_0(Param::gammar2[0].a_); - z.b_.b_ = A.b_.b_.mul_Fp_0(Param::gammar2[2].a_); - z.b_.c_ = A.b_.c_.mul_Fp_0(Param::gammar2[4].a_); - } - - template - element_fp12_2over3over2 Frobenius3(element_fp12_2over3over2 A) { - z.a_.a_.a_ = A.a_.a_.a_; - z.a_.b_.a_ = A.a_.b_.a_; - z.a_.c_.a_ = A.a_.c_.a_; - z.b_.a_.a_ = A.b_.a_.a_; - z.b_.b_.a_ = A.b_.b_.a_; - z.b_.c_.a_ = A.b_.c_.a_; - - z.a_.a_.b_ = -A.a_.a_.b_; - z.a_.b_.b_ = -A.a_.b_.b_; - z.a_.c_.b_ = -A.a_.c_.b_; - z.b_.a_.b_ = -A.b_.a_.b_; - z.b_.b_.b_ = -A.b_.b_.b_; - z.b_.c_.b_ = -A.b_.c_.b_; - - z.a_.b_ *= Param::gammar3[1]; - z.a_.c_ *= Param::gammar3[3]; - - z.b_.a_ *= Param::gammar3[0]; - z.b_.b_ *= Param::gammar3[2]; - z.b_.c_ *= Param::gammar3[4]; - }*/ - template constexpr const typename element_fp12_2over3over2::non_residue_type element_fp12_2over3over2::non_residue; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp4.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp4.hpp index c2bc146be4..191e2ab61d 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp4.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp4.hpp @@ -139,11 +139,6 @@ namespace nil { return *this; } - element_fp4 sqrt() const { - - // compute squared root with Tonelli--Shanks - } - constexpr element_fp4 squared() const { return (*this) * (*this); // maybe can be done more effective } diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_2over3.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_2over3.hpp index fa7fb864d4..889075e200 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_2over3.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_2over3.hpp @@ -138,11 +138,6 @@ namespace nil { return *this; } - element_fp6_2over3 sqrt() const { - - // compute squared root with Tonelli--Shanks - } - constexpr element_fp6_2over3 squared() const { // return (*this) * (*this); // maybe can be done more effective diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_3over2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_3over2.hpp index 333864f501..cfcf0d17fa 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_3over2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/element/fp6_3over2.hpp @@ -153,11 +153,6 @@ namespace nil { return *this; } - element_fp6_3over2 sqrt() const { - - // compute squared root with Tonelli--Shanks - } - element_fp6_3over2 mul_Fp_b(const element_fp &B) { return element_fp6_3over2(data[0], data[1].mul_Fp_0(B), data[2]); } diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/exponentiation.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/exponentiation.hpp index 3e3f91dc08..03d6edfcce 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/exponentiation.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/exponentiation.hpp @@ -53,8 +53,7 @@ namespace nil { if (boost::multiprecision::bit_test(exponent, i)) { found_one = true; - // TODO(martun): create an operator *= for this. - result = result * base; + result *= base; } } diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/alt_bn128/fp2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/alt_bn128/fp2.hpp index 5f8d4e2ffb..0955a36f98 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/alt_bn128/fp2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/alt_bn128/fp2.hpp @@ -54,7 +54,11 @@ namespace nil { using field_type = fields::fp2; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + typedef boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>> + extended_integral_type; + constexpr static const integral_type modulus = policy_type::modulus; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bls12/fp2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bls12/fp2.hpp index 8fcfabd267..7f5faa4e6e 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bls12/fp2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bls12/fp2.hpp @@ -55,7 +55,10 @@ namespace nil { using field_type = fields::fp2; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + typedef boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>> + extended_integral_type; constexpr static const integral_type modulus = policy_type::modulus; @@ -77,10 +80,6 @@ namespace nil { constexpr static const extended_integral_type group_order_minus_one_half = 0x1521BD25C61AFE3A5E93C75511792F4F16E48728738235A3372CF249A4F45E82853167E8B6EE5377A98A49984BC77808EB430CE430C2E3D949742D43848D024B35FC8F69F38DBA18B1619C1B1089E7EBE76B58EBB1C1755935500000E38C71C_cppui_modular761; - /*constexpr static const std::array Frobenius_coeffs_c1 = - {non_residue_type(0x01), - non_residue_type(0x1A0111EA397FE69A4B1BA7B6434BACD764774B84F38512BF6730D2A0F6B0F6241EABFFFEB153FFFFB9FEFFFFFFFFAAAA_cppui_modular381)};*/ - constexpr static const std::array Frobenius_coeffs_c1 = { 0x01, 0x1A0111EA397FE69A4B1BA7B6434BACD764774B84F38512BF6730D2A0F6B0F6241EABFFFEB153FFFFB9FEFFFFFFFFAAAA_cppui_modular381}; @@ -101,7 +100,11 @@ namespace nil { using field_type = fields::fp2; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + typedef boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>> + extended_integral_type; + constexpr static const integral_type modulus = policy_type::modulus; @@ -123,10 +126,6 @@ namespace nil { constexpr static const extended_integral_type group_order_minus_one_half = 0x16983E85DD7FD912B489DD9B0931E25DC5C3ED257749F8FAF38A09EED26AE04E80C57DC833066E00A7389281526B62305555545DB857018C1925CAC31C64EB5E5FDE91AF8E04D256D1347970DEC00399C692A780000008508C00000000000_cppui_modular753; - /*constexpr static const std::array Frobenius_coeffs_c1 = - {non_residue_type(0x01), - non_residue_type(0x1AE3A4617C510EAC63B05C06CA1493B1A22D9F300F5138F1EF3622FBA094800170B5D44300000008508C00000000000_cppui_modular377)};*/ - constexpr static const std::array Frobenius_coeffs_c1 = { 0x01, 0x1AE3A4617C510EAC63B05C06CA1493B1A22D9F300F5138F1EF3622FBA094800170B5D44300000008508C00000000000_cppui_modular377}; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp12_2over3over2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp12_2over3over2.hpp deleted file mode 100644 index 8f82eccac2..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp12_2over3over2.hpp +++ /dev/null @@ -1,103 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_BN128_FP12_2OVER3OVER2_EXTENSION_PARAMS_HPP -#define CRYPTO3_ALGEBRA_FIELDS_BN128_FP12_2OVER3OVER2_EXTENSION_PARAMS_HPP - -#include -#include -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - template - class fp12_2over3over2; - - namespace detail { - - template - class fp12_2over3over2_extension_params; - - /************************* BN128 ***********************************/ - - template - class fp12_2over3over2_extension_params> - : public params> { - - typedef fields::bn128 base_field_type; - typedef params policy_type; - - public: - using field_type = fields::fp12_2over3over2; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = policy_type::modulus; - - typedef fields::fp2 non_residue_field_type; - typedef typename non_residue_field_type::value_type non_residue_type; - typedef fields::fp6_3over2 underlying_field_type; - typedef typename underlying_field_type::value_type underlying_type; - - /*constexpr static const std::array Frobenius_coeffs_c1 = - {non_residue_type(0x00, 0x00), non_residue_type(0x00, 0x00), non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00)};*/ - - constexpr static const std::array Frobenius_coeffs_c1 = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - - constexpr static const non_residue_type non_residue = non_residue_type(0x09u, 0x01u); - }; - - template - constexpr - typename fp12_2over3over2_extension_params>::non_residue_type const - fp12_2over3over2_extension_params>::non_residue; - - template - constexpr std::array< - typename fp12_2over3over2_extension_params>::integral_type, - 12 * 2> const fp12_2over3over2_extension_params>::Frobenius_coeffs_c1; - } // namespace detail - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_BN128_FP12_2OVER3OVER2_EXTENSION_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp2.hpp deleted file mode 100644 index 61cc0581da..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp2.hpp +++ /dev/null @@ -1,127 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_BN128_FP2_EXTENSION_PARAMS_HPP -#define CRYPTO3_ALGEBRA_FIELDS_BN128_FP2_EXTENSION_PARAMS_HPP - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - template - class fp2; - - namespace detail { - - template - class fp2_extension_params; - - /************************* BN128 ***********************************/ - - template - class fp2_extension_params> : public params> { - - typedef fields::bn128 base_field_type; - typedef params policy_type; - - public: - using field_type = fields::fp2; - - typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const integral_type modulus = policy_type::modulus; - - typedef base_field_type non_residue_field_type; - typedef typename non_residue_field_type::value_type non_residue_type; - typedef base_field_type underlying_field_type; - typedef typename underlying_field_type::value_type underlying_type; - - constexpr static const std::size_t s = 0x04; - constexpr static const extended_integral_type t = - 0x925C4B8763CBF9C599A6F7C0348D21CB00B85511637560626EDFA5C34C6B38D04689E957A1242C84A50189C6D96CADCA602072D09EAC1013B5458A2275D69B_cppui_modular504; - constexpr static const extended_integral_type t_minus_1_over_2 = - 0x492E25C3B1E5FCE2CCD37BE01A4690E5805C2A88B1BAB031376FD2E1A6359C682344F4ABD09216425280C4E36CB656E5301039684F560809DAA2C5113AEB4D_cppui_modular503; - constexpr static const std::array nqr = {0x02, 0x01}; - constexpr static const std::array nqr_to_t = { - 0xB20DCB5704E326A0DD3ECD4F30515275398A41A4E1DC5D347CFBBEDDA71CF82_cppui_modular252, - 0xB1FFEFD8885BF22252522C29527D19F05CFC50E9715370AB0F3A6CA462390C_cppui_modular248}; - - constexpr static const extended_integral_type group_order_minus_one_half = - 0x492E25C3B1E5FCE2CCD37BE01A4690E5805C2A88B1BAB031376FD2E1A6359C682344F4ABD09216425280C4E36CB656E5301039684F560809DAA2C5113AEB4D8_cppui_modular507; - - /*constexpr static const std::array Frobenius_coeffs_c1 = - {non_residue_type(0x00), non_residue_type(0x00)};*/ - - constexpr static const std::array Frobenius_coeffs_c1 = {0x00, 0x00}; - - constexpr static const non_residue_type non_residue = non_residue_type( - 0x30644E72E131A029B85045B68181585D97816A916871CA8D3C208C16D87CFD46_cppui_modular254); - }; - - template - constexpr typename fp2_extension_params>::non_residue_type const - fp2_extension_params>::non_residue; - - template - constexpr typename std::size_t const fp2_extension_params>::s; - - template - constexpr typename fp2_extension_params>::extended_integral_type const - fp2_extension_params>::t; - - template - constexpr typename fp2_extension_params>::extended_integral_type const - fp2_extension_params>::t_minus_1_over_2; - - template - constexpr std::array>::integral_type, - 2> const fp2_extension_params>::nqr; - - template - constexpr std::array>::integral_type, - 2> const fp2_extension_params>::nqr_to_t; - - template - constexpr typename fp2_extension_params>::extended_integral_type const - fp2_extension_params>::group_order_minus_one_half; - - template - constexpr std::array>::integral_type, - 2> const fp2_extension_params>::Frobenius_coeffs_c1; - - } // namespace detail - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_BN128_FP2_EXTENSION_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp6_3over2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp6_3over2.hpp deleted file mode 100644 index c634fea326..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/bn128/fp6_3over2.hpp +++ /dev/null @@ -1,107 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_BN128_FP6_3OVER2_EXTENSION_PARAMS_HPP -#define CRYPTO3_ALGEBRA_FIELDS_BN128_FP6_3OVER2_EXTENSION_PARAMS_HPP - -#include -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - template - class fp6_3over2; - - namespace detail { - - template - class fp6_3over2_extension_params; - - /************************* BN128 ***********************************/ - - template - class fp6_3over2_extension_params> : public params> { - - typedef fields::bn128 base_field_type; - typedef params policy_type; - - public: - using field_type = fields::fp6_3over2; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = policy_type::modulus; - - typedef fields::fp2 non_residue_field_type; - typedef typename non_residue_field_type::value_type non_residue_type; - typedef fields::fp2 underlying_field_type; - typedef typename underlying_field_type::value_type underlying_type; - - /*constexpr static const std::array Frobenius_coeffs_c1 = - {non_residue_type(0x00, 0x00), non_residue_type(0x00, 0x00), non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00)}; - - constexpr static const std::array Frobenius_coeffs_c2 = - {non_residue_type(0x00, 0x00), non_residue_type(0x00, 0x00), non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00), - non_residue_type(0x00, 0x00)};*/ - - constexpr static const std::array Frobenius_coeffs_c1 = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - - constexpr static const std::array Frobenius_coeffs_c2 = { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; - - constexpr static const non_residue_type non_residue = non_residue_type(0x09u, 0x01u); - }; - - template - constexpr typename fp6_3over2_extension_params>::non_residue_type const - fp6_3over2_extension_params>::non_residue; - - template - constexpr std::array>::integral_type, - 6 * 2> const - fp6_3over2_extension_params>::Frobenius_coeffs_c1; - template - constexpr std::array>::integral_type, - 6 * 2> const - fp6_3over2_extension_params>::Frobenius_coeffs_c2; - - } // namespace detail - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_BN128_FP6_3OVER2_EXTENSION_PARAMS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt4/fp2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt4/fp2.hpp index 7752d7892d..7b25056e1a 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt4/fp2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt4/fp2.hpp @@ -57,7 +57,11 @@ namespace nil { using field_type = fields::fp2; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + typedef boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * policy_type::modulus_bits>> + extended_integral_type; + constexpr static const integral_type modulus = policy_type::modulus; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt6/fp3.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt6/fp3.hpp index db5548812b..156d2fa062 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt6/fp3.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/detail/extension_params/mnt6/fp3.hpp @@ -56,7 +56,11 @@ namespace nil { using field_type = fields::fp3; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; + + typedef boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<3 * policy_type::modulus_bits>> + extended_integral_type; + constexpr static const integral_type modulus = policy_type::modulus; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/dsa_botan.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/dsa_botan.hpp deleted file mode 100644 index e8c55353f8..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/dsa_botan.hpp +++ /dev/null @@ -1,111 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_DSA_BOTAN_HPP -#define CRYPTO3_ALGEBRA_FIELDS_DSA_BOTAN_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief DSA group - * @tparam Version - */ - template - struct dsa_botan : public field { }; - - template<> - struct dsa_botan<2048> : public field<2048> { - typedef field<2048> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0x91C48A4FDFBCF7C02AE95E7DA126122B5DD2864F559B87E8E74A286D52F59BD1DE68DFD645D0E00C60C080031891980374EEB594A532BFD67B9A09EAC4B8663A07910E68F39465FB7040D25DF13932EBAC4347A530ECBA61C854F9B880D3C0C3660080587C45566DADE26BD5A394BE093B4C0F24B5AFFEF8EC6C5B3E57FB89025A9BC16769932131E16D3C94EFCAB18D0DF061203CC53E6103BC72D5594BFD40CA65380F44A9A851DCB075495FC033A8A58071A1BD78FE052F66555648EB4B719D2AFE8B4880F8DAD6F15818BA178F89274C870BE9B96EB08C46C40040CC2EFE1DFB1B1868DD319DE3C34A32A63AB6EB1224209A419680CC7902D1728D4DF9E1_cppui_modular2048; - - constexpr static const integral_type group_order_minus_one_half = (modulus - 1) / 2; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct dsa_botan<3072> : public field<3072> { - typedef field<3072> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xE4B50880759663585E142460CA2D9DFF132F8AE4C840DDA3A2666889124FE5638B84E8A29B7AF3FA1209BE6BFC4B5072ED3B2B7387BAF3F857F478A80228EF3600B76B3DCFB61D20D34465B2506D2CAF87DF6E7DC0CE91BD2D167A46F6ADCC31C531E4F9C7ABBDB92ADDF35B0A806C66292A5F5E17E964DD099903733AC428AB35D80EA6F685BFBA8BE4068E5418AE5ECAD9E8FF073DE2B63E4E7EAD35C8A9B70B5BD47CFB88D373B66F37931939B0AB71BD5595809086DA0155337D185A0E4FB36A519B1B6202B8591E6002449CF1CD3A66384F6D2073B1CD73BECA93BAF1E1A6117D0238F222AE1ED7FED185A890E7F67FAB8FEB9753CC134A5183DFE87AE2595F7B5C2D9FBB42249FDD59513E1D3396B3EB2FD86684F285A8448FE757A029881C40760B94EF919BDF9740C38389599EC51A6E9BB519A8E068491E9CE0A2FCFE3CB60D66CF0DFAD20A8EC684048684A61444575BD1724D7352B44A760077B3BD6BD385CE5B0A7250CC0BF768DA82923806EB9CFBB138843731B618208C759B_cppui_modular3072; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename dsa_botan<2048>::integral_type const dsa_botan<2048>::modulus; - constexpr typename dsa_botan<3072>::integral_type const dsa_botan<3072>::modulus; - constexpr typename dsa_botan<2048>::modular_params_type const dsa_botan<2048>::modulus_params; - constexpr typename dsa_botan<3072>::modular_params_type const dsa_botan<3072>::modulus_params; - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_DSA_BOTAN_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/dsa_jce.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/dsa_jce.hpp deleted file mode 100644 index 5b3435b01e..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/dsa_jce.hpp +++ /dev/null @@ -1,85 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_DSA_JCE_HPP -#define CRYPTO3_ALGEBRA_FIELDS_DSA_JCE_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief DSA group - * @tparam Version - */ - template - struct dsa_jce : public field { }; - - template<> - struct dsa_jce<1024> : public field<1024> { - typedef field<1024> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0xFD7F53811D75122952DF4A9C2EECE4E7F611B7523CEF4400C31E3F80B6512669455D402251FB593D8D58FABFC5F5BA30F6CB9B556CD7813B801D346FF26660B76B9950A5A49F9FE8047B1022C24FBBA9D7FEB7C61BF83B57E7C6A8A6150F04FB83F6D3C51EC3023554135A169132F675F3AE2B61D72AEFF22203199DD14801C7_cppui_modular1024; - - constexpr static const integral_type group_order_minus_one_half = (modulus - 1) / 2; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename dsa_jce<1024>::integral_type const dsa_jce<1024>::modulus; - constexpr typename dsa_jce<1024>::modular_params_type const dsa_jce<1024>::modulus_params; - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_DSA_JCE_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/ffdhe_ietf.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/ffdhe_ietf.hpp deleted file mode 100644 index 7e467fefed..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/ffdhe_ietf.hpp +++ /dev/null @@ -1,205 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_FFDHE_IETF_HPP -#define CRYPTO3_ALGEBRA_FIELDS_FFDHE_IETF_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief TLS FFDHE groups - * @tparam Version - */ - template - struct ffdhe_ietf : public field { }; - - template<> - struct ffdhe_ietf<2048> : public field<2048> { - typedef field<2048> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B423861285C97FFFFFFFFFFFFFFFF_cppui_modular2048; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - constexpr static const std::size_t value_bits = modulus_bits; - - constexpr static const std::size_t arity = 1; - }; - - template<> - struct ffdhe_ietf<3072> : public field<3072> { - typedef field<3072> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF_cppui_modular3072; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct ffdhe_ietf<4096> : public field<4096> { - typedef field<4096> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6AFFFFFFFFFFFFFFFF_cppui_modular4096; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct ffdhe_ietf<6144> : public field<6144> { - typedef field<6144> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF_cppui_modular6144; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct ffdhe_ietf<8192> : public field<8192> { - typedef field<8192> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF97D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD65612433F51F5F066ED0856365553DED1AF3B557135E7F57C935984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE73530ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FBB96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB190B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F619172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD733BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C023861B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91CAEFE130985139270B4130C93BC437944F4FD4452E2D74DD364F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0DABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB7930E9E4E58857B6AC7D5F42D69F6D187763CF1D5503400487F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832A907600A918130C46DC778F971AD0038092999A333CB8B7A1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD9020BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA63BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3ACDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477A52471F7A9A96910B855322EDB6340D8A00EF092350511E30ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538CD72B03746AE77F5E62292C311562A846505DC82DB854338AE49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B045B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C8381E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665CB2C0F1CC01BD70229388839D2AF05E454504AC78B7582822846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA4571EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88CD68C8BB7C5C6424CFFFFFFFFFFFFFFFF_cppui_modular8192; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename ffdhe_ietf<2048>::integral_type const ffdhe_ietf<2048>::modulus; - constexpr typename ffdhe_ietf<3072>::integral_type const ffdhe_ietf<3072>::modulus; - constexpr typename ffdhe_ietf<4096>::integral_type const ffdhe_ietf<4096>::modulus; - constexpr typename ffdhe_ietf<6144>::integral_type const ffdhe_ietf<6144>::modulus; - constexpr typename ffdhe_ietf<8192>::integral_type const ffdhe_ietf<8192>::modulus; - - constexpr typename ffdhe_ietf<2048>::modular_params_type const ffdhe_ietf<2048>::modulus_params; - constexpr typename ffdhe_ietf<3072>::modular_params_type const ffdhe_ietf<3072>::modulus_params; - constexpr typename ffdhe_ietf<4096>::modular_params_type const ffdhe_ietf<4096>::modulus_params; - constexpr typename ffdhe_ietf<6144>::modular_params_type const ffdhe_ietf<6144>::modulus_params; - constexpr typename ffdhe_ietf<8192>::modular_params_type const ffdhe_ietf<8192>::modulus_params; - - constexpr typename ffdhe_ietf<2048>::integral_type const ffdhe_ietf<2048>::mul_generator; - constexpr typename ffdhe_ietf<3072>::integral_type const ffdhe_ietf<3072>::mul_generator; - constexpr typename ffdhe_ietf<4096>::integral_type const ffdhe_ietf<4096>::mul_generator; - constexpr typename ffdhe_ietf<6144>::integral_type const ffdhe_ietf<6144>::mul_generator; - constexpr typename ffdhe_ietf<8192>::integral_type const ffdhe_ietf<8192>::mul_generator; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_FFDHE_IETF_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/field.hpp old mode 100755 new mode 100644 index 51410e68cc..19742ce439 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/field.hpp @@ -51,17 +51,10 @@ namespace nil { typedef int integral_type; typedef int extended_integral_type; #else - typedef boost::multiprecision::number< - boost::multiprecision::backends::cpp_int_modular_backend> - integral_type; - - // TODO(martun): check why extended integral type must be 16x wider. - typedef boost::multiprecision::number< - boost::multiprecision::backends::cpp_int_modular_backend<16 * modulus_bits>> - extended_integral_type; - typedef boost::multiprecision::backends::cpp_int_modular_backend modular_backend; + typedef boost::multiprecision::number integral_type; + typedef boost::multiprecision::backends::modular_params modular_params_type; #endif }; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp12_2over3over2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp12_2over3over2.hpp index 800e48d5c0..835294c65d 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp12_2over3over2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp12_2over3over2.hpp @@ -30,7 +30,6 @@ #include #include #include -#include #include #endif @@ -59,8 +58,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp2.hpp index 648cbd5195..c3223411f4 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp2.hpp @@ -29,7 +29,6 @@ #include #include #include -#include #include #include @@ -54,8 +53,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp3.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp3.hpp index 76e7ca91d1..e4a3c47942 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp3.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp3.hpp @@ -51,8 +51,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp4.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp4.hpp index 7f74f52cb2..5a920884a2 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp4.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp4.hpp @@ -51,8 +51,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp6_3over2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp6_3over2.hpp index 6375721293..e69de731b6 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp6_3over2.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/fp6_3over2.hpp @@ -30,7 +30,6 @@ #include #include -#include #include @@ -54,8 +53,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; typedef typename policy_type::modular_type modular_type; typedef typename policy_type::modular_backend modular_backend; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/goldilocks64/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/goldilocks64/base_field.hpp index 0849dd936c..79b46985ea 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/goldilocks64/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/goldilocks64/base_field.hpp @@ -48,7 +48,6 @@ namespace nil { constexpr static const std::size_t arity = 1; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ typedef __zkllvm_field_goldilocks64_base value_type; #else diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/jubjub/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/jubjub/scalar_field.hpp index 5c2145751b..baa62ab721 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/jubjub/scalar_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/jubjub/scalar_field.hpp @@ -47,8 +47,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/maxprime.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/maxprime.hpp deleted file mode 100644 index d207c69fb0..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/maxprime.hpp +++ /dev/null @@ -1,76 +0,0 @@ -//---------------------------------------------------------------------------// -//// Copyright (c) 2022 Mikhail Komarov -//// Copyright (c) 2022 Nikita Kaskov -//// -//// MIT License -//// -//// Permission is hereby granted, free of charge, to any person obtaining a copy -//// of this software and associated documentation files (the "Software"), to deal -//// in the Software without restriction, including without limitation the rights -//// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -//// copies of the Software, and to permit persons to whom the Software is -//// furnished to do so, subject to the following conditions: -//// -//// The above copyright notice and this permission notice shall be included in all -//// copies or substantial portions of the Software. -//// -//// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -//// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -//// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -//// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -//// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -//// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -//// SOFTWARE. -////---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_MAXPRIME_HPP -#define CRYPTO3_ALGEBRA_FIELDS_MAXPRIME_HPP - -#include - -#include -#include - - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - template - struct maxprime; - - template<> - struct maxprime<64> : public field<64>{ - typedef field<64> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFC5_cppui_modular64; // 18446744073709551557 - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt4/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt4/base_field.hpp index df20923d06..e8437d98c2 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt4/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt4/base_field.hpp @@ -52,8 +52,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt6/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt6/base_field.hpp index adf90b7ec5..2c54fa0828 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt6/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/mnt6/base_field.hpp @@ -52,8 +52,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/modp_ietf.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/modp_ietf.hpp deleted file mode 100644 index b8465bf962..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/modp_ietf.hpp +++ /dev/null @@ -1,267 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_MODP_IETF_HPP -#define CRYPTO3_ALGEBRA_FIELDS_MODP_IETF_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief IETF IPsec groups - * @tparam Version - */ - template - struct modp_ietf : public field { }; - - template<> - struct modp_ietf<1024> : public field<1024> { - typedef field<1024> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF_cppui_modular1024; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_ietf<1536> : public field<1536> { - typedef field<1536> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF_cppui_modular1536; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_ietf<2048> : public field<2048> { - typedef field<2048> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF_cppui_modular2048; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_ietf<3072> : public field<3072> { - typedef field<3072> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF_cppui_modular3072; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_ietf<4096> : public field<4096> { - typedef field<4096> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF_cppui_modular4096; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_ietf<6144> : public field<6144> { - typedef field<6144> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF_cppui_modular6144; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_ietf<8192> : public field<8192> { - typedef field<8192> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF_cppui_modular8192; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template - constexpr typename modp_ietf::integral_type const modp_ietf::modulus; - - template - constexpr typename modp_ietf::integral_type const modp_ietf::mul_generator; - - constexpr typename modp_ietf<1024>::integral_type const modp_ietf<1024>::modulus; - constexpr typename modp_ietf<1536>::integral_type const modp_ietf<1536>::modulus; - constexpr typename modp_ietf<2048>::integral_type const modp_ietf<2048>::modulus; - constexpr typename modp_ietf<3072>::integral_type const modp_ietf<3072>::modulus; - constexpr typename modp_ietf<4096>::integral_type const modp_ietf<4096>::modulus; - constexpr typename modp_ietf<6144>::integral_type const modp_ietf<6144>::modulus; - constexpr typename modp_ietf<8192>::integral_type const modp_ietf<8192>::modulus; - - constexpr typename modp_ietf<1024>::modular_params_type const modp_ietf<1024>::modulus_params; - constexpr typename modp_ietf<1536>::modular_params_type const modp_ietf<1536>::modulus_params; - constexpr typename modp_ietf<2048>::modular_params_type const modp_ietf<2048>::modulus_params; - constexpr typename modp_ietf<3072>::modular_params_type const modp_ietf<3072>::modulus_params; - constexpr typename modp_ietf<4096>::modular_params_type const modp_ietf<4096>::modulus_params; - constexpr typename modp_ietf<6144>::modular_params_type const modp_ietf<6144>::modulus_params; - constexpr typename modp_ietf<8192>::modular_params_type const modp_ietf<8192>::modulus_params; - - constexpr typename modp_ietf<1024>::integral_type const modp_ietf<1024>::mul_generator; - constexpr typename modp_ietf<1536>::integral_type const modp_ietf<1536>::mul_generator; - constexpr typename modp_ietf<2048>::integral_type const modp_ietf<2048>::mul_generator; - constexpr typename modp_ietf<3072>::integral_type const modp_ietf<3072>::mul_generator; - constexpr typename modp_ietf<4096>::integral_type const modp_ietf<4096>::mul_generator; - constexpr typename modp_ietf<6144>::integral_type const modp_ietf<6144>::mul_generator; - constexpr typename modp_ietf<8192>::integral_type const modp_ietf<8192>::mul_generator; - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_MODP_IETF_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/modp_srp.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/modp_srp.hpp deleted file mode 100644 index 95d9f57ffb..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/modp_srp.hpp +++ /dev/null @@ -1,269 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_MODP_SRP_HPP -#define CRYPTO3_ALGEBRA_FIELDS_MODP_SRP_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief SRP groups - * SRP groups have a p st (p-1)/2 is prime, but g is not a generator - * of subgroup of size q, so set q == 0 to bypass generator check. - * - * Missing q doesn't matter for SRP, and nothing but SRP should be - * using these parameters. - * - * @tparam Version - */ - template - struct modp_srp : public field { }; - - template<> - struct modp_srp<1024> : public field<1024> { - typedef field<1024> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0xEEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD15DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3_cppui_modular1024; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_srp<1536> : public field<1536> { - typedef field<1536> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0x9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DCDF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C48665772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB_cppui_modular1536; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_srp<2048> : public field<2048> { - typedef field<2048> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xAC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B855F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773BCA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB694B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73_cppui_modular2048; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x02; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_srp<3072> : public field<3072> { - typedef field<3072> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF_cppui_modular3072; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x05; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_srp<4096> : public field<4096> { - typedef field<4096> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF_cppui_modular4096; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x05; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_srp<6144> : public field<6144> { - typedef field<6144> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF_cppui_modular6144; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x05; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template<> - struct modp_srp<8192> : public field<8192> { - typedef field<8192> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - constexpr static const integral_type modulus = - 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF_cppui_modular8192; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - constexpr static const integral_type mul_generator = 0x13; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename modp_srp<1024>::integral_type const modp_srp<1024>::modulus; - constexpr typename modp_srp<1536>::integral_type const modp_srp<1536>::modulus; - constexpr typename modp_srp<2048>::integral_type const modp_srp<2048>::modulus; - constexpr typename modp_srp<3072>::integral_type const modp_srp<3072>::modulus; - constexpr typename modp_srp<4096>::integral_type const modp_srp<4096>::modulus; - constexpr typename modp_srp<6144>::integral_type const modp_srp<6144>::modulus; - constexpr typename modp_srp<8192>::integral_type const modp_srp<8192>::modulus; - - constexpr typename modp_srp<1024>::modular_params_type const modp_srp<1024>::modulus_params; - constexpr typename modp_srp<1536>::modular_params_type const modp_srp<1536>::modulus_params; - constexpr typename modp_srp<2048>::modular_params_type const modp_srp<2048>::modulus_params; - constexpr typename modp_srp<3072>::modular_params_type const modp_srp<3072>::modulus_params; - constexpr typename modp_srp<4096>::modular_params_type const modp_srp<4096>::modulus_params; - constexpr typename modp_srp<6144>::modular_params_type const modp_srp<6144>::modulus_params; - constexpr typename modp_srp<8192>::modular_params_type const modp_srp<8192>::modulus_params; - - constexpr typename modp_srp<1024>::integral_type const modp_srp<1024>::mul_generator; - constexpr typename modp_srp<1536>::integral_type const modp_srp<1536>::mul_generator; - constexpr typename modp_srp<2048>::integral_type const modp_srp<2048>::mul_generator; - constexpr typename modp_srp<3072>::integral_type const modp_srp<3072>::mul_generator; - constexpr typename modp_srp<4096>::integral_type const modp_srp<4096>::mul_generator; - constexpr typename modp_srp<6144>::integral_type const modp_srp<6144>::mul_generator; - constexpr typename modp_srp<8192>::integral_type const modp_srp<8192>::mul_generator; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_MODP_SRP_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/pallas/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/pallas/base_field.hpp index 828e0c69d9..c613c0a8f5 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/pallas/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/pallas/base_field.hpp @@ -45,9 +45,8 @@ namespace nil { constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const std::size_t value_bits = modulus_bits; constexpr static const std::size_t arity = 1; - + typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ typedef __zkllvm_field_pallas_base value_type; #else diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/params.hpp index e3ac8b4b1e..525df25797 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/params.hpp @@ -43,8 +43,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = field_type::modulus_bits; typedef typename field_type::integral_type integral_type; - typedef typename field_type::extended_integral_type extended_integral_type; - constexpr static const integral_type modulus = field_type::modulus; constexpr static const integral_type group_order_minus_one_half = field_type::group_order_minus_one_half; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/base_field.hpp index 7f8145d6cf..7123002104 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/base_field.hpp @@ -52,8 +52,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -82,8 +80,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -112,8 +108,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -142,8 +136,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -165,8 +157,6 @@ namespace nil { constexpr static const std::size_t arity = 1; }; - // TODO: define nist_base_field for other base field sizes - template using secp_k1_fq = secp_k1_base_field; @@ -202,4 +192,4 @@ namespace nil { } // namespace crypto3 } // namespace nil -#endif // CRYPTO3_ALGEBRA_FIELDS_NIST_BASE_FIELD_HPP +#endif // CRYPTO3_ALGEBRA_FIELDS_SECP_K1_BASE_FIELD_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/scalar_field.hpp index 21d5bdfc77..6ca633500d 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/scalar_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_k1/scalar_field.hpp @@ -53,8 +53,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -83,8 +81,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -114,8 +110,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -144,8 +138,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/base_field.hpp index 31a7b586b9..fdbb626215 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/base_field.hpp @@ -52,8 +52,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -82,8 +80,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -112,8 +108,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -142,8 +136,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -172,8 +164,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -202,8 +192,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -225,8 +213,6 @@ namespace nil { constexpr static const std::size_t arity = 1; }; - // TODO: define nist_base_field for other base field sizes - template using secp_r1_fq = secp_r1_base_field; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/scalar_field.hpp index c39292de0c..365b713789 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/scalar_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/secp/secp_r1/scalar_field.hpp @@ -53,8 +53,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -83,8 +81,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -113,8 +109,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -143,8 +137,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -173,8 +165,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = @@ -203,8 +193,6 @@ namespace nil { constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - constexpr static const std::size_t number_bits = policy_type::number_bits; constexpr static const integral_type modulus = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sect/sect_k1/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sect/sect_k1/base_field.hpp deleted file mode 100644 index 377cf86db9..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sect/sect_k1/base_field.hpp +++ /dev/null @@ -1,91 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_SECT_K1_BASE_FIELD_HPP -#define CRYPTO3_ALGEBRA_FIELDS_SECT_K1_BASE_FIELD_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - // TODO: check correctness of this binary field - /*! - * @brief IETF IPsec groups - * @tparam Version - */ - template - struct sect_k1_base_field; - - template<> - struct sect_k1_base_field<163> : public field<164> { - typedef field<164> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = 0x80000000000000000000000000000000000000000_cppui_modular164; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - // TODO: define nist_base_field for other base field sizes - - template - using sect_k1_fq = sect_k1_base_field; - - constexpr typename std::size_t const sect_k1_fq<163>::modulus_bits; - constexpr typename std::size_t const sect_k1_fq<163>::number_bits; - constexpr typename std::size_t const sect_k1_fq<163>::value_bits; - constexpr typename sect_k1_fq<163>::integral_type const sect_k1_fq<163>::modulus; - constexpr typename sect_k1_fq<163>::modular_params_type const sect_k1_fq<163>::modulus_params; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_NIST_BASE_FIELD_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sect/sect_k1/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sect/sect_k1/scalar_field.hpp deleted file mode 100644 index 419aeaacc3..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sect/sect_k1/scalar_field.hpp +++ /dev/null @@ -1,89 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_SECT_K1_SCALAR_FIELD_HPP -#define CRYPTO3_ALGEBRA_FIELDS_SECT_K1_SCALAR_FIELD_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief - * @tparam Version - */ - template - struct sect_k1_scalar_field; - - template<> - struct sect_k1_scalar_field<163> : public field<163> { - typedef field<163> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = 0x4000000000000000000020108a2e0cc0d99f8a5ef_cppui_modular163; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - template - using sect_k1_fr = sect_k1_scalar_field; - - constexpr typename std::size_t const sect_k1_fr<163>::modulus_bits; - constexpr typename std::size_t const sect_k1_fr<163>::number_bits; - constexpr typename std::size_t const sect_k1_fr<163>::value_bits; - constexpr typename sect_k1_fr<163>::integral_type const sect_k1_fr<163>::modulus; - constexpr typename sect_k1_fr<163>::modular_params_type const sect_k1_fr<163>::modulus_params; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_NIST_SCALAR_FIELD_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sm2p_v1/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sm2p_v1/base_field.hpp deleted file mode 100644 index 65eae451f8..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sm2p_v1/base_field.hpp +++ /dev/null @@ -1,92 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_SM2P_V1_BASE_FIELD_HPP -#define CRYPTO3_ALGEBRA_FIELDS_SM2P_V1_BASE_FIELD_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief IETF IPsec groups - * @tparam Version - */ - template - struct sm2p_v1_base_field : public field { }; - - template<> - struct sm2p_v1_base_field<256> : public field<256> { - typedef field<256> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF_cppui_modular256; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename sm2p_v1_base_field<256>::integral_type const sm2p_v1_base_field<256>::modulus; - - constexpr - typename sm2p_v1_base_field<256>::modular_params_type const sm2p_v1_base_field<256>::modulus_params; - - template - using sm2p_v1_fq = sm2p_v1_base_field; - - template - using sm2p_v1 = sm2p_v1_base_field; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_SM2P_V1_BASE_FIELD_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sm2p_v1/scalar_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sm2p_v1/scalar_field.hpp deleted file mode 100644 index 227086a78b..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/sm2p_v1/scalar_field.hpp +++ /dev/null @@ -1,89 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_FIELDS_SM2P_V1_SCALAR_FIELD_HPP -#define CRYPTO3_ALGEBRA_FIELDS_SM2P_V1_SCALAR_FIELD_HPP - -#include - -#include -#include - - - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace fields { - - /*! - * @brief IETF IPsec groups - * @tparam Version - */ - template - struct sm2p_v1_scalar_field : public field { }; - - template<> - struct sm2p_v1_scalar_field<256> : public field<256> { - typedef field<256> policy_type; - - constexpr static const std::size_t modulus_bits = policy_type::modulus_bits; - typedef typename policy_type::integral_type integral_type; - - typedef typename policy_type::extended_integral_type extended_integral_type; - - constexpr static const std::size_t number_bits = policy_type::number_bits; - - constexpr static const integral_type modulus = - 0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123_cppui_modular256; - - typedef typename policy_type::modular_backend modular_backend; - constexpr static const modular_params_type modulus_params = modulus.backend(); - typedef boost::multiprecision::number< - boost::multiprecision::backends::modular_adaptor< - modular_backend, - boost::multiprecision::backends::modular_params_ct>> - modular_type; - - typedef typename detail::element_fp>> value_type; - - constexpr static const std::size_t value_bits = modulus_bits; - constexpr static const std::size_t arity = 1; - }; - - constexpr typename sm2p_v1_scalar_field<256>::integral_type const sm2p_v1_scalar_field<256>::modulus; - - constexpr typename sm2p_v1_scalar_field<256>::modular_params_type const - sm2p_v1_scalar_field<256>::modulus_params; - - template - using sm2p_v1_fr = sm2p_v1_scalar_field; - - } // namespace fields - } // namespace algebra - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_FIELDS_SM2P_V1_SCALAR_FIELD_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/vesta/base_field.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/vesta/base_field.hpp index 7e1c096624..a523851bd3 100755 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/vesta/base_field.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/fields/vesta/base_field.hpp @@ -50,7 +50,6 @@ namespace nil { constexpr static const std::size_t arity = 1; typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; #ifdef __ZKLLVM__ typedef __zkllvm_field_vesta_base value_type; #else diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/marshalling.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/marshalling.hpp deleted file mode 100644 index 2687482c50..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/marshalling.hpp +++ /dev/null @@ -1,301 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020 Nikita Kaskov -// Copyright (c) 2020 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_MARSHALLING_HPP -#define CRYPTO3_ALGEBRA_MARSHALLING_HPP - -#include -#include - -#include -#include - -#include - -#include -#include - -namespace nil { - namespace marshalling { - namespace bincode { - template - struct field { - typedef FieldType field_type; - typedef typename field_type::value_type field_value_type; - - typedef uint8_t chunk_type; - constexpr static const size_t chunk_size = 8; - - constexpr static size_t modulus_chunks = - field_type::modulus_bits / chunk_size + (field_type::modulus_bits % chunk_size ? 1 : 0); - constexpr static size_t field_octets_num = field_type::arity * modulus_chunks; - - constexpr static inline size_t get_element_size() { - return field_octets_num; - } - - template - static inline typename std::enable_if< - !algebra::is_extended_field::value && - std::is_same::value_type>::value, - std::pair>::type - field_element_from_bytes(InputFieldValueIterator first, InputFieldValueIterator last) { - BOOST_ASSERT(field_octets_num == std::distance(first, last)); - - typename FieldType::integral_type result; - ::boost::multiprecision::import_bits(result, first, last, chunk_size, false); - - return std::make_pair(result < FieldType::modulus, field_value_type(result)); - } - - template - static inline typename std::enable_if< - algebra::is_extended_field::value && - std::is_same::value_type>::value, - std::pair>::type - field_element_from_bytes(InputFieldValueIterator first, InputFieldValueIterator last) { - constexpr size_t data_dimension = field_type::arity / field_type::underlying_field_type::arity; - BOOST_ASSERT(field_octets_num == std::distance(first, last)); - - typename field_value_type::data_type data; - bool bres = true; - for (size_t n = 0; n < data_dimension; ++n) { - std::pair valid_coord = - field::field_element_from_bytes( - first + n * field_type::underlying_field_type::arity * modulus_chunks, - first + (n + 1) * field_type::underlying_field_type::arity * modulus_chunks); - bres = bres && valid_coord.first; - data[n] = valid_coord.second; - } - - return std::make_pair(bres, field_value_type(data)); - } - - template - static inline typename std::enable_if< - !algebra::is_extended_field::value && - std::is_same::value_type>::value, - size_t>::type - field_element_to_bytes(const field_value_type &element, OutputIterator out_first, - OutputIterator out_last) { - BOOST_ASSERT(field_octets_num == std::distance(out_first, out_last)); - - ::boost::multiprecision::export_bits( - element.data.template convert_to(), out_first, chunk_size, - false); - - return field_octets_num; - } - - template - static inline typename std::enable_if< - algebra::is_extended_field::value && - std::is_same::value_type>::value, - size_t>::type - field_element_to_bytes(const field_value_type &element, OutputIterator out_first, - OutputIterator out_last) { - BOOST_ASSERT(field_octets_num == std::distance(out_first, out_last)); - - size_t offset = 0; - for (auto data_it = element.data.begin(); data_it != element.data.end(); ++data_it) { - offset += field::field_element_to_bytes( - *data_it, out_first + offset, - out_first + offset + field_type::underlying_field_type::arity * modulus_chunks); - } - - return field_octets_num; - } - }; - - template - class curve; - - template<> - class curve> { - public: - - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::base_field_type fp_type; - typedef typename curve_type::scalar_field_type fr_type; - typedef typename curve_type::template g1_type<> g1_type; - typedef typename curve_type::template g2_type<> g2_type; - typedef typename curve_type::gt_type gt_type; - - typedef uint8_t chunk_type; - constexpr static const size_t chunk_size = 8; - - constexpr static size_t fp_octets_num = - curve_type::base_field_type::modulus_bits / chunk_size + 1; - constexpr static size_t fr_octets_num = - curve_type::scalar_field_type::modulus_bits / chunk_size + 1; - static_assert(curve_element_serializer::sizeof_field_element == fp_octets_num); - - constexpr static size_t g1_octets_num = fp_octets_num; - constexpr static size_t g2_octets_num = 2 * fp_octets_num; - constexpr static size_t gt_octets_num = gt_type::arity * fp_octets_num; - - // template - // constexpr static inline std::size_t get_field_element_size() { - // return (FieldType::modulus_bits / chunk_size + (FieldType::modulus_bits % chunk_size ? 1 : 0)) * - // FieldType::arity; - // } - - template - constexpr static inline typename std::enable_if::value, size_t>::type - element_size() { - return fr_octets_num; - } - - template - constexpr static inline typename std::enable_if::value, size_t>::type - element_size() { - return fp_octets_num; - } - - template - constexpr static inline typename std::enable_if::value, size_t>::type - element_size() { - return gt_octets_num; - } - - template - constexpr static inline typename std::enable_if::value, size_t>::type - element_size() { - return g1_octets_num; - } - - template - constexpr static inline typename std::enable_if::value, size_t>::type - element_size() { - return g2_octets_num; - } - - template - static inline typename std::enable_if< - !algebra::is_extended_field::value && - std::is_same::value_type>::value && - (std::is_same::value || std::is_same::value), - std::pair>::type - field_element_from_bytes(InputFieldValueIterator first, InputFieldValueIterator last) { - return field::field_element_from_bytes(first, last); - } - - template - static inline typename std::enable_if< - algebra::is_extended_field::value && - std::is_same::value_type>::value, - std::pair>::type - field_element_from_bytes(InputFieldValueIterator first, InputFieldValueIterator last) { - return field::field_element_from_bytes(first, last); - } - - template - static inline typename std::enable_if< - std::is_same::value_type>::value, - typename g1_type::value_type>::type - g1_point_from_bytes(InputG1Iterator first, InputG1Iterator last) { - BOOST_ASSERT(g1_octets_num == std::distance(first, last)); - - typename curve_element_serializer::compressed_g1_octets input_array; - auto it1 = first; - auto it2 = input_array.begin(); - while (it1 != last && it2 != input_array.end()) { - *it2++ = *it1++; - } - - return curve_element_serializer::octets_to_g1_point(input_array); - } - - template - static inline typename std::enable_if< - std::is_same::value_type>::value, - typename g2_type::value_type>::type - g2_point_from_bytes(InputG2Iterator first, InputG2Iterator last) { - BOOST_ASSERT(g2_octets_num == std::distance(first, last)); - - typename curve_element_serializer::compressed_g2_octets input_array; - auto it1 = first; - auto it2 = input_array.begin(); - while (it1 != last && it2 != input_array.end()) { - *it2++ = *it1++; - } - - return curve_element_serializer::octets_to_g2_point(input_array); - } - - template - static inline typename std::enable_if< - !algebra::is_extended_field::value && - (std::is_same::value || std::is_same::value) && - std::is_same::value_type>::value, - size_t>::type - field_element_to_bytes(const typename FieldType::value_type &element, OutputIterator out_first, - OutputIterator out_last) { - return field::field_element_to_bytes(element, out_first, out_last); - } - - template - static inline typename std::enable_if< - algebra::is_extended_field::value && - std::is_same::value_type>::value, - size_t>::type - field_element_to_bytes(const typename FieldType::value_type &element, OutputIterator out_first, - OutputIterator out_last) { - return field::field_element_to_bytes(element, out_first, out_last); - } - - template - static inline typename std::enable_if::value, size_t>::type - point_to_bytes(const typename GroupType::value_type &point, OutputIterator out_first, - OutputIterator out_last) { - BOOST_ASSERT(g1_octets_num == std::distance(out_first, out_last)); - - auto out_array = curve_element_serializer::point_to_octets_compress(point); - std::copy(out_array.begin(), out_array.end(), out_first); - return out_array.size(); - } - - template - static inline typename std::enable_if::value, size_t>::type - point_to_bytes(const typename GroupType::value_type &point, OutputIterator out_first, - OutputIterator out_last) { - BOOST_ASSERT(g2_octets_num == std::distance(out_first, out_last)); - - auto out_array = curve_element_serializer::point_to_octets_compress(point); - std::copy(out_array.begin(), out_array.end(), out_first); - return out_array.size(); - } - }; - } // namespace bincode - - } // namespace marshalling -} // namespace nil - -#endif // CRYPTO3_ALGEBRA_MARSHALLING_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/multiexp/policies.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/multiexp/policies.hpp index 03bba5a5f1..413337b42f 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/multiexp/policies.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/multiexp/policies.hpp @@ -220,8 +220,7 @@ namespace nil { typedef typename std::iterator_traits::value_type base_value_type; typedef typename std::iterator_traits::value_type field_value_type; - // TODO(martun): check that we did not break this, since integral_type is now a fixed size type. - typedef typename field_value_type::integral_type non_fixed_precision_number_type; + using integral_type = typename field_value_type::integral_type; if (vec_start == vec_end) { return base_value_type::zero(); @@ -231,7 +230,7 @@ namespace nil { return (*scalar_start) * (*vec_start); } - std::vector> opt_q; + std::vector> opt_q; const std::size_t vec_len = scalar_end - scalar_start; const std::size_t odd_vec_len = (vec_len % 2 == 1 ? vec_len : vec_len + 1); opt_q.reserve(odd_vec_len); @@ -246,8 +245,8 @@ namespace nil { ++vec_it, ++scalar_it, ++i) { g.emplace_back(*vec_it); - opt_q.emplace_back(detail::ordered_exponent( - i, non_fixed_precision_number_type(scalar_it->data))); + opt_q.emplace_back(detail::ordered_exponent( + i, integral_type(scalar_it->data))); } std::make_heap(opt_q.begin(), opt_q.end()); @@ -257,7 +256,7 @@ namespace nil { if (vec_len != odd_vec_len) { g.emplace_back(base_value_type::zero()); opt_q.emplace_back( - detail::ordered_exponent(odd_vec_len - 1, 0ul)); + detail::ordered_exponent(odd_vec_len - 1, 0ul)); } assert(g.size() % 2 == 1); assert(opt_q.size() == g.size()); @@ -265,8 +264,8 @@ namespace nil { base_value_type opt_result = base_value_type::zero(); while (true) { - detail::ordered_exponent &a = opt_q[0]; - detail::ordered_exponent &b = + detail::ordered_exponent &a = opt_q[0]; + detail::ordered_exponent &b = (opt_q[1] < opt_q[2] ? opt_q[2] : opt_q[1]); const std::size_t abits = boost::multiprecision::msb(a.r) + 1; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/basic_policy.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/basic_policy.hpp deleted file mode 100644 index c7cd9218e6..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/basic_policy.hpp +++ /dev/null @@ -1,82 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_PAIRING_ALT_BN128_BASIC_POLICY_HPP -#define CRYPTO3_ALGEBRA_PAIRING_ALT_BN128_BASIC_POLICY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace pairing { - namespace detail { - - template - struct alt_bn128_basic_policy; - - template<> - struct alt_bn128_basic_policy<254> { - using policy_type = curves::detail::alt_bn128_basic_policy<254>; - - public: - typedef typename policy_type::integral_type integral_type; - typedef typename policy_type::extended_integral_type extended_integral_type; - - using fp_type = typename policy_type::scalar_field_type; - using fq_type = typename policy_type::g1_field_type; - using fqe_type = typename policy_type::g2_field_type; - using fqk_type = typename policy_type::gt_field_type; - - using g1_type = policy_type::g1_field_type; - using g2_type = policy_type::g2_field_type; - using gt_type = typename policy_type::gt_field_type; - - constexpr static const std::size_t base_field_bits = policy_type::base_field_type::modulus_bits; - constexpr static const integral_type base_field_modulus = policy_type::base_field_type::modulus; - constexpr static const std::size_t scalar_field_bits = - policy_type::scalar_field_type::modulus_bits; - constexpr static const integral_type scalar_field_modulus = - policy_type::scalar_field_type::modulus; - - constexpr static const std::size_t integral_type_max_bits = base_field_bits; - - constexpr static const integral_type ate_loop_count = 0x19D797039BE763BA8_cppui_modular254; - constexpr static const bool ate_is_loop_count_neg = false; - constexpr static const extended_integral_type final_exponent = extended_integral_type( - 0x2F4B6DC97020FDDADF107D20BC842D43BF6369B1FF6A1C71015F3F7BE2E1E30A73BB94FEC0DAF15466B2383A5D3EC3D15AD524D8F70C54EFEE1BD8C3B21377E563A09A1B705887E72ECEADDEA3790364A61F676BAAF977870E88D5C6C8FEF0781361E443AE77F5B63A2A2264487F2940A8B1DDB3D15062CD0FB2015DFC6668449AED3CC48A82D0D602D268C7DAAB6A41294C0CC4EBE5664568DFC50E1648A45A4A1E3A5195846A3ED011A337A02088EC80E0EBAE8755CFE107ACF3AAFB40494E406F804216BB10CF430B0F37856B42DB8DC5514724EE93DFB10826F0DD4A0364B9580291D2CD65664814FDE37CA80BB4EA44EACC5E641BBADF423F9A2CBF813B8D145DA90029BAEE7DDADDA71C7F3811C4105262945BBA1668C3BE69A3C230974D83561841D766F9C9D570BB7FBE04C7E8A6C3C760C0DE81DEF35692DA361102B6B9B2B918837FA97896E84ABB40A4EFB7E54523A486964B64CA86F120_cppui_modular2790); - - constexpr static const integral_type final_exponent_z = integral_type(0x44E992B44A6909F1); - constexpr static const integral_type final_exponent_is_z_neg = false; - }; - - constexpr typename alt_bn128_basic_policy<254>::integral_type const - alt_bn128_basic_policy<254>::ate_loop_count; - } // namespace detail - } // namespace pairing - } // namespace algebra - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_ALGEBRA_PAIRING_ALT_BN128_BASIC_POLICY_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/functions.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/functions.hpp deleted file mode 100644 index 9701ab7e66..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/functions.hpp +++ /dev/null @@ -1,525 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_PAIRING_ALT_BN128_FUNCTIONS_HPP -#define CRYPTO3_ALGEBRA_PAIRING_ALT_BN128_FUNCTIONS_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace pairing { - namespace detail { - - template - class alt_bn128_pairing_functions; - - template<> - class alt_bn128_pairing_functions<254> : public alt_bn128_basic_policy<254> { - using policy_type = alt_bn128_basic_policy<254>; - - public: - using fp_type = typename policy_type::fp_type; - using fq_type = typename policy_type::fq_type; - using fqe_type = typename policy_type::fqe_type; - using fqk_type = typename policy_type::fqk_type; - - using g1_type = curves::detail::alt_bn128_g1<254>; - using g2_type = curves::detail::alt_bn128_g2<254>; - using gt_type = typename policy_type::gt_type; - - constexpr static const typename policy_type::integral_type ate_loop_count = - policy_type::ate_loop_count; - - constexpr static const typename g2_type::underlying_field_type::value_type twist = - g2_type::value_type::twist; - // but it's better to implement a structure pairing_params with such values - - private: - using g1 = typename g1_type::value_type; - using g2 = typename g2_type::value_type; - using Fq = typename fq_type::value_type; - using Fq2 = typename fqe_type::value_type; - using gt = typename fqk_type::value_type; - - public: - struct ate_g1_precomputed_type { - Fq PX; - Fq PY; - - bool operator==(const ate_g1_precomputed_type &other) const { - return (this->PX == other.PX && this->PY == other.PY); - } - - friend std::ostream& operator<<(std::ostream &os, ate_g1_precomputed_type const& p) { - os << "\"PX\":" << p.PX << "," << std::endl; - os << "\"PY\":" << p.PY << std::endl; - return os; - } - }; - - struct ate_ell_coeffs { - Fq2 ell_0; - Fq2 ell_VW; - Fq2 ell_VV; - - bool operator==(const ate_ell_coeffs &other) const { - return (this->ell_0 == other.ell_0 && this->ell_VW == other.ell_VW && - this->ell_VV == other.ell_VV); - } - }; - - struct ate_g2_precomputed_type { - Fq2 QX; - Fq2 QY; - std::vector coeffs; - - bool operator==(const ate_g2_precomputed_type &other) const { - return (this->QX == other.QX && this->QY == other.QY && this->coeffs == other.coeffs); - } - - friend std::ostream& operator<<(std::ostream &os, ate_g2_precomputed_type const& p) { - os << "\"QX\":" << p.QX << "," << std::endl; - os << "\"QY\":" << p.QY << "," << std::endl; - os << "\"coeffs\": [" << std::endl; - for(auto c = p.coeffs.begin(); c != p.coeffs.end();) { - os << "{"; - os << "\"ell_0\": " << c->ell_0 << "," << std::endl; - os << "\"ell_VW\": " << c->ell_VW << "," << std::endl; - os << "\"ell_VV\": " << c->ell_VV << std::endl; - os << "}"; - ++c; - - if (c!=p.coeffs.end()) { - os << "," << std::endl; - } - } - os << "]" << std::endl; - return os; - } - }; - - private: - /************************* FINAL EXPONENTIATIONS ***********************************/ - - static gt final_exponentiation_first_chunk(const gt &elt) { - - /* - Computes result = elt^((q^6-1)*(q^2+1)). - Follows, e.g., Beuchat et al page 9, by computing result as follows: - elt^((q^6-1)*(q^2+1)) = (conj(elt) * elt^(-1))^(q^2+1) - More precisely: - A = conj(elt) - B = elt.inversed() - C = A * B - D = C.Frobenius_map(2) - result = D * C - */ - - const gt A = gt(elt.c0, -elt.c1); - const gt B = elt.inversed(); - const gt C = A * B; - const gt D = C.Frobenius_map(2); - const gt result = D * C; - - return result; - } - - static gt exp_by_neg_z(const gt &elt) { - - gt result = elt.cyclotomic_exp(policy_type::final_exponent_z); - - if (!policy_type::final_exponent_is_z_neg) { - result = result.unitary_inversed(); - } - - return result; - } - - static gt final_exponentiation_last_chunk(const gt &elt) { - - /* - Follows Laura Fuentes-Castaneda et al. "Faster hashing to g2" - by computing: - - result = elt^(q^3 * (12*z^3 + 6z^2 + 4z - 1) + - q^2 * (12*z^3 + 6z^2 + 6z) + - q * (12*z^3 + 6z^2 + 4z) + - 1 * (12*z^3 + 12z^2 + 6z + 1)) - which equals - - result = elt^( 2z * ( 6z^2 + 3z + 1 ) * (q^4 - q^2 + 1)/r ). - - Using the following addition chain: - - A = exp_by_neg_z(elt) // = elt^(-z) - B = A^2 // = elt^(-2*z) - C = B^2 // = elt^(-4*z) - D = C * B // = elt^(-6*z) - E = exp_by_neg_z(D) // = elt^(6*z^2) - F = E^2 // = elt^(12*z^2) - G = epx_by_neg_z(F) // = elt^(-12*z^3) - H = conj(D) // = elt^(6*z) - I = conj(G) // = elt^(12*z^3) - J = I * E // = elt^(12*z^3 + 6*z^2) - K = J * H // = elt^(12*z^3 + 6*z^2 + 6*z) - L = K * B // = elt^(12*z^3 + 6*z^2 + 4*z) - M = K * E // = elt^(12*z^3 + 12*z^2 + 6*z) - N = M * elt // = elt^(12*z^3 + 12*z^2 + 6*z + 1) - O = L.Frobenius_map(1) // = elt^(q*(12*z^3 + 6*z^2 + 4*z)) - P = O * N // = elt^(q*(12*z^3 + 6*z^2 + 4*z) * (12*z^3 + 12*z^2 + 6*z + 1)) - Q = K.Frobenius_map(2) // = elt^(q^2 * (12*z^3 + 6*z^2 + 6*z)) - R = Q * P // = elt^(q^2 * (12*z^3 + 6*z^2 + 6*z) + q*(12*z^3 + 6*z^2 + 4*z) * - (12*z^3 - + 12*z^2 + 6*z + 1)) S = conj(elt) // = elt^(-1) T = S * L // = - elt^(12*z^3 - + 6*z^2 + 4*z - 1) U = T.Frobenius_map(3) // = elt^(q^3(12*z^3 + 6*z^2 + 4*z - 1)) V = U * - R // = elt^(q^3(12*z^3 + 6*z^2 + 4*z - 1) + q^2 * (12*z^3 + 6*z^2 + 6*z) + q*(12*z^3 + - 6*z^2 + 4*z) * (12*z^3 + 12*z^2 + 6*z + 1)) result = V - - */ - - const gt A = exp_by_neg_z(elt); - const gt B = A.cyclotomic_squared(); - const gt C = B.cyclotomic_squared(); - const gt D = C * B; - const gt E = exp_by_neg_z(D); - const gt F = E.cyclotomic_squared(); - const gt G = exp_by_neg_z(F); - const gt H = D.unitary_inversed(); - const gt I = G.unitary_inversed(); - const gt J = I * E; - const gt K = J * H; - const gt L = K * B; - const gt M = K * E; - const gt N = M * elt; - const gt O = L.Frobenius_map(1); - const gt P = O * N; - const gt Q = K.Frobenius_map(2); - const gt R = Q * P; - const gt S = elt.unitary_inversed(); - const gt T = S * L; - const gt U = T.Frobenius_map(3); - const gt V = U * R; - - const gt result = V; - - return result; - } - - public: - static gt final_exponentiation(const gt &elt) { - /* OLD naive version: - gt result = elt^final_exponent; - */ - gt A = final_exponentiation_first_chunk(elt); - gt result = final_exponentiation_last_chunk(A); - - return result; - } - - private: - /* ate pairing */ - - static void doubling_step_for_flipped_miller_loop(const Fq two_inv, g2 ¤t, - ate_ell_coeffs &c) { - - const Fq2 X = current.X, Y = current.Y, Z = current.Z; - - const Fq2 A = two_inv * (X * Y); // A = X1 * Y1 / 2 - const Fq2 B = Y.squared(); // B = Y1^2 - const Fq2 C = Z.squared(); // C = Z1^2 - const Fq2 D = C + C + C; // D = 3 * C - const Fq2 E = twist_coeff_b * D; // E = twist_b * D - const Fq2 F = E + E + E; // F = 3 * E - const Fq2 G = two_inv * (B + F); // G = (B+F)/2 - const Fq2 H = (Y + Z).squared() - (B + C); // H = (Y1+Z1)^2-(B+C) - const Fq2 I = E - B; // I = E-B - const Fq2 J = X.squared(); // J = X1^2 - const Fq2 E_squared = E.squared(); // E_squared = E^2 - - current.X = A * (B - F); // X3 = A * (B-F) - current.Y = G.squared() - (E_squared + E_squared + E_squared); // Y3 = G^2 - 3*E^2 - current.Z = B * H; // Z3 = B * H - c.ell_0 = twist * I; // ell_0 = xi * I - c.ell_VW = -H; // ell_VW = - H (later: * yP) - c.ell_VV = J + J + J; // ell_VV = 3*J (later: * xP) - } - - static void mixed_addition_step_for_flipped_miller_loop(const g2 base, g2 ¤t, - ate_ell_coeffs &c) { - - const Fq2 X1 = current.X, Y1 = current.Y, Z1 = current.Z; - const Fq2 &x2 = base.X, &y2 = base.Y; - - const Fq2 D = X1 - x2 * Z1; // D = X1 - X2*Z1 - const Fq2 E = Y1 - y2 * Z1; // E = Y1 - Y2*Z1 - const Fq2 F = D.squared(); // F = D^2 - const Fq2 G = E.squared(); // G = E^2 - const Fq2 H = D * F; // H = D*F - const Fq2 I = X1 * F; // I = X1 * F - const Fq2 J = H + Z1 * G - (I + I); // J = H + Z1*G - (I+I) - - current.X = D * J; // X3 = D*J - current.Y = E * (I - J) - (H * Y1); // Y3 = E*(I-J)-(H*Y1) - current.Z = Z1 * H; // Z3 = Z1*H - c.ell_0 = twist * (E * x2 - D * y2); // ell_0 = xi * (E * X2 - D * Y2) - c.ell_VV = -E; // ell_VV = - E (later: * xP) - c.ell_VW = D; // ell_VW = D (later: * yP ) - } - - static ate_g1_precomputed_type ate_precompute_g1(const g1 &P) { - - g1 Pcopy = P.to_affine(); - - if (P.is_zero()) { - Pcopy.X = g1_type::field_type::value_type::zero(); - Pcopy.Y = g1_type::field_type::value_type::zero(); - } - - ate_g1_precomputed_type result; - result.PX = Pcopy.X; - result.PY = Pcopy.Y; - - return result; - } - - static ate_g2_precomputed_type ate_precompute_g2(const g2 &Q) { - - g2 Qcopy(Q).to_affine(); - - Fq two_inv = Fq(0x02).inversed(); // could add to global params if needed - - ate_g2_precomputed_type result; - result.QX = Qcopy.X; - result.QY = Qcopy.Y; - - g2 R; - R.X = Qcopy.X; - R.Y = Qcopy.Y; - R.Z = Fq2::one(); - - const typename policy_type::integral_type &loop_count = policy_type::ate_loop_count; - - bool found_one = false; - ate_ell_coeffs c; - - for (long i = loop_count.max_bits(); i >= 0; --i) { - const bool bit = loop_count.test_bit(i); - if (!found_one) { - /* this skips the MSB itself */ - found_one |= bit; - continue; - } - - doubling_step_for_flipped_miller_loop(two_inv, R, c); - result.coeffs.push_back(c); - - if (bit) { - mixed_addition_step_for_flipped_miller_loop(Qcopy, R, c); - result.coeffs.push_back(c); - } - } - - g2 Q1 = Qcopy.mul_by_q(); - assert(Q1.Z == Fq2::one()); - g2 Q2 = Q1.mul_by_q(); - assert(Q2.Z == Fq2::one()); - - if (policy_type::ate_is_loop_count_neg) { - R.Y = -R.Y; - } - Q2.Y = -Q2.Y; - - mixed_addition_step_for_flipped_miller_loop(Q1, R, c); - result.coeffs.push_back(c); - - mixed_addition_step_for_flipped_miller_loop(Q2, R, c); - result.coeffs.push_back(c); - - return result; - } - - static gt ate_miller_loop(const ate_g1_precomputed_type &prec_P, - const ate_g2_precomputed_type &prec_Q) { - - gt f = gt::one(); - - bool found_one = false; - std::size_t idx = 0; - - const typename policy_type::integral_type &loop_count = policy_type::ate_loop_count; - - ate_ell_coeffs c; - - for (long i = loop_count.max_bits(); i >= 0; --i) { - const bool bit = loop_count.test_bit(i); - if (!found_one) { - /* this skips the MSB itself */ - found_one |= bit; - continue; - } - - /* code below gets executed for all bits (EXCEPT the MSB itself) of - param_p (skipping leading zeros) in MSB to LSB - order */ - - c = prec_Q.coeffs[idx++]; - f = f.squared(); - f = f.mul_by_024(c.ell_0, prec_P.PY * c.ell_VW, prec_P.PX * c.ell_VV); - - if (bit) { - c = prec_Q.coeffs[idx++]; - f = f.mul_by_024(c.ell_0, prec_P.PY * c.ell_VW, prec_P.PX * c.ell_VV); - } - } - - if (policy_type::ate_is_loop_count_neg) { - f = f.inversed(); - } - - c = prec_Q.coeffs[idx++]; - f = f.mul_by_024(c.ell_0, prec_P.PY * c.ell_VW, prec_P.PX * c.ell_VV); - - c = prec_Q.coeffs[idx++]; - f = f.mul_by_024(c.ell_0, prec_P.PY * c.ell_VW, prec_P.PX * c.ell_VV); - - return f; - } - - static gt ate_double_miller_loop(const ate_g1_precomputed_type &prec_P1, - const ate_g2_precomputed_type &prec_Q1, - const ate_g1_precomputed_type &prec_P2, - const ate_g2_precomputed_type &prec_Q2) { - - gt f = gt::one(); - - bool found_one = false; - std::size_t idx = 0; - - const typename policy_type::integral_type &loop_count = policy_type::ate_loop_count; - - for (long i = loop_count.max_bits(); i >= 0; --i) { - const bool bit = loop_count.test_bit(i); - if (!found_one) { - /* this skips the MSB itself */ - found_one |= bit; - continue; - } - - /* code below gets executed for all bits (EXCEPT the MSB itself) of - param_p (skipping leading zeros) in MSB to LSB - order */ - - ate_ell_coeffs c1 = prec_Q1.coeffs[idx]; - ate_ell_coeffs c2 = prec_Q2.coeffs[idx]; - ++idx; - - f = f.squared(); - - f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV); - f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV); - - if (bit) { - ate_ell_coeffs c1 = prec_Q1.coeffs[idx]; - ate_ell_coeffs c2 = prec_Q2.coeffs[idx]; - ++idx; - - f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV); - f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV); - } - } - - if (policy_type::ate_is_loop_count_neg) { - f = f.inversed(); - } - - ate_ell_coeffs c1 = prec_Q1.coeffs[idx]; - ate_ell_coeffs c2 = prec_Q2.coeffs[idx]; - ++idx; - f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV); - f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV); - - c1 = prec_Q1.coeffs[idx]; - c2 = prec_Q2.coeffs[idx]; - ++idx; - f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV); - f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV); - - return f; - } - - static gt ate_pair(const g1 &P, const g2 &Q) { - ate_g1_precomputed_type prec_P = ate_precompute_g1(P); - ate_g2_precomputed_type prec_Q = ate_precompute_g2(Q); - gt result = ate_miller_loop(prec_P, prec_Q); - return result; - } - - static gt ate_pair_reduced(const g1 &P, const g2 &Q) { - const gt f = ate_pair(P, Q); - const gt result = final_exponentiation(f); - return result; - } - - /************************* CHOICE OF PAIRING ***********************************/ - - public: - static g1_precomputed_type precompute_g1(const g1 &P) { - return ate_precompute_g1(P); - } - - static g2_precomputed_type precompute_g2(const g2 &Q) { - return ate_precompute_g2(Q); - } - - static gt miller_loop(const g1_precomputed_type &prec_P, const g2_precomputed_type &prec_Q) { - return ate_miller_loop(prec_P, prec_Q); - } - - static gt double_miller_loop(const g1_precomputed_type &prec_P1, - const g2_precomputed_type &prec_Q1, - const g1_precomputed_type &prec_P2, - const g2_precomputed_type &prec_Q2) { - return ate_double_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2); - } - - static gt pair(const g1 &P, const g2 &Q) { - return ate_pair(P, Q); - } - - static gt pair_reduced(const g1 &P, const g2 &Q) { - return ate_pair_reduced(P, Q); - } - }; - } // namespace detail - } // namespace pairing - } // namespace algebra - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_ALGEBRA_PAIRING_ALT_BN128_FUNCTIONS_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/params.hpp index 8a714312a4..c06384b956 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/alt_bn128/params.hpp @@ -45,15 +45,12 @@ namespace nil { public: using integral_type = typename curve_type::base_field_type::integral_type; - using extended_integral_type = typename curve_type::base_field_type::extended_integral_type; constexpr static const std::size_t integral_type_max_bits = curve_type::base_field_type::modulus_bits; constexpr static const integral_type ate_loop_count = 0x19D797039BE763BA8_cppui_modular254; constexpr static const bool ate_is_loop_count_neg = false; - constexpr static const extended_integral_type final_exponent = extended_integral_type( - 0x2F4B6DC97020FDDADF107D20BC842D43BF6369B1FF6A1C71015F3F7BE2E1E30A73BB94FEC0DAF15466B2383A5D3EC3D15AD524D8F70C54EFEE1BD8C3B21377E563A09A1B705887E72ECEADDEA3790364A61F676BAAF977870E88D5C6C8FEF0781361E443AE77F5B63A2A2264487F2940A8B1DDB3D15062CD0FB2015DFC6668449AED3CC48A82D0D602D268C7DAAB6A41294C0CC4EBE5664568DFC50E1648A45A4A1E3A5195846A3ED011A337A02088EC80E0EBAE8755CFE107ACF3AAFB40494E406F804216BB10CF430B0F37856B42DB8DC5514724EE93DFB10826F0DD4A0364B9580291D2CD65664814FDE37CA80BB4EA44EACC5E641BBADF423F9A2CBF813B8D145DA90029BAEE7DDADDA71C7F3811C4105262945BBA1668C3BE69A3C230974D83561841D766F9C9D570BB7FBE04C7E8A6C3C760C0DE81DEF35692DA361102B6B9B2B918837FA97896E84ABB40A4EFB7E54523A486964B64CA86F120_cppui_modular2790); using g2_field_type = typename curve_type::g2_type<>::params_type::field_type; @@ -145,9 +142,6 @@ namespace nil { constexpr typename pairing_params>::integral_type const pairing_params>::final_exponent_z; - constexpr typename pairing_params>::extended_integral_type const - pairing_params>::final_exponent; - constexpr bool const pairing_params>::ate_is_loop_count_neg; constexpr bool const pairing_params>::final_exponent_is_z_neg; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/377/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/377/params.hpp index 2c1160c5fa..555a7927b8 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/377/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/377/params.hpp @@ -43,7 +43,6 @@ namespace nil { public: using integral_type = typename curve_type::base_field_type::integral_type; - using extended_integral_type = typename curve_type::base_field_type::extended_integral_type; constexpr static const std::size_t integral_type_max_bits = curve_type::base_field_type::modulus_bits; @@ -52,8 +51,6 @@ namespace nil { 0x8508C00000000001_cppui_modular64; constexpr static const bool ate_is_loop_count_neg = false; - // constexpr static const extended_integral_type final_exponent = extended_integral_type( - // 0x1B2FF68C1ABDC48AB4F04ED12CC8F9B2F161B41C7EB8865B9AD3C9BB0571DD94C6BDE66548DC13624D9D741024CEB315F46A89CC2482605EB6AFC6D8977E5E2CCBEC348DD362D59EC2B5BC62A1B467AE44572215548ABC98BB4193886ED89CCEAEDD0221ABA84FB33E5584AC29619A87A00C315178155496857C995EAB4A8A9AF95F4015DB27955AE408D6927D0AB37D52F3917C4DDEC88F8159F7BCBA7EB65F1AAE4EEB4E70CB20227159C08A7FDFEA9B62BB308918EAC3202569DD1BCDD86B431E3646356FC3FB79F89B30775E006993ADB629586B6C874B7688F86F11EF7AD94A40EB020DA3C532B317232FA56DC564637B331A8E8832EAB84269F00B506602C8594B7F7DA5A5D8D851FFF6AB1D38A354FC8E0B8958E2A9E5CE2D7E50EC36D761D9505FE5E1F317257E2DF2952FCD4C93B85278C20488B4CCAEE94DB3FEC1CE8283473E4B493843FA73ABE99AF8BAFCE29170B2B863B9513B5A47312991F60C5A4F6872B5D574212BF00D797C0BEA3C0F7DFD748E63679FDA9B1C50F2DF74DE38F38E004AE0DF997A10DB31D209CACBF58BA0678BFE7CD0985BC43258D72D8D5106C21635AE1E527EB01FCA3032D50D97756EC9EE756EABA7F21652A808A4E2539E838EF7EC4B178B29E3B976C46BD0ECDD32C1FB75E6E0AEF2D8B5661F595A98023F3520381ABA8DA6CCE785DBB0A0BBA025478D75EE749619CDB7C42A21098ECE86A00C6C2046C1E00000063C69000000000000_cppui_modular4269); constexpr static const integral_type final_exponent_z = 0x8508C00000000001_cppui_modular64; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/381/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/381/params.hpp index c5ae51f23f..d4df2fde37 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/381/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/bls12/381/params.hpp @@ -43,7 +43,6 @@ namespace nil { public: using integral_type = typename curve_type::base_field_type::integral_type; - using extended_integral_type = typename curve_type::base_field_type::extended_integral_type; constexpr static const std::size_t integral_type_max_bits = curve_type::base_field_type::modulus_bits; @@ -52,8 +51,6 @@ namespace nil { 0xD201000000010000_cppui_modular64; constexpr static const bool ate_is_loop_count_neg = true; - // constexpr static const extended_integral_type final_exponent = extended_integral_type( - // 0x2EE1DB5DCC825B7E1BDA9C0496A1C0A89EE0193D4977B3F7D4507D07363BAA13F8D14A917848517BADC3A43D1073776AB353F2C30698E8CC7DEADA9C0AADFF5E9CFEE9A074E43B9A660835CC872EE83FF3A0F0F1C0AD0D6106FEAF4E347AA68AD49466FA927E7BB9375331807A0DCE2630D9AA4B113F414386B0E8819328148978E2B0DD39099B86E1AB656D2670D93E4D7ACDD350DA5359BC73AB61A0C5BF24C374693C49F570BCD2B01F3077FFB10BF24DDE41064837F27611212596BC293C8D4C01F25118790F4684D0B9C40A68EB74BB22A40EE7169CDC1041296532FEF459F12438DFC8E2886EF965E61A474C5C85B0129127A1B5AD0463434724538411D1676A53B5A62EB34C05739334F46C02C3F0BD0C55D3109CD15948D0A1FAD20044CE6AD4C6BEC3EC03EF19592004CEDD556952C6D8823B19DADD7C2498345C6E5308F1C511291097DB60B1749BF9B71A9F9E0100418A3EF0BC627751BBD81367066BCA6A4C1B6DCFC5CCEB73FC56947A403577DFA9E13C24EA820B09C1D9F7C31759C3635DE3F7A3639991708E88ADCE88177456C49637FD7961BE1A4C7E79FB02FAA732E2F3EC2BEA83D196283313492CAA9D4AFF1C910E9622D2A73F62537F2701AAEF6539314043F7BBCE5B78C7869AEB2181A67E49EEED2161DAF3F881BD88592D767F67C4717489119226C2F011D4CAB803E9D71650A6F80698E2F8491D12191A04406FBC8FBD5F48925F98630E68BFB24C0BCB9B55DF57510_cppui_modular4314); constexpr static const integral_type final_exponent_z = 0xD201000000010000_cppui_modular64; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/jacobian_with_a4_0/types.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/jacobian_with_a4_0/types.hpp index a3e1981898..801b3e3a99 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/jacobian_with_a4_0/types.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/jacobian_with_a4_0/types.hpp @@ -44,7 +44,6 @@ namespace nil { public: using integral_type = typename curve_type::base_field_type::integral_type; - using extended_integral_type = typename curve_type::base_field_type::extended_integral_type; using g1_field_value_type = typename curve_type::base_field_type::value_type; using g2_field_value_type = typename curve_type::template g2_type<>::field_type::value_type; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/projective/types.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/projective/types.hpp index d798a130d9..4267fa7f9b 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/projective/types.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/forms/short_weierstrass/projective/types.hpp @@ -41,7 +41,6 @@ namespace nil { public: using integral_type = typename curve_type::base_field_type::integral_type; - using extended_integral_type = typename curve_type::base_field_type::extended_integral_type; using g1_field_value_type = typename curve_type::base_field_type::value_type; using g2_field_value_type = typename curve_type::template g2_type<>::field_type::value_type; @@ -53,10 +52,6 @@ namespace nil { }; struct affine_ate_coeffs { - // TODO: trim (not all of them are needed) - g2_field_value_type old_RX; - g2_field_value_type old_RY; - g2_field_value_type gamma; g2_field_value_type gamma_twist; g2_field_value_type gamma_X; }; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt4/298/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt4/298/params.hpp index 196c97b96b..823197fc4d 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt4/298/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt4/298/params.hpp @@ -43,7 +43,6 @@ namespace nil { public: using integral_type = typename curve_type::base_field_type::integral_type; - using extended_integral_type = typename curve_type::base_field_type::extended_integral_type; constexpr static const std::size_t integral_type_max_bits = curve_type::base_field_type::modulus_bits; @@ -51,8 +50,6 @@ namespace nil { constexpr static const integral_type ate_loop_count = 0x1EEF5546609756BEC2A33F0DC9A1B671660000_cppui_modular149; constexpr static const bool ate_is_loop_count_neg = false; - constexpr static const extended_integral_type final_exponent = extended_integral_type( - 0x343C7AC3174C87A1EFE216B37AFB6D3035ACCA5A07B2394F42E0029264C0324A95E87DCB6C97234CBA7385B8D20FEA4E85074066818687634E61F58B68EA590B11CEE431BE8348DEB351384D8485E987A57004BB9A1E7A6036C7A5801F55AC8E065E41B012422619E7E69541C5980000_cppui_modular894); constexpr static const integral_type final_exponent_last_chunk_abs_of_w0 = 0x1EEF5546609756BEC2A33F0DC9A1B671660001_cppui_modular149; @@ -77,8 +74,6 @@ namespace nil { pairing_params>::final_exponent_last_chunk_abs_of_w0; constexpr typename pairing_params>::integral_type const pairing_params>::final_exponent_last_chunk_w1; - constexpr typename pairing_params>::extended_integral_type const - pairing_params>::final_exponent; constexpr typename pairing_params>::g2_field_type_value const pairing_params>::twist; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt6/298/params.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt6/298/params.hpp index 08904dd16d..497fbb83b4 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt6/298/params.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/detail/mnt6/298/params.hpp @@ -43,7 +43,6 @@ namespace nil { public: using integral_type = typename curve_type::base_field_type::integral_type; - using extended_integral_type = typename curve_type::base_field_type::extended_integral_type; constexpr static const std::size_t integral_type_max_bits = curve_type::base_field_type::modulus_bits; @@ -51,8 +50,6 @@ namespace nil { constexpr static const integral_type ate_loop_count = 0x1EEF5546609756BEC2A33F0DC9A1B671660000_cppui_modular149; constexpr static const bool ate_is_loop_count_neg = true; - constexpr static const extended_integral_type final_exponent = extended_integral_type( - 0x2D9F068E10293574745C62CB0EE7CF1D27F98BA7E8F16BB1CB498038B1B0B4D7EA28C42575093726D5E360818F2DD5B39038CFF6405359561DD2F2F0627F9264724E069A7198C17873F7F54D8C7CE3D5DAED1AC5E87C26C03B1F481813BB668B6FEDC7C2AAA83936D8BC842F74C66E7A13921F7D91474B3981D3A3B3B40537720C84FE27E3E90BB29DB12DFFE17A286C150EF5071B3087765F9454046ECBDD3B014FF91A1C18D55DB868E841DBF82BCCEFB4233833BD800000000_cppui_modular1490); constexpr static const integral_type final_exponent_last_chunk_abs_of_w0 = 0x1EEF5546609756BEC2A33F0DC9A1B671660000_cppui_modular149; // same as ate_loop_count? @@ -78,8 +75,6 @@ namespace nil { pairing_params>::final_exponent_last_chunk_abs_of_w0; constexpr typename pairing_params>::integral_type const pairing_params>::final_exponent_last_chunk_w1; - constexpr typename pairing_params>::extended_integral_type const - pairing_params>::final_exponent; constexpr typename pairing_params>::g2_field_type_value const pairing_params>::twist; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0/final_exponentiation.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0/final_exponentiation.hpp index 52a0643bf1..2081ebb788 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0/final_exponentiation.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0/final_exponentiation.hpp @@ -28,6 +28,8 @@ #include +#include + namespace nil { namespace crypto3 { namespace algebra { @@ -114,12 +116,13 @@ namespace nil { } public: - static typename gt_type::value_type process(const typename gt_type::value_type &elt) { + static std::optional + process(const typename gt_type::value_type &elt) { + + if (elt.is_zero()) { + return std::nullopt; + } - /* OLD naive version: - typename gt_type::value_type result = - elt^final_exponent; - */ typename gt_type::value_type A = final_exponentiation_first_chunk(elt); typename gt_type::value_type result = final_exponentiation_last_chunk(A); diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0_sbit/final_exponentiation.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0_sbit/final_exponentiation.hpp index aa1a72d734..1d01e7d37e 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0_sbit/final_exponentiation.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/jacobian_with_a4_0_sbit/final_exponentiation.hpp @@ -29,6 +29,8 @@ #include +#include + namespace nil { namespace crypto3 { namespace algebra { @@ -55,8 +57,13 @@ namespace nil { public: /* https://link.springer.com/chapter/10.1007/978-3-642-28496-0_25#preview * */ - static typename gt_type::value_type process(const typename gt_type::value_type &elt) { - /* TODO: check elt == 0 ? */ + static std::optional + process(const typename gt_type::value_type &elt) { + + if (elt.is_zero()) { + return std::nullopt; + } + auto f1 = elt.unitary_inversed(); auto f2 = elt.inversed(); auto r = f1 * f2; diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/projective/affine_ate_precompute_g2.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/projective/affine_ate_precompute_g2.hpp deleted file mode 100644 index cfd9c17a0e..0000000000 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/forms/short_weierstrass/projective/affine_ate_precompute_g2.hpp +++ /dev/null @@ -1,116 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ALGEBRA_PAIRING_SHORT_WEIERSTRASS_PROJECTIVE_AFFINE_ATE_PRECOMPUTE_G2_HPP -#define CRYPTO3_ALGEBRA_PAIRING_SHORT_WEIERSTRASS_PROJECTIVE_AFFINE_ATE_PRECOMPUTE_G2_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace algebra { - namespace pairing { - - template - class short_weierstrass_projective_affine_ate_precompute_g2 { - using curve_type = CurveType; - - using params_type = detail::pairing_params; - typedef detail::short_weierstrass_projective_types_policy policy_type; - - using base_field_type = typename curve_type::base_field_type; - using g2_type = typename curve_type::template g2_type<>; - using g2_affine_type = typename curve_type::template g2_type; - - using g2_field_type_value = typename g2_type::field_type::value_type; - - public: - using g2_precomputed_type = typename policy_type::affine_ate_g2_precomputation; - - static g2_precomputed_type process(const typename g2_type::value_type &Q) { - - typename g2_affine_type::value_type Qcopy = Q.to_affine(); - - g2_precomputed_type result; - result.QX = Qcopy.X; - result.QY = Qcopy.Y; - - g2_field_type_value RX = Qcopy.X; - g2_field_type_value RY = Qcopy.Y; - bool found_nonzero = false; - - std::vector NAF = boost::multiprecision::find_wnaf(1, policy_type::ate_loop_count); - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - typename policy_type::affine_ate_coeffs c; - c.old_RX = RX; - c.old_RY = RY; - g2_field_type_value old_RX_2 = c.old_RX.squared(); - c.gamma = (old_RX_2 + old_RX_2 + old_RX_2 + params_type::twist_coeff_a) * - (c.old_RY + c.old_RY).inversed(); - c.gamma_twist = c.gamma * params_type::twist; - - c.gamma_X = c.gamma * c.old_RX; - result.coeffs.push_back(c); - - RX = c.gamma.squared() - (c.old_RX + c.old_RX); - RY = c.gamma * (c.old_RX - RX) - c.old_RY; - - if (NAF[i] != 0) { - typename policy_type::affine_ate_coeffs c; - c.old_RX = RX; - c.old_RY = RY; - if (NAF[i] > 0) { - c.gamma = (c.old_RY - result.QY) * (c.old_RX - result.QX).inversed(); - } else { - c.gamma = (c.old_RY + result.QY) * (c.old_RX - result.QX).inversed(); - } - c.gamma_twist = c.gamma * params_type::twist; - - c.gamma_X = c.gamma * result.QX; - result.coeffs.push_back(c); - - RX = c.gamma.squared() - (c.old_RX + result.QX); - RY = c.gamma * (c.old_RX - RX) - c.old_RY; - } - } - - return result; - } - }; - } // namespace pairing - } // namespace algebra - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_ALGEBRA_PAIRING_SHORT_WEIERSTRASS_PROJECTIVE_AFFINE_ATE_PRECOMPUTE_G2_HPP diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt4/298/final_exponentiation.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt4/298/final_exponentiation.hpp index a5a43fba2f..6c585caffa 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt4/298/final_exponentiation.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt4/298/final_exponentiation.hpp @@ -30,6 +30,8 @@ #include #include +#include + namespace nil { namespace crypto3 { namespace algebra { @@ -80,7 +82,11 @@ namespace nil { } public: - static typename gt_type::value_type process(const typename gt_type::value_type &elt) { + static std::optional process(const typename gt_type::value_type &elt) { + + if (elt.is_zero()) { + return std::nullopt; + } const typename gt_type::value_type elt_inv = elt.inversed(); const typename gt_type::value_type elt_to_first_chunk = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt6/298/final_exponentiation.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt6/298/final_exponentiation.hpp index 0583d99ef1..359b51324f 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt6/298/final_exponentiation.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/pairing/mnt6/298/final_exponentiation.hpp @@ -30,6 +30,8 @@ #include #include +#include + namespace nil { namespace crypto3 { namespace algebra { @@ -84,7 +86,11 @@ namespace nil { } public: - static typename gt_type::value_type process(const typename gt_type::value_type &elt) { + static std::optional process(const typename gt_type::value_type &elt) { + + if (elt.is_zero()) { + return std::nullopt; + } const typename gt_type::value_type elt_inv = elt.inversed(); const typename gt_type::value_type elt_to_first_chunk = diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/random_element.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/random_element.hpp index a22b67cfed..2270a070ab 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/random_element.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/random_element.hpp @@ -107,8 +107,10 @@ namespace nil { using distribution_type = boost::random::uniform_int_distribution; using generator_type = GeneratorType; - return random_element(rng) * - CurveGroupType::value_type::one(); + typename curve_type::scalar_field_type::value_type scalar = + random_element(rng); + + return CurveGroupType::value_type::one() * scalar; } } // namespace algebra diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/type_traits.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/type_traits.hpp index 0c8d9a0885..6cc2cd9a81 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/type_traits.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/type_traits.hpp @@ -1,6 +1,7 @@ //---------------------------------------------------------------------------// // Copyright (c) 2018-2021 Mikhail Komarov // Copyright (c) 2020-2021 Nikita Kaskov +// Copyright (c) 2024 Vasiliy Olekhov // // MIT License // @@ -43,18 +44,28 @@ namespace nil { BOOST_TTI_HAS_TYPE(const_iterator) BOOST_TTI_HAS_TYPE(extension_policy) + BOOST_TTI_HAS_TYPE(params_type) BOOST_TTI_HAS_TYPE(curve_type) BOOST_TTI_HAS_TYPE(field_type) + BOOST_TTI_HAS_TYPE(underlying_type) BOOST_TTI_HAS_TYPE(value_type) BOOST_TTI_HAS_TYPE(integral_type) BOOST_TTI_HAS_TYPE(base_field_type) BOOST_TTI_HAS_TYPE(modular_type) BOOST_TTI_HAS_TYPE(scalar_field_type) - BOOST_TTI_HAS_TYPE(g1_type) - BOOST_TTI_HAS_TYPE(g2_type) BOOST_TTI_HAS_TYPE(gt_type) - BOOST_TTI_HAS_TEMPLATE(g2_type) + // BOOST_TTI_HAS_TYPE(g1_type) does not work properly on g1_type since it is a template + template > + struct has_type_g1_type : std::false_type {}; + template + struct has_type_g1_type>> : std::true_type {}; + + // BOOST_TTI_HAS_TYPE(g2_type) does not work properly on g2_type since it is a template + template > + struct has_type_g2_type : std::false_type {}; + template + struct has_type_g2_type>> : std::true_type {}; BOOST_TTI_HAS_TYPE(group_type) @@ -69,6 +80,7 @@ namespace nil { BOOST_TTI_HAS_FUNCTION(to_affine) BOOST_TTI_HAS_FUNCTION(to_special) BOOST_TTI_HAS_FUNCTION(is_special) + BOOST_TTI_HAS_FUNCTION(sqrt) BOOST_TTI_HAS_STATIC_MEMBER_FUNCTION(zero) BOOST_TTI_HAS_STATIC_MEMBER_FUNCTION(one) @@ -77,51 +89,59 @@ namespace nil { BOOST_TTI_HAS_FUNCTION(double_inplace) BOOST_TTI_HAS_FUNCTION(mixed_add) + BOOST_TTI_HAS_FUNCTION(inversed) + template struct is_curve { - static const bool value = has_type_base_field_type::value && has_type_scalar_field_type::value && - has_type_g1_type::value && has_type_g2_type::value && - has_type_gt_type::value; - typedef T type; + static constexpr bool value = + has_type_base_field_type::value && + has_type_scalar_field_type::value && + has_type_g1_type::value; }; - // TODO: we should add some other params to curve group policy to identify it more clearly + /** @brief is typename T either g1 or g2 group */ template struct is_curve_group { - static const bool value = has_type_value_type::value && has_type_field_type::value && - has_static_member_data_value_bits::value && - has_type_curve_type::value; - typedef T type; + static constexpr bool value = + has_type_params_type::value && + has_type_curve_type >::value && + has_type_field_type::value && + has_type_value_type::value; }; + /** @brief is typename T a field */ template struct is_field { static const bool value = - has_type_value_type::value && has_static_member_data_value_bits::value && + has_type_value_type::value && + has_static_member_data_value_bits::value && has_type_integral_type::value && has_static_member_data_modulus_bits::value && - has_type_modular_type::value && has_static_member_data_arity::value; + has_type_modular_type::value && + has_static_member_data_arity::value; typedef T type; }; + /** @brief is typename T an extended field (e.g. Fp2) */ template struct is_extended_field { - static const bool value = has_type_value_type::value && - has_static_member_data_value_bits::value && - has_type_integral_type::value && - has_static_member_data_modulus_bits::value && - has_type_modular_type::value && - has_type_extension_policy::value; + static const bool value = + is_field::value && + has_type_extension_policy::value; typedef T type; }; template - struct is_group_element { + struct is_curve_element { static const bool value = - has_type_field_type::value && has_type_group_type::value && - has_static_member_function_zero::value && has_static_member_function_one::value && - has_function_is_zero::value && has_function_is_well_formed::value && - has_function_double_inplace::value; + has_type_field_type::value && + has_type_group_type::value && + has_static_member_function_zero::value && + has_static_member_function_one::value && + has_function_is_zero::value && + has_function_is_well_formed::value && + has_function_double_inplace::value + ; }; template @@ -129,140 +149,21 @@ namespace nil { static const bool value = has_function_mixed_add>::value; }; - namespace curves { - namespace detail { - template - class curve_element; - } // namespace detail - } // namespace curves - - template - struct is_group_element> { - static const bool value = true; - }; - - namespace fields { - namespace detail { - template - class element_fp; - - template - class element_fp2; - - template - class element_fp3; - - template - class element_fp4; - - template - class element_fp6_2over3; - - template - class element_fp6_3over2; - - template - class element_fp12_2over3over2; - } // namespace detail - } // namespace curves - - template - struct is_field_element { - static const bool value = false; - }; - - template - struct is_extended_field_element { - static const bool value = false; - }; - - template - struct is_field_element> { - static const bool value = true; - }; - - template - struct is_extended_field_element> { - static const bool value = false; - }; - - template - struct is_field_element> { - static const bool value = true; - }; - - template - struct is_extended_field_element> { - static const bool value = true; - }; - - template - struct is_field_element> { - static const bool value = true; - }; - - template - struct is_extended_field_element> { - static const bool value = true; - }; - - template - struct is_field_element> { - static const bool value = true; - }; - - template - struct is_extended_field_element> { - static const bool value = true; - }; - - template - struct is_field_element> { - static const bool value = true; - }; - - template - struct is_extended_field_element> { - static const bool value = true; - }; - - template - struct is_field_element> { - static const bool value = true; - }; - - template - struct is_extended_field_element> { - static const bool value = true; - }; - - template - struct is_field_element> { - static const bool value = true; - }; - - template - struct is_extended_field_element> { - static const bool value = true; - }; - template - struct is_g1_group_element { + struct is_field_element { static const bool value = - boost::is_same< - typename T::group_type::curve_type::template g1_type, - typename T::group_type - >::value; + has_type_field_type::value && + has_function_is_zero::value && + has_function_inversed::value && + has_static_member_function_zero::value; }; - template - struct is_g2_group_element { + struct is_extended_field_element { static const bool value = - boost::is_same< - typename T::group_type::curve_type::template g2_type, - typename T::group_type - >::value; + is_field_element::value && + has_type_underlying_type::value + ; }; template diff --git a/crypto3/libs/algebra/include/nil/crypto3/algebra/wnaf.hpp b/crypto3/libs/algebra/include/nil/crypto3/algebra/wnaf.hpp index 99b9026279..ed851b5cab 100644 --- a/crypto3/libs/algebra/include/nil/crypto3/algebra/wnaf.hpp +++ b/crypto3/libs/algebra/include/nil/crypto3/algebra/wnaf.hpp @@ -28,6 +28,7 @@ #include #include +#include namespace nil { namespace crypto3 { @@ -66,12 +67,14 @@ namespace nil { return res; } - // TODO: check, that CurveGroupValueType is a curve group element. Otherwise it has no wnaf_window_table template - CurveGroupValueType opt_window_wnaf_exp(const CurveGroupValueType &base, - const boost::multiprecision::number &scalar, - const std::size_t scalar_bits) { + std::enable_if_t< + is_curve_element::value, + CurveGroupValueType> + opt_window_wnaf_exp(const CurveGroupValueType &base, + const boost::multiprecision::number &scalar, + const std::size_t scalar_bits) { std::size_t best = 0; for (long i = curves::wnaf_params::wnaf_window_table.size() - 1; diff --git a/crypto3/libs/algebra/test/CMakeLists.txt b/crypto3/libs/algebra/test/CMakeLists.txt index 45ea7c082b..22e215a7b2 100644 --- a/crypto3/libs/algebra/test/CMakeLists.txt +++ b/crypto3/libs/algebra/test/CMakeLists.txt @@ -56,6 +56,8 @@ set(RUNTIME_TESTS_NAMES "fields" "fields_static" "pairing" + "type_traits" + "multiexp" ) set(COMPILE_TIME_TESTS_NAMES diff --git a/crypto3/libs/algebra/test/curves.cpp b/crypto3/libs/algebra/test/curves.cpp index d3ff117875..05869075df 100644 --- a/crypto3/libs/algebra/test/curves.cpp +++ b/crypto3/libs/algebra/test/curves.cpp @@ -100,7 +100,7 @@ enum curve_operation_test_points : std::size_t { template void check_curve_operations(const std::vector &points, - const std::vector &constants) { + const std::vector &constants) { BOOST_CHECK_EQUAL(points[p1] + CurveGroup::value_type::zero(), points[p1]); BOOST_CHECK_EQUAL(points[p1] - CurveGroup::value_type::zero(), points[p1]); @@ -145,26 +145,18 @@ void check_curve_operations(const std::vector & result *= (constants[C1]); result += points[p2] * (constants[C2]); BOOST_CHECK_EQUAL(result, points[p2_mul_C1_plus_p2_mul_C2]); - - /* Check operators * and *= for 'scalar' type. The above is checked for integral type */ - using scalar = typename CurveGroup::params_type::scalar_field_type::value_type; - scalar c1(constants[C1]), c2(constants[C2]); - result = points[p2]; - result *= c1; - result += points[p2] * c2; - BOOST_CHECK_EQUAL(result, points[p2_mul_C1_plus_p2_mul_C2]); } // temporary separated test for JubJub and BabyJubJub template void check_curve_operations_twisted_edwards( std::vector &points, - const std::vector &constants) { + const std::vector &constants) { using scalar = typename CurveGroup::params_type::scalar_field_type::value_type; - BOOST_CHECK_MESSAGE((points[p1]*(scalar::modulus)).is_zero(), "Point p1 subgroup check"); - BOOST_CHECK_MESSAGE((points[p2]*(scalar::modulus)).is_zero(), "Point p2 subgroup check"); + BOOST_CHECK_MESSAGE(subgroup_check(points[p1]), "Point p1 subgroup check"); + BOOST_CHECK_MESSAGE(subgroup_check(points[p2]), "Point p2 subgroup check"); BOOST_CHECK_EQUAL(points[p1] + points[p2], points[p1_plus_p2]); BOOST_CHECK_EQUAL(points[p1] - points[p2], points[p1_minus_p2]); @@ -200,21 +192,13 @@ void check_curve_operations_twisted_edwards( result *= (constants[C1]); result += points[p2] * (constants[C2]); BOOST_CHECK_EQUAL(result, points[p2_mul_C1_plus_p2_mul_C2]); - - /* Check operators * and *= for 'scalar' type. The above is checked for integral type */ - using scalar = typename CurveGroup::params_type::scalar_field_type::value_type; - scalar c1(constants[C1]), c2(constants[C2]); - result = points[p2]; - result *= c1; - result += points[p2] * c2; - BOOST_CHECK_EQUAL(result, points[p2_mul_C1_plus_p2_mul_C2]); } template void check_montgomery_twisted_edwards_conversion( const std::vector< curves::detail::curve_element> &points, - const std::vector &constants) { + const std::vector &constants) { BOOST_CHECK_EQUAL(points[p1], points[p1].to_twisted_edwards().to_montgomery()); BOOST_CHECK_EQUAL(points[p1] + points[p2], (points[p1].to_twisted_edwards() + points[p2].to_twisted_edwards()).to_montgomery()); @@ -222,7 +206,7 @@ void check_montgomery_twisted_edwards_conversion( template void fp_curve_test_init(std::vector &points, - std::vector &constants, + std::vector &constants, const TestSet &test_set) { typedef typename FpCurveGroup::field_type::value_type field_value_type; std::array coordinates; @@ -252,11 +236,15 @@ void fp_curve_test_init(std::vector &points, } template -void fp_curve_twisted_edwards_test_init(std::vector &points, - std::vector &constants, - const TestSet &test_set) { +void fp_curve_twisted_edwards_test_init( + std::vector &points, + std::vector &constants, + const TestSet &test_set) { typedef typename FpCurveGroup::field_type::value_type field_value_type; std::array coordinates; + using scalar_field_type = typename FpCurveGroup::params_type::scalar_field_type; + using scalar_value_type = typename scalar_field_type::value_type; + using integral_type = typename scalar_field_type::integral_type; int p = 0; for (auto &point : test_set.second.get_child("point_coordinates")) { @@ -271,19 +259,23 @@ void fp_curve_twisted_edwards_test_init(std::vector void fp_extended_curve_twisted_edwards_test_init( std::vector &points, - std::vector &constants, + std::vector &constants, const TestSet &test_set) { typedef typename FpCurveGroup::field_type::value_type field_value_type; typedef typename FpCurveGroup::curve_type::template g1_type group_affine_type; + using scalar_field_type = typename FpCurveGroup::params_type::scalar_field_type; + using scalar_value_type = typename scalar_field_type::value_type; + using integral_type = typename scalar_field_type::integral_type; + std::array coordinates; int p = 0; @@ -301,17 +293,21 @@ void fp_extended_curve_twisted_edwards_test_init( } for (auto &constant : test_set.second.get_child("constants")) { - constants.emplace_back(typename FpCurveGroup::field_type::integral_type(constant.second.data())); + constants.emplace_back(scalar_value_type(integral_type(constant.second.data()))); } } template void fp2_curve_test_init(std::vector &points, - std::vector &constants, + std::vector &constants, const TestSet &test_set) { using fp2_value_type = typename Fp2CurveGroup::field_type::value_type; using integral_type = typename fp2_value_type::underlying_type::integral_type; std::array coordinates; + using scalar_field_type = typename Fp2CurveGroup::params_type::scalar_field_type; + using scalar_value_type = typename scalar_field_type::value_type; + using scalar_integral_type = typename scalar_field_type::integral_type; + int p = 0; for (auto &point : test_set.second.get_child("point_coordinates")) { @@ -331,16 +327,19 @@ void fp2_curve_test_init(std::vector &points } for (auto &constant : test_set.second.get_child("constants")) { - constants.emplace_back(std::stoul(constant.second.data())); + constants.emplace_back(scalar_value_type(scalar_integral_type(constant.second.data()))); } } template void fp3_curve_test_init(std::vector &points, - std::vector &constants, + std::vector &constants, const TestSet &test_set) { using fp3_value_type = typename Fp3CurveGroup::field_type::value_type; using integral_type = typename fp3_value_type::underlying_type::integral_type; + using scalar_field_type = typename Fp3CurveGroup::params_type::scalar_field_type; + using scalar_value_type = typename scalar_field_type::value_type; + using scalar_integral_type = typename scalar_field_type::integral_type; std::array coordinates; @@ -362,18 +361,19 @@ void fp3_curve_test_init(std::vector &points } for (auto &constant : test_set.second.get_child("constants")) { - constants.emplace_back(std::stoul(constant.second.data())); + constants.emplace_back(scalar_value_type(scalar_integral_type(constant.second.data()))); } } template -void curve_operation_test(const TestSet &test_set, - void (&test_init)(std::vector &, - std::vector &, - const TestSet &)) { +void curve_operation_test( + const TestSet &test_set, + void (&test_init)(std::vector &, + std::vector &, + const TestSet &)) { std::vector points; - std::vector constants; + std::vector constants; test_init(points, constants, test_set); @@ -384,11 +384,11 @@ template void curve_operation_test_twisted_edwards( const TestSet &test_set, void (&test_init)(std::vector &, - std::vector &, + std::vector &, const TestSet &)) { std::vector points; - std::vector constants; + std::vector constants; test_init(points, constants, test_set); @@ -396,13 +396,14 @@ void curve_operation_test_twisted_edwards( } template -void curve_operation_test_montgomery(const TestSet &test_set, - void (&test_init)(std::vector &, - std::vector &, - const TestSet &)) { +void curve_operation_test_montgomery( + const TestSet &test_set, + void (&test_init)(std::vector &, + std::vector &, + const TestSet &)) { std::vector points; - std::vector constants; + std::vector constants; test_init(points, constants, test_set); @@ -421,7 +422,8 @@ BOOST_DATA_TEST_CASE(curve_operation_test_jubjub_g1, string_data("curve_operatio BOOST_AUTO_TEST_CASE(curve_operation_test_babyjubjub_g1) { using policy_type = curves::babyjubjub::g1_type<>; - using integral_type = typename policy_type::field_type::value_type::integral_type; + using integral_type = typename policy_type::params_type::scalar_field_type::integral_type; + using scalar_value_type = typename policy_type::params_type::scalar_field_type::value_type; typename policy_type::value_type P1( typename policy_type::field_type::value_type( @@ -458,23 +460,23 @@ BOOST_AUTO_TEST_CASE(curve_operation_test_babyjubjub_g1) { typename policy_type::field_type::value_type( 0x14e9693f16d75f7065ce51e1f46ae6c60841ca1e0cf264eda26398e36ca2ed69_cppui_modular252)), et_s2P5(typename policy_type::field_type::value_type( - 0x25bd7aefee96617d4f715ecf8e50ef9fa102eeb452642c6322d38aa9b32c2ca5_cppui_modular252), + 0x031b924a83fbbdc206fb2d3bc85b7a724000714627f681a60b34885e4deca1d6_cppui_modular252), typename policy_type::field_type::value_type( - 0x8e043ec729eedea414b63de474c8f0930ea966733ae283e01f348ca3c35e3ab_cppui_modular252)), + 0x242e364702e64a6850c9aee7ece7ca79ba019ca7a63684e2df0873ca0d8f7e87_cppui_modular252)), P6(typename policy_type::field_type::value_type( 0xf3c160e26fc96c347dd9e705eb5a3e8d661502728609ff95b3b889296901ab5_cppui_modular252), typename policy_type::field_type::value_type( 0x9979273078b5c735585107619130e62e315c5cafe683a064f79dfed17eb14e1_cppui_modular252)), et_s1P6(typename policy_type::field_type::value_type( - 0x1dfce39036af5e722b6c8a3214b93b93b2eac662ec2cf67195ef3994b944fb0f_cppui_modular252), + 0x2e6475817d356adbbfcec42b2f7b90500d6f74e8cd4ec1ac0b6effd00ba854d7_cppui_modular252), typename policy_type::field_type::value_type( - 0x12aa55c3cc7ff986c520ddcae3927877e682f01bed87628f643f34905692880e_cppui_modular252)); + 0x195a50f93ff3f3e68bd593be5781301c32962777dc8237b099c23d39c24ec76a_cppui_modular252)); - BOOST_CHECK_EQUAL(et_s1P5, static_cast(3u) * P5); - BOOST_CHECK_EQUAL(et_s2P5, integral_type("14035240266687799601661095864649209771790948434046947201833777492504781204499") * - P5); - BOOST_CHECK_EQUAL(et_s1P6, integral_type("20819045374670962167435360035096875258406992893633759881276124905556507972311") * - P6); + BOOST_CHECK_EQUAL(et_s1P5, scalar_value_type(integral_type(3u)) * P5); + BOOST_CHECK_EQUAL(et_s2P5, scalar_value_type(integral_type( + "14035240266687799601661095864649209771790948434046947201833777492504781")) * P5); + BOOST_CHECK_EQUAL(et_s1P6, scalar_value_type(integral_type( + "20819045374670962167435360035096875258406992893633759881276124905556507")) * P6); BOOST_CHECK(P5.is_well_formed()); BOOST_CHECK(P6.is_well_formed()); diff --git a/crypto3/libs/algebra/test/data/curves.json b/crypto3/libs/algebra/test/data/curves.json index 84e8e884ec..68e3f79230 100644 --- a/crypto3/libs/algebra/test/data/curves.json +++ b/crypto3/libs/algebra/test/data/curves.json @@ -14155,721 +14155,721 @@ "curve_operation_test_jubjub_montgomery_affine": [ { "constants": [ - "222421447", - "455275526" + "719338214", + "267457014" ], "point_coordinates": [ [ - "44267817668118913174855706490385511920039071800137120814723049335284629378297", - "41750936543477355419405405479630984258727547013320890288171359639063664698056" + "37540818644290192582633969323374642744352254627966774924091988088596569353687", + "30133545562700753101171323196894292698829645900138632884083642925208643066959" ], [ - "45057325049567700447672523208838336516571837682374044711419821342410820944805", - "22690786911582789077865482635395466372419478277512080220942267374330041953742" + "32836880314004624966007591240972656066312468972733419764002974015542686161608", + "33691685257334733721960901263984768321937831304284488306865376168701730698724" ], [ - "51920616724903258283934305448579390817999277832749006600822950904158202604665", - "36386941088733750220653277182492935103795900709145381250749438090573444109989" + "9362115198584198097376628234718658310182695237352824513412808641640432312063", + "12465636882338062414448065361899426412850749492491531717843010635325230193657" ], [ - "41422416636827910190070677853280023563382051646825342496684787093830073047254", - "9478718741806271291328589518780129680350279787648999564253067256905882846767" + "24522011148877225976540766713023175035927421709327301435709850529661716293877", + "19067944660314019985531213604113533210843940775972254047640003838643351934359" ], [ - "27018327577884885299669025336727056221527671590236444291302307524489395480333", - "44013701388197068583334253563196693556997777671196506309965070175587189419554" + "52058339904313061373679573777329019997056326850775470030998352905786620709341", + "12508174249189947833860634526431038845235579400781400388938492365936506774715" ], [ - "40685356905359326485424385662472197796505494512567114644234184808334557751266", - "36510514735987970250841026792089881376857734389230679506817718927004598043173" + "35323319823232306228339300631038319672426502245877227344227440552935841092949", + "33738422861856196280384847505095437741148318764570245524440736114923098547372" ], [ - "12531819854100968138307696729899129934832732173875136224076105308593938136264", - "47257814374342144869569675281140704224138780313351164285378230267898090230667" + "45723328800706333860661718564496201059301725972916626761994564083901443765154", + "51571727502600182254046328169246376537690856430589162286154842447679885085460" ] ] }, { "constants": [ - "1183792398", - "286606952" + "3821040118", + "2867096818" ], "point_coordinates": [ [ - "44043874134528891305314651943825250046969611220526505020448533464885258169817", - "25636954674005246752538959486320445477965997485849350385973794480589555474914" + "36266410134753592145111815699724389059093304511516568031181042761891419895561", + "24116587221658125106583954366009952269955492337705909765181171399764231732379" ], [ - "33007760207247677633943816552538838970730912810395978994035840524537257399082", - "9169525164166215192626789800733706682937216499307355573658632031858972427554" + "34403273140536980804451275427489298796908526908981964049747415911849865204836", + "33636357978407202950292735736174063355647249373988759842309493791085471196702" ], [ - "2281037600487193820327832733187112079983350191777479580706749312726200098481", - "23551482026323431773282389835615522414423230250102512274234352071130136121519" + "12865541348976269419406870737488104489703046417835892728884287430262435594678", + "22787011675002011863921570527938701981508687877126488218917211883993764666288" ], [ - "42980582184864680170204864238977300081235155183926397678550394835227650672044", - "984658703286263828943750528506768631826129499969692868620881541507701198778" + "44710992041455590119919324474197183682110719350013928000483733400474436342907", + "21208980975891290776062761407122733203888626999505449508545765346549193352370" ], [ - "52070381241944447790902034742419567603872783836979876645648683150462612221389", - "16340002044749299025155335663256145280448686021256988375081743057390360128857" + "19175093614333207857050130020539410205093477034110380092078530970878035329588", + "12033551438967507294896153170174820262274532404889198974554260119850196543773" ], [ - "49820928079110586709277577610734914461895291403916865992509447804549531875450", - "45312867015021216454128333472496113744948414180137035614341797602486148070517" + "6883538787268690758558865483525541107749711884379825122171591113321958888403", + "39720644378162654255344003040841723494260223267214896930250576676653919763122" ], [ - "17166687035168187683683593299192863944447612388791184292897508278975797571095", - "41625489986698622582837173880411464415553690436944813021450601833141490418660" + "43600570627633049272340766415957657902952135997568223339974700867270359615410", + "3003838276299325889721842463463495257426115942324325007951813175530530545072" ] ] }, { "constants": [ - "163590855", - "712400743" + "1937156577", + "3104675122" ], "point_coordinates": [ [ - "25900920031076415172694602853908389673242095888594041916921901763657925127055", - "23842787482362304717317611030028489341694644600789972516549647387688131364107" + "6509800497691794394382357572145610448357364897252292917052921278279674317784", + "26110616335599221615845482700744500877779338731828275942737584833768122755821" ], [ - "22809037915781316528728642108317339768391054007042139150588065504774830047601", - "37891950244913457881983480221880636052066523596710994240574158486925642008400" + "30935509959422910221872354650247984204885842661012534719569944780377045998532", + "52031756642562393759966504320475990259499086776637459861960731154343804459020" ], [ - "5432923509523349186483168596118029619179030623161401540122447832480099833560", - "30248082877950035410387705480437963971353039518573818945793812424982182092705" + "23730435606377559223852528136757379383993726764510036055404072834693831910608", + "14879046359870896146886143077480420383244494178357959883923617635972800998307" ], [ - "17060148379688107896428871104713752271737524790467953021103221446360138517532", - "3713480849739487323820160741856856390969383029926739682151121329947384707974" + "52139441745424598056824030099046141571174069001624890002647680634235677091624", + "33741139300220364194430477918367085196995668543995763384587007882987071212129" ], [ - "15127294342127165230939396511113775112416563472798839007280206728019392989474", - "49757789924667651212243570766085543042810650701455837064306965536503358849561" + "5982493256167746402072616090024220846511739457370466009929170101128594836769", + "14416984210993616632093796868008679086160675132067606828301449127967735432063" ], [ - "21126587726017437311351538203248313632551269122684264944504374081391113249417", - "108926829245478688345944573851618173987317087909011345464024578044816480662" + "39149396450279943928981786780663836923122520650536112362055876505496624564825", + "6045193272230654251701882900494838325695315344772812454853000850756232220570" ], [ - "40541163475955086377347975574011841808692124277240933598566398978555900472563", - "11485251545646411224101230607181522001969129774548453599367545908930163207183" + "10860724606272760545129045794445273012207479865023243220437517202321043856091", + "8397578150686616748821170276510056033234807221472757717030241369380031221217" ] ] }, { "constants": [ - "19812657", - "252972409" + "2687361713", + "2975015589" ], "point_coordinates": [ [ - "419602596054865115344434016683809116290215403906188079575280007118805333633", - "51689748891662267142943340805534698828145974434006789567740997968467390213878" + "2341910628473215258320595841209315082640870465346202158614985448449131965777", + "20488026787726523798599863961578533560093945519943335310846057446799823741751" ], [ - "5470271303159012990946942779227939362398731633921988177129605408535043916408", - "2754364860193724093711009062286867535074219443450335262007681890720770062215" + "49565747943199006454644678148895786682667737551592890847004729922130706829517", + "43879220918273515022768227183334690321292568047024503787869154299651861676236" ], [ - "41726012816189318864683817342340853611975678286195465554939348349022529882469", - "19566206852973773546097285168771684368223940676014148145141297056153451056606" + "47619465571943586658463710310155787982243667326360093581603116118464617940559", + "49470346740481825575766842954142780325029596164497212264923837028535423885533" ], [ - "36400747192133925059651551517845434897768374852335412213882578165961299761313", - "9826048435472132521175128804212533359424337639187870411693521239511801861379" + "19522521240357324127022709392595299733777481126091470069826412100742118053907", + "36927908663365701315623127304203271845911325029506943256838343309236006175002" ], [ - "33636216529176854918835163351726515768164240994723629411892234548623937548066", - "22291079258765973950638597145363745559001477076202095744670633753600255346620" + "36643706462394090369004018302498243843840575963590773528218467332681874322224", + "3641533137598325198051127664324518615739586586260010730587600160589413950892" ], [ - "17477036285034450291346018954920207255476544091121032331772169155343989558642", - "48461313255747738763505106861684570682916508708857724983450629612446483132716" + "31910748517279812290131804114977467406971239900870782984341005030670727336609", + "26594907884091028109269472567607229637070660008998490531101741243525376921135" ], [ - "9615448936756580419086781804375004003497340759344641293807782489673578090665", - "17436982154851040028184007333179784585620563718839434332602353828449821483618" + "25521848608040127262195192569662152351669043395471983939908375530303811163788", + "10232017503010390602612195116858301549405807263528635573572339919306762256876" ] ] }, { "constants": [ - "1085568127", - "1196916977" + "3855628537", + "4055532597" ], "point_coordinates": [ [ - "28217777840638912132073405244575235649323543188844654446170855946510282407482", - "8854640927875202978454260087237738209129385347292191722416539912214481187814" + "16469538157575738142524741093530935151371029688480342229163761361520328363930", + "29852196729634905797183381335426685034251714925777986586922384305204299127951" ], [ - "21610856647583391613551731911597873954461370734316031099497935526475111416796", - "9223642513389967848883349202455707991909579438428067666704243318279115265298" + "38321776616793333835345723862140790762581015828842233009399981267701746572865", + "3234201527528886526999327737047639412796795520470752462172505849470161953112" ], [ - "2677017394799818515375275694538108884958116418310679876353577094566709889742", - "18927777643479047187340781482310498246951770549759876081744268063843203738845" + "40889319399143729232518601933700308149933838090933941721981506293963650482565", + "13957140265418536661296928143096518026355368746992554981450720176428241916117" ], [ - "18887569939268771517227758909938034296324174737574207195098203557161200476819", - "1803338510807338324385753780779652993446295415103563736933249678818760798017" + "30467253217787751417997081761013369916455380818807818733362873479566050403598", + "8528596132753258753317325188368243648569909455948206992234521864424570485457" ], [ - "44980609131960591311000221242664206733622468526259648349944025964528378457616", - "16150155720620354479275331694937938587757576269083466679984622474472899756601" + "39093585474134719147070306406544703806620169243884497242891850837950286632616", + "2954175191407134944864105989610900581461044422534566504121828024642783519001" ], [ - "15545315512765643199737659863836497508945398741987173036595590455642439395464", - "42315834577805785414132794421450335610475513551861855155916428693008731284667" + "45407326082598969743028771988650917816782412177989252125408140661727699324046", + "27044221280483123329629138137081443634540257228082884166026086097485749831407" ], [ - "2197554162043335761578574718794671777107812643813805063046408727414775391792", - "23460446848316478468304707905280456988829768618939359411852071466811037485358" + "45562278387521069474159915203194711017722194381476091979957985310858157756823", + "25270902902269412633329997154719965407037215280480459137959553022498369197940" ] ] }, { "constants": [ - "1071979916", - "753893850" + "2922188117", + "1246018399" ], "point_coordinates": [ [ - "52086542522848271761748610747263798842980646522451009566290801256191253705499", - "31691468555817413918444566162089118410371475852793058239272841302988740768221" + "10416716020739930064812708869630347026026088960248814380699897897858810202762", + "18092584439670819119051827222875359807716427665659588240165987638068832382699" ], [ - "35613521139986160919748582009906725082372195889638211600714319945935436900448", - "24142802585580140137337972503597982375256206773737051308098780622681641362198" + "11376323095805904969720181149746474547106194189524085785581056560584297891649", + "38216046127581229893366050805157643152454733750450715927465706127962586104210" ], [ - "41021711054207618663387423657131533713410197629830741806872343141675366539564", - "17268232451061326142452028104800262996860228084393959136082979314715831208213" + "12229185054632625610010038873851473450653167576660379545645062781492220166965", + "32482926161221079705885958300278333633698333518444108636658428008402925960891" ], [ - "52179873604659524258609356214513462107236567844393247926546023623975585280630", - "4989114212980852976930394620242056482365907819836010470428428187550584387228" + "4357546072366127164696345188190758421950596836388806365832176646579796550416", + "30138593086926866181706481307574386319721739148037617106596235138627253861214" ], [ - "44375624280017222899590484758256992225434852818281338031869859769677881473707", - "9554749258808402659742392160453912536745907758741792508000708723183681815659" + "37403600114396910016706618295777729567617158162371983103164797506438031828915", + "23087111158661459599252129119417702800691945789286692330173670375156628254956" ], [ - "48911367620296947530075091318091184444135628089724046679504685979937021226918", - "39240132503426067323583307320882336859037620043431775237594663739798004374279" + "32007488750669178131354983058593537756594594554604330244915111881628917302470", + "674590096999350193661325333406923694799251669752517085580106359596105959943" ], [ - "5825212472538844897063664349597187433713022534040119576181014213128814589812", - "8051391149404712898355617593799306640037639855778380166240694969656827617114" + "2281709915195981573584471079915212538176950819087123718851482150334337828755", + "9509886439495026649382968387754604871697859783951422315465955586551035941449" ] ] }, { "constants": [ - "630302876", - "420225192" + "1286717844", + "1333543330" ], "point_coordinates": [ [ - "10887014963502942178068971336152249057046504256111268712210417324964080752052", - "11662714055436209055263147992829044688323503200019236569578811085683645749643" + "12273053469591356862052360794173883662205034408080583575310797412406988785040", + "14687734793466028657130075008689254038643885815451534778840464680938624634875" ], [ - "42418842388416194738021004134816961572212920293726442396263929502543617259961", - "17682038415151668739916823552830986411085022670280975648756569599167353488041" + "14864952740723930067123226293492640369563695407921347007964148037434288704033", + "12413993863900695781498647019611255668087915127815641034599588043357602144058" ], [ - "25184254933609452366048608874914482030943880455348852903042761664981252705406", - "30160420007424509787657043139761594459143826078118474188032904021034800920552" + "46728771632474221275844363790485370812485365011324533693232709853650736178598", + "22408896861617392219732350747077289759370310959160480990832112183362420648364" ], [ - "15151744582334450181321512158596529007296189908356534059845933175917592023992", - "10543081887313244397813930612577033872037549590097025303297353425908839813433" + "21946596868470888638352570783107633968201213918454402392932472577106657899035", + "1756895473093688138638137997147162477511893143342377089955473123720866038394" ], [ - "7582569224759791529451338122107832217065944564777913936095259281932984613749", - "8100885979197244980843843806014599773034914854787140573441126203870621321812" + "46127712152747224725146030549612659605165284889601204382680184593321394699738", + "14302989013961537241448842439547238968308597214399546979995090558789210134846" ], [ - "20849431576569807768150001605538281943289040117120848276134982707779637291055", - "22689998305071678693898405242861819139534355092527792188363287196179305429838" + "32424078708126808316600634801254874180679247740913699874921496054402973174447", + "44924531946325004942356558032186370558167026699779278213487804494469091243533" ], [ - "25986141900899255310739915191331864479433568334646985682898220381522309691639", - "35836546864035538545970308581563584394862022234388007590731769862743593757349" + "20996841093337239522875974960821926498363046665515150626658332898633944255326", + "14713886968988311326753157436213903239461461828559441288266304538630723859676" ] ] }, { "constants": [ - "1734782902", - "1356264358" + "3188650101", + "1585233426" ], "point_coordinates": [ [ - "33193455305368035833212597826493158543373547730151968202376679136127700432058", - "26123323025417937762881995033236304708883524289743109702325337984948511787811" + "17157556208862772811256129957710295806014843642582520815846441350519556992850", + "32239526503809681735118394305890451984613000414275880796904160715483333990369" ], [ - "21392413172473073518195172662590647785787111435235450098115863884550393092684", - "44823249093907607509573713670425940131563376487444067378920653246469966935776" + "17517235841440437728252504105231161492555643435776956515575173907166463101889", + "23451207430051697202273579184394164012464736766223956726181558929583280749039" ], [ - "17064582678110512252226439425467481404669579355109023017991136104626152149953", - "47759014703468624307531212772740376350880238961470987878873341340587655066379" + "13562601249978165647864606154820570255186074768819503040534458133053830941687", + "5392572962689780163806315501104158137729117233889038172898043598681544798126" ], [ - "28757401435101156789752588635216297493686429967885330312915831907031068824293", - "52369596705681899029220007949181333289829506110285095164452441899388394987387" + "32934546324550811163152483707670130521484751166872078017935888098384458775620", + "5571991694536434596835705422441877957887829560374465540458793473836549679456" ], [ - "1985970607435962996266642601620409079528421501927277504708636297319037977956", - "32216013142875049485697767030416579306159650974187970888762697399664248601269" + "38049300723188471393115769225228984866296771413168372490344330250984391840873", + "20085727491982456277575835128491478241901150630031369875655277413609702828648" ], [ - "26807202591464902003956254518769911504651776063083441119580749930158540495281", - "558061829687944171324732608359686792907482355981120834557187192762862693840" + "36783960378062092376952671508735095940076344918491512866787834236598765332028", + "7790872533936289107755664430980513242355679153355413735487874386374400758910" ], [ - "28826177552605108459021417686378584356067249836141382349221084412623274268347", - "40986310450204010380207644800479161617869233246248283754538849156098160235446" + "22878729841717498473935854564520452403994097870540628169054816078239734797564", + "30745658293829815387268058783912011689030137404034305892293498135257847810035" ] ] }, { "constants": [ - "1635949886", - "2135169485" + "429524427", + "623411317" ], "point_coordinates": [ [ - "42670357595303201673556250199200823495692542586211451667889443614381049323610", - "24000842384652277689001105197117064260776571796698324531177667966656208255084" + "7269698661313405521118782399367043745033001282500591007117430573131268322554", + "43881447277228922247987534655652777888430347988603186462681390107495436580608" ], [ - "1557138368702510572073082870781053517395663887526951915327705850277945888993", - "4639631377471165020654712795239350424908725028512057115580920748103748895118" + "26351433911416342305735141829129229700248479782028441391986304840327842597238", + "4158324923431289008925938709653905399523574532117598340719767079495469212514" ], [ - "31160097633304924745561012172774286299319426336829357062508721142331864391934", - "19432344842278093255874210675954732300073415714591175565484619905136856393695" + "50433356000626487242041401860622796576805048648824824776057372893767827168821", + "37222403673100415973714578273573080883152560954037682857587066911423765917736" ], [ - "25579739166346113942797200031325844035284117591181928228506754022660153123725", - "36018385706192593346014315508284725657435689580636048127840744657228345740432" + "8016960986029274795037185374567826826755997182893667229243276024326357685363", + "17247601261017002539613919662409880501339146132481394488727084284546400872951" ], [ - "43470487182521614029726978580625021530029086582298064854322517050386700176504", - "15741777996678836079999285994454391933858208959162437502863955045555795721297" + "50617148710765530964684727721479613817091209512213806829626216617799758551541", + "8031011925248352825660376255445004751335870983388008191216806648827745219400" ], [ - "46744597330040523299071003345773657448857739084001538851359144096752977724620", - "31734246953423488542774216474599350853089566317553874529165660590190680794227" + "46428134598669112435578209973018146923203938682811231797690599953754503485537", + "7762845385509870605396539389015640067075344354471696964485412374993354328352" ], [ - "41762057254724031075653008129076978623807786439588097316483054449062238543072", - "41624253037158118422820465416426320791385537883473734826023524946346606057400" + "5055042183938136642617591422788126381111927688274054154906291528732800762697", + "8219896744939474931830803511669330019305850272794237599991787939234206504080" ] ] }, { "constants": [ - "1478695526", - "1472873417" + "2091866514", + "1670226651" ], "point_coordinates": [ [ - "4732982235513581840485197809632543537369622399969410428435512453825855366133", - "9267540202078303679491857340136830785653714648068899950634422838256627768836" + "36524387329055803667984343990909454444841557114325871102758165802307041310469", + "5466233130174779409123325366385731786985626076824039857213349588376058481156" ], [ - "29887320488305444424009187960850539729580917040047714124149157881803748329250", - "16877445896011058959363363401165510228129615706973163498299485738725830224881" + "39333211127847003296148593386096163914806836554895387514401856740893844393643", + "23367368957681318908688802583616814519750433776451590009167692921157394905141" ], [ - "52030521221470504694661710991222021309983757134141616208889714283504863666157", - "29593100063835079142677754629803322025045650440567727681659179118473317506800" + "7405233799212540641216920346190463347054243550374673050737437209920426490405", + "3617566874608899634530565623104075677893287046117339512545665885059263056131" ], [ - "33762580463577673862443353051878945241693235311806823880005938591929672449506", - "10595628032292637688274720990565387286635272364374192848596598164735959210486" + "10666761656407967234246255319846671186452952635633295886104221569203671187637", + "49893831453263017028286439806682440375923641053407938849392249662613373535097" ], [ - "42754309585922158431911909821202283508453470198367112172055805286161452258999", - "9191475575418872424101852245618443560478270981132885096902297322106701178827" + "36472843832774978030805821398362102122437520212911697973443009654407710668934", + "12180552822214433931169085128792264751543472960476490714374142875097751632091" ], [ - "48399234595852988379971765620047355380502111432107174135900260996183352749458", - "29253269537308972656710445401698114857817246872931999848167591468844558798562" + "17898551555073504067185377856949196072924030301348866157006896077360183276649", + "10616841823076792550495841108539087079286849783352171855214523991987761786958" ], [ - "30315576107067518894033369037915629937324602214492654725090355191907071043869", - "10733503337444895315376218749387547793814564071333293362020375897658108058082" + "44206898943200295756812008973882881005094292963024976785312840175562966317692", + "1209232742275427433380459561686115418839183908738735135385396666093537988402" ] ] }, { "constants": [ - "70260082", - "2101216448" + "641873191", + "2804271495" ], "point_coordinates": [ [ - "1770641778613669840466556290146191027981317170894556833293433173115990744578", - "37318175931660672750756816250795894259452825416893363814659034953585774113209" + "41715001506319159070998810283803362153405318496073445419269146598664821543356", + "18242699940205210368586367398982445316649562951338411242996219591674128523423" ], [ - "50034348161529385297894360503590031157313319436333930459768846398763642216169", - "23381701653893696445825820257386794071402847501055374616740061629571957304747" + "20649042875933653685983046748172789983689801695931861203923729545282525187751", + "12799167147228509344331701131393133301924754703386179773010491341341367287675" ], [ - "5997712153588223481586393582947333632894594207385954498121597144663251630490", - "9881455223700092820544272984965039796010184371102567455300023569867180811275" + "2548176052453675171153983731921303668439137288287328446700878001522614282884", + "39164592354971326137578871968854641278016354026166310083925694082278724453458" ], [ - "20571745738381382393833553160196416801206172243138846551858146483387828219552", - "42598894210377332998162047506527700439918435546341783414624844944163156731876" + "22376970421798712500929937586311075809939368853382242480304171522955648726672", + "51503076354842407278751767932153914046418207772756158804528150642234770559072" ], [ - "15128815609222992570416407924214793892109609582689007514324168878951505155835", - "33043496193320376393333891652476603864686032274268895472521258822340672279207" + "44494833185480214524673238106650676656867926847612301763835456244226571001259", + "49506997921083675024364558550403087052218147840441685015611317673124471085949" ], [ - "6900940277515220343345568165353422159414434740291460795509155925167088553243", - "6746691821952659986383712013372264250214296519163166316718133097060108140334" + "10403048495329706934717266469613724832536289508231534376364697252605463682514", + "27446213849728169885032002389397758188026442009807359067290185438323759944569" ], [ - "51268269304991530658983898953644477765520942509528961931489006792578961245759", - "22881848796926627398347850071320195889628477476959302786701796680065494524556" + "21883989559731158494767845555409606224245196179000808647029875986779092468089", + "45498182246449909539904381176728648655337116395371287412364379812938938578547" ] ] }, { "constants": [ - "142221356", - "1136348109" + "2309376941", + "1572850450" ], "point_coordinates": [ [ - "13093281005207565017264182314909113794730401159365763685309169108387245027568", - "9688002873287312267821149829101579438179220486156324181289463779899499332696" + "48457843903223309198013753705440598784049092088398592607712340882269252051708", + "8259850907564414693637448654705390386218137863735930596108442782987416217971" ], [ - "16097260438888499692647448001934493665577370572619718340748929502079050979102", - "2081002357424309648051589819842345337250662568240663108172882021019948736854" + "36530170348411768906353850186964616804628286077861054194859412791056186029975", + "45346814657459731044177110567253186034513586982022712978134881549430555799425" ], [ - "26752913023077808195974553696130420756200922467941308827240897715402114037386", - "40964565031751797182759464558492726846103600058021035894158806154808361329569" + "31435736801089590283876691359259872241021676833092962089176232751047124786935", + "25973447966474082817605723257067364909756107865605934027671534294097906003362" ], [ - "44073116192184267149781164214416232166743724098097521742635852242442842802427", - "27317669864184789093227380059148223206124612264805908187453165860850768300190" + "35630380962891967171855963549365235337055603589613964014305155714107641528103", + "16512050852171717673604109956073796788428266463426383749079019270100193117206" ], [ - "46940431307107649349544338198110972201154208211155067528751414794005780643599", - "18238914524772203802786047661878881077413918812108720025451417143443198539825" + "41748785908103981497440163553505961660669244136114026262720013620773402388535", + "1483538739426141474219367811314425116901483684899246396620626019442901897580" ], [ - "36689172161053403856825101405017337726469637920427781044937586092468192505366", - "31796339240247170889608050208453844098006589794006323365080576377381310835164" + "35890400229089450921456798798388039838247292353582074373361126074892704674467", + "25794146728712683494152615256352925248583182715944503254404864530189569949626" ], [ - "51111908617797774035247870425017462971468724124346909286755214544607765783359", - "28396311963232577877498465853153424831410864506015823752289499126018067112936" + "24757693473549576524750291108969080215737239362098796945200304560199670769864", + "23347818355334788813920531406368272701590175488927662339667385776895214876360" ] ] }, { "constants": [ - "1023888377", - "312437442" + "66749647", + "3548906570" ], "point_coordinates": [ [ - "29117221553779914852984932779785753076167704290674724684998441871276767238219", - "28059352992652978559690452934247122544610226994861552299485842981607679059292" + "38577606575699108241132979833828154779536532772902910260229187814841607751074", + "32800168239190102967982418071163795405638035077944252678423418661285934052574" ], [ - "41962931651876742541876634849524925430088477733273113280577520102629121511548", - "4060696231089937864829726218717671558479632982834391070906781530050249916390" + "11800267377338538681787685813612741331827342952873680922707748794237690152370", + "28563270893385230623315940725421172267368321545643238713928577644732335051561" ], [ - "45945749387490719969068104048195957794970319394402356914424871029091364947657", - "11471258540851358020641305671604806473321083861526091233755326059976878480644" + "10371718701619459252964889091603069033492087655516672780912253164671323998324", + "48351932036263030761736829539787040502877062115779878348668336270817453147040" ], [ - "42507927350322323887996155014262052865652623832227967922106362826132186719112", - "33890609842966393489603552707630737881074043602769776660756560650600259667209" + "17988261117219297596819399327062485647910568442570916029215629031182737782385", + "1237885039844622956113105630666112746672966087170409294904495976145038948454" ], [ - "16110903592143997602426720997216900593628548799499955052077477749774579569671", - "12921607104682075802308034334628207983560413102424946735637388960582984259559" + "21180031364915758289609466864633799478017944640656089294923025015333828696958", + "566553505211569996244606954602757321389505381128514072128853978553648999597" ], [ - "7221134790782128691349001584108388734697137381164750774737761363425288977559", - "885729453116400550761560332687956528898863154963070015393460280081006801748" + "23588486187710340520546205354986195255879471151460313647872587538816233862908", + "33158849181278159657428073866957828566408252832977274786038201334432427875771" ], [ - "39662636035645955275042882187379704186680517443759254430065797651555077153812", - "39927329601862517365148229848006711998367779344786822592504941715129468333915" + "36902516640256841415580662145122151609649750008465840187672464375288844779975", + "43892812021598200875536776066094671443106545593389726799438788212082842665" ] ] }, { "constants": [ - "1154644129", - "194559869" + "2334325494", + "4044264953" ], "point_coordinates": [ [ - "14338281747778901568692330894057062842194903653781352669841636521839735509730", - "24768882232399203253161015427037056605029640064587113176226940347292898902245" + "35008142535534595871492113824242688736299890941248324854236765478629393328877", + "1581524820445254163525556603492234490533827884550551803387493348784041102171" ], [ - "31082695158446446250213927345395469117636227185679576702633022469435906111968", - "43439636422237521084094303953051510984474965776851734987262164549347917426591" + "2961248341019112002113185696068570360486177920789509851148463666571942157362", + "50608665137403653288715726975006502754352393130563448346826721671610668856903" ], [ - "34694019103413025331480602649068142771017789094515680604421558420072687573623", - "25599123077186180557089431681005767833112580426216810633217541551571330346487" + "47187896398071613235579404894344334735893193794586770640185569248884925377877", + "41426068156004075546706164392301815923166754873288175613031924090425581865586" ], [ - "49402838879323664182604511977705934917931123878255938370760990300803917835058", - "8424326934534234306780405574403909733124298089975646951051516322516277411171" + "5228830379918077786621770549568358664831600215142875209508109017720550790447", + "17966020327215443356924752175514534912939616342944102674867752572296099551489" ], [ - "20274834027561836488749175605238031921382432951734765752644892053389641374721", - "43663822077879610880402061124641871770435350550061934023363279161388954350543" + "8732465316431424549242074161135802530605862371553761876946034483969770818999", + "43486206961066208140770149355712994478582138954112678360427000478422731368578" ], [ - "25053062893049124483452237924229563700277176243433614145564045426111666390069", - "24009273824349419730680277751079419294819615389006717511190506120428798178566" + "38992080977204664558327429091766666949567415731115022276286915667624645375508", + "18816079306644094696067414307019627535487755376865279882111766597035051567319" ], [ - "51447026030953330466293138238803156238371317533556961246734081317377506040820", - "10191304514534044834431135646627502610968868821338969901261867590090254982360" + "26036681149433815771671949707114588923755263558856186654525521727877083865971", + "3453520819002042372569921519084928306721708106706370740990342607112815221750" ] ] }, { "constants": [ - "364561005", - "837388191" + "3848254801", + "1019995358" ], "point_coordinates": [ [ - "28533401392487299000673975827059313493410135745897391619471914665386884102028", - "7940391884730104488615280957062131940324218344615688849154453600115965461968" + "42710379054782843041428001489609742482435512688545946635029618517721553411389", + "431188659632772577635874733104647537578309127403751253898362189871248644852" ], [ - "30774209687078199333921741382827127824196063589265567722667593098771633855063", - "10409677140964910655798245823353915393303975233879275613282245629675101665378" + "21629531142638011666818561882939053980856322790630376826201039791272992946006", + "9663892675586392750425700755294149324820398409108298968043608011675570937770" ], [ - "23516441989474825697997290636615445821042383608798339495605806878824412822669", - "25677923502083821560693236034462879613612394846515262927422067797354627882291" + "29797239298279499029064610812501102576507813094409363149683782980635941928003", + "27148973331471762849979404668390417688135779248740625799398127203895393781618" ], [ - "50972871548266253526735626708949406442877145101261667747277391523769054116253", - "9052193174673294338130185404601022733441399709489436042121460035426537476329" + "4031097362903225258153307710761660033576814676628320890949862287946090879180", + "29327924487655956845275642198603146026033572701021506208922491689269362454427" ], [ - "20672479993594033856061879290161318264269212190163146341371511023966314735690", - "45681149887628707687807825641071075782292011756152138546142496265821509795658" + "37962736558443186356725564661202741703227167296891290427757807338913057544140", + "26342428443429427871473201004237083047116583606003807318269031870110122070758" ], [ - "39957241233439403747721717536479658954869360595396690284393419216757958007804", - "43919696005848208889082990350375069423866432250441825741547677538774816190473" + "17108230199289475455162237806098112668039365983812786845369275547072158185968", + "38425752545708495379731442300757035572867451139628271633218917673062112303604" ], [ - "2826388252134323763443091185397211532270199180272532014059596695651553884833", - "19024978495126844388745214514434418347504207199878074483843251710608991163980" + "21618091300402808963854765474093832864519599808915351354407264325375772396123", + "40539549412105096949343928546423351749318838755119984893085227784301495081922" ] ] }, { "constants": [ - "1872065076", - "1303933349" + "552964694", + "694531973" ], "point_coordinates": [ [ - "52251560499150176711476468683518863271417438065449078121168685513493799302108", - "45285424744836036862011586848319388522148314302956055775713344199830851893677" + "18100177968235399669658967058945255299013493735724702727521076860533822937486", + "18603625806058317474806201440985452320969942288285533366887826784554419228617" ], [ - "41179591260389694195127543516297815882506161503120698326738982216028598606312", - "19488703129649099705466844116485308463733659525646765726261121147877933711387" + "48772422035188274770687289749054018444607291352181562517241295570614400179899", + "6954441774827324953813549674301321802040966910210979781714128153016819605799" ], [ - "35740920561641810831398469068803928725204207096573708236146534913042802175204", - "23202939856755761553552209716364343894243092394671316782937288903508624235995" + "9893451006469670283604241031573278287852653862062988671392118606265633959543", + "32132995220479163482312172236130006233495314635245497854959415593138031382251" ], [ - "19274538599989598637142648949657699958900215364640910414909337905486987976854", - "48897115408678444451183661448967536725012686921035111908663779088121483586023" + "35784291339767930280364568932628207040636336967055641079009025974703784458579", + "32732378968151355361544071515428137305548055601265505893576661643533908655375" ], [ - "51731938557321815767807345711103294240520128363487410955466997950789396006161", - "46166590240085586126377398597267245761732678398755131858321768276167336059965" + "14069884334181098140484210344187198844982283834417600988255677393879400897073", + "7964368986307889079835142977624710678223788121372097300581637894646159417863" ], [ - "36813884424763169654246783889817534898149457040894422374300990499837311432096", - "40259633547738004421886428035744994939868902473613987570412337715090800167892" + "38198764838324671808897307032049325130631384072903979125532983116438679625265", + "5794619848720398698799917799095408445748223103663636190338228808477659389547" ], [ - "1237989010602335486519720538754807511004793695205859862668018111833520724607", - "14062320017753014003113738306091173177352540101199051314109407629781879906382" + "41692262595684054965641143613865464085880786522627628697475757134194924235821", + "29944347155375825272196900702952792902267479208282188798593780118316751754512" ] ] }, { "constants": [ - "794770803", - "1063849927" + "138794474", + "2658567324" ], "point_coordinates": [ [ - "33108105831936166685026723889079423416959245745315177131177486058949924654070", - "26116524922458725142141120129084578640125727744820590624100682797575743632878" + "46364855728149184008377288900104968745213675152782946257811891550702586344977", + "19486183533030882881630674365673805183556614741748533726056693754364092967459" ], [ - "21304181415097221574996360449052646260398404009902345273809604556446184849916", - "44993765580526359012465866155380901836618965104746754074533072200633234485567" + "48648988346826837333335849788142116868910185783194700197610089417569673223896", + "14413402993286577205679962547877248835158499604069281623843034764702312198255" ], [ - "11537455831546022966547272190513491761699468156329616510716306769077616821764", - "19521488847543338999800235459647205963436905801282201640307730604465212822986" + "51514605306283128654348214098323527914593361362156351573717688613878731017274", + "34964950025561586289175659985751066411446177474330677750111805763941061476025" ], [ - "32363859698914828434890795356244970675142373425614069938583481443187439861431", - "22288661143027755015393137044175099929922247551637047014328785438720224030691" + "23251571910087285662270141869944122244931038889439961595672654739832583587592", + "7415142177907921666623481851474539946620278875793393554404161181830661647513" ], [ - "48971717053257277798362655304242490892919299675439475867398731074784986378438", - "9168764141166816882415252996051964887515969833950164486076812698620787250304" + "31314919817297065272879276092873286161715485409595970852585090701019657382806", + "23624381942422580950724342024697548105117735136955573476662080795833271976479" ], [ - "4250729601632545732935987035767684802369835829454111437565443406048247486613", - "2983934003128642219346466025455903717955746066455646745640589642868888622533" + "48922449408679228562338896187487721583755740260652235821887042121592110003215", + "32248877812448273362118370439935519254405646304118015429634175893466912011814" ], [ - "40386636796247451632601745509187272640997897694017643286042573380043445839551", - "21444778222412045646726261652833781066773386613201903044785759391743802592403" + "40844592255021668838091412015699608961797174560827178023767645953238926103447", + "30786626486184535404029409527833007401827977601871401426189216715418064061565" ] ] }, { "constants": [ - "841195656", - "315542622" + "3917976500", + "2224723866" ], "point_coordinates": [ [ - "43586107793662967274298577297156807615252675337839492413610721183211284225027", - "39264667167918880129318318710868932173842116612771215383295261984478175345811" + "30620210189334788430526191691795919625857552844056288250410635399722120809996", + "48654401854305316252866416438343184225663367829912159019950799923664148426518" ], [ - "26691397463560440036992473036853060207160052027597401997288804100697947473125", - "29722280758807105757339772745953045666299575397638929818201119003183399912353" + "48714476622534772152812076698251708469209361310018681288873032542700689214499", + "44190094969214697415507285925562420442219007379571531078238276571394671055453" ], [ - "30323479774704619784079230519353391338113137944049456581484949100683492772655", - "25821899912495480846887418880086416859640963708532661015064676730975279203319" + "7539863360520355857767765695092849137521877472076921510095409060071249071501", + "31062820138618858752422391097323237698004052954513371797377707422320329526558" ], [ - "25847679622112703909123532495316436523189480887263195574875864237969633653107", - "42175431516554545252577775379416004142836277163534053274166821531980042090335" + "46251984348575667974522568997808078868492717179236964369637537641651350132711", + "22376826581379248093862556144602510422990594030944163794904430409250490252496" ], [ - "35346176016087457569857181106454342707622864506784942391953955328143818352888", - "3458268525214610599901536104586721847957131529553788813665858231707592304975" + "3760293720377015439853352758582899516738409318235954239578342767143191407115", + "33705688000905948186606676212610538109762318592994159882054302044854327236080" ], [ - "24573486651549307039823782535121754667843788873598788287512139381782715636862", - "30681491901371248049932042136619449667067604513396243689047616687734995844793" + "14427394823326644450248420014692516514195445149984650510413531611067923093868", + "24671019964054746635591141587571869145041506769995587291861166870510194121280" ], [ - "41257287944258080326956779873955739933972938274361957862391043538283794711592", - "8326137667023207893801397329927225516642711343828799683178982895101600828365" + "10186832778692641672787701303637272679390915576714431850127865912224709374446", + "17657515034447244492758334680043743510017076611736066961381736295781236320820" ] ] }, { "constants": [ - "88443496", - "1147009995" + "4137777980", + "4280051201" ], "point_coordinates": [ [ - "1057498497523224415999137975998727559747845237474320991441936144426365573085", - "11349571397114639618467869927769543235727746859696479076731538521183191591761" + "15488734919332737546949265806606283285424779307847074804907830690592573971089", + "38018400920156109220653374551805365896222070537448411373875960462340030022649" ], [ - "37596410338736437018409731660485768443848344696707379425684959215649097912668", - "28108696942435529194982897026441719609696348558530990988961391090900785479066" + "41821925203212559105342864537733319950351570748525033638915864750325254697532", + "43984906730840874874637826234903071129147217369918490121807233341639462208351" ], [ - "30551042457273247432644906690530011811559761492087848759584402462347139297223", - "26295899976112728855008306687501211204101724303030185335436204247053554782114" + "22988362913903945982090447586922993464660605805250879194980699220425294219555", + "9752920725910659883276892534090677798674599789581937351528821337275414853277" ], [ - "29283933734643309500256052161867116356461904010004661019786435427334203501470", - "33387347476025950689036314436435929823422860048871324313506647352135355341020" + "27653643729487508536168566912651593357814385604039619047941617298307800331226", + "47486466504391232833682614282847792539317601910545982820846249676482684021361" ], [ - "11832967819699865746857850389686829904274810571992936533561888454464886949820", - "3136222899978025932607557894907641369568076036607910565799549239664989374542" + "45334341469991801864618897881948693522305124482162669788046762012753706892418", + "2723307562992142004827748067256503152148414832779330850688862714709899838336" ], [ - "52134100320992766941716893358237860454999035213415843320981272370003412504623", - "231483539026354241080882025967497389765522438002102537606440882447587973715" + "35729479537022269537322751516656342993575409578957222578992562162166372053922", + "19167533953497601135089231510967333391887630425264725518761250556312229625519" ], [ - "31078077403648828858124962559618173379558442237359337926263070057117991887541", - "11723902880756301316880142841545320508641232255675867012508102727507100731249" + "19686592833354826067632168494519455671895216386942023525664047951203597209287", + "40033213696422209805329688854965582469490241412072674888468630795551577242766" ] ] }, { "constants": [ - "670397550", - "433641739" + "3211581101", + "606496173" ], "point_coordinates": [ [ - "18418848168642105950523182488634628951817329780469109473783618467637282263195", - "12178171339693756195924167726641408137064583870495969919999184994835100178402" + "40628306753424812029220235004462791906184842851822168120832333180938734622130", + "37876892166546586159450666516474242854354661307230757719869262960446296604192" ], [ - "44341089697784340930773092709128389460483977601107291127705281255050212067262", - "35010358130750517655589392658385136763064099429301100789622314085501235199889" + "39177112969499181405718357403173116213237474451044696643954948727182243179378", + "4998867401461719900324764847098466771046081807704422509574898038488190230961" ], [ - "41908243839209676526043563674095238632818575583909465483464484206047139995867", - "49751788476213335807604201657280011882585169943167577468354723330116955088276" + "11832476709558805504550564684066977480463784610617910030537308874865197513857", + "26849225243633476943404311349347591597426870732529976299275535591402662347336" ], [ - "20641027570217822556231493540088752864386682950218867257143293767584415099822", - "21640872550445148618181428071496955859097587719612457562065939814732886336708" + "30167260538492758540031452710444906264300363625883957170717152884409610184388", + "30478849176100694722905516842567944574526686453828936312679936892314040174533" ], [ - "14415402050914930146415471651294514335799519729647213638987872672702298268876", - "14030457471330545406769145012363351648698013249596498941972014525460231794156" + "49245108161477226263483886824039918197664685892628809172265607618995369502510", + "29323816003027497436460082278155072520005993309196581895882023657681259495975" ], [ - "18980034788599586835883372822610258004737782707926262290021045771906312232990", - "11343994329921006459220469282234064278753580953447736189678452786769686043248" + "25734123541114430098378089399579168582310752863135136944990980427152415546116", + "18756812090370049551816236638047830284765675678914632217388116589015967166118" ], [ - "3016669237982049083097672613340514337992802972031737638548755935318190955224", - "38604646599688563405036598037372725224256538890150242789138924881126413953445" + "27706605136060859950781762428005653537863672678160193938810314268076262455717", + "29611430267278251311761724438079266243807434364042580288151362702078509051399" ] ] } diff --git a/crypto3/libs/algebra/test/fields.cpp b/crypto3/libs/algebra/test/fields.cpp index 9218d07313..01bf777df4 100644 --- a/crypto3/libs/algebra/test/fields.cpp +++ b/crypto3/libs/algebra/test/fields.cpp @@ -58,7 +58,6 @@ #include #include #include -#include #include #include @@ -387,11 +386,6 @@ BOOST_DATA_TEST_CASE(field_operation_test_bls12_381_fq12, field_operation_test(data_set); } -BOOST_AUTO_TEST_CASE(field_operation_test_maxprime){ - using maxprime_field_type = fields::maxprime<64>; - typename maxprime_field_type::value_type zero = maxprime_field_type::value_type::zero(); -} - BOOST_DATA_TEST_CASE(field_operation_test_mnt4_fq, string_data("field_operation_test_mnt4_fq"), data_set) { using policy_type = fields::mnt4<298>; diff --git a/crypto3/libs/algebra/test/fields_static.cpp b/crypto3/libs/algebra/test/fields_static.cpp index 1cc9eb9958..4eb30c17d1 100644 --- a/crypto3/libs/algebra/test/fields_static.cpp +++ b/crypto3/libs/algebra/test/fields_static.cpp @@ -2,6 +2,7 @@ // Copyright (c) 2020-2021 Mikhail Komarov // Copyright (c) 2020-2021 Nikita Kaskov // Copyright (c) 2020-2021 Ilias Khairullin +// Copyright (c) 2024 Vasiliy Olekhov // // MIT License // @@ -27,8 +28,6 @@ #define BOOST_TEST_MODULE algebra_fields_static_test #include -#include -#include #include #include @@ -44,21 +43,12 @@ #include #include -// #include -// #include #include #include #include #include #include #include -// #include -// #include -// #include -// #include -// #include -// #include -// #include #include #include @@ -66,6 +56,7 @@ using namespace nil::crypto3::algebra; +/* namespace boost { namespace test_tools { namespace tt_detail { @@ -77,6 +68,7 @@ namespace boost { } // namespace tt_detail } // namespace test_tools } // namespace boost +*/ typedef std::size_t constant_type; enum field_operation_test_constants : std::size_t { C1, constants_set_size }; @@ -97,8 +89,10 @@ enum field_operation_test_elements : std::size_t { elements_set_size }; -template -constexpr bool check_field_operations_static(const ElementsRange &elements, const ConstantsRange &constants) { +BOOST_AUTO_TEST_SUITE(fields_manual_static_tests) + +template +constexpr bool check_field_operations_static() { static_assert(elements[e1] + elements[e2] == elements[e1_plus_e2], "add error"); static_assert(elements[e1] - elements[e2] == elements[e1_minus_e2], "sub error"); static_assert(elements[e1] * elements[e2] == elements[e1_mul_e2], "mul error"); @@ -106,14 +100,27 @@ constexpr bool check_field_operations_static(const ElementsRange &elements, cons static_assert(elements[e2].inversed() == elements[e2_inv], "inv error"); static_assert(elements[e1].pow(constants[C1]) == elements[e1_pow_C1], "pow error"); - static_assert(elements[e2].squared() == elements[e2_pow_2], "sqr error"); - static_assert((elements[e2].squared()).sqrt() == elements[e2_pow_2_sqrt], "sqrt error"); static_assert(-elements[e1] == elements[minus_e1], "neg error"); + static_assert(elements[e2].squared() == elements[e2_pow_2], "sqr error"); + + // TODO: fix this. + // + // Not all fields have .sqrt() method. + // The proper way to use has_function_sqrt is this: + // + // using field_value_type = fields::bls12_base_field<381>::value_type + // if constexpr (has_function_sqrt::value) { + // ... + // } + // + // This naiive approach with decltype does not work - the result is always false. + // We can't use direct typenames since _values_ are template arguments + if constexpr (has_function_sqrt::value ) { + static_assert((elements[e2].squared()).sqrt() == elements[e2_pow_2_sqrt], "sqrt error"); + } return true; } -BOOST_AUTO_TEST_SUITE(fields_manual_static_tests) - BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fr) { using policy_type = fields::bls12_fr<381>; using value_type = typename policy_type::value_type; @@ -121,32 +128,21 @@ BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fr) { using const_set_t = std::array; // This is correct, bls12_fr<381> has 255-bit elements. - constexpr test_set_t elements1 = {0x209a9bf596288853d71eb5a070164b2d81fe36e956f8f70376712767fabb15d9_cppui_modular255, - 0x661ad4fb4d130b7afaea293348f2107d9f4a62308af88282297733628cfc5ae7_cppui_modular255, - 0x12c7c99db99e16869ecf06cbaf6683a5cd8af516e1f31d869fe85acb87b770bf_cppui_modular255, - 0x2e6d6e4d72b2fa210f6e647530c612b5367178bbcbfed0804cf9f4046dbebaf3_cppui_modular255, - 0x65915fd6511eb3afcf0648a4b4b1c3f298433ecaee3cdd97254aa3ce8a67303d_cppui_modular255, - 0x413537eb2c5110a7ae3d6b40e02c965b03fc6dd2adf1ee06ece24ecff5762bb2_cppui_modular255, - 0x1c40f7a911c57190db5382d3fc2d96473780452b78e60474add8fb7f1eddda6_cppui_modular255, - 0x49757b377fe2a1de10c484db929a74ae02fdfae3aaab6098ea2ab8accfe613f0_cppui_modular255, - 0x363f979f222c9970dc4291b62bc3e8d77c31c1b2caa88afeb414f3584b952000_cppui_modular255, - 0x661ad4fb4d130b7afaea293348f2107d9f4a62308af88282297733628cfc5ae7_cppui_modular255, - 0x53530b5d9374f4f45c1b2267998b8cd7d1bf6d19a90564fb898ed8970544ea28_cppui_modular255}; - constexpr const_set_t constants1 = {811706348}; - - // TODO: the reason of the error "function parameter 'elements' with unknown value cannot be used in a constant - // expression" constexpr - // bool res = check_field_operations_static(elements1, constants1); - - static_assert(elements1[e1] + elements1[e2] == elements1[e1_plus_e2], "add error"); - static_assert(elements1[e1] - elements1[e2] == elements1[e1_minus_e2], "sub error"); - static_assert(elements1[e1] * elements1[e2] == elements1[e1_mul_e2], "mul error"); - static_assert(elements1[e1].doubled() == elements1[e1_dbl], "dbl error"); - static_assert(elements1[e2].inversed() == elements1[e2_inv], "inv error"); - static_assert(elements1[e1].pow(constants1[C1]) == elements1[e1_pow_C1], "pow error"); - static_assert(elements1[e2].squared() == elements1[e2_pow_2], "sqr error"); - static_assert((elements1[e2].squared()).sqrt() == elements1[e2_pow_2_sqrt], "sqrt error"); - static_assert(-elements1[e1] == elements1[minus_e1], "neg error"); + static constexpr test_set_t elements1 = { + 0x209a9bf596288853d71eb5a070164b2d81fe36e956f8f70376712767fabb15d9_cppui_modular255, + 0x661ad4fb4d130b7afaea293348f2107d9f4a62308af88282297733628cfc5ae7_cppui_modular255, + 0x12c7c99db99e16869ecf06cbaf6683a5cd8af516e1f31d869fe85acb87b770bf_cppui_modular255, + 0x2e6d6e4d72b2fa210f6e647530c612b5367178bbcbfed0804cf9f4046dbebaf3_cppui_modular255, + 0x65915fd6511eb3afcf0648a4b4b1c3f298433ecaee3cdd97254aa3ce8a67303d_cppui_modular255, + 0x413537eb2c5110a7ae3d6b40e02c965b03fc6dd2adf1ee06ece24ecff5762bb2_cppui_modular255, + 0x01c40f7a911c57190db5382d3fc2d96473780452b78e60474add8fb7f1eddda6_cppui_modular255, + 0x49757b377fe2a1de10c484db929a74ae02fdfae3aaab6098ea2ab8accfe613f0_cppui_modular255, + 0x363f979f222c9970dc4291b62bc3e8d77c31c1b2caa88afeb414f3584b952000_cppui_modular255, + 0x661ad4fb4d130b7afaea293348f2107d9f4a62308af88282297733628cfc5ae8_cppui_modular255, + 0x53530b5d9374f4f45c1b2267998b8cd7d1bf6d19a90564fb898ed8970544ea28_cppui_modular255 + }; + static constexpr const_set_t constants1 = {811706348}; + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq) { @@ -155,7 +151,7 @@ BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq) { using test_set_t = std::array; using const_set_t = std::array; - constexpr test_set_t elements1 = { + static constexpr test_set_t elements1 = { 0x3d9cb62ebac9d6c7b94245d2d6144d500f218bb90a16a1e4f70d98fd44b4b9ee274de15a0a3d231dac1eaa449d31404_cppui_modular381, 0x15c88779fc8a30cca95ec4bbf71aa4c302bccf7dc571e6e45fbf1ed24989ec23dff741ca00597f4ab1fc628304e8761b_cppui_modular381, 0x19a252dce836ce3924f2e919247be99803aee83956135102af2ff8621dd537c2c26c1fdfa0fd517c8cbe4d274ebb8a1f_cppui_modular381, @@ -167,17 +163,8 @@ BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq) { 0x2e7ebd9b39f65a9485b32b52269baa84b2d33a80c8747c994b1e58c0caa09b4acf7685583898549db1029a1de657d8a_cppui_modular381, 0x4388a703cf5b5cda1bce2fa4c31081461ba7c072e132bdb0771b3cead270a003eb4be34b0fa80b508029d7cfb173490_cppui_modular381, 0x162746874dd3492dcf87835915ea6802638532c962e3a8a117bff9112265aa853c3721e910b02dcddf3d155bb62c96a7_cppui_modular381}; - constexpr const_set_t constants1 = {865433380}; - - static_assert(elements1[e1] + elements1[e2] == elements1[e1_plus_e2], "add error"); - static_assert(elements1[e1] - elements1[e2] == elements1[e1_minus_e2], "sub error"); - static_assert(elements1[e1] * elements1[e2] == elements1[e1_mul_e2], "mul error"); - static_assert(elements1[e1].doubled() == elements1[e1_dbl], "dbl error"); - static_assert(elements1[e2].inversed() == elements1[e2_inv], "inv error"); - static_assert(elements1[e1].pow(constants1[C1]) == elements1[e1_pow_C1], "pow error"); - static_assert(elements1[e2].squared() == elements1[e2_pow_2], "sqr error"); - static_assert((elements1[e2].squared()).sqrt() == elements1[e2_pow_2_sqrt], "sqrt error"); - static_assert(-elements1[e1] == elements1[minus_e1], "neg error"); + static constexpr const_set_t constants1 = {865433380}; + check_field_operations_static(); constexpr value_type not_square1 = { 0x122ca301fc65d4c9fd02b7d919e691c448b3209081835c99fab65c12c0e60a25f7eabe1b506e494b45175b95a4a9ebfe_cppui_modular381, @@ -192,7 +179,7 @@ BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq2) { using test_set_t = std::array; using const_set_t = std::array; - constexpr test_set_t elements1 = { + static constexpr test_set_t elements1 = { {{ 0x5aa9d5160c21229d4c73871dab039631da3722131b00713055854b2e6ff4f8abe4430358fc70ba351fda87dc9abdbb2_cppui_modular381, 0x2ccc1503d823ead782507cf3eb7c6b03ec4503bf8bb725111abe86ce8809f9c52ed32fa7178cdeb057f8ddb351b2de4_cppui_modular381, @@ -237,17 +224,8 @@ BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq2) { 0x14567498d8bdd47076546f44689b737446d3d963c1d50bac61d87dee0fb1a6996067cfc9218cf45c680157823653cef9_cppui_modular381, 0x17345099fbfda7ecd2f69fe70493e62725b2fb48fac9a06e5584ea340e305687cbbecd043fdb3214b47f7224cae47cc7_cppui_modular381, }}}; - constexpr const_set_t constants1 = {928943650}; - - static_assert(elements1[e1] + elements1[e2] == elements1[e1_plus_e2], "add error"); - static_assert(elements1[e1] - elements1[e2] == elements1[e1_minus_e2], "sub error"); - static_assert(elements1[e1] * elements1[e2] == elements1[e1_mul_e2], "mul error"); - static_assert(elements1[e1].doubled() == elements1[e1_dbl], "dbl error"); - static_assert(elements1[e2].inversed() == elements1[e2_inv], "inv error"); - static_assert(elements1[e1].pow(constants1[C1]) == elements1[e1_pow_C1], "pow error"); - static_assert(elements1[e2].squared() == elements1[e2_pow_2], "sqr error"); - static_assert((elements1[e2].squared()).sqrt() == elements1[e2_pow_2_sqrt], "sqrt error"); - static_assert(-elements1[e1] == elements1[minus_e1], "neg error"); + static constexpr const_set_t constants1 = {928943650}; + check_field_operations_static(); constexpr value_type not_square1 = { 0x72076a0fb063f674c504b550525707cbea30259021a274bc9dcba7a9fdaf9e36011466eea87f70870c4b91a400d3395_cppui_modular381, @@ -260,6 +238,8 @@ BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq2) { BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq6) { using policy_type = fields::fp6_3over2>; using value_type = typename policy_type::value_type; + using test_set_t = std::array; + using const_set_t = std::array; constexpr value_type element1( {{0xe35bdcd1e6bea40fb5a65a36a415ef84cb2260e7c7a21b479352a56a257128bbd2f6b8e5d96dca7917292801387ca3f_cppui_modular381, @@ -387,14 +367,21 @@ BOOST_AUTO_TEST_CASE(field_operation_test_bls12_381_fq6) { 0x179c40e15fb14491bb00b5467355bdea087379c855f07c7f95dabdaa660b48df35f9ad0fd2a1468688672cdc55fc95e_cppui_modular381, }}); - static_assert(element1 + element2 == element_add, "add error"); - static_assert(element1 - element2 == element_sub, "sub error"); - static_assert(element1 * element2 == element_mul, "mul error"); - static_assert(element1.doubled() == element_dbl, "dbl error"); - static_assert(element2.inversed() == element_inv, "inv error"); - static_assert(element1.pow(C1) == element_pow_C, "pow error"); - static_assert(element2.squared() == element_pow_2, "pow error"); - static_assert(-element1 == minus_element, "minus error"); + static constexpr test_set_t elements1 = { + element1, + element2, + element_add, + element_sub, + element_mul, + element_dbl, + element_inv, + element_pow_C, + element_pow_2, + value_type(), // placeholder for sqrt (e2.squared()) as Fp6 does not support sqrt + minus_element }; + static constexpr const_set_t constants1 = { C1 }; + + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq) { @@ -403,7 +390,7 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq) { using test_set_t = std::array; using const_set_t = std::array; - constexpr test_set_t elements1 = { + static constexpr test_set_t elements1 = { 0x1a1f0b89abd62c63c669a0cafeaa872558eeb1dffedc21f8ded61768d6ae02a0b973de3139b_cppui_modular298, 0x13557b8d70144c7c1a18ce98b3f9f52fbadbcda323d5cb293304f09f24b8ce2cf00cce7a2e9_cppui_modular298, 0x2d7487171bea78dfe0826f63b2a47c5513ca7f8322b1ed2211db0807fb66d0cda980acab684_cppui_modular298, @@ -415,17 +402,8 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq) { 0xc5b94b8804b94b443d9fd27dd32200114bccb9ffa650ad2ef53048c53ad1c8723e31f1ba90_cppui_modular298, 0x287a003fd725d9e62fc1ac6c94f2b9bcdb5a038feace4f7502e02161bc73c2a0759a47e5d18_cppui_modular298, 0x21b070439b63f9fe8370da3a4a4227c73d471f530fc7f8a5570efa980a7e8e2cac33382ec66_cppui_modular298}; - constexpr const_set_t constants1 = {72022261}; - - static_assert(elements1[e1] + elements1[e2] == elements1[e1_plus_e2], "add error"); - static_assert(elements1[e1] - elements1[e2] == elements1[e1_minus_e2], "sub error"); - static_assert(elements1[e1] * elements1[e2] == elements1[e1_mul_e2], "mul error"); - static_assert(elements1[e1].doubled() == elements1[e1_dbl], "dbl error"); - static_assert(elements1[e2].inversed() == elements1[e2_inv], "inv error"); - static_assert(elements1[e1].pow(constants1[C1]) == elements1[e1_pow_C1], "pow error"); - static_assert(elements1[e2].squared() == elements1[e2_pow_2], "sqr error"); - static_assert((elements1[e2].squared()).sqrt() == elements1[e2_pow_2_sqrt], "sqrt error"); - static_assert(-elements1[e1] == elements1[minus_e1], "neg error"); + static constexpr const_set_t constants1 = {72022261}; + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq2) { @@ -434,7 +412,7 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq2) { using test_set_t = std::array; using const_set_t = std::array; - constexpr test_set_t elements1 = { + static constexpr test_set_t elements1 = { {{ 0x1151c6efca2088ebb32162cb5d04bd8f95a6c5e45cb9e83551692a0073e7315ee195036fcc9_cppui_modular298, 0x2e2ba3c821f4d8efe6fc374a478954a2ea9081032d6e63cdc1398d234f189e0c31547552516_cppui_modular298, @@ -479,22 +457,15 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq2) { 0x2a7db4dd7d199d7696b91839ebe7f15d008f0b4eb1ea3268e47be8006d455f6e841212f0338_cppui_modular298, 0xda3d80525454d7262de43bb01635a49aba5502fe135b6d074ab84dd9213f2c13452a10daeb_cppui_modular298, }}}; - constexpr const_set_t constants1 = {11963068}; - - static_assert(elements1[e1] + elements1[e2] == elements1[e1_plus_e2], "add error"); - static_assert(elements1[e1] - elements1[e2] == elements1[e1_minus_e2], "sub error"); - static_assert(elements1[e1] * elements1[e2] == elements1[e1_mul_e2], "mul error"); - static_assert(elements1[e1].doubled() == elements1[e1_dbl], "dbl error"); - static_assert(elements1[e2].inversed() == elements1[e2_inv], "inv error"); - static_assert(elements1[e1].pow(constants1[C1]) == elements1[e1_pow_C1], "pow error"); - static_assert(elements1[e2].squared() == elements1[e2_pow_2], "sqr error"); - static_assert((elements1[e2].squared()).sqrt() == elements1[e2_pow_2_sqrt], "sqrt error"); - static_assert(-elements1[e1] == elements1[minus_e1], "neg error"); + static constexpr const_set_t constants1 = {11963068}; + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq4) { using policy_type = fields::fp4>; using value_type = typename policy_type::value_type; + using test_set_t = std::array; + using const_set_t = std::array; constexpr value_type element1( {{ @@ -588,14 +559,21 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt4_fq4) { 0x36f864850507bf411a10c3e6209ab5e5de6ad1a8846cfb54ed021d323d30c633e05bde10f9f_cppui_modular298, }}); - static_assert(element1 + element2 == element_add, "add error"); - static_assert(element1 - element2 == element_sub, "sub error"); - static_assert(element1 * element2 == element_mul, "mul error"); - static_assert(element1.doubled() == element_dbl, "dbl error"); - static_assert(element2.inversed() == element_inv, "inv error"); - static_assert(element1.pow(C1) == element_pow_C, "pow error"); - static_assert(element2.squared() == element_pow_2, "pow error"); - static_assert(-element1 == minus_element, "minus error"); + static constexpr test_set_t elements1 = { + element1, + element2, + element_add, + element_sub, + element_mul, + element_dbl, + element_inv, + element_pow_C, + element_pow_2, + value_type(), // placeholder for sqrt (e2.squared()) as Fp4 does not support sqrt + minus_element }; + static constexpr const_set_t constants1 = { C1 }; + + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq) { @@ -604,7 +582,7 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq) { using test_set_t = std::array; using const_set_t = std::array; - constexpr test_set_t elements1 = { + static constexpr test_set_t elements1 = { 0x13e0a5422b598aaf0c031434995b02459b127b91c1d19c61a0b7e6305b367e9d6c4ecef24ca_cppui_modular298, 0x3a2ee65237145a6fec8c095b3acfa5e6e969214f2b1dfb4f47fd258dd1eeadf4a606892870e_cppui_modular298, 0x12400fc71b33bebcaeb4a28a8b3df93fee45cd9cd39fe31c283be5e77fe9785ec815581abd7_cppui_modular298, @@ -616,17 +594,8 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq) { 0x2a5232860338c9a2e55e313e9ccd6f738b5e09d156f002f151295a73f188f688a5228623423_cppui_modular298, 0x1a0957b1025cbf25d4e71aa0e1d0905acccadf4ee31b945787c0048db4d063ea43976d78f3_cppui_modular298, 0x27eed68b1be09bb33dd766d0af91aca6fb2353b2577e18331fc13fa652053595ddf1310db37_cppui_modular298}; - constexpr const_set_t constants1 = {332771434}; - - static_assert(elements1[e1] + elements1[e2] == elements1[e1_plus_e2], "add error"); - static_assert(elements1[e1] - elements1[e2] == elements1[e1_minus_e2], "sub error"); - static_assert(elements1[e1] * elements1[e2] == elements1[e1_mul_e2], "mul error"); - static_assert(elements1[e1].doubled() == elements1[e1_dbl], "dbl error"); - static_assert(elements1[e2].inversed() == elements1[e2_inv], "inv error"); - static_assert(elements1[e1].pow(constants1[C1]) == elements1[e1_pow_C1], "pow error"); - static_assert(elements1[e2].squared() == elements1[e2_pow_2], "sqr error"); - static_assert((elements1[e2].squared()).sqrt() == elements1[e2_pow_2_sqrt], "sqrt error"); - static_assert(-elements1[e1] == elements1[minus_e1], "neg error"); + static constexpr const_set_t constants1 = {332771434}; + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq3) { @@ -635,7 +604,7 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq3) { using test_set_t = std::array; using const_set_t = std::array; - constexpr test_set_t elements1 = { + static constexpr test_set_t elements1 = { {{ 0x2ca04ab44858078455357ce7027f603b2e60169f6e2728089c31d43de94857de0f8cf4fecff_cppui_modular298, 0x17fe793178a3dc42295619e37d3c39c9ae5dc0a738d046d9744e9bdf8058661f0c3c82295af_cppui_modular298, @@ -691,22 +660,16 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq3) { 0x23d1029bce964a2020846121cbb07522e7d80e9ce07f6dbb4c2a89f72ce34e143e037dd6a52_cppui_modular298, 0x23c9543d6f05905dcf6a86ae1907d42e3fb3c4d8cbdbf3e459074e7304483713fe28baada43_cppui_modular298, }}}; - constexpr const_set_t constants1 = {1042617086}; - - static_assert(elements1[e1] + elements1[e2] == elements1[e1_plus_e2], "add error"); - static_assert(elements1[e1] - elements1[e2] == elements1[e1_minus_e2], "sub error"); - static_assert(elements1[e1] * elements1[e2] == elements1[e1_mul_e2], "mul error"); - static_assert(elements1[e1].doubled() == elements1[e1_dbl], "dbl error"); - static_assert(elements1[e2].inversed() == elements1[e2_inv], "inv error"); - static_assert(elements1[e1].pow(constants1[C1]) == elements1[e1_pow_C1], "pow error"); - static_assert(elements1[e2].squared() == elements1[e2_pow_2], "sqr error"); - static_assert((elements1[e2].squared()).sqrt() == elements1[e2_pow_2_sqrt], "sqrt error"); - static_assert(-elements1[e1] == elements1[minus_e1], "neg error"); + static constexpr const_set_t constants1 = {1042617086}; + + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq6) { using policy_type = fields::fp6_2over3>; using value_type = typename policy_type::value_type; + using test_set_t = std::array; + using const_set_t = std::array; constexpr value_type element1( {{ @@ -820,14 +783,20 @@ BOOST_AUTO_TEST_CASE(field_operation_test_mnt6_fq6) { 0x2f70fa22554cd7104a2d0b0e3949ea7ef75b79d208d5c11575e08c1318ca1730c9954040f6d_cppui_modular298, }}); - static_assert(element1 + element2 == element_add, "add error"); - static_assert(element1 - element2 == element_sub, "sub error"); - static_assert(element1 * element2 == element_mul, "mul error"); - static_assert(element1.doubled() == element_dbl, "dbl error"); - static_assert(element2.inversed() == element_inv, "inv error"); - static_assert(element1.pow(C1) == element_pow_C, "pow error"); - static_assert(element2.squared() == element_pow_2, "pow error"); - static_assert(-element1 == minus_element, "minus error"); + static constexpr test_set_t elements1 = { + element1, + element2, + element_add, + element_sub, + element_mul, + element_dbl, + element_inv, + element_pow_C, + element_pow_2, + value_type(), // placeholder for sqrt (e2.squared()) as Fp6 does not support sqrt + minus_element }; + static constexpr const_set_t constants1 = { C1 }; + check_field_operations_static(); } BOOST_AUTO_TEST_CASE(test_goldilocks) { diff --git a/crypto3/libs/algebra/test/multiexp.cpp b/crypto3/libs/algebra/test/multiexp.cpp new file mode 100644 index 0000000000..20192a15af --- /dev/null +++ b/crypto3/libs/algebra/test/multiexp.cpp @@ -0,0 +1,119 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2024 Vasiliy Olekhov +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#define BOOST_TEST_MODULE multiexp_test + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include + +#include + +#include +#include +#include +#include + +#include +#include +#include +#include + + +using namespace nil::crypto3::algebra; + +BOOST_AUTO_TEST_SUITE(multiexp_test) +/**/ + +template +class multiexp_runner { + public: + bool static run() { + using point = typename curve_group_type::value_type; + using scalar = typename curve_group_type::params_type::scalar_field_type; + + std::size_t N = 8; + + std::vector points(N); + std::vector scalars(N); + + for(auto & p: points) { + p = random_element(); + } + + for(auto & s: scalars) { + s = random_element(); + } + + point naive_result = policies::multiexp_method_naive_plain::process( + points.begin(), points.end(), + scalars.begin(), scalars.end()); + + point bdlo12_result = policies::multiexp_method_BDLO12::process( + points.begin(), points.end(), + scalars.begin(), scalars.end()); + + point bos_coster_result = policies::multiexp_method_bos_coster::process( + points.begin(), points.end(), + scalars.begin(), scalars.end()); + + + BOOST_CHECK_EQUAL(naive_result, bdlo12_result); + BOOST_CHECK_EQUAL(naive_result, bos_coster_result); + + return (naive_result == bdlo12_result) && (naive_result == bos_coster_result); + } +}; + +using multiexp_runners = boost::mpl::list< + multiexp_runner>, + multiexp_runner>, + + multiexp_runner>, + multiexp_runner>, + + multiexp_runner>, + multiexp_runner>, + + multiexp_runner>, + multiexp_runner>, + + multiexp_runner>, + multiexp_runner> + >; + +BOOST_AUTO_TEST_CASE_TEMPLATE(multiexp_test, runner, multiexp_runners) { + BOOST_CHECK(runner::run()); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/algebra/test/pairing.cpp b/crypto3/libs/algebra/test/pairing.cpp index 1ad3249488..622e2b08c0 100644 --- a/crypto3/libs/algebra/test/pairing.cpp +++ b/crypto3/libs/algebra/test/pairing.cpp @@ -98,7 +98,6 @@ enum GT_enum : std::size_t { enum g1_precomp_enum : std::size_t { prec_A1, prec_A2 }; enum g2_precomp_enum : std::size_t { prec_B1, prec_B2 }; -// TODO: add affine_pair_reduceding test template void check_pairing_operations(std::vector const& Fr_elements, @@ -130,11 +129,11 @@ void check_pairing_operations(std::vector const& Fr_elements, std::cout << " * Basic fields and groups tests finished." << std::endl << std::endl; std::cout << " * Pairing with infinity tests started..." << std::endl; - BOOST_CHECK_EQUAL(final_exponentiation(pair(G1_value_type::zero(), G2_elements[B1])), GT_value_type::one()); + BOOST_CHECK_EQUAL(*final_exponentiation(pair(G1_value_type::zero(), G2_elements[B1])), GT_value_type::one()); std::cout << " * Pairing with infinity tests finished." << std::endl << std::endl; std::cout << " * Reduced pairing with infinity tests started..." << std::endl; - BOOST_CHECK_EQUAL(pair_reduced(G1_value_type::zero(), G2_elements[B1]), GT_value_type::one()); + BOOST_CHECK_EQUAL(*pair_reduced(G1_value_type::zero(), G2_elements[B1]), GT_value_type::one()); std::cout << " * Reduced pairing with infinity tests finished." << std::endl << std::endl; @@ -147,39 +146,35 @@ void check_pairing_operations(std::vector const& Fr_elements, BOOST_CHECK_EQUAL(pair(G1_elements[A2], G2_elements[B2]), GT_elements[pairing_A2_B2]); std::cout << " * Precomputing and pairing tests finished." << std::endl << std::endl; - // TODO: activate after pair_reduceding->cyclotomic_exp fixed. Bugs in final_exponentiation_last_chunk std::cout << " * Reduced pairing tests started..." << std::endl; - BOOST_CHECK_EQUAL(pair_reduced(G1_elements[A1], G2_elements[B1]), GT_elements[pair_reduceding_A1_B1]); - BOOST_CHECK_EQUAL(pair_reduced(G1_elements[A1], G2_elements[B1]), - pair_reduced(G1_elements[VKx], G2_elements[VKy]) * - pair_reduced(G1_elements[C1], G2_elements[VKz])); - BOOST_CHECK_EQUAL(pair_reduced(G1_elements[A2], G2_elements[B2]), GT_elements[pair_reduceding_A2_B2]); - BOOST_CHECK_EQUAL(pair_reduced(G1_elements[A2], G2_elements[B2]), - pair_reduced(G1_elements[VKx], G2_elements[VKy]) * - pair_reduced(G1_elements[C2], G2_elements[VKz])); - BOOST_CHECK_EQUAL(pair_reduced(G1_elements[A1], G2_elements[B1]) * - pair_reduced(G1_elements[A2], G2_elements[B2]), + BOOST_CHECK_EQUAL(*pair_reduced(G1_elements[A1], G2_elements[B1]), GT_elements[pair_reduceding_A1_B1]); + BOOST_CHECK_EQUAL(*pair_reduced(G1_elements[A1], G2_elements[B1]), + *pair_reduced(G1_elements[VKx], G2_elements[VKy]) * + *pair_reduced(G1_elements[C1], G2_elements[VKz])); + BOOST_CHECK_EQUAL(*pair_reduced(G1_elements[A2], G2_elements[B2]), GT_elements[pair_reduceding_A2_B2]); + BOOST_CHECK_EQUAL(*pair_reduced(G1_elements[A2], G2_elements[B2]), + *pair_reduced(G1_elements[VKx], G2_elements[VKy]) * + *pair_reduced(G1_elements[C2], G2_elements[VKz])); + BOOST_CHECK_EQUAL(*pair_reduced(G1_elements[A1], G2_elements[B1]) * + *pair_reduced(G1_elements[A2], G2_elements[B2]), GT_elements[pair_reduceding_A1_B1_mul_pair_reduceding_A2_B2]); std::cout << " * Reduced pairing tests finished." << std::endl << std::endl; - // TODO: activate when scalar multiplication done std::cout << " * Reduced pairing tests with scalar multiplication started..." << std::endl; - BOOST_CHECK_EQUAL(pair_reduced(G1_elements[A1], G2_elements[B1]) * - pair_reduced(G1_elements[A2], G2_elements[B2]), - pair_reduced(Fr_value_type(2u) * G1_elements[VKx], G2_elements[VKy]) * - pair_reduced(G1_elements[C1] + G1_elements[C2], G2_elements[VKz])); - BOOST_CHECK_EQUAL(pair_reduced(Fr_elements[VKx_poly] * G1_elements[A1], G2_elements[B1]), + BOOST_CHECK_EQUAL(*pair_reduced(G1_elements[A1], G2_elements[B1]) * + *pair_reduced(G1_elements[A2], G2_elements[B2]), + *pair_reduced(Fr_value_type(2u) * G1_elements[VKx], G2_elements[VKy]) * + *pair_reduced(G1_elements[C1] + G1_elements[C2], G2_elements[VKz])); + BOOST_CHECK_EQUAL(*pair_reduced(Fr_elements[VKx_poly] * G1_elements[A1], G2_elements[B1]), GT_elements[pair_reduceding_VKx_poly_A1_B1]); - BOOST_CHECK_EQUAL(pair_reduced(Fr_elements[VKx_poly] * G1_elements[A1], G2_elements[B1]), - pair_reduced(G1_elements[A1], Fr_elements[VKx_poly] * G2_elements[B1])); + BOOST_CHECK_EQUAL(*pair_reduced(Fr_elements[VKx_poly] * G1_elements[A1], G2_elements[B1]), + *pair_reduced(G1_elements[A1], Fr_elements[VKx_poly] * G2_elements[B1])); std::cout << " * Reduced pairing tests with scalar multiplication finished." << std::endl << std::endl; - // TODO: activate when pow will be override with field element std::cout << " * Reduced pairing tests with pow started..." << std::endl; BOOST_CHECK_EQUAL( - pair_reduced(Fr_elements[VKx_poly] * G1_elements[A1], G2_elements[B1]), - // TODO: fix pow to accept field element as exponent - pair_reduced(G1_elements[A1], G2_elements[B1]).pow(Fr_elements[VKx_poly].data)); + *pair_reduced(Fr_elements[VKx_poly] * G1_elements[A1], G2_elements[B1]), + pair_reduced(G1_elements[A1], G2_elements[B1])->pow(Fr_elements[VKx_poly].data)); std::cout << " * Reduced pairing tests with pow finished." << std::endl << std::endl; std::cout << " * Miller loop tests started..." << std::endl; @@ -627,7 +622,6 @@ void pairing_operation_test(const TestSet &test_set) { BOOST_AUTO_TEST_SUITE(pairing_manual_tests) -// TODO: fix pair_reduceding BOOST_DATA_TEST_CASE(pairing_operation_test_bls12_381, string_data("pairing_operation_test_bls12_381"), data_set) { using curve_type = typename curves::bls12<381>; diff --git a/crypto3/libs/algebra/test/type_traits.cpp b/crypto3/libs/algebra/test/type_traits.cpp new file mode 100644 index 0000000000..0dff7d8553 --- /dev/null +++ b/crypto3/libs/algebra/test/type_traits.cpp @@ -0,0 +1,323 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2024 Vasiliy Olekhov +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#define BOOST_TEST_MODULE type_traits_test + +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include + +using namespace nil::crypto3::algebra; + +BOOST_AUTO_TEST_SUITE(type_traits_manual_tests) +/**/ + + +template +void test_field_value_types() +{ + BOOST_ASSERT( has_type_field_type::value ); + BOOST_ASSERT( (has_function_is_zero::value) ); + BOOST_ASSERT( (has_function_inversed::value) ); + BOOST_ASSERT( (has_static_member_function_zero::value) ); + BOOST_ASSERT( (has_static_member_function_one::value) ); + + BOOST_ASSERT( is_field_element::value ); +} + +template +void test_field_types() +{ + BOOST_ASSERT( has_type_value_type::value ); + BOOST_ASSERT( has_type_integral_type::value ); + BOOST_ASSERT( has_type_modular_type::value ); + + BOOST_ASSERT( (has_static_member_data_value_bits::value) ); + BOOST_ASSERT( (has_static_member_data_modulus_bits::value) ); + BOOST_ASSERT( (has_static_member_data_arity::value) ); + + BOOST_ASSERT( is_field::value ); + + test_field_value_types(); + +} + +template +void test_extended_field_types() +{ + test_field_types(); + + BOOST_ASSERT( has_type_extension_policy::value ); + BOOST_ASSERT( is_extended_field::value ); + + BOOST_ASSERT( is_extended_field_element::value ); + + test_field_value_types(); +} + + +template +void test_curve_group_types() +{ + BOOST_ASSERT( is_curve_group::value ); + BOOST_ASSERT( has_type_curve_type::value ); + + BOOST_ASSERT( has_type_value_type::value ); + using value_type = typename curve_group_type::value_type; + + BOOST_ASSERT( has_type_field_type::value ); + BOOST_ASSERT( has_type_group_type::value ); + + BOOST_ASSERT( (has_static_member_function_zero::value) ); + BOOST_ASSERT( (has_static_member_function_one::value) ); + BOOST_ASSERT( (has_function_is_zero::value) ); + BOOST_ASSERT( (has_function_is_well_formed::value) ); + BOOST_ASSERT( (has_function_double_inplace::value) ); + + BOOST_ASSERT( is_curve_element::value ); + +} + +template +void test_ordinary_curve_types() +{ + BOOST_ASSERT( has_type_base_field_type::value ); + test_field_types(); + + BOOST_ASSERT( has_type_scalar_field_type::value ); + test_field_types(); + + BOOST_ASSERT( has_type_g1_type::value ); + test_curve_group_types>(); + + BOOST_ASSERT(is_curve::value); +} + +template +void test_pairing_friendly_curve_types() +{ + test_ordinary_curve_types(); + + BOOST_ASSERT( has_type_g2_type::value ); + test_curve_group_types>(); + + using g2_base_field = typename curve_type::template g2_type<>::params_type::field_type; + test_extended_field_types(); + + BOOST_ASSERT( has_type_gt_type::value ); + test_extended_field_types(); +} + +BOOST_AUTO_TEST_CASE(pasta_type_traits) { + test_ordinary_curve_types(); + test_ordinary_curve_types(); +} + +BOOST_AUTO_TEST_CASE(bls12_type_traits) { + test_pairing_friendly_curve_types>(); + test_pairing_friendly_curve_types>(); +} + +BOOST_AUTO_TEST_CASE(mnt_type_traits) { + test_pairing_friendly_curve_types>(); + test_pairing_friendly_curve_types>(); +} + +BOOST_AUTO_TEST_CASE(alt_bn128_type_traits) { + test_pairing_friendly_curve_types>(); +} + +BOOST_AUTO_TEST_CASE(jubjub_type_traits) { + test_ordinary_curve_types(); +} + +BOOST_AUTO_TEST_CASE(babyjubjub_type_traits) { + test_ordinary_curve_types(); +} + +BOOST_AUTO_TEST_CASE(goldilocks_field_type_traits) { + test_field_types(); +} + +BOOST_AUTO_TEST_CASE(secp_type_traits) { + test_ordinary_curve_types(); + test_ordinary_curve_types(); + test_ordinary_curve_types(); + test_ordinary_curve_types(); + test_ordinary_curve_types(); + test_ordinary_curve_types(); + + test_ordinary_curve_types(); + test_ordinary_curve_types(); + test_ordinary_curve_types(); + test_ordinary_curve_types(); +} + +BOOST_AUTO_TEST_CASE(ed25519_type_traits) { + test_ordinary_curve_types(); +} + +#define FIELD_HAS_SQRT(field) \ + (has_function_sqrt::value) + +BOOST_AUTO_TEST_CASE(test_extended_fields_sqrt_trait) { + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::alt_bn128_254::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::alt_bn128_254::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::alt_bn128_254::template g1_type<>::field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::alt_bn128_254::template g2_type<>::field_type) ); + BOOST_ASSERT( !FIELD_HAS_SQRT(curves::alt_bn128_254::gt_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_381::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_381::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_381::template g1_type<>::field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_381::template g2_type<>::field_type) ); + BOOST_ASSERT( !FIELD_HAS_SQRT(curves::bls12_381::gt_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_377::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_377::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_377::template g1_type<>::field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::bls12_377::template g2_type<>::field_type) ); + BOOST_ASSERT( !FIELD_HAS_SQRT(curves::bls12_377::gt_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt4_298::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt4_298::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt4_298::template g1_type<>::field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt4_298::template g2_type<>::field_type) ); + BOOST_ASSERT( !FIELD_HAS_SQRT(curves::mnt4_298::gt_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt6_298::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt6_298::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt6_298::template g1_type<>::field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::mnt6_298::template g2_type<>::field_type) ); + BOOST_ASSERT( !FIELD_HAS_SQRT(curves::mnt6_298::gt_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::pallas::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::pallas::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::pallas::template g1_type<>::field_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::vesta::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::vesta::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::vesta::template g1_type<>::field_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::jubjub::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::jubjub::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::jubjub::template g1_type<>::field_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::babyjubjub::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::babyjubjub::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::babyjubjub::template g1_type<>::field_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(curves::ed25519::base_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::ed25519::scalar_field_type) ); + BOOST_ASSERT( FIELD_HAS_SQRT(curves::ed25519::template g1_type<>::field_type) ); + + BOOST_ASSERT( FIELD_HAS_SQRT(fields::goldilocks64_base_field) ); +} + +BOOST_AUTO_TEST_CASE(test_extended_fields_trait) { + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::field_type::value_type>::value ); + BOOST_ASSERT( is_extended_field_element::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::value ); + BOOST_ASSERT( !is_extended_field_element::field_type::value_type>::value ); + + BOOST_ASSERT( !is_extended_field_element::value ); +} + + + +BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/include/nil/blueprint/basic_non_native_policy.hpp b/crypto3/libs/blueprint/include/nil/blueprint/basic_non_native_policy.hpp index f53e192f27..bff1d15277 100644 --- a/crypto3/libs/blueprint/include/nil/blueprint/basic_non_native_policy.hpp +++ b/crypto3/libs/blueprint/include/nil/blueprint/basic_non_native_policy.hpp @@ -51,6 +51,9 @@ namespace nil { constexpr static const std::uint32_t ratio = 4; // 66,66,66,66 bits using non_native_field_type = typename crypto3::algebra::curves::ed25519::base_field_type; using native_field_type = typename crypto3::algebra::curves::pallas::base_field_type; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * native_field_type::policy_type::modulus_bits>>; + using var = crypto3::zk::snark::plonk_variable; typedef std::array non_native_var_type; @@ -62,7 +65,7 @@ namespace nil { static native_field_type::value_type get_i_th_chunk(non_native_field_type::value_type input, std::size_t i_th) { assert(i_th < ratio && "non-native type does not have that much chunks!"); - native_field_type::extended_integral_type result = native_field_type::extended_integral_type( + extended_integral_type result = extended_integral_type( non_native_field_type::integral_type(input.data)); native_field_type::integral_type base = 1; native_field_type::integral_type mask = (base << chunk_sizes[i_th]) - 1; @@ -121,6 +124,8 @@ namespace nil { constexpr static const std::uint32_t ratio = 2; // 254, 1 bits using non_native_field_type = typename crypto3::algebra::curves::pallas::scalar_field_type; using native_field_type = typename crypto3::algebra::curves::pallas::base_field_type; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * native_field_type::policy_type::modulus_bits>>; using var = crypto3::zk::snark::plonk_variable; typedef std::array non_native_var_type; @@ -132,7 +137,7 @@ namespace nil { static native_field_type::value_type get_i_th_chunk(non_native_field_type::value_type input, std::size_t i_th) { assert(i_th < ratio && "non-native type does not have that much chunks!"); - native_field_type::extended_integral_type result = native_field_type::extended_integral_type::backend_type( + extended_integral_type result = extended_integral_type::backend_type( input.data.backend().base_data()); native_field_type::integral_type base = 1; native_field_type::integral_type mask = (base << chunk_sizes[i_th]) - 1; @@ -277,6 +282,8 @@ namespace nil { using non_native_field_type = typename boost::multiprecision::number< boost::multiprecision::backends::cpp_int_modular_backend<256>>; using native_field_type = typename crypto3::algebra::curves::pallas::base_field_type; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * native_field_type::policy_type::modulus_bits>>; using var = crypto3::zk::snark::plonk_variable; typedef std::array non_native_var_type; @@ -288,7 +295,7 @@ namespace nil { static native_field_type::value_type get_i_th_chunk(non_native_field_type::value_type input, std::size_t i_th) { assert(i_th < ratio && "non-native type does not have that much chunks!"); - native_field_type::extended_integral_type result = native_field_type::extended_integral_type::backend_type( + extended_integral_type result = extended_integral_type::backend_type( input.backend()); native_field_type::integral_type base = 1; diff --git a/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/circuit.hpp b/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/circuit.hpp deleted file mode 100644 index df959e60c1..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/circuit.hpp +++ /dev/null @@ -1,170 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Noam Yemini <@NoamDev at GitHub> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_BLUEPRINT_R1CS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_BLUEPRINT_R1CS_HPP - -#include -#include -#include -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - - template - class blueprint; - - template - class blueprint> { - typedef zk::snark::r1cs_constraint_system ArithmetizationType; - - zk::snark::r1cs_variable_assignment> - values; /* values[0] will hold the value of the first - allocated variable of the blueprint, *NOT* constant 1 */ - typename BlueprintFieldType::value_type constant_term; - - typename math::linear_variable::index_type next_free_var; - typename detail::blueprint_linear_combination::index_type next_free_lc; - std::vector lc_values; - zk::snark::r1cs_constraint_system constraint_system; - - public: - // typedef BlueprintFieldType field_type; - - using value_type = detail::blueprint_variable; - - blueprint() { - constant_term = BlueprintFieldType::value_type::one(); - - next_free_var = 1; /* to account for constant 1 term */ - next_free_lc = 0; - } - - void clear_values() { - std::fill(values.begin(), values.end(), BlueprintFieldType::value_type::zero()); - } - - typename BlueprintFieldType::value_type &val(const value_type &var) { - assert(var.index <= values.size()); - return (var.index == 0 ? constant_term : values[var.index - 1]); - } - - typename BlueprintFieldType::value_type val(const value_type &var) const { - assert(var.index <= values.size()); - return (var.index == 0 ? constant_term : values[var.index - 1]); - } - - typename BlueprintFieldType::value_type & - lc_val(const detail::blueprint_linear_combination &lc) { - if (lc.is_variable) { - return this->val(value_type(lc.index)); - } else { - assert(lc.index < lc_values.size()); - return lc_values[lc.index]; - } - } - - typename BlueprintFieldType::value_type - lc_val(const detail::blueprint_linear_combination &lc) const { - if (lc.is_variable) { - return this->val(value_type(lc.index)); - } else { - assert(lc.index < lc_values.size()); - return lc_values[lc.index]; - } - } - - void add_r1cs_constraint(const zk::snark::r1cs_constraint &constr) { - constraint_system.constraints.emplace_back(constr); - } - - bool is_satisfied() const { - return constraint_system.is_satisfied(primary_input(), auxiliary_input()); - } - - std::size_t num_constraints() const { - return constraint_system.num_constraints(); - } - - std::size_t num_inputs() const { - return constraint_system.num_inputs(); - } - - std::size_t num_variables() const { - return next_free_var - 1; - } - - void set_input_sizes(const std::size_t primary_input_size) { - assert(primary_input_size <= num_variables()); - constraint_system.primary_input_size = primary_input_size; - constraint_system.auxiliary_input_size = num_variables() - primary_input_size; - } - - zk::snark::r1cs_variable_assignment> full_variable_assignment() const { - return values; - } - - zk::snark::r1cs_primary_input primary_input() const { - return zk::snark::r1cs_primary_input(values.begin(), - values.begin() + num_inputs()); - } - - zk::snark::r1cs_auxiliary_input auxiliary_input() const { - return zk::snark::r1cs_auxiliary_input(values.begin() + num_inputs(), - values.end()); - } - - zk::snark::r1cs_constraint_system get_constraint_system() const { - return constraint_system; - } - - friend class detail::blueprint_variable; - friend class detail::blueprint_linear_combination; - - private: - typename math::linear_variable::index_type allocate_var_index() { - ++constraint_system.auxiliary_input_size; - values.emplace_back(BlueprintFieldType::value_type::zero()); - return next_free_var++; - } - - typename detail::blueprint_linear_combination::index_type allocate_lc_index() { - lc_values.emplace_back(BlueprintFieldType::value_type::zero()); - return next_free_lc++; - } - }; - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_BLUEPRINT_R1CS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/detail/r1cs/blueprint_linear_combination.hpp b/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/detail/r1cs/blueprint_linear_combination.hpp deleted file mode 100644 index ec9060d762..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/detail/r1cs/blueprint_linear_combination.hpp +++ /dev/null @@ -1,285 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Noam Yemini <@NoamDev at GitHub> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_LINEAR_COMBINATION_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_LINEAR_COMBINATION_HPP - -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - - template - class blueprint; - - namespace detail { - - template - class blueprint_linear_combination; - - template - class blueprint_linear_combination> - : public math::linear_combination { - - typedef zk::snark::r1cs_constraint_system ArithmetizationType; - typedef BlueprintFieldType field_type; - typedef typename field_type::value_type field_value_type; - - public: - using index_type = std::size_t; - bool is_variable; - index_type index; - - blueprint_linear_combination() { - this->is_variable = false; - } - - blueprint_linear_combination(const blueprint_variable &var) { - this->is_variable = true; - this->index = var.index; - this->terms.emplace_back(math::linear_term(var)); - } - - void assign(blueprint &bp, const math::linear_combination &lc) { - assert(this->is_variable == false); - this->index = bp.allocate_lc_index(); - this->terms = lc.terms; - } - - void evaluate(blueprint &bp) const { - if (this->is_variable) { - return; // do nothing - } - - field_value_type sum = 0; - for (auto term : this->terms) { - sum += term.coeff * bp.val(blueprint_variable(term.index)); - } - - bp.lc_val(*this) = sum; - } - - bool is_constant() const { - if (is_variable) { - return (index == 0); - } else { - for (auto term : this->terms) { - if (term.index != 0) { - return false; - } - } - - return true; - } - } - - field_value_type constant_term() const { - if (is_variable) { - return (index == 0 ? field_value_type::one() : field_value_type::zero()); - } else { - field_value_type result = field_value_type::zero(); - for (auto term : this->terms) { - if (term.index == 0) { - result += term.coeff; - } - } - return result; - } - } - }; - - template - class blueprint_linear_combination_vector; - - template - class blueprint_linear_combination_vector< - crypto3::zk::snark::r1cs_constraint_system> - : private std::vector>> { - - typedef zk::snark::r1cs_constraint_system ArithmetizationType; - typedef typename BlueprintFieldType::value_type field_value_type; - typedef std::vector> contents; - - public: - using typename contents::const_iterator; - using typename contents::const_reverse_iterator; - using typename contents::iterator; - using typename contents::reverse_iterator; - - using contents::begin; - using contents::emplace_back; - using contents::empty; - using contents::end; - using contents::insert; - using contents::rbegin; - using contents::rend; - using contents::reserve; - using contents::size; - using contents::operator[]; - using contents::resize; - - blueprint_linear_combination_vector() : contents() {}; - blueprint_linear_combination_vector(const blueprint_variable_vector &arr) { - for (auto &v : arr) - this->emplace_back(blueprint_linear_combination(v)); - }; - blueprint_linear_combination_vector(std::size_t count) : contents(count) {}; - blueprint_linear_combination_vector( - std::size_t count, - const blueprint_linear_combination &value) : - contents(count, value) {}; - blueprint_linear_combination_vector(typename contents::const_iterator first, - typename contents::const_iterator last) : - contents(first, last) {}; - blueprint_linear_combination_vector(typename contents::const_reverse_iterator first, - typename contents::const_reverse_iterator last) : - contents(first, last) {}; - - void evaluate(blueprint &bp) const { - for (std::size_t i = 0; i < this->size(); ++i) { - (*this)[i].evaluate(bp); - } - } - - void fill_with_field_elements(blueprint &bp, - const std::vector &vals) const { - assert(this->size() == vals.size()); - for (std::size_t i = 0; i < vals.size(); ++i) { - bp.lc_val((*this)[i]) = vals[i]; - } - } - - void fill_with_bits(blueprint &bp, const std::vector &bits) const { - assert(this->size() == bits.size()); - for (std::size_t i = 0; i < bits.size(); ++i) { - bp.lc_val((*this)[i]) = (bits[i] ? field_value_type::one() : field_value_type::zero()); - } - } - - void fill_with_bits_of_ulong(blueprint &bp, const unsigned long i) const { - this->fill_with_bits_of_field_element(bp, field_value_type(i)); - } - - void fill_with_bits_of_field_element(blueprint &bp, - const field_value_type &r) const { - for (std::size_t i = 0; i < this->size(); ++i) { - bp.lc_val((*this)[i]) = boost::multiprecision::bit_test(r.data, i) ? field_value_type::one() : - field_value_type::zero(); - } - } - - std::vector get_vals(const blueprint &bp) const { - std::vector result(this->size()); - for (std::size_t i = 0; i < this->size(); ++i) { - result[i] = bp.lc_val((*this)[i]); - } - return result; - } - - std::vector get_bits(const blueprint &bp) const { - std::vector result; - for (std::size_t i = 0; i < this->size(); ++i) { - const field_value_type v = bp.lc_val((*this)[i]); - assert(v.is_zero() || v.is_one()); - result.push_back(v.is_one()); - } - return result; - } - - field_value_type get_field_element_from_bits(const blueprint &bp) const { - field_value_type result = field_value_type::zero(); - - for (std::size_t i = 0; i < this->size(); ++i) { - /* push in the new bit */ - const field_value_type v = bp.lc_val((*this)[this->size() - 1 - i]); - assert(v.is_zero() || v.is_one()); - result += result + v; - } - - return result; - } - }; - - template - math::linear_combination - blueprint_sum(const blueprint_linear_combination_vector &v) { - - math::linear_combination result; - for (auto &term : v) { - result = result + term; - } - - return result; - } - - template - math::linear_combination - blueprint_packing_sum(const blueprint_linear_combination_vector &v) { - - typename FieldType::value_type twoi = - FieldType::value_type::one(); // will hold 2^i entering each iteration - std::vector> all_terms; - for (auto &lc : v) { - for (auto &term : lc.terms) { - all_terms.emplace_back(twoi * term); - } - twoi += twoi; - } - - return math::linear_combination(all_terms); - } - - template - math::linear_combination - blueprint_coeff_sum(const blueprint_linear_combination_vector &v, - const std::vector &coeffs) { - - assert(v.size() == coeffs.size()); - std::vector> all_terms; - - auto coeff_it = coeffs.begin(); - for (auto &lc : v) { - for (auto &term : lc.terms) { - all_terms.emplace_back((*coeff_it) * term); - } - ++coeff_it; - } - - return math::linear_combination(all_terms); - } - } // namespace detail - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_LINEAR_COMBINATION_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/detail/r1cs/blueprint_variable.hpp b/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/detail/r1cs/blueprint_variable.hpp deleted file mode 100644 index 51f4c050d7..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/blueprint/r1cs/detail/r1cs/blueprint_variable.hpp +++ /dev/null @@ -1,193 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Noam Yemini <@NoamDev at GitHub> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_VARIABLE_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_VARIABLE_HPP - -#include -#include -#include - -#include -#include - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - - template - class blueprint; - - namespace detail { - - template - class blueprint_variable; - - // template class blueprint_variable; - - template - class blueprint_variable> - : public math::linear_variable { - public: - blueprint_variable(const typename math::linear_variable::index_type index = 0) : - math::linear_variable(index) {}; - - template - void allocate(blueprint &bp) { - this->index = bp.allocate_var_index(); - } - - static blueprint_variable constant() { - return blueprint_variable(0); - } - }; - - template - class blueprint_variable_vector; - - template - class blueprint_variable_vector> : - private std::vector>> { - - typedef zk::snark::r1cs_constraint_system ArithmetizationType; - typedef typename BlueprintFieldType::value_type field_value_type; - typedef std::vector> contents; - - public: - using typename contents::const_iterator; - using typename contents::const_reverse_iterator; - using typename contents::iterator; - using typename contents::reverse_iterator; - - using contents::begin; - using contents::emplace_back; - using contents::empty; - using contents::end; - using contents::erase; - using contents::insert; - using contents::rbegin; - using contents::rend; - using contents::reserve; - using contents::size; - using contents::operator[]; - using contents::resize; - - blueprint_variable_vector() : contents() {}; - blueprint_variable_vector(std::size_t count, const blueprint_variable &value) : - contents(count, value) {}; - blueprint_variable_vector(typename contents::const_iterator first, - typename contents::const_iterator last) : - contents(first, last) {}; - blueprint_variable_vector(typename contents::const_reverse_iterator first, - typename contents::const_reverse_iterator last) : - contents(first, last) {}; - - /* allocates blueprint_variable vector in MSB->LSB order */ - void allocate(blueprint &bp, const std::size_t n) { - (*this).resize(n); - - for (std::size_t i = 0; i < n; ++i) { - (*this)[i].allocate(bp); - } - } - - void fill_with_field_elements(blueprint &bp, - const std::vector &vals) const { - assert(this->size() == vals.size()); - for (std::size_t i = 0; i < vals.size(); ++i) { - bp.val((*this)[i]) = vals[i]; - } - } - - template - typename std::enable_if::value_type>::value>::type - fill_with_bits(blueprint &bp, const InputRange &bits) const { - BOOST_RANGE_CONCEPT_ASSERT((boost::RandomAccessRangeConcept)); - assert(this->size() == bits.size()); - for (std::size_t i = 0; i < bits.size(); ++i) { - bp.val((*this)[i]) = (bits[i] ? field_value_type::one() : field_value_type::zero()); - } - } - - void fill_with_bits_of_ulong(blueprint &bp, const unsigned long i) const { - this->fill_with_bits_of_field_element(bp, field_value_type(i)); - } - - void fill_with_bits_of_field_element(blueprint &bp, - const field_value_type &r) const { - for (std::size_t i = 0; i < this->size(); ++i) { - bp.val((*this)[i]) = boost::multiprecision::bit_test(r.data, i) ? - field_value_type::one() : - field_value_type::zero(); - } - } - - std::vector values(const blueprint &bp) const { - std::vector result(this->size()); - for (std::size_t i = 0; i < this->size(); ++i) { - result[i] = bp.val((*this)[i]); - } - return result; - } - - std::vector bits(const blueprint &bp) const { - std::vector result; - for (std::size_t i = 0; i < this->size(); ++i) { - const field_value_type v = bp.val((*this)[i]); - assert(v.is_zero() || v.is_one()); - result.push_back(v.is_one()); - } - return result; - } - - field_value_type field_element_from_bits(const blueprint &bp) const { - field_value_type result = field_value_type::zero(); - - for (std::size_t i = 0; i < this->size(); ++i) { - /* push in the new bit */ - const field_value_type v = bp.val((*this)[this->size() - 1 - i]); - assert(v.is_zero() || v.is_one()); - result = result + (result + v); - } - - return result; - } - }; - } // namespace detail - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_VARIABLE_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/component.hpp b/crypto3/libs/blueprint/include/nil/blueprint/component.hpp index d9ac76f726..dff2cd8270 100644 --- a/crypto3/libs/blueprint/include/nil/blueprint/component.hpp +++ b/crypto3/libs/blueprint/include/nil/blueprint/component.hpp @@ -29,7 +29,6 @@ #include #include -#include #include #include @@ -123,19 +122,6 @@ namespace nil { } }; - template - class r1cs_component: - public component> { - protected: - typedef crypto3::zk::snark::r1cs_constraint_system - ArithmetizationType; - - blueprint &bp; - - public: - r1cs_component(blueprint &bp) : bp(bp) { - } - }; } // namespace components } // namespace blueprint } // namespace nil diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/element_g1_affine.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/element_g1_affine.hpp deleted file mode 100644 index ffa08007a8..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/element_g1_affine.hpp +++ /dev/null @@ -1,117 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of affine G1 element component. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_G1_AFFINE_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_G1_AFFINE_COMPONENT_HPP - -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - template - struct element_g1; - - /** - * @brief Component that represents a G1 element in affine coordinates. - */ - template - struct element_g1 - : public component { - using curve_type = Curve; - using form = Form; - using coordinates = algebra::curves::coordinates::affine; - using group_type = typename curve_type::template g1_type; - using field_type = typename curve_type::base_field_type; - using group_value_type = typename group_type::value_type; - using field_value_type = typename field_type::value_type; - - using underlying_element_type = algebra::fields::detail::element_fp; - - using addition_component = element_g1_addition; - using is_well_formed_component = element_g1_is_well_formed; - using to_twisted_edwards_component = element_g1_to_twisted_edwards; - using to_bits_component = element_g1_to_bits; - - underlying_element_type X; - underlying_element_type Y; - - element_g1(blueprint &bp) : component(bp) { - detail::blueprint_variable X_var, Y_var; - - X_var.allocate(bp); - Y_var.allocate(bp); - - X = X_var; - Y = Y_var; - } - - element_g1(blueprint &bp, const group_value_type &p) : element_g1(bp) { - bp.lc_val(X) = p.X.data; - bp.lc_val(Y) = p.Y.data; - } - - element_g1(blueprint &bp, const underlying_element_type &in_X, - const underlying_element_type &in_Y) : - component(bp), - X(in_X), Y(in_Y) { - } - - // TODO: maybe add is_well_formed constraints - void generate_gates() { - } - - void generate_assignments(const group_value_type &p) { - this->bp.lc_val(X) = p.X.data; - this->bp.lc_val(Y) = p.Y.data; - } - - // (See a comment in r1cs_ppzksnark_verifier_component.hpp about why - // we mark this function noinline.) TODO: remove later - static std::size_t BOOST_NOINLINE size_in_bits() { - return 2 * field_type::modulus_bits; // This probably should be value_bits, not - // modulus_bits - } - - static std::size_t num_variables() { - return 2; - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_G1_AFFINE_COMPONENT_HPP \ No newline at end of file diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/element_ops.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/element_ops.hpp deleted file mode 100644 index 1022ae5ecf..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/element_ops.hpp +++ /dev/null @@ -1,55 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of available operation components over curve group elements. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_ELEMENT_OPS_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_ELEMENT_OPS_COMPONENT_HPP - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - template - struct element_g1_is_well_formed { }; - - template - struct element_g1_addition { }; - - template - struct element_g1_conditional_addition { }; - - template - struct element_g1_to_twisted_edwards { }; - - template - struct element_g1_to_bits { }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_ELEMENT_OPS_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/fixed_base_mul_zcash.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/fixed_base_mul_zcash.hpp deleted file mode 100644 index 0e5bb70699..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/fixed_base_mul_zcash.hpp +++ /dev/null @@ -1,333 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_FIXED_BASE_MUL_ZCASH_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_FIXED_BASE_MUL_ZCASH_COMPONENT_HPP - -#include -#include -#include -#include - -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - template - struct fixed_base_mul_zcash : public component { - using curve_type = Curve; - using field_type = typename curve_type::base_field_type; - using field_value_type = typename field_type::value_type; - using montgomery_element_component = element_g1; - using twisted_edwards_element_component = - element_g1; - - static_assert(std::is_same::value); - static_assert( - std::is_same::value); - - using lookup_component = lookup_signed_3bit; - using result_type = twisted_edwards_element_component; - - /// See definition of \p c in https://zips.z.cash/protocol/protocol.pdf#concretepedersenhash - static constexpr std::size_t chunks_per_base_point = - nil::crypto3::hashes::detail::chunks_per_base_point( - lookup_component::chunk_bits); - - std::vector montgomery_adders; - std::vector point_converters; - std::vector edward_adders; - std::vector> m_windows_x; - std::vector m_windows_y; - result_type result; - - private: - template::value_type>::value, - bool>::type = true> - void init(const BasePoints &base_points, - const detail::blueprint_variable_vector &in_scalar) { - BOOST_RANGE_CONCEPT_ASSERT((boost::RandomAccessRangeConcept)); - assert(!in_scalar.empty()); - assert((in_scalar.size() % lookup_component::chunk_bits) == 0); - assert(basepoints_required(in_scalar.size()) <= base_points.size()); - - const std::size_t window_size_items = 1 << lookup_component::lookup_bits; - const std::size_t n_windows = in_scalar.size() / lookup_component::chunk_bits; - - typename twisted_edwards_element_component::group_value_type start = base_points[0]; - // Precompute values for all lookup window tables - for (std::size_t i = 0; i < n_windows; ++i) { - std::vector lookup_x; - std::vector lookup_y; - - lookup_x.reserve(window_size_items); - lookup_y.reserve(window_size_items); - - if (i % chunks_per_base_point == 0) { - start = base_points[i / chunks_per_base_point]; - } - - // For each window, generate 4 points, in little endian: - // (0,0) = 0 = start = base*2^4i - // (1,0) = 1 = 2*start - // (0,1) = 2 = 3*start - // (1,1) = 3 = 4*start - typename twisted_edwards_element_component::group_value_type current = start; - for (std::size_t j = 0; j < window_size_items; ++j) { - if (j != 0) { - current = current + start; - } - const typename montgomery_element_component::group_value_type montgomery = - current.to_montgomery(); - lookup_x.emplace_back(montgomery.X); - lookup_y.emplace_back(montgomery.Y); - - assert(montgomery.to_twisted_edwards() == current); - } - - const auto bits_begin = in_scalar.begin() + (i * lookup_component::chunk_bits); - const detail::blueprint_variable_vector window_bits_x( - bits_begin, bits_begin + lookup_component::lookup_bits); - const detail::blueprint_variable_vector window_bits_y( - bits_begin, bits_begin + lookup_component::chunk_bits); - this->m_windows_y.emplace_back(this->bp, lookup_y, window_bits_y); - - // Pass x lookup as a linear combination to avoid extra constraint. - // x_lc = c[0] + b[0] * (c[1]-c[0]) + b[1] * (c[2]-c[0]) + b[0]&b[1] * (c[3] - c[2] - c[1] + - // c[0]) - detail::blueprint_linear_combination x_lc; - x_lc.assign( - this->bp, - math::linear_term(detail::blueprint_variable(0), lookup_x[0]) + - math::linear_term(window_bits_x[0], (lookup_x[1] - lookup_x[0])) + - math::linear_term(window_bits_x[1], (lookup_x[2] - lookup_x[0])) + - math::linear_term( - this->m_windows_y.back().b0b1, - (lookup_x[3] - lookup_x[2] - lookup_x[1] + lookup_x[0]))); - this->m_windows_x.emplace_back(x_lc); - - // current is at 2^2 * start, for next iteration start needs to be 2^4 - start = current.doubled().doubled(); - } - - // Chain adders within one segment together via montgomery adders - for (std::size_t i = 0; i < n_windows; ++i) { - if (i % chunks_per_base_point == 0) { - if (i + 1 < n_windows) { - // 0th lookup will be used in the next iteration to connect - // the first two adders of a new base point. - continue; - } else { - // This is the last point. No need to add it to anything in its - // montgomery form, but we have to make sure it will be part of - // the final edwards addition at the end - this->point_converters.emplace_back( - this->bp, montgomery_element_component(this->bp, this->m_windows_x[i], - this->m_windows_y[i].result)); - } - } else if (i % chunks_per_base_point == 1) { - this->montgomery_adders.emplace_back( - this->bp, - montgomery_element_component(this->bp, this->m_windows_x[i - 1], - this->m_windows_y[i - 1].result), - montgomery_element_component(this->bp, this->m_windows_x[i], - this->m_windows_y[i].result)); - } else { - this->montgomery_adders.emplace_back( - this->bp, this->montgomery_adders.back().result, - montgomery_element_component(this->bp, this->m_windows_x[i], - this->m_windows_y[i].result)); - } - } - - // Convert every point at the end of a segment back to edwards format - const std::size_t segment_width = chunks_per_base_point - 1; - - for (std::size_t i = segment_width; i < this->montgomery_adders.size(); i += segment_width) { - this->point_converters.emplace_back(this->bp, this->montgomery_adders[i - 1].result); - } - // The last segment might be incomplete - if (n_windows > 1) { - this->point_converters.emplace_back(this->bp, this->montgomery_adders.back().result); - } - - // Chain adders of converted segment tails together - for (std::size_t i = 1; i < this->point_converters.size(); ++i) { - if (i == 1) { - this->edward_adders.emplace_back(this->bp, this->point_converters[i - 1].result, - this->point_converters[i].result); - } else { - this->edward_adders.emplace_back(this->bp, this->edward_adders[i - 2].result, - this->point_converters[i].result); - } - } - } - - static detail::blueprint_variable_vector - pad_input(blueprint &bp, - const detail::blueprint_variable_vector &input) { - detail::blueprint_variable_vector padded_input = input; - for (std::size_t i = 0; - // TODO: simplify calculation of the padding length - i < (input.size() % lookup_component::chunk_bits ? - (lookup_component::chunk_bits - input.size() % lookup_component::chunk_bits) : - 0); - ++i) { - detail::blueprint_variable pad_i; - pad_i.allocate(bp); - bp.val(pad_i) = field_value_type::zero(); - padded_input.template emplace_back<>(pad_i); - } - return padded_input; - } - - public: - /// Number of segments - static std::size_t basepoints_required(std::size_t n_bits) { - return std::ceil(n_bits / float(lookup_component::chunk_bits * chunks_per_base_point)); - } - - /// Auto allocation of the result - template - fixed_base_mul_zcash(blueprint &bp, - const BasePoints &base_points, - const detail::blueprint_variable_vector &in_scalar, - const bool do_pad_input = true) : - component(bp), - result(bp) { - init(base_points, do_pad_input ? pad_input(bp, in_scalar) : in_scalar); - } - - /// Manual allocation of the result - template - fixed_base_mul_zcash(blueprint &bp, - const BasePoints &base_points, - const detail::blueprint_variable_vector &in_scalar, - const result_type &in_result, - const bool do_pad_input = true) : - component(bp), - result(in_result) { - init(base_points, do_pad_input ? pad_input(bp, in_scalar) : in_scalar); - } - - void generate_gates() { - for (auto &lut_y : this->m_windows_y) { - lut_y.generate_gates(); - } - - for (auto &adder : this->montgomery_adders) { - adder.generate_gates(); - } - - for (auto &converter : this->point_converters) { - converter.generate_gates(); - } - - for (auto &adder : this->edward_adders) { - adder.generate_gates(); - } - - // formal check - if (!this->edward_adders.empty()) { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {detail::blueprint_variable(0)}, {this->result.X}, - {this->edward_adders.back().result.X})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {detail::blueprint_variable(0)}, {this->result.Y}, - {this->edward_adders.back().result.Y})); - } else { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {detail::blueprint_variable(0)}, {this->result.X}, - {this->point_converters.back().result.X})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {detail::blueprint_variable(0)}, {this->result.Y}, - {this->point_converters.back().result.Y})); - } - } - - void generate_assignments() { - // y lookups have to be solved first, because - // x depends on the `b0 && b1` constraint. - for (auto &lut_y : this->m_windows_y) { - lut_y.generate_assignments(); - } - - for (auto &lut_x : this->m_windows_x) { - lut_x.evaluate(this->bp); - } - - for (auto &adder : this->montgomery_adders) { - adder.generate_assignments(); - } - - for (auto &converter : this->point_converters) { - converter.generate_assignments(); - } - - for (auto &adder : this->edward_adders) { - adder.generate_assignments(); - } - - if (!this->edward_adders.empty()) { - this->bp.lc_val(this->result.X) = this->bp.lc_val(this->edward_adders.back().result.X); - this->bp.lc_val(this->result.Y) = this->bp.lc_val(this->edward_adders.back().result.Y); - } else { - this->bp.lc_val(this->result.X) = this->bp.lc_val(this->point_converters.back().result.X); - this->bp.lc_val(this->result.Y) = this->bp.lc_val(this->point_converters.back().result.Y); - } - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_FIXED_BASE_MUL_ZCASH_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/mnt4.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/mnt4.hpp deleted file mode 100644 index 108af2d4a9..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/mnt4.hpp +++ /dev/null @@ -1,79 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of specializations of basic_curve_component_policy to -// - basic_curve_component_policy. -// -// See pairing_params.hpp . -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MNT4_BASIC_CURVE_COMPONENT_POLICY_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MNT4_BASIC_CURVE_COMPONENT_POLICY_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - using namespace nil::crypto3::algebra; - - template - class basic_curve_component_policy; - - /** - * Specialization for MNT4. - */ - template - class basic_curve_component_policy> { - using curve_type = typename curves::mnt4; - - typedef typename curve_type::chained_on_curve_type chained_on_curve_type; // mnt6 - - typedef typename chained_on_curve_type::pairing::fqe_type fqe_type; - typedef typename chained_on_curve_type::pairing::fqk_type fqk_type; - - typedef typename curve_type::pairing::fp_type field_type; - - public: - typedef element_fp3 Fqe_variable_type; - typedef element_fp3_mul Fqe_mul_component_type; - typedef element_fp3_mul_by_lc Fqe_mul_by_lc_component_type; - typedef element_fp3_squared Fqe_sqr_component_type; - - typedef element_fp6_2over3 Fqk_variable_type; - typedef element_fp6_2over3_mul Fqk_mul_component_type; - typedef element_fp6_2over3_mul_by_2345 Fqk_special_mul_component_type; - typedef element_fp6_2over3_squared Fqk_sqr_component_type; - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MNT4_BASIC_CURVE_COMPONENT_POLICY_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/mnt6.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/mnt6.hpp deleted file mode 100644 index c7c9a4c6ea..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/mnt6.hpp +++ /dev/null @@ -1,79 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of specializations of basic_curve_component_policy to -// - basic_curve_component_policy. -// -// See pairing_params.hpp . -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MNT6_BASIC_CURVE_COMPONENT_POLICY_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MNT6_BASIC_CURVE_COMPONENT_POLICY_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - using namespace nil::crypto3::algebra; - - template - class basic_curve_component_policy; - - /** - * Specialization for MNT6. - */ - template - class basic_curve_component_policy> { - using curve_type = typename curves::mnt6; - - typedef typename curve_type::chained_on_curve_type chained_on_curve_type; // mnt4 - - typedef typename chained_on_curve_type::pairing::fqe_type fqe_type; - typedef typename chained_on_curve_type::pairing::fqk_type fqk_type; - - typedef typename curve_type::pairing::fp_type field_type; - - public: - typedef element_fp2 Fqe_variable_type; - typedef element_fp2_mul Fqe_mul_component_type; - typedef element_fp2_mul_by_lc Fqe_mul_by_lc_component_type; - typedef element_fp2_squared Fqe_sqr_component_type; - - typedef element_fp4 Fqk_variable_type; - typedef element_fp4_mul Fqk_mul_component_type; - typedef element_fp4_mul Fqk_special_mul_component_type; - typedef element_fp4_squared Fqk_sqr_component_type; - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MNT6_BASIC_CURVE_COMPONENT_POLICY_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/scalar_mul.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/scalar_mul.hpp deleted file mode 100644 index 9e27e4a0b3..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/detail/r1cs/scalar_mul.hpp +++ /dev/null @@ -1,163 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for G1 components. -// -// The components verify curve arithmetic in G1 = E(F) where E/F: y^2 = x^3 + A * X + B -// is an elliptic curve over F in short Weierstrass form. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G1_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G1_COMPONENT_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template - class element_g1; - - template - class element_g1_add; - - template - class element_g1_doubled; - - /** - * Component that creates constraints for G1 multi-scalar multiplication. - */ - template - class scalar_mul : public component { - typedef typename CurveType::scalar_field_type FieldType; - - public: - std::vector> computed_results; - std::vector> chosen_results; - std::vector> adders; - std::vector> doublers; - - element_g1 base; - blueprint_variable_vector scalars; - std::vector> points; - std::vector> points_and_powers; - element_g1 result; - - const std::size_t elt_size; - const std::size_t num_points; - const std::size_t scalar_size; - - scalar_mul(blueprint &bp, - const element_g1 &base, - const blueprint_variable_vector &scalars, - const std::size_t elt_size, - const std::vector> &points, - const element_g1 &result) : - component(bp), - base(base), scalars(scalars), points(points), result(result), elt_size(elt_size), - num_points(points.size()), scalar_size(scalars.size()) { - - assert(num_points >= 1); - assert(num_points * elt_size == scalar_size); - - for (std::size_t i = 0; i < num_points; ++i) { - points_and_powers.emplace_back(points[i]); - for (std::size_t j = 0; j < elt_size - 1; ++j) { - points_and_powers.emplace_back(element_g1(bp)); - doublers.emplace_back(element_g1_doubled( - bp, points_and_powers[i * elt_size + j], points_and_powers[i * elt_size + j + 1])); - } - } - - chosen_results.emplace_back(base); - for (std::size_t i = 0; i < scalar_size; ++i) { - computed_results.emplace_back(element_g1(bp)); - if (i < scalar_size - 1) { - chosen_results.emplace_back(element_g1(bp)); - } else { - chosen_results.emplace_back(result); - } - - adders.emplace_back(element_g1_add( - bp, chosen_results[i], points_and_powers[i], computed_results[i])); - } - } - - void generate_gates() { - const std::size_t num_constraints_before = this->bp.num_constraints(); - - for (std::size_t i = 0; i < scalar_size - num_points; ++i) { - doublers[i].generate_gates(); - } - - for (std::size_t i = 0; i < scalar_size; ++i) { - adders[i].generate_gates(); - - /* - chosen_results[i+1].X = scalars[i] * computed_results[i].X + (1-scalars[i]) * - chosen_results[i].X chosen_results[i+1].X - chosen_results[i].X = scalars[i] * - (computed_results[i].X - chosen_results[i].X) - */ - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(scalars[i], - computed_results[i].X - chosen_results[i].X, - chosen_results[i + 1].X - chosen_results[i].X)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(scalars[i], - computed_results[i].Y - chosen_results[i].Y, - chosen_results[i + 1].Y - chosen_results[i].Y)); - } - - const std::size_t num_constraints_after = this->bp.num_constraints(); - assert(num_constraints_after - num_constraints_before == - 4 * (scalar_size - num_points) + (4 + 2) * scalar_size); - } - - void generate_assignments() { - for (std::size_t i = 0; i < scalar_size - num_points; ++i) { - doublers[i].generate_assignments(); - } - - for (std::size_t i = 0; i < scalar_size; ++i) { - adders[i].generate_assignments(); - this->bp.lc_val(chosen_results[i + 1].X) = - (this->bp.val(scalars[i]) == typename CurveType::scalar_field_type::value_type::zero() ? - this->bp.lc_val(chosen_results[i].X) : - this->bp.lc_val(computed_results[i].X)); - this->bp.lc_val(chosen_results[i + 1].Y) = - (this->bp.val(scalars[i]) == typename CurveType::scalar_field_type::value_type::zero() ? - this->bp.lc_val(chosen_results[i].Y) : - this->bp.lc_val(computed_results[i].Y)); - } - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G1_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/edwards/r1cs/element_g1.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/edwards/r1cs/element_g1.hpp deleted file mode 100644 index cbc9ea4045..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/edwards/r1cs/element_g1.hpp +++ /dev/null @@ -1,406 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for G1 components. -// -// TODO: Change the curve equation -// The components verify curve arithmetic in G1 = E(F) where E/F: y^2 = x^3 + A * X + B -// is an elliptic curve over F in short Weierstrass form. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_TWISTED_EDWARDS_G1_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_TWISTED_EDWARDS_G1_COMPONENT_HPP - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /** - * Component that represents a G1 element for JubJub/Bls12-381 and BabyJubJub/Alt-BN128. - * - * CurveType is BLS12-381 or BN128 - */ - template - class element_g1 : public component { - using underlying_field_type = typename CurveType::scalar_field_type; - using underlying_element_type = element_fp; - - public: - underlying_element_type X; - underlying_element_type Y; - - blueprint_linear_combination_vector all_vars; - - element_g1(blueprint &bp) : component(bp) { - blueprint_variable X_var, Y_var; - - X_var.allocate(bp); - Y_var.allocate(bp); - - X = underlying_element_type(X_var); - Y = underlying_element_type(Y_var); - - all_vars.emplace_back(X); - all_vars.emplace_back(Y); - } - - element_g1( - blueprint &bp, - const typename CurveType::pairing::chained_curve_type::template g1_type<>::value_type &P) : - component(bp) { - - // typename CurveType::pairing::chained_curve_type::template g1_type<>::value_type Pcopy = - // P.to_affine(); - - X.assign(bp, P.X); - Y.assign(bp, P.Y); - X.evaluate(bp); - Y.evaluate(bp); - all_vars.emplace_back(X); - all_vars.emplace_back(Y); - } - - void generate_assignments( - const typename CurveType::pairing::chained_curve_type::template g1_type<>::value_type &el) { - typename CurveType::pairing::chained_curve_type::template g1_type<>::value_type el_normalized = - el.to_affine(); - - this->bp.lc_val(X) = el_normalized.X; - this->bp.lc_val(Y) = el_normalized.Y; - } - - // (See a comment in r1cs_ppzksnark_verifier_component.hpp about why - // we mark this function noinline.) TODO: remove later - static std::size_t __attribute__((noinline)) size_in_bits() { - return 2 * scalar_field_type::modulus_bits; // This probably should be value_bits, not - // modulus_bits - } - static std::size_t num_variables() { - return 2; - } - }; - - /** - * Component that creates constraints for the validity of a G1 element. - * (if element from group G1 lies on the elliptic curve) - */ - template - class element_g1_is_well_formed : public component { - typedef typename CurveType::scalar_field_type scalar_field_type; - - public: - element_g1 P; - - blueprint_variable a; - blueprint_variable d; - - // Intermeditate variables: - blueprint_variable XX; - blueprint_variable aXX; - blueprint_variable dXX; - blueprint_variable YY; - blueprint_variable dXXYY; - blueprint_variable lhs; - blueprint_variable rhs; - - element_g1_is_well_formed(blueprint &bp, - blueprint_variable - a, - blueprint_variable - d, - const element_g1 &P) : - component(bp), - P(P), a(a), d(d) { - - XX.allocate(this->bp); - aXX.allocate(this->bp); - dXX.allocate(this->bp); - YY.allocate(this->bp); - dXXYY.allocate(this->bp); - lhs.allocate(this->bp); - rhs.allocate(this->bp); - } - void generate_gates() { - // A check, that a*X*X + Y*Y = 1 + d*X*X*Y*Y - - this->bp.add_r1cs_constraint(snark::r1cs_constraint({P.X}, {P.X}, {XX})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({P.Y}, {P.Y}, {YY})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({a}, {XX}, {aXX})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {aXX, YY}, {scalar_field_type::value_type::one()}, {lhs})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({d}, {XX}, {dXX})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({dXX}, {YY}, {dXXYY})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({dXXYY, scalar_field_type::value_type::one()}, - {scalar_field_type::value_type::one()}, - {rhs})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {lhs}, {scalar_field_type::value_type::one()}, {rhs})); - } - void generate_assignments() { - typename scalar_field_type::value_type x = this->bp.lc_val(this->P.X); - typename scalar_field_type::value_type y = this->bp.lc_val(this->P.Y); - typename scalar_field_type::value_type temp_a = this->bp.val(this->a); - typename scalar_field_type::value_type temp_d = this->bp.val(this->d); - - // this->bp.val(this->P.X) = x; - // this->bp.val(this->P.Y) = y; - // this->bp.val(this->a) = temp_a; - // this->bp.val(this->d) = temp_d; - - this->bp.val(this->XX) = x * x; - this->bp.val(this->YY) = y * y; - this->bp.val(this->aXX) = temp_a * x * x; - this->bp.val(this->lhs) = temp_a * x * x + y * y; - this->bp.val(this->dXX) = x * x * temp_d; - this->bp.val(this->dXXYY) = temp_d * x * x * y * y; - - this->bp.val(this->rhs) = temp_d * x * x * y * y + scalar_field_type::value_type::one(); - } - }; - - /** - * Component that creates constraints for the validity of a G1 element. - * (if element from group G1 lies on the elliptic curve) - */ - template - class element_g1_add : public component { - typedef typename CurveType::scalar_field_type scalar_field_type; - - public: - blueprint_variable a; - blueprint_variable d; - - element_g1 P1; - element_g1 P2; - element_g1 P1pP2; - - // std::shared_ptr> el_is_well_formed; - - // intermeditate variables - blueprint_variable X1X2; - blueprint_variable X1Y2; - blueprint_variable Y1Y2; - blueprint_variable Y1X2; - blueprint_variable X1X2Y1Y2; - blueprint_variable dX1X2Y1Y2; - blueprint_variable aX1X2; - - element_g1_add(blueprint &bp, - blueprint_variable - a, - blueprint_variable - d, - const element_g1 &P1, - const element_g1 &P2, - const element_g1 &P1pP2) : - component(bp), - P1(P1), P2(P2), P1pP2(P1pP2), a(a), d(d) { - - // el_is_well_formed.reset( - // new element_g1_is_well_formed ( - // this->bp, a, d, P1pP2)); - - X1X2.allocate(this->bp); - X1Y2.allocate(this->bp); - Y1Y2.allocate(this->bp); - Y1X2.allocate(this->bp); - X1X2Y1Y2.allocate(this->bp); - dX1X2Y1Y2.allocate(this->bp); - aX1X2.allocate(this->bp); - } - void generate_gates() { - // A check, that - // X3 = (X1*Y2 + Y1*X2) / (Fq.ONE + D*X1*X2*Y1*Y2) - // y3 = (Y1*Y2 - A*X1*X2) / (Fq.ONE - D*X1*X2*Y1*Y2) - - this->bp.add_r1cs_constraint(snark::r1cs_constraint({P1.Y}, {P2.X}, {Y1X2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({P1.X}, {P2.Y}, {X1Y2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({P1.X}, {P2.X}, {X1X2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({P1.Y}, {P2.Y}, {Y1Y2})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({X1X2}, {Y1Y2}, {X1X2Y1Y2})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({d}, {X1X2Y1Y2}, {dX1X2Y1Y2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint({a}, {X1X2}, {aX1X2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {P1pP2.Y}, {scalar_field_type::value_type::one(), -dX1X2Y1Y2}, {Y1Y2, -aX1X2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {P1pP2.X}, {scalar_field_type::value_type::one(), dX1X2Y1Y2}, {X1Y2, Y1X2})); - } - void generate_assignments() { - - typename scalar_field_type::value_type x1 = this->bp.lc_val(this->P1.X); - typename scalar_field_type::value_type y1 = this->bp.lc_val(this->P1.Y); - typename scalar_field_type::value_type x2 = this->bp.lc_val(this->P2.X); - typename scalar_field_type::value_type y2 = this->bp.lc_val(this->P2.Y); - typename scalar_field_type::value_type temp_a = this->bp.lc_val(this->a); - typename scalar_field_type::value_type temp_d = this->bp.lc_val(this->d); - - this->bp.val(X1X2) = x1 * x2; - this->bp.val(X1Y2) = x1 * y2; - this->bp.val(Y1Y2) = y1 * y2; - this->bp.val(Y1X2) = y1 * x2; - this->bp.val(X1X2Y1Y2) = x1 * x2 * y1 * y2; - this->bp.val(dX1X2Y1Y2) = temp_d * x1 * x2 * y1 * y2; - this->bp.val(aX1X2) = temp_a * x1 * x2; - - this->bp.lc_val(P1pP2.X) = - (x1 * y2 + y1 * x2) * - ((scalar_field_type::value_type::one() + (temp_d * x1 * x2 * y1 * y2)).inversed()); - this->bp.lc_val(P1pP2.Y) = - (y1 * y2 - temp_a * x1 * x2) * - ((scalar_field_type::value_type::one() - (temp_d * x1 * x2 * y1 * y2)).inversed()); - - // el_is_well_formed->generate_assignments(); - } - }; - - /** - * Component that creates constraints for the validity of a G1 element. - */ - template - class element_g1_conditional_add : public component { - typedef typename CurveType::scalar_field_type scalar_field_type; - - public: - blueprint_variable a; - blueprint_variable d; - - element_g1 P1; - element_g1 P2; - element_g1 P1pP2; - - blueprint_variable canAdd; - - // intermeditate variables - element_g1 P_toAdd; - // blueprint_variable x_toAdd; - // blueprint_variable y_toAdd; - blueprint_variable Y_intermediate_toAdd1; - blueprint_variable Y_intermediate_toAdd2; - blueprint_variable not_canAdd; - - std::shared_ptr> el_add; - - element_g1_conditional_add(blueprint &bp, - blueprint_variable - a, - blueprint_variable - d, - const element_g1 &P1, - const element_g1 &P2, - const element_g1 &P1pP2, - blueprint_variable - canAdd) : - component(bp), - P1(P1), P2(P2), P1pP2(P1pP2), a(a), d(d), canAdd(canAdd), P_toAdd() { - - Y_intermediate_toAdd1.allocate(this->bp); - Y_intermediate_toAdd2.allocate(this->bp); - - not_canAdd.allocate(this->bp); - - el_add.reset(new element_g1_add(this->bp, a, d, P1, P_toAdd, P1pP2)); - } - - void generate_gates() { - // if coef == 1 then x_ret[i] + x_base - // x_add[i] = coef[i] * x_base; - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({P2.X}, {canAdd}, {P_toAdd.X})); - - // else do nothing. Ie add the zero point (0, 1) - // y_add[i] = coef[i] * y_base + !coef[i]; - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({P2.Y}, {canAdd}, {Y_intermediate_toAdd1})); - - // not coef - // make sure canAdd == 0 or canAdd == 1 - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(canAdd, - scalar_field_type::value_type::one() - canAdd, - scalar_field_type::value_type::zero())); - - // make sure not_canAdd == 0 or not_canAdd == 1 - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(not_canAdd, - scalar_field_type::value_type::one() - not_canAdd, - scalar_field_type::value_type::zero())); - - // make sure that the sum of canAdd, not_canAdd == 1 which means canAdd!=not_canAdd - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({not_canAdd, canAdd}, - {scalar_field_type::value_type::one()}, - {scalar_field_type::value_type::one()})); - - // because the are bool and because they are not equal we know that the inverse of one - // is the other. - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {not_canAdd}, {scalar_field_type::value_type::one()}, {Y_intermediate_toAdd2})); - - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({Y_intermediate_toAdd1, Y_intermediate_toAdd2}, - {scalar_field_type::value_type::one()}, - {P_toAdd.Y})); - - // do the addition of either y1 , y1 plus x2, y2 if canAdd == true else x1 , y1 + 0 - el_add->generate_gates(); - } - void generate_assignments() { - this->bp.lc_val(P_toAdd.X) = this->bp.lc_val(this->P2.X) * this->bp.val(this->canAdd); - - this->bp.val(this->Y_intermediate_toAdd1) = - this->bp.lc_val(this->P2.Y) * this->bp.val(this->canAdd); - - if (this->bp.val(this->canAdd) == scalar_field_type::value_type::one()) { - - this->bp.val(this->not_canAdd) = scalar_field_type::value_type::zero(); - this->bp.val(this->Y_intermediate_toAdd2) = - this->bp.val(this->not_canAdd) * scalar_field_type::value_type::one(); - this->bp.lc_val(this->P_toAdd.Y) = this->bp.val(this->Y_intermediate_toAdd1); - - } else { - - this->bp.val(this->not_canAdd) = scalar_field_type::value_type::one(); - this->bp.val(this->Y_intermediate_toAdd2) = - this->bp.val(this->not_canAdd) * scalar_field_type::value_type::one(); - this->bp.lc_val(this->P_toAdd.Y) = scalar_field_type::value_type::one(); - // this->bp.lc_val(this->Y_intermediate_toAdd2)); - } - - el_add->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_TWISTED_EDWARDS_G1_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/montgomery/element_g1.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/montgomery/element_g1.hpp deleted file mode 100644 index 314e2854ce..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/montgomery/element_g1.hpp +++ /dev/null @@ -1,190 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for G1 components. -// -// The components verify curve arithmetic in G1 = E(F) where E/F: b * y^2 = x^3 + a * x^2 + x -// is an elliptic curve over F in Montgomery form. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MONTGOMERY_G1_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MONTGOMERY_G1_COMPONENT_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - /** - * @brief Component that creates constraints for the addition of two elements from G1. (if element from - * group G1 lies on the elliptic curve) - */ - template - struct element_g1_addition - : public component::field_type> { - using curve_type = Curve; - using form = algebra::curves::forms::montgomery; - using coordinates = algebra::curves::coordinates::affine; - - using element_component = element_g1; - - using field_type = typename element_component::field_type; - using group_type = typename element_component::group_type; - - using result_type = element_component; - - const element_component p1; - const element_component p2; - element_component result; - element_fp lambda; - - /// Auto allocation of the result - element_g1_addition(blueprint &bp, - const element_component &in_p1, - const element_component &in_p2) : - component(bp), - p1(in_p1), p2(in_p2), result(bp) { - detail::blueprint_variable lambda_var; - lambda_var.allocate(this->bp); - this->lambda = lambda_var; - } - - /// Manual allocation of the result - element_g1_addition(blueprint &bp, - const element_component &in_p1, - const element_component &in_p2, - const result_type &in_result) : - component(bp), - p1(in_p1), p2(in_p2), result(in_result) { - detail::blueprint_variable lambda_var; - lambda_var.allocate(this->bp); - this->lambda = lambda_var; - } - - void generate_gates() { - // lambda = (y' - y) / (x' - x) - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->p2.X - this->p1.X}, {this->lambda}, {this->p2.Y - this->p1.Y})); - // (lambda) * (lambda) = (A + x + x' + x'') - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->lambda}, - {this->lambda}, - {group_type::params_type::A + this->p1.X + this->p2.X + this->result.X})); - // y'' = -(y + lambda(x'' - x)) - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->p1.X - this->result.X}, this->lambda, {this->result.Y + this->p1.Y})); - } - - void generate_assignments() { - this->bp.lc_val(this->lambda) = - (this->bp.lc_val(this->p2.Y) - this->bp.lc_val(this->p1.Y)) * - (this->bp.lc_val(this->p2.X) - this->bp.lc_val(this->p1.X)).inversed(); - this->bp.lc_val(this->result.X) = this->bp.lc_val(this->lambda).squared() - - group_type::params_type::A - this->bp.lc_val(this->p1.X) - - this->bp.lc_val(this->p2.X); - this->bp.lc_val(this->result.Y) = - -(this->bp.lc_val(this->p1.Y) + - (this->bp.lc_val(this->lambda) * - (this->bp.lc_val(this->result.X) - this->bp.lc_val(this->p1.X)))); - } - }; - - /** - * Gadget to convert affine Montgomery coordinates into affine twisted Edwards coordinates. - */ - template - struct element_g1_to_twisted_edwards - : public component::field_type> { - using curve_type = Curve; - using form = algebra::curves::forms::montgomery; - using coordinates = algebra::curves::coordinates::affine; - - using element_component = element_g1; - using to_element_component = - element_g1; - - using field_type = typename element_component::field_type; - using group_type = typename element_component::group_type; - using to_group_type = typename to_element_component::group_type; - - using result_type = to_element_component; - - // Input point - const element_component p; - // Output point - result_type result; - // Intermediate variables - typename field_type::value_type scale; - - /// Auto allocation of the result - element_g1_to_twisted_edwards(blueprint &bp, const element_component &in_p) : - component(bp), p(in_p), result(bp), - scale((static_cast(4) / - (static_cast(to_group_type::params_type::a) - - static_cast(to_group_type::params_type::d)) / - static_cast(group_type::params_type::B)) - .sqrt()) { - } - - /// Manual allocation of the result - element_g1_to_twisted_edwards(blueprint &bp, const element_component &in_p, - const result_type &in_result) : - component(bp), - p(in_p), result(in_result), - scale((static_cast(4) / - (static_cast(to_group_type::params_type::a) - - static_cast(to_group_type::params_type::d)) / - static_cast(group_type::params_type::B)) - .sqrt()) { - } - - void generate_gates() { - this->bp.add_r1cs_constraint(snark::r1cs_constraint({this->p.Y}, {this->result.X}, - {this->p.X * this->scale})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p.X + field_type::value_type::one()}, - {this->result.Y}, - {this->p.X - field_type::value_type::one()})); - } - - void generate_assignments() { - typename to_group_type::value_type p_to_XY = - typename group_type::value_type(this->bp.lc_val(p.X), this->bp.lc_val(p.Y)) - .to_twisted_edwards(); - this->bp.lc_val(result.X) = p_to_XY.X; - this->bp.lc_val(result.Y) = p_to_XY.Y; - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MONTGOMERY_G1_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/twisted_edwards/element_g1.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/twisted_edwards/element_g1.hpp deleted file mode 100644 index 799ed1022c..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/twisted_edwards/element_g1.hpp +++ /dev/null @@ -1,438 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for G1 components. -// -// The components verify curve arithmetic in G1 = E(F) where E/F: a * x^2 + y^2 = 1 + d * x^2 * y^2 -// is an elliptic curve over F in Twisted Edwards form. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_TWISTED_EDWARDS_G1_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_TWISTED_EDWARDS_G1_COMPONENT_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - /** - * @brief Component that creates constraints for the addition of two elements from G1. - */ - template - struct element_g1_addition - : public component::field_type> { - using curve_type = Curve; - using form = algebra::curves::forms::twisted_edwards; - using coordinates = algebra::curves::coordinates::affine; - - using element_component = element_g1; - - using field_type = typename element_component::field_type; - using group_type = typename element_component::group_type; - - using result_type = element_component; - - const element_component p1; - const element_component p2; - result_type result; - - // Intermediate variables - element_fp X1X2; - element_fp X1Y2; - element_fp Y1Y2; - element_fp Y1X2; - element_fp X1X2Y1Y2; - element_fp dX1X2Y1Y2; - element_fp aX1X2; - - private: - void init() { - detail::blueprint_variable X1X2_var, X1Y2_var, Y1Y2_var, Y1X2_var, X1X2Y1Y2_var, - dX1X2Y1Y2_var, aX1X2_var; - - X1X2_var.allocate(this->bp); - X1Y2_var.allocate(this->bp); - Y1Y2_var.allocate(this->bp); - Y1X2_var.allocate(this->bp); - X1X2Y1Y2_var.allocate(this->bp); - dX1X2Y1Y2_var.allocate(this->bp); - aX1X2_var.allocate(this->bp); - - this->X1X2 = X1X2_var; - this->X1Y2 = X1Y2_var; - this->Y1Y2 = Y1Y2_var; - this->Y1X2 = Y1X2_var; - this->X1X2Y1Y2 = X1X2Y1Y2_var; - this->dX1X2Y1Y2 = dX1X2Y1Y2_var; - this->aX1X2 = aX1X2_var; - } - - public: - /// Auto allocation of the result - element_g1_addition(blueprint &bp, - const element_component &in_p1, - const element_component &in_p2) : - component(bp), - p1(in_p1), p2(in_p2), result(bp) { - init(); - } - - /// Manual allocation of the result - element_g1_addition(blueprint &bp, - const element_component &in_p1, - const element_component &in_p2, - const result_type &in_result) : - component(bp), - p1(in_p1), p2(in_p2), result(in_result) { - init(); - } - - void generate_gates() { - // X3 = (X1*Y2 + Y1*X2) / (Fq.ONE + D*X1*X2*Y1*Y2) - // y3 = (Y1*Y2 - A*X1*X2) / (Fq.ONE - D*X1*X2*Y1*Y2) - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p1.Y}, {this->p2.X}, {this->Y1X2})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p1.X}, {this->p2.Y}, {this->X1Y2})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p1.X}, {this->p2.X}, {this->X1X2})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p1.Y}, {this->p2.Y}, {this->Y1Y2})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->X1X2}, {this->Y1Y2}, {this->X1X2Y1Y2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {group_type::params_type::d}, {this->X1X2Y1Y2}, {this->dX1X2Y1Y2})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {group_type::params_type::a}, {this->X1X2}, {this->aX1X2})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->result.Y}, - {field_type::value_type::one(), -(this->dX1X2Y1Y2)}, - {this->Y1Y2, -(this->aX1X2)})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->result.X}, - {field_type::value_type::one(), this->dX1X2Y1Y2}, - {this->X1Y2, this->Y1X2})); - } - - void generate_assignments() { - const typename field_type::value_type &x1 = this->bp.lc_val(this->p1.X); - const typename field_type::value_type &y1 = this->bp.lc_val(this->p1.Y); - const typename field_type::value_type &x2 = this->bp.lc_val(this->p2.X); - const typename field_type::value_type &y2 = this->bp.lc_val(this->p2.Y); - - this->bp.lc_val(X1X2) = x1 * x2; - this->bp.lc_val(X1Y2) = x1 * y2; - this->bp.lc_val(Y1Y2) = y1 * y2; - this->bp.lc_val(Y1X2) = y1 * x2; - this->bp.lc_val(X1X2Y1Y2) = this->bp.lc_val(X1X2) * this->bp.lc_val(Y1Y2); - this->bp.lc_val(dX1X2Y1Y2) = - static_cast(group_type::params_type::d) * - this->bp.lc_val(X1X2Y1Y2); - this->bp.lc_val(aX1X2) = - static_cast(group_type::params_type::a) * - this->bp.lc_val(X1X2); - this->bp.lc_val(this->result.X) = - (this->bp.lc_val(X1Y2) + this->bp.lc_val(Y1X2)) * - (field_type::value_type::one() + this->bp.lc_val(dX1X2Y1Y2)).inversed(); - this->bp.lc_val(this->result.Y) = - (this->bp.lc_val(Y1Y2) - this->bp.lc_val(aX1X2)) * - (field_type::value_type::one() - this->bp.lc_val(dX1X2Y1Y2)).inversed(); - } - }; - - /** - * @brief Component that creates constraints for the validity of a G1 element. (if element from group G1 - * lies on the elliptic curve) - */ - template - struct element_g1_is_well_formed - : public component::field_type> { - using curve_type = Curve; - using form = algebra::curves::forms::twisted_edwards; - using coordinates = algebra::curves::coordinates::affine; - - using element_component = element_g1; - - using field_type = typename element_component::field_type; - using group_type = typename element_component::group_type; - - const element_component p; - - // Intermediate variables - element_fp XX; - element_fp aXX; - element_fp dXX; - element_fp YY; - element_fp dXXYY; - element_fp lhs; - element_fp rhs; - - element_g1_is_well_formed(blueprint &bp, const element_component &in_p) : - component(bp), p(in_p) { - detail::blueprint_variable XX_var, aXX_var, dXX_var, YY_var, dXXYY_var, lhs_var, rhs_var; - - XX_var.allocate(this->bp); - aXX_var.allocate(this->bp); - dXX_var.allocate(this->bp); - YY_var.allocate(this->bp); - dXXYY_var.allocate(this->bp); - lhs_var.allocate(this->bp); - rhs_var.allocate(this->bp); - - this->XX = XX_var; - this->aXX = aXX_var; - this->dXX = dXX_var; - this->YY = YY_var; - this->dXXYY = dXXYY_var; - this->lhs = lhs_var; - this->rhs = rhs_var; - } - - void generate_gates() { - // a*X*X + Y*Y = 1 + d*X*X*Y*Y - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p.X}, {this->p.X}, {this->XX})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p.Y}, {this->p.Y}, {this->YY})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({group_type::params_type::a}, {this->XX}, {this->aXX})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->aXX, this->YY}, {field_type::value_type::one()}, {this->lhs})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({group_type::params_type::d}, {this->XX}, {this->dXX})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->dXX}, {this->YY}, {this->dXXYY})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->dXXYY, field_type::value_type::one()}, - {field_type::value_type::one()}, - {this->rhs})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->lhs}, {field_type::value_type::one()}, {this->rhs})); - } - - void generate_assignments() { - const typename field_type::value_type &x = this->bp.lc_val(this->p.X); - const typename field_type::value_type &y = this->bp.lc_val(this->p.Y); - - this->bp.lc_val(this->XX) = x * x; - this->bp.lc_val(this->YY) = y * y; - this->bp.lc_val(this->aXX) = - static_cast(group_type::params_type::a) * - this->bp.lc_val(this->XX); - this->bp.lc_val(this->lhs) = this->bp.lc_val(this->aXX) + this->bp.lc_val(this->YY); - this->bp.lc_val(this->dXX) = - static_cast(group_type::params_type::d) * - this->bp.lc_val(this->XX); - this->bp.lc_val(this->dXXYY) = this->bp.lc_val(this->dXX) * this->bp.lc_val(this->YY); - this->bp.lc_val(this->rhs) = this->bp.lc_val(this->dXXYY) + field_type::value_type::one(); - } - }; - - /** - * @brief Component that creates constraints for the point serialization into the bit sequence - * according to https://zips.z.cash/protocol/protocol.pdf#concreteextractorjubjub - */ - template - struct element_g1_to_bits - : public component::field_type> { - using curve_type = Curve; - using form = algebra::curves::forms::twisted_edwards; - using coordinates = algebra::curves::coordinates::affine; - - using element_component = element_g1; - - using field_type = typename element_component::field_type; - using group_type = typename element_component::group_type; - - using field_to_bits_component = field_to_bits_strict; - using result_type = typename field_to_bits_component::result_type; - - field_to_bits_component field_to_bits_converter; - result_type &result; - - /// Auto allocation of the result - element_g1_to_bits(blueprint &bp, const element_component &in_p) : - component(bp), field_to_bits_converter(bp, in_p.X), - result(field_to_bits_converter.result) { - } - - /// Manual allocation of the result - element_g1_to_bits(blueprint &bp, - const element_component &in_p, - const result_type &in_result) : - component(bp), - field_to_bits_converter(bp, in_p.X, in_result), result(field_to_bits_converter.result) { - } - - void generate_gates() { - this->field_to_bits_converter.generate_gates(); - } - - void generate_assignments() { - this->field_to_bits_converter.generate_assignments(); - } - }; - - /** - * @brief Component that creates constraints for the addition of two elements from G1. - */ - // TODO: fixme - template - struct element_g1_conditional_addition - : public component::field_type> { - using curve_type = Curve; - using form = algebra::curves::forms::twisted_edwards; - using coordinates = algebra::curves::coordinates::affine; - - using element_component = element_g1; - - using field_type = typename element_component::field_type; - using group_type = typename element_component::group_type; - - const element_component p1; - const element_component p2; - element_component result; - - const detail::blueprint_variable can_add; - - // intermediate variables - element_component p_to_add; - element_fp Y_intermediate_to_add1; - element_fp Y_intermediate_to_add2; - detail::blueprint_variable cannot_add; - - // TODO: refactor - // std::shared_ptr> el_add; - - element_g1_conditional_addition(blueprint &bp, - const element_component &in_p1, - const element_component &in_p2, - const detail::blueprint_variable &in_can_add, - const element_component &in_result) : - component(bp), - p1(in_p1), p2(in_p2), can_add(in_can_add), p_to_add(bp), result(in_result) { - detail::blueprint_variable Y_intermediate_to_add1_var, Y_intermediate_to_add2_var; - - Y_intermediate_to_add1_var.allocate(this->bp); - Y_intermediate_to_add2_var.allocate(this->bp); - cannot_add.allocate(this->bp); - - this->Y_intermediate_to_add1 = Y_intermediate_to_add1_var; - this->Y_intermediate_to_add2 = Y_intermediate_to_add2_var; - - // TODO: refactor - // el_add.reset(new element_g1_add(this->bp, a, d, p1, P_toAdd, p1pp2)); - } - - void generate_gates() { - // if coef == 1 then x_ret[i] + x_base - // x_add[i] = coef[i] * x_base; - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->p2.X}, {this->can_add}, {this->p_to_add.X})); - - // else do nothing. Ie add the zero point (0, 1) - // y_add[i] = coef[i] * y_base + !coef[i]; - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->p2.Y}, {this->can_add}, {this->Y_intermediate_to_add1})); - - // not coef - // make sure canAdd == 0 or canAdd == 1 - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(this->can_add, - field_type::value_type::one() - this->can_add, - field_type::value_type::zero())); - - // make sure not_canAdd == 0 or not_canAdd == 1 - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(this->cannot_add, - field_type::value_type::one() - this->cannot_add, - field_type::value_type::zero())); - - // make sure that the sum of canAdd, not_canAdd == 1 which means canAdd!=not_canAdd - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({this->cannot_add, this->can_add}, - {field_type::value_type::one()}, - {field_type::value_type::one()})); - - // because the are bool and because they are not equal we know that the inverse of one is the - // other. - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->cannot_add}, {field_type::value_type::one()}, {this->Y_intermediate_to_add2})); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {this->Y_intermediate_to_add1, this->Y_intermediate_to_add2}, - {field_type::value_type::one()}, - {this->p_to_add.Y})); - - // TODO: refactor - // do the addition of either y1 , y1 plus x2, y2 if canAdd == true else x1 , y1 + 0 - // el_add->generate_gates(); - } - - void generate_assignments() { - this->bp.lc_val(this->p_to_add.X) = this->bp.lc_val(this->p2.X) * this->bp.val(this->can_add); - this->bp.lc_val(this->Y_intermediate_to_add1) = - this->bp.lc_val(this->p2.Y) * this->bp.val(this->can_add); - - if (this->bp.val(this->can_add) == field_type::value_type::one()) { - this->bp.val(this->cannot_add) = field_type::value_type::zero(); - this->bp.lc_val(this->Y_intermediate_to_add2) = - this->bp.val(this->cannot_add) * field_type::value_type::one(); - this->bp.lc_val(this->p_to_add.Y) = this->bp.lc_val(this->Y_intermediate_to_add1); - } else { - this->bp.val(this->cannot_add) = field_type::value_type::one(); - this->bp.lc_val(this->Y_intermediate_to_add2) = - this->bp.val(this->cannot_add) * field_type::value_type::one(); - this->bp.lc_val(this->p_to_add.Y) = field_type::value_type::one(); - } - - // TODO: refactor - // el_add->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_TWISTED_EDWARDS_G1_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/weierstrass/r1cs/element_g1.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/weierstrass/r1cs/element_g1.hpp deleted file mode 100644 index 2c177f7e54..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/weierstrass/r1cs/element_g1.hpp +++ /dev/null @@ -1,264 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for G1 components. -// -// The components verify curve arithmetic in G1 = E(F) where E/F: y^2 = x^3 + A * X + B -// is an elliptic curve over F in short Weierstrass form. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G1_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G1_COMPONENT_HPP - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /** - * Component that represents a G1 element. - */ - template - class element_g1 : public component { - - using underlying_field_type = typename CurveType::scalar_field_type; - using underlying_element_type = element_fp; - - public: - underlying_element_type X; - underlying_element_type Y; - - ::nil::crypto3::zk::detail::blueprint_linear_combination_vector all_vars; - - element_g1(blueprint &bp) : component(bp) { - - ::nil::crypto3::zk::detail::blueprint_variable X_var, Y_var; - - X_var.allocate(bp); - Y_var.allocate(bp); - - X = underlying_element_type(X_var); - Y = underlying_element_type(Y_var); - - all_vars.emplace_back(X); - all_vars.emplace_back(Y); - } - - element_g1(blueprint &bp, - const typename CurveType::pairing::pair_curve_type::template g1_type<>::value_type &P) : - component(bp) { - typename CurveType::pairing::pair_curve_type::template g1_type<>::value_type Pcopy = - P.to_affine(); - - X.assign(bp, Pcopy.X); - Y.assign(bp, Pcopy.Y); - X.evaluate(bp); - Y.evaluate(bp); - all_vars.emplace_back(X); - all_vars.emplace_back(Y); - } - - void generate_assignments( - const typename CurveType::pairing::pair_curve_type::template g1_type<>::value_type &el) { - typename CurveType::pairing::pair_curve_type::template g1_type<>::value_type el_normalized = - el.to_affine(); - - this->bp.lc_val(X) = el_normalized.X; - this->bp.lc_val(Y) = el_normalized.Y; - } - - // (See a comment in r1cs_ppzksnark_verifier_component.hpp about why - // we mark this function noinline.) TODO: remove later - static std::size_t __attribute__((noinline)) size_in_bits() { - return 2 * underlying_field_type::modulus_bits; - } - static std::size_t num_variables() { - return 2; - } - }; - - /** - * Component that creates constraints for the validity of a G1 element. - */ - template - class element_g1_is_well_formed : public component { - - using underlying_field_type = typename CurveType::scalar_field_type; - - public: - element_g1 P; - ::nil::crypto3::zk::detail::blueprint_variable P_X_squared; - ::nil::crypto3::zk::detail::blueprint_variable P_Y_squared; - - element_g1_is_well_formed(blueprint &bp, const element_g1 &P) : - component(bp), P(P) { - P_X_squared.allocate(bp); - P_Y_squared.allocate(bp); - } - void generate_gates() { - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({P.X}, {P.X}, {P_X_squared})); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({P.Y}, {P.Y}, {P_Y_squared})); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {P.X}, - {P_X_squared, ::nil::crypto3::zk::detail::blueprint_variable(0) * - CurveType::pairing::pair_curve_type::a}, - {P_Y_squared, ::nil::crypto3::zk::detail::blueprint_variable(0) * - (-CurveType::pairing::pair_curve_type::b)})); - } - void generate_assignments() { - this->bp.val(P_X_squared) = this->bp.lc_val(P.X).squared(); - this->bp.val(P_Y_squared) = this->bp.lc_val(P.Y).squared(); - } - }; - - /** - * Component that creates constraints for G1 addition. - */ - template - class element_g1_add : public component { - - using underlying_field_type = typename CurveType::scalar_field_type; - - public: - ::nil::crypto3::zk::detail::blueprint_variable lambda; - ::nil::crypto3::zk::detail::blueprint_variable inv; - - element_g1 A; - element_g1 B; - element_g1 C; - - element_g1_add(blueprint &bp, - const element_g1 &A, - const element_g1 &B, - const element_g1 &C) : - component(bp), - A(A), B(B), C(C) { - /* - lambda = (B.y - A.y)/(B.x - A.x) - C.x = lambda^2 - A.x - B.x - C.y = lambda(A.x - C.x) - A.y - - Special cases: - - doubling: if B.y = A.y and B.x = A.x then lambda is unbound and - C = (lambda^2, lambda^3) - - addition of negative point: if B.y = -A.y and B.x = A.x then no - lambda can satisfy the first equation unless B.y - A.y = 0. But - then this reduces to doubling. - - So we need to check that A.x - B.x != 0, which can be done by - enforcing I * (B.x - A.x) = 1 - */ - lambda.allocate(bp); - inv.allocate(bp); - } - void generate_gates() { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {lambda}, {B.X, A.X * (-1)}, {B.Y, A.Y * (-1)})); - - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({lambda}, {lambda}, {C.X, A.X, B.X})); - - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({lambda}, {A.X, C.X * (-1)}, {C.Y, A.Y})); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {inv}, - {B.X, A.X * (-1)}, - {::nil::crypto3::zk::detail::blueprint_variable(0)})); - } - void generate_assignments() { - this->bp.val(inv) = (this->bp.lc_val(B.X) - this->bp.lc_val(A.X)).inversed(); - this->bp.val(lambda) = (this->bp.lc_val(B.Y) - this->bp.lc_val(A.Y)) * this->bp.val(inv); - this->bp.lc_val(C.X) = - this->bp.val(lambda).squared() - this->bp.lc_val(A.X) - this->bp.lc_val(B.X); - this->bp.lc_val(C.Y) = - this->bp.val(lambda) * (this->bp.lc_val(A.X) - this->bp.lc_val(C.X)) - this->bp.lc_val(A.Y); - } - }; - - /** - * Component that creates constraints for G1 doubling. - */ - template - class element_g1_doubled : public component { - - using underlying_field_type = typename CurveType::scalar_field_type; - - public: - ::nil::crypto3::zk::detail::blueprint_variable Xsquared; - ::nil::crypto3::zk::detail::blueprint_variable lambda; - - element_g1 A; - element_g1 B; - - element_g1_doubled(blueprint &bp, - const element_g1 &A, - const element_g1 &B) : - component(bp), - A(A), B(B) { - Xsquared.allocate(bp); - lambda.allocate(bp); - } - void generate_gates() { - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({A.X}, {A.X}, {Xsquared})); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {lambda * 2}, - {A.Y}, - {Xsquared * 3, ::nil::crypto3::zk::detail::blueprint_variable(0x00) * - CurveType::pairing::pair_curve_type::a})); - - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({lambda}, {lambda}, {B.X, A.X * 2})); - - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({lambda}, {A.X, B.X * (-1)}, {B.Y, A.Y})); - } - void generate_assignments() { - this->bp.val(Xsquared) = this->bp.lc_val(A.X).squared(); - this->bp.val(lambda) = - (typename underlying_field_type::value_type(0x03) * this->bp.val(Xsquared) + - CurveType::pairing::pair_curve_type::a) * - (typename underlying_field_type::value_type(0x02) * this->bp.lc_val(A.Y)).inversed(); - this->bp.lc_val(B.X) = this->bp.val(lambda).squared() - - typename underlying_field_type::value_type(0x02) * this->bp.lc_val(A.X); - this->bp.lc_val(B.Y) = - this->bp.val(lambda) * (this->bp.lc_val(A.X) - this->bp.lc_val(B.X)) - this->bp.lc_val(A.Y); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G1_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/weierstrass/r1cs/element_g2.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/weierstrass/r1cs/element_g2.hpp deleted file mode 100644 index b78eed9b65..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/curves/weierstrass/r1cs/element_g2.hpp +++ /dev/null @@ -1,165 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for G2 components. -// -// The components verify curve arithmetic in G2 = E'(F) where E'/F^e: y^2 = x^3 + A' * X + B' -// is an elliptic curve over F^e in short Weierstrass form. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G2_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G2_COMPONENT_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - using namespace nil::crypto3::algebra::pairing; - - /** - * Component that represents a G2 element. - */ - template - class element_g2 : public component { - - using underlying_field_type = typename CurveType::scalar_field_type; - - using field_type = typename CurveType::pairing::fp_type; - - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type; - - using component_policy = basic_curve_component_policy; - - public: - std::shared_ptr X; - std::shared_ptr Y; - - ::nil::crypto3::zk::detail::blueprint_linear_combination_vector all_vars; - - element_g2(blueprint &bp) : component(bp) { - X.reset(new typename component_policy::Fqe_variable_type(bp)); - Y.reset(new typename component_policy::Fqe_variable_type(bp)); - - all_vars.insert(all_vars.end(), X->all_vars.begin(), X->all_vars.end()); - all_vars.insert(all_vars.end(), Y->all_vars.begin(), Y->all_vars.end()); - } - element_g2(blueprint &bp, - const typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type &Q) : - component(bp) { - typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type Q_copy = - Q.to_affine(); - - X.reset(new typename component_policy::Fqe_variable_type(bp, Q_copy.X)); - Y.reset(new typename component_policy::Fqe_variable_type(bp, Q_copy.Y)); - - all_vars.insert(all_vars.end(), X->all_vars.begin(), X->all_vars.end()); - all_vars.insert(all_vars.end(), Y->all_vars.begin(), Y->all_vars.end()); - } - - void generate_assignments( - const typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type &Q) { - typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type Qcopy = - Q.to_affine(); - - X->generate_assignments(Qcopy.X); - Y->generate_assignments(Qcopy.Y); - } - - // (See a comment in r1cs_ppzksnark_verifier_component.hpp about why - // we mark this function noinline.) TODO: remove later - static std::size_t __attribute__((noinline)) size_in_bits() { - return 2 * typename component_policy::Fqe_variable_type::size_in_bits(); - } - static std::size_t num_variables() { - return 2 * typename component_policy::Fqe_variable_type::num_variables(); - } - }; - - /** - * Component that creates constraints for the validity of a G2 element. - */ - template - class element_g2_is_well_formed : public component { - typedef typename CurveType::pairing::fp_type field_type; - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type; - - using component_policy = basic_curve_component_policy; - - public: - element_g2 Q; - - std::shared_ptr Xsquared; - std::shared_ptr Ysquared; - std::shared_ptr Xsquared_plus_a; - std::shared_ptr Ysquared_minus_b; - - std::shared_ptr compute_Xsquared; - std::shared_ptr compute_Ysquared; - std::shared_ptr curve_equation; - - element_g2_is_well_formed(blueprint &bp, const element_g2 &Q) : - component(bp), Q(Q) { - Xsquared.reset(new typename component_policy::Fqe_variable_type(bp)); - Ysquared.reset(new typename component_policy::Fqe_variable_type(bp)); - - compute_Xsquared.reset( - new typename component_policy::Fqe_sqr_component_type(bp, *(Q.X), *Xsquared)); - compute_Ysquared.reset( - new typename component_policy::Fqe_sqr_component_type(bp, *(Q.Y), *Ysquared)); - - Xsquared_plus_a.reset(new typename component_policy::Fqe_variable_type( - (*Xsquared) + CurveType::pairing::pair_curve_type::a)); - Ysquared_minus_b.reset(new typename component_policy::Fqe_variable_type( - (*Ysquared) + (-CurveType::pairing::pair_curve_type::b))); - - curve_equation.reset(new typename component_policy::Fqe_mul_component_type( - bp, *(Q.X), *Xsquared_plus_a, *Ysquared_minus_b)); - } - - void generate_gates() { - compute_Xsquared->generate_gates(); - compute_Ysquared->generate_gates(); - curve_equation->generate_gates(); - } - void generate_assignments() { - compute_Xsquared->generate_assignments(); - compute_Ysquared->generate_assignments(); - Xsquared_plus_a->evaluate(); - curve_equation->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_G2_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/plonk/non_native/addition.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/plonk/non_native/addition.hpp index 5ceeaf84b1..e5a2c6c6f6 100644 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/plonk/non_native/addition.hpp +++ b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/plonk/non_native/addition.hpp @@ -201,7 +201,7 @@ namespace nil { std::array q; std::array p; typename BlueprintFieldType::integral_type mask = (pasta_base << 66) - 1; - typename BlueprintFieldType::extended_integral_type extended_mask = mask; + typename ed25519_field_type::extended_integral_type extended_mask = mask; r[0] = integral_eddsa_r & mask; q[0] = integral_eddsa_q & extended_mask; p[0] = minus_eddsa_p & extended_mask; @@ -291,7 +291,7 @@ namespace nil { std::array q; std::array p; typename BlueprintFieldType::integral_type mask = (pasta_base << 66) - 1; - typename BlueprintFieldType::extended_integral_type extended_mask = (pasta_base << 66) - 1; + typename ed25519_field_type::extended_integral_type extended_mask = (pasta_base << 66) - 1; r[0] = integral_eddsa_r & mask; q[0] = integral_eddsa_q & extended_mask; p[0] = minus_eddsa_p & extended_mask; @@ -399,7 +399,7 @@ namespace nil { typename ed25519_field_type::extended_integral_type pow = extended_base << 257; typename ed25519_field_type::extended_integral_type minus_eddsa_p = pow - eddsa_p; std::array p; - typename BlueprintFieldType::extended_integral_type mask = (base << 66) - 1; + typename ed25519_field_type::extended_integral_type mask = (base << 66) - 1; p[0] = minus_eddsa_p & mask; auto t = var(component.W(0), 0) + var(component.W(1), 0) + p[0] * var(component.W(2), 0); diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp.hpp deleted file mode 100644 index b2060c01d1..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp.hpp +++ /dev/null @@ -1,53 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for Fp2 components. -// -// The components verify field arithmetic in Fp2 = Fp[U]/(U^2-non_residue), -// where non_residue is in Fp. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_FP_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_FP_COMPONENTS_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /******************************** element_fp ************************************/ - - /** - * Component that represents an element_fp. - */ - template - using element_fp = detail::blueprint_linear_combination; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_FP_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp2.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp2.hpp deleted file mode 100644 index 316b03ce98..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp2.hpp +++ /dev/null @@ -1,354 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for Fp2 components. -// -// The components verify field arithmetic in Fp2 = Fp[U]/(U^2-non_residue), -// where non_residue is in Fp. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_FP2_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_FP2_COMPONENTS_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /******************************** element_fp2 ************************************/ - - /** - * Component that represents an element Fp2 component. - */ - template - struct element_fp2 : public component { - - using field_type = Fp2T; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp; - - using base_field_value_type = typename base_field_type::value_type; - - using data_type = - std::array; - - data_type data; - - detail::blueprint_linear_combination_vector all_vars; - - element_fp2(blueprint &bp) : component(bp) { - detail::blueprint_variable c0_var, c1_var; - - c0_var.allocate(bp); - c1_var.allocate(bp); - - // c0 = underlying_element_type(c0_var); - // c1 = underlying_element_type(c1_var); - - data = data_type({underlying_element_type(c0_var), underlying_element_type(c1_var)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - } - - element_fp2(blueprint &bp, const typename field_type::value_type &el) : - component(bp) { - underlying_element_type c0_lc; - underlying_element_type c1_lc; - - c0_lc.assign(bp, el.data[0]); - c1_lc.assign(bp, el.data[1]); - - c0_lc.evaluate(bp); - c1_lc.evaluate(bp); - - data = data_type({underlying_element_type(c0_lc), underlying_element_type(c1_lc)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - } - - element_fp2(blueprint &bp, - const typename field_type::value_type &el, - const detail::blueprint_linear_combination &coeff) : - component(bp) { - - underlying_element_type c0_lc; - underlying_element_type c1_lc; - - c0_lc.assign(bp, el.data[0] * coeff); - c1_lc.assign(bp, el.data[1] * coeff); - - data = data_type({underlying_element_type(c0_lc), underlying_element_type(c1_lc)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - } - - element_fp2(blueprint &bp, - const underlying_element_type &c0_lc, - const underlying_element_type &c1_lc) : - component(bp) { - - data = data_type({underlying_element_type(c0_lc), underlying_element_type(c1_lc)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - } - - void generate_r1cs_equals_const_constraints(const typename Fp2T::value_type &el) { - this->bp.add_r1cs_constraint(snark::r1cs_constraint(1, el.data[0], data[0])); - this->bp.add_r1cs_constraint(snark::r1cs_constraint(1, el.data[1], data[1])); - } - - void generate_assignments(const typename Fp2T::value_type &el) { - this->bp.lc_val(data[0]) = el.data[0]; - this->bp.lc_val(data[1]) = el.data[1]; - } - - typename Fp2T::value_type get_element() { - typename Fp2T::value_type el; - el.data[0] = this->bp.lc_val(data[0]); - el.data[1] = this->bp.lc_val(data[1]); - return el; - } - - element_fp2 operator*(const base_field_value_type &coeff) const { - underlying_element_type new_c0, new_c1; - new_c0.assign(this->bp, this->data[0] * coeff); - new_c1.assign(this->bp, this->data[1] * coeff); - return element_fp2(this->bp, new_c0, new_c1); - } - - element_fp2 operator+(const element_fp2 &other) const { - underlying_element_type new_c0, new_c1; - new_c0.assign(this->bp, this->data[0] + other.data[0]); - new_c1.assign(this->bp, this->data[1] + other.data[1]); - return element_fp2(this->bp, new_c0, new_c1); - } - - element_fp2 operator+(const typename Fp2T::value_type &other) const { - underlying_element_type new_c0, new_c1; - new_c0.assign(this->bp, this->data[0] + other.data[0]); - new_c1.assign(this->bp, this->data[1] + other.data[1]); - return element_fp2(this->bp, new_c0, new_c1); - } - - element_fp2 mul_by_X() const { - underlying_element_type new_c0, new_c1; - new_c0.assign(this->bp, this->data[1] * Fp2T::value_type::non_residue); - - new_c1.assign(this->bp, this->data[0]); - return element_fp2(this->bp, new_c0, new_c1); - } - - void evaluate() const { - (this->data[0]).evaluate(this->bp); - (this->data[1]).evaluate(this->bp); - } - - bool is_constant() const { - return ((this->data[0]).is_constant() && (this->data[1]).is_constant()); - } - - static std::size_t size_in_bits() { - return 2 * base_field_type::value_bits; - } - - static std::size_t num_variables() { - return 2; - } - }; - - /******************************** element_fp2_mul ************************************/ - - /** - * Component that creates constraints for Fp2 by Fp2 multiplication. - */ - template - struct element_fp2_mul : public component { - using base_field_type = typename Fp2T::underlying_field_type; - using base_field_value_type = typename base_field_type::value_type; - - element_fp2 A; - element_fp2 B; - element_fp2 result; - - private: - detail::blueprint_variable v1; - - public: - element_fp2_mul(blueprint &bp, - const element_fp2 &A, - const element_fp2 &B, - const element_fp2 &result) : - component(bp), - A(A), B(B), result(result) { - v1.allocate(bp); - } - - void generate_gates() { - /* - Karatsuba multiplication for Fp2: - v0 = A.data[0] * B.data[0] - v1 = A.data[1] * B.data[1] - result.data[0] = v0 + non_residue * v1 - result.data[1] = (A.data[0] + A.data[1]) * (B.data[0] + B.data[1]) - v0 - v1 - - Enforced with 3 constraints: - A.data[1] * B.data[1] = v1 - A.data[0] * B.data[0] = result.data[0] - non_residue * v1 - (A.data[0]+A.data[1])*(B.data[0]+B.data[1]) = result.data[1] + result.data[0] + (1 - - non_residue) * v1 - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - */ - this->bp.add_r1cs_constraint(snark::r1cs_constraint(A.data[1], B.data[1], v1)); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0], B.data[0], result.data[0] + v1 * (-Fp2T::value_type::non_residue))); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0] + A.data[1], - B.data[0] + B.data[1], - result.data[1] + result.data[0] + - v1 * (base_field_value_type::one() - Fp2T::value_type::non_residue))); - } - - void generate_assignments() { - const base_field_value_type aA = this->bp.lc_val(A.data[0]) * this->bp.lc_val(B.data[0]); - this->bp.val(v1) = this->bp.lc_val(A.data[1]) * this->bp.lc_val(B.data[1]); - this->bp.lc_val(result.data[0]) = aA + Fp2T::value_type::non_residue * this->bp.val(v1); - - this->bp.lc_val(result.data[1]) = - (this->bp.lc_val(A.data[0]) + this->bp.lc_val(A.data[1])) * - (this->bp.lc_val(B.data[0]) + this->bp.lc_val(B.data[1])) - - aA - this->bp.lc_val(v1); - } - }; - - /******************************** element_fp2_mul_by_lc ************************************/ - - /** - * Component that creates constraints for Fp2 multiplication by a linear combination. - */ - template - struct element_fp2_mul_by_lc : public component { - using base_field_type = typename Fp2T::underlying_field_type; - - element_fp2 A; - detail::blueprint_linear_combination lc; - element_fp2 result; - - element_fp2_mul_by_lc(blueprint &bp, - const element_fp2 &A, - const detail::blueprint_linear_combination &lc, - const element_fp2 &result) : - component(bp), - A(A), lc(lc), result(result) { - } - - void generate_gates() { - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(A.data[0], lc, result.data[0])); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(A.data[1], lc, result.data[1])); - } - - void generate_assignments() { - this->bp.lc_val(result.data[0]) = this->bp.lc_val(A.data[0]) * this->bp.lc_val(lc); - this->bp.lc_val(result.data[1]) = this->bp.lc_val(A.data[1]) * this->bp.lc_val(lc); - } - }; - - /******************************** element_fp2_squared ************************************/ - - /** - * Component that creates constraints for Fp2 squaring. - */ - template - struct element_fp2_squared : public component { - using base_field_type = typename Fp2T::base_field_type; - - element_fp2 A; - element_fp2 result; - - using base_field_value_type = typename base_field_type::value_type; - - element_fp2_squared(blueprint &bp, - const element_fp2 &A, - const element_fp2 &result) : - component(bp), - A(A), result(result) { - } - - void generate_gates() { - /* - Complex multiplication for Fp2: - v0 = A.data[0] * A.data[1] - result.data[0] = (A.data[0] + A.data[1]) * (A.data[0] + non_residue * A.data[1]) - - (1 + non_residue) * v0 result.data[1] = 2 * v0 - - Enforced with 2 constraints: - (2*A.data[0]) * A.data[1] = result.data[1] - (A.data[0] + A.data[1]) * (A.data[0] + non_residue * A.data[1]) = result.data[0] + - result.data[1] * (1 + non_residue)/2 - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - */ - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(2 * A.data[0], A.data[1], result.data[1])); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0] + A.data[1], - A.data[0] + Fp2T::value_type::non_residue * A.data[1], - result.data[0] + result.data[1] * - (base_field_value_type::one() + Fp2T::value_type::non_residue) * - base_field_value_type(0x02).inversed())); - } - - void generate_assignments() { - const base_field_value_type a = this->bp.lc_val(A.data[0]); - const base_field_value_type b = this->bp.lc_val(A.data[1]); - this->bp.lc_val(result.data[1]) = base_field_value_type(0x02) * a * b; - this->bp.lc_val(result.data[0]) = (a + b) * (a + Fp2T::value_type::non_residue * b) - a * b - - Fp2T::value_type::non_residue * a * b; - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_FP2_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp3.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp3.hpp deleted file mode 100644 index 50edd8b6b6..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp3.hpp +++ /dev/null @@ -1,386 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for Fp3 components. -// -// The components verify field arithmetic in Fp3 = Fp[U]/(U^3-non_residue), -// where non_residue is in Fp. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_FP3_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_FP3_COMPONENTS_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /******************************** element_fp3 ************************************/ - - /** - * Component that represents an Fp3 element. - */ - template - struct element_fp3 : public component { - - using field_type = Fp3T; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp; - - using base_field_value_type = typename base_field_type::value_type; - - using data_type = - std::array; - - data_type data; - - detail::blueprint_linear_combination_vector all_vars; - - element_fp3(blueprint &bp) : component(bp) { - detail::blueprint_variable c0_var, c1_var, c2_var; - - c0_var.allocate(bp); - c1_var.allocate(bp); - c2_var.allocate(bp); - - data = data_type({underlying_element_type(c0_var), underlying_element_type(c1_var), - underlying_element_type(c2_var)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - all_vars.emplace_back(data[2]); - } - - element_fp3(blueprint &bp, const typename Fp3T::value_type &el) : - component(bp) { - underlying_element_type c0_lc; - underlying_element_type c1_lc; - underlying_element_type c2_lc; - - c0_lc.assign(bp, el.data[0]); - c1_lc.assign(bp, el.data[1]); - c2_lc.assign(bp, el.data[2]); - - c0_lc.evaluate(bp); - c1_lc.evaluate(bp); - c2_lc.evaluate(bp); - - data = data_type({underlying_element_type(c0_lc), underlying_element_type(c1_lc), - underlying_element_type(c2_lc)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - all_vars.emplace_back(data[2]); - } - - element_fp3(blueprint &bp, - const typename Fp3T::value_type &el, - const detail::blueprint_linear_combination &coeff) : - component(bp) { - - underlying_element_type c0_lc; - underlying_element_type c1_lc; - underlying_element_type c2_lc; - - c0_lc.assign(bp, el.data[0] * coeff); - c1_lc.assign(bp, el.data[1] * coeff); - c2_lc.assign(bp, el.data[2] * coeff); - - data = data_type({underlying_element_type(c0_lc), underlying_element_type(c1_lc), - underlying_element_type(c2_lc)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - all_vars.emplace_back(data[2]); - } - - element_fp3(blueprint &bp, - const underlying_element_type &c0_lc, - const underlying_element_type &c1_lc, - const underlying_element_type &c2_lc) : - component(bp) { - - data = data_type({underlying_element_type(c0_lc), underlying_element_type(c1_lc), - underlying_element_type(c2_lc)}); - - all_vars.emplace_back(data[0]); - all_vars.emplace_back(data[1]); - all_vars.emplace_back(data[2]); - } - - void generate_r1cs_equals_const_constraints(const typename Fp3T::value_type &el) { - this->bp.add_r1cs_constraint(snark::r1cs_constraint(1, el.data[0], data[0])); - this->bp.add_r1cs_constraint(snark::r1cs_constraint(1, el.data[1], data[1])); - this->bp.add_r1cs_constraint(snark::r1cs_constraint(1, el.data[2], data[2])); - } - - void generate_assignments(const typename Fp3T::value_type &el) { - this->bp.lc_val(data[0]) = el.data[0]; - this->bp.lc_val(data[1]) = el.data[1]; - this->bp.lc_val(data[2]) = el.data[2]; - } - - typename Fp3T::value_type get_element() { - typename Fp3T::value_type el; - el.data[0] = this->bp.lc_val(data[0]); - el.data[1] = this->bp.lc_val(data[1]); - el.data[2] = this->bp.lc_val(data[2]); - return el; - } - - element_fp3 operator*(const typename base_field_type::value_type &coeff) const { - underlying_element_type new_c0, new_c1, new_c2; - new_c0.assign(this->bp, this->data[0] * coeff); - new_c1.assign(this->bp, this->data[1] * coeff); - new_c2.assign(this->bp, this->data[2] * coeff); - return element_fp3(this->bp, new_c0, new_c1, new_c2); - } - - element_fp3 operator+(const element_fp3 &other) const { - underlying_element_type new_c0, new_c1, new_c2; - new_c0.assign(this->bp, this->data[0] + other.data[0]); - new_c1.assign(this->bp, this->data[1] + other.data[1]); - new_c2.assign(this->bp, this->data[2] + other.data[2]); - return element_fp3(this->bp, new_c0, new_c1, new_c2); - } - - element_fp3 operator+(const typename Fp3T::value_type &other) const { - underlying_element_type new_c0, new_c1, new_c2; - new_c0.assign(this->bp, this->data[0] + other.data[0]); - new_c1.assign(this->bp, this->data[1] + other.data[1]); - new_c2.assign(this->bp, this->data[2] + other.data[2]); - return element_fp3(this->bp, new_c0, new_c1, new_c2); - } - - element_fp3 mul_by_X() const { - underlying_element_type new_c0, new_c1, new_c2; - new_c0.assign(this->bp, this->data[2] * Fp3T::value_type::non_residue); - - new_c1.assign(this->bp, this->data[0]); - new_c2.assign(this->bp, this->data[1]); - return element_fp3(this->bp, new_c0, new_c1, new_c2); - } - - void evaluate() const { - data[0].evaluate(this->bp); - data[1].evaluate(this->bp); - data[2].evaluate(this->bp); - } - - bool is_constant() const { - return (data[0].is_constant() && data[1].is_constant() && data[2].is_constant()); - } - - static std::size_t size_in_bits() { - return 3 * base_field_type::value_bits; - } - - static std::size_t num_variables() { - return 3; - } - }; - - /******************************** element_fp3_mul ************************************/ - - /** - * Component that creates constraints for Fp3 by Fp3 multiplication. - */ - template - struct element_fp3_mul : public component { - using base_field_type = typename Fp3T::base_field_type; - - element_fp3 A; - element_fp3 B; - element_fp3 result; - - detail::blueprint_variable v0; - detail::blueprint_variable v4; - - element_fp3_mul(blueprint &bp, - const element_fp3 &A, - const element_fp3 &B, - const element_fp3 &result) : - component(bp), - A(A), B(B), result(result) { - v0.allocate(bp); - v4.allocate(bp); - } - - void generate_gates() { - /* - Tom-Cook-3x for Fp3: - v0 = A.data[0] * B.data[0] - v1 = (A.data[0] + A.data[1] + A.data[2]) * (B.data[0] + B.data[1] + B.data[2]) - v2 = (A.data[0] - A.data[1] + A.data[2]) * (B.data[0] - B.data[1] + B.data[2]) - v3 = (A.data[0] + 2*A.data[1] + 4*A.data[2]) * (B.data[0] + 2*B.data[1] + - 4*B.data[2]) v4 = A.data[2] * B.data[2] result.data[0] = v0 + non_residue * (v0/2 - v1/2 - - v2/6 + v3/6 - 2*v4) result.data[1] = -(1/2) v0 + v1 - (1/3) v2 - (1/6) v3 + 2 v4 + - non_residue*v4 result.data[2] = -v0 + (1/2) v1 + (1/2) v2 - v4 - - Enforced with 5 constraints. Doing so requires some care, as we first - compute two of the v_i explicitly, and then "inline" result.data[1]/data[2]/c3 - in computations of teh remaining three v_i. - - Concretely, we first compute v0 and v4 explicitly, via 2 constraints: - A.data[0] * B.data[0] = v0 - A.data[2] * B.data[2] = v4 - Then we use the following 3 additional constraints: - v1 = result.data[1] + result.data[2] + (result.data[0] - v0)/non_residue + v0 + v4 - - non_residue v4 v2 = -result.data[1] + result.data[2] + v0 + (-result.data[0] + - v0)/non_residue + v4 + non_residue v4 v3 = 2 * result.data[1] + 4 result.data[2] + - (8*(result.data[0] - v0))/non_residue + v0 + 16 * v4 - 2 * non_residue * v4 - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - - NOTE: the expressions above were cherry-picked from the Mathematica result - of the following command: - - (# -> Solve[{data[0] == v0 + non_residue*(v0/2 - v1/2 - v2/6 + v3/6 - 2 v4), - data[1] == -(1/2) v0 + v1 - (1/3) v2 - (1/6) v3 + 2 v4 + non_residue*v4, - data[2] == -v0 + (1/2) v1 + (1/2) v2 - v4}, #] // FullSimplify) & /@ - Subsets[{v0, v1, v2, v3, v4}, {3}] - */ - this->bp.add_r1cs_constraint(snark::r1cs_constraint(A.data[0], B.data[0], v0)); - this->bp.add_r1cs_constraint(snark::r1cs_constraint(A.data[2], B.data[2], v4)); - - const typename base_field_type::value_type beta = Fp3T::value_type::non_residue; - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0] + A.data[1] + A.data[2], - B.data[0] + B.data[1] + B.data[2], - result.data[1] + result.data[2] + result.data[0] * beta.inversed() + - v0 * (typename base_field_type::value_type(1) - beta.inversed()) + - v4 * (typename base_field_type::value_type(1) - beta))); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0] - A.data[1] + A.data[2], - B.data[0] - B.data[1] + B.data[2], - -result.data[1] + result.data[2] + - v0 * (typename base_field_type::value_type(1) + beta.inversed()) - - result.data[0] * beta.inversed() + - v4 * (typename base_field_type::value_type(1) + beta))); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0] + 2 * A.data[1] + 4 * A.data[2], - B.data[0] + 2 * B.data[1] + 4 * B.data[2], - 2 * result.data[1] + 4 * result.data[2] + - result.data[0] * (typename base_field_type::value_type(8) * beta.inversed()) + - v0 * (typename base_field_type::value_type(1) - - typename base_field_type::value_type(8) * beta.inversed()) + - v4 * (typename base_field_type::value_type(16) - - typename base_field_type::value_type(2) * beta))); - } - - void generate_assignments() { - this->bp.val(v0) = this->bp.lc_val(A.data[0]) * this->bp.lc_val(B.data[0]); - this->bp.val(v4) = this->bp.lc_val(A.data[2]) * this->bp.lc_val(B.data[2]); - - const typename Fp3T::value_type Aval = A.get_element(); - const typename Fp3T::value_type Bval = B.get_element(); - const typename Fp3T::value_type Rval = Aval * Bval; - result.generate_assignments(Rval); - } - }; - - /******************************** element_fp3_mul_by_lc ************************************/ - - /** - * Component that creates constraints for Fp3 multiplication by a linear combination. - */ - template - struct element_fp3_mul_by_lc : public component { - using base_field_type = typename Fp3T::underlying_field_type; - - element_fp3 A; - detail::blueprint_linear_combination lc; - element_fp3 result; - - element_fp3_mul_by_lc(blueprint &bp, - const element_fp3 &A, - const detail::blueprint_linear_combination &lc, - const element_fp3 &result) : - component(bp), - A(A), lc(lc), result(result) { - } - - void generate_gates() { - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(A.data[0], lc, result.data[0])); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(A.data[1], lc, result.data[1])); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(A.data[2], lc, result.data[2])); - } - - void generate_assignments() { - this->bp.lc_val(result.data[0]) = this->bp.lc_val(A.data[0]) * this->bp.lc_val(lc); - this->bp.lc_val(result.data[1]) = this->bp.lc_val(A.data[1]) * this->bp.lc_val(lc); - this->bp.lc_val(result.data[2]) = this->bp.lc_val(A.data[2]) * this->bp.lc_val(lc); - } - }; - - /******************************** element_fp3_squared ************************************/ - - /** - * Component that creates constraints for Fp3 squaring. - */ - template - struct element_fp3_squared : public component { - using base_field_type = typename Fp3T::underlying_field_type; - - element_fp3 A; - element_fp3 result; - - std::shared_ptr> mul; - - element_fp3_squared(blueprint &bp, - const element_fp3 &A, - const element_fp3 &result) : - component(bp), - A(A), result(result) { - mul.reset(new element_fp3_mul(bp, A, A, result)); - } - - void generate_gates() { - mul->generate_gates(); - } - - void generate_assignments() { - mul->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_FP3_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp4.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp4.hpp deleted file mode 100644 index b902a9a449..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp4.hpp +++ /dev/null @@ -1,646 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for Fp4 components. -// -// The components verify field arithmetic in Fp4 = Fp2[V]/(V^2-U) where -// Fp2 = Fp[U]/(U^2-non_residue) and non_residue is in Fp. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_FP4_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_FP4_COMPONENTS_HPP - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /******************************** element_fp4 ************************************/ - - /** - * Component that represents an Fp4 element. - */ - template - struct element_fp4 : public component { - - using field_type = Fp4T; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp2; - - using data_type = - std::array; - - data_type data; - - element_fp4(blueprint &bp) : - component(bp), - data({underlying_element_type(bp), underlying_element_type(bp)}) { - } - - element_fp4(blueprint &bp, const typename field_type::value_type &el) : - component(bp), - data({underlying_element_type(bp, el.data[0]), underlying_element_type(bp, el.data[1])}) { - } - - element_fp4(blueprint &bp, const underlying_element_type &in_data0, - const underlying_element_type &in_data1) : - component(bp), - data({underlying_element_type(in_data0), underlying_element_type(in_data1)}) { - } - - void generate_r1cs_equals_const_constraints(const typename field_type::value_type &el) { - data[0].generate_r1cs_equals_const_constraints(el.data[0]); - data[1].generate_r1cs_equals_const_constraints(el.data[1]); - } - - void generate_assignments(const typename field_type::value_type &el) { - data[0].generate_assignments(el.data[0]); - data[1].generate_assignments(el.data[1]); - } - - typename field_type::value_type get_element() { - typename field_type::value_type el; - el.data[0] = data[0].get_element(); - el.data[1] = data[1].get_element(); - return el; - } - - element_fp4 Frobenius_map(const std::size_t power) const { - detail::blueprint_linear_combination new_c0c0, new_c0c1, new_c1c0, new_c1c1; - new_c0c0.assign(this->bp, data[0].data[0]); - new_c0c1.assign(this->bp, - data[0].data[1] * underlying_field_type::Frobenius_coeffs_c1[power % 2]); - new_c1c0.assign(this->bp, data[1].data[0] * field_type::Frobenius_coeffs_c1[power % 4]); - new_c1c1.assign(this->bp, - data[1].data[1] * field_type::Frobenius_coeffs_c1[power % 4] * - underlying_field_type::Frobenius_coeffs_c1[power % 2]); - - return element_fp4(this->bp, - underlying_element_type(this->bp, new_c0c0, new_c0c1), - underlying_element_type(this->bp, new_c1c0, new_c1c1)); - } - - void evaluate() const { - data[0].evaluate(); - data[1].evaluate(); - } - }; - - /******************************** element_fp4_tower_mul ************************************/ - - /** - * Component that creates constraints for Fp4 multiplication (towering formulas). - */ - template - class element_fp4_tower_mul : public component { - public: - using field_type = Fp4T; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp2; - - element_fp4 A; - element_fp4 B; - element_fp4 result; - - detail::blueprint_linear_combination v0_c0; - detail::blueprint_linear_combination v0_c1; - - detail::blueprint_linear_combination Ac0_plus_Ac1_c0; - detail::blueprint_linear_combination Ac0_plus_Ac1_c1; - std::shared_ptr Ac0_plus_Ac1; - - std::shared_ptr v0; - std::shared_ptr v1; - - detail::blueprint_linear_combination Bc0_plus_Bc1_c0; - detail::blueprint_linear_combination Bc0_plus_Bc1_c1; - std::shared_ptr Bc0_plus_Bc1; - - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c0; - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c1; - - std::shared_ptr result_c1_plus_v0_plus_v1; - - std::shared_ptr> compute_v0; - std::shared_ptr> compute_v1; - std::shared_ptr> compute_result_c1; - - element_fp4_tower_mul(blueprint &bp, - const element_fp4 &A, - const element_fp4 &B, - const element_fp4 &result) : - component(bp), - A(A), B(B), result(result) { - /* - Karatsuba multiplication for Fp4 as a quadratic extension of Fp2: - v0 = A.data[0] * B.data[0] - v1 = A.data[1] * B.data[1] - result.data[0] = v0 + non_residue * v1 - result.data[1] = (A.data[0] + A.data[1]) * (B.data[0] + B.data[1]) - v0 - v1 - where "non_residue * elem" := (non_residue * elt.data[1], elt.data[0]) - - Enforced with 3 element_fp2_mul's that ensure that: - A.data[1] * B.data[1] = v1 - A.data[0] * B.data[0] = v0 - (A.data[0]+A.data[1])*(B.data[0]+B.data[1]) = result.data[1] + v0 + v1 - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - */ - v1.reset(new underlying_element_type(bp)); - - compute_v1.reset(new element_fp2_mul(bp, A.data[1], B.data[1], *v1)); - - v0_c0.assign(bp, result.data[0].data[0] - field_type::value_type::non_residue * v1->data[1]); - - v0_c1.assign(bp, result.data[0].data[1] - v1->data[0]); - v0.reset(new underlying_element_type(bp, v0_c0, v0_c1)); - - compute_v0.reset(new element_fp2_mul(bp, A.data[0], B.data[0], *v0)); - - Ac0_plus_Ac1_c0.assign(bp, A.data[0].data[0] + A.data[1].data[0]); - Ac0_plus_Ac1_c1.assign(bp, A.data[0].data[1] + A.data[1].data[1]); - Ac0_plus_Ac1.reset(new underlying_element_type(bp, Ac0_plus_Ac1_c0, Ac0_plus_Ac1_c1)); - - Bc0_plus_Bc1_c0.assign(bp, B.data[0].data[0] + B.data[1].data[0]); - Bc0_plus_Bc1_c1.assign(bp, B.data[0].data[1] + B.data[1].data[1]); - Bc0_plus_Bc1.reset(new underlying_element_type(bp, Bc0_plus_Bc1_c0, Bc0_plus_Bc1_c1)); - - result_c1_plus_v0_plus_v1_c0.assign(bp, result.data[1].data[0] + v0->data[0] + v1->data[0]); - result_c1_plus_v0_plus_v1_c1.assign(bp, result.data[1].data[1] + v0->data[1] + v1->data[1]); - result_c1_plus_v0_plus_v1.reset(new underlying_element_type(bp, result_c1_plus_v0_plus_v1_c0, - result_c1_plus_v0_plus_v1_c1)); - - compute_result_c1.reset(new element_fp2_mul( - bp, *Ac0_plus_Ac1, *Bc0_plus_Bc1, *result_c1_plus_v0_plus_v1)); - } - - void generate_gates() { - compute_v0->generate_gates(); - compute_v1->generate_gates(); - compute_result_c1->generate_gates(); - } - - void generate_assignments() { - compute_v0->generate_assignments(); - compute_v1->generate_assignments(); - - Ac0_plus_Ac1_c0.evaluate(this->bp); - Ac0_plus_Ac1_c1.evaluate(this->bp); - - Bc0_plus_Bc1_c0.evaluate(this->bp); - Bc0_plus_Bc1_c1.evaluate(this->bp); - - compute_result_c1->generate_assignments(); - - const typename field_type::value_type Aval = A.get_element(); - const typename field_type::value_type Bval = B.get_element(); - const typename field_type::value_type Rval = Aval * Bval; - - result.generate_assignments(Rval); - } - }; - - /******************************** element_fp4_direct_mul ************************************/ - - /** - * Component that creates constraints for Fp4 multiplication (direct formulas). - */ - template - class element_fp4_direct_mul : public component { - public: - using field_type = Fp4T; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp2; - - using base_field_value_type = typename base_field_type::value_type; - - element_fp4 A; - element_fp4 B; - element_fp4 result; - - detail::blueprint_variable v1; - detail::blueprint_variable v2; - detail::blueprint_variable v6; - - element_fp4_direct_mul(blueprint &bp, - const element_fp4 &A, - const element_fp4 &B, - const element_fp4 &result) : - component(bp), - A(A), B(B), result(result) { - /* - Tom-Cook-4x for Fp4 (beta is the quartic non-residue): - v0 = a0*b0, - v1 = (a0+a1+a2+a3)*(b0+b1+b2+b3), - v2 = (a0-a1+a2-a3)*(b0-b1+b2-b3), - v3 = (a0+2a1+4a2+8a3)*(b0+2b1+4b2+8b3), - v4 = (a0-2a1+4a2-8a3)*(b0-2b1+4b2-8b3), - v5 = (a0+3a1+9a2+27a3)*(b0+3b1+9b2+27b3), - v6 = a3*b3 - - result.data[0] = v0+beta((1/4)v0-(1/6)(v1+v2)+(1/24)(v3+v4)-5v6), - result.data[1] = - -(1/3)v0+v1-(1/2)v2-(1/4)v3+(1/20)v4+(1/30)v5-12v6+beta(-(1/12)(v0-v1)+(1/24)(v2-v3)-(1/120)(v4-v5)-3v6), - result.c2 = -(5/4)v0+(2/3)(v1+v2)-(1/24)(v3+v4)+4v6+beta v6, - result.c3 = (1/12)(5v0-7v1)-(1/24)(v2-7v3+v4+v5)+15v6 - - Enforced with 7 constraints. Doing so requires some care, as we first - compute three of the v_i explicitly, and then "inline" result.data[0]/c1/c2/c3 - in computations of the remaining four v_i. - - Concretely, we first compute v1, v2 and v6 explicitly, via 3 constraints as above. - v1 = (a0+a1+a2+a3)*(b0+b1+b2+b3), - v2 = (a0-a1+a2-a3)*(b0-b1+b2-b3), - v6 = a3*b3 - - Then we use the following 4 additional constraints: - (1-beta) v0 = c0 + beta c2 - (beta v1)/2 - (beta v2)/ 2 - (-1 + beta) beta v6 - (1-beta) v3 = -15 c0 - 30 c1 - 3 (4 + beta) c2 - 6 (4 + beta) c3 + (24 - (3 beta)/2) - v1 - + - (-8 + beta/2) v2 + 3 (-16 + beta) (-1 + beta) v6 (1-beta) v4 = -15 c0 + 30 c1 - 3 (4 + - beta) c2 + 6 (4 + beta) c3 + (-8 + beta/2) v1 + (24 - (3 beta)/2) v2 + 3 (-16 + beta) (-1 - + beta) v6 (1-beta) v5 = -80 c0 - 240 c1 - 8 (9 + beta) c2 - 24 (9 + beta) c3 - 2 (-81 + - beta) v1 + - (-81 + beta) v2 + 8 (-81 + beta) (-1 + beta) v6 - - The isomorphism between the representation above and towering is: - (a0, a1, a2, a3) <-> (a.data[0].data[0], a.data[1].data[0], a.data[0].data[1], - a.data[1].data[1]) - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - - NOTE: the expressions above were cherry-picked from the Mathematica result - of the following command: - - (# -> Solve[{c0 == v0+beta((1/4)v0-(1/6)(v1+v2)+(1/24)(v3+v4)-5v6), - c1 == - -(1/3)v0+v1-(1/2)v2-(1/4)v3+(1/20)v4+(1/30)v5-12v6+beta(-(1/12)(v0-v1)+(1/24)(v2-v3)-(1/120)(v4-v5)-3v6), - c2 - == -(5/4)v0+(2/3)(v1+v2)-(1/24)(v3+v4)+4v6+beta v6, c3 == - (1/12)(5v0-7v1)-(1/24)(v2-7v3+v4+v5)+15v6}, #] // FullSimplify) & /@ Subsets[{v0, v1, v2, - v3, v4, v5}, {4}] - - and simplified by multiplying the selected result by (1-beta) - */ - v1.allocate(bp); - v2.allocate(bp); - v6.allocate(bp); - } - - void generate_gates() { - const base_field_value_type beta = field_type::value_type::non_residue; - - const base_field_value_type u = (base_field_value_type::one() - beta).inversed(); - - const detail::blueprint_linear_combination &a0 = A.data[0].data[0], - &a1 = A.data[1].data[0], - &a2 = A.data[0].data[1], - &a3 = A.data[1].data[1], - &b0 = B.data[0].data[0], - &b1 = B.data[1].data[0], - &b2 = B.data[0].data[1], - &b3 = B.data[1].data[1], - &c0 = result.data[0].data[0], - &c1 = result.data[1].data[0], - &c2 = result.data[0].data[1], - &c3 = result.data[1].data[1]; - - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(a0 + a1 + a2 + a3, b0 + b1 + b2 + b3, v1)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(a0 - a1 + a2 - a3, b0 - b1 + b2 - b3, v2)); - this->bp.add_r1cs_constraint(snark::r1cs_constraint(a3, b3, v6)); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - a0, - b0, - u * c0 + beta * u * c2 - beta * u * base_field_value_type(0x02).inversed() * v1 - - beta * u * base_field_value_type(0x02).inversed() * v2 + beta * v6)); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - a0 + base_field_value_type(0x02) * a1 + base_field_value_type(0x04) * a2 + - base_field_value_type(0x08) * a3, - b0 + base_field_value_type(0x02) * b1 + base_field_value_type(0x04) * b2 + - base_field_value_type(0x08) * b3, - -base_field_value_type(15) * u * c0 - base_field_value_type(30) * u * c1 - - base_field_value_type(0x03) * (base_field_value_type(0x04) + beta) * u * c2 - - base_field_value_type(6) * (base_field_value_type(0x04) + beta) * u * c3 + - (base_field_value_type(24) - - base_field_value_type(0x03) * beta * base_field_value_type(0x02).inversed()) * - u * v1 + - (-base_field_value_type(0x08) + beta * base_field_value_type(0x02).inversed()) * u * - v2 - - base_field_value_type(0x03) * (-base_field_value_type(16) + beta) * v6)); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - a0 - base_field_value_type(0x02) * a1 + base_field_value_type(0x04) * a2 - - base_field_value_type(0x08) * a3, - b0 - base_field_value_type(0x02) * b1 + base_field_value_type(0x04) * b2 - - base_field_value_type(0x08) * b3, - -base_field_value_type(15) * u * c0 + base_field_value_type(30) * u * c1 - - base_field_value_type(0x03) * (base_field_value_type(0x04) + beta) * u * c2 + - base_field_value_type(6) * (base_field_value_type(0x04) + beta) * u * c3 + - (base_field_value_type(24) - - base_field_value_type(0x03) * beta * base_field_value_type(0x02).inversed()) * - u * v2 + - (-base_field_value_type(0x08) + beta * base_field_value_type(0x02).inversed()) * u * - v1 - - base_field_value_type(0x03) * (-base_field_value_type(16) + beta) * v6)); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - a0 + base_field_value_type(0x03) * a1 + base_field_value_type(0x09) * a2 + - base_field_value_type(27) * a3, - b0 + base_field_value_type(0x03) * b1 + base_field_value_type(0x09) * b2 + - base_field_value_type(27) * b3, - -base_field_value_type(80) * u * c0 - base_field_value_type(240) * u * c1 - - base_field_value_type(0x08) * (base_field_value_type(0x09) + beta) * u * c2 - - base_field_value_type(24) * (base_field_value_type(0x09) + beta) * u * c3 - - base_field_value_type(0x02) * (-base_field_value_type(81) + beta) * u * v1 + - (-base_field_value_type(81) + beta) * u * v2 - - base_field_value_type(0x08) * (-base_field_value_type(81) + beta) * v6)); - } - - void generate_r1cs_witness() { - const detail::blueprint_linear_combination &a0 = A.data[0].data[0], - &a1 = A.data[1].data[0], - &a2 = A.data[0].data[1], - &a3 = A.data[1].data[1], - &b0 = B.data[0].data[0], - &b1 = B.data[1].data[0], - &b2 = B.data[0].data[1], - &b3 = B.data[1].data[1]; - - this->bp.val(v1) = - ((this->bp.lc_val(a0) + this->bp.lc_val(a1) + this->bp.lc_val(a2) + this->bp.lc_val(a3)) * - (this->bp.lc_val(b0) + this->bp.lc_val(b1) + this->bp.lc_val(b2) + this->bp.lc_val(b3))); - this->bp.val(v2) = - ((this->bp.lc_val(a0) - this->bp.lc_val(a1) + this->bp.lc_val(a2) - this->bp.lc_val(a3)) * - (this->bp.lc_val(b0) - this->bp.lc_val(b1) + this->bp.lc_val(b2) - this->bp.lc_val(b3))); - this->bp.val(v6) = this->bp.lc_val(a3) * this->bp.lc_val(b3); - - const typename field_type::value_type Aval = A.get_element(); - const typename field_type::value_type Bval = B.get_element(); - const typename field_type::value_type Rval = Aval * Bval; - - result.generate_assignments(Rval); - } - }; - - /** - * Alias default multiplication component - */ - template - using element_fp4_mul = element_fp4_direct_mul; - - /******************************** element_fp4_squared ************************************/ - - /** - * Component that creates constraints for Fp4 squaring. - */ - template - class element_fp4_squared : public component { - public: - using field_type = Fp4T; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp2; - - element_fp4 A; - element_fp4 result; - - std::shared_ptr v1; - - detail::blueprint_linear_combination v0_c0; - detail::blueprint_linear_combination v0_c1; - std::shared_ptr v0; - - std::shared_ptr> compute_v0; - std::shared_ptr> compute_v1; - - detail::blueprint_linear_combination Ac0_plus_Ac1_c0; - detail::blueprint_linear_combination Ac0_plus_Ac1_c1; - std::shared_ptr Ac0_plus_Ac1; - - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c0; - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c1; - - std::shared_ptr result_c1_plus_v0_plus_v1; - - std::shared_ptr> compute_result_c1; - - element_fp4_squared(blueprint &bp, - const element_fp4 &A, - const element_fp4 &result) : - component(bp), - A(A), result(result) { - /* - Karatsuba squaring for Fp4 as a quadratic extension of Fp2: - v0 = A.data[0]^2 - v1 = A.data[1]^2 - result.data[0] = v0 + non_residue * v1 - result.data[1] = (A.data[0] + A.data[1])^2 - v0 - v1 - where "non_residue * elem" := (non_residue * elt.data[1], elt.data[0]) - - Enforced with 3 element_fp2_squared's that ensure that: - A.data[1]^2 = v1 - A.data[0]^2 = v0 - (A.data[0]+A.data[1])^2 = result.data[1] + v0 + v1 - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - */ - - v1.reset(new underlying_element_type(bp)); - compute_v1.reset(new element_fp2_squared(bp, A.data[1], *v1)); - - v0_c0.assign(bp, result.data[0].data[0] - field_type::value_type::non_residue * v1->data[1]); - - v0_c1.assign(bp, result.data[0].data[1] - v1->data[0]); - v0.reset(new underlying_element_type(bp, v0_c0, v0_c1)); - - compute_v0.reset(new element_fp2_squared(bp, A.data[0], *v0)); - - Ac0_plus_Ac1_c0.assign(bp, A.data[0].data[0] + A.data[1].data[0]); - Ac0_plus_Ac1_c1.assign(bp, A.data[0].data[1] + A.data[1].data[1]); - Ac0_plus_Ac1.reset(new underlying_element_type(bp, Ac0_plus_Ac1_c0, Ac0_plus_Ac1_c1)); - - result_c1_plus_v0_plus_v1_c0.assign(bp, result.data[1].data[0] + v0->data[0] + v1->data[0]); - result_c1_plus_v0_plus_v1_c1.assign(bp, result.data[1].data[1] + v0->data[1] + v1->data[1]); - result_c1_plus_v0_plus_v1.reset(new underlying_element_type(bp, result_c1_plus_v0_plus_v1_c0, - result_c1_plus_v0_plus_v1_c1)); - - compute_result_c1.reset(new element_fp2_squared( - bp, *Ac0_plus_Ac1, *result_c1_plus_v0_plus_v1)); - } - - void generate_gates() { - compute_v1->generate_gates(); - compute_v0->generate_gates(); - compute_result_c1->generate_gates(); - } - - void generate_assignments() { - compute_v1->generate_assignments(); - - v0_c0.evaluate(this->bp); - v0_c1.evaluate(this->bp); - compute_v0->generate_assignments(); - - Ac0_plus_Ac1_c0.evaluate(this->bp); - Ac0_plus_Ac1_c1.evaluate(this->bp); - compute_result_c1->generate_assignments(); - - const typename field_type::value_type Aval = A.get_element(); - const typename field_type::value_type Rval = Aval.squared(); - result.generate_assignments(Rval); - } - }; - - /******************************** element_fp4_cyclotomic_squared ************************************/ - - /** - * Component that creates constraints for Fp4 cyclotomic squaring - */ - template - class element_fp4_cyclotomic_squared : public component { - public: - using field_type = Fp4T; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp2; - - using base_field_value_type = typename base_field_type::value_type; - - element_fp4 A; - element_fp4 result; - - detail::blueprint_linear_combination c0_expr_c0; - detail::blueprint_linear_combination c0_expr_c1; - std::shared_ptr c0_expr; - std::shared_ptr> compute_c0_expr; - - detail::blueprint_linear_combination A_c0_plus_A_c1_c0; - detail::blueprint_linear_combination A_c0_plus_A_c1_c1; - std::shared_ptr A_c0_plus_A_c1; - - detail::blueprint_linear_combination c1_expr_c0; - detail::blueprint_linear_combination c1_expr_c1; - std::shared_ptr c1_expr; - std::shared_ptr> compute_c1_expr; - - element_fp4_cyclotomic_squared(blueprint &bp, - const element_fp4 &A, - const element_fp4 &result) : - component(bp), - A(A), result(result) { - /* - A = elt.data[1] ^ 2 - B = elt.data[1] + elt.data[0]; - C = B ^ 2 - A - D = Fp2(A.data[1] * non_residue, A.data[0]) - E = C - D - F = D + D + Fp2::one() - G = E - Fp2::one() - - return Fp4(F, G); - - Enforced with 2 element_fp2_squared's that ensure that: - - elt.data[1] ^ 2 = Fp2(result.data[0].data[1] / 2, (result.data[0].data[0] - 1) / (2 * - non_residue)) = A (elt.data[1] + elt.data[0]) ^ 2 = A + result.data[1] + Fp2(A.data[1] * - non_residue + 1, A.data[0]) - - (elt.data[1] + elt.data[0]) ^ 2 = Fp2(result.data[0].data[1] / 2 + result.data[1].data[0] - + (result.data[0].data[0] - 1) / 2 + 1, (result.data[0].data[0] - 1) / (2 * non_residue) + - result.data[1].data[1] + result.data[0].data[1] / 2) - */ - c0_expr_c0.assign(bp, result.data[0].data[1] * base_field_value_type(0x02).inversed()); - c0_expr_c1.assign( - bp, - (result.data[0].data[0] - base_field_value_type(0x01)) * - (base_field_value_type(0x02) * field_type::value_type::non_residue).inversed()); - - c0_expr.reset(new underlying_element_type(bp, c0_expr_c0, c0_expr_c1)); - compute_c0_expr.reset(new element_fp2_squared(bp, A.data[1], *c0_expr)); - - A_c0_plus_A_c1_c0.assign(bp, A.data[0].data[0] + A.data[1].data[0]); - A_c0_plus_A_c1_c1.assign(bp, A.data[0].data[1] + A.data[1].data[1]); - A_c0_plus_A_c1.reset(new underlying_element_type(bp, A_c0_plus_A_c1_c0, A_c0_plus_A_c1_c1)); - - c1_expr_c0.assign( - bp, - (result.data[0].data[1] + result.data[0].data[0] - base_field_value_type(0x01)) * - base_field_value_type(0x02).inversed() + - result.data[1].data[0] + base_field_value_type(0x01)); - c1_expr_c1.assign( - bp, - (result.data[0].data[0] - base_field_value_type(0x01)) * - (base_field_value_type(0x02) * field_type::value_type::non_residue).inversed() + - result.data[1].data[1] + - result.data[0].data[1] * base_field_value_type(0x02).inversed()); - - c1_expr.reset(new underlying_element_type(bp, c1_expr_c0, c1_expr_c1)); - - compute_c1_expr.reset( - new element_fp2_squared(bp, *A_c0_plus_A_c1, *c1_expr)); - } - - void generate_gates() { - compute_c0_expr->generate_gates(); - compute_c1_expr->generate_gates(); - } - - void generate_assignments() { - compute_c0_expr->generate_assignments(); - - A_c0_plus_A_c1_c0.evaluate(this->bp); - A_c0_plus_A_c1_c1.evaluate(this->bp); - compute_c1_expr->generate_assignments(); - - const typename field_type::value_type Aval = A.get_element(); - const typename field_type::value_type Rval = Aval.squared(); - result.generate_assignments(Rval); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_FP4_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp6_2over3.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp6_2over3.hpp deleted file mode 100644 index 5d9ccdd8f9..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/element_fp6_2over3.hpp +++ /dev/null @@ -1,586 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for Fp6 components. -// -// The components verify field arithmetic in Fp6 = Fp3[Y]/(Y^2-X) where -// Fp3 = Fp[X]/(X^3-non_residue) and non_residue is in Fp. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_FP6_2OVER3_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_FP6_2OVER3_COMPONENTS_HPP - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /******************************** element_fp6_2over3 ************************************/ - - /** - * Component that represents an Fp6 element. - */ - template // Fp6 2over3 - class element_fp6_2over3 : public component { - - using field_type = FieldType; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp3; - - using data_type = - std::array; - - public: - data_type data; - - element_fp6_2over3(blueprint &bp) : - component(bp), - data({underlying_element_type(bp), underlying_element_type(bp)}) { - } - - element_fp6_2over3(blueprint &bp, const typename field_type::value_type &el) : - component(bp), - data({underlying_element_type(bp, el.data[0]), underlying_element_type(bp, el.data[1])}) { - } - - element_fp6_2over3(blueprint &bp, const underlying_element_type &in_data0, - const underlying_element_type &in_data1) : - component(bp), - data({underlying_element_type(in_data0), underlying_element_type(in_data1)}) { - } - - void generate_r1cs_equals_const_constraints(const typename field_type::value_type &el) { - data[0].generate_r1cs_equals_const_constraints(el.data[0]); - data[1].generate_r1cs_equals_const_constraints(el.data[1]); - } - - void generate_assignments(const typename field_type::value_type &el) { - data[0].generate_assignments(el.data[0]); - data[1].generate_assignments(el.data[1]); - } - - typename field_type::value_type get_element() { - typename field_type::value_type el; - el.data[0] = data[0].get_element(); - el.data[1] = data[1].get_element(); - return el; - } - - element_fp6_2over3 Frobenius_map(const std::size_t power) const { - detail::blueprint_linear_combination new_c0c0, new_c0c1, new_c0c2, new_c1c0, new_c1c1, - new_c1c2; - new_c0c0.assign(this->bp, data[0].data[0]); - new_c0c1.assign(this->bp, - data[0].data[1] * - underlying_field_type::value_type::Frobenius_coeffs_c1[power % 3]); - new_c0c2.assign(this->bp, - data[0].data[2] * - underlying_field_type::value_type::Frobenius_coeffs_c2[power % 3]); - new_c1c0.assign(this->bp, - data[1].data[0] * field_type::value_type::Frobenius_coeffs_c1[power % 6]); - new_c1c1.assign(this->bp, - data[1].data[1] * - (field_type::value_type::Frobenius_coeffs_c1[power % 6] * - underlying_field_type::value_type::Frobenius_coeffs_c1[power % 3])); - new_c1c2.assign(this->bp, - data[1].data[2] * - (field_type::value_type::Frobenius_coeffs_c1[power % 6] * - underlying_field_type::value_type::Frobenius_coeffs_c2[power % 3])); - - return element_fp6_2over3( - this->bp, - underlying_element_type(this->bp, new_c0c0, new_c0c1, new_c0c2), - underlying_element_type(this->bp, new_c1c0, new_c1c1, new_c1c2)); - } - - void evaluate() const { - data[0].evaluate(); - data[1].evaluate(); - } - }; - - /******************************** element_fp6_2over3_mul ************************************/ - - /** - * Component that creates constraints for Fp6 multiplication. - */ - template - class element_fp6_2over3_mul : public component { - - using field_type = FieldType; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp3; - - public: - element_fp6_2over3 A; - element_fp6_2over3 B; - element_fp6_2over3 result; - - detail::blueprint_linear_combination v0_c0; - detail::blueprint_linear_combination v0_c1; - detail::blueprint_linear_combination v0_c2; - - detail::blueprint_linear_combination Ac0_plus_Ac1_c0; - detail::blueprint_linear_combination Ac0_plus_Ac1_c1; - detail::blueprint_linear_combination Ac0_plus_Ac1_c2; - std::shared_ptr Ac0_plus_Ac1; - - std::shared_ptr v0; - std::shared_ptr v1; - - detail::blueprint_linear_combination Bc0_plus_Bc1_c0; - detail::blueprint_linear_combination Bc0_plus_Bc1_c1; - detail::blueprint_linear_combination Bc0_plus_Bc1_c2; - std::shared_ptr Bc0_plus_Bc1; - - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c0; - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c1; - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c2; - std::shared_ptr result_c1_plus_v0_plus_v1; - - std::shared_ptr> compute_v0; - std::shared_ptr> compute_v1; - std::shared_ptr> compute_result_c1; - - element_fp6_2over3_mul(blueprint &bp, - const element_fp6_2over3 &A, - const element_fp6_2over3 &B, - const element_fp6_2over3 &result) : - component(bp), - A(A), B(B), result(result) { - /* - Karatsuba multiplication for Fp6 as a quadratic extension of Fp3: - v0 = A.data[0] * B.data[0] - v1 = A.data[1] * B.data[1] - result.data[0] = v0 + non_residue * v1 - result.data[1] = (A.data[0] + A.data[1]) * (B.data[0] + B.data[1]) - v0 - v1 - where "non_residue * elem" := (non_residue * elem.data[2], elem.data[0], elem.data[1]) - - Enforced with 3 element_fp3_mul's that ensure that: - A.data[1] * B.data[1] = v1 - A.data[0] * B.data[0] = v0 - (A.data[0]+A.data[1])*(B.data[0]+B.data[1]) = result.data[1] + v0 + v1 - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - */ - v1.reset(new underlying_element_type(bp)); - - compute_v1.reset(new element_fp3_mul(bp, A.data[1], B.data[1], *v1)); - - v0_c0.assign(bp, result.data[0].data[0] - field_type::value_type::non_residue * v1->data[2]); - - v0_c1.assign(bp, result.data[0].data[1] - v1->data[0]); - v0_c2.assign(bp, result.data[0].data[2] - v1->data[1]); - v0.reset(new underlying_element_type(bp, v0_c0, v0_c1, v0_c2)); - - compute_v0.reset(new element_fp3_mul(bp, A.data[0], B.data[0], *v0)); - - Ac0_plus_Ac1_c0.assign(bp, A.data[0].data[0] + A.data[1].data[0]); - Ac0_plus_Ac1_c1.assign(bp, A.data[0].data[1] + A.data[1].data[1]); - Ac0_plus_Ac1_c2.assign(bp, A.data[0].data[2] + A.data[1].data[2]); - Ac0_plus_Ac1.reset( - new underlying_element_type(bp, Ac0_plus_Ac1_c0, Ac0_plus_Ac1_c1, Ac0_plus_Ac1_c2)); - - Bc0_plus_Bc1_c0.assign(bp, B.data[0].data[0] + B.data[1].data[0]); - Bc0_plus_Bc1_c1.assign(bp, B.data[0].data[1] + B.data[1].data[1]); - Bc0_plus_Bc1_c2.assign(bp, B.data[0].data[2] + B.data[1].data[2]); - Bc0_plus_Bc1.reset( - new underlying_element_type(bp, Bc0_plus_Bc1_c0, Bc0_plus_Bc1_c1, Bc0_plus_Bc1_c2)); - - result_c1_plus_v0_plus_v1_c0.assign(bp, result.data[1].data[0] + v0->data[0] + v1->data[0]); - result_c1_plus_v0_plus_v1_c1.assign(bp, result.data[1].data[1] + v0->data[1] + v1->data[1]); - result_c1_plus_v0_plus_v1_c2.assign(bp, result.data[1].data[2] + v0->data[2] + v1->data[2]); - result_c1_plus_v0_plus_v1.reset(new underlying_element_type(bp, - result_c1_plus_v0_plus_v1_c0, - result_c1_plus_v0_plus_v1_c1, - result_c1_plus_v0_plus_v1_c2)); - - compute_result_c1.reset(new element_fp3_mul( - bp, *Ac0_plus_Ac1, *Bc0_plus_Bc1, *result_c1_plus_v0_plus_v1)); - } - - void generate_gates() { - compute_v0->generate_gates(); - compute_v1->generate_gates(); - compute_result_c1->generate_gates(); - } - - void generate_assignments() { - compute_v0->generate_assignments(); - compute_v1->generate_assignments(); - - Ac0_plus_Ac1_c0.evaluate(this->bp); - Ac0_plus_Ac1_c1.evaluate(this->bp); - Ac0_plus_Ac1_c2.evaluate(this->bp); - - Bc0_plus_Bc1_c0.evaluate(this->bp); - Bc0_plus_Bc1_c1.evaluate(this->bp); - Bc0_plus_Bc1_c2.evaluate(this->bp); - - compute_result_c1->generate_assignments(); - - const typename field_type::value_type Aval = A.get_element(); - const typename field_type::value_type Bval = B.get_element(); - const typename field_type::value_type Rval = Aval * Bval; - - result.generate_assignments(Rval); - - result_c1_plus_v0_plus_v1_c0.evaluate(this->bp); - result_c1_plus_v0_plus_v1_c1.evaluate(this->bp); - result_c1_plus_v0_plus_v1_c2.evaluate(this->bp); - - compute_result_c1->generate_assignments(); - } - }; - - /******************************** element_fp6_2over3_mul_by_2345 - * ************************************/ - - /** - * Component that creates constraints for Fp6 multiplication by a Fp6 element B for which - * B.data[0].data[0] = B.data[0].data[1] = 0. - */ - template - class element_fp6_2over3_mul_by_2345 : public component { - using field_type = FieldType; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp3; - - public: - element_fp6_2over3 A; - element_fp6_2over3 B; - element_fp6_2over3 result; - - detail::blueprint_linear_combination v0_c0; - detail::blueprint_linear_combination v0_c1; - detail::blueprint_linear_combination v0_c2; - - detail::blueprint_linear_combination Ac0_plus_Ac1_c0; - detail::blueprint_linear_combination Ac0_plus_Ac1_c1; - detail::blueprint_linear_combination Ac0_plus_Ac1_c2; - std::shared_ptr Ac0_plus_Ac1; - - std::shared_ptr v0; - std::shared_ptr v1; - - detail::blueprint_linear_combination Bc0_plus_Bc1_c0; - detail::blueprint_linear_combination Bc0_plus_Bc1_c1; - detail::blueprint_linear_combination Bc0_plus_Bc1_c2; - std::shared_ptr Bc0_plus_Bc1; - - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c0; - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c1; - detail::blueprint_linear_combination result_c1_plus_v0_plus_v1_c2; - std::shared_ptr result_c1_plus_v0_plus_v1; - - std::shared_ptr> compute_v1; - std::shared_ptr> compute_result_c1; - - element_fp6_2over3_mul_by_2345(blueprint &bp, - const element_fp6_2over3 &A, - const element_fp6_2over3 &B, - const element_fp6_2over3 &result) : - component(bp), - A(A), B(B), result(result) { - /* - Karatsuba multiplication for Fp6 as a quadratic extension of Fp3: - v0 = A.data[0] * B.data[0] - v1 = A.data[1] * B.data[1] - result.data[0] = v0 + non_residue * v1 - result.data[1] = (A.data[0] + A.data[1]) * (B.data[0] + B.data[1]) - v0 - v1 - where "non_residue * elem" := (non_residue * elem.data[2], elem.data[0], elem.data[1]) - - We know that B.data[0].data[0] = B.data[0].data[1] = 0 - - Enforced with 2 element_fp3_mul's that ensure that: - A.data[1] * B.data[1] = v1 - (A.data[0]+A.data[1])*(B.data[0]+B.data[1]) = result.data[1] + v0 + v1 - - And one multiplication (three direct constraints) that enforces A.data[0] * B.data[0] - = v0, where B.data[0].data[0] = B.data[0].data[1] = 0. - - Note that (u + v * X + t * X^2) * (0 + 0 * X + z * X^2) = - (v * z * non_residue + t * z * non_residue * X + u * z * X^2) - - Reference: - "Multiplication and Squaring on Pairing-Friendly Fields" - Devegili, OhEigeartaigh, Scott, Dahab - */ - v1.reset(new underlying_element_type(bp)); - compute_v1.reset(new element_fp3_mul(bp, A.data[1], B.data[1], *v1)); - - /* we inline result.data[0] in v0 as follows: v0 = (result.data[0].data[0] - - * field_type::value_type::non_residue * v1->data[2], - * result.data[0].data[1] - v1->data[0], result.data[0].data[2] - v1->data[1]) */ - v0.reset(new underlying_element_type(bp)); - - Ac0_plus_Ac1_c0.assign(bp, A.data[0].data[0] + A.data[1].data[0]); - Ac0_plus_Ac1_c1.assign(bp, A.data[0].data[1] + A.data[1].data[1]); - Ac0_plus_Ac1_c2.assign(bp, A.data[0].data[2] + A.data[1].data[2]); - Ac0_plus_Ac1.reset( - new underlying_element_type(bp, Ac0_plus_Ac1_c0, Ac0_plus_Ac1_c1, Ac0_plus_Ac1_c2)); - - Bc0_plus_Bc1_c0.assign(bp, B.data[0].data[0] + B.data[1].data[0]); - Bc0_plus_Bc1_c1.assign(bp, B.data[0].data[1] + B.data[1].data[1]); - Bc0_plus_Bc1_c2.assign(bp, B.data[0].data[2] + B.data[1].data[2]); - Bc0_plus_Bc1.reset( - new underlying_element_type(bp, Bc0_plus_Bc1_c0, Bc0_plus_Bc1_c1, Bc0_plus_Bc1_c2)); - - result_c1_plus_v0_plus_v1_c0.assign(bp, result.data[1].data[0] + v0->data[0] + v1->data[0]); - result_c1_plus_v0_plus_v1_c1.assign(bp, result.data[1].data[1] + v0->data[1] + v1->data[1]); - result_c1_plus_v0_plus_v1_c2.assign(bp, result.data[1].data[2] + v0->data[2] + v1->data[2]); - result_c1_plus_v0_plus_v1.reset(new underlying_element_type(bp, - result_c1_plus_v0_plus_v1_c0, - result_c1_plus_v0_plus_v1_c1, - result_c1_plus_v0_plus_v1_c2)); - - compute_result_c1.reset(new element_fp3_mul( - bp, *Ac0_plus_Ac1, *Bc0_plus_Bc1, *result_c1_plus_v0_plus_v1)); - } - - void generate_gates() { - compute_v1->generate_gates(); - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0].data[1], underlying_field_type::value_type::non_residue * B.data[0].data[2], - result.data[0].data[0] - field_type::value_type::non_residue * v1->data[2])); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0].data[2], underlying_field_type::value_type::non_residue * B.data[0].data[2], - result.data[0].data[1] - v1->data[0])); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - A.data[0].data[0], B.data[0].data[2], result.data[0].data[2] - v1->data[1])); - compute_result_c1->generate_gates(); - } - - void generate_assignments() { - compute_v1->generate_assignments(); - - const typename underlying_field_type::value_type A_c0_val = A.data[0].get_element(); - const typename underlying_field_type::value_type B_c0_val = B.data[0].get_element(); - assert(B_c0_val.data[0].is_zero()); - assert(B_c0_val.data[1].is_zero()); - - const typename underlying_field_type::value_type v0_val = A_c0_val * B_c0_val; - v0->generate_assignments(v0_val); - - Ac0_plus_Ac1_c0.evaluate(this->bp); - Ac0_plus_Ac1_c1.evaluate(this->bp); - Ac0_plus_Ac1_c2.evaluate(this->bp); - - Bc0_plus_Bc1_c0.evaluate(this->bp); - Bc0_plus_Bc1_c1.evaluate(this->bp); - Bc0_plus_Bc1_c2.evaluate(this->bp); - - compute_result_c1->generate_assignments(); - - const typename field_type::value_type Aval = A.get_element(); - const typename field_type::value_type Bval = B.get_element(); - const typename field_type::value_type Rval = Aval * Bval; - - result.generate_assignments(Rval); - - result_c1_plus_v0_plus_v1_c0.evaluate(this->bp); - result_c1_plus_v0_plus_v1_c1.evaluate(this->bp); - result_c1_plus_v0_plus_v1_c2.evaluate(this->bp); - - compute_result_c1->generate_assignments(); - } - }; - - /******************************** element_fp6_2over3_squared ************************************/ - - /** - * Component that creates constraints for Fp6 squaring. - */ - template - class element_fp6_2over3_squared : public component { - - using field_type = FieldType; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp3; - - public: - element_fp6_2over3 A; - element_fp6_2over3 result; - - std::shared_ptr> mul; - - element_fp6_2over3_squared(blueprint &bp, - const element_fp6_2over3 &A, - const element_fp6_2over3 &result) : - component(bp), - A(A), result(result) { - mul.reset(new element_fp6_2over3_mul(bp, A, A, result)); - } - - void generate_gates() { - mul->generate_gates(); - } - - void generate_assignments() { - mul->generate_assignments(); - } - }; - - /******************************** element_fp6_2over3_cyclotomic_squared - * ************************************/ - - /** - * Component that creates constraints for Fp6 cyclotomic squaring - */ - template - class element_fp6_2over3_cyclotomic_squared : public component { - - using field_type = FieldType; - using base_field_type = typename field_type::base_field_type; - using underlying_field_type = typename field_type::underlying_field_type; - - using underlying_element_type = element_fp3; - - typedef typename field_type::underlying_field_type Fp2T; - - public: - element_fp6_2over3 A; - element_fp6_2over3 result; - - std::shared_ptr> a; - std::shared_ptr> b; - std::shared_ptr> c; - - detail::blueprint_linear_combination asq_c0; - detail::blueprint_linear_combination asq_c1; - - detail::blueprint_linear_combination bsq_c0; - detail::blueprint_linear_combination bsq_c1; - - detail::blueprint_linear_combination csq_c0; - detail::blueprint_linear_combination csq_c1; - - std::shared_ptr> asq; - std::shared_ptr> bsq; - std::shared_ptr> csq; - - std::shared_ptr> compute_asq; - std::shared_ptr> compute_bsq; - std::shared_ptr> compute_csq; - - element_fp6_2over3_cyclotomic_squared(blueprint &bp, - const element_fp6_2over3 &A, - const element_fp6_2over3 &result) : - component(bp), - A(A), result(result) { - /* - underlying_field_type a = underlying_field_type(data[0].data[0], data[1].data[1]); - underlying_field_type b = underlying_field_type(data[1].data[0], data[0].data[2]); - underlying_field_type c = underlying_field_type(data[0].data[1], data[1].data[2]); - - underlying_field_type asq = a.squared(); - underlying_field_type bsq = b.squared(); - underlying_field_type csq = c.squared(); - - result.data[0].data[0] = 3 * asq_a - 2 * a_a; - result.data[1].data[1] = 3 * asq_b + 2 * a_b; - - result.data[0].data[1] = 3 * bsq_a - 2 * c_a; - result.data[1].data[2] = 3 * bsq_b + 2 * c_b; - - result.data[0].data[2] = 3 * csq_a - 2 * b_b; - result.data[1].data[0] = 3 * my_Fp3::non_residue * csq_b + 2 * b_a; - - return Fp6_2over3_model(my_Fp3(A_a, C_a, B_b), - my_Fp3(B_a, A_b, C_b)) - */ - a.reset(new element_fp2(bp, A.data[0].data[0], A.data[1].data[1])); - b.reset(new element_fp2(bp, A.data[1].data[0], A.data[0].data[2])); - c.reset(new element_fp2(bp, A.data[0].data[1], A.data[1].data[2])); - - asq_c0.assign(bp, (result.data[0].data[0] + 2 * a->data[0]) * - typename base_field_type::value_type(3).inversed()); - asq_c1.assign(bp, (result.data[1].data[1] - 2 * a->data[1]) * - typename base_field_type::value_type(3).inversed()); - - bsq_c0.assign(bp, (result.data[0].data[1] + 2 * c->data[0]) * - typename base_field_type::value_type(3).inversed()); - bsq_c1.assign(bp, (result.data[1].data[2] - 2 * c->data[1]) * - typename base_field_type::value_type(3).inversed()); - - csq_c0.assign(bp, (result.data[0].data[2] + 2 * b->data[1]) * - typename base_field_type::value_type(3).inversed()); - csq_c1.assign( - bp, - (result.data[1].data[0] - 2 * b->data[0]) * - (typename base_field_type::value_type(3) * Fp2T::value_type::non_residue).inversed()); - - asq.reset(new element_fp2(bp, asq_c0, asq_c1)); - bsq.reset(new element_fp2(bp, bsq_c0, bsq_c1)); - csq.reset(new element_fp2(bp, csq_c0, csq_c1)); - - compute_asq.reset(new element_fp2_squared(bp, *a, *asq)); - compute_bsq.reset(new element_fp2_squared(bp, *b, *bsq)); - compute_csq.reset(new element_fp2_squared(bp, *c, *csq)); - } - - void generate_gates() { - compute_asq->generate_gates(); - compute_bsq->generate_gates(); - compute_csq->generate_gates(); - } - - void generate_assignments() { - const typename field_type::value_type Aval = A.get_element(); - const typename field_type::value_type Rval = Aval.cyclotomic_squared(); - - result.generate_assignments(Rval); - - asq->evaluate(); - bsq->evaluate(); - csq->evaluate(); - - compute_asq->generate_assignments(); - compute_bsq->generate_assignments(); - compute_csq->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_FP6_2OVER3_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/exponentiation.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/exponentiation.hpp deleted file mode 100644 index 05df33abed..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/exponentiation.hpp +++ /dev/null @@ -1,213 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the exponentiation component. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_EXPONENTIATION_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_EXPONENTIATION_COMPONENT_HPP - -#include -#include - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /** - * The exponentiation component verifies field exponentiation in the field F_{p^k}. - * - * Note that the power is a constant (i.e., hardcoded into the component). - */ - template - class Fpk_variableT, - template - class Fpk_mul_componentT, - template - class Fpk_sqr_componentT, - typename NumberType = typename FpkT::integral_type> - class exponentiation_component : component { - public: - typedef typename FpkT::base_field_type FieldType; - typedef NumberType integral_type; - std::vector NAF; - - std::vector>> intermediate; - std::vector>> addition_steps; - std::vector>> subtraction_steps; - std::vector>> doubling_steps; - - Fpk_variableT elt; - integral_type power; - Fpk_variableT result; - - std::size_t intermed_count; - std::size_t add_count; - std::size_t sub_count; - std::size_t dbl_count; - - template - exponentiation_component(blueprint &bp, - const Fpk_variableT &elt, - const multiprecision::number &power, - const Fpk_variableT &result) : - component(bp), - elt(elt), power(power), result(result) { - NAF = multiprecision::find_wnaf(1, power); - - intermed_count = 0; - add_count = 0; - sub_count = 0; - dbl_count = 0; - - bool found_nonzero = false; - for (long i = NAF.size() - 1; i >= 0; --i) { - if (found_nonzero) { - ++dbl_count; - ++intermed_count; - } - - if (NAF[i] != 0) { - found_nonzero = true; - - if (NAF[i] > 0) { - ++add_count; - ++intermed_count; - } else { - ++sub_count; - ++intermed_count; - } - } - } - - intermediate.resize(intermed_count); - intermediate[0].reset(new Fpk_variableT(bp, FpkT::value_type::one())); - for (std::size_t i = 1; i < intermed_count; ++i) { - intermediate[i].reset(new Fpk_variableT(bp)); - } - addition_steps.resize(add_count); - subtraction_steps.resize(sub_count); - doubling_steps.resize(dbl_count); - - found_nonzero = false; - - std::size_t dbl_id = 0, add_id = 0, sub_id = 0, intermed_id = 0; - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (found_nonzero) { - doubling_steps[dbl_id].reset(new Fpk_sqr_componentT( - bp, - *intermediate[intermed_id], - (intermed_id + 1 == intermed_count ? result : *intermediate[intermed_id + 1]))); - ++intermed_id; - ++dbl_id; - } - - if (NAF[i] != 0) { - found_nonzero = true; - - if (NAF[i] > 0) { - /* next = cur * elt */ - addition_steps[add_id].reset(new Fpk_mul_componentT( - bp, - *intermediate[intermed_id], - elt, - (intermed_id + 1 == intermed_count ? result : *intermediate[intermed_id + 1]))); - ++add_id; - ++intermed_id; - } else { - /* next = cur / elt, i.e. next * elt = cur */ - subtraction_steps[sub_id].reset(new Fpk_mul_componentT( - bp, - (intermed_id + 1 == intermed_count ? result : *intermediate[intermed_id + 1]), - elt, - *intermediate[intermed_id])); - ++sub_id; - ++intermed_id; - } - } - } - } - void generate_gates() { - for (std::size_t i = 0; i < add_count; ++i) { - addition_steps[i]->generate_gates(); - } - - for (std::size_t i = 0; i < sub_count; ++i) { - subtraction_steps[i]->generate_gates(); - } - - for (std::size_t i = 0; i < dbl_count; ++i) { - doubling_steps[i]->generate_gates(); - } - } - void generate_assignments() { - intermediate[0]->generate_assignments(FpkT::value_type::one()); - - bool found_nonzero = false; - std::size_t dbl_id = 0, add_id = 0, sub_id = 0, intermed_id = 0; - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (found_nonzero) { - doubling_steps[dbl_id]->generate_assignments(); - ++intermed_id; - ++dbl_id; - } - - if (NAF[i] != 0) { - found_nonzero = true; - - if (NAF[i] > 0) { - addition_steps[add_id]->generate_assignments(); - ++intermed_id; - ++add_id; - } else { - const typename FpkT::value_type cur_val = intermediate[intermed_id]->get_element(); - const typename FpkT::value_type elt_val = elt.get_element(); - const typename FpkT::value_type next_val = cur_val * elt_val.inversed(); - - (intermed_id + 1 == intermed_count ? result : *intermediate[intermed_id + 1]) - .generate_assignments(next_val); - - subtraction_steps[sub_id]->generate_assignments(); - - ++intermed_id; - ++sub_id; - } - } - } - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_EXPONENTIATION_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/field_to_bits.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/field_to_bits.hpp deleted file mode 100644 index 2ed60e6caf..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/fields/r1cs/field_to_bits.hpp +++ /dev/null @@ -1,213 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_FIELD_TO_BITS_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_FIELD_TO_BITS_COMPONENTS_HPP - -#include -#include - -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - /** - * Converts a field element to bits, with strict validation that - * ensures it's less than the (hard-coded) field modulus. - * - * This allows the 254th bit to be decoded. - * - * Given an array of variable bits and an equal length array of fixed bits - * verify that the variable bits are lower than the fixed bits. - * - * Starting with the MSB, continuing to the LSB, for each pair of bits: - * - * If fixed bit is 1 and variable bit is 1, state is 'equal' - * If fixed bit is 0 and variable bit is 0, state is 'equal' - * If fixed bit is 1 and variable bit is 0, state is 'less' - * If fixed bit is 0 and variable bit is 1, state is 'greater' - * - * The comparison continues until the state 'less' or 'greater' occurs - * any further comparisons are ignored and don't affect the result. - * The first differing bit determines the result, the default is 'equal'. - * - * The result must be 'less' for success to ensure congruency between - * the bits and the field element. - * - * f = fixed bit - * v = variable bit - * - * F(f,v) = LUT [f v] -> [equal, greater, less, equal] - * - * 0 0 -> equal - * 0 1 -> greater - * 1 0 -> less - * 1 1 -> equal - * - * This gives us the bit-by-bit comparison, but what's necessary is - * to terminate the comparison upon the less or greater states. - * One constraint at the end must enforce the final result being 'less' or 'equal' - * - * When the desired result is less or equal to `q-1`, then 3 states can be merged - * into one, where the 'greater' state zeros any further states. This makes an - * accumulator of sorts, where the result of the next comparison is AND'd by the - * previous result. This means the current result can be multiplied by the previous - * assuming the state `greater` maps to zero, and all others are mapped to `1`. - * - * The final state will be `1` if it's less or equal than `F_q`, otherwise 0. - * The constraints necessary for this are: - * - * current * previous = result - * - * Where if `previous` is 0 then `result` will be 0, and all following results - * will be zero. - */ - template - struct field_to_bits_strict : public component { - using field_type = Field; - using field_value_type = typename field_type::value_type; - using result_type = detail::blueprint_variable_vector; - - // Output bits - result_type result; - - // Intermediate variables & components - packing packer; - detail::blueprint_variable_vector results; - std::vector> comparisons; - - private: - void init() { - // Constant bit is 0 - const std::vector table_cmp_0 = { - field_value_type::zero(), // 0, equal - field_value_type::one() // 1, greater - }; - - // Constant bit is 1 - const std::vector table_cmp_1 = { - field_value_type::one(), // 0, less - field_value_type::one() // 1, equal - }; - - const typename field_type::integral_type largest_value = field_type::modulus - 1; - - for (size_t i = 0; i < field_type::value_bits; ++i) { - if (multiprecision::bit_test(largest_value, i)) { - this->comparisons.emplace_back(this->bp, table_cmp_1, this->result[i]); - } else { - this->comparisons.emplace_back(this->bp, table_cmp_0, this->result[i]); - } - } - } - - public: - /// Auto allocation of the result - field_to_bits_strict(blueprint &bp, - const detail::blueprint_linear_combination &in_field_element) : - component(bp), - result([&]() { - detail::blueprint_variable_vector r; - r.allocate(bp, field_type::value_bits); - return r; - }()), - packer(bp, result, in_field_element), results([&]() { - detail::blueprint_variable_vector r; - r.allocate(bp, field_type::value_bits - 1); - return r; - }()) { - init(); - } - - /// Manual allocation of the result - field_to_bits_strict(blueprint &bp, - const detail::blueprint_linear_combination &in_field_element, - const result_type &in_result) : - component(bp), - result(in_result), packer(bp, result, in_field_element), results([&]() { - detail::blueprint_variable_vector r; - r.allocate(bp, field_type::value_bits - 1); - return r; - }()) { - init(); - } - - void generate_gates() { - this->packer.generate_gates(true); - - for (auto &component_it : this->comparisons) { - component_it.generate_gates(); - } - - // AND all of the comparisons - std::size_t last_bit = field_type::value_bits - 1; - for (std::size_t i = last_bit; i > 0; --i) { - if (i == last_bit) { - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(this->comparisons[i - 1].result, - this->comparisons[i].result, - this->results[i - 1])); - } else { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - this->comparisons[i - 1].result, this->results[i], this->results[i - 1])); - } - } - } - - void generate_assignments() { - this->packer.generate_assignments_from_packed(); - - for (auto &component_it : this->comparisons) { - component_it.generate_assignments(); - } - - // Iterate from MSB to LSB - std::size_t last_bit = (field_type::value_bits - 1); - for (std::size_t i = last_bit; i > 0; --i) { - // current * previous = result - if (i == last_bit) { - this->bp.val(this->results[i - 1]) = this->bp.val(this->comparisons[i - 1].result) * - this->bp.val(this->comparisons[i].result); - } else { - this->bp.val(this->results[i - 1]) = - this->bp.val(this->results[i]) * this->bp.val(this->comparisons[i - 1].result); - } - } - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_FIELD_TO_BITS_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/detail/r1cs/mnt4.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/detail/r1cs/mnt4.hpp deleted file mode 100644 index 1133d91c7e..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/detail/r1cs/mnt4.hpp +++ /dev/null @@ -1,97 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of specializations of basic_pairing_component_policy to -// - basic_pairing_component_policy. -// -// See pairing_params.hpp . -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MNT4_BASIC_PAIRING_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MNT4_BASIC_PAIRING_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - namespace detail { - - using namespace nil::crypto3::algebra; - - template - class basic_pairing_component_policy; - - /** - * Specialization for MNT4. - */ - template - class basic_pairing_component_policy> { - using curve_type = typename curves::mnt4; - - public: - using Fqe_variable_type = typename basic_curve_component_policy::Fqe_variable_type; - using Fqe_mul_component_type = - typename basic_curve_component_policy::Fqe_mul_component_type; - using Fqe_mul_by_lc_component_type = - typename basic_curve_component_policy::Fqe_mul_by_lc_component_type; - using Fqe_sqr_component_type = - typename basic_curve_component_policy::Fqe_sqr_component_type; - - using Fqk_variable_type = typename basic_curve_component_policy::Fqk_variable_type; - using Fqk_mul_component_type = - typename basic_curve_component_policy::Fqk_mul_component_type; - using Fqk_special_mul_component_type = - typename basic_curve_component_policy::Fqk_special_mul_component_type; - using Fqk_sqr_component_type = - typename basic_curve_component_policy::Fqk_sqr_component_type; - - constexpr static const typename curve_type::integral_type pairing_loop_count = - curve_type::pairing::pairing_loop_count; - - constexpr static const typename curve_type::template g1_type<>::field_type::value_type - g1_coeff_a = curve_type::a; - - constexpr static const typename curve_type::template g1_type<>::field_type::value_type - g1_coeff_b = curve_type::b; - - constexpr static const typename curve_type::template g2_type<>::field_type::value_type - g2_coeff_a = typename curve_type::template g2_type<>::field_type::value_type( - g1_coeff_a * curve_type::template g2_type<>::field_type::value_type::non_residue, - curve_type::template g2_type<>::field_type::underlying_field_type::value_type::zero()); - - constexpr static const typename curve_type::template g2_type<>::field_type::value_type - g2_coeff_b = typename curve_type::template g2_type<>::field_type::value_type( - curve_type::template g2_type<>::field_type::underlying_field_type::value_type::zero(), - g1_coeff_b *curve_type::template g2_type<>::field_type::value_type::non_residue); - }; - } // namespace detail - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MNT4_BASIC_PAIRING_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/detail/r1cs/mnt6.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/detail/r1cs/mnt6.hpp deleted file mode 100644 index 796bd11549..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/detail/r1cs/mnt6.hpp +++ /dev/null @@ -1,101 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of specializations of basic_pairing_component_policy to -// - basic_pairing_component_policy. -// -// See pairing_params.hpp . -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MNT6_BASIC_PAIRING_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MNT6_BASIC_PAIRING_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - namespace detail { - - using namespace nil::crypto3::algebra; - - template - class basic_pairing_component_policy; - - /** - * Specialization for MNT6. - */ - template - class basic_pairing_component_policy> { - using curve_type = typename curves::mnt6; - using curve_component_policy = basic_curve_component_policy; - - public: - using Fqe_variable_type = typename basic_curve_component_policy::Fqe_variable_type; - using Fqe_mul_component_type = - typename basic_curve_component_policy::Fqe_mul_component_type; - using Fqe_mul_by_lc_component_type = - typename basic_curve_component_policy::Fqe_mul_by_lc_component_type; - using Fqe_sqr_component_type = - typename basic_curve_component_policy::Fqe_sqr_component_type; - - using Fqk_variable_type = typename basic_curve_component_policy::Fqk_variable_type; - using Fqk_mul_component_type = - typename basic_curve_component_policy::Fqk_mul_component_type; - using Fqk_special_mul_component_type = - typename basic_curve_component_policy::Fqk_special_mul_component_type; - using Fqk_sqr_component_type = - typename basic_curve_component_policy::Fqk_sqr_component_type; - - constexpr static const typename curve_type::integral_type &pairing_loop_count = - curve_type::pairing::pairing_loop_count; - - constexpr static const typename curve_type::template g1_type<>::field_type::value_type - g1_coeff_a = curve_type::a; - - constexpr static const typename curve_type::template g1_type<>::field_type::value_type - g1_coeff_b = curve_type::b; - - constexpr static const typename curve_type::template g2_type<>::field_type::value_type - g2_coeff_a = typename curve_type::template g2_type<>::field_type::value_type( - curve_type::template g2_type<>::field_type::underlying_field_type::value_type::zero(), - curve_type::template g2_type<>::field_type::underlying_field_type::value_type::zero(), - g1_coeff_a); - - constexpr static const typename curve_type::template g2_type<>::field_type::value_type - g2_coeff_b = typename curve_type::template g2_type<>::field_type::value_type( - g1_coeff_b * - typename curve_type::template g2_type<>::field_type::value_type::non_residue, - curve_type::template g2_type<>::field_type::underlying_field_type::value_type::zero(), - curve_type::template g2_type<>::field_type::underlying_field_type::value_type::zero()); - }; - } // namespace detail - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MNT6_BASIC_PAIRING_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/final_exponentiation.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/final_exponentiation.hpp deleted file mode 100644 index 3e53bced50..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/final_exponentiation.hpp +++ /dev/null @@ -1,344 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for final exponentiation components. -// -// The components verify final exponentiation for Weiersrass curves with embedding -// degrees 4 and 6. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_FINAL_EXPONENTIATION_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_FINAL_EXPONENTIATION_HPP - -#include - -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /** - * Component for final exponentiation with embedding degree 4. - */ - template - struct final_exp_component; - - template - class final_exp_component> - : public component::scalar_field_type> { - - using curve_type = curves::mnt4; - - using Fqk_variable_type = - typename detail::basic_pairing_component_policy::Fqk_variable_type; - using Fqk_mul_component_type = - typename detail::basic_pairing_component_policy::Fqk_mul_component_type; - - public: - typedef typename curve_type::scalar_field_type field_type; - - Fqk_variable_type el; - std::shared_ptr one; - std::shared_ptr el_inv; - std::shared_ptr el_q_3; - std::shared_ptr el_q_3_minus_1; - std::shared_ptr alpha; - std::shared_ptr beta; - std::shared_ptr beta_q; - std::shared_ptr el_inv_q_3; - std::shared_ptr el_inv_q_3_minus_1; - std::shared_ptr inv_alpha; - std::shared_ptr inv_beta; - std::shared_ptr w1; - std::shared_ptr w0; - std::shared_ptr result; - - std::shared_ptr compute_el_inv; - std::shared_ptr compute_el_q_3_minus_1; - std::shared_ptr compute_beta; - std::shared_ptr compute_el_inv_q_3_minus_1; - std::shared_ptr compute_inv_beta; - - using exponentiation_component_type = - exponentiation_component; - - std::shared_ptr compute_w1; - std::shared_ptr> - compute_w0; - std::shared_ptr compute_result; - - blueprint_variable result_is_one; - - final_exp_component(blueprint &bp, - const Fqk_variable_type &el, - const blueprint_variable &result_is_one) : - component(bp), - el(el), result_is_one(result_is_one) { - one.reset(new Fqk_variable_type(bp)); - el_inv.reset(new Fqk_variable_type(bp)); - el_q_3.reset(new Fqk_variable_type(el.Frobenius_map(3))); - el_q_3_minus_1.reset(new Fqk_variable_type(bp)); - alpha.reset(new Fqk_variable_type(el_q_3_minus_1->Frobenius_map(1))); - beta.reset(new Fqk_variable_type(bp)); - beta_q.reset(new Fqk_variable_type(beta->Frobenius_map(1))); - - el_inv_q_3.reset(new Fqk_variable_type(el_inv->Frobenius_map(3))); - el_inv_q_3_minus_1.reset(new Fqk_variable_type(bp)); - inv_alpha.reset(new Fqk_variable_type(el_inv_q_3_minus_1->Frobenius_map(1))); - inv_beta.reset(new Fqk_variable_type(bp)); - w1.reset(new Fqk_variable_type(bp)); - w0.reset(new Fqk_variable_type(bp)); - result.reset(new Fqk_variable_type(bp)); - - compute_el_inv.reset(new Fqk_mul_component_type(bp, el, *el_inv, *one)); - compute_el_q_3_minus_1.reset(new Fqk_mul_component_type(bp, *el_q_3, *el_inv, *el_q_3_minus_1)); - compute_beta.reset(new Fqk_mul_component_type(bp, *alpha, *el_q_3_minus_1, *beta)); - - compute_el_inv_q_3_minus_1.reset( - new Fqk_mul_component_type(bp, *el_inv_q_3, el, *el_inv_q_3_minus_1)); - compute_inv_beta.reset( - new Fqk_mul_component_type(bp, *inv_alpha, *el_inv_q_3_minus_1, *inv_beta)); - - compute_w1.reset(new exponentiation_component( - bp, *beta_q, curve_type::pairing::final_exponent_last_chunk_w1, *w1)); - - compute_w0.reset(new exponentiation_component( - bp, - (curve_type::pairing::final_exponent_last_chunk_is_w0_neg ? *inv_beta : *beta), - curve_type::pairing::final_exponent_last_chunk_abs_of_w0, - *w0)); - - compute_result.reset(new Fqk_mul_component_type(bp, *w1, *w0, *result)); - } - - void generate_gates() { - one->generate_r1cs_equals_const_constraints( - curve_type::pairing::pair_curve_type::pairing::fqk_type::value_type::one()); - - compute_el_inv->generate_gates(); - compute_el_q_3_minus_1->generate_gates(); - compute_beta->generate_gates(); - - compute_el_inv_q_3_minus_1->generate_gates(); - compute_inv_beta->generate_gates(); - - compute_w0->generate_gates(); - compute_w1->generate_gates(); - compute_result->generate_gates(); - - generate_boolean_r1cs_constraint(this->bp, result_is_one); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, 1 - result->c0.c0, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c0.c1, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c0.c2, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c1.c0, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c1.c1, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c1.c2, 0)); - } - - void generate_assignments() { - one->generate_assignments( - curve_type::pairing::pair_curve_type::pairing::fqk_type::value_type::one()); - el_inv->generate_assignments(el.get_element().inversed()); - - compute_el_inv->generate_assignments(); - el_q_3->evaluate(); - compute_el_q_3_minus_1->generate_assignments(); - alpha->evaluate(); - compute_beta->generate_assignments(); - beta_q->evaluate(); - - el_inv_q_3->evaluate(); - compute_el_inv_q_3_minus_1->generate_assignments(); - inv_alpha->evaluate(); - compute_inv_beta->generate_assignments(); - - compute_w0->generate_assignments(); - compute_w1->generate_assignments(); - compute_result->generate_assignments(); - - this->bp.val(result_is_one) = - (result->get_element() == one->get_element() ? field_type::value_type::one() : - field_type::value_type::zero()); - } - }; - - /** - * Component for final exponentiation with embedding degree 6. - */ - template - class final_exp_component> - : public component::scalar_field_type> { - - using curve_type = curves::mnt6; - - using Fqk_variable_type = - typename detail::basic_pairing_component_policy::Fqk_variable_type; - using Fqk_mul_component_type = - typename detail::basic_pairing_component_policy::Fqk_mul_component_type; - - public: - typedef typename curve_type::scalar_field_type field_type; - - Fqk_variable_type el; - std::shared_ptr one; - std::shared_ptr el_inv; - std::shared_ptr el_q_2; - std::shared_ptr el_q_2_minus_1; - std::shared_ptr el_q_3_minus_q; - std::shared_ptr el_inv_q_2; - std::shared_ptr el_inv_q_2_minus_1; - std::shared_ptr w1; - std::shared_ptr w0; - std::shared_ptr result; - - std::shared_ptr compute_el_inv; - std::shared_ptr compute_el_q_2_minus_1; - std::shared_ptr compute_el_inv_q_2_minus_1; - - std::shared_ptr> - compute_w1; - std::shared_ptr> - compute_w0; - std::shared_ptr compute_result; - - blueprint_variable result_is_one; - - final_exp_component(blueprint &bp, - const Fqk_variable_type &el, - const blueprint_variable &result_is_one) : - component(bp), - el(el), result_is_one(result_is_one) { - one.reset(new Fqk_variable_type(bp)); - el_inv.reset(new Fqk_variable_type(bp)); - el_q_2.reset(new Fqk_variable_type(el.Frobenius_map(2))); - el_q_2_minus_1.reset(new Fqk_variable_type(bp)); - el_q_3_minus_q.reset(new Fqk_variable_type(el_q_2_minus_1->Frobenius_map(1))); - el_inv_q_2.reset(new Fqk_variable_type(el_inv->Frobenius_map(2))); - el_inv_q_2_minus_1.reset(new Fqk_variable_type(bp)); - w1.reset(new Fqk_variable_type(bp)); - w0.reset(new Fqk_variable_type(bp)); - result.reset(new Fqk_variable_type(bp)); - - compute_el_inv.reset(new Fqk_mul_component_type(bp, el, *el_inv, *one)); - compute_el_q_2_minus_1.reset(new Fqk_mul_component_type(bp, *el_q_2, *el_inv, *el_q_2_minus_1)); - compute_el_inv_q_2_minus_1.reset( - new Fqk_mul_component_type(bp, *el_inv_q_2, el, *el_inv_q_2_minus_1)); - - compute_w1.reset(new exponentiation_component > - (bp, *el_q_3_minus_q, curve_type::pairing::final_exponent_last_chunk_w1, *w1)); - compute_w0.reset( - new exponentiation_component > - (bp, - (curve_type::pairing::final_exponent_last_chunk_is_w0_neg ? *el_inv_q_2_minus_1 : - *el_q_2_minus_1), - curve_type::pairing::final_exponent_last_chunk_abs_of_w0, - *w0)); - compute_result.reset(new Fqk_mul_component_type(bp, *w1, *w0, *result)); - } - - void generate_gates() { - one->generate_r1cs_equals_const_constraints( - curve_type::pairing::pair_curve_type::pairing::fqk_type::value_type::one()); - - compute_el_inv->generate_gates(); - compute_el_q_2_minus_1->generate_gates(); - compute_el_inv_q_2_minus_1->generate_gates(); - compute_w1->generate_gates(); - compute_w0->generate_gates(); - compute_result->generate_gates(); - - generate_boolean_r1cs_constraint(this->bp, result_is_one); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, 1 - result->c0.c0, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c0.c1, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c1.c0, 0)); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(result_is_one, result->c1.c1, 0)); - } - - void generate_assignments() { - one->generate_assignments( - curve_type::pairing::pair_curve_type::pairing::fqk_type::value_type::one()); - el_inv->generate_assignments(el.get_element().inversed()); - - compute_el_inv->generate_assignments(); - el_q_2->evaluate(); - compute_el_q_2_minus_1->generate_assignments(); - el_q_3_minus_q->evaluate(); - el_inv_q_2->evaluate(); - compute_el_inv_q_2_minus_1->generate_assignments(); - compute_w1->generate_assignments(); - compute_w0->generate_assignments(); - compute_result->generate_assignments(); - - this->bp.val(result_is_one) = - (result->get_element() == one->get_element() ? field_type::value_type::one() : - field_type::value_type::zero()); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_FINAL_EXPONENTIATION_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/miller_loop.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/miller_loop.hpp deleted file mode 100644 index 86ebc1b296..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/miller_loop.hpp +++ /dev/null @@ -1,829 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for components for Miller loops. -// -// The components verify computations of (single or multiple simultaneous) Miller loops. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_MILLER_LOOP_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_MILLER_LOOP_HPP - -#include - -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - using namespace nil::crypto3::algebra::pairing; - - /** - * Component for doubling step in the Miller loop. - * - * Technical note: - * - * mnt_Fqk g_RR_at_P = mnt_Fqk(prec_P.PY_twist_squared, - * -prec_P.PX * c.gamma_twist + c.gamma_X - c.old_RY); - * - *(later in Miller loop: f = f.squared() * g_RR_at_P) - * - * Note the slight interface change: this component allocates g_RR_at_P inside itself (!) - */ - template - class mnt_miller_loop_dbl_line_eval : public component { - - typedef typename CurveType::pairing::fp_type field_type; - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - - using component_policy = detail::basic_pairing_component_policy; - - public: - g1_precomputation prec_P; - precompute_G2_component_coeffs c; - std::shared_ptr - &g_RR_at_P; // reference from outside - - std::shared_ptr gamma_twist; - std::shared_ptr g_RR_at_P_c1; - std::shared_ptr compute_g_RR_at_P_c1; - - mnt_miller_loop_dbl_line_eval( - blueprint &bp, - const g1_precomputation &prec_P, - const precompute_G2_component_coeffs &c, - std::shared_ptr &g_RR_at_P) : - component(bp), - prec_P(prec_P), c(c), g_RR_at_P(g_RR_at_P) { - - gamma_twist.reset(new typename component_policy::Fqe_variable_type(c.gamma->mul_by_X())); - // prec_P.PX * c.gamma_twist = c.gamma_X - c.old_RY - g_RR_at_P_c1 - if (gamma_twist->is_constant()) { - gamma_twist->evaluate(); - const typename fqe_type::value_type gamma_twist_const = gamma_twist->get_element(); - g_RR_at_P_c1.reset(new typename component_policy::Fqe_variable_type( - typename component_policy::Fqe_variable_type(this->bp, -gamma_twist_const, - prec_P.P->X) + - *(c.gamma_X) + *(c.RY) * (-field_type::value_type::one()))); - } else if (prec_P.P->X.is_constant()) { - prec_P.P->X.evaluate(bp); - const typename field_type::value_type P_X_const = prec_P.P->X.constant_term(); - g_RR_at_P_c1.reset(new typename component_policy::Fqe_variable_type( - *gamma_twist * (-P_X_const) + *(c.gamma_X) + - *(c.RY) * (-field_type::value_type::one()))); - } else { - g_RR_at_P_c1.reset(new typename component_policy::Fqe_variable_type(bp)); - compute_g_RR_at_P_c1.reset(new typename component_policy::Fqe_mul_by_lc_component_type( - bp, *gamma_twist, prec_P.P->X, - *(c.gamma_X) + *(c.RY) * (-field_type::value_type::one()) + - (*g_RR_at_P_c1) * (-field_type::value_type::one()))); - } - g_RR_at_P.reset(new typename component_policy::Fqk_variable_type(bp, *(prec_P.PY_twist_squared), - *g_RR_at_P_c1)); - } - - void generate_gates() { - if (!gamma_twist->is_constant() && !prec_P.P->X.is_constant()) { - compute_g_RR_at_P_c1->generate_gates(); - } - } - - void generate_assignments() { - gamma_twist->evaluate(); - const typename fqe_type::value_type gamma_twist_val = gamma_twist->get_element(); - const typename field_type::value_type PX_val = this->bp.lc_val(prec_P.P->X); - const typename fqe_type::value_type gamma_X_val = c.gamma_X->get_element(); - const typename fqe_type::value_type RY_val = c.RY->get_element(); - const typename fqe_type::value_type g_RR_at_P_c1_val = - -PX_val * gamma_twist_val + gamma_X_val - RY_val; - g_RR_at_P_c1->generate_assignments(g_RR_at_P_c1_val); - - if (!gamma_twist->is_constant() && !prec_P.P->X.is_constant()) { - compute_g_RR_at_P_c1->generate_assignments(); - } - g_RR_at_P->evaluate(); - } - }; - - /** - * Component for addition step in the Miller loop. - * - * Technical note: - * - * mnt_Fqk g_RQ_at_P = mnt_Fqk(prec_P.PY_twist_squared, - * -prec_P.PX * c.gamma_twist + c.gamma_X - prec_Q.QY); - * - * (later in Miller loop: f = f * g_RQ_at_P) - * - * Note the slight interface change: this component will allocate g_RQ_at_P inside itself (!) - */ - template - class mnt_miller_loop_add_line_eval : public component { - - typedef typename CurveType::pairing::fp_type field_type; - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - - using component_policy = detail::basic_pairing_component_policy; - - public: - bool invert_Q; - g1_precomputation prec_P; - precompute_G2_component_coeffs c; - element_g2 Q; - std::shared_ptr - &g_RQ_at_P; // reference from outside - - std::shared_ptr gamma_twist; - std::shared_ptr g_RQ_at_P_c1; - std::shared_ptr compute_g_RQ_at_P_c1; - - mnt_miller_loop_add_line_eval( - blueprint &bp, - const bool invert_Q, - const g1_precomputation &prec_P, - const precompute_G2_component_coeffs &c, - const element_g2 &Q, - std::shared_ptr &g_RQ_at_P) : - component(bp), - invert_Q(invert_Q), prec_P(prec_P), c(c), Q(Q), g_RQ_at_P(g_RQ_at_P) { - gamma_twist.reset(new typename component_policy::Fqe_variable_type(c.gamma->mul_by_X())); - // prec_P.PX * c.gamma_twist = c.gamma_X - prec_Q.QY - g_RQ_at_P_c1 - if (gamma_twist->is_constant()) { - gamma_twist->evaluate(); - const typename fqe_type::value_type gamma_twist_const = gamma_twist->get_element(); - g_RQ_at_P_c1.reset(new typename component_policy::Fqe_variable_type( - typename component_policy::Fqe_variable_type(this->bp, -gamma_twist_const, - prec_P.P->X) + - *(c.gamma_X) + - *(Q.Y) * (!invert_Q ? -field_type::value_type::one() : field_type::value_type::one()))); - } else if (prec_P.P->X.is_constant()) { - prec_P.P->X.evaluate(bp); - const typename field_type::value_type P_X_const = prec_P.P->X.constant_term(); - g_RQ_at_P_c1.reset(new typename component_policy::Fqe_variable_type( - *gamma_twist * (-P_X_const) + *(c.gamma_X) + - *(Q.Y) * (!invert_Q ? -field_type::value_type::one() : field_type::value_type::one()))); - } else { - g_RQ_at_P_c1.reset(new typename component_policy::Fqe_variable_type(bp)); - compute_g_RQ_at_P_c1.reset(new typename component_policy::Fqe_mul_by_lc_component_type( - bp, *gamma_twist, prec_P.P->X, - *(c.gamma_X) + - *(Q.Y) * - (!invert_Q ? -field_type::value_type::one() : field_type::value_type::one()) + - (*g_RQ_at_P_c1) * (-field_type::value_type::one()))); - } - g_RQ_at_P.reset(new typename component_policy::Fqk_variable_type(bp, *(prec_P.PY_twist_squared), - *g_RQ_at_P_c1)); - } - void generate_gates() { - if (!gamma_twist->is_constant() && !prec_P.P->X.is_constant()) { - compute_g_RQ_at_P_c1->generate_gates(); - } - } - void generate_assignments() { - gamma_twist->evaluate(); - const typename fqe_type::value_type gamma_twist_val = gamma_twist->get_element(); - const typename field_type::value_type PX_val = this->bp.lc_val(prec_P.P->X); - const typename fqe_type::value_type gamma_X_val = c.gamma_X->get_element(); - const typename fqe_type::value_type QY_val = Q.Y->get_element(); - const typename fqe_type::value_type g_RQ_at_P_c1_val = - -PX_val * gamma_twist_val + gamma_X_val + (!invert_Q ? -QY_val : QY_val); - g_RQ_at_P_c1->generate_assignments(g_RQ_at_P_c1_val); - - if (!gamma_twist->is_constant() && !prec_P.P->X.is_constant()) { - compute_g_RQ_at_P_c1->generate_assignments(); - } - g_RQ_at_P->evaluate(); - } - }; - - /** - * Component for verifying a single Miller loop. - */ - template - class mnt_miller_loop_component : public component { - - typedef typename CurveType::pairing::fp_type field_type; - using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type; - - using component_policy = detail::basic_pairing_component_policy; - - public: - std::vector> g_RR_at_Ps; - std::vector> g_RQ_at_Ps; - std::vector> fs; - - std::vector>> addition_steps; - std::vector>> doubling_steps; - - std::vector> dbl_muls; - std::vector> dbl_sqrs; - std::vector> add_muls; - - std::size_t f_count; - std::size_t add_count; - std::size_t dbl_count; - - g1_precomputation prec_P; - g2_precomputation prec_Q; - typename component_policy::Fqk_variable_type result; - - mnt_miller_loop_component(blueprint &bp, - const g1_precomputation &prec_P, - const g2_precomputation &prec_Q, - const typename component_policy::Fqk_variable_type &result) : - component(bp), - prec_P(prec_P), prec_Q(prec_Q), result(result) { - - f_count = add_count = dbl_count = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - ++dbl_count; - f_count += 2; - - if (NAF[i] != 0) { - ++add_count; - f_count += 1; - } - } - - fs.resize(f_count); - doubling_steps.resize(dbl_count); - addition_steps.resize(add_count); - g_RR_at_Ps.resize(dbl_count); - g_RQ_at_Ps.resize(add_count); - - for (std::size_t i = 0; i < f_count; ++i) { - fs[i].reset(new typename component_policy::Fqk_variable_type(bp)); - } - - dbl_sqrs.resize(dbl_count); - dbl_muls.resize(dbl_count); - add_muls.resize(add_count); - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - std::size_t f_id = 0; - std::size_t prec_id = 0; - - found_nonzero = false; - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps[dbl_id].reset(new mnt_miller_loop_dbl_line_eval( - bp, prec_P, *prec_Q.coeffs[prec_id], g_RR_at_Ps[dbl_id])); - ++prec_id; - dbl_sqrs[dbl_id].reset( - new typename component_policy::Fqk_sqr_component_type(bp, *fs[f_id], *fs[f_id + 1])); - ++f_id; - dbl_muls[dbl_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RR_at_Ps[dbl_id], (f_id + 1 == f_count ? result : *fs[f_id + 1]))); - ++f_id; - ++dbl_id; - - if (NAF[i] != 0) { - addition_steps[add_id].reset(new mnt_miller_loop_add_line_eval( - bp, NAF[i] < 0, prec_P, *prec_Q.coeffs[prec_id], *prec_Q.Q, g_RQ_at_Ps[add_id])); - ++prec_id; - add_muls[add_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RQ_at_Ps[add_id], - (f_id + 1 == f_count ? result : *fs[f_id + 1]))); - ++f_id; - ++add_id; - } - } - } - void generate_gates() { - fs[0]->generate_r1cs_equals_const_constraints(fqk_type::value_type::one()); - - for (std::size_t i = 0; i < dbl_count; ++i) { - doubling_steps[i]->generate_gates(); - dbl_sqrs[i]->generate_gates(); - dbl_muls[i]->generate_gates(); - } - - for (std::size_t i = 0; i < add_count; ++i) { - addition_steps[i]->generate_gates(); - add_muls[i]->generate_gates(); - } - } - void generate_assignments() { - fs[0]->generate_assignments(fqk_type::value_type::one()); - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps[dbl_id]->generate_assignments(); - dbl_sqrs[dbl_id]->generate_assignments(); - dbl_muls[dbl_id]->generate_assignments(); - ++dbl_id; - - if (NAF[i] != 0) { - addition_steps[add_id]->generate_assignments(); - add_muls[add_id]->generate_assignments(); - ++add_id; - } - } - } - }; - - /** - * Component for verifying a double Miller loop (where the second is inverted). - */ - template - class mnt_e_over_e_miller_loop_component : public component { - - typedef typename CurveType::pairing::fp_type field_type; - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type; - - using component_policy = detail::basic_pairing_component_policy; - - public: - std::vector> g_RR_at_P1s; - std::vector> g_RQ_at_P1s; - std::vector> g_RR_at_P2s; - std::vector> g_RQ_at_P2s; - std::vector> fs; - - std::vector>> addition_steps1; - std::vector>> doubling_steps1; - std::vector>> addition_steps2; - std::vector>> doubling_steps2; - - std::vector> dbl_sqrs; - std::vector> dbl_muls1; - std::vector> add_muls1; - std::vector> dbl_muls2; - std::vector> add_muls2; - - std::size_t f_count; - std::size_t add_count; - std::size_t dbl_count; - - g1_precomputation prec_P1; - g2_precomputation prec_Q1; - g1_precomputation prec_P2; - g2_precomputation prec_Q2; - typename component_policy::Fqk_variable_type result; - - mnt_e_over_e_miller_loop_component(blueprint &bp, - const g1_precomputation &prec_P1, - const g2_precomputation &prec_Q1, - const g1_precomputation &prec_P2, - const g2_precomputation &prec_Q2, - const typename component_policy::Fqk_variable_type &result) : - component(bp), - prec_P1(prec_P1), prec_Q1(prec_Q1), prec_P2(prec_P2), prec_Q2(prec_Q2), result(result) { - - f_count = add_count = dbl_count = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - ++dbl_count; - f_count += 3; - - if (NAF[i] != 0) { - ++add_count; - f_count += 2; - } - } - - fs.resize(f_count); - doubling_steps1.resize(dbl_count); - addition_steps1.resize(add_count); - doubling_steps2.resize(dbl_count); - addition_steps2.resize(add_count); - g_RR_at_P1s.resize(dbl_count); - g_RQ_at_P1s.resize(add_count); - g_RR_at_P2s.resize(dbl_count); - g_RQ_at_P2s.resize(add_count); - - for (std::size_t i = 0; i < f_count; ++i) { - fs[i].reset(new typename component_policy::Fqk_variable_type(bp)); - } - - dbl_sqrs.resize(dbl_count); - dbl_muls1.resize(dbl_count); - add_muls1.resize(add_count); - dbl_muls2.resize(dbl_count); - add_muls2.resize(add_count); - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - std::size_t f_id = 0; - std::size_t prec_id = 0; - - found_nonzero = false; - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps1[dbl_id].reset(new mnt_miller_loop_dbl_line_eval( - bp, prec_P1, *prec_Q1.coeffs[prec_id], g_RR_at_P1s[dbl_id])); - doubling_steps2[dbl_id].reset(new mnt_miller_loop_dbl_line_eval( - bp, prec_P2, *prec_Q2.coeffs[prec_id], g_RR_at_P2s[dbl_id])); - ++prec_id; - - dbl_sqrs[dbl_id].reset( - new typename component_policy::Fqk_sqr_component_type(bp, *fs[f_id], *fs[f_id + 1])); - ++f_id; - dbl_muls1[dbl_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RR_at_P1s[dbl_id], *fs[f_id + 1])); - ++f_id; - dbl_muls2[dbl_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, (f_id + 1 == f_count ? result : *fs[f_id + 1]), *g_RR_at_P2s[dbl_id], *fs[f_id])); - ++f_id; - ++dbl_id; - - if (NAF[i] != 0) { - addition_steps1[add_id].reset(new mnt_miller_loop_add_line_eval( - bp, NAF[i] < 0, prec_P1, *prec_Q1.coeffs[prec_id], *prec_Q1.Q, - g_RQ_at_P1s[add_id])); - addition_steps2[add_id].reset(new mnt_miller_loop_add_line_eval( - bp, NAF[i] < 0, prec_P2, *prec_Q2.coeffs[prec_id], *prec_Q2.Q, - g_RQ_at_P2s[add_id])); - ++prec_id; - add_muls1[add_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RQ_at_P1s[add_id], *fs[f_id + 1])); - ++f_id; - add_muls2[add_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, (f_id + 1 == f_count ? result : *fs[f_id + 1]), *g_RQ_at_P2s[add_id], - *fs[f_id])); - ++f_id; - ++add_id; - } - } - } - void generate_gates() { - fs[0]->generate_r1cs_equals_const_constraints(fqk_type::value_type::one()); - - for (std::size_t i = 0; i < dbl_count; ++i) { - doubling_steps1[i]->generate_gates(); - doubling_steps2[i]->generate_gates(); - dbl_sqrs[i]->generate_gates(); - dbl_muls1[i]->generate_gates(); - dbl_muls2[i]->generate_gates(); - } - - for (std::size_t i = 0; i < add_count; ++i) { - addition_steps1[i]->generate_gates(); - addition_steps2[i]->generate_gates(); - add_muls1[i]->generate_gates(); - add_muls2[i]->generate_gates(); - } - } - void generate_assignments() { - fs[0]->generate_assignments(fqk_type::value_type::one()); - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - std::size_t f_id = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps1[dbl_id]->generate_assignments(); - doubling_steps2[dbl_id]->generate_assignments(); - dbl_sqrs[dbl_id]->generate_assignments(); - ++f_id; - dbl_muls1[dbl_id]->generate_assignments(); - ++f_id; - (f_id + 1 == f_count ? result : *fs[f_id + 1]) - .generate_assignments(fs[f_id]->get_element() * - g_RR_at_P2s[dbl_id]->get_element().inversed()); - dbl_muls2[dbl_id]->generate_assignments(); - ++f_id; - ++dbl_id; - - if (NAF[i] != 0) { - addition_steps1[add_id]->generate_assignments(); - addition_steps2[add_id]->generate_assignments(); - add_muls1[add_id]->generate_assignments(); - ++f_id; - (f_id + 1 == f_count ? result : *fs[f_id + 1]) - .generate_assignments(fs[f_id]->get_element() * - g_RQ_at_P2s[add_id]->get_element().inversed()); - add_muls2[add_id]->generate_assignments(); - ++f_id; - ++add_id; - } - } - } - }; - - /** - * Component for verifying a triple Miller loop (where the third is inverted). - */ - template - class mnt_e_times_e_over_e_miller_loop_component - : public component { - - typedef typename CurveType::pairing::fp_type field_type; - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type; - - using component_policy = detail::basic_pairing_component_policy; - - public: - std::vector> g_RR_at_P1s; - std::vector> g_RQ_at_P1s; - std::vector> g_RR_at_P2s; - std::vector> g_RQ_at_P2s; - std::vector> g_RR_at_P3s; - std::vector> g_RQ_at_P3s; - std::vector> fs; - - std::vector>> addition_steps1; - std::vector>> doubling_steps1; - std::vector>> addition_steps2; - std::vector>> doubling_steps2; - std::vector>> addition_steps3; - std::vector>> doubling_steps3; - - std::vector> dbl_sqrs; - std::vector> dbl_muls1; - std::vector> add_muls1; - std::vector> dbl_muls2; - std::vector> add_muls2; - std::vector> dbl_muls3; - std::vector> add_muls3; - - std::size_t f_count; - std::size_t add_count; - std::size_t dbl_count; - - g1_precomputation prec_P1; - g2_precomputation prec_Q1; - g1_precomputation prec_P2; - g2_precomputation prec_Q2; - g1_precomputation prec_P3; - g2_precomputation prec_Q3; - typename component_policy::Fqk_variable_type result; - - mnt_e_times_e_over_e_miller_loop_component( - blueprint &bp, - const g1_precomputation &prec_P1, - const g2_precomputation &prec_Q1, - const g1_precomputation &prec_P2, - const g2_precomputation &prec_Q2, - const g1_precomputation &prec_P3, - const g2_precomputation &prec_Q3, - const typename component_policy::Fqk_variable_type &result) : - component(bp), - prec_P1(prec_P1), prec_Q1(prec_Q1), prec_P2(prec_P2), prec_Q2(prec_Q2), prec_P3(prec_P3), - prec_Q3(prec_Q3), result(result) { - - f_count = add_count = dbl_count = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - ++dbl_count; - f_count += 4; - - if (NAF[i] != 0) { - ++add_count; - f_count += 3; - } - } - - fs.resize(f_count); - doubling_steps1.resize(dbl_count); - addition_steps1.resize(add_count); - doubling_steps2.resize(dbl_count); - addition_steps2.resize(add_count); - doubling_steps3.resize(dbl_count); - addition_steps3.resize(add_count); - g_RR_at_P1s.resize(dbl_count); - g_RQ_at_P1s.resize(add_count); - g_RR_at_P2s.resize(dbl_count); - g_RQ_at_P2s.resize(add_count); - g_RR_at_P3s.resize(dbl_count); - g_RQ_at_P3s.resize(add_count); - - for (std::size_t i = 0; i < f_count; ++i) { - fs[i].reset(new typename component_policy::Fqk_variable_type(bp)); - } - - dbl_sqrs.resize(dbl_count); - dbl_muls1.resize(dbl_count); - add_muls1.resize(add_count); - dbl_muls2.resize(dbl_count); - add_muls2.resize(add_count); - dbl_muls3.resize(dbl_count); - add_muls3.resize(add_count); - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - std::size_t f_id = 0; - std::size_t prec_id = 0; - - found_nonzero = false; - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps1[dbl_id].reset(new mnt_miller_loop_dbl_line_eval( - bp, prec_P1, *prec_Q1.coeffs[prec_id], g_RR_at_P1s[dbl_id])); - doubling_steps2[dbl_id].reset(new mnt_miller_loop_dbl_line_eval( - bp, prec_P2, *prec_Q2.coeffs[prec_id], g_RR_at_P2s[dbl_id])); - doubling_steps3[dbl_id].reset(new mnt_miller_loop_dbl_line_eval( - bp, prec_P3, *prec_Q3.coeffs[prec_id], g_RR_at_P3s[dbl_id])); - ++prec_id; - - dbl_sqrs[dbl_id].reset( - new typename component_policy::Fqk_sqr_component_type(bp, *fs[f_id], *fs[f_id + 1])); - ++f_id; - dbl_muls1[dbl_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RR_at_P1s[dbl_id], *fs[f_id + 1])); - ++f_id; - dbl_muls2[dbl_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RR_at_P2s[dbl_id], *fs[f_id + 1])); - ++f_id; - dbl_muls3[dbl_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, (f_id + 1 == f_count ? result : *fs[f_id + 1]), *g_RR_at_P3s[dbl_id], *fs[f_id])); - ++f_id; - ++dbl_id; - - if (NAF[i] != 0) { - addition_steps1[add_id].reset(new mnt_miller_loop_add_line_eval( - bp, NAF[i] < 0, prec_P1, *prec_Q1.coeffs[prec_id], *prec_Q1.Q, - g_RQ_at_P1s[add_id])); - addition_steps2[add_id].reset(new mnt_miller_loop_add_line_eval( - bp, NAF[i] < 0, prec_P2, *prec_Q2.coeffs[prec_id], *prec_Q2.Q, - g_RQ_at_P2s[add_id])); - addition_steps3[add_id].reset(new mnt_miller_loop_add_line_eval( - bp, NAF[i] < 0, prec_P3, *prec_Q3.coeffs[prec_id], *prec_Q3.Q, - g_RQ_at_P3s[add_id])); - ++prec_id; - add_muls1[add_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RQ_at_P1s[add_id], *fs[f_id + 1])); - ++f_id; - add_muls2[add_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, *fs[f_id], *g_RQ_at_P2s[add_id], *fs[f_id + 1])); - ++f_id; - add_muls3[add_id].reset(new typename component_policy::Fqk_special_mul_component_type( - bp, (f_id + 1 == f_count ? result : *fs[f_id + 1]), *g_RQ_at_P3s[add_id], - *fs[f_id])); - ++f_id; - ++add_id; - } - } - } - void generate_gates() { - fs[0]->generate_r1cs_equals_const_constraints(fqk_type::value_type::one()); - - for (std::size_t i = 0; i < dbl_count; ++i) { - doubling_steps1[i]->generate_gates(); - doubling_steps2[i]->generate_gates(); - doubling_steps3[i]->generate_gates(); - dbl_sqrs[i]->generate_gates(); - dbl_muls1[i]->generate_gates(); - dbl_muls2[i]->generate_gates(); - dbl_muls3[i]->generate_gates(); - } - - for (std::size_t i = 0; i < add_count; ++i) { - addition_steps1[i]->generate_gates(); - addition_steps2[i]->generate_gates(); - addition_steps3[i]->generate_gates(); - add_muls1[i]->generate_gates(); - add_muls2[i]->generate_gates(); - add_muls3[i]->generate_gates(); - } - } - void generate_assignments() { - fs[0]->generate_assignments(fqk_type::value_type::one()); - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - std::size_t f_id = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps1[dbl_id]->generate_assignments(); - doubling_steps2[dbl_id]->generate_assignments(); - doubling_steps3[dbl_id]->generate_assignments(); - dbl_sqrs[dbl_id]->generate_assignments(); - ++f_id; - dbl_muls1[dbl_id]->generate_assignments(); - ++f_id; - dbl_muls2[dbl_id]->generate_assignments(); - ++f_id; - (f_id + 1 == f_count ? result : *fs[f_id + 1]) - .generate_assignments(fs[f_id]->get_element() * - g_RR_at_P3s[dbl_id]->get_element().inversed()); - dbl_muls3[dbl_id]->generate_assignments(); - ++f_id; - ++dbl_id; - - if (NAF[i] != 0) { - addition_steps1[add_id]->generate_assignments(); - addition_steps2[add_id]->generate_assignments(); - addition_steps3[add_id]->generate_assignments(); - add_muls1[add_id]->generate_assignments(); - ++f_id; - add_muls2[add_id]->generate_assignments(); - ++f_id; - (f_id + 1 == f_count ? result : *fs[f_id + 1]) - .generate_assignments(fs[f_id]->get_element() * - g_RQ_at_P3s[add_id]->get_element().inversed()); - add_muls3[add_id]->generate_assignments(); - ++f_id; - ++add_id; - } - } - } - }; - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_MILLER_LOOP_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/pairing_checks.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/pairing_checks.hpp deleted file mode 100644 index 89b4f6bfa1..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/pairing_checks.hpp +++ /dev/null @@ -1,149 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for pairing-check components. -// -// Given that e(.,.) denotes a pairing, -// - the component "check_e_equals_e_component" checks the equation "e(P1,Q1)=e(P2,Q2)"; and -// - the component "check_e_equals_ee_component" checks the equation "e(P1,Q1)=e(P2,Q2)*e(P3,Q3)". -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_PAIRING_CHECKS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_PAIRING_CHECKS_HPP - -#include - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template - class check_e_equals_e_component : public component { - - using component_policy = detail::basic_pairing_component_policy; - - using Fqk_variable_type = typename component_policy::Fqk_variable_type; - - public: - typedef typename CurveType::scalar_field_type field_type; - - std::shared_ptr ratio; - std::shared_ptr> compute_ratio; - std::shared_ptr> check_finexp; - - g1_precomputation lhs_G1; - g2_precomputation lhs_G2; - g1_precomputation rhs_G1; - g2_precomputation rhs_G2; - - blueprint_variable result; - - check_e_equals_e_component(blueprint &bp, - const g1_precomputation &lhs_G1, - const g2_precomputation &lhs_G2, - const g1_precomputation &rhs_G1, - const g2_precomputation &rhs_G2, - const blueprint_variable &result) : - component(bp), - lhs_G1(lhs_G1), lhs_G2(lhs_G2), rhs_G1(rhs_G1), rhs_G2(rhs_G2), result(result) { - ratio.reset(new Fqk_variable_type(bp)); - compute_ratio.reset(new mnt_e_over_e_miller_loop_component( - bp, lhs_G1, lhs_G2, rhs_G1, rhs_G2, *ratio)); - check_finexp.reset(new final_exp_component(bp, *ratio, result)); - } - - void generate_gates() { - compute_ratio->generate_gates(); - check_finexp->generate_gates(); - } - - void generate_assignments() { - compute_ratio->generate_assignments(); - check_finexp->generate_assignments(); - } - }; - - template - class check_e_equals_ee_component : public component { - - using component_policy = detail::basic_pairing_component_policy; - - using Fqk_variable_type = typename component_policy::Fqk_variable_type; - - public: - typedef typename CurveType::scalar_field_type field_type; - - std::shared_ptr ratio; - std::shared_ptr> compute_ratio; - std::shared_ptr> check_finexp; - - g1_precomputation lhs_G1; - g2_precomputation lhs_G2; - g1_precomputation rhs1_G1; - g2_precomputation rhs1_G2; - g1_precomputation rhs2_G1; - g2_precomputation rhs2_G2; - - blueprint_variable result; - - check_e_equals_ee_component(blueprint &bp, - const g1_precomputation &lhs_G1, - const g2_precomputation &lhs_G2, - const g1_precomputation &rhs1_G1, - const g2_precomputation &rhs1_G2, - const g1_precomputation &rhs2_G1, - const g2_precomputation &rhs2_G2, - const blueprint_variable &result) : - component(bp), - lhs_G1(lhs_G1), lhs_G2(lhs_G2), rhs1_G1(rhs1_G1), rhs1_G2(rhs1_G2), rhs2_G1(rhs2_G1), - rhs2_G2(rhs2_G2), result(result) { - ratio.reset(new Fqk_variable_type(bp)); - compute_ratio.reset(new mnt_e_times_e_over_e_miller_loop_component( - bp, rhs1_G1, rhs1_G2, rhs2_G1, rhs2_G2, lhs_G1, lhs_G2, *ratio)); - check_finexp.reset(new final_exp_component(bp, *ratio, result)); - } - - void generate_gates() { - compute_ratio->generate_gates(); - check_finexp->generate_gates(); - } - - void generate_assignments() { - compute_ratio->generate_assignments(); - check_finexp->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_PAIRING_CHECKS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/precomputation.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/precomputation.hpp deleted file mode 100644 index 02f30b0654..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/algebra/pairing/weierstrass/r1cs/precomputation.hpp +++ /dev/null @@ -1,577 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for pairing precomputation components. -// -// The components verify correct precomputation of values for the G1 and G2 elements. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_AS_WAKSMAN_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_AS_WAKSMAN_HPP - -#include - -#include - -#include -#include - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - using namespace nil::crypto3::algebra::pairing; - - /**************************** G1 Precomputation ******************************/ - - /** - * Not a component. It only holds values. - */ - template - class g1_precomputation { - typedef typename CurveType::pairing::fp_type FieldType; - using component_policy = detail::basic_pairing_component_policy; - - public: - std::shared_ptr> P; - std::shared_ptr PY_twist_squared; - - g1_precomputation() { - // will be filled in precompute_G1_component, so do nothing here - } - - g1_precomputation( - blueprint &bp, - const typename CurveType::pairing::pair_curve_type::template g1_type<>::value_type &P_val) { - typename CurveType::pairing::pair_curve_type::template g1_type<>::value_type P_val_copy = - P_val.to_affine(); - P.reset(new element_g1(bp, P_val_copy)); - PY_twist_squared.reset(new typename component_policy::Fqe_variable_type( - bp, - P_val_copy.Y() * - CurveType::pairing::pair_curve_type::template g2_type<>::value_type::twist.squared())); - } - }; - - /** - * Component that verifies correct precomputation of the G1 element. - */ - template - class precompute_G1_component : public component { - using curve_type = CurveType; - using component_policy = detail::basic_pairing_component_policy; - - public: - using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type; - - g1_precomputation &precomp; // must be a reference. - - /* two possible pre-computations one for mnt4 and one for mnt6 */ - template - precompute_G1_component( - blueprint &bp, - const element_g1 &P, - g1_precomputation &precomp, // will allocate this inside - const typename std::enable_if::type & = - typename FieldType::value_type()) : - component(bp), - precomp(precomp) { - - using twist_curve_type = nil::crypto3::algebra::curves::mnt4<298>; - - blueprint_linear_combination c0, c1; - c0.assign(bp, P.Y * ((twist_curve_type::pairing::twist).squared().data[0])); - c1.assign(bp, P.Y * ((twist_curve_type::pairing::twist).squared().data[1])); - - precomp.P.reset(new element_g1(P)); - precomp.PY_twist_squared.reset(new typename component_policy::Fqe_variable_type(bp, c0, c1)); - } - - template - precompute_G1_component( - blueprint &bp, - const element_g1 &P, - g1_precomputation &precomp, // will allocate this inside - const typename std::enable_if::type & = - typename FieldType::value_type()) : - component(bp), - precomp(precomp) { - - using twist_curve_type = nil::crypto3::algebra::curves::mnt6<298>; - - blueprint_linear_combination c0, c1, c2; - c0.assign(bp, P.Y * ((twist_curve_type::pairing::twist).squared().data[0])); - c1.assign(bp, P.Y * ((twist_curve_type::pairing::twist).squared().data[1])); - c2.assign(bp, P.Y * ((twist_curve_type::pairing::twist).squared().data[2])); - - precomp.P.reset(new element_g1(P)); - precomp.PY_twist_squared.reset(new - typename component_policy::Fqe_variable_type(bp, c0, c1, c2)); - } - - void generate_gates() { - /* the same for neither CurveType = mnt4 nor CurveType = mnt6 */ - } - - void generate_assignments() { - precomp.PY_twist_squared - ->evaluate(); /* the same for both CurveType = mnt4 and CurveType = mnt6 */ - } - }; - - /**************************** G2 Precomputation ******************************/ - - /** - * Not a component. It only holds values. - */ - template - class precompute_G2_component_coeffs { - using component_policy = detail::basic_pairing_component_policy; - - public: - typedef typename CurveType::pairing::fp_type FieldType; - - std::shared_ptr RX; - std::shared_ptr RY; - std::shared_ptr gamma; - std::shared_ptr gamma_X; - - precompute_G2_component_coeffs() { - // we will be filled in precomputed case of precompute_G2_component, so do nothing here - } - - precompute_G2_component_coeffs(blueprint &bp) { - RX.reset(new typename component_policy::Fqe_variable_type(bp)); - RY.reset(new typename component_policy::Fqe_variable_type(bp)); - gamma.reset(new typename component_policy::Fqe_variable_type(bp)); - gamma_X.reset(new typename component_policy::Fqe_variable_type(bp)); - } - - precompute_G2_component_coeffs(blueprint &bp, const element_g2 &Q) { - RX.reset(new typename component_policy::Fqe_variable_type(*(Q.X))); - RY.reset(new typename component_policy::Fqe_variable_type(*(Q.Y))); - gamma.reset(new typename component_policy::Fqe_variable_type(bp)); - gamma_X.reset(new typename component_policy::Fqe_variable_type(bp)); - } - }; - - /** - * Not a component. It only holds values. - */ - template - class g2_precomputation { - using component_policy = detail::basic_pairing_component_policy; - - public: - typedef typename CurveType::pairing::fp_type FieldType; - - std::shared_ptr> Q; - - std::vector>> coeffs; - - g2_precomputation() { - } - g2_precomputation( - blueprint &bp, - const typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type &Q_val) { - Q.reset(new element_g2(bp, Q_val)); - const typename CurveType::pairing::pair_curve_type::pairing::affine_ate_g2_precomp - native_precomp = - affine_ate_precompute_g2(Q_val); - - coeffs.resize(native_precomp.coeffs.size() + - 1); // the last precomp remains for convenient programming - for (std::size_t i = 0; i < native_precomp.coeffs.size(); ++i) { - coeffs[i].reset(new precompute_G2_component_coeffs()); - coeffs[i]->RX.reset( - new typename component_policy::Fqe_variable_type(bp, native_precomp.coeffs[i].old_RX)); - coeffs[i]->RY.reset( - new typename component_policy::Fqe_variable_type(bp, native_precomp.coeffs[i].old_RY)); - coeffs[i]->gamma.reset( - new typename component_policy::Fqe_variable_type(bp, native_precomp.coeffs[i].gamma)); - coeffs[i]->gamma_X.reset( - new typename component_policy::Fqe_variable_type(bp, native_precomp.coeffs[i].gamma_X)); - } - } - }; - - /** - * Technical note: - * - * QX and QY -- X and Y coordinates of Q - * - * initialization: - * coeffs[0].RX = QX - * coeffs[0].RY = QY - * - * g2_precompute_doubling_step relates coeffs[i] and coeffs[i+1] as follows - * - * coeffs[i] - * gamma = (3 * RX^2 + twist_coeff_a) * (2*RY).inversed() - * gamma_X = gamma * RX - * - * coeffs[i+1] - * RX = prev_gamma^2 - (2*prev_RX) - * RY = prev_gamma * (prev_RX - RX) - prev_RY - */ - template - class precompute_G2_component_doubling_step : public component { - using component_policy = detail::basic_pairing_component_policy; - - public: - typedef typename CurveType::pairing::fp_type FieldType; - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - - precompute_G2_component_coeffs cur; - precompute_G2_component_coeffs next; - - std::shared_ptr RXsquared; - std::shared_ptr compute_RXsquared; - std::shared_ptr three_RXsquared_plus_a; - std::shared_ptr two_RY; - std::shared_ptr compute_gamma; - std::shared_ptr compute_gamma_X; - - std::shared_ptr next_RX_plus_two_RX; - std::shared_ptr compute_next_RX; - - std::shared_ptr RX_minus_next_RX; - std::shared_ptr RY_plus_next_RY; - std::shared_ptr compute_next_RY; - - precompute_G2_component_doubling_step(blueprint &bp, - const precompute_G2_component_coeffs &cur, - const precompute_G2_component_coeffs &next) : - component(bp), - cur(cur), next(next) { - RXsquared.reset(new typename component_policy::Fqe_variable_type(bp)); - compute_RXsquared.reset( - new typename component_policy::Fqe_sqr_component_type(bp, *(cur.RX), *RXsquared)); - three_RXsquared_plus_a.reset(new typename component_policy::Fqe_variable_type( - (*RXsquared) * typename FieldType::value_type(0x03) + - detail::basic_pairing_component_policy< - typename CurveType::pairing::pair_curve_type>::g2_coeff_a)); - - two_RY.reset(new typename component_policy::Fqe_variable_type( - *(cur.RY) * typename FieldType::value_type(0x02))); - - compute_gamma.reset(new typename component_policy::Fqe_mul_component_type( - bp, *(cur.gamma), *two_RY, *three_RXsquared_plus_a)); - compute_gamma_X.reset(new typename component_policy::Fqe_mul_component_type( - bp, *(cur.gamma), *(cur.RX), *(cur.gamma_X))); - - next_RX_plus_two_RX.reset(new typename component_policy::Fqe_variable_type( - *(next.RX) + *(cur.RX) * typename FieldType::value_type(0x02))); - compute_next_RX.reset(new typename component_policy::Fqe_sqr_component_type( - bp, *(cur.gamma), *next_RX_plus_two_RX)); - - RX_minus_next_RX.reset(new typename component_policy::Fqe_variable_type( - *(cur.RX) + *(next.RX) * (-FieldType::value_type::one()))); - RY_plus_next_RY.reset(new typename component_policy::Fqe_variable_type(*(cur.RY) + *(next.RY))); - compute_next_RY.reset(new typename component_policy::Fqe_mul_component_type( - bp, *(cur.gamma), *RX_minus_next_RX, *RY_plus_next_RY)); - } - - void generate_gates() { - compute_RXsquared->generate_gates(); - compute_gamma->generate_gates(); - compute_gamma_X->generate_gates(); - compute_next_RX->generate_gates(); - compute_next_RY->generate_gates(); - } - - void generate_assignments() { - compute_RXsquared->generate_assignments(); - two_RY->evaluate(); - three_RXsquared_plus_a->evaluate(); - - const typename fqe_type::value_type three_RXsquared_plus_a_val = - three_RXsquared_plus_a->get_element(); - const typename fqe_type::value_type two_RY_val = two_RY->get_element(); - const typename fqe_type::value_type gamma_val = - three_RXsquared_plus_a_val * two_RY_val.inversed(); - cur.gamma->generate_assignments(gamma_val); - - compute_gamma->generate_assignments(); - compute_gamma_X->generate_assignments(); - - const typename fqe_type::value_type RX_val = cur.RX->get_element(); - const typename fqe_type::value_type RY_val = cur.RY->get_element(); - const typename fqe_type::value_type next_RX_val = gamma_val.squared() - RX_val - RX_val; - const typename fqe_type::value_type next_RY_val = gamma_val * (RX_val - next_RX_val) - RY_val; - - next.RX->generate_assignments(next_RX_val); - next.RY->generate_assignments(next_RY_val); - - RX_minus_next_RX->evaluate(); - RY_plus_next_RY->evaluate(); - - compute_next_RX->generate_assignments(); - compute_next_RY->generate_assignments(); - } - }; - - /** - * Technical note: - * - * g2_precompute_addition_step relates coeffs[i] and coeffs[i+1] as follows - * - * coeffs[i] - * gamma = (RY - QY) * (RX - QX).inversed() - * gamma_X = gamma * QX - * - * coeffs[i+1] - * RX = prev_gamma^2 + (prev_RX + QX) - * RY = prev_gamma * (prev_RX - RX) - prev_RY - * - * (where prev_ in [i+1] refer to things from [i]) - * - * If invert_Q is set to true: use -QY in place of QY everywhere above. - */ - template - class precompute_G2_component_addition_step : public component { - using component_policy = detail::basic_pairing_component_policy; - - public: - typedef typename CurveType::pairing::fp_type FieldType; - using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type; - - bool invert_Q; - precompute_G2_component_coeffs cur; - precompute_G2_component_coeffs next; - element_g2 Q; - - std::shared_ptr RY_minus_QY; - std::shared_ptr RX_minus_QX; - std::shared_ptr compute_gamma; - std::shared_ptr compute_gamma_X; - - std::shared_ptr next_RX_plus_RX_plus_QX; - std::shared_ptr compute_next_RX; - - std::shared_ptr RX_minus_next_RX; - std::shared_ptr RY_plus_next_RY; - std::shared_ptr compute_next_RY; - - precompute_G2_component_addition_step(blueprint &bp, - const bool invert_Q, - const precompute_G2_component_coeffs &cur, - const precompute_G2_component_coeffs &next, - const element_g2 &Q) : - component(bp), - invert_Q(invert_Q), cur(cur), next(next), Q(Q) { - RY_minus_QY.reset(new typename component_policy::Fqe_variable_type( - *(cur.RY) + - *(Q.Y) * (!invert_Q ? -FieldType::value_type::one() : FieldType::value_type::one()))); - - RX_minus_QX.reset(new typename component_policy::Fqe_variable_type( - *(cur.RX) + *(Q.X) * (-FieldType::value_type::one()))); - compute_gamma.reset(new typename component_policy::Fqe_mul_component_type( - bp, *(cur.gamma), *RX_minus_QX, *RY_minus_QY)); - compute_gamma_X.reset(new typename component_policy::Fqe_mul_component_type( - bp, *(cur.gamma), *(Q.X), *(cur.gamma_X))); - - next_RX_plus_RX_plus_QX.reset( - new typename component_policy::Fqe_variable_type(*(next.RX) + *(cur.RX) + *(Q.X))); - compute_next_RX.reset(new typename component_policy::Fqe_sqr_component_type( - bp, *(cur.gamma), *next_RX_plus_RX_plus_QX)); - - RX_minus_next_RX.reset(new typename component_policy::Fqe_variable_type( - *(cur.RX) + *(next.RX) * (-FieldType::value_type::one()))); - RY_plus_next_RY.reset(new typename component_policy::Fqe_variable_type(*(cur.RY) + *(next.RY))); - compute_next_RY.reset(new typename component_policy::Fqe_mul_component_type( - bp, *(cur.gamma), *RX_minus_next_RX, *RY_plus_next_RY)); - } - - void generate_gates() { - compute_gamma->generate_gates(); - compute_gamma_X->generate_gates(); - compute_next_RX->generate_gates(); - compute_next_RY->generate_gates(); - } - - void generate_assignments() { - RY_minus_QY->evaluate(); - RX_minus_QX->evaluate(); - - const typename fqe_type::value_type RY_minus_QY_val = RY_minus_QY->get_element(); - const typename fqe_type::value_type RX_minus_QX_val = RX_minus_QX->get_element(); - const typename fqe_type::value_type gamma_val = RY_minus_QY_val * RX_minus_QX_val.inversed(); - cur.gamma->generate_assignments(gamma_val); - - compute_gamma->generate_assignments(); - compute_gamma_X->generate_assignments(); - - const typename fqe_type::value_type RX_val = cur.RX->get_element(); - const typename fqe_type::value_type RY_val = cur.RY->get_element(); - const typename fqe_type::value_type QX_val = Q.X->get_element(); - const typename fqe_type::value_type next_RX_val = gamma_val.squared() - RX_val - QX_val; - const typename fqe_type::value_type next_RY_val = gamma_val * (RX_val - next_RX_val) - RY_val; - - next.RX->generate_assignments(next_RX_val); - next.RY->generate_assignments(next_RY_val); - - next_RX_plus_RX_plus_QX->evaluate(); - RX_minus_next_RX->evaluate(); - RY_plus_next_RY->evaluate(); - - compute_next_RX->generate_assignments(); - compute_next_RY->generate_assignments(); - } - }; - - /** - * Component that verifies correct precomputation of the G2 element. - */ - template - class precompute_G2_component : public component { - using component_policy = detail::basic_pairing_component_policy; - - public: - typedef typename CurveType::pairing::fp_type FieldType; - - std::vector>> addition_steps; - std::vector>> doubling_steps; - - std::size_t add_count; - std::size_t dbl_count; - - g2_precomputation &precomp; // important to have a reference here - - precompute_G2_component(blueprint &bp, - const element_g2 &Q, - g2_precomputation &precomp) : - component(bp), - precomp(precomp) { - precomp.Q.reset(new element_g2(Q)); - - std::size_t coeff_count = 1; // the last RX/RY are unused in Miller loop, but will need - // to get allocated somehow - this->add_count = 0; - this->dbl_count = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - ++dbl_count; - ++coeff_count; - - if (NAF[i] != 0) { - ++add_count; - ++coeff_count; - } - } - - precomp.coeffs.resize(coeff_count); - addition_steps.resize(add_count); - doubling_steps.resize(dbl_count); - - precomp.coeffs[0].reset(new precompute_G2_component_coeffs(bp, Q)); - for (std::size_t i = 1; i < coeff_count; ++i) { - precomp.coeffs[i].reset(new precompute_G2_component_coeffs(bp)); - } - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - std::size_t coeff_id = 0; - - found_nonzero = false; - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps[dbl_id].reset(new precompute_G2_component_doubling_step( - bp, *(precomp.coeffs[coeff_id]), *(precomp.coeffs[coeff_id + 1]))); - ++dbl_id; - ++coeff_id; - - if (NAF[i] != 0) { - addition_steps[add_id].reset(new precompute_G2_component_addition_step( - bp, NAF[i] < 0, *(precomp.coeffs[coeff_id]), *(precomp.coeffs[coeff_id + 1]), Q)); - ++add_id; - ++coeff_id; - } - } - } - - void generate_gates() { - for (std::size_t i = 0; i < dbl_count; ++i) { - doubling_steps[i]->generate_gates(); - } - - for (std::size_t i = 0; i < add_count; ++i) { - addition_steps[i]->generate_gates(); - } - } - - void generate_assignments() { - precomp.coeffs[0]->RX->generate_assignments(precomp.Q->X->get_element()); - precomp.coeffs[0]->RY->generate_assignments(precomp.Q->Y->get_element()); - - std::size_t add_id = 0; - std::size_t dbl_id = 0; - - bool found_nonzero = false; - std::vector NAF = find_wnaf(1, CurveType::pairing::pairing_loop_count); - - for (long i = NAF.size() - 1; i >= 0; --i) { - if (!found_nonzero) { - /* this skips the MSB itself */ - found_nonzero |= (NAF[i] != 0); - continue; - } - - doubling_steps[dbl_id]->generate_assignments(); - ++dbl_id; - - if (NAF[i] != 0) { - addition_steps[add_id]->generate_assignments(); - ++add_id; - } - } - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_AS_WAKSMAN_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/comparison.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/comparison.hpp deleted file mode 100644 index 1b4edbbd2a..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/comparison.hpp +++ /dev/null @@ -1,137 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_COMPARISON_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_COMPARISON_COMPONENT_HPP - -#include -#include - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /* - the components below are Fp specific: - I * X = R - (1-R) * X = 0 - - if X = 0 then R = 0 - if X != 0 then R = 1 and I = X^{-1} - */ - template - class comparison : public nil::blueprint::components::component { - private: - detail::blueprint_variable_vector alpha; - detail::blueprint_variable alpha_packed; - std::shared_ptr> pack_alpha; - - std::shared_ptr> all_zeros_test; - detail::blueprint_variable not_all_zeros; - - public: - const std::size_t n; - const detail::blueprint_linear_combination A; - const detail::blueprint_linear_combination B; - const detail::blueprint_variable less; - const detail::blueprint_variable less_or_eq; - - comparison(blueprint &bp, - std::size_t n, - const detail::blueprint_linear_combination &A, - const detail::blueprint_linear_combination &B, - const detail::blueprint_variable &less, - const detail::blueprint_variable &less_or_eq) : - nil::blueprint::components::component(bp), - n(n), A(A), B(B), less(less), less_or_eq(less_or_eq) { - alpha.allocate(bp, n); - alpha.emplace_back(less_or_eq); // alpha[n] is less_or_eq - - alpha_packed.allocate(bp); - not_all_zeros.allocate(bp); - - pack_alpha.reset(new packing(bp, alpha, alpha_packed)); - - all_zeros_test.reset(new disjunction( - bp, detail::blueprint_variable_vector(alpha.begin(), alpha.begin() + n), not_all_zeros)); - }; - - void generate_gates() { - /* - packed(alpha) = 2^n + B - A - - not_all_zeros = \bigvee_{i=0}^{n-1} alpha_i - - if B - A > 0, then 2^n + B - A > 2^n, - so alpha_n = 1 and not_all_zeros = 1 - if B - A = 0, then 2^n + B - A = 2^n, - so alpha_n = 1 and not_all_zeros = 0 - if B - A < 0, then 2^n + B - A \in {0, 1, \ldots, 2^n-1}, - so alpha_n = 0 - - therefore alpha_n = less_or_eq and alpha_n * not_all_zeros = less - */ - - /* not_all_zeros to be Boolean, alpha_i are Boolean by packing component */ - generate_boolean_r1cs_constraint(this->bp, not_all_zeros); - - /* constraints for packed(alpha) = 2^n + B - A */ - pack_alpha->generate_gates(true); - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint( - 1, (typename FieldType::value_type(0x02).pow(n)) + B - A, alpha_packed)); - - /* compute result */ - all_zeros_test->generate_gates(); - this->bp.add_r1cs_constraint( - zk::snark::r1cs_constraint(less_or_eq, not_all_zeros, less)); - } - - void generate_assignments() { - A.evaluate(this->bp); - B.evaluate(this->bp); - - /* unpack 2^n + B - A into alpha_packed */ - this->bp.val(alpha_packed) = - (typename FieldType::value_type(0x02).pow(n)) + this->bp.lc_val(B) - this->bp.lc_val(A); - pack_alpha->generate_assignments_from_packed(); - - /* compute result */ - all_zeros_test->generate_assignments(); - this->bp.val(less) = this->bp.val(less_or_eq) * this->bp.val(not_all_zeros); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_COMPARISON_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/conjunction.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/conjunction.hpp deleted file mode 100644 index b13c160fd7..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/conjunction.hpp +++ /dev/null @@ -1,112 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_CONJUNCTION_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_CONJUNCTION_COMPONENT_HPP - -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /* - the components below are Fp specific: - I * X = R - (1-R) * X = 0 - - if X = 0 then R = 0 - if X != 0 then R = 1 and I = X^{-1} - */ - template - class conjunction : public nil::blueprint::components::component { - private: - detail::blueprint_variable inv; - - public: - const detail::blueprint_variable_vector inputs; - const detail::blueprint_variable output; - - conjunction(blueprint &bp, - const detail::blueprint_variable_vector &inputs, - const detail::blueprint_variable &output) : - nil::blueprint::components::component(bp), - inputs(inputs), output(output) { - assert(inputs.size() >= 1); - inv.allocate(bp); - } - - void generate_gates() { - /* inv * (n-sum) = 1-output */ - math::non_linear_combination a1, b1, c1; - a1.add_term(inv); - b1.add_term(detail::blueprint_variable(0), inputs.size()); - for (std::size_t i = 0; i < inputs.size(); ++i) { - b1.add_term(inputs[i], -1); - } - c1.add_term(detail::blueprint_variable(0)); - c1.add_term(output, -1); - - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint(a1, b1, c1)); - - /* output * (n-sum) = 0 */ - math::non_linear_combination a2, b2, c2; - a2.add_term(output); - b2.add_term(detail::blueprint_variable(0), inputs.size()); - for (std::size_t i = 0; i < inputs.size(); ++i) { - b2.add_term(inputs[i], -1); - } - c2.add_term(detail::blueprint_variable(0), 0); - - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint(a2, b2, c2)); - } - void generate_assignments() { - typename FieldType::value_type sum = typename FieldType::value_type(inputs.size()); - - for (std::size_t i = 0; i < inputs.size(); ++i) { - sum -= this->bp.val(inputs[i]); - } - - if (sum.is_zero()) { - this->bp.val(inv) = FieldType::value_type::zero(); - this->bp.val(output) = FieldType::value_type::one(); - } else { - this->bp.val(inv) = sum.inversed(); - this->bp.val(output) = FieldType::value_type::zero(); - } - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_CONJUNCTION_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/disjunction.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/disjunction.hpp deleted file mode 100644 index 557c381608..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/disjunction.hpp +++ /dev/null @@ -1,113 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_DISJUNCTION_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_DISJUNCTION_COMPONENT_HPP - -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /* - the components below are Fp specific: - I * X = R - (1-R) * X = 0 - - if X = 0 then R = 0 - if X != 0 then R = 1 and I = X^{-1} - */ - - template - class disjunction : public nil::blueprint::components::component { - private: - detail::blueprint_variable inv; - - public: - const detail::blueprint_variable_vector inputs; - const detail::blueprint_variable output; - - disjunction(blueprint &bp, - const detail::blueprint_variable_vector &inputs, - const detail::blueprint_variable &output) : - nil::blueprint::components::component(bp), - inputs(inputs), output(output) { - assert(inputs.size() >= 1); - inv.allocate(bp); - } - - void generate_gates() { - /* inv * sum = output */ - math::non_linear_combination a1, b1, c1; - a1.add_term(inv); - for (std::size_t i = 0; i < inputs.size(); ++i) { - b1.add_term(inputs[i]); - } - c1.add_term(output); - - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint(a1, b1, c1)); - - /* (1-output) * sum = 0 */ - math::non_linear_combination a2, b2, c2; - a2.add_term(detail::blueprint_variable(0)); - a2.add_term(output, -1); - for (std::size_t i = 0; i < inputs.size(); ++i) { - b2.add_term(inputs[i]); - } - c2.add_term(detail::blueprint_variable(0), 0); - - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint(a2, b2, c2)); - } - - void generate_assignments() { - typename FieldType::value_type sum = FieldType::value_type::zero(); - - for (std::size_t i = 0; i < inputs.size(); ++i) { - sum += this->bp.val(inputs[i]); - } - - if (sum.is_zero()) { - this->bp.val(inv) = FieldType::value_type::zero(); - this->bp.val(output) = FieldType::value_type::zero(); - } else { - this->bp.val(inv) = sum.inversed(); - this->bp.val(output) = FieldType::value_type::one(); - } - } - }; - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_DISJUNCTION_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/inner_product.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/inner_product.hpp deleted file mode 100644 index ed140d4aa6..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/boolean/r1cs/inner_product.hpp +++ /dev/null @@ -1,103 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_INNER_PRODUCT_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_INNER_PRODUCT_COMPONENT_HPP - -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /* - the components below are Fp specific: - I * X = R - (1-R) * X = 0 - - if X = 0 then R = 0 - if X != 0 then R = 1 and I = X^{-1} - */ - template - class inner_product : public nil::blueprint::components::component { - private: - /* S_i = \sum_{k=0}^{i+1} A[i] * B[i] */ - detail::blueprint_variable_vector S; - - public: - const detail::blueprint_linear_combination_vector A; - const detail::blueprint_linear_combination_vector B; - const detail::blueprint_variable result; - - inner_product(blueprint &bp, - const detail::blueprint_linear_combination_vector &A, - const detail::blueprint_linear_combination_vector &B, - const detail::blueprint_variable &result) : - nil::blueprint::components::component(bp), - A(A), B(B), result(result) { - assert(A.size() >= 1); - assert(A.size() == B.size()); - - S.allocate(bp, A.size() - 1); - } - - void generate_gates() { - /* - S_i = \sum_{k=0}^{i+1} A[i] * B[i] - S[0] = A[0] * B[0] - S[i+1] - S[i] = A[i] * B[i] - */ - for (std::size_t i = 0; i < A.size(); ++i) { - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint( - A[i], B[i], - (i == A.size() - 1 ? result : S[i]) + - (i == 0 ? 0 * detail::blueprint_variable(0) : -S[i - 1]))); - } - } - - void generate_assignments() { - typename FieldType::value_type total = FieldType::value_type::zero(); - for (std::size_t i = 0; i < A.size(); ++i) { - A[i].evaluate(this->bp); - B[i].evaluate(this->bp); - - total += this->bp.lc_val(A[i]) * this->bp.lc_val(B[i]); - this->bp.val(i == A.size() - 1 ? result : S[i]) = total; - } - } - }; - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_INNER_PRODUCT_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/component_from_r1cs.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/component_from_r1cs.hpp deleted file mode 100644 index 2e4a355a0e..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/component_from_r1cs.hpp +++ /dev/null @@ -1,109 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a component that can be created from an R1CS constraint system. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_COMPONENT_FROM_R1CS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_COMPONENT_FROM_R1CS_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template - class component_from_r1cs : public component { - - const std::vector> vars; - const snark::r1cs_constraint_system cs; - std::map cs_to_vars; - - public: - component_from_r1cs(blueprint &bp, - const std::vector> &vars, - const snark::r1cs_constraint_system &cs) : - component(bp), - vars(vars), cs(cs) { - cs_to_vars[0] = 0; /* constant term maps to constant term */ - - std::size_t cs_var_idx = 1; - for (auto va : vars) { - for (auto v : va) { - cs_to_vars[cs_var_idx] = v.index; - ++cs_var_idx; - } - } - - assert(cs_var_idx - 1 == cs.num_variables()); - } - - void generate_gates() { - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - const snark::r1cs_constraint &constr = cs.constraints[i]; - snark::r1cs_constraint translated_constr; - - for (const linear_term &t : constr.a.terms) { - translated_constr.a.terms.emplace_back( - linear_term(variable(cs_to_vars[t.index]), t.coeff)); - } - - for (const linear_term &t : constr.b.terms) { - translated_constr.b.terms.emplace_back( - linear_term(variable(cs_to_vars[t.index]), t.coeff)); - } - - for (const linear_term &t : constr.c.terms) { - translated_constr.c.terms.emplace_back( - linear_term(variable(cs_to_vars[t.index]), t.coeff)); - } - - this->bp.add_r1cs_constraint(translated_constr); - } - } - void generate_assignments(const snark::r1cs_primary_input &primary_input, - const snark::r1cs_auxiliary_input &auxiliary_input) { - assert(cs.num_inputs() == primary_input.size()); - assert(cs.num_variables() == primary_input.size() + auxiliary_input.size()); - - for (std::size_t i = 0; i < primary_input.size(); ++i) { - this->bp.val(variable(cs_to_vars[i + 1])) = primary_input[i]; - } - - for (std::size_t i = 0; i < auxiliary_input.size(); ++i) { - this->bp.val(variable(cs_to_vars[primary_input.size() + i + 1])) = - auxiliary_input[i]; - } - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_COMPONENT_FROM_R1CS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/lookup_1bit.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/lookup_1bit.hpp deleted file mode 100644 index 87ff602c96..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/lookup_1bit.hpp +++ /dev/null @@ -1,91 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_DETAIL_LOOKUP_1BIT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_DETAIL_LOOKUP_1BIT_HPP - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - /** - * One-bit window lookup table using one constraint - */ - template - struct lookup_1bit : public component { - using field_type = Field; - using field_value_type = typename Field::value_type; - using result_type = detail::blueprint_variable; - - const std::vector constants; - const detail::blueprint_variable bit; - result_type result; - - /// Auto allocation of the result - template - lookup_1bit(blueprint &bp, - const Constants &in_constants, - const detail::blueprint_variable &in_bit) : - component(bp), - constants(std::cbegin(in_constants), std::cend(in_constants)), bit(in_bit) { - assert(this->constants.size() == 2); - this->result.allocate(this->bp); - } - - /// Manual allocation of the result - template - lookup_1bit(blueprint &bp, - const Constants &in_constants, - const detail::blueprint_variable &in_bit, - const result_type &in_result) : - component(bp), - constants(std::cbegin(in_constants), std::cend(in_constants)), bit(in_bit), result(in_result) { - assert(this->constants.size() == 2); - } - - void generate_gates() { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - {constants[0] + bit * constants[1] - (bit * constants[0])}, - {field_value_type::one()}, - result)); - } - - void generate_assignments() { - std::size_t i = static_cast( - static_cast((this->bp.val(bit)).data)); - this->bp.val(result) = constants[i]; - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_DETAIL_LOOKUP_1BIT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/lookup_signed_3bit.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/lookup_signed_3bit.hpp deleted file mode 100644 index 0fa9746fb6..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/lookup_signed_3bit.hpp +++ /dev/null @@ -1,131 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Three-bit window lookup (2bits + signature bit) in 2bit table using two constraints. Maps the bits `b` to a -// list of constants `c` -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_LOOKUP_SIGNED_3BIT_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_LOOKUP_SIGNED_3BIT_COMPONENT_HPP - -#include -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - template - struct lookup_signed_3bit : public component { - using field_type = Field; - using field_value_type = typename field_type::value_type; - - static constexpr std::size_t chunk_bits = 3; - static constexpr std::size_t lookup_bits = 2; - - // Input variables - std::vector c; - const detail::blueprint_variable_vector b; - // Intermediate variable - detail::blueprint_variable b0b1; - // Output variable - detail::blueprint_variable result; - - /// Auto allocation of the result - template::value_type>::value, - bool>::type = true> - lookup_signed_3bit(blueprint &bp, - const Constants &in_constants, - const detail::blueprint_variable_vector &in_bits) : - component(bp), - b(in_bits) { - this->b0b1.allocate(this->bp); - this->result.allocate(this->bp); - std::copy(std::cbegin(in_constants), std::cend(in_constants), std::back_inserter(this->c)); - } - - /// Manual allocation of the result - template::value_type>::value, - bool>::type = true> - lookup_signed_3bit(blueprint &bp, - const Constants &in_constants, - const detail::blueprint_variable_vector &in_bits, - const detail::blueprint_variable &in_result) : - component(bp), - b(in_bits), result(in_result) { - this->b0b1.allocate(this->bp); - std::copy(std::cbegin(in_constants), std::cend(in_constants), std::back_inserter(this->c)); - } - - void generate_gates() { - /// b0b1 = b[0] * b[1] - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(this->b[0], this->b[1], this->b0b1)); - - /// y_lc = c[0] + b[0] * (c[1]-c0) + b[1] * (c[2]-c[0]) + b[0]&b[1] * (c[3] - c[2] - c[1] + - /// c[0]) - detail::blueprint_linear_combination y_lc; - y_lc.assign( - this->bp, - math::linear_term(detail::blueprint_variable(0), this->c[0]) + - math::linear_term(this->b[0], this->c[1] - this->c[0]) + - math::linear_term(this->b[1], this->c[2] - this->c[0]) + - math::linear_term(this->b0b1, - this->c[3] - this->c[2] - this->c[1] + this->c[0])); - - /// (y_lc + y_lc) * b[2] == y_lc - result - this->bp.add_r1cs_constraint( - snark::r1cs_constraint({y_lc + y_lc}, this->b[2], {y_lc - this->result})); - } - - void generate_assignments() { - auto i = static_cast(static_cast( - this->b.get_field_element_from_bits(this->bp).data)); - field_value_type result = this->c[i & 3]; - if (i > 3) { - result = result * (-field_value_type::one()); - } - this->bp.val(this->b0b1) = this->bp.val(this->b[0]) * this->bp.val(this->b[1]); - this->bp.val(this->result) = result; - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_LOOKUP_SIGNED_3BIT_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/loose_multiplexing.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/loose_multiplexing.hpp deleted file mode 100644 index 2d811f3cb8..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/loose_multiplexing.hpp +++ /dev/null @@ -1,128 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_LOOSE_MULTIPLEXING_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_LOOSE_MULTIPLEXING_COMPONENT_HPP - -#include -#include - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /* - loose_multiplexing implements loose multiplexer: - index not in bounds -> success_flag = 0 - index in bounds && success_flag = 1 -> result is correct - however if index is in bounds we can also set success_flag to 0 (and then result will be forced to - be 0) - */ - template - class loose_multiplexing : public nil::blueprint::components::component { - public: - detail::blueprint_variable_vector alpha; - - private: - std::shared_ptr> compute_result; - - public: - const detail::blueprint_linear_combination_vector arr; - const detail::blueprint_variable index; - const detail::blueprint_variable result; - const detail::blueprint_variable success_flag; - - loose_multiplexing(blueprint &bp, - const detail::blueprint_linear_combination_vector &arr, - const detail::blueprint_variable &index, - const detail::blueprint_variable &result, - const detail::blueprint_variable &success_flag) : - nil::blueprint::components::component(bp), - arr(arr), index(index), result(result), success_flag(success_flag) { - alpha.allocate(bp, arr.size()); - compute_result.reset(new inner_product(bp, alpha, arr, result)); - }; - - void generate_gates() { - /* \alpha_i (index - i) = 0 */ - for (std::size_t i = 0; i < arr.size(); ++i) { - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint(alpha[i], index - i, 0)); - } - - /* 1 * (\sum \alpha_i) = success_flag */ - detail::blueprint_linear_combination a, b, c; - a.add_term(detail::blueprint_variable(0)); - for (std::size_t i = 0; i < arr.size(); ++i) { - b.add_term(alpha[i]); - } - c.add_term(success_flag); - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint(a, b, c)); - - /* now success_flag is constrained to either 0 (if index is out of - range) or \alpha_i. constrain it and \alpha_i to zero */ - generate_boolean_r1cs_constraint(this->bp, success_flag); - - /* compute result */ - compute_result->generate_gates(); - } - - void generate_assignments() { - - /* assumes that idx can be fit in ulong; true for our purposes for now */ - const typename FieldType::value_type valint = this->bp.val(index); - - unsigned long idx = static_cast(typename FieldType::integral_type(valint.data)); - - if (idx >= arr.size() || typename FieldType::integral_type(valint.data) >= arr.size()) { - for (std::size_t i = 0; i < arr.size(); ++i) { - this->bp.val(alpha[i]) = FieldType::value_type::zero(); - } - - this->bp.val(success_flag) = FieldType::value_type::zero(); - } else { - for (std::size_t i = 0; i < arr.size(); ++i) { - this->bp.val(alpha[i]) = - (i == idx ? FieldType::value_type::one() : FieldType::value_type::zero()); - } - - this->bp.val(success_flag) = FieldType::value_type::one(); - } - - compute_result->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_LOOSE_MULTIPLEXING_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/packing.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/packing.hpp deleted file mode 100644 index 33320c720b..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/detail/r1cs/packing.hpp +++ /dev/null @@ -1,342 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_BASIC_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_BASIC_COMPONENTS_HPP - -#include -#include - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - /* forces lc to take value 0 or 1 by adding constraint lc * (1-lc) = 0 */ - template - void generate_boolean_r1cs_constraint(blueprint &bp, - const math::non_linear_combination &lc) { - bp.add_r1cs_constraint(zk::snark::r1cs_constraint(lc, Field::value_type::one() - lc, - Field::value_type::zero())); - } - - template - void generate_r1cs_equals_const_constraint(blueprint &bp, - const math::non_linear_combination &lc, - const typename Field::value_type &c) { - bp.add_r1cs_constraint(zk::snark::r1cs_constraint(Field::value_type::one(), lc, c)); - } - - template - struct packing : public nil::blueprint::components::component { - using field_type = Field; - using field_value_type = typename field_type::value_type; - - const detail::blueprint_linear_combination_vector bits; - const detail::blueprint_linear_combination packed; - - packing(blueprint &bp, - const detail::blueprint_linear_combination_vector &bits, - const detail::blueprint_linear_combination &packed) : - nil::blueprint::components::component(bp), - bits(bits), packed(packed) { - } - explicit packing(const detail::blueprint_linear_combination_vector &bits) : bits(bits) { - } - - /* adds constraint result = \sum bits[i] * 2^i */ - void generate_gates(bool enforce_bitness) { - this->bp.add_r1cs_constraint(zk::snark::r1cs_constraint( - field_type::value_type::one(), detail::blueprint_packing_sum(bits), packed)); - - if (enforce_bitness) { - for (std::size_t i = 0; i < bits.size(); ++i) { - generate_boolean_r1cs_constraint(this->bp, bits[i]); - } - } - } - - void generate_assignments_from_packed() { - packed.evaluate(this->bp); - - // `bits` is large enough to represent this packed value - assert(multiprecision::msb( - static_cast(this->bp.lc_val(packed).data)) + - 1 <= - bits.size()); - bits.fill_with_bits_of_field_element(this->bp, this->bp.lc_val(packed)); - } - - void generate_assignments_from_bits() { - bits.evaluate(this->bp); - this->bp.lc_val(packed) = bits.get_field_element_from_bits(this->bp); - } - }; - - template - class multipacking_component : public nil::blueprint::components::component { - private: - std::vector> packers; - - public: - const detail::blueprint_linear_combination_vector bits; - const detail::blueprint_linear_combination_vector packed_vars; - - const std::size_t chunk_size; - const std::size_t num_chunks; - // const std::size_t last_chunk_size; - - // last_chunk_size(bits.size() - (num_chunks-1) * chunk_size) - multipacking_component(blueprint &bp, - const detail::blueprint_linear_combination_vector &bits, - const detail::blueprint_linear_combination_vector &packed_vars, - std::size_t chunk_size) : - nil::blueprint::components::component(bp), - bits(bits), packed_vars(packed_vars), chunk_size(chunk_size), - num_chunks((bits.size() + (chunk_size - 1)) / chunk_size) { - - assert(packed_vars.size() == num_chunks); - for (std::size_t i = 0; i < num_chunks; ++i) { - packers.emplace_back( - packing(this->bp, - detail::blueprint_linear_combination_vector( - bits.begin() + i * chunk_size, - bits.begin() + std::min((i + 1) * chunk_size, bits.size())), - packed_vars[i])); - } - } - - void generate_gates(const bool enforce_bitness) { - for (std::size_t i = 0; i < num_chunks; ++i) { - packers[i].generate_gates(enforce_bitness); - } - } - - void generate_assignments_from_packed() { - for (std::size_t i = 0; i < num_chunks; ++i) { - packers[i].generate_assignments_from_packed(); - } - } - - void generate_assignments_from_bits() { - for (std::size_t i = 0; i < num_chunks; ++i) { - packers[i].generate_assignments_from_bits(); - } - } - }; - - template - class field_vector_copy_component : public nil::blueprint::components::component { - public: - const detail::blueprint_variable_vector source; - const detail::blueprint_variable_vector target; - const detail::blueprint_linear_combination do_copy; - - field_vector_copy_component(blueprint &bp, - const detail::blueprint_variable_vector &source, - const detail::blueprint_variable_vector &target, - const detail::blueprint_linear_combination &do_copy) : - nil::blueprint::components::component(bp), - source(source), target(target), do_copy(do_copy) { - - assert(source.size() == target.size()); - } - void generate_gates() { - for (std::size_t i = 0; i < source.size(); ++i) { - this->bp.add_r1cs_constraint( - zk::snark::r1cs_constraint(do_copy, source[i] - target[i], 0)); - } - } - - void generate_assignments() { - do_copy.evaluate(this->bp); - assert(this->bp.lc_val(do_copy) == Field::value_type::one() || - this->bp.lc_val(do_copy) == Field::value_type::zero()); - if (this->bp.lc_val(do_copy) != Field::value_type::zero()) { - for (std::size_t i = 0; i < source.size(); ++i) { - this->bp.val(target[i]) = this->bp.val(source[i]); - } - } - } - }; - - template - class bit_vector_copy_component : public nil::blueprint::components::component { - public: - const detail::blueprint_variable_vector source_bits; - const detail::blueprint_variable_vector target_bits; - const detail::blueprint_linear_combination do_copy; - - detail::blueprint_variable_vector packed_source; - detail::blueprint_variable_vector packed_target; - - std::shared_ptr> pack_source; - std::shared_ptr> pack_target; - std::shared_ptr> copier; - - const std::size_t chunk_size; - const std::size_t num_chunks; - - bit_vector_copy_component(blueprint &bp, - const detail::blueprint_variable_vector &source_bits, - const detail::blueprint_variable_vector &target_bits, - const detail::blueprint_linear_combination &do_copy, - std::size_t chunk_size) : - nil::blueprint::components::component(bp), - source_bits(source_bits), target_bits(target_bits), do_copy(do_copy), chunk_size(chunk_size), - num_chunks((source_bits.size() + (chunk_size - 1)) / chunk_size) { - - assert(source_bits.size() == target_bits.size()); - - packed_source.allocate(bp, num_chunks); - pack_source.reset( - new multipacking_component(bp, source_bits, packed_source, chunk_size)); - - packed_target.allocate(bp, num_chunks); - pack_target.reset( - new multipacking_component(bp, target_bits, packed_target, chunk_size)); - - copier.reset(new field_vector_copy_component(bp, packed_source, packed_target, do_copy)); - } - - void generate_gates(bool enforce_source_bitness, bool enforce_target_bitness) { - pack_source->generate_gates(enforce_source_bitness); - pack_target->generate_gates(enforce_target_bitness); - - copier->generate_gates(); - } - - void generate_assignments() { - do_copy.evaluate(this->bp); - assert(this->bp.lc_val(do_copy) == Field::value_type::zero() || - this->bp.lc_val(do_copy) == Field::value_type::one()); - if (this->bp.lc_val(do_copy) == Field::value_type::one()) { - for (std::size_t i = 0; i < source_bits.size(); ++i) { - this->bp.val(target_bits[i]) = this->bp.val(source_bits[i]); - } - } - - pack_source->generate_assignments_from_bits(); - pack_target->generate_assignments_from_bits(); - } - }; - - template - class dual_variable_component : public nil::blueprint::components::component { - private: - std::shared_ptr> consistency_check; - - public: - detail::blueprint_variable packed; - detail::blueprint_variable_vector bits; - - dual_variable_component(blueprint &bp, std::size_t width) : - nil::blueprint::components::component(bp) { - packed.allocate(bp); - bits.allocate(bp, width); - consistency_check.reset(new packing(bp, bits, packed)); - } - - dual_variable_component(blueprint &bp, - const detail::blueprint_variable_vector &bits) : - nil::blueprint::components::component(bp), - bits(bits) { - packed.allocate(bp); - consistency_check.reset(new packing(bp, bits, packed)); - } - - dual_variable_component(blueprint &bp, const detail::blueprint_variable &packed, - std::size_t width) : - nil::blueprint::components::component(bp), - packed(packed) { - bits.allocate(bp, width); - consistency_check.reset(new packing(bp, bits, packed)); - } - - void generate_gates(bool enforce_bitness) { - consistency_check->generate_gates(enforce_bitness); - } - - void generate_assignments_from_packed() { - consistency_check->generate_assignments_from_packed(); - } - void generate_assignments_from_bits() { - consistency_check->generate_assignments_from_bits(); - } - }; - - template - void create_linear_combination_constraints( - blueprint &bp, - const std::vector &base, - const std::vector> &v, - const VarT &target) { - - for (std::size_t i = 0; i < base.size(); ++i) { - detail::blueprint_linear_combination a, b, c; - - a.add_term(detail::blueprint_variable(0)); - b.add_term(detail::blueprint_variable(0), base[i]); - - for (auto &p : v) { - b.add_term(p.first.all_vars[i], p.second); - } - - c.add_term(target.all_vars[i]); - - bp.add_r1cs_constraint(zk::snark::r1cs_constraint(a, b, c)); - } - } - - template - void - create_linear_combination_witness(blueprint &bp, - const std::vector &base, - const std::vector> &v, - const VarT &target) { - for (std::size_t i = 0; i < base.size(); ++i) { - bp.val(target.all_vars[i]) = base[i]; - - for (auto &p : v) { - bp.val(target.all_vars[i]) += p.second * bp.val(p.first.all_vars[i]); - } - } - } - - template - std::size_t multipacking_num_chunks(const std::size_t num_bits) { - return (num_bits + (Field::capacity()) - 1) / Field::capacity(); - } - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_BASIC_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/knapsack/r1cs/knapsack.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/knapsack/r1cs/knapsack.hpp deleted file mode 100644 index 37f3f9766d..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/knapsack/r1cs/knapsack.hpp +++ /dev/null @@ -1,310 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the knapsack component. -// -// The component checks the correct execution of a knapsack (modular subset-sum) over -// the field specified in the template parameter. With suitable choices of parameters -// such knapsacks are collision-resistant hashes (CRHs). See \[Ajt96] and \[GGH96]. -// -// Given two positive integers m (the input length) and d (the dimension), -// and a matrix M over the field F and of dimension dxm, the hash H_M maps {0,1}^m -// to F^d by sending x to M*x. Security of the function (very roughly) depends on -// d*log(|F|). -// -// Below, we give two different components: -// - knapsack_crh_with_field_out_component, which verifies H_M -// - knapsack_crh_with_bit_out_component, which verifies H_M when its output is "expanded" to bits. -// In both cases, a method ("sample_randomness") allows to sample M. -// -// The parameter d (the dimension) is fixed at compile time in the struct -// knapsack_dimension below. The parameter m (the input length) can be chosen -// at run time (in either component). -// -// -// References: -// -// \[Ajt96]: -// "Generating hard instances of lattice problems", -// Miklos Ajtai, -// STOC 1996 -// -// \[GGH96]: -// "Collision-free hashing from lattice problems", -// Oded Goldreich, Shafi Goldwasser, Shai Halevi, -// ECCC TR95-042 -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_KNAPSACK_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_KNAPSACK_COMPONENT_HPP - -#include - -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /************************** Choice of dimension ******************************/ - - template - struct knapsack_dimension { - // the size of typename FieldType::value_type should be (approximately) at least 200 bits - static const std::size_t dimension = 1; - }; - - /*********************** Knapsack with field output **************************/ - - template - class knapsack_crh_with_field_out_component : public component { - private: - static std::vector knapsack_coefficients; - static std::size_t num_cached_coefficients; - - public: - typedef std::vector hash_value_type; - typedef detail::blueprint_linear_combination_vector hash_variable_type; - std::size_t input_len; - std::size_t dimension; - - block_variable input_block; - detail::blueprint_linear_combination_vector output; - - knapsack_crh_with_field_out_component( - blueprint &bp, - std::size_t input_len, - const block_variable &input_block, - const detail::blueprint_linear_combination_vector &output) : - component(bp), - input_len(input_len), dimension(knapsack_dimension::dimension), - input_block(input_block), output(output) { - BOOST_ASSERT(input_block.bits.size() == input_len); - if (num_cached_coefficients < dimension * input_len) { - sample_randomness(input_len); - } - BOOST_ASSERT(output.size() == this->get_digest_len()); - } - void generate_gates() { - for (std::size_t i = 0; i < dimension; ++i) { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, - zk::detail::blueprint_coeff_sum( - input_block.bits, - std::vector( - knapsack_coefficients.begin() + input_len * i, - knapsack_coefficients.begin() + input_len * (i + 1))), - output[i])); - } - } - void generate_assignments() { - const std::vector input = input_block.get_block(); - - for (std::size_t i = 0; i < dimension; ++i) { - typename FieldType::value_type sum = FieldType::value_type::zero(); - for (std::size_t k = 0; k < input_len; ++k) { - if (input[k]) { - sum += knapsack_coefficients[input_len * i + k]; - } - } - - this->bp.lc_val(output[i]) = sum; - } - } - - static std::size_t get_digest_len() { - return knapsack_dimension::dimension; - } - - /* return 0 as block length, as the hash function is variable-input */ - static std::size_t get_block_len() { - return 0; - } - - static std::vector get_hash(const std::vector &input) { - const std::size_t dimension = knapsack_dimension::dimension; - if (num_cached_coefficients < dimension * input.size()) { - sample_randomness(input.size()); - } - - std::vector result(dimension, FieldType::value_type::zero()); - - for (std::size_t i = 0; i < dimension; ++i) { - for (std::size_t k = 0; k < input.size(); ++k) { - if (input[k]) { - result[i] += knapsack_coefficients[input.size() * i + k]; - } - } - } - - return result; - } - - static void sample_randomness(std::size_t input_len) { - const std::size_t num_coefficients = knapsack_dimension::dimension * input_len; - random::hash, typename FieldType::value_type> rng; - - if (num_coefficients > num_cached_coefficients) { - knapsack_coefficients.resize(num_coefficients); - for (std::size_t i = num_cached_coefficients; i < num_coefficients; ++i) { - rng.seed(i); - knapsack_coefficients[i] = rng(); - } - num_cached_coefficients = num_coefficients; - } - } - - /* for debugging */ - static std::size_t expected_constraints() { - return knapsack_dimension::dimension; - } - }; - - /********************** Knapsack with binary output **************************/ - - template - class knapsack_crh_with_bit_out_component : public component { - public: - typedef std::vector hash_value_type; - typedef digest_variable hash_variable_type; - typedef snark::merkle_authentication_path merkle_authentication_path_type; - - std::size_t input_len; - std::size_t dimension; - - detail::blueprint_linear_combination_vector output; - - std::shared_ptr> hasher; - - block_variable input_block; - digest_variable output_digest; - - knapsack_crh_with_bit_out_component(blueprint &bp, - std::size_t input_len, - const block_variable &input_block, - const digest_variable &output_digest) : - component(bp), - input_len(input_len), dimension(knapsack_dimension::dimension), - input_block(input_block), output_digest(output_digest) { - BOOST_ASSERT(output_digest.bits.size() == this->get_digest_len()); - - output.resize(dimension); - - for (std::size_t i = 0; i < dimension; ++i) { - output[i].assign(bp, - zk::detail::blueprint_packing_sum( - zk::detail::blueprint_variable_vector( - output_digest.bits.begin() + i * FieldType::value_bits, - output_digest.bits.begin() + (i + 1) * FieldType::value_bits))); - } - - hasher.reset( - new knapsack_crh_with_field_out_component(bp, input_len, input_block, output)); - } - - void generate_gates(bool enforce_bitness = true) { - hasher->generate_gates(); - - if (enforce_bitness) { - for (std::size_t k = 0; k < output_digest.bits.size(); ++k) { - generate_boolean_r1cs_constraint(this->bp, output_digest.bits[k]); - } - } - } - - void generate_assignments() { - hasher->generate_assignments(); - - /* do unpacking in place */ - const std::vector input = input_block.bits.bits(this->bp); - for (std::size_t i = 0; i < dimension; ++i) { - zk::detail::blueprint_variable_vector va( - output_digest.bits.begin() + i * FieldType::value_bits, - output_digest.bits.begin() + (i + 1) * FieldType::value_bits); - va.fill_with_bits_of_field_element(this->bp, this->bp.lc_val(output[i])); - } - } - - static std::size_t get_digest_len() { - return knapsack_dimension::dimension * FieldType::value_bits; - } - - /* return 0 as block length, as the hash function is variable-input */ - static std::size_t get_block_len() { - return 0; - } - static hash_value_type get_hash(const std::vector &input) { - const std::vector hash_elems = - knapsack_crh_with_field_out_component::get_hash(input); - hash_value_type result; - - typedef boost::multiprecision::number< - boost::multiprecision::backends::cpp_int_backend<>> - integral_type; - - for (const typename FieldType::value_type &elt : hash_elems) { - // std::vector elt_bytes; - std::vector elt_bits(FieldType::modulus_bits); - - std::vector::iterator write_iter = elt_bits.begin(); - // little-endian, to preserve compatibility with blueprint_packing_sum. - auto end = ::boost::multiprecision::export_bits( - integral_type(elt.data), write_iter, 1, false); - - result.insert(result.end(), elt_bits.begin(), elt_bits.end()); - } - - return result; - } - - static void sample_randomness(std::size_t input_len) { - knapsack_crh_with_field_out_component::sample_randomness(input_len); - } - - /* for debugging */ - static std::size_t expected_constraints(bool enforce_bitness = true) { - const std::size_t hasher_constraints = - knapsack_crh_with_field_out_component::expected_constraints(); - const std::size_t bitness_constraints = (enforce_bitness ? get_digest_len() : 0); - return hasher_constraints + bitness_constraints; - } - }; - - template - std::vector - knapsack_crh_with_field_out_component::knapsack_coefficients; - template - std::size_t knapsack_crh_with_field_out_component::num_cached_coefficients; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_KNAPSACK_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_aux.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_aux.hpp deleted file mode 100644 index 1d1e947f97..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_aux.hpp +++ /dev/null @@ -1,345 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for auxiliary components for the SHA256 component. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_AUX_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_AUX_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template - class lastbits_component : public component { - public: - blueprint_variable X; - std::size_t X_bits; - blueprint_variable result; - blueprint_linear_combination_vector result_bits; - - blueprint_linear_combination_vector full_bits; - std::shared_ptr> unpack_bits; - std::shared_ptr> pack_result; - - lastbits_component(blueprint &bp, - const blueprint_variable &X, - std::size_t X_bits, - const blueprint_variable &result, - const blueprint_linear_combination_vector &result_bits) : - component(bp), - X(X), X_bits(X_bits), result(result), result_bits(result_bits) { - - full_bits = result_bits; - for (std::size_t i = result_bits.size(); i < X_bits; ++i) { - blueprint_variable full_bits_overflow; - full_bits_overflow.allocate(bp); - full_bits.emplace_back(full_bits_overflow); - } - - unpack_bits.reset(new packing(bp, full_bits, X)); - pack_result.reset(new packing(bp, result_bits, result)); - } - - void generate_gates() { - unpack_bits->generate_gates(true); - pack_result->generate_gates(false); - } - - void generate_assignments() { - unpack_bits->generate_assignments_from_packed(); - pack_result->generate_assignments_from_bits(); - } - }; - - template - class XOR3_component : public component { - private: - blueprint_variable tmp; - - public: - blueprint_linear_combination A; - blueprint_linear_combination B; - blueprint_linear_combination C; - bool assume_C_is_zero; - blueprint_linear_combination out; - - XOR3_component(blueprint &bp, - const blueprint_linear_combination &A, - const blueprint_linear_combination &B, - const blueprint_linear_combination &C, - bool assume_C_is_zero, - const blueprint_linear_combination &out) : - component(bp), - A(A), B(B), C(C), assume_C_is_zero(assume_C_is_zero), out(out) { - if (!assume_C_is_zero) { - tmp.allocate(bp); - } - } - - void generate_gates() { - /* - tmp = A + B - 2AB i.e. tmp = A xor B - out = tmp + C - 2tmp C i.e. out = tmp xor C - */ - if (assume_C_is_zero) { - this->bp.add_r1cs_constraint(snark::r1cs_constraint(2 * A, B, A + B - out)); - } else { - this->bp.add_r1cs_constraint(snark::r1cs_constraint(2 * A, B, A + B - tmp)); - this->bp.add_r1cs_constraint(snark::r1cs_constraint(2 * tmp, C, tmp + C - out)); - } - } - - void generate_assignments() { - if (assume_C_is_zero) { - this->bp.lc_val(out) = - this->bp.lc_val(A) + this->bp.lc_val(B) - - typename FieldType::value_type(0x02) * this->bp.lc_val(A) * this->bp.lc_val(B); - } else { - this->bp.val(tmp) = - this->bp.lc_val(A) + this->bp.lc_val(B) - - typename FieldType::value_type(0x02) * this->bp.lc_val(A) * this->bp.lc_val(B); - this->bp.lc_val(out) = - this->bp.val(tmp) + this->bp.lc_val(C) - - typename FieldType::value_type(0x02) * this->bp.val(tmp) * this->bp.lc_val(C); - } - } - }; - -#define SHA256_COMPONENT_ROTR(A, i, k) A[((i) + (k)) % 32] - - /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */ - template - class small_sigma_component : public component { - private: - blueprint_variable_vector W; - blueprint_variable result; - - public: - blueprint_variable_vector result_bits; - std::vector>> compute_bits; - std::shared_ptr> pack_result; - - small_sigma_component(blueprint &bp, - const blueprint_variable_vector &W, - const blueprint_variable &result, - std::size_t rot1, - std::size_t rot2, - std::size_t shift) : - component(bp), - W(W), result(result) { - - result_bits.allocate(bp, 32); - compute_bits.resize(32); - for (std::size_t i = 0; i < 32; ++i) { - compute_bits[i].reset(new XOR3_component( - bp, SHA256_COMPONENT_ROTR(W, i, rot1), SHA256_COMPONENT_ROTR(W, i, rot2), - (i + shift < 32 ? W[i + shift] : blueprint_variable(0)), (i + shift >= 32), - result_bits[i])); - } - pack_result.reset(new packing(bp, result_bits, result)); - } - - void generate_gates() { - for (std::size_t i = 0; i < 32; ++i) { - compute_bits[i]->generate_gates(); - } - - pack_result->generate_gates(false); - } - - void generate_assignments() { - for (std::size_t i = 0; i < 32; ++i) { - compute_bits[i]->generate_assignments(); - } - - pack_result->generate_assignments_from_bits(); - } - }; - - /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */ - template - class big_sigma_component : public component { - private: - blueprint_linear_combination_vector W; - blueprint_variable result; - - public: - blueprint_variable_vector result_bits; - std::vector>> compute_bits; - std::shared_ptr> pack_result; - - big_sigma_component(blueprint &bp, - const blueprint_linear_combination_vector &W, - const blueprint_variable &result, - std::size_t rot1, - std::size_t rot2, - std::size_t rot3) : - component(bp), - W(W), result(result) { - - result_bits.allocate(bp, 32); - compute_bits.resize(32); - for (std::size_t i = 0; i < 32; ++i) { - compute_bits[i].reset(new XOR3_component( - bp, SHA256_COMPONENT_ROTR(W, i, rot1), SHA256_COMPONENT_ROTR(W, i, rot2), - SHA256_COMPONENT_ROTR(W, i, rot3), false, result_bits[i])); - } - - pack_result.reset(new packing(bp, result_bits, result)); - } - - void generate_gates() { - for (std::size_t i = 0; i < 32; ++i) { - compute_bits[i]->generate_gates(); - } - - pack_result->generate_gates(false); - } - - void generate_assignments() { - for (std::size_t i = 0; i < 32; ++i) { - compute_bits[i]->generate_assignments(); - } - - pack_result->generate_assignments_from_bits(); - } - }; - - /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */ - template - class choice_component : public component { - private: - blueprint_variable_vector result_bits; - - public: - blueprint_linear_combination_vector X; - blueprint_linear_combination_vector Y; - blueprint_linear_combination_vector Z; - blueprint_variable result; - std::shared_ptr> pack_result; - - choice_component(blueprint &bp, - const blueprint_linear_combination_vector &X, - const blueprint_linear_combination_vector &Y, - const blueprint_linear_combination_vector &Z, - const blueprint_variable &result) : - component(bp), - X(X), Y(Y), Z(Z), result(result) { - - result_bits.allocate(bp, 32); - pack_result.reset(new packing(bp, result_bits, result)); - } - - void generate_gates() { - for (std::size_t i = 0; i < 32; ++i) { - /* - result = x * y + (1-x) * z - result - z = x * (y - z) - */ - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(X[i], Y[i] - Z[i], result_bits[i] - Z[i])); - } - pack_result->generate_gates(false); - } - - void generate_assignments() { - for (std::size_t i = 0; i < 32; ++i) { - this->bp.val(result_bits[i]) = - this->bp.lc_val(X[i]) * this->bp.lc_val(Y[i]) + - (FieldType::value_type::one() - this->bp.lc_val(X[i])) * this->bp.lc_val(Z[i]); - } - pack_result->generate_assignments_from_bits(); - } - }; - - /* Page 10 of http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf */ - template - class majority_component : public component { - private: - blueprint_variable_vector result_bits; - std::shared_ptr> pack_result; - - public: - blueprint_linear_combination_vector X; - blueprint_linear_combination_vector Y; - blueprint_linear_combination_vector Z; - blueprint_variable result; - - majority_component(blueprint &bp, - const blueprint_linear_combination_vector &X, - const blueprint_linear_combination_vector &Y, - const blueprint_linear_combination_vector &Z, - const blueprint_variable &result) : - component(bp), - X(X), Y(Y), Z(Z), result(result) { - result_bits.allocate(bp, 32); - pack_result.reset(new packing(bp, result_bits, result)); - } - - void generate_gates() { - for (std::size_t i = 0; i < 32; ++i) { - /* - 2*result + aux = x + y + z - x, y, z, aux -- bits - aux = x + y + z - 2*result - */ - generate_boolean_r1cs_constraint(this->bp, result_bits[i]); - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(X[i] + Y[i] + Z[i] - 2 * result_bits[i], - 1 - (X[i] + Y[i] + Z[i] - 2 * result_bits[i]), 0)); - } - pack_result->generate_gates(false); - } - - void generate_assignments() { - - // temporary added until fixed-precision modular adaptor is ready: - typedef boost::multiprecision::number< - boost::multiprecision::backends::cpp_int_backend<>> - non_fixed_precision_integral_type; - - using integral_type = typename FieldType::integral_type; - - for (std::size_t i = 0; i < 32; ++i) { - const non_fixed_precision_integral_type v = non_fixed_precision_integral_type( - (this->bp.lc_val(X[i]) + this->bp.lc_val(Y[i]) + this->bp.lc_val(Z[i])).data); - this->bp.val(result_bits[i]) = typename FieldType::value_type(integral_type(v / 2)); - } - - pack_result->generate_assignments_from_bits(); - } - }; - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_AUX_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_component.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_component.hpp deleted file mode 100644 index d05d86db4d..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_component.hpp +++ /dev/null @@ -1,373 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for top-level SHA256 components. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENT_HPP - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - /** - * Component for the SHA256 compression function. - */ - template - class sha256_compression_function_component : public component { - public: - std::vector> round_a; - std::vector> round_b; - std::vector> round_c; - std::vector> round_d; - std::vector> round_e; - std::vector> round_f; - std::vector> round_g; - std::vector> round_h; - - blueprint_variable_vector packed_W; - std::shared_ptr> message_schedule; - std::vector> round_functions; - - blueprint_variable_vector unreduced_output; - blueprint_variable_vector reduced_output; - std::vector> reduce_output; - - public: - blueprint_linear_combination_vector prev_output; - blueprint_variable_vector new_block; - digest_variable output; - - sha256_compression_function_component( - blueprint &bp, - const blueprint_linear_combination_vector &prev_output, - const blueprint_variable_vector &new_block, - const digest_variable &output) : - component(bp), - prev_output(prev_output), new_block(new_block), output(output) { - - /* message schedule and inputs for it */ - packed_W.allocate(bp, block::detail::shacal2_policy<256>::rounds); - message_schedule.reset( - new sha256_message_schedule_component(bp, new_block, packed_W)); - - /* initalize */ - round_a.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 7 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 8 * hashes::sha2<256>::word_bits)); - round_b.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 6 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 7 * hashes::sha2<256>::word_bits)); - round_c.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 5 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 6 * hashes::sha2<256>::word_bits)); - round_d.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 4 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 5 * hashes::sha2<256>::word_bits)); - round_e.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 3 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 4 * hashes::sha2<256>::word_bits)); - round_f.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 2 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 3 * hashes::sha2<256>::word_bits)); - round_g.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 1 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 2 * hashes::sha2<256>::word_bits)); - round_h.push_back(blueprint_linear_combination_vector( - prev_output.rbegin() + 0 * hashes::sha2<256>::word_bits, - prev_output.rbegin() + 1 * hashes::sha2<256>::word_bits)); - - /* do the rounds */ - for (std::size_t i = 0; i < block::detail::shacal2_policy<256>::rounds; ++i) { - round_h.push_back(round_g[i]); - round_g.push_back(round_f[i]); - round_f.push_back(round_e[i]); - round_d.push_back(round_c[i]); - round_c.push_back(round_b[i]); - round_b.push_back(round_a[i]); - - blueprint_variable_vector new_round_a_variables; - new_round_a_variables.allocate(bp, hashes::sha2<256>::word_bits); - round_a.emplace_back(new_round_a_variables); - - blueprint_variable_vector new_round_e_variables; - new_round_e_variables.allocate(bp, hashes::sha2<256>::word_bits); - round_e.emplace_back(new_round_e_variables); - - round_functions.push_back(sha256_round_function_component( - bp, round_a[i], round_b[i], round_c[i], round_d[i], round_e[i], round_f[i], round_g[i], - round_h[i], packed_W[i], block::detail::shacal2_policy<256>::constants[i], - round_a[i + 1], round_e[i + 1])); - } - - /* finalize */ - unreduced_output.allocate(bp, 8); - reduced_output.allocate(bp, 8); - for (std::size_t i = 0; i < 8; ++i) { - reduce_output.push_back(lastbits_component( - bp, - unreduced_output[i], - hashes::sha2<256>::word_bits + 1, - reduced_output[i], - blueprint_variable_vector( - output.bits.rbegin() + (7 - i) * hashes::sha2<256>::word_bits, - output.bits.rbegin() + (8 - i) * hashes::sha2<256>::word_bits))); - } - } - void generate_gates() { - message_schedule->generate_gates(); - for (std::size_t i = 0; i < block::detail::shacal2_policy<256>::rounds; ++i) { - round_functions[i].generate_gates(); - } - - for (std::size_t i = 0; i < 4; ++i) { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, - round_functions[3 - i].packed_d + round_functions[63 - i].packed_new_a, - unreduced_output[i])); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, - round_functions[3 - i].packed_h + round_functions[63 - i].packed_new_e, - unreduced_output[4 + i])); - } - - for (std::size_t i = 0; i < 8; ++i) { - reduce_output[i].generate_gates(); - } - } - void generate_assignments() { - message_schedule->generate_assignments(); - - for (std::size_t i = 0; i < block::detail::shacal2_policy<256>::rounds; ++i) { - round_functions[i].generate_assignments(); - } - - for (std::size_t i = 0; i < 4; ++i) { - this->bp.val(unreduced_output[i]) = this->bp.val(round_functions[3 - i].packed_d) + - this->bp.val(round_functions[63 - i].packed_new_a); - this->bp.val(unreduced_output[4 + i]) = this->bp.val(round_functions[3 - i].packed_h) + - this->bp.val(round_functions[63 - i].packed_new_e); - } - - for (std::size_t i = 0; i < 8; ++i) { - reduce_output[i].generate_assignments(); - } - } - }; - - /** - * Component for the SHA256 compression function, viewed as a 2-to-1 hash - * function, and using the same initialization vector as in SHA256 - * specification. Thus, any collision for - * sha256_two_to_one_hash_component trivially extends to a collision for - * full SHA256 (by appending the same padding). - */ - template - class sha256_two_to_one_hash_component : public component { - public: - typedef std::vector hash_value_type; - typedef digest_variable hash_variable_type; - typedef snark::merkle_authentication_path merkle_authentication_path_type; - - std::shared_ptr> f; - - sha256_two_to_one_hash_component(blueprint &bp, - const digest_variable &left, - const digest_variable &right, - const digest_variable &output) : - component(bp) { - - /* concatenate block = left || right */ - blueprint_variable_vector block; - block.insert(block.end(), left.bits.begin(), left.bits.end()); - block.insert(block.end(), right.bits.begin(), right.bits.end()); - - /* compute the hash itself */ - f.reset(new sha256_compression_function_component( - bp, SHA256_default_IV(bp), block, output)); - } - sha256_two_to_one_hash_component(blueprint &bp, - std::size_t block_length, - const block_variable &input_block, - const digest_variable &output) : - component(bp) { - - assert(block_length == hashes::sha2<256>::block_bits); - assert(input_block.bits.size() == block_length); - f.reset(new sha256_compression_function_component( - bp, SHA256_default_IV(bp), input_block.bits, output)); - } - - void generate_gates(bool ensure_output_bitness = true) { // TODO: ignored for now - f->generate_gates(); - } - - void generate_assignments() { - f->generate_assignments(); - } - - static std::size_t get_block_len() { - return hashes::sha2<256>::block_bits; - } - - static std::size_t get_digest_len() { - return hashes::sha2<256>::digest_bits; - } - - static std::vector get_hash(const std::vector &input) { - blueprint bp; - - block_variable input_variable(bp, hashes::sha2<256>::block_bits); - digest_variable output_variable(bp, hashes::sha2<256>::digest_bits); - sha256_two_to_one_hash_component f(bp, hashes::sha2<256>::block_bits, input_variable, - output_variable); - - input_variable.generate_assignments(input); - f.generate_assignments(); - - return output_variable.get_digest(); - } - - static std::size_t - expected_constraints(bool ensure_output_bitness = true) { // TODO: ignored for now - return 27280; /* hardcoded for now */ - } - }; - - /** - * Component for arbitary length sha256 hash based on - * Merkle-Damagard padding. (i.e. standard sha256). - */ - template - class sha256_hash_component : public component { - public: - typedef std::vector hash_value_type; - typedef digest_variable hash_variable_type; - typedef snark::merkle_authentication_path merkle_authentication_path_type; - - std::vector>> blocks_components; - std::vector> blocks_bits; - std::vector>> intermediate_outputs; - std::shared_ptr> padding; - - sha256_hash_component(blueprint &bp, - std::size_t input_len, - const block_variable &block_input, - const digest_variable &output) : - component(bp) { - - assert(input_len == block_input.block_size); - const int length_bits_size = 64; - - padding.reset(new merkle_damagard_padding(bp, input_len, length_bits_size, - hashes::sha2<256>::block_bits)); - blueprint_variable_vector bits = block_input.bits; - bits.insert(bits.end(), padding->bits.begin(), padding->bits.end()); - assert(bits.size() % hashes::sha2<256>::block_bits == 0); - std::size_t num_blocks = bits.size() / hashes::sha2<256>::block_bits; - - intermediate_outputs.resize(num_blocks - 1); - blocks_components.resize(num_blocks); - blocks_bits.resize(num_blocks); - - const std::size_t chunk = hashes::sha2<256>::block_bits; - - for (std::size_t i = 0; i < num_blocks; ++i) { - blocks_bits[i] = blueprint_variable_vector(bits.begin() + i * chunk, - bits.begin() + (i + 1) * chunk); - } - - for (std::size_t i = 0; i < num_blocks - 1; ++i) { - intermediate_outputs[i].reset( - new digest_variable(bp, hashes::sha2<256>::digest_bits)); - } - - if (num_blocks == 1) { - blocks_components[0].reset(new sha256_compression_function_component( - bp, SHA256_default_IV(bp), blocks_bits[0], output)); - } else { - blocks_components[0].reset(new sha256_compression_function_component( - bp, SHA256_default_IV(bp), blocks_bits[0], *intermediate_outputs[0])); - for (std::size_t i = 1; i < num_blocks - 1; ++i) { - blueprint_linear_combination_vector lcv(intermediate_outputs[i - 1]->bits); - blocks_components[i].reset(new sha256_compression_function_component( - bp, lcv, blocks_bits[i], *intermediate_outputs[i])); - } - blueprint_linear_combination_vector lcv( - intermediate_outputs[num_blocks - 2]->bits); - blocks_components[num_blocks - 1].reset( - new sha256_compression_function_component( - bp, lcv, blocks_bits[num_blocks - 1], output)); - } - } - - void generate_gates(bool ensure_output_bitness = true) { // TODO: ignored for now - padding->generate_gates(); - for (auto f : blocks_components) { - f->generate_gates(); - } - } - - void generate_assignments() { - padding->generate_assignments(); - for (auto f : blocks_components) { - f->generate_assignments(); - } - } - - static std::size_t get_block_len() { - return hashes::sha2<256>::block_bits; - } - - static std::size_t get_digest_len() { - return hashes::sha2<256>::digest_bits; - } - - static std::vector get_hash(const std::vector &input) { - blueprint bp; - - block_variable input_variable(bp, input.size()); - digest_variable output_variable(bp, hashes::sha2<256>::digest_bits); - sha256_hash_component f(bp, input_variable.block_size, input_variable, - output_variable); - - input_variable.generate_assignments(input); - f.generate_assignments(); - - return output_variable.get_digest(); - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_construction.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_construction.hpp deleted file mode 100644 index acc0bbd0c3..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/hashes/sha2/r1cs/sha256_construction.hpp +++ /dev/null @@ -1,300 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for components for the SHA256 message schedule and round function. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENTS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENTS_HPP - -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template - class sha256_message_schedule_component : public component { - public: - std::vector> W_bits; - std::vector>> pack_W; - - std::vector> sigma0; - std::vector> sigma1; - std::vector>> compute_sigma0; - std::vector>> compute_sigma1; - std::vector> unreduced_W; - std::vector>> mod_reduce_W; - - public: - blueprint_variable_vector M; - blueprint_variable_vector packed_W; - sha256_message_schedule_component(blueprint &bp, - const blueprint_variable_vector &M, - const blueprint_variable_vector &packed_W) : - component(bp), - M(M), packed_W(packed_W) { - - W_bits.resize(64); - - pack_W.resize(16); - for (std::size_t i = 0; i < 16; ++i) { - W_bits[i] = blueprint_variable_vector( - M.rbegin() + (15 - i) * hashes::sha2<256>::word_bits, - M.rbegin() + (16 - i) * hashes::sha2<256>::word_bits); - - pack_W[i].reset(new packing(bp, W_bits[i], packed_W[i])); - } - - /* NB: some of those will be un-allocated */ - sigma0.resize(64); - sigma1.resize(64); - compute_sigma0.resize(64); - compute_sigma1.resize(64); - unreduced_W.resize(64); - mod_reduce_W.resize(64); - - for (std::size_t i = 16; i < block::detail::shacal2_policy<256>::rounds; ++i) { - /* allocate result variables for sigma0/sigma1 invocations */ - sigma0[i].allocate(bp); - sigma1[i].allocate(bp); - - /* compute sigma0/sigma1 */ - compute_sigma0[i].reset( - new small_sigma_component(bp, W_bits[i - 15], sigma0[i], 7, 18, 3)); - compute_sigma1[i].reset( - new small_sigma_component(bp, W_bits[i - 2], sigma1[i], 17, 19, 10)); - - /* unreduced_W = sigma0(W_{i-15}) + sigma1(W_{i-2}) + W_{i-7} + W_{i-16} before modulo - * 2^32 - */ - unreduced_W[i].allocate(bp); - - /* allocate the bit representation of packed_W[i] */ - W_bits[i].allocate(bp, hashes::sha2<256>::word_bits); - - /* and finally reduce this into packed and bit representations */ - mod_reduce_W[i].reset(new lastbits_component( - bp, unreduced_W[i], hashes::sha2<256>::word_bits + 2, packed_W[i], W_bits[i])); - } - } - - void generate_gates() { - for (std::size_t i = 0; i < 16; ++i) { - pack_W[i]->generate_gates( - false); // do not enforce bitness here; caller be aware. - } - - for (std::size_t i = 16; i < block::detail::shacal2_policy<256>::rounds; ++i) { - compute_sigma0[i]->generate_gates(); - compute_sigma1[i]->generate_gates(); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, sigma0[i] + sigma1[i] + packed_W[i - 16] + packed_W[i - 7], unreduced_W[i])); - - mod_reduce_W[i]->generate_gates(); - } - } - - void generate_assignments() { - for (std::size_t i = 0; i < 16; ++i) { - pack_W[i]->generate_assignments_from_bits(); - } - - for (std::size_t i = 16; i < block::detail::shacal2_policy<256>::rounds; ++i) { - compute_sigma0[i]->generate_assignments(); - compute_sigma1[i]->generate_assignments(); - - this->bp.val(unreduced_W[i]) = this->bp.val(sigma0[i]) + this->bp.val(sigma1[i]) + - this->bp.val(packed_W[i - 16]) + - this->bp.val(packed_W[i - 7]); - - mod_reduce_W[i]->generate_assignments(); - } - } - }; - - template - class sha256_round_function_component : public component { - public: - blueprint_variable sigma0; - blueprint_variable sigma1; - std::shared_ptr> compute_sigma0; - std::shared_ptr> compute_sigma1; - blueprint_variable choice; - blueprint_variable majority; - std::shared_ptr> compute_choice; - std::shared_ptr> compute_majority; - blueprint_variable packed_d; - std::shared_ptr> pack_d; - blueprint_variable packed_h; - std::shared_ptr> pack_h; - blueprint_variable unreduced_new_a; - blueprint_variable unreduced_new_e; - std::shared_ptr> mod_reduce_new_a; - std::shared_ptr> mod_reduce_new_e; - blueprint_variable packed_new_a; - blueprint_variable packed_new_e; - - public: - blueprint_linear_combination_vector a; - blueprint_linear_combination_vector b; - blueprint_linear_combination_vector c; - blueprint_linear_combination_vector d; - blueprint_linear_combination_vector e; - blueprint_linear_combination_vector f; - blueprint_linear_combination_vector g; - blueprint_linear_combination_vector h; - blueprint_variable W; - long K; - blueprint_linear_combination_vector new_a; - blueprint_linear_combination_vector new_e; - - sha256_round_function_component(blueprint &bp, - const blueprint_linear_combination_vector &a, - const blueprint_linear_combination_vector &b, - const blueprint_linear_combination_vector &c, - const blueprint_linear_combination_vector &d, - const blueprint_linear_combination_vector &e, - const blueprint_linear_combination_vector &f, - const blueprint_linear_combination_vector &g, - const blueprint_linear_combination_vector &h, - const blueprint_variable &W, - const long &K, - const blueprint_linear_combination_vector &new_a, - const blueprint_linear_combination_vector &new_e) : - component(bp), - a(a), b(b), c(c), d(d), e(e), f(f), g(g), h(h), W(W), K(K), new_a(new_a), new_e(new_e) { - - /* compute sigma0 and sigma1 */ - sigma0.allocate(bp); - sigma1.allocate(bp); - compute_sigma0.reset(new big_sigma_component(bp, a, sigma0, 2, 13, 22)); - compute_sigma1.reset(new big_sigma_component(bp, e, sigma1, 6, 11, 25)); - - /* compute choice */ - choice.allocate(bp); - compute_choice.reset(new choice_component(bp, e, f, g, choice)); - - /* compute majority */ - majority.allocate(bp); - compute_majority.reset(new majority_component(bp, a, b, c, majority)); - - /* pack d */ - packed_d.allocate(bp); - pack_d.reset(new packing(bp, d, packed_d)); - - /* pack h */ - packed_h.allocate(bp); - pack_h.reset(new packing(bp, h, packed_h)); - - /* compute the actual results for the round */ - unreduced_new_a.allocate(bp); - unreduced_new_e.allocate(bp); - - packed_new_a.allocate(bp); - packed_new_e.allocate(bp); - - mod_reduce_new_a.reset(new lastbits_component( - bp, unreduced_new_a, hashes::sha2<256>::word_bits + 3, packed_new_a, new_a)); - mod_reduce_new_e.reset(new lastbits_component( - bp, unreduced_new_e, hashes::sha2<256>::word_bits + 3, packed_new_e, new_e)); - } - - void generate_gates() { - compute_sigma0->generate_gates(); - compute_sigma1->generate_gates(); - - compute_choice->generate_gates(); - compute_majority->generate_gates(); - - pack_d->generate_gates(false); - pack_h->generate_gates(false); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, packed_h + sigma1 + choice + K + W + sigma0 + majority, unreduced_new_a)); - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, packed_d + packed_h + sigma1 + choice + K + W, unreduced_new_e)); - - mod_reduce_new_a->generate_gates(); - mod_reduce_new_e->generate_gates(); - } - - void generate_assignments() { - compute_sigma0->generate_assignments(); - compute_sigma1->generate_assignments(); - - compute_choice->generate_assignments(); - compute_majority->generate_assignments(); - pack_d->generate_assignments_from_bits(); - pack_h->generate_assignments_from_bits(); - - this->bp.val(unreduced_new_a) = this->bp.val(packed_h) + this->bp.val(sigma1) + - this->bp.val(choice) + typename FieldType::value_type(K) + - this->bp.val(W) + this->bp.val(sigma0) + this->bp.val(majority); - this->bp.val(unreduced_new_e) = this->bp.val(packed_d) + this->bp.val(packed_h) + - this->bp.val(sigma1) + this->bp.val(choice) + - typename FieldType::value_type(K) + this->bp.val(W); - - mod_reduce_new_a->generate_assignments(); - mod_reduce_new_e->generate_assignments(); - } - }; - - template - blueprint_linear_combination_vector SHA256_default_IV(blueprint &bp) { - using namespace hashes::detail; - - typename sha2_policy<256>::state_type iv = sha2_policy<256>::iv_generator()(); - - blueprint_linear_combination_vector result; - result.reserve(hashes::sha2<256>::digest_bits); - - for (std::size_t i = 0; i < hashes::sha2<256>::digest_bits; ++i) { - int iv_val = - iv[i / hashes::sha2<256>::word_bits] >> (31 - (i % hashes::sha2<256>::word_bits)) & 1; - - blueprint_linear_combination iv_element; - iv_element.assign(bp, iv_val * blueprint_variable(0)); - iv_element.evaluate(bp); - - result.emplace_back(iv_element); - } - - return result; - } - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENTS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/authentication_path.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/authentication_path.hpp deleted file mode 100644 index c157a7132c..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/authentication_path.hpp +++ /dev/null @@ -1,92 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the SEppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_AUTHENTICATION_PATH_VARIABLE_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_AUTHENTICATION_PATH_VARIABLE_HPP - -#include -#include -#include - -namespace nil { - namespace blueprint { - namespace components { - - template - struct merkle_authentication_path_variable : public component { - - const std::size_t tree_depth; - std::vector> left_digests; - std::vector> right_digests; - - merkle_authentication_path_variable(blueprint &bp, const std::size_t tree_depth) : - component(bp), tree_depth(tree_depth) { - for (std::size_t i = 0; i < tree_depth; ++i) { - left_digests.emplace_back(digest_variable(bp, Hash::get_digest_len())); - right_digests.emplace_back(digest_variable(bp, Hash::get_digest_len())); - } - } - - void generate_gates() { - for (std::size_t i = 0; i < tree_depth; ++i) { - left_digests[i].generate_gates(); - right_digests[i].generate_gates(); - } - } - - void generate_assignments(const std::size_t address, - const snark::merkle_authentication_path &path) { - assert(path.size() == tree_depth); - - for (std::size_t i = 0; i < tree_depth; ++i) { - if (address & (1ul << (tree_depth - 1 - i))) { - left_digests[i].generate_assignments(path[i]); - } else { - right_digests[i].generate_assignments(path[i]); - } - } - } - - snark::merkle_authentication_path get_authentication_path(const std::size_t address) const { - snark::merkle_authentication_path result; - for (std::size_t i = 0; i < tree_depth; ++i) { - if (address & (1ul << (tree_depth - 1 - i))) { - result.emplace_back(left_digests[i].get_digest()); - } else { - result.emplace_back(right_digests[i].get_digest()); - } - } - - return result; - } - }; - } // namespace components - } // namespace blueprint -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_AUTHENTICATION_PATH_VARIABLE_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/check_read.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/check_read.hpp deleted file mode 100644 index baa6aacc51..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/check_read.hpp +++ /dev/null @@ -1,188 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the Merkle tree check read component. -// -// The component checks the following: given a root R, address A, value V, and -// authentication path P, check that P is a valid authentication path for the -// value V as the A-th leaf in a Merkle tree with root R. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_READ_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_READ_COMPONENT_HPP - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace blueprint { - namespace components { - - template - class merkle_tree_check_read_component : public component { - private: - std::vector hashers; - std::vector> hasher_inputs; - std::vector> propagators; - std::vector> internal_output; - - std::shared_ptr> computed_root; - std::shared_ptr> check_root; - - public: - const std::size_t digest_size; - const std::size_t tree_depth; - blueprint_linear_combination_vector address_bits; - digest_variable leaf; - digest_variable root; - merkle_authentication_path_variable path; - blueprint_linear_combination read_successful; - - merkle_tree_check_read_component(blueprint &bp, - const std::size_t tree_depth, - const blueprint_linear_combination_vector &address_bits, - const digest_variable &leaf_digest, - const digest_variable &root_digest, - const merkle_authentication_path_variable &path, - const blueprint_linear_combination &read_successful); - - void generate_gates(); - void generate_assignments(); - - static std::size_t root_size_in_bits(); - /* for debugging purposes */ - static std::size_t expected_constraints(const std::size_t tree_depth); - }; - - template - merkle_tree_check_read_component::merkle_tree_check_read_component( - blueprint &bp, - const std::size_t tree_depth, - const blueprint_linear_combination_vector &address_bits, - const digest_variable &leaf, - const digest_variable &root, - const merkle_authentication_path_variable &path, - const blueprint_linear_combination &read_successful) : - component(bp), - digest_size(Hash::get_digest_len()), tree_depth(tree_depth), address_bits(address_bits), leaf(leaf), - root(root), path(path), read_successful(read_successful) { - /* - The tricky part here is ordering. For Merkle tree - authentication paths, path[0] corresponds to one layer below - the root (and path[tree_depth-1] corresponds to the layer - containing the leaf), while address_bits has the reverse order: - address_bits[0] is LSB, and corresponds to layer containing the - leaf, and address_bits[tree_depth-1] is MSB, and corresponds to - the subtree directly under the root. - */ - assert(tree_depth > 0); - assert(tree_depth == address_bits.size()); - - for (std::size_t i = 0; i < tree_depth - 1; ++i) { - internal_output.emplace_back(digest_variable(bp, digest_size)); - } - - computed_root.reset(new digest_variable(bp, digest_size)); - - for (std::size_t i = 0; i < tree_depth; ++i) { - block_variable inp(bp, path.left_digests[i], path.right_digests[i]); - hasher_inputs.emplace_back(inp); - hashers.emplace_back( - Hash(bp, 2 * digest_size, inp, (i == 0 ? *computed_root : internal_output[i - 1]))); - } - - for (std::size_t i = 0; i < tree_depth; ++i) { - /* - The propagators take a computed hash value (or leaf in the - base case) and propagate it one layer up, either in the left - or the right slot of authentication_path_variable. - */ - propagators.emplace_back(digest_selector_component( - bp, digest_size, i < tree_depth - 1 ? internal_output[i] : leaf, - address_bits[tree_depth - 1 - i], path.left_digests[i], path.right_digests[i])); - } - - check_root.reset(new bit_vector_copy_component(bp, computed_root->bits, root.bits, - read_successful, FieldType::number_bits)); - } - - template - void merkle_tree_check_read_component::generate_gates() { - /* ensure correct hash computations */ - for (std::size_t i = 0; i < tree_depth; ++i) { - // Note that we check root outside and have enforced booleanity of - // path.left_digests/path.right_digests outside in path.generate_gates - hashers[i].generate_gates(false); - } - - /* ensure consistency of path.left_digests/path.right_digests with internal_output */ - for (std::size_t i = 0; i < tree_depth; ++i) { - propagators[i].generate_gates(); - } - - check_root->generate_gates(false, false); - } - - template - void merkle_tree_check_read_component::generate_assignments() { - /* do the hash computations bottom-up */ - for (int i = tree_depth - 1; i >= 0; --i) { - /* propagate previous input */ - propagators[i].generate_assignments(); - - /* compute hash */ - hashers[i].generate_assignments(); - } - - check_root->generate_assignments(); - } - - template - std::size_t merkle_tree_check_read_component::root_size_in_bits() { - return Hash::get_digest_len(); - } - - template - std::size_t merkle_tree_check_read_component::expected_constraints( - const std::size_t tree_depth) { - /* NB: this includes path constraints */ - const std::size_t hasher_constraints = tree_depth * Hash::expected_constraints(false); - const std::size_t propagator_constraints = tree_depth * Hash::get_digest_len(); - const std::size_t authentication_path_constraints = 2 * tree_depth * Hash::get_digest_len(); - const std::size_t check_root_constraints = - 3 * (Hash::get_digest_len() + (FieldType::capacity()) - 1) / FieldType::capacity(); - - return hasher_constraints + propagator_constraints + authentication_path_constraints + - check_root_constraints; - } - - } // namespace components - } // namespace blueprint -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_READ_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/check_update.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/check_update.hpp deleted file mode 100644 index 5f2e0e24aa..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/check_update.hpp +++ /dev/null @@ -1,217 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the Merkle tree check update component. -// -// The component checks the following: given two roots R1 and R2, address A, two -// values V1 and V2, and authentication path P, check that -// - P is a valid authentication path for the value V1 as the A-th leaf in a Merkle tree with root R1, and -// - P is a valid authentication path for the value V2 as the A-th leaf in a Merkle tree with root R2. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_UPDATE_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_UPDATE_COMPONENT_HPP - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template, typename FieldType = typename HashComponent::field_type, - std::size_t Arity = 2> - class merkle_proof_update : public component { - using hash_type = typename HashComponent::hash_type; - - static_assert(std::is_same, typename HashComponent::result_type>::value); - // TODO: add support of the trees with arity more than 2 - static_assert(Arity == 2); - - std::vector prev_hashers; - std::vector> prev_hasher_inputs; - std::vector> prev_propagators; - std::vector> prev_internal_output; - - std::vector next_hashers; - std::vector> next_hasher_inputs; - std::vector> next_propagators; - std::vector> next_internal_output; - - std::shared_ptr> computed_next_root; - std::shared_ptr> check_next_root; - - public: - const std::size_t digest_size; - const std::size_t tree_depth; - - blueprint_variable_vector address_bits; - digest_variable prev_leaf_digest; - digest_variable prev_root_digest; - merkle_proof prev_path; - digest_variable next_leaf_digest; - digest_variable next_root_digest; - merkle_proof next_path; - blueprint_linear_combination update_successful; - - /* Note that while it is necessary to generate R1CS constraints - for prev_path, it is not necessary to do so for next_path. See - comment in the implementation of generate_gates() */ - - merkle_proof_update(blueprint &bp, - const std::size_t tree_depth, - const blueprint_variable_vector &address_bits, - const digest_variable &prev_leaf_digest, - const digest_variable &prev_root_digest, - const merkle_proof &prev_path, - const digest_variable &next_leaf_digest, - const digest_variable &next_root_digest, - const merkle_proof &next_path, - const blueprint_linear_combination &update_successful) : - component(bp), - digest_size(hash_type::digest_bits), tree_depth(tree_depth), address_bits(address_bits), - prev_leaf_digest(prev_leaf_digest), prev_root_digest(prev_root_digest), prev_path(prev_path), - next_leaf_digest(next_leaf_digest), next_root_digest(next_root_digest), next_path(next_path), - update_successful(update_successful) { - assert(tree_depth > 0); - assert(tree_depth == address_bits.size()); - - for (std::size_t i = 0; i < tree_depth - 1; ++i) { - prev_internal_output.emplace_back(digest_variable(bp, digest_size)); - next_internal_output.emplace_back(digest_variable(bp, digest_size)); - } - - computed_next_root.reset(new digest_variable(bp, digest_size)); - - for (std::size_t i = 0; i < tree_depth; ++i) { - // TODO: generalize for Arity > 2 - block_variable prev_inp(bp, prev_path.path[i][0], prev_path.path[i][1]); - prev_hasher_inputs.emplace_back(prev_inp); - prev_hashers.emplace_back( - HashComponent(bp, prev_inp, (i == 0 ? prev_root_digest : prev_internal_output[i - 1]))); - - // TODO: generalize for Arity > 2 - block_variable next_inp(bp, next_path.path[i][0], next_path.path[i][1]); - next_hasher_inputs.emplace_back(next_inp); - next_hashers.emplace_back(HashComponent( - bp, next_inp, (i == 0 ? *computed_next_root : next_internal_output[i - 1]))); - } - - for (std::size_t i = 0; i < tree_depth; ++i) { - // TODO: generalize for Arity > 2 - prev_propagators.emplace_back(digest_selector_component( - bp, digest_size, i < tree_depth - 1 ? prev_internal_output[i] : prev_leaf_digest, - address_bits[tree_depth - 1 - i], prev_path.path[i][0], prev_path.path[i][1])); - // TODO: generalize for Arity > 2 - next_propagators.emplace_back(digest_selector_component( - bp, digest_size, i < tree_depth - 1 ? next_internal_output[i] : next_leaf_digest, - address_bits[tree_depth - 1 - i], next_path.path[i][0], next_path.path[i][1])); - } - - check_next_root.reset(new bit_vector_copy_component( - bp, computed_next_root->bits, next_root_digest.bits, update_successful, - FieldType::value_bits - 1)); - } - - void generate_gates() { - /* ensure correct hash computations */ - for (std::size_t i = 0; i < tree_depth; ++i) { - prev_hashers[i].generate_gates( - false); // we check root outside and prev_left/prev_right above - next_hashers[i].generate_gates( - true); // however we must check right side hashes - } - - /* ensure consistency of internal_left/internal_right with internal_output */ - for (std::size_t i = 0; i < tree_depth; ++i) { - prev_propagators[i].generate_gates(); - next_propagators[i].generate_gates(); - } - - /* ensure that prev auxiliary input and next auxiliary input match */ - for (std::size_t i = 0; i < tree_depth; ++i) { - for (std::size_t j = 0; j < digest_size; ++j) { - /* - addr * (prev_left - next_left) + (1 - addr) * (prev_right - next_right) = 0 - addr * (prev_left - next_left - prev_right + next_right) = next_right - prev_right - */ - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - address_bits[tree_depth - 1 - i], - prev_path.left_digests[i].bits[j] - next_path.left_digests[i].bits[j] - - prev_path.right_digests[i].bits[j] + next_path.right_digests[i].bits[j], - next_path.right_digests[i].bits[j] - prev_path.right_digests[i].bits[j])); - } - } - - /* Note that while it is necessary to generate R1CS constraints - for prev_path, it is not necessary to do so for next_path. - - This holds, because { next_path.left_inputs[i], - next_path.right_inputs[i] } is a pair { hash_output, - auxiliary_input }. The bitness for hash_output is enforced - above by next_hashers[i].generate_gates. - - Because auxiliary input is the same for prev_path and next_path - (enforced above), we have that auxiliary_input part is also - constrained to be boolean, because prev_path is *all* - constrained to be all boolean. */ - - check_next_root->generate_gates(false, false); - } - - void generate_assignments() { - /* do the hash computations bottom-up */ - for (int i = tree_depth - 1; i >= 0; --i) { - /* ensure consistency of prev_path and next_path */ - if (this->bp.val(address_bits[tree_depth - 1 - i]) == FieldType::value_type::zero()) { - next_path.left_digests[i].generate_assignments(prev_path.left_digests[i].get_digest()); - } else { - next_path.right_digests[i].generate_assignments( - prev_path.right_digests[i].get_digest()); - } - - /* propagate previous input */ - prev_propagators[i].generate_assignments(); - next_propagators[i].generate_assignments(); - - /* compute hash */ - prev_hashers[i].generate_assignments(); - next_hashers[i].generate_assignments(); - } - - check_next_root->generate_assignments(); - } - }; - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_UPDATE_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/prove.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/prove.hpp deleted file mode 100644 index 18cece40cb..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/prove.hpp +++ /dev/null @@ -1,122 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the SEppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_AUTHENTICATION_PATH_VARIABLE_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_AUTHENTICATION_PATH_VARIABLE_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace blueprint { - namespace components { - template, - typename FieldType = typename HashComponent::field_type, std::size_t Arity = 2> - struct merkle_proof : public component { - using merkle_tree_container = - nil::crypto3::containers::merkle_tree; - using merkle_proof_container = - nil::crypto3::containers::merkle_proof; - using path_type = std::vector>>; - - std::size_t address; - const std::size_t tree_depth; - path_type path; - - merkle_proof(blueprint &bp, const std::size_t tree_depth) : - component(bp), tree_depth(tree_depth) { - - for (std::size_t i = 0; i < tree_depth; ++i) { - std::vector> layer; - - for (std::size_t j = 0; j < Arity; ++j) { - layer.template emplace_back<>( - digest_variable(this->bp, HashComponent::digest_bits)); - } - - path.emplace_back(layer); - } - } - - void generate_gates() { - for (std::size_t i = 0; i < tree_depth; ++i) { - for (std::size_t j = 0; j < Arity; ++j) { - path[i][j].generate_gates(); - } - } - } - - void generate_assignments(const merkle_proof_container &proof, bool do_clear = false) { - // TODO: generalize for Arity > 2 - assert(Arity == 2); - assert(proof._path.size() == tree_depth); - - this->address = 0; - for (std::size_t i = 0; i < tree_depth; ++i) { - for (std::size_t j = 0; j < Arity - 1; ++j) { - auto position = proof._path[tree_depth - 1 - i][j]._position; - path[i][position].generate_assignments(proof._path[tree_depth - 1 - i][j]._hash); - this->address |= (position ? 0 : 1ul << (tree_depth - 1 - i)); - if (do_clear) { - path[i][position ? 0 : 1].generate_assignments( - std::vector(HashComponent::digest_bits, false)); - } - } - } - } - - void generate_assignments(std::size_t address, const std::vector> &proof) { - // TODO: generalize for Arity > 2 - assert(Arity == 2); - assert(proof.size() == tree_depth); - - for (std::size_t i = 0; i < tree_depth; ++i) { - if (address & (1ul << (tree_depth - 1 - i))) { - path[i][0].generate_assignments(proof[i]); - } else { - path[i][1].generate_assignments(proof[i]); - } - } - - this->address = address; - } - - /// For test only - static auto root(const merkle_proof_container &proof) { - return proof.root(); - } - }; - } // namespace components - } // namespace blueprint -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_AUTHENTICATION_PATH_VARIABLE_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/validate.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/validate.hpp deleted file mode 100644 index 80c26064c6..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/merkle_tree/r1cs/validate.hpp +++ /dev/null @@ -1,161 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the Merkle tree check read component. -// -// The component checks the following: given a root R, address A, value V, and -// authentication path P, check that P is a valid authentication path for the -// value V as the A-th leaf in a Merkle tree with root R. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_READ_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_READ_COMPONENT_HPP - -#include -#include -#include -#include - -namespace nil { - namespace blueprint { - namespace components { - template, typename Field = typename HashComponent::field_type, - std::size_t Arity = 2> - struct merkle_proof_validate : public component { - static constexpr std::size_t arity = Arity; - - using field_type = Field; - using hash_component = HashComponent; - using merkle_proof_component = merkle_proof; - - // TODO: add support of the trees with arity more than 2 - static_assert(arity == 2); - static_assert( - std::is_same, typename HashComponent::result_type>::value); - - private: - std::vector hashers; - std::vector> hasher_inputs; - std::vector> propagators; - std::vector> internal_output; - - std::shared_ptr> computed_root; - std::shared_ptr> check_root; - - public: - const std::size_t digest_size; - const std::size_t tree_depth; - detail::blueprint_linear_combination_vector address_bits; - digest_variable leaf; - digest_variable root; - merkle_proof_component path; - detail::blueprint_linear_combination read_successful; - - merkle_proof_validate(blueprint &bp, - const std::size_t tree_depth, - const detail::blueprint_linear_combination_vector &address_bits, - const digest_variable &leaf, - const digest_variable &root, - const merkle_proof_component &path, - const detail::blueprint_linear_combination &read_successful) : - component(bp), - digest_size(HashComponent::digest_bits), tree_depth(tree_depth), address_bits(address_bits), - leaf(leaf), root(root), path(path), read_successful(read_successful) { - /* - The tricky part here is ordering. For Merkle tree - authentication paths, path[0] corresponds to one layer below - the root (and path[tree_depth-1] corresponds to the layer - containing the leaf), while address_bits has the reverse order: - address_bits[0] is LSB, and corresponds to layer containing the - leaf, and address_bits[tree_depth-1] is MSB, and corresponds to - the subtree directly under the root. - */ - assert(tree_depth > 0); - assert(tree_depth == address_bits.size()); - - for (std::size_t i = 0; i < tree_depth - 1; ++i) { - internal_output.emplace_back(digest_variable(bp, digest_size)); - } - - computed_root.reset(new digest_variable(bp, digest_size)); - - for (std::size_t i = 0; i < tree_depth; ++i) { - // TODO: generalize for arity > 2 - block_variable inp(bp, path.path[i][0], path.path[i][1]); - hasher_inputs.emplace_back(inp); - hashers.emplace_back( - HashComponent(bp, inp, (i == 0 ? *computed_root : internal_output[i - 1]))); - } - - for (std::size_t i = 0; i < tree_depth; ++i) { - /* - The propagators take a computed hash value (or leaf in the - base case) and propagate it one layer up, either in the left - or the right slot of authentication_path_variable. - */ - // TODO: generalize for arity > 2 - propagators.emplace_back(digest_selector_component( - bp, digest_size, i < tree_depth - 1 ? internal_output[i] : leaf, - address_bits[tree_depth - 1 - i], path.path[i][0], path.path[i][1])); - } - - check_root.reset(new bit_vector_copy_component( - bp, computed_root->bits, root.bits, read_successful, field_type::number_bits)); - } - - void generate_gates() { - /* ensure correct hash computations */ - for (std::size_t i = 0; i < tree_depth; ++i) { - // Note that we check root outside and have enforced booleanity of - // path.left_digests/path.right_digests outside in path.generate_gates - hashers[i].generate_gates(false); - } - - /* ensure consistency of path.left_digests/path.right_digests with internal_output */ - for (std::size_t i = 0; i < tree_depth; ++i) { - propagators[i].generate_gates(); - } - - check_root->generate_gates(false, false); - } - - void generate_assignments() { - /* do the hash computations bottom-up */ - for (int i = tree_depth - 1; i >= 0; --i) { - /* propagate previous input */ - propagators[i].generate_assignments(); - - /* compute hash */ - hashers[i].generate_assignments(); - } - - check_root->generate_assignments(); - } - }; - } // namespace components - } // namespace blueprint -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MERKLE_TREE_CHECK_READ_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/routing/r1cs/as_waksman.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/routing/r1cs/as_waksman.hpp deleted file mode 100644 index 760f2052e2..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/routing/r1cs/as_waksman.hpp +++ /dev/null @@ -1,328 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the AS-Waksman routing component. -// -// The component verifies that the outputs are a permutation of the inputs, -// by use of an AS-Waksman network. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_AS_WAKSMAN_ROUTING_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_AS_WAKSMAN_ROUTING_COMPONENT_HPP - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template - struct as_waksman_routing : public component { - - /* - Indexing conventions: - - routed_packets[column_idx][packet_idx][subpacket_idx] - pack_inputs/unpack_outputs[packet_idx] - asw_switch_bits[column_idx][row_idx] - - Where column_idx ranges is in range 0 .. width and packet_idx is - in range 0 .. num_packets-1. - - Note that unlike in Bene\v{s} routing networks row_idx are - *not* necessarily consecutive; similarly for straight edges - routed_packets[column_idx][packet_idx] will *reuse* previously - allocated variables. - - */ - std::vector>> routed_packets; - std::vector> pack_inputs, unpack_outputs; - - /* - If #packets = 1 then we can route without explicit switch bits - (and save half the constraints); in this case asw_switch_bits will - be unused. - - For asw_switch_bits 0 corresponds to switch off (straight - connection), and 1 corresponds to switch on (crossed - connection). - */ - std::vector>> asw_switch_bits; - as_waksman_topology neighbors; - - public: - const std::size_t num_packets; - const std::size_t num_columns; - const std::vector> routing_input_bits; - const std::vector> routing_output_bits; - - const std::size_t packet_size, num_subpackets; - - as_waksman_routing_component( - blueprint &bp, - const std::size_t num_packets, - const std::vector> &routing_input_bits, - const std::vector> &routing_output_bits); - void generate_gates(); - void generate_assignments(const integer_permutation &permutation); - }; - - template - void test_as_waksman_routing_component(const std::size_t num_packets, const std::size_t packet_size); - - template - as_waksman_routing_component::as_waksman_routing_component( - blueprint &bp, - const std::size_t num_packets, - const std::vector> &routing_input_bits, - const std::vector> &routing_output_bits) : - component(bp), - num_packets(num_packets), num_columns(as_waksman_num_columns(num_packets)), - routing_input_bits(routing_input_bits), routing_output_bits(routing_output_bits), - packet_size(routing_input_bits[0].size()), - num_subpackets((packet_size + FieldType::capacity() - 1) / FieldType::capacity()) { - neighbors = generate_as_waksman_topology(num_packets); - routed_packets.resize(num_columns + 1); - - /* Two pass allocation. First allocate LHS packets, then for every - switch either copy over the variables from previously allocated - to allocate target packets */ - routed_packets[0].resize(num_packets); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - routed_packets[0][packet_idx].allocate(bp, num_subpackets); - } - - for (std::size_t column_idx = 0; column_idx < num_columns; ++column_idx) { - routed_packets[column_idx + 1].resize(num_packets); - - for (std::size_t row_idx = 0; row_idx < num_packets; ++row_idx) { - if (neighbors[column_idx][row_idx].first == neighbors[column_idx][row_idx].second) { - /* This is a straight edge, so just copy over the previously allocated subpackets */ - routed_packets[column_idx + 1][neighbors[column_idx][row_idx].first] = - routed_packets[column_idx][row_idx]; - } else { - const std::size_t straight_edge = neighbors[column_idx][row_idx].first; - const std::size_t cross_edge = neighbors[column_idx][row_idx].second; - routed_packets[column_idx + 1][straight_edge].allocate(bp, num_subpackets); - routed_packets[column_idx + 1][cross_edge].allocate(bp, num_subpackets); - ++row_idx; /* skip the next idx, as it to refers to the same packets */ - } - } - } - - /* create packing/unpacking components */ - pack_inputs.reserve(num_packets); - unpack_outputs.reserve(num_packets); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - pack_inputs.emplace_back(multipacking_component( - bp, - blueprint_variable_vector(routing_input_bits[packet_idx].begin(), - routing_input_bits[packet_idx].end()), - routed_packets[0][packet_idx], - FieldType::capacity())); - unpack_outputs.emplace_back(multipacking_component( - bp, - blueprint_variable_vector(routing_output_bits[packet_idx].begin(), - routing_output_bits[packet_idx].end()), - routed_packets[num_columns][packet_idx], - FieldType::capacity())); - } - - /* allocate switch bits */ - if (num_subpackets > 1) { - asw_switch_bits.resize(num_columns); - - for (std::size_t column_idx = 0; column_idx < num_columns; ++column_idx) { - for (std::size_t row_idx = 0; row_idx < num_packets; ++row_idx) { - if (neighbors[column_idx][row_idx].first != neighbors[column_idx][row_idx].second) { - asw_switch_bits[column_idx][row_idx].allocate(bp); - ++row_idx; /* next row_idx corresponds to the same switch, so skip it */ - } - } - } - } - } - - template - void as_waksman_routing_component::generate_gates() { - /* packing/unpacking */ - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - pack_inputs[packet_idx].generate_gates(false); - unpack_outputs[packet_idx].generate_gates(true); - } - - /* actual routing constraints */ - for (std::size_t column_idx = 0; column_idx < num_columns; ++column_idx) { - for (std::size_t row_idx = 0; row_idx < num_packets; ++row_idx) { - if (neighbors[column_idx][row_idx].first == neighbors[column_idx][row_idx].second) { - /* if there is no switch at this position, then just continue with next row_idx */ - continue; - } - - if (num_subpackets == 1) { - /* easy case: require that - (cur-straight_edge)*(cur-cross_edge) = 0 for both - switch inputs */ - for (std::size_t switch_input : {row_idx, row_idx + 1}) { - const std::size_t straight_edge = neighbors[column_idx][switch_input].first; - const std::size_t cross_edge = neighbors[column_idx][switch_input].second; - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - routed_packets[column_idx][switch_input][0] - - routed_packets[column_idx + 1][straight_edge][0], - routed_packets[column_idx][switch_input][0] - - routed_packets[column_idx + 1][cross_edge][0], - 0)); - } - } else { - /* require switching bit to be boolean */ - generate_boolean_r1cs_constraint(this->bp, - asw_switch_bits[column_idx][row_idx]); - - /* route forward according to the switch bit */ - for (std::size_t subpacket_idx = 0; subpacket_idx < num_subpackets; ++subpacket_idx) { - /* - (1-switch_bit) * (cur-straight_edge) + switch_bit * (cur-cross_edge) = 0 - switch_bit * (cross_edge-straight_edge) = cur-straight_edge - */ - for (std::size_t switch_input : {row_idx, row_idx + 1}) { - const std::size_t straight_edge = neighbors[column_idx][switch_input].first; - const std::size_t cross_edge = neighbors[column_idx][switch_input].second; - - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - asw_switch_bits[column_idx][row_idx], - routed_packets[column_idx + 1][cross_edge][subpacket_idx] - - routed_packets[column_idx + 1][straight_edge][subpacket_idx], - routed_packets[column_idx][switch_input][subpacket_idx] - - routed_packets[column_idx + 1][straight_edge][subpacket_idx])); - } - } - } - - /* we processed both switch inputs at once, so skip the next iteration */ - ++row_idx; - } - } - } - - template - void as_waksman_routing_component::generate_assignments( - const integer_permutation &permutation) { - /* pack inputs */ - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - pack_inputs[packet_idx].generate_assignments_from_bits(); - } - - /* do the routing */ - as_waksman_routing routing = get_as_waksman_routing(permutation); - - for (std::size_t column_idx = 0; column_idx < num_columns; ++column_idx) { - for (std::size_t row_idx = 0; row_idx < num_packets; ++row_idx) { - if (neighbors[column_idx][row_idx].first == neighbors[column_idx][row_idx].second) { - /* this is a straight edge, so just pass the values forward */ - const std::size_t next = neighbors[column_idx][row_idx].first; - - for (std::size_t subpacket_idx = 0; subpacket_idx < num_subpackets; ++subpacket_idx) { - this->bp.val(routed_packets[column_idx + 1][next][subpacket_idx]) = - this->bp.val(routed_packets[column_idx][row_idx][subpacket_idx]); - } - } else { - if (num_subpackets > 1) { - /* update the switch bit */ - this->bp.val(asw_switch_bits[column_idx][row_idx]) = - typename FieldType::value_type(routing[column_idx][row_idx] ? 1 : 0); - } - - /* route according to the switch bit */ - const bool switch_val = routing[column_idx][row_idx]; - - for (std::size_t switch_input : {row_idx, row_idx + 1}) { - const std::size_t straight_edge = neighbors[column_idx][switch_input].first; - const std::size_t cross_edge = neighbors[column_idx][switch_input].second; - - const std::size_t switched_edge = (switch_val ? cross_edge : straight_edge); - - for (std::size_t subpacket_idx = 0; subpacket_idx < num_subpackets; - ++subpacket_idx) { - this->bp.val(routed_packets[column_idx + 1][switched_edge][subpacket_idx]) = - this->bp.val(routed_packets[column_idx][switch_input][subpacket_idx]); - } - } - - /* we processed both switch inputs at once, so skip the next iteration */ - ++row_idx; - } - } - } - - /* unpack outputs */ - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - unpack_outputs[packet_idx].generate_assignments_from_packed(); - } - } - - template - void test_as_waksman_routing_component(const std::size_t num_packets, const std::size_t packet_size) { - blueprint bp; - integer_permutation permutation(num_packets); - permutation.random_shuffle(); - - std::vector> randbits(num_packets), outbits(num_packets); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - randbits[packet_idx].allocate(bp, packet_size); - outbits[packet_idx].allocate(bp, packet_size); - - for (std::size_t bit_idx = 0; bit_idx < packet_size; ++bit_idx) { - bp.val(randbits[packet_idx][bit_idx]) = - (rand() % 2) ? FieldType::value_type::zero() : FieldType::value_type::zero(); - } - } - as_waksman_routing_component r(bp, num_packets, randbits, outbits); - r.generate_gates(); - - r.generate_assignments(permutation); - - assert(bp.is_satisfied()); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - for (std::size_t bit_idx = 0; bit_idx < packet_size; ++bit_idx) { - assert(bp.val(outbits[permutation.get(packet_idx)][bit_idx]) == - bp.val(randbits[packet_idx][bit_idx])); - } - } - - bp.val(blueprint_variable(10)) = typename FieldType::value_type(12345); - assert(!bp.is_satisfied()); - } - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_AS_WAKSMAN_ROUTING_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/routing/r1cs/benes.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/routing/r1cs/benes.hpp deleted file mode 100644 index 0d40caa9de..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/routing/r1cs/benes.hpp +++ /dev/null @@ -1,228 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the Benes routing component. -// -// The component verifies that the outputs are a permutation of the inputs, -// by use of a Benes network. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_BENES_ROUTING_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_BENES_ROUTING_COMPONENT_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - - template - class benes_routing : public component { - private: - /* - Indexing conventions: - - routed_packets[column_idx][packet_idx][subpacket_idx] - pack_inputs/unpack_outputs[packet_idx] - benes_switch_bits[column_idx][row_idx] - - Where column_idx ranges is in range 0 .. 2*dimension - (2*dimension-1 for switch bits/topology) and packet_idx is in - range 0 .. num_packets-1. - */ - std::vector>> routed_packets; - std::vector> pack_inputs, unpack_outputs; - - /* - If #packets = 1 then we can route without explicit routing bits - (and save half the constraints); in this case benes_switch_bits will - be unused. - - For benes_switch_bits 0 corresponds to straight edge and 1 - corresponds to cross edge. - */ - std::vector> benes_switch_bits; - benes_topology neighbors; - - public: - const std::size_t num_packets; - const std::size_t num_columns; - - const std::vector> routing_input_bits; - const std::vector> routing_output_bits; - std::size_t lines_to_unpack; - - const std::size_t packet_size, num_subpackets; - - benes_routing_component( - blueprint &bp, - const std::size_t num_packets, - const std::vector> &routing_input_bits, - const std::vector> &routing_output_bits, - const std::size_t lines_to_unpack) : - component(bp), - num_packets(num_packets), num_columns(benes_num_columns(num_packets)), - routing_input_bits(routing_input_bits), routing_output_bits(routing_output_bits), - lines_to_unpack(lines_to_unpack), packet_size(routing_input_bits[0].size()), - num_subpackets((packet_size + FieldType::capacity() - 1) / FieldType::capacity()) { - assert(lines_to_unpack <= routing_input_bits.size()); - assert(num_packets == 1ul << static_cast(std::ceil(std::log2(num_packets)))); - assert(routing_input_bits.size() == num_packets); - - neighbors = generate_benes_topology(num_packets); - - routed_packets.resize(num_columns + 1); - for (std::size_t column_idx = 0; column_idx <= num_columns; ++column_idx) { - routed_packets[column_idx].resize(num_packets); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - routed_packets[column_idx][packet_idx].allocate(bp, num_subpackets); - } - } - - pack_inputs.reserve(num_packets); - unpack_outputs.reserve(num_packets); - - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - pack_inputs.emplace_back(multipacking_component( - bp, - blueprint_variable_vector(routing_input_bits[packet_idx].begin(), - routing_input_bits[packet_idx].end()), - routed_packets[0][packet_idx], - FieldType::capacity())); - if (packet_idx < lines_to_unpack) { - unpack_outputs.emplace_back(multipacking_component( - bp, - blueprint_variable_vector(routing_output_bits[packet_idx].begin(), - routing_output_bits[packet_idx].end()), - routed_packets[num_columns][packet_idx], - FieldType::capacity())); - } - } - - if (num_subpackets > 1) { - benes_switch_bits.resize(num_columns); - for (std::size_t column_idx = 0; column_idx < num_columns; ++column_idx) { - benes_switch_bits[column_idx].allocate(bp, num_packets); - } - } - } - - void generate_gates() { - /* packing/unpacking */ - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - pack_inputs[packet_idx].generate_gates(false); - if (packet_idx < lines_to_unpack) { - unpack_outputs[packet_idx].generate_gates(true); - } else { - for (std::size_t subpacket_idx = 0; subpacket_idx < num_subpackets; ++subpacket_idx) { - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, routed_packets[0][packet_idx][subpacket_idx], - routed_packets[num_columns][packet_idx][subpacket_idx])); - } - } - } - - /* actual routing constraints */ - for (std::size_t column_idx = 0; column_idx < num_columns; ++column_idx) { - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - const std::size_t straight_edge = neighbors[column_idx][packet_idx].first; - const std::size_t cross_edge = neighbors[column_idx][packet_idx].second; - - if (num_subpackets == 1) { - /* easy case: (cur-next)*(cur-cross) = 0 */ - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - routed_packets[column_idx][packet_idx][0] - - routed_packets[column_idx + 1][straight_edge][0], - routed_packets[column_idx][packet_idx][0] - - routed_packets[column_idx + 1][cross_edge][0], - 0)); - } else { - /* routing bit must be boolean */ - generate_boolean_r1cs_constraint( - this->bp, benes_switch_bits[column_idx][packet_idx]); - - /* route forward according to routing bits */ - for (std::size_t subpacket_idx = 0; subpacket_idx < num_subpackets; - ++subpacket_idx) { - /* - (1-switch_bit) * (cur-straight_edge) + switch_bit * (cur-cross_edge) = 0 - switch_bit * (cross_edge-straight_edge) = cur-straight_edge - */ - this->bp.add_r1cs_constraint(snark::r1cs_constraint( - benes_switch_bits[column_idx][packet_idx], - routed_packets[column_idx + 1][cross_edge][subpacket_idx] - - routed_packets[column_idx + 1][straight_edge][subpacket_idx], - routed_packets[column_idx][packet_idx][subpacket_idx] - - routed_packets[column_idx + 1][straight_edge][subpacket_idx])); - } - } - } - } - } - - void generate_assignments(const integer_permutation &permutation) { - /* pack inputs */ - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - pack_inputs[packet_idx].generate_assignments_from_bits(); - } - - /* do the routing */ - const benes_routing routing = get_benes_routing(permutation); - - for (std::size_t column_idx = 0; column_idx < num_columns; ++column_idx) { - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - const std::size_t straight_edge = neighbors[column_idx][packet_idx].first; - const std::size_t cross_edge = neighbors[column_idx][packet_idx].second; - - if (num_subpackets > 1) { - this->bp.val(benes_switch_bits[column_idx][packet_idx]) = - typename FieldType::value_type(routing[column_idx][packet_idx] ? 1 : 0); - } - - for (std::size_t subpacket_idx = 0; subpacket_idx < num_subpackets; ++subpacket_idx) { - this->bp.val(routing[column_idx][packet_idx] ? - routed_packets[column_idx + 1][cross_edge][subpacket_idx] : - routed_packets[column_idx + 1][straight_edge][subpacket_idx]) = - this->bp.val(routed_packets[column_idx][packet_idx][subpacket_idx]); - } - } - } - - /* unpack outputs */ - for (std::size_t packet_idx = 0; packet_idx < lines_to_unpack; ++packet_idx) { - unpack_outputs[packet_idx].generate_assignments_from_packed(); - } - } - }; - - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_BENES_ROUTING_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/pcd/r1cs_pcd/compliance_predicate/cp_handler.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/pcd/r1cs_pcd/compliance_predicate/cp_handler.hpp deleted file mode 100644 index 9743bec333..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/pcd/r1cs_pcd/compliance_predicate/cp_handler.hpp +++ /dev/null @@ -1,304 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a compliance predicate handler. -// -// A compliance predicate handler is a base class for creating compliance predicates. -// It relies on classes declared in components. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_CP_HANDLER_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_CP_HANDLER_HPP - -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace snark { - - /***************************** Message variable ******************************/ - - /** - * A variable to represent an r1cs_pcd_message. - */ - template - class r1cs_pcd_message_variable : public components::component { - protected: - std::size_t num_vars_at_construction; - - public: - blueprint_variable type; - - blueprint_variable_vector all_vars; - - r1cs_pcd_message_variable(blueprint &bp); - void update_all_vars(); - - void generate_assignments(const std::shared_ptr> &message); - virtual std::shared_ptr> get_message() const = 0; - - virtual ~r1cs_pcd_message_variable() = default; - }; - /*************************** Local data variable *****************************/ - - /** - * A variable to represent an r1cs_pcd_local_data. - */ - template - class r1cs_pcd_local_data_variable : public components::component { - protected: - std::size_t num_vars_at_construction; - - public: - blueprint_variable_vector all_vars; - - r1cs_pcd_local_data_variable(blueprint &bp); - void update_all_vars(); - - void generate_assignments(const std::shared_ptr> &local_data); - - virtual ~r1cs_pcd_local_data_variable() = default; - }; - - /*********************** Compliance predicate handler ************************/ - - /** - * A base class for creating compliance predicates. - */ - template - class compliance_predicate_handler { - protected: - BlueprintType bp; - - std::shared_ptr> outgoing_message; - blueprint_variable arity; - std::vector>> incoming_messages; - std::shared_ptr> local_data; - - public: - const std::size_t name; - const std::size_t type; - const std::size_t max_arity; - const bool relies_on_same_type_inputs; - const std::set accepted_input_types; - - compliance_predicate_handler( - const BlueprintType &bp, - const std::size_t name, - const std::size_t type, - const std::size_t max_arity, - const bool relies_on_same_type_inputs, - const std::set &accepted_input_types = std::set()); - virtual void generate_gates() = 0; - virtual void generate_assignments( - const std::vector>> &incoming_message_values, - const std::shared_ptr> &local_data_value); - - r1cs_pcd_compliance_predicate get_compliance_predicate() const; - snark::r1cs_variable_assignment get_full_variable_assignment() const; - - std::shared_ptr> get_outgoing_message() const; - std::size_t get_arity() const; - std::shared_ptr> - get_incoming_message(const std::size_t message_idx) const; - std::shared_ptr> get_local_data() const; - snark::r1cs_variable_assignment get_witness() const; - }; - - template - r1cs_pcd_message_variable::r1cs_pcd_message_variable(blueprint &bp) : - components::component(bp) { - type.allocate(bp); - all_vars.emplace_back(type); - - num_vars_at_construction = bp.num_variables(); - } - - template - void r1cs_pcd_message_variable::update_all_vars() { - /* NOTE: this assumes that r1cs_pcd_message_variable has been the - * only component allocating variables on the protoboard and needs to - * be updated, e.g., in multicore variable allocation scenario. */ - - for (std::size_t var_idx = num_vars_at_construction + 1; var_idx <= this->bp.num_variables(); - ++var_idx) { - all_vars.emplace_back(blueprint_variable(var_idx)); - } - } - - template - void r1cs_pcd_message_variable::generate_assignments( - const std::shared_ptr> &message) { - all_vars.fill_with_field_elements(this->bp, message->as_r1cs_variable_assignment()); - } - - template - r1cs_pcd_local_data_variable::r1cs_pcd_local_data_variable(blueprint &bp) : - components::component(bp) { - num_vars_at_construction = bp.num_variables(); - } - - template - void r1cs_pcd_local_data_variable::update_all_vars() { - /* (the same NOTE as for r1cs_message_variable applies) */ - - for (std::size_t var_idx = num_vars_at_construction + 1; var_idx <= this->bp.num_variables(); - ++var_idx) { - all_vars.emplace_back(blueprint_variable(var_idx)); - } - } - - template - void r1cs_pcd_local_data_variable::generate_assignments( - const std::shared_ptr> &local_data) { - all_vars.fill_with_field_elements(this->bp, local_data->as_r1cs_variable_assignment()); - } - - template - compliance_predicate_handler::compliance_predicate_handler( - const BlueprintType &bp, - const std::size_t name, - const std::size_t type, - const std::size_t max_arity, - const bool relies_on_same_type_inputs, - const std::set &accepted_input_types) : - bp(bp), - name(name), type(type), max_arity(max_arity), - relies_on_same_type_inputs(relies_on_same_type_inputs), accepted_input_types(accepted_input_types) { - incoming_messages.resize(max_arity); - } - - template - void compliance_predicate_handler::generate_assignments( - const std::vector>> &incoming_message_values, - const std::shared_ptr> &local_data_value) { - bp.clear_values(); - bp.val(outgoing_message->type) = typename FieldType::value_type(type); - bp.val(arity) = typename FieldType::value_type(incoming_message_values.size()); - - for (std::size_t i = 0; i < incoming_message_values.size(); ++i) { - incoming_messages[i]->generate_assignments(incoming_message_values[i]); - } - - local_data->generate_assignments(local_data_value); - } - - template - r1cs_pcd_compliance_predicate - compliance_predicate_handler::get_compliance_predicate() const { - assert(incoming_messages.size() == max_arity); - - const std::size_t outgoing_message_payload_length = outgoing_message->all_vars.size() - 1; - - std::vector incoming_message_payload_lengths(max_arity); - std::transform(incoming_messages.begin(), incoming_messages.end(), - incoming_message_payload_lengths.begin(), - [](const std::shared_ptr> &msg) { - return msg->all_vars.size() - 1; - }); - - const std::size_t local_data_length = local_data->all_vars.size(); - - const std::size_t all_but_witness_length = - ((1 + outgoing_message_payload_length) + 1 + - (max_arity + std::accumulate(incoming_message_payload_lengths.begin(), - incoming_message_payload_lengths.end(), 0)) + - local_data_length); - const std::size_t witness_length = bp.num_variables() - all_but_witness_length; - - snark::r1cs_constraint_system constraint_system = bp.get_constraint_system(); - constraint_system.primary_input_size = 1 + outgoing_message_payload_length; - constraint_system.auxiliary_input_size = bp.num_variables() - constraint_system.primary_input_size; - - return r1cs_pcd_compliance_predicate(name, - type, - constraint_system, - outgoing_message_payload_length, - max_arity, - incoming_message_payload_lengths, - local_data_length, - witness_length, - relies_on_same_type_inputs, - accepted_input_types); - } - - template - snark::r1cs_variable_assignment - compliance_predicate_handler::get_full_variable_assignment() const { - return bp.full_variable_assignment(); - } - - template - std::shared_ptr> - compliance_predicate_handler::get_outgoing_message() const { - return outgoing_message->get_message(); - } - - template - std::size_t compliance_predicate_handler::get_arity() const { - return bp.val(arity).as_ulong(); - } - - template - std::shared_ptr> - compliance_predicate_handler::get_incoming_message( - const std::size_t message_idx) const { - assert(message_idx < max_arity); - return incoming_messages[message_idx]->get_message(); - } - - template - std::shared_ptr> - compliance_predicate_handler::get_local_data() const { - return local_data->get_local_data(); - } - - template - r1cs_pcd_witness - compliance_predicate_handler::get_witness() const { - const snark::r1cs_variable_assignment va = bp.full_variable_assignment(); - // outgoing_message + arity + incoming_messages + local_data - const std::size_t witness_pos = - (outgoing_message->all_vars.size() + 1 + - std::accumulate( - incoming_messages.begin(), incoming_messages.end(), 0, - [](std::size_t acc, const std::shared_ptr> &msg) { - return acc + msg->all_vars.size(); - }) + - local_data->all_vars.size()); - - return snark::r1cs_variable_assignment(va.begin() + witness_pos, va.end()); - } - } // namespace snark - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_CP_HANDLER_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/mp_pcd_circuits.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/mp_pcd_circuits.hpp deleted file mode 100644 index f786388652..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/mp_pcd_circuits.hpp +++ /dev/null @@ -1,799 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality for creating and using the two PCD circuits in -// a multi-predicate PCD construction. -// -// The implementation follows, extends, and optimizes the approach described -// in \[CTV15]. At high level, there is a "compliance step" circuit and a -// "translation step" circuit, for each compliance predicate. For more details, -// see \[CTV15]. -// -// -// References: -// -// \[CTV15]: -// "Cluster Computing in Zero Knowledge", -// Alessandro Chiesa, Eran Tromer, Madars Virza -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_MP_PCD_CIRCUITS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_MP_PCD_CIRCUITS_HPP - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace snark { - - /**************************** Compliance step ********************************/ - - /** - * A compliance-step PCD circuit. - * - * The circuit is an R1CS that checks compliance (for the given compliance predicate) - * and validity of previous proofs. - */ - template - class mp_compliance_step_pcd_circuit_maker { - - // for now all CRH components are knapsack CRH's; can be easily extended - // later to more expressive selector types. - template - using crh_with_field_out_component = knapsack_crh_with_field_out_component; - - template - using crh_with_bit_out_component = knapsack_crh_with_bit_out_component; - - public: - typedef typename CurveType::scalar_field_type FieldType; - - r1cs_pcd_compliance_predicate compliance_predicate; - - blueprint bp; - - blueprint_variable zero; - - std::shared_ptr> block_for_outgoing_message; - std::shared_ptr> hash_outgoing_message; - - std::vector> block_for_incoming_messages; - std::vector> commitment_and_incoming_message_digests; - std::vector> unpack_commitment_and_incoming_message_digests; - std::vector> commitment_and_incoming_messages_digest_bits; - std::vector> hash_incoming_messages; - - std::vector> translation_step_vks; - std::vector> translation_step_vks_bits; - - blueprint_variable outgoing_message_type; - blueprint_variable_vector outgoing_message_payload; - blueprint_variable_vector outgoing_message_vars; - - blueprint_variable arity; - std::vector> incoming_message_types; - std::vector> incoming_message_payloads; - std::vector> incoming_message_vars; - - blueprint_variable_vector local_data; - blueprint_variable_vector cp_witness; - std::shared_ptr> compliance_predicate_as_component; - - blueprint_variable_vector outgoing_message_bits; - std::shared_ptr> unpack_outgoing_message; - - std::vector> incoming_messages_bits; - std::vector> unpack_incoming_messages; - - blueprint_variable_vector mp_compliance_step_pcd_circuit_input; - blueprint_variable_vector padded_translation_step_vk_and_outgoing_message_digest; - std::vector> padded_commitment_and_incoming_messages_digest; - - std::shared_ptr>> - commitment; - std::vector>> - membership_proofs; - std::vector>> - membership_checkers; - blueprint_variable_vector membership_check_results; - blueprint_variable common_type; - blueprint_variable_vector common_type_check_aux; - - std::vector> verifier_input; - std::vector> proof; - blueprint_variable_vector verification_results; - std::vector> verifier; - - mp_compliance_step_pcd_circuit_maker( - const r1cs_pcd_compliance_predicate &compliance_predicate, - const std::size_t max_number_of_predicates); - void generate_gates(); - snark::r1cs_constraint_system get_circuit() const; - - void generate_assignments( - const set_commitment &commitment_to_translation_step_r1cs_vks, - const std::vector>> - &mp_translation_step_pcd_circuit_vks, - const std::vector &vk_membership_proofs, - const r1cs_pcd_compliance_predicate_primary_input - &compliance_predicate_primary_input, - const r1cs_pcd_compliance_predicate_auxiliary_input - &compliance_predicate_auxiliary_input, - const std::vector>> &translation_step_proofs); - snark::r1cs_primary_input get_primary_input() const; - snark::r1cs_auxiliary_input get_auxiliary_input() const; - - static std::size_t field_logsize(); - static std::size_t field_capacity(); - static std::size_t input_size_in_elts(); - static std::size_t input_capacity_in_bits(); - static std::size_t input_size_in_bits(); - }; - - /*************************** Translation step ********************************/ - - /** - * A translation-step PCD circuit. - * - * The circuit is an R1CS that checks validity of previous proofs. - */ - template - class mp_translation_step_pcd_circuit_maker { - public: - typedef typename CurveType::scalar_field_type FieldType; - - blueprint bp; - - blueprint_variable_vector mp_translation_step_pcd_circuit_input; - blueprint_variable_vector unpacked_mp_translation_step_pcd_circuit_input; - blueprint_variable_vector verifier_input; - std::shared_ptr> unpack_mp_translation_step_pcd_circuit_input; - - std::shared_ptr> - hardcoded_compliance_step_vk; - std::shared_ptr> proof; - std::shared_ptr> online_verifier; - - mp_translation_step_pcd_circuit_maker( - const r1cs_ppzksnark_verification_key> &compliance_step_vk); - void generate_gates(); - snark::r1cs_constraint_system get_circuit() const; - - void generate_assignments(const snark::r1cs_primary_input - translation_step_input, - const r1cs_ppzksnark_proof> &prev_proof); - snark::r1cs_primary_input get_primary_input() const; - snark::r1cs_auxiliary_input get_auxiliary_input() const; - - static std::size_t field_logsize(); - static std::size_t field_capacity(); - static std::size_t input_size_in_elts(); - static std::size_t input_capacity_in_bits(); - static std::size_t input_size_in_bits(); - }; - - /****************************** Input maps ***********************************/ - - /** - * Obtain the primary input for a compliance-step PCD circuit. - */ - template - snark::r1cs_primary_input - get_mp_compliance_step_pcd_circuit_input( - const set_commitment &commitment_to_translation_step_r1cs_vks, - const r1cs_pcd_compliance_predicate_primary_input - &primary_input); - - /** - * Obtain the primary input for a translation-step PCD circuit. - */ - template - snark::r1cs_primary_input - get_mp_translation_step_pcd_circuit_input( - const set_commitment &commitment_to_translation_step_r1cs_vks, - const r1cs_pcd_compliance_predicate_primary_input::scalar_field_type> - &primary_input); - - template - mp_compliance_step_pcd_circuit_maker::mp_compliance_step_pcd_circuit_maker( - const r1cs_pcd_compliance_predicate &compliance_predicate, - const std::size_t max_number_of_predicates) : - compliance_predicate(compliance_predicate) { - /* calculate some useful sizes */ - const std::size_t digest_size = crh_with_field_out_component::get_digest_len(); - const std::size_t outgoing_msg_size_in_bits = - field_logsize() * (1 + compliance_predicate.outgoing_message_payload_length); - assert(compliance_predicate.has_equal_input_lengths()); - const std::size_t translation_step_vk_size_in_bits = - r1cs_ppzksnark_verification_key_variable::size_in_bits( - mp_translation_step_pcd_circuit_maker>::input_size_in_elts()); - const std::size_t padded_verifier_input_size = - mp_translation_step_pcd_circuit_maker>::input_capacity_in_bits(); - const std::size_t commitment_size = - set_commitment_component>::root_size_in_bits(); - - const std::size_t output_block_size = commitment_size + outgoing_msg_size_in_bits; - const std::size_t max_incoming_payload_length = - *std::max_element(compliance_predicate.incoming_message_payload_lengths.begin(), - compliance_predicate.incoming_message_payload_lengths.end()); - const std::size_t max_input_block_size = - commitment_size + field_logsize() * (1 + max_incoming_payload_length); - - crh_with_bit_out_component::sample_randomness( - std::max(output_block_size, max_input_block_size)); - - /* allocate input of the compliance MP_PCD circuit */ - mp_compliance_step_pcd_circuit_input.allocate(bp, input_size_in_elts()); - - /* allocate inputs to the compliance predicate */ - outgoing_message_type.allocate(bp); - outgoing_message_payload.allocate(bp, compliance_predicate.outgoing_message_payload_length); - - outgoing_message_vars.insert(outgoing_message_vars.end(), outgoing_message_type); - outgoing_message_vars.insert(outgoing_message_vars.end(), outgoing_message_payload.begin(), - outgoing_message_payload.end()); - - arity.allocate(bp); - - incoming_message_types.resize(compliance_predicate.max_arity); - incoming_message_payloads.resize(compliance_predicate.max_arity); - incoming_message_vars.resize(compliance_predicate.max_arity); - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - incoming_message_types[i].allocate(bp); - incoming_message_payloads[i].allocate(bp, - compliance_predicate.incoming_message_payload_lengths[i]); - - incoming_message_vars[i].insert(incoming_message_vars[i].end(), incoming_message_types[i]); - incoming_message_vars[i].insert(incoming_message_vars[i].end(), - incoming_message_payloads[i].begin(), - incoming_message_payloads[i].end()); - } - - local_data.allocate(bp, compliance_predicate.local_data_length); - cp_witness.allocate(bp, compliance_predicate.witness_length); - - /* convert compliance predicate from a constraint system into a component */ - blueprint_variable_vector incoming_messages_concat; - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - incoming_messages_concat.insert(incoming_messages_concat.end(), - incoming_message_vars[i].begin(), - incoming_message_vars[i].end()); - } - - compliance_predicate_as_component.reset(new component_from_r1cs( - bp, - {outgoing_message_vars, blueprint_variable_vector(1, arity), - incoming_messages_concat, local_data, cp_witness}, - compliance_predicate.constraint_system)); - - /* unpack messages to bits */ - outgoing_message_bits.allocate(bp, outgoing_msg_size_in_bits); - unpack_outgoing_message.reset(new multipacking_component( - bp, outgoing_message_bits, outgoing_message_vars, field_logsize())); - - incoming_messages_bits.resize(compliance_predicate.max_arity); - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - const std::size_t incoming_msg_size_in_bits = - field_logsize() * (1 + compliance_predicate.incoming_message_payload_lengths[i]); - - incoming_messages_bits[i].allocate(bp, incoming_msg_size_in_bits); - unpack_incoming_messages.emplace_back(multipacking_component( - bp, incoming_messages_bits[i], incoming_message_vars[i], field_logsize())); - } - - /* allocate digests */ - commitment_and_incoming_message_digests.resize(compliance_predicate.max_arity); - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - commitment_and_incoming_message_digests[i].allocate(bp, digest_size); - } - - /* allocate commitment, verification key(s) and membership checker(s)/proof(s) */ - commitment.reset(new set_commitment_variable>( - bp, commitment_size)); - - if (compliance_predicate.relies_on_same_type_inputs) { - /* only one set_commitment_component is needed */ - common_type.allocate(bp); - common_type_check_aux.allocate(bp, compliance_predicate.accepted_input_types.size()); - - translation_step_vks_bits.resize(1); - translation_step_vks_bits[0].allocate(bp, translation_step_vk_size_in_bits); - membership_check_results.allocate(bp, 1); - - membership_proofs.emplace_back( - set_membership_proof_variable>( - bp, max_number_of_predicates)); - membership_checkers.emplace_back( - set_commitment_component>( - bp, max_number_of_predicates, translation_step_vks_bits[0], *commitment, - membership_proofs[0], membership_check_results[0])); - } else { - /* check for max_arity possibly different VKs */ - translation_step_vks_bits.resize(compliance_predicate.max_arity); - membership_check_results.allocate(bp, compliance_predicate.max_arity); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - translation_step_vks_bits[i].allocate(bp, translation_step_vk_size_in_bits); - - membership_proofs.emplace_back( - set_membership_proof_variable>( - bp, max_number_of_predicates)); - membership_checkers.emplace_back( - set_commitment_component>( - bp, - max_number_of_predicates, - translation_step_vks_bits[i], - *commitment, - membership_proofs[i], - membership_check_results[i])); - } - } - - /* allocate blocks */ - block_for_outgoing_message.reset( - new block_variable(bp, {commitment->bits, outgoing_message_bits})); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - block_for_incoming_messages.emplace_back( - block_variable(bp, {commitment->bits, incoming_messages_bits[i]})); - } - - /* allocate hash checkers */ - hash_outgoing_message.reset(new crh_with_field_out_component( - bp, output_block_size, *block_for_outgoing_message, mp_compliance_step_pcd_circuit_input)); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - const std::size_t input_block_size = commitment_size + incoming_messages_bits[i].size(); - hash_incoming_messages.emplace_back(crh_with_field_out_component( - bp, input_block_size, block_for_incoming_messages[i], - commitment_and_incoming_message_digests[i])); - } - - /* allocate useful zero variable */ - zero.allocate(bp); - - /* prepare arguments for the verifier */ - if (compliance_predicate.relies_on_same_type_inputs) { - translation_step_vks.emplace_back(r1cs_ppzksnark_verification_key_variable( - bp, translation_step_vks_bits[0], - mp_translation_step_pcd_circuit_maker>::input_size_in_elts())); - } else { - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - translation_step_vks.emplace_back(r1cs_ppzksnark_verification_key_variable( - bp, translation_step_vks_bits[i], - mp_translation_step_pcd_circuit_maker>::input_size_in_elts())); - } - } - - verification_results.allocate(bp, compliance_predicate.max_arity); - commitment_and_incoming_messages_digest_bits.resize(compliance_predicate.max_arity); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - commitment_and_incoming_messages_digest_bits[i].allocate(bp, digest_size * field_logsize()); - unpack_commitment_and_incoming_message_digests.emplace_back( - multipacking_component(bp, - commitment_and_incoming_messages_digest_bits[i], - commitment_and_incoming_message_digests[i], - field_logsize())); - - verifier_input.emplace_back(commitment_and_incoming_messages_digest_bits[i]); - while (verifier_input[i].size() < padded_verifier_input_size) { - verifier_input[i].emplace_back(zero); - } - - proof.emplace_back(r1cs_ppzksnark_proof_variable(bp)); - const r1cs_ppzksnark_verification_key_variable &vk_to_be_used = - (compliance_predicate.relies_on_same_type_inputs ? translation_step_vks[0] : - translation_step_vks[i]); - verifier.emplace_back(r1cs_ppzksnark_verifier_component( - bp, - vk_to_be_used, - verifier_input[i], - mp_translation_step_pcd_circuit_maker>::field_capacity(), - proof[i], - verification_results[i])); - } - - bp.set_input_sizes(input_size_in_elts()); - } - - template - void mp_compliance_step_pcd_circuit_maker::generate_gates() { - const std::size_t digest_size = crh_with_bit_out_component::get_digest_len(); - const std::size_t dimension = knapsack_dimension::dimension; - unpack_outgoing_message->generate_gates(true); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - unpack_incoming_messages[i].generate_gates(true); - } - - for (std::size_t i = 0; i < translation_step_vks.size(); ++i) { - translation_step_vks[i].generate_gates(true); - } - - hash_outgoing_message->generate_gates(); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - hash_incoming_messages[i].generate_gates(); - } - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - unpack_commitment_and_incoming_message_digests[i].generate_gates(true); - } - - for (auto &membership_proof : membership_proofs) { - membership_proof.generate_gates(); - } - - for (auto &membership_checker : membership_checkers) { - membership_checker.generate_gates(); - } - - compliance_predicate_as_component->generate_gates(); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - proof[i].generate_gates(); - } - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - verifier[i].generate_gates(); - } - - generate_r1cs_equals_const_constraint(bp, zero, FieldType::value_type::zero()); - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - generate_boolean_r1cs_constraint(bp, verification_results[i]); - } - - /* either type = 0 or proof verified w.r.t. a valid verification key */ - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - bp.add_r1cs_constraint(snark::r1cs_constraint(incoming_message_types[i], - 1 - verification_results[i], 0)); - } - - if (compliance_predicate.relies_on_same_type_inputs) { - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - bp.add_r1cs_constraint(snark::r1cs_constraint( - incoming_message_types[i], incoming_message_types[i] - common_type, 0)); - } - - bp.add_r1cs_constraint( - snark::r1cs_constraint(common_type, 1 - membership_check_results[0], 0)); - - auto it = compliance_predicate.accepted_input_types.begin(); - for (std::size_t i = 0; i < compliance_predicate.accepted_input_types.size(); ++i, ++it) { - bp.add_r1cs_constraint(snark::r1cs_constraint( - (i == 0 ? common_type : common_type_check_aux[i - 1]), - common_type - typename FieldType::value_type(*it), - (i == compliance_predicate.accepted_input_types.size() - 1 ? - 0 * blueprint_variable(0) : - common_type_check_aux[i]))); - } - } else { - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - bp.add_r1cs_constraint(snark::r1cs_constraint( - incoming_message_types[i], 1 - membership_check_results[i], 0)); - } - } - bp.add_r1cs_constraint(snark::r1cs_constraint( - 1, outgoing_message_type, typename FieldType::value_type(compliance_predicate.type))); - } - - template - snark::r1cs_constraint_system - mp_compliance_step_pcd_circuit_maker::get_circuit() const { - return bp.get_constraint_system(); - } - - template - snark::r1cs_primary_input - mp_compliance_step_pcd_circuit_maker::get_primary_input() const { - return bp.primary_input(); - } - - template - snark::r1cs_auxiliary_input - mp_compliance_step_pcd_circuit_maker::get_auxiliary_input() const { - return bp.auxiliary_input(); - } - - template - void mp_compliance_step_pcd_circuit_maker::generate_assignments( - const set_commitment &commitment_to_translation_step_r1cs_vks, - const std::vector>> - &mp_translation_step_pcd_circuit_vks, - const std::vector &vk_membership_proofs, - const r1cs_pcd_compliance_predicate_primary_input &compliance_predicate_primary_input, - const r1cs_pcd_compliance_predicate_auxiliary_input - &compliance_predicate_auxiliary_input, - const std::vector>> &translation_step_proofs) { - - this->bp.clear_values(); - this->bp.val(zero) = FieldType::value_type::zero(); - - compliance_predicate_as_component->generate_assignments( - compliance_predicate_primary_input.as_r1cs_primary_input(), - compliance_predicate_auxiliary_input.as_r1cs_auxiliary_input( - compliance_predicate.incoming_message_payload_lengths)); - - unpack_outgoing_message->generate_assignments_from_packed(); - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - unpack_incoming_messages[i].generate_assignments_from_packed(); - } - - for (std::size_t i = 0; i < translation_step_vks.size(); ++i) { - translation_step_vks[i].generate_assignments(mp_translation_step_pcd_circuit_vks[i]); - } - - commitment->generate_assignments(commitment_to_translation_step_r1cs_vks); - - if (compliance_predicate.relies_on_same_type_inputs) { - /* all messages (except base case) must be of the same type */ - this->bp.val(common_type) = FieldType::value_type::zero(); - std::size_t nonzero_type_idx = 0; - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - if (this->bp.val(incoming_message_types[i]) == 0) { - continue; - } - - if (this->bp.val(common_type).is_zero()) { - this->bp.val(common_type) = this->bp.val(incoming_message_types[i]); - nonzero_type_idx = i; - } else { - assert(this->bp.val(common_type) == this->bp.val(incoming_message_types[i])); - } - } - - this->bp.val(membership_check_results[0]) = - (this->bp.val(common_type).is_zero() ? FieldType::value_type::zero() : - FieldType::value_type::zero()); - membership_proofs[0].generate_assignments(vk_membership_proofs[nonzero_type_idx]); - membership_checkers[0].generate_assignments(); - - auto it = compliance_predicate.accepted_input_types.begin(); - for (std::size_t i = 0; i < compliance_predicate.accepted_input_types.size(); ++i, ++it) { - bp.val(common_type_check_aux[i]) = - ((i == 0 ? bp.val(common_type) : bp.val(common_type_check_aux[i - 1])) * - (bp.val(common_type) - typename FieldType::value_type(*it))); - } - - } else { - for (std::size_t i = 0; i < membership_checkers.size(); ++i) { - this->bp.val(membership_check_results[i]) = - (this->bp.val(incoming_message_types[i]).is_zero() ? FieldType::value_type::zero() : - FieldType::value_type::zero()); - membership_proofs[i].generate_assignments(vk_membership_proofs[i]); - membership_checkers[i].generate_assignments(); - } - } - - hash_outgoing_message->generate_assignments(); - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - hash_incoming_messages[i].generate_assignments(); - unpack_commitment_and_incoming_message_digests[i].generate_assignments_from_packed(); - } - - for (std::size_t i = 0; i < compliance_predicate.max_arity; ++i) { - proof[i].generate_assignments(translation_step_proofs[i]); - verifier[i].generate_assignments(); - } - } - - template - std::size_t mp_compliance_step_pcd_circuit_maker::field_logsize() { - return typename CurveType::scalar_field_type::value_bits; - } - - template - std::size_t mp_compliance_step_pcd_circuit_maker::field_capacity() { - return typename CurveType::scalar_field_type::capacity(); - } - - template - std::size_t mp_compliance_step_pcd_circuit_maker::input_size_in_elts() { - const std::size_t digest_size = crh_with_field_out_component::get_digest_len(); - return digest_size; - } - - template - std::size_t mp_compliance_step_pcd_circuit_maker::input_capacity_in_bits() { - return input_size_in_elts() * field_capacity(); - } - - template - std::size_t mp_compliance_step_pcd_circuit_maker::input_size_in_bits() { - return input_size_in_elts() * field_logsize(); - } - - template - mp_translation_step_pcd_circuit_maker::mp_translation_step_pcd_circuit_maker( - const r1cs_ppzksnark_verification_key> &compliance_step_vk) { - /* allocate input of the translation MP_PCD circuit */ - mp_translation_step_pcd_circuit_input.allocate(bp, input_size_in_elts()); - - /* unpack translation step MP_PCD circuit input */ - unpacked_mp_translation_step_pcd_circuit_input.allocate( - bp, mp_compliance_step_pcd_circuit_maker>::input_size_in_bits()); - unpack_mp_translation_step_pcd_circuit_input.reset( - new multipacking_component(bp, unpacked_mp_translation_step_pcd_circuit_input, - mp_translation_step_pcd_circuit_input, field_capacity())); - - /* prepare arguments for the verifier */ - hardcoded_compliance_step_vk.reset( - new r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable( - bp, compliance_step_vk)); - proof.reset(new r1cs_ppzksnark_proof_variable(bp)); - - /* verify previous proof */ - online_verifier.reset(new r1cs_ppzksnark_online_verifier_component( - bp, - *hardcoded_compliance_step_vk, - unpacked_mp_translation_step_pcd_circuit_input, - mp_compliance_step_pcd_circuit_maker>::field_logsize(), - *proof, - blueprint_variable(0))); - - bp.set_input_sizes(input_size_in_elts()); - } - - template - void mp_translation_step_pcd_circuit_maker::generate_gates() { - unpack_mp_translation_step_pcd_circuit_input->generate_gates(true); - - proof->generate_gates(); - - online_verifier->generate_gates(); - } - - template - snark::r1cs_constraint_system - mp_translation_step_pcd_circuit_maker::get_circuit() const { - return bp.get_constraint_system(); - } - - template - void mp_translation_step_pcd_circuit_maker::generate_assignments( - const snark::r1cs_primary_input - translation_step_input, - const r1cs_ppzksnark_proof> &prev_proof) { - this->bp.clear_values(); - mp_translation_step_pcd_circuit_input.fill_with_field_elements(bp, translation_step_input); - unpack_mp_translation_step_pcd_circuit_input->generate_assignments_from_packed(); - - proof->generate_assignments(prev_proof); - online_verifier->generate_assignments(); - } - - template - snark::r1cs_primary_input - mp_translation_step_pcd_circuit_maker::get_primary_input() const { - return bp.primary_input(); - } - - template - snark::r1cs_auxiliary_input - mp_translation_step_pcd_circuit_maker::get_auxiliary_input() const { - return bp.auxiliary_input(); - } - - template - std::size_t mp_translation_step_pcd_circuit_maker::field_logsize() { - return typename CurveType::scalar_field_type::value_bits; - } - - template - std::size_t mp_translation_step_pcd_circuit_maker::field_capacity() { - return typename CurveType::scalar_field_type::capacity(); - } - - template - std::size_t mp_translation_step_pcd_circuit_maker::input_size_in_elts() { - return algebra::div_ceil( - mp_compliance_step_pcd_circuit_maker>::input_size_in_bits(), - mp_translation_step_pcd_circuit_maker::field_capacity()); - } - - template - std::size_t mp_translation_step_pcd_circuit_maker::input_capacity_in_bits() { - return input_size_in_elts() * field_capacity(); - } - - template - std::size_t mp_translation_step_pcd_circuit_maker::input_size_in_bits() { - return input_size_in_elts() * field_logsize(); - } - - template - snark::r1cs_primary_input - get_mp_compliance_step_pcd_circuit_input( - const set_commitment &commitment_to_translation_step_r1cs_vks, - const r1cs_pcd_compliance_predicate_primary_input - &primary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const snark::r1cs_variable_assignment outgoing_message_as_va = - primary_input.outgoing_message->as_r1cs_variable_assignment(); - std::vector msg_bits; - for (const typename FieldType::value_type &elt : outgoing_message_as_va) { - const std::vector elt_bits = algebra::convert_field_element_to_bit_vector(elt); - msg_bits.insert(msg_bits.end(), elt_bits.begin(), elt_bits.end()); - } - - std::vector block; - block.insert(block.end(), commitment_to_translation_step_r1cs_vks.begin(), - commitment_to_translation_step_r1cs_vks.end()); - block.insert(block.end(), msg_bits.begin(), msg_bits.end()); - - crh_with_field_out_component::sample_randomness(block.size()); - - const std::vector digest = - crh_with_field_out_component::get_hash(block); - - return digest; - } - - template - snark::r1cs_primary_input - get_mp_translation_step_pcd_circuit_input( - const set_commitment &commitment_to_translation_step_r1cs_vks, - const r1cs_pcd_compliance_predicate_primary_input < - other_curve::scalar_field_type::value_type & - primary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const std::vector < - other_curve::scalar_field_type::value_type mp_compliance_step_pcd_circuit_input = - get_mp_compliance_step_pcd_circuit_input>( - commitment_to_translation_step_r1cs_vks, primary_input); - std::vector mp_compliance_step_pcd_circuit_input_bits; - for (const other_curve::scalar_field_type::value_type &elt : - mp_compliance_step_pcd_circuit_input) { - const std::vector elt_bits = algebra::convert_field_element_to_bit_vector < - other_curve::scalar_field_type::value_type(elt); - mp_compliance_step_pcd_circuit_input_bits.insert( - mp_compliance_step_pcd_circuit_input_bits.end(), elt_bits.begin(), elt_bits.end()); - } - - mp_compliance_step_pcd_circuit_input_bits.resize( - mp_translation_step_pcd_circuit_maker::input_capacity_in_bits(), false); - - const snark::r1cs_primary_input result = - algebra::pack_bit_vector_into_field_element_vector( - mp_compliance_step_pcd_circuit_input_bits, - mp_translation_step_pcd_circuit_maker::field_capacity()); - return result; - } - } // namespace snark - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_MP_PCD_CIRCUITS_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/plonk/kimchi/detail/limbs.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/plonk/kimchi/detail/limbs.hpp index 41ecf18bc7..a0a0c57ceb 100644 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/plonk/kimchi/detail/limbs.hpp +++ b/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/plonk/kimchi/detail/limbs.hpp @@ -394,17 +394,20 @@ namespace nil { value_data = value_data >> 64; assignment.witness(component.W(4), row) = value_data; - typename BlueprintFieldType::extended_integral_type modulus_p = BlueprintFieldType::modulus; - typename BlueprintFieldType::extended_integral_type one = 1; - typename BlueprintFieldType::extended_integral_type power = (one << 256); - typename BlueprintFieldType::extended_integral_type c = power - modulus_p; - typename BlueprintFieldType::extended_integral_type mask = (one << 64) - 1; - std::array c_chunks = { + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * BlueprintFieldType::policy_type::modulus_bits>>; + + extended_integral_type modulus_p = BlueprintFieldType::modulus; + extended_integral_type one = 1; + extended_integral_type power = (one << 256); + extended_integral_type c = power - modulus_p; + extended_integral_type mask = (one << 64) - 1; + std::array c_chunks = { c & mask, (c >> 64) & mask, (c >> 128) & mask, (c >> 192) & mask}; - typename BlueprintFieldType::extended_integral_type b = - typename BlueprintFieldType::extended_integral_type(typename BlueprintFieldType::integral_type(value.data)) + c; - std::array b_chunks = { + extended_integral_type b = + extended_integral_type(typename BlueprintFieldType::integral_type(value.data)) + c; + std::array b_chunks = { b & mask, (b >> 64) & mask, (b >> 128) & mask, (b >> 192) & mask}; assignment.witness(component.W(5), row) = b_chunks[0]; assignment.witness(component.W(6), row) = b_chunks[1]; @@ -412,7 +415,7 @@ namespace nil { assignment.witness(component.W(8), row) = b_chunks[3]; // We must be careful here not to have negative values. - typename BlueprintFieldType::extended_integral_type W9_part = typename BlueprintFieldType::integral_type( + extended_integral_type W9_part = typename BlueprintFieldType::integral_type( assignment.witness(component.W(1), row).data); W9_part += c_chunks[0]; if (W9_part > b_chunks[0]) { @@ -421,7 +424,7 @@ namespace nil { assignment.witness(component.W(9), row) = BlueprintFieldType::modulus - typename BlueprintFieldType::integral_type((b_chunks[0] - W9_part) >> 64); } - typename BlueprintFieldType::extended_integral_type W10_part = typename BlueprintFieldType::integral_type( + extended_integral_type W10_part = typename BlueprintFieldType::integral_type( assignment.witness(component.W(2), row).data); W10_part += typename BlueprintFieldType::integral_type(assignment.witness(component.W(9), row).data); W10_part += c_chunks[1]; @@ -431,7 +434,7 @@ namespace nil { assignment.witness(component.W(10), row) = BlueprintFieldType::modulus - typename BlueprintFieldType::integral_type((b_chunks[1] - W10_part) >> 64); } - typename BlueprintFieldType::extended_integral_type W11_part = typename BlueprintFieldType::integral_type( + extended_integral_type W11_part = typename BlueprintFieldType::integral_type( assignment.witness(component.W(3), row).data); W11_part += typename BlueprintFieldType::integral_type(assignment.witness(component.W(10), row).data); W11_part += c_chunks[2]; @@ -476,13 +479,16 @@ namespace nil { using var = typename plonk_to_limbs::var; + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * BlueprintFieldType::policy_type::modulus_bits>>; + typename BlueprintFieldType::value_type scalar = 2; - typename BlueprintFieldType::extended_integral_type modulus_p = BlueprintFieldType::modulus; - typename BlueprintFieldType::extended_integral_type one = 1; - typename BlueprintFieldType::extended_integral_type power = (one << 256); - typename BlueprintFieldType::extended_integral_type c = power - modulus_p; - typename BlueprintFieldType::extended_integral_type mask = (one << 64) - 1; - std::array c_chunks = { + extended_integral_type modulus_p = BlueprintFieldType::modulus; + extended_integral_type one = 1; + extended_integral_type power = (one << 256); + extended_integral_type c = power - modulus_p; + extended_integral_type mask = (one << 64) - 1; + std::array c_chunks = { c & mask, (c >> 64) & mask, (c >> 128) & mask, (c >> 192) & mask}; auto constraint_1 = var(component.W(1), 0) + var(component.W(2), 0) * scalar.pow(64) + diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/r1cs_pp_zksnark/verifier.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/r1cs_pp_zksnark/verifier.hpp deleted file mode 100644 index 4d66023d6f..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/systems/snark/r1cs_pp_zksnark/verifier.hpp +++ /dev/null @@ -1,717 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the the R1CS ppzkSNARK verifier component. -// -// The component r1cs_ppzksnark_verifier_component verifiers correct computation of -// r1cs_ppzksnark::verifier_strong_input_consistency. The component is built from two main sub-components: -// - r1cs_ppzksnark_verifier_process_vk_component, which verifies correct computation of -// r1cs_ppzksnark_verifier_process_vk, and -// - r1cs_ppzksnark_online_verifier_component, which verifies correct computation of -// r1cs_ppzksnark_online_verifier_strong_input_consistency. See r1cs_ppzksnark.hpp for description of the aforementioned -// functions. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_R1CS_PPZKSNARK_VERIFIER_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_R1CS_PPZKSNARK_VERIFIER_COMPONENT_HPP - -#include - -#include -#include -#include -#include -#include -//#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace snark { - namespace components { - - using namespace nil::crypto3::algebra::pairing; - - template - class r1cs_ppzksnark_proof_variable : public component { - public: - typedef typename CurveType::scalar_field_type FieldType; - - std::shared_ptr> g_A_g; - std::shared_ptr> g_A_h; - std::shared_ptr> g_B_g; - std::shared_ptr> g_B_h; - std::shared_ptr> g_C_g; - std::shared_ptr> g_C_h; - std::shared_ptr> g_H; - std::shared_ptr> g_K; - - std::vector>> all_G1_vars; - std::vector>> all_G2_vars; - - std::vector>> all_G1_checkers; - std::shared_ptr> G2_checker; - - blueprint_variable_vector proof_contents; - - r1cs_ppzksnark_proof_variable(blueprint &bp) : component(bp) { - const std::size_t num_G1 = 7; - const std::size_t num_G2 = 1; - - g_A_g.reset(new element_g1(bp)); - g_A_h.reset(new element_g1(bp)); - g_B_g.reset(new element_g2(bp)); - g_B_h.reset(new element_g1(bp)); - g_C_g.reset(new element_g1(bp)); - g_C_h.reset(new element_g1(bp)); - g_H.reset(new element_g1(bp)); - g_K.reset(new element_g1(bp)); - - all_G1_vars = {g_A_g, g_A_h, g_B_h, g_C_g, g_C_h, g_H, g_K}; - all_G2_vars = {g_B_g}; - - all_G1_checkers.resize(all_G1_vars.size()); - - for (std::size_t i = 0; i < all_G1_vars.size(); ++i) { - all_G1_checkers[i].reset(new element_g1_is_well_formed(bp, *all_G1_vars[i])); - } - G2_checker.reset(new element_g2_is_well_formed(bp, *g_B_g)); - - assert(all_G1_vars.size() == num_G1); - assert(all_G2_vars.size() == num_G2); - } - void generate_gates() { - for (auto &G1_checker : all_G1_checkers) { - G1_checker->generate_gates(); - } - - G2_checker->generate_gates(); - } - void generate_assignments( - const typename r1cs_ppzksnark::proof_type - &proof) { - std::vector G1_elems; - std::vector G2_elems; - - G1_elems = {proof.g_A.g, proof.g_A.h, proof.g_B.h, proof.g_C.g, - proof.g_C.h, proof.g_H, proof.g_K}; - G2_elems = {proof.g_B.g}; - - assert(G1_elems.size() == all_G1_vars.size()); - assert(G2_elems.size() == all_G2_vars.size()); - - for (std::size_t i = 0; i < G1_elems.size(); ++i) { - all_G1_vars[i]->generate_assignments(G1_elems[i]); - } - - for (std::size_t i = 0; i < G2_elems.size(); ++i) { - all_G2_vars[i]->generate_assignments(G2_elems[i]); - } - - for (auto &G1_checker : all_G1_checkers) { - G1_checker->generate_assignments(); - } - - G2_checker->generate_assignments(); - } - static std::size_t size() { - const std::size_t num_G1 = 7; - const std::size_t num_G2 = 1; - return (num_G1 * element_g1::num_field_elems + - num_G2 * element_g2::num_field_elems); - } - }; - - template - class r1cs_ppzksnark_verification_key_variable - : public component { - public: - typedef typename CurveType::scalar_field_type FieldType; - - std::shared_ptr> alphaA_g2; - std::shared_ptr> alphaB_g1; - std::shared_ptr> alphaC_g2; - std::shared_ptr> gamma_g2; - std::shared_ptr> gamma_beta_g1; - std::shared_ptr> gamma_beta_g2; - std::shared_ptr> rC_Z_g2; - std::shared_ptr> encoded_IC_base; - std::vector>> encoded_IC_query; - - blueprint_variable_vector all_bits; - blueprint_linear_combination_vector all_vars; - std::size_t input_size; - - std::vector>> all_G1_vars; - std::vector>> all_G2_vars; - - std::shared_ptr> packer; - - // Unfortunately, g++ 4.9 and g++ 5.0 have a bug related to - // incorrect inlining of small functions: - // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65307, which - // produces wrong assembly even at -O1. The test case at the bug - // report is directly derived from this code here. As a temporary - // work-around we mark the key functions noinline to hint compiler - // that inlining should not be performed. - - // TODO: remove later, when g++ developers fix the bug. - - __attribute__((noinline)) - r1cs_ppzksnark_verification_key_variable(blueprint &bp, - const blueprint_variable_vector &all_bits, - const std::size_t input_size) : - component(bp), - all_bits(all_bits), input_size(input_size) { - const std::size_t num_G1 = 2 + (input_size + 1); - const std::size_t num_G2 = 5; - - assert(all_bits.size() == (element_g1::size_in_bits() * num_G1 + - element_g2::size_in_bits() * num_G2)); - - this->alphaA_g2.reset(new element_g2(bp)); - this->alphaB_g1.reset(new element_g1(bp)); - this->alphaC_g2.reset(new element_g2(bp)); - this->gamma_g2.reset(new element_g2(bp)); - this->gamma_beta_g1.reset(new element_g1(bp)); - this->gamma_beta_g2.reset(new element_g2(bp)); - this->rC_Z_g2.reset(new element_g2(bp)); - - all_G1_vars = {this->alphaB_g1, this->gamma_beta_g1}; - all_G2_vars = {this->alphaA_g2, this->alphaC_g2, this->gamma_g2, this->gamma_beta_g2, - this->rC_Z_g2}; - - this->encoded_IC_query.resize(input_size); - this->encoded_IC_base.reset(new element_g1(bp)); - this->all_G1_vars.emplace_back(this->encoded_IC_base); - - for (std::size_t i = 0; i < input_size; ++i) { - this->encoded_IC_query[i].reset(new element_g1(bp)); - all_G1_vars.emplace_back(this->encoded_IC_query[i]); - } - - for (auto &G1_var : all_G1_vars) { - all_vars.insert(all_vars.end(), G1_var->all_vars.begin(), G1_var->all_vars.end()); - } - - for (auto &G2_var : all_G2_vars) { - all_vars.insert(all_vars.end(), G2_var->all_vars.begin(), G2_var->all_vars.end()); - } - - assert(all_G1_vars.size() == num_G1); - assert(all_G2_vars.size() == num_G2); - assert(all_vars.size() == (num_G1 * element_g1::num_variables() + - num_G2 * element_g2::num_variables())); - - packer.reset(new multipacking_component( - bp, all_bits, all_vars, FieldType::size_in_bits())); - } - void generate_gates(const bool enforce_bitness) { - packer->generate_gates(enforce_bitness); - } - void generate_assignments( - const typename r1cs_ppzksnark< - typename CurveType::pairing::pair_curve_type>::verification_key_type &vk) { - std::vector G1_elems; - std::vector G2_elems; - - G1_elems = {vk.alphaB_g1, vk.gamma_beta_g1}; - G2_elems = {vk.alphaA_g2, vk.alphaC_g2, vk.gamma_g2, vk.gamma_beta_g2, vk.rC_Z_g2}; - - assert(vk.encoded_IC_query.rest.indices.size() == input_size); - G1_elems.emplace_back(vk.encoded_IC_query.first); - for (std::size_t i = 0; i < input_size; ++i) { - assert(vk.encoded_IC_query.rest.indices[i] == i); - G1_elems.emplace_back(vk.encoded_IC_query.rest.values[i]); - } - - assert(G1_elems.size() == all_G1_vars.size()); - assert(G2_elems.size() == all_G2_vars.size()); - - for (std::size_t i = 0; i < G1_elems.size(); ++i) { - all_G1_vars[i]->generate_assignments(G1_elems[i]); - } - - for (std::size_t i = 0; i < G2_elems.size(); ++i) { - all_G2_vars[i]->generate_assignments(G2_elems[i]); - } - - packer->generate_assignments_from_packed(); - } - void generate_assignments(const std::vector &vk_bits) { - all_bits.fill_with_bits(this->bp, vk_bits); - packer->generate_assignments_from_bits(); - } - - std::vector get_bits() const { - return all_bits.get_bits(this->bp); - } - - static std::size_t __attribute__((noinline)) size_in_bits(const std::size_t input_size) { - const std::size_t num_G1 = 2 + (input_size + 1); - const std::size_t num_G2 = 5; - const std::size_t result = element_g1::size_in_bits() * num_G1 + - element_g2::size_in_bits() * num_G2; - return result; - } - - static std::vector get_verification_key_bits( - const typename r1cs_ppzksnark< - typename CurveType::pairing::pair_curve_type>::verification_key_type &r1cs_vk) { - - typedef typename CurveType::scalar_field_type FieldType; - - const std::size_t input_size_in_elts = - r1cs_vk.encoded_IC_query.rest.indices - .size(); // this might be approximate for bound verification keys, however they - // are not - // supported by r1cs_ppzksnark_verification_key_variable - const std::size_t vk_size_in_bits = - r1cs_ppzksnark_verification_key_variable::size_in_bits(input_size_in_elts); - - blueprint bp; - blueprint_variable_vector vk_bits; - vk_bits.allocate(bp, vk_size_in_bits); - r1cs_ppzksnark_verification_key_variable vk(bp, vk_bits, input_size_in_elts); - vk.generate_assignments(r1cs_vk); - - return vk.get_bits(); - } - }; - - template - class r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable { - public: - typedef typename CurveType::scalar_field_type FieldType; - - std::shared_ptr> encoded_IC_base; - std::vector>> encoded_IC_query; - - std::shared_ptr> vk_alphaB_g1_precomp; - std::shared_ptr> vk_gamma_beta_g1_precomp; - - std::shared_ptr> pp_G2_one_precomp; - std::shared_ptr> vk_alphaA_g2_precomp; - std::shared_ptr> vk_alphaC_g2_precomp; - std::shared_ptr> vk_gamma_beta_g2_precomp; - std::shared_ptr> vk_gamma_g2_precomp; - std::shared_ptr> vk_rC_Z_g2_precomp; - - r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable() { - // will be allocated outside - } - - r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable( - blueprint &bp, - const typename r1cs_ppzksnark< - typename CurveType::pairing::pair_curve_type>::verification_key &r1cs_vk) { - - encoded_IC_base.reset(new element_g1(bp, r1cs_vk.encoded_IC_query.first)); - encoded_IC_query.resize(r1cs_vk.encoded_IC_query.rest.indices.size()); - for (std::size_t i = 0; i < r1cs_vk.encoded_IC_query.rest.indices.size(); ++i) { - assert(r1cs_vk.encoded_IC_query.rest.indices[i] == i); - encoded_IC_query[i].reset( - new element_g1(bp, r1cs_vk.encoded_IC_query.rest.values[i])); - } - - vk_alphaB_g1_precomp.reset(new g1_precomputation(bp, r1cs_vk.alphaB_g1)); - vk_gamma_beta_g1_precomp.reset(new g1_precomputation(bp, r1cs_vk.gamma_beta_g1)); - - pp_G2_one_precomp.reset(new g2_precomputation( - bp, CurveType::pairing::pair_curve_type::template g2_type<>::value_type::one())); - vk_alphaA_g2_precomp.reset(new g2_precomputation(bp, r1cs_vk.alphaA_g2)); - vk_alphaC_g2_precomp.reset(new g2_precomputation(bp, r1cs_vk.alphaC_g2)); - vk_gamma_beta_g2_precomp.reset(new g2_precomputation(bp, r1cs_vk.gamma_beta_g2)); - vk_gamma_g2_precomp.reset(new g2_precomputation(bp, r1cs_vk.gamma_g2)); - vk_rC_Z_g2_precomp.reset(new g2_precomputation(bp, r1cs_vk.rC_Z_g2)); - } - }; - - template - class r1cs_ppzksnark_verifier_process_vk_component - : public component { - public: - typedef typename CurveType::scalar_field_type FieldType; - - std::shared_ptr> compute_vk_alphaB_g1_precomp; - std::shared_ptr> compute_vk_gamma_beta_g1_precomp; - - std::shared_ptr> compute_vk_alphaA_g2_precomp; - std::shared_ptr> compute_vk_alphaC_g2_precomp; - std::shared_ptr> compute_vk_gamma_beta_g2_precomp; - std::shared_ptr> compute_vk_gamma_g2_precomp; - std::shared_ptr> compute_vk_rC_Z_g2_precomp; - - r1cs_ppzksnark_verification_key_variable vk; - r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable - &pvk; // important to have a reference here - - r1cs_ppzksnark_verifier_process_vk_component( - blueprint &bp, - const r1cs_ppzksnark_verification_key_variable &vk, - r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable &pvk) : - component(bp), - vk(vk), pvk(pvk) { - pvk.encoded_IC_base = vk.encoded_IC_base; - pvk.encoded_IC_query = vk.encoded_IC_query; - - pvk.vk_alphaB_g1_precomp.reset(new g1_precomputation()); - pvk.vk_gamma_beta_g1_precomp.reset(new g1_precomputation()); - - pvk.pp_G2_one_precomp.reset(new g2_precomputation()); - pvk.vk_alphaA_g2_precomp.reset(new g2_precomputation()); - pvk.vk_alphaC_g2_precomp.reset(new g2_precomputation()); - pvk.vk_gamma_beta_g2_precomp.reset(new g2_precomputation()); - pvk.vk_gamma_g2_precomp.reset(new g2_precomputation()); - pvk.vk_rC_Z_g2_precomp.reset(new g2_precomputation()); - - compute_vk_alphaB_g1_precomp.reset( - new precompute_G1_component(bp, *vk.alphaB_g1, *pvk.vk_alphaB_g1_precomp)); - compute_vk_gamma_beta_g1_precomp.reset(new precompute_G1_component( - bp, *vk.gamma_beta_g1, *pvk.vk_gamma_beta_g1_precomp)); - - pvk.pp_G2_one_precomp.reset(new g2_precomputation( - bp, CurveType::pairing::pair_curve_type::template g2_type<>::value_type::one())); - compute_vk_alphaA_g2_precomp.reset( - new precompute_G2_component(bp, *vk.alphaA_g2, *pvk.vk_alphaA_g2_precomp)); - compute_vk_alphaC_g2_precomp.reset( - new precompute_G2_component(bp, *vk.alphaC_g2, *pvk.vk_alphaC_g2_precomp)); - compute_vk_gamma_beta_g2_precomp.reset(new precompute_G2_component( - bp, *vk.gamma_beta_g2, *pvk.vk_gamma_beta_g2_precomp)); - compute_vk_gamma_g2_precomp.reset( - new precompute_G2_component(bp, *vk.gamma_g2, *pvk.vk_gamma_g2_precomp)); - compute_vk_rC_Z_g2_precomp.reset( - new precompute_G2_component(bp, *vk.rC_Z_g2, *pvk.vk_rC_Z_g2_precomp)); - } - - void generate_gates() { - compute_vk_alphaB_g1_precomp->generate_gates(); - compute_vk_gamma_beta_g1_precomp->generate_gates(); - - compute_vk_alphaA_g2_precomp->generate_gates(); - compute_vk_alphaC_g2_precomp->generate_gates(); - compute_vk_gamma_beta_g2_precomp->generate_gates(); - compute_vk_gamma_g2_precomp->generate_gates(); - compute_vk_rC_Z_g2_precomp->generate_gates(); - } - - void generate_assignments() { - compute_vk_alphaB_g1_precomp->generate_assignments(); - compute_vk_gamma_beta_g1_precomp->generate_assignments(); - - compute_vk_alphaA_g2_precomp->generate_assignments(); - compute_vk_alphaC_g2_precomp->generate_assignments(); - compute_vk_gamma_beta_g2_precomp->generate_assignments(); - compute_vk_gamma_g2_precomp->generate_assignments(); - compute_vk_rC_Z_g2_precomp->generate_assignments(); - } - }; - - template - class r1cs_ppzksnark_online_verifier_component - : public component { - public: - typedef typename CurveType::scalar_field_type FieldType; - - r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable pvk; - - blueprint_variable_vector input; - std::size_t elt_size; - r1cs_ppzksnark_proof_variable proof; - blueprint_variable result; - const std::size_t input_len; - - std::shared_ptr> acc; - std::shared_ptr> accumulate_input; - - std::shared_ptr> proof_g_A_g_acc; - std::shared_ptr> compute_proof_g_A_g_acc; - std::shared_ptr> proof_g_A_g_acc_C; - std::shared_ptr> compute_proof_g_A_g_acc_C; - - std::shared_ptr> proof_g_A_h_precomp; - std::shared_ptr> proof_g_A_g_acc_C_precomp; - std::shared_ptr> proof_g_A_g_acc_precomp; - std::shared_ptr> proof_g_A_g_precomp; - std::shared_ptr> proof_g_B_h_precomp; - std::shared_ptr> proof_g_C_h_precomp; - std::shared_ptr> proof_g_C_g_precomp; - std::shared_ptr> proof_g_K_precomp; - std::shared_ptr> proof_g_H_precomp; - - std::shared_ptr> proof_g_B_g_precomp; - - std::shared_ptr> compute_proof_g_A_h_precomp; - std::shared_ptr> compute_proof_g_A_g_acc_C_precomp; - std::shared_ptr> compute_proof_g_A_g_acc_precomp; - std::shared_ptr> compute_proof_g_A_g_precomp; - std::shared_ptr> compute_proof_g_B_h_precomp; - std::shared_ptr> compute_proof_g_C_h_precomp; - std::shared_ptr> compute_proof_g_C_g_precomp; - std::shared_ptr> compute_proof_g_K_precomp; - std::shared_ptr> compute_proof_g_H_precomp; - - std::shared_ptr> compute_proof_g_B_g_precomp; - - std::shared_ptr> check_kc_A_valid; - std::shared_ptr> check_kc_B_valid; - std::shared_ptr> check_kc_C_valid; - std::shared_ptr> check_QAP_valid; - std::shared_ptr> check_CC_valid; - - blueprint_variable kc_A_valid; - blueprint_variable kc_B_valid; - blueprint_variable kc_C_valid; - blueprint_variable QAP_valid; - blueprint_variable CC_valid; - - blueprint_variable_vector all_test_results; - std::shared_ptr> all_tests_pass; - - r1cs_ppzksnark_online_verifier_component( - blueprint &bp, - const r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable &pvk, - const blueprint_variable_vector &input, - const std::size_t elt_size, - const r1cs_ppzksnark_proof_variable &proof, - const blueprint_variable &result) : - component(bp), - pvk(pvk), input(input), elt_size(elt_size), proof(proof), result(result), - input_len(input.size()) { - // accumulate input and store base in acc - acc.reset(new element_g1(bp)); - std::vector> IC_terms; - for (std::size_t i = 0; i < pvk.encoded_IC_query.size(); ++i) { - IC_terms.emplace_back(*(pvk.encoded_IC_query[i])); - } - accumulate_input.reset(new G1_multiscalar_mul_component( - bp, *(pvk.encoded_IC_base), input, elt_size, IC_terms, *acc)); - - // allocate results for precomputation - proof_g_A_h_precomp.reset(new g1_precomputation()); - proof_g_A_g_acc_C_precomp.reset(new g1_precomputation()); - proof_g_A_g_acc_precomp.reset(new g1_precomputation()); - proof_g_A_g_precomp.reset(new g1_precomputation()); - proof_g_B_h_precomp.reset(new g1_precomputation()); - proof_g_C_h_precomp.reset(new g1_precomputation()); - proof_g_C_g_precomp.reset(new g1_precomputation()); - proof_g_K_precomp.reset(new g1_precomputation()); - proof_g_H_precomp.reset(new g1_precomputation()); - - proof_g_B_g_precomp.reset(new g2_precomputation()); - - // do the necessary precomputations - // compute things not available in plain from proof/vk - proof_g_A_g_acc.reset(new element_g1(bp)); - compute_proof_g_A_g_acc.reset( - new element_g1_add(bp, *(proof.g_A_g), *acc, *proof_g_A_g_acc)); - proof_g_A_g_acc_C.reset(new element_g1(bp)); - compute_proof_g_A_g_acc_C.reset(new element_g1_add( - bp, *proof_g_A_g_acc, *(proof.g_C_g), *proof_g_A_g_acc_C)); - - compute_proof_g_A_g_acc_precomp.reset( - new precompute_G1_component(bp, *proof_g_A_g_acc, *proof_g_A_g_acc_precomp)); - compute_proof_g_A_g_acc_C_precomp.reset(new precompute_G1_component( - bp, *proof_g_A_g_acc_C, *proof_g_A_g_acc_C_precomp)); - - // do other precomputations - compute_proof_g_A_h_precomp.reset( - new precompute_G1_component(bp, *(proof.g_A_h), *proof_g_A_h_precomp)); - compute_proof_g_A_g_precomp.reset( - new precompute_G1_component(bp, *(proof.g_A_g), *proof_g_A_g_precomp)); - compute_proof_g_B_h_precomp.reset( - new precompute_G1_component(bp, *(proof.g_B_h), *proof_g_B_h_precomp)); - compute_proof_g_C_h_precomp.reset( - new precompute_G1_component(bp, *(proof.g_C_h), *proof_g_C_h_precomp)); - compute_proof_g_C_g_precomp.reset( - new precompute_G1_component(bp, *(proof.g_C_g), *proof_g_C_g_precomp)); - compute_proof_g_H_precomp.reset( - new precompute_G1_component(bp, *(proof.g_H), *proof_g_H_precomp)); - compute_proof_g_K_precomp.reset( - new precompute_G1_component(bp, *(proof.g_K), *proof_g_K_precomp)); - compute_proof_g_B_g_precomp.reset( - new precompute_G2_component(bp, *(proof.g_B_g), *proof_g_B_g_precomp)); - - // check validity of A knowledge commitment - kc_A_valid.allocate(bp); - check_kc_A_valid.reset( - new check_e_equals_e_component(bp, - *proof_g_A_g_precomp, - *(pvk.vk_alphaA_g2_precomp), - *proof_g_A_h_precomp, - *(pvk.pp_G2_one_precomp), - kc_A_valid)); - - // check validity of B knowledge commitment - kc_B_valid.allocate(bp); - check_kc_B_valid.reset( - new check_e_equals_e_component(bp, - *(pvk.vk_alphaB_g1_precomp), - *proof_g_B_g_precomp, - *proof_g_B_h_precomp, - *(pvk.pp_G2_one_precomp), - kc_B_valid)); - - // check validity of C knowledge commitment - kc_C_valid.allocate(bp); - check_kc_C_valid.reset( - new check_e_equals_e_component(bp, - *proof_g_C_g_precomp, - *(pvk.vk_alphaC_g2_precomp), - *proof_g_C_h_precomp, - *(pvk.pp_G2_one_precomp), - kc_C_valid)); - - // check QAP divisibility - QAP_valid.allocate(bp); - check_QAP_valid.reset(new check_e_equals_ee_component(bp, - *proof_g_A_g_acc_precomp, - *proof_g_B_g_precomp, - *proof_g_H_precomp, - *(pvk.vk_rC_Z_g2_precomp), - *proof_g_C_g_precomp, - *(pvk.pp_G2_one_precomp), - QAP_valid)); - - // check coefficients - CC_valid.allocate(bp); - check_CC_valid.reset( - new check_e_equals_ee_component(bp, - *proof_g_K_precomp, - *(pvk.vk_gamma_g2_precomp), - *proof_g_A_g_acc_C_precomp, - *(pvk.vk_gamma_beta_g2_precomp), - *(pvk.vk_gamma_beta_g1_precomp), - *proof_g_B_g_precomp, - CC_valid)); - - // final constraint - all_test_results.emplace_back(kc_A_valid); - all_test_results.emplace_back(kc_B_valid); - all_test_results.emplace_back(kc_C_valid); - all_test_results.emplace_back(QAP_valid); - all_test_results.emplace_back(CC_valid); - - all_tests_pass.reset(new conjunction(bp, all_test_results, result)); - } - - void generate_gates() { - accumulate_input->generate_gates(); - - compute_proof_g_A_g_acc->generate_gates(); - compute_proof_g_A_g_acc_C->generate_gates(); - - compute_proof_g_A_g_acc_precomp->generate_gates(); - compute_proof_g_A_g_acc_C_precomp->generate_gates(); - - compute_proof_g_A_h_precomp->generate_gates(); - compute_proof_g_A_g_precomp->generate_gates(); - compute_proof_g_B_h_precomp->generate_gates(); - compute_proof_g_C_h_precomp->generate_gates(); - compute_proof_g_C_g_precomp->generate_gates(); - compute_proof_g_H_precomp->generate_gates(); - compute_proof_g_K_precomp->generate_gates(); - compute_proof_g_B_g_precomp->generate_gates(); - - check_kc_A_valid->generate_gates(); - check_kc_B_valid->generate_gates(); - check_kc_C_valid->generate_gates(); - check_QAP_valid->generate_gates(); - check_CC_valid->generate_gates(); - - all_tests_pass->generate_gates(); - } - - void generate_assignments() { - accumulate_input->generate_assignments(); - - compute_proof_g_A_g_acc->generate_assignments(); - compute_proof_g_A_g_acc_C->generate_assignments(); - - compute_proof_g_A_g_acc_precomp->generate_assignments(); - compute_proof_g_A_g_acc_C_precomp->generate_assignments(); - - compute_proof_g_A_h_precomp->generate_assignments(); - compute_proof_g_A_g_precomp->generate_assignments(); - compute_proof_g_B_h_precomp->generate_assignments(); - compute_proof_g_C_h_precomp->generate_assignments(); - compute_proof_g_C_g_precomp->generate_assignments(); - compute_proof_g_H_precomp->generate_assignments(); - compute_proof_g_K_precomp->generate_assignments(); - compute_proof_g_B_g_precomp->generate_assignments(); - - check_kc_A_valid->generate_assignments(); - check_kc_B_valid->generate_assignments(); - check_kc_C_valid->generate_assignments(); - check_QAP_valid->generate_assignments(); - check_CC_valid->generate_assignments(); - - all_tests_pass->generate_assignments(); - } - }; - - template - class r1cs_ppzksnark_verifier_component : public component { - public: - typedef typename CurveType::scalar_field_type FieldType; - - std::shared_ptr> - pvk; - std::shared_ptr> compute_pvk; - std::shared_ptr> online_verifier; - - r1cs_ppzksnark_verifier_component(blueprint &bp, - const r1cs_ppzksnark_verification_key_variable &vk, - const blueprint_variable_vector &input, - const std::size_t elt_size, - const r1cs_ppzksnark_proof_variable &proof, - const blueprint_variable &result) : - component(bp) { - pvk.reset( - new r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable()); - compute_pvk.reset( - new r1cs_ppzksnark_verifier_process_vk_component(bp, vk, *pvk)); - online_verifier.reset(new r1cs_ppzksnark_online_verifier_component( - bp, *pvk, input, elt_size, proof, result)); - } - - void generate_gates() { - compute_pvk->generate_gates(); - - online_verifier->generate_gates(); - } - - void generate_assignments() { - compute_pvk->generate_assignments(); - online_verifier->generate_assignments(); - } - }; - } // namespace components - } // namespace snark - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_R1CS_PPZKSNARK_VERIFIER_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/components/voting/r1cs/encrypted_input_voting.hpp b/crypto3/libs/blueprint/include/nil/blueprint/components/voting/r1cs/encrypted_input_voting.hpp deleted file mode 100644 index 08b7005693..0000000000 --- a/crypto3/libs/blueprint/include/nil/blueprint/components/voting/r1cs/encrypted_input_voting.hpp +++ /dev/null @@ -1,148 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_VOTING_ENCRYPTED_INPUT_VOTING_COMPONENT_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_VOTING_ENCRYPTED_INPUT_VOTING_COMPONENT_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace blueprint { - namespace components { - template, - typename MerkleTreeHashComponent = HashComponent, - typename Field = typename HashComponent::field_type> - struct encrypted_input_voting : public component { - using field_type = Field; - using hash_component = HashComponent; - using merkle_proof_validating_component = - merkle_proof_validate; - using merkle_proof_component = typename merkle_proof_validating_component::merkle_proof_component; - - digest_variable sn_computed; - digest_variable pk; - digest_variable pk_leaf; - hash_component pk_hasher; - MerkleTreeHashComponent pk_leaf_hasher; - merkle_proof_validating_component root_validator; - hash_component sn_hasher; - bit_vector_copy_component check_sn; - - block_variable m; - block_variable eid; - digest_variable sn; - block_variable sk; - - /** - * @warning If you just want to compute intermediate fields (\p rt and \p sn) it is sufficient to - * instantiate encrypted_input_voting component and call \p generate_assignments, but if you want - * to check satisfiability of the CS you have to call \p generate_assignments for \p rt and \p sn - * with expected values before call \p is_satisfied for \p bp. This is due to using of the - * bit_vector_copy_component which is responsible for both logics: copying of the computed fields - * (\p rt and \p sn) and comparison of the computed and passed values. So, if you don't call \p - * generate_assignments for \p rt and \p sn satisfiability check will always be positive, i.e. - * false positive error happens. Another solution - instead of manual calling to the \p - * generate_assignments for \p rt and \p sn just use encrypted_input_voting's \p - * generate_assignments accepting additional parameters \p root and \p sn. - */ - encrypted_input_voting(blueprint &bp, - const block_variable &m, - const block_variable &eid, - const digest_variable &sn, - const digest_variable &rt, - const detail::blueprint_linear_combination_vector &address_bits, - const merkle_proof_component &path, - const block_variable &sk, - const detail::blueprint_linear_combination &read_successful) : - component(bp), - // private fields - sn_computed(bp, hash_component::digest_bits), pk(bp, hash_component::digest_bits), - pk_leaf(bp, MerkleTreeHashComponent::digest_bits), pk_hasher(bp, sk, pk), - pk_leaf_hasher(bp, pk, pk_leaf), - root_validator(bp, path.tree_depth, address_bits, pk_leaf, rt, path, read_successful), - sn_hasher(bp, - std::vector { - eid, - sk, - }, - sn_computed), - check_sn(bp, sn_computed.bits, sn.bits, read_successful, field_type::number_bits), - // public fields - m(m), eid(eid), sn(sn), sk(sk) { - } - - // TODO: review all necessary constrains, for example, eid - void generate_gates() { - pk_hasher.generate_gates(); - pk_leaf_hasher.generate_gates(); - root_validator.generate_gates(); - sn_hasher.generate_gates(); - check_sn.generate_gates(false, false); - - math::linear_combination sum_m_i; - for (const auto &m_i : m.bits) { - // m_i == 0 or m_i == 1 - generate_boolean_r1cs_constraint( - this->bp, static_cast>(m_i)); - sum_m_i = sum_m_i + m_i; - } - // sum_m_i == 1 - this->bp.add_r1cs_constraint( - snark::r1cs_constraint(Field::value_type::one(), sum_m_i, Field::value_type::one())); - } - - private: - void generate_assignments() { - pk_hasher.generate_assignments(); - pk_leaf_hasher.generate_assignments(); - root_validator.generate_assignments(); - sn_hasher.generate_assignments(); - check_sn.generate_assignments(); - } - - public: - /** - * @brief Witness generation should be called every time we update - */ - void generate_assignments(const std::vector &root, const std::vector &sn) { - generate_assignments(); - root_validator.root.generate_assignments(root); - this->sn.generate_assignments(sn); - } - - inline std::size_t get_input_size() const { - return m.block_size + eid.block_size + sn.digest_size + root_validator.root.digest_size; - } - }; - } // namespace components - } // namespace blueprint - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_VOTING_ENCRYPTED_INPUT_VOTING_COMPONENT_HPP diff --git a/crypto3/libs/blueprint/include/nil/blueprint/zkevm/operations/div.hpp b/crypto3/libs/blueprint/include/nil/blueprint/zkevm/operations/div.hpp index f170a034f2..d2c28be26b 100644 --- a/crypto3/libs/blueprint/include/nil/blueprint/zkevm/operations/div.hpp +++ b/crypto3/libs/blueprint/include/nil/blueprint/zkevm/operations/div.hpp @@ -92,8 +92,6 @@ namespace nil { auto var_gen = [&witness_cols](std::size_t i, int32_t offset = 0) { return zkevm_operation::var_gen(witness_cols, i, offset); }; - const std::size_t range_check_table_index = - zkevm_circuit.get_circuit().get_reserved_indices().at("chunk_16_bits/full"); constraint_type position_1 = zkevm_circuit.get_opcode_row_constraint(2, this->rows_amount()); std::vector a_chunks; std::vector b_chunks_1; diff --git a/crypto3/libs/blueprint/test/CMakeLists.txt b/crypto3/libs/blueprint/test/CMakeLists.txt index e950fec695..32ba69d964 100644 --- a/crypto3/libs/blueprint/test/CMakeLists.txt +++ b/crypto3/libs/blueprint/test/CMakeLists.txt @@ -191,17 +191,6 @@ set(PLONK_TESTS_FILES "zkevm/bytecode" ) -#set(FIELDS_TESTS_FILES - #"algebra/fields/r1cs/fp2" - #"algebra/fields/r1cs/fp2_verification" - #"algebra/fields/r1cs/fp3" - #"algebra/fields/r1cs/fp3_verification" - #"algebra/fields/r1cs/fp4" - #"algebra/fields/r1cs/fp4_verification" - #"algebra/fields/r1cs/fp6_2over3" - #"algebra/fields/r1cs/fp6_2over3_verification" - #"algebra/fields/r1cs/exponentiation" -# ) set(ZKEVM_TESTS_FILES "zkevm/state_selector" @@ -213,41 +202,6 @@ set(ZKEVM_TESTS_FILES "zkevm/opcodes/div" ) -#set(CURVES_TESTS_FILES - #"algebra/curves/r1cs/montgomery" - #"algebra/curves/r1cs/twisted_edwards" - #"algebra/curves/r1cs/fixed_base_mul_zcash" -# ) - -#set(HASHES_TESTS_FILES - #"hashes/r1cs/knapsack" - #"hashes/r1cs/knapsack_verification" - #"hashes/r1cs/sha256" - #"hashes/r1cs/sha256_verification" - #"hashes/r1cs/pedersen") - -#set(PAIRING_TESTS_FILES - #"algebra/pairing/weierstrass/r1cs/miller_loop" - #"algebra/pairing/weierstrass/r1cs/precomputation") - -#set(ROUTING_TESTS_FILES - #"routing_algorithms/routing_algorithms" - #"routing/r1cs/as_waksman" - #"routing/r1cs/benes") - -#set(SCHEMES_TESTS_FILES - #"verifiers/r1cs_ppzksnark" - #"set_commitment_component") - -#set(MERKLE_TREE_TESTS_FILES -# "merkle_tree_components") - -#set(VOTING_TESTS_FILES -# "voting/r1cs/encrypted_input_voting") - -#set(BASIC_COMPONENTS_TESTS_FILES - #"basic_components" - #"basic_components_r1cs_gg_ppzksnark") SET(ALGEBRA_TESTS_FILES ${FIELDS_TESTS_FILES} diff --git a/crypto3/libs/blueprint/test/algebra/curves/r1cs/fixed_base_mul_zcash.cpp b/crypto3/libs/blueprint/test/algebra/curves/r1cs/fixed_base_mul_zcash.cpp deleted file mode 100644 index ddf95b2ee7..0000000000 --- a/crypto3/libs/blueprint/test/algebra/curves/r1cs/fixed_base_mul_zcash.cpp +++ /dev/null @@ -1,291 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE blueprint_fixed_base_mul_zcash_component_test - -#include - -#include -#include -#include - -#include -#include -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp &e) { - std::cout << e.data << std::endl; -} - -template -void test_curves_g1_fixed_base_mul_zcash_component( - blueprint &bp, - const BasePoints &all_basepoints, - nil::crypto3::zk::detail::blueprint_variable_vector &in_bits, - const typename Curve::template g1_type::value_type - &expected) { - using curve_type = Curve; - using fixed_base_mul_zcash_component = components::fixed_base_mul_zcash; - using field_type = typename fixed_base_mul_zcash_component::field_type; - using field_value_type = typename field_type::value_type; - using integral_type = typename field_type::integral_type; - using twisted_edwards_group_value_type = - typename fixed_base_mul_zcash_component::twisted_edwards_element_component::group_value_type; - - static_assert(std::is_same::value_type>::value); - - std::size_t basepoints_required = components::fixed_base_mul_zcash::basepoints_required(in_bits.size()); - - for (const auto &p : all_basepoints) { - BOOST_CHECK(p.is_well_formed()); - } - - std::vector basepoints; - std::copy(all_basepoints.begin(), all_basepoints.begin() + basepoints_required, std::back_inserter(basepoints)); - - // components::element_g1 result(bp); - typename fixed_base_mul_zcash_component::twisted_edwards_element_component result(bp); - fixed_base_mul_zcash_component fixed_base_mul_instance(bp, basepoints, in_bits, result); - - fixed_base_mul_instance.generate_assignments(); - fixed_base_mul_instance.generate_gates(); - - BOOST_CHECK(expected.X == bp.lc_val(result.X)); - BOOST_CHECK(expected.Y == bp.lc_val(result.Y)); - BOOST_CHECK(bp.is_satisfied()); -} - -template -void test_curves_g1_fixed_base_mul_zcash_component( - const BasePoints &all_basepoints, - const std::vector &bits, - const typename Curve::template g1_type::value_type - &expected) { - using curve_type = Curve; - using fixed_base_mul_zcash_component = components::fixed_base_mul_zcash; - using field_type = typename fixed_base_mul_zcash_component::field_type; - - blueprint bp; - nil::crypto3::zk::detail::blueprint_variable_vector scalar; - scalar.allocate(bp, bits.size()); - scalar.fill_with_bits(bp, bits); - - test_curves_g1_fixed_base_mul_zcash_component(bp, all_basepoints, scalar, expected); -} - -template -void test_curves_g1_fixed_base_mul_zcash_component( - const BasePoints &all_basepoints, - const typename Curve::base_field_type::value_type &s, - std::size_t size, - const typename Curve::template g1_type::value_type - &expected) { - // Because one of test has different size (the on with 255) - // std::size_t size = multiprecision::msb(integral_type(s.data)) + 1; - using curve_type = Curve; - using fixed_base_mul_zcash_component = components::fixed_base_mul_zcash; - using field_type = typename fixed_base_mul_zcash_component::field_type; - - blueprint bp; - nil::crypto3::zk::detail::blueprint_variable_vector scalar; - scalar.allocate(bp, size); - scalar.fill_with_bits_of_field_element(bp, s); - - test_curves_g1_fixed_base_mul_zcash_component(bp, all_basepoints, scalar, expected); -} - -BOOST_AUTO_TEST_SUITE(blueprint_fixed_base_mul_zcash_manual_test_suite) - -// test data generated by https://github.com/zcash-hackworks/zcash-test-vectors -BOOST_AUTO_TEST_CASE(edwards_fixed_base_mul_zcash_jubjub_test) { - using curve_type = curves::jubjub; - using field_type = typename curve_type::base_field_type; - using field_value_type = typename field_type::value_type; - using integral_type = typename field_type::integral_type; - - std::vector< - typename curve_type::template g1_type::value_type> - all_basepoints = { - {field_value_type( - integral_type("14821992026951101352906249207585330645531160601076441869339940926000353872705")), - field_value_type( - integral_type("52287259411977570791304693313354699485314647509298698724706688571292689216990"))}, - {field_value_type( - integral_type("1463691854240270278606818648002136194121833583821877204193209581327298182344")), - field_value_type( - integral_type("29819841443135548958808950484163239058878703816702478211299889017771131589670"))}, - {field_value_type( - integral_type("40291265060939609650944463710328312785099355084223308258183327547022417006973")), - field_value_type( - integral_type("52192102488968215278324791125420866252464543397675384723668566547038588479994"))}, - {field_value_type( - integral_type("9727827140824687394408632390964265750934762150332666686367551954377952599690")), - field_value_type( - integral_type("19724757542882122580209648860907766139392382704367414563715710526666657068129"))}, - }; - - std::vector bits_to_hash = {0, 0, 0, 1, 1, 1}; - auto expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("3669431847238482802904025485408296241776002230868041345055738963615665974946")), - field_value_type( - integral_type("27924821127213629235056488929093463445821551452792195607066067950495472725010"))); - test_curves_g1_fixed_base_mul_zcash_component(all_basepoints, bits_to_hash, expected); - - bits_to_hash = std::vector {0, 0, 1}; - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("37613883148175089126541491300600635192159391899451195953263717773938227311808")), - field_value_type( - integral_type("52287259411977570791304693313354699485314647509298698724706688571292689216990"))); - test_curves_g1_fixed_base_mul_zcash_component(all_basepoints, bits_to_hash, expected); - - bits_to_hash = std::vector {0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1}; - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("42176130776060636907007595971304534904965322197894055434176666599102076910022")), - field_value_type( - integral_type("41298132615767455442973386625334423316246314118050839847545855695501416927077"))); - test_curves_g1_fixed_base_mul_zcash_component(all_basepoints, bits_to_hash, expected); -} - -// test data generated by https://github.com/HarryR/ethsnarks -BOOST_AUTO_TEST_CASE(babyjubjub_test) { - using curve_type = curves::babyjubjub; - using field_type = typename curve_type::base_field_type; - using field_value_type = typename field_type::value_type; - using integral_type = typename field_type::integral_type; - - std::vector< - typename curve_type::template g1_type::value_type> - all_basepoints = { - {field_value_type( - integral_type("13418723823902222986275588345615650707197303761863176429873001977640541977977")), - field_value_type( - integral_type("15255921313433251341520743036334816584226787412845488772781699434149539664639"))}, - {field_value_type( - integral_type("11749872627669176692285695179399857264465143297451429569602068921530882657945")), - field_value_type( - integral_type("2495745987765795949478491016197984302943511277003077751830848242972604164102"))}}; - - field_value_type scalar = - field_value_type(integral_type("6453482891510615431577168724743356132495662554103773572771861111634748265227")); - auto expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("6545697115159207040330446958704617656199928059562637738348733874272425400594")), - field_value_type( - integral_type("16414097465381367987194277536478439232201417933379523927469515207544654431390"))); - test_curves_g1_fixed_base_mul_zcash_component(all_basepoints, scalar, 252, expected); - - scalar = field_value_type(integral_type("267")); - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("6790798216812059804926342266703617627640027902964190490794793207272357201212")), - field_value_type( - integral_type("2522797517250455013248440571887865304858084343310097011302610004060289809689"))); - test_curves_g1_fixed_base_mul_zcash_component(all_basepoints, scalar, 9, expected); - - scalar = field_value_type( - integral_type("21888242871839275222246405745257275088548364400416034343698204186575808495616")); - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("16322787121012335146141962340685388833598805940095898416175167744309692564601")), - field_value_type( - integral_type("7671892447502767424995649701270280747270481283542925053047237428072257876309"))); - test_curves_g1_fixed_base_mul_zcash_component(all_basepoints, scalar, 255, expected); -} - -// BOOST_AUTO_TEST_CASE(edwards_fixed_base_mul_zcash_babyjubjub_bytes_test) { - -// using curve_type = curves::babyjubjub; -// using field_type = typename curve_type::base_field_type; -// using field_value_type = typename field_type::value_type; -// using integral_type = typename field_type::integral_type; -// using value_type = typename curve_type::g1_type::value_type; - -// std::cout << "Edwards curve fixed_base_mul_zcash component bytes test started" << std::endl; -// // typename curve_type::g1_type::value_type p1 = -// // random_element(); -// std::cout << "Started for BabyJubJub" << std::endl; - -// auto bits = bytes_to_bv((const uint8_t*)"abc", 3); - -// typename curve_type::g1_type::value_type expected = -// typename curve_type::g1_type::value_type ( -// field_value_type(integral_type("9869277320722751484529016080276887338184240285836102740267608137843906399765")), -// field_value_type(integral_type("19790690237145851554496394080496962351633528315779989340140084430077208474328")) -// ); - -// test_curves_g1_fixed_base_mul_zcash_component(bits, -// expected); - -// bits = bytes_to_bv((const uint8_t*)"abcdef", 6); - -// expected = -// typename curve_type::g1_type::value_type ( -// field_value_type(integral_type("3152592107782913127811973383449327981421816164636305446433885391611437772003")), -// field_value_type(integral_type("21757413191206167432148830329017031919270024158827230996476733729375089049175")) -// ); - -// test_curves_g1_fixed_base_mul_zcash_component(bits, -// expected); - -// bits = bytes_to_bv((const uint8_t*)"abcdefghijklmnopqrstuvwx", 24); - -// expected = -// typename curve_type::g1_type::value_type ( -// field_value_type(integral_type("3966548799068703226441887746390766667253943354008248106643296790753369303077")), -// field_value_type(integral_type("12849086395963202120677663823933219043387904870880733726805962981354278512988")) -// ); - -// test_curves_g1_fixed_base_mul_zcash_component(bits, -// expected); - -// } - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/curves/r1cs/montgomery.cpp b/crypto3/libs/blueprint/test/algebra/curves/r1cs/montgomery.cpp deleted file mode 100644 index 6bd61b9126..0000000000 --- a/crypto3/libs/blueprint/test/algebra/curves/r1cs/montgomery.cpp +++ /dev/null @@ -1,93 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE blueprint_montgomery_test - -#include -#include -#include - -#include -#include - -#include - -#include "test_utils.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -// TODO: extend tests -BOOST_AUTO_TEST_SUITE(blueprint_montgomery_operations_manual_test_suite) - -BOOST_AUTO_TEST_CASE(babyjubjub_test) { - using curve_type = curves::babyjubjub; - using element_component = - components::element_g1; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - group_value_type p1(integral_type("13229275355733428112095997489641024783055769870913646006080868652901570030764"), - integral_type("11134533164006840987080284949303064671639289755466531605577535852885854976142")); - group_value_type p2(integral_type("7117928050407583618111176421555214756675765419608405867398403713213306743542"), - integral_type("14577268218881899420966779687690205425227431577728659819975198491127179315626")); - group_value_type p1_plus_p2( - integral_type("15566970094137508604402505312544881598484695740314362381445040160425553677096"), - integral_type("6669854856059550313288855374895200898734184719090215367165264323940796559798")); - - check_affine_montgomery_g1_operations({p1, p2, p1_plus_p2}); - // TODO: there is a little cheat applied, twisted Edwards equivalent points had better calculate separately and - // hard-code into the test - check_montgomery_to_twisted_edwards_component( - {p1, p2, p1_plus_p2}, {p1.to_twisted_edwards(), p2.to_twisted_edwards(), p1_plus_p2.to_twisted_edwards()}); -} - -BOOST_AUTO_TEST_CASE(jubjub_test) { - using curve_type = curves::jubjub; - using element_component = - components::element_g1; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - group_value_type p1(integral_type("5587996947380639047162049858166730204103969545442236298644831829013577070405"), - integral_type("3353220127577076936794824489270300729183005062496343538855887806046831862653")); - group_value_type p2(integral_type("37380265172535953876205871964221324158436172047572074969815349807835370906304"), - integral_type("26055707688826178243212294438612447599848256944592175663688341250454494541524")); - group_value_type p1_plus_p2( - integral_type("31338886305606494662271397096913232944110804555543936006670599257012320678243"), - integral_type("50113340805577397178918081218860537289046253010504685476128585225439863641470")); - - check_affine_montgomery_g1_operations({p1, p2, p1_plus_p2}); - // TODO: there is a little cheat applied, twisted Edwards equivalent points had better calculate separately and - // hard-code into the test - check_montgomery_to_twisted_edwards_component( - {p1, p2, p1_plus_p2}, {p1.to_twisted_edwards(), p2.to_twisted_edwards(), p1_plus_p2.to_twisted_edwards()}); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/algebra/curves/r1cs/test_utils.hpp b/crypto3/libs/blueprint/test/algebra/curves/r1cs/test_utils.hpp deleted file mode 100644 index 578b632f87..0000000000 --- a/crypto3/libs/blueprint/test/algebra/curves/r1cs/test_utils.hpp +++ /dev/null @@ -1,259 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_CURVES_TEST_UTILS_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_CURVES_TEST_UTILS_HPP - -#include - -#include -#include - -#include - -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -enum : std::size_t { - p1, - p2, - p1_plus_p2, -}; - -template -void check_input_points(const std::vector &points) { - using curve_type = Curve; - using element_component = ElementComponent; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - for (const auto &p : points) { - BOOST_CHECK(p.is_well_formed()); - } - BOOST_CHECK(points[p1] + points[p2] == points[p1_plus_p2]); -} - -template -void check_addition_component_auto_allocation(const std::vector &points) { - using curve_type = Curve; - using element_component = ElementComponent; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - components::blueprint bp, bp_copy; - element_component p1_component(bp, points[p1]); - element_component p2_component(bp, points[p2]); - element_component p1_plus_p2_component(bp, points[p1_plus_p2]); - typename element_component::addition_component add_component(bp, p1_component, p2_component); - - add_component.generate_assignments(); - add_component.generate_gates(); - - bp.add_r1cs_constraint(snark::r1cs_constraint({points[p1_plus_p2].X}, {field_type::value_type::one()}, - {add_component.result.X})); - bp_copy = bp; - bp.add_r1cs_constraint(snark::r1cs_constraint({points[p1_plus_p2].Y}, {field_type::value_type::one()}, - {add_component.result.Y})); - BOOST_CHECK(bp.is_satisfied()); - bp_copy.add_r1cs_constraint(snark::r1cs_constraint( - {points[p1_plus_p2].Y}, {-field_type::value_type::one()}, {add_component.result.Y})); - BOOST_CHECK(!bp_copy.is_satisfied()); - - bp_copy = bp; - bp_copy.add_r1cs_constraint(snark::r1cs_constraint( - {-(points[p1_plus_p2].Y)}, {field_type::value_type::one()}, {add_component.result.Y})); - BOOST_CHECK(!bp_copy.is_satisfied()); -} - -template -void check_addition_component_manual_allocation( - const std::vector &points) { - using curve_type = Curve; - using element_component = ElementComponent; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - components::blueprint bp, bp_copy; - element_component p1_component(bp, points[p1]); - element_component p2_component(bp, points[p2]); - element_component result(bp); - // element_component p1_plus_p2_component(bp, points[p1_plus_p2]); - typename element_component::addition_component add_component(bp, p1_component, p2_component, result); - - add_component.generate_assignments(); - add_component.generate_gates(); - BOOST_CHECK(bp.is_satisfied()); - - bp.add_r1cs_constraint( - snark::r1cs_constraint({points[p1_plus_p2].X}, {field_type::value_type::one()}, {result.X})); - bp_copy = bp; - bp.add_r1cs_constraint( - snark::r1cs_constraint({points[p1_plus_p2].Y}, {field_type::value_type::one()}, {result.Y})); - BOOST_CHECK(bp.is_satisfied()); - bp_copy.add_r1cs_constraint( - snark::r1cs_constraint({points[p1_plus_p2].Y}, {-field_type::value_type::one()}, {result.Y})); - BOOST_CHECK(!bp_copy.is_satisfied()); - - bp_copy = bp; - bp_copy.add_r1cs_constraint( - snark::r1cs_constraint({-(points[p1_plus_p2].Y)}, {field_type::value_type::one()}, {result.Y})); - BOOST_CHECK(!bp_copy.is_satisfied()); -} - -template -void check_is_well_formed_component(const std::vector &points) { - using curve_type = Curve; - using element_component = ElementComponent; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - for (const auto &p : points) { - components::blueprint bp, bp_copy; - element_component p_component(bp, p); - typename element_component::is_well_formed_component is_well_component(bp, p_component); - is_well_component.generate_assignments(); - is_well_component.generate_gates(); - BOOST_CHECK(bp.is_satisfied()); - - // point is not on the curve - auto p_copy = p; - // TODO: set random field element would be better - p_copy.X = field_type::value_type::zero(); - element_component p_component_copy(bp_copy, p_copy); - typename element_component::is_well_formed_component is_well_component_copy(bp_copy, p_component_copy); - is_well_component_copy.generate_assignments(); - is_well_component_copy.generate_gates(); - BOOST_CHECK(!bp_copy.is_satisfied()); - } -} - -template< - typename Curve, - typename FromElementComponent = - components::element_g1, - typename ToElementComponent = typename FromElementComponent::to_twisted_edwards_component::to_element_component> -void check_montgomery_to_twisted_edwards_component_auto_allocation( - const std::vector &points_from, - const std::vector &points_to) { - using curve_type = Curve; - using field_type = typename FromElementComponent::field_type; - - assert(points_from.size() == points_to.size()); - check_input_points(points_from); - check_input_points(points_to); - - // TODO: extend test to check wrong values - std::for_each(boost::make_zip_iterator(boost::make_tuple(std::cbegin(points_from), std::cbegin(points_to))), - boost::make_zip_iterator(boost::make_tuple(std::cend(points_from), std::cend(points_to))), - [&](const boost::tuple &t) { - components::blueprint bp, bp_copy; - FromElementComponent p_component(bp, t.template get<0>()); - typename FromElementComponent::to_twisted_edwards_component to_tw_edwards_component(bp, - p_component); - to_tw_edwards_component.generate_assignments(); - to_tw_edwards_component.generate_gates(); - - bp.add_r1cs_constraint(snark::r1cs_constraint(t.template get<1>().X, 1, - to_tw_edwards_component.result.X)); - bp.add_r1cs_constraint(snark::r1cs_constraint(t.template get<1>().Y, 1, - to_tw_edwards_component.result.Y)); - - BOOST_CHECK(bp.is_satisfied()); - }); -} - -template< - typename Curve, - typename FromElementComponent = - components::element_g1, - typename ToElementComponent = typename FromElementComponent::to_twisted_edwards_component::to_element_component> -void check_montgomery_to_twisted_edwards_component_manual_allocation( - const std::vector &points_from, - const std::vector &points_to) { - using curve_type = Curve; - using field_type = typename FromElementComponent::field_type; - - assert(points_from.size() == points_to.size()); - check_input_points(points_from); - check_input_points(points_to); - - // TODO: extend test to check wrong values - std::for_each(boost::make_zip_iterator(boost::make_tuple(std::cbegin(points_from), std::cbegin(points_to))), - boost::make_zip_iterator(boost::make_tuple(std::cend(points_from), std::cend(points_to))), - [&](const boost::tuple &t) { - components::blueprint bp, bp_copy; - FromElementComponent p_component(bp, t.template get<0>()); - ToElementComponent result(bp); - typename FromElementComponent::to_twisted_edwards_component to_tw_edwards_component( - bp, p_component, result); - to_tw_edwards_component.generate_assignments(); - to_tw_edwards_component.generate_gates(); - - bp.add_r1cs_constraint(snark::r1cs_constraint(t.template get<1>().X, 1, result.X)); - bp.add_r1cs_constraint(snark::r1cs_constraint(t.template get<1>().Y, 1, result.Y)); - - BOOST_CHECK(bp.is_satisfied()); - }); -} - -template< - typename Curve, - typename FromElementComponent = - components::element_g1, - typename ToElementComponent = typename FromElementComponent::to_twisted_edwards_component::to_element_component> -void check_montgomery_to_twisted_edwards_component( - const std::vector &points_from, - const std::vector &points_to) { - check_montgomery_to_twisted_edwards_component_auto_allocation( - points_from, points_to); - check_montgomery_to_twisted_edwards_component_manual_allocation( - points_from, points_to); -} - -template> -void check_affine_montgomery_g1_operations(const std::vector &points) { - check_input_points(points); - check_addition_component_auto_allocation(points); - check_addition_component_manual_allocation(points); -} - -template> -void check_affine_twisted_edwards_g1_operations( - const std::vector &points) { - check_input_points(points); - check_addition_component_auto_allocation(points); - check_addition_component_manual_allocation(points); - check_is_well_formed_component(points); -} - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_CURVES_TEST_UTILS_HPP diff --git a/crypto3/libs/blueprint/test/algebra/curves/r1cs/twisted_edwards.cpp b/crypto3/libs/blueprint/test/algebra/curves/r1cs/twisted_edwards.cpp deleted file mode 100644 index a6f47b9f2b..0000000000 --- a/crypto3/libs/blueprint/test/algebra/curves/r1cs/twisted_edwards.cpp +++ /dev/null @@ -1,94 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE blueprint_twisted_edwards_test - -#include -#include -#include - -#include -#include - -#include - -#include "test_utils.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -// TODO: extend tests -BOOST_AUTO_TEST_SUITE(blueprint_twisted_edwards_operations_manual_test_suite) - -BOOST_AUTO_TEST_CASE(babyjubjub_test) { - using curve_type = curves::babyjubjub; - using element_component = - components::element_g1; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - group_value_type p1(integral_type("10031262171927540148667355526369034398030886437092045105752248699557385197826"), - integral_type("633281375905621697187330766174974863687049529291089048651929454608812697683")); - group_value_type p2(integral_type("5299619240641551281634865583518297030282874472190772894086521144482721001553"), - integral_type("16950150798460657717958625567821834550301663161624707787222815936182638968203")); - group_value_type p1_plus_p2( - integral_type("2763488322167937039616325905516046217694264098671987087929565332380420898366"), - integral_type("15305195750036305661220525648961313310481046260814497672243197092298550508693")); - check_affine_twisted_edwards_g1_operations({p1, p2, p1_plus_p2}); - - // from ethsnark - test_jubjub_add.cpp - p1 = - group_value_type(integral_type("16838670147829712932420991684129000253378636928981731224589534936353716235035"), - integral_type("4937932098257800452675892262662102197939919307515526854605530277406221704113")); - p2 = - group_value_type(integral_type("1538898545681068144632304956674715144385644913102700797899565858629154026483"), - integral_type("2090866097726307108368399316617534306721374642464311386024657526409503477525")); - p1_plus_p2 = - group_value_type(integral_type("6973964026021872993461206321838264291006454903617648820964060641444266170799"), - integral_type("5058405786102109493822166715025707301516781386582502239931016782220981024527")); - check_affine_twisted_edwards_g1_operations({p1, p2, p1_plus_p2}); -} - -BOOST_AUTO_TEST_CASE(jubjub_test) { - using curve_type = curves::jubjub; - using element_component = - components::element_g1; - using field_type = typename element_component::field_type; - using integral_type = typename field_type::integral_type; - using group_value_type = typename element_component::group_value_type; - - group_value_type p1(integral_type("29927994414980659866747158113976867771786823169860303107907009997724489194957"), - integral_type("462950763047385854792912911337076492277172577361226262929952084963852328241")); - group_value_type p2(integral_type("8076246640662884909881801758704306714034609987455869804520522091855516602923"), - integral_type("13262374693698910701929044844600465831413122818447359594527400194675274060458")); - group_value_type p1_plus_p2( - integral_type("45763976842262823160295807685326507554022491488280968540559802656136203717715"), - integral_type("28613822079681605882499475341323216283573790414551935851064205296797669937565")); - check_affine_twisted_edwards_g1_operations({p1, p2, p1_plus_p2}); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/algebra/fields/plonk/non_native/reduction.cpp b/crypto3/libs/blueprint/test/algebra/fields/plonk/non_native/reduction.cpp index 421f6e21e8..319ab9eed8 100644 --- a/crypto3/libs/blueprint/test/algebra/fields/plonk/non_native/reduction.cpp +++ b/crypto3/libs/blueprint/test/algebra/fields/plonk/non_native/reduction.cpp @@ -90,15 +90,19 @@ void test_reduction(std::vector public_ component_instance, desc, public_input, result_check, instance_input); } -constexpr static const crypto3::algebra::curves::ed25519::scalar_field_type::extended_integral_type ed25519_scalar_modulus = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed_cppui_modular512; -constexpr static const crypto3::algebra::curves::ed25519::scalar_field_type::extended_integral_type one = 1; -constexpr static const crypto3::algebra::curves::ed25519::scalar_field_type::extended_integral_type max512 = (one<<512)-1; +using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<513> >; + +constexpr static const extended_integral_type ed25519_scalar_modulus = + 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed_cppui_modular512; +constexpr static const extended_integral_type one = 1; +constexpr static const extended_integral_type max512 = (one << 512) - 1; template -std::vector vector_from_extended_integral(typename crypto3::algebra::curves::ed25519::scalar_field_type::extended_integral_type input) { +std::vector vector_from_extended_integral(extended_integral_type input) { std::vector pub_inp; for (std::size_t i = 0; i < 8; i++) { - typename crypto3::algebra::curves::ed25519::scalar_field_type::extended_integral_type mask = 0xffffffffffffffff_cppui_modular512; + extended_integral_type mask = 0xffffffffffffffff_cppui_modular512; typename FieldType::value_type current = typename FieldType::value_type((input >> (64*i)) & mask); pub_inp.push_back(current); } @@ -106,7 +110,7 @@ std::vector vector_from_extended_integral(typena } template -void test_reduction_input_expended_integral_calculate_expected(typename crypto3::algebra::curves::ed25519::scalar_field_type::extended_integral_type input) { +void test_reduction_input_expended_integral_calculate_expected(extended_integral_type input) { assert(input <= max512); test_reduction(vector_from_extended_integral(input), typename FieldType::value_type(input % ed25519_scalar_modulus)); } @@ -128,7 +132,7 @@ BOOST_AUTO_TEST_CASE(blueprint_variable_base_decomposition_edward25519) { test_reduction_input_expended_integral_calculate_expected(ed25519_scalar_modulus - 1); test_reduction_input_expended_integral_calculate_expected(ed25519_scalar_modulus << 256); test_reduction_input_expended_integral_calculate_expected( - max512 - crypto3::algebra::curves::ed25519::scalar_field_type::extended_integral_type( + max512 - extended_integral_type( 0x399411b7c309a3dceec73d217f5be65d00e1ba768859347a40611e3449c0f00_cppui_modular512)); } diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/arithmetic.hpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/arithmetic.hpp deleted file mode 100644 index f5320bd0d3..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/arithmetic.hpp +++ /dev/null @@ -1,85 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_ELEMENT_FP2_COMPONENT_TEST_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_ELEMENT_FP2_COMPONENT_TEST_HPP - -#include - -using namespace nil::crypto3::zk; - -template class Fpk_variableT, - template class Fpk_mul_componentT> -blueprint test_field_element_mul(typename FieldType::value_type a_value, - typename FieldType::value_type b_value){ - using field_type = FieldType; - using element_component = Fpk_variableT; - using element_mul_component = Fpk_mul_componentT; - using base_field_type = typename field_type::base_field_type; - - blueprint bp; - - element_component A(bp, a_value); - element_component B(bp, b_value); - element_component result(bp); - - element_mul_component el_mul_instance(bp, A, B, result); - el_mul_instance.generate_gates(); - el_mul_instance.generate_assignments(); - - const typename field_type::value_type res = result.get_element(); - - BOOST_CHECK(bp.is_satisfied()); - BOOST_CHECK(res == (a_value * b_value)); - - return bp; -} - -template class Fpk_variableT, - template class Fpk_squared_componentT> -blueprint test_field_element_squared(typename FieldType::value_type a_value){ - using field_type = FieldType; - using element_component = Fpk_variableT; - using element_squared_component = Fpk_squared_componentT; - using base_field_type = typename field_type::base_field_type; - - blueprint bp; - - element_component A(bp, a_value); - element_component result(bp); - - element_squared_component el_squared_instance(bp, A, result); - el_squared_instance.generate_gates(); - el_squared_instance.generate_assignments(); - - const typename field_type::value_type res = result.get_element(); - - BOOST_CHECK(bp.is_satisfied()); - BOOST_CHECK(res == (a_value.squared())); - - return bp; -} - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_ELEMENT_FP2_COMPONENT_TEST_HPP diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/exponentiation.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/exponentiation.cpp deleted file mode 100644 index 738ae99115..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/exponentiation.cpp +++ /dev/null @@ -1,98 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE exponentiation_components_test - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include -#include - -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template class Fpk_variableT, template class Fpk_mul_componentT, - template class Fpk_sqr_componentT> -void test_exponentiation_component(const typename FpkT::integral_type &power) { - typedef typename FpkT::base_field_type FieldType; - - blueprint bp; - Fpk_variableT x(bp); - Fpk_variableT x_to_power(bp); - components::exponentiation_component - exp_component(bp, x, power, x_to_power); - exp_component.generate_gates(); - - for (std::size_t i = 0; i < 10; ++i) { - const typename FpkT::value_type x_val = random_element(); - x.generate_assignments(x_val); - exp_component.generate_assignments(); - const typename FpkT::value_type res = x_to_power.get_element(); - BOOST_CHECK(bp.is_satisfied()); - BOOST_CHECK(res == (x_val.pow(power))); - } - std::cout << "Number of constraints: " << bp.num_constraints() << std::endl; - std::cout << "Power: " << power << std::endl; -} - -BOOST_AUTO_TEST_SUITE(exponentiation_component_test_suite) - -BOOST_AUTO_TEST_CASE(exponentiation_component_mnt4_298_test_case) { - - std::cout << "Testing mnt4<298>: " << std::endl; - - test_exponentiation_component::pairing::fqk_type, components::element_fp4, - components::element_fp4_mul, components::element_fp4_squared>( - curves::mnt4<298>::pairing::final_exponent_last_chunk_abs_of_w0); - -} - -BOOST_AUTO_TEST_CASE(exponentiation_component_mnt6_298_test_case) { - - std::cout << "Testing mnt6<298>: " << std::endl; - - test_exponentiation_component::pairing::fqk_type, components::element_fp6_2over3, - components::element_fp6_2over3_mul, components::element_fp6_2over3_squared>( - curves::mnt6<298>::pairing::final_exponent_last_chunk_abs_of_w0); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp2.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp2.cpp deleted file mode 100644 index 18f0a0937c..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp2.cpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp2_test - -#include -#include - -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp2 mul component test for MNT4-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = - test_field_element_mul(a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp2 mul component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp2 squared component test for MNT4-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - - blueprint bp = - test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp2 squared component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp2_verification.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp2_verification.cpp deleted file mode 100644 index 4965c204dc..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp2_verification.cpp +++ /dev/null @@ -1,112 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp2_test - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -#include "../../verify_r1cs_scheme.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 10; - std::cout << "Starting element Fp2 mul component test for MNT4-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = - test_field_element_mul(a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component>(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp2 mul component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 10; - std::cout << "Starting element Fp2 squared component test for MNT4-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - - blueprint bp = - test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component>(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp2 squared component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp3.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp3.cpp deleted file mode 100644 index 4b0e6424ea..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp3.cpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp3_test - -#include -#include - -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp3 mul component test for MNT6-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = - test_field_element_mul(a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp3 mul component test for MNT6-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp3 squared component test for MNT6-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - - blueprint bp = - test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp3 squared component test for MNT6-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp3_verification.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp3_verification.cpp deleted file mode 100644 index 94921fcc92..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp3_verification.cpp +++ /dev/null @@ -1,112 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp3_test - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -#include "../../verify_r1cs_scheme.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 10; - std::cout << "Starting element Fp3 mul component test for MNT6-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = - test_field_element_mul(a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp3 mul component test for MNT6-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::template g2_type<>::field_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 10; - std::cout << "Starting element Fp3 squared component test for MNT6-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - - blueprint bp = - test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp3 squared component test for MNT6-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp4.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp4.cpp deleted file mode 100644 index 97890e04ee..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp4.cpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp2_test - -#include -#include - -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp4 mul component test for MNT4-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = - test_field_element_mul(a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp4 mul component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp4 squared component test for MNT4-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - - blueprint bp = - test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp4 squared component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp4_verification.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp4_verification.cpp deleted file mode 100644 index 43c8997c6c..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp4_verification.cpp +++ /dev/null @@ -1,112 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp2_test - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -#include "../../verify_r1cs_scheme.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 10; - std::cout << "Starting element Fp4 mul component test for MNT4-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = - test_field_element_mul(a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp4 mul component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt4_case) { - using curve_type = typename curves::mnt4<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 10; - std::cout << "Starting element Fp4 squared component test for MNT4-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - - blueprint bp = - test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp4 squared component test for MNT4-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp6_2over3.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp6_2over3.cpp deleted file mode 100644 index 92f70a68fc..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp6_2over3.cpp +++ /dev/null @@ -1,94 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp3_test - -#include -#include - -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp6_2over3 mul component test for MNT6-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++){ - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = test_field_element_mul(a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp6_2over3 mul component test for MNT6-298 finished, average time: " << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 500; - std::cout << "Starting element Fp6_2over3 squared component test for MNT6-298 " << tries_quantity << " times ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++){ - typename field_type::value_type a_value = random_element(); - - blueprint bp = test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp6_2over3 squared component test for MNT6-298 finished, average time: " << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp6_2over3_verification.cpp b/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp6_2over3_verification.cpp deleted file mode 100644 index 7e26e7bc7a..0000000000 --- a/crypto3/libs/blueprint/test/algebra/fields/r1cs/fp6_2over3_verification.cpp +++ /dev/null @@ -1,114 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE element_fp3_test - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include "arithmetic.hpp" - -#include "../../verify_r1cs_scheme.hpp" - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(field_element_arithmetic_component_test_suite) - -BOOST_AUTO_TEST_CASE(field_element_mul_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 5; - std::cout << "Starting element Fp6_2over3 mul component test for MNT6-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - typename field_type::value_type b_value = random_element(); - - blueprint bp = - test_field_element_mul( - a_value, b_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp6_2over3 mul component test for MNT6-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_CASE(field_element_squared_component_test_mnt6_case) { - using curve_type = typename curves::mnt6<298>; - using field_type = typename curve_type::gt_type; - using base_field_type = typename curve_type::base_field_type; - - std::size_t tries_quantity = 5; - std::cout << "Starting element Fp6_2over3 squared component test for MNT6-298 " << tries_quantity << " times ..." - << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - - for (std::size_t i = 0; i < tries_quantity; i++) { - typename field_type::value_type a_value = random_element(); - - blueprint bp = test_field_element_squared(a_value); - - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); - } - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Element Fp6_2over3 squared component test for MNT6-298 finished, average time: " - << elapsed.count() * 1e-9 / tries_quantity << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/miller_loop.cpp b/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/miller_loop.cpp deleted file mode 100644 index 8d17abedd5..0000000000 --- a/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/miller_loop.cpp +++ /dev/null @@ -1,62 +0,0 @@ -/** @file - ***************************************************************************** - - Implementation of interfaces for gadgets for Miller loops. - - See weierstrass_miller_loop.hpp . - - ***************************************************************************** - * @author This file is part of libsnark, developed by SCIPR Lab - * and contributors (see AUTHORS). - * @copyright MIT license (see LICENSE file) - *****************************************************************************/ - -#define BOOST_TEST_MODULE weierstrass_miller_loop_components_test - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "weierstrass_miller_loop.hpp" - -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -BOOST_AUTO_TEST_SUITE(weierstrass_miller_loop_components_test_suite) - -BOOST_AUTO_TEST_CASE(weierstrass_miller_loop_mnt4_miller_loop_components_test) { - test_mnt_miller_loop>(); -} - -BOOST_AUTO_TEST_CASE(weierstrass_miller_loop_mnt6_miller_loop_components_test) { - test_mnt_miller_loop>(); -} - -BOOST_AUTO_TEST_CASE(weierstrass_miller_loop_mnt4_e_over_e_miller_loop_components_test) { - test_mnt_e_over_e_miller_loop>(); -} - -BOOST_AUTO_TEST_CASE(weierstrass_miller_loop_mnt6_e_over_e_miller_loop_components_test) { - test_mnt_e_over_e_miller_loop>(); -} - -BOOST_AUTO_TEST_CASE(weierstrass_miller_loop_mnt4_e_times_e_miller_loop_components_test) { - test_mnt_e_times_e_over_e_miller_loop>(); -} - -BOOST_AUTO_TEST_CASE(weierstrass_miller_loop_mnt6_e_times_e_miller_loop_components_test) { - test_mnt_e_times_e_over_e_miller_loop>(); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/miller_loop.hpp b/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/miller_loop.hpp deleted file mode 100644 index aa637d3abd..0000000000 --- a/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/miller_loop.hpp +++ /dev/null @@ -1,255 +0,0 @@ -/** @file - ***************************************************************************** - - Implementation of interfaces for components for Miller loops. - - See weierstrass_miller_loop.hpp . - - ***************************************************************************** - * @author This file is part of libsnark, developed by SCIPR Lab - * and contributors (see AUTHORS). - * @copyright MIT license (see LICENSE file) - *****************************************************************************/ - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_MILLER_LOOP_TEST_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_MILLER_LOOP_TEST_HPP - -#include - -#include - - -#include -#include - -#include -#include - -#include -#include - -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -void test_mnt_miller_loop() { - - using curve_type = CurveType; - using pair_curve_type = typename curve_type::pairing::pair_curve_type; - using curve_pairing_policy = typename curve_type::pairing; - using other_curve_pairing_policy = typename pair_curve_type::pairing; - - using component_policy = components::detail::basic_pairing_component_policy; - - blueprint bp; - typename pair_curve_type::template g1_type<>::value_type P_val = - random_element() * pair_curve_type::template g1_type<>::value_type::one(); - typename pair_curve_type::template g2_type<>::value_type Q_val = - random_element() * pair_curve_type::template g2_type<>::value_type::one(); - - components::element_g1 P(bp); - components::element_g2 Q(bp); - - components::g1_precomputation prec_P; - components::g2_precomputation prec_Q; - - components::precompute_G1_component compute_prec_P(bp, P, prec_P); - components::precompute_G2_component compute_prec_Q(bp, Q, prec_Q); - - typename component_policy::Fqk_variable_type result(bp); - components::mnt_miller_loop_component miller(bp, prec_P, prec_Q, result); - - compute_prec_P.generate_gates(); - - compute_prec_Q.generate_gates(); - - miller.generate_gates(); - - P.generate_assignments(P_val); - compute_prec_P.generate_assignments(); - Q.generate_assignments(Q_val); - compute_prec_Q.generate_assignments(); - miller.generate_assignments(); - BOOST_CHECK(bp.is_satisfied()); - - typename other_curve_pairing_policy::affine_ate_g1_precomp native_prec_P = - affine_ate_precompute_g1(P_val); - typename other_curve_pairing_policy::affine_ate_g2_precomp native_prec_Q = - affine_ate_precompute_g2(Q_val); - typename other_curve_pairing_policy::fqk_type::value_type native_result = - affine_ate_miller_loop(native_prec_P, native_prec_Q); - - BOOST_CHECK(result.get_element() == native_result); - std::cout << "number of constraints for Miller loop" << bp.num_constraints() << std::endl; -} - -template -void test_mnt_e_over_e_miller_loop() { - - using curve_type = CurveType; - using pair_curve_type = typename curve_type::pairing::pair_curve_type; - using curve_pairing_policy = typename curve_type::pairing; - using other_curve_pairing_policy = typename pair_curve_type::pairing; - - using component_policy = components::detail::basic_pairing_component_policy; - - blueprint bp; - typename pair_curve_type::template g1_type<>::value_type P1_val = - random_element() * pair_curve_type::template g1_type<>::value_type::one(); - typename pair_curve_type::template g2_type<>::value_type Q1_val = - random_element() * pair_curve_type::template g2_type<>::value_type::one(); - - typename pair_curve_type::template g1_type<>::value_type P2_val = - random_element() * pair_curve_type::template g1_type<>::value_type::one(); - typename pair_curve_type::template g2_type<>::value_type Q2_val = - random_element() * pair_curve_type::template g2_type<>::value_type::one(); - - components::element_g1 P1(bp); - components::element_g2 Q1(bp); - components::element_g1 P2(bp); - components::element_g2 Q2(bp); - - components::g1_precomputation prec_P1; - components::precompute_G1_component compute_prec_P1(bp, P1, prec_P1); - components::g1_precomputation prec_P2; - components::precompute_G1_component compute_prec_P2(bp, P2, prec_P2); - components::g2_precomputation prec_Q1; - components::precompute_G2_component compute_prec_Q1(bp, Q1, prec_Q1); - components::g2_precomputation prec_Q2; - components::precompute_G2_component compute_prec_Q2(bp, Q2, prec_Q2); - - typename component_policy::Fqk_variable_type result(bp); - components::mnt_e_over_e_miller_loop_component miller(bp, prec_P1, prec_Q1, prec_P2, prec_Q2, result); - - compute_prec_P1.generate_gates(); - compute_prec_P2.generate_gates(); - - compute_prec_Q1.generate_gates(); - compute_prec_Q2.generate_gates(); - - miller.generate_gates(); - - P1.generate_assignments(P1_val); - compute_prec_P1.generate_assignments(); - Q1.generate_assignments(Q1_val); - compute_prec_Q1.generate_assignments(); - P2.generate_assignments(P2_val); - compute_prec_P2.generate_assignments(); - Q2.generate_assignments(Q2_val); - compute_prec_Q2.generate_assignments(); - miller.generate_assignments(); - BOOST_CHECK(bp.is_satisfied()); - - typename other_curve_pairing_policy::affine_ate_g1_precomp native_prec_P1 = - affine_ate_precompute_g1(P1_val); - typename other_curve_pairing_policy::affine_ate_g2_precomp native_prec_Q1 = - affine_ate_precompute_g2(Q1_val); - typename other_curve_pairing_policy::affine_ate_g1_precomp native_prec_P2 = - affine_ate_precompute_g1(P2_val); - typename other_curve_pairing_policy::affine_ate_g2_precomp native_prec_Q2 = - affine_ate_precompute_g2(Q2_val); - typename other_curve_pairing_policy::fqk_type::value_type native_result = - (affine_ate_miller_loop(native_prec_P1, native_prec_Q1) * - affine_ate_miller_loop(native_prec_P2, native_prec_Q2).inversed()); - - BOOST_CHECK(result.get_element() == native_result); - std::cout << "number of constraints for e over e Miller loop " << bp.num_constraints() << std::endl; -} - -template -void test_mnt_e_times_e_over_e_miller_loop() { - - using curve_type = CurveType; - using pair_curve_type = typename curve_type::pairing::pair_curve_type; - using curve_pairing_policy = typename curve_type::pairing; - using other_curve_pairing_policy = typename pair_curve_type::pairing; - - using component_policy = components::detail::basic_pairing_component_policy; - - blueprint bp; - typename pair_curve_type::template g1_type<>::value_type P1_val = - random_element() * pair_curve_type::template g1_type<>::value_type::one(); - typename pair_curve_type::template g2_type<>::value_type Q1_val = - random_element() * pair_curve_type::template g2_type<>::value_type::one(); - - typename pair_curve_type::template g1_type<>::value_type P2_val = - random_element() * pair_curve_type::template g1_type<>::value_type::one(); - typename pair_curve_type::template g2_type<>::value_type Q2_val = - random_element() * pair_curve_type::template g2_type<>::value_type::one(); - - typename pair_curve_type::template g1_type<>::value_type P3_val = - random_element() * pair_curve_type::template g1_type<>::value_type::one(); - typename pair_curve_type::template g2_type<>::value_type Q3_val = - random_element() * pair_curve_type::template g2_type<>::value_type::one(); - - components::element_g1 P1(bp); - components::element_g2 Q1(bp); - components::element_g1 P2(bp); - components::element_g2 Q2(bp); - components::element_g1 P3(bp); - components::element_g2 Q3(bp); - - components::g1_precomputation prec_P1; - components::precompute_G1_component compute_prec_P1(bp, P1, prec_P1); - components::g1_precomputation prec_P2; - components::precompute_G1_component compute_prec_P2(bp, P2, prec_P2); - components::g1_precomputation prec_P3; - components::precompute_G1_component compute_prec_P3(bp, P3, prec_P3); - components::g2_precomputation prec_Q1; - components::precompute_G2_component compute_prec_Q1(bp, Q1, prec_Q1); - components::g2_precomputation prec_Q2; - components::precompute_G2_component compute_prec_Q2(bp, Q2, prec_Q2); - components::g2_precomputation prec_Q3; - components::precompute_G2_component compute_prec_Q3(bp, Q3, prec_Q3); - - typename component_policy::Fqk_variable_type result(bp); - components::mnt_e_times_e_over_e_miller_loop_component miller(bp, prec_P1, prec_Q1, prec_P2, prec_Q2, - prec_P3, prec_Q3, result); - - compute_prec_P1.generate_gates(); - compute_prec_P2.generate_gates(); - compute_prec_P3.generate_gates(); - - compute_prec_Q1.generate_gates(); - compute_prec_Q2.generate_gates(); - compute_prec_Q3.generate_gates(); - - miller.generate_gates(); - - P1.generate_assignments(P1_val); - compute_prec_P1.generate_assignments(); - Q1.generate_assignments(Q1_val); - compute_prec_Q1.generate_assignments(); - P2.generate_assignments(P2_val); - compute_prec_P2.generate_assignments(); - Q2.generate_assignments(Q2_val); - compute_prec_Q2.generate_assignments(); - P3.generate_assignments(P3_val); - compute_prec_P3.generate_assignments(); - Q3.generate_assignments(Q3_val); - compute_prec_Q3.generate_assignments(); - miller.generate_assignments(); - BOOST_CHECK(bp.is_satisfied()); - - typename other_curve_pairing_policy::affine_ate_g1_precomp native_prec_P1 = - affine_ate_precompute_g1(P1_val); - typename other_curve_pairing_policy::affine_ate_g2_precomp native_prec_Q1 = - affine_ate_precompute_g2(Q1_val); - typename other_curve_pairing_policy::affine_ate_g1_precomp native_prec_P2 = - affine_ate_precompute_g1(P2_val); - typename other_curve_pairing_policy::affine_ate_g2_precomp native_prec_Q2 = - affine_ate_precompute_g2(Q2_val); - typename other_curve_pairing_policy::affine_ate_g1_precomp native_prec_P3 = - affine_ate_precompute_g1(P3_val); - typename other_curve_pairing_policy::affine_ate_g2_precomp native_prec_Q3 = - affine_ate_precompute_g2(Q3_val); - typename other_curve_pairing_policy::fqk_type::value_type native_result = - (affine_ate_miller_loop(native_prec_P1, native_prec_Q1) * - affine_ate_miller_loop(native_prec_P2, native_prec_Q2) * - affine_ate_miller_loop(native_prec_P3, native_prec_Q3).inversed()); - - BOOST_CHECK(result.get_element() == native_result); - std::cout << "number of constraints for e times e over e Miller loop " << bp.num_constraints() << std::endl; -} - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_WEIERSTRASS_MILLER_LOOP_TEST_HPP diff --git a/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/precomputation.cpp b/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/precomputation.cpp deleted file mode 100644 index c3858d432f..0000000000 --- a/crypto3/libs/blueprint/test/algebra/pairing/weierstrass/r1cs/precomputation.cpp +++ /dev/null @@ -1,107 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE weierstrass_precomputation_components_test - -#include - -#include -#include - -#include -#include - -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -void test_element_g1_precomp() { - blueprint bp; - typename CurveType::pairing::pair_curve_type::template g1_type<>::value_type g_val = - algebra::random_element() * - CurveType::pairing::pair_curve_type::template g1_type<>::value_type::one(); - - element_g1 g(bp); - g1_precomputation precomp; - precompute_G1_component do_precomp(bp, g, precomp); - do_precomp.generate_gates(); - - g.generate_assignments(g_val); - do_precomp.generate_assignments(); - BOOST_CHECK(bp.is_satisfied()); - - typename CurveType::pairing::g1_precomp const_precomp(bp, g_val); - - typename CurveType::pairing::pair_curve_type::pairing::affine_ate_g1_precomp native_precomp = - CurveType::pairing::pair_curve_type::affine_ate_precompute_g1(g_val); - BOOST_CHECK(precomp.PY_twist_squared->get_element() == native_precomp.PY_twist_squared); - BOOST_CHECK(const_precomp.PY_twist_squared->get_element() == native_precomp.PY_twist_squared); -} - -template -void test_element_g2_precomp() { - blueprint bp; - typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type g_val = - algebra::random_element() * - CurveType::pairing::pair_curve_type::template g2_type<>::value_type::one(); - - element_g2 g(bp); - g2_precomputation precomp; - precompute_G2_component do_precomp(bp, g, precomp); - do_precomp.generate_gates(); - - g.generate_assignments(g_val); - do_precomp.generate_assignments(); - BOOST_CHECK(bp.is_satisfied()); - - typename CurveType::pairing::pair_curve_type::pairing::affine_ate_g2_precomp native_precomp = - CurveType::pairing::pair_curve_type::affine_ate_precompute_g2(g_val); - - BOOST_CHECK(precomp.coeffs.size() - 1 == - native_precomp.coeffs.size()); // the last precomp is unused, but remains for convenient programming - for (std::size_t i = 0; i < native_precomp.coeffs.size(); ++i) { - BOOST_CHECK(precomp.coeffs[i]->RX->get_element() == native_precomp.coeffs[i].old_RX); - BOOST_CHECK(precomp.coeffs[i]->RY->get_element() == native_precomp.coeffs[i].old_RY); - BOOST_CHECK(precomp.coeffs[i]->gamma->get_element() == native_precomp.coeffs[i].gamma); - BOOST_CHECK(precomp.coeffs[i]->gamma_X->get_element() == native_precomp.coeffs[i].gamma_X); - } - - std::cout << "number of constraints for G2 precomp: " << bp.num_constraints() << std::endl; -} - -BOOST_AUTO_TEST_SUITE(weierstrass_precomputation_components_test_suite) - -BOOST_AUTO_TEST_CASE(weierstrass_precomputation_components_test) { - - test_all_set_commitment_components>(); - test_all_set_commitment_components>(); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/basic_components_r1cs_gg_ppzksnark.cpp b/crypto3/libs/blueprint/test/basic_components_r1cs_gg_ppzksnark.cpp deleted file mode 100644 index 6b055151a9..0000000000 --- a/crypto3/libs/blueprint/test/basic_components_r1cs_gg_ppzksnark.cpp +++ /dev/null @@ -1,199 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE basic_components_verification_test - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include -#include -#include -#include - -#include - -#include "verify_r1cs_scheme.hpp" - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -void test_disjunction_component(std::size_t w) { - - using field_type = typename CurveType::scalar_field_type; - using curve_type = CurveType; - - std::size_t n = std::log2(w) + ((w > (1ul << std::size_t(std::log2(w)))) ? 1 : 0); - - blueprint::blueprint bp; - nil::crypto3::blueprint::detail::blueprint_variable output; - output.allocate(bp); - - bp.set_input_sizes(1); - - nil::crypto3::blueprint::detail::blueprint_variable_vector inputs; - inputs.allocate(bp, n); - - nil::crypto3::blueprint::components::disjunction d(bp, inputs, output); - d.generate_gates(); - - for (std::size_t j = 0; j < n; ++j) { - bp.val(inputs[j]) = typename field_type::value_type((w & (1ul << j)) ? 1 : 0); - } - - d.generate_assignments(); - - BOOST_CHECK(bp.val(output) == (w ? field_type::value_type::one() : field_type::value_type::zero())); - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); -} - -template -void test_conjunction_component(std::size_t w) { - - using field_type = typename CurveType::scalar_field_type; - using curve_type = CurveType; - - std::size_t n = std::log2(w) + ((w > (1ul << std::size_t(std::log2(w)))) ? 1 : 0); - - blueprint::blueprint bp; - - nil::crypto3::blueprint::detail::blueprint_variable output; - output.allocate(bp); - - bp.set_input_sizes(1); - - nil::crypto3::blueprint::detail::blueprint_variable_vector inputs; - inputs.allocate(bp, n); - - nil::crypto3::blueprint::components::conjunction c(bp, inputs, output); - c.generate_gates(); - - for (std::size_t j = 0; j < n; ++j) { - bp.val(inputs[j]) = (w & (1ul << j)) ? field_type::value_type::one() : field_type::value_type::zero(); - } - - c.generate_assignments(); - - BOOST_CHECK(bp.val(output) == - (w == (1ul << n) - 1 ? field_type::value_type::one() : field_type::value_type::zero())); - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); -} - -template -void test_comparison_component(std::size_t a, std::size_t b) { - - using field_type = typename CurveType::scalar_field_type; - using curve_type = CurveType; - - blueprint::blueprint bp; - - nil::crypto3::blueprint::detail::blueprint_variable A, B, less, less_or_eq; - A.allocate(bp); - B.allocate(bp); - less.allocate(bp); - less_or_eq.allocate(bp); - - bp.set_input_sizes(1); - std::size_t n = - std::log2(std::max(a, b)) + ((std::max(a, b) > (1ul << std::size_t(std::log2(std::max(a, b))))) ? 1 : 0); - - nil::crypto3::blueprint::components::comparison cmp(bp, n, A, B, less, less_or_eq); - cmp.generate_gates(); - - bp.val(A) = typename field_type::value_type(a); - bp.val(B) = typename field_type::value_type(b); - - cmp.generate_assignments(); - - BOOST_CHECK(bp.val(less) == (a < b ? field_type::value_type::one() : field_type::value_type::zero())); - BOOST_CHECK(bp.val(less_or_eq) == (a <= b ? field_type::value_type::one() : field_type::value_type::zero())); - BOOST_CHECK(bp.is_satisfied()); - - BOOST_CHECK(verify_component(bp)); -} - -BOOST_AUTO_TEST_SUITE(basic_components_test_suite) - -BOOST_AUTO_TEST_CASE(basic_components_disjunction_r1cs_gg_ppzksnark_test) { - std::cout << "Disjunction component test started" << std::endl; - std::cout << "Started for bls12<381>" << std::endl; - test_disjunction_component>(10); - std::cout << "Started for mnt4<298>" << std::endl; - test_disjunction_component>(10); - std::cout << "Started for mnt6<298>" << std::endl; - test_disjunction_component>(10); -} - -BOOST_AUTO_TEST_CASE(basic_components_conjunction_r1cs_gg_ppzksnark_test) { - std::cout << "Conjunction component test started" << std::endl; - std::cout << "Started for bls12<381>" << std::endl; - test_conjunction_component>(10); - std::cout << "Started for mnt4<298>" << std::endl; - test_conjunction_component>(10); - std::cout << "Started for mnt6<298>" << std::endl; - test_conjunction_component>(10); -} - -BOOST_AUTO_TEST_CASE(basic_components_comparison_r1cs_gg_ppzksnark_test) { - std::cout << "Comparison component r1cs_gg_ppzksnark test started" << std::endl; - std::cout << "Started for bls12<381>" << std::endl; - test_comparison_component>(1, 4); - std::cout << "Started for mnt4<298>" << std::endl; - test_comparison_component>(1, 4); - std::cout << "Started for mnt6<298>" << std::endl; - test_comparison_component>(1, 4); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/hashes/r1cs/knapsack.cpp b/crypto3/libs/blueprint/test/hashes/r1cs/knapsack.cpp deleted file mode 100644 index 4e8be58059..0000000000 --- a/crypto3/libs/blueprint/test/hashes/r1cs/knapsack.cpp +++ /dev/null @@ -1,79 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE knapsack_component_test - -#include -#include - -#include -#include -#include -#include - -#include "knapsack.hpp" - -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; - -BOOST_AUTO_TEST_SUITE(knapsack_component_test_suite) - -BOOST_AUTO_TEST_CASE(knapsack_component_test_bls12_381_case) { - std::cout << "Starting Knapsack component test for BLS12-381 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - test_knapsack_crh_with_bit_out_component::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for BLS12-381 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(knapsack_component_test_mnt4_case) { - std::cout << "Starting Knapsack component test for MNT4-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - test_knapsack_crh_with_bit_out_component::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for MNT4-298 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(knapsack_component_test_mnt6_case) { - std::cout << "Starting Knapsack component test for MNT6-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - test_knapsack_crh_with_bit_out_component::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for MNT6-298 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(knapsack_component_test_edwards_183_case) { - std::cout << "Starting Knapsack component test for Edwards-183 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - test_knapsack_crh_with_bit_out_component::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for Edwards-183 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/hashes/r1cs/knapsack.hpp b/crypto3/libs/blueprint/test/hashes/r1cs/knapsack.hpp deleted file mode 100644 index 29158e2633..0000000000 --- a/crypto3/libs/blueprint/test/hashes/r1cs/knapsack.hpp +++ /dev/null @@ -1,301 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_KNAPSACK_COMPONENT_TEST_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_KNAPSACK_COMPONENT_TEST_HPP - -#include - -#include -#include -#include -#include - -#include -#include -#include - -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; - -template -blueprint test_knapsack_crh_with_bit_out_component() { - blueprint bp; - std::cout << "Warning! Blank test is running." << std::endl; - return bp; -} - -template -blueprint test_knapsack_crh_with_bit_out_component_internal(std::size_t dimension, - const std::vector &input_bits, - const std::vector &digest_bits) { - BOOST_CHECK(components::knapsack_dimension::dimension == dimension); - components::knapsack_crh_with_bit_out_component::sample_randomness(input_bits.size()); - blueprint bp; - - components::block_variable input_block(bp, input_bits.size()); - components::digest_variable output_digest( - bp, components::knapsack_crh_with_bit_out_component::get_digest_len()); - components::knapsack_crh_with_bit_out_component H(bp, input_bits.size(), input_block, output_digest); - - input_block.generate_assignments(input_bits); - H.generate_gates(); - H.generate_assignments(); - - BOOST_CHECK(output_digest.get_digest().size() == digest_bits.size()); - BOOST_CHECK(bp.is_satisfied()); - - const std::size_t num_constraints = bp.num_constraints(); - const std::size_t expected_constraints = - components::knapsack_crh_with_bit_out_component::expected_constraints(); - BOOST_CHECK(num_constraints == expected_constraints); - - return bp; -} - -///* The tests are autogenerated (see -// * generate_knapsack_tests.py) and contain hard-to-read constants. */ -// -// template<> -// blueprint test_knapsack_crh_with_bit_out_component() { -// typedef typename curves::bn128::scalar_field_type FieldType; -// const std::size_t dimension = components::knapsack_dimension::dimension; -// const std::vector input_bits = {1, 1, 0, 0, 1, 0, 1, 0, 0, 1}; -// std::vector digest_bits; - -// if (dimension == 1) { -// // hash_vector[0] = -// // 19358128397917746746715486768528331499472172224025066869640626465460783114989 -// digest_bits = {1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, -// 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, -// 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, -// 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, -// 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, -// 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, -// 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, -// 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1}; -// } else if (dimension == 3) { -// // hash_vector[0] = -// // 19358128397917746746715486768528331499472172224025066869640626465460783114989 hash_vector[1] -// // = 14647747576997998233659818696206913383172548767133711974605617840575181365754 -// // hash_vector[2] = 2920097934141708417756781671323464432263982766704831772622221878471527707999 -// digest_bits = { -// 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, -// 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, -// 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, -// 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, -// 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, -// 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, -// 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, -// 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, -// 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, -// 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, -// 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, -// 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, -// 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, -// 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, -// 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, -// 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, -// 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, -// 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, -// 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, -// 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, -// 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, -// 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0}; -// } else { -// std::cout << "unsupported dimension" << std::endl; -// BOOST_CHECK(false); -// } - -// return test_knapsack_crh_with_bit_out_component_internal(dimension, input_bits, digest_bits); -// } - -template<> -blueprint::scalar_field_type> test_knapsack_crh_with_bit_out_component::scalar_field_type>() { - typedef typename curves::edwards<183>::scalar_field_type FieldType; - const std::size_t dimension = components::knapsack_dimension::dimension; - const std::vector input_bits = {1, 1, 0, 0, 1, 0, 1, 0, 0, 1}; - std::vector digest_bits; - - if (dimension == 1) { - // hash_vector[0] = 212682788919191185746369136465846038795231156077120478 - digest_bits = {0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, - 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, - 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, - 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, - 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, - 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0}; - } else if (dimension == 3) { - // hash_vector[0] = 212682788919191185746369136465846038795231156077120478 - // hash_vector[1] = 208444103178970253386051017880119245406612361624666932 - // hash_vector[2] = 753512267902403701181906991398452949644481965281690464 - digest_bits = {0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, - 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, - 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, - 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, - 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, - 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, - 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, - 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, - 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, - 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, - 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, - 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, - 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, - 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, - 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, - 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, - 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0}; - } else { - std::cout << "unsupported dimension" << std::endl; - BOOST_CHECK(false); - } - - return test_knapsack_crh_with_bit_out_component_internal(dimension, input_bits, digest_bits); -} - -template<> -blueprint::scalar_field_type> test_knapsack_crh_with_bit_out_component::scalar_field_type>() { - typedef typename curves::mnt4<298>::scalar_field_type FieldType; - const std::size_t dimension = components::knapsack_dimension::dimension; - const std::vector input_bits = {1, 1, 0, 0, 1, 0, 1, 0, 0, 1}; - std::vector digest_bits; - - if (dimension == 1) { - // hash_vector[0] = - // 5849873898117023322885358421738220900336336792093854367505800858141298949423761399689551 - digest_bits = {1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, - 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, - 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, - 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, - 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, - 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, - 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, - 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, - 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0}; - } else if (dimension == 3) { - // hash_vector[0] = - // 5849873898117023322885358421738220900336336792093854367505800858141298949423761399689551 - // hash_vector[1] = - // 53446030978469113922159049491079907226345855403292835149508287198951741313094713251809734 - // hash_vector[2] = - // 40260485387428589838404886401807432179330886729322245141417568340931755675196614173996382 - digest_bits = { - 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, - 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, - 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, - 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, - 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, - 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, - 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, - 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, - 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, - 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, - 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, - 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, - 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, - 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, - 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, - 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, - 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, - 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, - 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, - 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, - 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, - 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0}; - } else { - std::cout << "unsupported dimension" << std::endl; - BOOST_CHECK(false); - } - - return test_knapsack_crh_with_bit_out_component_internal(dimension, input_bits, digest_bits); -} - -template<> -blueprint::scalar_field_type> test_knapsack_crh_with_bit_out_component::scalar_field_type>() { - typedef typename curves::mnt6<298>::scalar_field_type FieldType; - const std::size_t dimension = components::knapsack_dimension::dimension; - const std::vector input_bits = {1, 1, 0, 0, 1, 0, 1, 0, 0, 1}; - std::vector digest_bits; - - if (dimension == 1) { - // hash_vector[0] = - // 5849873898117023322885358421738220900336335412351434682931015184050067928329141552099663 - digest_bits = {1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, - 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, - 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, - 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, - 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, - 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, - 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, - 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, - 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, - 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0}; - } else if (dimension == 3) { - // hash_vector[0] = - // 5849873898117023322885358421738220900336335412351434682931015184050067928329141552099663 - // hash_vector[1] = - // 53446030978469113922159049491079907226345854023550415464933501524860510292000093404219846 - // hash_vector[2] = - // 40260485387428589838404886401807432179330884659708615614555389829794909143554684402611550 - digest_bits = { - 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, - 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, - 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, - 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, - 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, - 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, - 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, - 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, - 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, - 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, - 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, - 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, - 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, - 0, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, - 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, - 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, - 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, - 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, - 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, - 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, - 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 1, - 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, - 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, - 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, - 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0}; - } else { - std::cout << "unsupported dimension" << std::endl; - BOOST_CHECK(false); - } - - return test_knapsack_crh_with_bit_out_component_internal(dimension, input_bits, digest_bits); -} - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_KNAPSACK_COMPONENT_TEST_HPP diff --git a/crypto3/libs/blueprint/test/hashes/r1cs/knapsack_verification.cpp b/crypto3/libs/blueprint/test/hashes/r1cs/knapsack_verification.cpp deleted file mode 100644 index 57aa7ff2ae..0000000000 --- a/crypto3/libs/blueprint/test/hashes/r1cs/knapsack_verification.cpp +++ /dev/null @@ -1,128 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE knapsack_verification_component_test - -#include - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -// #include -// #include -// #include -// #include -// #include - -#include - -#include "knapsack.hpp" -#include "../verify_r1cs_scheme.hpp" - -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; - -BOOST_AUTO_TEST_SUITE(knapsack_component_test_suite) - -BOOST_AUTO_TEST_CASE(knapsack_component_test_bls12_381_case) { - using curve_type = curves::bls12<381>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting Knapsack component test for BLS12-381 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = test_knapsack_crh_with_bit_out_component(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for BLS12-381 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(knapsack_component_test_mnt4_case) { - using curve_type = curves::mnt4<298>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting Knapsack component test for MNT4-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = test_knapsack_crh_with_bit_out_component(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for MNT4-298 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(knapsack_component_test_mnt6_case) { - using curve_type = curves::mnt6<298>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting Knapsack component test for MNT6-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = test_knapsack_crh_with_bit_out_component(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for MNT6-298 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(knapsack_component_test_edwards_183_case) { - using curve_type = curves::edwards<183>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting Knapsack component test for Edwards-183 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = test_knapsack_crh_with_bit_out_component(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Knapsack component test for Edwards-183 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/hashes/r1cs/pedersen.cpp b/crypto3/libs/blueprint/test/hashes/r1cs/pedersen.cpp deleted file mode 100644 index 111c1d172f..0000000000 --- a/crypto3/libs/blueprint/test/hashes/r1cs/pedersen.cpp +++ /dev/null @@ -1,393 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE blueprint_fixed_base_mul_zcash_component_test - -#include - -#include -#include -#include - -#include -#include -#include -#include -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp &e) { - std::cout << e.data << std::endl; -} - -/// hashing to point -template -void test_blueprint_variable_vector_component_constructor(const std::vector &in_bits, - const ExpectedType &expected) { - using field_type = typename HashComponent::field_type; - - // input as blueprint_variable_vector - blueprint bp, bp_manual; - nil::crypto3::zk::detail::blueprint_variable_vector scalar, scalar_manual; - scalar.allocate(bp, in_bits.size()); - scalar.fill_with_bits(bp, in_bits); - scalar_manual.allocate(bp_manual, in_bits.size()); - scalar_manual.fill_with_bits(bp_manual, in_bits); - - // Auto allocation of the result - HashComponent hash_comp(bp, scalar); - hash_comp.generate_assignments(); - hash_comp.generate_gates(); - BOOST_CHECK(expected.X == bp.lc_val(hash_comp.result.X)); - BOOST_CHECK(expected.Y == bp.lc_val(hash_comp.result.Y)); - BOOST_CHECK(bp.is_satisfied()); - - // Manual allocation of the result - typename HashComponent::result_type result_manual(bp_manual); - HashComponent hash_comp_manual(bp_manual, scalar_manual, result_manual); - hash_comp_manual.generate_assignments(); - hash_comp_manual.generate_gates(); - BOOST_CHECK(expected.X == bp_manual.lc_val(result_manual.X)); - BOOST_CHECK(expected.Y == bp_manual.lc_val(result_manual.Y)); - BOOST_CHECK(bp_manual.is_satisfied()); - - std::cout << "Input bits: " << in_bits.size() << std::endl; - std::cout << "To point constrains: " << bp.num_constraints() << std::endl; -} - -/// hashing to point -template -void test_block_variable_component_constructor(const std::vector &in_bits, const ExpectedType &expected) { - using field_type = typename HashComponent::field_type; - - // input as block_variable - blueprint bp, bp_manual; - components::block_variable in_block(bp, in_bits.size()), in_block_manual(bp_manual, in_bits.size()); - in_block.generate_assignments(in_bits); - in_block_manual.generate_assignments(in_bits); - - // Auto allocation of the result - HashComponent hash_comp(bp, in_block); - hash_comp.generate_assignments(); - hash_comp.generate_gates(); - BOOST_CHECK(expected.X == bp.lc_val(hash_comp.result.X)); - BOOST_CHECK(expected.Y == bp.lc_val(hash_comp.result.Y)); - BOOST_CHECK(bp.is_satisfied()); - - // Manual allocation of the result - typename HashComponent::result_type result_manual(bp_manual); - HashComponent hash_comp_manual(bp_manual, in_block_manual, result_manual); - hash_comp_manual.generate_assignments(); - hash_comp_manual.generate_gates(); - BOOST_CHECK(expected.X == bp_manual.lc_val(result_manual.X)); - BOOST_CHECK(expected.Y == bp_manual.lc_val(result_manual.Y)); - BOOST_CHECK(bp_manual.is_satisfied()); -} - -/// hashing to point -template -void test_block_variables_component_constructor(const std::vector &in_bits, const ExpectedType &expected) { - using field_type = typename HashComponent::field_type; - - // input as container of block_variable - blueprint bp, bp_manual; - std::size_t half_size = in_bits.size() / 2; - components::block_variable in_block_left(bp, half_size), in_block_right(bp, in_bits.size() - half_size), - in_block_manual_left(bp_manual, half_size), in_block_manual_right(bp_manual, in_bits.size() - half_size); - in_block_left.generate_assignments(std::vector(std::cbegin(in_bits), std::cbegin(in_bits) + half_size)); - in_block_right.generate_assignments(std::vector(std::cbegin(in_bits) + half_size, std::cend(in_bits))); - in_block_manual_left.generate_assignments( - std::vector(std::cbegin(in_bits), std::cbegin(in_bits) + half_size)); - in_block_manual_right.generate_assignments( - std::vector(std::cbegin(in_bits) + half_size, std::cend(in_bits))); - - // Auto allocation of the result - HashComponent hash_comp(bp, - std::vector { - in_block_left, - in_block_right, - }); - hash_comp.generate_assignments(); - hash_comp.generate_gates(); - BOOST_CHECK(expected.X == bp.lc_val(hash_comp.result.X)); - BOOST_CHECK(expected.Y == bp.lc_val(hash_comp.result.Y)); - BOOST_CHECK(bp.is_satisfied()); - - // Manual allocation of the result - typename HashComponent::result_type result_manual(bp_manual); - HashComponent hash_comp_manual(bp_manual, - std::vector { - in_block_manual_left, - in_block_manual_right, - }, - result_manual); - hash_comp_manual.generate_assignments(); - hash_comp_manual.generate_gates(); - BOOST_CHECK(expected.X == bp_manual.lc_val(result_manual.X)); - BOOST_CHECK(expected.Y == bp_manual.lc_val(result_manual.Y)); - BOOST_CHECK(bp_manual.is_satisfied()); -} - -/// hashing to bits -template -void test_blueprint_variable_vector_component_constructor(const std::vector &in_bits, - const std::vector &expected_bits) { - using field_type = typename HashComponent::field_type; - - // input as blueprint_variable_vector - blueprint bp_bits, bp_bits_manual; - nil::crypto3::zk::detail::blueprint_variable_vector scalar_bits, scalar_bits_manual; - scalar_bits.allocate(bp_bits, in_bits.size()); - scalar_bits.fill_with_bits(bp_bits, in_bits); - scalar_bits_manual.allocate(bp_bits_manual, in_bits.size()); - scalar_bits_manual.fill_with_bits(bp_bits_manual, in_bits); - - // Auto allocation of the result - HashComponent hash_comp_bits(bp_bits, scalar_bits); - hash_comp_bits.generate_assignments(); - hash_comp_bits.generate_gates(); - BOOST_CHECK(expected_bits == hash_comp_bits.result.get_digest()); - BOOST_CHECK(bp_bits.is_satisfied()); - - // Manual allocation of the result - typename HashComponent::result_type result_bits_manual(bp_bits_manual, field_type::value_bits); - HashComponent hash_comp_bits_manual(bp_bits_manual, scalar_bits_manual, result_bits_manual); - hash_comp_bits_manual.generate_assignments(); - hash_comp_bits_manual.generate_gates(); - BOOST_CHECK(expected_bits == result_bits_manual.get_digest()); - BOOST_CHECK(bp_bits_manual.is_satisfied()); - - std::cout << "Input bits: " << in_bits.size() << std::endl; - std::cout << "To bits: " << bp_bits.num_constraints() << std::endl; -} - -/// hashing to bits -template -void test_digest_variable_component_constructor(const std::vector &in_bits, - const std::vector &expected_bits) { - using field_type = typename HashComponent::field_type; - - // input as digest_variable - blueprint bp_bits, bp_bits_manual; - components::digest_variable in_block(bp_bits, in_bits.size()), - in_block_manual(bp_bits_manual, in_bits.size()); - in_block.generate_assignments(in_bits); - in_block_manual.generate_assignments(in_bits); - - // Auto allocation of the result - HashComponent hash_comp_bits(bp_bits, in_block); - hash_comp_bits.generate_assignments(); - hash_comp_bits.generate_gates(); - BOOST_CHECK(expected_bits == hash_comp_bits.result.get_digest()); - BOOST_CHECK(bp_bits.is_satisfied()); - - // Manual allocation of the result - typename HashComponent::result_type result_bits_manual(bp_bits_manual, field_type::value_bits); - HashComponent hash_comp_bits_manual(bp_bits_manual, in_block_manual, result_bits_manual); - hash_comp_bits_manual.generate_assignments(); - hash_comp_bits_manual.generate_gates(); - BOOST_CHECK(expected_bits == result_bits_manual.get_digest()); - BOOST_CHECK(bp_bits_manual.is_satisfied()); -} - -/// hashing to bits -template -void test_digest_variables_component_constructor(const std::vector &in_bits, - const std::vector &expected_bits) { - using field_type = typename HashComponent::field_type; - - // input as container of block_variable - blueprint bp_bits, bp_bits_manual; - std::size_t half_size = in_bits.size() / 2; - components::digest_variable in_block_left(bp_bits, half_size), - in_block_right(bp_bits, in_bits.size() - half_size), in_block_manual_left(bp_bits_manual, half_size), - in_block_manual_right(bp_bits_manual, in_bits.size() - half_size); - in_block_left.generate_assignments(std::vector(std::cbegin(in_bits), std::cbegin(in_bits) + half_size)); - in_block_right.generate_assignments(std::vector(std::cbegin(in_bits) + half_size, std::cend(in_bits))); - in_block_manual_left.generate_assignments( - std::vector(std::cbegin(in_bits), std::cbegin(in_bits) + half_size)); - in_block_manual_right.generate_assignments( - std::vector(std::cbegin(in_bits) + half_size, std::cend(in_bits))); - - // Auto allocation of the result - HashComponent hash_comp_bits(bp_bits, - std::vector { - in_block_left, - in_block_right, - }); - hash_comp_bits.generate_assignments(); - hash_comp_bits.generate_gates(); - BOOST_CHECK(expected_bits == hash_comp_bits.result.get_digest()); - BOOST_CHECK(bp_bits.is_satisfied()); - - // Manual allocation of the result - typename HashComponent::result_type result_bits_manual(bp_bits_manual, field_type::value_bits); - HashComponent hash_comp_bits_manual(bp_bits_manual, - std::vector { - in_block_manual_left, - in_block_manual_right, - }, - result_bits_manual); - hash_comp_bits_manual.generate_assignments(); - hash_comp_bits_manual.generate_gates(); - BOOST_CHECK(expected_bits == result_bits_manual.get_digest()); - BOOST_CHECK(bp_bits_manual.is_satisfied()); -} - -// TODO: extend tests (check verification of wrong values) -template, - typename HashComponent = components::pedersen> -void test_pedersen_default_params_component( - const std::vector &in_bits, - const typename HashToPointComponent::element_component::group_value_type &expected, - const std::vector &expected_bits) { - using field_type = typename HashToPointComponent::element_component::group_value_type::field_type; - - /// hashing to point - test_blueprint_variable_vector_component_constructor(in_bits, expected); - test_block_variable_component_constructor(in_bits, expected); - test_block_variables_component_constructor(in_bits, expected); - - /// hashing to bits - test_blueprint_variable_vector_component_constructor(in_bits, expected_bits); - test_digest_variable_component_constructor(in_bits, expected_bits); - test_digest_variables_component_constructor(in_bits, expected_bits); -} - -// TODO: extend tests, add checks of wrong values -BOOST_AUTO_TEST_SUITE(blueprint_pedersen_manual_test_suite) - -// test data generated by https://github.com/zcash-hackworks/zcash-test-vectors -BOOST_AUTO_TEST_CASE(pedersen_jubjub_sha256_default_params_test) { - using curve_type = curves::jubjub; - using field_type = typename curve_type::base_field_type; - using field_value_type = typename field_type::value_type; - using integral_type = typename field_type::integral_type; - - std::vector bits_to_hash = {0, 0, 0, 1, 1, 1}; - auto expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("3669431847238482802904025485408296241776002230868041345055738963615665974946")), - field_value_type( - integral_type("27924821127213629235056488929093463445821551452792195607066067950495472725010"))); - std::vector expected_bits = { - 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, - 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, - 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, - 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, - 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, - 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, - 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0}; - test_pedersen_default_params_component(bits_to_hash, expected, expected_bits); - - // check work of internal padding - bits_to_hash = { - 0, 0, 0, 1, 1, - }; - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("36263379031273262448220672699212876513597479199804632409115456999776988098218")), - field_value_type( - integral_type("31510484483269042758896724536623472863781228578271767290815193389100113348921"))); - expected_bits = {0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, - 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, - 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, - 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, - 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, - 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, - 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, - 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1}; - test_pedersen_default_params_component(bits_to_hash, expected, expected_bits); - - bits_to_hash = std::vector {0, 0, 1}; - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("37613883148175089126541491300600635192159391899451195953263717773938227311808")), - field_value_type( - integral_type("52287259411977570791304693313354699485314647509298698724706688571292689216990"))); - expected_bits = {0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, - 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, - 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, - 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, - 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, - 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, - 1, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, - 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1}; - test_pedersen_default_params_component(bits_to_hash, expected, expected_bits); - - bits_to_hash = std::vector {0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, - 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1}; - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("42176130776060636907007595971304534904965322197894055434176666599102076910022")), - field_value_type( - integral_type("41298132615767455442973386625334423316246314118050839847545855695501416927077"))); - expected_bits = {0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, - 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, - 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, - 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, - 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, - 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, - 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, - 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1}; - test_pedersen_default_params_component(bits_to_hash, expected, expected_bits); - - bits_to_hash.resize(3 * 63 * 20); - for (auto i = 0; i < bits_to_hash.size(); i++) { - bits_to_hash[i] = std::vector {0, 0, 1}[i % 3]; - } - expected = - typename curve_type::template g1_type::value_type( - field_value_type( - integral_type("16831926627213193043296678235139527332739870606672735560230973395062624230202")), - field_value_type( - integral_type("29758113761493087483326459667018939508613372210858382541334106957041082715241"))); - expected_bits = {0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, - 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, - 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, - 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, - 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, - 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, - 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, - 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0}; - test_pedersen_default_params_component(bits_to_hash, expected, expected_bits); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/hashes/r1cs/sha256.cpp b/crypto3/libs/blueprint/test/hashes/r1cs/sha256.cpp deleted file mode 100644 index dc1a301919..0000000000 --- a/crypto3/libs/blueprint/test/hashes/r1cs/sha256.cpp +++ /dev/null @@ -1,80 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE sha256_component_test - -#include - -#include - -#include -#include -#include -#include - -#include "sha256.hpp" - -using namespace nil::crypto3::algebra; -using namespace nil::crypto3; -using namespace nil::crypto3::zk; - -BOOST_AUTO_TEST_SUITE(sha2_256_component_test_suite) -BOOST_AUTO_TEST_CASE(sha256_component_test_bls12_381_case) { - std::cout << "Starting SHA256 component test for BLS12-381 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - sha2_two_to_one_bp::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA256 component test for BLS12-381 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(sha256_component_test_mnt4_case) { - std::cout << "Starting SHA256 component test for MNT4-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - sha2_two_to_one_bp::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA256 component test for MNT4-298 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(sha256_component_test_mnt6_case) { - std::cout << "Starting SHA256 component test for MNT6-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - sha2_two_to_one_bp::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA256 component test for MNT6-298 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_CASE(sha256_component_test_edwards_183_case) { - std::cout << "Starting SHA256 component test for Edwards-183 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - sha2_two_to_one_bp::scalar_field_type>(); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA256 component test for Edwards-183 finished, time: " << elapsed.count() * 1e-9 << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/hashes/r1cs/sha256.hpp b/crypto3/libs/blueprint/test/hashes/r1cs/sha256.hpp deleted file mode 100644 index ed5ade0e37..0000000000 --- a/crypto3/libs/blueprint/test/hashes/r1cs/sha256.hpp +++ /dev/null @@ -1,94 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENT_TEST_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENT_TEST_HPP - -#include -#include -#include -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; - -template -blueprint sha2_two_to_one_bp() { - blueprint bp; - - components::digest_variable left(bp, hashes::sha2<256>::digest_bits); - components::digest_variable right(bp, hashes::sha2<256>::digest_bits); - components::digest_variable output(bp, hashes::sha2<256>::digest_bits); - - components::sha256_two_to_one_hash_component f(bp, left, right, output); - - f.generate_gates(); - std::cout << "Number of constraints for sha256_two_to_one_hash_component: " << bp.num_constraints() << std::endl; - - std::array array_a_intermediate; - std::array array_b_intermediate; - std::array array_c_intermediate; - - std::array array_a = {0x426bc2d8, 0x4dc86782, 0x81e8957a, 0x409ec148, - 0xe6cffbe8, 0xafe6ba4f, 0x9c6f1978, 0xdd7af7e9}; - std::array array_b = {0x038cce42, 0xabd366b8, 0x3ede7e00, 0x9130de53, - 0x72cdf73d, 0xee825114, 0x8cb48d1b, 0x9af68ad0}; - std::array array_c = {0xeffd0b7f, 0x1ccba116, 0x2ee816f7, 0x31c62b48, - 0x59305141, 0x990e5c0a, 0xce40d33d, 0x0b1167d1}; - - std::vector left_bv(hashes::sha2<256>::digest_bits), right_bv(hashes::sha2<256>::digest_bits), - hash_bv(hashes::sha2<256>::digest_bits); - - nil::crypto3::detail::pack( - array_a.begin(), array_a.end(), array_a_intermediate.begin()); - - nil::crypto3::detail::pack( - array_b.begin(), array_b.end(), array_b_intermediate.begin()); - - nil::crypto3::detail::pack( - array_c.begin(), array_c.end(), array_c_intermediate.begin()); - - nil::crypto3::detail::pack_to(array_a_intermediate, left_bv.begin()); - - nil::crypto3::detail::pack_to(array_b_intermediate, right_bv.begin()); - - nil::crypto3::detail::pack_to(array_c_intermediate, hash_bv.begin()); - - left.generate_assignments(left_bv); - - right.generate_assignments(right_bv); - - f.generate_assignments(); - output.generate_assignments(hash_bv); - - BOOST_CHECK(bp.is_satisfied()); - - return bp; -} - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_SHA256_COMPONENT_TEST_HPP diff --git a/crypto3/libs/blueprint/test/hashes/r1cs/sha256_verification.cpp b/crypto3/libs/blueprint/test/hashes/r1cs/sha256_verification.cpp deleted file mode 100644 index cff5b8d59c..0000000000 --- a/crypto3/libs/blueprint/test/hashes/r1cs/sha256_verification.cpp +++ /dev/null @@ -1,130 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE sha256_verification_test - -#include - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -// #include -// #include -// #include -// #include -// #include - -#include "sha256.hpp" -#include "../verify_r1cs_scheme.hpp" - -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; - -BOOST_AUTO_TEST_SUITE(sha256_component_test_suite) - -BOOST_AUTO_TEST_CASE(sha256_component_test_bls12_381_case) { - using curve_type = curves::bls12<381>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting SHA-256 component verification test for BLS12-381 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = sha2_two_to_one_bp(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA-256 component verification test for BLS12-381 finished, time: " << elapsed.count() * 1e-9 - << std::endl; -} - -BOOST_AUTO_TEST_CASE(sha256_component_test_mnt4_case) { - using curve_type = curves::mnt4<298>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting SHA-256 component verification test for MNT4-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = sha2_two_to_one_bp(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA-256 component verification test for MNT4-298 finished, time: " << elapsed.count() * 1e-9 - << std::endl; -} - -BOOST_AUTO_TEST_CASE(sha256_component_test_mnt6_case) { - using curve_type = curves::mnt6<298>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting SHA-256 component verification test for MNT6-298 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = sha2_two_to_one_bp(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA-256 component verification test for MNT6-298 finished, time: " << elapsed.count() * 1e-9 - << std::endl; -} - -BOOST_AUTO_TEST_CASE(sha256_component_test_edwards_183_case) { - using curve_type = curves::edwards<183>; - using scalar_field_type = typename curve_type::scalar_field_type; - - std::cout << "Starting SHA-256 component verification test for Edwards-183 ..." << std::endl; - auto begin = std::chrono::high_resolution_clock::now(); - blueprint bp = sha2_two_to_one_bp(); - - BOOST_CHECK(verify_component(bp)); - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "SHA-256 component verification test for Edwards-183 finished, time: " << elapsed.count() * 1e-9 - << std::endl; -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/non_native/plonk/add_mul_zkllvm_compatible.cpp b/crypto3/libs/blueprint/test/non_native/plonk/add_mul_zkllvm_compatible.cpp index 5d08096a7e..8b7c5f1e93 100644 --- a/crypto3/libs/blueprint/test/non_native/plonk/add_mul_zkllvm_compatible.cpp +++ b/crypto3/libs/blueprint/test/non_native/plonk/add_mul_zkllvm_compatible.cpp @@ -88,7 +88,9 @@ void test_mul(typename CurveType::base_field_type::value_type b_val, typename component_type::input_type instance_input = { {input_var_Xa, input_var_Xb}, b}; - typename Ed25519Type::template g1_type::value_type P = T * b_val; + typename Ed25519Type::scalar_field_type::value_type b_val_scalar { foreign_integral_type(b_val.data) }; + typename Ed25519Type::template g1_type::value_type P = + T * b_val_scalar; foreign_integral_type Tx = foreign_integral_type(T.X.data); foreign_integral_type Ty = foreign_integral_type(T.Y.data); @@ -159,6 +161,7 @@ void test_mul_per_bit(){ using ArithmetizationType = crypto3::zk::snark::plonk_constraint_system; using AssignmentType = blueprint::assignment; using hash_type = crypto3::hashes::keccak_1600<256>; + using foreign_integral_type = typename ed25519_type::base_field_type::integral_type; constexpr std::size_t Lambda = 1; using var = crypto3::zk::snark::plonk_variable; @@ -194,7 +197,8 @@ void test_mul_per_bit(){ ed25519_type::template g1_type::value_type R = crypto3::algebra::random_element>(); typename BlueprintFieldType::value_type b_val = 1; - ed25519_type::template g1_type::value_type bool_res = T * b_val; + typename ed25519_type::scalar_field_type::value_type b_val_scalar { foreign_integral_type(b_val.data) }; + ed25519_type::template g1_type::value_type bool_res = T * b_val_scalar; ed25519_type::template g1_type::value_type doub_res = R + R; ed25519_type::template g1_type::value_type P = bool_res + doub_res; diff --git a/crypto3/libs/blueprint/test/r1cs_examples.hpp b/crypto3/libs/blueprint/test/r1cs_examples.hpp deleted file mode 100644 index 675d8e8c3f..0000000000 --- a/crypto3/libs/blueprint/test/r1cs_examples.hpp +++ /dev/null @@ -1,216 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a R1CS example, as well as functions to sample -// R1CS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_R1CS_EXAMPLES_TEST_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_R1CS_EXAMPLES_TEST_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace nil::crypto3::algebra; - - /** - * A R1CS example comprises a R1CS constraint system, R1CS input, and R1CS witness. - */ - template - struct r1cs_example { - snark::r1cs_constraint_system constraint_system; - snark::r1cs_primary_input primary_input; - snark::r1cs_auxiliary_input auxiliary_input; - - r1cs_example() = default; - r1cs_example(const r1cs_example &other) = default; - r1cs_example(const snark::r1cs_constraint_system &constraint_system, - const snark::r1cs_primary_input &primary_input, - const snark::r1cs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - r1cs_example(snark::r1cs_constraint_system &&constraint_system, - snark::r1cs_primary_input &&primary_input, - snark::r1cs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - r1cs_example generate_r1cs_example_with_field_input(std::size_t num_constraints, - std::size_t num_inputs) { - - BOOST_CHECK(num_inputs <= num_constraints + 2); - - snark::r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = 2 + num_constraints - num_inputs; // TODO: explain this - - snark::r1cs_variable_assignment full_variable_assignment; - typename FieldType::value_type a = algebra::random_element(); - typename FieldType::value_type b = algebra::random_element(); - full_variable_assignment.push_back(a); - full_variable_assignment.push_back(b); - - for (std::size_t i = 0; i < num_constraints - 1; ++i) { - linear_combination A, B, C; - - if (i % 2) { - // a * b = c - A.add_term(i + 1, 1); - B.add_term(i + 2, 1); - C.add_term(i + 3, 1); - typename FieldType::value_type tmp = a * b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } else { - // a + b = c - B.add_term(0, 1); - A.add_term(i + 1, 1); - A.add_term(i + 2, 1); - C.add_term(i + 3, 1); - typename FieldType::value_type tmp = a + b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } - - cs.add_constraint(snark::r1cs_constraint(A, B, C)); - } - - linear_combination A, B, C; - typename FieldType::value_type fin = FieldType::value_type::zero(); - for (std::size_t i = 1; i < cs.num_variables(); ++i) { - A.add_term(i, 1); - B.add_term(i, 1); - fin = fin + full_variable_assignment[i - 1]; - } - C.add_term(cs.num_variables(), 1); - cs.add_constraint(snark::r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(fin.squared()); - - /* split variable assignment */ - snark::r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - snark::r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - r1cs_example re(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - - return re; - } - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of binary values (as opposed to ``full'' field elements). - */ - template - r1cs_example generate_r1cs_example_with_binary_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - - snark::r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; /* we will add one auxiliary variable per constraint */ - - snark::r1cs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(typename FieldType::value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - /* chose two random bits and XOR them together: - res = u + v - 2 * u * v - 2 * u * v = u + v - res - */ - linear_combination A, B, C; - A.add_term(u + 1, 2); - B.add_term(v + 1, 1); - if (u == v) { - C.add_term(u + 1, 2); - } else { - C.add_term(u + 1, 1); - C.add_term(v + 1, 1); - } - C.add_term(lastvar + 1, -FieldType::value_type::one()); - - cs.add_constraint(snark::r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - snark::r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - snark::r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - r1cs_example re = - r1cs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - return re; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_R1CS_EXAMPLES_TEST_HPP diff --git a/crypto3/libs/blueprint/test/routing/r1cs/as_waksman.cpp b/crypto3/libs/blueprint/test/routing/r1cs/as_waksman.cpp deleted file mode 100644 index 0f17b234f3..0000000000 --- a/crypto3/libs/blueprint/test/routing/r1cs/as_waksman.cpp +++ /dev/null @@ -1,78 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE as_waksman_components_test - -#include - -#include -#include -#include -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -void test_as_waksman_routing_component(const std::size_t num_packets, const std::size_t packet_size) { - blueprint bp; - integer_permutation permutation(num_packets); - permutation.random_shuffle(); - - std::vector> randbits(num_packets), outbits(num_packets); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - randbits[packet_idx].allocate(bp, packet_size); - outbits[packet_idx].allocate(bp, packet_size); - - for (std::size_t bit_idx = 0; bit_idx < packet_size; ++bit_idx) { - bp.val(randbits[packet_idx][bit_idx]) = - (rand() % 2) ? FieldType::value_type::zero() : FieldType::value_type::zero(); - } - } - as_waksman_routing_component r(bp, num_packets, randbits, outbits); - r.generate_gates(); - - r.generate_assignments(permutation); - - BOOST_CHECK(bp.is_satisfied()); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - for (std::size_t bit_idx = 0; bit_idx < packet_size; ++bit_idx) { - BOOST_CHECK(bp.val(outbits[permutation.get(packet_idx)][bit_idx]) == bp.val(randbits[packet_idx][bit_idx])); - } - } - - bp.val(components::blueprint_variable(10)) = typename FieldType::value_type(12345); - BOOST_CHECK(!bp.is_satisfied()); -} - -BOOST_AUTO_TEST_SUITE(as_waksman_components_test_suite) - -BOOST_AUTO_TEST_CASE(as_waksman_components_test) { -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/routing/r1cs/benes.cpp b/crypto3/libs/blueprint/test/routing/r1cs/benes.cpp deleted file mode 100644 index 85b9143fa0..0000000000 --- a/crypto3/libs/blueprint/test/routing/r1cs/benes.cpp +++ /dev/null @@ -1,81 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE benes_components_test - -#include - -#include -#include -#include -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -void test_benes_routing_component(const std::size_t num_packets, const std::size_t packet_size) { - const std::size_t dimension = static_cast(std::ceil(std::log2(num_packets))); - assert(num_packets == 1ul << dimension); - - blueprint bp; - integer_permutation permutation(num_packets); - permutation.random_shuffle(); - - std::vector> randbits(num_packets), outbits(num_packets); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - randbits[packet_idx].allocate(bp, packet_size); - outbits[packet_idx].allocate(bp, packet_size); - - for (std::size_t bit_idx = 0; bit_idx < packet_size; ++bit_idx) { - bp.val(randbits[packet_idx][bit_idx]) = - (rand() % 2) ? FieldType::value_type::zero() : FieldType::value_type::zero(); - } - } - - benes_routing_component r(bp, num_packets, randbits, outbits, num_packets); - r.generate_gates(); - r.generate_assignments(permutation); - - assert(bp.is_satisfied()); - for (std::size_t packet_idx = 0; packet_idx < num_packets; ++packet_idx) { - for (std::size_t bit_idx = 0; bit_idx < packet_size; ++bit_idx) { - assert(bp.val(outbits[permutation.get(packet_idx)][bit_idx]) == bp.val(randbits[packet_idx][bit_idx])); - } - } - - bp.val(blueprint_variable(10)) = typename FieldType::value_type(12345); - assert(!bp.is_satisfied()); -} - -BOOST_AUTO_TEST_SUITE(benes_components_test_suite) - -BOOST_AUTO_TEST_CASE(benes_components_test) { -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/blueprint/test/verifiers/r1cs_ppzksnark.cpp b/crypto3/libs/blueprint/test/verifiers/r1cs_ppzksnark.cpp deleted file mode 100644 index f90d73e679..0000000000 --- a/crypto3/libs/blueprint/test/verifiers/r1cs_ppzksnark.cpp +++ /dev/null @@ -1,459 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_ppzksnark_test - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include -//#include - -#include -#include -#include -#include -#include -#include - -#include "../pairing/weierstrass_miller_loop.hpp" -#include "../r1cs_examples.hpp" - -using namespace nil::crypto3::zk; -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_verifier() { - typedef typename ppT_A::scalar_field_type FieldT_A; - typedef typename ppT_B::scalar_field_type FieldT_B; - - const std::size_t num_constraints = 50; - const std::size_t primary_input_size = 3; - - r1cs_example example = - generate_r1cs_example_with_field_input(num_constraints, primary_input_size); - BOOST_CHECK(example.primary_input.size() == primary_input_size); - - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - const r1cs_ppzksnark_keypair keypair = r1cs_ppzksnark_generator(example.constraint_system); - const r1cs_ppzksnark_proof pi = - r1cs_ppzksnark_prover(keypair.first, example.primary_input, example.auxiliary_input); - bool bit = r1cs_ppzksnark_verifier_strong_input_consistency(keypair.second, example.primary_input, pi); - BOOST_CHECK(bit); - - const std::size_t elt_size = FieldT_A::size_in_bits(); - const std::size_t primary_input_size_in_bits = elt_size * primary_input_size; - const std::size_t vk_size_in_bits = - r1cs_ppzksnark_verification_key_variable::size_in_bits(primary_input_size); - - blueprint bp; - nil::crypto3::zk::detail::blueprint_variable_vector vk_bits; - vk_bits.allocate(bp, vk_size_in_bits); - - nil::crypto3::zk::detail::blueprint_variable_vector primary_input_bits; - primary_input_bits.allocate(bp, primary_input_size_in_bits); - - r1cs_ppzksnark_proof_variable proof(bp); - - r1cs_ppzksnark_verification_key_variable vk(bp, vk_bits, primary_input_size); - - nil::crypto3::zk::detail::blueprint_variable result; - result.allocate(bp); - - r1cs_ppzksnark_verifier_component verifier(bp, vk, primary_input_bits, elt_size, proof, result); - - proof.generate_gates(); - verifier.generate_gates(); - - std::vector input_as_bits; - for (const FieldT_A &el : example.primary_input) { - std::vector v = algebra::convert_field_element_to_bit_vector(el, elt_size); - input_as_bits.insert(input_as_bits.end(), v.begin(), v.end()); - } - - primary_input_bits.fill_with_bits(bp, input_as_bits); - - vk.generate_assignments(keypair.second); - proof.generate_assignments(pi); - verifier.generate_assignments(); - bp.val(result) = FieldT_B::one(); - - std::cout << "positive test:\n" << std::endl; - BOOST_CHECK(bp.is_satisfied()); - - bp.val(primary_input_bits[0]) = FieldT_B::one() - bp.val(primary_input_bits[0]); - verifier.generate_assignments(); - bp.val(result) = FieldT_B::one(); - - std::cout << "negative test:" << std::endl; - BOOST_CHECK(!bp.is_satisfied()); - std::cout << "number of constraints for verifier:" << bp.num_constraints() << std::endl; -} - -template -void test_hardcoded_verifier() { - typedef typename ppT_A::scalar_field_type FieldT_A; - typedef typename ppT_B::scalar_field_type FieldT_B; - - const std::size_t num_constraints = 50; - const std::size_t primary_input_size = 3; - - r1cs_example example = - generate_r1cs_example_with_field_input(num_constraints, primary_input_size); - BOOST_CHECK(example.primary_input.size() == primary_input_size); - - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - const r1cs_ppzksnark_keypair keypair = r1cs_ppzksnark_generator(example.constraint_system); - const r1cs_ppzksnark_proof pi = - r1cs_ppzksnark_prover(keypair.first, example.primary_input, example.auxiliary_input); - bool bit = r1cs_ppzksnark_verifier_strong_input_consistency(keypair.second, example.primary_input, pi); - BOOST_CHECK(bit); - - const std::size_t elt_size = FieldT_A::size_in_bits(); - const std::size_t primary_input_size_in_bits = elt_size * primary_input_size; - - blueprint bp; - r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable hardcoded_vk(bp, keypair.second); - nil::crypto3::zk::detail::blueprint_variable_vector primary_input_bits; - primary_input_bits.allocate(bp, primary_input_size_in_bits); - - r1cs_ppzksnark_proof_variable proof(bp); - - nil::crypto3::zk::detail::blueprint_variable result; - result.allocate(bp); - - r1cs_ppzksnark_online_verifier_component online_verifier(bp, hardcoded_vk, primary_input_bits, elt_size, - proof, result); - - proof.generate_gates(); - online_verifier.generate_gates(); - - std::vector input_as_bits; - for (const FieldT_A &el : example.primary_input) { - std::vector v = algebra::convert_field_element_to_bit_vector(el, elt_size); - input_as_bits.insert(input_as_bits.end(), v.begin(), v.end()); - } - - primary_input_bits.fill_with_bits(bp, input_as_bits); - - proof.generate_assignments(pi); - online_verifier.generate_assignments(); - bp.val(result) = FieldT_B::one(); - - printf("positive test:\n"); - BOOST_CHECK(bp.is_satisfied()); - - bp.val(primary_input_bits[0]) = FieldT_B::one() - bp.val(primary_input_bits[0]); - online_verifier.generate_assignments(); - bp.val(result) = FieldT_B::one(); - - printf("negative test:\n"); - BOOST_CHECK(!bp.is_satisfied()); - std::cout << "number of constraints for verifier: " << bp.num_constraints(); -} - -template class VarT, template class MulT> -void test_mul() { - typedef typename FpExtT::my_Fp FieldType; - - blueprint bp; - VarT x(bp); - VarT y(bp); - VarT xy(bp); - MulT mul(bp, x, y, xy); - mul.generate_gates(); - - for (size_t i = 0; i < 10; ++i) { - const typename FpExtT::value_type x_val = algebra::random_element(); - const typename FpExtT::value_type y_val = algebra::random_element(); - x.generate_assignments(x_val); - y.generate_assignments(y_val); - mul.generate_assignments(); - const typename FpExtT::value_type res = xy.get_element(); - BOOST_CHECK(res == x_val * y_val); - BOOST_CHECK(bp.is_satisfied()); - } - std::cout << "number of constraints:" << bp.num_constraints() << std::endl; -} - -template class VarT, template class SqrT> -void test_sqr() { - typedef typename FpExtT::my_Fp FieldType; - - blueprint bp; - VarT x(bp); - VarT xsq(bp); - SqrT sqr(bp, x, xsq); - sqr.generate_gates(); - - for (size_t i = 0; i < 10; ++i) { - const typename FpExtT::value_type x_val = algebra::random_element(); - x.generate_assignments(x_val); - sqr.generate_assignments(); - const typename FpExtT::value_type res = xsq.get_element(); - BOOST_CHECK(res == x_val.squared()); - BOOST_CHECK(bp.is_satisfied()); - } - std::cout << "number of constraints: " << bp.num_constraints() << std::endl; -} - -template class VarT, template class CycloSqrT> -void test_cyclotomic_sqr() { - typedef algebra::Fqk FpExtT; - typedef typename FpExtT::my_Fp FieldType; - - blueprint bp; - VarT x(bp); - VarT xsq(bp); - CycloSqrT sqr(bp, x, xsq); - sqr.generate_gates(); - - for (size_t i = 0; i < 10; ++i) { - FpExtT::value_type x_val = algebra::random_element(); - x_val = final_exponentiation(x_val); - - x.generate_assignments(x_val); - sqr.generate_assignments(); - const typename FpExtT::value_type res = xsq.get_element(); - BOOST_CHECK(res == x_val.squared()); - BOOST_CHECK(bp.is_satisfied()); - } - std::cout << "number of constraints: " << bp.num_constraints() << std::endl; -} - -template class VarT> -void test_Frobenius() { - typedef typename FpExtT::my_Fp FieldType; - - for (size_t i = 0; i < 100; ++i) { - blueprint bp; - VarT x(bp); - VarT x_frob = x.Frobenius_map(i); - - const typename FpExtT::value_type x_val = algebra::random_element(); - x.generate_assignments(x_val); - x_frob.evaluate(); - const typename FpExtT::value_type res = x_frob.get_element(); - BOOST_CHECK(res == x_val.Frobenius_map(i)); - BOOST_CHECK(bp.is_satisfied()); - } -} - -template -void test_full_pair() { - typedef typename CurveType::scalar_field_type FieldType; - typedef typename pairing::CurveType::pairing::pair_curve_type::pairing pairing_policy; - - blueprint bp; - pairing::CurveType::pairing::pair_curve_type::template g1_type<>::value_type P_val = - algebra::random_element() * - pairing::CurveType::pairing::pair_curve_type::template g1_type<>::value_type::one(); - pairing::CurveType::pairing::pair_curve_type::template g2_type<>::value_type Q_val = - algebra::random_element() * - pairing::CurveType::pairing::pair_curve_type::template g2_type<>::value_type::one(); - - element_g1 P(bp); - element_g2 Q(bp); - g1_precomputation prec_P; - g2_precomputation prec_Q; - - precompute_G1_component compute_prec_P(bp, P, prec_P); - precompute_G2_component compute_prec_Q(bp, Q, prec_Q); - - Fqk_variable miller_result(bp); - mnt_miller_loop_component miller(bp, prec_P, prec_Q, miller_result); - components::blueprint_variable result_is_one; - result_is_one.allocate(bp); - final_exp_component finexp(bp, miller_result, result_is_one); - - compute_prec_P.generate_gates(); - compute_prec_Q.generate_gates(); - miller.generate_gates(); - finexp.generate_gates(); - - P.generate_assignments(P_val); - compute_prec_P.generate_assignments(); - Q.generate_assignments(Q_val); - compute_prec_Q.generate_assignments(); - miller.generate_assignments(); - finexp.generate_assignments(); - BOOST_CHECK(bp.is_satisfied()); - - typename pairing_policy::affine_ate_g1_precomp native_prec_P = pairing_policy::affine_ate_precompute_g1(P_val); - typename pairing_policy::affine_ate_g2_precomp native_prec_Q = pairing_policy::affine_ate_precompute_g2(Q_val); - typename pairing_policy::Fqk native_miller_result = - pairing_policy::affine_ate_miller_loop(native_prec_P, native_prec_Q); - - typename pairing_policy::Fqk native_finexp_result = pairing_policy::final_exponentiation(native_miller_result); - printf("Must match:\n"); - finexp.result->get_element().print(); - native_finexp_result.print(); - - BOOST_CHECK(finexp.result->get_element() == native_finexp_result); - - std::cout << "number of constraints for full pairing: " << bp.num_constraints() << std::endl; -} - -template -void test_full_precomputed_pair() { - typedef typename CurveType::scalar_field_type FieldType; - typedef typename pairing::CurveType::pairing::pair_curve_type::pairing pairing_policy; - - blueprint bp; - pairing::CurveType::pairing::pair_curve_type::template g1_type<>::value_type P_val = - algebra::random_element() * - pairing::CurveType::pairing::pair_curve_type::template g1_type<>::value_type::one(); - pairing::CurveType::pairing::pair_curve_type::template g2_type<>::value_type Q_val = - algebra::random_element() * - pairing::CurveType::pairing::pair_curve_type::template g2_type<>::value_type::one(); - - g1_precomputation prec_P(bp, P_val); - g2_precomputation prec_Q(bp, Q_val); - - Fqk_variable miller_result(bp); - mnt_miller_loop_component miller(bp, prec_P, prec_Q, miller_result); - components::blueprint_variable result_is_one; - result_is_one.allocate(bp); - final_exp_component finexp(bp, miller_result, result_is_one); - - miller.generate_gates(); - finexp.generate_gates(); - - miller.generate_assignments(); - finexp.generate_assignments(); - BOOST_CHECK(bp.is_satisfied()); - - typename pairing_policy::affine_ate_g1_precomp native_prec_P = pairing_policy::affine_ate_precompute_g1(P_val); - typename pairing_policy::affine_ate_g2_precomp native_prec_Q = pairing_policy::affine_ate_precompute_g2(Q_val); - typename pairing_policy::Fqk native_miller_result = - pairing_policy::affine_ate_miller_loop(native_prec_P, native_prec_Q); - - typename pairing_policy::Fqk native_finexp_result = pairing_policy::final_exponentiation(native_miller_result); - printf("Must match:\n"); - finexp.result->get_element().print(); - native_finexp_result.print(); - - BOOST_CHECK(finexp.result->get_element() == native_finexp_result); - - std::cout << "number of constraints for full precomputed pairing: " << bp.num_constraints() << std::endl; -} - -BOOST_AUTO_TEST_SUITE(benes_components_test_suite) - -BOOST_AUTO_TEST_CASE(benes_components_mnt4_test) { - - std::cout << "Benes components test for mnt4-298 started" << std::endl; - using curve_type = typename algebra::curves::mnt4<298>; - using fq2_type = typename curve_type::template g2_type<>::field_type; - using fq4_type = typename curve_type::gt_type; - - test_mul(); - test_sqr(); - - test_mul(); - test_sqr(); - test_cyclotomic_sqr(); - test_exponentiation_component( - curve_type::pairing::final_exponent_last_chunk_abs_of_w0); - test_Frobenius(); - - test_element_g2_is_well_formed(); - - test_element_g1_precomp(); - - test_element_g2_precomp(); - - test_mnt_miller_loop(); - - test_mnt_e_over_e_miller_loop(); - - test_mnt_e_times_e_over_e_miller_loop(); - - test_full_pairing(); - - test_full_precomputed_pairing(); - - test_verifier(); - - test_hardcoded_verifier(); -} - -BOOST_AUTO_TEST_CASE(benes_components_mnt6_test) { - - std::cout << "Benes components test for mnt6-298 started" << std::endl; - - using curve_type = typename algebra::curves::mnt6<298>; - using fq3_type = typename curve_type::template g2_type<>::field_type; - using fq6_2over3_type = typename curve_type::gt_type; - - test_mul(); - test_sqr(); - - test_mul(); - test_sqr(); - test_cyclotomic_sqr(); - test_exponentiation_component( - curve_type::pairing::final_exponent_last_chunk_abs_of_w0); - test_Frobenius(); - - test_element_g2_is_well_formed(); - - test_element_g1_precomp(); - - test_element_g2_precomp(); - - test_mnt_miller_loop(); - - test_mnt_e_over_e_miller_loop(); - - test_mnt_e_times_e_over_e_miller_loop(); - - test_full_pairing(); - - test_full_precomputed_pairing(); - - test_verifier(); - - test_hardcoded_verifier(); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/blueprint/test/verify_r1cs_scheme.hpp b/crypto3/libs/blueprint/test/verify_r1cs_scheme.hpp deleted file mode 100644 index b821fd1375..0000000000 --- a/crypto3/libs/blueprint/test/verify_r1cs_scheme.hpp +++ /dev/null @@ -1,89 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BLUEPRINT_COMPONENTS_VERIFY_R1CS_SCHEME_COMPONENT_TEST_HPP -#define CRYPTO3_BLUEPRINT_COMPONENTS_VERIFY_R1CS_SCHEME_COMPONENT_TEST_HPP - -#include - -#include -#include -#include - -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template> -bool verify_component(blueprint::blueprint bp) { - - if (bp.num_variables() == 0x00) { - std::cout << "Empty blueprint!" << std::endl; - return false; - } - - using field_type = typename CurveType::scalar_field_type; - using scheme_type = SchemeType; - - const snark::r1cs_constraint_system constraint_system = bp.get_constraint_system(); - - auto begin = std::chrono::high_resolution_clock::now(); - const typename scheme_type::keypair_type keypair = generate(constraint_system); - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Key generation finished, time: " << elapsed.count() * 1e-9 << std::endl; - - begin = std::chrono::high_resolution_clock::now(); - const typename scheme_type::proof_type proof = - prove(keypair.first, bp.primary_input(), bp.auxiliary_input()); - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - std::cout << "Proving finished, time: " << elapsed.count() * 1e-9 << std::endl; - - begin = std::chrono::high_resolution_clock::now(); - bool verified = verify(keypair.second, bp.primary_input(), proof); - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Number of R1CS constraints: " << constraint_system.num_constraints() << std::endl; - std::cout << "Verification finished, time: " << elapsed.count() * 1e-9 << std::endl; - std::cout << "Verification status: " << verified << std::endl; - - return verified; -} - -template<> -bool verify_component, snark::r1cs_gg_ppzksnark>>( - blueprint::blueprint::scalar_field_type> bp) { - std::cout << "Warning! r1cs_gg_ppzksnark for Edwards-183 is not implemented yet" << std::endl; - - return false; -} - -#endif // CRYPTO3_BLUEPRINT_COMPONENTS_VERIFY_R1CS_SCHEME_COMPONENT_TEST_HPP diff --git a/crypto3/libs/blueprint/test/voting/r1cs/encrypted_input_voting.cpp b/crypto3/libs/blueprint/test/voting/r1cs/encrypted_input_voting.cpp deleted file mode 100644 index d284224bae..0000000000 --- a/crypto3/libs/blueprint/test/voting/r1cs/encrypted_input_voting.cpp +++ /dev/null @@ -1,361 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE voting_encrypted_input_component_test - -#include - -#include - -#include - -#include - -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; - -template -std::vector calculate_hash_via_component(const std::vector &in_bits) { - using field_type = typename HashComponent::field_type; - - blueprint bp_bits; - components::block_variable in_block(bp_bits, in_bits.size()); - in_block.generate_assignments(in_bits); - - HashComponent hash_comp_bits(bp_bits, in_block); - hash_comp_bits.generate_assignments(); - hash_comp_bits.generate_gates(); - return hash_comp_bits.result.get_digest(); -} - -void test_jubjub_pedersen_encrypted_input_voting_component() { - using curve_type = curves::jubjub; - using bp_generator_hash_type = hashes::sha2<256>; - using hash_params = hashes::find_group_hash_default_params; - using hash_component = components::pedersen; - using hash_type = typename hash_component::hash_type; - using merkle_hash_component = hash_component; - using merkle_hash_type = typename merkle_hash_component::hash_type; - using field_type = typename hash_component::field_type; - constexpr std::size_t arity = 2; - using voting_component = - components::encrypted_input_voting; - using merkle_proof_component = typename voting_component::merkle_proof_component; - using merkle_validate_component = typename voting_component::merkle_proof_validating_component; - - /* prepare test */ - const std::size_t tree_depth = 16; - // TODO: use merkle_proof from container module - std::vector> path(tree_depth); - - const std::size_t sk_len = 128; - std::vector sk(sk_len); - std::generate(sk.begin(), sk.end(), [&]() { return std::rand() % 2; }); - auto sk_wrong = sk; - sk_wrong[0] = !sk_wrong[0]; - - std::vector pk = hash(sk); - std::vector pk_leaf = hash(pk); - BOOST_CHECK(pk_leaf.size() == merkle_hash_component::digest_bits); - - std::vector prev_hash = pk_leaf; - std::vector leaf = pk_leaf; - - std::vector address_bits; - - std::size_t address = 0; - for (long level = tree_depth - 1; level >= 0; --level) { - const bool computed_is_right = (std::rand() % 2); - address |= (computed_is_right ? 1ul << (tree_depth - 1 - level) : 0); - address_bits.push_back(computed_is_right); - std::vector other(merkle_hash_component::digest_bits); - std::generate(other.begin(), other.end(), [&]() { return std::rand() % 2; }); - - std::vector block = prev_hash; - block.insert(computed_is_right ? block.begin() : block.end(), other.begin(), other.end()); - std::vector h = hash(block); - - path[level] = other; - - prev_hash = h; - } - std::vector root = prev_hash; - auto root_wrong = root; - root_wrong[0] = !root_wrong[0]; - auto path_wrong = path; - path_wrong[0][0] = !path_wrong[0][0]; - auto address_bits_wrong = address_bits; - address_bits_wrong[0] = !address_bits_wrong[0]; - - std::vector m = {0, 1, 0, 0, 0, 0, 0}; - auto m_wrong = m; - m_wrong[0] = !m_wrong[0]; - - const std::size_t eid_size = 64; - std::vector eid(eid_size); - std::generate(eid.begin(), eid.end(), [&]() { return std::rand() % 2; }); - - std::vector eid_sk; - std::copy(std::cbegin(eid), std::cend(eid), std::back_inserter(eid_sk)); - std::copy(std::cbegin(sk), std::cend(sk), std::back_inserter(eid_sk)); - std::vector sn = hash(eid_sk); - auto sn_wrong = sn; - sn_wrong[0] = !sn_wrong[0]; - - /* execute test */ - blueprint bp; - nil::crypto3::zk::detail::blueprint_variable_vector address_bits_va; - address_bits_va.allocate(bp, tree_depth); - components::block_variable m_block(bp, m.size()); - components::block_variable eid_block(bp, eid.size()); - components::block_variable sk_block(bp, sk.size()); - components::digest_variable sn_digest(bp, hash_component::digest_bits); - components::digest_variable root_digest(bp, merkle_hash_component::digest_bits); - merkle_hash_component path_var(bp, tree_depth); - voting_component vote_var(bp, m_block, eid_block, sn_digest, root_digest, address_bits_va, path_var, sk_block, - nil::crypto3::zk::detail::blueprint_variable(0)); - - path_var.generate_gates(); - vote_var.generate_gates(); - - address_bits_va.fill_with_bits(bp, address_bits); - BOOST_CHECK(address_bits_va.get_field_element_from_bits(bp) == address); - m_block.generate_assignments(m); - eid_block.generate_assignments(eid); - sk_block.generate_assignments(sk); - path_var.generate_assignments(address, path); - - /* make sure that read checker didn't accidentally overwrite anything */ - address_bits_va.fill_with_bits(bp, address_bits); - vote_var.generate_assignments(root, sn); - BOOST_CHECK(bp.is_satisfied()); - - // false positive test with wrong root - root_digest.generate_assignments(root_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - root_digest.generate_assignments(root); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong sk - sk_block.generate_assignments(sk_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - sk_block.generate_assignments(sk); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong path - path_var.generate_assignments(address, path_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - path_var.generate_assignments(address, path); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong address - address_bits_va.fill_with_bits(bp, address_bits_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - address_bits_va.fill_with_bits(bp, address_bits); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong sn - sn_digest.generate_assignments(sn_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - sn_digest.generate_assignments(sn); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong m - m_block.generate_assignments(m_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - m_block.generate_assignments(m); - BOOST_CHECK(bp.is_satisfied()); - - // const std::size_t num_constraints = bp.num_constraints(); - // const std::size_t expected_constraints = - // components::merkle_tree_check_read_component::expected_constraints(tree_depth); - // BOOST_CHECK(num_constraints == expected_constraints); -} - -template -typename std::enable_if::value, std::vector>>::type - generate_random_data(std::size_t leaf_number) { - std::vector> v; - for (std::size_t i = 0; i < leaf_number; ++i) { - std::array leaf; - std::generate(std::begin(leaf), std::end(leaf), - [&]() { return std::rand() % (std::numeric_limits::max() + 1); }); - v.emplace_back(leaf); - } - return v; -} - -void test_jubjub_merkle_container_pedersen_encrypted_input_voting_component() { - using curve_type = curves::jubjub; - using bp_generator_hash_type = hashes::sha2<256>; - using hash_params = hashes::find_group_hash_default_params; - using hash_component = components::pedersen; - using hash_type = typename hash_component::hash_type; - using merkle_hash_component = hash_component; - using merkle_hash_type = typename merkle_hash_component::hash_type; - using field_type = typename hash_component::field_type; - constexpr std::size_t arity = 2; - using voting_component = - components::encrypted_input_voting; - using merkle_proof_component = typename voting_component::merkle_proof_component; - using merkle_validate_component = typename voting_component::merkle_proof_validating_component; - - /* prepare test */ - constexpr std::size_t tree_depth = 4; - constexpr std::size_t leafs_number = 1 << tree_depth; - auto secret_keys = generate_random_data(leafs_number); - std::vector> public_keys; - for (const auto &sk : secret_keys) { - std::array pk; - hash(sk, std::begin(pk)); - public_keys.emplace_back(pk); - } - nil::crypto3::containers::merkle_tree tree(std::cbegin(public_keys), - std::cend(public_keys)); - std::size_t proof_idx = std::rand() % leafs_number; - nil::crypto3::containers::merkle_proof proof(tree, proof_idx); - nil::crypto3::containers::merkle_proof proof_wrong(tree, (proof_idx + 1) % leafs_number); - - auto tree_pk_leaf = tree[proof_idx]; - std::vector pk_leaf = hash(public_keys[proof_idx]); - - BOOST_ASSERT(tree_pk_leaf.size() == pk_leaf.size()); - for (auto i = 0; i < pk_leaf.size(); ++i) { - BOOST_ASSERT(tree_pk_leaf[i] == pk_leaf[i]); - } - - auto sk_wrong = secret_keys[proof_idx]; - sk_wrong[0] = !sk_wrong[0]; - - auto root = tree.root(); - auto root_wrong = root; - root_wrong[0] = !root_wrong[0]; - - std::vector m = {0, 1, 0, 0, 0, 0, 0}; - auto m_wrong = m; - m_wrong[0] = !m_wrong[0]; - - const std::size_t eid_size = 64; - std::vector eid(eid_size); - std::generate(eid.begin(), eid.end(), [&]() { return std::rand() % 2; }); - - std::vector eid_sk; - std::copy(std::cbegin(eid), std::cend(eid), std::back_inserter(eid_sk)); - std::copy(std::cbegin(secret_keys[proof_idx]), std::cend(secret_keys[proof_idx]), std::back_inserter(eid_sk)); - std::vector sn = hash(eid_sk); - auto sn_wrong = sn; - sn_wrong[0] = !sn_wrong[0]; - - /* execute test */ - blueprint bp; - nil::crypto3::zk::detail::blueprint_variable_vector address_bits_va; - address_bits_va.allocate(bp, tree_depth); - components::block_variable m_block(bp, m.size()); - components::block_variable eid_block(bp, eid.size()); - components::block_variable sk_block(bp, secret_keys[proof_idx].size()); - components::digest_variable sn_digest(bp, hash_component::digest_bits); - components::digest_variable root_digest(bp, merkle_hash_component::digest_bits); - merkle_proof_component path_var(bp, tree_depth); - voting_component vote_var(bp, m_block, eid_block, sn_digest, root_digest, address_bits_va, path_var, sk_block, - nil::crypto3::zk::detail::blueprint_variable(0)); - - path_var.generate_gates(); - vote_var.generate_gates(); - - std::cout << "Constraints number: " << bp.num_constraints() << std::endl; - - path_var.generate_assignments(proof); - address_bits_va.fill_with_bits_of_ulong(bp, path_var.address); - auto address = path_var.address; - BOOST_CHECK(address_bits_va.get_field_element_from_bits(bp) == path_var.address); - m_block.generate_assignments(m); - eid_block.generate_assignments(eid); - sk_block.generate_assignments(secret_keys[proof_idx]); - vote_var.generate_assignments(root, sn); - BOOST_CHECK(bp.is_satisfied()); - - // false positive test with wrong root - root_digest.generate_assignments(root_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - root_digest.generate_assignments(root); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong sk - sk_block.generate_assignments(sk_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - sk_block.generate_assignments(secret_keys[proof_idx]); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong address - address_bits_va.fill_with_bits_of_ulong(bp, path_var.address - 1); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - address_bits_va.fill_with_bits_of_ulong(bp, path_var.address); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong sn - sn_digest.generate_assignments(sn_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - sn_digest.generate_assignments(sn); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong m - m_block.generate_assignments(m_wrong); - BOOST_CHECK(!bp.is_satisfied()); - - // reset blueprint in the correct state - m_block.generate_assignments(m); - BOOST_CHECK(bp.is_satisfied()); - // false positive test with wrong path - path_var.generate_assignments(proof_wrong, true); - BOOST_CHECK(!bp.is_satisfied()); -} - -BOOST_AUTO_TEST_SUITE(voting_component_test_suite) - -BOOST_AUTO_TEST_CASE(voting_component_jubjub_pedersen_test) { - test_jubjub_pedersen_encrypted_input_voting_component(); -} - -BOOST_AUTO_TEST_CASE(voting_component_jubjub_merkle_container_pedersen_test) { - test_jubjub_merkle_container_pedersen_encrypted_input_voting_component(); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/hash/include/nil/crypto3/hash/detail/h2c/ep.hpp b/crypto3/libs/hash/include/nil/crypto3/hash/detail/h2c/ep.hpp index 1f6adfb738..225a449589 100644 --- a/crypto3/libs/hash/include/nil/crypto3/hash/detail/h2c/ep.hpp +++ b/crypto3/libs/hash/include/nil/crypto3/hash/detail/h2c/ep.hpp @@ -77,7 +77,9 @@ namespace nil { auto u = hash_to_field<2, expand_message_ro>(msg, dst); group_value_type Q0 = map_to_curve::process(u[0]); group_value_type Q1 = map_to_curve::process(u[1]); - return clear_cofactor(Q0 + Q1); + Q0 += Q1; + clear_cofactor(Q0); + return Q0; } // template(msg, dst); group_value_type Q0 = map_to_curve::process(u[0]); group_value_type Q1 = map_to_curve::process(u[1]); - return clear_cofactor(Q0 + Q1); + Q0 += Q1; + clear_cofactor(Q0); + return Q0; } // private: template> { }; template - static inline GroupValue clear_cofactor(const GroupValue &R) { - return R * h2c_suite::h_eff; + static inline void clear_cofactor(GroupValue &R) { + scalar_mul_inplace(R, h2c_suite::h_eff); } template @@ -346,7 +346,9 @@ namespace nil { typename Group::value_type Q0 = map_to_curve::process(u[0]); typename Group::value_type Q1 = map_to_curve::process(u[1]); - return clear_cofactor(Q0 + Q1); + Q0 += Q1; + clear_cofactor(Q0); + return Q0; } } // namespace detail } // namespace hashes diff --git a/crypto3/libs/hash/include/nil/crypto3/hash/detail/pedersen/basic_functions.hpp b/crypto3/libs/hash/include/nil/crypto3/hash/detail/pedersen/basic_functions.hpp index 3113d9d478..cc289e7c19 100644 --- a/crypto3/libs/hash/include/nil/crypto3/hash/detail/pedersen/basic_functions.hpp +++ b/crypto3/libs/hash/include/nil/crypto3/hash/detail/pedersen/basic_functions.hpp @@ -29,6 +29,7 @@ #include #include +#include namespace nil { namespace crypto3 { @@ -37,11 +38,15 @@ namespace nil { /// See definition of \p c in https://zips.z.cash/protocol/protocol.pdf#concretepedersenhash template constexpr std::size_t chunks_per_base_point(std::size_t chunk_bits) { - typename Field::extended_integral_type two(2); + + using extended_integral_type = boost::multiprecision::number< + boost::multiprecision::backends::cpp_int_modular_backend<2 * Field::policy_type::modulus_bits>>; + + extended_integral_type two(2); std::size_t c = 1; std::size_t prev_c = 0; /// (Fr - 1) / 2 - typename Field::extended_integral_type upper_bound = (Field::modulus - 1) / 2; + extended_integral_type upper_bound = (Field::modulus - 1) / 2; // TODO: first multiplier should be verified /// (chunk_bits + 1) * ((2^(c * (chunk_bits + 1)) - 1) / (2^(chunk_bits + 1) - 1)) auto get_test_value = [&](auto i) { diff --git a/crypto3/libs/hash/test/h2c.cpp b/crypto3/libs/hash/test/h2c.cpp index 119592ca41..41f0b192f9 100644 --- a/crypto3/libs/hash/test/h2c.cpp +++ b/crypto3/libs/hash/test/h2c.cpp @@ -45,64 +45,6 @@ using namespace nil::crypto3; using namespace nil::crypto3::algebra; -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp &e) { - std::cout << e.data << std::endl; -} - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp2 &e) { - std::cout << e.data[0].data << ", " << e.data[1].data << std::endl; -} - -template -typename std::enable_if::value || - std::is_same::value>::type - print_curve_point(std::ostream &os, const curves::detail::curve_element &p) { - os << "( X: ["; - print_field_element(os, p.X); - os << "], Y: ["; - print_field_element(os, p.Y); - os << "], Z:["; - print_field_element(os, p.Z); - os << "] )" << std::endl; -} - -namespace boost { - namespace test_tools { - namespace tt_detail { - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp2 const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, - curves::detail::curve_element const &p) { - print_curve_point(os, p); - } - }; - - template class P, typename K, typename V> - struct print_log_value> { - void operator()(std::ostream &, P const &) { - } - }; - - } // namespace tt_detail - } // namespace test_tools -} // namespace boost - template typename std::enable_if::value>::type check_hash_to_curve(const std::string &msg_str, const typename Hash::digest_type &expected) { diff --git a/crypto3/libs/hash/test/hash_to_curve.cpp b/crypto3/libs/hash/test/hash_to_curve.cpp index d6ee85c7ea..f732f5e545 100644 --- a/crypto3/libs/hash/test/hash_to_curve.cpp +++ b/crypto3/libs/hash/test/hash_to_curve.cpp @@ -56,18 +56,6 @@ using namespace nil::crypto3::algebra::curves::detail; using namespace nil::crypto3::algebra::curves; using namespace nil::crypto3::hashes; -namespace boost { - namespace test_tools { - namespace tt_detail { - template class P, typename K, typename V> - struct print_log_value> { - void operator()(std::ostream &, P const &) { - } - }; - } // namespace tt_detail - } // namespace test_tools -} // namespace boost - template - class is_compatible ::value>::type> { + class is_compatible ::value>::type> { using default_endianness = option::big_endian; public: template @@ -88,4 +88,4 @@ namespace nil { } // namespace marshalling } // namespace nil -#endif // CRYPTO3_MARSHALLING_ALGEBRA_INFERENCE_TYPE_TRAITS_HPP \ No newline at end of file +#endif // CRYPTO3_MARSHALLING_ALGEBRA_INFERENCE_TYPE_TRAITS_HPP diff --git a/crypto3/libs/marshalling/algebra/test/field_element.cpp b/crypto3/libs/marshalling/algebra/test/field_element.cpp index 100330389e..1a11c1a261 100644 --- a/crypto3/libs/marshalling/algebra/test/field_element.cpp +++ b/crypto3/libs/marshalling/algebra/test/field_element.cpp @@ -41,7 +41,6 @@ #include #include -#include #include #include @@ -58,7 +57,6 @@ void test_field_element(T val) { using namespace nil::crypto3::marshalling; - std::size_t units_bits = 8; using unit_type = unsigned char; using field_element_type = types::field_element, T>; diff --git a/crypto3/libs/marshalling/algebra/test/field_element_non_fixed_size_container.cpp b/crypto3/libs/marshalling/algebra/test/field_element_non_fixed_size_container.cpp index b7c29a0e1f..6d58bfceaf 100644 --- a/crypto3/libs/marshalling/algebra/test/field_element_non_fixed_size_container.cpp +++ b/crypto3/libs/marshalling/algebra/test/field_element_non_fixed_size_container.cpp @@ -42,7 +42,6 @@ #include #include -#include #include #include @@ -54,16 +53,6 @@ void print_byteblob(TIter iter_begin, TIter iter_end) { } } -template -void print_field_element(typename nil::crypto3::algebra::fields::detail::element_fp e) { - std::cout << std::hex << e.data << std::endl; -} - -template -void print_field_element(typename nil::crypto3::algebra::fields::detail::element_fp2 e) { - std::cout << std::hex << e.data[0].data << " " << e.data[1].data << std::endl; -} - template void test_field_element_non_fixed_size_container(std::vector val_container) { diff --git a/crypto3/libs/marshalling/core/include/nil/marshalling/status_type.hpp b/crypto3/libs/marshalling/core/include/nil/marshalling/status_type.hpp index 2229a888fb..16d7ea79ba 100644 --- a/crypto3/libs/marshalling/core/include/nil/marshalling/status_type.hpp +++ b/crypto3/libs/marshalling/core/include/nil/marshalling/status_type.hpp @@ -95,6 +95,7 @@ namespace nil { case status_type::not_supported: return "the operation is not supported"; case status_type::error_status_amount: + default: return "unreachable"; } return "unreachable"; diff --git a/crypto3/libs/marshalling/math/include/nil/crypto3/marshalling/math/types/polynomial.hpp b/crypto3/libs/marshalling/math/include/nil/crypto3/marshalling/math/types/polynomial.hpp index 80859a38fb..5cac2eb2cb 100644 --- a/crypto3/libs/marshalling/math/include/nil/crypto3/marshalling/math/types/polynomial.hpp +++ b/crypto3/libs/marshalling/math/include/nil/crypto3/marshalling/math/types/polynomial.hpp @@ -61,7 +61,6 @@ namespace nil { typename polynomial, PolynomialType, std::enable_if_t< nil::crypto3::math::is_polynomial::value>>::type fill_polynomial(const PolynomialType &f) { - using TTypeBase = nil::marshalling::field_type; std::vector val; for( auto it=f.begin(); it != f.end(); it++){ val.push_back(*it); } diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp index 9cfd452e5a..86efdb6416 100644 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp +++ b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp @@ -117,7 +117,6 @@ namespace nil { const typename FRI::initial_proof_type &initial_proof ) { using TTypeBase = nil::marshalling::field_type; - using value_type = typename FRI::field_type::value_type; using filled_type = fri_initial_proof_type; using outer_list_type = nil::marshalling::types::standard_array_list< TTypeBase, diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/powers_of_tau/accumulator.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/powers_of_tau/accumulator.hpp index f451063f95..c832d96645 100644 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/powers_of_tau/accumulator.hpp +++ b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/powers_of_tau/accumulator.hpp @@ -49,7 +49,6 @@ #include #include #include -#include namespace nil { namespace crypto3 { diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/r1cs_gg_ppzksnark_mpc/public_key.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/r1cs_gg_ppzksnark_mpc/public_key.hpp deleted file mode 100644 index 67040dfe66..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/r1cs_gg_ppzksnark_mpc/public_key.hpp +++ /dev/null @@ -1,105 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2022 Noam Y <@NoamDev> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_mpc_public_key = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // delta after - fast_curve_element>, - // delta_pok - element_pok - >>; - - template - r1cs_gg_ppzksnark_mpc_public_key, PublicKey> - fill_r1cs_gg_ppzksnark_mpc_public_key(const PublicKey &public_key) { - - return r1cs_gg_ppzksnark_mpc_public_key, PublicKey>( - std::make_tuple( - std::move( - fill_fast_curve_element, Endianness>( - public_key.delta_after)), - std::move( - fill_element_pok( - public_key.delta_pok)) - )); - } - - template - PublicKey make_r1cs_gg_ppzksnark_mpc_public_key( - const r1cs_gg_ppzksnark_mpc_public_key, PublicKey> - &filled_public_key) { - - return PublicKey( - std::move( - make_fast_curve_element, Endianness>( - std::get<0>(filled_public_key.value()) - )), - std::move( - make_element_pok( - std::get<1>(filled_public_key.value()) - )) - ); - } - - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PROOF_HPP diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/auxiliary_input.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/auxiliary_input.hpp deleted file mode 100644 index d9096271f7..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/auxiliary_input.hpp +++ /dev/null @@ -1,88 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Noam Yemini <@NoamDev at GitHub> -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_AUXILIARY_INPUT_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_AUXILIARY_INPUT_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_auxiliary_input = nil::marshalling::types::array_list< - TTypeBase, - field_element, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>; - - template - r1cs_gg_ppzksnark_auxiliary_input, AuxiliaryInput> - fill_r1cs_gg_ppzksnark_auxiliary_input( - const AuxiliaryInput &r1cs_gg_ppzksnark_auxiliary_input_inp) { - - return fill_field_element_vector( - r1cs_gg_ppzksnark_auxiliary_input_inp); - } - - template - AuxiliaryInput make_r1cs_gg_ppzksnark_auxiliary_input( - const r1cs_gg_ppzksnark_auxiliary_input, AuxiliaryInput> - &filled_r1cs_gg_ppzksnark_auxiliary_input) { - - return make_field_element_vector( - filled_r1cs_gg_ppzksnark_auxiliary_input); - } - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_AUXILIARY_INPUT_HPP diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/fast_proving_key.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/fast_proving_key.hpp deleted file mode 100644 index 72e40a3f75..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/fast_proving_key.hpp +++ /dev/null @@ -1,192 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// Copyright (c) 2022 Noam Y <@NoamDev> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_FAST_PROVING_KEY_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_FAST_PROVING_KEY_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_fast_proving_key = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // alpha_g1 - fast_curve_element>, - // beta_g1 - fast_curve_element>, - // beta_g2 - fast_curve_element>, - // delta_g1 - fast_curve_element>, - // delta_g2 - fast_curve_element>, - // A_query - nil::marshalling::types::array_list< - TTypeBase, - fast_curve_element>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>, - // B_query - fast_knowledge_commitment_sparse_vector, - typename ProvingKey::curve_type::template g1_type<>>>, - // H_query - nil::marshalling::types::array_list< - TTypeBase, - fast_curve_element>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>, - // L_query - nil::marshalling::types::array_list< - TTypeBase, - fast_curve_element>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>, - // constraint_system - r1cs_constraint_system>>; - - template - r1cs_gg_ppzksnark_fast_proving_key, ProvingKey> - fill_r1cs_gg_ppzksnark_fast_proving_key(const ProvingKey &proving_key) { - - using TTypeBase = nil::marshalling::field_type; - using curve_g1_element_type = - fast_curve_element>; - using curve_g2_element_type = - fast_curve_element>; - - return r1cs_gg_ppzksnark_fast_proving_key(std::make_tuple( - std::move( - fill_fast_curve_element, Endianness>( - proving_key.alpha_g1)), - std::move( - fill_fast_curve_element, Endianness>( - proving_key.beta_g1)), - std::move( - fill_fast_curve_element, Endianness>( - proving_key.beta_g2)), - std::move( - fill_fast_curve_element, Endianness>( - proving_key.delta_g1)), - std::move( - fill_fast_curve_element, Endianness>( - proving_key.delta_g2)), - std::move( - fill_fast_curve_element_vector, Endianness>( - proving_key.A_query)), - std::move(fill_fast_knowledge_commitment_sparse_vector< - nil::crypto3::zk::commitments::knowledge_commitment_vector< - typename ProvingKey::curve_type::template g2_type<>, - typename ProvingKey::curve_type::template g1_type<>>, - Endianness>(proving_key.B_query)), - std::move( - fill_fast_curve_element_vector, Endianness>( - proving_key.H_query)), - std::move( - fill_fast_curve_element_vector, Endianness>( - proving_key.L_query)), - std::move(fill_r1cs_constraint_system( - proving_key.constraint_system)))); - } - - template - ProvingKey make_r1cs_gg_ppzksnark_fast_proving_key( - const r1cs_gg_ppzksnark_fast_proving_key, ProvingKey> - &filled_proving_key) { - - return ProvingKey( - std::move( - make_fast_curve_element, Endianness>( - std::get<0>(filled_proving_key.value()))), - std::move( - make_fast_curve_element, Endianness>( - std::get<1>(filled_proving_key.value()))), - std::move( - make_fast_curve_element, Endianness>( - std::get<2>(filled_proving_key.value()))), - std::move( - make_fast_curve_element, Endianness>( - std::get<3>(filled_proving_key.value()))), - std::move( - make_fast_curve_element, Endianness>( - std::get<4>(filled_proving_key.value()))), - std::move( - make_fast_curve_element_vector, Endianness>( - std::get<5>(filled_proving_key.value()))), - std::move( - make_fast_knowledge_commitment_vector, - typename ProvingKey::curve_type::template g1_type<>>, - Endianness>(std::get<6>(filled_proving_key.value()))), - std::move( - make_fast_curve_element_vector, Endianness>( - std::get<7>(filled_proving_key.value()))), - std::move( - make_fast_curve_element_vector, Endianness>( - std::get<8>(filled_proving_key.value()))), - std::move(make_r1cs_constraint_system( - std::get<9>(filled_proving_key.value())))); - } - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_FAST_PROVING_KEY_HPP diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/primary_input.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/primary_input.hpp deleted file mode 100644 index 23b3342738..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/primary_input.hpp +++ /dev/null @@ -1,123 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PRIMARY_INPUT_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PRIMARY_INPUT_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_primary_input = - nil::marshalling::types::array_list, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>; - - template - r1cs_gg_ppzksnark_primary_input, PrimaryInput> - fill_r1cs_gg_ppzksnark_primary_input(const PrimaryInput &r1cs_gg_ppzksnark_primary_input_inp) { - - return fill_field_element_vector( - r1cs_gg_ppzksnark_primary_input_inp); - } - - template - PrimaryInput make_r1cs_gg_ppzksnark_primary_input( - const r1cs_gg_ppzksnark_primary_input, PrimaryInput> - &filled_r1cs_gg_ppzksnark_primary_input) { - - return make_field_element_vector( - filled_r1cs_gg_ppzksnark_primary_input); - } - - template::value_type::group_type::value_type>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_encrypted_primary_input = nil::marshalling::types::array_list< - TTypeBase, - curve_element< - TTypeBase, - typename std::iterator_traits::value_type::group_type>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>; - - template::value_type::group_type> - r1cs_gg_ppzksnark_encrypted_primary_input, EncPrimaryInput> - fill_r1cs_gg_ppzksnark_encrypted_primary_input(const EncPrimaryInput &enc_primary_input) { - - return fill_curve_element_vector(enc_primary_input); - } - - template::value_type::group_type> - std::vector make_r1cs_gg_ppzksnark_encrypted_primary_input( - r1cs_gg_ppzksnark_encrypted_primary_input, EncPrimaryInput> - filled_enc_primary_input) { - - return make_curve_element_vector(filled_enc_primary_input); - } - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PRIMARY_INPUT_HPP diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/proof.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/proof.hpp deleted file mode 100644 index 8d1ea957a2..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/proof.hpp +++ /dev/null @@ -1,105 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PROOF_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PROOF_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_proof = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // g_A - curve_element>, - // g_B - curve_element>, - // g_C - curve_element>>>; - - template - r1cs_gg_ppzksnark_proof, ProofType> - fill_r1cs_gg_ppzksnark_proof(const ProofType &r1cs_gg_ppzksnark_proof_inp) { - - using TTypeBase = nil::marshalling::field_type; - - using curve_g1_element_type = - curve_element>; - - using curve_g2_element_type = - curve_element>; - - return r1cs_gg_ppzksnark_proof, ProofType>( - std::make_tuple(curve_g1_element_type(r1cs_gg_ppzksnark_proof_inp.g_A), - curve_g2_element_type(r1cs_gg_ppzksnark_proof_inp.g_B), - curve_g1_element_type(r1cs_gg_ppzksnark_proof_inp.g_C))); - } - - template - ProofType make_r1cs_gg_ppzksnark_proof( - const r1cs_gg_ppzksnark_proof, ProofType> - &filled_r1cs_gg_ppzksnark_proof) { - - return ProofType(std::move(std::get<0>(filled_r1cs_gg_ppzksnark_proof.value()).value()), - std::move(std::get<1>(filled_r1cs_gg_ppzksnark_proof.value()).value()), - std::move(std::get<2>(filled_r1cs_gg_ppzksnark_proof.value()).value())); - } - - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PROOF_HPP diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/proving_key.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/proving_key.hpp deleted file mode 100644 index 39cb6e176e..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,171 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PROVING_KEY_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_proving_key = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // alpha_g1 - curve_element>, - // beta_g1 - curve_element>, - // beta_g2 - curve_element>, - // delta_g1 - curve_element>, - // delta_g2 - curve_element>, - // A_query - nil::marshalling::types::array_list< - TTypeBase, - curve_element>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>, - // B_query - knowledge_commitment_sparse_vector, - typename ProvingKey::curve_type::template g1_type<>>>, - // H_query - nil::marshalling::types::array_list< - TTypeBase, - curve_element>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>, - // L_query - nil::marshalling::types::array_list< - TTypeBase, - curve_element>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>, - // constraint_system - r1cs_constraint_system>>; - - template - r1cs_gg_ppzksnark_proving_key, ProvingKey> - fill_r1cs_gg_ppzksnark_proving_key(const ProvingKey &proving_key) { - - using TTypeBase = nil::marshalling::field_type; - using curve_g1_element_type = - curve_element>; - using curve_g2_element_type = - curve_element>; - - return r1cs_gg_ppzksnark_proving_key(std::make_tuple( - std::move(curve_g1_element_type(proving_key.alpha_g1)), - std::move(curve_g1_element_type(proving_key.beta_g1)), - std::move(curve_g2_element_type(proving_key.beta_g2)), - std::move(curve_g1_element_type(proving_key.delta_g1)), - std::move(curve_g2_element_type(proving_key.delta_g2)), - std::move( - fill_curve_element_vector, Endianness>( - proving_key.A_query)), - std::move(fill_knowledge_commitment_sparse_vector< - nil::crypto3::zk::commitments::knowledge_commitment_vector< - typename ProvingKey::curve_type::template g2_type<>, - typename ProvingKey::curve_type::template g1_type<>>, - Endianness>(proving_key.B_query)), - std::move( - fill_curve_element_vector, Endianness>( - proving_key.H_query)), - std::move( - fill_curve_element_vector, Endianness>( - proving_key.L_query)), - std::move(fill_r1cs_constraint_system( - proving_key.constraint_system)))); - } - - template - ProvingKey make_r1cs_gg_ppzksnark_proving_key( - const r1cs_gg_ppzksnark_proving_key, ProvingKey> - &filled_proving_key) { - - return ProvingKey( - std::move(std::get<0>(filled_proving_key.value()).value()), - std::move(std::get<1>(filled_proving_key.value()).value()), - std::move(std::get<2>(filled_proving_key.value()).value()), - std::move(std::get<3>(filled_proving_key.value()).value()), - std::move(std::get<4>(filled_proving_key.value()).value()), - std::move( - make_curve_element_vector, Endianness>( - std::get<5>(filled_proving_key.value()))), - std::move( - make_knowledge_commitment_vector, - typename ProvingKey::curve_type::template g1_type<>>, - Endianness>(std::get<6>(filled_proving_key.value()))), - std::move( - make_curve_element_vector, Endianness>( - std::get<7>(filled_proving_key.value()))), - std::move( - make_curve_element_vector, Endianness>( - std::get<8>(filled_proving_key.value()))), - std::move(make_r1cs_constraint_system( - std::get<9>(filled_proving_key.value())))); - } - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_PROVING_KEY_HPP diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/r1cs.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/r1cs.hpp deleted file mode 100644 index 161d828aa6..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/r1cs.hpp +++ /dev/null @@ -1,276 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_HPP -#define CRYPTO3_MARSHALLING_R1CS_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - template>>::value, - bool>::type, - typename... TOptions> - using linear_term = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // index - nil::marshalling::types:: - integral::index_type>, - // coeff - field_element>>; - - template>>::value, - bool>::type, - typename... TOptions> - using linear_combination = nil::marshalling::types::array_list< - TTypeBase, - linear_term>>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>; - - template< - typename TTypeBase, - typename Constraint, - typename = typename std::enable_if< - std::is_same>::value, - bool>::type, - typename... TOptions> - using r1cs_constraint = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // a - linear_combination>>, - // b - linear_combination>>, - // c - linear_combination>>>>; - - template>::value, - bool>::type, - typename... TOptions> - using r1cs_constraint_system = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // primary_input_size - nil::marshalling::types::integral, - // auxiliary_input_size - nil::marshalling::types::integral, - // constraints - nil::marshalling::types::array_list< - TTypeBase, - r1cs_constraint>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral>>>>; - - template - linear_term, LT> fill_linear_term(const LT <) { - - using TTypeBase = nil::marshalling::field_type; - using integral_type = nil::marshalling::types:: - integral::index_type>; - using field_element_type = field_element; - - return linear_term( - std::make_tuple(integral_type(lt.index), field_element_type(lt.coeff))); - } - - template - LT make_linear_term(const linear_term, LT> &filled_lt) { - return typename LT::variable_type(std::move(std::get<0>(filled_lt.value()).value())) * - std::move(std::get<1>(filled_lt.value()).value()); - } - - template - linear_combination, LC> fill_linear_combination(const LC &lc) { - - using lt_type = linear_term, - math::linear_term>>; - using lc_type = linear_combination, LC>; - - lc_type result; - std::vector &val = result.value(); - for (std::size_t i = 0; i < lc.terms.size(); i++) { - val.push_back( - fill_linear_term>, Endianness>(lc.terms[i])); - } - - return result; - } - - template - LC make_linear_combination( - const linear_combination, LC> &filled_lc) { - - LC result; - const std::vector, - math::linear_term>>> &values = - filled_lc.value(); - std::size_t size = values.size(); - for (std::size_t i = 0; i < size; i++) { - result.add_term( - make_linear_term>, Endianness>(values[i])); - } - - return result; - } - - template - r1cs_constraint, Constraint> - fill_r1cs_constraint(const Constraint &c) { - - return r1cs_constraint, Constraint>(std::make_tuple( - fill_linear_combination>, - Endianness>(c.a), - fill_linear_combination>, - Endianness>(c.b), - fill_linear_combination>, - Endianness>(c.c))); - } - - template - Constraint make_r1cs_constraint( - const r1cs_constraint, Constraint> &filled_c) { - - return Constraint( - std::move( - make_linear_combination>, - Endianness>(std::get<0>(filled_c.value()))), - std::move( - make_linear_combination>, - Endianness>(std::get<1>(filled_c.value()))), - std::move( - make_linear_combination>, - Endianness>(std::get<2>(filled_c.value())))); - } - - template - nil::marshalling::types::array_list< - nil::marshalling::field_type, - r1cs_constraint, - zk::snark::r1cs_constraint>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral, std::size_t>>> - fill_r1cs_constraint_vector(const std::vector &cs_vec) { - - using constraint_type = r1cs_constraint, Constraint>; - using constraint_vector_type = nil::marshalling::types::array_list< - nil::marshalling::field_type, - constraint_type, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral, std::size_t>>>; - - constraint_vector_type result; - std::vector &val = result.value(); - for (std::size_t i = 0; i < cs_vec.size(); i++) { - val.push_back(fill_r1cs_constraint, - Endianness>(cs_vec[i])); - } - return result; - } - - template - std::vector make_r1cs_constraint_vector( - const nil::marshalling::types::array_list< - nil::marshalling::field_type, - r1cs_constraint, - zk::snark::r1cs_constraint>, - nil::marshalling::option::sequence_size_field_prefix< - nil::marshalling::types::integral, std::size_t>>> - &filled_cs_vec) { - - std::vector result; - const std::vector, Constraint>> &values = - filled_cs_vec.value(); - std::size_t size = values.size(); - - for (std::size_t i = 0; i < size; i++) { - result.push_back( - make_r1cs_constraint, - Endianness>(values[i])); - } - return result; - } - - template - r1cs_constraint_system, CS> - fill_r1cs_constraint_system(const CS &cs) { - - using TTypeBase = nil::marshalling::field_type; - using integral_type = nil::marshalling::types::integral; - - return r1cs_constraint_system, CS>(std::make_tuple( - integral_type(cs.primary_input_size), - integral_type(cs.auxiliary_input_size), - fill_r1cs_constraint_vector, Endianness>( - cs.constraints))); - } - - template - CS make_r1cs_constraint_system( - const r1cs_constraint_system, CS> &filled_cs) { - - CS result; - result.primary_input_size = std::get<0>(filled_cs.value()).value(); - result.auxiliary_input_size = std::get<1>(filled_cs.value()).value(); - result.constraints = - make_r1cs_constraint_vector, Endianness>( - std::get<2>(filled_cs.value())); - - return result; - } - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_HPP diff --git a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/verification_key.hpp b/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/verification_key.hpp deleted file mode 100644 index 077de28c6f..0000000000 --- a/crypto3/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/r1cs_gg_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,221 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_VERIFICATION_KEY_HPP - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_verification_key = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // alpha_g1_beta_g2 - field_element, - // gamma_g2 - curve_element>, - // delta_g2 - curve_element>, - // gamma_ABC_g1 - accumulation_vector< - TTypeBase, - container::accumulation_vector>>>>; - - template - r1cs_gg_ppzksnark_verification_key, VerificationKey> - fill_r1cs_gg_ppzksnark_verification_key( - const VerificationKey &r1cs_gg_ppzksnark_verification_key_inp) { - - using TTypeBase = nil::marshalling::field_type; - using field_gt_element_type = - field_element; - using curve_g2_element_type = - curve_element>; - using accumulation_vector_type = accumulation_vector< - TTypeBase, - container::accumulation_vector>>; - - field_gt_element_type filled_alpha_g1_beta_g2( - r1cs_gg_ppzksnark_verification_key_inp.alpha_g1_beta_g2); - - curve_g2_element_type filled_gamma_g2 = - curve_g2_element_type(r1cs_gg_ppzksnark_verification_key_inp.gamma_g2); - - curve_g2_element_type filled_delta_g2 = - curve_g2_element_type(r1cs_gg_ppzksnark_verification_key_inp.delta_g2); - - accumulation_vector_type filled_gamma_ABC_g1 = fill_accumulation_vector< - container::accumulation_vector>, - Endianness>(r1cs_gg_ppzksnark_verification_key_inp.gamma_ABC_g1); - - return r1cs_gg_ppzksnark_verification_key, - VerificationKey>(std::make_tuple( - filled_alpha_g1_beta_g2, filled_gamma_g2, filled_delta_g2, filled_gamma_ABC_g1)); - } - - template - VerificationKey make_r1cs_gg_ppzksnark_verification_key( - const r1cs_gg_ppzksnark_verification_key, VerificationKey> - &filled_r1cs_gg_ppzksnark_verification_key) { - - return VerificationKey( - std::move(std::get<0>(filled_r1cs_gg_ppzksnark_verification_key.value()).value()), - std::move(std::get<1>(filled_r1cs_gg_ppzksnark_verification_key.value()).value()), - std::move(std::get<2>(filled_r1cs_gg_ppzksnark_verification_key.value()).value()), - std::move( - make_accumulation_vector>, - Endianness>( - std::get<3>(filled_r1cs_gg_ppzksnark_verification_key.value())))); - } - - template>::value, - bool>::type, - typename... TOptions> - using r1cs_gg_ppzksnark_extended_verification_key = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // alpha_g1_beta_g2 - field_element, - // gamma_g2 - curve_element>, - // delta_g2 - curve_element>, - // delta_g1 - curve_element>, - // gamma_g1 - curve_element>, - // gamma_ABC_g1 - accumulation_vector< - TTypeBase, - container::accumulation_vector>>>>; - - template - r1cs_gg_ppzksnark_extended_verification_key, VerificationKey> - fill_r1cs_gg_ppzksnark_verification_key( - const VerificationKey &r1cs_gg_ppzksnark_verification_key_inp) { - - using TTypeBase = nil::marshalling::field_type; - using field_gt_element_type = - field_element; - using curve_g1_element_type = - curve_element>; - using curve_g2_element_type = - curve_element>; - using accumulation_vector_type = accumulation_vector< - TTypeBase, - container::accumulation_vector>>; - - field_gt_element_type filled_alpha_g1_beta_g2( - r1cs_gg_ppzksnark_verification_key_inp.alpha_g1_beta_g2); - - curve_g2_element_type filled_gamma_g2 = - curve_g2_element_type(r1cs_gg_ppzksnark_verification_key_inp.gamma_g2); - - curve_g2_element_type filled_delta_g2 = - curve_g2_element_type(r1cs_gg_ppzksnark_verification_key_inp.delta_g2); - - curve_g1_element_type filled_delta_g1 = - curve_g1_element_type(r1cs_gg_ppzksnark_verification_key_inp.delta_g1); - - accumulation_vector_type filled_gamma_ABC_g1 = fill_accumulation_vector< - container::accumulation_vector>, - Endianness>(r1cs_gg_ppzksnark_verification_key_inp.gamma_ABC_g1); - - curve_g1_element_type filled_gamma_g1 = - curve_g1_element_type(r1cs_gg_ppzksnark_verification_key_inp.gamma_g1); - - return r1cs_gg_ppzksnark_extended_verification_key, - VerificationKey>( - std::make_tuple(filled_alpha_g1_beta_g2, - filled_gamma_g2, - filled_delta_g2, - filled_delta_g1, - filled_gamma_g1, - filled_gamma_ABC_g1)); - } - - template - VerificationKey make_r1cs_gg_ppzksnark_verification_key( - const r1cs_gg_ppzksnark_extended_verification_key, - VerificationKey> - &filled_r1cs_gg_ppzksnark_extended_verification_key) { - - return VerificationKey( - std::move(std::get<0>(filled_r1cs_gg_ppzksnark_extended_verification_key.value()).value()), - std::move(std::get<1>(filled_r1cs_gg_ppzksnark_extended_verification_key.value()).value()), - std::move(std::get<2>(filled_r1cs_gg_ppzksnark_extended_verification_key.value()).value()), - std::move(std::get<3>(filled_r1cs_gg_ppzksnark_extended_verification_key.value()).value()), - std::move( - make_accumulation_vector>, - Endianness>( - std::get<5>(filled_r1cs_gg_ppzksnark_extended_verification_key.value()))), - std::move(std::get<4>(filled_r1cs_gg_ppzksnark_extended_verification_key.value()).value())); - } - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_VERIFICATION_KEY_HPP diff --git a/crypto3/libs/marshalling/zk/test/accumulation_vector.cpp b/crypto3/libs/marshalling/zk/test/accumulation_vector.cpp index 3daf4b9840..de88322a9b 100644 --- a/crypto3/libs/marshalling/zk/test/accumulation_vector.cpp +++ b/crypto3/libs/marshalling/zk/test/accumulation_vector.cpp @@ -41,7 +41,6 @@ #include #include -#include #include #include @@ -56,17 +55,6 @@ void print_byteblob(TIter iter_begin, TIter iter_end) { } } -template -void print_fp_curve_group_element(FpCurveGroupElement e) { - std::cout << e.X.data << " " << e.Y.data << " " << e.Z.data << std::endl; -} - -template -void print_fp2_curve_group_element(Fp2CurveGroupElement e) { - std::cout << "(" << e.X.data[0].data << " " << e.X.data[1].data << ") (" << e.Y.data[0].data << " " - << e.Y.data[1].data << ") (" << e.Z.data[0].data << " " << e.Z.data[1].data << ")" << std::endl; -} - template void test_accumulation_vector(nil::crypto3::container::accumulation_vector val) { diff --git a/crypto3/libs/marshalling/zk/test/detail/sha256_component.hpp b/crypto3/libs/marshalling/zk/test/detail/sha256_component.hpp deleted file mode 100644 index 02ca82b427..0000000000 --- a/crypto3/libs/marshalling/zk/test/detail/sha256_component.hpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2020 Mikhail Komarov -// Copyright (c) 2020 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_SHA256_COMPONENT_TEST_HPP -#define CRYPTO3_MARSHALLING_SHA256_COMPONENT_TEST_HPP - -#include -#include - -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk::snark; - -template -components::blueprint sha2_two_to_one_bp() { - components::blueprint bp; - - components::digest_variable left(bp, hashes::sha2<256>::digest_bits); - components::digest_variable right(bp, hashes::sha2<256>::digest_bits); - components::digest_variable output(bp, hashes::sha2<256>::digest_bits); - - components::sha256_two_to_one_hash_component f(bp, left, right, output); - - f.generate_r1cs_constraints(); - std::cout << "Number of constraints for sha256_two_to_one_hash_component: " << bp.num_constraints() << std::endl; - - std::array array_a_intermediate; - std::array array_b_intermediate; - std::array array_c_intermediate; - - std::array array_a = {0x426bc2d8, 0x4dc86782, 0x81e8957a, 0x409ec148, - 0xe6cffbe8, 0xafe6ba4f, 0x9c6f1978, 0xdd7af7e9}; - std::array array_b = {0x038cce42, 0xabd366b8, 0x3ede7e00, 0x9130de53, - 0x72cdf73d, 0xee825114, 0x8cb48d1b, 0x9af68ad0}; - std::array array_c = {0xeffd0b7f, 0x1ccba116, 0x2ee816f7, 0x31c62b48, - 0x59305141, 0x990e5c0a, 0xce40d33d, 0x0b1167d1}; - - std::vector left_bv(hashes::sha2<256>::digest_bits), right_bv(hashes::sha2<256>::digest_bits), - hash_bv(hashes::sha2<256>::digest_bits); - - detail::pack( - array_a.begin(), array_a.end(), array_a_intermediate.begin()); - - detail::pack( - array_b.begin(), array_b.end(), array_b_intermediate.begin()); - - detail::pack( - array_c.begin(), array_c.end(), array_c_intermediate.begin()); - - detail::pack_to(array_a_intermediate, left_bv.begin()); - - detail::pack_to(array_b_intermediate, right_bv.begin()); - - detail::pack_to(array_c_intermediate, hash_bv.begin()); - - left.generate_r1cs_witness(left_bv); - - right.generate_r1cs_witness(right_bv); - - f.generate_r1cs_witness(); - output.generate_r1cs_witness(hash_bv); - - assert(bp.is_satisfied()); - - return bp; -} - -#endif // CRYPTO3_MARSHALLING_SHA256_COMPONENT_TEST_HPP \ No newline at end of file diff --git a/crypto3/libs/marshalling/zk/test/sparse_vector.cpp b/crypto3/libs/marshalling/zk/test/sparse_vector.cpp index 29ad1dd1f0..68d19600a6 100644 --- a/crypto3/libs/marshalling/zk/test/sparse_vector.cpp +++ b/crypto3/libs/marshalling/zk/test/sparse_vector.cpp @@ -41,7 +41,6 @@ #include #include -#include #include #include @@ -55,17 +54,6 @@ void print_byteblob(TIter iter_begin, TIter iter_end) { } } -template -void print_fp_curve_group_element(FpCurveGroupElement e) { - std::cout << e.X.data << " " << e.Y.data << " " << e.Z.data << std::endl; -} - -template -void print_fp2_curve_group_element(Fp2CurveGroupElement e) { - std::cout << "(" << e.X.data[0].data << " " << e.X.data[1].data << ") (" << e.Y.data[0].data << " " - << e.Y.data[1].data << ") (" << e.Z.data[0].data << " " << e.Z.data[1].data << ")" << std::endl; -} - template void test_sparse_vector(nil::crypto3::container::sparse_vector val) { diff --git a/crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/wnaf.hpp b/crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/wnaf.hpp index 68d14136ac..f8b8b4f56a 100644 --- a/crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/wnaf.hpp +++ b/crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/wnaf.hpp @@ -14,6 +14,7 @@ namespace boost { namespace multiprecision { + /* Vector version */ template std::vector eval_find_wnaf(const size_t window_size, const Backend& scalar) { using ui_type = typename std::tuple_element<0, typename Backend::unsigned_types>::type; @@ -22,7 +23,7 @@ namespace boost { using default_ops::eval_right_shift; using default_ops::eval_subtract; - const std::size_t length = scalar.size() * std::numeric_limits::digits; // upper bound + const std::size_t length = Backend::internal_limb_count * std::numeric_limits::digits; // upper bound std::vector res(length + 1); Backend c(scalar); @@ -58,6 +59,7 @@ namespace boost { return eval_find_wnaf(window_size, scalar.backend()); } + /* Array version */ template constexpr auto eval_find_wnaf_a(const size_t window_size, const Backend& scalar) { using ui_type = typename std::tuple_element<0, typename Backend::unsigned_types>::type; diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/fold_polynomial.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/fold_polynomial.hpp index 8e5a9e3319..22aa9d3fcd 100644 --- a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/fold_polynomial.hpp +++ b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/fold_polynomial.hpp @@ -85,7 +85,9 @@ namespace nil { typename FieldType::value_type acc = alpha; for (std::size_t i = 0; i <= f_folded.degree(); i++) { - f_folded[i] = two_inversed * ((1u + acc) * f[i] + (1u - acc) * f[domain->size() / 2 + i]); + f_folded[i] = two_inversed * ( + (typename FieldType::value_type(1u) + acc) * f[i] + + (typename FieldType::value_type(1u) - acc) * f[domain->size() / 2 + i]); acc *= omega_inversed; } diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/crs_operations.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/crs_operations.hpp deleted file mode 100644 index 49b314b99e..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/crs_operations.hpp +++ /dev/null @@ -1,135 +0,0 @@ -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_CRS_OPERATIONS_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_CRS_OPERATIONS_HPP - -#include - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - namespace detail { - template - typename snark::r1cs_gg_ppzksnark::keypair_type - make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau( - const typename snark::r1cs_gg_ppzksnark::constraint_system_type - &constraint_system, - const powers_of_tau_result &powers_of_tau_result) { - using curve_type = CurveType; - using scalar_field_type = typename curve_type::scalar_field_type; - using g1_type = typename curve_type::template g1_type<>; - using g2_type = typename curve_type::template g2_type<>; - using kc_type = commitments::knowledge_commitment; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using kc_value_type = typename kc_type::value_type; - - using namespace nil::crypto3::zk::snark; - - using proving_scheme_type = r1cs_gg_ppzksnark; - - typename proving_scheme_type::constraint_system_type r1cs_copy(constraint_system); - r1cs_copy.swap_AB_if_beneficial(); - - qap_instance qap = - reductions::r1cs_to_qap::instance_map(r1cs_copy); - - BOOST_ASSERT_MSG(powers_of_tau_result.coeffs_g1.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.coeffs_g2.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.alpha_coeffs_g1.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.beta_coeffs_g1.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.h.size() == qap.domain->m - 1, - "powers_of_tau_result size does not match the constraint system"); - - std::vector beta_a_alpha_b_c(qap.num_variables + 1, g1_value_type::zero()); - std::vector a_g1(qap.num_variables + 1, g1_value_type::zero()); - std::vector b_kc(qap.num_variables + 1, kc_value_type::zero()); - - for (std::size_t i = 0; i < qap.num_variables + 1; ++i) { - for (auto [lag, coeff]: qap.A_in_Lagrange_basis[i]) { - a_g1[i] = a_g1[i] + coeff * powers_of_tau_result.coeffs_g1[lag]; - beta_a_alpha_b_c[i] = - beta_a_alpha_b_c[i] + coeff * powers_of_tau_result.beta_coeffs_g1[lag]; - } - for (auto [lag, coeff]: qap.B_in_Lagrange_basis[i]) { - b_kc[i] = b_kc[i] + coeff * kc_value_type(powers_of_tau_result.coeffs_g2[lag], - powers_of_tau_result.coeffs_g1[lag]); - beta_a_alpha_b_c[i] = - beta_a_alpha_b_c[i] + coeff * powers_of_tau_result.alpha_coeffs_g1[lag]; - } - for (auto [lag, coeff]: qap.C_in_Lagrange_basis[i]) { - beta_a_alpha_b_c[i] = beta_a_alpha_b_c[i] + coeff * powers_of_tau_result.coeffs_g1[lag]; - } - } - - auto alpha_g1 = powers_of_tau_result.alpha_g1; - auto beta_g1 = powers_of_tau_result.beta_g1; - auto beta_g2 = powers_of_tau_result.beta_g2; - - auto alpha_g1_beta_g2 = algebra::pair_reduced(alpha_g1, beta_g2); - auto gamma_g2 = g2_value_type::one(); - auto delta_g1 = g1_value_type::one(); - auto delta_g2 = g2_value_type::one(); - auto gamma_ABC_g1_0 = beta_a_alpha_b_c[0]; - std::vector gamma_ABC_g1_values(beta_a_alpha_b_c.begin() + 1, - beta_a_alpha_b_c.begin() + 1 + qap.num_inputs); - container::accumulation_vector gamma_ABC(std::move(gamma_ABC_g1_0), - std::move(gamma_ABC_g1_values)); - typename proving_scheme_type::verification_key_type vk( - alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_ABC); - - commitments::knowledge_commitment_vector B_query(std::move(b_kc)); - std::vector H_query(powers_of_tau_result.h.begin(), - powers_of_tau_result.h.begin() + qap.degree - 1); - std::size_t Lt_offset = qap.num_inputs + 1; - std::vector L_query(beta_a_alpha_b_c.begin() + Lt_offset, - beta_a_alpha_b_c.end()); - typename proving_scheme_type::proving_key_type pk(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(a_g1), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - typename proving_scheme_type::keypair_type keypair{std::move(pk), std::move(vk)}; - - return keypair; - } - - template - void transform_keypair(typename snark::r1cs_gg_ppzksnark::keypair_type &keypair, - const r1cs_gg_ppzksnark_mpc_private_key &private_key) { - auto delta_inv = private_key.delta.inversed(); - for (auto &g: keypair.first.H_query) { - g = g * delta_inv; - } - - for (auto &g: keypair.first.L_query) { - g = g * delta_inv; - } - - keypair.first.delta_g1 = private_key.delta * keypair.first.delta_g1; - keypair.first.delta_g2 = private_key.delta * keypair.first.delta_g2; - keypair.second.delta_g2 = private_key.delta * keypair.second.delta_g2; - } - } // namespace detail - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_CRS_OPERATIONS_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/private_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/private_key.hpp deleted file mode 100644 index 2c6ba7bac6..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/private_key.hpp +++ /dev/null @@ -1,47 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2022 Noam Y <@NoamDev> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PRIVATE_KEY_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PRIVATE_KEY_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - namespace detail { - template - // Contains the secret 𝛿 that the participant of the ceremony must destroy. - struct r1cs_gg_ppzksnark_mpc_private_key { - typedef CurveType curve_type; - using field_value_type = typename CurveType::scalar_field_type::value_type; - - field_value_type delta; - }; - } // namespace detail - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PRIVATE_KEY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/public_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/public_key.hpp deleted file mode 100644 index 92b8aa4359..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/public_key.hpp +++ /dev/null @@ -1,54 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2022 Noam Y <@NoamDev> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - namespace detail { - template - struct r1cs_gg_ppzksnark_mpc_public_key { - typedef CurveType curve_type; - typedef commitments::detail::element_pok pok_type; - typedef typename curve_type::template g1_type<>::value_type g1_value_type; - - g1_value_type delta_after; - pok_type delta_pok; - - r1cs_gg_ppzksnark_mpc_public_key(g1_value_type delta_after, pok_type delta_pok) : - delta_after(delta_after), delta_pok(delta_pok) { - } - }; - } // namespace detail - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp index eaa24611a1..db8a66b6dc 100644 --- a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp +++ b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp @@ -44,8 +44,6 @@ #include #include #include -#include -#include #include #include @@ -212,13 +210,16 @@ namespace nil { auto B_2 = algebra::precompute_g2( CommitmentSchemeType::curve_type::template g2_type<>::value_type::one()); - typename CommitmentSchemeType::gt_value_type gt3 = algebra::double_miller_loop( - A_1, A_2, - B_1, B_2); - typename CommitmentSchemeType::gt_value_type gt_4 = algebra::final_exponentiation( - gt3); + typename CommitmentSchemeType::gt_value_type gt3 = + algebra::double_miller_loop( A_1, A_2, B_1, B_2); + std::optional gt_4 = + algebra::final_exponentiation(gt3); - return gt_4 == CommitmentSchemeType::gt_value_type::one(); + if (!gt_4) { + return false; + } + + return *gt_4 == CommitmentSchemeType::gt_value_type::one(); } } // namespace algorithms @@ -251,7 +252,6 @@ namespace nil { using batch_of_polynomials_type = std::vector; using evals_type = std::vector>; using transcript_type = transcript::fiat_shamir_heuristic_sequential; - using serializer = typename nil::marshalling::curve_element_serializer; using multi_commitment_type = std::vector; using commitment_type = std::vector; // Used in placeholder because it's easy to push it into transcript @@ -618,18 +618,23 @@ namespace nil { if (public_key.commits.size() == 1) { assert(right == CommitmentSchemeType::verification_key_type::one()); } - left_side_pairing = - left_side_pairing * - algebra::pair_reduced(left, right); + + auto left_right = algebra::pair_reduced(left, right); + if (!left_right) { + return false; + } + left_side_pairing = left_side_pairing * (*left_right); factor = factor * gamma; } - auto right = commit_g2(params, create_polynom_by_zeros( - public_key.T)); - auto right_side_pairing = algebra::pair_reduced(proof, - right); + auto right = commit_g2(params, create_polynom_by_zeros( public_key.T)); + auto right_side_pairing = algebra::pair_reduced(proof, right); - return left_side_pairing == right_side_pairing; + if (!right_side_pairing) { + return false; + } + + return left_side_pairing == *right_side_pairing; } } // namespace algorithms @@ -838,18 +843,19 @@ namespace nil { typename curve_type::template g1_type<>::value_type i_th_commitment = nil::marshalling::pack(byteblob, status); THROW_IF_ERROR_STATUS(status, "kzg::verify_eval"); - auto U_commit = nil::crypto3::zk::algorithms::commit_one(_params, - this->get_U( - k, - i)); + auto U_commit = nil::crypto3::zk::algorithms::commit_one + (_params, this->get_U(k, i)); auto diffpoly = set_difference_polynom(_merged_points, this->_points.at(k)[i]); auto diffpoly_commitment = commit_g2(diffpoly); - auto left_side_pairing = nil::crypto3::algebra::pair_reduced( - factor * (i_th_commitment - U_commit), diffpoly_commitment); + auto left_side_pairing = nil::crypto3::algebra::pair_reduced + (factor * (i_th_commitment - U_commit), diffpoly_commitment); + if (!left_side_pairing) { + return false; + } - left_side_accum = left_side_accum * left_side_pairing; + left_side_accum = left_side_accum * (*left_side_pairing); factor *= gamma; } } @@ -859,7 +865,11 @@ namespace nil { commit_g2(this->get_V(this->_merged_points)) ); - return left_side_accum == right_side_pairing; + if (!right_side_pairing) { + return false; + } + + return left_side_accum == *right_side_pairing; } const params_type &get_commitment_params() const { diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp index 9888a462ba..ea86534852 100644 --- a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp +++ b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp @@ -44,8 +44,6 @@ #include #include #include -#include -#include #include #include diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/r1cs_gg_ppzksnark_mpc.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/r1cs_gg_ppzksnark_mpc.hpp deleted file mode 100644 index ae704b2458..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/commitments/polynomial/r1cs_gg_ppzksnark_mpc.hpp +++ /dev/null @@ -1,244 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2022 Mikhail Komarov -// Copyright (c) 2022 Noam Yemini -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_HPP - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - template - class r1cs_gg_ppzksnark_mpc { - public: - typedef CurveType curve_type; - typedef snark::r1cs_gg_ppzksnark proving_scheme_type; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using kc_type = knowledge_commitment; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using kc_value_type = typename kc_type::value_type; - using scalar_field_type = typename curve_type::scalar_field_type; - using field_value_type = typename scalar_field_type::value_type; - - typedef detail::r1cs_gg_ppzksnark_mpc_private_key private_key_type; - typedef detail::r1cs_gg_ppzksnark_mpc_public_key public_key_type; - typedef typename proving_scheme_type::keypair_type proving_scheme_keypair_type; - typedef typename proving_scheme_type::constraint_system_type constraint_system_type; - typedef proof_of_knowledge proof_of_knowledge_scheme_type; - - // The result of this function is considered toxic wast - // and should thus be destroyed - static private_key_type generate_private_key() { - typename scalar_field_type::value_type delta = algebra::random_element(); - return private_key_type{std::move(delta)}; - } - - static public_key_type proof_eval(const private_key_type &private_key, - const boost::optional &previous_public_key, - const proving_scheme_keypair_type &mpc_keypair) { - std::vector transcript = - compute_transcript(mpc_keypair.first.constraint_system, previous_public_key); - auto delta_pok = proof_of_knowledge_scheme_type::proof_eval(private_key.delta, transcript, 0); - g1_value_type delta_after = - private_key.delta * - (previous_public_key ? previous_public_key->delta_after : g1_value_type::one()); - return public_key_type{std::move(delta_after), std::move(delta_pok)}; - } - - static bool verify_eval(const proving_scheme_keypair_type &mpc_keypair, - const std::vector &pubkeys, - const constraint_system_type &constraint_system, - const detail::powers_of_tau_result &powers_of_tau_result) { - auto initial_keypair = detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau( - constraint_system, powers_of_tau_result); - - // H/L will change, but should have same length - if (initial_keypair.first.H_query.size() != mpc_keypair.first.H_query.size()) { - return false; - } - if (initial_keypair.first.L_query.size() != mpc_keypair.first.L_query.size()) { - return false; - } - - // alpha/beta do not change - if (initial_keypair.first.alpha_g1 != mpc_keypair.first.alpha_g1) { - return false; - } - if (initial_keypair.first.beta_g1 != mpc_keypair.first.beta_g1) { - return false; - } - if (initial_keypair.first.beta_g2 != mpc_keypair.first.beta_g2) { - return false; - } - - // A/B do not change - if (initial_keypair.first.A_query != mpc_keypair.first.A_query) { - return false; - } - if (!(initial_keypair.first.B_query == mpc_keypair.first.B_query)) { - return false; - } - - // the constraint system doesn't change - if (!(initial_keypair.first.constraint_system == mpc_keypair.first.constraint_system)) { - return false; - } - - // alpha_beta/gamma do not change - if (initial_keypair.second.alpha_g1_beta_g2 != mpc_keypair.second.alpha_g1_beta_g2) { - return false; - } - if (initial_keypair.second.gamma_g2 != mpc_keypair.second.gamma_g2) { - return false; - } - - // gamma_ABC_g1 doesn't change - if (!(initial_keypair.second.gamma_ABC_g1 == mpc_keypair.second.gamma_ABC_g1)) { - return false; - } - - auto transcript = compute_transcript(mpc_keypair.first.constraint_system, boost::none); - auto current_delta = g1_value_type::one(); - for (auto pk: pubkeys) { - auto g2_s = proof_of_knowledge_scheme_type::compute_g2_s( - pk.delta_pok.g1_s, pk.delta_pok.g1_s_x, transcript, 0); - - if (!proof_of_knowledge_scheme_type::verify_eval(pk.delta_pok, g2_s)) { - return false; - } - - if (!is_same_ratio(std::make_pair(current_delta, pk.delta_after), - std::make_pair(g2_s, pk.delta_pok.g2_s_x))) { - return false; - } - - current_delta = pk.delta_after; - transcript = compute_transcript(mpc_keypair.first.constraint_system, pk); - } - - if (current_delta != mpc_keypair.first.delta_g1) { - return false; - } - - if (!is_same_ratio(std::make_pair(g1_value_type::one(), current_delta), - std::make_pair(g2_value_type::one(), mpc_keypair.first.delta_g2))) { - return false; - } - - if (mpc_keypair.first.delta_g2 != mpc_keypair.second.delta_g2) { - return false; - } - - if (!is_same_ratio( - detail::merge_pairs(initial_keypair.first.H_query.cbegin(), - initial_keypair.first.H_query.cend(), - mpc_keypair.first.H_query.cbegin(), - mpc_keypair.first.H_query.cend()), - std::make_pair(mpc_keypair.first.delta_g2, g2_value_type::one()))) { - return false; - } - - if (!is_same_ratio( - detail::merge_pairs(initial_keypair.first.L_query.cbegin(), - initial_keypair.first.L_query.cend(), - mpc_keypair.first.L_query.cbegin(), - mpc_keypair.first.L_query.cend()), - std::make_pair(mpc_keypair.first.delta_g2, g2_value_type::one()))) { - return false; - } - - return true; - } - - static bool is_same_ratio(const std::pair &g1_pair, - const std::pair &g2_pair) { - - return algebra::pair_reduced(g1_pair.first, g2_pair.second) == - algebra::pair_reduced(g1_pair.second, g2_pair.first); - } - - static std::vector - compute_transcript(const constraint_system_type &constraint_system, - const boost::optional &pubkey) { - std::vector cs_blob = serialize_constraint_system(constraint_system); - std::vector cs_pk_blob; - std::copy(std::cbegin(cs_blob), std::cend(cs_blob), std::back_inserter(cs_pk_blob)); - if (pubkey) { - std::vector pk_blob = serialize_public_key(*pubkey); - std::copy(std::cbegin(pk_blob), std::cend(pk_blob), std::back_inserter(cs_pk_blob)); - } - return nil::crypto3::hash>(cs_pk_blob); - } - - static std::vector serialize_public_key(const public_key_type &pubkey) { - using endianness = nil::marshalling::option::little_endian; - auto filled_val = - nil::crypto3::marshalling::types::fill_r1cs_gg_ppzksnark_mpc_public_key(pubkey); - std::vector blob(filled_val.length()); - auto it = std::begin(blob); - nil::marshalling::status_type status = filled_val.write(it, blob.size()); - THROW_IF_ERROR_STATUS(status, "r1cs_gg_ppzksnark_mpc::serialize_public_key"); - return blob; - } - - static std::vector - serialize_constraint_system(const constraint_system_type &constraint_system) { - using endianness = nil::marshalling::option::little_endian; - auto filled_val = - nil::crypto3::marshalling::types::fill_r1cs_constraint_system( - constraint_system); - std::vector blob(filled_val.length()); - auto it = std::begin(blob); - nil::marshalling::status_type status = filled_val.write(it, blob.size()); - THROW_IF_ERROR_STATUS(status, "r1cs_gg_ppzksnark_mpc::serialize_constraint_system"); - return blob; - } - }; - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/arithmetization/constraint_satisfaction_problems/r1cs.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/arithmetization/constraint_satisfaction_problems/r1cs.hpp deleted file mode 100644 index 464d213f92..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/arithmetization/constraint_satisfaction_problems/r1cs.hpp +++ /dev/null @@ -1,232 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for: -// -// - a R1CS constraint, -// - a R1CS variable assignment, and -// - a R1CS constraint system. -// -// Above, R1CS stands for "Rank-1 Constraint System". -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_CONSTRAINT_SYSTEM_HPP -#define CRYPTO3_ZK_R1CS_CONSTRAINT_SYSTEM_HPP - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /************************* R1CS constraint ***********************************/ - - /** - * A R1CS constraint is a formal expression of the form - * - * < A , X > * < B , X > = < C , X > , - * - * where X = (x_0,x_1,...,x_m) is a vector of formal variables and A,B,C each - * consist of 1+m elements in . - * - * A R1CS constraint is used to construct a R1CS constraint system (see below). - */ - template> - struct r1cs_constraint { - typedef FieldType field_type; - - math::linear_combination a, b, c; - - r1cs_constraint() = default; - - r1cs_constraint(const math::linear_combination &a, - const math::linear_combination &b, - const math::linear_combination &c) : - a(a), - b(b), c(c) { - } - - r1cs_constraint(const std::initializer_list> &A, - const std::initializer_list> &B, - const std::initializer_list> &C) { - for (auto lc_A : A) { - a.terms.insert(a.terms.end(), lc_A.terms.begin(), lc_A.terms.end()); - } - for (auto lc_B : B) { - b.terms.insert(b.terms.end(), lc_B.terms.begin(), lc_B.terms.end()); - } - for (auto lc_C : C) { - c.terms.insert(c.terms.end(), lc_C.terms.begin(), lc_C.terms.end()); - } - } - - bool operator==(const r1cs_constraint &other) const { - return (this->a == other.a && this->b == other.b && this->c == other.c); - } - }; - - /************************* R1CS variable assignment **************************/ - - /** - * A R1CS variable assignment is a vector of elements that represents - * a candidate solution to a R1CS constraint system (see below). - */ - - /* TODO: specify that it does *NOT* include the constant 1 */ - template - using r1cs_primary_input = std::vector; - - template - using r1cs_auxiliary_input = std::vector; - - template - using r1cs_variable_assignment = std::vector; - - /************************* R1CS constraint system ****************************/ - - /** - * A system of R1CS constraints looks like - * - * { < A_k , X > * < B_k , X > = < C_k , X > }_{k=1}^{n} . - * - * In other words, the system is satisfied if and only if there exist a - * USCS variable assignment for which each R1CS constraint is satisfied. - * - * NOTE: - * The 0-th variable (i.e., "x_{0}") always represents the constant 1. - * Thus, the 0-th variable is not included in num_variables. - */ - template - struct r1cs_constraint_system { - typedef FieldType field_type; - - std::size_t primary_input_size; - std::size_t auxiliary_input_size; - - std::vector> constraints; - - r1cs_constraint_system() : primary_input_size(0), auxiliary_input_size(0) { - } - - std::size_t num_inputs() const { - return primary_input_size; - } - - std::size_t num_variables() const { - return primary_input_size + auxiliary_input_size; - } - - std::size_t num_constraints() const { - return constraints.size(); - } - - bool is_valid() const { - if (this->num_inputs() > this->num_variables()) - return false; - - for (std::size_t c = 0; c < constraints.size(); ++c) { - if (!(constraints[c].a.is_valid(this->num_variables()) && - constraints[c].b.is_valid(this->num_variables()) && - constraints[c].c.is_valid(this->num_variables()))) { - return false; - } - } - - return true; - } - - bool is_satisfied(const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input) const { - assert(primary_input.size() == num_inputs()); - assert(primary_input.size() + auxiliary_input.size() == num_variables()); - - r1cs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert( - full_variable_assignment.end(), auxiliary_input.begin(), auxiliary_input.end()); - - for (std::size_t c = 0; c < constraints.size(); ++c) { - const typename FieldType::value_type ares = - constraints[c].a.evaluate(full_variable_assignment); - const typename FieldType::value_type bres = - constraints[c].b.evaluate(full_variable_assignment); - const typename FieldType::value_type cres = - constraints[c].c.evaluate(full_variable_assignment); - - if (ares * bres != cres) { - return false; - } - } - - return true; - } - - void add_constraint(const r1cs_constraint &c) { - constraints.emplace_back(c); - } - - void swap_AB_if_beneficial() { - std::vector touched_by_A(this->num_variables() + 1, false), - touched_by_B(this->num_variables() + 1, false); - - for (std::size_t i = 0; i < this->constraints.size(); ++i) { - for (std::size_t j = 0; j < this->constraints[i].a.terms.size(); ++j) { - touched_by_A[this->constraints[i].a.terms[j].index] = true; - } - - for (std::size_t j = 0; j < this->constraints[i].b.terms.size(); ++j) { - touched_by_B[this->constraints[i].b.terms[j].index] = true; - } - } - - std::size_t non_zero_A_count = 0, non_zero_B_count = 0; - for (std::size_t i = 0; i < this->num_variables() + 1; ++i) { - non_zero_A_count += touched_by_A[i] ? 1 : 0; - non_zero_B_count += touched_by_B[i] ? 1 : 0; - } - - if (non_zero_B_count > non_zero_A_count) { - for (std::size_t i = 0; i < this->constraints.size(); ++i) { - std::swap(this->constraints[i].a, this->constraints[i].b); - } - } - } - - bool operator==(const r1cs_constraint_system &other) const { - return (this->constraints == other.constraints && - this->primary_input_size == other.primary_input_size && - this->auxiliary_input_size == other.auxiliary_input_size); - } - }; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_CONSTRAINT_SYSTEM_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/bacs_to_r1cs.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/bacs_to_r1cs.hpp deleted file mode 100644 index d8e995132f..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/bacs_to_r1cs.hpp +++ /dev/null @@ -1,91 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a BACS-to-R1CS reduction, that is, constructing -// a R1CS ("Rank-1 Constraint System") from a BACS ("Bilinear Arithmetic Circuit Satisfiability"). -// -// The reduction is straightforward: each bilinear gate gives rises to a -// corresponding R1CS constraint that enforces correct computation of the gate; -// also, each output gives rise to a corresponding R1CS constraint that enforces -// that the output is zero. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_TO_R1CS_BASIC_POLICY_HPP -#define CRYPTO3_ZK_BACS_TO_R1CS_BASIC_POLICY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - - template - struct bacs_to_r1cs { - typedef FieldType field_type; - - /** - * Instance map for the BACS-to-R1CS reduction. - */ - static r1cs_constraint_system instance_map(const bacs_circuit &circuit) { - assert(circuit.is_valid()); - r1cs_constraint_system result; - - result.primary_input_size = circuit.primary_input_size; - result.auxiliary_input_size = circuit.auxiliary_input_size + circuit.gates.size(); - - for (auto &g : circuit.gates) { - result.constraints.emplace_back(r1cs_constraint(g.lhs, g.rhs, g.output)); - } - - for (auto &g : circuit.gates) { - if (g.is_circuit_output) { - result.constraints.emplace_back(r1cs_constraint(1, g.output, 0)); - } - } - - return result; - } - - /** - * Witness map for the BACS-to-R1CS reduction. - */ - static r1cs_variable_assignment - witness_map(const bacs_circuit &circuit, - const bacs_primary_input &primary_input, - const bacs_auxiliary_input &auxiliary_input) { - const r1cs_variable_assignment result = - circuit.get_all_wires(primary_input, auxiliary_input); - return result; - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_TO_R1CS_BASIC_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_qap.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_qap.hpp deleted file mode 100644 index 1ac5dec1a4..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_qap.hpp +++ /dev/null @@ -1,333 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a R1CS-to-QAP reduction, that is, constructing -// a QAP ("Quadratic Arithmetic Program") from a R1CS ("Rank-1 Constraint System"). -// -// QAPs are defined in \[GGPR13], and constructed for R1CS also in \[GGPR13]. -// -// The implementation of the reduction follows, extends, and optimizes -// the efficient approach described in Appendix E of \[BCGTV13]. -// -// References: -// -// \[BCGTV13] -// "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge", -// Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, Madars Virza, -// CRYPTO 2013, -// -// -// \[GGPR13]: -// "Quadratic span programs and succinct NIZKs without PCPs", -// Rosario Gennaro, Craig Gentry, Bryan Parno, Mariana Raykova, -// EUROCRYPT 2013, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP -#define CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP - -#include -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - struct r1cs_to_qap { - typedef FieldType field_type; - - /** - * Instance map for the R1CS-to-QAP reduction. - * - * Namely, given a R1CS constraint system cs, construct a QAP instance for which: - * A := (A_0(z),A_1(z),...,A_m(z)) - * B := (B_0(z),B_1(z),...,B_m(z)) - * C := (C_0(z),C_1(z),...,C_m(z)) - * where - * m = number of variables of the QAP - * and - * each A_i,B_i,C_i is expressed in the Lagrange basis. - */ - static qap_instance instance_map(const r1cs_constraint_system &cs) { - - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints() + cs.num_inputs() + 1); - - std::vector> A_in_Lagrange_basis( - cs.num_variables() + 1); - std::vector> B_in_Lagrange_basis( - cs.num_variables() + 1); - std::vector> C_in_Lagrange_basis( - cs.num_variables() + 1); - - /** - * add and process the constraints - * input_i * 0 = 0 - * to ensure soundness of input consistency - */ - for (std::size_t i = 0; i <= cs.num_inputs(); ++i) { - A_in_Lagrange_basis[i][cs.num_constraints() + i] = FieldType::value_type::one(); - } - /* process all other constraints */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - A_in_Lagrange_basis[cs.constraints[i].a.terms[j].index][i] += - cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - B_in_Lagrange_basis[cs.constraints[i].b.terms[j].index][i] += - cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - C_in_Lagrange_basis[cs.constraints[i].c.terms[j].index][i] += - cs.constraints[i].c.terms[j].coeff; - } - } - - return qap_instance( - domain, cs.num_variables(), domain->m, cs.num_inputs(), std::move(A_in_Lagrange_basis), - std::move(B_in_Lagrange_basis), std::move(C_in_Lagrange_basis)); - } - - /** - * Instance map for the R1CS-to-QAP reduction followed by evaluation of the resulting QAP - * instance. - * - * Namely, given a R1CS constraint system cs and a field element t, construct - * a QAP instance (evaluated at t) for which: - * At := (A_0(t),A_1(t),...,A_m(t)) - * Bt := (B_0(t),B_1(t),...,B_m(t)) - * Ct := (C_0(t),C_1(t),...,C_m(t)) - * Ht := (1,t,t^2,...,t^n) - * Zt := Z(t) = "vanishing polynomial of a certain set S, evaluated at t" - * where - * m = number of variables of the QAP - * n = degree of the QAP - */ - static qap_instance_evaluation - instance_map_with_evaluation(const r1cs_constraint_system &cs, - const typename FieldType::value_type &t) { - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints() + cs.num_inputs() + 1); - - std::vector At, Bt, Ct, Ht; - - At.resize(cs.num_variables() + 1, FieldType::value_type::zero()); - Bt.resize(cs.num_variables() + 1, FieldType::value_type::zero()); - Ct.resize(cs.num_variables() + 1, FieldType::value_type::zero()); - Ht.reserve(domain->m + 1); - - const typename FieldType::value_type Zt = domain->compute_vanishing_polynomial(t); - - const std::vector u = - domain->evaluate_all_lagrange_polynomials(t); - /** - * add and process the constraints - * input_i * 0 = 0 - * to ensure soundness of input consistency - */ - for (std::size_t i = 0; i <= cs.num_inputs(); ++i) { - At[i] = u[cs.num_constraints() + i]; - } - /* process all other constraints */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - At[cs.constraints[i].a.terms[j].index] += u[i] * cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - Bt[cs.constraints[i].b.terms[j].index] += u[i] * cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - Ct[cs.constraints[i].c.terms[j].index] += u[i] * cs.constraints[i].c.terms[j].coeff; - } - } - - typename FieldType::value_type ti = FieldType::value_type::one(); - for (std::size_t i = 0; i < domain->m + 1; ++i) { - Ht.emplace_back(ti); - ti *= t; - } - - return qap_instance_evaluation(domain, cs.num_variables(), domain->m, - cs.num_inputs(), t, std::move(At), std::move(Bt), - std::move(Ct), std::move(Ht), Zt); - } - - /** - * Witness map for the R1CS-to-QAP reduction. - * - * The witness map takes zero knowledge into account when d1,d2,d3 are random. - * - * More precisely, compute the coefficients - * h_0,h_1,...,h_n - * of the polynomial - * H(z) := (A(z)*B(z)-C(z))/Z(z) - * where - * A(z) := A_0(z) + \sum_{k=1}^{m} w_k A_k(z) + d1 * Z(z) - * B(z) := B_0(z) + \sum_{k=1}^{m} w_k B_k(z) + d2 * Z(z) - * C(z) := C_0(z) + \sum_{k=1}^{m} w_k C_k(z) + d3 * Z(z) - * Z(z) := "vanishing polynomial of set S" - * and - * m = number of variables of the QAP - * n = degree of the QAP - * - * This is done as follows: - * (1) compute evaluations of A,B,C on S = {sigma_1,...,sigma_n} - * (2) compute coefficients of A,B,C - * (3) compute evaluations of A,B,C on T = "coset of S" - * (4) compute evaluation of H on T - * (5) compute coefficients of H - * (6) patch H to account for d1,d2,d3 (i.e., add coefficients of the polynomial (A d2 + B d1 - - * d3) + d1*d2*Z ) - * - * The code below is not as simple as the above high-level description due to - * some reshuffling to save space. - */ - static qap_witness - witness_map(const r1cs_constraint_system &cs, - const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input, - const typename FieldType::value_type &d1, - const typename FieldType::value_type &d2, - const typename FieldType::value_type &d3) { - /* sanity check */ - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints() + cs.num_inputs() + 1); - - r1cs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert(full_variable_assignment.end(), auxiliary_input.begin(), - auxiliary_input.end()); - - std::vector aA(domain->m, FieldType::value_type::zero()), - aB(domain->m, FieldType::value_type::zero()); - - /* account for the additional constraints input_i * 0 = 0 */ - for (std::size_t i = 0; i <= cs.num_inputs(); ++i) { - aA[i + cs.num_constraints()] = - (i > 0 ? full_variable_assignment[i - 1] : FieldType::value_type::one()); - } - /* account for all other constraints */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aA[i] += cs.constraints[i].a.evaluate(full_variable_assignment); - aB[i] += cs.constraints[i].b.evaluate(full_variable_assignment); - } - - domain->inverse_fft(aA); - - domain->inverse_fft(aB); - - std::vector coefficients_for_H( - domain->m + 1, FieldType::value_type::zero()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - /* add coefficients of the polynomial (d2*A + d1*B - d3) + d1*d2*Z */ - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] = d2 * aA[i] + d1 * aB[i]; - } - coefficients_for_H[0] -= d3; - domain->add_poly_z(d1 * d2, coefficients_for_H); - - math::multiply_by_coset( - aA, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aA); - - math::multiply_by_coset( - aB, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aB); - - std::vector &H_tmp = aA; - // can overwrite aA because it is not used later -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = aA[i] * aB[i]; - } - std::vector().swap(aB); // destroy aB - - std::vector aC(domain->m, FieldType::value_type::zero()); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aC[i] += cs.constraints[i].c.evaluate(full_variable_assignment); - } - - domain->inverse_fft(aC); - - math::multiply_by_coset( - aC, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aC); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = (H_tmp[i] - aC[i]); - } - - domain->divide_by_z_on_coset(H_tmp); - - domain->inverse_fft(H_tmp); - - multiply_by_coset(H_tmp, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator) - .inversed()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] += H_tmp[i]; - } - - return qap_witness(cs.num_variables(), domain->m, cs.num_inputs(), d1, d2, d3, - full_variable_assignment, std::move(coefficients_for_H)); - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_sap.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_sap.hpp deleted file mode 100644 index d6dcce4518..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_sap.hpp +++ /dev/null @@ -1,480 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a R1CS-to-SAP reduction, that is, constructing -// a SAP ("Square Arithmetic Program") from a R1CS ("Rank-1 Constraint System"). -// -// SAPs are defined and constructed from R1CS in \[GM17]. -// -// The implementation of the reduction follows, extends, and optimizes -// the efficient approach described in Appendix E of \[BCGTV13]. -// -// References: -// -// \[BCGTV13] -// "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge", -// Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, Madars Virza, -// CRYPTO 2013, -// -// -// \[GM17]: -// "Snarky Signatures: Minimal Signatures of Knowledge from -// Simulation-Extractable SNARKs", -// Jens Groth and Mary Maller, -// IACR-CRYPTO-2017, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP -#define CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - class r1cs_to_sap { - typedef FieldType field_type; - - /** - * Helper function to multiply a field element by 4 efficiently - */ - static typename FieldType::value_type times_four(typename FieldType::value_type x) { - typename FieldType::value_type times_two = x + x; - return times_two + times_two; - } - - public: - /** - * Helper function to find evaluation domain that will be used by the reduction - * for a given R1CS instance. - */ - static std::shared_ptr> - get_domain(const r1cs_constraint_system &cs) { - /* - * the SAP instance will have: - * - two constraints for every constraint in the original constraint system - * - two constraints for every public input, except the 0th, which - * contributes just one extra constraint - * see comments in instance_map for details on where these - * constraints come from. - */ - return math::make_evaluation_domain(2 * cs.num_constraints() + - 2 * cs.num_inputs() + 1); - } - - /** - * Instance map for the R1CS-to-SAP reduction. - */ - static sap_instance instance_map(const r1cs_constraint_system &cs) { - const std::shared_ptr> domain = get_domain(cs); - - std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs(); - - std::vector> A_in_Lagrange_basis( - sap_num_variables + 1); - std::vector> C_in_Lagrange_basis( - sap_num_variables + 1); - - /** - * process R1CS constraints, converting a constraint of the form - * \sum a_i x_i * \sum b_i x_i = \sum c_i x_i - * into two constraints - * (\sum (a_i + b_i) x_i)^2 = 4 \sum c_i x_i + x'_i - * (\sum (a_i - b_i) x_i)^2 = x'_i - * where x'_i is an extra variable (a separate one for each original - * constraint) - * - * this adds 2 * cs.num_constraints() constraints - * (numbered 0 .. 2 * cs.num_constraints() - 1) - * and cs.num_constraints() extra variables - * (numbered cs.num_variables() + 1 .. cs.num_variables() + cs.num_constraints()) - */ - std::size_t extra_var_offset = cs.num_variables() + 1; - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - A_in_Lagrange_basis[cs.constraints[i].a.terms[j].index][2 * i] += - cs.constraints[i].a.terms[j].coeff; - A_in_Lagrange_basis[cs.constraints[i].a.terms[j].index][2 * i + 1] += - cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - A_in_Lagrange_basis[cs.constraints[i].b.terms[j].index][2 * i] += - cs.constraints[i].b.terms[j].coeff; - A_in_Lagrange_basis[cs.constraints[i].b.terms[j].index][2 * i + 1] -= - cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - C_in_Lagrange_basis[cs.constraints[i].c.terms[j].index][2 * i] += - times_four(cs.constraints[i].c.terms[j].coeff); - } - - C_in_Lagrange_basis[extra_var_offset + i][2 * i] += FieldType::value_type::one(); - C_in_Lagrange_basis[extra_var_offset + i][2 * i + 1] += FieldType::value_type::one(); - } - - /** - * add and convert the extra constraints - * x_i * 1 = x_i - * to ensure that the polynomials 0 .. cs.num_inputs() are linearly - * independent from each other and the rest, which is required for security - * proofs (see [GM17, p. 29]) - * - * note that i = 0 is a special case, where this constraint is expressible - * as x_0^2 = x_0, - * whereas for every other i we introduce an extra variable x''_i and do - * (x_i + x_0)^2 = 4 x_i + x''_i - * (x_i - x_0)^2 = x''_i - * - * this adds 2 * cs.num_inputs() + 1 extra constraints - * (numbered 2 * cs.num_constraints() .. - * 2 * cs.num_constraints() + 2 * cs.num_inputs()) - * and cs.num_inputs() extra variables - * (numbered cs.num_variables() + cs.num_constraints() + 1 .. - * cs.num_variables() + cs.num_constraints() + cs.num_inputs()) - */ - - std::size_t extra_constr_offset = 2 * cs.num_constraints(); - std::size_t extra_var_offset2 = cs.num_variables() + cs.num_constraints(); - /** - * NB: extra variables start at (extra_var_offset2 + 1), because i starts at - * 1 below - */ - - A_in_Lagrange_basis[0][extra_constr_offset] = FieldType::value_type::one(); - C_in_Lagrange_basis[0][extra_constr_offset] = FieldType::value_type::one(); - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - A_in_Lagrange_basis[i][extra_constr_offset + 2 * i - 1] += FieldType::value_type::one(); - A_in_Lagrange_basis[0][extra_constr_offset + 2 * i - 1] += FieldType::value_type::one(); - C_in_Lagrange_basis[i][extra_constr_offset + 2 * i - 1] += - times_four(FieldType::value_type::one()); - C_in_Lagrange_basis[extra_var_offset2 + i][extra_constr_offset + 2 * i - 1] += - FieldType::value_type::one(); - - A_in_Lagrange_basis[i][extra_constr_offset + 2 * i] += FieldType::value_type::one(); - A_in_Lagrange_basis[0][extra_constr_offset + 2 * i] -= FieldType::value_type::one(); - C_in_Lagrange_basis[extra_var_offset2 + i][2 * cs.num_constraints() + 2 * i] += - FieldType::value_type::one(); - } - - return sap_instance(domain, - sap_num_variables, - domain->m, - cs.num_inputs(), - std::move(A_in_Lagrange_basis), - std::move(C_in_Lagrange_basis)); - } - - /** - * Instance map for the R1CS-to-SAP reduction followed by evaluation - * of the resulting QAP instance. - */ - static sap_instance_evaluation - instance_map_with_evaluation(const r1cs_constraint_system &cs, - const typename FieldType::value_type &t) { - - const std::shared_ptr> domain = get_domain(cs); - - std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs(); - - std::vector At, Ct, Ht; - - At.resize(sap_num_variables + 1, FieldType::value_type::zero()); - Ct.resize(sap_num_variables + 1, FieldType::value_type::zero()); - Ht.reserve(domain->m + 1); - - const typename FieldType::value_type Zt = domain->compute_vanishing_polynomial(t); - - const std::vector u = - domain->evaluate_all_lagrange_polynomials(t); - /** - * add and process all constraints as in instance_map - */ - std::size_t extra_var_offset = cs.num_variables() + 1; - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - At[cs.constraints[i].a.terms[j].index] += - u[2 * i] * cs.constraints[i].a.terms[j].coeff; - At[cs.constraints[i].a.terms[j].index] += - u[2 * i + 1] * cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - At[cs.constraints[i].b.terms[j].index] += - u[2 * i] * cs.constraints[i].b.terms[j].coeff; - At[cs.constraints[i].b.terms[j].index] -= - u[2 * i + 1] * cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - Ct[cs.constraints[i].c.terms[j].index] += - times_four(u[2 * i] * cs.constraints[i].c.terms[j].coeff); - } - - Ct[extra_var_offset + i] += u[2 * i]; - Ct[extra_var_offset + i] += u[2 * i + 1]; - } - - std::size_t extra_constr_offset = 2 * cs.num_constraints(); - std::size_t extra_var_offset2 = cs.num_variables() + cs.num_constraints(); - - At[0] += u[extra_constr_offset]; - Ct[0] += u[extra_constr_offset]; - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - At[i] += u[extra_constr_offset + 2 * i - 1]; - At[0] += u[extra_constr_offset + 2 * i - 1]; - Ct[i] += times_four(u[extra_constr_offset + 2 * i - 1]); - Ct[extra_var_offset2 + i] += u[extra_constr_offset + 2 * i - 1]; - - At[i] += u[extra_constr_offset + 2 * i]; - At[0] -= u[extra_constr_offset + 2 * i]; - Ct[extra_var_offset2 + i] += u[extra_constr_offset + 2 * i]; - } - - typename FieldType::value_type ti = FieldType::value_type::one(); - for (std::size_t i = 0; i < domain->m + 1; ++i) { - Ht.emplace_back(ti); - ti *= t; - } - - return sap_instance_evaluation(domain, - sap_num_variables, - domain->m, - cs.num_inputs(), - t, - std::move(At), - std::move(Ct), - std::move(Ht), - Zt); - } - - /** - * Witness map for the R1CS-to-SAP reduction. - * - * The witness map takes zero knowledge into account when d1, d2 are random. - * - * More precisely, compute the coefficients - * h_0,h_1,...,h_n - * of the polynomial - * H(z) := (A(z)*A(z)-C(z))/Z(z) - * where - * A(z) := A_0(z) + \sum_{k=1}^{m} w_k A_k(z) + d1 * Z(z) - * C(z) := C_0(z) + \sum_{k=1}^{m} w_k C_k(z) + d2 * Z(z) - * Z(z) := "vanishing polynomial of set S" - * and - * m = number of variables of the SAP - * n = degree of the SAP - * - * This is done as follows: - * (1) compute evaluations of A,C on S = {sigma_1,...,sigma_n} - * (2) compute coefficients of A,C - * (3) compute evaluations of A,C on T = "coset of S" - * (4) compute evaluation of H on T - * (5) compute coefficients of H - * (6) patch H to account for d1,d2 - (i.e., add coefficients of the polynomial (2*d1*A - d2 + d1^2 * Z)) - * - * The code below is not as simple as the above high-level description due to - * some reshuffling to save space. - */ - static sap_witness - witness_map(const r1cs_constraint_system &cs, - const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input, - const typename FieldType::value_type &d1, - const typename FieldType::value_type &d2) { - /* sanity check */ - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - const std::shared_ptr> domain = get_domain(cs); - - std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs(); - - r1cs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert( - full_variable_assignment.end(), auxiliary_input.begin(), auxiliary_input.end()); - /** - * we need to generate values of all the extra variables that we added - * during the reduction - * - * note: below, we pass full_variable_assignment into the .evaluate() - * method of the R1CS constraints. however, these extra variables shouldn't - * be a problem, because .evaluate() only accesses the variables that are - * actually used in the constraint. - */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - /** - * this is variable (extra_var_offset + i), an extra variable - * we introduced that is not present in the input. - * its value is (a - b)^2 - */ - typename FieldType::value_type extra_var = - cs.constraints[i].a.evaluate(full_variable_assignment) - - cs.constraints[i].b.evaluate(full_variable_assignment); - extra_var = extra_var * extra_var; - full_variable_assignment.push_back(extra_var); - } - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - /** - * this is variable (extra_var_offset2 + i), an extra variable - * we introduced that is not present in the input. - * its value is (x_i - 1)^2 - */ - typename FieldType::value_type extra_var = - full_variable_assignment[i - 1] - FieldType::value_type::one(); - extra_var = extra_var * extra_var; - full_variable_assignment.push_back(extra_var); - } - - std::vector aA(domain->m, FieldType::value_type::zero()); - - /* account for all constraints, as in instance_map */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aA[2 * i] += cs.constraints[i].a.evaluate(full_variable_assignment); - aA[2 * i] += cs.constraints[i].b.evaluate(full_variable_assignment); - - aA[2 * i + 1] += cs.constraints[i].a.evaluate(full_variable_assignment); - aA[2 * i + 1] -= cs.constraints[i].b.evaluate(full_variable_assignment); - } - - std::size_t extra_constr_offset = 2 * cs.num_constraints(); - - aA[extra_constr_offset] += FieldType::value_type::one(); - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - aA[extra_constr_offset + 2 * i - 1] += full_variable_assignment[i - 1]; - aA[extra_constr_offset + 2 * i - 1] += FieldType::value_type::one(); - - aA[extra_constr_offset + 2 * i] += full_variable_assignment[i - 1]; - aA[extra_constr_offset + 2 * i] -= FieldType::value_type::one(); - } - - domain->inverse_fft(aA); - - std::vector coefficients_for_H( - domain->m + 1, FieldType::value_type::zero()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - /* add coefficients of the polynomial (2*d1*A - d2) + d1*d1*Z */ - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] = (d1 * aA[i]) + (d1 * aA[i]); - } - coefficients_for_H[0] -= d2; - domain->add_poly_z(d1 * d1, coefficients_for_H); - - math::multiply_by_coset( - aA, - typename FieldType::value_type( - algebra::fields::arithmetic_params::multiplicative_generator)); - domain->fft(aA); - - std::vector &H_tmp = - aA; // can overwrite aA because it is not used later -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = aA[i] * aA[i]; - } - - std::vector aC(domain->m, FieldType::value_type::zero()); - /* again, accounting for all constraints */ - std::size_t extra_var_offset = cs.num_variables() + 1; - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aC[2 * i] += times_four(cs.constraints[i].c.evaluate(full_variable_assignment)); - - aC[2 * i] += full_variable_assignment[extra_var_offset + i - 1]; - aC[2 * i + 1] += full_variable_assignment[extra_var_offset + i - 1]; - } - - std::size_t extra_var_offset2 = cs.num_variables() + cs.num_constraints(); - aC[extra_constr_offset] += FieldType::value_type::one(); - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - aC[extra_constr_offset + 2 * i - 1] += times_four(full_variable_assignment[i - 1]); - - aC[extra_constr_offset + 2 * i - 1] += - full_variable_assignment[extra_var_offset2 + i - 1]; - aC[extra_constr_offset + 2 * i] += full_variable_assignment[extra_var_offset2 + i - 1]; - } - - domain->inverse_fft(aC); - - math::multiply_by_coset( - aC, - typename FieldType::value_type( - algebra::fields::arithmetic_params::multiplicative_generator)); - domain->fft(aC); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = (H_tmp[i] - aC[i]); - } - - domain->divide_by_z_on_coset(H_tmp); - - domain->inverse_fft(H_tmp); - multiply_by_coset(H_tmp, - typename FieldType::value_type( - algebra::fields::arithmetic_params::multiplicative_generator) - .inversed()); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] += H_tmp[i]; - } - - return sap_witness(sap_num_variables, - domain->m, - cs.num_inputs(), - d1, - d2, - full_variable_assignment, - std::move(coefficients_for_H)); - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/tbcs_to_uscs.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/tbcs_to_uscs.hpp deleted file mode 100644 index 55001b862e..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/tbcs_to_uscs.hpp +++ /dev/null @@ -1,200 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a TBCS-to-USCS reduction, that is, constructing -// a USCS ("Unitary-Square Constraint System") from a TBCS ("Two-input Boolean Circuit Satisfiability"). -// -// The reduction is straightforward: each non-output wire is mapped to a -// corresponding USCS constraint that enforces the wire to carry a boolean value; -// each 2-input boolean gate is mapped to a corresponding USCS constraint that -// enforces correct computation of the gate; each output wire is mapped to a -// corresponding USCS constraint that enforces that the output is zero. -// -// The mapping of a gate to a USCS constraint is due to \[GOS12]. -// -// References: -// -// \[GOS12]: -// "New techniques for noninteractive zero-knowledge", -// Jens Groth, Rafail Ostrovsky, Amit Sahai -// JACM 2012, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_TO_USCS_BASIC_POLICY_HPP -#define CRYPTO3_ZK_TBCS_TO_USCS_BASIC_POLICY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - struct tbcs_to_uscs { - typedef FieldType field_type; - - /** - * Instance map for the TBCS-to-USCS reduction. - */ - static uscs_constraint_system instance_map(const tbcs_circuit &circuit) { - assert(circuit.is_valid()); - uscs_constraint_system result; - - result.primary_input_size = circuit.primary_input_size; - result.auxiliary_input_size = circuit.auxiliary_input_size + circuit.gates.size(); - - for (auto &g : circuit.gates) { - const variable x(g.left_wire); - const variable y(g.right_wire); - const variable z(g.output); - - switch (g.type) { - case TBCS_GATE_CONSTANT_0: - /* Truth table (00, 01, 10, 11): (0, 0, 0, 0) - 0 * x + 0 * y + 1 * z + 1 \in {-1, 1} */ - result.add_constraint(0 * x + 0 * y + 1 * z + 1); - break; - case TBCS_GATE_AND: - /* Truth table (00, 01, 10, 11): (0, 0, 0, 1) - -2 * x + -2 * y + 4 * z + 1 \in {-1, 1} */ - result.add_constraint(-2 * x + -2 * y + 4 * z + 1); - break; - case TBCS_GATE_X_AND_NOT_Y: - /* Truth table (00, 01, 10, 11): (0, 0, 1, 0) - -2 * x + 2 * y + 4 * z + -1 \in {-1, 1} */ - result.add_constraint(-2 * x + 2 * y + 4 * z + -1); - break; - case TBCS_GATE_X: - /* Truth table (00, 01, 10, 11): (0, 0, 1, 1) - -1 * x + 0 * y + 1 * z + 1 \in {-1, 1} */ - result.add_constraint(-1 * x + 0 * y + 1 * z + 1); - break; - case TBCS_GATE_NOT_X_AND_Y: - /* Truth table (00, 01, 10, 11): (0, 1, 0, 0) - 2 * x + -2 * y + 4 * z + -1 \in {-1, 1} */ - result.add_constraint(2 * x + -2 * y + 4 * z + -1); - break; - case TBCS_GATE_Y: - /* Truth table (00, 01, 10, 11): (0, 1, 0, 1) - 0 * x + 1 * y + 1 * z + -1 \in {-1, 1} */ - result.add_constraint(0 * x + 1 * y + 1 * z + -1); - break; - case TBCS_GATE_XOR: - /* Truth table (00, 01, 10, 11): (0, 1, 1, 0) - 1 * x + 1 * y + 1 * z + -1 \in {-1, 1} */ - result.add_constraint(1 * x + 1 * y + 1 * z + -1); - break; - case TBCS_GATE_OR: - /* Truth table (00, 01, 10, 11): (0, 1, 1, 1) - -2 * x + -2 * y + 4 * z + -1 \in {-1, 1} */ - result.add_constraint(-2 * x + -2 * y + 4 * z + -1); - break; - case TBCS_GATE_NOR: - /* Truth table (00, 01, 10, 11): (1, 0, 0, 0) - 2 * x + 2 * y + 4 * z + -3 \in {-1, 1} */ - result.add_constraint(2 * x + 2 * y + 4 * z + -3); - break; - case TBCS_GATE_EQUIVALENCE: - /* Truth table (00, 01, 10, 11): (1, 0, 0, 1) - 1 * x + 1 * y + 1 * z + -2 \in {-1, 1} */ - result.add_constraint(1 * x + 1 * y + 1 * z + -2); - break; - case TBCS_GATE_NOT_Y: - /* Truth table (00, 01, 10, 11): (1, 0, 1, 0) - 0 * x + -1 * y + 1 * z + 0 \in {-1, 1} */ - result.add_constraint(0 * x + -1 * y + 1 * z + 0); - break; - case TBCS_GATE_IF_Y_THEN_X: - /* Truth table (00, 01, 10, 11): (1, 0, 1, 1) - -2 * x + 2 * y + 4 * z + -3 \in {-1, 1} */ - result.add_constraint(-2 * x + 2 * y + 4 * z + -3); - break; - case TBCS_GATE_NOT_X: - /* Truth table (00, 01, 10, 11): (1, 1, 0, 0) - -1 * x + 0 * y + 1 * z + 0 \in {-1, 1} */ - result.add_constraint(-1 * x + 0 * y + 1 * z + 0); - break; - case TBCS_GATE_IF_X_THEN_Y: - /* Truth table (00, 01, 10, 11): (1, 1, 0, 1) - 2 * x + -2 * y + 4 * z + -3 \in {-1, 1} */ - result.add_constraint(2 * x + -2 * y + 4 * z + -3); - break; - case TBCS_GATE_NAND: - /* Truth table (00, 01, 10, 11): (1, 1, 1, 0) - 2 * x + 2 * y + 4 * z + -5 \in {-1, 1} */ - result.add_constraint(2 * x + 2 * y + 4 * z + -5); - break; - case TBCS_GATE_CONSTANT_1: - /* Truth table (00, 01, 10, 11): (1, 1, 1, 1) - 0 * x + 0 * y + 1 * z + 0 \in {-1, 1} */ - result.add_constraint(0 * x + 0 * y + 1 * z + 0); - break; - default: - assert(0); - } - } - - for (std::size_t i = 0; - i < circuit.primary_input_size + circuit.auxiliary_input_size + circuit.gates.size(); - ++i) { - /* require that 2 * wire - 1 \in {-1,1}, that is wire \in {0,1} */ - result.add_constraint(2 * variable(i) - 1); - } - - for (auto &g : circuit.gates) { - if (g.is_circuit_output) { - /* require that output + 1 \in {-1,1}, this together with output binary (above) - * enforces output = 0 */ - result.add_constraint(variable(g.output) + 1); - } - } - - return result; - } - - /** - * Witness map for the TBCS-to-USCS reduction. - */ - static uscs_variable_assignment - witness_map(const tbcs_circuit &circuit, - const tbcs_primary_input &primary_input, - const tbcs_auxiliary_input &auxiliary_input) { - - const tbcs_variable_assignment all_wires = - circuit.get_all_wires(primary_input, auxiliary_input); - const uscs_variable_assignment result = - algebra::convert_bit_vector_to_field_element_vector(all_wires); - return result; - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_TO_USCS_BASIC_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/uscs_to_ssp.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/uscs_to_ssp.hpp deleted file mode 100644 index a5fc1d73fd..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/reductions/uscs_to_ssp.hpp +++ /dev/null @@ -1,256 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a USCS-to-SSP reduction, that is, constructing -// a SSP ("Square Span Program") from a USCS ("boolean circuit with 2-input gates"). -// -// SSPs are defined in \[DFGK14], and constructed for USCS also in \[DFGK14]. -// -// The implementation of the reduction adapts to \[DFGK14], extends, and optimizes -// the efficient QAP-based approach described in Appendix E of \[BCGTV13]. -// -// References: -// -// \[BCGTV13] -// "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge", -// Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, Madars Virza, -// CRYPTO 2013, -// -// -// \[DFGK14]: -// "Square Span Programs with Applications to Succinct NIZK Arguments" -// George Danezis, Cedric Fournet, Jens Groth, Markulf Kohlweiss, -// ASIACRYPT 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_TO_SSP_REDUCTION_HPP -#define CRYPTO3_ZK_USCS_TO_SSP_REDUCTION_HPP - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - struct uscs_to_ssp { - typedef FieldType field_type; - - /** - * Instance map for the USCS-to-SSP reduction. - * - * Namely, given a USCS constraint system cs, construct a SSP instance for which: - * V := (V_0(z),V_1(z),...,V_m(z)) - * where - * m = number of variables of the SSP - * and - * each V_i is expressed in the Lagrange basis. - */ - static ssp_instance instance_map(const uscs_constraint_system &cs) { - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints()); - std::vector> V_in_Lagrange_basis( - cs.num_variables() + 1); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].terms.size(); ++j) { - V_in_Lagrange_basis[cs.constraints[i].terms[j].index][i] += - cs.constraints[i].terms[j].coeff; - } - } - for (std::size_t i = cs.num_constraints(); i < domain->m; ++i) { - V_in_Lagrange_basis[0][i] += FieldType::value_type::one(); - } - - return ssp_instance( - domain, cs.num_variables(), domain->m, cs.num_inputs(), std::move(V_in_Lagrange_basis)); - } - - /** - * Instance map for the USCS-to-SSP reduction followed by evaluation of the resulting SSP - * instance. - * - * Namely, given a USCS constraint system cs and a field element t, construct - * a SSP instance (evaluated at t) for which: - * Vt := (V_0(t),V_1(t),...,V_m(t)) - * Ht := (1,t,t^2,...,t^n) - * Zt := Z(t) = "vanishing polynomial of a certain set S, evaluated at t" - * where - * m = number of variables of the SSP - * n = degree of the SSP - */ - static ssp_instance_evaluation - instance_map_with_evaluation(const uscs_constraint_system &cs, - const typename FieldType::value_type &t) { - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints()); - - std::vector Vt(cs.num_variables() + 1, - FieldType::value_type::zero()); - std::vector Ht(domain->m + 1); - - const typename FieldType::value_type Zt = domain->compute_vanishing_polynomial(t); - - const std::vector u = - domain->evaluate_all_lagrange_polynomials(t); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].terms.size(); ++j) { - Vt[cs.constraints[i].terms[j].index] += u[i] * cs.constraints[i].terms[j].coeff; - } - } - for (std::size_t i = cs.num_constraints(); i < domain->m; ++i) { - Vt[0] += u[i]; /* dummy constraint: 1^2 = 1 */ - } - typename FieldType::value_type ti = FieldType::value_type::one(); - for (std::size_t i = 0; i < domain->m + 1; ++i) { - Ht[i] = ti; - ti *= t; - } - - return ssp_instance_evaluation(domain, - cs.num_variables(), - domain->m, - cs.num_inputs(), - t, - std::move(Vt), - std::move(Ht), - Zt); - } - - /** - * Witness map for the USCS-to-SSP reduction. - * - * The witness map takes zero knowledge into account when d is random. - * - * More precisely, compute the coefficients - * h_0,h_1,...,h_n - * of the polynomial - * H(z) := (V(z)^2-1)/Z(z) - * where - * V(z) := V_0(z) + \sum_{k=1}^{m} w_k V_k(z) + d * Z(z) - * Z(z) := "vanishing polynomial of set S" - * and - * m = number of variables of the SSP - * n = degree of the SSP - * - * This is done as follows: - * (1) compute evaluations of V on S = {sigma_1,...,sigma_n} - * (2) compute coefficients of V - * (3) compute evaluations of V on T = "coset of S" - * (4) compute evaluation of H on T - * (5) compute coefficients of H - * (6) patch H to account for d (i.e., add coefficients of the polynomial 2*d*V(z) + d*d*Z(z) ) - * - * The code below is not as simple as the above high-level description due to - * some reshuffling to save space. - */ - static ssp_witness - witness_map(const uscs_constraint_system &cs, - const uscs_primary_input &primary_input, - const uscs_auxiliary_input &auxiliary_input, - const typename FieldType::value_type &d) { - /* sanity check */ - - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - uscs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert( - full_variable_assignment.end(), auxiliary_input.begin(), auxiliary_input.end()); - - const std::shared_ptr> domain = - make_evaluation_domain(cs.num_constraints()); - - std::vector aA(domain->m, FieldType::value_type::zero()); - assert(domain->m >= cs.num_constraints()); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aA[i] += cs.constraints[i].evaluate(full_variable_assignment); - } - for (std::size_t i = cs.num_constraints(); i < domain->m; ++i) { - aA[i] += FieldType::value_type::one(); - } - - domain->inverse_fft(aA); - - std::vector coefficients_for_H( - domain->m + 1, FieldType::value_type::zero()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - /* add coefficients of the polynomial 2*d*V(z) + d*d*Z(z) */ - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] = typename FieldType::value_type(2) * d * aA[i]; - } - domain->add_poly_z(d.squared(), coefficients_for_H); - - math::multiply_by_coset( - aA, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aA); - - std::vector &H_tmp = - aA; // can overwrite aA because it is not used later -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = aA[i].squared() - FieldType::value_type::one(); - } - - domain->divide_by_z_on_coset(H_tmp); - - domain->inverse_fft(H_tmp); - multiply_by_coset(H_tmp, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator) - .inversed()); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] += H_tmp[i]; - } - - return ssp_witness(cs.num_variables(), - domain->m, - cs.num_inputs(), - d, - full_variable_assignment, - std::move(coefficients_for_H)); - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_TO_SSP_BASIC_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/compliance_predicate.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/compliance_predicate.hpp deleted file mode 100644 index bdb8517d9d..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/compliance_predicate.hpp +++ /dev/null @@ -1,284 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a compliance predicate for R1CS PCD. -// -// A compliance predicate specifies a local invariant to be enforced, by PCD, -// throughout a dynamic distributed computation. A compliance predicate -// receives input messages, local data, and an output message (and perhaps some -// other auxiliary information), and then either accepts or rejects. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_COMPLIANCE_PREDICATE_HPP -#define CRYPTO3_ZK_COMPLIANCE_PREDICATE_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /********************************* Message ***********************************/ - - /** - * A message for R1CS PCD. - * - * It is a pair, consisting of - * - a type (a positive integer), and - * - a payload (a vector of field elements). - */ - template - struct r1cs_pcd_message { - std::size_t type; - - r1cs_pcd_message(std::size_t type) : type(type) { - } - virtual r1cs_variable_assignment payload_as_r1cs_variable_assignment() const = 0; - r1cs_variable_assignment as_r1cs_variable_assignment() const { - r1cs_variable_assignment result = this->payload_as_r1cs_variable_assignment(); - result.insert(result.begin(), typename FieldType::value_type(this->type)); - return result; - } - - virtual ~r1cs_pcd_message() = default; - }; - - /******************************* Local data **********************************/ - - /** - * A local data for R1CS PCD. - */ - template - struct r1cs_pcd_local_data { - r1cs_pcd_local_data() = default; - virtual r1cs_variable_assignment as_r1cs_variable_assignment() const = 0; - virtual ~r1cs_pcd_local_data() = default; - }; - - /******************************** Witness ************************************/ - - template - using r1cs_pcd_witness = std::vector; - - /*************************** Compliance predicate ****************************/ - - /** - * A compliance predicate for R1CS PCD. - * - * It is a wrapper around R1CS that also specifies how to parse a - * variable assignment as: - * - output message (the input) - * - some number of input messages (part of the witness) - * - local data (also part of the witness) - * - auxiliary information (the remaining variables of the witness) - * - * A compliance predicate also has a type, allegedly the same - * as the type of the output message. - * - * The input wires of R1CS appear in the following order: - * - (1 + outgoing_message_payload_length) wires for outgoing message - * - 1 wire for arity (allegedly, 0 <= arity <= max_arity) - * - for i = 0, ..., max_arity-1: - * - (1 + incoming_message_payload_lengths[i]) wires for i-th message of - * the input (in the array that's padded to max_arity messages) - * - local_data_length wires for local data - * - * The rest witness_length wires of the R1CS constitute the witness. - * - * To allow for optimizations, the compliance predicate also - * specififies a flag, called relies_on_same_type_inputs, denoting - * whether the predicate works under the assumption that all input - * messages have the same type. In such case a member - * accepted_input_types lists all types accepted by the predicate - * (accepted_input_types has no meaning if - * relies_on_same_type_inputs=false). - */ - - template - class r1cs_pcd_compliance_predicate { - public: - std::size_t name; - std::size_t type; - - r1cs_constraint_system constraint_system; - - std::size_t outgoing_message_payload_length; - std::size_t max_arity; - std::vector incoming_message_payload_lengths; - std::size_t local_data_length; - std::size_t witness_length; - - bool relies_on_same_type_inputs; - std::set accepted_input_types; - - r1cs_pcd_compliance_predicate() = default; - r1cs_pcd_compliance_predicate(r1cs_pcd_compliance_predicate &&other) = default; - r1cs_pcd_compliance_predicate(const r1cs_pcd_compliance_predicate &other) = default; - r1cs_pcd_compliance_predicate( - std::size_t name, - std::size_t type, - const r1cs_constraint_system &constraint_system, - std::size_t outgoing_message_payload_length, - std::size_t max_arity, - const std::vector &incoming_message_payload_lengths, - std::size_t local_data_length, - std::size_t witness_length, - bool relies_on_same_type_inputs, - const std::set &accepted_input_types = std::set()); - - r1cs_pcd_compliance_predicate & - operator=(const r1cs_pcd_compliance_predicate &other) = default; - - bool is_well_formed() const; - bool has_equal_input_and_output_lengths() const; - bool has_equal_input_lengths() const; - - bool - is_satisfied(const std::shared_ptr> &outgoing_message, - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data, - const r1cs_pcd_witness &witness) const; - - bool operator==(const r1cs_pcd_compliance_predicate &other) const; - }; - - template - class r1cs_pcd_compliance_predicate_primary_input; - - template - class r1cs_pcd_compliance_predicate_auxiliary_input; - - template - r1cs_pcd_compliance_predicate::r1cs_pcd_compliance_predicate( - std::size_t name, - std::size_t type, - const r1cs_constraint_system &constraint_system, - std::size_t outgoing_message_payload_length, - std::size_t max_arity, - const std::vector &incoming_message_payload_lengths, - std::size_t local_data_length, - std::size_t witness_length, - bool relies_on_same_type_inputs, - const std::set &accepted_input_types) : - name(name), - type(type), constraint_system(constraint_system), - outgoing_message_payload_length(outgoing_message_payload_length), max_arity(max_arity), - incoming_message_payload_lengths(incoming_message_payload_lengths), - local_data_length(local_data_length), witness_length(witness_length), - relies_on_same_type_inputs(relies_on_same_type_inputs), accepted_input_types(accepted_input_types) { - assert(max_arity == incoming_message_payload_lengths.size()); - } - - template - bool r1cs_pcd_compliance_predicate::is_well_formed() const { - const bool type_not_zero = (type != 0); - const bool incoming_message_payload_lengths_well_specified = - (incoming_message_payload_lengths.size() == max_arity); - - std::size_t all_message_payload_lengths = outgoing_message_payload_length; - for (std::size_t i = 0; i < incoming_message_payload_lengths.size(); ++i) { - all_message_payload_lengths += incoming_message_payload_lengths[i]; - } - const std::size_t type_vec_length = max_arity + 1; - const std::size_t arity_length = 1; - - const bool correct_num_inputs = - ((outgoing_message_payload_length + 1) == constraint_system.num_inputs()); - const bool correct_num_variables = - ((all_message_payload_lengths + local_data_length + type_vec_length + arity_length + - witness_length) == constraint_system.num_variables()); - - return (type_not_zero && incoming_message_payload_lengths_well_specified && correct_num_inputs && - correct_num_variables); - } - - template - bool r1cs_pcd_compliance_predicate::has_equal_input_and_output_lengths() const { - for (std::size_t i = 0; i < incoming_message_payload_lengths.size(); ++i) { - if (incoming_message_payload_lengths[i] != outgoing_message_payload_length) { - return false; - } - } - - return true; - } - - template - bool r1cs_pcd_compliance_predicate::has_equal_input_lengths() const { - for (std::size_t i = 1; i < incoming_message_payload_lengths.size(); ++i) { - if (incoming_message_payload_lengths[i] != incoming_message_payload_lengths[0]) { - return false; - } - } - - return true; - } - - template - bool r1cs_pcd_compliance_predicate::operator==( - const r1cs_pcd_compliance_predicate &other) const { - return (this->name == other.name && this->type == other.type && - this->constraint_system == other.constraint_system && - this->outgoing_message_payload_length == other.outgoing_message_payload_length && - this->max_arity == other.max_arity && - this->incoming_message_payload_lengths == other.incoming_message_payload_lengths && - this->local_data_length == other.local_data_length && - this->witness_length == other.witness_length && - this->relies_on_same_type_inputs == other.relies_on_same_type_inputs && - this->accepted_input_types == other.accepted_input_types); - } - - template - bool r1cs_pcd_compliance_predicate::is_satisfied( - const std::shared_ptr> &outgoing_message, - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data, - const r1cs_pcd_witness &witness) const { - assert(outgoing_message.payload_as_r1cs_variable_assignment().size() == - outgoing_message_payload_length); - assert(incoming_messages.size() <= max_arity); - for (std::size_t i = 0; i < incoming_messages.size(); ++i) { - assert(incoming_messages[i].payload_as_r1cs_variable_assignment().size() == - incoming_message_payload_lengths[i]); - } - assert(local_data.as_r1cs_variable_assignment().size() == local_data_length); - - r1cs_pcd_compliance_predicate_primary_input cp_primary_input(outgoing_message); - r1cs_pcd_compliance_predicate_auxiliary_input cp_auxiliary_input(incoming_messages, - local_data, witness); - - return constraint_system.is_satisfied( - cp_primary_input.as_r1cs_primary_input(), - cp_auxiliary_input.as_r1cs_auxiliary_input(incoming_message_payload_lengths)); - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // COMPLIANCE_PREDICATE_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/ppzkpcd_compliance_predicate.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/ppzkpcd_compliance_predicate.hpp deleted file mode 100644 index db6f70d467..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/ppzkpcd_compliance_predicate.hpp +++ /dev/null @@ -1,59 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Template aliasing for prettifying R1CS PCD interfaces. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_PPZKPCD_COMPLIANCE_PREDICATE_HPP -#define CRYPTO3_ZK_PPZKPCD_COMPLIANCE_PREDICATE_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /* template aliasing for R1CS (multi-predicate) ppzkPCD: */ - - template - using r1cs_mp_ppzkpcd_compliance_predicate = - r1cs_pcd_compliance_predicate>; - - template - using r1cs_mp_ppzkpcd_message = r1cs_pcd_message>; - - template - using r1cs_mp_ppzkpcd_local_data = r1cs_pcd_local_data>; - - template - using r1cs_mp_ppzkpcd_variable_assignment = - r1cs_variable_assignment>; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // PPZKPCD_COMPLIANCE_PREDICATE_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.hpp deleted file mode 100644 index ce35f915f4..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.hpp +++ /dev/null @@ -1,714 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a *multi-predicate* ppzkPCD for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm -// - online verifier algorithm -// -// The implementation follows, extends, and optimizes the approach described -// in \[CTV15]. Thus, PCD is constructed from two "matched" ppzkSNARKs for R1CS. -// -// Acronyms: -// -// "R1CS" = "Rank-1 Constraint Systems" -// "ppzkSNARK" = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// "ppzkPCD" = "Pre-Processing Zero-Knowledge Proof-Carrying Data" -// -// References: -// -// \[CTV15]: -// "Cluster Computing in Zero Knowledge", -// Alessandro Chiesa, Eran Tromer, Madars Virza, -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_MP_PPZKPCD_HPP -#define CRYPTO3_R1CS_MP_PPZKPCD_HPP - -#include -#include - -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS (multi-predicate) ppzkPCD. - */ - template - class r1cs_mp_ppzkpcd_proving_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - std::vector> compliance_predicates; - - std::vector::proving_key_type> compliance_step_r1cs_pks; - std::vector::proving_key_type> translation_step_r1cs_pks; - - std::vector::verification_key_type> compliance_step_r1cs_vks; - std::vector::verification_key_type> translation_step_r1cs_vks; - - set_commitment commitment_to_translation_step_r1cs_vks; - std::vector compliance_step_r1cs_vk_membership_proofs; - - std::map compliance_predicate_name_to_idx; - - r1cs_mp_ppzkpcd_proving_key() {}; - r1cs_mp_ppzkpcd_proving_key(const r1cs_mp_ppzkpcd_proving_key &other) = default; - r1cs_mp_ppzkpcd_proving_key(r1cs_mp_ppzkpcd_proving_key &&other) = default; - r1cs_mp_ppzkpcd_proving_key( - const std::vector> &compliance_predicates, - const std::vector::proving_key_type> &compliance_step_r1cs_pk, - const std::vector::proving_key_type> &translation_step_r1cs_pk, - const std::vector::verification_key_type> - &compliance_step_r1cs_vk, - const std::vector::verification_key_type> - &translation_step_r1cs_vk, - const set_commitment &commitment_to_translation_step_r1cs_vks, - const std::vector &compliance_step_r1cs_vk_membership_proofs, - const std::map &compliance_predicate_name_to_idx) : - compliance_predicates(compliance_predicates), - compliance_step_r1cs_pks(compliance_step_r1cs_pks), - translation_step_r1cs_pks(translation_step_r1cs_pks), - compliance_step_r1cs_vks(compliance_step_r1cs_vks), - translation_step_r1cs_vks(translation_step_r1cs_vks), - commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks), - compliance_step_r1cs_vk_membership_proofs(compliance_step_r1cs_vk_membership_proofs), - compliance_predicate_name_to_idx(compliance_predicate_name_to_idx) { - } - - r1cs_mp_ppzkpcd_proving_key & - operator=(const r1cs_mp_ppzkpcd_proving_key &other) = default; - - std::size_t size_in_bits() const; - - bool is_well_formed() const; - - bool operator==(const r1cs_mp_ppzkpcd_proving_key &other) const; - }; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS (multi-predicate) ppzkPCD. - */ - template - class r1cs_mp_ppzkpcd_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - std::vector::verification_key_type> compliance_step_r1cs_vks; - std::vector::verification_key_type> translation_step_r1cs_vks; - set_commitment commitment_to_translation_step_r1cs_vks; - - r1cs_mp_ppzkpcd_verification_key() = default; - r1cs_mp_ppzkpcd_verification_key(const r1cs_mp_ppzkpcd_verification_key &other) = default; - r1cs_mp_ppzkpcd_verification_key(r1cs_mp_ppzkpcd_verification_key &&other) = default; - r1cs_mp_ppzkpcd_verification_key( - const std::vector::verification_key_type> - &compliance_step_r1cs_vks, - const std::vector::verification_key_type> - &translation_step_r1cs_vks, - const set_commitment &commitment_to_translation_step_r1cs_vks) : - compliance_step_r1cs_vks(compliance_step_r1cs_vks), - translation_step_r1cs_vks(translation_step_r1cs_vks), - commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks) { - } - - r1cs_mp_ppzkpcd_verification_key & - operator=(const r1cs_mp_ppzkpcd_verification_key &other) = default; - - std::size_t size_in_bits() const; - - bool operator==(const r1cs_mp_ppzkpcd_verification_key &other) const; - }; - - /************************* Processed verification key **************************/ - - /** - * A processed verification key for the R1CS (multi-predicate) ppzkPCD. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class r1cs_mp_ppzkpcd_processed_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - std::vector::processed_verification_key_type> - compliance_step_r1cs_pvks; - std::vector::processed_verification_key_type> - translation_step_r1cs_pvks; - set_commitment commitment_to_translation_step_r1cs_vks; - - r1cs_mp_ppzkpcd_processed_verification_key() = default; - r1cs_mp_ppzkpcd_processed_verification_key( - const r1cs_mp_ppzkpcd_processed_verification_key &other) = default; - r1cs_mp_ppzkpcd_processed_verification_key( - r1cs_mp_ppzkpcd_processed_verification_key &&other) = default; - r1cs_mp_ppzkpcd_processed_verification_key( - std::vector::processed_verification_key_type> - &&compliance_step_r1cs_pvks, - std::vector::processed_verification_key_type> - &&translation_step_r1cs_pvks, - const set_commitment &commitment_to_translation_step_r1cs_vks) : - compliance_step_r1cs_pvks(std::move(compliance_step_r1cs_pvks)), - translation_step_r1cs_pvks(std::move(translation_step_r1cs_pvks)), - commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks) {}; - - r1cs_mp_ppzkpcd_processed_verification_key & - operator=(const r1cs_mp_ppzkpcd_processed_verification_key &other) = default; - - std::size_t size_in_bits() const; - - bool operator==(const r1cs_mp_ppzkpcd_processed_verification_key &other) const; - }; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS (multi-predicate) ppzkPC, which consists of a proving key and a verification - * key. - */ - template - class r1cs_mp_ppzkpcd_keypair { - public: - r1cs_mp_ppzkpcd_proving_key pk; - r1cs_mp_ppzkpcd_verification_key vk; - - r1cs_mp_ppzkpcd_keypair() = default; - r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_keypair &&other) = default; - r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_proving_key &&pk, - r1cs_mp_ppzkpcd_verification_key &&vk) : - pk(std::move(pk)), - vk(std::move(vk)) {}; - }; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS (multi-predicate) ppzkPCD. - */ - template - class r1cs_mp_ppzkpcd_proof { - public: - std::size_t compliance_predicate_idx; - typename r1cs_ppzksnark::proof_type r1cs_proof; - - r1cs_mp_ppzkpcd_proof() = default; - r1cs_mp_ppzkpcd_proof( - const std::size_t compliance_predicate_idx, - const typename r1cs_ppzksnark::proof_type &r1cs_proof) : - compliance_predicate_idx(compliance_predicate_idx), - r1cs_proof(r1cs_proof) { - } - - std::size_t size_in_bits() const; - - bool operator==(const r1cs_mp_ppzkpcd_proof &other) const; - }; - - /***************************** Main algorithms *******************************/ - - /** - * A generator algorithm for the R1CS (multi-predicate) ppzkPCD. - * - * Given a vector of compliance predicates, this algorithm produces proving and verification keys for - * the vector. - */ - template - r1cs_mp_ppzkpcd_keypair r1cs_mp_ppzkpcd_generator( - const std::vector> &compliance_predicates); - - /** - * A prover algorithm for the R1CS (multi-predicate) ppzkPCD. - * - * Given a proving key, name of chosen compliance predicate, inputs for the - * compliance predicate, and proofs for the predicate's input messages, this - * algorithm produces a proof (of knowledge) that attests to the compliance of - * the output message. - */ - template - r1cs_mp_ppzkpcd_proof - r1cs_mp_ppzkpcd_prover(const r1cs_mp_ppzkpcd_proving_key &pk, - const std::size_t compliance_predicate_name, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &incoming_proofs); - - /* - Below are two variants of verifier algorithm for the R1CS (multi-predicate) ppzkPCD. - - These are the two cases that arise from whether the verifier accepts a - (non-processed) verification key or, instead, a processed verification key. - In the latter case, we call the algorithm an "online verifier". - */ - - /** - * A verifier algorithm for the R1CS (multi-predicate) ppzkPCD that - * accepts a non-processed verification key. - */ - template - bool r1cs_mp_ppzkpcd_verifier(const r1cs_mp_ppzkpcd_verification_key &vk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof); - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - r1cs_mp_ppzkpcd_processed_verification_key - r1cs_mp_ppzkpcd_process_vk(const r1cs_mp_ppzkpcd_verification_key &vk); - - /** - * A verifier algorithm for the R1CS (multi-predicate) ppzkPCD that - * accepts a processed verification key. - */ - template - bool r1cs_mp_ppzkpcd_online_verifier(const r1cs_mp_ppzkpcd_processed_verification_key &pvk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof); - - template - std::size_t r1cs_mp_ppzkpcd_proving_key::size_in_bits() const { - const std::size_t num_predicates = compliance_predicates.size(); - - std::size_t result = 0; - for (std::size_t i = 0; i < num_predicates; ++i) { - result += - (compliance_predicates[i].size_in_bits() + compliance_step_r1cs_pks[i].size_in_bits() + - translation_step_r1cs_pks[i].size_in_bits() + compliance_step_r1cs_vks[i].size_in_bits() + - translation_step_r1cs_vks[i].size_in_bits() + - compliance_step_r1cs_vk_membership_proofs[i].size_in_bits()); - } - result += commitment_to_translation_step_r1cs_vks.size(); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_proving_key::is_well_formed() const { - const std::size_t num_predicates = compliance_predicates.size(); - - bool result = (compliance_step_r1cs_pks.size() == num_predicates); - result = result && (translation_step_r1cs_pks.size() == num_predicates); - result = result && (compliance_step_r1cs_vks.size() == num_predicates); - result = result && (translation_step_r1cs_vks.size() == num_predicates); - result = result && (compliance_step_r1cs_vk_membership_proofs.size() == num_predicates); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_proving_key::operator==( - const r1cs_mp_ppzkpcd_proving_key &other) const { - return (this->compliance_predicates == other.compliance_predicates && - this->compliance_step_r1cs_pks == other.compliance_step_r1cs_pks && - this->translation_step_r1cs_pks == other.translation_step_r1cs_pks && - this->compliance_step_r1cs_vks == other.compliance_step_r1cs_vks && - this->translation_step_r1cs_vks == other.translation_step_r1cs_vks && - this->commitment_to_translation_step_r1cs_vks == - other.commitment_to_translation_step_r1cs_vks && - this->compliance_step_r1cs_vk_membership_proofs == - other.compliance_step_r1cs_vk_membership_proofs && - this->compliance_predicate_name_to_idx == other.compliance_predicate_name_to_idx); - } - - template - std::size_t r1cs_mp_ppzkpcd_verification_key::size_in_bits() const { - const std::size_t num_predicates = compliance_step_r1cs_vks.size(); - - std::size_t result = 0; - for (std::size_t i = 0; i < num_predicates; ++i) { - result += - (compliance_step_r1cs_vks[i].size_in_bits() + translation_step_r1cs_vks[i].size_in_bits()); - } - - result += commitment_to_translation_step_r1cs_vks.size(); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_verification_key::operator==( - const r1cs_mp_ppzkpcd_verification_key &other) const { - return (this->compliance_step_r1cs_vks == other.compliance_step_r1cs_vks && - this->translation_step_r1cs_vks == other.translation_step_r1cs_vks && - this->commitment_to_translation_step_r1cs_vks == - other.commitment_to_translation_step_r1cs_vks); - } - - template - std::size_t r1cs_mp_ppzkpcd_processed_verification_key::size_in_bits() const { - const std::size_t num_predicates = compliance_step_r1cs_pvks.size(); - - std::size_t result = 0; - for (std::size_t i = 0; i < num_predicates; ++i) { - result += (compliance_step_r1cs_pvks[i].size_in_bits() + - translation_step_r1cs_pvks[i].size_in_bits()); - } - - result += commitment_to_translation_step_r1cs_vks.size(); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_processed_verification_key::operator==( - const r1cs_mp_ppzkpcd_processed_verification_key &other) const { - return (this->compliance_step_r1cs_pvks == other.compliance_step_r1cs_pvks && - this->translation_step_r1cs_pvks == other.translation_step_r1cs_pvks && - this->commitment_to_translation_step_r1cs_vks == - other.commitment_to_translation_step_r1cs_vks); - } - - template - bool r1cs_mp_ppzkpcd_proof::operator==(const r1cs_mp_ppzkpcd_proof &other) const { - return (this->compliance_predicate_idx == other.compliance_predicate_idx && - this->r1cs_proof == other.r1cs_proof); - } - - template - r1cs_mp_ppzkpcd_keypair r1cs_mp_ppzkpcd_generator( - const std::vector> &compliance_predicates) { - assert(algebra::Fr::mod == - algebra::Fq::mod); - assert(algebra::Fq::mod == - algebra::Fr::mod); - - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - typedef typename curve_A_pp::scalar_field_type FieldT_A; - typedef typename curve_B_pp::scalar_field_type FieldT_B; - - std::cout << "Call to r1cs_mp_ppzkpcd_generator" << std::endl; - - r1cs_mp_ppzkpcd_keypair keypair; - const std::size_t translation_input_size = - mp_translation_step_pcd_circuit_maker::input_size_in_elts(); - const std::size_t vk_size_in_bits = - r1cs_ppzksnark_verification_key_variable::size_in_bits(translation_input_size); - printf("%zu %zu\n", translation_input_size, vk_size_in_bits); - - set_commitment_accumulator> all_translation_vks( - compliance_predicates.size(), vk_size_in_bits); - - std::cout << "Perform type checks" << std::endl; - std::map type_counts; - - for (auto &cp : compliance_predicates) { - type_counts[cp.type] += 1; - } - - for (auto &cp : compliance_predicates) { - if (cp.relies_on_same_type_inputs) { - for (std::size_t type : cp.accepted_input_types) { - assert(type_counts[type] == 1); /* each of accepted_input_types must be unique */ - } - } else { - assert(cp.accepted_input_types.empty()); - } - } - - for (std::size_t i = 0; i < compliance_predicates.size(); ++i) { - std::cout << FMT("", - "Process predicate %zu (with name %zu and type %zu)", - i, - compliance_predicates[i].name, - compliance_predicates[i].type) - << std::endl; - assert(compliance_predicates[i].is_well_formed()); - - std::cout << "Construct compliance step PCD circuit" << std::endl; - mp_compliance_step_pcd_circuit_maker mp_compliance_step_pcd_circuit( - compliance_predicates[i], compliance_predicates.size()); - mp_compliance_step_pcd_circuit.generate_r1cs_constraints(); - r1cs_constraint_system mp_compliance_step_pcd_circuit_cs = - mp_compliance_step_pcd_circuit.get_circuit(); - - std::cout << "Generate key pair for compliance step PCD circuit" << std::endl; - typename r1cs_ppzksnark::keypair_type mp_compliance_step_keypair = - r1cs_ppzksnark::generator(mp_compliance_step_pcd_circuit_cs); - - std::cout << "Construct translation step PCD circuit" << std::endl; - mp_translation_step_pcd_circuit_maker mp_translation_step_pcd_circuit( - mp_compliance_step_keypair.vk); - mp_translation_step_pcd_circuit.generate_r1cs_constraints(); - r1cs_constraint_system mp_translation_step_pcd_circuit_cs = - mp_translation_step_pcd_circuit.get_circuit(); - - std::cout << "Generate key pair for translation step PCD circuit" << std::endl; - typename r1cs_ppzksnark::keypair_type mp_translation_step_keypair = - r1cs_ppzksnark::generator(mp_translation_step_pcd_circuit_cs); - - std::cout << "Augment set of translation step verification keys" << std::endl; - const std::vector vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - mp_translation_step_keypair.vk); - all_translation_vks.add(vk_bits); - - std::cout << "Update r1cs_mp_ppzkpcd keypair" << std::endl; - keypair.pk.compliance_predicates.emplace_back(compliance_predicates[i]); - keypair.pk.compliance_step_r1cs_pks.emplace_back(mp_compliance_step_keypair.pk); - keypair.pk.translation_step_r1cs_pks.emplace_back(mp_translation_step_keypair.pk); - keypair.pk.compliance_step_r1cs_vks.emplace_back(mp_compliance_step_keypair.vk); - keypair.pk.translation_step_r1cs_vks.emplace_back(mp_translation_step_keypair.vk); - const std::size_t cp_name = compliance_predicates[i].name; - assert(keypair.pk.compliance_predicate_name_to_idx.find(cp_name) == - keypair.pk.compliance_predicate_name_to_idx.end()); // all names must be distinct - keypair.pk.compliance_predicate_name_to_idx[cp_name] = i; - - keypair.vk.compliance_step_r1cs_vks.emplace_back(mp_compliance_step_keypair.vk); - keypair.vk.translation_step_r1cs_vks.emplace_back(mp_translation_step_keypair.vk); - } - - std::cout << "Compute set commitment and corresponding membership proofs" << std::endl; - const set_commitment cm = all_translation_vks.get_commitment(); - keypair.pk.commitment_to_translation_step_r1cs_vks = cm; - keypair.vk.commitment_to_translation_step_r1cs_vks = cm; - for (std::size_t i = 0; i < compliance_predicates.size(); ++i) { - const std::vector vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - keypair.vk.translation_step_r1cs_vks[i]); - const set_membership_proof proof = all_translation_vks.get_membership_proof(vk_bits); - - keypair.pk.compliance_step_r1cs_vk_membership_proofs.emplace_back(proof); - } - - return keypair; - } - - template - r1cs_mp_ppzkpcd_proof - r1cs_mp_ppzkpcd_prover(const r1cs_mp_ppzkpcd_proving_key &pk, - const std::size_t compliance_predicate_name, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &prev_proofs) { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - typedef typename curve_A_pp::scalar_field_type FieldT_A; - typedef typename curve_B_pp::scalar_field_type FieldT_B; - - std::cout << "Call to r1cs_mp_ppzkpcd_prover" << std::endl; - - auto it = pk.compliance_predicate_name_to_idx.find(compliance_predicate_name); - assert(it != pk.compliance_predicate_name_to_idx.end()); - const std::size_t compliance_predicate_idx = it->second; - - std::cout << "Prove compliance step" << std::endl; - assert(compliance_predicate_idx < pk.compliance_predicates.size()); - assert(prev_proofs.size() <= pk.compliance_predicates[compliance_predicate_idx].max_arity); - - const std::size_t arity = prev_proofs.size(); - const std::size_t max_arity = pk.compliance_predicates[compliance_predicate_idx].max_arity; - - if (pk.compliance_predicates[compliance_predicate_idx].relies_on_same_type_inputs) { - const std::size_t input_predicate_idx = prev_proofs[0].compliance_predicate_idx; - for (std::size_t i = 1; i < arity; ++i) { - assert(prev_proofs[i].compliance_predicate_idx == input_predicate_idx); - } - } - - std::vector::proof_type> padded_proofs(max_arity); - for (std::size_t i = 0; i < arity; ++i) { - padded_proofs[i] = prev_proofs[i].r1cs_proof; - } - - std::vector::verification_key_type> translation_step_vks; - std::vector membership_proofs; - - for (std::size_t i = 0; i < arity; ++i) { - const std::size_t input_predicate_idx = prev_proofs[i].compliance_predicate_idx; - translation_step_vks.emplace_back(pk.translation_step_r1cs_vks[input_predicate_idx]); - membership_proofs.emplace_back( - pk.compliance_step_r1cs_vk_membership_proofs[input_predicate_idx]); - -#ifdef DEBUG - if (auxiliary_input.incoming_messages[i]->type != 0) { - printf("check proof for message %zu\n", i); - const r1cs_primary_input translated_msg = - get_mp_translation_step_pcd_circuit_input( - pk.commitment_to_translation_step_r1cs_vks, auxiliary_input.incoming_messages[i]); - const bool bit = r1cs_ppzksnark::verifier_strong_input_consistency( - translation_step_vks[i], translated_msg, padded_proofs[i]); - assert(bit); - } else { - printf("message %zu is base case\n", i); - } -#endif - } - - /* pad with dummy vks/membership proofs */ - for (std::size_t i = arity; i < max_arity; ++i) { - printf("proof %zu will be a dummy\n", arity); - translation_step_vks.emplace_back(pk.translation_step_r1cs_vks[0]); - membership_proofs.emplace_back(pk.compliance_step_r1cs_vk_membership_proofs[0]); - } - - mp_compliance_step_pcd_circuit_maker mp_compliance_step_pcd_circuit( - pk.compliance_predicates[compliance_predicate_idx], pk.compliance_predicates.size()); - - mp_compliance_step_pcd_circuit.generate_r1cs_witness(pk.commitment_to_translation_step_r1cs_vks, - translation_step_vks, - membership_proofs, - primary_input, - auxiliary_input, - padded_proofs); - - const r1cs_primary_input compliance_step_primary_input = - mp_compliance_step_pcd_circuit.get_primary_input(); - const r1cs_auxiliary_input compliance_step_auxiliary_input = - mp_compliance_step_pcd_circuit.get_auxiliary_input(); - const typename r1cs_ppzksnark::proof_type compliance_step_proof = - r1cs_ppzksnark::prover(pk.compliance_step_r1cs_pks[compliance_predicate_idx], - compliance_step_primary_input, - compliance_step_auxiliary_input); - -#ifdef DEBUG - const r1cs_primary_input compliance_step_input = - get_mp_compliance_step_pcd_circuit_input(pk.commitment_to_translation_step_r1cs_vks, - primary_input.outgoing_message); - const bool compliance_step_ok = r1cs_ppzksnark::verifier_strong_input_consistency( - pk.compliance_step_r1cs_vks[compliance_predicate_idx], - compliance_step_input, - compliance_step_proof); - assert(compliance_step_ok); -#endif - - std::cout << "Prove translation step" << std::endl; - mp_translation_step_pcd_circuit_maker mp_translation_step_pcd_circuit( - pk.compliance_step_r1cs_vks[compliance_predicate_idx]); - - const r1cs_primary_input translation_step_primary_input = - get_mp_translation_step_pcd_circuit_input( - pk.commitment_to_translation_step_r1cs_vks, primary_input); - mp_translation_step_pcd_circuit.generate_r1cs_witness(translation_step_primary_input, - compliance_step_proof); - const r1cs_auxiliary_input translation_step_auxiliary_input = - mp_translation_step_pcd_circuit.get_auxiliary_input(); - - const typename r1cs_ppzksnark::proof_type translation_step_proof = - r1cs_ppzksnark::prover(pk.translation_step_r1cs_pks[compliance_predicate_idx], - translation_step_primary_input, - translation_step_auxiliary_input); - -#ifdef DEBUG - const bool translation_step_ok = r1cs_ppzksnark::verifier_strong_input_consistency( - pk.translation_step_r1cs_vks[compliance_predicate_idx], - translation_step_primary_input, - translation_step_proof); - assert(translation_step_ok); -#endif - - r1cs_mp_ppzkpcd_proof result; - result.compliance_predicate_idx = compliance_predicate_idx; - result.r1cs_proof = translation_step_proof; - return result; - } - - template - bool r1cs_mp_ppzkpcd_online_verifier(const r1cs_mp_ppzkpcd_processed_verification_key &pvk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof) { - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - std::cout << "Call to r1cs_mp_ppzkpcd_online_verifier" << std::endl; - const r1cs_primary_input r1cs_input = - get_mp_translation_step_pcd_circuit_input( - pvk.commitment_to_translation_step_r1cs_vks, primary_input); - const bool result = r1cs_ppzksnark::online_verifier_strong_input_consistency( - pvk.translation_step_r1cs_pvks[proof.compliance_predicate_idx], r1cs_input, proof.r1cs_proof); - - return result; - } - - template - r1cs_mp_ppzkpcd_processed_verification_key - r1cs_mp_ppzkpcd_process_vk(const r1cs_mp_ppzkpcd_verification_key &vk) { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - std::cout << "Call to r1cs_mp_ppzkpcd_processed_verification_key" << std::endl; - - r1cs_mp_ppzkpcd_processed_verification_key result; - result.commitment_to_translation_step_r1cs_vks = vk.commitment_to_translation_step_r1cs_vks; - - for (std::size_t i = 0; i < vk.compliance_step_r1cs_vks.size(); ++i) { - const typename r1cs_ppzksnark::processed_verification_key_type - compliance_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.compliance_step_r1cs_vks[i]); - const typename r1cs_ppzksnark::processed_verification_key - translation_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.translation_step_r1cs_vks[i]); - - result.compliance_step_r1cs_pvks.emplace_back(compliance_step_r1cs_pvk); - result.translation_step_r1cs_pvks.emplace_back(translation_step_r1cs_pvk); - } - - return result; - } - - template - bool r1cs_mp_ppzkpcd_verifier(const r1cs_mp_ppzkpcd_verification_key &vk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof) { - std::cout << "Call to r1cs_mp_ppzkpcd_verifier" << std::endl; - r1cs_mp_ppzkpcd_processed_verification_key pvk = r1cs_mp_ppzkpcd_process_vk(vk); - const bool result = r1cs_mp_ppzkpcd_online_verifier(pvk, primary_input, proof); - - return result; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_MP_PPZKPCD_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd_params.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd_params.hpp deleted file mode 100644 index 68c6cb4caa..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd_params.hpp +++ /dev/null @@ -1,61 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Parameters for *multi-predicate* ppzkPCD for R1CS. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_MP_PPZKPCD_PARAMS_HPP -#define CRYPTO3_ZK_R1CS_MP_PPZKPCD_PARAMS_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_mp_ppzkpcd_compliance_predicate = - r1cs_pcd_compliance_predicate>; - - template - using r1cs_mp_ppzkpcd_message = r1cs_pcd_message>; - - template - using r1cs_mp_ppzkpcd_local_data = r1cs_pcd_local_data>; - - template - using r1cs_mp_ppzkpcd_primary_input = - r1cs_pcd_compliance_predicate_primary_input>; - - template - using r1cs_mp_ppzkpcd_auxiliary_input = - r1cs_pcd_compliance_predicate_auxiliary_input>; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // R1CS_MP_PPZKPCD_PARAMS_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_pcd_params.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_pcd_params.hpp deleted file mode 100644 index 477df46019..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_pcd_params.hpp +++ /dev/null @@ -1,105 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_PCD_PARAMS_HPP -#define CRYPTO3_ZK_R1CS_PCD_PARAMS_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - class r1cs_pcd_compliance_predicate_primary_input { - public: - std::shared_ptr> outgoing_message; - - r1cs_pcd_compliance_predicate_primary_input( - const std::shared_ptr> &outgoing_message) : - outgoing_message(outgoing_message) { - } - r1cs_primary_input as_r1cs_primary_input() const { - return outgoing_message->as_r1cs_variable_assignment(); - } - }; - - template - class r1cs_pcd_compliance_predicate_auxiliary_input { - public: - std::vector>> incoming_messages; - std::shared_ptr> local_data; - r1cs_pcd_witness witness; - - r1cs_pcd_compliance_predicate_auxiliary_input( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data, - const r1cs_pcd_witness &witness) : - incoming_messages(incoming_messages), - local_data(local_data), witness(witness) { - } - - r1cs_auxiliary_input as_r1cs_auxiliary_input( - const std::vector &incoming_message_payload_lengths) const { - - const std::size_t arity = incoming_messages.size(); - - r1cs_auxiliary_input result; - result.emplace_back(typename FieldType::value_type(arity)); - - const std::size_t max_arity = incoming_message_payload_lengths.size(); - assert(arity <= max_arity); - - for (std::size_t i = 0; i < arity; ++i) { - const r1cs_variable_assignment msg_as_r1cs_va = - incoming_messages[i]->as_r1cs_variable_assignment(); - assert(msg_as_r1cs_va.size() == (1 + incoming_message_payload_lengths[i])); - result.insert(result.end(), msg_as_r1cs_va.begin(), msg_as_r1cs_va.end()); - } - - /* pad with dummy messages of appropriate size */ - for (std::size_t i = arity; i < max_arity; ++i) { - result.resize(result.size() + (1 + incoming_message_payload_lengths[i]), - FieldType::value_type::zero()); - } - - const r1cs_variable_assignment local_data_as_r1cs_va = - local_data->as_r1cs_variable_assignment(); - result.insert(result.end(), local_data_as_r1cs_va.begin(), local_data_as_r1cs_va.end()); - result.insert(result.end(), witness.begin(), witness.end()); - - return result; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // R1CS_PCD_PARAMS_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.hpp deleted file mode 100644 index e4b3ca4e44..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.hpp +++ /dev/null @@ -1,471 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// Single-Predicate ppzkPCD for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm -// - online verifier algorithm -// -// The implementation follows, extends, and optimizes the approach described -// in \[BCTV14]. Thus, PCD is constructed from two "matched" ppzkSNARKs for R1CS. -// -// Acronyms: -// -// "R1CS" = "Rank-1 Constraint Systems" -// "ppzkSNARK" = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// "ppzkPCD" = "Pre-Processing Zero-Knowledge Proof-Carrying Data" -// -// References: -// -// \[BCTV14]: -// "Scalable Zero Knowledge via Cycles of Elliptic Curves", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// CRYPTO 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SP_PPZKPCD_HPP -#define CRYPTO3_ZK_R1CS_SP_PPZKPCD_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS (single-predicate) ppzkPCD. - */ - template - class r1cs_sp_ppzkpcd_proving_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - r1cs_sp_ppzkpcd_compliance_predicate compliance_predicate; - - typename r1cs_ppzksnark::proving_key_type compliance_step_r1cs_pk; - typename r1cs_ppzksnark::proving_key_type translation_step_r1cs_pk; - - typename r1cs_ppzksnark::verification_key_type compliance_step_r1cs_vk; - typename r1cs_ppzksnark::verification_key_type translation_step_r1cs_vk; - - r1cs_sp_ppzkpcd_proving_key() {}; - r1cs_sp_ppzkpcd_proving_key(const r1cs_sp_ppzkpcd_proving_key &other) = default; - r1cs_sp_ppzkpcd_proving_key(r1cs_sp_ppzkpcd_proving_key &&other) = default; - r1cs_sp_ppzkpcd_proving_key( - const r1cs_sp_ppzkpcd_compliance_predicate &compliance_predicate, - typename r1cs_ppzksnark::proving_key_type &&compliance_step_r1cs_pk, - typename r1cs_ppzksnark::proving_key &_type &translation_step_r1cs_pk, - const typename r1cs_ppzksnark::verification_key_type &compliance_step_r1cs_vk, - const typename r1cs_ppzksnark::verification_key_type &translation_step_r1cs_vk) : - compliance_predicate(compliance_predicate), - compliance_step_r1cs_pk(std::move(compliance_step_r1cs_pk)), - translation_step_r1cs_pk(std::move(translation_step_r1cs_pk)), - compliance_step_r1cs_vk(std::move(compliance_step_r1cs_vk)), - translation_step_r1cs_vk(std::move(translation_step_r1cs_vk)) {}; - - r1cs_sp_ppzkpcd_proving_key & - operator=(const r1cs_sp_ppzkpcd_proving_key &other) = default; - - std::size_t size_in_bits() const { - return (compliance_step_r1cs_pk.size_in_bits() + translation_step_r1cs_pk.size_in_bits() + - compliance_step_r1cs_vk.size_in_bits() + translation_step_r1cs_vk.size_in_bits()); - } - - bool operator==(const r1cs_sp_ppzkpcd_proving_key &other) const; - }; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS (single-predicate) ppzkPCD. - */ - template - class r1cs_sp_ppzkpcd_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - typename r1cs_ppzksnark::verification_key_type compliance_step_r1cs_vk; - typename r1cs_ppzksnark::verification_key_type translation_step_r1cs_vk; - - r1cs_sp_ppzkpcd_verification_key() = default; - r1cs_sp_ppzkpcd_verification_key(const r1cs_sp_ppzkpcd_verification_key &other) = default; - r1cs_sp_ppzkpcd_verification_key(r1cs_sp_ppzkpcd_verification_key &&other) = default; - r1cs_sp_ppzkpcd_verification_key( - const typename r1cs_ppzksnark::verification_key_type &compliance_step_r1cs_vk, - const typename r1cs_ppzksnark::verification_key_type &translation_step_r1cs_vk) : - compliance_step_r1cs_vk(std::move(compliance_step_r1cs_vk)), - translation_step_r1cs_vk(std::move(translation_step_r1cs_vk)) {}; - - r1cs_sp_ppzkpcd_verification_key & - operator=(const r1cs_sp_ppzkpcd_verification_key &other) = default; - - std::size_t size_in_bits() const { - return (compliance_step_r1cs_vk.size_in_bits() + translation_step_r1cs_vk.size_in_bits()); - } - - bool operator==(const r1cs_sp_ppzkpcd_verification_key &other) const; - - static r1cs_sp_ppzkpcd_verification_key dummy_verification_key(); - }; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS (single-predicate) ppzkPCD. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class r1cs_sp_ppzkpcd_processed_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - typename r1cs_ppzksnark::processed_verification_key_type compliance_step_r1cs_pvk; - typename r1cs_ppzksnark::processed_verification_key_type translation_step_r1cs_pvk; - std::vector translation_step_r1cs_vk_bits; - - r1cs_sp_ppzkpcd_processed_verification_key() {}; - r1cs_sp_ppzkpcd_processed_verification_key( - const r1cs_sp_ppzkpcd_processed_verification_key &other) = default; - r1cs_sp_ppzkpcd_processed_verification_key( - r1cs_sp_ppzkpcd_processed_verification_key &&other) = default; - r1cs_sp_ppzkpcd_processed_verification_key( - typename r1cs_ppzksnark::processed_verification_key_type &&compliance_step_r1cs_pvk, - typename r1cs_ppzksnark::processed_verification_key_type &&translation_step_r1cs_pvk, - const std::vector &translation_step_r1cs_vk_bits) : - compliance_step_r1cs_pvk(std::move(compliance_step_r1cs_pvk)), - translation_step_r1cs_pvk(std::move(translation_step_r1cs_pvk)), - translation_step_r1cs_vk_bits(std::move(translation_step_r1cs_vk_bits)) {}; - - r1cs_sp_ppzkpcd_processed_verification_key & - operator=(const r1cs_sp_ppzkpcd_processed_verification_key &other) = default; - - std::size_t size_in_bits() const { - return (compliance_step_r1cs_pvk.size_in_bits() + translation_step_r1cs_pvk.size_in_bits() + - translation_step_r1cs_vk_bits.size()); - } - - bool operator==(const r1cs_sp_ppzkpcd_processed_verification_key &other) const; - }; - - /********************************* Key pair **********************************/ - - /** - * A key pair for the R1CS (single-predicate) ppzkPC, which consists of a proving key and a verification - * key. - */ - template - class r1cs_sp_ppzkpcd_keypair { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - r1cs_sp_ppzkpcd_proving_key pk; - r1cs_sp_ppzkpcd_verification_key vk; - - r1cs_sp_ppzkpcd_keypair() {}; - r1cs_sp_ppzkpcd_keypair(r1cs_sp_ppzkpcd_keypair &&other) = default; - r1cs_sp_ppzkpcd_keypair(r1cs_sp_ppzkpcd_proving_key &&pk, - r1cs_sp_ppzkpcd_verification_key &&vk) : - pk(std::move(pk)), - vk(std::move(vk)) {}; - r1cs_sp_ppzkpcd_keypair(typename r1cs_ppzksnark::keypair_type &&kp_A, - typename r1cs_ppzksnark::keypair_type &&kp_B) : - pk(std::move(kp_A.pk), std::move(kp_B.pk)), - vk(std::move(kp_A.vk), std::move(kp_B.vk)) {}; - }; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS (single-predicate) ppzkPCD. - */ - template - using r1cs_sp_ppzkpcd_proof = typename r1cs_ppzksnark::proof_type; - - /***************************** Main algorithms *******************************/ - - /** - * A generator algorithm for the R1CS (single-predicate) ppzkPCD. - * - * Given a compliance predicate, this algorithm produces proving and verification keys for the - * predicate. - */ - template - r1cs_sp_ppzkpcd_keypair r1cs_sp_ppzkpcd_generator( - const r1cs_sp_ppzkpcd_compliance_predicate &compliance_predicate); - - /** - * A prover algorithm for the R1CS (single-predicate) ppzkPCD. - * - * Given a proving key, inputs for the compliance predicate, and proofs for - * the predicate's input messages, this algorithm produces a proof (of knowledge) - * that attests to the compliance of the output message. - */ - template - r1cs_sp_ppzkpcd_proof - r1cs_sp_ppzkpcd_prover(const r1cs_sp_ppzkpcd_proving_key &pk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &incoming_proofs); - - /* - Below are two variants of verifier algorithm for the R1CS (single-predicate) ppzkPCD. - - These are the two cases that arise from whether the verifier accepts a - (non-processed) verification key or, instead, a processed verification key. - In the latter case, we call the algorithm an "online verifier". - */ - - /** - * A verifier algorithm for the R1CS (single-predicate) ppzkPCD that - * accepts a non-processed verification key. - */ - template - bool r1cs_sp_ppzkpcd_verifier(const r1cs_sp_ppzkpcd_verification_key &vk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof); - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - r1cs_sp_ppzkpcd_processed_verification_key - r1cs_sp_ppzkpcd_process_vk(const r1cs_sp_ppzkpcd_verification_key &vk); - - /** - * A verifier algorithm for the R1CS (single-predicate) ppzkPCD that - * accepts a processed verification key. - */ - template - bool r1cs_sp_ppzkpcd_online_verifier(const r1cs_sp_ppzkpcd_processed_verification_key &pvk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof); - - template - bool r1cs_sp_ppzkpcd_proving_key::operator==( - const r1cs_sp_ppzkpcd_proving_key &other) const { - return (this->compliance_predicate == other.compliance_predicate && - this->compliance_step_r1cs_pk == other.compliance_step_r1cs_pk && - this->translation_step_r1cs_pk == other.translation_step_r1cs_pk && - this->compliance_step_r1cs_vk == other.compliance_step_r1cs_vk && - this->translation_step_r1cs_vk == other.translation_step_r1cs_vk); - } - - template - bool r1cs_sp_ppzkpcd_verification_key::operator==( - const r1cs_sp_ppzkpcd_verification_key &other) const { - return (this->compliance_step_r1cs_vk == other.compliance_step_r1cs_vk && - this->translation_step_r1cs_vk == other.translation_step_r1cs_vk); - } - - /*template - r1cs_sp_ppzkpcd_verification_key - r1cs_sp_ppzkpcd_verification_key::dummy_verification_key() { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - r1cs_sp_ppzkpcd_verification_key result; - result.compliance_step_r1cs_vk = - typename r1cs_ppzksnark::verification_key_type::dummy_verification_key( - sp_compliance_step_pcd_circuit_maker::input_size_in_elts()); - result.translation_step_r1cs_vk = - typename r1cs_ppzksnark::verification_key::dummy_verification_key( - sp_translation_step_pcd_circuit_maker::input_size_in_elts()); - - return result; - }*/ - - template - bool r1cs_sp_ppzkpcd_processed_verification_key::operator==( - const r1cs_sp_ppzkpcd_processed_verification_key &other) const { - return (this->compliance_step_r1cs_pvk == other.compliance_step_r1cs_pvk && - this->translation_step_r1cs_pvk == other.translation_step_r1cs_pvk && - this->translation_step_r1cs_vk_bits == other.translation_step_r1cs_vk_bits); - } - - template - r1cs_sp_ppzkpcd_keypair r1cs_sp_ppzkpcd_generator( - const r1cs_sp_ppzkpcd_compliance_predicate &compliance_predicate) { - assert(algebra::Fr::mod == - algebra::Fq::mod); - assert(algebra::Fq::mod == - algebra::Fr::mod); - - typedef algebra::Fr FieldT_A; - typedef algebra::Fr FieldT_B; - - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - assert(compliance_predicate.is_well_formed()); - - sp_compliance_step_pcd_circuit_maker compliance_step_pcd_circuit(compliance_predicate); - compliance_step_pcd_circuit.generate_r1cs_constraints(); - const r1cs_constraint_system compliance_step_pcd_circuit_cs = - compliance_step_pcd_circuit.get_circuit(); - - typename r1cs_ppzksnark::keypair_type compliance_step_keypair = - typename r1cs_ppzksnark::generator(compliance_step_pcd_circuit_cs); - - sp_translation_step_pcd_circuit_maker translation_step_pcd_circuit( - compliance_step_keypair.vk); - translation_step_pcd_circuit.generate_r1cs_constraints(); - const r1cs_constraint_system translation_step_pcd_circuit_cs = - translation_step_pcd_circuit.get_circuit(); - - typename r1cs_ppzksnark::keypair_type translation_step_keypair = - typename r1cs_ppzksnark::generator(translation_step_pcd_circuit_cs); - - return r1cs_sp_ppzkpcd_keypair( - r1cs_sp_ppzkpcd_proving_key(compliance_predicate, - std::move(compliance_step_keypair.pk), - std::move(translation_step_keypair.pk), - compliance_step_keypair.vk, - translation_step_keypair.vk), - r1cs_sp_ppzkpcd_verification_key(compliance_step_keypair.vk, - translation_step_keypair.vk)); - } - - template - r1cs_sp_ppzkpcd_proof - r1cs_sp_ppzkpcd_prover(const r1cs_sp_ppzkpcd_proving_key &pk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &incoming_proofs) { - typedef algebra::Fr FieldT_A; - typedef algebra::Fr FieldT_B; - - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - const std::vector translation_step_r1cs_vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - pk.translation_step_r1cs_vk); - - sp_compliance_step_pcd_circuit_maker compliance_step_pcd_circuit( - pk.compliance_predicate); - compliance_step_pcd_circuit.generate_r1cs_witness( - pk.translation_step_r1cs_vk, primary_input, auxiliary_input, incoming_proofs); - - const r1cs_primary_input compliance_step_primary_input = - compliance_step_pcd_circuit.get_primary_input(); - const r1cs_auxiliary_input compliance_step_auxiliary_input = - compliance_step_pcd_circuit.get_auxiliary_input(); - - const typename r1cs_ppzksnark::proof_type compliance_step_proof = - r1cs_ppzksnark::prover( - pk.compliance_step_r1cs_pk, compliance_step_primary_input, compliance_step_auxiliary_input); - - sp_translation_step_pcd_circuit_maker translation_step_pcd_circuit( - pk.compliance_step_r1cs_vk); - - const r1cs_primary_input translation_step_primary_input = - get_sp_translation_step_pcd_circuit_input(translation_step_r1cs_vk_bits, - primary_input); - translation_step_pcd_circuit.generate_r1cs_witness( - translation_step_primary_input, compliance_step_proof); // TODO: potential for better naming - - const r1cs_auxiliary_input translation_step_auxiliary_input = - translation_step_pcd_circuit.get_auxiliary_input(); - const typename r1cs_ppzksnark::proof_type translation_step_proof = - r1cs_ppzksnark::prover(pk.translation_step_r1cs_pk, - translation_step_primary_input, - translation_step_auxiliary_input); - - return translation_step_proof; - } - - template - bool r1cs_sp_ppzkpcd_online_verifier(const r1cs_sp_ppzkpcd_processed_verification_key &pvk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof) - - { - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - const r1cs_primary_input r1cs_input = - get_sp_translation_step_pcd_circuit_input(pvk.translation_step_r1cs_vk_bits, - primary_input); - const bool result = r1cs_ppzksnark::online_verifier_strong_input_consistency( - pvk.translation_step_r1cs_pvk, r1cs_input, proof); - - return result; - } - - template - r1cs_sp_ppzkpcd_processed_verification_key - r1cs_sp_ppzkpcd_process_vk(const r1cs_sp_ppzkpcd_verification_key &vk) { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - typename r1cs_ppzksnark::processed_verification_key compliance_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.compliance_step_r1cs_vk); - typename r1cs_ppzksnark::processed_verification_key translation_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.translation_step_r1cs_vk); - const std::vector translation_step_r1cs_vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - vk.translation_step_r1cs_vk); - - return r1cs_sp_ppzkpcd_processed_verification_key(std::move(compliance_step_r1cs_pvk), - std::move(translation_step_r1cs_pvk), - translation_step_r1cs_vk_bits); - } - - template - bool r1cs_sp_ppzkpcd_verifier(const r1cs_sp_ppzkpcd_verification_key &vk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof) { - const r1cs_sp_ppzkpcd_processed_verification_key pvk = r1cs_sp_ppzkpcd_process_vk(vk); - const bool result = r1cs_sp_ppzkpcd_online_verifier(pvk, primary_input, proof); - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SP_PPZKPCD_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd_params.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd_params.hpp deleted file mode 100644 index f71b0bdd50..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd_params.hpp +++ /dev/null @@ -1,62 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Parameters for *single-predicate* ppzkPCD for R1CS. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SP_PPZKPCD_PARAMS_HPP -#define CRYPTO3_ZK_R1CS_SP_PPZKPCD_PARAMS_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - using r1cs_sp_ppzkpcd_compliance_predicate = - r1cs_pcd_compliance_predicate>; - - template - using r1cs_sp_ppzkpcd_message = r1cs_pcd_message>; - - template - using r1cs_sp_ppzkpcd_local_data = r1cs_pcd_local_data>; - - template - using r1cs_sp_ppzkpcd_primary_input = - r1cs_pcd_compliance_predicate_primary_input>; - - template - using r1cs_sp_ppzkpcd_auxiliary_input = - r1cs_pcd_compliance_predicate_auxiliary_input>; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // R1CS_SP_PPZKPCD_PARAMS_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/sp_pcd_circuits.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/sp_pcd_circuits.hpp deleted file mode 100644 index 057409050a..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/sp_pcd_circuits.hpp +++ /dev/null @@ -1,642 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality for creating and using the two PCD circuits in -// a single-predicate PCD construction. -// -// The implementation follows, extends, and optimizes the approach described -// in \[BCTV14]. At high level, there is a "compliance step" circuit and a -// "translation step" circuit. For more details see Section 4 of \[BCTV14]. -// -// -// References: -// -// \[BCTV14]: -// "Scalable Zero Knowledge via Cycles of Elliptic Curves", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// CRYPTO 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_SP_PCD_CIRCUITS_HPP -#define CRYPTO3_ZK_SP_PCD_CIRCUITS_HPP - -#include -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /**************************** Compliance step ********************************/ - - /** - * A compliance-step PCD circuit. - * - * The circuit is an R1CS that checks compliance (for the given compliance predicate) - * and validity of previous proofs. - */ - template - class sp_compliance_step_pcd_circuit_maker { - public: - typedef typename CurveType::scalar_field_type FieldType; - - r1cs_pcd_compliance_predicate compliance_predicate; - - blueprint bp; - - variable zero; - - std::shared_ptr> block_for_outgoing_message; - std::shared_ptr> hash_outgoing_message; - - std::vector> blocks_for_incoming_messages; - std::vector> - sp_translation_step_vk_and_incoming_message_payload_digests; - std::vector> - unpack_sp_translation_step_vk_and_incoming_message_payload_digests; - std::vector> - sp_translation_step_vk_and_incoming_message_payload_digest_bits; - std::vector> hash_incoming_messages; - - std::shared_ptr> sp_translation_step_vk; - blueprint_variable_vector sp_translation_step_vk_bits; - - variable outgoing_message_type; - blueprint_variable_vector outgoing_message_payload; - blueprint_variable_vector outgoing_message_vars; - - variable arity; - std::vector> incoming_message_types; - std::vector> incoming_message_payloads; - std::vector> incoming_message_vars; - - blueprint_variable_vector local_data; - blueprint_variable_vector cp_witness; - std::shared_ptr> compliance_predicate_as_component; - - blueprint_variable_vector outgoing_message_bits; - std::shared_ptr> unpack_outgoing_message; - - std::vector> incoming_messages_bits; - std::vector> unpack_incoming_messages; - - blueprint_variable_vector sp_compliance_step_pcd_circuit_input; - blueprint_variable_vector padded_translation_step_vk_and_outgoing_message_digest; - std::vector> - padded_translation_step_vk_and_incoming_messages_digests; - - std::vector> verifier_input; - std::vector> proof; - variable verification_result; - std::vector> verifiers; - - sp_compliance_step_pcd_circuit_maker( - const r1cs_pcd_compliance_predicate &compliance_predicate); - void generate_r1cs_constraints(); - r1cs_constraint_system get_circuit() const; - - void generate_r1cs_witness( - const r1cs_ppzksnark_verification_key> &translation_step_pcd_circuit_vk, - const r1cs_pcd_compliance_predicate_primary_input - &compliance_predicate_primary_input, - const r1cs_pcd_compliance_predicate_auxiliary_input - &compliance_predicate_auxiliary_input, - const std::vector>> &incoming_proofs); - r1cs_primary_input get_primary_input() const; - r1cs_auxiliary_input get_auxiliary_input() const; - - static std::size_t field_logsize(); - static std::size_t field_capacity(); - static std::size_t input_size_in_elts(); - static std::size_t input_capacity_in_bits(); - static std::size_t input_size_in_bits(); - }; - - /*************************** Translation step ********************************/ - - /** - * A translation-step PCD circuit. - * - * The circuit is an R1CS that checks validity of previous proofs. - */ - template - class sp_translation_step_pcd_circuit_maker { - public: - typedef typename CurveType::scalar_field_type FieldType; - - blueprint bp; - - blueprint_variable_vector sp_translation_step_pcd_circuit_input; - blueprint_variable_vector unpacked_sp_translation_step_pcd_circuit_input; - blueprint_variable_vector verifier_input; - std::shared_ptr> unpack_sp_translation_step_pcd_circuit_input; - - std::shared_ptr> - hardcoded_sp_compliance_step_vk; - std::shared_ptr> proof; - std::shared_ptr> online_verifier; - - sp_translation_step_pcd_circuit_maker( - const r1cs_ppzksnark_verification_key> &compliance_step_vk); - void generate_r1cs_constraints(); - r1cs_constraint_system get_circuit() const; - - void generate_r1cs_witness( - const r1cs_primary_input - translation_step_input, - const r1cs_ppzksnark_proof> &compliance_step_proof); - r1cs_primary_input get_primary_input() const; - r1cs_auxiliary_input get_auxiliary_input() const; - - static std::size_t field_logsize(); - static std::size_t field_capacity(); - static std::size_t input_size_in_elts(); - static std::size_t input_capacity_in_bits(); - static std::size_t input_size_in_bits(); - }; - - /****************************** Input maps ***********************************/ - - /** - * Obtain the primary input for a compliance-step PCD circuit. - */ - template - r1cs_primary_input get_sp_compliance_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input - &primary_input); - - /** - * Obtain the primary input for a translation-step PCD circuit. - */ - template - r1cs_primary_input get_sp_translation_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input< - other_curve::scalar_field_type::value_type> &primary_input); - - template - sp_compliance_step_pcd_circuit_maker::sp_compliance_step_pcd_circuit_maker( - const r1cs_pcd_compliance_predicate &compliance_predicate) : - compliance_predicate(compliance_predicate) { - /* calculate some useful sizes */ - assert(compliance_predicate.is_well_formed()); - assert(compliance_predicate.has_equal_input_and_output_lengths()); - - const std::size_t compliance_predicate_arity = compliance_predicate.max_arity; - const std::size_t digest_size = crh_with_field_out_component::get_digest_len(); - const std::size_t msg_size_in_bits = - field_logsize() * (1 + compliance_predicate.outgoing_message_payload_length); - const std::size_t sp_translation_step_vk_size_in_bits = - r1cs_ppzksnark_verification_key_variable::size_in_bits( - sp_translation_step_pcd_circuit_maker>::input_size_in_elts()); - const std::size_t padded_verifier_input_size = - sp_translation_step_pcd_circuit_maker>::input_capacity_in_bits(); - - const std::size_t block_size = msg_size_in_bits + sp_translation_step_vk_size_in_bits; - crh_with_bit_out_component::sample_randomness(block_size); - - /* allocate input of the compliance PCD circuit */ - sp_compliance_step_pcd_circuit_input.allocate(bp, input_size_in_elts()); - - /* allocate inputs to the compliance predicate */ - outgoing_message_type.allocate(bp); - outgoing_message_payload.allocate(bp, compliance_predicate.outgoing_message_payload_length); - - outgoing_message_vars.insert(outgoing_message_vars.end(), outgoing_message_type); - outgoing_message_vars.insert(outgoing_message_vars.end(), outgoing_message_payload.begin(), - outgoing_message_payload.end()); - - arity.allocate(bp); - - incoming_message_types.resize(compliance_predicate_arity); - incoming_message_payloads.resize(compliance_predicate_arity); - incoming_message_vars.resize(compliance_predicate_arity); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - incoming_message_types[i].allocate(bp); - incoming_message_payloads[i].allocate(bp, compliance_predicate.outgoing_message_payload_length); - - incoming_message_vars[i].insert(incoming_message_vars[i].end(), incoming_message_types[i]); - incoming_message_vars[i].insert(incoming_message_vars[i].end(), - incoming_message_payloads[i].begin(), - incoming_message_payloads[i].end()); - } - - local_data.allocate(bp, compliance_predicate.local_data_length); - cp_witness.allocate(bp, compliance_predicate.witness_length); - - /* convert compliance predicate from a constraint system into a component */ - blueprint_variable_vector incoming_messages_concat; - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - incoming_messages_concat.insert(incoming_messages_concat.end(), - incoming_message_vars[i].begin(), - incoming_message_vars[i].end()); - } - - compliance_predicate_as_component.reset(new component_from_r1cs( - bp, - {outgoing_message_vars, blueprint_variable_vector(1, arity), - incoming_messages_concat, local_data, cp_witness}, - compliance_predicate.constraint_system)); - - /* unpack messages to bits */ - outgoing_message_bits.allocate(bp, msg_size_in_bits); - unpack_outgoing_message.reset(new multipacking_component( - bp, outgoing_message_bits, outgoing_message_vars, field_logsize())); - - incoming_messages_bits.resize(compliance_predicate_arity); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - incoming_messages_bits[i].allocate(bp, msg_size_in_bits); - unpack_incoming_messages.emplace_back(multipacking_component( - bp, incoming_messages_bits[i], incoming_message_vars[i], field_logsize())); - } - - /* allocate digests */ - sp_translation_step_vk_and_incoming_message_payload_digests.resize(compliance_predicate_arity); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - sp_translation_step_vk_and_incoming_message_payload_digests[i].allocate(bp, digest_size); - } - - /* allocate blocks */ - sp_translation_step_vk_bits.allocate(bp, sp_translation_step_vk_size_in_bits); - - block_for_outgoing_message.reset( - new block_variable(bp, {sp_translation_step_vk_bits, outgoing_message_bits})); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - blocks_for_incoming_messages.emplace_back( - block_variable(bp, {sp_translation_step_vk_bits, incoming_messages_bits[i]})); - } - - /* allocate hash checkers */ - hash_outgoing_message.reset(new crh_with_field_out_component( - bp, block_size, *block_for_outgoing_message, sp_compliance_step_pcd_circuit_input)); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - hash_incoming_messages.emplace_back(crh_with_field_out_component( - bp, block_size, blocks_for_incoming_messages[i], - sp_translation_step_vk_and_incoming_message_payload_digests[i])); - } - - /* allocate useful zero variable */ - zero.allocate(bp); - - /* prepare arguments for the verifier */ - sp_translation_step_vk.reset(new r1cs_ppzksnark_verification_key_variable( - bp, sp_translation_step_vk_bits, - sp_translation_step_pcd_circuit_maker>::input_size_in_elts())); - - verification_result.allocate(bp); - sp_translation_step_vk_and_incoming_message_payload_digest_bits.resize(compliance_predicate_arity); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - sp_translation_step_vk_and_incoming_message_payload_digest_bits[i].allocate( - bp, digest_size * field_logsize()); - unpack_sp_translation_step_vk_and_incoming_message_payload_digests.emplace_back( - multipacking_component( - bp, - sp_translation_step_vk_and_incoming_message_payload_digest_bits[i], - sp_translation_step_vk_and_incoming_message_payload_digests[i], - field_logsize())); - - verifier_input.emplace_back(sp_translation_step_vk_and_incoming_message_payload_digest_bits[i]); - while (verifier_input[i].size() < padded_verifier_input_size) { - verifier_input[i].emplace_back(zero); - } - - proof.emplace_back(r1cs_ppzksnark_proof_variable(bp)); - verifiers.emplace_back(r1cs_ppzksnark_verifier_component( - bp, - *sp_translation_step_vk, - verifier_input[i], - sp_translation_step_pcd_circuit_maker>::field_capacity(), - proof[i], - verification_result)); - } - - bp.set_input_sizes(input_size_in_elts()); - } - - template - void sp_compliance_step_pcd_circuit_maker::generate_r1cs_constraints() { - const std::size_t digest_size = crh_with_bit_out_component::get_digest_len(); - const std::size_t dimension = knapsack_dimension::dimension; - const std::size_t compliance_predicate_arity = compliance_predicate.max_arity; - unpack_outgoing_message->generate_r1cs_constraints(true); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - unpack_incoming_messages[i].generate_r1cs_constraints(true); - } - - sp_translation_step_vk->generate_r1cs_constraints(true); - - hash_outgoing_message->generate_r1cs_constraints(); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - hash_incoming_messages[i].generate_r1cs_constraints(); - } - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - unpack_sp_translation_step_vk_and_incoming_message_payload_digests[i].generate_r1cs_constraints( - true); - } - - compliance_predicate_as_component->generate_r1cs_constraints(); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - proof[i].generate_r1cs_constraints(); - } - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - verifiers[i].generate_r1cs_constraints(); - } - - generate_r1cs_equals_const_constraint(bp, zero, FieldType::value_type::zero()); - generate_boolean_r1cs_constraint(bp, verification_result); - - /* type * (1-verification_result) = 0 */ - bp.add_r1cs_constraint( - r1cs_constraint(incoming_message_types[0], 1 - verification_result, 0)); - - /* all types equal */ - for (std::size_t i = 1; i < compliance_predicate.max_arity; ++i) { - bp.add_r1cs_constraint( - r1cs_constraint(1, incoming_message_types[0], incoming_message_types[i])); - } - - bp.add_r1cs_constraint(r1cs_constraint(1, arity, compliance_predicate_arity)); - bp.add_r1cs_constraint(r1cs_constraint( - 1, outgoing_message_type, typename FieldType::value_type(compliance_predicate.type))); - } - - template - r1cs_constraint_system - sp_compliance_step_pcd_circuit_maker::get_circuit() const { - return bp.get_constraint_system(); - } - - template - r1cs_primary_input - sp_compliance_step_pcd_circuit_maker::get_primary_input() const { - return bp.primary_input(); - } - - template - r1cs_auxiliary_input - sp_compliance_step_pcd_circuit_maker::get_auxiliary_input() const { - return bp.auxiliary_input(); - } - - template - void sp_compliance_step_pcd_circuit_maker::generate_r1cs_witness( - const r1cs_ppzksnark_verification_key> &sp_translation_step_pcd_circuit_vk, - const r1cs_pcd_compliance_predicate_primary_input &compliance_predicate_primary_input, - const r1cs_pcd_compliance_predicate_auxiliary_input - &compliance_predicate_auxiliary_input, - const std::vector>> &incoming_proofs) { - const std::size_t compliance_predicate_arity = compliance_predicate.max_arity; - this->bp.clear_values(); - this->bp.val(zero) = FieldType::value_type::zero(); - - compliance_predicate_as_component->generate_r1cs_witness( - compliance_predicate_primary_input.as_r1cs_primary_input(), - compliance_predicate_auxiliary_input.as_r1cs_auxiliary_input( - compliance_predicate.incoming_message_payload_lengths)); - this->bp.val(arity) = typename FieldType::value_type(compliance_predicate_arity); - unpack_outgoing_message->generate_r1cs_witness_from_packed(); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - unpack_incoming_messages[i].generate_r1cs_witness_from_packed(); - } - - sp_translation_step_vk->generate_r1cs_witness(sp_translation_step_pcd_circuit_vk); - hash_outgoing_message->generate_r1cs_witness(); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - hash_incoming_messages[i].generate_r1cs_witness(); - unpack_sp_translation_step_vk_and_incoming_message_payload_digests[i] - .generate_r1cs_witness_from_packed(); - } - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - proof[i].generate_r1cs_witness(incoming_proofs[i]); - verifiers[i].generate_r1cs_witness(); - } - - if (this->bp.val(incoming_message_types[0]) != FieldType::value_type::zero()) { - this->bp.val(verification_result) = FieldType::value_type::zero(); - } - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::field_logsize() { - return typename CurveType::scalar_field_type::value_bits; - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::field_capacity() { - return typename CurveType::scalar_field_type::capacity(); - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::input_size_in_elts() { - const std::size_t digest_size = crh_with_field_out_component::get_digest_len(); - return digest_size; - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::input_capacity_in_bits() { - return input_size_in_elts() * field_capacity(); - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::input_size_in_bits() { - return input_size_in_elts() * field_logsize(); - } - - template - sp_translation_step_pcd_circuit_maker::sp_translation_step_pcd_circuit_maker( - const r1cs_ppzksnark_verification_key> &sp_compliance_step_vk) { - /* allocate input of the translation PCD circuit */ - sp_translation_step_pcd_circuit_input.allocate(bp, input_size_in_elts()); - - /* unpack translation step PCD circuit input */ - unpacked_sp_translation_step_pcd_circuit_input.allocate( - bp, sp_compliance_step_pcd_circuit_maker>::input_size_in_bits()); - unpack_sp_translation_step_pcd_circuit_input.reset( - new multipacking_component(bp, unpacked_sp_translation_step_pcd_circuit_input, - sp_translation_step_pcd_circuit_input, field_capacity())); - - /* prepare arguments for the verifier */ - hardcoded_sp_compliance_step_vk.reset( - new r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable( - bp, sp_compliance_step_vk)); - proof.reset(new r1cs_ppzksnark_proof_variable(bp)); - - /* verify previous proof */ - online_verifier.reset(new r1cs_ppzksnark_online_verifier_component( - bp, - *hardcoded_sp_compliance_step_vk, - unpacked_sp_translation_step_pcd_circuit_input, - sp_compliance_step_pcd_circuit_maker>::field_logsize(), - *proof, - variable(0))); - bp.set_input_sizes(input_size_in_elts()); - } - - template - void sp_translation_step_pcd_circuit_maker::generate_r1cs_constraints() { - unpack_sp_translation_step_pcd_circuit_input->generate_r1cs_constraints(true); - - proof->generate_r1cs_constraints(); - - online_verifier->generate_r1cs_constraints(); - } - - template - r1cs_constraint_system - sp_translation_step_pcd_circuit_maker::get_circuit() const { - return bp.get_constraint_system(); - } - - template - void sp_translation_step_pcd_circuit_maker::generate_r1cs_witness( - const r1cs_primary_input - sp_translation_step_input, - const r1cs_ppzksnark_proof> &compliance_step_proof) { - this->bp.clear_values(); - sp_translation_step_pcd_circuit_input.fill_with_field_elements(bp, sp_translation_step_input); - unpack_sp_translation_step_pcd_circuit_input->generate_r1cs_witness_from_packed(); - - proof->generate_r1cs_witness(compliance_step_proof); - online_verifier->generate_r1cs_witness(); - } - - template - r1cs_primary_input - sp_translation_step_pcd_circuit_maker::get_primary_input() const { - return bp.primary_input(); - } - - template - r1cs_auxiliary_input - sp_translation_step_pcd_circuit_maker::get_auxiliary_input() const { - return bp.auxiliary_input(); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::field_logsize() { - return typename CurveType::scalar_field_type::value_bits; - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::field_capacity() { - return typename CurveType::scalar_field_type::capacity(); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::input_size_in_elts() { - return algebra::div_ceil( - sp_compliance_step_pcd_circuit_maker>::input_size_in_bits(), - sp_translation_step_pcd_circuit_maker::field_capacity()); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::input_capacity_in_bits() { - return input_size_in_elts() * field_capacity(); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::input_size_in_bits() { - return input_size_in_elts() * field_logsize(); - } - - template - r1cs_primary_input get_sp_compliance_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input - &primary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const r1cs_variable_assignment outgoing_message_as_va = - primary_input.outgoing_message->as_r1cs_variable_assignment(); - std::vector msg_bits; - for (const typename FieldType::value_type &elt : outgoing_message_as_va) { - const std::vector elt_bits = algebra::convert_field_element_to_bit_vector(elt); - msg_bits.insert(msg_bits.end(), elt_bits.begin(), elt_bits.end()); - } - - std::vector block; - block.insert(block.end(), sp_translation_step_vk_bits.begin(), sp_translation_step_vk_bits.end()); - block.insert(block.end(), msg_bits.begin(), msg_bits.end()); - - crh_with_field_out_component::sample_randomness(block.size()); - - const std::vector digest = - crh_with_field_out_component::get_hash(block); - - return digest; - } - - template - r1cs_primary_input get_sp_translation_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input< - other_curve::scalar_field_type::value_type> &primary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const std::vector::scalar_field_type::value_type> - sp_compliance_step_pcd_circuit_input = - get_sp_compliance_step_pcd_circuit_input>( - sp_translation_step_vk_bits, primary_input); - std::vector sp_compliance_step_pcd_circuit_input_bits; - for (const other_curve::scalar_field_type::value_type &elt : - sp_compliance_step_pcd_circuit_input) { - const std::vector elt_bits = algebra::convert_field_element_to_bit_vector< - other_curve::scalar_field_type::value_type>(elt); - sp_compliance_step_pcd_circuit_input_bits.insert( - sp_compliance_step_pcd_circuit_input_bits.end(), elt_bits.begin(), elt_bits.end()); - } - - sp_compliance_step_pcd_circuit_input_bits.resize( - sp_translation_step_pcd_circuit_maker::input_capacity_in_bits(), false); - - const r1cs_primary_input result = - algebra::pack_bit_vector_into_field_element_vector( - sp_compliance_step_pcd_circuit_input_bits, - sp_translation_step_pcd_circuit_maker::field_capacity()); - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_SP_PCD_CIRCUITS_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp index 6b319cf6be..c6d07e51ba 100644 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp +++ b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_PLONK_BATCHED_KATE_PROVING_KEY_HPP #include -#include namespace nil { namespace crypto3 { diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp index 74726d5271..7062da58eb 100644 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp +++ b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_PLONK_BATCHED_KATE_VERIFICATION_KEY_HPP #include -#include namespace nil { namespace crypto3 { diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp index afbd73465c..c7c74e325f 100644 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp +++ b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp @@ -330,6 +330,7 @@ namespace nil { ++j; } } + typename FieldType::value_type mask_value = FieldType::value_type::one() - proof.eval_proof.eval_proof.z.get(FIXED_VALUES_BATCH, common_data.permuted_columns.size() * 2, 0) - proof.eval_proof.eval_proof.z.get(FIXED_VALUES_BATCH, common_data.permuted_columns.size() * 2 + 1, 0); diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/detail/basic_policy.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/detail/basic_policy.hpp deleted file mode 100644 index bc99d1cf8b..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/detail/basic_policy.hpp +++ /dev/null @@ -1,1282 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkADSNARK for R1CS. -// -// This includes: -// - class for authentication key (public and symmetric) -// - class for authentication verification key (public and symmetric) -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key tuple (authentication key & proving key & verification key) -// - class for authenticated data -// - class for proof -// - generator algorithm -// - authentication key generator algorithm -// - prover algorithm -// - verifier algorithm (public and symmetric) -// - online verifier algorithm (public and symmetric) -// -// The implementation instantiates the construction in \[BBFR15], which in turn -// is based on the r1cs_ppzkadsnark proof system. -// -// Acronyms: -// -// - R1CS = "Rank-1 Constraint Systems" -// - ppzkADSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge Over Authenticated Data" -// -// References: -// -//\[BBFR15] -//"ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data", -// Michael Backes, Manuel Barbosa, Dario Fiore, Raphael M. Reischuk, -// IEEE Symposium on Security and Privacy 2015, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKADSNARK_BASIC_POLICY_HPP -#define CRYPTO3_R1CS_PPZKADSNARK_BASIC_POLICY_HPP - -#include - -#include -#include - -#include - -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct r1cs_ppzkadsnark_basic_policy { - - /******************************** Params ********************************/ - - struct label_type { - unsigned char label_bytes[16]; - label_type() {}; - }; - - /** - * Below are various template aliases (used for convenience). - */ - - template - using snark_pp = typename r1cs_ppzkadsnark_ppT::snark_pp; - - template - using constraint_system = r1cs_constraint_system>>; - - template - using primary_input = r1cs_primary_input>>; - - template - using auxiliary_input = r1cs_auxiliary_input>>; - - template - using secret_key = typename r1cs_ppzkadsnark_ppT::skT; - - template - using vkT = typename r1cs_ppzkadsnark_ppT::vkT; - - template - using signature = typename r1cs_ppzkadsnark_ppT::sigT; - - template - using prf_key = typename r1cs_ppzkadsnark_ppT::prfKeyT; - - /******************************** Public authentication parameters - * ********************************/ - - /** - * Public authentication parameters for the R1CS ppzkADSNARK - */ - struct pub_auth_prms { - - typename CurveType::template g1_type<>::value_type I1; - - pub_auth_prms() {}; - pub_auth_prms &operator=(const pub_auth_prms &other) = default; - pub_auth_prms(const pub_auth_prms &other) = default; - pub_auth_prms(pub_auth_prms &&other) = default; - pub_auth_prms(typename CurveType::template g1_type<>::value_type &&I1) : - I1(std::move(I1)) {}; - - bool operator==(const pub_auth_prms &other) const { - return (this->I1 == other.I1); - } - }; - - /******************************** Secret authentication key ********************************/ - - /** - * Secret authentication key for the R1CS ppzkADSNARK - */ - struct sec_auth_key { - - typename CurveType::scalar_field_type::value_type i; - - secret_key skp; - prf_key S; - - sec_auth_key() {}; - sec_auth_key &operator=(const sec_auth_key &other) = default; - sec_auth_key(const sec_auth_key &other) = default; - sec_auth_key(sec_auth_key &&other) = default; - sec_auth_key(typename CurveType::scalar_field_type::value_type &&i, - secret_key &&skp, - prf_key &&S) : - i(std::move(i)), - skp(std::move(skp)), S(std::move(S)) {}; - - bool operator==(const sec_auth_key &other) const { - return (this->i == other.i) && (this->skp == other.skp) && (this->S == other.S); - } - }; - - /******************************** Public authentication key ********************************/ - - /** - * Public authentication key for the R1CS ppzkADSNARK - */ - struct pub_auth_key { - - typename CurveType::template g2_type<>::value_type minusI2; - vkT vkp; - - pub_auth_key() {}; - pub_auth_key &operator=(const pub_auth_key &other) = default; - pub_auth_key(const pub_auth_key &other) = default; - pub_auth_key(pub_auth_key &&other) = default; - pub_auth_key(typename CurveType::template g2_type<>::value_type &&minusI2, - vkT &&vkp) : - minusI2(std::move(minusI2)), - vkp(std::move(vkp)) {}; - - bool operator==(const pub_auth_key &other) const { - return (this->minusI2 == other.minusI2) && (this->vkp == other.vkp); - } - }; - - /******************************** Authentication key material ********************************/ - struct auth_keys { - - pub_auth_prms pap; - pub_auth_key pak; - sec_auth_key sak; - - auth_keys() {}; - auth_keys(auth_keys &&other) = default; - auth_keys(pub_auth_prms &&pap, - pub_auth_key &&pak, - sec_auth_key &&sak) : - pap(std::move(pap)), - pak(std::move(pak)), sak(std::move(sak)) { - } - }; - - /******************************** Authenticated data ********************************/ - - /** - * Authenticated data for the R1CS ppzkADSNARK - */ - struct auth_data { - - typename CurveType::scalar_field_type::value_type mu; - typename CurveType::template g2_type<>::value_type Lambda; - - signature sigma; - - auth_data() {}; - auth_data &operator=(const auth_data &other) = default; - auth_data(const auth_data &other) = default; - auth_data(auth_data &&other) = default; - - auth_data(typename CurveType::scalar_field_type::value_type &&mu, - typename CurveType::template g2_type<>::value_type &&Lambda, - - signature &&sigma) : - mu(std::move(mu)), - Lambda(std::move(Lambda)), sigma(std::move(sigma)) {}; - - bool operator==(const auth_data &other) const { - return (this->mu == other.mu) && (this->Lambda == other.Lambda) && - (this->sigma == other.sigma); - } - }; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS ppzkADSNARK. - */ - class proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - knowledge_commitment_vector A_query; - knowledge_commitment_vector B_query; - knowledge_commitment_vector C_query; - - typename std::vector H_query; // t powers - typename std::vector K_query; - /* Now come the additional elements for ad */ - typename g1_value_type rA_i_Z_g1; - - constraint_system constraint_system; - - proving_key() {}; - proving_key &operator=(const proving_key &other) = default; - proving_key(const proving_key &other) = default; - proving_key(proving_key &&other) = default; - proving_key(knowledge_commitment_vector &&A_query, - knowledge_commitment_vector &&B_query, - knowledge_commitment_vector &&C_query, - typename std::vector &&H_query, - typename std::vector &&K_query, - g1_value_type &&rA_i_Z_g1, - constraint_system &&constraint_system) : - A_query(std::move(A_query)), - B_query(std::move(B_query)), C_query(std::move(C_query)), H_query(std::move(H_query)), - K_query(std::move(K_query)), rA_i_Z_g1(std::move(rA_i_Z_g1)), - constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return 2 * (A_query.domain_size() + C_query.domain_size()) + B_query.domain_size() + - H_query.size() + K_query.size() + 1; - } - - std::size_t G2_size() const { - return B_query.domain_size(); - } - - std::size_t G1_sparse_size() const { - return 2 * (A_query.size() + C_query.size()) + B_query.size() + H_query.size() + - K_query.size() + 1; - } - - std::size_t G2_sparse_size() const { - return B_query.size(); - } - - std::size_t size_in_bits() const { - return A_query.size_in_bits() + B_query.size_in_bits() + C_query.size_in_bits() + - H_query.size() * g1_type::value_bits + K_query.size() * g1_type::value_bits + - g1_type::value_bits; - } - - bool operator==(const proving_key &other) const { - return (this->A_query == other.A_query && this->B_query == other.B_query && - this->C_query == other.C_query && this->H_query == other.H_query && - this->K_query == other.K_query && this->rA_i_Z_g1 == other.rA_i_Z_g1 && - this->constraint_system == other.constraint_system); - } - }; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS ppzkADSNARK. - */ - struct verification_key { - - typename CurveType::template g2_type<>::value_type alphaA_g2; - typename CurveType::template g1_type<>::value_type alphaB_g1; - typename CurveType::template g2_type<>::value_type alphaC_g2; - typename CurveType::template g2_type<>::value_type gamma_g2; - typename CurveType::template g1_type<>::value_type gamma_beta_g1; - typename CurveType::template g2_type<>::value_type gamma_beta_g2; - typename CurveType::template g2_type<>::value_type rC_Z_g2; - - typename CurveType::template g1_type<>::value_type A0; - typename std::vector::value_type> Ain; - - verification_key() = default; - verification_key( - const typename CurveType::template g2_type<>::value_type &alphaA_g2, - const typename CurveType::template g1_type<>::value_type &alphaB_g1, - const typename CurveType::template g2_type<>::value_type &alphaC_g2, - const typename CurveType::template g2_type<>::value_type &gamma_g2, - const typename CurveType::template g1_type<>::value_type &gamma_beta_g1, - const typename CurveType::template g2_type<>::value_type &gamma_beta_g2, - const typename CurveType::template g2_type<>::value_type &rC_Z_g2, - const typename CurveType::template g1_type<>::value_type A0, - const typename std::vector::value_type> - Ain) : - alphaA_g2(alphaA_g2), - alphaB_g1(alphaB_g1), alphaC_g2(alphaC_g2), gamma_g2(gamma_g2), - gamma_beta_g1(gamma_beta_g1), gamma_beta_g2(gamma_beta_g2), rC_Z_g2(rC_Z_g2), A0(A0), - Ain(Ain) {}; - - std::size_t G1_size() const { - return 3 + Ain.size(); - } - - std::size_t G2_size() const { - return 5; - } - - std::size_t size_in_bits() const { - return G1_size() * CurveType::template g1_type<>::value_type::value_bits + - G2_size() * - CurveType::template g2_type<>::value_type::value_bits; // possible zksnark - // bug - } - - bool operator==(const verification_key &other) const { - return (this->alphaA_g2 == other.alphaA_g2 && this->alphaB_g1 == other.alphaB_g1 && - this->alphaC_g2 == other.alphaC_g2 && this->gamma_g2 == other.gamma_g2 && - this->gamma_beta_g1 == other.gamma_beta_g1 && - this->gamma_beta_g2 == other.gamma_beta_g2 && this->rC_Z_g2 == other.rC_Z_g2 && - this->A0 == other.A0 && this->Ain == other.Ain); - } - }; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS ppzkADSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - class processed_verification_key { - using pairing_policy = typename pairing::pairing_policy; - - public: - typename pairing_policy::g2_precomputed_type pp_G2_one_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaA_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_alphaB_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaC_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_rC_Z_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_gamma_beta_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_beta_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_rC_i_g2_precomp; - - typename CurveType::template g1_type<>::value_type A0; - typename std::vector::value_type> Ain; - - std::vector proof_g_vki_precomp; - - bool operator==(const processed_verification_key &other) const { - bool result = (this->pp_G2_one_precomp == other.pp_G2_one_precomp && - this->vk_alphaA_g2_precomp == other.vk_alphaA_g2_precomp && - this->vk_alphaB_g1_precomp == other.vk_alphaB_g1_precomp && - this->vk_alphaC_g2_precomp == other.vk_alphaC_g2_precomp && - this->vk_rC_Z_g2_precomp == other.vk_rC_Z_g2_precomp && - this->vk_gamma_g2_precomp == other.vk_gamma_g2_precomp && - this->vk_gamma_beta_g1_precomp == other.vk_gamma_beta_g1_precomp && - this->vk_gamma_beta_g2_precomp == other.vk_gamma_beta_g2_precomp && - this->vk_rC_i_g2_precomp == other.vk_rC_i_g2_precomp && - this->A0 == other.A0 && this->Ain == other.Ain && - this->proof_g_vki_precomp.size() == other.proof_g_vki_precomp.size()); - if (result) { - for (std::size_t i = 0; i < this->proof_g_vki_precomp.size(); i++) - result &= this->proof_g_vki_precomp[i] == other.proof_g_vki_precomp[i]; - } - return result; - } - }; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS ppzkADSNARK, which consists of a proving key and a verification key. - */ - struct keypair { - - proving_key pk; - verification_key vk; - - keypair() = default; - keypair(const keypair &other) = default; - keypair(proving_key &&pk, verification_key &&vk) : - pk(std::move(pk)), vk(std::move(vk)) { - } - - keypair(keypair &&other) = default; - }; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS ppzkADSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - class proof { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - typename knowledge_commitment::value_type g_A; - typename knowledge_commitment::value_type g_B; - typename knowledge_commitment::value_type g_C; - g1_value_type g_H; - g1_value_type g_K; - typename knowledge_commitment::value_type g_Aau; - g1_value_type muA; - - proof() { - // invalid proof with valid curve points - this->g_A.g = g1_value_type::one(); - this->g_A.h = g1_value_type::one(); - this->g_B.g = g2_value_type::one(); - this->g_B.h = g1_value_type::one(); - this->g_C.g = g1_value_type::one(); - this->g_C.h = g1_value_type::one(); - this->g_H = g1_value_type::one(); - this->g_K = g1_value_type::one(); - g_Aau = typename knowledge_commitment::value_type( - g1_value_type::one(), g1_value_type::one()); - - this->muA = g1_value_type::one(); - } - proof(typename knowledge_commitment::value_type &&g_A, - typename knowledge_commitment::value_type &&g_B, - typename knowledge_commitment::value_type &&g_C, - g1_value_type &&g_H, - g1_value_type &&g_K, - typename knowledge_commitment::value_type &&g_Aau, - g1_value_type &&muA) : - g_A(std::move(g_A)), - g_B(std::move(g_B)), g_C(std::move(g_C)), g_H(std::move(g_H)), g_K(std::move(g_K)), - g_Aau(std::move(g_Aau)), muA(std::move(muA)) {}; - - std::size_t G1_size() const { - return 10; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_value_type::value_bits + G2_size() * g2_value_type::value_bits; - } - - bool is_well_formed() const { - return (g_A.g.is_well_formed() && g_A.h.is_well_formed() && g_B.g.is_well_formed() && - g_B.h.is_well_formed() && g_C.g.is_well_formed() && g_C.h.is_well_formed() && - g_H.is_well_formed() && g_K.is_well_formed() && g_Aau.g.is_well_formed() && - g_Aau.h.is_well_formed() && muA.is_well_formed()); - } - - bool operator==(const proof &other) const { - return (this->g_A == other.g_A && this->g_B == other.g_B && this->g_C == other.g_C && - this->g_H == other.g_H && this->g_K == other.g_K && - this->g_Aau == other.g_Aau && this->muA == other.muA); - } - }; - - /***************************** Main algorithms *******************************/ - - /** - * R1CS ppZKADSNARK authentication parameters generator algorithm. - */ - static auth_keys auth_generator(void) { - kpT sigkp = sigGen(); - prf_key prfseed = prfGen(); - CurveType i = algebra::random_element(); - typename CurveType::template g1_type<>::value_type I1 = - i * CurveType::template g1_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type minusI2 = - CurveType::template g2_type<>::value_type::zero() - - i * CurveType::template g2_type<>::value_type::one(); - return auth_keys( - pub_auth_prms(std::move(I1)), - pub_auth_key(std::move(minusI2), std::move(sigkp.vk)), - sec_auth_key(std::move(i), std::move(sigkp.sk), std::move(prfseed))); - } - - /** - * R1CS ppZKADSNARK authentication algorithm. - */ - static std::vector> - auth_sign(const std::vector &ins, - const sec_auth_key &sk, - const std::vector - labels) { - assert(labels.size() == ins.size()); - std::vector> res; - res.reserve(ins.size()); - for (std::size_t i = 0; i < ins.size(); i++) { - typename CurveType::scalar_field_type::value_type lambda = - prfCompute(sk.S, labels[i]); - typename CurveType::template g2_type<>::value_type Lambda = - lambda * CurveType::template g2_type<>::value_type::one(); - signature sig = sigSign(sk.skp, labels[i], Lambda); - auth_data val(std::move(lambda + sk.i * ins[i]), std::move(Lambda), - std::move(sig)); - res.emplace_back(val); - } - return std::move(res); - } - - /** - * R1CS ppZKADSNARK authentication verification algorithms. - */ - // symmetric - static bool - auth_verify(const std::vector &data, - const std::vector> &auth_data, - const sec_auth_key &sak, - const std::vector &labels) { - assert((data.size() == labels.size()) && (auth_data.size() == labels.size())); - bool res = true; - for (std::size_t i = 0; i < data.size(); i++) { - typename CurveType::scalar_field_type::value_type lambda = - prfCompute(sak.S, labels[i]); - typename CurveType::scalar_field_type::value_type mup = lambda + sak.i * data[i]; - res = res && (auth_data[i].mu == mup); - } - return res; - } - - // public - static bool - auth_verify(const std::vector &data, - const std::vector> &auth_data, - const pub_auth_key &pak, - const std::vector &labels) { - assert((data.size() == labels.size()) && (data.size() == auth_data.size())); - bool res = true; - for (std::size_t i = 0; i < auth_data.size(); i++) { - typename CurveType::template g2_type<>::value_type Mup = - auth_data[i].Lambda - data[i] * pak.minusI2; - res = - res && (auth_data[i].mu * CurveType::template g2_type<>::value_type::one() == Mup); - res = res && - sigVerif(pak.vkp, labels[i], auth_data[i].Lambda, auth_data[i].sigma); - } - return res; - } - - /** - * A generator algorithm for the R1CS ppzkADSNARK. - * - * Given a R1CS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - static keypair generator(const constraint_system &cs, - const pub_auth_prms &prms) { - - /* make the B_query "lighter" if possible */ - constraint_system cs_copy(cs); - cs_copy.swap_AB_if_beneficial(); - - /* draw random element at which the QAP is evaluated */ - const typename CurveType::scalar_field_type::value_type t = - algebra::random_element(); - - qap_instance_evaluation qap_inst = - r1cs_to_qap::instance_map_with_evaluation(cs_copy, t); - - printf("* QAP number of variables: %zu\n", qap_inst.num_variables()); - printf("* QAP pre degree: %zu\n", cs_copy.constraints.size()); - printf("* QAP degree: %zu\n", qap_inst.degree()); - printf("* QAP number of input variables: %zu\n", qap_inst.num_inputs()); - - std::size_t non_zero_At = 0, non_zero_Bt = 0, non_zero_Ct = 0, non_zero_Ht = 0; - for (std::size_t i = 0; i < qap_inst.num_variables() + 1; ++i) { - if (!qap_inst.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap_inst.Bt[i].is_zero()) { - ++non_zero_Bt; - } - if (!qap_inst.Ct[i].is_zero()) { - ++non_zero_Ct; - } - } - for (std::size_t i = 0; i < qap_inst.degree() + 1; ++i) { - if (!qap_inst.Ht[i].is_zero()) { - ++non_zero_Ht; - } - } - - algebra::Fr_vector> At = std::move( - qap_inst.At); // qap_inst.At is now in unspecified state, but we do not use it later - algebra::Fr_vector> Bt = std::move( - qap_inst.Bt); // qap_inst.Bt is now in unspecified state, but we do not use it later - algebra::Fr_vector> Ct = std::move( - qap_inst.Ct); // qap_inst.Ct is now in unspecified state, but we do not use it later - algebra::Fr_vector> Ht = std::move( - qap_inst.Ht); // qap_inst.Ht is now in unspecified state, but we do not use it later - - /* append Zt to At,Bt,Ct with */ - At.emplace_back(qap_inst.Zt); - Bt.emplace_back(qap_inst.Zt); - Ct.emplace_back(qap_inst.Zt); - - const typename CurveType::scalar_field_type::value_type - alphaA = algebra::random_element(), - alphaB = algebra::random_element(), - alphaC = algebra::random_element(), - rA = algebra::random_element(), - rB = algebra::random_element(), - beta = algebra::random_element(), - gamma = algebra::random_element(); - const typename CurveType::scalar_field_type::value_type rC = rA * rB; - - // construct the same-coefficient-check query (must happen before zeroing out the prefix of - // At) - algebra::Fr_vector> Kt; - Kt.reserve(qap_inst.num_variables() + 4); - for (std::size_t i = 0; i < qap_inst.num_variables() + 1; ++i) { - Kt.emplace_back(beta * (rA * At[i] + rB * Bt[i] + rC * Ct[i])); - } - Kt.emplace_back(beta * rA * qap_inst.Zt); - Kt.emplace_back(beta * rB * qap_inst.Zt); - Kt.emplace_back(beta * rC * qap_inst.Zt); - - const std::size_t g1_exp_count = 2 * (non_zero_At - qap_inst.num_inputs() + non_zero_Ct) + - non_zero_Bt + non_zero_Ht + Kt.size(); - const std::size_t g2_exp_count = non_zero_Bt; - - std::size_t g1_window = - algebra::get_exp_window_size::value_type>( - g1_exp_count); - std::size_t g2_window = - algebra::get_exp_window_size::value_type>( - g2_exp_count); - printf("* G1 window: %zu\n", g1_window); - printf("* G2 window: %zu\n", g2_window); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - algebra::window_table g1_table = - algebra::get_window_table( - CurveType::scalar_field_type::value_bits, g1_window, - CurveType::template g1_type<>::value_type::one()); - - algebra::window_table g2_table = - algebra::get_window_table( - CurveType::scalar_field_type::value_bits, g2_window, - CurveType::template g2_type<>::value_type::one()); - - knowledge_commitment_vector - A_query = kc_batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_window, - g1_table, g1_table, rA, rA * alphaA, At, chunks); - - knowledge_commitment_vector - B_query = kc_batch_exp(CurveType::scalar_field_type::value_bits, g2_window, g1_window, - g2_table, g1_table, rB, rB * alphaB, Bt, chunks); - - knowledge_commitment_vector - C_query = kc_batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_window, - g1_table, g1_table, rC, rC * alphaC, Ct, chunks); - - typename std::vector::value_type> H_query = - batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_table, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector::value_type> K_query = - batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_table, Kt); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(K_query); -#endif - - typename CurveType::template g2_type<>::value_type alphaA_g2 = - alphaA * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g1_type<>::value_type alphaB_g1 = - alphaB * CurveType::template g1_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type alphaC_g2 = - alphaC * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type gamma_g2 = - gamma * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g1_type<>::value_type gamma_beta_g1 = - (gamma * beta) * CurveType::template g1_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type gamma_beta_g2 = - (gamma * beta) * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type rC_Z_g2 = - (rC * qap_inst.Zt) * CurveType::template g2_type<>::value_type::one(); - - typename CurveType::template g1_type<>::value_type rA_i_Z_g1 = (rA * qap_inst.Zt) * prms.I1; - - typename CurveType::template g1_type<>::value_type A0 = A_query[0].g; - typename std::vector::value_type> Ain; - Ain.reserve(qap_inst.num_inputs()); - for (std::size_t i = 0; i < qap_inst.num_inputs(); ++i) { - Ain.emplace_back(A_query[1 + i].g); - } - - verification_key vk = - verification_key(alphaA_g2, alphaB_g1, alphaC_g2, gamma_g2, gamma_beta_g1, - gamma_beta_g2, rC_Z_g2, A0, Ain); - proving_key pk = proving_key(std::move(A_query), - std::move(B_query), - std::move(C_query), - std::move(H_query), - std::move(K_query), - std::move(rA_i_Z_g1), - std::move(cs_copy)); - - return keypair(std::move(pk), std::move(vk)); - } - - /** - * A prover algorithm for the R1CS ppzkADSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - static proof prover(const proving_key &pk, - const primary_input &primary_input, - const auxiliary_input &auxiliary_input, - const std::vector> &auth_data) { - - const typename CurveType::scalar_field_type::value_type - d1 = algebra::random_element(), - d2 = algebra::random_element(), - d3 = algebra::random_element(), - dauth = algebra::random_element(); - - const qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map( - pk.constraint_system, primary_input, auxiliary_input, d1 + dauth, d2, d3); - - typename knowledge_commitment::value_type g_A = - /* pk.A_query[0] + */ d1 * pk.A_query[qap_wit.num_variables + 1]; - typename knowledge_commitment::value_type g_B = - pk.B_query[0] + qap_wit.d2 * pk.B_query[qap_wit.num_variables + 1]; - typename knowledge_commitment::value_type g_C = - pk.C_query[0] + qap_wit.d3 * pk.C_query[qap_wit.num_variables + 1]; - - typename knowledge_commitment::value_type g_Ain = - dauth * pk.A_query[qap_wit.num_variables + 1]; - - typename CurveType::template g1_type<>::value_type g_H = - CurveType::template g1_type<>::value_type::zero(); - typename CurveType::template g1_type<>::value_type g_K = - (pk.K_query[0] + qap_wit.d1 * pk.K_query[qap_wit.num_variables + 1] + - qap_wit.d2 * pk.K_query[qap_wit.num_variables + 2] + - qap_wit.d3 * pk.K_query[qap_wit.num_variables + 3]); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - g_A = g_A + kc_multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.A_query, 1 + qap_wit.num_inputs, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_inputs, - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - g_Ain = g_Ain + - kc_multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.A_query, 1, 1 + qap_wit.num_inputs, qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_inputs, chunks); - // std :: cout << "The input proof term: " << g_Ain << "\n"; - - g_B = g_B + kc_multiexp_with_mixed_addition< - typename CurveType::g2_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.B_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - g_C = g_C + kc_multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.C_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - g_H = g_H + - algebra::multiexp< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_BDLO12>( - pk.H_query.begin(), - pk.H_query.begin() + qap_wit.degree + 1, - qap_wit.coefficients_for_H.begin(), - qap_wit.coefficients_for_H.begin() + qap_wit.degree + 1, - chunks); - - g_K = g_K + algebra::multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename CurveType::g1_type, typename CurveType::scalar_field_type>>( - pk.K_query.begin() + 1, - pk.K_query.begin() + 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, - chunks); - - std::vector mus; - std::vector::value_type> Ains; - mus.reserve(qap_wit.num_inputs); - Ains.reserve(qap_wit.num_inputs); - for (std::size_t i = 0; i < qap_wit.num_inputs; i++) { - mus.emplace_back(auth_data[i].mu); - Ains.emplace_back(pk.A_query[i + 1].g); - } - typename CurveType::template g1_type<>::value_type muA = dauth * pk.rA_i_Z_g1; - muA = muA + algebra::multiexp< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename CurveType::g1_type, typename CurveType::scalar_field_type>>( - Ains.begin(), Ains.begin() + qap_wit.num_inputs, mus.begin(), - mus.begin() + qap_wit.num_inputs, chunks); - - // To Do: Decide whether to include relevant parts of auth_data in proof - - proof proof = proof(std::move(g_A), - std::move(g_B), - std::move(g_C), - std::move(g_H), - std::move(g_K), - std::move(g_Ain), - std::move(muA)); - - return proof; - } - - /* - Below are two variants of verifier algorithm for the R1CS ppzkADSNARK. - - These are the four cases that arise from the following choices: - - 1) The verifier accepts a (non-processed) verification key or, instead, a processed verification - key. In the latter case, we call the algorithm an "online verifier". - - 2) The verifier uses the symmetric key or the public verification key. - In the former case we call the algorithm a "symmetric verifier". - - */ - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - static processed_verification_key - verifier_process_vk(const verification_key &vk) { - - using namespace algebra::pairing; - - using pairing_policy = pairing_policy; - - using g2_type = typename CurveType::template g2_type<>; - - processed_verification_key pvk; - pvk.pp_G2_one_precomp = precompute_g2(g2_type::value_type::one()); - pvk.vk_alphaA_g2_precomp = precompute_g2(vk.alphaA_g2); - pvk.vk_alphaB_g1_precomp = precompute_g1(vk.alphaB_g1); - pvk.vk_alphaC_g2_precomp = precompute_g2(vk.alphaC_g2); - pvk.vk_rC_Z_g2_precomp = precompute_g2(vk.rC_Z_g2); - pvk.vk_gamma_g2_precomp = precompute_g2(vk.gamma_g2); - pvk.vk_gamma_beta_g1_precomp = precompute_g1(vk.gamma_beta_g1); - pvk.vk_gamma_beta_g2_precomp = precompute_g2(vk.gamma_beta_g2); - - typename pairing_policy::g2_precomputed_type vk_rC_z_g2_precomp = - precompute_g2(vk.rC_Z_g2); - - pvk.A0 = typename CurveType::template g1_type<>::value_type(vk.A0); - pvk.Ain = typename std::vector::value_type>(vk.Ain); - - pvk.proof_g_vki_precomp.reserve(pvk.Ain.size()); - for (std::size_t i = 0; i < pvk.Ain.size(); i++) { - pvk.proof_g_vki_precomp.emplace_back(precompute_g1(pvk.Ain[i])); - } - - return pvk; - } - - /** - * A symmetric verifier algorithm for the R1CS ppzkADSNARK that - * accepts a processed verification key. - */ - // symmetric - static bool online_verifier(const processed_verification_key &pvk, - const proof &proof, - const sec_auth_key &sak, - const std::vector &labels) { - - using namespace algebra::pairing; - - using pairing_policy = typename pairing_policy; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - std::vector lambdas; - lambdas.reserve(labels.size()); - for (std::size_t i = 0; i < labels.size(); i++) { - lambdas.emplace_back(prfCompute(sak.S, labels[i])); - } - typename CurveType::template g1_type<>::value_type prodA = sak.i * proof.g_Aau.g; - prodA = - prodA + algebra::multiexp< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename CurveType::g1_type, typename CurveType::scalar_field_type>>( - pvk.Ain.begin(), pvk.Ain.begin() + labels.size(), lambdas.begin(), - lambdas.begin() + labels.size(), 1); - - bool result_auth = true; - - if (!(prodA == proof.muA)) { - result_auth = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_Aau_g_precomp = - precompute_g1(proof.g_Aau.g); - typename pairing_policy::g1_precomputed_type proof_g_Aau_h_precomp = - precompute_g1(proof.g_Aau.h); - - typename gt_type::value_type kc_Aau_1 = - miller_loop(proof_g_Aau_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_Aau_2 = - miller_loop(proof_g_Aau_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_Aau = - final_exponentiation(kc_Aau_1 * kc_Aau_2.unitary_inversed()); - if (kc_Aau != gt_type::value_type::one()) { - result_auth = false; - } - - result &= result_auth; - - typename pairing_policy::g1_precomputed_type proof_g_A_g_precomp = - precompute_g1(proof.g_A.g); - typename pairing_policy::g1_precomputed_type proof_g_A_h_precomp = - precompute_g1(proof.g_A.h); - typename gt_type::value_type kc_A_1 = - miller_loop(proof_g_A_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_A_2 = - miller_loop(proof_g_A_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_A = final_exponentiation(kc_A_1 * kc_A_2.unitary_inversed()); - if (kc_A != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g2_precomputed_type::value_type proof_g_B_g_precomp = - precompute_g2(proof.g_B.g); - typename pairing_policy::g1_precomputed_type proof_g_B_h_precomp = - precompute_g1(proof.g_B.h); - typename gt_type::value_type kc_B_1 = - miller_loop(pvk.vk_alphaB_g1_precomp, proof_g_B_g_precomp); - typename gt_type::value_type kc_B_2 = - miller_loop(proof_g_B_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_B = final_exponentiation(kc_B_1 * kc_B_2.unitary_inversed()); - if (kc_B != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_C_g_precomp = - precompute_g1(proof.g_C.g); - typename pairing_policy::g1_precomputed_type proof_g_C_h_precomp = - precompute_g1(proof.g_C.h); - typename gt_type::value_type kc_C_1 = - miller_loop(proof_g_C_g_precomp, pvk.vk_alphaC_g2_precomp); - typename gt_type::value_type kc_C_2 = - miller_loop(proof_g_C_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_C = final_exponentiation(kc_C_1 * kc_C_2.unitary_inversed()); - if (kc_C != gt_type::value_type::one()) { - result = false; - } - - typename CurveType::template g1_type<>::value_type Aacc = - pvk.A0 + proof.g_Aau.g + proof.g_A.g; - - typename pairing_policy::g1_precomputed_type proof_g_Aacc_precomp = - precompute_g1(Aacc); - typename pairing_policy::g1_precomputed_type proof_g_H_precomp = - precompute_g1(proof.g_H); - typename gt_type::value_type QAP_1 = - miller_loop(proof_g_Aacc_precomp, proof_g_B_g_precomp); - typename gt_type::value_type QAP_23 = pairing_policy::double_miller_loop( - proof_g_H_precomp, pvk.vk_rC_Z_g2_precomp, proof_g_C_g_precomp, pvk.pp_G2_one_precomp); - typename gt_type QAP = final_exponentiation(QAP_1 * QAP_23.unitary_inversed()); - if (QAP != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_K_precomp = - precompute_g1(proof.g_K); - typename pairing_policy::g1_precomputed_type proof_g_Aacc_C_precomp = - precompute_g1(Aacc + proof.g_C.g); - typename gt_type::value_type K_1 = - miller_loop(proof_g_K_precomp, pvk.vk_gamma_g2_precomp); - typename gt_type::value_type K_23 = - pairing_policy::double_miller_loop(proof_g_Aacc_C_precomp, pvk.vk_gamma_beta_g2_precomp, - pvk.vk_gamma_beta_g1_precomp, proof_g_B_g_precomp); - typename gt_type K = final_exponentiation(K_1 * K_23.unitary_inversed()); - if (K != gt_type::value_type::one()) { - result = false; - } - - return result; - } - - /** - * A symmetric verifier algorithm for the R1CS ppzkADSNARK that - * accepts a non-processed verification key - */ - static bool verifier(const verification_key &vk, - const proof &proof, - const sec_auth_key &sak, - const std::vector &labels) { - processed_verification_key pvk = verifier_process_vk(vk); - bool result = online_verifier(pvk, proof, sak, labels); - return result; - } - - /** - * A verifier algorithm for the R1CS ppzkADSNARK that - * accepts a processed verification key. - */ - // public - static bool online_verifier(const processed_verification_key &pvk, - const std::vector> &auth_data, - const proof &proof, - const pub_auth_key &pak, - const std::vector &labels) { - - using pairing_policy = typename snark_pp::pairing; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - assert(labels.size() == auth_data.size()); - - std::vector Lambdas; - std::vector> sigs; - Lambdas.reserve(labels.size()); - sigs.reserve(labels.size()); - for (std::size_t i = 0; i < labels.size(); i++) { - Lambdas.emplace_back(auth_data[i].Lambda); - sigs.emplace_back(auth_data[i].sigma); - } - bool result_auth = sigBatchVerif(pak.vkp, labels, Lambdas, sigs); - if (!result_auth) { - } - - // To Do: Decide whether to move pak and lambda preprocessing to offline - std::vector g_Lambdas_precomp; - g_Lambdas_precomp.reserve(auth_data.size()); - for (std::size_t i = 0; i < auth_data.size(); i++) - g_Lambdas_precomp.emplace_back(precompute_g2(auth_data[i].Lambda)); - typename pairing_policy::g2_precomputed_type::value_type g_minusi_precomp = - precompute_g2(pak.minusI2); - - typename gt_type::value_type accum; - if (auth_data.size() % 2 == 1) { - miller_loop(pvk.proof_g_vki_precomp[0], g_Lambdas_precomp[0]); - } else { - accum = gt_type::value_type::one(); - } - for (std::size_t i = auth_data.size() % 2; i < labels.size(); i = i + 2) { - accum = accum * pairing_policy::double_miller_loop( - pvk.proof_g_vki_precomp[i], g_Lambdas_precomp[i], - pvk.proof_g_vki_precomp[i + 1], g_Lambdas_precomp[i + 1]); - } - - typename pairing_policy::g1_precomputed_type proof_g_muA_precomp = - precompute_g1(proof.muA); - typename pairing_policy::g1_precomputed_type proof_g_Aau_precomp = - precompute_g1(proof.g_Aau.g); - typename gt_type::value_type accum2 = pairing_policy::double_miller_loop( - proof_g_muA_precomp, pvk.pp_G2_one_precomp, proof_g_Aau_precomp, g_minusi_precomp); - typename gt_type authPair = - final_exponentiation(accum * accum2.unitary_inversed()); - if (authPair != gt_type::value_type::one()) { - result_auth = false; - } - - if (!(result_auth)) { - } - - typename pairing_policy::g1_precomputed_type proof_g_Aau_g_precomp = - precompute_g1(proof.g_Aau.g); - typename pairing_policy::g1_precomputed_type proof_g_Aau_h_precomp = - precompute_g1(proof.g_Aau.h); - typename gt_type::value_type kc_Aau_1 = - miller_loop(proof_g_Aau_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_Aau_2 = - miller_loop(proof_g_Aau_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_Aau = - typename ::final_exponentiation(kc_Aau_1 * kc_Aau_2.unitary_inversed()); - if (kc_Aau != gt_type::value_type::one()) { - result_auth = false; - } - - result &= result_auth; - - typename pairing_policy::g1_precomputed_type proof_g_A_g_precomp = - precompute_g1(proof.g_A.g); - typename pairing_policy::g1_precomputed_type proof_g_A_h_precomp = - precompute_g1(proof.g_A.h); - typename gt_type::value_type kc_A_1 = - miller_loop(proof_g_A_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_A_2 = - miller_loop(proof_g_A_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_A = final_exponentiation(kc_A_1 * kc_A_2.unitary_inversed()); - if (kc_A != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g2_precomputed_type::value_type proof_g_B_g_precomp = - precompute_g2(proof.g_B.g); - typename pairing_policy::g1_precomputed_type proof_g_B_h_precomp = - precompute_g1(proof.g_B.h); - typename gt_type::value_type kc_B_1 = - miller_loop(pvk.vk_alphaB_g1_precomp, proof_g_B_g_precomp); - typename gt_type::value_type kc_B_2 = - miller_loop(proof_g_B_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_B = final_exponentiation(kc_B_1 * kc_B_2.unitary_inversed()); - if (kc_B != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_C_g_precomp = - precompute_g1(proof.g_C.g); - typename pairing_policy::g1_precomputed_type proof_g_C_h_precomp = - precompute_g1(proof.g_C.h); - typename gt_type::value_type kc_C_1 = - miller_loop(proof_g_C_g_precomp, pvk.vk_alphaC_g2_precomp); - typename gt_type::value_type kc_C_2 = - miller_loop(proof_g_C_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_C = final_exponentiation(kc_C_1 * kc_C_2.unitary_inversed()); - if (kc_C != gt_type::value_type::one()) { - result = false; - } - - typename CurveType::template g1_type<>::value_type Aacc = - pvk.A0 + proof.g_Aau.g + proof.g_A.g; - - typename pairing_policy::g1_precomputed_type proof_g_Aacc_precomp = - precompute_g1(Aacc); - typename pairing_policy::g1_precomputed_type proof_g_H_precomp = - precompute_g1(proof.g_H); - typename gt_type::value_type QAP_1 = - miller_loop(proof_g_Aacc_precomp, proof_g_B_g_precomp); - typename gt_type::value_type QAP_23 = pairing_policy::double_miller_loop( - proof_g_H_precomp, pvk.vk_rC_Z_g2_precomp, proof_g_C_g_precomp, pvk.pp_G2_one_precomp); - typename gt_type QAP = final_exponentiation(QAP_1 * QAP_23.unitary_inversed()); - if (QAP != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_K_precomp = - precompute_g1(proof.g_K); - typename pairing_policy::g1_precomputed_type proof_g_Aacc_C_precomp = - precompute_g1(Aacc + proof.g_C.g); - typename gt_type::value_type K_1 = - miller_loop(proof_g_K_precomp, pvk.vk_gamma_g2_precomp); - typename gt_type::value_type K_23 = - pairing_policy::double_miller_loop(proof_g_Aacc_C_precomp, pvk.vk_gamma_beta_g2_precomp, - pvk.vk_gamma_beta_g1_precomp, proof_g_B_g_precomp); - typename gt_type K = final_exponentiation(K_1 * K_23.unitary_inversed()); - if (K != gt_type::value_type::one()) { - result = false; - } - - return result; - } - - /** - * A verifier algorithm for the R1CS ppzkADSNARK that - * accepts a non-processed verification key - */ - // public - static bool verifier(const verification_key &vk, - const std::vector> &auth_data, - const proof &proof, - const pub_auth_key &pak, - const std::vector &labels) { - assert(labels.size() == auth_data.size()); - processed_verification_key pvk = verifier_process_vk(vk); - bool result = online_verifier(pvk, auth_data, proof, pak, labels); - return result; - } - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKADSNARK_BASIC_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/r1cs_ppzkadsnark.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/r1cs_ppzkadsnark.hpp deleted file mode 100644 index 08dab29861..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/r1cs_ppzkadsnark.hpp +++ /dev/null @@ -1,78 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKADSNARK_POLICY_HPP -#define CRYPTO3_R1CS_PPZKADSNARK_POLICY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - class r1cs_ppzkadsnark { - typedef detail::r1cs_ppzkadsnark_basic_policy policy_type; - - public: - typedef typename policy_type::snark_pp snark_pp; - typedef typename policy_type::constraint_system_type constraint_system; - typedef typename policy_type::primary_input_type primary_input; - typedef typename policy_type::auxiliary_input_type auxiliary_input; - - typedef typename policy_type::secret_key secret_key; - typedef typename policy_type::vkT vkT; - typedef typename policy_type::signature signature; - typedef typename policy_type::prf_key prf_key; - - typedef typename policy_type::pub_auth_prms pub_auth_prms_type; - typedef typename policy_type::sec_auth_key sec_auth_key_type; - typedef typename policy_type::pub_auth_key pub_auth_key_type; - typedef typename policy_type::auth_data auth_data_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof proof_type; - - using policy_type::generator; - using policy_type::online_verifier; - using policy_type::prover; - using policy_type::verifier; - - using policy_type::auth_generator; - using policy_type::auth_sign; - using policy_type::auth_verify; - }; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKADSNARK_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/signature.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/signature.hpp deleted file mode 100644 index ff778f2b41..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/signature.hpp +++ /dev/null @@ -1,67 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Generic signature interface for ADSNARK. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_SIGNATURE_HPP -#define CRYPTO3_ZK_SIGNATURE_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - struct kpT { - r1cs_ppzkadsnark_secret_key sk; - r1cs_ppzkadsnark_vkT vk; - }; - - template - kpT sigGen(void); - - template - r1cs_ppzkadsnark_signature sigSign(const r1cs_ppzkadsnark_secret_key &sk, - const label_type &label, - const typename CurveType::g2_type::value_type &Lambda); - - template - bool sigVerif(const r1cs_ppzkadsnark_vkT &vk, const label_type &label, - const typename CurveType::g2_type::value_type &Lambda, - const r1cs_ppzkadsnark_signature &sig); - - template - bool sigBatchVerif(const r1cs_ppzkadsnark_vkT &vk, const std::vector &labels, - const std::vector &Lambdas, - const std::vector> &sigs); - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_SIGNATURE_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark.hpp deleted file mode 100644 index 6404bc9fbc..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark.hpp +++ /dev/null @@ -1,97 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for BACS. - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * @details The implementation is a straightforward combination of: - * (1) a BACS-to-R1CS reduction, and - * (2) a ppzkSNARK for R1CS. - * - * Acronyms: - * - BACS = "Bilinear Arithmetic Circuit Satisfiability" - * - R1CS = "Rank-1 Constraint System" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - */ - template, - typename Prover = bacs_ppzksnark_prover, - typename Verifier = bacs_ppzksnark_verifier_strong_input_consistency> - class bacs_ppzksnark { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const circuit_type &circuit) { - return Generator::process(circuit); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/detail/basic_policy.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 0b8c9f3fdb..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,124 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for BACS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a BACS-to-R1CS reduction, and -// (2) a ppzkSNARK for R1CS. -// -// -// Acronyms: -// -// - BACS = "Bilinear Arithmetic Circuit Satisfiability" -// - R1CS = "Rank-1 Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct bacs_ppzksnark_policy { - typedef CurveType curve_type; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef bacs_circuit circuit_type; - - typedef bacs_primary_input primary_input_type; - - typedef bacs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the BACS ppzkSNARK. - */ - typedef bacs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the BACS ppzkSNARK. - */ - typedef typename r1cs_ppzksnark::verification_key_type verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the BACS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef typename r1cs_ppzksnark::processed_verification_key_type - processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the BACS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef bacs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the BACS ppzkSNARK. - */ - typedef typename r1cs_ppzksnark::proof_type proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/generator.hpp deleted file mode 100644 index d4e8588e79..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/generator.hpp +++ /dev/null @@ -1,80 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_GENERATOR_HPP - -#include -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A generator algorithm for the BACS ppzkSNARK. - * - * Given a BACS circuit C, this algorithm produces proving and verification keys for C. - */ - template - class bacs_ppzksnark_generator { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type process(const circuit_type &circuit) { - typedef typename CurveType::scalar_field_type field_type; - - const r1cs_constraint_system r1cs_cs = - reductions::bacs_to_r1cs::instance_map(circuit); - const typename r1cs_ppzksnark::keypair_type r1cs_keypair = - generate>(r1cs_cs); - - return keypair_type(proving_key_type(circuit, r1cs_keypair.first), r1cs_keypair.second); - } - }; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/keypair.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/keypair.hpp deleted file mode 100644 index d88daec778..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BACS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_BACS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using bacs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/prover.hpp deleted file mode 100644 index 9a161114ef..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/prover.hpp +++ /dev/null @@ -1,88 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_PROVER_HPP - -#include -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the BACS ppzkSNARK. - * - * Given a BACS primary input X and a BACS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that C(X,Y)=0''. - * Above, C is the BACS circuit that was given as input to the generator algorithm. - */ - template - class bacs_ppzksnark_prover { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - typedef typename CurveType::scalar_field_type field_type; - - const r1cs_variable_assignment> r1cs_va = - reductions::bacs_to_r1cs::witness_map( - proving_key.circuit, primary_input, auxiliary_input); - const r1cs_auxiliary_input r1cs_ai( - r1cs_va.begin() + primary_input.size(), - r1cs_va.end()); // TODO: faster to just change bacs_to_r1cs::witness_map into - // two :( - - return prove>(proving_key.r1cs_pk, primary_input, r1cs_ai); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/proving_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/proving_key.hpp deleted file mode 100644 index 3d68f84201..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,90 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_PROVING_KEY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct bacs_ppzksnark_proving_key { - typedef CurveType curve_type; - typedef CircuitType circuit_type; - typedef typename r1cs_ppzksnark::proving_key_type r1cs_proving_key_type; - - circuit_type circuit; - r1cs_proving_key_type r1cs_pk; - - bacs_ppzksnark_proving_key() {}; - - bacs_ppzksnark_proving_key(const bacs_ppzksnark_proving_key &other) = default; - - bacs_ppzksnark_proving_key(bacs_ppzksnark_proving_key &&other) = default; - - bacs_ppzksnark_proving_key(const circuit_type &circuit, const r1cs_proving_key_type &r1cs_pk) : - circuit(circuit), r1cs_pk(r1cs_pk) { - } - - bacs_ppzksnark_proving_key(circuit_type &&circuit, r1cs_proving_key_type &&r1cs_pk) : - circuit(std::move(circuit)), r1cs_pk(std::move(r1cs_pk)) { - } - - bacs_ppzksnark_proving_key &operator=(const bacs_ppzksnark_proving_key &other) = default; - - std::size_t G1_size() const { - return r1cs_pk.G1_size(); - } - - std::size_t G2_size() const { - return r1cs_pk.G2_size(); - } - - std::size_t G1_sparse_size() const { - return r1cs_pk.G1_sparse_size(); - } - - std::size_t G2_sparse_size() const { - return r1cs_pk.G2_sparse_size(); - } - - std::size_t size_in_bits() const { - return r1cs_pk.size_in_bits(); - } - - bool operator==(const bacs_ppzksnark_proving_key &other) const { - return (this->circuit == other.circuit && this->r1cs_pk == other.r1cs_pk); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/verifier.hpp deleted file mode 100644 index f9a99c294c..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,177 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_VERIFIER_HPP - -#include -#include - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class bacs_ppzksnark_process_verification_key { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - return r1cs_ppzksnark_process_verification_key::process(verification_key); - } - }; - - /* - Below are four variants of verifier algorithm for the BACS ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input - consistency. Strong input consistency requires that |primary_input| = C.num_inputs, whereas - weak input consistency requires that |primary_input| <= C.num_inputs (and - the primary input is implicitly padded with zeros up to length C.num_inputs). - */ - - template - class bacs_ppzksnark_verifier_weak_input_consistency { - typedef detail::bacs_ppzksnark_policy policy_type; - - using r1cs_ppzksnark_weak_proof_system = - r1cs_ppzksnark, - r1cs_ppzksnark_prover, - r1cs_ppzksnark_verifier_weak_input_consistency>; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify( - bacs_ppzksnark_process_verification_key::process(verification_key), - primary_input, - proof); - } - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify( - processed_verification_key, primary_input, proof); - } - }; - - template - class bacs_ppzksnark_verifier_strong_input_consistency { - typedef detail::bacs_ppzksnark_policy policy_type; - - using r1cs_ppzksnark_proof_system = r1cs_ppzksnark; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify( - bacs_ppzksnark_process_verification_key::process(verification_key), - primary_input, - proof); - } - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify(processed_verification_key, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark.hpp deleted file mode 100644 index 1b5266b980..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark.hpp +++ /dev/null @@ -1,292 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_HPP - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using is_basic_mode = typename std::bool_constant< - std::is_same, Generator>::value && - std::is_same, Prover>::value && - (std::is_same, - Verifier>::value || - std::is_same, - Verifier>::value - // || std::is_same, - // Verifier>::value - )>; - - template - using is_aggregate_mode = typename std::bool_constant< - std::is_same, Generator>::value && - std::is_same, Prover>::value && - std::is_same< - r1cs_gg_ppzksnark_verifier_strong_input_consistency, - Verifier>::value>; - - template - using is_encrypted_input_mode = typename std::bool_constant< - std::is_same, - Generator>::value && - std::is_same, Prover>::value && - std::is_same< - r1cs_gg_ppzksnark_verifier_strong_input_consistency, - Verifier>::value>; - - /*! - * @brief ppzkSNARK for R1CS with a security proof in the generic group (GG) model - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation instantiates the protocol of \[Gro16] and aggregation scheme \[BMM+19] for the - * protocol of \[Gro16]. - * - * Acronyms: - * - R1CS = "Rank-1 Constraint Systems" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - * - SRS = "Structured Reference String" - * - * References: - * \[Gro16]: - * "On the Size of Pairing-based Non-interactive Arguments", - * Jens Groth, - * EUROCRYPT 2016, - * - * - * \[BMM+19]: - * "Proofs for inner pairing products and applications", - * Benedikt Bünz, Mary Maller, Pratyush Mishra, Nirvan Tyagi, Psi Vesely, - * Cryptology ePrint Archive, Report 2019/1177, 2019 - * - */ - template, - typename Prover = r1cs_gg_ppzksnark_prover, - typename Verifier = r1cs_gg_ppzksnark_verifier_strong_input_consistency, - proving_mode Mode = proving_mode::basic, typename = void> - class r1cs_gg_ppzksnark; - - template - class r1cs_gg_ppzksnark< - CurveType, Generator, Prover, Verifier, proving_mode::basic, - typename std::enable_if::value>::type> { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::template process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - - template - class r1cs_gg_ppzksnark< - CurveType, Generator, Prover, Verifier, proving_mode::aggregate, - typename std::enable_if::value>::type> { - - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - typedef typename basic_policy_type::proof_type basic_proof_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::srs_type srs_type; - typedef typename policy_type::proving_srs_type proving_srs_type; - typedef typename policy_type::verification_srs_type verification_srs_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::srs_pair_type srs_pair_type; - - typedef typename policy_type::proof_type proof_type; - - // Generate key pair - template, - typename GeneratorType = boost::random::mt19937> - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::template process(constraint_system); - } - - // Generate SRS pair - template, - typename GeneratorType = boost::random::mt19937> - static inline srs_pair_type generate(std::size_t num_proofs) { - return Generator::template process(num_proofs); - } - - // TODO: remove - // Basic proove - static inline basic_proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - // aggregate prove - template - static inline proof_type prove(const proving_srs_type &srs, - InputTranscriptIncludeIterator transcript_include_first, - InputTranscriptIncludeIterator transcript_include_last, - InputProofIterator proofs_first, - InputProofIterator proofs_last) { - - return Prover::template process(srs, transcript_include_first, transcript_include_last, - proofs_first, proofs_last); - } - - // TODO: remove - // Basic verify - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const basic_proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - - // aggregate verify - template, - typename GeneratorType = boost::random::mt19937, typename Hash = hashes::sha2<256>, - typename InputPrimaryInputRange, typename InputIterator> - static inline bool verify(const verification_srs_type &ip_verifier_srs, - const verification_key_type &pvk, - const InputPrimaryInputRange &public_inputs, - const proof_type &proof, - InputIterator transcript_include_first, - InputIterator transcript_include_last) { - return Verifier::template process( - ip_verifier_srs, pvk, public_inputs, proof, transcript_include_first, - transcript_include_last); - } - }; - - template - class r1cs_gg_ppzksnark::value>::type> { - - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - typedef typename basic_policy_type::proof_type basic_proof_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - // Generate key pair - template, - typename GeneratorType = boost::random::mt19937> - static inline KeyPairType generate(const constraint_system_type &constraint_system) { - return Generator::template process( - constraint_system); - } - - // Proving - template - static inline proof_type prove(const proving_key_type &pk, - const PublicKey &pubkey, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input, - const typename CurveType::scalar_field_type::value_type &r) { - return Prover::process(pk, pubkey, primary_input, auxiliary_input, r); - } - - // Verification - template - static inline bool verify(CipherTextIterator first, CipherTextIterator last, - const verification_key_type &vk, const PublicKey &pubkey, - const primary_input_type &unencrypted_primary_input, - const proof_type &proof) { - return Verifier::process(first, last, vk, pubkey, unencrypted_primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/detail/basic_policy.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 43bc24cf36..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,308 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for R1CS with a security proof -// in the generic group (GG) model. -// -// This includes: -//- class for proving key -//- class for verification key -//- class for processed verification key -//- class for key pair (proving key & verification key) -//- class for proof -//- generator algorithm -//- prover algorithm -//- verifier algorithm (with strong or weak input consistency) -//- online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates the protocol of \[Gro16]. -// -// -// Acronyms: -// -//- R1CS = "Rank-1 Constraint Systems" -//- ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// -// References: -// -//\[Gro16]: -// "On the Size of Pairing-based Non-interactive Arguments", -// Jens Groth, -// EUROCRYPT 2016, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_BASIC_POLICY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_BASIC_POLICY_HPP - -#include -#include -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - template - struct r1cs_gg_ppzksnark_basic_policy; - - template - struct r1cs_gg_ppzksnark_basic_policy { - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::basic; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS GG-ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef r1cs_gg_ppzksnark_processed_verification_key - processed_verification_key_type; - - /************************ Extended verification key *************************/ - - /** - * An extended verification key for the R1CS GG-ppzkSNARK. - * - * Compared to a (non-extended) verification key, an extended verification key - * contains additional field. - */ - typedef r1cs_gg_ppzksnark_extended_verification_key extended_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_gg_ppzksnark_keypair keypair_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and a processed - * verification key. - */ - typedef r1cs_gg_ppzksnark_keypair - processed_keypair_type; - - /********************************** Extended key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and an extended - * verification key. - */ - typedef r1cs_gg_ppzksnark_keypair - extended_keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS GG-ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_gg_ppzksnark_proof proof_type; - }; - - template - struct r1cs_gg_ppzksnark_basic_policy { - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::aggregate; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - // TODO: remove - /** - * A proving key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_aggregate_verification_key verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_gg_ppzksnark_keypair keypair_type; - - /********************************** Aggregation SRS *********************************/ - - /** - * A SRS (Structured Reference String) for the R1CS GG-ppzkSNARK aggregation scheme. - */ - typedef r1cs_gg_ppzksnark_aggregate_srs srs_type; - - /******************************** Proving SRS for aggregation ********************************/ - - /** - * A proving SRS for the R1CS GG-ppzkSNARK aggregation scheme. - */ - typedef typename srs_type::proving_srs_type proving_srs_type; - - /**************************** Verification SRS for aggregation ********************************/ - - /** - * A verification SRS for the R1CS GG-ppzkSNARK aggregation scheme. - */ - typedef typename srs_type::verification_srs_type verification_srs_type; - - /********************************** Aggregation SRS pair *********************************/ - - /** - * A SRS pair for the R1CS GG-ppzkSNARK aggregation scheme consisting of a proving SRS and - * a verification SRS. - */ - typedef typename srs_type::srs_pair_type srs_pair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS GG-ppzkSNARK aggregation scheme. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_gg_ppzksnark_aggregate_proof proof_type; - }; - - template - struct r1cs_gg_ppzksnark_basic_policy { - private: - typedef r1cs_gg_ppzksnark_basic_policy basic_policy; - - public: - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::encrypted_input; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef typename basic_policy::constraint_system_type constraint_system_type; - - typedef typename basic_policy::primary_input_type primary_input_type; - - typedef typename basic_policy::auxiliary_input_type auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS GG-ppzkSNARK with encrypted input. - */ - typedef typename basic_policy::proving_key_type proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS GG-ppzkSNARK with encrypted input. - */ - typedef typename basic_policy::extended_verification_key_type verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK with encrypted input, which consists of proving, - secret - * and verification keys. - */ - typedef typename basic_policy::extended_keypair_type keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS GG-ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef typename basic_policy::proof_type proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/generator.hpp deleted file mode 100644 index f3999a037c..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/generator.hpp +++ /dev/null @@ -1,76 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_GENERATOR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_generator { - - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef r1cs_gg_ppzksnark_generator basic_generator_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - template, - typename GeneratorType = boost::random::mt19937> - static inline - typename std::enable_if::value, KeyPairType>::type - process(const constraint_system_type &constraint_system) { - - return basic_generator_type::template process( - constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/prover.hpp deleted file mode 100644 index 4fd107a80f..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/prover.hpp +++ /dev/null @@ -1,81 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_PROVER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_PROVER_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A prover algorithm for the R1CS GG-ppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_gg_ppzksnark_prover { - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - typedef r1cs_gg_ppzksnark_prover basic_prover_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - // TODO: add type constraints on PublicKey - template - static inline proof_type process(const proving_key_type &gg_proving_key, - const PublicKey &pubkey, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input, - const typename scalar_field_type::value_type &r) { - proof_type proof = basic_prover_type::process(gg_proving_key, primary_input, auxiliary_input); - - return proof_type(std::move(proof.g_A), - std::move(proof.g_B), - std::move(r * pubkey.gamma_inverse_sum_s_g1 + proof.g_C)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/verifier.hpp deleted file mode 100644 index 9b1c3a2c91..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/verifier.hpp +++ /dev/null @@ -1,156 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for BACS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a BACS-to-R1CS reduction, and -// (2) a ppzkSNARK for R1CS. -// -// -// Acronyms: -// -// - BACS = "Bilinear Arithmetic Circuit Satisfiability" -// - R1CS = "Rank-1 Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_VERIFIER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_VERIFIER_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - typedef typename pairing::pairing_policy::g1_precomputed_type g1_precomputed_type; - typedef typename pairing::pairing_policy::g2_precomputed_type g2_precomputed_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::proof_type proof_type; - - // TODO: add type constraints on PublicKey - template - static inline typename std::enable_if< - std::is_same::value_type>::value, - bool>::type - process(CipherTextIterator first, CipherTextIterator last, const verification_key_type &gg_vk, - const PublicKey &pubkey, const primary_input_type &unencrypted_primary_input, - const proof_type &proof) { - - const std::size_t input_size = gg_vk.gamma_ABC_g1.rest.size(); - const std::size_t ct_size = std::distance(first, last); - assert(input_size - 1 > ct_size - 2); - assert(unencrypted_primary_input.size() + (ct_size - 2) == input_size); - assert(ct_size - 2 == pubkey.delta_s_g1.size()); - assert(ct_size - 2 == pubkey.t_g1.size()); - assert(ct_size - 2 == pubkey.t_g2.size() - 1); - typename g1_type::value_type acc = gg_vk.gamma_ABC_g1.first; - typename gt_type::value_type sum_cipher = gt_type::value_type::one(); - - auto it1 = first; - auto it2 = std::cbegin(pubkey.t_g2); - while (it1 != last - 1 && it2 != std::cend(pubkey.t_g2)) { - acc = acc + *it1; - sum_cipher = sum_cipher * algebra::pair_reduced(*it1++, *it2++); - } - assert((it1 == last - 1) && (it2 == std::cend(pubkey.t_g2))); - - for (std::size_t i = ct_size - 2; i < input_size; ++i) { - acc = acc + unencrypted_primary_input[i - ct_size + 2] * gg_vk.gamma_ABC_g1.rest[i]; - } - typename gt_type::value_type presum_cipher = - algebra::pair_reduced(*(last - 1), g2_type::value_type::one()); - bool ans1 = (sum_cipher == presum_cipher); - - // TODO: optimize - typename gt_type::value_type QAPl = algebra::pair_reduced(proof.g_A, proof.g_B); - typename gt_type::value_type QAPr = gg_vk.alpha_g1_beta_g2 * - algebra::pair_reduced(acc, gg_vk.gamma_g2) * - algebra::pair_reduced(proof.g_C, gg_vk.delta_g2); - // const g1_precomputed_type proof_g1_A_precomp = precompute_g1(proof.g_A); - // const g2_precomputed_type proof_g2_B_precomp = precompute_g2(proof.g_B); - // - // const g1_precomputed_type pk_g1_alpha_precomp = - // precompute_g1(gg_keypair.first.alpha_g1); - // const g2_precomputed_type pk_g2_beta_precomp = - // precompute_g2(gg_keypair.first.beta_g2); - // - // const g1_precomputed_type proof_g1_C_precomp = precompute_g1(proof.g_C); - // const g2_precomputed_type vk_g2_delta_precomp = - // precompute_g2(gg_keypair.second.delta_g2); - // - // const g1_precomputed_type proof_g1_cn_precomp = precompute_g1(acc); - // const g2_precomputed_type vk_g2_gamma_precomp = - // precompute_g2(gg_keypair.second.gamma_g2); - // - // typename gt_type::value_type QAPl_1 = - // miller_loop(proof_g1_A_precomp, proof_g2_B_precomp); - // typename gt_type::value_type QAPl_2 = double_miller_loop( - // proof_g1_C_precomp, vk_g2_delta_precomp, pk_g1_alpha_precomp, pk_g2_beta_precomp); - // - // typename gt_type::value_type QAPr_2 = - // miller_loop(proof_g1_cn_precomp, vk_g2_gamma_precomp); - // - // typename gt_type::value_type QAPl = final_exponentiation(QAPl_1 * - // QAPl_2.inversed()); typename gt_type::value_type QAPr = - // final_exponentiation(QAPr_2); - - bool ans2 = (QAPl == QAPr); - - return (ans1 && ans2); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_VERIFIER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/generator.hpp deleted file mode 100644 index d65a6b9b8b..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/generator.hpp +++ /dev/null @@ -1,450 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_GENERATOR_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_generator; - - /** - * A generator algorithm for the R1CS GG-ppzkSNARK. - * - * Given a R1CS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - template - class r1cs_gg_ppzksnark_generator { - - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::extended_verification_key_type extended_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::processed_keypair_type processed_keypair_type; - typedef typename policy_type::extended_keypair_type extended_keypair_type; - typedef typename policy_type::proof_type proof_type; - - template, - typename GeneratorType = boost::random::mt19937> - static inline auto basic_process(const constraint_system_type &constraint_system) { - - /* Make the B_query "lighter" if possible */ - constraint_system_type r1cs_copy(constraint_system); - r1cs_copy.swap_AB_if_beneficial(); - - /* Generate secret randomness */ - const typename scalar_field_type::value_type t = - algebra::random_element(); - const typename scalar_field_type::value_type alpha = - algebra::random_element(); - const typename scalar_field_type::value_type beta = - algebra::random_element(); - const typename scalar_field_type::value_type gamma = - algebra::random_element(); - const typename scalar_field_type::value_type delta = - algebra::random_element(); - const typename scalar_field_type::value_type gamma_inverse = gamma.inversed(); - const typename scalar_field_type::value_type delta_inverse = delta.inversed(); - - /* A quadratic arithmetic program evaluated at t. */ - qap_instance_evaluation qap = - reductions::r1cs_to_qap::instance_map_with_evaluation(r1cs_copy, t); - - std::size_t non_zero_At = 0; - std::size_t non_zero_Bt = 0; - for (std::size_t i = 0; i < qap.num_variables + 1; ++i) { - if (!qap.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap.Bt[i].is_zero()) { - ++non_zero_Bt; - } - } - - /* qap.{At,Bt,Ct,Ht} are now in unspecified state, but we do not use them later */ - std::vector At = std::move(qap.At); - std::vector Bt = std::move(qap.Bt); - std::vector Ct = std::move(qap.Ct); - std::vector Ht = std::move(qap.Ht); - - /* The gamma inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * gamma^{-1}. - */ - std::vector gamma_ABC; - gamma_ABC.reserve(qap.num_inputs); - - const typename scalar_field_type::value_type gamma_ABC_0 = - (beta * At[0] + alpha * Bt[0] + Ct[0]) * gamma_inverse; - for (std::size_t i = 1; i < qap.num_inputs + 1; ++i) { - gamma_ABC.emplace_back((beta * At[i] + alpha * Bt[i] + Ct[i]) * gamma_inverse); - } - - /* The delta inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * delta^{-1}. - */ - std::vector Lt; - Lt.reserve(qap.num_variables - qap.num_inputs); - - const std::size_t Lt_offset = qap.num_inputs + 1; - for (std::size_t i = 0; i < qap.num_variables - qap.num_inputs; ++i) { - Lt.emplace_back((beta * At[Lt_offset + i] + alpha * Bt[Lt_offset + i] + Ct[Lt_offset + i]) * - delta_inverse); - } - - /** - * Note that H for Groth's proof system is degree d-2, but the QAP - * reduction returns coefficients for degree d polynomial H (in - * style of PGHR-type proof systems) - */ - Ht.resize(Ht.size() - 2); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - const typename g1_type::value_type g1_generator = algebra::random_element(); - - const std::size_t g1_scalar_count = non_zero_At + non_zero_Bt + qap.num_variables; - const std::size_t g1_scalar_size = scalar_field_type::value_bits; - const std::size_t g1_window_size = algebra::get_exp_window_size(g1_scalar_count); - - algebra::window_table g1_table = - algebra::get_window_table(g1_scalar_size, g1_window_size, g1_generator); - - const typename g2_type::value_type G2_gen = algebra::random_element(); - - const std::size_t g2_scalar_count = non_zero_Bt; - const std::size_t g2_scalar_size = scalar_field_type::value_bits; - std::size_t g2_window_size = algebra::get_exp_window_size(g2_scalar_count); - - algebra::window_table g2_table = - algebra::get_window_table(g2_scalar_size, g2_window_size, G2_gen); - - typename g1_type::value_type alpha_g1 = alpha * g1_generator; - typename g1_type::value_type beta_g1 = beta * g1_generator; - typename g2_type::value_type beta_g2 = beta * G2_gen; - typename g1_type::value_type delta_g1 = delta * g1_generator; - typename g2_type::value_type delta_g2 = delta * G2_gen; - - typename std::vector A_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - At); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(A_query); -#endif - - commitments::knowledge_commitment_vector B_query = - commitments::kc_batch_exp( - scalar_field_type::value_bits, g2_window_size, g1_window_size, g2_table, g1_table, - scalar_field_type::value_type::one(), scalar_field_type::value_type::one(), Bt, chunks); - - // NOTE: if USE_MIXED_ADDITION is defined, - // kc_batch_exp will convert its output to special form internally - - typename std::vector H_query = - algebra::batch_exp_with_coeff( - g1_scalar_size, g1_window_size, g1_table, qap.Zt * delta_inverse, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector L_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - Lt); - -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(L_query); -#endif - - typename gt_type::value_type alpha_g1_beta_g2 = pair_reduced(alpha_g1, beta_g2); - typename g2_type::value_type gamma_g2 = gamma * G2_gen; - - typename g1_type::value_type gamma_ABC_g1_0 = gamma_ABC_0 * g1_generator; - - typename std::vector gamma_ABC_g1_values = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - gamma_ABC); - - typename g1_type::value_type gamma_g1 = gamma * g1_generator; - - container::accumulation_vector gamma_ABC_g1(std::move(gamma_ABC_g1_0), - std::move(gamma_ABC_g1_values)); - - return std::make_tuple(std::move(alpha_g1), std::move(beta_g1), std::move(beta_g2), - std::move(delta_g1), std::move(delta_g2), std::move(gamma_g2), - std::move(A_query), std::move(B_query), std::move(H_query), - std::move(L_query), std::move(r1cs_copy), std::move(alpha_g1_beta_g2), - std::move(gamma_ABC_g1), std::move(gamma_g1)); - } - - // Generate *unsafe* CRS for specific toxic waste - // For testing purposes only - static inline auto deterministic_basic_process(const constraint_system_type &constraint_system, - const typename scalar_field_type::value_type &t, - const typename scalar_field_type::value_type &alpha, - const typename scalar_field_type::value_type &beta, - const typename scalar_field_type::value_type &gamma, - const typename scalar_field_type::value_type &delta, - const typename g1_type::value_type &g1_generator, - const typename g2_type::value_type &g2_generator - ) { - - /* Make the B_query "lighter" if possible */ - constraint_system_type r1cs_copy(constraint_system); - r1cs_copy.swap_AB_if_beneficial(); - - /* Generate secret randomness */ - const typename scalar_field_type::value_type gamma_inverse = gamma.inversed(); - const typename scalar_field_type::value_type delta_inverse = delta.inversed(); - - /* A quadratic arithmetic program evaluated at t. */ - qap_instance_evaluation qap = - reductions::r1cs_to_qap::instance_map_with_evaluation(r1cs_copy, t); - - std::size_t non_zero_At = 0; - std::size_t non_zero_Bt = 0; - for (std::size_t i = 0; i < qap.num_variables + 1; ++i) { - if (!qap.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap.Bt[i].is_zero()) { - ++non_zero_Bt; - } - } - - /* qap.{At,Bt,Ct,Ht} are now in unspecified state, but we do not use them later */ - std::vector At = std::move(qap.At); - std::vector Bt = std::move(qap.Bt); - std::vector Ct = std::move(qap.Ct); - std::vector Ht = std::move(qap.Ht); - - /* The gamma inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * gamma^{-1}. - */ - std::vector gamma_ABC; - gamma_ABC.reserve(qap.num_inputs); - - const typename scalar_field_type::value_type gamma_ABC_0 = - (beta * At[0] + alpha * Bt[0] + Ct[0]) * gamma_inverse; - for (std::size_t i = 1; i < qap.num_inputs + 1; ++i) { - gamma_ABC.emplace_back((beta * At[i] + alpha * Bt[i] + Ct[i]) * gamma_inverse); - } - - /* The delta inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * delta^{-1}. - */ - std::vector Lt; - Lt.reserve(qap.num_variables - qap.num_inputs); - - const std::size_t Lt_offset = qap.num_inputs + 1; - for (std::size_t i = 0; i < qap.num_variables - qap.num_inputs; ++i) { - Lt.emplace_back((beta * At[Lt_offset + i] + alpha * Bt[Lt_offset + i] + Ct[Lt_offset + i]) * - delta_inverse); - } - - /** - * Note that H for Groth's proof system is degree d-2, but the QAP - * reduction returns coefficients for degree d polynomial H (in - * style of PGHR-type proof systems) - */ - Ht.resize(Ht.size() - 2); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - const std::size_t g1_scalar_count = non_zero_At + non_zero_Bt + qap.num_variables; - const std::size_t g1_scalar_size = scalar_field_type::value_bits; - const std::size_t g1_window_size = algebra::get_exp_window_size(g1_scalar_count); - - algebra::window_table g1_table = - algebra::get_window_table(g1_scalar_size, g1_window_size, g1_generator); - const typename g2_type::value_type G2_gen = g2_generator; - - const std::size_t g2_scalar_count = non_zero_Bt; - const std::size_t g2_scalar_size = scalar_field_type::value_bits; - std::size_t g2_window_size = algebra::get_exp_window_size(g2_scalar_count); - - algebra::window_table g2_table = - algebra::get_window_table(g2_scalar_size, g2_window_size, G2_gen); - - typename g1_type::value_type alpha_g1 = alpha * g1_generator; - typename g1_type::value_type beta_g1 = beta * g1_generator; - typename g2_type::value_type beta_g2 = beta * G2_gen; - typename g1_type::value_type delta_g1 = delta * g1_generator; - typename g2_type::value_type delta_g2 = delta * G2_gen; - - typename std::vector A_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - At); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(A_query); -#endif - - commitments::knowledge_commitment_vector B_query = - commitments::kc_batch_exp( - scalar_field_type::value_bits, g2_window_size, g1_window_size, g2_table, g1_table, - scalar_field_type::value_type::one(), scalar_field_type::value_type::one(), Bt, chunks); - - // NOTE: if USE_MIXED_ADDITION is defined, - // kc_batch_exp will convert its output to special form internally - - typename std::vector H_query = - algebra::batch_exp_with_coeff( - g1_scalar_size, g1_window_size, g1_table, qap.Zt * delta_inverse, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector L_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - Lt); - -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(L_query); -#endif - - typename gt_type::value_type alpha_g1_beta_g2 = pair_reduced(alpha_g1, beta_g2); - typename g2_type::value_type gamma_g2 = gamma * G2_gen; - - typename g1_type::value_type gamma_ABC_g1_0 = gamma_ABC_0 * g1_generator; - - typename std::vector gamma_ABC_g1_values = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - gamma_ABC); - - typename g1_type::value_type gamma_g1 = gamma * g1_generator; - - container::accumulation_vector gamma_ABC_g1(std::move(gamma_ABC_g1_0), - std::move(gamma_ABC_g1_values)); - - return std::make_tuple(std::move(alpha_g1), std::move(beta_g1), std::move(beta_g2), - std::move(delta_g1), std::move(delta_g2), std::move(gamma_g2), - std::move(A_query), std::move(B_query), std::move(H_query), - std::move(L_query), std::move(r1cs_copy), std::move(alpha_g1_beta_g2), - std::move(gamma_ABC_g1), std::move(gamma_g1)); - } - - template, - typename GeneratorType = boost::random::mt19937> - static inline - typename std::enable_if::value, KeyPairType>::type - process(const constraint_system_type &constraint_system) { - - auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, - L_query, r1cs_copy, alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = - basic_process(constraint_system); - - verification_key_type vk = - verification_key_type(alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_ABC_g1); - - proving_key_type pk = proving_key_type(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(A_query), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - - template, - typename GeneratorType = boost::random::mt19937> - static inline typename std::enable_if::value, - KeyPairType>::type - process(const constraint_system_type &constraint_system) { - - auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, - L_query, r1cs_copy, alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = - basic_process(constraint_system); - - extended_verification_key_type vk = extended_verification_key_type( - alpha_g1_beta_g2, gamma_g2, delta_g2, delta_g1, gamma_ABC_g1, gamma_g1); - - proving_key_type pk = proving_key_type(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(A_query), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/generator.hpp deleted file mode 100644 index 901b860180..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/generator.hpp +++ /dev/null @@ -1,105 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_IPP2_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_IPP2_GENERATOR_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_generator { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef r1cs_gg_ppzksnark_generator basic_generator; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::srs_type srs_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::srs_pair_type srs_pair_type; - - template, - typename GeneratorType = boost::random::mt19937> - static inline keypair_type process(const constraint_system_type &constraint_system) { - - auto [alpha_g1, - beta_g1, - beta_g2, - delta_g1, - delta_g2, - gamma_g2, - A_query, - B_query, - H_query, - L_query, - r1cs_copy, - alpha_g1_beta_g2, - gamma_ABC_g1, - gamma_g1] = std::move(basic_generator::basic_process(constraint_system)); - - verification_key_type vk(alpha_g1, beta_g2, gamma_g2, delta_g2, gamma_ABC_g1); - - proving_key_type pk(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(A_query), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - - template, - typename GeneratorType = boost::random::mt19937> - static inline srs_pair_type process(std::size_t num_proofs) { - - srs_type srs(num_proofs, - random_element(), - random_element()); - return srs.specialize(num_proofs); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_IPP2_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/proof.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/proof.hpp deleted file mode 100644 index 48d768e2fa..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/proof.hpp +++ /dev/null @@ -1,145 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_AGGREGATE_PROOF_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_AGGREGATE_PROOF_HPP - -#include -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /// It contains all elements derived in the GIPA loop for both TIPP and MIPP at - /// the same time. - template - class gipa_proof { - using commitment_scheme = commitments::kzg_ipp2; - - public: - typedef CurveType curve_type; - - std::size_t nproofs; - std::vector< - std::pair> - comms_ab; - std::vector< - std::pair> - comms_c; - std::vector< - std::pair> - z_ab; - std::vector::value_type, - typename curve_type::template g1_type<>::value_type>> - z_c; - typename curve_type::template g1_type<>::value_type final_a; - typename curve_type::template g2_type<>::value_type final_b; - typename curve_type::template g1_type<>::value_type final_c; - - /// final commitment keys $v$ and $w$ - there is only one element at the - /// end for v1 and v2 hence it's a tuple. - std::pair::value_type, - typename curve_type::template g2_type<>::value_type> - final_vkey; - std::pair::value_type, - typename curve_type::template g1_type<>::value_type> - final_wkey; - - static std::size_t log_proofs(std::size_t nproofs) { - return std::ceil(std::log2(nproofs)); - } - }; - - template - struct tipp_mipp_proof { - typedef CurveType curve_type; - - gipa_proof gipa; - typename commitments::kzg_ipp2::template opening_type< - typename curve_type::template g2_type<>> - vkey_opening; - typename commitments::kzg_ipp2::template opening_type< - typename curve_type::template g1_type<>> - wkey_opening; - }; - /// AggregateProof contains all elements to verify n aggregated Groth16 proofs - /// using inner pairing product arguments. This proof can be created by any - /// party in possession of valid Groth16 proofs. - template - class r1cs_gg_ppzksnark_aggregate_proof { - - using commitment_scheme = commitments::kzg_ipp2; - - public: - typedef CurveType curve_type; - /// commitment to A and B using the pair commitment scheme needed to verify - /// TIPP relation. - typename commitment_scheme::output_type com_ab; - /// commit to C separate since we use it only in MIPP - typename commitment_scheme::output_type com_c; - /// $A^r * B = Z$ is the left value on the aggregated Groth16 equation - typename curve_type::gt_type::value_type ip_ab; - /// $C^r$ is used on the right side of the aggregated Groth16 equation - typename curve_type::template g1_type<>::value_type agg_c; - tipp_mipp_proof tmipp; - - /// Performs some high level checks on the length of vectors and others to - /// make sure all items in the proofs are consistent with each other. - bool is_valid() const { - // 1. Check length of the proofs - if (tmipp.gipa.nproofs < 2 || - tmipp.gipa.nproofs > r1cs_gg_ppzksnark_aggregate_srs::MAX_SRS_SIZE) { - return false; - } - // 2. Check if it's a power of two - if ((tmipp.gipa.nproofs & (tmipp.gipa.nproofs - 1)) != 0) { - return false; - } - // 3. Check all vectors are of the same length and of the correct length - if (tmipp.gipa.comms_ab.size() != std::ceil(std::log2(tmipp.gipa.nproofs))) { - return false; - } - if (!(tmipp.gipa.comms_ab.size() == tmipp.gipa.comms_c && - tmipp.gipa.comms_ab == tmipp.gipa.z_ab && tmipp.gipa.comms_ab == tmipp.gipa.z_c)) { - return false; - } - - return true; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/prover.hpp deleted file mode 100644 index b604b05e4c..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/prover.hpp +++ /dev/null @@ -1,654 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_PROVE_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_PROVE_HPP - -#include -#include -#include -#include - -#include - -#include -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /// Returns the vector used for the linear combination fo the inner pairing product - /// between A and B for the Groth16 aggregation: A^r * B. It is required as it - /// is not enough to simply prove the ipp of A*B, we need a random linear - /// combination of those. - template - std::vector - structured_scalar_power(std::size_t num, const typename FieldType::value_type &s) { - std::vector powers = {FieldType::value_type::one()}; - for (int i = 1; i < num; i++) { - powers.emplace_back(powers.back() * s); - } - return powers; - } - - /// compress is similar to commit::{V,W}KEY::compress: it modifies the `vec` - /// vector by setting the value at index $i:0 -> split$ $vec[i] = vec[i] + - /// vec[i+split]^scaler$. The `vec` vector is half of its size after this call. - template::value_type> - typename std::enable_if< - std::is_same::value_type, ValueType>::value || - std::is_same::value_type, ValueType>::value || - std::is_same::value>::type - compress(InputRange &vec, std::size_t split, - const typename CurveType::scalar_field_type::value_type &scalar) { - std::for_each(boost::make_zip_iterator(boost::make_tuple(vec.begin(), vec.begin() + split)), - boost::make_zip_iterator(boost::make_tuple(vec.begin() + split, vec.end())), - [&](const boost::tuple &t) { - t.template get<0>() = t.template get<0>() + t.template get<1>() * scalar; - }); - vec.resize(split); - } - - /// It returns the evaluation of the polynomial $\prod (1 + x_{l-j}(rX)^{2j}$ at - /// the point z, where transcript contains the reversed order of all challenges (the x). - /// The challenges must be in reversed order for the correct evaluation of the - /// polynomial in O(logn) - template - typename std::enable_if::value_type, - typename FieldType::value_type>::value, - typename FieldType::value_type>::type - polynomial_evaluation_product_form_from_transcript(InputFieldValueIterator transcript_first, - InputFieldValueIterator transcript_last, - const typename FieldType::value_type &z, - const typename FieldType::value_type &r_shift) { - // this is the term (rz) that will get squared at each step to produce the - // $(rz)^{2j}$ of the formula - typename FieldType::value_type power_zr = z; - power_zr = power_zr * r_shift; - - // 0 iteration - InputFieldValueIterator transcript_iter = transcript_first; - typename FieldType::value_type res = FieldType::value_type::one() + (*transcript_iter * power_zr); - power_zr = power_zr * power_zr; - ++transcript_iter; - - // the rest - while (transcript_iter != transcript_last) { - res = res * (FieldType::value_type::one() + (*transcript_iter * power_zr)); - power_zr = power_zr * power_zr; - ++transcript_iter; - } - - return res; - } - - // Compute the coefficients of the polynomial $\prod_{j=0}^{l-1} (1 + x_{l-j}(rX)^{2j})$ - // It does this in logarithmic time directly; here is an example with 2 - // challenges: - // - // We wish to compute $(1+x_1ra)(1+x_0(ra)^2) = 1 + x_1ra + x_0(ra)^2 + x_0x_1(ra)^3$ - // Algorithm: $c_{-1} = [1]$; $c_j = c_{i-1} \| (x_{l-j} * c_{i-1})$; $r = r*r$ - // $c_0 = c_{-1} \| (x_1 * r * c_{-1}) = [1] \| [rx_1] = [1, rx_1]$, $r = r^2$ - // $c_1 = c_0 \| (x_0 * r^2c_0) = [1, rx_1] \| [x_0r^2, x_0x_1r^3] = [1, x_1r, x_0r^2, x_0x_1r^3]$ - // which is equivalent to $f(a) = 1 + x_1ra + x_0(ra)^2 + x_0x_1r^2a^3$ - // - // This method expects the coefficients in reverse order so transcript[i] = - // x_{l-j}. - template - typename std::enable_if::value_type, - typename FieldType::value_type>::value, - std::vector>::type - polynomial_coefficients_from_transcript(InputFieldValueIterator transcript_first, - InputFieldValueIterator transcript_last, - const typename FieldType::value_type &r_shift) { - std::vector coefficients = {FieldType::value_type::one()}; - typename FieldType::value_type power_2_r = r_shift; - - InputFieldValueIterator transcript_iter = transcript_first; - while (transcript_iter != transcript_last) { - std::size_t n = coefficients.size(); - for (int j = 0; j < n; j++) { - coefficients.emplace_back(coefficients[j] * (*transcript_iter * power_2_r)); - } - power_2_r = power_2_r * power_2_r; - - ++transcript_iter; - } - - return coefficients; - } - - /// Returns the KZG opening proof for the given commitment key. Specifically, it - /// returns $g^{f(alpha) - f(z) / (alpha - z)}$ for $a$ and $b$. - template - typename std::enable_if< - std::is_same::value_type>::value && - std::is_same< - typename GroupType::curve_type::scalar_field_type::value_type, - typename std::iterator_traits::value_type>::value, - typename commitments::kzg_ipp2::template opening_type>:: - type - prove_commitment_key_kzg_opening( - InputGroupIterator srs_powers_alpha_first, InputGroupIterator srs_powers_alpha_last, - InputGroupIterator srs_powers_beta_first, InputGroupIterator srs_powers_beta_last, - const InputScalarRange &poly, - const typename GroupType::curve_type::scalar_field_type::value_type &eval_poly, - const typename GroupType::curve_type::scalar_field_type::value_type &kzg_challenge) { - // TODO: check correctness after updating math module - typename GroupType::curve_type::scalar_field_type::value_type neg_kzg_challenge = -kzg_challenge; - - BOOST_ASSERT(poly.size() == std::distance(srs_powers_alpha_first, srs_powers_alpha_last)); - BOOST_ASSERT(poly.size() == std::distance(srs_powers_beta_first, srs_powers_beta_last)); - - // f_v(X) - f_v(z) / (X - z) - // TODO: check correctness after updating math module - math::polynomial f_vX_sub_f_vZ = - poly - math::polynomial({{ - eval_poly, - }}); - // TODO: check correctness after updating math module - math::polynomial - quotient_polynomial = - f_vX_sub_f_vZ / - math::polynomial({ - neg_kzg_challenge, - GroupType::curve_type::scalar_field_type::value_type::one(), - }); - - if (quotient_polynomial.size() < poly.size()) { - quotient_polynomial.resize(poly.size(), - GroupType::curve_type::scalar_field_type::value_type::zero()); - } - BOOST_ASSERT(quotient_polynomial.size() == poly.size()); - - // we do one proof over h^a and one proof over h^b (or g^a and g^b depending - // on the curve we are on). that's the extra cost of the commitment scheme - // used which is compatible with Groth16 CRS insteaf of the original paper - // of Bunz'19 - return typename commitments::kzg_ipp2::template opening_type< - GroupType> {algebra::multiexp( - srs_powers_alpha_first, srs_powers_alpha_last, quotient_polynomial.begin(), - quotient_polynomial.end(), 1), - algebra::multiexp( - srs_powers_beta_first, srs_powers_beta_last, quotient_polynomial.begin(), - quotient_polynomial.end(), 1)}; - } - - template - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value, - typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g2_type<>>>::type - prove_commitment_v(InputG2Iterator srs_powers_alpha_first, InputG2Iterator srs_powers_alpha_last, - InputG2Iterator srs_powers_beta_first, InputG2Iterator srs_powers_beta_last, - InputScalarIterator transcript_first, InputScalarIterator transcript_last, - const typename CurveType::scalar_field_type::value_type &kzg_challenge) { - // TODO: check correctness after updating math module - math::polynomial vkey_poly( - polynomial_coefficients_from_transcript( - transcript_first, transcript_last, CurveType::scalar_field_type::value_type::one())); - // TODO: check correctness after updating math module - vkey_poly.condense(); - BOOST_ASSERT(!vkey_poly.is_zero()); - - typename CurveType::scalar_field_type::value_type vkey_poly_z = - polynomial_evaluation_product_form_from_transcript( - transcript_first, transcript_last, kzg_challenge, - CurveType::scalar_field_type::value_type::one()); - - return prove_commitment_key_kzg_opening>( - srs_powers_alpha_first, srs_powers_alpha_last, srs_powers_beta_first, srs_powers_beta_last, - vkey_poly, vkey_poly_z, kzg_challenge); - } - - template - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value, - typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g1_type<>>>::type - prove_commitment_w(InputG1Iterator srs_powers_alpha_first, InputG1Iterator srs_powers_alpha_last, - InputG1Iterator srs_powers_beta_first, InputG1Iterator srs_powers_beta_last, - InputScalarIterator transcript_first, InputScalarIterator transcript_last, - typename CurveType::scalar_field_type::value_type r_shift, - const typename CurveType::scalar_field_type::value_type &kzg_challenge) { - std::size_t n = std::distance(srs_powers_beta_first, srs_powers_beta_last) / 2; - BOOST_ASSERT(2 * n == std::distance(srs_powers_alpha_first, srs_powers_alpha_last)); - - // this computes f(X) = \prod (1 + x (rX)^{2^j}) - // TODO: check correctness after updating math module - math::polynomial fcoeffs( - polynomial_coefficients_from_transcript( - transcript_first, transcript_last, r_shift)); - // this computes f_w(X) = X^n * f(X) - it simply shifts all coefficients to by n - fcoeffs.insert(fcoeffs.begin(), n, CurveType::scalar_field_type::value_type::zero()); - - // this computes f(z) - typename CurveType::scalar_field_type::value_type fz = - polynomial_evaluation_product_form_from_transcript( - transcript_first, transcript_last, kzg_challenge, r_shift); - // this computes the "shift" z^n - typename CurveType::scalar_field_type::value_type zn = kzg_challenge.pow(n); - // this computes f_w(z) by multiplying by zn - typename CurveType::scalar_field_type::value_type fwz = fz * zn; - - return prove_commitment_key_kzg_opening>( - srs_powers_alpha_first, srs_powers_alpha_last, srs_powers_beta_first, srs_powers_beta_last, - fcoeffs, fwz, kzg_challenge); - } - - /// gipa_tipp_mipp performs the recursion of the GIPA protocol for TIPP and MIPP. - /// It returns a proof containing all intermediate committed values, as well as - /// the challenges generated necessary to do the polynomial commitment proof - /// later in TIPP. - template, typename InputG1Iterator1, - typename InputG2Iterator, typename InputG1Iterator2, typename InputScalarIterator> - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value, - std::tuple, std::vector, - std::vector>>::type - gipa_tipp_mipp(transcript &tr, InputG1Iterator1 a_first, InputG1Iterator1 a_last, - InputG2Iterator b_first, InputG2Iterator b_last, InputG1Iterator2 c_first, - InputG1Iterator2 c_last, - const typename commitments::kzg_ipp2::vkey_type &vkey_input, - const typename commitments::kzg_ipp2::wkey_type &wkey_input, - InputScalarIterator r_first, InputScalarIterator r_last) { - std::size_t input_len = std::distance(a_first, a_last); - BOOST_ASSERT(input_len >= 2); - BOOST_ASSERT((input_len & (input_len - 1)) == 0); - BOOST_ASSERT(input_len == std::distance(b_first, b_last)); - BOOST_ASSERT(input_len == std::distance(r_first, r_last)); - BOOST_ASSERT(input_len == std::distance(c_first, c_last)); - - // the values of vectors A and B rescaled at each step of the loop - // the values of vectors C and r rescaled at each step of the loop - std::vector::value_type> m_a {a_first, a_last}, - m_c {c_first, c_last}; - std::vector::value_type> m_b {b_first, b_last}; - std::vector m_r {r_first, r_last}; - - // the values of the commitment keys rescaled at each step of the loop - typename commitments::kzg_ipp2::vkey_type vkey = vkey_input; - typename commitments::kzg_ipp2::wkey_type wkey = wkey_input; - - // storing the values for including in the proof - std::vector::output_type, - typename commitments::kzg_ipp2::output_type>> - comms_ab; - std::vector::output_type, - typename commitments::kzg_ipp2::output_type>> - comms_c; - std::vector< - std::pair> - z_ab; - std::vector::value_type, - typename CurveType::template g1_type<>::value_type>> - z_c; - std::vector challenges, challenges_inv; - - constexpr std::array domain_separator {'g', 'i', 'p', 'a'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - typename CurveType::scalar_field_type::value_type _i = tr.read_challenge(); - - while (m_a.size() > 1) { - // recursive step - // Recurse with problem of half size - std::size_t split = m_a.size() / 2; - - auto [vk_left, vk_right] = vkey.split(split); - auto [wk_left, wk_right] = wkey.split(split); - - // TODO: parallel - // See section 3.3 for paper version with equivalent names - // TIPP part - typename commitments::kzg_ipp2::output_type tab_l = - commitments::kzg_ipp2::pair(vk_left, wk_right, m_a.begin() + split, m_a.end(), - m_b.begin(), m_b.begin() + split); - typename commitments::kzg_ipp2::output_type tab_r = - commitments::kzg_ipp2::pair(vk_right, wk_left, m_a.begin(), m_a.begin() + split, - m_b.begin() + split, m_b.end()); - - // \prod e(A_right,B_left) - typename CurveType::gt_type::value_type zab_l = CurveType::gt_type::value_type::one(); - std::for_each( - boost::make_zip_iterator(boost::make_tuple(m_a.begin() + split, m_b.begin())), - boost::make_zip_iterator(boost::make_tuple(m_a.end(), m_b.begin() + split)), - [&](const boost::tuple::value_type &, - const typename CurveType::template g2_type<>::value_type &> &t) { - zab_l = zab_l * algebra::pair(t.template get<0>(), t.template get<1>()); - }); - zab_l = algebra::final_exponentiation(zab_l); - typename CurveType::gt_type::value_type zab_r = CurveType::gt_type::value_type::one(); - std::for_each( - boost::make_zip_iterator(boost::make_tuple(m_a.begin(), m_b.begin() + split)), - boost::make_zip_iterator(boost::make_tuple(m_a.begin() + split, m_b.end())), - [&](const boost::tuple::value_type &, - const typename CurveType::template g2_type<>::value_type &> &t) { - zab_r = zab_r * algebra::pair(t.template get<0>(), t.template get<1>()); - }); - zab_r = algebra::final_exponentiation(zab_r); - - // MIPP part - // z_l = c[n':] ^ r[:n'] - typename CurveType::template g1_type<>::value_type zc_l = - algebra::multiexp( - m_c.begin() + split, m_c.end(), m_r.begin(), m_r.begin() + split, 1); - // Z_r = c[:n'] ^ r[n':] - typename CurveType::template g1_type<>::value_type zc_r = - algebra::multiexp( - m_c.begin(), m_c.begin() + split, m_r.begin() + split, m_r.end(), 1); - // u_l = c[n':] * v[:n'] - typename commitments::kzg_ipp2::output_type tuc_l = - commitments::kzg_ipp2::single(vk_left, m_c.begin() + split, m_c.end()); - // u_r = c[:n'] * v[n':] - typename commitments::kzg_ipp2::output_type tuc_r = - commitments::kzg_ipp2::single(vk_right, m_c.begin(), m_c.begin() + split); - - // Fiat-Shamir challenge - // combine both TIPP and MIPP transcript - tr.template write(zab_l); - tr.template write(zab_r); - tr.template write>(zc_l); - tr.template write>(zc_r); - tr.template write(tab_l.first); - tr.template write(tab_l.second); - tr.template write(tab_r.first); - tr.template write(tab_r.second); - tr.template write(tuc_l.first); - tr.template write(tuc_l.second); - tr.template write(tuc_r.first); - tr.template write(tuc_r.second); - typename CurveType::scalar_field_type::value_type c_inv = tr.read_challenge(); - - // Optimization for multiexponentiation to rescale G2 elements with - // 128-bit challenge Swap 'c' and 'c_inv' since can't control bit size - // of c_inv - typename CurveType::scalar_field_type::value_type c = c_inv.inversed(); - - // Set up values for next step of recursion - // A[:n'] + A[n':] ^ x - compress(m_a, split, c); - // B[:n'] + B[n':] ^ x^-1 - compress(m_b, split, c_inv); - // c[:n'] + c[n':]^x - compress(m_c, split, c); - // r[:n'] + r[n':]^x^-1 - compress(m_r, split, c_inv); - - // v_left + v_right^x^-1 - vkey = vk_left.compress(vk_right, c_inv); - // w_left + w_right^x - wkey = wk_left.compress(wk_right, c); - - comms_ab.emplace_back(std::make_pair(tab_l, tab_r)); - comms_c.emplace_back(std::make_pair(tuc_l, tuc_r)); - z_ab.emplace_back(std::make_pair(zab_l, zab_r)); - z_c.emplace_back(std::make_pair(zc_l, zc_r)); - challenges.emplace_back(c); - challenges_inv.emplace_back(c_inv); - } - - BOOST_ASSERT(m_a.size() == 1 && m_b.size() == 1); - BOOST_ASSERT(m_c.size() == 1 && m_r.size() == 1); - BOOST_ASSERT(vkey.a.size() == 1 && vkey.b.size() == 1); - BOOST_ASSERT(wkey.a.size() == 1 && wkey.b.size() == 1); - - return std::make_tuple(gipa_proof {input_len, comms_ab, comms_c, z_ab, z_c, m_a[0], - m_b[0], m_c[0], vkey.first(), wkey.first()}, - challenges, challenges_inv); - } - - /// Proves a TIPP relation between A and B as well as a MIPP relation with C and - /// r. Commitment keys must be of size of A, B and C. In the context of Groth16 - /// aggregation, we have that B = B^r and wkey is scaled by r^{-1}. The - /// commitment key v is used to commit to A and C recursively in GIPA such that - /// only one KZG proof is needed for v. In the original paper version, since the - /// challenges of GIPA would be different, two KZG proofs would be needed. - template, typename InputG1Iterator1, - typename InputG2Iterator, typename InputG1Iterator2, typename InputScalarIterator> - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value, - tipp_mipp_proof>::type - prove_tipp_mipp(const r1cs_gg_ppzksnark_aggregate_proving_srs &srs, - transcript &tr, InputG1Iterator1 a_first, InputG1Iterator1 a_last, - InputG2Iterator b_first, InputG2Iterator b_last, InputG1Iterator2 c_first, - InputG1Iterator2 c_last, - const typename commitments::kzg_ipp2::wkey_type &wkey, - InputScalarIterator r_first, InputScalarIterator r_last) { - typename CurveType::scalar_field_type::value_type r_shift = *(r_first + 1); - // Run GIPA - auto [proof, challenges, challenges_inv] = gipa_tipp_mipp( - tr, a_first, a_last, b_first, b_last, c_first, c_last, srs.vkey, wkey, r_first, r_last); - - // Prove final commitment keys are wellformed - // we reverse the transcript so the polynomial in kzg opening is constructed - // correctly - the formula indicates x_{l-j}. Also for deriving KZG - // challenge point, input must be the last challenge. - std::reverse(challenges.begin(), challenges.end()); - std::reverse(challenges_inv.begin(), challenges_inv.end()); - typename CurveType::scalar_field_type::value_type r_inverse = r_shift.inversed(); - - // KZG challenge point - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'z'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(challenges[0]); - tr.template write>(proof.final_vkey.first); - tr.template write>(proof.final_vkey.second); - tr.template write>(proof.final_wkey.first); - tr.template write>(proof.final_wkey.second); - typename CurveType::scalar_field_type::value_type z = tr.read_challenge(); - - // Complete KZG proofs - return tipp_mipp_proof { - proof, - prove_commitment_v(srs.h_alpha_powers.begin(), srs.h_alpha_powers.end(), - srs.h_beta_powers.begin(), srs.h_beta_powers.end(), - challenges_inv.begin(), challenges_inv.end(), z), - prove_commitment_w(srs.g_alpha_powers.begin(), srs.g_alpha_powers.end(), - srs.g_beta_powers.begin(), srs.g_beta_powers.end(), - challenges.begin(), challenges.end(), r_inverse, z)}; - } - - /// aggregate `n` zkSnark proofs, where `n` must be a power of two. - template, typename InputTranscriptIncludeIterator, - typename InputProofIterator> - typename std::enable_if< - std::is_same::value_type>::value && - std::is_same::value_type, - r1cs_gg_ppzksnark_proof>::value, - r1cs_gg_ppzksnark_aggregate_proof>::type - aggregate_proofs(const r1cs_gg_ppzksnark_aggregate_proving_srs &srs, - InputTranscriptIncludeIterator tr_include_first, - InputTranscriptIncludeIterator tr_include_last, InputProofIterator proofs_first, - InputProofIterator proofs_last) { - std::size_t nproofs = std::distance(proofs_first, proofs_last); - BOOST_ASSERT(nproofs >= 2); - BOOST_ASSERT((nproofs & (nproofs - 1)) == 0); - BOOST_ASSERT(srs.has_correct_len(nproofs)); - - // TODO: parallel - // We first commit to A B and C - these commitments are what the verifier - // will use later to verify the TIPP and MIPP proofs - std::vector::value_type> a, c; - std::vector::value_type> b; - auto proofs_it = proofs_first; - while (proofs_it != proofs_last) { - a.emplace_back(proofs_it->g_A); - b.emplace_back(proofs_it->g_B); - c.emplace_back(proofs_it->g_C); - ++proofs_it; - } - - // A and B are committed together in this scheme - // we need to take the reference so the macro doesn't consume the value - // first - typename commitments::kzg_ipp2::output_type com_ab = - commitments::kzg_ipp2::pair(srs.vkey, srs.wkey, a.begin(), a.end(), b.begin(), - b.end()); - typename commitments::kzg_ipp2::output_type com_c = - commitments::kzg_ipp2::single(srs.vkey, c.begin(), c.end()); - - // Derive a random scalar to perform a linear combination of proofs - constexpr std::array application_tag = {'s', 'n', 'a', 'r', 'k', - 'p', 'a', 'c', 'k'}; - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'r'}; - transcript tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(com_ab.first); - tr.template write(com_ab.second); - tr.template write(com_c.first); - tr.template write(com_c.second); - tr.write(tr_include_first, tr_include_last); - typename CurveType::scalar_field_type::value_type r = tr.read_challenge(); - - // 1,r, r^2, r^3, r^4 ... - std::vector r_vec = - structured_scalar_power( - std::distance(proofs_first, proofs_last), r); - // 1,r^-1, r^-2, r^-3 - std::vector r_inv; - std::transform(r_vec.begin(), r_vec.end(), std::back_inserter(r_inv), - [](const auto &r_i) { return r_i.inversed(); }); - - // B^{r} - std::vector::value_type> b_r; - std::for_each( - boost::make_zip_iterator(boost::make_tuple(b.begin(), r_vec.begin())), - boost::make_zip_iterator(boost::make_tuple(b.end(), r_vec.end())), - [&](const boost::tuple::value_type &, - const typename CurveType::scalar_field_type::value_type &> &t) { - b_r.emplace_back((t.template get<0>() * t.template get<1>())); - }); - // TODO: parallel - // compute A * B^r for the verifier - // auto ip_ab = algebra::pair(a, b_r); - typename CurveType::gt_type::value_type ip_ab = CurveType::gt_type::value_type::one(); - std::for_each( - boost::make_zip_iterator(boost::make_tuple(a.begin(), b_r.begin())), - boost::make_zip_iterator(boost::make_tuple(a.end(), b_r.end())), - [&](const boost::tuple::value_type &, - const typename CurveType::template g2_type<>::value_type &> &t) { - ip_ab = ip_ab * algebra::pair(t.template get<0>(), t.template get<1>()); - }); - ip_ab = algebra::final_exponentiation(ip_ab); - // compute C^r for the verifier - typename CurveType::template g1_type<>::value_type agg_c = - algebra::multiexp(c.begin(), c.end(), - r_vec.begin(), r_vec.end(), 1); - tr.template write(ip_ab); - tr.template write>(agg_c); - - // w^{r^{-1}} - typename commitments::kzg_ipp2::wkey_type wkey_r_inv = - srs.wkey.scale(r_inv.begin(), r_inv.end()); - - // we prove tipp and mipp using the same recursive loop - tipp_mipp_proof proof = - prove_tipp_mipp(srs, tr, a.begin(), a.end(), b_r.begin(), b_r.end(), c.begin(), c.end(), - wkey_r_inv, r_vec.begin(), r_vec.end()); - - // debug assert - BOOST_ASSERT(com_ab == typename commitments::kzg_ipp2::pair( - srs.vkey, wkey_r_inv, a.begin(), a.end(), b_r.begin(), b_r.end())); - - return {com_ab, com_c, ip_ab, agg_c, proof}; - } - - template - class r1cs_gg_ppzksnark_prover { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef r1cs_gg_ppzksnark_prover basic_prover; - typedef typename basic_prover::proof_type basic_proof_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::proving_srs_type proving_srs_type; - typedef typename policy_type::proof_type proof_type; - - // aggregate prove - template - static inline proof_type process(const proving_srs_type &srs, - InputTranscriptIncludeIterator transcript_include_first, - InputTranscriptIncludeIterator transcript_include_last, - InputProofIterator proofs_first, - InputProofIterator proofs_last) { - return aggregate_proofs(srs, transcript_include_first, transcript_include_last, - proofs_first, proofs_last); - } - - // Basic prove - static inline basic_proof_type process(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return basic_prover::process(pk, primary_input, auxiliary_input); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/srs.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/srs.hpp deleted file mode 100644 index b81a756341..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/srs.hpp +++ /dev/null @@ -1,211 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_SRS_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_SRS_HPP - -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - std::vector - structured_generators_scalar_power(std::size_t n, const typename ScalarFieldType::value_type &s) { - BOOST_ASSERT(n > 0); - - std::vector powers_of_g {GroupType::value_type::one()}; - - for (std::size_t i = 1; i < n; i++) { - powers_of_g.emplace_back(powers_of_g.back() * s); - } - - return powers_of_g; - } - - /// ProverSRS is the specialized SRS version for the prover for a specific number of proofs to - /// aggregate. It contains as well the commitment keys for this specific size. - /// Note the size must be a power of two for the moment - if it is not, padding must be - /// applied. - template - struct r1cs_gg_ppzksnark_aggregate_proving_srs { - typedef CurveType curve_type; - - typedef typename curve_type::template g1_type<> g1_type; - typedef typename curve_type::template g2_type<> g2_type; - typedef typename g1_type::value_type g1_value_type; - typedef typename g2_type::value_type g2_value_type; - - typedef commitments::kzg_ipp2 commitment_type; - typedef typename commitment_type::vkey_type vkey_type; - typedef typename commitment_type::wkey_type wkey_type; - - /// Returns true if commitment keys have the exact required length. - /// It is necessary for the IPP scheme to work that commitment - /// key have the exact same number of arguments as the number of proofs to - /// aggregate. - bool has_correct_len(std::size_t n) const { - return vkey.has_correct_len(n) && wkey.has_correct_len(n); - } - - /// number of proofs to aggregate - std::size_t n; - /// $\{g^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_alpha_powers; - /// $\{h^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_alpha_powers; - /// $\{g^b^i\}_{i=n}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_beta_powers; - /// $\{h^b^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_beta_powers; - /// commitment key using in MIPP and TIPP - vkey_type vkey; - /// commitment key using in TIPP - wkey_type wkey; - }; - - /// Contains the necessary elements to verify an aggregated Groth16 proof; it is of fixed size - /// regardless of the number of proofs aggregated. However, a verifier SRS will be determined by - /// the number of proofs being aggregated. - template - struct r1cs_gg_ppzksnark_aggregate_verification_srs { - typedef CurveType curve_type; - - std::size_t n; - typename CurveType::template g1_type<>::value_type g; - typename CurveType::template g2_type<>::value_type h; - typename CurveType::template g1_type<>::value_type g_alpha; - typename CurveType::template g1_type<>::value_type g_beta; - typename CurveType::template g2_type<>::value_type h_alpha; - typename CurveType::template g2_type<>::value_type h_beta; - }; - - /// It contains the maximum number of raw elements of the SRS needed to aggregate and verify - /// Groth16 proofs. One can derive specialized prover and verifier key for _specific_ size of - /// aggregations by calling `srs.specialize(n)`. The specialized prover key also contains - /// precomputed tables that drastically increase prover's performance. - /// This GenericSRS is usually formed from the transcript of two distinct power of taus ceremony - /// ,in other words from two distinct Groth16 CRS. - /// See [there](https://github.com/nikkolasg/taupipp) a way on how to generate this GenesisSRS. - template - struct r1cs_gg_ppzksnark_aggregate_srs { - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::aggregate; - typedef typename curve_type::scalar_field_type scalar_field_type; - typedef typename curve_type::template g1_type<> g1_type; - typedef typename curve_type::template g2_type<> g2_type; - typedef typename g1_type::value_type g1_value_type; - typedef typename g2_type::value_type g2_value_type; - typedef typename scalar_field_type::value_type scalar_field_value_type; - - typedef r1cs_gg_ppzksnark_aggregate_proving_srs proving_srs_type; - typedef r1cs_gg_ppzksnark_aggregate_verification_srs verification_srs_type; - typedef std::pair srs_pair_type; - - /// $\{g^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_alpha_powers; - /// $\{h^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_alpha_powers; - /// $\{g^b^i\}_{i=n}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_beta_powers; - /// $\{h^b^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_beta_powers; - - r1cs_gg_ppzksnark_aggregate_srs() = default; - r1cs_gg_ppzksnark_aggregate_srs(std::size_t num_proofs, const scalar_field_value_type &alpha, - const scalar_field_value_type &beta) : - g_alpha_powers(structured_generators_scalar_power(2 * num_proofs, alpha)), - h_alpha_powers(structured_generators_scalar_power(2 * num_proofs, alpha)), - g_beta_powers(structured_generators_scalar_power(2 * num_proofs, beta)), - h_beta_powers(structured_generators_scalar_power(2 * num_proofs, beta)) { - } - - /// specializes returns the prover and verifier SRS for a specific number of - /// proofs to aggregate. The number of proofs MUST BE a power of two, it - /// panics otherwise. The number of proofs must be inferior to half of the - /// size of the generic srs otherwise it panics. - srs_pair_type specialize(std::size_t num_proofs) { - BOOST_ASSERT(num_proofs > 0 && (num_proofs & (num_proofs - 1)) == 0); - - std::size_t tn = 2 * num_proofs; // size of the CRS we need - BOOST_ASSERT(g_alpha_powers.size() >= tn); - BOOST_ASSERT(h_alpha_powers.size() >= tn); - BOOST_ASSERT(g_beta_powers.size() >= tn); - BOOST_ASSERT(h_beta_powers.size() >= tn); - - std::size_t n = num_proofs; - // when doing the KZG opening we need _all_ coefficients from 0 - // to 2n-1 because the polynomial is of degree 2n-1. - std::size_t g_low = 0; - std::size_t g_up = tn; - std::size_t h_low = 0; - std::size_t h_up = h_low + n; - std::vector::value_type> v1 = { - h_alpha_powers.begin() + h_low, h_alpha_powers.begin() + h_up}; - std::vector::value_type> v2 = { - h_beta_powers.begin() + h_low, h_beta_powers.begin() + h_up}; - typename proving_srs_type::vkey_type vkey = {v1, v2}; - BOOST_ASSERT(vkey.has_correct_len(n)); - // however, here we only need the "right" shifted bases for the - // commitment scheme. - std::vector::value_type> w1 = { - g_alpha_powers.begin() + n, g_alpha_powers.begin() + g_up}; - std::vector::value_type> w2 = { - g_beta_powers.begin() + n, g_beta_powers.begin() + g_up}; - typename proving_srs_type::wkey_type wkey = {w1, w2}; - BOOST_ASSERT(wkey.has_correct_len(n)); - - proving_srs_type pk = {n, - {g_alpha_powers.begin() + g_low, g_alpha_powers.begin() + g_up}, - {h_alpha_powers.begin() + h_low, h_alpha_powers.begin() + h_up}, - {g_beta_powers.begin() + g_low, g_beta_powers.begin() + g_up}, - {h_beta_powers.begin() + h_low, h_beta_powers.begin() + h_up}, - vkey, - wkey}; - verification_srs_type vk = {n, - g_alpha_powers[0], - h_alpha_powers[0], - g_alpha_powers[1], - g_beta_powers[1], - h_alpha_powers[1], - h_beta_powers[1]}; - return std::make_pair(pk, vk); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_SRS_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/transcript.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/transcript.hpp deleted file mode 100644 index e25a3eea29..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/transcript.hpp +++ /dev/null @@ -1,157 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_TRANSCRIPT_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_TRANSCRIPT_HPP - -#include -#include -#include - -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template, typename Hash = hashes::sha2<256>> - struct transcript { - typedef CurveType curve_type; - typedef Hash hash_type; - - typedef nil::marshalling::bincode::curve bincode; - - std::vector buffer; - ::nil::crypto3::accumulator_set hasher_acc; - - template< - typename InputIterator, - typename std::enable_if< - std::is_same::value_type>::value, - bool>::type = true> - transcript(InputIterator first, InputIterator last) { - buffer.insert(buffer.end(), first, last); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template< - typename InputIterator, - typename std::enable_if< - std::is_same::value_type>::value, - bool>::type = true> - inline void write_domain_separator(InputIterator first, InputIterator last) { - buffer.insert(buffer.end(), first, last); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template - inline typename std::enable_if< - std::is_same::value || - std::is_same::value || - std::is_same::value>::type - write(const typename FieldType::value_type &x) { - buffer.resize(bincode::template element_size()); - bincode::template field_element_to_bytes(x, buffer.begin(), buffer.end()); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template - inline typename std::enable_if< - std::is_same, GroupType>::value || - std::is_same, GroupType>::value>::type - write(const typename GroupType::value_type &x) { - buffer.resize(bincode::template element_size()); - bincode::template point_to_bytes(x, buffer.begin(), buffer.end()); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template - inline typename std::enable_if< - std::is_same::value_type>::value>::type - write(InputIterator first, InputIterator last) { - std::array len_bytes {}; - nil::crypto3::detail::pack( - std::vector { - static_cast(std::distance(first, last)), - }, - len_bytes); - buffer.insert(buffer.end(), len_bytes.begin(), len_bytes.end()); - buffer.insert(buffer.end(), first, last); - hash(buffer, hasher_acc); - buffer.clear(); - } - - inline typename curve_type::scalar_field_type::value_type read_challenge() { - auto hasher_state = hasher_acc; - std::size_t counter_nonce = 0; - std::array counter_nonce_bytes {}; - while (true) { - ++counter_nonce; - nil::crypto3::detail::pack( - std::vector { - counter_nonce, - }, - counter_nonce_bytes); - - hash(counter_nonce_bytes, hasher_state); - typename hash_type::digest_type hasher_res = - boost::accumulators::extract_result::features_type>::type>(hasher_state); - std::pair hasher_res_deser = - bincode::template field_element_from_bytes( - hasher_res.begin(), hasher_res.end()); - - if (!hasher_res_deser.first || - hasher_res_deser.second == curve_type::scalar_field_type::value_type::zero() || - hasher_res_deser.second == curve_type::scalar_field_type::value_type::one()) { - continue; - } - return hasher_res_deser.second; - } - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_TRANSCRIPT_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verification_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verification_key.hpp deleted file mode 100644 index c2350b7ba1..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verification_key.hpp +++ /dev/null @@ -1,75 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFICATION_KEY_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct r1cs_gg_ppzksnark_aggregate_verification_key { - typedef CurveType curve_type; - - typename curve_type::template g1_type<>::value_type alpha_g1; - typename curve_type::template g2_type<>::value_type beta_g2; - typename curve_type::template g2_type<>::value_type gamma_g2; - typename curve_type::template g2_type<>::value_type delta_g2; - - container::accumulation_vector> gamma_ABC_g1; - - r1cs_gg_ppzksnark_aggregate_verification_key() = default; - r1cs_gg_ppzksnark_aggregate_verification_key( - const typename curve_type::template g1_type<>::value_type &alpha_g1, - const typename curve_type::template g2_type<>::value_type &beta_g2, - const typename curve_type::template g2_type<>::value_type &gamma_g2, - const typename curve_type::template g2_type<>::value_type &delta_g2, - const container::accumulation_vector> &gamma_ABC_g1) : - alpha_g1(alpha_g1), - beta_g2(beta_g2), gamma_g2(gamma_g2), delta_g2(delta_g2), gamma_ABC_g1(gamma_ABC_g1) { - } - - bool operator==(const r1cs_gg_ppzksnark_aggregate_verification_key &other) const { - return (this->alpha_g1 == other.alpha_g1 && this->beta_g2 == other.beta_g2 && - this->gamma_g2 == other.gamma_g2 && this->delta_g2 == other.delta_g2 && - this->gamma_ABC_g1 == other.gamma_ABC_g1); - } - - explicit operator r1cs_gg_ppzksnark_verification_key() const { - return r1cs_gg_ppzksnark_verification_key( - algebra::pair_reduced(alpha_g1, beta_g2), gamma_g2, delta_g2, gamma_ABC_g1); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFICATION_KEY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verifier.hpp deleted file mode 100644 index 163be38232..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verifier.hpp +++ /dev/null @@ -1,713 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFY_HPP - -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /// Keeps track of the variables that have been sent by the prover and must - /// be multiplied together by the verifier. Both MIPP and TIPP are merged - /// together. - template - class gipa_tuz { - typedef CurveType curve_type; - using g1_type = typename curve_type::template g1_type<>; - - public: - typename curve_type::gt_type::value_type tab; - typename curve_type::gt_type::value_type uab; - typename curve_type::gt_type::value_type zab; - typename curve_type::gt_type::value_type tc; - typename curve_type::gt_type::value_type uc; - typename g1_type::value_type zc; - - inline gipa_tuz() : - tab(curve_type::gt_type::value_type::one()), uab(curve_type::gt_type::value_type::one()), - zab(curve_type::gt_type::value_type::one()), tc(curve_type::gt_type::value_type::one()), - uc(curve_type::gt_type::value_type::one()), zc(g1_type::value_type::zero()) { - } - - inline gipa_tuz(const typename curve_type::gt_type::value_type &tab, - const typename curve_type::gt_type::value_type &uab, - const typename curve_type::gt_type::value_type &zab, - const typename curve_type::gt_type::value_type &tc, - const typename curve_type::gt_type::value_type &uc, - const typename g1_type::value_type &zc) : - tab(tab), - uab(uab), zab(zab), tc(tc), uc(uc), zc(zc) { - } - - inline void merge(const gipa_tuz &other) { - tab = tab * other.tab; - uab = uab * other.uab; - zab = zab * other.zab; - tc = tc * other.tc; - uc = uc * other.uc; - zc = zc + other.zc; - } - }; - - /// TODO: optimize this simple version of pairing checker - /// PairingCheck represents a check of the form e(A,B)e(C,D)... = T. Checks can - /// be aggregated together using random linear combination. The efficiency comes - /// from keeping the results from the miller loop output before proceding to a final - /// exponentiation when verifying if all checks are verified. - /// It is a tuple: - /// - a miller loop result that is to be multiplied by other miller loop results - /// before going into a final exponentiation result - /// - a right side result which is already in the right subgroup Gt which is to - /// be compared to the left side when "final_exponentiatiat"-ed - template - struct pairing_check { - typedef CurveType curve_type; - - typedef typename curve_type::template g1_type<> g1_type; - typedef typename curve_type::template g2_type<> g2_type; - typedef typename curve_type::gt_type gt_type; - typedef typename curve_type::scalar_field_type scalar_field_type; - - typedef typename g1_type::value_type g1_value_type; - typedef typename g2_type::value_type g2_value_type; - typedef typename gt_type::value_type gt_value_type; - typedef typename scalar_field_type::value_type scalar_field_value_type; - - gt_value_type left; - gt_value_type right; - bool non_random_check_done; - bool valid; - - inline pairing_check() : - left(gt_value_type::one()), right(gt_value_type::one()), non_random_check_done(false), - valid(true) { - } - - /// returns a pairing tuple that is scaled by a random element. - /// When aggregating pairing checks, this creates a random linear - /// combination of all checks so that it is secure. Specifically - /// we have e(A,B)e(C,D)... = out <=> e(g,h)^{ab + cd} = out - /// We rescale using a random element $r$ to give - /// e(rA,B)e(rC,D) ... = out^r <=> - /// e(A,B)^r e(C,D)^r = out^r <=> e(g,h)^{abr + cdr} = out^r - /// (e(g,h)^{ab + cd})^r = out^r - template::value_type>::value && - std::is_same::value_type>::value, - bool>::type> - inline pairing_check(InputG1Iterator a_first, InputG1Iterator a_last, InputG2Iterator b_first, - InputG2Iterator b_last, const gt_value_type &out) : - left(gt_value_type::one()), - right(gt_value_type::one()), non_random_check_done(false), valid(true) { - merge_random(a_first, a_last, b_first, b_last, out); - } - - void merge() { - } - - template - inline typename std::enable_if< - std::is_same::value_type>::value && - std::is_same::value_type>::value>::type - merge_random(InputG1Iterator a_first, InputG1Iterator a_last, InputG2Iterator b_first, - InputG2Iterator b_last, const gt_value_type &out) { - std::size_t len = std::distance(a_first, a_last); - BOOST_ASSERT(len > 0); - BOOST_ASSERT(len == std::distance(b_first, b_last)); - - if (!valid) { - return; - } - - scalar_field_value_type coeff = derive_non_zero(); - std::for_each(boost::make_zip_iterator(boost::make_tuple(a_first, b_first)), - boost::make_zip_iterator(boost::make_tuple(a_last, b_last)), - [&](const boost::tuple &t) { - left = left * algebra::pair(coeff * t.template get<0>(), - t.template get<1>()); - }); - right = right * (out == CurveType::gt_type::value_type::one() ? out : out.pow(coeff.data)); - } - - template - inline typename std::enable_if::value_type>::value>::type - merge_nonrandom(InputGTIterator a_first, InputGTIterator a_last, const gt_value_type &out) { - BOOST_ASSERT(!non_random_check_done); - BOOST_ASSERT(std::distance(a_first, a_last) > 0); - - if (!valid) { - return; - } - - for (auto a_it = a_first; a_it != a_last; ++a_it) { - left = left * (*a_it); - } - right = right * out; - - non_random_check_done = true; - } - - inline bool verify() { - return valid && (algebra::final_exponentiation(left) == right); - } - - inline scalar_field_value_type derive_non_zero() { - scalar_field_value_type coeff = - algebra::random_element(); - while (coeff.is_zero()) { - coeff = algebra::random_element(); - } - return coeff; - } - - inline void invalidate() { - valid = false; - } - }; - - /// verify_kzg_opening_g2 takes a KZG opening, the final commitment key, SRS and - /// any shift (in TIPP we shift the v commitment by r^-1) and returns a pairing - /// tuple to check if the opening is correct or not. - template - inline typename std::enable_if< - std::is_same::value_type>::value>::type - verify_kzg_v(const r1cs_gg_ppzksnark_aggregate_verification_srs &v_srs, - const std::pair::value_type, - typename CurveType::template g2_type<>::value_type> &final_vkey, - const typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g2_type<>> &vkey_opening, - InputScalarIterator challenges_first, InputScalarIterator challenges_last, - const typename CurveType::scalar_field_type::value_type &kzg_challenge, - pairing_check &pc) { - // f_v(z) - typename CurveType::scalar_field_type::value_type vpoly_eval_z = - polynomial_evaluation_product_form_from_transcript( - challenges_first, challenges_last, kzg_challenge, - CurveType::scalar_field_type::value_type::one()); - - // TODO:: parallel - // -g such that when we test a pairing equation we only need to check if - // it's equal 1 at the end: - // e(a,b) = e(c,d) <=> e(a,b)e(-c,d) = 1 - // e(A,B) = e(C,D) <=> e(A,B)e(-C,D) == 1 <=> e(A,B)e(C,D)^-1 == 1 - // verify first part of opening - v1 - // e(-g, v1-(f_v(z)}*h)) ==> e(g^-1,h^{f_v(a)} * h^{-f_v(z)}) - // e(g^{a - z}, opening_1) ==> e(g^{a-z}, h^q(a)) - std::vector::value_type> a_input1 { - -v_srs.g, - v_srs.g_alpha - (v_srs.g * kzg_challenge), - }; - std::vector::value_type> b_input1 { - // in additive notation: final_vkey = uH, - // uH - f_v(z)H = (u - f_v)H --> v1h^{-af_v(z)} - final_vkey.first - (v_srs.h * vpoly_eval_z), - vkey_opening.first, - }; - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), - CurveType::gt_type::value_type::one()); - - // verify second part of opening - v2 - similar but changing secret exponent - // e(g, v2 h^{-bf_v(z)}) - std::vector::value_type> a_input2 { - -v_srs.g, - v_srs.g_beta - (v_srs.g * kzg_challenge), - }; - std::vector::value_type> b_input2 { - // in additive notation: final_vkey = uH, - // uH - f_v(z)H = (u - f_v)H --> v1h^{-f_v(z)} - final_vkey.second - (v_srs.h * vpoly_eval_z), - vkey_opening.second, - }; - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), - CurveType::gt_type::value_type::one()); - } - - /// Similar to verify_kzg_opening_g2 but for g1. - template - inline typename std::enable_if< - std::is_same::value_type>::value>::type - verify_kzg_w(const r1cs_gg_ppzksnark_aggregate_verification_srs &v_srs, - const std::pair::value_type, - typename CurveType::template g1_type<>::value_type> &final_wkey, - const typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g1_type<>> &wkey_opening, - InputScalarIterator challenges_first, InputScalarIterator challenges_last, - const typename CurveType::scalar_field_type::value_type &r_shift, - const typename CurveType::scalar_field_type::value_type &kzg_challenge, - pairing_check &pc) { - // TODO: parallel - // compute in parallel f(z) and z^n and then combines into f_w(z) = z^n * f(z) - typename CurveType::scalar_field_type::value_type fwz = - polynomial_evaluation_product_form_from_transcript( - challenges_first, challenges_last, kzg_challenge, r_shift) * - kzg_challenge.pow(v_srs.n); - - // TODO: parallel - // first check on w1 - // e(w_1 / g^{f_w(z)},h) == e(\pi_{w,1},h^a/h^z) - // e(g^{f_w(a) - f_w(z)}, - std::vector::value_type> a_input1 { - final_wkey.first - (v_srs.g * fwz), - // e(opening, h^{a - z}) - wkey_opening.first, - }; - std::vector::value_type> b_input1 { - -v_srs.h, - v_srs.h_alpha - (v_srs.h * kzg_challenge), - }; - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), - CurveType::gt_type::value_type::one()); - - // then do second check - // e(w_2 / g^{f_w(z)},h) == e(\pi_{w,2},h^b/h^z) - std::vector::value_type> a_input2 { - final_wkey.second - (v_srs.g * fwz), - wkey_opening.second, - }; - std::vector::value_type> b_input2 { - -v_srs.h, - v_srs.h_beta - (v_srs.h * kzg_challenge), - }; - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), - CurveType::gt_type::value_type::one()); - } - - /// gipa_verify_tipp_mipp recurse on the proof and statement and produces the final - /// values to be checked by TIPP and MIPP verifier, namely, for TIPP for example: - /// * T,U: the final commitment values of A and B - /// * Z the final product between A and B. - /// * Challenges are returned in inverse order as well to avoid - /// repeating the operation multiple times later on. - /// * There are T,U,Z vectors as well for the MIPP relationship. Both TIPP and - /// MIPP share the same challenges however, enabling to re-use common operations - /// between them, such as the KZG proof for commitment keys. - template> - inline std::tuple, typename CurveType::scalar_field_type::value_type, - std::vector, - std::vector> - gipa_verify_tipp_mipp(transcript &tr, - const r1cs_gg_ppzksnark_aggregate_proof &proof, - const typename CurveType::scalar_field_type::value_type &r_shift) { - std::vector challenges; - std::vector challenges_inv; - - constexpr std::array domain_separator = {'g', 'i', 'p', 'a'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - - // We first generate all challenges as this is the only consecutive process - // that can not be parallelized then we scale the commitments in a - // parallelized way - std::for_each( - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.begin(), proof.tmipp.gipa.z_ab.begin(), - proof.tmipp.gipa.comms_c.begin(), proof.tmipp.gipa.z_c.begin())), - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.end(), proof.tmipp.gipa.z_ab.end(), - proof.tmipp.gipa.comms_c.end(), proof.tmipp.gipa.z_c.end())), - [&](const boost::tuple< - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair &, - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair::value_type, - typename CurveType::template g1_type<>::value_type> &> &t) { - // .write(&zab_l) - tr.template write(t.template get<1>().first); - // .write(&zab_r) - tr.template write(t.template get<1>().second); - // .write(&zc_l) - tr.template write>(t.template get<3>().first); - // .write(&zc_r) - tr.template write>(t.template get<3>().second); - // .write(&tab_l.0) - tr.template write(t.template get<0>().first.first); - // .write(&tab_l.1) - tr.template write(t.template get<0>().first.second); - // .write(&tab_r.0) - tr.template write(t.template get<0>().second.first); - // .write(&tab_r.1) - tr.template write(t.template get<0>().second.second); - // .write(&tc_l.0) - tr.template write(t.template get<2>().first.first); - // .write(&tc_l.1) - tr.template write(t.template get<2>().first.second); - // .write(&tc_r.0) - tr.template write(t.template get<2>().second.first); - // .write(&tc_r.1) - tr.template write(t.template get<2>().second.second); - challenges_inv.emplace_back(tr.read_challenge()); - challenges.emplace_back(challenges_inv.back().inversed()); - }); - - gipa_tuz final_res {// output of the pair commitment T and U in TIPP -> COM((v,w),A,B) - proof.com_ab.first, proof.com_ab.second, - // in the end must be equal to Z = A^r * B - proof.ip_ab, - // COM(v,C) - proof.com_c.first, proof.com_c.second, - // in the end must be equal to Z = C^r - proof.agg_c}; - - // we first multiply each entry of the Z U and L vectors by the respective - // challenges independently - // Since at the end we want to multiple all "t" values together, we do - // multiply all of them in parrallel and then merge then back at the end. - // same for u and z. - gipa_tuz res; - std::for_each( - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.begin(), proof.tmipp.gipa.z_ab.begin(), - proof.tmipp.gipa.comms_c.begin(), proof.tmipp.gipa.z_c.begin(), - challenges.begin(), challenges_inv.begin())), - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.end(), proof.tmipp.gipa.z_ab.end(), - proof.tmipp.gipa.comms_c.end(), proof.tmipp.gipa.z_c.end(), - challenges.end(), challenges_inv.end())), - [&](const boost::tuple< - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair &, - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair::value_type, - typename CurveType::template g1_type<>::value_type> &, - const typename CurveType::scalar_field_type::value_type &, - const typename CurveType::scalar_field_type::value_type &> &t) { - // Op::TAB::(tab_l, c_repr), - res.tab = res.tab * t.template get<0>().first.first.pow(t.template get<4>().data); - // Op::TAB(tab_r, c_inv_repr), - res.tab = res.tab * t.template get<0>().second.first.pow(t.template get<5>().data); - // Op::UAB(uab_l, c_repr), - res.uab = res.uab * t.template get<0>().first.second.pow(t.template get<4>().data); - // Op::UAB(uab_r, c_inv_repr), - res.uab = res.uab * t.template get<0>().second.second.pow(t.template get<5>().data); - // Op::ZAB(zab_l, c_repr), - res.zab = res.zab * t.template get<1>().first.pow(t.template get<4>().data); - // Op::ZAB(zab_r, c_inv_repr), - res.zab = res.zab * t.template get<1>().second.pow(t.template get<5>().data); - // Op::TC::(tc_l, c_repr), - res.tc = res.tc * t.template get<2>().first.first.pow(t.template get<4>().data); - // Op::TC(tc_r, c_inv_repr), - res.tc = res.tc * t.template get<2>().second.first.pow(t.template get<5>().data); - // Op::UC(uc_l, c_repr), - res.uc = res.uc * t.template get<2>().first.second.pow(t.template get<4>().data); - // Op::UC(uc_r, c_inv_repr), - res.uc = res.uc * t.template get<2>().second.second.pow(t.template get<5>().data); - // Op::ZC(zc_l, c_repr), - res.zc = res.zc + (t.template get<4>() * t.template get<3>().first); - // Op::ZC(zc_r, c_inv_repr), - res.zc = res.zc + (t.template get<5>() * t.template get<3>().second); - }); - - // we reverse the order because the polynomial evaluation routine expects - // the challenges in reverse order.Doing it here allows us to compute the final_r - // in log time. Challenges are used as well in the KZG verification checks. - std::reverse(challenges.begin(), challenges.end()); - std::reverse(challenges_inv.begin(), challenges_inv.end()); - - final_res.merge(res); - typename CurveType::scalar_field_type::value_type final_r = - polynomial_evaluation_product_form_from_transcript( - challenges_inv.begin(), challenges_inv.end(), r_shift, - CurveType::scalar_field_type::value_type::one()); - - return std::make_tuple(final_res, final_r, challenges, challenges_inv); - } - - /// verify_tipp_mipp returns a pairing equation to check the tipp proof. $r$ is - /// the randomness used to produce a random linear combination of A and B and - /// used in the MIPP part with C - template> - inline void verify_tipp_mipp(transcript &tr, - const r1cs_gg_ppzksnark_aggregate_verification_srs &v_srs, - const r1cs_gg_ppzksnark_aggregate_proof &proof, - const typename CurveType::scalar_field_type::value_type &r_shift, - pairing_check &pc) { - // (T,U), Z for TIPP and MIPP and all challenges - auto [final_res, final_r, challenges, challenges_inv] = - gipa_verify_tipp_mipp(tr, proof, r_shift); - - // Verify commitment keys wellformed - // KZG challenge point - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'z'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(challenges.front()); - tr.template write>(proof.tmipp.gipa.final_vkey.first); - tr.template write>(proof.tmipp.gipa.final_vkey.second); - tr.template write>(proof.tmipp.gipa.final_wkey.first); - tr.template write>(proof.tmipp.gipa.final_wkey.second); - typename CurveType::scalar_field_type::value_type c = tr.read_challenge(); - - // TODO: parallel - // check the opening proof for v - verify_kzg_v( - v_srs, proof.tmipp.gipa.final_vkey, proof.tmipp.vkey_opening, challenges_inv.begin(), - challenges_inv.end(), c, pc); - // check the opening proof for w - note that w has been rescaled by $r^{-1}$ - verify_kzg_w( - v_srs, proof.tmipp.gipa.final_wkey, proof.tmipp.wkey_opening, challenges.begin(), - challenges.end(), r_shift.inversed(), c, pc); - // - // We create a sequence of pairing tuple that we aggregate together at - // the end to perform only once the final exponentiation. - // - // TIPP - // z = e(A,B) - std::vector::value_type> a_input1 { - proof.tmipp.gipa.final_a, - }; - std::vector::value_type> b_input1 { - proof.tmipp.gipa.final_b, - }; - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), final_res.zab); - - // final_aB.0 = T = e(A,v1)e(w1,B) - a_input1.template emplace_back<>(proof.tmipp.gipa.final_wkey.first); - b_input1.template emplace<>(b_input1.begin(), proof.tmipp.gipa.final_vkey.first); - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), final_res.tab); - - // final_aB.1 = U = e(A,v2)e(w2,B) - a_input1.pop_back(); - a_input1.template emplace_back<>(proof.tmipp.gipa.final_wkey.second); - b_input1.erase(b_input1.begin()); - b_input1.template emplace<>(b_input1.begin(), proof.tmipp.gipa.final_vkey.second); - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), final_res.uab); - - // MIPP - // Verify base inner product commitment - // Z == c ^ r - typename CurveType::template g1_type<>::value_type final_z = final_r * proof.tmipp.gipa.final_c; - - // Check commiment correctness - // T = e(C,v1) - std::vector::value_type> a_input2 { - proof.tmipp.gipa.final_c, - }; - std::vector::value_type> b_input2 { - proof.tmipp.gipa.final_vkey.first, - }; - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), final_res.tc); - - // U = e(A,v2) - b_input2.pop_back(); - b_input2.template emplace_back<>(proof.tmipp.gipa.final_vkey.second); - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), final_res.uc); - - if (final_z != final_res.zc) { - pc.invalidate(); - } - } - - /// Verifies the aggregated proofs thanks to the Groth16 verifying key, the - /// verifier SRS from the aggregation scheme, all the public inputs of the - /// proofs and the aggregated proof. - /// WARNING: transcript_include represents everything that should be included in - /// the transcript from outside the boundary of this function. This is especially - /// relevant for ALL public inputs of ALL individual proofs. In the regular case, - /// one should input ALL public inputs from ALL proofs aggregated. However, IF ALL the - /// public inputs are **fixed, and public before the aggregation time**, then there is - /// no need to hash those. The reason we specify this extra assumption is because hashing - /// the public inputs from the decoded form can take quite some time depending on the - /// number of proofs and public inputs (+100ms in our case). In the case of Filecoin, the only - /// non-fixed part of the public inputs are the challenges derived from a seed. Even though this - /// seed comes from a random beeacon, we are hashing this as a safety precaution. - template, - typename GeneratorType = boost::random::mt19937, typename Hash = hashes::sha2<256>, - typename InputRangesRange, typename InputIterator> - inline typename std::enable_if< - std::is_same::value_type::iterator>::value_type>::value && - std::is_same::value_type>::value, - bool>::type - verify_aggregate_proof( - const r1cs_gg_ppzksnark_aggregate_verification_srs &ip_verifier_srs, - const r1cs_gg_ppzksnark_aggregate_verification_key &pvk, - const InputRangesRange &public_inputs, - const r1cs_gg_ppzksnark_aggregate_proof &proof, - InputIterator transcript_include_first, - InputIterator transcript_include_last) { - for (const auto &public_input : public_inputs) { - BOOST_ASSERT((public_input.size()) == pvk.gamma_ABC_g1.size()); - } - - // Random linear combination of proofs - constexpr std::array application_tag = {'s', 'n', 'a', 'r', 'k', - 'p', 'a', 'c', 'k'}; - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'r'}; - transcript tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(proof.com_ab.first); - tr.template write(proof.com_ab.second); - tr.template write(proof.com_c.first); - tr.template write(proof.com_c.second); - tr.write(transcript_include_first, transcript_include_last); - typename CurveType::scalar_field_type::value_type r = tr.read_challenge(); - tr.template write(proof.ip_ab); - tr.template write>(proof.agg_c); - - pairing_check pc; - - // TODO: parallel - // 1.Check TIPA proof ab - // 2.Check TIPA proof c - verify_tipp_mipp( - tr, - ip_verifier_srs, - proof, - // we give the extra r as it's not part of the proof itself - it is simply used on top for the - // groth16 aggregation - r, - pc); - - // Check aggregate pairing product equation - // SUM of a geometric progression - // SUM a^i = (1 - a^n) / (1 - a) = -(1-a^n)/-(1-a) - // = (a^n - 1) / (a - 1) - typename CurveType::scalar_field_type::value_type r_sum = - (r.pow(public_inputs.size()) - CurveType::scalar_field_type::value_type::one()) * - (r - CurveType::scalar_field_type::value_type::one()).inversed(); - - // The following parts 3 4 5 are independently computing the parts of the Groth16 - // verification equation - // NOTE From this point on, we are only checking *one* pairing check (the Groth16 - // verification equation) so we don't need to randomize as all other checks are being - // randomized already. When merging all pairing checks together, this will be the only one - // non-randomized. - // - // now we do the multi exponentiation - std::vector powers = - structured_scalar_power(public_inputs.size(), r); - std::vector multi_r_vec; - // i denotes the column of the public input, and j denotes which public input - for (std::size_t i = 0; i < public_inputs[0].size(); ++i) { - typename CurveType::scalar_field_type::value_type c = public_inputs[0][i]; - for (std::size_t j = 1; j < public_inputs.size(); ++j) { - c = c + public_inputs[j][i] * powers[j]; - } - multi_r_vec.emplace_back(c); - } - - // 3. Compute left part of the final pairing equation - typename CurveType::gt_type::value_type left = - algebra::pair(pvk.alpha_g1 * r_sum, pvk.beta_g2); - - // 4. Compute right part of the final pairing equation - typename CurveType::gt_type::value_type right = algebra::pair(proof.agg_c, pvk.delta_g2); - - // 5. compute the middle part of the final pairing equation, the one - // with the public inputs - // We want to compute MUL(i:0 -> l) S_i ^ (SUM(j:0 -> n) ai,j * r^j) - // this table keeps tracks of incremental computation of each i-th - // exponent to later multiply with S_i - // The index of the table is i, which is an index of the public - // input element - // We incrementally build the r vector and the table - // NOTE: in this version it's not r^2j but simply r^j - typename CurveType::template g1_type<>::value_type g_ic = pvk.gamma_ABC_g1.first * r_sum; - // TODO: do without using of accumulation_vector - typename CurveType::template g1_type<>::value_type totsi = - pvk.gamma_ABC_g1.accumulate_chunk(multi_r_vec.begin(), multi_r_vec.end(), 0).first - - pvk.gamma_ABC_g1.first; - g_ic = g_ic + totsi; - typename CurveType::gt_type::value_type middle = algebra::pair(g_ic, pvk.gamma_g2); - - std::vector a_input {left, middle, right}; - pc.merge_nonrandom(a_input.begin(), a_input.end(), proof.ip_ab); - return pc.verify(); - } - - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef r1cs_gg_ppzksnark_verifier_strong_input_consistency - basic_verifier; - typedef typename basic_verifier::proof_type basic_proof_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::verification_srs_type verification_srs_type; - typedef typename policy_type::proof_type proof_type; - - // aggregate verify - template - static inline typename std::enable_if< - std::is_same::value_type>::value, - bool>::type - process(const verification_srs_type &ip_verifier_srs, - const verification_key_type &pvk, - const InputPrimaryInputRange &public_inputs, - const proof_type &proof, - InputIterator transcript_include_first, - InputIterator transcript_include_last) { - return verify_aggregate_proof( - ip_verifier_srs, pvk, public_inputs, proof, transcript_include_first, - transcript_include_last); - } - - // Basic verify - template - static inline bool process(const VerificationKey &vk, - const primary_input_type &primary_input, - const basic_proof_type &proof) { - return basic_verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/keypair.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/keypair.hpp deleted file mode 100644 index 98115c6e0c..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_gg_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/marshalling.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/marshalling.hpp deleted file mode 100644 index 2a6dace6f0..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/marshalling.hpp +++ /dev/null @@ -1,1258 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2020 Mikhail Komarov -// Copyright (c) 2020 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for R1CS with a security proof -// in the generic group (GG) model. -// -// This includes: -//- class for proving key -//- class for verification key -//- class for processed verification key -//- class for key pair (proving key & verification key) -//- class for proof -//- generator algorithm -//- prover algorithm -//- verifier algorithm (with strong or weak input consistency) -//- online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates the protocol of \[Gro16]. -// -// -// Acronyms: -// -//- R1CS = "Rank-1 Constraint Systems" -//- ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// -// References: -// -//\[Gro16]: -// "On the Size of Pairing-based Non-interactive Arguments", -// Jens Groth, -// EUROCRYPT 2016, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_TYPES_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_TYPES_HPP - -#include -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include - -namespace nil { - namespace marshalling { - - using namespace nil::crypto3::zk::snark; - using namespace nil::crypto3; - - /************************ TON Virtual Machine compatible serialization *************************/ - - template - struct verifier_input_deserializer_tvm; - - template<> - struct verifier_input_deserializer_tvm< - nil::crypto3::zk::snark::r1cs_gg_ppzksnark>> { - - using CurveType = typename algebra::curves::bls12<381>; - using scheme_type = nil::crypto3::zk::snark::r1cs_gg_ppzksnark; - - using chunk_type = std::uint8_t; - constexpr static const std::size_t chunk_size = 8; - - static const std::size_t std_size_t_byteblob_size = 4; - static const std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - static const std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - static const std::size_t fp_byteblob_size = CurveType::base_field_type::modulus_bits / chunk_size + - (CurveType::base_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t gt_byteblob_size = 2 * 3 * 2 * fp_byteblob_size; - static const std::size_t fr_byteblob_size = - CurveType::scalar_field_type::modulus_bits / chunk_size + - (CurveType::scalar_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t linear_term_byteblob_size = std_size_t_byteblob_size + fr_byteblob_size; - static const std::size_t g2g1_element_kc_byteblob_size = g2_byteblob_size + g1_byteblob_size; - - template - static inline typename std::enable_if::value, - typename FieldType::value_type>::type - field_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - using integral_type = typename FieldType::integral_type; - using field_type = FieldType; - - std::pair processed = - bincode::field::field_element_from_bytes(read_iter_begin, read_iter_end); - - if (!std::get<0>(processed)) { - processingStatus = status_type::invalid_msg_data; - - return field_type::value_type::zero(); - } - - return std::get<1>(processed); - } - - template - static inline typename std::enable_if<::nil::crypto3::algebra::is_extended_field::value, - typename FieldType::value_type>::type - field_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - using integral_type = typename FieldType::integral_type; - using field_type = FieldType; - - std::pair processed = - bincode::field::field_element_from_bytes(read_iter_begin, read_iter_end); - - if (!std::get<0>(processed)) { - processingStatus = status_type::invalid_msg_data; - - return field_type::value_type::zero(); - } - - return std::get<1>(processed); - } - - template - static inline typename GroupType::value_type - g1_group_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - typename curve_element_serializer::compressed_g1_octets input_array; - - for (std::size_t i = 0; i < g1_byteblob_size; ++i) { - input_array[i] = read_iter_begin[i]; - } - - return curve_element_serializer::octets_to_g1_point(input_array); - } - - template - static inline typename GroupType::value_type - g2_group_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - typename curve_element_serializer::compressed_g2_octets input_array; - - for (std::size_t i = 0; i < g2_byteblob_size; ++i) { - input_array[i] = read_iter_begin[i]; - } - - return curve_element_serializer::octets_to_g2_point(input_array); - } - - template - static inline linear_term - linear_term_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - std::size_t index = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::scalar_field_type::value_type coeff = - field_type_process( - read_iter_begin + std_size_t_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + fr_byteblob_size, - processingStatus); - - return linear_term( - variable(index), coeff); - } - - template - static inline linear_combination - linear_combination_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - std::size_t terms_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::vector> terms(terms_count); - - for (std::size_t i = 0; i < terms_count; i++) { - terms[i] = linear_term_process( - read_iter_begin + std_size_t_byteblob_size + i * linear_term_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * linear_term_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - } - - return {terms}; - } - - template - static inline r1cs_constraint - r1cs_constraint_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - std::size_t a_terms_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t a_byte_size = a_terms_count * linear_term_byteblob_size + std_size_t_byteblob_size; - linear_combination a = - linear_combination_process(read_iter_begin, read_iter_begin + a_byte_size, processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t b_terms_count = std_size_t_process(read_iter_begin + a_byte_size, - read_iter_begin + a_byte_size + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t b_byte_size = b_terms_count * linear_term_byteblob_size + std_size_t_byteblob_size; - linear_combination b = linear_combination_process( - read_iter_begin + a_byte_size, read_iter_begin + a_byte_size + b_byte_size, processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t c_terms_count = - std_size_t_process(read_iter_begin + a_byte_size + b_byte_size, - read_iter_begin + a_byte_size + b_byte_size + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t c_byte_size = c_terms_count * linear_term_byteblob_size + std_size_t_byteblob_size; - linear_combination c = - linear_combination_process(read_iter_begin + a_byte_size + b_byte_size, - read_iter_begin + a_byte_size + b_byte_size + c_byte_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - return {a, b, c}; - } - - template - static inline r1cs_constraint_system - r1cs_constraint_system_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - std::size_t primary_input_size = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t auxiliary_input_size = std_size_t_process(read_iter_begin + std_size_t_byteblob_size, - read_iter_begin + 2 * std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t rc_count = std_size_t_process(read_iter_begin + 2 * std_size_t_byteblob_size, - read_iter_begin + 3 * std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::vector> constraints(rc_count); - - auto read_iter_current_begin = read_iter_begin + 3 * std_size_t_byteblob_size; - - for (std::size_t i = 0; i < rc_count; i++) { - - std::size_t total_r1cs_constraint_byteblob_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, - processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - - constraints[i] = - r1cs_constraint_process(read_iter_current_begin, - read_iter_current_begin + total_r1cs_constraint_byteblob_size, - processingStatus); - read_iter_current_begin += total_r1cs_constraint_byteblob_size; - } - - r1cs_constraint_system res = - r1cs_constraint_system(); - - res.primary_input_size = primary_input_size; - res.auxiliary_input_size = auxiliary_input_size; - res.constraints = constraints; - - return res; - } - - template - static inline crypto3::zk::commitments::detail::element_kc, - typename CurveType::template g1_type<>> - g2g1_element_kc_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - typename CurveType::template g2_type<>::value_type g = - g2_group_type_process>( - read_iter_begin, read_iter_begin + g2_byteblob_size, processingStatus); - - typename CurveType::template g1_type<>::value_type h = - g1_group_type_process>( - read_iter_begin + g2_byteblob_size, - read_iter_begin + g2_byteblob_size + - g1_byteblob_size, - processingStatus); - return {g, h}; - } - - template - static inline crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - g2g1_knowledge_commitment_vector_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - using T = crypto3::zk::commitments::knowledge_commitment, - typename CurveType::template g1_type<>>; - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - std::size_t indices_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::vector indices(indices_count, 0); - - for (std::size_t i = 0; i < indices_count; i++) { - indices[i] = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + std_size_t_byteblob_size * i, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - } - - std::vector values(indices_count); - - for (std::size_t i = 0; i < indices_count; i++) { - values[i] = g2g1_element_kc_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - i * g2g1_element_kc_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - (i + 1) * g2g1_element_kc_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - } - - std::size_t domain_size_ = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g2g1_element_kc_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g2g1_element_kc_byteblob_size + std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - crypto3::container::sparse_vector sv; - - sv.indices = indices; - sv.values = values; - sv.domain_size_ = domain_size_; - - // assert (sv.is_valid()); - assert(sv.values.size() == sv.indices.size()); - - return sv; - } - - static inline std::size_t - std_size_t_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return 0; - } - - std::vector vector_s(1, 0); - auto iter = vector_s.begin(); - - std::size_t vector_c_size = std_size_t_byteblob_size; - std::vector vector_c; - - vector_c.reserve(vector_c_size); - vector_c.insert(vector_c.end(), read_iter_begin, read_iter_begin + vector_c_size); - - nil::crypto3::detail::pack_from(vector_c, iter); - - return vector_s[0]; - } - - template - static inline crypto3::container::sparse_vector - g1_sparse_vector_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return crypto3::container::sparse_vector(); - } - - std::size_t indices_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - - if (std::distance(read_iter_begin, read_iter_end) < - std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g1_byteblob_size + std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return crypto3::container::sparse_vector(); - } - - std::vector indices(indices_count, 0); - - for (std::size_t i = 0; i < indices_count; i++) { - indices[i] = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + std_size_t_byteblob_size * i, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - } - - std::vector values(indices_count); - - for (std::size_t i = 0; i < indices_count; i++) { - values[i] = g1_group_type_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - i * g1_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - (i + 1) * g1_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - } - - std::size_t domain_size_ = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g1_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g1_byteblob_size + std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - - crypto3::container::sparse_vector sv; - - sv.indices = indices; - sv.values = values; - sv.domain_size_ = domain_size_; - - // assert (sv.is_valid()); - assert(sv.values.size() == sv.indices.size()); - - return sv; - } - - template - static inline crypto3::container::accumulation_vector - g1_accumulation_vector_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < g1_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return crypto3::container::accumulation_vector(); - } - - typename T::value_type first = - g1_group_type_process(read_iter_begin, read_iter_begin + g1_byteblob_size, processingStatus); - - if (processingStatus != status_type::success) { - return crypto3::container::accumulation_vector(); - } - - crypto3::container::sparse_vector rest = - g1_sparse_vector_process(read_iter_begin + g1_byteblob_size, read_iter_end, - processingStatus); - - if (processingStatus != status_type::success) { - return crypto3::container::accumulation_vector(); - } - - return crypto3::container::accumulation_vector(std::move(first), std::move(rest)); - } - - static inline typename scheme_type::verification_key_type - verification_key_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < - gt_byteblob_size + g2_byteblob_size + g2_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - typename CurveType::gt_type::value_type alpha_g1_beta_g2 = - field_type_process(read_iter_begin, - read_iter_begin + gt_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g2_type<>::value_type gamma_g2 = - g2_group_type_process>( - read_iter_begin + gt_byteblob_size, - read_iter_begin + gt_byteblob_size + - g2_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g2_type<>::value_type delta_g2 = - g2_group_type_process>( - read_iter_begin + gt_byteblob_size + g2_byteblob_size, - read_iter_begin + gt_byteblob_size + g2_byteblob_size + g2_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - crypto3::container::accumulation_vector> gamma_ABC_g1 = - g1_accumulation_vector_process>( - read_iter_begin + gt_byteblob_size + g2_byteblob_size + g2_byteblob_size, - read_iter_end, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - return {alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_ABC_g1}; - } - - static inline typename scheme_type::proving_key_type - proving_key_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - auto read_iter_current_begin = read_iter_begin; - - typename CurveType::template g1_type<>::value_type alpha_g1 = - g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - typename CurveType::template g1_type<>::value_type beta_g1 = - g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - typename CurveType::template g2_type<>::value_type beta_g2 = - g2_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g2_byteblob_size, processingStatus); - read_iter_current_begin += g2_byteblob_size; - typename CurveType::template g1_type<>::value_type delta_g1 = - g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - typename CurveType::template g2_type<>::value_type delta_g2 = - g2_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g2_byteblob_size, processingStatus); - read_iter_current_begin += g2_byteblob_size; - std::size_t A_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - std::vector::value_type> A_query(A_query_size); - - for (std::size_t i = 0; i < A_query_size; ++i) { - A_query[i] = g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - } - - std::size_t total_B_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - - crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - B_query = g2g1_knowledge_commitment_vector_process( - read_iter_current_begin, read_iter_current_begin + total_B_query_size, processingStatus); - - read_iter_current_begin += total_B_query_size; - - std::size_t H_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - std::vector::value_type> H_query(H_query_size); - - for (std::size_t i = 0; i < H_query_size; ++i) { - H_query[i] = g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - } - - std::size_t L_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - std::vector::value_type> L_query(L_query_size); - - for (std::size_t i = 0; i < L_query_size; ++i) { - L_query[i] = g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - } - - r1cs_constraint_system constraint_system = - r1cs_constraint_system_process(read_iter_current_begin, read_iter_end, processingStatus); - - return {std::move(alpha_g1), std::move(beta_g1), std::move(beta_g2), std::move(delta_g1), - std::move(delta_g2), std::move(A_query), std::move(B_query), std::move(H_query), - std::move(L_query), - std::move(constraint_system)}; - } - - static inline typename scheme_type::primary_input_type - primary_input_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - std::size_t pi_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - if (std::distance(read_iter_begin, read_iter_end) < - std_size_t_byteblob_size + pi_count * fr_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - std::vector pi(pi_count); - - for (std::size_t i = 0; i < pi_count; i++) { - pi[i] = field_type_process( - read_iter_begin + std_size_t_byteblob_size + i * fr_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * fr_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - } - - return {pi}; - } - - static inline typename scheme_type::proof_type - proof_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < - g1_byteblob_size + g2_byteblob_size + g1_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - typename CurveType::template g1_type<>::value_type g_A = - g1_group_type_process>( - read_iter_begin, read_iter_begin + g1_byteblob_size, processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g2_type<>::value_type g_B = - g2_group_type_process>( - read_iter_begin + g1_byteblob_size, - read_iter_begin + g1_byteblob_size + - g2_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g1_type<>::value_type g_C = - g1_group_type_process>( - read_iter_begin + g1_byteblob_size + g2_byteblob_size, - read_iter_begin + g1_byteblob_size + g2_byteblob_size + g1_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - return {std::move(g_A), std::move(g_B), std::move(g_C)}; - } - - static inline std::tuple - verifier_input_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - const std::size_t proof_byteblob_size = g1_byteblob_size + g2_byteblob_size + g1_byteblob_size; - - if (std::distance(read_iter_begin, read_iter_end) < proof_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - typename scheme_type::proof_type de_prf = - proof_process(read_iter_begin, read_iter_begin + proof_byteblob_size, processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - const std::size_t primary_input_byteblob_size = - std_size_t_byteblob_size + - fr_byteblob_size * - std_size_t_process(read_iter_begin + proof_byteblob_size, - read_iter_begin + proof_byteblob_size + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - typename scheme_type::primary_input_type de_pi = - primary_input_process(read_iter_begin + proof_byteblob_size, - read_iter_begin + proof_byteblob_size + primary_input_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - typename scheme_type::verification_key_type de_vk = - verification_key_process(read_iter_begin + proof_byteblob_size + primary_input_byteblob_size, - read_iter_end, - processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - return std::make_tuple(de_vk, de_pi, de_prf); - } - }; - - template - struct verifier_input_serializer_tvm; - - template<> - struct verifier_input_serializer_tvm>> { - - using CurveType = typename algebra::curves::bls12<381>; - using scheme_type = nil::crypto3::zk::snark::r1cs_gg_ppzksnark; - - using chunk_type = std::uint8_t; - constexpr static const std::size_t chunk_size = 8; - - static const std::size_t std_size_t_byteblob_size = 4; - static const std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - static const std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - static const std::size_t fp_byteblob_size = CurveType::base_field_type::modulus_bits / chunk_size + - (CurveType::base_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t gt_byteblob_size = 2 * 3 * 2 * fp_byteblob_size; - static const std::size_t fr_byteblob_size = - CurveType::scalar_field_type::modulus_bits / chunk_size + - (CurveType::scalar_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t linear_term_byteblob_size = std_size_t_byteblob_size + fr_byteblob_size; - static const std::size_t g2g1_element_kc_byteblob_size = g2_byteblob_size + g1_byteblob_size; - - template - static inline - typename std::enable_if::value, void>::type - field_type_process(typename FieldType::value_type input_fp, - typename std::vector::iterator &write_iter) { - - typedef boost::multiprecision::number> - integral_type; - - constexpr const std::size_t modulus_bits = FieldType::modulus_bits; - - constexpr const std::size_t modulus_chunks = - modulus_bits / chunk_size + (modulus_bits % chunk_size ? 1 : 0); - - boost::multiprecision::export_bits(integral_type(input_fp.data), write_iter, chunk_size, false); - write_iter += modulus_chunks; - } - - template - static inline - typename std::enable_if<::nil::crypto3::algebra::is_extended_field::value, void>::type - field_type_process(typename FieldType::value_type input_fp, - typename std::vector::iterator &write_iter) { - - using field_type = FieldType; - - const std::size_t data_dimension = field_type::arity / field_type::underlying_field_type::arity; - - for (int n = 0; n < data_dimension; ++n) { - field_type_process(input_fp.data[n], write_iter); - } - } - - template - static inline void g1_group_type_process(typename GroupType::value_type input_g, - typename std::vector::iterator &write_iter) { - - auto compressed_curve_group_element = - curve_element_serializer::point_to_octets_compress(input_g); - - copy(compressed_curve_group_element.begin(), compressed_curve_group_element.end(), write_iter); - - write_iter += compressed_curve_group_element.size(); - } - - template - static inline void g2_group_type_process(typename GroupType::value_type input_g, - typename std::vector::iterator &write_iter) { - - auto compressed_curve_group_element = - curve_element_serializer::point_to_octets_compress(input_g); - - copy(compressed_curve_group_element.begin(), compressed_curve_group_element.end(), write_iter); - - write_iter += compressed_curve_group_element.size(); - } - - static inline void std_size_t_process(std::size_t input_s, std::vector::iterator &write_iter) { - - std::size_t std_size_t_byteblob_size = 4; - std::vector vector_s = {input_s}; - - auto internal_write_iter = write_iter; - nil::crypto3::detail::pack_to( - vector_s, internal_write_iter); - - write_iter += std_size_t_byteblob_size; - } - - template - static inline void g1_sparse_vector_process(crypto3::container::sparse_vector input_sv, - std::vector::iterator &write_iter) { - - std::size_t ic_size = input_sv.values.size(); - // assert (input_sv.is_valid()); - assert(input_sv.values.size() == input_sv.indices.size()); - // Actual sparse_vector byteblob size is equal to - // (2 + ic_size) * std_size_t_byteblob_size + ic_size * g1_byteblob_size; - // For accumulation vector it is - // g1_byteblob_size more because of accumulation_vector.first - - std_size_t_process(ic_size, write_iter); - - for (auto ic_iter = input_sv.indices.begin(); ic_iter != input_sv.indices.end(); ic_iter++) { - std_size_t_process(*ic_iter, write_iter); - } - - for (auto ic_iter = input_sv.values.begin(); ic_iter != input_sv.values.end(); ic_iter++) { - g1_group_type_process>(*ic_iter, write_iter); - } - - std_size_t_process(input_sv.domain_size(), write_iter); - } - - template - static inline void g1_accumulation_vector_process(crypto3::container::accumulation_vector input_av, - std::vector::iterator &write_iter) { - - g1_group_type_process>(input_av.first, write_iter); - - g1_sparse_vector_process(input_av.rest, write_iter); - } - - template - static inline void linear_term_process(linear_term input_lt, - std::vector::iterator &write_iter) { - - std_size_t_process(input_lt.index, write_iter); - - field_type_process(input_lt.coeff, write_iter); - } - - template - static inline void linear_combination_process(linear_combination input_cm, - std::vector::iterator &write_iter) { - - std_size_t_process(input_cm.terms.size(), write_iter); - - for (auto it = input_cm.terms.begin(); it != input_cm.terms.end(); it++) { - linear_term_process(*it, write_iter); - } - } - - static inline std::size_t - get_r1cs_constraint_byteblob_size(r1cs_constraint input_rc) { - - return input_rc.a.terms.size() * (std_size_t_byteblob_size + fr_byteblob_size) + - std_size_t_byteblob_size + - input_rc.b.terms.size() * (std_size_t_byteblob_size + fr_byteblob_size) + - std_size_t_byteblob_size + - input_rc.c.terms.size() * (std_size_t_byteblob_size + fr_byteblob_size) + - std_size_t_byteblob_size; - } - - template - static inline void r1cs_constraint_process(r1cs_constraint input_rc, - std::vector::iterator &write_iter) { - - std_size_t_process(get_r1cs_constraint_byteblob_size(input_rc), write_iter); - linear_combination_process(input_rc.a, write_iter); - linear_combination_process(input_rc.b, write_iter); - linear_combination_process(input_rc.c, write_iter); - } - - template - static inline void r1cs_constraint_system_process(r1cs_constraint_system input_rs, - std::vector::iterator &write_iter) { - - std_size_t_process(input_rs.primary_input_size, write_iter); - std_size_t_process(input_rs.auxiliary_input_size, write_iter); - std_size_t_process(input_rs.constraints.size(), write_iter); - - for (auto it = input_rs.constraints.begin(); it != input_rs.constraints.end(); it++) { - r1cs_constraint_process(*it, write_iter); - } - } - - static inline void - g2g1_element_kc_process(crypto3::zk::commitments::detail::element_kc, - typename CurveType::template g1_type<>> - input_ek, - std::vector::iterator &write_iter) { - - g2_group_type_process>(input_ek.g, write_iter); - g1_group_type_process>(input_ek.h, write_iter); - } - - static inline std::size_t get_g2g1_knowledge_commitment_vector_size( - crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - input_kv) { - - return (2 + input_kv.indices.size()) * std_size_t_byteblob_size + - input_kv.values.size() * (g2_byteblob_size + g1_byteblob_size); - } - - static inline void g2g1_knowledge_commitment_vector_process( - crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - input_kv, - std::vector::iterator &write_iter) { - - std_size_t_process(get_g2g1_knowledge_commitment_vector_size(input_kv), write_iter); - - std::size_t ic_size = input_kv.values.size(); - - std_size_t_process(ic_size, write_iter); - - for (unsigned long &indice: input_kv.indices) { - std_size_t_process(indice, write_iter); - } - - for (auto &value: input_kv.values) { - g2g1_element_kc_process(value, write_iter); - } - - std_size_t_process(input_kv.domain_size(), write_iter); - } - - static inline std::vector process(typename scheme_type::proving_key_type pk) { - - std::size_t proving_key_size = - 3 * g1_byteblob_size + 2 * g2_byteblob_size + pk.A_query.size() * g1_byteblob_size + - get_g2g1_knowledge_commitment_vector_size(pk.B_query) + pk.H_query.size() * g1_byteblob_size + - pk.L_query.size() * g1_byteblob_size + 2 * std_size_t_byteblob_size; - - for (auto &constraint: pk.constraint_system.constraints) { - proving_key_size += get_r1cs_constraint_byteblob_size(constraint); - } - - proving_key_size *= 2; - - std::vector output(proving_key_size); - - typename std::vector::iterator write_iter = output.begin(); - - g1_group_type_process>(pk.alpha_g1, write_iter); - g1_group_type_process>(pk.beta_g1, write_iter); - g2_group_type_process>(pk.beta_g2, write_iter); - g1_group_type_process>(pk.delta_g1, write_iter); - g2_group_type_process>(pk.delta_g2, write_iter); - - std_size_t_process(pk.A_query.size(), write_iter); - - for (auto &it: pk.A_query) { - g1_group_type_process>(it, write_iter); - } - - g2g1_knowledge_commitment_vector_process(pk.B_query, write_iter); - - std_size_t_process(pk.H_query.size(), write_iter); - - for (auto &it: pk.H_query) { - g1_group_type_process>(it, write_iter); - } - - std_size_t_process(pk.L_query.size(), write_iter); - - for (auto &it: pk.L_query) { - g1_group_type_process>(it, write_iter); - } - - r1cs_constraint_system_process(pk.constraint_system, write_iter); - - return output; - } - - static inline std::vector process(typename scheme_type::verification_key_type vk) { - - constexpr const std::size_t modulus_bits = CurveType::base_field_type::modulus_bits; - - constexpr const std::size_t modulus_chunks = - modulus_bits / chunk_size + (modulus_bits % chunk_size ? 1 : 0); - - std::size_t ic_size = 1 + vk.gamma_ABC_g1.rest.values.size(); - - std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - std::size_t std_size_t_byteblob_size = 4; - - std::size_t gt_byteblob_size = modulus_chunks * CurveType::gt_type::arity; - - std::size_t ic_byteblob_size = std_size_t_byteblob_size + ic_size * g1_byteblob_size; - std::size_t sparse_vector_byteblob_size = - (2 + ic_size) * std_size_t_byteblob_size + ic_size * g1_byteblob_size; - std::size_t accumulation_vector_byteblob_size = sparse_vector_byteblob_size + g1_byteblob_size; - - std::size_t verification_key_size = - gt_byteblob_size + g2_byteblob_size + g2_byteblob_size + accumulation_vector_byteblob_size; - - std::vector output(verification_key_size); - - typename std::vector::iterator write_iter = output.begin(); - - field_type_process(vk.alpha_g1_beta_g2, write_iter); - g2_group_type_process>(vk.gamma_g2, write_iter); - g2_group_type_process>(vk.delta_g2, write_iter); - - // std_size_t_process(ic_size, write_iter); - - // g1_group_type_process>(vk.gamma_ABC_g1.first, write_iter); - - // for (auto ic_iter = vk.gamma_ABC_g1.rest.values.begin(); ic_iter != - // vk.gamma_ABC_g1.rest.values.end(); ic_iter++) { - // g1_group_type_process>(*ic_iter, write_iter); - // } - - g1_accumulation_vector_process(vk.gamma_ABC_g1, write_iter); - - return output; - } - - static inline std::vector process(typename scheme_type::primary_input_type pi) { - - constexpr const std::size_t modulus_bits = CurveType::scalar_field_type::modulus_bits; - - constexpr const std::size_t modulus_chunks = - modulus_bits / chunk_size + (modulus_bits % chunk_size ? 1 : 0); - - std::size_t std_size_t_byteblob_size = 4; - - std::size_t pi_count = pi.size(); - - std::size_t primary_byteblob_input_size = std_size_t_byteblob_size + pi_count * modulus_chunks; - - std::vector output(primary_byteblob_input_size); - - typename std::vector::iterator write_iter = output.begin(); - - std_size_t_process(pi_count, write_iter); - - for (std::size_t i = 0; i < pi_count; i++) { - field_type_process(pi[i], write_iter); - } - - return output; - } - - static inline std::vector process(typename scheme_type::proof_type pr) { - - std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - - std::size_t proof_size = g1_byteblob_size + g2_byteblob_size + g1_byteblob_size; - - std::vector output(proof_size); - - typename std::vector::iterator write_iter = output.begin(); - - g1_group_type_process>(pr.g_A, write_iter); - g2_group_type_process>(pr.g_B, write_iter); - g1_group_type_process>(pr.g_C, write_iter); - - return output; - } - }; - - } // namespace marshalling -} // namespace nil - -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_TYPES_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/modes.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/modes.hpp deleted file mode 100644 index 2ff8f4984d..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/modes.hpp +++ /dev/null @@ -1,43 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_MODES_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_MODES_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - enum class proving_mode { - basic, - aggregate, - encrypted_input, - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_MODES_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proof.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proof.hpp deleted file mode 100644 index 8e6537c926..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proof.hpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_PROOF_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_PROOF_HPP - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct r1cs_gg_ppzksnark_proof { - typedef CurveType curve_type; - - typename CurveType::template g1_type<>::value_type g_A; - typename CurveType::template g2_type<>::value_type g_B; - typename CurveType::template g1_type<>::value_type g_C; - - r1cs_gg_ppzksnark_proof() { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - // invalid proof with valid curve points - this->g_A = g1_type::value_type::one(); - this->g_B = g2_type::value_type::one(); - this->g_C = g1_type::value_type::one(); - } - r1cs_gg_ppzksnark_proof(const typename CurveType::template g1_type<>::value_type &g_A, - const typename CurveType::template g2_type<>::value_type &g_B, - const typename CurveType::template g1_type<>::value_type &g_C) : - g_A(g_A), - g_B(g_B), g_C(g_C) {}; - r1cs_gg_ppzksnark_proof(typename CurveType::template g1_type<>::value_type &&g_A, - typename CurveType::template g2_type<>::value_type &&g_B, - typename CurveType::template g1_type<>::value_type &&g_C) : - g_A(std::move(g_A)), - g_B(std::move(g_B)), g_C(std::move(g_C)) {}; - - std::size_t G1_size() const { - return 2; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool is_well_formed() const { - return (g_A.is_well_formed() && g_B.is_well_formed() && g_C.is_well_formed()); - } - - bool operator==(const r1cs_gg_ppzksnark_proof &other) const { - return (this->g_A == other.g_A && this->g_B == other.g_B && this->g_C == other.g_C); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/prover.hpp deleted file mode 100644 index c2e39de8c9..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/prover.hpp +++ /dev/null @@ -1,165 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_prover; - - /** - * A prover algorithm for the R1CS GG-ppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_gg_ppzksnark_prover { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - BOOST_ASSERT(proving_key.constraint_system.is_satisfied(primary_input, auxiliary_input)); - - const qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, - scalar_field_type::value_type::zero(), scalar_field_type::value_type::zero(), - scalar_field_type::value_type::zero()); - - /* We are dividing degree 2(d-1) polynomial by degree d polynomial - and not adding a PGHR-style ZK-patch, so our H is degree d-2 */ - // BOOST_ASSERT(!qap_wit.coefficients_for_H[qap_wit.degree - 2].is_zero()); - BOOST_ASSERT(qap_wit.coefficients_for_H[qap_wit.degree - 1].is_zero()); - BOOST_ASSERT(qap_wit.coefficients_for_H[qap_wit.degree].is_zero()); - - /* Choose two random field elements for prover zero-knowledge. */ - const typename scalar_field_type::value_type r = algebra::random_element(); - const typename scalar_field_type::value_type s = algebra::random_element(); -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - // TODO: sort out indexing - std::vector const_padded_assignment( - 1, scalar_field_type::value_type::one()); - const_padded_assignment.insert(const_padded_assignment.end(), - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.end()); - - typename g1_type::value_type evaluation_At = - algebra::multiexp_with_mixed_addition( - proving_key.A_query.begin(), - proving_key.A_query.begin() + qap_wit.num_variables + 1, - const_padded_assignment.begin(), - const_padded_assignment.begin() + qap_wit.num_variables + 1, - chunks); - - typename commitments::knowledge_commitment::value_type evaluation_Bt = - commitments::kc_multiexp_with_mixed_addition( - proving_key.B_query, - 0, - qap_wit.num_variables + 1, - const_padded_assignment.begin(), - const_padded_assignment.begin() + qap_wit.num_variables + 1, - chunks); - - typename g1_type::value_type evaluation_Ht = - algebra::multiexp( - proving_key.H_query.begin(), - proving_key.H_query.begin() + (qap_wit.degree - 1), - qap_wit.coefficients_for_H.begin(), - qap_wit.coefficients_for_H.begin() + (qap_wit.degree - 1), - chunks); - - typename g1_type::value_type evaluation_Lt = - algebra::multiexp_with_mixed_addition( - proving_key.L_query.begin(), - proving_key.L_query.end(), - const_padded_assignment.begin() + qap_wit.num_inputs + 1, - const_padded_assignment.begin() + qap_wit.num_variables + 1, - chunks); - - /* A = alpha + sum_i(a_i*A_i(t)) + r*delta */ - typename g1_type::value_type g1_A = - proving_key.alpha_g1 + evaluation_At + r * proving_key.delta_g1; - - /* B = beta + sum_i(a_i*B_i(t)) + s*delta */ - typename g1_type::value_type g1_B = - proving_key.beta_g1 + evaluation_Bt.h + s * proving_key.delta_g1; - typename g2_type::value_type g2_B = - proving_key.beta_g2 + evaluation_Bt.g + s * proving_key.delta_g2; - - /* C = sum_i(a_i*((beta*A_i(t) + alpha*B_i(t) + C_i(t)) + H(t)*Z(t))/delta) + A*s + r*b - - * r*s*delta - */ - typename g1_type::value_type g1_C = - evaluation_Ht + evaluation_Lt + s * g1_A + r * g1_B - (r * s) * proving_key.delta_g1; - - return proof_type(std::move(g1_A), std::move(g2_B), std::move(g1_C)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proving_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proving_key.hpp deleted file mode 100644 index aaffc96255..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,136 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_PROVING_KEY_HPP - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template> - struct r1cs_gg_ppzksnark_proving_key { - typedef CurveType curve_type; - typedef r1cs_constraint_system constraint_system_type; - - typename CurveType::template g1_type<>::value_type alpha_g1; - typename CurveType::template g1_type<>::value_type beta_g1; - typename CurveType::template g2_type<>::value_type beta_g2; - typename CurveType::template g1_type<>::value_type delta_g1; - typename CurveType::template g2_type<>::value_type delta_g2; - - std::vector::value_type> - A_query; // this could be a sparse vector if we had multiexp for those - commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - B_query; - std::vector::value_type> H_query; - std::vector::value_type> L_query; - - constraint_system_type constraint_system; - - r1cs_gg_ppzksnark_proving_key() {}; - r1cs_gg_ppzksnark_proving_key &operator=(const r1cs_gg_ppzksnark_proving_key &other) = default; - r1cs_gg_ppzksnark_proving_key(const r1cs_gg_ppzksnark_proving_key &other) = default; - r1cs_gg_ppzksnark_proving_key(r1cs_gg_ppzksnark_proving_key &&other) = default; - - r1cs_gg_ppzksnark_proving_key( - const typename CurveType::template g1_type<>::value_type &alpha_g1, - const typename CurveType::template g1_type<>::value_type &beta_g1, - const typename CurveType::template g2_type<>::value_type &beta_g2, - const typename CurveType::template g1_type<>::value_type &delta_g1, - const typename CurveType::template g2_type<>::value_type &delta_g2, - const std::vector::value_type> &A_query, - const commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> &B_query, - const std::vector::value_type> &H_query, - const std::vector::value_type> &L_query, - const constraint_system_type &constraint_system) : - alpha_g1(alpha_g1), - beta_g1(beta_g1), beta_g2(beta_g2), delta_g1(delta_g1), delta_g2(delta_g2), A_query(A_query), - B_query(B_query), H_query(H_query), L_query(L_query), constraint_system(constraint_system) {}; - - r1cs_gg_ppzksnark_proving_key( - typename CurveType::template g1_type<>::value_type &&alpha_g1, - typename CurveType::template g1_type<>::value_type &&beta_g1, - typename CurveType::template g2_type<>::value_type &&beta_g2, - typename CurveType::template g1_type<>::value_type &&delta_g1, - typename CurveType::template g2_type<>::value_type &&delta_g2, - std::vector::value_type> &&A_query, - commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> &&B_query, - std::vector::value_type> &&H_query, - std::vector::value_type> &&L_query, - constraint_system_type &&constraint_system) : - alpha_g1(std::move(alpha_g1)), - beta_g1(std::move(beta_g1)), beta_g2(std::move(beta_g2)), delta_g1(std::move(delta_g1)), - delta_g2(std::move(delta_g2)), A_query(std::move(A_query)), B_query(std::move(B_query)), - H_query(std::move(H_query)), L_query(std::move(L_query)), - constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return 1 + A_query.size() + B_query.domain_size() + H_query.size() + L_query.size(); - } - - std::size_t G2_size() const { - return 1 + B_query.domain_size(); - } - - std::size_t G1_sparse_size() const { - return 1 + A_query.size() + B_query.size() + H_query.size() + L_query.size(); - } - - std::size_t G2_sparse_size() const { - return 1 + B_query.size(); - } - - std::size_t size_in_bits() const { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - return A_query.size() * g1_type::value_bits + B_query.size_in_bits() + - H_query.size() * g1_type::value_bits + L_query.size() * g1_type::value_bits + - 1 * g1_type::value_bits + 1 * g2_type::value_bits; - } - - bool operator==(const r1cs_gg_ppzksnark_proving_key &other) const { - return (this->alpha_g1 == other.alpha_g1 && this->beta_g1 == other.beta_g1 && - this->beta_g2 == other.beta_g2 && this->delta_g1 == other.delta_g1 && - this->delta_g2 == other.delta_g2 && this->A_query == other.A_query && - this->B_query == other.B_query && this->H_query == other.H_query && - this->L_query == other.L_query && this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verification_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verification_key.hpp deleted file mode 100644 index a7e97b743f..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,176 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_VERIFICATION_KEY_HPP - -#include - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct r1cs_gg_ppzksnark_processed_verification_key; - - template - struct r1cs_gg_ppzksnark_verification_key { - typedef CurveType curve_type; - - typename CurveType::gt_type::value_type alpha_g1_beta_g2; - typename CurveType::template g2_type<>::value_type gamma_g2; - typename CurveType::template g2_type<>::value_type delta_g2; - - container::accumulation_vector> gamma_ABC_g1; - - r1cs_gg_ppzksnark_verification_key() = default; - r1cs_gg_ppzksnark_verification_key( - const typename CurveType::gt_type::value_type &alpha_g1_beta_g2, - const typename CurveType::template g2_type<>::value_type &gamma_g2, - const typename CurveType::template g2_type<>::value_type &delta_g2, - const container::accumulation_vector> &gamma_ABC_g1) : - alpha_g1_beta_g2(alpha_g1_beta_g2), - gamma_g2(gamma_g2), delta_g2(delta_g2), gamma_ABC_g1(gamma_ABC_g1) { - } - - std::size_t G1_size() const { - return gamma_ABC_g1.size(); - } - - std::size_t G2_size() const { - return 2; - } - - std::size_t GT_size() const { - return 1; - } - - std::size_t size_in_bits() const { - using g2_type = typename CurveType::template g2_type<>; - - // TODO: include GT size - return (gamma_ABC_g1.size_in_bits() + 2 * g2_type::value_bits); - } - - bool operator==(const r1cs_gg_ppzksnark_verification_key &other) const { - return (this->alpha_g1_beta_g2 == other.alpha_g1_beta_g2 && this->gamma_g2 == other.gamma_g2 && - this->delta_g2 == other.delta_g2 && this->gamma_ABC_g1 == other.gamma_ABC_g1); - } - - explicit operator r1cs_gg_ppzksnark_processed_verification_key() const { - r1cs_gg_ppzksnark_processed_verification_key processed_verification_key; - processed_verification_key.vk_alpha_g1_beta_g2 = alpha_g1_beta_g2; - processed_verification_key.vk_gamma_g2_precomp = precompute_g2(gamma_g2); - processed_verification_key.vk_delta_g2_precomp = precompute_g2(delta_g2); - processed_verification_key.gamma_ABC_g1 = gamma_ABC_g1; - - return processed_verification_key; - } - }; - - template - struct r1cs_gg_ppzksnark_processed_verification_key { - typedef CurveType curve_type; - typedef typename algebra::pairing::pairing_policy pairing_policy; - - typename CurveType::gt_type::value_type vk_alpha_g1_beta_g2; - typename pairing_policy::g2_precomputed_type vk_gamma_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_delta_g2_precomp; - - container::accumulation_vector> gamma_ABC_g1; - - bool operator==(const r1cs_gg_ppzksnark_processed_verification_key &other) const { - return (this->vk_alpha_g1_beta_g2 == other.vk_alpha_g1_beta_g2 && - this->vk_gamma_g2_precomp == other.vk_gamma_g2_precomp && - this->vk_delta_g2_precomp == other.vk_delta_g2_precomp && - this->gamma_ABC_g1 == other.gamma_ABC_g1); - } - }; - - template - struct r1cs_gg_ppzksnark_extended_verification_key { - typedef CurveType curve_type; - - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - typename gt_type::value_type alpha_g1_beta_g2; - typename g2_type::value_type gamma_g2; - typename g2_type::value_type delta_g2; - typename g1_type::value_type delta_g1; - container::accumulation_vector gamma_ABC_g1; - typename g1_type::value_type gamma_g1; - - r1cs_gg_ppzksnark_extended_verification_key() = default; - r1cs_gg_ppzksnark_extended_verification_key( - const typename gt_type::value_type &alpha_g1_beta_g2, - const typename g2_type::value_type &gamma_g2, - const typename g2_type::value_type &delta_g2, - const typename g1_type::value_type &delta_g1, - const container::accumulation_vector &gamma_ABC_g1, - const typename g1_type::value_type &gamma_g1) : - alpha_g1_beta_g2(alpha_g1_beta_g2), - gamma_g2(gamma_g2), delta_g2(delta_g2), delta_g1(delta_g1), gamma_ABC_g1(gamma_ABC_g1), - gamma_g1(gamma_g1) { - } - - std::size_t G1_size() const { - return gamma_ABC_g1.size() + 2; - } - - std::size_t G2_size() const { - return 2; - } - - std::size_t GT_size() const { - return 1; - } - - std::size_t size_in_bits() const { - // TODO: include GT size - return (gamma_ABC_g1.size_in_bits() + 2 * g2_type::value_bits + 2 * g1_type::value_bits); - } - - bool operator==(const r1cs_gg_ppzksnark_extended_verification_key &other) const { - return alpha_g1_beta_g2 == other.alpha_g1_beta_g2 && gamma_g2 == other.gamma_g2 && - delta_g2 == other.delta_g2 && delta_g1 == other.delta_g1 && - gamma_ABC_g1 == other.gamma_ABC_g1; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verifier.hpp deleted file mode 100644 index bf3a349f11..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verifier.hpp +++ /dev/null @@ -1,307 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for BACS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a BACS-to-R1CS reduction, and -// (2) a ppzkSNARK for R1CS. -// -// -// Acronyms: -// -// - BACS = "Bilinear Arithmetic Circuit Satisfiability" -// - R1CS = "Rank-1 Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_VERIFIER_HPP - -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - template - class r1cs_gg_ppzksnark_process_verification_key; - - template - class r1cs_gg_ppzksnark_verifier_weak_input_consistency; - - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency; - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class r1cs_gg_ppzksnark_process_verification_key { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - - processed_verification_key_type processed_verification_key; - processed_verification_key.vk_alpha_g1_beta_g2 = verification_key.alpha_g1_beta_g2; - processed_verification_key.vk_gamma_g2_precomp = - precompute_g2(verification_key.gamma_g2); - processed_verification_key.vk_delta_g2_precomp = - precompute_g2(verification_key.delta_g2); - processed_verification_key.gamma_ABC_g1 = verification_key.gamma_ABC_g1; - - return processed_verification_key; - } - }; - - /** - Below are four variants of verifier algorithm for the R1CS GG-ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = CS.num_inputs, whereas - weak input consistency requires that |primary_input| <= CS.num_inputs (and - the primary input is implicitly padded with zeros up to length CS.num_inputs). - */ - - template - class r1cs_gg_ppzksnark_verifier_weak_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::gt_type gt_type; - typedef typename pairing::pairing_policy::g1_precomputed_type g1_precomputed_type; - typedef typename pairing::pairing_policy::g2_precomputed_type g2_precomputed_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_gg_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - assert(processed_verification_key.gamma_ABC_g1.domain_size() >= primary_input.size()); - - const container::accumulation_vector accumulated_IC = - processed_verification_key.gamma_ABC_g1.accumulate_chunk(primary_input.begin(), - primary_input.end(), 0); - - const typename g1_type::value_type &acc = accumulated_IC.first; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - const g1_precomputed_type proof_g_A_precomp = precompute_g1(proof.g_A); - const g2_precomputed_type proof_g_B_precomp = precompute_g2(proof.g_B); - const g1_precomputed_type proof_g_C_precomp = precompute_g1(proof.g_C); - const g1_precomputed_type acc_precomp = precompute_g1(acc); - - const typename gt_type::value_type QAP1 = - miller_loop(proof_g_A_precomp, proof_g_B_precomp); - const typename gt_type::value_type QAP2 = double_miller_loop( - acc_precomp, processed_verification_key.vk_gamma_g2_precomp, proof_g_C_precomp, - processed_verification_key.vk_delta_g2_precomp); - const typename gt_type::value_type QAP = - final_exponentiation(QAP1 * QAP2.unitary_inversed()); - - if (QAP != processed_verification_key.vk_alpha_g1_beta_g2) { - result = false; - } - - return result; - } - }; - - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - return process(r1cs_gg_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - bool result = true; - - if (processed_verification_key.gamma_ABC_g1.domain_size() != primary_input.size()) { - result = false; - } else { - result = r1cs_gg_ppzksnark_verifier_weak_input_consistency::process( - processed_verification_key, primary_input, proof); - } - - return result; - } - }; - - // /** - // * - // * A verifier algorithm for the R1CS GG-ppzkSNARK that: - // * (1) accepts a non-processed verification key, - // * (2) has weak input consistency, and - // * (3) uses affine coordinates for elliptic-curve computations. - // */ - // template - // class r1cs_gg_ppzksnark_affine_verifier_weak_input_consistency { - // typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - // typedef typename CurveType::scalar_field_type scalar_field_type; - // typedef typename CurveType::template g1_type<> g1_type; - // typedef typename CurveType::gt_type gt_type; - // typedef typename pairing::pairing_policy::affine_ate_g1_precomp affine_ate_g1_precomp; - // typedef typename pairing::pairing_policy::affine_ate_g2_precomp affine_ate_g2_precomp; - - // public: - // typedef typename policy_type::primary_input_type primary_input_type; - - // typedef typename policy_type::verification_key_type verification_key_type; - // typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - // typedef typename policy_type::proof_type proof_type; - - // static inline bool process(const verification_key_type &verification_key, - // const primary_input_type &primary_input, - // const proof_type &proof) { - - // BOOST_ASSERT(verification_key.gamma_ABC_g1.domain_size() >= primary_input.size()); - - // affine_ate_g2_precomp pvk_vk_gamma_g2_precomp = - // affine_ate_precompute_g2(verification_key.gamma_g2); - // affine_ate_g2_precomp pvk_vk_delta_g2_precomp = - // affine_ate_precompute_g2(verification_key.delta_g2); - - // const accumulation_vector accumulated_IC = - // verification_key.gamma_ABC_g1.accumulate_chunk(primary_input.begin(), - // primary_input.end(), - // 0); - // const typename g1_type::value_type &acc = accumulated_IC.first; - - // bool result = true; - - // if (!proof.is_well_formed()) { - // result = false; - // } - - // const affine_ate_g1_precomp proof_g_A_precomp = - // affine_ate_precompute_g1(proof.g_A); - // const affine_ate_g2_precomp proof_g_B_precomp = - // affine_ate_precompute_g2(proof.g_B); - // const affine_ate_g1_precomp proof_g_C_precomp = - // affine_ate_precompute_g1(proof.g_C); - // const affine_ate_g1_precomp acc_precomp = affine_ate_precompute_g1(acc); - - // const typename fqk_type::value_type QAP_miller = - // affine_ate_e_times_e_over_e_miller_loop( - // acc_precomp, pvk_vk_gamma_g2_precomp, proof_g_C_precomp, pvk_vk_delta_g2_precomp, - // proof_g_A_precomp, proof_g_B_precomp); - // const typename gt_type::value_type QAP = - // final_exponentiation(QAP_miller.unitary_inversed()); - - // if (QAP != verification_key.alpha_g1_beta_g2) { - // result = false; - // } - // return result; - // } - // }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark.hpp deleted file mode 100644 index 6d9c776365..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark.hpp +++ /dev/null @@ -1,117 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_PPZKSNARK_HPP -#define CRYPTO3_ZK_R1CS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for R1CS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation instantiates (a modification of) the protocol of \[PGHR13], - * by following extending, and optimizing the approach described in \[BCTV14]. - * - * Acronyms: - * - R1CS = "Rank-1 Constraint Systems" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - * - * References: - * \[BCTV14]: - * "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", - * Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, - * USENIX Security 2014, - * - * - * \[PGHR13]: - * "Pinocchio: Nearly practical verifiable computation", - * Bryan Parno, Craig Gentry, Jon Howell, Mariana Raykova, - * IEEE S&P 2013, - * - */ - template, - typename Prover = r1cs_ppzksnark_prover, - typename Verifier = r1cs_ppzksnark_verifier_strong_input_consistency> - class r1cs_ppzksnark { - typedef detail::r1cs_ppzksnark_policy policy_type; - - public: - typedef Generator generator_type; - typedef Prover prover_type; - typedef Verifier verifier_type; - - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - static inline bool verify(const typename Verifier::verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - - static inline bool verify(const typename Verifier::processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(pvk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/detail/basic_policy.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 375e1ed656..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,142 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates (a modification of) the protocol of \[PGHR13], -// by following extending, and optimizing the approach described in \[BCTV14]. -// -// -// Acronyms: -// -// - R1CS = "Rank-1 Constraint Systems" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// -// References: -// -// \[BCTV14]: -// "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// USENIX Security 2014, -// -// -// \[PGHR13]: -// "Pinocchio: Nearly practical verifiable computation", -// Bryan Parno, Craig Gentry, Jon Howell, Mariana Raykova, -// IEEE S&P 2013, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_R1CS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct r1cs_ppzksnark_policy { - typedef CurveType curve_type; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS ppzkSNARK. - */ - typedef r1cs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS ppzkSNARK. - */ - typedef r1cs_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef r1cs_ppzksnark_processed_verification_key processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_ppzksnark_proof proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/generator.hpp deleted file mode 100644 index f9d8af3abb..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/generator.hpp +++ /dev/null @@ -1,232 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_R1CS_PPZKSNARK_BASIC_GENERATOR_HPP - -#ifdef MULTICORE -#include -#endif - -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_ppzksnark_generator { - typedef detail::r1cs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type process(const constraint_system_type &constraint_system) { - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - - /* make the B_query "lighter" if possible */ - constraint_system_type cs_copy(constraint_system); - cs_copy.swap_AB_if_beneficial(); - - /* draw random element at which the QAP is evaluated */ - const typename scalar_field_type::value_type t = algebra::random_element(); - - qap_instance_evaluation qap_inst = - reductions::r1cs_to_qap::instance_map_with_evaluation(cs_copy, t); - - std::size_t non_zero_At = 0, non_zero_Bt = 0, non_zero_Ct = 0, non_zero_Ht = 0; - for (std::size_t i = 0; i < qap_inst.num_variables + 1; ++i) { - if (!qap_inst.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap_inst.Bt[i].is_zero()) { - ++non_zero_Bt; - } - if (!qap_inst.Ct[i].is_zero()) { - ++non_zero_Ct; - } - } - for (std::size_t i = 0; i < qap_inst.degree + 1; ++i) { - if (!qap_inst.Ht[i].is_zero()) { - ++non_zero_Ht; - } - } - - std::vector At = std::move( - qap_inst.At); // qap_inst.At is now in unspecified state, but we do not use it later - std::vector Bt = std::move( - qap_inst.Bt); // qap_inst.Bt is now in unspecified state, but we do not use it later - std::vector Ct = std::move( - qap_inst.Ct); // qap_inst.Ct is now in unspecified state, but we do not use it later - std::vector Ht = std::move( - qap_inst.Ht); // qap_inst.Ht is now in unspecified state, but we do not use it later - - /* append Zt to At,Bt,Ct with */ - At.emplace_back(qap_inst.Zt); - Bt.emplace_back(qap_inst.Zt); - Ct.emplace_back(qap_inst.Zt); - - const typename scalar_field_type::value_type alphaA = - algebra::random_element(), - alphaB = - algebra::random_element(), - alphaC = - algebra::random_element(), - rA = algebra::random_element(), - rB = algebra::random_element(), - beta = - algebra::random_element(), - gamma = - algebra::random_element(); - const typename scalar_field_type::value_type rC = rA * rB; - - // consrtuct the same-coefficient-check query (must happen before zeroing out the prefix of - // At) - std::vector Kt; - Kt.reserve(qap_inst.num_variables + 4); - for (std::size_t i = 0; i < qap_inst.num_variables + 1; ++i) { - Kt.emplace_back(beta * (rA * At[i] + rB * Bt[i] + rC * Ct[i])); - } - Kt.emplace_back(beta * rA * qap_inst.Zt); - Kt.emplace_back(beta * rB * qap_inst.Zt); - Kt.emplace_back(beta * rC * qap_inst.Zt); - - /* zero out prefix of At and stick it into IC coefficients */ - std::vector IC_coefficients; - IC_coefficients.reserve(qap_inst.num_inputs + 1); - for (std::size_t i = 0; i < qap_inst.num_inputs + 1; ++i) { - IC_coefficients.emplace_back(At[i]); - assert(!IC_coefficients[i].is_zero()); - At[i] = scalar_field_type::value_type::zero(); - } - - const std::size_t g1_exp_count = 2 * (non_zero_At - qap_inst.num_inputs + non_zero_Ct) + - non_zero_Bt + non_zero_Ht + Kt.size(); - const std::size_t g2_exp_count = non_zero_Bt; - - std::size_t g1_window = algebra::get_exp_window_size(g1_exp_count); - std::size_t g2_window = algebra::get_exp_window_size(g2_exp_count); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - algebra::window_table g1_table = algebra::get_window_table( - scalar_field_type::value_bits, g1_window, g1_type::value_type::one()); - - algebra::window_table g2_table = algebra::get_window_table( - scalar_field_type::value_bits, g2_window, g2_type::value_type::one()); - - commitments::knowledge_commitment_vector A_query = - commitments::kc_batch_exp(scalar_field_type::value_bits, g1_window, - g1_window, g1_table, g1_table, rA, - rA * alphaA, At, chunks); - - commitments::knowledge_commitment_vector B_query = - commitments::kc_batch_exp(scalar_field_type::value_bits, g2_window, - g1_window, g2_table, g1_table, rB, - rB * alphaB, Bt, chunks); - - commitments::knowledge_commitment_vector C_query = - commitments::kc_batch_exp(scalar_field_type::value_bits, g1_window, - g1_window, g1_table, g1_table, rC, - rC * alphaC, Ct, chunks); - - typename std::vector H_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector K_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Kt); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(K_query); -#endif - - typename g2_type::value_type alphaA_g2 = alphaA * g2_type::value_type::one(); - typename g1_type::value_type alphaB_g1 = alphaB * g1_type::value_type::one(); - typename g2_type::value_type alphaC_g2 = alphaC * g2_type::value_type::one(); - typename g2_type::value_type gamma_g2 = gamma * g2_type::value_type::one(); - typename g1_type::value_type gamma_beta_g1 = (gamma * beta) * g1_type::value_type::one(); - typename g2_type::value_type gamma_beta_g2 = (gamma * beta) * g2_type::value_type::one(); - typename g2_type::value_type rC_Z_g2 = (rC * qap_inst.Zt) * g2_type::value_type::one(); - - typename g1_type::value_type encoded_IC_base = - (rA * IC_coefficients[0]) * g1_type::value_type::one(); - std::vector multiplied_IC_coefficients; - multiplied_IC_coefficients.reserve(qap_inst.num_inputs); - for (std::size_t i = 1; i < qap_inst.num_inputs + 1; ++i) { - multiplied_IC_coefficients.emplace_back(rA * IC_coefficients[i]); - } - typename std::vector encoded_IC_values = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, multiplied_IC_coefficients); - - container::accumulation_vector encoded_IC_query(std::move(encoded_IC_base), - std::move(encoded_IC_values)); - - verification_key_type vk = - verification_key_type(alphaA_g2, alphaB_g1, alphaC_g2, gamma_g2, gamma_beta_g1, - gamma_beta_g2, rC_Z_g2, encoded_IC_query); - proving_key_type pk = proving_key_type(std::move(A_query), - std::move(B_query), - std::move(C_query), - std::move(H_query), - std::move(K_query), - std::move(cs_copy)); - - return keypair_type(std::move(pk), std::move(vk)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/keypair.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/keypair.hpp deleted file mode 100644 index 8a3a52f8a8..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_R1CS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp deleted file mode 100644 index ccb1bd482d..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp +++ /dev/null @@ -1,104 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_PROOF_HPP -#define CRYPTO3_R1CS_PPZKSNARK_PROOF_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proof for the R1CS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - template - class r1cs_ppzksnark_proof { - typedef CurveType curve_type; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - typename commitments::knowledge_commitment::value_type g_A; - typename commitments::knowledge_commitment::value_type g_B; - typename commitments::knowledge_commitment::value_type g_C; - g1_value_type g_H; - g1_value_type g_K; - - r1cs_ppzksnark_proof() { - // invalid proof with valid curve points - this->g_A.g = g1_value_type::one(); - this->g_A.h = g1_value_type::one(); - this->g_B.g = g2_value_type::one(); - this->g_B.h = g1_value_type::one(); - this->g_C.g = g1_value_type::one(); - this->g_C.h = g1_value_type::one(); - this->g_H = g1_value_type::one(); - this->g_K = g1_value_type::one(); - } - r1cs_ppzksnark_proof(typename commitments::knowledge_commitment::value_type &&g_A, - typename commitments::knowledge_commitment::value_type &&g_B, - typename commitments::knowledge_commitment::value_type &&g_C, - g1_value_type &&g_H, - g1_value_type &&g_K) : - g_A(std::move(g_A)), - g_B(std::move(g_B)), g_C(std::move(g_C)), g_H(std::move(g_H)), g_K(std::move(g_K)) {}; - - std::size_t G1_size() const { - return 7; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * CurveType::g1_type::value_bits + G2_size() * CurveType::g2_type::value_bits; - } - - bool is_well_formed() const { - return (g_A.g.is_well_formed() && g_A.h.is_well_formed() && g_B.g.is_well_formed() && - g_B.h.is_well_formed() && g_C.g.is_well_formed() && g_C.h.is_well_formed() && - g_H.is_well_formed() && g_K.is_well_formed()); - } - - bool operator==(const r1cs_ppzksnark_proof &other) const { - return (this->g_A == other.g_A && this->g_B == other.g_B && this->g_C == other.g_C && - this->g_H == other.g_H && this->g_K == other.g_K); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/prover.hpp deleted file mode 100644 index aa8c799064..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/prover.hpp +++ /dev/null @@ -1,139 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the R1CS ppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_ppzksnark_prover { - typedef detail::r1cs_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using scalar_field_type = typename CurveType::scalar_field_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - const typename scalar_field_type::value_type d1 = algebra::random_element(), - d2 = algebra::random_element(), - d3 = algebra::random_element(); - - const qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, d1, d2, d3); - - typename commitments::knowledge_commitment::value_type g_A = - proving_key.A_query[0] + qap_wit.d1 * proving_key.A_query[qap_wit.num_variables + 1]; - typename commitments::knowledge_commitment::value_type g_B = - proving_key.B_query[0] + qap_wit.d2 * proving_key.B_query[qap_wit.num_variables + 1]; - typename commitments::knowledge_commitment::value_type g_C = - proving_key.C_query[0] + qap_wit.d3 * proving_key.C_query[qap_wit.num_variables + 1]; - - g1_value_type g_H = g1_value_type::zero(); - g1_value_type g_K = - (proving_key.K_query[0] + qap_wit.d1 * proving_key.K_query[qap_wit.num_variables + 1] + - qap_wit.d2 * proving_key.K_query[qap_wit.num_variables + 2] + - qap_wit.d3 * proving_key.K_query[qap_wit.num_variables + 3]); -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - g_A = g_A + commitments::kc_multiexp_with_mixed_addition( - proving_key.A_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables + 1, chunks); - - g_B = g_B + commitments::kc_multiexp_with_mixed_addition( - proving_key.B_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables + 1, chunks); - - g_C = g_C + commitments::kc_multiexp_with_mixed_addition( - proving_key.C_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables + 1, chunks); - - g_H = g_H + algebra::multiexp( - proving_key.H_query.begin(), proving_key.H_query.begin() + qap_wit.degree + 1, - qap_wit.coefficients_for_H.begin(), - qap_wit.coefficients_for_H.begin() + qap_wit.degree + 1, chunks); - - g_K = g_K + algebra::multiexp_with_mixed_addition( - proving_key.K_query.begin() + 1, - proving_key.K_query.begin() + 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - return proof_type(std::move(g_A), std::move(g_B), std::move(g_C), std::move(g_H), - std::move(g_K)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proving_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proving_key.hpp deleted file mode 100644 index bcdf902809..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,113 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_R1CS_PPZKSNARK_PROVING_KEY_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the R1CS ppzkSNARK. - */ - template - class r1cs_ppzksnark_proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - typedef CurveType curve_type; - typedef ConstraintSystemType constraint_system_type; - - commitments::knowledge_commitment_vector A_query; - commitments::knowledge_commitment_vector B_query; - commitments::knowledge_commitment_vector C_query; - std::vector H_query; - std::vector K_query; - - constraint_system_type constraint_system; - - r1cs_ppzksnark_proving_key() {}; - r1cs_ppzksnark_proving_key &operator=(const r1cs_ppzksnark_proving_key &other) = default; - r1cs_ppzksnark_proving_key(const r1cs_ppzksnark_proving_key &other) = default; - r1cs_ppzksnark_proving_key(r1cs_ppzksnark_proving_key &&other) = default; - r1cs_ppzksnark_proving_key(commitments::knowledge_commitment_vector &&A_query, - commitments::knowledge_commitment_vector &&B_query, - commitments::knowledge_commitment_vector &&C_query, - typename std::vector &&H_query, - typename std::vector &&K_query, - constraint_system_type &&constraint_system) : - A_query(std::move(A_query)), - B_query(std::move(B_query)), C_query(std::move(C_query)), H_query(std::move(H_query)), - K_query(std::move(K_query)), constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return 2 * (A_query.domain_size() + C_query.domain_size()) + B_query.domain_size() + - H_query.size() + K_query.size(); - } - - std::size_t G2_size() const { - return B_query.domain_size(); - } - - std::size_t G1_sparse_size() const { - return 2 * (A_query.size() + C_query.size()) + B_query.size() + H_query.size() + K_query.size(); - } - - std::size_t G2_sparse_size() const { - return B_query.size(); - } - - std::size_t size_in_bits() const { - return A_query.size_in_bits() + B_query.size_in_bits() + C_query.size_in_bits() + - H_query.size() * CurveType::g1_type::value_bits + - K_query.size() * CurveType::g1_type::value_bits; - } - - bool operator==(const r1cs_ppzksnark_proving_key &other) const { - return (this->A_query == other.A_query && this->B_query == other.B_query && - this->C_query == other.C_query && this->H_query == other.H_query && - this->K_query == other.K_query && this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verification_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verification_key.hpp deleted file mode 100644 index 5ae2ead0c8..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,133 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_PPZKSNARK_VERIFICATION_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /** - * A verification key for the R1CS ppzkSNARK. - */ - template - class r1cs_ppzksnark_verification_key { - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g2_type::value_type alphaA_g2; - typename g1_type::value_type alphaB_g1; - typename g2_type::value_type alphaC_g2; - typename g2_type::value_type gamma_g2; - typename g1_type::value_type gamma_beta_g1; - typename g2_type::value_type gamma_beta_g2; - typename g2_type::value_type rC_Z_g2; - - container::accumulation_vector encoded_IC_query; - - r1cs_ppzksnark_verification_key() = default; - r1cs_ppzksnark_verification_key(const typename g2_type::value_type &alphaA_g2, - const typename g1_type::value_type &alphaB_g1, - const typename g2_type::value_type &alphaC_g2, - const typename g2_type::value_type &gamma_g2, - const typename g1_type::value_type &gamma_beta_g1, - const typename g2_type::value_type &gamma_beta_g2, - const typename g2_type::value_type &rC_Z_g2, - const container::accumulation_vector &eIC) : - alphaA_g2(alphaA_g2), - alphaB_g1(alphaB_g1), alphaC_g2(alphaC_g2), gamma_g2(gamma_g2), gamma_beta_g1(gamma_beta_g1), - gamma_beta_g2(gamma_beta_g2), rC_Z_g2(rC_Z_g2), encoded_IC_query(eIC) {}; - - std::size_t G1_size() const { - return 2 + encoded_IC_query.size(); - } - - std::size_t G2_size() const { - return 5; - } - - std::size_t size_in_bits() const { - return (2 * g1_type::value_bits + encoded_IC_query.size_in_bits() + 5 * g2_type::value_bits); - } - - bool operator==(const r1cs_ppzksnark_verification_key &other) const { - return (this->alphaA_g2 == other.alphaA_g2 && this->alphaB_g1 == other.alphaB_g1 && - this->alphaC_g2 == other.alphaC_g2 && this->gamma_g2 == other.gamma_g2 && - this->gamma_beta_g1 == other.gamma_beta_g1 && - this->gamma_beta_g2 == other.gamma_beta_g2 && this->rC_Z_g2 == other.rC_Z_g2 && - this->encoded_IC_query == other.encoded_IC_query); - } - }; - - /** - * A processed verification key for the R1CS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class r1cs_ppzksnark_processed_verification_key { - - using pairing_policy = pairing::pairing_policy; - - public: - typename pairing_policy::g2_precomputed_type pp_G2_one_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaA_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_alphaB_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaC_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_rC_Z_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_gamma_beta_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_beta_g2_precomp; - - container::accumulation_vector> encoded_IC_query; - - bool operator==(const r1cs_ppzksnark_processed_verification_key &other) const { - return (this->pp_G2_one_precomp == other.pp_G2_one_precomp && - this->vk_alphaA_g2_precomp == other.vk_alphaA_g2_precomp && - this->vk_alphaB_g1_precomp == other.vk_alphaB_g1_precomp && - this->vk_alphaC_g2_precomp == other.vk_alphaC_g2_precomp && - this->vk_rC_Z_g2_precomp == other.vk_rC_Z_g2_precomp && - this->vk_gamma_g2_precomp == other.vk_gamma_g2_precomp && - this->vk_gamma_beta_g1_precomp == other.vk_gamma_beta_g1_precomp && - this->vk_gamma_beta_g2_precomp == other.vk_gamma_beta_g2_precomp && - this->encoded_IC_query == other.encoded_IC_query); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verifier.hpp deleted file mode 100644 index 9bfec111fc..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,369 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_R1CS_PPZKSNARK_BASIC_VERIFIER_HPP - -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class r1cs_ppzksnark_process_verification_key { - typedef detail::r1cs_ppzksnark_policy policy_type; - - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - - processed_verification_key_type processed_verification_key; - processed_verification_key.pp_G2_one_precomp = - precompute_g2(g2_type::value_type::one()); - processed_verification_key.vk_alphaA_g2_precomp = - precompute_g2(verification_key.alphaA_g2); - processed_verification_key.vk_alphaB_g1_precomp = - precompute_g1(verification_key.alphaB_g1); - processed_verification_key.vk_alphaC_g2_precomp = - precompute_g2(verification_key.alphaC_g2); - processed_verification_key.vk_rC_Z_g2_precomp = - precompute_g2(verification_key.rC_Z_g2); - processed_verification_key.vk_gamma_g2_precomp = - precompute_g2(verification_key.gamma_g2); - processed_verification_key.vk_gamma_beta_g1_precomp = - precompute_g1(verification_key.gamma_beta_g1); - processed_verification_key.vk_gamma_beta_g2_precomp = - precompute_g2(verification_key.gamma_beta_g2); - - processed_verification_key.encoded_IC_query = verification_key.encoded_IC_query; - - return processed_verification_key; - } - }; - - template - class r1cs_ppzksnark_verifier_weak_input_consistency { - typedef detail::r1cs_ppzksnark_policy policy_type; - - using pairing_policy = pairing::pairing_policy; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using gt_type = typename CurveType::gt_type; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using gt_value_type = typename gt_type::value_type; - using g1_precomputed_type = typename pairing_policy::g1_precomputed_type; - using g2_precomputed_type = typename pairing_policy::g2_precomputed_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - assert(processed_verification_key.encoded_IC_query.domain_size() >= primary_input.size()); - - const container::accumulation_vector accumulated_IC = - processed_verification_key.encoded_IC_query.accumulate_chunk(primary_input.begin(), - primary_input.end(), 0); - const g1_value_type &acc = accumulated_IC.first; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - g1_precomputed_type proof_g_A_g_precomp = precompute_g1(proof.g_A.g); - g1_precomputed_type proof_g_A_h_precomp = precompute_g1(proof.g_A.h); - typename gt_type::value_type kc_A_1 = miller_loop( - proof_g_A_g_precomp, processed_verification_key.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_A_2 = - miller_loop(proof_g_A_h_precomp, processed_verification_key.pp_G2_one_precomp); - gt_value_type kc_A = final_exponentiation(kc_A_1 * kc_A_2.unitary_inversed()); - if (kc_A != gt_value_type::one()) { - result = false; - } - - g2_precomputed_type proof_g_B_g_precomp = precompute_g2(proof.g_B.g); - g1_precomputed_type proof_g_B_h_precomp = precompute_g1(proof.g_B.h); - typename gt_type::value_type kc_B_1 = miller_loop( - processed_verification_key.vk_alphaB_g1_precomp, proof_g_B_g_precomp); - typename gt_type::value_type kc_B_2 = - miller_loop(proof_g_B_h_precomp, processed_verification_key.pp_G2_one_precomp); - gt_value_type kc_B = final_exponentiation(kc_B_1 * kc_B_2.unitary_inversed()); - if (kc_B != gt_value_type::one()) { - result = false; - } - - g1_precomputed_type proof_g_C_g_precomp = precompute_g1(proof.g_C.g); - g1_precomputed_type proof_g_C_h_precomp = precompute_g1(proof.g_C.h); - typename gt_type::value_type kc_C_1 = miller_loop( - proof_g_C_g_precomp, processed_verification_key.vk_alphaC_g2_precomp); - typename gt_type::value_type kc_C_2 = - miller_loop(proof_g_C_h_precomp, processed_verification_key.pp_G2_one_precomp); - gt_value_type kc_C = final_exponentiation(kc_C_1 * kc_C_2.unitary_inversed()); - if (kc_C != gt_value_type::one()) { - result = false; - } - - // check that g^((A+acc)*B)=g^(H*\Prod(t-\sigma)+C) - // equivalently, via pairings, that e(g^(A+acc), g^B) = e(g^H, g^Z) + e(g^C, g^1) - g1_precomputed_type proof_g_A_g_acc_precomp = precompute_g1(proof.g_A.g + acc); - g1_precomputed_type proof_g_H_precomp = precompute_g1(proof.g_H); - typename gt_type::value_type QAP_1 = - miller_loop(proof_g_A_g_acc_precomp, proof_g_B_g_precomp); - typename gt_type::value_type QAP_23 = double_miller_loop( - proof_g_H_precomp, processed_verification_key.vk_rC_Z_g2_precomp, proof_g_C_g_precomp, - processed_verification_key.pp_G2_one_precomp); - gt_value_type QAP = final_exponentiation(QAP_1 * QAP_23.unitary_inversed()); - if (QAP != gt_value_type::one()) { - result = false; - } - - g1_precomputed_type proof_g_K_precomp = precompute_g1(proof.g_K); - g1_precomputed_type proof_g_A_g_acc_C_precomp = - precompute_g1((proof.g_A.g + acc) + proof.g_C.g); - typename gt_type::value_type K_1 = - miller_loop(proof_g_K_precomp, processed_verification_key.vk_gamma_g2_precomp); - typename gt_type::value_type K_23 = double_miller_loop( - proof_g_A_g_acc_C_precomp, processed_verification_key.vk_gamma_beta_g2_precomp, - processed_verification_key.vk_gamma_beta_g1_precomp, proof_g_B_g_precomp); - gt_value_type K = final_exponentiation(K_1 * K_23.unitary_inversed()); - if (K != gt_value_type::one()) { - result = false; - } - - return result; - } - }; - - template - class r1cs_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - bool result = true; - - if (processed_verification_key.encoded_IC_query.domain_size() != primary_input.size()) { - result = false; - } else { - result = r1cs_ppzksnark_verifier_weak_input_consistency::process( - processed_verification_key, primary_input, proof); - } - - return result; - } - }; - - // /** - // * - // * A verifier algorithm for the R1CS ppzkSNARK that: - // * (1) accepts a non-processed verification key, - // * (2) has weak input consistency, and - // * (3) uses affine coordinates for elliptic-curve computations. - // */ - // template - // class r1cs_ppzksnark_affine_verifier_weak_input_consistency { - // typedef detail::r1cs_ppzksnark_policy policy_type; - - // using pairing_policy = typename CurveType::pairing; - // using g1_type = typename CurveType::template g1_type<>; - // using g2_type = typename CurveType::template g2_type<>; - // using gt_type = typename CurveType::gt_type; - // using g1_value_type = typename g1_type::value_type; - // using g2_value_type = typename g2_type::value_type; - // using gt_value_type = typename gt_type::value_type; - // using scalar_field_type = typename CurveType::scalar_field_type; - // using g1_precomputed_type = typename pairing_policy::g1_precomputed_type; - // using g2_precomputed_type = typename pairing_policy::g2_precomputed_type; - // using affine_ate_g1_precomp = typename pairing_policy::affine_ate_g1_precomp; - // using affine_ate_g2_precomp = typename pairing_policy::affine_ate_g2_precomp; - - // public: - // typedef typename policy_type::primary_input_type primary_input_type; - // typedef typename policy_type::verification_key_type verification_key_type; - // typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - // typedef typename policy_type::proof_type proof_type; - - // static inline bool process(const verification_key_type &vk, - // const primary_input_type &primary_input, - // const proof_type &proof) { - // typedef typename CurveType::pairing pairing_policy; - - // assert(vk.encoded_IC_query.domain_size() >= primary_input.size()); - - // affine_ate_g2_precomp pvk_pp_G2_one_precomp = - // affine_ate_precompute_g2(g2_value_type::one()); - // affine_ate_g2_precomp pvk_vk_alphaA_g2_precomp = - // affine_ate_precompute_g2(vk.alphaA_g2); - // affine_ate_g1_precomp pvk_vk_alphaB_g1_precomp = - // affine_ate_precompute_g1(vk.alphaB_g1); - // affine_ate_g2_precomp pvk_vk_alphaC_g2_precomp = - // affine_ate_precompute_g2(vk.alphaC_g2); - // affine_ate_g2_precomp pvk_vk_rC_Z_g2_precomp = - // affine_ate_precompute_g2(vk.rC_Z_g2); - // affine_ate_g2_precomp pvk_vk_gamma_g2_precomp = - // affine_ate_precompute_g2(vk.gamma_g2); - // affine_ate_g1_precomp pvk_vk_gamma_beta_g1_precomp = - // affine_ate_precompute_g1(vk.gamma_beta_g1); - // affine_ate_g2_precomp pvk_vk_gamma_beta_g2_precomp = - // affine_ate_precompute_g2(vk.gamma_beta_g2); - - // const accumulation_vector accumulated_IC = - // vk.encoded_IC_query.accumulate_chunk(primary_input.begin(), - // primary_input.end(), 0); - // assert(accumulated_IC.is_fully_accumulated()); - // const g1_value_type &acc = accumulated_IC.first; - - // bool result = true; - // affine_ate_g1_precomp proof_g_A_g_precomp = affine_ate_precompute_g1(proof.g_A.g); - // affine_ate_g1_precomp proof_g_A_h_precomp = affine_ate_precompute_g1(proof.g_A.h); - // typename gt_type::value_type kc_A_miller = affine_ate_e_over_e_miller_loop( - // proof_g_A_g_precomp, pvk_vk_alphaA_g2_precomp, proof_g_A_h_precomp, - // pvk_pp_G2_one_precomp); - // gt_value_type kc_A = final_exponentiation(kc_A_miller); - - // if (kc_A != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g2_precomp proof_g_B_g_precomp = - // affine_ate_precompute_g2(proof.g_B.g); - // affine_ate_g1_precomp proof_g_B_h_precomp = - // affine_ate_precompute_g1(proof.g_B.h); - // typename gt_type::value_type kc_B_miller = affine_ate_e_over_e_miller_loop( - // pvk_vk_alphaB_g1_precomp, proof_g_B_g_precomp, proof_g_B_h_precomp, - // pvk_pp_G2_one_precomp); - // gt_value_type kc_B = final_exponentiation(kc_B_miller); - // if (kc_B != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g1_precomp proof_g_C_g_precomp = - // affine_ate_precompute_g1(proof.g_C.g); - // affine_ate_g1_precomp proof_g_C_h_precomp = - // affine_ate_precompute_g1(proof.g_C.h); - // typename gt_type::value_type kc_C_miller = affine_ate_e_over_e_miller_loop( - // proof_g_C_g_precomp, pvk_vk_alphaC_g2_precomp, proof_g_C_h_precomp, - // pvk_pp_G2_one_precomp); - // gt_value_type kc_C = final_exponentiation(kc_C_miller); - // if (kc_C != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g1_precomp proof_g_A_g_acc_precomp = - // affine_ate_precompute_g1(proof.g_A.g + acc); - // affine_ate_g1_precomp proof_g_H_precomp = affine_ate_precompute_g1(proof.g_H); - // typename gt_type::value_type QAP_miller = - // affine_ate_e_times_e_over_e_miller_loop( - // proof_g_H_precomp, pvk_vk_rC_Z_g2_precomp, proof_g_C_g_precomp, - // pvk_pp_G2_one_precomp, proof_g_A_g_acc_precomp, proof_g_B_g_precomp); - // gt_value_type QAP = final_exponentiation(QAP_miller); - // if (QAP != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g1_precomp proof_g_K_precomp = affine_ate_precompute_g1(proof.g_K); - // affine_ate_g1_precomp proof_g_A_g_acc_C_precomp = - // affine_ate_precompute_g1((proof.g_A.g + acc) + proof.g_C.g); - // typename gt_type::value_type K_miller = - // affine_ate_e_times_e_over_e_miller_loop( - // proof_g_A_g_acc_C_precomp, pvk_vk_gamma_beta_g2_precomp, - // pvk_vk_gamma_beta_g1_precomp, proof_g_B_g_precomp, proof_g_K_precomp, - // pvk_vk_gamma_g2_precomp); - // gt_value_type K = final_exponentiation(K_miller); - // if (K != gt_value_type::one()) { - // result = false; - // } - - // return result; - // } - // }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark.hpp deleted file mode 100644 index 8302b15282..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark.hpp +++ /dev/null @@ -1,111 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief SEppzkSNARK for R1CS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * - * The implementation instantiates (a modification of) the protocol of \[GM17], - * by following extending, and optimizing the approach described in \[BCTV14]. - * - * Acronyms: - * - R1CS = "Rank-1 Constraint Systems" - * - SEppzkSNARK = "Simulation-Extractable PreProcessing Zero-Knowledge Succinct - * Non-interactive ARgument of Knowledge" - * - * References: - * \[BCTV14]: - * "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", - * Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, - * USENIX Security 2014, - * - * - * \[GM17]: - * "Snarky Signatures: Minimal Signatures of Knowledge from - * Simulation-Extractable SNARKs", - * Jens Groth and Mary Maller, - * IACR-CRYPTO-2017, - * - */ - template, - typename Prover = r1cs_se_ppzksnark_prover, - typename Verifier = r1cs_se_ppzksnark_verifier_strong_input_consistency> - class r1cs_se_ppzksnark { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_SE_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/detail/basic_policy.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 141cbffb56..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,145 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a SEppzkSNARK for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates (a modification of) the protocol of \[GM17], -// by following extending, and optimizing the approach described in \[BCTV14]. -// -// -// Acronyms: -// -// - R1CS = "Rank-1 Constraint Systems" -// - SEppzkSNARK = "Simulation-Extractable PreProcessing Zero-Knowledge Succinct -// Non-interactive ARgument of Knowledge" -// -// References: -// -// \[BCTV14]: -// "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// USENIX Security 2014, -// -// -// \[GM17]: -// "Snarky Signatures: Minimal Signatures of Knowledge from -// Simulation-Extractable SNARKs", -// Jens Groth and Mary Maller, -// IACR-CRYPTO-2017, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct r1cs_se_ppzksnark_policy { - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS SEppzkSNARK. - */ - typedef r1cs_se_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS SEppzkSNARK. - */ - typedef r1cs_se_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS SEppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef r1cs_se_ppzksnark_processed_verification_key processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS SEppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_se_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS SEppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_se_ppzksnark_proof proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_SE_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/generator.hpp deleted file mode 100644 index b42bc292f9..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/generator.hpp +++ /dev/null @@ -1,223 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP - -#ifdef MULTICORE -#include -#endif - -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A generator algorithm for the R1CS SEppzkSNARK. - * - * Given a R1CS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - template - class r1cs_se_ppzksnark_generator { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef CurveType curve_type; - - typedef typename policy_type::constraint_system_type constraint_system_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - - static inline keypair_type process(const constraint_system_type &constraint_system) { - - /** - * draw random element t at which the SAP is evaluated. - * it should be the case that Z(t) != 0 - */ - const std::shared_ptr> domain = - reductions::r1cs_to_sap::get_domain( - constraint_system); - typename CurveType::scalar_field_type::value_type t; - do { - t = algebra::random_element(); - } while (domain->compute_vanishing_polynomial(t).is_zero()); - - sap_instance_evaluation sap_inst = - reductions::r1cs_to_sap< - typename CurveType::scalar_field_type>::instance_map_with_evaluation(constraint_system, - t); - - std::size_t non_zero_At = 0; - for (std::size_t i = 0; i < sap_inst.num_variables + 1; ++i) { - if (!sap_inst.At[i].is_zero()) { - ++non_zero_At; - } - } - - std::vector At = std::move(sap_inst.At); - std::vector Ct = std::move(sap_inst.Ct); - std::vector Ht = std::move(sap_inst.Ht); - /** - * sap_inst.{A,C,H}t are now in an unspecified state, - * but we do not use them below - */ - - const typename CurveType::scalar_field_type::value_type - alpha = algebra::random_element(), - beta = algebra::random_element(), - gamma = algebra::random_element(); - const typename g1_type::value_type G = algebra::random_element(); - const typename g2_type::value_type H = algebra::random_element(); - - std::size_t G_exp_count = sap_inst.num_inputs + 1 // verifier_query - + non_zero_At // A_query - + sap_inst.degree + - 1 // G_gamma2_Z_t - // C_query_1 - + sap_inst.num_variables - sap_inst.num_inputs + - sap_inst.num_variables + 1, // C_query_2 - G_window = algebra::get_exp_window_size(G_exp_count); - - algebra::window_table G_table = - algebra::get_window_table(CurveType::scalar_field_type::value_bits, G_window, G); - - typename g2_type::value_type H_gamma = gamma * H; - std::size_t H_gamma_exp_count = non_zero_At, // B_query - H_gamma_window = algebra::get_exp_window_size(H_gamma_exp_count); - algebra::window_table H_gamma_table = algebra::get_window_table( - CurveType::scalar_field_type::value_bits, H_gamma_window, H_gamma); - - typename g1_type::value_type G_alpha = alpha * G; - typename g2_type::value_type H_beta = beta * H; - - std::vector tmp_exponents; - tmp_exponents.reserve(sap_inst.num_inputs + 1); - for (std::size_t i = 0; i <= sap_inst.num_inputs; ++i) { - tmp_exponents.emplace_back(gamma * Ct[i] + (alpha + beta) * At[i]); - } - typename std::vector verifier_query = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); - - tmp_exponents.reserve(sap_inst.num_variables + 1); - for (std::size_t i = 0; i < At.size(); i++) { - tmp_exponents.emplace_back(gamma * At[i]); - } - - typename std::vector A_query = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(A_query); -#endif - typename std::vector B_query = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, H_gamma_window, H_gamma_table, At); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(B_query); -#endif - typename g1_type::value_type G_gamma = gamma * G; - typename g1_type::value_type G_gamma_Z = sap_inst.Zt * G_gamma; - typename g2_type::value_type H_gamma_Z = sap_inst.Zt * H_gamma; - typename g1_type::value_type G_ab_gamma_Z = (alpha + beta) * G_gamma_Z; - typename g1_type::value_type G_gamma2_Z2 = (sap_inst.Zt * gamma) * G_gamma_Z; - - tmp_exponents.reserve(sap_inst.degree + 1); - - /* Compute the vector G_gamma2_Z_t := Z(t) * t^i * gamma^2 * G */ - typename CurveType::scalar_field_type::value_type gamma2_Z_t = sap_inst.Zt * gamma.squared(); - for (std::size_t i = 0; i < sap_inst.degree + 1; ++i) { - tmp_exponents.emplace_back(gamma2_Z_t); - gamma2_Z_t *= t; - } - typename std::vector G_gamma2_Z_t = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(G_gamma2_Z_t); -#endif - tmp_exponents.reserve(sap_inst.num_variables - sap_inst.num_inputs); - for (std::size_t i = sap_inst.num_inputs + 1; i <= sap_inst.num_variables; ++i) { - tmp_exponents.emplace_back(gamma * (gamma * Ct[i] + (alpha + beta) * At[i])); - } - typename std::vector C_query_1 = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(C_query_1); -#endif - - tmp_exponents.reserve(sap_inst.num_variables + 1); - typename CurveType::scalar_field_type::value_type double_gamma2_Z = gamma * gamma * sap_inst.Zt; - double_gamma2_Z = double_gamma2_Z + double_gamma2_Z; - for (std::size_t i = 0; i <= sap_inst.num_variables; ++i) { - tmp_exponents.emplace_back(double_gamma2_Z * At[i]); - } - typename std::vector C_query_2 = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(C_query_2); -#endif - - verification_key_type vk = - verification_key_type(H, G_alpha, H_beta, G_gamma, H_gamma, std::move(verifier_query)); - - constraint_system_type cs_copy(constraint_system); - - proving_key_type pk = - proving_key_type(std::move(A_query), std::move(B_query), std::move(C_query_1), - std::move(C_query_2), G_gamma_Z, H_gamma_Z, G_ab_gamma_Z, G_gamma2_Z2, - std::move(G_gamma2_Z_t), std::move(cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/keypair.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/keypair.hpp deleted file mode 100644 index 1bf66e948a..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_se_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proof.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proof.hpp deleted file mode 100644 index 958c9230f0..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proof.hpp +++ /dev/null @@ -1,86 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_PROOF_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_PROOF_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proof for the R1CS SEppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - template - class r1cs_se_ppzksnark_proof { - - typedef CurveType curve_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g1_type::value_type A; - typename g2_type::value_type B; - typename g1_type::value_type C; - - r1cs_se_ppzksnark_proof() { - } - r1cs_se_ppzksnark_proof(typename g1_type::value_type &&A, - typename g2_type::value_type &&B, - typename g1_type::value_type &&C) : - A(std::move(A)), - B(std::move(B)), C(std::move(C)) {}; - - std::size_t G1_size() const { - return 2; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool is_well_formed() const { - return (A.is_well_formed() && B.is_well_formed() && C.is_well_formed()); - } - - bool operator==(const r1cs_se_ppzksnark_proof &other) const { - return (this->A == other.A && this->B == other.B && this->C == other.C); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/prover.hpp deleted file mode 100644 index 754b27d279..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/prover.hpp +++ /dev/null @@ -1,165 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the R1CS SEppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_se_ppzksnark_prover { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - const typename CurveType::scalar_field_type::value_type - d1 = algebra::random_element(), - d2 = algebra::random_element(); - - const sap_witness sap_wit = - reductions::r1cs_to_sap::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, d1, d2); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - const typename CurveType::scalar_field_type::value_type r = - algebra::random_element(); - - /** - * compute A = G^{gamma * (\sum_{i=0}^m input_i * A_i(t) + r * Z(t))} - * = \prod_{i=0}^m (G^{gamma * A_i(t)})^{input_i) - * * (G^{gamma * Z(t)})^r - * = \prod_{i=0}^m A_query[i]^{input_i} * G_gamma_Z^r - */ - typename CurveType::template g1_type<>::value_type A = - r * proving_key.G_gamma_Z + - proving_key.A_query[0] + // i = 0 is a special case because input_i = 1 - sap_wit.d1 * proving_key.G_gamma_Z + // ZK-patch - algebra::multiexp( - proving_key.A_query.begin() + 1, - proving_key.A_query.end(), - sap_wit.coefficients_for_ACs.begin(), - sap_wit.coefficients_for_ACs.end(), - chunks); - - /** - * compute B exactly as A, except with H as the base - */ - typename CurveType::template g2_type<>::value_type B = - r * proving_key.H_gamma_Z + - proving_key.B_query[0] + // i = 0 is a special case because input_i = 1 - sap_wit.d1 * proving_key.H_gamma_Z + // ZK-patch - algebra::multiexp( - proving_key.B_query.begin() + 1, - proving_key.B_query.end(), - sap_wit.coefficients_for_ACs.begin(), - sap_wit.coefficients_for_ACs.end(), - chunks); - /** - * compute C = G^{f(input) + - * r^2 * gamma^2 * Z(t)^2 + - * r * (alpha + beta) * gamma * Z(t) + - * 2 * r * gamma^2 * Z(t) * \sum_{i=0}^m input_i A_i(t) + - * gamma^2 * Z(t) * H(t)} - * where G^{f(input)} = \prod_{i=l+1}^m C_query_1 * input_i - * and G^{2 * r * gamma^2 * Z(t) * \sum_{i=0}^m input_i A_i(t)} = - * = \prod_{i=0}^m C_query_2 * input_i - */ - typename CurveType::template g1_type<>::value_type C = - algebra::multiexp( - proving_key.C_query_1.begin(), - proving_key.C_query_1.end(), - sap_wit.coefficients_for_ACs.begin() + sap_wit.num_inputs, - sap_wit.coefficients_for_ACs.end(), - chunks) + - (r * r) * proving_key.G_gamma2_Z2 + r * proving_key.G_ab_gamma_Z + - sap_wit.d1 * proving_key.G_ab_gamma_Z + // ZK-patch - r * proving_key.C_query_2[0] + // i = 0 is a special case for C_query_2 - (r + r) * sap_wit.d1 * proving_key.G_gamma2_Z2 + // ZK-patch for C_query_2 - r * algebra::multiexp( - proving_key.C_query_2.begin() + 1, - proving_key.C_query_2.end(), - sap_wit.coefficients_for_ACs.begin(), - sap_wit.coefficients_for_ACs.end(), - chunks) + - sap_wit.d2 * proving_key.G_gamma2_Z_t[0] + // ZK-patch - algebra::multiexp( - proving_key.G_gamma2_Z_t.begin(), - proving_key.G_gamma2_Z_t.end(), - sap_wit.coefficients_for_H.begin(), - sap_wit.coefficients_for_H.end(), - chunks); - - return {std::move(A), std::move(B), std::move(C)}; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proving_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proving_key.hpp deleted file mode 100644 index bee79e3a48..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,122 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_PROVING_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the R1CS ppzkSNARK. - */ - template - class r1cs_se_ppzksnark_proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef ConstraintSystem constraint_system_type; - - // G^{gamma * A_i(t)} for 0 <= i <= sap.num_variables() - std::vector A_query; - - // H^{gamma * A_i(t)} for 0 <= i <= sap.num_variables() - std::vector B_query; - - // G^{gamma^2 * C_i(t) + (alpha + beta) * gamma * A_i(t)} - // for sap.num_inputs() + 1 < i <= sap.num_variables() - std::vector C_query_1; - - // G^{2 * gamma^2 * Z(t) * A_i(t)} for 0 <= i <= sap.num_variables() - std::vector C_query_2; - - // G^{gamma * Z(t)} - typename g1_type::value_type G_gamma_Z; - - // H^{gamma * Z(t)} - typename g2_type::value_type H_gamma_Z; - - // G^{(alpha + beta) * gamma * Z(t)} - typename g1_type::value_type G_ab_gamma_Z; - - // G^{gamma^2 * Z(t)^2} - typename g1_type::value_type G_gamma2_Z2; - - // G^{gamma^2 * Z(t) * t^i} for 0 <= i < sap.degree - std::vector G_gamma2_Z_t; - - constraint_system_type constraint_system; - - r1cs_se_ppzksnark_proving_key() {}; - r1cs_se_ppzksnark_proving_key &operator=(const r1cs_se_ppzksnark_proving_key &other) = default; - r1cs_se_ppzksnark_proving_key(const r1cs_se_ppzksnark_proving_key &other) = default; - r1cs_se_ppzksnark_proving_key(r1cs_se_ppzksnark_proving_key &&other) = default; - r1cs_se_ppzksnark_proving_key(std::vector &&A_query, - std::vector &&B_query, - std::vector &&C_query_1, - std::vector &&C_query_2, - typename g1_type::value_type &G_gamma_Z, - typename g2_type::value_type &H_gamma_Z, - typename g1_type::value_type &G_ab_gamma_Z, - typename g1_type::value_type &G_gamma2_Z2, - std::vector &&G_gamma2_Z_t, - constraint_system_type &&constraint_system) : - A_query(std::move(A_query)), - B_query(std::move(B_query)), C_query_1(std::move(C_query_1)), C_query_2(std::move(C_query_2)), - G_gamma_Z(G_gamma_Z), H_gamma_Z(H_gamma_Z), G_ab_gamma_Z(G_ab_gamma_Z), - G_gamma2_Z2(G_gamma2_Z2), G_gamma2_Z_t(std::move(G_gamma2_Z_t)), - constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return A_query.size() + C_query_1.size() + C_query_2.size() + 3 + G_gamma2_Z_t.size(); - } - - std::size_t G2_size() const { - return B_query.size() + 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool operator==(const r1cs_se_ppzksnark_proving_key &other) const { - return (this->A_query == other.A_query && this->B_query == other.B_query && - this->C_query_1 == other.C_query_1 && this->C_query_2 == other.C_query_2 && - this->G_gamma_Z == other.G_gamma_Z && this->H_gamma_Z == other.H_gamma_Z && - this->G_ab_gamma_Z == other.G_ab_gamma_Z && this->G_gamma2_Z2 == other.G_gamma2_Z2 && - this->G_gamma2_Z_t == other.G_gamma2_Z_t && - this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verification_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verification_key.hpp deleted file mode 100644 index 99290e0c69..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,127 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_VERIFICATION_KEY_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /** - * A verification key for the R1CS SEppzkSNARK. - */ - template - class r1cs_se_ppzksnark_verification_key { - typedef CurveType curve_type; - - using g1_type = typename curve_type::template g1_type<>; - using g2_type = typename curve_type::template g2_type<>; - - public: - // H - typename g2_type::value_type H; - - // G^{alpha} - typename g1_type::value_type G_alpha; - - // H^{beta} - typename g2_type::value_type H_beta; - - // G^{gamma} - typename g1_type::value_type G_gamma; - - // H^{gamma} - typename g2_type::value_type H_gamma; - - // G^{gamma * A_i(t) + (alpha + beta) * A_i(t)} - // for 0 <= i <= sap.num_inputs() - std::vector query; - - r1cs_se_ppzksnark_verification_key() = default; - r1cs_se_ppzksnark_verification_key(const typename g2_type::value_type &H, - const typename g1_type::value_type &G_alpha, - const typename g2_type::value_type &H_beta, - const typename g1_type::value_type &G_gamma, - const typename g2_type::value_type &H_gamma, - std::vector &&query) : - H(H), - G_alpha(G_alpha), H_beta(H_beta), G_gamma(G_gamma), H_gamma(H_gamma), - query(std::move(query)) {}; - - std::size_t G1_size() const { - return 2 + query.size(); - } - - std::size_t G2_size() const { - return 3; - } - - std::size_t size_in_bits() const { - return (G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits); - } - - bool operator==(const r1cs_se_ppzksnark_verification_key &other) const { - return (this->H == other.H && this->G_alpha == other.G_alpha && this->H_beta == other.H_beta && - this->G_gamma == other.G_gamma && this->H_gamma == other.H_gamma && - this->query == other.query); - } - }; - - /** - * A processed verification key for the R1CS SEppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - struct r1cs_se_ppzksnark_processed_verification_key { - - typename CurveType::template g1_type<>::value_type G_alpha; - typename CurveType::template g2_type<>::value_type H_beta; - typename CurveType::gt_type::value_type G_alpha_H_beta_ml; - typename pairing::pairing_policy::g1_precomputed_type G_gamma_pc; - typename pairing::pairing_policy::g2_precomputed_type H_gamma_pc; - typename pairing::pairing_policy::g2_precomputed_type H_pc; - - std::vector::value_type> query; - - bool operator==(const r1cs_se_ppzksnark_processed_verification_key &other) const { - return (this->G_alpha == other.G_alpha && this->H_beta == other.H_beta && - this->G_alpha_H_beta_ml == other.G_alpha_H_beta_ml && - this->G_gamma_pc == other.G_gamma_pc && this->H_gamma_pc == other.H_gamma_pc && - this->H_pc == other.H_pc && this->query == other.query); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verifier.hpp deleted file mode 100644 index f5b36bd6f6..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verifier.hpp +++ /dev/null @@ -1,230 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_VERIFIER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class r1cs_se_ppzksnark_process_verification_key { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - - typename pairing::pairing_policy::g1_precomputed_type G_alpha_pc = - precompute_g1(verification_key.G_alpha); - typename pairing::pairing_policy::g2_precomputed_type H_beta_pc = - precompute_g2(verification_key.H_beta); - - processed_verification_key_type processed_verification_key; - processed_verification_key.G_alpha = verification_key.G_alpha; - processed_verification_key.H_beta = verification_key.H_beta; - processed_verification_key.G_alpha_H_beta_ml = miller_loop(G_alpha_pc, H_beta_pc); - processed_verification_key.G_gamma_pc = precompute_g1(verification_key.G_gamma); - processed_verification_key.H_gamma_pc = precompute_g2(verification_key.H_gamma); - processed_verification_key.H_pc = precompute_g2(verification_key.H); - - processed_verification_key.query = verification_key.query; - - return processed_verification_key; - } - }; - - /* - Below are four variants of verifier algorithm for the R1CS SEppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = CS.num_inputs, whereas - weak input consistency requires that |primary_input| <= CS.num_inputs (and - the primary input is implicitly padded with zeros up to length CS.num_inputs). - */ - - template - class r1cs_se_ppzksnark_verifier_weak_input_consistency { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS SEppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_se_ppzksnark_process_verification_key::process(vk), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - /** - * e(A*G^{alpha}, B*H^{beta}) = e(G^{alpha}, H^{beta}) * e(G^{psi}, H^{gamma}) - * * e(C, H) - * where psi = \sum_{i=0}^l input_i processed_verification_key.query[i] - */ - typename CurveType::template g1_type<>::value_type G_psi = - processed_verification_key.query[0] + - algebra::multiexp( - processed_verification_key.query.begin() + 1, processed_verification_key.query.end(), - primary_input.begin(), primary_input.end(), chunks); - - typename CurveType::gt_type::value_type - test1_l = miller_loop( - precompute_g1(proof.A + processed_verification_key.G_alpha), - precompute_g2(proof.B + processed_verification_key.H_beta)), - test1_r1 = processed_verification_key.G_alpha_H_beta_ml, - test1_r2 = miller_loop(precompute_g1(G_psi), - processed_verification_key.H_gamma_pc), - test1_r3 = miller_loop(precompute_g1(proof.C), - processed_verification_key.H_pc); - typename CurveType::gt_type::value_type test1 = final_exponentiation( - test1_l.unitary_inversed() * test1_r1 * test1_r2 * test1_r3); - - if (test1 != CurveType::gt_type::value_type::one()) { - result = false; - } - - /** - * e(A, H^{gamma}) = e(G^{gamma}, B) - */ - typename CurveType::gt_type::value_type test2_l = miller_loop( - precompute_g1(proof.A), - processed_verification_key.H_gamma_pc), - test2_r = miller_loop( - processed_verification_key.G_gamma_pc, - precompute_g2(proof.B)); - typename CurveType::gt_type::value_type test2 = - final_exponentiation(test2_l * test2_r.unitary_inversed()); - - if (test2 != CurveType::gt_type::value_type::one()) { - result = false; - } - - return result; - } - }; - - template - class r1cs_se_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS SEppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_se_ppzksnark_process_verification_key::process(vk), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - bool result = true; - - if (pvk.query.size() != primary_input.size() + 1) { - result = false; - } else { - result = r1cs_se_ppzksnark_verifier_weak_input_consistency::process( - pvk, primary_input, proof); - } - - return result; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark.hpp deleted file mode 100644 index ccb1ca5161..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark.hpp +++ /dev/null @@ -1,97 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for TBCS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation is a straightforward combination of: - * (1) a TBCS-to-USCS reduction, and - * (2) a ppzkSNARK for USCS. - * - * Acronyms: - * - TBCS = "Two-input Boolean Circuit Satisfiability" - * - USCS = "Unitary-Square Constraint System" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - */ - template, - typename Prover = tbcs_ppzksnark_prover, - typename Verifier = tbcs_ppzksnark_verifier_strong_input_consistency> - class tbcs_ppzksnark { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const circuit_type &circuit) { - return Generator::process(circuit); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/detail/basic_policy.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 209ed08d4c..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,126 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for TBCS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a TBCS-to-USCS reduction, and -// (2) a ppzkSNARK for USCS. -// -// -// Acronyms: -// -// - TBCS = "Two-input Boolean Circuit Satisfiability" -// - USCS = "Unitary-Square Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct tbcs_ppzksnark_policy { - - /******************************** Params ********************************/ - - /** - * Below are various typedefs aliases (used for uniformity with other proof systems). - */ - - typedef tbcs_circuit circuit_type; - - typedef tbcs_primary_input primary_input_type; - - typedef tbcs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the TBCS ppzkSNARK. - */ - typedef tbcs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the TBCS ppzkSNARK. - */ - typedef typename uscs_ppzksnark::verification_key_type verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the TBCS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef typename uscs_ppzksnark::processed_verification_key_type - processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the TBCS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef tbcs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the TBCS ppzkSNARK. - */ - typedef typename uscs_ppzksnark::proof_type proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/generator.hpp deleted file mode 100644 index 41d10636d2..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/generator.hpp +++ /dev/null @@ -1,76 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_GENERATOR_HPP - -#include -#include -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A generator algorithm for the TBCS ppzkSNARK. - * - * Given a TBCS circuit C, this algorithm produces proving and verification keys for C. - */ - template - class tbcs_ppzksnark_generator { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - - static inline keypair_type process(const circuit_type &circuit) { - typedef typename CurveType::scalar_field_type field_type; - - const uscs_constraint_system uscs_cs = - reductions::tbcs_to_uscs::instance_map(circuit); - const typename uscs_ppzksnark::keypair_type uscs_keypair = - generate>(uscs_cs); - - proving_key_type pk = proving_key_type(std::move(circuit), std::move(uscs_keypair.first)); - - return keypair_type(std::move(pk), std::move(uscs_keypair.second)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/keypair.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/keypair.hpp deleted file mode 100644 index 49afd95d78..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,45 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_TBCS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_TBCS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A key pair for the TBCS ppzkSNARK, which consists of a proving key and a verification key. - */ - template - using tbcs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/prover.hpp deleted file mode 100644 index 7c489304a4..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/prover.hpp +++ /dev/null @@ -1,87 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_PROVER_HPP - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the TBCS ppzkSNARK. - * - * Given a TBCS primary input X and a TBCS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that C(X,Y)=0''. - * Above, C is the TBCS circuit that was given as input to the generator algorithm. - */ - template - class tbcs_ppzksnark_prover { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const uscs_variable_assignment uscs_va = - reductions::tbcs_to_uscs::witness_map( - pk.circuit, primary_input, auxiliary_input); - const uscs_primary_input uscs_pi = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - const uscs_auxiliary_input uscs_ai( - uscs_va.begin() + primary_input.size(), - uscs_va.end()); // TODO: faster to just change bacs_to_r1cs::witness_map into - // two :( - - return prove>(pk.uscs_pk, uscs_pi, uscs_ai); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/proving_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/proving_key.hpp deleted file mode 100644 index f598cf6398..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,93 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_TBCS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_TBCS_PPZKSNARK_PROVING_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the R1CS ppzkSNARK. - */ - template - struct tbcs_ppzksnark_proving_key { - - typedef CurveType curve_type; - typedef CircuitType circuit_type; - typedef typename curve_type::scalar_field_type field_type; - - circuit_type circuit; - uscs_ppzksnark_proving_key uscs_pk; - - tbcs_ppzksnark_proving_key() {}; - tbcs_ppzksnark_proving_key(const tbcs_ppzksnark_proving_key &other) = default; - tbcs_ppzksnark_proving_key(tbcs_ppzksnark_proving_key &&other) = default; - tbcs_ppzksnark_proving_key(const circuit_type &circuit, - const uscs_ppzksnark_proving_key &uscs_pk) : - circuit(circuit), - uscs_pk(uscs_pk) { - } - tbcs_ppzksnark_proving_key(circuit_type &&circuit, - uscs_ppzksnark_proving_key &&uscs_pk) : - circuit(std::move(circuit)), - uscs_pk(std::move(uscs_pk)) { - } - - tbcs_ppzksnark_proving_key &operator=(const tbcs_ppzksnark_proving_key &other) = default; - - std::size_t G1_size() const { - return uscs_pk.G1_size(); - } - - std::size_t G2_size() const { - return uscs_pk.G2_size(); - } - - std::size_t G1_sparse_size() const { - return uscs_pk.G1_sparse_size(); - } - - std::size_t G2_sparse_size() const { - return uscs_pk.G2_sparse_size(); - } - - std::size_t size_in_bits() const { - return uscs_pk.size_in_bits(); - } - - bool operator==(const tbcs_ppzksnark_proving_key &other) const { - return (this->circuit == other.circuit && this->uscs_pk == other.uscs_pk); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/verifier.hpp deleted file mode 100644 index 22811e4860..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,166 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_VERIFIER_HPP - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /* - Below are four variants of verifier algorithm for the TBCS ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = C.num_inputs, whereas - weak input consistency requires that |primary_input| <= C.num_inputs (and - the primary input is implicitly padded with zeros up to length C.num_inputs). - */ - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class tbcs_ppzksnark_process_verification_key { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type process(const verification_key_type &vk) { - return uscs_ppzksnark_process_verification_key::process(vk); - } - }; - - template - class tbcs_ppzksnark_verifier_weak_input_consistency { - typedef detail::tbcs_ppzksnark_policy policy_type; - - using uscs_ppzksnark_weak_proof_system = - uscs_ppzksnark, - uscs_ppzksnark_prover, - uscs_ppzksnark_verifier_weak_input_consistency>; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - return verify( - tbcs_ppzksnark_process_verification_key::process(vk), uscs_input, proof); - } - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - - return verify(pvk, uscs_input, proof); - } - }; - - template - class tbcs_ppzksnark_verifier_strong_input_consistency { - typedef detail::tbcs_ppzksnark_policy policy_type; - - using uscs_ppzksnark_proof_system = uscs_ppzksnark; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - - return verify( - tbcs_ppzksnark_process_verification_key::process(vk), uscs_input, proof); - } - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - - return verify(pvk, uscs_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark.hpp deleted file mode 100644 index 3a71a61498..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark.hpp +++ /dev/null @@ -1,109 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_HPP -#define CRYPTO3_USCS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for USCS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation instantiates the protocol of \[DFGK14], by following - * extending, and optimizing the approach described in \[BCTV14]. - * - * Acronyms: - * - "ppzkSNARK" = "Pre-Processing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - * - "USCS" = "Unitary-Square Constraint Systems" - * - * References: - * - * \[BCTV14]: - * "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", - * Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, - * USENIX Security 2014, - * - * - * \[DFGK14]: - * "Square Span Programs with Applications to Succinct NIZK Arguments" - * George Danezis, Cedric Fournet, Jens Groth, Markulf Kohlweiss, - * ASIACRYPT 2014, - * - */ - template, - typename Prover = uscs_ppzksnark_prover, - typename Verifier = uscs_ppzksnark_verifier_strong_input_consistency> - class uscs_ppzksnark { - typedef detail::uscs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_USCS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/detail/basic_policy.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index cdd3610982..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,141 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for USCS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates the protocol of \[DFGK14], by following -// extending, and optimizing the approach described in \[BCTV14]. -// -// -// Acronyms: -// -// - "ppzkSNARK" = "Pre-Processing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// - "USCS" = "Unitary-Square Constraint Systems" -// -// References: -// -// \[BCTV14]: -// "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// USENIX Security 2014, -// -// -// \[DFGK14]: -// "Square Span Programs with Applications to Succinct NIZK Arguments" -// George Danezis, Cedric Fournet, Jens Groth, Markulf Kohlweiss, -// ASIACRYPT 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_USCS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - template - struct uscs_ppzksnark_policy { - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef uscs_constraint_system constraint_system_type; - - typedef uscs_primary_input primary_input_type; - - typedef uscs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the USCS ppzkSNARK. - */ - typedef uscs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the USCS ppzkSNARK. - */ - typedef uscs_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the USCS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef uscs_ppzksnark_processed_verification_key processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the USCS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef uscs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the USCS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef uscs_ppzksnark_proof proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_USCS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/generator.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/generator.hpp deleted file mode 100644 index 8be463783c..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/generator.hpp +++ /dev/null @@ -1,183 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP - -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A generator algorithm for the USCS ppzkSNARK. - * - * Given a USCS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - template - class uscs_ppzksnark_generator { - typedef detail::uscs_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using scalar_field_type = typename CurveType::scalar_field_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type process(const constraint_system_type &constraint_system) { - - /* draw random element at which the SSP is evaluated */ - - const typename scalar_field_type::value_type t = algebra::random_element(); - - /* perform USCS-to-SSP reduction */ - - ssp_instance_evaluation ssp_inst = - reductions::uscs_to_ssp::instance_map_with_evaluation(constraint_system, - t); - - /* construct various tables of typename FieldType::value_type elements */ - - std::vector Vt_table = std::move( - ssp_inst.Vt); // ssp_inst.Vt is now in unspecified state, but we do not use it later - std::vector Ht_table = std::move( - ssp_inst.Ht); // ssp_inst.Ht is now in unspecified state, but we do not use it later - - Vt_table.emplace_back(ssp_inst.Zt); - - std::vector Xt_table = - std::vector( - Vt_table.begin(), Vt_table.begin() + ssp_inst.num_inputs + 1); - std::vector Vt_table_minus_Xt_table = - std::vector( - Vt_table.begin() + ssp_inst.num_inputs + 1, Vt_table.end()); - - /* sanity checks */ - - assert(Vt_table.size() == ssp_inst.num_variables + 2); - assert(Ht_table.size() == ssp_inst.degree + 1); - assert(Xt_table.size() == ssp_inst.num_inputs + 1); - assert(Vt_table_minus_Xt_table.size() == ssp_inst.num_variables + 2 - ssp_inst.num_inputs - 1); - for (std::size_t i = 0; i < ssp_inst.num_inputs + 1; ++i) { - assert(!Xt_table[i].is_zero()); - } - - const typename scalar_field_type::value_type alpha = - algebra::random_element(); - - const std::size_t g1_exp_count = - Vt_table.size() + Vt_table_minus_Xt_table.size() + Ht_table.size(); - const std::size_t g2_exp_count = Vt_table_minus_Xt_table.size(); - - std::size_t g1_window = algebra::get_exp_window_size(g1_exp_count); - std::size_t g2_window = algebra::get_exp_window_size(g2_exp_count); - - algebra::window_table g1_table = algebra::get_window_table( - scalar_field_type::value_bits, g1_window, g1_type::value_type::one()); - - algebra::window_table g2_table = algebra::get_window_table( - scalar_field_type::value_bits, g2_window, g2_type::value_type::one()); - - typename std::vector V_g1_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Vt_table_minus_Xt_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(V_g1_query); -#endif - - typename std::vector alpha_V_g1_query = - algebra::batch_exp_with_coeff( - scalar_field_type::value_bits, g1_window, g1_table, alpha, Vt_table_minus_Xt_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(alpha_V_g1_query); -#endif - - typename std::vector H_g1_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Ht_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_g1_query); -#endif - - typename std::vector V_g2_query = - algebra::batch_exp(scalar_field_type::value_bits, g2_window, - g2_table, Vt_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(V_g2_query); -#endif - const typename scalar_field_type::value_type tilde = - algebra::random_element(); - typename g2_type::value_type tilde_g2 = tilde * g2_type::value_type::one(); - typename g2_type::value_type alpha_tilde_g2 = (alpha * tilde) * g2_type::value_type::one(); - typename g2_type::value_type Z_g2 = ssp_inst.Zt * g2_type::value_type::one(); - - typename g1_type::value_type encoded_IC_base = Xt_table[0] * g1_type::value_type::one(); - typename std::vector encoded_IC_values = - algebra::batch_exp( - scalar_field_type::value_bits, g1_window, g1_table, - std::vector(Xt_table.begin() + 1, - Xt_table.end())); - - accumulation_vector encoded_IC_query(std::move(encoded_IC_base), - std::move(encoded_IC_values)); - - verification_key_type vk = - verification_key_type(tilde_g2, alpha_tilde_g2, Z_g2, encoded_IC_query); - - constraint_system_type cs_copy = constraint_system; - proving_key_type pk = proving_key_type(std::move(V_g1_query), - std::move(alpha_V_g1_query), - std::move(H_g1_query), - std::move(V_g2_query), - std::move(cs_copy)); - - return keypair_type(std::move(pk), std::move(vk)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/keypair.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/keypair.hpp deleted file mode 100644 index d49c6e0984..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_USCS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using uscs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proof.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proof.hpp deleted file mode 100644 index 4149594222..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proof.hpp +++ /dev/null @@ -1,90 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_PROOF_HPP -#define CRYPTO3_USCS_PPZKSNARK_PROOF_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proof for the USCS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - template - class uscs_ppzksnark_proof { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g1_type::value_type V_g1; - typename g1_type::value_type alpha_V_g1; - typename g1_type::value_type H_g1; - typename g2_type::value_type V_g2; - - uscs_ppzksnark_proof() : - V_g1(g1_type::value_type::one()), alpha_V_g1(g1_type::value_type::one()), - H_g1(g1_type::value_type::one()), V_g2(g2_type::value_type::one()) { - // invalid proof with valid curve points - } - uscs_ppzksnark_proof(typename g1_type::value_type &&V_g1, - typename g1_type::value_type &&alpha_V_g1, - typename g1_type::value_type &&H_g1, - typename g2_type::value_type &&V_g2) : - V_g1(std::move(V_g1)), - alpha_V_g1(std::move(alpha_V_g1)), H_g1(std::move(H_g1)), V_g2(std::move(V_g2)) {}; - - std::size_t G1_size() const { - return 3; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool is_well_formed() const { - return (V_g1.is_well_formed() && alpha_V_g1.is_well_formed() && H_g1.is_well_formed() && - V_g2.is_well_formed()); - } - - bool operator==(const uscs_ppzksnark_proof &other) const { - return (this->V_g1 == other.V_g1 && this->alpha_V_g1 == other.alpha_V_g1 && - this->H_g1 == other.H_g1 && this->V_g2 == other.V_g2); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/prover.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/prover.hpp deleted file mode 100644 index 97891e1569..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/prover.hpp +++ /dev/null @@ -1,143 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the USCS ppzkSNARK. - * - * Given a USCS primary input X and a USCS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the USCS constraint system that was given as input to the generator algorithm. - */ - template - class uscs_ppzksnark_prover { - typedef detail::uscs_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - ; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - const typename CurveType::scalar_field_type::value_type d = - algebra::random_element(); - - const ssp_witness ssp_wit = - reductions::uscs_to_ssp::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, d); - - /* sanity checks */ - assert(proving_key.constraint_system.is_satisfied(primary_input, auxiliary_input)); - assert(proving_key.V_g1_query.size() == ssp_wit.num_variables + 2 - ssp_wit.num_inputs - 1); - assert(proving_key.alpha_V_g1_query.size() == - ssp_wit.num_variables + 2 - ssp_wit.num_inputs - 1); - assert(proving_key.H_g1_query.size() == ssp_wit.degree + 1); - assert(proving_key.V_g2_query.size() == ssp_wit.num_variables + 2); - - typename g1_type::value_type V_g1 = - ssp_wit.d * proving_key.V_g1_query[proving_key.V_g1_query.size() - 1]; - typename g1_type::value_type alpha_V_g1 = - ssp_wit.d * proving_key.alpha_V_g1_query[proving_key.alpha_V_g1_query.size() - 1]; - typename g1_type::value_type H_g1 = g1_type::value_type::zero(); - typename g2_type::value_type V_g2 = - proving_key.V_g2_query[0] + - ssp_wit.d * proving_key.V_g2_query[proving_key.V_g2_query.size() - 1]; - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - // MAYBE LATER: do queries 1,2,4 at once for slightly better speed - - V_g1 = V_g1 + algebra::multiexp_with_mixed_addition( - proving_key.V_g1_query.begin(), - proving_key.V_g1_query.begin() + (ssp_wit.num_variables - ssp_wit.num_inputs), - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_inputs, - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_variables, chunks); - - alpha_V_g1 = - alpha_V_g1 + - algebra::multiexp_with_mixed_addition( - proving_key.alpha_V_g1_query.begin(), - proving_key.alpha_V_g1_query.begin() + (ssp_wit.num_variables - ssp_wit.num_inputs), - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_inputs, - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_variables, chunks); - - H_g1 = H_g1 + algebra::multiexp( - proving_key.H_g1_query.begin(), - proving_key.H_g1_query.begin() + ssp_wit.degree + 1, - ssp_wit.coefficients_for_H.begin(), - ssp_wit.coefficients_for_H.begin() + ssp_wit.degree + 1, chunks); - - V_g2 = V_g2 + algebra::multiexp( - proving_key.V_g2_query.begin() + 1, - proving_key.V_g2_query.begin() + ssp_wit.num_variables + 1, - ssp_wit.coefficients_for_Vs.begin(), - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_variables, chunks); - - proof_type proof = - proof_type(std::move(V_g1), std::move(alpha_V_g1), std::move(H_g1), std::move(V_g2)); - - return proof; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proving_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proving_key.hpp deleted file mode 100644 index ffa73ac0aa..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,98 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_USCS_PPZKSNARK_PROVING_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the USCS ppzkSNARK. - */ - template - class uscs_ppzksnark_proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef ConstraintSystem constraint_system_type; - - std::vector V_g1_query; - std::vector alpha_V_g1_query; - std::vector H_g1_query; - std::vector V_g2_query; - - constraint_system_type constraint_system; - - uscs_ppzksnark_proving_key() {}; - uscs_ppzksnark_proving_key &operator=(const uscs_ppzksnark_proving_key &other) = default; - uscs_ppzksnark_proving_key(const uscs_ppzksnark_proving_key &other) = default; - uscs_ppzksnark_proving_key(uscs_ppzksnark_proving_key &&other) = default; - uscs_ppzksnark_proving_key(std::vector &&V_g1_query, - std::vector &&alpha_V_g1_query, - std::vector &&H_g1_query, - std::vector &&V_g2_query, - constraint_system_type &&constraint_system) : - V_g1_query(std::move(V_g1_query)), - alpha_V_g1_query(std::move(alpha_V_g1_query)), H_g1_query(std::move(H_g1_query)), - V_g2_query(std::move(V_g2_query)), constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return V_g1_query.size() + alpha_V_g1_query.size() + H_g1_query.size(); - } - - std::size_t G2_size() const { - return V_g2_query.size(); - } - - std::size_t G1_sparse_size() const { - return G1_size(); - } - - std::size_t G2_sparse_size() const { - return G2_size(); - } - - std::size_t size_in_bits() const { - return g1_type::value_bits * G1_size() + g2_type::value_bits * G2_size(); - } - - bool operator==(const uscs_ppzksnark_proving_key &other) const { - return (this->V_g1_query == other.V_g1_query && - this->alpha_V_g1_query == other.alpha_V_g1_query && - this->H_g1_query == other.H_g1_query && this->V_g2_query == other.V_g2_query && - this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verification_key.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verification_key.hpp deleted file mode 100644 index c1f463d767..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,117 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_USCS_PPZKSNARK_VERIFICATION_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /** - * A verification key for the USCS ppzkSNARK. - */ - template - class uscs_ppzksnark_verification_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g2_type::value_type tilde_g2; - typename g2_type::value_type alpha_tilde_g2; - typename g2_type::value_type Z_g2; - - container::accumulation_vector encoded_IC_query; - - uscs_ppzksnark_verification_key() = default; - uscs_ppzksnark_verification_key(const typename g2_type::value_type &tilde_g2, - const typename g2_type::value_type &alpha_tilde_g2, - const typename g2_type::value_type &Z_g2, - const container::accumulation_vector &eIC) : - tilde_g2(tilde_g2), - alpha_tilde_g2(alpha_tilde_g2), Z_g2(Z_g2), encoded_IC_query(eIC) {}; - - std::size_t G1_size() const { - return encoded_IC_query.size(); - } - - std::size_t G2_size() const { - return 3; - } - - std::size_t size_in_bits() const { - return encoded_IC_query.size_in_bits() + 3 * g2_type::value_bits; - } - - bool operator==(const uscs_ppzksnark_verification_key &other) const { - return (this->tilde_g2 == other.tilde_g2 && this->alpha_tilde_g2 == other.alpha_tilde_g2 && - this->Z_g2 == other.Z_g2 && this->encoded_IC_query == other.encoded_IC_query); - } - }; - - /** - * A processed verification key for the USCS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class uscs_ppzksnark_processed_verification_key { - using pairing_policy = pairing::pairing_policy; - - public: - typedef CurveType curve_type; - - typename pairing_policy::g1_precomputed_type pp_G1_one_precomp; - typename pairing_policy::g2_precomputed_type pp_G2_one_precomp; - typename pairing_policy::g2_precomputed_type vk_tilde_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_alpha_tilde_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_Z_g2_precomp; - typename CurveType::gt_type::value_type pairing_of_g1_and_g2; - - container::accumulation_vector> encoded_IC_query; - - bool operator==(const uscs_ppzksnark_processed_verification_key &other) const { - return (this->pp_G1_one_precomp == other.pp_G1_one_precomp && - this->pp_G2_one_precomp == other.pp_G2_one_precomp && - this->vk_tilde_g2_precomp == other.vk_tilde_g2_precomp && - this->vk_alpha_tilde_g2_precomp == other.vk_alpha_tilde_g2_precomp && - this->vk_Z_g2_precomp == other.vk_Z_g2_precomp && - this->pairing_of_g1_and_g2 == other.pairing_of_g1_and_g2 && - this->encoded_IC_query == other.encoded_IC_query); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verifier.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verifier.hpp deleted file mode 100644 index 0a8c03a17d..0000000000 --- a/crypto3/libs/zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,234 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_VERIFIER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /* - Below are four variants of verifier algorithm for the USCS ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = CS.num_inputs, whereas - weak input consistency requires that |primary_input| <= CS.num_inputs (and - the primary input is implicitly padded with zeros up to length CS.num_inputs). - */ - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class uscs_ppzksnark_process_verification_key { - typedef detail::uscs_ppzksnark_policy policy_type; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type process(const verification_key_type &vk) { - - processed_verification_key_type pvk; - - pvk.pp_G1_one_precomp = precompute_g1(g1_type::value_type::one()); - pvk.pp_G2_one_precomp = precompute_g2(g2_type::value_type::one()); - - pvk.vk_tilde_g2_precomp = precompute_g2(vk.tilde_g2); - pvk.vk_alpha_tilde_g2_precomp = precompute_g2(vk.alpha_tilde_g2); - pvk.vk_Z_g2_precomp = precompute_g2(vk.Z_g2); - - pvk.pairing_of_g1_and_g2 = miller_loop(pvk.pp_G1_one_precomp, pvk.pp_G2_one_precomp); - - pvk.encoded_IC_query = vk.encoded_IC_query; - - return pvk; - } - }; - - template - class uscs_ppzksnark_verifier_weak_input_consistency { - typedef detail::uscs_ppzksnark_policy policy_type; - - using pairing_policy = pairing::pairing_policy; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - - return process(uscs_ppzksnark_process_verification_key::process(vk), primary_input, - proof); - } - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - assert(pvk.encoded_IC_query.domain_size() >= primary_input.size()); - - const accumulation_vector> accumulated_IC = - pvk.encoded_IC_query.accumulate_chunk(primary_input.begin(), primary_input.end(), 0); - assert(accumulated_IC.is_fully_accumulated()); - const typename CurveType::template g1_type<>::value_type &acc = accumulated_IC.first; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_V_g1_with_acc_precomp = - precompute_g1(proof.V_g1 + acc); - typename pairing_policy::g2_precomputed_type proof_V_g2_precomp = - precompute_g2(proof.V_g2); - typename CurveType::gt_type::value_type V_1 = - miller_loop(proof_V_g1_with_acc_precomp, pvk.pp_G2_one_precomp); - typename CurveType::gt_type::value_type V_2 = - miller_loop(pvk.pp_G1_one_precomp, proof_V_g2_precomp); - typename CurveType::gt_type::value_type V = - final_exponentiation(V_1 * V_2.unitary_inversed()); - - if (V != CurveType::gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_H_g1_precomp = - precompute_g1(proof.H_g1); - typename CurveType::gt_type::value_type SSP_1 = - miller_loop(proof_V_g1_with_acc_precomp, proof_V_g2_precomp); - typename CurveType::gt_type::value_type SSP_2 = - miller_loop(proof_H_g1_precomp, pvk.vk_Z_g2_precomp); - typename CurveType::gt_type::value_type SSP = final_exponentiation( - SSP_1.unitary_inversed() * SSP_2 * pvk.pairing_of_g1_and_g2); - - if (SSP != CurveType::gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_V_g1_precomp = - precompute_g1(proof.V_g1); - typename pairing_policy::g1_precomputed_type proof_alpha_V_g1_precomp = - precompute_g1(proof.alpha_V_g1); - typename CurveType::gt_type::value_type alpha_V_1 = - miller_loop(proof_V_g1_precomp, pvk.vk_alpha_tilde_g2_precomp); - typename CurveType::gt_type::value_type alpha_V_2 = - miller_loop(proof_alpha_V_g1_precomp, pvk.vk_tilde_g2_precomp); - typename CurveType::gt_type::value_type alpha_V = - final_exponentiation(alpha_V_1 * alpha_V_2.unitary_inversed()); - - if (alpha_V != CurveType::gt_type::value_type::one()) { - result = false; - } - - return result; - } - }; - - template - class uscs_ppzksnark_verifier_strong_input_consistency { - typedef detail::uscs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return uscs_ppzksnark_verifier_strong_input_consistency::process( - uscs_ppzksnark_process_verification_key::process(vk), primary_input, proof); - } - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - bool result = true; - - if (pvk.encoded_IC_query.domain_size() != primary_input.size()) { - result = false; - } else { - result = uscs_ppzksnark_verifier_weak_input_consistency::process( - pvk, primary_input, proof); - } - - return result; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/crypto3/libs/zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp b/crypto3/libs/zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp index 92da6d01a1..b6c9ba00d3 100644 --- a/crypto3/libs/zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp +++ b/crypto3/libs/zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp @@ -152,7 +152,7 @@ namespace nil { template typename std::enable_if_t< - !algebra::is_group_element::value && + !algebra::is_curve_element::value && !algebra::is_field_element::value> operator()(const InputRange &r) { auto acc_convertible = hash(state); @@ -169,7 +169,7 @@ namespace nil { template typename std::enable_if_t< - algebra::is_group_element::value || + algebra::is_curve_element::value || algebra::is_field_element::value > operator()(element const& data) { @@ -293,7 +293,7 @@ namespace nil { template typename std::enable_if_t< - !algebra::is_group_element::value + !algebra::is_curve_element::value > operator()(const InputRange &r) { sponge.absorb(static_cast(hash(r))); @@ -301,7 +301,7 @@ namespace nil { template typename std::enable_if_t< - algebra::is_group_element::value + algebra::is_curve_element::value > operator()(element const& data) { auto affine = data.to_affine(); diff --git a/crypto3/libs/zk/test/CMakeLists.txt b/crypto3/libs/zk/test/CMakeLists.txt index 2b9469a6b3..dc8641ecfa 100644 --- a/crypto3/libs/zk/test/CMakeLists.txt +++ b/crypto3/libs/zk/test/CMakeLists.txt @@ -54,7 +54,6 @@ set(TESTS_NAMES "commitment/pedersen" "commitment/proof_of_knowledge" # "commitment/powers_of_tau" -# "commitment/r1cs_gg_ppzksnark_mpc" # "commitment/type_traits" # "commitment/kimchi_pedersen" "commitment/proof_of_work" @@ -63,10 +62,6 @@ set(TESTS_NAMES # "routing_algorithms/test_routing_algorithms" -# "relations/numeric/qap" -# "relations/numeric/sap" -# "relations/numeric/ssp" - # "systems/plonk/pickles/pickles" # "systems/plonk/pickles/kimchi" # "systems/plonk/pickles/oracles" @@ -83,20 +78,6 @@ set(TESTS_NAMES "systems/plonk/placeholder/placeholder_curves" "systems/plonk/placeholder/placeholder_quotient_polynomial_chunks" -# "systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd" -# "systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd" - -# "systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark" - "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark" -# "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling" -# "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling" -# "systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark" -# "systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark" -# "systems/ppzksnark/ram_ppzksnark/ram_ppzksnark" -# "systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark" -# "systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark" -# "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity" - "transcript/transcript" # TODO: either delete this code with the test, or fix it later. diff --git a/crypto3/libs/zk/test/commitment/kzg.cpp b/crypto3/libs/zk/test/commitment/kzg.cpp index 4d9d21099a..2ca172bd12 100644 --- a/crypto3/libs/zk/test/commitment/kzg.cpp +++ b/crypto3/libs/zk/test/commitment/kzg.cpp @@ -47,7 +47,6 @@ #include #include #include -#include #include #include diff --git a/crypto3/libs/zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp b/crypto3/libs/zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp deleted file mode 100644 index aa17de0c45..0000000000 --- a/crypto3/libs/zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp +++ /dev/null @@ -1,163 +0,0 @@ -#define BOOST_TEST_MODULE mpc_generator_test - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "../systems/ppzksnark/r1cs_examples.hpp" - -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::zk::commitments; - -BOOST_AUTO_TEST_SUITE(mpc_generator_test_suite) - - BOOST_AUTO_TEST_CASE(mpc_generator_compare_keypairs_without_delta_contribution_test) { - - using curve_type = curves::bls12<381>; - using scalar_field_type = curve_type::scalar_field_type; - using scalar_field_value_type = scalar_field_type::value_type; - - using g1_value_type = curve_type::g1_type<>::value_type; - using g2_value_type = curve_type::g2_type<>::value_type; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - using proving_scheme_generator_type = r1cs_gg_ppzksnark_generator; - - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto sk = powers_of_tau_scheme_type::generate_private_key(); - auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); - acc.transform(sk); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 3); - - std::size_t m = - r1cs_example.constraint_system.num_constraints() + r1cs_example.constraint_system.num_inputs() + 1; - - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, m); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, - result); - auto g1_generator = g1_value_type::one(); - auto g2_generator = g2_value_type::one(); - - auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, L_query, r1cs_copy, - alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = - proving_scheme_generator_type::deterministic_basic_process( - r1cs_example.constraint_system, sk.tau, sk.alpha, sk.beta, scalar_field_value_type::one(), - scalar_field_value_type::one(), g1_generator, g2_generator); - - BOOST_CHECK(mpc_kp.first.alpha_g1 == alpha_g1); - BOOST_CHECK(mpc_kp.first.beta_g1 == beta_g1); - BOOST_CHECK(mpc_kp.first.beta_g2 == beta_g2); - BOOST_CHECK(mpc_kp.first.delta_g1 == delta_g1); - BOOST_CHECK(mpc_kp.first.delta_g2 == delta_g2); - - BOOST_CHECK_EQUAL(mpc_kp.first.A_query.size(), A_query.size()); - BOOST_CHECK_EQUAL(mpc_kp.first.B_query.domain_size(), B_query.domain_size()); - BOOST_CHECK_EQUAL(mpc_kp.first.H_query.size(), H_query.size()); - BOOST_CHECK_EQUAL(mpc_kp.first.L_query.size(), L_query.size()); - - for (std::size_t i = 0; i < A_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.A_query[i] == A_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < B_query.domain_size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.B_query[i] == B_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < H_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.H_query[i] == H_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < L_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.L_query[i] == L_query[i], std::string("i=") + std::to_string(i)); - } - - BOOST_CHECK(mpc_kp.second.alpha_g1_beta_g2 == alpha_g1_beta_g2); - BOOST_CHECK(mpc_kp.second.gamma_g2 == gamma_g2); - BOOST_CHECK(mpc_kp.second.delta_g2 == delta_g2); - - BOOST_CHECK(mpc_kp.second.gamma_ABC_g1.first == gamma_ABC_g1.first); - - BOOST_CHECK_EQUAL(mpc_kp.second.gamma_ABC_g1.rest.domain_size(), gamma_ABC_g1.rest.domain_size()); - - for (std::size_t i = 0; i < gamma_ABC_g1.rest.domain_size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.second.gamma_ABC_g1.rest[i] == gamma_ABC_g1.rest[i], - std::string("i=") + std::to_string(i)); - } - - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); - } - - BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_without_delta_contribution_test) { - - using curve_type = curves::bls12<381>; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto sk = powers_of_tau_scheme_type::generate_private_key(); - auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); - acc.transform(sk); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, - result); - - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); - } - - BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_with_delta_contribution_test) { - - using curve_type = curves::bls12<381>; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - using crs_mpc_type = r1cs_gg_ppzksnark_mpc; - using public_key_type = crs_mpc_type::public_key_type; - - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto pot_sk = powers_of_tau_scheme_type::generate_private_key(); - auto pot_pk = powers_of_tau_scheme_type::proof_eval(pot_sk, acc); - acc.transform(pot_sk); - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, - result); - - std::vector pks; - - auto mpc_sk1 = crs_mpc_type::generate_private_key(); - pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk1, boost::none, mpc_kp)); - commitments::detail::transform_keypair(mpc_kp, mpc_sk1); - BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); - - auto mpc_sk2 = crs_mpc_type::generate_private_key(); - pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk2, pks[0], mpc_kp)); - commitments::detail::transform_keypair(mpc_kp, mpc_sk2); - BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); - - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); - } - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/relations/numeric/qap.cpp b/crypto3/libs/zk/test/relations/numeric/qap.cpp deleted file mode 100644 index 134e384e5e..0000000000 --- a/crypto3/libs/zk/test/relations/numeric/qap.cpp +++ /dev/null @@ -1,154 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE qap_test - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "../../schemes/ppzksnark/r1cs_examples.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_qap(const std::size_t qap_degree, const std::size_t num_inputs, const bool binary_input) { - /* - We construct an instance where the QAP degree is qap_degree. - So we generate an instance of R1CS where the number of constraints qap_degree - num_inputs - 1. - See the transformation from R1CS to QAP for why this is the case. - So we need that qap_degree >= num_inputs + 1. - */ - BOOST_CHECK(num_inputs + 1 <= qap_degree); - - const std::size_t num_constraints = qap_degree - num_inputs - 1; - - std::cout << "Num constraints " << num_constraints << std::endl; - std::cout << "Binary input " << bool(binary_input) << std::endl; - - auto begin = std::chrono::high_resolution_clock::now(); - - r1cs_example example; - if (binary_input) { - example = generate_r1cs_example_with_binary_input(num_constraints, num_inputs); - } else { - example = generate_r1cs_example_with_field_input(num_constraints, num_inputs); - } - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Example generated, time: " << elapsed.count() * 1e-9 << std::endl; - - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - - std::cout << "Constraint system satisfied" << std::endl; - - const typename FieldType::value_type t = random_element(), - d1 = random_element(), - d2 = random_element(), - d3 = random_element(); - begin = std::chrono::high_resolution_clock::now(); - - qap_instance qap_inst_1 = reductions::r1cs_to_qap::instance_map(example.constraint_system); - - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Instance 1 evaluated, time: " << elapsed.count() * 1e-9 << std::endl; - - begin = std::chrono::high_resolution_clock::now(); - - qap_instance_evaluation qap_inst_2 = - reductions::r1cs_to_qap::instance_map_with_evaluation(example.constraint_system, t); - - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Instance 2 evaluated, time: " << elapsed.count() * 1e-9 << std::endl; - - begin = std::chrono::high_resolution_clock::now(); - - qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map(example.constraint_system, example.primary_input, - example.auxiliary_input, d1, d2, d3); - - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Witness evaluated, time: " << elapsed.count() * 1e-9 << std::endl; - - BOOST_CHECK(qap_inst_1.is_satisfied(qap_wit)); - BOOST_CHECK(qap_inst_2.is_satisfied(qap_wit)); -} - -BOOST_AUTO_TEST_SUITE(qap_test_suite) - - BOOST_AUTO_TEST_CASE(qap_test_case) { - const std::size_t num_inputs = 10; - - using basic_curve_type = curves::mnt6<298>; - - const std::size_t basic_domain_size = 1ul << fields::arithmetic_params::s; - const std::size_t step_domain_size = (1ul << 10) + (1ul << 8); - const std::size_t extended_domain_size = - 1ul << (fields::arithmetic_params::s + 1); - const std::size_t extended_domain_size_special = extended_domain_size - 1; - - test_qap(basic_domain_size, num_inputs, true); - test_qap(step_domain_size, num_inputs, true); - test_qap(extended_domain_size, num_inputs, true); - test_qap(extended_domain_size_special, num_inputs, true); - - test_qap(basic_domain_size, num_inputs, false); - test_qap(step_domain_size, num_inputs, false); - test_qap(extended_domain_size, num_inputs, false); - test_qap(extended_domain_size_special, num_inputs, false); - } - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/zk/test/relations/numeric/sap.cpp b/crypto3/libs/zk/test/relations/numeric/sap.cpp deleted file mode 100644 index 833c7b7499..0000000000 --- a/crypto3/libs/zk/test/relations/numeric/sap.cpp +++ /dev/null @@ -1,122 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE sap_test - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_sap(const std::size_t sap_degree, const std::size_t num_inputs, const bool binary_input) { - /* - We construct an instance where the SAP degree is <= sap_degree. - The R1CS-to-SAP reduction produces SAPs with degree - (2 * num_constraints + 2 * num_inputs + 1). - So we generate an instance of R1CS where the number of constraints is - (sap_degree - 1) / 2 - num_inputs. - */ - const std::size_t num_constraints = (sap_degree - 1) / 2 - num_inputs; - BOOST_CHECK(num_constraints >= 1); - - r1cs_example example; - if (binary_input) { - example = generate_r1cs_example_with_binary_input(num_constraints, num_inputs); - } else { - example = generate_r1cs_example_with_field_input(num_constraints, num_inputs); - } - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - - const typename FieldType::value_type t = random_element(), - d1 = random_element(), - d2 = random_element(); - - sap_instance sap_inst_1 = reductions::r1cs_to_sap::instance_map(example.constraint_system); - - sap_instance_evaluation sap_inst_2 = - reductions::r1cs_to_sap::instance_map_with_evaluation(example.constraint_system, t); - - sap_witness sap_wit = - reductions::r1cs_to_sap::witness_map(example.constraint_system, example.primary_input, - example.auxiliary_input, d1, d2); - - BOOST_CHECK(sap_inst_1.is_satisfied(sap_wit)); - BOOST_CHECK(sap_inst_2.is_satisfied(sap_wit)); -} - -BOOST_AUTO_TEST_SUITE(sap_test_suite) - - BOOST_AUTO_TEST_CASE(sap_test) { - const std::size_t num_inputs = 10; - - /** - * due to the specifics of our reduction, we can only get SAPs with odd - * degrees, so we can only test "special" versions of the domains - */ - - using basic_curve_type = curves::mnt6<298>; - - const std::size_t basic_domain_size_special = - (1ul << fields::arithmetic_params::s) - 1ul; - const std::size_t step_domain_size_special = (1ul << 10) + (1ul << 8) - 1ul; - const std::size_t extended_domain_size_special = - (1ul << (fields::arithmetic_params::s + 1)) - 1ul; - - test_sap(basic_domain_size_special, num_inputs, true); - test_sap(step_domain_size_special, num_inputs, true); - test_sap(extended_domain_size_special, num_inputs, true); - - test_sap(basic_domain_size_special, num_inputs, false); - test_sap(step_domain_size_special, num_inputs, false); - test_sap(extended_domain_size_special, num_inputs, false); - } - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/relations/numeric/ssp.cpp b/crypto3/libs/zk/test/relations/numeric/ssp.cpp deleted file mode 100644 index ebf19905ad..0000000000 --- a/crypto3/libs/zk/test/relations/numeric/ssp.cpp +++ /dev/null @@ -1,109 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE ssp_test - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "uscs_examples.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_ssp(const std::size_t num_constraints, const std::size_t num_inputs, const bool binary_input) { - uscs_example example; - if (binary_input) { - example = generate_uscs_example_with_binary_input(num_constraints, num_inputs); - } else { - example = generate_uscs_example_with_field_input(num_constraints, num_inputs); - } - - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - - const typename FieldType::value_type t = random_element(), - d = random_element(); - - ssp_instance ssp_inst_1 = reductions::uscs_to_ssp::instance_map(example.constraint_system); - - ssp_instance_evaluation ssp_inst_2 = - reductions::uscs_to_ssp::instance_map_with_evaluation(example.constraint_system, t); - - ssp_witness ssp_wit = - reductions::uscs_to_ssp::witness_map(example.constraint_system, example.primary_input, - example.auxiliary_input, d); - - BOOST_CHECK(ssp_inst_1.is_satisfied(ssp_wit)); - BOOST_CHECK(ssp_inst_2.is_satisfied(ssp_wit)); -} - -BOOST_AUTO_TEST_SUITE(ssp_test_suite) - - BOOST_AUTO_TEST_CASE(ssp_test) { - const std::size_t num_inputs = 10; - - using basic_curve_type = curves::mnt6<298>; - - const std::size_t basic_domain_size = 1ul << fields::arithmetic_params::s; - const std::size_t step_domain_size = (1ul << 10) + (1ul << 8); - const std::size_t extended_domain_size = - 1ul << (fields::arithmetic_params::s + 1); - const std::size_t extended_domain_size_special = extended_domain_size - 1; - - test_ssp(basic_domain_size, num_inputs, true); - test_ssp(step_domain_size, num_inputs, true); - test_ssp(extended_domain_size, num_inputs, true); - test_ssp(extended_domain_size_special, num_inputs, true); - - test_ssp(basic_domain_size, num_inputs, false); - test_ssp(step_domain_size, num_inputs, false); - test_ssp(extended_domain_size, num_inputs, false); - test_ssp(extended_domain_size_special, num_inputs, false); - } - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/zk/test/relations/numeric/uscs_examples.hpp b/crypto3/libs/zk/test/relations/numeric/uscs_examples.hpp deleted file mode 100644 index 4f91581421..0000000000 --- a/crypto3/libs/zk/test/relations/numeric/uscs_examples.hpp +++ /dev/null @@ -1,187 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a USCS example, as well as functions to sample -// USCS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_EXAMPLES_HPP -#define CRYPTO3_ZK_USCS_EXAMPLES_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A USCS example comprises a USCS constraint system, USCS input, and USCS witness. - */ - template - struct uscs_example { - uscs_constraint_system constraint_system; - uscs_primary_input primary_input; - uscs_auxiliary_input auxiliary_input; - - uscs_example() = default; - uscs_example(const uscs_example &other) = default; - uscs_example(const uscs_constraint_system &constraint_system, - const uscs_primary_input &primary_input, - const uscs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - uscs_example(uscs_constraint_system &&constraint_system, - uscs_primary_input &&primary_input, - uscs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - uscs_example generate_uscs_example_with_field_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - BOOST_CHECK(num_constraints >= num_inputs); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints - num_inputs; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_constraints; ++i) { - full_variable_assignment.emplace_back(typename FieldType::value_type(std::rand())); - } - - for (std::size_t i = 0; i < num_constraints; ++i) { - std::size_t x, y, z; - - do { - x = std::rand() % num_constraints; - y = std::rand() % num_constraints; - z = std::rand() % num_constraints; - } while (x == z || y == z); - - const typename FieldType::value_type x_coeff = typename FieldType::value_type(std::rand()); - const typename FieldType::value_type y_coeff = typename FieldType::value_type(std::rand()); - const typename FieldType::value_type val = - (std::rand() % 2 == 0 ? FieldType::value_type::zero() : -FieldType::value_type::zero()); - const typename FieldType::value_type z_coeff = - (val - x_coeff * full_variable_assignment[x] - y_coeff * full_variable_assignment[y]) * - full_variable_assignment[z].inversed(); - - uscs_constraint constr; - constr.add_term(x + 1, x_coeff); - constr.add_term(y + 1, y_coeff); - constr.add_term(z + 1, z_coeff); - - cs.add_constraint(constr); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of binary values (as opposed to ``full'' field elements). - */ - template - uscs_example generate_uscs_example_with_binary_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(typename FieldType::value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - - /* chose two random bits and XOR them together */ - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - uscs_constraint constr; - constr.add_term(u + 1, 1); - constr.add_term(v + 1, 1); - constr.add_term(lastvar + 1, 1); - constr.add_term(0, -FieldType::value_type::zero()); // shift constant term (which is 0) by 1 - - cs.add_constraint(constr); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // USCS_EXAMPLES_HPP diff --git a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.cpp b/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.cpp deleted file mode 100644 index a172a1ac44..0000000000 --- a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.cpp +++ /dev/null @@ -1,54 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_mp_ppzkpcd_test - -#include - -#include "run_r1cs_mp_ppzkpcd.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_tally(std::size_t arity, std::size_t max_layer, bool test_multi_type, bool test_same_type_optimization) { - const std::size_t wordsize = 32; - const bool bit = run_r1cs_mp_ppzkpcd_tally_example(wordsize, arity, max_layer, test_multi_type, - test_same_type_optimization); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_mp_ppzkpcd_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_mp_ppzkpcd_test_case) { - const std::size_t max_arity = 2; - const std::size_t max_layer = 2; - - test_tally(max_arity, max_layer, false, false); - test_tally(max_arity, max_layer, false, true); - test_tally(max_arity, max_layer, true, false); - test_tally(max_arity, max_layer, true, true); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/run_r1cs_mp_ppzkpcd.hpp b/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/run_r1cs_mp_ppzkpcd.hpp deleted file mode 100644 index bb107288ce..0000000000 --- a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/run_r1cs_mp_ppzkpcd.hpp +++ /dev/null @@ -1,197 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS multi-predicate ppzkPCD -// for a compliance predicate example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_MP_PPZKPCD_HPP -#define CRYPTO3_RUN_R1CS_MP_PPZKPCD_HPP - -#include -#include - -#include "tally_cp.hpp" - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Runs the multi-predicate ppzkPCD (generator, prover, and verifier) for the - * "tally compliance predicate", of a given wordsize, arity, and depth. - * - * Optionally, also test the case of compliance predicates with different types. - */ - template - bool run_r1cs_mp_ppzkpcd_tally_example(std::size_t wordsize, - std::size_t max_arity, - std::size_t depth, - bool test_multi_type, - bool test_same_type_optimization) { - typedef algebra::Fr FieldType; - - bool all_accept = true; - - std::size_t tree_size = 0; - std::size_t nodes_in_layer = 1; - for (std::size_t layer = 0; layer <= depth; ++layer) { - tree_size += nodes_in_layer; - nodes_in_layer *= max_arity; - } - - std::vector tree_types(tree_size); - std::vector tree_elems(tree_size); - std::vector tree_arity(tree_size); - - nodes_in_layer = 1; - std::size_t node_idx = 0; - for (std::size_t layer = 0; layer <= depth; ++layer) { - for (std::size_t id_in_layer = 0; id_in_layer < nodes_in_layer; ++id_in_layer, ++node_idx) { - if (!test_multi_type) { - tree_types[node_idx] = 1; - } else { - if (test_same_type_optimization) { - tree_types[node_idx] = 1 + ((depth - layer) & 1); - } else { - tree_types[node_idx] = 1 + (std::rand() % 2); - } - } - - tree_elems[node_idx] = std::rand() % 100; - tree_arity[node_idx] = - 1 + (std::rand() % max_arity); /* we will just skip below this threshold */ - printf("tree_types[%zu] = %zu\n", node_idx, tree_types[node_idx]); - printf("tree_elems[%zu] = %zu\n", node_idx, tree_elems[node_idx]); - printf("tree_arity[%zu] = %zu\n", node_idx, tree_arity[node_idx]); - } - nodes_in_layer *= max_arity; - } - - std::vector> tree_proofs(tree_size); - std::vector>> tree_messages(tree_size); - - std::set tally_1_accepted_types, tally_2_accepted_types; - if (test_same_type_optimization) { - if (!test_multi_type) { - /* only tally 1 is going to be used */ - tally_1_accepted_types.insert(1); - } else { - tally_1_accepted_types.insert(2); - tally_2_accepted_types.insert(1); - } - } - - tally_cp_handler tally_1( - 1, max_arity, wordsize, test_same_type_optimization, tally_1_accepted_types); - tally_cp_handler tally_2( - 2, max_arity, wordsize, test_same_type_optimization, tally_2_accepted_types); - tally_1.generate_r1cs_constraints(); - tally_2.generate_r1cs_constraints(); - r1cs_pcd_compliance_predicate cp_1 = tally_1.get_compliance_predicate(); - r1cs_pcd_compliance_predicate cp_2 = tally_2.get_compliance_predicate(); - - r1cs_mp_ppzkpcd_keypair keypair = r1cs_mp_ppzkpcd_generator({cp_1, cp_2}); - - r1cs_mp_ppzkpcd_processed_verification_key pvk = - r1cs_mp_ppzkpcd_process_vk(keypair.vk); - - std::shared_ptr> base_msg = - tally_1.get_base_case_message(); /* we choose the base to always be tally_1 */ - nodes_in_layer /= max_arity; - for (long layer = depth; layer >= 0; --layer, nodes_in_layer /= max_arity) { - for (std::size_t i = 0; i < nodes_in_layer; ++i) { - const std::size_t cur_idx = (nodes_in_layer - 1) / (max_arity - 1) + i; - - tally_cp_handler &cur_tally = (tree_types[cur_idx] == 1 ? tally_1 : tally_2); - r1cs_pcd_compliance_predicate &cur_cp = (tree_types[cur_idx] == 1 ? cp_1 : cp_2); - - const bool base_case = (max_arity * cur_idx + max_arity >= tree_size); - - std::vector>> msgs(max_arity, base_msg); - std::vector> proofs(max_arity); - - if (!base_case) { - for (std::size_t i = 0; i < max_arity; ++i) { - msgs[i] = tree_messages[max_arity * cur_idx + i + 1]; - proofs[i] = tree_proofs[max_arity * cur_idx + i + 1]; - } - } - msgs.resize(tree_arity[i]); - proofs.resize(tree_arity[i]); - - std::shared_ptr> ld; - ld.reset(new tally_pcd_local_data(tree_elems[cur_idx])); - cur_tally.generate_r1cs_witness(msgs, ld); - - const r1cs_pcd_compliance_predicate_primary_input tally_primary_input( - cur_tally.get_outgoing_message()); - const r1cs_pcd_compliance_predicate_auxiliary_input tally_auxiliary_input( - msgs, ld, cur_tally.get_witness()); - - r1cs_mp_ppzkpcd_proof proof = r1cs_mp_ppzkpcd_prover( - keypair.pk, cur_cp.name, tally_primary_input, tally_auxiliary_input, proofs); - - tree_proofs[cur_idx] = proof; - tree_messages[cur_idx] = cur_tally.get_outgoing_message(); - - const r1cs_mp_ppzkpcd_primary_input pcd_verifier_input(tree_messages[cur_idx]); - const bool ans = - r1cs_mp_ppzkpcd_verifier(keypair.vk, pcd_verifier_input, tree_proofs[cur_idx]); - - const bool ans2 = - r1cs_mp_ppzkpcd_online_verifier(pvk, pcd_verifier_input, tree_proofs[cur_idx]); - BOOST_CHECK(ans == ans2); - - all_accept = all_accept && ans; - - printf("\n"); - for (std::size_t i = 0; i < msgs.size(); ++i) { - printf("Message %zu was:\n", i); - msgs[i]->print(); - } - printf("Summand at this node:\n%zu\n", tree_elems[cur_idx]); - printf("Outgoing message is:\n"); - tree_messages[cur_idx]->print(); - printf("\n"); - printf("Current node = %zu. Current proof verifies = %s\n", cur_idx, ans ? "YES" : "NO"); - printf( - "\n\n\n " - "================================================================================" - "\n\n\n"); - } - } - - return all_accept; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_MP_PPZKPCD_HPP diff --git a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/tally_cp.hpp b/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/tally_cp.hpp deleted file mode 100644 index ac6b0e21e7..0000000000 --- a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/tally_cp.hpp +++ /dev/null @@ -1,386 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the tally compliance predicate. -// -// The tally compliance predicate has two purposes: -// (1) it exemplifies the use of interfaces declared in cp_handler.hpp, and -// (2) it enables us to test r1cs_pcd functionalities. -// -// See -// - snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/examples/run_r1cs_sp_ppzkpcd.hpp -// - snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/examples/run_r1cs_mp_ppzkpcd.hpp -// for code that uses the tally compliance predicate. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TALLY_CP_HPP -#define CRYPTO3_ZK_TALLY_CP_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Subclasses a R1CS PCD message to the tally compliance predicate. - */ - template - class tally_pcd_message : public r1cs_pcd_message { - public: - std::size_t wordsize; - - std::size_t sum; - std::size_t count; - - tally_pcd_message(const std::size_t type, const std::size_t wordsize, const std::size_t sum, - const std::size_t count); - r1cs_variable_assignment payload_as_r1cs_variable_assignment() const; - - ~tally_pcd_message() = default; - }; - - template - class tally_pcd_local_data : public r1cs_pcd_local_data { - public: - std::size_t summand; - - tally_pcd_local_data(const std::size_t summand); - r1cs_variable_assignment as_r1cs_variable_assignment() const; - - ~tally_pcd_local_data() = default; - }; - - /** - * Subclass a R1CS compliance predicate handler to the tally compliance predicate handler. - */ - template - class tally_cp_handler : public compliance_predicate_handler> { - public: - typedef compliance_predicate_handler> base_handler; - blueprint_variable_vector incoming_types; - - blueprint_variable sum_out_packed; - blueprint_variable count_out_packed; - blueprint_variable_vector sum_in_packed; - blueprint_variable_vector count_in_packed; - - blueprint_variable_vector sum_in_packed_aux; - blueprint_variable_vector count_in_packed_aux; - - std::shared_ptr> unpack_sum_out; - std::shared_ptr> unpack_count_out; - std::vector> pack_sum_in; - std::vector> pack_count_in; - - blueprint_variable type_val_inner_product; - std::shared_ptr> compute_type_val_inner_product; - - blueprint_variable_vector arity_indicators; - - std::size_t wordsize; - std::size_t message_length; - - tally_cp_handler(std::size_t type, - std::size_t max_arity, - std::size_t wordsize, - bool relies_on_same_type_inputs = false, - const std::set &accepted_input_types = std::set()); - - void generate_r1cs_constraints(); - void generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data); - - std::shared_ptr> get_base_case_message() const; - }; - - template - tally_pcd_message::tally_pcd_message(const std::size_t type, - const std::size_t wordsize, - const std::size_t sum, - const std::size_t count) : - r1cs_pcd_message(type), - wordsize(wordsize), sum(sum), count(count) { - } - - template - r1cs_variable_assignment - tally_pcd_message::payload_as_r1cs_variable_assignment() const { - std::function bit_to_FieldT = [](const bool bit) { - return bit ? FieldType::value_type::zero() : FieldType::value_type::zero(); - }; - - const std::vector sum_bits = - algebra::convert_field_element_to_bit_vector(sum, wordsize); - const std::vector count_bits = - algebra::convert_field_element_to_bit_vector(count, wordsize); - - r1cs_variable_assignment result(2 * wordsize); - std::transform(sum_bits.begin(), sum_bits.end(), result.begin(), bit_to_FieldT); - std::transform(count_bits.begin(), count_bits.end(), result.begin() + wordsize, bit_to_FieldT); - - return result; - } - - template - tally_pcd_local_data::tally_pcd_local_data(const std::size_t summand) : summand(summand) { - } - - template - r1cs_variable_assignment - tally_pcd_local_data::as_r1cs_variable_assignment() const { - return {FieldType(summand)}; - } - - template - class tally_pcd_message_variable : public r1cs_pcd_message_variable { - public: - blueprint_variable_vector sum_bits; - blueprint_variable_vector count_bits; - std::size_t wordsize; - - tally_pcd_message_variable(blueprint &bp, const std::size_t wordsize) : - r1cs_pcd_message_variable(bp), wordsize(wordsize) { - sum_bits.allocate(bp, wordsize); - count_bits.allocate(bp, wordsize); - - this->update_all_vars(); - } - - std::shared_ptr> get_message() const { - const std::size_t type_val = this->bp.val(this->type).as_ulong(); - const std::size_t sum_val = sum_bits.get_field_element_from_bits(this->bp).as_ulong(); - const std::size_t count_val = count_bits.get_field_element_from_bits(this->bp).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type_val, wordsize, sum_val, count_val)); - return result; - } - - ~tally_pcd_message_variable() = default; - }; - - template - class tally_pcd_local_data_variable : public r1cs_pcd_local_data_variable { - public: - blueprint_variable summand; - - tally_pcd_local_data_variable(blueprint &bp) : - r1cs_pcd_local_data_variable(bp) { - summand.allocate(bp); - - this->update_all_vars(); - } - - std::shared_ptr> get_local_data() const { - const std::size_t summand_val = this->bp.val(summand).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_local_data(summand_val)); - return result; - } - - ~tally_pcd_local_data_variable() = default; - }; - - template - tally_cp_handler::tally_cp_handler(std::size_t type, std::size_t max_arity, - std::size_t wordsize, bool relies_on_same_type_inputs, - const std::set &accepted_input_types) : - compliance_predicate_handler>(blueprint(), - type * 100, - type, - max_arity, - relies_on_same_type_inputs, - accepted_input_types), - wordsize(wordsize) { - this->outgoing_message.reset(new tally_pcd_message_variable(this->bp, wordsize)); - this->arity.allocate(this->bp); - - for (std::size_t i = 0; i < max_arity; ++i) { - this->incoming_messages[i].reset(new tally_pcd_message_variable(this->bp, wordsize)); - } - - this->local_data.reset(new tally_pcd_local_data_variable(this->bp)); - - sum_out_packed.allocate(this->bp); - count_out_packed.allocate(this->bp); - - sum_in_packed.allocate(this->bp, max_arity); - count_in_packed.allocate(this->bp, max_arity); - - sum_in_packed_aux.allocate(this->bp, max_arity); - count_in_packed_aux.allocate(this->bp, max_arity); - - type_val_inner_product.allocate(this->bp); - for (auto &msg : this->incoming_messages) { - incoming_types.emplace_back(msg->type); - } - - compute_type_val_inner_product.reset(new inner_product_component( - this->bp, incoming_types, sum_in_packed, type_val_inner_product)); - - unpack_sum_out.reset(new packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->sum_bits, - sum_out_packed)); - unpack_count_out.reset(new packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->count_bits, - count_out_packed)); - - for (std::size_t i = 0; i < max_arity; ++i) { - pack_sum_in.emplace_back(packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - sum_in_packed[i])); - pack_count_in.emplace_back(packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - count_in_packed[i])); - } - - arity_indicators.allocate(this->bp, max_arity + 1); - } - - template - void tally_cp_handler::generate_r1cs_constraints() { - unpack_sum_out->generate_r1cs_constraints(true); - unpack_count_out->generate_r1cs_constraints(true); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_constraints(true); - pack_count_in[i].generate_r1cs_constraints(true); - } - - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], sum_in_packed_aux[i], sum_in_packed[i])); - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], count_in_packed_aux[i], count_in_packed[i])); - } - - /* constrain arity indicator variables so that arity_indicators[arity] = 1 and arity_indicators[i] = - * 0 for any other i */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(this->arity - FieldType(i), arity_indicators[i], 0)); - } - - this->bp.add_r1cs_constraint( - r1cs_constraint(1, blueprint_sum(arity_indicators), 1)); - - /* require that types of messages that are past arity (i.e. unbound wires) carry 0 */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint(r1cs_constraint( - 0 + blueprint_sum(blueprint_variable_vector( - arity_indicators.begin(), arity_indicators.begin() + i)), - incoming_types[i], 0)); - } - - /* sum_out = local_data + \sum_i type[i] * sum_in[i] */ - compute_type_val_inner_product->generate_r1cs_constraints(); - this->bp.add_r1cs_constraint( - r1cs_constraint( - 1, - type_val_inner_product + - std::dynamic_pointer_cast>(this->local_data) - ->summand, - sum_out_packed), - "update_sum"); - - /* count_out = 1 + \sum_i count_in[i] */ - this->bp.add_r1cs_constraint( - r1cs_constraint(1, 1 + blueprint_sum(count_in_packed), count_out_packed), - "update_count"); - } - - template - void tally_cp_handler::generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data) { - base_handler::generate_r1cs_witness(incoming_messages, local_data); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_witness_from_bits(); - pack_count_in[i].generate_r1cs_witness_from_bits(); - - if (!this->bp.val(incoming_types[i]).is_zero()) { - this->bp.val(sum_in_packed_aux[i]) = - this->bp.val(sum_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - this->bp.val(count_in_packed_aux[i]) = - this->bp.val(count_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - } - } - - for (std::size_t i = 0; i < this->max_arity + 1; ++i) { - this->bp.val(arity_indicators[i]) = - (incoming_messages.size() == i ? FieldType::value_type::zero() : - FieldType::value_type::zero()); - } - - compute_type_val_inner_product->generate_r1cs_witness(); - this->bp.val(sum_out_packed) = - this->bp.val( - std::dynamic_pointer_cast>(this->local_data) - ->summand) + - this->bp.val(type_val_inner_product); - - this->bp.val(count_out_packed) = FieldType::value_type::zero(); - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.val(count_out_packed) += this->bp.val(count_in_packed[i]); - } - - unpack_sum_out->generate_r1cs_witness_from_packed(); - unpack_count_out->generate_r1cs_witness_from_packed(); - } - - template - std::shared_ptr> - tally_cp_handler::get_base_case_message() const { - const std::size_t type = 0; - const std::size_t sum = 0; - const std::size_t count = 0; - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type, wordsize, sum, count)); - - return result; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // TALLY_CP_HPP diff --git a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.cpp b/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.cpp deleted file mode 100644 index fa52bdc7f8..0000000000 --- a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.cpp +++ /dev/null @@ -1,52 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_sp_ppzkpcd_test - -#include - -#include "run_r1cs_sp_ppzkpcd.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_tally(const std::size_t arity, const std::size_t max_layer) { - const std::size_t wordsize = 32; - const bool bit = run_r1cs_sp_ppzkpcd_tally_example(wordsize, arity, max_layer); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_sp_ppzkpcd_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_sp_ppzkpcd_test) { - typedef default_r1cs_ppzkpcd_pp PCD_pp; - - const std::size_t arity = 2; - const std::size_t max_layer = 2; - - test_tally(arity, max_layer); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/run_r1cs_sp_ppzkpcd.hpp b/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/run_r1cs_sp_ppzkpcd.hpp deleted file mode 100644 index ea9e871c70..0000000000 --- a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/run_r1cs_sp_ppzkpcd.hpp +++ /dev/null @@ -1,147 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS single-predicate ppzkPCD -// for a compliance predicate example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_SP_PPZKPCD_HPP -#define CRYPTO3_RUN_R1CS_SP_PPZKPCD_HPP - -#include -#include - -#include "tally_cp.hpp" - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Runs the single-predicate ppzkPCD (generator, prover, and verifier) for the - * "tally compliance predicate", of a given wordsize, arity, and depth. - */ - template - bool run_r1cs_sp_ppzkpcd_tally_example(std::size_t wordsize, std::size_t arity, std::size_t depth) { - - typedef algebra::Fr FieldType; - - bool all_accept = true; - - std::size_t tree_size = 0; - std::size_t nodes_in_layer = 1; - for (std::size_t layer = 0; layer <= depth; ++layer) { - tree_size += nodes_in_layer; - nodes_in_layer *= arity; - } - std::vector tree_elems(tree_size); - for (std::size_t i = 0; i < tree_size; ++i) { - tree_elems[i] = std::rand() % 10; - printf("tree_elems[%zu] = %zu\n", i, tree_elems[i]); - } - - std::vector> tree_proofs(tree_size); - std::vector>> tree_messages(tree_size); - - const std::size_t type = 1; - tally_cp_handler tally(type, arity, wordsize); - tally.generate_r1cs_constraints(); - r1cs_pcd_compliance_predicate tally_cp = tally.get_compliance_predicate(); - - r1cs_sp_ppzkpcd_keypair keypair = r1cs_sp_ppzkpcd_generator(tally_cp); - - r1cs_sp_ppzkpcd_processed_verification_key pvk = - r1cs_sp_ppzkpcd_process_vk(keypair.vk); - - std::shared_ptr> base_msg = tally.get_base_case_message(); - nodes_in_layer /= arity; - for (long layer = depth; layer >= 0; --layer, nodes_in_layer /= arity) { - for (std::size_t i = 0; i < nodes_in_layer; ++i) { - const std::size_t cur_idx = (nodes_in_layer - 1) / (arity - 1) + i; - - std::vector>> msgs(arity, base_msg); - std::vector> proofs(arity); - - const bool base_case = (arity * cur_idx + arity >= tree_size); - - if (!base_case) { - for (std::size_t i = 0; i < arity; ++i) { - msgs[i] = tree_messages[arity * cur_idx + i + 1]; - proofs[i] = tree_proofs[arity * cur_idx + i + 1]; - } - } - - std::shared_ptr> ld; - ld.reset(new tally_pcd_local_data(tree_elems[cur_idx])); - tally.generate_r1cs_witness(msgs, ld); - - const r1cs_pcd_compliance_predicate_primary_input tally_primary_input( - tally.get_outgoing_message()); - const r1cs_pcd_compliance_predicate_auxiliary_input tally_auxiliary_input( - msgs, ld, tally.get_witness()); - - r1cs_sp_ppzkpcd_proof proof = r1cs_sp_ppzkpcd_prover( - keypair.pk, tally_primary_input, tally_auxiliary_input, proofs); - - tree_proofs[cur_idx] = proof; - tree_messages[cur_idx] = tally.get_outgoing_message(); - - const r1cs_sp_ppzkpcd_primary_input pcd_verifier_input(tree_messages[cur_idx]); - const bool ans = - r1cs_sp_ppzkpcd_verifier(keypair.vk, pcd_verifier_input, tree_proofs[cur_idx]); - - const bool ans2 = - r1cs_sp_ppzkpcd_online_verifier(pvk, pcd_verifier_input, tree_proofs[cur_idx]); - BOOST_CHECK(ans == ans2); - - all_accept = all_accept && ans; - - printf("\n"); - for (std::size_t i = 0; i < arity; ++i) { - printf("Message %zu was:\n", i); - msgs[i]->print(); - } - printf("Summand at this node:\n%zu\n", tree_elems[cur_idx]); - printf("Outgoing message is:\n"); - tree_messages[cur_idx]->print(); - printf("\n"); - printf("Current node = %zu. Current proof verifies = %s\n", cur_idx, ans ? "YES" : "NO"); - printf( - "\n\n\n " - "================================================================================" - "\n\n\n"); - } - } - - return all_accept; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_SP_PPZKPCD_HPP diff --git a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/tally_cp.hpp b/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/tally_cp.hpp deleted file mode 100644 index 5f8dda723a..0000000000 --- a/crypto3/libs/zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/tally_cp.hpp +++ /dev/null @@ -1,382 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the tally compliance predicate. -// -// The tally compliance predicate has two purposes: -// (1) it exemplifies the use of interfaces declared in cp_handler.hpp, and -// (2) it enables us to test r1cs_pcd functionalities. -// -// See -// - snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/examples/run_r1cs_sp_ppzkpcd.hpp -// - snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/examples/run_r1cs_mp_ppzkpcd.hpp -// for code that uses the tally compliance predicate. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TALLY_CP_HPP -#define CRYPTO3_ZK_TALLY_CP_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Subclasses a R1CS PCD message to the tally compliance predicate. - */ - template - class tally_pcd_message : public r1cs_pcd_message { - public: - std::size_t wordsize; - - std::size_t sum; - std::size_t count; - - tally_pcd_message(const std::size_t type, const std::size_t wordsize, const std::size_t sum, - const std::size_t count); - r1cs_variable_assignment payload_as_r1cs_variable_assignment() const; - - ~tally_pcd_message() = default; - }; - - template - class tally_pcd_local_data : public r1cs_pcd_local_data { - public: - std::size_t summand; - - tally_pcd_local_data(const std::size_t summand); - r1cs_variable_assignment as_r1cs_variable_assignment() const; - - ~tally_pcd_local_data() = default; - }; - - /** - * Subclass a R1CS compliance predicate handler to the tally compliance predicate handler. - */ - template - class tally_cp_handler : public compliance_predicate_handler> { - public: - typedef compliance_predicate_handler> base_handler; - blueprint_variable_vector incoming_types; - - blueprint_variable sum_out_packed; - blueprint_variable count_out_packed; - blueprint_variable_vector sum_in_packed; - blueprint_variable_vector count_in_packed; - - blueprint_variable_vector sum_in_packed_aux; - blueprint_variable_vector count_in_packed_aux; - - std::shared_ptr> unpack_sum_out; - std::shared_ptr> unpack_count_out; - std::vector> pack_sum_in; - std::vector> pack_count_in; - - blueprint_variable type_val_inner_product; - std::shared_ptr> compute_type_val_inner_product; - - blueprint_variable_vector arity_indicators; - - std::size_t wordsize; - std::size_t message_length; - - tally_cp_handler(std::size_t type, - std::size_t max_arity, - std::size_t wordsize, - bool relies_on_same_type_inputs = false, - const std::set &accepted_input_types = std::set()); - - void generate_r1cs_constraints(); - void generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data); - - std::shared_ptr> get_base_case_message() const; - }; - - template - tally_pcd_message::tally_pcd_message(const std::size_t type, - const std::size_t wordsize, - const std::size_t sum, - const std::size_t count) : - r1cs_pcd_message(type), - wordsize(wordsize), sum(sum), count(count) { - } - - template - r1cs_variable_assignment - tally_pcd_message::payload_as_r1cs_variable_assignment() const { - std::function bit_to_FieldT = [](const bool bit) { - return bit ? FieldType::value_type::zero() : FieldType::value_type::zero(); - }; - - const std::vector sum_bits = - algebra::convert_field_element_to_bit_vector(sum, wordsize); - const std::vector count_bits = - algebra::convert_field_element_to_bit_vector(count, wordsize); - - r1cs_variable_assignment result(2 * wordsize); - std::transform(sum_bits.begin(), sum_bits.end(), result.begin(), bit_to_FieldT); - std::transform(count_bits.begin(), count_bits.end(), result.begin() + wordsize, bit_to_FieldT); - - return result; - } - - template - tally_pcd_local_data::tally_pcd_local_data(const std::size_t summand) : summand(summand) { - } - - template - r1cs_variable_assignment - tally_pcd_local_data::as_r1cs_variable_assignment() const { - return {FieldType(summand)}; - } - - template - class tally_pcd_message_variable : public r1cs_pcd_message_variable { - public: - blueprint_variable_vector sum_bits; - blueprint_variable_vector count_bits; - std::size_t wordsize; - - tally_pcd_message_variable(blueprint &bp, const std::size_t wordsize) : - r1cs_pcd_message_variable(bp), wordsize(wordsize) { - sum_bits.allocate(bp, wordsize); - count_bits.allocate(bp, wordsize); - - this->update_all_vars(); - } - - std::shared_ptr> get_message() const { - const std::size_t type_val = this->bp.val(this->type).as_ulong(); - const std::size_t sum_val = sum_bits.get_field_element_from_bits(this->bp).as_ulong(); - const std::size_t count_val = count_bits.get_field_element_from_bits(this->bp).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type_val, wordsize, sum_val, count_val)); - return result; - } - - ~tally_pcd_message_variable() = default; - }; - - template - class tally_pcd_local_data_variable : public r1cs_pcd_local_data_variable { - public: - blueprint_variable summand; - - tally_pcd_local_data_variable(blueprint &bp) : - r1cs_pcd_local_data_variable(bp) { - summand.allocate(bp); - - this->update_all_vars(); - } - - std::shared_ptr> get_local_data() const { - const std::size_t summand_val = this->bp.val(summand).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_local_data(summand_val)); - return result; - } - - ~tally_pcd_local_data_variable() = default; - }; - - template - tally_cp_handler::tally_cp_handler(std::size_t type, std::size_t max_arity, - std::size_t wordsize, bool relies_on_same_type_inputs, - const std::set &accepted_input_types) : - compliance_predicate_handler>(blueprint(), - type * 100, - type, - max_arity, - relies_on_same_type_inputs, - accepted_input_types), - wordsize(wordsize) { - this->outgoing_message.reset(new tally_pcd_message_variable(this->bp, wordsize)); - this->arity.allocate(this->bp); - - for (std::size_t i = 0; i < max_arity; ++i) { - this->incoming_messages[i].reset(new tally_pcd_message_variable(this->bp, wordsize)); - } - - this->local_data.reset(new tally_pcd_local_data_variable(this->bp)); - - sum_out_packed.allocate(this->bp); - count_out_packed.allocate(this->bp); - - sum_in_packed.allocate(this->bp, max_arity); - count_in_packed.allocate(this->bp, max_arity); - - sum_in_packed_aux.allocate(this->bp, max_arity); - count_in_packed_aux.allocate(this->bp, max_arity); - - type_val_inner_product.allocate(this->bp); - for (auto &msg : this->incoming_messages) { - incoming_types.emplace_back(msg->type); - } - - compute_type_val_inner_product.reset(new components::inner_product_component( - this->bp, incoming_types, sum_in_packed, type_val_inner_product)); - - unpack_sum_out.reset(new components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->sum_bits, - sum_out_packed)); - unpack_count_out.reset(new components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->count_bits, - count_out_packed)); - - for (std::size_t i = 0; i < max_arity; ++i) { - pack_sum_in.emplace_back(components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - sum_in_packed[i])); - pack_count_in.emplace_back(components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - count_in_packed[i])); - } - - arity_indicators.allocate(this->bp, max_arity + 1); - } - - template - void tally_cp_handler::generate_r1cs_constraints() { - unpack_sum_out->generate_r1cs_constraints(true); - unpack_count_out->generate_r1cs_constraints(true); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_constraints(true); - pack_count_in[i].generate_r1cs_constraints(true); - } - - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], sum_in_packed_aux[i], sum_in_packed[i])); - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], count_in_packed_aux[i], count_in_packed[i])); - } - - /* constrain arity indicator variables so that arity_indicators[arity] = 1 and arity_indicators[i] = - * 0 for any other i */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(this->arity - FieldType(i), arity_indicators[i], 0)); - } - - this->bp.add_r1cs_constraint( - r1cs_constraint(1, blueprint_sum(arity_indicators), 1)); - - /* require that types of messages that are past arity (i.e. unbound wires) carry 0 */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint(r1cs_constraint( - 0 + blueprint_sum(blueprint_variable_vector( - arity_indicators.begin(), arity_indicators.begin() + i)), - incoming_types[i], 0)); - } - - /* sum_out = local_data + \sum_i type[i] * sum_in[i] */ - compute_type_val_inner_product->generate_r1cs_constraints(); - this->bp.add_r1cs_constraint( - r1cs_constraint( - 1, - type_val_inner_product + - std::dynamic_pointer_cast>(this->local_data) - ->summand, - sum_out_packed), - "update_sum"); - - /* count_out = 1 + \sum_i count_in[i] */ - this->bp.add_r1cs_constraint( - r1cs_constraint(1, 1 + blueprint_sum(count_in_packed), count_out_packed), - "update_count"); - } - - template - void tally_cp_handler::generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data) { - base_handler::generate_r1cs_witness(incoming_messages, local_data); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_witness_from_bits(); - pack_count_in[i].generate_r1cs_witness_from_bits(); - - if (!this->bp.val(incoming_types[i]).is_zero()) { - this->bp.val(sum_in_packed_aux[i]) = - this->bp.val(sum_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - this->bp.val(count_in_packed_aux[i]) = - this->bp.val(count_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - } - } - - for (std::size_t i = 0; i < this->max_arity + 1; ++i) { - this->bp.val(arity_indicators[i]) = - (incoming_messages.size() == i ? FieldType::value_type::zero() : - FieldType::value_type::zero()); - } - - compute_type_val_inner_product->generate_r1cs_witness(); - this->bp.val(sum_out_packed) = - this->bp.val( - std::dynamic_pointer_cast>(this->local_data) - ->summand) + - this->bp.val(type_val_inner_product); - - this->bp.val(count_out_packed) = FieldType::value_type::zero(); - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.val(count_out_packed) += this->bp.val(count_in_packed[i]); - } - - unpack_sum_out->generate_r1cs_witness_from_packed(); - unpack_count_out->generate_r1cs_witness_from_packed(); - } - - template - std::shared_ptr> - tally_cp_handler::get_base_case_message() const { - const std::size_t type = 0; - const std::size_t sum = 0; - const std::size_t count = 0; - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type, wordsize, sum, count)); - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TALLY_CP_HPP diff --git a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/demo_r1cs_ppzkadsnark.cpp b/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/demo_r1cs_ppzkadsnark.cpp deleted file mode 100644 index 415c9c6fa1..0000000000 --- a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/demo_r1cs_ppzkadsnark.cpp +++ /dev/null @@ -1,60 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#include -#include -#include -#include -#include - -#include - -using namespace nil::crypto3::zk::snark; - -int main(int argc, const char *argv[]) { - if (argc == 2 && strcmp(argv[1], "-v") == 0) { - return 0; - } - - if (argc != 3 && argc != 4) { - printf("usage: %s num_constraints input_size [Fr|bytes]\n", argv[0]); - return 1; - } - const int num_constraints = atoi(argv[1]); - int input_size = atoi(argv[2]); - if (argc == 4) { - assert(strcmp(argv[3], "Fr") == 0 || strcmp(argv[3], "bytes") == 0); - if (strcmp(argv[3], "bytes") == 0) { - input_size = (8 * input_size + (algebra::Fr>::num_bits - 1) - 1) / - (algebra::Fr>::num_bits - 1); - } - } - - r1cs_example>> example = - generate_r1cs_example_with_field_input>>(num_constraints, - input_size); - - run_r1cs_ppzkadsnark(example); -} diff --git a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/prf/aes_ctr_prf.hpp b/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/prf/aes_ctr_prf.hpp deleted file mode 100644 index 29e53fed38..0000000000 --- a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/prf/aes_ctr_prf.hpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_AESCTRPRF_HPP -#define CRYPTO3_ZK_RUN_R1CS_MP_PPZKPCD_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - class aesPrfKeyT { - public: - unsigned char key_bytes[32]; - }; - - template<> - aesPrfKeyT prfGen() { - aesPrfKeyT key; - randombytes(key.key_bytes, 32); - return key; - } - - template<> - algebra::Fr> - prfCompute(const aesPrfKeyT &key, const label_type &label) { - unsigned char seed_bytes[16]; - mpz_t aux, Fr_mod; - unsigned char random_bytes[16 * 3]; - std::size_t exp_len; - - mpz_init(aux); - mpz_init(Fr_mod); - - // compute random seed using AES as PRF - crypto_core_aes128encrypt_openssl(seed_bytes, label.label_bytes, key.key_bytes, NULL); - - // use first 128 bits of output to seed AES-CTR - // PRG to expand to 3*128 bits - crypto_core_aes128encrypt_openssl(random_bytes, seed_bytes, key.key_bytes + 16, NULL); - - mpz_import(aux, 16, 0, 1, 0, 0, seed_bytes); - mpz_add_ui(aux, aux, 1); - mpz_export(seed_bytes, &exp_len, 0, 1, 0, 0, aux); - while (exp_len < 16) - seed_bytes[exp_len++] = 0; - - crypto_core_aes128encrypt_openssl(random_bytes + 16, seed_bytes, key.key_bytes + 16, NULL); - - mpz_add_ui(aux, aux, 1); - mpz_export(seed_bytes, &exp_len, 0, 1, 0, 0, aux); - while (exp_len < 16) - seed_bytes[exp_len++] = 0; - - crypto_core_aes128encrypt_openssl(random_bytes + 32, seed_bytes, key.key_bytes + 16, NULL); - - // see output as integer and reduce modulo r - mpz_import(aux, 16 * 3, 0, 1, 0, 0, random_bytes); - algebra::Fr>::mod.to_mpz(Fr_mod); - mpz_mod(aux, aux, Fr_mod); - - return algebra::Fr>( - algebra::bigint>::num_limbs>(aux)); - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_RUN_R1CS_MP_PPZKPCD_HPP diff --git a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/run_r1cs_ppzkadsnark.hpp b/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/run_r1cs_ppzkadsnark.hpp deleted file mode 100644 index ecb6dab0f9..0000000000 --- a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/run_r1cs_ppzkadsnark.hpp +++ /dev/null @@ -1,104 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_PPZKADSNARK_HPP -#define CRYPTO3_RUN_R1CS_PPZKADSNARK_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using nil::crypto3::algebra; - - /** - * The code below provides an example of all stages of running a R1CS ppzkADSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkADSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkADSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkADSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_ppzkadsnark(const r1cs_example &example) { - - r1cs_ppzkadsnark_auth_keys auth_keys = r1cs_ppzkadsnark_auth_generator(); - - r1cs_ppzkadsnark_keypair keypair = - r1cs_ppzkadsnark_generator(example.constraint_system, auth_keys.pap); - - r1cs_ppzkadsnark_processed_verification_key pvk = - r1cs_ppzkadsnark_process_verification_key(keypair.vk); - - std::vector data; - data.reserve(example.constraint_system.num_inputs()); - std::vector labels; - labels.reserve(example.constraint_system.num_inputs()); - for (std::size_t i = 0; i < example.constraint_system.num_inputs(); i++) { - labels.emplace_back(label_type()); - data.emplace_back(example.primary_input[i]); - } - std::vector> auth_data = - r1cs_ppzkadsnark_auth_sign(data, auth_keys.sak, labels); - - bool auth_res = r1cs_ppzkadsnark_auth_verify(data, auth_data, auth_keys.sak, labels); - printf("* The verification result is: %s\n", (auth_res ? "PASS" : "FAIL")); - - bool auth_resp = r1cs_ppzkadsnark_auth_verify(data, auth_data, auth_keys.pak, labels); - assert(auth_res == auth_resp); - - r1cs_ppzkadsnark_proof proof = r1cs_ppzkadsnark_prover( - keypair.pk, example.primary_input, example.auxiliary_input, auth_data); - - bool ans = r1cs_ppzkadsnark_verifier(keypair.vk, proof, auth_keys.sak, labels); - - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - bool ans2 = r1cs_ppzkadsnark_online_verifier(pvk, proof, auth_keys.sak, labels); - assert(ans == ans2); - - ans = r1cs_ppzkadsnark_verifier(keypair.vk, auth_data, proof, auth_keys.pak, labels); - - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - ans2 = r1cs_ppzkadsnark_online_verifier(pvk, auth_data, proof, auth_keys.pak, labels); - assert(ans == ans2); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_PPZKADSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/signature/ed25519_signature.hpp b/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/signature/ed25519_signature.hpp deleted file mode 100644 index 5db1999210..0000000000 --- a/crypto3/libs/zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/signature/ed25519_signature.hpp +++ /dev/null @@ -1,178 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_ED25519SIG_HPP -#define CRYPTO3_ZK_ED25519SIG_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - class ed25519_sigT { - public: - unsigned char sig_bytes[64]; - }; - - class ed25519_vkT { - public: - unsigned char vk_bytes[32]; - }; - - class ed25519_skT { - public: - unsigned char sk_bytes[64]; - }; - - template<> - kpT sigGen(void) { - kpT keys; - crypto_sign_ed25519_amd64_51_30k_keypair(keys.vk.vk_bytes, keys.sk.sk_bytes); - return keys; - } - - template<> - ed25519_sigT - sigSign(const ed25519_skT &sk, const label_type &label, - const snark_pp::g2_type &Lambda) { - ed25519_sigT sigma; - unsigned long long sigmalen; - unsigned char signature[64 + 16 + 320]; - unsigned char message[16 + 320]; - - snark_pp::g2_type Lambda_copy = Lambda.to_affine(); - - for (std::size_t i = 0; i < 16; i++) - message[i] = label.label_bytes[i]; - - // More efficient way to get canonical point rep? - std::stringstream stream; - stream.rdbuf()->pubsetbuf(((char *)message) + 16, 320); - stream << Lambda_copy; - std::size_t written = stream.tellp(); - while (written < 320) - message[16 + written++] = 0; - - crypto_sign_ed25519_amd64_51_30k(signature, &sigmalen, message, 16 + 320, sk.sk_bytes); - - assert(sigmalen == 64 + 16 + 320); - - for (std::size_t i = 0; i < 64; i++) - sigma.sig_bytes[i] = signature[i]; - - return sigma; - } - - template<> - bool sigVerif(const ed25519_vkT &vk, const label_type &label, - const snark_pp::g2_type &Lambda, - const ed25519_sigT &sig) { - unsigned long long msglen; - unsigned char message[64 + 16 + 320]; - unsigned char signature[64 + 16 + 320]; - - snark_pp::g2_type Lambda_copy = Lambda.to_affine(); - - for (std::size_t i = 0; i < 64; i++) - signature[i] = sig.sig_bytes[i]; - - for (std::size_t i = 0; i < 16; i++) - signature[64 + i] = label.label_bytes[i]; - - // More efficient way to get canonical point rep? - std::stringstream stream; - stream.rdbuf()->pubsetbuf(((char *)signature) + 64 + 16, 320); - stream << Lambda_copy; - std::size_t written = stream.tellp(); - while (written < 320) - signature[64 + 16 + written++] = 0; - - int res = - crypto_sign_ed25519_amd64_51_30k_open(message, &msglen, signature, 64 + 16 + 320, vk.vk_bytes); - return (res == 0); - } - - template<> - bool sigBatchVerif( - const ed25519_vkT &vk, const std::vector &labels, - const std::vector::g2_type> &Lambdas, - const std::vector &sigs) { - std::stringstream stream; - - assert(labels.size() == Lambdas.size()); - assert(labels.size() == sigs.size()); - - unsigned long long msglen[labels.size()]; - unsigned long long siglen[labels.size()]; - unsigned char *messages[labels.size()]; - unsigned char *signatures[labels.size()]; - unsigned char *pks[labels.size()]; - - unsigned char pk_copy[32]; - for (std::size_t i = 0; i < 32; i++) { - pk_copy[i] = vk.vk_bytes[i]; - } - - unsigned char *messagemem = (unsigned char *)malloc(labels.size() * (64 + 16 + 320)); - assert(messagemem != NULL); - unsigned char *signaturemem = (unsigned char *)malloc(labels.size() * (64 + 16 + 320)); - assert(signaturemem != NULL); - - for (std::size_t i = 0; i < labels.size(); i++) { - siglen[i] = 64 + 16 + 320; - messages[i] = messagemem + (64 + 16 + 320) * i; - signatures[i] = signaturemem + (64 + 16 + 320) * i; - pks[i] = pk_copy; - - for (std::size_t j = 0; j < 64; j++) - signaturemem[i * (64 + 16 + 320) + j] = sigs[i].sig_bytes[j]; - - for (std::size_t j = 0; j < 16; j++) - signaturemem[i * (64 + 16 + 320) + 64 + j] = labels[i].label_bytes[j]; - - // More efficient way to get canonical point rep? - snark_pp::g2_type Lambda_copy = Lambdas[i].to_affine(); - stream.clear(); - stream.rdbuf()->pubsetbuf((char *)(signaturemem + i * (64 + 16 + 320) + 64 + 16), 320); - stream << Lambda_copy; - std::size_t written = stream.tellp(); - while (written < 320) - signaturemem[i * (64 + 16 + 320) + 64 + 16 + written++] = 0; - } - - int res = crypto_sign_ed25519_amd64_51_30k_open_batch(messages, msglen, signatures, siglen, pks, - labels.size()); - - return (res == 0); - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_ED25519SIG_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_examples.hpp b/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_examples.hpp deleted file mode 100644 index 8b6a368a64..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_examples.hpp +++ /dev/null @@ -1,162 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a BACS example, as well as functions to sample -// BACS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BACS_EXAMPLES_HPP -#define CRYPTO3_BACS_EXAMPLES_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A BACS example comprises a BACS circuit, BACS primary input, and BACS auxiliary input. - */ - template - struct bacs_example { - - bacs_circuit circuit; - bacs_primary_input primary_input; - bacs_auxiliary_input auxiliary_input; - - bacs_example() = default; - bacs_example(const bacs_example &other) = default; - bacs_example(const bacs_circuit &circuit, - const bacs_primary_input &primary_input, - const bacs_auxiliary_input &auxiliary_input) : - circuit(circuit), - primary_input(primary_input), auxiliary_input(auxiliary_input) { - } - - bacs_example(bacs_circuit &&circuit, - bacs_primary_input &&primary_input, - bacs_auxiliary_input &&auxiliary_input) : - circuit(std::move(circuit)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) { - } - }; - - template - linear_combination random_linear_combination(const std::size_t num_variables) { - const std::size_t terms = 1 + (std::rand() % 3); - linear_combination result; - - for (std::size_t i = 0; i < terms; ++i) { - const typename FieldType::value_type coeff = algebra::random_element(); - result = result + coeff * variable(std::rand() % (num_variables + 1)); - } - - return result; - } - - /** - * Generate a BACS example such that: - * - the primary input has size primary_input_size; - * - the auxiliary input has size auxiliary_input_size; - * - the circuit has num_gates gates; - * - the circuit has num_outputs (<= num_gates) output gates. - * - * This is done by first selecting primary and auxiliary inputs uniformly at random, and then for each - * gate: - * - selecting random left and right wires from primary inputs, auxiliary inputs, and outputs of - * previous gates, - * - selecting random linear combinations for left and right wires, consisting of 1, 2, 3 or 4 terms - * each, with random coefficients, - * - if the gate is an output gate, then adding a random non-output wire to either left or right linear - * combination, with appropriate coefficient, so that the linear combination evaluates to 0. - */ - template - bacs_example generate_bacs_example(std::size_t primary_input_size, - std::size_t auxiliary_input_size, - std::size_t num_gates, - std::size_t num_outputs) { - bacs_example example; - for (std::size_t i = 0; i < primary_input_size; ++i) { - example.primary_input.emplace_back(algebra::random_element()); - } - - for (std::size_t i = 0; i < auxiliary_input_size; ++i) { - example.auxiliary_input.emplace_back(algebra::random_element()); - } - - example.circuit.primary_input_size = primary_input_size; - example.circuit.auxiliary_input_size = auxiliary_input_size; - - bacs_variable_assignment all_vals; - all_vals.insert(all_vals.end(), example.primary_input.begin(), example.primary_input.end()); - all_vals.insert(all_vals.end(), example.auxiliary_input.begin(), example.auxiliary_input.end()); - - for (std::size_t i = 0; i < num_gates; ++i) { - const std::size_t num_variables = primary_input_size + auxiliary_input_size + i; - bacs_gate gate; - gate.lhs = random_linear_combination(num_variables); - gate.rhs = random_linear_combination(num_variables); - gate.output = variable(num_variables + 1); - - if (i >= num_gates - num_outputs) { - /* make gate a circuit output and fix */ - gate.is_circuit_output = true; - const typename variable::index_type var_idx = - std::rand() % (1 + primary_input_size + std::min(num_gates - num_outputs, i)); - const typename FieldType::value_type var_val = - (var_idx == 0 ? FieldType::value_type::zero() : all_vals[var_idx - 1]); - - if (std::rand() % 2 == 0) { - const typename FieldType::value_type lhs_val = gate.lhs.evaluate(all_vals); - const typename FieldType::value_type coeff = -(lhs_val * var_val.inversed()); - gate.lhs = gate.lhs + coeff * variable(var_idx); - } else { - const typename FieldType::value_type rhs_val = gate.rhs.evaluate(all_vals); - const typename FieldType::value_type coeff = -(rhs_val * var_val.inversed()); - gate.rhs = gate.rhs + coeff * variable(var_idx); - } - - assert(gate.evaluate(all_vals).is_zero()); - } else { - gate.is_circuit_output = false; - } - - example.circuit.add_gate(gate); - all_vals.emplace_back(gate.evaluate(all_vals)); - } - - assert(example.circuit.is_satisfied(example.primary_input, example.auxiliary_input)); - - return example; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BACS_EXAMPLES_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark.cpp b/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark.cpp deleted file mode 100644 index c355e07f8b..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark.cpp +++ /dev/null @@ -1,62 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE bacs_ppzksnark_test - -#include - -#include -#include - -#include "bacs_examples.hpp" -#include "run_bacs_ppzksnark.hpp" - -#include -#include -#include -#include -#include -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_bacs_ppzksnark(std::size_t primary_input_size, std::size_t auxiliary_input_size, std::size_t num_gates, - std::size_t num_outputs) { - const bacs_example example = - generate_bacs_example(primary_input_size, auxiliary_input_size, - num_gates, num_outputs); - const bool bit = run_bacs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(bacs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(bacs_ppzksnark_test) { - test_bacs_ppzksnark>(10, 10, 20, 5); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/run_bacs_ppzksnark.hpp b/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/run_bacs_ppzksnark.hpp deleted file mode 100644 index cbb136ec28..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/bacs_ppzksnark/run_bacs_ppzksnark.hpp +++ /dev/null @@ -1,91 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_RUN_BACS_PPZKSNARK_HPP -#define CRYPTO3_ZK_RUN_BACS_PPZKSNARK_HPP - -#include "bacs_examples.hpp" - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a BACS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * circuit C to create a proving and a verification key for C. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for C, and an auxiliary input for C. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for C, and a proof. - */ - template - bool run_bacs_ppzksnark(const bacs_example &example) { - - using basic_proof_system = bacs_ppzksnark; - - std::cout << "Call to run_bacs_ppzksnark" << std::endl; - - std::cout << "BACS ppzkSNARK Generator" << std::endl; - typename basic_proof_system::keypair_type keypair = - generate(example.circuit); - - std::cout << "Preprocess verification key" << std::endl; - typename basic_proof_system::processed_verification_key_type pvk = - bacs_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "BACS ppzkSNARK Prover" << std::endl; - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << "BACS ppzkSNARK Verifier" << std::endl; - bool ans = verify(keypair.second, example.primary_input, proof); - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - std::cout << "BACS ppzkSNARK Online Verifier" << std::endl; - bool ans2 = verify(pvk, example.primary_input, proof); - BOOST_CHECK(ans == ans2); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_BACS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_examples.hpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_examples.hpp deleted file mode 100644 index 342acbd8b0..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_examples.hpp +++ /dev/null @@ -1,218 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a R1CS example, as well as functions to sample -// R1CS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_EXAMPLES_HPP -#define CRYPTO3_R1CS_EXAMPLES_HPP - -#include - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace nil::crypto3::algebra; - - /** - * A R1CS example comprises a R1CS constraint system, R1CS input, and R1CS witness. - */ - template - struct r1cs_example { - r1cs_constraint_system constraint_system; - r1cs_primary_input primary_input; - r1cs_auxiliary_input auxiliary_input; - - r1cs_example() = default; - r1cs_example(const r1cs_example &other) = default; - r1cs_example(const r1cs_constraint_system &constraint_system, - const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - r1cs_example(r1cs_constraint_system &&constraint_system, - r1cs_primary_input &&primary_input, - r1cs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - r1cs_example generate_r1cs_example_with_field_input(std::size_t num_constraints, - std::size_t num_inputs) { - - BOOST_CHECK(num_inputs <= num_constraints + 2); - - r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = 2 + num_constraints - num_inputs; // TODO: explain this - - r1cs_variable_assignment full_variable_assignment; - typename FieldType::value_type a = algebra::random_element(); - typename FieldType::value_type b = algebra::random_element(); - full_variable_assignment.push_back(a); - full_variable_assignment.push_back(b); - - for (std::size_t i = 0; i < num_constraints - 1; ++i) { - math::linear_combination> A, B, C; - - if (i % 2) { - // a * b = c - A.add_term(i + 1, 1); - B.add_term(i + 2, 1); - C.add_term(i + 3, 1); - typename FieldType::value_type tmp = a * b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } else { - // a + b = c - B.add_term(0, 1); - A.add_term(i + 1, 1); - A.add_term(i + 2, 1); - C.add_term(i + 3, 1); - typename FieldType::value_type tmp = a + b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } - - cs.add_constraint(r1cs_constraint(A, B, C)); - } - - math::linear_combination> A, B, C; - typename FieldType::value_type fin = FieldType::value_type::zero(); - for (std::size_t i = 1; i < cs.num_variables(); ++i) { - A.add_term(i, 1); - B.add_term(i, 1); - fin = fin + full_variable_assignment[i - 1]; - } - C.add_term(cs.num_variables(), 1); - cs.add_constraint(r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(fin.squared()); - - /* split variable assignment */ - r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - r1cs_example re(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - - return re; - } - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of binary values (as opposed to ``full'' field elements). - */ - template - r1cs_example generate_r1cs_example_with_binary_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - - r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; /* we will add one auxiliary variable per constraint */ - - r1cs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(typename FieldType::value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - /* chose two random bits and XOR them together: - res = u + v - 2 * u * v - 2 * u * v = u + v - res - */ - math::linear_combination> A, B, C; - A.add_term(u + 1, 2); - B.add_term(v + 1, 1); - if (u == v) { - C.add_term(u + 1, 2); - } else { - C.add_term(u + 1, 1); - C.add_term(v + 1, 1); - } - C.add_term(lastvar + 1, -FieldType::value_type::one()); - - cs.add_constraint(r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - r1cs_example re = - r1cs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - return re; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_EXAMPLES_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.cpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.cpp deleted file mode 100644 index 0fae3292dd..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.cpp +++ /dev/null @@ -1,67 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_gg_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void run_r1cs_gg_ppzksnark_basic_test(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_gg_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_gg_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_gg_ppzksnark_basic_test) { - run_r1cs_gg_ppzksnark_basic_test>(100, 10); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity.cpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity.cpp deleted file mode 100644 index 240e2a5d6e..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity.cpp +++ /dev/null @@ -1,6130 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_aggregation_test - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::zk::snark; - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp &e) { - os << std::hex << e.data << std::endl; -} - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp2 &e) { - os << std::hex << "[" << e.data[0].data << "," << e.data[1].data << "]" << std::endl; -} - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp6_3over2 &e) { - os << "["; - print_field_element(os, e.data[0]); - os << ", "; - print_field_element(os, e.data[1]); - os << ", "; - print_field_element(os, e.data[2]); - os << "]" << std::endl; -} - -template -void print_field_element(std::ostream &os, const fields::detail::element_fp12_2over3over2 &e) { - os << std::hex << "[[[" << e.data[0].data[0].data[0].data << "," << e.data[0].data[0].data[1].data << "],[" - << e.data[0].data[1].data[0].data << "," << e.data[0].data[1].data[1].data << "],[" - << e.data[0].data[2].data[0].data << "," << e.data[0].data[2].data[1].data << "]]," - << "[[" << e.data[1].data[0].data[0].data << "," << e.data[1].data[0].data[1].data << "],[" - << e.data[1].data[1].data[0].data << "," << e.data[1].data[1].data[1].data << "],[" - << e.data[1].data[2].data[0].data << "," << e.data[1].data[2].data[1].data << "]]]" << std::endl; -} - -template -void print_fp_curve_group_element(std::ostream &os, const FpCurveGroupElement &e) { - os << std::hex << "( " << e.X.data << " : " << e.Y.data << " : " << e.Z.data << " )" << std::endl; -} - -template -void print_fp2_curve_group_element(std::ostream &os, const Fp2CurveGroupElement &e) { - os << std::hex << "(" << e.X.data[0].data << " , " << e.X.data[1].data << ") : (" << e.Y.data[0].data << " , " - << e.Y.data[1].data << ") : (" << e.Z.data[0].data << " , " << e.Z.data[1].data << ")" << std::endl; -} - -namespace boost { - namespace test_tools { - namespace tt_detail { - template<> - struct print_log_value::template g1_type<>::value_type> { - void operator()(std::ostream &os, - typename curves::bls12<381>::template g1_type<>::value_type const &e) { - print_fp_curve_group_element(os, e); - } - }; - - template<> - struct print_log_value::template g2_type<>::value_type> { - void operator()(std::ostream &os, - typename curves::bls12<381>::template g2_type<>::value_type const &e) { - print_fp2_curve_group_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp2 const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp6_3over2 const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, - typename fields::detail::element_fp12_2over3over2 const &e) { - print_field_element(os, e); - } - }; - - template class P, typename K, typename V> - struct print_log_value> { - void operator()(std::ostream &, P const &) { - } - }; - } // namespace tt_detail - } // namespace test_tools -} // namespace boost - -using curve_type = curves::bls12_381; -using scheme_type = - r1cs_gg_ppzksnark, - r1cs_gg_ppzksnark_prover, - r1cs_gg_ppzksnark_verifier_strong_input_consistency, - proving_mode::aggregate>; - -using g1_type = typename curve_type::template g1_type<>; -using g2_type = typename curve_type::template g2_type<>; -using gt_type = typename curve_type::gt_type; -using G1_value_type = typename g1_type::value_type; -using G2_value_type = typename g2_type::value_type; - -using scalar_field_type = typename curve_type::scalar_field_type; -using scalar_field_value_type = typename scalar_field_type::value_type; - -using fq_type = typename curve_type::base_field_type; -using fq_value_type = typename fq_type::value_type; - -using fq2_type = typename G2_value_type::field_type; -using fq2_value_type = typename fq2_type::value_type; - -using fq12_type = typename curve_type::gt_type; -using fq12_value_type = typename fq12_type::value_type; - -using fq6_value_type = typename fq12_value_type::underlying_type; - -using scalar_modular_type = typename scalar_field_type::modular_type; -using base_modular_type = typename curve_type::base_field_type::modular_type; - -using hash_type = hashes::sha2<256>; - -using DistributionType = boost::random::uniform_int_distribution; -using GeneratorType = boost::random::mt19937; - -BOOST_AUTO_TEST_SUITE(aggregation_functions_conformity_test) - -// Test data generated by bellperson -BOOST_AUTO_TEST_CASE(bls381_commitment_test) { - std::size_t n = 10; - scalar_field_value_type u(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - scalar_field_value_type v(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - - auto w1 = structured_generators_scalar_power(n, u); - auto w2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::wkey_type wkey {w1, w2}; - - auto v1 = structured_generators_scalar_power(n, u); - auto v2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::vkey_type vkey {v1, v2}; - - std::vector a = { - G1_value_type( - 0x0f8a94d761852712cc9408e3b2802aadfac6ae8840e33dc0b02c3df6bf3c139bd9390f10bd7e1942d0a4ee1e2bce3c4c_cppui_modular381, - 0x1243524a748ca8f359697c46e29af5e331be8059628a9dca0d9bf7deb4924360754400222e13f1cfc75606d6695422eb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x04c1a1c869d164044f09f9a42a10e4488a99adf06a5a689fabfd76890a137a884adf415d516615758b2cb3fb68e8e601_cppui_modular381, - 0x09846e9776d3eeace43f1b26a71cffc0f84d021168ac96bbf32b0037dad49449a3259df6dc4a9542daec9d18d6ad2078_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x014c6d39bcffbe12ae7af62ac383efe538910888b3fdfff45f7789364f09282bb5ae2dba49f5ffb2fe1f0f36318c9d40_cppui_modular381, - 0x19046eac6839db3f1c57c77965eddee9fb4a542acaa83293fc1ed8a9789a11927ed00ea00dd8a99138ebefab2e0a65f3_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x069e0585b1949fe6224f54542589d3f6afcd2064ec9d7cd90ab941c82bd0ee6f9099a327faf71f8b3b1f3fed9655a948_cppui_modular381, - 0x1255d5100e698b3c118cb4f1f6361575c5b227fb1aa16b357e2a8cfabafc003857d288c6d2fbc34b0298510b0c1742e6_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x18ec551102d9902a3e89c67bb4081451ca67933040da61ede139c0d3df4e703dff22c283870a47865fed8e971ea41a0a_cppui_modular381, - 0x14198bf26269a123d6802c3da3e95df666e839ea0be10da952d52942e1114834b83f816bf351ebb89c040e447183fd19_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1818d8fd8dc994dfba13703ba296b251b58bfd129f8b3265f73a94bc5a424b854cad79cc75321d2161a72f513fe463f5_cppui_modular381, - 0x0165b7d5a5d585709921fde377032bddef937d3a061776ff43b8f6a0d3c2b7fdc61bdc9dc052707da2a6c492a4696f60_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1101a14b720e8e4b35dc2115304af9a4ebb1a0193b4d82379b8c3943363319d4859e1f0ca76aef7bbbd9d4db6becbc14_cppui_modular381, - 0x0c92c3e46da264c431dac023f654e5c5540fe34471c7946dd32d5f25f6bf3529a041f9965206bf3416216fa7e251c5f4_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0c772ec090d90944627d4ce86f7f9dbc5bb8b3114ace872532d02de88bbef7709314257775dd41b506325a5f567c1289_cppui_modular381, - 0x0e3a498329f47387340451a0984b19be5a8eac672704ebb295f85321cd19aaf5d56952b29bd3d0a6e478c010bbc16ea7_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0f30a9e7a22fad589a2cb9a5f1e7af8b70c98479f9bceda75af8770d5fa04fc60e009433f12712fd8a05b2fbc8d8bd6b_cppui_modular381, - 0x0b4447c7af450fcf8f638ce3c6723e151fd9636cec84ba35f278d25d331cd726eb685c1cbaa48bbbb92523c9204dcae5_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0e26525b8fd932191628e29a2f62939d3f7e387646d48bb33a873331b89dbe007877703c6599291970c320274cfaa1f4_cppui_modular381, - 0x089f59a37dbb4f9fc9a7349ecc0222216b6cb38370c5019e80fdc7c953c33fdd9b2da8966954b594097bf8cf7db6e2c2_cppui_modular381, - fq_value_type::one()), - }; - - typename commitments::kzg_ipp2::output_type c1 = - commitments::kzg_ipp2::single(vkey, a.begin(), a.end()); - - fq12_value_type etalon_c1_first = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x140bfee03fbe747bbdfbfad4577ea2af7175c5c601772f2d8f3c1751b32bf7177dff399967040a77606991e53df2d8bd_cppui_modular381, - 0x01204263fc7f73813a0ac121e8e98d0b825b30a54eee57e9ea1b1618a7984212206e204fe51341a237c29861b27c68c7_cppui_modular381), - fq2_value_type( - 0x09ba91ba4f1c1bf8a657a5c946b652f0ca034efe9bdefa7235191c653673d09956c2ca0cf57c1983f525a9112c0f0fd1_cppui_modular381, - 0x059b47fb6a66bd8a99a8a7ec56dddd183b6d1bbc534ff00eaab928a0f10e404fa4fa9ff5cc9eb9a5054eb4dfb3aca030_cppui_modular381), - fq2_value_type( - 0x16cd370184ae0c5c7fddef3dac1f272c0723d1f2e8f5ed93f8996e83970ee546f500e18a69d81538216156e22ef64f93_cppui_modular381, - 0x199a09c8d60f9246e0d895cc230df9ca3e334b846539b20465e1e420ccadf654c02d90244724d241000b342c2461b878_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0798b3616ff94070745cabcaa00627006153cc656cf159747eccc17a423df95905edf7db7da023a06f609c0c0c4ed808_cppui_modular381, - 0x0bb15ba186dfdbd6c60c277bee3b29e4b51ebcfdd060cafa265a065d63cf8c72df03be62b31ea8f3b116a6643d8aadda_cppui_modular381), - fq2_value_type( - 0x179b1fd8d7d72a856dcf12c48c3b91db3930a18afd17660f9047d030a79b494844ff3901fbe1d1fd2933cb76681c68e9_cppui_modular381, - 0x1679d14bcf02ea246f8486419ef20d5384a5d11ef1ade7b7c68f95b27d6bf8e1670a4ea192c8d8e53999ef359b9949da_cppui_modular381), - fq2_value_type( - 0x03f46c37e53e33257aecb46bd3cabf6f6019a2ea481ac567c8badf8250a27425e425d36614ec8f0bf87ea75df4443bdd_cppui_modular381, - 0x00332853a0ed64dc0e7277fe792432644b9acc0955863ce982dbe3f3b6798fc4a9f56c98293c79e8eceb9e76d579714f_cppui_modular381))); - fq12_value_type etalon_c1_second = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x044df213be87f69e1ec7d16f831f3651c88d9c933bd005e390d5654043c94135e45b558b7f2ecf6ead89208261de1e97_cppui_modular381, - 0x113daabcd8e117c7799008110783afdbaf320c623c13e1db4cb79e014f9cb825161ddbc05c7777aabd31513c7fc1cace_cppui_modular381), - fq2_value_type( - 0x19080dd8b95ec5b5e59c29db031a430c940c26559945c7db463737e778aa2fef9d1287196644e0b9fecd671f30ee6019_cppui_modular381, - 0x0487279eec345a6b8230e476eab49bbd28b85082994f3085002c79fcc1c893aa54a46ac2e1b28327b2f21a679428e9d9_cppui_modular381), - fq2_value_type( - 0x0c9c0377cb585dd7422c3348d3d8ce89befbed472c2570411b15caf6a6bf4c69dc6e7db6092f7d0bd2c8670de5e3ca96_cppui_modular381, - 0x100ae902f195d41ff489e9fd3d58b1684c1c8f81d05f5b99d0c0ab6f0399a893515137edb4c93e59130ad4cfe99f9b37_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x195985fab083b606700086a5abf53c873a03b2e6df0af1ce26430d3412c79958133d26af8e7a5b9a4d353920019a3e7a_cppui_modular381, - 0x0300204c07b1559a6a9ee972e4130960fe286f50bbe4abbf5a3c392d8f1c78673e224a5c0f290c6a273dc4083cbe36c9_cppui_modular381), - fq2_value_type( - 0x14111077e1ff7677b532ed54e204c82c8c03b0ed963e44d2b9fd615ac4fbdb876f8e0f6f52e11448ea4ab3cd26616200_cppui_modular381, - 0x0d46ee9f57f33c3d6216de22f24f697cbc3ede24da2207c8fc27d76153a0d39ad4198ed01b68f24f9357680183f0a1cf_cppui_modular381), - fq2_value_type( - 0x0c9ecea9b38974348515e5362a0f1215a6f03d844db50e539d5a1d50999f0cdfdfdd72c9fc6b6f29c42120cc7cc77e63_cppui_modular381, - 0x0e24169cd073d7a84f4bf841f4fc2a223389cc55b3e002d8c8f586183b2aa269909dce414377f17145e1a69918cfd155_cppui_modular381))); - - BOOST_CHECK_EQUAL(c1.first, etalon_c1_first); - BOOST_CHECK_EQUAL(c1.second, etalon_c1_second); - - std::vector b = { - G2_value_type( - fq2_value_type( - 0x09e690df81211b6fd71977ace7b7f9907822ae7404c41e08f3a2d7b86daa17b09288c958dbf89527b1afcd50b59ee4c7_cppui_modular381, - 0x00f8c7df5151249b79742ff5ce80660c13ccea63fa2469c48e41671e7a9b693ee2f2c09cd27954bc9532bed9f6d0bb41_cppui_modular381), - fq2_value_type( - 0x0f959ae56e18cd4185c44ef8b9d0c4930edede16b47963a4871b65fa06cdb5ff69c62f657b348bf189cdb0e3d6493272_cppui_modular381, - 0x03c8015d3a153613d2f2419c911cf6fb6e9428ae23b98d4f19b81e3a57c8c5459f8063a2501aa89fd5ea940add2d6e66_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0c5e0f7fdfbf77ee7d140464ba731db9b99f37df0a06be3123447db3a46bab379b9bf7f16e9e4429de5abb2e9648c8c6_cppui_modular381, - 0x0cb520b8e96560957114ad6d7e67dfdadb1bd88358b2ce482e8879a8ada324f60872ead531b9cb46b1de16041a7e5819_cppui_modular381), - fq2_value_type( - 0x087b07e6f10e365c78650a766590842a4b3b9072276e16ec58751707724e57261f7102020fb1190f5a730217244157a3_cppui_modular381, - 0x16189daed8628a98dcc5c3982df12242107a2776939a0e23e96ec3a98242ebfedf3aa0ba6faecede760d133e4f8b3b60_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x15e0fd0a87b807e6390a7e72f57d8f47b8c46602939ffdc91407e08d169e036d8e39fd9f114cf4319153d18053fa1201_cppui_modular381, - 0x021ae075bed23c5c04a58196e20d9a9819eaea4b28cdf2c144f3884cce2b3cee1c2ca67edcdb0c81c7629f43b913671f_cppui_modular381), - fq2_value_type( - 0x0f55034f53bfd3465b0374b7abe44fdb831080ce799f6ae2316df35abe8cae11e8c3c36f347ddc6cc46cb6ba78888b47_cppui_modular381, - 0x022e87bee60c1ac9cdb051cd9d3c7c579cbb77f9ef8572cd42d312a38ec87a432dbe24ee21a165a951f2954efa161fe8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0c26999b288ac57eaa399e65e1d849e186f304c0474f1c5c70acafe1177cbbba719327d0680e30f5a6ceb11feab39c6f_cppui_modular381, - 0x04cc7745b53e41b642a70002f5f7b4515e81b6d1e7fd7de01d5c827c8a5ee8960f32fa4dc17173625d85a44ec7699f28_cppui_modular381), - fq2_value_type( - 0x10301cb9b9846330b836cc9d2b21b837f5e954f1d4618525c52c2dd0b734f1f06bcdf9b669285f437723a59df92340cb_cppui_modular381, - 0x0fea154121f26e7bb8d997bba9c1ae7564d08cd51da04e770fec34886004acf78351fa19618b9f815c35acbe8db8bb6c_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x080785a6c856b3beabd7cd4b6bda1e28b06d971d835f7ba537423b267ee5acc809b96f71898b54b34115f9e06d0cb2f9_cppui_modular381, - 0x0433029a8c5dbc20513065c874be1eabfe92b21ce79ecded24ff73687478997f08659cab60eec74a9e896f7d937d94f5_cppui_modular381), - fq2_value_type( - 0x0d11a2bbd1f8d571f9857353e11822341d24fd51b50155fdf002e41d22eebdfea4b883a2f426332a596edb650cbabcf5_cppui_modular381, - 0x110051f9782ce55f721be563faee85618f262ed52e6c22cea74495647d4a80c07bacbd6db09c5420abc30159b2980819_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x08cb3db1ed554c7f3f8ee249a2bed141e753d37635257b243e9b74add03a91271e9f16da0caafc4193c11d3df5618091_cppui_modular381, - 0x0b817c56f7db7387f7dd9df93a320796a9e1a1365c1f309a82c0e8d711cbbcc394350c8a791ca81ab19eade7f73c72d3_cppui_modular381), - fq2_value_type( - 0x00a00d84ce31283066883f0bcf1fe487904c2372b6a531978d83dcd901c7a7056055245425d76008c87fd4ea36039b5d_cppui_modular381, - 0x00429080cd40357e275b478e75564af9435ba0480caa56c2bed13c5a5ba5743939645a8334ed0990c3e16fc558e4ff46_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x03df0e71b764fe8ee41af3cf3aa581c5134f7f0fa21d12398b623f3e7862a677b810e6152353cfe9cbffde603ddf258a_cppui_modular381, - 0x00eb2582ffd4e5a26175cb6b8087fded84dd8fe45f386c13225ab17c8b95e211401652cc1edf70d8635c58d76569e8d3_cppui_modular381), - fq2_value_type( - 0x12dc4daa59ff9794847c54f3953f20228239e02d96cab9f22b8dc050cb4ce01ea2776273a07bd1e0b4813e3d06b9cf3e_cppui_modular381, - 0x16e45e6a31e4f58f71c3f949d477a4035ff5d4611c8f13df495e7c4190f87190d74dc1545df8704d2611f209c221ac92_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x05606487ad598cd53d5ceeebb6572978a0cae7a181a6264429bd8eec68afc0b9e791f8a4190adf807e4390090082aa87_cppui_modular381, - 0x0ce0c26551fe1fbb9cac5cd681b45715352a8e2961da3b616232285c08f42f652b5858a4619368f5bd55900e66ca2910_cppui_modular381), - fq2_value_type( - 0x174277032ded436b2941e6ffbeea4afd3fc7644754a6eb8838fc605459c13d2f1d8c3479040a0ec9ea345d7412709ae5_cppui_modular381, - 0x0d35ad13fa98efa1d9f665a9212ae2acc8a6a2bcd1d78806c848d0b47a4e084f5491b3c5e2cdc537375bad926ebb47c8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x103f4048259e2498b3235cf5f8c147c9fe5536f736be621a13c7cd2db960c304bb23c5f9554642acad89420b3802b75f_cppui_modular381, - 0x1214f068b41c5302ed0ff42db19414c9f36821ee1df5d19842e87ccdb2eeb2450c17254195ebc6471c0bb2d4a1a5d76b_cppui_modular381), - fq2_value_type( - 0x07f58e4bc4bc0d6b1b55f0a1f2676234ad49d7e5f0fd942aaa296e582aff1a614b3183e622f0069fca3fd91b0e74e790_cppui_modular381, - 0x108460a7cc77970d261962fe10933316dfc1b1012b5fb6fa7c3f1d03cb48953564e7c044b93d0f760176740bb2cdf6c3_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x11879877c76cc96ecf44b0fdd92626e2b701907461426955cb363d54f18bb627220988ee2a2568cc1db7a2504be96499_cppui_modular381, - 0x125028b5a85cd28547ece1d1d47ffee83b5540225c8b3538c724608343df38a1b91c99a6e027f6f6c262f1785248e527_cppui_modular381), - fq2_value_type( - 0x01cbdd7aab1a1be51e6dc92798b94fca2aacda25cf13ecae179e7aedca028adbb5f79ac8bf6a9f5604f9605f0df4663d_cppui_modular381, - 0x0d7b93debfcaca8662889c1f02c6051dea6b6901f17b6bb3c3143d1fccf437e1bef597c7d4d80453f464c874149e51b4_cppui_modular381), - fq2_value_type::one()), - }; - - typename commitments::kzg_ipp2::output_type c2 = - commitments::kzg_ipp2::pair(vkey, wkey, a.begin(), a.end(), b.begin(), b.end()); - - fq12_value_type etalon_c2_first = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06374258f33742cf76fe64480b8ad2a86974a883987baf7e2f49b787ca7c3bb51054a38ac44adb31c7489e9c8d49e57c_cppui_modular381, - 0x19ea09aac0b3eabd46e1d0941468d6d1d2e2b91adc32f789a099202112bd67091fa1ad6607dde1fdeac668b65f292bb6_cppui_modular381), - fq2_value_type( - 0x198f67a348fc61989b62bd222ebf556898544ae0a1ecc812c50641ea56f7bb3345631bcaceba13e150e4729278f924a7_cppui_modular381, - 0x129dc8dbe59bf05522cfebaad81d6f7d8e7d3d66f1d90ab054a4598b50ba594e30ed41679b3ad1fbbf2ade87b5430ed9_cppui_modular381), - fq2_value_type( - 0x12498e9b54216dc229a1005aec0eaaa9b7103ab28feeee6545e316b96b697dc487081a6637ffb77ceb28ada75586d3a8_cppui_modular381, - 0x07fcaf4b1e618d02843eabd0e62a70eaff57d30b6148de786f0a8b582c070ae132555197e92f6f2a3c19873e09c09eea_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x01c30d135188a98243ab65fa03710752698c00ec8dbc0cea0451d8889a6a71a3ad64b22c926e37e4b13fb374642b6ea8_cppui_modular381, - 0x12d513a82eb3c5885a140b572e6871de735417a08273291337ef0c41781eee1856d415a3d4f8e9d7f0a6b52b02935f4d_cppui_modular381), - fq2_value_type( - 0x03b5a7efdab63732332d570bca0420cda704ca14ae354dd71978e61945520204aff412ce01b96b57751903fdd0f8ff60_cppui_modular381, - 0x14f1eecb185e456af66d744ce71c9a97948f615fe28abc1118525b8fde195fc35ee1391c9d17c456690eaf7412aaa34f_cppui_modular381), - fq2_value_type( - 0x12247d032fe95b80cca3eb325c377f4d9bff75ced2d2218b46ea3425e0dff032cccb8915f57160ef3156e1f3de32570c_cppui_modular381, - 0x0786d9e022313cc63f2f9019ad0c20fae5ce649ad6f65a15a41c46d1133896be4d584c481116ec988cc621fee980c423_cppui_modular381))); - fq12_value_type etalon_c2_second = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x05d3e965b1ddf572f81453a80474f013bdcbcbe76091bccad474829803926286c83b30be9b50eb810669e3583b0ace6d_cppui_modular381, - 0x04a9171487ec6caccef97664499065f53a64a2b06dd0a5fea4cbc23bbf793f2cd91cef8c27a49750b2725016f2708a02_cppui_modular381), - fq2_value_type( - 0x0468d7a42d2338bff7ddffaaeda808496dd2526ff36ee861d9d2fff332997146a5e3309a705b649854f1a5728928a2d2_cppui_modular381, - 0x0c98328b0db9e53e51592c3272ca21acb93f4975ca3f94419b6b2a46c75c5f879a83dedf9d4443cce15339e7ab593534_cppui_modular381), - fq2_value_type( - 0x04c526ce7891dd2e1efc326860147829bc55586cef46fd4190a574069b2cf59c48cbbe6017dc11a38670d0e1fdc02bc4_cppui_modular381, - 0x0f380eba055ede7d6c14931bee8b094e1e67c4a6b526895cea679cda1fdf0f298bb71f69c867ab00d3573d682154ee34_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03c63b40ca07dd457d85a76166eab0acdd212bd07969b87e37d62bae6c5a207d42d1d652ddd1ddbca31978f45077c5be_cppui_modular381, - 0x07ea58d0dceb0457cfc50ae675d41b8d67b686a0013d0eff44b7497f420fb61717cf298bde3b9a84ae6741af069db641_cppui_modular381), - fq2_value_type( - 0x06b7e4d967b9a9debd338c044993a45f18dea0ac2a94ae075a7be650d47d2f28495d0115b5a1b944d3c420664ff8374a_cppui_modular381, - 0x07e9dc11f7bad4aecf09ec07f4d158996f51c9c6d2784f670551d6786f3c0f44b974b6fcd1b508165e43d7fbae297bc8_cppui_modular381), - fq2_value_type( - 0x0768f0ac2cee937c8ad88372e16e9aeea5186fa1a65ca7f1290e0c361d2f2028e9dd35da7d4d32922610190b9a7cd39c_cppui_modular381, - 0x047a4eaa8daef463a886a6483e9544a810e613fba4eec17b8b9308454c742cc0607671ac4007145152368fa0562a7c2d_cppui_modular381))); - - BOOST_CHECK_EQUAL(c2.first, etalon_c2_first); - BOOST_CHECK_EQUAL(c2.second, etalon_c2_second); - - scalar_field_value_type c(0x72629fcfc3205536b36d285f185f874593443f8ceab231d81ef8178d2958d4c3_cppui_modular255); - auto [vkey_left, vkey_right] = vkey.split(n / 2); - typename commitments::kzg_ipp2::vkey_type vkey_compressed = vkey_left.compress(vkey_right, c); - auto [wkey_left, wkey_right] = wkey.split(n / 2); - typename commitments::kzg_ipp2::wkey_type wkey_compressed = wkey_left.compress(wkey_right, c); - - std::vector et_v1_compressed = { - G2_value_type( - fq2_value_type( - 0x0b74b7f8348ef6806367449678620c0943454fb99a4c35db90f2effabf1222b8b0d45175f812eaf687ac8eb8fdcd35e4_cppui_modular381, - 0x101b4827b17e42992ec9cbfd7f942fe15b950bae7e44dbc004c6c6c7242bb7df4b02e54e2b2dd586e05e706236f53148_cppui_modular381), - fq2_value_type( - 0x1430aa96637e61f55af1ab05b1e3fb0c7d74fc922c0308d964c639103d15816cb3a8b97cf6e43b8bbccb1fb0bcf3c813_cppui_modular381, - 0x195f9a7b105c1ac10b22a5c548fffa142eda073f91c1d867e63c86f1dea2633fc209481d22dd15d6f5de4ce8ff8c52fd_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x00c8044bd8548f5ae0c3a19fc8b3980fc94adbd9e7953c3715b49c25d2ffbb0ccdd1c7dba056a44d0696a0d9f907870f_cppui_modular381, - 0x09bec35b32da6f260bfdabda7f42f6d0b364f9d0527f3ee85019286898776877ed491967f833431a50e9d26943b7e965_cppui_modular381), - fq2_value_type( - 0x183f644129e79748ea3bdffe2e8f401928ddb814525c229ecef3c181c24fea8e8f814a3da08ad7916af21f5263c86ea0_cppui_modular381, - 0x04703ffe02768a0ffed187e084283db046e8c5d8a871e1cd4f1294c27f0729ade6e60706f5d78943296a0800882a17dc_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0a049b5bb3922ded25acbed4fe6fc260524c4d39af5f6820c0f25f76c87a5de587224fc4ab4ee0fb8e51ca5b354ef034_cppui_modular381, - 0x0089ae4a8fe593660b04d3679e496747347ec7a0091dc4a02cc51cb074c0fa88426acfb5690ed6cfad1e0db3d7a3686d_cppui_modular381), - fq2_value_type( - 0x0761e2abbb49a3b011dbdb7f904a28dd8316497f0c16bcc06e6f2640443dbad8f1876188102850854c9b82a082e1bb80_cppui_modular381, - 0x02fbb2d1918807d74d16514e1943f393f130fb2d7d6cde1860ce1f5cbe7693bc0eb1e1a84c129cdd063d3b4f121f81e5_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x11556de064ace780a8d6bd92fe9c32f903d65ffa039a596385bb865d61518d3916b319bfb44da815c46352deaff6498b_cppui_modular381, - 0x01eee0a3f808f727bf741a2d036415e3dfcd9abf7a3445c4f0c4b87d5629e5013d3980a1e170c9d170c33d6fdb4d7252_cppui_modular381), - fq2_value_type( - 0x05b816fcd58e57c58211991f38f1a64ad6be94bc7b1f0a9844f6438f3dd80d3cc51c131e797a0c49bb3a41de4e145615_cppui_modular381, - 0x15e109abc824df3600fabd8f186798187f39c6fa1c751602882bc551c19007012003f061f3e6820a36dd7c3884b0a9ee_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x15293a0e5372631bc3aa71a40cc067bd7eabd9a273bb2e4fbb0e33ec09c6c610bbe473f4c2fc0e276d0fdf3d80ffdae9_cppui_modular381, - 0x1725efdd89c30b2d7665e250e4f0bdde8f97c75ef28c1cc277617756cc4364396ee709aadccbef3dcf2739fbe6e672fe_cppui_modular381), - fq2_value_type( - 0x05a0d144964762de0be4ce7fe354f3d9156c4316c8affe4ce305d0ab10e684317d9d77a32f306d2e57ed9eb7db8a3c9d_cppui_modular381, - 0x067332db95199c7a9cac48cbbb4d172fbdb368693995cb9e6df88bb3c920a49ea329f6cf52528c8e1289f5189db2b347_cppui_modular381), - fq2_value_type::one()), - }; - std::vector et_v2_compressed = { - G2_value_type( - fq2_value_type( - 0x186a7e15d408fa91dd9e7566d188fe02f7baa045fd16951d35b9d21acfd8005f95301d22fce8441c81c61b955e4589c6_cppui_modular381, - 0x01209911f0abd559c390384a373b2d8e76bf5ac5675d3a5920e80453a8a9c2b648b993c4ba7fb401436e0406f6d8ec31_cppui_modular381), - fq2_value_type( - 0x0d25f34ceeff50e5502fddf943cfd36a628d119cd5f2d905617928743e71e77201547e433a407eed7f214f26c6e98424_cppui_modular381, - 0x0ac2daac37505f408299340e30438444e5a9952a42d388966ceb504cab2a5498c38c318f1dfc5ad8055cd147ed8734c7_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x06b57042e4849b92a4e81346f8ba0114340c47d468096a46cddc32cfdd719a62137456eeaf56d1d28e0235cc806885c7_cppui_modular381, - 0x063ca8f71db63973e371d8bbd76eee8fa490e59a7529b181c278b67b7a2b415440ccdda92a8834f4da915fe0383d43bd_cppui_modular381), - fq2_value_type( - 0x055dc89a8b6d8dc2027b1536f7e5ee25d6d1c3652860f2749bc97d17f91ad1655566b224339a8bcc2969783258716529_cppui_modular381, - 0x0ce40dca881a8a4e995ebd12c10ce9f5081bce504e97f4e9f6ade1340c800d399a5fe3d669f44666d340663345e675e4_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x092dcde789e5a67dc5614d0b2462c550e7aa9be6d66d3492706f1454aaa2818609bb8dd1b850aa82d92d0f64c33d0435_cppui_modular381, - 0x170f8e4565aa5ba8187714ffe7baa3a4917fe07475acc3cbd8fa429e034fa4f3ac53b06723eb5696f15d6e27393d888b_cppui_modular381), - fq2_value_type( - 0x07cbeb5679bad39efe161160a9f858ee129d82c0df28865a96dd23057ca9827c3606f3c2162cb76ac762f336e6bbb871_cppui_modular381, - 0x19034ae5fcd14ab1ef3e1d979fd14ee274e61a1c64992f052c620f0c91a9a103f5a7bcb2bf5ce3056f4bd593d26f4a52_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x109b9b9fbf16c6fff2cf1f276ad1b09aff3ef976611cdc825f78e0f7ca76a271829e694b7f23a9ecb525427cdab92ed2_cppui_modular381, - 0x150d3c3a996cb5713d597b4451e41b34b1b55b722784e951665fb1d07ee3c2ad5630ea3a35466c6dd8d96b105e5195bf_cppui_modular381), - fq2_value_type( - 0x0f93626288c013dffd087a341de791d5bd0c6cf04f1d0daa47232fd2705042c6a7627d902905bdfdbaa599672708a020_cppui_modular381, - 0x0114d3a70ba03f3991a8c09294f3272e5143a84317494cfc4877f4d22eecb80be7fec0d6d80f6f0efb1b8c678f27f5ac_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x048f8757d41ff0940208039356e5ea7f8014761dea150eb67ef174d406fca8b3ebebac9f8872107ed155d43bbedfaea8_cppui_modular381, - 0x14120aea46096abc03bb60ba301ec921f631dac868d95c2b2a863a74357b4f83ef1f5f5ccb056689abf4a3d6efb37398_cppui_modular381), - fq2_value_type( - 0x1184c3a34c160c7368114e39f29e949692b45527a4db659f278f3d36761d6906295dc9b7535df62d439c1cac004bb808_cppui_modular381, - 0x197a4921a2fc88f5309e37a21931233b54606f90ecaa91fc0eb44f4431cb76615567acd63b588e8d78e76ee922a653db_cppui_modular381), - fq2_value_type::one()), - }; - std::vector et_w1_compressed = { - G1_value_type( - 0x0cc4f23befb077b70594e4727b515a99a71e37a2aba3676f06d92ad8607515b17d396a41c44fb6223d09c38b9609144a_cppui_modular381, - 0x016d54a871a0c361b7b529277fbe4f1c60ccd683a7e2a9858605fec8cf06d485ca88c29b42ed0422a7b227e6f31e0378_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x105a1d84e85d2fbb65419dc25289eea9c6161740ffa7b1480bb9c9c55ec8a5c6e23bbea43ef9e8f1b3f4ad50de0f010a_cppui_modular381, - 0x14c7e1997b89959300bc4d6f26ab37a08426980d2f1776d573ee3d43e44afffe4979ff4690c1e8e189b9e659cfb54302_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x03c866a31a613ccfdab2848521c14a42e232493f3f0799095c21e3f08d04b5fb2a1570df09a9005d1990bff956e2b8ec_cppui_modular381, - 0x0b036658a0a7c475779b17f180a4335e24391f547eb4aa078c9532aeb9613acefc2b97e83356034bd6c9cc6a2f3566fb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x043d40d8cd4633e48bbfe4aa0032517cd43696465e30269363ab61a3ae9a37be615a36ca3088e3524ad19b3cb1bb2ec8_cppui_modular381, - 0x03595a48c66399f7a07e9753e37cb2419bf288fb247907bccd67f481f184f12d8c3528485d1dca17a7c69ecbae23dae8_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0c47c20a3997052ec6ad1b217c1adfdcf17bb25998222bfd231e69f67cdc8008042cbf1fda89a3bb36715de890c0833c_cppui_modular381, - 0x18438fa4cd0ef23b24bfb959eacc54edae6ccd3870fe55d7fba589c628d5db98cfc0851b231477fa62ac161f0fb882b5_cppui_modular381, - fq_value_type::one()), - }; - std::vector et_w2_compressed = { - G1_value_type( - 0x1670abfc0df68a21a2c7cb3bd1c62f8a48fbfd4799d83d484c996ef3d82a3dbdf5fd0175da7abe3d2ba96f059e1881f7_cppui_modular381, - 0x0197a0b5a87ba59fd2c0a9c4de2ce5f773960c4cb59f6d1ef0657cbba79f0f499a7f58d09897716a676edd0a8ca3008f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x026b17c7a93778cdafc553746420a4d3689de8ec7920233bfd5d0abce2e1cfa29845ad7da2f3e36dc7934e476268284b_cppui_modular381, - 0x0ffe95d7d5b842f8d8227f6e84a728b7a8cf7dbd933d80b2d90a17658dff5e61d2a54b54c575624b74d9b322f7fe2a01_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13041e72558e8360e2b6adfddeddbd4f86a325245556097bcfa3fd6beb8eeeec6ae8a116545e89438b2f93f9dcf12250_cppui_modular381, - 0x17698d73a7969cbc92b884f01d86c8034f7e764ee8f8f3476b557eb558156bd678706ff636575501a394d91f28314531_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x133030a621342bc3b57541336a5cc1e389fe746d27904be1bbb948abfd281cbe9bb90d746343e8e4481496d3202015e8_cppui_modular381, - 0x0cc3f51d219fa568723c86c71cc6c11160d00a3b3031268a5f6eabe6672e33d147de99d69f4e7dece907f1b954134b5f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16f1afdc3b42de247b9278a284ef853e613bb90cf9342b8ae7a6a9cec7f7d26d669d010c69443384d41555943b04de43_cppui_modular381, - 0x0d138e4715989d4c70c92613b10103c17ce187a5f135a7d07ffec540c6101a24c8fd36f9713c25627e8db62a2a35baa4_cppui_modular381, - fq_value_type::one()), - }; - - BOOST_CHECK_EQUAL(vkey_compressed.a, et_v1_compressed); - BOOST_CHECK_EQUAL(vkey_compressed.b, et_v2_compressed); - BOOST_CHECK_EQUAL(wkey_compressed.a, et_w1_compressed); - BOOST_CHECK_EQUAL(wkey_compressed.b, et_w2_compressed); -} - -BOOST_AUTO_TEST_CASE(bls381_polynomial_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type r_shift( - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255); - constexpr std::array tr = { - 0x3540c82ee6a14e5d87232db54031a151c313b02c2e5fb8097c98a22b5b1e248a_cppui_modular255, - 0x3cdb7300a2167608f0b4371abde5bbeb0134d0a10c684e15942b9ade19be06b2_cppui_modular255, - 0x1932db8eab26bffd30801c82338662329a83e9cd9e69f8547efee3b971c45333_cppui_modular255, - 0x28a5a5846b8ef1151e23d7dac18b31b6f79ad9762d93a5ab7a09ec367fa15379_cppui_modular255, - 0x32fc439e07ce9f303a50fdcebdede1b4aa3295a7ea84e5dd746466ce09edfadd_cppui_modular255, - 0x17a55ff8ad252c1506c91301bf374301c2ec773f996598c10ec5b8518ab97910_cppui_modular255, - 0x1c8ea45a048d71ca0dfb90deac07c6aba0c661e44b89e40af2ddfc02ddf4a35f_cppui_modular255, - 0x1ba576908f3a792ffba1b1f2f427514cbd2fe9caf194037a178d47b2067547cd_cppui_modular255, - }; - std::vector et_poly_coeffs = { - 0x0000000000000000000000000000000000000000000000000000000000000001_cppui_modular255, - 0x480d5d9990c007e523111f13a4e4061ab69d113818dec59d1273f49f52296162_cppui_modular255, - 0x1c0abb58c4a3de0c94bbde371db6475242fc6123f3e68e3022882416866a0971_cppui_modular255, - 0x3eefdb325408c8ed044d2d8a245821eb03313482868f0776d5db0b6b304de06f_cppui_modular255, - 0x03441b4883df6096879ef162eddeb395ab9a80ca1a2403a61f9bc5d7b66d61a0_cppui_modular255, - 0x6ac136f24de0910a56a8c00eeab93f4e08c4754b0af8d77d45040c23483a3601_cppui_modular255, - 0x595796f3711a982dc195fdc294444fd4127b3bf4fb57ef1fe73ba786e2cd8b3b_cppui_modular255, - 0x68242a724d539dcde318352368080fe13ca7e75638953bee46cebb2aae451d63_cppui_modular255, - 0x1cd6f4493f342dfe8fba32ee030dac4c002ed16c84c9fbbcddf4a510a72d63d9_cppui_modular255, - 0x28ed796d756ceaa877742c2229c7a2249fc6511eaa85f82d51f555c3aa60623c_cppui_modular255, - 0x6013627cbd87199375925d96bb505c1e2c2fac69d0072927a3d62ed8214990ed_cppui_modular255, - 0x1d3c7275c9e6e11e2a4c960edd8c7fd67843a0c59a024bf44fd5314c838e199c_cppui_modular255, - 0x2d9e8b3eb9c9f4ffc6901f6bdc89ec2d6dae92fc0fc19260532723bc3821dd96_cppui_modular255, - 0x584dace948f5c058c571fab6b534749a83f02cbf95c964155c2c221d586dd67f_cppui_modular255, - 0x3c1dc72ea7a79bd9a7fd76ee22484cc48c0bd7ad5d66c2a102862ec7221a88e0_cppui_modular255, - 0x53afeb3f2a7f9cfd5be3ecf160a0316d75be4650158ee59f1960a17ce7e0cb57_cppui_modular255, - 0x3ec8e839758da1f92f47a8777c38cc67a9e243f0a34da25f07df0e976f99cd8c_cppui_modular255, - 0x3943ba6edcade9f65c9f22a154f1b9ca45f1a23b058c9c0e0c6c3c0f4543f491_cppui_modular255, - 0x15aef80fdad1d60ee81fc555b4f8c8f3cb5ad1f0ce2a40e3fba710043dacc1a7_cppui_modular255, - 0x142197f4144a72cb8e25cf5c976b06f9ca9b1aa1c7268be77a870dd3542f6a12_cppui_modular255, - 0x7385a85b56d429a29542d4cb9f41dcd1adf8268c5c560568ccd6b907869722b5_cppui_modular255, - 0x16883f376358bb8b5fcbaa95c203bde08fd98efd6a00de6d286452ba5acaefb9_cppui_modular255, - 0x24f6e1eba0f8bda6c7bba6f678825efda1de9437c37054d68e6dc26d162c616e_cppui_modular255, - 0x18649997a5f6eaafbd0c770811456c1123e1c5fa7aa7d07da777c6548fdfb0a0_cppui_modular255, - 0x5ed4c557c48b3cffc1f462abdf8f4d9c1f2b0019b09d4e83561961bef7be3ecb_cppui_modular255, - 0x0d1916a0935c0f8a5e1d06404fc6a96ed931d082ed1187619ade67cf1892f41f_cppui_modular255, - 0x15437e1083ee249424c4e9a49e7a3724d4d960d13606a76a192bb7012b5f8df6_cppui_modular255, - 0x4f8d6caeb51340c7e7d6341dcc19f4eb7dec5e6f02cc910cd5ff8bf200c9c8e5_cppui_modular255, - 0x70267178abd9a15e624f537d5716e68281fbf95d045cb3a9943cdc26b5bcfe44_cppui_modular255, - 0x2fc5d00aa95d2e97f24d20d29ad4c8307d3b0a6c615429b62f93ecbaaa5fe09d_cppui_modular255, - 0x1a4ba280ba66e01758596ff10ced5f871938cc63228445048f8d18482ef48c6d_cppui_modular255, - 0x1ad39de6f72da86c7730db7491c6dae910b3528d6c5013bbf9adb62c215efdd2_cppui_modular255, - 0x6932ec74d018d36c376c29c5bd0d52c3a526c0fdb34d0136dd9fc87bba6cf45d_cppui_modular255, - 0x44eae134e384252e2ea7bc1b33283bd04edbe1417a22799b1793f2ab0a29a7fb_cppui_modular255, - 0x0db00937710081215915ac1e7dc70b3a4b49352f9a1813aba087629874eeb341_cppui_modular255, - 0x207e89c0c4084f21abd035037ec66165348909e8f2e03808ac3a099372cf927c_cppui_modular255, - 0x105c4d40813de99b80d86ce5e92f8e1f3caaef348644f0f9942a514ade360be0_cppui_modular255, - 0x31e97c20fbc80c8c05758a8530156f2566c1a3d1095df49f4e7f2d3f82e25876_cppui_modular255, - 0x476154855d5fbbb0683806fc9e2f9a6068afd35595a8c51a332bdddae043307a_cppui_modular255, - 0x031874d3c0a6b1324366b64039c4fabf94b0243c39e77a633b6ccd69cb0c8c95_cppui_modular255, - 0x70cc56d291248c13b1341d1964b6837dba9cb47ad37d1c5d95b24406e5a7783c_cppui_modular255, - 0x2ad3e32cceeddbca5a4b04f2aaf2df0726dd4e701e4d2548764a8c0a4647a407_cppui_modular255, - 0x1e3770a820da575dd692bb5bacba9d672093c3247af5b37488fd40e590905048_cppui_modular255, - 0x6ea451815ae5fd07d6b203c600592fbf67f7f71cdac9ad505093cc16a71b5f58_cppui_modular255, - 0x6931fd34b6eb5e501455a274713ecbbaed12c116fbf10585edb00aad5c9225ca_cppui_modular255, - 0x391772c1990b157a9c080afe9e5fa2688565483deb4313d9b3a2398b94a54531_cppui_modular255, - 0x6fd11da108d634967c28d706e1d238952532e938c3a43d2f4c80427ee5e41465_cppui_modular255, - 0x4340a1cdfc5337b60859988391a22c5b74df5fc06064b69c351b0d227f437e78_cppui_modular255, - 0x4a8490fe693187c8cc205c7dedcdbc4708964da51775ac88b298465bf23c1bb4_cppui_modular255, - 0x3e136d819aa9dcb7cb78c693b9feb213e51e79c23df7b3a4aaa64357c459cc09_cppui_modular255, - 0x0096de691391f1e4896e9d17d690f5cb948965349174fc5f488285125362a2db_cppui_modular255, - 0x643df8ad7ba980771b96936fa67a63e485def3d8f9ea4bb82d350949fb092a71_cppui_modular255, - 0x379dc3dcf086eac6f2532596d5f9670b25f5d752d3d3990e5cd64875deb30458_cppui_modular255, - 0x63211c52065d6c71d6d1a8c77a9000896b9588e801f911b13f97f9803ceb9bad_cppui_modular255, - 0x37ac58c5f5826a91c8b182464a083a04aacc5177e4b88d25ca49136efcfef93f_cppui_modular255, - 0x66ba00908a3ba13d2a04457f2094627992685524b6798128e36b633853433526_cppui_modular255, - 0x717311b6e53630e6bebf9443d93a796518c9c8751858deb57f1282c42bc67de3_cppui_modular255, - 0x6b755dff197f12e46d8339ff46bfdf24f805d36f46ba9d42735e8f73bb1bf95d_cppui_modular255, - 0x096cf8eb82f7b46a4e28653634c1750dd2c15bfcbbc082622e980e9826657c8b_cppui_modular255, - 0x486806919560cff5feb7c7824f28a13fac252cdc0e9fef3dfe52486fb73c5d3e_cppui_modular255, - 0x63e53e13aa74972b352467b517dbe8af338d966a5d3aa694b882e2c84e44380c_cppui_modular255, - 0x11063433cc63c9174012cc17458f183539dc4cf386dcf3226213c2179ec5619f_cppui_modular255, - 0x690111ad5e36e656daef3951a67d6610f73bbc301bb42bd3dbd13f8c80abe930_cppui_modular255, - 0x72d25810142fefb4dd10f7f228dde90a73fc0906c77f571471e4af5aa0bfcdb6_cppui_modular255, - 0x0229058f25696cea3fa1f50a6da95c74e5c4386ede7de3b3f505a0e638389bc0_cppui_modular255, - 0x262df7daa19ca683206206a485552a0e431666659494b259ff769bc6fe0fb619_cppui_modular255, - 0x3b25332af4ace3e424f8e355a19e9d428719db4bbbd5edf2b92ac980ef6b908a_cppui_modular255, - 0x3cc2b194b50c7b9826ce8666be7f9cd062e92f77d98d59afabe2283ea14a2698_cppui_modular255, - 0x0696ec6bbb951f3b12895e7f8b05257b1e744c2707e472d2b9db78a79eaf1175_cppui_modular255, - 0x47c69add0279970e4272b8792df7b97098055505bea91ed0935be1b871af8ea2_cppui_modular255, - 0x051638844fe262b56f2c6c3accee9fd55108cbf8ecd667096b3cfc16b7dadaca_cppui_modular255, - 0x12bd689671b16e03368447f220d3e4c5e9e13b457e48ecf410ebecad2f53ed8e_cppui_modular255, - 0x70e67fef8f8d90648ad9cd68d0aaae2b4f6adafdcbee0c16f8566d162b2d9547_cppui_modular255, - 0x4914c12c22604660e3725cecefa32e3b3a84c559aeaada25170faaf10ace6d32_cppui_modular255, - 0x412fc9ba9c6e0b797d1a03f767cca6c80bae5776906d40a67197f4fde5dd2da0_cppui_modular255, - 0x2156733411bce77b968698d04662da57ed3bc79367399b49014a4f2ea03afdfd_cppui_modular255, - 0x425cf78d6d13261cc329ab61755bb4c211b009c483ec62fa216511611aae2464_cppui_modular255, - 0x6a967e87cfa5d5a9c135a78d1e92edc0b4e2528ddfe88efc32c63090b819f196_cppui_modular255, - 0x1ad2bbdfa528b202ffc3c62134ab5a53b60be156f707bae7a10c5489a7ea7e6f_cppui_modular255, - 0x4942e35742a4915a9c891a92aaaa477f4017e7c82d6ac1d3eece75a508fb1572_cppui_modular255, - 0x65f6ca3ebf4c6111057c03ed0cd1127a100710fcca53bf44d7247c0de176260d_cppui_modular255, - 0x0f6d4e5dd7ace3540c4eafb4bd779c86ee12f0ba5c92fa9e3565e52c06c9a881_cppui_modular255, - 0x5b730bfb15839de0ead3db78edcccdcc80f8481ca4203d526aea37a129bc6179_cppui_modular255, - 0x5c412c415597256e2b9159bf612760007a6c109d287634e1690b7dd2a3cb9a40_cppui_modular255, - 0x0534aa0edd228f305dc8ae5a322b9e09d4ff3b82b45d559d935572c106daeea1_cppui_modular255, - 0x43042bdd06fb35f6a553002098576a1d7594ec3297d4935382cde01edbf3b2a4_cppui_modular255, - 0x02df631cc1de108e3b21cb1e19e27e794625bbbcbebb6b1021a8f490a4d26ad3_cppui_modular255, - 0x1404628368af0c392030080227b4f2a3cfe1aa258357428959f5eef2154455a5_cppui_modular255, - 0x2c93e7c0cf251568c29205a7864c9851dd595e5823332c1e13a110a7bb0a57fd_cppui_modular255, - 0x27a90e636f9d9a35b378a1e1af3973d0c39cc941ebefa9f2fa13ef6a1e2fb8a2_cppui_modular255, - 0x1ce47dc601ee5db8e7f2913c33484ad46476a2e1a34428fd14c7a8e822c52fc7_cppui_modular255, - 0x71c6aef4c005a4c1c5f4801f866bc0a6bd5952b7f5e4865feb4940b3177fabe4_cppui_modular255, - 0x040d465c49ca0315130efa3046e049a687e798ce732567d6ee84727b3fa226f8_cppui_modular255, - 0x71706d9bd063ca170cb9f8c41ec32ccaed394a1a876a8302a45484159907ec50_cppui_modular255, - 0x44c08e331896853c9ac99e97242d8808fdfffcd18f1c2701af2270aded40330a_cppui_modular255, - 0x4a48fd884cfa214545860746f43495ede0aa14cb3693899352f42ac3ac523315_cppui_modular255, - 0x3874018552b8014999bde467bd8c36e792fda187de468dc586a1b81ad4800d5f_cppui_modular255, - 0x13221842137b41f2358c2ac97d79157f0cc560f342507259075acd2c783544da_cppui_modular255, - 0x60ba123f92573c8841afed0951bee188f137ca4f04f918222bff7a8fd6526c04_cppui_modular255, - 0x389f821fb8cacfb59d4589c9b13a4ecf379f701df2b9469ceb934256bbb6d776_cppui_modular255, - 0x16754b4e1c0f1233c649c4e21d780128edac4c4c2b2439cf449088dc671fc348_cppui_modular255, - 0x15efb0852b2230ed66cd64c55233ba16f66f5c5b05a6ca71f180cad01c8ed71a_cppui_modular255, - 0x3781f551e85953156a09b638e94f690902f1ca91014f08979d1834c0ead682a5_cppui_modular255, - 0x011d64455f427c0bd0577131f9ef48d47bad44c152029e59bea541a7a7dc98a8_cppui_modular255, - 0x4ecb58e8f31f80905a95f962b9bec0538d53f8664b314684dcc8d04beccde8f2_cppui_modular255, - 0x024d233a1e662788e529a405dcc3f25fa16cf5b574109ae1f2289d5d2193feb7_cppui_modular255, - 0x0d0503ed7e91397bc92a73e4692ca6babfec93c725b55cd69a14879f22fd6ff2_cppui_modular255, - 0x39811338758bd4b1d2bcb9890ba2e2313cec6e9f54db2fe82f0d95e0b359840e_cppui_modular255, - 0x2a4e01fa966e5e1c8f7823d5ec3c708f56c9306af2d0321583613df9a2888209_cppui_modular255, - 0x3665f93bb2da394bdd953a883d4c5fe04e176ae7be88e9ecbbf591703c192e5d_cppui_modular255, - 0x0081b49e88f0b930bfcd84492407c730ea10772b809818c83ab95c36f3aa8de9_cppui_modular255, - 0x22339eb7e2c232be0b60f86b7bfaf1025ccdc145b11d6bfa346f1a066cac2918_cppui_modular255, - 0x0f7e1106cf189bd87a972286b151aca5e929777269b968551f00fa0381ffd891_cppui_modular255, - 0x59841df41488a266e2f227dcaf4da41cde578cbfaba8115859becc20b488fd69_cppui_modular255, - 0x6c8f58a4907e2a0b56434db41d3b1e69f9b360f2039d9856c188ab4deaceabfa_cppui_modular255, - 0x41b6ff2188b920cdd099df98164b3d61696eacaec64aeb839024c7500eb8bcaf_cppui_modular255, - 0x59cb1fcd4cffd255f98f5c64c84ea70651b1bed981e99d72cb4c1044952e098d_cppui_modular255, - 0x4dd9da29ce23a3e5c0349517e283e54808855eb60d8b99e223762d9fd98af51f_cppui_modular255, - 0x652fdc9b3a08078583b7e65b9459f42685acd2e1a61830cdfac7506574f5dd06_cppui_modular255, - 0x6ed64a74f8d017974f6fe87fca5ad3d6433462054cece7622fd4a02f8465287a_cppui_modular255, - 0x7314d4441d6e85dbb7c11797760dfc5f004659aee51e7299c7ecace82cadb00a_cppui_modular255, - 0x03ce7f6f76589dcc32e08c0a0642606ce9af3d4f5d7bed76aa270cd50b3e6cfa_cppui_modular255, - 0x3d497c195db408c4eb1f1c34256a6522c20e27192125c8a07370876deb01241c_cppui_modular255, - 0x107a83d4a1d8c489bb1271df2eb9eb0f8acdabaf583fc97c12f2adc5abbe6c04_cppui_modular255, - 0x6fa391c27c905ea55845cac5bb5cf33d0704173e4c32092326ba7e8bb93fb092_cppui_modular255, - 0x252b7b7d7513e0811d293a194bef93f6e19a06ba180d87015bff1f78bff20116_cppui_modular255, - 0x0bfdd6a008dcdfc40ca9b774424f557d4634cef3a8550914ff98fee3ed22d7e1_cppui_modular255, - 0x5d220bbc372737ee19c02511f9c5aabc872d5a167b95c22bf35005de5aeec55d_cppui_modular255, - 0x3d02fd9bd2224c0c5a062fb2f82a288db5db9f749d9eb0ddbd9dc26b205d344e_cppui_modular255, - 0x684eaecbc3d13fa30cc7ea0c3393724de868b8a34dac4580c9fe3dbfdb4a9eea_cppui_modular255, - 0x43e81faa6b9c5e3ccfb5841e8ff60cda8c5a0a71399bba912d99f63343372d60_cppui_modular255, - 0x13b1ecc701b0566bb8cbf4f186104424a2840d7910d75e10a5c3e30ab4d8abc1_cppui_modular255, - 0x2d1c2e7c193745f6d8f5f7aa63665349b399db387e2c838d9b4306d7a385de62_cppui_modular255, - 0x5ba7d9570ac38ef02c5873c5bd9f655632782b1966b119c6f8b47687a229ae96_cppui_modular255, - 0x1f04a0ef594a5bdc826aee7721c288de4c9fc260b012d0b2b6addbd4814a9668_cppui_modular255, - 0x63e5967f5900365a832334f6b52a51c0390f4925761a2dd074c7fafac149afd6_cppui_modular255, - 0x43ca0adc50da6246f4b1ba6c821bef6873d88541a3a27808a3ebfe6c27a7bd4b_cppui_modular255, - 0x29c75f5d0e2331d4cd60d6654eaf1c22deb629837e53e0b723fdb27f0ab6a99a_cppui_modular255, - 0x643189efbd2fd5099df3539df621a8a60af26e404e098f66c369e207a6e22e5e_cppui_modular255, - 0x5bd13b92659428d50ccefca53a52c697e106fcf7b4ebbbd62bbad9e79638bc13_cppui_modular255, - 0x3b9fffa05fb179e966b7081f0f9622d2f9f077cea9b6f02373d3f424ee146189_cppui_modular255, - 0x3c9a59e0725fc1b24b3e79c7bdd37707ed9784c83fab9f4b8b285f4fad637c24_cppui_modular255, - 0x414377c1398bb503f0174a07e8ee6d95783e74b54bb3066df7e16b75f21dcd3a_cppui_modular255, - 0x2dc29d17bfb8103f6d6d48dcebf383e637ef29fab8f801573a58fb18362d1b8e_cppui_modular255, - 0x67031c1c085c8f8cfffac4e0fbbdbe7214c5dcd0a91685f3fbe6c67160e627bd_cppui_modular255, - 0x724b962b45e2adf79b4dad3a9ed82d6df3a1e385dc031d45f854d8dbfa01943d_cppui_modular255, - 0x271417c390b9c3e27ca918f272fe54cfbe540e300115c96eac8520a5dbaa4d69_cppui_modular255, - 0x011690ae897e8a9face5b0a51cff976734b6cf006a81a4153882bcd51194eec1_cppui_modular255, - 0x33dda0320753586276ccadcb5f4e35f8602718f6d8ddddc5f1db1f376616b442_cppui_modular255, - 0x01ade8747e0ffbc898a5467cac783aa96143266853b44ab6c61cd982ee79ea43_cppui_modular255, - 0x363b2ae933e2c5a5d0e91bb5b24d10f48260c2f053101e6f0198b7a06412ec71_cppui_modular255, - 0x5abe59a863d75729a56a033d105228bf4cf5192eae821ae32189e065844f5a48_cppui_modular255, - 0x570507c4c602d257a873aca3d9c023b6c133e73909aad6687099e104c36ed8e2_cppui_modular255, - 0x4a86a84ee21029642a1595c4f1a645e99ef41c411f7c0dade14b2c4e8bc09933_cppui_modular255, - 0x69a18746efa0393beb7702fe0e7643274f1c7da904beb60b42014d5967ca4b34_cppui_modular255, - 0x570470137359d4b2526f2f489d278e7340b33ae8eb2d9bdb64140067e784abae_cppui_modular255, - 0x653274fd83f5249fbe2e778835c93a23ab783c17b5bd2e85d6dc5648673a6f04_cppui_modular255, - 0x27a2d4099898b0f9f2d1c7f2bb7f70bb1ca1f56f5eab19909400881451434a31_cppui_modular255, - 0x00d8fa1404342a92e90006cba8c13879c90d4c575181b1453c5b790f5465a16e_cppui_modular255, - 0x14435f925aa0f45627bc67436e1b5cf50f003df76037f87b94b4204b21985099_cppui_modular255, - 0x6c066f3f9d9e5d5147456c07203b4283e19298347018292c57a88c1a984268e2_cppui_modular255, - 0x5b515f3be19fb374258075bdd0f16780a3028197c7a278dac6beacaa31ef9ed9_cppui_modular255, - 0x4c09d00fa5ed074637b7c471f9574367ab7e96006bb5dd976e6ce0fb8c510bf8_cppui_modular255, - 0x20d127b6078a21ef7e54391932c085e7f4654df49e8f103e25892c8c20244b5f_cppui_modular255, - 0x580475a5b814e0d82b701ad59f33719fd2653a513dfe376feb6797c9177eba7a_cppui_modular255, - 0x63cf6d747ce233351c5d5df3dfdf5b327baba26df40f08935a22946d55841a0d_cppui_modular255, - 0x351d8afe67168f60d78f4654096232279b729ac581817d19eceb83c5bd92b447_cppui_modular255, - 0x35440021e1f004525bdb52188b514ed08c4f920fa53988b98029b8dcd0eb11fe_cppui_modular255, - 0x08096cabc485ca9da3f9c356d76f274299908e574d76ac054ae85fba5681fce7_cppui_modular255, - 0x53d7a804607db92e9c398510b590021bab8e1480c8e5397c40ca31cc8ef38888_cppui_modular255, - 0x522f728820091af6ca285f126623378f7a2ac3933d31d2065aa855c67c024162_cppui_modular255, - 0x5234437802afc9769d9301cf53c2804f514b6dbac5e2fe4268a62066796acd4e_cppui_modular255, - 0x1dd3ae12d0c460f223e9dabdd4d4049c023f588cf8aef3fe5f9742416b3daea0_cppui_modular255, - 0x33879fb8eb95c5b0e8dd3189324d24a0c09914611e693eedcfccd4cfdbc833aa_cppui_modular255, - 0x658e4fb9c73f946ab5278a26e4a9c0502d980f74e8f0315e4b0643056c862717_cppui_modular255, - 0x1a122193c5f5f0c9e34e5eddb380afa5962e040b546c628d7b54b62bf8faa358_cppui_modular255, - 0x4e51e99c866e7c59ebe92a359141b7ea603c71626c5b04b468515fe943ed5e51_cppui_modular255, - 0x604918f13a0b91ff8980b42934a14fa80c5f95c16d22379943460c62d0050059_cppui_modular255, - 0x64b52e08d3afb19c2d66c375d41d0b50f9d43350e695f972490d4167b4dad706_cppui_modular255, - 0x6448724b222c98f72de1a942bcb7316f6db646eb2a93a1e1ddb73dde6f7630cd_cppui_modular255, - 0x42e9f2d7e03795995872c8e14831757493854f07fd03e28ea5e481fa2e6e5d00_cppui_modular255, - 0x11c5580567cff78b9a3efb5400a17a1b5f22954b775154dd0a98fc5c133fdffe_cppui_modular255, - 0x4739f93374d06c312798481a586955248e0bcb41b01c584e13de06c4f1976cf7_cppui_modular255, - 0x581364822399de7648f346b78c65ed7e6095c5775d122221199486be6aae02a3_cppui_modular255, - 0x3024a680a2d674f96c6841b936d429a5f20762304d2a29532d65f9743369df75_cppui_modular255, - 0x23bd923a227adfdee0cb10ea11d598897c7c0f906b645f887d292817ee66759e_cppui_modular255, - 0x0fe864f291829c40460bf08ef4f593be2739efe8f361fc08047a4be94ae6dd35_cppui_modular255, - 0x630d0f774643cd197aba40e27bf94b45a7310194fc81f904db1b5eec7c35e193_cppui_modular255, - 0x566c33ddae001788c433c1e1566446c991554c37e67c96904d647503856ce4f2_cppui_modular255, - 0x0549ea7a86d6304311e53674d3de0d7c7a8c4e1651e69fe7dd9eb1caf5ad9857_cppui_modular255, - 0x487304c054c8124adb27e5d3079b3dafefd6b69db2d0605fd4506d3aaa5607db_cppui_modular255, - 0x143e742dd25ce947adda8b6d3dc26e683db77101211384cad7eedc12a047b804_cppui_modular255, - 0x41ef40c96879a56b2190dc10f23525865660b629ccb30a4761b779e0628ab857_cppui_modular255, - 0x134d2d53a84ad41e5cfcfe75bf49c8de1e69b615738401bc31287826763faece_cppui_modular255, - 0x1f5120857962996f095ad78e5ddd8258b08be174a7c369744372278cf98a2676_cppui_modular255, - 0x5ea93fbbec339f9554eefc2f87087781a2880127f3dae033264025993654dfca_cppui_modular255, - 0x2e183d894ab20b49f0b937aaf3d65a02ba29d08c89ca69576d53282827e2560f_cppui_modular255, - 0x142e79bfca24b129f8e24be07bdba8f646a98093699013c149b7e90a4867bd97_cppui_modular255, - 0x61a5b1c2f741290bb64a6182d97d6c6734816eb5e909f5e44d2ead92717dc3c9_cppui_modular255, - 0x37ff04291d41edff6b6888cf36de141d18a60a6f57b27364f84c8ef07dd35118_cppui_modular255, - 0x6a6125e36eaf98e32ca267a90895fefc0610a874f497a4187d4bcc2f997bb873_cppui_modular255, - 0x095ffe71832abdc79e750eed95a627095fe785b7b1dcc9bfa5d61195c4ae1cd5_cppui_modular255, - 0x2e11cf7c849427744c1a6d940df52aa6d65614a5fe3f274d115fad8a2bb4580b_cppui_modular255, - 0x43e72e049425ed5b337b69e074664177ac10a35c3ab042115e14343b50362001_cppui_modular255, - 0x653ced05189526caf7f0d24927a2a1eb9605eac04d449063ebf5852b0638dcd3_cppui_modular255, - 0x36d5a09ed0e448e0e8031c485f3eeb83352c7f8d8dbe6c32247163e681388db0_cppui_modular255, - 0x6c192143b75fee703d22dc756a24785563263138ada8a80a9654d45cf222cd68_cppui_modular255, - 0x61ac75bd0db91ce314df5cfc3848d892260321de1d880c129474cf7035bc5ca9_cppui_modular255, - 0x6ab4587e850dfc102c4ffb723c49952893065c31002f2a17d92a09b6201f7043_cppui_modular255, - 0x2280ab51bfc0c3d03a61b1ae0cd199adf8cd7d595755bff1bd56848ac9b2addb_cppui_modular255, - 0x6db3abb4d35f2abddfbf8c5ee58be7b104c4387e723433985589b504880260ef_cppui_modular255, - 0x213e130c3c34db9d738af21150ba76382d55bb3b110a2d67f6cbe9c63795da83_cppui_modular255, - 0x5dadd4dc264d9463821290065a2ff738d9f936ccc17382615cd600736ef8f536_cppui_modular255, - 0x1c96d875fe47cfa371656e119d3a9646f67f5be4bb8784b47de10a587166487f_cppui_modular255, - 0x6257cc59864ec4e2485be286144458bc3f4458eadc536ce8c5f5bb2870651193_cppui_modular255, - 0x3c694078e47276d26913242fbba8a6db76a7fbda52977241af03234072ddafd6_cppui_modular255, - 0x6082df0b0ff44fe79bbffe9366113b31f95741bb4f7fa86fec3fb08d925e11f4_cppui_modular255, - 0x68b8926a41350f57bfbf1dcc61fa61c37b438d611a53a41adbfc4be14bf35f99_cppui_modular255, - 0x13e6befe321c5a318a0fb7ab897bfa1d78de4a8c2451a9c838b483eebcc80b09_cppui_modular255, - 0x5553fb737e38a6e413e00f77b115943e48e69d6e4ec131ccc22ce4ed47bdb6d7_cppui_modular255, - 0x36f00a4a2739ed9ba56ea0d136d25a1a9d449c187f94efeb4e7c2d88ae9dea2e_cppui_modular255, - 0x1d790279938a84ddcddf1f25f89f7fef234bb90e2a209fdabccbe03fda68a3a5_cppui_modular255, - 0x0a864c6180e057fb9b20cea35bad5aae97114adcc43ef0fa4e52df1e1cfd9265_cppui_modular255, - 0x177eda2f8aaae07eeb47e206c8d0caececaa26ef4907d98a67ec2257b4bc6db9_cppui_modular255, - 0x4ab7c5d7846a1d8fff53196ca2f21a5c9569ac3a5688a536a8cb0d2e4c666c28_cppui_modular255, - 0x54be7a81a0c2d015c0442e5756773c08c66150b73fbabb3b0b00e390c7848f07_cppui_modular255, - 0x047ee8158528b7337c5ecdeb31522005ff4130adddbabe6c741159a34760da6c_cppui_modular255, - 0x416bc2ac134682d2160769543dc6e426c3289207864e283e67b5861e409e1207_cppui_modular255, - 0x644386d878eddba7ab5c64208012a25632191d0072caad8f20b4a08fc366d489_cppui_modular255, - 0x0583ade3f8f05abb91350e75bc22edb668c3c92c35991f16ea4af45c46ee02f8_cppui_modular255, - 0x49c9c118dc19529b22bd954defcf599a61447b6c3521eda59a0bd625e55dbee4_cppui_modular255, - 0x5d8451e2595474c20f0b172a3e44da56d0ec7c369e6c0a991ae473bcf67fb579_cppui_modular255, - 0x65a7e8cd2471091cad4ec2877d96e60caeb4eeb7c3c1d546a91253380c0466f9_cppui_modular255, - 0x26f90507486b52fa6931e4392a196203b4784547c4d0eb828086acf8679cdaff_cppui_modular255, - 0x6c5a8636cc7a511afc6a28f2386d6eb68c91d4f7e7fe8d26433e3e8128c80ca8_cppui_modular255, - 0x162695cf98ffdf0e50cef20f0df3f8eb1d061303b3d9d6a35847c57dd6b61250_cppui_modular255, - 0x08c0eaa9d94a3dcfbb2532d5bc18235d299769bba449e0b5a7593f5c72bac89b_cppui_modular255, - 0x639030fa3f7dad88ddcbd3d7dda3ed3645c9290362b75681e3b1f2371b67756d_cppui_modular255, - 0x4d7bc37acaf75c2d7bbf0c267383ae88da9311bf70a0191e5c62ea75bd3dd7f7_cppui_modular255, - 0x38cb86c550bf3221ebb2baba61a3c77e449bd1fba63deba6a9c337db2f56c7da_cppui_modular255, - 0x3150e9d8068b2d6b9490c4375bc60c329cf3318f52c4d32cb2d5ace796a1f9b9_cppui_modular255, - 0x54f6038946d1bbf0553ef6e328682f0f2e47ef581218db4e6bbfe85d449625f8_cppui_modular255, - 0x4b99ad7201e92fbab4ef236df467d7c6d0a10bd01de4c6d360ed09f7605fee2b_cppui_modular255, - 0x05a5d1a97f870fc676987bbc4962d76a58b60d414645a92e8b1ea01ba3a89333_cppui_modular255, - 0x71f99c0a53d6b69ff00ba55d627d925a8dbfe8b565a657f0b4fb5964427cc403_cppui_modular255, - 0x5263f0e9812d3d52f221a16f50c036fe0363416f8e74f7c27f0ea0147d0c9621_cppui_modular255, - 0x1d8d7473a2bcd19b69501843ae4754fb77c46920b74b6256afb9d9647943339c_cppui_modular255, - 0x52a6679a95609c26e47ee4318c5a5b2b9cbe50989142ced50b485544ddd6acce_cppui_modular255, - 0x065d2b0719c0bcc1b02037ae08f9a5398feca58936dfbd62b8fce028b01afb7b_cppui_modular255, - 0x520d73bbb1d0970ea53b4e6337b9e353d09c5a856b923344c6d8cedddc238bce_cppui_modular255, - 0x595276f8984d376dc47db0485377b0f95b3234e28ae1cdae168762e83db9de64_cppui_modular255, - 0x663ab3819c59044a9ecfda430332513579c7a5801d369969cf18cdcb241273ef_cppui_modular255, - 0x6bcd48bd3a63cfa11c3e9d52fddcee3112c22dbc68784894a63c605442b1d34a_cppui_modular255, - 0x383c0f2c20c304caac5fe8b0a3013e48b71e33c608420c8e7bd04a5c138a4a01_cppui_modular255, - 0x2ca94a4785a3e19bf06a91acfcfc0b695d432984da488e863ad056bf040890b4_cppui_modular255, - 0x0ea0f213dc3ee2d046abdaf721c410e2cea5896940461e46a96bce4f52880875_cppui_modular255, - }; - constexpr scalar_field_value_type kzg_challenge( - 0x73313f808ec41532e12764269b3c8cc1c6d1d01bc4732ebc4c3fba5bbd676376_cppui_modular255); - constexpr scalar_field_value_type et_eval_val( - 0x256def9d29cdb492f33f938c24ef442857ae93f0bced9e6db5a38de07a948d76_cppui_modular255); - - std::vector poly_coeffs = - polynomial_coefficients_from_transcript(tr.begin(), tr.end(), r_shift); - scalar_field_value_type eval_val = polynomial_evaluation_product_form_from_transcript( - tr.begin(), tr.end(), kzg_challenge, r_shift); - - BOOST_CHECK_EQUAL(poly_coeffs, et_poly_coeffs); - BOOST_CHECK_EQUAL(eval_val, et_eval_val); -} - -BOOST_AUTO_TEST_CASE(bls381_prove_commitment_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type alpha( - 0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - constexpr scalar_field_value_type beta(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - constexpr scalar_field_value_type kzg_challenge( - 0x1932db8eab26bffd30801c82338662329a83e9cd9e69f8547efee3b971c45333_cppui_modular255); - std::vector tr = {{ - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255, - 0x3540c82ee6a14e5d87232db54031a151c313b02c2e5fb8097c98a22b5b1e248a_cppui_modular255, - 0x3cdb7300a2167608f0b4371abde5bbeb0134d0a10c684e15942b9ade19be06b2_cppui_modular255, - }}; - typename commitments::kzg_ipp2::opening_type et_comm_v( - G2_value_type( - fq2_value_type( - 0x130cc68002eab5dd042ad6b44cf05764665429255d243e99ac93df93232efe3ab0690aa049ce7d55975d4468d034cd57_cppui_modular381, - 0x0e9117cdcbca8bdd72d5f002edc2174db28e1db8822faedc36adc87f99a6518871f10c2c05959a112e6bec0108b4d623_cppui_modular381), - fq2_value_type( - 0x151b4757ffa7a260ca5cd8d3c7dcb380ce0e31cc9a96f7b4e3c0717cd0af0cf62e166d9128fb8a90d3b0afe2e9c77b03_cppui_modular381, - 0x10f62ada6dfa4d1c8fbf7c7f2bafde9f3b9e8896c6432c16707b7ad6da5b5c1797458a154a7268856b5dbdbc9fb4901e_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12ca1b47637293a935da075572b2fd740a2fbcaa58e2161f61f4fef1982c9f6928d8e3a13a4fe62cf414a34156349502_cppui_modular381, - 0x0384651dd21b50548d96d43ec2ac462c489e3301b20a093ecac9ba24cfd275a2af09c9e699314da975babbf723b4fd7a_cppui_modular381), - fq2_value_type( - 0x01e201cbc84319db30d383db7411df22609ecf4413dac869ad824024bd46f08a715f2d7eaa79419c869947bcc31b2d38_cppui_modular381, - 0x17dd995635f7e23869a028a2aac730c38edb03b6f30f2db044ac27a4a81963a03c4f2cbc2e9c831403d86a97301f10d3_cppui_modular381), - fq2_value_type::one())); - - typename commitments::kzg_ipp2::opening_type et_comm_w( - G1_value_type( - 0x085ea66c01bf2544d5cca506b0f230fe3682d7c7f44ba74d70cfc4b0513f7ee658f7e7bad6cb445399e6eb1677a3f6a3_cppui_modular381, - 0x0f7205d63934b7ac8a8416c0e6f1380cf8ef3fe9d74c5b81a4b9c4cdeee3bc10a3a904534ffc542d0c5ba20b3a2f3895_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x003a5a97983e1323251cdb342bd5fe25e9aec95a6beb85e5b608a8859c4b4465e45aca1118bc1c6982732e93ef4a139b_cppui_modular381, - 0x17886e66a7a0b695a242af2a6ee5e872bdc5fcb7f49e2176fb26888464a5cbd6a35d6180a3db4d308fbe2e65c19e2480_cppui_modular381, - fq_value_type::one())); - - // setup_fake_srs - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - typename commitments::kzg_ipp2::opening_type comm_v = - prove_commitment_v(pk.h_alpha_powers.begin(), - pk.h_alpha_powers.end(), - pk.h_beta_powers.begin(), - pk.h_beta_powers.end(), - tr.begin(), - tr.end(), - kzg_challenge); - BOOST_CHECK_EQUAL(et_comm_v, comm_v); - - constexpr scalar_field_value_type r_shift( - 0x28a5a5846b8ef1151e23d7dac18b31b6f79ad9762d93a5ab7a09ec367fa15379_cppui_modular255); - typename commitments::kzg_ipp2::opening_type comm_w = - prove_commitment_w(pk.g_alpha_powers.begin(), - pk.g_alpha_powers.end(), - pk.g_beta_powers.begin(), - pk.g_beta_powers.end(), - tr.begin(), - tr.end(), - r_shift, - kzg_challenge); - BOOST_CHECK_EQUAL(et_comm_w, comm_w); -} - -BOOST_AUTO_TEST_CASE(bls381_transcript_test) { - ///////////////////////////////////////////////////////////////////////////////////////////////////////// - /// Serialization/deserialization tests - - scalar_field_value_type a(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - std::vector et_a_ser = { - 93, 227, 44, 5, 215, 179, 179, 161, 188, 47, 202, 226, 198, 224, 235, 229, - 51, 172, 126, 121, 244, 132, 95, 94, 122, 217, 155, 123, 243, 93, 170, 87, - }; - std::vector a_ser(nil::marshalling::bincode::curve::fr_octets_num); - nil::marshalling::bincode::curve::field_element_to_bytes(a, a_ser.begin(), - a_ser.end()); - BOOST_CHECK_EQUAL(et_a_ser, a_ser); - scalar_field_value_type a_deser = - nil::marshalling::bincode::curve::field_element_from_bytes(a_ser.begin(), - a_ser.end()) - .second; - BOOST_CHECK_EQUAL(a_deser, a); - - G1_value_type b( - 0x12b8f3abf50782b18f37410b10cf408e88b7749a40e344f562f7cc171612daa1981b9beae698180202993bcdeb42af53_cppui_modular381, - 0x15800fa0ba4aefb8af1a7ca4af19511799fb01492444a070d485c7a3fe9b22bcfabb6bc2007f76a3adc6560ecf990a47_cppui_modular381, - fq_value_type::one()); - std::vector et_b_ser = { - 178, 184, 243, 171, 245, 7, 130, 177, 143, 55, 65, 11, 16, 207, 64, 142, - 136, 183, 116, 154, 64, 227, 68, 245, 98, 247, 204, 23, 22, 18, 218, 161, - 152, 27, 155, 234, 230, 152, 24, 2, 2, 153, 59, 205, 235, 66, 175, 83, - }; - std::vector b_ser(nil::marshalling::bincode::curve::g1_octets_num); - nil::marshalling::bincode::curve::point_to_bytes(b, b_ser.begin(), b_ser.end()); - BOOST_CHECK_EQUAL(et_b_ser, b_ser); - G1_value_type b_deser = - nil::marshalling::bincode::curve::g1_point_from_bytes(b_ser.begin(), b_ser.end()); - BOOST_CHECK_EQUAL(b_deser, b); - - G2_value_type c( - fq2_value_type( - 0x0c23b14b42d3825f16b9e9b2c3a92fe3a82ac2cf8a5635a9d60188b43ef1408627230c5b6e3958d073ebe7c239ea391e_cppui_modular381, - 0x0c45a0c4d7bda23c7e09ac5d43a9d2ea1898c36e7cb164a5cfcb91cb17c9e8d3d6ba5d177f9ab83a6d1ae554fab749f0_cppui_modular381), - fq2_value_type( - 0x03a257633aa8a4f3d03541ecda1ed72f30af7660891d39c9c24da7560d22fbc145c6817d3c2833e54454e664cf528c36_cppui_modular381, - 0x01856f2127eaf9be53b902ff71a6a9b4dfb597f085fb3a2a35980683e82f1e2169beee9943a0ecbca676b4bc9370282e_cppui_modular381), - fq2_value_type::one()); - std::vector et_c_ser = { - 140, 69, 160, 196, 215, 189, 162, 60, 126, 9, 172, 93, 67, 169, 210, 234, 24, 152, 195, 110, - 124, 177, 100, 165, 207, 203, 145, 203, 23, 201, 232, 211, 214, 186, 93, 23, 127, 154, 184, 58, - 109, 26, 229, 84, 250, 183, 73, 240, 12, 35, 177, 75, 66, 211, 130, 95, 22, 185, 233, 178, - 195, 169, 47, 227, 168, 42, 194, 207, 138, 86, 53, 169, 214, 1, 136, 180, 62, 241, 64, 134, - 39, 35, 12, 91, 110, 57, 88, 208, 115, 235, 231, 194, 57, 234, 57, 30, - }; - std::vector c_ser(nil::marshalling::bincode::curve::g2_octets_num); - nil::marshalling::bincode::curve::point_to_bytes(c, c_ser.begin(), c_ser.end()); - BOOST_CHECK_EQUAL(et_c_ser, c_ser); - G2_value_type c_deser = - nil::marshalling::bincode::curve::g2_point_from_bytes(c_ser.begin(), c_ser.end()); - BOOST_CHECK_EQUAL(c_deser, c); - - fq12_value_type d( - fq6_value_type( - fq2_value_type( - 0x005db8a7f4d34ee8386fbdd094280f8cab08317945342ae713c2304055ad78397ca6e8174af0752c3757efe813f06a3b_cppui_modular381, - 0x0c3c7febcc53d75eca6b47c27efbcfa8a2f394bcc5087c1308aa768415ad37fa6d7b2778482ec5d10425b2434974f0fa_cppui_modular381), - fq2_value_type( - 0x0f681a396bb919c9bd0582afcc6d75fe578df8968266082c18129d8ebc769a5b816efb78fdf962d7719a89bc804ea9b4_cppui_modular381, - 0x041e0cc3da511cde05956a4a90ef1d74732ff001d6694d75a35d4546bd9e4f26b8427da499000e0c2bb282713ff23eea_cppui_modular381), - fq2_value_type( - 0x027423d44d437b22cebc4b79153c0a6f077507c0fdc5aa30a61249faa72ddce8e956a9e489d69a79bee9e16a79ab2022_cppui_modular381, - 0x0958c21e079b0140de7ca150e1d021f065d2f277d78c138048d47f72b4ea0e943ae07bafbd890270cf152facd09aeb8a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0d96831921809f76a8fb439c4e2ca0266fda8500b2cf4eb31d2281fd352dd9d8fe911fb81a1da00bf52d6e81abfd231a_cppui_modular381, - 0x001cc9dca3d826bce7af86210eda9b0f0df5fc7e951c7904f0eccfc3c07ed4efdb793552757212172a2302e4314155a3_cppui_modular381), - fq2_value_type( - 0x0624b2b4826178f5eba880e953e8343d1afefe52b47f5c98187fd5361d2a3714bf2b62bf148ae91ab6e24ff4e579976f_cppui_modular381, - 0x00ecad906407071532cf7730a6d3f46515d1a70ca123890fcc313d75100fc835bfe1f7c02c026eeda7221cb2a406ffde_cppui_modular381), - fq2_value_type( - 0x02d254206dd3c9cbc9c5a99a9b21f4776a7c1bc4745b59b71efa508566f2d97e2da95f19cfaaf702e6efe214f6abe45e_cppui_modular381, - 0x1175ac9f5fd87dc2adecabf2ad3fc65bfe2e4054383e07e201d40dbf4bef2df006a4f8588f93bd872f66ad48982a9fb1_cppui_modular381))); - std::vector et_d_ser = { - 59, 106, 240, 19, 232, 239, 87, 55, 44, 117, 240, 74, 23, 232, 166, 124, 57, 120, 173, 85, 64, 48, - 194, 19, 231, 42, 52, 69, 121, 49, 8, 171, 140, 15, 40, 148, 208, 189, 111, 56, 232, 78, 211, 244, - 167, 184, 93, 0, 250, 240, 116, 73, 67, 178, 37, 4, 209, 197, 46, 72, 120, 39, 123, 109, 250, 55, - 173, 21, 132, 118, 170, 8, 19, 124, 8, 197, 188, 148, 243, 162, 168, 207, 251, 126, 194, 71, 107, 202, - 94, 215, 83, 204, 235, 127, 60, 12, 180, 169, 78, 128, 188, 137, 154, 113, 215, 98, 249, 253, 120, 251, - 110, 129, 91, 154, 118, 188, 142, 157, 18, 24, 44, 8, 102, 130, 150, 248, 141, 87, 254, 117, 109, 204, - 175, 130, 5, 189, 201, 25, 185, 107, 57, 26, 104, 15, 234, 62, 242, 63, 113, 130, 178, 43, 12, 14, - 0, 153, 164, 125, 66, 184, 38, 79, 158, 189, 70, 69, 93, 163, 117, 77, 105, 214, 1, 240, 47, 115, - 116, 29, 239, 144, 74, 106, 149, 5, 222, 28, 81, 218, 195, 12, 30, 4, 34, 32, 171, 121, 106, 225, - 233, 190, 121, 154, 214, 137, 228, 169, 86, 233, 232, 220, 45, 167, 250, 73, 18, 166, 48, 170, 197, 253, - 192, 7, 117, 7, 111, 10, 60, 21, 121, 75, 188, 206, 34, 123, 67, 77, 212, 35, 116, 2, 138, 235, - 154, 208, 172, 47, 21, 207, 112, 2, 137, 189, 175, 123, 224, 58, 148, 14, 234, 180, 114, 127, 212, 72, - 128, 19, 140, 215, 119, 242, 210, 101, 240, 33, 208, 225, 80, 161, 124, 222, 64, 1, 155, 7, 30, 194, - 88, 9, 26, 35, 253, 171, 129, 110, 45, 245, 11, 160, 29, 26, 184, 31, 145, 254, 216, 217, 45, 53, - 253, 129, 34, 29, 179, 78, 207, 178, 0, 133, 218, 111, 38, 160, 44, 78, 156, 67, 251, 168, 118, 159, - 128, 33, 25, 131, 150, 13, 163, 85, 65, 49, 228, 2, 35, 42, 23, 18, 114, 117, 82, 53, 121, 219, - 239, 212, 126, 192, 195, 207, 236, 240, 4, 121, 28, 149, 126, 252, 245, 13, 15, 155, 218, 14, 33, 134, - 175, 231, 188, 38, 216, 163, 220, 201, 28, 0, 111, 151, 121, 229, 244, 79, 226, 182, 26, 233, 138, 20, - 191, 98, 43, 191, 20, 55, 42, 29, 54, 213, 127, 24, 152, 92, 127, 180, 82, 254, 254, 26, 61, 52, - 232, 83, 233, 128, 168, 235, 245, 120, 97, 130, 180, 178, 36, 6, 222, 255, 6, 164, 178, 28, 34, 167, - 237, 110, 2, 44, 192, 247, 225, 191, 53, 200, 15, 16, 117, 61, 49, 204, 15, 137, 35, 161, 12, 167, - 209, 21, 101, 244, 211, 166, 48, 119, 207, 50, 21, 7, 7, 100, 144, 173, 236, 0, 94, 228, 171, 246, - 20, 226, 239, 230, 2, 247, 170, 207, 25, 95, 169, 45, 126, 217, 242, 102, 133, 80, 250, 30, 183, 89, - 91, 116, 196, 27, 124, 106, 119, 244, 33, 155, 154, 169, 197, 201, 203, 201, 211, 109, 32, 84, 210, 2, - 177, 159, 42, 152, 72, 173, 102, 47, 135, 189, 147, 143, 88, 248, 164, 6, 240, 45, 239, 75, 191, 13, - 212, 1, 226, 7, 62, 56, 84, 64, 46, 254, 91, 198, 63, 173, 242, 171, 236, 173, 194, 125, 216, 95, - 159, 172, 117, 17, - }; - std::vector d_ser(nil::marshalling::bincode::curve::gt_octets_num); - nil::marshalling::bincode::curve::field_element_to_bytes(d, d_ser.begin(), d_ser.end()); - BOOST_CHECK_EQUAL(et_d_ser, d_ser); - fq12_value_type d_deser = - nil::marshalling::bincode::curve::field_element_from_bytes(d_ser.begin(), d_ser.end()) - .second; - BOOST_CHECK_EQUAL(d_deser, d); - - ///////////////////////////////////////////////////////////////////////////////////////////////////////// - /// Transcript tests - - scalar_field_value_type et_res = 0x1bff9ec90c94f40fd9360a56a02db6a06be9c09b642d6049eb983bc21fa81fec_cppui_modular255; - std::string application_tag_str = "snarkpack"; - std::vector application_tag(application_tag_str.begin(), application_tag_str.end()); - std::string domain_separator_str = "random-r"; - std::vector domain_separator(domain_separator_str.begin(), domain_separator_str.end()); - - transcript<> tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.write(a); - tr.write(b); - tr.write(c); - tr.write(d); - BOOST_CHECK_EQUAL(et_res, tr.read_challenge()); -} - -BOOST_AUTO_TEST_CASE(bls381_gipa_tipp_mipp_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type u(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - constexpr scalar_field_value_type v(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - - auto w1 = structured_generators_scalar_power(n, u); - auto w2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::wkey_type wkey {w1, w2}; - - auto v1 = structured_generators_scalar_power(n, u); - auto v2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::vkey_type vkey {v1, v2}; - - constexpr scalar_field_value_type foo_in_tr( - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255); - - std::string application_tag_str = "snarkpack"; - std::vector application_tag(application_tag_str.begin(), application_tag_str.end()); - std::string domain_separator_str = "random-r"; - std::vector domain_separator(domain_separator_str.begin(), domain_separator_str.end()); - - transcript<> tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.write(foo_in_tr); - - constexpr std::array a = { - G1_value_type( - 0x19382d09ee3fbfb35c5a7784acd3a8b7e26e3c4d2ca1e3b9b954a19961ddf5a04bc3ee1e964b3df3995290247c348ec7_cppui_modular381, - 0x0e1429c57d0b11abeed302fe450ee728b9944a731765408533ea89b81f868ea1086c9d7e62909640641d7c916b19ad33_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d76e41234948369334b432362d0704bd88599200d80645a69ed47acf10464822776a5ba8efaad891d98bf9b104f9d24_cppui_modular381, - 0x08a8c2ae10d589f38a9d983feba2241cbf0d292d44bc082e8fc9ff872f8eb280f6c6cfd1c34928fa81274781a4f4770e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x02e080ea7883f56025b965fe7fa27315af7bf0f532fb031075467cc78dbce6319645e23e8febb6660cc864ba9e985afd_cppui_modular381, - 0x0f25c2c8aaceff02da0d5b85030767c64b3ed2ffd3e3f69e9aee42025c737e95fce00d5269eb151c4d22a5f77ef8c815_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d3541b03376d07cbb7f9f48b3a1cc43cf48160152c20c00c7bad75986839b0f9ef7cc71f1ffb4d254d9ec15ce6bf336_cppui_modular381, - 0x01e48935c827f8ec79129124e8baf1deccf99d8ca0324fae41e037f4854ff4f389a4df3bc9ab2549b6ef949e4acdedb7_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x100462d4d96fcf47dd6f6dd3957f8c2d15cc72fe0f2ab0540813e73a16c74b4bb932722e96a33e2a26ca1ab9bc879e49_cppui_modular381, - 0x0b2d223ea7a3275108aa52b3e4eaba948dc93cb6ae29c3c472a022eab55356e51755a6486e7fa94f3b8b4a06b3ea735c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1320c3ca0de8f268ff78f461e5b342960432064eec51743c386fe93f2f1ff8d4592d04605092b7302c217a72e6137632_cppui_modular381, - 0x1613b77929282de9c0a3baf3285394260a50660b2f5168c6924973b44f35dc1a236796b3251c5a748039b78d0b377576_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16bfa39559ac6ddfd3c63ef03bfd11ae6de4d08e66f82dc4ec4e2ca4318c266a705134204f2aaf99b91f95610d356bdb_cppui_modular381, - 0x0c2dccca4ef18b3cf50f18ff13de4443eb6f5e6160ae985568fc5557232c892599e27285254360f797e4b59da1c19406_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x09f4ebbbaaaf5d2ea52abcb591412f6851539e1919d34de4f00900e60591438a6668d48070b5fb22c3b59a3cdae45799_cppui_modular381, - 0x0aad9a2d04fbced844ab0811af6deefb18e9d67660073ec96954f2f0edf3a884a4ddcef6d8b7889a9bfbf7e2f151b1b5_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array b = { - G2_value_type( - fq2_value_type( - 0x0badfb692a2a7ca4970d2733fc2565afa8e09428453ef5cc916a6d5ab43b8be8b9ef920af378f1823f426bafd1d096c9_cppui_modular381, - 0x0d523776965ea36bab19da0387d38305d628d63fb7da6736f4620b7fce92539fcbaafe7dabd96e98693d9973ecf0544a_cppui_modular381), - fq2_value_type( - 0x020203c10b37edef960e6921c624ee57a3c2b256385b3c68f8fd611f1deba8ab91cea15d77452639429c74086a322eb7_cppui_modular381, - 0x1498dcc1d84eb92d7e41ee99596e1825901ea430fcb0ff64d346e19375981ba8579d6ebf325c8809f1aee58542bd6c98_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1634b13dec932a66d5b3ea6406bacd702e020970d533c29a3d6fd80a4ce1e8138744eb41b0f1e66e956fbace9af6a151_cppui_modular381, - 0x0a4edb2465192b1b32c84bd6791aa9795b8533df963b1626c8ee548bb5f7430a563d0e662b3053cc12cd256f9e8471a4_cppui_modular381), - fq2_value_type( - 0x049004fe74f14513aa607d429e78203f86e08100dc70243fef9fe73cf9f04f9c3793b3fbc1d4833f9db371ee94e60bc2_cppui_modular381, - 0x0f2277dafecdf791e560c89086d7abc21e5f0314fabd492a0926e588acf7a34d30c0713ee2cb03054f44a7dae8288694_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0147be5fd09e02e8d64eec3e6737b40d4099ccfdd88651c692c7d4407a2822c35756ba40ca412f61e201b5cb649391a6_cppui_modular381, - 0x165fd26d77e79da63ffbfaa5771426f4fc6c925a92bd593d1075e84ae1db5e9cb0a7dffaea46dd46a44f6cf904cb873a_cppui_modular381), - fq2_value_type( - 0x1507d32ecb1783a069322547839ffeadd5bc4e04562dc36914686df787f6f82d5a84f32786996fd56ab2ed75e25264cb_cppui_modular381, - 0x0302e3dd0ef0b642fc55af194e4906d57bcbcfa1a3822f078fd7fa1ea0d665ef6f60531068bd7a6834b92618db91ea23_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x04c0d40f727b43aa40d5a66de08182abf5c15f6d3726a9f43085c7a9c8b535ab17bafbc6d90a6677905271c845768ff2_cppui_modular381, - 0x10e288228d368ee8fbfe240e2a0ac3214bc232334d901feb02f41fbb459c11ae6fb381a4022232b66f8a98ec5ed2425e_cppui_modular381), - fq2_value_type( - 0x0285029f076803949ea0d635d716ddff562a8ba9a652e43da0e1df737978432082cce2435e857a2b78c886fa7a6dce84_cppui_modular381, - 0x0a52fcec1a0fc4ec51022181a0e1e44aee18f8d2cda18c8ce5acc789838b03205919870c83b4ec54cc523d89a40ef62f_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x113b921ff6a06df8c8ee87288df68472b00f7f8dc243c12731f1177ecb8780fbd3765069e0fd5a8c1c7a67649b00d2a0_cppui_modular381, - 0x12d96c166c7292b72c7bb9e0e9e91ffdf7ca3926f67ce4894f0b7ae0d826d397c7fb8bba8e2e29abcb8aa9e7de01c42b_cppui_modular381), - fq2_value_type( - 0x0b9231a10b1066269677672e76235e7864d7bc0bc99d9de649c1ecca732e887c6c5975c486b44fae713541d130497bf6_cppui_modular381, - 0x011a97bd656717d31c74a17fec650e2a04894d04631792f14183ccacee8db3ddd731f4ced99488a133f66d12a66d2eaa_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x159a7f20fc1f1fe0f794fa735c6ee28b2837aa5d70d70d1f53f1d7cbae31ca04782e9261818ae6bda542076fb61c8bb1_cppui_modular381, - 0x03d48c028b98f10345bd40a59c2bf27229947241472986bbff174ea87d1a1d4721e2a03ccd0af2fad6d014fbc93f55d9_cppui_modular381), - fq2_value_type( - 0x0c5b2aa2ac824a6a3df42b895d61832e71202b8fa896eb7bd52e4f1360c696385db9fb84783aaea4e8ad86f80e2703a9_cppui_modular381, - 0x07fc3cf1d974627a821f223dac339045ede041850e3b6b542dc66b0d3bfd3a582c68c65ace31bb3986c70b4f59754e62_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0f228b023d7881ed41446c45cbc1fd05aecb0708291131bb189a6d826921780e1c28864cb0d84f68d4d1933d5bb57c15_cppui_modular381, - 0x14292b6aaa6b19596e452bef413171d6fbf68e1d7642dc0e815c8dda280c32d63279dcb9bd16effa5789722dd403c188_cppui_modular381), - fq2_value_type( - 0x05e1e5b8555c4d238726565fbca0b37042fd10cf5b7f6e0396d71f5660db2aeaa053b0be570f33c1349503829695eb98_cppui_modular381, - 0x0896a44ec87960d640a89fde02f969a079c781ecf6c29f8c3115f6792cdd20eb5046ae8aaedab29b0b6d12728b9863a9_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x108b91795a87e98f1fee29fa53b60f7bd6f397f6e716654e508303a0f5cf9adf44cda4c8698319da3b7f2f417823e127_cppui_modular381, - 0x1389b59456bc26b56b1ec04cd3deb42033519f78255e3569231d551c121bee2b42151c2ef3513c48851519133c7b24be_cppui_modular381), - fq2_value_type( - 0x13d4e1d3f953e836bdf9602d2fbb7496b8a922638cbca415d171de4a7df0a9ce630c9d14e3804a662ee558d415308993_cppui_modular381, - 0x0b154e4f42109dd3a7857f02cd95c480d205ba5427fd49389051f7fa927ea6e2b6c4373c145349e8cbd9ca1098fba447_cppui_modular381), - fq2_value_type::one()), - }; - constexpr std::array c = { - G1_value_type( - 0x0ae765904fababf7bd5d5edab78752b69917962c150f3b0311446579a083a667412ea18f009817a6051cf852e09e9c40_cppui_modular381, - 0x127fb89d20a2b31725091c033f14986b33878ef4853806987412126bd8135731c09d5222fddf44441eb4e04cee8b9469_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x140e91d114a6dbb835d2ae1ab50729b0553e3e988ca0451b29ac1458caf71b1f1c47ef2255814b4a3ccfb924f57cbe33_cppui_modular381, - 0x0ac830f2ed3435b2b9b3900d0bc0d74407467abdde9f72e922859ae1d2cb094299a7ad467680e7eff331e8a6f92df194_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x186aabfcbe235db4a2dcbacbdd571d0b2e857ada26ee83f0a4121c1bed70ee6609bc0f24b3ffc6ea8af50b1b4de25af5_cppui_modular381, - 0x053ea1258a76b5dc15460676bd2380558bd26cbd98266cb04bbe3d18656f68b8ea11c6db24fdffc28470fa8778e08882_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0642350f1aae9598397a7da3190e07b7b896696682c37641cbbede18f05495bcc822cc8bf34b87709372f3b8cb895a38_cppui_modular381, - 0x140f5cb0dc31c1db82e845f53882f8a7a0679380acb7262411d8f9b7877586192f1d306f5eba7b42fe937c3885542c1e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x04eecaeb1aab1d88696f17a3fb205e7d0bf517c16ccce694f196cf456b45a3983fe40aebbd2c0a5da701c63933d0c388_cppui_modular381, - 0x18dd9108754b69d09b2ad191b8c4f431431030619765f109a0ab1fc9a64e71d483ad96c95a777a0e73aa72703b97f59f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16dd473a6acb01617eb7b690657196e837013062c9a20d0afb16f8604882182b65ab55e112265e510b4a0a95ca2fe1e1_cppui_modular381, - 0x1937d9afd12b5a1334475224f967fae496c1b7ad9277845cfe9acb789d9d207d7bd3c2464b337669c9ffb3d5f643a163_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x19bd07f7ce52c9efe33aa9e93c98c9bc2ddaa4c762c52f988064438ed82dff92c49b5799124116af8ea46d9dab5cd5f6_cppui_modular381, - 0x08f805c413e0a8087b32052148a63dda612c34a988e42e8cd12b3fb3d72942201571bf46298c6dc697c1e51be539295a_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x00352edd966153a5fd28fe8ac333ddc95a4dd00a6ef16f7b59095e705c3bd5d6e8805071f3c8ab2a66f70e7a703233bc_cppui_modular381, - 0x0499e107ae36ceb8da7e1da2b83a8217b428976311420b4281bd428bc18b0db518e125d8a21e92efe1d68bc766ac4ffe_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array r = { - 0x05beb4119e1356ef39f98c7a7115452a3c4c1e2a48975c85d875aae91185fa25_cppui_modular255, - 0x256d4004ff9591bbaeaaf85cac883eed808de37eff2b45c6d05e6670b3cd1fdc_cppui_modular255, - 0x3973e132b07e7b2244f1172a11387054f7c9593b3b258475db005459a0e4bcff_cppui_modular255, - 0x669073a3f8b48ee66412051fc614f73fa8e4e967a81e82562d23bfe430d1e2b4_cppui_modular255, - 0x2d571b235843a47ecc75978a95b3cceb9fb28a6a2919e0304eb79201c4ef0352_cppui_modular255, - 0x622551c093e4773c3e1ffb69e99fcd4a31a1f727369f47b1df49b03b9534a8ad_cppui_modular255, - 0x0b8cb847f81048e85f5843218c1e273b56ce2608d7d9947cd1527a1fca0001f8_cppui_modular255, - 0x3dd77c298708150d79e47bc4afccf78a6e2f32a17bbbcab1ea41e05551c0e96e_cppui_modular255, - }; - - auto [g_proof, challenges, challenges_inv] = gipa_tipp_mipp( - tr, a.begin(), a.end(), b.begin(), b.end(), c.begin(), c.end(), vkey, wkey, r.begin(), r.end()); - - std::vector ch = { - 0x2883b568a12a6dc1561fee01f0090f3ff06a0f7c27f7a40185ac41385a200ded_cppui_modular255, - 0x112b150c55bab0273d64d934d71183dbb256751e8b80d2b0ea87088fcac8e851_cppui_modular255, - 0x055e703e64b31bf0b3bebd815951fe581d97779a3b98620ba1794cd9bc58fbd5_cppui_modular255, - }; - std::vector ch_inv = { - 0x43eecdd051ab2519427d7d76b6f873497e3cdfe31c76d5667e08927b96044bfd_cppui_modular255, - 0x0f9da473894f2bc1c166db82fe51c5d092a281205607879752b816113738d899_cppui_modular255, - 0x662891b8617ed1084a8364b6f5079bfa73f61b837d13a795a411dfb2949aea62_cppui_modular255, - }; - std::size_t gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1701ba7f0509b7e218885999ff8e0d8fd20879249faf6c907327a354db0620de84726c2ae65f7f7346be4c7b9b2c4367_cppui_modular381, - 0x03fe09ebb7904bfa095554bdfe698518fb1064b0dc9f122531b9a7182e2ccdb8642b42cd4843eb25a79ed4ff5f71075a_cppui_modular381), - fq2_value_type( - 0x09cb83834ac84dd6b6847b473e767ee9894a1245766a744b6c214bb02531cfb94d13343c9aac3860f3eac1a2de7af470_cppui_modular381, - 0x095dc64073093a6bf7f9e9dded5df10a42b01711dc9f1dba1b1e0ec84f4472e7d2d2d8519e631705b1f9bbb97be68432_cppui_modular381), - fq2_value_type( - 0x0b510e0d90b29d683baa1822f05ecee708864a37d4ea68a4c4816a81b2cd245ec1545d014f62ed13a03023e52edd1dda_cppui_modular381, - 0x1689673fc750776551be668c09990aaef7e6b6947f1b0e3f73b38a40beda59108dc9e8ea6fbd5585db728f562795ce06_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0e99ecab8f6548d90cfe9ae76dddcd4e4c10ad72958b452d553c4dc78ffee512c71fff93f8b085293fe3c02c7b96a6cb_cppui_modular381, - 0x0cbe80765592e2d2a972471d965dbab09c386796cf2a719446e3bd1f3d7d6524c787e1bb7c20b75351220fc2cc121706_cppui_modular381), - fq2_value_type( - 0x194753dfd2e92783ef2aea297b1c264d59dd9a944bb99fe45ac8b5554b0841470f06f3bc007a8a3414bb9e3334e674d0_cppui_modular381, - 0x0764b08c7bfbd9e71c5422ccbdebcc3f1cc5beb57f67adf295948fd983f73d9930b688af6a489c36cf9d9288f8d22c49_cppui_modular381), - fq2_value_type( - 0x119cc4751db354af4c481685629eb95d805c55ae53a662fdbd00fe2ff7bffa1861c0540ce45ff4a9197f15c853c7d75d_cppui_modular381, - 0x040a238800a14a56bfef15ce32fbdb59ba5d76d2aa4af45e17828491f6cafad7643b13f74c368b6d574353a47d535d04_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x069b17df187719495bb18c016ae7e7c31e8edacaa7aa30e506e70e134b5f1bbb45442a75a1b8b7b206fdc967bcf14514_cppui_modular381, - 0x0160243efea1efb70087d7450d69c62edff1432c2fb2b8e3f0d9a01902e6515fc24b35bf0ed0c9812e9587424b41971f_cppui_modular381), - fq2_value_type( - 0x034f424496fb477edeb1b23eb85e7c84a64cdee7d331224d70fdbcb209b06e01bc548cf67d8df92dd79e6e7ed2a4cd6f_cppui_modular381, - 0x03e1f18f3e7264effff7202321de674e2374696f07f68764878b4344223259ef69619126594e1fc0389eb9b8811432a3_cppui_modular381), - fq2_value_type( - 0x0eb7a0b9e959a2c6d83a2d8f5757f48005bf4774d4e554290377798d8675f416c914c67f4e200befbde44139ceeb09a9_cppui_modular381, - 0x13c675a9f0527e51c4719f6b3b7bfd92da3f206306c8fb9c85c06c286ee45116749135b06ec1495827f1f8bf739304f5_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03e302298442ff87e6b52fbef013fe0afc3d002a78b8d2d582bc1ccffc8dce383bb4e21d5f549c64f880a1edad5d2790_cppui_modular381, - 0x0b16d017c1f4c8bd22188a741d1e93b15748aaaa079ba4694d2194583ae81beb9b2361746c7aaeb11f08f71e937bfe88_cppui_modular381), - fq2_value_type( - 0x162a2dafa59534770a715802d107403a1176924870a320f0462ca850397c41c75efcc11b5b6df2b63fab3ca6566f844d_cppui_modular381, - 0x022629d916cbb06d74e8ecb06fc8f6a78f56f0a93fcceca7448ef647198638010ce1f518ea05552749bf5dce10720ca9_cppui_modular381), - fq2_value_type( - 0x0df9783d2dcf1c4c1c3b97734551c84a7ddab13c5e9b2537ba3506e02a7440cca899ad1564e27dcc807ca1cebf42b13c_cppui_modular381, - 0x0a3e3e4769f81a94710995948ba1a9f7792d0e22cbb1abe3f479e328a3ad4ed531eade81eab2629fd2280813f75bcba9_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0cb6ca8b6d88b711d02573075e1a40f6f25349a80f88e0b07baf511d8a4baad9b586ff7f9c81445622bcc664dd13a6cc_cppui_modular381, - 0x0279458add992150b117e6197e5ef3d5c852e1796b449f50cf650cacbb870961629c672ee7b2d9947cdd03bb7b878e3d_cppui_modular381), - fq2_value_type( - 0x1847cf165d4d0f309788dc34d44535872d7a40bae234462e1b9ed09fd5a0f0d1ee26e38d7cca0eb2f660daa83b930b0f_cppui_modular381, - 0x12080acb367923b739d6d1041f9fbad2c2ee94dda3adb9d1258e63482ef3e435661ff3ee1ee3c84b42976a1cfc934e44_cppui_modular381), - fq2_value_type( - 0x09f8ddf1533933a8d4d6b9b9dbb234924773e13562b9dbeb6875c4001325a67868b782bfc4683c8d49fbd65db65eabfe_cppui_modular381, - 0x02979b2429f4d35280394b9b5cdb690d15b4a2aaddeac08e1664705ffe909e59bccf4be90c64bf0f34a08e5efd80dcb9_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x11cdeb302303e06fc11452727a8cf6900c6b8f6bc5f503303e41b9f87add0b195d76772d875af36b1877c8da4044b357_cppui_modular381, - 0x038dc01b2c89d1895bea6c068713259fa1f5d02dfafa4fee9a19a05150ad832a875cb5447379756e45b35e73cfca3749_cppui_modular381), - fq2_value_type( - 0x194c20fe5121f5c1864c5efd03aadb880cd5f6c951d0a7f0a68f53cdfe6aafa5f8d83455ac6883971fca5d743888a579_cppui_modular381, - 0x14b7cac6044711b4dd19dbf1895ba9c393ae921d8500ce74246e5356b8d894c71caef2b913bed06b62455c3c446ed7af_cppui_modular381), - fq2_value_type( - 0x002e2b2d7ea70d38899115877b6d6ea175f96e59f7d216046f49b7f0e9e22ed7e0c267638448d2285c4cc1289458ff0a_cppui_modular381, - 0x03966cd64fef5c3ca8e12190400b0ca7da423d329da5270feeeee1ca9f2e8bf52bdb258d5f7ed7a7eaa51bd84852a810_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0b6e2795e7fa55531035a61ea6a24052b565a5ef05ce509266cc9ac7059039ba70958b1e4bc2da7353d80f0b699b6774_cppui_modular381, - 0x1618d8b816e6a34de3e7253178c51b6adadbf2be2f6c4c704fbe40a2c868daa1df8af540c7ab477f27004c5bc3e037b6_cppui_modular381), - fq2_value_type( - 0x052249bc1c46d9914c01e3a69922141f91bd1eafb2ccad0d7186507eda3c97bed89897f4beedc7634985c0e5d0150452_cppui_modular381, - 0x02ff2b93e282ac16b09951a7f14a5290cfaacb3f9f25b9092b710f7ba2c8c30b285f0e6c62284913e9d0b37a92997306_cppui_modular381), - fq2_value_type( - 0x14bb0012a1d140eff26e210c2f8ef1e29dc4e38aa84c7ab0358313212c2fbd26850b996e82e39f9f65395b4e824dd3ad_cppui_modular381, - 0x08e1c0a71d4827a4d0708869f4c75d277625daecbe7dfa78aceb94751274c97a4874bd647edea3831f2ebd15c53e3ff5_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x098646703bafe7dd5cb20f895ab856379ebe2795171a2d2d837c3daf319242413836c94235cdd46a14bff333776cb355_cppui_modular381, - 0x06b75a76e67126a0276a38d56b75c97ac7eed982bf0e6bc0ce850b047a66e3dbc0722657affa8fecf54c153e915ddf34_cppui_modular381), - fq2_value_type( - 0x0febe95b97905efbad801cf2f411b3c42738ddd095c080721dbc0fd8b5b19a1846e88a83903273bfcfe312d4456524c7_cppui_modular381, - 0x0eee398f5205e62ad1101261d8e611e78eac9f8f8501a6d3948d6d9709600c8e47d213682f3cf059f69c234ff2dccf7f_cppui_modular381), - fq2_value_type( - 0x0dd8d7d5ed516418c10b19f95a374a6e896e30fc1e3d1ad535f9cdbae03abd371ce69d37acaf718544c9380022dc0031_cppui_modular381, - 0x0fb010c220a47c2abe40a2e2b88aeb11506b9cdb36f9f6e587435be0634c64252126796fae4b841684368b9af64ce00d_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x16da8406c72e50852f40308e036b078f3820b71c63131432691fae238e2f8533959a59f3ff7a517230e76da76ea11293_cppui_modular381, 0x16df3a44d2a8ebb86dc1ef23adeda663a2f21c68f274b2865df249d892c3d47baefe48aa7637e80d9120ba61e5dc1bfd_cppui_modular381), fq2_value_type(0x0485b9438b3d0ab777df7dffe6240f2e6e4c5bcd5d948973671cf15e4e470dc59652eae43e3979332ce80479e7008b3f_cppui_modular381, 0x05c91ce79d3c2d73aba5ddee9f83d201938b90272e620c63fd0987c516a1dcd9633ab470177cb3d51da52b6de9e53cfa_cppui_modular381), fq2_value_type(0x0cda1c363a18c00c3271ff99efb4d016b5b13acca2d801bb7a283b992ae8094e80cadf5e7aa26e7887c183c01aebee0e_cppui_modular381, 0x1141bcb428c8989db7a6e7dc2802d589bf49f8140177012fa81bce1ec75479e6c54fccc3486834a1aba2195bfba1ec4c_cppui_modular381)), fq6_value_type(fq2_value_type(0x17210c1bb1cc4e8b1379271293a66da66f0ee9541c07b7f4d0924177c5ff01107c543a57e4a6800446573495b8cb7f9f_cppui_modular381, - 0x0c18658c9e3c0a8129165c8cde1eb4b4b28c50d46ffadef2884b5ec1620b48129a8e65e8fd98a5eace06cc5a51e626c4_cppui_modular381), - fq2_value_type( - 0x0a6e4e70752985d694c8e8f20068ca504aca624f63afcee28a41c8df67b5d24241ccdeac2c2551a1a33c2fee968e9072_cppui_modular381, 0x01a9b5dcd330acb681df8be5747d02bfaa016db2c0b1f7b3dfcfcf09f4a25728c00da7aca745afa7a4351e841b089195_cppui_modular381), - fq2_value_type(0x164361d654ef2831b88c3fa1aee44c6903a99034cac2d8b7ee03649b29917876da30d16fc03563e32918f0eb41dac3fa_cppui_modular381, - 0x0c34b80d2414c06736417a5e0602edd1411ff3ccd30557fecd123232d5821916fe6ea4e1f8bee4c72e552f174e70b694_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x01e66d8c34267edee21c19b8bde31acf91564bc8b36a24e9c0b9e5a1956ce63dbdad95fe355ccfbff4ceb2ee8cec79a2_cppui_modular381, 0x02ca51dd6351566ee9e231b88a751b93fd78a233a860b8bf6bd8aa5e28085b2040d3e48c05b126e1240027864f98ff3e_cppui_modular381), fq2_value_type(0x0f932f1c62814ba4317a6efc07823ef64fc76d8afe0e0a14f375e74b36720b48d08ced11db0d7a3a0b8c0ef122cb265e_cppui_modular381, 0x02870732b2d15ecc4f4af98ac0f5dcf007c47fcf75ca17bfbdb1d559fcb956c7712e73487f638d92d80fe5b35b3289ed_cppui_modular381), fq2_value_type(0x12fb1202408d76d2aadc36a392c7ef2e273d9b835b2a34f42d48e9127437590d07377bf4d56c0088775f687eaa6ac79d_cppui_modular381, 0x0f3d1f91c8bfc0aea320f91720ff12d69e3a0e3a80233471a8ddf9fc0dea3c467e84f9c0316fb75f8cc62fd333920544_cppui_modular381)), - fq6_value_type(fq2_value_type(0x1125252157c328766e2e4b2f158e9b85c425e27f823418173d7a75690ad2d650b8fb9f1d48f1346a67c1efd13d4b6e25_cppui_modular381, - 0x0c9ce95c2b886c2f826f3eac42f0038aa1ded2f86d263566095ebd78b1a9e2624a1e7f36ffa742dac62f81b419d1cab7_cppui_modular381), - fq2_value_type(0x0b3cc7985be98cd4ff44a6ca8fb4fa60049b224d0be10c124611dffc2ed21ab707352b35b746cbc4313b2d7cd0d5b541_cppui_modular381, - 0x18c534f303bab5e4a5340f2c0e17b0f183b71e28f49f7bfcb93920cf4d5c33a5de2dc83f6d5eed6cb5406254cf4dc82f_cppui_modular381), - fq2_value_type( - 0x074df80972d96ae23b43ef629a8cbe5638e1353e22f51d0df5113a5a262cd3955e3541f73f8714ef4994d7a79432566b_cppui_modular381, - 0x05d374e795830a7d302915243530cd415f0c18c540b3634c633a2a6739681992cb7daece9674a0491469f260923bc674_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x132a78e0b00478b3edfc26db906dbf6c2759c7f27c3b98a84011c65b62bf92af8b54ccdbd3c1db8bc9362589e5078f45_cppui_modular381, 0x0168f77a62d1b0e636dbde50e62161a2ed12142c177742aa798dc8dc8b12bd3b9170ebe41020defebca1e5bb20aaad47_cppui_modular381), fq2_value_type(0x11fe2f2b29287ca8a2365bcb07457c284910cc544bb0211101b8ed23c463a1ddaade5a26f1a56ec93cb78659d5d6152e_cppui_modular381, 0x06a641e4fc2750db919dfd1367961cfc265ab7e14f56110c26fa2f6b0366760abe126c5b50a6e9092e6ea61527935f45_cppui_modular381), - fq2_value_type( - 0x04c0aa651f98f36be45309ed33f25884fff4aeb557bebf8f9b75f2286359a1216fd4d8f3a295f812c911f8868159cee4_cppui_modular381, - 0x17649067cb9e9d5bcfd3c3bc471e0f769154e7d8722efb664c9ea7ae17dab09daced6ec09bd629f88d9092f6cbd40469_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1911a9857d93950e3b8b1754d10a44012f88842553804c156f3f8f3516c7696734087e98ed3685c7be16b92e90a945de_cppui_modular381, - 0x1489e73b6a540c0e36eb757c0bc1a618f7b6e9be7205292cbdf4361a595e8b7b302434574e7dcb25c1a054903c0e41f7_cppui_modular381), - fq2_value_type( - 0x17bbc83baed4f6d075d8042261a6cfb22952a2b2e8d5b23a4d526892229d7b03123939d7343a4ada1c5a0b2a76c7bd3d_cppui_modular381, - 0x104cb9d23adba2e984d8ab179f4e433eba61be2aec6229836df5b5b806f612eaf188810f08f2a5ced9580fb489d5c939_cppui_modular381), - fq2_value_type( - 0x13d5476e4278861e0080218c9b08a75f190512ebe51f993286fab8be19ee2dbb69a8df2e326b4b7522bc58a906ecacbd_cppui_modular381, - 0x05a939f2335e754b28864c96132453330b6abe3eeec760b53a4d774d988c22d5a9c56191401a9d1d7c467149cef95ad8_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x11b23e1606ffaab1eb8952f0ba9543f09105aab2d7ac36725ff352a87dfa0b588658b7763b555a1b86aaf933337b59d3_cppui_modular381, - 0x14152d1e00b1b620c7f4a3cb377a8e60d576b3455583a01608e94f95f62e1d9b041845f2102e6ac198be8c3d94f68a42_cppui_modular381), - fq2_value_type( - 0x1603b8ca6becaddd01195cae5608d302ca23e14984c70dc7a61455895044ef148d0d8642ba0605aa7d7eb38ba44d9180_cppui_modular381, - 0x14e9faa3c12ba3da9e5f7ce9b521b63a8061d21569a21a8ffccc71eb8243c1070c6cb47f1f2363c31659dcb623bfefe9_cppui_modular381), - fq2_value_type( - 0x0fd584caada92f79eaa839320334d5ec141c278c48701997d37c0c51cba8b08e0451bf66000076a85353e7924b30f8b4_cppui_modular381, - 0x075e33a667c52690ddef06bd152fd8b06b7c965740a1bf7d23a765e049cb9abfda9f6bd1677033bb2d4731eb3c1b2196_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c1de6523b8ca977f15bd675452a05d4bdf140a83664def3df217691dbc1c7a3edfdaeb49ae7c8ed0c4ed91389131388_cppui_modular381, - 0x1156b0beca8f0bb9bd9716e563b4d776b7a6c9f6f35b6f5003ab392cbb8499a65349bf532573aded001b2e9a76a99cf0_cppui_modular381), - fq2_value_type( - 0x102268736c645e758dae75f4145d37b032618734391596206c1b925278a3815f1bd6429b1d1112ad1c091777f7fb50e2_cppui_modular381, - 0x0a36bd32a4acc7fa9cea23223cc051bb2a3015d9869acfe90e968127254b240f828430f009c48176242c80a195e8d9be_cppui_modular381), - fq2_value_type( - 0x13c34a0f16599f0684d7df9688bc41f0cc5bcb0eb2945b2405e00c2ae4b84c6b0e8b9b4d5240edf63cfb0bbeeefb1f3e_cppui_modular381, - 0x04f945294aaee3cad1852fa6dd7b024939483080cf5f561cfe08eea61d8b73cbb0669ad02d9e31f98e5c4ac3401ba2e1_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1796a4837667738bda78651ed8a4c65a87632a3ea97c95f51ac06954ec03d8c8ba490c1ea2a9518649d3f71253d684d8_cppui_modular381, - 0x10a7292b41a1e5b516f74e9ac0fe19a5adb4186c3c7557cc479ec3b60c38d09b82c6b24045737f9993b5a2329d8bace6_cppui_modular381), - fq2_value_type( - 0x195fd82c2e6fb90c155b2ad618676d49f694d564cb8409b9acab9242a6d0ee80ab7441b5be1c0ae9de004c706b31883b_cppui_modular381, - 0x1651f0e415a83964714442c625425dcfb29c22cce70da59b8ec872f5767f3049c4325a2217ce24deefc3caec95a136f4_cppui_modular381), - fq2_value_type( - 0x040bc81b4ef302791f0405a4a6bb36820aecd26d00161a699ede931fd34dbd727ffbd43854b390adb38f180786b3a635_cppui_modular381, - 0x06648e5c5fd111450b478256b589ed24746a56a31934ff6b204accba6b007396f5f56f580255728ccbb0faa46e5b1e21_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1297fb8567dc9ae1465edcb4d48b476a0640438ebb32c4028457f0fe2e61c695393585e548144898e78d1d01d36f8bce_cppui_modular381, - 0x11c84077dd6ad636c43440cedb146cb1adc6751bc993606df76c6aeb0e531367c7b9dc11a52145fb18fc9708ddbee524_cppui_modular381), - fq2_value_type( - 0x15a615bbebc925cbaf49322baaeed4e61a5c4ed3b6d69486f0097571ea22ed8772f015ecec1310179726e2aed0c60efa_cppui_modular381, - 0x16adf516ab6220a9f9b2d03b48a817221fe288fd431b529b353dd87303f5aaa0634c0feead0cbe424c1eb1c7597b8e67_cppui_modular381), - fq2_value_type( - 0x092b831b0608cddc79f2931e2a2b5c83915ec6c57e28dac295046c0c233d165e77b1423dfe27b89e23d12fcadd6f5cee_cppui_modular381, - 0x065b4973fe2a9dfebe3961496be7bdd85de4a9c38f6fa2b6012b7cfadbfe50a1e1af8579c12eed88f3f2bf3bbfc9fe17_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x03e6a19b59584cebd47c6692aad00d5640cbfef27a9439c4c6a2a1ffb927c72e42121e2aa68fde5c64cd372c662ab090_cppui_modular381, 0x08d42616f58f9931a6e197d17f0014d8ac864e1618f2378a1c1bef303e458a3f25fb11ea1de1fbfc12c3f505800b1503_cppui_modular381), fq2_value_type(0x04c8fe00bb3d8b84a035b82e6ff867936536ac6f8de6088b43392e6bdf815ef31e3afab0200d2f7c41ee344137751421_cppui_modular381, 0x00acba90fefd3fb2d9b2340850f406932a031b5f3a8029dd70ee263f735c2b32826f65f67872dda333be336f6b980ec3_cppui_modular381), fq2_value_type(0x0ffde25fd0ec8cc2907dba99b10bcd7cfd14aa026a144af21857dc41fabc35bb2c1787cd31b1b1d5ed2c232c475bab2f_cppui_modular381, 0x164812318daa68df70877bb63c0d8a8001e47c1db8f50d50cb95bc940dffbc7650bc40ea0b24f1595f5226aace718249_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x093481d03fef9cc9f271b5d8230d9cb14f3cf98d654b92160336e41e55f6d42fb605a2af905f17b1a459069fefd57c74_cppui_modular381, - 0x11f898ec6152eba558f2cc83c2c7269b9973240c4359a82021f2f4c6553c6f1f21f1b3fe0c5d92a067ef7608509f13eb_cppui_modular381), - fq2_value_type(0x088cddbf5faf04086b3e25a0981961c144dd9f2c0ab00992f33dc45e9af3910f91fe60ec07efb7c0826dbb7e0862ccd1_cppui_modular381, - 0x05f8f806e7fb624bde57aadc678423274f5d1693bd9f1ed59ee83c9f76b690e7eb08998e4f8d811e49ca1335a7cc6aac_cppui_modular381), - fq2_value_type(0x092a53f720e21ac1602e9670cee8b218a7aab84b5e33f05a0038be28f138e9a7abd348dd361fda6a6af61ee9d5f06173_cppui_modular381, - 0x14deb63656b666b4767eb71188e1c702a23c45d8cf168a1b35dd52e32cffffde0cf78b2185a7cba029a9b5ae24927258_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x1710517e71dcc0e44fa6c49b2a6f67c5b3ad99bf27ebb14019d7d76be38a7a9b3d7d7b16b902eab975fef089530c2e76_cppui_modular381, 0x0958e24b6e9472776ecf24d69379d4594d466ba5aeac36ef84a46f8c8d30637674b41982753cd3baf0e44b23a4b45d58_cppui_modular381), fq2_value_type(0x11c3a389dc556837541b6744234a7fadd3fa80ce9657dc89ece826ea81e1870d89ef29bb22963c3dc0bbf36f2aba73ba_cppui_modular381, 0x090dd7e0a7c9e256eb6a8fb0e20d5c1fce2d46540b2224b496a6c3c1b638051dcb896bbf7952fe186599471533dbbbdb_cppui_modular381), - fq2_value_type( - 0x13b7b8645c9b4053860778a6d0c900697a8eb71803d905bfcb946f06601bace37094d04a9efb482d941723f34b953f46_cppui_modular381, - 0x121617dad31fdaf4c08793363fb9da18053ec94f0c0e6451874ff895df9beca02cc139266282b98b8017f3545fca8823_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x06e9b80e0d58d32189864f7201c765dea9f6396ceed1edebb54f675b64038a4cb8a5d8583dd353bdf7e9070c5fb3662c_cppui_modular381, - 0x19fefc64f9dfdc55b956e457e1d7d8df75b72c77514e4d27b53ffe884c9e32a0c0c95f2062006b9f96f25c07dca70886_cppui_modular381), - fq2_value_type( - 0x17cbbd1bb6ef16b040f4ee89279425e42fc6747f085c089999f306146faa1cbf5acaacbe6fe64a02699e5e544968c860_cppui_modular381, - 0x0a457a90d294ff0d56cb9cfcc91785547e122e5b747c4e6b55f6d7502ac96ffb7628d5c35b8e57e7b4fc9da63c801432_cppui_modular381), - fq2_value_type( - 0x068a208adcf654e32af96029dc1002a2806c73cd16d8342b3f041296bbf956a5e2c2e276019df013ed1ab8418f0a519e_cppui_modular381, - 0x06f7930f493139b1c1421bd47ab75edc9674f0eb51b73f0caa95dde8fd6a1f76d0c0ceb804bd93291013bc79ae7f5546_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x107ddadb37b80b74ad3e2c93d85a56da0fa25be724d07a6d57ec84734a2a4efefa52cda682c81535ee716b9c7aff9a30_cppui_modular381, - 0x03a8e006494d27a53ad9324616054a4e25463379078156a24beede1925cc8e390e22004f11737c1d9544d2eece19af79_cppui_modular381), - fq2_value_type( - 0x0664e58fbed899267a597bf36c4c1fd59169881aa246267fcf6ce035f58272d6ca464cc6d7bb40724a76da5dc737c560_cppui_modular381, - 0x04a9c751f74a6c4d2a9b6a8fbddcec08aa7093a3ae6fc66e30955a356fabcfe670b030bc04568aa073b404ea6a627a4b_cppui_modular381), - fq2_value_type( - 0x10ebdbeb44f7419d1dcd072c444b833964615580789127e1865719422604b0effa076bc0557ceac7f399113eeee03e9e_cppui_modular381, - 0x104172dad68748a62a06f7abd5442d44b62715336070ccbddec71e5f690cce468c4d316748850d32043b19ad9f1725b8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x042dfcbafa057d992a14412651340136f38bbda1b27d2ab9e7ee65042ebe52d5feed5d135210dfe35660e0cf811c7ff8_cppui_modular381, - 0x00105df46a8c1b1c9e2b3d73c544438ba290cb61336652c136dfbb2fc1a8f2ef94bbb053254c14f6db1564589bf17df9_cppui_modular381), - fq2_value_type( - 0x1153d7f8cf18508d635a4ab1bcc41bf9ab62648b8114385714616228399f7ef85b38ed94d23f0b8bb0de6711c92f7f25_cppui_modular381, - 0x10e25c5d0cd1c5f0d90771f30a87c500c6797dfcb15397793565586c820fabdfc81de036669e6975df8fefbc7abdb4a2_cppui_modular381), - fq2_value_type( - 0x02c3df2e0fbefa9f39f2fe5809843332c4b052934d4326de1345bb2d33ffcc474ccac2151298e205344a7a0038e360c9_cppui_modular381, - 0x120a4f8217c9f0dc474a438ffee41b52e46dd2ffb9646a1d3c3f59ae2ba02883c28b9d4d09c003fd65560b0c130f83a6_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0509c0d0ab554d5c1425bea60c60c7ef90a1959d26a3294c7677fe7f9c1b4ddd8ffba5c06d900bc13a1b317a01a5c7cf_cppui_modular381, - 0x046d5964c703d200662a0da2054e82bdce73f1a37e8694e9c452dcad42f5d15bdb651c44ff8691022d82cf160800bb53_cppui_modular381), - fq2_value_type( - 0x0ff81c9f18341fa508ae9866e78a755eb1b17bd1233bf1d2854614a6323d9818e2240ddacb4fe659ca0d5588a5df22fe_cppui_modular381, - 0x0ecc54057b774c2b2da8438a1d26041bb778db87c7a68c70225f3494a268daddee73e8c54fe31f74bbcb5a1ffb312430_cppui_modular381), - fq2_value_type( - 0x138a7fb94a9376c8cdb7d715cd68ce504af6f0cdf2bb09c767585e7083aa572de7c96388252a9d73046b166656ded74c_cppui_modular381, - 0x1a001a345535ff4333d83392a518c90ee849f00672b652a4c7511bfdcb8cefd7cebffe90e802c05056b94328063b2154_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c684748ea5920969bd6cf6023c501f74c238b26ecf79d5bf2d741871bc52ae7ae76f0b06c6b6e348bbc0aed9f35db7c_cppui_modular381, - 0x1575e1ab44ec2501524ff851a2c973807245fab61bdf976a44cc6eb9f371366c23af378889dec49010baafdea025cbf2_cppui_modular381), - fq2_value_type( - 0x1755614454ce7dc81ffd688002bdbaaeaa62355f676a799d665987a058f283363701d2106c2670a9e3041c3975142b48_cppui_modular381, - 0x17e77e4d08d89f981f8229862d1a889dd3da1f711dd54a11105072866414f2db55da2d15606391d76e503922a1a252e1_cppui_modular381), - fq2_value_type( - 0x0d938f3bd5bc8b07c20be5fbd4897080700a77d9094a60053defcaae68b7058e63aa4a7d8fa1248764ff0d1bcebae30c_cppui_modular381, - 0x17aa67c74c3ee3c9a26b3df1971942ad9880ebee53ea153b59628090e88937e74a70527f7e330dfd1c319dff4e4c7661_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x05a51b0a92a3f0009ad1374af88f9e95c4a7bbf69e8053b33c315d0608f3fa3eb4a6c9f7248f7f94f394bb28f2f106ac_cppui_modular381, - 0x029d796a6717c6bc82bc4c123621638fd80aa4adf4fbc0cc93defd66ea43c78eac60c99bdede9b1ad550f89d5bc61b66_cppui_modular381), - fq2_value_type( - 0x089283988b3e2d9668594255575288868791a54a37da8c4de2bd9e2f2ccf68b854bd57aaa35cbe6e6072414f07a7ff91_cppui_modular381, - 0x03c194d6daad3d011314b6c74b6ab60011836b774b308ec19e5dce5d9007dd167da90ca452f88b02c64ad07c19aa6f20_cppui_modular381), - fq2_value_type( - 0x0441a1ae10a79eb27350220350eca05daf096a7fcc2e9f5957396830b8a2fbebbe8ab383bd84453b029df0edd54c7be1_cppui_modular381, - 0x156818d2d266c0288f1f675c8483c04203afd696f019530138c82c6734604b081af0565bf1039813105806b2562c53b8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0389a59bc7ce5d6a9b92c75cc5dccf1292f2c11051dd3cd44deb8d3ae99a3173824ecec5b837a94f80da7b5725a666da_cppui_modular381, - 0x0ef2b3c46669b8ecc7881b9d5a1091443662b5f568d28f88d02e40146ddd61790a3219a4980cdf732326fd4cde56317a_cppui_modular381), - fq2_value_type( - 0x07e95ceb0f4b806fcd78c6599e30f8cc166a5987647ee081298eaaac7f693df9aa5a8b12e474b7edc91a1fc120ab45a8_cppui_modular381, - 0x079b811cb3c4a22a320214a66ce62fc97e6d57ebefa1061e68b6c0d5e57ae03ad64a6c8a0e828b57c32d08dd2ce2797f_cppui_modular381), - fq2_value_type( - 0x154f204ceb40f66e6d7308e75e4c4c3ee625cb1c3a49c5c909f830f0eae85e098b4161fd6ddb0e68e0063fdf2718b963_cppui_modular381, - 0x03efe4a8ebd8413bf8931eb383dcae700b5aca3deecff3e4e4096110dd2fce607d7c57c27170299c953332b0da763f4d_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x183ca0a6c9be94ab62147fe8328c5d226edbe6cc8239bc43fb3f385f0c48475d00e24e5d0bdd85f29a2f241af3bbd0ff_cppui_modular381, - 0x119ef2ed159fcf31d55cceb6bd5ff224f50d1266407fc83d9bc6aa0863eb8cbf90cc023d08039766f70661ac71fdcc80_cppui_modular381), - fq2_value_type( - 0x0703a4ee74872ed2e39926384cf70eb96fe64fe5a6d21e8a57c36d00f15062be299a7717f558743b13920cb957f438e8_cppui_modular381, - 0x0e683f05d223483f5bc169c7a57256c25e0ee36f44b9e91414a4a4f5b8bce38266f447cc346fcd12a2996237c411db51_cppui_modular381), - fq2_value_type( - 0x0f90ef20a7b4c5c2c118bedf8429d802c9672724339eae4f9d031f78573bfc78596558bf0a872bd3f27c6a70bbb5f3cb_cppui_modular381, - 0x125f6c17a7fc83f38fe568b40aa7e42e1ff629e7a26811eca4856d6dfa77dc3bde171d7deaf483a43fc7e304f8dea355_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x08748f5f965488602113fc50ca8ab06ca949be2b93e0a9f3bf4e649d9cbb65f4a82748f10672fbd89d17cb4dc0aa5743_cppui_modular381, - 0x0c01b20eca9eaec6b1f5724d3c0a1d4a9433ca0dc521365a12244439bd7caa391766a9fb87826a1634a8e0c84aab4ca6_cppui_modular381), - fq2_value_type( - 0x0436212511eb8f0360e431d5c986b459379e1e9f7c1b0d366d41ea2d08735c17e76098683d4e5c6c335b83f985893795_cppui_modular381, - 0x0ac7b1c2859061c8da434968af4cf854dca613cc69a09488b3e21ee0307d1e3f189d4f748fb88a390d031315ea18f54b_cppui_modular381), - fq2_value_type( - 0x08d396a836634af9ceffaa6e80e537d0311fc6a642cbbe1dcc92e2a99a494fb9463183d073c797d87da7ba9376fbd1a1_cppui_modular381, - 0x191fe239f5a52c76c5c4efe11e206e3ad3236dc233c5d2287ecb32f98bb25407cdff0bf7dbe93924390ce085a8671bc1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x05042fa800bb8f3dfceb80079cda096a8536002c312e208a313522687e8261d03971699821d6a25fa44b8d13e3ee03ec_cppui_modular381, - 0x00968e82d31d90a794e4676126a9d61a6f20aabec1c144858d618d7eef23d1ac86defb409bd034c78b086bcdd0d9cb4d_cppui_modular381), - fq2_value_type( - 0x0f513a9e86f0775e99974e6b8756f9edfe88535e3d5b5a4fbd22269b914acfd11089447cb34c36b70fcb31ca218e4f00_cppui_modular381, - 0x1875b65a1ff784750afcae2912309e0dcf3574aa84c41992a5460e167ad6e3db26a5f4c846bd084db0ae2fb558077dd9_cppui_modular381), - fq2_value_type( - 0x185da63fe96c8479b6d8ee4a41f925656c56831a183f1bd089711eccc321b8457b13b787b71f0e3fe97878007bd55d57_cppui_modular381, - 0x069dcfaae486b11bdb123c41e46a3d641f5b409e8d6dd8eeed5cd35bf08b8bb7864ec81ef89bb052751b9ca109a42d16_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x18088d899da3cd385300387835a876ae3ed61976586dd4f11bf0d400b57da0bf4eb0e2b92b1c1efb195a5791ccc23ef0_cppui_modular381, - 0x05b84b60637ed00e55c2bf28b6d5df6dc95081e41bf7abfcf8341b6642245f78076fdcaedd59bf217a1273f022a76c68_cppui_modular381), - fq2_value_type( - 0x1736f5bd56b43f2b728bc9f14284f6eaba42ebea1f9783e346cfbdbfd5af309c9ad03faebfafd0333c7081b16583b450_cppui_modular381, - 0x0f0894b8caf3ce18c79a42ba2f0bae501512e1e7ea94442f4cc5b264f12f6a6e433eb94b616182d7ec85f8860871fe08_cppui_modular381), - fq2_value_type( - 0x13f46fcb18d43b4edd9a00282666d4041f03d9bd76dbaf5b4cc1717b9d4420b4abb55bb536ff6325a2e1c22a04c15b88_cppui_modular381, - 0x125251837a3e3df544acb81d9cac435d323f9a3d37e3e7f2473ab37203fc4aa5a8244506add4f4746164c0536aaa854c_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x07024c86ba5602ab0e57dcdb4b4501da877d539d4ed4a37dd2745aa9bdb55d0a3cd38347f1df0079dde4e1ef74e9e82d_cppui_modular381, 0x1855fcfb4ad62b22a634e5899594e97501deb42501e6481a3690e4f273b92e57657139c97f789d3912a54a8bde6d9006_cppui_modular381), fq2_value_type(0x0d16ce2260f1fff0d92b6988b2e95cb013a818523b7f1d3b26898ba9ef79e97907d7bfc3b69d8db8ac329393b0ad171a_cppui_modular381, 0x11cf91e2d0999bdeb58a5fececcfb8b514c1373126c185964c5d8cc879036f696522bbcdaae477b8eb88306dcb66c222_cppui_modular381), fq2_value_type(0x15d7b157897b0dd8a5d8947983d5bf42bd417548a1c7810c9c09c4b53990d1c32de45c668dae372ac9f35ecf07993b4b_cppui_modular381, 0x04f0ac9c39b1c302e5882028cc67b5a76ec27dcb2d6d6da17de5715b37da2112c5fbc612a2b6a40a4ae3cd239f2de3ea_cppui_modular381)), fq6_value_type(fq2_value_type(0x09beca4a20bfaf28de0b508082d4be151e3ab5c85cf3efbb2b980695361e3b86c41468d7b405ed0f20e47eecd2720983_cppui_modular381, - 0x022a2891c36cf2b0ca222a0dba7928cee4523dbc605baf53ab5d111cf095f4c37088190082d0898c73cf82dfe4103811_cppui_modular381), - fq2_value_type( - 0x0b26068b249efddaf8b70903dbd6f816670a596147b0951c4f351516555acb0b720f65b991991043b2ad735d497a0425_cppui_modular381, 0x0fd40b306fab09c4c0def1da79fd2b5b6c2cc7fb517f4e8a721215c4a2d92bdaabe9ea4265db95d621d9407598f9e351_cppui_modular381), - fq2_value_type(0x18b8cb7dcaf7d371e6a77c2722792b6829e817c5ec900cebbe081ec7a07c6fa5fd06031dd064995a93d7622b99f7c259_cppui_modular381, - 0x15bca171ed3aced3b1ae32ef8153c5dd11e2378791cc0f5fa51907f99c55dde7fd6f507ff4851ba6cb9aa5275cff1a59_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x02333748cd46d0cc7ec0509c9f68fe93403a60a40643dfc4ab4d98d5c7a16c8287b3f6316839c055b09ba55545c94f27_cppui_modular381, 0x119719edd3b8f58b195bac16996bf2c5fa51226a8ed2251fcb7ac328664dbeb0786fe8a2f570151cd40e73e7939fa2ad_cppui_modular381), fq2_value_type(0x0cb2fbd3de260005c4a913a13d4b41c94684f3ee84c85dc405712663020fb3722714053859d371c599545ad5d9a7ddd8_cppui_modular381, 0x114f28852c11052b955444a2826d2a43a0fd82b8813a52f95c62eff10c5671edf9dcf82d8abe8761a7953b3985fbd85c_cppui_modular381), fq2_value_type(0x019863e194fdd97e84bc7c410557a709afcae8fd8b26c8796cdf0b34df6bbf16a65a69a02e2c771d83ac736dfdf5fbcb_cppui_modular381, 0x000bca299cf3a818dc9f5a8ec3b58f612abb3a609ffba5ceafca6cacbd4f78e4a212cf098937a2bc4a78fe396351071e_cppui_modular381)), - fq6_value_type(fq2_value_type(0x0ec5930f04cf4e8e0fc40725a12952439bd55786ac78fe098814b7e8821efe802c375342a178f9b590085b6c482b2bd6_cppui_modular381, - 0x07c47f2380508314a412a9637f8ef1de37a445bbdf9a93b70606be70c752adb9359c488cb0d98699d7e455c9fa514edb_cppui_modular381), - fq2_value_type(0x0854b125658dd5bf28cc52b1b0c52645c0e180de4f39998136534c71142d24d3c7dac56f534b50fb98b0bae1555bff31_cppui_modular381, - 0x1519b1727b82f0ccab482a151be1ca2dd744566869c7a7cb4ae0f9a663a60e88441d0c3534f47311330af8afd5bc3e90_cppui_modular381), - fq2_value_type( - 0x01ad28d7c45be4f02e5b0f7cc7c520419662339b625b0ec713587c633313e2b412c2d89146a60270365b484d21e27f85_cppui_modular381, - 0x11806a9c74cc0b5a1f6bc6e143d12468cbb7c853f3fd93f9e55b6121e33f6d191f18394a734c115383b6a941679d2336_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x014b181b2158c0f2ca68b1b4e9873b86fd7b92eb0f4f763c159c4cf3b035eec79b96f35336e0fec34f687b7b6e060113_cppui_modular381, 0x1851e001f259bb85914a2dac6dd45ef416303118875ebb3a9591e7fbb4aa149382e8fe35a0f2ce00e5de6dba1c2655b1_cppui_modular381), fq2_value_type(0x11a167d2b6c687bb3f803077a48803ce99ed74d072c442ede06c8cd121c01782affcfce1e46abff85e39d34230be2e0c_cppui_modular381, 0x0243d0fcce872bcdd60fe16f14be54b914393819901543b8e439934eaa3e619390ed1d6c53597eeceab8d0dc9e8f9879_cppui_modular381), - fq2_value_type( - 0x09ab6d6a7f7a818c7521b34ae94ebc80257f0a55a45d8ed074ed37d4991898f7bd1acb6084bb96ad8c4987a394fbe830_cppui_modular381, - 0x0f8d4d57066ddfe290f0607d104a8451b0bbcacba61b8a26cd8529d94c8cf3323278dd843e689ff907edc380f04d7444_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0f671815379648e914fc13f75f8a28c529b1683ce1ed4d862fb70905b49fd427cb354cd25d941e0b83638a452c5d10ea_cppui_modular381, - 0x194496c918d64e046f43ca0c8c405ffefb377fa71d57077c0548353e7059f61767e82933693ba7683a18c04b60b18528_cppui_modular381), - fq2_value_type( - 0x16e752db00103bb9540d4e3a27f9a198cc676936712aa498f25a4b0c0e8f9d5ca1999c7b73da4de45fcd9b8b6430cc1a_cppui_modular381, - 0x0ea2e0482a11d07624fb1a7900dd113eed25a6cc943d2a0282f73e6ea6b8c0733772859bfb5fed4cddf70940c7f990eb_cppui_modular381), - fq2_value_type( - 0x160b5fb68460818eafca5b25758d182d030255fce78a72589377fdd36fec81b29107667c5a30dfc2e3456934dee79370_cppui_modular381, - 0x16137e5b5c153ca9e4d79a8b169ae8342ae597661ba6f48e0e1cb65c0aa359c8b82331acde0b664b3b2d3ba3d1aa27be_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x142d12f21c5fe9a7a09adf2d49d0acbb7ca5b306248bd371437b0899acdb9c60b17cb608197768c2628253966b9df124_cppui_modular381, - 0x01addc2a2195dbfb11ae342651be5f103a8e8304f777766405feef83e5af20d6ec00556bcc0b3c156cb39be11a4002b3_cppui_modular381), - fq2_value_type( - 0x072098acd831acdca2e10e8454e743f7ed660976d521867cf953ed1a48d9d0d51e7ab165084ebb458b1fbd72f03997d0_cppui_modular381, - 0x19b2c06b471fadc502900bcc7698868104e61b2301c06f55b94bf2b795d775b830354206e29491a368c8b384819731a6_cppui_modular381), - fq2_value_type( - 0x041b9548ee21e2042dfcba1ad4f709118b93d3ec63f59d222ba7a88a4e85513b1cdcd82450ca193e74384c1bc8bed15c_cppui_modular381, - 0x0803cafba760215f04328f92d089bd982317d0383158b873fc975f3320bf9c7f9dbe34fa38cdb84deb67e38eed0a0e36_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c6e7eb98e093c8606221e04b79c88f6cb740ab97174b1a1f82415fc9ad7cadade4bb41adde6e1aa3d5d74b026d90a69_cppui_modular381, - 0x0dd152ce35b3c88c110663260a86a25764f44fb6f824b524df2e60995d7b07a6024b1d40d6578beb147697a060b5717d_cppui_modular381), - fq2_value_type( - 0x025366060878ae527ea6f423947e9d1aa706ded60ba657e22e29e0bbe509812b39b1053b3ab9477d533327b659586258_cppui_modular381, - 0x0e0fd927e4f26b758b6bc2092b8a0f81d58347a6cb2cf4ac88aea4275ae79c9d4411348b94be35734701122226379fcb_cppui_modular381), - fq2_value_type( - 0x0472afc4d6ed38d080d60ce2d0bfa96bf88c101e99aba9e0597d81298a99bfa88e5db8dff60c6dd68807fbd03e235be7_cppui_modular381, - 0x15bf76f0a11dfa35d2e010e631c176776a08cbbbcf26b08ab7d40ca6e04d8a1fb9b62d991614ea90da118993db463abc_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1765ab4c391f7e75c994f3ba27cd1f52b8282fbee1bc361bf83b4aba699ce089789d1700bba237fb38e1d741a65c0e4c_cppui_modular381, - 0x0da6cd4f3bf4d6bcfabe55c810090e7c1fed3a27136a6820bfe4cb270e05326977998a0c931c82bb1049bd6af3e5c49e_cppui_modular381), - fq2_value_type( - 0x0946e44726ea3f7b561ecb5bc4843606afcc7bf7b2e33a9ae6105298bf722403b7c5634fe1c652dae04f404d5c3e11dd_cppui_modular381, - 0x15b8fba0861cc717594314eecfc0620d988197eadd59af19cb515ee400d2ecd5f147fbbca0a770e6c630e13b0285a6f4_cppui_modular381), - fq2_value_type( - 0x18633d791b9748795390333246289615f636dbb3237a1d56ff7fb915773fe9e2d2574c13a126af5cd90a4ff011167c0e_cppui_modular381, - 0x04466903327a93aa62775195cce74fe04f94bb324b4f0be9299b872f9ba1ed2f98a973abfe06c208654fef3296f4fce9_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1540066fbc461be90e646e6f6399d2f7c03371d74dd43d2531c39114e11e0bbe4b86f844c5536ce414460dfbc2eb76d0_cppui_modular381, - 0x11e9e422b4dc6ba06a1cd24e976ae03bfa616d053582ca633f0214c0ca6af05a7d383a1d509d6cf43f6eb06a97e201fd_cppui_modular381), - fq2_value_type( - 0x154f3391f28fd516037a6da6fe3b33257f023d06fdb501951db53a44ccd7306c650cfeb3658cc951fec2c73571a9271b_cppui_modular381, - 0x0695d35f6e46c40ca8de1c322a5d21f8ce33eabd85a608a369db39f007292c5d3bf2f340fe67de5b6dc1c980c1c91a63_cppui_modular381), - fq2_value_type( - 0x02e7c849c199fb5a675c4eedc7480e431eba542a0c471c3213068aebfa97be71ec61e52a81f1e155eedd6c3acd90eb67_cppui_modular381, - 0x00ba921ba55cf5a10b2993145a9c5cb952e919f865f2b07ff07508338c1be221ac51c29d4fdbe1a287256a68d702b2cc_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x059a65d7f906541fcd4673be639072df8784f2dd35b040aa6bd96feff15d58d321d6258036a4366ced471c86149b5652_cppui_modular381, 0x16872ac23722cdddeb5195fc37246fe97923891918a01b5b03968a57efa7eb21b96347ecafbaf6c8177e366e79a868ba_cppui_modular381), fq2_value_type(0x03c04992b14d73caf283ef079c9444feb7bdb5710020c6ac019d6f5794dfb84a4cef52279d607e868383426b8799920f_cppui_modular381, 0x08add72d8e0fca15b272ac9afa602a94712b19c1119b3e22e5ad8ff34695183c13b76a3072614d077c1ee19f0d6e08ad_cppui_modular381), fq2_value_type(0x008628667be675f64dbc305f520c37de935fa1a4b309c110d9c0b8e52c9b716c9ceb848d224291d0338b1f712a493b2c_cppui_modular381, 0x170adc98a728b395c890d2b5ed099b20ef8cd86007739c8ffa77fc70f2d5761dc83e2ee89b0b61e15af3583f4c92366d_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x185df273536c03e5dbeeb2369eb26c2d393f02a3d3ee6f09fab5717e2dae51db2e6cc977ed913a0207a273cdcd903888_cppui_modular381, - 0x1761fcc54d4f5847af22af816df687953bd345c329bbaa77bb54830854cde537811ab6adf2e8f824b34d7b0a4020207b_cppui_modular381), - fq2_value_type(0x141d58115c750b8075dbc36fa11ee7e18e33b743881d485837c8fc646dacff1a90117c8605c491c770f935a043cbdf76_cppui_modular381, - 0x0aba5dacb5c48b91c889fa4c7d44a27190dabcb17fa57999b105076a3394056294cd6d2f4630d89c94571e991467f869_cppui_modular381), - fq2_value_type(0x02adb29e893c00b2a4adac4f0097ed61559a2ed433781fdb1da892c17bf7e3a759f8f55be8c62d09f6ec087e9b0c527e_cppui_modular381, - 0x11a08ae7662a9fdbe95c2b4fe958180b8b2e520cd49c4ad4a61c5673c60b657571fc5faafa65b5c57a0f0ca34b742dd0_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x055df495fbdd2cfb95e4886364cab35c39f2f6ee68051e8a75af04b4b7b6bca05fabb58b72031a7d661278effbada5b9_cppui_modular381, 0x011e9e219bbad776d9cf7b71ba5277cdb96a91c6ca1da660c16a1fadc66a5c2b6ef917cffa3f381bbe84a6ed07613319_cppui_modular381), fq2_value_type(0x066c474d42bc3cf8c2383525225633ca04e1c834e1dd6c17626cd54a4b25488769c752f7464a8e942acddfa9fbe199c8_cppui_modular381, 0x0d143a2f40ed551fe6f1495dea8d81a0a185a988d3f84f20a26522663f137981d7960ef1431cc4bc92272b54d361da3d_cppui_modular381), - fq2_value_type( - 0x1158e244ee2d31a82750e2a862dc2897e5e9fc5f3bfa591fdaad46281e52bee48feb202695ceec17793b0fb9dd25164e_cppui_modular381, - 0x025c2485998359cbde223524c1619c62035ca1541eebf82b3919e381d79995e35da39f6a8ecda561925a39a4c2ba07bf_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x0eb4913e820d786e0bbb261e79292062cb817b91b10031ccf7915b0ed971799116ff8d40cdd4578807b75404c9ce581f_cppui_modular381, - 0x16ae369f9ea045dd88e5b514189577fea5bbf0221535e86383cb16124692c9ee7454ee1ed1f79b2fcbadd0d0ef04dd6d_cppui_modular381), - fq2_value_type( - 0x0853a2f45d59465598322d9f2e6106abb245dc077db644f20b4f368db07f6a4b55161e63d98f1e3291cc723a87bba803_cppui_modular381, - 0x15e42adfe187ebdf6d5a6ce574ffb96503234ddc9bdba8fd047a2b025484d37af85ee239634f217e4f9b449bb524c109_cppui_modular381), - fq2_value_type( - 0x1889b0271c67209a4a0e4243f21f74ab031f03c9d6d8bcdbe649e3a76c8920b6adffaff5ada3870d4de9402e5cb76084_cppui_modular381, - 0x11703389221e7e8f9a4e8bde79f4b182d145dd5a6591ddbca888931a17d1c18913ed0fb6edfabdb2ef4677f7236ad50a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1195a6ee7140440abea0622d62939494748606eb7c01579f4fa1958560173bcb73633a09506e47079403fba4b5223edb_cppui_modular381, - 0x153e1743c725f821378bc41e04d912db687380ce5f76c43a29ee0aaf8a2f8e715a086dcd03d5cbe7dba8357eda88503d_cppui_modular381), - fq2_value_type( - 0x0913106effaeffecce955a06dd49398c2e09aa81b843779b32b4137ec697540f6396f39dffcb52a1310d2ff80e43c15b_cppui_modular381, - 0x13797048a8aa483b1533be4a60fc9453ef8bd27529171431b622e589b7668280a8cda300c0ec2c4af943713d15b20bb4_cppui_modular381), - fq2_value_type( - 0x0d3798c33d6a8f49f389d020cda1e3bb4a18685b56f3e5856b62b6836b0ead3d823dbc1f216255031c61c030b5706b92_cppui_modular381, - 0x103a8ba97666b53c25c07888532feaaf3c6093bb25d3a55332ef5546f9507166dd7aa60d826153aaa4aa8616194d83c1_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1816ea6954386c98bda8236ca5dc16ee746010e92bf98d4d63bea468dc519a121e482c8ea039befb4a372d68cb78a979_cppui_modular381, - 0x1133a8de50c397628db1dd3fa00b66071331aac01a6a8ed8b6cf7197ffa08557e31a2a1df5fee1f8704d81eaa095df4b_cppui_modular381), - fq2_value_type( - 0x1970aac58884c46821cdfe774c9a5b34abebc5747dde015f68656fd8eabfbe0084079676acb41ec1bab0a7fe18b97087_cppui_modular381, - 0x004f38337491be48f6a51ad92348a7b266e0ed66fbe2efbe40b96b07305e291a89ec04c8549d34b14f5dd29c2a832d94_cppui_modular381), - fq2_value_type( - 0x04bd3d054f295242f9f32fc3ad21795542dcd2e92af34e8dbf7550cd45120d9dd9700a744651b091fc286919b79798a2_cppui_modular381, - 0x0b865cee2e54a6876d88849c5e48b2101e77419f8abac361561a65fb2cf3b25fd43d7344055c17bf11fad4f2518d1b39_cppui_modular381))))), - }; - std::vector> gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1788826b397708b027ad4d28d617f2bdcfaa4bdd9e8ed558eb0e2793bbc7ca92e161fedb8d7d4e899928edd018b9c4e1_cppui_modular381, - 0x0e5ff5ac95f10e80f0d450459608e81cd8790ded433e89b54b148aba9ee51d3b903c0d6e8151fbda77e080ff0e2ded81_cppui_modular381), - fq2_value_type( - 0x15ab6ecce8f643d8040a160b28a88cc354d0f00a0e36f08d8cf9d0be7498d58049d9efd5a6e1500a847e51b953bb5422_cppui_modular381, - 0x18ace269e554de2b091e1bf93fe6f49943cd8d933a5ff07c44b74a5919b19003096689adfd70d95bb67e76b898e64ded_cppui_modular381), - fq2_value_type( - 0x055d9b8d6422d95ef658133c5c420428757d798ba2a4f3726a966b8f465f1ced397f342835c604b246c1a35f95652ab7_cppui_modular381, - 0x08d481eb22d5099d849fab89cd08a204ebea62645ea16b00a5b186a85272585e9ddcbd17a97fcfae5723ed9eed3ecb73_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13f74e51b80987e58a315930ed5c9bc4ec889b658d7fb1346985335c203ab26e45677cd9f0b270aae0f13579f37dbf0e_cppui_modular381, - 0x154d0f0200afbc37a60263bfaf2113724b5a418ed775d006347fb689f6e1e5bf9994f29525479a8592fe13507bd013a4_cppui_modular381), - fq2_value_type( - 0x0587bcb5d491260467ed5c4b2f61587b4cdcde1f95bd019a44812493a70d43e8973c9f8fe4d3efe5d1357868bbf6a9d3_cppui_modular381, - 0x0aac99645c6315981ac98aa22fcd9e5b793a98e9ad4a4303e3509b838f105af4b76c29fcd27876413cc8a32125414d3a_cppui_modular381), - fq2_value_type( - 0x0fbafed0658844cd1b17a8256243fd52b59ae0301bc2ac7448ce9995b35326a16d9607ec7c6d6df93a139e3fc9775f0e_cppui_modular381, - 0x0d25b354fc9056f541dbbb04557c2bd7c798a104b0532d630ca4a51f479bccfcc7145d1a38358dc4f1c715ed93715969_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0ee181afb0aaee4aff5e1f376ea7d439777d256497e6b2f98f4503ed7cd57511425fae9c35b5f79db8e6cb9b38793895_cppui_modular381, - 0x102537a00e697edaa60b7867d87998739ef9cddfe187457648c0a2be3fd05c92b8ef19329bd7c07c61010965e7bef8a3_cppui_modular381), - fq2_value_type( - 0x15bbf319ef5876460c111365bd6478d7e0c569ebf23a68afc9f877e29760042347e4e4aab02dacc71068b41d8b58910b_cppui_modular381, - 0x187682bad5baab7ae6bfdfd33ef84a0882cbee0980d5369df1538dd0761ed8dcab020fac9a0a4c5a027ad89f4eea5db7_cppui_modular381), - fq2_value_type( - 0x057142517f230eaa05b21cb517f67b5317ae73ae2944a904f64f888239fe63488fe5c657cbb56f3b5d1f2dc678e49200_cppui_modular381, - 0x101ad09dcdb181b32a1cd4f24d24dcc01978170243650e64d53b838fd828ef5e8bdbd0a9406323cb14cb29a0b787797f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1299f190879a96636bde6755bd4d9f45904273b95637c4188ef3aad491d90561ce2d3d79d0598314f462e46fa0631ab4_cppui_modular381, - 0x1546ca2af0e225be968677ca9fdfccce7f94f2a235ad79f881da67f8e38ee2b01114c52ed579a69ecde37e7517baee53_cppui_modular381), - fq2_value_type( - 0x10f2b3b749f94880c47b7f1d7025f2309da774aed1ae8a9736867fbb681de22e825e275f242691151018103797399948_cppui_modular381, - 0x04e5051ccfaff5b87864f3917a92f5ab654d35ed7d2b5834ce01d3854dbb64e627126a0d3ffc56f1a504c41bd8f90d3e_cppui_modular381), - fq2_value_type( - 0x194ceb66c0592dfa69c1dcae1947acd98a2b215c89e66ceb16a20857659e66969e81b1b783e6e55d17d516e331ed22b6_cppui_modular381, - 0x1063386db2d0ecab4c52fa3a83dcc07afde71e86c78acc6a92c389ca5c0c01b2842e79dfa789ae4e35e5ffa2ae8d07cd_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16a2a61acf5410a8983fee3e65911fc8ef8bf4280e3ce5174c33be1a5a562a426d3fb20f2082e020eafd309c4996cf92_cppui_modular381, - 0x0909deb1db74f4786ec60019f5b50a60ae735e62aeb57c2097e0436aad72d13f5d84fef69ae187bd4e8417bc5e079b45_cppui_modular381), - fq2_value_type( - 0x1757ac28a92c04bf2c3d9647b2a06d5eb5d9100f50d5823e8912443c66340483edcf5838c8e17765b07d7195ea2dca32_cppui_modular381, - 0x082a7c7ca07f53ece7ac269c115aae2f8485d746a9c76b207db11bca692387a9970747ce7be1ecc12f44c1f56f88d13b_cppui_modular381), - fq2_value_type( - 0x1779b373b3a78ad69961e102afbf553ac8081d8aedd1cf702574742073b40623e44d0b29436c25f009fbe58541428993_cppui_modular381, - 0x029f014ca1e66024f211288e38d2f5eefc1535c43c51da87378189fe2effadc5e389b811be547b0ca7ceeda8ef9d4c78_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1024e769afa0d5ae54bb42fa474d97f198595a8a7ef36d554131dbbaec0ea8cfa3093a7d52eb2ab0282878a90ec78db0_cppui_modular381, - 0x021b2e0f6b83ed79f4084a8a3c2b62b60d197ef4e7c7da046b53e759d315f0ae5077e881ad5a3ecb82f09e03e67e8bb0_cppui_modular381), - fq2_value_type( - 0x12056bcd46be6351e6052d5b566a26bd8c9c56fb4bfd17c09e250a70940f0444ddfdf69a189c22a886e5d1acd0269f03_cppui_modular381, - 0x183ee78969b1b718afd496ec57512a92885858aa424329a03ff278bb1502d0de728bae15d88fd535ae4d6e77868c510d_cppui_modular381), - fq2_value_type( - 0x0586752e90ef08d81e98ae6bfe2379cac34d5ceb58c54e93734ba59379e0b085355a00f371f46e8f8c2ffec44cf127db_cppui_modular381, - 0x00f211527a6db95d4a43f0634fad06355728bc947311c0fd8fe5876106dda01eadf90d9830653e47e9c4bec57db0dd51_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x04960236d2e304dcdf0f985f3d4cf05b2e97a2aaec262023fe0bd44ac6804c20145c28507953f194d4bafd19f66be7f3_cppui_modular381, - 0x022c81ba8ca9cd70d8b3e1da607fc00ce738f429760a17b8b2e080e1aecdc42fa150beba7a111891ae4224044129c34a_cppui_modular381), - fq2_value_type( - 0x13503659bca2ff69933dfce8950b044a4cfe36deb9abf21dcdc2c948991d73d8d2df5844586ca787a09f22c242cf870c_cppui_modular381, - 0x0d3979429426d5fef07934b6051d67b4bc5a0c7bf872f5cff9bfad82d82983ed6c9db23556f8cf572e264206707866d7_cppui_modular381), - fq2_value_type( - 0x029a155db0a5002c85c255e640fdc72db1a2644e068aefd9edd68cab9a5e3774e602cce877ff4ca291bab1cf8563c579_cppui_modular381, - 0x16f7232f80059cf103b8aa1a4908baa29776200b62f638bbf4c31c8f1dc3a3ef3d7b46f7fc704cc32f6f5a2664a7503d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x16b54372d94f1571758a6290442b0ce1b56f842d0ac3c7b994c9d863e5b6a9add637ce360d189b8253c096e3141c8f45_cppui_modular381, - 0x110d7cd8299d438b36752b5e7539cc2b8330c43c09397193bcf643ac76b5f82313dee59cf2e65c1bcba11932323ea251_cppui_modular381), - fq2_value_type( - 0x049209eba43cc8e939832adfbe4c762d3c06a1d48f24a909f161433d4809abe90afb6e0ce5b0638304f05608400969de_cppui_modular381, - 0x0b9756c54b7d2866da5b9d22a29ca23abfd5bc6946e08dfecd00b0b07f174e4bb08f96913b37d7a7d9f8f60e25c3080e_cppui_modular381), - fq2_value_type( - 0x11e79273751964ab0601d57c7ddd4fdb7c3d32b9cb08ee507ba16b9f00d9f59228dc50c4bd9e10079f3edae149c45218_cppui_modular381, - 0x098c0ab152f5243075b84c57d0831ab00e6badf052ea517ef07c6cfe8335f938771dbc5f4519f64c805b87369fc836b3_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0578b0ce1c12310c89e78573042b224b55b106826063bce4486c350afebd67f2e5ad11a4d05176cb48258626621ab615_cppui_modular381, - 0x0dfbe96ed0d2e708dae148e6ddebb0c3b789378af791cf8a6f9a44340e51f0f4ac83dba32db1bfea6e301ba6fbf9d510_cppui_modular381), - fq2_value_type( - 0x13aa0fd7f5b9cea485e7d9d16f7205eec4a533954d4c162a5a67fbd3ce698fced217ff17fc32308a0d5fd4349b581d78_cppui_modular381, - 0x131d6c897e1cb3acb17c83645ba9ea1fca3fcac9cd45b948b1d7cacca9f31dcadbdac1f6d74ad5bf22754b68b33bb504_cppui_modular381), - fq2_value_type( - 0x0878df44890f4097924d9eda5d1529602e770b75b57cb7560c911d7075f9582d2112034680419197f37efd61efebd8e8_cppui_modular381, - 0x177e78cb4c7f868dab61eb61a9c8b54daef67d2c8047c33646c0fea9177ee892b5a1a4176a006a131776b468aa5bc45b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17e1c7376fcc1d8e890310fbf48d52d0de565de348691120befc7477220908a7ea36d0dd5bbdca517f6cb5912d5c8da4_cppui_modular381, - 0x0d23f6c5fb259828e09edf873366a390ff4b976616eeb687e656719233bb14850419f238790abbfe173e4ace519cf0db_cppui_modular381), - fq2_value_type( - 0x06bfd2bcd807e8256ddc90d8875cd2b21ebe6a40b2f0291f7a40cd2d4816a200adb790147bbeaeb5da22c8496d12a32b_cppui_modular381, - 0x0a99ed28de9d13fb6c6b9d2bd17575ba080c97b0902a71a78f5341d12ea46fc08920b724f143e5b9c43c1ceaa136e511_cppui_modular381), - fq2_value_type( - 0x0c30d54ab51c3f63590c9d4b4cdad6e31221675092483a4478ce128448b398640e93a7ec9d3251f844df93a842db2283_cppui_modular381, - 0x01d4b8b604282d91d98cde7bcfdad4caa7e31d0f203d2a0c776ac775acb698bd4e2bc20993d682b5b3c0f38919afb8f3_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x12320fdcf1a1c2e54dcbe4f0bda294b52931f8a5eed82e6e052927ce75f578719d153b6cb1006dcadd3e22140cc0e6d2_cppui_modular381, - 0x034ab2124020db9adfcd59020442881ba7856fade5756d30a4c1c289cb6893cfb1d24eb54853dee13d6ed51e528a29f6_cppui_modular381), - fq2_value_type( - 0x17d7210f5dd42c46fbf0e0e9f5543f0ed3dc42fd54acbe28b9ff8ec83861b6e9edae445f7b740f9af0f85a30045afa8d_cppui_modular381, - 0x113f29ea7afcc1012bbf5ad3c60411231e5e6ab12101ae2e5b0b920b2f0fbdc25555cbe67927844ed3dc58a21523f1bd_cppui_modular381), - fq2_value_type( - 0x053bfd84179beb5028185b23e3b2e0cd1c21047f1ecd79273f1d2f9dff09cd837c7016768ec052c1ce897187db5f4c07_cppui_modular381, - 0x01262f7bdf84f75f012aa826a120120ba1d094ccac8e6301faa31718af5937ae57215e5566de8e86e193a51e9a2d0e61_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0b11bae91f6b969c364f4365752e15c5309d317d5b6386d59b8da732f23f186b7c7fee3ef0ba2df800f0d96ef8ed917c_cppui_modular381, - 0x0e94f76116cd2936f91eb7e758fb0ca34127fb135aa60748c4f7a878c964625cc7cccd7f27cd8d72278dd9e1aba48688_cppui_modular381), - fq2_value_type( - 0x0382ac6fb6f360b5f3b76c6c02c4a05fb55213758d8252684cc68b6d50b76866cbe3346e6f8e3b1f956f3413ce7f33b0_cppui_modular381, - 0x0f3b2651d1142e4794e22d3cad36278839b1bca57a82100e9682a88501ce01bb53e99f26ded23f31fb355061a5899e73_cppui_modular381), - fq2_value_type( - 0x03853cda18ccd9f1a6a27d938c312e7d141b944cd6b38cff562636fcc04009c334f6282ab1341eefe887454e6e65a2c1_cppui_modular381, - 0x0e9d8bc6e621361814010bfb5baadaa6f6014dffd7c65a4275a0c22378b4c56ab6a0688ef0f3b17bdaa12fd0a98305c3_cppui_modular381)))), - }; - std::vector> gp_z_c = { - std::make_pair( - G1_value_type( - 0x00356ef47a6a688a8832dd47fad2f8b5981a564d3b7dc77b33f13dff52dbb4536b6108510785304da9fbda39bfdc0bb3_cppui_modular381, - 0x110ce13acd56d5f9188faf09684b5e299b848615ad9be48dec0702e42ff794730417d92c7d437ddb1ba82869b5b6fb60_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x11d1f6fa158a0424684bb00c08be8f01c6eb6835a1fbb6ac06606799e517b2752b0b047b70266013b9d932198ced0930_cppui_modular381, - 0x0d6d40a9e4c8aa3f41d50f3204216c78c5959e5d0aaa08fb0276665b50efa7e90749cf7ae48d353c2beb29a7d9703ed1_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x17f33645e50acb5c20888955b496c67bed513e0b844b02628d978b8b37a813e33328f329cd9c0f10eda20cbff4758e1d_cppui_modular381, - 0x106b96a3cfb2fd59f1d171d5d956498c24fbeb6be8ee12e7d6432b8dc3869598e771a56eaf9ab8a0001a1da658df7f09_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x145033766369f79f01c3ae44050c57b90ef20892e9eb73da1efffff9c8257fa82ed55051ea26ef4801268e55f1ae2987_cppui_modular381, - 0x01793eabe34fce514a38b6ed3fdf9dcefc3754caa1efadd577137a1b7182f793374e7040e5cf3d9911f056720c9a0756_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x01bea501f76061a67001ca3c5586aebaafef12130b375d2f12088ef376fe28aacf542d0ce26d01f3cdbc10c5a6b0d6cc_cppui_modular381, - 0x0cb0d723875d30aa8e7c0bd11b30613cc5f40fc0575315171b383ab3508bfb1cf4d764307d32b44c3b74e5ad2bf3f2b8_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13f158cb09a4dee7c65a345c7f2173e337756c1d286687fa9661c432cae1191927fea54ed47648c38ca1ff52c4d20eed_cppui_modular381, - 0x0d851ce999581e11e4930335dc31241ecf004ac30c1adb4a60424d0d29748c01c4d04be6bea6c26c389c9450139a381e_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type gp_final_a = G1_value_type( - 0x0e8fa2b057e92406ee207fb49d5206dc169bca2ed70df83a70c1a14a2813cfc0e3af3505a878479cd76d84c28ccea7cf_cppui_modular381, - 0x15dfc2c8db04ecacf69d7fec04ff641f50064b886bdbe1870ed8fcdb585eb6fe8915bdd29a7fdcf9fcfbaece14d85d33_cppui_modular381, - fq_value_type::one()); - G2_value_type gp_final_b = G2_value_type( - fq2_value_type( - 0x00af5b0a0f7004410575e0fa27c27dda035de622ef4bdb0a1132ace3f453be45a68b9c5cfc586caad9901e399a1e9501_cppui_modular381, - 0x0bca883f2a3089607567e2a0adff0a128c4fe32bdb18e9fb10ceccaeb174d67494b36abeab981950b0e864441fe6b9f8_cppui_modular381), - fq2_value_type( - 0x06889d8d13078eb3f761da2b5cf53736bf8d2e58a4972ca7e58fd50d951689ad6bf1264d9d41c813d1eb9fbf0c7d2389_cppui_modular381, - 0x1399770a311376df72bb55004795c619258767b59ee7fb2a942f8a57806a0bacb0fe1228a6252ec74bb1d59273b5c4c2_cppui_modular381), - fq2_value_type::one()); - G1_value_type gp_final_c = G1_value_type( - 0x084791edc406a3f22688cbb2b037e1ceb6326b5923f0e0d325166f7aff6a3a49d445bfd9bf7424eaaea21e8aadccb9a2_cppui_modular381, - 0x10b85fa7ea5d2477ea414b7d693df5aeae258f401fe0bc8754c5a06c7182c7b2bba42a4a166a46fb3deb55becc466de6_cppui_modular381, - fq_value_type::one()); - std::pair gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x182abf0fec3c7d47f4ce807cb3e1392cf7140591e891b5177a287a9dfbd0260f5dac227621ef6d8a60cc9bcfbdf5fa13_cppui_modular381, - 0x0272aa23725df98efcf4c9e5c3706e91129c5d8ba0a93c528f787db124e90f0d9087a3e610882e03a5cfe7f61dc97dc6_cppui_modular381), - fq2_value_type( - 0x0c816f6952f4ea048ca681082a9315d2b455874da75f1780f8fdbdf8c135de783b91a633671f92a9c8989c12de1f491e_cppui_modular381, - 0x01bcfeeeb78d21339e7a32406bc15a961d3494cdcba1ad0525a58c1a09908ccff78cfbd33234f23fbe089241fa7a8a9b_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0876f0583fe644557ae2059ee8cdb5f8771e596e98f8daa9ed579371918ef4f52aa4f30bd1f1ff75479c8425f61a320b_cppui_modular381, - 0x0a1b7c06b0c91d35cc69a9d64c5561d5408e73dd040a51762f5853c2cb2873a4c5b994470a54ca45429acef0f92688ba_cppui_modular381), - fq2_value_type( - 0x04dd9bd93186e54199d3b41a6348d73f516734611390325a478c636659c886c0f88f7ae15ca80b31dc9284b2c1135c8a_cppui_modular381, - 0x00000ff4aa4580802a632b61ce364dfabac4b2e3aac4edff9cb199c2396b36aacd5b2e26ea0f19db2a2e6fd5ff4f13ec_cppui_modular381), - fq2_value_type::one())); - std::pair gp_final_wkey = std::make_pair( - G1_value_type( - 0x14006b4350de0de70c5b8b7b35e0103298c7afbab44b4cdc49979f188cdf8c2ac713a8778b7d731b12c41da259819a50_cppui_modular381, - 0x0128fc84e299c6b2965c56e381dc10b3e5b36fc2ed27de8e4bf56aa73f2273b1ff21f8af74f90d64dd21ebe6ef443d07_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x07760bcae08fcaaa51dd8712cbe38ab449198f356399c3ad86b46f69d0373d6c20d2c81054cad4df71c0397375ad8e6b_cppui_modular381, - 0x01dcadbe7a8ea3c463c52f50197a9363fe31a96a8ee4d6e3b06a37270d95ec4ba29ddbc363290da25d25788c29fb4eaa_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(challenges, ch); - BOOST_CHECK_EQUAL(challenges_inv, ch_inv); - BOOST_CHECK_EQUAL(g_proof.nproofs, gp_n); - BOOST_CHECK(g_proof.comms_ab == gp_comms_ab); - BOOST_CHECK(g_proof.comms_c == gp_comms_c); - BOOST_CHECK(g_proof.z_ab == gp_z_ab); - BOOST_CHECK(g_proof.z_c == gp_z_c); - BOOST_CHECK_EQUAL(g_proof.final_a, gp_final_a); - BOOST_CHECK_EQUAL(g_proof.final_b, gp_final_b); - BOOST_CHECK_EQUAL(g_proof.final_c, gp_final_c); - BOOST_CHECK_EQUAL(g_proof.final_vkey, gp_final_vkey); - BOOST_CHECK_EQUAL(g_proof.final_wkey, gp_final_wkey); -} - -BOOST_AUTO_TEST_CASE(bls381_prove_tipp_mipp_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type u(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - constexpr scalar_field_value_type v(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - - auto w1 = structured_generators_scalar_power(n, u); - auto w2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::wkey_type wkey {w1, w2}; - - auto v1 = structured_generators_scalar_power(n, u); - auto v2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::vkey_type vkey {v1, v2}; - - constexpr scalar_field_value_type foo_in_tr( - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255); - - std::string application_tag_str = "snarkpack"; - std::vector application_tag(application_tag_str.begin(), application_tag_str.end()); - std::string domain_separator_str = "random-r"; - std::vector domain_separator(domain_separator_str.begin(), domain_separator_str.end()); - - transcript<> tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.write(foo_in_tr); - - constexpr std::array a = { - G1_value_type( - 0x19382d09ee3fbfb35c5a7784acd3a8b7e26e3c4d2ca1e3b9b954a19961ddf5a04bc3ee1e964b3df3995290247c348ec7_cppui_modular381, - 0x0e1429c57d0b11abeed302fe450ee728b9944a731765408533ea89b81f868ea1086c9d7e62909640641d7c916b19ad33_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d76e41234948369334b432362d0704bd88599200d80645a69ed47acf10464822776a5ba8efaad891d98bf9b104f9d24_cppui_modular381, - 0x08a8c2ae10d589f38a9d983feba2241cbf0d292d44bc082e8fc9ff872f8eb280f6c6cfd1c34928fa81274781a4f4770e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x02e080ea7883f56025b965fe7fa27315af7bf0f532fb031075467cc78dbce6319645e23e8febb6660cc864ba9e985afd_cppui_modular381, - 0x0f25c2c8aaceff02da0d5b85030767c64b3ed2ffd3e3f69e9aee42025c737e95fce00d5269eb151c4d22a5f77ef8c815_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d3541b03376d07cbb7f9f48b3a1cc43cf48160152c20c00c7bad75986839b0f9ef7cc71f1ffb4d254d9ec15ce6bf336_cppui_modular381, - 0x01e48935c827f8ec79129124e8baf1deccf99d8ca0324fae41e037f4854ff4f389a4df3bc9ab2549b6ef949e4acdedb7_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x100462d4d96fcf47dd6f6dd3957f8c2d15cc72fe0f2ab0540813e73a16c74b4bb932722e96a33e2a26ca1ab9bc879e49_cppui_modular381, - 0x0b2d223ea7a3275108aa52b3e4eaba948dc93cb6ae29c3c472a022eab55356e51755a6486e7fa94f3b8b4a06b3ea735c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1320c3ca0de8f268ff78f461e5b342960432064eec51743c386fe93f2f1ff8d4592d04605092b7302c217a72e6137632_cppui_modular381, - 0x1613b77929282de9c0a3baf3285394260a50660b2f5168c6924973b44f35dc1a236796b3251c5a748039b78d0b377576_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16bfa39559ac6ddfd3c63ef03bfd11ae6de4d08e66f82dc4ec4e2ca4318c266a705134204f2aaf99b91f95610d356bdb_cppui_modular381, - 0x0c2dccca4ef18b3cf50f18ff13de4443eb6f5e6160ae985568fc5557232c892599e27285254360f797e4b59da1c19406_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x09f4ebbbaaaf5d2ea52abcb591412f6851539e1919d34de4f00900e60591438a6668d48070b5fb22c3b59a3cdae45799_cppui_modular381, - 0x0aad9a2d04fbced844ab0811af6deefb18e9d67660073ec96954f2f0edf3a884a4ddcef6d8b7889a9bfbf7e2f151b1b5_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array b = { - G2_value_type( - fq2_value_type( - 0x0badfb692a2a7ca4970d2733fc2565afa8e09428453ef5cc916a6d5ab43b8be8b9ef920af378f1823f426bafd1d096c9_cppui_modular381, - 0x0d523776965ea36bab19da0387d38305d628d63fb7da6736f4620b7fce92539fcbaafe7dabd96e98693d9973ecf0544a_cppui_modular381), - fq2_value_type( - 0x020203c10b37edef960e6921c624ee57a3c2b256385b3c68f8fd611f1deba8ab91cea15d77452639429c74086a322eb7_cppui_modular381, - 0x1498dcc1d84eb92d7e41ee99596e1825901ea430fcb0ff64d346e19375981ba8579d6ebf325c8809f1aee58542bd6c98_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1634b13dec932a66d5b3ea6406bacd702e020970d533c29a3d6fd80a4ce1e8138744eb41b0f1e66e956fbace9af6a151_cppui_modular381, - 0x0a4edb2465192b1b32c84bd6791aa9795b8533df963b1626c8ee548bb5f7430a563d0e662b3053cc12cd256f9e8471a4_cppui_modular381), - fq2_value_type( - 0x049004fe74f14513aa607d429e78203f86e08100dc70243fef9fe73cf9f04f9c3793b3fbc1d4833f9db371ee94e60bc2_cppui_modular381, - 0x0f2277dafecdf791e560c89086d7abc21e5f0314fabd492a0926e588acf7a34d30c0713ee2cb03054f44a7dae8288694_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0147be5fd09e02e8d64eec3e6737b40d4099ccfdd88651c692c7d4407a2822c35756ba40ca412f61e201b5cb649391a6_cppui_modular381, - 0x165fd26d77e79da63ffbfaa5771426f4fc6c925a92bd593d1075e84ae1db5e9cb0a7dffaea46dd46a44f6cf904cb873a_cppui_modular381), - fq2_value_type( - 0x1507d32ecb1783a069322547839ffeadd5bc4e04562dc36914686df787f6f82d5a84f32786996fd56ab2ed75e25264cb_cppui_modular381, - 0x0302e3dd0ef0b642fc55af194e4906d57bcbcfa1a3822f078fd7fa1ea0d665ef6f60531068bd7a6834b92618db91ea23_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x04c0d40f727b43aa40d5a66de08182abf5c15f6d3726a9f43085c7a9c8b535ab17bafbc6d90a6677905271c845768ff2_cppui_modular381, - 0x10e288228d368ee8fbfe240e2a0ac3214bc232334d901feb02f41fbb459c11ae6fb381a4022232b66f8a98ec5ed2425e_cppui_modular381), - fq2_value_type( - 0x0285029f076803949ea0d635d716ddff562a8ba9a652e43da0e1df737978432082cce2435e857a2b78c886fa7a6dce84_cppui_modular381, - 0x0a52fcec1a0fc4ec51022181a0e1e44aee18f8d2cda18c8ce5acc789838b03205919870c83b4ec54cc523d89a40ef62f_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x113b921ff6a06df8c8ee87288df68472b00f7f8dc243c12731f1177ecb8780fbd3765069e0fd5a8c1c7a67649b00d2a0_cppui_modular381, - 0x12d96c166c7292b72c7bb9e0e9e91ffdf7ca3926f67ce4894f0b7ae0d826d397c7fb8bba8e2e29abcb8aa9e7de01c42b_cppui_modular381), - fq2_value_type( - 0x0b9231a10b1066269677672e76235e7864d7bc0bc99d9de649c1ecca732e887c6c5975c486b44fae713541d130497bf6_cppui_modular381, - 0x011a97bd656717d31c74a17fec650e2a04894d04631792f14183ccacee8db3ddd731f4ced99488a133f66d12a66d2eaa_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x159a7f20fc1f1fe0f794fa735c6ee28b2837aa5d70d70d1f53f1d7cbae31ca04782e9261818ae6bda542076fb61c8bb1_cppui_modular381, - 0x03d48c028b98f10345bd40a59c2bf27229947241472986bbff174ea87d1a1d4721e2a03ccd0af2fad6d014fbc93f55d9_cppui_modular381), - fq2_value_type( - 0x0c5b2aa2ac824a6a3df42b895d61832e71202b8fa896eb7bd52e4f1360c696385db9fb84783aaea4e8ad86f80e2703a9_cppui_modular381, - 0x07fc3cf1d974627a821f223dac339045ede041850e3b6b542dc66b0d3bfd3a582c68c65ace31bb3986c70b4f59754e62_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0f228b023d7881ed41446c45cbc1fd05aecb0708291131bb189a6d826921780e1c28864cb0d84f68d4d1933d5bb57c15_cppui_modular381, - 0x14292b6aaa6b19596e452bef413171d6fbf68e1d7642dc0e815c8dda280c32d63279dcb9bd16effa5789722dd403c188_cppui_modular381), - fq2_value_type( - 0x05e1e5b8555c4d238726565fbca0b37042fd10cf5b7f6e0396d71f5660db2aeaa053b0be570f33c1349503829695eb98_cppui_modular381, - 0x0896a44ec87960d640a89fde02f969a079c781ecf6c29f8c3115f6792cdd20eb5046ae8aaedab29b0b6d12728b9863a9_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x108b91795a87e98f1fee29fa53b60f7bd6f397f6e716654e508303a0f5cf9adf44cda4c8698319da3b7f2f417823e127_cppui_modular381, - 0x1389b59456bc26b56b1ec04cd3deb42033519f78255e3569231d551c121bee2b42151c2ef3513c48851519133c7b24be_cppui_modular381), - fq2_value_type( - 0x13d4e1d3f953e836bdf9602d2fbb7496b8a922638cbca415d171de4a7df0a9ce630c9d14e3804a662ee558d415308993_cppui_modular381, - 0x0b154e4f42109dd3a7857f02cd95c480d205ba5427fd49389051f7fa927ea6e2b6c4373c145349e8cbd9ca1098fba447_cppui_modular381), - fq2_value_type::one()), - }; - constexpr std::array c = { - G1_value_type( - 0x0ae765904fababf7bd5d5edab78752b69917962c150f3b0311446579a083a667412ea18f009817a6051cf852e09e9c40_cppui_modular381, - 0x127fb89d20a2b31725091c033f14986b33878ef4853806987412126bd8135731c09d5222fddf44441eb4e04cee8b9469_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x140e91d114a6dbb835d2ae1ab50729b0553e3e988ca0451b29ac1458caf71b1f1c47ef2255814b4a3ccfb924f57cbe33_cppui_modular381, - 0x0ac830f2ed3435b2b9b3900d0bc0d74407467abdde9f72e922859ae1d2cb094299a7ad467680e7eff331e8a6f92df194_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x186aabfcbe235db4a2dcbacbdd571d0b2e857ada26ee83f0a4121c1bed70ee6609bc0f24b3ffc6ea8af50b1b4de25af5_cppui_modular381, - 0x053ea1258a76b5dc15460676bd2380558bd26cbd98266cb04bbe3d18656f68b8ea11c6db24fdffc28470fa8778e08882_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0642350f1aae9598397a7da3190e07b7b896696682c37641cbbede18f05495bcc822cc8bf34b87709372f3b8cb895a38_cppui_modular381, - 0x140f5cb0dc31c1db82e845f53882f8a7a0679380acb7262411d8f9b7877586192f1d306f5eba7b42fe937c3885542c1e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x04eecaeb1aab1d88696f17a3fb205e7d0bf517c16ccce694f196cf456b45a3983fe40aebbd2c0a5da701c63933d0c388_cppui_modular381, - 0x18dd9108754b69d09b2ad191b8c4f431431030619765f109a0ab1fc9a64e71d483ad96c95a777a0e73aa72703b97f59f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16dd473a6acb01617eb7b690657196e837013062c9a20d0afb16f8604882182b65ab55e112265e510b4a0a95ca2fe1e1_cppui_modular381, - 0x1937d9afd12b5a1334475224f967fae496c1b7ad9277845cfe9acb789d9d207d7bd3c2464b337669c9ffb3d5f643a163_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x19bd07f7ce52c9efe33aa9e93c98c9bc2ddaa4c762c52f988064438ed82dff92c49b5799124116af8ea46d9dab5cd5f6_cppui_modular381, - 0x08f805c413e0a8087b32052148a63dda612c34a988e42e8cd12b3fb3d72942201571bf46298c6dc697c1e51be539295a_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x00352edd966153a5fd28fe8ac333ddc95a4dd00a6ef16f7b59095e705c3bd5d6e8805071f3c8ab2a66f70e7a703233bc_cppui_modular381, - 0x0499e107ae36ceb8da7e1da2b83a8217b428976311420b4281bd428bc18b0db518e125d8a21e92efe1d68bc766ac4ffe_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array r = { - 0x05beb4119e1356ef39f98c7a7115452a3c4c1e2a48975c85d875aae91185fa25_cppui_modular255, - 0x256d4004ff9591bbaeaaf85cac883eed808de37eff2b45c6d05e6670b3cd1fdc_cppui_modular255, - 0x3973e132b07e7b2244f1172a11387054f7c9593b3b258475db005459a0e4bcff_cppui_modular255, - 0x669073a3f8b48ee66412051fc614f73fa8e4e967a81e82562d23bfe430d1e2b4_cppui_modular255, - 0x2d571b235843a47ecc75978a95b3cceb9fb28a6a2919e0304eb79201c4ef0352_cppui_modular255, - 0x622551c093e4773c3e1ffb69e99fcd4a31a1f727369f47b1df49b03b9534a8ad_cppui_modular255, - 0x0b8cb847f81048e85f5843218c1e273b56ce2608d7d9947cd1527a1fca0001f8_cppui_modular255, - 0x3dd77c298708150d79e47bc4afccf78a6e2f32a17bbbcab1ea41e05551c0e96e_cppui_modular255, - }; - - // setup_fake_srs - constexpr scalar_field_value_type alpha = - 0x66d3bcd37b8ce4dbc7efc5bcbb6111f5593c2a173f60a2935bf958efcc099c88_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x01f39625fe789118b73750642f16a60224a2a86a4d0487a0df75795c3269e3fd_cppui_modular255; - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - tipp_mipp_proof tmp = - prove_tipp_mipp(pk, tr, a.begin(), a.end(), b.begin(), b.end(), c.begin(), c.end(), wkey, r.begin(), r.end()); - - G2_value_type tmp_final_vkey_0 = G2_value_type( - fq2_value_type( - 0x11a94db67997dbc16d3264f65713f9c91631bcc0a41b40d939daa48e473185f3b30dcb58736cae7960e7a90ccacbee74_cppui_modular381, - 0x0c901bc14c169c61ca8da1bdba6a9eef854d459c979e39ddce9c2dac1c641292ba9c03df6e9c8ebae66631b57be768e0_cppui_modular381), - fq2_value_type( - 0x0352cf50478240133767d087078812622e6f267e966c9c4154fed5d825fc03578b1215c1bdee071bf8215b6ba1b6a282_cppui_modular381, - 0x14df34d9d13b6e0a4293c3c8a6cc2202f47451345fe2029cdb21a80060abc510e9b5aee8f7214693fd64292f30dbad7a_cppui_modular381), - fq2_value_type::one()); - G2_value_type tmp_final_vkey_1 = G2_value_type( - fq2_value_type( - 0x0b96d26d779c06a9b2450c1379bb24201491a85735f25a6c1302ada345a444fd4501c88beea6c468765be32dea1f913d_cppui_modular381, - 0x12addb94b450327370b28c0166aacd86451ac1d0a7ef10d00f64f2f595e9af7c1dffdf84c6b74c64ad72eafbfde73709_cppui_modular381), - fq2_value_type( - 0x1373290404e2b988334697787eebb3e1be4b1a92f8c58295625fd535885774951cc8efb2c31e650b69242b04c9fccaad_cppui_modular381, - 0x0a4381086a8ce37cee50bc3f05b573f242e0055b58bc7aad2956582148270f573e0c7042b5d1c160bad05e627f8f4793_cppui_modular381), - fq2_value_type::one()); - G1_value_type tmp_final_wkey_0 = G1_value_type( - 0x0801b62235fc889ac1b82372d71899cf163c1df212dc0e1f7121d2a7a67f5eea7d6562136782746d19cd9fe07233c125_cppui_modular381, - 0x177bc3d5fa4f75ae6b3f761df8faeda0ca9cd69fa6ab0ee2fa880c2367f699d24d86277132a56e8d5940b3f40ea0b60a_cppui_modular381, - fq_value_type::one()); - G1_value_type tmp_final_wkey_1 = G1_value_type( - 0x142bb1955ebae7a2ba3951137605da96ca427c33f6c86eda9aeba7c922ffb26c3cbc79312191644548fcd7fb08f49918_cppui_modular381, - 0x05cc2acbe11059daffa817815a9cf2749a3aed561560aeac0a3e5c08f694544b9464535631da702126c25b555950acd6_cppui_modular381, - fq_value_type::one()); - std::size_t tmipp_gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> tmipp_gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0957532c8d02eb95c0627eb17b0e6bb14d932aefdd6d76d38dfd3fe2077b263d06d82918260190f644fe576e6e976fc5_cppui_modular381, - 0x02587b67a0e6b12d3d7c461962d33fb18e3c593c9ac36689a02d8b73d89084a8b692db4b6ea092b9134c74dcbd3e46a4_cppui_modular381), - fq2_value_type( - 0x093c33d017e2ff996c35061ab21b4e36e968e6eab1bc21dad3e33639438f7bceb7e4c7c8bce8a04d1342c4d0ee31bc40_cppui_modular381, - 0x0582576fbd38a08b23fca59d91f15597c842d48168e26d8056ebe692dd2769fc630d6fe5086490babb38bcf85550aa61_cppui_modular381), - fq2_value_type( - 0x14579081ea0d470221bbba37c3699bccf31a044340e7d1fac1e7fddf2cae9d40a50dcfc723e976d18d86d46d10498751_cppui_modular381, - 0x0c6449dc3964b034054223de8977499dcec1acf6b7fdbd5ec9bbacffdb03fbd48bc52ed6f1da99b3517c8ee6bfbbd690_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x053e936386ae83584778282cbdce80f183ee757e515b76b9f384c38eddf75be5a87047bf239f5678cf7cda6e7534143d_cppui_modular381, - 0x06988693f7f232e3a27c80abf562b2353bbffb18bd87c9635621ac756a4f5ddb19f6a2259f789f073717d5a6320022f8_cppui_modular381), - fq2_value_type( - 0x0d2c79ca9245a3f02669d57396775710b4928e920e751aaed4b2c85b76b5cc52c1f310f2acce01207e05760e70720ed6_cppui_modular381, - 0x000836a24857b0bcb2944176457c32f60762630fd97305b415681c73800243f96835b6771d333829e59d29f2d31ad75e_cppui_modular381), - fq2_value_type( - 0x18030873862d91c08c54fad4c511d12c8a617be4dbb142a30f1652eb687d1bcc6413bf474aecbbe6fbb0a227dfae6ed7_cppui_modular381, - 0x0aaf091bdb18be326e3ed80cc65e966bf45b83e0b692be10a7dfcd33331d379720093a2510a73c4d66c87a244faa140a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x088bd4349c8a9ce80a029e4c30818ab25d919b25b5fb753175012a423260f101c410d0f8e4072c30d54b4ce3f70a9fe2_cppui_modular381, - 0x123c094cd7bcbdad08336e1eab34418ef3b75c62662b7130a5583a3150802bb2a4c0d9174ac062702d728e35f59ef049_cppui_modular381), - fq2_value_type( - 0x05313d19ae86e54f2a84f097982f808f190c485832aa2424b9001c3941f21d1de1c2e11ac8c260d49fe4f7a8fb4109b6_cppui_modular381, - 0x170265c68b46da3144d107318dfbccca0ff831964dbcecda9bbd87f88c0e38c88cf93b69025b0315098fd6fbc0762c6d_cppui_modular381), - fq2_value_type( - 0x1793cdea1394964c5ba8890e58dce7a556c737793b82e46f5288703594f11775674f98e85eedd94d7b06f56086eccdd1_cppui_modular381, - 0x0e06ecb20e3c9c6aeef7d59eadf416fe7721d0a8578b0e0b4594ad3c8f682c08adad78d1ab1a5e3f26c0764913544dba_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x172c2036f67767dd888cbfbf82354dc3cebf7630855fe1f4f93438584f18c0d6de1d9c34a5c7c98d6d0600d606bbf178_cppui_modular381, - 0x14a8d8b6a3e969b8b0fa3a1b4eeda8410d756b4732edc80059c4af8b63c7cc6e6ac7910d141707dc812a34e873ceda21_cppui_modular381), - fq2_value_type( - 0x03ffd62c5037391900f0f0f544aa3daaf03bec1545f1b966c49b5c1643b5ad3f6eb9816aa85e45f5c3b66fff6f23c37d_cppui_modular381, - 0x09261a65d552b85fd64613a6667c0b77c5b106a265ae1d87280c12c57b2863959a74b4098c557d77d3931fa30c353e71_cppui_modular381), - fq2_value_type( - 0x0912e182cdb82304d1d5e92337a6a8f6b30227aa6dd447b544315900b31b021771fd4887280649b596f8a0cb0cb80a3c_cppui_modular381, - 0x0a87a923d841b32f68e12484ab4730e308d2267511f4b76b12a0dde77ac8de2cea56495dabcdfeeeed506739f40cf1b0_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x00fe4b71ffa4137b4f38cd1cfa620a4a4d53a336c2dbd9fca07638ab6c6008170a671f80153147f5aaf4877d159aaeeb_cppui_modular381, - 0x025811f675f731e173e4d30a92ad5854f60d080b2d4ada40cce2c0abc57990d16159d49b50a2cdc069eb6e75332d02cf_cppui_modular381), - fq2_value_type( - 0x07740d3555f5d523bca3c568aae61a460e1047260de655e4a03d0c0f90a7ea1b8128989ebb635d0632bae43c69583ce7_cppui_modular381, - 0x08b03a8db7ed17a90338fd70d03d66dff90a5db16d225ec9ae0b0611c0b3b40d8eb31236af58198d60e9feeb0b087598_cppui_modular381), - fq2_value_type( - 0x16fe849a1a844e70f6aa1b98d0a14e9ce13568a3d7b76881fd63220fed7bb2c91cf3d5854edb244fe7d5170eb7de3bf7_cppui_modular381, - 0x191aaf792613e3f2033317be817c2c71ff6aa2eabca853a27a3a256c7fe8d3c1c7e191f7146db95903ca9661f118183f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x158ee8bac07cae83ecd40c072bebfb651cae01bc65b0a19ae974e5b0b0c887d774f9df02f50802b8e02996feeffb7508_cppui_modular381, - 0x0903e76c0e37a5d416ee7fbe57e4d06bc21b9dc3f932776bdac0a433756c31f7d4b738d59cd8ddedf93a9a60bef55835_cppui_modular381), - fq2_value_type( - 0x110d0df783583c5ba0b6b4f00c1fa40c496df4d97e1aae1fb0a1d811e34c93f006a666788a7add38c17560ad1f3f8fda_cppui_modular381, - 0x0f5c6bb6496f3c69fd9402679e11f584d404234d5903d361154b3d275c8b47222e324d9df2f851497d985b5a83bd6e13_cppui_modular381), - fq2_value_type( - 0x0900d3f664aa042672c0b6860790db5c74c8628dad996f7c83f8836cab1fa976cbadc749a8ecf85ede5b5bf67794c675_cppui_modular381, - 0x0a9db1cf9da24df7cfadee0f658badb29af4fd9e273723639d47cd10734f92cfc438f731ae4505ef62df071e9e8cbd39_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16305214e8b8083778d253ae9bf8ee30a11419beb9469f0031ae8b29d28139e9b4b7b8d790004bf9efa503016387cc59_cppui_modular381, - 0x14da7b4414c9a73388cf5cfd6454975e93f7aa2a3027d3ae96bbe4164639f2713817f0aa627230a9c483cb7e200ba860_cppui_modular381), - fq2_value_type( - 0x155eabe7500b83f47309466ce86cca7bde55165651a7ce058ec6ef5ac0d6afaac88a67b3654c615d0fb78800e41e176a_cppui_modular381, - 0x1959b1a4b02b1db436b39bae4e3887f7580a4035b3b65cc48b812e6e850ebfab96560521c2bf2418ef24efea9ee78f98_cppui_modular381), - fq2_value_type( - 0x0f1525dd4ded5e30c113119742fbbae6a1dd2705cf410821c7ebd57e12cd8afe938d6beba3555ad84f4454100333049b_cppui_modular381, - 0x178040453bbf6e73c4acbcf46e3bc053fa26d678762132a70407d6929ae1b19a54d00f9ca58f058a3f4b14e6f14a3ed5_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x011fd5c0d0ff818b3285dd924169d90615f631eefd370c529a7703d51f440c805190c15b8ec3cfdcdf59cd67fd81ecf0_cppui_modular381, - 0x1763e7d98226e2003307197b3c1cec084af340d17f392b74bb5119090d534f420bd2aae92d03268d044308b3c501b35f_cppui_modular381), - fq2_value_type( - 0x09f454230d61a6e626e01d20168e6199db6345888b829a0653dfc18afb7c224d36a9070edffa2c99d859b7df5ed91e11_cppui_modular381, - 0x089e677f497fff7247e001db9926026095751a31bdfbf9244249c1613d9eae8b507848874534c28692d0321859710f6e_cppui_modular381), - fq2_value_type( - 0x0ab900f602fda0715066768b55b2d0620077e57a0aebe58f9b520818a12ef6129438d130c17e3ed5f9227f82e12621f3_cppui_modular381, - 0x0d7848ce6209410a5046e3f9046a7c9c6a0b730b3ec45dd91e7f791ee408896eee4ecbb8c4bcf6a78280305637668ec7_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x156e1bc01e9bf7f5fbdb240eba8618bbea8c1e4e02424302705e8792db700366a8e39f06dddd9f73804ecbef790345dd_cppui_modular381, 0x055a5bf7d588660a879cceeafe2e03f77fdca228cc692da9c4e22bd4dff4b3fa7fef82cb03d19abe85e49da56dbd06e1_cppui_modular381), fq2_value_type(0x189639597109dabac78406e60c15ccffa7084d310b197d6f59c60955c04d263d1ca4c2b0d94beeb50a3ce2ec10a9cc88_cppui_modular381, 0x15a0c0b0824785ea57a685eb0af39d1478cfe947f57e8691e94d15f660a617b526ad3b0527f95df6d586363ff6a6554a_cppui_modular381), fq2_value_type(0x147ed58c1ba4663879f4b4df925a2e94987067b7eee50c6d49952df0291f834604d87f8a9cc87e44e4558ab5f80c5c89_cppui_modular381, 0x17af81b920871eab1f38a577485c44c7c09b640372dd96958da9b2b4837040fd628faaa0a1b72a1bd7300a96eb2c5c42_cppui_modular381)), fq6_value_type(fq2_value_type(0x0ede6c6073ec86d4939b5b5599de443bcfc85392606b9809767612c7b07bb1c0e08eaec2b492516b7faaf188bdbe3e38_cppui_modular381, - 0x1675c0948c9985fae3bcc8e0d4ee5c0a1858d33f7fde863bf29d35970016db19d72ef000ddcabeab2cf776cf43f8f078_cppui_modular381), - fq2_value_type( - 0x0aff723543c7fb1c786ce9c387db34bfdfbd7482351b4db92090a3c1c1d2e56e56bd3cae39319156c9b292933b050e15_cppui_modular381, 0x0e39f41a308a27cd580a6d1dc37c8115e437bc6598193814d1c7e5d5d28050b10decdcbefdbf5436a7a44920f1660304_cppui_modular381), - fq2_value_type(0x1817aeee6af71229f109558831d3f8c548577ece71658d5731daf069ff4fbef8a384445c820add288b9695a8fa5c5568_cppui_modular381, - 0x152bbe92c49ed9d8aaf7e71bc196a9943568730dd034e191e6ef93e2bd5546ce4ff0057d9c465147511ffcb4f66cd3be_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x1310cd0eafab9b09e91803d930e926a0dc3d89fece355e1a8101673c885f1b86e9361fd2f2dedbc6edc73db336537d8f_cppui_modular381, 0x116bcd6589ace54f061964a4ce85a929577fca43fd3d97cfb518f69af121d074f64523a1cbe03c064e54fb27692ed7a0_cppui_modular381), fq2_value_type(0x0548a0c69aa99874043f35e7e168db5caf325a45faf5d99b2a0b251eb75f29925eef5a85ef540f519f8e76c421c7efd6_cppui_modular381, 0x051fbf6a5275c86f33b8405cd76a7b0347d5c4974e43e468e74a8d287d531cb751c7e3b68be8f01aca4d1fa3a4ede275_cppui_modular381), fq2_value_type(0x0421e6d957f1be56ecbc4e46fe3bcd878fe96ea904da7ab7cee7ec01b78805e914a7f5f87edaf372323da7adc422bea3_cppui_modular381, 0x10168429dafe94d57b489ac7f6397ca55b5dfb00ae4991076ef465a48da98acfbd89485616ad50db9d722632c4f60f6e_cppui_modular381)), - fq6_value_type(fq2_value_type(0x142d381d10a9c58284a41835bce6ae63a205185a51ded39a6552d820b7607987e994ca2955a87e6cafaac24b1de2b6d6_cppui_modular381, - 0x179ef5865e5638fee9ca1907430d70e435a27335ac2a67c4bddd53bfea7941f929effcfa5cf16541a0927ea22fcffed7_cppui_modular381), - fq2_value_type(0x072da45ff84238c87099aa21c6b2184719707e80c4a715f1cfebb0267a18c16c3167560ff55b9a7c5d30609deb1f0e77_cppui_modular381, - 0x186003ec211c3e6abab26ba6e27de48f6cefb576528c780a97d4facc8156dec281229c551a6746ff652ab282888b7c9d_cppui_modular381), - fq2_value_type( - 0x00b461a33d25a5c64a90abe32b9265dce184400b1ab70fdbc36ff3324ca613e98422247d766f9c8a67558f3257a1271f_cppui_modular381, - 0x051728d4ea553931c3c8a87e776eda82d2f62f63fef88783178fc141849c6cb8146c6850712a40bc5b82a399daedd5bb_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x13ea098057e177102953db1df0589348a6655295006656c06bfa3390c9eb835dc860fa057204307df9150fae29a61f96_cppui_modular381, 0x0f596824e576ab4c4bf8d97558b9dd4fe0fba650a0e50100058656ce90fa84fbe8059bcb33db75f4ea1cfe9551899e46_cppui_modular381), fq2_value_type(0x15ae32b40c56157884f87610c7b23083d19bf1a279ac57bce705be662d90a02566f1606f54fc3a14b80ef68bd10ab4c5_cppui_modular381, 0x1133ea72e53f69fdf916c68b8b6000660191a3c915e87418267df115f6587d612cfe635cfe111c3655c3382ec7c63ff1_cppui_modular381), - fq2_value_type( - 0x0b53e05e2d076ec151848698293e0b1a41b6c1fe5deac89f61fddae1647a2da7c9d239238a481ddeed94e7f06f3189b9_cppui_modular381, - 0x0ab2513c0eeeaf4466d6b346688bda400b885efba592f23b4d3d96c5b9d4e87e654954f121a214c74c567612ccda9f49_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x08a6144c53f747e0dda05d35562849d1ec46034bf43f42f8136e9a8ff3c854cfb7dfebb18982c3b6f0407c187b8956d3_cppui_modular381, - 0x13bdcf2ae88835a1b7d972e456a45904fbd08b0093679012bd6ce3f54dd801cac4621fe387067b6d5da937f396eaf608_cppui_modular381), - fq2_value_type( - 0x0504208dbe8a6fc93d1b2ac17418f28daac115b36bf836834bab568ab794bd223ef947d4ca99339efc9f7ad713e0f9f2_cppui_modular381, - 0x0b0a177954d9166485dbd39b41fffaec6d4a43e10f68eb2345d932a06a2a79c38d20c63a5698b0e69249948af41197e5_cppui_modular381), - fq2_value_type( - 0x0f5dfdceb42c403e7b5450b8b9c8b7959a42b4129cb1c6a7bb0b85c27624a577cf077cb5cba6da2bbfba8b3cfb6f41fc_cppui_modular381, - 0x0224e3e4f499afc21fc8c55015c8d186c344866340676f89a3a542990258fa85d5f9dfb869989bf06f630752c5b02ffc_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x046bbd0b03da2b070991eb44cadbd7911ecdfb41790cd99005398bc1255bea324c162ef11083a7eb549d0fa3b36bc728_cppui_modular381, - 0x10907290040d1825884e29638c86ba1a938090d2110c9d68dea715eae9ae733fe802eaf5a5d72d3eac73fa699fcde518_cppui_modular381), - fq2_value_type( - 0x050485ecf55fc524bf10e9845b4bb0138d151aa80a9a65190557d17906fe34b0d182b77ac3aad730a9d2aa51ce9dedca_cppui_modular381, - 0x0dd212f5a44a9b6c29dd0ceb718520f214e1ca05da5970cc8f999226c0000dbf6991770b06549d3927acd1c2b0508d5f_cppui_modular381), - fq2_value_type( - 0x023f3c120d9728a0ab7ebdc2d3e929f757f581449186881d935da1b5128dadc9fe9952b2aa9fb1be2365b94fe8efabdf_cppui_modular381, - 0x10330d931a92ef2971a0268dee6d8012e43c8dced067d9b97bb5c0c5800a75cc8ed18eed9fb17bb957c4e7ac2c165ddb_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x06a098b569741a7a9c7ceb3592229d118ea5bec6b4c152db2d4b2097822a0bef9f8498bfe6bd3a68b88bdbb15ecf46be_cppui_modular381, - 0x0c2ba20d6e83d0bc9bf1e5e71d71fb2f7a29ae232df626f76feb0248d1172f8d99ee77e31aa450b8f8cf3fa3a0b1fe3f_cppui_modular381), - fq2_value_type( - 0x10f9dcced6b992ab5a27396e26393ea1007c1c92feba80e603c5d7bc6f0dffa3f13be85deb938767ef7cbfb7f82a09d4_cppui_modular381, - 0x19f72da9170d935d28c048ada8b806506cd088484b873fe0d88a0298bc6960cda75c1f07779b9fa4f702ec0bdc47e7fc_cppui_modular381), - fq2_value_type( - 0x0084c03e3085f77d751fb5dba32ac67fd5b257f19a448dd54a4339e3cd53e550674b7b745f31ba35297bc64c16af9f66_cppui_modular381, - 0x12c3e1c362125f24761da9b2953cec8bbc742227118f0ad236430882efd27727dbed2f470f996ce2a86055b18933c596_cppui_modular381))))), - std::make_pair(std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x11636ded8a28e71c4ec534b21f25630c4432bee1d8bb4c12589b562390215bd05e0a5d36027b75ea1ebee52fdbd30999_cppui_modular381, - 0x0c91c9c3a2fbc87c918c250e8e690deca092bfbfdaadc545f0a8562c4b41c1ff26e1a998aa8f8cea9823e957f737c95f_cppui_modular381), - fq2_value_type(0x169f54075fe64793c5d28f67f0b3c26ebea2231144cc35ebd998fbe4822b6a7b97238a71c43b070476732c20f59ce8dd_cppui_modular381, - 0x00bdc66235aca5675b415f67e70c1273a5c79325102113546b19c6af66e5d7eb9795aa00eca3d52d6e924df262a854aa_cppui_modular381), - fq2_value_type(0x00085900d93bbff3d2fdca81a7751d7f8ae70b6fa65a401672d1ef36d837182f8405f82fafb6aa1f208e0515f549b113_cppui_modular381, - 0x12c2ca1c15c4a8666cca16f4747cefe67a2a4cf52d05d894868a5789fd326b0c651931aa49286e018099f449cba406bb_cppui_modular381)), - fq6_value_type(fq2_value_type(0x059dcfca66157c202444dabb92d3b07c53b1757fb4c9fc03ba66c0a029a56480a17200b4a7eab1529c56bc2cd734c83d_cppui_modular381, 0x0245c89492eade1b0ea9e38f7c7fc3c4a8c2e6ceca32f8ceab88d98b35d9d03739c7fba4138d84e6c8baadc55643d722_cppui_modular381), - fq2_value_type(0x19cdfe3738f8421b5c3144c21272994a96ebf8efa22dda8a71763ef7e1c8914334a1ef8a8b672334e3f4e35bc0007838_cppui_modular381, - 0x0ddc1d5a912a677505265fb7b89c7c9f297f60dabd29e520349c82f33f54ac8ce28c665ff3b3566f2e959898d9e0872b_cppui_modular381), - fq2_value_type( - 0x16429ddc15224a7a121948f3323f07e2cf5f683f0c0ae73f9407795f964e762db8493b322dc8f27d7a8e585dac935127_cppui_modular381, - 0x15573eecb41236f429b3acafb198ded663407adcf5bfbd6f0f3722000d94993f07ffa373dec967dbdd23351bb2c6fab3_cppui_modular381))), - fq12_value_type(fq6_value_type( - fq2_value_type(0x054120cd7a23cba24c173d8c8e91f98b0d420e9fc2e7ab67dcc5bb5463c3909f3d36353174d7ec3601dcbbeaecd9c8da_cppui_modular381, - 0x11d4c1592365acc081b5f6ff5ae88f4962a7bbf7b9b2504e10853c34c605273a9a08f75fa73516fba4dd096df58722a0_cppui_modular381), - fq2_value_type(0x17f3d78c977530c6828b91967c7d3d5a95b4d7343046f3cd0027e0ce956aeaf8f02392dcc6ea71b29f57385eeae54132_cppui_modular381, - 0x0cc7f4fe8b96076ad89c40a35e070d3f668c0f84f6b5ac7bd715e90b2839ee19694e53187e5777d619bc66cb0de25ba6_cppui_modular381), - fq2_value_type(0x1624650546e8fa3655bb73fd483de18512d5bd10c7207c0a9102ad057515ace8a383b9f56090b4193e153c27758dd45e_cppui_modular381, - 0x191bb4c835e30b15503dc114a605679297f1dfd9f1e54a247889427cd2c5ff7149fff03430e8e20514ae6227b22891b8_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x19dd51662e0c7f3cc3c6bba83586b08af9b7fc0c6b169f1296aadc9c84390edd3541b3112fc4b9c8e1a17924cedb9895_cppui_modular381, - 0x1676fa2cde58c7b32e2c0cdb25c318d2276556bb6751648155f161f4a0f52189b2ed3218dab3a5bbacc6bd0d2a938a8e_cppui_modular381), - fq2_value_type(0x0c37cb4e9ae4913f212e5a051a78a962992d931114dfd59cb82e0564703ce13ea3777a84a674be490a505ec8980bae2b_cppui_modular381, - 0x14f1abb3edae9566a53f67f14f564d4914f3e8e99a036ffc7094085407daefa8156db0cc884c0fb543d52b11a2367918_cppui_modular381), - fq2_value_type( - 0x1433bb62b65c2d2ed30676b1191f7009f13602567dc5c7d3726f1715e5ee4360ebcfb9877453473c2d0a304127ed3078_cppui_modular381, - 0x06e27fb53d7c6935b501a4f5a0a3ea25e4e88d8c8652fbd4a2de2a03ad66a88b28d47dae2fc248ed68ea69b1310ff687_cppui_modular381)))), - std:: - make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x139dd779524372b96bb40c710d1e4c42e5e7eb6c2a24cd985ca0dbc22512d307630fbf129ce1fbc1a5cd4132f696867a_cppui_modular381, - 0x0c0d8dcb348d44a162f1f91c4934ba484b0f89c030795fe8fcdc5aaa5c449b27852a001f2932997f001dca6f379a39c6_cppui_modular381), - fq2_value_type( - 0x014a092244795b1a4574bcf8f3f68c138c898a18a7c5fb09b4f6cd5ef92465f3d2731d6eefe4f0e6e434fb7f9e797826_cppui_modular381, - 0x01c26d6c33619e83ef214d95fb64b53888af5f9ab7d8500a3ba7453bfb8373c0ac338b1f61604adc55916266470b143f_cppui_modular381), - fq2_value_type( - 0x032a40e66f3eb3219a88322cc1a672d0a4bab7688665a8cf5629a8ceeaec151cc69c5381ca841f7371716c72a8755720_cppui_modular381, - 0x144b384eb544fdb22bdacb0f548126a0108da553e2b264edf5e7fe018107568e393edc9e64ca8896dc27a1ca1c7c575c_cppui_modular381)), - fq6_value_type(fq2_value_type(0x10284f4e83f16439adaed1efddb79fe9d280885a0cded5eb5940d93dcfbe318bdd8fb56e69c98e6f8232d3c3d2f59d3e_cppui_modular381, 0x058422d0b4fe6eb5752561a91e4a8960b1ffc667a65a2c18f31684772c8e65b594b4b8687831c2aa6e716722b3050765_cppui_modular381), - fq2_value_type( - 0x0e66d58687e71d2e0741cda1c8df641415356a394764eef69e0cefc3cde2b820a8d816efe9012ff57b8d2c9926deae32_cppui_modular381, - 0x01c913beb56011f4d41bc05222350fac1b77710ed11cc693ee02c9617feab15cd250ffb213a14d7c3097d53e61679a66_cppui_modular381), - fq2_value_type( - 0x17be5d11bd2aa3e0da7d4c77e11a54420379a0eb9c2a2db42d9f14904b4a8d896274fdeb00178698e62a5cd4ad85af82_cppui_modular381, - 0x07a35d77b81022ce61d03549895bd181892994ec28bf07e9fa33c84c541aec0ce0b92bcd5c964b0e97920826c01a702f_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x098460d358cd4b4776d0b962b3e23cfd338e2dca66afbab837f90f4cf5072c8d3fbc97b5d78d6a039024ed85b9afa60d_cppui_modular381, - 0x0abab264807f67f1b0fa283237868a6d9b4735cd93d00a93b4b8f15dc8a274ded9e1767e13083257659a8af19b4bf0fe_cppui_modular381), - fq2_value_type( - 0x13d0fcc3fb0a3d4398948986824ec71d9596c4f9b11f39be8c3eeed668aa3451646f68abf92ccc94ea6f2d33764de96f_cppui_modular381, - 0x077907e13946c298451b4c624015e5e18f0cdfa6b7bed500500d2e6fe6016b787eee7ad8d464bc775439c676fc5c8d49_cppui_modular381), - fq2_value_type( - 0x06cd66c7dfa70c5c11a1ca5ff0b00a62c01eea92a4c7efc5ffa2f0946cc7dd82688fcbc1a3d91121ae369b4040912356_cppui_modular381, - 0x19686988bad7e7a7fee0394a719fb135a6256d832999c3325af45fb6877c6a9e452aa4c33d738e0e43d239cfe81f030d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x10c632bd0a49755d7f3cb392d7528be8e535c1eaa78b6320d58884dfc9d04bf8065a18554ccb3f9b078d81b47d28b598_cppui_modular381, - 0x166b6c5bbc7deada98cd1aa096101b2a0c3da0e75480fb633d9188fcc086888e49dd1b6c286c62bf5eebf6e4d4d61930_cppui_modular381), - fq2_value_type( - 0x17da0b5e7c2cbf59d5acd35d8be5d6afa323e9f3ef1032de53da1896db56414084549fcd878ede90aad2b2312f2d7935_cppui_modular381, - 0x08eeedbfc0d9fe50e3f36077e4a1939afe6d67029f790168c3e1e765537556fee20fb4a2e91ee990e6a5fcc8ac968926_cppui_modular381), - fq2_value_type( - 0x026c536d1017d9a222e82b13694ae8152197a2a93150735b3e237dee99f0676ad7c6b664b3ea3550ff475ca67447af69_cppui_modular381, - 0x0efa39882816548d60cacb966d2f6f03c67c22a00b5a9bce42f80cd908bf18b9fe3789c1e9a1d1b3a0a65879db02fe13_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> tmipp_gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x09f4196e5ae2e24dfe000ebbfb373dd2d1130818db01c12d9890116da1dcac5ad7ec510915864d0ed84ec83ba7b1a158_cppui_modular381, - 0x14de7a792c6b1158a5e9f6d5046deadfa470e60fddb34af053c87ca6bdac8434460576e37388a1c56484cae823d7aad7_cppui_modular381), - fq2_value_type( - 0x111940a5cc516a7e4fd66fbd45d16d3d8b7dde9e8114d23b8a3efd3fa7f73e2c53c665159b4a17a4a3e6cac41c41c9a6_cppui_modular381, - 0x13f219ab7e4079c7106a11c1e43b2430984550c58dde716aa134190e08457148e05f90eef95111563baf83b62d92afec_cppui_modular381), - fq2_value_type( - 0x030571df0bf5ae3f7c2c9fe15a6270a9440f0458199e3c0764786107d8aa655b354d3d94f2bd2deec142b1530d7d8601_cppui_modular381, - 0x14a5d24e21b7fd584b06157b0238e0c915741da0ce5d7f1b8ded8ea3ef095728526032cbe5617898b6cb442aba10c336_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x09898cc2590f8ac7e5ad06605ab0189a5c0f3062b5435e56c0838c21e1ea829007a3287ce5dbafcfefa1b1b00eca1add_cppui_modular381, - 0x15f8f007599f868959d30e9dc60a91a91d656061b4e4f2f04d16153d0ef87cefda97dc162647ef6649770f159c1466aa_cppui_modular381), - fq2_value_type( - 0x1388393e62471d3c4fef1900bc647fca273c9601a2022219e4216064f5ec54268592393d4503be7c177240e21939d4b7_cppui_modular381, - 0x0cb19a28e448e5da5895f6ff4f877516fed83f35f407abe9d61a3f0733064fbd023362d6765fc606fc9ae0b42b94532b_cppui_modular381), - fq2_value_type( - 0x17fb7388c421bc5e460c6aff8371c1227d0188623f61772515728d4f5c48bcad0b0b1f81c7942402b8f928dfbd1a7294_cppui_modular381, - 0x1421a05bfa57e1c5bd5520639e7873b2569d2d8e303cee2bcd440c43fb0abb1b8b108ef08b5577580900ca416da1dbca_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0b67fc0d3f5bbc594403484f779e7bd896c40657f350f2ef724d8c68e241a7d08cc44be605fff1d0029ced4b8b16a440_cppui_modular381, - 0x07c10e44fe5a3830bc66cdbd1f68a05f4577c0573e9c35b971cb12e29a252e74700675c1bf78b8972778cbfc616bd23e_cppui_modular381), - fq2_value_type( - 0x19ce14ac8760d6793118657e9a7ea6cf0de196e4b946620679c26bb98e02ab127aacf1d888c0869bb1f3cefb0f11c80a_cppui_modular381, - 0x027115e304b98412aad798e2ae349dd5ce8e2266b2c721f176d18432be33c797906cce7e580d4faf1ca60e5f3e663ccb_cppui_modular381), - fq2_value_type( - 0x0fecf76d39d4802ca84e46c94b6594e4adff883f4896e0b55527c71f8890d9303f8b60dca0af65596ea24cbe29bfae6b_cppui_modular381, - 0x16fb5d3895c99229e7bca49b1fa6054da54db05956230a26b4d6d2cc3d0162cd2b1fed8d94f4a38ab0e9ec1474371b78_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x14bb5e5db3e3a76eb33ca772a7568e2ea7ff0494a15aae69671b9d72482934bb586c682d9c8eb38bae7cbfc321a510d5_cppui_modular381, - 0x126e98654f3498d48d67dac2e77c213a2fd2e3e7130ac61380b1f9d7fc50bd3519065a6a2e05031ee3233b463e50a279_cppui_modular381), - fq2_value_type( - 0x06589e8cc2998b1d5d978d52c9b2f8f974fba419616ad0c1e0d70542369f1a8fa986a673668f3e79f689b72e0ecdbff3_cppui_modular381, - 0x0287a86cda9734c1488fecbc77bdb9e75f4cceed6309ba9f0dbcd2c030e0bcc938615f9692e7d75f78620e5763d9c544_cppui_modular381), - fq2_value_type( - 0x137ac65166ec0f5cb4a5b49d75eef67353e772810d1f6bf187c249e775b2cf73de73c62b7db7c9587cf1e88e29dfb399_cppui_modular381, - 0x0fdd37ee79d99c19131540ad796e0ae9d1cf23e4adf0887327fe3691c1873319556b0a48a563760d2d1f07ad58355845_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1705512e571e8ecb125eb2fe3aae8c9687031b48c3c20ff55aeecb5566264dcdc9f847590dcabc63b3fd80e7b664e37e_cppui_modular381, - 0x0d2d947c1edb3c2b4965cfbca6f8731ded8a1a86b2adc93b2c42111c1c5fb0baee6d2fd53518f438bc4dbb53753bbb5b_cppui_modular381), - fq2_value_type( - 0x17631dd1eb74351ccd9232560e2c4620a568fea30dd06febe64be841358ccfa0c14301b42eeefaa3b9abb1f2e6cd602b_cppui_modular381, - 0x09387fdd8f7c6bbf3795899dce1c511dad8d51412423ba7e6ddcbf90f55a3080c5ca5aa1fd02354ec52e0ba830d4a1f6_cppui_modular381), - fq2_value_type( - 0x10b14c1504e1f3ced02f2887caf96c430363ba43332bfe05268ac007888eaae478077d04807fa2ab55482a0e1b595dff_cppui_modular381, - 0x0a100ee70649187d6904f4273bde81ea0ea2568774e29290182f2bf4f0b38b4cfd70d2abcea88fa019ef6f6ea426e8ac_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c7a04b4c0e509031426f583d9fdec0260898043037f25efd98a2d0b9574d85cffbeece20acac69f0d12afed3549efe0_cppui_modular381, - 0x08eb58319046ed71343b59c5a9380e518d5ddedfc29d60df7b1e83c106553a4e760886830562769509ff28977d350222_cppui_modular381), - fq2_value_type( - 0x0f38b984a1d6a982a6bd14b05baff37b25a485d532f80dd9482f0441a859e25d06a4ef86278c1d9267374e79471c76cc_cppui_modular381, - 0x0c3a608aca392192523f2ef59f61240f205f996ee983620b48fce06a5e0038bcf3ee2f4de7f5f6a7abf07d214a247753_cppui_modular381), - fq2_value_type( - 0x14b5438c6b9e8766205d79e25e772874c3e884ce7510da9f436e71b698052ef4fba99f8c2deb1040357ef92300ac471a_cppui_modular381, - 0x17528aab1d4b1391e0b09bb557a54dd2822488b35386ec0039b906789770345c0b6aa21bd274ffbf52954ce7a923b079_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0ed9437cd41d4831c5c2473917ffab0f6fa9d5d21aff666957b767a708bf370c1bdc46d7499e8b95ff5ae539205db5a0_cppui_modular381, - 0x11c87e7a6b21b4d8217bb251a83a1b88250a38d683754ee48d7a9476aad2b534efac8e8b6fde8fa19c2152b00fd71e50_cppui_modular381), - fq2_value_type( - 0x036233bf470a563a58af26ec791ddb6c361581cb94c36ceb289423874beb134c2b7a621cb42cfc213a14d3fd65c5f756_cppui_modular381, - 0x07d57a65d13f8ab324412e5207cfd82c137a110d343a7cdf3e40dbced712d9f8a0b641687567fa050bef53723e9db79a_cppui_modular381), - fq2_value_type( - 0x06bc9b70e5378a8e2e516177b9e7470e62d25278e467b6f8f2d2098c22c257c0236e041290e0cd3c721d2f77b3fafaea_cppui_modular381, - 0x054a3abd24deb9dad6f039af6991fe9efe6d3f93b408b1e1069de1551bb38fafb87268a85251d336c4ef002b82d172fc_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1705aa4618891aa01d9f5be3e34283b62ebe65ab370c001a26a3794ba41baa212d7c6e8f4609bebeb2fa59ed5a33bf3e_cppui_modular381, - 0x065a85de96adf5d8fbf9d41cb0195dffb0a8f8e030f545ac76c84e5578c0fd07935fc8cc8e3b534ec4cfb2e7dede08a6_cppui_modular381), - fq2_value_type( - 0x139f33cf02359f4c69ae705f7366b558ca01c16105c7ad5d17aae0eb59cc68634ada7ed201ce356d39bf82377ccfc584_cppui_modular381, - 0x17a05fe4f3a5397f715935db724d8ddff01051af8aa1c2533753362661fec5bf5f6e8e98e738ef6becef63f369f07e54_cppui_modular381), - fq2_value_type( - 0x14343543b4fb41c39d049271e38862026e9293ee8e20128cb08948360c619e3da1bb20839cd0d5584125ab2769c7d5f7_cppui_modular381, - 0x074233b64e29ccead63272bdab4278c477b7efcc4b887489233514afed0c29c366793c6510583559830f3f6fed4fce7b_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x065c53c8bb2d00ab09f63c46667109ea047795a4841e182d78702a19ba24d6682be7ef14a32ca7c72de3b3d2345a7b62_cppui_modular381, 0x0c18af9af392dcba801c52ed2766ddf818a004043f0a03e2fb0488fa5eeb357fd1482435fedd320d30f6b960e6ab622d_cppui_modular381), fq2_value_type(0x190e5e7819701a8d6775478762b6fcac09ae5d38c06e6af811c239bd31292b178d61fb07eb06f0802249e7dc6ecbde40_cppui_modular381, 0x044ed5531d7f469506a2213c48ec0cc5994a4fb0a4d7f7b8a7f0c1348dd404e73455230be575cd09d8f87887adb4b302_cppui_modular381), fq2_value_type(0x18cb61c96a086bdd8702850569c4b6f54838a0ff7e4684982b45d432066bb7cd5b8a5125b12fb40bea1eaa91f7593b90_cppui_modular381, 0x093d1e653c01ee68412487b57bfffcebdfa50a283ff326b7b1427a3e8306149ad1a40e5b895677af0cb21d85e37224bf_cppui_modular381)), fq6_value_type(fq2_value_type(0x00cc706b671d7c653d3331f2e68e79e02ed8f7e295a621ff02ca1d7761f71505dc618839a43eb1cbc56d3b4001a1d223_cppui_modular381, - 0x0870acf52b08530c66f9fea0719e4211c80f5ec1100ff81a602cc5966fdb5f86f8d3b8927a2c1c80168914b5e964f594_cppui_modular381), - fq2_value_type( - 0x118c2f64ff95809c89324ea1f21065e2bec3aee1f01dbd4a858421047b3d63829e8fffa3c221339d16604c31a0e6743c_cppui_modular381, 0x11bbc2ca511d06409053b7395f071bcb8bcd80089a788d89a9e1fdf20b51cf7312ba49a58dbb68e6b53b92a9bbce6aa7_cppui_modular381), - fq2_value_type(0x16e56dab60ef746c48be6f98632b8aad24859c6de9deeb20dd2092a9134d9018018bea2f4ba3da11d530aa880953623f_cppui_modular381, - 0x132930a777cbac72c382dc6b7bbc32b0a3d05a524a34f6793bf1f469f65f67fc8a691e0bf7591f69761c7bc734076431_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x09d054960da1dc78f70ab3b71e7b6248aca47ef6004b9987ffc3513153158d52279122d9d79d395008bc4a989f95b08f_cppui_modular381, 0x02fc878bbcb5ba839a1da397c8be9a2498f05589cd8356479d38c759a1cf5d6e19100e96be647d286b5dacf230fb1e25_cppui_modular381), fq2_value_type(0x0574ab4c1cf1301e852dacbfba1e68f060ef334b3028004a8e07c173a7a54202733ab74a027771e6c0132529120667f6_cppui_modular381, 0x04c368e41be1ce332b22ec693ec99a655b4b44b9ac37fa4f026cb11ac96c624706ba32a7f91c338f4ad36ef22ba8c40f_cppui_modular381), fq2_value_type(0x13e1454fe720bf84b1246b1494f7a9a955fbfd53638e3c145746d9039602a6230ffa40fd4c8adf8c0c8ca52edc9bc8c0_cppui_modular381, 0x1262649c45b556f477d46268d923cf9da7900198732d9ab6c397a56ee84410292e95a3bd5d3ef158ff6feafbea8b4e80_cppui_modular381)), - fq6_value_type(fq2_value_type(0x13eecab13e389bdac3ea5f3ad660bd13b069294d774666016ca143d4dd7c6ef223a8f24980a4138fb56df14855d2b841_cppui_modular381, - 0x0904cb4c080295575d8ccea88f58ca71d7aa177aa262cc7cc90ec93803b0d0f87c5f50c7cf2e2e689a05c01e01442c20_cppui_modular381), - fq2_value_type(0x15afe840115b621cd48b62a452624434d6a924068fad122dd2231bcdd79fe587ade17326d2de85adfa029e22f650626b_cppui_modular381, - 0x00b075566e5f148600de3378500290a56f0801ea60aadbb7f72ac1db6ef782b051bf30e5634dd24314d786b973aeb4b6_cppui_modular381), - fq2_value_type( - 0x1170814f8f7eae5d20c9c8dffda1c2ec24f2807e15a5faf1f41e5f43d0a3889dd36253e78c4f50e6a2c8225d6a58a578_cppui_modular381, - 0x0b583ca36821e66912297faacd31b0e42b265fde9adfd77a77e95949e1f5cdb8c4eb3519b95d97af4032bd6d41ef658a_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x0f001de8a7441bc29a89d1f301393a8ad9d79a6bb04e42ec218080dae1a02067b7e0c750a74f1b5519b82b286ea4d399_cppui_modular381, 0x02d6142af5ab4fb87d72597a5c16129310ca3c2e7663152ea2ed7362f7b03b9b30ee53f14a2a4f4147e5a6c12ff4d592_cppui_modular381), fq2_value_type(0x0ed1e2ca47b6d98a6859091d2e1fd80eb818111c27895d081041179503cac79bd98404e5ba35f16fb2599a819b1b8ba9_cppui_modular381, 0x0bea9231f17bf581f6d99ba3987b6185672b5b234640f1e3924e304024f1d6601c967dbda2aec476e707253827bb5116_cppui_modular381), - fq2_value_type( - 0x0b6c1792d51fe5f629d0ce4d37bf0cf1fd58403176e954ea2185718f0cb3345fa3bb31e3a5ec02c2f28cd21bc455a10c_cppui_modular381, - 0x05eb00868c5ba82c90dccc2566dcd04ea6823b2fdcb6c8558311ca877a0ebaa81f37ace1bdf92888228514f9547375fb_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x097ec801438ec91ca846d43989032090cc834a16dd8e8135a2a7fd967614d2db317c1103796f3e642fb2b583d7910d17_cppui_modular381, - 0x0a1ab47a0aced870e88e303aa69b476c77b122097a80f4263fabeb7148a82213a9cb2f0bf3d44dbebd221f86cbf94f53_cppui_modular381), - fq2_value_type( - 0x01ae6fb57afe6ab624aa7914d01a977423c3d06443c5385c9393cdb39dda4679ea5325942b3500daa109b0a498d0ccf2_cppui_modular381, - 0x06b0111ecac88f941693004d7441bdb3bf23edd1900aa410f9b63d53f5c7fa8f1f67024bf90323b1c94210405b4428f8_cppui_modular381), - fq2_value_type( - 0x0203d66d40255e2ef0bfec90f98f0cd2f41f3643ec4bb745f076d0df0872ad1ddb10dfdb6b571f3ae2f1646ad7675e89_cppui_modular381, - 0x18462d3e3388c7572cdeea8554f2690f6e6fc01a730a7a0c3cbd1fc9fc7e7820e02b133ccc25f4ae001e38a9723e0dd6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17e64c84bdb951d8610a11c36afd498eae03f1ff2deb07af060308bd13fac15f3c93972ead4f9465511a9353abc74bff_cppui_modular381, - 0x06023d577ed8176cc07f0a71ca9301bd3f8a272bf57f8743f38f5a881690cb64e0abe39a7dbf92ab867bdcd8bee38a07_cppui_modular381), - fq2_value_type( - 0x190abfe96bcf146f23a5f69692adcb08eeb9582e6fea485c803896ebd43aa32037990f6c8db4543a3003b41865de72b4_cppui_modular381, - 0x12d70b88af84f46199575d76c4975ad01b0f2f14d5359f9ca1812825b63268a2f93973477168fbb9401d93dd056438c0_cppui_modular381), - fq2_value_type( - 0x0a95071995132ed8129baa5cd0e0d5033c57213ea02827e4158f240426313e2adb093cd9fbad4c610ea78d1b8e430700_cppui_modular381, - 0x0a7f8d785f9323bd36551956fffb0a4c764a1caf5ee2d16663ca009426f0f858cace48d7707e6a15c2485ccf595e2c47_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x197ef60f5da19de3533cfba4a261344a370a42da6975c4fc17b73df4720ac108715f99aa14c3a78381d6be6f7045cd11_cppui_modular381, - 0x14e0109d23522f6618913029c48c83a414ba85e32978c4a094b36340d285259545184260186b11d7b4e4bb191ccc43cd_cppui_modular381), - fq2_value_type( - 0x0e306b73a44d4a6b6d5e45eba86bb5d4031e9de27273e882a524865c002f148853b2564efabcc739fe0e71ffbfefa29d_cppui_modular381, - 0x10c97d18145539741bb9d0b36f650f30bed5190a21f1182732aa4aebd33c0a195e9618ed4c616efc0da61eaf1faa39b6_cppui_modular381), - fq2_value_type( - 0x121e85ea553fe3018a374e40b87c1bd32bbe434e9446a39280e893fb53736f9530981ef82f1516070a2d8e6c08eab3de_cppui_modular381, - 0x118bcdb4b1ca527cf3f3a8335bb5a3e7d4b43791ca571faf06ec3a0c1c06c0a21406ed766a351b6c7c30aa8ae3fbb66c_cppui_modular381))))), - std::make_pair(std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x1053078f1dca8e21e67fe990ca54774c754b6605b533901da5377081e633901fb178565b6d036b84c1d23d4e354dadde_cppui_modular381, - 0x0c91dd3b91b97f40f99a9f95bbf03d31121923fc3b193a9cfb46b6dbab75f24d979949766d2b10174258ac857712ec10_cppui_modular381), - fq2_value_type(0x169835fd43016616b9d5db2d23008087af11813e0e50323bf79e162bde4c860fd54d58ea967cf76d9d8426edc4cbabf1_cppui_modular381, - 0x01ee0bee5d0568528bfb0fcd790c612d1195c471959efa3906e1b84234ef587e0f26a433903111d0b9b7b9a6a2bbfbb4_cppui_modular381), - fq2_value_type(0x0e1a09e26aa899cc835f78c64cb352bc228aaf929580c271e7267f32d09a6ab22c4ee7f0552c4d1740f451b50527bc99_cppui_modular381, - 0x0b92de9fe153181a64ce45b4f39f9d0410804a7033980d1afbcda61749cb1db9c4105f6d87be656206482ec9e3bc9b90_cppui_modular381)), - fq6_value_type(fq2_value_type(0x08b6d38903d92c1176c0cb915eaf65879a2a4090feb19633ebdec3c0dcaebfda97270dd6b5e9ba44b6bd1c825d96bafd_cppui_modular381, 0x1743bdbfc16ca5ce00e39ed450b699fbed1f004ab75e54c93453a4efd05a6ca7c1a8e3611ead74eab2de1bcf6404efa6_cppui_modular381), - fq2_value_type(0x0d422eee5db5c6e1423bdec571c86de52773534b2ddd9db1fbaa5d8780df33c5a7980ae29424e403fb4346afbd3fdb01_cppui_modular381, - 0x033400c16e3244bc253b5fad70a4e47ce42e7e66488c95fee14949bd91dd6eaf8f4e8cb222a9498c91b287d9bc8e8090_cppui_modular381), - fq2_value_type( - 0x12df9a4a429e18c8207df99fadc5468f14e1579450b09f0f55443172ef8fb70e19ee2fa41382c8f07c51cd73c9e4cc21_cppui_modular381, - 0x0e484ecea089099176261b39c34cdae1c974cb85ea72cf9f4ff0886714e670e49edcbbc9fd660d50252f11a3c1d4c47c_cppui_modular381))), - fq12_value_type(fq6_value_type( - fq2_value_type(0x14e63b2a67a07cc1cec73cea0848c87831f586309e5b345c825064d9243f16f193b899f50d545260789fd94219e54962_cppui_modular381, - 0x15df4b4c4343a68a6d1631e4397e3fbae05eca8d06ae3e15d1bad2009a62be02075e8212cb4595c0b834c03c88c7d552_cppui_modular381), - fq2_value_type(0x1565b0b60d7cc06526efd367a2ef636bed8f3a4eef2b30d60ae69380884ad57fa3593dc731b42d3a00a57612c672a151_cppui_modular381, - 0x0927d3f23c726fa6ba32ebe6a84c9b43ce50da0e59011c7a985ac202ad4101f8eda538e9643e6886cefaee1255e99c9f_cppui_modular381), - fq2_value_type(0x16c144ddc9330f07c33466ba7f8a5693345b4ab95d1d05e6ebcc80276f69a2602083b03919f8b322ae093dad48376591_cppui_modular381, - 0x085bb6feaf972bdf812f01aad6e300b16686bdf2d51018d75c869fb053ef1b47de05177d21d13b8bc933d2a1d2301dd1_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x02aa6d7498c5b2115b8f21fe01807da31d427695db8493e9ec4d4642aba78078da80271ff90e7ac8632d497a7ec761db_cppui_modular381, - 0x124802596e462913a38781a89c6a8c3849b93b8449f9d1a4586405111fd6c53b23376929d0f1f1dd4ac0ace302520b7a_cppui_modular381), - fq2_value_type(0x0ed4b7f92b0f555191007e6c1617bc67a6bce2526066db8002160867c7418581e95282c748506b26343b1d7aed0c3afa_cppui_modular381, - 0x13e6dcbffd190514c7b02d14a26af791e52d4fce9ac40938799d4369f2f6eb5e9e72ff9cbaed6abb1c045440beb90715_cppui_modular381), - fq2_value_type( - 0x14d7722b78d34b909c11b7081131deb6c07f54abe62ae64d238ad11c1ac93fd44e54c1837511954c79fdd4b14b091a06_cppui_modular381, - 0x0dd13ef3f8a0aa1da902f33132acc4a2380757cbbc076d101dc623e7c87838ecc631f4a67078d4a952eb922f57b1ddee_cppui_modular381)))), - std:: - make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x058af8cf182fab8fa2569d50874a0b459b293cb5ebaf799ea526458f34bdfdac511e19524fdbe0769d7701fc08b0408b_cppui_modular381, - 0x0e4a4a150c2cf7035b84d207c5952523bdec4ec109ac6c5b72e17e427c7f80767d5cf2f5b539edfed61493ab764bd374_cppui_modular381), - fq2_value_type( - 0x11e9adaa91b7925f378de6738411729fd8ba6271c495c5699e0ee9164ae26934e9c7389eeb2bec6dc80b1906e580022c_cppui_modular381, - 0x07403f5ca0015f2a87a07d6c77337952def21a4967cfdfa6c336ea332b2e53cbd58089a3252fc4fa2c69af350e578731_cppui_modular381), - fq2_value_type( - 0x0649b9b12c25e5fe3de854257b60ea8cb92a1356e18895455b70c5929fddf59b34a29018ff12db534a15f3ac86910166_cppui_modular381, - 0x0f7f015596193b076a64e02764b71f7260742039f44909732dc532a8d3c06253a0d58a5c49d7b07c10fe7b156a640fb3_cppui_modular381)), - fq6_value_type(fq2_value_type(0x07421e0e1d8fc614579a562f5e492bdbc55bd13690c5273e7d92f2d556b6a854d1437e1c6ef5817868ff11f7a214859c_cppui_modular381, 0x1864fee6b0258f12ae274f116a97aed6638950162ed7b74f3beb07b89101f9da4779d2cfff9167389d5b537adaa60572_cppui_modular381), - fq2_value_type( - 0x000b81d2287de5264816bbd051ee5f712d4b31ac4bea97b0d416d431c0e330f17266abaab1af0cf609b46ffb3c0e2689_cppui_modular381, - 0x0c340f1d081c98826dd701f095677573ab6b386560312ef5cdc42576d3b1d51a98eeb2110311635c2da267af1a61fe86_cppui_modular381), - fq2_value_type( - 0x0105af3b9a3aca403100ebf814e9a88731cfb6898150a745062f992ee59bf8937d0dcd649abae228eda9c6824860f2da_cppui_modular381, - 0x11d1d034333ee910563031103c771438310196499294d6f95024df0cf0ef2836b6218f1d16e028b6cc49dc3cb93239c1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x031cc0a0e8a10d47a5af87a9bcc167ce5afd34663d8bcceaa4c0324430b37b098b10034479539c42c77377e0963ccf0f_cppui_modular381, - 0x0ebbbc427eaf2cf9b5a57438fcc488b43bc58687e454b37a2fb8d00405e1ac4e3e27cbae2b18ccdec0db732f70c0271c_cppui_modular381), - fq2_value_type( - 0x0789bea4172c8680a5a9643b91da8a91da4f785311cbb4a0692c6fbc5a55725eb57f14b9f325ee494918140b218e6c8f_cppui_modular381, - 0x027912399bb68611e8de6637fe08cb72959f648b1a8ed0f8b7f2a1d4ae4186fd2fa63e80a208cebfb62ce0f3f03ba586_cppui_modular381), - fq2_value_type( - 0x1696e6d6ad196714afc1ff54c47787ac6ad4ccd8cd5410ddc504b2ff97b7db90a5ad2667637f8dad659f015c4f7c9634_cppui_modular381, - 0x09e92342f4f5ac91b15d610a17800633c06e8f80b24cc38aa5585426b3ceeee6a7d0d1fa66918370babc6fa3b81e777b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x15f86d487109455c22d316a69fdfba9b4290c63c2c3486ee2f027efedc981d1e4c41452ae32ae1138644d253772d15d8_cppui_modular381, - 0x16596779de4ede0014d2ffb7b8aed13d7453dc24b28e7fed885e9729c329a3189242bc3500c115ff80f865fe22a825cd_cppui_modular381), - fq2_value_type( - 0x02489f16c8af84e6524ebdcdcad1b549ca7d4aec5d51ed553eac6ab9bf77657733f72efd06fccd56bdc642abc4ed8aef_cppui_modular381, - 0x03d3006b63d70c94feeff2f1546d8b8dd6462a64d2bece1d49ad7fb5d0a101b1306fa73009677440f27328955e69f27f_cppui_modular381), - fq2_value_type( - 0x00d1ef16723ea8a1463a16799acfa4ca141cf843b61e0533a99a8570f229f8d980a907af1f3cbdd2c0e01d9eafd96580_cppui_modular381, - 0x1670c4b5b58fdaaf8c8f8e401188a9c5effc7eabcda654b5758ed681839571ab65d870dbfcafe296a72c8962b9df339f_cppui_modular381))))), - }; - std::vector> tmipp_gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1788826b397708b027ad4d28d617f2bdcfaa4bdd9e8ed558eb0e2793bbc7ca92e161fedb8d7d4e899928edd018b9c4e1_cppui_modular381, - 0x0e5ff5ac95f10e80f0d450459608e81cd8790ded433e89b54b148aba9ee51d3b903c0d6e8151fbda77e080ff0e2ded81_cppui_modular381), - fq2_value_type( - 0x15ab6ecce8f643d8040a160b28a88cc354d0f00a0e36f08d8cf9d0be7498d58049d9efd5a6e1500a847e51b953bb5422_cppui_modular381, - 0x18ace269e554de2b091e1bf93fe6f49943cd8d933a5ff07c44b74a5919b19003096689adfd70d95bb67e76b898e64ded_cppui_modular381), - fq2_value_type( - 0x055d9b8d6422d95ef658133c5c420428757d798ba2a4f3726a966b8f465f1ced397f342835c604b246c1a35f95652ab7_cppui_modular381, - 0x08d481eb22d5099d849fab89cd08a204ebea62645ea16b00a5b186a85272585e9ddcbd17a97fcfae5723ed9eed3ecb73_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13f74e51b80987e58a315930ed5c9bc4ec889b658d7fb1346985335c203ab26e45677cd9f0b270aae0f13579f37dbf0e_cppui_modular381, - 0x154d0f0200afbc37a60263bfaf2113724b5a418ed775d006347fb689f6e1e5bf9994f29525479a8592fe13507bd013a4_cppui_modular381), - fq2_value_type( - 0x0587bcb5d491260467ed5c4b2f61587b4cdcde1f95bd019a44812493a70d43e8973c9f8fe4d3efe5d1357868bbf6a9d3_cppui_modular381, - 0x0aac99645c6315981ac98aa22fcd9e5b793a98e9ad4a4303e3509b838f105af4b76c29fcd27876413cc8a32125414d3a_cppui_modular381), - fq2_value_type( - 0x0fbafed0658844cd1b17a8256243fd52b59ae0301bc2ac7448ce9995b35326a16d9607ec7c6d6df93a139e3fc9775f0e_cppui_modular381, - 0x0d25b354fc9056f541dbbb04557c2bd7c798a104b0532d630ca4a51f479bccfcc7145d1a38358dc4f1c715ed93715969_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0ee181afb0aaee4aff5e1f376ea7d439777d256497e6b2f98f4503ed7cd57511425fae9c35b5f79db8e6cb9b38793895_cppui_modular381, - 0x102537a00e697edaa60b7867d87998739ef9cddfe187457648c0a2be3fd05c92b8ef19329bd7c07c61010965e7bef8a3_cppui_modular381), - fq2_value_type( - 0x15bbf319ef5876460c111365bd6478d7e0c569ebf23a68afc9f877e29760042347e4e4aab02dacc71068b41d8b58910b_cppui_modular381, - 0x187682bad5baab7ae6bfdfd33ef84a0882cbee0980d5369df1538dd0761ed8dcab020fac9a0a4c5a027ad89f4eea5db7_cppui_modular381), - fq2_value_type( - 0x057142517f230eaa05b21cb517f67b5317ae73ae2944a904f64f888239fe63488fe5c657cbb56f3b5d1f2dc678e49200_cppui_modular381, - 0x101ad09dcdb181b32a1cd4f24d24dcc01978170243650e64d53b838fd828ef5e8bdbd0a9406323cb14cb29a0b787797f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1299f190879a96636bde6755bd4d9f45904273b95637c4188ef3aad491d90561ce2d3d79d0598314f462e46fa0631ab4_cppui_modular381, - 0x1546ca2af0e225be968677ca9fdfccce7f94f2a235ad79f881da67f8e38ee2b01114c52ed579a69ecde37e7517baee53_cppui_modular381), - fq2_value_type( - 0x10f2b3b749f94880c47b7f1d7025f2309da774aed1ae8a9736867fbb681de22e825e275f242691151018103797399948_cppui_modular381, - 0x04e5051ccfaff5b87864f3917a92f5ab654d35ed7d2b5834ce01d3854dbb64e627126a0d3ffc56f1a504c41bd8f90d3e_cppui_modular381), - fq2_value_type( - 0x194ceb66c0592dfa69c1dcae1947acd98a2b215c89e66ceb16a20857659e66969e81b1b783e6e55d17d516e331ed22b6_cppui_modular381, - 0x1063386db2d0ecab4c52fa3a83dcc07afde71e86c78acc6a92c389ca5c0c01b2842e79dfa789ae4e35e5ffa2ae8d07cd_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x19f1b8f6a03682198c18c32d747a03b8a5c7173db2f0ac69b9ad0b26a9bbd9dcef06982d7840e13adec3bb15b2acd77b_cppui_modular381, - 0x0362cdc0b3cbfd077c832bb0684852a2271566a527d885aff8f862250bda230c4b718e26c9d529cf08e5f04f7821ee22_cppui_modular381), - fq2_value_type( - 0x067b9cfd9837da2315f4d32c965795dc07055b467ff7b4b498bc2da512e08f9f2a4d80c1e9e3f89bd0b68c6cf396fce2_cppui_modular381, - 0x00f4d1b975803f0fd15afcb9d4514f48c742f46a81179e22cdfc307080491decce0a4c55cea84f035f01477ac524c83d_cppui_modular381), - fq2_value_type( - 0x0b1005b2726ba6a30a8eec37063adf03297426314949fe267d9bcd4d7b6930185c796549c4e11521210b95303e1e3e7e_cppui_modular381, - 0x0dec864d963f23f563b7c727416b5deb27f261fc5ac3c4c4332fd780d8dfe5259b92e63084eea41c7298d8e69e8d1b58_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03ecd0c7506029ae473df06e8f59b5786c630fdee5ccea677b8d005f238e8ee7e573152f9bf6ef1118dfdf11e7eabce0_cppui_modular381, - 0x053fb1d22d4f000da162d6eaae60baacf9edd626f32ed54f4fe8aaa6d795e7b5a336053aeb9c5f2781fe431a1822af6d_cppui_modular381), - fq2_value_type( - 0x00ecd51b11a1936147fd612794c814c53645c40d5b860147e25b4bb26ea1b32be947e07f4d19b267927cbc3e4321c983_cppui_modular381, - 0x11698628d730b5fda5250785c26a713e4361ba83eb2b2f9a49887ff066ff734584d944e69de4fd369de68bb9d3eb4ee2_cppui_modular381), - fq2_value_type( - 0x0e78b84c59a06e355d0116d97e014d75abdffcd2e3946b09aa4975009e885f05236d5a75c2394268aefa7c6e08caa355_cppui_modular381, - 0x0cede1aa5ee65400cc2ef30b083d6c5ebc83a36f1f9deec661fa5be68449f6e0a90fbeb32a593e717005cd6d697dde29_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x00b9d9899882ac57445b4fd07aa9113723698350de68efdbf08bc4a17c1ab319eeb46f55fcf7ff1b3033ca6085a148a1_cppui_modular381, - 0x0c0767b8cf8ec11100b904c4a2baf6f71e829c5d83b6f52bd8f240601289a660e3de419b28c87261a6d465501b573a56_cppui_modular381), - fq2_value_type( - 0x16648e296b016c5eadca4dc03b086b6a2f16615403294c57fa286127a91c86bb74324469f7f697f04710a35554a1144f_cppui_modular381, - 0x03ce35154d47de78f16948738ec1a850560a45f7859115a7bc5d607f0e3e0375bbd2fb164d97727e4f0660f77e16b285_cppui_modular381), - fq2_value_type( - 0x05670a4100105a09ea4a3879b609c1f02c40389387fb51db854e96dd09f6fe824adc5a9800e57125b370dd88c977bc4f_cppui_modular381, - 0x0e5297f8542edcd18e561849c30260f15b3e36fee82788d7335c541830b306f310a2f70d1c2e878e77382539cbd9517f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x054a2b51d150e6b86e426c1a7e95d9021ca8b4a2d53ab47d63e7d00025e08c2d6be0edc38c1ba4bf8e59d3bc357703b8_cppui_modular381, - 0x01ccb39c94290487328c84c999282375fe6b8d6eef862f172632a4d0d783bc37f93ed34f27408dfa7be6e5bff81cd2a2_cppui_modular381), - fq2_value_type( - 0x09cd6ca365331fd71323c6ac8d7a12617e44b8db043de286a7204a193eda47a6e1065c309331e4c2a2086f4ae12f2072_cppui_modular381, - 0x0817fd81a8a38b28f665384fd7d4ca01dd970bc051bd85d58496066d4e54f94acbbe91eaaecd76866cb5ef7425329d05_cppui_modular381), - fq2_value_type( - 0x1021a266ddc09f5473e7196124facc398887d22c93c1a84ee3df8f344fca760c5173d90907748247c75780f94f90d84d_cppui_modular381, - 0x1775fdad6cf55f9ddb48e6431d78c20b486e3ca59e6bf413e69537b481c7256032614909994d81242a1a695c1b6338d3_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18ee977c47aaf6c7aa71fd4ec4749f06ac3d86b55f7780ebe01e5c4a7616ebf4c114a8302df791846664fa7fe6b728b5_cppui_modular381, - 0x185a9a9659ce8843bc69bd59bf5ea40315988e571e5e75e36e1de11c2580e817cbd17bece84808d93d4cf299d01c5558_cppui_modular381), - fq2_value_type( - 0x012a219116e33dca6b7d516b23c516af99adb29cba5f82502c8d47576a0b3743c13ad830f20eb7c95d9856e2e0160a74_cppui_modular381, - 0x0cdc20a4d7c82ba9aadb2b5c41f679552850085a647a1ed289bbdd0b6fee2e723bf480d01fb07d8bcf8fec808d4d0b82_cppui_modular381), - fq2_value_type( - 0x01a064f407c42c4e6e7bbea5ca84fb7d31b41c544de4d0f4388ae1dd187bedf9832d8f825fefcdc5879b529f09a3e316_cppui_modular381, - 0x01c039f12535c58c2027c98c8149b1129a79c97619b3322b6fe53e34ecfb5aa2164f76853fb70aa060ce67c45fffa171_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x129272e1918dd4d038abf0fb5e2a13eb477f8fb0f5bdc4c5c009dbe8138465d0cded85dff4643e5045d6e53ee58e13a5_cppui_modular381, - 0x03d8d0af65c0111006cbd7399dc49a81f9ada13bc011f00e91708ecb2cf7dfaa87497a276c8d1a776e66f6b90e9454b5_cppui_modular381), - fq2_value_type( - 0x0158aa9b2d41dc421c8d553f14d77b1d503ecc700e356d75e2b510befee0029e95bc7838b9052b4d384ec3b4987942e6_cppui_modular381, - 0x02b6904c900007171f8274ed1382b580ba0459943d4c15159de7903015646e2ad0a0f91444a14809e85814838bf00d0e_cppui_modular381), - fq2_value_type( - 0x02bafeed0e1601f550b530d54ff29e27552e0b4acbcfe39eb41bca4ec454f9715c46bde3ca3cb487a572a86935842fcc_cppui_modular381, - 0x0194e79042c4789500202f452044650548ad37a0ace43425077acc28d6088f18c2071d99c05f931927809ad7ca03fe45_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x07eba3209bfb8059d8604e4fb9a3ea478890c8113149b2a3ac4770a84ab4315a776898cf519e1007d12c60ccab74972a_cppui_modular381, - 0x0096524ffe899fe8d59a67c82c48053b143b04917ddbf641db69af9e6bc11fee79eaed26feaec287fbbe43e1a5bb6606_cppui_modular381), - fq2_value_type( - 0x0865b3f04c25310c3149a10592590dfb8c4f491cd0d591c2bda301382ab63eaf30ef40d9c25ff82d6df4fb76b2290368_cppui_modular381, - 0x0d21f1d9cb8a13f4bf2bac4a933ff68ebafdc7c7665ebad1b81c25d3231fd7a5031c41204179b1354f609bd2c64342e7_cppui_modular381), - fq2_value_type( - 0x10aac69f15f1646f9fc9debdedec7809af6e4b579bda5a5e6fde058978e0454ecf73dc1f77711b34b5a387492e8984ba_cppui_modular381, - 0x168c2d2dd49610e45214c1d8b3ba55742b4db11fbec779d392211bd55af7134b829f83f93ab4168e1021e55e38030760_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x01939b04d9752ed9e012b11779539e4f0276daf50ff98b4ce4d9a7cd5df8aeede11f066449ae85791b0dbf50dc794a4d_cppui_modular381, - 0x18a22969a75c5d48f40ccd4514ca07a87879c4e56137526dd02ef9d87199f428535d7e8941b6bfa33be9b2f89441e4ca_cppui_modular381), - fq2_value_type( - 0x0bac1b4ee539a7b05fb986b9090fa8be89aa150b920f19dfa952cce6d6151a0d059a022c81987ae926e7303690d35c7e_cppui_modular381, - 0x002b80e78965bc2461a33e9ce8b54a8a2b0f019927dd47b06b8fd3cd56124a0c94cbbc70046cb124477f61bdfdee9809_cppui_modular381), - fq2_value_type( - 0x050188c029062c9d982b576d3763554257a6d2ec801933937dd768783ee7aaa22ddebeffbe8839138e32003f2d0f4e13_cppui_modular381, - 0x0b25b63b649c9ab56746deb85067edda70403333a7050545c1333e3d8e4e0801c408d0327585a1ea24a9aef780c2888f_cppui_modular381)))), - }; - std::vector> tmipp_gp_z_c = { - std::make_pair( - G1_value_type( - 0x00356ef47a6a688a8832dd47fad2f8b5981a564d3b7dc77b33f13dff52dbb4536b6108510785304da9fbda39bfdc0bb3_cppui_modular381, - 0x110ce13acd56d5f9188faf09684b5e299b848615ad9be48dec0702e42ff794730417d92c7d437ddb1ba82869b5b6fb60_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x11d1f6fa158a0424684bb00c08be8f01c6eb6835a1fbb6ac06606799e517b2752b0b047b70266013b9d932198ced0930_cppui_modular381, - 0x0d6d40a9e4c8aa3f41d50f3204216c78c5959e5d0aaa08fb0276665b50efa7e90749cf7ae48d353c2beb29a7d9703ed1_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x12dcde8659ef48bd2c3a97a1cf83482ebba995a45151bbccbd4c7c67c40394bb6e17dfb831087b58230edcaf2e6fb1dd_cppui_modular381, - 0x09e1e629881f8ca21b232e789536a1886af564ed99962507c26713f5f89996b8f2b4df5a4dd3bac68aa22db9cdca8018_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d59c9b4e2c5eb23d592aca6d1566b86344822141cb1795727d56a4d7e077bfb02d082253cf8b3f5c2195c54130b1ebf_cppui_modular381, - 0x082ab17c22f98fbe932fe192ff59a238745334bdc1cd3205fb36528f045ae2c822e40a02324c3f6240fdaecfeb57be16_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x099d68bb24b4eb1a3dfb7a7a58cc6aa9ed9387522e3b85cf6e961ef90fc4c036b2e11a9eb97c49cbed2faad45b7b2285_cppui_modular381, - 0x0c36aaf264d471feab21cc492c3da8ebb113b5e0d6bcb0f7bfd33387124f9c200044ed12f610c4884409861d4454d2c9_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x08875e3cc7412133fc32e0a11de22f0fdadfc9f9d8171bf8be7b6a989983c09e2d8a5f94758fcd8c91b1dc5b634f7071_cppui_modular381, - 0x085c74e6bf33a19ec050533fdfce080e22c287caca4c564bf425f969ec063da9a57a95b07670aafb9a7f4b3550a7f22c_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type tmipp_gp_final_a = G1_value_type( - 0x16677a33cf13bb52300de2eeb5b7ee6d8881dc2c92c5d530af32a24b4b42133870e05755e14b7f67c52376e12f11b088_cppui_modular381, - 0x04571811f397f733bb55d426f2446a05ce90731d70e20d9c93580e425608d8b173103d5044aba2edb193e9d41547d180_cppui_modular381, - fq_value_type::one()); - G2_value_type tmipp_gp_final_b = G2_value_type( - fq2_value_type( - 0x00ba1d9ac90c782327e89e3e90903f2fce97fba19edda36a300aadf4c6ee9ce7829dfb3959147fd395e74602b00473ae_cppui_modular381, - 0x1805551b2192eac55ecf0c0f2893fea211f472de862f1107edc0f06e9c838832058b439001d32486e56fd10347696017_cppui_modular381), - fq2_value_type( - 0x09328337ea6dc20868f8a0218d6cc0198ea4059dfad5bc867a5e5bef1372e4d3b976bef79bcb99e58872d43ed2d59398_cppui_modular381, - 0x0019a9a18d511e5d115fccc250239bf8b45b395294491662e5b755cfd4c7192335f7067797eed7ccb67823ea553d75f7_cppui_modular381), - fq2_value_type::one()); - G1_value_type tmipp_gp_final_c = G1_value_type( - 0x149e3091be2f84f85d2b44843aeace9f30ddb3494c844d61ee3ac30c86f84af357264525196e403fb484d128e7382c9e_cppui_modular381, - 0x17fd55dc172afac253132fc05a4d80a11003c1a33ebc5395b669342a3cde5b8a55333539acea6724b18471621426db97_cppui_modular381, - fq_value_type::one()); - std::pair tmipp_gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x0b97d76ed73bf157cc80f949a4aa6db46f76916b6fcef9aa9b8033574155d291c3cbec6d206d294b888f1f162c9c36ab_cppui_modular381, - 0x132abdb0a598ce209156b847b8670f20b124e8e617fdfbabca12c7705f8fd4a76728d69569ff8ff4779803320d8cf831_cppui_modular381), - fq2_value_type( - 0x0d058517aa6da0d0304f8d760b110db4b82241e6b2920152886886b1f44d84e51c5ecde215ffa0e432a708196e8bada4_cppui_modular381, - 0x070f638b8b7f2ebfb6e18dd45903c2e51456a6e864bde5538bd09099766693566edc8f23969ba9e2a1cb244711db7e43_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x10d8f80502ef9ec601d70736bc5aad2983cfb20fe603f849f85591198e51c8aef58cf5359df138a2a3a9f8049f987d18_cppui_modular381, - 0x15f1486e59fa64f00b6540b7748ab734d968956187e44de6d2c3815e5983e603caa5492f1aadb7b67a8ea4eccf61e746_cppui_modular381), - fq2_value_type( - 0x0e48a24a8e13189722a6b97581e0c0047c43dd8f8ea145be717ce532d7507411d4be62b5ac98c095d3be05351dcdf3f5_cppui_modular381, - 0x109a6017d1d97927bfc371480d05c02994db816c6c5f4957c4e8bfb4cb8611cb6df76f46e024660b0f3c34c1095ad883_cppui_modular381), - fq2_value_type::one())); - std::pair tmipp_gp_final_wkey = std::make_pair( - G1_value_type( - 0x19100904cf14f2dc549a8cc752929208ffba6ed67fa3c187a1816b2c2ae30ce26e5ecb530366f1c2c55a14c235663c43_cppui_modular381, - 0x19cdca0efcc4ecc2bc5a45a7741b7806106a5f0b9dacbb10c547af7ab4236aaeaea16a01c6b1e354fcc45108e1cc6271_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x078fa9d726a3aebcec5f1a5b1142544c22c352d8084cb7a7664502226e1a6c62eff689a2d022faaa4f322b6186a74a96_cppui_modular381, - 0x047c3e9b88ba11ef0dd4fd3956c43f4e200d5cde83459bc1ef1407340d28ac5b58afe21ec4b51c599e5ddbf6dbb0da38_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(tmp_final_vkey_0, tmp.vkey_opening.first); - BOOST_CHECK_EQUAL(tmp_final_vkey_1, tmp.vkey_opening.second); - BOOST_CHECK_EQUAL(tmp_final_wkey_0, tmp.wkey_opening.first); - BOOST_CHECK_EQUAL(tmp_final_wkey_1, tmp.wkey_opening.second); - BOOST_CHECK_EQUAL(tmp.gipa.nproofs, tmipp_gp_n); - BOOST_CHECK(tmp.gipa.comms_ab == tmipp_gp_comms_ab); - BOOST_CHECK(tmp.gipa.comms_c == tmipp_gp_comms_c); - BOOST_CHECK(tmp.gipa.z_ab == tmipp_gp_z_ab); - BOOST_CHECK(tmp.gipa.z_c == tmipp_gp_z_c); - BOOST_CHECK_EQUAL(tmp.gipa.final_a, tmipp_gp_final_a); - BOOST_CHECK_EQUAL(tmp.gipa.final_b, tmipp_gp_final_b); - BOOST_CHECK_EQUAL(tmp.gipa.final_c, tmipp_gp_final_c); - BOOST_CHECK_EQUAL(tmp.gipa.final_vkey, tmipp_gp_final_vkey); - BOOST_CHECK_EQUAL(tmp.gipa.final_wkey, tmipp_gp_final_wkey); -} - -BOOST_AUTO_TEST_CASE(bls381_aggregate_proofs) { - constexpr std::size_t n = 8; - - // setup_fake_srs - constexpr scalar_field_value_type alpha = - 0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255; - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - r1cs_gg_ppzksnark_proof proof0 { - G1_value_type( - 0x0ad9ab904d539e688d51dfd985c3ae5b48fe28b95503191282d47d6b366e2a53e21ae890306f52749d21666b98371708_cppui_modular381, - 0x1345e24d804d6be02cf1b3a941b916446d137b97c1a92fd36d3ea125d2faf000dcf622e3f602f558524c87546bc11483_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x026aeb313ea0d77bcfb724fd0898bb830365001a6b17c10e6926511c59af9c36dee091f5c5a8ef1dcaa2c242ca013159_cppui_modular381, - 0x1954c22621c04f4e80283616ca8e024a86c58062aed69c053849584a17ea39baefe2e3a6d9a81d771cf5240bf277bfc7_cppui_modular381), - fq2_value_type( - 0x00c2b1a57ca24010cd4b5eb1b7a3765bba0e16bba8e79bd137b5f3ee7b93c72f2a6f19aa74b30c05de75314c6027af8d_cppui_modular381, - 0x01334537a911f0f56d111198f3d1fa4f6d229e67acc36239e3880cbc298b2b400d75d2a35b9b190c31223e8dc77df6df_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x01fa9d8671ec6696ae5766c83d7bfa9508ad0d94b36df00ada865979bfd005c60113655fcd19f37992eb842bb4bcae66_cppui_modular381, - 0x17df4c2aa0d841a72cc3187eb82ad56f83dcd1a392bfa175ef7da90a26963ab3f1cf3b364a0f1a9c8f1e74902451a96d_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof1 { - G1_value_type( - 0x04950b72c0fbc98ed63bf338d331f95018e65821b0b63fe4776c8e189453da8a71de4ed86be50c3729f17642dcac7579_cppui_modular381, - 0x00b1f015a6c9c93805ecb0a8143e0c202d5b086f31f4420d91d7eda4e19d744f29b5dcae6313d088098a7376e7f1d38d_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0dce4e7e35ed6949e7132c280ead2bd33bea3d5afd8d5ae33ddd71fd81b6624d4baa4aa50bb4fc61ab3b6475dce4ecc3_cppui_modular381, - 0x08da12416a18cb4fad2a56ae2be196187d48b9f733c4a9f8f0383fddf6b06e37e46c41d5b62ddb976315864ee51a351f_cppui_modular381), - fq2_value_type( - 0x14f633126ba39da981d4f3676c0ad2d0879abcdfba33c122bab88ff0494a7c425793164cc07b42d13127f26b28301e01_cppui_modular381, - 0x0c7d788fbb2a93b89bee19a9f51903507a3b1bade0045d4827fc52d4ad9effc6a972bc55ae8a4418949bf582a7e57f3f_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x100fad40d4778047cb2c02c53afecd6b25204d7cce9d11e3ea2f7844accf6380ec9b421d5f0656a8c9be03a58ac0e78b_cppui_modular381, - 0x0ebc959bd8afb8eefe2904f9cf7831fe95bc946f8dfeb7c2f6f4e3d39bb99f2d966df2ed51580b8536cbd24cd042037e_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof2 { - G1_value_type( - 0x13959f8f1cf314f0d36de6fcf1a37e3c8c3fc31c7087613d6e209a56e48b6cad49d1ac0b9a522a1e397b05e33a606496_cppui_modular381, - 0x0e1ce1604e9a6bab679a7a6e60c2d8ca1553e5daa493b14a652817c903b0db4e923a483fd31eb433e2c26e28d669d3fd_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0371fb9497ccc88fd0a002f32b7b25dfafabda8f1e199e3b782bf298bd6e3090ca1e2428017ec810c1f8e230a23199b0_cppui_modular381, - 0x0d0ba3656cc98288785f04078f95f26d44a4986998cf70566e2fb951abb12dd597f650f9cfb2ccb0ea02d009b00d71d1_cppui_modular381), - fq2_value_type( - 0x18878ec7f9cc8af17133d57bc9037e5f85959d60354c499c60f28d09835e25bcbe3d1cc51a0afba06272ac4d48e46c64_cppui_modular381, - 0x0e35c4a708d02101b8aff1356e580f5b5ef57d6be16502002d5576bdb2210450a46db93e1fff3161064d486b92b086d7_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x049ec2af3342cc36e49f5533488d495cb7222121d0836952fc879f3fb46f073a3f6c4328a4acac5d86a99a784c188718_cppui_modular381, - 0x02c9a8fe286b1b976549d57fd3d677f393b630cc1357b5f90c11b0482cebaa97e8e0b927a4b2b8c39eb4b1af85c144ba_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof3 { - G1_value_type( - 0x09f1a68bb0428c34179c3c375ebb2c3f8c8b25975163ecaa6e71e690f76c2fa2d5022e20ca8035f6ae4231e36c9194c8_cppui_modular381, - 0x06df98360b6aa4f1ca6c3e96dad4544be0119c7ed208224a1201ce03759813daec68d5a940e1095cd5f1661c2c6c68a2_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x06aab594ec527722a6541fad603b5fb788e1806d750560e1c4ad95e43305de35f1fc56ad9e45458df56c9fa78936cdac_cppui_modular381, - 0x1988328897e57d1fa847d2dbacbc46e0ab1c936e595e726d81a451e932de637420d8499a11fea29a50792fd8ef4347e1_cppui_modular381), - fq2_value_type( - 0x106c544e28d5d00accc9f6ac307d3ef08933969cf352682baab21e60589e8581115131207b18280026b78807d6a49f1e_cppui_modular381, - 0x03082285d382aaa13230a4895dd3da142a25fdce91165eac137901ac2c1964278fa9de8313039bc1f28e8f3af0e5f6e8_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x1140867bb1399cc013b41291e4127f926e1400281e533e4eb0586052622d51ae135f91eb21c4aa8ed5d85cb68129cc4a_cppui_modular381, - 0x0e59f5f7cdf0605c0bb524256c3fa9c8186ec31024b6eb71c01ee9da576678a7d83f777feebf11c470484daf2e78c04f_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof4 { - G1_value_type( - 0x07eebe2a51ff54027dc2e9333736203449cf0fef6cc7b4539f8962e8f803e98d01d308984c8a437cf38636586c954646_cppui_modular381, - 0x09677592e47aaf01cb77fa2fd567389c3c06ab63944fd43d6538b5da3405d9c152869535abfe1bae1820f0ae744e71f6_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x15276efc1aa8908a0e13029274887e6e599603cf6ec63c3293f2178bf282fc5cd8ad4e2ee971eb945063719cdc67b655_cppui_modular381, - 0x13164f607512d0035923ac0f34333328917f598fb74e30fba45bfae098ed39e43a7b299fa871a91f1d2e3aa28d546577_cppui_modular381), - fq2_value_type( - 0x0234b5566ba1443b3d71a4d597b984c5e0401ab0c92394521152ffed6a15e6bb616cf454b2597f37d1d6d0825d99a460_cppui_modular381, - 0x0c28c5010a6ac31f5af16ce861fef465d978c534d602b3042e42b766997521a965afb25a00e3d91aa393482f81e87a2a_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0b39ea2f3908a057e90045269c343aa12c7c755fd7cb5f23a6774f4dd0e23097ae77b984d4b59d5e585161e759777c79_cppui_modular381, - 0x0c76a611c26bf59d9edc44baac48a21ddb3e45c65ec845da57c5d7c683bb18154459b42aa305bed45462014157dcbe5f_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof5 { - G1_value_type( - 0x0e6d89bd7ef0b93907916d3903b6c49adb1535071d6f681e03e687dfe90d9c7e74a0f55be0bcc42c9b16e2e99653504c_cppui_modular381, - 0x03413cf7e4d3c43f02ffbce3682dc7886793f821efb7bb28000537b1f7b4951f34f3293013f6fd3c211979966b5fac69_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x058ecb344b1465e18c0ef4893bd06f7f323a56120e948c04488fdffd27b511db0bac296a81b46c660957dd3a923ba51d_cppui_modular381, - 0x10c18ef70e107e145a254406337969dc20cc85bc22ea6acb14d39394760ed95f5a37b8fa6495bb347986e50678b9432d_cppui_modular381), - fq2_value_type( - 0x04c87764181d768e4b6ae9997cc9c62188e856fd650cfdfb260ff4a917da064d9429978b33012de0caafb1b3d4134547_cppui_modular381, - 0x07bee15dbe062c38b2dd97bad78c2bcd36b1d09228a0581fd38493873b4e22654114d2320e25afb7136857355bfe3bc8_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x095b0c84330dbd160a40254ecadf867204780ac0324b4912a90e75e0224c4457dfa4d4d4d6231f6520d93480b0b43a63_cppui_modular381, - 0x0430bc5b9127edd363bd0adcc3f957dd4fae7410a36a0b599f87eebaaf304fa23c8c392ad6902793f358f57e1acfa5ec_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof6 { - G1_value_type( - 0x16dafd3b138ce9789864f661810d80f3a27559d59fc7c7c2423a8a2e5d12c319d362f74d6231d998a8b1d3f5858b85a2_cppui_modular381, - 0x0d68d83c3beb8e6ae1bae0f6069246d9138a39bb49714fe1dbdac7ec72db27b2535cf62d9d316a2715c0be92df37c9c4_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x063473ae18d079f24f7fde90e0e613e7d1d736f761c00399767260637fad11ab995c6f45c600307f8b43e9e39db3efb1_cppui_modular381, - 0x091f08c799bb8ee1e3e3e9a7aed1bfe320e2a44db3b09e35fc72647155af6d11dc45661a4a231bde00b1750cf8f5fd94_cppui_modular381), - fq2_value_type( - 0x162465ff561f7eddb102f9b79ff9022c2046489602dad7ce1a6347c10868324d2f0bff43dd3cbcd637050afe6813588f_cppui_modular381, - 0x0eba1cc671c6e28c2558a8a8de94ca3828b6ef68821d0329becd029d57a4dedc4b6b8e107512b95d8b0864d017c91f75_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0c65859ee85e435fd159631a5cdb53c81746d75b8bd39bcda4290b774cdef5a45fc136e29e85ae604065f2a95ee120c4_cppui_modular381, - 0x10044930ad3a76b06c0965b63e3ce70777bc5e0e1a471cdcf60cbbbbd85bde3cabea6def846ff8b29824ba6ab8e0fe70_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof7 { - G1_value_type( - 0x14b8d9ff73badbeb796cf47a06178948d6f2aae6115dc7033e2f24835c3d81a0abb143c13cd4f5ec97bd7972008572ea_cppui_modular381, - 0x16743804ee158723da1b39a549bdbfc29ab503f4e8015e7f83cb0f7e486e9907e721b5319ba117b54a81712a7029b1fc_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0be8424bd528ad671ec62204e1d8bf1a633e40a9271535fab37992aaa2523003e2e8fb22136f4e5b5205c2df7a0f40e8_cppui_modular381, - 0x092c9c93a278821ce9d7d0dad3dd01457ef2acbedf3d51596180ebfeac0f49956690c84b09d66f05287632c1b98edd5f_cppui_modular381), - fq2_value_type( - 0x06b7812dac5bd4cdc995e6a07972aae556e0a1f63e8402b8b6f64064a57d27fee410079e5a1f64dea586903ebab7d4c5_cppui_modular381, - 0x0e83148931c3a1e5215f68bca10b70fe0c1ae09e1de0f3076d19532a08877af35c12ae87b1dcee68cb7d089d70c37d77_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0661e59a523ad7c7a6753f1e70a6aa3eca1a1a650dcc6941e18194821681719496b8f2c10b976db51fc9e296418e1ae7_cppui_modular381, - 0x13727560e334f46eff7575d562ef0aebd34d9b174767a8fa99e0c96afce0749cd629a801bf2951a28b8e15238044a655_cppui_modular381, - fq_value_type::one())}; - std::array, n> proofs_vec { - {proof0, proof1, proof2, proof3, proof4, proof5, proof6, proof7}}; - - std::array tr_inc {1, 2, 3}; - - // r1cs_gg_ppzksnark_aggregate_proof agg_proof = - // aggregate_proofs(pk, tr_inc.begin(), tr_inc.end(), proofs_vec.begin(), proofs_vec.end()); - auto agg_proof = - prove>(pk, tr_inc.begin(), tr_inc.end(), proofs_vec.begin(), proofs_vec.end()); - - std::size_t prf_gp_n = 8; - fq12_value_type prf_ip_ab = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06e382f2b5821951b0194812b08f3d6e7515e204ef39b8d4abedb85c6e8533ccea8cda1ff55a1d5bc46611fc81aa5224_cppui_modular381, - 0x17073262593261ee2ee5b05dff3cb7b2c775e4d8d6b67ee8a6ec86d38a461915f749646165fc7906e0f63a4a68f11379_cppui_modular381), - fq2_value_type( - 0x0ae1f55007b1d9eec7a4269f5532b2b26c3c618d8e0b18b54aa9cc9c8968f0fa55e3bc0664737734eab9b6280592659b_cppui_modular381, - 0x18ef647c9a850f7c069c6e699e09879a8fc078ff57eb2a70652c7f6c481d9a8db047871749c3fd7ab90bcc222c21af12_cppui_modular381), - fq2_value_type( - 0x17610a19b1994fcb5707d40c1f0af1d56084c28a8ba209dd241c694e9651776c60d2e6bf5ee947a1475b3d95b2138b0d_cppui_modular381, - 0x0ff40ac478ebaac8888ac0607f40362c4b7321e30c7ad2ed8fffce36675fb44811e27de762c9cfff7bf80bba56b03c8c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17cba7860f256536081c131b2b19ef98d1916fa60b08d7a87bcd821110cf9fea46c85202a3f296b420f290168215b750_cppui_modular381, - 0x131fdd3ee9f2510fbd5b42612ac9086edb31ce97cb1eba625f484ebde4c77b19cbb57e620af065466d892cfa8c29822f_cppui_modular381), - fq2_value_type( - 0x04ad75d70807cc5521beea75a4ddb5bf4b64b45b3fff6bb38f400c537a8b5f7f756f230f6332fb7cc119627f5f59b84e_cppui_modular381, - 0x12ed6b1a90b2c014ad27da31d9e117b09ea79e0361a90eb093bf2e0791539e122e8080d00dbca76a62a3ade0df571429_cppui_modular381), - fq2_value_type( - 0x02b2df29004ca3853fdc12342f145dca4b6ab977fbe3e5dc8b1a2280d95ea79d8ebe4d87ac75d7f05f4b5dcc546bd87b_cppui_modular381, - 0x05711b1370bf0584b4e2332c1705b98fff292fabfd3647753c856d0a815fc126e5e72813d342df67223879ec6794376a_cppui_modular381))); - G1_value_type prf_agg_c = G1_value_type( - 0x079e716292f9040c956f9d576c9070d173c4cdaef39e248e24f0ab10c17807892a43d1cad35f90c29be6035e171c4577_cppui_modular381, - 0x07d4ffd556911a0a12eee0693c34dcc23935dda6acd9158241c66e5c9b626941ff3812181929b4cd79746cb30a944412_cppui_modular381, - fq_value_type::one()); - typename commitments::kzg_ipp2::output_type prf_com_ab = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0f7f86700fba25905cc7727397ac7754c0408e35b50d4b6331d05a779df7aff08d6bd3ae6bf7a2ba089cf0f4a676807e_cppui_modular381, - 0x0e398ab7e0c2ec1f8285e48fed66c971bef33de4608b36fb90820c5bf5a589023cfb2119f92e30a9cc36baff880c7361_cppui_modular381), - fq2_value_type( - 0x18ee824c51763bda9d3b45f6bfdd17137417203a09b9f03d31f4d9649ba2298d41f1c52a8a844e19dcea520a706fcad7_cppui_modular381, - 0x050dc7c2c4b5175aa76a1806ce5f29398588c4f0c1b87db0e12e3eb931bb6bb6891a7f6ab89549c3faa8982dff8488c2_cppui_modular381), - fq2_value_type( - 0x02411f8bb63301a05bd37fddcf04ce98aa505e2e15bde17f76d39abbeb4664bd7065a9f36b0e96ed32c9b02feaabaff6_cppui_modular381, - 0x1985fcbd91ed5730857355410053844cac0dd39b739705d9c806f4ca730bf710963a567b07dba0ef41d03bbeeb6e140b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1173078dee8cea5b37e46919f743c60165ecbb76339d51daad8c5931cd090edaaf945c890c9ba4823570177183c490da_cppui_modular381, - 0x06e055db81f375171f6908f674d9a85e7c78255f2d86bca7f88597e9644244026bf3513bd4d3077a5b340020c55262b0_cppui_modular381), - fq2_value_type( - 0x001ce1f34b1bf03eaca88598d7236e8ac3c5384ad1ad99be7ba061c82a27bcd72fb2d81e59f9257c00594bd1922428f8_cppui_modular381, - 0x075c8e7805804a3fcb2b4504cadc66a3d8f344b7847157e55d8b147e0a7cdc00d28a6ba7cb70cf690db135f5bbd05953_cppui_modular381), - fq2_value_type( - 0x05169b67be0491b0fce790693798894c8756941bbe937ac98135bb1d1bcacb4942e62512135c6a4738a11608e82e78da_cppui_modular381, - 0x17871da12d59765097a9f63af94dec572530d2a6b19214b0df06f987cbb7ba8c10e94c3871d5ca0943ccc96cf25b4172_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x196f7025147d05340d2923fdbfba1fe7d8b1f9507c4b4af9fafb0c8b6935bd626fd36763506367ff42050150112bac95_cppui_modular381, - 0x00375573932e5691bcb9a4964b32fb8c10c5016e2eba58c6d862ee55cc4d84b0f93cecc331cadcdf23d24459cadaffc1_cppui_modular381), - fq2_value_type( - 0x0e5baedd265322c895a9bbeba20bda3d8baa45b9dad2f92f38297234f72788d828cb5f4d6528e9d33c9e1de614f21e38_cppui_modular381, - 0x13baff0694488c6a795547b4358a10fa19a33b99134d1b6c41d0fe7ed2691395ac2bdf38c9a6d6bee575d01180db7bed_cppui_modular381), - fq2_value_type( - 0x033c545927810f35b47036f14a2d7a3b5cc6ba4352851fe716e3bacf3279add22658f3362dd9f03c1bdfdc3107141af8_cppui_modular381, - 0x0d45b86dd6f7687ab04deea8b3b3775dd9815fc6f1a56d32ca02cc8e7179e5d2331f52fc3c758ee9ad71d470f5385800_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x19c8e6e82af38b425bbc423020935c64ce11d8a171c8b0688e4d4bee01780ca6df091879e03f85a40b3ab7cbd8d4459a_cppui_modular381, - 0x077761b1d7538edebc7915959234d2300400e187d6d17f10c4ead17ff21d6e1c5567dbdebbfe837e26a77901b731e73b_cppui_modular381), - fq2_value_type( - 0x0249b8586a5ecefea5ed29666f29f0bbeff7262a25e3b1e5d3cc2841e62178ab3159946effc6ba374778fc9b175d4f95_cppui_modular381, - 0x05d27b5a2470e83e67497139d78c40f09ce64a5011c48227ab7bc6e0b04abbb555b2ad8469aa512fd9854562047fae2e_cppui_modular381), - fq2_value_type( - 0x19a87170609c7ec1a291d535da29affced5d698344938f50ac1cc65da8f915ebb541369aa71fde54298b635a046d70bc_cppui_modular381, - 0x09451099402904c365f803d1c1eacdd9a54ac4e08b5c034c660f72654894f0997c6aea51c60061bd55072e3a06d7fe68_cppui_modular381)))); - typename commitments::kzg_ipp2::output_type prf_com_c = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x03b24655c4bd2db92adfe5d271d286983f22a1a6d60e5f166afecfa73e05585c50c67ff0e73700db5e4d3baa18763332_cppui_modular381, - 0x16517afbb7ff2395eb918ff88cb8be27bf39fb9773a0997b04512784c4f8505966baff58ca44a5caf750944c8b68e4c6_cppui_modular381), - fq2_value_type( - 0x05b147dd7a9e0c70543d0eb7f6e7ed8f768396169c46b6da48ae82c440c5fc848ddc6ff239c99d0b4c703b1792405ec4_cppui_modular381, - 0x0fc43ef927118a8d6ac088a9ea77ed1e003b41f4ca000030811f7ef79bc2313af8b0bc3599976e2b944084912db7a55b_cppui_modular381), - fq2_value_type( - 0x069bfff0e3c91efe2bcf45ca64ee588dbd74ef0ad1cbe7bc05b8547a788c69b2875c7f7fb3afc357c270c4330f2d894b_cppui_modular381, - 0x14d8ebc721ed1aefbc4ecc316bc6a1191c61e9c6e8cc0788b29f8f9a062afa8ab1b492a2c5ff29a6ac25586ff9ec103a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0459f47c8da5d144f1e00a824f0e545b00225972d292e63da47b6aa4b1029ad9f5cf9b3a71ae8a48539c3e2629e4d7a6_cppui_modular381, - 0x0a169c462a52f8ab95e436f718da4c3ab027ce86abf929e9596ab28619b7bb07a7b451c528fd8f12fc254b36b0e5a7f8_cppui_modular381), - fq2_value_type( - 0x122a0ab0d6860312334e11d729942e1dd61437aadb7e3043dbb5e69c12e9ba939594ebdcbf09f4e01ef7dbc40b5c2758_cppui_modular381, - 0x13262d348adf899bf789e48907891b6b89872e8d16564434b26d1dacf6f000128a4f1af4a6a9e5f715c39c9d5e439406_cppui_modular381), - fq2_value_type( - 0x0f2f7fa303476732aaff2408968bf1601840bbe5f8b17a97392b0f80564c172a680e57d4391be0b3ad0956249b86ac0e_cppui_modular381, - 0x10834cb16d1b8d2d2d391dcc898561eb902366947ab94e71661765480803c14d3313c0e779d6ac7ee180c8a5d3d32934_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0050fee93436b258b96d75ed8a8bdf8954ea10939d453af35c674c142b6b37a3ee3485559710aa4a8186d6cedb2eda67_cppui_modular381, - 0x1293520bdffa93f2f3bc8b6dce60a9a9559b82ab1e37d15f729fbb1298ce7f39f588f2232327e0eb469aa3c5fcd335c0_cppui_modular381), - fq2_value_type( - 0x16d2f7e0a50d7d6197add277fd1afc793923d4c5e1a6ea25e82715d5dbe49f5444534e229ccf9a46f310e3a36ff3d6ee_cppui_modular381, - 0x18657b26a4dfb850ec57bf05d16a552baf979fd4a05f92bc074e9c69a733ec75ef0547753cf56a514973afbfa86b3097_cppui_modular381), - fq2_value_type( - 0x0bf9573cdb71a0a4aa5487d9e9625676ec55c1e1a253edd667376243594d1d0dcbd6b59aa3d9695cccf7c70cc1e748f3_cppui_modular381, - 0x129b2ff95aabbed897e32e4e7f20f517a18e95dbe00327804eaa40f3b3d8bf7c5fef8f7f551a7d10bb04d8209960b287_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0fdca1b3741cf230901a1500496acb92e03636f6a2be37e00cec0c92a69388a62919458b7a52ed53893699e7f2167998_cppui_modular381, - 0x0ab068b3dccc9d66302b0d2f2539938ab7a277187454a514b91ae950a7d9a5104c3a5ae344fb76e92899c86cdba59225_cppui_modular381), - fq2_value_type( - 0x005779c1e4d9a60e0821566b23dedbbb63983f82aeea1156b33401cb079689f414f2e59a7f21b9f1867ebf0223828602_cppui_modular381, - 0x07c508924036dd76645ef7a52cc1b89a4a6f13793ffcdbb479fb8ff2e1b097736ecd7b27fad806e204a8c4f335e90946_cppui_modular381), - fq2_value_type( - 0x17a1083b57c1307a6355987fba76454a195e16e85557c001d607e1bc621b69472d4b2200bcc6ceb1a5f646a80d78e6ef_cppui_modular381, - 0x06011eccd873cd132fca77b92c6f805e253a2785a32c3a94a9325c003e5695af172011ebc02b61b2368040d1dc9b7ce5_cppui_modular381)))); - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> prf_gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x005171366c26279ac5d47d6803c2f825aaad9490de6040781b7098fd0be30c30444dab0b4d59539bc0d58101f50c222d_cppui_modular381, - 0x1596da39ea384a41f9d4cf7f73d663b470ad6a8be067db8e2ebadd696c747407ba0c7b7b918651a81aa9803ee0ba3d3f_cppui_modular381), - fq2_value_type( - 0x0db4726ea584a31603d0e9cbe804fba06efe0cb862dce77114134b415c54e03956715d6ee9669297c0ee8ba9f429fa2b_cppui_modular381, - 0x17c1bb6d8531fc5f1df275a937fb83e232dec6e2b2338687ae5050fed615e68908b68638fd36f2667e31cd33379d5398_cppui_modular381), - fq2_value_type( - 0x018c83967a068d0830c612fd98739bb62628f36e16c947d9881ab3b75e72aa12d9226927811207f34db9c5772bdb79a2_cppui_modular381, - 0x08a0a58011edc06d955cb5ac82e42d8ca1e7b1b128f71ec7ea889efba895c83b663d73d20c6be7455f0ec1068db0acb1_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07acc3c8d9dde5a9c62440fa2327140e5ccba6ed122e451120d43058baa88409f0144543b45547659ea80efea013f514_cppui_modular381, - 0x183c254ea5f8ab63819599cf3e78659bcf21b3d9fc184a72aeebb1d69ed4614f28d24892640223461cc7fd728988d4d4_cppui_modular381), - fq2_value_type( - 0x0180c7130567c7e91d538aa137f977c904cf3cb7b16b5343787ed68c818760eadda3388967c6bf3a41ee031b75bba114_cppui_modular381, - 0x001813f3652b1324b41043bbd5bf17dd5693e180a1d8ecd3224780b143b34f0ab7ac2c1efae2666f370ed1a04cfeea6d_cppui_modular381), - fq2_value_type( - 0x0e806940b799eefc2312de4adf4f2a0652d9db610c947e0f8884f199dbf186988334442c3922f4b0744b59549ee3f2d7_cppui_modular381, - 0x190ad4e8691474a919b7db5b171de455beab5907b83ba9615324a377143979fd0fc15099a68554e1bc5b13ddecabce5c_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x121df3a10a9d030535deceec87f4d7d02f340d3fba22621be9ace057d5d8638274a49dffc62625ec16ab8a5548cc0126_cppui_modular381, - 0x0706af71f761d2d7530b38f5ca1b30371cd956e08e61d8ab5d1835c6ed27274dd14f7ba05364491d06d841255766882e_cppui_modular381), - fq2_value_type( - 0x04e93d124763f316e135705ffbb241a67cceecd8390e9d84e7395d0072266597decd963c7131e1121c0531be40940e62_cppui_modular381, - 0x0218d1b77f39120c504fd90ddce3639e6db4ac0051f86e038f5b8b8ec330739f216b2ac5817aed016449eb6e2455df49_cppui_modular381), - fq2_value_type( - 0x15bd7423abe93e0d4bd59b88a98bbe693388753f09cfd9f0bb6132bf5e96551c84fb0f58c21fec746451de9cf99abe65_cppui_modular381, - 0x17ef1666d64ad15999e7cc3d30579ff3534d586200bae0dc13e3c56e3143382e42b82f7a0c690721ce8fa52a91a4f986_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x091b037c2292f191abb27f75277344a04ddcdf30000746867d58b3b824c8f20780ccd4eaf8556c8c41a1fbe3f60af39b_cppui_modular381, - 0x059a6d711af1463611e3d9b19dd7855586c3c0118162c7ad18654a131aa88917fcd7d7c2bd9895fd9f4db7cebf04b520_cppui_modular381), - fq2_value_type( - 0x0c0feea9e55599453b18c6eaa5efd712526ae447a7456c95b47dbefb772e480ba34260a95e2f3c4d650f5bdab16f8c60_cppui_modular381, - 0x149a6491e56b6544686b100a113aeee959b4d48452382e4f12a9b5eee23a3fc9dd14b623baa9348569feec6770e0a376_cppui_modular381), - fq2_value_type( - 0x12fa68da8f44fd228486ae3678ea271c17588f1b0e492b57194c40cafeccc97f3cf98b2fa155b222d51c22a9aa83a784_cppui_modular381, - 0x0524294bb2342b2dc9a691540aad0457867298123b10d754832d6fd1448a1156969f012b3e0d1ed20f6fd41894c74aa2_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0c3c509289e990c62ab18898995ba40d22e72151697b779542dda1afd3fbc4337b553bd21239e5da7f8d791d132bd24c_cppui_modular381, - 0x11a7bc72e5f43c95bf62bce9d50db6422e1fb99bf321d739fd0a191c371678a98bf52eb2d343d7ef6402ccc4d3ab68ec_cppui_modular381), - fq2_value_type( - 0x0d25da2f3b350d682122d7f06a20c58df74fb5705e452577c3a02d79e4bbe1df36aa980042705917600881de7dd1adb0_cppui_modular381, - 0x0938e75658f0f42811aee03c59cbb2fd171475da59831bc3ccae6817177f5e17fcf160a1c1cf6fb4e16da426841eb5fd_cppui_modular381), - fq2_value_type( - 0x048de0d2799b15e364e4e9ee673d3990ed54e33887470a399def55ade45cbca2ab7710cec8de76e96ab4478d08c19f5c_cppui_modular381, - 0x18b69a1e1a5a6f47e9aff310e241c43ba46a539fb0f5b269473606c2e5cc5452b0d1f3f7d20884c4861839bfd19d5acd_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x096dca135a39681e4a77f96eb458aa4ff8619b10d821a161b8d6c1ae6f94901e4a0c5872ccdf500da3b068343d5c3b71_cppui_modular381, - 0x13ae4d8578701cb3d0a1667e9bdcb34a3998b830f34cf59144257b7d5f2627fd4605fad76df08881d8606568e304ed78_cppui_modular381), - fq2_value_type( - 0x13328b5d3a12ec71b113eb5cfc0b25436334c568d9d9d37dd2b3fffb5b499b0f7b81e8d948f5bf658e80df366109c99e_cppui_modular381, - 0x0bd4fbc7b45978e25f138651e8405b149f193e7d91e15dbcd6895750bff59d7ef03caacd0834e0ec8fe4ce91d7fd3ae9_cppui_modular381), - fq2_value_type( - 0x0d9e6edc7abae46488f31bcbb84c1e49a3c11b431329c93bbee3ea5dd41f6de992144f9afc134beb8f79146b27a94283_cppui_modular381, - 0x0ae49b29f9dc4c072692f25bb40bcebfb3571e24964ac719c81d2b1d6e87b27864bd00d5c5f2f354402280dbe2466e1c_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x178308b01d2449c2fc2bc5a246710e96348332dec7a11bf37bd65338aadadfde22391ad18635efee715c21af503dbb86_cppui_modular381, - 0x0ba095f88702e8e3af0761fc84110c94b97fcd77c2c243bbf0efc2957db1ced41237ed7c82c0ed6d4eb463328ecf4302_cppui_modular381), - fq2_value_type( - 0x0a028bb3145a5a73f7df15ad564abaebb046d2b99d82e1afb0f7abdf93fe14391fa1dad638925b0e6b928f503366ac1d_cppui_modular381, - 0x03d240004d0c03eeb6f9196c1eb9a29ea04396e417630c3cc33311fa0e3695eb943994ac48ec5329dd3522da8ab5d802_cppui_modular381), - fq2_value_type( - 0x16b60cb32da156f52d9ad6b745130685ed51588d6cc28c165436cb0077bfb345a8e5aab9c7914c1d72f21af00c6d54f7_cppui_modular381, - 0x18f07c1330036d6a77bc30acf04d6b9b3479625c4292b47d272a6c138226cd15376a5100419e192292640a7f2da8d1a8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0ee8232bdbae78404fb3d04bb5d32201caa0dafc9352a092f6233441e83b1c12628eae989c81bdece1710050f414016b_cppui_modular381, - 0x151588146e9663110b0d4f7d237ee457337f49d9f406dc9eb15d9df1b459f8ad79c23ab8da378dbec738c5f6a6550570_cppui_modular381), - fq2_value_type( - 0x16fa3f7b2857db201c2b36eb5c2c63e0191250ea6489b5861211317cbd0a1411ccaa8b188478e941bfcc3baeea221476_cppui_modular381, - 0x0d22164bc53d6bb553e8f4bb778e88337ec5938530eb0b5015a9f3bf3b7b46b6f12cd52be8593f1cba4c9db167e3bc2b_cppui_modular381), - fq2_value_type( - 0x184f797a03c626f0a30eea9afb35122df2e635af1b2afeb214925078a9df88b22bddd1f55a01e6d6a23a95195833f8c8_cppui_modular381, - 0x0e4abc9f6fb3d17050ab9ae93a95056748c05da9107e7821064f2b1fd6903fba537d5274c5b328bab0cdafb60c651eaa_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x043c5330e71bfb5ce6e923795e7fb6d6628eb39d51498c44ee621425eafb326105fbe755509f9c6ba745d3d5b4415674_cppui_modular381, 0x141ba964279f3d5f4327ba04c4f8848acec479258e5058c8a207bb43a348de5fca532a8e310ae9c220ae4a0ce05ea830_cppui_modular381), fq2_value_type(0x0a456511fa23aae810d4c1f1112fb0e1d0b008789ae59481ceb9aebb976726208d8f2c16c1829aea2febb9f847bd7dc7_cppui_modular381, 0x023cdaad124e21466776864d917dcead85ca7463d668f8cdd92949c8ce1bf0a81ab5f49121b158e774e8d0835034f198_cppui_modular381), fq2_value_type(0x02a736547ae54e2705b324474742e88db57a5ed4defce7f5fcc129307864d377136b34c869610616d6e95d19d977c6d6_cppui_modular381, 0x093f31ac7eea687f45e8607e69963cc38f643d43ed16b11e3d752b14d39bfb3a4fe2ba4cbef01c51f32480e8f12fa682_cppui_modular381)), fq6_value_type(fq2_value_type(0x04d912752485ebc38bbbd88db6514050c2323cea025d9a0d0195ad7df76ef7d16c1fad74d04e125b8b90ea9115a42d1f_cppui_modular381, - 0x1700ff80462487faa02387867f3a379db214cfd25387e8de330a85948682b3abe52d9daee21f916e7c046f64c71113dd_cppui_modular381), - fq2_value_type( - 0x18978f46f9b0e1b9ca5fb3a6f9f6e797448ec2ea55298e1ddb63e0dccc203c013dc4a8e835ebdab0d6b6a749a959c4c0_cppui_modular381, 0x116141a2852dfe1d8975dd21cb938d741c73a17d8cd33cae69ccab7a0204e04b876dc7e013b4f0f24864b67bdd320fea_cppui_modular381), - fq2_value_type(0x13b8b123c4c4edaee5aab3a21baea04c5eb50036b402669cc73b564c330066c6187d07c9e13436420e9b9a35407d665a_cppui_modular381, - 0x046b9358226a2e3378d74be97e4f22801680ec747cb0148f6ce740a4cc8938c57e9266be7463c3656b8a4da7fbc6039d_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x1058b84e5a27670bb2d3975a9200d6828143fe70c994168e4a0b7423ca4559ac50b1e5390d3e5b1e352c213e9ede35f1_cppui_modular381, 0x07942b2f6ef470f1cc58a5ea651988fc9ecf22afcfa7814c975676920db6376bd8b0d97eb1ef411de8e1c06ed0219b18_cppui_modular381), fq2_value_type(0x0f674a4b6089aac668d72b1f67d76a8e0a1772610fda1ad4929a66eb58a551901c5f5677c31b2afbfd2d84405d6b5982_cppui_modular381, 0x0aa4db924381b8dc055487c067989b52a8ba40f6c7326410a94b5e05c95ad477424d8524cf73d32c9b59aef7f7342014_cppui_modular381), fq2_value_type(0x007cea626bb5cffcb9fa593ffb4acb127496b0874a921ba9825914dd63918f33beb5275d35a67e2f2cbc001b669b389d_cppui_modular381, 0x023725d7616717e9e5b1023fd7679f322822385141d985a36639d9f8ef6246086bd746fdaf0bab71de618c414ce2241d_cppui_modular381)), - fq6_value_type(fq2_value_type(0x06c2ac02c9ae1b80ca20fd9d0b1973068901dafab305bb4cd5dbe6f4086a7629ecbd8381a0192c668a89f74778f6a411_cppui_modular381, - 0x09410255a5474f331adaa32da5ac7d943769dc7e02ca6da68a020031df1ed8155bd2b2202687bfb78ead0e296cf4a694_cppui_modular381), - fq2_value_type(0x117796d2339c9834924b52d04d4b5ecd5bf84e3a16de827c1d41c9b05d4b135b4c97f331db019e1905f3fce0ba6968a1_cppui_modular381, - 0x01ba2fc7634da06460c8cda364fa795027cb5737c06c01dc49a87e82e68d341c11cfab86dc38e052cda17d64b771ed81_cppui_modular381), - fq2_value_type( - 0x11ffabfe4fb2acb09992627a01722bcd1a76d48ce85d435057a83c2251ca9c703bd99b75747bdfa6a60c057c13ee2987_cppui_modular381, - 0x00840059d1e7c3e8945b6332a1fe043786ed35c44395b9d06bc5549dd52d51262791306fb5b1a9254c5daf2955debc0c_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x125db7da1c1320cff1e4ca398f994f31735e7b55318ec967812feb5c7865a58d51b221582bbf3699dcdaa88bbc7f9fa9_cppui_modular381, 0x0a090237dc140a2c7db49426dba4fced4083f329e8d899a460e6a427005eb4a60eb507ff6fe234106d1d3711dc052e2c_cppui_modular381), fq2_value_type(0x0e753dcb9d994090493a33bd9eae55b5ce43f2185e56099385cab759b419dd893a3ce508fe7cfcbeba983e3ec18d928a_cppui_modular381, 0x0af1cb913d12b8dcb7de93d455738b59e1ff8b51d2c6c1d40dc081cd0d90b1b346977b7f0b44e355e13b85545f69e596_cppui_modular381), - fq2_value_type( - 0x05e7d476ebe1910b5e2ee9046b2d04bcbe0c09ce00cd98bb591ef40bb69e9e1bc01c2422977c758d620efb0617fb599f_cppui_modular381, - 0x0cdcf6b7a4459dbf435b5e6e765fd6cfb885dbcbc2f30690ca4ea4aeaffbd1ea0b7ad42cc4f3f7efd966f2678e092141_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17ecc804ae7dbc2e2e90d33e83d5c8d26c67001ed5015cbe0d46bdb4de877593daf02d6b3f2bd733f50a9c21cdf970db_cppui_modular381, - 0x08d7320155a5392b3959494b9724a025f6928aa155166bc0fb61a6a37889ee28d0fb0cba66fedb0fa2dc2cdf2fbace22_cppui_modular381), - fq2_value_type( - 0x15e1374a440336203fcd65b7f1366e9bbce40c40dd2b3e32eccd4e7b18043ea3ab5050bac9a194f4eef6533c71d48d7e_cppui_modular381, - 0x115559b03a9ab8ff9f720dd6ef0932ec598c24c2ae122274a6e43561ed133a4678d4c10aca79098d435bd5f3861e72c1_cppui_modular381), - fq2_value_type( - 0x0cee13761384961ee27a91b5dad2b439312c29bde30b8d7562807ec169e3fba901955a22bf02a5f93a45145b9cce4640_cppui_modular381, - 0x1619f34d7be4d7d44ddfd92628a454019a65b670b44fdf596c8e0f9cd2dc1c2c56e1eae49a8febff443c741a910b9141_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x14640a28c221e652ea01ac88f13413222ecf150224a43d06b54e6863f0b4e2ed40eac37c9743d163da03530a50b0b9a3_cppui_modular381, - 0x1665bfe57db268de177a93ac2832be895dc2d240dd51e4536a2fa6baab1401ebdcec05b608812863cdf11cac5fc0f895_cppui_modular381), - fq2_value_type( - 0x0b601e729fe2bde484de77252032bdd5ad1da0e76ab2429609e7e39f45f3058ec660b75aa05f39def238a9b8d704f7d7_cppui_modular381, - 0x11762f956a2cc35e122815486b9a1dddbeeb7ae516ff86c283c4614a9aeb6fdc5f6137f3f5ceaaccb270effa4a486ab4_cppui_modular381), - fq2_value_type( - 0x0991dbcfcbfd12c137dde4b2226814610a487fc377b6aef4e6faf018d1d10a453ceda63e09e873c417384d4dca0cfda0_cppui_modular381, - 0x0e8ca630d8d208e5717895793f812ba65c7b4a76c53c117f090e80d5f5e4f03422ee668046aff7f2cab22bbed56e866f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x11c74fedcd869bcd60ea6cacb9944a93bed3ffd8df88c0e81ff9e0489250b80422d03be3faa5387b0044025b36399326_cppui_modular381, - 0x16e12b97c6880bb714d76c8a81c5bdfe1fdd68ce505d4ba1fe282eec953c452205f51bae70b1d02a2b36136076c0b92b_cppui_modular381), - fq2_value_type( - 0x0667b56e01602eb46a7556d5765ff76f63208960c048586b4f98086976f70066a181ed5face372f3c839a8f6e85bd768_cppui_modular381, - 0x0a9ca4f64c590c63417d189a0495a100fd8b80c4d61c72deb969519db0d7042bd66fe5d4d59e3c34497ebcab0e7c8ac3_cppui_modular381), - fq2_value_type( - 0x1633288fea58a317df87690bef2d0905b35c3ec2c6a427d8dcb93b7018b2787bc48203cb6392b5cd752661ae75012e8d_cppui_modular381, - 0x0860486ea3e6f362e6588b58693d20e3d81eb9b65c85e24e201cee68f5b99b5059947c3717ea61bc8a217b70b31f52c7_cppui_modular381))))), - std::make_pair(std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x177e0fd5a76fb5c5f6dc1730cfef8f9db491d8811922ed5f993a561ae1d9bf915ce95ddf05ad29f9704045ec30b143dd_cppui_modular381, - 0x196ceb633fd03103e9baee645f893c8dfa471d629e1e7550ec28bb0afa6bcc50432249c022a703058e1ab1aa3f148f91_cppui_modular381), - fq2_value_type(0x0ec7a7c70901ad7c6e963983a5a7a125970ea281df5b021583170d85719b6c0c1e70c542f7b6c8c0641a1cab95213ce3_cppui_modular381, - 0x0a03089ac1cce96384e91fa94ed78c11ff939d95354511daa90cea93a37db8d85eb181df2106fd6220e04ab6a5783b02_cppui_modular381), - fq2_value_type(0x0a70b914d0f4959d9f132b5856bb8bb99ffad52cbb7032724a01edc39336345106bd1820d48e8ecdc6dfeb0c9fbd4b00_cppui_modular381, - 0x14cc1b39396d70fecb1e921faa0959e814f668a2fbae3ac77b249d1b05d9bfc054d299afd1696b690c5bec9067fb0d05_cppui_modular381)), - fq6_value_type(fq2_value_type(0x07acc35e4026e32f922a0594efa289955987f0f0b449b45f63ae6b32647ea69b2b9839e0284690576a25d83f63c74acc_cppui_modular381, 0x008131a04439a62e484312797930723559dc4431cd10b9048492948c681ed696e702fb06f3e708abdb2cd388a46f13e6_cppui_modular381), - fq2_value_type(0x0a7aada2f918cb35d88faff7325f99e5aaa9a08bb5ba0f17591c01b36dd4405d1116202f8b1785bbe8c176e9fb874ae8_cppui_modular381, - 0x18fba1e2686c2d1514ad54137aa2a6c071d3d485a9b91ae69fbac945cfa38f39b2e75b6b3a0c2af853124673c4b9faf4_cppui_modular381), - fq2_value_type( - 0x1075da6d4cc923fe0c419fb790b11804240bb6a1ffe4952ed0d9f59957224959355afe0aef326ce5c1047158264f104a_cppui_modular381, - 0x03897ecdd3b6e3a4ee6a1b819ae0660cdc9b6d3a5ec02f9b3f40fc0c8096fbb08d26fdbd8e4d269fbca2929f0ab0fb11_cppui_modular381))), - fq12_value_type(fq6_value_type( - fq2_value_type(0x10384944410ba651f8342133daa89073c2b99702715ceedd4f66347c6b2a76623bf5adafcf2790311b1a655f8775194b_cppui_modular381, - 0x0e7dc62df8272334de4499865060a458c5c1748b835bcd57bf8e6efc7bf9f64efd2225551ae92a66d50fea8d8056f083_cppui_modular381), - fq2_value_type(0x05b3cd2f7c2dbef51b1298bb7bbb2ed3f4b66e7492b3777043f04a7e946dc0537a11672fe489a9dce0babebe77a6445f_cppui_modular381, - 0x06f6a966c9ab97fa4c778ee4bffca9ac1bcf80e54fd78a82b12a3dd1b4a26ab4f24e1e1e91a076d4fc0307a8af29977e_cppui_modular381), - fq2_value_type(0x0c5bc3000c337811f9cb8a6004578be2fbe3910046e066a1366e8c78d06b054eaec95207e7e16c2ba8621ef1de300eb1_cppui_modular381, - 0x162a68a8e2b216b64932d32e634993367d4009a38e043c97d81320aed6f9120d5b5465236fb5a9cd13bf1190ee2434a1_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x0ac964dc11a324808280142f03ea588b96a4a230bef85617be3666c0b8ffd886678de41d2599eb668fc7a7e96637ac43_cppui_modular381, - 0x18d38d751b0b97f01737ab7fad6cbc9a3d12d7f7d4005760e2ea911f91fa5d037c178fc58e8bd96bd0aca508d95cf6b5_cppui_modular381), - fq2_value_type(0x1861ee37d6e6a406d5401793dbd1e48a67b8133e1851fdb2adcdf52045ed516857eec6a2d7ede1dd47baa0afba000fe1_cppui_modular381, - 0x07a19aced9ae096ef8af9e6d31b77ef6e4c115618169fa396abe0fc95d57bfdb9d6d963857bf4b9bec99a7ad3e96f302_cppui_modular381), - fq2_value_type( - 0x1320b632dd321ab597e52136bb8ccebe47b73fbf2fbad470a563aa3fa156ffdf1ed114f2364a5699412f9e406ca68aaf_cppui_modular381, - 0x0fa7a7b6d87063413d8098ff116e9984cde3e5d8f84a217701b395060603e8bd16020ec67a9eff6f7f5dcd386d749f37_cppui_modular381)))), - std:: - make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x061c2baaefbefe3f558e105b8633f05f9f48f360aaa2f736c318b93a13c65e1f96332e38c91b2d1376c36f32596995d2_cppui_modular381, - 0x0d84681c2abb8b041831db5f77a977ea6c10a775c1022a664064bf6d486fe0257c02f15f59ca24128e0c4b722b6f42be_cppui_modular381), - fq2_value_type( - 0x049ceac4612ac5797326d863ddbb413adace9f24f2c7ab7212d781e74d2a4289ade78332f0a32b2ec7310c4a8c854f43_cppui_modular381, - 0x065ea06e2bf55ab3e275ded870be62058c167b3a4ecaee3bc87e60c3a2f4479f00f26ef277541cde337bcdb0690c567f_cppui_modular381), - fq2_value_type( - 0x0e8796c8e3c7377a7404d4290de1bdfc3aeb8cd6652499b2e33683fefc9372d237aebe2d322ebe7ef8d4775da1b90621_cppui_modular381, - 0x0e43db9d0e5cc8a0f265066d88be7b0e8c77230fe3ed64b2ca29728942973dee7d820c496ca0f8f8573305140c9fe9e0_cppui_modular381)), - fq6_value_type(fq2_value_type(0x05c23dddde09e67de1fa9826a8fd112a83bde34553e1ecf75308a865c6e6a3a6af198dc6c3dde019013c320f1df73e51_cppui_modular381, 0x05f0c90ffec97a61d5ddfacc185668f61d83e2474ddbf27b6b3fbd189eae7c89cb2977f60ec64034314108b10d54dd9b_cppui_modular381), - fq2_value_type( - 0x10b2e24e9f12e0a4dc72798fe58ee46c98a15898f601ae907258d9e4e17a7d0658f409307f1e1d03b2794ddfd231cfa1_cppui_modular381, - 0x088df46efe6ff738b01a480fdec339ad6c1d63e8f8f59f036db5f401129976b62abcc21b54b100cb63594345f15cd944_cppui_modular381), - fq2_value_type( - 0x18fce451ac171917b5a635cee8d6dd1a2fa54e6bbc7c51d6a33da55f99a28ac38e405ef1c2837250e293039e5ad17cc7_cppui_modular381, - 0x052d8b5700bb5d61103a4dab1167117bae116db7be271f87361e85605200667cab269b354cdd109cc2f9cca44def58bc_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1342152652b7565fc3967db9c1e2a1016706a16f196d465133ae7f70af663f1d189e1faacdc88bb1a02346d87aa8bcb8_cppui_modular381, - 0x0ea20b92c2bcea5972cec24b5fd872b2ba8b99693b81369a16a0487fc2c147534cda919980827f9379887c2ce13e0759_cppui_modular381), - fq2_value_type( - 0x02c70d3946ab946d2d0ef16d0e2abff83210d18654c20fc48d5d31b33f55387c253935efdf22c7a568902b7915516295_cppui_modular381, - 0x18f7b897dc2bbfbf6442a79894dd54dda9b4ac319686282668ed52b1a39293d90c69ee9f8e501fd0f94224c0eecca66f_cppui_modular381), - fq2_value_type( - 0x037b3354eb3e7810fe2498a299173e82acb2f42400b004e97de842c1e397b876c44f023cadc7049636f2ee58a49e73ce_cppui_modular381, - 0x175f5eb8c8849882005291192fae39e67ed2d3acbc597e0eaa4bdeabb3649d3dc6f25996a51fd796cdf6b6a896e17c21_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x04018918fc2651f3da38fe555b0b0fbb97a0d1876c0e725ef4d15c6d4a443bee61208c6f824a9f292f0e5d322b891811_cppui_modular381, - 0x0737645e400120e4383af41d9bda3a4d4474f01ca716968ddcb97550ed166b2376fae234dddea9d344df04752c457fdc_cppui_modular381), - fq2_value_type( - 0x0fc9dbcf340265515779ec9fcc1439f579b6ac883d848caf41c431f7bd869fdcd1ddae2f9b24e9128b63764e06869339_cppui_modular381, - 0x0dfaa1b73b35aaff7ae7a0d748934b839c2f89b0d98a753248e85d54f650c53e93c57f0c7e046eecd88d9a1871c398a8_cppui_modular381), - fq2_value_type( - 0x0cde71dd1d338f0890ef4fd6a897e806b7bf3ea795331034d13f3f97c05433f8c8aefbd13e5632209c91d656f2121da6_cppui_modular381, - 0x0562d8702ef0a1fc40d7b25c7f1eb322427b9a73aa899f32500e9dd84196ff6c3551b9ceb8b292cf169be9dd45b2bff1_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> prf_gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x10ed67bd0b63f67d986834c36ac3f2037ba0ad90201faed858f9eac88089d786542a130fdbd51445f87560708229fd99_cppui_modular381, - 0x069e7c8268cc30fb130f4dcfd6ef0f7060592f56a56027de904c0bda34c81c01168f4650f55fe0b808d8597a88ff7521_cppui_modular381), - fq2_value_type( - 0x196b6880be4af60aa312387b6a98e0b7c043c40408d16907d4762638ee039e63fe4e223d192b0cfa9c4a05257283f24e_cppui_modular381, - 0x08619e5d5c45dc91d6a9a74ffb540bc7da63680a8b407090e5ca0b23b706e0ed96fd12a108cc2ac7d7a18b2649065778_cppui_modular381), - fq2_value_type( - 0x0725a15a2ab090e49f90f4a6ef1f1598ec05623b2cc3e97438fc518132a8985b883429f24f9ca53f4d3ef431f4f880ef_cppui_modular381, - 0x00c2f0276989afae607a6970d57dbdab344b8f4fefb5a9b0c8c7108bb03e00628131a33484bffd1a7975fb9a7f459b5d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x133662f7dfffd9149e01313c9dad9e6833af6230d81bdcd15db9b43606f0514230f791fdb0565a64927f3dadd8872e89_cppui_modular381, - 0x1407357f60dd7516d6c7a6cf4a108335c74bd99912be2888cdcd89d1f2bb1c649191d4e336496563f96fde9b763ae5f7_cppui_modular381), - fq2_value_type( - 0x10208a198ef7b0af86e4ff3a458d9fca1a7826ffbb7362f080fe1906dfdc9d90b3877dbbec536bbca8510677e1eb39eb_cppui_modular381, - 0x049e35694c813261d977fd4ff1293c4e8370c2dd44a74e4b301217a8bd934218daba682b087adceec9f78450bbe84675_cppui_modular381), - fq2_value_type( - 0x17524ce81161cdaf38749e98c31fb443ddec79499f902d3ed58ffc0d3dfdf60a3b0f4ce07912e44262a6c93f1f160822_cppui_modular381, - 0x11c26beb7dfe3d670cb69fefd4aa9381527a4a792ca0b6d4da6d9c248bcd665dd7672c225416d0f12a853b69fb312141_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18c6d2d4bfc39da958a277f912bcff65ae340b41d757dd6641a8857a2281f070fcc7129de69c812340dd38fbaf720085_cppui_modular381, - 0x033d45b33e0342b7ab12bb7bc0405c77586bc91be194e5d15cb5947e054d32ca822b3aab958d33692d1c5dd802e0bff7_cppui_modular381), - fq2_value_type( - 0x11d509da92743cc89eaea024bf0855c7d4de80a31f4e210c77c4366ab80ec089cf81be0059560c6cb83d54a1fd851bf8_cppui_modular381, - 0x141669a31e8e65df813411f59ce80ab387707ba43157b5d2753c41754e93aadb0cc45566acb969946de3b0c6a841ef5a_cppui_modular381), - fq2_value_type( - 0x061d99684ea4e2ba35b4fedc26f6b4359809302934aa36ecabc637586e0d181fa369b661f44f13b51cdecabca0d5f73e_cppui_modular381, - 0x0535d73f27942ef090b917193e7659d4258b3d041318ea04ec98a1622b9b5edc7ac1a332fb7e84c20165714ef9277a74_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07329eaedb32ac2ba5654e50cf496a22431d52ec3cece7d8e648bb80e4503841ae2ba7cd1bbe8e71859a2db5ef16cf1d_cppui_modular381, - 0x004c6b8e52b346ae6bda69785a78e50af1a6a13789d657d899d67af8b81016b8fbe706bfb416184165c34bd9a61b8f32_cppui_modular381), - fq2_value_type( - 0x157ba424ce6ee22e4f37a1a753762a001e381cc6cc54dde88cdcd0942aa7a11567d296308b48f717e988b6d5ed72f9ee_cppui_modular381, - 0x173acb29afcc9a5c88c7e973c38296311f68973ded3122e07cbec75fab77a098d5bd8fc57715c61f1cc3491fb4ffaf3a_cppui_modular381), - fq2_value_type( - 0x060a19f034eead10945b38178e607dbcc5a387ebb31c7086aaa7a6ab6438f373ba99d0fd2773e07ffa032a7362615787_cppui_modular381, - 0x0ca399f2c2b37c7dac9601db9f0c008007e2f7e5374aa35ff9c99ee63aff30b41c294d78ddbb879b4993dc01502c67e7_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17b81ce7baba6489359718e1371b0f18fdded1bddc462fe86b1469b43aace1e7a86d39697d9a47b11a5af4e9d748d4f6_cppui_modular381, - 0x0c206ab61781143b18252a9bbb9cff5f6ccfc319476ccefffaae72a5d0687d3d540e52add9fc8886e392bb0975cb03dc_cppui_modular381), - fq2_value_type( - 0x135cdaa402c73d5713a3622db4472ba5bce78fce57768bdfc8ecbdb13b638dc1c48e3b65339cb775b987a7e50df58860_cppui_modular381, - 0x032ca67e8fe7e72fc196f28114122bbd4aa78d84b27639368013e9f38d8de9863bd1b8bdff0df64e6558782f9ac28683_cppui_modular381), - fq2_value_type( - 0x03f635a0c4e3e4a263519195fc11e27955fb5ff7e7bad1b3bcb56f7997935eacc4f32eb339e7e942b5b7d4547383e0ec_cppui_modular381, - 0x048947b762fb9d8a558a4b95cc96d2d8060a4f86a13457ba96a344f65731db1f2551cc2635e767c0db53bf2de26ea548_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x033442ea170492e958b9a33e4dbc95680d042ba05ef1c36fb81be68481efff3edd30b479390783afa5c014e5660b0d21_cppui_modular381, - 0x073eae137f43015e8290f409179534808d18f8b66404dea13ecba290079123df9c6b020758e2d7833d0b0101b1382552_cppui_modular381), - fq2_value_type( - 0x032f8b18afcea0e4a213e2da1868b1e80daaed10e714a7b3a778656f8fb46e2620feb23a93ac8297693d7bef98d8c0d7_cppui_modular381, - 0x09cf66fc553943fc7766cd86c871241d59c3e5e20df45e6244ef2f1d2da9442afa0fb86e4ad71c4541227ce47002cbb4_cppui_modular381), - fq2_value_type( - 0x109a4087f5d8ddd8ec10410111e2f8dd0dc2c0fa4975451452f1cd391980b9888f2b19e634f40affca3d1b519ca5fad1_cppui_modular381, - 0x0386402810c6abdfbb7830cf4cbe52265f4ccad3a1f1b475be7607a6a4efba3aece654b159179b42dd016eb58ba6f0ae_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1080b5e8e167517cbb8bb80d3d72fde629b6e29bce4b2e83f0034776d59602a42c635abbbe0096093509e64f8fb20280_cppui_modular381, - 0x1521526af8ac6a4eb5614b890f3d1bd0c5afcfbe2fca328747259322ae795ccf327d96dbdb61af35a4fb39fb9910ac5b_cppui_modular381), - fq2_value_type( - 0x0f77cddeb9f28a92418b7e8b2f0e47d9750e13717431e02cf02c095a23ff809a6ac6d245e571c2c4efe7c0da89ae486d_cppui_modular381, - 0x0a1bb04516c45c0a8fe0ba08b2cc53768f7e8af0dfae460a06e1c92c066eb713cb5ca34a0a1f8802b0c6250a38391e9d_cppui_modular381), - fq2_value_type( - 0x0a93b752ea77031c398a33a21532ea0e4a0ad8110143fa0862aae8a132a43e2ac6dc671c78168a6108fc1077a81a5e4b_cppui_modular381, - 0x088578395b91e1894e2fa3747c7677d6acc11caa51dcd4d61a61bd1c2e71d3a284a70ae20efcbfc733b7f118dd90681d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x190a34b49778e6ba7764d4c6d950ccd6ab2234cc1d0c4b93f5967069af0b5b151c872980ad0733465b3d713faee35d56_cppui_modular381, - 0x153bd2d950a0f875cbee06d480e6a52c26902f8388168054144b830e98316c0537a70d455ceaf4abe9b58e6f596bef98_cppui_modular381), - fq2_value_type( - 0x1115454485c7c3168cb035d769fe52cd684fd3612380897d704c81cd1d6dc4e08f1c7bbb57688964fab096dd2c5352d2_cppui_modular381, - 0x0b26a72372d226e1aeddca8897a27c5325e162c04a70a5daeb4e63114e00ff2977306c3dc4f50a4c4a284100078934b4_cppui_modular381), - fq2_value_type( - 0x193d0c11752111f9fd767602157d787ba295facd0425a278a2fe9866242d3d030101e228846e5bc8d3be897dac3993bb_cppui_modular381, - 0x074918f35c174078c7b30274c2cfda335de1135400206ccbcc5863161a9c1e87ea8b44605ce6497d46670c7214f92c47_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x00cd02b53f694b1a851bf0df1aa681a0f853dbbc8e36075bb8503428fffcef90a2bcca8cd3cbbd85938d7693cbd8ee95_cppui_modular381, 0x140feb6a0e87b95e1066f986e61bcf0e155085f573e3ce6953e9f6eb7bf0da43ff944ecdee49e4ff07c6ef371fffe69f_cppui_modular381), fq2_value_type(0x11bf6b576dc85512297c890d7db6094f5adc3de7c58daf686e9a681085b4152685afa64b2eeacca3f473026c48bab1c4_cppui_modular381, 0x17f685f39ce930a8a4f85c711540abf6e58a0a55291fc098430f10673f6a235f043d54fa7f30bcdd935f1d048a9d38bb_cppui_modular381), fq2_value_type(0x0bab1207d935191985ffc605354c309f4ec6100348d91b77aacdd2ae5bfe51e87eff8474c0e09bc9b0377a42d9ab887e_cppui_modular381, 0x066e5659b0560951d0e63e640f317bec0d9de916f701ca3377fa8a1f1c72001808d04c3b78597d7fcc607b66dbe4ab61_cppui_modular381)), fq6_value_type(fq2_value_type(0x0994bbfeba3680f607ef688816c17a72b1fb08fbe3ad6ffb6bcd3fbbc81b3183d61949fb7a77eac59fc33bcbf6a40503_cppui_modular381, - 0x185a593ae89638d8578576309bfbb0ce53ae66c6af1bcf28bdc6d815678852cbddc7cb4630f44b79653f5de0799b9673_cppui_modular381), - fq2_value_type( - 0x066321b303ae08e98a656e378e96d3f2abc4fefd6b39a16f161ef9b3fe8e66b2b7b9b97f58924684afc97143681aa93b_cppui_modular381, 0x1798915ec92dbf49b578aae63caa938f047374d7843afb9d5bd170fe194d3eb4bb57882890ef084cac5690bcc578e53d_cppui_modular381), - fq2_value_type(0x0cef8f02eec0326fb9755a9b8bfbeb886733a796d21692d50d60d2a9df64ec12a1db908a2a9c041fcb5ec2d10caf4a49_cppui_modular381, - 0x00ba17d787706ca24dcb7c04504802c4cfd58202c5b18e816407794cd62e1063bdb9f7528e12a0d5ea770a9947832298_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x06289e93e44a1f090a8e6d8366d6ac723ea5082b349a1321b1acdca8e1902d165ab7e84861286795abbc6d848721e44f_cppui_modular381, 0x0d68f1fba4098fc6bc57dbecdd318862dbd2d339be6112a036abf3f8fa98f33476334540140b86bffecd9883bcd5f3e3_cppui_modular381), fq2_value_type(0x0e6a6f08850c16823f7511758041ab52e3727cefe624150e5eaa3fb96ac80ffd55805de5259dc8ac81db8788600f0b1b_cppui_modular381, 0x092bb3dd5a6865c86e050ea7414823021cd7eee3efd6a40d1e59f84f916af3b49fd0988050b9b669b8a5e5c353a0cab4_cppui_modular381), fq2_value_type(0x00aeada84f5d058c3e44a7c3e90a8cb5ebbd5251e5ddd97b72f757fd20f4fdcc39f4172fee3b8f543061ffecaf536eda_cppui_modular381, 0x16067019047eb683cf3a271d6d8f544bfdb4cce61caee90278c7ca6c7521e26e3d3eb2a112e25888ee7306bbe7cc2dac_cppui_modular381)), - fq6_value_type(fq2_value_type(0x0b86c9301cbaec27f72357021fd609cbece937bd247d4d3613fe1c5a167467e8c646668f17ba22f3fc77a8ddbc7cd64c_cppui_modular381, - 0x053eb955cbf20eb9ccbb8bfd136632eb1628c9667a2f87218424229945ce42ad4a01b855bbc66c7f578e4034e889ffa8_cppui_modular381), - fq2_value_type(0x07733a893ff37d7d9e53a6155733406ba6e1931ae1a802ac632b540fd3e0cbbf6a7863d97435c208960767d8c03b539b_cppui_modular381, - 0x1580abf5c7aaff0261a561a5d4cb7eb9bef8348fa9fe3dc8f1365db10470b2d9a3323353adfe2b38b90c4a9367ffb255_cppui_modular381), - fq2_value_type( - 0x018fd046d712339252313c04626d8ddd34f56b2f4ccff59f58a473fb211e4c4eb1576814fe464f6cc31335a26d26d1e6_cppui_modular381, - 0x198de2cfeb262028d3eef3c51c84cdaf9bb9b2298d3180b151c85e483ebfb84bfa7f32d74ab0703d43422b3de6e298d1_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x091bf93f93eac70088ee29e573218f886f226634d357d4efe0dbaa6735cb2d8770348507678576c8f4d4982cebf40712_cppui_modular381, 0x11f16a79384f02bf27f2e673113210e648e710f0a2bfed8b8d1aad8f582b987468621fb8c2e5da00f4d691ef1ec3ceac_cppui_modular381), fq2_value_type(0x154039a51d7ee64e5264bc45c33d4fdbabb6c4ce9e341d10a8912b1fc97989ed92b1cd4e18951128a9e9ce78bc9bf874_cppui_modular381, 0x13073a917f2d877c549d2d42729d04b22138585079a0d5a88a19d49102b6bdd2bdba6de292ddd5164d74cb2fb401da8c_cppui_modular381), - fq2_value_type( - 0x0bd604ae47c5f6d4f955552f78babecdc486a02329fd0c4489abe6f36dd5bf827254fca72c612ec9f05d0f851752aaca_cppui_modular381, - 0x18615c8ae7878795c04447c06b6343e2a2e6548068c2de684305b0b44a9bdf1127cf6bf93206d592e511f2f39400bc81_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0fdaa6abf7a0fe05b237f50dd4b367a3e7471cd77d1109636d8f72fc1ff04c1731757795f3f5f4df93d06ab00bf26e4f_cppui_modular381, - 0x186d3be356d9531fe5157e3a763cc110945b5016e818138794debb1fcbb0d78a286a1826f6da770a4fab503827396938_cppui_modular381), - fq2_value_type( - 0x06e0263f268d519d06291ab508fa1fe19183d39fcde48c91025ccf9d95bea6fc2d430142cf6d4d6e28cd384997f8e4d3_cppui_modular381, - 0x0f35e28ab5138f378f0b48c8755ec665de57f5e5ba62819e4ca0b11dd2905c3642b2b7165649ef2b4fe1ed338fa0a28e_cppui_modular381), - fq2_value_type( - 0x00503cb86c324e1a2dec2655efb336e06a4f4aac1e6fcc0f0be5a6a2fe564ddd696c660d2f6bc42c901267ea0a34e8d6_cppui_modular381, - 0x09455e38db2072edcb7c67cd308111f99108f3506f92ba29297dc306bb79dfe26d94b7da0c572d2c524dd76b47c8f752_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16c5825097c134fbb314ff272bae3c9e44d8bb53e3876a0c9862e4c65916991dc29fafa3d679fedaceea2734fd2d7d0a_cppui_modular381, - 0x0be1faf775b50b9f3fec8e3de6d1251b8bb88d3d3026ca3710ca206ee047a935c438d9dca2c9dce874ae95f8e4b6e8c3_cppui_modular381), - fq2_value_type( - 0x025bbbb4e3f42734ad89afd255a86d4a7b44fa67b3151ebdbaf3258af574ec61f5c129db71eb1b209cd0a33e49b950d6_cppui_modular381, - 0x15416a76fca7b035e9dfb0246964bd6f655607daf43f8001cd5d2b933f0a557991ee51f78e0e40437f55f79e47f5e0b6_cppui_modular381), - fq2_value_type( - 0x0252ae00a3724d005d21741a17a4c9299b0907715d92bd8c9981ee9efd9ccf54c92643a07968187e606996d8504d3042_cppui_modular381, - 0x11a37ecd4bb0d04929cd199b14e83eff0b320f4be3de4f088346e2c80ed84407cc3f76e23f8cf2f2ad54c22f9bc4370c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0b8937236d70b06038085128cb755a03718e9d221f9460b7bf6b920bac9ef8e1a6433e87a6eb3507341ac79bf6810128_cppui_modular381, - 0x0320165b7a986f8f2c0927e6a63bcbb40167c42538d01203d7b5d2d2936fea2f5b9b42bc939c110023d9c3c4e68e8f45_cppui_modular381), - fq2_value_type( - 0x02ec7a67197bb1c50d58d53f34971c1aa94ae5a92b74dd498317e271c287d72ab0afb385a10e5f097c2f0b6d5c1c6508_cppui_modular381, - 0x1797fe9ff1a58c3bc0c2cf9967ddfb8ac5ae8b948fc8a077775ca0db525813efea1c9ae4413d0ad26f7b53266ca357dd_cppui_modular381), - fq2_value_type( - 0x1365bf62a7178f16169a04a03f3bc34cfd89168300ac68c8d794da77f418b51641dcb175eb85a33228b911009f251286_cppui_modular381, - 0x13250aaf3a30b2d5588d207ee2d63fe285d465f145bb929802bc7b6f6ca556d84252cb2f0fdebd97df436f161c8476e5_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x08dd0baf4cc4c55021fdbf8bcd38d27c83c32f1a8f2420e3d017e14f8036029dce4b47960f4fc8fc6bf7afa91be69786_cppui_modular381, - 0x06357e6e9524296b36c9c6cc5af30b2a0c1ff45578bd1eca61121b6fd0966611819af112d55fbcecc4cc71da7d86adfc_cppui_modular381), - fq2_value_type( - 0x0f997e9e9d34738cea97c195b306d07235767cc63003d60af6c6b18d030c6bc46ea928498a3f7ba96a7c327a9fe34ebf_cppui_modular381, - 0x15444304c6d940d83e7f0dd0e0ab9f528d82738726089da10300a6dfa1fb6eb66c4dd760ecae1e75eeaa48ef6eb29103_cppui_modular381), - fq2_value_type( - 0x1588fca489c1c013a9e78dfadf1f0b126d9a1764a99fa0478875c7025f90f4827ca8bb203133b795a0aaa90df34e3699_cppui_modular381, - 0x1485952c24f16f864671b4d6c143ef8daef69d402ea93acca4b3c168349b20a820c3ad32658fd3c89515b676e8202356_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x11c90fac4fc1e3908a484c66f320547ecb517db17c62d9b9d8ec4a4a57aa98da490130ab59b93179ed5545d503c612f5_cppui_modular381, - 0x10300a9b011ab7a2834ce2dfa93830aae20e4b85727d28ee5f5b59c24fa453eeaa0ea4a78814d6c024ba17c986e2763c_cppui_modular381), - fq2_value_type( - 0x0cd16d4877b9e65b377fa9d3b47d8cb5a5c0ed0282bb5a4bc5b2a60beb12fcce5ffb2f9d75d6bd582309f65d75e06c79_cppui_modular381, - 0x03396813e004b74711e8285b45e809f3e2833c9895ccfd30afac7f47dc741ce5f4a9cdd28a2a8f2e257cddafb68757e2_cppui_modular381), - fq2_value_type( - 0x0e5076adabf1e281e5ce7d000f43294dbaecf2842c474a8a06a7078652145ff376182743d11289ace4ba83386c81f572_cppui_modular381, - 0x0a6d7c45532b1a5ec8f69c7cd4ff78bdc94a7a3d00906f7f00cbbeaaaef4cb574c05587f617842c130bc42eca098af51_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x159f089315703e2aefb16fa4aea24c64838eacc7310edab6f77ca2554d4302b5570511aaef4d9d751d316de4304828ae_cppui_modular381, 0x064244a2309f7fe1aa66bc9df4a337597c55e5791b5b02ec21ff0eb8076c4dc8f87739409afa3b6eba77405bd0b313f0_cppui_modular381), fq2_value_type(0x0ef9c735e1af2d26a684783ae0b730642fc0d3d691f5998fc854c73643001709530f0893e49a258a1ba0cd3ce0aa27b1_cppui_modular381, 0x09e25b9707ee53b9b18aa441368ecf0d79d4c9f464613a17cfe869bc094e9ddb03b6b8dcafae03413d888edd8a4de865_cppui_modular381), fq2_value_type(0x0ea2624da7a7def6e791f0a4eb3a9f76f66d861df5208ffa4c37b5eefa10d5f2a82d059c7002f1a5985ffcac9c2935db_cppui_modular381, 0x17a94557a70dcf590a104eb033a2cc92df7ee0135dfe21c51c6e197c6432ce32119d745e29d6a34e5e61c8b442446288_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x01dc01a6745a3944d241ff50c00646174c842e1c0027819be6e7c1826ffd9cf44d7d2ceca1d7f27e76213f45d6b7e980_cppui_modular381, - 0x0f18ce5e2a3dc1a4f8c1f2ff9519c87fe386138b6eb6b36bdafedf63d43c206c4e4b34d4ed919f220928aef9efcb467e_cppui_modular381), - fq2_value_type(0x18ccfe922cb1f77adb6b24ff40eb995bd54d522629395b3929f0cf98a3a21c6442a41b9f778d78415957d72dfdf8ba43_cppui_modular381, - 0x0eafc73663c4558da4e54ab01551a9fdafce32f5c56992e11c3c85b89c92bcd3cb5e3649fd60f35ca98b455455604ee1_cppui_modular381), - fq2_value_type(0x1143774b3ef69def99f7d4e2b1e971e581c538e6db2d01420b1037f169eea9c0cd9d2fb4531b735d35e265ee186a798c_cppui_modular381, - 0x0bbc868064be0ba9bae5804af675a0927fce83caf64b6937d277bb7d7d7aa1ce3e23ada0eaadee28c326b5644677ca38_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x0df1ff4f82018bfe1cfd879bdbc8aa66f42d07e78badb345ca804c320e14b593f55567aef00fdf6ada5e096ae38e5656_cppui_modular381, 0x133d5671ff5915bb541937c6f188150ed7545041d34138748de789a72cb3f48fb9461c3d3f737a3110c242225fb96d38_cppui_modular381), fq2_value_type(0x0edfed06e1ea698794252092f1968c4bb18c7ff388b70db9e7f9b1b14f690581ce50d1020122e157ec92e1144649e81f_cppui_modular381, 0x0f1c6ed1e65a9a5bf4b84e0eae5e0a18cc701438966aec2643ced3760266ddc54c22dc5a421111f62f66038d7b552a2b_cppui_modular381), - fq2_value_type( - 0x037ecc3d63a0a1df33aa8ba2af6dfe2f63ea0418ddda51c7f5c3c19b527704d2af48e6af9976bb6af43bd866b041107e_cppui_modular381, - 0x09cd0a0635f4723dd6401df07f6da09783ef8ac2206fc2eff5dd69d8daafb9d0514528751fad7cd4fbc5280021cb6f0d_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x0998c7d54a67abb5d49438a1c964ba41c97443b500c6f05578bef4656e34549078d4db7db82f32cf104c7583cb59a30c_cppui_modular381, - 0x03fb13d0599f286d73197fdc49ba4ac17337a19b7b3e0034c28aac0b29ab14923b5d3bd23953d607c8761ad2a74292f0_cppui_modular381), - fq2_value_type( - 0x11c43bb1b8a41d198101012f2c87f4248d4b0a714da37215dc0dfb9d619adaf8afe50d7cd8a8675d3f3ab828150d109d_cppui_modular381, - 0x16579444d29882a2471491f2bd413914bdf8afbb6646d3f6c33c0978c31bec9919b5b6fd08f2f218e0c1634e296dadcc_cppui_modular381), - fq2_value_type( - 0x0cd273e525a01b0ba847beaa413c1d87e640a794185575deae98f4a4c32e4e36386f0d2478be6cc3bcb41f9113e99586_cppui_modular381, - 0x04ced2941685b97a5fa763c0df6c8e41bc53700bb7334f7648e9cbf51fdf637639f979e481ff4b5dce565ef623746b6b_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x164bcb92b4ec4782513bc30c122be365c2e74eaadb0035cd621988e6b1e1a5b1035ed030e3c47d8404ce13eedc36ddac_cppui_modular381, - 0x16e5a378b57a78724c00709036d075e6dfdfdbc52bf3f697fa41208d76e88d862111da45bcd4f7ad2cf1e1f63f99ded3_cppui_modular381), - fq2_value_type( - 0x15ca4c2066a322d885a0715b589adbdc4ff08c6f3e73e53002f04e88ee1ea2483c4fa81a5496568d1e9ebdaf5102a4d1_cppui_modular381, - 0x078d68ca700bea300310148e86b2c5e67b4013cc4326ae76f047047bd6a3f17ae787aa98d89b497b42da073f8e900da4_cppui_modular381), - fq2_value_type( - 0x15c422b4b59d3641675e83294b50080d353c1ac882ad5dff9e169f295d564167d406b6a781c4e860ef02bd6a8ccd0c9c_cppui_modular381, - 0x0c71c2aa2643a71b09d3ebd535cca5f345abdabef6890a2f9f9d5cc2eef1559d11cf81a90aa3c84394f334871cf4f0ca_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x103d3e9e7773178bac69c29aab093a153bd0c4a2dd542f29ba1e6e8df906d81fc09810b4c6e9e6006b3f15d43f101708_cppui_modular381, - 0x1428ba2ee1704eddb5bc89fae3c1e6914a5a30e5588995a892e23bcc242e9950119f6886bc6e4571ed685021545a15d1_cppui_modular381), - fq2_value_type( - 0x105fbc5a3bdc0c5e23ee423a142eeaa36144597bc119c98be7282beb7ff79c5838afe711eb7fa8509a8d52d1310dd1cf_cppui_modular381, - 0x0b464223972eb42d4f7b327e091fc31f39448e9717ff457c4dd3cf01b6c50b0671f2b1b1d4a6ffe357d553de02a6500f_cppui_modular381), - fq2_value_type( - 0x0887d566eaee0c1b5fbe3f023f4e069f542d8f09aaa8934e6dc9d82e11b5e5b0a0f183dcc830961a480bdb77e4008a1f_cppui_modular381, - 0x093fecfd59f5c1bbcde139a46fb9c60ad42f4a3a7b216b356986af0a5f2a2736c5f55aa36add7d423673a6a872e1aeac_cppui_modular381))))), - }; - std::vector> prf_gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x00b1aef1e45160612cf1c331d72fdcf90a48a792aaa6bf6ba4fa461e7ba278dd9e05b7a8d6f69de7bac3475a3a372867_cppui_modular381, - 0x09e2b087e9e3b05f570484e4eaf709932adbbd951ca67e1a1908485ed074d39428223fe7a38848268aae3af9eb8ffb5e_cppui_modular381), - fq2_value_type( - 0x19f2ea85309809b27d841c578def76fe8ad526f4f8152892532194e4c1aa2b2f5528d8a2100659389c56c56a8b0ef721_cppui_modular381, - 0x1265e45cf8861d1fcb8d2b124947d04f26f6c7f6a25983747ff3a13c2b7cde13916e72a2631a826fb129325250ae8307_cppui_modular381), - fq2_value_type( - 0x14fefc023f6a08955e8193f8c88f510ef170faa5dbc47a17af6092540a5596d6a4a2a3a69d3e2f02a8af0c59f8b39f28_cppui_modular381, - 0x0b530bb9baa032ffbc4e9b4d5c379d56c668593412c46945f6ad87dd8ef05e94248357ff853ea03fb5529e3dc2de197b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x157d46ed431d4e40e9b159e0a15201eaf1d6d45a637282f4ed05ca46a7a3ebbb3168150850f155460c57b05a61ea1db2_cppui_modular381, - 0x1777f0b6a46363c415560afccd64b00ac785031999506270b92a034473e9d282b937a44ab384b298c776ecdfcdc60fe0_cppui_modular381), - fq2_value_type( - 0x01e6d08890062215a1e63ad250572cccee5d840a56d93de276c6bae17353e8d98d6cfb2cb9ba62ef75ef98826fe4c7d6_cppui_modular381, - 0x04764c9adabe8ad8b8684d8d63c1581e7ab3252a9b9edd961fb1be840eed9efa46e675961cedda3b0384c29d58c6a17a_cppui_modular381), - fq2_value_type( - 0x12c361445d2b0b942d8ae634c684c31578409264ecc835194bb3b43665705f8ee82897db2d40c17236efa28541d9eb4a_cppui_modular381, - 0x15ed70ae38ba0cbfffb99e76d276e45b3b49157cf670e651501dc96f69980012046afb3e81f2bfbe079486e399409f46_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x01b2d5935a79b332bcb2299dfb78890a56ed571210600b3030b4be6825dcb208a0b6eaad277f044f5b70ad65bee27725_cppui_modular381, - 0x15c401d194d21b5f6bf2691c8726fa73f288a28e72c77d9c8386194bb36ec89e6dddc3772b77793d3104b89a5618d0e7_cppui_modular381), - fq2_value_type( - 0x076786ad2668ff99ecb68ad1dcbd762bfe7b62987022eb90120a6997954ca7c3faa1834c7dedddca559d0162236e09f9_cppui_modular381, - 0x081b53dcef5837a6fbb94b8bccda9395847c9a6ed3080b0458ad72031601f71b7f23b04f8e593f21f43244237b09e0ce_cppui_modular381), - fq2_value_type( - 0x1363007eeda768b8d6d9ea1bab6accef3e5f3b851bf0715b04f7317dd9a09f2af5dca1bc5efe8434ced4235b2da7636a_cppui_modular381, - 0x0e843bcb1b06308ea9beb5071f4de6e8dc1226011ef22afd9f682aca5db03f78bc407f4b5863c4612cfbca191d8d5264_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x09e95f183037e02512e994a0044e4c2bf373e9a8edfbfdf6425f0d610106d3b88c32d8da0e85f32ad84c038b5c20ce80_cppui_modular381, - 0x09d3f02536c1922e7c33f1686f43177a66d0d567bf2ecafcd47d538cc2523bc8fa03a85350fa766faefe33b118a34185_cppui_modular381), - fq2_value_type( - 0x15414baaa52b6952275aa8b31572a8f82e3472a735a697aa2168e46c2ff4f9ef5f6b4bffe03cc843a02c215438d10527_cppui_modular381, - 0x0fd23ec0c163b1d456808f8ecbf19bc8f3b138190efe5732fb0823d9702f137a7d0353406336446df0e555d5d3a42d26_cppui_modular381), - fq2_value_type( - 0x16969d63ddce6e18c9aa33454ca0dd1ed9328fc6c690ca8a9771d760e1b801f251afc59eefed8957e30fd51aaa65267d_cppui_modular381, - 0x1328d04762db65b76e3dbebc930a4a3e1ebbfb1d596f670e95fde50fadf5eaddfa609fc6567c8440fb6b17a6262b4e1c_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1601da1e0d9872d0fcf6ee1397e428101d1d4cc1e875982d091e3259da14e26e36e1452e4c084c3afe6922cf66c64102_cppui_modular381, - 0x0476be604483fa858416710bf0844ec5dad78625426ecf02a30b7d6a62d3ab92f05a53306168637790859e7fd751d794_cppui_modular381), - fq2_value_type( - 0x013adb66561d6bc6b11b79767cbeb7409540fdfb245c4d8f5b9ea802e4cc191b7fccae561b9fc995e259743b6ce41b7b_cppui_modular381, - 0x1752d2eb4feea2244bedb2eb4905c3df92b708ea7e0ea3d0b35b69894939f871d73e7d1ade15dd5c12d7d756be336fa4_cppui_modular381), - fq2_value_type( - 0x176cda123a05f85db65bca810d8bde65d304442c4b0c6a55b73a4ff1eaf466658d8591708fb12e9bc54de92ff2b4f3c3_cppui_modular381, - 0x01a5e0ad1f0e699d4154693d9aec72f73b4cc564329c12b63c27412ae4e258e1dfd71bdaf4e8ccc7b5624dd48a776ba6_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x097731a9641d507c5052ca1845b5cc6be3ec532d5dfc25a8b1b58bcede42ee776ae8a9dd8689962db3cd89a70015e0d7_cppui_modular381, - 0x121d0a0853908e1e5661da47c6d22ac6d803071a7d58da6aff6b2c9dea4f4b25fe75e68c56bcd8ca87d8fc63746125d5_cppui_modular381), - fq2_value_type( - 0x0680482a5fd3467e3ebc4ed545e5e4ed283553eef52004d47c7aa26c83fd91564708f9c4988e2b127477b4f25653e108_cppui_modular381, - 0x14f561c56f436407dd973d97aa11657125d91180686e9de942d6a976910fb7163769d143b1af2b004910e5bec05090f8_cppui_modular381), - fq2_value_type( - 0x02032ab591e4e4f68b300065faf1d47d907aac74fefb97717ce1a9aac1f4e187e30a073e4279d8969f42b6520e3d8fe1_cppui_modular381, - 0x15dd6bcc29111d943b782083c0c021426d02cf0d476e563600ba48e26fa367b644f1c0600c448f7cf059aebb8c72cb8a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0a448fe3b7bb0bb53a7d8254a6f24aa9145608aa2f3598035947d09757954a7d14154e27a1e347d00c939bb6e1b800f5_cppui_modular381, - 0x199dcdeac49aef35d2d93fd7979e604c00d87159072b34c4b03381c5cb31843687a4179021572818751e4cb94875cd60_cppui_modular381), - fq2_value_type( - 0x0450dfd0dd9a364c11b2f986c10302a7d0900e667846636187ce746741a7b1be758643ba6a265e78a91a523044b18f93_cppui_modular381, - 0x04ba74e0af496807b29ff97582d800e5fd61aef2f4405c865ef9d6cbaecfc6bca2ad6f4ce0b6a92404783d5dc0cec4ca_cppui_modular381), - fq2_value_type( - 0x1032d1301cd8867d516c747a21663f736866bfa69539c1f5efb3598f27eba06b19e0cced6a7c97234c485783e51314dd_cppui_modular381, - 0x0d5eeb11fe035c8b79e8b8077e3d30a565c1c5b0a05febdcbaa32e10466519b1c9ce20399b0b3b78c895248cf26c1099_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0457378d02c761f1589b5c4c05149d50c7a62a7bf370a7786f61fcc9a8ffbf7189033f7e40efff5124e7ecf180a38bb8_cppui_modular381, - 0x12760b6d51064deea64675bbd8ac39ebeeef3c8908a601ffd67418fe8f65d40449ae7b9a8e438bb9014676a767d7557b_cppui_modular381), - fq2_value_type( - 0x12887f08d80c60f1d69a3f0e4aa36118b1b43c33ab74ce5839de9cc4eb9378c37a53a4a3d13ccacc153b9e373ec1446c_cppui_modular381, - 0x15c173581eb0ce890b568e5a3575d5ae1fae665cbee6ebd88a512bad49d3afb2be3e669691a5aa5f1442e219c946ec17_cppui_modular381), - fq2_value_type( - 0x0b0ea524c1cd333c0e4cc65088d7981021feb364f441f213d418e668be41b57c698f7a731b3745ac581efd338ae27471_cppui_modular381, - 0x0c51c5ff592ff7a5e9be5531884a558bc17a1a079ff5297bd2b82d2a3b1920e3dd7b477a538908ade8015cb49c41da95_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x12346c1f7fde0a6481edf3f6350e2d9f39692e3770d032beb09edfb9149e237704358fa73381f0dd78f740a4b0033d37_cppui_modular381, - 0x0ff9e150077015c44da9a06aab2cabd1aca3dfe6e75c40f9e7b524f228c2c68b5dfb9274006aba7453e8fc6c18b72a43_cppui_modular381), - fq2_value_type( - 0x053e48b8ac981a1349e4533c1ff3e54e49d910789950eaa8f1e5b9c7db001c37b63e9fcca8109a0061e528bb2e4bb2e9_cppui_modular381, - 0x159d39a1835f517405528a4be8e4c6449a2da103b74e380d70088917ca4422e5d2791080d73e55ed5680016c4aaa3387_cppui_modular381), - fq2_value_type( - 0x12ee315437814f6f2e44f5a799878e5c10830e55a7be4514a8e14eae81e269dddb0908ba3fff66f0acee68935ae19142_cppui_modular381, - 0x13f30af8e898f773f2a2148efc7fa4d822f70ebda7ae6e378b5d9fb8f59c6ce9ee65b83234939386b461d044ff9840d8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x166df020c015f6276e5204b4e2ca0ac3f8f65a768dcc98074d7ebccd6c88420ae9dfc38357c4f2c234ddb3af6d3f67a0_cppui_modular381, - 0x0a140fcbaf24ab8445dbbba62b07a82f6493d5f18010fad9de743d733ffcc8666f5991a4ce972eae98ecd988ef8c800e_cppui_modular381), - fq2_value_type( - 0x16508a375db841cf6db5ff5e6b89bd4e270bdf8ef3c47a8a122aaccf9626a8f0d09f95428d7b9a3f84ce301c32ed7b94_cppui_modular381, - 0x12dbc882092d092790413662b65ab05a72ee56606ae41aba7fe40a374162b4cb6239a4d33b286e5a4063b15ae29241fd_cppui_modular381), - fq2_value_type( - 0x0c575fc736f1ef394259031ad9f5a794469bea5f021c21aaaf80d591abd31cd7b08ed3ba691b9da81a4b125eaead4f9b_cppui_modular381, - 0x01ed73bdb5cfee0bb4f07a7d7e5d77c7d0c3ed2ce4209884ed3862f0fbe9350ed4a539f068952365a1761dca3815adba_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1848f80569f51b1f51ed93b2e0b431c569dd46ff57e23b22463f4a31867e1c5ccb24fa4f5c8495acf27b673f8323bedc_cppui_modular381, - 0x15c234722d22e01afc249ee359f35e4500e0839be921ede8508db97ba412052d994a091c34276c6fc9022daa05f6a8a5_cppui_modular381), - fq2_value_type( - 0x151b69278602d041f5aab6aeda3f4d3e9d053396c0a4e770f9d3adaf1bcd8a6443376780838c4c520e0d7cc7ba6fce5a_cppui_modular381, - 0x0529847a8c4437832aabe0b4e1849b6267fdf1b1ba0672922fb2d6350d92c841a9af6837853f393af529f49561d0a75e_cppui_modular381), - fq2_value_type( - 0x0b2f999417b9d18478e67fb1026222d2aa536daffe9643898cdd280fd2458cc4aa6835d34ffce61ccc5e02d3b4a77431_cppui_modular381, - 0x152c179609332a6e00e49798f1ffa6bda798bc6023868bd0068b79dfbc2d2785807d932712855f2c2db2a1cbdba62364_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x117bc119a684a48051549bdd32f847984a565b884e6d4c5b40fb493bcae9bc6bb4a92ca5154ff51a35af126b936ca6e3_cppui_modular381, - 0x13587757d4ffefc27cc39b03caad6d18e8995a2cdd37fa96064b961426783b897c48b41783134b448e24960b3fd34b86_cppui_modular381), - fq2_value_type( - 0x16a4ba21b3b72631eb6eeef07b182ce2e42274a097e4bf3dabdaafb7db56dfd8120bf46d3d3e7473f85992e0876b33b0_cppui_modular381, - 0x12f9eb10ea1fa853ea2bc5d637c377f0bd4913a8cbf3d8f9ef864a28b4f35143d8d05f85162096257722d6eec6b5dbd2_cppui_modular381), - fq2_value_type( - 0x0db902674d16436db18d9c9fcb2c1ac721bf03b5c03dc748a17b5b01580bafbd4d5050b1e0d0aa4b720846d5ecb80227_cppui_modular381, - 0x15559199b2da460902c95f6b03012236c1cd1a4b3690ffe9fcd7555fbb71f54956e9b2146612a9c0f96c305d745a04d4_cppui_modular381)))), - }; - std::vector> prf_gp_z_c = { - std::make_pair( - G1_value_type( - 0x0268c098d516d238a5b98b417a4eafddd74a015afdd71b5ec8e77f65968747109d973bd4692b78cbdce709e2c8e58831_cppui_modular381, - 0x02d266a82b527cb98d009df3a7007566458bc9875c3c7d832799e6359d7caeb07d62e8b9148d648e256dd42df80ab9c8_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x098d0136c4faf97019ea68d9c71378bb2ea6a525c0f4583841308a27d59ce236dbab7e737c24c2a926d58f24866a7366_cppui_modular381, - 0x1645739768e311f9387031ef77c95c32bb06414feba6a32b59eeafd42590db1e2d3bea5b3ecdd35c01bb2f70f8ab0483_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x033d6764df97ba59955c490b3f465883332341ba981c3b15cca0df597b1900845cfe2738c555429ffe80eb2fe11949db_cppui_modular381, - 0x152b60036ef237ea6f7c7983a4b3d8049ebcd642c564dc2b7353084ec137d99288bb8b1a5cce09ee584bafed2b561d4b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x021dbef38dd8f6497801a51450a0c77567cbdeef18efc308a57c74781071ca7cc22272b2ace07668267e42cd22a8995e_cppui_modular381, - 0x1191941d6c16ab9cb46c5f0766fe3838700f0c963b447e36510cbee174261073ef8094ba9de1c608cad095517a15989e_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x05a4381eddf7fb3b55ac1863ad3f60448725be71dbc41e02720c69f765d03ed208e7366cf97a9da68c8942c04c743b0c_cppui_modular381, - 0x060eda7c5abe405f4522ab429d3abd53201b04abc135e78610b4180f21279d714b9b89121ddc4512a81479387e755eb5_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x14785323043adf296ccfab046f108fa83bfa330b207a2208f3f6c644811b0e2d79f43e8cfb99cb5b8d2a1e74f68d5169_cppui_modular381, - 0x04ded3c8b339f1c646f09c41f0d24f7295d3242d78a6eb33641968717b5ca8a6db87ad13fbb0a787f18c68c9b9ea5889_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type prf_gp_final_a = G1_value_type( - 0x150bfcccbc039842dd1f95a36a6c96a3fcfc32e148f116b80b3a6d56563453e25e6640415beaa94049254dec9e8f2602_cppui_modular381, - 0x0b12915368319e9e1ccded4c7d1c53668adfb878ccf19c7f6f074a25ff2e7d74dd192212d4b83dce4cc5113606e3d187_cppui_modular381, - fq_value_type::one()); - G2_value_type prf_gp_final_b = G2_value_type( - fq2_value_type( - 0x151257911ca2d7491165a30070ced08d0460ec10a4be856f8f7cd095494febebd99bb09a9e21f2a12918715ab47ffe6f_cppui_modular381, - 0x07ec37f83f717ea2471c333762e211fabf76505fe39c120a7b67aea5005f28fbe331c4b36ec2a629ac307533af4ce8cb_cppui_modular381), - fq2_value_type( - 0x11164b8f17d47e0ad531717116d6d7bec1a74dc01eae24e9f3a9d2a86daf711a67243496062352ac030c32c148a35a7d_cppui_modular381, - 0x0f0b3053676c7dc55b22bcc08e5a006f377bb5844f3e161411bd1abcfae90fe68b0c752069b73795a69ee0ff0fed7a42_cppui_modular381), - fq2_value_type::one()); - G1_value_type prf_gp_final_c = G1_value_type( - 0x19e65ad0b31685e1e2b47587d76e53731a65b26747b8148c8698c8794966c57bca94fb098a187657f4255bd5909732ba_cppui_modular381, - 0x1110759792228497552cc9e27b29749125d45eb17072ef793a1e694b46fb8911ab3d28f29289dfaefc12964543f33127_cppui_modular381, - fq_value_type::one()); - std::pair prf_gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x00cdd5416f7078a07e864d7496a6090ed86c3a96d4de3eaad8954cb4eba7e7e1f47e87643ce8d9ee1b44bc237c2e3cb7_cppui_modular381, - 0x0c373f6210978b647242a5130ad9b693625f599efcccaf5480f54f8f0664f817bbc3b63ea896b8564bb6877d087a5dc2_cppui_modular381), - fq2_value_type( - 0x11d122f060ca5912c955b6089a7a385baacbee8815c4bef8961c367b7360b2640c4cdc878b7dcb813f0056872282ca00_cppui_modular381, - 0x1289ad91102723fd00ed8be6665f9e45231cc670bd04fdfb1e195e3a8189badef4107cf29bb231c8858825d7bc713587_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x01da08a660916a97871d26b13c65d4410cb15af373198f71fd48f47d7d91bd9c8ec29e69ac6e6718f302d871201d6349_cppui_modular381, - 0x07f3de6622d9beda60fb13eab19a7b9aaff9c8652dbf03365addd80fd6606646cbde8e39330081297bb1c39dc5e102cd_cppui_modular381), - fq2_value_type( - 0x05f9e1779a7c4af9421a46ecf31917288ebbde532dbfc3ba76905d722facdfb3fca483f7bad5e55584a676b71b622075_cppui_modular381, - 0x0587f5f68a3b5e237c0e52979b7fd84e358c65dd9d23aa11a46a09295b405827eea5ae23ae0d518d603c13967955f311_cppui_modular381), - fq2_value_type::one())); - std::pair prf_gp_final_wkey = std::make_pair( - G1_value_type( - 0x16f9457eaf8b55535a407ba4b9196af162fcda3813ab6284beb72a5fa7c20699f4f2056b2fbee325117590d441c6ba48_cppui_modular381, - 0x054960f9e8db822e588ce9739ce0bc429abd306a785d451c6a394177a5b0a9f73420c4493f0a72a4cf76bd6811d6e069_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x106aecab790664fedb0482e933d416463dd5f3cf80a87a0e93a533708db006dec149efb85ea2900798206350fa612a86_cppui_modular381, - 0x067c919b9e9290b62bc7caafe3862e11cedef9282960d5a7825d7101fd5103fca4e2f278a9c1511ee502f7d2a4ba5756_cppui_modular381, - fq_value_type::one())); - std::pair prf_tmp_vkey_opening = std::make_pair( - G2_value_type( - fq2_value_type( - 0x1793259d17c94f22ca7266ec6cf3e092fcaba6ea3e16a84740669b4a970947e65598bd048080612d6dbadc3fb7f97132_cppui_modular381, - 0x136a06edf6d4c48c43ffc427bc3307d95f9db165c64a271ae9b878be2ee052fe27b73ac01f08a7d84b79e0603c962086_cppui_modular381), - fq2_value_type( - 0x149f50b3e949b6bd5a78fc6d4f84f539e5533f4b91a0c7f165aaa64767a4cebc0df7134e8d12578fb6b1e6a1b46c0645_cppui_modular381, - 0x07b520f1cee938a333fd4a90245aa77ef82fc7c376048ab4932c06d465eae0c61489c617d18171f4f63b8203c2c89ea9_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1625e28fa50298a985caa12889a641130ded675101aba6b2bea2dc6622a8a241f8ff50b35af0f7de0c962414a4e1ea7a_cppui_modular381, - 0x0d8f5dcd8981717b07c93a0234e28446161ec25bbc6446e81a26a999149c8d77ee72267276f91cee69cffb54612ad7c9_cppui_modular381), - fq2_value_type( - 0x198ab322e1f90ee79d568479eb43e45e9c99e25cfa1a971fdd94a7c8613e164e0e41b0c7a22c802787c8935de6afc8e5_cppui_modular381, - 0x192e723117432a0117eddc105a9d51271c0d98a7e678352ab03b8a4a2516458d4a929f2521604d54c8efc47a913b7c3a_cppui_modular381), - fq2_value_type::one())); - std::pair prf_tmp_wkey_opening = std::make_pair( - G1_value_type( - 0x0fef3bcb3be0690d6fb73351058eb5531d305e2d2b743060a900688edf15a3c5604e9d895a4309d6c8947718b5df9cae_cppui_modular381, - 0x0bafbf431a9aaba5d6c0b91ce4da4e24bbe3d375516faf7e81b7525bade40a8e57b73ab92be9fdd14865e16bf8dfaf65_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0e8cb9990147d608cf2d410989e421f8d53d807eefc80ec7f2fb4104c7373e0a14fddd2807ca2c2f820d6046f2071371_cppui_modular381, - 0x175fe5d48268e68c35d95ec592a67ba7bc495471c87b882f115395242de818cfa8433d3b807d58422786477e33aaa339_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.nproofs, prf_gp_n); - BOOST_CHECK_EQUAL(prf_ip_ab, agg_proof.ip_ab); - BOOST_CHECK_EQUAL(prf_agg_c, agg_proof.agg_c); - BOOST_CHECK(prf_com_ab == agg_proof.com_ab); - BOOST_CHECK(prf_com_c == agg_proof.com_c); - BOOST_CHECK(prf_tmp_vkey_opening == agg_proof.tmipp.vkey_opening); - BOOST_CHECK(prf_tmp_wkey_opening == agg_proof.tmipp.wkey_opening); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_ab == prf_gp_comms_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_c == prf_gp_comms_c); - BOOST_CHECK(agg_proof.tmipp.gipa.z_ab == prf_gp_z_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.z_c == prf_gp_z_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_a, prf_gp_final_a); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_b, prf_gp_final_b); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_c, prf_gp_final_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_vkey, prf_gp_final_vkey); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_wkey, prf_gp_final_wkey); - // TODO: shrink -} - -BOOST_AUTO_TEST_CASE(bls381_verification) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type alpha = - 0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255; - - // setup_fake_srs - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - std::vector pk_vkey_a = { - G2_value_type( - fq2_value_type( - 0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8_cppui_modular381, - 0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e_cppui_modular381), - fq2_value_type( - 0x0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801_cppui_modular381, - 0x0606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x13e5257ffce3eed808841bcaba1a63f907e51c5452ed1d712d2a80ad5b25054a85b921708f89c7192344e81ef4c2d18e_cppui_modular381, - 0x09843c0db7c3e6376559357d41d1d17049e22557e678eca1eeb8d46edb02049159a2a16f3a74aa49fb2b1aabe13e882f_cppui_modular381), - fq2_value_type( - 0x08f60d805b4372d432b2083614477fc24ba9bfcd450f86d05e4634139ad11307fb8a39679f837db216620320c40dd10d_cppui_modular381, - 0x0059498ec17559ff4e7f19c9601a8fc6d1100680acdad1b332575bdef424daed6b989e18ad96e7f15858a336730d23a0_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x07cc3cecf1bf7b4302b549e6094806c3e92c83ab71885ea649d7bea56722a79cd5001ecc8bd7719f5dac452fde2dc27d_cppui_modular381, - 0x155ba4651c0c2b45d4791035947c0416579d9dfe604c94e26f15acfe1c6a4bb3ba5193ef7ef31dbf458571704f8beee5_cppui_modular381), - fq2_value_type( - 0x14f94da9ed09785f1041a7b998cabd45f472f3f499f9f48d6aac1660809c8a6d0dfb4f16a4ddca70125b61369d4e96b0_cppui_modular381, - 0x04272ed3d067c55f4c3e140e8333ae3711e6b82db32fc5a1f7f7da144499b8a7af62f7fcbf49b53f1b0f068be7eccfd0_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x09825619542ee8320ff4f5ba380fd3282ec16026beff6651648162cce26452e187c30be5fbd5f929f3f32c0c02860ca1_cppui_modular381, - 0x0cc2ee914ca20bf39af2e0f3c0193ae301a2a3b978f55df8f87d2c7b9512ec0d83185450ce7b83e4da4a5276bf1de448_cppui_modular381), - fq2_value_type( - 0x135a5110ab1d4581f1d213909b0e36efa8e0009de0065a6bd68374429ea80a9767172f12420ad616d4edd7346942cb6e_cppui_modular381, - 0x0317f9c89ca98f293f8c52b8350938fdd1cd9de5d0e7fd67db5ee0daaf60dedd7504741a7dd2548520eab87a082739c8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x02e1b72552a6bb211c01ca8701d58a62d9e43110853bd12bac43b76244b41ed90a112585169938ce675106e205b9f984_cppui_modular381, - 0x017a3560faca0a1a19017debea64721060a4299ab0e9839a7cbc436d47ad8551652fdb9b34814d8fd4d56d191f7f965a_cppui_modular381), - fq2_value_type( - 0x0e14db737c6803325d53f89823090a4310ab2deaa428cfb07dbc8563ff3dee66d67c5872923c863c03a44f7e73fadcbc_cppui_modular381, - 0x04893331cc41c22fc44daadfbaa8ee50757ca1ae5753fb8ff92323fd1da33459974bb3eb433b54076e52a2ec85ab0ba8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x01ff99b80855d463be989bf8afe767a8dd3d99ba24e26d337c5ed0c8cb52aed049354122e55a58215783a539ff6f14e7_cppui_modular381, - 0x082ca3714156b517d6554fe1ff1a68a8684e988c0bf359bc5373cbd63724da39197f1590f83efd437d81e5dc66dfc05f_cppui_modular381), - fq2_value_type( - 0x06b7875ef9235e62a37801738d05502341ee0a0a407ba1a85918f5cc3c31f0c62b6ba63169c1fb03230995527eda1b32_cppui_modular381, - 0x0ba03538196408591e4ac5335ecd09d104a18944d81d0fd174f9d2beaafe4b65efedb88b514589ae615f0549cadca6a8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x05cb7cb2ff51aa91b53e62decb5170e2bd6646aec10c729aae308b9601d961b2f2a8d360e247ed6b8e32dbfbc186ecfc_cppui_modular381, - 0x13c560f1b44a70ab6cb5543bbe006e729c6d47f6ebf264561aad33aa057be5cd63152d0fb309be094ce5a4a64eb8a74a_cppui_modular381), - fq2_value_type( - 0x170c77d828c1a5a7c8b26646a3efdc37090f0462a4c16018a0b87767e1267ba474c7b0209651b9fedd4529a1eabb3be1_cppui_modular381, - 0x0950f2624a4f3a5005c5af43de19cd884629310e9cf62c1f837e2817909facd930ff58736b852fbcdda8a3f67be12cc5_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1292443c76f4a68cf038d74fb109f8d53b9f0e3b3be75212eea3e25c5386f89fb68ab9d4561c1a534a02adf161fe2cc8_cppui_modular381, - 0x03b936274a14066ee633a18d73cf519dbaa84e92053d589d86387ff6a8cf97d3737be7bb903392a2d8510fa2f5983ca4_cppui_modular381), - fq2_value_type( - 0x03b395cd1c619f2802fae59fd092f65ee7aaede32a92c7d7748ea6676e9348c817144a08e768f7efe5c6b2d13cb54303_cppui_modular381, - 0x198d3968741b6c662dce9942866b4fff9522b8184f1e7456da72e89c5721916416a981e2413499b942713cf09fcdf99d_cppui_modular381), - fq2_value_type::one()), - }; - std::vector pk_vkey_b = { - G2_value_type( - fq2_value_type( - 0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8_cppui_modular381, - 0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e_cppui_modular381), - fq2_value_type( - 0x0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801_cppui_modular381, - 0x0606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1092d6886f816dad06c1d0ee93a168d5523a293d7c3e96a817ba1e5936b3837d37bd3d7d8b452e69c042422ccff49730_cppui_modular381, - 0x107e20fcd6e9794de121a9d4105059576811160e1995e6d72fe9a8a1b61079eb144d41bf2e72a2fec9bdafac618fdfd6_cppui_modular381), - fq2_value_type( - 0x0759d4b33c9d00e6dcc14b95259490cc57b47ed16790904cebb6bf0f7233e15914acc00010efbfe06620e91e623100da_cppui_modular381, - 0x11cdaa6f9efba3c17423d84313e24f411f5a571870943eb488521c3286c0896281275340ba0d4b0ed5ac93fa9fa6f454_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0a76040f2f322bbe0b4c5c158f353f8187aa17b7f29e5d92fbafa17444dd46fcdb8053a6991609178964e185f7010416_cppui_modular381, - 0x109886af215cbcb89e8eb03285e5af5be32e7594a71d6e8f76cab81c165516afa1c729d5d3cbaa18f32b888e4dc8b8e3_cppui_modular381), - fq2_value_type( - 0x085bfd4c5f113ebe52cfb78900438aa67f2e515f729f72b5d01ebb6a7b2fb238f1519912f1ee07948faa2182455155b4_cppui_modular381, - 0x19cb1b61514f2293a7eded56d7ed72e6f5e701f69c1aaa443e53fea17489c305c142df0c7856b363fdfb6b6807662713_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0ef902393a8a91fda1a7f2a309007aa05734166b37e5c4be462444da3193c18ca7cc486cbb8b283ea2988e0f8915a2db_cppui_modular381, - 0x02202489dee2f690205cdf8c2c574ecd39dd1ec3aee67ab0eeddbdd64dc40db580ce52c473ca3116a74e5610be62498f_cppui_modular381), - fq2_value_type( - 0x02b12927688ca7378015b66eec9bb70261d9ddd0dd12ca910dfff26c37e4b12164fa75b356d61ef1ddebb3c949af0956_cppui_modular381, - 0x0b8fc8269fe35645cf44a8b50d268939f9ff91e8a3e5c330d005e51db2af3a8da8682b116bd4d42598b710ea42422cc2_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x177fa050dc1878e000b4b04db340284dd026e7cadedbdf8dc126cafbdc4bb7ad329f0acc1b19260a92f1f680c85dc0cf_cppui_modular381, - 0x063380010a1e3cdb9445952921485e4e3ce6ae21b9eae41e108f96f105123a8c7e3b95b5ae43e3923b9afbcbb213a414_cppui_modular381), - fq2_value_type( - 0x050ee2081d62b70dfc3681f20461d7f0419d5dd77d05da0eaa76f07d6d0a12fcffc4c9246f1160d86392c3dceeb06d6d_cppui_modular381, - 0x0153c9fccfb018f4bc403458ca1ad2c50214746df68e3bd5254e2e6710e7fc621cf3b4e41aad46bbe1c9683728411fc4_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x10e5eee5ade590a567426ff7d9f536ccd9bcf1f4778b8523e226ee72e323ea0755b9703d99aa41c88ade3553400ce5b5_cppui_modular381, - 0x07543c642fcb2c1be9452002fca1f841b882ff49e9ac3d7f376e19b470ba9055fd311772fb811159b6449f9263e42142_cppui_modular381), - fq2_value_type( - 0x19b89423df5fdf0556acbda2683ddf03692af4fe843b940d8e792c1869448c152608d726652dea0016d111a29103e59b_cppui_modular381, - 0x0f560b3e1647ba37816a1fcafe8cb7924177ad8839d0dfd4eb767b6a6f07b76ba1e4415303e6a52d16ba6a5f7485f25c_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0ef5d4e85c3a8fa73f4e7262599a9f7bac7243a9fed5650e58b4c00a7a908975126fbd20df4830c22d7a8a4299894891_cppui_modular381, - 0x01e51e57dfb30ccfc5d6a0bcd574747e70e9c87fce5c198dd46318bd81e34fd6ef0c2380878e71ae330ea7f6d0e998f7_cppui_modular381), - fq2_value_type( - 0x123ac807285a456cce114701b10230d169bd0ed876d7624f7a4c9824e2b53d97c2cd09d8cbe1d7c362007a2aeefa01a6_cppui_modular381, - 0x061947176e5c9f8f650bd781d51015369cbe9fdb1c5fb6711ef37b66e4705837116c3c71c53cbfaa1e44814b1a0442fa_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0b0b09a27a9c6aa5a68773934499882058b9b5a2ce4f873ec70de8a8fbe586d409537fd14add0cf2bb3c4b2749f0306f_cppui_modular381, - 0x064cb42e6c5bc8891c044cb5695c3b3824a926d66fbf9806a3811b072a1ea46e0fc1dcb8c7b4df902b6f86bd5d497063_cppui_modular381), - fq2_value_type( - 0x0b9e9bcaa0c3ce9b91e0dbb85d3fbf21674c93bd26c64c22445ca9819b1a7139f45b4422dc13c0239acaada16f8b1c23_cppui_modular381, - 0x128acf27eab87ac625ff0ca89705c8fc4c26d35cc645dd87145ff244a859bd1d706790c07122a4203e0016a1e472fd39_cppui_modular381), - fq2_value_type::one()), - }; - std::vector pk_wkey_a = { - G1_value_type( - 0x0b522ca98912012126ad986195512d8d9259553fabd1cfdd926d671c4aa8db8b6427f2479e18dfdba1c9b46c81bb5e17_cppui_modular381, - 0x014cd687b9641dc21b9bae8a26ec95c9501a5bc5c7d710878ae81bbe2cf7ec14e17d7188882a571edcc3e185815414bd_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d806df34d7ba36af7569b2c936b27c8a292242e0da0f9dfd0d6bcb0bf858401c949fd1b7bbe391b306f5d95e126916a_cppui_modular381, - 0x082fdd273edffa8a82960b9a77685c9edaa202ac9ded5f6a40bbfc83901baac57e84001ca731ce2dd28ceab9299d1023_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x015d332f8ae2a232e0e41eaee8e718db07d360aa4e7efa10524b97f2e209e03405910e94abf3cbaa91ea54ebed391b99_cppui_modular381, - 0x04dbab44c5d1a057a65fb4c98d88e43358e4de735e0fc575379a99764167fb34b05558e093ddcf81c10e48c791213f5c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x009ab2fa2fc3c370245b8e860672efb118248c8851566dde51e979e78a3fe7925bf0c1286a8091b70498b14695257263_cppui_modular381, - 0x1321ecd8b5990ff6519e090b033f3a6a3e57f501bb71b359acd0a9521219b559f6a2b3354f93928385eda276e84e6530_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x017e3a7e26a60a6edcb460c79f337f37b292029ea396fcfde82bafed31edc205937bc145e5d69c8eecf87d894584c791_cppui_modular381, - 0x127975318f793df99a10a3ace2b49706a29bbb9a6a974d205aad427d3e98ea263fc2a0dcd8b647d9b36b9241d3e653f9_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0a9d2406465e2197ea5ad674fbf51cd16d6f885a98c6500dfe572dffcd31cbaf4063778692a4f6111118627cb24437c6_cppui_modular381, - 0x048c954b203cd7403f46be13699c0bd8b295c0e5a112e56fe37f367a9115cdb72ce8d7691e9869a92b51f3556258f52c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x087b91d367dbc6b564d8b43e4370e22bba590d5c56c21c23ff16d7a8b220b30f5e46f6ab8104ff9193b5edd93bd37044_cppui_modular381, - 0x1105d394dcc72fdbc1e4609c98b59f33979be317305ae2ab1e10a9ffd58c4dcf2484cd1842d7b02575358b552b1155fb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x12e26639adc0ea9afb6a833e9e5fa60f7315787803189d438a4070371a011623c47718f34e24656d9fa105c54b0e327a_cppui_modular381, - 0x0c84c30fc69070f4d367010b6a07a604446144af73a8a7c681d35a5e43f8be9d327b324a699464fdd57cfa5248e5196f_cppui_modular381, - fq_value_type::one()), - }; - std::vector pk_wkey_b = { - G1_value_type( - 0x18d26cba6cfb23c442c58d0137fa35e080c458b1fdfbd3088e666306f965a4e32aa3f7a077b22a9af6ba4ba5614b241e_cppui_modular381, - 0x06c0e13143d4b7c802064c54097165e5be9b091125e513c9927f9452521bde82004516d2a6e38fd7e5ae3fd10e2eb549_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x03f8962168d7f9ccb1cfa4232f669b2ddf7695386ae5a684c88ae96ef9be862d52afb315bd9b361643cdccdfc7a7db10_cppui_modular381, - 0x03264c2a67ed8aa5649788ae48348c0fe50a9743a7d20fbfc927dd601648df09571dc58b3d2b3519b66ba9c5920facfb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0a955178688ab5b8a82620a97193079199be803d26214d35e350685b5c40fecb184e0f54026e8c0482f264a5d076591e_cppui_modular381, - 0x10a23cbc888b71b92a9fc336ca7a7f2c7b09de6468e032285558fc2e73616849ed23931b9803bf049b0ee45e8c20cff0_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15d02caa8cbb5c58a7997ea859d7d8abd1bc8d5b5e42e4a9a1cfdd09a3e40107cffc81a1e4e3275bafef1130124a95c6_cppui_modular381, - 0x00bc9edd53e769309c4217a83813eeb49f4cffa1a6dc88f436b1b45e5d8fc4fc4784e4927f3f8ef43ef3ef52970c07ee_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15fc65285a90a3b665f1cea98c7b5e8ffe6baed2a55474ab825a128a145437abdd5362047d2771b40e4028f6eb44055e_cppui_modular381, - 0x0e93e516cc6592b003c6cdb33157fe920a25972b6275735a7183fd1eb3be495d0b13aa6467b4fbb4f36663609db07b5c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0fd5d25aeda51c5ecf03aa7b399a7e5df53c7a9dd05daba949bcc46e8c8bea53281b20970c1051295820c212563d27f8_cppui_modular381, - 0x078fb03694b51834eefb217699a8ec4dc61f8b3532b327a45fd52991c885df3e9197b632c2f1e1bb6ac0ebfa45ec1c51_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x06d4d645adbaf6f308b0a5bde1b88b9dc53705398885a29c8a47186e84784fdc53b6019c6e55ed8aa17fce508b16ca4e_cppui_modular381, - 0x0fc0ea575892e2426ba0ab18187eb71cb991207e28306f365f8c1ca5316cc790aac99935ae77223ab16be61fedd59839_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0a3e9a3b12ced9477656db04236d14d9e9c65fa43f34d1a0bb317ed469210b137ec4728f48bb156e8b8dea8d3e64bc1c_cppui_modular381, - 0x0a1abc5aac3dadb984bc3e116f0906c59393da9905edeaa173ae06f8327ea25689973d0311ccf8909d090403db038637_cppui_modular381, - fq_value_type::one()), - }; - - BOOST_CHECK(pk_vkey_a == pk.vkey.a); - BOOST_CHECK(pk_vkey_b == pk.vkey.b); - BOOST_CHECK(pk_wkey_a == pk.wkey.a); - BOOST_CHECK(pk_wkey_b == pk.wkey.b); - - G1_value_type vk_alpha_g1 = G1_value_type( - 0x00dbb88261e862ff316a63b8cacfa558a5aa7e6388a085fc85fa8d27b06759a548a0aedf3c9ac0dddab13b3ff3d80cc1_cppui_modular381, - 0x030f05f9cc508bf38dbe76fc6d8a9ed218e5959f5ccff54a28a02a80457a47596d99bd0f5f6c3885d518d4dbdfc2dd37_cppui_modular381, - fq_value_type::one()); - G2_value_type vk_beta_g2 = G2_value_type( - fq2_value_type( - 0x068ded40c1a55dba490d3b49fb644f7e43662ba502165e84e50294b7ca82d4d7bdb5d93a35702b12984c8d600091ec18_cppui_modular381, - 0x06de2178c3bba1698dc0e1b8de6032bf70b5927c1a7cdd7c902c7faf1e78db8dd732d430458cf019c94fccaef3c0ee6a_cppui_modular381), - fq2_value_type( - 0x00f901d1cd3f52c6ce5c44533dbf86fc80326e9976d07199be08505cf1f3cc8a7a97d4d284b0ffb6f8fb2cfd74c83c60_cppui_modular381, - 0x176dc9153e5d9f1ffd2873db39b7e2fc2e61df272227fb184f6b654232ed1ac25227f5460669284d01005453e3f5de10_cppui_modular381), - fq2_value_type::one()); - fq12_value_type vk_alpha_g1_beta_g2 = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x15e21266f7c5ea7867820d42b45b4f9dbdada05f4e37cbc8ad33c02139b1b6d1d81425efaac363937c8246c11516be83_cppui_modular381, - 0x19e0d83cf285adb06309cb20e1ddf4cfdd78665891fcbe49b4b0b98d10e82816e5fe7c700f07908a52b981f1f2028b92_cppui_modular381), - fq2_value_type( - 0x099c1f3d824c2ce11fb86b091c24c1e1148dbdef4745118a8b0a8d38d770e34c13ba8960486050dad506ae333ecf91fc_cppui_modular381, - 0x006eb8e6184705a1f3d1c612e3e28a31b005b72d4efa0a38a9b4762731a5e274e2ef0b3d62b547411628e14a6c6be1ae_cppui_modular381), - fq2_value_type( - 0x0726c2a051280332c32aafa6194b0415b3ea2368c8879ccc004b0ac8b89b45d507f571173cfd901375c62a20568dd481_cppui_modular381, - 0x135edcae93eb5ac85010e967510101f58d339e6048f18f8b16a6f0eac490bd88b414c6612e75fe469b92cc277f308527_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0151a2bd2fa29771bf5188d9c33175979ba7c55586830e659f8d5976215265f2bdf2c3eb1d2f302fe83e1995f2a5edec_cppui_modular381, - 0x10dff806f415c174c43b0daf6586da7547aaa2960e80ac1fdd3e7a0b1a34f0f260466a2070bc4e8079398ebb30281477_cppui_modular381), - fq2_value_type( - 0x14a6097c017bc7500b737f6d7331049f37c893854316795fcc23e6d90ae5516180210edc024f8d979886d7c47ca65da8_cppui_modular381, - 0x16ade7495122dd7c6ec113e0527c0333830f393ba40e0158c0dc58ad43459287bf9eecd7a3eaa8146442f73803035711_cppui_modular381), - fq2_value_type( - 0x0464c688647b6de6fbd5a134ec479fb6ecf873c441a983b38ed7b1146823258ece76ab68d3f873f4983f09d86cc9f0b7_cppui_modular381, - 0x07420be6059e97d7ab30072b6a90703f1534037c2a62d40d1acd28f83fa93a516d1775b131ed8bc46f67691597dc3a97_cppui_modular381))); - G2_value_type vk_gamma_g2 = G2_value_type( - fq2_value_type( - 0x1333bbde340c3be8d29537fbf8a661b22027743ef5cee4635b800a273afe98b62f708355dbb45187034180a46d9e6196_cppui_modular381, - 0x051da15946eb469ba6f3e8f225d06250207fb757c4ae0df9521ecf11903eb70864376a664cfee29867b4869119c1cfbe_cppui_modular381), - fq2_value_type( - 0x0baab12c979dc4d9917948b2c24002038e4c304a3914327ceb80aa76bb8b8e9665927d46f882692d5e8923551a44f5d4_cppui_modular381, - 0x149ce899cce09392073f6f04b022b0278db3c3d0130de1b689ce51b25379946de9a0ee5576c3514561b667937c4980c6_cppui_modular381), - fq2_value_type::one()); - G2_value_type vk_delta_g2 = G2_value_type( - fq2_value_type( - 0x1104d524c9b324fb1e15679c73df5930d71a2c89ba81ea5ec5857a988acea848472dc8ffbae686bbe267676174c6306c_cppui_modular381, - 0x09bf8db82396247f9b8884c59ac6cb9022c2b2921987f92b72e6152c2d7e27208a7a87d879a13d2e3dfd4c28b66b7c8f_cppui_modular381), - fq2_value_type( - 0x1792b5390b2aba808de3f6c93be32b44b6f7a49303cdf33eedd7ad0a418684c7f94249ffbbd0bca178c0e6864d899ca0_cppui_modular381, - 0x047c55f72a491f8476b5b4848e124b3bc1faea631d931d97951e580f51fa22c27a150f7efa689fa7ea92a2818410b7c0_cppui_modular381), - fq2_value_type::one()); - std::vector vk_ic = { - G1_value_type( - 0x0b95ffa1d9439d039bec038f3e17e29431fd4d34f6eed612212c4f44c2096a6546316cc3d1081f812fa0ca2e648a03a2_cppui_modular381, - 0x046a85977315abd58c098ad06187b9f58d809e01650b409ed162611daa90fe51aa4c4e52504e809dbe43e8951f05bc4a_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x049736baaec290149456d283601a3bbc49e52a0d8c405f21e12cb6dc7c00a1cb58776ffc4b2b8d8eceaa55a18dc50eb2_cppui_modular381, - 0x03cc5850cca5dfdd069e6d3526fce72de086b777248e5246ece4e19667f31749f40a27e49ad4ea3c51cbd32f3cbab575_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13bb5d0780f4aa12e1c05007a6c4f67f43484256919444202ad57fdb13c967780faa17e9a7ea6b3e2d6f4589b09e8ddd_cppui_modular381, - 0x0656d1ef5d8ec8ec2b198fb3c86033fd18fc480756f43aaf8a88e39b844230db5bb785a3c2d02d9f0e18dc90902c6b04_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x09ec91e9f3cba5b818ec629925a7090cfc34b7c9346107cb9a07b55499c2bc573b9c84d954d914af5e81b2ae8252b8f0_cppui_modular381, - 0x0da66aab492dc5aafef10f399e949ca797b94cc1d424e9e66917917b209ca891e66d11d5286caf3b3dbb4ea079ea2a88_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d36fa8e1b57756031ba096af6fbb22e99b30e1bb428cb440ef864e786be477f21a9191c36affc230e9fda0a7d17b9d0_cppui_modular381, - 0x1354a82cd96022a2473b8f218e3dd3195f54e2a703c0dc69c58358a76ae1eb220711c55399b677dbb583df25bb167c2b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x036b2788dc31357a8c9cbf642120760b5ab8d3253aff9bf6fb4785261ca1d5c7e7e235dea4c002332fa3cf9e2922a51f_cppui_modular381, - 0x121964e53798a19a8e6954d85ec7575343980ddce3003d691fd007c38bb12bdd23ae674b35a539917d0304e73d741b42_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15e49f2b4234214aeec15c58d05b620bd401c4fa1a5a0056fe9d284a21dd6dd43216e72fb34109268995a55435b9b811_cppui_modular381, - 0x057c5970ba87501884835739f9af3612b965f1e896c4e88dd1bb63a318ea4fbd7742eb83c08c789ce945f87a305c814e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x131ca5515ce5658f28d31fe0affe1711fdf2e2e0e2fc2efd80aeecbf6e09dd06d01fe4c78c305387569e0eacadd1301f_cppui_modular381, - 0x0fc80af454299b5313f6c0e1a6f0de00022f4a8b98b1872f1bed4208146ec9ff182e65ebe3f2bbd9e97e9a8993633927_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x14e72b027c5576502a3a0218b5671aeffafb4d99b5c609cd90a46e2f96d058f1e3c9e4b1c619542a28e7ac8bc472c459_cppui_modular381, - 0x05bb8f0d5c5bb84f43776639bc59c851cf68847ad3496508394d1561d754be3f04b5acb7da2653d3b6c2f28f1b643b28_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x19ab93d470e562494353aed2af8c70d2b08aafc156b1c6e24080879c5b2d69322b34b1a7baf12703efd9c6e9f96097ab_cppui_modular381, - 0x03ad762e493a59e8d3608cad7540dfd3015d44790f1e29946d8978b6ec06bb292d335e5c728c59a40831a7d44422eafb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16085dc79607d139d810a48c82a977445d4aa65251e9a47ff51d51e05fa3d8ed5626b43afbb0e3218b5bb8b350ffe57d_cppui_modular381, - 0x05885c33ec46d1844f5154d9419c38592b17f8ae4c2d0de36c9d42cdd1cafa29380d148e02aa46e33c124ed572aa0966_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0732e6a4527a2c68a78525cc337794e4d676c7514f3f9dd393f079215a072189b5ad42a1ec400e2259321b6e60eabde1_cppui_modular381, - 0x1422e269997071400763b3e7482ffe2a53b0a5a42f745a9abad0a85df129a21996f09f831c7dc405c50a37eda3939d9a_cppui_modular381, - fq_value_type::one()), - }; - container::accumulation_vector vk_acc_ic(std::forward(vk_ic[0]), - std::vector(vk_ic.begin() + 1, vk_ic.end())); - r1cs_gg_ppzksnark_aggregate_verification_key pvk(vk_alpha_g1, vk_beta_g2, vk_gamma_g2, vk_delta_g2, - vk_acc_ic); - - r1cs_gg_ppzksnark_proof proof0( - G1_value_type( - 0x13dac7f44870025445d816a75cf691b7ceff3a43c749e6330e3276eb8b68fee59d97b5f3ab8b61c222ecb11020372153_cppui_modular381, - 0x11eb5400aa91fa11f3e79aff666e4a2efead41d46672fc58bd6efb3ce3e14ca079b3e8f0a3da237015d99a0e9915e55c_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0fd92267608c708eb20055a068152a3eaf9b49df3e951060b941ff63bf2453be443c86d60f29aee4297c1d24cc53853c_cppui_modular381, - 0x05ea088000f639b762269469b2e9250325c86be0321fd6d1d20f073d0ab2e745ef9ef4b458e739aa7d146248b9af3aa2_cppui_modular381), - fq2_value_type( - 0x070483d78db24a0340143c82b869fd9083b4cd47155a57c3f45438e744b28a50c1abcf84a24abeff727c2f6c62d68184_cppui_modular381, - 0x0766ac1879431ae641b34d0c5c7e989a725cb993b97ef500534a108478b849fef6e9f7461a62a398d38bec273dbd9b1f_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x04ba84bf8d18cea7832ccace14b8182cd363518dd592b2f88325d1d6fa24b61bd7d76c768119426f74e7150afbb6aff4_cppui_modular381, - 0x0f12ddcc76e0b3ef817588c303792add681fe90257e63837530368e6877d5736305744b6ed9621f128703748c23809e7_cppui_modular381, - fq_value_type::one())); - std::vector statement0 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof1( - G1_value_type( - 0x19a43f8dda558f4a60db82edd8b13c34668d99bcc9262abd1a7992c643082453af605e9e0a63b470e05d0ec3177450af_cppui_modular381, - 0x0382858cf155f0849d846b5207cef9cf400961c242ba5dd50f3f3ddc18b7c20c7e775f56630fc3c22e3742ddaf2a6072_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x00ece8a6a94a310d1929e8db3b59fa0eb7690934c525daae7825bd55641cdf5618ec6344259141c4a59955937f2aec33_cppui_modular381, - 0x126f50c73a14638e7e22d510911afad8258fc132eff9f5ea973094d45fa7e26df44055bbfd2f64cd898f7c517260c857_cppui_modular381), - fq2_value_type( - 0x06ea69a39622705bbb6bd886642b677eba34f529548cffb46674fef54dea0afe177eee72fc73f70b587aeaf54850c08a_cppui_modular381, - 0x0be1e1d6100c1ca38d94961bb48b018a05b01ee10e3dc11ac6f8d526da5f26c8a1457ef0850d99f75c94b0f74658c0eb_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x08216f93edf127d450129c6da0ef4c34fa5b29928f9da0522189f5d113b2196dbbb1011bbcce0b2cd06e2d4882b9c4a9_cppui_modular381, - 0x0004fe1f2f409e9c7586e6b0ea9af02c5160a7877fcf9eb677a9afd759a1c59f6173c5ae327af9bde42f0a63fa269dc6_cppui_modular381, - fq_value_type::one())); - std::vector statement1 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof2( - G1_value_type( - 0x10e2e117f5d0e0b0a8c50a194121c1cedeb4e05c4c7984032d0faf1db007360989312b52db73a0de165a3100d4d06ac1_cppui_modular381, - 0x0a74c846d1b849d693bd2e8c3a5ab7fe3998b3c8677fbd56b4940bb50ca80ac9883a3ccc7b58ed177710e79009940f3a_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12edc68562cd4a7c351c1cf3ebbb35f204c8d4f7e491535fcf82a8ed0ba05146e8e32a6a4ad65839a6abc7e8fb979b88_cppui_modular381, - 0x165e9341256950a17da3541eafeee06cabb4d6a95782fc1d9a01b3da945a6e40022dff8d571bef682e19420db50b1d4e_cppui_modular381), - fq2_value_type( - 0x13fe56f562a5677f4c23b93ca221adde3cb4f19199fb7c9a24b4d48466920184e9714ef9b20adab97bce9d4d58ada78b_cppui_modular381, - 0x07f5b89ad04d0b7ac5ab497a58066dc50c6990863ad234cee79b5b0217533f79c3da18981503de59eb205315507fa848_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0e718446d244ccd4514e64f98b2a8ccde8124a686d9f489b771cfbf60f19db43e7ad6d6f916878c842bea4eb9c7c2ef1_cppui_modular381, - 0x024471468db54f72a61348bd887e13407f42617d7c3bed8d3d8c6dba3e92c899a5867690a8c944e2306134aec7df37a3_cppui_modular381, - fq_value_type::one())); - std::vector statement2 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof3( - G1_value_type( - 0x184ea507b7d84429b047921dbc1f167d57cde86343b098637248fa6b9468093dd10caac84b4b7c65e96b21b76965837a_cppui_modular381, - 0x06647a340eb73e29d2c806f57520b5df2eb8ffa4065afcf3c3bd4094365968af15143ce1afca2c14c6c72cf576461f76_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x19455a20edc11ad12bf05785a20927cbb6ced5d994182f3f1ef3d5dd1761ac40db62976ffd8c445b23928dc4003f2310_cppui_modular381, - 0x04c080ec3527e90b22e37051be239544d99eb3b91e81d3a3303c72b1ae63fe46c3016b261e0900e866ee8c48402f8989_cppui_modular381), - fq2_value_type( - 0x198af500c968b721f40450c165f9775ac632a3bdb626a5e3fe1ab381475c49cb950aff85b861f37b5e35990dc05b90fc_cppui_modular381, - 0x108e243685a29bc6bb6af53ecf483d1a6d0068df6e84028a53489e4d55ca0c3239e097ab4229fd9f4d11ce9d3aed8008_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0f2464c5d9dd74babcb8985210df727593ac622745c78e53321e16ce60c73658502baeec77c5e75b2632ec9d9292725d_cppui_modular381, - 0x104a076f63f0855047fb71d45587297d0233a04eb20a6a2d3e90906e63daebf1f410a2c62e6ccdbb7ebe0c05cee1b59f_cppui_modular381, - fq_value_type::one())); - std::vector statement3 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof4( - G1_value_type( - 0x17f36c1c6ae991a5e3c7ba129b6e49eed8776c29469394afc76e19ae9b926b1c63d67d7c05cd6852f2a9eb5cb5f26f55_cppui_modular381, - 0x045081c8b18cf7cf0875f37352c7ed583b8205fb11f07e9b4a9581e04e1f1e935e10ea968b00684a0c99f8e5ccd6e830_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x126cdca0cf7d3ae9ed4fe538df8bb1ba9669899fd4a822e377682354490e7146ed474ccb96ac6095e060245f6009e489_cppui_modular381, - 0x0747fa48f440255068bc724e3096cc570f23da12e8510f30b61ebe9b3d2f7658cacb471365815d2a2c07de09b9c51a14_cppui_modular381), - fq2_value_type( - 0x08a483e832b9e1d0f4fb70b8cf027b640e503d09fc39b730b87007f6b0eac51f56a5c323e4703ec2d2b38101eddca085_cppui_modular381, - 0x0c722ebbdf18a7a8974d3ae2e8fba991b77ffe15814061f80fba34cce803c411a1c134c9bada856c7018b96a8985636b_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x18c7b7f92e57efa6c0712e2b47e9893b639757b09c12057fb93a48068dc95f55eb4b4246cda0f9234f86db1062637530_cppui_modular381, - 0x01f20a6681a1ec639e6ec280a35f274f859e5df114635d5da68b05f12d0d556036d4fae1c478a37f3f9369309a5d3702_cppui_modular381, - fq_value_type::one())); - std::vector statement4 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof5( - G1_value_type( - 0x1770723fb3ae99fecc9a3ff8e1e437c9e02b905cb8436ae822b737d246d5132f8c0b60d5fdb07b6a463b38e3931af491_cppui_modular381, - 0x091f4b72e0063c4e6d688dd2674f412e08c98bc4a835220ed05cc3bd87231deef9568eceb2db63931c4978d742a23c65_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0654542ab14023b03bdab2bd94d894a8cbf3f35638ab47b1c7efaac8220d75993397d73259ade10f1dc732b277afdcdc_cppui_modular381, - 0x17a7e225a880d2fbf279e1e4a137867991b8cce2e1ab8879585c22f385f39d4fdca864d894ed45ea6d6bc1adefa6b2e1_cppui_modular381), - fq2_value_type( - 0x14f53e605e54d056b613723c6caa224df7260abf012d085dbc5fc097a4c9721f578efdd8a8f0b552755adc31251232c5_cppui_modular381, - 0x136d84270ba8b2b952196f4c25a3f2554e38a75fdd93331db085a6fe7060ef1b5ea7e55ac4b4f97626b1aff465223622_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0edb772cfa3d59051b51a9da9fffbb451c3d3b3383748f5ea3d132bbeb835b3c74616990142c5972ac074dc1f1f1d2c4_cppui_modular381, - 0x0cbe6b7d7fb2cd86370f609c1c220fd42505fbcb2f30b33fb65ce2319a5d76a522fbbebf2a3b088ed24287ce0f520be7_cppui_modular381, - fq_value_type::one())); - std::vector statement5 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof6( - G1_value_type( - 0x13969ab74ceabd253d6345fa7e49386b1e82ed9214a5c2d3725ff55c36ebf7ab9e7fca7ed0d420bd556edd53a5088989_cppui_modular381, - 0x031231ee5ed0a3a0fd0ce384f564fe5bc8ed7fa156e7a9a642855ced86b4dfc1c91b38d317ca852beba4912497b1fb51_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x031dcd7b08df20c93474b3883aa42b4e7921055a5c17263af57bb7661f0a9dd438f650a59b1e81e13fff0ac3714ee3d4_cppui_modular381, - 0x15203fb4fec67ce68cb87116def30b84a7d7d8a9f15583f878e7657e907a91c7a13704c0e32d005a31544b6a67be3779_cppui_modular381), - fq2_value_type( - 0x01e43c896ff6f2cd3d6d57709d8c8cea581163fd68728cb1339f3e74a289852f257ca7b05916b947e7f98917565f6abc_cppui_modular381, - 0x025651e5d33a8ce6bf08e4fb2845611e9d6930871774ab64040f648696bf7caaf5afd5570f0da8c77be06c9d50b9a9c0_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x06aec97a6923f181b083a9c2a44580ae2114c63ccfd911e8a6d7d6bc5e299aff31f5e631156746314a0a80d71694ee98_cppui_modular381, - 0x06e63fc9d146bea9c62af2dedee947eefa5eabe8fd5ef63e64b5e860102482f170db30e6dfe6e0f53ef02f5a9937d5d4_cppui_modular381, - fq_value_type::one())); - std::vector statement6 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof7( - G1_value_type( - 0x0838dd40f3792d967ed840c60b51162d4c0c745aa953075117dc07444262617e9fd58cad4595036d5b815d87ffe287b2_cppui_modular381, - 0x058fad8c362ca1f416b7f13329782eed775868ad9724f1f312d60a3fc5469964fabf1b6fa85cdb266de14002074cfe11_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x16ca9728c4dc860c70a9907823ec600c70a6aad0e7e58a97ff5548d6c0c28e0be6d2b32a9a11a5effc6a6664ae729a78_cppui_modular381, - 0x0640ca9dff5a2f611f6375745b51db9d15d1379bba2ece7cb958f04bb330e75f537922c9f6bbaaed51eea279f2256225_cppui_modular381), - fq2_value_type( - 0x130914c2436684cb13844d4abe4c3ee721abefa16608a0b6950de5f01d5b1b84181b94bbf2d50fceada7a034911858c0_cppui_modular381, - 0x016a4e0c35de9ba5097a643861d02e33c24d016ed38695e8be69c8c342808938b8177fae45b46d1233ec5ebc86eb35fc_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x08acfba9b2913a24c3f421c794dbf100fae344c9da1a790c9212021d20ae1002c750917c42e5e8cfea24a5c7345ae96d_cppui_modular381, - 0x0c527ce8192336834bab92a8d7963aa2f504cf86de24c29aaed66d1682c8a74a93ada21545debffc25dc09372999713b_cppui_modular381, - fq_value_type::one())); - std::vector statement7 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - std::vector> proofs { - proof0, proof1, proof2, proof3, proof4, proof5, proof6, proof7, - }; - std::vector> statements { - statement0, statement1, statement2, statement3, statement4, statement5, statement6, statement7, - }; - std::vector tr_include {1, 2, 3}; - - // r1cs_gg_ppzksnark_aggregate_proof agg_proof = - // aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - auto agg_proof = - prove>(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - - fq12_value_type ip_ab = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x15252e258c8a254162aa0713bb76b78dceb590bd54a222c5cad3d0a13adf93d45be071beae8f4caa66e27bb7343e2c00_cppui_modular381, - 0x0d56df5892c84ad3ed483859d6afcf28338975350084beee6d20256ab57d492b8abad9b73d2ae776995589c6646f0b00_cppui_modular381), - fq2_value_type( - 0x18370c4988d1f03c331c0186eb562f3d21bd3c60a06aba6e7129ca07cf0ceb586ebc949aa2f4653e3407e0017b0d93f2_cppui_modular381, - 0x08d3f06b80b77a84ca89f28901a46f533012d6ceab10a312a907d251c60cb62bfe8c62bbff5beeab08d706952e80e315_cppui_modular381), - fq2_value_type( - 0x0fa1557f82f9759e5d09122f5397f04f84923bfae26c553de3d597aeba214588ffc209f2105868a91beaeadf5a139ae7_cppui_modular381, - 0x00d441c1b438714a40c0ef990976ffbdd35041b4f5f1b19b71ef1b27655fc6ee2d2308ea954e6d5fc52e3658da1b4b57_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0bb9debb1f46a12857b5ee200dee7fb1407dc46f0b6f2033003471ec5a374a70c2b829d37967fe64016ae52c40e29f6a_cppui_modular381, - 0x1120eafcbc20a2197ba3a72c1e45fbf439b388b589a14df2e72e396ac7dd587ea6c7ca5e0c92823be3c6a9ef07d25bf2_cppui_modular381), - fq2_value_type( - 0x0d0351b20e3e456163078dc71d00871c03e8a1f8aaeae4ca9e5a84892654253178619a9117d27e8f4489ce50c8006fc8_cppui_modular381, - 0x01645839c061ab603b6f2986dabc01f34703c51d7665dc049de32cb9edc3d19c4c6bba61f5bd9e547338314f48d23771_cppui_modular381), - fq2_value_type( - 0x1790f2b2540fee819d211e539d7680e7aeab3a9cf83a562f496fa951ed8e2d5bfb597c7e952cd5d549b2b768e3785f1d_cppui_modular381, - 0x14f7b9db7a10270ce2462e8b44f4b1688ff2cdee66c35b4013746a87a15a41945fc0ed72c2e0b886d05f93c8e04b97f2_cppui_modular381))); - G1_value_type agg_c = G1_value_type( - 0x04dcf2ded167d1b951bc10d1c4a15aa6f9b0cf228e44e197a9f0a588703241175006b04680d99d271c09c14d754ff5fb_cppui_modular381, - 0x010185ed049608e00f66fe27230967cab64aad05e7488cd5a46bc581b159488af6c711d4b9ce85f7ddc1a9b43cc611a6_cppui_modular381, - fq_value_type::one()); - std::size_t gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x13091d70ceb2c2901145ecb1342d954a96e2c05d3c952ce775768645e709ab46fd821b5d8cc61402750307423aead6cd_cppui_modular381, - 0x0546adcae5fbf133379902abcf64a45ba4ba32c9ba315dc7549a385d7557d3e1fdcfc250b457a69471a70054ea6a5157_cppui_modular381), - fq2_value_type( - 0x02c3ea9f0a071e62ac2b88251b553a4fdacd0386192dc82653498719ea7f2c47c10e6c500f845d6e49c6faafefbb8f58_cppui_modular381, - 0x02a5f3c7da7f364d5359626d7c91119654b3ceebbef6cb36799efa698ce5d28b223b5f771168194150ee2958b975bfbe_cppui_modular381), - fq2_value_type( - 0x1648bbcbac0518c6305fd738841902786179a98b93bda72978255bc58938ab43c49cbc3fa9587631196633f66830c02d_cppui_modular381, - 0x0acf83e424bf4792962b87067bd29d97c1b6abb53e2633d51dfbb86924de8080ebd1f4b852e7a4c08db06debeb1a0279_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x16d4c9818e0861650aff4041e78088bfaccbd67900a020e03c525ffe2caa69d9b387d8a08ad47899588079e34012b50c_cppui_modular381, - 0x11dbe1269397900f0e7eb64160817bd96cf7ca4dcd2c2615b38b10e79c4168d511db4113984417f3ccefeab868c061af_cppui_modular381), - fq2_value_type( - 0x167296f59ac1d4be32d7febae0f261cf4f95588891df8008faec834f028eb6ef75ebba3c0e778522b45b7e3a4c1ba656_cppui_modular381, - 0x0e31ffcc2f2d317a0c84e7aeb2a9f2f507a5bc398cc8536d3bbdbd0c489c938e88414b0b30e7477cd6bbc57be899754b_cppui_modular381), - fq2_value_type( - 0x01921fdd165f2d604dd9126dc6859f513014445cd17bf5a4ca35c65fbe22ab8fd5f1358e60e78e367c114df6f56decf1_cppui_modular381, - 0x02c83df2a4fad2f0bd457a524e636a4bb40229ddbae30c5017c4a496424d4263f30ef3f96e9bdbdb8584de2b25097db1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0afe248b9bb700cc566caa87c4e80f2ba98e288a924ad4553b009a77f0e72daa108a91293a23781ca95eaac4befa9ab7_cppui_modular381, - 0x1016af82da70c56cc28b332c3d7e96ab05e1a3c910c17f9154c3ccf5f1ac0e3312f81f58cd40b5441f67dbbfe58943a1_cppui_modular381), - fq2_value_type( - 0x0d760206eb007d7c70fbd5bc0f29de6b85497f1b468ede2a078c81faf8ec961232442e550ec8f09f62e407504c123e2c_cppui_modular381, - 0x100b864328cae15ed7f68f8f7f1e312d116293479c8b69298f31fc1478f232be54b819e15f371c4550b7b77d599e19c0_cppui_modular381), - fq2_value_type( - 0x15e012d1ad37933394e6cae1d3ad4376e12d2ccd0dcf2a01da15fc75bdd559586894e3486932d5c718cc9ab3b0174f19_cppui_modular381, - 0x09c35cf86db16062af544a3980aab2bb5a85f7123306188c32214d231ec69c71c12c9b3f0f3478a8cad53c22ab06f9f8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x041ea2166a96ae447336287c94a6c33ae1b6a8a94a7f7a4abbdebacec447620bf6f85fa50556cf52665cdf30ab30e825_cppui_modular381, - 0x089ee10c52ec4f7256076f5dd865c5b7de2adab17377d2564bb5ede1efcfb33a6c22662eac51eb02cc946f2219ffb5e8_cppui_modular381), - fq2_value_type( - 0x04d79103c67e812fdcaa5e348afaf5c9d6588e087db842dc75e16a910dd3fb39d50bc46b1ac07f1716fc7937703da9c2_cppui_modular381, - 0x12d45499d5288837419e95a22aa015dc8bd26aa1a91e3cb825feb1b98dd9a6d921572fd25b33c3f93bf81579b74b3690_cppui_modular381), - fq2_value_type( - 0x0807a6dffe07f268d70f55d7d9a9a9ad13019d46935af00aa00e3b391d8fa003cb606adb4c80f9a07d8c82d19e7a56da_cppui_modular381, - 0x0035396ff8113f52c6aaf71f8321a8ef6e07ae85675b819ca8581f2668a19abc954b08eb5795eaede8060f8387938900_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0738baf0101e602caadb09708668dda040abe458ec040c31ec8ed63308dd22a3f8b8c7d4452b1ad27593a0b053c589e4_cppui_modular381, - 0x0c7245f72fd0fdb9b4bd3a2ed14ec285d43e9289d239811c40b026d53b453296d7da0fda56618dc0b1e3891340887779_cppui_modular381), - fq2_value_type( - 0x013df249fa027600707ebe4b5bba95f2ca4e177218fb15292d81b8c1a35a75a40832d7508b78f99da1608b8d0fed5e9d_cppui_modular381, - 0x071707c005e6cca4ca6dd8d27a5ddd673cb5a34f9d25991047e399ed94654e8d5c18335fa430c23965578833662fa8ab_cppui_modular381), - fq2_value_type( - 0x1078257df06c9597bf058babaeec318f3b98c475180de46103e4e5a61bd11c10315cf46450a2eb2a6347d996aed22087_cppui_modular381, - 0x140bbad1222271b3069448bb11c5c5d872b1ba874c47e96e22e520f9a4053b848654b8aefd3bbfc842634cb9a1dcf804_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x08af54936eb856de0d785123ea2bad5ef0e35b9872ed23deb69fd7f1311ece79f49ff4be3e2b3e1c1962d94ae95ac2f3_cppui_modular381, - 0x1945e657f32145ef5412d3c375f3afa3c816ea319407a7917582165d8d3981e6be1922c661eb93d4e4d664c9513f1394_cppui_modular381), - fq2_value_type( - 0x00f29356d9f2fdb7d88ac466dc7b4fc566853f100ba905b4f1219a17904bfbd487015b4073c8af81fe2dd34b1d3af885_cppui_modular381, - 0x0bc5fb7b6de53e2a8a225a1c253ded5fd1d3f3c08bb915d503b1e6af7a5d2a19016c817ea897999e28b9ef8093539297_cppui_modular381), - fq2_value_type( - 0x082c2f5570da3bd8e5053c48398fc92970d5281ab70a772c8a0c460e329640b71e406ca067aa9e717471d016a5d573de_cppui_modular381, - 0x04a05065c01db76ec132046115798dad8984fc7d1bba1f0fe82c353ed8f7853a753ad7df9b1f9e7300f33ae2d8b6bb31_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x009768689b88e6107799b48e906156569610ef751b74d64f1d6d8d537d8344d7e4cea4c269376ea2363f94e21340ec29_cppui_modular381, - 0x15cab72faa784a4b4ecf7f84593748bd4671fdda6ff1e2a9e8c447ae9bde2ebbd089e5b174e6913c226f12fdddeb8c4c_cppui_modular381), - fq2_value_type( - 0x0e588b08b331beaadd6afc54242ce9e7712268ac886037e87847fd919b92d8c7834f19438829278dfadb1279fe82000d_cppui_modular381, - 0x0e645c6e86aaab1397cbf3c614a57371161ece8cd9d01aff3cd7aa4e917aedf758cafadde4525c0259957c04db0c2cc2_cppui_modular381), - fq2_value_type( - 0x173baa189f6ea98a1a0d8483462cd4a34777545f9575c693d25277a4c663779dd55becca6e57f48b2ffc8553ab9fe79e_cppui_modular381, - 0x0f2a437a44bdd64bb9e9b87e8d16a3d99e5a3cb0c82e508cc46094a37e2d82c3eadd79b446c241857357d8744d2ec79d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x15d439f18b7b24da43834640cdd75e5d29b9b97dc3494a454390b29884b780c4d53757ac557f76b9fac22c086dc7378e_cppui_modular381, - 0x0d9668854faa9becf78ded5159d863a416d1dd69f5b78b27f5be182fba0298bdc59fad64c10971d38cea238984ef1c60_cppui_modular381), - fq2_value_type( - 0x15abd3550400968c3a307bb94650400b98da0857793bebfb216594411c207f3fe5f124274b3ddeede427e6f91e366c96_cppui_modular381, - 0x0bf1d69b218c60a0b5f195da1b59fdd4748c0f08de3c8a6513ab8cdf120496e7c7effcf3e9236a7b67e17ef3a2366a72_cppui_modular381), - fq2_value_type( - 0x0001bd08cb55c7b178c05399b7b438af900b98bc64f9b7f0ea32f6a6e9c094938407c248b4817a6c2fb15c9774907fd9_cppui_modular381, - 0x18e9444a03b8c432647d60c7efb1355143eb92b87c293619d5dc6814b1b3ff81ff0b5735aa216ecc0d086d7a2f55a46c_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x06584a5c6d20e0af83af47d3bd49dc8966031c1a5ab6e8c8fc861f1b55902f7718eff9235cb16c37fee22e552ba2f46a_cppui_modular381, 0x128b676ae705745d4b0bf3540de1ef1284fc36b3cbb67290160555e054e46ce7d8948e47fb20fa6e56a4f75f8fcf74b9_cppui_modular381), fq2_value_type(0x02bb70cf0812e8c97f2b09bfadb650dc133b0ea651a64eb5a7eab09ea4efa900300f45a2d5cead5d9596006b21a88157_cppui_modular381, 0x0b129d9c8c5f1103fc1541b51c2e6c056e98fbf9101e866c934b0de6c410683ba8a98ab4ea43765e5c5362688260b0cf_cppui_modular381), fq2_value_type(0x196740eca7c5347b841afe46f06a1a45b8810d1e680485d4507cc7f80eee80a05b814af337839eaec5ccf4bec0798456_cppui_modular381, 0x0ef60cfbe532b6d2b201de82de106d7fd4b808f30442a65230420031cd7411ce9ff39f76005ced3db3d2a3a6f44e2f48_cppui_modular381)), fq6_value_type(fq2_value_type(0x198e2fa9c90091d1ca5406f562294fe3a0b9e5990f5bb498f028b321620611f0f1be25203c1ddbb24d560f40779dd469_cppui_modular381, - 0x15756a219430399125e54b7aaeceaf0d4b976f2988b2c0e6f576e9f3c7b7f7c341a68097090f0cf83cfd0d86c9d350e3_cppui_modular381), - fq2_value_type( - 0x154dc2874939ae724c102c6ae28c2e3a866a180f8c02ceee88f2905e043aa3d03c32e27e66d1a229473db8ecf69457e1_cppui_modular381, 0x067b240560afb3e45c8463e9f927f1277cb75390330e7f5930f984e20f8648ca89190ab6035c0e2de27f7734b6cb4a37_cppui_modular381), - fq2_value_type(0x1759e945d499a7899dfe6c47a1212562c0e0c6c95aed3ab961eb249690504de98bdf93197bf37bc91a1f5e7c87609d52_cppui_modular381, - 0x02ee70dff2d1ef493ec3e7fbecc4fcbaac3144a1de34accf304ae8acd18d10bfd3e5e3166d9afb6f041310b6595713b0_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x199caae90d77298fa58a6948b3444b03a96f0cff25c86325930dd2df85d74b87843b1e7cc56698d8e4f1b60a6ea643b4_cppui_modular381, 0x1494a4c52337211aaa590365d23c7f6409b88218d3c926cc89405ae6ebc6baa064479efe6afa705c743fa5c485a1c4ab_cppui_modular381), fq2_value_type(0x16899e194a101c774948f3c5a2bc74c6238071ff6ecf84f9d284a110b7e0a6531b2dccfa01450d48215e6565557e2e03_cppui_modular381, 0x0d171d6dc9db50c39bf770d39fcbee178d3e6cc72b976f97311491144cdf901a5c59dc074baa40fc163d8611cf090e3e_cppui_modular381), fq2_value_type(0x104297fea3b547c24beb6f0efe1852ad06d1dffe1fc617dfe36ac8f038f87d98bda0ccba7118dd2a961c145c4a8fe1a3_cppui_modular381, 0x038aa53fb6a88a9311b69f09c0af2b90d13f9e23922d49414639f9f0b2a65d21ff3e5a971ca009ed8d91c14f14823593_cppui_modular381)), - fq6_value_type(fq2_value_type(0x10f99c01f6769b135c6908371ecb5b63710c965d3abd21d5d63368b9f927bcd88b6fcd796feeca9a27a9c7fec5581cc0_cppui_modular381, - 0x120372109a8d121c2138c40940755a1122acf3e493bc6db34ccbf6e97bb6e9c6c35987c6aa5bb74e84c2abd54485d059_cppui_modular381), - fq2_value_type(0x07bf602d1fc28109c15692160108d4f2c9253e69b176562322e1ac7dda39c55de17a5da4bb88b30ac668fbf461217161_cppui_modular381, - 0x1809201ae5a2cce3ef23b791bdcffffeeb6871e2296254c79306c6c7f1d4174135cd8cb694d2fead2f88ee2031927ef8_cppui_modular381), - fq2_value_type( - 0x0c083963e96ccb03923a53eefc1db6adf6bfc0c92cc8657ea0b1c3dfb21cd5722cf762620f68edf2cb1d29236c4f90a8_cppui_modular381, - 0x10ef87bcbfde5af702ff8928b2d8bb656b590b8d1acaa89a14bc9b4c5d9000fe40af12b2e83d9ae7e8c78e0576cd2f1b_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x0af0e92e574de68843324051b1d701f0cb170c6e03e390d6e9f6dff60ce40df61519629af63027c6eb2b4a6a5e36cbe8_cppui_modular381, 0x003f9c06fb1baa84ea2c28b0f3c8aaf34a517273dbd1784a90b3e1ffee88a3f43451bad392a7bd5737497e1a87f9dec7_cppui_modular381), fq2_value_type(0x139f114c7fc292108d53441f4bafce07cad4150f105c4e88745b9fbce18318ea0a31665cf2ba53fac2a29a0d8c5bf854_cppui_modular381, 0x0a298792082e4500a3f852564930d0ca2e91ceed3fa806ed53f3518c475d76e3b5f4827cdb723dd620829716f7a31829_cppui_modular381), - fq2_value_type( - 0x1322c120e44df964b1244d2b12cf65208f1050e81d0ef743f68b50eea7213c31619b20e7ebfc782721ec0d0a25ffb6bc_cppui_modular381, - 0x1655f0bacbfb0c9fdb6fd33362f146a23cee22d2146e4b794d139f4e4c3ca17fe9aef6520c8e5a6dd9accd5b3a5c49d3_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x14202be4f536a233ef085d72287fd18be6a8c21413b2e7565b39e1745699de70db205f9e435bc16e22264c2487eaa5f8_cppui_modular381, - 0x09f337217faaa4ac49c5f13bb6c0f495261aebd9c3a6be4a1cf4b4e2544e5097e5c1fa6cadce98c044a2a50e31a36586_cppui_modular381), - fq2_value_type( - 0x11d89c77ece239c72f4582bd8a3cadda647d28a4390e281f6333869a733be304e6404c1eeebb9c510321aea854a5eea6_cppui_modular381, - 0x0425b0f614c67bee580a358b17330fd9f4383be69efa79fc4ddc62d47220ec9ef89ca2537d5c6334f7d50aa6c86f6819_cppui_modular381), - fq2_value_type( - 0x0ffc20aba78fa6c638ba31f9fe44126202fd37dece3598c85680c7b7b8a87c4921f99a70d0f595725433d17e74bc11ed_cppui_modular381, - 0x0e33dcc151a12aa89d179d5b79eecce5f624b7bc4ab63afa1ff8957afec17ebfc756f71136279c18b1058b4d7afb12ce_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x154031ce4bdf117de9d46d75a4886f1745d74bd0b7c9f4fa651b56471a1f0d97ad1edfd9f8eea426eb17c2c8d7deed45_cppui_modular381, - 0x16d75b56249ea949dc59438b063b1bc6a12f5fc03d9997e0e02bfb6b8c400557e723bd5e57fb78802c606ee4a448e832_cppui_modular381), - fq2_value_type( - 0x15a9eda509a1ff96507bf24d154ad52c2bace12f3f48ae6b2ea834741bb8bce5f24237c5f2c2e4e70ec7de0c40c6f77b_cppui_modular381, - 0x0fa8d7899ad29e706e5074e05a904c2783bfd804bdc531bbda7ad68b47bf3ce77c216c2761425fadbf1716a699e9e99e_cppui_modular381), - fq2_value_type( - 0x016c3df57b100288f04627e9f3ed8855daf60e70da2e2e1a17889c24a27befbbd0881eb482fadf11703d94a1678d598c_cppui_modular381, - 0x159abda015a758d22cd05f5b020e6fa44aa05fad71bcd54910356b196402db558d2ba98ff13987d3d7e191a4d4be511c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1515a5a45a3e4d523d1ba9ca173f562b7911052f1014eea2e4a656bad2290e04b2f2a8747085819ca6d9f093f79f1a40_cppui_modular381, - 0x04cc8a33bb550608a64c67fc6f3a989d723e305af6965e919a6f74db260902dd01679c76c982303031a8e5a6504b8990_cppui_modular381), - fq2_value_type( - 0x1347150944ff18f8f1458264fec476300463df235cbbaf849aab64f0e45a42acd7d6be55fee6a7f440e272a096b9c941_cppui_modular381, - 0x0fea7ffb7e3fe1e7f1ffdc1a54308ec1800f85bae62e09af72a3b254fa5b0ebd5573add843d476df9649209337ba2342_cppui_modular381), - fq2_value_type( - 0x0feec2d5e01b904567d3fd849f75a5fcd88599667a4f6fb9feabc62d8780af6c43867e7f93fc6828d5f91bd150f3c87f_cppui_modular381, - 0x0d6f5112ec236a822618f3bb097ac2a6b601656710137494c9b80490fc0af3972f2ffde0e53e8dd90cb28d766ff2373e_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x044ceaa25c3328472ccf4f55841bd07a847043f68e72e362347d02aec4aa85753184b79c5b8e2ccac3ea116b40a154e1_cppui_modular381, - 0x1276606e95633e39f83c6152a756ca2ccc4d2634155b411d9b1cadfb2b7d0b4d2c3aa33681030d67881f6de6b053b1fb_cppui_modular381), - fq2_value_type( - 0x00446da6836a3103d7ba66e17e743c67c9fee20ad5f0b54f1026c50c4086b5e8a1a1bec8da6c1acb55a7d5663600d07e_cppui_modular381, - 0x089a231238147f063179c1407c92e4d30c37082badbdc4641e749505c0cfd44a96a0721231b2729921d45566927c3132_cppui_modular381), - fq2_value_type( - 0x0100de2369ebe5a29708d6daff191c853f65b7b7d8b715d17fc8d05ecd85fadcff900cc6dafe315f354ad4fe86664ed6_cppui_modular381, - 0x06f980b2abc16964345c23016efe9a0d5b902d5dd2c6c911d50ba338f41012e35d64667b10a9468a187b879c8b76bc7c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0296f1c792f68f61e77a7d55572e8b64bd13083d9f8970dd3355e2940787bfa4331c7057ea2c9863357d49679f61bc71_cppui_modular381, - 0x11cb86de82463894d5e7ce5536473db8acfc596085cf85c298cbd7bbd3795d9499af8b52ad71086d1893606c13699f91_cppui_modular381), - fq2_value_type( - 0x0e4eb9715728514a28a9123c96b23483a523fb0956aac97262fe327b6b19adefd2ccc2083434aa0c9b507ec72c691a12_cppui_modular381, - 0x09fc27fd3dc1296ecc07614200be0afd77a26f50270f64d534fb4a429a23d05caa818408a329cb25adbdf0a7e6d2b148_cppui_modular381), - fq2_value_type( - 0x183f4008b7c9bec94ce4b8c0719bcc1471db5f1073a0b9b607ea808380aeb54655c0bf083edbaf6d0b2c169ef41d0ffe_cppui_modular381, - 0x0fcbe0415ebf79e45f5dfbe4ccec9771c1067eef60c1e7e4e760c9eb0c9d8a5b9a20ca2a0722ce8f990ee8eebc5204c0_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x17daf739b73b404894b845d40e1d6831d71e39643ee778996b7a3cc37c607544d04caf29173e790191729753db4e4d54_cppui_modular381, 0x062f708b0341fab4429ce3fab361e95693beac585ba2962531809cd7dca1e894a49e3fb178ac85fc3c48c09d53d26a38_cppui_modular381), fq2_value_type(0x0aa322168abbd4051032ebf60fd3ebed1615bb38df7fffcdadc492be85c543eef88261682193246c7a390f2289fe3e73_cppui_modular381, 0x1889bccb1a2272e6f0687600ec46f62a1f696058d91fe8cdd3bbdb2630e58319e8c1ca96c49434b082c2ce0c1d476f29_cppui_modular381), fq2_value_type(0x08aacac980e86f5a6b23cac5c2aa6d6050e7ad9eb52a9b8aefa1a1aff5adaff1a78938d7e6810f201a398ec2a48cbe2b_cppui_modular381, 0x16a677791e7515b77710b80aef18927dcd826a44dca508f03154095049acab12b1d0cc069e98c6acda31f4dd13d34674_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x066454606a954a3c3b15bd4279adf004c462feb3f2f88eacb175ce1e1e18264f23e77bc1bb1e28a444b2e4cda7833451_cppui_modular381, - 0x096b3539fb4f08e948afc398f6b4174a1f92a6614a2089678416083c77e7f618cbd8389de670b22d26183528612f009e_cppui_modular381), - fq2_value_type(0x013da953bd3edb1bfc80847d7679cd7ff54f56393b2f50dabb3b8f9d997434dabdcec38ac0f7e92a7e8ddc985bdf1d55_cppui_modular381, - 0x08c88cd22ae99a9af6fd05c5863995b7aef8858cb0b59920d946d0bcf13673a96a178c57e2a9e556623fc239e5c54e5c_cppui_modular381), - fq2_value_type(0x1768be79c1cf4156cf950401d20cbb507b3586e18e4c168149ce78787eced3fba5b9f8afc07ce439c70b9e77f79df945_cppui_modular381, - 0x0ad4a3c6303b74cb15018ef61c0dcc5e7770812df865d37fd7e957ecfada77d4b0165201309a60affd8bc6d77d0e939b_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x094c04de2a8351e801459f65d8c97d7ea94cf4ad67fcba80082aaf9fb12dca1435717c0e0300f14aa773efbe6e5fffb9_cppui_modular381, 0x1961a7b961ba4a0ef226ea083b6970e09d589dc2026645e1eb18b48a12d528b468633b33fbd34b7953d55a38f6e8a15b_cppui_modular381), fq2_value_type(0x1811a498a3f949fd9327a3445db7bf19cdcf448feb599e5c5dd23d5f946a5f6178abb231d1a9dc51c30d07e7c45e1896_cppui_modular381, 0x002022d9c084dac31c2040666a5817d17638be6d015096a488f33ce7c4b07fa7192f6b4ca1eb442ef6e9ef6d1e5c4570_cppui_modular381), - fq2_value_type( - 0x0c79a244305fee7a046cb8bc68ecf3b6c309d686acdf6fe72edb44b3ba341fd46cfd008864a6a44d9a8b69a2801974d2_cppui_modular381, - 0x07b65699836d57232a00cc6144058e24f80caea061cbded34e90469935f3e2892855dd58f9dd943c25f93dd6738cb562_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x03a36bcf8132b7714ab14044be8a3e29a25ae79552d38f290a31cbdf57327228459079d25151219b08151bd2a739d066_cppui_modular381, - 0x18cad32f0f640ba3a48788aac850f02b4d81c51e1854ab2d5c805f5315f7d745af07c75a76805645e2365e6e5893352f_cppui_modular381), - fq2_value_type( - 0x07f5730b8a2b909bc7b70d9615c3928e9a6a5f3696116437a6742cbaec4c81fb609971b848b79daf085811734d69a49c_cppui_modular381, - 0x0f15c36bf7766413d2801e3726fadf0610e3359a6bccb5aaa6d40ba66b333737071ad044828f10a78feed196e0d9dee4_cppui_modular381), - fq2_value_type( - 0x0364a2e361136f7b3c57982ef96a443026d8b62243b42bec6600750b75a22baf5cca57fb7c0f855874c8caad7c6714aa_cppui_modular381, - 0x08c3ee8d7080d19d87ca49424f644ed620e31e47d5b7867252421740a3f7740c2f3b84b281482c64d75583ba7ae1e512_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18873237a5ed21cac97d93162f22444c28a795652b1e5bb676cf4f5c4d85cb28f40c9f8486fef24a1ef8ad22eeb96012_cppui_modular381, - 0x0ce4080dfcbbe663677838889f6a7e9676f5331c5f5a22b4479d2f6cec9404f9d377cffecf6c2b415bebfbc3bd15a297_cppui_modular381), - fq2_value_type( - 0x00ae5e1e9a7baf6decc11f0762cad8b03edae65343205f07b3e73f0227417fa184eb5b799a524fc24dc0a881aaa004a9_cppui_modular381, - 0x1655cfc8084c9f9a460b52b1c062e08d99a0d99e59df69734591ffb0e4924d283892220f25b86c20982be11b1494afae_cppui_modular381), - fq2_value_type( - 0x01420dd09785b2bbbda21d0ad66e70260a16a647be0bc0584718855ddbec6f67c8a415981d7d834f699c2c5447babd6e_cppui_modular381, - 0x0bfa596b2b5685cdaba67ed3b8a0bfeaa1da01ede2046c9182fc0473dc85c2d1cf5abb79edcaa943d2cebef9b564cbb9_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1917bfc611ea0be1235d62ada1b6c9b1427304989b68897277689a39c76df1b5735fb00c68e722b06c490710581da6e8_cppui_modular381, - 0x0a36e3095915477f5575feed970b99190baa3c25ff4b3c2f822b8fe03772a5290bd9434ae130df91599c54ca107d530d_cppui_modular381), - fq2_value_type( - 0x1559b7ec780f306c491dc8518da6c94001dd7abcc6e44edc35cb2d9b599cf8420391376850e8ebfe5d468dab410e49a8_cppui_modular381, - 0x146024d7ca26e8f5e47cf37a1bf15df96e9467d3cee9cb8b5966b8c27b8ac5449a5b147f17e7298a5b50a9505c087922_cppui_modular381), - fq2_value_type( - 0x14b6d5a7362981bd18df9a9fce3adac79f156ea0151c17cd679ed8edbd48ecde2120a36a395af322dfa13f2ea7ca28e8_cppui_modular381, - 0x09ff254b6d12544f4a45417739de4729c303a8ef56adab5cbe2ad10c5fa13eacab39bec326948caea3e9b7cebc5cb04c_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0d12d2bee01ac5b64527ae0dcfa4e9a0d3d9c5c287286fe19f16610eead64ce64578a79f163f36bff3578d4ab22253bc_cppui_modular381, - 0x123e6bf487e3c0bb6450c3dd5ba9cd86a3170289eaa7c8b2ed6fbf5ac225df9ca696f52660c65906a5f27250a42c5434_cppui_modular381), - fq2_value_type( - 0x07e5c3e380cd818f49d88911d2928a50dfc8f6cde5abedf545d2fa2d9b5d98879fbe2925da1839b3c1c26fd6e98198fc_cppui_modular381, - 0x15fc476ee64a98b6c2109458d886fbac425524d15e1892b475eacb7594e0b3a9b36571f1cfd193c192e1fb8a559ff600_cppui_modular381), - fq2_value_type( - 0x191bbeef154bcd63eb073954a2fef00c81751d53754d9e036d61aae4e4f6b98309e480d18bf7c0fa5deaa7e7e07602d0_cppui_modular381, - 0x14a6ecb4ba5a34f8a9356b730caccd695a34386a9a3c1b6ed3a007d4b1eb74eba44e2c1410759a22f207a4ce230d7274_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x094adb5c3f51e229e126ad531cb6be71ef60b085a4b8cb27ae9472876d679388382704e6900fcded60bdd0b00632ac34_cppui_modular381, - 0x147e992b04b1a5dbf217397069d64bb962f405cdde58de385d29fe059974d6ea30ce75c39a4a356ba79715329396b6c3_cppui_modular381), - fq2_value_type( - 0x1057d1baab28b50da5eea462e3a99f443154188ed2269578fa3b18631a85b0456de41fb8a2f2cc196fee35c057ebe116_cppui_modular381, - 0x16f1f382fe6e979707fff56f6d29d88ac4773722e14bf135eaeb608389f96c5d60f4b7a4e5ca0079b9d6b6a6fffffc3c_cppui_modular381), - fq2_value_type( - 0x19bda9502645ab7b11b465ab6ea91022506da45398a893950b8facdfe066add136b226050a6f40a24c43c02dfcb7b27c_cppui_modular381, - 0x14c056d0007ff2b534e0342e2fee914797b939086fc591dd3832f0b8306b65bc4dae72c94093c300b1b37b8ee55eaaec_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0d1b0fd60aae3c8723a2f24aa5d6564ebde24c4bb4814ab91e8e5811440991a1a3e3cbfc8e6b8d545db53dcf588abfe8_cppui_modular381, - 0x15581d9e64200ebe120b13e0efba6d9ce0bd52042cc24857854b9e5da2fd9ccea07c2deed350387058fbc2caefa2fd6d_cppui_modular381), - fq2_value_type( - 0x02336eabd86f7f354fd6d03d33def5af788b1e54bc168b21751bf47f3db3a0fa4ce2801e2a72d841cdd66d878c065ae8_cppui_modular381, - 0x0d7a52a07697df3fb93515af565833f57a0b565a0e117cc805d8f271f9072ce7b2ff14f31b8612bd205f71db44aa263c_cppui_modular381), - fq2_value_type( - 0x0aec958e7d8a3da598a8bac814f3f016b850558559bcab4820a4b05e42bad24ba494f413f5a3ac13660221ea244fa913_cppui_modular381, - 0x0b5676c895f1d918f1673c3456186fcde03ec2833a312881b8a599131f8f30f09de7dfdbbc20d8430bff3625716adcb0_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07aaf431c787b4618b5298a4795e3294ffbab710c930df7431dc858e3df1525581bbda2df9e635e8bd4c5f1fb3afa467_cppui_modular381, - 0x14d9d60673ddbe2ce35969f3e4dd0c34211ad33f2b0cafa0ea696698f410b44cbe8c2db66e6a4031b012f755659588e9_cppui_modular381), - fq2_value_type( - 0x153ff3814e5c5e5890da40746ad9e978cd4bfc14acad0d7b1de0ea0696f5a47771dd201d34d7afd4ca5f0bb373c3fa75_cppui_modular381, - 0x07eca38d6d755370adf94f735c689055732461970d06e05e340691e5a8fc6ccf0987139a7c4f37b3d3df3dcf10f5ede4_cppui_modular381), - fq2_value_type( - 0x1463ddd2753760074091fc716d05b494e3645cafd369cfc8cf3838cfccf20a62692f25cb6fb03b9ae793219ff2f9515e_cppui_modular381, - 0x1944ae53f78633abc6e1ba6e72b7a7ec07c98cc5b375ff24bd49265ee8064439eb1c412e01cc11a69e46ca538a03e180_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x010443b653092d8da7f10f5eadea1a1a62e58ab1253d751562eca9caeceafbd9882d2eb59223481cb6c084b98f75b18c_cppui_modular381, - 0x0c52f059b37756845296f0cb851e6129b319e39be8416a9347ea04d988c4b01652c35595d426fd3827258152519bb4e9_cppui_modular381), - fq2_value_type( - 0x0898b8669612d1b8254f184a5daa62effc7634f073a49fa1b9787baa476786185fa267a86211e2a47c17f5503e6a9914_cppui_modular381, - 0x01280310c7d084ffe6edd14fad7d18e2f12b324afa98f5253e8a4ba766d5355beec807217bf2f5348b3f52bbf404295d_cppui_modular381), - fq2_value_type( - 0x16d2113cd7a2b5bb2f0b42e1118d93b709a8d67d702fce8f2fcf2e7a91e03a211910813c81d3526b76d32bbcbbc1c04e_cppui_modular381, - 0x07a5ae033337f3b92f737756d9d8442ee00272909b3a0efa5f3f20c58b5dd01d7fa9004a9cbcf639cf91a1c14faa0ff0_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c5127e214318ca34230681597bb0f09cfd78953a315051523b1e3f858db252dd71ce1fc62361aa9243b6efcb4bd3bb0_cppui_modular381, - 0x04e01eb8ec903ee97e7cbdcce3480718626428de324bd64c9c71403e0a5d556dc42fa41bebee25d82ce30662ef682074_cppui_modular381), - fq2_value_type( - 0x0ad786c2835ef95e9bf5337db3b6f8fdd617a00595c08ca16bf17777e967072de6385a237a011224abde5f259ec93a73_cppui_modular381, - 0x18846df8cc0001fd6ccdda949e1d30c750221242a2c27da0b3688b17b67a848a41b36e5c4a6bf6598766d65493a62a09_cppui_modular381), - fq2_value_type( - 0x078210cd7496ab064b33c7e075c05ae43e3dca6811d99fb6d41dbc0b4f46a82911bef71cc38710d258e20ce7c28154cc_cppui_modular381, - 0x15841113b718398c942f90667af358b2f1f7aec321fffaf4fcefca9cd7a4961e468336badce9162771f5dc10d74f61b6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16a7e8d2945755151d30d3cf2a0d9048ac59502cc5537169e9ce1c392849136f9721555093bc02bee4aa7426391e3457_cppui_modular381, - 0x119038f8b34afef6fcbeff5a49ccad1ec36da65e68a887cb8c5f33cf4f7a02b9359b809df0982463838a6b43824fdc69_cppui_modular381), - fq2_value_type( - 0x149958a008cbf7d7e5cd21d4abdfee62092ec2588714ddcad5a6bafff5cead7f7951e80a40b92c1466e7d1d0a04081cc_cppui_modular381, - 0x02458eb21383dd0ba8082b01900d475e0a5191cf3fe57f63c05261e3ae4013ae2570900386a77ea49626c28495d852ff_cppui_modular381), - fq2_value_type( - 0x0f5c667134b343cd05ab78ea2b49a1264b9bb377e8a0de206c9e932fb0715229914f1d81eb6609929f32cb61475eb984_cppui_modular381, - 0x10a1cb5524e8c73856f8081431323a6e1cdb8809fe753a78b2be2b7a122eac0d90027f21929f0b3de6aabf81fb8319af_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x04c6bdd2c4bef0faa1a536f2db9e1de1b63b87d7d41b67728583e190d67f140596316539a4719d99dfd7e4c58b0e15d7_cppui_modular381, - 0x0c2da023fd63cc4a46f6c1eed2210d40f67f2f3d70143d165e8c62b95b573c57858e2b8fd4b255743463c4e89dc24b71_cppui_modular381), - fq2_value_type( - 0x0ecf23fbb64f43e54c0d150ed81e192539ffa05be9eba1b317f244f9c3458403db1bb32f5bb64dce3787ed243c227e87_cppui_modular381, - 0x0d2a11cd13487f988b76b27594215d75359b388a47b2b37bc25bb2b78188318d69e9ba98ddb9616baf89e548981e3ea8_cppui_modular381), - fq2_value_type( - 0x0b093b91a7d1046c5b69d673fbbb16c5f6ff8ac3ef420b9b3f89ed40ed97208ac7949ea3ccb31f568bebf01507fe8f95_cppui_modular381, - 0x189a2fbeca18a7c39881330e522ddcd1b25eea965ed5a4ab73d720dbfdad1ed2463560d4296b1ecf58bd05c212d6886b_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x09f4b8949ce57f93b628ce81fc12c3abc3c2471fd953367e5586eb183d7ab776bbaea41de7dd1a705867c06bca6e0485_cppui_modular381, 0x0e5008627a9fb643c244f303bedf1926edfb5a77afe8a33b3f33d4b4971155d2b59d0507c2752e723df9b75173b5aad9_cppui_modular381), fq2_value_type(0x0425b538e9e7da61271a7d06fb865e69d86ce8691bdae04f9789d0b22fc4298b2cde8f0241b5b9c0d635ac6ed9833f77_cppui_modular381, 0x163c56c38978149ab1960c0502036823daff6c622bba5fd894698a7e09f236e89c60669cad46787a5c470aaab397bc7b_cppui_modular381), fq2_value_type(0x091dbaa99b3622707a82dd8b19a8878985021cb73f70f7d2e96b8625bb10d6a27d20cfcb355c28ab633b34bdf5f02fa2_cppui_modular381, 0x02cd8ddf7eb45a94cafebf401fd6076c64bf7e51ef613ca37e5d3be9acb8fc7bb1c68bd9a59d3c044094b93e1212b587_cppui_modular381)), fq6_value_type(fq2_value_type(0x139a2955225fc994912ef75532214c23f95fc00f432e8ec62d5475bbd24a814cdb94edb5a5913aad8d9792c8d9672d8b_cppui_modular381, - 0x1760cd2b408d98dac5d4e6b8e56f2ed20b7abab437e1da3fcfc59f9a681c74e90f0e29b7bff6918dcf4bdbd80e3f8cda_cppui_modular381), - fq2_value_type( - 0x0b0210f4c02bc1ab42749a00a38fb19203a813e0a4b407c31255451095d37b1a73c4fe5cc57323842baa4a14d6068feb_cppui_modular381, 0x01ab8cd4f72a52baaf1757fe3770c5e092d7cac3be7ef14c0d4496b20af3d8d5e4129f6742e0726b4bec0cd2a159219b_cppui_modular381), - fq2_value_type(0x060ae34a91c22fd4dda9790717ff0ca146b36444a40a83a9189c6154cd7c747e1cbac015f4ec749612a58fabf2e42653_cppui_modular381, - 0x0f21b747b6d0079c234bdf0dbe0b070d066e0ee48d26201dc9d8c7d6c8e6e65cd9fd5b42535c68c1020a438fbc92e8a5_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x0383401d70ee979a2a95632f31a9dfa9968fe643d104bd8327b3eb7c2ff1f23bd799844e0f3b682d46fda2e556b68c3c_cppui_modular381, 0x1686a68fc0a6b62d8d3d028a34ac27b99d9c81284e2e13a4bf4b333b376f6f7aa81222fe750f4a1281dccfa66b683cbb_cppui_modular381), fq2_value_type(0x137ef24e6aaec4eddbad15c747acfb508dca590d94cb4847e55299623097d7cdbfbad1c00b8d7a9ed666b1ac9c6bb4c1_cppui_modular381, 0x0fe3d75592f1e7237f427625b31dfdb718b78edd4134e697fd7518098d452d4569bc1bd0d9f82b9b141e3f795dd7d9e5_cppui_modular381), fq2_value_type(0x0c205f7dd1121060d639e904dadba233b1445d240dc494376246d3a1acdafc26fde1ac82470659acbb472daa623a8d98_cppui_modular381, 0x0dad634f60df35dfdbef583d94d1d0b5efd896910d06616330777264aa62a082ed11f7137564c8a81cf2b1fa071eef49_cppui_modular381)), - fq6_value_type(fq2_value_type(0x1349b2abcb8159568adda2c3067b897beee0a42933feecb6471b7eff2465ee1456c6b0f60468b299ed488d65f7df9388_cppui_modular381, - 0x0f13684422bbf6714450c96ffa9dacf0cb81b53066a288b3e17336f5d1b92e4985d08608a3aa169c5317b4b5f7d278ed_cppui_modular381), - fq2_value_type(0x0caca4623725d01ab43b2c8d835f63d76a42fe52117c75c03389fdc05cb9360c980721766083aadde649363b46d14d7a_cppui_modular381, - 0x019e9514413714d262095d572fea608bfb3bc1a9a6f4e333b12db962d29e43c36e442ca6d3f78bb5b82b0026f0d3a983_cppui_modular381), - fq2_value_type( - 0x03a4e6b13ccc8000a1957432dfa578d3d529736c584b7fe2d7b46b264cebd7a954b20f3b4543dfd36ffcaee615e020c0_cppui_modular381, - 0x023f270f89f962c820598d5b56af95e8d08eea18db00bc78cd2cbc0b8af13f7089695d1668784784f6e3e37cac157f5f_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x14d69f03fe7c909b61e59c538f8666a523f74a1172327b878f6666562c65c15b75481b8fc940f5600e67ec1fd2291c97_cppui_modular381, 0x122b4f54741d74747a01aa5b552a50f1952c27086255d21c6998e9b340239e9a9b344b6f4169ab75dc08764777e1c9f6_cppui_modular381), fq2_value_type(0x00f90b248d044f5a01125bc54bbcb581e091a288be9de2619fc2a17587affba4551199aa2943d51d42127b174fa8d3eb_cppui_modular381, 0x0bc93b870e4ff73dce9a0b1b2f68a58244c96b44897c79f0bd37aa28c80444d063b2f6c893ce47052028bdd92c18d9d4_cppui_modular381), - fq2_value_type( - 0x1508fbea2648360d82b97e76559869ab8040e07d9615cb29ac1bd6dddf3525ce53e4c2934ba2fba7007087e6e6374097_cppui_modular381, - 0x09554b997e20579469e8bc8f88674799cfb12ce7fa5b3fb5d61adde714b09eb6ab139c666eb3876b1cd05adca05c5d4f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x14dd3fcf582aa58cd78cc7dd140024910bb9b5c8f58265dcaf7f3a9cfa2d5086625cd5a281fd7d856d0bb1e48a39dc70_cppui_modular381, - 0x0c2815eb4559780068238042ba2e4dc9bafb2253e791a7bb5cbb744a796d84713386d5cfc59989e1e42757a9f6f06b5d_cppui_modular381), - fq2_value_type( - 0x0eeea36ae288e6ff0581b6c419a9ee26beccef7fef44f24aa6c0ca318c1d6d5d9b59489aa90db2415e9b1532573ec01c_cppui_modular381, - 0x06d12827f353094726edc27b1c9b69844701c6c5fa221bd022db466988befeefaad4d2a9a50bd73608a960680c31511b_cppui_modular381), - fq2_value_type( - 0x1961dd4e1c3cc85d267c7e5996b4cfe64cd698f51c1a156db853433f5741434b523e86e5d08616bba5b4f8832a29de36_cppui_modular381, - 0x036528afbcef565a56fe049cb83a783cc2bbe0d8c39634389ef28155d087ba47cf7e19ffc7a0c595d6876457f412016e_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x157252235dec81da0a495d148f207ff49a0d27869aa533a94c3c4c3924648f3c03683997e84c4aa9ad7ae5b4b6158af6_cppui_modular381, - 0x03ce7c00ae439c351151aa9bac43d75f1a1d67983c373b2ea9d35a2966f1575fc4f59570aa246a004d331d5309c0e94b_cppui_modular381), - fq2_value_type( - 0x001d7a51f935f79c80e7bf5f0973a551616338096b73c299bb59800c3c961a10937b3603f41d20475c76326891046563_cppui_modular381, - 0x07651f45d6cf69e70af4b9229a6f74d8d8a99411ca1d633b1ee25f64ed9484501f96de0811226d0541969bbcb5ecea00_cppui_modular381), - fq2_value_type( - 0x07073970fcb4e3e69fc0a3f544edcdef6e8418fce8cc592bbb3cc2486e981b0469c76db6134efbb5c9fb5d09087ef380_cppui_modular381, - 0x0a23acfa75ee73cc07069328e5d09ee02783cfc2c48e55f47daa381469ff3f248235a59519e0693c0c2e7cd9f784ddf6_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x05e4ddbbdba3414f159c51bb7d88e8deda28ccbb4ea22b76a2b5ea6087b8b89d8af358eff0eee79fcb9b3972d51f9cf0_cppui_modular381, - 0x0ea9ef9f652a39a99afa597c211fd8563f99915ad478b779c928fbfa48778f099038d3ff47a6cb307ac1e41dc32b03d0_cppui_modular381), - fq2_value_type( - 0x136eb14946ac90bb0e9fa8855d147ea74e089f09308b69e14325ac90e7683df9f308b5cd3c2556d9dc2734ee9d308c28_cppui_modular381, - 0x065c08c4eb0e3c2de50a7371fa2d4b86355ac7c5830373db4d90ff1f6053d2527d4884793c689fdd3433d71446cfea31_cppui_modular381), - fq2_value_type( - 0x06b3481e7e4904ef6c4904f3271c536c955c084b49638d01e1786c0facd490c49ef13801b881ea1dfeb46980d91694e8_cppui_modular381, - 0x0f1d3d1895d6d301a373fbf667eac97fbfbb32a472c98e7ac3b20847486063c15a9dcba16af862eb61d714787a691c7e_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x006d5f306b474770dadb37ef96ddc9a11e49fce55c4e2836bb5c24aeb9f7a9755af8097aca4190809e579989302bc26a_cppui_modular381, - 0x18268851d5de23f03f4cae626a3332dd129f56ed8dcb06b34ec9dd65eb28eaf4fa622d53fc1655261cdf73da3d5c5148_cppui_modular381), - fq2_value_type( - 0x04dc2ee4ba0f5c554ce712ff9625f10a3976ca9cf4e406641aca2cfed24a7f43ba3716c0719f0c96647e19d8dbc348ed_cppui_modular381, - 0x123c833851a5267031eb586285d5123cc1a6a259cbb442f4dee46abead3652d8c8e0bc7b02a72aefde0bb11b58e359f9_cppui_modular381), - fq2_value_type( - 0x13de3ddedf20e649a2a8009f73d7c7cd9c2dd409c02e26d11b3ef4d4fdf5e6916047b48c494c55b269b007985969c7f6_cppui_modular381, - 0x1504de6c8bde7a743f4670ac18705a2d2f92db0474100b0b8d83cba5ad1231a93b8e7cf53e0725973440ac880a01d47c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0cec7183c040e13938c9af3efe56b1d52249b40dae5abdbf6839c4ab603a85d2c567344f7dbe80f67c142eeed4f02acf_cppui_modular381, - 0x184cae7426d67b6f6690bee00a9c7d86b28fa87d96af297a4fb1522d85d91273ad71ce6fc63be593661a3add416004d8_cppui_modular381), - fq2_value_type( - 0x043975fd00b8155725802f6fe66c26da30974ad50bf1302de5fa42a2c695962d26ae9451ffc10cb1bb1073b08c3a46b1_cppui_modular381, - 0x189d53fcafd148650524590749b7e92d083f8d0dc6acc8fe10dc76e2d65758125f31674a8d5fe05f1b9e453a1da5739b_cppui_modular381), - fq2_value_type( - 0x012b3de04edbec5ade5ac3a2bb974f6a6c9fdb8a895419b0a0a9b153359c011fa68b92510ec4096d1ec96537e17befe5_cppui_modular381, - 0x109b067c2e2672d1353ca20b743bc97c81af2f64b0e36daa6bbe3e4a7a4083867b0b74462dc5836fb901a13ad4a1d59d_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x177fa509fbb38841dde81a3bfa63b725f107071f31571a7e1f73eeece14b20bdd81577cfa0e20e3c4b3f08175fbaf176_cppui_modular381, 0x13fee217f19c8c5c03a20a7fc1fcb0eb921a499bac996ca810f550b8d72c24a09a8eaac19a13cac926b3ed3bd789dcb2_cppui_modular381), fq2_value_type(0x18ed93310813c7f1a549af1b32afbf924dbbfb9f3d66f75643773b77597d51d5f5c0c045e46459d4aad67702b67f996c_cppui_modular381, 0x026dc9f38d03a4a68bf07c0fd435b6e72afc3092c1dbd23b993d3445517bb6fc0ed74ecb99eea0819895bc930d119392_cppui_modular381), fq2_value_type(0x0537cbc113176f2ac31f2b1936a32bb4e6fbcab949411c77e8267779887f3ff68a795f8cf462a8fe536ce3696d58b456_cppui_modular381, 0x04b718f42c75251da847fa8a60d864b68fa03217dcaf7308b8f25d2c79f937bf2b06f5f9f344da079fb040667b8f691a_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x014b36005a296169b31e1d291c3ef4c009993dee6927691030ace7436a199c42788a271b83493b6d0f8f158ebb72bdfe_cppui_modular381, - 0x0a43042562b84d60a88b3a49f03f309a612cc1a5ffbc0f38f49bf13a23318385c2dff00f2018f9f8e4bea628dc4036d2_cppui_modular381), - fq2_value_type(0x04a82ca72b3b8cc74b13b62d0f815263ee0dceed090a73082e915a936846fd20977a0d82c663196cd773b09c4bff0ded_cppui_modular381, - 0x0b2d0c0effd3b2db83760262cf1f29fc791ca63d95dba662ee7e0483e9d48c87e708956967a56eba5ab4c039fb67549e_cppui_modular381), - fq2_value_type(0x178b986381961ff531531e485dd0ebe428cb7c2a599931fe830160406ccc1aeb9adc6eb884d24ca65f9961bf0264cc07_cppui_modular381, - 0x12602873608ff64ffd37f9f473b8b1bad8d0d790d5a44ecd4a0fa9540d85eb4e06d8e84d178684d1ef02dd86a43ab52d_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x0c60a39239083d40eb8710c7caae10e02952734193e51c362047879eb4d68f9f3263a4c395aabe0c36fd44fa25e7de9a_cppui_modular381, 0x03a72839cb6a39f46fa763ca017e66349cf906dd68a6c6608aad5c396b35f7d03edc569b18a479b4b367f994dd408019_cppui_modular381), fq2_value_type(0x0ab34d95c400220c5a3da96b5b3551ae94531c64ca722b5d16c515e50ea81a7206c0270a6eabd59f3ea8a03ad59cb2f9_cppui_modular381, 0x17c304d7d58c002f71e199a1d18325173901367409a6fac772b5ab2fbb40f0bbc319ef87eb3c2cf44cd6a0e62b957519_cppui_modular381), - fq2_value_type( - 0x184baa9478d6b2b71a0ff476424d30b55f2d02f38ef629983238344e00baec9dc9da0050745cc9525cf597c09b2fbd11_cppui_modular381, - 0x010d046de543904f28c47897775e3ce7fed7622c42b1102dfcd0d11b2b9015576d8a2c5fc88b412f4e03b4bdaceb30ab_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x01f2e88adcede8f70d40931a94f310d9cfa39e90d9ea9fef81e582bc267c7bf14c4a0bd12fe6433f1758e3391af84987_cppui_modular381, - 0x0f5e62907df26c42deb8fdda6d2a6840354700853015ac6b5888c16f1289c84ed477626831e9c3c3337ac0f035901784_cppui_modular381), - fq2_value_type( - 0x0e24b4e3d6ad5d0067c7bffa7d1f883c790cabfb4e3c348dafd734fd3d42b765548080d132d75eeb910d13846d71c8dc_cppui_modular381, - 0x176cce68c59a86c1ed636f85f5fcef7f9130ea6d868b2e68d3c75279780568c6a575691099af9b8d7d98d1d0e4dea06a_cppui_modular381), - fq2_value_type( - 0x18afe2d336a530d9b91f2772ce7779fb0d6c13866ae613f68388ea0853b2b5a04db75cbbb93f9e6219e0bfb28c38d2e2_cppui_modular381, - 0x0be7364ef7fe506ed4459abcec9a556e6457e2c82af2661b6d7257da54edda27590029f75a79b5070bb572e2c9ba3d15_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17dc19aad3a8b97738ae33ca717e506f6db25c841293be08366b6075bd13d6e020a28ccae6513fd6188632e3e3c15bb4_cppui_modular381, - 0x14212a3b4eea84e3c46f709ccc2804bd41f15ad488e732a34121377fa57e946ee003d6b8208116128cbfe2ea98449ef9_cppui_modular381), - fq2_value_type( - 0x152c680d7aab95f1514aad3265b56972ce9d266276b043f60fbaf21bfa7a43cc038a223f74587532f0854e39d5ba5e37_cppui_modular381, - 0x1914f8d4e3cfcea1cc2af3a094ac413b12f5d914be984a3124560b8b3480b723eacbbf8f57c12330334c7ff3fe7a62e3_cppui_modular381), - fq2_value_type( - 0x12280f133c2028a54637a43b105709a789f3c0275ec4e25632a53875ab54ae606ee91e3e0a2769c78744562dfd04039c_cppui_modular381, - 0x170cd2b13e9a1196451bb19123be414201e93bfa6e4d0969b39324b49d518fe697886cdeaef496d44401f0fa71860aa8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x151fb7645023873602d56cbfc401c7e1a61a841eca5f180da91e2f706fa57a05fe9b6c9680c834f41c40c32eb2934290_cppui_modular381, - 0x0035aedceb5709b64356db3f4c0efdd1edecb042d88256e486423db4172178a8741e0e7b94959ffcf9cfe2c5f9dc1033_cppui_modular381), - fq2_value_type( - 0x0c5e65c587ed7a6130841eda1311f47273a89056a48801cdcd9d836daf8673529ed486243f7a3869aab5fc5c1755dedd_cppui_modular381, - 0x158c2ac494b4494b6c3202751f4195d4a054929c6e83e3eee4007b14bc497511e14818700590aac7a426799c7e324e9f_cppui_modular381), - fq2_value_type( - 0x16ceaffbfde93f9176478100cf118613fbb63932dcf68461ee8ba252166c912c80284a7f2c5caa8231d7e4a47cd0caae_cppui_modular381, - 0x0b567d218679433ded34f7178952755e312befee0e0407b396873c1e4fff320f12ad9886ed9f2d8d369e868b61d58cc4_cppui_modular381))))), - }; - std::vector> gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x08f9073c0775a009e4e4ef14741e99852294d17d775a1a8af061eb6d3a4cdfde8983a417105adf0160431fa096046219_cppui_modular381, - 0x019afd97da798d3c11c5dbba307bf31d589f267d9cab1eba321128dbf4a2c6336b3bd5efa5e523c555635b07ebfc9a43_cppui_modular381), - fq2_value_type( - 0x0dd372d1f9d389a429f17f6c69c9d66a9ebabdc893e4d59e5d8566e528eb667c75b4f8bffc5469a996d067a76eac867e_cppui_modular381, - 0x134a7722149f4e80a3d66582ee977f70bcf1870ac3575d8a550decf04c0ebb49a25cc9c79ef5f1a9640941d79cc179b9_cppui_modular381), - fq2_value_type( - 0x111a3d19c23548f8af8891cdf2c993ee7755dedc9b91ea38b7792943911ce699c3941f3d2bbae5bdaa57649251ce5525_cppui_modular381, - 0x0a6a61281a8fa7c44af33e1b4ee0141baeae41b9440e51405f06b899d06c4ada5adaaa10d7e09276b001669696c09d15_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x02ee5660cfe9ce0ab768c07b5076891d18958fe020fa2da0467e8572aa73ad7fb49b191f4f88b56ccd209441682b71ad_cppui_modular381, - 0x0ba6c3f8f57c304983cff355f2d151cf1ae83a3a691c8af2e690f8cdfcb4c7c32adc2e73f6afed33e12fb74052ee9b6a_cppui_modular381), - fq2_value_type( - 0x10068f0bcc586f7ee257e844a082a664e46d7d33bc0cf756077cd71770b23c48ff63e588a21927ee06e9691e8ed25e60_cppui_modular381, - 0x12dee0b4dfecac74513d47203a88cf3559c0f668762e1ef79242e61ebce5d6d7485959f73291d61a69b32a092c00ead1_cppui_modular381), - fq2_value_type( - 0x0f797059da69a2aac6d611f8c26fcce0bf4d0c7672690e05c7aea73cf0d36f79b2f4a9e3cdb45015ece5e50770fb57ca_cppui_modular381, - 0x14a179d096a7383b049d86dae4670aa242ad0e7decdabc6f0feda3395779feb60ba53bb2f274ab7596424e2c6119b38d_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0f4010a6ceb4ecd70a2f47d2d90c32604819b6890282f75d0a964aaf6a1fec3d60ab26e61667e49b4a37146f45fa9c68_cppui_modular381, - 0x186bd13811295ce750c5cea7c81e9f3e53571e703873ed57ce23fb6fc7c826d451668197ab05360dd722563f75e721df_cppui_modular381), - fq2_value_type( - 0x01ca0a12c9a1e09bf9bd00a50d3c6f14ef9a121a8adedc4a374661f1c2aaa87d26b4b2258dca0a208e244991196a10d7_cppui_modular381, - 0x052923b27e2fe2031f78e1381001f6111fc8a05fb5ec0f6d114bd06a3ded82f09d76208cf37175fc83d9e39aff9df23f_cppui_modular381), - fq2_value_type( - 0x05b109b5492879cfb3aba57a7221674daa1c84f3ca063d770ffb26150fd1f3f24ddfe21f342edcf2adffd232bdc68792_cppui_modular381, - 0x0ceccc3815fbfc283af8836f7da64969ea19975b6f68206dc7a9b9ec2af9a74473157eba4acf37fb36e9d099664b0960_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0dd93d143ba91d56e03b08df97df9d8196ea6dcc9cd52dc33ab284fb1474d58329a103b16b5b35751b8d8dcc85a54639_cppui_modular381, - 0x021727257d3e11fd1a97ef0eadccecfa4a25e099ca7272058000c623c3cb70bf20ac0feb5c7d97ddfc5b9fa9a6e58016_cppui_modular381), - fq2_value_type( - 0x181abb082290d93f362b7872a4066ac3f76fe39e07373094089815f6ec2f15abe9e98da274f8196eab5c4bf16f210c55_cppui_modular381, - 0x090a968b4b81d4d0605d75177d2105b1f79949700abdbc8517ed0ec3fe934428344723b4077fd960494985c5d1463790_cppui_modular381), - fq2_value_type( - 0x15937bac482d13c9f53c025f11e5190b0f13dd3014b33fac42dc40f4b1cdb56f6e84a74674b8d7f1703808c5dd9cb5db_cppui_modular381, - 0x0e71da28c8ad7055776d3e89bb08260869108574e55c61eb537e82a79986339dd6d466444611278b616b9af6ccc4983a_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1575569d8aa93c4539b3d555c72a59d812f2cc4f8ac77f4636b70602391fbe653ee313c65c3a3a97ef30176797090f2e_cppui_modular381, - 0x030e6818975890540ea2cf48b5ab288a075529ce7e967a7a6eadbf2511db763aeff57e76624d869543cd971b9cd15a5f_cppui_modular381), - fq2_value_type( - 0x13a9f2ef96517d6e5320027f8e57a344d4ca8dc94031303cea0ce02f780edf5a565633f54139e57535d88aee255b155e_cppui_modular381, - 0x171a5b83960fb121be36b9ea9fa82799e7cb0ab2986052353d67d28fe3baa4754632a38f85602cb173dd7ad048df76cc_cppui_modular381), - fq2_value_type( - 0x12f635d40fa64fb3c6b9fca1ff753136b1c0e09908b98f7fd1100ff235854494fbc62aea76dffc1dd4d869d51f2a88a5_cppui_modular381, - 0x17b00950f0a259e027b6828e7f59d96376f2d9642496f58040779adcd29fa1bf37a87427153c136dc704a005c270c442_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0bb33b8a527a332f8ccbb5ee7a6dbaf17ed8ec6e5f0d5c3e84c1d994a0a6facf3a20e9493f05fdb08d6651c25fc8de4c_cppui_modular381, - 0x083f3e32f2a48c016a29e09a896e357f32fcd16db631c3005626c255d2d5bb0eeda54529510f8d4e94d9b2687630cdf7_cppui_modular381), - fq2_value_type( - 0x093edad037781b9bb503f44ae4a2c12e874fadfa69e09feb03ae3325ea911ef58d1a51c1c771235db662b262e838ffab_cppui_modular381, - 0x036ef42721079c143eddda66ffd5ff90a56c52d88a32d4f92d0361cba6d08262936bbed88a7229f9c1f6fd3d4b05bfde_cppui_modular381), - fq2_value_type( - 0x154bb3ba3010bc9adf83ee93d1d894c2da3bf2288f107c535452f719d83a803d14799d675841541b292639cd39056129_cppui_modular381, - 0x094063d1fa4295928329b835e198dcbd7c895275174dd7a6e250eeb6a10109f161faeaf224084145b59dcc12abf2ecf4_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17c730e3ddd4e091ee9c803e69850cd058a5c0efb422fd3805c080fe7d42037826fcd9eda6f19ee25710e0a7699d6818_cppui_modular381, - 0x0114f715b4bcdf98a72e58edcc669339c4daf644f89629adcdae25377469d9f1931ba469f334f470e6814dcc75c13f8e_cppui_modular381), - fq2_value_type( - 0x082e7a8e8c72a5123f8f2793666171593f75e19b8be16146ffca9ef10e6bd9d9f926e0a317e0475f8767551c699055ce_cppui_modular381, - 0x1682ffd0b557a67c9cb50a667b7b44cec5e1050fb162fffb66f28b73e075d1f2e21e7bc635064cafb555c9b193cd90b4_cppui_modular381), - fq2_value_type( - 0x058fc782de29595ee450b8d9b7ed55e5c9c3ad1ff5958563492ea7237ad1c2148d8b0f4ac961bfbb58afc5b0ae554717_cppui_modular381, - 0x10983c3b4484083e92e1f63be4158937249d77b22cbba541103f8897e947646d598948771268bb1ac812b3c42a5256f1_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0de5da5ec03c3de2995c5897972ecbf68902e8b5531b1aaa7cda6026c597fadcf781917af77f5570015448b2bedb0c3c_cppui_modular381, - 0x14a5181e6c51146873e388f144e3663c9172ac92ffb960bd59a5d441f23dfb98adec2908da4e19a48025fcfc099ce6e1_cppui_modular381), - fq2_value_type( - 0x0e8865d56c3f291bf77807f1e26987e0bdcdf1ad4280e0e1ba394b996ca14dfe1e5b81ae5f5596b526ebe5ffd1d9def2_cppui_modular381, - 0x0260065b9b022bae050c5971e9c27dc70574a3be01ae32b12430f2431ecf966ce8a485185833e12b328dd799a091ad8a_cppui_modular381), - fq2_value_type( - 0x00488b4e169f7bb6e47020106fe71491417a1c5bf7202920dfd7f48f6dd965ee1e54481535e32ae5a69dd9615f3e3223_cppui_modular381, - 0x02d2cac9461d150153d9e8b6c863c4cb11eab1259d207d167b4d9f38010b45722b950f054533c366136166e0509f7633_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x123c02bfeedc4f8ea0992056df6b6f4fda5a2ad1656561d7fe3edafa5a3fa8b7604f617587b8d2c3537d8e037061c2a4_cppui_modular381, - 0x0fd284dd926d7873d120232087c39b41203627a6aa7afc527e0dbe688315b2f8cc17c4928a08a5ab989198bc51ecefd5_cppui_modular381), - fq2_value_type( - 0x1399215028214fd250f3639f9a2be87e4ef4d6a79f4cb81e0363644027119b4a2516bfa0a5012d276a05749b80144c06_cppui_modular381, - 0x09af4ed233b37c01cf8dcd5f48030c34e09a7329c2f8b204435daf5975d8e6b99deb71046d6fc71bb8511a97db0dae8e_cppui_modular381), - fq2_value_type( - 0x0d4bb65d7396c2add4a2535e4df821f03f370911efe713e50bb9de2445eb226438677a3e2b7940add0f4374f64473d99_cppui_modular381, - 0x1859e2e35e469f60a3cb901cdee3f105f6a7917fa252ebfcb98bc0c518a9170ba9e6bc6c54f0bc317f5eadfa2ad8531d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x179269ee91717b72c93d411b169457cb2c25648b2f761ffd9c52d66874942eb8d67926cfd128e9e865f6e59d63d86235_cppui_modular381, - 0x12c599b9a30e3b5430a58fba79994b80a5e2094c393bcc6a31f6fd5f2303ce8fe873b98d7c23d5f478464eb51dbb4aff_cppui_modular381), - fq2_value_type( - 0x184a9233829a5652225673d043b612d75a7fb49e0b69cb9d44ffb35c12a1c66c70238e75128aac8f7209f4d4192e1bc3_cppui_modular381, - 0x11f98b10c61957a655eefb9a28d898f321e0483222b04b1242b3d9369eb783d2713cfb9431eea71e55669afabb8bb78a_cppui_modular381), - fq2_value_type( - 0x18db7aa336ee287227d0bb84c11018079c3ecd05e2e9e7d991fa419d874b4bca347a20cdbd74faa4bcec39892d4d32c9_cppui_modular381, - 0x10a62a1d7fbd0cae7dea00b02b82f1167637f68d02123153418f9c52693fcf5c59bd88fade8bd2a1a09017a3bfed88df_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0698718e1e0ef63b893800d0d82e26a7f2f2714f80a54e1341f7f790ab91a80d37a04338fc2f8298068c28e77ff67c83_cppui_modular381, - 0x076d476a55b32dde259f0b654a33ecd52828b948abf72ec0d7889e39e8a06888ae598e10fc4399093f008a2858da339e_cppui_modular381), - fq2_value_type( - 0x119feceda0d283ded93911564149778d7f7b7cd28b86a6293fa784f04a67ba2d3b3efb14a4f7b840338adda0e40c0783_cppui_modular381, - 0x154f9decba8a3f68fcd339c72da233f71fa089c1ca31b87daae8fde856ea029125fcbf579277308e24382381a947c105_cppui_modular381), - fq2_value_type( - 0x09b83d533c30fd2d1b30feff20add25ab7834dee055db7d9f15123d0c19367f0f0916b217aa12d5572d49022f605e3e3_cppui_modular381, - 0x06058ffda7dfdbcca1fd15825131a7b533a0ee25e2b08dac4049d59076f520464f11e481bc225b7720aa60792cbe442d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x187a1cc2c0ec0ac7097d25a48444431f2ce6b7aacdc77945659029a54633f9e9d3da31ecebf9b920a2c0791c3192061c_cppui_modular381, - 0x0d3cef4b7ea8b25fd960b47b2a855931067741dbeebb702584c0c2f15ee2e7c042bff57222b2fcee4632420724f0f568_cppui_modular381), - fq2_value_type( - 0x12f72eac80b1d15b8421b8d2157690247792381401ad90c753982baade5a62fda91f0d1794deeca3e4f8c337317306e0_cppui_modular381, - 0x1429844bc38ce46cf8c3382ba253fcadc7322b8f61a1ee1a42ab1fee49fba6a122a858c1439115016f48da1f9118947c_cppui_modular381), - fq2_value_type( - 0x04392327de52f85a0913a26502d9a7744f01aee8f321ac61063008cb3c1d8b43b8cc0776d3bae66eaa0e38f0433cab99_cppui_modular381, - 0x04497542b82ca27b26226e9406a108f962674f86665211f8e764c13d730e5e0ef1d0a969383039b64e9342d61e4ba80d_cppui_modular381)))), - }; - std::vector> gp_z_c = { - std::make_pair( - G1_value_type( - 0x16fb57594b1c4280a3ae03f69cc7b8489af6771379c9b5e260a63e8c19f7ff8be3c254932fe0aad28f816ba7052e4967_cppui_modular381, - 0x05e90d0b869a06653ccc8834afd2233bfb2d9c09a75e7e2dd39ffc090a226462b79d108440474902b921fdc56840845b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16a09499cb5dc71cb167dcba20ebdd0ecbf861037c095b8199a1216962bf295c9262fc9936042f1161c344d04e1dad8b_cppui_modular381, - 0x0b705a88efe7cbed33e7c1979d6ace7a28c19860fab650267f935a5ff09b56bfb15c1973dc71b80e62009dd516dc6674_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x044be96c66a6a39b0c849d8958565dc1aac145158141ed92baafd18e150597f9af674bb8d04710ac3749884bc918df6b_cppui_modular381, - 0x093cda4320c79039ae2dc14c8943b0b81f4a041a008e2a637b647ca892f3a953cbc8f82813ecfbb35578a4f8ea122a63_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x10dd1a464c0e531d3525df1f53693d03d3d688e0e3ecc0913e8bb5bdb093ab2c9a366f02e50679036a2c73034db021da_cppui_modular381, - 0x19db45be54bae534b874b4a1b2fb0897f43d89554ecc43072a94405e6ac3b69fbef222843236a9a106f9488be7e9a2fb_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x0be458417c6fc8409fa231013345b4a3dc5e8151c28c9aff0403486ce026a22f05384c4848066ea1181830de6542a559_cppui_modular381, - 0x042c0bc4428de68ef5a0f75f90fa167dbe38082b15cd30c10491c60e474190c33cfa118a683c53731ff70fe2af2d434c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15b1f2d6cd147fe30d3c9d2c6cd95210c00ab9462ad7fc1dd9fbf54313716670ed9c5de28b8dd993cd91c29235c7a144_cppui_modular381, - 0x0a2e3ae1709822d12bcd35862a83f783e0d5213f89880e49bd316ba8e436ee42ed7741322240e633a83a305ec40c5d11_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type gp_final_a = G1_value_type( - 0x08ca154549965608909c78bcc6aa8b4ef8397080d14b54427bbb94747af18f25e465dda637f6fc94c02b9ef86b9f5b2b_cppui_modular381, - 0x008db311c46bddd36d8f3113e4ef4559c5ce70bb9b8f7799651583ca7a756f44bfcb9d40d46e41fa22946fe9945f8bb8_cppui_modular381, - fq_value_type::one()); - G2_value_type gp_final_b = G2_value_type( - fq2_value_type( - 0x15e12a977ff8033b2c7538a6eff9e114873f6abaa3a5f8619fe2368de1388e697e805784fa4b2190b4cd3154cc49dde2_cppui_modular381, - 0x05432d9d17e7c76a3d350a3d5e9e8f91a119b5afe5a9e7156566fda0447c459d1c7fb8f38fb625edf48440f5e0e9e5b3_cppui_modular381), - fq2_value_type( - 0x13372bdb38df1eec444c50f8739828cc206f63d1e5e4aecedc24b8a7e6434119e7f5c1f059c1737b61d148476701261d_cppui_modular381, - 0x07a4d623d8d8393d3037f350fc1936ab0ac01153dac4d485581a5dc14e176b749afb1f8497f8bd0de992c36173f92ad7_cppui_modular381), - fq2_value_type::one()); - G1_value_type gp_final_c = G1_value_type( - 0x107306008c787eb50a0810ca13a179bb98ac5e35ab4c4401f61af09f2449396f77d0bce5d5b1fc1d034efea92da17bb8_cppui_modular381, - 0x0eb9995e51a43a4d1bcd287f11fc66f377aeb5fd62517ec761e68a2436da85e72bd17e853c1e4744ede998e654fc33af_cppui_modular381, - fq_value_type::one()); - std::pair gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x112a8fae0f862be4c8f290115c1e2c75a9e279a66f498e216f3a10ef69ff815ce3ec39edbeb4b281ebe05b2f20a0769b_cppui_modular381, - 0x1114c03d275b4bce13a954742a8988ba333722b009ac36efe925a8e3c19afc6f9ce8c7484bf8993f52eb49aaa4f8ec09_cppui_modular381), - fq2_value_type( - 0x08b7d6c40385cfe57b3e05532dd386fc88fbd6cd58596933af51eeb06314b673250180f31f403572f070a613086a14f3_cppui_modular381, - 0x17c3ac21f996cfe2a3cf7366b4a0fa6c78845d210c96244732122361b034ebb021aa8b423d0f0740447201f12b05650c_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1597377c04c85cd3e7977df8ebbffb69b494513a6a4748539701e6d28897b3bd58481ccd321b165a8a959a79471ea091_cppui_modular381, - 0x12fbdefb39729ad71c89c30bdc125801400ff52408d2b062f8850bfe529bfc1c9be8e4e4a7053bd10fb0812df0681f5d_cppui_modular381), - fq2_value_type( - 0x0d5dd66edc1319984052ff2e000a00aeeefcdfc0a919663ef9a3c864aa4d32a4fbf40676a97be7571c12348c321ec00e_cppui_modular381, - 0x0af4511e311ec1c421f6d7068d449c39ea90579bd0c1dc0893543598263fce17993d85e8f5aae8f1e161302d4d45f9d0_cppui_modular381), - fq2_value_type::one())); - std::pair gp_final_wkey = std::make_pair( - G1_value_type( - 0x0f735b82eba2a4cd6392dc33dbf4d7959cc90e638b45a5c1b83391c8ea528d491f8294ea2583c718d9c5cf7752be5079_cppui_modular381, - 0x0545f5094822746ba24e25590552f113fb1bdc20ea92ba1671d956bca258c5a7258f26444b8a442f996e98f5563a0857_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x148bfb9e0752eac87883fe95c7a8899cdbeaa9af0ad3d623238a04774eb5de17b5cd55b6b53beac54cb3644c02c4c3a5_cppui_modular381, - 0x082c949d608c7ddebd587403529d3a5159205431ab8e5a196690b4537c2aa937727ed30592e56fa120dd0a3fc934a989_cppui_modular381, - fq_value_type::one())); - typename commitments::kzg_ipp2::output_type com_ab = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x005bfb5383703f7ad7c8cebab8b70d9a4c09c6ecac88fe88f2e021cd407878444110eda3447da20614420f0b96ef6de6_cppui_modular381, - 0x17ac2edc973972b88a578c4c30d6191710666e46cc50cf669b9552c7811b5a3e35d2e87d04218e2ad6ea37fd7804ad80_cppui_modular381), - fq2_value_type( - 0x0bc40aef94a0f54822ad79056a793c6693af11650a9ee887a5e4433af3f8a34565ed06323023062b4ea11bf15f443731_cppui_modular381, - 0x15524cb05539c1b2712a45c1cea484ca7426aec52d731a834da5d26e19ed33c48a180f181b623cf59cc37ce0e697ee3d_cppui_modular381), - fq2_value_type( - 0x03023c334dd1e8bcb3c4be0d57c5fc8edcbb4d9373a512f4e735197a68595670d90719577c827a1b62e9d517637c51a6_cppui_modular381, - 0x17d6804dba136c55babb7e1110d31e639968584e6797c680c2db0c162a987172d906ae0e766ff2f05c9c0d95fc1b1359_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0983db425b34168ea7e037e7b5d8d658359a9d136451c1ce3c20bd569e0eab4508339da97bdf502d3e4887a091453a4e_cppui_modular381, - 0x0c3e3d72109d23ebf2daad34b121cc7203e4e9f0dea2a8da41d96233c63314bbdc076c11ccf2800c3364572a5357664b_cppui_modular381), - fq2_value_type( - 0x0ad7c8032d3bdc3776d9188f10d06e7369cb8d0c6d0dc00ce087fae972130d65ffaf517a4feff868b18ae2c0babcf250_cppui_modular381, - 0x08a1b24102da727f5f5174681c212547b5ef3b2e950b29883ec8effb49689e215b292d6df2a5429ce003dc46b85e9664_cppui_modular381), - fq2_value_type( - 0x13996beb56c2513c733a911a529e84fdcdc3687450b23f6ffe235af71f09bf3abbafd25bd7aa7ffaa04321df6d69e5ee_cppui_modular381, - 0x030253acdcbe194d3258acaec3c30aff8d46cf5bc9fb5a16fc56ad86f82e9bbf7f8f478d22a31e65cd433ec8cc2c3de9_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0822bfad9e1aa1679876d19309beb064c54dfdccb87f3522f069ffef6516f9b1c5c38ef0f17054d0217d42ca6208cd7e_cppui_modular381, - 0x06634373ccd257e7ae22d120c37b58c39cbc1b0e6c3735391c3971e1f5b8683c3b8b5840c8e6c991d1989b603eec6b6c_cppui_modular381), - fq2_value_type( - 0x04be17f88eec6aaec776615c93ea64904b2d35fe6b825ffa5c9eb6a382bcaaff596a487509c732a1fc762d5a97b1836b_cppui_modular381, - 0x04aafd05b0ad6e5aa44a4112a4429afeda9c0b8f74ef8f41c6df111aa044d27a3909a212ecdde4038c67da42a802e94b_cppui_modular381), - fq2_value_type( - 0x03455e5fa32e7a9508a0b20bdee6f58a70869fd7492dbd18aa97ae525c1ad110fe0b9318e9277229b0fd55288db58995_cppui_modular381, - 0x1768950613a4b5f99a43c703014f664cbe8fd63f55bf730fd077b928c50f2d42cf920dafe73f9b1b1ab9ef16aff08ded_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c8a2fab8d47cf662105373cd871445ad3c691052c1d33ea0b03e8954654f4b6634ab7e75c82d4c860b0ff0d290c2299_cppui_modular381, - 0x0279df9dbfbcb0cc129142742d5284a25ca3798ed8f4b66aa5296b566aed8c6cd893b8f785f299519d96d407561a83bf_cppui_modular381), - fq2_value_type( - 0x04e71cf408c5391c5204e55d9dc007e9efca1bc7582a5f6b044f56bd30b546e895580b43aa22376eca06170f84c76d9e_cppui_modular381, - 0x051857bc18ce932c2a32d8c7a7b11e3cba5e3975a46b1efc2c2be138b051fb3f701daed78fad3b2e5a64d2b5b70c9adb_cppui_modular381), - fq2_value_type( - 0x178221c4b804561b7e35b96589583b63804c79dc22af1b37b505fdf7b3bf0bf9b48811d3f060b211b29b3c46d7ce7a28_cppui_modular381, - 0x088367d8e5e8bfe3a21d1209c583fcbc4cdcf337c1eb68a4f5161eadbd160e10360b0320ee8d1034d61c46787e701fc0_cppui_modular381)))); - typename commitments::kzg_ipp2::output_type com_c = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x14e486224695b9ba0a0f0a34f0b95d43e0e887039738e823cefb22debe11b3d53f34dcf7015df9c568a7ae1d2358fd8e_cppui_modular381, - 0x091bd348a453717f080fa10d26d696ce02765a9268a9c1c8d746bed8150609092b3f8c0873ce5f4bb69e5b4b2e8f21ac_cppui_modular381), - fq2_value_type( - 0x0f34d88c2f7dd3aa28eff3f0d39ad7fc48c6ba325e22e5eae3e8b5c15e3341f94f63ff58f5f5579b97b811f498e577e3_cppui_modular381, - 0x183522f3ecdfc14ce2e029559d772c84e0990072573325209efad169031217bab42beafe23c5b3958304a530ee15911c_cppui_modular381), - fq2_value_type( - 0x0398a2a70a2377d2456e85e70521d50e684abdb1b2c5a52f8df12639d5f8494c99cc71f86c0bb7022b18b71c5336bc81_cppui_modular381, - 0x017c68ba9a7306f68f38a4569cf526c7f134c03471bbd78c757b6e74a01d5a18c2af6d0b74205634cf8a5845f490fc13_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0b5d04761a0438f85adffb6d6fb5829293cf8e4a0cacca12e92d4944dba1afdc3c39d58a49c45570f97dcebdcb456e7b_cppui_modular381, - 0x0ee19534ff533e286e8951730990d712d16e706a37c8628bd74bf89df28282a6e2c59560f83fdf15e504f5e3fbf81263_cppui_modular381), - fq2_value_type( - 0x163c63d3e9a55fc3cc917efe436f83051062825eb9e0900d350824b3b708e05effcb7d88648e7dfbb91d63ef9f85578c_cppui_modular381, - 0x0fb04351458afb1787e529964a827bb46e1f6c1d60c1b66f8c390fa9d58f3e98d40243cc22853a15ce9f3db9cbb3651c_cppui_modular381), - fq2_value_type( - 0x070b66af497d4c4376890e7b2a69e6154b12e65c66125c15f490d063b4bda91ccec5bffe0dfe027c939746cd9ca9c975_cppui_modular381, - 0x15707d235af8fdc27d04a8ac856ae69fa276dc7b2ffdfd20980099c49dd6c2b7de86b06f9615b064f3328424097cedc6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x19829f73caf54fac2272aa68373f60cd3cae166c6e0bcc973734920d4e87a6511c260da7c818b5a3a544fb9c9d73b155_cppui_modular381, - 0x0b8de7c8c93a92fdc765cdcb691d3688c0a768c1cdac94bdbcf453dbcb8f4eb0d5cc71ee6c7e49863e9c636e456f3b03_cppui_modular381), - fq2_value_type( - 0x17f87e06f83e536c18fba9783efbd2201a70deb47cbcd1224038634640f9312e9023c06a528632e223b16059a630e9c3_cppui_modular381, - 0x151f83a2ecae887ae25ca2436cd969f9fcd04f8813f97b2bb20d92c77acf0d777c3c63a9a333edf82e62dc15392feaa5_cppui_modular381), - fq2_value_type( - 0x0419cf89fa02405417cc2a60171f3989e2487b306344311975852323119a3ee374778931824ea19c4b80ef9485e2ca1e_cppui_modular381, - 0x13bd49d44ba8fec4a3cca254d8346e82488580604695eed8d7241e2f2fd3774ee7c834e4594ee2b3adfde3d32ca9a63b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0202df25cb6dc8a839e253e4246d2429876d450d4eb35f3b245eecd169a3d94f1f0bfdd66a406ebdf98510704fdce154_cppui_modular381, - 0x05e140dcab111c0e22cb637f0bce05e23f326b89a725d8c45166d6490c9b66f922ee37df96d5205e7d03ad55e1a5d30b_cppui_modular381), - fq2_value_type( - 0x104eee248fa5bd0be12d72117ee7c532fa928b3cc7395e037aa8c820b6c000b3f87730e57f112d218daa69e102247a9c_cppui_modular381, - 0x0a1caa6b30195ec2042dbdcba293d8ca67e4e9410527b74ec48521a36389f5e2b199ed74baeda1c251e1217420fb9a0d_cppui_modular381), - fq2_value_type( - 0x1295d4059a7db2cedf575fb5bdc3af888e58924f80610864623049f7dcc6acc4f650a088318bef43e943652baaad093e_cppui_modular381, - 0x0bd6c542d12a367acf2dd1b2686d97be7753ac8287bf037c6b125b637d82fcfd39e59a6d5fa3fbe5b73684aa15aa20a6_cppui_modular381)))); - std::pair tmipp_vkey_opening = std::make_pair( - G2_value_type( - fq2_value_type( - 0x0bf836c22b7a8d26cbaba707395a794d239dfb9cfa97e7a7ecdfc5274cc9098aa2dfdbc399de7eb791f64ee409719b01_cppui_modular381, - 0x12752efdd994c43a66c1268fbb39a7b6c3dad8fb851c2014d5da7e498317fd9fd607328f39d656d0e227c94fde609d22_cppui_modular381), - fq2_value_type( - 0x14ae39024c52755274550db97e7891c8e6a736ade285654c0d73af80aaceae7ad4b5e638d00d5f505a70ba609fef3ca4_cppui_modular381, - 0x05d677d834e065a0556c071bf9dacfe212f0651a346b8c81845a4a1b0e4a6ea857eca87ff1377a80659f036b3660045b_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12fdd9d8ccd97710e32d8a6c9044f9f00d1a85526d95eeaf16c7c3537e6a7443c89443f4251993ad7069dadf6f61c9b3_cppui_modular381, - 0x11f8bbb43685da92a45707f68db5e3531cf7625ee42bf04532c06650f4545fd52a83c5f90fd20c49bb31530ce8475a82_cppui_modular381), - fq2_value_type( - 0x0ed17b243806f7d9cdad57356cb2778d82d63a33f49f7d4cb97a6586a7a1a238aee473c0ff4d608caff2f9cd768b1f9d_cppui_modular381, - 0x0fd093a68d37a2b05629d3ab18aacc6a6092ae55b2076ee95d483a9bd596eb1d2e22931662b26b7a7e938eeaba4da9eb_cppui_modular381), - fq2_value_type::one())); - std::pair tmipp_wkey_opening = std::make_pair( - G1_value_type( - 0x1412c46b8d2e943efd0fc938578ff78ed81be9e8eace8ec41180c4e1a2f3ade006fc0f842601bc5af69e87b48a4aabb6_cppui_modular381, - 0x0f5c2ae2fda9d7875a2dfa6947a610e46989520e078ccf6b5141910a6e3d57e2043a9d65af32b89296f40b4af35a8163_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0e9f58f6b33e7cf12381016627c215f9f70623ccc4d48a434ec6f4328baa6d4aa51515063a4648386a6cac6fe97bdc85_cppui_modular381, - 0x1438310d775365786376197fe53805816b5d7dcb7a92138f0384d392ad11f2453d002d2332062370ebd8f48c3c117ac6_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(ip_ab, agg_proof.ip_ab); - BOOST_CHECK_EQUAL(agg_c, agg_proof.agg_c); - BOOST_CHECK(com_ab == agg_proof.com_ab); - BOOST_CHECK(com_c == agg_proof.com_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.nproofs, gp_n); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_ab == gp_comms_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_c == gp_comms_c); - BOOST_CHECK(agg_proof.tmipp.gipa.z_ab == gp_z_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.z_c == gp_z_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_a, gp_final_a); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_b, gp_final_b); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_c, gp_final_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_vkey, gp_final_vkey); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_wkey, gp_final_wkey); - BOOST_CHECK(agg_proof.tmipp.vkey_opening == tmipp_vkey_opening); - BOOST_CHECK(agg_proof.tmipp.wkey_opening == tmipp_wkey_opening); - - // BOOST_CHECK(verify_aggregate_proof(vk, pvk, statements, agg_proof, tr_include.begin(), - // tr_include.end())); - bool verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(verify_res); - - // Invalid transcript inclusion - std::vector wrong_tr_include = {4, 5, 6}; - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof, wrong_tr_include.begin(), - // wrong_tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof, wrong_tr_include.begin(), wrong_tr_include.end()); - BOOST_CHECK(!verify_res); - - // 3. aggregate invalid proof content (random A, B, and C) - proofs[0].g_A = random_element(); - r1cs_gg_ppzksnark_aggregate_proof agg_proof_rand_a = - aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof_rand_a, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof_rand_a, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - proofs[0].g_A = proof0.g_A; - - proofs[0].g_B = random_element(); - r1cs_gg_ppzksnark_aggregate_proof agg_proof_rand_b = - aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof_rand_b, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof_rand_b, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - proofs[0].g_B = proof0.g_B; - - proofs[0].g_C = random_element(); - r1cs_gg_ppzksnark_aggregate_proof agg_proof_rand_c = - aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof_rand_c, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof_rand_c, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - proofs[0].g_C = proof0.g_C; - - // 4. verify with invalid aggregate proof - // first invalid commitment - agg_proof.agg_c = random_element(); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - agg_proof.agg_c = agg_c; - - // 5. invalid gipa element - agg_proof.tmipp.gipa.final_a = random_element(); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - agg_proof.tmipp.gipa.final_a = gp_final_a; -} - -BOOST_AUTO_TEST_CASE(bls381_verification_mimc) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type alpha = - 0x70cf8b38ee6c80d852532b676a1a9a6bcb5c730acf8d374603aa7a3f7582a318_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x252c17e40f6978eddcfcf95e3134923554ff29176eba269cfa22d647230b12a8_cppui_modular255; - - // setup_fake_srs - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - r1cs_gg_ppzksnark_proof proof0( - G1_value_type( - 0x1399f72bba486cd041f2ba7355b8b989c2d3a0f88ce2585e00e70e556da1a25f07215556ff951d8ccfda5b12f3ac90cf_cppui_modular381, - 0x0a75ffef452c78ff85c7eac1e7341a9c76c251b856fa14ee2eff9d078c70f064b3d06c0b8b6e00bc41f2333a1307164f_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0668d14a879e05415e963933971291f7d463bded5b0c7f569ac21d1c18047206107e41485f7633c2fb6b50155675ecdc_cppui_modular381, - 0x0d4caa0f825d207f175bdf853165324ced69244027f3f25d99791aee0fb605941d1e691b304fdff532d5a1cbbdefaba8_cppui_modular381), - fq2_value_type( - 0x08f758fb9760a5121ee6899e9253c0bbc344fc52c6e1a4f53a621100b5beaf53a860c07d347fadef5e715008b87560b3_cppui_modular381, - 0x093b43b47f9a581a05fe203d8039a85c91d01dfc110aef48127c6c97ec537dcdc4c8d020b6e5e1f7feaa6ac25df8b149_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x09f277c9c245679f4917f03f032d107745136a36553c6664dfaafb33b8010667cec0fab82d816ff62fdc93264431498b_cppui_modular381, - 0x15f870848e4534ecbd74702e6d79e8b61b68395b6d5f72721b0cf4c9c296f20f72a80f40e8069af926e87ae67341f47b_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement0( - 0x676d98b785b2289a12720011f76b9891eddc6e3d77c8eb2fe97b5f5511208065_cppui_modular255); - r1cs_gg_ppzksnark_proof proof1( - G1_value_type( - 0x02ef1ec1a2d0c37897dabe8b13d2fa2fcfa9c915097eb91745d6d4e54be221dd367b24d11c522ae2a16fe1a92bbba3f9_cppui_modular381, - 0x0c74829f28e9adf5b4313c02734ee878d2ef7fe0458b0aa7baff576dd204d3d20c3db4eace869bb2445d7c3694581d8b_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0a0cb52de299b7fda5bea1266d9278a1a3c66666cdd121d62bdbc48a45322d79eddd3af032282b49d7f38c41d5ba0afe_cppui_modular381, - 0x08e675240eaa1ca4d8bc73ab280c9263196bdc9785136422b07c69b38fd594a12a2ca922db16c0fa5bbb9dd7409f4ea4_cppui_modular381), - fq2_value_type( - 0x105990daac7ce1b7094e5ed6a9ec8a76f76a73823ab272e1274d7c2be5cbe353401b71fd12205db66862b6f80e27ccde_cppui_modular381, - 0x17704237a1535078a657e1f9e950c773615c105a52c071ab290299da5d267ea9cdcdb441bc2bb5f5a8b3c610217c8e2b_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x08d2e6e5680aaabe762712d2beb827c0a459d9d000ca6c386842389a9aa9b36e7d438cf9dca4b5f5935798797c851db6_cppui_modular381, - 0x179452ac9b2dbe5b4fdc942678f5b529d1270872fef5232bce94ca2c4f5b04cef4c9b1deb1870e4433ef73c333824a1f_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement1( - 0x1adf834e2bb0455f07b7293cd301a59ee0489e8ea89ab2b268ca62905b60910a_cppui_modular255); - r1cs_gg_ppzksnark_proof proof2( - G1_value_type( - 0x0329ae094857dfec93a6bc51e28b606f1d935e22dbf2284d280200e5c00025c13778a153729225b36e95301a26ba36b6_cppui_modular381, - 0x17c3bb71db38454d4453ec60560a265af5cc516deefbb2525268ae9170a843786ab7bdd64e47a530c0af1ad455374bce_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12f18e127906c95a9820038a6282f01ad57865e031fb520cd9dc4b3c426a5c256491b16cf6d6f638589ff29e6255f104_cppui_modular381, - 0x0601b0633b944f6788db5231c8d51ecc9b6480eff808befcdb9346c80837592d3e9de1fe025e5cf6badf83c752070485_cppui_modular381), - fq2_value_type( - 0x1150fbbe8eb6d0c662263c3f8853d1a65b73276937f90f214c9130859cf8c451c031b703935a41a2eb655693fb36bf56_cppui_modular381, - 0x01d8458efe86f4cde17645930a66e22145b5a1cefc3b323ed251a52e963ad4e7222757462b9621af0ef52915dcbb169e_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x04c9e7133e46f37ad3b4200cdc1606abbf130db8e168af114bfa12b4cd7abd4de9bc50f7a28d242662ec47b16022ce66_cppui_modular381, - 0x0449b00806db1d5eaddcdaaefe794c0ee5f2aaa7c01d1f7df1fd9b7971cdb76ec755c227f87bc5935fccd6a4716058ac_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement2( - 0x3f2738f0b087b2967e479483e052b614671802a0ad3ddf6a04fb86e32a125c77_cppui_modular255); - r1cs_gg_ppzksnark_proof proof3( - G1_value_type( - 0x0e54089a438030c10200850c8f900f2cc631270044d4bb607f59bf84564d6be3bf315e7b6c253de1060adad71b5d42e3_cppui_modular381, - 0x0844609d89967590354634de4b93e3a1f187c9a8919859278009ba506cb48346926bd072fc30241a0fc771d707bdf99f_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x022c9f24480c22d736c37c973fe696be08c533f598c4401b82288bfe62cafd920deb3b8536e4c0cd00933163a1830b68_cppui_modular381, - 0x0c0a72697a5820fc5388f3a92871d2881431e0978c90f5bbb2f6a313cd063b25850178e159271229f2e963f9233a30b4_cppui_modular381), - fq2_value_type( - 0x1377a842ab4bb30d8299315bb763cb617af6904526c1a6a90a6b3b443a2ffc57883f83a006328599070ba30ad9c68194_cppui_modular381, - 0x0c92ab2f18bdcc2178d9fd56ba783bd942f7311ca1d1634db2b645b2ff8a2d1ab733558b6f4836dce626d7f2b8517ec3_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0213ef2fdde74b15b2b066829a331cab1d8a7e6d7efa0094be4ef7f2f5658209b09627ff3ddbddd96b69d992853cf889_cppui_modular381, - 0x040dc8edacc46608f9587f9c9b658f1b2c2627f570c538f428423c731aa10ef8e828531f4bda6b0734ad35a2a9d7d51f_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement3( - 0x69be6aab659e93cbd70e94cb23ff4be9d42cfbcdf9c955145a2d2f20c8a9b031_cppui_modular255); - r1cs_gg_ppzksnark_proof proof4( - G1_value_type( - 0x0d6eece4630b049c30c50ccdc9750f11c9cd15aca43554700045ebc81b03cdaf8a7daed7a9c5870189c4c593fa109f05_cppui_modular381, - 0x0b085d537ad0cca263d560dce8d041bde490c95d2ff29cbf9fcd7c376ca3ab554d219ca9633f0b5e056aa35ef6e887ae_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x181c65c65ad8c0b504942f5740a7c175e0142226b7d441cc8cac836b4b6f713056cef60dca010d4d5e775fdd8bd339fa_cppui_modular381, - 0x1515267c97507db065a264c0d5a1b4f22b2d87502ecda11771fc097ab2665406ccdd0feb7ba57e53c4c3e8415d6bc6d3_cppui_modular381), - fq2_value_type( - 0x0fd7ffd768080edbc6830400f159e681c596a619746795ba5a9ad03b6dfd18047d3d1738784405c3c05e4bd9c5150790_cppui_modular381, - 0x17191a92cbe9c9acc873872162ab60ce5d01dab26280a96bec0cc04c628c47ed56d643906428de68fd5696b8bf39078d_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x128ef42d1399ba429d4c79606321b98bfbeb984342221fe8b231bdc3a6a47673bcddb5205f5cc7a501034931a3ed08e3_cppui_modular381, - 0x0d515563f0840600c7b863b16536a3901084ea4714ca4fee4c906079c5c8d6acb28c1617d762a20e155f3cd9b9ac75ea_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement4( - 0x668f0a74247e78898b4b160ad3d63d8a209ab4bd151ebd93d04178c803e8bbfb_cppui_modular255); - r1cs_gg_ppzksnark_proof proof5( - G1_value_type( - 0x0f464d0971c96b7f52196d111a389350682c5758f941e0425c041fbac3593121ffb0c5e20249c790edfafe160f7d7106_cppui_modular381, - 0x1980374d3f569b32cb8b001b8ba9eec741e4835336e145263cc84ee14239f2fa38c9bf4f1c0c16638276518f5b8bb901_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x196a554c6af4aae8c58e871e453f9134ab8755a1dbdf10ee88ff0e7b678b8c0c696f5d2a7c9d0bbdf6bc44c9f039d552_cppui_modular381, - 0x115ca6da99922e86fe7d58317ba8e106dc23b1b970eee21f11a07fd2962fccb69c4a26fcaf8e17f04030e2c2c10df817_cppui_modular381), - fq2_value_type( - 0x002c3d0ee2f62aa0c44eb32c913472e6c1e86b372337f21ecb1e44d00b99a2b6f2de78df7c2ba6a4fb5c36f0e03d7cc1_cppui_modular381, - 0x0d4115c34a549c05223076219c2d030756511433c8e428ef26446847e427dd3c78706375df5df02378b9e212a69fc584_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x04a89866a20de75b2a326f4c4a5b283cbfc431a51eb4bf2a9230ae66edd772179dd4e0c74b4ec59f0017ad5f21fbfaef_cppui_modular381, - 0x056c29dee82c9cec67fce45e4eba0484e4ce47722d7ddf4f62e827f580770777999926017fb5fa2481c04f7aaa787d20_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement5( - 0x3f2202b2e3a6f87cc7bd57565b30b78f08dc1ad79e1cc6a9f372dc7639bc1aaf_cppui_modular255); - r1cs_gg_ppzksnark_proof proof6( - G1_value_type( - 0x170695ec2cd19303a822fb5480f19e82721af04b18d38bb9a8c71f816c47c7bedc6c2866b9581437a93e14f289573699_cppui_modular381, - 0x07dd012681a3ad0cc0859a73a3be4bddcf5bbf6b504d058fb0e3ba7fc0e9536ebab103cb5d7d2287e62604feef4afb96_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x16b5a5d6209f8fcbd6df06790f3f6c2f34322a4c7f52a5e3c2a1ffc9f0f1782278a63794571b3169181d8412457dc3bf_cppui_modular381, - 0x0ab1b302be43dbaa4a136eea7c8c484d4b144880ced9e474cdc7ee77c493761653c280612a7b4da8fc6cf03dc5c07a1f_cppui_modular381), - fq2_value_type( - 0x0e7f082279be6fb5447314329fae7e72986b263cf47b292c141ca662a0302481f14905648ab45679d9fe93a8d5fff627_cppui_modular381, - 0x046d0d3a1f489f32e8bf8f7cbb90a99ab17cdfb1b06194c9a60d2aa78bde45e26911b54451741aae28eec06ad96ba5ba_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x118ed7dab64142f556effee3cbc5e4b7a71c28a98caa84767909bb7e367dff5c4ed49cd1c463aeac9058724e52132d9e_cppui_modular381, - 0x103cff37739ac1fb7b244ab5055ca49af28360127d33245e8f986417761b33afbe44a9ebd453092e364d87339c5cd0c2_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement6( - 0x10103523c670a127c25e5d5ff5d3eacf87cc5a5671a7833901b2a1fcf678df65_cppui_modular255); - r1cs_gg_ppzksnark_proof proof7( - G1_value_type( - 0x19d92ff555f7086784eeccd0c272a0baa68643a24a0df76621b84fb7c54501fa2397b02e91349837a2ea4edda2552ee8_cppui_modular381, - 0x14f218d14352a62d689cdf649feccfab09893969105dd073cab767ed9a2e18deb47a7f7fd02d8d7f9de33615fb62543f_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x110bf3f7b38d9777d3e66add2abc886823ce7fd89131fa1fe02c2c78aa12db5a4bd0d6f38d4122a68d2bcd3d9d64247f_cppui_modular381, - 0x0b0344d55966166e208754977ac8770a2e5b41e4a32dc73ca9171c5a0cba8cdddacce5627661539804409a6babbff97a_cppui_modular381), - fq2_value_type( - 0x16d3135e5907b37b87aa965128413ba872bbb2150b463a8f502693a95c6dce0031aa73479bccbfaabed12945656d50e4_cppui_modular381, - 0x0fc6d03d2b43fffab73cb912fc16274d8cf57d6474f3458f09fc8d6fc8bea4bd552c6aafed6b87c120407188da3dcbf9_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x18a8945437db0c8a921e9cf68d32c325ccc401105bb00b4e0982b3f4706417b911a1d6db4aa92eabc4422e61ae08a638_cppui_modular381, - 0x198b25f849acdb8344d14e206457b051c90bf9b03b71e4523950a31b9b7a026f035c3fa4a4797e8d5ca5ba511492c2be_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement7( - 0x4e2f20ac210798cc3c691edbdca3cd7ba6fc4fc706a49ecf26aa326517e35634_cppui_modular255); - std::vector> proofs { - proof0, proof1, proof2, proof3, proof4, proof5, proof6, proof7, - }; - std::vector> statements { - {statement0}, {statement1}, {statement2}, {statement3}, {statement4}, {statement5}, {statement6}, {statement7}, - }; - std::vector tr_include {1, 2, 3}; - - fq12_value_type vk_alpha_g1_beta_g2 = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x185e44039dfb814a94541ffc8d1d34c8cbc3c4aff9694d7a433aa811afe2ff0b6bbd5d486791706c73d34f7891c7b7b1_cppui_modular381, - 0x0dc20dafd483fc2d0c4400819f63dc880c7987c59d45e30343ab523e1298352d0477ca225e44d39d3839489287944e3b_cppui_modular381), - fq2_value_type( - 0x0ceed0815b9184e3eddfc01ad9049088a6bc7ed11240eddc9f5c9904aa895bf41dc652d6140a8afae2727012801f5322_cppui_modular381, - 0x0ec1abeec3a7dfc704d6b18f402f95fee082e6f79a493cadf5bba38713b23dba7f66e5cdcf35e277622304003273bd04_cppui_modular381), - fq2_value_type( - 0x02433b5eda2f4ceea8ff8b1d57dcbff43a7a7d569e57283bf6413c4db1c4b810305d24e304a294ac3f27d096fcc0c84b_cppui_modular381, - 0x06fda28b12cd3c65b51d10162b32317047f28228f96ed0c46b76a22120974b88b1508915e0fc27572185c7e8d9caa6f0_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c41e2862295b03b61a7c1181843698347f2c9e2b0de45442b7262f02886f954bd4d442f5cb37ec87c5a1716522d3442_cppui_modular381, - 0x056fe72dfc01d18d31b19349cb5718120ddd96a82fbefc1d4ed986372d4dcbbfab113fce0a097f44df81addf083f9b92_cppui_modular381), - fq2_value_type( - 0x0f2bab80d7b0eb6d20a4c894e20974b412bfdfbc9b6f0a2dc140310374fef821d6f9ea8e675760f16adb86bf2b983645_cppui_modular381, - 0x0f174bb36f12cce1f13195cb47f7dd9f49d82f07f78d8f022c2091b01e818cea2bdb3c23b0dcb16d4b8631d9149a60cd_cppui_modular381), - fq2_value_type( - 0x11d09591eebb8787e4a74fd31863ed716cf2ee57e3d7b82a5b7bffabffa78830b0f2e0137fe6b2db1c745b811f1cf7a2_cppui_modular381, - 0x006fae93c5e4b31f21082e3bc097c316b216810f6ccde888075654753304578b6c721318bf21da6d73bd8d257cebc5f4_cppui_modular381))); - G2_value_type vk_gamma_g2 = G2_value_type( - fq2_value_type( - 0x0d545a55b2391f0f4e8b5ff92df2190b32c6f8e3c99aefd96204e2e3e245c23fab958a0a53d71cd6b6ecdb93c1e21174_cppui_modular381, - 0x0084f673066de86c62f4475e32eeca0f359e8e177b2e67f216a26318cfdd0bcd14dda9124f2ff372effc94c0a319c8bb_cppui_modular381), - fq2_value_type( - 0x04da577f4c3e1a1719730427ba645211ba3645a05e1ba3fbf27baf6d88e582234e04c22657ff48b4947bc68557258249_cppui_modular381, - 0x0074a994e0677c68e0df1e75ef45caf6af2994795608be411e7a09f8398cfc32f0078a531e04379c0654e1dcab4ba55c_cppui_modular381), - fq2_value_type::one()); - G2_value_type vk_delta_g2 = G2_value_type( - fq2_value_type( - 0x0ab77c38fa7cfbae21eaf2c682b337ff7ec5262a48974748e322ee4bd80c5a0df3a3966a4626881625db1d1a49fbc222_cppui_modular381, - 0x13c483b705659cf7fae52464298ec0c34f0f875cd4ae30d3c6d493a5d397b4e1a5b14cace259d4a809afd3064a930175_cppui_modular381), - fq2_value_type( - 0x16a71a9e52003641067339931c2b3a687d418e15d1cdc9fed776863d764fccf7b25b7dc284be6d376bc5811ee185ba8c_cppui_modular381, - 0x18cf536fcc888c50a2f3dd9433b960971d8ac3c2e014db7b202edffdb0aa25d4399f97944ad6880fac3eedb3fca1dc46_cppui_modular381), - fq2_value_type::one()); - G1_value_type vk_alpha_g1 = G1_value_type( - 0x055b3e622b91e71857f1d93940d54c5ab3cdf5f766fd478dad7894a003a78f1638d9552c494808d3263961052ef031ee_cppui_modular381, - 0x0f4e76ff6aa08eac42a244a7af07758858fbbd6f78d26df16440b6492e54a07cc0034767ec91ee0159cddf2aec3a0ab7_cppui_modular381, - fq_value_type::one()); - G2_value_type vk_beta_g2 = G2_value_type( - fq2_value_type( - 0x04d8589ff38165e0e0171b53869216805a30dedc3cd04642df29240bc98a51ff3d4db7e902ccfc7fc186113e68b553d7_cppui_modular381, - 0x17e9145008e5cf84f69519a84181d7e41519d241f12c553bb4a2cc7e74634f22041387926a88c5aa73f643b85314db24_cppui_modular381), - fq2_value_type( - 0x152dd5fa53c95960dfe8a7b8214668d577c832ea7eff9f4344eef321770aabb74e2b4f33a7b11c146a4d1109184c594c_cppui_modular381, - 0x0e48183088c9f0bedc1a8fd899fc8fc9a000fa42bf68c0c0d2edaea7c2d5b05d9f54be402deb2f989f499cdefc258add_cppui_modular381), - fq2_value_type::one()); - std::vector vk_ic = { - G1_value_type( - 0x072d9bf38d16790fe06dd960d90ae1e33095eb56e77703ae87324de7cc0691fbb0cf4029da532bb0202e64046efbe8aa_cppui_modular381, - 0x19314e160e79ae8c86f55e826183ec1b1b8530e72e62df12dab45cc82bcaa49c30a7483459a29b522b1c8238dc2e7f11_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x06aab200db211c7c93d63929be9170d4b063f76f689d975d7d33cb8132f7b7fd90c9f8e7542658a2483c4fff6dfbf074_cppui_modular381, - 0x0e41380a7c46a9245def32d330144cd99d8516ee38fb021555843f1e0fa2b4e3a4f9b12ad1af0f4727d23b108c72ccbc_cppui_modular381, - fq_value_type::one()), - }; - container::accumulation_vector vk_acc_ic(std::forward(vk_ic[0]), - std::vector(vk_ic.begin() + 1, vk_ic.end())); - r1cs_gg_ppzksnark_aggregate_verification_key pvk(vk_alpha_g1, vk_beta_g2, vk_gamma_g2, vk_delta_g2, - vk_acc_ic); - - auto agg_proof = - prove>(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - - fq12_value_type ip_ab = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0b651d531af67c48741c2896e21acb272c89d2cb0288a84a82c569a80b17317db12b3bcdbc20504bf18110f1a1f65cea_cppui_modular381, - 0x0318fca5b0e3cda6844c3bff03e2dc641cc8243b6ea5961689de891b2f4ac4fe461ac31bb9ad743cd7763f99a2516a12_cppui_modular381), - fq2_value_type( - 0x1079cb3f7b20a45f1a9efc0185b80c89e931bd60a34fc01ac40c34c0c59488deb5f07d9e2db09f96a436543c3c642835_cppui_modular381, - 0x0d1ac7b85bf328ee7d74c6ae7d44f714f9754d3f2fc0a4dbb759ec40a05ef2e41cadb93949d8303b32d291c6d6ebe517_cppui_modular381), - fq2_value_type( - 0x0a280ff5b37af55776eb9870ed1fddff8c1707dbf4d424097a9569d5ae1b439c36cc1b3b609177d7068eeef0e58bafdb_cppui_modular381, - 0x14b95a9296cffbc9b123bf554b3c82720b10f8b572f1e8fb85c7bca9a6b81652c94623f6a20a57d80b057446f999f5ac_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x047e72bee4172c3531c10746fd6ad73fe047d8f4aaa7c9e050e7c15f0bb2a70ef3a3c39e73cac32d433e4a7e87b7481d_cppui_modular381, - 0x16751d310b7f8bd98200210627da1f6b74b1c9e5e2d3c733f0ac34ebf2760b23b9aefef3ce745a9c52168a8f35593bdc_cppui_modular381), - fq2_value_type( - 0x11bf60e0012119678199196ce43fbd538c69e34c31b48efef70653ca7b8fcb4bd6b3dbdedb53d365c25117a19d777ae2_cppui_modular381, - 0x148b01af1c9d3da2a8811c0d1d428a2bd48c083d33383c89bcebd5e3990eca6b7b1a3c80880ecb49aed4acd1d2b2acf6_cppui_modular381), - fq2_value_type( - 0x1207d04dcbe7dfce8588b618f9fe26f6b5b82be8ac4e08438aff014dea82b5ada7905e2f44bae34814ac1b124804ab53_cppui_modular381, - 0x188cc860b35dea3244e17f0c5184ff3f07644690a02b5d31ea0952e8f4f63d7fc7789179ba834d42ec26432774fbdc1f_cppui_modular381))); - G1_value_type agg_c = G1_value_type( - 0x0034802068b3d1e4182f9b4a9aba124693d02599cdcb98a556f5835f6f81ce6071743f64e4054dca9beca6a98e93d11b_cppui_modular381, - 0x0c3b7c4e47a76f90ad22c5000ef930de2b6be5aed847ecca569b7d3bd35bfef71fd0f3c71a3c3857c8d0392d6a2925d6_cppui_modular381, - fq_value_type::one()); - std::size_t gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x09f2702ff7132e35f7a3296e588df0ec39b73c5829eed980d85f95e4d51b3d0fe85c35536480dade0221125a6565ab55_cppui_modular381, - 0x0a050f0003117e9ef0dc8376acb77ce86977ae230280b436572e10a69a98a2cd1c32800d1a8498050ae3f778e0bfab64_cppui_modular381), - fq2_value_type( - 0x17ce94c42add05c664b047fd439b11390141ce7430b63c5bee1b79abc7d27db59bcaa5a4535e9049bc6a030d1b7dda12_cppui_modular381, - 0x09f567e7b46df9b25591c094d2830c8f15b075f228fa1faa9aa28b491db07bc7ac69816b97cfefd04a051488ece097dd_cppui_modular381), - fq2_value_type( - 0x1336be0fdce42ccdcd2444230a88ba94a66635559daf70556c93ec882039f88e2e20d7e73521239158d9c78fa08fa416_cppui_modular381, - 0x1761083f82e8a2907bfd3f8e82da2261acc67dd37d362feeca3bbae447278aea27363435dcf784b2a58101b57a50ae13_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x19b34f8f58b84b9b7394f55733a66da5dddafe349b95d312ec32620ed50186931c7b6e7fc5b003f749a25fca398f6ff3_cppui_modular381, - 0x1412acdfbd1e92fc733e0480e7bb183dbff2c297f9b36490a8b8b0de8dad11d3b1854d781b3346ae4fa73322006fabf7_cppui_modular381), - fq2_value_type( - 0x0e015c981d00bd544355d4ee3d334197490b9b4a873c1a6d0004d952b72d0d836ceb98d6ef9415a97d058b9bd1809730_cppui_modular381, - 0x14ceb06402a567ce053d9d0c0750834e66b98e317cc2bea0365e66fcb570c38d27c01ac6a7765133f17dfbb5662cd122_cppui_modular381), - fq2_value_type( - 0x12850c62b6f1638e875b72b118de58f2736e544b26c0c459e3c4b117c87b9693341fb09ca633b0b11640ade0c77a41d5_cppui_modular381, - 0x09a579897bbc64a08263c3b9c82386fb9a4afb448939cb83af6fe9be08710ec49c9da76b2c6f711ebd18057ba9709bc6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0516e3067ba3a7f52c0b8ddb9e1783b2fcd4cfa8448aa19172712c620c3bf8e26c98e4b5acb2c7578be5029f466d398d_cppui_modular381, - 0x0ef193e0ce6f10ddc68f7e4fb353ec8fd07b9c382476adb5a755103d70e6816736757f87f09c6ada6ccc619c7d54e037_cppui_modular381), - fq2_value_type( - 0x1819fc602d2dd10c6f53fa3d36d78d081536af8c03b6525362a976c2a8428df4485fd0e48e6254fea53254777c99bd78_cppui_modular381, - 0x04708d36596ca470528eda9690f9f5aa4066bd0ac78b0cf6497bad94464265e03ea3ca31fce40572ba4fa061f25b48f2_cppui_modular381), - fq2_value_type( - 0x06e8c05ffa4b88e4f7f606120eb599a69a1eddab266e9ad79768845cef345f802bee5376565c213e03cb6b27c88caa3b_cppui_modular381, - 0x168709d507ba32a7da79bcf77b1633b71a4ac96a868cf8e9883e5025097349e20226b1aa07857a8e17b6e9d7ffc0e78f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x013f5131b3024acf61cbe3c70e09e02da464e7133ba954d56c55f41ce63c2d18b015ce38260ace34068d6223305536db_cppui_modular381, - 0x041bfb73d4d99513c897352931fc567d0a3d5d3899a5c8e68002f23f81f5f3b7f646dc5cbd9064f42ff4b961266bf0d7_cppui_modular381), - fq2_value_type( - 0x002726427bae373e19e3360558e76c18a79165c0efbf3a3a74ac445911141367778bb6139d487767c66a25abc2206452_cppui_modular381, - 0x151ec7ca6cb0995f1baca2fa99831c0032a98a1b715420118e7d822b7018390d104ef515701cd789f7c5f5d07d188e7c_cppui_modular381), - fq2_value_type( - 0x184908e05b1dca17708c70f7c3450d2e9947a8864c7fe0ccf251832dd69b5fd24b26aa1b49de7e5f929268a09454e68f_cppui_modular381, - 0x1925cd66976849caeb84570a3e241b02fd7d4309e626a3579c6318869581fa2c91007193516faaee36cffbe704a926cc_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06e8d25e2e30279b1d8b1261b5abd73461f239ef9676d5a384e2d5c9156dbf5981b8307a1df6b7d764142c3ff2068f9f_cppui_modular381, - 0x14f303e133d7883f6c7af642fc0cd5e790cfee4886dbd39712c2c71f1724c16f369d06d4d754fe40dedccdf1d7f752ef_cppui_modular381), - fq2_value_type( - 0x010d4256b870a29758701ccfa4a8c2603f294a1ee4f5989fb7ecf46891201286c6bfd1fee210a0793f5e91720c109d13_cppui_modular381, - 0x0fcd51c729f0a4c3e9a5a2f4a3db7f2276284c903342c730d8cd6b8df827aeab1405f11586d3aed8b80cf689c6289d27_cppui_modular381), - fq2_value_type( - 0x0600619f7dcf3dc1d20c5af2d280dab8415a84c6d1f7f65bb79d9b6558372b09a5eb642f5d5a63bd096709199f478433_cppui_modular381, - 0x083f873550a317b9852f4f6f67dec62580f517f0449c5df5c970690d27abcac2d24b011c6431f7c3e79c67be15ab8272_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1972d3d171d81fa9879125bc494b02de883d62ceb5e8c9ee9d888c50bbed5d4dfd9914681d608d9e7befe48349371b65_cppui_modular381, - 0x0a276507e76b52a22dbf028dff54a324422c4cb67b8a40890bab9aa8c886f201f490581954f28ec3f94cdb538f0aa2de_cppui_modular381), - fq2_value_type( - 0x00161821db897544a8614f10ce3d9c0e67c646be82a02002385ec552584d6954153c54fef1b0870c9710dbd5e36a7f65_cppui_modular381, - 0x17845d674fe047c3d1dc3f9266f3e34f1716a8d587e735a6a5d53fcbb0fcf2b1d223f84a1bd5dd0716e486a0bffaf932_cppui_modular381), - fq2_value_type( - 0x0f37830dec9122c2d1ab995b033a9407d3787ebb0e040a33c8515c83581c607831d2c0480f5a28e9a76bf6e501bcf19f_cppui_modular381, - 0x0ad7de79ab04b560ddd70bd963022a7c67b72926716de35ec122ccfba03bdae919954e878ca14237587a280dd0520ab1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0069002eb3bf9510c03f555251b6aaffb6369afbaa26902000719a2e6793ce95c3ee3476eb98e7323f86e187bcbfcda1_cppui_modular381, - 0x0569eedf66ef98b94e8037ea670a1c73dc12c60d83f35a859fe2b390ebdee91a7049de7c6233ee6e1a91296a38f3e60f_cppui_modular381), - fq2_value_type( - 0x18d5c0ee280f2549fe62acc83dbf6a76c17c0c5d144d82fa927fb2492c1d41bc220be3d3854faf1896f77d57638787d9_cppui_modular381, - 0x18c3148323f1a04aaab6dae84362c4aba48dcae376eca2d5089b2df98268f20ef4053fe8a12656b59ffcd930a1353ef3_cppui_modular381), - fq2_value_type( - 0x00698c72d9e34a5f75f525ac738e4efc8f0177792f0a4f2825025a931eeab3d158c78df7fd2613c61bb5216e0d0f0da7_cppui_modular381, - 0x0879d4b791594d7b76e0963b23ed6a1fd157dd0695b88f7dd1fd399bab2dd88cf2683c854d0e90fdb4f3ea98b0990ac2_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07a8aa469fccf18f374b72718d5f9996bf06e55230eb8604fe4febf0413089439839ed38f7a4b404825741c8208e0ce7_cppui_modular381, - 0x03091f175dfec84468264ef0d252777035aa6027868f3be2706264a6c704048ac4f4522d4aab30743862674b79247754_cppui_modular381), - fq2_value_type( - 0x1020ce13bacc67aed10a3fa70a3579568925d3a3c937cbaacc0bebc6344dd5db432f1297dd7748cefab5450f333e68ca_cppui_modular381, - 0x10f63846a44fe863ada8301a3d8dd7deafeedff12405e40c2de03bed40d2f80717a4482a618c9ea076e73b1ef7e76ba3_cppui_modular381), - fq2_value_type( - 0x0dbbe962242ef2fa7c2f0d1033824bd30fb379bf7e4be16f33fc08494a5715ccf6f8efaef57e60988be9138668f0362a_cppui_modular381, - 0x06ff728fa1dfd8fd6cbdcab2642e65690aba7bde8fc3ee5002a710b67e8eac2104e10427c3c866ac0c7c7c0e5f5de17b_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x1852796660667a51a0c2071cefa9e8f5b9ff8a47ee5762586000e9238fdc825061544e2162192b5751083d06e9466119_cppui_modular381, 0x113256b4fe8528cc9d1a174efd5cbfb77deee2781387d835ce4a9c0dde7b3089b4f8312085e15af08d1658a56439b4d8_cppui_modular381), fq2_value_type(0x0faee8705097846240ff8657cdbeb1f6d8456ccf542ac622806f041593bfd748c383df871db0998f273a79f0cf916ec9_cppui_modular381, 0x0390e476a5de709046c47a19b0abb8a985a0c76b09691ae0d415f60b49f719d6d6c91c863e5b34cf31e753e9da577520_cppui_modular381), fq2_value_type(0x1397212e9af000970eff603feae0fb6e71bc54540eb44332ac6a48c3262cf8643824641e6202edca7bb659df095fe6b3_cppui_modular381, 0x09c69bd15c9a4416318f3e2b0af137aa460e2713d0376def59c6356a96551a25120815dc9d3fab26c7565d7654fa0535_cppui_modular381)), fq6_value_type(fq2_value_type(0x0d30d2735f91528c9f170b00707a977c8c9a5bf9648456508d07018dc7b77d04c669fb801f39acf291122d3a92af1cd6_cppui_modular381, - 0x0a5ab1427d4dee4a8596f5d447d713829baace88b75760123ebc0f13d473f15956b70a197ca7b802158989c98661ab0e_cppui_modular381), - fq2_value_type( - 0x06da230ae1b6d2e765956eab7d821de3365ee69062fd7f9bd466c2b35cc0fa8c08c2b659d54967ce6b83ad04b8ac12e8_cppui_modular381, 0x0e28148bdadf0530691d69b4de49e8cc65bd7667054f502a9fecc110e31a28a8df5698d62763bbdd17138275e3016420_cppui_modular381), - fq2_value_type(0x0e3ac1346e53febe7915b26f6ec376937df4c824017a6e8447c292204ef3207d67f87088cbd171eb2c93a378be6d60b0_cppui_modular381, - 0x16fcd0e7e1cb84a3952716daa8215c4711ac08f86300e2644f5795caf870eee6780b1a373116a5f875fe6c5c9437f450_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x15792583dad78658a7d2daf61966dcd14237bb33aa55f6276e3238b01db154d0a19ff47a7eb51dd0ae9b04e5f0484398_cppui_modular381, 0x155c3e27184b07d4a38c29700c3d3482b5ef9f33d3d55e6c106ca51d5c1c57844cd7711e0ffeaef59130f4538e3d2af1_cppui_modular381), fq2_value_type(0x0bad0d16235713391f1c18c2a6b3660552d96dced221f78fa954f316a6a8b3d53b4c03c58e57d7beacfdbc4b17ca35a5_cppui_modular381, 0x06df3fd4503f18248d47078026f9737fc2e96b3a42d1c93be2bcff3d02c887a5d7b6e39f1fada154dcfd1eddb13b541c_cppui_modular381), fq2_value_type(0x0f061d1fa9bf661ec5ffe7366627c168410dd0fc813a65aaa471576358311dfdfd97fa31657b48944e01c744ba8237d5_cppui_modular381, 0x1059558c21d6bf4eeb0f8802e9c97a0a76d896ecd3a26157fa8e3bf905ab61b6813c5c06c9ff0a5e502f05be022bbcfc_cppui_modular381)), - fq6_value_type(fq2_value_type(0x097c0f8033bfa18c5405f2182a01a48d7295179b4fb805c959e2461e5062678bf20e9f265dc11f818db7df6926df150c_cppui_modular381, - 0x057f7dbe6a76181210ed8e29586d48f821a054494c16401514f806961609ab8aad625d5aa345de7349c3acc9247401ad_cppui_modular381), - fq2_value_type(0x1480578d2a7f85051e867267794e8bd1f313b5c5152b0f5cf81a966c13823909e14f1b2d21e5a4ec78e02cf88751dcff_cppui_modular381, - 0x113d18c38a26c45a60f596e6f4b10f1019f63fe4980bb981edf1d17db3c79829e71a41ed16ff460f9280af70882d8c5f_cppui_modular381), - fq2_value_type( - 0x0b0920ed9fc779b7a76eaeb651a298b8f9fb7c6fe378ec0580da51ebe6183be84676da7e20a2624b2dfdac63c9f7ac1b_cppui_modular381, - 0x09041b8e1b4ca9017d86e11e261a4fccd9768349710add0bff5dc3feba32b79f7d0a8386f31aa466142e94281d0de4d7_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x09bb36cd80eab6f12694c4ca4550d16e2af9ea16289308927931cbb9401bce30d96d107540a60d60caef2632e3b6c6bf_cppui_modular381, 0x02b27984d891074cae019ab2456c9aed2aee2854cf5e6a17449ddf76d94d072035e1cb74bdfd18d6a44ca58d1572d2d3_cppui_modular381), fq2_value_type(0x12df2452cf3aeda37b4bee4d7c94be9c280118bb632602a45f980b2700a95ad11377262c90a5da4270430162b98d4e44_cppui_modular381, 0x0d6db13cdc6418687fb342c1a1cad92a74428af8cba1c5cd9c1c621663960d739b03b71df7cd97cbd21dcb68757ccef8_cppui_modular381), - fq2_value_type( - 0x128b372c0b575c00b519ad78d3a2a8115ab13cad2c218021f97311b1f6e1d0f64b8645c4bb2f7d175c62995e14eec5ec_cppui_modular381, - 0x0d49fa41962f4a792d65db8cf7636d5d41a51f0eb813ab3830ba0b7cdc58d6129a25f473d238a691378137ae2e442d7a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x130629d1992307191405d0da48df876ca0df83cf7bdaee667eea3fb956c80d3f2dd452fbfe85d57423b94b427a31c54b_cppui_modular381, - 0x0cb67292c5b6f1aea4a0dc256b042f8bff495e969d302f564c58dc24cbbd3cb6bd2f90783fbdf6616be351a200a8ac6a_cppui_modular381), - fq2_value_type( - 0x13892607ef6b0ed83e268c24267c5ea4ff95b7034e6c775bab54b06c6c084c2721ff69d7ade9f913ba055bbf335b9338_cppui_modular381, - 0x13a9a57f8215ba95c26003d0615f9d2f9fe6bb16bf46d6a480b650a482867e68039a0c1fc28583a396920443042ce3dd_cppui_modular381), - fq2_value_type( - 0x0df5ef7761d5ba02d5e1abe1187d4e84893b2ef6dc5b4e12c229d36a46332a4001e55c8952ec7b15e76f457b53088a20_cppui_modular381, - 0x029b1ad8a8dae8836e02e038750964d1ad266521f9afac81ab8ab590403dd072186f5cdcb1c23859c632f6eb110c578c_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18910203dce07177d48648de3fa56bdbd5e2f48c3035233aebbd8d80bf1c962c2db8021ca7283e5dc83e3689cfa99312_cppui_modular381, - 0x15d937215193ccdd295b601da530efd4ac06b5d65a84d25ee6c2ba6a3db27add36029b82c971411b62b22afc63c9a645_cppui_modular381), - fq2_value_type( - 0x0965f919df8abd4ac9e3c1796b3e119bed0eb7b64039908aa83d49d7fdac95dea6fd89fd9f4c84c79854909a1621ff8b_cppui_modular381, - 0x0d49ec3527dd81e171f4451bb7f7cb07f4f1e8b7ab6a706887af082218272cc5b95ebd24346a2f3b3a513348f5ee065b_cppui_modular381), - fq2_value_type( - 0x0eaed4c89dd6fef003183b91b164254e086f629571e24b3997f64f268d20fa182ae7d60cc49312ea781ca3033c61306b_cppui_modular381, - 0x00d28794edcb599b56505eb4b3f3cbc47ca8a6768b4fd53fe80fdac2008203963c47f3871bc3bd246fdd2fbe8c937013_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x198fdf087c2860bb93325066183f661247dd99443161bce488159f45d486e32fe2f9f549fb7ac64e79ac33f1a283d2ef_cppui_modular381, - 0x11dbda70c5d26a97a697a9c6a7c979bad96065375018e719a77f727f995bb442779a34c735b5fe5d0d0c21c5cefdcaaa_cppui_modular381), - fq2_value_type( - 0x109ce59323eede2e20fd03947305763b75eaa83f10d554a351b17eb571dde499a767bc882e17e67f3bf3141416cde13b_cppui_modular381, - 0x15c268b03243dcb9e6500d0bbb43c6a4d9bc5aac5611b1ec351f033a0e1ee506f1f1cba9930cb55f40fef0cc7f842663_cppui_modular381), - fq2_value_type( - 0x18d76caceb0941e1cc6dd2bb359bd9b30fee9ef9235016f9169220eb6f521a7b5acf5607de2c0b9fb45d32c81b5aec55_cppui_modular381, - 0x075e9c4a549562cebc3141f4aaf60362729ba394092374cd6f5bebdfafe8861669b295647e7793afa254fdca10b7dc45_cppui_modular381))))), - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06f321d906b79b5812154a28ddf0f3de4cd657336038d141ee75acd4ed8b79a1177ad6b1261f8d04efae29e2532c840c_cppui_modular381, - 0x078b72c0c7b4fab7c46756cc75d5737f58e1095cd3bcf3ad68ecb96381476ccced2a9493c1e05cbc0fb084451e9ca6a0_cppui_modular381), - fq2_value_type( - 0x198c195dbd1d992e8466d5f6c88a39dd72a03392f7d85359b00b40d9220344fb0daac4b2c47af41596e2c4263ef2ef69_cppui_modular381, - 0x0614f9469fe4144cf2f29d138a9410673ad84c77d302b61a7311d2f39a4b4508f1302754b7b1e8bb9c90d44d761f499f_cppui_modular381), - fq2_value_type( - 0x059869004a8b1104377250553c76f81a6158153428be4ed5d76fef949f75976b38abc57d61138c83d47a9f02bead4b88_cppui_modular381, - 0x13f81d53a2268483d709c67a87b878fba2cebbdc1a84401f0df6bd426848f43a7a2d1352b7097d700738cf5cbba1169e_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0be20ed9ff538023b7d6d30497424eedd6423fe5a28a4b80cdbe8dc52fa75c6f5499eff849bd23df8df5c985d41da993_cppui_modular381, - 0x14627c1b47ff13759f280516dd24659e1743b857534ddc3024883bd375ce2329c38f01183b98918980b4863878410412_cppui_modular381), - fq2_value_type( - 0x0b0de23ff8b46698081ab21cb08051fbd6b6a7409efdbc3307d314d13b748d9a7d6a6375da56dd3bd6f733acf5bae51d_cppui_modular381, - 0x0bcb619091ff45a58b85a56b2571c624633300ce299f4086f48867f596b91724c02eb6cafaa5b3a15dadd425ecf8ee14_cppui_modular381), - fq2_value_type( - 0x0cbd58a763e04c1ce797f95f2e00ccc4af804abc5720a0b29ce4414b5f754a3f1d2bd5491559cd0cbf23f4879146a60d_cppui_modular381, - 0x10ecb14051b56638ac008a980836dd3d214505226829a1c691b7981f02fd063ac3d18de32fc3b2905cd508124970f215_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x071353e6993d74a98d13c11d0584aba8d18b2d77ce0a848bc6aee2b01b81ae2f1a5852b1abe11cfac04c1912ae48210c_cppui_modular381, - 0x179ad4ef71997ec157c8e7f15111d4b013cad3cd271089ae0581ea1ee50ad0f575a3a85223d309f259721f993e383260_cppui_modular381), - fq2_value_type( - 0x17c056a495eb1b931f2041b3b82138085e00d257ca6d1e0adae62d810bb79a28ba945599cce6d15ec11b37e5118d6252_cppui_modular381, - 0x064fef2cf96b4b3dfa4f55d70a438cfd0a017836225e893560ca34a3d3555932fd6a75398877fb8e9eb27919a00b5aab_cppui_modular381), - fq2_value_type( - 0x158a4dd69a3aec0dd9cf3ae11e65a6cbdbc77bdc05cd7c1da38d773f2cabc85fe11b5ff491089493b02609df81cf40b9_cppui_modular381, - 0x0434d7e43b5457547a4e618322aa80417a88b9835793f8b09ddf12ff3f016be8581ab079502ba694131016f8b7663b44_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13cbcfd7e188529463acb2be9d9660dbf901477e670a3179d62c8c21964a7d8c0ac867f2e5085ebb24713cb373709843_cppui_modular381, - 0x01e1268844f15ae9aaa31cc6de89b0a4d938a0bfd5f21509e28982ee2d93fecb78a468756135f3c16d1c81ed708df139_cppui_modular381), - fq2_value_type( - 0x196655bf7d593f45797d274569647be8a1e383c0d60f02886352b5a130d1d5a1abe3548c5828c9b739cdcc17e04cf8d6_cppui_modular381, - 0x0ab7b2cf01a7de6e9378ca52bd3bf759ec565d65ab7c32531107b4d0f6a04fc125cdaaf1ba1cf1fd095d51993b7e4c24_cppui_modular381), - fq2_value_type( - 0x113da3ff7bcaea6249cd9d7836f1ce0835f6cc60d229eee004add1fc56fcf9aa122a2c0d40542345f04952b0833920ec_cppui_modular381, - 0x0d5eb9ee3e91a373184eb4a1b7e71f19c31ef288e22325cdd524daff9d43631eeee5f7924edb61f073b7246a03c17ddd_cppui_modular381)))), - std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x132d751ab5babc2a8543ae8d6d3f7856f99bf5c2a9175a434baff1c4ad4f8ca7be81fed8f69bed7973fd9043ac17d303_cppui_modular381, - 0x0de339262382ae18568687047056280843e05de48028e4ed4a02d6e16f775c31b1501598619aa4cbc0c794ee81a74fee_cppui_modular381), - fq2_value_type(0x1497c6fec99d952b0440ecc2300f090e1281c28abda0393a698304fb6d934f261059a21c48ffbbb3c817e2587faa0e0c_cppui_modular381, 0x144d933f46645e4b09549ce3d5caf3e09809084f7797b7184755d5d636d2f8f6e9ccd57b086bc3185727f26b38dca95c_cppui_modular381), - fq2_value_type( - 0x05b0ea429dad01c93babb50015a363d1f3d3d9a64e78396266cdda7a88239f9fd4fb48f47dd67b9934380c637bc7eaee_cppui_modular381, - 0x0abc4f2a97ac6db34202fd5f7f7a724bd18068b2255e93db33c7685c20459a4f9b6103948b4e8e4b518f54660d644810_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0071126b1695b57907e02cea8928e6b91549e48744f1402789513527c992fce32c1cb6126b744a9a33063512ac7925e4_cppui_modular381, - 0x125e254e6f28ef225cc4ed5da30662212142d233fc61e531afa399e8b04dd909b3a86156f3baaaeb7eed7bc13fb137af_cppui_modular381), - fq2_value_type( - 0x0395bd0c77c91b133dce209ebe92099891a55578df2f22777f1b08765d08df70e93afc113ed7538dff97998228056e3d_cppui_modular381, - 0x06a7e06d3ac2480bd847400edaf1dd405f8d9cfd1f18df42aa833b51801f9ba127ca1d29340875d148b49b0629ec4fc7_cppui_modular381), - fq2_value_type( - 0x0147fa2938d5fd958715fdb6b1950adac27d03a1c156bee7d514cfc6d940fa9e55bc7222cea029b0fc0e7983c6d3fe27_cppui_modular381, - 0x16c1029926cddc450309f3ed78d45cb3347b86379a3d16b0bd87fb45fd1539584d45e109391dda6232f3c41e9c9b5b1e_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1279edcb98bc45b079509ee80de855b63c6c7e017284a04c96310cb85592956055306737ee49efcae0b3aac9d463d015_cppui_modular381, - 0x0199bdec2e08c95e64ecbd37851ee950aa1cdf851130f355aa7e3fc334a839bee7b3c94d39f4c2a37974dcfa733061af_cppui_modular381), - fq2_value_type( - 0x133d8a2bdb821e20be0170499e79e873c9fb4eb5b482f5e1a3e57d390bac9f5a9d9fd001062be71ce6dee34b6caaa956_cppui_modular381, - 0x190a0b9e3980fe2ea8bf9f1caeff90ccb43b46d77aa23d11b9d615c08a0c851ab20ed854bc89267e20c3a437a5f8fe18_cppui_modular381), - fq2_value_type( - 0x0b72a81cb35bc5f4a53c951f6e0062f4e2265b85debcfb975673545e6a28c3067998482baf5175799b738240eb47e4b1_cppui_modular381, - 0x17c59d1573eb3cbe6704695e57b8e3982b3eddba61ea1e82e6a2cd8b25178a3b0a35f894083fcc36c4fd1d2adadfeba8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0a6cde7faa847091de38ed6c766c4221198aa8cba43a024767c73c06998177f27d2b051c70f0f443bbbb51ad6207507d_cppui_modular381, - 0x0b2f0e721f6dae157eddb0730872966422d423220e2a0919cbce19c49c9ea52e4de5c53e0f582d07898dde508429b43a_cppui_modular381), - fq2_value_type( - 0x0b27390e2a391ddd460c8edea66447ee6050a95e888fd8854a90bc991f0e31cc00db69108a4a0cb3b7fdaa39fb00d3ea_cppui_modular381, - 0x0a2a83c7c83b7d39ed0f1f0a796523c47693dd5dcdaf7da67a5d35aa8d9eae53b896baa19836a86323fcb0e793d0433c_cppui_modular381), - fq2_value_type( - 0x09c9d0a7a7b62ce6f69e447e07f8eef68bd7410f0554edae4598f801c57c243b7d54be4e72da8c6c286c40db7dd7e802_cppui_modular381, - 0x1730de7718555a9cb0fd7ca00505def263c451125e2bdec4937210154a8b6cfae0274eecff840784249a66463e00cfb8_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1302304e6e28332a7459d2635d403f5edd6fd7de5f535380c5dddfa71aae09901fe8d2f9378aa14436e1083814f3c2a4_cppui_modular381, - 0x08fc52391dedfe4cd69df6cbfc2b68400c9a07ff2a5a3d004c9857a138b7801ba9b4b8ab7b12f296c01d20de74b4820c_cppui_modular381), - fq2_value_type( - 0x0c920cfc51c5cbd16cb68b772e3c0d56a7e196d5e9a989c51036d71c5e62e99bc02dcb0dadd7f53ccc5ede290e7c7166_cppui_modular381, - 0x0009d2f162880d496b8787adacea02a3feb39467bae4b711e43a5d5726ecd15dab3efaf2f6c428a312249d352d832907_cppui_modular381), - fq2_value_type( - 0x12c5da016c5d010d89cca9f49e44888f09872cf82410704c0e2532df16a531492db7b8457aefd3c1a74a1d413890dfd1_cppui_modular381, - 0x187e547e48e24be03dee399fbc26199ad8e5de6629db5e709807556d814c5640a8c58747c4c5a8f14dd999777efe1fe3_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x040249ceaa66475d73b3d1b28360882c4668b6e217eed809fe6320f5a8ea18ace6f65a28714f681f7fc049aa6f88f9a4_cppui_modular381, - 0x16d5a56f0e7b00fd257b37cc56dad8f632a7c552392ec0fbd6479a7771882e40d593c8f56b99799113f02917880b9402_cppui_modular381), - fq2_value_type( - 0x0b2de7c7cf19b158a28ae3c16ecdf5b25f3a47c1ccc8797d38c216cbdade572571fdf35f0ffeebc94874b754e2d771c2_cppui_modular381, - 0x04674c429d66ffc496a3e8833e5ec22954f8aa5b176696336ccaa2208f207a05182ac7d1cc0cb1434540b132d03fd908_cppui_modular381), - fq2_value_type( - 0x0d4616e0545bdf0b2acd91a61d9461427accc911047449cfb12976639a91899179cf50bf4f87183930a1abacec75f4a3_cppui_modular381, - 0x117f05380040849733892641de565fc1f29ec1d4172b54057299279dfca5cfd2fd61d26ab66ecbeec2e6a6b4ededa211_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x01e38c35eb4f4192d859a6cbe31ca07ec905c2ac9577060c927f9c1908e2b7be245d1507c10dc1a552c9e1350729a7de_cppui_modular381, - 0x081ba9fe7dc8b73c8cf83a6bc8a386b9f9cb1c5811acbb79c20930f67ad5be8e4d1ddb944a39bd21fcd61ded130df478_cppui_modular381), - fq2_value_type( - 0x187aedcb8e01fca3ccb1e637e238ab2c7d0dac2ab2e8748682129285fd0ced301bc12ce324f70c2c938672f4e2281110_cppui_modular381, - 0x140a31bbbe41896ef3d831d0fff390dbc9c333033b63c59f864b6b8b01cbe0916fca3bcbbb109f7d9c5d90a60c3a15f4_cppui_modular381), - fq2_value_type( - 0x080f7afd14d5ac8ec0fc751d636ecc73f8cbcbbb7708938f8cb20153c5f22fa10230880300fe12f7e3e66132131420c1_cppui_modular381, - 0x16e675cf6ab819bebb6777fd940bf2c17608ee7b74871d75b07f303c6a26176a7346a55146aef7e85f6f1757aedc2a9b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1940fd423f42fdaff353660493dd6be588c37f8834d6b3dd0ea4300d4e039263650645c212fb5cca8ffa70bd8de4fe9e_cppui_modular381, - 0x0441f5ad4bb3e7e9ea51946b3e3b24d28d5c97d7137a656df5ddc674b72b9bf6e606e0cefdf26dca1c4bd1bfae33c199_cppui_modular381), - fq2_value_type( - 0x195943b0c07baeadedd4a0c54e1fc60494c8b15dfd50dc070dc107412e6fbdb41984bac2d56962b6b9d280ab0e3c1232_cppui_modular381, - 0x00aac7504cc57d3135e4e27191a124c7888dbae6e8929e132b5b353809c0620cc59abcd5e440eaf1c09f901b408ea617_cppui_modular381), - fq2_value_type( - 0x005a52ceae5e4c099e51682785a6a25666ac89c42936ab8662fa17006992a8fe102041a37b81b0644897636fbb21ff44_cppui_modular381, - 0x01f16d4db6b8aa06df93bbabe7e3aa5e9c3e9d6409f8b2e1936ad76c126f4fec5c382ea81ba6d7d7ba3af14ce7331a47_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x017760f59824e060848b4a506f3b4fd452b27fab157f356348a0e3fd49e6d2bf0ac64319062b69eac1d58fbddb5367a3_cppui_modular381, - 0x0f8b5cebb4dc67856a6d9ecbb12aadb04e2fe9bf3323b77d9be238c863c15062d9884bd6cd59d0d86526dc788d974fae_cppui_modular381), - fq2_value_type( - 0x17288f95d7c42782b8f8a7bbcdaf8770fedf17ec89b35840ce22079d29d97324b2a8f128380fc22ff7fc8c506f24d832_cppui_modular381, - 0x00376666557e1eee19b5aebb7773bce591c2586ffa67f83bac959393c3a552a55d1713c6e31fcb4a7c146fc2a515059a_cppui_modular381), - fq2_value_type( - 0x090f84fd3b71f35d6ec3da6ddd2b2339b5fa73e62316c4bf1e1d37951b1579376aa138a9645d5ab6e6a7625a3902af11_cppui_modular381, - 0x06f56437ce1d7f76493a57f96cb2b2f0673165a614641fd2b1ba1e221f9c7acc5044e68c989ac36f221d6f0c0688a775_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0324de275bfe28bada7d5397c6b0e88f761f6f96d19deae13c1ca9e74edac8fdafd7e5168b74dac715f0b14e15120786_cppui_modular381, - 0x015050406369c0eb807f6360f29343e0ee8214266923a6557adbb7fdc1d5068ddbf8b33208508d9cd696bab90be90548_cppui_modular381), - fq2_value_type( - 0x17293ce656641eab01401ce64ab3cb38bd9ff0c75dfe534680fabb3299966516c8e250a0e9731e20ddfbadb6afdc29e3_cppui_modular381, - 0x038bbd9542eb0dd2543100aad6eb3fea981f7023ce16a990e0651c7226f9a9733d8e8078c0696187df530a6c545484c4_cppui_modular381), - fq2_value_type( - 0x03ec9e240c474ed6f729b0d7a69f87ee8e2624144f752dd954db62a162b41c0e04bdf0d5d9975b80d1dcc45d87c490c9_cppui_modular381, - 0x0f513249f1a350be65b21de0b5c67f2e165febbab0f8b96ec794fca61a7f69a0c21bfae624daf1d7154cf2e94aef218e_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x10ab10cb06737ab54f2a7428e7be1c1496e2b017ce57fc62c06f68541a0f08294728537d83a63c1c3844ef2c2f4ab2de_cppui_modular381, - 0x127d40cbb56080effbaa61faf34ce4fcb19d3d7da62216e0d143b0bda23a678d4e266298a37146955ac68478c37792b5_cppui_modular381), - fq2_value_type( - 0x169b947a693cb132d58a7044a1f00a0bf73c54aa46982f1865d4922bbd0ddddd191b8b41e9692c0416e2220151743675_cppui_modular381, - 0x0b96e829f950991af68fc5048ee0590be821ae0075a0172141cd5ab0c93dc4d5fb673d2a19d67ced1428921365ecefcf_cppui_modular381), - fq2_value_type( - 0x0e8ed67dbe55da6dc0f4bde94d88f4395524d30a340b61eb130da242be50d110a54e91ec4f037c5f1a8d26cc0fcb98a6_cppui_modular381, - 0x0a4920a012a1fd91075ff90c1740408fd8ac9802b0c1b8dda4f53ba627fc2088c786ba8f9b1df98211786b8afb6d180b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x01aa7cf0cf542a9f6e1c2e63cd729955ed9d7299b5ccc9343d64811934caec9086f9fa8b9d019322344f639443d846c9_cppui_modular381, - 0x0547c42a6ee31146a8941850d6e8ad6b1b7c62594f2efa00e794a6eb77a033d491703ec69a349fb9bcbe68914e1faebe_cppui_modular381), - fq2_value_type( - 0x0312644c58f670dc3eb7cf4375c1f3b7f96b021df916ba8fdc4adc73b22cf39aab734487837e4712786f42e5a48c9785_cppui_modular381, - 0x11290145623d78b0e25c4b25a750fd800da9678ce9320344644307f97c8d4d4caf53fd27da42a2ab1d55febcf67bb853_cppui_modular381), - fq2_value_type( - 0x033dcee3c4f44175f5d07506bb89ad3a9443f6b52f26944607f1a664f735aef30373629f8b11f28229fa62a3a16fb6be_cppui_modular381, - 0x0dc901adb2d5a2e16386945777b6cf6689e6da5b7dfc6a6c62b8f9281a72f42d018fb18b2d5361565d58286f2acb8d66_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x0e6fc2fe271d965895ab3490c328f66d7462a64094ea9d80ae23b64e94e1f14f116580a5abea53a0035de8f0e054b705_cppui_modular381, 0x099718bdc61adee66df108fe5440fa76b2db180791a3e32398d784aeeac23b957d890ae578ad3751fbb40ff387a6c30b_cppui_modular381), fq2_value_type(0x1421387b26d4ef24edfea0d391c72882757772953985635630705b84ecfb1c45cb55f03cfd3fe75173fdad0231494e6a_cppui_modular381, 0x19012dba4824606d99dfb0a3955a1091dc738d0615054b99ea2071c641e7d075b5b0037e5ad3f0ca479bd627b5bd4b6d_cppui_modular381), fq2_value_type(0x028c155e68d90a74a689ac499262fd444c4f85e8d17592c18bb40fde581c72274e5ef41f7fb761f18f745c644e1507d8_cppui_modular381, 0x0e32b73f5f08e9b3f84668793766a5a7b51d20ec1856d5f7502e37e119ce6539c62c149ef8ab1c75ec9a83a6cb4f3c61_cppui_modular381)), fq6_value_type(fq2_value_type(0x151b40c6e8e43fa5ccb7797e19b60111c2d76042411b599418e3eeecb99fe0fb47de5950783435195c5122ffd0abaa5c_cppui_modular381, - 0x022a12f01b7e0e6d4d0694cc47cefd1b1117f75e118b562021799842ebbefa89b9d0236e216ee4899446e97e7c781fec_cppui_modular381), - fq2_value_type( - 0x17d32f37a731f8dba9516ebbc840f14ab5a51c0920308aa10338f6251580946d3e6a3c61948eb892c7b6f6f7df84f0d7_cppui_modular381, 0x12d112384d2fd05a71f54fbc4d67e270a41efdcb256bb753981fabeb50fb8fd4fa1cf9800df4c1364cb50e824230e85d_cppui_modular381), - fq2_value_type(0x115b0b32cdaaa33b246e562b4654d2eae616702b0aa55bd31e5b58919469497387fb46e61ed3dede0edf598892b4a452_cppui_modular381, - 0x0883288eae7b46b83394003d96a11a3b5fd6c729a608a58bb4596ec6cc74d0f75f6028211d75fed6c7b36e15f6f659de_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x1382f572d0d1a153487c9a77090c8a8870ad5d4ce7b8b1ffa24f09d178888fc490c2442e3ec9e64e2255a5d108711180_cppui_modular381, 0x051dd8211d97d800cff47b7ca515669ea462a0fa4f2fd056da3460423f1351d3e644639e0804d23828eb6e0d5885fbb0_cppui_modular381), fq2_value_type(0x142fae3fcd65304ef2c0e67d4a26d618a9599b5203d024c6649a662c6e72454b9f0fa8ecf9ffa731cb26c0522ae3fd07_cppui_modular381, 0x06673dfe79627261e144cdd168db1fcc6f71459580d32c6b24811817ddfb00880767d8aa2688746080dd47ede13bdafa_cppui_modular381), fq2_value_type(0x057234e19f1b700f0e3a1178f61ecf68185677ab94e25e07f4095608e44d16ad31bb24e01df941fe22e45be0207bdd15_cppui_modular381, 0x033d37d4bf97c1a132520a396849caa06aebde195a9bd5feed81ff0d7aa3eb86cc60561774b27d86e8f24de18b617deb_cppui_modular381)), - fq6_value_type(fq2_value_type(0x025998f75a3e007d0a08f7a79ac7d6cf80ea37804b8017a725234b8738e10556264dccfa7027f7750003841fb4c10b38_cppui_modular381, - 0x056a9eac729beba70fda9c71780b37f12b01c043f38d7be4f9e129d290d8b69b5e6bd749b66db1bc58f817fc03e71b3f_cppui_modular381), - fq2_value_type(0x03211af1a3b143d78742ddd222283cd78658be295a9d4e50488bf6ffefd8d3b8078ab229cb81e33b0d1f2bca399cc2a1_cppui_modular381, - 0x0a87caa2e5d4ab7175c524690c441d3e2c08b6d839657cc5057d076ec7e89130bdcac807b2c18dc4a374a78faea4f0e5_cppui_modular381), - fq2_value_type( - 0x1874766bc415088877f70e3202cdf5c39ec09c15f0e0374f7fe7ff8fc44400ac26799ab5432b6478dfc214dd483f2595_cppui_modular381, - 0x108a4553948407ece5f81e7a9fd68f5149539f05b84e0185cc92ff17ddea29e4d34d94c4c450c069a240b35ab594a5dc_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x18376cf1ccd125f8393fea8f341a6b62e2b9baf17e4b7201e836efce9a6a9bcf78e0aebbe84d9972109ddfa960e638db_cppui_modular381, 0x05cc07e3dd54146d3d8db8bff3c79fa7307454332d9522beaadf215b93788c24de3a21b4e14a94e0ebbfe8216644ac2d_cppui_modular381), fq2_value_type(0x1830b774d1dc559e770f3bfdcc60aa981b27dc5505dbba74b79183b5dc21a2b96d721a72f1ae12d61d41597cd5d6e217_cppui_modular381, 0x1428d0e15547d52848eb50da618c477691913376deb87638cd8f4ed07a76168913dadeb63e820033f4913c8dbc0802fa_cppui_modular381), - fq2_value_type( - 0x1943e624109a95ea892c8bae3b7579d8c8f2be3e82cd6b3a40f85dc55d29829da201b5f43def92edd303481635ca5e54_cppui_modular381, - 0x0469a5ec7f7bb7a3279f643795b49267ab861f650badffcb321be6506f06b3eef5af8a2392d94dc29d53ef885d7ba517_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x00a82590732fdead4e76bd1a203b2d0d86aa82dcc336ff43801bb4d835d7d7279c35756028d8c428f6d3a585dd0bb0ca_cppui_modular381, - 0x1346e6edb6d18ca90e478616afb42a3013d259edf37b6f6b8ac551bc716a29d7d8a72a51970ca8fe8549f3b53bc5c639_cppui_modular381), - fq2_value_type( - 0x120844acb209890ba835f8002e011677c26720ca058cf9f414df42fff39ba17149a372535f763d25a4693841fa491238_cppui_modular381, - 0x17dba6290fe070ae0e2466404964c8d7baea6803152443aadd25c2bf8a01d15777f561a0528c0d9b9442ec9e1c324b9e_cppui_modular381), - fq2_value_type( - 0x10ba46c06a21b63c6ea1b9cbda7551702cd3e602d3d9d74364454ddd03083b93407a0f33059117a65e3d9f1ba2f01249_cppui_modular381, - 0x03504bc7e7fb392a25a4090ca6ecccc9bd73f851064bf38191f9f691931c48420452ca776fefe77ab701b320df7fadc5_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1634b0535614e652cda371df912e26dd64c8a39cc81c1649a8611d37c3f884b64fcc1329bf2b08a905628c84795322dd_cppui_modular381, - 0x0fbff0ef4186fe1b8861f7d93ab9acff6a64f44427f5ecab78f22e4543ff6656485abfac6bfc47e8fcadd36e6034bcf5_cppui_modular381), - fq2_value_type( - 0x1542195a391ea0950c9a4663d985be099fc4666f7df2c34753e68ed8a5b664d16e2025ae8220dba9406b730b078590b7_cppui_modular381, - 0x18246d3b59889cc8b0edef7ee55290299fd5a0080e8716db341931e3d222eaf2c0784f6366b7300a2e2a1f2f6c4da4b5_cppui_modular381), - fq2_value_type( - 0x0c00f8b8d7152d39338142b6da1b5359a0c450a5fa8429d35d625802cc295ef55f718fb02b0454007ef5cfc83338746a_cppui_modular381, - 0x0709bf3e9d7f008ff6e1d93b3453ad2cb66168921ba36361903361af22d5fca1d6d29b990cb1d2caa8f0c02f86a13531_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x119c2e12fee299f327357048097b0fd267f249ce49199d123ec0b34f82769a9e6a9ebc9922cc5a63c156ed0af1f2bab8_cppui_modular381, - 0x006253f43315f87f5c7de6ea4537ad330ee441c11107e1e267bf517bf30cb8193c015d7956d3cfa8a8f0152727ea7733_cppui_modular381), - fq2_value_type( - 0x0cd1080a75dd5428f170f360cedd6a09bf6786a16faa78f32086966849a4b1dde0dd5dc930b785f040f857aafa6e75ab_cppui_modular381, - 0x088a7f4fb837357d4de41e53ddb55345fc63acff883a6cc3e6955970c64be3bf6a30a389a07c2ad6f83bc7a97d1f2ff9_cppui_modular381), - fq2_value_type( - 0x18fdfb6c24745c8adf60b2d4da3c7fa8d7c1bb2d5e10c2911369eaee725ce6511e547ed433088fca9539a840ded39570_cppui_modular381, - 0x135d7730beab103b469029145cfbd4f039150e0294f98943e134c95138ef719436b4ed0c83d815b0b5b885b18d92448b_cppui_modular381))))), - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x12fd5ed0a76a16350608014441c7963af6c58f5204841220d02c120c857d72339140994eaa4a2074c46df38c289dfe7e_cppui_modular381, - 0x06b8b2c060e427d3857e3382db6ea5702d4008ebc9cdbcbb205e9e8b660f209672a68f66f6eb2f3fd87ad503af494c62_cppui_modular381), - fq2_value_type( - 0x09579277912400c143be4d18263816fc0f018d7a51724fd9a4d8676070b07b2b016c775b23a455e40f0fe1aee2715c3e_cppui_modular381, - 0x0ff9e895637cd5fc197a265c729b0198db906448b26d48d8a511ef66fc6c8d5f83591d8ac460cd20f4647bdbedc97326_cppui_modular381), - fq2_value_type( - 0x191bf0df7f7d1185b6e2f0eec8c7a6447164d3166e3fef3b2dd544d5503a44f66113c4f155e021f44245500b7922f241_cppui_modular381, - 0x190401c0e0ed8b3296bc410287e2107b4f2922f469fc21e7f4002cf980ca59ff200a2e0820a98451e1181afd2d4f271f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x177bd02cddb71e610b8e73b23ff5ac26ee6591c927761649d3c700a4f3a5e0b73d609716892eb199973d9b505cdb4a06_cppui_modular381, - 0x1822bd21fd0acee0343343595c4e99af3967bddb8d4c7efcb57fe02665d8bf5ee55e6369c6c95babfb6cac2c6cf914c7_cppui_modular381), - fq2_value_type( - 0x088519ddb9dfe63a075bef3a98a732b5f0bcf5af47459596545768bd35e3f92c0ced42f0789b2966dbca3354e0feb373_cppui_modular381, - 0x0f2e83a97a068e0fb29720bd328d9a0e9fab1571a7caade92a212df909f22f6bbf7623b70716dd506028a3b18fc75290_cppui_modular381), - fq2_value_type( - 0x0d87d1a7ae8aabdad6d8861357161a4905503be0dfbefb2b8a135eadf9bc439c29f23c813ba823818d7e1964ba594a1b_cppui_modular381, - 0x14dcd0603959b0da5bf35253e20364d9d2993e07c9dd78b6c6edeab00f58c6073629d03eccb3ce2652529a8a58772bd9_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x03fc3846e0e8982b6326add7c363d56dfc7fcf2e1ff6faf0b0f9fc0150276dc5942508a7d54358659cbdd6aec7af36a3_cppui_modular381, - 0x109bbcce08978c9e3c3a21d674948ade88fb8a8f23687ad716a6c59cbce728e6a72a77d7558a58d4f1c461c784bf499d_cppui_modular381), - fq2_value_type( - 0x0ee1e281ef65d9fe4a064c3b96e560c9ff0e0d51bd8abe50b4a3d40a434cc36c0a5b696bada1198bbff0f89b2a575ea6_cppui_modular381, - 0x0443c983945decfc94d1ba2bcad6414c6d71e3f1f9424d32002b374bacf29a48fab10bc318f1b124b54cdc957fd18080_cppui_modular381), - fq2_value_type( - 0x0cf6e0df6ba546778eaaefcad302518fa5b9e91a395f22ca566fba9a484ad9257c0fd9ec8a1fae269cf5519eb873651e_cppui_modular381, - 0x17be74b9603e0d670bc7280877675e2a7759f30dfdad39c6f56639826096f73906054ff1ef1ed7529903d58520e5fe0c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x05c363e71fee370496ce63581e1a2353d693febc7dcba50a814e0afd41362cc5861ba05b6aa785f79023f856a1852e14_cppui_modular381, - 0x15283427f8057e38d8cbb453f3b98e4b26828438e345e0100643229b52ab7703b1adf952af09f75f3ad5c2a721b9e0a2_cppui_modular381), - fq2_value_type( - 0x07c3b5b79d43601ac881280b0264078f137524a2511b43462bb5db1ace2071a148823e8d800e9a29da8fe147005a0a29_cppui_modular381, - 0x0806b3ae25853ce81d5d3a37cc92ff63026ac76d644fbebf570dffab8d08b157c8899a7c6dfb902b29065c9ae6773bd6_cppui_modular381), - fq2_value_type( - 0x06adc03cf2b46f5167bb43d755ad20f75deb5fb3d29f7c7098a94552657ae094c86e8a7681e4358fa330f192b9dc4c67_cppui_modular381, - 0x04260c55a008a80e8e434d5abd57380d1e9287605d734e7bb984bfcdbda929f5f52486c9fd97ea273438f1886fb4ac2a_cppui_modular381)))), - std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x14bb7ddbeba4908783d6feb7a548702541eeb568f99a04893f9e90381078c135b6194b1a8e002ff7dbbb6bea2d112f04_cppui_modular381, - 0x0e5cf73253e3b6522e7616f7fc81d3679000f2c82bc1e4650e528e8b1815da1eb1ca74a0e1f147e9e9ee5afecaf7b75e_cppui_modular381), - fq2_value_type(0x16e5e8804bf3faf4ed8ac4bc08dd18c512dfa1d38cd70366d619fed3ad86110dcb579152126313ab3f9175c653199a9b_cppui_modular381, 0x1643968f88aaa23e7ef8aa9971ca131fe766b7cb0f101c75691b00875598811fe2f85e3e4632821c9869e4db8615e64b_cppui_modular381), - fq2_value_type( - 0x0ef37b6a804485a17f433b9637fc0666a2e5b44710804f88d04f69b6d61d343dc3473e92a7ab5ffac18157110ea25a28_cppui_modular381, - 0x0ae0281de5215487dd076937c9ae34e07531896a0d133c825c946dbb65568e45da316d5ff0e9c19b120ed5307fddd5ea_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x04b4437093d036084bd44ade2383d9f80a3753b85563d4ec723efb00575167d1700848ee8ccf779918830b727bd6e04a_cppui_modular381, - 0x02eb16e846db4d99489298242db20234d7b08679a358b3b687b199e1e9f1a79f05a3d22e26558f63ef2bfac1650a2dbb_cppui_modular381), - fq2_value_type( - 0x163b5d637d6614bf95056c2a6f40fd5b77675b40b33831075ab956a7915b50c2784dd3e9eae62e8e7710dece5b4e5cbb_cppui_modular381, - 0x075c630b96f6e47c65dcb8fe2eb7ace6db46fe7f824423a62b134775cc179d1cfabb476b06404cd8f2fae5653b0dbdb0_cppui_modular381), - fq2_value_type( - 0x04f7a4d7fccd5b85c8f8af6764cbd63124f1079084b907b06596a01e1e3fbf05e424cce303b081bab7a8a30c72215748_cppui_modular381, - 0x0ba15e1d5d7e69b85ef295f64d95b68f96716e3c5052df78227a86fd90432c8569d8d07ac0b2821a8d6a25cb2fbb161a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0c082a09cc4de431832046231a3c9ddf5b5beb5c842c2d6b665f406480828f545eb791a5154a9cbeb19d4b4ec8fbef5b_cppui_modular381, - 0x104b0366fd45deb2425345d4369d4a5a5e274ee30cf42895a76aac7173d7d0f9477cff64a233ee66d1b974832ded4432_cppui_modular381), - fq2_value_type( - 0x0b850a3606ecaf7bd030bd9369827132d037f9a6c0536044747661bda381e829d53dcf7ee6be49c73ecbae0d46df39b6_cppui_modular381, - 0x08ce262e8b91eaca41f3f91cc223e06539eb6463632e40555178f9e96929e8abe7e414115893a3e83c8ddc43bc3114b2_cppui_modular381), - fq2_value_type( - 0x0764fc9cc35a550bfe674f02dfb83e2fb9a479e26988b98d751e6bbc7f1039fb28c58aebb099dee819d2e108d5a9d014_cppui_modular381, - 0x00792e491f933e2af94549eac5b86c732e328e942d57d91df077cb0e494310044365f5f9cf1cce09efc5893064f75748_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0cface8554679360fd2a2ee77b4db2cc3426539f1bff889c545956674864e90e86ee7185dfc3e9edb28f32c7a142ea63_cppui_modular381, - 0x0f330a60215c38df03c90dbeac8096a6166d0a0a2bff2b17da0a2f47618f6914779800558fa17f5283b8264a2e39449c_cppui_modular381), - fq2_value_type( - 0x08793419745a56961712d18afcf91a9a60e8b34080f15bbd8c9c48e7d67d098dbe545a253cd628c32f3157f641806c3d_cppui_modular381, - 0x01ea7d3cd5d129e341fad5dc390e75e00828935a2c5041108dd6ac9430d2a246bf9566ae11aded72512892c1bd0804a9_cppui_modular381), - fq2_value_type( - 0x1716895aa2ce83971569725cfa75021980d0e9ba9cf6d6c3778354acc73f2392b8ee0e25ad46603afe01f559fec7058c_cppui_modular381, - 0x0d08d4cbaf970ccd7da5d59c91ca6897d4516260e6efa2bffe82ace16e9592f132a4e6b8d199dbf9ffb208965cb36b9c_cppui_modular381))))), - }; - std::vector> gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1718116040ceeae31d4be8a8a9652e225f9288f06e1b11fc56879019a7fa7ecdc63e3a3d22d63bec596a8d2cc93bb539_cppui_modular381, - 0x007abf9364156230bb220e856905716e48d1ded59420098e38bac0f73a19cea50c210746b13867d1cb57374d6c77848c_cppui_modular381), - fq2_value_type( - 0x10e94a7072e7b49cfa35fe8cb93ae758184e4c79a4c60e1226bd5b58afd1b53d1ba70fa6dd340a6d4519b0af11056bc8_cppui_modular381, - 0x097e294b81c3089daa9c6a75cf9f8958b36b3857a9b209472c3cbff37b7669c4cfdc4c3c5638172b06e198f6d023aa2a_cppui_modular381), - fq2_value_type( - 0x0b8cd3ec915f7390b86a566068e1b2b054f229239375fa84910e61dca491664ea8cf9f189e6e58b3f9846659e35a8f6c_cppui_modular381, - 0x15a1c1754752dcf72308601a7ba3567ecae27476bdc9f9b9bcdfa99c85dd1ae23bd4a69b7d0d4046eab6cd56965d09a8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03ade125dbf2d12c7c901e209ca3f4ad3b5d804e2047ba79b3d6227aca3cfdd422e231a89e9d42b70fe106ff84dcdf88_cppui_modular381, - 0x19a6b0242756339d70bfda590e5aa38c7787473a481b15a9a55da5fbcc70ae580dcae38e49dd3c314044570bde03dba5_cppui_modular381), - fq2_value_type( - 0x19caa5c8e29f8901db81f5736cfae919db533a3adc85d48e010f005c8b248c50e18840e6f86ac4387285687f8dd78f21_cppui_modular381, - 0x095f22044de825fe7d5182fc6f6d74eda6a63b98d938f3a13cf9bdaeace1e347596ec1a3f72fee8fa1649c0704de73b8_cppui_modular381), - fq2_value_type( - 0x15c533c5e6fed1bacb31ec03e88fe41a3036a13e62be5325d5f7eb60a53aeb03a8ada2e3b28319609709d62b0c6b18db_cppui_modular381, - 0x19550061f9e92de28e18a3d24eb1b2882987944b8482fa0fe4d2c5e05d03f9ff099909018751ea8d9463d24c0fde26a4_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x068c1952047295ec2d622eb704fa83998547d0e635d4899a62c928319030e6f0dad9a5724e37b4a55a80e36570ecc699_cppui_modular381, - 0x04407771c03deac7ffe093fb75174ef253b5393720b07f0a479cdc1fee4ad2a4e01d61650f0699bad3912f1e4d23ec44_cppui_modular381), - fq2_value_type( - 0x00767776619842d37dc154a0d1f1e44d0dd2d68ee72aae89e5defc82e3c69c0a96b48fc76ca033dadeab1bba44b08264_cppui_modular381, - 0x0d5b3bf61b8b51a09168e2feccf939a6534fe87633aff57dd7928cc593eaec390ffd3d21d84d98b1193baa43cf9612ab_cppui_modular381), - fq2_value_type( - 0x1736e7b5ea4adba0bdd191174fd53412fd73dc59969e174092ba28beca003d11437f3930bfb0d286ee98fd482f8c7bf6_cppui_modular381, - 0x042f5db4be193bbf88421ade0d450fc87378fc9003fd133598b5da6a800e53602b8a002a85206af9b3d982b83273520a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x053cca51e1fa7754c5e1d17965a7703a65021faf05db203288cd5a0887cfff79ce99cffa7d4c7524c8a8ae40d93bf229_cppui_modular381, - 0x14aff8da928aa88a92b3f146024b275f773fd409a31a16a2bc24869b09acf372f96afb2fedbb0a422672eca8c56e3559_cppui_modular381), - fq2_value_type( - 0x084e20aa49145df560f8d274e1edabbb0921c4010cee1a2f04f6fcbfd7d260454ace0c99b84e51d60fd3573c9275fed7_cppui_modular381, - 0x0c50ffa596f08944e469361ea2b08b5d73c0f5a1d981fe05f9f43265830a84aa84392a601782a6ebda9dcc9acf55ec8b_cppui_modular381), - fq2_value_type( - 0x0a0e9fa90be56a1430a3975926c5125908485ba78181f6d72e689090852d8f1b72f157040ca99f58ccb737052cb422f5_cppui_modular381, - 0x0764fc11a4a9d1b574198a895e6d7bf231f8ec143903302d0dab141546c4727b40771209cfc017afabc4ecfa3b6cc727_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1763e5abffdabd0b985c0ddf51e38f0b130a1675917a51ab24995c7133fcbdff665d7fc3fdeab9a35329728eaa2487c0_cppui_modular381, - 0x09bf6bb6e7d77e8502233d9080bdc5819cddef652c4a2f81367c99ea77cea4ccdaffa771cd927b45f6d5357f3162fd47_cppui_modular381), - fq2_value_type( - 0x051762070642205542fa6de6ac50f1be4c1e9eaf7bb1139f43226996c77e205d8a0983e4458796a32738259989fe9b55_cppui_modular381, - 0x0ac72ab24ada457e597093800afb99428096b38a7ec5c86509e20c3022ae4cb98f0e252bd3fc98692fe89d5689d07036_cppui_modular381), - fq2_value_type( - 0x08759900ccba56c00ecd0053d7be02e7203b651252ea3cedbfff5658931f1e1881e3a9045c0a90032f9126664d5bedea_cppui_modular381, - 0x118219f6bd374135fefddec3d77b56a96f3a84ed7ecaa37a919311403d3fa827dcbcfb30517a80c1296a1e1d056d0a4d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x10d55a0bda7815871aabe2210655b6dbd5e62da3a4850aab73c3a6af8f2b6b5c411e6901a6d7167907cc18450214ec54_cppui_modular381, - 0x0c3cff90fece5679e377cd2231a7086e8b39052729339b281a3d882913c69197b135ad64aa2c187528800a506d6e3e47_cppui_modular381), - fq2_value_type( - 0x09152f27c3bb2645c6a510cc9734eac01adcf68655016636fad1541081fb427e380508a5430e248502db4f398fb3ca57_cppui_modular381, - 0x0253e0d15072611fe63584484231348d4ccc0942aed4826061897a3c14e5bbe860d384165ee435532beed454f80d51a2_cppui_modular381), - fq2_value_type( - 0x0042993aefdb19f4a4cea0a0ad4f6a9b7c0942e704fe6cb9c2e0d4b5c1744888a18a47dd359f83bd8668c9152199d54e_cppui_modular381, - 0x0403ca90810b9bdb3d64e16d994fc0374571574c7f2414763cddee58d339d2ef94f56637d218459c526cfc9a41e2f94a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1326e02dcc002f83652f9ae2a21128070bb67467842007fc3dce148fbecc8251303871bf52849bb9b1117deae2ac6909_cppui_modular381, - 0x160c4aebfb5daa7c8827df4456f1caed71e9c6eb36c4e38335ef5737907ca169b146cf98aaef0d263a4336764a7f5c9f_cppui_modular381), - fq2_value_type( - 0x16b1ebad8aea35d9494788b430dee9f727731a9ccb61a1c82dc23af351fcc4fe184605bf6511a09e594621b46f02f290_cppui_modular381, - 0x08a2d114e1d45e6a78891b92efb57c0fdff42a5b78e1e41c47dd04b59538297250398f8f2aeaf66f7133cd9ccbb7666b_cppui_modular381), - fq2_value_type( - 0x09f207c5728afb33780f1c95a706b2bdf7d95ad136b9384de2353a3b402dd4b36ddc0af74c5da5502b177548d955bc12_cppui_modular381, - 0x017ed246c225f9d3ad09689f7a6357853f1d3b25bfbc8f4fde45cf91e5899432d3357997e741e7b54b0d107cd76182dd_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13ac0921ecebd91522681f39d53174de399809677395c01c3a718bea8ccadf0192ab3445a2302b81532f002c5b5cb789_cppui_modular381, - 0x17fd0a8cb6cfb92773fa6cba16e0e1ef25b873b19657db520059d9fea0c16449b4a9eae194aaa3e4e62fa2ab9c4bb058_cppui_modular381), - fq2_value_type( - 0x12188747d2c0c173160f2c70cb1a7744efc351c66dec2cb4897b525edaf96b4b11b6cd8f7f96185d14b68f90f1892f0a_cppui_modular381, - 0x160adadcaa9c4535766cf059d000a3bec963b49d7a196dc9e0b273f0e380524ef0fa3778cd05f91d37dc3e3610b25ef4_cppui_modular381), - fq2_value_type( - 0x0b0aec8750f6fa904037a66899d7bb74157d66eaaa620500c8ac19330f7fa2381f8bb7bf948fcc0cb3164ca5111a57be_cppui_modular381, - 0x1571de225c6a6b1c05d1d1d1556960c9d8f1d33372de8823a7362a19c8d7bd9f21d8f7a946c8b68201b1964f161ad9ee_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0c1b46645e07f02149535e57c714bfeae7e5c6a6dae657f1bec66e0d2c370088a44b4142c9af9703f4a9140185b8ed16_cppui_modular381, - 0x121333adbcd6580d59b6f7f4a1d2b00e372df87425f8e23afe782a07aa28c2ac1dee010fd46565c3212dfd2d25aba7f3_cppui_modular381), - fq2_value_type( - 0x0055cc12db8971034a9ce1d8107ca4b8d4d5d7417b246d4814a8be358343a0540c5baa69283a9a2014810b876785e098_cppui_modular381, - 0x12f500db08771ad5b99ad670e86b07707da6f066b0f4bfebdac9d2d4a456f0f85cb962ab42b0de1437e9bf0fad01717d_cppui_modular381), - fq2_value_type( - 0x02db83dc318c076b1ed46bc49b8c6d489c35554f00a7a1e011fd740326d1f97123d03056e84d4198d0dccc98dfb2b4a4_cppui_modular381, - 0x11fba6d6f3f6755809779dedfff82c03799918c1e9f4f20139f11b43012abaa92a2c889c6978f5e03ed6ca129bedefee_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x05a517bb0873e1849733759c1352ce11b99eea1f4b14850729166a9a710d92b1d5d976f76d1e31b5bbe896e25b491f5b_cppui_modular381, - 0x168811463cbfd398603f0cd9600ad2ae2272d2ab432091b16341d9754c62c320e5a16847deffe7d2165127e51f403ad7_cppui_modular381), - fq2_value_type( - 0x0a909f2d324f012584816c1c1edd486551ac2640106236c1a01d47bd2b63ac6f6ae9fbbc99ab6f0de74d364b6b1ef9bb_cppui_modular381, - 0x0486a82e51356eab57e1842a23098ac1ff87bfbe47ee6b24b5c13dbf3ba5b0563e94917e4c1bdb90b198fd6f2a7202b9_cppui_modular381), - fq2_value_type( - 0x13bd859779632fb6c12ec2797f8b44dd6cd2af3a1bb601493ee50de1e49b2ef6c920a3bd3d23a396d9945c1d282d6d8e_cppui_modular381, - 0x13bb1971cfef27d5778bba7272e9fe80b13aa73f274e3ff03c7ebf70fdcf9582c83ed6056ef128925b6bc87284c2e72d_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1847fd1f3f2172b8d68dd6f3dbd9271f30d96837b307aa8e2a39ba2e86b6605c0fc59bb7777c4802bb7d8c56e7ebf93e_cppui_modular381, - 0x0c963f2ade97da76fb39777e548e2c20a7ca39a45b2c41f1977e59d157ba809805c3088577aa940121139192a1eb778a_cppui_modular381), - fq2_value_type( - 0x053ec1965be1bb101063317754bf621e88aeae1c0f744eb8a7684b46cecea81304092d804b02e026bd27356f543c3ed1_cppui_modular381, - 0x0ed51dcd2f7bbb469bb814c40ff3d146f4a537297a83d6f866ab9e344add8173f97156f2f1cde4f3dab9eda6ca9267aa_cppui_modular381), - fq2_value_type( - 0x005604be71269b704f9b0c157f8fad78ac62fef470ab4f8507761d11189ce9786238653068d3b25a1ab2fc042309ae83_cppui_modular381, - 0x0ae0dd5496948ca18a99e37078f0b0e742873adcadd6aed8c68459fa520cbe8d245907fd86675484d86c821fe9e04576_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x023205ffdbe7dc1569e3a39855e8d83fad5deeb6d9aedeb1ff296e189260002a78b9930363b6704a5ed5dfdc51162668_cppui_modular381, - 0x088a1750f46f0dd74e5ea8eefdcda6ef07e462dc9e435b6219cb5515688307d15057b9a07aaa93d16a82758ecc03f3f6_cppui_modular381), - fq2_value_type( - 0x0b46157cbd8c46dac48778b3771e0d8a9b4559bd3ba59177faf6abde2786e3b22b02dcc8b285d8460cdba93b3ad8323a_cppui_modular381, - 0x1317124459e2829c60f16cb4bd696c16c7075c074eafcf0e0d9141ec952fec300e16c3e339b39773b79400fbe4183fad_cppui_modular381), - fq2_value_type( - 0x0c5a70b575d1c10439efb5d1dcd5d5063132fc1fa3317813315dc745b5397ea2265e2edb96890935ebeb1fca80d5c65c_cppui_modular381, - 0x18d6a68e0769879dc96783fa331ba7612fcb9c5e0379f1fd1ebb8590c5acf34e818d63999e858978f5eca04bd987ec94_cppui_modular381)))), - }; - std::vector> gp_z_c = { - std::make_pair( - G1_value_type( - 0x173ec2137ad89c47ea4d955ad1f1e111470718712477afd752012187ff3d421fa48a261d9bde15a7fa62d16b28a83f8e_cppui_modular381, - 0x0b17112f9450252963865ff4ae81d7c019896f02c73979b8ca931b871c78b6a6656c5eee34f6b3bb3f7e2a8517a7912b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0284506672cd85e39d65dba1f7da2795487fedf366b721fa91e930638996f139a5c7a628979501d31189ccc8c9698875_cppui_modular381, - 0x09fbada478b96848437e8b755b10f330a3f24d175fdf8f7c42e8ea7fed25f79bc2148ea74a2ea041377e9c691ae2e7eb_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x10ba7fc7e73393ca7598d2e9b12b39de6dbfcd81ad36e428a35b994bbde3e9ab1cd9d9e97943effc439e4987e984fc51_cppui_modular381, - 0x140910a05cad86cffad281385f121f64c3da7c1c59bca46ce9c03fb9f3258517cc92d60b5b2ffd7f4b3110ef7d81adc5_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x01ebe25de68bf860fbd8b002565b6d3639252ba5065c4fd91fc41281e0fdfce31713a6abcfabefb30f0f0791639aae65_cppui_modular381, - 0x12b4a070dab2aa7a3e0fb9cb7996dca5e8e9db368f6b2e284c7a5b8c79ca740a41d4bb58d1dee5d3f9e4fe47ed19eb16_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x0d8aff668125450adb702647fc1fd00e7ca3ecddf12070463e18b40dadccdce8d475ea33d0888c35982a4882a2931414_cppui_modular381, - 0x0ccfd47ee24216fc4c547076203a0074026130aa9762f48ec93ab804e8e1710126cc6d98f59ca21f349ee9826d9ca1aa_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0bbda681a431b6483edbd012fbcadab103507cfbe60a419f7b0c93fed614df9be98c943f92d05f9dc8380dff52a4300e_cppui_modular381, - 0x0c89f7e6ea1a34d23938e2e28ea23f08e75242d4b8e9b47d03466d65b97cd8d927f6a38b08556b057a6d9dff909d8f25_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type gp_final_a = G1_value_type( - 0x17538459e8caafbf6f7378d88ea07521b160265df16e4b8fbf159ed69aedb7e4242e909e4eeeeb721b76051b1926d208_cppui_modular381, - 0x0ac1bc8b817d77bcff0e68d06fe3886673dc844691daa41d8f019d10b1723c8ca159505e62ac73ebc80e7b47e9f18d6d_cppui_modular381, - fq_value_type::one()); - G2_value_type gp_final_b = G2_value_type( - fq2_value_type( - 0x06c55bb292162b4914d8c8189c0c35906f1e0ddf5adc94e7a4b0e90587efecc1fb870af9ddeff14c6ec763effccc5169_cppui_modular381, - 0x0b74ea554d536fc132d9a5d818c3afb1bef2988002b520f21e85d14a33a0f754326f854e2920fa46d5e7e46b65e4aea3_cppui_modular381), - fq2_value_type( - 0x1877bc193ec10b531ba56dae27f6c4484fada5413e1afb9b3d80b5cb1b829207ab93064c6bb92708381a28c77c4fbdfc_cppui_modular381, - 0x0ed5efc48efadbde502960b92e31e3c4cd224fe2a761cd361fdacfd05c72afa702c6e4225db37ecb115dc8cd8e27a2b5_cppui_modular381), - fq2_value_type::one()); - G1_value_type gp_final_c = G1_value_type( - 0x0115eba1ba9c44e21a9cb2b9f6c76932bc306ca0037e7712f8f4dac47bc60f0c5f88078c2c6dd94fbc0056eef670ce54_cppui_modular381, - 0x114ac476be3bf0f1e1f420c8fc1cb1f2bb762cd93c9c3440a8392d7c8a2ca32ca15c3975dfca6b753ba895951c6b414e_cppui_modular381, - fq_value_type::one()); - std::pair gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x01634dd81fd9ded259e8727141a265ac217877f7c5d5925ab6997e962b05e4b2c9d2c85c32a57cca9ae8daa62b171b30_cppui_modular381, - 0x007829a0bb526d9bf3fb39a34ed106e30045383f4bdf28c821cdffc4fa62f2ba01291a511cc1ff9549a14cb3a6253ba4_cppui_modular381), - fq2_value_type( - 0x007fa43a344eb4f2c0db80c590a2332896068dd8c447e011122bf52b881e749c6f6c0b02532c65f67af2e1b60566bd38_cppui_modular381, - 0x0958f9ecc4af1e61138df07455189f489449633062684e081265c0188ff5f6ccef136a64ef110e799031c545845f729a_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x01f926264f5a3892055b01ac24e634067ecdee7a9e1ade06e27bb0da9996fe37d3ced88ea7fbc5b0ab7589d7178fcfa1_cppui_modular381, - 0x0a4e360a3dc354b04b4d7951501b989caed7f27ecaa4bea387798a525d0cff68d3a12dc94664646d8fd459270f36d59c_cppui_modular381), - fq2_value_type( - 0x09c0d648df794e3995352f1d285ab8a61d6ade4d6278fe473f21f79c610a112b4eb25a5a2e3565b756a76f236bf939b6_cppui_modular381, - 0x039831d4cc1b6dc3214bbd4bcc1cd7a1dc6f871a1322e894d385e68ed672b072cfc9e87bad9c418a51db0a34c7dfab52_cppui_modular381), - fq2_value_type::one())); - std::pair gp_final_wkey = std::make_pair( - G1_value_type( - 0x091185d97c3b8d91c936b624099f9169df6db7acc2f828b5ca00f2ef8221624f5570f12124484a038f2168143463e842_cppui_modular381, - 0x0cd29e9bff8b7485f9146218ad386d241ed329f855dc8ca5d8b5f5eb7d2adacd464115ffa6af5d7db2a4eb2a29a212da_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x015dbb6ebd9b9c1dffbe6cc60295540005e0d8a42062288a50e0a2b8dbe6a7e4d9f71d01a6cf4baa9485c812a967f0cc_cppui_modular381, - 0x134c3f11b342e6c3186bff0e72984323110313638473ffce74ed48a0c02fc0d5a6a6564f4d06247daff005649163987f_cppui_modular381, - fq_value_type::one())); - typename commitments::kzg_ipp2::output_type com_ab = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x09438df2eed168e525cd161732bf4349ed6bfcdaa8461e93674f061ca9cffcd8cc75b77a9d6dfdb209d581d0c07e7ee4_cppui_modular381, - 0x041c2011b6779255cf4583d0d3218a6f56f4127d7422351746b114d96ab67867843d36bc48dc1e4fdbdec5dc4c2bfa36_cppui_modular381), - fq2_value_type( - 0x158c7065a17b3927a828bd3c0aa549101155e62c532ab389136a3e7c27766b0387d78cc6b889fb7f3cea1fa7ac348059_cppui_modular381, - 0x0ee242744a21aeb01dcef6c06a016597635ea490daa48c3e1d1a8f600be0e1cbc1a59bfcf85a8ecf7a621934870b7fba_cppui_modular381), - fq2_value_type( - 0x18fa1c9b16ecfcd0909b47e3f65add175ec6d400844ce635316562b99bce87de35ffb0f6d7a6d84474d494741d0106f3_cppui_modular381, - 0x06ad1691ec33738d338a706913868ddda06cfd045c99147c3ac56b7e432ad09f77a4c9e6e74850e4d4ab9953db4cfc0a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13ad400debdb06b30620f03778d046533e477bcfbbe346df34df6c15e3c77a5ad0b31131f8ead8b96c6cfc4d02a1c389_cppui_modular381, - 0x15583230a90604aada461a69890ca54dca55b49cc4a9aa6273c78cba351ad44958533f825fb67c466ba6eb55fdf6b4f3_cppui_modular381), - fq2_value_type( - 0x00f1db5c9cce09dd51d214b6b1239159a932c74d08f7d377c4ba269cef1bbec61946f917d737406d5f7a268b10713283_cppui_modular381, - 0x0462874a3ac8cd9a628c404dc3968643c731c6180681e3587dd9f25599d2631da0a905a457e0e561fe4e16b326743518_cppui_modular381), - fq2_value_type( - 0x008f0a48d565eb3f795482ffc080c478c5f47eadc2baad11a09bceab87e2cdfae0a9222dcc2ae3e75c7ac6c3bae31ee5_cppui_modular381, - 0x089330c302fc3baf321034f54b50d688464b932407f4d78c16a34dbae61df924179e21129075745c63b9757bfd25f05b_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x01f85b39387fceff47591576f952fb9e6419f021b06cccb4e3872cbc80577348f0473ba81922483cce06b54a8b23acf7_cppui_modular381, - 0x0e4506272365ed06076b3aba0fae145387abad75c03782c47aadd917e4408b7e4cb4b1e46d5340600202522fe29f376c_cppui_modular381), - fq2_value_type( - 0x0421e02496308c78ca48043f267b8ead249ac3231fd564fdb86ad21eb94b7675fd2f4aa4f85b9fce53b10e680592dd7d_cppui_modular381, - 0x06256d4fb220220163925d28bedd5bac9d5c01f0c548e2e3f2ad726d79a69b9e417330bb862796248a175c52a4d119ff_cppui_modular381), - fq2_value_type( - 0x17f988c31e464166b556ac828463fc9eba97bc3d315c31172e61b852905f8c6ebe47d18d8852ebd3dc5df38b6dfc68d2_cppui_modular381, - 0x0125c3640e74ed2d07ea34e60a511753689233eb3224e70e6b2fcf6267662ed740e5fe39e506607797422ebe45ea4a77_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x150c32bfc286cc3c8bdd2527b989ffa89759b79277e0c53214e7d598b768b7bfc942c82d8923321db5249b916abe0662_cppui_modular381, - 0x0740df21f60ce5267ad4018856ed2b6bbadb914e0723035ad8faf2bd25343707bf5557b371b2636497406680f72bb483_cppui_modular381), - fq2_value_type( - 0x17c3f4d53f282cd6a94234cc704e58e4f246e0bed26c340ab7a9dd21a86cc3675807138a2411d509e14f2cda6bf8e1e0_cppui_modular381, - 0x142097e3b6a8bd576fadaab0375a9f5596bc9c8edca79c6478eded81ac6b0a8bdb1371e07c426448447f2274dea81c86_cppui_modular381), - fq2_value_type( - 0x0d1599375a802ef65799d25667577bc132d204996fc6cc9cb975647373187951346bada49c52bc984dfa74635420ddb6_cppui_modular381, - 0x12f162ebd20f8136d0e2ff7b66a752fc79134069cdc131ab0cf188ba774ba97ee6a7dc79d9dcd5fe93f6830d27377c34_cppui_modular381)))); - typename commitments::kzg_ipp2::output_type com_c = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0d1569717ac252ea42031630d1d86b8208abc0928210c9d19116f23ddbd653017ac0ef2f57acadd27aa8cca81438f843_cppui_modular381, - 0x17df99b57ef9a374fd73cec88e19f74d4e1f83b5b1c973d9b472c194cffed516c0eb53c681d3c21ce29699e35c244cc5_cppui_modular381), - fq2_value_type( - 0x121aaea362ab02e8379a362437b4e83f2343c293b7f925bd46c6d50876fbdd48086595705221cdc7ac126939b7e32f6d_cppui_modular381, - 0x0da0ba3ebc44afb6a38729640264213e37fbf2e7cb40acfb0017c9f3def58fb4037a504ef582df83feff07ba138687bc_cppui_modular381), - fq2_value_type( - 0x0250eee41b14f959399aa5fd0f0fee31c1197bb8c016d32fbd819b7d143953d5b0423996493a2ddd782f42b8bafac22c_cppui_modular381, - 0x0680ffcb49eabc8ee85555f4cc3482900ad261051aeb33d56643c50da0d1bbcbc1452d8993673d0e86312a44641e7233_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17a2635821fb36738d222bc7615de6da7c2e23e3fd6d81c43f9d8948637f48455021f08544a6ab2baccbb66aaa01eaa8_cppui_modular381, - 0x0b464c1f228d6a279de9debcbb03d643af592a7bad75199b6d2c09b76de8b04f8d2def4c51455a455c0c327090c0d252_cppui_modular381), - fq2_value_type( - 0x0d0fde04945b173830356053368613cf6f25c8df4aaea77c797a10f39c47a5b63fa8abab80f2d42f009b4d21deac2172_cppui_modular381, - 0x199cd2b4e7d5a7f3c79bffd7c412df7b7a066ab27c163a34f9c876690b34e595f33317c756ef6bea2f6874a04294bac0_cppui_modular381), - fq2_value_type( - 0x12529873ef3324a4423d03ce1b3b7d01068d302487dfb7c44bbf80fda3abe138e7812753c80c4de759aa4724fd84e957_cppui_modular381, - 0x01aea6515a4965d9abe3bd2369f2f25a80aa40a1594eec6b3e32f889be269e3c95269becf1c6752ce27a7f12dc1861fd_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x11a0288351d88bc79b270177235a2c99dbe8925602d4c222217becb34b01ad855f47fb52708aea96ee40d633b59702a5_cppui_modular381, - 0x16c0a1f83f624a0ac8f2e6b001caa92e85f4f3612f60a5c16be5c5adbe2b7250c758448718848e9049a64ab1b8c6a665_cppui_modular381), - fq2_value_type( - 0x00e48ee23098a59ac449a3913fc2dcfd4b52f2c77b208e0ac2432c08b64850d5a0e99f886225d7b72daf714d490f5283_cppui_modular381, - 0x0f94203b49e62c5e5889935af96380633922314365f1995346062df5b5982d0c7177da840556ca0babcc90abd7f0b2d8_cppui_modular381), - fq2_value_type( - 0x16c5639bf79cdcf1f9f2663fb5145d47086b82033463d7146cf88d6ebd924500f5c8ca00a1917e52bd041f8bc29cae74_cppui_modular381, - 0x06e24ce65b13b39e5ca60aa9275cf060663c19160d6d7187d414b2f03e34798646f724de19d153bd4f42ad813c4e6f9f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0ca27275c25e692b173b0a837d26e74f4f323e7504a2a9b7ae5151c0967579ab687f0f3055be6d72de2b2b05d3f6814a_cppui_modular381, - 0x119cbafb2577a5b0a0f2b765f11b03dbd0ad6aaa8974c8a68094d575f279a2305538e14bbd606c1a2a2a2fba21022cb6_cppui_modular381), - fq2_value_type( - 0x04925dc41f55a8808e355178e3678189f9d39af465a40fc72d68c41281b449d45048f08eae4482947c5e3841e020acab_cppui_modular381, - 0x19dc30ef0f8c4d504ee76148232c0aab1afeb669d0798760bad8822bd09458b91f45be56b00a9a88ddc0c80ebeab81d8_cppui_modular381), - fq2_value_type( - 0x1567468a9ac691aeda25e7637d17585f86a714d8a921f3659cea7a9479ffceea7fef903ed13095ef85e4f03141871bc8_cppui_modular381, - 0x16f5b6c09576cc7277640207a4dde23b02ccf457c54114e41ca6be95d9167a8c66e0c5d3d923a2d84f5c18d60810c7c8_cppui_modular381)))); - std::pair tmipp_vkey_opening = std::make_pair( - G2_value_type( - fq2_value_type( - 0x03ad15badd1d845acdfdc99c73633a03fc3a4a68cc52fc0247115e70c3ace6cd4c92715984dd70e6648bea4248c1c15b_cppui_modular381, - 0x10aa55d7dbe362b69e21ec1ba54c4173cc4a7e4e62eacce1053595f6f0d037bdca088537def2ae0a03ce0ecabb2c0a75_cppui_modular381), - fq2_value_type( - 0x093940da4a706bcf27a73885ba50b450073aa4fecd8ece8b9cf1f6432229e0140a152acb596276bd53fe3c4dda23a3ac_cppui_modular381, - 0x090320e2a3dccea5b870d1ef80c0bcb1e6850d9eea0be87072bee0268501840227688fa380bc013f44bbb00912541d51_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x11e68a527689b4b136defff43544c462d27e315991947fa59e1104aa6823bb975e578cd34a24192abd8aae1893610f9b_cppui_modular381, - 0x137ba0dd76e9cdc0a25bc4594cd461720140adcd7ec36f53aa12e210614951a42c27664e0e0ef8428feb56dd66f75544_cppui_modular381), - fq2_value_type( - 0x08e0d621b3a8786e329287aa695fe54e1f86e4747574113562aeffeffe7ec0485ece3e5f3475677d53e97f644bfc5a66_cppui_modular381, - 0x13a6371c49b093f9e90be0a1d10c94e8db018c37abd09f0d8207f8d1347ac4de544af34ffd0e76e835eb84cffc0d0390_cppui_modular381), - fq2_value_type::one())); - std::pair tmipp_wkey_opening = std::make_pair( - G1_value_type( - 0x0e9acd7993fbd343074b99e268e7bddd30d095981f8272a6a843670a15967537f3ea6c54f7f9290b308ba5c88c5d1b7e_cppui_modular381, - 0x1648288ac64ddcda8a2f129da1e869f95b0cdec1fdfb34103eb09b6adbb804d1c31fcbeb7185628c57f2de3059068c52_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13b9051f592110c431fc91d9f2c485f343d4a35cbb311753c1d57e673678a9a9ebafbd6af1175ec764c7cb4414244f25_cppui_modular381, - 0x0984164d7f949e15e6cba14ebbf8ddf946eb4f676f42202156b0ab9536750a1e2a11f9a51153c85add517f645bfe4b78_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(ip_ab, agg_proof.ip_ab); - BOOST_CHECK_EQUAL(agg_c, agg_proof.agg_c); - BOOST_CHECK(com_ab == agg_proof.com_ab); - BOOST_CHECK(com_c == agg_proof.com_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.nproofs, gp_n); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_ab == gp_comms_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_c == gp_comms_c); - BOOST_CHECK(agg_proof.tmipp.gipa.z_ab == gp_z_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.z_c == gp_z_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_a, gp_final_a); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_b, gp_final_b); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_c, gp_final_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_vkey, gp_final_vkey); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_wkey, gp_final_wkey); - BOOST_CHECK(agg_proof.tmipp.vkey_opening == tmipp_vkey_opening); - BOOST_CHECK(agg_proof.tmipp.wkey_opening == tmipp_wkey_opening); - - bool verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(verify_res); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling.cpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling.cpp deleted file mode 100644 index dbf13fadf8..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling.cpp +++ /dev/null @@ -1,66 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_marshalling_test - -#include - -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_gg_ppzksnark_marshalling.hpp" - -#include -#include -#include -#include -#include -#include - -#include -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void run_r1cs_gg_ppzksnark_marshalling_basic_test(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_gg_ppzksnark_marshalling(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_gg_ppzksnark_marshalling_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_gg_ppzksnark_marshalling_basic_test) { - run_r1cs_gg_ppzksnark_marshalling_basic_test>(100, 10); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling.cpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling.cpp deleted file mode 100644 index 095ffc7d09..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling.cpp +++ /dev/null @@ -1,68 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_tvm_marshalling_test - -#include - -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_gg_ppzksnark_tvm_marshalling.hpp" - -#include -#include -#include -#include -#include -#include - -#include "run_r1cs_gg_ppzksnark_tvm_marshalling.hpp" - -#include -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void run_r1cs_gg_ppzksnark_tvm_marshalling_basic_test(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_gg_ppzksnark_tvm_marshalling(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_gg_ppzksnark_marshalling_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_gg_ppzksnark_marshalling_basic_test) { - run_r1cs_gg_ppzksnark_tvm_marshalling_basic_test>(20, 5); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark.hpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark.hpp deleted file mode 100644 index 666a80a02b..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark.hpp +++ /dev/null @@ -1,145 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS GG-ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_GG_PPZKSNARK_HPP -#define CRYPTO3_RUN_R1CS_GG_PPZKSNARK_HPP - -#include - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Runs the ppzkSNARK (generator, prover, and verifier) for a given - * R1CS example (specified by a constraint system, input, and witness). - */ - - // template - // typename std::enable_if::type - // test_affine_verifier(const typename r1cs_gg_ppzksnark::verification_key_type &vk, - // const typename r1cs_gg_ppzksnark::primary_input_type - // &primary_input, const typename r1cs_gg_ppzksnark::proof_type - // &proof, const bool expected_answer) { - // const bool answer = verify>>(vk, - // primary_input, - // proof); - // BOOST_CHECK(answer == expected_answer); - // } - - /** - * The code below provides an example of all stages of running a R1CS GG-ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_gg_ppzksnark(const r1cs_example &example) { - - using basic_proof_system = r1cs_gg_ppzksnark; - using weak_proof_system = - r1cs_gg_ppzksnark, - r1cs_gg_ppzksnark_prover, - r1cs_gg_ppzksnark_verifier_weak_input_consistency>; - - std::cout << "Starting generator" << std::endl; - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting verification key processing" << std::endl; - - typename basic_proof_system::processed_verification_key_type pvk = - r1cs_gg_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "Starting prover" << std::endl; - - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - /*const bool ans = - r1cs_gg_ppzksnark>::verifier(keypair.vk, - example.primary_input, proof);*/ - - std::cout << "Starting verifier" << std::endl; - - const bool ans = verify(std::get<1>(keypair), example.primary_input, proof); - - std::cout << "Verifier finished, result: " << ans << std::endl; - - std::cout << "Starting online verifier" << std::endl; - - const bool ans2 = verify(pvk, example.primary_input, proof); - - std::cout << "Online verifier finished, result: " << ans2 << std::endl; - - BOOST_CHECK(ans == ans2); - - std::cout << "Starting weak verifier" << std::endl; - - const bool ans3 = verify(keypair.second, example.primary_input, proof); - - std::cout << "Weak verifier finished, result: " << ans3 << std::endl; - - BOOST_CHECK(ans == ans3); - - std::cout << "Starting online weak verifier" << std::endl; - - const bool ans4 = verify(pvk, example.primary_input, proof); - - std::cout << "Online weak verifier finished, result: " << ans4 << std::endl; - - BOOST_CHECK(ans == ans4); - - /*test_affine_verifier(keypair.vk, example.primary_input, proof, ans);*/ - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_GG_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_marshalling.hpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_marshalling.hpp deleted file mode 100644 index 066c41dedc..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_marshalling.hpp +++ /dev/null @@ -1,104 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS GG-ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_GG_PPZKSNARK_MARSHALLING_HPP -#define CRYPTO3_RUN_R1CS_GG_PPZKSNARK_MARSHALLING_HPP - -#include -#include -#include - -#include -#include - -#include "../r1cs_examples.hpp" - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - bool run_verifier_with_byte_input(std::vector data) { - using proof_system_policy = ProofSystem; - - typename nil::marshalling::verifier_data_from_bits::verifier_data vd = - nil::marshalling::verifier_data_from_bits::process(data); - - std::cout << "Data converted from byte blob" << std::endl; - - return verify(vd.vk, vd.pi, vd.pr); - } - - /** - * The code below provides an example of all stages of running a R1CS GG-ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_gg_ppzksnark_marshalling( - const r1cs_example &example) { - - using proof_system_policy = r1cs_gg_ppzksnark; - - std::cout << "Starting generator" << std::endl; - - typename proof_system_policy::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting prover" << std::endl; - - typename proof_system_policy::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::vector data = nil::marshalling::verifier_data_to_bits::process( - keypair.second, example.primary_input, proof); - - std::cout << "Data converted to byte blob" << std::endl; - - std::cout << "Starting verifier" << std::endl; - - const bool ans = run_verifier_with_byte_input(data); - - std::cout << "Verifier finished, result: " << ans << std::endl; - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_GG_PPZKSNARK_MARSHALLING_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_tvm_marshalling.hpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_tvm_marshalling.hpp deleted file mode 100644 index a05f657f92..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_tvm_marshalling.hpp +++ /dev/null @@ -1,302 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS GG-ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_GG_PPZKSNARK_TVM_MARSHALLING_HPP -#define CRYPTO3_RUN_R1CS_GG_PPZKSNARK_TVM_MARSHALLING_HPP - -#include - -#include -#include -#include - -#include -#include - -#include -#include "../r1cs_examples.hpp" - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a R1CS GG-ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_gg_ppzksnark_tvm_marshalling( - const r1cs_example &example); - - template - void print_proving_key(r1cs_gg_ppzksnark_proving_key pk) { - std::cout << "alpha_g1: " - << pk.alpha_g1.to_affine().X.data << " " << pk.alpha_g1.to_affine().Y.data << " " - << pk.alpha_g1.to_affine().Z.data << std::endl - << "beta_g1: " - << pk.beta_g1.to_affine().X.data << " " << pk.beta_g1.to_affine().Y.data << " " - << pk.beta_g1.to_affine().Z.data << std::endl - << "beta_g2: " - << pk.beta_g2.to_affine().X.data[0].data << " " << pk.beta_g2.to_affine().Y.data[0].data - << " " << pk.beta_g2.to_affine().Z.data[0].data << std::endl - << pk.beta_g2.to_affine().X.data[1].data << " " << pk.beta_g2.to_affine().Y.data[1].data - << " " << pk.beta_g2.to_affine().Z.data[1].data << std::endl - << "delta_g1: " - << pk.delta_g1.to_affine().X.data << " " << pk.delta_g1.to_affine().Y.data << " " - << pk.delta_g1.to_affine().Z.data << std::endl - << "delta_g2: " - << pk.delta_g2.to_affine().X.data[0].data << " " << pk.delta_g2.to_affine().Y.data[0].data - << " " << pk.delta_g2.to_affine().Z.data[0].data << std::endl - << pk.delta_g2.to_affine().X.data[1].data << " " << pk.delta_g2.to_affine().Y.data[1].data - << " " << pk.delta_g2.to_affine().Z.data[1].data << std::endl; - } - - template - void print_verification_key(r1cs_gg_ppzksnark_verification_key vk) { - std::cout << "gamma_g2: " - << vk.gamma_g2.to_affine().X.data[0].data << " " << vk.gamma_g2.to_affine().Y.data[0].data - << " " << vk.gamma_g2.to_affine().Z.data[0].data << std::endl - << vk.gamma_g2.to_affine().X.data[1].data << " " << vk.gamma_g2.to_affine().Y.data[1].data - << " " << vk.gamma_g2.to_affine().Z.data[1].data << std::endl - << "delta_g2: " - << vk.delta_g2.to_affine().X.data[0].data << " " << vk.delta_g2.to_affine().Y.data[0].data - << " " << vk.delta_g2.to_affine().Z.data[0].data << std::endl - << vk.delta_g2.to_affine().X.data[1].data << " " << vk.delta_g2.to_affine().Y.data[1].data - << " " << vk.delta_g2.to_affine().Z.data[1].data << std::endl; - } - - template<> - bool run_r1cs_gg_ppzksnark_tvm_marshalling>( - const r1cs_example::scalar_field_type> &example) { - - using CurveType = typename nil::crypto3::algebra::curves::bls12<381>; - - using scheme_type = r1cs_gg_ppzksnark; - - std::cout << "Starting generator" << std::endl; - - typename scheme_type::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting prover" << std::endl; - - typename scheme_type::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << std::hex << "Obtained proof: " << proof.g_A.to_affine().X.data << " " - << proof.g_A.to_affine().Y.data << " " << proof.g_A.to_affine().Z.data << std::endl - << proof.g_B.to_affine().X.data[0].data << " " << proof.g_B.to_affine().X.data[1].data - << " " << proof.g_B.to_affine().Y.data[0].data << std::endl - << proof.g_B.to_affine().Y.data[1].data << " " << proof.g_B.to_affine().Z.data[0].data - << " " << proof.g_B.to_affine().Z.data[1].data << std::endl - << proof.g_C.to_affine().X.data << " " << proof.g_C.to_affine().Y.data << " " - << proof.g_C.to_affine().Z.data << std::endl; - - std::cout << std::hex << "Obtained proving key: " << std::endl; - print_proving_key(keypair.first); - - std::cout << std::hex << "Obtained verification key: " << std::endl; - print_verification_key(keypair.second); - - std::cout << std::hex << "Obtained primary input: " << std::endl; - - for (auto it = example.primary_input.begin(); it != example.primary_input.end(); it++) { - std::cout << std::hex << it->data << " "; - } - std::cout << std::endl; - - std::vector proving_key_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - keypair.first); - - marshalling::status_type provingProcessingStatus = marshalling::status_type::success; - - typename scheme_type::proving_key_type other = - nil::marshalling::verifier_input_deserializer_tvm::proving_key_process( - proving_key_byteblob.cbegin(), - proving_key_byteblob.cend(), - provingProcessingStatus); - - std::cout << "Decoded proving key:" << std::endl; - print_proving_key(other); - - BOOST_CHECK(keypair.first == other); - BOOST_CHECK(keypair.first.alpha_g1 == other.alpha_g1 && keypair.first.beta_g1 == other.beta_g1); - BOOST_CHECK(keypair.first.beta_g2 == other.beta_g2 && keypair.first.delta_g1 == other.delta_g1); - BOOST_CHECK(keypair.first.delta_g2 == other.delta_g2 && keypair.first.A_query == other.A_query); - BOOST_CHECK(keypair.first.B_query == other.B_query && keypair.first.H_query == other.H_query); - BOOST_CHECK(keypair.first.L_query == other.L_query); - BOOST_CHECK(keypair.first.constraint_system == other.constraint_system); - BOOST_CHECK(keypair.first.constraint_system.primary_input_size == - other.constraint_system.primary_input_size); - BOOST_CHECK(keypair.first.constraint_system.auxiliary_input_size == - other.constraint_system.auxiliary_input_size); - BOOST_CHECK(keypair.first.constraint_system.constraints.size() == - other.constraint_system.constraints.size()); - - for (std::size_t i = 0; i < keypair.first.constraint_system.constraints.size(); i++) { - std::cout << std::endl << "i:" << i << std::endl; - BOOST_CHECK(keypair.first.constraint_system.constraints[i] == - other.constraint_system.constraints[i]); - } - - std::vector verification_key_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - keypair.second); - std::vector primary_input_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - example.primary_input); - std::vector proof_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - proof); - - std::cout << "Verification key byteblob, size " << std::dec << verification_key_byteblob.size() - << std::endl; - - for (auto it = verification_key_byteblob.begin(); it != verification_key_byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::cout << "Primary input byteblob, size " << std::dec << primary_input_byteblob.size() - << std::endl; - - for (auto it = primary_input_byteblob.begin(); it != primary_input_byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::cout << "Proof byteblob, size " << std::dec << proof_byteblob.size() << std::endl; - - for (auto it = proof_byteblob.begin(); it != proof_byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::vector byteblob; - - byteblob.insert(byteblob.end(), proof_byteblob.begin(), proof_byteblob.end()); - byteblob.insert(byteblob.end(), primary_input_byteblob.begin(), primary_input_byteblob.end()); - byteblob.insert(byteblob.end(), verification_key_byteblob.begin(), verification_key_byteblob.end()); - - std::cout << "Data converted to byte blob" << std::endl; - - for (auto it = byteblob.begin(); it != byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::cout << "Starting verifier with plain input" << std::endl; - - bool ans = verify(keypair.second, example.primary_input, proof); - - std::cout << "Verifier with plain input finished, result: " << ans << std::endl; - - marshalling::status_type processingStatus = marshalling::status_type::success; - - auto tup = nil::marshalling::verifier_input_deserializer_tvm::verifier_input_process( - byteblob.cbegin(), - byteblob.cend(), - processingStatus); - - if (processingStatus != marshalling::status_type::success) { - std::cout << "Incorrect datablob!" << std::endl; - - return false; - } - - BOOST_CHECK(processingStatus == marshalling::status_type::success); - - typename scheme_type::proof_type de_prf = std::get<2>(tup); - typename scheme_type::primary_input_type de_pi = std::get<1>(tup); - typename scheme_type::verification_key_type de_vk = std::get<0>(tup); - - // typename scheme_type::proof_type de_prf = nil::marshalling::verifier_input_deserializer_tvm::proof_process(proof_byteblob.cbegin(), proof_byteblob.cend()); - // typename scheme_type::primary_input_type de_pi = nil::marshalling::verifier_input_deserializer_tvm::primary_input_process(primary_input_byteblob.cbegin(), primary_input_byteblob.cend()); - // typename scheme_type::verification_key_type de_vk = nil::marshalling::verifier_input_deserializer_tvm::verification_key_process(verification_key_byteblob.cbegin(), verification_key_byteblob.cend()); - - std::cout << std::hex << "Decoded proof: " << de_prf.g_A.to_affine().X.data << " " - << de_prf.g_A.to_affine().Y.data << " " << de_prf.g_A.to_affine().Z.data << std::endl - << de_prf.g_B.to_affine().X.data[0].data << " " << de_prf.g_B.to_affine().X.data[1].data - << " " << de_prf.g_B.to_affine().Y.data[0].data << std::endl - << de_prf.g_B.to_affine().Y.data[1].data << " " << de_prf.g_B.to_affine().Z.data[0].data - << " " << de_prf.g_B.to_affine().Z.data[1].data << std::endl - << de_prf.g_C.to_affine().X.data << " " << de_prf.g_C.to_affine().Y.data << " " - << de_prf.g_C.to_affine().Z.data << std::endl; - - assert (de_prf == proof); - - std::cout << std::hex << "Decoded primary input: " << std::endl; - - for (auto it = de_pi.begin(); it != de_pi.end(); it++) { - std::cout << std::hex << it->data << " "; - } - std::cout << std::endl; - - // assert (de_pi == example.primary_input); - - std::cout << std::hex << "Decoded verification key: " << "gamma_g2: " - << de_vk.gamma_g2.to_affine().X.data[0].data << " " - << de_vk.gamma_g2.to_affine().Y.data[0].data << " " - << de_vk.gamma_g2.to_affine().Z.data[0].data << std::endl - << de_vk.gamma_g2.to_affine().X.data[1].data << " " - << de_vk.gamma_g2.to_affine().Y.data[1].data << " " - << de_vk.gamma_g2.to_affine().Z.data[1].data << std::endl - << "delta_g2: " - << de_vk.delta_g2.to_affine().X.data[0].data << " " - << de_vk.delta_g2.to_affine().Y.data[0].data << " " - << de_vk.delta_g2.to_affine().Z.data[0].data << std::endl - << de_vk.delta_g2.to_affine().X.data[1].data << " " - << de_vk.delta_g2.to_affine().Y.data[1].data << " " - << de_vk.delta_g2.to_affine().Z.data[1].data << std::endl; - - assert (de_vk == keypair.second); - - std::cout << "Starting verifier with decoded input" << std::endl; - - ans = verify(de_vk, de_pi, de_prf); - - std::cout << "Verifier with decoded input finished, result: " << ans << std::endl; - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_GG_PPZKSNARK_TVM_MARSHALLING_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.cpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.cpp deleted file mode 100644 index 0633e5bd33..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.cpp +++ /dev/null @@ -1,67 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_r1cs_ppzksnark(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_ppzksnark_test) { - test_r1cs_ppzksnark>(1000, 100); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_ppzksnark/run_r1cs_ppzksnark.hpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_ppzksnark/run_r1cs_ppzksnark.hpp deleted file mode 100644 index 456d73491e..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_ppzksnark/run_r1cs_ppzksnark.hpp +++ /dev/null @@ -1,142 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_PPZKSNARK_HPP -#define CRYPTO3_RUN_R1CS_PPZKSNARK_HPP - -#include - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /*template - typename std::enable_if::type - test_affine_verifier(const typename r1cs_ppzksnark::verification_key_type &vk, - const typename r1cs_ppzksnark::primary_input_type &primary_input, - const typename r1cs_ppzksnark::proof_type &proof, - const bool expected_answer) { - const bool answer = r1cs_ppzksnark_affine_verifier_weak_IC(vk, primary_input, proof); - BOOST_CHECK(answer == expected_answer); - } - - template - typename std::enable_if::type - test_affine_verifier(const typename r1cs_ppzksnark::verification_key_type &vk, - const typename r1cs_ppzksnark::primary_input_type &primary_input, - const typename r1cs_ppzksnark::proof_type &proof, - const bool expected_answer) { - BOOST_ATTRIBUTE_UNUSED(vk, primary_input, proof, expected_answer); - }*/ - - /** - * The code below provides an example of all stages of running a R1CS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_ppzksnark(const r1cs_example &example) { - - using basic_proof_system = r1cs_ppzksnark; - using weak_proof_system = r1cs_ppzksnark, - r1cs_ppzksnark_prover, - r1cs_ppzksnark_verifier_weak_input_consistency>; - - std::cout << "Starting generator" << std::endl; - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting verification key processing" << std::endl; - - typename basic_proof_system::processed_verification_key_type pvk = - r1cs_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "Starting prover" << std::endl; - - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << "Starting verifier" << std::endl; - - const bool ans = verify(keypair.second, example.primary_input, proof); - - std::cout << "Verifier finished, result: " << ans << std::endl; - - std::cout << "Starting online verifier" << std::endl; - - const bool ans2 = - verify(pvk, example.primary_input, proof); - - std::cout << "Online verifier finished, result: " << ans2 << std::endl; - - BOOST_CHECK(ans == ans2); - - std::cout << "Starting weak verifier" << std::endl; - - const bool ans3 = verify(keypair.second, - example.primary_input, proof); - - std::cout << "Weak verifier finished, result: " << ans3 << std::endl; - - BOOST_CHECK(ans == ans3); - - std::cout << "Starting online weak verifier" << std::endl; - - const bool ans4 = verify(pvk, example.primary_input, proof); - - std::cout << "Online weak verifier finished, result: " << ans4 << std::endl; - - BOOST_CHECK(ans == ans4); - - /*test_affine_verifier(keypair.second, example.primary_input, proof, ans);*/ - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.cpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.cpp deleted file mode 100644 index a0d4bcbb41..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.cpp +++ /dev/null @@ -1,66 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the SEppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_se_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "run_r1cs_se_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_r1cs_se_ppzksnark(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_se_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_se_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_se_ppzksnark_test) { - test_r1cs_se_ppzksnark>(1000, 100); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_se_ppzksnark/run_r1cs_se_ppzksnark.hpp b/crypto3/libs/zk/test/systems/ppzksnark/r1cs_se_ppzksnark/run_r1cs_se_ppzksnark.hpp deleted file mode 100644 index 0a93164a55..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/r1cs_se_ppzksnark/run_r1cs_se_ppzksnark.hpp +++ /dev/null @@ -1,85 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS SEppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_SE_PPZKSNARK_HPP -#define CRYPTO3_RUN_R1CS_SE_PPZKSNARK_HPP - -#include - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a R1CS SEppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the SEppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the SEppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the SEppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_se_ppzksnark(const r1cs_example &example) { - using basic_proof_system = r1cs_se_ppzksnark; - - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - typename basic_proof_system::processed_verification_key_type pvk = - r1cs_se_ppzksnark_process_verification_key::process(keypair.second); - - typename basic_proof_system::proof_type proof = prove( - keypair.first, example.primary_input, example.auxiliary_input); - - const bool ans = verify(keypair.second, example.primary_input, proof); - - const bool ans2 = verify(pvk, example.primary_input, proof); - - BOOST_CHECK(ans == ans2); - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_SE_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/ram_examples.hpp b/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/ram_examples.hpp deleted file mode 100644 index 1de530fd25..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/ram_examples.hpp +++ /dev/null @@ -1,172 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a RAM example, as well as functions to sample -// RAM examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_RAM_EXAMPLES_HPP -#define CRYPTO3_ZK_RAM_EXAMPLES_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - struct ram_example { - ram_architecture_params ap; - std::size_t boot_trace_size_bound; - std::size_t time_bound; - ram_boot_trace boot_trace; - ram_input_tape auxiliary_input; - }; - - /** - * For now: only specialized to TinyRAM - */ - template - ram_example gen_ram_example_simple(const ram_architecture_params &ap, - std::size_t boot_trace_size_bound, std::size_t time_bound, - bool satisfiable = true) { - const std::size_t program_size = boot_trace_size_bound / 2; - const std::size_t input_size = boot_trace_size_bound - program_size; - - ram_example result; - - result.ap = ap; - result.boot_trace_size_bound = boot_trace_size_bound; - result.time_bound = time_bound; - - tinyram_program prelude; - prelude.instructions = generate_tinyram_prelude(ap); - - std::size_t boot_pos = 0; - for (std::size_t i = 0; i < prelude.instructions.size(); ++i) { - result.boot_trace.set_trace_entry(boot_pos++, - std::make_pair(i, prelude.instructions[i].as_dword(ap))); - } - - result.boot_trace[boot_pos] = std::make_pair( - boot_pos++, tinyram_instruction(tinyram_opcode_ANSWER, true, 0, 0, satisfiable ? 0 : 1) - .as_dword(ap)); /* answer 0/1 depending on satisfiability */ - - while (boot_pos < program_size) { - result.boot_trace.set_trace_entry(boot_pos++, random_tinyram_instruction(ap).as_dword(ap)); - } - - for (std::size_t i = 0; i < input_size; ++i) { - result.boot_trace.set_trace_entry( - boot_pos++, - std::make_pair((1ul << (ap.dwaddr_len() - 1)) + i, std::rand() % (1ul << (2 * ap.w)))); - } - - BOOST_CHECK(boot_pos == boot_trace_size_bound); - - return result; - } - - /** - * For now: only specialized to TinyRAM - */ - template - ram_example gen_ram_example_complex(const ram_architecture_params &ap, - std::size_t boot_trace_size_bound, std::size_t time_bound, - bool satisfiable = true) { - const std::size_t program_size = boot_trace_size_bound / 2; - const std::size_t input_size = boot_trace_size_bound - program_size; - - BOOST_CHECK(2 * ap.w / 8 * program_size < 1ul << (ap.w - 1)); - BOOST_CHECK(ap.w / 8 * input_size < 1ul << (ap.w - 1)); - - ram_example result; - - result.ap = ap; - result.boot_trace_size_bound = boot_trace_size_bound; - result.time_bound = time_bound; - - tinyram_program prelude; - prelude.instructions = generate_tinyram_prelude(ap); - - std::size_t boot_pos = 0; - for (std::size_t i = 0; i < prelude.instructions.size(); ++i) { - result.boot_trace.set_trace_entry(boot_pos++, - std::make_pair(i, prelude.instructions[i].as_dword(ap))); - } - - const std::size_t prelude_len = prelude.instructions.size(); - const std::size_t instr_addr = (prelude_len + 4) * (2 * ap.w / 8); - const std::size_t input_addr = - (1ul << (ap.w - 1)) + (ap.w / 8); // byte address of the first input word - - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, - tinyram_instruction(tinyram_opcode_LOADB, true, 1, 0, instr_addr).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, - tinyram_instruction(tinyram_opcode_LOADW, true, 2, 0, input_addr).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, tinyram_instruction(tinyram_opcode_SUB, false, 1, 1, 2).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair( - boot_pos, tinyram_instruction(tinyram_opcode_STOREB, true, 1, 0, instr_addr).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, - tinyram_instruction(tinyram_opcode_ANSWER, true, 0, 0, 1).as_dword(ap))); - ++boot_pos; - - while (boot_pos < program_size) { - result.boot_trace.set_trace_entry( - boot_pos, std::make_pair(boot_pos, random_tinyram_instruction(ap).as_dword(ap))); - ++boot_pos; - } - - result.boot_trace.set_trace_entry( - boot_pos++, std::make_pair(1ul << (ap.dwaddr_len() - 1), satisfiable ? 1ul << ap.w : 0)); - - for (std::size_t i = 1; i < input_size; ++i) { - result.boot_trace.set_trace_entry( - boot_pos++, - std::make_pair((1ul << (ap.dwaddr_len() - 1)) + i + 1, std::rand() % (1ul << (2 * ap.w)))); - } - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // RAM_EXAMPLES_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/ram_ppzksnark.cpp b/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/ram_ppzksnark.cpp deleted file mode 100644 index 075d976f12..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/ram_ppzksnark.cpp +++ /dev/null @@ -1,73 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE ram_ppzksnark_test - -#include - -#include -#include -#include -#include -#include - -#include "ram_examples.hpp" -#include "run_ram_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_ram_ppzksnark(const std::size_t w, - const std::size_t k, - const std::size_t program_size, - const std::size_t input_size, - const std::size_t time_bound) { - typedef ram_ppzksnark_machine_pp machine_ppT; - const std::size_t boot_trace_size_bound = program_size + input_size; - const bool satisfiable = true; - - const ram_ppzksnark_architecture_params ap(w, k); - const ram_example example = - gen_ram_example_complex(ap, boot_trace_size_bound, time_bound, satisfiable); - - const bool bit = run_ram_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(ram_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(ram_ppzksnark_test) { - const std::size_t program_size = 100; - const std::size_t input_size = 2; - const std::size_t time_bound = 20; - - // 16-bit TinyRAM with 16 registers - test_ram_ppzksnark(16, 16, program_size, input_size, time_bound); - - // 32-bit TinyRAM with 16 registers - test_ram_ppzksnark(32, 16, program_size, input_size, time_bound); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/run_ram_ppzksnark.hpp b/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/run_ram_ppzksnark.hpp deleted file mode 100644 index f2b390c3ce..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/ram_ppzksnark/run_ram_ppzksnark.hpp +++ /dev/null @@ -1,88 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_RAM_PPZKSNARK_HPP -#define CRYPTO3_RUN_RAM_PPZKSNARK_HPP - -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a RAM ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * architecture and bounds on the computation. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a boot trace, and an auxiliary input. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a boot trace, and a proof. - */ - template - bool run_ram_ppzksnark(const ram_example> &example) { - using basic_proof_system = ram_ppzksnark; - - std::cout << "Call to run_ram_ppzksnark" << std::endl; - - printf("This run uses an example with the following parameters:\n"); - example.ap.print(); - printf("* Primary input size bound (L): %zu\n", example.boot_trace_size_bound); - printf("* Time bound (T): %zu\n", example.time_bound); - printf("Hence, algebra::log2(L+2*T) equals %zu\n", - algebra::log2(example.boot_trace_size_bound + 2 * example.time_bound)); - - std::cout << "RAM ppzkSNARK Generator" << std::endl; - typename basic_proof_system::keypair_type keypair = generate( - example.ap, example.boot_trace_size_bound, example.time_bound); - - std::cout << "RAM ppzkSNARK Prover" << std::endl; - typename basic_proof_system::proof_type proof = prove( - keypair.first, example.boot_trace, example.auxiliary_input); - - std::cout << "RAM ppzkSNARK Verifier" << std::endl; - bool ans = verify(keypair.second, example.boot_trace, proof); - - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_RAM_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/run_tbcs_ppzksnark.hpp b/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/run_tbcs_ppzksnark.hpp deleted file mode 100644 index f4521da840..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/run_tbcs_ppzksnark.hpp +++ /dev/null @@ -1,88 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_TBCS_PPZKSNARK_HPP -#define CRYPTO3_RUN_TBCS_PPZKSNARK_HPP - -#include "tbcs_examples.hpp" - -#include - -#include -#include -#include - - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a TBCS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * circuit C to create a proving and a verification key for C. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for C, and an auxiliary input for C. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for C, and a proof. - */ - template - bool run_tbcs_ppzksnark(const tbcs_example &example) { - using basic_proof_system = tbcs_ppzksnark; - - std::cout << "Call to run_tbcs_ppzksnark" << std::endl; - - std::cout << "TBCS ppzkSNARK Generator" << std::endl; - typename basic_proof_system::keypair_type keypair = generate(example.circuit); - - std::cout << "Preprocess verification key" << std::endl; - typename basic_proof_system::processed_verification_key_type pvk = - tbcs_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "TBCS ppzkSNARK Prover" << std::endl; - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << "TBCS ppzkSNARK Verifier" << std::endl; - bool ans = verify(keypair.second, example.primary_input, proof); - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - std::cout << "TBCS ppzkSNARK Online Verifier" << std::endl; - bool ans2 = verify(pvk, example.primary_input, proof); - BOOST_CHECK(ans == ans2); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_TBCS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_examples.hpp b/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_examples.hpp deleted file mode 100644 index b1b3e7b86f..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_examples.hpp +++ /dev/null @@ -1,131 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a TBCS example, as well as functions to sample -// TBCS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_EXAMPLES_HPP -#define CRYPTO3_ZK_TBCS_EXAMPLES_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A TBCS example comprises a TBCS circuit, TBCS primary input, and TBCS auxiliary input. - */ - struct tbcs_example { - - tbcs_circuit circuit; - tbcs_primary_input primary_input; - tbcs_auxiliary_input auxiliary_input; - - tbcs_example() = default; - tbcs_example(const tbcs_example &other) = default; - tbcs_example(const tbcs_circuit &circuit, - const tbcs_primary_input &primary_input, - const tbcs_auxiliary_input &auxiliary_input) : - circuit(circuit), - primary_input(primary_input), auxiliary_input(auxiliary_input) { - } - - tbcs_example(tbcs_circuit &&circuit, - tbcs_primary_input &&primary_input, - tbcs_auxiliary_input &&auxiliary_input) : - circuit(std::move(circuit)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) { - } - }; - - /** - * Generate a TBCS example such that: - * - the primary input has size primary_input_size; - * - the auxiliary input has size auxiliary_input_size; - * - the circuit has num_gates gates; - * - the circuit has num_outputs (<= num_gates) output gates. - * - * This is done by first selecting primary and auxiliary inputs uniformly at random, and then for each - * gate: - * - selecting random left and right wires from primary inputs, auxiliary inputs, and outputs of - * previous gates, - * - selecting a gate type at random (subject to the constraint "output = 0" if this is an output gate). - */ - tbcs_example generate_tbcs_example(std::size_t primary_input_size, - std::size_t auxiliary_input_size, - std::size_t num_gates, - std::size_t num_outputs) { - tbcs_example example; - for (std::size_t i = 0; i < primary_input_size; ++i) { - example.primary_input.push_back(std::rand() % 2 == 0 ? false : true); - } - - for (std::size_t i = 0; i < auxiliary_input_size; ++i) { - example.auxiliary_input.push_back(std::rand() % 2 == 0 ? false : true); - } - - example.circuit.primary_input_size = primary_input_size; - example.circuit.auxiliary_input_size = auxiliary_input_size; - - tbcs_variable_assignment all_vals; - all_vals.insert(all_vals.end(), example.primary_input.begin(), example.primary_input.end()); - all_vals.insert(all_vals.end(), example.auxiliary_input.begin(), example.auxiliary_input.end()); - - for (std::size_t i = 0; i < num_gates; ++i) { - const std::size_t num_variables = primary_input_size + auxiliary_input_size + i; - tbcs_gate gate; - gate.left_wire = std::rand() % (num_variables + 1); - gate.right_wire = std::rand() % (num_variables + 1); - gate.output = num_variables + 1; - - if (i >= num_gates - num_outputs) { - /* make gate a circuit output and fix */ - do { - gate.type = (tbcs_gate_type)(std::rand() % num_tbcs_gate_types); - } while (gate.evaluate(all_vals)); - - gate.is_circuit_output = true; - } else { - gate.type = (tbcs_gate_type)(std::rand() % num_tbcs_gate_types); - gate.is_circuit_output = false; - } - - example.circuit.add_gate(gate); - all_vals.push_back(gate.evaluate(all_vals)); - } - - BOOST_CHECK(example.circuit.is_satisfied(example.primary_input, example.auxiliary_input)); - - return example; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // TBCS_EXAMPLES_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark.cpp b/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark.cpp deleted file mode 100644 index aa8f5e2a6d..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark.cpp +++ /dev/null @@ -1,68 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic TBCS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE tbcs_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "tbcs_examples.hpp" -#include "run_tbcs_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_tbcs_ppzksnark(std::size_t primary_input_size, std::size_t auxiliary_input_size, std::size_t num_gates, - std::size_t num_outputs) { - const tbcs_example example = - generate_tbcs_example(primary_input_size, auxiliary_input_size, num_gates, num_outputs); - - const bool bit = run_tbcs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(tbcs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(tbcs_ppzksnark_test) { - test_tbcs_ppzksnark>(10, 10, 20, 5); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/run_uscs_ppzksnark.hpp b/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/run_uscs_ppzksnark.hpp deleted file mode 100644 index 8c67357714..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/run_uscs_ppzksnark.hpp +++ /dev/null @@ -1,82 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the USCS ppzkSNARK for -// a given USCS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_USCS_PPZKSNARK_HPP -#define CRYPTO3_RUN_USCS_PPZKSNARK_HPP - -#include "uscs_examples.hpp" - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a USCS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_uscs_ppzksnark(const uscs_example &example) { - using basic_proof_system = uscs_ppzksnark; - - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - typename basic_proof_system::processed_verification_key_type pvk = - uscs_ppzksnark_process_verification_key::process(keypair.second); - - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - bool ans = verify(keypair.second, example.primary_input, proof); - - bool ans2 = verify(pvk, example.primary_input, proof); - BOOST_CHECK(ans == ans2); - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_USCS_PPZKSNARK_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_examples.hpp b/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_examples.hpp deleted file mode 100644 index c9ced3551f..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_examples.hpp +++ /dev/null @@ -1,190 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a USCS example, as well as functions to sample -// USCS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_EXAMPLES_HPP -#define CRYPTO3_ZK_USCS_EXAMPLES_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A USCS example comprises a USCS constraint system, USCS input, and USCS witness. - */ - template - struct uscs_example { - uscs_constraint_system constraint_system; - uscs_primary_input primary_input; - uscs_auxiliary_input auxiliary_input; - - uscs_example() = default; - uscs_example(const uscs_example &other) = default; - uscs_example(const uscs_constraint_system &constraint_system, - const uscs_primary_input &primary_input, - const uscs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - uscs_example(uscs_constraint_system &&constraint_system, - uscs_primary_input &&primary_input, - uscs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - uscs_example generate_uscs_example_with_field_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - BOOST_CHECK(num_constraints >= num_inputs); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints - num_inputs; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_constraints; ++i) { - full_variable_assignment.emplace_back(typename FieldType::value_type(std::rand() % 2)); - } - - for (std::size_t i = 0; i < num_constraints; ++i) { - std::size_t x, y, z; - - do { - x = std::rand() % num_constraints; - y = std::rand() % num_constraints; - z = std::rand() % num_constraints; - } while (x == z || y == z); - - const typename FieldType::value_type x_coeff = algebra::random_element(); - const typename FieldType::value_type y_coeff = algebra::random_element(); - const typename FieldType::value_type val = - (std::rand() % 2 == 0 ? FieldType::value_type::one() : -FieldType::value_type::one()); - const typename FieldType::value_type z_coeff = - (val - x_coeff * full_variable_assignment[x] - y_coeff * full_variable_assignment[y]) * - full_variable_assignment[z].inversed(); - - uscs_constraint constr; - constr.add_term(x + 1, x_coeff); - constr.add_term(y + 1, y_coeff); - constr.add_term(z + 1, z_coeff); - - cs.add_constraint(constr); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of binary values (as opposed to ``full'' field elements). - */ - template - uscs_example generate_uscs_example_with_binary_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(typename FieldType::value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - - /* chose two random bits and XOR them together */ - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - uscs_constraint constr; - constr.add_term(u + 1, 1); - constr.add_term(v + 1, 1); - constr.add_term(lastvar + 1, 1); - constr.add_term(0, -FieldType::value_type::one()); // shift constant term (which is 0) by 1 - - cs.add_constraint(constr); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // USCS_EXAMPLES_HPP diff --git a/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark.cpp b/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark.cpp deleted file mode 100644 index 8c89a65489..0000000000 --- a/crypto3/libs/zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark.cpp +++ /dev/null @@ -1,66 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic USCS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE uscs_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "uscs_examples.hpp" -#include "run_uscs_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_uscs_ppzksnark(std::size_t num_constraints, std::size_t input_size) { - uscs_example example = - generate_uscs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_uscs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(uscs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(uscs_ppzksnark_test) { - test_uscs_ppzksnark>(1000, 100); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/flake.nix b/flake.nix index 4ae63ebdfd..0cc747f9a1 100644 --- a/flake.nix +++ b/flake.nix @@ -63,24 +63,6 @@ runTests = false; }); - zkevm-framework = (pkgs.callPackage ./zkevm-framework.nix { - runTests = false; - enableDebug = false; - }); - zkevm-framework-tests = (pkgs.callPackage ./zkevm-framework.nix { - runTests = true; - enableDebug = false; - }); - zkevm-framework-debug-tests = (pkgs.callPackage ./zkevm-framework.nix { - enableDebug = true; - runTests = true; - }); - zkevm-framework-clang-debug = (pkgs.callPackage ./zkevm-framework.nix { - stdenv = pkgs.llvmPackages_19.stdenv; - enableDebug = true; - runTests = false; - }); - proof-producer = (pkgs.callPackage ./proof-producer.nix { runTests = false; enableDebug = false; @@ -108,7 +90,7 @@ # fetched from the cache. all = pkgs.symlinkJoin { name = "all"; - paths = [ crypto3 zkevm-framework proof-producer]; + paths = [ crypto3 proof-producer]; }; default = all; }; @@ -140,11 +122,6 @@ enableDebug = false; }); - zkevm-framework-gcc = (pkgs.callPackage ./zkevm-framework.nix { - runTests = true; - enableDebug = false; - }); - proof-producer-gcc = (pkgs.callPackage ./proof-producer.nix { runTests = true; enableDebug = false; @@ -165,15 +142,11 @@ }; all-gcc = pkgs.symlinkJoin { name = "all"; - paths = [ crypto3-gcc parallel-crypto3-gcc zkevm-framework-gcc proof-producer-gcc ]; + paths = [ crypto3-gcc parallel-crypto3-gcc proof-producer-gcc ]; }; default = all-gcc; }; apps = { - assigner = { - type = "app"; - program = "${self.packages.${system}.zkevm-framework}/bin/assigner"; - }; single-threaded = { type = "app"; program = "${self.packages.${system}.proof-producer}/bin/proof-producer-single-threaded"; diff --git a/parallel-crypto3/libs/parallel-zk/examples/relations/circuit_satisfaction_problems/bacs/bacs_examples.hpp b/parallel-crypto3/libs/parallel-zk/examples/relations/circuit_satisfaction_problems/bacs/bacs_examples.hpp deleted file mode 100644 index da08799e71..0000000000 --- a/parallel-crypto3/libs/parallel-zk/examples/relations/circuit_satisfaction_problems/bacs/bacs_examples.hpp +++ /dev/null @@ -1,173 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BACS_EXAMPLES_HPP -#define CRYPTO3_BACS_EXAMPLES_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A BACS example comprises a BACS circuit, BACS primary input, and BACS auxiliary input. - */ - template - struct bacs_example { - - bacs_circuit circuit; - bacs_primary_input primary_input; - bacs_auxiliary_input auxiliary_input; - - bacs_example() = default; - bacs_example(const bacs_example &other) = default; - bacs_example(const bacs_circuit &circuit, - const bacs_primary_input &primary_input, - const bacs_auxiliary_input &auxiliary_input) : - circuit(circuit), - primary_input(primary_input), auxiliary_input(auxiliary_input) { - } - - bacs_example(bacs_circuit &&circuit, - bacs_primary_input &&primary_input, - bacs_auxiliary_input &&auxiliary_input) : - circuit(std::move(circuit)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) { - } - }; - - /** - * Generate a BACS example such that: - * - the primary input has size primary_input_size; - * - the auxiliary input has size auxiliary_input_size; - * - the circuit has num_gates gates; - * - the circuit has num_outputs (<= num_gates) output gates. - * - * This is done by first selecting primary and auxiliary inputs uniformly at random, and then for each - * gate: - * - selecting random left and right wires from primary inputs, auxiliary inputs, and outputs of - * previous gates, - * - selecting random linear combinations for left and right wires, consisting of 1, 2, 3 or 4 terms - * each, with random coefficients, - * - if the gate is an output gate, then adding a random non-output wire to either left or right linear - * combination, with appropriate coefficient, so that the linear combination evaluates to 0. - */ - template - bacs_example generate_bacs_example(std::size_t primary_input_size, - std::size_t auxiliary_input_size, - std::size_t num_gates, - std::size_t num_outputs); - - template - linear_combination random_linear_combination(const std::size_t num_variables) { - - using policy_type = FieldType; - using field_value_type = policy_type::value_type; - - const std::size_t terms = 1 + (std::rand() % 3); - linear_combination result; - - for (std::size_t i = 0; i < terms; ++i) { - const field_value_type coeff = algebra::random_element(); - result = result + coeff * variable(std::rand() % (num_variables + 1)); - } - - return result; - } - - template - bacs_example generate_bacs_example(std::size_t primary_input_size, - std::size_t auxiliary_input_size, - std::size_t num_gates, - std::size_t num_outputs) { - - using policy_type = FieldType; - using field_value_type = policy_type::value_type; - - bacs_example example; - for (std::size_t i = 0; i < primary_input_size; ++i) { - example.primary_input.emplace_back(algebra::random_element()); - } - - for (std::size_t i = 0; i < auxiliary_input_size; ++i) { - example.auxiliary_input.emplace_back(algebra::random_element()); - } - - example.circuit.primary_input_size = primary_input_size; - example.circuit.auxiliary_input_size = auxiliary_input_size; - - bacs_variable_assignment all_vals; - all_vals.insert(all_vals.end(), example.primary_input.begin(), example.primary_input.end()); - all_vals.insert(all_vals.end(), example.auxiliary_input.begin(), example.auxiliary_input.end()); - - for (std::size_t i = 0; i < num_gates; ++i) { - const std::size_t num_variables = primary_input_size + auxiliary_input_size + i; - bacs_gate gate; - gate.lhs = random_linear_combination(num_variables); - gate.rhs = random_linear_combination(num_variables); - gate.output = variable(num_variables + 1); - - if (i >= num_gates - num_outputs) { - /* make gate a circuit output and fix */ - gate.is_circuit_output = true; - const typename variable::index_type var_idx = - std::rand() % (1 + primary_input_size + std::min(num_gates - num_outputs, i)); - const field_value_type var_val = - (var_idx == 0 ? field_value_type::one() : all_vals[var_idx - 1]); - - if (std::rand() % 2 == 0) { - const field_value_type lhs_val = gate.lhs.evaluate(all_vals); - const field_value_type coeff = -(lhs_val * var_val.inversed()); - gate.lhs = gate.lhs + coeff * variable(var_idx); - } else { - const field_value_type rhs_val = gate.rhs.evaluate(all_vals); - const field_value_type coeff = -(rhs_val * var_val.inversed()); - gate.rhs = gate.rhs + coeff * variable(var_idx); - } - - assert(gate.evaluate(all_vals).is_zero()); - } else { - gate.is_circuit_output = false; - } - - example.circuit.add_gate(gate); - all_vals.emplace_back(gate.evaluate(all_vals)); - } - - assert(example.circuit.is_satisfied(example.primary_input, example.auxiliary_input)); - - return example; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BACS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/examples/relations/circuit_satisfaction_problems/tbcs/tbcs_examples.hpp b/parallel-crypto3/libs/parallel-zk/examples/relations/circuit_satisfaction_problems/tbcs/tbcs_examples.hpp deleted file mode 100644 index 5a075d4774..0000000000 --- a/parallel-crypto3/libs/parallel-zk/examples/relations/circuit_satisfaction_problems/tbcs/tbcs_examples.hpp +++ /dev/null @@ -1,133 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_EXAMPLES_HPP -#define CRYPTO3_ZK_ED25519SIG_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A TBCS example comprises a TBCS circuit, TBCS primary input, and TBCS auxiliary input. - */ - struct tbcs_example { - - tbcs_circuit circuit; - tbcs_primary_input primary_input; - tbcs_auxiliary_input auxiliary_input; - - tbcs_example() = default; - tbcs_example(const tbcs_example &other) = default; - tbcs_example(const tbcs_circuit &circuit, - const tbcs_primary_input &primary_input, - const tbcs_auxiliary_input &auxiliary_input) : - circuit(circuit), - primary_input(primary_input), auxiliary_input(auxiliary_input) { - } - - tbcs_example(tbcs_circuit &&circuit, - tbcs_primary_input &&primary_input, - tbcs_auxiliary_input &&auxiliary_input) : - circuit(std::move(circuit)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) { - } - }; - - /** - * Generate a TBCS example such that: - * - the primary input has size primary_input_size; - * - the auxiliary input has size auxiliary_input_size; - * - the circuit has num_gates gates; - * - the circuit has num_outputs (<= num_gates) output gates. - * - * This is done by first selecting primary and auxiliary inputs uniformly at random, and then for each - * gate: - * - selecting random left and right wires from primary inputs, auxiliary inputs, and outputs of - * previous gates, - * - selecting a gate type at random (subject to the constraint "output = 0" if this is an output gate). - */ - tbcs_example generate_tbcs_example(const std::size_t primary_input_size, - const std::size_t auxiliary_input_size, - const std::size_t num_gates, - const std::size_t num_outputs); - - tbcs_example generate_tbcs_example(const std::size_t primary_input_size, - const std::size_t auxiliary_input_size, - const std::size_t num_gates, - const std::size_t num_outputs) { - tbcs_example example; - for (std::size_t i = 0; i < primary_input_size; ++i) { - example.primary_input.push_back(std::rand() % 2 == 0 ? false : true); - } - - for (std::size_t i = 0; i < auxiliary_input_size; ++i) { - example.auxiliary_input.push_back(std::rand() % 2 == 0 ? false : true); - } - - example.circuit.primary_input_size = primary_input_size; - example.circuit.auxiliary_input_size = auxiliary_input_size; - - tbcs_variable_assignment all_vals; - all_vals.insert(all_vals.end(), example.primary_input.begin(), example.primary_input.end()); - all_vals.insert(all_vals.end(), example.auxiliary_input.begin(), example.auxiliary_input.end()); - - for (std::size_t i = 0; i < num_gates; ++i) { - const std::size_t num_variables = primary_input_size + auxiliary_input_size + i; - tbcs_gate gate; - gate.left_wire = std::rand() % (num_variables + 1); - gate.right_wire = std::rand() % (num_variables + 1); - gate.output = num_variables + 1; - - if (i >= num_gates - num_outputs) { - /* make gate a circuit output and fix */ - do { - gate.type = (tbcs_gate_type)(std::rand() % num_tbcs_gate_types); - } while (gate.evaluate(all_vals)); - - gate.is_circuit_output = true; - } else { - gate.type = (tbcs_gate_type)(std::rand() % num_tbcs_gate_types); - gate.is_circuit_output = false; - } - - example.circuit.add_gate(gate); - all_vals.push_back(gate.evaluate(all_vals)); - } - - assert(example.circuit.is_satisfied(example.primary_input, example.auxiliary_input)); - - return example; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_ED25519SIG_HPP diff --git a/parallel-crypto3/libs/parallel-zk/examples/relations/constraint_satisfaction_problems/r1cs/r1cs_examples.hpp b/parallel-crypto3/libs/parallel-zk/examples/relations/constraint_satisfaction_problems/r1cs/r1cs_examples.hpp deleted file mode 100644 index 121683d74e..0000000000 --- a/parallel-crypto3/libs/parallel-zk/examples/relations/constraint_satisfaction_problems/r1cs/r1cs_examples.hpp +++ /dev/null @@ -1,225 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_EXAMPLES_HPP -#define CRYPTO3_R1CS_EXAMPLES_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using nil::crypto3::algebra; - using nil::crypto3::algebra::fields; - - /** - * A R1CS example comprises a R1CS constraint system, R1CS input, and R1CS witness. - */ - template - struct r1cs_example { - r1cs_constraint_system constraint_system; - r1cs_primary_input primary_input; - r1cs_auxiliary_input auxiliary_input; - - r1cs_example() = default; - r1cs_example(const r1cs_example &other) = default; - r1cs_example(const r1cs_constraint_system &constraint_system, - const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - r1cs_example(r1cs_constraint_system &&constraint_system, - r1cs_primary_input &&primary_input, - r1cs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - r1cs_example generate_r1cs_example_with_field_input(const std::size_t num_constraints, - const std::size_t num_inputs); - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of binary values (as opposed to ``full'' field elements). - */ - template - r1cs_example generate_r1cs_example_with_binary_input(const std::size_t num_constraints, - const std::size_t num_inputs); - - template - r1cs_example generate_r1cs_example_with_field_input(const std::size_t num_constraints, - const std::size_t num_inputs) { - - assert(num_inputs <= num_constraints + 2); - - r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = 2 + num_constraints - num_inputs; // TODO: explain this - - r1cs_variable_assignment full_variable_assignment; - field_value_type a = algebra::random_element(); - field_value_type b = algebra::random_element(); - full_variable_assignment.push_back(a); - full_variable_assignment.push_back(b); - - for (std::size_t i = 0; i < num_constraints - 1; ++i) { - linear_combination A, B, C; - - if (i % 2) { - // a * b = c - A.add_term(i + 1, 1); - B.add_term(i + 2, 1); - C.add_term(i + 3, 1); - field_value_type tmp = a * b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } else { - // a + b = c - B.add_term(0, 1); - A.add_term(i + 1, 1); - A.add_term(i + 2, 1); - C.add_term(i + 3, 1); - field_value_type tmp = a + b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } - - cs.add_constraint(r1cs_constraint(A, B, C)); - } - - linear_combination A, B, C; - field_value_type fin = field_value_type::zero(); - for (std::size_t i = 1; i < cs.num_variables(); ++i) { - A.add_term(i, 1); - B.add_term(i, 1); - fin = fin + full_variable_assignment[i - 1]; - } - C.add_term(cs.num_variables(), 1); - cs.add_constraint(r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(fin.squared()); - - /* split variable assignment */ - r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - assert(cs.num_variables() == full_variable_assignment.size()); - assert(cs.num_variables() >= num_inputs); - assert(cs.num_inputs() == num_inputs); - assert(cs.num_constraints() == num_constraints); - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - return r1cs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - template - r1cs_example generate_r1cs_example_with_binary_input(const std::size_t num_constraints, - const std::size_t num_inputs) { - - using policy_type = FieldType; - using field_value_type = policy_type::value_type; - - algebra: - - assert(num_inputs >= 1); - - r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; /* we will add one auxiliary variable per constraint */ - - r1cs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(field_value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - /* chose two random bits and XOR them together: - res = u + v - 2 * u * v - 2 * u * v = u + v - res - */ - linear_combination A, B, C; - A.add_term(u + 1, 2); - B.add_term(v + 1, 1); - if (u == v) { - C.add_term(u + 1, 2); - } else { - C.add_term(u + 1, 1); - C.add_term(v + 1, 1); - } - C.add_term(lastvar + 1, -field_value_type::one()); - - cs.add_constraint(r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - assert(cs.num_variables() == full_variable_assignment.size()); - assert(cs.num_variables() >= num_inputs); - assert(cs.num_inputs() == num_inputs); - assert(cs.num_constraints() == num_constraints); - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - return r1cs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/examples/relations/constraint_satisfaction_problems/uscs/uscs_examples.hpp b/parallel-crypto3/libs/parallel-zk/examples/relations/constraint_satisfaction_problems/uscs/uscs_examples.hpp deleted file mode 100644 index 111f59446f..0000000000 --- a/parallel-crypto3/libs/parallel-zk/examples/relations/constraint_satisfaction_problems/uscs/uscs_examples.hpp +++ /dev/null @@ -1,203 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_EXAMPLES_HPP -#define CRYPTO3_USCS_EXAMPLES_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A USCS example comprises a USCS constraint system, USCS input, and USCS witness. - */ - template - struct uscs_example { - uscs_constraint_system constraint_system; - uscs_primary_input primary_input; - uscs_auxiliary_input auxiliary_input; - - uscs_example() = default; - uscs_example(const uscs_example &other) = default; - uscs_example(const uscs_constraint_system &constraint_system, - const uscs_primary_input &primary_input, - const uscs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - uscs_example(uscs_constraint_system &&constraint_system, - uscs_primary_input &&primary_input, - uscs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - uscs_example generate_uscs_example_with_field_input(const std::size_t num_constraints, - const std::size_t num_inputs); - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of binary values (as opposed to ``full'' field elements). - */ - template - uscs_example generate_uscs_example_with_binary_input(const std::size_t num_constraints, - const std::size_t num_inputs); - - template - uscs_example generate_uscs_example_with_field_input(const std::size_t num_constraints, - const std::size_t num_inputs) { - - using policy_type = FieldType; - using field_value_type = policy_type::value_type; - - std::cout << "Call to generate_uscs_example_with_field_input" << std::endl; - - assert(num_inputs >= 1); - assert(num_constraints >= num_inputs); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints - num_inputs; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_constraints; ++i) { - full_variable_assignment.emplace_back(FieldType(std::rand())); - } - - for (std::size_t i = 0; i < num_constraints; ++i) { - std::size_t x, y, z; - - do { - x = std::rand() % num_constraints; - y = std::rand() % num_constraints; - z = std::rand() % num_constraints; - } while (x == z || y == z); - - const field_value_type x_coeff = algebra::random_element(); - const field_value_type y_coeff = algebra::random_element(); - const field_value_type val = - (std::rand() % 2 == 0 ? field_value_type::one() : -field_value_type::one()); - const field_value_type z_coeff = - (val - x_coeff * full_variable_assignment[x] - y_coeff * full_variable_assignment[y]) * - full_variable_assignment[z].inversed(); - - uscs_constraint constr; - constr.add_term(x + 1, x_coeff); - constr.add_term(y + 1, y_coeff); - constr.add_term(z + 1, z_coeff); - - cs.add_constraint(constr); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - assert(cs.num_variables() == full_variable_assignment.size()); - assert(cs.num_variables() >= num_inputs); - assert(cs.num_inputs() == num_inputs); - assert(cs.num_constraints() == num_constraints); - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - template - uscs_example generate_uscs_example_with_binary_input(const std::size_t num_constraints, - const std::size_t num_inputs) { - std::cout << "Call to generate_uscs_example_with_binary_input" << std::endl; - - assert(num_inputs >= 1); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(FieldType(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - - /* chose two random bits and XOR them together */ - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - uscs_constraint constr; - constr.add_term(u + 1, 1); - constr.add_term(v + 1, 1); - constr.add_term(lastvar + 1, 1); - constr.add_term(0, -FieldType::value_type::one()); // shift constant term (which is 0) by 1 - - cs.add_constraint(constr); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - assert(cs.num_variables() == full_variable_assignment.size()); - assert(cs.num_variables() >= num_inputs); - assert(cs.num_inputs() == num_inputs); - assert(cs.num_constraints() == num_constraints); - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_USCS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/examples/simple_example.hpp b/parallel-crypto3/libs/parallel-zk/examples/simple_example.hpp deleted file mode 100644 index 9450da21bd..0000000000 --- a/parallel-crypto3/libs/parallel-zk/examples/simple_example.hpp +++ /dev/null @@ -1,78 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_SIMPLE_EXAMPLE_HPP -#define CRYPTO3_SIMPLE_EXAMPLE_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - r1cs_example gen_r1cs_example_from_blueprint(const std::size_t num_constraints, - const std::size_t num_inputs); - - /* NOTE: all examples here actually generate one constraint less to account for soundness constraint in - * QAP */ - - template - r1cs_example gen_r1cs_example_from_blueprint(const std::size_t num_constraints) { - const std::size_t new_num_constraints = num_constraints - 1; - - /* construct dummy example: inner products of two vectors */ - blueprint bp; - blueprint_variable_vector A; - blueprint_variable_vector B; - variable res; - - // the variables on the blueprint are (ONE (constant 1 term), res, A[0], ..., A[num_constraints-1], - // B[0], ..., B[num_constraints-1]) - res.allocate(bp); - A.allocate(bp, new_num_constraints); - B.allocate(bp, new_num_constraints); - - inner_product_component compute_inner_product(bp, A, B, res, "compute_inner_product"); - compute_inner_product.generate_r1cs_constraints(); - - /* fill in random example */ - for (std::size_t i = 0; i < new_num_constraints; ++i) { - bp.val(A[i]) = algebra::random_element(); - bp.val(B[i]) = algebra::random_element(); - } - - compute_inner_product.generate_r1cs_witness(); - return r1cs_example( - bp.get_constraint_system(), bp.primary_input(), bp.auxiliary_input()); - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_SIMPLE_EXAMPLE_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/crs_operations.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/crs_operations.hpp deleted file mode 100644 index 49b314b99e..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/crs_operations.hpp +++ /dev/null @@ -1,135 +0,0 @@ -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_CRS_OPERATIONS_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_CRS_OPERATIONS_HPP - -#include - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - namespace detail { - template - typename snark::r1cs_gg_ppzksnark::keypair_type - make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau( - const typename snark::r1cs_gg_ppzksnark::constraint_system_type - &constraint_system, - const powers_of_tau_result &powers_of_tau_result) { - using curve_type = CurveType; - using scalar_field_type = typename curve_type::scalar_field_type; - using g1_type = typename curve_type::template g1_type<>; - using g2_type = typename curve_type::template g2_type<>; - using kc_type = commitments::knowledge_commitment; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using kc_value_type = typename kc_type::value_type; - - using namespace nil::crypto3::zk::snark; - - using proving_scheme_type = r1cs_gg_ppzksnark; - - typename proving_scheme_type::constraint_system_type r1cs_copy(constraint_system); - r1cs_copy.swap_AB_if_beneficial(); - - qap_instance qap = - reductions::r1cs_to_qap::instance_map(r1cs_copy); - - BOOST_ASSERT_MSG(powers_of_tau_result.coeffs_g1.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.coeffs_g2.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.alpha_coeffs_g1.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.beta_coeffs_g1.size() == qap.domain->m, - "powers_of_tau_result size does not match the constraint system"); - BOOST_ASSERT_MSG(powers_of_tau_result.h.size() == qap.domain->m - 1, - "powers_of_tau_result size does not match the constraint system"); - - std::vector beta_a_alpha_b_c(qap.num_variables + 1, g1_value_type::zero()); - std::vector a_g1(qap.num_variables + 1, g1_value_type::zero()); - std::vector b_kc(qap.num_variables + 1, kc_value_type::zero()); - - for (std::size_t i = 0; i < qap.num_variables + 1; ++i) { - for (auto [lag, coeff]: qap.A_in_Lagrange_basis[i]) { - a_g1[i] = a_g1[i] + coeff * powers_of_tau_result.coeffs_g1[lag]; - beta_a_alpha_b_c[i] = - beta_a_alpha_b_c[i] + coeff * powers_of_tau_result.beta_coeffs_g1[lag]; - } - for (auto [lag, coeff]: qap.B_in_Lagrange_basis[i]) { - b_kc[i] = b_kc[i] + coeff * kc_value_type(powers_of_tau_result.coeffs_g2[lag], - powers_of_tau_result.coeffs_g1[lag]); - beta_a_alpha_b_c[i] = - beta_a_alpha_b_c[i] + coeff * powers_of_tau_result.alpha_coeffs_g1[lag]; - } - for (auto [lag, coeff]: qap.C_in_Lagrange_basis[i]) { - beta_a_alpha_b_c[i] = beta_a_alpha_b_c[i] + coeff * powers_of_tau_result.coeffs_g1[lag]; - } - } - - auto alpha_g1 = powers_of_tau_result.alpha_g1; - auto beta_g1 = powers_of_tau_result.beta_g1; - auto beta_g2 = powers_of_tau_result.beta_g2; - - auto alpha_g1_beta_g2 = algebra::pair_reduced(alpha_g1, beta_g2); - auto gamma_g2 = g2_value_type::one(); - auto delta_g1 = g1_value_type::one(); - auto delta_g2 = g2_value_type::one(); - auto gamma_ABC_g1_0 = beta_a_alpha_b_c[0]; - std::vector gamma_ABC_g1_values(beta_a_alpha_b_c.begin() + 1, - beta_a_alpha_b_c.begin() + 1 + qap.num_inputs); - container::accumulation_vector gamma_ABC(std::move(gamma_ABC_g1_0), - std::move(gamma_ABC_g1_values)); - typename proving_scheme_type::verification_key_type vk( - alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_ABC); - - commitments::knowledge_commitment_vector B_query(std::move(b_kc)); - std::vector H_query(powers_of_tau_result.h.begin(), - powers_of_tau_result.h.begin() + qap.degree - 1); - std::size_t Lt_offset = qap.num_inputs + 1; - std::vector L_query(beta_a_alpha_b_c.begin() + Lt_offset, - beta_a_alpha_b_c.end()); - typename proving_scheme_type::proving_key_type pk(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(a_g1), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - typename proving_scheme_type::keypair_type keypair{std::move(pk), std::move(vk)}; - - return keypair; - } - - template - void transform_keypair(typename snark::r1cs_gg_ppzksnark::keypair_type &keypair, - const r1cs_gg_ppzksnark_mpc_private_key &private_key) { - auto delta_inv = private_key.delta.inversed(); - for (auto &g: keypair.first.H_query) { - g = g * delta_inv; - } - - for (auto &g: keypair.first.L_query) { - g = g * delta_inv; - } - - keypair.first.delta_g1 = private_key.delta * keypair.first.delta_g1; - keypair.first.delta_g2 = private_key.delta * keypair.first.delta_g2; - keypair.second.delta_g2 = private_key.delta * keypair.second.delta_g2; - } - } // namespace detail - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_CRS_OPERATIONS_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/private_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/private_key.hpp deleted file mode 100644 index 2c6ba7bac6..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/private_key.hpp +++ /dev/null @@ -1,47 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2022 Noam Y <@NoamDev> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PRIVATE_KEY_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PRIVATE_KEY_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - namespace detail { - template - // Contains the secret 𝛿 that the participant of the ceremony must destroy. - struct r1cs_gg_ppzksnark_mpc_private_key { - typedef CurveType curve_type; - using field_value_type = typename CurveType::scalar_field_type::value_type; - - field_value_type delta; - }; - } // namespace detail - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PRIVATE_KEY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/public_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/public_key.hpp deleted file mode 100644 index 92b8aa4359..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/detail/polynomial/r1cs_gg_ppzksnark_mpc/public_key.hpp +++ /dev/null @@ -1,54 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2022 Noam Y <@NoamDev> -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - namespace detail { - template - struct r1cs_gg_ppzksnark_mpc_public_key { - typedef CurveType curve_type; - typedef commitments::detail::element_pok pok_type; - typedef typename curve_type::template g1_type<>::value_type g1_value_type; - - g1_value_type delta_after; - pok_type delta_pok; - - r1cs_gg_ppzksnark_mpc_public_key(g1_value_type delta_after, pok_type delta_pok) : - delta_after(delta_after), delta_pok(delta_pok) { - } - }; - } // namespace detail - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_PUBLIC_KEY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp index eaa24611a1..db8a66b6dc 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp @@ -44,8 +44,6 @@ #include #include #include -#include -#include #include #include @@ -212,13 +210,16 @@ namespace nil { auto B_2 = algebra::precompute_g2( CommitmentSchemeType::curve_type::template g2_type<>::value_type::one()); - typename CommitmentSchemeType::gt_value_type gt3 = algebra::double_miller_loop( - A_1, A_2, - B_1, B_2); - typename CommitmentSchemeType::gt_value_type gt_4 = algebra::final_exponentiation( - gt3); + typename CommitmentSchemeType::gt_value_type gt3 = + algebra::double_miller_loop( A_1, A_2, B_1, B_2); + std::optional gt_4 = + algebra::final_exponentiation(gt3); - return gt_4 == CommitmentSchemeType::gt_value_type::one(); + if (!gt_4) { + return false; + } + + return *gt_4 == CommitmentSchemeType::gt_value_type::one(); } } // namespace algorithms @@ -251,7 +252,6 @@ namespace nil { using batch_of_polynomials_type = std::vector; using evals_type = std::vector>; using transcript_type = transcript::fiat_shamir_heuristic_sequential; - using serializer = typename nil::marshalling::curve_element_serializer; using multi_commitment_type = std::vector; using commitment_type = std::vector; // Used in placeholder because it's easy to push it into transcript @@ -618,18 +618,23 @@ namespace nil { if (public_key.commits.size() == 1) { assert(right == CommitmentSchemeType::verification_key_type::one()); } - left_side_pairing = - left_side_pairing * - algebra::pair_reduced(left, right); + + auto left_right = algebra::pair_reduced(left, right); + if (!left_right) { + return false; + } + left_side_pairing = left_side_pairing * (*left_right); factor = factor * gamma; } - auto right = commit_g2(params, create_polynom_by_zeros( - public_key.T)); - auto right_side_pairing = algebra::pair_reduced(proof, - right); + auto right = commit_g2(params, create_polynom_by_zeros( public_key.T)); + auto right_side_pairing = algebra::pair_reduced(proof, right); - return left_side_pairing == right_side_pairing; + if (!right_side_pairing) { + return false; + } + + return left_side_pairing == *right_side_pairing; } } // namespace algorithms @@ -838,18 +843,19 @@ namespace nil { typename curve_type::template g1_type<>::value_type i_th_commitment = nil::marshalling::pack(byteblob, status); THROW_IF_ERROR_STATUS(status, "kzg::verify_eval"); - auto U_commit = nil::crypto3::zk::algorithms::commit_one(_params, - this->get_U( - k, - i)); + auto U_commit = nil::crypto3::zk::algorithms::commit_one + (_params, this->get_U(k, i)); auto diffpoly = set_difference_polynom(_merged_points, this->_points.at(k)[i]); auto diffpoly_commitment = commit_g2(diffpoly); - auto left_side_pairing = nil::crypto3::algebra::pair_reduced( - factor * (i_th_commitment - U_commit), diffpoly_commitment); + auto left_side_pairing = nil::crypto3::algebra::pair_reduced + (factor * (i_th_commitment - U_commit), diffpoly_commitment); + if (!left_side_pairing) { + return false; + } - left_side_accum = left_side_accum * left_side_pairing; + left_side_accum = left_side_accum * (*left_side_pairing); factor *= gamma; } } @@ -859,7 +865,11 @@ namespace nil { commit_g2(this->get_V(this->_merged_points)) ); - return left_side_accum == right_side_pairing; + if (!right_side_pairing) { + return false; + } + + return left_side_accum == *right_side_pairing; } const params_type &get_commitment_params() const { diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp index ded93c1d1f..cfedee65ae 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp @@ -44,8 +44,6 @@ #include #include #include -#include -#include #include #include diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/r1cs_gg_ppzksnark_mpc.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/r1cs_gg_ppzksnark_mpc.hpp deleted file mode 100644 index ae704b2458..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/r1cs_gg_ppzksnark_mpc.hpp +++ /dev/null @@ -1,244 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2022 Mikhail Komarov -// Copyright (c) 2022 Noam Yemini -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_HPP - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace commitments { - template - class r1cs_gg_ppzksnark_mpc { - public: - typedef CurveType curve_type; - typedef snark::r1cs_gg_ppzksnark proving_scheme_type; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using kc_type = knowledge_commitment; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using kc_value_type = typename kc_type::value_type; - using scalar_field_type = typename curve_type::scalar_field_type; - using field_value_type = typename scalar_field_type::value_type; - - typedef detail::r1cs_gg_ppzksnark_mpc_private_key private_key_type; - typedef detail::r1cs_gg_ppzksnark_mpc_public_key public_key_type; - typedef typename proving_scheme_type::keypair_type proving_scheme_keypair_type; - typedef typename proving_scheme_type::constraint_system_type constraint_system_type; - typedef proof_of_knowledge proof_of_knowledge_scheme_type; - - // The result of this function is considered toxic wast - // and should thus be destroyed - static private_key_type generate_private_key() { - typename scalar_field_type::value_type delta = algebra::random_element(); - return private_key_type{std::move(delta)}; - } - - static public_key_type proof_eval(const private_key_type &private_key, - const boost::optional &previous_public_key, - const proving_scheme_keypair_type &mpc_keypair) { - std::vector transcript = - compute_transcript(mpc_keypair.first.constraint_system, previous_public_key); - auto delta_pok = proof_of_knowledge_scheme_type::proof_eval(private_key.delta, transcript, 0); - g1_value_type delta_after = - private_key.delta * - (previous_public_key ? previous_public_key->delta_after : g1_value_type::one()); - return public_key_type{std::move(delta_after), std::move(delta_pok)}; - } - - static bool verify_eval(const proving_scheme_keypair_type &mpc_keypair, - const std::vector &pubkeys, - const constraint_system_type &constraint_system, - const detail::powers_of_tau_result &powers_of_tau_result) { - auto initial_keypair = detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau( - constraint_system, powers_of_tau_result); - - // H/L will change, but should have same length - if (initial_keypair.first.H_query.size() != mpc_keypair.first.H_query.size()) { - return false; - } - if (initial_keypair.first.L_query.size() != mpc_keypair.first.L_query.size()) { - return false; - } - - // alpha/beta do not change - if (initial_keypair.first.alpha_g1 != mpc_keypair.first.alpha_g1) { - return false; - } - if (initial_keypair.first.beta_g1 != mpc_keypair.first.beta_g1) { - return false; - } - if (initial_keypair.first.beta_g2 != mpc_keypair.first.beta_g2) { - return false; - } - - // A/B do not change - if (initial_keypair.first.A_query != mpc_keypair.first.A_query) { - return false; - } - if (!(initial_keypair.first.B_query == mpc_keypair.first.B_query)) { - return false; - } - - // the constraint system doesn't change - if (!(initial_keypair.first.constraint_system == mpc_keypair.first.constraint_system)) { - return false; - } - - // alpha_beta/gamma do not change - if (initial_keypair.second.alpha_g1_beta_g2 != mpc_keypair.second.alpha_g1_beta_g2) { - return false; - } - if (initial_keypair.second.gamma_g2 != mpc_keypair.second.gamma_g2) { - return false; - } - - // gamma_ABC_g1 doesn't change - if (!(initial_keypair.second.gamma_ABC_g1 == mpc_keypair.second.gamma_ABC_g1)) { - return false; - } - - auto transcript = compute_transcript(mpc_keypair.first.constraint_system, boost::none); - auto current_delta = g1_value_type::one(); - for (auto pk: pubkeys) { - auto g2_s = proof_of_knowledge_scheme_type::compute_g2_s( - pk.delta_pok.g1_s, pk.delta_pok.g1_s_x, transcript, 0); - - if (!proof_of_knowledge_scheme_type::verify_eval(pk.delta_pok, g2_s)) { - return false; - } - - if (!is_same_ratio(std::make_pair(current_delta, pk.delta_after), - std::make_pair(g2_s, pk.delta_pok.g2_s_x))) { - return false; - } - - current_delta = pk.delta_after; - transcript = compute_transcript(mpc_keypair.first.constraint_system, pk); - } - - if (current_delta != mpc_keypair.first.delta_g1) { - return false; - } - - if (!is_same_ratio(std::make_pair(g1_value_type::one(), current_delta), - std::make_pair(g2_value_type::one(), mpc_keypair.first.delta_g2))) { - return false; - } - - if (mpc_keypair.first.delta_g2 != mpc_keypair.second.delta_g2) { - return false; - } - - if (!is_same_ratio( - detail::merge_pairs(initial_keypair.first.H_query.cbegin(), - initial_keypair.first.H_query.cend(), - mpc_keypair.first.H_query.cbegin(), - mpc_keypair.first.H_query.cend()), - std::make_pair(mpc_keypair.first.delta_g2, g2_value_type::one()))) { - return false; - } - - if (!is_same_ratio( - detail::merge_pairs(initial_keypair.first.L_query.cbegin(), - initial_keypair.first.L_query.cend(), - mpc_keypair.first.L_query.cbegin(), - mpc_keypair.first.L_query.cend()), - std::make_pair(mpc_keypair.first.delta_g2, g2_value_type::one()))) { - return false; - } - - return true; - } - - static bool is_same_ratio(const std::pair &g1_pair, - const std::pair &g2_pair) { - - return algebra::pair_reduced(g1_pair.first, g2_pair.second) == - algebra::pair_reduced(g1_pair.second, g2_pair.first); - } - - static std::vector - compute_transcript(const constraint_system_type &constraint_system, - const boost::optional &pubkey) { - std::vector cs_blob = serialize_constraint_system(constraint_system); - std::vector cs_pk_blob; - std::copy(std::cbegin(cs_blob), std::cend(cs_blob), std::back_inserter(cs_pk_blob)); - if (pubkey) { - std::vector pk_blob = serialize_public_key(*pubkey); - std::copy(std::cbegin(pk_blob), std::cend(pk_blob), std::back_inserter(cs_pk_blob)); - } - return nil::crypto3::hash>(cs_pk_blob); - } - - static std::vector serialize_public_key(const public_key_type &pubkey) { - using endianness = nil::marshalling::option::little_endian; - auto filled_val = - nil::crypto3::marshalling::types::fill_r1cs_gg_ppzksnark_mpc_public_key(pubkey); - std::vector blob(filled_val.length()); - auto it = std::begin(blob); - nil::marshalling::status_type status = filled_val.write(it, blob.size()); - THROW_IF_ERROR_STATUS(status, "r1cs_gg_ppzksnark_mpc::serialize_public_key"); - return blob; - } - - static std::vector - serialize_constraint_system(const constraint_system_type &constraint_system) { - using endianness = nil::marshalling::option::little_endian; - auto filled_val = - nil::crypto3::marshalling::types::fill_r1cs_constraint_system( - constraint_system); - std::vector blob(filled_val.length()); - auto it = std::begin(blob); - nil::marshalling::status_type status = filled_val.write(it, blob.size()); - THROW_IF_ERROR_STATUS(status, "r1cs_gg_ppzksnark_mpc::serialize_constraint_system"); - return blob; - } - }; - } // namespace commitments - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_MPC_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/arithmetization/constraint_satisfaction_problems/r1cs.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/arithmetization/constraint_satisfaction_problems/r1cs.hpp deleted file mode 100644 index 464d213f92..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/arithmetization/constraint_satisfaction_problems/r1cs.hpp +++ /dev/null @@ -1,232 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for: -// -// - a R1CS constraint, -// - a R1CS variable assignment, and -// - a R1CS constraint system. -// -// Above, R1CS stands for "Rank-1 Constraint System". -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_CONSTRAINT_SYSTEM_HPP -#define CRYPTO3_ZK_R1CS_CONSTRAINT_SYSTEM_HPP - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /************************* R1CS constraint ***********************************/ - - /** - * A R1CS constraint is a formal expression of the form - * - * < A , X > * < B , X > = < C , X > , - * - * where X = (x_0,x_1,...,x_m) is a vector of formal variables and A,B,C each - * consist of 1+m elements in . - * - * A R1CS constraint is used to construct a R1CS constraint system (see below). - */ - template> - struct r1cs_constraint { - typedef FieldType field_type; - - math::linear_combination a, b, c; - - r1cs_constraint() = default; - - r1cs_constraint(const math::linear_combination &a, - const math::linear_combination &b, - const math::linear_combination &c) : - a(a), - b(b), c(c) { - } - - r1cs_constraint(const std::initializer_list> &A, - const std::initializer_list> &B, - const std::initializer_list> &C) { - for (auto lc_A : A) { - a.terms.insert(a.terms.end(), lc_A.terms.begin(), lc_A.terms.end()); - } - for (auto lc_B : B) { - b.terms.insert(b.terms.end(), lc_B.terms.begin(), lc_B.terms.end()); - } - for (auto lc_C : C) { - c.terms.insert(c.terms.end(), lc_C.terms.begin(), lc_C.terms.end()); - } - } - - bool operator==(const r1cs_constraint &other) const { - return (this->a == other.a && this->b == other.b && this->c == other.c); - } - }; - - /************************* R1CS variable assignment **************************/ - - /** - * A R1CS variable assignment is a vector of elements that represents - * a candidate solution to a R1CS constraint system (see below). - */ - - /* TODO: specify that it does *NOT* include the constant 1 */ - template - using r1cs_primary_input = std::vector; - - template - using r1cs_auxiliary_input = std::vector; - - template - using r1cs_variable_assignment = std::vector; - - /************************* R1CS constraint system ****************************/ - - /** - * A system of R1CS constraints looks like - * - * { < A_k , X > * < B_k , X > = < C_k , X > }_{k=1}^{n} . - * - * In other words, the system is satisfied if and only if there exist a - * USCS variable assignment for which each R1CS constraint is satisfied. - * - * NOTE: - * The 0-th variable (i.e., "x_{0}") always represents the constant 1. - * Thus, the 0-th variable is not included in num_variables. - */ - template - struct r1cs_constraint_system { - typedef FieldType field_type; - - std::size_t primary_input_size; - std::size_t auxiliary_input_size; - - std::vector> constraints; - - r1cs_constraint_system() : primary_input_size(0), auxiliary_input_size(0) { - } - - std::size_t num_inputs() const { - return primary_input_size; - } - - std::size_t num_variables() const { - return primary_input_size + auxiliary_input_size; - } - - std::size_t num_constraints() const { - return constraints.size(); - } - - bool is_valid() const { - if (this->num_inputs() > this->num_variables()) - return false; - - for (std::size_t c = 0; c < constraints.size(); ++c) { - if (!(constraints[c].a.is_valid(this->num_variables()) && - constraints[c].b.is_valid(this->num_variables()) && - constraints[c].c.is_valid(this->num_variables()))) { - return false; - } - } - - return true; - } - - bool is_satisfied(const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input) const { - assert(primary_input.size() == num_inputs()); - assert(primary_input.size() + auxiliary_input.size() == num_variables()); - - r1cs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert( - full_variable_assignment.end(), auxiliary_input.begin(), auxiliary_input.end()); - - for (std::size_t c = 0; c < constraints.size(); ++c) { - const typename FieldType::value_type ares = - constraints[c].a.evaluate(full_variable_assignment); - const typename FieldType::value_type bres = - constraints[c].b.evaluate(full_variable_assignment); - const typename FieldType::value_type cres = - constraints[c].c.evaluate(full_variable_assignment); - - if (ares * bres != cres) { - return false; - } - } - - return true; - } - - void add_constraint(const r1cs_constraint &c) { - constraints.emplace_back(c); - } - - void swap_AB_if_beneficial() { - std::vector touched_by_A(this->num_variables() + 1, false), - touched_by_B(this->num_variables() + 1, false); - - for (std::size_t i = 0; i < this->constraints.size(); ++i) { - for (std::size_t j = 0; j < this->constraints[i].a.terms.size(); ++j) { - touched_by_A[this->constraints[i].a.terms[j].index] = true; - } - - for (std::size_t j = 0; j < this->constraints[i].b.terms.size(); ++j) { - touched_by_B[this->constraints[i].b.terms[j].index] = true; - } - } - - std::size_t non_zero_A_count = 0, non_zero_B_count = 0; - for (std::size_t i = 0; i < this->num_variables() + 1; ++i) { - non_zero_A_count += touched_by_A[i] ? 1 : 0; - non_zero_B_count += touched_by_B[i] ? 1 : 0; - } - - if (non_zero_B_count > non_zero_A_count) { - for (std::size_t i = 0; i < this->constraints.size(); ++i) { - std::swap(this->constraints[i].a, this->constraints[i].b); - } - } - } - - bool operator==(const r1cs_constraint_system &other) const { - return (this->constraints == other.constraints && - this->primary_input_size == other.primary_input_size && - this->auxiliary_input_size == other.auxiliary_input_size); - } - }; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_CONSTRAINT_SYSTEM_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/bacs_to_r1cs.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/bacs_to_r1cs.hpp deleted file mode 100644 index d8e995132f..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/bacs_to_r1cs.hpp +++ /dev/null @@ -1,91 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a BACS-to-R1CS reduction, that is, constructing -// a R1CS ("Rank-1 Constraint System") from a BACS ("Bilinear Arithmetic Circuit Satisfiability"). -// -// The reduction is straightforward: each bilinear gate gives rises to a -// corresponding R1CS constraint that enforces correct computation of the gate; -// also, each output gives rise to a corresponding R1CS constraint that enforces -// that the output is zero. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_TO_R1CS_BASIC_POLICY_HPP -#define CRYPTO3_ZK_BACS_TO_R1CS_BASIC_POLICY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - - template - struct bacs_to_r1cs { - typedef FieldType field_type; - - /** - * Instance map for the BACS-to-R1CS reduction. - */ - static r1cs_constraint_system instance_map(const bacs_circuit &circuit) { - assert(circuit.is_valid()); - r1cs_constraint_system result; - - result.primary_input_size = circuit.primary_input_size; - result.auxiliary_input_size = circuit.auxiliary_input_size + circuit.gates.size(); - - for (auto &g : circuit.gates) { - result.constraints.emplace_back(r1cs_constraint(g.lhs, g.rhs, g.output)); - } - - for (auto &g : circuit.gates) { - if (g.is_circuit_output) { - result.constraints.emplace_back(r1cs_constraint(1, g.output, 0)); - } - } - - return result; - } - - /** - * Witness map for the BACS-to-R1CS reduction. - */ - static r1cs_variable_assignment - witness_map(const bacs_circuit &circuit, - const bacs_primary_input &primary_input, - const bacs_auxiliary_input &auxiliary_input) { - const r1cs_variable_assignment result = - circuit.get_all_wires(primary_input, auxiliary_input); - return result; - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_TO_R1CS_BASIC_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_qap.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_qap.hpp deleted file mode 100644 index 1ac5dec1a4..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_qap.hpp +++ /dev/null @@ -1,333 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a R1CS-to-QAP reduction, that is, constructing -// a QAP ("Quadratic Arithmetic Program") from a R1CS ("Rank-1 Constraint System"). -// -// QAPs are defined in \[GGPR13], and constructed for R1CS also in \[GGPR13]. -// -// The implementation of the reduction follows, extends, and optimizes -// the efficient approach described in Appendix E of \[BCGTV13]. -// -// References: -// -// \[BCGTV13] -// "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge", -// Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, Madars Virza, -// CRYPTO 2013, -// -// -// \[GGPR13]: -// "Quadratic span programs and succinct NIZKs without PCPs", -// Rosario Gennaro, Craig Gentry, Bryan Parno, Mariana Raykova, -// EUROCRYPT 2013, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP -#define CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP - -#include -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - struct r1cs_to_qap { - typedef FieldType field_type; - - /** - * Instance map for the R1CS-to-QAP reduction. - * - * Namely, given a R1CS constraint system cs, construct a QAP instance for which: - * A := (A_0(z),A_1(z),...,A_m(z)) - * B := (B_0(z),B_1(z),...,B_m(z)) - * C := (C_0(z),C_1(z),...,C_m(z)) - * where - * m = number of variables of the QAP - * and - * each A_i,B_i,C_i is expressed in the Lagrange basis. - */ - static qap_instance instance_map(const r1cs_constraint_system &cs) { - - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints() + cs.num_inputs() + 1); - - std::vector> A_in_Lagrange_basis( - cs.num_variables() + 1); - std::vector> B_in_Lagrange_basis( - cs.num_variables() + 1); - std::vector> C_in_Lagrange_basis( - cs.num_variables() + 1); - - /** - * add and process the constraints - * input_i * 0 = 0 - * to ensure soundness of input consistency - */ - for (std::size_t i = 0; i <= cs.num_inputs(); ++i) { - A_in_Lagrange_basis[i][cs.num_constraints() + i] = FieldType::value_type::one(); - } - /* process all other constraints */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - A_in_Lagrange_basis[cs.constraints[i].a.terms[j].index][i] += - cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - B_in_Lagrange_basis[cs.constraints[i].b.terms[j].index][i] += - cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - C_in_Lagrange_basis[cs.constraints[i].c.terms[j].index][i] += - cs.constraints[i].c.terms[j].coeff; - } - } - - return qap_instance( - domain, cs.num_variables(), domain->m, cs.num_inputs(), std::move(A_in_Lagrange_basis), - std::move(B_in_Lagrange_basis), std::move(C_in_Lagrange_basis)); - } - - /** - * Instance map for the R1CS-to-QAP reduction followed by evaluation of the resulting QAP - * instance. - * - * Namely, given a R1CS constraint system cs and a field element t, construct - * a QAP instance (evaluated at t) for which: - * At := (A_0(t),A_1(t),...,A_m(t)) - * Bt := (B_0(t),B_1(t),...,B_m(t)) - * Ct := (C_0(t),C_1(t),...,C_m(t)) - * Ht := (1,t,t^2,...,t^n) - * Zt := Z(t) = "vanishing polynomial of a certain set S, evaluated at t" - * where - * m = number of variables of the QAP - * n = degree of the QAP - */ - static qap_instance_evaluation - instance_map_with_evaluation(const r1cs_constraint_system &cs, - const typename FieldType::value_type &t) { - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints() + cs.num_inputs() + 1); - - std::vector At, Bt, Ct, Ht; - - At.resize(cs.num_variables() + 1, FieldType::value_type::zero()); - Bt.resize(cs.num_variables() + 1, FieldType::value_type::zero()); - Ct.resize(cs.num_variables() + 1, FieldType::value_type::zero()); - Ht.reserve(domain->m + 1); - - const typename FieldType::value_type Zt = domain->compute_vanishing_polynomial(t); - - const std::vector u = - domain->evaluate_all_lagrange_polynomials(t); - /** - * add and process the constraints - * input_i * 0 = 0 - * to ensure soundness of input consistency - */ - for (std::size_t i = 0; i <= cs.num_inputs(); ++i) { - At[i] = u[cs.num_constraints() + i]; - } - /* process all other constraints */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - At[cs.constraints[i].a.terms[j].index] += u[i] * cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - Bt[cs.constraints[i].b.terms[j].index] += u[i] * cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - Ct[cs.constraints[i].c.terms[j].index] += u[i] * cs.constraints[i].c.terms[j].coeff; - } - } - - typename FieldType::value_type ti = FieldType::value_type::one(); - for (std::size_t i = 0; i < domain->m + 1; ++i) { - Ht.emplace_back(ti); - ti *= t; - } - - return qap_instance_evaluation(domain, cs.num_variables(), domain->m, - cs.num_inputs(), t, std::move(At), std::move(Bt), - std::move(Ct), std::move(Ht), Zt); - } - - /** - * Witness map for the R1CS-to-QAP reduction. - * - * The witness map takes zero knowledge into account when d1,d2,d3 are random. - * - * More precisely, compute the coefficients - * h_0,h_1,...,h_n - * of the polynomial - * H(z) := (A(z)*B(z)-C(z))/Z(z) - * where - * A(z) := A_0(z) + \sum_{k=1}^{m} w_k A_k(z) + d1 * Z(z) - * B(z) := B_0(z) + \sum_{k=1}^{m} w_k B_k(z) + d2 * Z(z) - * C(z) := C_0(z) + \sum_{k=1}^{m} w_k C_k(z) + d3 * Z(z) - * Z(z) := "vanishing polynomial of set S" - * and - * m = number of variables of the QAP - * n = degree of the QAP - * - * This is done as follows: - * (1) compute evaluations of A,B,C on S = {sigma_1,...,sigma_n} - * (2) compute coefficients of A,B,C - * (3) compute evaluations of A,B,C on T = "coset of S" - * (4) compute evaluation of H on T - * (5) compute coefficients of H - * (6) patch H to account for d1,d2,d3 (i.e., add coefficients of the polynomial (A d2 + B d1 - - * d3) + d1*d2*Z ) - * - * The code below is not as simple as the above high-level description due to - * some reshuffling to save space. - */ - static qap_witness - witness_map(const r1cs_constraint_system &cs, - const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input, - const typename FieldType::value_type &d1, - const typename FieldType::value_type &d2, - const typename FieldType::value_type &d3) { - /* sanity check */ - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints() + cs.num_inputs() + 1); - - r1cs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert(full_variable_assignment.end(), auxiliary_input.begin(), - auxiliary_input.end()); - - std::vector aA(domain->m, FieldType::value_type::zero()), - aB(domain->m, FieldType::value_type::zero()); - - /* account for the additional constraints input_i * 0 = 0 */ - for (std::size_t i = 0; i <= cs.num_inputs(); ++i) { - aA[i + cs.num_constraints()] = - (i > 0 ? full_variable_assignment[i - 1] : FieldType::value_type::one()); - } - /* account for all other constraints */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aA[i] += cs.constraints[i].a.evaluate(full_variable_assignment); - aB[i] += cs.constraints[i].b.evaluate(full_variable_assignment); - } - - domain->inverse_fft(aA); - - domain->inverse_fft(aB); - - std::vector coefficients_for_H( - domain->m + 1, FieldType::value_type::zero()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - /* add coefficients of the polynomial (d2*A + d1*B - d3) + d1*d2*Z */ - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] = d2 * aA[i] + d1 * aB[i]; - } - coefficients_for_H[0] -= d3; - domain->add_poly_z(d1 * d2, coefficients_for_H); - - math::multiply_by_coset( - aA, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aA); - - math::multiply_by_coset( - aB, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aB); - - std::vector &H_tmp = aA; - // can overwrite aA because it is not used later -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = aA[i] * aB[i]; - } - std::vector().swap(aB); // destroy aB - - std::vector aC(domain->m, FieldType::value_type::zero()); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aC[i] += cs.constraints[i].c.evaluate(full_variable_assignment); - } - - domain->inverse_fft(aC); - - math::multiply_by_coset( - aC, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aC); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = (H_tmp[i] - aC[i]); - } - - domain->divide_by_z_on_coset(H_tmp); - - domain->inverse_fft(H_tmp); - - multiply_by_coset(H_tmp, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator) - .inversed()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] += H_tmp[i]; - } - - return qap_witness(cs.num_variables(), domain->m, cs.num_inputs(), d1, d2, d3, - full_variable_assignment, std::move(coefficients_for_H)); - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_sap.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_sap.hpp deleted file mode 100644 index d6dcce4518..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/r1cs_to_sap.hpp +++ /dev/null @@ -1,480 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a R1CS-to-SAP reduction, that is, constructing -// a SAP ("Square Arithmetic Program") from a R1CS ("Rank-1 Constraint System"). -// -// SAPs are defined and constructed from R1CS in \[GM17]. -// -// The implementation of the reduction follows, extends, and optimizes -// the efficient approach described in Appendix E of \[BCGTV13]. -// -// References: -// -// \[BCGTV13] -// "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge", -// Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, Madars Virza, -// CRYPTO 2013, -// -// -// \[GM17]: -// "Snarky Signatures: Minimal Signatures of Knowledge from -// Simulation-Extractable SNARKs", -// Jens Groth and Mary Maller, -// IACR-CRYPTO-2017, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP -#define CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - class r1cs_to_sap { - typedef FieldType field_type; - - /** - * Helper function to multiply a field element by 4 efficiently - */ - static typename FieldType::value_type times_four(typename FieldType::value_type x) { - typename FieldType::value_type times_two = x + x; - return times_two + times_two; - } - - public: - /** - * Helper function to find evaluation domain that will be used by the reduction - * for a given R1CS instance. - */ - static std::shared_ptr> - get_domain(const r1cs_constraint_system &cs) { - /* - * the SAP instance will have: - * - two constraints for every constraint in the original constraint system - * - two constraints for every public input, except the 0th, which - * contributes just one extra constraint - * see comments in instance_map for details on where these - * constraints come from. - */ - return math::make_evaluation_domain(2 * cs.num_constraints() + - 2 * cs.num_inputs() + 1); - } - - /** - * Instance map for the R1CS-to-SAP reduction. - */ - static sap_instance instance_map(const r1cs_constraint_system &cs) { - const std::shared_ptr> domain = get_domain(cs); - - std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs(); - - std::vector> A_in_Lagrange_basis( - sap_num_variables + 1); - std::vector> C_in_Lagrange_basis( - sap_num_variables + 1); - - /** - * process R1CS constraints, converting a constraint of the form - * \sum a_i x_i * \sum b_i x_i = \sum c_i x_i - * into two constraints - * (\sum (a_i + b_i) x_i)^2 = 4 \sum c_i x_i + x'_i - * (\sum (a_i - b_i) x_i)^2 = x'_i - * where x'_i is an extra variable (a separate one for each original - * constraint) - * - * this adds 2 * cs.num_constraints() constraints - * (numbered 0 .. 2 * cs.num_constraints() - 1) - * and cs.num_constraints() extra variables - * (numbered cs.num_variables() + 1 .. cs.num_variables() + cs.num_constraints()) - */ - std::size_t extra_var_offset = cs.num_variables() + 1; - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - A_in_Lagrange_basis[cs.constraints[i].a.terms[j].index][2 * i] += - cs.constraints[i].a.terms[j].coeff; - A_in_Lagrange_basis[cs.constraints[i].a.terms[j].index][2 * i + 1] += - cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - A_in_Lagrange_basis[cs.constraints[i].b.terms[j].index][2 * i] += - cs.constraints[i].b.terms[j].coeff; - A_in_Lagrange_basis[cs.constraints[i].b.terms[j].index][2 * i + 1] -= - cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - C_in_Lagrange_basis[cs.constraints[i].c.terms[j].index][2 * i] += - times_four(cs.constraints[i].c.terms[j].coeff); - } - - C_in_Lagrange_basis[extra_var_offset + i][2 * i] += FieldType::value_type::one(); - C_in_Lagrange_basis[extra_var_offset + i][2 * i + 1] += FieldType::value_type::one(); - } - - /** - * add and convert the extra constraints - * x_i * 1 = x_i - * to ensure that the polynomials 0 .. cs.num_inputs() are linearly - * independent from each other and the rest, which is required for security - * proofs (see [GM17, p. 29]) - * - * note that i = 0 is a special case, where this constraint is expressible - * as x_0^2 = x_0, - * whereas for every other i we introduce an extra variable x''_i and do - * (x_i + x_0)^2 = 4 x_i + x''_i - * (x_i - x_0)^2 = x''_i - * - * this adds 2 * cs.num_inputs() + 1 extra constraints - * (numbered 2 * cs.num_constraints() .. - * 2 * cs.num_constraints() + 2 * cs.num_inputs()) - * and cs.num_inputs() extra variables - * (numbered cs.num_variables() + cs.num_constraints() + 1 .. - * cs.num_variables() + cs.num_constraints() + cs.num_inputs()) - */ - - std::size_t extra_constr_offset = 2 * cs.num_constraints(); - std::size_t extra_var_offset2 = cs.num_variables() + cs.num_constraints(); - /** - * NB: extra variables start at (extra_var_offset2 + 1), because i starts at - * 1 below - */ - - A_in_Lagrange_basis[0][extra_constr_offset] = FieldType::value_type::one(); - C_in_Lagrange_basis[0][extra_constr_offset] = FieldType::value_type::one(); - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - A_in_Lagrange_basis[i][extra_constr_offset + 2 * i - 1] += FieldType::value_type::one(); - A_in_Lagrange_basis[0][extra_constr_offset + 2 * i - 1] += FieldType::value_type::one(); - C_in_Lagrange_basis[i][extra_constr_offset + 2 * i - 1] += - times_four(FieldType::value_type::one()); - C_in_Lagrange_basis[extra_var_offset2 + i][extra_constr_offset + 2 * i - 1] += - FieldType::value_type::one(); - - A_in_Lagrange_basis[i][extra_constr_offset + 2 * i] += FieldType::value_type::one(); - A_in_Lagrange_basis[0][extra_constr_offset + 2 * i] -= FieldType::value_type::one(); - C_in_Lagrange_basis[extra_var_offset2 + i][2 * cs.num_constraints() + 2 * i] += - FieldType::value_type::one(); - } - - return sap_instance(domain, - sap_num_variables, - domain->m, - cs.num_inputs(), - std::move(A_in_Lagrange_basis), - std::move(C_in_Lagrange_basis)); - } - - /** - * Instance map for the R1CS-to-SAP reduction followed by evaluation - * of the resulting QAP instance. - */ - static sap_instance_evaluation - instance_map_with_evaluation(const r1cs_constraint_system &cs, - const typename FieldType::value_type &t) { - - const std::shared_ptr> domain = get_domain(cs); - - std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs(); - - std::vector At, Ct, Ht; - - At.resize(sap_num_variables + 1, FieldType::value_type::zero()); - Ct.resize(sap_num_variables + 1, FieldType::value_type::zero()); - Ht.reserve(domain->m + 1); - - const typename FieldType::value_type Zt = domain->compute_vanishing_polynomial(t); - - const std::vector u = - domain->evaluate_all_lagrange_polynomials(t); - /** - * add and process all constraints as in instance_map - */ - std::size_t extra_var_offset = cs.num_variables() + 1; - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].a.terms.size(); ++j) { - At[cs.constraints[i].a.terms[j].index] += - u[2 * i] * cs.constraints[i].a.terms[j].coeff; - At[cs.constraints[i].a.terms[j].index] += - u[2 * i + 1] * cs.constraints[i].a.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].b.terms.size(); ++j) { - At[cs.constraints[i].b.terms[j].index] += - u[2 * i] * cs.constraints[i].b.terms[j].coeff; - At[cs.constraints[i].b.terms[j].index] -= - u[2 * i + 1] * cs.constraints[i].b.terms[j].coeff; - } - - for (std::size_t j = 0; j < cs.constraints[i].c.terms.size(); ++j) { - Ct[cs.constraints[i].c.terms[j].index] += - times_four(u[2 * i] * cs.constraints[i].c.terms[j].coeff); - } - - Ct[extra_var_offset + i] += u[2 * i]; - Ct[extra_var_offset + i] += u[2 * i + 1]; - } - - std::size_t extra_constr_offset = 2 * cs.num_constraints(); - std::size_t extra_var_offset2 = cs.num_variables() + cs.num_constraints(); - - At[0] += u[extra_constr_offset]; - Ct[0] += u[extra_constr_offset]; - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - At[i] += u[extra_constr_offset + 2 * i - 1]; - At[0] += u[extra_constr_offset + 2 * i - 1]; - Ct[i] += times_four(u[extra_constr_offset + 2 * i - 1]); - Ct[extra_var_offset2 + i] += u[extra_constr_offset + 2 * i - 1]; - - At[i] += u[extra_constr_offset + 2 * i]; - At[0] -= u[extra_constr_offset + 2 * i]; - Ct[extra_var_offset2 + i] += u[extra_constr_offset + 2 * i]; - } - - typename FieldType::value_type ti = FieldType::value_type::one(); - for (std::size_t i = 0; i < domain->m + 1; ++i) { - Ht.emplace_back(ti); - ti *= t; - } - - return sap_instance_evaluation(domain, - sap_num_variables, - domain->m, - cs.num_inputs(), - t, - std::move(At), - std::move(Ct), - std::move(Ht), - Zt); - } - - /** - * Witness map for the R1CS-to-SAP reduction. - * - * The witness map takes zero knowledge into account when d1, d2 are random. - * - * More precisely, compute the coefficients - * h_0,h_1,...,h_n - * of the polynomial - * H(z) := (A(z)*A(z)-C(z))/Z(z) - * where - * A(z) := A_0(z) + \sum_{k=1}^{m} w_k A_k(z) + d1 * Z(z) - * C(z) := C_0(z) + \sum_{k=1}^{m} w_k C_k(z) + d2 * Z(z) - * Z(z) := "vanishing polynomial of set S" - * and - * m = number of variables of the SAP - * n = degree of the SAP - * - * This is done as follows: - * (1) compute evaluations of A,C on S = {sigma_1,...,sigma_n} - * (2) compute coefficients of A,C - * (3) compute evaluations of A,C on T = "coset of S" - * (4) compute evaluation of H on T - * (5) compute coefficients of H - * (6) patch H to account for d1,d2 - (i.e., add coefficients of the polynomial (2*d1*A - d2 + d1^2 * Z)) - * - * The code below is not as simple as the above high-level description due to - * some reshuffling to save space. - */ - static sap_witness - witness_map(const r1cs_constraint_system &cs, - const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input, - const typename FieldType::value_type &d1, - const typename FieldType::value_type &d2) { - /* sanity check */ - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - const std::shared_ptr> domain = get_domain(cs); - - std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs(); - - r1cs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert( - full_variable_assignment.end(), auxiliary_input.begin(), auxiliary_input.end()); - /** - * we need to generate values of all the extra variables that we added - * during the reduction - * - * note: below, we pass full_variable_assignment into the .evaluate() - * method of the R1CS constraints. however, these extra variables shouldn't - * be a problem, because .evaluate() only accesses the variables that are - * actually used in the constraint. - */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - /** - * this is variable (extra_var_offset + i), an extra variable - * we introduced that is not present in the input. - * its value is (a - b)^2 - */ - typename FieldType::value_type extra_var = - cs.constraints[i].a.evaluate(full_variable_assignment) - - cs.constraints[i].b.evaluate(full_variable_assignment); - extra_var = extra_var * extra_var; - full_variable_assignment.push_back(extra_var); - } - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - /** - * this is variable (extra_var_offset2 + i), an extra variable - * we introduced that is not present in the input. - * its value is (x_i - 1)^2 - */ - typename FieldType::value_type extra_var = - full_variable_assignment[i - 1] - FieldType::value_type::one(); - extra_var = extra_var * extra_var; - full_variable_assignment.push_back(extra_var); - } - - std::vector aA(domain->m, FieldType::value_type::zero()); - - /* account for all constraints, as in instance_map */ - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aA[2 * i] += cs.constraints[i].a.evaluate(full_variable_assignment); - aA[2 * i] += cs.constraints[i].b.evaluate(full_variable_assignment); - - aA[2 * i + 1] += cs.constraints[i].a.evaluate(full_variable_assignment); - aA[2 * i + 1] -= cs.constraints[i].b.evaluate(full_variable_assignment); - } - - std::size_t extra_constr_offset = 2 * cs.num_constraints(); - - aA[extra_constr_offset] += FieldType::value_type::one(); - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - aA[extra_constr_offset + 2 * i - 1] += full_variable_assignment[i - 1]; - aA[extra_constr_offset + 2 * i - 1] += FieldType::value_type::one(); - - aA[extra_constr_offset + 2 * i] += full_variable_assignment[i - 1]; - aA[extra_constr_offset + 2 * i] -= FieldType::value_type::one(); - } - - domain->inverse_fft(aA); - - std::vector coefficients_for_H( - domain->m + 1, FieldType::value_type::zero()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - /* add coefficients of the polynomial (2*d1*A - d2) + d1*d1*Z */ - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] = (d1 * aA[i]) + (d1 * aA[i]); - } - coefficients_for_H[0] -= d2; - domain->add_poly_z(d1 * d1, coefficients_for_H); - - math::multiply_by_coset( - aA, - typename FieldType::value_type( - algebra::fields::arithmetic_params::multiplicative_generator)); - domain->fft(aA); - - std::vector &H_tmp = - aA; // can overwrite aA because it is not used later -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = aA[i] * aA[i]; - } - - std::vector aC(domain->m, FieldType::value_type::zero()); - /* again, accounting for all constraints */ - std::size_t extra_var_offset = cs.num_variables() + 1; - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aC[2 * i] += times_four(cs.constraints[i].c.evaluate(full_variable_assignment)); - - aC[2 * i] += full_variable_assignment[extra_var_offset + i - 1]; - aC[2 * i + 1] += full_variable_assignment[extra_var_offset + i - 1]; - } - - std::size_t extra_var_offset2 = cs.num_variables() + cs.num_constraints(); - aC[extra_constr_offset] += FieldType::value_type::one(); - - for (std::size_t i = 1; i <= cs.num_inputs(); ++i) { - aC[extra_constr_offset + 2 * i - 1] += times_four(full_variable_assignment[i - 1]); - - aC[extra_constr_offset + 2 * i - 1] += - full_variable_assignment[extra_var_offset2 + i - 1]; - aC[extra_constr_offset + 2 * i] += full_variable_assignment[extra_var_offset2 + i - 1]; - } - - domain->inverse_fft(aC); - - math::multiply_by_coset( - aC, - typename FieldType::value_type( - algebra::fields::arithmetic_params::multiplicative_generator)); - domain->fft(aC); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = (H_tmp[i] - aC[i]); - } - - domain->divide_by_z_on_coset(H_tmp); - - domain->inverse_fft(H_tmp); - multiply_by_coset(H_tmp, - typename FieldType::value_type( - algebra::fields::arithmetic_params::multiplicative_generator) - .inversed()); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] += H_tmp[i]; - } - - return sap_witness(sap_num_variables, - domain->m, - cs.num_inputs(), - d1, - d2, - full_variable_assignment, - std::move(coefficients_for_H)); - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/tbcs_to_uscs.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/tbcs_to_uscs.hpp deleted file mode 100644 index 55001b862e..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/tbcs_to_uscs.hpp +++ /dev/null @@ -1,200 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a TBCS-to-USCS reduction, that is, constructing -// a USCS ("Unitary-Square Constraint System") from a TBCS ("Two-input Boolean Circuit Satisfiability"). -// -// The reduction is straightforward: each non-output wire is mapped to a -// corresponding USCS constraint that enforces the wire to carry a boolean value; -// each 2-input boolean gate is mapped to a corresponding USCS constraint that -// enforces correct computation of the gate; each output wire is mapped to a -// corresponding USCS constraint that enforces that the output is zero. -// -// The mapping of a gate to a USCS constraint is due to \[GOS12]. -// -// References: -// -// \[GOS12]: -// "New techniques for noninteractive zero-knowledge", -// Jens Groth, Rafail Ostrovsky, Amit Sahai -// JACM 2012, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_TO_USCS_BASIC_POLICY_HPP -#define CRYPTO3_ZK_TBCS_TO_USCS_BASIC_POLICY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - struct tbcs_to_uscs { - typedef FieldType field_type; - - /** - * Instance map for the TBCS-to-USCS reduction. - */ - static uscs_constraint_system instance_map(const tbcs_circuit &circuit) { - assert(circuit.is_valid()); - uscs_constraint_system result; - - result.primary_input_size = circuit.primary_input_size; - result.auxiliary_input_size = circuit.auxiliary_input_size + circuit.gates.size(); - - for (auto &g : circuit.gates) { - const variable x(g.left_wire); - const variable y(g.right_wire); - const variable z(g.output); - - switch (g.type) { - case TBCS_GATE_CONSTANT_0: - /* Truth table (00, 01, 10, 11): (0, 0, 0, 0) - 0 * x + 0 * y + 1 * z + 1 \in {-1, 1} */ - result.add_constraint(0 * x + 0 * y + 1 * z + 1); - break; - case TBCS_GATE_AND: - /* Truth table (00, 01, 10, 11): (0, 0, 0, 1) - -2 * x + -2 * y + 4 * z + 1 \in {-1, 1} */ - result.add_constraint(-2 * x + -2 * y + 4 * z + 1); - break; - case TBCS_GATE_X_AND_NOT_Y: - /* Truth table (00, 01, 10, 11): (0, 0, 1, 0) - -2 * x + 2 * y + 4 * z + -1 \in {-1, 1} */ - result.add_constraint(-2 * x + 2 * y + 4 * z + -1); - break; - case TBCS_GATE_X: - /* Truth table (00, 01, 10, 11): (0, 0, 1, 1) - -1 * x + 0 * y + 1 * z + 1 \in {-1, 1} */ - result.add_constraint(-1 * x + 0 * y + 1 * z + 1); - break; - case TBCS_GATE_NOT_X_AND_Y: - /* Truth table (00, 01, 10, 11): (0, 1, 0, 0) - 2 * x + -2 * y + 4 * z + -1 \in {-1, 1} */ - result.add_constraint(2 * x + -2 * y + 4 * z + -1); - break; - case TBCS_GATE_Y: - /* Truth table (00, 01, 10, 11): (0, 1, 0, 1) - 0 * x + 1 * y + 1 * z + -1 \in {-1, 1} */ - result.add_constraint(0 * x + 1 * y + 1 * z + -1); - break; - case TBCS_GATE_XOR: - /* Truth table (00, 01, 10, 11): (0, 1, 1, 0) - 1 * x + 1 * y + 1 * z + -1 \in {-1, 1} */ - result.add_constraint(1 * x + 1 * y + 1 * z + -1); - break; - case TBCS_GATE_OR: - /* Truth table (00, 01, 10, 11): (0, 1, 1, 1) - -2 * x + -2 * y + 4 * z + -1 \in {-1, 1} */ - result.add_constraint(-2 * x + -2 * y + 4 * z + -1); - break; - case TBCS_GATE_NOR: - /* Truth table (00, 01, 10, 11): (1, 0, 0, 0) - 2 * x + 2 * y + 4 * z + -3 \in {-1, 1} */ - result.add_constraint(2 * x + 2 * y + 4 * z + -3); - break; - case TBCS_GATE_EQUIVALENCE: - /* Truth table (00, 01, 10, 11): (1, 0, 0, 1) - 1 * x + 1 * y + 1 * z + -2 \in {-1, 1} */ - result.add_constraint(1 * x + 1 * y + 1 * z + -2); - break; - case TBCS_GATE_NOT_Y: - /* Truth table (00, 01, 10, 11): (1, 0, 1, 0) - 0 * x + -1 * y + 1 * z + 0 \in {-1, 1} */ - result.add_constraint(0 * x + -1 * y + 1 * z + 0); - break; - case TBCS_GATE_IF_Y_THEN_X: - /* Truth table (00, 01, 10, 11): (1, 0, 1, 1) - -2 * x + 2 * y + 4 * z + -3 \in {-1, 1} */ - result.add_constraint(-2 * x + 2 * y + 4 * z + -3); - break; - case TBCS_GATE_NOT_X: - /* Truth table (00, 01, 10, 11): (1, 1, 0, 0) - -1 * x + 0 * y + 1 * z + 0 \in {-1, 1} */ - result.add_constraint(-1 * x + 0 * y + 1 * z + 0); - break; - case TBCS_GATE_IF_X_THEN_Y: - /* Truth table (00, 01, 10, 11): (1, 1, 0, 1) - 2 * x + -2 * y + 4 * z + -3 \in {-1, 1} */ - result.add_constraint(2 * x + -2 * y + 4 * z + -3); - break; - case TBCS_GATE_NAND: - /* Truth table (00, 01, 10, 11): (1, 1, 1, 0) - 2 * x + 2 * y + 4 * z + -5 \in {-1, 1} */ - result.add_constraint(2 * x + 2 * y + 4 * z + -5); - break; - case TBCS_GATE_CONSTANT_1: - /* Truth table (00, 01, 10, 11): (1, 1, 1, 1) - 0 * x + 0 * y + 1 * z + 0 \in {-1, 1} */ - result.add_constraint(0 * x + 0 * y + 1 * z + 0); - break; - default: - assert(0); - } - } - - for (std::size_t i = 0; - i < circuit.primary_input_size + circuit.auxiliary_input_size + circuit.gates.size(); - ++i) { - /* require that 2 * wire - 1 \in {-1,1}, that is wire \in {0,1} */ - result.add_constraint(2 * variable(i) - 1); - } - - for (auto &g : circuit.gates) { - if (g.is_circuit_output) { - /* require that output + 1 \in {-1,1}, this together with output binary (above) - * enforces output = 0 */ - result.add_constraint(variable(g.output) + 1); - } - } - - return result; - } - - /** - * Witness map for the TBCS-to-USCS reduction. - */ - static uscs_variable_assignment - witness_map(const tbcs_circuit &circuit, - const tbcs_primary_input &primary_input, - const tbcs_auxiliary_input &auxiliary_input) { - - const tbcs_variable_assignment all_wires = - circuit.get_all_wires(primary_input, auxiliary_input); - const uscs_variable_assignment result = - algebra::convert_bit_vector_to_field_element_vector(all_wires); - return result; - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_TO_USCS_BASIC_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/uscs_to_ssp.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/uscs_to_ssp.hpp deleted file mode 100644 index a5fc1d73fd..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/reductions/uscs_to_ssp.hpp +++ /dev/null @@ -1,256 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a USCS-to-SSP reduction, that is, constructing -// a SSP ("Square Span Program") from a USCS ("boolean circuit with 2-input gates"). -// -// SSPs are defined in \[DFGK14], and constructed for USCS also in \[DFGK14]. -// -// The implementation of the reduction adapts to \[DFGK14], extends, and optimizes -// the efficient QAP-based approach described in Appendix E of \[BCGTV13]. -// -// References: -// -// \[BCGTV13] -// "SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge", -// Eli Ben-Sasson, Alessandro Chiesa, Daniel Genkin, Eran Tromer, Madars Virza, -// CRYPTO 2013, -// -// -// \[DFGK14]: -// "Square Span Programs with Applications to Succinct NIZK Arguments" -// George Danezis, Cedric Fournet, Jens Groth, Markulf Kohlweiss, -// ASIACRYPT 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_TO_SSP_REDUCTION_HPP -#define CRYPTO3_ZK_USCS_TO_SSP_REDUCTION_HPP - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace reductions { - template - struct uscs_to_ssp { - typedef FieldType field_type; - - /** - * Instance map for the USCS-to-SSP reduction. - * - * Namely, given a USCS constraint system cs, construct a SSP instance for which: - * V := (V_0(z),V_1(z),...,V_m(z)) - * where - * m = number of variables of the SSP - * and - * each V_i is expressed in the Lagrange basis. - */ - static ssp_instance instance_map(const uscs_constraint_system &cs) { - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints()); - std::vector> V_in_Lagrange_basis( - cs.num_variables() + 1); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].terms.size(); ++j) { - V_in_Lagrange_basis[cs.constraints[i].terms[j].index][i] += - cs.constraints[i].terms[j].coeff; - } - } - for (std::size_t i = cs.num_constraints(); i < domain->m; ++i) { - V_in_Lagrange_basis[0][i] += FieldType::value_type::one(); - } - - return ssp_instance( - domain, cs.num_variables(), domain->m, cs.num_inputs(), std::move(V_in_Lagrange_basis)); - } - - /** - * Instance map for the USCS-to-SSP reduction followed by evaluation of the resulting SSP - * instance. - * - * Namely, given a USCS constraint system cs and a field element t, construct - * a SSP instance (evaluated at t) for which: - * Vt := (V_0(t),V_1(t),...,V_m(t)) - * Ht := (1,t,t^2,...,t^n) - * Zt := Z(t) = "vanishing polynomial of a certain set S, evaluated at t" - * where - * m = number of variables of the SSP - * n = degree of the SSP - */ - static ssp_instance_evaluation - instance_map_with_evaluation(const uscs_constraint_system &cs, - const typename FieldType::value_type &t) { - const std::shared_ptr> domain = - math::make_evaluation_domain(cs.num_constraints()); - - std::vector Vt(cs.num_variables() + 1, - FieldType::value_type::zero()); - std::vector Ht(domain->m + 1); - - const typename FieldType::value_type Zt = domain->compute_vanishing_polynomial(t); - - const std::vector u = - domain->evaluate_all_lagrange_polynomials(t); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - for (std::size_t j = 0; j < cs.constraints[i].terms.size(); ++j) { - Vt[cs.constraints[i].terms[j].index] += u[i] * cs.constraints[i].terms[j].coeff; - } - } - for (std::size_t i = cs.num_constraints(); i < domain->m; ++i) { - Vt[0] += u[i]; /* dummy constraint: 1^2 = 1 */ - } - typename FieldType::value_type ti = FieldType::value_type::one(); - for (std::size_t i = 0; i < domain->m + 1; ++i) { - Ht[i] = ti; - ti *= t; - } - - return ssp_instance_evaluation(domain, - cs.num_variables(), - domain->m, - cs.num_inputs(), - t, - std::move(Vt), - std::move(Ht), - Zt); - } - - /** - * Witness map for the USCS-to-SSP reduction. - * - * The witness map takes zero knowledge into account when d is random. - * - * More precisely, compute the coefficients - * h_0,h_1,...,h_n - * of the polynomial - * H(z) := (V(z)^2-1)/Z(z) - * where - * V(z) := V_0(z) + \sum_{k=1}^{m} w_k V_k(z) + d * Z(z) - * Z(z) := "vanishing polynomial of set S" - * and - * m = number of variables of the SSP - * n = degree of the SSP - * - * This is done as follows: - * (1) compute evaluations of V on S = {sigma_1,...,sigma_n} - * (2) compute coefficients of V - * (3) compute evaluations of V on T = "coset of S" - * (4) compute evaluation of H on T - * (5) compute coefficients of H - * (6) patch H to account for d (i.e., add coefficients of the polynomial 2*d*V(z) + d*d*Z(z) ) - * - * The code below is not as simple as the above high-level description due to - * some reshuffling to save space. - */ - static ssp_witness - witness_map(const uscs_constraint_system &cs, - const uscs_primary_input &primary_input, - const uscs_auxiliary_input &auxiliary_input, - const typename FieldType::value_type &d) { - /* sanity check */ - - assert(cs.is_satisfied(primary_input, auxiliary_input)); - - uscs_variable_assignment full_variable_assignment = primary_input; - full_variable_assignment.insert( - full_variable_assignment.end(), auxiliary_input.begin(), auxiliary_input.end()); - - const std::shared_ptr> domain = - make_evaluation_domain(cs.num_constraints()); - - std::vector aA(domain->m, FieldType::value_type::zero()); - assert(domain->m >= cs.num_constraints()); - for (std::size_t i = 0; i < cs.num_constraints(); ++i) { - aA[i] += cs.constraints[i].evaluate(full_variable_assignment); - } - for (std::size_t i = cs.num_constraints(); i < domain->m; ++i) { - aA[i] += FieldType::value_type::one(); - } - - domain->inverse_fft(aA); - - std::vector coefficients_for_H( - domain->m + 1, FieldType::value_type::zero()); -#ifdef MULTICORE -#pragma omp parallel for -#endif - /* add coefficients of the polynomial 2*d*V(z) + d*d*Z(z) */ - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] = typename FieldType::value_type(2) * d * aA[i]; - } - domain->add_poly_z(d.squared(), coefficients_for_H); - - math::multiply_by_coset( - aA, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator)); - domain->fft(aA); - - std::vector &H_tmp = - aA; // can overwrite aA because it is not used later -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - H_tmp[i] = aA[i].squared() - FieldType::value_type::one(); - } - - domain->divide_by_z_on_coset(H_tmp); - - domain->inverse_fft(H_tmp); - multiply_by_coset(H_tmp, - typename FieldType::value_type( - fields::arithmetic_params::multiplicative_generator) - .inversed()); - -#ifdef MULTICORE -#pragma omp parallel for -#endif - for (std::size_t i = 0; i < domain->m; ++i) { - coefficients_for_H[i] += H_tmp[i]; - } - - return ssp_witness(cs.num_variables(), - domain->m, - cs.num_inputs(), - d, - full_variable_assignment, - std::move(coefficients_for_H)); - } - }; - } // namespace reductions - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_TO_SSP_BASIC_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/compliance_predicate.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/compliance_predicate.hpp deleted file mode 100644 index bdb8517d9d..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/compliance_predicate.hpp +++ /dev/null @@ -1,284 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a compliance predicate for R1CS PCD. -// -// A compliance predicate specifies a local invariant to be enforced, by PCD, -// throughout a dynamic distributed computation. A compliance predicate -// receives input messages, local data, and an output message (and perhaps some -// other auxiliary information), and then either accepts or rejects. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_COMPLIANCE_PREDICATE_HPP -#define CRYPTO3_ZK_COMPLIANCE_PREDICATE_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /********************************* Message ***********************************/ - - /** - * A message for R1CS PCD. - * - * It is a pair, consisting of - * - a type (a positive integer), and - * - a payload (a vector of field elements). - */ - template - struct r1cs_pcd_message { - std::size_t type; - - r1cs_pcd_message(std::size_t type) : type(type) { - } - virtual r1cs_variable_assignment payload_as_r1cs_variable_assignment() const = 0; - r1cs_variable_assignment as_r1cs_variable_assignment() const { - r1cs_variable_assignment result = this->payload_as_r1cs_variable_assignment(); - result.insert(result.begin(), typename FieldType::value_type(this->type)); - return result; - } - - virtual ~r1cs_pcd_message() = default; - }; - - /******************************* Local data **********************************/ - - /** - * A local data for R1CS PCD. - */ - template - struct r1cs_pcd_local_data { - r1cs_pcd_local_data() = default; - virtual r1cs_variable_assignment as_r1cs_variable_assignment() const = 0; - virtual ~r1cs_pcd_local_data() = default; - }; - - /******************************** Witness ************************************/ - - template - using r1cs_pcd_witness = std::vector; - - /*************************** Compliance predicate ****************************/ - - /** - * A compliance predicate for R1CS PCD. - * - * It is a wrapper around R1CS that also specifies how to parse a - * variable assignment as: - * - output message (the input) - * - some number of input messages (part of the witness) - * - local data (also part of the witness) - * - auxiliary information (the remaining variables of the witness) - * - * A compliance predicate also has a type, allegedly the same - * as the type of the output message. - * - * The input wires of R1CS appear in the following order: - * - (1 + outgoing_message_payload_length) wires for outgoing message - * - 1 wire for arity (allegedly, 0 <= arity <= max_arity) - * - for i = 0, ..., max_arity-1: - * - (1 + incoming_message_payload_lengths[i]) wires for i-th message of - * the input (in the array that's padded to max_arity messages) - * - local_data_length wires for local data - * - * The rest witness_length wires of the R1CS constitute the witness. - * - * To allow for optimizations, the compliance predicate also - * specififies a flag, called relies_on_same_type_inputs, denoting - * whether the predicate works under the assumption that all input - * messages have the same type. In such case a member - * accepted_input_types lists all types accepted by the predicate - * (accepted_input_types has no meaning if - * relies_on_same_type_inputs=false). - */ - - template - class r1cs_pcd_compliance_predicate { - public: - std::size_t name; - std::size_t type; - - r1cs_constraint_system constraint_system; - - std::size_t outgoing_message_payload_length; - std::size_t max_arity; - std::vector incoming_message_payload_lengths; - std::size_t local_data_length; - std::size_t witness_length; - - bool relies_on_same_type_inputs; - std::set accepted_input_types; - - r1cs_pcd_compliance_predicate() = default; - r1cs_pcd_compliance_predicate(r1cs_pcd_compliance_predicate &&other) = default; - r1cs_pcd_compliance_predicate(const r1cs_pcd_compliance_predicate &other) = default; - r1cs_pcd_compliance_predicate( - std::size_t name, - std::size_t type, - const r1cs_constraint_system &constraint_system, - std::size_t outgoing_message_payload_length, - std::size_t max_arity, - const std::vector &incoming_message_payload_lengths, - std::size_t local_data_length, - std::size_t witness_length, - bool relies_on_same_type_inputs, - const std::set &accepted_input_types = std::set()); - - r1cs_pcd_compliance_predicate & - operator=(const r1cs_pcd_compliance_predicate &other) = default; - - bool is_well_formed() const; - bool has_equal_input_and_output_lengths() const; - bool has_equal_input_lengths() const; - - bool - is_satisfied(const std::shared_ptr> &outgoing_message, - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data, - const r1cs_pcd_witness &witness) const; - - bool operator==(const r1cs_pcd_compliance_predicate &other) const; - }; - - template - class r1cs_pcd_compliance_predicate_primary_input; - - template - class r1cs_pcd_compliance_predicate_auxiliary_input; - - template - r1cs_pcd_compliance_predicate::r1cs_pcd_compliance_predicate( - std::size_t name, - std::size_t type, - const r1cs_constraint_system &constraint_system, - std::size_t outgoing_message_payload_length, - std::size_t max_arity, - const std::vector &incoming_message_payload_lengths, - std::size_t local_data_length, - std::size_t witness_length, - bool relies_on_same_type_inputs, - const std::set &accepted_input_types) : - name(name), - type(type), constraint_system(constraint_system), - outgoing_message_payload_length(outgoing_message_payload_length), max_arity(max_arity), - incoming_message_payload_lengths(incoming_message_payload_lengths), - local_data_length(local_data_length), witness_length(witness_length), - relies_on_same_type_inputs(relies_on_same_type_inputs), accepted_input_types(accepted_input_types) { - assert(max_arity == incoming_message_payload_lengths.size()); - } - - template - bool r1cs_pcd_compliance_predicate::is_well_formed() const { - const bool type_not_zero = (type != 0); - const bool incoming_message_payload_lengths_well_specified = - (incoming_message_payload_lengths.size() == max_arity); - - std::size_t all_message_payload_lengths = outgoing_message_payload_length; - for (std::size_t i = 0; i < incoming_message_payload_lengths.size(); ++i) { - all_message_payload_lengths += incoming_message_payload_lengths[i]; - } - const std::size_t type_vec_length = max_arity + 1; - const std::size_t arity_length = 1; - - const bool correct_num_inputs = - ((outgoing_message_payload_length + 1) == constraint_system.num_inputs()); - const bool correct_num_variables = - ((all_message_payload_lengths + local_data_length + type_vec_length + arity_length + - witness_length) == constraint_system.num_variables()); - - return (type_not_zero && incoming_message_payload_lengths_well_specified && correct_num_inputs && - correct_num_variables); - } - - template - bool r1cs_pcd_compliance_predicate::has_equal_input_and_output_lengths() const { - for (std::size_t i = 0; i < incoming_message_payload_lengths.size(); ++i) { - if (incoming_message_payload_lengths[i] != outgoing_message_payload_length) { - return false; - } - } - - return true; - } - - template - bool r1cs_pcd_compliance_predicate::has_equal_input_lengths() const { - for (std::size_t i = 1; i < incoming_message_payload_lengths.size(); ++i) { - if (incoming_message_payload_lengths[i] != incoming_message_payload_lengths[0]) { - return false; - } - } - - return true; - } - - template - bool r1cs_pcd_compliance_predicate::operator==( - const r1cs_pcd_compliance_predicate &other) const { - return (this->name == other.name && this->type == other.type && - this->constraint_system == other.constraint_system && - this->outgoing_message_payload_length == other.outgoing_message_payload_length && - this->max_arity == other.max_arity && - this->incoming_message_payload_lengths == other.incoming_message_payload_lengths && - this->local_data_length == other.local_data_length && - this->witness_length == other.witness_length && - this->relies_on_same_type_inputs == other.relies_on_same_type_inputs && - this->accepted_input_types == other.accepted_input_types); - } - - template - bool r1cs_pcd_compliance_predicate::is_satisfied( - const std::shared_ptr> &outgoing_message, - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data, - const r1cs_pcd_witness &witness) const { - assert(outgoing_message.payload_as_r1cs_variable_assignment().size() == - outgoing_message_payload_length); - assert(incoming_messages.size() <= max_arity); - for (std::size_t i = 0; i < incoming_messages.size(); ++i) { - assert(incoming_messages[i].payload_as_r1cs_variable_assignment().size() == - incoming_message_payload_lengths[i]); - } - assert(local_data.as_r1cs_variable_assignment().size() == local_data_length); - - r1cs_pcd_compliance_predicate_primary_input cp_primary_input(outgoing_message); - r1cs_pcd_compliance_predicate_auxiliary_input cp_auxiliary_input(incoming_messages, - local_data, witness); - - return constraint_system.is_satisfied( - cp_primary_input.as_r1cs_primary_input(), - cp_auxiliary_input.as_r1cs_auxiliary_input(incoming_message_payload_lengths)); - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // COMPLIANCE_PREDICATE_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/ppzkpcd_compliance_predicate.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/ppzkpcd_compliance_predicate.hpp deleted file mode 100644 index db6f70d467..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/ppzkpcd_compliance_predicate.hpp +++ /dev/null @@ -1,59 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Template aliasing for prettifying R1CS PCD interfaces. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_PPZKPCD_COMPLIANCE_PREDICATE_HPP -#define CRYPTO3_ZK_PPZKPCD_COMPLIANCE_PREDICATE_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /* template aliasing for R1CS (multi-predicate) ppzkPCD: */ - - template - using r1cs_mp_ppzkpcd_compliance_predicate = - r1cs_pcd_compliance_predicate>; - - template - using r1cs_mp_ppzkpcd_message = r1cs_pcd_message>; - - template - using r1cs_mp_ppzkpcd_local_data = r1cs_pcd_local_data>; - - template - using r1cs_mp_ppzkpcd_variable_assignment = - r1cs_variable_assignment>; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // PPZKPCD_COMPLIANCE_PREDICATE_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.hpp deleted file mode 100644 index ce35f915f4..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.hpp +++ /dev/null @@ -1,714 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a *multi-predicate* ppzkPCD for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm -// - online verifier algorithm -// -// The implementation follows, extends, and optimizes the approach described -// in \[CTV15]. Thus, PCD is constructed from two "matched" ppzkSNARKs for R1CS. -// -// Acronyms: -// -// "R1CS" = "Rank-1 Constraint Systems" -// "ppzkSNARK" = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// "ppzkPCD" = "Pre-Processing Zero-Knowledge Proof-Carrying Data" -// -// References: -// -// \[CTV15]: -// "Cluster Computing in Zero Knowledge", -// Alessandro Chiesa, Eran Tromer, Madars Virza, -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_MP_PPZKPCD_HPP -#define CRYPTO3_R1CS_MP_PPZKPCD_HPP - -#include -#include - -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS (multi-predicate) ppzkPCD. - */ - template - class r1cs_mp_ppzkpcd_proving_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - std::vector> compliance_predicates; - - std::vector::proving_key_type> compliance_step_r1cs_pks; - std::vector::proving_key_type> translation_step_r1cs_pks; - - std::vector::verification_key_type> compliance_step_r1cs_vks; - std::vector::verification_key_type> translation_step_r1cs_vks; - - set_commitment commitment_to_translation_step_r1cs_vks; - std::vector compliance_step_r1cs_vk_membership_proofs; - - std::map compliance_predicate_name_to_idx; - - r1cs_mp_ppzkpcd_proving_key() {}; - r1cs_mp_ppzkpcd_proving_key(const r1cs_mp_ppzkpcd_proving_key &other) = default; - r1cs_mp_ppzkpcd_proving_key(r1cs_mp_ppzkpcd_proving_key &&other) = default; - r1cs_mp_ppzkpcd_proving_key( - const std::vector> &compliance_predicates, - const std::vector::proving_key_type> &compliance_step_r1cs_pk, - const std::vector::proving_key_type> &translation_step_r1cs_pk, - const std::vector::verification_key_type> - &compliance_step_r1cs_vk, - const std::vector::verification_key_type> - &translation_step_r1cs_vk, - const set_commitment &commitment_to_translation_step_r1cs_vks, - const std::vector &compliance_step_r1cs_vk_membership_proofs, - const std::map &compliance_predicate_name_to_idx) : - compliance_predicates(compliance_predicates), - compliance_step_r1cs_pks(compliance_step_r1cs_pks), - translation_step_r1cs_pks(translation_step_r1cs_pks), - compliance_step_r1cs_vks(compliance_step_r1cs_vks), - translation_step_r1cs_vks(translation_step_r1cs_vks), - commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks), - compliance_step_r1cs_vk_membership_proofs(compliance_step_r1cs_vk_membership_proofs), - compliance_predicate_name_to_idx(compliance_predicate_name_to_idx) { - } - - r1cs_mp_ppzkpcd_proving_key & - operator=(const r1cs_mp_ppzkpcd_proving_key &other) = default; - - std::size_t size_in_bits() const; - - bool is_well_formed() const; - - bool operator==(const r1cs_mp_ppzkpcd_proving_key &other) const; - }; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS (multi-predicate) ppzkPCD. - */ - template - class r1cs_mp_ppzkpcd_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - std::vector::verification_key_type> compliance_step_r1cs_vks; - std::vector::verification_key_type> translation_step_r1cs_vks; - set_commitment commitment_to_translation_step_r1cs_vks; - - r1cs_mp_ppzkpcd_verification_key() = default; - r1cs_mp_ppzkpcd_verification_key(const r1cs_mp_ppzkpcd_verification_key &other) = default; - r1cs_mp_ppzkpcd_verification_key(r1cs_mp_ppzkpcd_verification_key &&other) = default; - r1cs_mp_ppzkpcd_verification_key( - const std::vector::verification_key_type> - &compliance_step_r1cs_vks, - const std::vector::verification_key_type> - &translation_step_r1cs_vks, - const set_commitment &commitment_to_translation_step_r1cs_vks) : - compliance_step_r1cs_vks(compliance_step_r1cs_vks), - translation_step_r1cs_vks(translation_step_r1cs_vks), - commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks) { - } - - r1cs_mp_ppzkpcd_verification_key & - operator=(const r1cs_mp_ppzkpcd_verification_key &other) = default; - - std::size_t size_in_bits() const; - - bool operator==(const r1cs_mp_ppzkpcd_verification_key &other) const; - }; - - /************************* Processed verification key **************************/ - - /** - * A processed verification key for the R1CS (multi-predicate) ppzkPCD. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class r1cs_mp_ppzkpcd_processed_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - std::vector::processed_verification_key_type> - compliance_step_r1cs_pvks; - std::vector::processed_verification_key_type> - translation_step_r1cs_pvks; - set_commitment commitment_to_translation_step_r1cs_vks; - - r1cs_mp_ppzkpcd_processed_verification_key() = default; - r1cs_mp_ppzkpcd_processed_verification_key( - const r1cs_mp_ppzkpcd_processed_verification_key &other) = default; - r1cs_mp_ppzkpcd_processed_verification_key( - r1cs_mp_ppzkpcd_processed_verification_key &&other) = default; - r1cs_mp_ppzkpcd_processed_verification_key( - std::vector::processed_verification_key_type> - &&compliance_step_r1cs_pvks, - std::vector::processed_verification_key_type> - &&translation_step_r1cs_pvks, - const set_commitment &commitment_to_translation_step_r1cs_vks) : - compliance_step_r1cs_pvks(std::move(compliance_step_r1cs_pvks)), - translation_step_r1cs_pvks(std::move(translation_step_r1cs_pvks)), - commitment_to_translation_step_r1cs_vks(commitment_to_translation_step_r1cs_vks) {}; - - r1cs_mp_ppzkpcd_processed_verification_key & - operator=(const r1cs_mp_ppzkpcd_processed_verification_key &other) = default; - - std::size_t size_in_bits() const; - - bool operator==(const r1cs_mp_ppzkpcd_processed_verification_key &other) const; - }; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS (multi-predicate) ppzkPC, which consists of a proving key and a verification - * key. - */ - template - class r1cs_mp_ppzkpcd_keypair { - public: - r1cs_mp_ppzkpcd_proving_key pk; - r1cs_mp_ppzkpcd_verification_key vk; - - r1cs_mp_ppzkpcd_keypair() = default; - r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_keypair &&other) = default; - r1cs_mp_ppzkpcd_keypair(r1cs_mp_ppzkpcd_proving_key &&pk, - r1cs_mp_ppzkpcd_verification_key &&vk) : - pk(std::move(pk)), - vk(std::move(vk)) {}; - }; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS (multi-predicate) ppzkPCD. - */ - template - class r1cs_mp_ppzkpcd_proof { - public: - std::size_t compliance_predicate_idx; - typename r1cs_ppzksnark::proof_type r1cs_proof; - - r1cs_mp_ppzkpcd_proof() = default; - r1cs_mp_ppzkpcd_proof( - const std::size_t compliance_predicate_idx, - const typename r1cs_ppzksnark::proof_type &r1cs_proof) : - compliance_predicate_idx(compliance_predicate_idx), - r1cs_proof(r1cs_proof) { - } - - std::size_t size_in_bits() const; - - bool operator==(const r1cs_mp_ppzkpcd_proof &other) const; - }; - - /***************************** Main algorithms *******************************/ - - /** - * A generator algorithm for the R1CS (multi-predicate) ppzkPCD. - * - * Given a vector of compliance predicates, this algorithm produces proving and verification keys for - * the vector. - */ - template - r1cs_mp_ppzkpcd_keypair r1cs_mp_ppzkpcd_generator( - const std::vector> &compliance_predicates); - - /** - * A prover algorithm for the R1CS (multi-predicate) ppzkPCD. - * - * Given a proving key, name of chosen compliance predicate, inputs for the - * compliance predicate, and proofs for the predicate's input messages, this - * algorithm produces a proof (of knowledge) that attests to the compliance of - * the output message. - */ - template - r1cs_mp_ppzkpcd_proof - r1cs_mp_ppzkpcd_prover(const r1cs_mp_ppzkpcd_proving_key &pk, - const std::size_t compliance_predicate_name, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &incoming_proofs); - - /* - Below are two variants of verifier algorithm for the R1CS (multi-predicate) ppzkPCD. - - These are the two cases that arise from whether the verifier accepts a - (non-processed) verification key or, instead, a processed verification key. - In the latter case, we call the algorithm an "online verifier". - */ - - /** - * A verifier algorithm for the R1CS (multi-predicate) ppzkPCD that - * accepts a non-processed verification key. - */ - template - bool r1cs_mp_ppzkpcd_verifier(const r1cs_mp_ppzkpcd_verification_key &vk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof); - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - r1cs_mp_ppzkpcd_processed_verification_key - r1cs_mp_ppzkpcd_process_vk(const r1cs_mp_ppzkpcd_verification_key &vk); - - /** - * A verifier algorithm for the R1CS (multi-predicate) ppzkPCD that - * accepts a processed verification key. - */ - template - bool r1cs_mp_ppzkpcd_online_verifier(const r1cs_mp_ppzkpcd_processed_verification_key &pvk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof); - - template - std::size_t r1cs_mp_ppzkpcd_proving_key::size_in_bits() const { - const std::size_t num_predicates = compliance_predicates.size(); - - std::size_t result = 0; - for (std::size_t i = 0; i < num_predicates; ++i) { - result += - (compliance_predicates[i].size_in_bits() + compliance_step_r1cs_pks[i].size_in_bits() + - translation_step_r1cs_pks[i].size_in_bits() + compliance_step_r1cs_vks[i].size_in_bits() + - translation_step_r1cs_vks[i].size_in_bits() + - compliance_step_r1cs_vk_membership_proofs[i].size_in_bits()); - } - result += commitment_to_translation_step_r1cs_vks.size(); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_proving_key::is_well_formed() const { - const std::size_t num_predicates = compliance_predicates.size(); - - bool result = (compliance_step_r1cs_pks.size() == num_predicates); - result = result && (translation_step_r1cs_pks.size() == num_predicates); - result = result && (compliance_step_r1cs_vks.size() == num_predicates); - result = result && (translation_step_r1cs_vks.size() == num_predicates); - result = result && (compliance_step_r1cs_vk_membership_proofs.size() == num_predicates); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_proving_key::operator==( - const r1cs_mp_ppzkpcd_proving_key &other) const { - return (this->compliance_predicates == other.compliance_predicates && - this->compliance_step_r1cs_pks == other.compliance_step_r1cs_pks && - this->translation_step_r1cs_pks == other.translation_step_r1cs_pks && - this->compliance_step_r1cs_vks == other.compliance_step_r1cs_vks && - this->translation_step_r1cs_vks == other.translation_step_r1cs_vks && - this->commitment_to_translation_step_r1cs_vks == - other.commitment_to_translation_step_r1cs_vks && - this->compliance_step_r1cs_vk_membership_proofs == - other.compliance_step_r1cs_vk_membership_proofs && - this->compliance_predicate_name_to_idx == other.compliance_predicate_name_to_idx); - } - - template - std::size_t r1cs_mp_ppzkpcd_verification_key::size_in_bits() const { - const std::size_t num_predicates = compliance_step_r1cs_vks.size(); - - std::size_t result = 0; - for (std::size_t i = 0; i < num_predicates; ++i) { - result += - (compliance_step_r1cs_vks[i].size_in_bits() + translation_step_r1cs_vks[i].size_in_bits()); - } - - result += commitment_to_translation_step_r1cs_vks.size(); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_verification_key::operator==( - const r1cs_mp_ppzkpcd_verification_key &other) const { - return (this->compliance_step_r1cs_vks == other.compliance_step_r1cs_vks && - this->translation_step_r1cs_vks == other.translation_step_r1cs_vks && - this->commitment_to_translation_step_r1cs_vks == - other.commitment_to_translation_step_r1cs_vks); - } - - template - std::size_t r1cs_mp_ppzkpcd_processed_verification_key::size_in_bits() const { - const std::size_t num_predicates = compliance_step_r1cs_pvks.size(); - - std::size_t result = 0; - for (std::size_t i = 0; i < num_predicates; ++i) { - result += (compliance_step_r1cs_pvks[i].size_in_bits() + - translation_step_r1cs_pvks[i].size_in_bits()); - } - - result += commitment_to_translation_step_r1cs_vks.size(); - - return result; - } - - template - bool r1cs_mp_ppzkpcd_processed_verification_key::operator==( - const r1cs_mp_ppzkpcd_processed_verification_key &other) const { - return (this->compliance_step_r1cs_pvks == other.compliance_step_r1cs_pvks && - this->translation_step_r1cs_pvks == other.translation_step_r1cs_pvks && - this->commitment_to_translation_step_r1cs_vks == - other.commitment_to_translation_step_r1cs_vks); - } - - template - bool r1cs_mp_ppzkpcd_proof::operator==(const r1cs_mp_ppzkpcd_proof &other) const { - return (this->compliance_predicate_idx == other.compliance_predicate_idx && - this->r1cs_proof == other.r1cs_proof); - } - - template - r1cs_mp_ppzkpcd_keypair r1cs_mp_ppzkpcd_generator( - const std::vector> &compliance_predicates) { - assert(algebra::Fr::mod == - algebra::Fq::mod); - assert(algebra::Fq::mod == - algebra::Fr::mod); - - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - typedef typename curve_A_pp::scalar_field_type FieldT_A; - typedef typename curve_B_pp::scalar_field_type FieldT_B; - - std::cout << "Call to r1cs_mp_ppzkpcd_generator" << std::endl; - - r1cs_mp_ppzkpcd_keypair keypair; - const std::size_t translation_input_size = - mp_translation_step_pcd_circuit_maker::input_size_in_elts(); - const std::size_t vk_size_in_bits = - r1cs_ppzksnark_verification_key_variable::size_in_bits(translation_input_size); - printf("%zu %zu\n", translation_input_size, vk_size_in_bits); - - set_commitment_accumulator> all_translation_vks( - compliance_predicates.size(), vk_size_in_bits); - - std::cout << "Perform type checks" << std::endl; - std::map type_counts; - - for (auto &cp : compliance_predicates) { - type_counts[cp.type] += 1; - } - - for (auto &cp : compliance_predicates) { - if (cp.relies_on_same_type_inputs) { - for (std::size_t type : cp.accepted_input_types) { - assert(type_counts[type] == 1); /* each of accepted_input_types must be unique */ - } - } else { - assert(cp.accepted_input_types.empty()); - } - } - - for (std::size_t i = 0; i < compliance_predicates.size(); ++i) { - std::cout << FMT("", - "Process predicate %zu (with name %zu and type %zu)", - i, - compliance_predicates[i].name, - compliance_predicates[i].type) - << std::endl; - assert(compliance_predicates[i].is_well_formed()); - - std::cout << "Construct compliance step PCD circuit" << std::endl; - mp_compliance_step_pcd_circuit_maker mp_compliance_step_pcd_circuit( - compliance_predicates[i], compliance_predicates.size()); - mp_compliance_step_pcd_circuit.generate_r1cs_constraints(); - r1cs_constraint_system mp_compliance_step_pcd_circuit_cs = - mp_compliance_step_pcd_circuit.get_circuit(); - - std::cout << "Generate key pair for compliance step PCD circuit" << std::endl; - typename r1cs_ppzksnark::keypair_type mp_compliance_step_keypair = - r1cs_ppzksnark::generator(mp_compliance_step_pcd_circuit_cs); - - std::cout << "Construct translation step PCD circuit" << std::endl; - mp_translation_step_pcd_circuit_maker mp_translation_step_pcd_circuit( - mp_compliance_step_keypair.vk); - mp_translation_step_pcd_circuit.generate_r1cs_constraints(); - r1cs_constraint_system mp_translation_step_pcd_circuit_cs = - mp_translation_step_pcd_circuit.get_circuit(); - - std::cout << "Generate key pair for translation step PCD circuit" << std::endl; - typename r1cs_ppzksnark::keypair_type mp_translation_step_keypair = - r1cs_ppzksnark::generator(mp_translation_step_pcd_circuit_cs); - - std::cout << "Augment set of translation step verification keys" << std::endl; - const std::vector vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - mp_translation_step_keypair.vk); - all_translation_vks.add(vk_bits); - - std::cout << "Update r1cs_mp_ppzkpcd keypair" << std::endl; - keypair.pk.compliance_predicates.emplace_back(compliance_predicates[i]); - keypair.pk.compliance_step_r1cs_pks.emplace_back(mp_compliance_step_keypair.pk); - keypair.pk.translation_step_r1cs_pks.emplace_back(mp_translation_step_keypair.pk); - keypair.pk.compliance_step_r1cs_vks.emplace_back(mp_compliance_step_keypair.vk); - keypair.pk.translation_step_r1cs_vks.emplace_back(mp_translation_step_keypair.vk); - const std::size_t cp_name = compliance_predicates[i].name; - assert(keypair.pk.compliance_predicate_name_to_idx.find(cp_name) == - keypair.pk.compliance_predicate_name_to_idx.end()); // all names must be distinct - keypair.pk.compliance_predicate_name_to_idx[cp_name] = i; - - keypair.vk.compliance_step_r1cs_vks.emplace_back(mp_compliance_step_keypair.vk); - keypair.vk.translation_step_r1cs_vks.emplace_back(mp_translation_step_keypair.vk); - } - - std::cout << "Compute set commitment and corresponding membership proofs" << std::endl; - const set_commitment cm = all_translation_vks.get_commitment(); - keypair.pk.commitment_to_translation_step_r1cs_vks = cm; - keypair.vk.commitment_to_translation_step_r1cs_vks = cm; - for (std::size_t i = 0; i < compliance_predicates.size(); ++i) { - const std::vector vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - keypair.vk.translation_step_r1cs_vks[i]); - const set_membership_proof proof = all_translation_vks.get_membership_proof(vk_bits); - - keypair.pk.compliance_step_r1cs_vk_membership_proofs.emplace_back(proof); - } - - return keypair; - } - - template - r1cs_mp_ppzkpcd_proof - r1cs_mp_ppzkpcd_prover(const r1cs_mp_ppzkpcd_proving_key &pk, - const std::size_t compliance_predicate_name, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &prev_proofs) { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - typedef typename curve_A_pp::scalar_field_type FieldT_A; - typedef typename curve_B_pp::scalar_field_type FieldT_B; - - std::cout << "Call to r1cs_mp_ppzkpcd_prover" << std::endl; - - auto it = pk.compliance_predicate_name_to_idx.find(compliance_predicate_name); - assert(it != pk.compliance_predicate_name_to_idx.end()); - const std::size_t compliance_predicate_idx = it->second; - - std::cout << "Prove compliance step" << std::endl; - assert(compliance_predicate_idx < pk.compliance_predicates.size()); - assert(prev_proofs.size() <= pk.compliance_predicates[compliance_predicate_idx].max_arity); - - const std::size_t arity = prev_proofs.size(); - const std::size_t max_arity = pk.compliance_predicates[compliance_predicate_idx].max_arity; - - if (pk.compliance_predicates[compliance_predicate_idx].relies_on_same_type_inputs) { - const std::size_t input_predicate_idx = prev_proofs[0].compliance_predicate_idx; - for (std::size_t i = 1; i < arity; ++i) { - assert(prev_proofs[i].compliance_predicate_idx == input_predicate_idx); - } - } - - std::vector::proof_type> padded_proofs(max_arity); - for (std::size_t i = 0; i < arity; ++i) { - padded_proofs[i] = prev_proofs[i].r1cs_proof; - } - - std::vector::verification_key_type> translation_step_vks; - std::vector membership_proofs; - - for (std::size_t i = 0; i < arity; ++i) { - const std::size_t input_predicate_idx = prev_proofs[i].compliance_predicate_idx; - translation_step_vks.emplace_back(pk.translation_step_r1cs_vks[input_predicate_idx]); - membership_proofs.emplace_back( - pk.compliance_step_r1cs_vk_membership_proofs[input_predicate_idx]); - -#ifdef DEBUG - if (auxiliary_input.incoming_messages[i]->type != 0) { - printf("check proof for message %zu\n", i); - const r1cs_primary_input translated_msg = - get_mp_translation_step_pcd_circuit_input( - pk.commitment_to_translation_step_r1cs_vks, auxiliary_input.incoming_messages[i]); - const bool bit = r1cs_ppzksnark::verifier_strong_input_consistency( - translation_step_vks[i], translated_msg, padded_proofs[i]); - assert(bit); - } else { - printf("message %zu is base case\n", i); - } -#endif - } - - /* pad with dummy vks/membership proofs */ - for (std::size_t i = arity; i < max_arity; ++i) { - printf("proof %zu will be a dummy\n", arity); - translation_step_vks.emplace_back(pk.translation_step_r1cs_vks[0]); - membership_proofs.emplace_back(pk.compliance_step_r1cs_vk_membership_proofs[0]); - } - - mp_compliance_step_pcd_circuit_maker mp_compliance_step_pcd_circuit( - pk.compliance_predicates[compliance_predicate_idx], pk.compliance_predicates.size()); - - mp_compliance_step_pcd_circuit.generate_r1cs_witness(pk.commitment_to_translation_step_r1cs_vks, - translation_step_vks, - membership_proofs, - primary_input, - auxiliary_input, - padded_proofs); - - const r1cs_primary_input compliance_step_primary_input = - mp_compliance_step_pcd_circuit.get_primary_input(); - const r1cs_auxiliary_input compliance_step_auxiliary_input = - mp_compliance_step_pcd_circuit.get_auxiliary_input(); - const typename r1cs_ppzksnark::proof_type compliance_step_proof = - r1cs_ppzksnark::prover(pk.compliance_step_r1cs_pks[compliance_predicate_idx], - compliance_step_primary_input, - compliance_step_auxiliary_input); - -#ifdef DEBUG - const r1cs_primary_input compliance_step_input = - get_mp_compliance_step_pcd_circuit_input(pk.commitment_to_translation_step_r1cs_vks, - primary_input.outgoing_message); - const bool compliance_step_ok = r1cs_ppzksnark::verifier_strong_input_consistency( - pk.compliance_step_r1cs_vks[compliance_predicate_idx], - compliance_step_input, - compliance_step_proof); - assert(compliance_step_ok); -#endif - - std::cout << "Prove translation step" << std::endl; - mp_translation_step_pcd_circuit_maker mp_translation_step_pcd_circuit( - pk.compliance_step_r1cs_vks[compliance_predicate_idx]); - - const r1cs_primary_input translation_step_primary_input = - get_mp_translation_step_pcd_circuit_input( - pk.commitment_to_translation_step_r1cs_vks, primary_input); - mp_translation_step_pcd_circuit.generate_r1cs_witness(translation_step_primary_input, - compliance_step_proof); - const r1cs_auxiliary_input translation_step_auxiliary_input = - mp_translation_step_pcd_circuit.get_auxiliary_input(); - - const typename r1cs_ppzksnark::proof_type translation_step_proof = - r1cs_ppzksnark::prover(pk.translation_step_r1cs_pks[compliance_predicate_idx], - translation_step_primary_input, - translation_step_auxiliary_input); - -#ifdef DEBUG - const bool translation_step_ok = r1cs_ppzksnark::verifier_strong_input_consistency( - pk.translation_step_r1cs_vks[compliance_predicate_idx], - translation_step_primary_input, - translation_step_proof); - assert(translation_step_ok); -#endif - - r1cs_mp_ppzkpcd_proof result; - result.compliance_predicate_idx = compliance_predicate_idx; - result.r1cs_proof = translation_step_proof; - return result; - } - - template - bool r1cs_mp_ppzkpcd_online_verifier(const r1cs_mp_ppzkpcd_processed_verification_key &pvk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof) { - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - std::cout << "Call to r1cs_mp_ppzkpcd_online_verifier" << std::endl; - const r1cs_primary_input r1cs_input = - get_mp_translation_step_pcd_circuit_input( - pvk.commitment_to_translation_step_r1cs_vks, primary_input); - const bool result = r1cs_ppzksnark::online_verifier_strong_input_consistency( - pvk.translation_step_r1cs_pvks[proof.compliance_predicate_idx], r1cs_input, proof.r1cs_proof); - - return result; - } - - template - r1cs_mp_ppzkpcd_processed_verification_key - r1cs_mp_ppzkpcd_process_vk(const r1cs_mp_ppzkpcd_verification_key &vk) { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - std::cout << "Call to r1cs_mp_ppzkpcd_processed_verification_key" << std::endl; - - r1cs_mp_ppzkpcd_processed_verification_key result; - result.commitment_to_translation_step_r1cs_vks = vk.commitment_to_translation_step_r1cs_vks; - - for (std::size_t i = 0; i < vk.compliance_step_r1cs_vks.size(); ++i) { - const typename r1cs_ppzksnark::processed_verification_key_type - compliance_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.compliance_step_r1cs_vks[i]); - const typename r1cs_ppzksnark::processed_verification_key - translation_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.translation_step_r1cs_vks[i]); - - result.compliance_step_r1cs_pvks.emplace_back(compliance_step_r1cs_pvk); - result.translation_step_r1cs_pvks.emplace_back(translation_step_r1cs_pvk); - } - - return result; - } - - template - bool r1cs_mp_ppzkpcd_verifier(const r1cs_mp_ppzkpcd_verification_key &vk, - const r1cs_mp_ppzkpcd_primary_input &primary_input, - const r1cs_mp_ppzkpcd_proof &proof) { - std::cout << "Call to r1cs_mp_ppzkpcd_verifier" << std::endl; - r1cs_mp_ppzkpcd_processed_verification_key pvk = r1cs_mp_ppzkpcd_process_vk(vk); - const bool result = r1cs_mp_ppzkpcd_online_verifier(pvk, primary_input, proof); - - return result; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_MP_PPZKPCD_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd_params.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd_params.hpp deleted file mode 100644 index 68c6cb4caa..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd_params.hpp +++ /dev/null @@ -1,61 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Parameters for *multi-predicate* ppzkPCD for R1CS. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_MP_PPZKPCD_PARAMS_HPP -#define CRYPTO3_ZK_R1CS_MP_PPZKPCD_PARAMS_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_mp_ppzkpcd_compliance_predicate = - r1cs_pcd_compliance_predicate>; - - template - using r1cs_mp_ppzkpcd_message = r1cs_pcd_message>; - - template - using r1cs_mp_ppzkpcd_local_data = r1cs_pcd_local_data>; - - template - using r1cs_mp_ppzkpcd_primary_input = - r1cs_pcd_compliance_predicate_primary_input>; - - template - using r1cs_mp_ppzkpcd_auxiliary_input = - r1cs_pcd_compliance_predicate_auxiliary_input>; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // R1CS_MP_PPZKPCD_PARAMS_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_pcd_params.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_pcd_params.hpp deleted file mode 100644 index 477df46019..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_pcd_params.hpp +++ /dev/null @@ -1,105 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_PCD_PARAMS_HPP -#define CRYPTO3_ZK_R1CS_PCD_PARAMS_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - class r1cs_pcd_compliance_predicate_primary_input { - public: - std::shared_ptr> outgoing_message; - - r1cs_pcd_compliance_predicate_primary_input( - const std::shared_ptr> &outgoing_message) : - outgoing_message(outgoing_message) { - } - r1cs_primary_input as_r1cs_primary_input() const { - return outgoing_message->as_r1cs_variable_assignment(); - } - }; - - template - class r1cs_pcd_compliance_predicate_auxiliary_input { - public: - std::vector>> incoming_messages; - std::shared_ptr> local_data; - r1cs_pcd_witness witness; - - r1cs_pcd_compliance_predicate_auxiliary_input( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data, - const r1cs_pcd_witness &witness) : - incoming_messages(incoming_messages), - local_data(local_data), witness(witness) { - } - - r1cs_auxiliary_input as_r1cs_auxiliary_input( - const std::vector &incoming_message_payload_lengths) const { - - const std::size_t arity = incoming_messages.size(); - - r1cs_auxiliary_input result; - result.emplace_back(typename FieldType::value_type(arity)); - - const std::size_t max_arity = incoming_message_payload_lengths.size(); - assert(arity <= max_arity); - - for (std::size_t i = 0; i < arity; ++i) { - const r1cs_variable_assignment msg_as_r1cs_va = - incoming_messages[i]->as_r1cs_variable_assignment(); - assert(msg_as_r1cs_va.size() == (1 + incoming_message_payload_lengths[i])); - result.insert(result.end(), msg_as_r1cs_va.begin(), msg_as_r1cs_va.end()); - } - - /* pad with dummy messages of appropriate size */ - for (std::size_t i = arity; i < max_arity; ++i) { - result.resize(result.size() + (1 + incoming_message_payload_lengths[i]), - FieldType::value_type::zero()); - } - - const r1cs_variable_assignment local_data_as_r1cs_va = - local_data->as_r1cs_variable_assignment(); - result.insert(result.end(), local_data_as_r1cs_va.begin(), local_data_as_r1cs_va.end()); - result.insert(result.end(), witness.begin(), witness.end()); - - return result; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // R1CS_PCD_PARAMS_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.hpp deleted file mode 100644 index e4b3ca4e44..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.hpp +++ /dev/null @@ -1,471 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// Single-Predicate ppzkPCD for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm -// - online verifier algorithm -// -// The implementation follows, extends, and optimizes the approach described -// in \[BCTV14]. Thus, PCD is constructed from two "matched" ppzkSNARKs for R1CS. -// -// Acronyms: -// -// "R1CS" = "Rank-1 Constraint Systems" -// "ppzkSNARK" = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// "ppzkPCD" = "Pre-Processing Zero-Knowledge Proof-Carrying Data" -// -// References: -// -// \[BCTV14]: -// "Scalable Zero Knowledge via Cycles of Elliptic Curves", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// CRYPTO 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SP_PPZKPCD_HPP -#define CRYPTO3_ZK_R1CS_SP_PPZKPCD_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS (single-predicate) ppzkPCD. - */ - template - class r1cs_sp_ppzkpcd_proving_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - r1cs_sp_ppzkpcd_compliance_predicate compliance_predicate; - - typename r1cs_ppzksnark::proving_key_type compliance_step_r1cs_pk; - typename r1cs_ppzksnark::proving_key_type translation_step_r1cs_pk; - - typename r1cs_ppzksnark::verification_key_type compliance_step_r1cs_vk; - typename r1cs_ppzksnark::verification_key_type translation_step_r1cs_vk; - - r1cs_sp_ppzkpcd_proving_key() {}; - r1cs_sp_ppzkpcd_proving_key(const r1cs_sp_ppzkpcd_proving_key &other) = default; - r1cs_sp_ppzkpcd_proving_key(r1cs_sp_ppzkpcd_proving_key &&other) = default; - r1cs_sp_ppzkpcd_proving_key( - const r1cs_sp_ppzkpcd_compliance_predicate &compliance_predicate, - typename r1cs_ppzksnark::proving_key_type &&compliance_step_r1cs_pk, - typename r1cs_ppzksnark::proving_key &_type &translation_step_r1cs_pk, - const typename r1cs_ppzksnark::verification_key_type &compliance_step_r1cs_vk, - const typename r1cs_ppzksnark::verification_key_type &translation_step_r1cs_vk) : - compliance_predicate(compliance_predicate), - compliance_step_r1cs_pk(std::move(compliance_step_r1cs_pk)), - translation_step_r1cs_pk(std::move(translation_step_r1cs_pk)), - compliance_step_r1cs_vk(std::move(compliance_step_r1cs_vk)), - translation_step_r1cs_vk(std::move(translation_step_r1cs_vk)) {}; - - r1cs_sp_ppzkpcd_proving_key & - operator=(const r1cs_sp_ppzkpcd_proving_key &other) = default; - - std::size_t size_in_bits() const { - return (compliance_step_r1cs_pk.size_in_bits() + translation_step_r1cs_pk.size_in_bits() + - compliance_step_r1cs_vk.size_in_bits() + translation_step_r1cs_vk.size_in_bits()); - } - - bool operator==(const r1cs_sp_ppzkpcd_proving_key &other) const; - }; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS (single-predicate) ppzkPCD. - */ - template - class r1cs_sp_ppzkpcd_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - typename r1cs_ppzksnark::verification_key_type compliance_step_r1cs_vk; - typename r1cs_ppzksnark::verification_key_type translation_step_r1cs_vk; - - r1cs_sp_ppzkpcd_verification_key() = default; - r1cs_sp_ppzkpcd_verification_key(const r1cs_sp_ppzkpcd_verification_key &other) = default; - r1cs_sp_ppzkpcd_verification_key(r1cs_sp_ppzkpcd_verification_key &&other) = default; - r1cs_sp_ppzkpcd_verification_key( - const typename r1cs_ppzksnark::verification_key_type &compliance_step_r1cs_vk, - const typename r1cs_ppzksnark::verification_key_type &translation_step_r1cs_vk) : - compliance_step_r1cs_vk(std::move(compliance_step_r1cs_vk)), - translation_step_r1cs_vk(std::move(translation_step_r1cs_vk)) {}; - - r1cs_sp_ppzkpcd_verification_key & - operator=(const r1cs_sp_ppzkpcd_verification_key &other) = default; - - std::size_t size_in_bits() const { - return (compliance_step_r1cs_vk.size_in_bits() + translation_step_r1cs_vk.size_in_bits()); - } - - bool operator==(const r1cs_sp_ppzkpcd_verification_key &other) const; - - static r1cs_sp_ppzkpcd_verification_key dummy_verification_key(); - }; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS (single-predicate) ppzkPCD. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class r1cs_sp_ppzkpcd_processed_verification_key { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - typename r1cs_ppzksnark::processed_verification_key_type compliance_step_r1cs_pvk; - typename r1cs_ppzksnark::processed_verification_key_type translation_step_r1cs_pvk; - std::vector translation_step_r1cs_vk_bits; - - r1cs_sp_ppzkpcd_processed_verification_key() {}; - r1cs_sp_ppzkpcd_processed_verification_key( - const r1cs_sp_ppzkpcd_processed_verification_key &other) = default; - r1cs_sp_ppzkpcd_processed_verification_key( - r1cs_sp_ppzkpcd_processed_verification_key &&other) = default; - r1cs_sp_ppzkpcd_processed_verification_key( - typename r1cs_ppzksnark::processed_verification_key_type &&compliance_step_r1cs_pvk, - typename r1cs_ppzksnark::processed_verification_key_type &&translation_step_r1cs_pvk, - const std::vector &translation_step_r1cs_vk_bits) : - compliance_step_r1cs_pvk(std::move(compliance_step_r1cs_pvk)), - translation_step_r1cs_pvk(std::move(translation_step_r1cs_pvk)), - translation_step_r1cs_vk_bits(std::move(translation_step_r1cs_vk_bits)) {}; - - r1cs_sp_ppzkpcd_processed_verification_key & - operator=(const r1cs_sp_ppzkpcd_processed_verification_key &other) = default; - - std::size_t size_in_bits() const { - return (compliance_step_r1cs_pvk.size_in_bits() + translation_step_r1cs_pvk.size_in_bits() + - translation_step_r1cs_vk_bits.size()); - } - - bool operator==(const r1cs_sp_ppzkpcd_processed_verification_key &other) const; - }; - - /********************************* Key pair **********************************/ - - /** - * A key pair for the R1CS (single-predicate) ppzkPC, which consists of a proving key and a verification - * key. - */ - template - class r1cs_sp_ppzkpcd_keypair { - public: - typedef typename PCD_ppT::curve_A_pp A_pp; - typedef typename PCD_ppT::curve_B_pp B_pp; - - r1cs_sp_ppzkpcd_proving_key pk; - r1cs_sp_ppzkpcd_verification_key vk; - - r1cs_sp_ppzkpcd_keypair() {}; - r1cs_sp_ppzkpcd_keypair(r1cs_sp_ppzkpcd_keypair &&other) = default; - r1cs_sp_ppzkpcd_keypair(r1cs_sp_ppzkpcd_proving_key &&pk, - r1cs_sp_ppzkpcd_verification_key &&vk) : - pk(std::move(pk)), - vk(std::move(vk)) {}; - r1cs_sp_ppzkpcd_keypair(typename r1cs_ppzksnark::keypair_type &&kp_A, - typename r1cs_ppzksnark::keypair_type &&kp_B) : - pk(std::move(kp_A.pk), std::move(kp_B.pk)), - vk(std::move(kp_A.vk), std::move(kp_B.vk)) {}; - }; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS (single-predicate) ppzkPCD. - */ - template - using r1cs_sp_ppzkpcd_proof = typename r1cs_ppzksnark::proof_type; - - /***************************** Main algorithms *******************************/ - - /** - * A generator algorithm for the R1CS (single-predicate) ppzkPCD. - * - * Given a compliance predicate, this algorithm produces proving and verification keys for the - * predicate. - */ - template - r1cs_sp_ppzkpcd_keypair r1cs_sp_ppzkpcd_generator( - const r1cs_sp_ppzkpcd_compliance_predicate &compliance_predicate); - - /** - * A prover algorithm for the R1CS (single-predicate) ppzkPCD. - * - * Given a proving key, inputs for the compliance predicate, and proofs for - * the predicate's input messages, this algorithm produces a proof (of knowledge) - * that attests to the compliance of the output message. - */ - template - r1cs_sp_ppzkpcd_proof - r1cs_sp_ppzkpcd_prover(const r1cs_sp_ppzkpcd_proving_key &pk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &incoming_proofs); - - /* - Below are two variants of verifier algorithm for the R1CS (single-predicate) ppzkPCD. - - These are the two cases that arise from whether the verifier accepts a - (non-processed) verification key or, instead, a processed verification key. - In the latter case, we call the algorithm an "online verifier". - */ - - /** - * A verifier algorithm for the R1CS (single-predicate) ppzkPCD that - * accepts a non-processed verification key. - */ - template - bool r1cs_sp_ppzkpcd_verifier(const r1cs_sp_ppzkpcd_verification_key &vk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof); - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - r1cs_sp_ppzkpcd_processed_verification_key - r1cs_sp_ppzkpcd_process_vk(const r1cs_sp_ppzkpcd_verification_key &vk); - - /** - * A verifier algorithm for the R1CS (single-predicate) ppzkPCD that - * accepts a processed verification key. - */ - template - bool r1cs_sp_ppzkpcd_online_verifier(const r1cs_sp_ppzkpcd_processed_verification_key &pvk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof); - - template - bool r1cs_sp_ppzkpcd_proving_key::operator==( - const r1cs_sp_ppzkpcd_proving_key &other) const { - return (this->compliance_predicate == other.compliance_predicate && - this->compliance_step_r1cs_pk == other.compliance_step_r1cs_pk && - this->translation_step_r1cs_pk == other.translation_step_r1cs_pk && - this->compliance_step_r1cs_vk == other.compliance_step_r1cs_vk && - this->translation_step_r1cs_vk == other.translation_step_r1cs_vk); - } - - template - bool r1cs_sp_ppzkpcd_verification_key::operator==( - const r1cs_sp_ppzkpcd_verification_key &other) const { - return (this->compliance_step_r1cs_vk == other.compliance_step_r1cs_vk && - this->translation_step_r1cs_vk == other.translation_step_r1cs_vk); - } - - /*template - r1cs_sp_ppzkpcd_verification_key - r1cs_sp_ppzkpcd_verification_key::dummy_verification_key() { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - r1cs_sp_ppzkpcd_verification_key result; - result.compliance_step_r1cs_vk = - typename r1cs_ppzksnark::verification_key_type::dummy_verification_key( - sp_compliance_step_pcd_circuit_maker::input_size_in_elts()); - result.translation_step_r1cs_vk = - typename r1cs_ppzksnark::verification_key::dummy_verification_key( - sp_translation_step_pcd_circuit_maker::input_size_in_elts()); - - return result; - }*/ - - template - bool r1cs_sp_ppzkpcd_processed_verification_key::operator==( - const r1cs_sp_ppzkpcd_processed_verification_key &other) const { - return (this->compliance_step_r1cs_pvk == other.compliance_step_r1cs_pvk && - this->translation_step_r1cs_pvk == other.translation_step_r1cs_pvk && - this->translation_step_r1cs_vk_bits == other.translation_step_r1cs_vk_bits); - } - - template - r1cs_sp_ppzkpcd_keypair r1cs_sp_ppzkpcd_generator( - const r1cs_sp_ppzkpcd_compliance_predicate &compliance_predicate) { - assert(algebra::Fr::mod == - algebra::Fq::mod); - assert(algebra::Fq::mod == - algebra::Fr::mod); - - typedef algebra::Fr FieldT_A; - typedef algebra::Fr FieldT_B; - - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - assert(compliance_predicate.is_well_formed()); - - sp_compliance_step_pcd_circuit_maker compliance_step_pcd_circuit(compliance_predicate); - compliance_step_pcd_circuit.generate_r1cs_constraints(); - const r1cs_constraint_system compliance_step_pcd_circuit_cs = - compliance_step_pcd_circuit.get_circuit(); - - typename r1cs_ppzksnark::keypair_type compliance_step_keypair = - typename r1cs_ppzksnark::generator(compliance_step_pcd_circuit_cs); - - sp_translation_step_pcd_circuit_maker translation_step_pcd_circuit( - compliance_step_keypair.vk); - translation_step_pcd_circuit.generate_r1cs_constraints(); - const r1cs_constraint_system translation_step_pcd_circuit_cs = - translation_step_pcd_circuit.get_circuit(); - - typename r1cs_ppzksnark::keypair_type translation_step_keypair = - typename r1cs_ppzksnark::generator(translation_step_pcd_circuit_cs); - - return r1cs_sp_ppzkpcd_keypair( - r1cs_sp_ppzkpcd_proving_key(compliance_predicate, - std::move(compliance_step_keypair.pk), - std::move(translation_step_keypair.pk), - compliance_step_keypair.vk, - translation_step_keypair.vk), - r1cs_sp_ppzkpcd_verification_key(compliance_step_keypair.vk, - translation_step_keypair.vk)); - } - - template - r1cs_sp_ppzkpcd_proof - r1cs_sp_ppzkpcd_prover(const r1cs_sp_ppzkpcd_proving_key &pk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_auxiliary_input &auxiliary_input, - const std::vector> &incoming_proofs) { - typedef algebra::Fr FieldT_A; - typedef algebra::Fr FieldT_B; - - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - const std::vector translation_step_r1cs_vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - pk.translation_step_r1cs_vk); - - sp_compliance_step_pcd_circuit_maker compliance_step_pcd_circuit( - pk.compliance_predicate); - compliance_step_pcd_circuit.generate_r1cs_witness( - pk.translation_step_r1cs_vk, primary_input, auxiliary_input, incoming_proofs); - - const r1cs_primary_input compliance_step_primary_input = - compliance_step_pcd_circuit.get_primary_input(); - const r1cs_auxiliary_input compliance_step_auxiliary_input = - compliance_step_pcd_circuit.get_auxiliary_input(); - - const typename r1cs_ppzksnark::proof_type compliance_step_proof = - r1cs_ppzksnark::prover( - pk.compliance_step_r1cs_pk, compliance_step_primary_input, compliance_step_auxiliary_input); - - sp_translation_step_pcd_circuit_maker translation_step_pcd_circuit( - pk.compliance_step_r1cs_vk); - - const r1cs_primary_input translation_step_primary_input = - get_sp_translation_step_pcd_circuit_input(translation_step_r1cs_vk_bits, - primary_input); - translation_step_pcd_circuit.generate_r1cs_witness( - translation_step_primary_input, compliance_step_proof); // TODO: potential for better naming - - const r1cs_auxiliary_input translation_step_auxiliary_input = - translation_step_pcd_circuit.get_auxiliary_input(); - const typename r1cs_ppzksnark::proof_type translation_step_proof = - r1cs_ppzksnark::prover(pk.translation_step_r1cs_pk, - translation_step_primary_input, - translation_step_auxiliary_input); - - return translation_step_proof; - } - - template - bool r1cs_sp_ppzkpcd_online_verifier(const r1cs_sp_ppzkpcd_processed_verification_key &pvk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof) - - { - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - const r1cs_primary_input r1cs_input = - get_sp_translation_step_pcd_circuit_input(pvk.translation_step_r1cs_vk_bits, - primary_input); - const bool result = r1cs_ppzksnark::online_verifier_strong_input_consistency( - pvk.translation_step_r1cs_pvk, r1cs_input, proof); - - return result; - } - - template - r1cs_sp_ppzkpcd_processed_verification_key - r1cs_sp_ppzkpcd_process_vk(const r1cs_sp_ppzkpcd_verification_key &vk) { - typedef typename PCD_ppT::curve_A_pp curve_A_pp; - typedef typename PCD_ppT::curve_B_pp curve_B_pp; - - typename r1cs_ppzksnark::processed_verification_key compliance_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.compliance_step_r1cs_vk); - typename r1cs_ppzksnark::processed_verification_key translation_step_r1cs_pvk = - r1cs_ppzksnark::verifier_process_vk(vk.translation_step_r1cs_vk); - const std::vector translation_step_r1cs_vk_bits = - r1cs_ppzksnark_verification_key_variable::get_verification_key_bits( - vk.translation_step_r1cs_vk); - - return r1cs_sp_ppzkpcd_processed_verification_key(std::move(compliance_step_r1cs_pvk), - std::move(translation_step_r1cs_pvk), - translation_step_r1cs_vk_bits); - } - - template - bool r1cs_sp_ppzkpcd_verifier(const r1cs_sp_ppzkpcd_verification_key &vk, - const r1cs_sp_ppzkpcd_primary_input &primary_input, - const r1cs_sp_ppzkpcd_proof &proof) { - const r1cs_sp_ppzkpcd_processed_verification_key pvk = r1cs_sp_ppzkpcd_process_vk(vk); - const bool result = r1cs_sp_ppzkpcd_online_verifier(pvk, primary_input, proof); - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SP_PPZKPCD_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd_params.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd_params.hpp deleted file mode 100644 index f71b0bdd50..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd_params.hpp +++ /dev/null @@ -1,62 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Parameters for *single-predicate* ppzkPCD for R1CS. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SP_PPZKPCD_PARAMS_HPP -#define CRYPTO3_ZK_R1CS_SP_PPZKPCD_PARAMS_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - using r1cs_sp_ppzkpcd_compliance_predicate = - r1cs_pcd_compliance_predicate>; - - template - using r1cs_sp_ppzkpcd_message = r1cs_pcd_message>; - - template - using r1cs_sp_ppzkpcd_local_data = r1cs_pcd_local_data>; - - template - using r1cs_sp_ppzkpcd_primary_input = - r1cs_pcd_compliance_predicate_primary_input>; - - template - using r1cs_sp_ppzkpcd_auxiliary_input = - r1cs_pcd_compliance_predicate_auxiliary_input>; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // R1CS_SP_PPZKPCD_PARAMS_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/sp_pcd_circuits.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/sp_pcd_circuits.hpp deleted file mode 100644 index 057409050a..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/sp_pcd_circuits.hpp +++ /dev/null @@ -1,642 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality for creating and using the two PCD circuits in -// a single-predicate PCD construction. -// -// The implementation follows, extends, and optimizes the approach described -// in \[BCTV14]. At high level, there is a "compliance step" circuit and a -// "translation step" circuit. For more details see Section 4 of \[BCTV14]. -// -// -// References: -// -// \[BCTV14]: -// "Scalable Zero Knowledge via Cycles of Elliptic Curves", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// CRYPTO 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_SP_PCD_CIRCUITS_HPP -#define CRYPTO3_ZK_SP_PCD_CIRCUITS_HPP - -#include -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /**************************** Compliance step ********************************/ - - /** - * A compliance-step PCD circuit. - * - * The circuit is an R1CS that checks compliance (for the given compliance predicate) - * and validity of previous proofs. - */ - template - class sp_compliance_step_pcd_circuit_maker { - public: - typedef typename CurveType::scalar_field_type FieldType; - - r1cs_pcd_compliance_predicate compliance_predicate; - - blueprint bp; - - variable zero; - - std::shared_ptr> block_for_outgoing_message; - std::shared_ptr> hash_outgoing_message; - - std::vector> blocks_for_incoming_messages; - std::vector> - sp_translation_step_vk_and_incoming_message_payload_digests; - std::vector> - unpack_sp_translation_step_vk_and_incoming_message_payload_digests; - std::vector> - sp_translation_step_vk_and_incoming_message_payload_digest_bits; - std::vector> hash_incoming_messages; - - std::shared_ptr> sp_translation_step_vk; - blueprint_variable_vector sp_translation_step_vk_bits; - - variable outgoing_message_type; - blueprint_variable_vector outgoing_message_payload; - blueprint_variable_vector outgoing_message_vars; - - variable arity; - std::vector> incoming_message_types; - std::vector> incoming_message_payloads; - std::vector> incoming_message_vars; - - blueprint_variable_vector local_data; - blueprint_variable_vector cp_witness; - std::shared_ptr> compliance_predicate_as_component; - - blueprint_variable_vector outgoing_message_bits; - std::shared_ptr> unpack_outgoing_message; - - std::vector> incoming_messages_bits; - std::vector> unpack_incoming_messages; - - blueprint_variable_vector sp_compliance_step_pcd_circuit_input; - blueprint_variable_vector padded_translation_step_vk_and_outgoing_message_digest; - std::vector> - padded_translation_step_vk_and_incoming_messages_digests; - - std::vector> verifier_input; - std::vector> proof; - variable verification_result; - std::vector> verifiers; - - sp_compliance_step_pcd_circuit_maker( - const r1cs_pcd_compliance_predicate &compliance_predicate); - void generate_r1cs_constraints(); - r1cs_constraint_system get_circuit() const; - - void generate_r1cs_witness( - const r1cs_ppzksnark_verification_key> &translation_step_pcd_circuit_vk, - const r1cs_pcd_compliance_predicate_primary_input - &compliance_predicate_primary_input, - const r1cs_pcd_compliance_predicate_auxiliary_input - &compliance_predicate_auxiliary_input, - const std::vector>> &incoming_proofs); - r1cs_primary_input get_primary_input() const; - r1cs_auxiliary_input get_auxiliary_input() const; - - static std::size_t field_logsize(); - static std::size_t field_capacity(); - static std::size_t input_size_in_elts(); - static std::size_t input_capacity_in_bits(); - static std::size_t input_size_in_bits(); - }; - - /*************************** Translation step ********************************/ - - /** - * A translation-step PCD circuit. - * - * The circuit is an R1CS that checks validity of previous proofs. - */ - template - class sp_translation_step_pcd_circuit_maker { - public: - typedef typename CurveType::scalar_field_type FieldType; - - blueprint bp; - - blueprint_variable_vector sp_translation_step_pcd_circuit_input; - blueprint_variable_vector unpacked_sp_translation_step_pcd_circuit_input; - blueprint_variable_vector verifier_input; - std::shared_ptr> unpack_sp_translation_step_pcd_circuit_input; - - std::shared_ptr> - hardcoded_sp_compliance_step_vk; - std::shared_ptr> proof; - std::shared_ptr> online_verifier; - - sp_translation_step_pcd_circuit_maker( - const r1cs_ppzksnark_verification_key> &compliance_step_vk); - void generate_r1cs_constraints(); - r1cs_constraint_system get_circuit() const; - - void generate_r1cs_witness( - const r1cs_primary_input - translation_step_input, - const r1cs_ppzksnark_proof> &compliance_step_proof); - r1cs_primary_input get_primary_input() const; - r1cs_auxiliary_input get_auxiliary_input() const; - - static std::size_t field_logsize(); - static std::size_t field_capacity(); - static std::size_t input_size_in_elts(); - static std::size_t input_capacity_in_bits(); - static std::size_t input_size_in_bits(); - }; - - /****************************** Input maps ***********************************/ - - /** - * Obtain the primary input for a compliance-step PCD circuit. - */ - template - r1cs_primary_input get_sp_compliance_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input - &primary_input); - - /** - * Obtain the primary input for a translation-step PCD circuit. - */ - template - r1cs_primary_input get_sp_translation_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input< - other_curve::scalar_field_type::value_type> &primary_input); - - template - sp_compliance_step_pcd_circuit_maker::sp_compliance_step_pcd_circuit_maker( - const r1cs_pcd_compliance_predicate &compliance_predicate) : - compliance_predicate(compliance_predicate) { - /* calculate some useful sizes */ - assert(compliance_predicate.is_well_formed()); - assert(compliance_predicate.has_equal_input_and_output_lengths()); - - const std::size_t compliance_predicate_arity = compliance_predicate.max_arity; - const std::size_t digest_size = crh_with_field_out_component::get_digest_len(); - const std::size_t msg_size_in_bits = - field_logsize() * (1 + compliance_predicate.outgoing_message_payload_length); - const std::size_t sp_translation_step_vk_size_in_bits = - r1cs_ppzksnark_verification_key_variable::size_in_bits( - sp_translation_step_pcd_circuit_maker>::input_size_in_elts()); - const std::size_t padded_verifier_input_size = - sp_translation_step_pcd_circuit_maker>::input_capacity_in_bits(); - - const std::size_t block_size = msg_size_in_bits + sp_translation_step_vk_size_in_bits; - crh_with_bit_out_component::sample_randomness(block_size); - - /* allocate input of the compliance PCD circuit */ - sp_compliance_step_pcd_circuit_input.allocate(bp, input_size_in_elts()); - - /* allocate inputs to the compliance predicate */ - outgoing_message_type.allocate(bp); - outgoing_message_payload.allocate(bp, compliance_predicate.outgoing_message_payload_length); - - outgoing_message_vars.insert(outgoing_message_vars.end(), outgoing_message_type); - outgoing_message_vars.insert(outgoing_message_vars.end(), outgoing_message_payload.begin(), - outgoing_message_payload.end()); - - arity.allocate(bp); - - incoming_message_types.resize(compliance_predicate_arity); - incoming_message_payloads.resize(compliance_predicate_arity); - incoming_message_vars.resize(compliance_predicate_arity); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - incoming_message_types[i].allocate(bp); - incoming_message_payloads[i].allocate(bp, compliance_predicate.outgoing_message_payload_length); - - incoming_message_vars[i].insert(incoming_message_vars[i].end(), incoming_message_types[i]); - incoming_message_vars[i].insert(incoming_message_vars[i].end(), - incoming_message_payloads[i].begin(), - incoming_message_payloads[i].end()); - } - - local_data.allocate(bp, compliance_predicate.local_data_length); - cp_witness.allocate(bp, compliance_predicate.witness_length); - - /* convert compliance predicate from a constraint system into a component */ - blueprint_variable_vector incoming_messages_concat; - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - incoming_messages_concat.insert(incoming_messages_concat.end(), - incoming_message_vars[i].begin(), - incoming_message_vars[i].end()); - } - - compliance_predicate_as_component.reset(new component_from_r1cs( - bp, - {outgoing_message_vars, blueprint_variable_vector(1, arity), - incoming_messages_concat, local_data, cp_witness}, - compliance_predicate.constraint_system)); - - /* unpack messages to bits */ - outgoing_message_bits.allocate(bp, msg_size_in_bits); - unpack_outgoing_message.reset(new multipacking_component( - bp, outgoing_message_bits, outgoing_message_vars, field_logsize())); - - incoming_messages_bits.resize(compliance_predicate_arity); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - incoming_messages_bits[i].allocate(bp, msg_size_in_bits); - unpack_incoming_messages.emplace_back(multipacking_component( - bp, incoming_messages_bits[i], incoming_message_vars[i], field_logsize())); - } - - /* allocate digests */ - sp_translation_step_vk_and_incoming_message_payload_digests.resize(compliance_predicate_arity); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - sp_translation_step_vk_and_incoming_message_payload_digests[i].allocate(bp, digest_size); - } - - /* allocate blocks */ - sp_translation_step_vk_bits.allocate(bp, sp_translation_step_vk_size_in_bits); - - block_for_outgoing_message.reset( - new block_variable(bp, {sp_translation_step_vk_bits, outgoing_message_bits})); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - blocks_for_incoming_messages.emplace_back( - block_variable(bp, {sp_translation_step_vk_bits, incoming_messages_bits[i]})); - } - - /* allocate hash checkers */ - hash_outgoing_message.reset(new crh_with_field_out_component( - bp, block_size, *block_for_outgoing_message, sp_compliance_step_pcd_circuit_input)); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - hash_incoming_messages.emplace_back(crh_with_field_out_component( - bp, block_size, blocks_for_incoming_messages[i], - sp_translation_step_vk_and_incoming_message_payload_digests[i])); - } - - /* allocate useful zero variable */ - zero.allocate(bp); - - /* prepare arguments for the verifier */ - sp_translation_step_vk.reset(new r1cs_ppzksnark_verification_key_variable( - bp, sp_translation_step_vk_bits, - sp_translation_step_pcd_circuit_maker>::input_size_in_elts())); - - verification_result.allocate(bp); - sp_translation_step_vk_and_incoming_message_payload_digest_bits.resize(compliance_predicate_arity); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - sp_translation_step_vk_and_incoming_message_payload_digest_bits[i].allocate( - bp, digest_size * field_logsize()); - unpack_sp_translation_step_vk_and_incoming_message_payload_digests.emplace_back( - multipacking_component( - bp, - sp_translation_step_vk_and_incoming_message_payload_digest_bits[i], - sp_translation_step_vk_and_incoming_message_payload_digests[i], - field_logsize())); - - verifier_input.emplace_back(sp_translation_step_vk_and_incoming_message_payload_digest_bits[i]); - while (verifier_input[i].size() < padded_verifier_input_size) { - verifier_input[i].emplace_back(zero); - } - - proof.emplace_back(r1cs_ppzksnark_proof_variable(bp)); - verifiers.emplace_back(r1cs_ppzksnark_verifier_component( - bp, - *sp_translation_step_vk, - verifier_input[i], - sp_translation_step_pcd_circuit_maker>::field_capacity(), - proof[i], - verification_result)); - } - - bp.set_input_sizes(input_size_in_elts()); - } - - template - void sp_compliance_step_pcd_circuit_maker::generate_r1cs_constraints() { - const std::size_t digest_size = crh_with_bit_out_component::get_digest_len(); - const std::size_t dimension = knapsack_dimension::dimension; - const std::size_t compliance_predicate_arity = compliance_predicate.max_arity; - unpack_outgoing_message->generate_r1cs_constraints(true); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - unpack_incoming_messages[i].generate_r1cs_constraints(true); - } - - sp_translation_step_vk->generate_r1cs_constraints(true); - - hash_outgoing_message->generate_r1cs_constraints(); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - hash_incoming_messages[i].generate_r1cs_constraints(); - } - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - unpack_sp_translation_step_vk_and_incoming_message_payload_digests[i].generate_r1cs_constraints( - true); - } - - compliance_predicate_as_component->generate_r1cs_constraints(); - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - proof[i].generate_r1cs_constraints(); - } - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - verifiers[i].generate_r1cs_constraints(); - } - - generate_r1cs_equals_const_constraint(bp, zero, FieldType::value_type::zero()); - generate_boolean_r1cs_constraint(bp, verification_result); - - /* type * (1-verification_result) = 0 */ - bp.add_r1cs_constraint( - r1cs_constraint(incoming_message_types[0], 1 - verification_result, 0)); - - /* all types equal */ - for (std::size_t i = 1; i < compliance_predicate.max_arity; ++i) { - bp.add_r1cs_constraint( - r1cs_constraint(1, incoming_message_types[0], incoming_message_types[i])); - } - - bp.add_r1cs_constraint(r1cs_constraint(1, arity, compliance_predicate_arity)); - bp.add_r1cs_constraint(r1cs_constraint( - 1, outgoing_message_type, typename FieldType::value_type(compliance_predicate.type))); - } - - template - r1cs_constraint_system - sp_compliance_step_pcd_circuit_maker::get_circuit() const { - return bp.get_constraint_system(); - } - - template - r1cs_primary_input - sp_compliance_step_pcd_circuit_maker::get_primary_input() const { - return bp.primary_input(); - } - - template - r1cs_auxiliary_input - sp_compliance_step_pcd_circuit_maker::get_auxiliary_input() const { - return bp.auxiliary_input(); - } - - template - void sp_compliance_step_pcd_circuit_maker::generate_r1cs_witness( - const r1cs_ppzksnark_verification_key> &sp_translation_step_pcd_circuit_vk, - const r1cs_pcd_compliance_predicate_primary_input &compliance_predicate_primary_input, - const r1cs_pcd_compliance_predicate_auxiliary_input - &compliance_predicate_auxiliary_input, - const std::vector>> &incoming_proofs) { - const std::size_t compliance_predicate_arity = compliance_predicate.max_arity; - this->bp.clear_values(); - this->bp.val(zero) = FieldType::value_type::zero(); - - compliance_predicate_as_component->generate_r1cs_witness( - compliance_predicate_primary_input.as_r1cs_primary_input(), - compliance_predicate_auxiliary_input.as_r1cs_auxiliary_input( - compliance_predicate.incoming_message_payload_lengths)); - this->bp.val(arity) = typename FieldType::value_type(compliance_predicate_arity); - unpack_outgoing_message->generate_r1cs_witness_from_packed(); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - unpack_incoming_messages[i].generate_r1cs_witness_from_packed(); - } - - sp_translation_step_vk->generate_r1cs_witness(sp_translation_step_pcd_circuit_vk); - hash_outgoing_message->generate_r1cs_witness(); - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - hash_incoming_messages[i].generate_r1cs_witness(); - unpack_sp_translation_step_vk_and_incoming_message_payload_digests[i] - .generate_r1cs_witness_from_packed(); - } - - for (std::size_t i = 0; i < compliance_predicate_arity; ++i) { - proof[i].generate_r1cs_witness(incoming_proofs[i]); - verifiers[i].generate_r1cs_witness(); - } - - if (this->bp.val(incoming_message_types[0]) != FieldType::value_type::zero()) { - this->bp.val(verification_result) = FieldType::value_type::zero(); - } - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::field_logsize() { - return typename CurveType::scalar_field_type::value_bits; - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::field_capacity() { - return typename CurveType::scalar_field_type::capacity(); - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::input_size_in_elts() { - const std::size_t digest_size = crh_with_field_out_component::get_digest_len(); - return digest_size; - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::input_capacity_in_bits() { - return input_size_in_elts() * field_capacity(); - } - - template - std::size_t sp_compliance_step_pcd_circuit_maker::input_size_in_bits() { - return input_size_in_elts() * field_logsize(); - } - - template - sp_translation_step_pcd_circuit_maker::sp_translation_step_pcd_circuit_maker( - const r1cs_ppzksnark_verification_key> &sp_compliance_step_vk) { - /* allocate input of the translation PCD circuit */ - sp_translation_step_pcd_circuit_input.allocate(bp, input_size_in_elts()); - - /* unpack translation step PCD circuit input */ - unpacked_sp_translation_step_pcd_circuit_input.allocate( - bp, sp_compliance_step_pcd_circuit_maker>::input_size_in_bits()); - unpack_sp_translation_step_pcd_circuit_input.reset( - new multipacking_component(bp, unpacked_sp_translation_step_pcd_circuit_input, - sp_translation_step_pcd_circuit_input, field_capacity())); - - /* prepare arguments for the verifier */ - hardcoded_sp_compliance_step_vk.reset( - new r1cs_ppzksnark_preprocessed_r1cs_ppzksnark_verification_key_variable( - bp, sp_compliance_step_vk)); - proof.reset(new r1cs_ppzksnark_proof_variable(bp)); - - /* verify previous proof */ - online_verifier.reset(new r1cs_ppzksnark_online_verifier_component( - bp, - *hardcoded_sp_compliance_step_vk, - unpacked_sp_translation_step_pcd_circuit_input, - sp_compliance_step_pcd_circuit_maker>::field_logsize(), - *proof, - variable(0))); - bp.set_input_sizes(input_size_in_elts()); - } - - template - void sp_translation_step_pcd_circuit_maker::generate_r1cs_constraints() { - unpack_sp_translation_step_pcd_circuit_input->generate_r1cs_constraints(true); - - proof->generate_r1cs_constraints(); - - online_verifier->generate_r1cs_constraints(); - } - - template - r1cs_constraint_system - sp_translation_step_pcd_circuit_maker::get_circuit() const { - return bp.get_constraint_system(); - } - - template - void sp_translation_step_pcd_circuit_maker::generate_r1cs_witness( - const r1cs_primary_input - sp_translation_step_input, - const r1cs_ppzksnark_proof> &compliance_step_proof) { - this->bp.clear_values(); - sp_translation_step_pcd_circuit_input.fill_with_field_elements(bp, sp_translation_step_input); - unpack_sp_translation_step_pcd_circuit_input->generate_r1cs_witness_from_packed(); - - proof->generate_r1cs_witness(compliance_step_proof); - online_verifier->generate_r1cs_witness(); - } - - template - r1cs_primary_input - sp_translation_step_pcd_circuit_maker::get_primary_input() const { - return bp.primary_input(); - } - - template - r1cs_auxiliary_input - sp_translation_step_pcd_circuit_maker::get_auxiliary_input() const { - return bp.auxiliary_input(); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::field_logsize() { - return typename CurveType::scalar_field_type::value_bits; - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::field_capacity() { - return typename CurveType::scalar_field_type::capacity(); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::input_size_in_elts() { - return algebra::div_ceil( - sp_compliance_step_pcd_circuit_maker>::input_size_in_bits(), - sp_translation_step_pcd_circuit_maker::field_capacity()); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::input_capacity_in_bits() { - return input_size_in_elts() * field_capacity(); - } - - template - std::size_t sp_translation_step_pcd_circuit_maker::input_size_in_bits() { - return input_size_in_elts() * field_logsize(); - } - - template - r1cs_primary_input get_sp_compliance_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input - &primary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const r1cs_variable_assignment outgoing_message_as_va = - primary_input.outgoing_message->as_r1cs_variable_assignment(); - std::vector msg_bits; - for (const typename FieldType::value_type &elt : outgoing_message_as_va) { - const std::vector elt_bits = algebra::convert_field_element_to_bit_vector(elt); - msg_bits.insert(msg_bits.end(), elt_bits.begin(), elt_bits.end()); - } - - std::vector block; - block.insert(block.end(), sp_translation_step_vk_bits.begin(), sp_translation_step_vk_bits.end()); - block.insert(block.end(), msg_bits.begin(), msg_bits.end()); - - crh_with_field_out_component::sample_randomness(block.size()); - - const std::vector digest = - crh_with_field_out_component::get_hash(block); - - return digest; - } - - template - r1cs_primary_input get_sp_translation_step_pcd_circuit_input( - const std::vector &sp_translation_step_vk_bits, - const r1cs_pcd_compliance_predicate_primary_input< - other_curve::scalar_field_type::value_type> &primary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const std::vector::scalar_field_type::value_type> - sp_compliance_step_pcd_circuit_input = - get_sp_compliance_step_pcd_circuit_input>( - sp_translation_step_vk_bits, primary_input); - std::vector sp_compliance_step_pcd_circuit_input_bits; - for (const other_curve::scalar_field_type::value_type &elt : - sp_compliance_step_pcd_circuit_input) { - const std::vector elt_bits = algebra::convert_field_element_to_bit_vector< - other_curve::scalar_field_type::value_type>(elt); - sp_compliance_step_pcd_circuit_input_bits.insert( - sp_compliance_step_pcd_circuit_input_bits.end(), elt_bits.begin(), elt_bits.end()); - } - - sp_compliance_step_pcd_circuit_input_bits.resize( - sp_translation_step_pcd_circuit_maker::input_capacity_in_bits(), false); - - const r1cs_primary_input result = - algebra::pack_bit_vector_into_field_element_vector( - sp_compliance_step_pcd_circuit_input_bits, - sp_translation_step_pcd_circuit_maker::field_capacity()); - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_SP_PCD_CIRCUITS_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/prover.hpp index 1ffaf587fb..08c543c14e 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/prover.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/prover.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_ZK_PLONK_BATCHED_KATE_PROVER_HPP #include -#include namespace nil { namespace crypto3 { diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp index 6b319cf6be..c6d07e51ba 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/proving_key.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_PLONK_BATCHED_KATE_PROVING_KEY_HPP #include -#include namespace nil { namespace crypto3 { diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp index 74726d5271..7062da58eb 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verification_key.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_PLONK_BATCHED_KATE_VERIFICATION_KEY_HPP #include -#include namespace nil { namespace crypto3 { diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verifier.hpp index a6bde2e252..e37ec784ec 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verifier.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/kate/verifier.hpp @@ -27,7 +27,6 @@ #define CRYPTO3_ZK_PLONK_BATCHED_KATE_VERIFIER_HPP #include -#include namespace nil { namespace crypto3 { diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp index 2ced8f970f..fe192dbbec 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp @@ -355,11 +355,17 @@ namespace nil { } // All rows selector { - auto key = std::make_tuple( PLONK_SPECIAL_SELECTOR_ALL_NON_FIRST_USABLE_ROWS_SELECTED, 0, plonk_variable::column_type::selector); + auto key = std::make_tuple( + PLONK_SPECIAL_SELECTOR_ALL_NON_FIRST_USABLE_ROWS_SELECTED, 0, + plonk_variable::column_type::selector + ); columns_at_y[key] = mask_value - common_data.lagrange_0.evaluate(proof.eval_proof.challenge); } { - auto key = std::make_tuple( PLONK_SPECIAL_SELECTOR_ALL_NON_FIRST_USABLE_ROWS_SELECTED, 1, plonk_variable::column_type::selector); + auto key = std::make_tuple( + PLONK_SPECIAL_SELECTOR_ALL_NON_FIRST_USABLE_ROWS_SELECTED, 1, + plonk_variable::column_type::selector + ); columns_at_y[key] = shifted_mask_value - common_data.lagrange_0.evaluate(proof.eval_proof.challenge * common_data.basic_domain->get_domain_element(1)); } @@ -397,7 +403,8 @@ namespace nil { std::array gate_argument = placeholder_gates_argument::verify_eval( constraint_system.gates(), columns_at_y, proof.eval_proof.challenge, - mask_value, transcript + mask_value, + transcript ); std::array alphas = diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/detail/basic_policy.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/detail/basic_policy.hpp deleted file mode 100644 index bc99d1cf8b..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/detail/basic_policy.hpp +++ /dev/null @@ -1,1282 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkADSNARK for R1CS. -// -// This includes: -// - class for authentication key (public and symmetric) -// - class for authentication verification key (public and symmetric) -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key tuple (authentication key & proving key & verification key) -// - class for authenticated data -// - class for proof -// - generator algorithm -// - authentication key generator algorithm -// - prover algorithm -// - verifier algorithm (public and symmetric) -// - online verifier algorithm (public and symmetric) -// -// The implementation instantiates the construction in \[BBFR15], which in turn -// is based on the r1cs_ppzkadsnark proof system. -// -// Acronyms: -// -// - R1CS = "Rank-1 Constraint Systems" -// - ppzkADSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge Over Authenticated Data" -// -// References: -// -//\[BBFR15] -//"ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data", -// Michael Backes, Manuel Barbosa, Dario Fiore, Raphael M. Reischuk, -// IEEE Symposium on Security and Privacy 2015, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKADSNARK_BASIC_POLICY_HPP -#define CRYPTO3_R1CS_PPZKADSNARK_BASIC_POLICY_HPP - -#include - -#include -#include - -#include - -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct r1cs_ppzkadsnark_basic_policy { - - /******************************** Params ********************************/ - - struct label_type { - unsigned char label_bytes[16]; - label_type() {}; - }; - - /** - * Below are various template aliases (used for convenience). - */ - - template - using snark_pp = typename r1cs_ppzkadsnark_ppT::snark_pp; - - template - using constraint_system = r1cs_constraint_system>>; - - template - using primary_input = r1cs_primary_input>>; - - template - using auxiliary_input = r1cs_auxiliary_input>>; - - template - using secret_key = typename r1cs_ppzkadsnark_ppT::skT; - - template - using vkT = typename r1cs_ppzkadsnark_ppT::vkT; - - template - using signature = typename r1cs_ppzkadsnark_ppT::sigT; - - template - using prf_key = typename r1cs_ppzkadsnark_ppT::prfKeyT; - - /******************************** Public authentication parameters - * ********************************/ - - /** - * Public authentication parameters for the R1CS ppzkADSNARK - */ - struct pub_auth_prms { - - typename CurveType::template g1_type<>::value_type I1; - - pub_auth_prms() {}; - pub_auth_prms &operator=(const pub_auth_prms &other) = default; - pub_auth_prms(const pub_auth_prms &other) = default; - pub_auth_prms(pub_auth_prms &&other) = default; - pub_auth_prms(typename CurveType::template g1_type<>::value_type &&I1) : - I1(std::move(I1)) {}; - - bool operator==(const pub_auth_prms &other) const { - return (this->I1 == other.I1); - } - }; - - /******************************** Secret authentication key ********************************/ - - /** - * Secret authentication key for the R1CS ppzkADSNARK - */ - struct sec_auth_key { - - typename CurveType::scalar_field_type::value_type i; - - secret_key skp; - prf_key S; - - sec_auth_key() {}; - sec_auth_key &operator=(const sec_auth_key &other) = default; - sec_auth_key(const sec_auth_key &other) = default; - sec_auth_key(sec_auth_key &&other) = default; - sec_auth_key(typename CurveType::scalar_field_type::value_type &&i, - secret_key &&skp, - prf_key &&S) : - i(std::move(i)), - skp(std::move(skp)), S(std::move(S)) {}; - - bool operator==(const sec_auth_key &other) const { - return (this->i == other.i) && (this->skp == other.skp) && (this->S == other.S); - } - }; - - /******************************** Public authentication key ********************************/ - - /** - * Public authentication key for the R1CS ppzkADSNARK - */ - struct pub_auth_key { - - typename CurveType::template g2_type<>::value_type minusI2; - vkT vkp; - - pub_auth_key() {}; - pub_auth_key &operator=(const pub_auth_key &other) = default; - pub_auth_key(const pub_auth_key &other) = default; - pub_auth_key(pub_auth_key &&other) = default; - pub_auth_key(typename CurveType::template g2_type<>::value_type &&minusI2, - vkT &&vkp) : - minusI2(std::move(minusI2)), - vkp(std::move(vkp)) {}; - - bool operator==(const pub_auth_key &other) const { - return (this->minusI2 == other.minusI2) && (this->vkp == other.vkp); - } - }; - - /******************************** Authentication key material ********************************/ - struct auth_keys { - - pub_auth_prms pap; - pub_auth_key pak; - sec_auth_key sak; - - auth_keys() {}; - auth_keys(auth_keys &&other) = default; - auth_keys(pub_auth_prms &&pap, - pub_auth_key &&pak, - sec_auth_key &&sak) : - pap(std::move(pap)), - pak(std::move(pak)), sak(std::move(sak)) { - } - }; - - /******************************** Authenticated data ********************************/ - - /** - * Authenticated data for the R1CS ppzkADSNARK - */ - struct auth_data { - - typename CurveType::scalar_field_type::value_type mu; - typename CurveType::template g2_type<>::value_type Lambda; - - signature sigma; - - auth_data() {}; - auth_data &operator=(const auth_data &other) = default; - auth_data(const auth_data &other) = default; - auth_data(auth_data &&other) = default; - - auth_data(typename CurveType::scalar_field_type::value_type &&mu, - typename CurveType::template g2_type<>::value_type &&Lambda, - - signature &&sigma) : - mu(std::move(mu)), - Lambda(std::move(Lambda)), sigma(std::move(sigma)) {}; - - bool operator==(const auth_data &other) const { - return (this->mu == other.mu) && (this->Lambda == other.Lambda) && - (this->sigma == other.sigma); - } - }; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS ppzkADSNARK. - */ - class proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - knowledge_commitment_vector A_query; - knowledge_commitment_vector B_query; - knowledge_commitment_vector C_query; - - typename std::vector H_query; // t powers - typename std::vector K_query; - /* Now come the additional elements for ad */ - typename g1_value_type rA_i_Z_g1; - - constraint_system constraint_system; - - proving_key() {}; - proving_key &operator=(const proving_key &other) = default; - proving_key(const proving_key &other) = default; - proving_key(proving_key &&other) = default; - proving_key(knowledge_commitment_vector &&A_query, - knowledge_commitment_vector &&B_query, - knowledge_commitment_vector &&C_query, - typename std::vector &&H_query, - typename std::vector &&K_query, - g1_value_type &&rA_i_Z_g1, - constraint_system &&constraint_system) : - A_query(std::move(A_query)), - B_query(std::move(B_query)), C_query(std::move(C_query)), H_query(std::move(H_query)), - K_query(std::move(K_query)), rA_i_Z_g1(std::move(rA_i_Z_g1)), - constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return 2 * (A_query.domain_size() + C_query.domain_size()) + B_query.domain_size() + - H_query.size() + K_query.size() + 1; - } - - std::size_t G2_size() const { - return B_query.domain_size(); - } - - std::size_t G1_sparse_size() const { - return 2 * (A_query.size() + C_query.size()) + B_query.size() + H_query.size() + - K_query.size() + 1; - } - - std::size_t G2_sparse_size() const { - return B_query.size(); - } - - std::size_t size_in_bits() const { - return A_query.size_in_bits() + B_query.size_in_bits() + C_query.size_in_bits() + - H_query.size() * g1_type::value_bits + K_query.size() * g1_type::value_bits + - g1_type::value_bits; - } - - bool operator==(const proving_key &other) const { - return (this->A_query == other.A_query && this->B_query == other.B_query && - this->C_query == other.C_query && this->H_query == other.H_query && - this->K_query == other.K_query && this->rA_i_Z_g1 == other.rA_i_Z_g1 && - this->constraint_system == other.constraint_system); - } - }; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS ppzkADSNARK. - */ - struct verification_key { - - typename CurveType::template g2_type<>::value_type alphaA_g2; - typename CurveType::template g1_type<>::value_type alphaB_g1; - typename CurveType::template g2_type<>::value_type alphaC_g2; - typename CurveType::template g2_type<>::value_type gamma_g2; - typename CurveType::template g1_type<>::value_type gamma_beta_g1; - typename CurveType::template g2_type<>::value_type gamma_beta_g2; - typename CurveType::template g2_type<>::value_type rC_Z_g2; - - typename CurveType::template g1_type<>::value_type A0; - typename std::vector::value_type> Ain; - - verification_key() = default; - verification_key( - const typename CurveType::template g2_type<>::value_type &alphaA_g2, - const typename CurveType::template g1_type<>::value_type &alphaB_g1, - const typename CurveType::template g2_type<>::value_type &alphaC_g2, - const typename CurveType::template g2_type<>::value_type &gamma_g2, - const typename CurveType::template g1_type<>::value_type &gamma_beta_g1, - const typename CurveType::template g2_type<>::value_type &gamma_beta_g2, - const typename CurveType::template g2_type<>::value_type &rC_Z_g2, - const typename CurveType::template g1_type<>::value_type A0, - const typename std::vector::value_type> - Ain) : - alphaA_g2(alphaA_g2), - alphaB_g1(alphaB_g1), alphaC_g2(alphaC_g2), gamma_g2(gamma_g2), - gamma_beta_g1(gamma_beta_g1), gamma_beta_g2(gamma_beta_g2), rC_Z_g2(rC_Z_g2), A0(A0), - Ain(Ain) {}; - - std::size_t G1_size() const { - return 3 + Ain.size(); - } - - std::size_t G2_size() const { - return 5; - } - - std::size_t size_in_bits() const { - return G1_size() * CurveType::template g1_type<>::value_type::value_bits + - G2_size() * - CurveType::template g2_type<>::value_type::value_bits; // possible zksnark - // bug - } - - bool operator==(const verification_key &other) const { - return (this->alphaA_g2 == other.alphaA_g2 && this->alphaB_g1 == other.alphaB_g1 && - this->alphaC_g2 == other.alphaC_g2 && this->gamma_g2 == other.gamma_g2 && - this->gamma_beta_g1 == other.gamma_beta_g1 && - this->gamma_beta_g2 == other.gamma_beta_g2 && this->rC_Z_g2 == other.rC_Z_g2 && - this->A0 == other.A0 && this->Ain == other.Ain); - } - }; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS ppzkADSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - class processed_verification_key { - using pairing_policy = typename pairing::pairing_policy; - - public: - typename pairing_policy::g2_precomputed_type pp_G2_one_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaA_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_alphaB_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaC_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_rC_Z_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_gamma_beta_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_beta_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_rC_i_g2_precomp; - - typename CurveType::template g1_type<>::value_type A0; - typename std::vector::value_type> Ain; - - std::vector proof_g_vki_precomp; - - bool operator==(const processed_verification_key &other) const { - bool result = (this->pp_G2_one_precomp == other.pp_G2_one_precomp && - this->vk_alphaA_g2_precomp == other.vk_alphaA_g2_precomp && - this->vk_alphaB_g1_precomp == other.vk_alphaB_g1_precomp && - this->vk_alphaC_g2_precomp == other.vk_alphaC_g2_precomp && - this->vk_rC_Z_g2_precomp == other.vk_rC_Z_g2_precomp && - this->vk_gamma_g2_precomp == other.vk_gamma_g2_precomp && - this->vk_gamma_beta_g1_precomp == other.vk_gamma_beta_g1_precomp && - this->vk_gamma_beta_g2_precomp == other.vk_gamma_beta_g2_precomp && - this->vk_rC_i_g2_precomp == other.vk_rC_i_g2_precomp && - this->A0 == other.A0 && this->Ain == other.Ain && - this->proof_g_vki_precomp.size() == other.proof_g_vki_precomp.size()); - if (result) { - for (std::size_t i = 0; i < this->proof_g_vki_precomp.size(); i++) - result &= this->proof_g_vki_precomp[i] == other.proof_g_vki_precomp[i]; - } - return result; - } - }; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS ppzkADSNARK, which consists of a proving key and a verification key. - */ - struct keypair { - - proving_key pk; - verification_key vk; - - keypair() = default; - keypair(const keypair &other) = default; - keypair(proving_key &&pk, verification_key &&vk) : - pk(std::move(pk)), vk(std::move(vk)) { - } - - keypair(keypair &&other) = default; - }; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS ppzkADSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - class proof { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - typename knowledge_commitment::value_type g_A; - typename knowledge_commitment::value_type g_B; - typename knowledge_commitment::value_type g_C; - g1_value_type g_H; - g1_value_type g_K; - typename knowledge_commitment::value_type g_Aau; - g1_value_type muA; - - proof() { - // invalid proof with valid curve points - this->g_A.g = g1_value_type::one(); - this->g_A.h = g1_value_type::one(); - this->g_B.g = g2_value_type::one(); - this->g_B.h = g1_value_type::one(); - this->g_C.g = g1_value_type::one(); - this->g_C.h = g1_value_type::one(); - this->g_H = g1_value_type::one(); - this->g_K = g1_value_type::one(); - g_Aau = typename knowledge_commitment::value_type( - g1_value_type::one(), g1_value_type::one()); - - this->muA = g1_value_type::one(); - } - proof(typename knowledge_commitment::value_type &&g_A, - typename knowledge_commitment::value_type &&g_B, - typename knowledge_commitment::value_type &&g_C, - g1_value_type &&g_H, - g1_value_type &&g_K, - typename knowledge_commitment::value_type &&g_Aau, - g1_value_type &&muA) : - g_A(std::move(g_A)), - g_B(std::move(g_B)), g_C(std::move(g_C)), g_H(std::move(g_H)), g_K(std::move(g_K)), - g_Aau(std::move(g_Aau)), muA(std::move(muA)) {}; - - std::size_t G1_size() const { - return 10; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_value_type::value_bits + G2_size() * g2_value_type::value_bits; - } - - bool is_well_formed() const { - return (g_A.g.is_well_formed() && g_A.h.is_well_formed() && g_B.g.is_well_formed() && - g_B.h.is_well_formed() && g_C.g.is_well_formed() && g_C.h.is_well_formed() && - g_H.is_well_formed() && g_K.is_well_formed() && g_Aau.g.is_well_formed() && - g_Aau.h.is_well_formed() && muA.is_well_formed()); - } - - bool operator==(const proof &other) const { - return (this->g_A == other.g_A && this->g_B == other.g_B && this->g_C == other.g_C && - this->g_H == other.g_H && this->g_K == other.g_K && - this->g_Aau == other.g_Aau && this->muA == other.muA); - } - }; - - /***************************** Main algorithms *******************************/ - - /** - * R1CS ppZKADSNARK authentication parameters generator algorithm. - */ - static auth_keys auth_generator(void) { - kpT sigkp = sigGen(); - prf_key prfseed = prfGen(); - CurveType i = algebra::random_element(); - typename CurveType::template g1_type<>::value_type I1 = - i * CurveType::template g1_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type minusI2 = - CurveType::template g2_type<>::value_type::zero() - - i * CurveType::template g2_type<>::value_type::one(); - return auth_keys( - pub_auth_prms(std::move(I1)), - pub_auth_key(std::move(minusI2), std::move(sigkp.vk)), - sec_auth_key(std::move(i), std::move(sigkp.sk), std::move(prfseed))); - } - - /** - * R1CS ppZKADSNARK authentication algorithm. - */ - static std::vector> - auth_sign(const std::vector &ins, - const sec_auth_key &sk, - const std::vector - labels) { - assert(labels.size() == ins.size()); - std::vector> res; - res.reserve(ins.size()); - for (std::size_t i = 0; i < ins.size(); i++) { - typename CurveType::scalar_field_type::value_type lambda = - prfCompute(sk.S, labels[i]); - typename CurveType::template g2_type<>::value_type Lambda = - lambda * CurveType::template g2_type<>::value_type::one(); - signature sig = sigSign(sk.skp, labels[i], Lambda); - auth_data val(std::move(lambda + sk.i * ins[i]), std::move(Lambda), - std::move(sig)); - res.emplace_back(val); - } - return std::move(res); - } - - /** - * R1CS ppZKADSNARK authentication verification algorithms. - */ - // symmetric - static bool - auth_verify(const std::vector &data, - const std::vector> &auth_data, - const sec_auth_key &sak, - const std::vector &labels) { - assert((data.size() == labels.size()) && (auth_data.size() == labels.size())); - bool res = true; - for (std::size_t i = 0; i < data.size(); i++) { - typename CurveType::scalar_field_type::value_type lambda = - prfCompute(sak.S, labels[i]); - typename CurveType::scalar_field_type::value_type mup = lambda + sak.i * data[i]; - res = res && (auth_data[i].mu == mup); - } - return res; - } - - // public - static bool - auth_verify(const std::vector &data, - const std::vector> &auth_data, - const pub_auth_key &pak, - const std::vector &labels) { - assert((data.size() == labels.size()) && (data.size() == auth_data.size())); - bool res = true; - for (std::size_t i = 0; i < auth_data.size(); i++) { - typename CurveType::template g2_type<>::value_type Mup = - auth_data[i].Lambda - data[i] * pak.minusI2; - res = - res && (auth_data[i].mu * CurveType::template g2_type<>::value_type::one() == Mup); - res = res && - sigVerif(pak.vkp, labels[i], auth_data[i].Lambda, auth_data[i].sigma); - } - return res; - } - - /** - * A generator algorithm for the R1CS ppzkADSNARK. - * - * Given a R1CS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - static keypair generator(const constraint_system &cs, - const pub_auth_prms &prms) { - - /* make the B_query "lighter" if possible */ - constraint_system cs_copy(cs); - cs_copy.swap_AB_if_beneficial(); - - /* draw random element at which the QAP is evaluated */ - const typename CurveType::scalar_field_type::value_type t = - algebra::random_element(); - - qap_instance_evaluation qap_inst = - r1cs_to_qap::instance_map_with_evaluation(cs_copy, t); - - printf("* QAP number of variables: %zu\n", qap_inst.num_variables()); - printf("* QAP pre degree: %zu\n", cs_copy.constraints.size()); - printf("* QAP degree: %zu\n", qap_inst.degree()); - printf("* QAP number of input variables: %zu\n", qap_inst.num_inputs()); - - std::size_t non_zero_At = 0, non_zero_Bt = 0, non_zero_Ct = 0, non_zero_Ht = 0; - for (std::size_t i = 0; i < qap_inst.num_variables() + 1; ++i) { - if (!qap_inst.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap_inst.Bt[i].is_zero()) { - ++non_zero_Bt; - } - if (!qap_inst.Ct[i].is_zero()) { - ++non_zero_Ct; - } - } - for (std::size_t i = 0; i < qap_inst.degree() + 1; ++i) { - if (!qap_inst.Ht[i].is_zero()) { - ++non_zero_Ht; - } - } - - algebra::Fr_vector> At = std::move( - qap_inst.At); // qap_inst.At is now in unspecified state, but we do not use it later - algebra::Fr_vector> Bt = std::move( - qap_inst.Bt); // qap_inst.Bt is now in unspecified state, but we do not use it later - algebra::Fr_vector> Ct = std::move( - qap_inst.Ct); // qap_inst.Ct is now in unspecified state, but we do not use it later - algebra::Fr_vector> Ht = std::move( - qap_inst.Ht); // qap_inst.Ht is now in unspecified state, but we do not use it later - - /* append Zt to At,Bt,Ct with */ - At.emplace_back(qap_inst.Zt); - Bt.emplace_back(qap_inst.Zt); - Ct.emplace_back(qap_inst.Zt); - - const typename CurveType::scalar_field_type::value_type - alphaA = algebra::random_element(), - alphaB = algebra::random_element(), - alphaC = algebra::random_element(), - rA = algebra::random_element(), - rB = algebra::random_element(), - beta = algebra::random_element(), - gamma = algebra::random_element(); - const typename CurveType::scalar_field_type::value_type rC = rA * rB; - - // construct the same-coefficient-check query (must happen before zeroing out the prefix of - // At) - algebra::Fr_vector> Kt; - Kt.reserve(qap_inst.num_variables() + 4); - for (std::size_t i = 0; i < qap_inst.num_variables() + 1; ++i) { - Kt.emplace_back(beta * (rA * At[i] + rB * Bt[i] + rC * Ct[i])); - } - Kt.emplace_back(beta * rA * qap_inst.Zt); - Kt.emplace_back(beta * rB * qap_inst.Zt); - Kt.emplace_back(beta * rC * qap_inst.Zt); - - const std::size_t g1_exp_count = 2 * (non_zero_At - qap_inst.num_inputs() + non_zero_Ct) + - non_zero_Bt + non_zero_Ht + Kt.size(); - const std::size_t g2_exp_count = non_zero_Bt; - - std::size_t g1_window = - algebra::get_exp_window_size::value_type>( - g1_exp_count); - std::size_t g2_window = - algebra::get_exp_window_size::value_type>( - g2_exp_count); - printf("* G1 window: %zu\n", g1_window); - printf("* G2 window: %zu\n", g2_window); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - algebra::window_table g1_table = - algebra::get_window_table( - CurveType::scalar_field_type::value_bits, g1_window, - CurveType::template g1_type<>::value_type::one()); - - algebra::window_table g2_table = - algebra::get_window_table( - CurveType::scalar_field_type::value_bits, g2_window, - CurveType::template g2_type<>::value_type::one()); - - knowledge_commitment_vector - A_query = kc_batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_window, - g1_table, g1_table, rA, rA * alphaA, At, chunks); - - knowledge_commitment_vector - B_query = kc_batch_exp(CurveType::scalar_field_type::value_bits, g2_window, g1_window, - g2_table, g1_table, rB, rB * alphaB, Bt, chunks); - - knowledge_commitment_vector - C_query = kc_batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_window, - g1_table, g1_table, rC, rC * alphaC, Ct, chunks); - - typename std::vector::value_type> H_query = - batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_table, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector::value_type> K_query = - batch_exp(CurveType::scalar_field_type::value_bits, g1_window, g1_table, Kt); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(K_query); -#endif - - typename CurveType::template g2_type<>::value_type alphaA_g2 = - alphaA * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g1_type<>::value_type alphaB_g1 = - alphaB * CurveType::template g1_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type alphaC_g2 = - alphaC * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type gamma_g2 = - gamma * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g1_type<>::value_type gamma_beta_g1 = - (gamma * beta) * CurveType::template g1_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type gamma_beta_g2 = - (gamma * beta) * CurveType::template g2_type<>::value_type::one(); - typename CurveType::template g2_type<>::value_type rC_Z_g2 = - (rC * qap_inst.Zt) * CurveType::template g2_type<>::value_type::one(); - - typename CurveType::template g1_type<>::value_type rA_i_Z_g1 = (rA * qap_inst.Zt) * prms.I1; - - typename CurveType::template g1_type<>::value_type A0 = A_query[0].g; - typename std::vector::value_type> Ain; - Ain.reserve(qap_inst.num_inputs()); - for (std::size_t i = 0; i < qap_inst.num_inputs(); ++i) { - Ain.emplace_back(A_query[1 + i].g); - } - - verification_key vk = - verification_key(alphaA_g2, alphaB_g1, alphaC_g2, gamma_g2, gamma_beta_g1, - gamma_beta_g2, rC_Z_g2, A0, Ain); - proving_key pk = proving_key(std::move(A_query), - std::move(B_query), - std::move(C_query), - std::move(H_query), - std::move(K_query), - std::move(rA_i_Z_g1), - std::move(cs_copy)); - - return keypair(std::move(pk), std::move(vk)); - } - - /** - * A prover algorithm for the R1CS ppzkADSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - static proof prover(const proving_key &pk, - const primary_input &primary_input, - const auxiliary_input &auxiliary_input, - const std::vector> &auth_data) { - - const typename CurveType::scalar_field_type::value_type - d1 = algebra::random_element(), - d2 = algebra::random_element(), - d3 = algebra::random_element(), - dauth = algebra::random_element(); - - const qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map( - pk.constraint_system, primary_input, auxiliary_input, d1 + dauth, d2, d3); - - typename knowledge_commitment::value_type g_A = - /* pk.A_query[0] + */ d1 * pk.A_query[qap_wit.num_variables + 1]; - typename knowledge_commitment::value_type g_B = - pk.B_query[0] + qap_wit.d2 * pk.B_query[qap_wit.num_variables + 1]; - typename knowledge_commitment::value_type g_C = - pk.C_query[0] + qap_wit.d3 * pk.C_query[qap_wit.num_variables + 1]; - - typename knowledge_commitment::value_type g_Ain = - dauth * pk.A_query[qap_wit.num_variables + 1]; - - typename CurveType::template g1_type<>::value_type g_H = - CurveType::template g1_type<>::value_type::zero(); - typename CurveType::template g1_type<>::value_type g_K = - (pk.K_query[0] + qap_wit.d1 * pk.K_query[qap_wit.num_variables + 1] + - qap_wit.d2 * pk.K_query[qap_wit.num_variables + 2] + - qap_wit.d3 * pk.K_query[qap_wit.num_variables + 3]); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - g_A = g_A + kc_multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.A_query, 1 + qap_wit.num_inputs, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_inputs, - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - g_Ain = g_Ain + - kc_multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.A_query, 1, 1 + qap_wit.num_inputs, qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_inputs, chunks); - // std :: cout << "The input proof term: " << g_Ain << "\n"; - - g_B = g_B + kc_multiexp_with_mixed_addition< - typename CurveType::g2_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.B_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - g_C = g_C + kc_multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::g1_type, - typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename knowledge_commitment::value_type, - typename CurveType::scalar_field_type>>( - pk.C_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - g_H = g_H + - algebra::multiexp< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_BDLO12>( - pk.H_query.begin(), - pk.H_query.begin() + qap_wit.degree + 1, - qap_wit.coefficients_for_H.begin(), - qap_wit.coefficients_for_H.begin() + qap_wit.degree + 1, - chunks); - - g_K = g_K + algebra::multiexp_with_mixed_addition< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename CurveType::g1_type, typename CurveType::scalar_field_type>>( - pk.K_query.begin() + 1, - pk.K_query.begin() + 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, - chunks); - - std::vector mus; - std::vector::value_type> Ains; - mus.reserve(qap_wit.num_inputs); - Ains.reserve(qap_wit.num_inputs); - for (std::size_t i = 0; i < qap_wit.num_inputs; i++) { - mus.emplace_back(auth_data[i].mu); - Ains.emplace_back(pk.A_query[i + 1].g); - } - typename CurveType::template g1_type<>::value_type muA = dauth * pk.rA_i_Z_g1; - muA = muA + algebra::multiexp< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename CurveType::g1_type, typename CurveType::scalar_field_type>>( - Ains.begin(), Ains.begin() + qap_wit.num_inputs, mus.begin(), - mus.begin() + qap_wit.num_inputs, chunks); - - // To Do: Decide whether to include relevant parts of auth_data in proof - - proof proof = proof(std::move(g_A), - std::move(g_B), - std::move(g_C), - std::move(g_H), - std::move(g_K), - std::move(g_Ain), - std::move(muA)); - - return proof; - } - - /* - Below are two variants of verifier algorithm for the R1CS ppzkADSNARK. - - These are the four cases that arise from the following choices: - - 1) The verifier accepts a (non-processed) verification key or, instead, a processed verification - key. In the latter case, we call the algorithm an "online verifier". - - 2) The verifier uses the symmetric key or the public verification key. - In the former case we call the algorithm a "symmetric verifier". - - */ - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - static processed_verification_key - verifier_process_vk(const verification_key &vk) { - - using namespace algebra::pairing; - - using pairing_policy = pairing_policy; - - using g2_type = typename CurveType::template g2_type<>; - - processed_verification_key pvk; - pvk.pp_G2_one_precomp = precompute_g2(g2_type::value_type::one()); - pvk.vk_alphaA_g2_precomp = precompute_g2(vk.alphaA_g2); - pvk.vk_alphaB_g1_precomp = precompute_g1(vk.alphaB_g1); - pvk.vk_alphaC_g2_precomp = precompute_g2(vk.alphaC_g2); - pvk.vk_rC_Z_g2_precomp = precompute_g2(vk.rC_Z_g2); - pvk.vk_gamma_g2_precomp = precompute_g2(vk.gamma_g2); - pvk.vk_gamma_beta_g1_precomp = precompute_g1(vk.gamma_beta_g1); - pvk.vk_gamma_beta_g2_precomp = precompute_g2(vk.gamma_beta_g2); - - typename pairing_policy::g2_precomputed_type vk_rC_z_g2_precomp = - precompute_g2(vk.rC_Z_g2); - - pvk.A0 = typename CurveType::template g1_type<>::value_type(vk.A0); - pvk.Ain = typename std::vector::value_type>(vk.Ain); - - pvk.proof_g_vki_precomp.reserve(pvk.Ain.size()); - for (std::size_t i = 0; i < pvk.Ain.size(); i++) { - pvk.proof_g_vki_precomp.emplace_back(precompute_g1(pvk.Ain[i])); - } - - return pvk; - } - - /** - * A symmetric verifier algorithm for the R1CS ppzkADSNARK that - * accepts a processed verification key. - */ - // symmetric - static bool online_verifier(const processed_verification_key &pvk, - const proof &proof, - const sec_auth_key &sak, - const std::vector &labels) { - - using namespace algebra::pairing; - - using pairing_policy = typename pairing_policy; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - std::vector lambdas; - lambdas.reserve(labels.size()); - for (std::size_t i = 0; i < labels.size(); i++) { - lambdas.emplace_back(prfCompute(sak.S, labels[i])); - } - typename CurveType::template g1_type<>::value_type prodA = sak.i * proof.g_Aau.g; - prodA = - prodA + algebra::multiexp< - typename CurveType::g1_type, typename CurveType::scalar_field_type, - algebra::policies::multiexp_method_bos_coster< - typename CurveType::g1_type, typename CurveType::scalar_field_type>>( - pvk.Ain.begin(), pvk.Ain.begin() + labels.size(), lambdas.begin(), - lambdas.begin() + labels.size(), 1); - - bool result_auth = true; - - if (!(prodA == proof.muA)) { - result_auth = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_Aau_g_precomp = - precompute_g1(proof.g_Aau.g); - typename pairing_policy::g1_precomputed_type proof_g_Aau_h_precomp = - precompute_g1(proof.g_Aau.h); - - typename gt_type::value_type kc_Aau_1 = - miller_loop(proof_g_Aau_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_Aau_2 = - miller_loop(proof_g_Aau_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_Aau = - final_exponentiation(kc_Aau_1 * kc_Aau_2.unitary_inversed()); - if (kc_Aau != gt_type::value_type::one()) { - result_auth = false; - } - - result &= result_auth; - - typename pairing_policy::g1_precomputed_type proof_g_A_g_precomp = - precompute_g1(proof.g_A.g); - typename pairing_policy::g1_precomputed_type proof_g_A_h_precomp = - precompute_g1(proof.g_A.h); - typename gt_type::value_type kc_A_1 = - miller_loop(proof_g_A_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_A_2 = - miller_loop(proof_g_A_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_A = final_exponentiation(kc_A_1 * kc_A_2.unitary_inversed()); - if (kc_A != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g2_precomputed_type::value_type proof_g_B_g_precomp = - precompute_g2(proof.g_B.g); - typename pairing_policy::g1_precomputed_type proof_g_B_h_precomp = - precompute_g1(proof.g_B.h); - typename gt_type::value_type kc_B_1 = - miller_loop(pvk.vk_alphaB_g1_precomp, proof_g_B_g_precomp); - typename gt_type::value_type kc_B_2 = - miller_loop(proof_g_B_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_B = final_exponentiation(kc_B_1 * kc_B_2.unitary_inversed()); - if (kc_B != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_C_g_precomp = - precompute_g1(proof.g_C.g); - typename pairing_policy::g1_precomputed_type proof_g_C_h_precomp = - precompute_g1(proof.g_C.h); - typename gt_type::value_type kc_C_1 = - miller_loop(proof_g_C_g_precomp, pvk.vk_alphaC_g2_precomp); - typename gt_type::value_type kc_C_2 = - miller_loop(proof_g_C_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_C = final_exponentiation(kc_C_1 * kc_C_2.unitary_inversed()); - if (kc_C != gt_type::value_type::one()) { - result = false; - } - - typename CurveType::template g1_type<>::value_type Aacc = - pvk.A0 + proof.g_Aau.g + proof.g_A.g; - - typename pairing_policy::g1_precomputed_type proof_g_Aacc_precomp = - precompute_g1(Aacc); - typename pairing_policy::g1_precomputed_type proof_g_H_precomp = - precompute_g1(proof.g_H); - typename gt_type::value_type QAP_1 = - miller_loop(proof_g_Aacc_precomp, proof_g_B_g_precomp); - typename gt_type::value_type QAP_23 = pairing_policy::double_miller_loop( - proof_g_H_precomp, pvk.vk_rC_Z_g2_precomp, proof_g_C_g_precomp, pvk.pp_G2_one_precomp); - typename gt_type QAP = final_exponentiation(QAP_1 * QAP_23.unitary_inversed()); - if (QAP != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_K_precomp = - precompute_g1(proof.g_K); - typename pairing_policy::g1_precomputed_type proof_g_Aacc_C_precomp = - precompute_g1(Aacc + proof.g_C.g); - typename gt_type::value_type K_1 = - miller_loop(proof_g_K_precomp, pvk.vk_gamma_g2_precomp); - typename gt_type::value_type K_23 = - pairing_policy::double_miller_loop(proof_g_Aacc_C_precomp, pvk.vk_gamma_beta_g2_precomp, - pvk.vk_gamma_beta_g1_precomp, proof_g_B_g_precomp); - typename gt_type K = final_exponentiation(K_1 * K_23.unitary_inversed()); - if (K != gt_type::value_type::one()) { - result = false; - } - - return result; - } - - /** - * A symmetric verifier algorithm for the R1CS ppzkADSNARK that - * accepts a non-processed verification key - */ - static bool verifier(const verification_key &vk, - const proof &proof, - const sec_auth_key &sak, - const std::vector &labels) { - processed_verification_key pvk = verifier_process_vk(vk); - bool result = online_verifier(pvk, proof, sak, labels); - return result; - } - - /** - * A verifier algorithm for the R1CS ppzkADSNARK that - * accepts a processed verification key. - */ - // public - static bool online_verifier(const processed_verification_key &pvk, - const std::vector> &auth_data, - const proof &proof, - const pub_auth_key &pak, - const std::vector &labels) { - - using pairing_policy = typename snark_pp::pairing; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - assert(labels.size() == auth_data.size()); - - std::vector Lambdas; - std::vector> sigs; - Lambdas.reserve(labels.size()); - sigs.reserve(labels.size()); - for (std::size_t i = 0; i < labels.size(); i++) { - Lambdas.emplace_back(auth_data[i].Lambda); - sigs.emplace_back(auth_data[i].sigma); - } - bool result_auth = sigBatchVerif(pak.vkp, labels, Lambdas, sigs); - if (!result_auth) { - } - - // To Do: Decide whether to move pak and lambda preprocessing to offline - std::vector g_Lambdas_precomp; - g_Lambdas_precomp.reserve(auth_data.size()); - for (std::size_t i = 0; i < auth_data.size(); i++) - g_Lambdas_precomp.emplace_back(precompute_g2(auth_data[i].Lambda)); - typename pairing_policy::g2_precomputed_type::value_type g_minusi_precomp = - precompute_g2(pak.minusI2); - - typename gt_type::value_type accum; - if (auth_data.size() % 2 == 1) { - miller_loop(pvk.proof_g_vki_precomp[0], g_Lambdas_precomp[0]); - } else { - accum = gt_type::value_type::one(); - } - for (std::size_t i = auth_data.size() % 2; i < labels.size(); i = i + 2) { - accum = accum * pairing_policy::double_miller_loop( - pvk.proof_g_vki_precomp[i], g_Lambdas_precomp[i], - pvk.proof_g_vki_precomp[i + 1], g_Lambdas_precomp[i + 1]); - } - - typename pairing_policy::g1_precomputed_type proof_g_muA_precomp = - precompute_g1(proof.muA); - typename pairing_policy::g1_precomputed_type proof_g_Aau_precomp = - precompute_g1(proof.g_Aau.g); - typename gt_type::value_type accum2 = pairing_policy::double_miller_loop( - proof_g_muA_precomp, pvk.pp_G2_one_precomp, proof_g_Aau_precomp, g_minusi_precomp); - typename gt_type authPair = - final_exponentiation(accum * accum2.unitary_inversed()); - if (authPair != gt_type::value_type::one()) { - result_auth = false; - } - - if (!(result_auth)) { - } - - typename pairing_policy::g1_precomputed_type proof_g_Aau_g_precomp = - precompute_g1(proof.g_Aau.g); - typename pairing_policy::g1_precomputed_type proof_g_Aau_h_precomp = - precompute_g1(proof.g_Aau.h); - typename gt_type::value_type kc_Aau_1 = - miller_loop(proof_g_Aau_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_Aau_2 = - miller_loop(proof_g_Aau_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_Aau = - typename ::final_exponentiation(kc_Aau_1 * kc_Aau_2.unitary_inversed()); - if (kc_Aau != gt_type::value_type::one()) { - result_auth = false; - } - - result &= result_auth; - - typename pairing_policy::g1_precomputed_type proof_g_A_g_precomp = - precompute_g1(proof.g_A.g); - typename pairing_policy::g1_precomputed_type proof_g_A_h_precomp = - precompute_g1(proof.g_A.h); - typename gt_type::value_type kc_A_1 = - miller_loop(proof_g_A_g_precomp, pvk.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_A_2 = - miller_loop(proof_g_A_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_A = final_exponentiation(kc_A_1 * kc_A_2.unitary_inversed()); - if (kc_A != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g2_precomputed_type::value_type proof_g_B_g_precomp = - precompute_g2(proof.g_B.g); - typename pairing_policy::g1_precomputed_type proof_g_B_h_precomp = - precompute_g1(proof.g_B.h); - typename gt_type::value_type kc_B_1 = - miller_loop(pvk.vk_alphaB_g1_precomp, proof_g_B_g_precomp); - typename gt_type::value_type kc_B_2 = - miller_loop(proof_g_B_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_B = final_exponentiation(kc_B_1 * kc_B_2.unitary_inversed()); - if (kc_B != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_C_g_precomp = - precompute_g1(proof.g_C.g); - typename pairing_policy::g1_precomputed_type proof_g_C_h_precomp = - precompute_g1(proof.g_C.h); - typename gt_type::value_type kc_C_1 = - miller_loop(proof_g_C_g_precomp, pvk.vk_alphaC_g2_precomp); - typename gt_type::value_type kc_C_2 = - miller_loop(proof_g_C_h_precomp, pvk.pp_G2_one_precomp); - typename gt_type kc_C = final_exponentiation(kc_C_1 * kc_C_2.unitary_inversed()); - if (kc_C != gt_type::value_type::one()) { - result = false; - } - - typename CurveType::template g1_type<>::value_type Aacc = - pvk.A0 + proof.g_Aau.g + proof.g_A.g; - - typename pairing_policy::g1_precomputed_type proof_g_Aacc_precomp = - precompute_g1(Aacc); - typename pairing_policy::g1_precomputed_type proof_g_H_precomp = - precompute_g1(proof.g_H); - typename gt_type::value_type QAP_1 = - miller_loop(proof_g_Aacc_precomp, proof_g_B_g_precomp); - typename gt_type::value_type QAP_23 = pairing_policy::double_miller_loop( - proof_g_H_precomp, pvk.vk_rC_Z_g2_precomp, proof_g_C_g_precomp, pvk.pp_G2_one_precomp); - typename gt_type QAP = final_exponentiation(QAP_1 * QAP_23.unitary_inversed()); - if (QAP != gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_g_K_precomp = - precompute_g1(proof.g_K); - typename pairing_policy::g1_precomputed_type proof_g_Aacc_C_precomp = - precompute_g1(Aacc + proof.g_C.g); - typename gt_type::value_type K_1 = - miller_loop(proof_g_K_precomp, pvk.vk_gamma_g2_precomp); - typename gt_type::value_type K_23 = - pairing_policy::double_miller_loop(proof_g_Aacc_C_precomp, pvk.vk_gamma_beta_g2_precomp, - pvk.vk_gamma_beta_g1_precomp, proof_g_B_g_precomp); - typename gt_type K = final_exponentiation(K_1 * K_23.unitary_inversed()); - if (K != gt_type::value_type::one()) { - result = false; - } - - return result; - } - - /** - * A verifier algorithm for the R1CS ppzkADSNARK that - * accepts a non-processed verification key - */ - // public - static bool verifier(const verification_key &vk, - const std::vector> &auth_data, - const proof &proof, - const pub_auth_key &pak, - const std::vector &labels) { - assert(labels.size() == auth_data.size()); - processed_verification_key pvk = verifier_process_vk(vk); - bool result = online_verifier(pvk, auth_data, proof, pak, labels); - return result; - } - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKADSNARK_BASIC_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/r1cs_ppzkadsnark.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/r1cs_ppzkadsnark.hpp deleted file mode 100644 index 08dab29861..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/r1cs_ppzkadsnark.hpp +++ /dev/null @@ -1,78 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKADSNARK_POLICY_HPP -#define CRYPTO3_R1CS_PPZKADSNARK_POLICY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - class r1cs_ppzkadsnark { - typedef detail::r1cs_ppzkadsnark_basic_policy policy_type; - - public: - typedef typename policy_type::snark_pp snark_pp; - typedef typename policy_type::constraint_system_type constraint_system; - typedef typename policy_type::primary_input_type primary_input; - typedef typename policy_type::auxiliary_input_type auxiliary_input; - - typedef typename policy_type::secret_key secret_key; - typedef typename policy_type::vkT vkT; - typedef typename policy_type::signature signature; - typedef typename policy_type::prf_key prf_key; - - typedef typename policy_type::pub_auth_prms pub_auth_prms_type; - typedef typename policy_type::sec_auth_key sec_auth_key_type; - typedef typename policy_type::pub_auth_key pub_auth_key_type; - typedef typename policy_type::auth_data auth_data_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof proof_type; - - using policy_type::generator; - using policy_type::online_verifier; - using policy_type::prover; - using policy_type::verifier; - - using policy_type::auth_generator; - using policy_type::auth_sign; - using policy_type::auth_verify; - }; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKADSNARK_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/signature.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/signature.hpp deleted file mode 100644 index ff778f2b41..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzkadsnark/r1cs_ppzkadsnark/signature.hpp +++ /dev/null @@ -1,67 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Generic signature interface for ADSNARK. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_SIGNATURE_HPP -#define CRYPTO3_ZK_SIGNATURE_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - struct kpT { - r1cs_ppzkadsnark_secret_key sk; - r1cs_ppzkadsnark_vkT vk; - }; - - template - kpT sigGen(void); - - template - r1cs_ppzkadsnark_signature sigSign(const r1cs_ppzkadsnark_secret_key &sk, - const label_type &label, - const typename CurveType::g2_type::value_type &Lambda); - - template - bool sigVerif(const r1cs_ppzkadsnark_vkT &vk, const label_type &label, - const typename CurveType::g2_type::value_type &Lambda, - const r1cs_ppzkadsnark_signature &sig); - - template - bool sigBatchVerif(const r1cs_ppzkadsnark_vkT &vk, const std::vector &labels, - const std::vector &Lambdas, - const std::vector> &sigs); - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_SIGNATURE_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark.hpp deleted file mode 100644 index 6404bc9fbc..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark.hpp +++ /dev/null @@ -1,97 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for BACS. - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * @details The implementation is a straightforward combination of: - * (1) a BACS-to-R1CS reduction, and - * (2) a ppzkSNARK for R1CS. - * - * Acronyms: - * - BACS = "Bilinear Arithmetic Circuit Satisfiability" - * - R1CS = "Rank-1 Constraint System" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - */ - template, - typename Prover = bacs_ppzksnark_prover, - typename Verifier = bacs_ppzksnark_verifier_strong_input_consistency> - class bacs_ppzksnark { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const circuit_type &circuit) { - return Generator::process(circuit); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/detail/basic_policy.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 0b8c9f3fdb..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,124 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for BACS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a BACS-to-R1CS reduction, and -// (2) a ppzkSNARK for R1CS. -// -// -// Acronyms: -// -// - BACS = "Bilinear Arithmetic Circuit Satisfiability" -// - R1CS = "Rank-1 Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct bacs_ppzksnark_policy { - typedef CurveType curve_type; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef bacs_circuit circuit_type; - - typedef bacs_primary_input primary_input_type; - - typedef bacs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the BACS ppzkSNARK. - */ - typedef bacs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the BACS ppzkSNARK. - */ - typedef typename r1cs_ppzksnark::verification_key_type verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the BACS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef typename r1cs_ppzksnark::processed_verification_key_type - processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the BACS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef bacs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the BACS ppzkSNARK. - */ - typedef typename r1cs_ppzksnark::proof_type proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/generator.hpp deleted file mode 100644 index d4e8588e79..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/generator.hpp +++ /dev/null @@ -1,80 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_GENERATOR_HPP - -#include -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A generator algorithm for the BACS ppzkSNARK. - * - * Given a BACS circuit C, this algorithm produces proving and verification keys for C. - */ - template - class bacs_ppzksnark_generator { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type process(const circuit_type &circuit) { - typedef typename CurveType::scalar_field_type field_type; - - const r1cs_constraint_system r1cs_cs = - reductions::bacs_to_r1cs::instance_map(circuit); - const typename r1cs_ppzksnark::keypair_type r1cs_keypair = - generate>(r1cs_cs); - - return keypair_type(proving_key_type(circuit, r1cs_keypair.first), r1cs_keypair.second); - } - }; - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/keypair.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/keypair.hpp deleted file mode 100644 index d88daec778..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BACS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_BACS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using bacs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/prover.hpp deleted file mode 100644 index 9a161114ef..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/prover.hpp +++ /dev/null @@ -1,88 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_PROVER_HPP - -#include -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the BACS ppzkSNARK. - * - * Given a BACS primary input X and a BACS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that C(X,Y)=0''. - * Above, C is the BACS circuit that was given as input to the generator algorithm. - */ - template - class bacs_ppzksnark_prover { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - typedef typename CurveType::scalar_field_type field_type; - - const r1cs_variable_assignment> r1cs_va = - reductions::bacs_to_r1cs::witness_map( - proving_key.circuit, primary_input, auxiliary_input); - const r1cs_auxiliary_input r1cs_ai( - r1cs_va.begin() + primary_input.size(), - r1cs_va.end()); // TODO: faster to just change bacs_to_r1cs::witness_map into - // two :( - - return prove>(proving_key.r1cs_pk, primary_input, r1cs_ai); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/proving_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/proving_key.hpp deleted file mode 100644 index 3d68f84201..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,90 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_PROVING_KEY_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct bacs_ppzksnark_proving_key { - typedef CurveType curve_type; - typedef CircuitType circuit_type; - typedef typename r1cs_ppzksnark::proving_key_type r1cs_proving_key_type; - - circuit_type circuit; - r1cs_proving_key_type r1cs_pk; - - bacs_ppzksnark_proving_key() {}; - - bacs_ppzksnark_proving_key(const bacs_ppzksnark_proving_key &other) = default; - - bacs_ppzksnark_proving_key(bacs_ppzksnark_proving_key &&other) = default; - - bacs_ppzksnark_proving_key(const circuit_type &circuit, const r1cs_proving_key_type &r1cs_pk) : - circuit(circuit), r1cs_pk(r1cs_pk) { - } - - bacs_ppzksnark_proving_key(circuit_type &&circuit, r1cs_proving_key_type &&r1cs_pk) : - circuit(std::move(circuit)), r1cs_pk(std::move(r1cs_pk)) { - } - - bacs_ppzksnark_proving_key &operator=(const bacs_ppzksnark_proving_key &other) = default; - - std::size_t G1_size() const { - return r1cs_pk.G1_size(); - } - - std::size_t G2_size() const { - return r1cs_pk.G2_size(); - } - - std::size_t G1_sparse_size() const { - return r1cs_pk.G1_sparse_size(); - } - - std::size_t G2_sparse_size() const { - return r1cs_pk.G2_sparse_size(); - } - - std::size_t size_in_bits() const { - return r1cs_pk.size_in_bits(); - } - - bool operator==(const bacs_ppzksnark_proving_key &other) const { - return (this->circuit == other.circuit && this->r1cs_pk == other.r1cs_pk); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/verifier.hpp deleted file mode 100644 index f9a99c294c..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/bacs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,177 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_VERIFIER_HPP - -#include -#include - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class bacs_ppzksnark_process_verification_key { - typedef detail::bacs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - return r1cs_ppzksnark_process_verification_key::process(verification_key); - } - }; - - /* - Below are four variants of verifier algorithm for the BACS ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input - consistency. Strong input consistency requires that |primary_input| = C.num_inputs, whereas - weak input consistency requires that |primary_input| <= C.num_inputs (and - the primary input is implicitly padded with zeros up to length C.num_inputs). - */ - - template - class bacs_ppzksnark_verifier_weak_input_consistency { - typedef detail::bacs_ppzksnark_policy policy_type; - - using r1cs_ppzksnark_weak_proof_system = - r1cs_ppzksnark, - r1cs_ppzksnark_prover, - r1cs_ppzksnark_verifier_weak_input_consistency>; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify( - bacs_ppzksnark_process_verification_key::process(verification_key), - primary_input, - proof); - } - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify( - processed_verification_key, primary_input, proof); - } - }; - - template - class bacs_ppzksnark_verifier_strong_input_consistency { - typedef detail::bacs_ppzksnark_policy policy_type; - - using r1cs_ppzksnark_proof_system = r1cs_ppzksnark; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify( - bacs_ppzksnark_process_verification_key::process(verification_key), - primary_input, - proof); - } - - /** - * A verifier algorithm for the BACS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return verify(processed_verification_key, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_BACS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark.hpp deleted file mode 100644 index 1b5266b980..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark.hpp +++ /dev/null @@ -1,292 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_HPP - -#include - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using is_basic_mode = typename std::bool_constant< - std::is_same, Generator>::value && - std::is_same, Prover>::value && - (std::is_same, - Verifier>::value || - std::is_same, - Verifier>::value - // || std::is_same, - // Verifier>::value - )>; - - template - using is_aggregate_mode = typename std::bool_constant< - std::is_same, Generator>::value && - std::is_same, Prover>::value && - std::is_same< - r1cs_gg_ppzksnark_verifier_strong_input_consistency, - Verifier>::value>; - - template - using is_encrypted_input_mode = typename std::bool_constant< - std::is_same, - Generator>::value && - std::is_same, Prover>::value && - std::is_same< - r1cs_gg_ppzksnark_verifier_strong_input_consistency, - Verifier>::value>; - - /*! - * @brief ppzkSNARK for R1CS with a security proof in the generic group (GG) model - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation instantiates the protocol of \[Gro16] and aggregation scheme \[BMM+19] for the - * protocol of \[Gro16]. - * - * Acronyms: - * - R1CS = "Rank-1 Constraint Systems" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - * - SRS = "Structured Reference String" - * - * References: - * \[Gro16]: - * "On the Size of Pairing-based Non-interactive Arguments", - * Jens Groth, - * EUROCRYPT 2016, - * - * - * \[BMM+19]: - * "Proofs for inner pairing products and applications", - * Benedikt Bünz, Mary Maller, Pratyush Mishra, Nirvan Tyagi, Psi Vesely, - * Cryptology ePrint Archive, Report 2019/1177, 2019 - * - */ - template, - typename Prover = r1cs_gg_ppzksnark_prover, - typename Verifier = r1cs_gg_ppzksnark_verifier_strong_input_consistency, - proving_mode Mode = proving_mode::basic, typename = void> - class r1cs_gg_ppzksnark; - - template - class r1cs_gg_ppzksnark< - CurveType, Generator, Prover, Verifier, proving_mode::basic, - typename std::enable_if::value>::type> { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::template process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - - template - class r1cs_gg_ppzksnark< - CurveType, Generator, Prover, Verifier, proving_mode::aggregate, - typename std::enable_if::value>::type> { - - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - typedef typename basic_policy_type::proof_type basic_proof_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::srs_type srs_type; - typedef typename policy_type::proving_srs_type proving_srs_type; - typedef typename policy_type::verification_srs_type verification_srs_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::srs_pair_type srs_pair_type; - - typedef typename policy_type::proof_type proof_type; - - // Generate key pair - template, - typename GeneratorType = boost::random::mt19937> - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::template process(constraint_system); - } - - // Generate SRS pair - template, - typename GeneratorType = boost::random::mt19937> - static inline srs_pair_type generate(std::size_t num_proofs) { - return Generator::template process(num_proofs); - } - - // TODO: remove - // Basic proove - static inline basic_proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - // aggregate prove - template - static inline proof_type prove(const proving_srs_type &srs, - InputTranscriptIncludeIterator transcript_include_first, - InputTranscriptIncludeIterator transcript_include_last, - InputProofIterator proofs_first, - InputProofIterator proofs_last) { - - return Prover::template process(srs, transcript_include_first, transcript_include_last, - proofs_first, proofs_last); - } - - // TODO: remove - // Basic verify - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const basic_proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - - // aggregate verify - template, - typename GeneratorType = boost::random::mt19937, typename Hash = hashes::sha2<256>, - typename InputPrimaryInputRange, typename InputIterator> - static inline bool verify(const verification_srs_type &ip_verifier_srs, - const verification_key_type &pvk, - const InputPrimaryInputRange &public_inputs, - const proof_type &proof, - InputIterator transcript_include_first, - InputIterator transcript_include_last) { - return Verifier::template process( - ip_verifier_srs, pvk, public_inputs, proof, transcript_include_first, - transcript_include_last); - } - }; - - template - class r1cs_gg_ppzksnark::value>::type> { - - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - typedef typename basic_policy_type::proof_type basic_proof_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - // Generate key pair - template, - typename GeneratorType = boost::random::mt19937> - static inline KeyPairType generate(const constraint_system_type &constraint_system) { - return Generator::template process( - constraint_system); - } - - // Proving - template - static inline proof_type prove(const proving_key_type &pk, - const PublicKey &pubkey, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input, - const typename CurveType::scalar_field_type::value_type &r) { - return Prover::process(pk, pubkey, primary_input, auxiliary_input, r); - } - - // Verification - template - static inline bool verify(CipherTextIterator first, CipherTextIterator last, - const verification_key_type &vk, const PublicKey &pubkey, - const primary_input_type &unencrypted_primary_input, - const proof_type &proof) { - return Verifier::process(first, last, vk, pubkey, unencrypted_primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/detail/basic_policy.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 43bc24cf36..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,308 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for R1CS with a security proof -// in the generic group (GG) model. -// -// This includes: -//- class for proving key -//- class for verification key -//- class for processed verification key -//- class for key pair (proving key & verification key) -//- class for proof -//- generator algorithm -//- prover algorithm -//- verifier algorithm (with strong or weak input consistency) -//- online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates the protocol of \[Gro16]. -// -// -// Acronyms: -// -//- R1CS = "Rank-1 Constraint Systems" -//- ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// -// References: -// -//\[Gro16]: -// "On the Size of Pairing-based Non-interactive Arguments", -// Jens Groth, -// EUROCRYPT 2016, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_BASIC_POLICY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_BASIC_POLICY_HPP - -#include -#include -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - template - struct r1cs_gg_ppzksnark_basic_policy; - - template - struct r1cs_gg_ppzksnark_basic_policy { - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::basic; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS GG-ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef r1cs_gg_ppzksnark_processed_verification_key - processed_verification_key_type; - - /************************ Extended verification key *************************/ - - /** - * An extended verification key for the R1CS GG-ppzkSNARK. - * - * Compared to a (non-extended) verification key, an extended verification key - * contains additional field. - */ - typedef r1cs_gg_ppzksnark_extended_verification_key extended_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_gg_ppzksnark_keypair keypair_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and a processed - * verification key. - */ - typedef r1cs_gg_ppzksnark_keypair - processed_keypair_type; - - /********************************** Extended key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and an extended - * verification key. - */ - typedef r1cs_gg_ppzksnark_keypair - extended_keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS GG-ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_gg_ppzksnark_proof proof_type; - }; - - template - struct r1cs_gg_ppzksnark_basic_policy { - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::aggregate; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - // TODO: remove - /** - * A proving key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS GG-ppzkSNARK. - */ - typedef r1cs_gg_ppzksnark_aggregate_verification_key verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_gg_ppzksnark_keypair keypair_type; - - /********************************** Aggregation SRS *********************************/ - - /** - * A SRS (Structured Reference String) for the R1CS GG-ppzkSNARK aggregation scheme. - */ - typedef r1cs_gg_ppzksnark_aggregate_srs srs_type; - - /******************************** Proving SRS for aggregation ********************************/ - - /** - * A proving SRS for the R1CS GG-ppzkSNARK aggregation scheme. - */ - typedef typename srs_type::proving_srs_type proving_srs_type; - - /**************************** Verification SRS for aggregation ********************************/ - - /** - * A verification SRS for the R1CS GG-ppzkSNARK aggregation scheme. - */ - typedef typename srs_type::verification_srs_type verification_srs_type; - - /********************************** Aggregation SRS pair *********************************/ - - /** - * A SRS pair for the R1CS GG-ppzkSNARK aggregation scheme consisting of a proving SRS and - * a verification SRS. - */ - typedef typename srs_type::srs_pair_type srs_pair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS GG-ppzkSNARK aggregation scheme. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_gg_ppzksnark_aggregate_proof proof_type; - }; - - template - struct r1cs_gg_ppzksnark_basic_policy { - private: - typedef r1cs_gg_ppzksnark_basic_policy basic_policy; - - public: - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::encrypted_input; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef typename basic_policy::constraint_system_type constraint_system_type; - - typedef typename basic_policy::primary_input_type primary_input_type; - - typedef typename basic_policy::auxiliary_input_type auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS GG-ppzkSNARK with encrypted input. - */ - typedef typename basic_policy::proving_key_type proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS GG-ppzkSNARK with encrypted input. - */ - typedef typename basic_policy::extended_verification_key_type verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS GG-ppzkSNARK with encrypted input, which consists of proving, - secret - * and verification keys. - */ - typedef typename basic_policy::extended_keypair_type keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS GG-ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef typename basic_policy::proof_type proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/generator.hpp deleted file mode 100644 index f3999a037c..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/generator.hpp +++ /dev/null @@ -1,76 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_GENERATOR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_generator { - - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef r1cs_gg_ppzksnark_generator basic_generator_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - template, - typename GeneratorType = boost::random::mt19937> - static inline - typename std::enable_if::value, KeyPairType>::type - process(const constraint_system_type &constraint_system) { - - return basic_generator_type::template process( - constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/prover.hpp deleted file mode 100644 index 4fd107a80f..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/prover.hpp +++ /dev/null @@ -1,81 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_PROVER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_PROVER_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A prover algorithm for the R1CS GG-ppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_gg_ppzksnark_prover { - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - typedef r1cs_gg_ppzksnark_prover basic_prover_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - // TODO: add type constraints on PublicKey - template - static inline proof_type process(const proving_key_type &gg_proving_key, - const PublicKey &pubkey, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input, - const typename scalar_field_type::value_type &r) { - proof_type proof = basic_prover_type::process(gg_proving_key, primary_input, auxiliary_input); - - return proof_type(std::move(proof.g_A), - std::move(proof.g_B), - std::move(r * pubkey.gamma_inverse_sum_s_g1 + proof.g_C)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/verifier.hpp deleted file mode 100644 index 9b1c3a2c91..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/encrypted_input/verifier.hpp +++ /dev/null @@ -1,156 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for BACS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a BACS-to-R1CS reduction, and -// (2) a ppzkSNARK for R1CS. -// -// -// Acronyms: -// -// - BACS = "Bilinear Arithmetic Circuit Satisfiability" -// - R1CS = "Rank-1 Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_VERIFIER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_VERIFIER_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy - policy_type; - typedef detail::r1cs_gg_ppzksnark_basic_policy basic_policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - typedef typename pairing::pairing_policy::g1_precomputed_type g1_precomputed_type; - typedef typename pairing::pairing_policy::g2_precomputed_type g2_precomputed_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::proof_type proof_type; - - // TODO: add type constraints on PublicKey - template - static inline typename std::enable_if< - std::is_same::value_type>::value, - bool>::type - process(CipherTextIterator first, CipherTextIterator last, const verification_key_type &gg_vk, - const PublicKey &pubkey, const primary_input_type &unencrypted_primary_input, - const proof_type &proof) { - - const std::size_t input_size = gg_vk.gamma_ABC_g1.rest.size(); - const std::size_t ct_size = std::distance(first, last); - assert(input_size - 1 > ct_size - 2); - assert(unencrypted_primary_input.size() + (ct_size - 2) == input_size); - assert(ct_size - 2 == pubkey.delta_s_g1.size()); - assert(ct_size - 2 == pubkey.t_g1.size()); - assert(ct_size - 2 == pubkey.t_g2.size() - 1); - typename g1_type::value_type acc = gg_vk.gamma_ABC_g1.first; - typename gt_type::value_type sum_cipher = gt_type::value_type::one(); - - auto it1 = first; - auto it2 = std::cbegin(pubkey.t_g2); - while (it1 != last - 1 && it2 != std::cend(pubkey.t_g2)) { - acc = acc + *it1; - sum_cipher = sum_cipher * algebra::pair_reduced(*it1++, *it2++); - } - assert((it1 == last - 1) && (it2 == std::cend(pubkey.t_g2))); - - for (std::size_t i = ct_size - 2; i < input_size; ++i) { - acc = acc + unencrypted_primary_input[i - ct_size + 2] * gg_vk.gamma_ABC_g1.rest[i]; - } - typename gt_type::value_type presum_cipher = - algebra::pair_reduced(*(last - 1), g2_type::value_type::one()); - bool ans1 = (sum_cipher == presum_cipher); - - // TODO: optimize - typename gt_type::value_type QAPl = algebra::pair_reduced(proof.g_A, proof.g_B); - typename gt_type::value_type QAPr = gg_vk.alpha_g1_beta_g2 * - algebra::pair_reduced(acc, gg_vk.gamma_g2) * - algebra::pair_reduced(proof.g_C, gg_vk.delta_g2); - // const g1_precomputed_type proof_g1_A_precomp = precompute_g1(proof.g_A); - // const g2_precomputed_type proof_g2_B_precomp = precompute_g2(proof.g_B); - // - // const g1_precomputed_type pk_g1_alpha_precomp = - // precompute_g1(gg_keypair.first.alpha_g1); - // const g2_precomputed_type pk_g2_beta_precomp = - // precompute_g2(gg_keypair.first.beta_g2); - // - // const g1_precomputed_type proof_g1_C_precomp = precompute_g1(proof.g_C); - // const g2_precomputed_type vk_g2_delta_precomp = - // precompute_g2(gg_keypair.second.delta_g2); - // - // const g1_precomputed_type proof_g1_cn_precomp = precompute_g1(acc); - // const g2_precomputed_type vk_g2_gamma_precomp = - // precompute_g2(gg_keypair.second.gamma_g2); - // - // typename gt_type::value_type QAPl_1 = - // miller_loop(proof_g1_A_precomp, proof_g2_B_precomp); - // typename gt_type::value_type QAPl_2 = double_miller_loop( - // proof_g1_C_precomp, vk_g2_delta_precomp, pk_g1_alpha_precomp, pk_g2_beta_precomp); - // - // typename gt_type::value_type QAPr_2 = - // miller_loop(proof_g1_cn_precomp, vk_g2_gamma_precomp); - // - // typename gt_type::value_type QAPl = final_exponentiation(QAPl_1 * - // QAPl_2.inversed()); typename gt_type::value_type QAPr = - // final_exponentiation(QAPr_2); - - bool ans2 = (QAPl == QAPr); - - return (ans1 && ans2); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_ENCRYPTED_INPUT_VERIFIER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/generator.hpp deleted file mode 100644 index d65a6b9b8b..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/generator.hpp +++ /dev/null @@ -1,450 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_GENERATOR_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_generator; - - /** - * A generator algorithm for the R1CS GG-ppzkSNARK. - * - * Given a R1CS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - template - class r1cs_gg_ppzksnark_generator { - - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::extended_verification_key_type extended_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::processed_keypair_type processed_keypair_type; - typedef typename policy_type::extended_keypair_type extended_keypair_type; - typedef typename policy_type::proof_type proof_type; - - template, - typename GeneratorType = boost::random::mt19937> - static inline auto basic_process(const constraint_system_type &constraint_system) { - - /* Make the B_query "lighter" if possible */ - constraint_system_type r1cs_copy(constraint_system); - r1cs_copy.swap_AB_if_beneficial(); - - /* Generate secret randomness */ - const typename scalar_field_type::value_type t = - algebra::random_element(); - const typename scalar_field_type::value_type alpha = - algebra::random_element(); - const typename scalar_field_type::value_type beta = - algebra::random_element(); - const typename scalar_field_type::value_type gamma = - algebra::random_element(); - const typename scalar_field_type::value_type delta = - algebra::random_element(); - const typename scalar_field_type::value_type gamma_inverse = gamma.inversed(); - const typename scalar_field_type::value_type delta_inverse = delta.inversed(); - - /* A quadratic arithmetic program evaluated at t. */ - qap_instance_evaluation qap = - reductions::r1cs_to_qap::instance_map_with_evaluation(r1cs_copy, t); - - std::size_t non_zero_At = 0; - std::size_t non_zero_Bt = 0; - for (std::size_t i = 0; i < qap.num_variables + 1; ++i) { - if (!qap.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap.Bt[i].is_zero()) { - ++non_zero_Bt; - } - } - - /* qap.{At,Bt,Ct,Ht} are now in unspecified state, but we do not use them later */ - std::vector At = std::move(qap.At); - std::vector Bt = std::move(qap.Bt); - std::vector Ct = std::move(qap.Ct); - std::vector Ht = std::move(qap.Ht); - - /* The gamma inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * gamma^{-1}. - */ - std::vector gamma_ABC; - gamma_ABC.reserve(qap.num_inputs); - - const typename scalar_field_type::value_type gamma_ABC_0 = - (beta * At[0] + alpha * Bt[0] + Ct[0]) * gamma_inverse; - for (std::size_t i = 1; i < qap.num_inputs + 1; ++i) { - gamma_ABC.emplace_back((beta * At[i] + alpha * Bt[i] + Ct[i]) * gamma_inverse); - } - - /* The delta inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * delta^{-1}. - */ - std::vector Lt; - Lt.reserve(qap.num_variables - qap.num_inputs); - - const std::size_t Lt_offset = qap.num_inputs + 1; - for (std::size_t i = 0; i < qap.num_variables - qap.num_inputs; ++i) { - Lt.emplace_back((beta * At[Lt_offset + i] + alpha * Bt[Lt_offset + i] + Ct[Lt_offset + i]) * - delta_inverse); - } - - /** - * Note that H for Groth's proof system is degree d-2, but the QAP - * reduction returns coefficients for degree d polynomial H (in - * style of PGHR-type proof systems) - */ - Ht.resize(Ht.size() - 2); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - const typename g1_type::value_type g1_generator = algebra::random_element(); - - const std::size_t g1_scalar_count = non_zero_At + non_zero_Bt + qap.num_variables; - const std::size_t g1_scalar_size = scalar_field_type::value_bits; - const std::size_t g1_window_size = algebra::get_exp_window_size(g1_scalar_count); - - algebra::window_table g1_table = - algebra::get_window_table(g1_scalar_size, g1_window_size, g1_generator); - - const typename g2_type::value_type G2_gen = algebra::random_element(); - - const std::size_t g2_scalar_count = non_zero_Bt; - const std::size_t g2_scalar_size = scalar_field_type::value_bits; - std::size_t g2_window_size = algebra::get_exp_window_size(g2_scalar_count); - - algebra::window_table g2_table = - algebra::get_window_table(g2_scalar_size, g2_window_size, G2_gen); - - typename g1_type::value_type alpha_g1 = alpha * g1_generator; - typename g1_type::value_type beta_g1 = beta * g1_generator; - typename g2_type::value_type beta_g2 = beta * G2_gen; - typename g1_type::value_type delta_g1 = delta * g1_generator; - typename g2_type::value_type delta_g2 = delta * G2_gen; - - typename std::vector A_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - At); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(A_query); -#endif - - commitments::knowledge_commitment_vector B_query = - commitments::kc_batch_exp( - scalar_field_type::value_bits, g2_window_size, g1_window_size, g2_table, g1_table, - scalar_field_type::value_type::one(), scalar_field_type::value_type::one(), Bt, chunks); - - // NOTE: if USE_MIXED_ADDITION is defined, - // kc_batch_exp will convert its output to special form internally - - typename std::vector H_query = - algebra::batch_exp_with_coeff( - g1_scalar_size, g1_window_size, g1_table, qap.Zt * delta_inverse, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector L_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - Lt); - -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(L_query); -#endif - - typename gt_type::value_type alpha_g1_beta_g2 = pair_reduced(alpha_g1, beta_g2); - typename g2_type::value_type gamma_g2 = gamma * G2_gen; - - typename g1_type::value_type gamma_ABC_g1_0 = gamma_ABC_0 * g1_generator; - - typename std::vector gamma_ABC_g1_values = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - gamma_ABC); - - typename g1_type::value_type gamma_g1 = gamma * g1_generator; - - container::accumulation_vector gamma_ABC_g1(std::move(gamma_ABC_g1_0), - std::move(gamma_ABC_g1_values)); - - return std::make_tuple(std::move(alpha_g1), std::move(beta_g1), std::move(beta_g2), - std::move(delta_g1), std::move(delta_g2), std::move(gamma_g2), - std::move(A_query), std::move(B_query), std::move(H_query), - std::move(L_query), std::move(r1cs_copy), std::move(alpha_g1_beta_g2), - std::move(gamma_ABC_g1), std::move(gamma_g1)); - } - - // Generate *unsafe* CRS for specific toxic waste - // For testing purposes only - static inline auto deterministic_basic_process(const constraint_system_type &constraint_system, - const typename scalar_field_type::value_type &t, - const typename scalar_field_type::value_type &alpha, - const typename scalar_field_type::value_type &beta, - const typename scalar_field_type::value_type &gamma, - const typename scalar_field_type::value_type &delta, - const typename g1_type::value_type &g1_generator, - const typename g2_type::value_type &g2_generator - ) { - - /* Make the B_query "lighter" if possible */ - constraint_system_type r1cs_copy(constraint_system); - r1cs_copy.swap_AB_if_beneficial(); - - /* Generate secret randomness */ - const typename scalar_field_type::value_type gamma_inverse = gamma.inversed(); - const typename scalar_field_type::value_type delta_inverse = delta.inversed(); - - /* A quadratic arithmetic program evaluated at t. */ - qap_instance_evaluation qap = - reductions::r1cs_to_qap::instance_map_with_evaluation(r1cs_copy, t); - - std::size_t non_zero_At = 0; - std::size_t non_zero_Bt = 0; - for (std::size_t i = 0; i < qap.num_variables + 1; ++i) { - if (!qap.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap.Bt[i].is_zero()) { - ++non_zero_Bt; - } - } - - /* qap.{At,Bt,Ct,Ht} are now in unspecified state, but we do not use them later */ - std::vector At = std::move(qap.At); - std::vector Bt = std::move(qap.Bt); - std::vector Ct = std::move(qap.Ct); - std::vector Ht = std::move(qap.Ht); - - /* The gamma inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * gamma^{-1}. - */ - std::vector gamma_ABC; - gamma_ABC.reserve(qap.num_inputs); - - const typename scalar_field_type::value_type gamma_ABC_0 = - (beta * At[0] + alpha * Bt[0] + Ct[0]) * gamma_inverse; - for (std::size_t i = 1; i < qap.num_inputs + 1; ++i) { - gamma_ABC.emplace_back((beta * At[i] + alpha * Bt[i] + Ct[i]) * gamma_inverse); - } - - /* The delta inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * delta^{-1}. - */ - std::vector Lt; - Lt.reserve(qap.num_variables - qap.num_inputs); - - const std::size_t Lt_offset = qap.num_inputs + 1; - for (std::size_t i = 0; i < qap.num_variables - qap.num_inputs; ++i) { - Lt.emplace_back((beta * At[Lt_offset + i] + alpha * Bt[Lt_offset + i] + Ct[Lt_offset + i]) * - delta_inverse); - } - - /** - * Note that H for Groth's proof system is degree d-2, but the QAP - * reduction returns coefficients for degree d polynomial H (in - * style of PGHR-type proof systems) - */ - Ht.resize(Ht.size() - 2); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - const std::size_t g1_scalar_count = non_zero_At + non_zero_Bt + qap.num_variables; - const std::size_t g1_scalar_size = scalar_field_type::value_bits; - const std::size_t g1_window_size = algebra::get_exp_window_size(g1_scalar_count); - - algebra::window_table g1_table = - algebra::get_window_table(g1_scalar_size, g1_window_size, g1_generator); - const typename g2_type::value_type G2_gen = g2_generator; - - const std::size_t g2_scalar_count = non_zero_Bt; - const std::size_t g2_scalar_size = scalar_field_type::value_bits; - std::size_t g2_window_size = algebra::get_exp_window_size(g2_scalar_count); - - algebra::window_table g2_table = - algebra::get_window_table(g2_scalar_size, g2_window_size, G2_gen); - - typename g1_type::value_type alpha_g1 = alpha * g1_generator; - typename g1_type::value_type beta_g1 = beta * g1_generator; - typename g2_type::value_type beta_g2 = beta * G2_gen; - typename g1_type::value_type delta_g1 = delta * g1_generator; - typename g2_type::value_type delta_g2 = delta * G2_gen; - - typename std::vector A_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - At); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(A_query); -#endif - - commitments::knowledge_commitment_vector B_query = - commitments::kc_batch_exp( - scalar_field_type::value_bits, g2_window_size, g1_window_size, g2_table, g1_table, - scalar_field_type::value_type::one(), scalar_field_type::value_type::one(), Bt, chunks); - - // NOTE: if USE_MIXED_ADDITION is defined, - // kc_batch_exp will convert its output to special form internally - - typename std::vector H_query = - algebra::batch_exp_with_coeff( - g1_scalar_size, g1_window_size, g1_table, qap.Zt * delta_inverse, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector L_query = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - Lt); - -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(L_query); -#endif - - typename gt_type::value_type alpha_g1_beta_g2 = pair_reduced(alpha_g1, beta_g2); - typename g2_type::value_type gamma_g2 = gamma * G2_gen; - - typename g1_type::value_type gamma_ABC_g1_0 = gamma_ABC_0 * g1_generator; - - typename std::vector gamma_ABC_g1_values = - algebra::batch_exp(g1_scalar_size, g1_window_size, g1_table, - gamma_ABC); - - typename g1_type::value_type gamma_g1 = gamma * g1_generator; - - container::accumulation_vector gamma_ABC_g1(std::move(gamma_ABC_g1_0), - std::move(gamma_ABC_g1_values)); - - return std::make_tuple(std::move(alpha_g1), std::move(beta_g1), std::move(beta_g2), - std::move(delta_g1), std::move(delta_g2), std::move(gamma_g2), - std::move(A_query), std::move(B_query), std::move(H_query), - std::move(L_query), std::move(r1cs_copy), std::move(alpha_g1_beta_g2), - std::move(gamma_ABC_g1), std::move(gamma_g1)); - } - - template, - typename GeneratorType = boost::random::mt19937> - static inline - typename std::enable_if::value, KeyPairType>::type - process(const constraint_system_type &constraint_system) { - - auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, - L_query, r1cs_copy, alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = - basic_process(constraint_system); - - verification_key_type vk = - verification_key_type(alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_ABC_g1); - - proving_key_type pk = proving_key_type(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(A_query), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - - template, - typename GeneratorType = boost::random::mt19937> - static inline typename std::enable_if::value, - KeyPairType>::type - process(const constraint_system_type &constraint_system) { - - auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, - L_query, r1cs_copy, alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = - basic_process(constraint_system); - - extended_verification_key_type vk = extended_verification_key_type( - alpha_g1_beta_g2, gamma_g2, delta_g2, delta_g1, gamma_ABC_g1, gamma_g1); - - proving_key_type pk = proving_key_type(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(A_query), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/generator.hpp deleted file mode 100644 index 901b860180..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/generator.hpp +++ /dev/null @@ -1,105 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_IPP2_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_IPP2_GENERATOR_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_generator { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef r1cs_gg_ppzksnark_generator basic_generator; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::srs_type srs_type; - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::srs_pair_type srs_pair_type; - - template, - typename GeneratorType = boost::random::mt19937> - static inline keypair_type process(const constraint_system_type &constraint_system) { - - auto [alpha_g1, - beta_g1, - beta_g2, - delta_g1, - delta_g2, - gamma_g2, - A_query, - B_query, - H_query, - L_query, - r1cs_copy, - alpha_g1_beta_g2, - gamma_ABC_g1, - gamma_g1] = std::move(basic_generator::basic_process(constraint_system)); - - verification_key_type vk(alpha_g1, beta_g2, gamma_g2, delta_g2, gamma_ABC_g1); - - proving_key_type pk(std::move(alpha_g1), - std::move(beta_g1), - std::move(beta_g2), - std::move(delta_g1), - std::move(delta_g2), - std::move(A_query), - std::move(B_query), - std::move(H_query), - std::move(L_query), - std::move(r1cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - - template, - typename GeneratorType = boost::random::mt19937> - static inline srs_pair_type process(std::size_t num_proofs) { - - srs_type srs(num_proofs, - random_element(), - random_element()); - return srs.specialize(num_proofs); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_IPP2_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/proof.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/proof.hpp deleted file mode 100644 index 48d768e2fa..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/proof.hpp +++ /dev/null @@ -1,145 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_AGGREGATE_PROOF_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_AGGREGATE_PROOF_HPP - -#include -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /// It contains all elements derived in the GIPA loop for both TIPP and MIPP at - /// the same time. - template - class gipa_proof { - using commitment_scheme = commitments::kzg_ipp2; - - public: - typedef CurveType curve_type; - - std::size_t nproofs; - std::vector< - std::pair> - comms_ab; - std::vector< - std::pair> - comms_c; - std::vector< - std::pair> - z_ab; - std::vector::value_type, - typename curve_type::template g1_type<>::value_type>> - z_c; - typename curve_type::template g1_type<>::value_type final_a; - typename curve_type::template g2_type<>::value_type final_b; - typename curve_type::template g1_type<>::value_type final_c; - - /// final commitment keys $v$ and $w$ - there is only one element at the - /// end for v1 and v2 hence it's a tuple. - std::pair::value_type, - typename curve_type::template g2_type<>::value_type> - final_vkey; - std::pair::value_type, - typename curve_type::template g1_type<>::value_type> - final_wkey; - - static std::size_t log_proofs(std::size_t nproofs) { - return std::ceil(std::log2(nproofs)); - } - }; - - template - struct tipp_mipp_proof { - typedef CurveType curve_type; - - gipa_proof gipa; - typename commitments::kzg_ipp2::template opening_type< - typename curve_type::template g2_type<>> - vkey_opening; - typename commitments::kzg_ipp2::template opening_type< - typename curve_type::template g1_type<>> - wkey_opening; - }; - /// AggregateProof contains all elements to verify n aggregated Groth16 proofs - /// using inner pairing product arguments. This proof can be created by any - /// party in possession of valid Groth16 proofs. - template - class r1cs_gg_ppzksnark_aggregate_proof { - - using commitment_scheme = commitments::kzg_ipp2; - - public: - typedef CurveType curve_type; - /// commitment to A and B using the pair commitment scheme needed to verify - /// TIPP relation. - typename commitment_scheme::output_type com_ab; - /// commit to C separate since we use it only in MIPP - typename commitment_scheme::output_type com_c; - /// $A^r * B = Z$ is the left value on the aggregated Groth16 equation - typename curve_type::gt_type::value_type ip_ab; - /// $C^r$ is used on the right side of the aggregated Groth16 equation - typename curve_type::template g1_type<>::value_type agg_c; - tipp_mipp_proof tmipp; - - /// Performs some high level checks on the length of vectors and others to - /// make sure all items in the proofs are consistent with each other. - bool is_valid() const { - // 1. Check length of the proofs - if (tmipp.gipa.nproofs < 2 || - tmipp.gipa.nproofs > r1cs_gg_ppzksnark_aggregate_srs::MAX_SRS_SIZE) { - return false; - } - // 2. Check if it's a power of two - if ((tmipp.gipa.nproofs & (tmipp.gipa.nproofs - 1)) != 0) { - return false; - } - // 3. Check all vectors are of the same length and of the correct length - if (tmipp.gipa.comms_ab.size() != std::ceil(std::log2(tmipp.gipa.nproofs))) { - return false; - } - if (!(tmipp.gipa.comms_ab.size() == tmipp.gipa.comms_c && - tmipp.gipa.comms_ab == tmipp.gipa.z_ab && tmipp.gipa.comms_ab == tmipp.gipa.z_c)) { - return false; - } - - return true; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/prover.hpp deleted file mode 100644 index b604b05e4c..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/prover.hpp +++ /dev/null @@ -1,654 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_PROVE_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_PROVE_HPP - -#include -#include -#include -#include - -#include - -#include -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /// Returns the vector used for the linear combination fo the inner pairing product - /// between A and B for the Groth16 aggregation: A^r * B. It is required as it - /// is not enough to simply prove the ipp of A*B, we need a random linear - /// combination of those. - template - std::vector - structured_scalar_power(std::size_t num, const typename FieldType::value_type &s) { - std::vector powers = {FieldType::value_type::one()}; - for (int i = 1; i < num; i++) { - powers.emplace_back(powers.back() * s); - } - return powers; - } - - /// compress is similar to commit::{V,W}KEY::compress: it modifies the `vec` - /// vector by setting the value at index $i:0 -> split$ $vec[i] = vec[i] + - /// vec[i+split]^scaler$. The `vec` vector is half of its size after this call. - template::value_type> - typename std::enable_if< - std::is_same::value_type, ValueType>::value || - std::is_same::value_type, ValueType>::value || - std::is_same::value>::type - compress(InputRange &vec, std::size_t split, - const typename CurveType::scalar_field_type::value_type &scalar) { - std::for_each(boost::make_zip_iterator(boost::make_tuple(vec.begin(), vec.begin() + split)), - boost::make_zip_iterator(boost::make_tuple(vec.begin() + split, vec.end())), - [&](const boost::tuple &t) { - t.template get<0>() = t.template get<0>() + t.template get<1>() * scalar; - }); - vec.resize(split); - } - - /// It returns the evaluation of the polynomial $\prod (1 + x_{l-j}(rX)^{2j}$ at - /// the point z, where transcript contains the reversed order of all challenges (the x). - /// The challenges must be in reversed order for the correct evaluation of the - /// polynomial in O(logn) - template - typename std::enable_if::value_type, - typename FieldType::value_type>::value, - typename FieldType::value_type>::type - polynomial_evaluation_product_form_from_transcript(InputFieldValueIterator transcript_first, - InputFieldValueIterator transcript_last, - const typename FieldType::value_type &z, - const typename FieldType::value_type &r_shift) { - // this is the term (rz) that will get squared at each step to produce the - // $(rz)^{2j}$ of the formula - typename FieldType::value_type power_zr = z; - power_zr = power_zr * r_shift; - - // 0 iteration - InputFieldValueIterator transcript_iter = transcript_first; - typename FieldType::value_type res = FieldType::value_type::one() + (*transcript_iter * power_zr); - power_zr = power_zr * power_zr; - ++transcript_iter; - - // the rest - while (transcript_iter != transcript_last) { - res = res * (FieldType::value_type::one() + (*transcript_iter * power_zr)); - power_zr = power_zr * power_zr; - ++transcript_iter; - } - - return res; - } - - // Compute the coefficients of the polynomial $\prod_{j=0}^{l-1} (1 + x_{l-j}(rX)^{2j})$ - // It does this in logarithmic time directly; here is an example with 2 - // challenges: - // - // We wish to compute $(1+x_1ra)(1+x_0(ra)^2) = 1 + x_1ra + x_0(ra)^2 + x_0x_1(ra)^3$ - // Algorithm: $c_{-1} = [1]$; $c_j = c_{i-1} \| (x_{l-j} * c_{i-1})$; $r = r*r$ - // $c_0 = c_{-1} \| (x_1 * r * c_{-1}) = [1] \| [rx_1] = [1, rx_1]$, $r = r^2$ - // $c_1 = c_0 \| (x_0 * r^2c_0) = [1, rx_1] \| [x_0r^2, x_0x_1r^3] = [1, x_1r, x_0r^2, x_0x_1r^3]$ - // which is equivalent to $f(a) = 1 + x_1ra + x_0(ra)^2 + x_0x_1r^2a^3$ - // - // This method expects the coefficients in reverse order so transcript[i] = - // x_{l-j}. - template - typename std::enable_if::value_type, - typename FieldType::value_type>::value, - std::vector>::type - polynomial_coefficients_from_transcript(InputFieldValueIterator transcript_first, - InputFieldValueIterator transcript_last, - const typename FieldType::value_type &r_shift) { - std::vector coefficients = {FieldType::value_type::one()}; - typename FieldType::value_type power_2_r = r_shift; - - InputFieldValueIterator transcript_iter = transcript_first; - while (transcript_iter != transcript_last) { - std::size_t n = coefficients.size(); - for (int j = 0; j < n; j++) { - coefficients.emplace_back(coefficients[j] * (*transcript_iter * power_2_r)); - } - power_2_r = power_2_r * power_2_r; - - ++transcript_iter; - } - - return coefficients; - } - - /// Returns the KZG opening proof for the given commitment key. Specifically, it - /// returns $g^{f(alpha) - f(z) / (alpha - z)}$ for $a$ and $b$. - template - typename std::enable_if< - std::is_same::value_type>::value && - std::is_same< - typename GroupType::curve_type::scalar_field_type::value_type, - typename std::iterator_traits::value_type>::value, - typename commitments::kzg_ipp2::template opening_type>:: - type - prove_commitment_key_kzg_opening( - InputGroupIterator srs_powers_alpha_first, InputGroupIterator srs_powers_alpha_last, - InputGroupIterator srs_powers_beta_first, InputGroupIterator srs_powers_beta_last, - const InputScalarRange &poly, - const typename GroupType::curve_type::scalar_field_type::value_type &eval_poly, - const typename GroupType::curve_type::scalar_field_type::value_type &kzg_challenge) { - // TODO: check correctness after updating math module - typename GroupType::curve_type::scalar_field_type::value_type neg_kzg_challenge = -kzg_challenge; - - BOOST_ASSERT(poly.size() == std::distance(srs_powers_alpha_first, srs_powers_alpha_last)); - BOOST_ASSERT(poly.size() == std::distance(srs_powers_beta_first, srs_powers_beta_last)); - - // f_v(X) - f_v(z) / (X - z) - // TODO: check correctness after updating math module - math::polynomial f_vX_sub_f_vZ = - poly - math::polynomial({{ - eval_poly, - }}); - // TODO: check correctness after updating math module - math::polynomial - quotient_polynomial = - f_vX_sub_f_vZ / - math::polynomial({ - neg_kzg_challenge, - GroupType::curve_type::scalar_field_type::value_type::one(), - }); - - if (quotient_polynomial.size() < poly.size()) { - quotient_polynomial.resize(poly.size(), - GroupType::curve_type::scalar_field_type::value_type::zero()); - } - BOOST_ASSERT(quotient_polynomial.size() == poly.size()); - - // we do one proof over h^a and one proof over h^b (or g^a and g^b depending - // on the curve we are on). that's the extra cost of the commitment scheme - // used which is compatible with Groth16 CRS insteaf of the original paper - // of Bunz'19 - return typename commitments::kzg_ipp2::template opening_type< - GroupType> {algebra::multiexp( - srs_powers_alpha_first, srs_powers_alpha_last, quotient_polynomial.begin(), - quotient_polynomial.end(), 1), - algebra::multiexp( - srs_powers_beta_first, srs_powers_beta_last, quotient_polynomial.begin(), - quotient_polynomial.end(), 1)}; - } - - template - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value, - typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g2_type<>>>::type - prove_commitment_v(InputG2Iterator srs_powers_alpha_first, InputG2Iterator srs_powers_alpha_last, - InputG2Iterator srs_powers_beta_first, InputG2Iterator srs_powers_beta_last, - InputScalarIterator transcript_first, InputScalarIterator transcript_last, - const typename CurveType::scalar_field_type::value_type &kzg_challenge) { - // TODO: check correctness after updating math module - math::polynomial vkey_poly( - polynomial_coefficients_from_transcript( - transcript_first, transcript_last, CurveType::scalar_field_type::value_type::one())); - // TODO: check correctness after updating math module - vkey_poly.condense(); - BOOST_ASSERT(!vkey_poly.is_zero()); - - typename CurveType::scalar_field_type::value_type vkey_poly_z = - polynomial_evaluation_product_form_from_transcript( - transcript_first, transcript_last, kzg_challenge, - CurveType::scalar_field_type::value_type::one()); - - return prove_commitment_key_kzg_opening>( - srs_powers_alpha_first, srs_powers_alpha_last, srs_powers_beta_first, srs_powers_beta_last, - vkey_poly, vkey_poly_z, kzg_challenge); - } - - template - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value, - typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g1_type<>>>::type - prove_commitment_w(InputG1Iterator srs_powers_alpha_first, InputG1Iterator srs_powers_alpha_last, - InputG1Iterator srs_powers_beta_first, InputG1Iterator srs_powers_beta_last, - InputScalarIterator transcript_first, InputScalarIterator transcript_last, - typename CurveType::scalar_field_type::value_type r_shift, - const typename CurveType::scalar_field_type::value_type &kzg_challenge) { - std::size_t n = std::distance(srs_powers_beta_first, srs_powers_beta_last) / 2; - BOOST_ASSERT(2 * n == std::distance(srs_powers_alpha_first, srs_powers_alpha_last)); - - // this computes f(X) = \prod (1 + x (rX)^{2^j}) - // TODO: check correctness after updating math module - math::polynomial fcoeffs( - polynomial_coefficients_from_transcript( - transcript_first, transcript_last, r_shift)); - // this computes f_w(X) = X^n * f(X) - it simply shifts all coefficients to by n - fcoeffs.insert(fcoeffs.begin(), n, CurveType::scalar_field_type::value_type::zero()); - - // this computes f(z) - typename CurveType::scalar_field_type::value_type fz = - polynomial_evaluation_product_form_from_transcript( - transcript_first, transcript_last, kzg_challenge, r_shift); - // this computes the "shift" z^n - typename CurveType::scalar_field_type::value_type zn = kzg_challenge.pow(n); - // this computes f_w(z) by multiplying by zn - typename CurveType::scalar_field_type::value_type fwz = fz * zn; - - return prove_commitment_key_kzg_opening>( - srs_powers_alpha_first, srs_powers_alpha_last, srs_powers_beta_first, srs_powers_beta_last, - fcoeffs, fwz, kzg_challenge); - } - - /// gipa_tipp_mipp performs the recursion of the GIPA protocol for TIPP and MIPP. - /// It returns a proof containing all intermediate committed values, as well as - /// the challenges generated necessary to do the polynomial commitment proof - /// later in TIPP. - template, typename InputG1Iterator1, - typename InputG2Iterator, typename InputG1Iterator2, typename InputScalarIterator> - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value, - std::tuple, std::vector, - std::vector>>::type - gipa_tipp_mipp(transcript &tr, InputG1Iterator1 a_first, InputG1Iterator1 a_last, - InputG2Iterator b_first, InputG2Iterator b_last, InputG1Iterator2 c_first, - InputG1Iterator2 c_last, - const typename commitments::kzg_ipp2::vkey_type &vkey_input, - const typename commitments::kzg_ipp2::wkey_type &wkey_input, - InputScalarIterator r_first, InputScalarIterator r_last) { - std::size_t input_len = std::distance(a_first, a_last); - BOOST_ASSERT(input_len >= 2); - BOOST_ASSERT((input_len & (input_len - 1)) == 0); - BOOST_ASSERT(input_len == std::distance(b_first, b_last)); - BOOST_ASSERT(input_len == std::distance(r_first, r_last)); - BOOST_ASSERT(input_len == std::distance(c_first, c_last)); - - // the values of vectors A and B rescaled at each step of the loop - // the values of vectors C and r rescaled at each step of the loop - std::vector::value_type> m_a {a_first, a_last}, - m_c {c_first, c_last}; - std::vector::value_type> m_b {b_first, b_last}; - std::vector m_r {r_first, r_last}; - - // the values of the commitment keys rescaled at each step of the loop - typename commitments::kzg_ipp2::vkey_type vkey = vkey_input; - typename commitments::kzg_ipp2::wkey_type wkey = wkey_input; - - // storing the values for including in the proof - std::vector::output_type, - typename commitments::kzg_ipp2::output_type>> - comms_ab; - std::vector::output_type, - typename commitments::kzg_ipp2::output_type>> - comms_c; - std::vector< - std::pair> - z_ab; - std::vector::value_type, - typename CurveType::template g1_type<>::value_type>> - z_c; - std::vector challenges, challenges_inv; - - constexpr std::array domain_separator {'g', 'i', 'p', 'a'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - typename CurveType::scalar_field_type::value_type _i = tr.read_challenge(); - - while (m_a.size() > 1) { - // recursive step - // Recurse with problem of half size - std::size_t split = m_a.size() / 2; - - auto [vk_left, vk_right] = vkey.split(split); - auto [wk_left, wk_right] = wkey.split(split); - - // TODO: parallel - // See section 3.3 for paper version with equivalent names - // TIPP part - typename commitments::kzg_ipp2::output_type tab_l = - commitments::kzg_ipp2::pair(vk_left, wk_right, m_a.begin() + split, m_a.end(), - m_b.begin(), m_b.begin() + split); - typename commitments::kzg_ipp2::output_type tab_r = - commitments::kzg_ipp2::pair(vk_right, wk_left, m_a.begin(), m_a.begin() + split, - m_b.begin() + split, m_b.end()); - - // \prod e(A_right,B_left) - typename CurveType::gt_type::value_type zab_l = CurveType::gt_type::value_type::one(); - std::for_each( - boost::make_zip_iterator(boost::make_tuple(m_a.begin() + split, m_b.begin())), - boost::make_zip_iterator(boost::make_tuple(m_a.end(), m_b.begin() + split)), - [&](const boost::tuple::value_type &, - const typename CurveType::template g2_type<>::value_type &> &t) { - zab_l = zab_l * algebra::pair(t.template get<0>(), t.template get<1>()); - }); - zab_l = algebra::final_exponentiation(zab_l); - typename CurveType::gt_type::value_type zab_r = CurveType::gt_type::value_type::one(); - std::for_each( - boost::make_zip_iterator(boost::make_tuple(m_a.begin(), m_b.begin() + split)), - boost::make_zip_iterator(boost::make_tuple(m_a.begin() + split, m_b.end())), - [&](const boost::tuple::value_type &, - const typename CurveType::template g2_type<>::value_type &> &t) { - zab_r = zab_r * algebra::pair(t.template get<0>(), t.template get<1>()); - }); - zab_r = algebra::final_exponentiation(zab_r); - - // MIPP part - // z_l = c[n':] ^ r[:n'] - typename CurveType::template g1_type<>::value_type zc_l = - algebra::multiexp( - m_c.begin() + split, m_c.end(), m_r.begin(), m_r.begin() + split, 1); - // Z_r = c[:n'] ^ r[n':] - typename CurveType::template g1_type<>::value_type zc_r = - algebra::multiexp( - m_c.begin(), m_c.begin() + split, m_r.begin() + split, m_r.end(), 1); - // u_l = c[n':] * v[:n'] - typename commitments::kzg_ipp2::output_type tuc_l = - commitments::kzg_ipp2::single(vk_left, m_c.begin() + split, m_c.end()); - // u_r = c[:n'] * v[n':] - typename commitments::kzg_ipp2::output_type tuc_r = - commitments::kzg_ipp2::single(vk_right, m_c.begin(), m_c.begin() + split); - - // Fiat-Shamir challenge - // combine both TIPP and MIPP transcript - tr.template write(zab_l); - tr.template write(zab_r); - tr.template write>(zc_l); - tr.template write>(zc_r); - tr.template write(tab_l.first); - tr.template write(tab_l.second); - tr.template write(tab_r.first); - tr.template write(tab_r.second); - tr.template write(tuc_l.first); - tr.template write(tuc_l.second); - tr.template write(tuc_r.first); - tr.template write(tuc_r.second); - typename CurveType::scalar_field_type::value_type c_inv = tr.read_challenge(); - - // Optimization for multiexponentiation to rescale G2 elements with - // 128-bit challenge Swap 'c' and 'c_inv' since can't control bit size - // of c_inv - typename CurveType::scalar_field_type::value_type c = c_inv.inversed(); - - // Set up values for next step of recursion - // A[:n'] + A[n':] ^ x - compress(m_a, split, c); - // B[:n'] + B[n':] ^ x^-1 - compress(m_b, split, c_inv); - // c[:n'] + c[n':]^x - compress(m_c, split, c); - // r[:n'] + r[n':]^x^-1 - compress(m_r, split, c_inv); - - // v_left + v_right^x^-1 - vkey = vk_left.compress(vk_right, c_inv); - // w_left + w_right^x - wkey = wk_left.compress(wk_right, c); - - comms_ab.emplace_back(std::make_pair(tab_l, tab_r)); - comms_c.emplace_back(std::make_pair(tuc_l, tuc_r)); - z_ab.emplace_back(std::make_pair(zab_l, zab_r)); - z_c.emplace_back(std::make_pair(zc_l, zc_r)); - challenges.emplace_back(c); - challenges_inv.emplace_back(c_inv); - } - - BOOST_ASSERT(m_a.size() == 1 && m_b.size() == 1); - BOOST_ASSERT(m_c.size() == 1 && m_r.size() == 1); - BOOST_ASSERT(vkey.a.size() == 1 && vkey.b.size() == 1); - BOOST_ASSERT(wkey.a.size() == 1 && wkey.b.size() == 1); - - return std::make_tuple(gipa_proof {input_len, comms_ab, comms_c, z_ab, z_c, m_a[0], - m_b[0], m_c[0], vkey.first(), wkey.first()}, - challenges, challenges_inv); - } - - /// Proves a TIPP relation between A and B as well as a MIPP relation with C and - /// r. Commitment keys must be of size of A, B and C. In the context of Groth16 - /// aggregation, we have that B = B^r and wkey is scaled by r^{-1}. The - /// commitment key v is used to commit to A and C recursively in GIPA such that - /// only one KZG proof is needed for v. In the original paper version, since the - /// challenges of GIPA would be different, two KZG proofs would be needed. - template, typename InputG1Iterator1, - typename InputG2Iterator, typename InputG1Iterator2, typename InputScalarIterator> - typename std::enable_if< - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type, - typename std::iterator_traits::value_type>::value && - std::is_same::value_type>::value, - tipp_mipp_proof>::type - prove_tipp_mipp(const r1cs_gg_ppzksnark_aggregate_proving_srs &srs, - transcript &tr, InputG1Iterator1 a_first, InputG1Iterator1 a_last, - InputG2Iterator b_first, InputG2Iterator b_last, InputG1Iterator2 c_first, - InputG1Iterator2 c_last, - const typename commitments::kzg_ipp2::wkey_type &wkey, - InputScalarIterator r_first, InputScalarIterator r_last) { - typename CurveType::scalar_field_type::value_type r_shift = *(r_first + 1); - // Run GIPA - auto [proof, challenges, challenges_inv] = gipa_tipp_mipp( - tr, a_first, a_last, b_first, b_last, c_first, c_last, srs.vkey, wkey, r_first, r_last); - - // Prove final commitment keys are wellformed - // we reverse the transcript so the polynomial in kzg opening is constructed - // correctly - the formula indicates x_{l-j}. Also for deriving KZG - // challenge point, input must be the last challenge. - std::reverse(challenges.begin(), challenges.end()); - std::reverse(challenges_inv.begin(), challenges_inv.end()); - typename CurveType::scalar_field_type::value_type r_inverse = r_shift.inversed(); - - // KZG challenge point - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'z'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(challenges[0]); - tr.template write>(proof.final_vkey.first); - tr.template write>(proof.final_vkey.second); - tr.template write>(proof.final_wkey.first); - tr.template write>(proof.final_wkey.second); - typename CurveType::scalar_field_type::value_type z = tr.read_challenge(); - - // Complete KZG proofs - return tipp_mipp_proof { - proof, - prove_commitment_v(srs.h_alpha_powers.begin(), srs.h_alpha_powers.end(), - srs.h_beta_powers.begin(), srs.h_beta_powers.end(), - challenges_inv.begin(), challenges_inv.end(), z), - prove_commitment_w(srs.g_alpha_powers.begin(), srs.g_alpha_powers.end(), - srs.g_beta_powers.begin(), srs.g_beta_powers.end(), - challenges.begin(), challenges.end(), r_inverse, z)}; - } - - /// aggregate `n` zkSnark proofs, where `n` must be a power of two. - template, typename InputTranscriptIncludeIterator, - typename InputProofIterator> - typename std::enable_if< - std::is_same::value_type>::value && - std::is_same::value_type, - r1cs_gg_ppzksnark_proof>::value, - r1cs_gg_ppzksnark_aggregate_proof>::type - aggregate_proofs(const r1cs_gg_ppzksnark_aggregate_proving_srs &srs, - InputTranscriptIncludeIterator tr_include_first, - InputTranscriptIncludeIterator tr_include_last, InputProofIterator proofs_first, - InputProofIterator proofs_last) { - std::size_t nproofs = std::distance(proofs_first, proofs_last); - BOOST_ASSERT(nproofs >= 2); - BOOST_ASSERT((nproofs & (nproofs - 1)) == 0); - BOOST_ASSERT(srs.has_correct_len(nproofs)); - - // TODO: parallel - // We first commit to A B and C - these commitments are what the verifier - // will use later to verify the TIPP and MIPP proofs - std::vector::value_type> a, c; - std::vector::value_type> b; - auto proofs_it = proofs_first; - while (proofs_it != proofs_last) { - a.emplace_back(proofs_it->g_A); - b.emplace_back(proofs_it->g_B); - c.emplace_back(proofs_it->g_C); - ++proofs_it; - } - - // A and B are committed together in this scheme - // we need to take the reference so the macro doesn't consume the value - // first - typename commitments::kzg_ipp2::output_type com_ab = - commitments::kzg_ipp2::pair(srs.vkey, srs.wkey, a.begin(), a.end(), b.begin(), - b.end()); - typename commitments::kzg_ipp2::output_type com_c = - commitments::kzg_ipp2::single(srs.vkey, c.begin(), c.end()); - - // Derive a random scalar to perform a linear combination of proofs - constexpr std::array application_tag = {'s', 'n', 'a', 'r', 'k', - 'p', 'a', 'c', 'k'}; - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'r'}; - transcript tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(com_ab.first); - tr.template write(com_ab.second); - tr.template write(com_c.first); - tr.template write(com_c.second); - tr.write(tr_include_first, tr_include_last); - typename CurveType::scalar_field_type::value_type r = tr.read_challenge(); - - // 1,r, r^2, r^3, r^4 ... - std::vector r_vec = - structured_scalar_power( - std::distance(proofs_first, proofs_last), r); - // 1,r^-1, r^-2, r^-3 - std::vector r_inv; - std::transform(r_vec.begin(), r_vec.end(), std::back_inserter(r_inv), - [](const auto &r_i) { return r_i.inversed(); }); - - // B^{r} - std::vector::value_type> b_r; - std::for_each( - boost::make_zip_iterator(boost::make_tuple(b.begin(), r_vec.begin())), - boost::make_zip_iterator(boost::make_tuple(b.end(), r_vec.end())), - [&](const boost::tuple::value_type &, - const typename CurveType::scalar_field_type::value_type &> &t) { - b_r.emplace_back((t.template get<0>() * t.template get<1>())); - }); - // TODO: parallel - // compute A * B^r for the verifier - // auto ip_ab = algebra::pair(a, b_r); - typename CurveType::gt_type::value_type ip_ab = CurveType::gt_type::value_type::one(); - std::for_each( - boost::make_zip_iterator(boost::make_tuple(a.begin(), b_r.begin())), - boost::make_zip_iterator(boost::make_tuple(a.end(), b_r.end())), - [&](const boost::tuple::value_type &, - const typename CurveType::template g2_type<>::value_type &> &t) { - ip_ab = ip_ab * algebra::pair(t.template get<0>(), t.template get<1>()); - }); - ip_ab = algebra::final_exponentiation(ip_ab); - // compute C^r for the verifier - typename CurveType::template g1_type<>::value_type agg_c = - algebra::multiexp(c.begin(), c.end(), - r_vec.begin(), r_vec.end(), 1); - tr.template write(ip_ab); - tr.template write>(agg_c); - - // w^{r^{-1}} - typename commitments::kzg_ipp2::wkey_type wkey_r_inv = - srs.wkey.scale(r_inv.begin(), r_inv.end()); - - // we prove tipp and mipp using the same recursive loop - tipp_mipp_proof proof = - prove_tipp_mipp(srs, tr, a.begin(), a.end(), b_r.begin(), b_r.end(), c.begin(), c.end(), - wkey_r_inv, r_vec.begin(), r_vec.end()); - - // debug assert - BOOST_ASSERT(com_ab == typename commitments::kzg_ipp2::pair( - srs.vkey, wkey_r_inv, a.begin(), a.end(), b_r.begin(), b_r.end())); - - return {com_ab, com_c, ip_ab, agg_c, proof}; - } - - template - class r1cs_gg_ppzksnark_prover { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef r1cs_gg_ppzksnark_prover basic_prover; - typedef typename basic_prover::proof_type basic_proof_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::proving_srs_type proving_srs_type; - typedef typename policy_type::proof_type proof_type; - - // aggregate prove - template - static inline proof_type process(const proving_srs_type &srs, - InputTranscriptIncludeIterator transcript_include_first, - InputTranscriptIncludeIterator transcript_include_last, - InputProofIterator proofs_first, - InputProofIterator proofs_last) { - return aggregate_proofs(srs, transcript_include_first, transcript_include_last, - proofs_first, proofs_last); - } - - // Basic prove - static inline basic_proof_type process(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return basic_prover::process(pk, primary_input, auxiliary_input); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/srs.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/srs.hpp deleted file mode 100644 index b81a756341..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/srs.hpp +++ /dev/null @@ -1,211 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_SRS_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_SRS_HPP - -#include -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - std::vector - structured_generators_scalar_power(std::size_t n, const typename ScalarFieldType::value_type &s) { - BOOST_ASSERT(n > 0); - - std::vector powers_of_g {GroupType::value_type::one()}; - - for (std::size_t i = 1; i < n; i++) { - powers_of_g.emplace_back(powers_of_g.back() * s); - } - - return powers_of_g; - } - - /// ProverSRS is the specialized SRS version for the prover for a specific number of proofs to - /// aggregate. It contains as well the commitment keys for this specific size. - /// Note the size must be a power of two for the moment - if it is not, padding must be - /// applied. - template - struct r1cs_gg_ppzksnark_aggregate_proving_srs { - typedef CurveType curve_type; - - typedef typename curve_type::template g1_type<> g1_type; - typedef typename curve_type::template g2_type<> g2_type; - typedef typename g1_type::value_type g1_value_type; - typedef typename g2_type::value_type g2_value_type; - - typedef commitments::kzg_ipp2 commitment_type; - typedef typename commitment_type::vkey_type vkey_type; - typedef typename commitment_type::wkey_type wkey_type; - - /// Returns true if commitment keys have the exact required length. - /// It is necessary for the IPP scheme to work that commitment - /// key have the exact same number of arguments as the number of proofs to - /// aggregate. - bool has_correct_len(std::size_t n) const { - return vkey.has_correct_len(n) && wkey.has_correct_len(n); - } - - /// number of proofs to aggregate - std::size_t n; - /// $\{g^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_alpha_powers; - /// $\{h^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_alpha_powers; - /// $\{g^b^i\}_{i=n}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_beta_powers; - /// $\{h^b^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_beta_powers; - /// commitment key using in MIPP and TIPP - vkey_type vkey; - /// commitment key using in TIPP - wkey_type wkey; - }; - - /// Contains the necessary elements to verify an aggregated Groth16 proof; it is of fixed size - /// regardless of the number of proofs aggregated. However, a verifier SRS will be determined by - /// the number of proofs being aggregated. - template - struct r1cs_gg_ppzksnark_aggregate_verification_srs { - typedef CurveType curve_type; - - std::size_t n; - typename CurveType::template g1_type<>::value_type g; - typename CurveType::template g2_type<>::value_type h; - typename CurveType::template g1_type<>::value_type g_alpha; - typename CurveType::template g1_type<>::value_type g_beta; - typename CurveType::template g2_type<>::value_type h_alpha; - typename CurveType::template g2_type<>::value_type h_beta; - }; - - /// It contains the maximum number of raw elements of the SRS needed to aggregate and verify - /// Groth16 proofs. One can derive specialized prover and verifier key for _specific_ size of - /// aggregations by calling `srs.specialize(n)`. The specialized prover key also contains - /// precomputed tables that drastically increase prover's performance. - /// This GenericSRS is usually formed from the transcript of two distinct power of taus ceremony - /// ,in other words from two distinct Groth16 CRS. - /// See [there](https://github.com/nikkolasg/taupipp) a way on how to generate this GenesisSRS. - template - struct r1cs_gg_ppzksnark_aggregate_srs { - typedef CurveType curve_type; - static constexpr proving_mode mode = proving_mode::aggregate; - typedef typename curve_type::scalar_field_type scalar_field_type; - typedef typename curve_type::template g1_type<> g1_type; - typedef typename curve_type::template g2_type<> g2_type; - typedef typename g1_type::value_type g1_value_type; - typedef typename g2_type::value_type g2_value_type; - typedef typename scalar_field_type::value_type scalar_field_value_type; - - typedef r1cs_gg_ppzksnark_aggregate_proving_srs proving_srs_type; - typedef r1cs_gg_ppzksnark_aggregate_verification_srs verification_srs_type; - typedef std::pair srs_pair_type; - - /// $\{g^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_alpha_powers; - /// $\{h^a^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_alpha_powers; - /// $\{g^b^i\}_{i=n}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector g_beta_powers; - /// $\{h^b^i\}_{i=0}^{N}$ where N is the smallest size of the two Groth16 CRS. - std::vector h_beta_powers; - - r1cs_gg_ppzksnark_aggregate_srs() = default; - r1cs_gg_ppzksnark_aggregate_srs(std::size_t num_proofs, const scalar_field_value_type &alpha, - const scalar_field_value_type &beta) : - g_alpha_powers(structured_generators_scalar_power(2 * num_proofs, alpha)), - h_alpha_powers(structured_generators_scalar_power(2 * num_proofs, alpha)), - g_beta_powers(structured_generators_scalar_power(2 * num_proofs, beta)), - h_beta_powers(structured_generators_scalar_power(2 * num_proofs, beta)) { - } - - /// specializes returns the prover and verifier SRS for a specific number of - /// proofs to aggregate. The number of proofs MUST BE a power of two, it - /// panics otherwise. The number of proofs must be inferior to half of the - /// size of the generic srs otherwise it panics. - srs_pair_type specialize(std::size_t num_proofs) { - BOOST_ASSERT(num_proofs > 0 && (num_proofs & (num_proofs - 1)) == 0); - - std::size_t tn = 2 * num_proofs; // size of the CRS we need - BOOST_ASSERT(g_alpha_powers.size() >= tn); - BOOST_ASSERT(h_alpha_powers.size() >= tn); - BOOST_ASSERT(g_beta_powers.size() >= tn); - BOOST_ASSERT(h_beta_powers.size() >= tn); - - std::size_t n = num_proofs; - // when doing the KZG opening we need _all_ coefficients from 0 - // to 2n-1 because the polynomial is of degree 2n-1. - std::size_t g_low = 0; - std::size_t g_up = tn; - std::size_t h_low = 0; - std::size_t h_up = h_low + n; - std::vector::value_type> v1 = { - h_alpha_powers.begin() + h_low, h_alpha_powers.begin() + h_up}; - std::vector::value_type> v2 = { - h_beta_powers.begin() + h_low, h_beta_powers.begin() + h_up}; - typename proving_srs_type::vkey_type vkey = {v1, v2}; - BOOST_ASSERT(vkey.has_correct_len(n)); - // however, here we only need the "right" shifted bases for the - // commitment scheme. - std::vector::value_type> w1 = { - g_alpha_powers.begin() + n, g_alpha_powers.begin() + g_up}; - std::vector::value_type> w2 = { - g_beta_powers.begin() + n, g_beta_powers.begin() + g_up}; - typename proving_srs_type::wkey_type wkey = {w1, w2}; - BOOST_ASSERT(wkey.has_correct_len(n)); - - proving_srs_type pk = {n, - {g_alpha_powers.begin() + g_low, g_alpha_powers.begin() + g_up}, - {h_alpha_powers.begin() + h_low, h_alpha_powers.begin() + h_up}, - {g_beta_powers.begin() + g_low, g_beta_powers.begin() + g_up}, - {h_beta_powers.begin() + h_low, h_beta_powers.begin() + h_up}, - vkey, - wkey}; - verification_srs_type vk = {n, - g_alpha_powers[0], - h_alpha_powers[0], - g_alpha_powers[1], - g_beta_powers[1], - h_alpha_powers[1], - h_beta_powers[1]}; - return std::make_pair(pk, vk); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_SRS_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/transcript.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/transcript.hpp deleted file mode 100644 index e25a3eea29..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/transcript.hpp +++ /dev/null @@ -1,157 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_TRANSCRIPT_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_TRANSCRIPT_HPP - -#include -#include -#include - -#include - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template, typename Hash = hashes::sha2<256>> - struct transcript { - typedef CurveType curve_type; - typedef Hash hash_type; - - typedef nil::marshalling::bincode::curve bincode; - - std::vector buffer; - ::nil::crypto3::accumulator_set hasher_acc; - - template< - typename InputIterator, - typename std::enable_if< - std::is_same::value_type>::value, - bool>::type = true> - transcript(InputIterator first, InputIterator last) { - buffer.insert(buffer.end(), first, last); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template< - typename InputIterator, - typename std::enable_if< - std::is_same::value_type>::value, - bool>::type = true> - inline void write_domain_separator(InputIterator first, InputIterator last) { - buffer.insert(buffer.end(), first, last); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template - inline typename std::enable_if< - std::is_same::value || - std::is_same::value || - std::is_same::value>::type - write(const typename FieldType::value_type &x) { - buffer.resize(bincode::template element_size()); - bincode::template field_element_to_bytes(x, buffer.begin(), buffer.end()); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template - inline typename std::enable_if< - std::is_same, GroupType>::value || - std::is_same, GroupType>::value>::type - write(const typename GroupType::value_type &x) { - buffer.resize(bincode::template element_size()); - bincode::template point_to_bytes(x, buffer.begin(), buffer.end()); - hash(buffer, hasher_acc); - buffer.clear(); - } - - template - inline typename std::enable_if< - std::is_same::value_type>::value>::type - write(InputIterator first, InputIterator last) { - std::array len_bytes {}; - nil::crypto3::detail::pack( - std::vector { - static_cast(std::distance(first, last)), - }, - len_bytes); - buffer.insert(buffer.end(), len_bytes.begin(), len_bytes.end()); - buffer.insert(buffer.end(), first, last); - hash(buffer, hasher_acc); - buffer.clear(); - } - - inline typename curve_type::scalar_field_type::value_type read_challenge() { - auto hasher_state = hasher_acc; - std::size_t counter_nonce = 0; - std::array counter_nonce_bytes {}; - while (true) { - ++counter_nonce; - nil::crypto3::detail::pack( - std::vector { - counter_nonce, - }, - counter_nonce_bytes); - - hash(counter_nonce_bytes, hasher_state); - typename hash_type::digest_type hasher_res = - boost::accumulators::extract_result::features_type>::type>(hasher_state); - std::pair hasher_res_deser = - bincode::template field_element_from_bytes( - hasher_res.begin(), hasher_res.end()); - - if (!hasher_res_deser.first || - hasher_res_deser.second == curve_type::scalar_field_type::value_type::zero() || - hasher_res_deser.second == curve_type::scalar_field_type::value_type::one()) { - continue; - } - return hasher_res_deser.second; - } - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_AGGREGATE_IPP2_TRANSCRIPT_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verification_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verification_key.hpp deleted file mode 100644 index c2350b7ba1..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verification_key.hpp +++ /dev/null @@ -1,75 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFICATION_KEY_HPP - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct r1cs_gg_ppzksnark_aggregate_verification_key { - typedef CurveType curve_type; - - typename curve_type::template g1_type<>::value_type alpha_g1; - typename curve_type::template g2_type<>::value_type beta_g2; - typename curve_type::template g2_type<>::value_type gamma_g2; - typename curve_type::template g2_type<>::value_type delta_g2; - - container::accumulation_vector> gamma_ABC_g1; - - r1cs_gg_ppzksnark_aggregate_verification_key() = default; - r1cs_gg_ppzksnark_aggregate_verification_key( - const typename curve_type::template g1_type<>::value_type &alpha_g1, - const typename curve_type::template g2_type<>::value_type &beta_g2, - const typename curve_type::template g2_type<>::value_type &gamma_g2, - const typename curve_type::template g2_type<>::value_type &delta_g2, - const container::accumulation_vector> &gamma_ABC_g1) : - alpha_g1(alpha_g1), - beta_g2(beta_g2), gamma_g2(gamma_g2), delta_g2(delta_g2), gamma_ABC_g1(gamma_ABC_g1) { - } - - bool operator==(const r1cs_gg_ppzksnark_aggregate_verification_key &other) const { - return (this->alpha_g1 == other.alpha_g1 && this->beta_g2 == other.beta_g2 && - this->gamma_g2 == other.gamma_g2 && this->delta_g2 == other.delta_g2 && - this->gamma_ABC_g1 == other.gamma_ABC_g1); - } - - explicit operator r1cs_gg_ppzksnark_verification_key() const { - return r1cs_gg_ppzksnark_verification_key( - algebra::pair_reduced(alpha_g1, beta_g2), gamma_g2, delta_g2, gamma_ABC_g1); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFICATION_KEY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verifier.hpp deleted file mode 100644 index 163be38232..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/ipp2/verifier.hpp +++ /dev/null @@ -1,713 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_IPP2_VERIFY_HPP - -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /// Keeps track of the variables that have been sent by the prover and must - /// be multiplied together by the verifier. Both MIPP and TIPP are merged - /// together. - template - class gipa_tuz { - typedef CurveType curve_type; - using g1_type = typename curve_type::template g1_type<>; - - public: - typename curve_type::gt_type::value_type tab; - typename curve_type::gt_type::value_type uab; - typename curve_type::gt_type::value_type zab; - typename curve_type::gt_type::value_type tc; - typename curve_type::gt_type::value_type uc; - typename g1_type::value_type zc; - - inline gipa_tuz() : - tab(curve_type::gt_type::value_type::one()), uab(curve_type::gt_type::value_type::one()), - zab(curve_type::gt_type::value_type::one()), tc(curve_type::gt_type::value_type::one()), - uc(curve_type::gt_type::value_type::one()), zc(g1_type::value_type::zero()) { - } - - inline gipa_tuz(const typename curve_type::gt_type::value_type &tab, - const typename curve_type::gt_type::value_type &uab, - const typename curve_type::gt_type::value_type &zab, - const typename curve_type::gt_type::value_type &tc, - const typename curve_type::gt_type::value_type &uc, - const typename g1_type::value_type &zc) : - tab(tab), - uab(uab), zab(zab), tc(tc), uc(uc), zc(zc) { - } - - inline void merge(const gipa_tuz &other) { - tab = tab * other.tab; - uab = uab * other.uab; - zab = zab * other.zab; - tc = tc * other.tc; - uc = uc * other.uc; - zc = zc + other.zc; - } - }; - - /// TODO: optimize this simple version of pairing checker - /// PairingCheck represents a check of the form e(A,B)e(C,D)... = T. Checks can - /// be aggregated together using random linear combination. The efficiency comes - /// from keeping the results from the miller loop output before proceding to a final - /// exponentiation when verifying if all checks are verified. - /// It is a tuple: - /// - a miller loop result that is to be multiplied by other miller loop results - /// before going into a final exponentiation result - /// - a right side result which is already in the right subgroup Gt which is to - /// be compared to the left side when "final_exponentiatiat"-ed - template - struct pairing_check { - typedef CurveType curve_type; - - typedef typename curve_type::template g1_type<> g1_type; - typedef typename curve_type::template g2_type<> g2_type; - typedef typename curve_type::gt_type gt_type; - typedef typename curve_type::scalar_field_type scalar_field_type; - - typedef typename g1_type::value_type g1_value_type; - typedef typename g2_type::value_type g2_value_type; - typedef typename gt_type::value_type gt_value_type; - typedef typename scalar_field_type::value_type scalar_field_value_type; - - gt_value_type left; - gt_value_type right; - bool non_random_check_done; - bool valid; - - inline pairing_check() : - left(gt_value_type::one()), right(gt_value_type::one()), non_random_check_done(false), - valid(true) { - } - - /// returns a pairing tuple that is scaled by a random element. - /// When aggregating pairing checks, this creates a random linear - /// combination of all checks so that it is secure. Specifically - /// we have e(A,B)e(C,D)... = out <=> e(g,h)^{ab + cd} = out - /// We rescale using a random element $r$ to give - /// e(rA,B)e(rC,D) ... = out^r <=> - /// e(A,B)^r e(C,D)^r = out^r <=> e(g,h)^{abr + cdr} = out^r - /// (e(g,h)^{ab + cd})^r = out^r - template::value_type>::value && - std::is_same::value_type>::value, - bool>::type> - inline pairing_check(InputG1Iterator a_first, InputG1Iterator a_last, InputG2Iterator b_first, - InputG2Iterator b_last, const gt_value_type &out) : - left(gt_value_type::one()), - right(gt_value_type::one()), non_random_check_done(false), valid(true) { - merge_random(a_first, a_last, b_first, b_last, out); - } - - void merge() { - } - - template - inline typename std::enable_if< - std::is_same::value_type>::value && - std::is_same::value_type>::value>::type - merge_random(InputG1Iterator a_first, InputG1Iterator a_last, InputG2Iterator b_first, - InputG2Iterator b_last, const gt_value_type &out) { - std::size_t len = std::distance(a_first, a_last); - BOOST_ASSERT(len > 0); - BOOST_ASSERT(len == std::distance(b_first, b_last)); - - if (!valid) { - return; - } - - scalar_field_value_type coeff = derive_non_zero(); - std::for_each(boost::make_zip_iterator(boost::make_tuple(a_first, b_first)), - boost::make_zip_iterator(boost::make_tuple(a_last, b_last)), - [&](const boost::tuple &t) { - left = left * algebra::pair(coeff * t.template get<0>(), - t.template get<1>()); - }); - right = right * (out == CurveType::gt_type::value_type::one() ? out : out.pow(coeff.data)); - } - - template - inline typename std::enable_if::value_type>::value>::type - merge_nonrandom(InputGTIterator a_first, InputGTIterator a_last, const gt_value_type &out) { - BOOST_ASSERT(!non_random_check_done); - BOOST_ASSERT(std::distance(a_first, a_last) > 0); - - if (!valid) { - return; - } - - for (auto a_it = a_first; a_it != a_last; ++a_it) { - left = left * (*a_it); - } - right = right * out; - - non_random_check_done = true; - } - - inline bool verify() { - return valid && (algebra::final_exponentiation(left) == right); - } - - inline scalar_field_value_type derive_non_zero() { - scalar_field_value_type coeff = - algebra::random_element(); - while (coeff.is_zero()) { - coeff = algebra::random_element(); - } - return coeff; - } - - inline void invalidate() { - valid = false; - } - }; - - /// verify_kzg_opening_g2 takes a KZG opening, the final commitment key, SRS and - /// any shift (in TIPP we shift the v commitment by r^-1) and returns a pairing - /// tuple to check if the opening is correct or not. - template - inline typename std::enable_if< - std::is_same::value_type>::value>::type - verify_kzg_v(const r1cs_gg_ppzksnark_aggregate_verification_srs &v_srs, - const std::pair::value_type, - typename CurveType::template g2_type<>::value_type> &final_vkey, - const typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g2_type<>> &vkey_opening, - InputScalarIterator challenges_first, InputScalarIterator challenges_last, - const typename CurveType::scalar_field_type::value_type &kzg_challenge, - pairing_check &pc) { - // f_v(z) - typename CurveType::scalar_field_type::value_type vpoly_eval_z = - polynomial_evaluation_product_form_from_transcript( - challenges_first, challenges_last, kzg_challenge, - CurveType::scalar_field_type::value_type::one()); - - // TODO:: parallel - // -g such that when we test a pairing equation we only need to check if - // it's equal 1 at the end: - // e(a,b) = e(c,d) <=> e(a,b)e(-c,d) = 1 - // e(A,B) = e(C,D) <=> e(A,B)e(-C,D) == 1 <=> e(A,B)e(C,D)^-1 == 1 - // verify first part of opening - v1 - // e(-g, v1-(f_v(z)}*h)) ==> e(g^-1,h^{f_v(a)} * h^{-f_v(z)}) - // e(g^{a - z}, opening_1) ==> e(g^{a-z}, h^q(a)) - std::vector::value_type> a_input1 { - -v_srs.g, - v_srs.g_alpha - (v_srs.g * kzg_challenge), - }; - std::vector::value_type> b_input1 { - // in additive notation: final_vkey = uH, - // uH - f_v(z)H = (u - f_v)H --> v1h^{-af_v(z)} - final_vkey.first - (v_srs.h * vpoly_eval_z), - vkey_opening.first, - }; - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), - CurveType::gt_type::value_type::one()); - - // verify second part of opening - v2 - similar but changing secret exponent - // e(g, v2 h^{-bf_v(z)}) - std::vector::value_type> a_input2 { - -v_srs.g, - v_srs.g_beta - (v_srs.g * kzg_challenge), - }; - std::vector::value_type> b_input2 { - // in additive notation: final_vkey = uH, - // uH - f_v(z)H = (u - f_v)H --> v1h^{-f_v(z)} - final_vkey.second - (v_srs.h * vpoly_eval_z), - vkey_opening.second, - }; - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), - CurveType::gt_type::value_type::one()); - } - - /// Similar to verify_kzg_opening_g2 but for g1. - template - inline typename std::enable_if< - std::is_same::value_type>::value>::type - verify_kzg_w(const r1cs_gg_ppzksnark_aggregate_verification_srs &v_srs, - const std::pair::value_type, - typename CurveType::template g1_type<>::value_type> &final_wkey, - const typename commitments::kzg_ipp2::template opening_type< - typename CurveType::template g1_type<>> &wkey_opening, - InputScalarIterator challenges_first, InputScalarIterator challenges_last, - const typename CurveType::scalar_field_type::value_type &r_shift, - const typename CurveType::scalar_field_type::value_type &kzg_challenge, - pairing_check &pc) { - // TODO: parallel - // compute in parallel f(z) and z^n and then combines into f_w(z) = z^n * f(z) - typename CurveType::scalar_field_type::value_type fwz = - polynomial_evaluation_product_form_from_transcript( - challenges_first, challenges_last, kzg_challenge, r_shift) * - kzg_challenge.pow(v_srs.n); - - // TODO: parallel - // first check on w1 - // e(w_1 / g^{f_w(z)},h) == e(\pi_{w,1},h^a/h^z) - // e(g^{f_w(a) - f_w(z)}, - std::vector::value_type> a_input1 { - final_wkey.first - (v_srs.g * fwz), - // e(opening, h^{a - z}) - wkey_opening.first, - }; - std::vector::value_type> b_input1 { - -v_srs.h, - v_srs.h_alpha - (v_srs.h * kzg_challenge), - }; - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), - CurveType::gt_type::value_type::one()); - - // then do second check - // e(w_2 / g^{f_w(z)},h) == e(\pi_{w,2},h^b/h^z) - std::vector::value_type> a_input2 { - final_wkey.second - (v_srs.g * fwz), - wkey_opening.second, - }; - std::vector::value_type> b_input2 { - -v_srs.h, - v_srs.h_beta - (v_srs.h * kzg_challenge), - }; - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), - CurveType::gt_type::value_type::one()); - } - - /// gipa_verify_tipp_mipp recurse on the proof and statement and produces the final - /// values to be checked by TIPP and MIPP verifier, namely, for TIPP for example: - /// * T,U: the final commitment values of A and B - /// * Z the final product between A and B. - /// * Challenges are returned in inverse order as well to avoid - /// repeating the operation multiple times later on. - /// * There are T,U,Z vectors as well for the MIPP relationship. Both TIPP and - /// MIPP share the same challenges however, enabling to re-use common operations - /// between them, such as the KZG proof for commitment keys. - template> - inline std::tuple, typename CurveType::scalar_field_type::value_type, - std::vector, - std::vector> - gipa_verify_tipp_mipp(transcript &tr, - const r1cs_gg_ppzksnark_aggregate_proof &proof, - const typename CurveType::scalar_field_type::value_type &r_shift) { - std::vector challenges; - std::vector challenges_inv; - - constexpr std::array domain_separator = {'g', 'i', 'p', 'a'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - - // We first generate all challenges as this is the only consecutive process - // that can not be parallelized then we scale the commitments in a - // parallelized way - std::for_each( - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.begin(), proof.tmipp.gipa.z_ab.begin(), - proof.tmipp.gipa.comms_c.begin(), proof.tmipp.gipa.z_c.begin())), - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.end(), proof.tmipp.gipa.z_ab.end(), - proof.tmipp.gipa.comms_c.end(), proof.tmipp.gipa.z_c.end())), - [&](const boost::tuple< - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair &, - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair::value_type, - typename CurveType::template g1_type<>::value_type> &> &t) { - // .write(&zab_l) - tr.template write(t.template get<1>().first); - // .write(&zab_r) - tr.template write(t.template get<1>().second); - // .write(&zc_l) - tr.template write>(t.template get<3>().first); - // .write(&zc_r) - tr.template write>(t.template get<3>().second); - // .write(&tab_l.0) - tr.template write(t.template get<0>().first.first); - // .write(&tab_l.1) - tr.template write(t.template get<0>().first.second); - // .write(&tab_r.0) - tr.template write(t.template get<0>().second.first); - // .write(&tab_r.1) - tr.template write(t.template get<0>().second.second); - // .write(&tc_l.0) - tr.template write(t.template get<2>().first.first); - // .write(&tc_l.1) - tr.template write(t.template get<2>().first.second); - // .write(&tc_r.0) - tr.template write(t.template get<2>().second.first); - // .write(&tc_r.1) - tr.template write(t.template get<2>().second.second); - challenges_inv.emplace_back(tr.read_challenge()); - challenges.emplace_back(challenges_inv.back().inversed()); - }); - - gipa_tuz final_res {// output of the pair commitment T and U in TIPP -> COM((v,w),A,B) - proof.com_ab.first, proof.com_ab.second, - // in the end must be equal to Z = A^r * B - proof.ip_ab, - // COM(v,C) - proof.com_c.first, proof.com_c.second, - // in the end must be equal to Z = C^r - proof.agg_c}; - - // we first multiply each entry of the Z U and L vectors by the respective - // challenges independently - // Since at the end we want to multiple all "t" values together, we do - // multiply all of them in parrallel and then merge then back at the end. - // same for u and z. - gipa_tuz res; - std::for_each( - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.begin(), proof.tmipp.gipa.z_ab.begin(), - proof.tmipp.gipa.comms_c.begin(), proof.tmipp.gipa.z_c.begin(), - challenges.begin(), challenges_inv.begin())), - boost::make_zip_iterator( - boost::make_tuple(proof.tmipp.gipa.comms_ab.end(), proof.tmipp.gipa.z_ab.end(), - proof.tmipp.gipa.comms_c.end(), proof.tmipp.gipa.z_c.end(), - challenges.end(), challenges_inv.end())), - [&](const boost::tuple< - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair &, - const std::pair::output_type, - typename commitments::kzg_ipp2::output_type> &, - const std::pair::value_type, - typename CurveType::template g1_type<>::value_type> &, - const typename CurveType::scalar_field_type::value_type &, - const typename CurveType::scalar_field_type::value_type &> &t) { - // Op::TAB::(tab_l, c_repr), - res.tab = res.tab * t.template get<0>().first.first.pow(t.template get<4>().data); - // Op::TAB(tab_r, c_inv_repr), - res.tab = res.tab * t.template get<0>().second.first.pow(t.template get<5>().data); - // Op::UAB(uab_l, c_repr), - res.uab = res.uab * t.template get<0>().first.second.pow(t.template get<4>().data); - // Op::UAB(uab_r, c_inv_repr), - res.uab = res.uab * t.template get<0>().second.second.pow(t.template get<5>().data); - // Op::ZAB(zab_l, c_repr), - res.zab = res.zab * t.template get<1>().first.pow(t.template get<4>().data); - // Op::ZAB(zab_r, c_inv_repr), - res.zab = res.zab * t.template get<1>().second.pow(t.template get<5>().data); - // Op::TC::(tc_l, c_repr), - res.tc = res.tc * t.template get<2>().first.first.pow(t.template get<4>().data); - // Op::TC(tc_r, c_inv_repr), - res.tc = res.tc * t.template get<2>().second.first.pow(t.template get<5>().data); - // Op::UC(uc_l, c_repr), - res.uc = res.uc * t.template get<2>().first.second.pow(t.template get<4>().data); - // Op::UC(uc_r, c_inv_repr), - res.uc = res.uc * t.template get<2>().second.second.pow(t.template get<5>().data); - // Op::ZC(zc_l, c_repr), - res.zc = res.zc + (t.template get<4>() * t.template get<3>().first); - // Op::ZC(zc_r, c_inv_repr), - res.zc = res.zc + (t.template get<5>() * t.template get<3>().second); - }); - - // we reverse the order because the polynomial evaluation routine expects - // the challenges in reverse order.Doing it here allows us to compute the final_r - // in log time. Challenges are used as well in the KZG verification checks. - std::reverse(challenges.begin(), challenges.end()); - std::reverse(challenges_inv.begin(), challenges_inv.end()); - - final_res.merge(res); - typename CurveType::scalar_field_type::value_type final_r = - polynomial_evaluation_product_form_from_transcript( - challenges_inv.begin(), challenges_inv.end(), r_shift, - CurveType::scalar_field_type::value_type::one()); - - return std::make_tuple(final_res, final_r, challenges, challenges_inv); - } - - /// verify_tipp_mipp returns a pairing equation to check the tipp proof. $r$ is - /// the randomness used to produce a random linear combination of A and B and - /// used in the MIPP part with C - template> - inline void verify_tipp_mipp(transcript &tr, - const r1cs_gg_ppzksnark_aggregate_verification_srs &v_srs, - const r1cs_gg_ppzksnark_aggregate_proof &proof, - const typename CurveType::scalar_field_type::value_type &r_shift, - pairing_check &pc) { - // (T,U), Z for TIPP and MIPP and all challenges - auto [final_res, final_r, challenges, challenges_inv] = - gipa_verify_tipp_mipp(tr, proof, r_shift); - - // Verify commitment keys wellformed - // KZG challenge point - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'z'}; - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(challenges.front()); - tr.template write>(proof.tmipp.gipa.final_vkey.first); - tr.template write>(proof.tmipp.gipa.final_vkey.second); - tr.template write>(proof.tmipp.gipa.final_wkey.first); - tr.template write>(proof.tmipp.gipa.final_wkey.second); - typename CurveType::scalar_field_type::value_type c = tr.read_challenge(); - - // TODO: parallel - // check the opening proof for v - verify_kzg_v( - v_srs, proof.tmipp.gipa.final_vkey, proof.tmipp.vkey_opening, challenges_inv.begin(), - challenges_inv.end(), c, pc); - // check the opening proof for w - note that w has been rescaled by $r^{-1}$ - verify_kzg_w( - v_srs, proof.tmipp.gipa.final_wkey, proof.tmipp.wkey_opening, challenges.begin(), - challenges.end(), r_shift.inversed(), c, pc); - // - // We create a sequence of pairing tuple that we aggregate together at - // the end to perform only once the final exponentiation. - // - // TIPP - // z = e(A,B) - std::vector::value_type> a_input1 { - proof.tmipp.gipa.final_a, - }; - std::vector::value_type> b_input1 { - proof.tmipp.gipa.final_b, - }; - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), final_res.zab); - - // final_aB.0 = T = e(A,v1)e(w1,B) - a_input1.template emplace_back<>(proof.tmipp.gipa.final_wkey.first); - b_input1.template emplace<>(b_input1.begin(), proof.tmipp.gipa.final_vkey.first); - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), final_res.tab); - - // final_aB.1 = U = e(A,v2)e(w2,B) - a_input1.pop_back(); - a_input1.template emplace_back<>(proof.tmipp.gipa.final_wkey.second); - b_input1.erase(b_input1.begin()); - b_input1.template emplace<>(b_input1.begin(), proof.tmipp.gipa.final_vkey.second); - pc.merge_random(a_input1.begin(), a_input1.end(), b_input1.begin(), b_input1.end(), final_res.uab); - - // MIPP - // Verify base inner product commitment - // Z == c ^ r - typename CurveType::template g1_type<>::value_type final_z = final_r * proof.tmipp.gipa.final_c; - - // Check commiment correctness - // T = e(C,v1) - std::vector::value_type> a_input2 { - proof.tmipp.gipa.final_c, - }; - std::vector::value_type> b_input2 { - proof.tmipp.gipa.final_vkey.first, - }; - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), final_res.tc); - - // U = e(A,v2) - b_input2.pop_back(); - b_input2.template emplace_back<>(proof.tmipp.gipa.final_vkey.second); - pc.merge_random(a_input2.begin(), a_input2.end(), b_input2.begin(), b_input2.end(), final_res.uc); - - if (final_z != final_res.zc) { - pc.invalidate(); - } - } - - /// Verifies the aggregated proofs thanks to the Groth16 verifying key, the - /// verifier SRS from the aggregation scheme, all the public inputs of the - /// proofs and the aggregated proof. - /// WARNING: transcript_include represents everything that should be included in - /// the transcript from outside the boundary of this function. This is especially - /// relevant for ALL public inputs of ALL individual proofs. In the regular case, - /// one should input ALL public inputs from ALL proofs aggregated. However, IF ALL the - /// public inputs are **fixed, and public before the aggregation time**, then there is - /// no need to hash those. The reason we specify this extra assumption is because hashing - /// the public inputs from the decoded form can take quite some time depending on the - /// number of proofs and public inputs (+100ms in our case). In the case of Filecoin, the only - /// non-fixed part of the public inputs are the challenges derived from a seed. Even though this - /// seed comes from a random beeacon, we are hashing this as a safety precaution. - template, - typename GeneratorType = boost::random::mt19937, typename Hash = hashes::sha2<256>, - typename InputRangesRange, typename InputIterator> - inline typename std::enable_if< - std::is_same::value_type::iterator>::value_type>::value && - std::is_same::value_type>::value, - bool>::type - verify_aggregate_proof( - const r1cs_gg_ppzksnark_aggregate_verification_srs &ip_verifier_srs, - const r1cs_gg_ppzksnark_aggregate_verification_key &pvk, - const InputRangesRange &public_inputs, - const r1cs_gg_ppzksnark_aggregate_proof &proof, - InputIterator transcript_include_first, - InputIterator transcript_include_last) { - for (const auto &public_input : public_inputs) { - BOOST_ASSERT((public_input.size()) == pvk.gamma_ABC_g1.size()); - } - - // Random linear combination of proofs - constexpr std::array application_tag = {'s', 'n', 'a', 'r', 'k', - 'p', 'a', 'c', 'k'}; - constexpr std::array domain_separator {'r', 'a', 'n', 'd', 'o', 'm', '-', 'r'}; - transcript tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.template write(proof.com_ab.first); - tr.template write(proof.com_ab.second); - tr.template write(proof.com_c.first); - tr.template write(proof.com_c.second); - tr.write(transcript_include_first, transcript_include_last); - typename CurveType::scalar_field_type::value_type r = tr.read_challenge(); - tr.template write(proof.ip_ab); - tr.template write>(proof.agg_c); - - pairing_check pc; - - // TODO: parallel - // 1.Check TIPA proof ab - // 2.Check TIPA proof c - verify_tipp_mipp( - tr, - ip_verifier_srs, - proof, - // we give the extra r as it's not part of the proof itself - it is simply used on top for the - // groth16 aggregation - r, - pc); - - // Check aggregate pairing product equation - // SUM of a geometric progression - // SUM a^i = (1 - a^n) / (1 - a) = -(1-a^n)/-(1-a) - // = (a^n - 1) / (a - 1) - typename CurveType::scalar_field_type::value_type r_sum = - (r.pow(public_inputs.size()) - CurveType::scalar_field_type::value_type::one()) * - (r - CurveType::scalar_field_type::value_type::one()).inversed(); - - // The following parts 3 4 5 are independently computing the parts of the Groth16 - // verification equation - // NOTE From this point on, we are only checking *one* pairing check (the Groth16 - // verification equation) so we don't need to randomize as all other checks are being - // randomized already. When merging all pairing checks together, this will be the only one - // non-randomized. - // - // now we do the multi exponentiation - std::vector powers = - structured_scalar_power(public_inputs.size(), r); - std::vector multi_r_vec; - // i denotes the column of the public input, and j denotes which public input - for (std::size_t i = 0; i < public_inputs[0].size(); ++i) { - typename CurveType::scalar_field_type::value_type c = public_inputs[0][i]; - for (std::size_t j = 1; j < public_inputs.size(); ++j) { - c = c + public_inputs[j][i] * powers[j]; - } - multi_r_vec.emplace_back(c); - } - - // 3. Compute left part of the final pairing equation - typename CurveType::gt_type::value_type left = - algebra::pair(pvk.alpha_g1 * r_sum, pvk.beta_g2); - - // 4. Compute right part of the final pairing equation - typename CurveType::gt_type::value_type right = algebra::pair(proof.agg_c, pvk.delta_g2); - - // 5. compute the middle part of the final pairing equation, the one - // with the public inputs - // We want to compute MUL(i:0 -> l) S_i ^ (SUM(j:0 -> n) ai,j * r^j) - // this table keeps tracks of incremental computation of each i-th - // exponent to later multiply with S_i - // The index of the table is i, which is an index of the public - // input element - // We incrementally build the r vector and the table - // NOTE: in this version it's not r^2j but simply r^j - typename CurveType::template g1_type<>::value_type g_ic = pvk.gamma_ABC_g1.first * r_sum; - // TODO: do without using of accumulation_vector - typename CurveType::template g1_type<>::value_type totsi = - pvk.gamma_ABC_g1.accumulate_chunk(multi_r_vec.begin(), multi_r_vec.end(), 0).first - - pvk.gamma_ABC_g1.first; - g_ic = g_ic + totsi; - typename CurveType::gt_type::value_type middle = algebra::pair(g_ic, pvk.gamma_g2); - - std::vector a_input {left, middle, right}; - pc.merge_nonrandom(a_input.begin(), a_input.end(), proof.ip_ab); - return pc.verify(); - } - - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - typedef r1cs_gg_ppzksnark_verifier_strong_input_consistency - basic_verifier; - typedef typename basic_verifier::proof_type basic_proof_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::verification_srs_type verification_srs_type; - typedef typename policy_type::proof_type proof_type; - - // aggregate verify - template - static inline typename std::enable_if< - std::is_same::value_type>::value, - bool>::type - process(const verification_srs_type &ip_verifier_srs, - const verification_key_type &pvk, - const InputPrimaryInputRange &public_inputs, - const proof_type &proof, - InputIterator transcript_include_first, - InputIterator transcript_include_last) { - return verify_aggregate_proof( - ip_verifier_srs, pvk, public_inputs, proof, transcript_include_first, - transcript_include_last); - } - - // Basic verify - template - static inline bool process(const VerificationKey &vk, - const primary_input_type &primary_input, - const basic_proof_type &proof) { - return basic_verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/keypair.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/keypair.hpp deleted file mode 100644 index 98115c6e0c..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_gg_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/marshalling.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/marshalling.hpp deleted file mode 100644 index 2a6dace6f0..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/marshalling.hpp +++ /dev/null @@ -1,1258 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2020 Mikhail Komarov -// Copyright (c) 2020 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for R1CS with a security proof -// in the generic group (GG) model. -// -// This includes: -//- class for proving key -//- class for verification key -//- class for processed verification key -//- class for key pair (proving key & verification key) -//- class for proof -//- generator algorithm -//- prover algorithm -//- verifier algorithm (with strong or weak input consistency) -//- online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates the protocol of \[Gro16]. -// -// -// Acronyms: -// -//- R1CS = "Rank-1 Constraint Systems" -//- ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// -// References: -// -//\[Gro16]: -// "On the Size of Pairing-based Non-interactive Arguments", -// Jens Groth, -// EUROCRYPT 2016, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_TYPES_HPP -#define CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_TYPES_HPP - -#include -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include - -namespace nil { - namespace marshalling { - - using namespace nil::crypto3::zk::snark; - using namespace nil::crypto3; - - /************************ TON Virtual Machine compatible serialization *************************/ - - template - struct verifier_input_deserializer_tvm; - - template<> - struct verifier_input_deserializer_tvm< - nil::crypto3::zk::snark::r1cs_gg_ppzksnark>> { - - using CurveType = typename algebra::curves::bls12<381>; - using scheme_type = nil::crypto3::zk::snark::r1cs_gg_ppzksnark; - - using chunk_type = std::uint8_t; - constexpr static const std::size_t chunk_size = 8; - - static const std::size_t std_size_t_byteblob_size = 4; - static const std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - static const std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - static const std::size_t fp_byteblob_size = CurveType::base_field_type::modulus_bits / chunk_size + - (CurveType::base_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t gt_byteblob_size = 2 * 3 * 2 * fp_byteblob_size; - static const std::size_t fr_byteblob_size = - CurveType::scalar_field_type::modulus_bits / chunk_size + - (CurveType::scalar_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t linear_term_byteblob_size = std_size_t_byteblob_size + fr_byteblob_size; - static const std::size_t g2g1_element_kc_byteblob_size = g2_byteblob_size + g1_byteblob_size; - - template - static inline typename std::enable_if::value, - typename FieldType::value_type>::type - field_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - using integral_type = typename FieldType::integral_type; - using field_type = FieldType; - - std::pair processed = - bincode::field::field_element_from_bytes(read_iter_begin, read_iter_end); - - if (!std::get<0>(processed)) { - processingStatus = status_type::invalid_msg_data; - - return field_type::value_type::zero(); - } - - return std::get<1>(processed); - } - - template - static inline typename std::enable_if<::nil::crypto3::algebra::is_extended_field::value, - typename FieldType::value_type>::type - field_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - using integral_type = typename FieldType::integral_type; - using field_type = FieldType; - - std::pair processed = - bincode::field::field_element_from_bytes(read_iter_begin, read_iter_end); - - if (!std::get<0>(processed)) { - processingStatus = status_type::invalid_msg_data; - - return field_type::value_type::zero(); - } - - return std::get<1>(processed); - } - - template - static inline typename GroupType::value_type - g1_group_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - typename curve_element_serializer::compressed_g1_octets input_array; - - for (std::size_t i = 0; i < g1_byteblob_size; ++i) { - input_array[i] = read_iter_begin[i]; - } - - return curve_element_serializer::octets_to_g1_point(input_array); - } - - template - static inline typename GroupType::value_type - g2_group_type_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - typename curve_element_serializer::compressed_g2_octets input_array; - - for (std::size_t i = 0; i < g2_byteblob_size; ++i) { - input_array[i] = read_iter_begin[i]; - } - - return curve_element_serializer::octets_to_g2_point(input_array); - } - - template - static inline linear_term - linear_term_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - std::size_t index = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::scalar_field_type::value_type coeff = - field_type_process( - read_iter_begin + std_size_t_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + fr_byteblob_size, - processingStatus); - - return linear_term( - variable(index), coeff); - } - - template - static inline linear_combination - linear_combination_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - std::size_t terms_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::vector> terms(terms_count); - - for (std::size_t i = 0; i < terms_count; i++) { - terms[i] = linear_term_process( - read_iter_begin + std_size_t_byteblob_size + i * linear_term_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * linear_term_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - } - - return {terms}; - } - - template - static inline r1cs_constraint - r1cs_constraint_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - std::size_t a_terms_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t a_byte_size = a_terms_count * linear_term_byteblob_size + std_size_t_byteblob_size; - linear_combination a = - linear_combination_process(read_iter_begin, read_iter_begin + a_byte_size, processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t b_terms_count = std_size_t_process(read_iter_begin + a_byte_size, - read_iter_begin + a_byte_size + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t b_byte_size = b_terms_count * linear_term_byteblob_size + std_size_t_byteblob_size; - linear_combination b = linear_combination_process( - read_iter_begin + a_byte_size, read_iter_begin + a_byte_size + b_byte_size, processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t c_terms_count = - std_size_t_process(read_iter_begin + a_byte_size + b_byte_size, - read_iter_begin + a_byte_size + b_byte_size + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t c_byte_size = c_terms_count * linear_term_byteblob_size + std_size_t_byteblob_size; - linear_combination c = - linear_combination_process(read_iter_begin + a_byte_size + b_byte_size, - read_iter_begin + a_byte_size + b_byte_size + c_byte_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - return {a, b, c}; - } - - template - static inline r1cs_constraint_system - r1cs_constraint_system_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - std::size_t primary_input_size = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t auxiliary_input_size = std_size_t_process(read_iter_begin + std_size_t_byteblob_size, - read_iter_begin + 2 * std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::size_t rc_count = std_size_t_process(read_iter_begin + 2 * std_size_t_byteblob_size, - read_iter_begin + 3 * std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::vector> constraints(rc_count); - - auto read_iter_current_begin = read_iter_begin + 3 * std_size_t_byteblob_size; - - for (std::size_t i = 0; i < rc_count; i++) { - - std::size_t total_r1cs_constraint_byteblob_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, - processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - - constraints[i] = - r1cs_constraint_process(read_iter_current_begin, - read_iter_current_begin + total_r1cs_constraint_byteblob_size, - processingStatus); - read_iter_current_begin += total_r1cs_constraint_byteblob_size; - } - - r1cs_constraint_system res = - r1cs_constraint_system(); - - res.primary_input_size = primary_input_size; - res.auxiliary_input_size = auxiliary_input_size; - res.constraints = constraints; - - return res; - } - - template - static inline crypto3::zk::commitments::detail::element_kc, - typename CurveType::template g1_type<>> - g2g1_element_kc_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - typename CurveType::template g2_type<>::value_type g = - g2_group_type_process>( - read_iter_begin, read_iter_begin + g2_byteblob_size, processingStatus); - - typename CurveType::template g1_type<>::value_type h = - g1_group_type_process>( - read_iter_begin + g2_byteblob_size, - read_iter_begin + g2_byteblob_size + - g1_byteblob_size, - processingStatus); - return {g, h}; - } - - template - static inline crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - g2g1_knowledge_commitment_vector_process(InputIterator read_iter_begin, InputIterator read_iter_end, - status_type &processingStatus) { - - using T = crypto3::zk::commitments::knowledge_commitment, - typename CurveType::template g1_type<>>; - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - std::size_t indices_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - std::vector indices(indices_count, 0); - - for (std::size_t i = 0; i < indices_count; i++) { - indices[i] = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + std_size_t_byteblob_size * i, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - } - - std::vector values(indices_count); - - for (std::size_t i = 0; i < indices_count; i++) { - values[i] = g2g1_element_kc_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - i * g2g1_element_kc_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - (i + 1) * g2g1_element_kc_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - } - - std::size_t domain_size_ = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g2g1_element_kc_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g2g1_element_kc_byteblob_size + std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - crypto3::container::sparse_vector sv; - - sv.indices = indices; - sv.values = values; - sv.domain_size_ = domain_size_; - - // assert (sv.is_valid()); - assert(sv.values.size() == sv.indices.size()); - - return sv; - } - - static inline std::size_t - std_size_t_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - processingStatus = status_type::success; - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return 0; - } - - std::vector vector_s(1, 0); - auto iter = vector_s.begin(); - - std::size_t vector_c_size = std_size_t_byteblob_size; - std::vector vector_c; - - vector_c.reserve(vector_c_size); - vector_c.insert(vector_c.end(), read_iter_begin, read_iter_begin + vector_c_size); - - nil::crypto3::detail::pack_from(vector_c, iter); - - return vector_s[0]; - } - - template - static inline crypto3::container::sparse_vector - g1_sparse_vector_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return crypto3::container::sparse_vector(); - } - - std::size_t indices_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - - if (std::distance(read_iter_begin, read_iter_end) < - std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g1_byteblob_size + std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return crypto3::container::sparse_vector(); - } - - std::vector indices(indices_count, 0); - - for (std::size_t i = 0; i < indices_count; i++) { - indices[i] = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + std_size_t_byteblob_size * i, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - } - - std::vector values(indices_count); - - for (std::size_t i = 0; i < indices_count; i++) { - values[i] = g1_group_type_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - i * g1_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - (i + 1) * g1_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - } - - std::size_t domain_size_ = std_size_t_process( - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g1_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + indices_count * std_size_t_byteblob_size + - indices_count * g1_byteblob_size + std_size_t_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return crypto3::container::sparse_vector(); - } - - crypto3::container::sparse_vector sv; - - sv.indices = indices; - sv.values = values; - sv.domain_size_ = domain_size_; - - // assert (sv.is_valid()); - assert(sv.values.size() == sv.indices.size()); - - return sv; - } - - template - static inline crypto3::container::accumulation_vector - g1_accumulation_vector_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < g1_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return crypto3::container::accumulation_vector(); - } - - typename T::value_type first = - g1_group_type_process(read_iter_begin, read_iter_begin + g1_byteblob_size, processingStatus); - - if (processingStatus != status_type::success) { - return crypto3::container::accumulation_vector(); - } - - crypto3::container::sparse_vector rest = - g1_sparse_vector_process(read_iter_begin + g1_byteblob_size, read_iter_end, - processingStatus); - - if (processingStatus != status_type::success) { - return crypto3::container::accumulation_vector(); - } - - return crypto3::container::accumulation_vector(std::move(first), std::move(rest)); - } - - static inline typename scheme_type::verification_key_type - verification_key_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < - gt_byteblob_size + g2_byteblob_size + g2_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - typename CurveType::gt_type::value_type alpha_g1_beta_g2 = - field_type_process(read_iter_begin, - read_iter_begin + gt_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g2_type<>::value_type gamma_g2 = - g2_group_type_process>( - read_iter_begin + gt_byteblob_size, - read_iter_begin + gt_byteblob_size + - g2_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g2_type<>::value_type delta_g2 = - g2_group_type_process>( - read_iter_begin + gt_byteblob_size + g2_byteblob_size, - read_iter_begin + gt_byteblob_size + g2_byteblob_size + g2_byteblob_size, - processingStatus); - if (processingStatus != status_type::success) { - return {}; - } - - crypto3::container::accumulation_vector> gamma_ABC_g1 = - g1_accumulation_vector_process>( - read_iter_begin + gt_byteblob_size + g2_byteblob_size + g2_byteblob_size, - read_iter_end, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - return {alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_ABC_g1}; - } - - static inline typename scheme_type::proving_key_type - proving_key_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - auto read_iter_current_begin = read_iter_begin; - - typename CurveType::template g1_type<>::value_type alpha_g1 = - g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - typename CurveType::template g1_type<>::value_type beta_g1 = - g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - typename CurveType::template g2_type<>::value_type beta_g2 = - g2_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g2_byteblob_size, processingStatus); - read_iter_current_begin += g2_byteblob_size; - typename CurveType::template g1_type<>::value_type delta_g1 = - g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - typename CurveType::template g2_type<>::value_type delta_g2 = - g2_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g2_byteblob_size, processingStatus); - read_iter_current_begin += g2_byteblob_size; - std::size_t A_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - std::vector::value_type> A_query(A_query_size); - - for (std::size_t i = 0; i < A_query_size; ++i) { - A_query[i] = g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - } - - std::size_t total_B_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - - crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - B_query = g2g1_knowledge_commitment_vector_process( - read_iter_current_begin, read_iter_current_begin + total_B_query_size, processingStatus); - - read_iter_current_begin += total_B_query_size; - - std::size_t H_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - std::vector::value_type> H_query(H_query_size); - - for (std::size_t i = 0; i < H_query_size; ++i) { - H_query[i] = g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - } - - std::size_t L_query_size = std_size_t_process( - read_iter_current_begin, read_iter_current_begin + std_size_t_byteblob_size, processingStatus); - - read_iter_current_begin += std_size_t_byteblob_size; - std::vector::value_type> L_query(L_query_size); - - for (std::size_t i = 0; i < L_query_size; ++i) { - L_query[i] = g1_group_type_process>( - read_iter_current_begin, read_iter_current_begin + g1_byteblob_size, processingStatus); - read_iter_current_begin += g1_byteblob_size; - } - - r1cs_constraint_system constraint_system = - r1cs_constraint_system_process(read_iter_current_begin, read_iter_end, processingStatus); - - return {std::move(alpha_g1), std::move(beta_g1), std::move(beta_g2), std::move(delta_g1), - std::move(delta_g2), std::move(A_query), std::move(B_query), std::move(H_query), - std::move(L_query), - std::move(constraint_system)}; - } - - static inline typename scheme_type::primary_input_type - primary_input_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < std_size_t_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - std::size_t pi_count = - std_size_t_process(read_iter_begin, read_iter_begin + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - if (std::distance(read_iter_begin, read_iter_end) < - std_size_t_byteblob_size + pi_count * fr_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - std::vector pi(pi_count); - - for (std::size_t i = 0; i < pi_count; i++) { - pi[i] = field_type_process( - read_iter_begin + std_size_t_byteblob_size + i * fr_byteblob_size, - read_iter_begin + std_size_t_byteblob_size + (i + 1) * fr_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - } - - return {pi}; - } - - static inline typename scheme_type::proof_type - proof_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - if (std::distance(read_iter_begin, read_iter_end) < - g1_byteblob_size + g2_byteblob_size + g1_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return {}; - } - - typename CurveType::template g1_type<>::value_type g_A = - g1_group_type_process>( - read_iter_begin, read_iter_begin + g1_byteblob_size, processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g2_type<>::value_type g_B = - g2_group_type_process>( - read_iter_begin + g1_byteblob_size, - read_iter_begin + g1_byteblob_size + - g2_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - typename CurveType::template g1_type<>::value_type g_C = - g1_group_type_process>( - read_iter_begin + g1_byteblob_size + g2_byteblob_size, - read_iter_begin + g1_byteblob_size + g2_byteblob_size + g1_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return {}; - } - - return {std::move(g_A), std::move(g_B), std::move(g_C)}; - } - - static inline std::tuple - verifier_input_process(typename std::vector::const_iterator read_iter_begin, - typename std::vector::const_iterator read_iter_end, - status_type &processingStatus) { - - const std::size_t proof_byteblob_size = g1_byteblob_size + g2_byteblob_size + g1_byteblob_size; - - if (std::distance(read_iter_begin, read_iter_end) < proof_byteblob_size) { - - processingStatus = status_type::not_enough_data; - - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - typename scheme_type::proof_type de_prf = - proof_process(read_iter_begin, read_iter_begin + proof_byteblob_size, processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - const std::size_t primary_input_byteblob_size = - std_size_t_byteblob_size + - fr_byteblob_size * - std_size_t_process(read_iter_begin + proof_byteblob_size, - read_iter_begin + proof_byteblob_size + std_size_t_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - typename scheme_type::primary_input_type de_pi = - primary_input_process(read_iter_begin + proof_byteblob_size, - read_iter_begin + proof_byteblob_size + primary_input_byteblob_size, - processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - typename scheme_type::verification_key_type de_vk = - verification_key_process(read_iter_begin + proof_byteblob_size + primary_input_byteblob_size, - read_iter_end, - processingStatus); - - if (processingStatus != status_type::success) { - return std::make_tuple(typename scheme_type::verification_key_type(), - typename scheme_type::primary_input_type(), - typename scheme_type::proof_type()); - } - - return std::make_tuple(de_vk, de_pi, de_prf); - } - }; - - template - struct verifier_input_serializer_tvm; - - template<> - struct verifier_input_serializer_tvm>> { - - using CurveType = typename algebra::curves::bls12<381>; - using scheme_type = nil::crypto3::zk::snark::r1cs_gg_ppzksnark; - - using chunk_type = std::uint8_t; - constexpr static const std::size_t chunk_size = 8; - - static const std::size_t std_size_t_byteblob_size = 4; - static const std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - static const std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - static const std::size_t fp_byteblob_size = CurveType::base_field_type::modulus_bits / chunk_size + - (CurveType::base_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t gt_byteblob_size = 2 * 3 * 2 * fp_byteblob_size; - static const std::size_t fr_byteblob_size = - CurveType::scalar_field_type::modulus_bits / chunk_size + - (CurveType::scalar_field_type::modulus_bits % chunk_size ? 1 : 0); - static const std::size_t linear_term_byteblob_size = std_size_t_byteblob_size + fr_byteblob_size; - static const std::size_t g2g1_element_kc_byteblob_size = g2_byteblob_size + g1_byteblob_size; - - template - static inline - typename std::enable_if::value, void>::type - field_type_process(typename FieldType::value_type input_fp, - typename std::vector::iterator &write_iter) { - - typedef boost::multiprecision::number> - integral_type; - - constexpr const std::size_t modulus_bits = FieldType::modulus_bits; - - constexpr const std::size_t modulus_chunks = - modulus_bits / chunk_size + (modulus_bits % chunk_size ? 1 : 0); - - boost::multiprecision::export_bits(integral_type(input_fp.data), write_iter, chunk_size, false); - write_iter += modulus_chunks; - } - - template - static inline - typename std::enable_if<::nil::crypto3::algebra::is_extended_field::value, void>::type - field_type_process(typename FieldType::value_type input_fp, - typename std::vector::iterator &write_iter) { - - using field_type = FieldType; - - const std::size_t data_dimension = field_type::arity / field_type::underlying_field_type::arity; - - for (int n = 0; n < data_dimension; ++n) { - field_type_process(input_fp.data[n], write_iter); - } - } - - template - static inline void g1_group_type_process(typename GroupType::value_type input_g, - typename std::vector::iterator &write_iter) { - - auto compressed_curve_group_element = - curve_element_serializer::point_to_octets_compress(input_g); - - copy(compressed_curve_group_element.begin(), compressed_curve_group_element.end(), write_iter); - - write_iter += compressed_curve_group_element.size(); - } - - template - static inline void g2_group_type_process(typename GroupType::value_type input_g, - typename std::vector::iterator &write_iter) { - - auto compressed_curve_group_element = - curve_element_serializer::point_to_octets_compress(input_g); - - copy(compressed_curve_group_element.begin(), compressed_curve_group_element.end(), write_iter); - - write_iter += compressed_curve_group_element.size(); - } - - static inline void std_size_t_process(std::size_t input_s, std::vector::iterator &write_iter) { - - std::size_t std_size_t_byteblob_size = 4; - std::vector vector_s = {input_s}; - - auto internal_write_iter = write_iter; - nil::crypto3::detail::pack_to( - vector_s, internal_write_iter); - - write_iter += std_size_t_byteblob_size; - } - - template - static inline void g1_sparse_vector_process(crypto3::container::sparse_vector input_sv, - std::vector::iterator &write_iter) { - - std::size_t ic_size = input_sv.values.size(); - // assert (input_sv.is_valid()); - assert(input_sv.values.size() == input_sv.indices.size()); - // Actual sparse_vector byteblob size is equal to - // (2 + ic_size) * std_size_t_byteblob_size + ic_size * g1_byteblob_size; - // For accumulation vector it is - // g1_byteblob_size more because of accumulation_vector.first - - std_size_t_process(ic_size, write_iter); - - for (auto ic_iter = input_sv.indices.begin(); ic_iter != input_sv.indices.end(); ic_iter++) { - std_size_t_process(*ic_iter, write_iter); - } - - for (auto ic_iter = input_sv.values.begin(); ic_iter != input_sv.values.end(); ic_iter++) { - g1_group_type_process>(*ic_iter, write_iter); - } - - std_size_t_process(input_sv.domain_size(), write_iter); - } - - template - static inline void g1_accumulation_vector_process(crypto3::container::accumulation_vector input_av, - std::vector::iterator &write_iter) { - - g1_group_type_process>(input_av.first, write_iter); - - g1_sparse_vector_process(input_av.rest, write_iter); - } - - template - static inline void linear_term_process(linear_term input_lt, - std::vector::iterator &write_iter) { - - std_size_t_process(input_lt.index, write_iter); - - field_type_process(input_lt.coeff, write_iter); - } - - template - static inline void linear_combination_process(linear_combination input_cm, - std::vector::iterator &write_iter) { - - std_size_t_process(input_cm.terms.size(), write_iter); - - for (auto it = input_cm.terms.begin(); it != input_cm.terms.end(); it++) { - linear_term_process(*it, write_iter); - } - } - - static inline std::size_t - get_r1cs_constraint_byteblob_size(r1cs_constraint input_rc) { - - return input_rc.a.terms.size() * (std_size_t_byteblob_size + fr_byteblob_size) + - std_size_t_byteblob_size + - input_rc.b.terms.size() * (std_size_t_byteblob_size + fr_byteblob_size) + - std_size_t_byteblob_size + - input_rc.c.terms.size() * (std_size_t_byteblob_size + fr_byteblob_size) + - std_size_t_byteblob_size; - } - - template - static inline void r1cs_constraint_process(r1cs_constraint input_rc, - std::vector::iterator &write_iter) { - - std_size_t_process(get_r1cs_constraint_byteblob_size(input_rc), write_iter); - linear_combination_process(input_rc.a, write_iter); - linear_combination_process(input_rc.b, write_iter); - linear_combination_process(input_rc.c, write_iter); - } - - template - static inline void r1cs_constraint_system_process(r1cs_constraint_system input_rs, - std::vector::iterator &write_iter) { - - std_size_t_process(input_rs.primary_input_size, write_iter); - std_size_t_process(input_rs.auxiliary_input_size, write_iter); - std_size_t_process(input_rs.constraints.size(), write_iter); - - for (auto it = input_rs.constraints.begin(); it != input_rs.constraints.end(); it++) { - r1cs_constraint_process(*it, write_iter); - } - } - - static inline void - g2g1_element_kc_process(crypto3::zk::commitments::detail::element_kc, - typename CurveType::template g1_type<>> - input_ek, - std::vector::iterator &write_iter) { - - g2_group_type_process>(input_ek.g, write_iter); - g1_group_type_process>(input_ek.h, write_iter); - } - - static inline std::size_t get_g2g1_knowledge_commitment_vector_size( - crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - input_kv) { - - return (2 + input_kv.indices.size()) * std_size_t_byteblob_size + - input_kv.values.size() * (g2_byteblob_size + g1_byteblob_size); - } - - static inline void g2g1_knowledge_commitment_vector_process( - crypto3::zk::commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - input_kv, - std::vector::iterator &write_iter) { - - std_size_t_process(get_g2g1_knowledge_commitment_vector_size(input_kv), write_iter); - - std::size_t ic_size = input_kv.values.size(); - - std_size_t_process(ic_size, write_iter); - - for (unsigned long &indice: input_kv.indices) { - std_size_t_process(indice, write_iter); - } - - for (auto &value: input_kv.values) { - g2g1_element_kc_process(value, write_iter); - } - - std_size_t_process(input_kv.domain_size(), write_iter); - } - - static inline std::vector process(typename scheme_type::proving_key_type pk) { - - std::size_t proving_key_size = - 3 * g1_byteblob_size + 2 * g2_byteblob_size + pk.A_query.size() * g1_byteblob_size + - get_g2g1_knowledge_commitment_vector_size(pk.B_query) + pk.H_query.size() * g1_byteblob_size + - pk.L_query.size() * g1_byteblob_size + 2 * std_size_t_byteblob_size; - - for (auto &constraint: pk.constraint_system.constraints) { - proving_key_size += get_r1cs_constraint_byteblob_size(constraint); - } - - proving_key_size *= 2; - - std::vector output(proving_key_size); - - typename std::vector::iterator write_iter = output.begin(); - - g1_group_type_process>(pk.alpha_g1, write_iter); - g1_group_type_process>(pk.beta_g1, write_iter); - g2_group_type_process>(pk.beta_g2, write_iter); - g1_group_type_process>(pk.delta_g1, write_iter); - g2_group_type_process>(pk.delta_g2, write_iter); - - std_size_t_process(pk.A_query.size(), write_iter); - - for (auto &it: pk.A_query) { - g1_group_type_process>(it, write_iter); - } - - g2g1_knowledge_commitment_vector_process(pk.B_query, write_iter); - - std_size_t_process(pk.H_query.size(), write_iter); - - for (auto &it: pk.H_query) { - g1_group_type_process>(it, write_iter); - } - - std_size_t_process(pk.L_query.size(), write_iter); - - for (auto &it: pk.L_query) { - g1_group_type_process>(it, write_iter); - } - - r1cs_constraint_system_process(pk.constraint_system, write_iter); - - return output; - } - - static inline std::vector process(typename scheme_type::verification_key_type vk) { - - constexpr const std::size_t modulus_bits = CurveType::base_field_type::modulus_bits; - - constexpr const std::size_t modulus_chunks = - modulus_bits / chunk_size + (modulus_bits % chunk_size ? 1 : 0); - - std::size_t ic_size = 1 + vk.gamma_ABC_g1.rest.values.size(); - - std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - std::size_t std_size_t_byteblob_size = 4; - - std::size_t gt_byteblob_size = modulus_chunks * CurveType::gt_type::arity; - - std::size_t ic_byteblob_size = std_size_t_byteblob_size + ic_size * g1_byteblob_size; - std::size_t sparse_vector_byteblob_size = - (2 + ic_size) * std_size_t_byteblob_size + ic_size * g1_byteblob_size; - std::size_t accumulation_vector_byteblob_size = sparse_vector_byteblob_size + g1_byteblob_size; - - std::size_t verification_key_size = - gt_byteblob_size + g2_byteblob_size + g2_byteblob_size + accumulation_vector_byteblob_size; - - std::vector output(verification_key_size); - - typename std::vector::iterator write_iter = output.begin(); - - field_type_process(vk.alpha_g1_beta_g2, write_iter); - g2_group_type_process>(vk.gamma_g2, write_iter); - g2_group_type_process>(vk.delta_g2, write_iter); - - // std_size_t_process(ic_size, write_iter); - - // g1_group_type_process>(vk.gamma_ABC_g1.first, write_iter); - - // for (auto ic_iter = vk.gamma_ABC_g1.rest.values.begin(); ic_iter != - // vk.gamma_ABC_g1.rest.values.end(); ic_iter++) { - // g1_group_type_process>(*ic_iter, write_iter); - // } - - g1_accumulation_vector_process(vk.gamma_ABC_g1, write_iter); - - return output; - } - - static inline std::vector process(typename scheme_type::primary_input_type pi) { - - constexpr const std::size_t modulus_bits = CurveType::scalar_field_type::modulus_bits; - - constexpr const std::size_t modulus_chunks = - modulus_bits / chunk_size + (modulus_bits % chunk_size ? 1 : 0); - - std::size_t std_size_t_byteblob_size = 4; - - std::size_t pi_count = pi.size(); - - std::size_t primary_byteblob_input_size = std_size_t_byteblob_size + pi_count * modulus_chunks; - - std::vector output(primary_byteblob_input_size); - - typename std::vector::iterator write_iter = output.begin(); - - std_size_t_process(pi_count, write_iter); - - for (std::size_t i = 0; i < pi_count; i++) { - field_type_process(pi[i], write_iter); - } - - return output; - } - - static inline std::vector process(typename scheme_type::proof_type pr) { - - std::size_t g1_byteblob_size = curve_element_serializer::sizeof_field_element; - std::size_t g2_byteblob_size = 2 * curve_element_serializer::sizeof_field_element; - - std::size_t proof_size = g1_byteblob_size + g2_byteblob_size + g1_byteblob_size; - - std::vector output(proof_size); - - typename std::vector::iterator write_iter = output.begin(); - - g1_group_type_process>(pr.g_A, write_iter); - g2_group_type_process>(pr.g_B, write_iter); - g1_group_type_process>(pr.g_C, write_iter); - - return output; - } - }; - - } // namespace marshalling -} // namespace nil - -#endif // CRYPTO3_MARSHALLING_R1CS_GG_PPZKSNARK_TYPES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/modes.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/modes.hpp deleted file mode 100644 index 2ff8f4984d..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/modes.hpp +++ /dev/null @@ -1,43 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_MODES_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_MODES_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - enum class proving_mode { - basic, - aggregate, - encrypted_input, - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_MODES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proof.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proof.hpp deleted file mode 100644 index 8e6537c926..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proof.hpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_PROOF_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_PROOF_HPP - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct r1cs_gg_ppzksnark_proof { - typedef CurveType curve_type; - - typename CurveType::template g1_type<>::value_type g_A; - typename CurveType::template g2_type<>::value_type g_B; - typename CurveType::template g1_type<>::value_type g_C; - - r1cs_gg_ppzksnark_proof() { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - // invalid proof with valid curve points - this->g_A = g1_type::value_type::one(); - this->g_B = g2_type::value_type::one(); - this->g_C = g1_type::value_type::one(); - } - r1cs_gg_ppzksnark_proof(const typename CurveType::template g1_type<>::value_type &g_A, - const typename CurveType::template g2_type<>::value_type &g_B, - const typename CurveType::template g1_type<>::value_type &g_C) : - g_A(g_A), - g_B(g_B), g_C(g_C) {}; - r1cs_gg_ppzksnark_proof(typename CurveType::template g1_type<>::value_type &&g_A, - typename CurveType::template g2_type<>::value_type &&g_B, - typename CurveType::template g1_type<>::value_type &&g_C) : - g_A(std::move(g_A)), - g_B(std::move(g_B)), g_C(std::move(g_C)) {}; - - std::size_t G1_size() const { - return 2; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool is_well_formed() const { - return (g_A.is_well_formed() && g_B.is_well_formed() && g_C.is_well_formed()); - } - - bool operator==(const r1cs_gg_ppzksnark_proof &other) const { - return (this->g_A == other.g_A && this->g_B == other.g_B && this->g_C == other.g_C); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/prover.hpp deleted file mode 100644 index c2e39de8c9..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/prover.hpp +++ /dev/null @@ -1,165 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_gg_ppzksnark_prover; - - /** - * A prover algorithm for the R1CS GG-ppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_gg_ppzksnark_prover { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - BOOST_ASSERT(proving_key.constraint_system.is_satisfied(primary_input, auxiliary_input)); - - const qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, - scalar_field_type::value_type::zero(), scalar_field_type::value_type::zero(), - scalar_field_type::value_type::zero()); - - /* We are dividing degree 2(d-1) polynomial by degree d polynomial - and not adding a PGHR-style ZK-patch, so our H is degree d-2 */ - // BOOST_ASSERT(!qap_wit.coefficients_for_H[qap_wit.degree - 2].is_zero()); - BOOST_ASSERT(qap_wit.coefficients_for_H[qap_wit.degree - 1].is_zero()); - BOOST_ASSERT(qap_wit.coefficients_for_H[qap_wit.degree].is_zero()); - - /* Choose two random field elements for prover zero-knowledge. */ - const typename scalar_field_type::value_type r = algebra::random_element(); - const typename scalar_field_type::value_type s = algebra::random_element(); -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - // TODO: sort out indexing - std::vector const_padded_assignment( - 1, scalar_field_type::value_type::one()); - const_padded_assignment.insert(const_padded_assignment.end(), - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.end()); - - typename g1_type::value_type evaluation_At = - algebra::multiexp_with_mixed_addition( - proving_key.A_query.begin(), - proving_key.A_query.begin() + qap_wit.num_variables + 1, - const_padded_assignment.begin(), - const_padded_assignment.begin() + qap_wit.num_variables + 1, - chunks); - - typename commitments::knowledge_commitment::value_type evaluation_Bt = - commitments::kc_multiexp_with_mixed_addition( - proving_key.B_query, - 0, - qap_wit.num_variables + 1, - const_padded_assignment.begin(), - const_padded_assignment.begin() + qap_wit.num_variables + 1, - chunks); - - typename g1_type::value_type evaluation_Ht = - algebra::multiexp( - proving_key.H_query.begin(), - proving_key.H_query.begin() + (qap_wit.degree - 1), - qap_wit.coefficients_for_H.begin(), - qap_wit.coefficients_for_H.begin() + (qap_wit.degree - 1), - chunks); - - typename g1_type::value_type evaluation_Lt = - algebra::multiexp_with_mixed_addition( - proving_key.L_query.begin(), - proving_key.L_query.end(), - const_padded_assignment.begin() + qap_wit.num_inputs + 1, - const_padded_assignment.begin() + qap_wit.num_variables + 1, - chunks); - - /* A = alpha + sum_i(a_i*A_i(t)) + r*delta */ - typename g1_type::value_type g1_A = - proving_key.alpha_g1 + evaluation_At + r * proving_key.delta_g1; - - /* B = beta + sum_i(a_i*B_i(t)) + s*delta */ - typename g1_type::value_type g1_B = - proving_key.beta_g1 + evaluation_Bt.h + s * proving_key.delta_g1; - typename g2_type::value_type g2_B = - proving_key.beta_g2 + evaluation_Bt.g + s * proving_key.delta_g2; - - /* C = sum_i(a_i*((beta*A_i(t) + alpha*B_i(t) + C_i(t)) + H(t)*Z(t))/delta) + A*s + r*b - - * r*s*delta - */ - typename g1_type::value_type g1_C = - evaluation_Ht + evaluation_Lt + s * g1_A + r * g1_B - (r * s) * proving_key.delta_g1; - - return proof_type(std::move(g1_A), std::move(g2_B), std::move(g1_C)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proving_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proving_key.hpp deleted file mode 100644 index aaffc96255..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,136 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_PROVING_KEY_HPP - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template> - struct r1cs_gg_ppzksnark_proving_key { - typedef CurveType curve_type; - typedef r1cs_constraint_system constraint_system_type; - - typename CurveType::template g1_type<>::value_type alpha_g1; - typename CurveType::template g1_type<>::value_type beta_g1; - typename CurveType::template g2_type<>::value_type beta_g2; - typename CurveType::template g1_type<>::value_type delta_g1; - typename CurveType::template g2_type<>::value_type delta_g2; - - std::vector::value_type> - A_query; // this could be a sparse vector if we had multiexp for those - commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> - B_query; - std::vector::value_type> H_query; - std::vector::value_type> L_query; - - constraint_system_type constraint_system; - - r1cs_gg_ppzksnark_proving_key() {}; - r1cs_gg_ppzksnark_proving_key &operator=(const r1cs_gg_ppzksnark_proving_key &other) = default; - r1cs_gg_ppzksnark_proving_key(const r1cs_gg_ppzksnark_proving_key &other) = default; - r1cs_gg_ppzksnark_proving_key(r1cs_gg_ppzksnark_proving_key &&other) = default; - - r1cs_gg_ppzksnark_proving_key( - const typename CurveType::template g1_type<>::value_type &alpha_g1, - const typename CurveType::template g1_type<>::value_type &beta_g1, - const typename CurveType::template g2_type<>::value_type &beta_g2, - const typename CurveType::template g1_type<>::value_type &delta_g1, - const typename CurveType::template g2_type<>::value_type &delta_g2, - const std::vector::value_type> &A_query, - const commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> &B_query, - const std::vector::value_type> &H_query, - const std::vector::value_type> &L_query, - const constraint_system_type &constraint_system) : - alpha_g1(alpha_g1), - beta_g1(beta_g1), beta_g2(beta_g2), delta_g1(delta_g1), delta_g2(delta_g2), A_query(A_query), - B_query(B_query), H_query(H_query), L_query(L_query), constraint_system(constraint_system) {}; - - r1cs_gg_ppzksnark_proving_key( - typename CurveType::template g1_type<>::value_type &&alpha_g1, - typename CurveType::template g1_type<>::value_type &&beta_g1, - typename CurveType::template g2_type<>::value_type &&beta_g2, - typename CurveType::template g1_type<>::value_type &&delta_g1, - typename CurveType::template g2_type<>::value_type &&delta_g2, - std::vector::value_type> &&A_query, - commitments::knowledge_commitment_vector, - typename CurveType::template g1_type<>> &&B_query, - std::vector::value_type> &&H_query, - std::vector::value_type> &&L_query, - constraint_system_type &&constraint_system) : - alpha_g1(std::move(alpha_g1)), - beta_g1(std::move(beta_g1)), beta_g2(std::move(beta_g2)), delta_g1(std::move(delta_g1)), - delta_g2(std::move(delta_g2)), A_query(std::move(A_query)), B_query(std::move(B_query)), - H_query(std::move(H_query)), L_query(std::move(L_query)), - constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return 1 + A_query.size() + B_query.domain_size() + H_query.size() + L_query.size(); - } - - std::size_t G2_size() const { - return 1 + B_query.domain_size(); - } - - std::size_t G1_sparse_size() const { - return 1 + A_query.size() + B_query.size() + H_query.size() + L_query.size(); - } - - std::size_t G2_sparse_size() const { - return 1 + B_query.size(); - } - - std::size_t size_in_bits() const { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - return A_query.size() * g1_type::value_bits + B_query.size_in_bits() + - H_query.size() * g1_type::value_bits + L_query.size() * g1_type::value_bits + - 1 * g1_type::value_bits + 1 * g2_type::value_bits; - } - - bool operator==(const r1cs_gg_ppzksnark_proving_key &other) const { - return (this->alpha_g1 == other.alpha_g1 && this->beta_g1 == other.beta_g1 && - this->beta_g2 == other.beta_g2 && this->delta_g1 == other.delta_g1 && - this->delta_g2 == other.delta_g2 && this->A_query == other.A_query && - this->B_query == other.B_query && this->H_query == other.H_query && - this->L_query == other.L_query && this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verification_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verification_key.hpp deleted file mode 100644 index a7e97b743f..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,176 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_GG_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_GG_PPZKSNARK_VERIFICATION_KEY_HPP - -#include - -#include -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - struct r1cs_gg_ppzksnark_processed_verification_key; - - template - struct r1cs_gg_ppzksnark_verification_key { - typedef CurveType curve_type; - - typename CurveType::gt_type::value_type alpha_g1_beta_g2; - typename CurveType::template g2_type<>::value_type gamma_g2; - typename CurveType::template g2_type<>::value_type delta_g2; - - container::accumulation_vector> gamma_ABC_g1; - - r1cs_gg_ppzksnark_verification_key() = default; - r1cs_gg_ppzksnark_verification_key( - const typename CurveType::gt_type::value_type &alpha_g1_beta_g2, - const typename CurveType::template g2_type<>::value_type &gamma_g2, - const typename CurveType::template g2_type<>::value_type &delta_g2, - const container::accumulation_vector> &gamma_ABC_g1) : - alpha_g1_beta_g2(alpha_g1_beta_g2), - gamma_g2(gamma_g2), delta_g2(delta_g2), gamma_ABC_g1(gamma_ABC_g1) { - } - - std::size_t G1_size() const { - return gamma_ABC_g1.size(); - } - - std::size_t G2_size() const { - return 2; - } - - std::size_t GT_size() const { - return 1; - } - - std::size_t size_in_bits() const { - using g2_type = typename CurveType::template g2_type<>; - - // TODO: include GT size - return (gamma_ABC_g1.size_in_bits() + 2 * g2_type::value_bits); - } - - bool operator==(const r1cs_gg_ppzksnark_verification_key &other) const { - return (this->alpha_g1_beta_g2 == other.alpha_g1_beta_g2 && this->gamma_g2 == other.gamma_g2 && - this->delta_g2 == other.delta_g2 && this->gamma_ABC_g1 == other.gamma_ABC_g1); - } - - explicit operator r1cs_gg_ppzksnark_processed_verification_key() const { - r1cs_gg_ppzksnark_processed_verification_key processed_verification_key; - processed_verification_key.vk_alpha_g1_beta_g2 = alpha_g1_beta_g2; - processed_verification_key.vk_gamma_g2_precomp = precompute_g2(gamma_g2); - processed_verification_key.vk_delta_g2_precomp = precompute_g2(delta_g2); - processed_verification_key.gamma_ABC_g1 = gamma_ABC_g1; - - return processed_verification_key; - } - }; - - template - struct r1cs_gg_ppzksnark_processed_verification_key { - typedef CurveType curve_type; - typedef typename algebra::pairing::pairing_policy pairing_policy; - - typename CurveType::gt_type::value_type vk_alpha_g1_beta_g2; - typename pairing_policy::g2_precomputed_type vk_gamma_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_delta_g2_precomp; - - container::accumulation_vector> gamma_ABC_g1; - - bool operator==(const r1cs_gg_ppzksnark_processed_verification_key &other) const { - return (this->vk_alpha_g1_beta_g2 == other.vk_alpha_g1_beta_g2 && - this->vk_gamma_g2_precomp == other.vk_gamma_g2_precomp && - this->vk_delta_g2_precomp == other.vk_delta_g2_precomp && - this->gamma_ABC_g1 == other.gamma_ABC_g1); - } - }; - - template - struct r1cs_gg_ppzksnark_extended_verification_key { - typedef CurveType curve_type; - - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - typedef typename CurveType::gt_type gt_type; - - typename gt_type::value_type alpha_g1_beta_g2; - typename g2_type::value_type gamma_g2; - typename g2_type::value_type delta_g2; - typename g1_type::value_type delta_g1; - container::accumulation_vector gamma_ABC_g1; - typename g1_type::value_type gamma_g1; - - r1cs_gg_ppzksnark_extended_verification_key() = default; - r1cs_gg_ppzksnark_extended_verification_key( - const typename gt_type::value_type &alpha_g1_beta_g2, - const typename g2_type::value_type &gamma_g2, - const typename g2_type::value_type &delta_g2, - const typename g1_type::value_type &delta_g1, - const container::accumulation_vector &gamma_ABC_g1, - const typename g1_type::value_type &gamma_g1) : - alpha_g1_beta_g2(alpha_g1_beta_g2), - gamma_g2(gamma_g2), delta_g2(delta_g2), delta_g1(delta_g1), gamma_ABC_g1(gamma_ABC_g1), - gamma_g1(gamma_g1) { - } - - std::size_t G1_size() const { - return gamma_ABC_g1.size() + 2; - } - - std::size_t G2_size() const { - return 2; - } - - std::size_t GT_size() const { - return 1; - } - - std::size_t size_in_bits() const { - // TODO: include GT size - return (gamma_ABC_g1.size_in_bits() + 2 * g2_type::value_bits + 2 * g1_type::value_bits); - } - - bool operator==(const r1cs_gg_ppzksnark_extended_verification_key &other) const { - return alpha_g1_beta_g2 == other.alpha_g1_beta_g2 && gamma_g2 == other.gamma_g2 && - delta_g2 == other.delta_g2 && delta_g1 == other.delta_g1 && - gamma_ABC_g1 == other.gamma_ABC_g1; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verifier.hpp deleted file mode 100644 index bf3a349f11..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_gg_ppzksnark/verifier.hpp +++ /dev/null @@ -1,307 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for BACS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a BACS-to-R1CS reduction, and -// (2) a ppzkSNARK for R1CS. -// -// -// Acronyms: -// -// - BACS = "Bilinear Arithmetic Circuit Satisfiability" -// - R1CS = "Rank-1 Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_VERIFIER_HPP - -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - template - class r1cs_gg_ppzksnark_process_verification_key; - - template - class r1cs_gg_ppzksnark_verifier_weak_input_consistency; - - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency; - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class r1cs_gg_ppzksnark_process_verification_key { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - - processed_verification_key_type processed_verification_key; - processed_verification_key.vk_alpha_g1_beta_g2 = verification_key.alpha_g1_beta_g2; - processed_verification_key.vk_gamma_g2_precomp = - precompute_g2(verification_key.gamma_g2); - processed_verification_key.vk_delta_g2_precomp = - precompute_g2(verification_key.delta_g2); - processed_verification_key.gamma_ABC_g1 = verification_key.gamma_ABC_g1; - - return processed_verification_key; - } - }; - - /** - Below are four variants of verifier algorithm for the R1CS GG-ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = CS.num_inputs, whereas - weak input consistency requires that |primary_input| <= CS.num_inputs (and - the primary input is implicitly padded with zeros up to length CS.num_inputs). - */ - - template - class r1cs_gg_ppzksnark_verifier_weak_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::gt_type gt_type; - typedef typename pairing::pairing_policy::g1_precomputed_type g1_precomputed_type; - typedef typename pairing::pairing_policy::g2_precomputed_type g2_precomputed_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_gg_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - assert(processed_verification_key.gamma_ABC_g1.domain_size() >= primary_input.size()); - - const container::accumulation_vector accumulated_IC = - processed_verification_key.gamma_ABC_g1.accumulate_chunk(primary_input.begin(), - primary_input.end(), 0); - - const typename g1_type::value_type &acc = accumulated_IC.first; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - const g1_precomputed_type proof_g_A_precomp = precompute_g1(proof.g_A); - const g2_precomputed_type proof_g_B_precomp = precompute_g2(proof.g_B); - const g1_precomputed_type proof_g_C_precomp = precompute_g1(proof.g_C); - const g1_precomputed_type acc_precomp = precompute_g1(acc); - - const typename gt_type::value_type QAP1 = - miller_loop(proof_g_A_precomp, proof_g_B_precomp); - const typename gt_type::value_type QAP2 = double_miller_loop( - acc_precomp, processed_verification_key.vk_gamma_g2_precomp, proof_g_C_precomp, - processed_verification_key.vk_delta_g2_precomp); - const typename gt_type::value_type QAP = - final_exponentiation(QAP1 * QAP2.unitary_inversed()); - - if (QAP != processed_verification_key.vk_alpha_g1_beta_g2) { - result = false; - } - - return result; - } - }; - - template - class r1cs_gg_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - return process(r1cs_gg_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS GG-ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - bool result = true; - - if (processed_verification_key.gamma_ABC_g1.domain_size() != primary_input.size()) { - result = false; - } else { - result = r1cs_gg_ppzksnark_verifier_weak_input_consistency::process( - processed_verification_key, primary_input, proof); - } - - return result; - } - }; - - // /** - // * - // * A verifier algorithm for the R1CS GG-ppzkSNARK that: - // * (1) accepts a non-processed verification key, - // * (2) has weak input consistency, and - // * (3) uses affine coordinates for elliptic-curve computations. - // */ - // template - // class r1cs_gg_ppzksnark_affine_verifier_weak_input_consistency { - // typedef detail::r1cs_gg_ppzksnark_basic_policy policy_type; - - // typedef typename CurveType::scalar_field_type scalar_field_type; - // typedef typename CurveType::template g1_type<> g1_type; - // typedef typename CurveType::gt_type gt_type; - // typedef typename pairing::pairing_policy::affine_ate_g1_precomp affine_ate_g1_precomp; - // typedef typename pairing::pairing_policy::affine_ate_g2_precomp affine_ate_g2_precomp; - - // public: - // typedef typename policy_type::primary_input_type primary_input_type; - - // typedef typename policy_type::verification_key_type verification_key_type; - // typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - // typedef typename policy_type::proof_type proof_type; - - // static inline bool process(const verification_key_type &verification_key, - // const primary_input_type &primary_input, - // const proof_type &proof) { - - // BOOST_ASSERT(verification_key.gamma_ABC_g1.domain_size() >= primary_input.size()); - - // affine_ate_g2_precomp pvk_vk_gamma_g2_precomp = - // affine_ate_precompute_g2(verification_key.gamma_g2); - // affine_ate_g2_precomp pvk_vk_delta_g2_precomp = - // affine_ate_precompute_g2(verification_key.delta_g2); - - // const accumulation_vector accumulated_IC = - // verification_key.gamma_ABC_g1.accumulate_chunk(primary_input.begin(), - // primary_input.end(), - // 0); - // const typename g1_type::value_type &acc = accumulated_IC.first; - - // bool result = true; - - // if (!proof.is_well_formed()) { - // result = false; - // } - - // const affine_ate_g1_precomp proof_g_A_precomp = - // affine_ate_precompute_g1(proof.g_A); - // const affine_ate_g2_precomp proof_g_B_precomp = - // affine_ate_precompute_g2(proof.g_B); - // const affine_ate_g1_precomp proof_g_C_precomp = - // affine_ate_precompute_g1(proof.g_C); - // const affine_ate_g1_precomp acc_precomp = affine_ate_precompute_g1(acc); - - // const typename fqk_type::value_type QAP_miller = - // affine_ate_e_times_e_over_e_miller_loop( - // acc_precomp, pvk_vk_gamma_g2_precomp, proof_g_C_precomp, pvk_vk_delta_g2_precomp, - // proof_g_A_precomp, proof_g_B_precomp); - // const typename gt_type::value_type QAP = - // final_exponentiation(QAP_miller.unitary_inversed()); - - // if (QAP != verification_key.alpha_g1_beta_g2) { - // result = false; - // } - // return result; - // } - // }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_GG_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark.hpp deleted file mode 100644 index 6d9c776365..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark.hpp +++ /dev/null @@ -1,117 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_PPZKSNARK_HPP -#define CRYPTO3_ZK_R1CS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for R1CS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation instantiates (a modification of) the protocol of \[PGHR13], - * by following extending, and optimizing the approach described in \[BCTV14]. - * - * Acronyms: - * - R1CS = "Rank-1 Constraint Systems" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - * - * References: - * \[BCTV14]: - * "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", - * Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, - * USENIX Security 2014, - * - * - * \[PGHR13]: - * "Pinocchio: Nearly practical verifiable computation", - * Bryan Parno, Craig Gentry, Jon Howell, Mariana Raykova, - * IEEE S&P 2013, - * - */ - template, - typename Prover = r1cs_ppzksnark_prover, - typename Verifier = r1cs_ppzksnark_verifier_strong_input_consistency> - class r1cs_ppzksnark { - typedef detail::r1cs_ppzksnark_policy policy_type; - - public: - typedef Generator generator_type; - typedef Prover prover_type; - typedef Verifier verifier_type; - - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - static inline bool verify(const typename Verifier::verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - - static inline bool verify(const typename Verifier::processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(pvk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/detail/basic_policy.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 375e1ed656..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,142 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates (a modification of) the protocol of \[PGHR13], -// by following extending, and optimizing the approach described in \[BCTV14]. -// -// -// Acronyms: -// -// - R1CS = "Rank-1 Constraint Systems" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// -// References: -// -// \[BCTV14]: -// "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// USENIX Security 2014, -// -// -// \[PGHR13]: -// "Pinocchio: Nearly practical verifiable computation", -// Bryan Parno, Craig Gentry, Jon Howell, Mariana Raykova, -// IEEE S&P 2013, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_R1CS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct r1cs_ppzksnark_policy { - typedef CurveType curve_type; - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS ppzkSNARK. - */ - typedef r1cs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS ppzkSNARK. - */ - typedef r1cs_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef r1cs_ppzksnark_processed_verification_key processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_ppzksnark_proof proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/generator.hpp deleted file mode 100644 index f9d8af3abb..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/generator.hpp +++ /dev/null @@ -1,232 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_R1CS_PPZKSNARK_BASIC_GENERATOR_HPP - -#ifdef MULTICORE -#include -#endif - -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - class r1cs_ppzksnark_generator { - typedef detail::r1cs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type process(const constraint_system_type &constraint_system) { - - typedef typename CurveType::scalar_field_type scalar_field_type; - typedef typename CurveType::template g1_type<> g1_type; - typedef typename CurveType::template g2_type<> g2_type; - - /* make the B_query "lighter" if possible */ - constraint_system_type cs_copy(constraint_system); - cs_copy.swap_AB_if_beneficial(); - - /* draw random element at which the QAP is evaluated */ - const typename scalar_field_type::value_type t = algebra::random_element(); - - qap_instance_evaluation qap_inst = - reductions::r1cs_to_qap::instance_map_with_evaluation(cs_copy, t); - - std::size_t non_zero_At = 0, non_zero_Bt = 0, non_zero_Ct = 0, non_zero_Ht = 0; - for (std::size_t i = 0; i < qap_inst.num_variables + 1; ++i) { - if (!qap_inst.At[i].is_zero()) { - ++non_zero_At; - } - if (!qap_inst.Bt[i].is_zero()) { - ++non_zero_Bt; - } - if (!qap_inst.Ct[i].is_zero()) { - ++non_zero_Ct; - } - } - for (std::size_t i = 0; i < qap_inst.degree + 1; ++i) { - if (!qap_inst.Ht[i].is_zero()) { - ++non_zero_Ht; - } - } - - std::vector At = std::move( - qap_inst.At); // qap_inst.At is now in unspecified state, but we do not use it later - std::vector Bt = std::move( - qap_inst.Bt); // qap_inst.Bt is now in unspecified state, but we do not use it later - std::vector Ct = std::move( - qap_inst.Ct); // qap_inst.Ct is now in unspecified state, but we do not use it later - std::vector Ht = std::move( - qap_inst.Ht); // qap_inst.Ht is now in unspecified state, but we do not use it later - - /* append Zt to At,Bt,Ct with */ - At.emplace_back(qap_inst.Zt); - Bt.emplace_back(qap_inst.Zt); - Ct.emplace_back(qap_inst.Zt); - - const typename scalar_field_type::value_type alphaA = - algebra::random_element(), - alphaB = - algebra::random_element(), - alphaC = - algebra::random_element(), - rA = algebra::random_element(), - rB = algebra::random_element(), - beta = - algebra::random_element(), - gamma = - algebra::random_element(); - const typename scalar_field_type::value_type rC = rA * rB; - - // consrtuct the same-coefficient-check query (must happen before zeroing out the prefix of - // At) - std::vector Kt; - Kt.reserve(qap_inst.num_variables + 4); - for (std::size_t i = 0; i < qap_inst.num_variables + 1; ++i) { - Kt.emplace_back(beta * (rA * At[i] + rB * Bt[i] + rC * Ct[i])); - } - Kt.emplace_back(beta * rA * qap_inst.Zt); - Kt.emplace_back(beta * rB * qap_inst.Zt); - Kt.emplace_back(beta * rC * qap_inst.Zt); - - /* zero out prefix of At and stick it into IC coefficients */ - std::vector IC_coefficients; - IC_coefficients.reserve(qap_inst.num_inputs + 1); - for (std::size_t i = 0; i < qap_inst.num_inputs + 1; ++i) { - IC_coefficients.emplace_back(At[i]); - assert(!IC_coefficients[i].is_zero()); - At[i] = scalar_field_type::value_type::zero(); - } - - const std::size_t g1_exp_count = 2 * (non_zero_At - qap_inst.num_inputs + non_zero_Ct) + - non_zero_Bt + non_zero_Ht + Kt.size(); - const std::size_t g2_exp_count = non_zero_Bt; - - std::size_t g1_window = algebra::get_exp_window_size(g1_exp_count); - std::size_t g2_window = algebra::get_exp_window_size(g2_exp_count); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - algebra::window_table g1_table = algebra::get_window_table( - scalar_field_type::value_bits, g1_window, g1_type::value_type::one()); - - algebra::window_table g2_table = algebra::get_window_table( - scalar_field_type::value_bits, g2_window, g2_type::value_type::one()); - - commitments::knowledge_commitment_vector A_query = - commitments::kc_batch_exp(scalar_field_type::value_bits, g1_window, - g1_window, g1_table, g1_table, rA, - rA * alphaA, At, chunks); - - commitments::knowledge_commitment_vector B_query = - commitments::kc_batch_exp(scalar_field_type::value_bits, g2_window, - g1_window, g2_table, g1_table, rB, - rB * alphaB, Bt, chunks); - - commitments::knowledge_commitment_vector C_query = - commitments::kc_batch_exp(scalar_field_type::value_bits, g1_window, - g1_window, g1_table, g1_table, rC, - rC * alphaC, Ct, chunks); - - typename std::vector H_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Ht); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_query); -#endif - - typename std::vector K_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Kt); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(K_query); -#endif - - typename g2_type::value_type alphaA_g2 = alphaA * g2_type::value_type::one(); - typename g1_type::value_type alphaB_g1 = alphaB * g1_type::value_type::one(); - typename g2_type::value_type alphaC_g2 = alphaC * g2_type::value_type::one(); - typename g2_type::value_type gamma_g2 = gamma * g2_type::value_type::one(); - typename g1_type::value_type gamma_beta_g1 = (gamma * beta) * g1_type::value_type::one(); - typename g2_type::value_type gamma_beta_g2 = (gamma * beta) * g2_type::value_type::one(); - typename g2_type::value_type rC_Z_g2 = (rC * qap_inst.Zt) * g2_type::value_type::one(); - - typename g1_type::value_type encoded_IC_base = - (rA * IC_coefficients[0]) * g1_type::value_type::one(); - std::vector multiplied_IC_coefficients; - multiplied_IC_coefficients.reserve(qap_inst.num_inputs); - for (std::size_t i = 1; i < qap_inst.num_inputs + 1; ++i) { - multiplied_IC_coefficients.emplace_back(rA * IC_coefficients[i]); - } - typename std::vector encoded_IC_values = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, multiplied_IC_coefficients); - - container::accumulation_vector encoded_IC_query(std::move(encoded_IC_base), - std::move(encoded_IC_values)); - - verification_key_type vk = - verification_key_type(alphaA_g2, alphaB_g1, alphaC_g2, gamma_g2, gamma_beta_g1, - gamma_beta_g2, rC_Z_g2, encoded_IC_query); - proving_key_type pk = proving_key_type(std::move(A_query), - std::move(B_query), - std::move(C_query), - std::move(H_query), - std::move(K_query), - std::move(cs_copy)); - - return keypair_type(std::move(pk), std::move(vk)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/keypair.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/keypair.hpp deleted file mode 100644 index 8a3a52f8a8..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_R1CS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp deleted file mode 100644 index ccb1bd482d..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proof.hpp +++ /dev/null @@ -1,104 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_PROOF_HPP -#define CRYPTO3_R1CS_PPZKSNARK_PROOF_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proof for the R1CS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - template - class r1cs_ppzksnark_proof { - typedef CurveType curve_type; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - typename commitments::knowledge_commitment::value_type g_A; - typename commitments::knowledge_commitment::value_type g_B; - typename commitments::knowledge_commitment::value_type g_C; - g1_value_type g_H; - g1_value_type g_K; - - r1cs_ppzksnark_proof() { - // invalid proof with valid curve points - this->g_A.g = g1_value_type::one(); - this->g_A.h = g1_value_type::one(); - this->g_B.g = g2_value_type::one(); - this->g_B.h = g1_value_type::one(); - this->g_C.g = g1_value_type::one(); - this->g_C.h = g1_value_type::one(); - this->g_H = g1_value_type::one(); - this->g_K = g1_value_type::one(); - } - r1cs_ppzksnark_proof(typename commitments::knowledge_commitment::value_type &&g_A, - typename commitments::knowledge_commitment::value_type &&g_B, - typename commitments::knowledge_commitment::value_type &&g_C, - g1_value_type &&g_H, - g1_value_type &&g_K) : - g_A(std::move(g_A)), - g_B(std::move(g_B)), g_C(std::move(g_C)), g_H(std::move(g_H)), g_K(std::move(g_K)) {}; - - std::size_t G1_size() const { - return 7; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * CurveType::g1_type::value_bits + G2_size() * CurveType::g2_type::value_bits; - } - - bool is_well_formed() const { - return (g_A.g.is_well_formed() && g_A.h.is_well_formed() && g_B.g.is_well_formed() && - g_B.h.is_well_formed() && g_C.g.is_well_formed() && g_C.h.is_well_formed() && - g_H.is_well_formed() && g_K.is_well_formed()); - } - - bool operator==(const r1cs_ppzksnark_proof &other) const { - return (this->g_A == other.g_A && this->g_B == other.g_B && this->g_C == other.g_C && - this->g_H == other.g_H && this->g_K == other.g_K); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/prover.hpp deleted file mode 100644 index aa8c799064..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/prover.hpp +++ /dev/null @@ -1,139 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the R1CS ppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_ppzksnark_prover { - typedef detail::r1cs_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using scalar_field_type = typename CurveType::scalar_field_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - const typename scalar_field_type::value_type d1 = algebra::random_element(), - d2 = algebra::random_element(), - d3 = algebra::random_element(); - - const qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, d1, d2, d3); - - typename commitments::knowledge_commitment::value_type g_A = - proving_key.A_query[0] + qap_wit.d1 * proving_key.A_query[qap_wit.num_variables + 1]; - typename commitments::knowledge_commitment::value_type g_B = - proving_key.B_query[0] + qap_wit.d2 * proving_key.B_query[qap_wit.num_variables + 1]; - typename commitments::knowledge_commitment::value_type g_C = - proving_key.C_query[0] + qap_wit.d3 * proving_key.C_query[qap_wit.num_variables + 1]; - - g1_value_type g_H = g1_value_type::zero(); - g1_value_type g_K = - (proving_key.K_query[0] + qap_wit.d1 * proving_key.K_query[qap_wit.num_variables + 1] + - qap_wit.d2 * proving_key.K_query[qap_wit.num_variables + 2] + - qap_wit.d3 * proving_key.K_query[qap_wit.num_variables + 3]); -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - g_A = g_A + commitments::kc_multiexp_with_mixed_addition( - proving_key.A_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables + 1, chunks); - - g_B = g_B + commitments::kc_multiexp_with_mixed_addition( - proving_key.B_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables + 1, chunks); - - g_C = g_C + commitments::kc_multiexp_with_mixed_addition( - proving_key.C_query, 1, 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables + 1, chunks); - - g_H = g_H + algebra::multiexp( - proving_key.H_query.begin(), proving_key.H_query.begin() + qap_wit.degree + 1, - qap_wit.coefficients_for_H.begin(), - qap_wit.coefficients_for_H.begin() + qap_wit.degree + 1, chunks); - - g_K = g_K + algebra::multiexp_with_mixed_addition( - proving_key.K_query.begin() + 1, - proving_key.K_query.begin() + 1 + qap_wit.num_variables, - qap_wit.coefficients_for_ABCs.begin(), - qap_wit.coefficients_for_ABCs.begin() + qap_wit.num_variables, chunks); - - return proof_type(std::move(g_A), std::move(g_B), std::move(g_C), std::move(g_H), - std::move(g_K)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proving_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proving_key.hpp deleted file mode 100644 index bcdf902809..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,113 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_R1CS_PPZKSNARK_PROVING_KEY_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the R1CS ppzkSNARK. - */ - template - class r1cs_ppzksnark_proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - - public: - typedef CurveType curve_type; - typedef ConstraintSystemType constraint_system_type; - - commitments::knowledge_commitment_vector A_query; - commitments::knowledge_commitment_vector B_query; - commitments::knowledge_commitment_vector C_query; - std::vector H_query; - std::vector K_query; - - constraint_system_type constraint_system; - - r1cs_ppzksnark_proving_key() {}; - r1cs_ppzksnark_proving_key &operator=(const r1cs_ppzksnark_proving_key &other) = default; - r1cs_ppzksnark_proving_key(const r1cs_ppzksnark_proving_key &other) = default; - r1cs_ppzksnark_proving_key(r1cs_ppzksnark_proving_key &&other) = default; - r1cs_ppzksnark_proving_key(commitments::knowledge_commitment_vector &&A_query, - commitments::knowledge_commitment_vector &&B_query, - commitments::knowledge_commitment_vector &&C_query, - typename std::vector &&H_query, - typename std::vector &&K_query, - constraint_system_type &&constraint_system) : - A_query(std::move(A_query)), - B_query(std::move(B_query)), C_query(std::move(C_query)), H_query(std::move(H_query)), - K_query(std::move(K_query)), constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return 2 * (A_query.domain_size() + C_query.domain_size()) + B_query.domain_size() + - H_query.size() + K_query.size(); - } - - std::size_t G2_size() const { - return B_query.domain_size(); - } - - std::size_t G1_sparse_size() const { - return 2 * (A_query.size() + C_query.size()) + B_query.size() + H_query.size() + K_query.size(); - } - - std::size_t G2_sparse_size() const { - return B_query.size(); - } - - std::size_t size_in_bits() const { - return A_query.size_in_bits() + B_query.size_in_bits() + C_query.size_in_bits() + - H_query.size() * CurveType::g1_type::value_bits + - K_query.size() * CurveType::g1_type::value_bits; - } - - bool operator==(const r1cs_ppzksnark_proving_key &other) const { - return (this->A_query == other.A_query && this->B_query == other.B_query && - this->C_query == other.C_query && this->H_query == other.H_query && - this->K_query == other.K_query && this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verification_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verification_key.hpp deleted file mode 100644 index 5ae2ead0c8..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,133 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_PPZKSNARK_VERIFICATION_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /** - * A verification key for the R1CS ppzkSNARK. - */ - template - class r1cs_ppzksnark_verification_key { - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g2_type::value_type alphaA_g2; - typename g1_type::value_type alphaB_g1; - typename g2_type::value_type alphaC_g2; - typename g2_type::value_type gamma_g2; - typename g1_type::value_type gamma_beta_g1; - typename g2_type::value_type gamma_beta_g2; - typename g2_type::value_type rC_Z_g2; - - container::accumulation_vector encoded_IC_query; - - r1cs_ppzksnark_verification_key() = default; - r1cs_ppzksnark_verification_key(const typename g2_type::value_type &alphaA_g2, - const typename g1_type::value_type &alphaB_g1, - const typename g2_type::value_type &alphaC_g2, - const typename g2_type::value_type &gamma_g2, - const typename g1_type::value_type &gamma_beta_g1, - const typename g2_type::value_type &gamma_beta_g2, - const typename g2_type::value_type &rC_Z_g2, - const container::accumulation_vector &eIC) : - alphaA_g2(alphaA_g2), - alphaB_g1(alphaB_g1), alphaC_g2(alphaC_g2), gamma_g2(gamma_g2), gamma_beta_g1(gamma_beta_g1), - gamma_beta_g2(gamma_beta_g2), rC_Z_g2(rC_Z_g2), encoded_IC_query(eIC) {}; - - std::size_t G1_size() const { - return 2 + encoded_IC_query.size(); - } - - std::size_t G2_size() const { - return 5; - } - - std::size_t size_in_bits() const { - return (2 * g1_type::value_bits + encoded_IC_query.size_in_bits() + 5 * g2_type::value_bits); - } - - bool operator==(const r1cs_ppzksnark_verification_key &other) const { - return (this->alphaA_g2 == other.alphaA_g2 && this->alphaB_g1 == other.alphaB_g1 && - this->alphaC_g2 == other.alphaC_g2 && this->gamma_g2 == other.gamma_g2 && - this->gamma_beta_g1 == other.gamma_beta_g1 && - this->gamma_beta_g2 == other.gamma_beta_g2 && this->rC_Z_g2 == other.rC_Z_g2 && - this->encoded_IC_query == other.encoded_IC_query); - } - }; - - /** - * A processed verification key for the R1CS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class r1cs_ppzksnark_processed_verification_key { - - using pairing_policy = pairing::pairing_policy; - - public: - typename pairing_policy::g2_precomputed_type pp_G2_one_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaA_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_alphaB_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_alphaC_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_rC_Z_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_g2_precomp; - typename pairing_policy::g1_precomputed_type vk_gamma_beta_g1_precomp; - typename pairing_policy::g2_precomputed_type vk_gamma_beta_g2_precomp; - - container::accumulation_vector> encoded_IC_query; - - bool operator==(const r1cs_ppzksnark_processed_verification_key &other) const { - return (this->pp_G2_one_precomp == other.pp_G2_one_precomp && - this->vk_alphaA_g2_precomp == other.vk_alphaA_g2_precomp && - this->vk_alphaB_g1_precomp == other.vk_alphaB_g1_precomp && - this->vk_alphaC_g2_precomp == other.vk_alphaC_g2_precomp && - this->vk_rC_Z_g2_precomp == other.vk_rC_Z_g2_precomp && - this->vk_gamma_g2_precomp == other.vk_gamma_g2_precomp && - this->vk_gamma_beta_g1_precomp == other.vk_gamma_beta_g1_precomp && - this->vk_gamma_beta_g2_precomp == other.vk_gamma_beta_g2_precomp && - this->encoded_IC_query == other.encoded_IC_query); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verifier.hpp deleted file mode 100644 index 9bfec111fc..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,369 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_R1CS_PPZKSNARK_BASIC_VERIFIER_HPP - -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class r1cs_ppzksnark_process_verification_key { - typedef detail::r1cs_ppzksnark_policy policy_type; - - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - - processed_verification_key_type processed_verification_key; - processed_verification_key.pp_G2_one_precomp = - precompute_g2(g2_type::value_type::one()); - processed_verification_key.vk_alphaA_g2_precomp = - precompute_g2(verification_key.alphaA_g2); - processed_verification_key.vk_alphaB_g1_precomp = - precompute_g1(verification_key.alphaB_g1); - processed_verification_key.vk_alphaC_g2_precomp = - precompute_g2(verification_key.alphaC_g2); - processed_verification_key.vk_rC_Z_g2_precomp = - precompute_g2(verification_key.rC_Z_g2); - processed_verification_key.vk_gamma_g2_precomp = - precompute_g2(verification_key.gamma_g2); - processed_verification_key.vk_gamma_beta_g1_precomp = - precompute_g1(verification_key.gamma_beta_g1); - processed_verification_key.vk_gamma_beta_g2_precomp = - precompute_g2(verification_key.gamma_beta_g2); - - processed_verification_key.encoded_IC_query = verification_key.encoded_IC_query; - - return processed_verification_key; - } - }; - - template - class r1cs_ppzksnark_verifier_weak_input_consistency { - typedef detail::r1cs_ppzksnark_policy policy_type; - - using pairing_policy = pairing::pairing_policy; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using gt_type = typename CurveType::gt_type; - using g1_value_type = typename g1_type::value_type; - using g2_value_type = typename g2_type::value_type; - using gt_value_type = typename gt_type::value_type; - using g1_precomputed_type = typename pairing_policy::g1_precomputed_type; - using g2_precomputed_type = typename pairing_policy::g2_precomputed_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - assert(processed_verification_key.encoded_IC_query.domain_size() >= primary_input.size()); - - const container::accumulation_vector accumulated_IC = - processed_verification_key.encoded_IC_query.accumulate_chunk(primary_input.begin(), - primary_input.end(), 0); - const g1_value_type &acc = accumulated_IC.first; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - g1_precomputed_type proof_g_A_g_precomp = precompute_g1(proof.g_A.g); - g1_precomputed_type proof_g_A_h_precomp = precompute_g1(proof.g_A.h); - typename gt_type::value_type kc_A_1 = miller_loop( - proof_g_A_g_precomp, processed_verification_key.vk_alphaA_g2_precomp); - typename gt_type::value_type kc_A_2 = - miller_loop(proof_g_A_h_precomp, processed_verification_key.pp_G2_one_precomp); - gt_value_type kc_A = final_exponentiation(kc_A_1 * kc_A_2.unitary_inversed()); - if (kc_A != gt_value_type::one()) { - result = false; - } - - g2_precomputed_type proof_g_B_g_precomp = precompute_g2(proof.g_B.g); - g1_precomputed_type proof_g_B_h_precomp = precompute_g1(proof.g_B.h); - typename gt_type::value_type kc_B_1 = miller_loop( - processed_verification_key.vk_alphaB_g1_precomp, proof_g_B_g_precomp); - typename gt_type::value_type kc_B_2 = - miller_loop(proof_g_B_h_precomp, processed_verification_key.pp_G2_one_precomp); - gt_value_type kc_B = final_exponentiation(kc_B_1 * kc_B_2.unitary_inversed()); - if (kc_B != gt_value_type::one()) { - result = false; - } - - g1_precomputed_type proof_g_C_g_precomp = precompute_g1(proof.g_C.g); - g1_precomputed_type proof_g_C_h_precomp = precompute_g1(proof.g_C.h); - typename gt_type::value_type kc_C_1 = miller_loop( - proof_g_C_g_precomp, processed_verification_key.vk_alphaC_g2_precomp); - typename gt_type::value_type kc_C_2 = - miller_loop(proof_g_C_h_precomp, processed_verification_key.pp_G2_one_precomp); - gt_value_type kc_C = final_exponentiation(kc_C_1 * kc_C_2.unitary_inversed()); - if (kc_C != gt_value_type::one()) { - result = false; - } - - // check that g^((A+acc)*B)=g^(H*\Prod(t-\sigma)+C) - // equivalently, via pairings, that e(g^(A+acc), g^B) = e(g^H, g^Z) + e(g^C, g^1) - g1_precomputed_type proof_g_A_g_acc_precomp = precompute_g1(proof.g_A.g + acc); - g1_precomputed_type proof_g_H_precomp = precompute_g1(proof.g_H); - typename gt_type::value_type QAP_1 = - miller_loop(proof_g_A_g_acc_precomp, proof_g_B_g_precomp); - typename gt_type::value_type QAP_23 = double_miller_loop( - proof_g_H_precomp, processed_verification_key.vk_rC_Z_g2_precomp, proof_g_C_g_precomp, - processed_verification_key.pp_G2_one_precomp); - gt_value_type QAP = final_exponentiation(QAP_1 * QAP_23.unitary_inversed()); - if (QAP != gt_value_type::one()) { - result = false; - } - - g1_precomputed_type proof_g_K_precomp = precompute_g1(proof.g_K); - g1_precomputed_type proof_g_A_g_acc_C_precomp = - precompute_g1((proof.g_A.g + acc) + proof.g_C.g); - typename gt_type::value_type K_1 = - miller_loop(proof_g_K_precomp, processed_verification_key.vk_gamma_g2_precomp); - typename gt_type::value_type K_23 = double_miller_loop( - proof_g_A_g_acc_C_precomp, processed_verification_key.vk_gamma_beta_g2_precomp, - processed_verification_key.vk_gamma_beta_g1_precomp, proof_g_B_g_precomp); - gt_value_type K = final_exponentiation(K_1 * K_23.unitary_inversed()); - if (K != gt_value_type::one()) { - result = false; - } - - return result; - } - }; - - template - class r1cs_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_ppzksnark_process_verification_key::process(verification_key), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - bool result = true; - - if (processed_verification_key.encoded_IC_query.domain_size() != primary_input.size()) { - result = false; - } else { - result = r1cs_ppzksnark_verifier_weak_input_consistency::process( - processed_verification_key, primary_input, proof); - } - - return result; - } - }; - - // /** - // * - // * A verifier algorithm for the R1CS ppzkSNARK that: - // * (1) accepts a non-processed verification key, - // * (2) has weak input consistency, and - // * (3) uses affine coordinates for elliptic-curve computations. - // */ - // template - // class r1cs_ppzksnark_affine_verifier_weak_input_consistency { - // typedef detail::r1cs_ppzksnark_policy policy_type; - - // using pairing_policy = typename CurveType::pairing; - // using g1_type = typename CurveType::template g1_type<>; - // using g2_type = typename CurveType::template g2_type<>; - // using gt_type = typename CurveType::gt_type; - // using g1_value_type = typename g1_type::value_type; - // using g2_value_type = typename g2_type::value_type; - // using gt_value_type = typename gt_type::value_type; - // using scalar_field_type = typename CurveType::scalar_field_type; - // using g1_precomputed_type = typename pairing_policy::g1_precomputed_type; - // using g2_precomputed_type = typename pairing_policy::g2_precomputed_type; - // using affine_ate_g1_precomp = typename pairing_policy::affine_ate_g1_precomp; - // using affine_ate_g2_precomp = typename pairing_policy::affine_ate_g2_precomp; - - // public: - // typedef typename policy_type::primary_input_type primary_input_type; - // typedef typename policy_type::verification_key_type verification_key_type; - // typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - // typedef typename policy_type::proof_type proof_type; - - // static inline bool process(const verification_key_type &vk, - // const primary_input_type &primary_input, - // const proof_type &proof) { - // typedef typename CurveType::pairing pairing_policy; - - // assert(vk.encoded_IC_query.domain_size() >= primary_input.size()); - - // affine_ate_g2_precomp pvk_pp_G2_one_precomp = - // affine_ate_precompute_g2(g2_value_type::one()); - // affine_ate_g2_precomp pvk_vk_alphaA_g2_precomp = - // affine_ate_precompute_g2(vk.alphaA_g2); - // affine_ate_g1_precomp pvk_vk_alphaB_g1_precomp = - // affine_ate_precompute_g1(vk.alphaB_g1); - // affine_ate_g2_precomp pvk_vk_alphaC_g2_precomp = - // affine_ate_precompute_g2(vk.alphaC_g2); - // affine_ate_g2_precomp pvk_vk_rC_Z_g2_precomp = - // affine_ate_precompute_g2(vk.rC_Z_g2); - // affine_ate_g2_precomp pvk_vk_gamma_g2_precomp = - // affine_ate_precompute_g2(vk.gamma_g2); - // affine_ate_g1_precomp pvk_vk_gamma_beta_g1_precomp = - // affine_ate_precompute_g1(vk.gamma_beta_g1); - // affine_ate_g2_precomp pvk_vk_gamma_beta_g2_precomp = - // affine_ate_precompute_g2(vk.gamma_beta_g2); - - // const accumulation_vector accumulated_IC = - // vk.encoded_IC_query.accumulate_chunk(primary_input.begin(), - // primary_input.end(), 0); - // assert(accumulated_IC.is_fully_accumulated()); - // const g1_value_type &acc = accumulated_IC.first; - - // bool result = true; - // affine_ate_g1_precomp proof_g_A_g_precomp = affine_ate_precompute_g1(proof.g_A.g); - // affine_ate_g1_precomp proof_g_A_h_precomp = affine_ate_precompute_g1(proof.g_A.h); - // typename gt_type::value_type kc_A_miller = affine_ate_e_over_e_miller_loop( - // proof_g_A_g_precomp, pvk_vk_alphaA_g2_precomp, proof_g_A_h_precomp, - // pvk_pp_G2_one_precomp); - // gt_value_type kc_A = final_exponentiation(kc_A_miller); - - // if (kc_A != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g2_precomp proof_g_B_g_precomp = - // affine_ate_precompute_g2(proof.g_B.g); - // affine_ate_g1_precomp proof_g_B_h_precomp = - // affine_ate_precompute_g1(proof.g_B.h); - // typename gt_type::value_type kc_B_miller = affine_ate_e_over_e_miller_loop( - // pvk_vk_alphaB_g1_precomp, proof_g_B_g_precomp, proof_g_B_h_precomp, - // pvk_pp_G2_one_precomp); - // gt_value_type kc_B = final_exponentiation(kc_B_miller); - // if (kc_B != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g1_precomp proof_g_C_g_precomp = - // affine_ate_precompute_g1(proof.g_C.g); - // affine_ate_g1_precomp proof_g_C_h_precomp = - // affine_ate_precompute_g1(proof.g_C.h); - // typename gt_type::value_type kc_C_miller = affine_ate_e_over_e_miller_loop( - // proof_g_C_g_precomp, pvk_vk_alphaC_g2_precomp, proof_g_C_h_precomp, - // pvk_pp_G2_one_precomp); - // gt_value_type kc_C = final_exponentiation(kc_C_miller); - // if (kc_C != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g1_precomp proof_g_A_g_acc_precomp = - // affine_ate_precompute_g1(proof.g_A.g + acc); - // affine_ate_g1_precomp proof_g_H_precomp = affine_ate_precompute_g1(proof.g_H); - // typename gt_type::value_type QAP_miller = - // affine_ate_e_times_e_over_e_miller_loop( - // proof_g_H_precomp, pvk_vk_rC_Z_g2_precomp, proof_g_C_g_precomp, - // pvk_pp_G2_one_precomp, proof_g_A_g_acc_precomp, proof_g_B_g_precomp); - // gt_value_type QAP = final_exponentiation(QAP_miller); - // if (QAP != gt_value_type::one()) { - // result = false; - // } - - // affine_ate_g1_precomp proof_g_K_precomp = affine_ate_precompute_g1(proof.g_K); - // affine_ate_g1_precomp proof_g_A_g_acc_C_precomp = - // affine_ate_precompute_g1((proof.g_A.g + acc) + proof.g_C.g); - // typename gt_type::value_type K_miller = - // affine_ate_e_times_e_over_e_miller_loop( - // proof_g_A_g_acc_C_precomp, pvk_vk_gamma_beta_g2_precomp, - // pvk_vk_gamma_beta_g1_precomp, proof_g_B_g_precomp, proof_g_K_precomp, - // pvk_vk_gamma_g2_precomp); - // gt_value_type K = final_exponentiation(K_miller); - // if (K != gt_value_type::one()) { - // result = false; - // } - - // return result; - // } - // }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark.hpp deleted file mode 100644 index 8302b15282..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark.hpp +++ /dev/null @@ -1,111 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief SEppzkSNARK for R1CS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * - * The implementation instantiates (a modification of) the protocol of \[GM17], - * by following extending, and optimizing the approach described in \[BCTV14]. - * - * Acronyms: - * - R1CS = "Rank-1 Constraint Systems" - * - SEppzkSNARK = "Simulation-Extractable PreProcessing Zero-Knowledge Succinct - * Non-interactive ARgument of Knowledge" - * - * References: - * \[BCTV14]: - * "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", - * Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, - * USENIX Security 2014, - * - * - * \[GM17]: - * "Snarky Signatures: Minimal Signatures of Knowledge from - * Simulation-Extractable SNARKs", - * Jens Groth and Mary Maller, - * IACR-CRYPTO-2017, - * - */ - template, - typename Prover = r1cs_se_ppzksnark_prover, - typename Verifier = r1cs_se_ppzksnark_verifier_strong_input_consistency> - class r1cs_se_ppzksnark { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_SE_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/detail/basic_policy.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 141cbffb56..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,145 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a SEppzkSNARK for R1CS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates (a modification of) the protocol of \[GM17], -// by following extending, and optimizing the approach described in \[BCTV14]. -// -// -// Acronyms: -// -// - R1CS = "Rank-1 Constraint Systems" -// - SEppzkSNARK = "Simulation-Extractable PreProcessing Zero-Knowledge Succinct -// Non-interactive ARgument of Knowledge" -// -// References: -// -// \[BCTV14]: -// "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// USENIX Security 2014, -// -// -// \[GM17]: -// "Snarky Signatures: Minimal Signatures of Knowledge from -// Simulation-Extractable SNARKs", -// Jens Groth and Mary Maller, -// IACR-CRYPTO-2017, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct r1cs_se_ppzksnark_policy { - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef r1cs_constraint_system constraint_system_type; - - typedef r1cs_primary_input primary_input_type; - - typedef r1cs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the R1CS SEppzkSNARK. - */ - typedef r1cs_se_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the R1CS SEppzkSNARK. - */ - typedef r1cs_se_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the R1CS SEppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef r1cs_se_ppzksnark_processed_verification_key processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the R1CS SEppzkSNARK, which consists of a proving key and a verification key. - */ - typedef r1cs_se_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the R1CS SEppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef r1cs_se_ppzksnark_proof proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_SE_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/generator.hpp deleted file mode 100644 index b42bc292f9..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/generator.hpp +++ /dev/null @@ -1,223 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP - -#ifdef MULTICORE -#include -#endif - -#include - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A generator algorithm for the R1CS SEppzkSNARK. - * - * Given a R1CS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - template - class r1cs_se_ppzksnark_generator { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef CurveType curve_type; - - typedef typename policy_type::constraint_system_type constraint_system_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - - static inline keypair_type process(const constraint_system_type &constraint_system) { - - /** - * draw random element t at which the SAP is evaluated. - * it should be the case that Z(t) != 0 - */ - const std::shared_ptr> domain = - reductions::r1cs_to_sap::get_domain( - constraint_system); - typename CurveType::scalar_field_type::value_type t; - do { - t = algebra::random_element(); - } while (domain->compute_vanishing_polynomial(t).is_zero()); - - sap_instance_evaluation sap_inst = - reductions::r1cs_to_sap< - typename CurveType::scalar_field_type>::instance_map_with_evaluation(constraint_system, - t); - - std::size_t non_zero_At = 0; - for (std::size_t i = 0; i < sap_inst.num_variables + 1; ++i) { - if (!sap_inst.At[i].is_zero()) { - ++non_zero_At; - } - } - - std::vector At = std::move(sap_inst.At); - std::vector Ct = std::move(sap_inst.Ct); - std::vector Ht = std::move(sap_inst.Ht); - /** - * sap_inst.{A,C,H}t are now in an unspecified state, - * but we do not use them below - */ - - const typename CurveType::scalar_field_type::value_type - alpha = algebra::random_element(), - beta = algebra::random_element(), - gamma = algebra::random_element(); - const typename g1_type::value_type G = algebra::random_element(); - const typename g2_type::value_type H = algebra::random_element(); - - std::size_t G_exp_count = sap_inst.num_inputs + 1 // verifier_query - + non_zero_At // A_query - + sap_inst.degree + - 1 // G_gamma2_Z_t - // C_query_1 - + sap_inst.num_variables - sap_inst.num_inputs + - sap_inst.num_variables + 1, // C_query_2 - G_window = algebra::get_exp_window_size(G_exp_count); - - algebra::window_table G_table = - algebra::get_window_table(CurveType::scalar_field_type::value_bits, G_window, G); - - typename g2_type::value_type H_gamma = gamma * H; - std::size_t H_gamma_exp_count = non_zero_At, // B_query - H_gamma_window = algebra::get_exp_window_size(H_gamma_exp_count); - algebra::window_table H_gamma_table = algebra::get_window_table( - CurveType::scalar_field_type::value_bits, H_gamma_window, H_gamma); - - typename g1_type::value_type G_alpha = alpha * G; - typename g2_type::value_type H_beta = beta * H; - - std::vector tmp_exponents; - tmp_exponents.reserve(sap_inst.num_inputs + 1); - for (std::size_t i = 0; i <= sap_inst.num_inputs; ++i) { - tmp_exponents.emplace_back(gamma * Ct[i] + (alpha + beta) * At[i]); - } - typename std::vector verifier_query = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); - - tmp_exponents.reserve(sap_inst.num_variables + 1); - for (std::size_t i = 0; i < At.size(); i++) { - tmp_exponents.emplace_back(gamma * At[i]); - } - - typename std::vector A_query = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(A_query); -#endif - typename std::vector B_query = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, H_gamma_window, H_gamma_table, At); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(B_query); -#endif - typename g1_type::value_type G_gamma = gamma * G; - typename g1_type::value_type G_gamma_Z = sap_inst.Zt * G_gamma; - typename g2_type::value_type H_gamma_Z = sap_inst.Zt * H_gamma; - typename g1_type::value_type G_ab_gamma_Z = (alpha + beta) * G_gamma_Z; - typename g1_type::value_type G_gamma2_Z2 = (sap_inst.Zt * gamma) * G_gamma_Z; - - tmp_exponents.reserve(sap_inst.degree + 1); - - /* Compute the vector G_gamma2_Z_t := Z(t) * t^i * gamma^2 * G */ - typename CurveType::scalar_field_type::value_type gamma2_Z_t = sap_inst.Zt * gamma.squared(); - for (std::size_t i = 0; i < sap_inst.degree + 1; ++i) { - tmp_exponents.emplace_back(gamma2_Z_t); - gamma2_Z_t *= t; - } - typename std::vector G_gamma2_Z_t = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(G_gamma2_Z_t); -#endif - tmp_exponents.reserve(sap_inst.num_variables - sap_inst.num_inputs); - for (std::size_t i = sap_inst.num_inputs + 1; i <= sap_inst.num_variables; ++i) { - tmp_exponents.emplace_back(gamma * (gamma * Ct[i] + (alpha + beta) * At[i])); - } - typename std::vector C_query_1 = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(C_query_1); -#endif - - tmp_exponents.reserve(sap_inst.num_variables + 1); - typename CurveType::scalar_field_type::value_type double_gamma2_Z = gamma * gamma * sap_inst.Zt; - double_gamma2_Z = double_gamma2_Z + double_gamma2_Z; - for (std::size_t i = 0; i <= sap_inst.num_variables; ++i) { - tmp_exponents.emplace_back(double_gamma2_Z * At[i]); - } - typename std::vector C_query_2 = - algebra::batch_exp( - CurveType::scalar_field_type::value_bits, G_window, G_table, tmp_exponents); - tmp_exponents.clear(); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(C_query_2); -#endif - - verification_key_type vk = - verification_key_type(H, G_alpha, H_beta, G_gamma, H_gamma, std::move(verifier_query)); - - constraint_system_type cs_copy(constraint_system); - - proving_key_type pk = - proving_key_type(std::move(A_query), std::move(B_query), std::move(C_query_1), - std::move(C_query_2), G_gamma_Z, H_gamma_Z, G_ab_gamma_Z, G_gamma2_Z2, - std::move(G_gamma2_Z_t), std::move(cs_copy)); - - return {std::move(pk), std::move(vk)}; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/keypair.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/keypair.hpp deleted file mode 100644 index 1bf66e948a..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using r1cs_se_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proof.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proof.hpp deleted file mode 100644 index 958c9230f0..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proof.hpp +++ /dev/null @@ -1,86 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_PROOF_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_PROOF_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proof for the R1CS SEppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - template - class r1cs_se_ppzksnark_proof { - - typedef CurveType curve_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g1_type::value_type A; - typename g2_type::value_type B; - typename g1_type::value_type C; - - r1cs_se_ppzksnark_proof() { - } - r1cs_se_ppzksnark_proof(typename g1_type::value_type &&A, - typename g2_type::value_type &&B, - typename g1_type::value_type &&C) : - A(std::move(A)), - B(std::move(B)), C(std::move(C)) {}; - - std::size_t G1_size() const { - return 2; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool is_well_formed() const { - return (A.is_well_formed() && B.is_well_formed() && C.is_well_formed()); - } - - bool operator==(const r1cs_se_ppzksnark_proof &other) const { - return (this->A == other.A && this->B == other.B && this->C == other.C); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/prover.hpp deleted file mode 100644 index 754b27d279..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/prover.hpp +++ /dev/null @@ -1,165 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the R1CS SEppzkSNARK. - * - * Given a R1CS primary input X and a R1CS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the R1CS constraint system that was given as input to the generator algorithm. - */ - template - class r1cs_se_ppzksnark_prover { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - const typename CurveType::scalar_field_type::value_type - d1 = algebra::random_element(), - d2 = algebra::random_element(); - - const sap_witness sap_wit = - reductions::r1cs_to_sap::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, d1, d2); - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - const typename CurveType::scalar_field_type::value_type r = - algebra::random_element(); - - /** - * compute A = G^{gamma * (\sum_{i=0}^m input_i * A_i(t) + r * Z(t))} - * = \prod_{i=0}^m (G^{gamma * A_i(t)})^{input_i) - * * (G^{gamma * Z(t)})^r - * = \prod_{i=0}^m A_query[i]^{input_i} * G_gamma_Z^r - */ - typename CurveType::template g1_type<>::value_type A = - r * proving_key.G_gamma_Z + - proving_key.A_query[0] + // i = 0 is a special case because input_i = 1 - sap_wit.d1 * proving_key.G_gamma_Z + // ZK-patch - algebra::multiexp( - proving_key.A_query.begin() + 1, - proving_key.A_query.end(), - sap_wit.coefficients_for_ACs.begin(), - sap_wit.coefficients_for_ACs.end(), - chunks); - - /** - * compute B exactly as A, except with H as the base - */ - typename CurveType::template g2_type<>::value_type B = - r * proving_key.H_gamma_Z + - proving_key.B_query[0] + // i = 0 is a special case because input_i = 1 - sap_wit.d1 * proving_key.H_gamma_Z + // ZK-patch - algebra::multiexp( - proving_key.B_query.begin() + 1, - proving_key.B_query.end(), - sap_wit.coefficients_for_ACs.begin(), - sap_wit.coefficients_for_ACs.end(), - chunks); - /** - * compute C = G^{f(input) + - * r^2 * gamma^2 * Z(t)^2 + - * r * (alpha + beta) * gamma * Z(t) + - * 2 * r * gamma^2 * Z(t) * \sum_{i=0}^m input_i A_i(t) + - * gamma^2 * Z(t) * H(t)} - * where G^{f(input)} = \prod_{i=l+1}^m C_query_1 * input_i - * and G^{2 * r * gamma^2 * Z(t) * \sum_{i=0}^m input_i A_i(t)} = - * = \prod_{i=0}^m C_query_2 * input_i - */ - typename CurveType::template g1_type<>::value_type C = - algebra::multiexp( - proving_key.C_query_1.begin(), - proving_key.C_query_1.end(), - sap_wit.coefficients_for_ACs.begin() + sap_wit.num_inputs, - sap_wit.coefficients_for_ACs.end(), - chunks) + - (r * r) * proving_key.G_gamma2_Z2 + r * proving_key.G_ab_gamma_Z + - sap_wit.d1 * proving_key.G_ab_gamma_Z + // ZK-patch - r * proving_key.C_query_2[0] + // i = 0 is a special case for C_query_2 - (r + r) * sap_wit.d1 * proving_key.G_gamma2_Z2 + // ZK-patch for C_query_2 - r * algebra::multiexp( - proving_key.C_query_2.begin() + 1, - proving_key.C_query_2.end(), - sap_wit.coefficients_for_ACs.begin(), - sap_wit.coefficients_for_ACs.end(), - chunks) + - sap_wit.d2 * proving_key.G_gamma2_Z_t[0] + // ZK-patch - algebra::multiexp( - proving_key.G_gamma2_Z_t.begin(), - proving_key.G_gamma2_Z_t.end(), - sap_wit.coefficients_for_H.begin(), - sap_wit.coefficients_for_H.end(), - chunks); - - return {std::move(A), std::move(B), std::move(C)}; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proving_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proving_key.hpp deleted file mode 100644 index bee79e3a48..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,122 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_PROVING_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the R1CS ppzkSNARK. - */ - template - class r1cs_se_ppzksnark_proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef ConstraintSystem constraint_system_type; - - // G^{gamma * A_i(t)} for 0 <= i <= sap.num_variables() - std::vector A_query; - - // H^{gamma * A_i(t)} for 0 <= i <= sap.num_variables() - std::vector B_query; - - // G^{gamma^2 * C_i(t) + (alpha + beta) * gamma * A_i(t)} - // for sap.num_inputs() + 1 < i <= sap.num_variables() - std::vector C_query_1; - - // G^{2 * gamma^2 * Z(t) * A_i(t)} for 0 <= i <= sap.num_variables() - std::vector C_query_2; - - // G^{gamma * Z(t)} - typename g1_type::value_type G_gamma_Z; - - // H^{gamma * Z(t)} - typename g2_type::value_type H_gamma_Z; - - // G^{(alpha + beta) * gamma * Z(t)} - typename g1_type::value_type G_ab_gamma_Z; - - // G^{gamma^2 * Z(t)^2} - typename g1_type::value_type G_gamma2_Z2; - - // G^{gamma^2 * Z(t) * t^i} for 0 <= i < sap.degree - std::vector G_gamma2_Z_t; - - constraint_system_type constraint_system; - - r1cs_se_ppzksnark_proving_key() {}; - r1cs_se_ppzksnark_proving_key &operator=(const r1cs_se_ppzksnark_proving_key &other) = default; - r1cs_se_ppzksnark_proving_key(const r1cs_se_ppzksnark_proving_key &other) = default; - r1cs_se_ppzksnark_proving_key(r1cs_se_ppzksnark_proving_key &&other) = default; - r1cs_se_ppzksnark_proving_key(std::vector &&A_query, - std::vector &&B_query, - std::vector &&C_query_1, - std::vector &&C_query_2, - typename g1_type::value_type &G_gamma_Z, - typename g2_type::value_type &H_gamma_Z, - typename g1_type::value_type &G_ab_gamma_Z, - typename g1_type::value_type &G_gamma2_Z2, - std::vector &&G_gamma2_Z_t, - constraint_system_type &&constraint_system) : - A_query(std::move(A_query)), - B_query(std::move(B_query)), C_query_1(std::move(C_query_1)), C_query_2(std::move(C_query_2)), - G_gamma_Z(G_gamma_Z), H_gamma_Z(H_gamma_Z), G_ab_gamma_Z(G_ab_gamma_Z), - G_gamma2_Z2(G_gamma2_Z2), G_gamma2_Z_t(std::move(G_gamma2_Z_t)), - constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return A_query.size() + C_query_1.size() + C_query_2.size() + 3 + G_gamma2_Z_t.size(); - } - - std::size_t G2_size() const { - return B_query.size() + 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool operator==(const r1cs_se_ppzksnark_proving_key &other) const { - return (this->A_query == other.A_query && this->B_query == other.B_query && - this->C_query_1 == other.C_query_1 && this->C_query_2 == other.C_query_2 && - this->G_gamma_Z == other.G_gamma_Z && this->H_gamma_Z == other.H_gamma_Z && - this->G_ab_gamma_Z == other.G_ab_gamma_Z && this->G_gamma2_Z2 == other.G_gamma2_Z2 && - this->G_gamma2_Z_t == other.G_gamma2_Z_t && - this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verification_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verification_key.hpp deleted file mode 100644 index 99290e0c69..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,127 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_SE_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_R1CS_SE_PPZKSNARK_VERIFICATION_KEY_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /** - * A verification key for the R1CS SEppzkSNARK. - */ - template - class r1cs_se_ppzksnark_verification_key { - typedef CurveType curve_type; - - using g1_type = typename curve_type::template g1_type<>; - using g2_type = typename curve_type::template g2_type<>; - - public: - // H - typename g2_type::value_type H; - - // G^{alpha} - typename g1_type::value_type G_alpha; - - // H^{beta} - typename g2_type::value_type H_beta; - - // G^{gamma} - typename g1_type::value_type G_gamma; - - // H^{gamma} - typename g2_type::value_type H_gamma; - - // G^{gamma * A_i(t) + (alpha + beta) * A_i(t)} - // for 0 <= i <= sap.num_inputs() - std::vector query; - - r1cs_se_ppzksnark_verification_key() = default; - r1cs_se_ppzksnark_verification_key(const typename g2_type::value_type &H, - const typename g1_type::value_type &G_alpha, - const typename g2_type::value_type &H_beta, - const typename g1_type::value_type &G_gamma, - const typename g2_type::value_type &H_gamma, - std::vector &&query) : - H(H), - G_alpha(G_alpha), H_beta(H_beta), G_gamma(G_gamma), H_gamma(H_gamma), - query(std::move(query)) {}; - - std::size_t G1_size() const { - return 2 + query.size(); - } - - std::size_t G2_size() const { - return 3; - } - - std::size_t size_in_bits() const { - return (G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits); - } - - bool operator==(const r1cs_se_ppzksnark_verification_key &other) const { - return (this->H == other.H && this->G_alpha == other.G_alpha && this->H_beta == other.H_beta && - this->G_gamma == other.G_gamma && this->H_gamma == other.H_gamma && - this->query == other.query); - } - }; - - /** - * A processed verification key for the R1CS SEppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - struct r1cs_se_ppzksnark_processed_verification_key { - - typename CurveType::template g1_type<>::value_type G_alpha; - typename CurveType::template g2_type<>::value_type H_beta; - typename CurveType::gt_type::value_type G_alpha_H_beta_ml; - typename pairing::pairing_policy::g1_precomputed_type G_gamma_pc; - typename pairing::pairing_policy::g2_precomputed_type H_gamma_pc; - typename pairing::pairing_policy::g2_precomputed_type H_pc; - - std::vector::value_type> query; - - bool operator==(const r1cs_se_ppzksnark_processed_verification_key &other) const { - return (this->G_alpha == other.G_alpha && this->H_beta == other.H_beta && - this->G_alpha_H_beta_ml == other.G_alpha_H_beta_ml && - this->G_gamma_pc == other.G_gamma_pc && this->H_gamma_pc == other.H_gamma_pc && - this->H_pc == other.H_pc && this->query == other.query); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verifier.hpp deleted file mode 100644 index f5b36bd6f6..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/r1cs_se_ppzksnark/verifier.hpp +++ /dev/null @@ -1,230 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_VERIFIER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class r1cs_se_ppzksnark_process_verification_key { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type - process(const verification_key_type &verification_key) { - - typename pairing::pairing_policy::g1_precomputed_type G_alpha_pc = - precompute_g1(verification_key.G_alpha); - typename pairing::pairing_policy::g2_precomputed_type H_beta_pc = - precompute_g2(verification_key.H_beta); - - processed_verification_key_type processed_verification_key; - processed_verification_key.G_alpha = verification_key.G_alpha; - processed_verification_key.H_beta = verification_key.H_beta; - processed_verification_key.G_alpha_H_beta_ml = miller_loop(G_alpha_pc, H_beta_pc); - processed_verification_key.G_gamma_pc = precompute_g1(verification_key.G_gamma); - processed_verification_key.H_gamma_pc = precompute_g2(verification_key.H_gamma); - processed_verification_key.H_pc = precompute_g2(verification_key.H); - - processed_verification_key.query = verification_key.query; - - return processed_verification_key; - } - }; - - /* - Below are four variants of verifier algorithm for the R1CS SEppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = CS.num_inputs, whereas - weak input consistency requires that |primary_input| <= CS.num_inputs (and - the primary input is implicitly padded with zeros up to length CS.num_inputs). - */ - - template - class r1cs_se_ppzksnark_verifier_weak_input_consistency { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS SEppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_se_ppzksnark_process_verification_key::process(vk), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &processed_verification_key, - const primary_input_type &primary_input, - const proof_type &proof) { - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - /** - * e(A*G^{alpha}, B*H^{beta}) = e(G^{alpha}, H^{beta}) * e(G^{psi}, H^{gamma}) - * * e(C, H) - * where psi = \sum_{i=0}^l input_i processed_verification_key.query[i] - */ - typename CurveType::template g1_type<>::value_type G_psi = - processed_verification_key.query[0] + - algebra::multiexp( - processed_verification_key.query.begin() + 1, processed_verification_key.query.end(), - primary_input.begin(), primary_input.end(), chunks); - - typename CurveType::gt_type::value_type - test1_l = miller_loop( - precompute_g1(proof.A + processed_verification_key.G_alpha), - precompute_g2(proof.B + processed_verification_key.H_beta)), - test1_r1 = processed_verification_key.G_alpha_H_beta_ml, - test1_r2 = miller_loop(precompute_g1(G_psi), - processed_verification_key.H_gamma_pc), - test1_r3 = miller_loop(precompute_g1(proof.C), - processed_verification_key.H_pc); - typename CurveType::gt_type::value_type test1 = final_exponentiation( - test1_l.unitary_inversed() * test1_r1 * test1_r2 * test1_r3); - - if (test1 != CurveType::gt_type::value_type::one()) { - result = false; - } - - /** - * e(A, H^{gamma}) = e(G^{gamma}, B) - */ - typename CurveType::gt_type::value_type test2_l = miller_loop( - precompute_g1(proof.A), - processed_verification_key.H_gamma_pc), - test2_r = miller_loop( - processed_verification_key.G_gamma_pc, - precompute_g2(proof.B)); - typename CurveType::gt_type::value_type test2 = - final_exponentiation(test2_l * test2_r.unitary_inversed()); - - if (test2 != CurveType::gt_type::value_type::one()) { - result = false; - } - - return result; - } - }; - - template - class r1cs_se_ppzksnark_verifier_strong_input_consistency { - typedef detail::r1cs_se_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the R1CS SEppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return process(r1cs_se_ppzksnark_process_verification_key::process(vk), - primary_input, proof); - } - - /** - * A verifier algorithm for the R1CS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - bool result = true; - - if (pvk.query.size() != primary_input.size() + 1) { - result = false; - } else { - result = r1cs_se_ppzksnark_verifier_weak_input_consistency::process( - pvk, primary_input, proof); - } - - return result; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_R1CS_SE_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark.hpp deleted file mode 100644 index ccb1ca5161..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark.hpp +++ /dev/null @@ -1,97 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for TBCS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation is a straightforward combination of: - * (1) a TBCS-to-USCS reduction, and - * (2) a ppzkSNARK for USCS. - * - * Acronyms: - * - TBCS = "Two-input Boolean Circuit Satisfiability" - * - USCS = "Unitary-Square Constraint System" - * - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - */ - template, - typename Prover = tbcs_ppzksnark_prover, - typename Verifier = tbcs_ppzksnark_verifier_strong_input_consistency> - class tbcs_ppzksnark { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const circuit_type &circuit) { - return Generator::process(circuit); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/detail/basic_policy.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index 209ed08d4c..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,126 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for TBCS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation is a straightforward combination of: -// (1) a TBCS-to-USCS reduction, and -// (2) a ppzkSNARK for USCS. -// -// -// Acronyms: -// -// - TBCS = "Two-input Boolean Circuit Satisfiability" -// - USCS = "Unitary-Square Constraint System" -// - ppzkSNARK = "PreProcessing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - - template - struct tbcs_ppzksnark_policy { - - /******************************** Params ********************************/ - - /** - * Below are various typedefs aliases (used for uniformity with other proof systems). - */ - - typedef tbcs_circuit circuit_type; - - typedef tbcs_primary_input primary_input_type; - - typedef tbcs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the TBCS ppzkSNARK. - */ - typedef tbcs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the TBCS ppzkSNARK. - */ - typedef typename uscs_ppzksnark::verification_key_type verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the TBCS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef typename uscs_ppzksnark::processed_verification_key_type - processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the TBCS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef tbcs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the TBCS ppzkSNARK. - */ - typedef typename uscs_ppzksnark::proof_type proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/generator.hpp deleted file mode 100644 index 41d10636d2..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/generator.hpp +++ /dev/null @@ -1,76 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_GENERATOR_HPP - -#include -#include -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A generator algorithm for the TBCS ppzkSNARK. - * - * Given a TBCS circuit C, this algorithm produces proving and verification keys for C. - */ - template - class tbcs_ppzksnark_generator { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - - static inline keypair_type process(const circuit_type &circuit) { - typedef typename CurveType::scalar_field_type field_type; - - const uscs_constraint_system uscs_cs = - reductions::tbcs_to_uscs::instance_map(circuit); - const typename uscs_ppzksnark::keypair_type uscs_keypair = - generate>(uscs_cs); - - proving_key_type pk = proving_key_type(std::move(circuit), std::move(uscs_keypair.first)); - - return keypair_type(std::move(pk), std::move(uscs_keypair.second)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/keypair.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/keypair.hpp deleted file mode 100644 index 49afd95d78..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,45 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_TBCS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_TBCS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A key pair for the TBCS ppzkSNARK, which consists of a proving key and a verification key. - */ - template - using tbcs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/prover.hpp deleted file mode 100644 index 7c489304a4..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/prover.hpp +++ /dev/null @@ -1,87 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_PROVER_HPP - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the TBCS ppzkSNARK. - * - * Given a TBCS primary input X and a TBCS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that C(X,Y)=0''. - * Above, C is the TBCS circuit that was given as input to the generator algorithm. - */ - template - class tbcs_ppzksnark_prover { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::circuit_type circuit_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - typedef typename CurveType::scalar_field_type FieldType; - - const uscs_variable_assignment uscs_va = - reductions::tbcs_to_uscs::witness_map( - pk.circuit, primary_input, auxiliary_input); - const uscs_primary_input uscs_pi = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - const uscs_auxiliary_input uscs_ai( - uscs_va.begin() + primary_input.size(), - uscs_va.end()); // TODO: faster to just change bacs_to_r1cs::witness_map into - // two :( - - return prove>(pk.uscs_pk, uscs_pi, uscs_ai); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/proving_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/proving_key.hpp deleted file mode 100644 index f598cf6398..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,93 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_TBCS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_TBCS_PPZKSNARK_PROVING_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the R1CS ppzkSNARK. - */ - template - struct tbcs_ppzksnark_proving_key { - - typedef CurveType curve_type; - typedef CircuitType circuit_type; - typedef typename curve_type::scalar_field_type field_type; - - circuit_type circuit; - uscs_ppzksnark_proving_key uscs_pk; - - tbcs_ppzksnark_proving_key() {}; - tbcs_ppzksnark_proving_key(const tbcs_ppzksnark_proving_key &other) = default; - tbcs_ppzksnark_proving_key(tbcs_ppzksnark_proving_key &&other) = default; - tbcs_ppzksnark_proving_key(const circuit_type &circuit, - const uscs_ppzksnark_proving_key &uscs_pk) : - circuit(circuit), - uscs_pk(uscs_pk) { - } - tbcs_ppzksnark_proving_key(circuit_type &&circuit, - uscs_ppzksnark_proving_key &&uscs_pk) : - circuit(std::move(circuit)), - uscs_pk(std::move(uscs_pk)) { - } - - tbcs_ppzksnark_proving_key &operator=(const tbcs_ppzksnark_proving_key &other) = default; - - std::size_t G1_size() const { - return uscs_pk.G1_size(); - } - - std::size_t G2_size() const { - return uscs_pk.G2_size(); - } - - std::size_t G1_sparse_size() const { - return uscs_pk.G1_sparse_size(); - } - - std::size_t G2_sparse_size() const { - return uscs_pk.G2_sparse_size(); - } - - std::size_t size_in_bits() const { - return uscs_pk.size_in_bits(); - } - - bool operator==(const tbcs_ppzksnark_proving_key &other) const { - return (this->circuit == other.circuit && this->uscs_pk == other.uscs_pk); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/verifier.hpp deleted file mode 100644 index 22811e4860..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/tbcs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,166 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_VERIFIER_HPP - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /* - Below are four variants of verifier algorithm for the TBCS ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = C.num_inputs, whereas - weak input consistency requires that |primary_input| <= C.num_inputs (and - the primary input is implicitly padded with zeros up to length C.num_inputs). - */ - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class tbcs_ppzksnark_process_verification_key { - typedef detail::tbcs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type process(const verification_key_type &vk) { - return uscs_ppzksnark_process_verification_key::process(vk); - } - }; - - template - class tbcs_ppzksnark_verifier_weak_input_consistency { - typedef detail::tbcs_ppzksnark_policy policy_type; - - using uscs_ppzksnark_weak_proof_system = - uscs_ppzksnark, - uscs_ppzksnark_prover, - uscs_ppzksnark_verifier_weak_input_consistency>; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - return verify( - tbcs_ppzksnark_process_verification_key::process(vk), uscs_input, proof); - } - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - - return verify(pvk, uscs_input, proof); - } - }; - - template - class tbcs_ppzksnark_verifier_strong_input_consistency { - typedef detail::tbcs_ppzksnark_policy policy_type; - - using uscs_ppzksnark_proof_system = uscs_ppzksnark; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - - return verify( - tbcs_ppzksnark_process_verification_key::process(vk), uscs_input, proof); - } - - /** - * A verifier algorithm for the TBCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - typedef typename CurveType::scalar_field_type field_type; - const uscs_primary_input uscs_input = - algebra::convert_bit_vector_to_field_element_vector(primary_input); - - return verify(pvk, uscs_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TBCS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark.hpp deleted file mode 100644 index 3a71a61498..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark.hpp +++ /dev/null @@ -1,109 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_HPP -#define CRYPTO3_USCS_PPZKSNARK_HPP - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /*! - * @brief ppzkSNARK for USCS - * @tparam CurveType - * @tparam Generator - * @tparam Prover - * @tparam Verifier - * - * The implementation instantiates the protocol of \[DFGK14], by following - * extending, and optimizing the approach described in \[BCTV14]. - * - * Acronyms: - * - "ppzkSNARK" = "Pre-Processing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" - * - "USCS" = "Unitary-Square Constraint Systems" - * - * References: - * - * \[BCTV14]: - * "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", - * Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, - * USENIX Security 2014, - * - * - * \[DFGK14]: - * "Square Span Programs with Applications to Succinct NIZK Arguments" - * George Danezis, Cedric Fournet, Jens Groth, Markulf Kohlweiss, - * ASIACRYPT 2014, - * - */ - template, - typename Prover = uscs_ppzksnark_prover, - typename Verifier = uscs_ppzksnark_verifier_strong_input_consistency> - class uscs_ppzksnark { - typedef detail::uscs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type generate(const constraint_system_type &constraint_system) { - return Generator::process(constraint_system); - } - - static inline proof_type prove(const proving_key_type &pk, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - return Prover::process(pk, primary_input, auxiliary_input); - } - - template - static inline bool verify(const VerificationKey &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return Verifier::process(vk, primary_input, proof); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_USCS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/detail/basic_policy.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/detail/basic_policy.hpp deleted file mode 100644 index cdd3610982..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/detail/basic_policy.hpp +++ /dev/null @@ -1,141 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a ppzkSNARK for USCS. -// -// This includes: -// - class for proving key -// - class for verification key -// - class for processed verification key -// - class for key pair (proving key & verification key) -// - class for proof -// - generator algorithm -// - prover algorithm -// - verifier algorithm (with strong or weak input consistency) -// - online verifier algorithm (with strong or weak input consistency) -// -// The implementation instantiates the protocol of \[DFGK14], by following -// extending, and optimizing the approach described in \[BCTV14]. -// -// -// Acronyms: -// -// - "ppzkSNARK" = "Pre-Processing Zero-Knowledge Succinct Non-interactive ARgument of Knowledge" -// - "USCS" = "Unitary-Square Constraint Systems" -// -// References: -// -// \[BCTV14]: -// "Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture", -// Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, -// USENIX Security 2014, -// -// -// \[DFGK14]: -// "Square Span Programs with Applications to Succinct NIZK Arguments" -// George Danezis, Cedric Fournet, Jens Groth, Markulf Kohlweiss, -// ASIACRYPT 2014, -// -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_TYPES_POLICY_HPP -#define CRYPTO3_USCS_PPZKSNARK_TYPES_POLICY_HPP - -#include -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - namespace detail { - template - struct uscs_ppzksnark_policy { - - /******************************** Params ********************************/ - - /** - * Below are various template aliases (used for convenience). - */ - - typedef uscs_constraint_system constraint_system_type; - - typedef uscs_primary_input primary_input_type; - - typedef uscs_auxiliary_input auxiliary_input_type; - - /******************************** Proving key ********************************/ - - /** - * A proving key for the USCS ppzkSNARK. - */ - typedef uscs_ppzksnark_proving_key proving_key_type; - - /******************************* Verification key ****************************/ - - /** - * A verification key for the USCS ppzkSNARK. - */ - typedef uscs_ppzksnark_verification_key verification_key_type; - - /************************ Processed verification key *************************/ - - /** - * A processed verification key for the USCS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - typedef uscs_ppzksnark_processed_verification_key processed_verification_key_type; - - /********************************** Key pair *********************************/ - - /** - * A key pair for the USCS ppzkSNARK, which consists of a proving key and a verification key. - */ - typedef uscs_ppzksnark_keypair keypair_type; - - /*********************************** Proof ***********************************/ - - /** - * A proof for the USCS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - typedef uscs_ppzksnark_proof proof_type; - }; - } // namespace detail - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_USCS_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/generator.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/generator.hpp deleted file mode 100644 index 8be463783c..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/generator.hpp +++ /dev/null @@ -1,183 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP -#define CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP - -#include - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A generator algorithm for the USCS ppzkSNARK. - * - * Given a USCS constraint system CS, this algorithm produces proving and verification keys for - * CS. - */ - template - class uscs_ppzksnark_generator { - typedef detail::uscs_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - using scalar_field_type = typename CurveType::scalar_field_type; - - public: - typedef typename policy_type::constraint_system_type constraint_system_type; - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - - typedef typename policy_type::proving_key_type proving_key_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - typedef typename policy_type::keypair_type keypair_type; - typedef typename policy_type::proof_type proof_type; - - static inline keypair_type process(const constraint_system_type &constraint_system) { - - /* draw random element at which the SSP is evaluated */ - - const typename scalar_field_type::value_type t = algebra::random_element(); - - /* perform USCS-to-SSP reduction */ - - ssp_instance_evaluation ssp_inst = - reductions::uscs_to_ssp::instance_map_with_evaluation(constraint_system, - t); - - /* construct various tables of typename FieldType::value_type elements */ - - std::vector Vt_table = std::move( - ssp_inst.Vt); // ssp_inst.Vt is now in unspecified state, but we do not use it later - std::vector Ht_table = std::move( - ssp_inst.Ht); // ssp_inst.Ht is now in unspecified state, but we do not use it later - - Vt_table.emplace_back(ssp_inst.Zt); - - std::vector Xt_table = - std::vector( - Vt_table.begin(), Vt_table.begin() + ssp_inst.num_inputs + 1); - std::vector Vt_table_minus_Xt_table = - std::vector( - Vt_table.begin() + ssp_inst.num_inputs + 1, Vt_table.end()); - - /* sanity checks */ - - assert(Vt_table.size() == ssp_inst.num_variables + 2); - assert(Ht_table.size() == ssp_inst.degree + 1); - assert(Xt_table.size() == ssp_inst.num_inputs + 1); - assert(Vt_table_minus_Xt_table.size() == ssp_inst.num_variables + 2 - ssp_inst.num_inputs - 1); - for (std::size_t i = 0; i < ssp_inst.num_inputs + 1; ++i) { - assert(!Xt_table[i].is_zero()); - } - - const typename scalar_field_type::value_type alpha = - algebra::random_element(); - - const std::size_t g1_exp_count = - Vt_table.size() + Vt_table_minus_Xt_table.size() + Ht_table.size(); - const std::size_t g2_exp_count = Vt_table_minus_Xt_table.size(); - - std::size_t g1_window = algebra::get_exp_window_size(g1_exp_count); - std::size_t g2_window = algebra::get_exp_window_size(g2_exp_count); - - algebra::window_table g1_table = algebra::get_window_table( - scalar_field_type::value_bits, g1_window, g1_type::value_type::one()); - - algebra::window_table g2_table = algebra::get_window_table( - scalar_field_type::value_bits, g2_window, g2_type::value_type::one()); - - typename std::vector V_g1_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Vt_table_minus_Xt_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(V_g1_query); -#endif - - typename std::vector alpha_V_g1_query = - algebra::batch_exp_with_coeff( - scalar_field_type::value_bits, g1_window, g1_table, alpha, Vt_table_minus_Xt_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(alpha_V_g1_query); -#endif - - typename std::vector H_g1_query = - algebra::batch_exp(scalar_field_type::value_bits, g1_window, - g1_table, Ht_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(H_g1_query); -#endif - - typename std::vector V_g2_query = - algebra::batch_exp(scalar_field_type::value_bits, g2_window, - g2_table, Vt_table); -#ifdef USE_MIXED_ADDITION - algebra::batch_to_special(V_g2_query); -#endif - const typename scalar_field_type::value_type tilde = - algebra::random_element(); - typename g2_type::value_type tilde_g2 = tilde * g2_type::value_type::one(); - typename g2_type::value_type alpha_tilde_g2 = (alpha * tilde) * g2_type::value_type::one(); - typename g2_type::value_type Z_g2 = ssp_inst.Zt * g2_type::value_type::one(); - - typename g1_type::value_type encoded_IC_base = Xt_table[0] * g1_type::value_type::one(); - typename std::vector encoded_IC_values = - algebra::batch_exp( - scalar_field_type::value_bits, g1_window, g1_table, - std::vector(Xt_table.begin() + 1, - Xt_table.end())); - - accumulation_vector encoded_IC_query(std::move(encoded_IC_base), - std::move(encoded_IC_values)); - - verification_key_type vk = - verification_key_type(tilde_g2, alpha_tilde_g2, Z_g2, encoded_IC_query); - - constraint_system_type cs_copy = constraint_system; - proving_key_type pk = proving_key_type(std::move(V_g1_query), - std::move(alpha_V_g1_query), - std::move(H_g1_query), - std::move(V_g2_query), - std::move(cs_copy)); - - return keypair_type(std::move(pk), std::move(vk)); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/keypair.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/keypair.hpp deleted file mode 100644 index d49c6e0984..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/keypair.hpp +++ /dev/null @@ -1,42 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_KEYPAIR_HPP -#define CRYPTO3_USCS_PPZKSNARK_KEYPAIR_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - template - using uscs_ppzksnark_keypair = std::pair; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_GG_PPZKSNARK_TYPES_POLICY_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proof.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proof.hpp deleted file mode 100644 index 4149594222..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proof.hpp +++ /dev/null @@ -1,90 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_PROOF_HPP -#define CRYPTO3_USCS_PPZKSNARK_PROOF_HPP - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proof for the USCS ppzkSNARK. - * - * While the proof has a structure, externally one merely opaquely produces, - * serializes/deserializes, and verifies proofs. We only expose some information - * about the structure for statistics purposes. - */ - template - class uscs_ppzksnark_proof { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g1_type::value_type V_g1; - typename g1_type::value_type alpha_V_g1; - typename g1_type::value_type H_g1; - typename g2_type::value_type V_g2; - - uscs_ppzksnark_proof() : - V_g1(g1_type::value_type::one()), alpha_V_g1(g1_type::value_type::one()), - H_g1(g1_type::value_type::one()), V_g2(g2_type::value_type::one()) { - // invalid proof with valid curve points - } - uscs_ppzksnark_proof(typename g1_type::value_type &&V_g1, - typename g1_type::value_type &&alpha_V_g1, - typename g1_type::value_type &&H_g1, - typename g2_type::value_type &&V_g2) : - V_g1(std::move(V_g1)), - alpha_V_g1(std::move(alpha_V_g1)), H_g1(std::move(H_g1)), V_g2(std::move(V_g2)) {}; - - std::size_t G1_size() const { - return 3; - } - - std::size_t G2_size() const { - return 1; - } - - std::size_t size_in_bits() const { - return G1_size() * g1_type::value_bits + G2_size() * g2_type::value_bits; - } - - bool is_well_formed() const { - return (V_g1.is_well_formed() && alpha_V_g1.is_well_formed() && H_g1.is_well_formed() && - V_g2.is_well_formed()); - } - - bool operator==(const uscs_ppzksnark_proof &other) const { - return (this->V_g1 == other.V_g1 && this->alpha_V_g1 == other.alpha_V_g1 && - this->H_g1 == other.H_g1 && this->V_g2 == other.V_g2); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/prover.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/prover.hpp deleted file mode 100644 index 97891e1569..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/prover.hpp +++ /dev/null @@ -1,143 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_PROVER_HPP -#define CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_PROVER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include - -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A prover algorithm for the USCS ppzkSNARK. - * - * Given a USCS primary input X and a USCS auxiliary input Y, this algorithm - * produces a proof (of knowledge) that attests to the following statement: - * ``there exists Y such that CS(X,Y)=0''. - * Above, CS is the USCS constraint system that was given as input to the generator algorithm. - */ - template - class uscs_ppzksnark_prover { - typedef detail::uscs_ppzksnark_policy policy_type; - - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::auxiliary_input_type auxiliary_input_type; - typedef typename policy_type::proving_key_type proving_key_type; - ; - typedef typename policy_type::proof_type proof_type; - - static inline proof_type process(const proving_key_type &proving_key, - const primary_input_type &primary_input, - const auxiliary_input_type &auxiliary_input) { - - const typename CurveType::scalar_field_type::value_type d = - algebra::random_element(); - - const ssp_witness ssp_wit = - reductions::uscs_to_ssp::witness_map( - proving_key.constraint_system, primary_input, auxiliary_input, d); - - /* sanity checks */ - assert(proving_key.constraint_system.is_satisfied(primary_input, auxiliary_input)); - assert(proving_key.V_g1_query.size() == ssp_wit.num_variables + 2 - ssp_wit.num_inputs - 1); - assert(proving_key.alpha_V_g1_query.size() == - ssp_wit.num_variables + 2 - ssp_wit.num_inputs - 1); - assert(proving_key.H_g1_query.size() == ssp_wit.degree + 1); - assert(proving_key.V_g2_query.size() == ssp_wit.num_variables + 2); - - typename g1_type::value_type V_g1 = - ssp_wit.d * proving_key.V_g1_query[proving_key.V_g1_query.size() - 1]; - typename g1_type::value_type alpha_V_g1 = - ssp_wit.d * proving_key.alpha_V_g1_query[proving_key.alpha_V_g1_query.size() - 1]; - typename g1_type::value_type H_g1 = g1_type::value_type::zero(); - typename g2_type::value_type V_g2 = - proving_key.V_g2_query[0] + - ssp_wit.d * proving_key.V_g2_query[proving_key.V_g2_query.size() - 1]; - -#ifdef MULTICORE - const std::size_t chunks = omp_get_max_threads(); // to override, set OMP_NUM_THREADS env - // var or call omp_set_num_threads() -#else - const std::size_t chunks = 1; -#endif - - // MAYBE LATER: do queries 1,2,4 at once for slightly better speed - - V_g1 = V_g1 + algebra::multiexp_with_mixed_addition( - proving_key.V_g1_query.begin(), - proving_key.V_g1_query.begin() + (ssp_wit.num_variables - ssp_wit.num_inputs), - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_inputs, - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_variables, chunks); - - alpha_V_g1 = - alpha_V_g1 + - algebra::multiexp_with_mixed_addition( - proving_key.alpha_V_g1_query.begin(), - proving_key.alpha_V_g1_query.begin() + (ssp_wit.num_variables - ssp_wit.num_inputs), - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_inputs, - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_variables, chunks); - - H_g1 = H_g1 + algebra::multiexp( - proving_key.H_g1_query.begin(), - proving_key.H_g1_query.begin() + ssp_wit.degree + 1, - ssp_wit.coefficients_for_H.begin(), - ssp_wit.coefficients_for_H.begin() + ssp_wit.degree + 1, chunks); - - V_g2 = V_g2 + algebra::multiexp( - proving_key.V_g2_query.begin() + 1, - proving_key.V_g2_query.begin() + ssp_wit.num_variables + 1, - ssp_wit.coefficients_for_Vs.begin(), - ssp_wit.coefficients_for_Vs.begin() + ssp_wit.num_variables, chunks); - - proof_type proof = - proof_type(std::move(V_g1), std::move(alpha_V_g1), std::move(H_g1), std::move(V_g2)); - - return proof; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_GENERATOR_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proving_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proving_key.hpp deleted file mode 100644 index ffa73ac0aa..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/proving_key.hpp +++ /dev/null @@ -1,98 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_PROVING_KEY_HPP -#define CRYPTO3_USCS_PPZKSNARK_PROVING_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - /** - * A proving key for the USCS ppzkSNARK. - */ - template - class uscs_ppzksnark_proving_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef ConstraintSystem constraint_system_type; - - std::vector V_g1_query; - std::vector alpha_V_g1_query; - std::vector H_g1_query; - std::vector V_g2_query; - - constraint_system_type constraint_system; - - uscs_ppzksnark_proving_key() {}; - uscs_ppzksnark_proving_key &operator=(const uscs_ppzksnark_proving_key &other) = default; - uscs_ppzksnark_proving_key(const uscs_ppzksnark_proving_key &other) = default; - uscs_ppzksnark_proving_key(uscs_ppzksnark_proving_key &&other) = default; - uscs_ppzksnark_proving_key(std::vector &&V_g1_query, - std::vector &&alpha_V_g1_query, - std::vector &&H_g1_query, - std::vector &&V_g2_query, - constraint_system_type &&constraint_system) : - V_g1_query(std::move(V_g1_query)), - alpha_V_g1_query(std::move(alpha_V_g1_query)), H_g1_query(std::move(H_g1_query)), - V_g2_query(std::move(V_g2_query)), constraint_system(std::move(constraint_system)) {}; - - std::size_t G1_size() const { - return V_g1_query.size() + alpha_V_g1_query.size() + H_g1_query.size(); - } - - std::size_t G2_size() const { - return V_g2_query.size(); - } - - std::size_t G1_sparse_size() const { - return G1_size(); - } - - std::size_t G2_sparse_size() const { - return G2_size(); - } - - std::size_t size_in_bits() const { - return g1_type::value_bits * G1_size() + g2_type::value_bits * G2_size(); - } - - bool operator==(const uscs_ppzksnark_proving_key &other) const { - return (this->V_g1_query == other.V_g1_query && - this->alpha_V_g1_query == other.alpha_V_g1_query && - this->H_g1_query == other.H_g1_query && this->V_g2_query == other.V_g2_query && - this->constraint_system == other.constraint_system); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verification_key.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verification_key.hpp deleted file mode 100644 index c1f463d767..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verification_key.hpp +++ /dev/null @@ -1,117 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_USCS_PPZKSNARK_VERIFICATION_KEY_HPP -#define CRYPTO3_USCS_PPZKSNARK_VERIFICATION_KEY_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /** - * A verification key for the USCS ppzkSNARK. - */ - template - class uscs_ppzksnark_verification_key { - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typename g2_type::value_type tilde_g2; - typename g2_type::value_type alpha_tilde_g2; - typename g2_type::value_type Z_g2; - - container::accumulation_vector encoded_IC_query; - - uscs_ppzksnark_verification_key() = default; - uscs_ppzksnark_verification_key(const typename g2_type::value_type &tilde_g2, - const typename g2_type::value_type &alpha_tilde_g2, - const typename g2_type::value_type &Z_g2, - const container::accumulation_vector &eIC) : - tilde_g2(tilde_g2), - alpha_tilde_g2(alpha_tilde_g2), Z_g2(Z_g2), encoded_IC_query(eIC) {}; - - std::size_t G1_size() const { - return encoded_IC_query.size(); - } - - std::size_t G2_size() const { - return 3; - } - - std::size_t size_in_bits() const { - return encoded_IC_query.size_in_bits() + 3 * g2_type::value_bits; - } - - bool operator==(const uscs_ppzksnark_verification_key &other) const { - return (this->tilde_g2 == other.tilde_g2 && this->alpha_tilde_g2 == other.alpha_tilde_g2 && - this->Z_g2 == other.Z_g2 && this->encoded_IC_query == other.encoded_IC_query); - } - }; - - /** - * A processed verification key for the USCS ppzkSNARK. - * - * Compared to a (non-processed) verification key, a processed verification key - * contains a small constant amount of additional pre-computed information that - * enables a faster verification time. - */ - template - class uscs_ppzksnark_processed_verification_key { - using pairing_policy = pairing::pairing_policy; - - public: - typedef CurveType curve_type; - - typename pairing_policy::g1_precomputed_type pp_G1_one_precomp; - typename pairing_policy::g2_precomputed_type pp_G2_one_precomp; - typename pairing_policy::g2_precomputed_type vk_tilde_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_alpha_tilde_g2_precomp; - typename pairing_policy::g2_precomputed_type vk_Z_g2_precomp; - typename CurveType::gt_type::value_type pairing_of_g1_and_g2; - - container::accumulation_vector> encoded_IC_query; - - bool operator==(const uscs_ppzksnark_processed_verification_key &other) const { - return (this->pp_G1_one_precomp == other.pp_G1_one_precomp && - this->pp_G2_one_precomp == other.pp_G2_one_precomp && - this->vk_tilde_g2_precomp == other.vk_tilde_g2_precomp && - this->vk_alpha_tilde_g2_precomp == other.vk_alpha_tilde_g2_precomp && - this->vk_Z_g2_precomp == other.vk_Z_g2_precomp && - this->pairing_of_g1_and_g2 == other.pairing_of_g1_and_g2 && - this->encoded_IC_query == other.encoded_IC_query); - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_PPZKSNARK_BASIC_PROVER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verifier.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verifier.hpp deleted file mode 100644 index 0a8c03a17d..0000000000 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/snark/systems/ppzksnark/uscs_ppzksnark/verifier.hpp +++ /dev/null @@ -1,234 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_VERIFIER_HPP -#define CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_VERIFIER_HPP - -#ifdef MULTICORE -#include -#endif - -#include -#include -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace algebra; - - /* - Below are four variants of verifier algorithm for the USCS ppzkSNARK. - - These are the four cases that arise from the following two choices: - - (1) The verifier accepts a (non-processed) verification key or, instead, a processed - verification key. In the latter case, we call the algorithm an "online verifier". - - (2) The verifier checks for "weak" input consistency or, instead, "strong" input consistency. - Strong input consistency requires that |primary_input| = CS.num_inputs, whereas - weak input consistency requires that |primary_input| <= CS.num_inputs (and - the primary input is implicitly padded with zeros up to length CS.num_inputs). - */ - - /** - * Convert a (non-processed) verification key into a processed verification key. - */ - template - class uscs_ppzksnark_process_verification_key { - typedef detail::uscs_ppzksnark_policy policy_type; - using g1_type = typename CurveType::template g1_type<>; - using g2_type = typename CurveType::template g2_type<>; - - public: - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - - static inline processed_verification_key_type process(const verification_key_type &vk) { - - processed_verification_key_type pvk; - - pvk.pp_G1_one_precomp = precompute_g1(g1_type::value_type::one()); - pvk.pp_G2_one_precomp = precompute_g2(g2_type::value_type::one()); - - pvk.vk_tilde_g2_precomp = precompute_g2(vk.tilde_g2); - pvk.vk_alpha_tilde_g2_precomp = precompute_g2(vk.alpha_tilde_g2); - pvk.vk_Z_g2_precomp = precompute_g2(vk.Z_g2); - - pvk.pairing_of_g1_and_g2 = miller_loop(pvk.pp_G1_one_precomp, pvk.pp_G2_one_precomp); - - pvk.encoded_IC_query = vk.encoded_IC_query; - - return pvk; - } - }; - - template - class uscs_ppzksnark_verifier_weak_input_consistency { - typedef detail::uscs_ppzksnark_policy policy_type; - - using pairing_policy = pairing::pairing_policy; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - - return process(uscs_ppzksnark_process_verification_key::process(vk), primary_input, - proof); - } - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has weak input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - assert(pvk.encoded_IC_query.domain_size() >= primary_input.size()); - - const accumulation_vector> accumulated_IC = - pvk.encoded_IC_query.accumulate_chunk(primary_input.begin(), primary_input.end(), 0); - assert(accumulated_IC.is_fully_accumulated()); - const typename CurveType::template g1_type<>::value_type &acc = accumulated_IC.first; - - bool result = true; - - if (!proof.is_well_formed()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_V_g1_with_acc_precomp = - precompute_g1(proof.V_g1 + acc); - typename pairing_policy::g2_precomputed_type proof_V_g2_precomp = - precompute_g2(proof.V_g2); - typename CurveType::gt_type::value_type V_1 = - miller_loop(proof_V_g1_with_acc_precomp, pvk.pp_G2_one_precomp); - typename CurveType::gt_type::value_type V_2 = - miller_loop(pvk.pp_G1_one_precomp, proof_V_g2_precomp); - typename CurveType::gt_type::value_type V = - final_exponentiation(V_1 * V_2.unitary_inversed()); - - if (V != CurveType::gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_H_g1_precomp = - precompute_g1(proof.H_g1); - typename CurveType::gt_type::value_type SSP_1 = - miller_loop(proof_V_g1_with_acc_precomp, proof_V_g2_precomp); - typename CurveType::gt_type::value_type SSP_2 = - miller_loop(proof_H_g1_precomp, pvk.vk_Z_g2_precomp); - typename CurveType::gt_type::value_type SSP = final_exponentiation( - SSP_1.unitary_inversed() * SSP_2 * pvk.pairing_of_g1_and_g2); - - if (SSP != CurveType::gt_type::value_type::one()) { - result = false; - } - - typename pairing_policy::g1_precomputed_type proof_V_g1_precomp = - precompute_g1(proof.V_g1); - typename pairing_policy::g1_precomputed_type proof_alpha_V_g1_precomp = - precompute_g1(proof.alpha_V_g1); - typename CurveType::gt_type::value_type alpha_V_1 = - miller_loop(proof_V_g1_precomp, pvk.vk_alpha_tilde_g2_precomp); - typename CurveType::gt_type::value_type alpha_V_2 = - miller_loop(proof_alpha_V_g1_precomp, pvk.vk_tilde_g2_precomp); - typename CurveType::gt_type::value_type alpha_V = - final_exponentiation(alpha_V_1 * alpha_V_2.unitary_inversed()); - - if (alpha_V != CurveType::gt_type::value_type::one()) { - result = false; - } - - return result; - } - }; - - template - class uscs_ppzksnark_verifier_strong_input_consistency { - typedef detail::uscs_ppzksnark_policy policy_type; - - public: - typedef typename policy_type::primary_input_type primary_input_type; - typedef typename policy_type::verification_key_type verification_key_type; - typedef typename policy_type::processed_verification_key_type processed_verification_key_type; - typedef typename policy_type::proof_type proof_type; - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a non-processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const verification_key_type &vk, - const primary_input_type &primary_input, - const proof_type &proof) { - return uscs_ppzksnark_verifier_strong_input_consistency::process( - uscs_ppzksnark_process_verification_key::process(vk), primary_input, proof); - } - - /** - * A verifier algorithm for the USCS ppzkSNARK that: - * (1) accepts a processed verification key, and - * (2) has strong input consistency. - */ - static inline bool process(const processed_verification_key_type &pvk, - const primary_input_type &primary_input, - const proof_type &proof) { - - bool result = true; - - if (pvk.encoded_IC_query.domain_size() != primary_input.size()) { - result = false; - } else { - result = uscs_ppzksnark_verifier_weak_input_consistency::process( - pvk, primary_input, proof); - } - - return result; - } - }; - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_USCS_PPZKSNARK_BASIC_VERIFIER_HPP diff --git a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp index 92da6d01a1..b6c9ba00d3 100644 --- a/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp +++ b/parallel-crypto3/libs/parallel-zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp @@ -152,7 +152,7 @@ namespace nil { template typename std::enable_if_t< - !algebra::is_group_element::value && + !algebra::is_curve_element::value && !algebra::is_field_element::value> operator()(const InputRange &r) { auto acc_convertible = hash(state); @@ -169,7 +169,7 @@ namespace nil { template typename std::enable_if_t< - algebra::is_group_element::value || + algebra::is_curve_element::value || algebra::is_field_element::value > operator()(element const& data) { @@ -293,7 +293,7 @@ namespace nil { template typename std::enable_if_t< - !algebra::is_group_element::value + !algebra::is_curve_element::value > operator()(const InputRange &r) { sponge.absorb(static_cast(hash(r))); @@ -301,7 +301,7 @@ namespace nil { template typename std::enable_if_t< - algebra::is_group_element::value + algebra::is_curve_element::value > operator()(element const& data) { auto affine = data.to_affine(); diff --git a/parallel-crypto3/libs/parallel-zk/test/CMakeLists.txt b/parallel-crypto3/libs/parallel-zk/test/CMakeLists.txt index 86bc6c7241..158be5e776 100644 --- a/parallel-crypto3/libs/parallel-zk/test/CMakeLists.txt +++ b/parallel-crypto3/libs/parallel-zk/test/CMakeLists.txt @@ -55,7 +55,6 @@ set(TESTS_NAMES "commitment/pedersen" "commitment/proof_of_knowledge" # "commitment/powers_of_tau" -# "commitment/r1cs_gg_ppzksnark_mpc" # "commitment/type_traits" # "commitment/kimchi_pedersen" "commitment/proof_of_work" @@ -64,9 +63,6 @@ set(TESTS_NAMES # "routing_algorithms/test_routing_algorithms" -# "relations/numeric/qap" -# "relations/numeric/sap" -# "relations/numeric/ssp" # "systems/plonk/pickles/pickles" # "systems/plonk/pickles/kimchi" @@ -84,20 +80,6 @@ set(TESTS_NAMES "systems/plonk/placeholder/placeholder_curves" "systems/plonk/placeholder/placeholder_quotient_polynomial_chunks" -# "systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd" -# "systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd" - -# "systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark" - "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark" -# "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling" -# "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling" -# "systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark" -# "systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark" -# "systems/ppzksnark/ram_ppzksnark/ram_ppzksnark" -# "systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark" -# "systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark" -# "systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity" - "transcript/transcript" # TODO: either delete this code with the test, or fix it later. diff --git a/parallel-crypto3/libs/parallel-zk/test/commitment/kzg.cpp b/parallel-crypto3/libs/parallel-zk/test/commitment/kzg.cpp index 535facce5b..c9a1fe78d7 100644 --- a/parallel-crypto3/libs/parallel-zk/test/commitment/kzg.cpp +++ b/parallel-crypto3/libs/parallel-zk/test/commitment/kzg.cpp @@ -47,7 +47,6 @@ #include #include #include -#include #include #include diff --git a/parallel-crypto3/libs/parallel-zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp b/parallel-crypto3/libs/parallel-zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp deleted file mode 100644 index aa17de0c45..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp +++ /dev/null @@ -1,163 +0,0 @@ -#define BOOST_TEST_MODULE mpc_generator_test - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "../systems/ppzksnark/r1cs_examples.hpp" - -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::zk::commitments; - -BOOST_AUTO_TEST_SUITE(mpc_generator_test_suite) - - BOOST_AUTO_TEST_CASE(mpc_generator_compare_keypairs_without_delta_contribution_test) { - - using curve_type = curves::bls12<381>; - using scalar_field_type = curve_type::scalar_field_type; - using scalar_field_value_type = scalar_field_type::value_type; - - using g1_value_type = curve_type::g1_type<>::value_type; - using g2_value_type = curve_type::g2_type<>::value_type; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - using proving_scheme_generator_type = r1cs_gg_ppzksnark_generator; - - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto sk = powers_of_tau_scheme_type::generate_private_key(); - auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); - acc.transform(sk); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 3); - - std::size_t m = - r1cs_example.constraint_system.num_constraints() + r1cs_example.constraint_system.num_inputs() + 1; - - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, m); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, - result); - auto g1_generator = g1_value_type::one(); - auto g2_generator = g2_value_type::one(); - - auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, L_query, r1cs_copy, - alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = - proving_scheme_generator_type::deterministic_basic_process( - r1cs_example.constraint_system, sk.tau, sk.alpha, sk.beta, scalar_field_value_type::one(), - scalar_field_value_type::one(), g1_generator, g2_generator); - - BOOST_CHECK(mpc_kp.first.alpha_g1 == alpha_g1); - BOOST_CHECK(mpc_kp.first.beta_g1 == beta_g1); - BOOST_CHECK(mpc_kp.first.beta_g2 == beta_g2); - BOOST_CHECK(mpc_kp.first.delta_g1 == delta_g1); - BOOST_CHECK(mpc_kp.first.delta_g2 == delta_g2); - - BOOST_CHECK_EQUAL(mpc_kp.first.A_query.size(), A_query.size()); - BOOST_CHECK_EQUAL(mpc_kp.first.B_query.domain_size(), B_query.domain_size()); - BOOST_CHECK_EQUAL(mpc_kp.first.H_query.size(), H_query.size()); - BOOST_CHECK_EQUAL(mpc_kp.first.L_query.size(), L_query.size()); - - for (std::size_t i = 0; i < A_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.A_query[i] == A_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < B_query.domain_size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.B_query[i] == B_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < H_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.H_query[i] == H_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < L_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.L_query[i] == L_query[i], std::string("i=") + std::to_string(i)); - } - - BOOST_CHECK(mpc_kp.second.alpha_g1_beta_g2 == alpha_g1_beta_g2); - BOOST_CHECK(mpc_kp.second.gamma_g2 == gamma_g2); - BOOST_CHECK(mpc_kp.second.delta_g2 == delta_g2); - - BOOST_CHECK(mpc_kp.second.gamma_ABC_g1.first == gamma_ABC_g1.first); - - BOOST_CHECK_EQUAL(mpc_kp.second.gamma_ABC_g1.rest.domain_size(), gamma_ABC_g1.rest.domain_size()); - - for (std::size_t i = 0; i < gamma_ABC_g1.rest.domain_size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.second.gamma_ABC_g1.rest[i] == gamma_ABC_g1.rest[i], - std::string("i=") + std::to_string(i)); - } - - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); - } - - BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_without_delta_contribution_test) { - - using curve_type = curves::bls12<381>; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto sk = powers_of_tau_scheme_type::generate_private_key(); - auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); - acc.transform(sk); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, - result); - - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); - } - - BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_with_delta_contribution_test) { - - using curve_type = curves::bls12<381>; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - using crs_mpc_type = r1cs_gg_ppzksnark_mpc; - using public_key_type = crs_mpc_type::public_key_type; - - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto pot_sk = powers_of_tau_scheme_type::generate_private_key(); - auto pot_pk = powers_of_tau_scheme_type::proof_eval(pot_sk, acc); - acc.transform(pot_sk); - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, - result); - - std::vector pks; - - auto mpc_sk1 = crs_mpc_type::generate_private_key(); - pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk1, boost::none, mpc_kp)); - commitments::detail::transform_keypair(mpc_kp, mpc_sk1); - BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); - - auto mpc_sk2 = crs_mpc_type::generate_private_key(); - pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk2, pks[0], mpc_kp)); - commitments::detail::transform_keypair(mpc_kp, mpc_sk2); - BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); - - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); - } - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/qap.cpp b/parallel-crypto3/libs/parallel-zk/test/relations/numeric/qap.cpp deleted file mode 100644 index 134e384e5e..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/qap.cpp +++ /dev/null @@ -1,154 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE qap_test - -#include - -#include -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "../../schemes/ppzksnark/r1cs_examples.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_qap(const std::size_t qap_degree, const std::size_t num_inputs, const bool binary_input) { - /* - We construct an instance where the QAP degree is qap_degree. - So we generate an instance of R1CS where the number of constraints qap_degree - num_inputs - 1. - See the transformation from R1CS to QAP for why this is the case. - So we need that qap_degree >= num_inputs + 1. - */ - BOOST_CHECK(num_inputs + 1 <= qap_degree); - - const std::size_t num_constraints = qap_degree - num_inputs - 1; - - std::cout << "Num constraints " << num_constraints << std::endl; - std::cout << "Binary input " << bool(binary_input) << std::endl; - - auto begin = std::chrono::high_resolution_clock::now(); - - r1cs_example example; - if (binary_input) { - example = generate_r1cs_example_with_binary_input(num_constraints, num_inputs); - } else { - example = generate_r1cs_example_with_field_input(num_constraints, num_inputs); - } - - auto end = std::chrono::high_resolution_clock::now(); - auto elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Example generated, time: " << elapsed.count() * 1e-9 << std::endl; - - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - - std::cout << "Constraint system satisfied" << std::endl; - - const typename FieldType::value_type t = random_element(), - d1 = random_element(), - d2 = random_element(), - d3 = random_element(); - begin = std::chrono::high_resolution_clock::now(); - - qap_instance qap_inst_1 = reductions::r1cs_to_qap::instance_map(example.constraint_system); - - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Instance 1 evaluated, time: " << elapsed.count() * 1e-9 << std::endl; - - begin = std::chrono::high_resolution_clock::now(); - - qap_instance_evaluation qap_inst_2 = - reductions::r1cs_to_qap::instance_map_with_evaluation(example.constraint_system, t); - - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Instance 2 evaluated, time: " << elapsed.count() * 1e-9 << std::endl; - - begin = std::chrono::high_resolution_clock::now(); - - qap_witness qap_wit = - reductions::r1cs_to_qap::witness_map(example.constraint_system, example.primary_input, - example.auxiliary_input, d1, d2, d3); - - end = std::chrono::high_resolution_clock::now(); - elapsed = std::chrono::duration_cast(end - begin); - - std::cout << "Witness evaluated, time: " << elapsed.count() * 1e-9 << std::endl; - - BOOST_CHECK(qap_inst_1.is_satisfied(qap_wit)); - BOOST_CHECK(qap_inst_2.is_satisfied(qap_wit)); -} - -BOOST_AUTO_TEST_SUITE(qap_test_suite) - - BOOST_AUTO_TEST_CASE(qap_test_case) { - const std::size_t num_inputs = 10; - - using basic_curve_type = curves::mnt6<298>; - - const std::size_t basic_domain_size = 1ul << fields::arithmetic_params::s; - const std::size_t step_domain_size = (1ul << 10) + (1ul << 8); - const std::size_t extended_domain_size = - 1ul << (fields::arithmetic_params::s + 1); - const std::size_t extended_domain_size_special = extended_domain_size - 1; - - test_qap(basic_domain_size, num_inputs, true); - test_qap(step_domain_size, num_inputs, true); - test_qap(extended_domain_size, num_inputs, true); - test_qap(extended_domain_size_special, num_inputs, true); - - test_qap(basic_domain_size, num_inputs, false); - test_qap(step_domain_size, num_inputs, false); - test_qap(extended_domain_size, num_inputs, false); - test_qap(extended_domain_size_special, num_inputs, false); - } - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/sap.cpp b/parallel-crypto3/libs/parallel-zk/test/relations/numeric/sap.cpp deleted file mode 100644 index 833c7b7499..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/sap.cpp +++ /dev/null @@ -1,122 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE sap_test - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_sap(const std::size_t sap_degree, const std::size_t num_inputs, const bool binary_input) { - /* - We construct an instance where the SAP degree is <= sap_degree. - The R1CS-to-SAP reduction produces SAPs with degree - (2 * num_constraints + 2 * num_inputs + 1). - So we generate an instance of R1CS where the number of constraints is - (sap_degree - 1) / 2 - num_inputs. - */ - const std::size_t num_constraints = (sap_degree - 1) / 2 - num_inputs; - BOOST_CHECK(num_constraints >= 1); - - r1cs_example example; - if (binary_input) { - example = generate_r1cs_example_with_binary_input(num_constraints, num_inputs); - } else { - example = generate_r1cs_example_with_field_input(num_constraints, num_inputs); - } - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - - const typename FieldType::value_type t = random_element(), - d1 = random_element(), - d2 = random_element(); - - sap_instance sap_inst_1 = reductions::r1cs_to_sap::instance_map(example.constraint_system); - - sap_instance_evaluation sap_inst_2 = - reductions::r1cs_to_sap::instance_map_with_evaluation(example.constraint_system, t); - - sap_witness sap_wit = - reductions::r1cs_to_sap::witness_map(example.constraint_system, example.primary_input, - example.auxiliary_input, d1, d2); - - BOOST_CHECK(sap_inst_1.is_satisfied(sap_wit)); - BOOST_CHECK(sap_inst_2.is_satisfied(sap_wit)); -} - -BOOST_AUTO_TEST_SUITE(sap_test_suite) - - BOOST_AUTO_TEST_CASE(sap_test) { - const std::size_t num_inputs = 10; - - /** - * due to the specifics of our reduction, we can only get SAPs with odd - * degrees, so we can only test "special" versions of the domains - */ - - using basic_curve_type = curves::mnt6<298>; - - const std::size_t basic_domain_size_special = - (1ul << fields::arithmetic_params::s) - 1ul; - const std::size_t step_domain_size_special = (1ul << 10) + (1ul << 8) - 1ul; - const std::size_t extended_domain_size_special = - (1ul << (fields::arithmetic_params::s + 1)) - 1ul; - - test_sap(basic_domain_size_special, num_inputs, true); - test_sap(step_domain_size_special, num_inputs, true); - test_sap(extended_domain_size_special, num_inputs, true); - - test_sap(basic_domain_size_special, num_inputs, false); - test_sap(step_domain_size_special, num_inputs, false); - test_sap(extended_domain_size_special, num_inputs, false); - } - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/ssp.cpp b/parallel-crypto3/libs/parallel-zk/test/relations/numeric/ssp.cpp deleted file mode 100644 index ebf19905ad..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/ssp.cpp +++ /dev/null @@ -1,109 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE ssp_test - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "uscs_examples.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_ssp(const std::size_t num_constraints, const std::size_t num_inputs, const bool binary_input) { - uscs_example example; - if (binary_input) { - example = generate_uscs_example_with_binary_input(num_constraints, num_inputs); - } else { - example = generate_uscs_example_with_field_input(num_constraints, num_inputs); - } - - BOOST_CHECK(example.constraint_system.is_satisfied(example.primary_input, example.auxiliary_input)); - - const typename FieldType::value_type t = random_element(), - d = random_element(); - - ssp_instance ssp_inst_1 = reductions::uscs_to_ssp::instance_map(example.constraint_system); - - ssp_instance_evaluation ssp_inst_2 = - reductions::uscs_to_ssp::instance_map_with_evaluation(example.constraint_system, t); - - ssp_witness ssp_wit = - reductions::uscs_to_ssp::witness_map(example.constraint_system, example.primary_input, - example.auxiliary_input, d); - - BOOST_CHECK(ssp_inst_1.is_satisfied(ssp_wit)); - BOOST_CHECK(ssp_inst_2.is_satisfied(ssp_wit)); -} - -BOOST_AUTO_TEST_SUITE(ssp_test_suite) - - BOOST_AUTO_TEST_CASE(ssp_test) { - const std::size_t num_inputs = 10; - - using basic_curve_type = curves::mnt6<298>; - - const std::size_t basic_domain_size = 1ul << fields::arithmetic_params::s; - const std::size_t step_domain_size = (1ul << 10) + (1ul << 8); - const std::size_t extended_domain_size = - 1ul << (fields::arithmetic_params::s + 1); - const std::size_t extended_domain_size_special = extended_domain_size - 1; - - test_ssp(basic_domain_size, num_inputs, true); - test_ssp(step_domain_size, num_inputs, true); - test_ssp(extended_domain_size, num_inputs, true); - test_ssp(extended_domain_size_special, num_inputs, true); - - test_ssp(basic_domain_size, num_inputs, false); - test_ssp(step_domain_size, num_inputs, false); - test_ssp(extended_domain_size, num_inputs, false); - test_ssp(extended_domain_size_special, num_inputs, false); - } - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/uscs_examples.hpp b/parallel-crypto3/libs/parallel-zk/test/relations/numeric/uscs_examples.hpp deleted file mode 100644 index 4f91581421..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/relations/numeric/uscs_examples.hpp +++ /dev/null @@ -1,187 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a USCS example, as well as functions to sample -// USCS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_EXAMPLES_HPP -#define CRYPTO3_ZK_USCS_EXAMPLES_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A USCS example comprises a USCS constraint system, USCS input, and USCS witness. - */ - template - struct uscs_example { - uscs_constraint_system constraint_system; - uscs_primary_input primary_input; - uscs_auxiliary_input auxiliary_input; - - uscs_example() = default; - uscs_example(const uscs_example &other) = default; - uscs_example(const uscs_constraint_system &constraint_system, - const uscs_primary_input &primary_input, - const uscs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - uscs_example(uscs_constraint_system &&constraint_system, - uscs_primary_input &&primary_input, - uscs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - uscs_example generate_uscs_example_with_field_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - BOOST_CHECK(num_constraints >= num_inputs); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints - num_inputs; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_constraints; ++i) { - full_variable_assignment.emplace_back(typename FieldType::value_type(std::rand())); - } - - for (std::size_t i = 0; i < num_constraints; ++i) { - std::size_t x, y, z; - - do { - x = std::rand() % num_constraints; - y = std::rand() % num_constraints; - z = std::rand() % num_constraints; - } while (x == z || y == z); - - const typename FieldType::value_type x_coeff = typename FieldType::value_type(std::rand()); - const typename FieldType::value_type y_coeff = typename FieldType::value_type(std::rand()); - const typename FieldType::value_type val = - (std::rand() % 2 == 0 ? FieldType::value_type::zero() : -FieldType::value_type::zero()); - const typename FieldType::value_type z_coeff = - (val - x_coeff * full_variable_assignment[x] - y_coeff * full_variable_assignment[y]) * - full_variable_assignment[z].inversed(); - - uscs_constraint constr; - constr.add_term(x + 1, x_coeff); - constr.add_term(y + 1, y_coeff); - constr.add_term(z + 1, z_coeff); - - cs.add_constraint(constr); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of binary values (as opposed to ``full'' field elements). - */ - template - uscs_example generate_uscs_example_with_binary_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(typename FieldType::value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - - /* chose two random bits and XOR them together */ - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - uscs_constraint constr; - constr.add_term(u + 1, 1); - constr.add_term(v + 1, 1); - constr.add_term(lastvar + 1, 1); - constr.add_term(0, -FieldType::value_type::zero()); // shift constant term (which is 0) by 1 - - cs.add_constraint(constr); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // USCS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.cpp deleted file mode 100644 index a172a1ac44..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/r1cs_mp_ppzkpcd.cpp +++ /dev/null @@ -1,54 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_mp_ppzkpcd_test - -#include - -#include "run_r1cs_mp_ppzkpcd.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_tally(std::size_t arity, std::size_t max_layer, bool test_multi_type, bool test_same_type_optimization) { - const std::size_t wordsize = 32; - const bool bit = run_r1cs_mp_ppzkpcd_tally_example(wordsize, arity, max_layer, test_multi_type, - test_same_type_optimization); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_mp_ppzkpcd_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_mp_ppzkpcd_test_case) { - const std::size_t max_arity = 2; - const std::size_t max_layer = 2; - - test_tally(max_arity, max_layer, false, false); - test_tally(max_arity, max_layer, false, true); - test_tally(max_arity, max_layer, true, false); - test_tally(max_arity, max_layer, true, true); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/run_r1cs_mp_ppzkpcd.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/run_r1cs_mp_ppzkpcd.hpp deleted file mode 100644 index bb107288ce..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/run_r1cs_mp_ppzkpcd.hpp +++ /dev/null @@ -1,197 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS multi-predicate ppzkPCD -// for a compliance predicate example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_MP_PPZKPCD_HPP -#define CRYPTO3_RUN_R1CS_MP_PPZKPCD_HPP - -#include -#include - -#include "tally_cp.hpp" - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Runs the multi-predicate ppzkPCD (generator, prover, and verifier) for the - * "tally compliance predicate", of a given wordsize, arity, and depth. - * - * Optionally, also test the case of compliance predicates with different types. - */ - template - bool run_r1cs_mp_ppzkpcd_tally_example(std::size_t wordsize, - std::size_t max_arity, - std::size_t depth, - bool test_multi_type, - bool test_same_type_optimization) { - typedef algebra::Fr FieldType; - - bool all_accept = true; - - std::size_t tree_size = 0; - std::size_t nodes_in_layer = 1; - for (std::size_t layer = 0; layer <= depth; ++layer) { - tree_size += nodes_in_layer; - nodes_in_layer *= max_arity; - } - - std::vector tree_types(tree_size); - std::vector tree_elems(tree_size); - std::vector tree_arity(tree_size); - - nodes_in_layer = 1; - std::size_t node_idx = 0; - for (std::size_t layer = 0; layer <= depth; ++layer) { - for (std::size_t id_in_layer = 0; id_in_layer < nodes_in_layer; ++id_in_layer, ++node_idx) { - if (!test_multi_type) { - tree_types[node_idx] = 1; - } else { - if (test_same_type_optimization) { - tree_types[node_idx] = 1 + ((depth - layer) & 1); - } else { - tree_types[node_idx] = 1 + (std::rand() % 2); - } - } - - tree_elems[node_idx] = std::rand() % 100; - tree_arity[node_idx] = - 1 + (std::rand() % max_arity); /* we will just skip below this threshold */ - printf("tree_types[%zu] = %zu\n", node_idx, tree_types[node_idx]); - printf("tree_elems[%zu] = %zu\n", node_idx, tree_elems[node_idx]); - printf("tree_arity[%zu] = %zu\n", node_idx, tree_arity[node_idx]); - } - nodes_in_layer *= max_arity; - } - - std::vector> tree_proofs(tree_size); - std::vector>> tree_messages(tree_size); - - std::set tally_1_accepted_types, tally_2_accepted_types; - if (test_same_type_optimization) { - if (!test_multi_type) { - /* only tally 1 is going to be used */ - tally_1_accepted_types.insert(1); - } else { - tally_1_accepted_types.insert(2); - tally_2_accepted_types.insert(1); - } - } - - tally_cp_handler tally_1( - 1, max_arity, wordsize, test_same_type_optimization, tally_1_accepted_types); - tally_cp_handler tally_2( - 2, max_arity, wordsize, test_same_type_optimization, tally_2_accepted_types); - tally_1.generate_r1cs_constraints(); - tally_2.generate_r1cs_constraints(); - r1cs_pcd_compliance_predicate cp_1 = tally_1.get_compliance_predicate(); - r1cs_pcd_compliance_predicate cp_2 = tally_2.get_compliance_predicate(); - - r1cs_mp_ppzkpcd_keypair keypair = r1cs_mp_ppzkpcd_generator({cp_1, cp_2}); - - r1cs_mp_ppzkpcd_processed_verification_key pvk = - r1cs_mp_ppzkpcd_process_vk(keypair.vk); - - std::shared_ptr> base_msg = - tally_1.get_base_case_message(); /* we choose the base to always be tally_1 */ - nodes_in_layer /= max_arity; - for (long layer = depth; layer >= 0; --layer, nodes_in_layer /= max_arity) { - for (std::size_t i = 0; i < nodes_in_layer; ++i) { - const std::size_t cur_idx = (nodes_in_layer - 1) / (max_arity - 1) + i; - - tally_cp_handler &cur_tally = (tree_types[cur_idx] == 1 ? tally_1 : tally_2); - r1cs_pcd_compliance_predicate &cur_cp = (tree_types[cur_idx] == 1 ? cp_1 : cp_2); - - const bool base_case = (max_arity * cur_idx + max_arity >= tree_size); - - std::vector>> msgs(max_arity, base_msg); - std::vector> proofs(max_arity); - - if (!base_case) { - for (std::size_t i = 0; i < max_arity; ++i) { - msgs[i] = tree_messages[max_arity * cur_idx + i + 1]; - proofs[i] = tree_proofs[max_arity * cur_idx + i + 1]; - } - } - msgs.resize(tree_arity[i]); - proofs.resize(tree_arity[i]); - - std::shared_ptr> ld; - ld.reset(new tally_pcd_local_data(tree_elems[cur_idx])); - cur_tally.generate_r1cs_witness(msgs, ld); - - const r1cs_pcd_compliance_predicate_primary_input tally_primary_input( - cur_tally.get_outgoing_message()); - const r1cs_pcd_compliance_predicate_auxiliary_input tally_auxiliary_input( - msgs, ld, cur_tally.get_witness()); - - r1cs_mp_ppzkpcd_proof proof = r1cs_mp_ppzkpcd_prover( - keypair.pk, cur_cp.name, tally_primary_input, tally_auxiliary_input, proofs); - - tree_proofs[cur_idx] = proof; - tree_messages[cur_idx] = cur_tally.get_outgoing_message(); - - const r1cs_mp_ppzkpcd_primary_input pcd_verifier_input(tree_messages[cur_idx]); - const bool ans = - r1cs_mp_ppzkpcd_verifier(keypair.vk, pcd_verifier_input, tree_proofs[cur_idx]); - - const bool ans2 = - r1cs_mp_ppzkpcd_online_verifier(pvk, pcd_verifier_input, tree_proofs[cur_idx]); - BOOST_CHECK(ans == ans2); - - all_accept = all_accept && ans; - - printf("\n"); - for (std::size_t i = 0; i < msgs.size(); ++i) { - printf("Message %zu was:\n", i); - msgs[i]->print(); - } - printf("Summand at this node:\n%zu\n", tree_elems[cur_idx]); - printf("Outgoing message is:\n"); - tree_messages[cur_idx]->print(); - printf("\n"); - printf("Current node = %zu. Current proof verifies = %s\n", cur_idx, ans ? "YES" : "NO"); - printf( - "\n\n\n " - "================================================================================" - "\n\n\n"); - } - } - - return all_accept; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_MP_PPZKPCD_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/tally_cp.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/tally_cp.hpp deleted file mode 100644 index ac6b0e21e7..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/tally_cp.hpp +++ /dev/null @@ -1,386 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the tally compliance predicate. -// -// The tally compliance predicate has two purposes: -// (1) it exemplifies the use of interfaces declared in cp_handler.hpp, and -// (2) it enables us to test r1cs_pcd functionalities. -// -// See -// - snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/examples/run_r1cs_sp_ppzkpcd.hpp -// - snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/examples/run_r1cs_mp_ppzkpcd.hpp -// for code that uses the tally compliance predicate. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TALLY_CP_HPP -#define CRYPTO3_ZK_TALLY_CP_HPP - -#include - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Subclasses a R1CS PCD message to the tally compliance predicate. - */ - template - class tally_pcd_message : public r1cs_pcd_message { - public: - std::size_t wordsize; - - std::size_t sum; - std::size_t count; - - tally_pcd_message(const std::size_t type, const std::size_t wordsize, const std::size_t sum, - const std::size_t count); - r1cs_variable_assignment payload_as_r1cs_variable_assignment() const; - - ~tally_pcd_message() = default; - }; - - template - class tally_pcd_local_data : public r1cs_pcd_local_data { - public: - std::size_t summand; - - tally_pcd_local_data(const std::size_t summand); - r1cs_variable_assignment as_r1cs_variable_assignment() const; - - ~tally_pcd_local_data() = default; - }; - - /** - * Subclass a R1CS compliance predicate handler to the tally compliance predicate handler. - */ - template - class tally_cp_handler : public compliance_predicate_handler> { - public: - typedef compliance_predicate_handler> base_handler; - blueprint_variable_vector incoming_types; - - blueprint_variable sum_out_packed; - blueprint_variable count_out_packed; - blueprint_variable_vector sum_in_packed; - blueprint_variable_vector count_in_packed; - - blueprint_variable_vector sum_in_packed_aux; - blueprint_variable_vector count_in_packed_aux; - - std::shared_ptr> unpack_sum_out; - std::shared_ptr> unpack_count_out; - std::vector> pack_sum_in; - std::vector> pack_count_in; - - blueprint_variable type_val_inner_product; - std::shared_ptr> compute_type_val_inner_product; - - blueprint_variable_vector arity_indicators; - - std::size_t wordsize; - std::size_t message_length; - - tally_cp_handler(std::size_t type, - std::size_t max_arity, - std::size_t wordsize, - bool relies_on_same_type_inputs = false, - const std::set &accepted_input_types = std::set()); - - void generate_r1cs_constraints(); - void generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data); - - std::shared_ptr> get_base_case_message() const; - }; - - template - tally_pcd_message::tally_pcd_message(const std::size_t type, - const std::size_t wordsize, - const std::size_t sum, - const std::size_t count) : - r1cs_pcd_message(type), - wordsize(wordsize), sum(sum), count(count) { - } - - template - r1cs_variable_assignment - tally_pcd_message::payload_as_r1cs_variable_assignment() const { - std::function bit_to_FieldT = [](const bool bit) { - return bit ? FieldType::value_type::zero() : FieldType::value_type::zero(); - }; - - const std::vector sum_bits = - algebra::convert_field_element_to_bit_vector(sum, wordsize); - const std::vector count_bits = - algebra::convert_field_element_to_bit_vector(count, wordsize); - - r1cs_variable_assignment result(2 * wordsize); - std::transform(sum_bits.begin(), sum_bits.end(), result.begin(), bit_to_FieldT); - std::transform(count_bits.begin(), count_bits.end(), result.begin() + wordsize, bit_to_FieldT); - - return result; - } - - template - tally_pcd_local_data::tally_pcd_local_data(const std::size_t summand) : summand(summand) { - } - - template - r1cs_variable_assignment - tally_pcd_local_data::as_r1cs_variable_assignment() const { - return {FieldType(summand)}; - } - - template - class tally_pcd_message_variable : public r1cs_pcd_message_variable { - public: - blueprint_variable_vector sum_bits; - blueprint_variable_vector count_bits; - std::size_t wordsize; - - tally_pcd_message_variable(blueprint &bp, const std::size_t wordsize) : - r1cs_pcd_message_variable(bp), wordsize(wordsize) { - sum_bits.allocate(bp, wordsize); - count_bits.allocate(bp, wordsize); - - this->update_all_vars(); - } - - std::shared_ptr> get_message() const { - const std::size_t type_val = this->bp.val(this->type).as_ulong(); - const std::size_t sum_val = sum_bits.get_field_element_from_bits(this->bp).as_ulong(); - const std::size_t count_val = count_bits.get_field_element_from_bits(this->bp).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type_val, wordsize, sum_val, count_val)); - return result; - } - - ~tally_pcd_message_variable() = default; - }; - - template - class tally_pcd_local_data_variable : public r1cs_pcd_local_data_variable { - public: - blueprint_variable summand; - - tally_pcd_local_data_variable(blueprint &bp) : - r1cs_pcd_local_data_variable(bp) { - summand.allocate(bp); - - this->update_all_vars(); - } - - std::shared_ptr> get_local_data() const { - const std::size_t summand_val = this->bp.val(summand).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_local_data(summand_val)); - return result; - } - - ~tally_pcd_local_data_variable() = default; - }; - - template - tally_cp_handler::tally_cp_handler(std::size_t type, std::size_t max_arity, - std::size_t wordsize, bool relies_on_same_type_inputs, - const std::set &accepted_input_types) : - compliance_predicate_handler>(blueprint(), - type * 100, - type, - max_arity, - relies_on_same_type_inputs, - accepted_input_types), - wordsize(wordsize) { - this->outgoing_message.reset(new tally_pcd_message_variable(this->bp, wordsize)); - this->arity.allocate(this->bp); - - for (std::size_t i = 0; i < max_arity; ++i) { - this->incoming_messages[i].reset(new tally_pcd_message_variable(this->bp, wordsize)); - } - - this->local_data.reset(new tally_pcd_local_data_variable(this->bp)); - - sum_out_packed.allocate(this->bp); - count_out_packed.allocate(this->bp); - - sum_in_packed.allocate(this->bp, max_arity); - count_in_packed.allocate(this->bp, max_arity); - - sum_in_packed_aux.allocate(this->bp, max_arity); - count_in_packed_aux.allocate(this->bp, max_arity); - - type_val_inner_product.allocate(this->bp); - for (auto &msg : this->incoming_messages) { - incoming_types.emplace_back(msg->type); - } - - compute_type_val_inner_product.reset(new inner_product_component( - this->bp, incoming_types, sum_in_packed, type_val_inner_product)); - - unpack_sum_out.reset(new packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->sum_bits, - sum_out_packed)); - unpack_count_out.reset(new packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->count_bits, - count_out_packed)); - - for (std::size_t i = 0; i < max_arity; ++i) { - pack_sum_in.emplace_back(packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - sum_in_packed[i])); - pack_count_in.emplace_back(packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - count_in_packed[i])); - } - - arity_indicators.allocate(this->bp, max_arity + 1); - } - - template - void tally_cp_handler::generate_r1cs_constraints() { - unpack_sum_out->generate_r1cs_constraints(true); - unpack_count_out->generate_r1cs_constraints(true); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_constraints(true); - pack_count_in[i].generate_r1cs_constraints(true); - } - - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], sum_in_packed_aux[i], sum_in_packed[i])); - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], count_in_packed_aux[i], count_in_packed[i])); - } - - /* constrain arity indicator variables so that arity_indicators[arity] = 1 and arity_indicators[i] = - * 0 for any other i */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(this->arity - FieldType(i), arity_indicators[i], 0)); - } - - this->bp.add_r1cs_constraint( - r1cs_constraint(1, blueprint_sum(arity_indicators), 1)); - - /* require that types of messages that are past arity (i.e. unbound wires) carry 0 */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint(r1cs_constraint( - 0 + blueprint_sum(blueprint_variable_vector( - arity_indicators.begin(), arity_indicators.begin() + i)), - incoming_types[i], 0)); - } - - /* sum_out = local_data + \sum_i type[i] * sum_in[i] */ - compute_type_val_inner_product->generate_r1cs_constraints(); - this->bp.add_r1cs_constraint( - r1cs_constraint( - 1, - type_val_inner_product + - std::dynamic_pointer_cast>(this->local_data) - ->summand, - sum_out_packed), - "update_sum"); - - /* count_out = 1 + \sum_i count_in[i] */ - this->bp.add_r1cs_constraint( - r1cs_constraint(1, 1 + blueprint_sum(count_in_packed), count_out_packed), - "update_count"); - } - - template - void tally_cp_handler::generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data) { - base_handler::generate_r1cs_witness(incoming_messages, local_data); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_witness_from_bits(); - pack_count_in[i].generate_r1cs_witness_from_bits(); - - if (!this->bp.val(incoming_types[i]).is_zero()) { - this->bp.val(sum_in_packed_aux[i]) = - this->bp.val(sum_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - this->bp.val(count_in_packed_aux[i]) = - this->bp.val(count_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - } - } - - for (std::size_t i = 0; i < this->max_arity + 1; ++i) { - this->bp.val(arity_indicators[i]) = - (incoming_messages.size() == i ? FieldType::value_type::zero() : - FieldType::value_type::zero()); - } - - compute_type_val_inner_product->generate_r1cs_witness(); - this->bp.val(sum_out_packed) = - this->bp.val( - std::dynamic_pointer_cast>(this->local_data) - ->summand) + - this->bp.val(type_val_inner_product); - - this->bp.val(count_out_packed) = FieldType::value_type::zero(); - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.val(count_out_packed) += this->bp.val(count_in_packed[i]); - } - - unpack_sum_out->generate_r1cs_witness_from_packed(); - unpack_count_out->generate_r1cs_witness_from_packed(); - } - - template - std::shared_ptr> - tally_cp_handler::get_base_case_message() const { - const std::size_t type = 0; - const std::size_t sum = 0; - const std::size_t count = 0; - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type, wordsize, sum, count)); - - return result; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // TALLY_CP_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.cpp deleted file mode 100644 index fa52bdc7f8..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/r1cs_sp_ppzkpcd.cpp +++ /dev/null @@ -1,52 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_sp_ppzkpcd_test - -#include - -#include "run_r1cs_sp_ppzkpcd.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_tally(const std::size_t arity, const std::size_t max_layer) { - const std::size_t wordsize = 32; - const bool bit = run_r1cs_sp_ppzkpcd_tally_example(wordsize, arity, max_layer); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_sp_ppzkpcd_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_sp_ppzkpcd_test) { - typedef default_r1cs_ppzkpcd_pp PCD_pp; - - const std::size_t arity = 2; - const std::size_t max_layer = 2; - - test_tally(arity, max_layer); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/run_r1cs_sp_ppzkpcd.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/run_r1cs_sp_ppzkpcd.hpp deleted file mode 100644 index ea9e871c70..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/run_r1cs_sp_ppzkpcd.hpp +++ /dev/null @@ -1,147 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS single-predicate ppzkPCD -// for a compliance predicate example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_SP_PPZKPCD_HPP -#define CRYPTO3_RUN_R1CS_SP_PPZKPCD_HPP - -#include -#include - -#include "tally_cp.hpp" - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Runs the single-predicate ppzkPCD (generator, prover, and verifier) for the - * "tally compliance predicate", of a given wordsize, arity, and depth. - */ - template - bool run_r1cs_sp_ppzkpcd_tally_example(std::size_t wordsize, std::size_t arity, std::size_t depth) { - - typedef algebra::Fr FieldType; - - bool all_accept = true; - - std::size_t tree_size = 0; - std::size_t nodes_in_layer = 1; - for (std::size_t layer = 0; layer <= depth; ++layer) { - tree_size += nodes_in_layer; - nodes_in_layer *= arity; - } - std::vector tree_elems(tree_size); - for (std::size_t i = 0; i < tree_size; ++i) { - tree_elems[i] = std::rand() % 10; - printf("tree_elems[%zu] = %zu\n", i, tree_elems[i]); - } - - std::vector> tree_proofs(tree_size); - std::vector>> tree_messages(tree_size); - - const std::size_t type = 1; - tally_cp_handler tally(type, arity, wordsize); - tally.generate_r1cs_constraints(); - r1cs_pcd_compliance_predicate tally_cp = tally.get_compliance_predicate(); - - r1cs_sp_ppzkpcd_keypair keypair = r1cs_sp_ppzkpcd_generator(tally_cp); - - r1cs_sp_ppzkpcd_processed_verification_key pvk = - r1cs_sp_ppzkpcd_process_vk(keypair.vk); - - std::shared_ptr> base_msg = tally.get_base_case_message(); - nodes_in_layer /= arity; - for (long layer = depth; layer >= 0; --layer, nodes_in_layer /= arity) { - for (std::size_t i = 0; i < nodes_in_layer; ++i) { - const std::size_t cur_idx = (nodes_in_layer - 1) / (arity - 1) + i; - - std::vector>> msgs(arity, base_msg); - std::vector> proofs(arity); - - const bool base_case = (arity * cur_idx + arity >= tree_size); - - if (!base_case) { - for (std::size_t i = 0; i < arity; ++i) { - msgs[i] = tree_messages[arity * cur_idx + i + 1]; - proofs[i] = tree_proofs[arity * cur_idx + i + 1]; - } - } - - std::shared_ptr> ld; - ld.reset(new tally_pcd_local_data(tree_elems[cur_idx])); - tally.generate_r1cs_witness(msgs, ld); - - const r1cs_pcd_compliance_predicate_primary_input tally_primary_input( - tally.get_outgoing_message()); - const r1cs_pcd_compliance_predicate_auxiliary_input tally_auxiliary_input( - msgs, ld, tally.get_witness()); - - r1cs_sp_ppzkpcd_proof proof = r1cs_sp_ppzkpcd_prover( - keypair.pk, tally_primary_input, tally_auxiliary_input, proofs); - - tree_proofs[cur_idx] = proof; - tree_messages[cur_idx] = tally.get_outgoing_message(); - - const r1cs_sp_ppzkpcd_primary_input pcd_verifier_input(tree_messages[cur_idx]); - const bool ans = - r1cs_sp_ppzkpcd_verifier(keypair.vk, pcd_verifier_input, tree_proofs[cur_idx]); - - const bool ans2 = - r1cs_sp_ppzkpcd_online_verifier(pvk, pcd_verifier_input, tree_proofs[cur_idx]); - BOOST_CHECK(ans == ans2); - - all_accept = all_accept && ans; - - printf("\n"); - for (std::size_t i = 0; i < arity; ++i) { - printf("Message %zu was:\n", i); - msgs[i]->print(); - } - printf("Summand at this node:\n%zu\n", tree_elems[cur_idx]); - printf("Outgoing message is:\n"); - tree_messages[cur_idx]->print(); - printf("\n"); - printf("Current node = %zu. Current proof verifies = %s\n", cur_idx, ans ? "YES" : "NO"); - printf( - "\n\n\n " - "================================================================================" - "\n\n\n"); - } - } - - return all_accept; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_SP_PPZKPCD_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/tally_cp.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/tally_cp.hpp deleted file mode 100644 index 5f8dda723a..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/tally_cp.hpp +++ /dev/null @@ -1,382 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for the tally compliance predicate. -// -// The tally compliance predicate has two purposes: -// (1) it exemplifies the use of interfaces declared in cp_handler.hpp, and -// (2) it enables us to test r1cs_pcd functionalities. -// -// See -// - snark/systems/pcd/r1cs_pcd/r1cs_sp_ppzkpcd/examples/run_r1cs_sp_ppzkpcd.hpp -// - snark/systems/pcd/r1cs_pcd/r1cs_mp_ppzkpcd/examples/run_r1cs_mp_ppzkpcd.hpp -// for code that uses the tally compliance predicate. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TALLY_CP_HPP -#define CRYPTO3_ZK_TALLY_CP_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Subclasses a R1CS PCD message to the tally compliance predicate. - */ - template - class tally_pcd_message : public r1cs_pcd_message { - public: - std::size_t wordsize; - - std::size_t sum; - std::size_t count; - - tally_pcd_message(const std::size_t type, const std::size_t wordsize, const std::size_t sum, - const std::size_t count); - r1cs_variable_assignment payload_as_r1cs_variable_assignment() const; - - ~tally_pcd_message() = default; - }; - - template - class tally_pcd_local_data : public r1cs_pcd_local_data { - public: - std::size_t summand; - - tally_pcd_local_data(const std::size_t summand); - r1cs_variable_assignment as_r1cs_variable_assignment() const; - - ~tally_pcd_local_data() = default; - }; - - /** - * Subclass a R1CS compliance predicate handler to the tally compliance predicate handler. - */ - template - class tally_cp_handler : public compliance_predicate_handler> { - public: - typedef compliance_predicate_handler> base_handler; - blueprint_variable_vector incoming_types; - - blueprint_variable sum_out_packed; - blueprint_variable count_out_packed; - blueprint_variable_vector sum_in_packed; - blueprint_variable_vector count_in_packed; - - blueprint_variable_vector sum_in_packed_aux; - blueprint_variable_vector count_in_packed_aux; - - std::shared_ptr> unpack_sum_out; - std::shared_ptr> unpack_count_out; - std::vector> pack_sum_in; - std::vector> pack_count_in; - - blueprint_variable type_val_inner_product; - std::shared_ptr> compute_type_val_inner_product; - - blueprint_variable_vector arity_indicators; - - std::size_t wordsize; - std::size_t message_length; - - tally_cp_handler(std::size_t type, - std::size_t max_arity, - std::size_t wordsize, - bool relies_on_same_type_inputs = false, - const std::set &accepted_input_types = std::set()); - - void generate_r1cs_constraints(); - void generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data); - - std::shared_ptr> get_base_case_message() const; - }; - - template - tally_pcd_message::tally_pcd_message(const std::size_t type, - const std::size_t wordsize, - const std::size_t sum, - const std::size_t count) : - r1cs_pcd_message(type), - wordsize(wordsize), sum(sum), count(count) { - } - - template - r1cs_variable_assignment - tally_pcd_message::payload_as_r1cs_variable_assignment() const { - std::function bit_to_FieldT = [](const bool bit) { - return bit ? FieldType::value_type::zero() : FieldType::value_type::zero(); - }; - - const std::vector sum_bits = - algebra::convert_field_element_to_bit_vector(sum, wordsize); - const std::vector count_bits = - algebra::convert_field_element_to_bit_vector(count, wordsize); - - r1cs_variable_assignment result(2 * wordsize); - std::transform(sum_bits.begin(), sum_bits.end(), result.begin(), bit_to_FieldT); - std::transform(count_bits.begin(), count_bits.end(), result.begin() + wordsize, bit_to_FieldT); - - return result; - } - - template - tally_pcd_local_data::tally_pcd_local_data(const std::size_t summand) : summand(summand) { - } - - template - r1cs_variable_assignment - tally_pcd_local_data::as_r1cs_variable_assignment() const { - return {FieldType(summand)}; - } - - template - class tally_pcd_message_variable : public r1cs_pcd_message_variable { - public: - blueprint_variable_vector sum_bits; - blueprint_variable_vector count_bits; - std::size_t wordsize; - - tally_pcd_message_variable(blueprint &bp, const std::size_t wordsize) : - r1cs_pcd_message_variable(bp), wordsize(wordsize) { - sum_bits.allocate(bp, wordsize); - count_bits.allocate(bp, wordsize); - - this->update_all_vars(); - } - - std::shared_ptr> get_message() const { - const std::size_t type_val = this->bp.val(this->type).as_ulong(); - const std::size_t sum_val = sum_bits.get_field_element_from_bits(this->bp).as_ulong(); - const std::size_t count_val = count_bits.get_field_element_from_bits(this->bp).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type_val, wordsize, sum_val, count_val)); - return result; - } - - ~tally_pcd_message_variable() = default; - }; - - template - class tally_pcd_local_data_variable : public r1cs_pcd_local_data_variable { - public: - blueprint_variable summand; - - tally_pcd_local_data_variable(blueprint &bp) : - r1cs_pcd_local_data_variable(bp) { - summand.allocate(bp); - - this->update_all_vars(); - } - - std::shared_ptr> get_local_data() const { - const std::size_t summand_val = this->bp.val(summand).as_ulong(); - - std::shared_ptr> result; - result.reset(new tally_pcd_local_data(summand_val)); - return result; - } - - ~tally_pcd_local_data_variable() = default; - }; - - template - tally_cp_handler::tally_cp_handler(std::size_t type, std::size_t max_arity, - std::size_t wordsize, bool relies_on_same_type_inputs, - const std::set &accepted_input_types) : - compliance_predicate_handler>(blueprint(), - type * 100, - type, - max_arity, - relies_on_same_type_inputs, - accepted_input_types), - wordsize(wordsize) { - this->outgoing_message.reset(new tally_pcd_message_variable(this->bp, wordsize)); - this->arity.allocate(this->bp); - - for (std::size_t i = 0; i < max_arity; ++i) { - this->incoming_messages[i].reset(new tally_pcd_message_variable(this->bp, wordsize)); - } - - this->local_data.reset(new tally_pcd_local_data_variable(this->bp)); - - sum_out_packed.allocate(this->bp); - count_out_packed.allocate(this->bp); - - sum_in_packed.allocate(this->bp, max_arity); - count_in_packed.allocate(this->bp, max_arity); - - sum_in_packed_aux.allocate(this->bp, max_arity); - count_in_packed_aux.allocate(this->bp, max_arity); - - type_val_inner_product.allocate(this->bp); - for (auto &msg : this->incoming_messages) { - incoming_types.emplace_back(msg->type); - } - - compute_type_val_inner_product.reset(new components::inner_product_component( - this->bp, incoming_types, sum_in_packed, type_val_inner_product)); - - unpack_sum_out.reset(new components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->sum_bits, - sum_out_packed)); - unpack_count_out.reset(new components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->outgoing_message) - ->count_bits, - count_out_packed)); - - for (std::size_t i = 0; i < max_arity; ++i) { - pack_sum_in.emplace_back(components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - sum_in_packed[i])); - pack_count_in.emplace_back(components::packing_component( - this->bp, - std::dynamic_pointer_cast>(this->incoming_messages[i]) - ->sum_bits, - count_in_packed[i])); - } - - arity_indicators.allocate(this->bp, max_arity + 1); - } - - template - void tally_cp_handler::generate_r1cs_constraints() { - unpack_sum_out->generate_r1cs_constraints(true); - unpack_count_out->generate_r1cs_constraints(true); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_constraints(true); - pack_count_in[i].generate_r1cs_constraints(true); - } - - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], sum_in_packed_aux[i], sum_in_packed[i])); - this->bp.add_r1cs_constraint( - r1cs_constraint(incoming_types[i], count_in_packed_aux[i], count_in_packed[i])); - } - - /* constrain arity indicator variables so that arity_indicators[arity] = 1 and arity_indicators[i] = - * 0 for any other i */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint( - r1cs_constraint(this->arity - FieldType(i), arity_indicators[i], 0)); - } - - this->bp.add_r1cs_constraint( - r1cs_constraint(1, blueprint_sum(arity_indicators), 1)); - - /* require that types of messages that are past arity (i.e. unbound wires) carry 0 */ - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.add_r1cs_constraint(r1cs_constraint( - 0 + blueprint_sum(blueprint_variable_vector( - arity_indicators.begin(), arity_indicators.begin() + i)), - incoming_types[i], 0)); - } - - /* sum_out = local_data + \sum_i type[i] * sum_in[i] */ - compute_type_val_inner_product->generate_r1cs_constraints(); - this->bp.add_r1cs_constraint( - r1cs_constraint( - 1, - type_val_inner_product + - std::dynamic_pointer_cast>(this->local_data) - ->summand, - sum_out_packed), - "update_sum"); - - /* count_out = 1 + \sum_i count_in[i] */ - this->bp.add_r1cs_constraint( - r1cs_constraint(1, 1 + blueprint_sum(count_in_packed), count_out_packed), - "update_count"); - } - - template - void tally_cp_handler::generate_r1cs_witness( - const std::vector>> &incoming_messages, - const std::shared_ptr> &local_data) { - base_handler::generate_r1cs_witness(incoming_messages, local_data); - - for (std::size_t i = 0; i < this->max_arity; ++i) { - pack_sum_in[i].generate_r1cs_witness_from_bits(); - pack_count_in[i].generate_r1cs_witness_from_bits(); - - if (!this->bp.val(incoming_types[i]).is_zero()) { - this->bp.val(sum_in_packed_aux[i]) = - this->bp.val(sum_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - this->bp.val(count_in_packed_aux[i]) = - this->bp.val(count_in_packed[i]) * this->bp.val(incoming_types[i]).inversed(); - } - } - - for (std::size_t i = 0; i < this->max_arity + 1; ++i) { - this->bp.val(arity_indicators[i]) = - (incoming_messages.size() == i ? FieldType::value_type::zero() : - FieldType::value_type::zero()); - } - - compute_type_val_inner_product->generate_r1cs_witness(); - this->bp.val(sum_out_packed) = - this->bp.val( - std::dynamic_pointer_cast>(this->local_data) - ->summand) + - this->bp.val(type_val_inner_product); - - this->bp.val(count_out_packed) = FieldType::value_type::zero(); - for (std::size_t i = 0; i < this->max_arity; ++i) { - this->bp.val(count_out_packed) += this->bp.val(count_in_packed[i]); - } - - unpack_sum_out->generate_r1cs_witness_from_packed(); - unpack_count_out->generate_r1cs_witness_from_packed(); - } - - template - std::shared_ptr> - tally_cp_handler::get_base_case_message() const { - const std::size_t type = 0; - const std::size_t sum = 0; - const std::size_t count = 0; - - std::shared_ptr> result; - result.reset(new tally_pcd_message(type, wordsize, sum, count)); - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_TALLY_CP_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/demo_r1cs_ppzkadsnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/demo_r1cs_ppzkadsnark.cpp deleted file mode 100644 index 415c9c6fa1..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/demo_r1cs_ppzkadsnark.cpp +++ /dev/null @@ -1,60 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#include -#include -#include -#include -#include - -#include - -using namespace nil::crypto3::zk::snark; - -int main(int argc, const char *argv[]) { - if (argc == 2 && strcmp(argv[1], "-v") == 0) { - return 0; - } - - if (argc != 3 && argc != 4) { - printf("usage: %s num_constraints input_size [Fr|bytes]\n", argv[0]); - return 1; - } - const int num_constraints = atoi(argv[1]); - int input_size = atoi(argv[2]); - if (argc == 4) { - assert(strcmp(argv[3], "Fr") == 0 || strcmp(argv[3], "bytes") == 0); - if (strcmp(argv[3], "bytes") == 0) { - input_size = (8 * input_size + (algebra::Fr>::num_bits - 1) - 1) / - (algebra::Fr>::num_bits - 1); - } - } - - r1cs_example>> example = - generate_r1cs_example_with_field_input>>(num_constraints, - input_size); - - run_r1cs_ppzkadsnark(example); -} diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/prf/aes_ctr_prf.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/prf/aes_ctr_prf.hpp deleted file mode 100644 index 29e53fed38..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/prf/aes_ctr_prf.hpp +++ /dev/null @@ -1,95 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_AESCTRPRF_HPP -#define CRYPTO3_ZK_RUN_R1CS_MP_PPZKPCD_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - class aesPrfKeyT { - public: - unsigned char key_bytes[32]; - }; - - template<> - aesPrfKeyT prfGen() { - aesPrfKeyT key; - randombytes(key.key_bytes, 32); - return key; - } - - template<> - algebra::Fr> - prfCompute(const aesPrfKeyT &key, const label_type &label) { - unsigned char seed_bytes[16]; - mpz_t aux, Fr_mod; - unsigned char random_bytes[16 * 3]; - std::size_t exp_len; - - mpz_init(aux); - mpz_init(Fr_mod); - - // compute random seed using AES as PRF - crypto_core_aes128encrypt_openssl(seed_bytes, label.label_bytes, key.key_bytes, NULL); - - // use first 128 bits of output to seed AES-CTR - // PRG to expand to 3*128 bits - crypto_core_aes128encrypt_openssl(random_bytes, seed_bytes, key.key_bytes + 16, NULL); - - mpz_import(aux, 16, 0, 1, 0, 0, seed_bytes); - mpz_add_ui(aux, aux, 1); - mpz_export(seed_bytes, &exp_len, 0, 1, 0, 0, aux); - while (exp_len < 16) - seed_bytes[exp_len++] = 0; - - crypto_core_aes128encrypt_openssl(random_bytes + 16, seed_bytes, key.key_bytes + 16, NULL); - - mpz_add_ui(aux, aux, 1); - mpz_export(seed_bytes, &exp_len, 0, 1, 0, 0, aux); - while (exp_len < 16) - seed_bytes[exp_len++] = 0; - - crypto_core_aes128encrypt_openssl(random_bytes + 32, seed_bytes, key.key_bytes + 16, NULL); - - // see output as integer and reduce modulo r - mpz_import(aux, 16 * 3, 0, 1, 0, 0, random_bytes); - algebra::Fr>::mod.to_mpz(Fr_mod); - mpz_mod(aux, aux, Fr_mod); - - return algebra::Fr>( - algebra::bigint>::num_limbs>(aux)); - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_RUN_R1CS_MP_PPZKPCD_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/run_r1cs_ppzkadsnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/run_r1cs_ppzkadsnark.hpp deleted file mode 100644 index ecb6dab0f9..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/run_r1cs_ppzkadsnark.hpp +++ /dev/null @@ -1,104 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_PPZKADSNARK_HPP -#define CRYPTO3_RUN_R1CS_PPZKADSNARK_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using nil::crypto3::algebra; - - /** - * The code below provides an example of all stages of running a R1CS ppzkADSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkADSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkADSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkADSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_ppzkadsnark(const r1cs_example &example) { - - r1cs_ppzkadsnark_auth_keys auth_keys = r1cs_ppzkadsnark_auth_generator(); - - r1cs_ppzkadsnark_keypair keypair = - r1cs_ppzkadsnark_generator(example.constraint_system, auth_keys.pap); - - r1cs_ppzkadsnark_processed_verification_key pvk = - r1cs_ppzkadsnark_process_verification_key(keypair.vk); - - std::vector data; - data.reserve(example.constraint_system.num_inputs()); - std::vector labels; - labels.reserve(example.constraint_system.num_inputs()); - for (std::size_t i = 0; i < example.constraint_system.num_inputs(); i++) { - labels.emplace_back(label_type()); - data.emplace_back(example.primary_input[i]); - } - std::vector> auth_data = - r1cs_ppzkadsnark_auth_sign(data, auth_keys.sak, labels); - - bool auth_res = r1cs_ppzkadsnark_auth_verify(data, auth_data, auth_keys.sak, labels); - printf("* The verification result is: %s\n", (auth_res ? "PASS" : "FAIL")); - - bool auth_resp = r1cs_ppzkadsnark_auth_verify(data, auth_data, auth_keys.pak, labels); - assert(auth_res == auth_resp); - - r1cs_ppzkadsnark_proof proof = r1cs_ppzkadsnark_prover( - keypair.pk, example.primary_input, example.auxiliary_input, auth_data); - - bool ans = r1cs_ppzkadsnark_verifier(keypair.vk, proof, auth_keys.sak, labels); - - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - bool ans2 = r1cs_ppzkadsnark_online_verifier(pvk, proof, auth_keys.sak, labels); - assert(ans == ans2); - - ans = r1cs_ppzkadsnark_verifier(keypair.vk, auth_data, proof, auth_keys.pak, labels); - - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - ans2 = r1cs_ppzkadsnark_online_verifier(pvk, auth_data, proof, auth_keys.pak, labels); - assert(ans == ans2); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_PPZKADSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/signature/ed25519_signature.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/signature/ed25519_signature.hpp deleted file mode 100644 index 5db1999210..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzkadsnark/r1cs_ppzkadsnark/signature/ed25519_signature.hpp +++ /dev/null @@ -1,178 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_ED25519SIG_HPP -#define CRYPTO3_ZK_ED25519SIG_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - class ed25519_sigT { - public: - unsigned char sig_bytes[64]; - }; - - class ed25519_vkT { - public: - unsigned char vk_bytes[32]; - }; - - class ed25519_skT { - public: - unsigned char sk_bytes[64]; - }; - - template<> - kpT sigGen(void) { - kpT keys; - crypto_sign_ed25519_amd64_51_30k_keypair(keys.vk.vk_bytes, keys.sk.sk_bytes); - return keys; - } - - template<> - ed25519_sigT - sigSign(const ed25519_skT &sk, const label_type &label, - const snark_pp::g2_type &Lambda) { - ed25519_sigT sigma; - unsigned long long sigmalen; - unsigned char signature[64 + 16 + 320]; - unsigned char message[16 + 320]; - - snark_pp::g2_type Lambda_copy = Lambda.to_affine(); - - for (std::size_t i = 0; i < 16; i++) - message[i] = label.label_bytes[i]; - - // More efficient way to get canonical point rep? - std::stringstream stream; - stream.rdbuf()->pubsetbuf(((char *)message) + 16, 320); - stream << Lambda_copy; - std::size_t written = stream.tellp(); - while (written < 320) - message[16 + written++] = 0; - - crypto_sign_ed25519_amd64_51_30k(signature, &sigmalen, message, 16 + 320, sk.sk_bytes); - - assert(sigmalen == 64 + 16 + 320); - - for (std::size_t i = 0; i < 64; i++) - sigma.sig_bytes[i] = signature[i]; - - return sigma; - } - - template<> - bool sigVerif(const ed25519_vkT &vk, const label_type &label, - const snark_pp::g2_type &Lambda, - const ed25519_sigT &sig) { - unsigned long long msglen; - unsigned char message[64 + 16 + 320]; - unsigned char signature[64 + 16 + 320]; - - snark_pp::g2_type Lambda_copy = Lambda.to_affine(); - - for (std::size_t i = 0; i < 64; i++) - signature[i] = sig.sig_bytes[i]; - - for (std::size_t i = 0; i < 16; i++) - signature[64 + i] = label.label_bytes[i]; - - // More efficient way to get canonical point rep? - std::stringstream stream; - stream.rdbuf()->pubsetbuf(((char *)signature) + 64 + 16, 320); - stream << Lambda_copy; - std::size_t written = stream.tellp(); - while (written < 320) - signature[64 + 16 + written++] = 0; - - int res = - crypto_sign_ed25519_amd64_51_30k_open(message, &msglen, signature, 64 + 16 + 320, vk.vk_bytes); - return (res == 0); - } - - template<> - bool sigBatchVerif( - const ed25519_vkT &vk, const std::vector &labels, - const std::vector::g2_type> &Lambdas, - const std::vector &sigs) { - std::stringstream stream; - - assert(labels.size() == Lambdas.size()); - assert(labels.size() == sigs.size()); - - unsigned long long msglen[labels.size()]; - unsigned long long siglen[labels.size()]; - unsigned char *messages[labels.size()]; - unsigned char *signatures[labels.size()]; - unsigned char *pks[labels.size()]; - - unsigned char pk_copy[32]; - for (std::size_t i = 0; i < 32; i++) { - pk_copy[i] = vk.vk_bytes[i]; - } - - unsigned char *messagemem = (unsigned char *)malloc(labels.size() * (64 + 16 + 320)); - assert(messagemem != NULL); - unsigned char *signaturemem = (unsigned char *)malloc(labels.size() * (64 + 16 + 320)); - assert(signaturemem != NULL); - - for (std::size_t i = 0; i < labels.size(); i++) { - siglen[i] = 64 + 16 + 320; - messages[i] = messagemem + (64 + 16 + 320) * i; - signatures[i] = signaturemem + (64 + 16 + 320) * i; - pks[i] = pk_copy; - - for (std::size_t j = 0; j < 64; j++) - signaturemem[i * (64 + 16 + 320) + j] = sigs[i].sig_bytes[j]; - - for (std::size_t j = 0; j < 16; j++) - signaturemem[i * (64 + 16 + 320) + 64 + j] = labels[i].label_bytes[j]; - - // More efficient way to get canonical point rep? - snark_pp::g2_type Lambda_copy = Lambdas[i].to_affine(); - stream.clear(); - stream.rdbuf()->pubsetbuf((char *)(signaturemem + i * (64 + 16 + 320) + 64 + 16), 320); - stream << Lambda_copy; - std::size_t written = stream.tellp(); - while (written < 320) - signaturemem[i * (64 + 16 + 320) + 64 + 16 + written++] = 0; - } - - int res = crypto_sign_ed25519_amd64_51_30k_open_batch(messages, msglen, signatures, siglen, pks, - labels.size()); - - return (res == 0); - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_ZK_ED25519SIG_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_examples.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_examples.hpp deleted file mode 100644 index 8b6a368a64..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_examples.hpp +++ /dev/null @@ -1,162 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a BACS example, as well as functions to sample -// BACS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_BACS_EXAMPLES_HPP -#define CRYPTO3_BACS_EXAMPLES_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A BACS example comprises a BACS circuit, BACS primary input, and BACS auxiliary input. - */ - template - struct bacs_example { - - bacs_circuit circuit; - bacs_primary_input primary_input; - bacs_auxiliary_input auxiliary_input; - - bacs_example() = default; - bacs_example(const bacs_example &other) = default; - bacs_example(const bacs_circuit &circuit, - const bacs_primary_input &primary_input, - const bacs_auxiliary_input &auxiliary_input) : - circuit(circuit), - primary_input(primary_input), auxiliary_input(auxiliary_input) { - } - - bacs_example(bacs_circuit &&circuit, - bacs_primary_input &&primary_input, - bacs_auxiliary_input &&auxiliary_input) : - circuit(std::move(circuit)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) { - } - }; - - template - linear_combination random_linear_combination(const std::size_t num_variables) { - const std::size_t terms = 1 + (std::rand() % 3); - linear_combination result; - - for (std::size_t i = 0; i < terms; ++i) { - const typename FieldType::value_type coeff = algebra::random_element(); - result = result + coeff * variable(std::rand() % (num_variables + 1)); - } - - return result; - } - - /** - * Generate a BACS example such that: - * - the primary input has size primary_input_size; - * - the auxiliary input has size auxiliary_input_size; - * - the circuit has num_gates gates; - * - the circuit has num_outputs (<= num_gates) output gates. - * - * This is done by first selecting primary and auxiliary inputs uniformly at random, and then for each - * gate: - * - selecting random left and right wires from primary inputs, auxiliary inputs, and outputs of - * previous gates, - * - selecting random linear combinations for left and right wires, consisting of 1, 2, 3 or 4 terms - * each, with random coefficients, - * - if the gate is an output gate, then adding a random non-output wire to either left or right linear - * combination, with appropriate coefficient, so that the linear combination evaluates to 0. - */ - template - bacs_example generate_bacs_example(std::size_t primary_input_size, - std::size_t auxiliary_input_size, - std::size_t num_gates, - std::size_t num_outputs) { - bacs_example example; - for (std::size_t i = 0; i < primary_input_size; ++i) { - example.primary_input.emplace_back(algebra::random_element()); - } - - for (std::size_t i = 0; i < auxiliary_input_size; ++i) { - example.auxiliary_input.emplace_back(algebra::random_element()); - } - - example.circuit.primary_input_size = primary_input_size; - example.circuit.auxiliary_input_size = auxiliary_input_size; - - bacs_variable_assignment all_vals; - all_vals.insert(all_vals.end(), example.primary_input.begin(), example.primary_input.end()); - all_vals.insert(all_vals.end(), example.auxiliary_input.begin(), example.auxiliary_input.end()); - - for (std::size_t i = 0; i < num_gates; ++i) { - const std::size_t num_variables = primary_input_size + auxiliary_input_size + i; - bacs_gate gate; - gate.lhs = random_linear_combination(num_variables); - gate.rhs = random_linear_combination(num_variables); - gate.output = variable(num_variables + 1); - - if (i >= num_gates - num_outputs) { - /* make gate a circuit output and fix */ - gate.is_circuit_output = true; - const typename variable::index_type var_idx = - std::rand() % (1 + primary_input_size + std::min(num_gates - num_outputs, i)); - const typename FieldType::value_type var_val = - (var_idx == 0 ? FieldType::value_type::zero() : all_vals[var_idx - 1]); - - if (std::rand() % 2 == 0) { - const typename FieldType::value_type lhs_val = gate.lhs.evaluate(all_vals); - const typename FieldType::value_type coeff = -(lhs_val * var_val.inversed()); - gate.lhs = gate.lhs + coeff * variable(var_idx); - } else { - const typename FieldType::value_type rhs_val = gate.rhs.evaluate(all_vals); - const typename FieldType::value_type coeff = -(rhs_val * var_val.inversed()); - gate.rhs = gate.rhs + coeff * variable(var_idx); - } - - assert(gate.evaluate(all_vals).is_zero()); - } else { - gate.is_circuit_output = false; - } - - example.circuit.add_gate(gate); - all_vals.emplace_back(gate.evaluate(all_vals)); - } - - assert(example.circuit.is_satisfied(example.primary_input, example.auxiliary_input)); - - return example; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_BACS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark.cpp deleted file mode 100644 index c355e07f8b..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/bacs_ppzksnark.cpp +++ /dev/null @@ -1,62 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE bacs_ppzksnark_test - -#include - -#include -#include - -#include "bacs_examples.hpp" -#include "run_bacs_ppzksnark.hpp" - -#include -#include -#include -#include -#include -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_bacs_ppzksnark(std::size_t primary_input_size, std::size_t auxiliary_input_size, std::size_t num_gates, - std::size_t num_outputs) { - const bacs_example example = - generate_bacs_example(primary_input_size, auxiliary_input_size, - num_gates, num_outputs); - const bool bit = run_bacs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(bacs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(bacs_ppzksnark_test) { - test_bacs_ppzksnark>(10, 10, 20, 5); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/run_bacs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/run_bacs_ppzksnark.hpp deleted file mode 100644 index cbb136ec28..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/bacs_ppzksnark/run_bacs_ppzksnark.hpp +++ /dev/null @@ -1,91 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_RUN_BACS_PPZKSNARK_HPP -#define CRYPTO3_ZK_RUN_BACS_PPZKSNARK_HPP - -#include "bacs_examples.hpp" - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a BACS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * circuit C to create a proving and a verification key for C. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for C, and an auxiliary input for C. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for C, and a proof. - */ - template - bool run_bacs_ppzksnark(const bacs_example &example) { - - using basic_proof_system = bacs_ppzksnark; - - std::cout << "Call to run_bacs_ppzksnark" << std::endl; - - std::cout << "BACS ppzkSNARK Generator" << std::endl; - typename basic_proof_system::keypair_type keypair = - generate(example.circuit); - - std::cout << "Preprocess verification key" << std::endl; - typename basic_proof_system::processed_verification_key_type pvk = - bacs_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "BACS ppzkSNARK Prover" << std::endl; - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << "BACS ppzkSNARK Verifier" << std::endl; - bool ans = verify(keypair.second, example.primary_input, proof); - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - std::cout << "BACS ppzkSNARK Online Verifier" << std::endl; - bool ans2 = verify(pvk, example.primary_input, proof); - BOOST_CHECK(ans == ans2); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_BACS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_examples.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_examples.hpp deleted file mode 100644 index 342acbd8b0..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_examples.hpp +++ /dev/null @@ -1,218 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a R1CS example, as well as functions to sample -// R1CS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_R1CS_EXAMPLES_HPP -#define CRYPTO3_R1CS_EXAMPLES_HPP - -#include - -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - using namespace nil::crypto3::algebra; - - /** - * A R1CS example comprises a R1CS constraint system, R1CS input, and R1CS witness. - */ - template - struct r1cs_example { - r1cs_constraint_system constraint_system; - r1cs_primary_input primary_input; - r1cs_auxiliary_input auxiliary_input; - - r1cs_example() = default; - r1cs_example(const r1cs_example &other) = default; - r1cs_example(const r1cs_constraint_system &constraint_system, - const r1cs_primary_input &primary_input, - const r1cs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - r1cs_example(r1cs_constraint_system &&constraint_system, - r1cs_primary_input &&primary_input, - r1cs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - r1cs_example generate_r1cs_example_with_field_input(std::size_t num_constraints, - std::size_t num_inputs) { - - BOOST_CHECK(num_inputs <= num_constraints + 2); - - r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = 2 + num_constraints - num_inputs; // TODO: explain this - - r1cs_variable_assignment full_variable_assignment; - typename FieldType::value_type a = algebra::random_element(); - typename FieldType::value_type b = algebra::random_element(); - full_variable_assignment.push_back(a); - full_variable_assignment.push_back(b); - - for (std::size_t i = 0; i < num_constraints - 1; ++i) { - math::linear_combination> A, B, C; - - if (i % 2) { - // a * b = c - A.add_term(i + 1, 1); - B.add_term(i + 2, 1); - C.add_term(i + 3, 1); - typename FieldType::value_type tmp = a * b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } else { - // a + b = c - B.add_term(0, 1); - A.add_term(i + 1, 1); - A.add_term(i + 2, 1); - C.add_term(i + 3, 1); - typename FieldType::value_type tmp = a + b; - full_variable_assignment.push_back(tmp); - a = b; - b = tmp; - } - - cs.add_constraint(r1cs_constraint(A, B, C)); - } - - math::linear_combination> A, B, C; - typename FieldType::value_type fin = FieldType::value_type::zero(); - for (std::size_t i = 1; i < cs.num_variables(); ++i) { - A.add_term(i, 1); - B.add_term(i, 1); - fin = fin + full_variable_assignment[i - 1]; - } - C.add_term(cs.num_variables(), 1); - cs.add_constraint(r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(fin.squared()); - - /* split variable assignment */ - r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - r1cs_example re(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - - return re; - } - - /** - * Generate a R1CS example such that: - * - the number of constraints of the R1CS constraint system is num_constraints; - * - the number of variables of the R1CS constraint system is (approximately) num_constraints; - * - the number of inputs of the R1CS constraint system is num_inputs; - * - the R1CS input consists of binary values (as opposed to ``full'' field elements). - */ - template - r1cs_example generate_r1cs_example_with_binary_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - - r1cs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; /* we will add one auxiliary variable per constraint */ - - r1cs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(typename FieldType::value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - /* chose two random bits and XOR them together: - res = u + v - 2 * u * v - 2 * u * v = u + v - res - */ - math::linear_combination> A, B, C; - A.add_term(u + 1, 2); - B.add_term(v + 1, 1); - if (u == v) { - C.add_term(u + 1, 2); - } else { - C.add_term(u + 1, 1); - C.add_term(v + 1, 1); - } - C.add_term(lastvar + 1, -FieldType::value_type::one()); - - cs.add_constraint(r1cs_constraint(A, B, C)); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - r1cs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - r1cs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - r1cs_example re = - r1cs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - return re; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_R1CS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.cpp deleted file mode 100644 index 0fae3292dd..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.cpp +++ /dev/null @@ -1,67 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_gg_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void run_r1cs_gg_ppzksnark_basic_test(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_gg_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_gg_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_gg_ppzksnark_basic_test) { - run_r1cs_gg_ppzksnark_basic_test>(100, 10); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity.cpp deleted file mode 100644 index 240e2a5d6e..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_aggregation_conformity.cpp +++ /dev/null @@ -1,6130 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2020 Mikhail Komarov -// Copyright (c) 2020-2021 Ilias Khairullin -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_aggregation_test - -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::algebra; -using namespace nil::crypto3::zk; -using namespace nil::crypto3::zk::snark; - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp &e) { - os << std::hex << e.data << std::endl; -} - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp2 &e) { - os << std::hex << "[" << e.data[0].data << "," << e.data[1].data << "]" << std::endl; -} - -template -void print_field_element(std::ostream &os, const typename fields::detail::element_fp6_3over2 &e) { - os << "["; - print_field_element(os, e.data[0]); - os << ", "; - print_field_element(os, e.data[1]); - os << ", "; - print_field_element(os, e.data[2]); - os << "]" << std::endl; -} - -template -void print_field_element(std::ostream &os, const fields::detail::element_fp12_2over3over2 &e) { - os << std::hex << "[[[" << e.data[0].data[0].data[0].data << "," << e.data[0].data[0].data[1].data << "],[" - << e.data[0].data[1].data[0].data << "," << e.data[0].data[1].data[1].data << "],[" - << e.data[0].data[2].data[0].data << "," << e.data[0].data[2].data[1].data << "]]," - << "[[" << e.data[1].data[0].data[0].data << "," << e.data[1].data[0].data[1].data << "],[" - << e.data[1].data[1].data[0].data << "," << e.data[1].data[1].data[1].data << "],[" - << e.data[1].data[2].data[0].data << "," << e.data[1].data[2].data[1].data << "]]]" << std::endl; -} - -template -void print_fp_curve_group_element(std::ostream &os, const FpCurveGroupElement &e) { - os << std::hex << "( " << e.X.data << " : " << e.Y.data << " : " << e.Z.data << " )" << std::endl; -} - -template -void print_fp2_curve_group_element(std::ostream &os, const Fp2CurveGroupElement &e) { - os << std::hex << "(" << e.X.data[0].data << " , " << e.X.data[1].data << ") : (" << e.Y.data[0].data << " , " - << e.Y.data[1].data << ") : (" << e.Z.data[0].data << " , " << e.Z.data[1].data << ")" << std::endl; -} - -namespace boost { - namespace test_tools { - namespace tt_detail { - template<> - struct print_log_value::template g1_type<>::value_type> { - void operator()(std::ostream &os, - typename curves::bls12<381>::template g1_type<>::value_type const &e) { - print_fp_curve_group_element(os, e); - } - }; - - template<> - struct print_log_value::template g2_type<>::value_type> { - void operator()(std::ostream &os, - typename curves::bls12<381>::template g2_type<>::value_type const &e) { - print_fp2_curve_group_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp2 const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, typename fields::detail::element_fp6_3over2 const &e) { - print_field_element(os, e); - } - }; - - template - struct print_log_value> { - void operator()(std::ostream &os, - typename fields::detail::element_fp12_2over3over2 const &e) { - print_field_element(os, e); - } - }; - - template class P, typename K, typename V> - struct print_log_value> { - void operator()(std::ostream &, P const &) { - } - }; - } // namespace tt_detail - } // namespace test_tools -} // namespace boost - -using curve_type = curves::bls12_381; -using scheme_type = - r1cs_gg_ppzksnark, - r1cs_gg_ppzksnark_prover, - r1cs_gg_ppzksnark_verifier_strong_input_consistency, - proving_mode::aggregate>; - -using g1_type = typename curve_type::template g1_type<>; -using g2_type = typename curve_type::template g2_type<>; -using gt_type = typename curve_type::gt_type; -using G1_value_type = typename g1_type::value_type; -using G2_value_type = typename g2_type::value_type; - -using scalar_field_type = typename curve_type::scalar_field_type; -using scalar_field_value_type = typename scalar_field_type::value_type; - -using fq_type = typename curve_type::base_field_type; -using fq_value_type = typename fq_type::value_type; - -using fq2_type = typename G2_value_type::field_type; -using fq2_value_type = typename fq2_type::value_type; - -using fq12_type = typename curve_type::gt_type; -using fq12_value_type = typename fq12_type::value_type; - -using fq6_value_type = typename fq12_value_type::underlying_type; - -using scalar_modular_type = typename scalar_field_type::modular_type; -using base_modular_type = typename curve_type::base_field_type::modular_type; - -using hash_type = hashes::sha2<256>; - -using DistributionType = boost::random::uniform_int_distribution; -using GeneratorType = boost::random::mt19937; - -BOOST_AUTO_TEST_SUITE(aggregation_functions_conformity_test) - -// Test data generated by bellperson -BOOST_AUTO_TEST_CASE(bls381_commitment_test) { - std::size_t n = 10; - scalar_field_value_type u(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - scalar_field_value_type v(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - - auto w1 = structured_generators_scalar_power(n, u); - auto w2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::wkey_type wkey {w1, w2}; - - auto v1 = structured_generators_scalar_power(n, u); - auto v2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::vkey_type vkey {v1, v2}; - - std::vector a = { - G1_value_type( - 0x0f8a94d761852712cc9408e3b2802aadfac6ae8840e33dc0b02c3df6bf3c139bd9390f10bd7e1942d0a4ee1e2bce3c4c_cppui_modular381, - 0x1243524a748ca8f359697c46e29af5e331be8059628a9dca0d9bf7deb4924360754400222e13f1cfc75606d6695422eb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x04c1a1c869d164044f09f9a42a10e4488a99adf06a5a689fabfd76890a137a884adf415d516615758b2cb3fb68e8e601_cppui_modular381, - 0x09846e9776d3eeace43f1b26a71cffc0f84d021168ac96bbf32b0037dad49449a3259df6dc4a9542daec9d18d6ad2078_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x014c6d39bcffbe12ae7af62ac383efe538910888b3fdfff45f7789364f09282bb5ae2dba49f5ffb2fe1f0f36318c9d40_cppui_modular381, - 0x19046eac6839db3f1c57c77965eddee9fb4a542acaa83293fc1ed8a9789a11927ed00ea00dd8a99138ebefab2e0a65f3_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x069e0585b1949fe6224f54542589d3f6afcd2064ec9d7cd90ab941c82bd0ee6f9099a327faf71f8b3b1f3fed9655a948_cppui_modular381, - 0x1255d5100e698b3c118cb4f1f6361575c5b227fb1aa16b357e2a8cfabafc003857d288c6d2fbc34b0298510b0c1742e6_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x18ec551102d9902a3e89c67bb4081451ca67933040da61ede139c0d3df4e703dff22c283870a47865fed8e971ea41a0a_cppui_modular381, - 0x14198bf26269a123d6802c3da3e95df666e839ea0be10da952d52942e1114834b83f816bf351ebb89c040e447183fd19_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1818d8fd8dc994dfba13703ba296b251b58bfd129f8b3265f73a94bc5a424b854cad79cc75321d2161a72f513fe463f5_cppui_modular381, - 0x0165b7d5a5d585709921fde377032bddef937d3a061776ff43b8f6a0d3c2b7fdc61bdc9dc052707da2a6c492a4696f60_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1101a14b720e8e4b35dc2115304af9a4ebb1a0193b4d82379b8c3943363319d4859e1f0ca76aef7bbbd9d4db6becbc14_cppui_modular381, - 0x0c92c3e46da264c431dac023f654e5c5540fe34471c7946dd32d5f25f6bf3529a041f9965206bf3416216fa7e251c5f4_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0c772ec090d90944627d4ce86f7f9dbc5bb8b3114ace872532d02de88bbef7709314257775dd41b506325a5f567c1289_cppui_modular381, - 0x0e3a498329f47387340451a0984b19be5a8eac672704ebb295f85321cd19aaf5d56952b29bd3d0a6e478c010bbc16ea7_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0f30a9e7a22fad589a2cb9a5f1e7af8b70c98479f9bceda75af8770d5fa04fc60e009433f12712fd8a05b2fbc8d8bd6b_cppui_modular381, - 0x0b4447c7af450fcf8f638ce3c6723e151fd9636cec84ba35f278d25d331cd726eb685c1cbaa48bbbb92523c9204dcae5_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0e26525b8fd932191628e29a2f62939d3f7e387646d48bb33a873331b89dbe007877703c6599291970c320274cfaa1f4_cppui_modular381, - 0x089f59a37dbb4f9fc9a7349ecc0222216b6cb38370c5019e80fdc7c953c33fdd9b2da8966954b594097bf8cf7db6e2c2_cppui_modular381, - fq_value_type::one()), - }; - - typename commitments::kzg_ipp2::output_type c1 = - commitments::kzg_ipp2::single(vkey, a.begin(), a.end()); - - fq12_value_type etalon_c1_first = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x140bfee03fbe747bbdfbfad4577ea2af7175c5c601772f2d8f3c1751b32bf7177dff399967040a77606991e53df2d8bd_cppui_modular381, - 0x01204263fc7f73813a0ac121e8e98d0b825b30a54eee57e9ea1b1618a7984212206e204fe51341a237c29861b27c68c7_cppui_modular381), - fq2_value_type( - 0x09ba91ba4f1c1bf8a657a5c946b652f0ca034efe9bdefa7235191c653673d09956c2ca0cf57c1983f525a9112c0f0fd1_cppui_modular381, - 0x059b47fb6a66bd8a99a8a7ec56dddd183b6d1bbc534ff00eaab928a0f10e404fa4fa9ff5cc9eb9a5054eb4dfb3aca030_cppui_modular381), - fq2_value_type( - 0x16cd370184ae0c5c7fddef3dac1f272c0723d1f2e8f5ed93f8996e83970ee546f500e18a69d81538216156e22ef64f93_cppui_modular381, - 0x199a09c8d60f9246e0d895cc230df9ca3e334b846539b20465e1e420ccadf654c02d90244724d241000b342c2461b878_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0798b3616ff94070745cabcaa00627006153cc656cf159747eccc17a423df95905edf7db7da023a06f609c0c0c4ed808_cppui_modular381, - 0x0bb15ba186dfdbd6c60c277bee3b29e4b51ebcfdd060cafa265a065d63cf8c72df03be62b31ea8f3b116a6643d8aadda_cppui_modular381), - fq2_value_type( - 0x179b1fd8d7d72a856dcf12c48c3b91db3930a18afd17660f9047d030a79b494844ff3901fbe1d1fd2933cb76681c68e9_cppui_modular381, - 0x1679d14bcf02ea246f8486419ef20d5384a5d11ef1ade7b7c68f95b27d6bf8e1670a4ea192c8d8e53999ef359b9949da_cppui_modular381), - fq2_value_type( - 0x03f46c37e53e33257aecb46bd3cabf6f6019a2ea481ac567c8badf8250a27425e425d36614ec8f0bf87ea75df4443bdd_cppui_modular381, - 0x00332853a0ed64dc0e7277fe792432644b9acc0955863ce982dbe3f3b6798fc4a9f56c98293c79e8eceb9e76d579714f_cppui_modular381))); - fq12_value_type etalon_c1_second = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x044df213be87f69e1ec7d16f831f3651c88d9c933bd005e390d5654043c94135e45b558b7f2ecf6ead89208261de1e97_cppui_modular381, - 0x113daabcd8e117c7799008110783afdbaf320c623c13e1db4cb79e014f9cb825161ddbc05c7777aabd31513c7fc1cace_cppui_modular381), - fq2_value_type( - 0x19080dd8b95ec5b5e59c29db031a430c940c26559945c7db463737e778aa2fef9d1287196644e0b9fecd671f30ee6019_cppui_modular381, - 0x0487279eec345a6b8230e476eab49bbd28b85082994f3085002c79fcc1c893aa54a46ac2e1b28327b2f21a679428e9d9_cppui_modular381), - fq2_value_type( - 0x0c9c0377cb585dd7422c3348d3d8ce89befbed472c2570411b15caf6a6bf4c69dc6e7db6092f7d0bd2c8670de5e3ca96_cppui_modular381, - 0x100ae902f195d41ff489e9fd3d58b1684c1c8f81d05f5b99d0c0ab6f0399a893515137edb4c93e59130ad4cfe99f9b37_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x195985fab083b606700086a5abf53c873a03b2e6df0af1ce26430d3412c79958133d26af8e7a5b9a4d353920019a3e7a_cppui_modular381, - 0x0300204c07b1559a6a9ee972e4130960fe286f50bbe4abbf5a3c392d8f1c78673e224a5c0f290c6a273dc4083cbe36c9_cppui_modular381), - fq2_value_type( - 0x14111077e1ff7677b532ed54e204c82c8c03b0ed963e44d2b9fd615ac4fbdb876f8e0f6f52e11448ea4ab3cd26616200_cppui_modular381, - 0x0d46ee9f57f33c3d6216de22f24f697cbc3ede24da2207c8fc27d76153a0d39ad4198ed01b68f24f9357680183f0a1cf_cppui_modular381), - fq2_value_type( - 0x0c9ecea9b38974348515e5362a0f1215a6f03d844db50e539d5a1d50999f0cdfdfdd72c9fc6b6f29c42120cc7cc77e63_cppui_modular381, - 0x0e24169cd073d7a84f4bf841f4fc2a223389cc55b3e002d8c8f586183b2aa269909dce414377f17145e1a69918cfd155_cppui_modular381))); - - BOOST_CHECK_EQUAL(c1.first, etalon_c1_first); - BOOST_CHECK_EQUAL(c1.second, etalon_c1_second); - - std::vector b = { - G2_value_type( - fq2_value_type( - 0x09e690df81211b6fd71977ace7b7f9907822ae7404c41e08f3a2d7b86daa17b09288c958dbf89527b1afcd50b59ee4c7_cppui_modular381, - 0x00f8c7df5151249b79742ff5ce80660c13ccea63fa2469c48e41671e7a9b693ee2f2c09cd27954bc9532bed9f6d0bb41_cppui_modular381), - fq2_value_type( - 0x0f959ae56e18cd4185c44ef8b9d0c4930edede16b47963a4871b65fa06cdb5ff69c62f657b348bf189cdb0e3d6493272_cppui_modular381, - 0x03c8015d3a153613d2f2419c911cf6fb6e9428ae23b98d4f19b81e3a57c8c5459f8063a2501aa89fd5ea940add2d6e66_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0c5e0f7fdfbf77ee7d140464ba731db9b99f37df0a06be3123447db3a46bab379b9bf7f16e9e4429de5abb2e9648c8c6_cppui_modular381, - 0x0cb520b8e96560957114ad6d7e67dfdadb1bd88358b2ce482e8879a8ada324f60872ead531b9cb46b1de16041a7e5819_cppui_modular381), - fq2_value_type( - 0x087b07e6f10e365c78650a766590842a4b3b9072276e16ec58751707724e57261f7102020fb1190f5a730217244157a3_cppui_modular381, - 0x16189daed8628a98dcc5c3982df12242107a2776939a0e23e96ec3a98242ebfedf3aa0ba6faecede760d133e4f8b3b60_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x15e0fd0a87b807e6390a7e72f57d8f47b8c46602939ffdc91407e08d169e036d8e39fd9f114cf4319153d18053fa1201_cppui_modular381, - 0x021ae075bed23c5c04a58196e20d9a9819eaea4b28cdf2c144f3884cce2b3cee1c2ca67edcdb0c81c7629f43b913671f_cppui_modular381), - fq2_value_type( - 0x0f55034f53bfd3465b0374b7abe44fdb831080ce799f6ae2316df35abe8cae11e8c3c36f347ddc6cc46cb6ba78888b47_cppui_modular381, - 0x022e87bee60c1ac9cdb051cd9d3c7c579cbb77f9ef8572cd42d312a38ec87a432dbe24ee21a165a951f2954efa161fe8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0c26999b288ac57eaa399e65e1d849e186f304c0474f1c5c70acafe1177cbbba719327d0680e30f5a6ceb11feab39c6f_cppui_modular381, - 0x04cc7745b53e41b642a70002f5f7b4515e81b6d1e7fd7de01d5c827c8a5ee8960f32fa4dc17173625d85a44ec7699f28_cppui_modular381), - fq2_value_type( - 0x10301cb9b9846330b836cc9d2b21b837f5e954f1d4618525c52c2dd0b734f1f06bcdf9b669285f437723a59df92340cb_cppui_modular381, - 0x0fea154121f26e7bb8d997bba9c1ae7564d08cd51da04e770fec34886004acf78351fa19618b9f815c35acbe8db8bb6c_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x080785a6c856b3beabd7cd4b6bda1e28b06d971d835f7ba537423b267ee5acc809b96f71898b54b34115f9e06d0cb2f9_cppui_modular381, - 0x0433029a8c5dbc20513065c874be1eabfe92b21ce79ecded24ff73687478997f08659cab60eec74a9e896f7d937d94f5_cppui_modular381), - fq2_value_type( - 0x0d11a2bbd1f8d571f9857353e11822341d24fd51b50155fdf002e41d22eebdfea4b883a2f426332a596edb650cbabcf5_cppui_modular381, - 0x110051f9782ce55f721be563faee85618f262ed52e6c22cea74495647d4a80c07bacbd6db09c5420abc30159b2980819_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x08cb3db1ed554c7f3f8ee249a2bed141e753d37635257b243e9b74add03a91271e9f16da0caafc4193c11d3df5618091_cppui_modular381, - 0x0b817c56f7db7387f7dd9df93a320796a9e1a1365c1f309a82c0e8d711cbbcc394350c8a791ca81ab19eade7f73c72d3_cppui_modular381), - fq2_value_type( - 0x00a00d84ce31283066883f0bcf1fe487904c2372b6a531978d83dcd901c7a7056055245425d76008c87fd4ea36039b5d_cppui_modular381, - 0x00429080cd40357e275b478e75564af9435ba0480caa56c2bed13c5a5ba5743939645a8334ed0990c3e16fc558e4ff46_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x03df0e71b764fe8ee41af3cf3aa581c5134f7f0fa21d12398b623f3e7862a677b810e6152353cfe9cbffde603ddf258a_cppui_modular381, - 0x00eb2582ffd4e5a26175cb6b8087fded84dd8fe45f386c13225ab17c8b95e211401652cc1edf70d8635c58d76569e8d3_cppui_modular381), - fq2_value_type( - 0x12dc4daa59ff9794847c54f3953f20228239e02d96cab9f22b8dc050cb4ce01ea2776273a07bd1e0b4813e3d06b9cf3e_cppui_modular381, - 0x16e45e6a31e4f58f71c3f949d477a4035ff5d4611c8f13df495e7c4190f87190d74dc1545df8704d2611f209c221ac92_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x05606487ad598cd53d5ceeebb6572978a0cae7a181a6264429bd8eec68afc0b9e791f8a4190adf807e4390090082aa87_cppui_modular381, - 0x0ce0c26551fe1fbb9cac5cd681b45715352a8e2961da3b616232285c08f42f652b5858a4619368f5bd55900e66ca2910_cppui_modular381), - fq2_value_type( - 0x174277032ded436b2941e6ffbeea4afd3fc7644754a6eb8838fc605459c13d2f1d8c3479040a0ec9ea345d7412709ae5_cppui_modular381, - 0x0d35ad13fa98efa1d9f665a9212ae2acc8a6a2bcd1d78806c848d0b47a4e084f5491b3c5e2cdc537375bad926ebb47c8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x103f4048259e2498b3235cf5f8c147c9fe5536f736be621a13c7cd2db960c304bb23c5f9554642acad89420b3802b75f_cppui_modular381, - 0x1214f068b41c5302ed0ff42db19414c9f36821ee1df5d19842e87ccdb2eeb2450c17254195ebc6471c0bb2d4a1a5d76b_cppui_modular381), - fq2_value_type( - 0x07f58e4bc4bc0d6b1b55f0a1f2676234ad49d7e5f0fd942aaa296e582aff1a614b3183e622f0069fca3fd91b0e74e790_cppui_modular381, - 0x108460a7cc77970d261962fe10933316dfc1b1012b5fb6fa7c3f1d03cb48953564e7c044b93d0f760176740bb2cdf6c3_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x11879877c76cc96ecf44b0fdd92626e2b701907461426955cb363d54f18bb627220988ee2a2568cc1db7a2504be96499_cppui_modular381, - 0x125028b5a85cd28547ece1d1d47ffee83b5540225c8b3538c724608343df38a1b91c99a6e027f6f6c262f1785248e527_cppui_modular381), - fq2_value_type( - 0x01cbdd7aab1a1be51e6dc92798b94fca2aacda25cf13ecae179e7aedca028adbb5f79ac8bf6a9f5604f9605f0df4663d_cppui_modular381, - 0x0d7b93debfcaca8662889c1f02c6051dea6b6901f17b6bb3c3143d1fccf437e1bef597c7d4d80453f464c874149e51b4_cppui_modular381), - fq2_value_type::one()), - }; - - typename commitments::kzg_ipp2::output_type c2 = - commitments::kzg_ipp2::pair(vkey, wkey, a.begin(), a.end(), b.begin(), b.end()); - - fq12_value_type etalon_c2_first = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06374258f33742cf76fe64480b8ad2a86974a883987baf7e2f49b787ca7c3bb51054a38ac44adb31c7489e9c8d49e57c_cppui_modular381, - 0x19ea09aac0b3eabd46e1d0941468d6d1d2e2b91adc32f789a099202112bd67091fa1ad6607dde1fdeac668b65f292bb6_cppui_modular381), - fq2_value_type( - 0x198f67a348fc61989b62bd222ebf556898544ae0a1ecc812c50641ea56f7bb3345631bcaceba13e150e4729278f924a7_cppui_modular381, - 0x129dc8dbe59bf05522cfebaad81d6f7d8e7d3d66f1d90ab054a4598b50ba594e30ed41679b3ad1fbbf2ade87b5430ed9_cppui_modular381), - fq2_value_type( - 0x12498e9b54216dc229a1005aec0eaaa9b7103ab28feeee6545e316b96b697dc487081a6637ffb77ceb28ada75586d3a8_cppui_modular381, - 0x07fcaf4b1e618d02843eabd0e62a70eaff57d30b6148de786f0a8b582c070ae132555197e92f6f2a3c19873e09c09eea_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x01c30d135188a98243ab65fa03710752698c00ec8dbc0cea0451d8889a6a71a3ad64b22c926e37e4b13fb374642b6ea8_cppui_modular381, - 0x12d513a82eb3c5885a140b572e6871de735417a08273291337ef0c41781eee1856d415a3d4f8e9d7f0a6b52b02935f4d_cppui_modular381), - fq2_value_type( - 0x03b5a7efdab63732332d570bca0420cda704ca14ae354dd71978e61945520204aff412ce01b96b57751903fdd0f8ff60_cppui_modular381, - 0x14f1eecb185e456af66d744ce71c9a97948f615fe28abc1118525b8fde195fc35ee1391c9d17c456690eaf7412aaa34f_cppui_modular381), - fq2_value_type( - 0x12247d032fe95b80cca3eb325c377f4d9bff75ced2d2218b46ea3425e0dff032cccb8915f57160ef3156e1f3de32570c_cppui_modular381, - 0x0786d9e022313cc63f2f9019ad0c20fae5ce649ad6f65a15a41c46d1133896be4d584c481116ec988cc621fee980c423_cppui_modular381))); - fq12_value_type etalon_c2_second = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x05d3e965b1ddf572f81453a80474f013bdcbcbe76091bccad474829803926286c83b30be9b50eb810669e3583b0ace6d_cppui_modular381, - 0x04a9171487ec6caccef97664499065f53a64a2b06dd0a5fea4cbc23bbf793f2cd91cef8c27a49750b2725016f2708a02_cppui_modular381), - fq2_value_type( - 0x0468d7a42d2338bff7ddffaaeda808496dd2526ff36ee861d9d2fff332997146a5e3309a705b649854f1a5728928a2d2_cppui_modular381, - 0x0c98328b0db9e53e51592c3272ca21acb93f4975ca3f94419b6b2a46c75c5f879a83dedf9d4443cce15339e7ab593534_cppui_modular381), - fq2_value_type( - 0x04c526ce7891dd2e1efc326860147829bc55586cef46fd4190a574069b2cf59c48cbbe6017dc11a38670d0e1fdc02bc4_cppui_modular381, - 0x0f380eba055ede7d6c14931bee8b094e1e67c4a6b526895cea679cda1fdf0f298bb71f69c867ab00d3573d682154ee34_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03c63b40ca07dd457d85a76166eab0acdd212bd07969b87e37d62bae6c5a207d42d1d652ddd1ddbca31978f45077c5be_cppui_modular381, - 0x07ea58d0dceb0457cfc50ae675d41b8d67b686a0013d0eff44b7497f420fb61717cf298bde3b9a84ae6741af069db641_cppui_modular381), - fq2_value_type( - 0x06b7e4d967b9a9debd338c044993a45f18dea0ac2a94ae075a7be650d47d2f28495d0115b5a1b944d3c420664ff8374a_cppui_modular381, - 0x07e9dc11f7bad4aecf09ec07f4d158996f51c9c6d2784f670551d6786f3c0f44b974b6fcd1b508165e43d7fbae297bc8_cppui_modular381), - fq2_value_type( - 0x0768f0ac2cee937c8ad88372e16e9aeea5186fa1a65ca7f1290e0c361d2f2028e9dd35da7d4d32922610190b9a7cd39c_cppui_modular381, - 0x047a4eaa8daef463a886a6483e9544a810e613fba4eec17b8b9308454c742cc0607671ac4007145152368fa0562a7c2d_cppui_modular381))); - - BOOST_CHECK_EQUAL(c2.first, etalon_c2_first); - BOOST_CHECK_EQUAL(c2.second, etalon_c2_second); - - scalar_field_value_type c(0x72629fcfc3205536b36d285f185f874593443f8ceab231d81ef8178d2958d4c3_cppui_modular255); - auto [vkey_left, vkey_right] = vkey.split(n / 2); - typename commitments::kzg_ipp2::vkey_type vkey_compressed = vkey_left.compress(vkey_right, c); - auto [wkey_left, wkey_right] = wkey.split(n / 2); - typename commitments::kzg_ipp2::wkey_type wkey_compressed = wkey_left.compress(wkey_right, c); - - std::vector et_v1_compressed = { - G2_value_type( - fq2_value_type( - 0x0b74b7f8348ef6806367449678620c0943454fb99a4c35db90f2effabf1222b8b0d45175f812eaf687ac8eb8fdcd35e4_cppui_modular381, - 0x101b4827b17e42992ec9cbfd7f942fe15b950bae7e44dbc004c6c6c7242bb7df4b02e54e2b2dd586e05e706236f53148_cppui_modular381), - fq2_value_type( - 0x1430aa96637e61f55af1ab05b1e3fb0c7d74fc922c0308d964c639103d15816cb3a8b97cf6e43b8bbccb1fb0bcf3c813_cppui_modular381, - 0x195f9a7b105c1ac10b22a5c548fffa142eda073f91c1d867e63c86f1dea2633fc209481d22dd15d6f5de4ce8ff8c52fd_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x00c8044bd8548f5ae0c3a19fc8b3980fc94adbd9e7953c3715b49c25d2ffbb0ccdd1c7dba056a44d0696a0d9f907870f_cppui_modular381, - 0x09bec35b32da6f260bfdabda7f42f6d0b364f9d0527f3ee85019286898776877ed491967f833431a50e9d26943b7e965_cppui_modular381), - fq2_value_type( - 0x183f644129e79748ea3bdffe2e8f401928ddb814525c229ecef3c181c24fea8e8f814a3da08ad7916af21f5263c86ea0_cppui_modular381, - 0x04703ffe02768a0ffed187e084283db046e8c5d8a871e1cd4f1294c27f0729ade6e60706f5d78943296a0800882a17dc_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0a049b5bb3922ded25acbed4fe6fc260524c4d39af5f6820c0f25f76c87a5de587224fc4ab4ee0fb8e51ca5b354ef034_cppui_modular381, - 0x0089ae4a8fe593660b04d3679e496747347ec7a0091dc4a02cc51cb074c0fa88426acfb5690ed6cfad1e0db3d7a3686d_cppui_modular381), - fq2_value_type( - 0x0761e2abbb49a3b011dbdb7f904a28dd8316497f0c16bcc06e6f2640443dbad8f1876188102850854c9b82a082e1bb80_cppui_modular381, - 0x02fbb2d1918807d74d16514e1943f393f130fb2d7d6cde1860ce1f5cbe7693bc0eb1e1a84c129cdd063d3b4f121f81e5_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x11556de064ace780a8d6bd92fe9c32f903d65ffa039a596385bb865d61518d3916b319bfb44da815c46352deaff6498b_cppui_modular381, - 0x01eee0a3f808f727bf741a2d036415e3dfcd9abf7a3445c4f0c4b87d5629e5013d3980a1e170c9d170c33d6fdb4d7252_cppui_modular381), - fq2_value_type( - 0x05b816fcd58e57c58211991f38f1a64ad6be94bc7b1f0a9844f6438f3dd80d3cc51c131e797a0c49bb3a41de4e145615_cppui_modular381, - 0x15e109abc824df3600fabd8f186798187f39c6fa1c751602882bc551c19007012003f061f3e6820a36dd7c3884b0a9ee_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x15293a0e5372631bc3aa71a40cc067bd7eabd9a273bb2e4fbb0e33ec09c6c610bbe473f4c2fc0e276d0fdf3d80ffdae9_cppui_modular381, - 0x1725efdd89c30b2d7665e250e4f0bdde8f97c75ef28c1cc277617756cc4364396ee709aadccbef3dcf2739fbe6e672fe_cppui_modular381), - fq2_value_type( - 0x05a0d144964762de0be4ce7fe354f3d9156c4316c8affe4ce305d0ab10e684317d9d77a32f306d2e57ed9eb7db8a3c9d_cppui_modular381, - 0x067332db95199c7a9cac48cbbb4d172fbdb368693995cb9e6df88bb3c920a49ea329f6cf52528c8e1289f5189db2b347_cppui_modular381), - fq2_value_type::one()), - }; - std::vector et_v2_compressed = { - G2_value_type( - fq2_value_type( - 0x186a7e15d408fa91dd9e7566d188fe02f7baa045fd16951d35b9d21acfd8005f95301d22fce8441c81c61b955e4589c6_cppui_modular381, - 0x01209911f0abd559c390384a373b2d8e76bf5ac5675d3a5920e80453a8a9c2b648b993c4ba7fb401436e0406f6d8ec31_cppui_modular381), - fq2_value_type( - 0x0d25f34ceeff50e5502fddf943cfd36a628d119cd5f2d905617928743e71e77201547e433a407eed7f214f26c6e98424_cppui_modular381, - 0x0ac2daac37505f408299340e30438444e5a9952a42d388966ceb504cab2a5498c38c318f1dfc5ad8055cd147ed8734c7_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x06b57042e4849b92a4e81346f8ba0114340c47d468096a46cddc32cfdd719a62137456eeaf56d1d28e0235cc806885c7_cppui_modular381, - 0x063ca8f71db63973e371d8bbd76eee8fa490e59a7529b181c278b67b7a2b415440ccdda92a8834f4da915fe0383d43bd_cppui_modular381), - fq2_value_type( - 0x055dc89a8b6d8dc2027b1536f7e5ee25d6d1c3652860f2749bc97d17f91ad1655566b224339a8bcc2969783258716529_cppui_modular381, - 0x0ce40dca881a8a4e995ebd12c10ce9f5081bce504e97f4e9f6ade1340c800d399a5fe3d669f44666d340663345e675e4_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x092dcde789e5a67dc5614d0b2462c550e7aa9be6d66d3492706f1454aaa2818609bb8dd1b850aa82d92d0f64c33d0435_cppui_modular381, - 0x170f8e4565aa5ba8187714ffe7baa3a4917fe07475acc3cbd8fa429e034fa4f3ac53b06723eb5696f15d6e27393d888b_cppui_modular381), - fq2_value_type( - 0x07cbeb5679bad39efe161160a9f858ee129d82c0df28865a96dd23057ca9827c3606f3c2162cb76ac762f336e6bbb871_cppui_modular381, - 0x19034ae5fcd14ab1ef3e1d979fd14ee274e61a1c64992f052c620f0c91a9a103f5a7bcb2bf5ce3056f4bd593d26f4a52_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x109b9b9fbf16c6fff2cf1f276ad1b09aff3ef976611cdc825f78e0f7ca76a271829e694b7f23a9ecb525427cdab92ed2_cppui_modular381, - 0x150d3c3a996cb5713d597b4451e41b34b1b55b722784e951665fb1d07ee3c2ad5630ea3a35466c6dd8d96b105e5195bf_cppui_modular381), - fq2_value_type( - 0x0f93626288c013dffd087a341de791d5bd0c6cf04f1d0daa47232fd2705042c6a7627d902905bdfdbaa599672708a020_cppui_modular381, - 0x0114d3a70ba03f3991a8c09294f3272e5143a84317494cfc4877f4d22eecb80be7fec0d6d80f6f0efb1b8c678f27f5ac_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x048f8757d41ff0940208039356e5ea7f8014761dea150eb67ef174d406fca8b3ebebac9f8872107ed155d43bbedfaea8_cppui_modular381, - 0x14120aea46096abc03bb60ba301ec921f631dac868d95c2b2a863a74357b4f83ef1f5f5ccb056689abf4a3d6efb37398_cppui_modular381), - fq2_value_type( - 0x1184c3a34c160c7368114e39f29e949692b45527a4db659f278f3d36761d6906295dc9b7535df62d439c1cac004bb808_cppui_modular381, - 0x197a4921a2fc88f5309e37a21931233b54606f90ecaa91fc0eb44f4431cb76615567acd63b588e8d78e76ee922a653db_cppui_modular381), - fq2_value_type::one()), - }; - std::vector et_w1_compressed = { - G1_value_type( - 0x0cc4f23befb077b70594e4727b515a99a71e37a2aba3676f06d92ad8607515b17d396a41c44fb6223d09c38b9609144a_cppui_modular381, - 0x016d54a871a0c361b7b529277fbe4f1c60ccd683a7e2a9858605fec8cf06d485ca88c29b42ed0422a7b227e6f31e0378_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x105a1d84e85d2fbb65419dc25289eea9c6161740ffa7b1480bb9c9c55ec8a5c6e23bbea43ef9e8f1b3f4ad50de0f010a_cppui_modular381, - 0x14c7e1997b89959300bc4d6f26ab37a08426980d2f1776d573ee3d43e44afffe4979ff4690c1e8e189b9e659cfb54302_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x03c866a31a613ccfdab2848521c14a42e232493f3f0799095c21e3f08d04b5fb2a1570df09a9005d1990bff956e2b8ec_cppui_modular381, - 0x0b036658a0a7c475779b17f180a4335e24391f547eb4aa078c9532aeb9613acefc2b97e83356034bd6c9cc6a2f3566fb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x043d40d8cd4633e48bbfe4aa0032517cd43696465e30269363ab61a3ae9a37be615a36ca3088e3524ad19b3cb1bb2ec8_cppui_modular381, - 0x03595a48c66399f7a07e9753e37cb2419bf288fb247907bccd67f481f184f12d8c3528485d1dca17a7c69ecbae23dae8_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0c47c20a3997052ec6ad1b217c1adfdcf17bb25998222bfd231e69f67cdc8008042cbf1fda89a3bb36715de890c0833c_cppui_modular381, - 0x18438fa4cd0ef23b24bfb959eacc54edae6ccd3870fe55d7fba589c628d5db98cfc0851b231477fa62ac161f0fb882b5_cppui_modular381, - fq_value_type::one()), - }; - std::vector et_w2_compressed = { - G1_value_type( - 0x1670abfc0df68a21a2c7cb3bd1c62f8a48fbfd4799d83d484c996ef3d82a3dbdf5fd0175da7abe3d2ba96f059e1881f7_cppui_modular381, - 0x0197a0b5a87ba59fd2c0a9c4de2ce5f773960c4cb59f6d1ef0657cbba79f0f499a7f58d09897716a676edd0a8ca3008f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x026b17c7a93778cdafc553746420a4d3689de8ec7920233bfd5d0abce2e1cfa29845ad7da2f3e36dc7934e476268284b_cppui_modular381, - 0x0ffe95d7d5b842f8d8227f6e84a728b7a8cf7dbd933d80b2d90a17658dff5e61d2a54b54c575624b74d9b322f7fe2a01_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13041e72558e8360e2b6adfddeddbd4f86a325245556097bcfa3fd6beb8eeeec6ae8a116545e89438b2f93f9dcf12250_cppui_modular381, - 0x17698d73a7969cbc92b884f01d86c8034f7e764ee8f8f3476b557eb558156bd678706ff636575501a394d91f28314531_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x133030a621342bc3b57541336a5cc1e389fe746d27904be1bbb948abfd281cbe9bb90d746343e8e4481496d3202015e8_cppui_modular381, - 0x0cc3f51d219fa568723c86c71cc6c11160d00a3b3031268a5f6eabe6672e33d147de99d69f4e7dece907f1b954134b5f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16f1afdc3b42de247b9278a284ef853e613bb90cf9342b8ae7a6a9cec7f7d26d669d010c69443384d41555943b04de43_cppui_modular381, - 0x0d138e4715989d4c70c92613b10103c17ce187a5f135a7d07ffec540c6101a24c8fd36f9713c25627e8db62a2a35baa4_cppui_modular381, - fq_value_type::one()), - }; - - BOOST_CHECK_EQUAL(vkey_compressed.a, et_v1_compressed); - BOOST_CHECK_EQUAL(vkey_compressed.b, et_v2_compressed); - BOOST_CHECK_EQUAL(wkey_compressed.a, et_w1_compressed); - BOOST_CHECK_EQUAL(wkey_compressed.b, et_w2_compressed); -} - -BOOST_AUTO_TEST_CASE(bls381_polynomial_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type r_shift( - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255); - constexpr std::array tr = { - 0x3540c82ee6a14e5d87232db54031a151c313b02c2e5fb8097c98a22b5b1e248a_cppui_modular255, - 0x3cdb7300a2167608f0b4371abde5bbeb0134d0a10c684e15942b9ade19be06b2_cppui_modular255, - 0x1932db8eab26bffd30801c82338662329a83e9cd9e69f8547efee3b971c45333_cppui_modular255, - 0x28a5a5846b8ef1151e23d7dac18b31b6f79ad9762d93a5ab7a09ec367fa15379_cppui_modular255, - 0x32fc439e07ce9f303a50fdcebdede1b4aa3295a7ea84e5dd746466ce09edfadd_cppui_modular255, - 0x17a55ff8ad252c1506c91301bf374301c2ec773f996598c10ec5b8518ab97910_cppui_modular255, - 0x1c8ea45a048d71ca0dfb90deac07c6aba0c661e44b89e40af2ddfc02ddf4a35f_cppui_modular255, - 0x1ba576908f3a792ffba1b1f2f427514cbd2fe9caf194037a178d47b2067547cd_cppui_modular255, - }; - std::vector et_poly_coeffs = { - 0x0000000000000000000000000000000000000000000000000000000000000001_cppui_modular255, - 0x480d5d9990c007e523111f13a4e4061ab69d113818dec59d1273f49f52296162_cppui_modular255, - 0x1c0abb58c4a3de0c94bbde371db6475242fc6123f3e68e3022882416866a0971_cppui_modular255, - 0x3eefdb325408c8ed044d2d8a245821eb03313482868f0776d5db0b6b304de06f_cppui_modular255, - 0x03441b4883df6096879ef162eddeb395ab9a80ca1a2403a61f9bc5d7b66d61a0_cppui_modular255, - 0x6ac136f24de0910a56a8c00eeab93f4e08c4754b0af8d77d45040c23483a3601_cppui_modular255, - 0x595796f3711a982dc195fdc294444fd4127b3bf4fb57ef1fe73ba786e2cd8b3b_cppui_modular255, - 0x68242a724d539dcde318352368080fe13ca7e75638953bee46cebb2aae451d63_cppui_modular255, - 0x1cd6f4493f342dfe8fba32ee030dac4c002ed16c84c9fbbcddf4a510a72d63d9_cppui_modular255, - 0x28ed796d756ceaa877742c2229c7a2249fc6511eaa85f82d51f555c3aa60623c_cppui_modular255, - 0x6013627cbd87199375925d96bb505c1e2c2fac69d0072927a3d62ed8214990ed_cppui_modular255, - 0x1d3c7275c9e6e11e2a4c960edd8c7fd67843a0c59a024bf44fd5314c838e199c_cppui_modular255, - 0x2d9e8b3eb9c9f4ffc6901f6bdc89ec2d6dae92fc0fc19260532723bc3821dd96_cppui_modular255, - 0x584dace948f5c058c571fab6b534749a83f02cbf95c964155c2c221d586dd67f_cppui_modular255, - 0x3c1dc72ea7a79bd9a7fd76ee22484cc48c0bd7ad5d66c2a102862ec7221a88e0_cppui_modular255, - 0x53afeb3f2a7f9cfd5be3ecf160a0316d75be4650158ee59f1960a17ce7e0cb57_cppui_modular255, - 0x3ec8e839758da1f92f47a8777c38cc67a9e243f0a34da25f07df0e976f99cd8c_cppui_modular255, - 0x3943ba6edcade9f65c9f22a154f1b9ca45f1a23b058c9c0e0c6c3c0f4543f491_cppui_modular255, - 0x15aef80fdad1d60ee81fc555b4f8c8f3cb5ad1f0ce2a40e3fba710043dacc1a7_cppui_modular255, - 0x142197f4144a72cb8e25cf5c976b06f9ca9b1aa1c7268be77a870dd3542f6a12_cppui_modular255, - 0x7385a85b56d429a29542d4cb9f41dcd1adf8268c5c560568ccd6b907869722b5_cppui_modular255, - 0x16883f376358bb8b5fcbaa95c203bde08fd98efd6a00de6d286452ba5acaefb9_cppui_modular255, - 0x24f6e1eba0f8bda6c7bba6f678825efda1de9437c37054d68e6dc26d162c616e_cppui_modular255, - 0x18649997a5f6eaafbd0c770811456c1123e1c5fa7aa7d07da777c6548fdfb0a0_cppui_modular255, - 0x5ed4c557c48b3cffc1f462abdf8f4d9c1f2b0019b09d4e83561961bef7be3ecb_cppui_modular255, - 0x0d1916a0935c0f8a5e1d06404fc6a96ed931d082ed1187619ade67cf1892f41f_cppui_modular255, - 0x15437e1083ee249424c4e9a49e7a3724d4d960d13606a76a192bb7012b5f8df6_cppui_modular255, - 0x4f8d6caeb51340c7e7d6341dcc19f4eb7dec5e6f02cc910cd5ff8bf200c9c8e5_cppui_modular255, - 0x70267178abd9a15e624f537d5716e68281fbf95d045cb3a9943cdc26b5bcfe44_cppui_modular255, - 0x2fc5d00aa95d2e97f24d20d29ad4c8307d3b0a6c615429b62f93ecbaaa5fe09d_cppui_modular255, - 0x1a4ba280ba66e01758596ff10ced5f871938cc63228445048f8d18482ef48c6d_cppui_modular255, - 0x1ad39de6f72da86c7730db7491c6dae910b3528d6c5013bbf9adb62c215efdd2_cppui_modular255, - 0x6932ec74d018d36c376c29c5bd0d52c3a526c0fdb34d0136dd9fc87bba6cf45d_cppui_modular255, - 0x44eae134e384252e2ea7bc1b33283bd04edbe1417a22799b1793f2ab0a29a7fb_cppui_modular255, - 0x0db00937710081215915ac1e7dc70b3a4b49352f9a1813aba087629874eeb341_cppui_modular255, - 0x207e89c0c4084f21abd035037ec66165348909e8f2e03808ac3a099372cf927c_cppui_modular255, - 0x105c4d40813de99b80d86ce5e92f8e1f3caaef348644f0f9942a514ade360be0_cppui_modular255, - 0x31e97c20fbc80c8c05758a8530156f2566c1a3d1095df49f4e7f2d3f82e25876_cppui_modular255, - 0x476154855d5fbbb0683806fc9e2f9a6068afd35595a8c51a332bdddae043307a_cppui_modular255, - 0x031874d3c0a6b1324366b64039c4fabf94b0243c39e77a633b6ccd69cb0c8c95_cppui_modular255, - 0x70cc56d291248c13b1341d1964b6837dba9cb47ad37d1c5d95b24406e5a7783c_cppui_modular255, - 0x2ad3e32cceeddbca5a4b04f2aaf2df0726dd4e701e4d2548764a8c0a4647a407_cppui_modular255, - 0x1e3770a820da575dd692bb5bacba9d672093c3247af5b37488fd40e590905048_cppui_modular255, - 0x6ea451815ae5fd07d6b203c600592fbf67f7f71cdac9ad505093cc16a71b5f58_cppui_modular255, - 0x6931fd34b6eb5e501455a274713ecbbaed12c116fbf10585edb00aad5c9225ca_cppui_modular255, - 0x391772c1990b157a9c080afe9e5fa2688565483deb4313d9b3a2398b94a54531_cppui_modular255, - 0x6fd11da108d634967c28d706e1d238952532e938c3a43d2f4c80427ee5e41465_cppui_modular255, - 0x4340a1cdfc5337b60859988391a22c5b74df5fc06064b69c351b0d227f437e78_cppui_modular255, - 0x4a8490fe693187c8cc205c7dedcdbc4708964da51775ac88b298465bf23c1bb4_cppui_modular255, - 0x3e136d819aa9dcb7cb78c693b9feb213e51e79c23df7b3a4aaa64357c459cc09_cppui_modular255, - 0x0096de691391f1e4896e9d17d690f5cb948965349174fc5f488285125362a2db_cppui_modular255, - 0x643df8ad7ba980771b96936fa67a63e485def3d8f9ea4bb82d350949fb092a71_cppui_modular255, - 0x379dc3dcf086eac6f2532596d5f9670b25f5d752d3d3990e5cd64875deb30458_cppui_modular255, - 0x63211c52065d6c71d6d1a8c77a9000896b9588e801f911b13f97f9803ceb9bad_cppui_modular255, - 0x37ac58c5f5826a91c8b182464a083a04aacc5177e4b88d25ca49136efcfef93f_cppui_modular255, - 0x66ba00908a3ba13d2a04457f2094627992685524b6798128e36b633853433526_cppui_modular255, - 0x717311b6e53630e6bebf9443d93a796518c9c8751858deb57f1282c42bc67de3_cppui_modular255, - 0x6b755dff197f12e46d8339ff46bfdf24f805d36f46ba9d42735e8f73bb1bf95d_cppui_modular255, - 0x096cf8eb82f7b46a4e28653634c1750dd2c15bfcbbc082622e980e9826657c8b_cppui_modular255, - 0x486806919560cff5feb7c7824f28a13fac252cdc0e9fef3dfe52486fb73c5d3e_cppui_modular255, - 0x63e53e13aa74972b352467b517dbe8af338d966a5d3aa694b882e2c84e44380c_cppui_modular255, - 0x11063433cc63c9174012cc17458f183539dc4cf386dcf3226213c2179ec5619f_cppui_modular255, - 0x690111ad5e36e656daef3951a67d6610f73bbc301bb42bd3dbd13f8c80abe930_cppui_modular255, - 0x72d25810142fefb4dd10f7f228dde90a73fc0906c77f571471e4af5aa0bfcdb6_cppui_modular255, - 0x0229058f25696cea3fa1f50a6da95c74e5c4386ede7de3b3f505a0e638389bc0_cppui_modular255, - 0x262df7daa19ca683206206a485552a0e431666659494b259ff769bc6fe0fb619_cppui_modular255, - 0x3b25332af4ace3e424f8e355a19e9d428719db4bbbd5edf2b92ac980ef6b908a_cppui_modular255, - 0x3cc2b194b50c7b9826ce8666be7f9cd062e92f77d98d59afabe2283ea14a2698_cppui_modular255, - 0x0696ec6bbb951f3b12895e7f8b05257b1e744c2707e472d2b9db78a79eaf1175_cppui_modular255, - 0x47c69add0279970e4272b8792df7b97098055505bea91ed0935be1b871af8ea2_cppui_modular255, - 0x051638844fe262b56f2c6c3accee9fd55108cbf8ecd667096b3cfc16b7dadaca_cppui_modular255, - 0x12bd689671b16e03368447f220d3e4c5e9e13b457e48ecf410ebecad2f53ed8e_cppui_modular255, - 0x70e67fef8f8d90648ad9cd68d0aaae2b4f6adafdcbee0c16f8566d162b2d9547_cppui_modular255, - 0x4914c12c22604660e3725cecefa32e3b3a84c559aeaada25170faaf10ace6d32_cppui_modular255, - 0x412fc9ba9c6e0b797d1a03f767cca6c80bae5776906d40a67197f4fde5dd2da0_cppui_modular255, - 0x2156733411bce77b968698d04662da57ed3bc79367399b49014a4f2ea03afdfd_cppui_modular255, - 0x425cf78d6d13261cc329ab61755bb4c211b009c483ec62fa216511611aae2464_cppui_modular255, - 0x6a967e87cfa5d5a9c135a78d1e92edc0b4e2528ddfe88efc32c63090b819f196_cppui_modular255, - 0x1ad2bbdfa528b202ffc3c62134ab5a53b60be156f707bae7a10c5489a7ea7e6f_cppui_modular255, - 0x4942e35742a4915a9c891a92aaaa477f4017e7c82d6ac1d3eece75a508fb1572_cppui_modular255, - 0x65f6ca3ebf4c6111057c03ed0cd1127a100710fcca53bf44d7247c0de176260d_cppui_modular255, - 0x0f6d4e5dd7ace3540c4eafb4bd779c86ee12f0ba5c92fa9e3565e52c06c9a881_cppui_modular255, - 0x5b730bfb15839de0ead3db78edcccdcc80f8481ca4203d526aea37a129bc6179_cppui_modular255, - 0x5c412c415597256e2b9159bf612760007a6c109d287634e1690b7dd2a3cb9a40_cppui_modular255, - 0x0534aa0edd228f305dc8ae5a322b9e09d4ff3b82b45d559d935572c106daeea1_cppui_modular255, - 0x43042bdd06fb35f6a553002098576a1d7594ec3297d4935382cde01edbf3b2a4_cppui_modular255, - 0x02df631cc1de108e3b21cb1e19e27e794625bbbcbebb6b1021a8f490a4d26ad3_cppui_modular255, - 0x1404628368af0c392030080227b4f2a3cfe1aa258357428959f5eef2154455a5_cppui_modular255, - 0x2c93e7c0cf251568c29205a7864c9851dd595e5823332c1e13a110a7bb0a57fd_cppui_modular255, - 0x27a90e636f9d9a35b378a1e1af3973d0c39cc941ebefa9f2fa13ef6a1e2fb8a2_cppui_modular255, - 0x1ce47dc601ee5db8e7f2913c33484ad46476a2e1a34428fd14c7a8e822c52fc7_cppui_modular255, - 0x71c6aef4c005a4c1c5f4801f866bc0a6bd5952b7f5e4865feb4940b3177fabe4_cppui_modular255, - 0x040d465c49ca0315130efa3046e049a687e798ce732567d6ee84727b3fa226f8_cppui_modular255, - 0x71706d9bd063ca170cb9f8c41ec32ccaed394a1a876a8302a45484159907ec50_cppui_modular255, - 0x44c08e331896853c9ac99e97242d8808fdfffcd18f1c2701af2270aded40330a_cppui_modular255, - 0x4a48fd884cfa214545860746f43495ede0aa14cb3693899352f42ac3ac523315_cppui_modular255, - 0x3874018552b8014999bde467bd8c36e792fda187de468dc586a1b81ad4800d5f_cppui_modular255, - 0x13221842137b41f2358c2ac97d79157f0cc560f342507259075acd2c783544da_cppui_modular255, - 0x60ba123f92573c8841afed0951bee188f137ca4f04f918222bff7a8fd6526c04_cppui_modular255, - 0x389f821fb8cacfb59d4589c9b13a4ecf379f701df2b9469ceb934256bbb6d776_cppui_modular255, - 0x16754b4e1c0f1233c649c4e21d780128edac4c4c2b2439cf449088dc671fc348_cppui_modular255, - 0x15efb0852b2230ed66cd64c55233ba16f66f5c5b05a6ca71f180cad01c8ed71a_cppui_modular255, - 0x3781f551e85953156a09b638e94f690902f1ca91014f08979d1834c0ead682a5_cppui_modular255, - 0x011d64455f427c0bd0577131f9ef48d47bad44c152029e59bea541a7a7dc98a8_cppui_modular255, - 0x4ecb58e8f31f80905a95f962b9bec0538d53f8664b314684dcc8d04beccde8f2_cppui_modular255, - 0x024d233a1e662788e529a405dcc3f25fa16cf5b574109ae1f2289d5d2193feb7_cppui_modular255, - 0x0d0503ed7e91397bc92a73e4692ca6babfec93c725b55cd69a14879f22fd6ff2_cppui_modular255, - 0x39811338758bd4b1d2bcb9890ba2e2313cec6e9f54db2fe82f0d95e0b359840e_cppui_modular255, - 0x2a4e01fa966e5e1c8f7823d5ec3c708f56c9306af2d0321583613df9a2888209_cppui_modular255, - 0x3665f93bb2da394bdd953a883d4c5fe04e176ae7be88e9ecbbf591703c192e5d_cppui_modular255, - 0x0081b49e88f0b930bfcd84492407c730ea10772b809818c83ab95c36f3aa8de9_cppui_modular255, - 0x22339eb7e2c232be0b60f86b7bfaf1025ccdc145b11d6bfa346f1a066cac2918_cppui_modular255, - 0x0f7e1106cf189bd87a972286b151aca5e929777269b968551f00fa0381ffd891_cppui_modular255, - 0x59841df41488a266e2f227dcaf4da41cde578cbfaba8115859becc20b488fd69_cppui_modular255, - 0x6c8f58a4907e2a0b56434db41d3b1e69f9b360f2039d9856c188ab4deaceabfa_cppui_modular255, - 0x41b6ff2188b920cdd099df98164b3d61696eacaec64aeb839024c7500eb8bcaf_cppui_modular255, - 0x59cb1fcd4cffd255f98f5c64c84ea70651b1bed981e99d72cb4c1044952e098d_cppui_modular255, - 0x4dd9da29ce23a3e5c0349517e283e54808855eb60d8b99e223762d9fd98af51f_cppui_modular255, - 0x652fdc9b3a08078583b7e65b9459f42685acd2e1a61830cdfac7506574f5dd06_cppui_modular255, - 0x6ed64a74f8d017974f6fe87fca5ad3d6433462054cece7622fd4a02f8465287a_cppui_modular255, - 0x7314d4441d6e85dbb7c11797760dfc5f004659aee51e7299c7ecace82cadb00a_cppui_modular255, - 0x03ce7f6f76589dcc32e08c0a0642606ce9af3d4f5d7bed76aa270cd50b3e6cfa_cppui_modular255, - 0x3d497c195db408c4eb1f1c34256a6522c20e27192125c8a07370876deb01241c_cppui_modular255, - 0x107a83d4a1d8c489bb1271df2eb9eb0f8acdabaf583fc97c12f2adc5abbe6c04_cppui_modular255, - 0x6fa391c27c905ea55845cac5bb5cf33d0704173e4c32092326ba7e8bb93fb092_cppui_modular255, - 0x252b7b7d7513e0811d293a194bef93f6e19a06ba180d87015bff1f78bff20116_cppui_modular255, - 0x0bfdd6a008dcdfc40ca9b774424f557d4634cef3a8550914ff98fee3ed22d7e1_cppui_modular255, - 0x5d220bbc372737ee19c02511f9c5aabc872d5a167b95c22bf35005de5aeec55d_cppui_modular255, - 0x3d02fd9bd2224c0c5a062fb2f82a288db5db9f749d9eb0ddbd9dc26b205d344e_cppui_modular255, - 0x684eaecbc3d13fa30cc7ea0c3393724de868b8a34dac4580c9fe3dbfdb4a9eea_cppui_modular255, - 0x43e81faa6b9c5e3ccfb5841e8ff60cda8c5a0a71399bba912d99f63343372d60_cppui_modular255, - 0x13b1ecc701b0566bb8cbf4f186104424a2840d7910d75e10a5c3e30ab4d8abc1_cppui_modular255, - 0x2d1c2e7c193745f6d8f5f7aa63665349b399db387e2c838d9b4306d7a385de62_cppui_modular255, - 0x5ba7d9570ac38ef02c5873c5bd9f655632782b1966b119c6f8b47687a229ae96_cppui_modular255, - 0x1f04a0ef594a5bdc826aee7721c288de4c9fc260b012d0b2b6addbd4814a9668_cppui_modular255, - 0x63e5967f5900365a832334f6b52a51c0390f4925761a2dd074c7fafac149afd6_cppui_modular255, - 0x43ca0adc50da6246f4b1ba6c821bef6873d88541a3a27808a3ebfe6c27a7bd4b_cppui_modular255, - 0x29c75f5d0e2331d4cd60d6654eaf1c22deb629837e53e0b723fdb27f0ab6a99a_cppui_modular255, - 0x643189efbd2fd5099df3539df621a8a60af26e404e098f66c369e207a6e22e5e_cppui_modular255, - 0x5bd13b92659428d50ccefca53a52c697e106fcf7b4ebbbd62bbad9e79638bc13_cppui_modular255, - 0x3b9fffa05fb179e966b7081f0f9622d2f9f077cea9b6f02373d3f424ee146189_cppui_modular255, - 0x3c9a59e0725fc1b24b3e79c7bdd37707ed9784c83fab9f4b8b285f4fad637c24_cppui_modular255, - 0x414377c1398bb503f0174a07e8ee6d95783e74b54bb3066df7e16b75f21dcd3a_cppui_modular255, - 0x2dc29d17bfb8103f6d6d48dcebf383e637ef29fab8f801573a58fb18362d1b8e_cppui_modular255, - 0x67031c1c085c8f8cfffac4e0fbbdbe7214c5dcd0a91685f3fbe6c67160e627bd_cppui_modular255, - 0x724b962b45e2adf79b4dad3a9ed82d6df3a1e385dc031d45f854d8dbfa01943d_cppui_modular255, - 0x271417c390b9c3e27ca918f272fe54cfbe540e300115c96eac8520a5dbaa4d69_cppui_modular255, - 0x011690ae897e8a9face5b0a51cff976734b6cf006a81a4153882bcd51194eec1_cppui_modular255, - 0x33dda0320753586276ccadcb5f4e35f8602718f6d8ddddc5f1db1f376616b442_cppui_modular255, - 0x01ade8747e0ffbc898a5467cac783aa96143266853b44ab6c61cd982ee79ea43_cppui_modular255, - 0x363b2ae933e2c5a5d0e91bb5b24d10f48260c2f053101e6f0198b7a06412ec71_cppui_modular255, - 0x5abe59a863d75729a56a033d105228bf4cf5192eae821ae32189e065844f5a48_cppui_modular255, - 0x570507c4c602d257a873aca3d9c023b6c133e73909aad6687099e104c36ed8e2_cppui_modular255, - 0x4a86a84ee21029642a1595c4f1a645e99ef41c411f7c0dade14b2c4e8bc09933_cppui_modular255, - 0x69a18746efa0393beb7702fe0e7643274f1c7da904beb60b42014d5967ca4b34_cppui_modular255, - 0x570470137359d4b2526f2f489d278e7340b33ae8eb2d9bdb64140067e784abae_cppui_modular255, - 0x653274fd83f5249fbe2e778835c93a23ab783c17b5bd2e85d6dc5648673a6f04_cppui_modular255, - 0x27a2d4099898b0f9f2d1c7f2bb7f70bb1ca1f56f5eab19909400881451434a31_cppui_modular255, - 0x00d8fa1404342a92e90006cba8c13879c90d4c575181b1453c5b790f5465a16e_cppui_modular255, - 0x14435f925aa0f45627bc67436e1b5cf50f003df76037f87b94b4204b21985099_cppui_modular255, - 0x6c066f3f9d9e5d5147456c07203b4283e19298347018292c57a88c1a984268e2_cppui_modular255, - 0x5b515f3be19fb374258075bdd0f16780a3028197c7a278dac6beacaa31ef9ed9_cppui_modular255, - 0x4c09d00fa5ed074637b7c471f9574367ab7e96006bb5dd976e6ce0fb8c510bf8_cppui_modular255, - 0x20d127b6078a21ef7e54391932c085e7f4654df49e8f103e25892c8c20244b5f_cppui_modular255, - 0x580475a5b814e0d82b701ad59f33719fd2653a513dfe376feb6797c9177eba7a_cppui_modular255, - 0x63cf6d747ce233351c5d5df3dfdf5b327baba26df40f08935a22946d55841a0d_cppui_modular255, - 0x351d8afe67168f60d78f4654096232279b729ac581817d19eceb83c5bd92b447_cppui_modular255, - 0x35440021e1f004525bdb52188b514ed08c4f920fa53988b98029b8dcd0eb11fe_cppui_modular255, - 0x08096cabc485ca9da3f9c356d76f274299908e574d76ac054ae85fba5681fce7_cppui_modular255, - 0x53d7a804607db92e9c398510b590021bab8e1480c8e5397c40ca31cc8ef38888_cppui_modular255, - 0x522f728820091af6ca285f126623378f7a2ac3933d31d2065aa855c67c024162_cppui_modular255, - 0x5234437802afc9769d9301cf53c2804f514b6dbac5e2fe4268a62066796acd4e_cppui_modular255, - 0x1dd3ae12d0c460f223e9dabdd4d4049c023f588cf8aef3fe5f9742416b3daea0_cppui_modular255, - 0x33879fb8eb95c5b0e8dd3189324d24a0c09914611e693eedcfccd4cfdbc833aa_cppui_modular255, - 0x658e4fb9c73f946ab5278a26e4a9c0502d980f74e8f0315e4b0643056c862717_cppui_modular255, - 0x1a122193c5f5f0c9e34e5eddb380afa5962e040b546c628d7b54b62bf8faa358_cppui_modular255, - 0x4e51e99c866e7c59ebe92a359141b7ea603c71626c5b04b468515fe943ed5e51_cppui_modular255, - 0x604918f13a0b91ff8980b42934a14fa80c5f95c16d22379943460c62d0050059_cppui_modular255, - 0x64b52e08d3afb19c2d66c375d41d0b50f9d43350e695f972490d4167b4dad706_cppui_modular255, - 0x6448724b222c98f72de1a942bcb7316f6db646eb2a93a1e1ddb73dde6f7630cd_cppui_modular255, - 0x42e9f2d7e03795995872c8e14831757493854f07fd03e28ea5e481fa2e6e5d00_cppui_modular255, - 0x11c5580567cff78b9a3efb5400a17a1b5f22954b775154dd0a98fc5c133fdffe_cppui_modular255, - 0x4739f93374d06c312798481a586955248e0bcb41b01c584e13de06c4f1976cf7_cppui_modular255, - 0x581364822399de7648f346b78c65ed7e6095c5775d122221199486be6aae02a3_cppui_modular255, - 0x3024a680a2d674f96c6841b936d429a5f20762304d2a29532d65f9743369df75_cppui_modular255, - 0x23bd923a227adfdee0cb10ea11d598897c7c0f906b645f887d292817ee66759e_cppui_modular255, - 0x0fe864f291829c40460bf08ef4f593be2739efe8f361fc08047a4be94ae6dd35_cppui_modular255, - 0x630d0f774643cd197aba40e27bf94b45a7310194fc81f904db1b5eec7c35e193_cppui_modular255, - 0x566c33ddae001788c433c1e1566446c991554c37e67c96904d647503856ce4f2_cppui_modular255, - 0x0549ea7a86d6304311e53674d3de0d7c7a8c4e1651e69fe7dd9eb1caf5ad9857_cppui_modular255, - 0x487304c054c8124adb27e5d3079b3dafefd6b69db2d0605fd4506d3aaa5607db_cppui_modular255, - 0x143e742dd25ce947adda8b6d3dc26e683db77101211384cad7eedc12a047b804_cppui_modular255, - 0x41ef40c96879a56b2190dc10f23525865660b629ccb30a4761b779e0628ab857_cppui_modular255, - 0x134d2d53a84ad41e5cfcfe75bf49c8de1e69b615738401bc31287826763faece_cppui_modular255, - 0x1f5120857962996f095ad78e5ddd8258b08be174a7c369744372278cf98a2676_cppui_modular255, - 0x5ea93fbbec339f9554eefc2f87087781a2880127f3dae033264025993654dfca_cppui_modular255, - 0x2e183d894ab20b49f0b937aaf3d65a02ba29d08c89ca69576d53282827e2560f_cppui_modular255, - 0x142e79bfca24b129f8e24be07bdba8f646a98093699013c149b7e90a4867bd97_cppui_modular255, - 0x61a5b1c2f741290bb64a6182d97d6c6734816eb5e909f5e44d2ead92717dc3c9_cppui_modular255, - 0x37ff04291d41edff6b6888cf36de141d18a60a6f57b27364f84c8ef07dd35118_cppui_modular255, - 0x6a6125e36eaf98e32ca267a90895fefc0610a874f497a4187d4bcc2f997bb873_cppui_modular255, - 0x095ffe71832abdc79e750eed95a627095fe785b7b1dcc9bfa5d61195c4ae1cd5_cppui_modular255, - 0x2e11cf7c849427744c1a6d940df52aa6d65614a5fe3f274d115fad8a2bb4580b_cppui_modular255, - 0x43e72e049425ed5b337b69e074664177ac10a35c3ab042115e14343b50362001_cppui_modular255, - 0x653ced05189526caf7f0d24927a2a1eb9605eac04d449063ebf5852b0638dcd3_cppui_modular255, - 0x36d5a09ed0e448e0e8031c485f3eeb83352c7f8d8dbe6c32247163e681388db0_cppui_modular255, - 0x6c192143b75fee703d22dc756a24785563263138ada8a80a9654d45cf222cd68_cppui_modular255, - 0x61ac75bd0db91ce314df5cfc3848d892260321de1d880c129474cf7035bc5ca9_cppui_modular255, - 0x6ab4587e850dfc102c4ffb723c49952893065c31002f2a17d92a09b6201f7043_cppui_modular255, - 0x2280ab51bfc0c3d03a61b1ae0cd199adf8cd7d595755bff1bd56848ac9b2addb_cppui_modular255, - 0x6db3abb4d35f2abddfbf8c5ee58be7b104c4387e723433985589b504880260ef_cppui_modular255, - 0x213e130c3c34db9d738af21150ba76382d55bb3b110a2d67f6cbe9c63795da83_cppui_modular255, - 0x5dadd4dc264d9463821290065a2ff738d9f936ccc17382615cd600736ef8f536_cppui_modular255, - 0x1c96d875fe47cfa371656e119d3a9646f67f5be4bb8784b47de10a587166487f_cppui_modular255, - 0x6257cc59864ec4e2485be286144458bc3f4458eadc536ce8c5f5bb2870651193_cppui_modular255, - 0x3c694078e47276d26913242fbba8a6db76a7fbda52977241af03234072ddafd6_cppui_modular255, - 0x6082df0b0ff44fe79bbffe9366113b31f95741bb4f7fa86fec3fb08d925e11f4_cppui_modular255, - 0x68b8926a41350f57bfbf1dcc61fa61c37b438d611a53a41adbfc4be14bf35f99_cppui_modular255, - 0x13e6befe321c5a318a0fb7ab897bfa1d78de4a8c2451a9c838b483eebcc80b09_cppui_modular255, - 0x5553fb737e38a6e413e00f77b115943e48e69d6e4ec131ccc22ce4ed47bdb6d7_cppui_modular255, - 0x36f00a4a2739ed9ba56ea0d136d25a1a9d449c187f94efeb4e7c2d88ae9dea2e_cppui_modular255, - 0x1d790279938a84ddcddf1f25f89f7fef234bb90e2a209fdabccbe03fda68a3a5_cppui_modular255, - 0x0a864c6180e057fb9b20cea35bad5aae97114adcc43ef0fa4e52df1e1cfd9265_cppui_modular255, - 0x177eda2f8aaae07eeb47e206c8d0caececaa26ef4907d98a67ec2257b4bc6db9_cppui_modular255, - 0x4ab7c5d7846a1d8fff53196ca2f21a5c9569ac3a5688a536a8cb0d2e4c666c28_cppui_modular255, - 0x54be7a81a0c2d015c0442e5756773c08c66150b73fbabb3b0b00e390c7848f07_cppui_modular255, - 0x047ee8158528b7337c5ecdeb31522005ff4130adddbabe6c741159a34760da6c_cppui_modular255, - 0x416bc2ac134682d2160769543dc6e426c3289207864e283e67b5861e409e1207_cppui_modular255, - 0x644386d878eddba7ab5c64208012a25632191d0072caad8f20b4a08fc366d489_cppui_modular255, - 0x0583ade3f8f05abb91350e75bc22edb668c3c92c35991f16ea4af45c46ee02f8_cppui_modular255, - 0x49c9c118dc19529b22bd954defcf599a61447b6c3521eda59a0bd625e55dbee4_cppui_modular255, - 0x5d8451e2595474c20f0b172a3e44da56d0ec7c369e6c0a991ae473bcf67fb579_cppui_modular255, - 0x65a7e8cd2471091cad4ec2877d96e60caeb4eeb7c3c1d546a91253380c0466f9_cppui_modular255, - 0x26f90507486b52fa6931e4392a196203b4784547c4d0eb828086acf8679cdaff_cppui_modular255, - 0x6c5a8636cc7a511afc6a28f2386d6eb68c91d4f7e7fe8d26433e3e8128c80ca8_cppui_modular255, - 0x162695cf98ffdf0e50cef20f0df3f8eb1d061303b3d9d6a35847c57dd6b61250_cppui_modular255, - 0x08c0eaa9d94a3dcfbb2532d5bc18235d299769bba449e0b5a7593f5c72bac89b_cppui_modular255, - 0x639030fa3f7dad88ddcbd3d7dda3ed3645c9290362b75681e3b1f2371b67756d_cppui_modular255, - 0x4d7bc37acaf75c2d7bbf0c267383ae88da9311bf70a0191e5c62ea75bd3dd7f7_cppui_modular255, - 0x38cb86c550bf3221ebb2baba61a3c77e449bd1fba63deba6a9c337db2f56c7da_cppui_modular255, - 0x3150e9d8068b2d6b9490c4375bc60c329cf3318f52c4d32cb2d5ace796a1f9b9_cppui_modular255, - 0x54f6038946d1bbf0553ef6e328682f0f2e47ef581218db4e6bbfe85d449625f8_cppui_modular255, - 0x4b99ad7201e92fbab4ef236df467d7c6d0a10bd01de4c6d360ed09f7605fee2b_cppui_modular255, - 0x05a5d1a97f870fc676987bbc4962d76a58b60d414645a92e8b1ea01ba3a89333_cppui_modular255, - 0x71f99c0a53d6b69ff00ba55d627d925a8dbfe8b565a657f0b4fb5964427cc403_cppui_modular255, - 0x5263f0e9812d3d52f221a16f50c036fe0363416f8e74f7c27f0ea0147d0c9621_cppui_modular255, - 0x1d8d7473a2bcd19b69501843ae4754fb77c46920b74b6256afb9d9647943339c_cppui_modular255, - 0x52a6679a95609c26e47ee4318c5a5b2b9cbe50989142ced50b485544ddd6acce_cppui_modular255, - 0x065d2b0719c0bcc1b02037ae08f9a5398feca58936dfbd62b8fce028b01afb7b_cppui_modular255, - 0x520d73bbb1d0970ea53b4e6337b9e353d09c5a856b923344c6d8cedddc238bce_cppui_modular255, - 0x595276f8984d376dc47db0485377b0f95b3234e28ae1cdae168762e83db9de64_cppui_modular255, - 0x663ab3819c59044a9ecfda430332513579c7a5801d369969cf18cdcb241273ef_cppui_modular255, - 0x6bcd48bd3a63cfa11c3e9d52fddcee3112c22dbc68784894a63c605442b1d34a_cppui_modular255, - 0x383c0f2c20c304caac5fe8b0a3013e48b71e33c608420c8e7bd04a5c138a4a01_cppui_modular255, - 0x2ca94a4785a3e19bf06a91acfcfc0b695d432984da488e863ad056bf040890b4_cppui_modular255, - 0x0ea0f213dc3ee2d046abdaf721c410e2cea5896940461e46a96bce4f52880875_cppui_modular255, - }; - constexpr scalar_field_value_type kzg_challenge( - 0x73313f808ec41532e12764269b3c8cc1c6d1d01bc4732ebc4c3fba5bbd676376_cppui_modular255); - constexpr scalar_field_value_type et_eval_val( - 0x256def9d29cdb492f33f938c24ef442857ae93f0bced9e6db5a38de07a948d76_cppui_modular255); - - std::vector poly_coeffs = - polynomial_coefficients_from_transcript(tr.begin(), tr.end(), r_shift); - scalar_field_value_type eval_val = polynomial_evaluation_product_form_from_transcript( - tr.begin(), tr.end(), kzg_challenge, r_shift); - - BOOST_CHECK_EQUAL(poly_coeffs, et_poly_coeffs); - BOOST_CHECK_EQUAL(eval_val, et_eval_val); -} - -BOOST_AUTO_TEST_CASE(bls381_prove_commitment_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type alpha( - 0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - constexpr scalar_field_value_type beta(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - constexpr scalar_field_value_type kzg_challenge( - 0x1932db8eab26bffd30801c82338662329a83e9cd9e69f8547efee3b971c45333_cppui_modular255); - std::vector tr = {{ - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255, - 0x3540c82ee6a14e5d87232db54031a151c313b02c2e5fb8097c98a22b5b1e248a_cppui_modular255, - 0x3cdb7300a2167608f0b4371abde5bbeb0134d0a10c684e15942b9ade19be06b2_cppui_modular255, - }}; - typename commitments::kzg_ipp2::opening_type et_comm_v( - G2_value_type( - fq2_value_type( - 0x130cc68002eab5dd042ad6b44cf05764665429255d243e99ac93df93232efe3ab0690aa049ce7d55975d4468d034cd57_cppui_modular381, - 0x0e9117cdcbca8bdd72d5f002edc2174db28e1db8822faedc36adc87f99a6518871f10c2c05959a112e6bec0108b4d623_cppui_modular381), - fq2_value_type( - 0x151b4757ffa7a260ca5cd8d3c7dcb380ce0e31cc9a96f7b4e3c0717cd0af0cf62e166d9128fb8a90d3b0afe2e9c77b03_cppui_modular381, - 0x10f62ada6dfa4d1c8fbf7c7f2bafde9f3b9e8896c6432c16707b7ad6da5b5c1797458a154a7268856b5dbdbc9fb4901e_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12ca1b47637293a935da075572b2fd740a2fbcaa58e2161f61f4fef1982c9f6928d8e3a13a4fe62cf414a34156349502_cppui_modular381, - 0x0384651dd21b50548d96d43ec2ac462c489e3301b20a093ecac9ba24cfd275a2af09c9e699314da975babbf723b4fd7a_cppui_modular381), - fq2_value_type( - 0x01e201cbc84319db30d383db7411df22609ecf4413dac869ad824024bd46f08a715f2d7eaa79419c869947bcc31b2d38_cppui_modular381, - 0x17dd995635f7e23869a028a2aac730c38edb03b6f30f2db044ac27a4a81963a03c4f2cbc2e9c831403d86a97301f10d3_cppui_modular381), - fq2_value_type::one())); - - typename commitments::kzg_ipp2::opening_type et_comm_w( - G1_value_type( - 0x085ea66c01bf2544d5cca506b0f230fe3682d7c7f44ba74d70cfc4b0513f7ee658f7e7bad6cb445399e6eb1677a3f6a3_cppui_modular381, - 0x0f7205d63934b7ac8a8416c0e6f1380cf8ef3fe9d74c5b81a4b9c4cdeee3bc10a3a904534ffc542d0c5ba20b3a2f3895_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x003a5a97983e1323251cdb342bd5fe25e9aec95a6beb85e5b608a8859c4b4465e45aca1118bc1c6982732e93ef4a139b_cppui_modular381, - 0x17886e66a7a0b695a242af2a6ee5e872bdc5fcb7f49e2176fb26888464a5cbd6a35d6180a3db4d308fbe2e65c19e2480_cppui_modular381, - fq_value_type::one())); - - // setup_fake_srs - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - typename commitments::kzg_ipp2::opening_type comm_v = - prove_commitment_v(pk.h_alpha_powers.begin(), - pk.h_alpha_powers.end(), - pk.h_beta_powers.begin(), - pk.h_beta_powers.end(), - tr.begin(), - tr.end(), - kzg_challenge); - BOOST_CHECK_EQUAL(et_comm_v, comm_v); - - constexpr scalar_field_value_type r_shift( - 0x28a5a5846b8ef1151e23d7dac18b31b6f79ad9762d93a5ab7a09ec367fa15379_cppui_modular255); - typename commitments::kzg_ipp2::opening_type comm_w = - prove_commitment_w(pk.g_alpha_powers.begin(), - pk.g_alpha_powers.end(), - pk.g_beta_powers.begin(), - pk.g_beta_powers.end(), - tr.begin(), - tr.end(), - r_shift, - kzg_challenge); - BOOST_CHECK_EQUAL(et_comm_w, comm_w); -} - -BOOST_AUTO_TEST_CASE(bls381_transcript_test) { - ///////////////////////////////////////////////////////////////////////////////////////////////////////// - /// Serialization/deserialization tests - - scalar_field_value_type a(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - std::vector et_a_ser = { - 93, 227, 44, 5, 215, 179, 179, 161, 188, 47, 202, 226, 198, 224, 235, 229, - 51, 172, 126, 121, 244, 132, 95, 94, 122, 217, 155, 123, 243, 93, 170, 87, - }; - std::vector a_ser(nil::marshalling::bincode::curve::fr_octets_num); - nil::marshalling::bincode::curve::field_element_to_bytes(a, a_ser.begin(), - a_ser.end()); - BOOST_CHECK_EQUAL(et_a_ser, a_ser); - scalar_field_value_type a_deser = - nil::marshalling::bincode::curve::field_element_from_bytes(a_ser.begin(), - a_ser.end()) - .second; - BOOST_CHECK_EQUAL(a_deser, a); - - G1_value_type b( - 0x12b8f3abf50782b18f37410b10cf408e88b7749a40e344f562f7cc171612daa1981b9beae698180202993bcdeb42af53_cppui_modular381, - 0x15800fa0ba4aefb8af1a7ca4af19511799fb01492444a070d485c7a3fe9b22bcfabb6bc2007f76a3adc6560ecf990a47_cppui_modular381, - fq_value_type::one()); - std::vector et_b_ser = { - 178, 184, 243, 171, 245, 7, 130, 177, 143, 55, 65, 11, 16, 207, 64, 142, - 136, 183, 116, 154, 64, 227, 68, 245, 98, 247, 204, 23, 22, 18, 218, 161, - 152, 27, 155, 234, 230, 152, 24, 2, 2, 153, 59, 205, 235, 66, 175, 83, - }; - std::vector b_ser(nil::marshalling::bincode::curve::g1_octets_num); - nil::marshalling::bincode::curve::point_to_bytes(b, b_ser.begin(), b_ser.end()); - BOOST_CHECK_EQUAL(et_b_ser, b_ser); - G1_value_type b_deser = - nil::marshalling::bincode::curve::g1_point_from_bytes(b_ser.begin(), b_ser.end()); - BOOST_CHECK_EQUAL(b_deser, b); - - G2_value_type c( - fq2_value_type( - 0x0c23b14b42d3825f16b9e9b2c3a92fe3a82ac2cf8a5635a9d60188b43ef1408627230c5b6e3958d073ebe7c239ea391e_cppui_modular381, - 0x0c45a0c4d7bda23c7e09ac5d43a9d2ea1898c36e7cb164a5cfcb91cb17c9e8d3d6ba5d177f9ab83a6d1ae554fab749f0_cppui_modular381), - fq2_value_type( - 0x03a257633aa8a4f3d03541ecda1ed72f30af7660891d39c9c24da7560d22fbc145c6817d3c2833e54454e664cf528c36_cppui_modular381, - 0x01856f2127eaf9be53b902ff71a6a9b4dfb597f085fb3a2a35980683e82f1e2169beee9943a0ecbca676b4bc9370282e_cppui_modular381), - fq2_value_type::one()); - std::vector et_c_ser = { - 140, 69, 160, 196, 215, 189, 162, 60, 126, 9, 172, 93, 67, 169, 210, 234, 24, 152, 195, 110, - 124, 177, 100, 165, 207, 203, 145, 203, 23, 201, 232, 211, 214, 186, 93, 23, 127, 154, 184, 58, - 109, 26, 229, 84, 250, 183, 73, 240, 12, 35, 177, 75, 66, 211, 130, 95, 22, 185, 233, 178, - 195, 169, 47, 227, 168, 42, 194, 207, 138, 86, 53, 169, 214, 1, 136, 180, 62, 241, 64, 134, - 39, 35, 12, 91, 110, 57, 88, 208, 115, 235, 231, 194, 57, 234, 57, 30, - }; - std::vector c_ser(nil::marshalling::bincode::curve::g2_octets_num); - nil::marshalling::bincode::curve::point_to_bytes(c, c_ser.begin(), c_ser.end()); - BOOST_CHECK_EQUAL(et_c_ser, c_ser); - G2_value_type c_deser = - nil::marshalling::bincode::curve::g2_point_from_bytes(c_ser.begin(), c_ser.end()); - BOOST_CHECK_EQUAL(c_deser, c); - - fq12_value_type d( - fq6_value_type( - fq2_value_type( - 0x005db8a7f4d34ee8386fbdd094280f8cab08317945342ae713c2304055ad78397ca6e8174af0752c3757efe813f06a3b_cppui_modular381, - 0x0c3c7febcc53d75eca6b47c27efbcfa8a2f394bcc5087c1308aa768415ad37fa6d7b2778482ec5d10425b2434974f0fa_cppui_modular381), - fq2_value_type( - 0x0f681a396bb919c9bd0582afcc6d75fe578df8968266082c18129d8ebc769a5b816efb78fdf962d7719a89bc804ea9b4_cppui_modular381, - 0x041e0cc3da511cde05956a4a90ef1d74732ff001d6694d75a35d4546bd9e4f26b8427da499000e0c2bb282713ff23eea_cppui_modular381), - fq2_value_type( - 0x027423d44d437b22cebc4b79153c0a6f077507c0fdc5aa30a61249faa72ddce8e956a9e489d69a79bee9e16a79ab2022_cppui_modular381, - 0x0958c21e079b0140de7ca150e1d021f065d2f277d78c138048d47f72b4ea0e943ae07bafbd890270cf152facd09aeb8a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0d96831921809f76a8fb439c4e2ca0266fda8500b2cf4eb31d2281fd352dd9d8fe911fb81a1da00bf52d6e81abfd231a_cppui_modular381, - 0x001cc9dca3d826bce7af86210eda9b0f0df5fc7e951c7904f0eccfc3c07ed4efdb793552757212172a2302e4314155a3_cppui_modular381), - fq2_value_type( - 0x0624b2b4826178f5eba880e953e8343d1afefe52b47f5c98187fd5361d2a3714bf2b62bf148ae91ab6e24ff4e579976f_cppui_modular381, - 0x00ecad906407071532cf7730a6d3f46515d1a70ca123890fcc313d75100fc835bfe1f7c02c026eeda7221cb2a406ffde_cppui_modular381), - fq2_value_type( - 0x02d254206dd3c9cbc9c5a99a9b21f4776a7c1bc4745b59b71efa508566f2d97e2da95f19cfaaf702e6efe214f6abe45e_cppui_modular381, - 0x1175ac9f5fd87dc2adecabf2ad3fc65bfe2e4054383e07e201d40dbf4bef2df006a4f8588f93bd872f66ad48982a9fb1_cppui_modular381))); - std::vector et_d_ser = { - 59, 106, 240, 19, 232, 239, 87, 55, 44, 117, 240, 74, 23, 232, 166, 124, 57, 120, 173, 85, 64, 48, - 194, 19, 231, 42, 52, 69, 121, 49, 8, 171, 140, 15, 40, 148, 208, 189, 111, 56, 232, 78, 211, 244, - 167, 184, 93, 0, 250, 240, 116, 73, 67, 178, 37, 4, 209, 197, 46, 72, 120, 39, 123, 109, 250, 55, - 173, 21, 132, 118, 170, 8, 19, 124, 8, 197, 188, 148, 243, 162, 168, 207, 251, 126, 194, 71, 107, 202, - 94, 215, 83, 204, 235, 127, 60, 12, 180, 169, 78, 128, 188, 137, 154, 113, 215, 98, 249, 253, 120, 251, - 110, 129, 91, 154, 118, 188, 142, 157, 18, 24, 44, 8, 102, 130, 150, 248, 141, 87, 254, 117, 109, 204, - 175, 130, 5, 189, 201, 25, 185, 107, 57, 26, 104, 15, 234, 62, 242, 63, 113, 130, 178, 43, 12, 14, - 0, 153, 164, 125, 66, 184, 38, 79, 158, 189, 70, 69, 93, 163, 117, 77, 105, 214, 1, 240, 47, 115, - 116, 29, 239, 144, 74, 106, 149, 5, 222, 28, 81, 218, 195, 12, 30, 4, 34, 32, 171, 121, 106, 225, - 233, 190, 121, 154, 214, 137, 228, 169, 86, 233, 232, 220, 45, 167, 250, 73, 18, 166, 48, 170, 197, 253, - 192, 7, 117, 7, 111, 10, 60, 21, 121, 75, 188, 206, 34, 123, 67, 77, 212, 35, 116, 2, 138, 235, - 154, 208, 172, 47, 21, 207, 112, 2, 137, 189, 175, 123, 224, 58, 148, 14, 234, 180, 114, 127, 212, 72, - 128, 19, 140, 215, 119, 242, 210, 101, 240, 33, 208, 225, 80, 161, 124, 222, 64, 1, 155, 7, 30, 194, - 88, 9, 26, 35, 253, 171, 129, 110, 45, 245, 11, 160, 29, 26, 184, 31, 145, 254, 216, 217, 45, 53, - 253, 129, 34, 29, 179, 78, 207, 178, 0, 133, 218, 111, 38, 160, 44, 78, 156, 67, 251, 168, 118, 159, - 128, 33, 25, 131, 150, 13, 163, 85, 65, 49, 228, 2, 35, 42, 23, 18, 114, 117, 82, 53, 121, 219, - 239, 212, 126, 192, 195, 207, 236, 240, 4, 121, 28, 149, 126, 252, 245, 13, 15, 155, 218, 14, 33, 134, - 175, 231, 188, 38, 216, 163, 220, 201, 28, 0, 111, 151, 121, 229, 244, 79, 226, 182, 26, 233, 138, 20, - 191, 98, 43, 191, 20, 55, 42, 29, 54, 213, 127, 24, 152, 92, 127, 180, 82, 254, 254, 26, 61, 52, - 232, 83, 233, 128, 168, 235, 245, 120, 97, 130, 180, 178, 36, 6, 222, 255, 6, 164, 178, 28, 34, 167, - 237, 110, 2, 44, 192, 247, 225, 191, 53, 200, 15, 16, 117, 61, 49, 204, 15, 137, 35, 161, 12, 167, - 209, 21, 101, 244, 211, 166, 48, 119, 207, 50, 21, 7, 7, 100, 144, 173, 236, 0, 94, 228, 171, 246, - 20, 226, 239, 230, 2, 247, 170, 207, 25, 95, 169, 45, 126, 217, 242, 102, 133, 80, 250, 30, 183, 89, - 91, 116, 196, 27, 124, 106, 119, 244, 33, 155, 154, 169, 197, 201, 203, 201, 211, 109, 32, 84, 210, 2, - 177, 159, 42, 152, 72, 173, 102, 47, 135, 189, 147, 143, 88, 248, 164, 6, 240, 45, 239, 75, 191, 13, - 212, 1, 226, 7, 62, 56, 84, 64, 46, 254, 91, 198, 63, 173, 242, 171, 236, 173, 194, 125, 216, 95, - 159, 172, 117, 17, - }; - std::vector d_ser(nil::marshalling::bincode::curve::gt_octets_num); - nil::marshalling::bincode::curve::field_element_to_bytes(d, d_ser.begin(), d_ser.end()); - BOOST_CHECK_EQUAL(et_d_ser, d_ser); - fq12_value_type d_deser = - nil::marshalling::bincode::curve::field_element_from_bytes(d_ser.begin(), d_ser.end()) - .second; - BOOST_CHECK_EQUAL(d_deser, d); - - ///////////////////////////////////////////////////////////////////////////////////////////////////////// - /// Transcript tests - - scalar_field_value_type et_res = 0x1bff9ec90c94f40fd9360a56a02db6a06be9c09b642d6049eb983bc21fa81fec_cppui_modular255; - std::string application_tag_str = "snarkpack"; - std::vector application_tag(application_tag_str.begin(), application_tag_str.end()); - std::string domain_separator_str = "random-r"; - std::vector domain_separator(domain_separator_str.begin(), domain_separator_str.end()); - - transcript<> tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.write(a); - tr.write(b); - tr.write(c); - tr.write(d); - BOOST_CHECK_EQUAL(et_res, tr.read_challenge()); -} - -BOOST_AUTO_TEST_CASE(bls381_gipa_tipp_mipp_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type u(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - constexpr scalar_field_value_type v(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - - auto w1 = structured_generators_scalar_power(n, u); - auto w2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::wkey_type wkey {w1, w2}; - - auto v1 = structured_generators_scalar_power(n, u); - auto v2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::vkey_type vkey {v1, v2}; - - constexpr scalar_field_value_type foo_in_tr( - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255); - - std::string application_tag_str = "snarkpack"; - std::vector application_tag(application_tag_str.begin(), application_tag_str.end()); - std::string domain_separator_str = "random-r"; - std::vector domain_separator(domain_separator_str.begin(), domain_separator_str.end()); - - transcript<> tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.write(foo_in_tr); - - constexpr std::array a = { - G1_value_type( - 0x19382d09ee3fbfb35c5a7784acd3a8b7e26e3c4d2ca1e3b9b954a19961ddf5a04bc3ee1e964b3df3995290247c348ec7_cppui_modular381, - 0x0e1429c57d0b11abeed302fe450ee728b9944a731765408533ea89b81f868ea1086c9d7e62909640641d7c916b19ad33_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d76e41234948369334b432362d0704bd88599200d80645a69ed47acf10464822776a5ba8efaad891d98bf9b104f9d24_cppui_modular381, - 0x08a8c2ae10d589f38a9d983feba2241cbf0d292d44bc082e8fc9ff872f8eb280f6c6cfd1c34928fa81274781a4f4770e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x02e080ea7883f56025b965fe7fa27315af7bf0f532fb031075467cc78dbce6319645e23e8febb6660cc864ba9e985afd_cppui_modular381, - 0x0f25c2c8aaceff02da0d5b85030767c64b3ed2ffd3e3f69e9aee42025c737e95fce00d5269eb151c4d22a5f77ef8c815_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d3541b03376d07cbb7f9f48b3a1cc43cf48160152c20c00c7bad75986839b0f9ef7cc71f1ffb4d254d9ec15ce6bf336_cppui_modular381, - 0x01e48935c827f8ec79129124e8baf1deccf99d8ca0324fae41e037f4854ff4f389a4df3bc9ab2549b6ef949e4acdedb7_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x100462d4d96fcf47dd6f6dd3957f8c2d15cc72fe0f2ab0540813e73a16c74b4bb932722e96a33e2a26ca1ab9bc879e49_cppui_modular381, - 0x0b2d223ea7a3275108aa52b3e4eaba948dc93cb6ae29c3c472a022eab55356e51755a6486e7fa94f3b8b4a06b3ea735c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1320c3ca0de8f268ff78f461e5b342960432064eec51743c386fe93f2f1ff8d4592d04605092b7302c217a72e6137632_cppui_modular381, - 0x1613b77929282de9c0a3baf3285394260a50660b2f5168c6924973b44f35dc1a236796b3251c5a748039b78d0b377576_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16bfa39559ac6ddfd3c63ef03bfd11ae6de4d08e66f82dc4ec4e2ca4318c266a705134204f2aaf99b91f95610d356bdb_cppui_modular381, - 0x0c2dccca4ef18b3cf50f18ff13de4443eb6f5e6160ae985568fc5557232c892599e27285254360f797e4b59da1c19406_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x09f4ebbbaaaf5d2ea52abcb591412f6851539e1919d34de4f00900e60591438a6668d48070b5fb22c3b59a3cdae45799_cppui_modular381, - 0x0aad9a2d04fbced844ab0811af6deefb18e9d67660073ec96954f2f0edf3a884a4ddcef6d8b7889a9bfbf7e2f151b1b5_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array b = { - G2_value_type( - fq2_value_type( - 0x0badfb692a2a7ca4970d2733fc2565afa8e09428453ef5cc916a6d5ab43b8be8b9ef920af378f1823f426bafd1d096c9_cppui_modular381, - 0x0d523776965ea36bab19da0387d38305d628d63fb7da6736f4620b7fce92539fcbaafe7dabd96e98693d9973ecf0544a_cppui_modular381), - fq2_value_type( - 0x020203c10b37edef960e6921c624ee57a3c2b256385b3c68f8fd611f1deba8ab91cea15d77452639429c74086a322eb7_cppui_modular381, - 0x1498dcc1d84eb92d7e41ee99596e1825901ea430fcb0ff64d346e19375981ba8579d6ebf325c8809f1aee58542bd6c98_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1634b13dec932a66d5b3ea6406bacd702e020970d533c29a3d6fd80a4ce1e8138744eb41b0f1e66e956fbace9af6a151_cppui_modular381, - 0x0a4edb2465192b1b32c84bd6791aa9795b8533df963b1626c8ee548bb5f7430a563d0e662b3053cc12cd256f9e8471a4_cppui_modular381), - fq2_value_type( - 0x049004fe74f14513aa607d429e78203f86e08100dc70243fef9fe73cf9f04f9c3793b3fbc1d4833f9db371ee94e60bc2_cppui_modular381, - 0x0f2277dafecdf791e560c89086d7abc21e5f0314fabd492a0926e588acf7a34d30c0713ee2cb03054f44a7dae8288694_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0147be5fd09e02e8d64eec3e6737b40d4099ccfdd88651c692c7d4407a2822c35756ba40ca412f61e201b5cb649391a6_cppui_modular381, - 0x165fd26d77e79da63ffbfaa5771426f4fc6c925a92bd593d1075e84ae1db5e9cb0a7dffaea46dd46a44f6cf904cb873a_cppui_modular381), - fq2_value_type( - 0x1507d32ecb1783a069322547839ffeadd5bc4e04562dc36914686df787f6f82d5a84f32786996fd56ab2ed75e25264cb_cppui_modular381, - 0x0302e3dd0ef0b642fc55af194e4906d57bcbcfa1a3822f078fd7fa1ea0d665ef6f60531068bd7a6834b92618db91ea23_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x04c0d40f727b43aa40d5a66de08182abf5c15f6d3726a9f43085c7a9c8b535ab17bafbc6d90a6677905271c845768ff2_cppui_modular381, - 0x10e288228d368ee8fbfe240e2a0ac3214bc232334d901feb02f41fbb459c11ae6fb381a4022232b66f8a98ec5ed2425e_cppui_modular381), - fq2_value_type( - 0x0285029f076803949ea0d635d716ddff562a8ba9a652e43da0e1df737978432082cce2435e857a2b78c886fa7a6dce84_cppui_modular381, - 0x0a52fcec1a0fc4ec51022181a0e1e44aee18f8d2cda18c8ce5acc789838b03205919870c83b4ec54cc523d89a40ef62f_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x113b921ff6a06df8c8ee87288df68472b00f7f8dc243c12731f1177ecb8780fbd3765069e0fd5a8c1c7a67649b00d2a0_cppui_modular381, - 0x12d96c166c7292b72c7bb9e0e9e91ffdf7ca3926f67ce4894f0b7ae0d826d397c7fb8bba8e2e29abcb8aa9e7de01c42b_cppui_modular381), - fq2_value_type( - 0x0b9231a10b1066269677672e76235e7864d7bc0bc99d9de649c1ecca732e887c6c5975c486b44fae713541d130497bf6_cppui_modular381, - 0x011a97bd656717d31c74a17fec650e2a04894d04631792f14183ccacee8db3ddd731f4ced99488a133f66d12a66d2eaa_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x159a7f20fc1f1fe0f794fa735c6ee28b2837aa5d70d70d1f53f1d7cbae31ca04782e9261818ae6bda542076fb61c8bb1_cppui_modular381, - 0x03d48c028b98f10345bd40a59c2bf27229947241472986bbff174ea87d1a1d4721e2a03ccd0af2fad6d014fbc93f55d9_cppui_modular381), - fq2_value_type( - 0x0c5b2aa2ac824a6a3df42b895d61832e71202b8fa896eb7bd52e4f1360c696385db9fb84783aaea4e8ad86f80e2703a9_cppui_modular381, - 0x07fc3cf1d974627a821f223dac339045ede041850e3b6b542dc66b0d3bfd3a582c68c65ace31bb3986c70b4f59754e62_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0f228b023d7881ed41446c45cbc1fd05aecb0708291131bb189a6d826921780e1c28864cb0d84f68d4d1933d5bb57c15_cppui_modular381, - 0x14292b6aaa6b19596e452bef413171d6fbf68e1d7642dc0e815c8dda280c32d63279dcb9bd16effa5789722dd403c188_cppui_modular381), - fq2_value_type( - 0x05e1e5b8555c4d238726565fbca0b37042fd10cf5b7f6e0396d71f5660db2aeaa053b0be570f33c1349503829695eb98_cppui_modular381, - 0x0896a44ec87960d640a89fde02f969a079c781ecf6c29f8c3115f6792cdd20eb5046ae8aaedab29b0b6d12728b9863a9_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x108b91795a87e98f1fee29fa53b60f7bd6f397f6e716654e508303a0f5cf9adf44cda4c8698319da3b7f2f417823e127_cppui_modular381, - 0x1389b59456bc26b56b1ec04cd3deb42033519f78255e3569231d551c121bee2b42151c2ef3513c48851519133c7b24be_cppui_modular381), - fq2_value_type( - 0x13d4e1d3f953e836bdf9602d2fbb7496b8a922638cbca415d171de4a7df0a9ce630c9d14e3804a662ee558d415308993_cppui_modular381, - 0x0b154e4f42109dd3a7857f02cd95c480d205ba5427fd49389051f7fa927ea6e2b6c4373c145349e8cbd9ca1098fba447_cppui_modular381), - fq2_value_type::one()), - }; - constexpr std::array c = { - G1_value_type( - 0x0ae765904fababf7bd5d5edab78752b69917962c150f3b0311446579a083a667412ea18f009817a6051cf852e09e9c40_cppui_modular381, - 0x127fb89d20a2b31725091c033f14986b33878ef4853806987412126bd8135731c09d5222fddf44441eb4e04cee8b9469_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x140e91d114a6dbb835d2ae1ab50729b0553e3e988ca0451b29ac1458caf71b1f1c47ef2255814b4a3ccfb924f57cbe33_cppui_modular381, - 0x0ac830f2ed3435b2b9b3900d0bc0d74407467abdde9f72e922859ae1d2cb094299a7ad467680e7eff331e8a6f92df194_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x186aabfcbe235db4a2dcbacbdd571d0b2e857ada26ee83f0a4121c1bed70ee6609bc0f24b3ffc6ea8af50b1b4de25af5_cppui_modular381, - 0x053ea1258a76b5dc15460676bd2380558bd26cbd98266cb04bbe3d18656f68b8ea11c6db24fdffc28470fa8778e08882_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0642350f1aae9598397a7da3190e07b7b896696682c37641cbbede18f05495bcc822cc8bf34b87709372f3b8cb895a38_cppui_modular381, - 0x140f5cb0dc31c1db82e845f53882f8a7a0679380acb7262411d8f9b7877586192f1d306f5eba7b42fe937c3885542c1e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x04eecaeb1aab1d88696f17a3fb205e7d0bf517c16ccce694f196cf456b45a3983fe40aebbd2c0a5da701c63933d0c388_cppui_modular381, - 0x18dd9108754b69d09b2ad191b8c4f431431030619765f109a0ab1fc9a64e71d483ad96c95a777a0e73aa72703b97f59f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16dd473a6acb01617eb7b690657196e837013062c9a20d0afb16f8604882182b65ab55e112265e510b4a0a95ca2fe1e1_cppui_modular381, - 0x1937d9afd12b5a1334475224f967fae496c1b7ad9277845cfe9acb789d9d207d7bd3c2464b337669c9ffb3d5f643a163_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x19bd07f7ce52c9efe33aa9e93c98c9bc2ddaa4c762c52f988064438ed82dff92c49b5799124116af8ea46d9dab5cd5f6_cppui_modular381, - 0x08f805c413e0a8087b32052148a63dda612c34a988e42e8cd12b3fb3d72942201571bf46298c6dc697c1e51be539295a_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x00352edd966153a5fd28fe8ac333ddc95a4dd00a6ef16f7b59095e705c3bd5d6e8805071f3c8ab2a66f70e7a703233bc_cppui_modular381, - 0x0499e107ae36ceb8da7e1da2b83a8217b428976311420b4281bd428bc18b0db518e125d8a21e92efe1d68bc766ac4ffe_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array r = { - 0x05beb4119e1356ef39f98c7a7115452a3c4c1e2a48975c85d875aae91185fa25_cppui_modular255, - 0x256d4004ff9591bbaeaaf85cac883eed808de37eff2b45c6d05e6670b3cd1fdc_cppui_modular255, - 0x3973e132b07e7b2244f1172a11387054f7c9593b3b258475db005459a0e4bcff_cppui_modular255, - 0x669073a3f8b48ee66412051fc614f73fa8e4e967a81e82562d23bfe430d1e2b4_cppui_modular255, - 0x2d571b235843a47ecc75978a95b3cceb9fb28a6a2919e0304eb79201c4ef0352_cppui_modular255, - 0x622551c093e4773c3e1ffb69e99fcd4a31a1f727369f47b1df49b03b9534a8ad_cppui_modular255, - 0x0b8cb847f81048e85f5843218c1e273b56ce2608d7d9947cd1527a1fca0001f8_cppui_modular255, - 0x3dd77c298708150d79e47bc4afccf78a6e2f32a17bbbcab1ea41e05551c0e96e_cppui_modular255, - }; - - auto [g_proof, challenges, challenges_inv] = gipa_tipp_mipp( - tr, a.begin(), a.end(), b.begin(), b.end(), c.begin(), c.end(), vkey, wkey, r.begin(), r.end()); - - std::vector ch = { - 0x2883b568a12a6dc1561fee01f0090f3ff06a0f7c27f7a40185ac41385a200ded_cppui_modular255, - 0x112b150c55bab0273d64d934d71183dbb256751e8b80d2b0ea87088fcac8e851_cppui_modular255, - 0x055e703e64b31bf0b3bebd815951fe581d97779a3b98620ba1794cd9bc58fbd5_cppui_modular255, - }; - std::vector ch_inv = { - 0x43eecdd051ab2519427d7d76b6f873497e3cdfe31c76d5667e08927b96044bfd_cppui_modular255, - 0x0f9da473894f2bc1c166db82fe51c5d092a281205607879752b816113738d899_cppui_modular255, - 0x662891b8617ed1084a8364b6f5079bfa73f61b837d13a795a411dfb2949aea62_cppui_modular255, - }; - std::size_t gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1701ba7f0509b7e218885999ff8e0d8fd20879249faf6c907327a354db0620de84726c2ae65f7f7346be4c7b9b2c4367_cppui_modular381, - 0x03fe09ebb7904bfa095554bdfe698518fb1064b0dc9f122531b9a7182e2ccdb8642b42cd4843eb25a79ed4ff5f71075a_cppui_modular381), - fq2_value_type( - 0x09cb83834ac84dd6b6847b473e767ee9894a1245766a744b6c214bb02531cfb94d13343c9aac3860f3eac1a2de7af470_cppui_modular381, - 0x095dc64073093a6bf7f9e9dded5df10a42b01711dc9f1dba1b1e0ec84f4472e7d2d2d8519e631705b1f9bbb97be68432_cppui_modular381), - fq2_value_type( - 0x0b510e0d90b29d683baa1822f05ecee708864a37d4ea68a4c4816a81b2cd245ec1545d014f62ed13a03023e52edd1dda_cppui_modular381, - 0x1689673fc750776551be668c09990aaef7e6b6947f1b0e3f73b38a40beda59108dc9e8ea6fbd5585db728f562795ce06_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0e99ecab8f6548d90cfe9ae76dddcd4e4c10ad72958b452d553c4dc78ffee512c71fff93f8b085293fe3c02c7b96a6cb_cppui_modular381, - 0x0cbe80765592e2d2a972471d965dbab09c386796cf2a719446e3bd1f3d7d6524c787e1bb7c20b75351220fc2cc121706_cppui_modular381), - fq2_value_type( - 0x194753dfd2e92783ef2aea297b1c264d59dd9a944bb99fe45ac8b5554b0841470f06f3bc007a8a3414bb9e3334e674d0_cppui_modular381, - 0x0764b08c7bfbd9e71c5422ccbdebcc3f1cc5beb57f67adf295948fd983f73d9930b688af6a489c36cf9d9288f8d22c49_cppui_modular381), - fq2_value_type( - 0x119cc4751db354af4c481685629eb95d805c55ae53a662fdbd00fe2ff7bffa1861c0540ce45ff4a9197f15c853c7d75d_cppui_modular381, - 0x040a238800a14a56bfef15ce32fbdb59ba5d76d2aa4af45e17828491f6cafad7643b13f74c368b6d574353a47d535d04_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x069b17df187719495bb18c016ae7e7c31e8edacaa7aa30e506e70e134b5f1bbb45442a75a1b8b7b206fdc967bcf14514_cppui_modular381, - 0x0160243efea1efb70087d7450d69c62edff1432c2fb2b8e3f0d9a01902e6515fc24b35bf0ed0c9812e9587424b41971f_cppui_modular381), - fq2_value_type( - 0x034f424496fb477edeb1b23eb85e7c84a64cdee7d331224d70fdbcb209b06e01bc548cf67d8df92dd79e6e7ed2a4cd6f_cppui_modular381, - 0x03e1f18f3e7264effff7202321de674e2374696f07f68764878b4344223259ef69619126594e1fc0389eb9b8811432a3_cppui_modular381), - fq2_value_type( - 0x0eb7a0b9e959a2c6d83a2d8f5757f48005bf4774d4e554290377798d8675f416c914c67f4e200befbde44139ceeb09a9_cppui_modular381, - 0x13c675a9f0527e51c4719f6b3b7bfd92da3f206306c8fb9c85c06c286ee45116749135b06ec1495827f1f8bf739304f5_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03e302298442ff87e6b52fbef013fe0afc3d002a78b8d2d582bc1ccffc8dce383bb4e21d5f549c64f880a1edad5d2790_cppui_modular381, - 0x0b16d017c1f4c8bd22188a741d1e93b15748aaaa079ba4694d2194583ae81beb9b2361746c7aaeb11f08f71e937bfe88_cppui_modular381), - fq2_value_type( - 0x162a2dafa59534770a715802d107403a1176924870a320f0462ca850397c41c75efcc11b5b6df2b63fab3ca6566f844d_cppui_modular381, - 0x022629d916cbb06d74e8ecb06fc8f6a78f56f0a93fcceca7448ef647198638010ce1f518ea05552749bf5dce10720ca9_cppui_modular381), - fq2_value_type( - 0x0df9783d2dcf1c4c1c3b97734551c84a7ddab13c5e9b2537ba3506e02a7440cca899ad1564e27dcc807ca1cebf42b13c_cppui_modular381, - 0x0a3e3e4769f81a94710995948ba1a9f7792d0e22cbb1abe3f479e328a3ad4ed531eade81eab2629fd2280813f75bcba9_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0cb6ca8b6d88b711d02573075e1a40f6f25349a80f88e0b07baf511d8a4baad9b586ff7f9c81445622bcc664dd13a6cc_cppui_modular381, - 0x0279458add992150b117e6197e5ef3d5c852e1796b449f50cf650cacbb870961629c672ee7b2d9947cdd03bb7b878e3d_cppui_modular381), - fq2_value_type( - 0x1847cf165d4d0f309788dc34d44535872d7a40bae234462e1b9ed09fd5a0f0d1ee26e38d7cca0eb2f660daa83b930b0f_cppui_modular381, - 0x12080acb367923b739d6d1041f9fbad2c2ee94dda3adb9d1258e63482ef3e435661ff3ee1ee3c84b42976a1cfc934e44_cppui_modular381), - fq2_value_type( - 0x09f8ddf1533933a8d4d6b9b9dbb234924773e13562b9dbeb6875c4001325a67868b782bfc4683c8d49fbd65db65eabfe_cppui_modular381, - 0x02979b2429f4d35280394b9b5cdb690d15b4a2aaddeac08e1664705ffe909e59bccf4be90c64bf0f34a08e5efd80dcb9_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x11cdeb302303e06fc11452727a8cf6900c6b8f6bc5f503303e41b9f87add0b195d76772d875af36b1877c8da4044b357_cppui_modular381, - 0x038dc01b2c89d1895bea6c068713259fa1f5d02dfafa4fee9a19a05150ad832a875cb5447379756e45b35e73cfca3749_cppui_modular381), - fq2_value_type( - 0x194c20fe5121f5c1864c5efd03aadb880cd5f6c951d0a7f0a68f53cdfe6aafa5f8d83455ac6883971fca5d743888a579_cppui_modular381, - 0x14b7cac6044711b4dd19dbf1895ba9c393ae921d8500ce74246e5356b8d894c71caef2b913bed06b62455c3c446ed7af_cppui_modular381), - fq2_value_type( - 0x002e2b2d7ea70d38899115877b6d6ea175f96e59f7d216046f49b7f0e9e22ed7e0c267638448d2285c4cc1289458ff0a_cppui_modular381, - 0x03966cd64fef5c3ca8e12190400b0ca7da423d329da5270feeeee1ca9f2e8bf52bdb258d5f7ed7a7eaa51bd84852a810_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0b6e2795e7fa55531035a61ea6a24052b565a5ef05ce509266cc9ac7059039ba70958b1e4bc2da7353d80f0b699b6774_cppui_modular381, - 0x1618d8b816e6a34de3e7253178c51b6adadbf2be2f6c4c704fbe40a2c868daa1df8af540c7ab477f27004c5bc3e037b6_cppui_modular381), - fq2_value_type( - 0x052249bc1c46d9914c01e3a69922141f91bd1eafb2ccad0d7186507eda3c97bed89897f4beedc7634985c0e5d0150452_cppui_modular381, - 0x02ff2b93e282ac16b09951a7f14a5290cfaacb3f9f25b9092b710f7ba2c8c30b285f0e6c62284913e9d0b37a92997306_cppui_modular381), - fq2_value_type( - 0x14bb0012a1d140eff26e210c2f8ef1e29dc4e38aa84c7ab0358313212c2fbd26850b996e82e39f9f65395b4e824dd3ad_cppui_modular381, - 0x08e1c0a71d4827a4d0708869f4c75d277625daecbe7dfa78aceb94751274c97a4874bd647edea3831f2ebd15c53e3ff5_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x098646703bafe7dd5cb20f895ab856379ebe2795171a2d2d837c3daf319242413836c94235cdd46a14bff333776cb355_cppui_modular381, - 0x06b75a76e67126a0276a38d56b75c97ac7eed982bf0e6bc0ce850b047a66e3dbc0722657affa8fecf54c153e915ddf34_cppui_modular381), - fq2_value_type( - 0x0febe95b97905efbad801cf2f411b3c42738ddd095c080721dbc0fd8b5b19a1846e88a83903273bfcfe312d4456524c7_cppui_modular381, - 0x0eee398f5205e62ad1101261d8e611e78eac9f8f8501a6d3948d6d9709600c8e47d213682f3cf059f69c234ff2dccf7f_cppui_modular381), - fq2_value_type( - 0x0dd8d7d5ed516418c10b19f95a374a6e896e30fc1e3d1ad535f9cdbae03abd371ce69d37acaf718544c9380022dc0031_cppui_modular381, - 0x0fb010c220a47c2abe40a2e2b88aeb11506b9cdb36f9f6e587435be0634c64252126796fae4b841684368b9af64ce00d_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x16da8406c72e50852f40308e036b078f3820b71c63131432691fae238e2f8533959a59f3ff7a517230e76da76ea11293_cppui_modular381, 0x16df3a44d2a8ebb86dc1ef23adeda663a2f21c68f274b2865df249d892c3d47baefe48aa7637e80d9120ba61e5dc1bfd_cppui_modular381), fq2_value_type(0x0485b9438b3d0ab777df7dffe6240f2e6e4c5bcd5d948973671cf15e4e470dc59652eae43e3979332ce80479e7008b3f_cppui_modular381, 0x05c91ce79d3c2d73aba5ddee9f83d201938b90272e620c63fd0987c516a1dcd9633ab470177cb3d51da52b6de9e53cfa_cppui_modular381), fq2_value_type(0x0cda1c363a18c00c3271ff99efb4d016b5b13acca2d801bb7a283b992ae8094e80cadf5e7aa26e7887c183c01aebee0e_cppui_modular381, 0x1141bcb428c8989db7a6e7dc2802d589bf49f8140177012fa81bce1ec75479e6c54fccc3486834a1aba2195bfba1ec4c_cppui_modular381)), fq6_value_type(fq2_value_type(0x17210c1bb1cc4e8b1379271293a66da66f0ee9541c07b7f4d0924177c5ff01107c543a57e4a6800446573495b8cb7f9f_cppui_modular381, - 0x0c18658c9e3c0a8129165c8cde1eb4b4b28c50d46ffadef2884b5ec1620b48129a8e65e8fd98a5eace06cc5a51e626c4_cppui_modular381), - fq2_value_type( - 0x0a6e4e70752985d694c8e8f20068ca504aca624f63afcee28a41c8df67b5d24241ccdeac2c2551a1a33c2fee968e9072_cppui_modular381, 0x01a9b5dcd330acb681df8be5747d02bfaa016db2c0b1f7b3dfcfcf09f4a25728c00da7aca745afa7a4351e841b089195_cppui_modular381), - fq2_value_type(0x164361d654ef2831b88c3fa1aee44c6903a99034cac2d8b7ee03649b29917876da30d16fc03563e32918f0eb41dac3fa_cppui_modular381, - 0x0c34b80d2414c06736417a5e0602edd1411ff3ccd30557fecd123232d5821916fe6ea4e1f8bee4c72e552f174e70b694_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x01e66d8c34267edee21c19b8bde31acf91564bc8b36a24e9c0b9e5a1956ce63dbdad95fe355ccfbff4ceb2ee8cec79a2_cppui_modular381, 0x02ca51dd6351566ee9e231b88a751b93fd78a233a860b8bf6bd8aa5e28085b2040d3e48c05b126e1240027864f98ff3e_cppui_modular381), fq2_value_type(0x0f932f1c62814ba4317a6efc07823ef64fc76d8afe0e0a14f375e74b36720b48d08ced11db0d7a3a0b8c0ef122cb265e_cppui_modular381, 0x02870732b2d15ecc4f4af98ac0f5dcf007c47fcf75ca17bfbdb1d559fcb956c7712e73487f638d92d80fe5b35b3289ed_cppui_modular381), fq2_value_type(0x12fb1202408d76d2aadc36a392c7ef2e273d9b835b2a34f42d48e9127437590d07377bf4d56c0088775f687eaa6ac79d_cppui_modular381, 0x0f3d1f91c8bfc0aea320f91720ff12d69e3a0e3a80233471a8ddf9fc0dea3c467e84f9c0316fb75f8cc62fd333920544_cppui_modular381)), - fq6_value_type(fq2_value_type(0x1125252157c328766e2e4b2f158e9b85c425e27f823418173d7a75690ad2d650b8fb9f1d48f1346a67c1efd13d4b6e25_cppui_modular381, - 0x0c9ce95c2b886c2f826f3eac42f0038aa1ded2f86d263566095ebd78b1a9e2624a1e7f36ffa742dac62f81b419d1cab7_cppui_modular381), - fq2_value_type(0x0b3cc7985be98cd4ff44a6ca8fb4fa60049b224d0be10c124611dffc2ed21ab707352b35b746cbc4313b2d7cd0d5b541_cppui_modular381, - 0x18c534f303bab5e4a5340f2c0e17b0f183b71e28f49f7bfcb93920cf4d5c33a5de2dc83f6d5eed6cb5406254cf4dc82f_cppui_modular381), - fq2_value_type( - 0x074df80972d96ae23b43ef629a8cbe5638e1353e22f51d0df5113a5a262cd3955e3541f73f8714ef4994d7a79432566b_cppui_modular381, - 0x05d374e795830a7d302915243530cd415f0c18c540b3634c633a2a6739681992cb7daece9674a0491469f260923bc674_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x132a78e0b00478b3edfc26db906dbf6c2759c7f27c3b98a84011c65b62bf92af8b54ccdbd3c1db8bc9362589e5078f45_cppui_modular381, 0x0168f77a62d1b0e636dbde50e62161a2ed12142c177742aa798dc8dc8b12bd3b9170ebe41020defebca1e5bb20aaad47_cppui_modular381), fq2_value_type(0x11fe2f2b29287ca8a2365bcb07457c284910cc544bb0211101b8ed23c463a1ddaade5a26f1a56ec93cb78659d5d6152e_cppui_modular381, 0x06a641e4fc2750db919dfd1367961cfc265ab7e14f56110c26fa2f6b0366760abe126c5b50a6e9092e6ea61527935f45_cppui_modular381), - fq2_value_type( - 0x04c0aa651f98f36be45309ed33f25884fff4aeb557bebf8f9b75f2286359a1216fd4d8f3a295f812c911f8868159cee4_cppui_modular381, - 0x17649067cb9e9d5bcfd3c3bc471e0f769154e7d8722efb664c9ea7ae17dab09daced6ec09bd629f88d9092f6cbd40469_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1911a9857d93950e3b8b1754d10a44012f88842553804c156f3f8f3516c7696734087e98ed3685c7be16b92e90a945de_cppui_modular381, - 0x1489e73b6a540c0e36eb757c0bc1a618f7b6e9be7205292cbdf4361a595e8b7b302434574e7dcb25c1a054903c0e41f7_cppui_modular381), - fq2_value_type( - 0x17bbc83baed4f6d075d8042261a6cfb22952a2b2e8d5b23a4d526892229d7b03123939d7343a4ada1c5a0b2a76c7bd3d_cppui_modular381, - 0x104cb9d23adba2e984d8ab179f4e433eba61be2aec6229836df5b5b806f612eaf188810f08f2a5ced9580fb489d5c939_cppui_modular381), - fq2_value_type( - 0x13d5476e4278861e0080218c9b08a75f190512ebe51f993286fab8be19ee2dbb69a8df2e326b4b7522bc58a906ecacbd_cppui_modular381, - 0x05a939f2335e754b28864c96132453330b6abe3eeec760b53a4d774d988c22d5a9c56191401a9d1d7c467149cef95ad8_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x11b23e1606ffaab1eb8952f0ba9543f09105aab2d7ac36725ff352a87dfa0b588658b7763b555a1b86aaf933337b59d3_cppui_modular381, - 0x14152d1e00b1b620c7f4a3cb377a8e60d576b3455583a01608e94f95f62e1d9b041845f2102e6ac198be8c3d94f68a42_cppui_modular381), - fq2_value_type( - 0x1603b8ca6becaddd01195cae5608d302ca23e14984c70dc7a61455895044ef148d0d8642ba0605aa7d7eb38ba44d9180_cppui_modular381, - 0x14e9faa3c12ba3da9e5f7ce9b521b63a8061d21569a21a8ffccc71eb8243c1070c6cb47f1f2363c31659dcb623bfefe9_cppui_modular381), - fq2_value_type( - 0x0fd584caada92f79eaa839320334d5ec141c278c48701997d37c0c51cba8b08e0451bf66000076a85353e7924b30f8b4_cppui_modular381, - 0x075e33a667c52690ddef06bd152fd8b06b7c965740a1bf7d23a765e049cb9abfda9f6bd1677033bb2d4731eb3c1b2196_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c1de6523b8ca977f15bd675452a05d4bdf140a83664def3df217691dbc1c7a3edfdaeb49ae7c8ed0c4ed91389131388_cppui_modular381, - 0x1156b0beca8f0bb9bd9716e563b4d776b7a6c9f6f35b6f5003ab392cbb8499a65349bf532573aded001b2e9a76a99cf0_cppui_modular381), - fq2_value_type( - 0x102268736c645e758dae75f4145d37b032618734391596206c1b925278a3815f1bd6429b1d1112ad1c091777f7fb50e2_cppui_modular381, - 0x0a36bd32a4acc7fa9cea23223cc051bb2a3015d9869acfe90e968127254b240f828430f009c48176242c80a195e8d9be_cppui_modular381), - fq2_value_type( - 0x13c34a0f16599f0684d7df9688bc41f0cc5bcb0eb2945b2405e00c2ae4b84c6b0e8b9b4d5240edf63cfb0bbeeefb1f3e_cppui_modular381, - 0x04f945294aaee3cad1852fa6dd7b024939483080cf5f561cfe08eea61d8b73cbb0669ad02d9e31f98e5c4ac3401ba2e1_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1796a4837667738bda78651ed8a4c65a87632a3ea97c95f51ac06954ec03d8c8ba490c1ea2a9518649d3f71253d684d8_cppui_modular381, - 0x10a7292b41a1e5b516f74e9ac0fe19a5adb4186c3c7557cc479ec3b60c38d09b82c6b24045737f9993b5a2329d8bace6_cppui_modular381), - fq2_value_type( - 0x195fd82c2e6fb90c155b2ad618676d49f694d564cb8409b9acab9242a6d0ee80ab7441b5be1c0ae9de004c706b31883b_cppui_modular381, - 0x1651f0e415a83964714442c625425dcfb29c22cce70da59b8ec872f5767f3049c4325a2217ce24deefc3caec95a136f4_cppui_modular381), - fq2_value_type( - 0x040bc81b4ef302791f0405a4a6bb36820aecd26d00161a699ede931fd34dbd727ffbd43854b390adb38f180786b3a635_cppui_modular381, - 0x06648e5c5fd111450b478256b589ed24746a56a31934ff6b204accba6b007396f5f56f580255728ccbb0faa46e5b1e21_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1297fb8567dc9ae1465edcb4d48b476a0640438ebb32c4028457f0fe2e61c695393585e548144898e78d1d01d36f8bce_cppui_modular381, - 0x11c84077dd6ad636c43440cedb146cb1adc6751bc993606df76c6aeb0e531367c7b9dc11a52145fb18fc9708ddbee524_cppui_modular381), - fq2_value_type( - 0x15a615bbebc925cbaf49322baaeed4e61a5c4ed3b6d69486f0097571ea22ed8772f015ecec1310179726e2aed0c60efa_cppui_modular381, - 0x16adf516ab6220a9f9b2d03b48a817221fe288fd431b529b353dd87303f5aaa0634c0feead0cbe424c1eb1c7597b8e67_cppui_modular381), - fq2_value_type( - 0x092b831b0608cddc79f2931e2a2b5c83915ec6c57e28dac295046c0c233d165e77b1423dfe27b89e23d12fcadd6f5cee_cppui_modular381, - 0x065b4973fe2a9dfebe3961496be7bdd85de4a9c38f6fa2b6012b7cfadbfe50a1e1af8579c12eed88f3f2bf3bbfc9fe17_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x03e6a19b59584cebd47c6692aad00d5640cbfef27a9439c4c6a2a1ffb927c72e42121e2aa68fde5c64cd372c662ab090_cppui_modular381, 0x08d42616f58f9931a6e197d17f0014d8ac864e1618f2378a1c1bef303e458a3f25fb11ea1de1fbfc12c3f505800b1503_cppui_modular381), fq2_value_type(0x04c8fe00bb3d8b84a035b82e6ff867936536ac6f8de6088b43392e6bdf815ef31e3afab0200d2f7c41ee344137751421_cppui_modular381, 0x00acba90fefd3fb2d9b2340850f406932a031b5f3a8029dd70ee263f735c2b32826f65f67872dda333be336f6b980ec3_cppui_modular381), fq2_value_type(0x0ffde25fd0ec8cc2907dba99b10bcd7cfd14aa026a144af21857dc41fabc35bb2c1787cd31b1b1d5ed2c232c475bab2f_cppui_modular381, 0x164812318daa68df70877bb63c0d8a8001e47c1db8f50d50cb95bc940dffbc7650bc40ea0b24f1595f5226aace718249_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x093481d03fef9cc9f271b5d8230d9cb14f3cf98d654b92160336e41e55f6d42fb605a2af905f17b1a459069fefd57c74_cppui_modular381, - 0x11f898ec6152eba558f2cc83c2c7269b9973240c4359a82021f2f4c6553c6f1f21f1b3fe0c5d92a067ef7608509f13eb_cppui_modular381), - fq2_value_type(0x088cddbf5faf04086b3e25a0981961c144dd9f2c0ab00992f33dc45e9af3910f91fe60ec07efb7c0826dbb7e0862ccd1_cppui_modular381, - 0x05f8f806e7fb624bde57aadc678423274f5d1693bd9f1ed59ee83c9f76b690e7eb08998e4f8d811e49ca1335a7cc6aac_cppui_modular381), - fq2_value_type(0x092a53f720e21ac1602e9670cee8b218a7aab84b5e33f05a0038be28f138e9a7abd348dd361fda6a6af61ee9d5f06173_cppui_modular381, - 0x14deb63656b666b4767eb71188e1c702a23c45d8cf168a1b35dd52e32cffffde0cf78b2185a7cba029a9b5ae24927258_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x1710517e71dcc0e44fa6c49b2a6f67c5b3ad99bf27ebb14019d7d76be38a7a9b3d7d7b16b902eab975fef089530c2e76_cppui_modular381, 0x0958e24b6e9472776ecf24d69379d4594d466ba5aeac36ef84a46f8c8d30637674b41982753cd3baf0e44b23a4b45d58_cppui_modular381), fq2_value_type(0x11c3a389dc556837541b6744234a7fadd3fa80ce9657dc89ece826ea81e1870d89ef29bb22963c3dc0bbf36f2aba73ba_cppui_modular381, 0x090dd7e0a7c9e256eb6a8fb0e20d5c1fce2d46540b2224b496a6c3c1b638051dcb896bbf7952fe186599471533dbbbdb_cppui_modular381), - fq2_value_type( - 0x13b7b8645c9b4053860778a6d0c900697a8eb71803d905bfcb946f06601bace37094d04a9efb482d941723f34b953f46_cppui_modular381, - 0x121617dad31fdaf4c08793363fb9da18053ec94f0c0e6451874ff895df9beca02cc139266282b98b8017f3545fca8823_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x06e9b80e0d58d32189864f7201c765dea9f6396ceed1edebb54f675b64038a4cb8a5d8583dd353bdf7e9070c5fb3662c_cppui_modular381, - 0x19fefc64f9dfdc55b956e457e1d7d8df75b72c77514e4d27b53ffe884c9e32a0c0c95f2062006b9f96f25c07dca70886_cppui_modular381), - fq2_value_type( - 0x17cbbd1bb6ef16b040f4ee89279425e42fc6747f085c089999f306146faa1cbf5acaacbe6fe64a02699e5e544968c860_cppui_modular381, - 0x0a457a90d294ff0d56cb9cfcc91785547e122e5b747c4e6b55f6d7502ac96ffb7628d5c35b8e57e7b4fc9da63c801432_cppui_modular381), - fq2_value_type( - 0x068a208adcf654e32af96029dc1002a2806c73cd16d8342b3f041296bbf956a5e2c2e276019df013ed1ab8418f0a519e_cppui_modular381, - 0x06f7930f493139b1c1421bd47ab75edc9674f0eb51b73f0caa95dde8fd6a1f76d0c0ceb804bd93291013bc79ae7f5546_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x107ddadb37b80b74ad3e2c93d85a56da0fa25be724d07a6d57ec84734a2a4efefa52cda682c81535ee716b9c7aff9a30_cppui_modular381, - 0x03a8e006494d27a53ad9324616054a4e25463379078156a24beede1925cc8e390e22004f11737c1d9544d2eece19af79_cppui_modular381), - fq2_value_type( - 0x0664e58fbed899267a597bf36c4c1fd59169881aa246267fcf6ce035f58272d6ca464cc6d7bb40724a76da5dc737c560_cppui_modular381, - 0x04a9c751f74a6c4d2a9b6a8fbddcec08aa7093a3ae6fc66e30955a356fabcfe670b030bc04568aa073b404ea6a627a4b_cppui_modular381), - fq2_value_type( - 0x10ebdbeb44f7419d1dcd072c444b833964615580789127e1865719422604b0effa076bc0557ceac7f399113eeee03e9e_cppui_modular381, - 0x104172dad68748a62a06f7abd5442d44b62715336070ccbddec71e5f690cce468c4d316748850d32043b19ad9f1725b8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x042dfcbafa057d992a14412651340136f38bbda1b27d2ab9e7ee65042ebe52d5feed5d135210dfe35660e0cf811c7ff8_cppui_modular381, - 0x00105df46a8c1b1c9e2b3d73c544438ba290cb61336652c136dfbb2fc1a8f2ef94bbb053254c14f6db1564589bf17df9_cppui_modular381), - fq2_value_type( - 0x1153d7f8cf18508d635a4ab1bcc41bf9ab62648b8114385714616228399f7ef85b38ed94d23f0b8bb0de6711c92f7f25_cppui_modular381, - 0x10e25c5d0cd1c5f0d90771f30a87c500c6797dfcb15397793565586c820fabdfc81de036669e6975df8fefbc7abdb4a2_cppui_modular381), - fq2_value_type( - 0x02c3df2e0fbefa9f39f2fe5809843332c4b052934d4326de1345bb2d33ffcc474ccac2151298e205344a7a0038e360c9_cppui_modular381, - 0x120a4f8217c9f0dc474a438ffee41b52e46dd2ffb9646a1d3c3f59ae2ba02883c28b9d4d09c003fd65560b0c130f83a6_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0509c0d0ab554d5c1425bea60c60c7ef90a1959d26a3294c7677fe7f9c1b4ddd8ffba5c06d900bc13a1b317a01a5c7cf_cppui_modular381, - 0x046d5964c703d200662a0da2054e82bdce73f1a37e8694e9c452dcad42f5d15bdb651c44ff8691022d82cf160800bb53_cppui_modular381), - fq2_value_type( - 0x0ff81c9f18341fa508ae9866e78a755eb1b17bd1233bf1d2854614a6323d9818e2240ddacb4fe659ca0d5588a5df22fe_cppui_modular381, - 0x0ecc54057b774c2b2da8438a1d26041bb778db87c7a68c70225f3494a268daddee73e8c54fe31f74bbcb5a1ffb312430_cppui_modular381), - fq2_value_type( - 0x138a7fb94a9376c8cdb7d715cd68ce504af6f0cdf2bb09c767585e7083aa572de7c96388252a9d73046b166656ded74c_cppui_modular381, - 0x1a001a345535ff4333d83392a518c90ee849f00672b652a4c7511bfdcb8cefd7cebffe90e802c05056b94328063b2154_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c684748ea5920969bd6cf6023c501f74c238b26ecf79d5bf2d741871bc52ae7ae76f0b06c6b6e348bbc0aed9f35db7c_cppui_modular381, - 0x1575e1ab44ec2501524ff851a2c973807245fab61bdf976a44cc6eb9f371366c23af378889dec49010baafdea025cbf2_cppui_modular381), - fq2_value_type( - 0x1755614454ce7dc81ffd688002bdbaaeaa62355f676a799d665987a058f283363701d2106c2670a9e3041c3975142b48_cppui_modular381, - 0x17e77e4d08d89f981f8229862d1a889dd3da1f711dd54a11105072866414f2db55da2d15606391d76e503922a1a252e1_cppui_modular381), - fq2_value_type( - 0x0d938f3bd5bc8b07c20be5fbd4897080700a77d9094a60053defcaae68b7058e63aa4a7d8fa1248764ff0d1bcebae30c_cppui_modular381, - 0x17aa67c74c3ee3c9a26b3df1971942ad9880ebee53ea153b59628090e88937e74a70527f7e330dfd1c319dff4e4c7661_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x05a51b0a92a3f0009ad1374af88f9e95c4a7bbf69e8053b33c315d0608f3fa3eb4a6c9f7248f7f94f394bb28f2f106ac_cppui_modular381, - 0x029d796a6717c6bc82bc4c123621638fd80aa4adf4fbc0cc93defd66ea43c78eac60c99bdede9b1ad550f89d5bc61b66_cppui_modular381), - fq2_value_type( - 0x089283988b3e2d9668594255575288868791a54a37da8c4de2bd9e2f2ccf68b854bd57aaa35cbe6e6072414f07a7ff91_cppui_modular381, - 0x03c194d6daad3d011314b6c74b6ab60011836b774b308ec19e5dce5d9007dd167da90ca452f88b02c64ad07c19aa6f20_cppui_modular381), - fq2_value_type( - 0x0441a1ae10a79eb27350220350eca05daf096a7fcc2e9f5957396830b8a2fbebbe8ab383bd84453b029df0edd54c7be1_cppui_modular381, - 0x156818d2d266c0288f1f675c8483c04203afd696f019530138c82c6734604b081af0565bf1039813105806b2562c53b8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0389a59bc7ce5d6a9b92c75cc5dccf1292f2c11051dd3cd44deb8d3ae99a3173824ecec5b837a94f80da7b5725a666da_cppui_modular381, - 0x0ef2b3c46669b8ecc7881b9d5a1091443662b5f568d28f88d02e40146ddd61790a3219a4980cdf732326fd4cde56317a_cppui_modular381), - fq2_value_type( - 0x07e95ceb0f4b806fcd78c6599e30f8cc166a5987647ee081298eaaac7f693df9aa5a8b12e474b7edc91a1fc120ab45a8_cppui_modular381, - 0x079b811cb3c4a22a320214a66ce62fc97e6d57ebefa1061e68b6c0d5e57ae03ad64a6c8a0e828b57c32d08dd2ce2797f_cppui_modular381), - fq2_value_type( - 0x154f204ceb40f66e6d7308e75e4c4c3ee625cb1c3a49c5c909f830f0eae85e098b4161fd6ddb0e68e0063fdf2718b963_cppui_modular381, - 0x03efe4a8ebd8413bf8931eb383dcae700b5aca3deecff3e4e4096110dd2fce607d7c57c27170299c953332b0da763f4d_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x183ca0a6c9be94ab62147fe8328c5d226edbe6cc8239bc43fb3f385f0c48475d00e24e5d0bdd85f29a2f241af3bbd0ff_cppui_modular381, - 0x119ef2ed159fcf31d55cceb6bd5ff224f50d1266407fc83d9bc6aa0863eb8cbf90cc023d08039766f70661ac71fdcc80_cppui_modular381), - fq2_value_type( - 0x0703a4ee74872ed2e39926384cf70eb96fe64fe5a6d21e8a57c36d00f15062be299a7717f558743b13920cb957f438e8_cppui_modular381, - 0x0e683f05d223483f5bc169c7a57256c25e0ee36f44b9e91414a4a4f5b8bce38266f447cc346fcd12a2996237c411db51_cppui_modular381), - fq2_value_type( - 0x0f90ef20a7b4c5c2c118bedf8429d802c9672724339eae4f9d031f78573bfc78596558bf0a872bd3f27c6a70bbb5f3cb_cppui_modular381, - 0x125f6c17a7fc83f38fe568b40aa7e42e1ff629e7a26811eca4856d6dfa77dc3bde171d7deaf483a43fc7e304f8dea355_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x08748f5f965488602113fc50ca8ab06ca949be2b93e0a9f3bf4e649d9cbb65f4a82748f10672fbd89d17cb4dc0aa5743_cppui_modular381, - 0x0c01b20eca9eaec6b1f5724d3c0a1d4a9433ca0dc521365a12244439bd7caa391766a9fb87826a1634a8e0c84aab4ca6_cppui_modular381), - fq2_value_type( - 0x0436212511eb8f0360e431d5c986b459379e1e9f7c1b0d366d41ea2d08735c17e76098683d4e5c6c335b83f985893795_cppui_modular381, - 0x0ac7b1c2859061c8da434968af4cf854dca613cc69a09488b3e21ee0307d1e3f189d4f748fb88a390d031315ea18f54b_cppui_modular381), - fq2_value_type( - 0x08d396a836634af9ceffaa6e80e537d0311fc6a642cbbe1dcc92e2a99a494fb9463183d073c797d87da7ba9376fbd1a1_cppui_modular381, - 0x191fe239f5a52c76c5c4efe11e206e3ad3236dc233c5d2287ecb32f98bb25407cdff0bf7dbe93924390ce085a8671bc1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x05042fa800bb8f3dfceb80079cda096a8536002c312e208a313522687e8261d03971699821d6a25fa44b8d13e3ee03ec_cppui_modular381, - 0x00968e82d31d90a794e4676126a9d61a6f20aabec1c144858d618d7eef23d1ac86defb409bd034c78b086bcdd0d9cb4d_cppui_modular381), - fq2_value_type( - 0x0f513a9e86f0775e99974e6b8756f9edfe88535e3d5b5a4fbd22269b914acfd11089447cb34c36b70fcb31ca218e4f00_cppui_modular381, - 0x1875b65a1ff784750afcae2912309e0dcf3574aa84c41992a5460e167ad6e3db26a5f4c846bd084db0ae2fb558077dd9_cppui_modular381), - fq2_value_type( - 0x185da63fe96c8479b6d8ee4a41f925656c56831a183f1bd089711eccc321b8457b13b787b71f0e3fe97878007bd55d57_cppui_modular381, - 0x069dcfaae486b11bdb123c41e46a3d641f5b409e8d6dd8eeed5cd35bf08b8bb7864ec81ef89bb052751b9ca109a42d16_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x18088d899da3cd385300387835a876ae3ed61976586dd4f11bf0d400b57da0bf4eb0e2b92b1c1efb195a5791ccc23ef0_cppui_modular381, - 0x05b84b60637ed00e55c2bf28b6d5df6dc95081e41bf7abfcf8341b6642245f78076fdcaedd59bf217a1273f022a76c68_cppui_modular381), - fq2_value_type( - 0x1736f5bd56b43f2b728bc9f14284f6eaba42ebea1f9783e346cfbdbfd5af309c9ad03faebfafd0333c7081b16583b450_cppui_modular381, - 0x0f0894b8caf3ce18c79a42ba2f0bae501512e1e7ea94442f4cc5b264f12f6a6e433eb94b616182d7ec85f8860871fe08_cppui_modular381), - fq2_value_type( - 0x13f46fcb18d43b4edd9a00282666d4041f03d9bd76dbaf5b4cc1717b9d4420b4abb55bb536ff6325a2e1c22a04c15b88_cppui_modular381, - 0x125251837a3e3df544acb81d9cac435d323f9a3d37e3e7f2473ab37203fc4aa5a8244506add4f4746164c0536aaa854c_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x07024c86ba5602ab0e57dcdb4b4501da877d539d4ed4a37dd2745aa9bdb55d0a3cd38347f1df0079dde4e1ef74e9e82d_cppui_modular381, 0x1855fcfb4ad62b22a634e5899594e97501deb42501e6481a3690e4f273b92e57657139c97f789d3912a54a8bde6d9006_cppui_modular381), fq2_value_type(0x0d16ce2260f1fff0d92b6988b2e95cb013a818523b7f1d3b26898ba9ef79e97907d7bfc3b69d8db8ac329393b0ad171a_cppui_modular381, 0x11cf91e2d0999bdeb58a5fececcfb8b514c1373126c185964c5d8cc879036f696522bbcdaae477b8eb88306dcb66c222_cppui_modular381), fq2_value_type(0x15d7b157897b0dd8a5d8947983d5bf42bd417548a1c7810c9c09c4b53990d1c32de45c668dae372ac9f35ecf07993b4b_cppui_modular381, 0x04f0ac9c39b1c302e5882028cc67b5a76ec27dcb2d6d6da17de5715b37da2112c5fbc612a2b6a40a4ae3cd239f2de3ea_cppui_modular381)), fq6_value_type(fq2_value_type(0x09beca4a20bfaf28de0b508082d4be151e3ab5c85cf3efbb2b980695361e3b86c41468d7b405ed0f20e47eecd2720983_cppui_modular381, - 0x022a2891c36cf2b0ca222a0dba7928cee4523dbc605baf53ab5d111cf095f4c37088190082d0898c73cf82dfe4103811_cppui_modular381), - fq2_value_type( - 0x0b26068b249efddaf8b70903dbd6f816670a596147b0951c4f351516555acb0b720f65b991991043b2ad735d497a0425_cppui_modular381, 0x0fd40b306fab09c4c0def1da79fd2b5b6c2cc7fb517f4e8a721215c4a2d92bdaabe9ea4265db95d621d9407598f9e351_cppui_modular381), - fq2_value_type(0x18b8cb7dcaf7d371e6a77c2722792b6829e817c5ec900cebbe081ec7a07c6fa5fd06031dd064995a93d7622b99f7c259_cppui_modular381, - 0x15bca171ed3aced3b1ae32ef8153c5dd11e2378791cc0f5fa51907f99c55dde7fd6f507ff4851ba6cb9aa5275cff1a59_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x02333748cd46d0cc7ec0509c9f68fe93403a60a40643dfc4ab4d98d5c7a16c8287b3f6316839c055b09ba55545c94f27_cppui_modular381, 0x119719edd3b8f58b195bac16996bf2c5fa51226a8ed2251fcb7ac328664dbeb0786fe8a2f570151cd40e73e7939fa2ad_cppui_modular381), fq2_value_type(0x0cb2fbd3de260005c4a913a13d4b41c94684f3ee84c85dc405712663020fb3722714053859d371c599545ad5d9a7ddd8_cppui_modular381, 0x114f28852c11052b955444a2826d2a43a0fd82b8813a52f95c62eff10c5671edf9dcf82d8abe8761a7953b3985fbd85c_cppui_modular381), fq2_value_type(0x019863e194fdd97e84bc7c410557a709afcae8fd8b26c8796cdf0b34df6bbf16a65a69a02e2c771d83ac736dfdf5fbcb_cppui_modular381, 0x000bca299cf3a818dc9f5a8ec3b58f612abb3a609ffba5ceafca6cacbd4f78e4a212cf098937a2bc4a78fe396351071e_cppui_modular381)), - fq6_value_type(fq2_value_type(0x0ec5930f04cf4e8e0fc40725a12952439bd55786ac78fe098814b7e8821efe802c375342a178f9b590085b6c482b2bd6_cppui_modular381, - 0x07c47f2380508314a412a9637f8ef1de37a445bbdf9a93b70606be70c752adb9359c488cb0d98699d7e455c9fa514edb_cppui_modular381), - fq2_value_type(0x0854b125658dd5bf28cc52b1b0c52645c0e180de4f39998136534c71142d24d3c7dac56f534b50fb98b0bae1555bff31_cppui_modular381, - 0x1519b1727b82f0ccab482a151be1ca2dd744566869c7a7cb4ae0f9a663a60e88441d0c3534f47311330af8afd5bc3e90_cppui_modular381), - fq2_value_type( - 0x01ad28d7c45be4f02e5b0f7cc7c520419662339b625b0ec713587c633313e2b412c2d89146a60270365b484d21e27f85_cppui_modular381, - 0x11806a9c74cc0b5a1f6bc6e143d12468cbb7c853f3fd93f9e55b6121e33f6d191f18394a734c115383b6a941679d2336_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x014b181b2158c0f2ca68b1b4e9873b86fd7b92eb0f4f763c159c4cf3b035eec79b96f35336e0fec34f687b7b6e060113_cppui_modular381, 0x1851e001f259bb85914a2dac6dd45ef416303118875ebb3a9591e7fbb4aa149382e8fe35a0f2ce00e5de6dba1c2655b1_cppui_modular381), fq2_value_type(0x11a167d2b6c687bb3f803077a48803ce99ed74d072c442ede06c8cd121c01782affcfce1e46abff85e39d34230be2e0c_cppui_modular381, 0x0243d0fcce872bcdd60fe16f14be54b914393819901543b8e439934eaa3e619390ed1d6c53597eeceab8d0dc9e8f9879_cppui_modular381), - fq2_value_type( - 0x09ab6d6a7f7a818c7521b34ae94ebc80257f0a55a45d8ed074ed37d4991898f7bd1acb6084bb96ad8c4987a394fbe830_cppui_modular381, - 0x0f8d4d57066ddfe290f0607d104a8451b0bbcacba61b8a26cd8529d94c8cf3323278dd843e689ff907edc380f04d7444_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0f671815379648e914fc13f75f8a28c529b1683ce1ed4d862fb70905b49fd427cb354cd25d941e0b83638a452c5d10ea_cppui_modular381, - 0x194496c918d64e046f43ca0c8c405ffefb377fa71d57077c0548353e7059f61767e82933693ba7683a18c04b60b18528_cppui_modular381), - fq2_value_type( - 0x16e752db00103bb9540d4e3a27f9a198cc676936712aa498f25a4b0c0e8f9d5ca1999c7b73da4de45fcd9b8b6430cc1a_cppui_modular381, - 0x0ea2e0482a11d07624fb1a7900dd113eed25a6cc943d2a0282f73e6ea6b8c0733772859bfb5fed4cddf70940c7f990eb_cppui_modular381), - fq2_value_type( - 0x160b5fb68460818eafca5b25758d182d030255fce78a72589377fdd36fec81b29107667c5a30dfc2e3456934dee79370_cppui_modular381, - 0x16137e5b5c153ca9e4d79a8b169ae8342ae597661ba6f48e0e1cb65c0aa359c8b82331acde0b664b3b2d3ba3d1aa27be_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x142d12f21c5fe9a7a09adf2d49d0acbb7ca5b306248bd371437b0899acdb9c60b17cb608197768c2628253966b9df124_cppui_modular381, - 0x01addc2a2195dbfb11ae342651be5f103a8e8304f777766405feef83e5af20d6ec00556bcc0b3c156cb39be11a4002b3_cppui_modular381), - fq2_value_type( - 0x072098acd831acdca2e10e8454e743f7ed660976d521867cf953ed1a48d9d0d51e7ab165084ebb458b1fbd72f03997d0_cppui_modular381, - 0x19b2c06b471fadc502900bcc7698868104e61b2301c06f55b94bf2b795d775b830354206e29491a368c8b384819731a6_cppui_modular381), - fq2_value_type( - 0x041b9548ee21e2042dfcba1ad4f709118b93d3ec63f59d222ba7a88a4e85513b1cdcd82450ca193e74384c1bc8bed15c_cppui_modular381, - 0x0803cafba760215f04328f92d089bd982317d0383158b873fc975f3320bf9c7f9dbe34fa38cdb84deb67e38eed0a0e36_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c6e7eb98e093c8606221e04b79c88f6cb740ab97174b1a1f82415fc9ad7cadade4bb41adde6e1aa3d5d74b026d90a69_cppui_modular381, - 0x0dd152ce35b3c88c110663260a86a25764f44fb6f824b524df2e60995d7b07a6024b1d40d6578beb147697a060b5717d_cppui_modular381), - fq2_value_type( - 0x025366060878ae527ea6f423947e9d1aa706ded60ba657e22e29e0bbe509812b39b1053b3ab9477d533327b659586258_cppui_modular381, - 0x0e0fd927e4f26b758b6bc2092b8a0f81d58347a6cb2cf4ac88aea4275ae79c9d4411348b94be35734701122226379fcb_cppui_modular381), - fq2_value_type( - 0x0472afc4d6ed38d080d60ce2d0bfa96bf88c101e99aba9e0597d81298a99bfa88e5db8dff60c6dd68807fbd03e235be7_cppui_modular381, - 0x15bf76f0a11dfa35d2e010e631c176776a08cbbbcf26b08ab7d40ca6e04d8a1fb9b62d991614ea90da118993db463abc_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1765ab4c391f7e75c994f3ba27cd1f52b8282fbee1bc361bf83b4aba699ce089789d1700bba237fb38e1d741a65c0e4c_cppui_modular381, - 0x0da6cd4f3bf4d6bcfabe55c810090e7c1fed3a27136a6820bfe4cb270e05326977998a0c931c82bb1049bd6af3e5c49e_cppui_modular381), - fq2_value_type( - 0x0946e44726ea3f7b561ecb5bc4843606afcc7bf7b2e33a9ae6105298bf722403b7c5634fe1c652dae04f404d5c3e11dd_cppui_modular381, - 0x15b8fba0861cc717594314eecfc0620d988197eadd59af19cb515ee400d2ecd5f147fbbca0a770e6c630e13b0285a6f4_cppui_modular381), - fq2_value_type( - 0x18633d791b9748795390333246289615f636dbb3237a1d56ff7fb915773fe9e2d2574c13a126af5cd90a4ff011167c0e_cppui_modular381, - 0x04466903327a93aa62775195cce74fe04f94bb324b4f0be9299b872f9ba1ed2f98a973abfe06c208654fef3296f4fce9_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1540066fbc461be90e646e6f6399d2f7c03371d74dd43d2531c39114e11e0bbe4b86f844c5536ce414460dfbc2eb76d0_cppui_modular381, - 0x11e9e422b4dc6ba06a1cd24e976ae03bfa616d053582ca633f0214c0ca6af05a7d383a1d509d6cf43f6eb06a97e201fd_cppui_modular381), - fq2_value_type( - 0x154f3391f28fd516037a6da6fe3b33257f023d06fdb501951db53a44ccd7306c650cfeb3658cc951fec2c73571a9271b_cppui_modular381, - 0x0695d35f6e46c40ca8de1c322a5d21f8ce33eabd85a608a369db39f007292c5d3bf2f340fe67de5b6dc1c980c1c91a63_cppui_modular381), - fq2_value_type( - 0x02e7c849c199fb5a675c4eedc7480e431eba542a0c471c3213068aebfa97be71ec61e52a81f1e155eedd6c3acd90eb67_cppui_modular381, - 0x00ba921ba55cf5a10b2993145a9c5cb952e919f865f2b07ff07508338c1be221ac51c29d4fdbe1a287256a68d702b2cc_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x059a65d7f906541fcd4673be639072df8784f2dd35b040aa6bd96feff15d58d321d6258036a4366ced471c86149b5652_cppui_modular381, 0x16872ac23722cdddeb5195fc37246fe97923891918a01b5b03968a57efa7eb21b96347ecafbaf6c8177e366e79a868ba_cppui_modular381), fq2_value_type(0x03c04992b14d73caf283ef079c9444feb7bdb5710020c6ac019d6f5794dfb84a4cef52279d607e868383426b8799920f_cppui_modular381, 0x08add72d8e0fca15b272ac9afa602a94712b19c1119b3e22e5ad8ff34695183c13b76a3072614d077c1ee19f0d6e08ad_cppui_modular381), fq2_value_type(0x008628667be675f64dbc305f520c37de935fa1a4b309c110d9c0b8e52c9b716c9ceb848d224291d0338b1f712a493b2c_cppui_modular381, 0x170adc98a728b395c890d2b5ed099b20ef8cd86007739c8ffa77fc70f2d5761dc83e2ee89b0b61e15af3583f4c92366d_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x185df273536c03e5dbeeb2369eb26c2d393f02a3d3ee6f09fab5717e2dae51db2e6cc977ed913a0207a273cdcd903888_cppui_modular381, - 0x1761fcc54d4f5847af22af816df687953bd345c329bbaa77bb54830854cde537811ab6adf2e8f824b34d7b0a4020207b_cppui_modular381), - fq2_value_type(0x141d58115c750b8075dbc36fa11ee7e18e33b743881d485837c8fc646dacff1a90117c8605c491c770f935a043cbdf76_cppui_modular381, - 0x0aba5dacb5c48b91c889fa4c7d44a27190dabcb17fa57999b105076a3394056294cd6d2f4630d89c94571e991467f869_cppui_modular381), - fq2_value_type(0x02adb29e893c00b2a4adac4f0097ed61559a2ed433781fdb1da892c17bf7e3a759f8f55be8c62d09f6ec087e9b0c527e_cppui_modular381, - 0x11a08ae7662a9fdbe95c2b4fe958180b8b2e520cd49c4ad4a61c5673c60b657571fc5faafa65b5c57a0f0ca34b742dd0_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x055df495fbdd2cfb95e4886364cab35c39f2f6ee68051e8a75af04b4b7b6bca05fabb58b72031a7d661278effbada5b9_cppui_modular381, 0x011e9e219bbad776d9cf7b71ba5277cdb96a91c6ca1da660c16a1fadc66a5c2b6ef917cffa3f381bbe84a6ed07613319_cppui_modular381), fq2_value_type(0x066c474d42bc3cf8c2383525225633ca04e1c834e1dd6c17626cd54a4b25488769c752f7464a8e942acddfa9fbe199c8_cppui_modular381, 0x0d143a2f40ed551fe6f1495dea8d81a0a185a988d3f84f20a26522663f137981d7960ef1431cc4bc92272b54d361da3d_cppui_modular381), - fq2_value_type( - 0x1158e244ee2d31a82750e2a862dc2897e5e9fc5f3bfa591fdaad46281e52bee48feb202695ceec17793b0fb9dd25164e_cppui_modular381, - 0x025c2485998359cbde223524c1619c62035ca1541eebf82b3919e381d79995e35da39f6a8ecda561925a39a4c2ba07bf_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x0eb4913e820d786e0bbb261e79292062cb817b91b10031ccf7915b0ed971799116ff8d40cdd4578807b75404c9ce581f_cppui_modular381, - 0x16ae369f9ea045dd88e5b514189577fea5bbf0221535e86383cb16124692c9ee7454ee1ed1f79b2fcbadd0d0ef04dd6d_cppui_modular381), - fq2_value_type( - 0x0853a2f45d59465598322d9f2e6106abb245dc077db644f20b4f368db07f6a4b55161e63d98f1e3291cc723a87bba803_cppui_modular381, - 0x15e42adfe187ebdf6d5a6ce574ffb96503234ddc9bdba8fd047a2b025484d37af85ee239634f217e4f9b449bb524c109_cppui_modular381), - fq2_value_type( - 0x1889b0271c67209a4a0e4243f21f74ab031f03c9d6d8bcdbe649e3a76c8920b6adffaff5ada3870d4de9402e5cb76084_cppui_modular381, - 0x11703389221e7e8f9a4e8bde79f4b182d145dd5a6591ddbca888931a17d1c18913ed0fb6edfabdb2ef4677f7236ad50a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1195a6ee7140440abea0622d62939494748606eb7c01579f4fa1958560173bcb73633a09506e47079403fba4b5223edb_cppui_modular381, - 0x153e1743c725f821378bc41e04d912db687380ce5f76c43a29ee0aaf8a2f8e715a086dcd03d5cbe7dba8357eda88503d_cppui_modular381), - fq2_value_type( - 0x0913106effaeffecce955a06dd49398c2e09aa81b843779b32b4137ec697540f6396f39dffcb52a1310d2ff80e43c15b_cppui_modular381, - 0x13797048a8aa483b1533be4a60fc9453ef8bd27529171431b622e589b7668280a8cda300c0ec2c4af943713d15b20bb4_cppui_modular381), - fq2_value_type( - 0x0d3798c33d6a8f49f389d020cda1e3bb4a18685b56f3e5856b62b6836b0ead3d823dbc1f216255031c61c030b5706b92_cppui_modular381, - 0x103a8ba97666b53c25c07888532feaaf3c6093bb25d3a55332ef5546f9507166dd7aa60d826153aaa4aa8616194d83c1_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1816ea6954386c98bda8236ca5dc16ee746010e92bf98d4d63bea468dc519a121e482c8ea039befb4a372d68cb78a979_cppui_modular381, - 0x1133a8de50c397628db1dd3fa00b66071331aac01a6a8ed8b6cf7197ffa08557e31a2a1df5fee1f8704d81eaa095df4b_cppui_modular381), - fq2_value_type( - 0x1970aac58884c46821cdfe774c9a5b34abebc5747dde015f68656fd8eabfbe0084079676acb41ec1bab0a7fe18b97087_cppui_modular381, - 0x004f38337491be48f6a51ad92348a7b266e0ed66fbe2efbe40b96b07305e291a89ec04c8549d34b14f5dd29c2a832d94_cppui_modular381), - fq2_value_type( - 0x04bd3d054f295242f9f32fc3ad21795542dcd2e92af34e8dbf7550cd45120d9dd9700a744651b091fc286919b79798a2_cppui_modular381, - 0x0b865cee2e54a6876d88849c5e48b2101e77419f8abac361561a65fb2cf3b25fd43d7344055c17bf11fad4f2518d1b39_cppui_modular381))))), - }; - std::vector> gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1788826b397708b027ad4d28d617f2bdcfaa4bdd9e8ed558eb0e2793bbc7ca92e161fedb8d7d4e899928edd018b9c4e1_cppui_modular381, - 0x0e5ff5ac95f10e80f0d450459608e81cd8790ded433e89b54b148aba9ee51d3b903c0d6e8151fbda77e080ff0e2ded81_cppui_modular381), - fq2_value_type( - 0x15ab6ecce8f643d8040a160b28a88cc354d0f00a0e36f08d8cf9d0be7498d58049d9efd5a6e1500a847e51b953bb5422_cppui_modular381, - 0x18ace269e554de2b091e1bf93fe6f49943cd8d933a5ff07c44b74a5919b19003096689adfd70d95bb67e76b898e64ded_cppui_modular381), - fq2_value_type( - 0x055d9b8d6422d95ef658133c5c420428757d798ba2a4f3726a966b8f465f1ced397f342835c604b246c1a35f95652ab7_cppui_modular381, - 0x08d481eb22d5099d849fab89cd08a204ebea62645ea16b00a5b186a85272585e9ddcbd17a97fcfae5723ed9eed3ecb73_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13f74e51b80987e58a315930ed5c9bc4ec889b658d7fb1346985335c203ab26e45677cd9f0b270aae0f13579f37dbf0e_cppui_modular381, - 0x154d0f0200afbc37a60263bfaf2113724b5a418ed775d006347fb689f6e1e5bf9994f29525479a8592fe13507bd013a4_cppui_modular381), - fq2_value_type( - 0x0587bcb5d491260467ed5c4b2f61587b4cdcde1f95bd019a44812493a70d43e8973c9f8fe4d3efe5d1357868bbf6a9d3_cppui_modular381, - 0x0aac99645c6315981ac98aa22fcd9e5b793a98e9ad4a4303e3509b838f105af4b76c29fcd27876413cc8a32125414d3a_cppui_modular381), - fq2_value_type( - 0x0fbafed0658844cd1b17a8256243fd52b59ae0301bc2ac7448ce9995b35326a16d9607ec7c6d6df93a139e3fc9775f0e_cppui_modular381, - 0x0d25b354fc9056f541dbbb04557c2bd7c798a104b0532d630ca4a51f479bccfcc7145d1a38358dc4f1c715ed93715969_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0ee181afb0aaee4aff5e1f376ea7d439777d256497e6b2f98f4503ed7cd57511425fae9c35b5f79db8e6cb9b38793895_cppui_modular381, - 0x102537a00e697edaa60b7867d87998739ef9cddfe187457648c0a2be3fd05c92b8ef19329bd7c07c61010965e7bef8a3_cppui_modular381), - fq2_value_type( - 0x15bbf319ef5876460c111365bd6478d7e0c569ebf23a68afc9f877e29760042347e4e4aab02dacc71068b41d8b58910b_cppui_modular381, - 0x187682bad5baab7ae6bfdfd33ef84a0882cbee0980d5369df1538dd0761ed8dcab020fac9a0a4c5a027ad89f4eea5db7_cppui_modular381), - fq2_value_type( - 0x057142517f230eaa05b21cb517f67b5317ae73ae2944a904f64f888239fe63488fe5c657cbb56f3b5d1f2dc678e49200_cppui_modular381, - 0x101ad09dcdb181b32a1cd4f24d24dcc01978170243650e64d53b838fd828ef5e8bdbd0a9406323cb14cb29a0b787797f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1299f190879a96636bde6755bd4d9f45904273b95637c4188ef3aad491d90561ce2d3d79d0598314f462e46fa0631ab4_cppui_modular381, - 0x1546ca2af0e225be968677ca9fdfccce7f94f2a235ad79f881da67f8e38ee2b01114c52ed579a69ecde37e7517baee53_cppui_modular381), - fq2_value_type( - 0x10f2b3b749f94880c47b7f1d7025f2309da774aed1ae8a9736867fbb681de22e825e275f242691151018103797399948_cppui_modular381, - 0x04e5051ccfaff5b87864f3917a92f5ab654d35ed7d2b5834ce01d3854dbb64e627126a0d3ffc56f1a504c41bd8f90d3e_cppui_modular381), - fq2_value_type( - 0x194ceb66c0592dfa69c1dcae1947acd98a2b215c89e66ceb16a20857659e66969e81b1b783e6e55d17d516e331ed22b6_cppui_modular381, - 0x1063386db2d0ecab4c52fa3a83dcc07afde71e86c78acc6a92c389ca5c0c01b2842e79dfa789ae4e35e5ffa2ae8d07cd_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16a2a61acf5410a8983fee3e65911fc8ef8bf4280e3ce5174c33be1a5a562a426d3fb20f2082e020eafd309c4996cf92_cppui_modular381, - 0x0909deb1db74f4786ec60019f5b50a60ae735e62aeb57c2097e0436aad72d13f5d84fef69ae187bd4e8417bc5e079b45_cppui_modular381), - fq2_value_type( - 0x1757ac28a92c04bf2c3d9647b2a06d5eb5d9100f50d5823e8912443c66340483edcf5838c8e17765b07d7195ea2dca32_cppui_modular381, - 0x082a7c7ca07f53ece7ac269c115aae2f8485d746a9c76b207db11bca692387a9970747ce7be1ecc12f44c1f56f88d13b_cppui_modular381), - fq2_value_type( - 0x1779b373b3a78ad69961e102afbf553ac8081d8aedd1cf702574742073b40623e44d0b29436c25f009fbe58541428993_cppui_modular381, - 0x029f014ca1e66024f211288e38d2f5eefc1535c43c51da87378189fe2effadc5e389b811be547b0ca7ceeda8ef9d4c78_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1024e769afa0d5ae54bb42fa474d97f198595a8a7ef36d554131dbbaec0ea8cfa3093a7d52eb2ab0282878a90ec78db0_cppui_modular381, - 0x021b2e0f6b83ed79f4084a8a3c2b62b60d197ef4e7c7da046b53e759d315f0ae5077e881ad5a3ecb82f09e03e67e8bb0_cppui_modular381), - fq2_value_type( - 0x12056bcd46be6351e6052d5b566a26bd8c9c56fb4bfd17c09e250a70940f0444ddfdf69a189c22a886e5d1acd0269f03_cppui_modular381, - 0x183ee78969b1b718afd496ec57512a92885858aa424329a03ff278bb1502d0de728bae15d88fd535ae4d6e77868c510d_cppui_modular381), - fq2_value_type( - 0x0586752e90ef08d81e98ae6bfe2379cac34d5ceb58c54e93734ba59379e0b085355a00f371f46e8f8c2ffec44cf127db_cppui_modular381, - 0x00f211527a6db95d4a43f0634fad06355728bc947311c0fd8fe5876106dda01eadf90d9830653e47e9c4bec57db0dd51_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x04960236d2e304dcdf0f985f3d4cf05b2e97a2aaec262023fe0bd44ac6804c20145c28507953f194d4bafd19f66be7f3_cppui_modular381, - 0x022c81ba8ca9cd70d8b3e1da607fc00ce738f429760a17b8b2e080e1aecdc42fa150beba7a111891ae4224044129c34a_cppui_modular381), - fq2_value_type( - 0x13503659bca2ff69933dfce8950b044a4cfe36deb9abf21dcdc2c948991d73d8d2df5844586ca787a09f22c242cf870c_cppui_modular381, - 0x0d3979429426d5fef07934b6051d67b4bc5a0c7bf872f5cff9bfad82d82983ed6c9db23556f8cf572e264206707866d7_cppui_modular381), - fq2_value_type( - 0x029a155db0a5002c85c255e640fdc72db1a2644e068aefd9edd68cab9a5e3774e602cce877ff4ca291bab1cf8563c579_cppui_modular381, - 0x16f7232f80059cf103b8aa1a4908baa29776200b62f638bbf4c31c8f1dc3a3ef3d7b46f7fc704cc32f6f5a2664a7503d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x16b54372d94f1571758a6290442b0ce1b56f842d0ac3c7b994c9d863e5b6a9add637ce360d189b8253c096e3141c8f45_cppui_modular381, - 0x110d7cd8299d438b36752b5e7539cc2b8330c43c09397193bcf643ac76b5f82313dee59cf2e65c1bcba11932323ea251_cppui_modular381), - fq2_value_type( - 0x049209eba43cc8e939832adfbe4c762d3c06a1d48f24a909f161433d4809abe90afb6e0ce5b0638304f05608400969de_cppui_modular381, - 0x0b9756c54b7d2866da5b9d22a29ca23abfd5bc6946e08dfecd00b0b07f174e4bb08f96913b37d7a7d9f8f60e25c3080e_cppui_modular381), - fq2_value_type( - 0x11e79273751964ab0601d57c7ddd4fdb7c3d32b9cb08ee507ba16b9f00d9f59228dc50c4bd9e10079f3edae149c45218_cppui_modular381, - 0x098c0ab152f5243075b84c57d0831ab00e6badf052ea517ef07c6cfe8335f938771dbc5f4519f64c805b87369fc836b3_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0578b0ce1c12310c89e78573042b224b55b106826063bce4486c350afebd67f2e5ad11a4d05176cb48258626621ab615_cppui_modular381, - 0x0dfbe96ed0d2e708dae148e6ddebb0c3b789378af791cf8a6f9a44340e51f0f4ac83dba32db1bfea6e301ba6fbf9d510_cppui_modular381), - fq2_value_type( - 0x13aa0fd7f5b9cea485e7d9d16f7205eec4a533954d4c162a5a67fbd3ce698fced217ff17fc32308a0d5fd4349b581d78_cppui_modular381, - 0x131d6c897e1cb3acb17c83645ba9ea1fca3fcac9cd45b948b1d7cacca9f31dcadbdac1f6d74ad5bf22754b68b33bb504_cppui_modular381), - fq2_value_type( - 0x0878df44890f4097924d9eda5d1529602e770b75b57cb7560c911d7075f9582d2112034680419197f37efd61efebd8e8_cppui_modular381, - 0x177e78cb4c7f868dab61eb61a9c8b54daef67d2c8047c33646c0fea9177ee892b5a1a4176a006a131776b468aa5bc45b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17e1c7376fcc1d8e890310fbf48d52d0de565de348691120befc7477220908a7ea36d0dd5bbdca517f6cb5912d5c8da4_cppui_modular381, - 0x0d23f6c5fb259828e09edf873366a390ff4b976616eeb687e656719233bb14850419f238790abbfe173e4ace519cf0db_cppui_modular381), - fq2_value_type( - 0x06bfd2bcd807e8256ddc90d8875cd2b21ebe6a40b2f0291f7a40cd2d4816a200adb790147bbeaeb5da22c8496d12a32b_cppui_modular381, - 0x0a99ed28de9d13fb6c6b9d2bd17575ba080c97b0902a71a78f5341d12ea46fc08920b724f143e5b9c43c1ceaa136e511_cppui_modular381), - fq2_value_type( - 0x0c30d54ab51c3f63590c9d4b4cdad6e31221675092483a4478ce128448b398640e93a7ec9d3251f844df93a842db2283_cppui_modular381, - 0x01d4b8b604282d91d98cde7bcfdad4caa7e31d0f203d2a0c776ac775acb698bd4e2bc20993d682b5b3c0f38919afb8f3_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x12320fdcf1a1c2e54dcbe4f0bda294b52931f8a5eed82e6e052927ce75f578719d153b6cb1006dcadd3e22140cc0e6d2_cppui_modular381, - 0x034ab2124020db9adfcd59020442881ba7856fade5756d30a4c1c289cb6893cfb1d24eb54853dee13d6ed51e528a29f6_cppui_modular381), - fq2_value_type( - 0x17d7210f5dd42c46fbf0e0e9f5543f0ed3dc42fd54acbe28b9ff8ec83861b6e9edae445f7b740f9af0f85a30045afa8d_cppui_modular381, - 0x113f29ea7afcc1012bbf5ad3c60411231e5e6ab12101ae2e5b0b920b2f0fbdc25555cbe67927844ed3dc58a21523f1bd_cppui_modular381), - fq2_value_type( - 0x053bfd84179beb5028185b23e3b2e0cd1c21047f1ecd79273f1d2f9dff09cd837c7016768ec052c1ce897187db5f4c07_cppui_modular381, - 0x01262f7bdf84f75f012aa826a120120ba1d094ccac8e6301faa31718af5937ae57215e5566de8e86e193a51e9a2d0e61_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0b11bae91f6b969c364f4365752e15c5309d317d5b6386d59b8da732f23f186b7c7fee3ef0ba2df800f0d96ef8ed917c_cppui_modular381, - 0x0e94f76116cd2936f91eb7e758fb0ca34127fb135aa60748c4f7a878c964625cc7cccd7f27cd8d72278dd9e1aba48688_cppui_modular381), - fq2_value_type( - 0x0382ac6fb6f360b5f3b76c6c02c4a05fb55213758d8252684cc68b6d50b76866cbe3346e6f8e3b1f956f3413ce7f33b0_cppui_modular381, - 0x0f3b2651d1142e4794e22d3cad36278839b1bca57a82100e9682a88501ce01bb53e99f26ded23f31fb355061a5899e73_cppui_modular381), - fq2_value_type( - 0x03853cda18ccd9f1a6a27d938c312e7d141b944cd6b38cff562636fcc04009c334f6282ab1341eefe887454e6e65a2c1_cppui_modular381, - 0x0e9d8bc6e621361814010bfb5baadaa6f6014dffd7c65a4275a0c22378b4c56ab6a0688ef0f3b17bdaa12fd0a98305c3_cppui_modular381)))), - }; - std::vector> gp_z_c = { - std::make_pair( - G1_value_type( - 0x00356ef47a6a688a8832dd47fad2f8b5981a564d3b7dc77b33f13dff52dbb4536b6108510785304da9fbda39bfdc0bb3_cppui_modular381, - 0x110ce13acd56d5f9188faf09684b5e299b848615ad9be48dec0702e42ff794730417d92c7d437ddb1ba82869b5b6fb60_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x11d1f6fa158a0424684bb00c08be8f01c6eb6835a1fbb6ac06606799e517b2752b0b047b70266013b9d932198ced0930_cppui_modular381, - 0x0d6d40a9e4c8aa3f41d50f3204216c78c5959e5d0aaa08fb0276665b50efa7e90749cf7ae48d353c2beb29a7d9703ed1_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x17f33645e50acb5c20888955b496c67bed513e0b844b02628d978b8b37a813e33328f329cd9c0f10eda20cbff4758e1d_cppui_modular381, - 0x106b96a3cfb2fd59f1d171d5d956498c24fbeb6be8ee12e7d6432b8dc3869598e771a56eaf9ab8a0001a1da658df7f09_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x145033766369f79f01c3ae44050c57b90ef20892e9eb73da1efffff9c8257fa82ed55051ea26ef4801268e55f1ae2987_cppui_modular381, - 0x01793eabe34fce514a38b6ed3fdf9dcefc3754caa1efadd577137a1b7182f793374e7040e5cf3d9911f056720c9a0756_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x01bea501f76061a67001ca3c5586aebaafef12130b375d2f12088ef376fe28aacf542d0ce26d01f3cdbc10c5a6b0d6cc_cppui_modular381, - 0x0cb0d723875d30aa8e7c0bd11b30613cc5f40fc0575315171b383ab3508bfb1cf4d764307d32b44c3b74e5ad2bf3f2b8_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13f158cb09a4dee7c65a345c7f2173e337756c1d286687fa9661c432cae1191927fea54ed47648c38ca1ff52c4d20eed_cppui_modular381, - 0x0d851ce999581e11e4930335dc31241ecf004ac30c1adb4a60424d0d29748c01c4d04be6bea6c26c389c9450139a381e_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type gp_final_a = G1_value_type( - 0x0e8fa2b057e92406ee207fb49d5206dc169bca2ed70df83a70c1a14a2813cfc0e3af3505a878479cd76d84c28ccea7cf_cppui_modular381, - 0x15dfc2c8db04ecacf69d7fec04ff641f50064b886bdbe1870ed8fcdb585eb6fe8915bdd29a7fdcf9fcfbaece14d85d33_cppui_modular381, - fq_value_type::one()); - G2_value_type gp_final_b = G2_value_type( - fq2_value_type( - 0x00af5b0a0f7004410575e0fa27c27dda035de622ef4bdb0a1132ace3f453be45a68b9c5cfc586caad9901e399a1e9501_cppui_modular381, - 0x0bca883f2a3089607567e2a0adff0a128c4fe32bdb18e9fb10ceccaeb174d67494b36abeab981950b0e864441fe6b9f8_cppui_modular381), - fq2_value_type( - 0x06889d8d13078eb3f761da2b5cf53736bf8d2e58a4972ca7e58fd50d951689ad6bf1264d9d41c813d1eb9fbf0c7d2389_cppui_modular381, - 0x1399770a311376df72bb55004795c619258767b59ee7fb2a942f8a57806a0bacb0fe1228a6252ec74bb1d59273b5c4c2_cppui_modular381), - fq2_value_type::one()); - G1_value_type gp_final_c = G1_value_type( - 0x084791edc406a3f22688cbb2b037e1ceb6326b5923f0e0d325166f7aff6a3a49d445bfd9bf7424eaaea21e8aadccb9a2_cppui_modular381, - 0x10b85fa7ea5d2477ea414b7d693df5aeae258f401fe0bc8754c5a06c7182c7b2bba42a4a166a46fb3deb55becc466de6_cppui_modular381, - fq_value_type::one()); - std::pair gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x182abf0fec3c7d47f4ce807cb3e1392cf7140591e891b5177a287a9dfbd0260f5dac227621ef6d8a60cc9bcfbdf5fa13_cppui_modular381, - 0x0272aa23725df98efcf4c9e5c3706e91129c5d8ba0a93c528f787db124e90f0d9087a3e610882e03a5cfe7f61dc97dc6_cppui_modular381), - fq2_value_type( - 0x0c816f6952f4ea048ca681082a9315d2b455874da75f1780f8fdbdf8c135de783b91a633671f92a9c8989c12de1f491e_cppui_modular381, - 0x01bcfeeeb78d21339e7a32406bc15a961d3494cdcba1ad0525a58c1a09908ccff78cfbd33234f23fbe089241fa7a8a9b_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0876f0583fe644557ae2059ee8cdb5f8771e596e98f8daa9ed579371918ef4f52aa4f30bd1f1ff75479c8425f61a320b_cppui_modular381, - 0x0a1b7c06b0c91d35cc69a9d64c5561d5408e73dd040a51762f5853c2cb2873a4c5b994470a54ca45429acef0f92688ba_cppui_modular381), - fq2_value_type( - 0x04dd9bd93186e54199d3b41a6348d73f516734611390325a478c636659c886c0f88f7ae15ca80b31dc9284b2c1135c8a_cppui_modular381, - 0x00000ff4aa4580802a632b61ce364dfabac4b2e3aac4edff9cb199c2396b36aacd5b2e26ea0f19db2a2e6fd5ff4f13ec_cppui_modular381), - fq2_value_type::one())); - std::pair gp_final_wkey = std::make_pair( - G1_value_type( - 0x14006b4350de0de70c5b8b7b35e0103298c7afbab44b4cdc49979f188cdf8c2ac713a8778b7d731b12c41da259819a50_cppui_modular381, - 0x0128fc84e299c6b2965c56e381dc10b3e5b36fc2ed27de8e4bf56aa73f2273b1ff21f8af74f90d64dd21ebe6ef443d07_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x07760bcae08fcaaa51dd8712cbe38ab449198f356399c3ad86b46f69d0373d6c20d2c81054cad4df71c0397375ad8e6b_cppui_modular381, - 0x01dcadbe7a8ea3c463c52f50197a9363fe31a96a8ee4d6e3b06a37270d95ec4ba29ddbc363290da25d25788c29fb4eaa_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(challenges, ch); - BOOST_CHECK_EQUAL(challenges_inv, ch_inv); - BOOST_CHECK_EQUAL(g_proof.nproofs, gp_n); - BOOST_CHECK(g_proof.comms_ab == gp_comms_ab); - BOOST_CHECK(g_proof.comms_c == gp_comms_c); - BOOST_CHECK(g_proof.z_ab == gp_z_ab); - BOOST_CHECK(g_proof.z_c == gp_z_c); - BOOST_CHECK_EQUAL(g_proof.final_a, gp_final_a); - BOOST_CHECK_EQUAL(g_proof.final_b, gp_final_b); - BOOST_CHECK_EQUAL(g_proof.final_c, gp_final_c); - BOOST_CHECK_EQUAL(g_proof.final_vkey, gp_final_vkey); - BOOST_CHECK_EQUAL(g_proof.final_wkey, gp_final_wkey); -} - -BOOST_AUTO_TEST_CASE(bls381_prove_tipp_mipp_test) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type u(0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255); - constexpr scalar_field_value_type v(0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255); - - auto w1 = structured_generators_scalar_power(n, u); - auto w2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::wkey_type wkey {w1, w2}; - - auto v1 = structured_generators_scalar_power(n, u); - auto v2 = structured_generators_scalar_power(n, v); - typename commitments::kzg_ipp2::vkey_type vkey {v1, v2}; - - constexpr scalar_field_value_type foo_in_tr( - 0x70ba0c24f7ef40a196a336804288ebe616f02e36c9ff599a6ab759cd4a0a5712_cppui_modular255); - - std::string application_tag_str = "snarkpack"; - std::vector application_tag(application_tag_str.begin(), application_tag_str.end()); - std::string domain_separator_str = "random-r"; - std::vector domain_separator(domain_separator_str.begin(), domain_separator_str.end()); - - transcript<> tr(application_tag.begin(), application_tag.end()); - tr.write_domain_separator(domain_separator.begin(), domain_separator.end()); - tr.write(foo_in_tr); - - constexpr std::array a = { - G1_value_type( - 0x19382d09ee3fbfb35c5a7784acd3a8b7e26e3c4d2ca1e3b9b954a19961ddf5a04bc3ee1e964b3df3995290247c348ec7_cppui_modular381, - 0x0e1429c57d0b11abeed302fe450ee728b9944a731765408533ea89b81f868ea1086c9d7e62909640641d7c916b19ad33_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d76e41234948369334b432362d0704bd88599200d80645a69ed47acf10464822776a5ba8efaad891d98bf9b104f9d24_cppui_modular381, - 0x08a8c2ae10d589f38a9d983feba2241cbf0d292d44bc082e8fc9ff872f8eb280f6c6cfd1c34928fa81274781a4f4770e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x02e080ea7883f56025b965fe7fa27315af7bf0f532fb031075467cc78dbce6319645e23e8febb6660cc864ba9e985afd_cppui_modular381, - 0x0f25c2c8aaceff02da0d5b85030767c64b3ed2ffd3e3f69e9aee42025c737e95fce00d5269eb151c4d22a5f77ef8c815_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d3541b03376d07cbb7f9f48b3a1cc43cf48160152c20c00c7bad75986839b0f9ef7cc71f1ffb4d254d9ec15ce6bf336_cppui_modular381, - 0x01e48935c827f8ec79129124e8baf1deccf99d8ca0324fae41e037f4854ff4f389a4df3bc9ab2549b6ef949e4acdedb7_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x100462d4d96fcf47dd6f6dd3957f8c2d15cc72fe0f2ab0540813e73a16c74b4bb932722e96a33e2a26ca1ab9bc879e49_cppui_modular381, - 0x0b2d223ea7a3275108aa52b3e4eaba948dc93cb6ae29c3c472a022eab55356e51755a6486e7fa94f3b8b4a06b3ea735c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x1320c3ca0de8f268ff78f461e5b342960432064eec51743c386fe93f2f1ff8d4592d04605092b7302c217a72e6137632_cppui_modular381, - 0x1613b77929282de9c0a3baf3285394260a50660b2f5168c6924973b44f35dc1a236796b3251c5a748039b78d0b377576_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16bfa39559ac6ddfd3c63ef03bfd11ae6de4d08e66f82dc4ec4e2ca4318c266a705134204f2aaf99b91f95610d356bdb_cppui_modular381, - 0x0c2dccca4ef18b3cf50f18ff13de4443eb6f5e6160ae985568fc5557232c892599e27285254360f797e4b59da1c19406_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x09f4ebbbaaaf5d2ea52abcb591412f6851539e1919d34de4f00900e60591438a6668d48070b5fb22c3b59a3cdae45799_cppui_modular381, - 0x0aad9a2d04fbced844ab0811af6deefb18e9d67660073ec96954f2f0edf3a884a4ddcef6d8b7889a9bfbf7e2f151b1b5_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array b = { - G2_value_type( - fq2_value_type( - 0x0badfb692a2a7ca4970d2733fc2565afa8e09428453ef5cc916a6d5ab43b8be8b9ef920af378f1823f426bafd1d096c9_cppui_modular381, - 0x0d523776965ea36bab19da0387d38305d628d63fb7da6736f4620b7fce92539fcbaafe7dabd96e98693d9973ecf0544a_cppui_modular381), - fq2_value_type( - 0x020203c10b37edef960e6921c624ee57a3c2b256385b3c68f8fd611f1deba8ab91cea15d77452639429c74086a322eb7_cppui_modular381, - 0x1498dcc1d84eb92d7e41ee99596e1825901ea430fcb0ff64d346e19375981ba8579d6ebf325c8809f1aee58542bd6c98_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1634b13dec932a66d5b3ea6406bacd702e020970d533c29a3d6fd80a4ce1e8138744eb41b0f1e66e956fbace9af6a151_cppui_modular381, - 0x0a4edb2465192b1b32c84bd6791aa9795b8533df963b1626c8ee548bb5f7430a563d0e662b3053cc12cd256f9e8471a4_cppui_modular381), - fq2_value_type( - 0x049004fe74f14513aa607d429e78203f86e08100dc70243fef9fe73cf9f04f9c3793b3fbc1d4833f9db371ee94e60bc2_cppui_modular381, - 0x0f2277dafecdf791e560c89086d7abc21e5f0314fabd492a0926e588acf7a34d30c0713ee2cb03054f44a7dae8288694_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0147be5fd09e02e8d64eec3e6737b40d4099ccfdd88651c692c7d4407a2822c35756ba40ca412f61e201b5cb649391a6_cppui_modular381, - 0x165fd26d77e79da63ffbfaa5771426f4fc6c925a92bd593d1075e84ae1db5e9cb0a7dffaea46dd46a44f6cf904cb873a_cppui_modular381), - fq2_value_type( - 0x1507d32ecb1783a069322547839ffeadd5bc4e04562dc36914686df787f6f82d5a84f32786996fd56ab2ed75e25264cb_cppui_modular381, - 0x0302e3dd0ef0b642fc55af194e4906d57bcbcfa1a3822f078fd7fa1ea0d665ef6f60531068bd7a6834b92618db91ea23_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x04c0d40f727b43aa40d5a66de08182abf5c15f6d3726a9f43085c7a9c8b535ab17bafbc6d90a6677905271c845768ff2_cppui_modular381, - 0x10e288228d368ee8fbfe240e2a0ac3214bc232334d901feb02f41fbb459c11ae6fb381a4022232b66f8a98ec5ed2425e_cppui_modular381), - fq2_value_type( - 0x0285029f076803949ea0d635d716ddff562a8ba9a652e43da0e1df737978432082cce2435e857a2b78c886fa7a6dce84_cppui_modular381, - 0x0a52fcec1a0fc4ec51022181a0e1e44aee18f8d2cda18c8ce5acc789838b03205919870c83b4ec54cc523d89a40ef62f_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x113b921ff6a06df8c8ee87288df68472b00f7f8dc243c12731f1177ecb8780fbd3765069e0fd5a8c1c7a67649b00d2a0_cppui_modular381, - 0x12d96c166c7292b72c7bb9e0e9e91ffdf7ca3926f67ce4894f0b7ae0d826d397c7fb8bba8e2e29abcb8aa9e7de01c42b_cppui_modular381), - fq2_value_type( - 0x0b9231a10b1066269677672e76235e7864d7bc0bc99d9de649c1ecca732e887c6c5975c486b44fae713541d130497bf6_cppui_modular381, - 0x011a97bd656717d31c74a17fec650e2a04894d04631792f14183ccacee8db3ddd731f4ced99488a133f66d12a66d2eaa_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x159a7f20fc1f1fe0f794fa735c6ee28b2837aa5d70d70d1f53f1d7cbae31ca04782e9261818ae6bda542076fb61c8bb1_cppui_modular381, - 0x03d48c028b98f10345bd40a59c2bf27229947241472986bbff174ea87d1a1d4721e2a03ccd0af2fad6d014fbc93f55d9_cppui_modular381), - fq2_value_type( - 0x0c5b2aa2ac824a6a3df42b895d61832e71202b8fa896eb7bd52e4f1360c696385db9fb84783aaea4e8ad86f80e2703a9_cppui_modular381, - 0x07fc3cf1d974627a821f223dac339045ede041850e3b6b542dc66b0d3bfd3a582c68c65ace31bb3986c70b4f59754e62_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0f228b023d7881ed41446c45cbc1fd05aecb0708291131bb189a6d826921780e1c28864cb0d84f68d4d1933d5bb57c15_cppui_modular381, - 0x14292b6aaa6b19596e452bef413171d6fbf68e1d7642dc0e815c8dda280c32d63279dcb9bd16effa5789722dd403c188_cppui_modular381), - fq2_value_type( - 0x05e1e5b8555c4d238726565fbca0b37042fd10cf5b7f6e0396d71f5660db2aeaa053b0be570f33c1349503829695eb98_cppui_modular381, - 0x0896a44ec87960d640a89fde02f969a079c781ecf6c29f8c3115f6792cdd20eb5046ae8aaedab29b0b6d12728b9863a9_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x108b91795a87e98f1fee29fa53b60f7bd6f397f6e716654e508303a0f5cf9adf44cda4c8698319da3b7f2f417823e127_cppui_modular381, - 0x1389b59456bc26b56b1ec04cd3deb42033519f78255e3569231d551c121bee2b42151c2ef3513c48851519133c7b24be_cppui_modular381), - fq2_value_type( - 0x13d4e1d3f953e836bdf9602d2fbb7496b8a922638cbca415d171de4a7df0a9ce630c9d14e3804a662ee558d415308993_cppui_modular381, - 0x0b154e4f42109dd3a7857f02cd95c480d205ba5427fd49389051f7fa927ea6e2b6c4373c145349e8cbd9ca1098fba447_cppui_modular381), - fq2_value_type::one()), - }; - constexpr std::array c = { - G1_value_type( - 0x0ae765904fababf7bd5d5edab78752b69917962c150f3b0311446579a083a667412ea18f009817a6051cf852e09e9c40_cppui_modular381, - 0x127fb89d20a2b31725091c033f14986b33878ef4853806987412126bd8135731c09d5222fddf44441eb4e04cee8b9469_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x140e91d114a6dbb835d2ae1ab50729b0553e3e988ca0451b29ac1458caf71b1f1c47ef2255814b4a3ccfb924f57cbe33_cppui_modular381, - 0x0ac830f2ed3435b2b9b3900d0bc0d74407467abdde9f72e922859ae1d2cb094299a7ad467680e7eff331e8a6f92df194_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x186aabfcbe235db4a2dcbacbdd571d0b2e857ada26ee83f0a4121c1bed70ee6609bc0f24b3ffc6ea8af50b1b4de25af5_cppui_modular381, - 0x053ea1258a76b5dc15460676bd2380558bd26cbd98266cb04bbe3d18656f68b8ea11c6db24fdffc28470fa8778e08882_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0642350f1aae9598397a7da3190e07b7b896696682c37641cbbede18f05495bcc822cc8bf34b87709372f3b8cb895a38_cppui_modular381, - 0x140f5cb0dc31c1db82e845f53882f8a7a0679380acb7262411d8f9b7877586192f1d306f5eba7b42fe937c3885542c1e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x04eecaeb1aab1d88696f17a3fb205e7d0bf517c16ccce694f196cf456b45a3983fe40aebbd2c0a5da701c63933d0c388_cppui_modular381, - 0x18dd9108754b69d09b2ad191b8c4f431431030619765f109a0ab1fc9a64e71d483ad96c95a777a0e73aa72703b97f59f_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16dd473a6acb01617eb7b690657196e837013062c9a20d0afb16f8604882182b65ab55e112265e510b4a0a95ca2fe1e1_cppui_modular381, - 0x1937d9afd12b5a1334475224f967fae496c1b7ad9277845cfe9acb789d9d207d7bd3c2464b337669c9ffb3d5f643a163_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x19bd07f7ce52c9efe33aa9e93c98c9bc2ddaa4c762c52f988064438ed82dff92c49b5799124116af8ea46d9dab5cd5f6_cppui_modular381, - 0x08f805c413e0a8087b32052148a63dda612c34a988e42e8cd12b3fb3d72942201571bf46298c6dc697c1e51be539295a_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x00352edd966153a5fd28fe8ac333ddc95a4dd00a6ef16f7b59095e705c3bd5d6e8805071f3c8ab2a66f70e7a703233bc_cppui_modular381, - 0x0499e107ae36ceb8da7e1da2b83a8217b428976311420b4281bd428bc18b0db518e125d8a21e92efe1d68bc766ac4ffe_cppui_modular381, - fq_value_type::one()), - }; - constexpr std::array r = { - 0x05beb4119e1356ef39f98c7a7115452a3c4c1e2a48975c85d875aae91185fa25_cppui_modular255, - 0x256d4004ff9591bbaeaaf85cac883eed808de37eff2b45c6d05e6670b3cd1fdc_cppui_modular255, - 0x3973e132b07e7b2244f1172a11387054f7c9593b3b258475db005459a0e4bcff_cppui_modular255, - 0x669073a3f8b48ee66412051fc614f73fa8e4e967a81e82562d23bfe430d1e2b4_cppui_modular255, - 0x2d571b235843a47ecc75978a95b3cceb9fb28a6a2919e0304eb79201c4ef0352_cppui_modular255, - 0x622551c093e4773c3e1ffb69e99fcd4a31a1f727369f47b1df49b03b9534a8ad_cppui_modular255, - 0x0b8cb847f81048e85f5843218c1e273b56ce2608d7d9947cd1527a1fca0001f8_cppui_modular255, - 0x3dd77c298708150d79e47bc4afccf78a6e2f32a17bbbcab1ea41e05551c0e96e_cppui_modular255, - }; - - // setup_fake_srs - constexpr scalar_field_value_type alpha = - 0x66d3bcd37b8ce4dbc7efc5bcbb6111f5593c2a173f60a2935bf958efcc099c88_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x01f39625fe789118b73750642f16a60224a2a86a4d0487a0df75795c3269e3fd_cppui_modular255; - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - tipp_mipp_proof tmp = - prove_tipp_mipp(pk, tr, a.begin(), a.end(), b.begin(), b.end(), c.begin(), c.end(), wkey, r.begin(), r.end()); - - G2_value_type tmp_final_vkey_0 = G2_value_type( - fq2_value_type( - 0x11a94db67997dbc16d3264f65713f9c91631bcc0a41b40d939daa48e473185f3b30dcb58736cae7960e7a90ccacbee74_cppui_modular381, - 0x0c901bc14c169c61ca8da1bdba6a9eef854d459c979e39ddce9c2dac1c641292ba9c03df6e9c8ebae66631b57be768e0_cppui_modular381), - fq2_value_type( - 0x0352cf50478240133767d087078812622e6f267e966c9c4154fed5d825fc03578b1215c1bdee071bf8215b6ba1b6a282_cppui_modular381, - 0x14df34d9d13b6e0a4293c3c8a6cc2202f47451345fe2029cdb21a80060abc510e9b5aee8f7214693fd64292f30dbad7a_cppui_modular381), - fq2_value_type::one()); - G2_value_type tmp_final_vkey_1 = G2_value_type( - fq2_value_type( - 0x0b96d26d779c06a9b2450c1379bb24201491a85735f25a6c1302ada345a444fd4501c88beea6c468765be32dea1f913d_cppui_modular381, - 0x12addb94b450327370b28c0166aacd86451ac1d0a7ef10d00f64f2f595e9af7c1dffdf84c6b74c64ad72eafbfde73709_cppui_modular381), - fq2_value_type( - 0x1373290404e2b988334697787eebb3e1be4b1a92f8c58295625fd535885774951cc8efb2c31e650b69242b04c9fccaad_cppui_modular381, - 0x0a4381086a8ce37cee50bc3f05b573f242e0055b58bc7aad2956582148270f573e0c7042b5d1c160bad05e627f8f4793_cppui_modular381), - fq2_value_type::one()); - G1_value_type tmp_final_wkey_0 = G1_value_type( - 0x0801b62235fc889ac1b82372d71899cf163c1df212dc0e1f7121d2a7a67f5eea7d6562136782746d19cd9fe07233c125_cppui_modular381, - 0x177bc3d5fa4f75ae6b3f761df8faeda0ca9cd69fa6ab0ee2fa880c2367f699d24d86277132a56e8d5940b3f40ea0b60a_cppui_modular381, - fq_value_type::one()); - G1_value_type tmp_final_wkey_1 = G1_value_type( - 0x142bb1955ebae7a2ba3951137605da96ca427c33f6c86eda9aeba7c922ffb26c3cbc79312191644548fcd7fb08f49918_cppui_modular381, - 0x05cc2acbe11059daffa817815a9cf2749a3aed561560aeac0a3e5c08f694544b9464535631da702126c25b555950acd6_cppui_modular381, - fq_value_type::one()); - std::size_t tmipp_gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> tmipp_gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0957532c8d02eb95c0627eb17b0e6bb14d932aefdd6d76d38dfd3fe2077b263d06d82918260190f644fe576e6e976fc5_cppui_modular381, - 0x02587b67a0e6b12d3d7c461962d33fb18e3c593c9ac36689a02d8b73d89084a8b692db4b6ea092b9134c74dcbd3e46a4_cppui_modular381), - fq2_value_type( - 0x093c33d017e2ff996c35061ab21b4e36e968e6eab1bc21dad3e33639438f7bceb7e4c7c8bce8a04d1342c4d0ee31bc40_cppui_modular381, - 0x0582576fbd38a08b23fca59d91f15597c842d48168e26d8056ebe692dd2769fc630d6fe5086490babb38bcf85550aa61_cppui_modular381), - fq2_value_type( - 0x14579081ea0d470221bbba37c3699bccf31a044340e7d1fac1e7fddf2cae9d40a50dcfc723e976d18d86d46d10498751_cppui_modular381, - 0x0c6449dc3964b034054223de8977499dcec1acf6b7fdbd5ec9bbacffdb03fbd48bc52ed6f1da99b3517c8ee6bfbbd690_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x053e936386ae83584778282cbdce80f183ee757e515b76b9f384c38eddf75be5a87047bf239f5678cf7cda6e7534143d_cppui_modular381, - 0x06988693f7f232e3a27c80abf562b2353bbffb18bd87c9635621ac756a4f5ddb19f6a2259f789f073717d5a6320022f8_cppui_modular381), - fq2_value_type( - 0x0d2c79ca9245a3f02669d57396775710b4928e920e751aaed4b2c85b76b5cc52c1f310f2acce01207e05760e70720ed6_cppui_modular381, - 0x000836a24857b0bcb2944176457c32f60762630fd97305b415681c73800243f96835b6771d333829e59d29f2d31ad75e_cppui_modular381), - fq2_value_type( - 0x18030873862d91c08c54fad4c511d12c8a617be4dbb142a30f1652eb687d1bcc6413bf474aecbbe6fbb0a227dfae6ed7_cppui_modular381, - 0x0aaf091bdb18be326e3ed80cc65e966bf45b83e0b692be10a7dfcd33331d379720093a2510a73c4d66c87a244faa140a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x088bd4349c8a9ce80a029e4c30818ab25d919b25b5fb753175012a423260f101c410d0f8e4072c30d54b4ce3f70a9fe2_cppui_modular381, - 0x123c094cd7bcbdad08336e1eab34418ef3b75c62662b7130a5583a3150802bb2a4c0d9174ac062702d728e35f59ef049_cppui_modular381), - fq2_value_type( - 0x05313d19ae86e54f2a84f097982f808f190c485832aa2424b9001c3941f21d1de1c2e11ac8c260d49fe4f7a8fb4109b6_cppui_modular381, - 0x170265c68b46da3144d107318dfbccca0ff831964dbcecda9bbd87f88c0e38c88cf93b69025b0315098fd6fbc0762c6d_cppui_modular381), - fq2_value_type( - 0x1793cdea1394964c5ba8890e58dce7a556c737793b82e46f5288703594f11775674f98e85eedd94d7b06f56086eccdd1_cppui_modular381, - 0x0e06ecb20e3c9c6aeef7d59eadf416fe7721d0a8578b0e0b4594ad3c8f682c08adad78d1ab1a5e3f26c0764913544dba_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x172c2036f67767dd888cbfbf82354dc3cebf7630855fe1f4f93438584f18c0d6de1d9c34a5c7c98d6d0600d606bbf178_cppui_modular381, - 0x14a8d8b6a3e969b8b0fa3a1b4eeda8410d756b4732edc80059c4af8b63c7cc6e6ac7910d141707dc812a34e873ceda21_cppui_modular381), - fq2_value_type( - 0x03ffd62c5037391900f0f0f544aa3daaf03bec1545f1b966c49b5c1643b5ad3f6eb9816aa85e45f5c3b66fff6f23c37d_cppui_modular381, - 0x09261a65d552b85fd64613a6667c0b77c5b106a265ae1d87280c12c57b2863959a74b4098c557d77d3931fa30c353e71_cppui_modular381), - fq2_value_type( - 0x0912e182cdb82304d1d5e92337a6a8f6b30227aa6dd447b544315900b31b021771fd4887280649b596f8a0cb0cb80a3c_cppui_modular381, - 0x0a87a923d841b32f68e12484ab4730e308d2267511f4b76b12a0dde77ac8de2cea56495dabcdfeeeed506739f40cf1b0_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x00fe4b71ffa4137b4f38cd1cfa620a4a4d53a336c2dbd9fca07638ab6c6008170a671f80153147f5aaf4877d159aaeeb_cppui_modular381, - 0x025811f675f731e173e4d30a92ad5854f60d080b2d4ada40cce2c0abc57990d16159d49b50a2cdc069eb6e75332d02cf_cppui_modular381), - fq2_value_type( - 0x07740d3555f5d523bca3c568aae61a460e1047260de655e4a03d0c0f90a7ea1b8128989ebb635d0632bae43c69583ce7_cppui_modular381, - 0x08b03a8db7ed17a90338fd70d03d66dff90a5db16d225ec9ae0b0611c0b3b40d8eb31236af58198d60e9feeb0b087598_cppui_modular381), - fq2_value_type( - 0x16fe849a1a844e70f6aa1b98d0a14e9ce13568a3d7b76881fd63220fed7bb2c91cf3d5854edb244fe7d5170eb7de3bf7_cppui_modular381, - 0x191aaf792613e3f2033317be817c2c71ff6aa2eabca853a27a3a256c7fe8d3c1c7e191f7146db95903ca9661f118183f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x158ee8bac07cae83ecd40c072bebfb651cae01bc65b0a19ae974e5b0b0c887d774f9df02f50802b8e02996feeffb7508_cppui_modular381, - 0x0903e76c0e37a5d416ee7fbe57e4d06bc21b9dc3f932776bdac0a433756c31f7d4b738d59cd8ddedf93a9a60bef55835_cppui_modular381), - fq2_value_type( - 0x110d0df783583c5ba0b6b4f00c1fa40c496df4d97e1aae1fb0a1d811e34c93f006a666788a7add38c17560ad1f3f8fda_cppui_modular381, - 0x0f5c6bb6496f3c69fd9402679e11f584d404234d5903d361154b3d275c8b47222e324d9df2f851497d985b5a83bd6e13_cppui_modular381), - fq2_value_type( - 0x0900d3f664aa042672c0b6860790db5c74c8628dad996f7c83f8836cab1fa976cbadc749a8ecf85ede5b5bf67794c675_cppui_modular381, - 0x0a9db1cf9da24df7cfadee0f658badb29af4fd9e273723639d47cd10734f92cfc438f731ae4505ef62df071e9e8cbd39_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16305214e8b8083778d253ae9bf8ee30a11419beb9469f0031ae8b29d28139e9b4b7b8d790004bf9efa503016387cc59_cppui_modular381, - 0x14da7b4414c9a73388cf5cfd6454975e93f7aa2a3027d3ae96bbe4164639f2713817f0aa627230a9c483cb7e200ba860_cppui_modular381), - fq2_value_type( - 0x155eabe7500b83f47309466ce86cca7bde55165651a7ce058ec6ef5ac0d6afaac88a67b3654c615d0fb78800e41e176a_cppui_modular381, - 0x1959b1a4b02b1db436b39bae4e3887f7580a4035b3b65cc48b812e6e850ebfab96560521c2bf2418ef24efea9ee78f98_cppui_modular381), - fq2_value_type( - 0x0f1525dd4ded5e30c113119742fbbae6a1dd2705cf410821c7ebd57e12cd8afe938d6beba3555ad84f4454100333049b_cppui_modular381, - 0x178040453bbf6e73c4acbcf46e3bc053fa26d678762132a70407d6929ae1b19a54d00f9ca58f058a3f4b14e6f14a3ed5_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x011fd5c0d0ff818b3285dd924169d90615f631eefd370c529a7703d51f440c805190c15b8ec3cfdcdf59cd67fd81ecf0_cppui_modular381, - 0x1763e7d98226e2003307197b3c1cec084af340d17f392b74bb5119090d534f420bd2aae92d03268d044308b3c501b35f_cppui_modular381), - fq2_value_type( - 0x09f454230d61a6e626e01d20168e6199db6345888b829a0653dfc18afb7c224d36a9070edffa2c99d859b7df5ed91e11_cppui_modular381, - 0x089e677f497fff7247e001db9926026095751a31bdfbf9244249c1613d9eae8b507848874534c28692d0321859710f6e_cppui_modular381), - fq2_value_type( - 0x0ab900f602fda0715066768b55b2d0620077e57a0aebe58f9b520818a12ef6129438d130c17e3ed5f9227f82e12621f3_cppui_modular381, - 0x0d7848ce6209410a5046e3f9046a7c9c6a0b730b3ec45dd91e7f791ee408896eee4ecbb8c4bcf6a78280305637668ec7_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x156e1bc01e9bf7f5fbdb240eba8618bbea8c1e4e02424302705e8792db700366a8e39f06dddd9f73804ecbef790345dd_cppui_modular381, 0x055a5bf7d588660a879cceeafe2e03f77fdca228cc692da9c4e22bd4dff4b3fa7fef82cb03d19abe85e49da56dbd06e1_cppui_modular381), fq2_value_type(0x189639597109dabac78406e60c15ccffa7084d310b197d6f59c60955c04d263d1ca4c2b0d94beeb50a3ce2ec10a9cc88_cppui_modular381, 0x15a0c0b0824785ea57a685eb0af39d1478cfe947f57e8691e94d15f660a617b526ad3b0527f95df6d586363ff6a6554a_cppui_modular381), fq2_value_type(0x147ed58c1ba4663879f4b4df925a2e94987067b7eee50c6d49952df0291f834604d87f8a9cc87e44e4558ab5f80c5c89_cppui_modular381, 0x17af81b920871eab1f38a577485c44c7c09b640372dd96958da9b2b4837040fd628faaa0a1b72a1bd7300a96eb2c5c42_cppui_modular381)), fq6_value_type(fq2_value_type(0x0ede6c6073ec86d4939b5b5599de443bcfc85392606b9809767612c7b07bb1c0e08eaec2b492516b7faaf188bdbe3e38_cppui_modular381, - 0x1675c0948c9985fae3bcc8e0d4ee5c0a1858d33f7fde863bf29d35970016db19d72ef000ddcabeab2cf776cf43f8f078_cppui_modular381), - fq2_value_type( - 0x0aff723543c7fb1c786ce9c387db34bfdfbd7482351b4db92090a3c1c1d2e56e56bd3cae39319156c9b292933b050e15_cppui_modular381, 0x0e39f41a308a27cd580a6d1dc37c8115e437bc6598193814d1c7e5d5d28050b10decdcbefdbf5436a7a44920f1660304_cppui_modular381), - fq2_value_type(0x1817aeee6af71229f109558831d3f8c548577ece71658d5731daf069ff4fbef8a384445c820add288b9695a8fa5c5568_cppui_modular381, - 0x152bbe92c49ed9d8aaf7e71bc196a9943568730dd034e191e6ef93e2bd5546ce4ff0057d9c465147511ffcb4f66cd3be_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x1310cd0eafab9b09e91803d930e926a0dc3d89fece355e1a8101673c885f1b86e9361fd2f2dedbc6edc73db336537d8f_cppui_modular381, 0x116bcd6589ace54f061964a4ce85a929577fca43fd3d97cfb518f69af121d074f64523a1cbe03c064e54fb27692ed7a0_cppui_modular381), fq2_value_type(0x0548a0c69aa99874043f35e7e168db5caf325a45faf5d99b2a0b251eb75f29925eef5a85ef540f519f8e76c421c7efd6_cppui_modular381, 0x051fbf6a5275c86f33b8405cd76a7b0347d5c4974e43e468e74a8d287d531cb751c7e3b68be8f01aca4d1fa3a4ede275_cppui_modular381), fq2_value_type(0x0421e6d957f1be56ecbc4e46fe3bcd878fe96ea904da7ab7cee7ec01b78805e914a7f5f87edaf372323da7adc422bea3_cppui_modular381, 0x10168429dafe94d57b489ac7f6397ca55b5dfb00ae4991076ef465a48da98acfbd89485616ad50db9d722632c4f60f6e_cppui_modular381)), - fq6_value_type(fq2_value_type(0x142d381d10a9c58284a41835bce6ae63a205185a51ded39a6552d820b7607987e994ca2955a87e6cafaac24b1de2b6d6_cppui_modular381, - 0x179ef5865e5638fee9ca1907430d70e435a27335ac2a67c4bddd53bfea7941f929effcfa5cf16541a0927ea22fcffed7_cppui_modular381), - fq2_value_type(0x072da45ff84238c87099aa21c6b2184719707e80c4a715f1cfebb0267a18c16c3167560ff55b9a7c5d30609deb1f0e77_cppui_modular381, - 0x186003ec211c3e6abab26ba6e27de48f6cefb576528c780a97d4facc8156dec281229c551a6746ff652ab282888b7c9d_cppui_modular381), - fq2_value_type( - 0x00b461a33d25a5c64a90abe32b9265dce184400b1ab70fdbc36ff3324ca613e98422247d766f9c8a67558f3257a1271f_cppui_modular381, - 0x051728d4ea553931c3c8a87e776eda82d2f62f63fef88783178fc141849c6cb8146c6850712a40bc5b82a399daedd5bb_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x13ea098057e177102953db1df0589348a6655295006656c06bfa3390c9eb835dc860fa057204307df9150fae29a61f96_cppui_modular381, 0x0f596824e576ab4c4bf8d97558b9dd4fe0fba650a0e50100058656ce90fa84fbe8059bcb33db75f4ea1cfe9551899e46_cppui_modular381), fq2_value_type(0x15ae32b40c56157884f87610c7b23083d19bf1a279ac57bce705be662d90a02566f1606f54fc3a14b80ef68bd10ab4c5_cppui_modular381, 0x1133ea72e53f69fdf916c68b8b6000660191a3c915e87418267df115f6587d612cfe635cfe111c3655c3382ec7c63ff1_cppui_modular381), - fq2_value_type( - 0x0b53e05e2d076ec151848698293e0b1a41b6c1fe5deac89f61fddae1647a2da7c9d239238a481ddeed94e7f06f3189b9_cppui_modular381, - 0x0ab2513c0eeeaf4466d6b346688bda400b885efba592f23b4d3d96c5b9d4e87e654954f121a214c74c567612ccda9f49_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x08a6144c53f747e0dda05d35562849d1ec46034bf43f42f8136e9a8ff3c854cfb7dfebb18982c3b6f0407c187b8956d3_cppui_modular381, - 0x13bdcf2ae88835a1b7d972e456a45904fbd08b0093679012bd6ce3f54dd801cac4621fe387067b6d5da937f396eaf608_cppui_modular381), - fq2_value_type( - 0x0504208dbe8a6fc93d1b2ac17418f28daac115b36bf836834bab568ab794bd223ef947d4ca99339efc9f7ad713e0f9f2_cppui_modular381, - 0x0b0a177954d9166485dbd39b41fffaec6d4a43e10f68eb2345d932a06a2a79c38d20c63a5698b0e69249948af41197e5_cppui_modular381), - fq2_value_type( - 0x0f5dfdceb42c403e7b5450b8b9c8b7959a42b4129cb1c6a7bb0b85c27624a577cf077cb5cba6da2bbfba8b3cfb6f41fc_cppui_modular381, - 0x0224e3e4f499afc21fc8c55015c8d186c344866340676f89a3a542990258fa85d5f9dfb869989bf06f630752c5b02ffc_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x046bbd0b03da2b070991eb44cadbd7911ecdfb41790cd99005398bc1255bea324c162ef11083a7eb549d0fa3b36bc728_cppui_modular381, - 0x10907290040d1825884e29638c86ba1a938090d2110c9d68dea715eae9ae733fe802eaf5a5d72d3eac73fa699fcde518_cppui_modular381), - fq2_value_type( - 0x050485ecf55fc524bf10e9845b4bb0138d151aa80a9a65190557d17906fe34b0d182b77ac3aad730a9d2aa51ce9dedca_cppui_modular381, - 0x0dd212f5a44a9b6c29dd0ceb718520f214e1ca05da5970cc8f999226c0000dbf6991770b06549d3927acd1c2b0508d5f_cppui_modular381), - fq2_value_type( - 0x023f3c120d9728a0ab7ebdc2d3e929f757f581449186881d935da1b5128dadc9fe9952b2aa9fb1be2365b94fe8efabdf_cppui_modular381, - 0x10330d931a92ef2971a0268dee6d8012e43c8dced067d9b97bb5c0c5800a75cc8ed18eed9fb17bb957c4e7ac2c165ddb_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x06a098b569741a7a9c7ceb3592229d118ea5bec6b4c152db2d4b2097822a0bef9f8498bfe6bd3a68b88bdbb15ecf46be_cppui_modular381, - 0x0c2ba20d6e83d0bc9bf1e5e71d71fb2f7a29ae232df626f76feb0248d1172f8d99ee77e31aa450b8f8cf3fa3a0b1fe3f_cppui_modular381), - fq2_value_type( - 0x10f9dcced6b992ab5a27396e26393ea1007c1c92feba80e603c5d7bc6f0dffa3f13be85deb938767ef7cbfb7f82a09d4_cppui_modular381, - 0x19f72da9170d935d28c048ada8b806506cd088484b873fe0d88a0298bc6960cda75c1f07779b9fa4f702ec0bdc47e7fc_cppui_modular381), - fq2_value_type( - 0x0084c03e3085f77d751fb5dba32ac67fd5b257f19a448dd54a4339e3cd53e550674b7b745f31ba35297bc64c16af9f66_cppui_modular381, - 0x12c3e1c362125f24761da9b2953cec8bbc742227118f0ad236430882efd27727dbed2f470f996ce2a86055b18933c596_cppui_modular381))))), - std::make_pair(std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x11636ded8a28e71c4ec534b21f25630c4432bee1d8bb4c12589b562390215bd05e0a5d36027b75ea1ebee52fdbd30999_cppui_modular381, - 0x0c91c9c3a2fbc87c918c250e8e690deca092bfbfdaadc545f0a8562c4b41c1ff26e1a998aa8f8cea9823e957f737c95f_cppui_modular381), - fq2_value_type(0x169f54075fe64793c5d28f67f0b3c26ebea2231144cc35ebd998fbe4822b6a7b97238a71c43b070476732c20f59ce8dd_cppui_modular381, - 0x00bdc66235aca5675b415f67e70c1273a5c79325102113546b19c6af66e5d7eb9795aa00eca3d52d6e924df262a854aa_cppui_modular381), - fq2_value_type(0x00085900d93bbff3d2fdca81a7751d7f8ae70b6fa65a401672d1ef36d837182f8405f82fafb6aa1f208e0515f549b113_cppui_modular381, - 0x12c2ca1c15c4a8666cca16f4747cefe67a2a4cf52d05d894868a5789fd326b0c651931aa49286e018099f449cba406bb_cppui_modular381)), - fq6_value_type(fq2_value_type(0x059dcfca66157c202444dabb92d3b07c53b1757fb4c9fc03ba66c0a029a56480a17200b4a7eab1529c56bc2cd734c83d_cppui_modular381, 0x0245c89492eade1b0ea9e38f7c7fc3c4a8c2e6ceca32f8ceab88d98b35d9d03739c7fba4138d84e6c8baadc55643d722_cppui_modular381), - fq2_value_type(0x19cdfe3738f8421b5c3144c21272994a96ebf8efa22dda8a71763ef7e1c8914334a1ef8a8b672334e3f4e35bc0007838_cppui_modular381, - 0x0ddc1d5a912a677505265fb7b89c7c9f297f60dabd29e520349c82f33f54ac8ce28c665ff3b3566f2e959898d9e0872b_cppui_modular381), - fq2_value_type( - 0x16429ddc15224a7a121948f3323f07e2cf5f683f0c0ae73f9407795f964e762db8493b322dc8f27d7a8e585dac935127_cppui_modular381, - 0x15573eecb41236f429b3acafb198ded663407adcf5bfbd6f0f3722000d94993f07ffa373dec967dbdd23351bb2c6fab3_cppui_modular381))), - fq12_value_type(fq6_value_type( - fq2_value_type(0x054120cd7a23cba24c173d8c8e91f98b0d420e9fc2e7ab67dcc5bb5463c3909f3d36353174d7ec3601dcbbeaecd9c8da_cppui_modular381, - 0x11d4c1592365acc081b5f6ff5ae88f4962a7bbf7b9b2504e10853c34c605273a9a08f75fa73516fba4dd096df58722a0_cppui_modular381), - fq2_value_type(0x17f3d78c977530c6828b91967c7d3d5a95b4d7343046f3cd0027e0ce956aeaf8f02392dcc6ea71b29f57385eeae54132_cppui_modular381, - 0x0cc7f4fe8b96076ad89c40a35e070d3f668c0f84f6b5ac7bd715e90b2839ee19694e53187e5777d619bc66cb0de25ba6_cppui_modular381), - fq2_value_type(0x1624650546e8fa3655bb73fd483de18512d5bd10c7207c0a9102ad057515ace8a383b9f56090b4193e153c27758dd45e_cppui_modular381, - 0x191bb4c835e30b15503dc114a605679297f1dfd9f1e54a247889427cd2c5ff7149fff03430e8e20514ae6227b22891b8_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x19dd51662e0c7f3cc3c6bba83586b08af9b7fc0c6b169f1296aadc9c84390edd3541b3112fc4b9c8e1a17924cedb9895_cppui_modular381, - 0x1676fa2cde58c7b32e2c0cdb25c318d2276556bb6751648155f161f4a0f52189b2ed3218dab3a5bbacc6bd0d2a938a8e_cppui_modular381), - fq2_value_type(0x0c37cb4e9ae4913f212e5a051a78a962992d931114dfd59cb82e0564703ce13ea3777a84a674be490a505ec8980bae2b_cppui_modular381, - 0x14f1abb3edae9566a53f67f14f564d4914f3e8e99a036ffc7094085407daefa8156db0cc884c0fb543d52b11a2367918_cppui_modular381), - fq2_value_type( - 0x1433bb62b65c2d2ed30676b1191f7009f13602567dc5c7d3726f1715e5ee4360ebcfb9877453473c2d0a304127ed3078_cppui_modular381, - 0x06e27fb53d7c6935b501a4f5a0a3ea25e4e88d8c8652fbd4a2de2a03ad66a88b28d47dae2fc248ed68ea69b1310ff687_cppui_modular381)))), - std:: - make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x139dd779524372b96bb40c710d1e4c42e5e7eb6c2a24cd985ca0dbc22512d307630fbf129ce1fbc1a5cd4132f696867a_cppui_modular381, - 0x0c0d8dcb348d44a162f1f91c4934ba484b0f89c030795fe8fcdc5aaa5c449b27852a001f2932997f001dca6f379a39c6_cppui_modular381), - fq2_value_type( - 0x014a092244795b1a4574bcf8f3f68c138c898a18a7c5fb09b4f6cd5ef92465f3d2731d6eefe4f0e6e434fb7f9e797826_cppui_modular381, - 0x01c26d6c33619e83ef214d95fb64b53888af5f9ab7d8500a3ba7453bfb8373c0ac338b1f61604adc55916266470b143f_cppui_modular381), - fq2_value_type( - 0x032a40e66f3eb3219a88322cc1a672d0a4bab7688665a8cf5629a8ceeaec151cc69c5381ca841f7371716c72a8755720_cppui_modular381, - 0x144b384eb544fdb22bdacb0f548126a0108da553e2b264edf5e7fe018107568e393edc9e64ca8896dc27a1ca1c7c575c_cppui_modular381)), - fq6_value_type(fq2_value_type(0x10284f4e83f16439adaed1efddb79fe9d280885a0cded5eb5940d93dcfbe318bdd8fb56e69c98e6f8232d3c3d2f59d3e_cppui_modular381, 0x058422d0b4fe6eb5752561a91e4a8960b1ffc667a65a2c18f31684772c8e65b594b4b8687831c2aa6e716722b3050765_cppui_modular381), - fq2_value_type( - 0x0e66d58687e71d2e0741cda1c8df641415356a394764eef69e0cefc3cde2b820a8d816efe9012ff57b8d2c9926deae32_cppui_modular381, - 0x01c913beb56011f4d41bc05222350fac1b77710ed11cc693ee02c9617feab15cd250ffb213a14d7c3097d53e61679a66_cppui_modular381), - fq2_value_type( - 0x17be5d11bd2aa3e0da7d4c77e11a54420379a0eb9c2a2db42d9f14904b4a8d896274fdeb00178698e62a5cd4ad85af82_cppui_modular381, - 0x07a35d77b81022ce61d03549895bd181892994ec28bf07e9fa33c84c541aec0ce0b92bcd5c964b0e97920826c01a702f_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x098460d358cd4b4776d0b962b3e23cfd338e2dca66afbab837f90f4cf5072c8d3fbc97b5d78d6a039024ed85b9afa60d_cppui_modular381, - 0x0abab264807f67f1b0fa283237868a6d9b4735cd93d00a93b4b8f15dc8a274ded9e1767e13083257659a8af19b4bf0fe_cppui_modular381), - fq2_value_type( - 0x13d0fcc3fb0a3d4398948986824ec71d9596c4f9b11f39be8c3eeed668aa3451646f68abf92ccc94ea6f2d33764de96f_cppui_modular381, - 0x077907e13946c298451b4c624015e5e18f0cdfa6b7bed500500d2e6fe6016b787eee7ad8d464bc775439c676fc5c8d49_cppui_modular381), - fq2_value_type( - 0x06cd66c7dfa70c5c11a1ca5ff0b00a62c01eea92a4c7efc5ffa2f0946cc7dd82688fcbc1a3d91121ae369b4040912356_cppui_modular381, - 0x19686988bad7e7a7fee0394a719fb135a6256d832999c3325af45fb6877c6a9e452aa4c33d738e0e43d239cfe81f030d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x10c632bd0a49755d7f3cb392d7528be8e535c1eaa78b6320d58884dfc9d04bf8065a18554ccb3f9b078d81b47d28b598_cppui_modular381, - 0x166b6c5bbc7deada98cd1aa096101b2a0c3da0e75480fb633d9188fcc086888e49dd1b6c286c62bf5eebf6e4d4d61930_cppui_modular381), - fq2_value_type( - 0x17da0b5e7c2cbf59d5acd35d8be5d6afa323e9f3ef1032de53da1896db56414084549fcd878ede90aad2b2312f2d7935_cppui_modular381, - 0x08eeedbfc0d9fe50e3f36077e4a1939afe6d67029f790168c3e1e765537556fee20fb4a2e91ee990e6a5fcc8ac968926_cppui_modular381), - fq2_value_type( - 0x026c536d1017d9a222e82b13694ae8152197a2a93150735b3e237dee99f0676ad7c6b664b3ea3550ff475ca67447af69_cppui_modular381, - 0x0efa39882816548d60cacb966d2f6f03c67c22a00b5a9bce42f80cd908bf18b9fe3789c1e9a1d1b3a0a65879db02fe13_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> tmipp_gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x09f4196e5ae2e24dfe000ebbfb373dd2d1130818db01c12d9890116da1dcac5ad7ec510915864d0ed84ec83ba7b1a158_cppui_modular381, - 0x14de7a792c6b1158a5e9f6d5046deadfa470e60fddb34af053c87ca6bdac8434460576e37388a1c56484cae823d7aad7_cppui_modular381), - fq2_value_type( - 0x111940a5cc516a7e4fd66fbd45d16d3d8b7dde9e8114d23b8a3efd3fa7f73e2c53c665159b4a17a4a3e6cac41c41c9a6_cppui_modular381, - 0x13f219ab7e4079c7106a11c1e43b2430984550c58dde716aa134190e08457148e05f90eef95111563baf83b62d92afec_cppui_modular381), - fq2_value_type( - 0x030571df0bf5ae3f7c2c9fe15a6270a9440f0458199e3c0764786107d8aa655b354d3d94f2bd2deec142b1530d7d8601_cppui_modular381, - 0x14a5d24e21b7fd584b06157b0238e0c915741da0ce5d7f1b8ded8ea3ef095728526032cbe5617898b6cb442aba10c336_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x09898cc2590f8ac7e5ad06605ab0189a5c0f3062b5435e56c0838c21e1ea829007a3287ce5dbafcfefa1b1b00eca1add_cppui_modular381, - 0x15f8f007599f868959d30e9dc60a91a91d656061b4e4f2f04d16153d0ef87cefda97dc162647ef6649770f159c1466aa_cppui_modular381), - fq2_value_type( - 0x1388393e62471d3c4fef1900bc647fca273c9601a2022219e4216064f5ec54268592393d4503be7c177240e21939d4b7_cppui_modular381, - 0x0cb19a28e448e5da5895f6ff4f877516fed83f35f407abe9d61a3f0733064fbd023362d6765fc606fc9ae0b42b94532b_cppui_modular381), - fq2_value_type( - 0x17fb7388c421bc5e460c6aff8371c1227d0188623f61772515728d4f5c48bcad0b0b1f81c7942402b8f928dfbd1a7294_cppui_modular381, - 0x1421a05bfa57e1c5bd5520639e7873b2569d2d8e303cee2bcd440c43fb0abb1b8b108ef08b5577580900ca416da1dbca_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0b67fc0d3f5bbc594403484f779e7bd896c40657f350f2ef724d8c68e241a7d08cc44be605fff1d0029ced4b8b16a440_cppui_modular381, - 0x07c10e44fe5a3830bc66cdbd1f68a05f4577c0573e9c35b971cb12e29a252e74700675c1bf78b8972778cbfc616bd23e_cppui_modular381), - fq2_value_type( - 0x19ce14ac8760d6793118657e9a7ea6cf0de196e4b946620679c26bb98e02ab127aacf1d888c0869bb1f3cefb0f11c80a_cppui_modular381, - 0x027115e304b98412aad798e2ae349dd5ce8e2266b2c721f176d18432be33c797906cce7e580d4faf1ca60e5f3e663ccb_cppui_modular381), - fq2_value_type( - 0x0fecf76d39d4802ca84e46c94b6594e4adff883f4896e0b55527c71f8890d9303f8b60dca0af65596ea24cbe29bfae6b_cppui_modular381, - 0x16fb5d3895c99229e7bca49b1fa6054da54db05956230a26b4d6d2cc3d0162cd2b1fed8d94f4a38ab0e9ec1474371b78_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x14bb5e5db3e3a76eb33ca772a7568e2ea7ff0494a15aae69671b9d72482934bb586c682d9c8eb38bae7cbfc321a510d5_cppui_modular381, - 0x126e98654f3498d48d67dac2e77c213a2fd2e3e7130ac61380b1f9d7fc50bd3519065a6a2e05031ee3233b463e50a279_cppui_modular381), - fq2_value_type( - 0x06589e8cc2998b1d5d978d52c9b2f8f974fba419616ad0c1e0d70542369f1a8fa986a673668f3e79f689b72e0ecdbff3_cppui_modular381, - 0x0287a86cda9734c1488fecbc77bdb9e75f4cceed6309ba9f0dbcd2c030e0bcc938615f9692e7d75f78620e5763d9c544_cppui_modular381), - fq2_value_type( - 0x137ac65166ec0f5cb4a5b49d75eef67353e772810d1f6bf187c249e775b2cf73de73c62b7db7c9587cf1e88e29dfb399_cppui_modular381, - 0x0fdd37ee79d99c19131540ad796e0ae9d1cf23e4adf0887327fe3691c1873319556b0a48a563760d2d1f07ad58355845_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1705512e571e8ecb125eb2fe3aae8c9687031b48c3c20ff55aeecb5566264dcdc9f847590dcabc63b3fd80e7b664e37e_cppui_modular381, - 0x0d2d947c1edb3c2b4965cfbca6f8731ded8a1a86b2adc93b2c42111c1c5fb0baee6d2fd53518f438bc4dbb53753bbb5b_cppui_modular381), - fq2_value_type( - 0x17631dd1eb74351ccd9232560e2c4620a568fea30dd06febe64be841358ccfa0c14301b42eeefaa3b9abb1f2e6cd602b_cppui_modular381, - 0x09387fdd8f7c6bbf3795899dce1c511dad8d51412423ba7e6ddcbf90f55a3080c5ca5aa1fd02354ec52e0ba830d4a1f6_cppui_modular381), - fq2_value_type( - 0x10b14c1504e1f3ced02f2887caf96c430363ba43332bfe05268ac007888eaae478077d04807fa2ab55482a0e1b595dff_cppui_modular381, - 0x0a100ee70649187d6904f4273bde81ea0ea2568774e29290182f2bf4f0b38b4cfd70d2abcea88fa019ef6f6ea426e8ac_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c7a04b4c0e509031426f583d9fdec0260898043037f25efd98a2d0b9574d85cffbeece20acac69f0d12afed3549efe0_cppui_modular381, - 0x08eb58319046ed71343b59c5a9380e518d5ddedfc29d60df7b1e83c106553a4e760886830562769509ff28977d350222_cppui_modular381), - fq2_value_type( - 0x0f38b984a1d6a982a6bd14b05baff37b25a485d532f80dd9482f0441a859e25d06a4ef86278c1d9267374e79471c76cc_cppui_modular381, - 0x0c3a608aca392192523f2ef59f61240f205f996ee983620b48fce06a5e0038bcf3ee2f4de7f5f6a7abf07d214a247753_cppui_modular381), - fq2_value_type( - 0x14b5438c6b9e8766205d79e25e772874c3e884ce7510da9f436e71b698052ef4fba99f8c2deb1040357ef92300ac471a_cppui_modular381, - 0x17528aab1d4b1391e0b09bb557a54dd2822488b35386ec0039b906789770345c0b6aa21bd274ffbf52954ce7a923b079_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0ed9437cd41d4831c5c2473917ffab0f6fa9d5d21aff666957b767a708bf370c1bdc46d7499e8b95ff5ae539205db5a0_cppui_modular381, - 0x11c87e7a6b21b4d8217bb251a83a1b88250a38d683754ee48d7a9476aad2b534efac8e8b6fde8fa19c2152b00fd71e50_cppui_modular381), - fq2_value_type( - 0x036233bf470a563a58af26ec791ddb6c361581cb94c36ceb289423874beb134c2b7a621cb42cfc213a14d3fd65c5f756_cppui_modular381, - 0x07d57a65d13f8ab324412e5207cfd82c137a110d343a7cdf3e40dbced712d9f8a0b641687567fa050bef53723e9db79a_cppui_modular381), - fq2_value_type( - 0x06bc9b70e5378a8e2e516177b9e7470e62d25278e467b6f8f2d2098c22c257c0236e041290e0cd3c721d2f77b3fafaea_cppui_modular381, - 0x054a3abd24deb9dad6f039af6991fe9efe6d3f93b408b1e1069de1551bb38fafb87268a85251d336c4ef002b82d172fc_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1705aa4618891aa01d9f5be3e34283b62ebe65ab370c001a26a3794ba41baa212d7c6e8f4609bebeb2fa59ed5a33bf3e_cppui_modular381, - 0x065a85de96adf5d8fbf9d41cb0195dffb0a8f8e030f545ac76c84e5578c0fd07935fc8cc8e3b534ec4cfb2e7dede08a6_cppui_modular381), - fq2_value_type( - 0x139f33cf02359f4c69ae705f7366b558ca01c16105c7ad5d17aae0eb59cc68634ada7ed201ce356d39bf82377ccfc584_cppui_modular381, - 0x17a05fe4f3a5397f715935db724d8ddff01051af8aa1c2533753362661fec5bf5f6e8e98e738ef6becef63f369f07e54_cppui_modular381), - fq2_value_type( - 0x14343543b4fb41c39d049271e38862026e9293ee8e20128cb08948360c619e3da1bb20839cd0d5584125ab2769c7d5f7_cppui_modular381, - 0x074233b64e29ccead63272bdab4278c477b7efcc4b887489233514afed0c29c366793c6510583559830f3f6fed4fce7b_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x065c53c8bb2d00ab09f63c46667109ea047795a4841e182d78702a19ba24d6682be7ef14a32ca7c72de3b3d2345a7b62_cppui_modular381, 0x0c18af9af392dcba801c52ed2766ddf818a004043f0a03e2fb0488fa5eeb357fd1482435fedd320d30f6b960e6ab622d_cppui_modular381), fq2_value_type(0x190e5e7819701a8d6775478762b6fcac09ae5d38c06e6af811c239bd31292b178d61fb07eb06f0802249e7dc6ecbde40_cppui_modular381, 0x044ed5531d7f469506a2213c48ec0cc5994a4fb0a4d7f7b8a7f0c1348dd404e73455230be575cd09d8f87887adb4b302_cppui_modular381), fq2_value_type(0x18cb61c96a086bdd8702850569c4b6f54838a0ff7e4684982b45d432066bb7cd5b8a5125b12fb40bea1eaa91f7593b90_cppui_modular381, 0x093d1e653c01ee68412487b57bfffcebdfa50a283ff326b7b1427a3e8306149ad1a40e5b895677af0cb21d85e37224bf_cppui_modular381)), fq6_value_type(fq2_value_type(0x00cc706b671d7c653d3331f2e68e79e02ed8f7e295a621ff02ca1d7761f71505dc618839a43eb1cbc56d3b4001a1d223_cppui_modular381, - 0x0870acf52b08530c66f9fea0719e4211c80f5ec1100ff81a602cc5966fdb5f86f8d3b8927a2c1c80168914b5e964f594_cppui_modular381), - fq2_value_type( - 0x118c2f64ff95809c89324ea1f21065e2bec3aee1f01dbd4a858421047b3d63829e8fffa3c221339d16604c31a0e6743c_cppui_modular381, 0x11bbc2ca511d06409053b7395f071bcb8bcd80089a788d89a9e1fdf20b51cf7312ba49a58dbb68e6b53b92a9bbce6aa7_cppui_modular381), - fq2_value_type(0x16e56dab60ef746c48be6f98632b8aad24859c6de9deeb20dd2092a9134d9018018bea2f4ba3da11d530aa880953623f_cppui_modular381, - 0x132930a777cbac72c382dc6b7bbc32b0a3d05a524a34f6793bf1f469f65f67fc8a691e0bf7591f69761c7bc734076431_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x09d054960da1dc78f70ab3b71e7b6248aca47ef6004b9987ffc3513153158d52279122d9d79d395008bc4a989f95b08f_cppui_modular381, 0x02fc878bbcb5ba839a1da397c8be9a2498f05589cd8356479d38c759a1cf5d6e19100e96be647d286b5dacf230fb1e25_cppui_modular381), fq2_value_type(0x0574ab4c1cf1301e852dacbfba1e68f060ef334b3028004a8e07c173a7a54202733ab74a027771e6c0132529120667f6_cppui_modular381, 0x04c368e41be1ce332b22ec693ec99a655b4b44b9ac37fa4f026cb11ac96c624706ba32a7f91c338f4ad36ef22ba8c40f_cppui_modular381), fq2_value_type(0x13e1454fe720bf84b1246b1494f7a9a955fbfd53638e3c145746d9039602a6230ffa40fd4c8adf8c0c8ca52edc9bc8c0_cppui_modular381, 0x1262649c45b556f477d46268d923cf9da7900198732d9ab6c397a56ee84410292e95a3bd5d3ef158ff6feafbea8b4e80_cppui_modular381)), - fq6_value_type(fq2_value_type(0x13eecab13e389bdac3ea5f3ad660bd13b069294d774666016ca143d4dd7c6ef223a8f24980a4138fb56df14855d2b841_cppui_modular381, - 0x0904cb4c080295575d8ccea88f58ca71d7aa177aa262cc7cc90ec93803b0d0f87c5f50c7cf2e2e689a05c01e01442c20_cppui_modular381), - fq2_value_type(0x15afe840115b621cd48b62a452624434d6a924068fad122dd2231bcdd79fe587ade17326d2de85adfa029e22f650626b_cppui_modular381, - 0x00b075566e5f148600de3378500290a56f0801ea60aadbb7f72ac1db6ef782b051bf30e5634dd24314d786b973aeb4b6_cppui_modular381), - fq2_value_type( - 0x1170814f8f7eae5d20c9c8dffda1c2ec24f2807e15a5faf1f41e5f43d0a3889dd36253e78c4f50e6a2c8225d6a58a578_cppui_modular381, - 0x0b583ca36821e66912297faacd31b0e42b265fde9adfd77a77e95949e1f5cdb8c4eb3519b95d97af4032bd6d41ef658a_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x0f001de8a7441bc29a89d1f301393a8ad9d79a6bb04e42ec218080dae1a02067b7e0c750a74f1b5519b82b286ea4d399_cppui_modular381, 0x02d6142af5ab4fb87d72597a5c16129310ca3c2e7663152ea2ed7362f7b03b9b30ee53f14a2a4f4147e5a6c12ff4d592_cppui_modular381), fq2_value_type(0x0ed1e2ca47b6d98a6859091d2e1fd80eb818111c27895d081041179503cac79bd98404e5ba35f16fb2599a819b1b8ba9_cppui_modular381, 0x0bea9231f17bf581f6d99ba3987b6185672b5b234640f1e3924e304024f1d6601c967dbda2aec476e707253827bb5116_cppui_modular381), - fq2_value_type( - 0x0b6c1792d51fe5f629d0ce4d37bf0cf1fd58403176e954ea2185718f0cb3345fa3bb31e3a5ec02c2f28cd21bc455a10c_cppui_modular381, - 0x05eb00868c5ba82c90dccc2566dcd04ea6823b2fdcb6c8558311ca877a0ebaa81f37ace1bdf92888228514f9547375fb_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x097ec801438ec91ca846d43989032090cc834a16dd8e8135a2a7fd967614d2db317c1103796f3e642fb2b583d7910d17_cppui_modular381, - 0x0a1ab47a0aced870e88e303aa69b476c77b122097a80f4263fabeb7148a82213a9cb2f0bf3d44dbebd221f86cbf94f53_cppui_modular381), - fq2_value_type( - 0x01ae6fb57afe6ab624aa7914d01a977423c3d06443c5385c9393cdb39dda4679ea5325942b3500daa109b0a498d0ccf2_cppui_modular381, - 0x06b0111ecac88f941693004d7441bdb3bf23edd1900aa410f9b63d53f5c7fa8f1f67024bf90323b1c94210405b4428f8_cppui_modular381), - fq2_value_type( - 0x0203d66d40255e2ef0bfec90f98f0cd2f41f3643ec4bb745f076d0df0872ad1ddb10dfdb6b571f3ae2f1646ad7675e89_cppui_modular381, - 0x18462d3e3388c7572cdeea8554f2690f6e6fc01a730a7a0c3cbd1fc9fc7e7820e02b133ccc25f4ae001e38a9723e0dd6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17e64c84bdb951d8610a11c36afd498eae03f1ff2deb07af060308bd13fac15f3c93972ead4f9465511a9353abc74bff_cppui_modular381, - 0x06023d577ed8176cc07f0a71ca9301bd3f8a272bf57f8743f38f5a881690cb64e0abe39a7dbf92ab867bdcd8bee38a07_cppui_modular381), - fq2_value_type( - 0x190abfe96bcf146f23a5f69692adcb08eeb9582e6fea485c803896ebd43aa32037990f6c8db4543a3003b41865de72b4_cppui_modular381, - 0x12d70b88af84f46199575d76c4975ad01b0f2f14d5359f9ca1812825b63268a2f93973477168fbb9401d93dd056438c0_cppui_modular381), - fq2_value_type( - 0x0a95071995132ed8129baa5cd0e0d5033c57213ea02827e4158f240426313e2adb093cd9fbad4c610ea78d1b8e430700_cppui_modular381, - 0x0a7f8d785f9323bd36551956fffb0a4c764a1caf5ee2d16663ca009426f0f858cace48d7707e6a15c2485ccf595e2c47_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x197ef60f5da19de3533cfba4a261344a370a42da6975c4fc17b73df4720ac108715f99aa14c3a78381d6be6f7045cd11_cppui_modular381, - 0x14e0109d23522f6618913029c48c83a414ba85e32978c4a094b36340d285259545184260186b11d7b4e4bb191ccc43cd_cppui_modular381), - fq2_value_type( - 0x0e306b73a44d4a6b6d5e45eba86bb5d4031e9de27273e882a524865c002f148853b2564efabcc739fe0e71ffbfefa29d_cppui_modular381, - 0x10c97d18145539741bb9d0b36f650f30bed5190a21f1182732aa4aebd33c0a195e9618ed4c616efc0da61eaf1faa39b6_cppui_modular381), - fq2_value_type( - 0x121e85ea553fe3018a374e40b87c1bd32bbe434e9446a39280e893fb53736f9530981ef82f1516070a2d8e6c08eab3de_cppui_modular381, - 0x118bcdb4b1ca527cf3f3a8335bb5a3e7d4b43791ca571faf06ec3a0c1c06c0a21406ed766a351b6c7c30aa8ae3fbb66c_cppui_modular381))))), - std::make_pair(std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x1053078f1dca8e21e67fe990ca54774c754b6605b533901da5377081e633901fb178565b6d036b84c1d23d4e354dadde_cppui_modular381, - 0x0c91dd3b91b97f40f99a9f95bbf03d31121923fc3b193a9cfb46b6dbab75f24d979949766d2b10174258ac857712ec10_cppui_modular381), - fq2_value_type(0x169835fd43016616b9d5db2d23008087af11813e0e50323bf79e162bde4c860fd54d58ea967cf76d9d8426edc4cbabf1_cppui_modular381, - 0x01ee0bee5d0568528bfb0fcd790c612d1195c471959efa3906e1b84234ef587e0f26a433903111d0b9b7b9a6a2bbfbb4_cppui_modular381), - fq2_value_type(0x0e1a09e26aa899cc835f78c64cb352bc228aaf929580c271e7267f32d09a6ab22c4ee7f0552c4d1740f451b50527bc99_cppui_modular381, - 0x0b92de9fe153181a64ce45b4f39f9d0410804a7033980d1afbcda61749cb1db9c4105f6d87be656206482ec9e3bc9b90_cppui_modular381)), - fq6_value_type(fq2_value_type(0x08b6d38903d92c1176c0cb915eaf65879a2a4090feb19633ebdec3c0dcaebfda97270dd6b5e9ba44b6bd1c825d96bafd_cppui_modular381, 0x1743bdbfc16ca5ce00e39ed450b699fbed1f004ab75e54c93453a4efd05a6ca7c1a8e3611ead74eab2de1bcf6404efa6_cppui_modular381), - fq2_value_type(0x0d422eee5db5c6e1423bdec571c86de52773534b2ddd9db1fbaa5d8780df33c5a7980ae29424e403fb4346afbd3fdb01_cppui_modular381, - 0x033400c16e3244bc253b5fad70a4e47ce42e7e66488c95fee14949bd91dd6eaf8f4e8cb222a9498c91b287d9bc8e8090_cppui_modular381), - fq2_value_type( - 0x12df9a4a429e18c8207df99fadc5468f14e1579450b09f0f55443172ef8fb70e19ee2fa41382c8f07c51cd73c9e4cc21_cppui_modular381, - 0x0e484ecea089099176261b39c34cdae1c974cb85ea72cf9f4ff0886714e670e49edcbbc9fd660d50252f11a3c1d4c47c_cppui_modular381))), - fq12_value_type(fq6_value_type( - fq2_value_type(0x14e63b2a67a07cc1cec73cea0848c87831f586309e5b345c825064d9243f16f193b899f50d545260789fd94219e54962_cppui_modular381, - 0x15df4b4c4343a68a6d1631e4397e3fbae05eca8d06ae3e15d1bad2009a62be02075e8212cb4595c0b834c03c88c7d552_cppui_modular381), - fq2_value_type(0x1565b0b60d7cc06526efd367a2ef636bed8f3a4eef2b30d60ae69380884ad57fa3593dc731b42d3a00a57612c672a151_cppui_modular381, - 0x0927d3f23c726fa6ba32ebe6a84c9b43ce50da0e59011c7a985ac202ad4101f8eda538e9643e6886cefaee1255e99c9f_cppui_modular381), - fq2_value_type(0x16c144ddc9330f07c33466ba7f8a5693345b4ab95d1d05e6ebcc80276f69a2602083b03919f8b322ae093dad48376591_cppui_modular381, - 0x085bb6feaf972bdf812f01aad6e300b16686bdf2d51018d75c869fb053ef1b47de05177d21d13b8bc933d2a1d2301dd1_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x02aa6d7498c5b2115b8f21fe01807da31d427695db8493e9ec4d4642aba78078da80271ff90e7ac8632d497a7ec761db_cppui_modular381, - 0x124802596e462913a38781a89c6a8c3849b93b8449f9d1a4586405111fd6c53b23376929d0f1f1dd4ac0ace302520b7a_cppui_modular381), - fq2_value_type(0x0ed4b7f92b0f555191007e6c1617bc67a6bce2526066db8002160867c7418581e95282c748506b26343b1d7aed0c3afa_cppui_modular381, - 0x13e6dcbffd190514c7b02d14a26af791e52d4fce9ac40938799d4369f2f6eb5e9e72ff9cbaed6abb1c045440beb90715_cppui_modular381), - fq2_value_type( - 0x14d7722b78d34b909c11b7081131deb6c07f54abe62ae64d238ad11c1ac93fd44e54c1837511954c79fdd4b14b091a06_cppui_modular381, - 0x0dd13ef3f8a0aa1da902f33132acc4a2380757cbbc076d101dc623e7c87838ecc631f4a67078d4a952eb922f57b1ddee_cppui_modular381)))), - std:: - make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x058af8cf182fab8fa2569d50874a0b459b293cb5ebaf799ea526458f34bdfdac511e19524fdbe0769d7701fc08b0408b_cppui_modular381, - 0x0e4a4a150c2cf7035b84d207c5952523bdec4ec109ac6c5b72e17e427c7f80767d5cf2f5b539edfed61493ab764bd374_cppui_modular381), - fq2_value_type( - 0x11e9adaa91b7925f378de6738411729fd8ba6271c495c5699e0ee9164ae26934e9c7389eeb2bec6dc80b1906e580022c_cppui_modular381, - 0x07403f5ca0015f2a87a07d6c77337952def21a4967cfdfa6c336ea332b2e53cbd58089a3252fc4fa2c69af350e578731_cppui_modular381), - fq2_value_type( - 0x0649b9b12c25e5fe3de854257b60ea8cb92a1356e18895455b70c5929fddf59b34a29018ff12db534a15f3ac86910166_cppui_modular381, - 0x0f7f015596193b076a64e02764b71f7260742039f44909732dc532a8d3c06253a0d58a5c49d7b07c10fe7b156a640fb3_cppui_modular381)), - fq6_value_type(fq2_value_type(0x07421e0e1d8fc614579a562f5e492bdbc55bd13690c5273e7d92f2d556b6a854d1437e1c6ef5817868ff11f7a214859c_cppui_modular381, 0x1864fee6b0258f12ae274f116a97aed6638950162ed7b74f3beb07b89101f9da4779d2cfff9167389d5b537adaa60572_cppui_modular381), - fq2_value_type( - 0x000b81d2287de5264816bbd051ee5f712d4b31ac4bea97b0d416d431c0e330f17266abaab1af0cf609b46ffb3c0e2689_cppui_modular381, - 0x0c340f1d081c98826dd701f095677573ab6b386560312ef5cdc42576d3b1d51a98eeb2110311635c2da267af1a61fe86_cppui_modular381), - fq2_value_type( - 0x0105af3b9a3aca403100ebf814e9a88731cfb6898150a745062f992ee59bf8937d0dcd649abae228eda9c6824860f2da_cppui_modular381, - 0x11d1d034333ee910563031103c771438310196499294d6f95024df0cf0ef2836b6218f1d16e028b6cc49dc3cb93239c1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x031cc0a0e8a10d47a5af87a9bcc167ce5afd34663d8bcceaa4c0324430b37b098b10034479539c42c77377e0963ccf0f_cppui_modular381, - 0x0ebbbc427eaf2cf9b5a57438fcc488b43bc58687e454b37a2fb8d00405e1ac4e3e27cbae2b18ccdec0db732f70c0271c_cppui_modular381), - fq2_value_type( - 0x0789bea4172c8680a5a9643b91da8a91da4f785311cbb4a0692c6fbc5a55725eb57f14b9f325ee494918140b218e6c8f_cppui_modular381, - 0x027912399bb68611e8de6637fe08cb72959f648b1a8ed0f8b7f2a1d4ae4186fd2fa63e80a208cebfb62ce0f3f03ba586_cppui_modular381), - fq2_value_type( - 0x1696e6d6ad196714afc1ff54c47787ac6ad4ccd8cd5410ddc504b2ff97b7db90a5ad2667637f8dad659f015c4f7c9634_cppui_modular381, - 0x09e92342f4f5ac91b15d610a17800633c06e8f80b24cc38aa5585426b3ceeee6a7d0d1fa66918370babc6fa3b81e777b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x15f86d487109455c22d316a69fdfba9b4290c63c2c3486ee2f027efedc981d1e4c41452ae32ae1138644d253772d15d8_cppui_modular381, - 0x16596779de4ede0014d2ffb7b8aed13d7453dc24b28e7fed885e9729c329a3189242bc3500c115ff80f865fe22a825cd_cppui_modular381), - fq2_value_type( - 0x02489f16c8af84e6524ebdcdcad1b549ca7d4aec5d51ed553eac6ab9bf77657733f72efd06fccd56bdc642abc4ed8aef_cppui_modular381, - 0x03d3006b63d70c94feeff2f1546d8b8dd6462a64d2bece1d49ad7fb5d0a101b1306fa73009677440f27328955e69f27f_cppui_modular381), - fq2_value_type( - 0x00d1ef16723ea8a1463a16799acfa4ca141cf843b61e0533a99a8570f229f8d980a907af1f3cbdd2c0e01d9eafd96580_cppui_modular381, - 0x1670c4b5b58fdaaf8c8f8e401188a9c5effc7eabcda654b5758ed681839571ab65d870dbfcafe296a72c8962b9df339f_cppui_modular381))))), - }; - std::vector> tmipp_gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1788826b397708b027ad4d28d617f2bdcfaa4bdd9e8ed558eb0e2793bbc7ca92e161fedb8d7d4e899928edd018b9c4e1_cppui_modular381, - 0x0e5ff5ac95f10e80f0d450459608e81cd8790ded433e89b54b148aba9ee51d3b903c0d6e8151fbda77e080ff0e2ded81_cppui_modular381), - fq2_value_type( - 0x15ab6ecce8f643d8040a160b28a88cc354d0f00a0e36f08d8cf9d0be7498d58049d9efd5a6e1500a847e51b953bb5422_cppui_modular381, - 0x18ace269e554de2b091e1bf93fe6f49943cd8d933a5ff07c44b74a5919b19003096689adfd70d95bb67e76b898e64ded_cppui_modular381), - fq2_value_type( - 0x055d9b8d6422d95ef658133c5c420428757d798ba2a4f3726a966b8f465f1ced397f342835c604b246c1a35f95652ab7_cppui_modular381, - 0x08d481eb22d5099d849fab89cd08a204ebea62645ea16b00a5b186a85272585e9ddcbd17a97fcfae5723ed9eed3ecb73_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13f74e51b80987e58a315930ed5c9bc4ec889b658d7fb1346985335c203ab26e45677cd9f0b270aae0f13579f37dbf0e_cppui_modular381, - 0x154d0f0200afbc37a60263bfaf2113724b5a418ed775d006347fb689f6e1e5bf9994f29525479a8592fe13507bd013a4_cppui_modular381), - fq2_value_type( - 0x0587bcb5d491260467ed5c4b2f61587b4cdcde1f95bd019a44812493a70d43e8973c9f8fe4d3efe5d1357868bbf6a9d3_cppui_modular381, - 0x0aac99645c6315981ac98aa22fcd9e5b793a98e9ad4a4303e3509b838f105af4b76c29fcd27876413cc8a32125414d3a_cppui_modular381), - fq2_value_type( - 0x0fbafed0658844cd1b17a8256243fd52b59ae0301bc2ac7448ce9995b35326a16d9607ec7c6d6df93a139e3fc9775f0e_cppui_modular381, - 0x0d25b354fc9056f541dbbb04557c2bd7c798a104b0532d630ca4a51f479bccfcc7145d1a38358dc4f1c715ed93715969_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0ee181afb0aaee4aff5e1f376ea7d439777d256497e6b2f98f4503ed7cd57511425fae9c35b5f79db8e6cb9b38793895_cppui_modular381, - 0x102537a00e697edaa60b7867d87998739ef9cddfe187457648c0a2be3fd05c92b8ef19329bd7c07c61010965e7bef8a3_cppui_modular381), - fq2_value_type( - 0x15bbf319ef5876460c111365bd6478d7e0c569ebf23a68afc9f877e29760042347e4e4aab02dacc71068b41d8b58910b_cppui_modular381, - 0x187682bad5baab7ae6bfdfd33ef84a0882cbee0980d5369df1538dd0761ed8dcab020fac9a0a4c5a027ad89f4eea5db7_cppui_modular381), - fq2_value_type( - 0x057142517f230eaa05b21cb517f67b5317ae73ae2944a904f64f888239fe63488fe5c657cbb56f3b5d1f2dc678e49200_cppui_modular381, - 0x101ad09dcdb181b32a1cd4f24d24dcc01978170243650e64d53b838fd828ef5e8bdbd0a9406323cb14cb29a0b787797f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1299f190879a96636bde6755bd4d9f45904273b95637c4188ef3aad491d90561ce2d3d79d0598314f462e46fa0631ab4_cppui_modular381, - 0x1546ca2af0e225be968677ca9fdfccce7f94f2a235ad79f881da67f8e38ee2b01114c52ed579a69ecde37e7517baee53_cppui_modular381), - fq2_value_type( - 0x10f2b3b749f94880c47b7f1d7025f2309da774aed1ae8a9736867fbb681de22e825e275f242691151018103797399948_cppui_modular381, - 0x04e5051ccfaff5b87864f3917a92f5ab654d35ed7d2b5834ce01d3854dbb64e627126a0d3ffc56f1a504c41bd8f90d3e_cppui_modular381), - fq2_value_type( - 0x194ceb66c0592dfa69c1dcae1947acd98a2b215c89e66ceb16a20857659e66969e81b1b783e6e55d17d516e331ed22b6_cppui_modular381, - 0x1063386db2d0ecab4c52fa3a83dcc07afde71e86c78acc6a92c389ca5c0c01b2842e79dfa789ae4e35e5ffa2ae8d07cd_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x19f1b8f6a03682198c18c32d747a03b8a5c7173db2f0ac69b9ad0b26a9bbd9dcef06982d7840e13adec3bb15b2acd77b_cppui_modular381, - 0x0362cdc0b3cbfd077c832bb0684852a2271566a527d885aff8f862250bda230c4b718e26c9d529cf08e5f04f7821ee22_cppui_modular381), - fq2_value_type( - 0x067b9cfd9837da2315f4d32c965795dc07055b467ff7b4b498bc2da512e08f9f2a4d80c1e9e3f89bd0b68c6cf396fce2_cppui_modular381, - 0x00f4d1b975803f0fd15afcb9d4514f48c742f46a81179e22cdfc307080491decce0a4c55cea84f035f01477ac524c83d_cppui_modular381), - fq2_value_type( - 0x0b1005b2726ba6a30a8eec37063adf03297426314949fe267d9bcd4d7b6930185c796549c4e11521210b95303e1e3e7e_cppui_modular381, - 0x0dec864d963f23f563b7c727416b5deb27f261fc5ac3c4c4332fd780d8dfe5259b92e63084eea41c7298d8e69e8d1b58_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03ecd0c7506029ae473df06e8f59b5786c630fdee5ccea677b8d005f238e8ee7e573152f9bf6ef1118dfdf11e7eabce0_cppui_modular381, - 0x053fb1d22d4f000da162d6eaae60baacf9edd626f32ed54f4fe8aaa6d795e7b5a336053aeb9c5f2781fe431a1822af6d_cppui_modular381), - fq2_value_type( - 0x00ecd51b11a1936147fd612794c814c53645c40d5b860147e25b4bb26ea1b32be947e07f4d19b267927cbc3e4321c983_cppui_modular381, - 0x11698628d730b5fda5250785c26a713e4361ba83eb2b2f9a49887ff066ff734584d944e69de4fd369de68bb9d3eb4ee2_cppui_modular381), - fq2_value_type( - 0x0e78b84c59a06e355d0116d97e014d75abdffcd2e3946b09aa4975009e885f05236d5a75c2394268aefa7c6e08caa355_cppui_modular381, - 0x0cede1aa5ee65400cc2ef30b083d6c5ebc83a36f1f9deec661fa5be68449f6e0a90fbeb32a593e717005cd6d697dde29_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x00b9d9899882ac57445b4fd07aa9113723698350de68efdbf08bc4a17c1ab319eeb46f55fcf7ff1b3033ca6085a148a1_cppui_modular381, - 0x0c0767b8cf8ec11100b904c4a2baf6f71e829c5d83b6f52bd8f240601289a660e3de419b28c87261a6d465501b573a56_cppui_modular381), - fq2_value_type( - 0x16648e296b016c5eadca4dc03b086b6a2f16615403294c57fa286127a91c86bb74324469f7f697f04710a35554a1144f_cppui_modular381, - 0x03ce35154d47de78f16948738ec1a850560a45f7859115a7bc5d607f0e3e0375bbd2fb164d97727e4f0660f77e16b285_cppui_modular381), - fq2_value_type( - 0x05670a4100105a09ea4a3879b609c1f02c40389387fb51db854e96dd09f6fe824adc5a9800e57125b370dd88c977bc4f_cppui_modular381, - 0x0e5297f8542edcd18e561849c30260f15b3e36fee82788d7335c541830b306f310a2f70d1c2e878e77382539cbd9517f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x054a2b51d150e6b86e426c1a7e95d9021ca8b4a2d53ab47d63e7d00025e08c2d6be0edc38c1ba4bf8e59d3bc357703b8_cppui_modular381, - 0x01ccb39c94290487328c84c999282375fe6b8d6eef862f172632a4d0d783bc37f93ed34f27408dfa7be6e5bff81cd2a2_cppui_modular381), - fq2_value_type( - 0x09cd6ca365331fd71323c6ac8d7a12617e44b8db043de286a7204a193eda47a6e1065c309331e4c2a2086f4ae12f2072_cppui_modular381, - 0x0817fd81a8a38b28f665384fd7d4ca01dd970bc051bd85d58496066d4e54f94acbbe91eaaecd76866cb5ef7425329d05_cppui_modular381), - fq2_value_type( - 0x1021a266ddc09f5473e7196124facc398887d22c93c1a84ee3df8f344fca760c5173d90907748247c75780f94f90d84d_cppui_modular381, - 0x1775fdad6cf55f9ddb48e6431d78c20b486e3ca59e6bf413e69537b481c7256032614909994d81242a1a695c1b6338d3_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18ee977c47aaf6c7aa71fd4ec4749f06ac3d86b55f7780ebe01e5c4a7616ebf4c114a8302df791846664fa7fe6b728b5_cppui_modular381, - 0x185a9a9659ce8843bc69bd59bf5ea40315988e571e5e75e36e1de11c2580e817cbd17bece84808d93d4cf299d01c5558_cppui_modular381), - fq2_value_type( - 0x012a219116e33dca6b7d516b23c516af99adb29cba5f82502c8d47576a0b3743c13ad830f20eb7c95d9856e2e0160a74_cppui_modular381, - 0x0cdc20a4d7c82ba9aadb2b5c41f679552850085a647a1ed289bbdd0b6fee2e723bf480d01fb07d8bcf8fec808d4d0b82_cppui_modular381), - fq2_value_type( - 0x01a064f407c42c4e6e7bbea5ca84fb7d31b41c544de4d0f4388ae1dd187bedf9832d8f825fefcdc5879b529f09a3e316_cppui_modular381, - 0x01c039f12535c58c2027c98c8149b1129a79c97619b3322b6fe53e34ecfb5aa2164f76853fb70aa060ce67c45fffa171_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x129272e1918dd4d038abf0fb5e2a13eb477f8fb0f5bdc4c5c009dbe8138465d0cded85dff4643e5045d6e53ee58e13a5_cppui_modular381, - 0x03d8d0af65c0111006cbd7399dc49a81f9ada13bc011f00e91708ecb2cf7dfaa87497a276c8d1a776e66f6b90e9454b5_cppui_modular381), - fq2_value_type( - 0x0158aa9b2d41dc421c8d553f14d77b1d503ecc700e356d75e2b510befee0029e95bc7838b9052b4d384ec3b4987942e6_cppui_modular381, - 0x02b6904c900007171f8274ed1382b580ba0459943d4c15159de7903015646e2ad0a0f91444a14809e85814838bf00d0e_cppui_modular381), - fq2_value_type( - 0x02bafeed0e1601f550b530d54ff29e27552e0b4acbcfe39eb41bca4ec454f9715c46bde3ca3cb487a572a86935842fcc_cppui_modular381, - 0x0194e79042c4789500202f452044650548ad37a0ace43425077acc28d6088f18c2071d99c05f931927809ad7ca03fe45_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x07eba3209bfb8059d8604e4fb9a3ea478890c8113149b2a3ac4770a84ab4315a776898cf519e1007d12c60ccab74972a_cppui_modular381, - 0x0096524ffe899fe8d59a67c82c48053b143b04917ddbf641db69af9e6bc11fee79eaed26feaec287fbbe43e1a5bb6606_cppui_modular381), - fq2_value_type( - 0x0865b3f04c25310c3149a10592590dfb8c4f491cd0d591c2bda301382ab63eaf30ef40d9c25ff82d6df4fb76b2290368_cppui_modular381, - 0x0d21f1d9cb8a13f4bf2bac4a933ff68ebafdc7c7665ebad1b81c25d3231fd7a5031c41204179b1354f609bd2c64342e7_cppui_modular381), - fq2_value_type( - 0x10aac69f15f1646f9fc9debdedec7809af6e4b579bda5a5e6fde058978e0454ecf73dc1f77711b34b5a387492e8984ba_cppui_modular381, - 0x168c2d2dd49610e45214c1d8b3ba55742b4db11fbec779d392211bd55af7134b829f83f93ab4168e1021e55e38030760_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x01939b04d9752ed9e012b11779539e4f0276daf50ff98b4ce4d9a7cd5df8aeede11f066449ae85791b0dbf50dc794a4d_cppui_modular381, - 0x18a22969a75c5d48f40ccd4514ca07a87879c4e56137526dd02ef9d87199f428535d7e8941b6bfa33be9b2f89441e4ca_cppui_modular381), - fq2_value_type( - 0x0bac1b4ee539a7b05fb986b9090fa8be89aa150b920f19dfa952cce6d6151a0d059a022c81987ae926e7303690d35c7e_cppui_modular381, - 0x002b80e78965bc2461a33e9ce8b54a8a2b0f019927dd47b06b8fd3cd56124a0c94cbbc70046cb124477f61bdfdee9809_cppui_modular381), - fq2_value_type( - 0x050188c029062c9d982b576d3763554257a6d2ec801933937dd768783ee7aaa22ddebeffbe8839138e32003f2d0f4e13_cppui_modular381, - 0x0b25b63b649c9ab56746deb85067edda70403333a7050545c1333e3d8e4e0801c408d0327585a1ea24a9aef780c2888f_cppui_modular381)))), - }; - std::vector> tmipp_gp_z_c = { - std::make_pair( - G1_value_type( - 0x00356ef47a6a688a8832dd47fad2f8b5981a564d3b7dc77b33f13dff52dbb4536b6108510785304da9fbda39bfdc0bb3_cppui_modular381, - 0x110ce13acd56d5f9188faf09684b5e299b848615ad9be48dec0702e42ff794730417d92c7d437ddb1ba82869b5b6fb60_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x11d1f6fa158a0424684bb00c08be8f01c6eb6835a1fbb6ac06606799e517b2752b0b047b70266013b9d932198ced0930_cppui_modular381, - 0x0d6d40a9e4c8aa3f41d50f3204216c78c5959e5d0aaa08fb0276665b50efa7e90749cf7ae48d353c2beb29a7d9703ed1_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x12dcde8659ef48bd2c3a97a1cf83482ebba995a45151bbccbd4c7c67c40394bb6e17dfb831087b58230edcaf2e6fb1dd_cppui_modular381, - 0x09e1e629881f8ca21b232e789536a1886af564ed99962507c26713f5f89996b8f2b4df5a4dd3bac68aa22db9cdca8018_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d59c9b4e2c5eb23d592aca6d1566b86344822141cb1795727d56a4d7e077bfb02d082253cf8b3f5c2195c54130b1ebf_cppui_modular381, - 0x082ab17c22f98fbe932fe192ff59a238745334bdc1cd3205fb36528f045ae2c822e40a02324c3f6240fdaecfeb57be16_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x099d68bb24b4eb1a3dfb7a7a58cc6aa9ed9387522e3b85cf6e961ef90fc4c036b2e11a9eb97c49cbed2faad45b7b2285_cppui_modular381, - 0x0c36aaf264d471feab21cc492c3da8ebb113b5e0d6bcb0f7bfd33387124f9c200044ed12f610c4884409861d4454d2c9_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x08875e3cc7412133fc32e0a11de22f0fdadfc9f9d8171bf8be7b6a989983c09e2d8a5f94758fcd8c91b1dc5b634f7071_cppui_modular381, - 0x085c74e6bf33a19ec050533fdfce080e22c287caca4c564bf425f969ec063da9a57a95b07670aafb9a7f4b3550a7f22c_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type tmipp_gp_final_a = G1_value_type( - 0x16677a33cf13bb52300de2eeb5b7ee6d8881dc2c92c5d530af32a24b4b42133870e05755e14b7f67c52376e12f11b088_cppui_modular381, - 0x04571811f397f733bb55d426f2446a05ce90731d70e20d9c93580e425608d8b173103d5044aba2edb193e9d41547d180_cppui_modular381, - fq_value_type::one()); - G2_value_type tmipp_gp_final_b = G2_value_type( - fq2_value_type( - 0x00ba1d9ac90c782327e89e3e90903f2fce97fba19edda36a300aadf4c6ee9ce7829dfb3959147fd395e74602b00473ae_cppui_modular381, - 0x1805551b2192eac55ecf0c0f2893fea211f472de862f1107edc0f06e9c838832058b439001d32486e56fd10347696017_cppui_modular381), - fq2_value_type( - 0x09328337ea6dc20868f8a0218d6cc0198ea4059dfad5bc867a5e5bef1372e4d3b976bef79bcb99e58872d43ed2d59398_cppui_modular381, - 0x0019a9a18d511e5d115fccc250239bf8b45b395294491662e5b755cfd4c7192335f7067797eed7ccb67823ea553d75f7_cppui_modular381), - fq2_value_type::one()); - G1_value_type tmipp_gp_final_c = G1_value_type( - 0x149e3091be2f84f85d2b44843aeace9f30ddb3494c844d61ee3ac30c86f84af357264525196e403fb484d128e7382c9e_cppui_modular381, - 0x17fd55dc172afac253132fc05a4d80a11003c1a33ebc5395b669342a3cde5b8a55333539acea6724b18471621426db97_cppui_modular381, - fq_value_type::one()); - std::pair tmipp_gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x0b97d76ed73bf157cc80f949a4aa6db46f76916b6fcef9aa9b8033574155d291c3cbec6d206d294b888f1f162c9c36ab_cppui_modular381, - 0x132abdb0a598ce209156b847b8670f20b124e8e617fdfbabca12c7705f8fd4a76728d69569ff8ff4779803320d8cf831_cppui_modular381), - fq2_value_type( - 0x0d058517aa6da0d0304f8d760b110db4b82241e6b2920152886886b1f44d84e51c5ecde215ffa0e432a708196e8bada4_cppui_modular381, - 0x070f638b8b7f2ebfb6e18dd45903c2e51456a6e864bde5538bd09099766693566edc8f23969ba9e2a1cb244711db7e43_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x10d8f80502ef9ec601d70736bc5aad2983cfb20fe603f849f85591198e51c8aef58cf5359df138a2a3a9f8049f987d18_cppui_modular381, - 0x15f1486e59fa64f00b6540b7748ab734d968956187e44de6d2c3815e5983e603caa5492f1aadb7b67a8ea4eccf61e746_cppui_modular381), - fq2_value_type( - 0x0e48a24a8e13189722a6b97581e0c0047c43dd8f8ea145be717ce532d7507411d4be62b5ac98c095d3be05351dcdf3f5_cppui_modular381, - 0x109a6017d1d97927bfc371480d05c02994db816c6c5f4957c4e8bfb4cb8611cb6df76f46e024660b0f3c34c1095ad883_cppui_modular381), - fq2_value_type::one())); - std::pair tmipp_gp_final_wkey = std::make_pair( - G1_value_type( - 0x19100904cf14f2dc549a8cc752929208ffba6ed67fa3c187a1816b2c2ae30ce26e5ecb530366f1c2c55a14c235663c43_cppui_modular381, - 0x19cdca0efcc4ecc2bc5a45a7741b7806106a5f0b9dacbb10c547af7ab4236aaeaea16a01c6b1e354fcc45108e1cc6271_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x078fa9d726a3aebcec5f1a5b1142544c22c352d8084cb7a7664502226e1a6c62eff689a2d022faaa4f322b6186a74a96_cppui_modular381, - 0x047c3e9b88ba11ef0dd4fd3956c43f4e200d5cde83459bc1ef1407340d28ac5b58afe21ec4b51c599e5ddbf6dbb0da38_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(tmp_final_vkey_0, tmp.vkey_opening.first); - BOOST_CHECK_EQUAL(tmp_final_vkey_1, tmp.vkey_opening.second); - BOOST_CHECK_EQUAL(tmp_final_wkey_0, tmp.wkey_opening.first); - BOOST_CHECK_EQUAL(tmp_final_wkey_1, tmp.wkey_opening.second); - BOOST_CHECK_EQUAL(tmp.gipa.nproofs, tmipp_gp_n); - BOOST_CHECK(tmp.gipa.comms_ab == tmipp_gp_comms_ab); - BOOST_CHECK(tmp.gipa.comms_c == tmipp_gp_comms_c); - BOOST_CHECK(tmp.gipa.z_ab == tmipp_gp_z_ab); - BOOST_CHECK(tmp.gipa.z_c == tmipp_gp_z_c); - BOOST_CHECK_EQUAL(tmp.gipa.final_a, tmipp_gp_final_a); - BOOST_CHECK_EQUAL(tmp.gipa.final_b, tmipp_gp_final_b); - BOOST_CHECK_EQUAL(tmp.gipa.final_c, tmipp_gp_final_c); - BOOST_CHECK_EQUAL(tmp.gipa.final_vkey, tmipp_gp_final_vkey); - BOOST_CHECK_EQUAL(tmp.gipa.final_wkey, tmipp_gp_final_wkey); -} - -BOOST_AUTO_TEST_CASE(bls381_aggregate_proofs) { - constexpr std::size_t n = 8; - - // setup_fake_srs - constexpr scalar_field_value_type alpha = - 0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255; - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - r1cs_gg_ppzksnark_proof proof0 { - G1_value_type( - 0x0ad9ab904d539e688d51dfd985c3ae5b48fe28b95503191282d47d6b366e2a53e21ae890306f52749d21666b98371708_cppui_modular381, - 0x1345e24d804d6be02cf1b3a941b916446d137b97c1a92fd36d3ea125d2faf000dcf622e3f602f558524c87546bc11483_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x026aeb313ea0d77bcfb724fd0898bb830365001a6b17c10e6926511c59af9c36dee091f5c5a8ef1dcaa2c242ca013159_cppui_modular381, - 0x1954c22621c04f4e80283616ca8e024a86c58062aed69c053849584a17ea39baefe2e3a6d9a81d771cf5240bf277bfc7_cppui_modular381), - fq2_value_type( - 0x00c2b1a57ca24010cd4b5eb1b7a3765bba0e16bba8e79bd137b5f3ee7b93c72f2a6f19aa74b30c05de75314c6027af8d_cppui_modular381, - 0x01334537a911f0f56d111198f3d1fa4f6d229e67acc36239e3880cbc298b2b400d75d2a35b9b190c31223e8dc77df6df_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x01fa9d8671ec6696ae5766c83d7bfa9508ad0d94b36df00ada865979bfd005c60113655fcd19f37992eb842bb4bcae66_cppui_modular381, - 0x17df4c2aa0d841a72cc3187eb82ad56f83dcd1a392bfa175ef7da90a26963ab3f1cf3b364a0f1a9c8f1e74902451a96d_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof1 { - G1_value_type( - 0x04950b72c0fbc98ed63bf338d331f95018e65821b0b63fe4776c8e189453da8a71de4ed86be50c3729f17642dcac7579_cppui_modular381, - 0x00b1f015a6c9c93805ecb0a8143e0c202d5b086f31f4420d91d7eda4e19d744f29b5dcae6313d088098a7376e7f1d38d_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0dce4e7e35ed6949e7132c280ead2bd33bea3d5afd8d5ae33ddd71fd81b6624d4baa4aa50bb4fc61ab3b6475dce4ecc3_cppui_modular381, - 0x08da12416a18cb4fad2a56ae2be196187d48b9f733c4a9f8f0383fddf6b06e37e46c41d5b62ddb976315864ee51a351f_cppui_modular381), - fq2_value_type( - 0x14f633126ba39da981d4f3676c0ad2d0879abcdfba33c122bab88ff0494a7c425793164cc07b42d13127f26b28301e01_cppui_modular381, - 0x0c7d788fbb2a93b89bee19a9f51903507a3b1bade0045d4827fc52d4ad9effc6a972bc55ae8a4418949bf582a7e57f3f_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x100fad40d4778047cb2c02c53afecd6b25204d7cce9d11e3ea2f7844accf6380ec9b421d5f0656a8c9be03a58ac0e78b_cppui_modular381, - 0x0ebc959bd8afb8eefe2904f9cf7831fe95bc946f8dfeb7c2f6f4e3d39bb99f2d966df2ed51580b8536cbd24cd042037e_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof2 { - G1_value_type( - 0x13959f8f1cf314f0d36de6fcf1a37e3c8c3fc31c7087613d6e209a56e48b6cad49d1ac0b9a522a1e397b05e33a606496_cppui_modular381, - 0x0e1ce1604e9a6bab679a7a6e60c2d8ca1553e5daa493b14a652817c903b0db4e923a483fd31eb433e2c26e28d669d3fd_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0371fb9497ccc88fd0a002f32b7b25dfafabda8f1e199e3b782bf298bd6e3090ca1e2428017ec810c1f8e230a23199b0_cppui_modular381, - 0x0d0ba3656cc98288785f04078f95f26d44a4986998cf70566e2fb951abb12dd597f650f9cfb2ccb0ea02d009b00d71d1_cppui_modular381), - fq2_value_type( - 0x18878ec7f9cc8af17133d57bc9037e5f85959d60354c499c60f28d09835e25bcbe3d1cc51a0afba06272ac4d48e46c64_cppui_modular381, - 0x0e35c4a708d02101b8aff1356e580f5b5ef57d6be16502002d5576bdb2210450a46db93e1fff3161064d486b92b086d7_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x049ec2af3342cc36e49f5533488d495cb7222121d0836952fc879f3fb46f073a3f6c4328a4acac5d86a99a784c188718_cppui_modular381, - 0x02c9a8fe286b1b976549d57fd3d677f393b630cc1357b5f90c11b0482cebaa97e8e0b927a4b2b8c39eb4b1af85c144ba_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof3 { - G1_value_type( - 0x09f1a68bb0428c34179c3c375ebb2c3f8c8b25975163ecaa6e71e690f76c2fa2d5022e20ca8035f6ae4231e36c9194c8_cppui_modular381, - 0x06df98360b6aa4f1ca6c3e96dad4544be0119c7ed208224a1201ce03759813daec68d5a940e1095cd5f1661c2c6c68a2_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x06aab594ec527722a6541fad603b5fb788e1806d750560e1c4ad95e43305de35f1fc56ad9e45458df56c9fa78936cdac_cppui_modular381, - 0x1988328897e57d1fa847d2dbacbc46e0ab1c936e595e726d81a451e932de637420d8499a11fea29a50792fd8ef4347e1_cppui_modular381), - fq2_value_type( - 0x106c544e28d5d00accc9f6ac307d3ef08933969cf352682baab21e60589e8581115131207b18280026b78807d6a49f1e_cppui_modular381, - 0x03082285d382aaa13230a4895dd3da142a25fdce91165eac137901ac2c1964278fa9de8313039bc1f28e8f3af0e5f6e8_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x1140867bb1399cc013b41291e4127f926e1400281e533e4eb0586052622d51ae135f91eb21c4aa8ed5d85cb68129cc4a_cppui_modular381, - 0x0e59f5f7cdf0605c0bb524256c3fa9c8186ec31024b6eb71c01ee9da576678a7d83f777feebf11c470484daf2e78c04f_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof4 { - G1_value_type( - 0x07eebe2a51ff54027dc2e9333736203449cf0fef6cc7b4539f8962e8f803e98d01d308984c8a437cf38636586c954646_cppui_modular381, - 0x09677592e47aaf01cb77fa2fd567389c3c06ab63944fd43d6538b5da3405d9c152869535abfe1bae1820f0ae744e71f6_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x15276efc1aa8908a0e13029274887e6e599603cf6ec63c3293f2178bf282fc5cd8ad4e2ee971eb945063719cdc67b655_cppui_modular381, - 0x13164f607512d0035923ac0f34333328917f598fb74e30fba45bfae098ed39e43a7b299fa871a91f1d2e3aa28d546577_cppui_modular381), - fq2_value_type( - 0x0234b5566ba1443b3d71a4d597b984c5e0401ab0c92394521152ffed6a15e6bb616cf454b2597f37d1d6d0825d99a460_cppui_modular381, - 0x0c28c5010a6ac31f5af16ce861fef465d978c534d602b3042e42b766997521a965afb25a00e3d91aa393482f81e87a2a_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0b39ea2f3908a057e90045269c343aa12c7c755fd7cb5f23a6774f4dd0e23097ae77b984d4b59d5e585161e759777c79_cppui_modular381, - 0x0c76a611c26bf59d9edc44baac48a21ddb3e45c65ec845da57c5d7c683bb18154459b42aa305bed45462014157dcbe5f_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof5 { - G1_value_type( - 0x0e6d89bd7ef0b93907916d3903b6c49adb1535071d6f681e03e687dfe90d9c7e74a0f55be0bcc42c9b16e2e99653504c_cppui_modular381, - 0x03413cf7e4d3c43f02ffbce3682dc7886793f821efb7bb28000537b1f7b4951f34f3293013f6fd3c211979966b5fac69_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x058ecb344b1465e18c0ef4893bd06f7f323a56120e948c04488fdffd27b511db0bac296a81b46c660957dd3a923ba51d_cppui_modular381, - 0x10c18ef70e107e145a254406337969dc20cc85bc22ea6acb14d39394760ed95f5a37b8fa6495bb347986e50678b9432d_cppui_modular381), - fq2_value_type( - 0x04c87764181d768e4b6ae9997cc9c62188e856fd650cfdfb260ff4a917da064d9429978b33012de0caafb1b3d4134547_cppui_modular381, - 0x07bee15dbe062c38b2dd97bad78c2bcd36b1d09228a0581fd38493873b4e22654114d2320e25afb7136857355bfe3bc8_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x095b0c84330dbd160a40254ecadf867204780ac0324b4912a90e75e0224c4457dfa4d4d4d6231f6520d93480b0b43a63_cppui_modular381, - 0x0430bc5b9127edd363bd0adcc3f957dd4fae7410a36a0b599f87eebaaf304fa23c8c392ad6902793f358f57e1acfa5ec_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof6 { - G1_value_type( - 0x16dafd3b138ce9789864f661810d80f3a27559d59fc7c7c2423a8a2e5d12c319d362f74d6231d998a8b1d3f5858b85a2_cppui_modular381, - 0x0d68d83c3beb8e6ae1bae0f6069246d9138a39bb49714fe1dbdac7ec72db27b2535cf62d9d316a2715c0be92df37c9c4_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x063473ae18d079f24f7fde90e0e613e7d1d736f761c00399767260637fad11ab995c6f45c600307f8b43e9e39db3efb1_cppui_modular381, - 0x091f08c799bb8ee1e3e3e9a7aed1bfe320e2a44db3b09e35fc72647155af6d11dc45661a4a231bde00b1750cf8f5fd94_cppui_modular381), - fq2_value_type( - 0x162465ff561f7eddb102f9b79ff9022c2046489602dad7ce1a6347c10868324d2f0bff43dd3cbcd637050afe6813588f_cppui_modular381, - 0x0eba1cc671c6e28c2558a8a8de94ca3828b6ef68821d0329becd029d57a4dedc4b6b8e107512b95d8b0864d017c91f75_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0c65859ee85e435fd159631a5cdb53c81746d75b8bd39bcda4290b774cdef5a45fc136e29e85ae604065f2a95ee120c4_cppui_modular381, - 0x10044930ad3a76b06c0965b63e3ce70777bc5e0e1a471cdcf60cbbbbd85bde3cabea6def846ff8b29824ba6ab8e0fe70_cppui_modular381, - fq_value_type::one())}; - r1cs_gg_ppzksnark_proof proof7 { - G1_value_type( - 0x14b8d9ff73badbeb796cf47a06178948d6f2aae6115dc7033e2f24835c3d81a0abb143c13cd4f5ec97bd7972008572ea_cppui_modular381, - 0x16743804ee158723da1b39a549bdbfc29ab503f4e8015e7f83cb0f7e486e9907e721b5319ba117b54a81712a7029b1fc_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0be8424bd528ad671ec62204e1d8bf1a633e40a9271535fab37992aaa2523003e2e8fb22136f4e5b5205c2df7a0f40e8_cppui_modular381, - 0x092c9c93a278821ce9d7d0dad3dd01457ef2acbedf3d51596180ebfeac0f49956690c84b09d66f05287632c1b98edd5f_cppui_modular381), - fq2_value_type( - 0x06b7812dac5bd4cdc995e6a07972aae556e0a1f63e8402b8b6f64064a57d27fee410079e5a1f64dea586903ebab7d4c5_cppui_modular381, - 0x0e83148931c3a1e5215f68bca10b70fe0c1ae09e1de0f3076d19532a08877af35c12ae87b1dcee68cb7d089d70c37d77_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0661e59a523ad7c7a6753f1e70a6aa3eca1a1a650dcc6941e18194821681719496b8f2c10b976db51fc9e296418e1ae7_cppui_modular381, - 0x13727560e334f46eff7575d562ef0aebd34d9b174767a8fa99e0c96afce0749cd629a801bf2951a28b8e15238044a655_cppui_modular381, - fq_value_type::one())}; - std::array, n> proofs_vec { - {proof0, proof1, proof2, proof3, proof4, proof5, proof6, proof7}}; - - std::array tr_inc {1, 2, 3}; - - // r1cs_gg_ppzksnark_aggregate_proof agg_proof = - // aggregate_proofs(pk, tr_inc.begin(), tr_inc.end(), proofs_vec.begin(), proofs_vec.end()); - auto agg_proof = - prove>(pk, tr_inc.begin(), tr_inc.end(), proofs_vec.begin(), proofs_vec.end()); - - std::size_t prf_gp_n = 8; - fq12_value_type prf_ip_ab = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06e382f2b5821951b0194812b08f3d6e7515e204ef39b8d4abedb85c6e8533ccea8cda1ff55a1d5bc46611fc81aa5224_cppui_modular381, - 0x17073262593261ee2ee5b05dff3cb7b2c775e4d8d6b67ee8a6ec86d38a461915f749646165fc7906e0f63a4a68f11379_cppui_modular381), - fq2_value_type( - 0x0ae1f55007b1d9eec7a4269f5532b2b26c3c618d8e0b18b54aa9cc9c8968f0fa55e3bc0664737734eab9b6280592659b_cppui_modular381, - 0x18ef647c9a850f7c069c6e699e09879a8fc078ff57eb2a70652c7f6c481d9a8db047871749c3fd7ab90bcc222c21af12_cppui_modular381), - fq2_value_type( - 0x17610a19b1994fcb5707d40c1f0af1d56084c28a8ba209dd241c694e9651776c60d2e6bf5ee947a1475b3d95b2138b0d_cppui_modular381, - 0x0ff40ac478ebaac8888ac0607f40362c4b7321e30c7ad2ed8fffce36675fb44811e27de762c9cfff7bf80bba56b03c8c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17cba7860f256536081c131b2b19ef98d1916fa60b08d7a87bcd821110cf9fea46c85202a3f296b420f290168215b750_cppui_modular381, - 0x131fdd3ee9f2510fbd5b42612ac9086edb31ce97cb1eba625f484ebde4c77b19cbb57e620af065466d892cfa8c29822f_cppui_modular381), - fq2_value_type( - 0x04ad75d70807cc5521beea75a4ddb5bf4b64b45b3fff6bb38f400c537a8b5f7f756f230f6332fb7cc119627f5f59b84e_cppui_modular381, - 0x12ed6b1a90b2c014ad27da31d9e117b09ea79e0361a90eb093bf2e0791539e122e8080d00dbca76a62a3ade0df571429_cppui_modular381), - fq2_value_type( - 0x02b2df29004ca3853fdc12342f145dca4b6ab977fbe3e5dc8b1a2280d95ea79d8ebe4d87ac75d7f05f4b5dcc546bd87b_cppui_modular381, - 0x05711b1370bf0584b4e2332c1705b98fff292fabfd3647753c856d0a815fc126e5e72813d342df67223879ec6794376a_cppui_modular381))); - G1_value_type prf_agg_c = G1_value_type( - 0x079e716292f9040c956f9d576c9070d173c4cdaef39e248e24f0ab10c17807892a43d1cad35f90c29be6035e171c4577_cppui_modular381, - 0x07d4ffd556911a0a12eee0693c34dcc23935dda6acd9158241c66e5c9b626941ff3812181929b4cd79746cb30a944412_cppui_modular381, - fq_value_type::one()); - typename commitments::kzg_ipp2::output_type prf_com_ab = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0f7f86700fba25905cc7727397ac7754c0408e35b50d4b6331d05a779df7aff08d6bd3ae6bf7a2ba089cf0f4a676807e_cppui_modular381, - 0x0e398ab7e0c2ec1f8285e48fed66c971bef33de4608b36fb90820c5bf5a589023cfb2119f92e30a9cc36baff880c7361_cppui_modular381), - fq2_value_type( - 0x18ee824c51763bda9d3b45f6bfdd17137417203a09b9f03d31f4d9649ba2298d41f1c52a8a844e19dcea520a706fcad7_cppui_modular381, - 0x050dc7c2c4b5175aa76a1806ce5f29398588c4f0c1b87db0e12e3eb931bb6bb6891a7f6ab89549c3faa8982dff8488c2_cppui_modular381), - fq2_value_type( - 0x02411f8bb63301a05bd37fddcf04ce98aa505e2e15bde17f76d39abbeb4664bd7065a9f36b0e96ed32c9b02feaabaff6_cppui_modular381, - 0x1985fcbd91ed5730857355410053844cac0dd39b739705d9c806f4ca730bf710963a567b07dba0ef41d03bbeeb6e140b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1173078dee8cea5b37e46919f743c60165ecbb76339d51daad8c5931cd090edaaf945c890c9ba4823570177183c490da_cppui_modular381, - 0x06e055db81f375171f6908f674d9a85e7c78255f2d86bca7f88597e9644244026bf3513bd4d3077a5b340020c55262b0_cppui_modular381), - fq2_value_type( - 0x001ce1f34b1bf03eaca88598d7236e8ac3c5384ad1ad99be7ba061c82a27bcd72fb2d81e59f9257c00594bd1922428f8_cppui_modular381, - 0x075c8e7805804a3fcb2b4504cadc66a3d8f344b7847157e55d8b147e0a7cdc00d28a6ba7cb70cf690db135f5bbd05953_cppui_modular381), - fq2_value_type( - 0x05169b67be0491b0fce790693798894c8756941bbe937ac98135bb1d1bcacb4942e62512135c6a4738a11608e82e78da_cppui_modular381, - 0x17871da12d59765097a9f63af94dec572530d2a6b19214b0df06f987cbb7ba8c10e94c3871d5ca0943ccc96cf25b4172_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x196f7025147d05340d2923fdbfba1fe7d8b1f9507c4b4af9fafb0c8b6935bd626fd36763506367ff42050150112bac95_cppui_modular381, - 0x00375573932e5691bcb9a4964b32fb8c10c5016e2eba58c6d862ee55cc4d84b0f93cecc331cadcdf23d24459cadaffc1_cppui_modular381), - fq2_value_type( - 0x0e5baedd265322c895a9bbeba20bda3d8baa45b9dad2f92f38297234f72788d828cb5f4d6528e9d33c9e1de614f21e38_cppui_modular381, - 0x13baff0694488c6a795547b4358a10fa19a33b99134d1b6c41d0fe7ed2691395ac2bdf38c9a6d6bee575d01180db7bed_cppui_modular381), - fq2_value_type( - 0x033c545927810f35b47036f14a2d7a3b5cc6ba4352851fe716e3bacf3279add22658f3362dd9f03c1bdfdc3107141af8_cppui_modular381, - 0x0d45b86dd6f7687ab04deea8b3b3775dd9815fc6f1a56d32ca02cc8e7179e5d2331f52fc3c758ee9ad71d470f5385800_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x19c8e6e82af38b425bbc423020935c64ce11d8a171c8b0688e4d4bee01780ca6df091879e03f85a40b3ab7cbd8d4459a_cppui_modular381, - 0x077761b1d7538edebc7915959234d2300400e187d6d17f10c4ead17ff21d6e1c5567dbdebbfe837e26a77901b731e73b_cppui_modular381), - fq2_value_type( - 0x0249b8586a5ecefea5ed29666f29f0bbeff7262a25e3b1e5d3cc2841e62178ab3159946effc6ba374778fc9b175d4f95_cppui_modular381, - 0x05d27b5a2470e83e67497139d78c40f09ce64a5011c48227ab7bc6e0b04abbb555b2ad8469aa512fd9854562047fae2e_cppui_modular381), - fq2_value_type( - 0x19a87170609c7ec1a291d535da29affced5d698344938f50ac1cc65da8f915ebb541369aa71fde54298b635a046d70bc_cppui_modular381, - 0x09451099402904c365f803d1c1eacdd9a54ac4e08b5c034c660f72654894f0997c6aea51c60061bd55072e3a06d7fe68_cppui_modular381)))); - typename commitments::kzg_ipp2::output_type prf_com_c = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x03b24655c4bd2db92adfe5d271d286983f22a1a6d60e5f166afecfa73e05585c50c67ff0e73700db5e4d3baa18763332_cppui_modular381, - 0x16517afbb7ff2395eb918ff88cb8be27bf39fb9773a0997b04512784c4f8505966baff58ca44a5caf750944c8b68e4c6_cppui_modular381), - fq2_value_type( - 0x05b147dd7a9e0c70543d0eb7f6e7ed8f768396169c46b6da48ae82c440c5fc848ddc6ff239c99d0b4c703b1792405ec4_cppui_modular381, - 0x0fc43ef927118a8d6ac088a9ea77ed1e003b41f4ca000030811f7ef79bc2313af8b0bc3599976e2b944084912db7a55b_cppui_modular381), - fq2_value_type( - 0x069bfff0e3c91efe2bcf45ca64ee588dbd74ef0ad1cbe7bc05b8547a788c69b2875c7f7fb3afc357c270c4330f2d894b_cppui_modular381, - 0x14d8ebc721ed1aefbc4ecc316bc6a1191c61e9c6e8cc0788b29f8f9a062afa8ab1b492a2c5ff29a6ac25586ff9ec103a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0459f47c8da5d144f1e00a824f0e545b00225972d292e63da47b6aa4b1029ad9f5cf9b3a71ae8a48539c3e2629e4d7a6_cppui_modular381, - 0x0a169c462a52f8ab95e436f718da4c3ab027ce86abf929e9596ab28619b7bb07a7b451c528fd8f12fc254b36b0e5a7f8_cppui_modular381), - fq2_value_type( - 0x122a0ab0d6860312334e11d729942e1dd61437aadb7e3043dbb5e69c12e9ba939594ebdcbf09f4e01ef7dbc40b5c2758_cppui_modular381, - 0x13262d348adf899bf789e48907891b6b89872e8d16564434b26d1dacf6f000128a4f1af4a6a9e5f715c39c9d5e439406_cppui_modular381), - fq2_value_type( - 0x0f2f7fa303476732aaff2408968bf1601840bbe5f8b17a97392b0f80564c172a680e57d4391be0b3ad0956249b86ac0e_cppui_modular381, - 0x10834cb16d1b8d2d2d391dcc898561eb902366947ab94e71661765480803c14d3313c0e779d6ac7ee180c8a5d3d32934_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0050fee93436b258b96d75ed8a8bdf8954ea10939d453af35c674c142b6b37a3ee3485559710aa4a8186d6cedb2eda67_cppui_modular381, - 0x1293520bdffa93f2f3bc8b6dce60a9a9559b82ab1e37d15f729fbb1298ce7f39f588f2232327e0eb469aa3c5fcd335c0_cppui_modular381), - fq2_value_type( - 0x16d2f7e0a50d7d6197add277fd1afc793923d4c5e1a6ea25e82715d5dbe49f5444534e229ccf9a46f310e3a36ff3d6ee_cppui_modular381, - 0x18657b26a4dfb850ec57bf05d16a552baf979fd4a05f92bc074e9c69a733ec75ef0547753cf56a514973afbfa86b3097_cppui_modular381), - fq2_value_type( - 0x0bf9573cdb71a0a4aa5487d9e9625676ec55c1e1a253edd667376243594d1d0dcbd6b59aa3d9695cccf7c70cc1e748f3_cppui_modular381, - 0x129b2ff95aabbed897e32e4e7f20f517a18e95dbe00327804eaa40f3b3d8bf7c5fef8f7f551a7d10bb04d8209960b287_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0fdca1b3741cf230901a1500496acb92e03636f6a2be37e00cec0c92a69388a62919458b7a52ed53893699e7f2167998_cppui_modular381, - 0x0ab068b3dccc9d66302b0d2f2539938ab7a277187454a514b91ae950a7d9a5104c3a5ae344fb76e92899c86cdba59225_cppui_modular381), - fq2_value_type( - 0x005779c1e4d9a60e0821566b23dedbbb63983f82aeea1156b33401cb079689f414f2e59a7f21b9f1867ebf0223828602_cppui_modular381, - 0x07c508924036dd76645ef7a52cc1b89a4a6f13793ffcdbb479fb8ff2e1b097736ecd7b27fad806e204a8c4f335e90946_cppui_modular381), - fq2_value_type( - 0x17a1083b57c1307a6355987fba76454a195e16e85557c001d607e1bc621b69472d4b2200bcc6ceb1a5f646a80d78e6ef_cppui_modular381, - 0x06011eccd873cd132fca77b92c6f805e253a2785a32c3a94a9325c003e5695af172011ebc02b61b2368040d1dc9b7ce5_cppui_modular381)))); - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> prf_gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x005171366c26279ac5d47d6803c2f825aaad9490de6040781b7098fd0be30c30444dab0b4d59539bc0d58101f50c222d_cppui_modular381, - 0x1596da39ea384a41f9d4cf7f73d663b470ad6a8be067db8e2ebadd696c747407ba0c7b7b918651a81aa9803ee0ba3d3f_cppui_modular381), - fq2_value_type( - 0x0db4726ea584a31603d0e9cbe804fba06efe0cb862dce77114134b415c54e03956715d6ee9669297c0ee8ba9f429fa2b_cppui_modular381, - 0x17c1bb6d8531fc5f1df275a937fb83e232dec6e2b2338687ae5050fed615e68908b68638fd36f2667e31cd33379d5398_cppui_modular381), - fq2_value_type( - 0x018c83967a068d0830c612fd98739bb62628f36e16c947d9881ab3b75e72aa12d9226927811207f34db9c5772bdb79a2_cppui_modular381, - 0x08a0a58011edc06d955cb5ac82e42d8ca1e7b1b128f71ec7ea889efba895c83b663d73d20c6be7455f0ec1068db0acb1_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07acc3c8d9dde5a9c62440fa2327140e5ccba6ed122e451120d43058baa88409f0144543b45547659ea80efea013f514_cppui_modular381, - 0x183c254ea5f8ab63819599cf3e78659bcf21b3d9fc184a72aeebb1d69ed4614f28d24892640223461cc7fd728988d4d4_cppui_modular381), - fq2_value_type( - 0x0180c7130567c7e91d538aa137f977c904cf3cb7b16b5343787ed68c818760eadda3388967c6bf3a41ee031b75bba114_cppui_modular381, - 0x001813f3652b1324b41043bbd5bf17dd5693e180a1d8ecd3224780b143b34f0ab7ac2c1efae2666f370ed1a04cfeea6d_cppui_modular381), - fq2_value_type( - 0x0e806940b799eefc2312de4adf4f2a0652d9db610c947e0f8884f199dbf186988334442c3922f4b0744b59549ee3f2d7_cppui_modular381, - 0x190ad4e8691474a919b7db5b171de455beab5907b83ba9615324a377143979fd0fc15099a68554e1bc5b13ddecabce5c_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x121df3a10a9d030535deceec87f4d7d02f340d3fba22621be9ace057d5d8638274a49dffc62625ec16ab8a5548cc0126_cppui_modular381, - 0x0706af71f761d2d7530b38f5ca1b30371cd956e08e61d8ab5d1835c6ed27274dd14f7ba05364491d06d841255766882e_cppui_modular381), - fq2_value_type( - 0x04e93d124763f316e135705ffbb241a67cceecd8390e9d84e7395d0072266597decd963c7131e1121c0531be40940e62_cppui_modular381, - 0x0218d1b77f39120c504fd90ddce3639e6db4ac0051f86e038f5b8b8ec330739f216b2ac5817aed016449eb6e2455df49_cppui_modular381), - fq2_value_type( - 0x15bd7423abe93e0d4bd59b88a98bbe693388753f09cfd9f0bb6132bf5e96551c84fb0f58c21fec746451de9cf99abe65_cppui_modular381, - 0x17ef1666d64ad15999e7cc3d30579ff3534d586200bae0dc13e3c56e3143382e42b82f7a0c690721ce8fa52a91a4f986_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x091b037c2292f191abb27f75277344a04ddcdf30000746867d58b3b824c8f20780ccd4eaf8556c8c41a1fbe3f60af39b_cppui_modular381, - 0x059a6d711af1463611e3d9b19dd7855586c3c0118162c7ad18654a131aa88917fcd7d7c2bd9895fd9f4db7cebf04b520_cppui_modular381), - fq2_value_type( - 0x0c0feea9e55599453b18c6eaa5efd712526ae447a7456c95b47dbefb772e480ba34260a95e2f3c4d650f5bdab16f8c60_cppui_modular381, - 0x149a6491e56b6544686b100a113aeee959b4d48452382e4f12a9b5eee23a3fc9dd14b623baa9348569feec6770e0a376_cppui_modular381), - fq2_value_type( - 0x12fa68da8f44fd228486ae3678ea271c17588f1b0e492b57194c40cafeccc97f3cf98b2fa155b222d51c22a9aa83a784_cppui_modular381, - 0x0524294bb2342b2dc9a691540aad0457867298123b10d754832d6fd1448a1156969f012b3e0d1ed20f6fd41894c74aa2_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0c3c509289e990c62ab18898995ba40d22e72151697b779542dda1afd3fbc4337b553bd21239e5da7f8d791d132bd24c_cppui_modular381, - 0x11a7bc72e5f43c95bf62bce9d50db6422e1fb99bf321d739fd0a191c371678a98bf52eb2d343d7ef6402ccc4d3ab68ec_cppui_modular381), - fq2_value_type( - 0x0d25da2f3b350d682122d7f06a20c58df74fb5705e452577c3a02d79e4bbe1df36aa980042705917600881de7dd1adb0_cppui_modular381, - 0x0938e75658f0f42811aee03c59cbb2fd171475da59831bc3ccae6817177f5e17fcf160a1c1cf6fb4e16da426841eb5fd_cppui_modular381), - fq2_value_type( - 0x048de0d2799b15e364e4e9ee673d3990ed54e33887470a399def55ade45cbca2ab7710cec8de76e96ab4478d08c19f5c_cppui_modular381, - 0x18b69a1e1a5a6f47e9aff310e241c43ba46a539fb0f5b269473606c2e5cc5452b0d1f3f7d20884c4861839bfd19d5acd_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x096dca135a39681e4a77f96eb458aa4ff8619b10d821a161b8d6c1ae6f94901e4a0c5872ccdf500da3b068343d5c3b71_cppui_modular381, - 0x13ae4d8578701cb3d0a1667e9bdcb34a3998b830f34cf59144257b7d5f2627fd4605fad76df08881d8606568e304ed78_cppui_modular381), - fq2_value_type( - 0x13328b5d3a12ec71b113eb5cfc0b25436334c568d9d9d37dd2b3fffb5b499b0f7b81e8d948f5bf658e80df366109c99e_cppui_modular381, - 0x0bd4fbc7b45978e25f138651e8405b149f193e7d91e15dbcd6895750bff59d7ef03caacd0834e0ec8fe4ce91d7fd3ae9_cppui_modular381), - fq2_value_type( - 0x0d9e6edc7abae46488f31bcbb84c1e49a3c11b431329c93bbee3ea5dd41f6de992144f9afc134beb8f79146b27a94283_cppui_modular381, - 0x0ae49b29f9dc4c072692f25bb40bcebfb3571e24964ac719c81d2b1d6e87b27864bd00d5c5f2f354402280dbe2466e1c_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x178308b01d2449c2fc2bc5a246710e96348332dec7a11bf37bd65338aadadfde22391ad18635efee715c21af503dbb86_cppui_modular381, - 0x0ba095f88702e8e3af0761fc84110c94b97fcd77c2c243bbf0efc2957db1ced41237ed7c82c0ed6d4eb463328ecf4302_cppui_modular381), - fq2_value_type( - 0x0a028bb3145a5a73f7df15ad564abaebb046d2b99d82e1afb0f7abdf93fe14391fa1dad638925b0e6b928f503366ac1d_cppui_modular381, - 0x03d240004d0c03eeb6f9196c1eb9a29ea04396e417630c3cc33311fa0e3695eb943994ac48ec5329dd3522da8ab5d802_cppui_modular381), - fq2_value_type( - 0x16b60cb32da156f52d9ad6b745130685ed51588d6cc28c165436cb0077bfb345a8e5aab9c7914c1d72f21af00c6d54f7_cppui_modular381, - 0x18f07c1330036d6a77bc30acf04d6b9b3479625c4292b47d272a6c138226cd15376a5100419e192292640a7f2da8d1a8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0ee8232bdbae78404fb3d04bb5d32201caa0dafc9352a092f6233441e83b1c12628eae989c81bdece1710050f414016b_cppui_modular381, - 0x151588146e9663110b0d4f7d237ee457337f49d9f406dc9eb15d9df1b459f8ad79c23ab8da378dbec738c5f6a6550570_cppui_modular381), - fq2_value_type( - 0x16fa3f7b2857db201c2b36eb5c2c63e0191250ea6489b5861211317cbd0a1411ccaa8b188478e941bfcc3baeea221476_cppui_modular381, - 0x0d22164bc53d6bb553e8f4bb778e88337ec5938530eb0b5015a9f3bf3b7b46b6f12cd52be8593f1cba4c9db167e3bc2b_cppui_modular381), - fq2_value_type( - 0x184f797a03c626f0a30eea9afb35122df2e635af1b2afeb214925078a9df88b22bddd1f55a01e6d6a23a95195833f8c8_cppui_modular381, - 0x0e4abc9f6fb3d17050ab9ae93a95056748c05da9107e7821064f2b1fd6903fba537d5274c5b328bab0cdafb60c651eaa_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x043c5330e71bfb5ce6e923795e7fb6d6628eb39d51498c44ee621425eafb326105fbe755509f9c6ba745d3d5b4415674_cppui_modular381, 0x141ba964279f3d5f4327ba04c4f8848acec479258e5058c8a207bb43a348de5fca532a8e310ae9c220ae4a0ce05ea830_cppui_modular381), fq2_value_type(0x0a456511fa23aae810d4c1f1112fb0e1d0b008789ae59481ceb9aebb976726208d8f2c16c1829aea2febb9f847bd7dc7_cppui_modular381, 0x023cdaad124e21466776864d917dcead85ca7463d668f8cdd92949c8ce1bf0a81ab5f49121b158e774e8d0835034f198_cppui_modular381), fq2_value_type(0x02a736547ae54e2705b324474742e88db57a5ed4defce7f5fcc129307864d377136b34c869610616d6e95d19d977c6d6_cppui_modular381, 0x093f31ac7eea687f45e8607e69963cc38f643d43ed16b11e3d752b14d39bfb3a4fe2ba4cbef01c51f32480e8f12fa682_cppui_modular381)), fq6_value_type(fq2_value_type(0x04d912752485ebc38bbbd88db6514050c2323cea025d9a0d0195ad7df76ef7d16c1fad74d04e125b8b90ea9115a42d1f_cppui_modular381, - 0x1700ff80462487faa02387867f3a379db214cfd25387e8de330a85948682b3abe52d9daee21f916e7c046f64c71113dd_cppui_modular381), - fq2_value_type( - 0x18978f46f9b0e1b9ca5fb3a6f9f6e797448ec2ea55298e1ddb63e0dccc203c013dc4a8e835ebdab0d6b6a749a959c4c0_cppui_modular381, 0x116141a2852dfe1d8975dd21cb938d741c73a17d8cd33cae69ccab7a0204e04b876dc7e013b4f0f24864b67bdd320fea_cppui_modular381), - fq2_value_type(0x13b8b123c4c4edaee5aab3a21baea04c5eb50036b402669cc73b564c330066c6187d07c9e13436420e9b9a35407d665a_cppui_modular381, - 0x046b9358226a2e3378d74be97e4f22801680ec747cb0148f6ce740a4cc8938c57e9266be7463c3656b8a4da7fbc6039d_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x1058b84e5a27670bb2d3975a9200d6828143fe70c994168e4a0b7423ca4559ac50b1e5390d3e5b1e352c213e9ede35f1_cppui_modular381, 0x07942b2f6ef470f1cc58a5ea651988fc9ecf22afcfa7814c975676920db6376bd8b0d97eb1ef411de8e1c06ed0219b18_cppui_modular381), fq2_value_type(0x0f674a4b6089aac668d72b1f67d76a8e0a1772610fda1ad4929a66eb58a551901c5f5677c31b2afbfd2d84405d6b5982_cppui_modular381, 0x0aa4db924381b8dc055487c067989b52a8ba40f6c7326410a94b5e05c95ad477424d8524cf73d32c9b59aef7f7342014_cppui_modular381), fq2_value_type(0x007cea626bb5cffcb9fa593ffb4acb127496b0874a921ba9825914dd63918f33beb5275d35a67e2f2cbc001b669b389d_cppui_modular381, 0x023725d7616717e9e5b1023fd7679f322822385141d985a36639d9f8ef6246086bd746fdaf0bab71de618c414ce2241d_cppui_modular381)), - fq6_value_type(fq2_value_type(0x06c2ac02c9ae1b80ca20fd9d0b1973068901dafab305bb4cd5dbe6f4086a7629ecbd8381a0192c668a89f74778f6a411_cppui_modular381, - 0x09410255a5474f331adaa32da5ac7d943769dc7e02ca6da68a020031df1ed8155bd2b2202687bfb78ead0e296cf4a694_cppui_modular381), - fq2_value_type(0x117796d2339c9834924b52d04d4b5ecd5bf84e3a16de827c1d41c9b05d4b135b4c97f331db019e1905f3fce0ba6968a1_cppui_modular381, - 0x01ba2fc7634da06460c8cda364fa795027cb5737c06c01dc49a87e82e68d341c11cfab86dc38e052cda17d64b771ed81_cppui_modular381), - fq2_value_type( - 0x11ffabfe4fb2acb09992627a01722bcd1a76d48ce85d435057a83c2251ca9c703bd99b75747bdfa6a60c057c13ee2987_cppui_modular381, - 0x00840059d1e7c3e8945b6332a1fe043786ed35c44395b9d06bc5549dd52d51262791306fb5b1a9254c5daf2955debc0c_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x125db7da1c1320cff1e4ca398f994f31735e7b55318ec967812feb5c7865a58d51b221582bbf3699dcdaa88bbc7f9fa9_cppui_modular381, 0x0a090237dc140a2c7db49426dba4fced4083f329e8d899a460e6a427005eb4a60eb507ff6fe234106d1d3711dc052e2c_cppui_modular381), fq2_value_type(0x0e753dcb9d994090493a33bd9eae55b5ce43f2185e56099385cab759b419dd893a3ce508fe7cfcbeba983e3ec18d928a_cppui_modular381, 0x0af1cb913d12b8dcb7de93d455738b59e1ff8b51d2c6c1d40dc081cd0d90b1b346977b7f0b44e355e13b85545f69e596_cppui_modular381), - fq2_value_type( - 0x05e7d476ebe1910b5e2ee9046b2d04bcbe0c09ce00cd98bb591ef40bb69e9e1bc01c2422977c758d620efb0617fb599f_cppui_modular381, - 0x0cdcf6b7a4459dbf435b5e6e765fd6cfb885dbcbc2f30690ca4ea4aeaffbd1ea0b7ad42cc4f3f7efd966f2678e092141_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17ecc804ae7dbc2e2e90d33e83d5c8d26c67001ed5015cbe0d46bdb4de877593daf02d6b3f2bd733f50a9c21cdf970db_cppui_modular381, - 0x08d7320155a5392b3959494b9724a025f6928aa155166bc0fb61a6a37889ee28d0fb0cba66fedb0fa2dc2cdf2fbace22_cppui_modular381), - fq2_value_type( - 0x15e1374a440336203fcd65b7f1366e9bbce40c40dd2b3e32eccd4e7b18043ea3ab5050bac9a194f4eef6533c71d48d7e_cppui_modular381, - 0x115559b03a9ab8ff9f720dd6ef0932ec598c24c2ae122274a6e43561ed133a4678d4c10aca79098d435bd5f3861e72c1_cppui_modular381), - fq2_value_type( - 0x0cee13761384961ee27a91b5dad2b439312c29bde30b8d7562807ec169e3fba901955a22bf02a5f93a45145b9cce4640_cppui_modular381, - 0x1619f34d7be4d7d44ddfd92628a454019a65b670b44fdf596c8e0f9cd2dc1c2c56e1eae49a8febff443c741a910b9141_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x14640a28c221e652ea01ac88f13413222ecf150224a43d06b54e6863f0b4e2ed40eac37c9743d163da03530a50b0b9a3_cppui_modular381, - 0x1665bfe57db268de177a93ac2832be895dc2d240dd51e4536a2fa6baab1401ebdcec05b608812863cdf11cac5fc0f895_cppui_modular381), - fq2_value_type( - 0x0b601e729fe2bde484de77252032bdd5ad1da0e76ab2429609e7e39f45f3058ec660b75aa05f39def238a9b8d704f7d7_cppui_modular381, - 0x11762f956a2cc35e122815486b9a1dddbeeb7ae516ff86c283c4614a9aeb6fdc5f6137f3f5ceaaccb270effa4a486ab4_cppui_modular381), - fq2_value_type( - 0x0991dbcfcbfd12c137dde4b2226814610a487fc377b6aef4e6faf018d1d10a453ceda63e09e873c417384d4dca0cfda0_cppui_modular381, - 0x0e8ca630d8d208e5717895793f812ba65c7b4a76c53c117f090e80d5f5e4f03422ee668046aff7f2cab22bbed56e866f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x11c74fedcd869bcd60ea6cacb9944a93bed3ffd8df88c0e81ff9e0489250b80422d03be3faa5387b0044025b36399326_cppui_modular381, - 0x16e12b97c6880bb714d76c8a81c5bdfe1fdd68ce505d4ba1fe282eec953c452205f51bae70b1d02a2b36136076c0b92b_cppui_modular381), - fq2_value_type( - 0x0667b56e01602eb46a7556d5765ff76f63208960c048586b4f98086976f70066a181ed5face372f3c839a8f6e85bd768_cppui_modular381, - 0x0a9ca4f64c590c63417d189a0495a100fd8b80c4d61c72deb969519db0d7042bd66fe5d4d59e3c34497ebcab0e7c8ac3_cppui_modular381), - fq2_value_type( - 0x1633288fea58a317df87690bef2d0905b35c3ec2c6a427d8dcb93b7018b2787bc48203cb6392b5cd752661ae75012e8d_cppui_modular381, - 0x0860486ea3e6f362e6588b58693d20e3d81eb9b65c85e24e201cee68f5b99b5059947c3717ea61bc8a217b70b31f52c7_cppui_modular381))))), - std::make_pair(std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x177e0fd5a76fb5c5f6dc1730cfef8f9db491d8811922ed5f993a561ae1d9bf915ce95ddf05ad29f9704045ec30b143dd_cppui_modular381, - 0x196ceb633fd03103e9baee645f893c8dfa471d629e1e7550ec28bb0afa6bcc50432249c022a703058e1ab1aa3f148f91_cppui_modular381), - fq2_value_type(0x0ec7a7c70901ad7c6e963983a5a7a125970ea281df5b021583170d85719b6c0c1e70c542f7b6c8c0641a1cab95213ce3_cppui_modular381, - 0x0a03089ac1cce96384e91fa94ed78c11ff939d95354511daa90cea93a37db8d85eb181df2106fd6220e04ab6a5783b02_cppui_modular381), - fq2_value_type(0x0a70b914d0f4959d9f132b5856bb8bb99ffad52cbb7032724a01edc39336345106bd1820d48e8ecdc6dfeb0c9fbd4b00_cppui_modular381, - 0x14cc1b39396d70fecb1e921faa0959e814f668a2fbae3ac77b249d1b05d9bfc054d299afd1696b690c5bec9067fb0d05_cppui_modular381)), - fq6_value_type(fq2_value_type(0x07acc35e4026e32f922a0594efa289955987f0f0b449b45f63ae6b32647ea69b2b9839e0284690576a25d83f63c74acc_cppui_modular381, 0x008131a04439a62e484312797930723559dc4431cd10b9048492948c681ed696e702fb06f3e708abdb2cd388a46f13e6_cppui_modular381), - fq2_value_type(0x0a7aada2f918cb35d88faff7325f99e5aaa9a08bb5ba0f17591c01b36dd4405d1116202f8b1785bbe8c176e9fb874ae8_cppui_modular381, - 0x18fba1e2686c2d1514ad54137aa2a6c071d3d485a9b91ae69fbac945cfa38f39b2e75b6b3a0c2af853124673c4b9faf4_cppui_modular381), - fq2_value_type( - 0x1075da6d4cc923fe0c419fb790b11804240bb6a1ffe4952ed0d9f59957224959355afe0aef326ce5c1047158264f104a_cppui_modular381, - 0x03897ecdd3b6e3a4ee6a1b819ae0660cdc9b6d3a5ec02f9b3f40fc0c8096fbb08d26fdbd8e4d269fbca2929f0ab0fb11_cppui_modular381))), - fq12_value_type(fq6_value_type( - fq2_value_type(0x10384944410ba651f8342133daa89073c2b99702715ceedd4f66347c6b2a76623bf5adafcf2790311b1a655f8775194b_cppui_modular381, - 0x0e7dc62df8272334de4499865060a458c5c1748b835bcd57bf8e6efc7bf9f64efd2225551ae92a66d50fea8d8056f083_cppui_modular381), - fq2_value_type(0x05b3cd2f7c2dbef51b1298bb7bbb2ed3f4b66e7492b3777043f04a7e946dc0537a11672fe489a9dce0babebe77a6445f_cppui_modular381, - 0x06f6a966c9ab97fa4c778ee4bffca9ac1bcf80e54fd78a82b12a3dd1b4a26ab4f24e1e1e91a076d4fc0307a8af29977e_cppui_modular381), - fq2_value_type(0x0c5bc3000c337811f9cb8a6004578be2fbe3910046e066a1366e8c78d06b054eaec95207e7e16c2ba8621ef1de300eb1_cppui_modular381, - 0x162a68a8e2b216b64932d32e634993367d4009a38e043c97d81320aed6f9120d5b5465236fb5a9cd13bf1190ee2434a1_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x0ac964dc11a324808280142f03ea588b96a4a230bef85617be3666c0b8ffd886678de41d2599eb668fc7a7e96637ac43_cppui_modular381, - 0x18d38d751b0b97f01737ab7fad6cbc9a3d12d7f7d4005760e2ea911f91fa5d037c178fc58e8bd96bd0aca508d95cf6b5_cppui_modular381), - fq2_value_type(0x1861ee37d6e6a406d5401793dbd1e48a67b8133e1851fdb2adcdf52045ed516857eec6a2d7ede1dd47baa0afba000fe1_cppui_modular381, - 0x07a19aced9ae096ef8af9e6d31b77ef6e4c115618169fa396abe0fc95d57bfdb9d6d963857bf4b9bec99a7ad3e96f302_cppui_modular381), - fq2_value_type( - 0x1320b632dd321ab597e52136bb8ccebe47b73fbf2fbad470a563aa3fa156ffdf1ed114f2364a5699412f9e406ca68aaf_cppui_modular381, - 0x0fa7a7b6d87063413d8098ff116e9984cde3e5d8f84a217701b395060603e8bd16020ec67a9eff6f7f5dcd386d749f37_cppui_modular381)))), - std:: - make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x061c2baaefbefe3f558e105b8633f05f9f48f360aaa2f736c318b93a13c65e1f96332e38c91b2d1376c36f32596995d2_cppui_modular381, - 0x0d84681c2abb8b041831db5f77a977ea6c10a775c1022a664064bf6d486fe0257c02f15f59ca24128e0c4b722b6f42be_cppui_modular381), - fq2_value_type( - 0x049ceac4612ac5797326d863ddbb413adace9f24f2c7ab7212d781e74d2a4289ade78332f0a32b2ec7310c4a8c854f43_cppui_modular381, - 0x065ea06e2bf55ab3e275ded870be62058c167b3a4ecaee3bc87e60c3a2f4479f00f26ef277541cde337bcdb0690c567f_cppui_modular381), - fq2_value_type( - 0x0e8796c8e3c7377a7404d4290de1bdfc3aeb8cd6652499b2e33683fefc9372d237aebe2d322ebe7ef8d4775da1b90621_cppui_modular381, - 0x0e43db9d0e5cc8a0f265066d88be7b0e8c77230fe3ed64b2ca29728942973dee7d820c496ca0f8f8573305140c9fe9e0_cppui_modular381)), - fq6_value_type(fq2_value_type(0x05c23dddde09e67de1fa9826a8fd112a83bde34553e1ecf75308a865c6e6a3a6af198dc6c3dde019013c320f1df73e51_cppui_modular381, 0x05f0c90ffec97a61d5ddfacc185668f61d83e2474ddbf27b6b3fbd189eae7c89cb2977f60ec64034314108b10d54dd9b_cppui_modular381), - fq2_value_type( - 0x10b2e24e9f12e0a4dc72798fe58ee46c98a15898f601ae907258d9e4e17a7d0658f409307f1e1d03b2794ddfd231cfa1_cppui_modular381, - 0x088df46efe6ff738b01a480fdec339ad6c1d63e8f8f59f036db5f401129976b62abcc21b54b100cb63594345f15cd944_cppui_modular381), - fq2_value_type( - 0x18fce451ac171917b5a635cee8d6dd1a2fa54e6bbc7c51d6a33da55f99a28ac38e405ef1c2837250e293039e5ad17cc7_cppui_modular381, - 0x052d8b5700bb5d61103a4dab1167117bae116db7be271f87361e85605200667cab269b354cdd109cc2f9cca44def58bc_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1342152652b7565fc3967db9c1e2a1016706a16f196d465133ae7f70af663f1d189e1faacdc88bb1a02346d87aa8bcb8_cppui_modular381, - 0x0ea20b92c2bcea5972cec24b5fd872b2ba8b99693b81369a16a0487fc2c147534cda919980827f9379887c2ce13e0759_cppui_modular381), - fq2_value_type( - 0x02c70d3946ab946d2d0ef16d0e2abff83210d18654c20fc48d5d31b33f55387c253935efdf22c7a568902b7915516295_cppui_modular381, - 0x18f7b897dc2bbfbf6442a79894dd54dda9b4ac319686282668ed52b1a39293d90c69ee9f8e501fd0f94224c0eecca66f_cppui_modular381), - fq2_value_type( - 0x037b3354eb3e7810fe2498a299173e82acb2f42400b004e97de842c1e397b876c44f023cadc7049636f2ee58a49e73ce_cppui_modular381, - 0x175f5eb8c8849882005291192fae39e67ed2d3acbc597e0eaa4bdeabb3649d3dc6f25996a51fd796cdf6b6a896e17c21_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x04018918fc2651f3da38fe555b0b0fbb97a0d1876c0e725ef4d15c6d4a443bee61208c6f824a9f292f0e5d322b891811_cppui_modular381, - 0x0737645e400120e4383af41d9bda3a4d4474f01ca716968ddcb97550ed166b2376fae234dddea9d344df04752c457fdc_cppui_modular381), - fq2_value_type( - 0x0fc9dbcf340265515779ec9fcc1439f579b6ac883d848caf41c431f7bd869fdcd1ddae2f9b24e9128b63764e06869339_cppui_modular381, - 0x0dfaa1b73b35aaff7ae7a0d748934b839c2f89b0d98a753248e85d54f650c53e93c57f0c7e046eecd88d9a1871c398a8_cppui_modular381), - fq2_value_type( - 0x0cde71dd1d338f0890ef4fd6a897e806b7bf3ea795331034d13f3f97c05433f8c8aefbd13e5632209c91d656f2121da6_cppui_modular381, - 0x0562d8702ef0a1fc40d7b25c7f1eb322427b9a73aa899f32500e9dd84196ff6c3551b9ceb8b292cf169be9dd45b2bff1_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> prf_gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x10ed67bd0b63f67d986834c36ac3f2037ba0ad90201faed858f9eac88089d786542a130fdbd51445f87560708229fd99_cppui_modular381, - 0x069e7c8268cc30fb130f4dcfd6ef0f7060592f56a56027de904c0bda34c81c01168f4650f55fe0b808d8597a88ff7521_cppui_modular381), - fq2_value_type( - 0x196b6880be4af60aa312387b6a98e0b7c043c40408d16907d4762638ee039e63fe4e223d192b0cfa9c4a05257283f24e_cppui_modular381, - 0x08619e5d5c45dc91d6a9a74ffb540bc7da63680a8b407090e5ca0b23b706e0ed96fd12a108cc2ac7d7a18b2649065778_cppui_modular381), - fq2_value_type( - 0x0725a15a2ab090e49f90f4a6ef1f1598ec05623b2cc3e97438fc518132a8985b883429f24f9ca53f4d3ef431f4f880ef_cppui_modular381, - 0x00c2f0276989afae607a6970d57dbdab344b8f4fefb5a9b0c8c7108bb03e00628131a33484bffd1a7975fb9a7f459b5d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x133662f7dfffd9149e01313c9dad9e6833af6230d81bdcd15db9b43606f0514230f791fdb0565a64927f3dadd8872e89_cppui_modular381, - 0x1407357f60dd7516d6c7a6cf4a108335c74bd99912be2888cdcd89d1f2bb1c649191d4e336496563f96fde9b763ae5f7_cppui_modular381), - fq2_value_type( - 0x10208a198ef7b0af86e4ff3a458d9fca1a7826ffbb7362f080fe1906dfdc9d90b3877dbbec536bbca8510677e1eb39eb_cppui_modular381, - 0x049e35694c813261d977fd4ff1293c4e8370c2dd44a74e4b301217a8bd934218daba682b087adceec9f78450bbe84675_cppui_modular381), - fq2_value_type( - 0x17524ce81161cdaf38749e98c31fb443ddec79499f902d3ed58ffc0d3dfdf60a3b0f4ce07912e44262a6c93f1f160822_cppui_modular381, - 0x11c26beb7dfe3d670cb69fefd4aa9381527a4a792ca0b6d4da6d9c248bcd665dd7672c225416d0f12a853b69fb312141_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18c6d2d4bfc39da958a277f912bcff65ae340b41d757dd6641a8857a2281f070fcc7129de69c812340dd38fbaf720085_cppui_modular381, - 0x033d45b33e0342b7ab12bb7bc0405c77586bc91be194e5d15cb5947e054d32ca822b3aab958d33692d1c5dd802e0bff7_cppui_modular381), - fq2_value_type( - 0x11d509da92743cc89eaea024bf0855c7d4de80a31f4e210c77c4366ab80ec089cf81be0059560c6cb83d54a1fd851bf8_cppui_modular381, - 0x141669a31e8e65df813411f59ce80ab387707ba43157b5d2753c41754e93aadb0cc45566acb969946de3b0c6a841ef5a_cppui_modular381), - fq2_value_type( - 0x061d99684ea4e2ba35b4fedc26f6b4359809302934aa36ecabc637586e0d181fa369b661f44f13b51cdecabca0d5f73e_cppui_modular381, - 0x0535d73f27942ef090b917193e7659d4258b3d041318ea04ec98a1622b9b5edc7ac1a332fb7e84c20165714ef9277a74_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07329eaedb32ac2ba5654e50cf496a22431d52ec3cece7d8e648bb80e4503841ae2ba7cd1bbe8e71859a2db5ef16cf1d_cppui_modular381, - 0x004c6b8e52b346ae6bda69785a78e50af1a6a13789d657d899d67af8b81016b8fbe706bfb416184165c34bd9a61b8f32_cppui_modular381), - fq2_value_type( - 0x157ba424ce6ee22e4f37a1a753762a001e381cc6cc54dde88cdcd0942aa7a11567d296308b48f717e988b6d5ed72f9ee_cppui_modular381, - 0x173acb29afcc9a5c88c7e973c38296311f68973ded3122e07cbec75fab77a098d5bd8fc57715c61f1cc3491fb4ffaf3a_cppui_modular381), - fq2_value_type( - 0x060a19f034eead10945b38178e607dbcc5a387ebb31c7086aaa7a6ab6438f373ba99d0fd2773e07ffa032a7362615787_cppui_modular381, - 0x0ca399f2c2b37c7dac9601db9f0c008007e2f7e5374aa35ff9c99ee63aff30b41c294d78ddbb879b4993dc01502c67e7_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17b81ce7baba6489359718e1371b0f18fdded1bddc462fe86b1469b43aace1e7a86d39697d9a47b11a5af4e9d748d4f6_cppui_modular381, - 0x0c206ab61781143b18252a9bbb9cff5f6ccfc319476ccefffaae72a5d0687d3d540e52add9fc8886e392bb0975cb03dc_cppui_modular381), - fq2_value_type( - 0x135cdaa402c73d5713a3622db4472ba5bce78fce57768bdfc8ecbdb13b638dc1c48e3b65339cb775b987a7e50df58860_cppui_modular381, - 0x032ca67e8fe7e72fc196f28114122bbd4aa78d84b27639368013e9f38d8de9863bd1b8bdff0df64e6558782f9ac28683_cppui_modular381), - fq2_value_type( - 0x03f635a0c4e3e4a263519195fc11e27955fb5ff7e7bad1b3bcb56f7997935eacc4f32eb339e7e942b5b7d4547383e0ec_cppui_modular381, - 0x048947b762fb9d8a558a4b95cc96d2d8060a4f86a13457ba96a344f65731db1f2551cc2635e767c0db53bf2de26ea548_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x033442ea170492e958b9a33e4dbc95680d042ba05ef1c36fb81be68481efff3edd30b479390783afa5c014e5660b0d21_cppui_modular381, - 0x073eae137f43015e8290f409179534808d18f8b66404dea13ecba290079123df9c6b020758e2d7833d0b0101b1382552_cppui_modular381), - fq2_value_type( - 0x032f8b18afcea0e4a213e2da1868b1e80daaed10e714a7b3a778656f8fb46e2620feb23a93ac8297693d7bef98d8c0d7_cppui_modular381, - 0x09cf66fc553943fc7766cd86c871241d59c3e5e20df45e6244ef2f1d2da9442afa0fb86e4ad71c4541227ce47002cbb4_cppui_modular381), - fq2_value_type( - 0x109a4087f5d8ddd8ec10410111e2f8dd0dc2c0fa4975451452f1cd391980b9888f2b19e634f40affca3d1b519ca5fad1_cppui_modular381, - 0x0386402810c6abdfbb7830cf4cbe52265f4ccad3a1f1b475be7607a6a4efba3aece654b159179b42dd016eb58ba6f0ae_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1080b5e8e167517cbb8bb80d3d72fde629b6e29bce4b2e83f0034776d59602a42c635abbbe0096093509e64f8fb20280_cppui_modular381, - 0x1521526af8ac6a4eb5614b890f3d1bd0c5afcfbe2fca328747259322ae795ccf327d96dbdb61af35a4fb39fb9910ac5b_cppui_modular381), - fq2_value_type( - 0x0f77cddeb9f28a92418b7e8b2f0e47d9750e13717431e02cf02c095a23ff809a6ac6d245e571c2c4efe7c0da89ae486d_cppui_modular381, - 0x0a1bb04516c45c0a8fe0ba08b2cc53768f7e8af0dfae460a06e1c92c066eb713cb5ca34a0a1f8802b0c6250a38391e9d_cppui_modular381), - fq2_value_type( - 0x0a93b752ea77031c398a33a21532ea0e4a0ad8110143fa0862aae8a132a43e2ac6dc671c78168a6108fc1077a81a5e4b_cppui_modular381, - 0x088578395b91e1894e2fa3747c7677d6acc11caa51dcd4d61a61bd1c2e71d3a284a70ae20efcbfc733b7f118dd90681d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x190a34b49778e6ba7764d4c6d950ccd6ab2234cc1d0c4b93f5967069af0b5b151c872980ad0733465b3d713faee35d56_cppui_modular381, - 0x153bd2d950a0f875cbee06d480e6a52c26902f8388168054144b830e98316c0537a70d455ceaf4abe9b58e6f596bef98_cppui_modular381), - fq2_value_type( - 0x1115454485c7c3168cb035d769fe52cd684fd3612380897d704c81cd1d6dc4e08f1c7bbb57688964fab096dd2c5352d2_cppui_modular381, - 0x0b26a72372d226e1aeddca8897a27c5325e162c04a70a5daeb4e63114e00ff2977306c3dc4f50a4c4a284100078934b4_cppui_modular381), - fq2_value_type( - 0x193d0c11752111f9fd767602157d787ba295facd0425a278a2fe9866242d3d030101e228846e5bc8d3be897dac3993bb_cppui_modular381, - 0x074918f35c174078c7b30274c2cfda335de1135400206ccbcc5863161a9c1e87ea8b44605ce6497d46670c7214f92c47_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x00cd02b53f694b1a851bf0df1aa681a0f853dbbc8e36075bb8503428fffcef90a2bcca8cd3cbbd85938d7693cbd8ee95_cppui_modular381, 0x140feb6a0e87b95e1066f986e61bcf0e155085f573e3ce6953e9f6eb7bf0da43ff944ecdee49e4ff07c6ef371fffe69f_cppui_modular381), fq2_value_type(0x11bf6b576dc85512297c890d7db6094f5adc3de7c58daf686e9a681085b4152685afa64b2eeacca3f473026c48bab1c4_cppui_modular381, 0x17f685f39ce930a8a4f85c711540abf6e58a0a55291fc098430f10673f6a235f043d54fa7f30bcdd935f1d048a9d38bb_cppui_modular381), fq2_value_type(0x0bab1207d935191985ffc605354c309f4ec6100348d91b77aacdd2ae5bfe51e87eff8474c0e09bc9b0377a42d9ab887e_cppui_modular381, 0x066e5659b0560951d0e63e640f317bec0d9de916f701ca3377fa8a1f1c72001808d04c3b78597d7fcc607b66dbe4ab61_cppui_modular381)), fq6_value_type(fq2_value_type(0x0994bbfeba3680f607ef688816c17a72b1fb08fbe3ad6ffb6bcd3fbbc81b3183d61949fb7a77eac59fc33bcbf6a40503_cppui_modular381, - 0x185a593ae89638d8578576309bfbb0ce53ae66c6af1bcf28bdc6d815678852cbddc7cb4630f44b79653f5de0799b9673_cppui_modular381), - fq2_value_type( - 0x066321b303ae08e98a656e378e96d3f2abc4fefd6b39a16f161ef9b3fe8e66b2b7b9b97f58924684afc97143681aa93b_cppui_modular381, 0x1798915ec92dbf49b578aae63caa938f047374d7843afb9d5bd170fe194d3eb4bb57882890ef084cac5690bcc578e53d_cppui_modular381), - fq2_value_type(0x0cef8f02eec0326fb9755a9b8bfbeb886733a796d21692d50d60d2a9df64ec12a1db908a2a9c041fcb5ec2d10caf4a49_cppui_modular381, - 0x00ba17d787706ca24dcb7c04504802c4cfd58202c5b18e816407794cd62e1063bdb9f7528e12a0d5ea770a9947832298_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x06289e93e44a1f090a8e6d8366d6ac723ea5082b349a1321b1acdca8e1902d165ab7e84861286795abbc6d848721e44f_cppui_modular381, 0x0d68f1fba4098fc6bc57dbecdd318862dbd2d339be6112a036abf3f8fa98f33476334540140b86bffecd9883bcd5f3e3_cppui_modular381), fq2_value_type(0x0e6a6f08850c16823f7511758041ab52e3727cefe624150e5eaa3fb96ac80ffd55805de5259dc8ac81db8788600f0b1b_cppui_modular381, 0x092bb3dd5a6865c86e050ea7414823021cd7eee3efd6a40d1e59f84f916af3b49fd0988050b9b669b8a5e5c353a0cab4_cppui_modular381), fq2_value_type(0x00aeada84f5d058c3e44a7c3e90a8cb5ebbd5251e5ddd97b72f757fd20f4fdcc39f4172fee3b8f543061ffecaf536eda_cppui_modular381, 0x16067019047eb683cf3a271d6d8f544bfdb4cce61caee90278c7ca6c7521e26e3d3eb2a112e25888ee7306bbe7cc2dac_cppui_modular381)), - fq6_value_type(fq2_value_type(0x0b86c9301cbaec27f72357021fd609cbece937bd247d4d3613fe1c5a167467e8c646668f17ba22f3fc77a8ddbc7cd64c_cppui_modular381, - 0x053eb955cbf20eb9ccbb8bfd136632eb1628c9667a2f87218424229945ce42ad4a01b855bbc66c7f578e4034e889ffa8_cppui_modular381), - fq2_value_type(0x07733a893ff37d7d9e53a6155733406ba6e1931ae1a802ac632b540fd3e0cbbf6a7863d97435c208960767d8c03b539b_cppui_modular381, - 0x1580abf5c7aaff0261a561a5d4cb7eb9bef8348fa9fe3dc8f1365db10470b2d9a3323353adfe2b38b90c4a9367ffb255_cppui_modular381), - fq2_value_type( - 0x018fd046d712339252313c04626d8ddd34f56b2f4ccff59f58a473fb211e4c4eb1576814fe464f6cc31335a26d26d1e6_cppui_modular381, - 0x198de2cfeb262028d3eef3c51c84cdaf9bb9b2298d3180b151c85e483ebfb84bfa7f32d74ab0703d43422b3de6e298d1_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x091bf93f93eac70088ee29e573218f886f226634d357d4efe0dbaa6735cb2d8770348507678576c8f4d4982cebf40712_cppui_modular381, 0x11f16a79384f02bf27f2e673113210e648e710f0a2bfed8b8d1aad8f582b987468621fb8c2e5da00f4d691ef1ec3ceac_cppui_modular381), fq2_value_type(0x154039a51d7ee64e5264bc45c33d4fdbabb6c4ce9e341d10a8912b1fc97989ed92b1cd4e18951128a9e9ce78bc9bf874_cppui_modular381, 0x13073a917f2d877c549d2d42729d04b22138585079a0d5a88a19d49102b6bdd2bdba6de292ddd5164d74cb2fb401da8c_cppui_modular381), - fq2_value_type( - 0x0bd604ae47c5f6d4f955552f78babecdc486a02329fd0c4489abe6f36dd5bf827254fca72c612ec9f05d0f851752aaca_cppui_modular381, - 0x18615c8ae7878795c04447c06b6343e2a2e6548068c2de684305b0b44a9bdf1127cf6bf93206d592e511f2f39400bc81_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0fdaa6abf7a0fe05b237f50dd4b367a3e7471cd77d1109636d8f72fc1ff04c1731757795f3f5f4df93d06ab00bf26e4f_cppui_modular381, - 0x186d3be356d9531fe5157e3a763cc110945b5016e818138794debb1fcbb0d78a286a1826f6da770a4fab503827396938_cppui_modular381), - fq2_value_type( - 0x06e0263f268d519d06291ab508fa1fe19183d39fcde48c91025ccf9d95bea6fc2d430142cf6d4d6e28cd384997f8e4d3_cppui_modular381, - 0x0f35e28ab5138f378f0b48c8755ec665de57f5e5ba62819e4ca0b11dd2905c3642b2b7165649ef2b4fe1ed338fa0a28e_cppui_modular381), - fq2_value_type( - 0x00503cb86c324e1a2dec2655efb336e06a4f4aac1e6fcc0f0be5a6a2fe564ddd696c660d2f6bc42c901267ea0a34e8d6_cppui_modular381, - 0x09455e38db2072edcb7c67cd308111f99108f3506f92ba29297dc306bb79dfe26d94b7da0c572d2c524dd76b47c8f752_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16c5825097c134fbb314ff272bae3c9e44d8bb53e3876a0c9862e4c65916991dc29fafa3d679fedaceea2734fd2d7d0a_cppui_modular381, - 0x0be1faf775b50b9f3fec8e3de6d1251b8bb88d3d3026ca3710ca206ee047a935c438d9dca2c9dce874ae95f8e4b6e8c3_cppui_modular381), - fq2_value_type( - 0x025bbbb4e3f42734ad89afd255a86d4a7b44fa67b3151ebdbaf3258af574ec61f5c129db71eb1b209cd0a33e49b950d6_cppui_modular381, - 0x15416a76fca7b035e9dfb0246964bd6f655607daf43f8001cd5d2b933f0a557991ee51f78e0e40437f55f79e47f5e0b6_cppui_modular381), - fq2_value_type( - 0x0252ae00a3724d005d21741a17a4c9299b0907715d92bd8c9981ee9efd9ccf54c92643a07968187e606996d8504d3042_cppui_modular381, - 0x11a37ecd4bb0d04929cd199b14e83eff0b320f4be3de4f088346e2c80ed84407cc3f76e23f8cf2f2ad54c22f9bc4370c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0b8937236d70b06038085128cb755a03718e9d221f9460b7bf6b920bac9ef8e1a6433e87a6eb3507341ac79bf6810128_cppui_modular381, - 0x0320165b7a986f8f2c0927e6a63bcbb40167c42538d01203d7b5d2d2936fea2f5b9b42bc939c110023d9c3c4e68e8f45_cppui_modular381), - fq2_value_type( - 0x02ec7a67197bb1c50d58d53f34971c1aa94ae5a92b74dd498317e271c287d72ab0afb385a10e5f097c2f0b6d5c1c6508_cppui_modular381, - 0x1797fe9ff1a58c3bc0c2cf9967ddfb8ac5ae8b948fc8a077775ca0db525813efea1c9ae4413d0ad26f7b53266ca357dd_cppui_modular381), - fq2_value_type( - 0x1365bf62a7178f16169a04a03f3bc34cfd89168300ac68c8d794da77f418b51641dcb175eb85a33228b911009f251286_cppui_modular381, - 0x13250aaf3a30b2d5588d207ee2d63fe285d465f145bb929802bc7b6f6ca556d84252cb2f0fdebd97df436f161c8476e5_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x08dd0baf4cc4c55021fdbf8bcd38d27c83c32f1a8f2420e3d017e14f8036029dce4b47960f4fc8fc6bf7afa91be69786_cppui_modular381, - 0x06357e6e9524296b36c9c6cc5af30b2a0c1ff45578bd1eca61121b6fd0966611819af112d55fbcecc4cc71da7d86adfc_cppui_modular381), - fq2_value_type( - 0x0f997e9e9d34738cea97c195b306d07235767cc63003d60af6c6b18d030c6bc46ea928498a3f7ba96a7c327a9fe34ebf_cppui_modular381, - 0x15444304c6d940d83e7f0dd0e0ab9f528d82738726089da10300a6dfa1fb6eb66c4dd760ecae1e75eeaa48ef6eb29103_cppui_modular381), - fq2_value_type( - 0x1588fca489c1c013a9e78dfadf1f0b126d9a1764a99fa0478875c7025f90f4827ca8bb203133b795a0aaa90df34e3699_cppui_modular381, - 0x1485952c24f16f864671b4d6c143ef8daef69d402ea93acca4b3c168349b20a820c3ad32658fd3c89515b676e8202356_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x11c90fac4fc1e3908a484c66f320547ecb517db17c62d9b9d8ec4a4a57aa98da490130ab59b93179ed5545d503c612f5_cppui_modular381, - 0x10300a9b011ab7a2834ce2dfa93830aae20e4b85727d28ee5f5b59c24fa453eeaa0ea4a78814d6c024ba17c986e2763c_cppui_modular381), - fq2_value_type( - 0x0cd16d4877b9e65b377fa9d3b47d8cb5a5c0ed0282bb5a4bc5b2a60beb12fcce5ffb2f9d75d6bd582309f65d75e06c79_cppui_modular381, - 0x03396813e004b74711e8285b45e809f3e2833c9895ccfd30afac7f47dc741ce5f4a9cdd28a2a8f2e257cddafb68757e2_cppui_modular381), - fq2_value_type( - 0x0e5076adabf1e281e5ce7d000f43294dbaecf2842c474a8a06a7078652145ff376182743d11289ace4ba83386c81f572_cppui_modular381, - 0x0a6d7c45532b1a5ec8f69c7cd4ff78bdc94a7a3d00906f7f00cbbeaaaef4cb574c05587f617842c130bc42eca098af51_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x159f089315703e2aefb16fa4aea24c64838eacc7310edab6f77ca2554d4302b5570511aaef4d9d751d316de4304828ae_cppui_modular381, 0x064244a2309f7fe1aa66bc9df4a337597c55e5791b5b02ec21ff0eb8076c4dc8f87739409afa3b6eba77405bd0b313f0_cppui_modular381), fq2_value_type(0x0ef9c735e1af2d26a684783ae0b730642fc0d3d691f5998fc854c73643001709530f0893e49a258a1ba0cd3ce0aa27b1_cppui_modular381, 0x09e25b9707ee53b9b18aa441368ecf0d79d4c9f464613a17cfe869bc094e9ddb03b6b8dcafae03413d888edd8a4de865_cppui_modular381), fq2_value_type(0x0ea2624da7a7def6e791f0a4eb3a9f76f66d861df5208ffa4c37b5eefa10d5f2a82d059c7002f1a5985ffcac9c2935db_cppui_modular381, 0x17a94557a70dcf590a104eb033a2cc92df7ee0135dfe21c51c6e197c6432ce32119d745e29d6a34e5e61c8b442446288_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x01dc01a6745a3944d241ff50c00646174c842e1c0027819be6e7c1826ffd9cf44d7d2ceca1d7f27e76213f45d6b7e980_cppui_modular381, - 0x0f18ce5e2a3dc1a4f8c1f2ff9519c87fe386138b6eb6b36bdafedf63d43c206c4e4b34d4ed919f220928aef9efcb467e_cppui_modular381), - fq2_value_type(0x18ccfe922cb1f77adb6b24ff40eb995bd54d522629395b3929f0cf98a3a21c6442a41b9f778d78415957d72dfdf8ba43_cppui_modular381, - 0x0eafc73663c4558da4e54ab01551a9fdafce32f5c56992e11c3c85b89c92bcd3cb5e3649fd60f35ca98b455455604ee1_cppui_modular381), - fq2_value_type(0x1143774b3ef69def99f7d4e2b1e971e581c538e6db2d01420b1037f169eea9c0cd9d2fb4531b735d35e265ee186a798c_cppui_modular381, - 0x0bbc868064be0ba9bae5804af675a0927fce83caf64b6937d277bb7d7d7aa1ce3e23ada0eaadee28c326b5644677ca38_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x0df1ff4f82018bfe1cfd879bdbc8aa66f42d07e78badb345ca804c320e14b593f55567aef00fdf6ada5e096ae38e5656_cppui_modular381, 0x133d5671ff5915bb541937c6f188150ed7545041d34138748de789a72cb3f48fb9461c3d3f737a3110c242225fb96d38_cppui_modular381), fq2_value_type(0x0edfed06e1ea698794252092f1968c4bb18c7ff388b70db9e7f9b1b14f690581ce50d1020122e157ec92e1144649e81f_cppui_modular381, 0x0f1c6ed1e65a9a5bf4b84e0eae5e0a18cc701438966aec2643ced3760266ddc54c22dc5a421111f62f66038d7b552a2b_cppui_modular381), - fq2_value_type( - 0x037ecc3d63a0a1df33aa8ba2af6dfe2f63ea0418ddda51c7f5c3c19b527704d2af48e6af9976bb6af43bd866b041107e_cppui_modular381, - 0x09cd0a0635f4723dd6401df07f6da09783ef8ac2206fc2eff5dd69d8daafb9d0514528751fad7cd4fbc5280021cb6f0d_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x0998c7d54a67abb5d49438a1c964ba41c97443b500c6f05578bef4656e34549078d4db7db82f32cf104c7583cb59a30c_cppui_modular381, - 0x03fb13d0599f286d73197fdc49ba4ac17337a19b7b3e0034c28aac0b29ab14923b5d3bd23953d607c8761ad2a74292f0_cppui_modular381), - fq2_value_type( - 0x11c43bb1b8a41d198101012f2c87f4248d4b0a714da37215dc0dfb9d619adaf8afe50d7cd8a8675d3f3ab828150d109d_cppui_modular381, - 0x16579444d29882a2471491f2bd413914bdf8afbb6646d3f6c33c0978c31bec9919b5b6fd08f2f218e0c1634e296dadcc_cppui_modular381), - fq2_value_type( - 0x0cd273e525a01b0ba847beaa413c1d87e640a794185575deae98f4a4c32e4e36386f0d2478be6cc3bcb41f9113e99586_cppui_modular381, - 0x04ced2941685b97a5fa763c0df6c8e41bc53700bb7334f7648e9cbf51fdf637639f979e481ff4b5dce565ef623746b6b_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x164bcb92b4ec4782513bc30c122be365c2e74eaadb0035cd621988e6b1e1a5b1035ed030e3c47d8404ce13eedc36ddac_cppui_modular381, - 0x16e5a378b57a78724c00709036d075e6dfdfdbc52bf3f697fa41208d76e88d862111da45bcd4f7ad2cf1e1f63f99ded3_cppui_modular381), - fq2_value_type( - 0x15ca4c2066a322d885a0715b589adbdc4ff08c6f3e73e53002f04e88ee1ea2483c4fa81a5496568d1e9ebdaf5102a4d1_cppui_modular381, - 0x078d68ca700bea300310148e86b2c5e67b4013cc4326ae76f047047bd6a3f17ae787aa98d89b497b42da073f8e900da4_cppui_modular381), - fq2_value_type( - 0x15c422b4b59d3641675e83294b50080d353c1ac882ad5dff9e169f295d564167d406b6a781c4e860ef02bd6a8ccd0c9c_cppui_modular381, - 0x0c71c2aa2643a71b09d3ebd535cca5f345abdabef6890a2f9f9d5cc2eef1559d11cf81a90aa3c84394f334871cf4f0ca_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x103d3e9e7773178bac69c29aab093a153bd0c4a2dd542f29ba1e6e8df906d81fc09810b4c6e9e6006b3f15d43f101708_cppui_modular381, - 0x1428ba2ee1704eddb5bc89fae3c1e6914a5a30e5588995a892e23bcc242e9950119f6886bc6e4571ed685021545a15d1_cppui_modular381), - fq2_value_type( - 0x105fbc5a3bdc0c5e23ee423a142eeaa36144597bc119c98be7282beb7ff79c5838afe711eb7fa8509a8d52d1310dd1cf_cppui_modular381, - 0x0b464223972eb42d4f7b327e091fc31f39448e9717ff457c4dd3cf01b6c50b0671f2b1b1d4a6ffe357d553de02a6500f_cppui_modular381), - fq2_value_type( - 0x0887d566eaee0c1b5fbe3f023f4e069f542d8f09aaa8934e6dc9d82e11b5e5b0a0f183dcc830961a480bdb77e4008a1f_cppui_modular381, - 0x093fecfd59f5c1bbcde139a46fb9c60ad42f4a3a7b216b356986af0a5f2a2736c5f55aa36add7d423673a6a872e1aeac_cppui_modular381))))), - }; - std::vector> prf_gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x00b1aef1e45160612cf1c331d72fdcf90a48a792aaa6bf6ba4fa461e7ba278dd9e05b7a8d6f69de7bac3475a3a372867_cppui_modular381, - 0x09e2b087e9e3b05f570484e4eaf709932adbbd951ca67e1a1908485ed074d39428223fe7a38848268aae3af9eb8ffb5e_cppui_modular381), - fq2_value_type( - 0x19f2ea85309809b27d841c578def76fe8ad526f4f8152892532194e4c1aa2b2f5528d8a2100659389c56c56a8b0ef721_cppui_modular381, - 0x1265e45cf8861d1fcb8d2b124947d04f26f6c7f6a25983747ff3a13c2b7cde13916e72a2631a826fb129325250ae8307_cppui_modular381), - fq2_value_type( - 0x14fefc023f6a08955e8193f8c88f510ef170faa5dbc47a17af6092540a5596d6a4a2a3a69d3e2f02a8af0c59f8b39f28_cppui_modular381, - 0x0b530bb9baa032ffbc4e9b4d5c379d56c668593412c46945f6ad87dd8ef05e94248357ff853ea03fb5529e3dc2de197b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x157d46ed431d4e40e9b159e0a15201eaf1d6d45a637282f4ed05ca46a7a3ebbb3168150850f155460c57b05a61ea1db2_cppui_modular381, - 0x1777f0b6a46363c415560afccd64b00ac785031999506270b92a034473e9d282b937a44ab384b298c776ecdfcdc60fe0_cppui_modular381), - fq2_value_type( - 0x01e6d08890062215a1e63ad250572cccee5d840a56d93de276c6bae17353e8d98d6cfb2cb9ba62ef75ef98826fe4c7d6_cppui_modular381, - 0x04764c9adabe8ad8b8684d8d63c1581e7ab3252a9b9edd961fb1be840eed9efa46e675961cedda3b0384c29d58c6a17a_cppui_modular381), - fq2_value_type( - 0x12c361445d2b0b942d8ae634c684c31578409264ecc835194bb3b43665705f8ee82897db2d40c17236efa28541d9eb4a_cppui_modular381, - 0x15ed70ae38ba0cbfffb99e76d276e45b3b49157cf670e651501dc96f69980012046afb3e81f2bfbe079486e399409f46_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x01b2d5935a79b332bcb2299dfb78890a56ed571210600b3030b4be6825dcb208a0b6eaad277f044f5b70ad65bee27725_cppui_modular381, - 0x15c401d194d21b5f6bf2691c8726fa73f288a28e72c77d9c8386194bb36ec89e6dddc3772b77793d3104b89a5618d0e7_cppui_modular381), - fq2_value_type( - 0x076786ad2668ff99ecb68ad1dcbd762bfe7b62987022eb90120a6997954ca7c3faa1834c7dedddca559d0162236e09f9_cppui_modular381, - 0x081b53dcef5837a6fbb94b8bccda9395847c9a6ed3080b0458ad72031601f71b7f23b04f8e593f21f43244237b09e0ce_cppui_modular381), - fq2_value_type( - 0x1363007eeda768b8d6d9ea1bab6accef3e5f3b851bf0715b04f7317dd9a09f2af5dca1bc5efe8434ced4235b2da7636a_cppui_modular381, - 0x0e843bcb1b06308ea9beb5071f4de6e8dc1226011ef22afd9f682aca5db03f78bc407f4b5863c4612cfbca191d8d5264_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x09e95f183037e02512e994a0044e4c2bf373e9a8edfbfdf6425f0d610106d3b88c32d8da0e85f32ad84c038b5c20ce80_cppui_modular381, - 0x09d3f02536c1922e7c33f1686f43177a66d0d567bf2ecafcd47d538cc2523bc8fa03a85350fa766faefe33b118a34185_cppui_modular381), - fq2_value_type( - 0x15414baaa52b6952275aa8b31572a8f82e3472a735a697aa2168e46c2ff4f9ef5f6b4bffe03cc843a02c215438d10527_cppui_modular381, - 0x0fd23ec0c163b1d456808f8ecbf19bc8f3b138190efe5732fb0823d9702f137a7d0353406336446df0e555d5d3a42d26_cppui_modular381), - fq2_value_type( - 0x16969d63ddce6e18c9aa33454ca0dd1ed9328fc6c690ca8a9771d760e1b801f251afc59eefed8957e30fd51aaa65267d_cppui_modular381, - 0x1328d04762db65b76e3dbebc930a4a3e1ebbfb1d596f670e95fde50fadf5eaddfa609fc6567c8440fb6b17a6262b4e1c_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1601da1e0d9872d0fcf6ee1397e428101d1d4cc1e875982d091e3259da14e26e36e1452e4c084c3afe6922cf66c64102_cppui_modular381, - 0x0476be604483fa858416710bf0844ec5dad78625426ecf02a30b7d6a62d3ab92f05a53306168637790859e7fd751d794_cppui_modular381), - fq2_value_type( - 0x013adb66561d6bc6b11b79767cbeb7409540fdfb245c4d8f5b9ea802e4cc191b7fccae561b9fc995e259743b6ce41b7b_cppui_modular381, - 0x1752d2eb4feea2244bedb2eb4905c3df92b708ea7e0ea3d0b35b69894939f871d73e7d1ade15dd5c12d7d756be336fa4_cppui_modular381), - fq2_value_type( - 0x176cda123a05f85db65bca810d8bde65d304442c4b0c6a55b73a4ff1eaf466658d8591708fb12e9bc54de92ff2b4f3c3_cppui_modular381, - 0x01a5e0ad1f0e699d4154693d9aec72f73b4cc564329c12b63c27412ae4e258e1dfd71bdaf4e8ccc7b5624dd48a776ba6_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x097731a9641d507c5052ca1845b5cc6be3ec532d5dfc25a8b1b58bcede42ee776ae8a9dd8689962db3cd89a70015e0d7_cppui_modular381, - 0x121d0a0853908e1e5661da47c6d22ac6d803071a7d58da6aff6b2c9dea4f4b25fe75e68c56bcd8ca87d8fc63746125d5_cppui_modular381), - fq2_value_type( - 0x0680482a5fd3467e3ebc4ed545e5e4ed283553eef52004d47c7aa26c83fd91564708f9c4988e2b127477b4f25653e108_cppui_modular381, - 0x14f561c56f436407dd973d97aa11657125d91180686e9de942d6a976910fb7163769d143b1af2b004910e5bec05090f8_cppui_modular381), - fq2_value_type( - 0x02032ab591e4e4f68b300065faf1d47d907aac74fefb97717ce1a9aac1f4e187e30a073e4279d8969f42b6520e3d8fe1_cppui_modular381, - 0x15dd6bcc29111d943b782083c0c021426d02cf0d476e563600ba48e26fa367b644f1c0600c448f7cf059aebb8c72cb8a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0a448fe3b7bb0bb53a7d8254a6f24aa9145608aa2f3598035947d09757954a7d14154e27a1e347d00c939bb6e1b800f5_cppui_modular381, - 0x199dcdeac49aef35d2d93fd7979e604c00d87159072b34c4b03381c5cb31843687a4179021572818751e4cb94875cd60_cppui_modular381), - fq2_value_type( - 0x0450dfd0dd9a364c11b2f986c10302a7d0900e667846636187ce746741a7b1be758643ba6a265e78a91a523044b18f93_cppui_modular381, - 0x04ba74e0af496807b29ff97582d800e5fd61aef2f4405c865ef9d6cbaecfc6bca2ad6f4ce0b6a92404783d5dc0cec4ca_cppui_modular381), - fq2_value_type( - 0x1032d1301cd8867d516c747a21663f736866bfa69539c1f5efb3598f27eba06b19e0cced6a7c97234c485783e51314dd_cppui_modular381, - 0x0d5eeb11fe035c8b79e8b8077e3d30a565c1c5b0a05febdcbaa32e10466519b1c9ce20399b0b3b78c895248cf26c1099_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0457378d02c761f1589b5c4c05149d50c7a62a7bf370a7786f61fcc9a8ffbf7189033f7e40efff5124e7ecf180a38bb8_cppui_modular381, - 0x12760b6d51064deea64675bbd8ac39ebeeef3c8908a601ffd67418fe8f65d40449ae7b9a8e438bb9014676a767d7557b_cppui_modular381), - fq2_value_type( - 0x12887f08d80c60f1d69a3f0e4aa36118b1b43c33ab74ce5839de9cc4eb9378c37a53a4a3d13ccacc153b9e373ec1446c_cppui_modular381, - 0x15c173581eb0ce890b568e5a3575d5ae1fae665cbee6ebd88a512bad49d3afb2be3e669691a5aa5f1442e219c946ec17_cppui_modular381), - fq2_value_type( - 0x0b0ea524c1cd333c0e4cc65088d7981021feb364f441f213d418e668be41b57c698f7a731b3745ac581efd338ae27471_cppui_modular381, - 0x0c51c5ff592ff7a5e9be5531884a558bc17a1a079ff5297bd2b82d2a3b1920e3dd7b477a538908ade8015cb49c41da95_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x12346c1f7fde0a6481edf3f6350e2d9f39692e3770d032beb09edfb9149e237704358fa73381f0dd78f740a4b0033d37_cppui_modular381, - 0x0ff9e150077015c44da9a06aab2cabd1aca3dfe6e75c40f9e7b524f228c2c68b5dfb9274006aba7453e8fc6c18b72a43_cppui_modular381), - fq2_value_type( - 0x053e48b8ac981a1349e4533c1ff3e54e49d910789950eaa8f1e5b9c7db001c37b63e9fcca8109a0061e528bb2e4bb2e9_cppui_modular381, - 0x159d39a1835f517405528a4be8e4c6449a2da103b74e380d70088917ca4422e5d2791080d73e55ed5680016c4aaa3387_cppui_modular381), - fq2_value_type( - 0x12ee315437814f6f2e44f5a799878e5c10830e55a7be4514a8e14eae81e269dddb0908ba3fff66f0acee68935ae19142_cppui_modular381, - 0x13f30af8e898f773f2a2148efc7fa4d822f70ebda7ae6e378b5d9fb8f59c6ce9ee65b83234939386b461d044ff9840d8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x166df020c015f6276e5204b4e2ca0ac3f8f65a768dcc98074d7ebccd6c88420ae9dfc38357c4f2c234ddb3af6d3f67a0_cppui_modular381, - 0x0a140fcbaf24ab8445dbbba62b07a82f6493d5f18010fad9de743d733ffcc8666f5991a4ce972eae98ecd988ef8c800e_cppui_modular381), - fq2_value_type( - 0x16508a375db841cf6db5ff5e6b89bd4e270bdf8ef3c47a8a122aaccf9626a8f0d09f95428d7b9a3f84ce301c32ed7b94_cppui_modular381, - 0x12dbc882092d092790413662b65ab05a72ee56606ae41aba7fe40a374162b4cb6239a4d33b286e5a4063b15ae29241fd_cppui_modular381), - fq2_value_type( - 0x0c575fc736f1ef394259031ad9f5a794469bea5f021c21aaaf80d591abd31cd7b08ed3ba691b9da81a4b125eaead4f9b_cppui_modular381, - 0x01ed73bdb5cfee0bb4f07a7d7e5d77c7d0c3ed2ce4209884ed3862f0fbe9350ed4a539f068952365a1761dca3815adba_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1848f80569f51b1f51ed93b2e0b431c569dd46ff57e23b22463f4a31867e1c5ccb24fa4f5c8495acf27b673f8323bedc_cppui_modular381, - 0x15c234722d22e01afc249ee359f35e4500e0839be921ede8508db97ba412052d994a091c34276c6fc9022daa05f6a8a5_cppui_modular381), - fq2_value_type( - 0x151b69278602d041f5aab6aeda3f4d3e9d053396c0a4e770f9d3adaf1bcd8a6443376780838c4c520e0d7cc7ba6fce5a_cppui_modular381, - 0x0529847a8c4437832aabe0b4e1849b6267fdf1b1ba0672922fb2d6350d92c841a9af6837853f393af529f49561d0a75e_cppui_modular381), - fq2_value_type( - 0x0b2f999417b9d18478e67fb1026222d2aa536daffe9643898cdd280fd2458cc4aa6835d34ffce61ccc5e02d3b4a77431_cppui_modular381, - 0x152c179609332a6e00e49798f1ffa6bda798bc6023868bd0068b79dfbc2d2785807d932712855f2c2db2a1cbdba62364_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x117bc119a684a48051549bdd32f847984a565b884e6d4c5b40fb493bcae9bc6bb4a92ca5154ff51a35af126b936ca6e3_cppui_modular381, - 0x13587757d4ffefc27cc39b03caad6d18e8995a2cdd37fa96064b961426783b897c48b41783134b448e24960b3fd34b86_cppui_modular381), - fq2_value_type( - 0x16a4ba21b3b72631eb6eeef07b182ce2e42274a097e4bf3dabdaafb7db56dfd8120bf46d3d3e7473f85992e0876b33b0_cppui_modular381, - 0x12f9eb10ea1fa853ea2bc5d637c377f0bd4913a8cbf3d8f9ef864a28b4f35143d8d05f85162096257722d6eec6b5dbd2_cppui_modular381), - fq2_value_type( - 0x0db902674d16436db18d9c9fcb2c1ac721bf03b5c03dc748a17b5b01580bafbd4d5050b1e0d0aa4b720846d5ecb80227_cppui_modular381, - 0x15559199b2da460902c95f6b03012236c1cd1a4b3690ffe9fcd7555fbb71f54956e9b2146612a9c0f96c305d745a04d4_cppui_modular381)))), - }; - std::vector> prf_gp_z_c = { - std::make_pair( - G1_value_type( - 0x0268c098d516d238a5b98b417a4eafddd74a015afdd71b5ec8e77f65968747109d973bd4692b78cbdce709e2c8e58831_cppui_modular381, - 0x02d266a82b527cb98d009df3a7007566458bc9875c3c7d832799e6359d7caeb07d62e8b9148d648e256dd42df80ab9c8_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x098d0136c4faf97019ea68d9c71378bb2ea6a525c0f4583841308a27d59ce236dbab7e737c24c2a926d58f24866a7366_cppui_modular381, - 0x1645739768e311f9387031ef77c95c32bb06414feba6a32b59eeafd42590db1e2d3bea5b3ecdd35c01bb2f70f8ab0483_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x033d6764df97ba59955c490b3f465883332341ba981c3b15cca0df597b1900845cfe2738c555429ffe80eb2fe11949db_cppui_modular381, - 0x152b60036ef237ea6f7c7983a4b3d8049ebcd642c564dc2b7353084ec137d99288bb8b1a5cce09ee584bafed2b561d4b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x021dbef38dd8f6497801a51450a0c77567cbdeef18efc308a57c74781071ca7cc22272b2ace07668267e42cd22a8995e_cppui_modular381, - 0x1191941d6c16ab9cb46c5f0766fe3838700f0c963b447e36510cbee174261073ef8094ba9de1c608cad095517a15989e_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x05a4381eddf7fb3b55ac1863ad3f60448725be71dbc41e02720c69f765d03ed208e7366cf97a9da68c8942c04c743b0c_cppui_modular381, - 0x060eda7c5abe405f4522ab429d3abd53201b04abc135e78610b4180f21279d714b9b89121ddc4512a81479387e755eb5_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x14785323043adf296ccfab046f108fa83bfa330b207a2208f3f6c644811b0e2d79f43e8cfb99cb5b8d2a1e74f68d5169_cppui_modular381, - 0x04ded3c8b339f1c646f09c41f0d24f7295d3242d78a6eb33641968717b5ca8a6db87ad13fbb0a787f18c68c9b9ea5889_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type prf_gp_final_a = G1_value_type( - 0x150bfcccbc039842dd1f95a36a6c96a3fcfc32e148f116b80b3a6d56563453e25e6640415beaa94049254dec9e8f2602_cppui_modular381, - 0x0b12915368319e9e1ccded4c7d1c53668adfb878ccf19c7f6f074a25ff2e7d74dd192212d4b83dce4cc5113606e3d187_cppui_modular381, - fq_value_type::one()); - G2_value_type prf_gp_final_b = G2_value_type( - fq2_value_type( - 0x151257911ca2d7491165a30070ced08d0460ec10a4be856f8f7cd095494febebd99bb09a9e21f2a12918715ab47ffe6f_cppui_modular381, - 0x07ec37f83f717ea2471c333762e211fabf76505fe39c120a7b67aea5005f28fbe331c4b36ec2a629ac307533af4ce8cb_cppui_modular381), - fq2_value_type( - 0x11164b8f17d47e0ad531717116d6d7bec1a74dc01eae24e9f3a9d2a86daf711a67243496062352ac030c32c148a35a7d_cppui_modular381, - 0x0f0b3053676c7dc55b22bcc08e5a006f377bb5844f3e161411bd1abcfae90fe68b0c752069b73795a69ee0ff0fed7a42_cppui_modular381), - fq2_value_type::one()); - G1_value_type prf_gp_final_c = G1_value_type( - 0x19e65ad0b31685e1e2b47587d76e53731a65b26747b8148c8698c8794966c57bca94fb098a187657f4255bd5909732ba_cppui_modular381, - 0x1110759792228497552cc9e27b29749125d45eb17072ef793a1e694b46fb8911ab3d28f29289dfaefc12964543f33127_cppui_modular381, - fq_value_type::one()); - std::pair prf_gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x00cdd5416f7078a07e864d7496a6090ed86c3a96d4de3eaad8954cb4eba7e7e1f47e87643ce8d9ee1b44bc237c2e3cb7_cppui_modular381, - 0x0c373f6210978b647242a5130ad9b693625f599efcccaf5480f54f8f0664f817bbc3b63ea896b8564bb6877d087a5dc2_cppui_modular381), - fq2_value_type( - 0x11d122f060ca5912c955b6089a7a385baacbee8815c4bef8961c367b7360b2640c4cdc878b7dcb813f0056872282ca00_cppui_modular381, - 0x1289ad91102723fd00ed8be6665f9e45231cc670bd04fdfb1e195e3a8189badef4107cf29bb231c8858825d7bc713587_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x01da08a660916a97871d26b13c65d4410cb15af373198f71fd48f47d7d91bd9c8ec29e69ac6e6718f302d871201d6349_cppui_modular381, - 0x07f3de6622d9beda60fb13eab19a7b9aaff9c8652dbf03365addd80fd6606646cbde8e39330081297bb1c39dc5e102cd_cppui_modular381), - fq2_value_type( - 0x05f9e1779a7c4af9421a46ecf31917288ebbde532dbfc3ba76905d722facdfb3fca483f7bad5e55584a676b71b622075_cppui_modular381, - 0x0587f5f68a3b5e237c0e52979b7fd84e358c65dd9d23aa11a46a09295b405827eea5ae23ae0d518d603c13967955f311_cppui_modular381), - fq2_value_type::one())); - std::pair prf_gp_final_wkey = std::make_pair( - G1_value_type( - 0x16f9457eaf8b55535a407ba4b9196af162fcda3813ab6284beb72a5fa7c20699f4f2056b2fbee325117590d441c6ba48_cppui_modular381, - 0x054960f9e8db822e588ce9739ce0bc429abd306a785d451c6a394177a5b0a9f73420c4493f0a72a4cf76bd6811d6e069_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x106aecab790664fedb0482e933d416463dd5f3cf80a87a0e93a533708db006dec149efb85ea2900798206350fa612a86_cppui_modular381, - 0x067c919b9e9290b62bc7caafe3862e11cedef9282960d5a7825d7101fd5103fca4e2f278a9c1511ee502f7d2a4ba5756_cppui_modular381, - fq_value_type::one())); - std::pair prf_tmp_vkey_opening = std::make_pair( - G2_value_type( - fq2_value_type( - 0x1793259d17c94f22ca7266ec6cf3e092fcaba6ea3e16a84740669b4a970947e65598bd048080612d6dbadc3fb7f97132_cppui_modular381, - 0x136a06edf6d4c48c43ffc427bc3307d95f9db165c64a271ae9b878be2ee052fe27b73ac01f08a7d84b79e0603c962086_cppui_modular381), - fq2_value_type( - 0x149f50b3e949b6bd5a78fc6d4f84f539e5533f4b91a0c7f165aaa64767a4cebc0df7134e8d12578fb6b1e6a1b46c0645_cppui_modular381, - 0x07b520f1cee938a333fd4a90245aa77ef82fc7c376048ab4932c06d465eae0c61489c617d18171f4f63b8203c2c89ea9_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1625e28fa50298a985caa12889a641130ded675101aba6b2bea2dc6622a8a241f8ff50b35af0f7de0c962414a4e1ea7a_cppui_modular381, - 0x0d8f5dcd8981717b07c93a0234e28446161ec25bbc6446e81a26a999149c8d77ee72267276f91cee69cffb54612ad7c9_cppui_modular381), - fq2_value_type( - 0x198ab322e1f90ee79d568479eb43e45e9c99e25cfa1a971fdd94a7c8613e164e0e41b0c7a22c802787c8935de6afc8e5_cppui_modular381, - 0x192e723117432a0117eddc105a9d51271c0d98a7e678352ab03b8a4a2516458d4a929f2521604d54c8efc47a913b7c3a_cppui_modular381), - fq2_value_type::one())); - std::pair prf_tmp_wkey_opening = std::make_pair( - G1_value_type( - 0x0fef3bcb3be0690d6fb73351058eb5531d305e2d2b743060a900688edf15a3c5604e9d895a4309d6c8947718b5df9cae_cppui_modular381, - 0x0bafbf431a9aaba5d6c0b91ce4da4e24bbe3d375516faf7e81b7525bade40a8e57b73ab92be9fdd14865e16bf8dfaf65_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0e8cb9990147d608cf2d410989e421f8d53d807eefc80ec7f2fb4104c7373e0a14fddd2807ca2c2f820d6046f2071371_cppui_modular381, - 0x175fe5d48268e68c35d95ec592a67ba7bc495471c87b882f115395242de818cfa8433d3b807d58422786477e33aaa339_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.nproofs, prf_gp_n); - BOOST_CHECK_EQUAL(prf_ip_ab, agg_proof.ip_ab); - BOOST_CHECK_EQUAL(prf_agg_c, agg_proof.agg_c); - BOOST_CHECK(prf_com_ab == agg_proof.com_ab); - BOOST_CHECK(prf_com_c == agg_proof.com_c); - BOOST_CHECK(prf_tmp_vkey_opening == agg_proof.tmipp.vkey_opening); - BOOST_CHECK(prf_tmp_wkey_opening == agg_proof.tmipp.wkey_opening); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_ab == prf_gp_comms_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_c == prf_gp_comms_c); - BOOST_CHECK(agg_proof.tmipp.gipa.z_ab == prf_gp_z_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.z_c == prf_gp_z_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_a, prf_gp_final_a); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_b, prf_gp_final_b); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_c, prf_gp_final_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_vkey, prf_gp_final_vkey); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_wkey, prf_gp_final_wkey); - // TODO: shrink -} - -BOOST_AUTO_TEST_CASE(bls381_verification) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type alpha = - 0x57aa5df37b9bd97a5e5f84f4797eac33e5ebe0c6e2ca2fbca1b3b3d7052ce35d_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x43131d0617d95a6fbd46c1f9055f60e8028acaae2e6e7e500a471ed47553ecfe_cppui_modular255; - - // setup_fake_srs - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - std::vector pk_vkey_a = { - G2_value_type( - fq2_value_type( - 0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8_cppui_modular381, - 0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e_cppui_modular381), - fq2_value_type( - 0x0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801_cppui_modular381, - 0x0606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x13e5257ffce3eed808841bcaba1a63f907e51c5452ed1d712d2a80ad5b25054a85b921708f89c7192344e81ef4c2d18e_cppui_modular381, - 0x09843c0db7c3e6376559357d41d1d17049e22557e678eca1eeb8d46edb02049159a2a16f3a74aa49fb2b1aabe13e882f_cppui_modular381), - fq2_value_type( - 0x08f60d805b4372d432b2083614477fc24ba9bfcd450f86d05e4634139ad11307fb8a39679f837db216620320c40dd10d_cppui_modular381, - 0x0059498ec17559ff4e7f19c9601a8fc6d1100680acdad1b332575bdef424daed6b989e18ad96e7f15858a336730d23a0_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x07cc3cecf1bf7b4302b549e6094806c3e92c83ab71885ea649d7bea56722a79cd5001ecc8bd7719f5dac452fde2dc27d_cppui_modular381, - 0x155ba4651c0c2b45d4791035947c0416579d9dfe604c94e26f15acfe1c6a4bb3ba5193ef7ef31dbf458571704f8beee5_cppui_modular381), - fq2_value_type( - 0x14f94da9ed09785f1041a7b998cabd45f472f3f499f9f48d6aac1660809c8a6d0dfb4f16a4ddca70125b61369d4e96b0_cppui_modular381, - 0x04272ed3d067c55f4c3e140e8333ae3711e6b82db32fc5a1f7f7da144499b8a7af62f7fcbf49b53f1b0f068be7eccfd0_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x09825619542ee8320ff4f5ba380fd3282ec16026beff6651648162cce26452e187c30be5fbd5f929f3f32c0c02860ca1_cppui_modular381, - 0x0cc2ee914ca20bf39af2e0f3c0193ae301a2a3b978f55df8f87d2c7b9512ec0d83185450ce7b83e4da4a5276bf1de448_cppui_modular381), - fq2_value_type( - 0x135a5110ab1d4581f1d213909b0e36efa8e0009de0065a6bd68374429ea80a9767172f12420ad616d4edd7346942cb6e_cppui_modular381, - 0x0317f9c89ca98f293f8c52b8350938fdd1cd9de5d0e7fd67db5ee0daaf60dedd7504741a7dd2548520eab87a082739c8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x02e1b72552a6bb211c01ca8701d58a62d9e43110853bd12bac43b76244b41ed90a112585169938ce675106e205b9f984_cppui_modular381, - 0x017a3560faca0a1a19017debea64721060a4299ab0e9839a7cbc436d47ad8551652fdb9b34814d8fd4d56d191f7f965a_cppui_modular381), - fq2_value_type( - 0x0e14db737c6803325d53f89823090a4310ab2deaa428cfb07dbc8563ff3dee66d67c5872923c863c03a44f7e73fadcbc_cppui_modular381, - 0x04893331cc41c22fc44daadfbaa8ee50757ca1ae5753fb8ff92323fd1da33459974bb3eb433b54076e52a2ec85ab0ba8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x01ff99b80855d463be989bf8afe767a8dd3d99ba24e26d337c5ed0c8cb52aed049354122e55a58215783a539ff6f14e7_cppui_modular381, - 0x082ca3714156b517d6554fe1ff1a68a8684e988c0bf359bc5373cbd63724da39197f1590f83efd437d81e5dc66dfc05f_cppui_modular381), - fq2_value_type( - 0x06b7875ef9235e62a37801738d05502341ee0a0a407ba1a85918f5cc3c31f0c62b6ba63169c1fb03230995527eda1b32_cppui_modular381, - 0x0ba03538196408591e4ac5335ecd09d104a18944d81d0fd174f9d2beaafe4b65efedb88b514589ae615f0549cadca6a8_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x05cb7cb2ff51aa91b53e62decb5170e2bd6646aec10c729aae308b9601d961b2f2a8d360e247ed6b8e32dbfbc186ecfc_cppui_modular381, - 0x13c560f1b44a70ab6cb5543bbe006e729c6d47f6ebf264561aad33aa057be5cd63152d0fb309be094ce5a4a64eb8a74a_cppui_modular381), - fq2_value_type( - 0x170c77d828c1a5a7c8b26646a3efdc37090f0462a4c16018a0b87767e1267ba474c7b0209651b9fedd4529a1eabb3be1_cppui_modular381, - 0x0950f2624a4f3a5005c5af43de19cd884629310e9cf62c1f837e2817909facd930ff58736b852fbcdda8a3f67be12cc5_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1292443c76f4a68cf038d74fb109f8d53b9f0e3b3be75212eea3e25c5386f89fb68ab9d4561c1a534a02adf161fe2cc8_cppui_modular381, - 0x03b936274a14066ee633a18d73cf519dbaa84e92053d589d86387ff6a8cf97d3737be7bb903392a2d8510fa2f5983ca4_cppui_modular381), - fq2_value_type( - 0x03b395cd1c619f2802fae59fd092f65ee7aaede32a92c7d7748ea6676e9348c817144a08e768f7efe5c6b2d13cb54303_cppui_modular381, - 0x198d3968741b6c662dce9942866b4fff9522b8184f1e7456da72e89c5721916416a981e2413499b942713cf09fcdf99d_cppui_modular381), - fq2_value_type::one()), - }; - std::vector pk_vkey_b = { - G2_value_type( - fq2_value_type( - 0x024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8_cppui_modular381, - 0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e_cppui_modular381), - fq2_value_type( - 0x0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801_cppui_modular381, - 0x0606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1092d6886f816dad06c1d0ee93a168d5523a293d7c3e96a817ba1e5936b3837d37bd3d7d8b452e69c042422ccff49730_cppui_modular381, - 0x107e20fcd6e9794de121a9d4105059576811160e1995e6d72fe9a8a1b61079eb144d41bf2e72a2fec9bdafac618fdfd6_cppui_modular381), - fq2_value_type( - 0x0759d4b33c9d00e6dcc14b95259490cc57b47ed16790904cebb6bf0f7233e15914acc00010efbfe06620e91e623100da_cppui_modular381, - 0x11cdaa6f9efba3c17423d84313e24f411f5a571870943eb488521c3286c0896281275340ba0d4b0ed5ac93fa9fa6f454_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0a76040f2f322bbe0b4c5c158f353f8187aa17b7f29e5d92fbafa17444dd46fcdb8053a6991609178964e185f7010416_cppui_modular381, - 0x109886af215cbcb89e8eb03285e5af5be32e7594a71d6e8f76cab81c165516afa1c729d5d3cbaa18f32b888e4dc8b8e3_cppui_modular381), - fq2_value_type( - 0x085bfd4c5f113ebe52cfb78900438aa67f2e515f729f72b5d01ebb6a7b2fb238f1519912f1ee07948faa2182455155b4_cppui_modular381, - 0x19cb1b61514f2293a7eded56d7ed72e6f5e701f69c1aaa443e53fea17489c305c142df0c7856b363fdfb6b6807662713_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0ef902393a8a91fda1a7f2a309007aa05734166b37e5c4be462444da3193c18ca7cc486cbb8b283ea2988e0f8915a2db_cppui_modular381, - 0x02202489dee2f690205cdf8c2c574ecd39dd1ec3aee67ab0eeddbdd64dc40db580ce52c473ca3116a74e5610be62498f_cppui_modular381), - fq2_value_type( - 0x02b12927688ca7378015b66eec9bb70261d9ddd0dd12ca910dfff26c37e4b12164fa75b356d61ef1ddebb3c949af0956_cppui_modular381, - 0x0b8fc8269fe35645cf44a8b50d268939f9ff91e8a3e5c330d005e51db2af3a8da8682b116bd4d42598b710ea42422cc2_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x177fa050dc1878e000b4b04db340284dd026e7cadedbdf8dc126cafbdc4bb7ad329f0acc1b19260a92f1f680c85dc0cf_cppui_modular381, - 0x063380010a1e3cdb9445952921485e4e3ce6ae21b9eae41e108f96f105123a8c7e3b95b5ae43e3923b9afbcbb213a414_cppui_modular381), - fq2_value_type( - 0x050ee2081d62b70dfc3681f20461d7f0419d5dd77d05da0eaa76f07d6d0a12fcffc4c9246f1160d86392c3dceeb06d6d_cppui_modular381, - 0x0153c9fccfb018f4bc403458ca1ad2c50214746df68e3bd5254e2e6710e7fc621cf3b4e41aad46bbe1c9683728411fc4_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x10e5eee5ade590a567426ff7d9f536ccd9bcf1f4778b8523e226ee72e323ea0755b9703d99aa41c88ade3553400ce5b5_cppui_modular381, - 0x07543c642fcb2c1be9452002fca1f841b882ff49e9ac3d7f376e19b470ba9055fd311772fb811159b6449f9263e42142_cppui_modular381), - fq2_value_type( - 0x19b89423df5fdf0556acbda2683ddf03692af4fe843b940d8e792c1869448c152608d726652dea0016d111a29103e59b_cppui_modular381, - 0x0f560b3e1647ba37816a1fcafe8cb7924177ad8839d0dfd4eb767b6a6f07b76ba1e4415303e6a52d16ba6a5f7485f25c_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0ef5d4e85c3a8fa73f4e7262599a9f7bac7243a9fed5650e58b4c00a7a908975126fbd20df4830c22d7a8a4299894891_cppui_modular381, - 0x01e51e57dfb30ccfc5d6a0bcd574747e70e9c87fce5c198dd46318bd81e34fd6ef0c2380878e71ae330ea7f6d0e998f7_cppui_modular381), - fq2_value_type( - 0x123ac807285a456cce114701b10230d169bd0ed876d7624f7a4c9824e2b53d97c2cd09d8cbe1d7c362007a2aeefa01a6_cppui_modular381, - 0x061947176e5c9f8f650bd781d51015369cbe9fdb1c5fb6711ef37b66e4705837116c3c71c53cbfaa1e44814b1a0442fa_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0b0b09a27a9c6aa5a68773934499882058b9b5a2ce4f873ec70de8a8fbe586d409537fd14add0cf2bb3c4b2749f0306f_cppui_modular381, - 0x064cb42e6c5bc8891c044cb5695c3b3824a926d66fbf9806a3811b072a1ea46e0fc1dcb8c7b4df902b6f86bd5d497063_cppui_modular381), - fq2_value_type( - 0x0b9e9bcaa0c3ce9b91e0dbb85d3fbf21674c93bd26c64c22445ca9819b1a7139f45b4422dc13c0239acaada16f8b1c23_cppui_modular381, - 0x128acf27eab87ac625ff0ca89705c8fc4c26d35cc645dd87145ff244a859bd1d706790c07122a4203e0016a1e472fd39_cppui_modular381), - fq2_value_type::one()), - }; - std::vector pk_wkey_a = { - G1_value_type( - 0x0b522ca98912012126ad986195512d8d9259553fabd1cfdd926d671c4aa8db8b6427f2479e18dfdba1c9b46c81bb5e17_cppui_modular381, - 0x014cd687b9641dc21b9bae8a26ec95c9501a5bc5c7d710878ae81bbe2cf7ec14e17d7188882a571edcc3e185815414bd_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d806df34d7ba36af7569b2c936b27c8a292242e0da0f9dfd0d6bcb0bf858401c949fd1b7bbe391b306f5d95e126916a_cppui_modular381, - 0x082fdd273edffa8a82960b9a77685c9edaa202ac9ded5f6a40bbfc83901baac57e84001ca731ce2dd28ceab9299d1023_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x015d332f8ae2a232e0e41eaee8e718db07d360aa4e7efa10524b97f2e209e03405910e94abf3cbaa91ea54ebed391b99_cppui_modular381, - 0x04dbab44c5d1a057a65fb4c98d88e43358e4de735e0fc575379a99764167fb34b05558e093ddcf81c10e48c791213f5c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x009ab2fa2fc3c370245b8e860672efb118248c8851566dde51e979e78a3fe7925bf0c1286a8091b70498b14695257263_cppui_modular381, - 0x1321ecd8b5990ff6519e090b033f3a6a3e57f501bb71b359acd0a9521219b559f6a2b3354f93928385eda276e84e6530_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x017e3a7e26a60a6edcb460c79f337f37b292029ea396fcfde82bafed31edc205937bc145e5d69c8eecf87d894584c791_cppui_modular381, - 0x127975318f793df99a10a3ace2b49706a29bbb9a6a974d205aad427d3e98ea263fc2a0dcd8b647d9b36b9241d3e653f9_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0a9d2406465e2197ea5ad674fbf51cd16d6f885a98c6500dfe572dffcd31cbaf4063778692a4f6111118627cb24437c6_cppui_modular381, - 0x048c954b203cd7403f46be13699c0bd8b295c0e5a112e56fe37f367a9115cdb72ce8d7691e9869a92b51f3556258f52c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x087b91d367dbc6b564d8b43e4370e22bba590d5c56c21c23ff16d7a8b220b30f5e46f6ab8104ff9193b5edd93bd37044_cppui_modular381, - 0x1105d394dcc72fdbc1e4609c98b59f33979be317305ae2ab1e10a9ffd58c4dcf2484cd1842d7b02575358b552b1155fb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x12e26639adc0ea9afb6a833e9e5fa60f7315787803189d438a4070371a011623c47718f34e24656d9fa105c54b0e327a_cppui_modular381, - 0x0c84c30fc69070f4d367010b6a07a604446144af73a8a7c681d35a5e43f8be9d327b324a699464fdd57cfa5248e5196f_cppui_modular381, - fq_value_type::one()), - }; - std::vector pk_wkey_b = { - G1_value_type( - 0x18d26cba6cfb23c442c58d0137fa35e080c458b1fdfbd3088e666306f965a4e32aa3f7a077b22a9af6ba4ba5614b241e_cppui_modular381, - 0x06c0e13143d4b7c802064c54097165e5be9b091125e513c9927f9452521bde82004516d2a6e38fd7e5ae3fd10e2eb549_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x03f8962168d7f9ccb1cfa4232f669b2ddf7695386ae5a684c88ae96ef9be862d52afb315bd9b361643cdccdfc7a7db10_cppui_modular381, - 0x03264c2a67ed8aa5649788ae48348c0fe50a9743a7d20fbfc927dd601648df09571dc58b3d2b3519b66ba9c5920facfb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0a955178688ab5b8a82620a97193079199be803d26214d35e350685b5c40fecb184e0f54026e8c0482f264a5d076591e_cppui_modular381, - 0x10a23cbc888b71b92a9fc336ca7a7f2c7b09de6468e032285558fc2e73616849ed23931b9803bf049b0ee45e8c20cff0_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15d02caa8cbb5c58a7997ea859d7d8abd1bc8d5b5e42e4a9a1cfdd09a3e40107cffc81a1e4e3275bafef1130124a95c6_cppui_modular381, - 0x00bc9edd53e769309c4217a83813eeb49f4cffa1a6dc88f436b1b45e5d8fc4fc4784e4927f3f8ef43ef3ef52970c07ee_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15fc65285a90a3b665f1cea98c7b5e8ffe6baed2a55474ab825a128a145437abdd5362047d2771b40e4028f6eb44055e_cppui_modular381, - 0x0e93e516cc6592b003c6cdb33157fe920a25972b6275735a7183fd1eb3be495d0b13aa6467b4fbb4f36663609db07b5c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0fd5d25aeda51c5ecf03aa7b399a7e5df53c7a9dd05daba949bcc46e8c8bea53281b20970c1051295820c212563d27f8_cppui_modular381, - 0x078fb03694b51834eefb217699a8ec4dc61f8b3532b327a45fd52991c885df3e9197b632c2f1e1bb6ac0ebfa45ec1c51_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x06d4d645adbaf6f308b0a5bde1b88b9dc53705398885a29c8a47186e84784fdc53b6019c6e55ed8aa17fce508b16ca4e_cppui_modular381, - 0x0fc0ea575892e2426ba0ab18187eb71cb991207e28306f365f8c1ca5316cc790aac99935ae77223ab16be61fedd59839_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0a3e9a3b12ced9477656db04236d14d9e9c65fa43f34d1a0bb317ed469210b137ec4728f48bb156e8b8dea8d3e64bc1c_cppui_modular381, - 0x0a1abc5aac3dadb984bc3e116f0906c59393da9905edeaa173ae06f8327ea25689973d0311ccf8909d090403db038637_cppui_modular381, - fq_value_type::one()), - }; - - BOOST_CHECK(pk_vkey_a == pk.vkey.a); - BOOST_CHECK(pk_vkey_b == pk.vkey.b); - BOOST_CHECK(pk_wkey_a == pk.wkey.a); - BOOST_CHECK(pk_wkey_b == pk.wkey.b); - - G1_value_type vk_alpha_g1 = G1_value_type( - 0x00dbb88261e862ff316a63b8cacfa558a5aa7e6388a085fc85fa8d27b06759a548a0aedf3c9ac0dddab13b3ff3d80cc1_cppui_modular381, - 0x030f05f9cc508bf38dbe76fc6d8a9ed218e5959f5ccff54a28a02a80457a47596d99bd0f5f6c3885d518d4dbdfc2dd37_cppui_modular381, - fq_value_type::one()); - G2_value_type vk_beta_g2 = G2_value_type( - fq2_value_type( - 0x068ded40c1a55dba490d3b49fb644f7e43662ba502165e84e50294b7ca82d4d7bdb5d93a35702b12984c8d600091ec18_cppui_modular381, - 0x06de2178c3bba1698dc0e1b8de6032bf70b5927c1a7cdd7c902c7faf1e78db8dd732d430458cf019c94fccaef3c0ee6a_cppui_modular381), - fq2_value_type( - 0x00f901d1cd3f52c6ce5c44533dbf86fc80326e9976d07199be08505cf1f3cc8a7a97d4d284b0ffb6f8fb2cfd74c83c60_cppui_modular381, - 0x176dc9153e5d9f1ffd2873db39b7e2fc2e61df272227fb184f6b654232ed1ac25227f5460669284d01005453e3f5de10_cppui_modular381), - fq2_value_type::one()); - fq12_value_type vk_alpha_g1_beta_g2 = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x15e21266f7c5ea7867820d42b45b4f9dbdada05f4e37cbc8ad33c02139b1b6d1d81425efaac363937c8246c11516be83_cppui_modular381, - 0x19e0d83cf285adb06309cb20e1ddf4cfdd78665891fcbe49b4b0b98d10e82816e5fe7c700f07908a52b981f1f2028b92_cppui_modular381), - fq2_value_type( - 0x099c1f3d824c2ce11fb86b091c24c1e1148dbdef4745118a8b0a8d38d770e34c13ba8960486050dad506ae333ecf91fc_cppui_modular381, - 0x006eb8e6184705a1f3d1c612e3e28a31b005b72d4efa0a38a9b4762731a5e274e2ef0b3d62b547411628e14a6c6be1ae_cppui_modular381), - fq2_value_type( - 0x0726c2a051280332c32aafa6194b0415b3ea2368c8879ccc004b0ac8b89b45d507f571173cfd901375c62a20568dd481_cppui_modular381, - 0x135edcae93eb5ac85010e967510101f58d339e6048f18f8b16a6f0eac490bd88b414c6612e75fe469b92cc277f308527_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0151a2bd2fa29771bf5188d9c33175979ba7c55586830e659f8d5976215265f2bdf2c3eb1d2f302fe83e1995f2a5edec_cppui_modular381, - 0x10dff806f415c174c43b0daf6586da7547aaa2960e80ac1fdd3e7a0b1a34f0f260466a2070bc4e8079398ebb30281477_cppui_modular381), - fq2_value_type( - 0x14a6097c017bc7500b737f6d7331049f37c893854316795fcc23e6d90ae5516180210edc024f8d979886d7c47ca65da8_cppui_modular381, - 0x16ade7495122dd7c6ec113e0527c0333830f393ba40e0158c0dc58ad43459287bf9eecd7a3eaa8146442f73803035711_cppui_modular381), - fq2_value_type( - 0x0464c688647b6de6fbd5a134ec479fb6ecf873c441a983b38ed7b1146823258ece76ab68d3f873f4983f09d86cc9f0b7_cppui_modular381, - 0x07420be6059e97d7ab30072b6a90703f1534037c2a62d40d1acd28f83fa93a516d1775b131ed8bc46f67691597dc3a97_cppui_modular381))); - G2_value_type vk_gamma_g2 = G2_value_type( - fq2_value_type( - 0x1333bbde340c3be8d29537fbf8a661b22027743ef5cee4635b800a273afe98b62f708355dbb45187034180a46d9e6196_cppui_modular381, - 0x051da15946eb469ba6f3e8f225d06250207fb757c4ae0df9521ecf11903eb70864376a664cfee29867b4869119c1cfbe_cppui_modular381), - fq2_value_type( - 0x0baab12c979dc4d9917948b2c24002038e4c304a3914327ceb80aa76bb8b8e9665927d46f882692d5e8923551a44f5d4_cppui_modular381, - 0x149ce899cce09392073f6f04b022b0278db3c3d0130de1b689ce51b25379946de9a0ee5576c3514561b667937c4980c6_cppui_modular381), - fq2_value_type::one()); - G2_value_type vk_delta_g2 = G2_value_type( - fq2_value_type( - 0x1104d524c9b324fb1e15679c73df5930d71a2c89ba81ea5ec5857a988acea848472dc8ffbae686bbe267676174c6306c_cppui_modular381, - 0x09bf8db82396247f9b8884c59ac6cb9022c2b2921987f92b72e6152c2d7e27208a7a87d879a13d2e3dfd4c28b66b7c8f_cppui_modular381), - fq2_value_type( - 0x1792b5390b2aba808de3f6c93be32b44b6f7a49303cdf33eedd7ad0a418684c7f94249ffbbd0bca178c0e6864d899ca0_cppui_modular381, - 0x047c55f72a491f8476b5b4848e124b3bc1faea631d931d97951e580f51fa22c27a150f7efa689fa7ea92a2818410b7c0_cppui_modular381), - fq2_value_type::one()); - std::vector vk_ic = { - G1_value_type( - 0x0b95ffa1d9439d039bec038f3e17e29431fd4d34f6eed612212c4f44c2096a6546316cc3d1081f812fa0ca2e648a03a2_cppui_modular381, - 0x046a85977315abd58c098ad06187b9f58d809e01650b409ed162611daa90fe51aa4c4e52504e809dbe43e8951f05bc4a_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x049736baaec290149456d283601a3bbc49e52a0d8c405f21e12cb6dc7c00a1cb58776ffc4b2b8d8eceaa55a18dc50eb2_cppui_modular381, - 0x03cc5850cca5dfdd069e6d3526fce72de086b777248e5246ece4e19667f31749f40a27e49ad4ea3c51cbd32f3cbab575_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13bb5d0780f4aa12e1c05007a6c4f67f43484256919444202ad57fdb13c967780faa17e9a7ea6b3e2d6f4589b09e8ddd_cppui_modular381, - 0x0656d1ef5d8ec8ec2b198fb3c86033fd18fc480756f43aaf8a88e39b844230db5bb785a3c2d02d9f0e18dc90902c6b04_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x09ec91e9f3cba5b818ec629925a7090cfc34b7c9346107cb9a07b55499c2bc573b9c84d954d914af5e81b2ae8252b8f0_cppui_modular381, - 0x0da66aab492dc5aafef10f399e949ca797b94cc1d424e9e66917917b209ca891e66d11d5286caf3b3dbb4ea079ea2a88_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0d36fa8e1b57756031ba096af6fbb22e99b30e1bb428cb440ef864e786be477f21a9191c36affc230e9fda0a7d17b9d0_cppui_modular381, - 0x1354a82cd96022a2473b8f218e3dd3195f54e2a703c0dc69c58358a76ae1eb220711c55399b677dbb583df25bb167c2b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x036b2788dc31357a8c9cbf642120760b5ab8d3253aff9bf6fb4785261ca1d5c7e7e235dea4c002332fa3cf9e2922a51f_cppui_modular381, - 0x121964e53798a19a8e6954d85ec7575343980ddce3003d691fd007c38bb12bdd23ae674b35a539917d0304e73d741b42_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15e49f2b4234214aeec15c58d05b620bd401c4fa1a5a0056fe9d284a21dd6dd43216e72fb34109268995a55435b9b811_cppui_modular381, - 0x057c5970ba87501884835739f9af3612b965f1e896c4e88dd1bb63a318ea4fbd7742eb83c08c789ce945f87a305c814e_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x131ca5515ce5658f28d31fe0affe1711fdf2e2e0e2fc2efd80aeecbf6e09dd06d01fe4c78c305387569e0eacadd1301f_cppui_modular381, - 0x0fc80af454299b5313f6c0e1a6f0de00022f4a8b98b1872f1bed4208146ec9ff182e65ebe3f2bbd9e97e9a8993633927_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x14e72b027c5576502a3a0218b5671aeffafb4d99b5c609cd90a46e2f96d058f1e3c9e4b1c619542a28e7ac8bc472c459_cppui_modular381, - 0x05bb8f0d5c5bb84f43776639bc59c851cf68847ad3496508394d1561d754be3f04b5acb7da2653d3b6c2f28f1b643b28_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x19ab93d470e562494353aed2af8c70d2b08aafc156b1c6e24080879c5b2d69322b34b1a7baf12703efd9c6e9f96097ab_cppui_modular381, - 0x03ad762e493a59e8d3608cad7540dfd3015d44790f1e29946d8978b6ec06bb292d335e5c728c59a40831a7d44422eafb_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16085dc79607d139d810a48c82a977445d4aa65251e9a47ff51d51e05fa3d8ed5626b43afbb0e3218b5bb8b350ffe57d_cppui_modular381, - 0x05885c33ec46d1844f5154d9419c38592b17f8ae4c2d0de36c9d42cdd1cafa29380d148e02aa46e33c124ed572aa0966_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0732e6a4527a2c68a78525cc337794e4d676c7514f3f9dd393f079215a072189b5ad42a1ec400e2259321b6e60eabde1_cppui_modular381, - 0x1422e269997071400763b3e7482ffe2a53b0a5a42f745a9abad0a85df129a21996f09f831c7dc405c50a37eda3939d9a_cppui_modular381, - fq_value_type::one()), - }; - container::accumulation_vector vk_acc_ic(std::forward(vk_ic[0]), - std::vector(vk_ic.begin() + 1, vk_ic.end())); - r1cs_gg_ppzksnark_aggregate_verification_key pvk(vk_alpha_g1, vk_beta_g2, vk_gamma_g2, vk_delta_g2, - vk_acc_ic); - - r1cs_gg_ppzksnark_proof proof0( - G1_value_type( - 0x13dac7f44870025445d816a75cf691b7ceff3a43c749e6330e3276eb8b68fee59d97b5f3ab8b61c222ecb11020372153_cppui_modular381, - 0x11eb5400aa91fa11f3e79aff666e4a2efead41d46672fc58bd6efb3ce3e14ca079b3e8f0a3da237015d99a0e9915e55c_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0fd92267608c708eb20055a068152a3eaf9b49df3e951060b941ff63bf2453be443c86d60f29aee4297c1d24cc53853c_cppui_modular381, - 0x05ea088000f639b762269469b2e9250325c86be0321fd6d1d20f073d0ab2e745ef9ef4b458e739aa7d146248b9af3aa2_cppui_modular381), - fq2_value_type( - 0x070483d78db24a0340143c82b869fd9083b4cd47155a57c3f45438e744b28a50c1abcf84a24abeff727c2f6c62d68184_cppui_modular381, - 0x0766ac1879431ae641b34d0c5c7e989a725cb993b97ef500534a108478b849fef6e9f7461a62a398d38bec273dbd9b1f_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x04ba84bf8d18cea7832ccace14b8182cd363518dd592b2f88325d1d6fa24b61bd7d76c768119426f74e7150afbb6aff4_cppui_modular381, - 0x0f12ddcc76e0b3ef817588c303792add681fe90257e63837530368e6877d5736305744b6ed9621f128703748c23809e7_cppui_modular381, - fq_value_type::one())); - std::vector statement0 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof1( - G1_value_type( - 0x19a43f8dda558f4a60db82edd8b13c34668d99bcc9262abd1a7992c643082453af605e9e0a63b470e05d0ec3177450af_cppui_modular381, - 0x0382858cf155f0849d846b5207cef9cf400961c242ba5dd50f3f3ddc18b7c20c7e775f56630fc3c22e3742ddaf2a6072_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x00ece8a6a94a310d1929e8db3b59fa0eb7690934c525daae7825bd55641cdf5618ec6344259141c4a59955937f2aec33_cppui_modular381, - 0x126f50c73a14638e7e22d510911afad8258fc132eff9f5ea973094d45fa7e26df44055bbfd2f64cd898f7c517260c857_cppui_modular381), - fq2_value_type( - 0x06ea69a39622705bbb6bd886642b677eba34f529548cffb46674fef54dea0afe177eee72fc73f70b587aeaf54850c08a_cppui_modular381, - 0x0be1e1d6100c1ca38d94961bb48b018a05b01ee10e3dc11ac6f8d526da5f26c8a1457ef0850d99f75c94b0f74658c0eb_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x08216f93edf127d450129c6da0ef4c34fa5b29928f9da0522189f5d113b2196dbbb1011bbcce0b2cd06e2d4882b9c4a9_cppui_modular381, - 0x0004fe1f2f409e9c7586e6b0ea9af02c5160a7877fcf9eb677a9afd759a1c59f6173c5ae327af9bde42f0a63fa269dc6_cppui_modular381, - fq_value_type::one())); - std::vector statement1 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof2( - G1_value_type( - 0x10e2e117f5d0e0b0a8c50a194121c1cedeb4e05c4c7984032d0faf1db007360989312b52db73a0de165a3100d4d06ac1_cppui_modular381, - 0x0a74c846d1b849d693bd2e8c3a5ab7fe3998b3c8677fbd56b4940bb50ca80ac9883a3ccc7b58ed177710e79009940f3a_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12edc68562cd4a7c351c1cf3ebbb35f204c8d4f7e491535fcf82a8ed0ba05146e8e32a6a4ad65839a6abc7e8fb979b88_cppui_modular381, - 0x165e9341256950a17da3541eafeee06cabb4d6a95782fc1d9a01b3da945a6e40022dff8d571bef682e19420db50b1d4e_cppui_modular381), - fq2_value_type( - 0x13fe56f562a5677f4c23b93ca221adde3cb4f19199fb7c9a24b4d48466920184e9714ef9b20adab97bce9d4d58ada78b_cppui_modular381, - 0x07f5b89ad04d0b7ac5ab497a58066dc50c6990863ad234cee79b5b0217533f79c3da18981503de59eb205315507fa848_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0e718446d244ccd4514e64f98b2a8ccde8124a686d9f489b771cfbf60f19db43e7ad6d6f916878c842bea4eb9c7c2ef1_cppui_modular381, - 0x024471468db54f72a61348bd887e13407f42617d7c3bed8d3d8c6dba3e92c899a5867690a8c944e2306134aec7df37a3_cppui_modular381, - fq_value_type::one())); - std::vector statement2 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof3( - G1_value_type( - 0x184ea507b7d84429b047921dbc1f167d57cde86343b098637248fa6b9468093dd10caac84b4b7c65e96b21b76965837a_cppui_modular381, - 0x06647a340eb73e29d2c806f57520b5df2eb8ffa4065afcf3c3bd4094365968af15143ce1afca2c14c6c72cf576461f76_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x19455a20edc11ad12bf05785a20927cbb6ced5d994182f3f1ef3d5dd1761ac40db62976ffd8c445b23928dc4003f2310_cppui_modular381, - 0x04c080ec3527e90b22e37051be239544d99eb3b91e81d3a3303c72b1ae63fe46c3016b261e0900e866ee8c48402f8989_cppui_modular381), - fq2_value_type( - 0x198af500c968b721f40450c165f9775ac632a3bdb626a5e3fe1ab381475c49cb950aff85b861f37b5e35990dc05b90fc_cppui_modular381, - 0x108e243685a29bc6bb6af53ecf483d1a6d0068df6e84028a53489e4d55ca0c3239e097ab4229fd9f4d11ce9d3aed8008_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0f2464c5d9dd74babcb8985210df727593ac622745c78e53321e16ce60c73658502baeec77c5e75b2632ec9d9292725d_cppui_modular381, - 0x104a076f63f0855047fb71d45587297d0233a04eb20a6a2d3e90906e63daebf1f410a2c62e6ccdbb7ebe0c05cee1b59f_cppui_modular381, - fq_value_type::one())); - std::vector statement3 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof4( - G1_value_type( - 0x17f36c1c6ae991a5e3c7ba129b6e49eed8776c29469394afc76e19ae9b926b1c63d67d7c05cd6852f2a9eb5cb5f26f55_cppui_modular381, - 0x045081c8b18cf7cf0875f37352c7ed583b8205fb11f07e9b4a9581e04e1f1e935e10ea968b00684a0c99f8e5ccd6e830_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x126cdca0cf7d3ae9ed4fe538df8bb1ba9669899fd4a822e377682354490e7146ed474ccb96ac6095e060245f6009e489_cppui_modular381, - 0x0747fa48f440255068bc724e3096cc570f23da12e8510f30b61ebe9b3d2f7658cacb471365815d2a2c07de09b9c51a14_cppui_modular381), - fq2_value_type( - 0x08a483e832b9e1d0f4fb70b8cf027b640e503d09fc39b730b87007f6b0eac51f56a5c323e4703ec2d2b38101eddca085_cppui_modular381, - 0x0c722ebbdf18a7a8974d3ae2e8fba991b77ffe15814061f80fba34cce803c411a1c134c9bada856c7018b96a8985636b_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x18c7b7f92e57efa6c0712e2b47e9893b639757b09c12057fb93a48068dc95f55eb4b4246cda0f9234f86db1062637530_cppui_modular381, - 0x01f20a6681a1ec639e6ec280a35f274f859e5df114635d5da68b05f12d0d556036d4fae1c478a37f3f9369309a5d3702_cppui_modular381, - fq_value_type::one())); - std::vector statement4 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof5( - G1_value_type( - 0x1770723fb3ae99fecc9a3ff8e1e437c9e02b905cb8436ae822b737d246d5132f8c0b60d5fdb07b6a463b38e3931af491_cppui_modular381, - 0x091f4b72e0063c4e6d688dd2674f412e08c98bc4a835220ed05cc3bd87231deef9568eceb2db63931c4978d742a23c65_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0654542ab14023b03bdab2bd94d894a8cbf3f35638ab47b1c7efaac8220d75993397d73259ade10f1dc732b277afdcdc_cppui_modular381, - 0x17a7e225a880d2fbf279e1e4a137867991b8cce2e1ab8879585c22f385f39d4fdca864d894ed45ea6d6bc1adefa6b2e1_cppui_modular381), - fq2_value_type( - 0x14f53e605e54d056b613723c6caa224df7260abf012d085dbc5fc097a4c9721f578efdd8a8f0b552755adc31251232c5_cppui_modular381, - 0x136d84270ba8b2b952196f4c25a3f2554e38a75fdd93331db085a6fe7060ef1b5ea7e55ac4b4f97626b1aff465223622_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0edb772cfa3d59051b51a9da9fffbb451c3d3b3383748f5ea3d132bbeb835b3c74616990142c5972ac074dc1f1f1d2c4_cppui_modular381, - 0x0cbe6b7d7fb2cd86370f609c1c220fd42505fbcb2f30b33fb65ce2319a5d76a522fbbebf2a3b088ed24287ce0f520be7_cppui_modular381, - fq_value_type::one())); - std::vector statement5 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof6( - G1_value_type( - 0x13969ab74ceabd253d6345fa7e49386b1e82ed9214a5c2d3725ff55c36ebf7ab9e7fca7ed0d420bd556edd53a5088989_cppui_modular381, - 0x031231ee5ed0a3a0fd0ce384f564fe5bc8ed7fa156e7a9a642855ced86b4dfc1c91b38d317ca852beba4912497b1fb51_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x031dcd7b08df20c93474b3883aa42b4e7921055a5c17263af57bb7661f0a9dd438f650a59b1e81e13fff0ac3714ee3d4_cppui_modular381, - 0x15203fb4fec67ce68cb87116def30b84a7d7d8a9f15583f878e7657e907a91c7a13704c0e32d005a31544b6a67be3779_cppui_modular381), - fq2_value_type( - 0x01e43c896ff6f2cd3d6d57709d8c8cea581163fd68728cb1339f3e74a289852f257ca7b05916b947e7f98917565f6abc_cppui_modular381, - 0x025651e5d33a8ce6bf08e4fb2845611e9d6930871774ab64040f648696bf7caaf5afd5570f0da8c77be06c9d50b9a9c0_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x06aec97a6923f181b083a9c2a44580ae2114c63ccfd911e8a6d7d6bc5e299aff31f5e631156746314a0a80d71694ee98_cppui_modular381, - 0x06e63fc9d146bea9c62af2dedee947eefa5eabe8fd5ef63e64b5e860102482f170db30e6dfe6e0f53ef02f5a9937d5d4_cppui_modular381, - fq_value_type::one())); - std::vector statement6 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - r1cs_gg_ppzksnark_proof proof7( - G1_value_type( - 0x0838dd40f3792d967ed840c60b51162d4c0c745aa953075117dc07444262617e9fd58cad4595036d5b815d87ffe287b2_cppui_modular381, - 0x058fad8c362ca1f416b7f13329782eed775868ad9724f1f312d60a3fc5469964fabf1b6fa85cdb266de14002074cfe11_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x16ca9728c4dc860c70a9907823ec600c70a6aad0e7e58a97ff5548d6c0c28e0be6d2b32a9a11a5effc6a6664ae729a78_cppui_modular381, - 0x0640ca9dff5a2f611f6375745b51db9d15d1379bba2ece7cb958f04bb330e75f537922c9f6bbaaed51eea279f2256225_cppui_modular381), - fq2_value_type( - 0x130914c2436684cb13844d4abe4c3ee721abefa16608a0b6950de5f01d5b1b84181b94bbf2d50fceada7a034911858c0_cppui_modular381, - 0x016a4e0c35de9ba5097a643861d02e33c24d016ed38695e8be69c8c342808938b8177fae45b46d1233ec5ebc86eb35fc_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x08acfba9b2913a24c3f421c794dbf100fae344c9da1a790c9212021d20ae1002c750917c42e5e8cfea24a5c7345ae96d_cppui_modular381, - 0x0c527ce8192336834bab92a8d7963aa2f504cf86de24c29aaed66d1682c8a74a93ada21545debffc25dc09372999713b_cppui_modular381, - fq_value_type::one())); - std::vector statement7 = { - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000000004_cppui_modular255, - 0x0000000000000000000000000000000000000000000000000000000000300000_cppui_modular255, - }; - std::vector> proofs { - proof0, proof1, proof2, proof3, proof4, proof5, proof6, proof7, - }; - std::vector> statements { - statement0, statement1, statement2, statement3, statement4, statement5, statement6, statement7, - }; - std::vector tr_include {1, 2, 3}; - - // r1cs_gg_ppzksnark_aggregate_proof agg_proof = - // aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - auto agg_proof = - prove>(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - - fq12_value_type ip_ab = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x15252e258c8a254162aa0713bb76b78dceb590bd54a222c5cad3d0a13adf93d45be071beae8f4caa66e27bb7343e2c00_cppui_modular381, - 0x0d56df5892c84ad3ed483859d6afcf28338975350084beee6d20256ab57d492b8abad9b73d2ae776995589c6646f0b00_cppui_modular381), - fq2_value_type( - 0x18370c4988d1f03c331c0186eb562f3d21bd3c60a06aba6e7129ca07cf0ceb586ebc949aa2f4653e3407e0017b0d93f2_cppui_modular381, - 0x08d3f06b80b77a84ca89f28901a46f533012d6ceab10a312a907d251c60cb62bfe8c62bbff5beeab08d706952e80e315_cppui_modular381), - fq2_value_type( - 0x0fa1557f82f9759e5d09122f5397f04f84923bfae26c553de3d597aeba214588ffc209f2105868a91beaeadf5a139ae7_cppui_modular381, - 0x00d441c1b438714a40c0ef990976ffbdd35041b4f5f1b19b71ef1b27655fc6ee2d2308ea954e6d5fc52e3658da1b4b57_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0bb9debb1f46a12857b5ee200dee7fb1407dc46f0b6f2033003471ec5a374a70c2b829d37967fe64016ae52c40e29f6a_cppui_modular381, - 0x1120eafcbc20a2197ba3a72c1e45fbf439b388b589a14df2e72e396ac7dd587ea6c7ca5e0c92823be3c6a9ef07d25bf2_cppui_modular381), - fq2_value_type( - 0x0d0351b20e3e456163078dc71d00871c03e8a1f8aaeae4ca9e5a84892654253178619a9117d27e8f4489ce50c8006fc8_cppui_modular381, - 0x01645839c061ab603b6f2986dabc01f34703c51d7665dc049de32cb9edc3d19c4c6bba61f5bd9e547338314f48d23771_cppui_modular381), - fq2_value_type( - 0x1790f2b2540fee819d211e539d7680e7aeab3a9cf83a562f496fa951ed8e2d5bfb597c7e952cd5d549b2b768e3785f1d_cppui_modular381, - 0x14f7b9db7a10270ce2462e8b44f4b1688ff2cdee66c35b4013746a87a15a41945fc0ed72c2e0b886d05f93c8e04b97f2_cppui_modular381))); - G1_value_type agg_c = G1_value_type( - 0x04dcf2ded167d1b951bc10d1c4a15aa6f9b0cf228e44e197a9f0a588703241175006b04680d99d271c09c14d754ff5fb_cppui_modular381, - 0x010185ed049608e00f66fe27230967cab64aad05e7488cd5a46bc581b159488af6c711d4b9ce85f7ddc1a9b43cc611a6_cppui_modular381, - fq_value_type::one()); - std::size_t gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x13091d70ceb2c2901145ecb1342d954a96e2c05d3c952ce775768645e709ab46fd821b5d8cc61402750307423aead6cd_cppui_modular381, - 0x0546adcae5fbf133379902abcf64a45ba4ba32c9ba315dc7549a385d7557d3e1fdcfc250b457a69471a70054ea6a5157_cppui_modular381), - fq2_value_type( - 0x02c3ea9f0a071e62ac2b88251b553a4fdacd0386192dc82653498719ea7f2c47c10e6c500f845d6e49c6faafefbb8f58_cppui_modular381, - 0x02a5f3c7da7f364d5359626d7c91119654b3ceebbef6cb36799efa698ce5d28b223b5f771168194150ee2958b975bfbe_cppui_modular381), - fq2_value_type( - 0x1648bbcbac0518c6305fd738841902786179a98b93bda72978255bc58938ab43c49cbc3fa9587631196633f66830c02d_cppui_modular381, - 0x0acf83e424bf4792962b87067bd29d97c1b6abb53e2633d51dfbb86924de8080ebd1f4b852e7a4c08db06debeb1a0279_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x16d4c9818e0861650aff4041e78088bfaccbd67900a020e03c525ffe2caa69d9b387d8a08ad47899588079e34012b50c_cppui_modular381, - 0x11dbe1269397900f0e7eb64160817bd96cf7ca4dcd2c2615b38b10e79c4168d511db4113984417f3ccefeab868c061af_cppui_modular381), - fq2_value_type( - 0x167296f59ac1d4be32d7febae0f261cf4f95588891df8008faec834f028eb6ef75ebba3c0e778522b45b7e3a4c1ba656_cppui_modular381, - 0x0e31ffcc2f2d317a0c84e7aeb2a9f2f507a5bc398cc8536d3bbdbd0c489c938e88414b0b30e7477cd6bbc57be899754b_cppui_modular381), - fq2_value_type( - 0x01921fdd165f2d604dd9126dc6859f513014445cd17bf5a4ca35c65fbe22ab8fd5f1358e60e78e367c114df6f56decf1_cppui_modular381, - 0x02c83df2a4fad2f0bd457a524e636a4bb40229ddbae30c5017c4a496424d4263f30ef3f96e9bdbdb8584de2b25097db1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0afe248b9bb700cc566caa87c4e80f2ba98e288a924ad4553b009a77f0e72daa108a91293a23781ca95eaac4befa9ab7_cppui_modular381, - 0x1016af82da70c56cc28b332c3d7e96ab05e1a3c910c17f9154c3ccf5f1ac0e3312f81f58cd40b5441f67dbbfe58943a1_cppui_modular381), - fq2_value_type( - 0x0d760206eb007d7c70fbd5bc0f29de6b85497f1b468ede2a078c81faf8ec961232442e550ec8f09f62e407504c123e2c_cppui_modular381, - 0x100b864328cae15ed7f68f8f7f1e312d116293479c8b69298f31fc1478f232be54b819e15f371c4550b7b77d599e19c0_cppui_modular381), - fq2_value_type( - 0x15e012d1ad37933394e6cae1d3ad4376e12d2ccd0dcf2a01da15fc75bdd559586894e3486932d5c718cc9ab3b0174f19_cppui_modular381, - 0x09c35cf86db16062af544a3980aab2bb5a85f7123306188c32214d231ec69c71c12c9b3f0f3478a8cad53c22ab06f9f8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x041ea2166a96ae447336287c94a6c33ae1b6a8a94a7f7a4abbdebacec447620bf6f85fa50556cf52665cdf30ab30e825_cppui_modular381, - 0x089ee10c52ec4f7256076f5dd865c5b7de2adab17377d2564bb5ede1efcfb33a6c22662eac51eb02cc946f2219ffb5e8_cppui_modular381), - fq2_value_type( - 0x04d79103c67e812fdcaa5e348afaf5c9d6588e087db842dc75e16a910dd3fb39d50bc46b1ac07f1716fc7937703da9c2_cppui_modular381, - 0x12d45499d5288837419e95a22aa015dc8bd26aa1a91e3cb825feb1b98dd9a6d921572fd25b33c3f93bf81579b74b3690_cppui_modular381), - fq2_value_type( - 0x0807a6dffe07f268d70f55d7d9a9a9ad13019d46935af00aa00e3b391d8fa003cb606adb4c80f9a07d8c82d19e7a56da_cppui_modular381, - 0x0035396ff8113f52c6aaf71f8321a8ef6e07ae85675b819ca8581f2668a19abc954b08eb5795eaede8060f8387938900_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0738baf0101e602caadb09708668dda040abe458ec040c31ec8ed63308dd22a3f8b8c7d4452b1ad27593a0b053c589e4_cppui_modular381, - 0x0c7245f72fd0fdb9b4bd3a2ed14ec285d43e9289d239811c40b026d53b453296d7da0fda56618dc0b1e3891340887779_cppui_modular381), - fq2_value_type( - 0x013df249fa027600707ebe4b5bba95f2ca4e177218fb15292d81b8c1a35a75a40832d7508b78f99da1608b8d0fed5e9d_cppui_modular381, - 0x071707c005e6cca4ca6dd8d27a5ddd673cb5a34f9d25991047e399ed94654e8d5c18335fa430c23965578833662fa8ab_cppui_modular381), - fq2_value_type( - 0x1078257df06c9597bf058babaeec318f3b98c475180de46103e4e5a61bd11c10315cf46450a2eb2a6347d996aed22087_cppui_modular381, - 0x140bbad1222271b3069448bb11c5c5d872b1ba874c47e96e22e520f9a4053b848654b8aefd3bbfc842634cb9a1dcf804_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x08af54936eb856de0d785123ea2bad5ef0e35b9872ed23deb69fd7f1311ece79f49ff4be3e2b3e1c1962d94ae95ac2f3_cppui_modular381, - 0x1945e657f32145ef5412d3c375f3afa3c816ea319407a7917582165d8d3981e6be1922c661eb93d4e4d664c9513f1394_cppui_modular381), - fq2_value_type( - 0x00f29356d9f2fdb7d88ac466dc7b4fc566853f100ba905b4f1219a17904bfbd487015b4073c8af81fe2dd34b1d3af885_cppui_modular381, - 0x0bc5fb7b6de53e2a8a225a1c253ded5fd1d3f3c08bb915d503b1e6af7a5d2a19016c817ea897999e28b9ef8093539297_cppui_modular381), - fq2_value_type( - 0x082c2f5570da3bd8e5053c48398fc92970d5281ab70a772c8a0c460e329640b71e406ca067aa9e717471d016a5d573de_cppui_modular381, - 0x04a05065c01db76ec132046115798dad8984fc7d1bba1f0fe82c353ed8f7853a753ad7df9b1f9e7300f33ae2d8b6bb31_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x009768689b88e6107799b48e906156569610ef751b74d64f1d6d8d537d8344d7e4cea4c269376ea2363f94e21340ec29_cppui_modular381, - 0x15cab72faa784a4b4ecf7f84593748bd4671fdda6ff1e2a9e8c447ae9bde2ebbd089e5b174e6913c226f12fdddeb8c4c_cppui_modular381), - fq2_value_type( - 0x0e588b08b331beaadd6afc54242ce9e7712268ac886037e87847fd919b92d8c7834f19438829278dfadb1279fe82000d_cppui_modular381, - 0x0e645c6e86aaab1397cbf3c614a57371161ece8cd9d01aff3cd7aa4e917aedf758cafadde4525c0259957c04db0c2cc2_cppui_modular381), - fq2_value_type( - 0x173baa189f6ea98a1a0d8483462cd4a34777545f9575c693d25277a4c663779dd55becca6e57f48b2ffc8553ab9fe79e_cppui_modular381, - 0x0f2a437a44bdd64bb9e9b87e8d16a3d99e5a3cb0c82e508cc46094a37e2d82c3eadd79b446c241857357d8744d2ec79d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x15d439f18b7b24da43834640cdd75e5d29b9b97dc3494a454390b29884b780c4d53757ac557f76b9fac22c086dc7378e_cppui_modular381, - 0x0d9668854faa9becf78ded5159d863a416d1dd69f5b78b27f5be182fba0298bdc59fad64c10971d38cea238984ef1c60_cppui_modular381), - fq2_value_type( - 0x15abd3550400968c3a307bb94650400b98da0857793bebfb216594411c207f3fe5f124274b3ddeede427e6f91e366c96_cppui_modular381, - 0x0bf1d69b218c60a0b5f195da1b59fdd4748c0f08de3c8a6513ab8cdf120496e7c7effcf3e9236a7b67e17ef3a2366a72_cppui_modular381), - fq2_value_type( - 0x0001bd08cb55c7b178c05399b7b438af900b98bc64f9b7f0ea32f6a6e9c094938407c248b4817a6c2fb15c9774907fd9_cppui_modular381, - 0x18e9444a03b8c432647d60c7efb1355143eb92b87c293619d5dc6814b1b3ff81ff0b5735aa216ecc0d086d7a2f55a46c_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x06584a5c6d20e0af83af47d3bd49dc8966031c1a5ab6e8c8fc861f1b55902f7718eff9235cb16c37fee22e552ba2f46a_cppui_modular381, 0x128b676ae705745d4b0bf3540de1ef1284fc36b3cbb67290160555e054e46ce7d8948e47fb20fa6e56a4f75f8fcf74b9_cppui_modular381), fq2_value_type(0x02bb70cf0812e8c97f2b09bfadb650dc133b0ea651a64eb5a7eab09ea4efa900300f45a2d5cead5d9596006b21a88157_cppui_modular381, 0x0b129d9c8c5f1103fc1541b51c2e6c056e98fbf9101e866c934b0de6c410683ba8a98ab4ea43765e5c5362688260b0cf_cppui_modular381), fq2_value_type(0x196740eca7c5347b841afe46f06a1a45b8810d1e680485d4507cc7f80eee80a05b814af337839eaec5ccf4bec0798456_cppui_modular381, 0x0ef60cfbe532b6d2b201de82de106d7fd4b808f30442a65230420031cd7411ce9ff39f76005ced3db3d2a3a6f44e2f48_cppui_modular381)), fq6_value_type(fq2_value_type(0x198e2fa9c90091d1ca5406f562294fe3a0b9e5990f5bb498f028b321620611f0f1be25203c1ddbb24d560f40779dd469_cppui_modular381, - 0x15756a219430399125e54b7aaeceaf0d4b976f2988b2c0e6f576e9f3c7b7f7c341a68097090f0cf83cfd0d86c9d350e3_cppui_modular381), - fq2_value_type( - 0x154dc2874939ae724c102c6ae28c2e3a866a180f8c02ceee88f2905e043aa3d03c32e27e66d1a229473db8ecf69457e1_cppui_modular381, 0x067b240560afb3e45c8463e9f927f1277cb75390330e7f5930f984e20f8648ca89190ab6035c0e2de27f7734b6cb4a37_cppui_modular381), - fq2_value_type(0x1759e945d499a7899dfe6c47a1212562c0e0c6c95aed3ab961eb249690504de98bdf93197bf37bc91a1f5e7c87609d52_cppui_modular381, - 0x02ee70dff2d1ef493ec3e7fbecc4fcbaac3144a1de34accf304ae8acd18d10bfd3e5e3166d9afb6f041310b6595713b0_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x199caae90d77298fa58a6948b3444b03a96f0cff25c86325930dd2df85d74b87843b1e7cc56698d8e4f1b60a6ea643b4_cppui_modular381, 0x1494a4c52337211aaa590365d23c7f6409b88218d3c926cc89405ae6ebc6baa064479efe6afa705c743fa5c485a1c4ab_cppui_modular381), fq2_value_type(0x16899e194a101c774948f3c5a2bc74c6238071ff6ecf84f9d284a110b7e0a6531b2dccfa01450d48215e6565557e2e03_cppui_modular381, 0x0d171d6dc9db50c39bf770d39fcbee178d3e6cc72b976f97311491144cdf901a5c59dc074baa40fc163d8611cf090e3e_cppui_modular381), fq2_value_type(0x104297fea3b547c24beb6f0efe1852ad06d1dffe1fc617dfe36ac8f038f87d98bda0ccba7118dd2a961c145c4a8fe1a3_cppui_modular381, 0x038aa53fb6a88a9311b69f09c0af2b90d13f9e23922d49414639f9f0b2a65d21ff3e5a971ca009ed8d91c14f14823593_cppui_modular381)), - fq6_value_type(fq2_value_type(0x10f99c01f6769b135c6908371ecb5b63710c965d3abd21d5d63368b9f927bcd88b6fcd796feeca9a27a9c7fec5581cc0_cppui_modular381, - 0x120372109a8d121c2138c40940755a1122acf3e493bc6db34ccbf6e97bb6e9c6c35987c6aa5bb74e84c2abd54485d059_cppui_modular381), - fq2_value_type(0x07bf602d1fc28109c15692160108d4f2c9253e69b176562322e1ac7dda39c55de17a5da4bb88b30ac668fbf461217161_cppui_modular381, - 0x1809201ae5a2cce3ef23b791bdcffffeeb6871e2296254c79306c6c7f1d4174135cd8cb694d2fead2f88ee2031927ef8_cppui_modular381), - fq2_value_type( - 0x0c083963e96ccb03923a53eefc1db6adf6bfc0c92cc8657ea0b1c3dfb21cd5722cf762620f68edf2cb1d29236c4f90a8_cppui_modular381, - 0x10ef87bcbfde5af702ff8928b2d8bb656b590b8d1acaa89a14bc9b4c5d9000fe40af12b2e83d9ae7e8c78e0576cd2f1b_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x0af0e92e574de68843324051b1d701f0cb170c6e03e390d6e9f6dff60ce40df61519629af63027c6eb2b4a6a5e36cbe8_cppui_modular381, 0x003f9c06fb1baa84ea2c28b0f3c8aaf34a517273dbd1784a90b3e1ffee88a3f43451bad392a7bd5737497e1a87f9dec7_cppui_modular381), fq2_value_type(0x139f114c7fc292108d53441f4bafce07cad4150f105c4e88745b9fbce18318ea0a31665cf2ba53fac2a29a0d8c5bf854_cppui_modular381, 0x0a298792082e4500a3f852564930d0ca2e91ceed3fa806ed53f3518c475d76e3b5f4827cdb723dd620829716f7a31829_cppui_modular381), - fq2_value_type( - 0x1322c120e44df964b1244d2b12cf65208f1050e81d0ef743f68b50eea7213c31619b20e7ebfc782721ec0d0a25ffb6bc_cppui_modular381, - 0x1655f0bacbfb0c9fdb6fd33362f146a23cee22d2146e4b794d139f4e4c3ca17fe9aef6520c8e5a6dd9accd5b3a5c49d3_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x14202be4f536a233ef085d72287fd18be6a8c21413b2e7565b39e1745699de70db205f9e435bc16e22264c2487eaa5f8_cppui_modular381, - 0x09f337217faaa4ac49c5f13bb6c0f495261aebd9c3a6be4a1cf4b4e2544e5097e5c1fa6cadce98c044a2a50e31a36586_cppui_modular381), - fq2_value_type( - 0x11d89c77ece239c72f4582bd8a3cadda647d28a4390e281f6333869a733be304e6404c1eeebb9c510321aea854a5eea6_cppui_modular381, - 0x0425b0f614c67bee580a358b17330fd9f4383be69efa79fc4ddc62d47220ec9ef89ca2537d5c6334f7d50aa6c86f6819_cppui_modular381), - fq2_value_type( - 0x0ffc20aba78fa6c638ba31f9fe44126202fd37dece3598c85680c7b7b8a87c4921f99a70d0f595725433d17e74bc11ed_cppui_modular381, - 0x0e33dcc151a12aa89d179d5b79eecce5f624b7bc4ab63afa1ff8957afec17ebfc756f71136279c18b1058b4d7afb12ce_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x154031ce4bdf117de9d46d75a4886f1745d74bd0b7c9f4fa651b56471a1f0d97ad1edfd9f8eea426eb17c2c8d7deed45_cppui_modular381, - 0x16d75b56249ea949dc59438b063b1bc6a12f5fc03d9997e0e02bfb6b8c400557e723bd5e57fb78802c606ee4a448e832_cppui_modular381), - fq2_value_type( - 0x15a9eda509a1ff96507bf24d154ad52c2bace12f3f48ae6b2ea834741bb8bce5f24237c5f2c2e4e70ec7de0c40c6f77b_cppui_modular381, - 0x0fa8d7899ad29e706e5074e05a904c2783bfd804bdc531bbda7ad68b47bf3ce77c216c2761425fadbf1716a699e9e99e_cppui_modular381), - fq2_value_type( - 0x016c3df57b100288f04627e9f3ed8855daf60e70da2e2e1a17889c24a27befbbd0881eb482fadf11703d94a1678d598c_cppui_modular381, - 0x159abda015a758d22cd05f5b020e6fa44aa05fad71bcd54910356b196402db558d2ba98ff13987d3d7e191a4d4be511c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1515a5a45a3e4d523d1ba9ca173f562b7911052f1014eea2e4a656bad2290e04b2f2a8747085819ca6d9f093f79f1a40_cppui_modular381, - 0x04cc8a33bb550608a64c67fc6f3a989d723e305af6965e919a6f74db260902dd01679c76c982303031a8e5a6504b8990_cppui_modular381), - fq2_value_type( - 0x1347150944ff18f8f1458264fec476300463df235cbbaf849aab64f0e45a42acd7d6be55fee6a7f440e272a096b9c941_cppui_modular381, - 0x0fea7ffb7e3fe1e7f1ffdc1a54308ec1800f85bae62e09af72a3b254fa5b0ebd5573add843d476df9649209337ba2342_cppui_modular381), - fq2_value_type( - 0x0feec2d5e01b904567d3fd849f75a5fcd88599667a4f6fb9feabc62d8780af6c43867e7f93fc6828d5f91bd150f3c87f_cppui_modular381, - 0x0d6f5112ec236a822618f3bb097ac2a6b601656710137494c9b80490fc0af3972f2ffde0e53e8dd90cb28d766ff2373e_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x044ceaa25c3328472ccf4f55841bd07a847043f68e72e362347d02aec4aa85753184b79c5b8e2ccac3ea116b40a154e1_cppui_modular381, - 0x1276606e95633e39f83c6152a756ca2ccc4d2634155b411d9b1cadfb2b7d0b4d2c3aa33681030d67881f6de6b053b1fb_cppui_modular381), - fq2_value_type( - 0x00446da6836a3103d7ba66e17e743c67c9fee20ad5f0b54f1026c50c4086b5e8a1a1bec8da6c1acb55a7d5663600d07e_cppui_modular381, - 0x089a231238147f063179c1407c92e4d30c37082badbdc4641e749505c0cfd44a96a0721231b2729921d45566927c3132_cppui_modular381), - fq2_value_type( - 0x0100de2369ebe5a29708d6daff191c853f65b7b7d8b715d17fc8d05ecd85fadcff900cc6dafe315f354ad4fe86664ed6_cppui_modular381, - 0x06f980b2abc16964345c23016efe9a0d5b902d5dd2c6c911d50ba338f41012e35d64667b10a9468a187b879c8b76bc7c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0296f1c792f68f61e77a7d55572e8b64bd13083d9f8970dd3355e2940787bfa4331c7057ea2c9863357d49679f61bc71_cppui_modular381, - 0x11cb86de82463894d5e7ce5536473db8acfc596085cf85c298cbd7bbd3795d9499af8b52ad71086d1893606c13699f91_cppui_modular381), - fq2_value_type( - 0x0e4eb9715728514a28a9123c96b23483a523fb0956aac97262fe327b6b19adefd2ccc2083434aa0c9b507ec72c691a12_cppui_modular381, - 0x09fc27fd3dc1296ecc07614200be0afd77a26f50270f64d534fb4a429a23d05caa818408a329cb25adbdf0a7e6d2b148_cppui_modular381), - fq2_value_type( - 0x183f4008b7c9bec94ce4b8c0719bcc1471db5f1073a0b9b607ea808380aeb54655c0bf083edbaf6d0b2c169ef41d0ffe_cppui_modular381, - 0x0fcbe0415ebf79e45f5dfbe4ccec9771c1067eef60c1e7e4e760c9eb0c9d8a5b9a20ca2a0722ce8f990ee8eebc5204c0_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x17daf739b73b404894b845d40e1d6831d71e39643ee778996b7a3cc37c607544d04caf29173e790191729753db4e4d54_cppui_modular381, 0x062f708b0341fab4429ce3fab361e95693beac585ba2962531809cd7dca1e894a49e3fb178ac85fc3c48c09d53d26a38_cppui_modular381), fq2_value_type(0x0aa322168abbd4051032ebf60fd3ebed1615bb38df7fffcdadc492be85c543eef88261682193246c7a390f2289fe3e73_cppui_modular381, 0x1889bccb1a2272e6f0687600ec46f62a1f696058d91fe8cdd3bbdb2630e58319e8c1ca96c49434b082c2ce0c1d476f29_cppui_modular381), fq2_value_type(0x08aacac980e86f5a6b23cac5c2aa6d6050e7ad9eb52a9b8aefa1a1aff5adaff1a78938d7e6810f201a398ec2a48cbe2b_cppui_modular381, 0x16a677791e7515b77710b80aef18927dcd826a44dca508f03154095049acab12b1d0cc069e98c6acda31f4dd13d34674_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x066454606a954a3c3b15bd4279adf004c462feb3f2f88eacb175ce1e1e18264f23e77bc1bb1e28a444b2e4cda7833451_cppui_modular381, - 0x096b3539fb4f08e948afc398f6b4174a1f92a6614a2089678416083c77e7f618cbd8389de670b22d26183528612f009e_cppui_modular381), - fq2_value_type(0x013da953bd3edb1bfc80847d7679cd7ff54f56393b2f50dabb3b8f9d997434dabdcec38ac0f7e92a7e8ddc985bdf1d55_cppui_modular381, - 0x08c88cd22ae99a9af6fd05c5863995b7aef8858cb0b59920d946d0bcf13673a96a178c57e2a9e556623fc239e5c54e5c_cppui_modular381), - fq2_value_type(0x1768be79c1cf4156cf950401d20cbb507b3586e18e4c168149ce78787eced3fba5b9f8afc07ce439c70b9e77f79df945_cppui_modular381, - 0x0ad4a3c6303b74cb15018ef61c0dcc5e7770812df865d37fd7e957ecfada77d4b0165201309a60affd8bc6d77d0e939b_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x094c04de2a8351e801459f65d8c97d7ea94cf4ad67fcba80082aaf9fb12dca1435717c0e0300f14aa773efbe6e5fffb9_cppui_modular381, 0x1961a7b961ba4a0ef226ea083b6970e09d589dc2026645e1eb18b48a12d528b468633b33fbd34b7953d55a38f6e8a15b_cppui_modular381), fq2_value_type(0x1811a498a3f949fd9327a3445db7bf19cdcf448feb599e5c5dd23d5f946a5f6178abb231d1a9dc51c30d07e7c45e1896_cppui_modular381, 0x002022d9c084dac31c2040666a5817d17638be6d015096a488f33ce7c4b07fa7192f6b4ca1eb442ef6e9ef6d1e5c4570_cppui_modular381), - fq2_value_type( - 0x0c79a244305fee7a046cb8bc68ecf3b6c309d686acdf6fe72edb44b3ba341fd46cfd008864a6a44d9a8b69a2801974d2_cppui_modular381, - 0x07b65699836d57232a00cc6144058e24f80caea061cbded34e90469935f3e2892855dd58f9dd943c25f93dd6738cb562_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x03a36bcf8132b7714ab14044be8a3e29a25ae79552d38f290a31cbdf57327228459079d25151219b08151bd2a739d066_cppui_modular381, - 0x18cad32f0f640ba3a48788aac850f02b4d81c51e1854ab2d5c805f5315f7d745af07c75a76805645e2365e6e5893352f_cppui_modular381), - fq2_value_type( - 0x07f5730b8a2b909bc7b70d9615c3928e9a6a5f3696116437a6742cbaec4c81fb609971b848b79daf085811734d69a49c_cppui_modular381, - 0x0f15c36bf7766413d2801e3726fadf0610e3359a6bccb5aaa6d40ba66b333737071ad044828f10a78feed196e0d9dee4_cppui_modular381), - fq2_value_type( - 0x0364a2e361136f7b3c57982ef96a443026d8b62243b42bec6600750b75a22baf5cca57fb7c0f855874c8caad7c6714aa_cppui_modular381, - 0x08c3ee8d7080d19d87ca49424f644ed620e31e47d5b7867252421740a3f7740c2f3b84b281482c64d75583ba7ae1e512_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18873237a5ed21cac97d93162f22444c28a795652b1e5bb676cf4f5c4d85cb28f40c9f8486fef24a1ef8ad22eeb96012_cppui_modular381, - 0x0ce4080dfcbbe663677838889f6a7e9676f5331c5f5a22b4479d2f6cec9404f9d377cffecf6c2b415bebfbc3bd15a297_cppui_modular381), - fq2_value_type( - 0x00ae5e1e9a7baf6decc11f0762cad8b03edae65343205f07b3e73f0227417fa184eb5b799a524fc24dc0a881aaa004a9_cppui_modular381, - 0x1655cfc8084c9f9a460b52b1c062e08d99a0d99e59df69734591ffb0e4924d283892220f25b86c20982be11b1494afae_cppui_modular381), - fq2_value_type( - 0x01420dd09785b2bbbda21d0ad66e70260a16a647be0bc0584718855ddbec6f67c8a415981d7d834f699c2c5447babd6e_cppui_modular381, - 0x0bfa596b2b5685cdaba67ed3b8a0bfeaa1da01ede2046c9182fc0473dc85c2d1cf5abb79edcaa943d2cebef9b564cbb9_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1917bfc611ea0be1235d62ada1b6c9b1427304989b68897277689a39c76df1b5735fb00c68e722b06c490710581da6e8_cppui_modular381, - 0x0a36e3095915477f5575feed970b99190baa3c25ff4b3c2f822b8fe03772a5290bd9434ae130df91599c54ca107d530d_cppui_modular381), - fq2_value_type( - 0x1559b7ec780f306c491dc8518da6c94001dd7abcc6e44edc35cb2d9b599cf8420391376850e8ebfe5d468dab410e49a8_cppui_modular381, - 0x146024d7ca26e8f5e47cf37a1bf15df96e9467d3cee9cb8b5966b8c27b8ac5449a5b147f17e7298a5b50a9505c087922_cppui_modular381), - fq2_value_type( - 0x14b6d5a7362981bd18df9a9fce3adac79f156ea0151c17cd679ed8edbd48ecde2120a36a395af322dfa13f2ea7ca28e8_cppui_modular381, - 0x09ff254b6d12544f4a45417739de4729c303a8ef56adab5cbe2ad10c5fa13eacab39bec326948caea3e9b7cebc5cb04c_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0d12d2bee01ac5b64527ae0dcfa4e9a0d3d9c5c287286fe19f16610eead64ce64578a79f163f36bff3578d4ab22253bc_cppui_modular381, - 0x123e6bf487e3c0bb6450c3dd5ba9cd86a3170289eaa7c8b2ed6fbf5ac225df9ca696f52660c65906a5f27250a42c5434_cppui_modular381), - fq2_value_type( - 0x07e5c3e380cd818f49d88911d2928a50dfc8f6cde5abedf545d2fa2d9b5d98879fbe2925da1839b3c1c26fd6e98198fc_cppui_modular381, - 0x15fc476ee64a98b6c2109458d886fbac425524d15e1892b475eacb7594e0b3a9b36571f1cfd193c192e1fb8a559ff600_cppui_modular381), - fq2_value_type( - 0x191bbeef154bcd63eb073954a2fef00c81751d53754d9e036d61aae4e4f6b98309e480d18bf7c0fa5deaa7e7e07602d0_cppui_modular381, - 0x14a6ecb4ba5a34f8a9356b730caccd695a34386a9a3c1b6ed3a007d4b1eb74eba44e2c1410759a22f207a4ce230d7274_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x094adb5c3f51e229e126ad531cb6be71ef60b085a4b8cb27ae9472876d679388382704e6900fcded60bdd0b00632ac34_cppui_modular381, - 0x147e992b04b1a5dbf217397069d64bb962f405cdde58de385d29fe059974d6ea30ce75c39a4a356ba79715329396b6c3_cppui_modular381), - fq2_value_type( - 0x1057d1baab28b50da5eea462e3a99f443154188ed2269578fa3b18631a85b0456de41fb8a2f2cc196fee35c057ebe116_cppui_modular381, - 0x16f1f382fe6e979707fff56f6d29d88ac4773722e14bf135eaeb608389f96c5d60f4b7a4e5ca0079b9d6b6a6fffffc3c_cppui_modular381), - fq2_value_type( - 0x19bda9502645ab7b11b465ab6ea91022506da45398a893950b8facdfe066add136b226050a6f40a24c43c02dfcb7b27c_cppui_modular381, - 0x14c056d0007ff2b534e0342e2fee914797b939086fc591dd3832f0b8306b65bc4dae72c94093c300b1b37b8ee55eaaec_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0d1b0fd60aae3c8723a2f24aa5d6564ebde24c4bb4814ab91e8e5811440991a1a3e3cbfc8e6b8d545db53dcf588abfe8_cppui_modular381, - 0x15581d9e64200ebe120b13e0efba6d9ce0bd52042cc24857854b9e5da2fd9ccea07c2deed350387058fbc2caefa2fd6d_cppui_modular381), - fq2_value_type( - 0x02336eabd86f7f354fd6d03d33def5af788b1e54bc168b21751bf47f3db3a0fa4ce2801e2a72d841cdd66d878c065ae8_cppui_modular381, - 0x0d7a52a07697df3fb93515af565833f57a0b565a0e117cc805d8f271f9072ce7b2ff14f31b8612bd205f71db44aa263c_cppui_modular381), - fq2_value_type( - 0x0aec958e7d8a3da598a8bac814f3f016b850558559bcab4820a4b05e42bad24ba494f413f5a3ac13660221ea244fa913_cppui_modular381, - 0x0b5676c895f1d918f1673c3456186fcde03ec2833a312881b8a599131f8f30f09de7dfdbbc20d8430bff3625716adcb0_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07aaf431c787b4618b5298a4795e3294ffbab710c930df7431dc858e3df1525581bbda2df9e635e8bd4c5f1fb3afa467_cppui_modular381, - 0x14d9d60673ddbe2ce35969f3e4dd0c34211ad33f2b0cafa0ea696698f410b44cbe8c2db66e6a4031b012f755659588e9_cppui_modular381), - fq2_value_type( - 0x153ff3814e5c5e5890da40746ad9e978cd4bfc14acad0d7b1de0ea0696f5a47771dd201d34d7afd4ca5f0bb373c3fa75_cppui_modular381, - 0x07eca38d6d755370adf94f735c689055732461970d06e05e340691e5a8fc6ccf0987139a7c4f37b3d3df3dcf10f5ede4_cppui_modular381), - fq2_value_type( - 0x1463ddd2753760074091fc716d05b494e3645cafd369cfc8cf3838cfccf20a62692f25cb6fb03b9ae793219ff2f9515e_cppui_modular381, - 0x1944ae53f78633abc6e1ba6e72b7a7ec07c98cc5b375ff24bd49265ee8064439eb1c412e01cc11a69e46ca538a03e180_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x010443b653092d8da7f10f5eadea1a1a62e58ab1253d751562eca9caeceafbd9882d2eb59223481cb6c084b98f75b18c_cppui_modular381, - 0x0c52f059b37756845296f0cb851e6129b319e39be8416a9347ea04d988c4b01652c35595d426fd3827258152519bb4e9_cppui_modular381), - fq2_value_type( - 0x0898b8669612d1b8254f184a5daa62effc7634f073a49fa1b9787baa476786185fa267a86211e2a47c17f5503e6a9914_cppui_modular381, - 0x01280310c7d084ffe6edd14fad7d18e2f12b324afa98f5253e8a4ba766d5355beec807217bf2f5348b3f52bbf404295d_cppui_modular381), - fq2_value_type( - 0x16d2113cd7a2b5bb2f0b42e1118d93b709a8d67d702fce8f2fcf2e7a91e03a211910813c81d3526b76d32bbcbbc1c04e_cppui_modular381, - 0x07a5ae033337f3b92f737756d9d8442ee00272909b3a0efa5f3f20c58b5dd01d7fa9004a9cbcf639cf91a1c14faa0ff0_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c5127e214318ca34230681597bb0f09cfd78953a315051523b1e3f858db252dd71ce1fc62361aa9243b6efcb4bd3bb0_cppui_modular381, - 0x04e01eb8ec903ee97e7cbdcce3480718626428de324bd64c9c71403e0a5d556dc42fa41bebee25d82ce30662ef682074_cppui_modular381), - fq2_value_type( - 0x0ad786c2835ef95e9bf5337db3b6f8fdd617a00595c08ca16bf17777e967072de6385a237a011224abde5f259ec93a73_cppui_modular381, - 0x18846df8cc0001fd6ccdda949e1d30c750221242a2c27da0b3688b17b67a848a41b36e5c4a6bf6598766d65493a62a09_cppui_modular381), - fq2_value_type( - 0x078210cd7496ab064b33c7e075c05ae43e3dca6811d99fb6d41dbc0b4f46a82911bef71cc38710d258e20ce7c28154cc_cppui_modular381, - 0x15841113b718398c942f90667af358b2f1f7aec321fffaf4fcefca9cd7a4961e468336badce9162771f5dc10d74f61b6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x16a7e8d2945755151d30d3cf2a0d9048ac59502cc5537169e9ce1c392849136f9721555093bc02bee4aa7426391e3457_cppui_modular381, - 0x119038f8b34afef6fcbeff5a49ccad1ec36da65e68a887cb8c5f33cf4f7a02b9359b809df0982463838a6b43824fdc69_cppui_modular381), - fq2_value_type( - 0x149958a008cbf7d7e5cd21d4abdfee62092ec2588714ddcad5a6bafff5cead7f7951e80a40b92c1466e7d1d0a04081cc_cppui_modular381, - 0x02458eb21383dd0ba8082b01900d475e0a5191cf3fe57f63c05261e3ae4013ae2570900386a77ea49626c28495d852ff_cppui_modular381), - fq2_value_type( - 0x0f5c667134b343cd05ab78ea2b49a1264b9bb377e8a0de206c9e932fb0715229914f1d81eb6609929f32cb61475eb984_cppui_modular381, - 0x10a1cb5524e8c73856f8081431323a6e1cdb8809fe753a78b2be2b7a122eac0d90027f21929f0b3de6aabf81fb8319af_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x04c6bdd2c4bef0faa1a536f2db9e1de1b63b87d7d41b67728583e190d67f140596316539a4719d99dfd7e4c58b0e15d7_cppui_modular381, - 0x0c2da023fd63cc4a46f6c1eed2210d40f67f2f3d70143d165e8c62b95b573c57858e2b8fd4b255743463c4e89dc24b71_cppui_modular381), - fq2_value_type( - 0x0ecf23fbb64f43e54c0d150ed81e192539ffa05be9eba1b317f244f9c3458403db1bb32f5bb64dce3787ed243c227e87_cppui_modular381, - 0x0d2a11cd13487f988b76b27594215d75359b388a47b2b37bc25bb2b78188318d69e9ba98ddb9616baf89e548981e3ea8_cppui_modular381), - fq2_value_type( - 0x0b093b91a7d1046c5b69d673fbbb16c5f6ff8ac3ef420b9b3f89ed40ed97208ac7949ea3ccb31f568bebf01507fe8f95_cppui_modular381, - 0x189a2fbeca18a7c39881330e522ddcd1b25eea965ed5a4ab73d720dbfdad1ed2463560d4296b1ecf58bd05c212d6886b_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x09f4b8949ce57f93b628ce81fc12c3abc3c2471fd953367e5586eb183d7ab776bbaea41de7dd1a705867c06bca6e0485_cppui_modular381, 0x0e5008627a9fb643c244f303bedf1926edfb5a77afe8a33b3f33d4b4971155d2b59d0507c2752e723df9b75173b5aad9_cppui_modular381), fq2_value_type(0x0425b538e9e7da61271a7d06fb865e69d86ce8691bdae04f9789d0b22fc4298b2cde8f0241b5b9c0d635ac6ed9833f77_cppui_modular381, 0x163c56c38978149ab1960c0502036823daff6c622bba5fd894698a7e09f236e89c60669cad46787a5c470aaab397bc7b_cppui_modular381), fq2_value_type(0x091dbaa99b3622707a82dd8b19a8878985021cb73f70f7d2e96b8625bb10d6a27d20cfcb355c28ab633b34bdf5f02fa2_cppui_modular381, 0x02cd8ddf7eb45a94cafebf401fd6076c64bf7e51ef613ca37e5d3be9acb8fc7bb1c68bd9a59d3c044094b93e1212b587_cppui_modular381)), fq6_value_type(fq2_value_type(0x139a2955225fc994912ef75532214c23f95fc00f432e8ec62d5475bbd24a814cdb94edb5a5913aad8d9792c8d9672d8b_cppui_modular381, - 0x1760cd2b408d98dac5d4e6b8e56f2ed20b7abab437e1da3fcfc59f9a681c74e90f0e29b7bff6918dcf4bdbd80e3f8cda_cppui_modular381), - fq2_value_type( - 0x0b0210f4c02bc1ab42749a00a38fb19203a813e0a4b407c31255451095d37b1a73c4fe5cc57323842baa4a14d6068feb_cppui_modular381, 0x01ab8cd4f72a52baaf1757fe3770c5e092d7cac3be7ef14c0d4496b20af3d8d5e4129f6742e0726b4bec0cd2a159219b_cppui_modular381), - fq2_value_type(0x060ae34a91c22fd4dda9790717ff0ca146b36444a40a83a9189c6154cd7c747e1cbac015f4ec749612a58fabf2e42653_cppui_modular381, - 0x0f21b747b6d0079c234bdf0dbe0b070d066e0ee48d26201dc9d8c7d6c8e6e65cd9fd5b42535c68c1020a438fbc92e8a5_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x0383401d70ee979a2a95632f31a9dfa9968fe643d104bd8327b3eb7c2ff1f23bd799844e0f3b682d46fda2e556b68c3c_cppui_modular381, 0x1686a68fc0a6b62d8d3d028a34ac27b99d9c81284e2e13a4bf4b333b376f6f7aa81222fe750f4a1281dccfa66b683cbb_cppui_modular381), fq2_value_type(0x137ef24e6aaec4eddbad15c747acfb508dca590d94cb4847e55299623097d7cdbfbad1c00b8d7a9ed666b1ac9c6bb4c1_cppui_modular381, 0x0fe3d75592f1e7237f427625b31dfdb718b78edd4134e697fd7518098d452d4569bc1bd0d9f82b9b141e3f795dd7d9e5_cppui_modular381), fq2_value_type(0x0c205f7dd1121060d639e904dadba233b1445d240dc494376246d3a1acdafc26fde1ac82470659acbb472daa623a8d98_cppui_modular381, 0x0dad634f60df35dfdbef583d94d1d0b5efd896910d06616330777264aa62a082ed11f7137564c8a81cf2b1fa071eef49_cppui_modular381)), - fq6_value_type(fq2_value_type(0x1349b2abcb8159568adda2c3067b897beee0a42933feecb6471b7eff2465ee1456c6b0f60468b299ed488d65f7df9388_cppui_modular381, - 0x0f13684422bbf6714450c96ffa9dacf0cb81b53066a288b3e17336f5d1b92e4985d08608a3aa169c5317b4b5f7d278ed_cppui_modular381), - fq2_value_type(0x0caca4623725d01ab43b2c8d835f63d76a42fe52117c75c03389fdc05cb9360c980721766083aadde649363b46d14d7a_cppui_modular381, - 0x019e9514413714d262095d572fea608bfb3bc1a9a6f4e333b12db962d29e43c36e442ca6d3f78bb5b82b0026f0d3a983_cppui_modular381), - fq2_value_type( - 0x03a4e6b13ccc8000a1957432dfa578d3d529736c584b7fe2d7b46b264cebd7a954b20f3b4543dfd36ffcaee615e020c0_cppui_modular381, - 0x023f270f89f962c820598d5b56af95e8d08eea18db00bc78cd2cbc0b8af13f7089695d1668784784f6e3e37cac157f5f_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x14d69f03fe7c909b61e59c538f8666a523f74a1172327b878f6666562c65c15b75481b8fc940f5600e67ec1fd2291c97_cppui_modular381, 0x122b4f54741d74747a01aa5b552a50f1952c27086255d21c6998e9b340239e9a9b344b6f4169ab75dc08764777e1c9f6_cppui_modular381), fq2_value_type(0x00f90b248d044f5a01125bc54bbcb581e091a288be9de2619fc2a17587affba4551199aa2943d51d42127b174fa8d3eb_cppui_modular381, 0x0bc93b870e4ff73dce9a0b1b2f68a58244c96b44897c79f0bd37aa28c80444d063b2f6c893ce47052028bdd92c18d9d4_cppui_modular381), - fq2_value_type( - 0x1508fbea2648360d82b97e76559869ab8040e07d9615cb29ac1bd6dddf3525ce53e4c2934ba2fba7007087e6e6374097_cppui_modular381, - 0x09554b997e20579469e8bc8f88674799cfb12ce7fa5b3fb5d61adde714b09eb6ab139c666eb3876b1cd05adca05c5d4f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x14dd3fcf582aa58cd78cc7dd140024910bb9b5c8f58265dcaf7f3a9cfa2d5086625cd5a281fd7d856d0bb1e48a39dc70_cppui_modular381, - 0x0c2815eb4559780068238042ba2e4dc9bafb2253e791a7bb5cbb744a796d84713386d5cfc59989e1e42757a9f6f06b5d_cppui_modular381), - fq2_value_type( - 0x0eeea36ae288e6ff0581b6c419a9ee26beccef7fef44f24aa6c0ca318c1d6d5d9b59489aa90db2415e9b1532573ec01c_cppui_modular381, - 0x06d12827f353094726edc27b1c9b69844701c6c5fa221bd022db466988befeefaad4d2a9a50bd73608a960680c31511b_cppui_modular381), - fq2_value_type( - 0x1961dd4e1c3cc85d267c7e5996b4cfe64cd698f51c1a156db853433f5741434b523e86e5d08616bba5b4f8832a29de36_cppui_modular381, - 0x036528afbcef565a56fe049cb83a783cc2bbe0d8c39634389ef28155d087ba47cf7e19ffc7a0c595d6876457f412016e_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x157252235dec81da0a495d148f207ff49a0d27869aa533a94c3c4c3924648f3c03683997e84c4aa9ad7ae5b4b6158af6_cppui_modular381, - 0x03ce7c00ae439c351151aa9bac43d75f1a1d67983c373b2ea9d35a2966f1575fc4f59570aa246a004d331d5309c0e94b_cppui_modular381), - fq2_value_type( - 0x001d7a51f935f79c80e7bf5f0973a551616338096b73c299bb59800c3c961a10937b3603f41d20475c76326891046563_cppui_modular381, - 0x07651f45d6cf69e70af4b9229a6f74d8d8a99411ca1d633b1ee25f64ed9484501f96de0811226d0541969bbcb5ecea00_cppui_modular381), - fq2_value_type( - 0x07073970fcb4e3e69fc0a3f544edcdef6e8418fce8cc592bbb3cc2486e981b0469c76db6134efbb5c9fb5d09087ef380_cppui_modular381, - 0x0a23acfa75ee73cc07069328e5d09ee02783cfc2c48e55f47daa381469ff3f248235a59519e0693c0c2e7cd9f784ddf6_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x05e4ddbbdba3414f159c51bb7d88e8deda28ccbb4ea22b76a2b5ea6087b8b89d8af358eff0eee79fcb9b3972d51f9cf0_cppui_modular381, - 0x0ea9ef9f652a39a99afa597c211fd8563f99915ad478b779c928fbfa48778f099038d3ff47a6cb307ac1e41dc32b03d0_cppui_modular381), - fq2_value_type( - 0x136eb14946ac90bb0e9fa8855d147ea74e089f09308b69e14325ac90e7683df9f308b5cd3c2556d9dc2734ee9d308c28_cppui_modular381, - 0x065c08c4eb0e3c2de50a7371fa2d4b86355ac7c5830373db4d90ff1f6053d2527d4884793c689fdd3433d71446cfea31_cppui_modular381), - fq2_value_type( - 0x06b3481e7e4904ef6c4904f3271c536c955c084b49638d01e1786c0facd490c49ef13801b881ea1dfeb46980d91694e8_cppui_modular381, - 0x0f1d3d1895d6d301a373fbf667eac97fbfbb32a472c98e7ac3b20847486063c15a9dcba16af862eb61d714787a691c7e_cppui_modular381))))), - std:: - make_pair(std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x006d5f306b474770dadb37ef96ddc9a11e49fce55c4e2836bb5c24aeb9f7a9755af8097aca4190809e579989302bc26a_cppui_modular381, - 0x18268851d5de23f03f4cae626a3332dd129f56ed8dcb06b34ec9dd65eb28eaf4fa622d53fc1655261cdf73da3d5c5148_cppui_modular381), - fq2_value_type( - 0x04dc2ee4ba0f5c554ce712ff9625f10a3976ca9cf4e406641aca2cfed24a7f43ba3716c0719f0c96647e19d8dbc348ed_cppui_modular381, - 0x123c833851a5267031eb586285d5123cc1a6a259cbb442f4dee46abead3652d8c8e0bc7b02a72aefde0bb11b58e359f9_cppui_modular381), - fq2_value_type( - 0x13de3ddedf20e649a2a8009f73d7c7cd9c2dd409c02e26d11b3ef4d4fdf5e6916047b48c494c55b269b007985969c7f6_cppui_modular381, - 0x1504de6c8bde7a743f4670ac18705a2d2f92db0474100b0b8d83cba5ad1231a93b8e7cf53e0725973440ac880a01d47c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0cec7183c040e13938c9af3efe56b1d52249b40dae5abdbf6839c4ab603a85d2c567344f7dbe80f67c142eeed4f02acf_cppui_modular381, - 0x184cae7426d67b6f6690bee00a9c7d86b28fa87d96af297a4fb1522d85d91273ad71ce6fc63be593661a3add416004d8_cppui_modular381), - fq2_value_type( - 0x043975fd00b8155725802f6fe66c26da30974ad50bf1302de5fa42a2c695962d26ae9451ffc10cb1bb1073b08c3a46b1_cppui_modular381, - 0x189d53fcafd148650524590749b7e92d083f8d0dc6acc8fe10dc76e2d65758125f31674a8d5fe05f1b9e453a1da5739b_cppui_modular381), - fq2_value_type( - 0x012b3de04edbec5ade5ac3a2bb974f6a6c9fdb8a895419b0a0a9b153359c011fa68b92510ec4096d1ec96537e17befe5_cppui_modular381, - 0x109b067c2e2672d1353ca20b743bc97c81af2f64b0e36daa6bbe3e4a7a4083867b0b74462dc5836fb901a13ad4a1d59d_cppui_modular381))), - fq12_value_type(fq6_value_type(fq2_value_type(0x177fa509fbb38841dde81a3bfa63b725f107071f31571a7e1f73eeece14b20bdd81577cfa0e20e3c4b3f08175fbaf176_cppui_modular381, 0x13fee217f19c8c5c03a20a7fc1fcb0eb921a499bac996ca810f550b8d72c24a09a8eaac19a13cac926b3ed3bd789dcb2_cppui_modular381), fq2_value_type(0x18ed93310813c7f1a549af1b32afbf924dbbfb9f3d66f75643773b77597d51d5f5c0c045e46459d4aad67702b67f996c_cppui_modular381, 0x026dc9f38d03a4a68bf07c0fd435b6e72afc3092c1dbd23b993d3445517bb6fc0ed74ecb99eea0819895bc930d119392_cppui_modular381), fq2_value_type(0x0537cbc113176f2ac31f2b1936a32bb4e6fbcab949411c77e8267779887f3ff68a795f8cf462a8fe536ce3696d58b456_cppui_modular381, 0x04b718f42c75251da847fa8a60d864b68fa03217dcaf7308b8f25d2c79f937bf2b06f5f9f344da079fb040667b8f691a_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x014b36005a296169b31e1d291c3ef4c009993dee6927691030ace7436a199c42788a271b83493b6d0f8f158ebb72bdfe_cppui_modular381, - 0x0a43042562b84d60a88b3a49f03f309a612cc1a5ffbc0f38f49bf13a23318385c2dff00f2018f9f8e4bea628dc4036d2_cppui_modular381), - fq2_value_type(0x04a82ca72b3b8cc74b13b62d0f815263ee0dceed090a73082e915a936846fd20977a0d82c663196cd773b09c4bff0ded_cppui_modular381, - 0x0b2d0c0effd3b2db83760262cf1f29fc791ca63d95dba662ee7e0483e9d48c87e708956967a56eba5ab4c039fb67549e_cppui_modular381), - fq2_value_type(0x178b986381961ff531531e485dd0ebe428cb7c2a599931fe830160406ccc1aeb9adc6eb884d24ca65f9961bf0264cc07_cppui_modular381, - 0x12602873608ff64ffd37f9f473b8b1bad8d0d790d5a44ecd4a0fa9540d85eb4e06d8e84d178684d1ef02dd86a43ab52d_cppui_modular381)))), - std::make_pair( - fq12_value_type(fq6_value_type(fq2_value_type(0x0c60a39239083d40eb8710c7caae10e02952734193e51c362047879eb4d68f9f3263a4c395aabe0c36fd44fa25e7de9a_cppui_modular381, 0x03a72839cb6a39f46fa763ca017e66349cf906dd68a6c6608aad5c396b35f7d03edc569b18a479b4b367f994dd408019_cppui_modular381), fq2_value_type(0x0ab34d95c400220c5a3da96b5b3551ae94531c64ca722b5d16c515e50ea81a7206c0270a6eabd59f3ea8a03ad59cb2f9_cppui_modular381, 0x17c304d7d58c002f71e199a1d18325173901367409a6fac772b5ab2fbb40f0bbc319ef87eb3c2cf44cd6a0e62b957519_cppui_modular381), - fq2_value_type( - 0x184baa9478d6b2b71a0ff476424d30b55f2d02f38ef629983238344e00baec9dc9da0050745cc9525cf597c09b2fbd11_cppui_modular381, - 0x010d046de543904f28c47897775e3ce7fed7622c42b1102dfcd0d11b2b9015576d8a2c5fc88b412f4e03b4bdaceb30ab_cppui_modular381)), - fq6_value_type( - fq2_value_type(0x01f2e88adcede8f70d40931a94f310d9cfa39e90d9ea9fef81e582bc267c7bf14c4a0bd12fe6433f1758e3391af84987_cppui_modular381, - 0x0f5e62907df26c42deb8fdda6d2a6840354700853015ac6b5888c16f1289c84ed477626831e9c3c3337ac0f035901784_cppui_modular381), - fq2_value_type( - 0x0e24b4e3d6ad5d0067c7bffa7d1f883c790cabfb4e3c348dafd734fd3d42b765548080d132d75eeb910d13846d71c8dc_cppui_modular381, - 0x176cce68c59a86c1ed636f85f5fcef7f9130ea6d868b2e68d3c75279780568c6a575691099af9b8d7d98d1d0e4dea06a_cppui_modular381), - fq2_value_type( - 0x18afe2d336a530d9b91f2772ce7779fb0d6c13866ae613f68388ea0853b2b5a04db75cbbb93f9e6219e0bfb28c38d2e2_cppui_modular381, - 0x0be7364ef7fe506ed4459abcec9a556e6457e2c82af2661b6d7257da54edda27590029f75a79b5070bb572e2c9ba3d15_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17dc19aad3a8b97738ae33ca717e506f6db25c841293be08366b6075bd13d6e020a28ccae6513fd6188632e3e3c15bb4_cppui_modular381, - 0x14212a3b4eea84e3c46f709ccc2804bd41f15ad488e732a34121377fa57e946ee003d6b8208116128cbfe2ea98449ef9_cppui_modular381), - fq2_value_type( - 0x152c680d7aab95f1514aad3265b56972ce9d266276b043f60fbaf21bfa7a43cc038a223f74587532f0854e39d5ba5e37_cppui_modular381, - 0x1914f8d4e3cfcea1cc2af3a094ac413b12f5d914be984a3124560b8b3480b723eacbbf8f57c12330334c7ff3fe7a62e3_cppui_modular381), - fq2_value_type( - 0x12280f133c2028a54637a43b105709a789f3c0275ec4e25632a53875ab54ae606ee91e3e0a2769c78744562dfd04039c_cppui_modular381, - 0x170cd2b13e9a1196451bb19123be414201e93bfa6e4d0969b39324b49d518fe697886cdeaef496d44401f0fa71860aa8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x151fb7645023873602d56cbfc401c7e1a61a841eca5f180da91e2f706fa57a05fe9b6c9680c834f41c40c32eb2934290_cppui_modular381, - 0x0035aedceb5709b64356db3f4c0efdd1edecb042d88256e486423db4172178a8741e0e7b94959ffcf9cfe2c5f9dc1033_cppui_modular381), - fq2_value_type( - 0x0c5e65c587ed7a6130841eda1311f47273a89056a48801cdcd9d836daf8673529ed486243f7a3869aab5fc5c1755dedd_cppui_modular381, - 0x158c2ac494b4494b6c3202751f4195d4a054929c6e83e3eee4007b14bc497511e14818700590aac7a426799c7e324e9f_cppui_modular381), - fq2_value_type( - 0x16ceaffbfde93f9176478100cf118613fbb63932dcf68461ee8ba252166c912c80284a7f2c5caa8231d7e4a47cd0caae_cppui_modular381, - 0x0b567d218679433ded34f7178952755e312befee0e0407b396873c1e4fff320f12ad9886ed9f2d8d369e868b61d58cc4_cppui_modular381))))), - }; - std::vector> gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x08f9073c0775a009e4e4ef14741e99852294d17d775a1a8af061eb6d3a4cdfde8983a417105adf0160431fa096046219_cppui_modular381, - 0x019afd97da798d3c11c5dbba307bf31d589f267d9cab1eba321128dbf4a2c6336b3bd5efa5e523c555635b07ebfc9a43_cppui_modular381), - fq2_value_type( - 0x0dd372d1f9d389a429f17f6c69c9d66a9ebabdc893e4d59e5d8566e528eb667c75b4f8bffc5469a996d067a76eac867e_cppui_modular381, - 0x134a7722149f4e80a3d66582ee977f70bcf1870ac3575d8a550decf04c0ebb49a25cc9c79ef5f1a9640941d79cc179b9_cppui_modular381), - fq2_value_type( - 0x111a3d19c23548f8af8891cdf2c993ee7755dedc9b91ea38b7792943911ce699c3941f3d2bbae5bdaa57649251ce5525_cppui_modular381, - 0x0a6a61281a8fa7c44af33e1b4ee0141baeae41b9440e51405f06b899d06c4ada5adaaa10d7e09276b001669696c09d15_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x02ee5660cfe9ce0ab768c07b5076891d18958fe020fa2da0467e8572aa73ad7fb49b191f4f88b56ccd209441682b71ad_cppui_modular381, - 0x0ba6c3f8f57c304983cff355f2d151cf1ae83a3a691c8af2e690f8cdfcb4c7c32adc2e73f6afed33e12fb74052ee9b6a_cppui_modular381), - fq2_value_type( - 0x10068f0bcc586f7ee257e844a082a664e46d7d33bc0cf756077cd71770b23c48ff63e588a21927ee06e9691e8ed25e60_cppui_modular381, - 0x12dee0b4dfecac74513d47203a88cf3559c0f668762e1ef79242e61ebce5d6d7485959f73291d61a69b32a092c00ead1_cppui_modular381), - fq2_value_type( - 0x0f797059da69a2aac6d611f8c26fcce0bf4d0c7672690e05c7aea73cf0d36f79b2f4a9e3cdb45015ece5e50770fb57ca_cppui_modular381, - 0x14a179d096a7383b049d86dae4670aa242ad0e7decdabc6f0feda3395779feb60ba53bb2f274ab7596424e2c6119b38d_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0f4010a6ceb4ecd70a2f47d2d90c32604819b6890282f75d0a964aaf6a1fec3d60ab26e61667e49b4a37146f45fa9c68_cppui_modular381, - 0x186bd13811295ce750c5cea7c81e9f3e53571e703873ed57ce23fb6fc7c826d451668197ab05360dd722563f75e721df_cppui_modular381), - fq2_value_type( - 0x01ca0a12c9a1e09bf9bd00a50d3c6f14ef9a121a8adedc4a374661f1c2aaa87d26b4b2258dca0a208e244991196a10d7_cppui_modular381, - 0x052923b27e2fe2031f78e1381001f6111fc8a05fb5ec0f6d114bd06a3ded82f09d76208cf37175fc83d9e39aff9df23f_cppui_modular381), - fq2_value_type( - 0x05b109b5492879cfb3aba57a7221674daa1c84f3ca063d770ffb26150fd1f3f24ddfe21f342edcf2adffd232bdc68792_cppui_modular381, - 0x0ceccc3815fbfc283af8836f7da64969ea19975b6f68206dc7a9b9ec2af9a74473157eba4acf37fb36e9d099664b0960_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0dd93d143ba91d56e03b08df97df9d8196ea6dcc9cd52dc33ab284fb1474d58329a103b16b5b35751b8d8dcc85a54639_cppui_modular381, - 0x021727257d3e11fd1a97ef0eadccecfa4a25e099ca7272058000c623c3cb70bf20ac0feb5c7d97ddfc5b9fa9a6e58016_cppui_modular381), - fq2_value_type( - 0x181abb082290d93f362b7872a4066ac3f76fe39e07373094089815f6ec2f15abe9e98da274f8196eab5c4bf16f210c55_cppui_modular381, - 0x090a968b4b81d4d0605d75177d2105b1f79949700abdbc8517ed0ec3fe934428344723b4077fd960494985c5d1463790_cppui_modular381), - fq2_value_type( - 0x15937bac482d13c9f53c025f11e5190b0f13dd3014b33fac42dc40f4b1cdb56f6e84a74674b8d7f1703808c5dd9cb5db_cppui_modular381, - 0x0e71da28c8ad7055776d3e89bb08260869108574e55c61eb537e82a79986339dd6d466444611278b616b9af6ccc4983a_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1575569d8aa93c4539b3d555c72a59d812f2cc4f8ac77f4636b70602391fbe653ee313c65c3a3a97ef30176797090f2e_cppui_modular381, - 0x030e6818975890540ea2cf48b5ab288a075529ce7e967a7a6eadbf2511db763aeff57e76624d869543cd971b9cd15a5f_cppui_modular381), - fq2_value_type( - 0x13a9f2ef96517d6e5320027f8e57a344d4ca8dc94031303cea0ce02f780edf5a565633f54139e57535d88aee255b155e_cppui_modular381, - 0x171a5b83960fb121be36b9ea9fa82799e7cb0ab2986052353d67d28fe3baa4754632a38f85602cb173dd7ad048df76cc_cppui_modular381), - fq2_value_type( - 0x12f635d40fa64fb3c6b9fca1ff753136b1c0e09908b98f7fd1100ff235854494fbc62aea76dffc1dd4d869d51f2a88a5_cppui_modular381, - 0x17b00950f0a259e027b6828e7f59d96376f2d9642496f58040779adcd29fa1bf37a87427153c136dc704a005c270c442_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0bb33b8a527a332f8ccbb5ee7a6dbaf17ed8ec6e5f0d5c3e84c1d994a0a6facf3a20e9493f05fdb08d6651c25fc8de4c_cppui_modular381, - 0x083f3e32f2a48c016a29e09a896e357f32fcd16db631c3005626c255d2d5bb0eeda54529510f8d4e94d9b2687630cdf7_cppui_modular381), - fq2_value_type( - 0x093edad037781b9bb503f44ae4a2c12e874fadfa69e09feb03ae3325ea911ef58d1a51c1c771235db662b262e838ffab_cppui_modular381, - 0x036ef42721079c143eddda66ffd5ff90a56c52d88a32d4f92d0361cba6d08262936bbed88a7229f9c1f6fd3d4b05bfde_cppui_modular381), - fq2_value_type( - 0x154bb3ba3010bc9adf83ee93d1d894c2da3bf2288f107c535452f719d83a803d14799d675841541b292639cd39056129_cppui_modular381, - 0x094063d1fa4295928329b835e198dcbd7c895275174dd7a6e250eeb6a10109f161faeaf224084145b59dcc12abf2ecf4_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x17c730e3ddd4e091ee9c803e69850cd058a5c0efb422fd3805c080fe7d42037826fcd9eda6f19ee25710e0a7699d6818_cppui_modular381, - 0x0114f715b4bcdf98a72e58edcc669339c4daf644f89629adcdae25377469d9f1931ba469f334f470e6814dcc75c13f8e_cppui_modular381), - fq2_value_type( - 0x082e7a8e8c72a5123f8f2793666171593f75e19b8be16146ffca9ef10e6bd9d9f926e0a317e0475f8767551c699055ce_cppui_modular381, - 0x1682ffd0b557a67c9cb50a667b7b44cec5e1050fb162fffb66f28b73e075d1f2e21e7bc635064cafb555c9b193cd90b4_cppui_modular381), - fq2_value_type( - 0x058fc782de29595ee450b8d9b7ed55e5c9c3ad1ff5958563492ea7237ad1c2148d8b0f4ac961bfbb58afc5b0ae554717_cppui_modular381, - 0x10983c3b4484083e92e1f63be4158937249d77b22cbba541103f8897e947646d598948771268bb1ac812b3c42a5256f1_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0de5da5ec03c3de2995c5897972ecbf68902e8b5531b1aaa7cda6026c597fadcf781917af77f5570015448b2bedb0c3c_cppui_modular381, - 0x14a5181e6c51146873e388f144e3663c9172ac92ffb960bd59a5d441f23dfb98adec2908da4e19a48025fcfc099ce6e1_cppui_modular381), - fq2_value_type( - 0x0e8865d56c3f291bf77807f1e26987e0bdcdf1ad4280e0e1ba394b996ca14dfe1e5b81ae5f5596b526ebe5ffd1d9def2_cppui_modular381, - 0x0260065b9b022bae050c5971e9c27dc70574a3be01ae32b12430f2431ecf966ce8a485185833e12b328dd799a091ad8a_cppui_modular381), - fq2_value_type( - 0x00488b4e169f7bb6e47020106fe71491417a1c5bf7202920dfd7f48f6dd965ee1e54481535e32ae5a69dd9615f3e3223_cppui_modular381, - 0x02d2cac9461d150153d9e8b6c863c4cb11eab1259d207d167b4d9f38010b45722b950f054533c366136166e0509f7633_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x123c02bfeedc4f8ea0992056df6b6f4fda5a2ad1656561d7fe3edafa5a3fa8b7604f617587b8d2c3537d8e037061c2a4_cppui_modular381, - 0x0fd284dd926d7873d120232087c39b41203627a6aa7afc527e0dbe688315b2f8cc17c4928a08a5ab989198bc51ecefd5_cppui_modular381), - fq2_value_type( - 0x1399215028214fd250f3639f9a2be87e4ef4d6a79f4cb81e0363644027119b4a2516bfa0a5012d276a05749b80144c06_cppui_modular381, - 0x09af4ed233b37c01cf8dcd5f48030c34e09a7329c2f8b204435daf5975d8e6b99deb71046d6fc71bb8511a97db0dae8e_cppui_modular381), - fq2_value_type( - 0x0d4bb65d7396c2add4a2535e4df821f03f370911efe713e50bb9de2445eb226438677a3e2b7940add0f4374f64473d99_cppui_modular381, - 0x1859e2e35e469f60a3cb901cdee3f105f6a7917fa252ebfcb98bc0c518a9170ba9e6bc6c54f0bc317f5eadfa2ad8531d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x179269ee91717b72c93d411b169457cb2c25648b2f761ffd9c52d66874942eb8d67926cfd128e9e865f6e59d63d86235_cppui_modular381, - 0x12c599b9a30e3b5430a58fba79994b80a5e2094c393bcc6a31f6fd5f2303ce8fe873b98d7c23d5f478464eb51dbb4aff_cppui_modular381), - fq2_value_type( - 0x184a9233829a5652225673d043b612d75a7fb49e0b69cb9d44ffb35c12a1c66c70238e75128aac8f7209f4d4192e1bc3_cppui_modular381, - 0x11f98b10c61957a655eefb9a28d898f321e0483222b04b1242b3d9369eb783d2713cfb9431eea71e55669afabb8bb78a_cppui_modular381), - fq2_value_type( - 0x18db7aa336ee287227d0bb84c11018079c3ecd05e2e9e7d991fa419d874b4bca347a20cdbd74faa4bcec39892d4d32c9_cppui_modular381, - 0x10a62a1d7fbd0cae7dea00b02b82f1167637f68d02123153418f9c52693fcf5c59bd88fade8bd2a1a09017a3bfed88df_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0698718e1e0ef63b893800d0d82e26a7f2f2714f80a54e1341f7f790ab91a80d37a04338fc2f8298068c28e77ff67c83_cppui_modular381, - 0x076d476a55b32dde259f0b654a33ecd52828b948abf72ec0d7889e39e8a06888ae598e10fc4399093f008a2858da339e_cppui_modular381), - fq2_value_type( - 0x119feceda0d283ded93911564149778d7f7b7cd28b86a6293fa784f04a67ba2d3b3efb14a4f7b840338adda0e40c0783_cppui_modular381, - 0x154f9decba8a3f68fcd339c72da233f71fa089c1ca31b87daae8fde856ea029125fcbf579277308e24382381a947c105_cppui_modular381), - fq2_value_type( - 0x09b83d533c30fd2d1b30feff20add25ab7834dee055db7d9f15123d0c19367f0f0916b217aa12d5572d49022f605e3e3_cppui_modular381, - 0x06058ffda7dfdbcca1fd15825131a7b533a0ee25e2b08dac4049d59076f520464f11e481bc225b7720aa60792cbe442d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x187a1cc2c0ec0ac7097d25a48444431f2ce6b7aacdc77945659029a54633f9e9d3da31ecebf9b920a2c0791c3192061c_cppui_modular381, - 0x0d3cef4b7ea8b25fd960b47b2a855931067741dbeebb702584c0c2f15ee2e7c042bff57222b2fcee4632420724f0f568_cppui_modular381), - fq2_value_type( - 0x12f72eac80b1d15b8421b8d2157690247792381401ad90c753982baade5a62fda91f0d1794deeca3e4f8c337317306e0_cppui_modular381, - 0x1429844bc38ce46cf8c3382ba253fcadc7322b8f61a1ee1a42ab1fee49fba6a122a858c1439115016f48da1f9118947c_cppui_modular381), - fq2_value_type( - 0x04392327de52f85a0913a26502d9a7744f01aee8f321ac61063008cb3c1d8b43b8cc0776d3bae66eaa0e38f0433cab99_cppui_modular381, - 0x04497542b82ca27b26226e9406a108f962674f86665211f8e764c13d730e5e0ef1d0a969383039b64e9342d61e4ba80d_cppui_modular381)))), - }; - std::vector> gp_z_c = { - std::make_pair( - G1_value_type( - 0x16fb57594b1c4280a3ae03f69cc7b8489af6771379c9b5e260a63e8c19f7ff8be3c254932fe0aad28f816ba7052e4967_cppui_modular381, - 0x05e90d0b869a06653ccc8834afd2233bfb2d9c09a75e7e2dd39ffc090a226462b79d108440474902b921fdc56840845b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x16a09499cb5dc71cb167dcba20ebdd0ecbf861037c095b8199a1216962bf295c9262fc9936042f1161c344d04e1dad8b_cppui_modular381, - 0x0b705a88efe7cbed33e7c1979d6ace7a28c19860fab650267f935a5ff09b56bfb15c1973dc71b80e62009dd516dc6674_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x044be96c66a6a39b0c849d8958565dc1aac145158141ed92baafd18e150597f9af674bb8d04710ac3749884bc918df6b_cppui_modular381, - 0x093cda4320c79039ae2dc14c8943b0b81f4a041a008e2a637b647ca892f3a953cbc8f82813ecfbb35578a4f8ea122a63_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x10dd1a464c0e531d3525df1f53693d03d3d688e0e3ecc0913e8bb5bdb093ab2c9a366f02e50679036a2c73034db021da_cppui_modular381, - 0x19db45be54bae534b874b4a1b2fb0897f43d89554ecc43072a94405e6ac3b69fbef222843236a9a106f9488be7e9a2fb_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x0be458417c6fc8409fa231013345b4a3dc5e8151c28c9aff0403486ce026a22f05384c4848066ea1181830de6542a559_cppui_modular381, - 0x042c0bc4428de68ef5a0f75f90fa167dbe38082b15cd30c10491c60e474190c33cfa118a683c53731ff70fe2af2d434c_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x15b1f2d6cd147fe30d3c9d2c6cd95210c00ab9462ad7fc1dd9fbf54313716670ed9c5de28b8dd993cd91c29235c7a144_cppui_modular381, - 0x0a2e3ae1709822d12bcd35862a83f783e0d5213f89880e49bd316ba8e436ee42ed7741322240e633a83a305ec40c5d11_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type gp_final_a = G1_value_type( - 0x08ca154549965608909c78bcc6aa8b4ef8397080d14b54427bbb94747af18f25e465dda637f6fc94c02b9ef86b9f5b2b_cppui_modular381, - 0x008db311c46bddd36d8f3113e4ef4559c5ce70bb9b8f7799651583ca7a756f44bfcb9d40d46e41fa22946fe9945f8bb8_cppui_modular381, - fq_value_type::one()); - G2_value_type gp_final_b = G2_value_type( - fq2_value_type( - 0x15e12a977ff8033b2c7538a6eff9e114873f6abaa3a5f8619fe2368de1388e697e805784fa4b2190b4cd3154cc49dde2_cppui_modular381, - 0x05432d9d17e7c76a3d350a3d5e9e8f91a119b5afe5a9e7156566fda0447c459d1c7fb8f38fb625edf48440f5e0e9e5b3_cppui_modular381), - fq2_value_type( - 0x13372bdb38df1eec444c50f8739828cc206f63d1e5e4aecedc24b8a7e6434119e7f5c1f059c1737b61d148476701261d_cppui_modular381, - 0x07a4d623d8d8393d3037f350fc1936ab0ac01153dac4d485581a5dc14e176b749afb1f8497f8bd0de992c36173f92ad7_cppui_modular381), - fq2_value_type::one()); - G1_value_type gp_final_c = G1_value_type( - 0x107306008c787eb50a0810ca13a179bb98ac5e35ab4c4401f61af09f2449396f77d0bce5d5b1fc1d034efea92da17bb8_cppui_modular381, - 0x0eb9995e51a43a4d1bcd287f11fc66f377aeb5fd62517ec761e68a2436da85e72bd17e853c1e4744ede998e654fc33af_cppui_modular381, - fq_value_type::one()); - std::pair gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x112a8fae0f862be4c8f290115c1e2c75a9e279a66f498e216f3a10ef69ff815ce3ec39edbeb4b281ebe05b2f20a0769b_cppui_modular381, - 0x1114c03d275b4bce13a954742a8988ba333722b009ac36efe925a8e3c19afc6f9ce8c7484bf8993f52eb49aaa4f8ec09_cppui_modular381), - fq2_value_type( - 0x08b7d6c40385cfe57b3e05532dd386fc88fbd6cd58596933af51eeb06314b673250180f31f403572f070a613086a14f3_cppui_modular381, - 0x17c3ac21f996cfe2a3cf7366b4a0fa6c78845d210c96244732122361b034ebb021aa8b423d0f0740447201f12b05650c_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x1597377c04c85cd3e7977df8ebbffb69b494513a6a4748539701e6d28897b3bd58481ccd321b165a8a959a79471ea091_cppui_modular381, - 0x12fbdefb39729ad71c89c30bdc125801400ff52408d2b062f8850bfe529bfc1c9be8e4e4a7053bd10fb0812df0681f5d_cppui_modular381), - fq2_value_type( - 0x0d5dd66edc1319984052ff2e000a00aeeefcdfc0a919663ef9a3c864aa4d32a4fbf40676a97be7571c12348c321ec00e_cppui_modular381, - 0x0af4511e311ec1c421f6d7068d449c39ea90579bd0c1dc0893543598263fce17993d85e8f5aae8f1e161302d4d45f9d0_cppui_modular381), - fq2_value_type::one())); - std::pair gp_final_wkey = std::make_pair( - G1_value_type( - 0x0f735b82eba2a4cd6392dc33dbf4d7959cc90e638b45a5c1b83391c8ea528d491f8294ea2583c718d9c5cf7752be5079_cppui_modular381, - 0x0545f5094822746ba24e25590552f113fb1bdc20ea92ba1671d956bca258c5a7258f26444b8a442f996e98f5563a0857_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x148bfb9e0752eac87883fe95c7a8899cdbeaa9af0ad3d623238a04774eb5de17b5cd55b6b53beac54cb3644c02c4c3a5_cppui_modular381, - 0x082c949d608c7ddebd587403529d3a5159205431ab8e5a196690b4537c2aa937727ed30592e56fa120dd0a3fc934a989_cppui_modular381, - fq_value_type::one())); - typename commitments::kzg_ipp2::output_type com_ab = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x005bfb5383703f7ad7c8cebab8b70d9a4c09c6ecac88fe88f2e021cd407878444110eda3447da20614420f0b96ef6de6_cppui_modular381, - 0x17ac2edc973972b88a578c4c30d6191710666e46cc50cf669b9552c7811b5a3e35d2e87d04218e2ad6ea37fd7804ad80_cppui_modular381), - fq2_value_type( - 0x0bc40aef94a0f54822ad79056a793c6693af11650a9ee887a5e4433af3f8a34565ed06323023062b4ea11bf15f443731_cppui_modular381, - 0x15524cb05539c1b2712a45c1cea484ca7426aec52d731a834da5d26e19ed33c48a180f181b623cf59cc37ce0e697ee3d_cppui_modular381), - fq2_value_type( - 0x03023c334dd1e8bcb3c4be0d57c5fc8edcbb4d9373a512f4e735197a68595670d90719577c827a1b62e9d517637c51a6_cppui_modular381, - 0x17d6804dba136c55babb7e1110d31e639968584e6797c680c2db0c162a987172d906ae0e766ff2f05c9c0d95fc1b1359_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0983db425b34168ea7e037e7b5d8d658359a9d136451c1ce3c20bd569e0eab4508339da97bdf502d3e4887a091453a4e_cppui_modular381, - 0x0c3e3d72109d23ebf2daad34b121cc7203e4e9f0dea2a8da41d96233c63314bbdc076c11ccf2800c3364572a5357664b_cppui_modular381), - fq2_value_type( - 0x0ad7c8032d3bdc3776d9188f10d06e7369cb8d0c6d0dc00ce087fae972130d65ffaf517a4feff868b18ae2c0babcf250_cppui_modular381, - 0x08a1b24102da727f5f5174681c212547b5ef3b2e950b29883ec8effb49689e215b292d6df2a5429ce003dc46b85e9664_cppui_modular381), - fq2_value_type( - 0x13996beb56c2513c733a911a529e84fdcdc3687450b23f6ffe235af71f09bf3abbafd25bd7aa7ffaa04321df6d69e5ee_cppui_modular381, - 0x030253acdcbe194d3258acaec3c30aff8d46cf5bc9fb5a16fc56ad86f82e9bbf7f8f478d22a31e65cd433ec8cc2c3de9_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0822bfad9e1aa1679876d19309beb064c54dfdccb87f3522f069ffef6516f9b1c5c38ef0f17054d0217d42ca6208cd7e_cppui_modular381, - 0x06634373ccd257e7ae22d120c37b58c39cbc1b0e6c3735391c3971e1f5b8683c3b8b5840c8e6c991d1989b603eec6b6c_cppui_modular381), - fq2_value_type( - 0x04be17f88eec6aaec776615c93ea64904b2d35fe6b825ffa5c9eb6a382bcaaff596a487509c732a1fc762d5a97b1836b_cppui_modular381, - 0x04aafd05b0ad6e5aa44a4112a4429afeda9c0b8f74ef8f41c6df111aa044d27a3909a212ecdde4038c67da42a802e94b_cppui_modular381), - fq2_value_type( - 0x03455e5fa32e7a9508a0b20bdee6f58a70869fd7492dbd18aa97ae525c1ad110fe0b9318e9277229b0fd55288db58995_cppui_modular381, - 0x1768950613a4b5f99a43c703014f664cbe8fd63f55bf730fd077b928c50f2d42cf920dafe73f9b1b1ab9ef16aff08ded_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c8a2fab8d47cf662105373cd871445ad3c691052c1d33ea0b03e8954654f4b6634ab7e75c82d4c860b0ff0d290c2299_cppui_modular381, - 0x0279df9dbfbcb0cc129142742d5284a25ca3798ed8f4b66aa5296b566aed8c6cd893b8f785f299519d96d407561a83bf_cppui_modular381), - fq2_value_type( - 0x04e71cf408c5391c5204e55d9dc007e9efca1bc7582a5f6b044f56bd30b546e895580b43aa22376eca06170f84c76d9e_cppui_modular381, - 0x051857bc18ce932c2a32d8c7a7b11e3cba5e3975a46b1efc2c2be138b051fb3f701daed78fad3b2e5a64d2b5b70c9adb_cppui_modular381), - fq2_value_type( - 0x178221c4b804561b7e35b96589583b63804c79dc22af1b37b505fdf7b3bf0bf9b48811d3f060b211b29b3c46d7ce7a28_cppui_modular381, - 0x088367d8e5e8bfe3a21d1209c583fcbc4cdcf337c1eb68a4f5161eadbd160e10360b0320ee8d1034d61c46787e701fc0_cppui_modular381)))); - typename commitments::kzg_ipp2::output_type com_c = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x14e486224695b9ba0a0f0a34f0b95d43e0e887039738e823cefb22debe11b3d53f34dcf7015df9c568a7ae1d2358fd8e_cppui_modular381, - 0x091bd348a453717f080fa10d26d696ce02765a9268a9c1c8d746bed8150609092b3f8c0873ce5f4bb69e5b4b2e8f21ac_cppui_modular381), - fq2_value_type( - 0x0f34d88c2f7dd3aa28eff3f0d39ad7fc48c6ba325e22e5eae3e8b5c15e3341f94f63ff58f5f5579b97b811f498e577e3_cppui_modular381, - 0x183522f3ecdfc14ce2e029559d772c84e0990072573325209efad169031217bab42beafe23c5b3958304a530ee15911c_cppui_modular381), - fq2_value_type( - 0x0398a2a70a2377d2456e85e70521d50e684abdb1b2c5a52f8df12639d5f8494c99cc71f86c0bb7022b18b71c5336bc81_cppui_modular381, - 0x017c68ba9a7306f68f38a4569cf526c7f134c03471bbd78c757b6e74a01d5a18c2af6d0b74205634cf8a5845f490fc13_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0b5d04761a0438f85adffb6d6fb5829293cf8e4a0cacca12e92d4944dba1afdc3c39d58a49c45570f97dcebdcb456e7b_cppui_modular381, - 0x0ee19534ff533e286e8951730990d712d16e706a37c8628bd74bf89df28282a6e2c59560f83fdf15e504f5e3fbf81263_cppui_modular381), - fq2_value_type( - 0x163c63d3e9a55fc3cc917efe436f83051062825eb9e0900d350824b3b708e05effcb7d88648e7dfbb91d63ef9f85578c_cppui_modular381, - 0x0fb04351458afb1787e529964a827bb46e1f6c1d60c1b66f8c390fa9d58f3e98d40243cc22853a15ce9f3db9cbb3651c_cppui_modular381), - fq2_value_type( - 0x070b66af497d4c4376890e7b2a69e6154b12e65c66125c15f490d063b4bda91ccec5bffe0dfe027c939746cd9ca9c975_cppui_modular381, - 0x15707d235af8fdc27d04a8ac856ae69fa276dc7b2ffdfd20980099c49dd6c2b7de86b06f9615b064f3328424097cedc6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x19829f73caf54fac2272aa68373f60cd3cae166c6e0bcc973734920d4e87a6511c260da7c818b5a3a544fb9c9d73b155_cppui_modular381, - 0x0b8de7c8c93a92fdc765cdcb691d3688c0a768c1cdac94bdbcf453dbcb8f4eb0d5cc71ee6c7e49863e9c636e456f3b03_cppui_modular381), - fq2_value_type( - 0x17f87e06f83e536c18fba9783efbd2201a70deb47cbcd1224038634640f9312e9023c06a528632e223b16059a630e9c3_cppui_modular381, - 0x151f83a2ecae887ae25ca2436cd969f9fcd04f8813f97b2bb20d92c77acf0d777c3c63a9a333edf82e62dc15392feaa5_cppui_modular381), - fq2_value_type( - 0x0419cf89fa02405417cc2a60171f3989e2487b306344311975852323119a3ee374778931824ea19c4b80ef9485e2ca1e_cppui_modular381, - 0x13bd49d44ba8fec4a3cca254d8346e82488580604695eed8d7241e2f2fd3774ee7c834e4594ee2b3adfde3d32ca9a63b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0202df25cb6dc8a839e253e4246d2429876d450d4eb35f3b245eecd169a3d94f1f0bfdd66a406ebdf98510704fdce154_cppui_modular381, - 0x05e140dcab111c0e22cb637f0bce05e23f326b89a725d8c45166d6490c9b66f922ee37df96d5205e7d03ad55e1a5d30b_cppui_modular381), - fq2_value_type( - 0x104eee248fa5bd0be12d72117ee7c532fa928b3cc7395e037aa8c820b6c000b3f87730e57f112d218daa69e102247a9c_cppui_modular381, - 0x0a1caa6b30195ec2042dbdcba293d8ca67e4e9410527b74ec48521a36389f5e2b199ed74baeda1c251e1217420fb9a0d_cppui_modular381), - fq2_value_type( - 0x1295d4059a7db2cedf575fb5bdc3af888e58924f80610864623049f7dcc6acc4f650a088318bef43e943652baaad093e_cppui_modular381, - 0x0bd6c542d12a367acf2dd1b2686d97be7753ac8287bf037c6b125b637d82fcfd39e59a6d5fa3fbe5b73684aa15aa20a6_cppui_modular381)))); - std::pair tmipp_vkey_opening = std::make_pair( - G2_value_type( - fq2_value_type( - 0x0bf836c22b7a8d26cbaba707395a794d239dfb9cfa97e7a7ecdfc5274cc9098aa2dfdbc399de7eb791f64ee409719b01_cppui_modular381, - 0x12752efdd994c43a66c1268fbb39a7b6c3dad8fb851c2014d5da7e498317fd9fd607328f39d656d0e227c94fde609d22_cppui_modular381), - fq2_value_type( - 0x14ae39024c52755274550db97e7891c8e6a736ade285654c0d73af80aaceae7ad4b5e638d00d5f505a70ba609fef3ca4_cppui_modular381, - 0x05d677d834e065a0556c071bf9dacfe212f0651a346b8c81845a4a1b0e4a6ea857eca87ff1377a80659f036b3660045b_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12fdd9d8ccd97710e32d8a6c9044f9f00d1a85526d95eeaf16c7c3537e6a7443c89443f4251993ad7069dadf6f61c9b3_cppui_modular381, - 0x11f8bbb43685da92a45707f68db5e3531cf7625ee42bf04532c06650f4545fd52a83c5f90fd20c49bb31530ce8475a82_cppui_modular381), - fq2_value_type( - 0x0ed17b243806f7d9cdad57356cb2778d82d63a33f49f7d4cb97a6586a7a1a238aee473c0ff4d608caff2f9cd768b1f9d_cppui_modular381, - 0x0fd093a68d37a2b05629d3ab18aacc6a6092ae55b2076ee95d483a9bd596eb1d2e22931662b26b7a7e938eeaba4da9eb_cppui_modular381), - fq2_value_type::one())); - std::pair tmipp_wkey_opening = std::make_pair( - G1_value_type( - 0x1412c46b8d2e943efd0fc938578ff78ed81be9e8eace8ec41180c4e1a2f3ade006fc0f842601bc5af69e87b48a4aabb6_cppui_modular381, - 0x0f5c2ae2fda9d7875a2dfa6947a610e46989520e078ccf6b5141910a6e3d57e2043a9d65af32b89296f40b4af35a8163_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0e9f58f6b33e7cf12381016627c215f9f70623ccc4d48a434ec6f4328baa6d4aa51515063a4648386a6cac6fe97bdc85_cppui_modular381, - 0x1438310d775365786376197fe53805816b5d7dcb7a92138f0384d392ad11f2453d002d2332062370ebd8f48c3c117ac6_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(ip_ab, agg_proof.ip_ab); - BOOST_CHECK_EQUAL(agg_c, agg_proof.agg_c); - BOOST_CHECK(com_ab == agg_proof.com_ab); - BOOST_CHECK(com_c == agg_proof.com_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.nproofs, gp_n); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_ab == gp_comms_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_c == gp_comms_c); - BOOST_CHECK(agg_proof.tmipp.gipa.z_ab == gp_z_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.z_c == gp_z_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_a, gp_final_a); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_b, gp_final_b); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_c, gp_final_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_vkey, gp_final_vkey); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_wkey, gp_final_wkey); - BOOST_CHECK(agg_proof.tmipp.vkey_opening == tmipp_vkey_opening); - BOOST_CHECK(agg_proof.tmipp.wkey_opening == tmipp_wkey_opening); - - // BOOST_CHECK(verify_aggregate_proof(vk, pvk, statements, agg_proof, tr_include.begin(), - // tr_include.end())); - bool verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(verify_res); - - // Invalid transcript inclusion - std::vector wrong_tr_include = {4, 5, 6}; - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof, wrong_tr_include.begin(), - // wrong_tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof, wrong_tr_include.begin(), wrong_tr_include.end()); - BOOST_CHECK(!verify_res); - - // 3. aggregate invalid proof content (random A, B, and C) - proofs[0].g_A = random_element(); - r1cs_gg_ppzksnark_aggregate_proof agg_proof_rand_a = - aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof_rand_a, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof_rand_a, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - proofs[0].g_A = proof0.g_A; - - proofs[0].g_B = random_element(); - r1cs_gg_ppzksnark_aggregate_proof agg_proof_rand_b = - aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof_rand_b, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof_rand_b, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - proofs[0].g_B = proof0.g_B; - - proofs[0].g_C = random_element(); - r1cs_gg_ppzksnark_aggregate_proof agg_proof_rand_c = - aggregate_proofs(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof_rand_c, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof_rand_c, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - proofs[0].g_C = proof0.g_C; - - // 4. verify with invalid aggregate proof - // first invalid commitment - agg_proof.agg_c = random_element(); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - agg_proof.agg_c = agg_c; - - // 5. invalid gipa element - agg_proof.tmipp.gipa.final_a = random_element(); - // BOOST_CHECK(!verify_aggregate_proof(vk, pvk, statements, agg_proof, tr_include.begin(), - // tr_include.end())); - verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(!verify_res); - agg_proof.tmipp.gipa.final_a = gp_final_a; -} - -BOOST_AUTO_TEST_CASE(bls381_verification_mimc) { - constexpr std::size_t n = 8; - constexpr scalar_field_value_type alpha = - 0x70cf8b38ee6c80d852532b676a1a9a6bcb5c730acf8d374603aa7a3f7582a318_cppui_modular255; - constexpr scalar_field_value_type beta = - 0x252c17e40f6978eddcfcf95e3134923554ff29176eba269cfa22d647230b12a8_cppui_modular255; - - // setup_fake_srs - r1cs_gg_ppzksnark_aggregate_srs srs(n, alpha, beta); - auto [pk, vk] = srs.specialize(n); - - r1cs_gg_ppzksnark_proof proof0( - G1_value_type( - 0x1399f72bba486cd041f2ba7355b8b989c2d3a0f88ce2585e00e70e556da1a25f07215556ff951d8ccfda5b12f3ac90cf_cppui_modular381, - 0x0a75ffef452c78ff85c7eac1e7341a9c76c251b856fa14ee2eff9d078c70f064b3d06c0b8b6e00bc41f2333a1307164f_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0668d14a879e05415e963933971291f7d463bded5b0c7f569ac21d1c18047206107e41485f7633c2fb6b50155675ecdc_cppui_modular381, - 0x0d4caa0f825d207f175bdf853165324ced69244027f3f25d99791aee0fb605941d1e691b304fdff532d5a1cbbdefaba8_cppui_modular381), - fq2_value_type( - 0x08f758fb9760a5121ee6899e9253c0bbc344fc52c6e1a4f53a621100b5beaf53a860c07d347fadef5e715008b87560b3_cppui_modular381, - 0x093b43b47f9a581a05fe203d8039a85c91d01dfc110aef48127c6c97ec537dcdc4c8d020b6e5e1f7feaa6ac25df8b149_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x09f277c9c245679f4917f03f032d107745136a36553c6664dfaafb33b8010667cec0fab82d816ff62fdc93264431498b_cppui_modular381, - 0x15f870848e4534ecbd74702e6d79e8b61b68395b6d5f72721b0cf4c9c296f20f72a80f40e8069af926e87ae67341f47b_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement0( - 0x676d98b785b2289a12720011f76b9891eddc6e3d77c8eb2fe97b5f5511208065_cppui_modular255); - r1cs_gg_ppzksnark_proof proof1( - G1_value_type( - 0x02ef1ec1a2d0c37897dabe8b13d2fa2fcfa9c915097eb91745d6d4e54be221dd367b24d11c522ae2a16fe1a92bbba3f9_cppui_modular381, - 0x0c74829f28e9adf5b4313c02734ee878d2ef7fe0458b0aa7baff576dd204d3d20c3db4eace869bb2445d7c3694581d8b_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x0a0cb52de299b7fda5bea1266d9278a1a3c66666cdd121d62bdbc48a45322d79eddd3af032282b49d7f38c41d5ba0afe_cppui_modular381, - 0x08e675240eaa1ca4d8bc73ab280c9263196bdc9785136422b07c69b38fd594a12a2ca922db16c0fa5bbb9dd7409f4ea4_cppui_modular381), - fq2_value_type( - 0x105990daac7ce1b7094e5ed6a9ec8a76f76a73823ab272e1274d7c2be5cbe353401b71fd12205db66862b6f80e27ccde_cppui_modular381, - 0x17704237a1535078a657e1f9e950c773615c105a52c071ab290299da5d267ea9cdcdb441bc2bb5f5a8b3c610217c8e2b_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x08d2e6e5680aaabe762712d2beb827c0a459d9d000ca6c386842389a9aa9b36e7d438cf9dca4b5f5935798797c851db6_cppui_modular381, - 0x179452ac9b2dbe5b4fdc942678f5b529d1270872fef5232bce94ca2c4f5b04cef4c9b1deb1870e4433ef73c333824a1f_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement1( - 0x1adf834e2bb0455f07b7293cd301a59ee0489e8ea89ab2b268ca62905b60910a_cppui_modular255); - r1cs_gg_ppzksnark_proof proof2( - G1_value_type( - 0x0329ae094857dfec93a6bc51e28b606f1d935e22dbf2284d280200e5c00025c13778a153729225b36e95301a26ba36b6_cppui_modular381, - 0x17c3bb71db38454d4453ec60560a265af5cc516deefbb2525268ae9170a843786ab7bdd64e47a530c0af1ad455374bce_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x12f18e127906c95a9820038a6282f01ad57865e031fb520cd9dc4b3c426a5c256491b16cf6d6f638589ff29e6255f104_cppui_modular381, - 0x0601b0633b944f6788db5231c8d51ecc9b6480eff808befcdb9346c80837592d3e9de1fe025e5cf6badf83c752070485_cppui_modular381), - fq2_value_type( - 0x1150fbbe8eb6d0c662263c3f8853d1a65b73276937f90f214c9130859cf8c451c031b703935a41a2eb655693fb36bf56_cppui_modular381, - 0x01d8458efe86f4cde17645930a66e22145b5a1cefc3b323ed251a52e963ad4e7222757462b9621af0ef52915dcbb169e_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x04c9e7133e46f37ad3b4200cdc1606abbf130db8e168af114bfa12b4cd7abd4de9bc50f7a28d242662ec47b16022ce66_cppui_modular381, - 0x0449b00806db1d5eaddcdaaefe794c0ee5f2aaa7c01d1f7df1fd9b7971cdb76ec755c227f87bc5935fccd6a4716058ac_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement2( - 0x3f2738f0b087b2967e479483e052b614671802a0ad3ddf6a04fb86e32a125c77_cppui_modular255); - r1cs_gg_ppzksnark_proof proof3( - G1_value_type( - 0x0e54089a438030c10200850c8f900f2cc631270044d4bb607f59bf84564d6be3bf315e7b6c253de1060adad71b5d42e3_cppui_modular381, - 0x0844609d89967590354634de4b93e3a1f187c9a8919859278009ba506cb48346926bd072fc30241a0fc771d707bdf99f_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x022c9f24480c22d736c37c973fe696be08c533f598c4401b82288bfe62cafd920deb3b8536e4c0cd00933163a1830b68_cppui_modular381, - 0x0c0a72697a5820fc5388f3a92871d2881431e0978c90f5bbb2f6a313cd063b25850178e159271229f2e963f9233a30b4_cppui_modular381), - fq2_value_type( - 0x1377a842ab4bb30d8299315bb763cb617af6904526c1a6a90a6b3b443a2ffc57883f83a006328599070ba30ad9c68194_cppui_modular381, - 0x0c92ab2f18bdcc2178d9fd56ba783bd942f7311ca1d1634db2b645b2ff8a2d1ab733558b6f4836dce626d7f2b8517ec3_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x0213ef2fdde74b15b2b066829a331cab1d8a7e6d7efa0094be4ef7f2f5658209b09627ff3ddbddd96b69d992853cf889_cppui_modular381, - 0x040dc8edacc46608f9587f9c9b658f1b2c2627f570c538f428423c731aa10ef8e828531f4bda6b0734ad35a2a9d7d51f_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement3( - 0x69be6aab659e93cbd70e94cb23ff4be9d42cfbcdf9c955145a2d2f20c8a9b031_cppui_modular255); - r1cs_gg_ppzksnark_proof proof4( - G1_value_type( - 0x0d6eece4630b049c30c50ccdc9750f11c9cd15aca43554700045ebc81b03cdaf8a7daed7a9c5870189c4c593fa109f05_cppui_modular381, - 0x0b085d537ad0cca263d560dce8d041bde490c95d2ff29cbf9fcd7c376ca3ab554d219ca9633f0b5e056aa35ef6e887ae_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x181c65c65ad8c0b504942f5740a7c175e0142226b7d441cc8cac836b4b6f713056cef60dca010d4d5e775fdd8bd339fa_cppui_modular381, - 0x1515267c97507db065a264c0d5a1b4f22b2d87502ecda11771fc097ab2665406ccdd0feb7ba57e53c4c3e8415d6bc6d3_cppui_modular381), - fq2_value_type( - 0x0fd7ffd768080edbc6830400f159e681c596a619746795ba5a9ad03b6dfd18047d3d1738784405c3c05e4bd9c5150790_cppui_modular381, - 0x17191a92cbe9c9acc873872162ab60ce5d01dab26280a96bec0cc04c628c47ed56d643906428de68fd5696b8bf39078d_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x128ef42d1399ba429d4c79606321b98bfbeb984342221fe8b231bdc3a6a47673bcddb5205f5cc7a501034931a3ed08e3_cppui_modular381, - 0x0d515563f0840600c7b863b16536a3901084ea4714ca4fee4c906079c5c8d6acb28c1617d762a20e155f3cd9b9ac75ea_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement4( - 0x668f0a74247e78898b4b160ad3d63d8a209ab4bd151ebd93d04178c803e8bbfb_cppui_modular255); - r1cs_gg_ppzksnark_proof proof5( - G1_value_type( - 0x0f464d0971c96b7f52196d111a389350682c5758f941e0425c041fbac3593121ffb0c5e20249c790edfafe160f7d7106_cppui_modular381, - 0x1980374d3f569b32cb8b001b8ba9eec741e4835336e145263cc84ee14239f2fa38c9bf4f1c0c16638276518f5b8bb901_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x196a554c6af4aae8c58e871e453f9134ab8755a1dbdf10ee88ff0e7b678b8c0c696f5d2a7c9d0bbdf6bc44c9f039d552_cppui_modular381, - 0x115ca6da99922e86fe7d58317ba8e106dc23b1b970eee21f11a07fd2962fccb69c4a26fcaf8e17f04030e2c2c10df817_cppui_modular381), - fq2_value_type( - 0x002c3d0ee2f62aa0c44eb32c913472e6c1e86b372337f21ecb1e44d00b99a2b6f2de78df7c2ba6a4fb5c36f0e03d7cc1_cppui_modular381, - 0x0d4115c34a549c05223076219c2d030756511433c8e428ef26446847e427dd3c78706375df5df02378b9e212a69fc584_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x04a89866a20de75b2a326f4c4a5b283cbfc431a51eb4bf2a9230ae66edd772179dd4e0c74b4ec59f0017ad5f21fbfaef_cppui_modular381, - 0x056c29dee82c9cec67fce45e4eba0484e4ce47722d7ddf4f62e827f580770777999926017fb5fa2481c04f7aaa787d20_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement5( - 0x3f2202b2e3a6f87cc7bd57565b30b78f08dc1ad79e1cc6a9f372dc7639bc1aaf_cppui_modular255); - r1cs_gg_ppzksnark_proof proof6( - G1_value_type( - 0x170695ec2cd19303a822fb5480f19e82721af04b18d38bb9a8c71f816c47c7bedc6c2866b9581437a93e14f289573699_cppui_modular381, - 0x07dd012681a3ad0cc0859a73a3be4bddcf5bbf6b504d058fb0e3ba7fc0e9536ebab103cb5d7d2287e62604feef4afb96_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x16b5a5d6209f8fcbd6df06790f3f6c2f34322a4c7f52a5e3c2a1ffc9f0f1782278a63794571b3169181d8412457dc3bf_cppui_modular381, - 0x0ab1b302be43dbaa4a136eea7c8c484d4b144880ced9e474cdc7ee77c493761653c280612a7b4da8fc6cf03dc5c07a1f_cppui_modular381), - fq2_value_type( - 0x0e7f082279be6fb5447314329fae7e72986b263cf47b292c141ca662a0302481f14905648ab45679d9fe93a8d5fff627_cppui_modular381, - 0x046d0d3a1f489f32e8bf8f7cbb90a99ab17cdfb1b06194c9a60d2aa78bde45e26911b54451741aae28eec06ad96ba5ba_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x118ed7dab64142f556effee3cbc5e4b7a71c28a98caa84767909bb7e367dff5c4ed49cd1c463aeac9058724e52132d9e_cppui_modular381, - 0x103cff37739ac1fb7b244ab5055ca49af28360127d33245e8f986417761b33afbe44a9ebd453092e364d87339c5cd0c2_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement6( - 0x10103523c670a127c25e5d5ff5d3eacf87cc5a5671a7833901b2a1fcf678df65_cppui_modular255); - r1cs_gg_ppzksnark_proof proof7( - G1_value_type( - 0x19d92ff555f7086784eeccd0c272a0baa68643a24a0df76621b84fb7c54501fa2397b02e91349837a2ea4edda2552ee8_cppui_modular381, - 0x14f218d14352a62d689cdf649feccfab09893969105dd073cab767ed9a2e18deb47a7f7fd02d8d7f9de33615fb62543f_cppui_modular381, - fq_value_type::one()), - G2_value_type( - fq2_value_type( - 0x110bf3f7b38d9777d3e66add2abc886823ce7fd89131fa1fe02c2c78aa12db5a4bd0d6f38d4122a68d2bcd3d9d64247f_cppui_modular381, - 0x0b0344d55966166e208754977ac8770a2e5b41e4a32dc73ca9171c5a0cba8cdddacce5627661539804409a6babbff97a_cppui_modular381), - fq2_value_type( - 0x16d3135e5907b37b87aa965128413ba872bbb2150b463a8f502693a95c6dce0031aa73479bccbfaabed12945656d50e4_cppui_modular381, - 0x0fc6d03d2b43fffab73cb912fc16274d8cf57d6474f3458f09fc8d6fc8bea4bd552c6aafed6b87c120407188da3dcbf9_cppui_modular381), - fq2_value_type::one()), - G1_value_type( - 0x18a8945437db0c8a921e9cf68d32c325ccc401105bb00b4e0982b3f4706417b911a1d6db4aa92eabc4422e61ae08a638_cppui_modular381, - 0x198b25f849acdb8344d14e206457b051c90bf9b03b71e4523950a31b9b7a026f035c3fa4a4797e8d5ca5ba511492c2be_cppui_modular381, - fq_value_type::one())); - constexpr scalar_field_value_type statement7( - 0x4e2f20ac210798cc3c691edbdca3cd7ba6fc4fc706a49ecf26aa326517e35634_cppui_modular255); - std::vector> proofs { - proof0, proof1, proof2, proof3, proof4, proof5, proof6, proof7, - }; - std::vector> statements { - {statement0}, {statement1}, {statement2}, {statement3}, {statement4}, {statement5}, {statement6}, {statement7}, - }; - std::vector tr_include {1, 2, 3}; - - fq12_value_type vk_alpha_g1_beta_g2 = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x185e44039dfb814a94541ffc8d1d34c8cbc3c4aff9694d7a433aa811afe2ff0b6bbd5d486791706c73d34f7891c7b7b1_cppui_modular381, - 0x0dc20dafd483fc2d0c4400819f63dc880c7987c59d45e30343ab523e1298352d0477ca225e44d39d3839489287944e3b_cppui_modular381), - fq2_value_type( - 0x0ceed0815b9184e3eddfc01ad9049088a6bc7ed11240eddc9f5c9904aa895bf41dc652d6140a8afae2727012801f5322_cppui_modular381, - 0x0ec1abeec3a7dfc704d6b18f402f95fee082e6f79a493cadf5bba38713b23dba7f66e5cdcf35e277622304003273bd04_cppui_modular381), - fq2_value_type( - 0x02433b5eda2f4ceea8ff8b1d57dcbff43a7a7d569e57283bf6413c4db1c4b810305d24e304a294ac3f27d096fcc0c84b_cppui_modular381, - 0x06fda28b12cd3c65b51d10162b32317047f28228f96ed0c46b76a22120974b88b1508915e0fc27572185c7e8d9caa6f0_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0c41e2862295b03b61a7c1181843698347f2c9e2b0de45442b7262f02886f954bd4d442f5cb37ec87c5a1716522d3442_cppui_modular381, - 0x056fe72dfc01d18d31b19349cb5718120ddd96a82fbefc1d4ed986372d4dcbbfab113fce0a097f44df81addf083f9b92_cppui_modular381), - fq2_value_type( - 0x0f2bab80d7b0eb6d20a4c894e20974b412bfdfbc9b6f0a2dc140310374fef821d6f9ea8e675760f16adb86bf2b983645_cppui_modular381, - 0x0f174bb36f12cce1f13195cb47f7dd9f49d82f07f78d8f022c2091b01e818cea2bdb3c23b0dcb16d4b8631d9149a60cd_cppui_modular381), - fq2_value_type( - 0x11d09591eebb8787e4a74fd31863ed716cf2ee57e3d7b82a5b7bffabffa78830b0f2e0137fe6b2db1c745b811f1cf7a2_cppui_modular381, - 0x006fae93c5e4b31f21082e3bc097c316b216810f6ccde888075654753304578b6c721318bf21da6d73bd8d257cebc5f4_cppui_modular381))); - G2_value_type vk_gamma_g2 = G2_value_type( - fq2_value_type( - 0x0d545a55b2391f0f4e8b5ff92df2190b32c6f8e3c99aefd96204e2e3e245c23fab958a0a53d71cd6b6ecdb93c1e21174_cppui_modular381, - 0x0084f673066de86c62f4475e32eeca0f359e8e177b2e67f216a26318cfdd0bcd14dda9124f2ff372effc94c0a319c8bb_cppui_modular381), - fq2_value_type( - 0x04da577f4c3e1a1719730427ba645211ba3645a05e1ba3fbf27baf6d88e582234e04c22657ff48b4947bc68557258249_cppui_modular381, - 0x0074a994e0677c68e0df1e75ef45caf6af2994795608be411e7a09f8398cfc32f0078a531e04379c0654e1dcab4ba55c_cppui_modular381), - fq2_value_type::one()); - G2_value_type vk_delta_g2 = G2_value_type( - fq2_value_type( - 0x0ab77c38fa7cfbae21eaf2c682b337ff7ec5262a48974748e322ee4bd80c5a0df3a3966a4626881625db1d1a49fbc222_cppui_modular381, - 0x13c483b705659cf7fae52464298ec0c34f0f875cd4ae30d3c6d493a5d397b4e1a5b14cace259d4a809afd3064a930175_cppui_modular381), - fq2_value_type( - 0x16a71a9e52003641067339931c2b3a687d418e15d1cdc9fed776863d764fccf7b25b7dc284be6d376bc5811ee185ba8c_cppui_modular381, - 0x18cf536fcc888c50a2f3dd9433b960971d8ac3c2e014db7b202edffdb0aa25d4399f97944ad6880fac3eedb3fca1dc46_cppui_modular381), - fq2_value_type::one()); - G1_value_type vk_alpha_g1 = G1_value_type( - 0x055b3e622b91e71857f1d93940d54c5ab3cdf5f766fd478dad7894a003a78f1638d9552c494808d3263961052ef031ee_cppui_modular381, - 0x0f4e76ff6aa08eac42a244a7af07758858fbbd6f78d26df16440b6492e54a07cc0034767ec91ee0159cddf2aec3a0ab7_cppui_modular381, - fq_value_type::one()); - G2_value_type vk_beta_g2 = G2_value_type( - fq2_value_type( - 0x04d8589ff38165e0e0171b53869216805a30dedc3cd04642df29240bc98a51ff3d4db7e902ccfc7fc186113e68b553d7_cppui_modular381, - 0x17e9145008e5cf84f69519a84181d7e41519d241f12c553bb4a2cc7e74634f22041387926a88c5aa73f643b85314db24_cppui_modular381), - fq2_value_type( - 0x152dd5fa53c95960dfe8a7b8214668d577c832ea7eff9f4344eef321770aabb74e2b4f33a7b11c146a4d1109184c594c_cppui_modular381, - 0x0e48183088c9f0bedc1a8fd899fc8fc9a000fa42bf68c0c0d2edaea7c2d5b05d9f54be402deb2f989f499cdefc258add_cppui_modular381), - fq2_value_type::one()); - std::vector vk_ic = { - G1_value_type( - 0x072d9bf38d16790fe06dd960d90ae1e33095eb56e77703ae87324de7cc0691fbb0cf4029da532bb0202e64046efbe8aa_cppui_modular381, - 0x19314e160e79ae8c86f55e826183ec1b1b8530e72e62df12dab45cc82bcaa49c30a7483459a29b522b1c8238dc2e7f11_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x06aab200db211c7c93d63929be9170d4b063f76f689d975d7d33cb8132f7b7fd90c9f8e7542658a2483c4fff6dfbf074_cppui_modular381, - 0x0e41380a7c46a9245def32d330144cd99d8516ee38fb021555843f1e0fa2b4e3a4f9b12ad1af0f4727d23b108c72ccbc_cppui_modular381, - fq_value_type::one()), - }; - container::accumulation_vector vk_acc_ic(std::forward(vk_ic[0]), - std::vector(vk_ic.begin() + 1, vk_ic.end())); - r1cs_gg_ppzksnark_aggregate_verification_key pvk(vk_alpha_g1, vk_beta_g2, vk_gamma_g2, vk_delta_g2, - vk_acc_ic); - - auto agg_proof = - prove>(pk, tr_include.begin(), tr_include.end(), proofs.begin(), proofs.end()); - - fq12_value_type ip_ab = fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0b651d531af67c48741c2896e21acb272c89d2cb0288a84a82c569a80b17317db12b3bcdbc20504bf18110f1a1f65cea_cppui_modular381, - 0x0318fca5b0e3cda6844c3bff03e2dc641cc8243b6ea5961689de891b2f4ac4fe461ac31bb9ad743cd7763f99a2516a12_cppui_modular381), - fq2_value_type( - 0x1079cb3f7b20a45f1a9efc0185b80c89e931bd60a34fc01ac40c34c0c59488deb5f07d9e2db09f96a436543c3c642835_cppui_modular381, - 0x0d1ac7b85bf328ee7d74c6ae7d44f714f9754d3f2fc0a4dbb759ec40a05ef2e41cadb93949d8303b32d291c6d6ebe517_cppui_modular381), - fq2_value_type( - 0x0a280ff5b37af55776eb9870ed1fddff8c1707dbf4d424097a9569d5ae1b439c36cc1b3b609177d7068eeef0e58bafdb_cppui_modular381, - 0x14b95a9296cffbc9b123bf554b3c82720b10f8b572f1e8fb85c7bca9a6b81652c94623f6a20a57d80b057446f999f5ac_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x047e72bee4172c3531c10746fd6ad73fe047d8f4aaa7c9e050e7c15f0bb2a70ef3a3c39e73cac32d433e4a7e87b7481d_cppui_modular381, - 0x16751d310b7f8bd98200210627da1f6b74b1c9e5e2d3c733f0ac34ebf2760b23b9aefef3ce745a9c52168a8f35593bdc_cppui_modular381), - fq2_value_type( - 0x11bf60e0012119678199196ce43fbd538c69e34c31b48efef70653ca7b8fcb4bd6b3dbdedb53d365c25117a19d777ae2_cppui_modular381, - 0x148b01af1c9d3da2a8811c0d1d428a2bd48c083d33383c89bcebd5e3990eca6b7b1a3c80880ecb49aed4acd1d2b2acf6_cppui_modular381), - fq2_value_type( - 0x1207d04dcbe7dfce8588b618f9fe26f6b5b82be8ac4e08438aff014dea82b5ada7905e2f44bae34814ac1b124804ab53_cppui_modular381, - 0x188cc860b35dea3244e17f0c5184ff3f07644690a02b5d31ea0952e8f4f63d7fc7789179ba834d42ec26432774fbdc1f_cppui_modular381))); - G1_value_type agg_c = G1_value_type( - 0x0034802068b3d1e4182f9b4a9aba124693d02599cdcb98a556f5835f6f81ce6071743f64e4054dca9beca6a98e93d11b_cppui_modular381, - 0x0c3b7c4e47a76f90ad22c5000ef930de2b6be5aed847ecca569b7d3bd35bfef71fd0f3c71a3c3857c8d0392d6a2925d6_cppui_modular381, - fq_value_type::one()); - std::size_t gp_n = 8; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_ab = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x09f2702ff7132e35f7a3296e588df0ec39b73c5829eed980d85f95e4d51b3d0fe85c35536480dade0221125a6565ab55_cppui_modular381, - 0x0a050f0003117e9ef0dc8376acb77ce86977ae230280b436572e10a69a98a2cd1c32800d1a8498050ae3f778e0bfab64_cppui_modular381), - fq2_value_type( - 0x17ce94c42add05c664b047fd439b11390141ce7430b63c5bee1b79abc7d27db59bcaa5a4535e9049bc6a030d1b7dda12_cppui_modular381, - 0x09f567e7b46df9b25591c094d2830c8f15b075f228fa1faa9aa28b491db07bc7ac69816b97cfefd04a051488ece097dd_cppui_modular381), - fq2_value_type( - 0x1336be0fdce42ccdcd2444230a88ba94a66635559daf70556c93ec882039f88e2e20d7e73521239158d9c78fa08fa416_cppui_modular381, - 0x1761083f82e8a2907bfd3f8e82da2261acc67dd37d362feeca3bbae447278aea27363435dcf784b2a58101b57a50ae13_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x19b34f8f58b84b9b7394f55733a66da5dddafe349b95d312ec32620ed50186931c7b6e7fc5b003f749a25fca398f6ff3_cppui_modular381, - 0x1412acdfbd1e92fc733e0480e7bb183dbff2c297f9b36490a8b8b0de8dad11d3b1854d781b3346ae4fa73322006fabf7_cppui_modular381), - fq2_value_type( - 0x0e015c981d00bd544355d4ee3d334197490b9b4a873c1a6d0004d952b72d0d836ceb98d6ef9415a97d058b9bd1809730_cppui_modular381, - 0x14ceb06402a567ce053d9d0c0750834e66b98e317cc2bea0365e66fcb570c38d27c01ac6a7765133f17dfbb5662cd122_cppui_modular381), - fq2_value_type( - 0x12850c62b6f1638e875b72b118de58f2736e544b26c0c459e3c4b117c87b9693341fb09ca633b0b11640ade0c77a41d5_cppui_modular381, - 0x09a579897bbc64a08263c3b9c82386fb9a4afb448939cb83af6fe9be08710ec49c9da76b2c6f711ebd18057ba9709bc6_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0516e3067ba3a7f52c0b8ddb9e1783b2fcd4cfa8448aa19172712c620c3bf8e26c98e4b5acb2c7578be5029f466d398d_cppui_modular381, - 0x0ef193e0ce6f10ddc68f7e4fb353ec8fd07b9c382476adb5a755103d70e6816736757f87f09c6ada6ccc619c7d54e037_cppui_modular381), - fq2_value_type( - 0x1819fc602d2dd10c6f53fa3d36d78d081536af8c03b6525362a976c2a8428df4485fd0e48e6254fea53254777c99bd78_cppui_modular381, - 0x04708d36596ca470528eda9690f9f5aa4066bd0ac78b0cf6497bad94464265e03ea3ca31fce40572ba4fa061f25b48f2_cppui_modular381), - fq2_value_type( - 0x06e8c05ffa4b88e4f7f606120eb599a69a1eddab266e9ad79768845cef345f802bee5376565c213e03cb6b27c88caa3b_cppui_modular381, - 0x168709d507ba32a7da79bcf77b1633b71a4ac96a868cf8e9883e5025097349e20226b1aa07857a8e17b6e9d7ffc0e78f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x013f5131b3024acf61cbe3c70e09e02da464e7133ba954d56c55f41ce63c2d18b015ce38260ace34068d6223305536db_cppui_modular381, - 0x041bfb73d4d99513c897352931fc567d0a3d5d3899a5c8e68002f23f81f5f3b7f646dc5cbd9064f42ff4b961266bf0d7_cppui_modular381), - fq2_value_type( - 0x002726427bae373e19e3360558e76c18a79165c0efbf3a3a74ac445911141367778bb6139d487767c66a25abc2206452_cppui_modular381, - 0x151ec7ca6cb0995f1baca2fa99831c0032a98a1b715420118e7d822b7018390d104ef515701cd789f7c5f5d07d188e7c_cppui_modular381), - fq2_value_type( - 0x184908e05b1dca17708c70f7c3450d2e9947a8864c7fe0ccf251832dd69b5fd24b26aa1b49de7e5f929268a09454e68f_cppui_modular381, - 0x1925cd66976849caeb84570a3e241b02fd7d4309e626a3579c6318869581fa2c91007193516faaee36cffbe704a926cc_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06e8d25e2e30279b1d8b1261b5abd73461f239ef9676d5a384e2d5c9156dbf5981b8307a1df6b7d764142c3ff2068f9f_cppui_modular381, - 0x14f303e133d7883f6c7af642fc0cd5e790cfee4886dbd39712c2c71f1724c16f369d06d4d754fe40dedccdf1d7f752ef_cppui_modular381), - fq2_value_type( - 0x010d4256b870a29758701ccfa4a8c2603f294a1ee4f5989fb7ecf46891201286c6bfd1fee210a0793f5e91720c109d13_cppui_modular381, - 0x0fcd51c729f0a4c3e9a5a2f4a3db7f2276284c903342c730d8cd6b8df827aeab1405f11586d3aed8b80cf689c6289d27_cppui_modular381), - fq2_value_type( - 0x0600619f7dcf3dc1d20c5af2d280dab8415a84c6d1f7f65bb79d9b6558372b09a5eb642f5d5a63bd096709199f478433_cppui_modular381, - 0x083f873550a317b9852f4f6f67dec62580f517f0449c5df5c970690d27abcac2d24b011c6431f7c3e79c67be15ab8272_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1972d3d171d81fa9879125bc494b02de883d62ceb5e8c9ee9d888c50bbed5d4dfd9914681d608d9e7befe48349371b65_cppui_modular381, - 0x0a276507e76b52a22dbf028dff54a324422c4cb67b8a40890bab9aa8c886f201f490581954f28ec3f94cdb538f0aa2de_cppui_modular381), - fq2_value_type( - 0x00161821db897544a8614f10ce3d9c0e67c646be82a02002385ec552584d6954153c54fef1b0870c9710dbd5e36a7f65_cppui_modular381, - 0x17845d674fe047c3d1dc3f9266f3e34f1716a8d587e735a6a5d53fcbb0fcf2b1d223f84a1bd5dd0716e486a0bffaf932_cppui_modular381), - fq2_value_type( - 0x0f37830dec9122c2d1ab995b033a9407d3787ebb0e040a33c8515c83581c607831d2c0480f5a28e9a76bf6e501bcf19f_cppui_modular381, - 0x0ad7de79ab04b560ddd70bd963022a7c67b72926716de35ec122ccfba03bdae919954e878ca14237587a280dd0520ab1_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0069002eb3bf9510c03f555251b6aaffb6369afbaa26902000719a2e6793ce95c3ee3476eb98e7323f86e187bcbfcda1_cppui_modular381, - 0x0569eedf66ef98b94e8037ea670a1c73dc12c60d83f35a859fe2b390ebdee91a7049de7c6233ee6e1a91296a38f3e60f_cppui_modular381), - fq2_value_type( - 0x18d5c0ee280f2549fe62acc83dbf6a76c17c0c5d144d82fa927fb2492c1d41bc220be3d3854faf1896f77d57638787d9_cppui_modular381, - 0x18c3148323f1a04aaab6dae84362c4aba48dcae376eca2d5089b2df98268f20ef4053fe8a12656b59ffcd930a1353ef3_cppui_modular381), - fq2_value_type( - 0x00698c72d9e34a5f75f525ac738e4efc8f0177792f0a4f2825025a931eeab3d158c78df7fd2613c61bb5216e0d0f0da7_cppui_modular381, - 0x0879d4b791594d7b76e0963b23ed6a1fd157dd0695b88f7dd1fd399bab2dd88cf2683c854d0e90fdb4f3ea98b0990ac2_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x07a8aa469fccf18f374b72718d5f9996bf06e55230eb8604fe4febf0413089439839ed38f7a4b404825741c8208e0ce7_cppui_modular381, - 0x03091f175dfec84468264ef0d252777035aa6027868f3be2706264a6c704048ac4f4522d4aab30743862674b79247754_cppui_modular381), - fq2_value_type( - 0x1020ce13bacc67aed10a3fa70a3579568925d3a3c937cbaacc0bebc6344dd5db432f1297dd7748cefab5450f333e68ca_cppui_modular381, - 0x10f63846a44fe863ada8301a3d8dd7deafeedff12405e40c2de03bed40d2f80717a4482a618c9ea076e73b1ef7e76ba3_cppui_modular381), - fq2_value_type( - 0x0dbbe962242ef2fa7c2f0d1033824bd30fb379bf7e4be16f33fc08494a5715ccf6f8efaef57e60988be9138668f0362a_cppui_modular381, - 0x06ff728fa1dfd8fd6cbdcab2642e65690aba7bde8fc3ee5002a710b67e8eac2104e10427c3c866ac0c7c7c0e5f5de17b_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x1852796660667a51a0c2071cefa9e8f5b9ff8a47ee5762586000e9238fdc825061544e2162192b5751083d06e9466119_cppui_modular381, 0x113256b4fe8528cc9d1a174efd5cbfb77deee2781387d835ce4a9c0dde7b3089b4f8312085e15af08d1658a56439b4d8_cppui_modular381), fq2_value_type(0x0faee8705097846240ff8657cdbeb1f6d8456ccf542ac622806f041593bfd748c383df871db0998f273a79f0cf916ec9_cppui_modular381, 0x0390e476a5de709046c47a19b0abb8a985a0c76b09691ae0d415f60b49f719d6d6c91c863e5b34cf31e753e9da577520_cppui_modular381), fq2_value_type(0x1397212e9af000970eff603feae0fb6e71bc54540eb44332ac6a48c3262cf8643824641e6202edca7bb659df095fe6b3_cppui_modular381, 0x09c69bd15c9a4416318f3e2b0af137aa460e2713d0376def59c6356a96551a25120815dc9d3fab26c7565d7654fa0535_cppui_modular381)), fq6_value_type(fq2_value_type(0x0d30d2735f91528c9f170b00707a977c8c9a5bf9648456508d07018dc7b77d04c669fb801f39acf291122d3a92af1cd6_cppui_modular381, - 0x0a5ab1427d4dee4a8596f5d447d713829baace88b75760123ebc0f13d473f15956b70a197ca7b802158989c98661ab0e_cppui_modular381), - fq2_value_type( - 0x06da230ae1b6d2e765956eab7d821de3365ee69062fd7f9bd466c2b35cc0fa8c08c2b659d54967ce6b83ad04b8ac12e8_cppui_modular381, 0x0e28148bdadf0530691d69b4de49e8cc65bd7667054f502a9fecc110e31a28a8df5698d62763bbdd17138275e3016420_cppui_modular381), - fq2_value_type(0x0e3ac1346e53febe7915b26f6ec376937df4c824017a6e8447c292204ef3207d67f87088cbd171eb2c93a378be6d60b0_cppui_modular381, - 0x16fcd0e7e1cb84a3952716daa8215c4711ac08f86300e2644f5795caf870eee6780b1a373116a5f875fe6c5c9437f450_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x15792583dad78658a7d2daf61966dcd14237bb33aa55f6276e3238b01db154d0a19ff47a7eb51dd0ae9b04e5f0484398_cppui_modular381, 0x155c3e27184b07d4a38c29700c3d3482b5ef9f33d3d55e6c106ca51d5c1c57844cd7711e0ffeaef59130f4538e3d2af1_cppui_modular381), fq2_value_type(0x0bad0d16235713391f1c18c2a6b3660552d96dced221f78fa954f316a6a8b3d53b4c03c58e57d7beacfdbc4b17ca35a5_cppui_modular381, 0x06df3fd4503f18248d47078026f9737fc2e96b3a42d1c93be2bcff3d02c887a5d7b6e39f1fada154dcfd1eddb13b541c_cppui_modular381), fq2_value_type(0x0f061d1fa9bf661ec5ffe7366627c168410dd0fc813a65aaa471576358311dfdfd97fa31657b48944e01c744ba8237d5_cppui_modular381, 0x1059558c21d6bf4eeb0f8802e9c97a0a76d896ecd3a26157fa8e3bf905ab61b6813c5c06c9ff0a5e502f05be022bbcfc_cppui_modular381)), - fq6_value_type(fq2_value_type(0x097c0f8033bfa18c5405f2182a01a48d7295179b4fb805c959e2461e5062678bf20e9f265dc11f818db7df6926df150c_cppui_modular381, - 0x057f7dbe6a76181210ed8e29586d48f821a054494c16401514f806961609ab8aad625d5aa345de7349c3acc9247401ad_cppui_modular381), - fq2_value_type(0x1480578d2a7f85051e867267794e8bd1f313b5c5152b0f5cf81a966c13823909e14f1b2d21e5a4ec78e02cf88751dcff_cppui_modular381, - 0x113d18c38a26c45a60f596e6f4b10f1019f63fe4980bb981edf1d17db3c79829e71a41ed16ff460f9280af70882d8c5f_cppui_modular381), - fq2_value_type( - 0x0b0920ed9fc779b7a76eaeb651a298b8f9fb7c6fe378ec0580da51ebe6183be84676da7e20a2624b2dfdac63c9f7ac1b_cppui_modular381, - 0x09041b8e1b4ca9017d86e11e261a4fccd9768349710add0bff5dc3feba32b79f7d0a8386f31aa466142e94281d0de4d7_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x09bb36cd80eab6f12694c4ca4550d16e2af9ea16289308927931cbb9401bce30d96d107540a60d60caef2632e3b6c6bf_cppui_modular381, 0x02b27984d891074cae019ab2456c9aed2aee2854cf5e6a17449ddf76d94d072035e1cb74bdfd18d6a44ca58d1572d2d3_cppui_modular381), fq2_value_type(0x12df2452cf3aeda37b4bee4d7c94be9c280118bb632602a45f980b2700a95ad11377262c90a5da4270430162b98d4e44_cppui_modular381, 0x0d6db13cdc6418687fb342c1a1cad92a74428af8cba1c5cd9c1c621663960d739b03b71df7cd97cbd21dcb68757ccef8_cppui_modular381), - fq2_value_type( - 0x128b372c0b575c00b519ad78d3a2a8115ab13cad2c218021f97311b1f6e1d0f64b8645c4bb2f7d175c62995e14eec5ec_cppui_modular381, - 0x0d49fa41962f4a792d65db8cf7636d5d41a51f0eb813ab3830ba0b7cdc58d6129a25f473d238a691378137ae2e442d7a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x130629d1992307191405d0da48df876ca0df83cf7bdaee667eea3fb956c80d3f2dd452fbfe85d57423b94b427a31c54b_cppui_modular381, - 0x0cb67292c5b6f1aea4a0dc256b042f8bff495e969d302f564c58dc24cbbd3cb6bd2f90783fbdf6616be351a200a8ac6a_cppui_modular381), - fq2_value_type( - 0x13892607ef6b0ed83e268c24267c5ea4ff95b7034e6c775bab54b06c6c084c2721ff69d7ade9f913ba055bbf335b9338_cppui_modular381, - 0x13a9a57f8215ba95c26003d0615f9d2f9fe6bb16bf46d6a480b650a482867e68039a0c1fc28583a396920443042ce3dd_cppui_modular381), - fq2_value_type( - 0x0df5ef7761d5ba02d5e1abe1187d4e84893b2ef6dc5b4e12c229d36a46332a4001e55c8952ec7b15e76f457b53088a20_cppui_modular381, - 0x029b1ad8a8dae8836e02e038750964d1ad266521f9afac81ab8ab590403dd072186f5cdcb1c23859c632f6eb110c578c_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x18910203dce07177d48648de3fa56bdbd5e2f48c3035233aebbd8d80bf1c962c2db8021ca7283e5dc83e3689cfa99312_cppui_modular381, - 0x15d937215193ccdd295b601da530efd4ac06b5d65a84d25ee6c2ba6a3db27add36029b82c971411b62b22afc63c9a645_cppui_modular381), - fq2_value_type( - 0x0965f919df8abd4ac9e3c1796b3e119bed0eb7b64039908aa83d49d7fdac95dea6fd89fd9f4c84c79854909a1621ff8b_cppui_modular381, - 0x0d49ec3527dd81e171f4451bb7f7cb07f4f1e8b7ab6a706887af082218272cc5b95ebd24346a2f3b3a513348f5ee065b_cppui_modular381), - fq2_value_type( - 0x0eaed4c89dd6fef003183b91b164254e086f629571e24b3997f64f268d20fa182ae7d60cc49312ea781ca3033c61306b_cppui_modular381, - 0x00d28794edcb599b56505eb4b3f3cbc47ca8a6768b4fd53fe80fdac2008203963c47f3871bc3bd246fdd2fbe8c937013_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x198fdf087c2860bb93325066183f661247dd99443161bce488159f45d486e32fe2f9f549fb7ac64e79ac33f1a283d2ef_cppui_modular381, - 0x11dbda70c5d26a97a697a9c6a7c979bad96065375018e719a77f727f995bb442779a34c735b5fe5d0d0c21c5cefdcaaa_cppui_modular381), - fq2_value_type( - 0x109ce59323eede2e20fd03947305763b75eaa83f10d554a351b17eb571dde499a767bc882e17e67f3bf3141416cde13b_cppui_modular381, - 0x15c268b03243dcb9e6500d0bbb43c6a4d9bc5aac5611b1ec351f033a0e1ee506f1f1cba9930cb55f40fef0cc7f842663_cppui_modular381), - fq2_value_type( - 0x18d76caceb0941e1cc6dd2bb359bd9b30fee9ef9235016f9169220eb6f521a7b5acf5607de2c0b9fb45d32c81b5aec55_cppui_modular381, - 0x075e9c4a549562cebc3141f4aaf60362729ba394092374cd6f5bebdfafe8861669b295647e7793afa254fdca10b7dc45_cppui_modular381))))), - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x06f321d906b79b5812154a28ddf0f3de4cd657336038d141ee75acd4ed8b79a1177ad6b1261f8d04efae29e2532c840c_cppui_modular381, - 0x078b72c0c7b4fab7c46756cc75d5737f58e1095cd3bcf3ad68ecb96381476ccced2a9493c1e05cbc0fb084451e9ca6a0_cppui_modular381), - fq2_value_type( - 0x198c195dbd1d992e8466d5f6c88a39dd72a03392f7d85359b00b40d9220344fb0daac4b2c47af41596e2c4263ef2ef69_cppui_modular381, - 0x0614f9469fe4144cf2f29d138a9410673ad84c77d302b61a7311d2f39a4b4508f1302754b7b1e8bb9c90d44d761f499f_cppui_modular381), - fq2_value_type( - 0x059869004a8b1104377250553c76f81a6158153428be4ed5d76fef949f75976b38abc57d61138c83d47a9f02bead4b88_cppui_modular381, - 0x13f81d53a2268483d709c67a87b878fba2cebbdc1a84401f0df6bd426848f43a7a2d1352b7097d700738cf5cbba1169e_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0be20ed9ff538023b7d6d30497424eedd6423fe5a28a4b80cdbe8dc52fa75c6f5499eff849bd23df8df5c985d41da993_cppui_modular381, - 0x14627c1b47ff13759f280516dd24659e1743b857534ddc3024883bd375ce2329c38f01183b98918980b4863878410412_cppui_modular381), - fq2_value_type( - 0x0b0de23ff8b46698081ab21cb08051fbd6b6a7409efdbc3307d314d13b748d9a7d6a6375da56dd3bd6f733acf5bae51d_cppui_modular381, - 0x0bcb619091ff45a58b85a56b2571c624633300ce299f4086f48867f596b91724c02eb6cafaa5b3a15dadd425ecf8ee14_cppui_modular381), - fq2_value_type( - 0x0cbd58a763e04c1ce797f95f2e00ccc4af804abc5720a0b29ce4414b5f754a3f1d2bd5491559cd0cbf23f4879146a60d_cppui_modular381, - 0x10ecb14051b56638ac008a980836dd3d214505226829a1c691b7981f02fd063ac3d18de32fc3b2905cd508124970f215_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x071353e6993d74a98d13c11d0584aba8d18b2d77ce0a848bc6aee2b01b81ae2f1a5852b1abe11cfac04c1912ae48210c_cppui_modular381, - 0x179ad4ef71997ec157c8e7f15111d4b013cad3cd271089ae0581ea1ee50ad0f575a3a85223d309f259721f993e383260_cppui_modular381), - fq2_value_type( - 0x17c056a495eb1b931f2041b3b82138085e00d257ca6d1e0adae62d810bb79a28ba945599cce6d15ec11b37e5118d6252_cppui_modular381, - 0x064fef2cf96b4b3dfa4f55d70a438cfd0a017836225e893560ca34a3d3555932fd6a75398877fb8e9eb27919a00b5aab_cppui_modular381), - fq2_value_type( - 0x158a4dd69a3aec0dd9cf3ae11e65a6cbdbc77bdc05cd7c1da38d773f2cabc85fe11b5ff491089493b02609df81cf40b9_cppui_modular381, - 0x0434d7e43b5457547a4e618322aa80417a88b9835793f8b09ddf12ff3f016be8581ab079502ba694131016f8b7663b44_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13cbcfd7e188529463acb2be9d9660dbf901477e670a3179d62c8c21964a7d8c0ac867f2e5085ebb24713cb373709843_cppui_modular381, - 0x01e1268844f15ae9aaa31cc6de89b0a4d938a0bfd5f21509e28982ee2d93fecb78a468756135f3c16d1c81ed708df139_cppui_modular381), - fq2_value_type( - 0x196655bf7d593f45797d274569647be8a1e383c0d60f02886352b5a130d1d5a1abe3548c5828c9b739cdcc17e04cf8d6_cppui_modular381, - 0x0ab7b2cf01a7de6e9378ca52bd3bf759ec565d65ab7c32531107b4d0f6a04fc125cdaaf1ba1cf1fd095d51993b7e4c24_cppui_modular381), - fq2_value_type( - 0x113da3ff7bcaea6249cd9d7836f1ce0835f6cc60d229eee004add1fc56fcf9aa122a2c0d40542345f04952b0833920ec_cppui_modular381, - 0x0d5eb9ee3e91a373184eb4a1b7e71f19c31ef288e22325cdd524daff9d43631eeee5f7924edb61f073b7246a03c17ddd_cppui_modular381)))), - std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x132d751ab5babc2a8543ae8d6d3f7856f99bf5c2a9175a434baff1c4ad4f8ca7be81fed8f69bed7973fd9043ac17d303_cppui_modular381, - 0x0de339262382ae18568687047056280843e05de48028e4ed4a02d6e16f775c31b1501598619aa4cbc0c794ee81a74fee_cppui_modular381), - fq2_value_type(0x1497c6fec99d952b0440ecc2300f090e1281c28abda0393a698304fb6d934f261059a21c48ffbbb3c817e2587faa0e0c_cppui_modular381, 0x144d933f46645e4b09549ce3d5caf3e09809084f7797b7184755d5d636d2f8f6e9ccd57b086bc3185727f26b38dca95c_cppui_modular381), - fq2_value_type( - 0x05b0ea429dad01c93babb50015a363d1f3d3d9a64e78396266cdda7a88239f9fd4fb48f47dd67b9934380c637bc7eaee_cppui_modular381, - 0x0abc4f2a97ac6db34202fd5f7f7a724bd18068b2255e93db33c7685c20459a4f9b6103948b4e8e4b518f54660d644810_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0071126b1695b57907e02cea8928e6b91549e48744f1402789513527c992fce32c1cb6126b744a9a33063512ac7925e4_cppui_modular381, - 0x125e254e6f28ef225cc4ed5da30662212142d233fc61e531afa399e8b04dd909b3a86156f3baaaeb7eed7bc13fb137af_cppui_modular381), - fq2_value_type( - 0x0395bd0c77c91b133dce209ebe92099891a55578df2f22777f1b08765d08df70e93afc113ed7538dff97998228056e3d_cppui_modular381, - 0x06a7e06d3ac2480bd847400edaf1dd405f8d9cfd1f18df42aa833b51801f9ba127ca1d29340875d148b49b0629ec4fc7_cppui_modular381), - fq2_value_type( - 0x0147fa2938d5fd958715fdb6b1950adac27d03a1c156bee7d514cfc6d940fa9e55bc7222cea029b0fc0e7983c6d3fe27_cppui_modular381, - 0x16c1029926cddc450309f3ed78d45cb3347b86379a3d16b0bd87fb45fd1539584d45e109391dda6232f3c41e9c9b5b1e_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1279edcb98bc45b079509ee80de855b63c6c7e017284a04c96310cb85592956055306737ee49efcae0b3aac9d463d015_cppui_modular381, - 0x0199bdec2e08c95e64ecbd37851ee950aa1cdf851130f355aa7e3fc334a839bee7b3c94d39f4c2a37974dcfa733061af_cppui_modular381), - fq2_value_type( - 0x133d8a2bdb821e20be0170499e79e873c9fb4eb5b482f5e1a3e57d390bac9f5a9d9fd001062be71ce6dee34b6caaa956_cppui_modular381, - 0x190a0b9e3980fe2ea8bf9f1caeff90ccb43b46d77aa23d11b9d615c08a0c851ab20ed854bc89267e20c3a437a5f8fe18_cppui_modular381), - fq2_value_type( - 0x0b72a81cb35bc5f4a53c951f6e0062f4e2265b85debcfb975673545e6a28c3067998482baf5175799b738240eb47e4b1_cppui_modular381, - 0x17c59d1573eb3cbe6704695e57b8e3982b3eddba61ea1e82e6a2cd8b25178a3b0a35f894083fcc36c4fd1d2adadfeba8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0a6cde7faa847091de38ed6c766c4221198aa8cba43a024767c73c06998177f27d2b051c70f0f443bbbb51ad6207507d_cppui_modular381, - 0x0b2f0e721f6dae157eddb0730872966422d423220e2a0919cbce19c49c9ea52e4de5c53e0f582d07898dde508429b43a_cppui_modular381), - fq2_value_type( - 0x0b27390e2a391ddd460c8edea66447ee6050a95e888fd8854a90bc991f0e31cc00db69108a4a0cb3b7fdaa39fb00d3ea_cppui_modular381, - 0x0a2a83c7c83b7d39ed0f1f0a796523c47693dd5dcdaf7da67a5d35aa8d9eae53b896baa19836a86323fcb0e793d0433c_cppui_modular381), - fq2_value_type( - 0x09c9d0a7a7b62ce6f69e447e07f8eef68bd7410f0554edae4598f801c57c243b7d54be4e72da8c6c286c40db7dd7e802_cppui_modular381, - 0x1730de7718555a9cb0fd7ca00505def263c451125e2bdec4937210154a8b6cfae0274eecff840784249a66463e00cfb8_cppui_modular381))))), - }; - std::vector::output_type, typename commitments::kzg_ipp2::output_type>> gp_comms_c = { - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1302304e6e28332a7459d2635d403f5edd6fd7de5f535380c5dddfa71aae09901fe8d2f9378aa14436e1083814f3c2a4_cppui_modular381, - 0x08fc52391dedfe4cd69df6cbfc2b68400c9a07ff2a5a3d004c9857a138b7801ba9b4b8ab7b12f296c01d20de74b4820c_cppui_modular381), - fq2_value_type( - 0x0c920cfc51c5cbd16cb68b772e3c0d56a7e196d5e9a989c51036d71c5e62e99bc02dcb0dadd7f53ccc5ede290e7c7166_cppui_modular381, - 0x0009d2f162880d496b8787adacea02a3feb39467bae4b711e43a5d5726ecd15dab3efaf2f6c428a312249d352d832907_cppui_modular381), - fq2_value_type( - 0x12c5da016c5d010d89cca9f49e44888f09872cf82410704c0e2532df16a531492db7b8457aefd3c1a74a1d413890dfd1_cppui_modular381, - 0x187e547e48e24be03dee399fbc26199ad8e5de6629db5e709807556d814c5640a8c58747c4c5a8f14dd999777efe1fe3_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x040249ceaa66475d73b3d1b28360882c4668b6e217eed809fe6320f5a8ea18ace6f65a28714f681f7fc049aa6f88f9a4_cppui_modular381, - 0x16d5a56f0e7b00fd257b37cc56dad8f632a7c552392ec0fbd6479a7771882e40d593c8f56b99799113f02917880b9402_cppui_modular381), - fq2_value_type( - 0x0b2de7c7cf19b158a28ae3c16ecdf5b25f3a47c1ccc8797d38c216cbdade572571fdf35f0ffeebc94874b754e2d771c2_cppui_modular381, - 0x04674c429d66ffc496a3e8833e5ec22954f8aa5b176696336ccaa2208f207a05182ac7d1cc0cb1434540b132d03fd908_cppui_modular381), - fq2_value_type( - 0x0d4616e0545bdf0b2acd91a61d9461427accc911047449cfb12976639a91899179cf50bf4f87183930a1abacec75f4a3_cppui_modular381, - 0x117f05380040849733892641de565fc1f29ec1d4172b54057299279dfca5cfd2fd61d26ab66ecbeec2e6a6b4ededa211_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x01e38c35eb4f4192d859a6cbe31ca07ec905c2ac9577060c927f9c1908e2b7be245d1507c10dc1a552c9e1350729a7de_cppui_modular381, - 0x081ba9fe7dc8b73c8cf83a6bc8a386b9f9cb1c5811acbb79c20930f67ad5be8e4d1ddb944a39bd21fcd61ded130df478_cppui_modular381), - fq2_value_type( - 0x187aedcb8e01fca3ccb1e637e238ab2c7d0dac2ab2e8748682129285fd0ced301bc12ce324f70c2c938672f4e2281110_cppui_modular381, - 0x140a31bbbe41896ef3d831d0fff390dbc9c333033b63c59f864b6b8b01cbe0916fca3bcbbb109f7d9c5d90a60c3a15f4_cppui_modular381), - fq2_value_type( - 0x080f7afd14d5ac8ec0fc751d636ecc73f8cbcbbb7708938f8cb20153c5f22fa10230880300fe12f7e3e66132131420c1_cppui_modular381, - 0x16e675cf6ab819bebb6777fd940bf2c17608ee7b74871d75b07f303c6a26176a7346a55146aef7e85f6f1757aedc2a9b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x1940fd423f42fdaff353660493dd6be588c37f8834d6b3dd0ea4300d4e039263650645c212fb5cca8ffa70bd8de4fe9e_cppui_modular381, - 0x0441f5ad4bb3e7e9ea51946b3e3b24d28d5c97d7137a656df5ddc674b72b9bf6e606e0cefdf26dca1c4bd1bfae33c199_cppui_modular381), - fq2_value_type( - 0x195943b0c07baeadedd4a0c54e1fc60494c8b15dfd50dc070dc107412e6fbdb41984bac2d56962b6b9d280ab0e3c1232_cppui_modular381, - 0x00aac7504cc57d3135e4e27191a124c7888dbae6e8929e132b5b353809c0620cc59abcd5e440eaf1c09f901b408ea617_cppui_modular381), - fq2_value_type( - 0x005a52ceae5e4c099e51682785a6a25666ac89c42936ab8662fa17006992a8fe102041a37b81b0644897636fbb21ff44_cppui_modular381, - 0x01f16d4db6b8aa06df93bbabe7e3aa5e9c3e9d6409f8b2e1936ad76c126f4fec5c382ea81ba6d7d7ba3af14ce7331a47_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x017760f59824e060848b4a506f3b4fd452b27fab157f356348a0e3fd49e6d2bf0ac64319062b69eac1d58fbddb5367a3_cppui_modular381, - 0x0f8b5cebb4dc67856a6d9ecbb12aadb04e2fe9bf3323b77d9be238c863c15062d9884bd6cd59d0d86526dc788d974fae_cppui_modular381), - fq2_value_type( - 0x17288f95d7c42782b8f8a7bbcdaf8770fedf17ec89b35840ce22079d29d97324b2a8f128380fc22ff7fc8c506f24d832_cppui_modular381, - 0x00376666557e1eee19b5aebb7773bce591c2586ffa67f83bac959393c3a552a55d1713c6e31fcb4a7c146fc2a515059a_cppui_modular381), - fq2_value_type( - 0x090f84fd3b71f35d6ec3da6ddd2b2339b5fa73e62316c4bf1e1d37951b1579376aa138a9645d5ab6e6a7625a3902af11_cppui_modular381, - 0x06f56437ce1d7f76493a57f96cb2b2f0673165a614641fd2b1ba1e221f9c7acc5044e68c989ac36f221d6f0c0688a775_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0324de275bfe28bada7d5397c6b0e88f761f6f96d19deae13c1ca9e74edac8fdafd7e5168b74dac715f0b14e15120786_cppui_modular381, - 0x015050406369c0eb807f6360f29343e0ee8214266923a6557adbb7fdc1d5068ddbf8b33208508d9cd696bab90be90548_cppui_modular381), - fq2_value_type( - 0x17293ce656641eab01401ce64ab3cb38bd9ff0c75dfe534680fabb3299966516c8e250a0e9731e20ddfbadb6afdc29e3_cppui_modular381, - 0x038bbd9542eb0dd2543100aad6eb3fea981f7023ce16a990e0651c7226f9a9733d8e8078c0696187df530a6c545484c4_cppui_modular381), - fq2_value_type( - 0x03ec9e240c474ed6f729b0d7a69f87ee8e2624144f752dd954db62a162b41c0e04bdf0d5d9975b80d1dcc45d87c490c9_cppui_modular381, - 0x0f513249f1a350be65b21de0b5c67f2e165febbab0f8b96ec794fca61a7f69a0c21bfae624daf1d7154cf2e94aef218e_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x10ab10cb06737ab54f2a7428e7be1c1496e2b017ce57fc62c06f68541a0f08294728537d83a63c1c3844ef2c2f4ab2de_cppui_modular381, - 0x127d40cbb56080effbaa61faf34ce4fcb19d3d7da62216e0d143b0bda23a678d4e266298a37146955ac68478c37792b5_cppui_modular381), - fq2_value_type( - 0x169b947a693cb132d58a7044a1f00a0bf73c54aa46982f1865d4922bbd0ddddd191b8b41e9692c0416e2220151743675_cppui_modular381, - 0x0b96e829f950991af68fc5048ee0590be821ae0075a0172141cd5ab0c93dc4d5fb673d2a19d67ced1428921365ecefcf_cppui_modular381), - fq2_value_type( - 0x0e8ed67dbe55da6dc0f4bde94d88f4395524d30a340b61eb130da242be50d110a54e91ec4f037c5f1a8d26cc0fcb98a6_cppui_modular381, - 0x0a4920a012a1fd91075ff90c1740408fd8ac9802b0c1b8dda4f53ba627fc2088c786ba8f9b1df98211786b8afb6d180b_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x01aa7cf0cf542a9f6e1c2e63cd729955ed9d7299b5ccc9343d64811934caec9086f9fa8b9d019322344f639443d846c9_cppui_modular381, - 0x0547c42a6ee31146a8941850d6e8ad6b1b7c62594f2efa00e794a6eb77a033d491703ec69a349fb9bcbe68914e1faebe_cppui_modular381), - fq2_value_type( - 0x0312644c58f670dc3eb7cf4375c1f3b7f96b021df916ba8fdc4adc73b22cf39aab734487837e4712786f42e5a48c9785_cppui_modular381, - 0x11290145623d78b0e25c4b25a750fd800da9678ce9320344644307f97c8d4d4caf53fd27da42a2ab1d55febcf67bb853_cppui_modular381), - fq2_value_type( - 0x033dcee3c4f44175f5d07506bb89ad3a9443f6b52f26944607f1a664f735aef30373629f8b11f28229fa62a3a16fb6be_cppui_modular381, - 0x0dc901adb2d5a2e16386945777b6cf6689e6da5b7dfc6a6c62b8f9281a72f42d018fb18b2d5361565d58286f2acb8d66_cppui_modular381))))), - std:: - make_pair(std::make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x0e6fc2fe271d965895ab3490c328f66d7462a64094ea9d80ae23b64e94e1f14f116580a5abea53a0035de8f0e054b705_cppui_modular381, 0x099718bdc61adee66df108fe5440fa76b2db180791a3e32398d784aeeac23b957d890ae578ad3751fbb40ff387a6c30b_cppui_modular381), fq2_value_type(0x1421387b26d4ef24edfea0d391c72882757772953985635630705b84ecfb1c45cb55f03cfd3fe75173fdad0231494e6a_cppui_modular381, 0x19012dba4824606d99dfb0a3955a1091dc738d0615054b99ea2071c641e7d075b5b0037e5ad3f0ca479bd627b5bd4b6d_cppui_modular381), fq2_value_type(0x028c155e68d90a74a689ac499262fd444c4f85e8d17592c18bb40fde581c72274e5ef41f7fb761f18f745c644e1507d8_cppui_modular381, 0x0e32b73f5f08e9b3f84668793766a5a7b51d20ec1856d5f7502e37e119ce6539c62c149ef8ab1c75ec9a83a6cb4f3c61_cppui_modular381)), fq6_value_type(fq2_value_type(0x151b40c6e8e43fa5ccb7797e19b60111c2d76042411b599418e3eeecb99fe0fb47de5950783435195c5122ffd0abaa5c_cppui_modular381, - 0x022a12f01b7e0e6d4d0694cc47cefd1b1117f75e118b562021799842ebbefa89b9d0236e216ee4899446e97e7c781fec_cppui_modular381), - fq2_value_type( - 0x17d32f37a731f8dba9516ebbc840f14ab5a51c0920308aa10338f6251580946d3e6a3c61948eb892c7b6f6f7df84f0d7_cppui_modular381, 0x12d112384d2fd05a71f54fbc4d67e270a41efdcb256bb753981fabeb50fb8fd4fa1cf9800df4c1364cb50e824230e85d_cppui_modular381), - fq2_value_type(0x115b0b32cdaaa33b246e562b4654d2eae616702b0aa55bd31e5b58919469497387fb46e61ed3dede0edf598892b4a452_cppui_modular381, - 0x0883288eae7b46b83394003d96a11a3b5fd6c729a608a58bb4596ec6cc74d0f75f6028211d75fed6c7b36e15f6f659de_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type(0x1382f572d0d1a153487c9a77090c8a8870ad5d4ce7b8b1ffa24f09d178888fc490c2442e3ec9e64e2255a5d108711180_cppui_modular381, 0x051dd8211d97d800cff47b7ca515669ea462a0fa4f2fd056da3460423f1351d3e644639e0804d23828eb6e0d5885fbb0_cppui_modular381), fq2_value_type(0x142fae3fcd65304ef2c0e67d4a26d618a9599b5203d024c6649a662c6e72454b9f0fa8ecf9ffa731cb26c0522ae3fd07_cppui_modular381, 0x06673dfe79627261e144cdd168db1fcc6f71459580d32c6b24811817ddfb00880767d8aa2688746080dd47ede13bdafa_cppui_modular381), fq2_value_type(0x057234e19f1b700f0e3a1178f61ecf68185677ab94e25e07f4095608e44d16ad31bb24e01df941fe22e45be0207bdd15_cppui_modular381, 0x033d37d4bf97c1a132520a396849caa06aebde195a9bd5feed81ff0d7aa3eb86cc60561774b27d86e8f24de18b617deb_cppui_modular381)), - fq6_value_type(fq2_value_type(0x025998f75a3e007d0a08f7a79ac7d6cf80ea37804b8017a725234b8738e10556264dccfa7027f7750003841fb4c10b38_cppui_modular381, - 0x056a9eac729beba70fda9c71780b37f12b01c043f38d7be4f9e129d290d8b69b5e6bd749b66db1bc58f817fc03e71b3f_cppui_modular381), - fq2_value_type(0x03211af1a3b143d78742ddd222283cd78658be295a9d4e50488bf6ffefd8d3b8078ab229cb81e33b0d1f2bca399cc2a1_cppui_modular381, - 0x0a87caa2e5d4ab7175c524690c441d3e2c08b6d839657cc5057d076ec7e89130bdcac807b2c18dc4a374a78faea4f0e5_cppui_modular381), - fq2_value_type( - 0x1874766bc415088877f70e3202cdf5c39ec09c15f0e0374f7fe7ff8fc44400ac26799ab5432b6478dfc214dd483f2595_cppui_modular381, - 0x108a4553948407ece5f81e7a9fd68f5149539f05b84e0185cc92ff17ddea29e4d34d94c4c450c069a240b35ab594a5dc_cppui_modular381)))), - std:: - make_pair(fq12_value_type( - fq6_value_type(fq2_value_type(0x18376cf1ccd125f8393fea8f341a6b62e2b9baf17e4b7201e836efce9a6a9bcf78e0aebbe84d9972109ddfa960e638db_cppui_modular381, 0x05cc07e3dd54146d3d8db8bff3c79fa7307454332d9522beaadf215b93788c24de3a21b4e14a94e0ebbfe8216644ac2d_cppui_modular381), fq2_value_type(0x1830b774d1dc559e770f3bfdcc60aa981b27dc5505dbba74b79183b5dc21a2b96d721a72f1ae12d61d41597cd5d6e217_cppui_modular381, 0x1428d0e15547d52848eb50da618c477691913376deb87638cd8f4ed07a76168913dadeb63e820033f4913c8dbc0802fa_cppui_modular381), - fq2_value_type( - 0x1943e624109a95ea892c8bae3b7579d8c8f2be3e82cd6b3a40f85dc55d29829da201b5f43def92edd303481635ca5e54_cppui_modular381, - 0x0469a5ec7f7bb7a3279f643795b49267ab861f650badffcb321be6506f06b3eef5af8a2392d94dc29d53ef885d7ba517_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x00a82590732fdead4e76bd1a203b2d0d86aa82dcc336ff43801bb4d835d7d7279c35756028d8c428f6d3a585dd0bb0ca_cppui_modular381, - 0x1346e6edb6d18ca90e478616afb42a3013d259edf37b6f6b8ac551bc716a29d7d8a72a51970ca8fe8549f3b53bc5c639_cppui_modular381), - fq2_value_type( - 0x120844acb209890ba835f8002e011677c26720ca058cf9f414df42fff39ba17149a372535f763d25a4693841fa491238_cppui_modular381, - 0x17dba6290fe070ae0e2466404964c8d7baea6803152443aadd25c2bf8a01d15777f561a0528c0d9b9442ec9e1c324b9e_cppui_modular381), - fq2_value_type( - 0x10ba46c06a21b63c6ea1b9cbda7551702cd3e602d3d9d74364454ddd03083b93407a0f33059117a65e3d9f1ba2f01249_cppui_modular381, - 0x03504bc7e7fb392a25a4090ca6ecccc9bd73f851064bf38191f9f691931c48420452ca776fefe77ab701b320df7fadc5_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1634b0535614e652cda371df912e26dd64c8a39cc81c1649a8611d37c3f884b64fcc1329bf2b08a905628c84795322dd_cppui_modular381, - 0x0fbff0ef4186fe1b8861f7d93ab9acff6a64f44427f5ecab78f22e4543ff6656485abfac6bfc47e8fcadd36e6034bcf5_cppui_modular381), - fq2_value_type( - 0x1542195a391ea0950c9a4663d985be099fc4666f7df2c34753e68ed8a5b664d16e2025ae8220dba9406b730b078590b7_cppui_modular381, - 0x18246d3b59889cc8b0edef7ee55290299fd5a0080e8716db341931e3d222eaf2c0784f6366b7300a2e2a1f2f6c4da4b5_cppui_modular381), - fq2_value_type( - 0x0c00f8b8d7152d39338142b6da1b5359a0c450a5fa8429d35d625802cc295ef55f718fb02b0454007ef5cfc83338746a_cppui_modular381, - 0x0709bf3e9d7f008ff6e1d93b3453ad2cb66168921ba36361903361af22d5fca1d6d29b990cb1d2caa8f0c02f86a13531_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x119c2e12fee299f327357048097b0fd267f249ce49199d123ec0b34f82769a9e6a9ebc9922cc5a63c156ed0af1f2bab8_cppui_modular381, - 0x006253f43315f87f5c7de6ea4537ad330ee441c11107e1e267bf517bf30cb8193c015d7956d3cfa8a8f0152727ea7733_cppui_modular381), - fq2_value_type( - 0x0cd1080a75dd5428f170f360cedd6a09bf6786a16faa78f32086966849a4b1dde0dd5dc930b785f040f857aafa6e75ab_cppui_modular381, - 0x088a7f4fb837357d4de41e53ddb55345fc63acff883a6cc3e6955970c64be3bf6a30a389a07c2ad6f83bc7a97d1f2ff9_cppui_modular381), - fq2_value_type( - 0x18fdfb6c24745c8adf60b2d4da3c7fa8d7c1bb2d5e10c2911369eaee725ce6511e547ed433088fca9539a840ded39570_cppui_modular381, - 0x135d7730beab103b469029145cfbd4f039150e0294f98943e134c95138ef719436b4ed0c83d815b0b5b885b18d92448b_cppui_modular381))))), - std::make_pair( - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x12fd5ed0a76a16350608014441c7963af6c58f5204841220d02c120c857d72339140994eaa4a2074c46df38c289dfe7e_cppui_modular381, - 0x06b8b2c060e427d3857e3382db6ea5702d4008ebc9cdbcbb205e9e8b660f209672a68f66f6eb2f3fd87ad503af494c62_cppui_modular381), - fq2_value_type( - 0x09579277912400c143be4d18263816fc0f018d7a51724fd9a4d8676070b07b2b016c775b23a455e40f0fe1aee2715c3e_cppui_modular381, - 0x0ff9e895637cd5fc197a265c729b0198db906448b26d48d8a511ef66fc6c8d5f83591d8ac460cd20f4647bdbedc97326_cppui_modular381), - fq2_value_type( - 0x191bf0df7f7d1185b6e2f0eec8c7a6447164d3166e3fef3b2dd544d5503a44f66113c4f155e021f44245500b7922f241_cppui_modular381, - 0x190401c0e0ed8b3296bc410287e2107b4f2922f469fc21e7f4002cf980ca59ff200a2e0820a98451e1181afd2d4f271f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x177bd02cddb71e610b8e73b23ff5ac26ee6591c927761649d3c700a4f3a5e0b73d609716892eb199973d9b505cdb4a06_cppui_modular381, - 0x1822bd21fd0acee0343343595c4e99af3967bddb8d4c7efcb57fe02665d8bf5ee55e6369c6c95babfb6cac2c6cf914c7_cppui_modular381), - fq2_value_type( - 0x088519ddb9dfe63a075bef3a98a732b5f0bcf5af47459596545768bd35e3f92c0ced42f0789b2966dbca3354e0feb373_cppui_modular381, - 0x0f2e83a97a068e0fb29720bd328d9a0e9fab1571a7caade92a212df909f22f6bbf7623b70716dd506028a3b18fc75290_cppui_modular381), - fq2_value_type( - 0x0d87d1a7ae8aabdad6d8861357161a4905503be0dfbefb2b8a135eadf9bc439c29f23c813ba823818d7e1964ba594a1b_cppui_modular381, - 0x14dcd0603959b0da5bf35253e20364d9d2993e07c9dd78b6c6edeab00f58c6073629d03eccb3ce2652529a8a58772bd9_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x03fc3846e0e8982b6326add7c363d56dfc7fcf2e1ff6faf0b0f9fc0150276dc5942508a7d54358659cbdd6aec7af36a3_cppui_modular381, - 0x109bbcce08978c9e3c3a21d674948ade88fb8a8f23687ad716a6c59cbce728e6a72a77d7558a58d4f1c461c784bf499d_cppui_modular381), - fq2_value_type( - 0x0ee1e281ef65d9fe4a064c3b96e560c9ff0e0d51bd8abe50b4a3d40a434cc36c0a5b696bada1198bbff0f89b2a575ea6_cppui_modular381, - 0x0443c983945decfc94d1ba2bcad6414c6d71e3f1f9424d32002b374bacf29a48fab10bc318f1b124b54cdc957fd18080_cppui_modular381), - fq2_value_type( - 0x0cf6e0df6ba546778eaaefcad302518fa5b9e91a395f22ca566fba9a484ad9257c0fd9ec8a1fae269cf5519eb873651e_cppui_modular381, - 0x17be74b9603e0d670bc7280877675e2a7759f30dfdad39c6f56639826096f73906054ff1ef1ed7529903d58520e5fe0c_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x05c363e71fee370496ce63581e1a2353d693febc7dcba50a814e0afd41362cc5861ba05b6aa785f79023f856a1852e14_cppui_modular381, - 0x15283427f8057e38d8cbb453f3b98e4b26828438e345e0100643229b52ab7703b1adf952af09f75f3ad5c2a721b9e0a2_cppui_modular381), - fq2_value_type( - 0x07c3b5b79d43601ac881280b0264078f137524a2511b43462bb5db1ace2071a148823e8d800e9a29da8fe147005a0a29_cppui_modular381, - 0x0806b3ae25853ce81d5d3a37cc92ff63026ac76d644fbebf570dffab8d08b157c8899a7c6dfb902b29065c9ae6773bd6_cppui_modular381), - fq2_value_type( - 0x06adc03cf2b46f5167bb43d755ad20f75deb5fb3d29f7c7098a94552657ae094c86e8a7681e4358fa330f192b9dc4c67_cppui_modular381, - 0x04260c55a008a80e8e434d5abd57380d1e9287605d734e7bb984bfcdbda929f5f52486c9fd97ea273438f1886fb4ac2a_cppui_modular381)))), - std::make_pair(fq12_value_type(fq6_value_type(fq2_value_type(0x14bb7ddbeba4908783d6feb7a548702541eeb568f99a04893f9e90381078c135b6194b1a8e002ff7dbbb6bea2d112f04_cppui_modular381, - 0x0e5cf73253e3b6522e7616f7fc81d3679000f2c82bc1e4650e528e8b1815da1eb1ca74a0e1f147e9e9ee5afecaf7b75e_cppui_modular381), - fq2_value_type(0x16e5e8804bf3faf4ed8ac4bc08dd18c512dfa1d38cd70366d619fed3ad86110dcb579152126313ab3f9175c653199a9b_cppui_modular381, 0x1643968f88aaa23e7ef8aa9971ca131fe766b7cb0f101c75691b00875598811fe2f85e3e4632821c9869e4db8615e64b_cppui_modular381), - fq2_value_type( - 0x0ef37b6a804485a17f433b9637fc0666a2e5b44710804f88d04f69b6d61d343dc3473e92a7ab5ffac18157110ea25a28_cppui_modular381, - 0x0ae0281de5215487dd076937c9ae34e07531896a0d133c825c946dbb65568e45da316d5ff0e9c19b120ed5307fddd5ea_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x04b4437093d036084bd44ade2383d9f80a3753b85563d4ec723efb00575167d1700848ee8ccf779918830b727bd6e04a_cppui_modular381, - 0x02eb16e846db4d99489298242db20234d7b08679a358b3b687b199e1e9f1a79f05a3d22e26558f63ef2bfac1650a2dbb_cppui_modular381), - fq2_value_type( - 0x163b5d637d6614bf95056c2a6f40fd5b77675b40b33831075ab956a7915b50c2784dd3e9eae62e8e7710dece5b4e5cbb_cppui_modular381, - 0x075c630b96f6e47c65dcb8fe2eb7ace6db46fe7f824423a62b134775cc179d1cfabb476b06404cd8f2fae5653b0dbdb0_cppui_modular381), - fq2_value_type( - 0x04f7a4d7fccd5b85c8f8af6764cbd63124f1079084b907b06596a01e1e3fbf05e424cce303b081bab7a8a30c72215748_cppui_modular381, - 0x0ba15e1d5d7e69b85ef295f64d95b68f96716e3c5052df78227a86fd90432c8569d8d07ac0b2821a8d6a25cb2fbb161a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0c082a09cc4de431832046231a3c9ddf5b5beb5c842c2d6b665f406480828f545eb791a5154a9cbeb19d4b4ec8fbef5b_cppui_modular381, - 0x104b0366fd45deb2425345d4369d4a5a5e274ee30cf42895a76aac7173d7d0f9477cff64a233ee66d1b974832ded4432_cppui_modular381), - fq2_value_type( - 0x0b850a3606ecaf7bd030bd9369827132d037f9a6c0536044747661bda381e829d53dcf7ee6be49c73ecbae0d46df39b6_cppui_modular381, - 0x08ce262e8b91eaca41f3f91cc223e06539eb6463632e40555178f9e96929e8abe7e414115893a3e83c8ddc43bc3114b2_cppui_modular381), - fq2_value_type( - 0x0764fc9cc35a550bfe674f02dfb83e2fb9a479e26988b98d751e6bbc7f1039fb28c58aebb099dee819d2e108d5a9d014_cppui_modular381, - 0x00792e491f933e2af94549eac5b86c732e328e942d57d91df077cb0e494310044365f5f9cf1cce09efc5893064f75748_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0cface8554679360fd2a2ee77b4db2cc3426539f1bff889c545956674864e90e86ee7185dfc3e9edb28f32c7a142ea63_cppui_modular381, - 0x0f330a60215c38df03c90dbeac8096a6166d0a0a2bff2b17da0a2f47618f6914779800558fa17f5283b8264a2e39449c_cppui_modular381), - fq2_value_type( - 0x08793419745a56961712d18afcf91a9a60e8b34080f15bbd8c9c48e7d67d098dbe545a253cd628c32f3157f641806c3d_cppui_modular381, - 0x01ea7d3cd5d129e341fad5dc390e75e00828935a2c5041108dd6ac9430d2a246bf9566ae11aded72512892c1bd0804a9_cppui_modular381), - fq2_value_type( - 0x1716895aa2ce83971569725cfa75021980d0e9ba9cf6d6c3778354acc73f2392b8ee0e25ad46603afe01f559fec7058c_cppui_modular381, - 0x0d08d4cbaf970ccd7da5d59c91ca6897d4516260e6efa2bffe82ace16e9592f132a4e6b8d199dbf9ffb208965cb36b9c_cppui_modular381))))), - }; - std::vector> gp_z_ab = { - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1718116040ceeae31d4be8a8a9652e225f9288f06e1b11fc56879019a7fa7ecdc63e3a3d22d63bec596a8d2cc93bb539_cppui_modular381, - 0x007abf9364156230bb220e856905716e48d1ded59420098e38bac0f73a19cea50c210746b13867d1cb57374d6c77848c_cppui_modular381), - fq2_value_type( - 0x10e94a7072e7b49cfa35fe8cb93ae758184e4c79a4c60e1226bd5b58afd1b53d1ba70fa6dd340a6d4519b0af11056bc8_cppui_modular381, - 0x097e294b81c3089daa9c6a75cf9f8958b36b3857a9b209472c3cbff37b7669c4cfdc4c3c5638172b06e198f6d023aa2a_cppui_modular381), - fq2_value_type( - 0x0b8cd3ec915f7390b86a566068e1b2b054f229239375fa84910e61dca491664ea8cf9f189e6e58b3f9846659e35a8f6c_cppui_modular381, - 0x15a1c1754752dcf72308601a7ba3567ecae27476bdc9f9b9bcdfa99c85dd1ae23bd4a69b7d0d4046eab6cd56965d09a8_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x03ade125dbf2d12c7c901e209ca3f4ad3b5d804e2047ba79b3d6227aca3cfdd422e231a89e9d42b70fe106ff84dcdf88_cppui_modular381, - 0x19a6b0242756339d70bfda590e5aa38c7787473a481b15a9a55da5fbcc70ae580dcae38e49dd3c314044570bde03dba5_cppui_modular381), - fq2_value_type( - 0x19caa5c8e29f8901db81f5736cfae919db533a3adc85d48e010f005c8b248c50e18840e6f86ac4387285687f8dd78f21_cppui_modular381, - 0x095f22044de825fe7d5182fc6f6d74eda6a63b98d938f3a13cf9bdaeace1e347596ec1a3f72fee8fa1649c0704de73b8_cppui_modular381), - fq2_value_type( - 0x15c533c5e6fed1bacb31ec03e88fe41a3036a13e62be5325d5f7eb60a53aeb03a8ada2e3b28319609709d62b0c6b18db_cppui_modular381, - 0x19550061f9e92de28e18a3d24eb1b2882987944b8482fa0fe4d2c5e05d03f9ff099909018751ea8d9463d24c0fde26a4_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x068c1952047295ec2d622eb704fa83998547d0e635d4899a62c928319030e6f0dad9a5724e37b4a55a80e36570ecc699_cppui_modular381, - 0x04407771c03deac7ffe093fb75174ef253b5393720b07f0a479cdc1fee4ad2a4e01d61650f0699bad3912f1e4d23ec44_cppui_modular381), - fq2_value_type( - 0x00767776619842d37dc154a0d1f1e44d0dd2d68ee72aae89e5defc82e3c69c0a96b48fc76ca033dadeab1bba44b08264_cppui_modular381, - 0x0d5b3bf61b8b51a09168e2feccf939a6534fe87633aff57dd7928cc593eaec390ffd3d21d84d98b1193baa43cf9612ab_cppui_modular381), - fq2_value_type( - 0x1736e7b5ea4adba0bdd191174fd53412fd73dc59969e174092ba28beca003d11437f3930bfb0d286ee98fd482f8c7bf6_cppui_modular381, - 0x042f5db4be193bbf88421ade0d450fc87378fc9003fd133598b5da6a800e53602b8a002a85206af9b3d982b83273520a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x053cca51e1fa7754c5e1d17965a7703a65021faf05db203288cd5a0887cfff79ce99cffa7d4c7524c8a8ae40d93bf229_cppui_modular381, - 0x14aff8da928aa88a92b3f146024b275f773fd409a31a16a2bc24869b09acf372f96afb2fedbb0a422672eca8c56e3559_cppui_modular381), - fq2_value_type( - 0x084e20aa49145df560f8d274e1edabbb0921c4010cee1a2f04f6fcbfd7d260454ace0c99b84e51d60fd3573c9275fed7_cppui_modular381, - 0x0c50ffa596f08944e469361ea2b08b5d73c0f5a1d981fe05f9f43265830a84aa84392a601782a6ebda9dcc9acf55ec8b_cppui_modular381), - fq2_value_type( - 0x0a0e9fa90be56a1430a3975926c5125908485ba78181f6d72e689090852d8f1b72f157040ca99f58ccb737052cb422f5_cppui_modular381, - 0x0764fc11a4a9d1b574198a895e6d7bf231f8ec143903302d0dab141546c4727b40771209cfc017afabc4ecfa3b6cc727_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1763e5abffdabd0b985c0ddf51e38f0b130a1675917a51ab24995c7133fcbdff665d7fc3fdeab9a35329728eaa2487c0_cppui_modular381, - 0x09bf6bb6e7d77e8502233d9080bdc5819cddef652c4a2f81367c99ea77cea4ccdaffa771cd927b45f6d5357f3162fd47_cppui_modular381), - fq2_value_type( - 0x051762070642205542fa6de6ac50f1be4c1e9eaf7bb1139f43226996c77e205d8a0983e4458796a32738259989fe9b55_cppui_modular381, - 0x0ac72ab24ada457e597093800afb99428096b38a7ec5c86509e20c3022ae4cb98f0e252bd3fc98692fe89d5689d07036_cppui_modular381), - fq2_value_type( - 0x08759900ccba56c00ecd0053d7be02e7203b651252ea3cedbfff5658931f1e1881e3a9045c0a90032f9126664d5bedea_cppui_modular381, - 0x118219f6bd374135fefddec3d77b56a96f3a84ed7ecaa37a919311403d3fa827dcbcfb30517a80c1296a1e1d056d0a4d_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x10d55a0bda7815871aabe2210655b6dbd5e62da3a4850aab73c3a6af8f2b6b5c411e6901a6d7167907cc18450214ec54_cppui_modular381, - 0x0c3cff90fece5679e377cd2231a7086e8b39052729339b281a3d882913c69197b135ad64aa2c187528800a506d6e3e47_cppui_modular381), - fq2_value_type( - 0x09152f27c3bb2645c6a510cc9734eac01adcf68655016636fad1541081fb427e380508a5430e248502db4f398fb3ca57_cppui_modular381, - 0x0253e0d15072611fe63584484231348d4ccc0942aed4826061897a3c14e5bbe860d384165ee435532beed454f80d51a2_cppui_modular381), - fq2_value_type( - 0x0042993aefdb19f4a4cea0a0ad4f6a9b7c0942e704fe6cb9c2e0d4b5c1744888a18a47dd359f83bd8668c9152199d54e_cppui_modular381, - 0x0403ca90810b9bdb3d64e16d994fc0374571574c7f2414763cddee58d339d2ef94f56637d218459c526cfc9a41e2f94a_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1326e02dcc002f83652f9ae2a21128070bb67467842007fc3dce148fbecc8251303871bf52849bb9b1117deae2ac6909_cppui_modular381, - 0x160c4aebfb5daa7c8827df4456f1caed71e9c6eb36c4e38335ef5737907ca169b146cf98aaef0d263a4336764a7f5c9f_cppui_modular381), - fq2_value_type( - 0x16b1ebad8aea35d9494788b430dee9f727731a9ccb61a1c82dc23af351fcc4fe184605bf6511a09e594621b46f02f290_cppui_modular381, - 0x08a2d114e1d45e6a78891b92efb57c0fdff42a5b78e1e41c47dd04b59538297250398f8f2aeaf66f7133cd9ccbb7666b_cppui_modular381), - fq2_value_type( - 0x09f207c5728afb33780f1c95a706b2bdf7d95ad136b9384de2353a3b402dd4b36ddc0af74c5da5502b177548d955bc12_cppui_modular381, - 0x017ed246c225f9d3ad09689f7a6357853f1d3b25bfbc8f4fde45cf91e5899432d3357997e741e7b54b0d107cd76182dd_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13ac0921ecebd91522681f39d53174de399809677395c01c3a718bea8ccadf0192ab3445a2302b81532f002c5b5cb789_cppui_modular381, - 0x17fd0a8cb6cfb92773fa6cba16e0e1ef25b873b19657db520059d9fea0c16449b4a9eae194aaa3e4e62fa2ab9c4bb058_cppui_modular381), - fq2_value_type( - 0x12188747d2c0c173160f2c70cb1a7744efc351c66dec2cb4897b525edaf96b4b11b6cd8f7f96185d14b68f90f1892f0a_cppui_modular381, - 0x160adadcaa9c4535766cf059d000a3bec963b49d7a196dc9e0b273f0e380524ef0fa3778cd05f91d37dc3e3610b25ef4_cppui_modular381), - fq2_value_type( - 0x0b0aec8750f6fa904037a66899d7bb74157d66eaaa620500c8ac19330f7fa2381f8bb7bf948fcc0cb3164ca5111a57be_cppui_modular381, - 0x1571de225c6a6b1c05d1d1d1556960c9d8f1d33372de8823a7362a19c8d7bd9f21d8f7a946c8b68201b1964f161ad9ee_cppui_modular381)))), - std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0c1b46645e07f02149535e57c714bfeae7e5c6a6dae657f1bec66e0d2c370088a44b4142c9af9703f4a9140185b8ed16_cppui_modular381, - 0x121333adbcd6580d59b6f7f4a1d2b00e372df87425f8e23afe782a07aa28c2ac1dee010fd46565c3212dfd2d25aba7f3_cppui_modular381), - fq2_value_type( - 0x0055cc12db8971034a9ce1d8107ca4b8d4d5d7417b246d4814a8be358343a0540c5baa69283a9a2014810b876785e098_cppui_modular381, - 0x12f500db08771ad5b99ad670e86b07707da6f066b0f4bfebdac9d2d4a456f0f85cb962ab42b0de1437e9bf0fad01717d_cppui_modular381), - fq2_value_type( - 0x02db83dc318c076b1ed46bc49b8c6d489c35554f00a7a1e011fd740326d1f97123d03056e84d4198d0dccc98dfb2b4a4_cppui_modular381, - 0x11fba6d6f3f6755809779dedfff82c03799918c1e9f4f20139f11b43012abaa92a2c889c6978f5e03ed6ca129bedefee_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x05a517bb0873e1849733759c1352ce11b99eea1f4b14850729166a9a710d92b1d5d976f76d1e31b5bbe896e25b491f5b_cppui_modular381, - 0x168811463cbfd398603f0cd9600ad2ae2272d2ab432091b16341d9754c62c320e5a16847deffe7d2165127e51f403ad7_cppui_modular381), - fq2_value_type( - 0x0a909f2d324f012584816c1c1edd486551ac2640106236c1a01d47bd2b63ac6f6ae9fbbc99ab6f0de74d364b6b1ef9bb_cppui_modular381, - 0x0486a82e51356eab57e1842a23098ac1ff87bfbe47ee6b24b5c13dbf3ba5b0563e94917e4c1bdb90b198fd6f2a7202b9_cppui_modular381), - fq2_value_type( - 0x13bd859779632fb6c12ec2797f8b44dd6cd2af3a1bb601493ee50de1e49b2ef6c920a3bd3d23a396d9945c1d282d6d8e_cppui_modular381, - 0x13bb1971cfef27d5778bba7272e9fe80b13aa73f274e3ff03c7ebf70fdcf9582c83ed6056ef128925b6bc87284c2e72d_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x1847fd1f3f2172b8d68dd6f3dbd9271f30d96837b307aa8e2a39ba2e86b6605c0fc59bb7777c4802bb7d8c56e7ebf93e_cppui_modular381, - 0x0c963f2ade97da76fb39777e548e2c20a7ca39a45b2c41f1977e59d157ba809805c3088577aa940121139192a1eb778a_cppui_modular381), - fq2_value_type( - 0x053ec1965be1bb101063317754bf621e88aeae1c0f744eb8a7684b46cecea81304092d804b02e026bd27356f543c3ed1_cppui_modular381, - 0x0ed51dcd2f7bbb469bb814c40ff3d146f4a537297a83d6f866ab9e344add8173f97156f2f1cde4f3dab9eda6ca9267aa_cppui_modular381), - fq2_value_type( - 0x005604be71269b704f9b0c157f8fad78ac62fef470ab4f8507761d11189ce9786238653068d3b25a1ab2fc042309ae83_cppui_modular381, - 0x0ae0dd5496948ca18a99e37078f0b0e742873adcadd6aed8c68459fa520cbe8d245907fd86675484d86c821fe9e04576_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x023205ffdbe7dc1569e3a39855e8d83fad5deeb6d9aedeb1ff296e189260002a78b9930363b6704a5ed5dfdc51162668_cppui_modular381, - 0x088a1750f46f0dd74e5ea8eefdcda6ef07e462dc9e435b6219cb5515688307d15057b9a07aaa93d16a82758ecc03f3f6_cppui_modular381), - fq2_value_type( - 0x0b46157cbd8c46dac48778b3771e0d8a9b4559bd3ba59177faf6abde2786e3b22b02dcc8b285d8460cdba93b3ad8323a_cppui_modular381, - 0x1317124459e2829c60f16cb4bd696c16c7075c074eafcf0e0d9141ec952fec300e16c3e339b39773b79400fbe4183fad_cppui_modular381), - fq2_value_type( - 0x0c5a70b575d1c10439efb5d1dcd5d5063132fc1fa3317813315dc745b5397ea2265e2edb96890935ebeb1fca80d5c65c_cppui_modular381, - 0x18d6a68e0769879dc96783fa331ba7612fcb9c5e0379f1fd1ebb8590c5acf34e818d63999e858978f5eca04bd987ec94_cppui_modular381)))), - }; - std::vector> gp_z_c = { - std::make_pair( - G1_value_type( - 0x173ec2137ad89c47ea4d955ad1f1e111470718712477afd752012187ff3d421fa48a261d9bde15a7fa62d16b28a83f8e_cppui_modular381, - 0x0b17112f9450252963865ff4ae81d7c019896f02c73979b8ca931b871c78b6a6656c5eee34f6b3bb3f7e2a8517a7912b_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0284506672cd85e39d65dba1f7da2795487fedf366b721fa91e930638996f139a5c7a628979501d31189ccc8c9698875_cppui_modular381, - 0x09fbada478b96848437e8b755b10f330a3f24d175fdf8f7c42e8ea7fed25f79bc2148ea74a2ea041377e9c691ae2e7eb_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x10ba7fc7e73393ca7598d2e9b12b39de6dbfcd81ad36e428a35b994bbde3e9ab1cd9d9e97943effc439e4987e984fc51_cppui_modular381, - 0x140910a05cad86cffad281385f121f64c3da7c1c59bca46ce9c03fb9f3258517cc92d60b5b2ffd7f4b3110ef7d81adc5_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x01ebe25de68bf860fbd8b002565b6d3639252ba5065c4fd91fc41281e0fdfce31713a6abcfabefb30f0f0791639aae65_cppui_modular381, - 0x12b4a070dab2aa7a3e0fb9cb7996dca5e8e9db368f6b2e284c7a5b8c79ca740a41d4bb58d1dee5d3f9e4fe47ed19eb16_cppui_modular381, - fq_value_type::one())), - std::make_pair( - G1_value_type( - 0x0d8aff668125450adb702647fc1fd00e7ca3ecddf12070463e18b40dadccdce8d475ea33d0888c35982a4882a2931414_cppui_modular381, - 0x0ccfd47ee24216fc4c547076203a0074026130aa9762f48ec93ab804e8e1710126cc6d98f59ca21f349ee9826d9ca1aa_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x0bbda681a431b6483edbd012fbcadab103507cfbe60a419f7b0c93fed614df9be98c943f92d05f9dc8380dff52a4300e_cppui_modular381, - 0x0c89f7e6ea1a34d23938e2e28ea23f08e75242d4b8e9b47d03466d65b97cd8d927f6a38b08556b057a6d9dff909d8f25_cppui_modular381, - fq_value_type::one())), - }; - G1_value_type gp_final_a = G1_value_type( - 0x17538459e8caafbf6f7378d88ea07521b160265df16e4b8fbf159ed69aedb7e4242e909e4eeeeb721b76051b1926d208_cppui_modular381, - 0x0ac1bc8b817d77bcff0e68d06fe3886673dc844691daa41d8f019d10b1723c8ca159505e62ac73ebc80e7b47e9f18d6d_cppui_modular381, - fq_value_type::one()); - G2_value_type gp_final_b = G2_value_type( - fq2_value_type( - 0x06c55bb292162b4914d8c8189c0c35906f1e0ddf5adc94e7a4b0e90587efecc1fb870af9ddeff14c6ec763effccc5169_cppui_modular381, - 0x0b74ea554d536fc132d9a5d818c3afb1bef2988002b520f21e85d14a33a0f754326f854e2920fa46d5e7e46b65e4aea3_cppui_modular381), - fq2_value_type( - 0x1877bc193ec10b531ba56dae27f6c4484fada5413e1afb9b3d80b5cb1b829207ab93064c6bb92708381a28c77c4fbdfc_cppui_modular381, - 0x0ed5efc48efadbde502960b92e31e3c4cd224fe2a761cd361fdacfd05c72afa702c6e4225db37ecb115dc8cd8e27a2b5_cppui_modular381), - fq2_value_type::one()); - G1_value_type gp_final_c = G1_value_type( - 0x0115eba1ba9c44e21a9cb2b9f6c76932bc306ca0037e7712f8f4dac47bc60f0c5f88078c2c6dd94fbc0056eef670ce54_cppui_modular381, - 0x114ac476be3bf0f1e1f420c8fc1cb1f2bb762cd93c9c3440a8392d7c8a2ca32ca15c3975dfca6b753ba895951c6b414e_cppui_modular381, - fq_value_type::one()); - std::pair gp_final_vkey = std::make_pair( - G2_value_type( - fq2_value_type( - 0x01634dd81fd9ded259e8727141a265ac217877f7c5d5925ab6997e962b05e4b2c9d2c85c32a57cca9ae8daa62b171b30_cppui_modular381, - 0x007829a0bb526d9bf3fb39a34ed106e30045383f4bdf28c821cdffc4fa62f2ba01291a511cc1ff9549a14cb3a6253ba4_cppui_modular381), - fq2_value_type( - 0x007fa43a344eb4f2c0db80c590a2332896068dd8c447e011122bf52b881e749c6f6c0b02532c65f67af2e1b60566bd38_cppui_modular381, - 0x0958f9ecc4af1e61138df07455189f489449633062684e081265c0188ff5f6ccef136a64ef110e799031c545845f729a_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x01f926264f5a3892055b01ac24e634067ecdee7a9e1ade06e27bb0da9996fe37d3ced88ea7fbc5b0ab7589d7178fcfa1_cppui_modular381, - 0x0a4e360a3dc354b04b4d7951501b989caed7f27ecaa4bea387798a525d0cff68d3a12dc94664646d8fd459270f36d59c_cppui_modular381), - fq2_value_type( - 0x09c0d648df794e3995352f1d285ab8a61d6ade4d6278fe473f21f79c610a112b4eb25a5a2e3565b756a76f236bf939b6_cppui_modular381, - 0x039831d4cc1b6dc3214bbd4bcc1cd7a1dc6f871a1322e894d385e68ed672b072cfc9e87bad9c418a51db0a34c7dfab52_cppui_modular381), - fq2_value_type::one())); - std::pair gp_final_wkey = std::make_pair( - G1_value_type( - 0x091185d97c3b8d91c936b624099f9169df6db7acc2f828b5ca00f2ef8221624f5570f12124484a038f2168143463e842_cppui_modular381, - 0x0cd29e9bff8b7485f9146218ad386d241ed329f855dc8ca5d8b5f5eb7d2adacd464115ffa6af5d7db2a4eb2a29a212da_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x015dbb6ebd9b9c1dffbe6cc60295540005e0d8a42062288a50e0a2b8dbe6a7e4d9f71d01a6cf4baa9485c812a967f0cc_cppui_modular381, - 0x134c3f11b342e6c3186bff0e72984323110313638473ffce74ed48a0c02fc0d5a6a6564f4d06247daff005649163987f_cppui_modular381, - fq_value_type::one())); - typename commitments::kzg_ipp2::output_type com_ab = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x09438df2eed168e525cd161732bf4349ed6bfcdaa8461e93674f061ca9cffcd8cc75b77a9d6dfdb209d581d0c07e7ee4_cppui_modular381, - 0x041c2011b6779255cf4583d0d3218a6f56f4127d7422351746b114d96ab67867843d36bc48dc1e4fdbdec5dc4c2bfa36_cppui_modular381), - fq2_value_type( - 0x158c7065a17b3927a828bd3c0aa549101155e62c532ab389136a3e7c27766b0387d78cc6b889fb7f3cea1fa7ac348059_cppui_modular381, - 0x0ee242744a21aeb01dcef6c06a016597635ea490daa48c3e1d1a8f600be0e1cbc1a59bfcf85a8ecf7a621934870b7fba_cppui_modular381), - fq2_value_type( - 0x18fa1c9b16ecfcd0909b47e3f65add175ec6d400844ce635316562b99bce87de35ffb0f6d7a6d84474d494741d0106f3_cppui_modular381, - 0x06ad1691ec33738d338a706913868ddda06cfd045c99147c3ac56b7e432ad09f77a4c9e6e74850e4d4ab9953db4cfc0a_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x13ad400debdb06b30620f03778d046533e477bcfbbe346df34df6c15e3c77a5ad0b31131f8ead8b96c6cfc4d02a1c389_cppui_modular381, - 0x15583230a90604aada461a69890ca54dca55b49cc4a9aa6273c78cba351ad44958533f825fb67c466ba6eb55fdf6b4f3_cppui_modular381), - fq2_value_type( - 0x00f1db5c9cce09dd51d214b6b1239159a932c74d08f7d377c4ba269cef1bbec61946f917d737406d5f7a268b10713283_cppui_modular381, - 0x0462874a3ac8cd9a628c404dc3968643c731c6180681e3587dd9f25599d2631da0a905a457e0e561fe4e16b326743518_cppui_modular381), - fq2_value_type( - 0x008f0a48d565eb3f795482ffc080c478c5f47eadc2baad11a09bceab87e2cdfae0a9222dcc2ae3e75c7ac6c3bae31ee5_cppui_modular381, - 0x089330c302fc3baf321034f54b50d688464b932407f4d78c16a34dbae61df924179e21129075745c63b9757bfd25f05b_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x01f85b39387fceff47591576f952fb9e6419f021b06cccb4e3872cbc80577348f0473ba81922483cce06b54a8b23acf7_cppui_modular381, - 0x0e4506272365ed06076b3aba0fae145387abad75c03782c47aadd917e4408b7e4cb4b1e46d5340600202522fe29f376c_cppui_modular381), - fq2_value_type( - 0x0421e02496308c78ca48043f267b8ead249ac3231fd564fdb86ad21eb94b7675fd2f4aa4f85b9fce53b10e680592dd7d_cppui_modular381, - 0x06256d4fb220220163925d28bedd5bac9d5c01f0c548e2e3f2ad726d79a69b9e417330bb862796248a175c52a4d119ff_cppui_modular381), - fq2_value_type( - 0x17f988c31e464166b556ac828463fc9eba97bc3d315c31172e61b852905f8c6ebe47d18d8852ebd3dc5df38b6dfc68d2_cppui_modular381, - 0x0125c3640e74ed2d07ea34e60a511753689233eb3224e70e6b2fcf6267662ed740e5fe39e506607797422ebe45ea4a77_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x150c32bfc286cc3c8bdd2527b989ffa89759b79277e0c53214e7d598b768b7bfc942c82d8923321db5249b916abe0662_cppui_modular381, - 0x0740df21f60ce5267ad4018856ed2b6bbadb914e0723035ad8faf2bd25343707bf5557b371b2636497406680f72bb483_cppui_modular381), - fq2_value_type( - 0x17c3f4d53f282cd6a94234cc704e58e4f246e0bed26c340ab7a9dd21a86cc3675807138a2411d509e14f2cda6bf8e1e0_cppui_modular381, - 0x142097e3b6a8bd576fadaab0375a9f5596bc9c8edca79c6478eded81ac6b0a8bdb1371e07c426448447f2274dea81c86_cppui_modular381), - fq2_value_type( - 0x0d1599375a802ef65799d25667577bc132d204996fc6cc9cb975647373187951346bada49c52bc984dfa74635420ddb6_cppui_modular381, - 0x12f162ebd20f8136d0e2ff7b66a752fc79134069cdc131ab0cf188ba774ba97ee6a7dc79d9dcd5fe93f6830d27377c34_cppui_modular381)))); - typename commitments::kzg_ipp2::output_type com_c = std::make_pair( - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x0d1569717ac252ea42031630d1d86b8208abc0928210c9d19116f23ddbd653017ac0ef2f57acadd27aa8cca81438f843_cppui_modular381, - 0x17df99b57ef9a374fd73cec88e19f74d4e1f83b5b1c973d9b472c194cffed516c0eb53c681d3c21ce29699e35c244cc5_cppui_modular381), - fq2_value_type( - 0x121aaea362ab02e8379a362437b4e83f2343c293b7f925bd46c6d50876fbdd48086595705221cdc7ac126939b7e32f6d_cppui_modular381, - 0x0da0ba3ebc44afb6a38729640264213e37fbf2e7cb40acfb0017c9f3def58fb4037a504ef582df83feff07ba138687bc_cppui_modular381), - fq2_value_type( - 0x0250eee41b14f959399aa5fd0f0fee31c1197bb8c016d32fbd819b7d143953d5b0423996493a2ddd782f42b8bafac22c_cppui_modular381, - 0x0680ffcb49eabc8ee85555f4cc3482900ad261051aeb33d56643c50da0d1bbcbc1452d8993673d0e86312a44641e7233_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x17a2635821fb36738d222bc7615de6da7c2e23e3fd6d81c43f9d8948637f48455021f08544a6ab2baccbb66aaa01eaa8_cppui_modular381, - 0x0b464c1f228d6a279de9debcbb03d643af592a7bad75199b6d2c09b76de8b04f8d2def4c51455a455c0c327090c0d252_cppui_modular381), - fq2_value_type( - 0x0d0fde04945b173830356053368613cf6f25c8df4aaea77c797a10f39c47a5b63fa8abab80f2d42f009b4d21deac2172_cppui_modular381, - 0x199cd2b4e7d5a7f3c79bffd7c412df7b7a066ab27c163a34f9c876690b34e595f33317c756ef6bea2f6874a04294bac0_cppui_modular381), - fq2_value_type( - 0x12529873ef3324a4423d03ce1b3b7d01068d302487dfb7c44bbf80fda3abe138e7812753c80c4de759aa4724fd84e957_cppui_modular381, - 0x01aea6515a4965d9abe3bd2369f2f25a80aa40a1594eec6b3e32f889be269e3c95269becf1c6752ce27a7f12dc1861fd_cppui_modular381))), - fq12_value_type( - fq6_value_type( - fq2_value_type( - 0x11a0288351d88bc79b270177235a2c99dbe8925602d4c222217becb34b01ad855f47fb52708aea96ee40d633b59702a5_cppui_modular381, - 0x16c0a1f83f624a0ac8f2e6b001caa92e85f4f3612f60a5c16be5c5adbe2b7250c758448718848e9049a64ab1b8c6a665_cppui_modular381), - fq2_value_type( - 0x00e48ee23098a59ac449a3913fc2dcfd4b52f2c77b208e0ac2432c08b64850d5a0e99f886225d7b72daf714d490f5283_cppui_modular381, - 0x0f94203b49e62c5e5889935af96380633922314365f1995346062df5b5982d0c7177da840556ca0babcc90abd7f0b2d8_cppui_modular381), - fq2_value_type( - 0x16c5639bf79cdcf1f9f2663fb5145d47086b82033463d7146cf88d6ebd924500f5c8ca00a1917e52bd041f8bc29cae74_cppui_modular381, - 0x06e24ce65b13b39e5ca60aa9275cf060663c19160d6d7187d414b2f03e34798646f724de19d153bd4f42ad813c4e6f9f_cppui_modular381)), - fq6_value_type( - fq2_value_type( - 0x0ca27275c25e692b173b0a837d26e74f4f323e7504a2a9b7ae5151c0967579ab687f0f3055be6d72de2b2b05d3f6814a_cppui_modular381, - 0x119cbafb2577a5b0a0f2b765f11b03dbd0ad6aaa8974c8a68094d575f279a2305538e14bbd606c1a2a2a2fba21022cb6_cppui_modular381), - fq2_value_type( - 0x04925dc41f55a8808e355178e3678189f9d39af465a40fc72d68c41281b449d45048f08eae4482947c5e3841e020acab_cppui_modular381, - 0x19dc30ef0f8c4d504ee76148232c0aab1afeb669d0798760bad8822bd09458b91f45be56b00a9a88ddc0c80ebeab81d8_cppui_modular381), - fq2_value_type( - 0x1567468a9ac691aeda25e7637d17585f86a714d8a921f3659cea7a9479ffceea7fef903ed13095ef85e4f03141871bc8_cppui_modular381, - 0x16f5b6c09576cc7277640207a4dde23b02ccf457c54114e41ca6be95d9167a8c66e0c5d3d923a2d84f5c18d60810c7c8_cppui_modular381)))); - std::pair tmipp_vkey_opening = std::make_pair( - G2_value_type( - fq2_value_type( - 0x03ad15badd1d845acdfdc99c73633a03fc3a4a68cc52fc0247115e70c3ace6cd4c92715984dd70e6648bea4248c1c15b_cppui_modular381, - 0x10aa55d7dbe362b69e21ec1ba54c4173cc4a7e4e62eacce1053595f6f0d037bdca088537def2ae0a03ce0ecabb2c0a75_cppui_modular381), - fq2_value_type( - 0x093940da4a706bcf27a73885ba50b450073aa4fecd8ece8b9cf1f6432229e0140a152acb596276bd53fe3c4dda23a3ac_cppui_modular381, - 0x090320e2a3dccea5b870d1ef80c0bcb1e6850d9eea0be87072bee0268501840227688fa380bc013f44bbb00912541d51_cppui_modular381), - fq2_value_type::one()), - G2_value_type( - fq2_value_type( - 0x11e68a527689b4b136defff43544c462d27e315991947fa59e1104aa6823bb975e578cd34a24192abd8aae1893610f9b_cppui_modular381, - 0x137ba0dd76e9cdc0a25bc4594cd461720140adcd7ec36f53aa12e210614951a42c27664e0e0ef8428feb56dd66f75544_cppui_modular381), - fq2_value_type( - 0x08e0d621b3a8786e329287aa695fe54e1f86e4747574113562aeffeffe7ec0485ece3e5f3475677d53e97f644bfc5a66_cppui_modular381, - 0x13a6371c49b093f9e90be0a1d10c94e8db018c37abd09f0d8207f8d1347ac4de544af34ffd0e76e835eb84cffc0d0390_cppui_modular381), - fq2_value_type::one())); - std::pair tmipp_wkey_opening = std::make_pair( - G1_value_type( - 0x0e9acd7993fbd343074b99e268e7bddd30d095981f8272a6a843670a15967537f3ea6c54f7f9290b308ba5c88c5d1b7e_cppui_modular381, - 0x1648288ac64ddcda8a2f129da1e869f95b0cdec1fdfb34103eb09b6adbb804d1c31fcbeb7185628c57f2de3059068c52_cppui_modular381, - fq_value_type::one()), - G1_value_type( - 0x13b9051f592110c431fc91d9f2c485f343d4a35cbb311753c1d57e673678a9a9ebafbd6af1175ec764c7cb4414244f25_cppui_modular381, - 0x0984164d7f949e15e6cba14ebbf8ddf946eb4f676f42202156b0ab9536750a1e2a11f9a51153c85add517f645bfe4b78_cppui_modular381, - fq_value_type::one())); - - BOOST_CHECK_EQUAL(ip_ab, agg_proof.ip_ab); - BOOST_CHECK_EQUAL(agg_c, agg_proof.agg_c); - BOOST_CHECK(com_ab == agg_proof.com_ab); - BOOST_CHECK(com_c == agg_proof.com_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.nproofs, gp_n); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_ab == gp_comms_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.comms_c == gp_comms_c); - BOOST_CHECK(agg_proof.tmipp.gipa.z_ab == gp_z_ab); - BOOST_CHECK(agg_proof.tmipp.gipa.z_c == gp_z_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_a, gp_final_a); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_b, gp_final_b); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_c, gp_final_c); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_vkey, gp_final_vkey); - BOOST_CHECK_EQUAL(agg_proof.tmipp.gipa.final_wkey, gp_final_wkey); - BOOST_CHECK(agg_proof.tmipp.vkey_opening == tmipp_vkey_opening); - BOOST_CHECK(agg_proof.tmipp.wkey_opening == tmipp_wkey_opening); - - bool verify_res = verify>( - vk, pvk, statements, agg_proof, tr_include.begin(), tr_include.end()); - BOOST_CHECK(verify_res); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling.cpp deleted file mode 100644 index dbf13fadf8..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_marshalling.cpp +++ /dev/null @@ -1,66 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_marshalling_test - -#include - -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_gg_ppzksnark_marshalling.hpp" - -#include -#include -#include -#include -#include -#include - -#include -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void run_r1cs_gg_ppzksnark_marshalling_basic_test(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_gg_ppzksnark_marshalling(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_gg_ppzksnark_marshalling_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_gg_ppzksnark_marshalling_basic_test) { - run_r1cs_gg_ppzksnark_marshalling_basic_test>(100, 10); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling.cpp deleted file mode 100644 index 095ffc7d09..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark_tvm_marshalling.cpp +++ /dev/null @@ -1,68 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_gg_ppzksnark_tvm_marshalling_test - -#include - -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_gg_ppzksnark_tvm_marshalling.hpp" - -#include -#include -#include -#include -#include -#include - -#include "run_r1cs_gg_ppzksnark_tvm_marshalling.hpp" - -#include -#include - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void run_r1cs_gg_ppzksnark_tvm_marshalling_basic_test(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_gg_ppzksnark_tvm_marshalling(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_gg_ppzksnark_marshalling_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_gg_ppzksnark_marshalling_basic_test) { - run_r1cs_gg_ppzksnark_tvm_marshalling_basic_test>(20, 5); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark.hpp deleted file mode 100644 index 666a80a02b..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark.hpp +++ /dev/null @@ -1,145 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS GG-ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_GG_PPZKSNARK_HPP -#define CRYPTO3_RUN_R1CS_GG_PPZKSNARK_HPP - -#include - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * Runs the ppzkSNARK (generator, prover, and verifier) for a given - * R1CS example (specified by a constraint system, input, and witness). - */ - - // template - // typename std::enable_if::type - // test_affine_verifier(const typename r1cs_gg_ppzksnark::verification_key_type &vk, - // const typename r1cs_gg_ppzksnark::primary_input_type - // &primary_input, const typename r1cs_gg_ppzksnark::proof_type - // &proof, const bool expected_answer) { - // const bool answer = verify>>(vk, - // primary_input, - // proof); - // BOOST_CHECK(answer == expected_answer); - // } - - /** - * The code below provides an example of all stages of running a R1CS GG-ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_gg_ppzksnark(const r1cs_example &example) { - - using basic_proof_system = r1cs_gg_ppzksnark; - using weak_proof_system = - r1cs_gg_ppzksnark, - r1cs_gg_ppzksnark_prover, - r1cs_gg_ppzksnark_verifier_weak_input_consistency>; - - std::cout << "Starting generator" << std::endl; - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting verification key processing" << std::endl; - - typename basic_proof_system::processed_verification_key_type pvk = - r1cs_gg_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "Starting prover" << std::endl; - - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - /*const bool ans = - r1cs_gg_ppzksnark>::verifier(keypair.vk, - example.primary_input, proof);*/ - - std::cout << "Starting verifier" << std::endl; - - const bool ans = verify(std::get<1>(keypair), example.primary_input, proof); - - std::cout << "Verifier finished, result: " << ans << std::endl; - - std::cout << "Starting online verifier" << std::endl; - - const bool ans2 = verify(pvk, example.primary_input, proof); - - std::cout << "Online verifier finished, result: " << ans2 << std::endl; - - BOOST_CHECK(ans == ans2); - - std::cout << "Starting weak verifier" << std::endl; - - const bool ans3 = verify(keypair.second, example.primary_input, proof); - - std::cout << "Weak verifier finished, result: " << ans3 << std::endl; - - BOOST_CHECK(ans == ans3); - - std::cout << "Starting online weak verifier" << std::endl; - - const bool ans4 = verify(pvk, example.primary_input, proof); - - std::cout << "Online weak verifier finished, result: " << ans4 << std::endl; - - BOOST_CHECK(ans == ans4); - - /*test_affine_verifier(keypair.vk, example.primary_input, proof, ans);*/ - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_GG_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_marshalling.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_marshalling.hpp deleted file mode 100644 index 066c41dedc..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_marshalling.hpp +++ /dev/null @@ -1,104 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS GG-ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_GG_PPZKSNARK_MARSHALLING_HPP -#define CRYPTO3_RUN_R1CS_GG_PPZKSNARK_MARSHALLING_HPP - -#include -#include -#include - -#include -#include - -#include "../r1cs_examples.hpp" - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - bool run_verifier_with_byte_input(std::vector data) { - using proof_system_policy = ProofSystem; - - typename nil::marshalling::verifier_data_from_bits::verifier_data vd = - nil::marshalling::verifier_data_from_bits::process(data); - - std::cout << "Data converted from byte blob" << std::endl; - - return verify(vd.vk, vd.pi, vd.pr); - } - - /** - * The code below provides an example of all stages of running a R1CS GG-ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_gg_ppzksnark_marshalling( - const r1cs_example &example) { - - using proof_system_policy = r1cs_gg_ppzksnark; - - std::cout << "Starting generator" << std::endl; - - typename proof_system_policy::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting prover" << std::endl; - - typename proof_system_policy::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::vector data = nil::marshalling::verifier_data_to_bits::process( - keypair.second, example.primary_input, proof); - - std::cout << "Data converted to byte blob" << std::endl; - - std::cout << "Starting verifier" << std::endl; - - const bool ans = run_verifier_with_byte_input(data); - - std::cout << "Verifier finished, result: " << ans << std::endl; - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_GG_PPZKSNARK_MARSHALLING_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_tvm_marshalling.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_tvm_marshalling.hpp deleted file mode 100644 index a05f657f92..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_gg_ppzksnark/run_r1cs_gg_ppzksnark_tvm_marshalling.hpp +++ /dev/null @@ -1,302 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS GG-ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_GG_PPZKSNARK_TVM_MARSHALLING_HPP -#define CRYPTO3_RUN_R1CS_GG_PPZKSNARK_TVM_MARSHALLING_HPP - -#include - -#include -#include -#include - -#include -#include - -#include -#include "../r1cs_examples.hpp" - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a R1CS GG-ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_gg_ppzksnark_tvm_marshalling( - const r1cs_example &example); - - template - void print_proving_key(r1cs_gg_ppzksnark_proving_key pk) { - std::cout << "alpha_g1: " - << pk.alpha_g1.to_affine().X.data << " " << pk.alpha_g1.to_affine().Y.data << " " - << pk.alpha_g1.to_affine().Z.data << std::endl - << "beta_g1: " - << pk.beta_g1.to_affine().X.data << " " << pk.beta_g1.to_affine().Y.data << " " - << pk.beta_g1.to_affine().Z.data << std::endl - << "beta_g2: " - << pk.beta_g2.to_affine().X.data[0].data << " " << pk.beta_g2.to_affine().Y.data[0].data - << " " << pk.beta_g2.to_affine().Z.data[0].data << std::endl - << pk.beta_g2.to_affine().X.data[1].data << " " << pk.beta_g2.to_affine().Y.data[1].data - << " " << pk.beta_g2.to_affine().Z.data[1].data << std::endl - << "delta_g1: " - << pk.delta_g1.to_affine().X.data << " " << pk.delta_g1.to_affine().Y.data << " " - << pk.delta_g1.to_affine().Z.data << std::endl - << "delta_g2: " - << pk.delta_g2.to_affine().X.data[0].data << " " << pk.delta_g2.to_affine().Y.data[0].data - << " " << pk.delta_g2.to_affine().Z.data[0].data << std::endl - << pk.delta_g2.to_affine().X.data[1].data << " " << pk.delta_g2.to_affine().Y.data[1].data - << " " << pk.delta_g2.to_affine().Z.data[1].data << std::endl; - } - - template - void print_verification_key(r1cs_gg_ppzksnark_verification_key vk) { - std::cout << "gamma_g2: " - << vk.gamma_g2.to_affine().X.data[0].data << " " << vk.gamma_g2.to_affine().Y.data[0].data - << " " << vk.gamma_g2.to_affine().Z.data[0].data << std::endl - << vk.gamma_g2.to_affine().X.data[1].data << " " << vk.gamma_g2.to_affine().Y.data[1].data - << " " << vk.gamma_g2.to_affine().Z.data[1].data << std::endl - << "delta_g2: " - << vk.delta_g2.to_affine().X.data[0].data << " " << vk.delta_g2.to_affine().Y.data[0].data - << " " << vk.delta_g2.to_affine().Z.data[0].data << std::endl - << vk.delta_g2.to_affine().X.data[1].data << " " << vk.delta_g2.to_affine().Y.data[1].data - << " " << vk.delta_g2.to_affine().Z.data[1].data << std::endl; - } - - template<> - bool run_r1cs_gg_ppzksnark_tvm_marshalling>( - const r1cs_example::scalar_field_type> &example) { - - using CurveType = typename nil::crypto3::algebra::curves::bls12<381>; - - using scheme_type = r1cs_gg_ppzksnark; - - std::cout << "Starting generator" << std::endl; - - typename scheme_type::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting prover" << std::endl; - - typename scheme_type::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << std::hex << "Obtained proof: " << proof.g_A.to_affine().X.data << " " - << proof.g_A.to_affine().Y.data << " " << proof.g_A.to_affine().Z.data << std::endl - << proof.g_B.to_affine().X.data[0].data << " " << proof.g_B.to_affine().X.data[1].data - << " " << proof.g_B.to_affine().Y.data[0].data << std::endl - << proof.g_B.to_affine().Y.data[1].data << " " << proof.g_B.to_affine().Z.data[0].data - << " " << proof.g_B.to_affine().Z.data[1].data << std::endl - << proof.g_C.to_affine().X.data << " " << proof.g_C.to_affine().Y.data << " " - << proof.g_C.to_affine().Z.data << std::endl; - - std::cout << std::hex << "Obtained proving key: " << std::endl; - print_proving_key(keypair.first); - - std::cout << std::hex << "Obtained verification key: " << std::endl; - print_verification_key(keypair.second); - - std::cout << std::hex << "Obtained primary input: " << std::endl; - - for (auto it = example.primary_input.begin(); it != example.primary_input.end(); it++) { - std::cout << std::hex << it->data << " "; - } - std::cout << std::endl; - - std::vector proving_key_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - keypair.first); - - marshalling::status_type provingProcessingStatus = marshalling::status_type::success; - - typename scheme_type::proving_key_type other = - nil::marshalling::verifier_input_deserializer_tvm::proving_key_process( - proving_key_byteblob.cbegin(), - proving_key_byteblob.cend(), - provingProcessingStatus); - - std::cout << "Decoded proving key:" << std::endl; - print_proving_key(other); - - BOOST_CHECK(keypair.first == other); - BOOST_CHECK(keypair.first.alpha_g1 == other.alpha_g1 && keypair.first.beta_g1 == other.beta_g1); - BOOST_CHECK(keypair.first.beta_g2 == other.beta_g2 && keypair.first.delta_g1 == other.delta_g1); - BOOST_CHECK(keypair.first.delta_g2 == other.delta_g2 && keypair.first.A_query == other.A_query); - BOOST_CHECK(keypair.first.B_query == other.B_query && keypair.first.H_query == other.H_query); - BOOST_CHECK(keypair.first.L_query == other.L_query); - BOOST_CHECK(keypair.first.constraint_system == other.constraint_system); - BOOST_CHECK(keypair.first.constraint_system.primary_input_size == - other.constraint_system.primary_input_size); - BOOST_CHECK(keypair.first.constraint_system.auxiliary_input_size == - other.constraint_system.auxiliary_input_size); - BOOST_CHECK(keypair.first.constraint_system.constraints.size() == - other.constraint_system.constraints.size()); - - for (std::size_t i = 0; i < keypair.first.constraint_system.constraints.size(); i++) { - std::cout << std::endl << "i:" << i << std::endl; - BOOST_CHECK(keypair.first.constraint_system.constraints[i] == - other.constraint_system.constraints[i]); - } - - std::vector verification_key_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - keypair.second); - std::vector primary_input_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - example.primary_input); - std::vector proof_byteblob = nil::marshalling::verifier_input_serializer_tvm::process( - proof); - - std::cout << "Verification key byteblob, size " << std::dec << verification_key_byteblob.size() - << std::endl; - - for (auto it = verification_key_byteblob.begin(); it != verification_key_byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::cout << "Primary input byteblob, size " << std::dec << primary_input_byteblob.size() - << std::endl; - - for (auto it = primary_input_byteblob.begin(); it != primary_input_byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::cout << "Proof byteblob, size " << std::dec << proof_byteblob.size() << std::endl; - - for (auto it = proof_byteblob.begin(); it != proof_byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::vector byteblob; - - byteblob.insert(byteblob.end(), proof_byteblob.begin(), proof_byteblob.end()); - byteblob.insert(byteblob.end(), primary_input_byteblob.begin(), primary_input_byteblob.end()); - byteblob.insert(byteblob.end(), verification_key_byteblob.begin(), verification_key_byteblob.end()); - - std::cout << "Data converted to byte blob" << std::endl; - - for (auto it = byteblob.begin(); it != byteblob.end(); ++it) { - std::cout << std::hex << std::size_t(*it) << " "; - } - - std::cout << std::endl; - - std::cout << "Starting verifier with plain input" << std::endl; - - bool ans = verify(keypair.second, example.primary_input, proof); - - std::cout << "Verifier with plain input finished, result: " << ans << std::endl; - - marshalling::status_type processingStatus = marshalling::status_type::success; - - auto tup = nil::marshalling::verifier_input_deserializer_tvm::verifier_input_process( - byteblob.cbegin(), - byteblob.cend(), - processingStatus); - - if (processingStatus != marshalling::status_type::success) { - std::cout << "Incorrect datablob!" << std::endl; - - return false; - } - - BOOST_CHECK(processingStatus == marshalling::status_type::success); - - typename scheme_type::proof_type de_prf = std::get<2>(tup); - typename scheme_type::primary_input_type de_pi = std::get<1>(tup); - typename scheme_type::verification_key_type de_vk = std::get<0>(tup); - - // typename scheme_type::proof_type de_prf = nil::marshalling::verifier_input_deserializer_tvm::proof_process(proof_byteblob.cbegin(), proof_byteblob.cend()); - // typename scheme_type::primary_input_type de_pi = nil::marshalling::verifier_input_deserializer_tvm::primary_input_process(primary_input_byteblob.cbegin(), primary_input_byteblob.cend()); - // typename scheme_type::verification_key_type de_vk = nil::marshalling::verifier_input_deserializer_tvm::verification_key_process(verification_key_byteblob.cbegin(), verification_key_byteblob.cend()); - - std::cout << std::hex << "Decoded proof: " << de_prf.g_A.to_affine().X.data << " " - << de_prf.g_A.to_affine().Y.data << " " << de_prf.g_A.to_affine().Z.data << std::endl - << de_prf.g_B.to_affine().X.data[0].data << " " << de_prf.g_B.to_affine().X.data[1].data - << " " << de_prf.g_B.to_affine().Y.data[0].data << std::endl - << de_prf.g_B.to_affine().Y.data[1].data << " " << de_prf.g_B.to_affine().Z.data[0].data - << " " << de_prf.g_B.to_affine().Z.data[1].data << std::endl - << de_prf.g_C.to_affine().X.data << " " << de_prf.g_C.to_affine().Y.data << " " - << de_prf.g_C.to_affine().Z.data << std::endl; - - assert (de_prf == proof); - - std::cout << std::hex << "Decoded primary input: " << std::endl; - - for (auto it = de_pi.begin(); it != de_pi.end(); it++) { - std::cout << std::hex << it->data << " "; - } - std::cout << std::endl; - - // assert (de_pi == example.primary_input); - - std::cout << std::hex << "Decoded verification key: " << "gamma_g2: " - << de_vk.gamma_g2.to_affine().X.data[0].data << " " - << de_vk.gamma_g2.to_affine().Y.data[0].data << " " - << de_vk.gamma_g2.to_affine().Z.data[0].data << std::endl - << de_vk.gamma_g2.to_affine().X.data[1].data << " " - << de_vk.gamma_g2.to_affine().Y.data[1].data << " " - << de_vk.gamma_g2.to_affine().Z.data[1].data << std::endl - << "delta_g2: " - << de_vk.delta_g2.to_affine().X.data[0].data << " " - << de_vk.delta_g2.to_affine().Y.data[0].data << " " - << de_vk.delta_g2.to_affine().Z.data[0].data << std::endl - << de_vk.delta_g2.to_affine().X.data[1].data << " " - << de_vk.delta_g2.to_affine().Y.data[1].data << " " - << de_vk.delta_g2.to_affine().Z.data[1].data << std::endl; - - assert (de_vk == keypair.second); - - std::cout << "Starting verifier with decoded input" << std::endl; - - ans = verify(de_vk, de_pi, de_prf); - - std::cout << "Verifier with decoded input finished, result: " << ans << std::endl; - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_GG_PPZKSNARK_TVM_MARSHALLING_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.cpp deleted file mode 100644 index 0633e5bd33..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.cpp +++ /dev/null @@ -1,67 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "../r1cs_examples.hpp" -#include "run_r1cs_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_r1cs_ppzksnark(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_ppzksnark_test) { - test_r1cs_ppzksnark>(1000, 100); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_ppzksnark/run_r1cs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_ppzksnark/run_r1cs_ppzksnark.hpp deleted file mode 100644 index 456d73491e..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_ppzksnark/run_r1cs_ppzksnark.hpp +++ /dev/null @@ -1,142 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS ppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_PPZKSNARK_HPP -#define CRYPTO3_RUN_R1CS_PPZKSNARK_HPP - -#include - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /*template - typename std::enable_if::type - test_affine_verifier(const typename r1cs_ppzksnark::verification_key_type &vk, - const typename r1cs_ppzksnark::primary_input_type &primary_input, - const typename r1cs_ppzksnark::proof_type &proof, - const bool expected_answer) { - const bool answer = r1cs_ppzksnark_affine_verifier_weak_IC(vk, primary_input, proof); - BOOST_CHECK(answer == expected_answer); - } - - template - typename std::enable_if::type - test_affine_verifier(const typename r1cs_ppzksnark::verification_key_type &vk, - const typename r1cs_ppzksnark::primary_input_type &primary_input, - const typename r1cs_ppzksnark::proof_type &proof, - const bool expected_answer) { - BOOST_ATTRIBUTE_UNUSED(vk, primary_input, proof, expected_answer); - }*/ - - /** - * The code below provides an example of all stages of running a R1CS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_ppzksnark(const r1cs_example &example) { - - using basic_proof_system = r1cs_ppzksnark; - using weak_proof_system = r1cs_ppzksnark, - r1cs_ppzksnark_prover, - r1cs_ppzksnark_verifier_weak_input_consistency>; - - std::cout << "Starting generator" << std::endl; - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - std::cout << "Starting verification key processing" << std::endl; - - typename basic_proof_system::processed_verification_key_type pvk = - r1cs_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "Starting prover" << std::endl; - - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << "Starting verifier" << std::endl; - - const bool ans = verify(keypair.second, example.primary_input, proof); - - std::cout << "Verifier finished, result: " << ans << std::endl; - - std::cout << "Starting online verifier" << std::endl; - - const bool ans2 = - verify(pvk, example.primary_input, proof); - - std::cout << "Online verifier finished, result: " << ans2 << std::endl; - - BOOST_CHECK(ans == ans2); - - std::cout << "Starting weak verifier" << std::endl; - - const bool ans3 = verify(keypair.second, - example.primary_input, proof); - - std::cout << "Weak verifier finished, result: " << ans3 << std::endl; - - BOOST_CHECK(ans == ans3); - - std::cout << "Starting online weak verifier" << std::endl; - - const bool ans4 = verify(pvk, example.primary_input, proof); - - std::cout << "Online weak verifier finished, result: " << ans4 << std::endl; - - BOOST_CHECK(ans == ans4); - - /*test_affine_verifier(keypair.second, example.primary_input, proof, ans);*/ - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.cpp deleted file mode 100644 index a0d4bcbb41..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.cpp +++ /dev/null @@ -1,66 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the SEppzkSNARK (first generator, then -// prover, then verifier) on a synthetic R1CS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE r1cs_se_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "run_r1cs_se_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; -using namespace nil::crypto3::algebra; - -template -void test_r1cs_se_ppzksnark(std::size_t num_constraints, std::size_t input_size) { - r1cs_example example = - generate_r1cs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_r1cs_se_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(r1cs_se_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(r1cs_se_ppzksnark_test) { - test_r1cs_se_ppzksnark>(1000, 100); -} - -BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_se_ppzksnark/run_r1cs_se_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_se_ppzksnark/run_r1cs_se_ppzksnark.hpp deleted file mode 100644 index 0a93164a55..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/r1cs_se_ppzksnark/run_r1cs_se_ppzksnark.hpp +++ /dev/null @@ -1,85 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the R1CS SEppzkSNARK for -// a given R1CS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_R1CS_SE_PPZKSNARK_HPP -#define CRYPTO3_RUN_R1CS_SE_PPZKSNARK_HPP - -#include - -#include - -#include "../r1cs_examples.hpp" - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a R1CS SEppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the SEppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the SEppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the SEppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_r1cs_se_ppzksnark(const r1cs_example &example) { - using basic_proof_system = r1cs_se_ppzksnark; - - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - typename basic_proof_system::processed_verification_key_type pvk = - r1cs_se_ppzksnark_process_verification_key::process(keypair.second); - - typename basic_proof_system::proof_type proof = prove( - keypair.first, example.primary_input, example.auxiliary_input); - - const bool ans = verify(keypair.second, example.primary_input, proof); - - const bool ans2 = verify(pvk, example.primary_input, proof); - - BOOST_CHECK(ans == ans2); - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_R1CS_SE_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/ram_examples.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/ram_examples.hpp deleted file mode 100644 index 1de530fd25..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/ram_examples.hpp +++ /dev/null @@ -1,172 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a RAM example, as well as functions to sample -// RAM examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_RAM_EXAMPLES_HPP -#define CRYPTO3_ZK_RAM_EXAMPLES_HPP - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - template - struct ram_example { - ram_architecture_params ap; - std::size_t boot_trace_size_bound; - std::size_t time_bound; - ram_boot_trace boot_trace; - ram_input_tape auxiliary_input; - }; - - /** - * For now: only specialized to TinyRAM - */ - template - ram_example gen_ram_example_simple(const ram_architecture_params &ap, - std::size_t boot_trace_size_bound, std::size_t time_bound, - bool satisfiable = true) { - const std::size_t program_size = boot_trace_size_bound / 2; - const std::size_t input_size = boot_trace_size_bound - program_size; - - ram_example result; - - result.ap = ap; - result.boot_trace_size_bound = boot_trace_size_bound; - result.time_bound = time_bound; - - tinyram_program prelude; - prelude.instructions = generate_tinyram_prelude(ap); - - std::size_t boot_pos = 0; - for (std::size_t i = 0; i < prelude.instructions.size(); ++i) { - result.boot_trace.set_trace_entry(boot_pos++, - std::make_pair(i, prelude.instructions[i].as_dword(ap))); - } - - result.boot_trace[boot_pos] = std::make_pair( - boot_pos++, tinyram_instruction(tinyram_opcode_ANSWER, true, 0, 0, satisfiable ? 0 : 1) - .as_dword(ap)); /* answer 0/1 depending on satisfiability */ - - while (boot_pos < program_size) { - result.boot_trace.set_trace_entry(boot_pos++, random_tinyram_instruction(ap).as_dword(ap)); - } - - for (std::size_t i = 0; i < input_size; ++i) { - result.boot_trace.set_trace_entry( - boot_pos++, - std::make_pair((1ul << (ap.dwaddr_len() - 1)) + i, std::rand() % (1ul << (2 * ap.w)))); - } - - BOOST_CHECK(boot_pos == boot_trace_size_bound); - - return result; - } - - /** - * For now: only specialized to TinyRAM - */ - template - ram_example gen_ram_example_complex(const ram_architecture_params &ap, - std::size_t boot_trace_size_bound, std::size_t time_bound, - bool satisfiable = true) { - const std::size_t program_size = boot_trace_size_bound / 2; - const std::size_t input_size = boot_trace_size_bound - program_size; - - BOOST_CHECK(2 * ap.w / 8 * program_size < 1ul << (ap.w - 1)); - BOOST_CHECK(ap.w / 8 * input_size < 1ul << (ap.w - 1)); - - ram_example result; - - result.ap = ap; - result.boot_trace_size_bound = boot_trace_size_bound; - result.time_bound = time_bound; - - tinyram_program prelude; - prelude.instructions = generate_tinyram_prelude(ap); - - std::size_t boot_pos = 0; - for (std::size_t i = 0; i < prelude.instructions.size(); ++i) { - result.boot_trace.set_trace_entry(boot_pos++, - std::make_pair(i, prelude.instructions[i].as_dword(ap))); - } - - const std::size_t prelude_len = prelude.instructions.size(); - const std::size_t instr_addr = (prelude_len + 4) * (2 * ap.w / 8); - const std::size_t input_addr = - (1ul << (ap.w - 1)) + (ap.w / 8); // byte address of the first input word - - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, - tinyram_instruction(tinyram_opcode_LOADB, true, 1, 0, instr_addr).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, - tinyram_instruction(tinyram_opcode_LOADW, true, 2, 0, input_addr).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, tinyram_instruction(tinyram_opcode_SUB, false, 1, 1, 2).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair( - boot_pos, tinyram_instruction(tinyram_opcode_STOREB, true, 1, 0, instr_addr).as_dword(ap))); - ++boot_pos; - result.boot_trace.set_trace_entry( - boot_pos, - std::make_pair(boot_pos, - tinyram_instruction(tinyram_opcode_ANSWER, true, 0, 0, 1).as_dword(ap))); - ++boot_pos; - - while (boot_pos < program_size) { - result.boot_trace.set_trace_entry( - boot_pos, std::make_pair(boot_pos, random_tinyram_instruction(ap).as_dword(ap))); - ++boot_pos; - } - - result.boot_trace.set_trace_entry( - boot_pos++, std::make_pair(1ul << (ap.dwaddr_len() - 1), satisfiable ? 1ul << ap.w : 0)); - - for (std::size_t i = 1; i < input_size; ++i) { - result.boot_trace.set_trace_entry( - boot_pos++, - std::make_pair((1ul << (ap.dwaddr_len() - 1)) + i + 1, std::rand() % (1ul << (2 * ap.w)))); - } - - return result; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // RAM_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/ram_ppzksnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/ram_ppzksnark.cpp deleted file mode 100644 index 075d976f12..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/ram_ppzksnark.cpp +++ /dev/null @@ -1,73 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE ram_ppzksnark_test - -#include - -#include -#include -#include -#include -#include - -#include "ram_examples.hpp" -#include "run_ram_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_ram_ppzksnark(const std::size_t w, - const std::size_t k, - const std::size_t program_size, - const std::size_t input_size, - const std::size_t time_bound) { - typedef ram_ppzksnark_machine_pp machine_ppT; - const std::size_t boot_trace_size_bound = program_size + input_size; - const bool satisfiable = true; - - const ram_ppzksnark_architecture_params ap(w, k); - const ram_example example = - gen_ram_example_complex(ap, boot_trace_size_bound, time_bound, satisfiable); - - const bool bit = run_ram_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(ram_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(ram_ppzksnark_test) { - const std::size_t program_size = 100; - const std::size_t input_size = 2; - const std::size_t time_bound = 20; - - // 16-bit TinyRAM with 16 registers - test_ram_ppzksnark(16, 16, program_size, input_size, time_bound); - - // 32-bit TinyRAM with 16 registers - test_ram_ppzksnark(32, 16, program_size, input_size, time_bound); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/run_ram_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/run_ram_ppzksnark.hpp deleted file mode 100644 index f2b390c3ce..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/ram_ppzksnark/run_ram_ppzksnark.hpp +++ /dev/null @@ -1,88 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_RAM_PPZKSNARK_HPP -#define CRYPTO3_RUN_RAM_PPZKSNARK_HPP - -#include -#include -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a RAM ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * architecture and bounds on the computation. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a boot trace, and an auxiliary input. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a boot trace, and a proof. - */ - template - bool run_ram_ppzksnark(const ram_example> &example) { - using basic_proof_system = ram_ppzksnark; - - std::cout << "Call to run_ram_ppzksnark" << std::endl; - - printf("This run uses an example with the following parameters:\n"); - example.ap.print(); - printf("* Primary input size bound (L): %zu\n", example.boot_trace_size_bound); - printf("* Time bound (T): %zu\n", example.time_bound); - printf("Hence, algebra::log2(L+2*T) equals %zu\n", - algebra::log2(example.boot_trace_size_bound + 2 * example.time_bound)); - - std::cout << "RAM ppzkSNARK Generator" << std::endl; - typename basic_proof_system::keypair_type keypair = generate( - example.ap, example.boot_trace_size_bound, example.time_bound); - - std::cout << "RAM ppzkSNARK Prover" << std::endl; - typename basic_proof_system::proof_type proof = prove( - keypair.first, example.boot_trace, example.auxiliary_input); - - std::cout << "RAM ppzkSNARK Verifier" << std::endl; - bool ans = verify(keypair.second, example.boot_trace, proof); - - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_RAM_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/run_tbcs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/run_tbcs_ppzksnark.hpp deleted file mode 100644 index f4521da840..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/run_tbcs_ppzksnark.hpp +++ /dev/null @@ -1,88 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_TBCS_PPZKSNARK_HPP -#define CRYPTO3_RUN_TBCS_PPZKSNARK_HPP - -#include "tbcs_examples.hpp" - -#include - -#include -#include -#include - - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a TBCS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * circuit C to create a proving and a verification key for C. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for C, and an auxiliary input for C. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for C, and a proof. - */ - template - bool run_tbcs_ppzksnark(const tbcs_example &example) { - using basic_proof_system = tbcs_ppzksnark; - - std::cout << "Call to run_tbcs_ppzksnark" << std::endl; - - std::cout << "TBCS ppzkSNARK Generator" << std::endl; - typename basic_proof_system::keypair_type keypair = generate(example.circuit); - - std::cout << "Preprocess verification key" << std::endl; - typename basic_proof_system::processed_verification_key_type pvk = - tbcs_ppzksnark_process_verification_key::process(keypair.second); - - std::cout << "TBCS ppzkSNARK Prover" << std::endl; - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - std::cout << "TBCS ppzkSNARK Verifier" << std::endl; - bool ans = verify(keypair.second, example.primary_input, proof); - printf("* The verification result is: %s\n", (ans ? "PASS" : "FAIL")); - - std::cout << "TBCS ppzkSNARK Online Verifier" << std::endl; - bool ans2 = verify(pvk, example.primary_input, proof); - BOOST_CHECK(ans == ans2); - - return ans; - } - - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_TBCS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_examples.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_examples.hpp deleted file mode 100644 index b1b3e7b86f..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_examples.hpp +++ /dev/null @@ -1,131 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a TBCS example, as well as functions to sample -// TBCS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_TBCS_EXAMPLES_HPP -#define CRYPTO3_ZK_TBCS_EXAMPLES_HPP - -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A TBCS example comprises a TBCS circuit, TBCS primary input, and TBCS auxiliary input. - */ - struct tbcs_example { - - tbcs_circuit circuit; - tbcs_primary_input primary_input; - tbcs_auxiliary_input auxiliary_input; - - tbcs_example() = default; - tbcs_example(const tbcs_example &other) = default; - tbcs_example(const tbcs_circuit &circuit, - const tbcs_primary_input &primary_input, - const tbcs_auxiliary_input &auxiliary_input) : - circuit(circuit), - primary_input(primary_input), auxiliary_input(auxiliary_input) { - } - - tbcs_example(tbcs_circuit &&circuit, - tbcs_primary_input &&primary_input, - tbcs_auxiliary_input &&auxiliary_input) : - circuit(std::move(circuit)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) { - } - }; - - /** - * Generate a TBCS example such that: - * - the primary input has size primary_input_size; - * - the auxiliary input has size auxiliary_input_size; - * - the circuit has num_gates gates; - * - the circuit has num_outputs (<= num_gates) output gates. - * - * This is done by first selecting primary and auxiliary inputs uniformly at random, and then for each - * gate: - * - selecting random left and right wires from primary inputs, auxiliary inputs, and outputs of - * previous gates, - * - selecting a gate type at random (subject to the constraint "output = 0" if this is an output gate). - */ - tbcs_example generate_tbcs_example(std::size_t primary_input_size, - std::size_t auxiliary_input_size, - std::size_t num_gates, - std::size_t num_outputs) { - tbcs_example example; - for (std::size_t i = 0; i < primary_input_size; ++i) { - example.primary_input.push_back(std::rand() % 2 == 0 ? false : true); - } - - for (std::size_t i = 0; i < auxiliary_input_size; ++i) { - example.auxiliary_input.push_back(std::rand() % 2 == 0 ? false : true); - } - - example.circuit.primary_input_size = primary_input_size; - example.circuit.auxiliary_input_size = auxiliary_input_size; - - tbcs_variable_assignment all_vals; - all_vals.insert(all_vals.end(), example.primary_input.begin(), example.primary_input.end()); - all_vals.insert(all_vals.end(), example.auxiliary_input.begin(), example.auxiliary_input.end()); - - for (std::size_t i = 0; i < num_gates; ++i) { - const std::size_t num_variables = primary_input_size + auxiliary_input_size + i; - tbcs_gate gate; - gate.left_wire = std::rand() % (num_variables + 1); - gate.right_wire = std::rand() % (num_variables + 1); - gate.output = num_variables + 1; - - if (i >= num_gates - num_outputs) { - /* make gate a circuit output and fix */ - do { - gate.type = (tbcs_gate_type)(std::rand() % num_tbcs_gate_types); - } while (gate.evaluate(all_vals)); - - gate.is_circuit_output = true; - } else { - gate.type = (tbcs_gate_type)(std::rand() % num_tbcs_gate_types); - gate.is_circuit_output = false; - } - - example.circuit.add_gate(gate); - all_vals.push_back(gate.evaluate(all_vals)); - } - - BOOST_CHECK(example.circuit.is_satisfied(example.primary_input, example.auxiliary_input)); - - return example; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // TBCS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark.cpp deleted file mode 100644 index aa8f5e2a6d..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/tbcs_ppzksnark/tbcs_ppzksnark.cpp +++ /dev/null @@ -1,68 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic TBCS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE tbcs_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "tbcs_examples.hpp" -#include "run_tbcs_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_tbcs_ppzksnark(std::size_t primary_input_size, std::size_t auxiliary_input_size, std::size_t num_gates, - std::size_t num_outputs) { - const tbcs_example example = - generate_tbcs_example(primary_input_size, auxiliary_input_size, num_gates, num_outputs); - - const bool bit = run_tbcs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(tbcs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(tbcs_ppzksnark_test) { - test_tbcs_ppzksnark>(10, 10, 20, 5); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/run_uscs_ppzksnark.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/run_uscs_ppzksnark.hpp deleted file mode 100644 index 8c67357714..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/run_uscs_ppzksnark.hpp +++ /dev/null @@ -1,82 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of functionality that runs the USCS ppzkSNARK for -// a given USCS example. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_RUN_USCS_PPZKSNARK_HPP -#define CRYPTO3_RUN_USCS_PPZKSNARK_HPP - -#include "uscs_examples.hpp" - -#include - -#include -#include -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * The code below provides an example of all stages of running a USCS ppzkSNARK. - * - * Of course, in a real-life scenario, we would have three distinct entities, - * mangled into one in the demonstration below. The three entities are as follows. - * (1) The "generator", which runs the ppzkSNARK generator on input a given - * constraint system CS to create a proving and a verification key for CS. - * (2) The "prover", which runs the ppzkSNARK prover on input the proving key, - * a primary input for CS, and an auxiliary input for CS. - * (3) The "verifier", which runs the ppzkSNARK verifier on input the verification key, - * a primary input for CS, and a proof. - */ - template - bool run_uscs_ppzksnark(const uscs_example &example) { - using basic_proof_system = uscs_ppzksnark; - - typename basic_proof_system::keypair_type keypair = - generate(example.constraint_system); - - typename basic_proof_system::processed_verification_key_type pvk = - uscs_ppzksnark_process_verification_key::process(keypair.second); - - typename basic_proof_system::proof_type proof = - prove(keypair.first, example.primary_input, example.auxiliary_input); - - bool ans = verify(keypair.second, example.primary_input, proof); - - bool ans2 = verify(pvk, example.primary_input, proof); - BOOST_CHECK(ans == ans2); - - return ans; - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_RUN_USCS_PPZKSNARK_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_examples.hpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_examples.hpp deleted file mode 100644 index c9ced3551f..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_examples.hpp +++ /dev/null @@ -1,190 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Declaration of interfaces for a USCS example, as well as functions to sample -// USCS examples with prescribed parameters (according to some distribution). -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_ZK_USCS_EXAMPLES_HPP -#define CRYPTO3_ZK_USCS_EXAMPLES_HPP - -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace zk { - namespace snark { - - /** - * A USCS example comprises a USCS constraint system, USCS input, and USCS witness. - */ - template - struct uscs_example { - uscs_constraint_system constraint_system; - uscs_primary_input primary_input; - uscs_auxiliary_input auxiliary_input; - - uscs_example() = default; - uscs_example(const uscs_example &other) = default; - uscs_example(const uscs_constraint_system &constraint_system, - const uscs_primary_input &primary_input, - const uscs_auxiliary_input &auxiliary_input) : - constraint_system(constraint_system), - primary_input(primary_input), auxiliary_input(auxiliary_input) {}; - uscs_example(uscs_constraint_system &&constraint_system, - uscs_primary_input &&primary_input, - uscs_auxiliary_input &&auxiliary_input) : - constraint_system(std::move(constraint_system)), - primary_input(std::move(primary_input)), auxiliary_input(std::move(auxiliary_input)) {}; - }; - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of ``full'' field elements (typically require the whole log|Field| bits to - * represent). - */ - template - uscs_example generate_uscs_example_with_field_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - BOOST_CHECK(num_constraints >= num_inputs); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints - num_inputs; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_constraints; ++i) { - full_variable_assignment.emplace_back(typename FieldType::value_type(std::rand() % 2)); - } - - for (std::size_t i = 0; i < num_constraints; ++i) { - std::size_t x, y, z; - - do { - x = std::rand() % num_constraints; - y = std::rand() % num_constraints; - z = std::rand() % num_constraints; - } while (x == z || y == z); - - const typename FieldType::value_type x_coeff = algebra::random_element(); - const typename FieldType::value_type y_coeff = algebra::random_element(); - const typename FieldType::value_type val = - (std::rand() % 2 == 0 ? FieldType::value_type::one() : -FieldType::value_type::one()); - const typename FieldType::value_type z_coeff = - (val - x_coeff * full_variable_assignment[x] - y_coeff * full_variable_assignment[y]) * - full_variable_assignment[z].inversed(); - - uscs_constraint constr; - constr.add_term(x + 1, x_coeff); - constr.add_term(y + 1, y_coeff); - constr.add_term(z + 1, z_coeff); - - cs.add_constraint(constr); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - - /** - * Generate a USCS example such that: - * - the number of constraints of the USCS constraint system is num_constraints; - * - the number of variables of the USCS constraint system is (approximately) num_constraints; - * - the number of inputs of the USCS constraint system is num_inputs; - * - the USCS input consists of binary values (as opposed to ``full'' field elements). - */ - template - uscs_example generate_uscs_example_with_binary_input(std::size_t num_constraints, - std::size_t num_inputs) { - BOOST_CHECK(num_inputs >= 1); - - uscs_constraint_system cs; - cs.primary_input_size = num_inputs; - cs.auxiliary_input_size = num_constraints; - - uscs_variable_assignment full_variable_assignment; - for (std::size_t i = 0; i < num_inputs; ++i) { - full_variable_assignment.push_back(typename FieldType::value_type(std::rand() % 2)); - } - - std::size_t lastvar = num_inputs - 1; - for (std::size_t i = 0; i < num_constraints; ++i) { - ++lastvar; - - /* chose two random bits and XOR them together */ - const std::size_t u = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - const std::size_t v = (i == 0 ? std::rand() % num_inputs : std::rand() % i); - - uscs_constraint constr; - constr.add_term(u + 1, 1); - constr.add_term(v + 1, 1); - constr.add_term(lastvar + 1, 1); - constr.add_term(0, -FieldType::value_type::one()); // shift constant term (which is 0) by 1 - - cs.add_constraint(constr); - full_variable_assignment.push_back(full_variable_assignment[u] + full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v] - - full_variable_assignment[u] * full_variable_assignment[v]); - } - - /* split variable assignment */ - uscs_primary_input primary_input(full_variable_assignment.begin(), - full_variable_assignment.begin() + num_inputs); - uscs_primary_input auxiliary_input(full_variable_assignment.begin() + num_inputs, - full_variable_assignment.end()); - - /* sanity checks */ - BOOST_CHECK(cs.num_variables() == full_variable_assignment.size()); - BOOST_CHECK(cs.num_variables() >= num_inputs); - BOOST_CHECK(cs.num_inputs() == num_inputs); - BOOST_CHECK(cs.num_constraints() == num_constraints); - BOOST_CHECK(cs.is_satisfied(primary_input, auxiliary_input)); - - return uscs_example(std::move(cs), std::move(primary_input), std::move(auxiliary_input)); - } - } // namespace snark - } // namespace zk - } // namespace crypto3 -} // namespace nil - -#endif // USCS_EXAMPLES_HPP diff --git a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark.cpp b/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark.cpp deleted file mode 100644 index 8c89a65489..0000000000 --- a/parallel-crypto3/libs/parallel-zk/test/systems/ppzksnark/uscs_ppzksnark/uscs_ppzksnark.cpp +++ /dev/null @@ -1,66 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2018-2021 Mikhail Komarov -// Copyright (c) 2020-2021 Nikita Kaskov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// -// @file Test program that exercises the ppzkSNARK (first generator, then -// prover, then verifier) on a synthetic USCS instance. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE uscs_ppzksnark_test - -#include - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "uscs_examples.hpp" -#include "run_uscs_ppzksnark.hpp" - -using namespace nil::crypto3::zk::snark; - -template -void test_uscs_ppzksnark(std::size_t num_constraints, std::size_t input_size) { - uscs_example example = - generate_uscs_example_with_binary_input(num_constraints, input_size); - const bool bit = run_uscs_ppzksnark(example); - BOOST_CHECK(bit); -} - -BOOST_AUTO_TEST_SUITE(uscs_ppzksnark_test_suite) - -BOOST_AUTO_TEST_CASE(uscs_ppzksnark_test) { - test_uscs_ppzksnark>(1000, 100); -} - -BOOST_AUTO_TEST_SUITE_END()