Feat/plonk generic

backend/backend.go

@@ -28,11 +28,12 @@ const (
 	UNKNOWN ID = iota
 	GROTH16
 	PLONK
+	PLONKFRI
 )
 
 // Implemented return the list of proof systems implemented in gnark
 func Implemented() []ID {
-	return []ID{GROTH16, PLONK}
+	return []ID{GROTH16, PLONK, PLONKFRI}
 }
 
 // String returns the string representation of a proof system
@@ -42,6 +43,8 @@ func (id ID) String() string {
 		return "groth16"
 	case PLONK:
 		return "plonk"
+	case PLONKFRI:
+		return "plonkFRI"
 	default:
 		return "unknown"
 	}

backend/plonkfri/plonkfri.go

@@ -0,0 +1,301 @@
+// Copyright 2020 ConsenSys AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package plonkfri implements PLONK Zero Knowledge Proof system, with FRI as commitment scheme.
+
+package plonkfri
+
+import (
+	"github.com/consensys/gnark/backend"
+	"github.com/consensys/gnark/frontend"
+
+	"github.com/consensys/gnark/backend/witness"
+	cs_bls12377 "github.com/consensys/gnark/internal/backend/bls12-377/cs"
+	cs_bls12381 "github.com/consensys/gnark/internal/backend/bls12-381/cs"
+	cs_bls24315 "github.com/consensys/gnark/internal/backend/bls24-315/cs"
+	cs_bn254 "github.com/consensys/gnark/internal/backend/bn254/cs"
+	cs_bw6633 "github.com/consensys/gnark/internal/backend/bw6-633/cs"
+	cs_bw6761 "github.com/consensys/gnark/internal/backend/bw6-761/cs"
+
+	plonk_bls12377 "github.com/consensys/gnark/internal/backend/bls12-377/plonkfri"
+	plonk_bls12381 "github.com/consensys/gnark/internal/backend/bls12-381/plonkfri"
+	plonk_bls24315 "github.com/consensys/gnark/internal/backend/bls24-315/plonkfri"
+	plonk_bn254 "github.com/consensys/gnark/internal/backend/bn254/plonkfri"
+	plonk_bw6633 "github.com/consensys/gnark/internal/backend/bw6-633/plonkfri"
+	plonk_bw6761 "github.com/consensys/gnark/internal/backend/bw6-761/plonkfri"
+
+	witness_bls12377 "github.com/consensys/gnark/internal/backend/bls12-377/witness"
+	witness_bls12381 "github.com/consensys/gnark/internal/backend/bls12-381/witness"
+	witness_bls24315 "github.com/consensys/gnark/internal/backend/bls24-315/witness"
+	witness_bn254 "github.com/consensys/gnark/internal/backend/bn254/witness"
+	witness_bw6633 "github.com/consensys/gnark/internal/backend/bw6-633/witness"
+	witness_bw6761 "github.com/consensys/gnark/internal/backend/bw6-761/witness"
+)
+
+// Proof represents a Plonk proof generated by plonk.Prove
+//
+// it's underlying implementation is curve specific (see gnark/internal/backend)
+type Proof interface {
+	// io.WriterTo
+	// io.ReaderFrom
+}
+
+// ProvingKey represents a plonk ProvingKey
+//
+// it's underlying implementation is strongly typed with the curve (see gnark/internal/backend)
+type ProvingKey interface {
+	// io.WriterTo
+	// io.ReaderFrom
+	VerifyingKey() interface{}
+}
+
+// VerifyingKey represents a plonk VerifyingKey
+//
+// it's underlying implementation is strongly typed with the curve (see gnark/internal/backend)
+type VerifyingKey interface {
+	// io.WriterTo
+	// io.ReaderFrom
+	// InitKZG(srs kzg.SRS) error
+	NbPublicWitness() int // number of elements expected in the public witness
+}
+
+// Setup prepares the public data associated to a circuit + public inputs.
+func Setup(ccs frontend.CompiledConstraintSystem) (ProvingKey, VerifyingKey, error) {
+
+	switch tccs := ccs.(type) {
+	case *cs_bn254.SparseR1CS:
+		return plonk_bn254.Setup(tccs)
+	case *cs_bls12381.SparseR1CS:
+		return plonk_bls12381.Setup(tccs)
+	case *cs_bls12377.SparseR1CS:
+		return plonk_bls12377.Setup(tccs)
+	case *cs_bw6761.SparseR1CS:
+		return plonk_bw6761.Setup(tccs)
+	case *cs_bls24315.SparseR1CS:
+		return plonk_bls24315.Setup(tccs)
+	case *cs_bw6633.SparseR1CS:
+		return plonk_bw6633.Setup(tccs)
+	default:
+		panic("unrecognized SparseR1CS curve type")
+	}
+
+}
+
+// Prove generates PLONK proof from a circuit, associated preprocessed public data, and the witness
+// if the force flag is set:
+// 	will executes all the prover computations, even if the witness is invalid
+//  will produce an invalid proof
+//	internally, the solution vector to the SparseR1CS will be filled with random values which may impact benchmarking
+func Prove(ccs frontend.CompiledConstraintSystem, pk ProvingKey, fullWitness *witness.Witness, opts ...backend.ProverOption) (Proof, error) {
+
+	// apply options
+	opt, err := backend.NewProverConfig(opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	switch tccs := ccs.(type) {
+	case *cs_bn254.SparseR1CS:
+		w, ok := fullWitness.Vector.(*witness_bn254.Witness)
+		if !ok {
+			return nil, witness.ErrInvalidWitness
+		}
+		return plonk_bn254.Prove(tccs, pk.(*plonk_bn254.ProvingKey), *w, opt)
+
+	case *cs_bls12381.SparseR1CS:
+		w, ok := fullWitness.Vector.(*witness_bls12381.Witness)
+		if !ok {
+			return nil, witness.ErrInvalidWitness
+		}
+		return plonk_bls12381.Prove(tccs, pk.(*plonk_bls12381.ProvingKey), *w, opt)
+
+	case *cs_bls12377.SparseR1CS:
+		w, ok := fullWitness.Vector.(*witness_bls12377.Witness)
+		if !ok {
+			return nil, witness.ErrInvalidWitness
+		}
+		return plonk_bls12377.Prove(tccs, pk.(*plonk_bls12377.ProvingKey), *w, opt)
+
+	case *cs_bw6761.SparseR1CS:
+		w, ok := fullWitness.Vector.(*witness_bw6761.Witness)
+		if !ok {
+			return nil, witness.ErrInvalidWitness
+		}
+		return plonk_bw6761.Prove(tccs, pk.(*plonk_bw6761.ProvingKey), *w, opt)
+
+	case *cs_bw6633.SparseR1CS:
+		w, ok := fullWitness.Vector.(*witness_bw6633.Witness)
+		if !ok {
+			return nil, witness.ErrInvalidWitness
+		}
+		return plonk_bw6633.Prove(tccs, pk.(*plonk_bw6633.ProvingKey), *w, opt)
+
+	case *cs_bls24315.SparseR1CS:
+		w, ok := fullWitness.Vector.(*witness_bls24315.Witness)
+		if !ok {
+			return nil, witness.ErrInvalidWitness
+		}
+		return plonk_bls24315.Prove(tccs, pk.(*plonk_bls24315.ProvingKey), *w, opt)
+
+	default:
+		panic("unrecognized SparseR1CS curve type")
+	}
+}
+
+// Verify verifies a PLONK proof, from the proof, preprocessed public data, and public witness.
+func Verify(proof Proof, vk VerifyingKey, publicWitness *witness.Witness) error {
+
+	switch _proof := proof.(type) {
+
+	case *plonk_bn254.Proof:
+		w, ok := publicWitness.Vector.(*witness_bn254.Witness)
+		if !ok {
+			return witness.ErrInvalidWitness
+		}
+		return plonk_bn254.Verify(_proof, vk.(*plonk_bn254.VerifyingKey), *w)
+
+	case *plonk_bls12381.Proof:
+		w, ok := publicWitness.Vector.(*witness_bls12381.Witness)
+		if !ok {
+			return witness.ErrInvalidWitness
+		}
+		return plonk_bls12381.Verify(_proof, vk.(*plonk_bls12381.VerifyingKey), *w)
+
+	case *plonk_bls12377.Proof:
+		w, ok := publicWitness.Vector.(*witness_bls12377.Witness)
+		if !ok {
+			return witness.ErrInvalidWitness
+		}
+		return plonk_bls12377.Verify(_proof, vk.(*plonk_bls12377.VerifyingKey), *w)
+
+	case *plonk_bw6761.Proof:
+		w, ok := publicWitness.Vector.(*witness_bw6761.Witness)
+		if !ok {
+			return witness.ErrInvalidWitness
+		}
+		return plonk_bw6761.Verify(_proof, vk.(*plonk_bw6761.VerifyingKey), *w)
+
+	case *plonk_bw6633.Proof:
+		w, ok := publicWitness.Vector.(*witness_bw6633.Witness)
+		if !ok {
+			return witness.ErrInvalidWitness
+		}
+		return plonk_bw6633.Verify(_proof, vk.(*plonk_bw6633.VerifyingKey), *w)
+
+	case *plonk_bls24315.Proof:
+		w, ok := publicWitness.Vector.(*witness_bls24315.Witness)
+		if !ok {
+			return witness.ErrInvalidWitness
+		}
+		return plonk_bls24315.Verify(_proof, vk.(*plonk_bls24315.VerifyingKey), *w)
+
+	default:
+		panic("unrecognized proof type")
+	}
+}
+
+// NewCS instantiate a concrete curved-typed SparseR1CS and return a ConstraintSystem interface
+// This method exists for (de)serialization purposes
+// func NewCS(curveID ecc.ID) frontend.CompiledConstraintSystem {
+// 	var r1cs frontend.CompiledConstraintSystem
+// 	switch curveID {
+// 	case ecc.BN254:
+// 		r1cs = &cs_bn254.SparseR1CS{}
+// 	case ecc.BLS12_377:
+// 		r1cs = &cs_bls12377.SparseR1CS{}
+// 	case ecc.BLS12_381:
+// 		r1cs = &cs_bls12381.SparseR1CS{}
+// 	case ecc.BW6_761:
+// 		r1cs = &cs_bw6761.SparseR1CS{}
+// 	case ecc.BLS24_315:
+// 		r1cs = &cs_bls24315.SparseR1CS{}
+// 	case ecc.BW6_633:
+// 		r1cs = &cs_bw6633.SparseR1CS{}
+// 	default:
+// 		panic("not implemented")
+// 	}
+// 	return r1cs
+// }
+
+// // NewProvingKey instantiates a curve-typed ProvingKey and returns an interface
+// // This function exists for serialization purposes
+// func NewProvingKey(curveID ecc.ID) ProvingKey {
+// 	var pk ProvingKey
+// 	switch curveID {
+// 	case ecc.BN254:
+// 		pk = &plonk_bn254.ProvingKey{}
+// 	case ecc.BLS12_377:
+// 		pk = &plonk_bls12377.ProvingKey{}
+// 	case ecc.BLS12_381:
+// 		pk = &plonk_bls12381.ProvingKey{}
+// 	case ecc.BW6_761:
+// 		pk = &plonk_bw6761.ProvingKey{}
+// 	case ecc.BLS24_315:
+// 		pk = &plonk_bls24315.ProvingKey{}
+// 	case ecc.BW6_633:
+// 		pk = &plonk_bw6633.ProvingKey{}
+// 	default:
+// 		panic("not implemented")
+// 	}
+
+// 	return pk
+// }
+
+// // NewProof instantiates a curve-typed ProvingKey and returns an interface
+// // This function exists for serialization purposes
+// func NewProof(curveID ecc.ID) Proof {
+// 	var proof Proof
+// 	switch curveID {
+// 	case ecc.BN254:
+// 		proof = &plonk_bn254.Proof{}
+// 	case ecc.BLS12_377:
+// 		proof = &plonk_bls12377.Proof{}
+// 	case ecc.BLS12_381:
+// 		proof = &plonk_bls12381.Proof{}
+// 	case ecc.BW6_761:
+// 		proof = &plonk_bw6761.Proof{}
+// 	case ecc.BLS24_315:
+// 		proof = &plonk_bls24315.Proof{}
+// 	case ecc.BW6_633:
+// 		proof = &plonk_bw6633.Proof{}
+// 	default:
+// 		panic("not implemented")
+// 	}
+
+// 	return proof
+// }
+
+// // NewVerifyingKey instantiates a curve-typed VerifyingKey and returns an interface
+// // This function exists for serialization purposes
+// func NewVerifyingKey(curveID ecc.ID) VerifyingKey {
+// 	var vk VerifyingKey
+// 	switch curveID {
+// 	case ecc.BN254:
+// 		vk = &plonk_bn254.VerifyingKey{}
+// 	case ecc.BLS12_377:
+// 		vk = &plonk_bls12377.VerifyingKey{}
+// 	case ecc.BLS12_381:
+// 		vk = &plonk_bls12381.VerifyingKey{}
+// 	case ecc.BW6_761:
+// 		vk = &plonk_bw6761.VerifyingKey{}
+// 	case ecc.BLS24_315:
+// 		vk = &plonk_bls24315.VerifyingKey{}
+// 	case ecc.BW6_633:
+// 		vk = &plonk_bw6633.VerifyingKey{}
+// 	default:
+// 		panic("not implemented")
+// 	}
+
+// 	return vk
+// }

go.mod

@@ -4,7 +4,7 @@ go 1.17
 
 require (
 	github.com/consensys/bavard v0.1.10
-	github.com/consensys/gnark-crypto v0.7.0
+	github.com/consensys/gnark-crypto v0.7.1-0.20220407174038-0ddd48a4d948
 	github.com/fxamacker/cbor/v2 v2.2.0
 	github.com/leanovate/gopter v0.2.9
 	github.com/rs/zerolog v1.26.1

go.sum

@@ -1,7 +1,7 @@
 github.com/consensys/bavard v0.1.10 h1:1I/IvY7bkX/O7QLNCEuV2+YBKdTetzw3gnBbvFaWiEE=
 github.com/consensys/bavard v0.1.10/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
-github.com/consensys/gnark-crypto v0.7.0 h1:rwdy8+ssmLYRqKp+ryRRgQJl/rCq2uv+n83cOydm5UE=
-github.com/consensys/gnark-crypto v0.7.0/go.mod h1:KPSuJzyxkJA8xZ/+CV47tyqkr9MmpZA3PXivK4VPrVg=
+github.com/consensys/gnark-crypto v0.7.1-0.20220407174038-0ddd48a4d948 h1:/9E4KCVhmiSK9y1wexTzvQl9bkhQ+++zwBwPi3/nDqM=
+github.com/consensys/gnark-crypto v0.7.1-0.20220407174038-0ddd48a4d948/go.mod h1:KPSuJzyxkJA8xZ/+CV47tyqkr9MmpZA3PXivK4VPrVg=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=