-
Notifications
You must be signed in to change notification settings - Fork 142
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
481d56a
commit 2a267d2
Showing
1 changed file
with
91 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,42 +1,97 @@ | ||
| # PLONK | ||
|
|
||
| *This is a pure Rust implementation of the PLONK proving system over BLS12-381* | ||
|
|
||
| _This code is highly experimental, use at your own risk_. | ||
|
|
||
| This library contains a modularised implementation of KZG10 as the default polynomial commitment scheme. | ||
|
|
||
|
|
||
| ## Example | ||
|
|
||
| The following example shows how to setup the SRS and verify whether a value is a boolean | ||
| ```rust | ||
|
|
||
| // Common View - This is information that the prover and verifier will share | ||
| // This step is usually performed with a `ceremony` or MPC | ||
| let public_parameters = SRS::setup(999, &mut rand::thread_rng()); | ||
|
|
||
| // Provers View | ||
| let (proof, public_inputs) = { | ||
| let mut composer: StandardComposer = add_dummy_composer(7); | ||
|
|
||
| // Add Statement you want to prove | ||
| let var_one = composer.add_input(Scalar::from(1)); | ||
| let var_four = composer.add_input(Scalar::from(4)); | ||
| composer.bool_gate(var_one); | ||
| composer.bool_gate(var_four); // Verification will fail due to this being four | ||
|
|
||
| // Trim the SRS to the size of the circuit | ||
| // The main reason this may fail, is if the circuit size is larger than max_degree poly you can commit to. | ||
| let (ck, _) = public_parameters.trim(composer.circuit_size().next_power_of_two()).unwrap(); | ||
|
|
||
| // Create a new Evaluation Domain | ||
| let domain = EvaluationDomain::new(composer.circuit_size()).unwrap(); | ||
|
|
||
| // Initialise Transcript | ||
| let mut transcript = Transcript::new(b""); | ||
|
|
||
| // Preprocess circuit | ||
| let preprocessed_circuit = composer.preprocess(&ck, &mut transcript, &domain); | ||
|
|
||
| // Return Proof along with any public inputs | ||
| // In a real program, the Prover and verifier will know the public inputs | ||
| ( | ||
| composer.prove(&ck, &preprocessed_circuit, &mut transcript), | ||
| composer.public_inputs, | ||
| ); | ||
|
|
||
| }; | ||
|
|
||
|
|
||
| // Verifiers View | ||
| // | ||
| let ok = { | ||
| // Verifier processes the same statement, but with random input values | ||
| let mut composer: StandardComposer = add_dummy_composer(7); | ||
| let var_a = composer.add_input(Scalar::from(Scalar::zero())); | ||
| let var_b = composer.add_input(Scalar::from(Scalar::zero())); | ||
| composer.bool_gate(var_b); | ||
| composer.bool_gate(var_a); | ||
|
|
||
| // Trim the SRS | ||
| let (ck, vk) = public_parameters.trim(composer.circuit_size().next_power_of_two()).unwrap(); | ||
|
|
||
| // Create a new Evaluation Domain | ||
| let domain = EvaluationDomain::new(composer.circuit_size()).unwrap(); | ||
|
|
||
| // Initialise transcript | ||
| let mut transcript = Transcript::new(b""); | ||
|
|
||
| // Preprocess circuit | ||
| let preprocessed_circuit = composer.preprocess(&ck, &mut transcript, &domain); | ||
|
|
||
| // Verify proof | ||
| proof.verify(&preprocessed_circuit, &mut transcript, &vk, &public_inputs) | ||
|
|
||
| }; | ||
| assert_eq!(ok, true); | ||
| ``` | ||
|
|
||
| ## Documentation | ||
|
|
||
| WIP | ||
|
|
||
| This code is highly experimental, use at your own risk. | ||
| Warning: WIP | ||
| ** This repository will contain an implementation of PLONK. This is a pure rust implementation designed by the [dusk](https://dusk.network) team ** | ||
|
|
||
| ### PLONK | ||
| PLONK is a universal and updateable zk-SNARK proving scheme. First | ||
| introduced in August by Ariel Gabizon, Zac Williamson and Oana Ciobotaru; | ||
| this proof scheme requires a trusted set but one which has an updateable | ||
| set up, which is proved only once for the entire sheme. The main advantage | ||
| for this is that multiple parties can participate and there is a | ||
| requirement that only one is honest. Additionally, the updateable feature | ||
| means that more parties can be added later - this multi party set up | ||
| leads to a consecutive participation. | ||
|
|
||
| PLONK relies upon one single polynomial commitment and these are 'kate commitments'. Additionally, PLONK uses permutation arguments where the | ||
| subgroup is evaluated. | ||
|
|
||
| Roadmap | ||
| - [x] Complete preselector polynomial calculation | ||
| - [x] Create composer for users | ||
| - [x] PSnark output 1 | ||
| - [x] PSnark output 2 | ||
| - [x] PSnark output 3 | ||
| - [x] PSnark output 4 | ||
| - [x] PSnark output 5 | ||
| - [x] Build verification functions | ||
| - [x] Implement test vectors for equation checks | ||
| - [x] Derive test vectors for arguments | ||
| - [x] Build polynomials from all wire values and derive coefficients | ||
| - [x] Generate randomness from Fiat Shamir using Merlin inputs | ||
| - [] Generate public inputs | ||
| - [x] Evaluate the z polynomial at the root of unity | ||
| - [] Add prover logic | ||
| - [] Add verifier logic | ||
| - [] Implement travis auto document | ||
| ## Performance | ||
|
|
||
| WIP | ||
|
|
||
| ## Acknowledgements | ||
| Reference implementation AztecProtocol/Barretenberg | ||
|
|
||
| - Reference implementation AztecProtocol/Barretenberg | ||
| - FFT Module and KZG10 Module were taken and modified from zexe/zcash and scipr-lab respectively. | ||
|
|
||
|
|
||
| ## About | ||
|
|
||
| Implementation designed by the [dusk](https://dusk.network) team |