Merge branch 'master' into blinding

CHANGELOG.md

@@ -7,12 +7,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
-### Added
-
 ### Changed
 
 - Change variable names for more consistency with the paper [#631](https://github.com/dusk-network/plonk/issues/631)
 
+## [0.10.0] - 24-02-22
+
+## Changed
+
+- Update canonical and canonical-derive to 0.7 [#666](https://github.com/dusk-network/plonk/pull/666)
+- Update dusk-bls12_381 to 0.9 [#666](https://github.com/dusk-network/plonk/pull/666)
+- Update jubjub to 0.11 [#666](https://github.com/dusk-network/plonk/pull/666)
+- Update rust edition to 2021 [#667](https://github.com/dusk-network/plonk/pull/667)
+
+## [0.9.2] - 06-01-22
+
+### Added
+
+- Add `circuit::verify` to `Circuit` module. [#656](https://github.com/dusk-network/plonk/pull/656)
+
+## [0.9.1] - 05-01-22
+
+### Added
+
+- Add support for rendering LaTeX in the docs [#630](https://github.com/dusk-network/plonk/pull/630)
+- Add `append_public_witness` to `TurboComposer`. [#654](https://github.com/dusk-network/plonk/issues/654)
+
 ## [0.9.0] - 10-11-21
 
 ### Added
@@ -211,7 +231,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - dusk-bls12_381 update to `v0.1.5`
 - dusk-jubjub update to `v0.3.10`
-- Fixes #311 - big_mul and big_mul_gate documentation nit.
+- Fixes [#311](https://github.com/dusk-network/plonk/issues/311) - big_mul and big_mul_gate documentation nit.
 
 ## [0.3.1] - 05-10-20
 
@@ -223,7 +243,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- `Circuit` trait API & usability improvements (#313)
+- `Circuit` trait API & usability improvements [#313](https://github.com/dusk-network/plonk/issues/313)
 
 ## [0.2.11] - 29-09-20
 
@@ -283,7 +303,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - `add_witness_to_circuit_description` requires now just to send
   a `Scalar` and returns a constant & constrained witness `Variable`.
-- Update `add_witness_to_circuit_description` fn sig (#282, #284)
+- Update `add_witness_to_circuit_description` fn sig [#282](https://github.com/dusk-network/plonk/issues/282), [#284](https://github.com/dusk-network/plonk/issues/284)
 - dusk-jubjub version updated to 0.3.6
 - `ecc::scalar_mul` now named fixed_base_scalar_mul
 
@@ -369,3 +389,39 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - KZG10 polynomial commitment scheme implementation.
 - fft module with Polynomial ops implemented.
 - Proof system module.
+
+<!-- VERSIONS -->
+[unreleased]: https://github.com/dusk-network/plonk/compare/v0.10.0...HEAD
+[0.10.0]: https://github.com/dusk-network/plonk/compare/v0.9.2...v0.10.0
+[0.9.2]: https://github.com/dusk-network/plonk/compare/v0.9.1...v0.9.2
+[0.9.1]: https://github.com/dusk-network/plonk/compare/v0.9.0...v0.9.1
+[0.9.0]: https://github.com/dusk-network/plonk/compare/v0.8.2...v0.9.0
+[0.8.2]: https://github.com/dusk-network/plonk/compare/v0.8.1...v0.8.2
+[0.8.1]: https://github.com/dusk-network/plonk/compare/v0.8.0...v0.8.1
+[0.8.0]: https://github.com/dusk-network/plonk/compare/v0.7.0...v0.8.0
+[0.7.0]: https://github.com/dusk-network/plonk/compare/v0.6.1...v0.7.0
+[0.6.1]: https://github.com/dusk-network/plonk/compare/v0.6.0...v0.6.1
+[0.6.0]: https://github.com/dusk-network/plonk/compare/v0.5.1...v0.6.0
+[0.5.1]: https://github.com/dusk-network/plonk/compare/v0.5.0...v0.5.1
+[0.5.0]: https://github.com/dusk-network/plonk/compare/v0.4.0...v0.5.0
+[0.4.0]: https://github.com/dusk-network/plonk/compare/v0.3.6...v0.4.0
+[0.3.6]: https://github.com/dusk-network/plonk/compare/v0.3.5...v0.3.6
+[0.3.5]: https://github.com/dusk-network/plonk/compare/v0.3.4...v0.3.5
+[0.3.4]: https://github.com/dusk-network/plonk/compare/v0.3.3...v0.3.4
+[0.3.3]: https://github.com/dusk-network/plonk/compare/v0.3.2...v0.3.3
+[0.3.2]: https://github.com/dusk-network/plonk/compare/v0.3.1...v0.3.2
+[0.3.1]: https://github.com/dusk-network/plonk/compare/v0.3.0...v0.3.1
+[0.3.0]: https://github.com/dusk-network/plonk/compare/v0.2.11...v0.3.0
+[0.2.11]: https://github.com/dusk-network/plonk/compare/v0.2.10...v0.2.11
+[0.2.10]: https://github.com/dusk-network/plonk/compare/v0.2.9...v0.2.10
+[0.2.9]: https://github.com/dusk-network/plonk/compare/v0.2.8...v0.2.9
+[0.2.8]: https://github.com/dusk-network/plonk/compare/v0.2.7...v0.2.8
+[0.2.7]: https://github.com/dusk-network/plonk/compare/v0.2.6...v0.2.7
+[0.2.6]: https://github.com/dusk-network/plonk/compare/v0.2.5...v0.2.6
+[0.2.5]: https://github.com/dusk-network/plonk/compare/v0.2.4...v0.2.5
+[0.2.4]: https://github.com/dusk-network/plonk/compare/v0.2.3...v0.2.4
+[0.2.3]: https://github.com/dusk-network/plonk/compare/v0.2.2...v0.2.3
+[0.2.2]: https://github.com/dusk-network/plonk/compare/v0.2.1...v0.2.2
+[0.2.1]: https://github.com/dusk-network/plonk/compare/v0.2.0...v0.2.1
+[0.2.0]: https://github.com/dusk-network/plonk/compare/v0.1.0...v0.2.0
+[0.1.0]: https://github.com/dusk-network/plonk/releases/tag/v0.1.0

Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "dusk-plonk"
-version = "0.9.0"
-categories =["algorithms", "cryptography", "science"]
-edition = "2018"
+version = "0.10.0"
+categories =["algorithms", "cryptography", "science", "mathematics"]
+edition = "2021"
 keywords = ["cryptography", "plonk", "zk-snarks", "zero-knowledge", "crypto"]
 license = "MPL-2.0"
 repository = "https://github.com/dusk-network/plonk"
@@ -20,15 +20,15 @@ exclude = [
 merlin = {version = "3.0", default-features = false}
 rand_core = {version="0.6", default-features=false}
 dusk-bytes = "0.1"
-dusk-bls12_381 = {version = "0.8", default-features = false, features = ["groups", "pairings", "endo"]}
-dusk-jubjub = {version = "0.10", default-features = false}
+dusk-bls12_381 = {version = "0.9", default-features = false, features = ["groups", "pairings", "endo"]}
+dusk-jubjub = {version = "0.11", default-features = false}
 itertools = {version = "0.9", default-features = false}
 hashbrown = {version = "0.9", default-features=false, features = ["ahash"]}
 rayon = {version = "1.3", optional = true}
 cfg-if = "1.0"
 # Dusk related deps for WASMI serde
-canonical = {version = "0.6", optional = true}
-canonical_derive = {version = "0.6", optional = true}
+canonical = {version = "0.7", optional = true}
+canonical_derive = {version = "0.7", optional = true}
 
 [dev-dependencies]
 criterion = "0.3"

README.md

@@ -6,7 +6,12 @@
 
 _This is a pure Rust implementation of the PLONK proving system over BLS12-381_
 
-This library contains a modularized implementation of KZG10 as the default polynomial commitment scheme.
+
+This library contains a modularised implementation of KZG10 as the default
+polynomial commitment scheme.
+
+**DISCLAIMER**: This library is currently unstable and still needs to go through
+an exhaustive security analysis. Use at your own risk.
 
 ## Usage
 

rust-toolchain

@@ -1 +1 @@
-nightly-2021-10-28
+nightly-2021-10-28

src/circuit.rs

@@ -319,27 +319,13 @@ where
         public_inputs: &[PublicInputValue],
         transcript_init: &'static [u8],
     ) -> Result<(), Error> {
-        let gates = verifier_data.key().padded_gates();
-        let pi_indexes = verifier_data.public_inputs_indexes();
-
-        let mut dense_pi = vec![BlsScalar::zero(); gates];
-
-        public_inputs
-            .iter()
-            .map(|pi| pi.0.clone())
-            .flatten()
-            .zip(pi_indexes.iter().cloned())
-            .for_each(|(value, pos)| {
-                dense_pi[pos] = -value;
-            });
-
-        let mut verifier = Verifier::new(transcript_init);
-
-        verifier.verifier_key.replace(*verifier_data.key());
-
-        let opening_key = pub_params.opening_key();
-
-        verifier.verify(proof, opening_key, &dense_pi)
+        verify(
+            pub_params,
+            verifier_data,
+            proof,
+            public_inputs,
+            transcript_init,
+        )
     }
 
     /// Return the list of public inputs generated by the gadget
@@ -348,3 +334,34 @@ where
     /// Returns the Circuit size padded to the next power of two.
     fn padded_gates(&self) -> usize;
 }
+
+/// Verify the provided proof for the compiled verifier data
+pub fn verify(
+    pub_params: &PublicParameters,
+    verifier_data: &VerifierData,
+    proof: &Proof,
+    public_inputs: &[PublicInputValue],
+    transcript_init: &'static [u8],
+) -> Result<(), Error> {
+    let gates = verifier_data.key().padded_gates();
+    let pi_indexes = verifier_data.public_inputs_indexes();
+
+    let mut dense_pi = vec![BlsScalar::zero(); gates];
+
+    public_inputs
+        .iter()
+        .map(|pi| pi.0.clone())
+        .flatten()
+        .zip(pi_indexes.iter().cloned())
+        .for_each(|(value, pos)| {
+            dense_pi[pos] = -value;
+        });
+
+    let mut verifier = Verifier::new(transcript_init);
+
+    verifier.verifier_key.replace(*verifier_data.key());
+
+    let opening_key = pub_params.opening_key();
+
+    verifier.verify(proof, opening_key, &dense_pi)
+}

src/constraint_system/composer.rs

@@ -244,6 +244,21 @@ impl TurboComposer {
         var
     }
 
+    /// Allocate a witness value into the composer and return its index.
+    ///
+    /// Create a public input with the scalar
+    pub fn append_public_witness<T: Into<BlsScalar>>(
+        &mut self,
+        scalar: T,
+    ) -> Witness {
+        let scalar = scalar.into();
+        let witness = self.append_witness(scalar);
+
+        self.assert_equal_constant(witness, 0, Some(-scalar));
+
+        witness
+    }
+
     /// Adds a width-4 poly gate.
     ///
     /// The final constraint added will enforce the following:
@@ -303,12 +318,13 @@ impl TurboComposer {
     /// Constrain `a` to be equal to `constant + pi`.
     ///
     /// `constant` will be defined as part of the public circuit description.
-    pub fn assert_equal_constant(
+    pub fn assert_equal_constant<C: Into<BlsScalar>>(
         &mut self,
         a: Witness,
-        constant: BlsScalar,
+        constant: C,
         pi: Option<BlsScalar>,
     ) {
+        let constant = constant.into();
         let constraint = Constraint::new().left(1).constant(-constant).a(a);
 
         // TODO maybe accept `Constraint` instead of `Option<Scalar>`?

src/proof_system/widget.rs

@@ -262,54 +262,59 @@ pub(crate) mod alloc {
     }
 
     impl ProverKey {
-        /// Returns the number of [`Polynomial`]s contained in a ProverKey.
-        const fn num_polys() -> usize {
-            15
-        }
-
-        /// Returns the number of [`MultiSet`]s contained in a ProverKey.
-        const fn num_multiset() -> usize {
-            // FIXME https://github.com/dusk-network/plonk/issues/581
-            4
-        }
-
-        /// Returns the number of [`Evaluations`] contained in a ProverKey.
-        const fn num_evals() -> usize {
-            21
+        /// Returns the size of the ProverKey for serialization.
+        ///
+        /// Note:
+        /// Duplicate polynomials of the ProverKey (e.g. `q_l`, `q_r` and `q_c`)
+        /// are only counted once.
+        fn serialization_size(&self) -> usize {
+            // Fetch size in bytes of each Polynomial
+            let poly_size = self.arithmetic.q_m.0.len() * BlsScalar::SIZE;
+            // Fetch size in bytes of each Evaluations
+            let eval_size = self.arithmetic.q_m.1.evals.len() * BlsScalar::SIZE
+                + EvaluationDomain::SIZE;
+            // Fetch size in bytes of each Multiset
+            let multiset_size =
+                self.lookup.table_1.0 .0.len() * BlsScalar::SIZE;
+
+            // The amount of distinct polynomials in `ProverKey`
+            // 7 (arithmetic) + 1 (logic) + 1 (range) + 1 (fixed_base)
+            // + 1 (variable_base) + 5 (lookup) + 4 (permutation)
+            let poly_num = 20;
+
+            // The amount of distinct evaluations in `ProverKey`
+            // 20 (poly_num) + 1 (permutation) + 1 (v_h_coset_4n)
+            let eval_num = 22;
+
+            // The amount of multisets in `ProverKey`
+            // 4 (lookup)
+            let multiset_num = 4;
+
+            // The amount of i64 in `ProverKey`
+            // 1 (self.n) + 1 (eval_size) + 20 (poly_num) + 4 (multiset_num)
+            let i64_num = 26;
+
+            // Calculate the amount of bytes needed to serialize `ProverKey`
+            poly_size * poly_num
+                + eval_size * eval_num
+                + multiset_size * multiset_num
+                + u64::SIZE * i64_num
         }
 
         /// Serializes a [`ProverKey`] struct into a Vec of bytes.
         #[allow(unused_must_use)]
         pub fn to_var_bytes(&self) -> Vec<u8> {
             use dusk_bytes::Write;
-            // Fetch size in bytes of each Polynomial
-            let poly_size = self.arithmetic.q_m.0.len() * BlsScalar::SIZE;
-            // Fetch size in bytes of each Evaluations
-            let evals_size = self.arithmetic.q_m.1.evals.len()
-                * BlsScalar::SIZE
+            let size = self.serialization_size();
+            let eval_size = self.arithmetic.q_m.1.evals.len() * BlsScalar::SIZE
                 + EvaluationDomain::SIZE;
 
-            // Fetch size in bytes of each MultiSet combo: (MultiSet,
-            // Polynomial, Evaluations)
-            let multiset_size = self.lookup.table_1.0 .0.len()
-                * BlsScalar::SIZE
-                + poly_size
-                + evals_size;
-
-            // Create the vec with the capacity counting the 3 u64's plus the 15
-            // Polys and the 17 Evaluations.
-            let mut bytes = vec![
-                0u8;
-                (Self::num_polys() * poly_size
-                    + evals_size * Self::num_evals()
-                    + multiset_size * Self::num_multiset()
-                    + 17 * u64::SIZE) as usize
-            ];
+            let mut bytes = vec![0u8; size];
 
             let mut writer = &mut bytes[..];
             writer.write(&(self.n as u64).to_bytes());
             // Write Evaluation len in bytes.
-            writer.write(&(evals_size as u64).to_bytes());
+            writer.write(&(eval_size as u64).to_bytes());
 
             // Arithmetic
             writer.write(&(self.arithmetic.q_m.0.len() as u64).to_bytes());