Merge pull request #3 from zcash/final-changes

Final libsnark API changes

src/algebra/fields/fp.tcc

@@ -712,7 +712,7 @@ Fp_model<n,modulus> Fp_model<n,modulus>::sqrt() const
     Fp_model<n,modulus> x = (*this) * w;
     Fp_model<n,modulus> b = x * w; // b = (*this)^t
 
-#if DEBUG
+
     // check if square with euler's criterion
     Fp_model<n,modulus> check = b;
     for (size_t i = 0; i < v-1; ++i)
@@ -723,7 +723,7 @@ Fp_model<n,modulus> Fp_model<n,modulus>::sqrt() const
     {
         assert_except(0);
     }
-#endif
+
 
     // compute square root with Tonelli--Shanks
     // (does not terminate if not a square!)

src/algebra/fields/fp2.tcc

@@ -153,7 +153,7 @@ Fp2_model<n,modulus> Fp2_model<n,modulus>::sqrt() const
     Fp2_model<n,modulus> x = (*this) * w;
     Fp2_model<n,modulus> b = x * w; // b = (*this)^t
 
-#if DEBUG
+
     // check if square with euler's criterion
     Fp2_model<n,modulus> check = b;
     for (size_t i = 0; i < v-1; ++i)
@@ -162,9 +162,9 @@ Fp2_model<n,modulus> Fp2_model<n,modulus>::sqrt() const
     }
     if (check != one)
     {
-        assert(0);
+        assert_except(0);
     }
-#endif
+
 
     // compute square root with Tonelli--Shanks
     // (does not terminate if not a square!)

src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp

@@ -370,6 +370,19 @@ class r1cs_ppzksnark_proof {
 template<typename ppT>
 r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs);
 
+template<typename ppT>
+r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(
+    const r1cs_ppzksnark_constraint_system<ppT> &cs,
+    const Fr<ppT>& t,
+    const Fr<ppT>& alphaA,
+    const Fr<ppT>& alphaB,
+    const Fr<ppT>& alphaC,
+    const Fr<ppT>& rA,
+    const Fr<ppT>& rB,
+    const Fr<ppT>& beta,
+    const Fr<ppT>& gamma
+);
+
 /**
  * A prover algorithm for the R1CS ppzkSNARK.
  *

src/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.tcc

@@ -233,16 +233,40 @@ r1cs_ppzksnark_verification_key<ppT> r1cs_ppzksnark_verification_key<ppT>::dummy
 
 template <typename ppT>
 r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constraint_system<ppT> &cs)
+{
+    /* draw random element at which the QAP is evaluated */
+    const  Fr<ppT> t = Fr<ppT>::random_element();
+
+    const  Fr<ppT> alphaA = Fr<ppT>::random_element(),
+        alphaB = Fr<ppT>::random_element(),
+        alphaC = Fr<ppT>::random_element(),
+        rA = Fr<ppT>::random_element(),
+        rB = Fr<ppT>::random_element(),
+        beta = Fr<ppT>::random_element(),
+        gamma = Fr<ppT>::random_element();
+
+    return r1cs_ppzksnark_generator<ppT>(cs, t, alphaA, alphaB, alphaC, rA, rB, beta, gamma);
+}
+
+template <typename ppT>
+r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(
+    const r1cs_ppzksnark_constraint_system<ppT> &cs,
+    const Fr<ppT>& t,
+    const Fr<ppT>& alphaA,
+    const Fr<ppT>& alphaB,
+    const Fr<ppT>& alphaC,
+    const Fr<ppT>& rA,
+    const Fr<ppT>& rB,
+    const Fr<ppT>& beta,
+    const Fr<ppT>& gamma
+)
 {
     enter_block("Call to r1cs_ppzksnark_generator");
 
     /* make the B_query "lighter" if possible */
     r1cs_ppzksnark_constraint_system<ppT> cs_copy(cs);
     cs_copy.swap_AB_if_beneficial();
 
-    /* draw random element at which the QAP is evaluated */
-    const  Fr<ppT> t = Fr<ppT>::random_element();
-
     qap_instance_evaluation<Fr<ppT> > qap_inst = r1cs_to_qap_instance_map_with_evaluation(cs_copy, t);
 
     print_indent(); printf("* QAP number of variables: %zu\n", qap_inst.num_variables());
@@ -286,13 +310,6 @@ r1cs_ppzksnark_keypair<ppT> r1cs_ppzksnark_generator(const r1cs_ppzksnark_constr
     Bt.emplace_back(qap_inst.Zt);
     Ct.emplace_back(qap_inst.Zt);
 
-    const  Fr<ppT> alphaA = Fr<ppT>::random_element(),
-        alphaB = Fr<ppT>::random_element(),
-        alphaC = Fr<ppT>::random_element(),
-        rA = Fr<ppT>::random_element(),
-        rB = Fr<ppT>::random_element(),
-        beta = Fr<ppT>::random_element(),
-        gamma = Fr<ppT>::random_element();
     const Fr<ppT>      rC = rA * rB;
 
     // consrtuct the same-coefficient-check query (must happen before zeroing out the prefix of At)