diff --git a/backend/plonk/bls12-377/marshal.go b/backend/plonk/bls12-377/marshal.go index 7446ed3377..cb66671f4d 100644 --- a/backend/plonk/bls12-377/marshal.go +++ b/backend/plonk/bls12-377/marshal.go @@ -209,6 +209,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -226,6 +235,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -255,6 +265,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/backend/plonk/bls12-377/marshal_test.go b/backend/plonk/bls12-377/marshal_test.go index a7798ea87b..bc928b6749 100644 --- a/backend/plonk/bls12-377/marshal_test.go +++ b/backend/plonk/bls12-377/marshal_test.go @@ -152,6 +152,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint() diff --git a/backend/plonk/bls12-377/setup.go b/backend/plonk/bls12-377/setup.go index 5b84129c1b..395f688f77 100644 --- a/backend/plonk/bls12-377/setup.go +++ b/backend/plonk/bls12-377/setup.go @@ -23,7 +23,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/iop" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/kzg" - "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/constraint/bls12-377" kzgg "github.com/consensys/gnark-crypto/kzg" @@ -76,7 +75,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -122,7 +121,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/backend/plonk/bls12-377/verify.go b/backend/plonk/bls12-377/verify.go index 65c7881cf6..e09e4fc440 100644 --- a/backend/plonk/bls12-377/verify.go +++ b/backend/plonk/bls12-377/verify.go @@ -110,15 +110,15 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). diff --git a/backend/plonk/bls12-381/marshal.go b/backend/plonk/bls12-381/marshal.go index d2a7af9e91..20501d04fe 100644 --- a/backend/plonk/bls12-381/marshal.go +++ b/backend/plonk/bls12-381/marshal.go @@ -209,6 +209,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -226,6 +235,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -255,6 +265,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/backend/plonk/bls12-381/marshal_test.go b/backend/plonk/bls12-381/marshal_test.go index cbefa637ad..6c86955b9f 100644 --- a/backend/plonk/bls12-381/marshal_test.go +++ b/backend/plonk/bls12-381/marshal_test.go @@ -152,6 +152,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint() diff --git a/backend/plonk/bls12-381/setup.go b/backend/plonk/bls12-381/setup.go index 229b43b649..74ea66bafa 100644 --- a/backend/plonk/bls12-381/setup.go +++ b/backend/plonk/bls12-381/setup.go @@ -23,7 +23,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/iop" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/kzg" - "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/constraint/bls12-381" kzgg "github.com/consensys/gnark-crypto/kzg" @@ -76,7 +75,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -122,7 +121,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/backend/plonk/bls12-381/verify.go b/backend/plonk/bls12-381/verify.go index 92d6451ab9..bf90d086ec 100644 --- a/backend/plonk/bls12-381/verify.go +++ b/backend/plonk/bls12-381/verify.go @@ -110,15 +110,15 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). diff --git a/backend/plonk/bls24-315/marshal.go b/backend/plonk/bls24-315/marshal.go index bc9333bc74..1327d8f7fe 100644 --- a/backend/plonk/bls24-315/marshal.go +++ b/backend/plonk/bls24-315/marshal.go @@ -209,6 +209,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -226,6 +235,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -255,6 +265,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/backend/plonk/bls24-315/marshal_test.go b/backend/plonk/bls24-315/marshal_test.go index e3505822d7..bb4272dbee 100644 --- a/backend/plonk/bls24-315/marshal_test.go +++ b/backend/plonk/bls24-315/marshal_test.go @@ -152,6 +152,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint() diff --git a/backend/plonk/bls24-315/setup.go b/backend/plonk/bls24-315/setup.go index 0de7425e02..6739872eaf 100644 --- a/backend/plonk/bls24-315/setup.go +++ b/backend/plonk/bls24-315/setup.go @@ -23,7 +23,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/iop" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/kzg" - "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/constraint/bls24-315" kzgg "github.com/consensys/gnark-crypto/kzg" @@ -76,7 +75,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -122,7 +121,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/backend/plonk/bls24-315/verify.go b/backend/plonk/bls24-315/verify.go index ca0b800e58..949886d86e 100644 --- a/backend/plonk/bls24-315/verify.go +++ b/backend/plonk/bls24-315/verify.go @@ -110,15 +110,15 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). diff --git a/backend/plonk/bls24-317/marshal.go b/backend/plonk/bls24-317/marshal.go index d7742ca1e5..37d019db78 100644 --- a/backend/plonk/bls24-317/marshal.go +++ b/backend/plonk/bls24-317/marshal.go @@ -209,6 +209,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -226,6 +235,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -255,6 +265,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/backend/plonk/bls24-317/marshal_test.go b/backend/plonk/bls24-317/marshal_test.go index c8cb87e43f..2c40412336 100644 --- a/backend/plonk/bls24-317/marshal_test.go +++ b/backend/plonk/bls24-317/marshal_test.go @@ -152,6 +152,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint() diff --git a/backend/plonk/bls24-317/setup.go b/backend/plonk/bls24-317/setup.go index 391b8595b1..f8c102c819 100644 --- a/backend/plonk/bls24-317/setup.go +++ b/backend/plonk/bls24-317/setup.go @@ -23,7 +23,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/iop" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/kzg" - "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/constraint/bls24-317" kzgg "github.com/consensys/gnark-crypto/kzg" @@ -76,7 +75,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -122,7 +121,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/backend/plonk/bls24-317/verify.go b/backend/plonk/bls24-317/verify.go index aecdd94022..a7852295fb 100644 --- a/backend/plonk/bls24-317/verify.go +++ b/backend/plonk/bls24-317/verify.go @@ -110,15 +110,15 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). diff --git a/backend/plonk/bn254/marshal.go b/backend/plonk/bn254/marshal.go index dcd81bd10d..ec0009eb93 100644 --- a/backend/plonk/bn254/marshal.go +++ b/backend/plonk/bn254/marshal.go @@ -209,6 +209,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -226,6 +235,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -255,6 +265,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/backend/plonk/bn254/marshal_test.go b/backend/plonk/bn254/marshal_test.go index 3f35b03010..0d82de6274 100644 --- a/backend/plonk/bn254/marshal_test.go +++ b/backend/plonk/bn254/marshal_test.go @@ -152,6 +152,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint() diff --git a/backend/plonk/bn254/setup.go b/backend/plonk/bn254/setup.go index a4648d7ce0..bb7b80372c 100644 --- a/backend/plonk/bn254/setup.go +++ b/backend/plonk/bn254/setup.go @@ -23,7 +23,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr/fft" "github.com/consensys/gnark-crypto/ecc/bn254/fr/iop" "github.com/consensys/gnark-crypto/ecc/bn254/fr/kzg" - "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/constraint/bn254" kzgg "github.com/consensys/gnark-crypto/kzg" @@ -76,7 +75,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -122,7 +121,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/backend/plonk/bn254/verify.go b/backend/plonk/bn254/verify.go index 1785fa23d0..db685c866c 100644 --- a/backend/plonk/bn254/verify.go +++ b/backend/plonk/bn254/verify.go @@ -112,15 +112,15 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). diff --git a/backend/plonk/bw6-633/marshal.go b/backend/plonk/bw6-633/marshal.go index 043b319cd3..1c9295df91 100644 --- a/backend/plonk/bw6-633/marshal.go +++ b/backend/plonk/bw6-633/marshal.go @@ -209,6 +209,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -226,6 +235,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -255,6 +265,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/backend/plonk/bw6-633/marshal_test.go b/backend/plonk/bw6-633/marshal_test.go index 4fa947d977..04f36f8945 100644 --- a/backend/plonk/bw6-633/marshal_test.go +++ b/backend/plonk/bw6-633/marshal_test.go @@ -152,6 +152,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint() diff --git a/backend/plonk/bw6-633/setup.go b/backend/plonk/bw6-633/setup.go index ad0a65d154..4ec615fdb4 100644 --- a/backend/plonk/bw6-633/setup.go +++ b/backend/plonk/bw6-633/setup.go @@ -23,7 +23,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/fft" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/iop" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/kzg" - "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/constraint/bw6-633" kzgg "github.com/consensys/gnark-crypto/kzg" @@ -76,7 +75,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -122,7 +121,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/backend/plonk/bw6-633/verify.go b/backend/plonk/bw6-633/verify.go index bd0cb0e853..411501c99d 100644 --- a/backend/plonk/bw6-633/verify.go +++ b/backend/plonk/bw6-633/verify.go @@ -110,15 +110,15 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). diff --git a/backend/plonk/bw6-761/marshal.go b/backend/plonk/bw6-761/marshal.go index 4cc8845a3f..2cc4c5e3fe 100644 --- a/backend/plonk/bw6-761/marshal.go +++ b/backend/plonk/bw6-761/marshal.go @@ -209,6 +209,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -226,6 +235,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -255,6 +265,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/backend/plonk/bw6-761/marshal_test.go b/backend/plonk/bw6-761/marshal_test.go index a1228f4513..18e553b256 100644 --- a/backend/plonk/bw6-761/marshal_test.go +++ b/backend/plonk/bw6-761/marshal_test.go @@ -152,6 +152,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint() diff --git a/backend/plonk/bw6-761/setup.go b/backend/plonk/bw6-761/setup.go index 7135a1108d..4ec96d46be 100644 --- a/backend/plonk/bw6-761/setup.go +++ b/backend/plonk/bw6-761/setup.go @@ -23,7 +23,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/fft" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/iop" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/kzg" - "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/constraint/bw6-761" kzgg "github.com/consensys/gnark-crypto/kzg" @@ -76,7 +75,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -122,7 +121,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/backend/plonk/bw6-761/verify.go b/backend/plonk/bw6-761/verify.go index 71fa48eacb..6a5dd4a7e5 100644 --- a/backend/plonk/bw6-761/verify.go +++ b/backend/plonk/bw6-761/verify.go @@ -110,15 +110,15 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). diff --git a/go.mod b/go.mod index 5a9e32610b..196602a5bd 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/bits-and-blooms/bitset v1.5.0 github.com/blang/semver/v4 v4.0.0 github.com/consensys/bavard v0.1.13 - github.com/consensys/gnark-crypto v0.9.2-0.20230329155745-a57dcc3b53de + github.com/consensys/gnark-crypto v0.10.1-0.20230409144652-f385aa74853e github.com/fxamacker/cbor/v2 v2.4.0 github.com/google/go-cmp v0.5.9 github.com/google/pprof v0.0.0-20230309165930-d61513b1440d diff --git a/go.sum b/go.sum index aa7606bed0..6acc9ebf91 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,8 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ= github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI= -github.com/consensys/gnark-crypto v0.9.2-0.20230329155745-a57dcc3b53de h1:W5lRxU8Rk8CDLHMTeyNst0VESbcU5RZ3U1TS9MNGgCQ= -github.com/consensys/gnark-crypto v0.9.2-0.20230329155745-a57dcc3b53de/go.mod h1:Iq/P3HHl0ElSjsg2E1gsMwhAyxnxoKK5nVyZKd+/KhU= +github.com/consensys/gnark-crypto v0.10.1-0.20230409144652-f385aa74853e h1:Ot7heRTeRrEy1t/MB0wCxNmCADSCE2yCewrq8z0IZBo= +github.com/consensys/gnark-crypto v0.10.1-0.20230409144652-f385aa74853e/go.mod h1:Iq/P3HHl0ElSjsg2E1gsMwhAyxnxoKK5nVyZKd+/KhU= github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.marshal.go.tmpl index 60a5a02cdf..49efb30461 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.marshal.go.tmpl @@ -190,6 +190,15 @@ func (pk *ProvingKey) ReadFrom(r io.Reader) (int64, error) { // WriteTo writes binary encoding of VerifyingKey to w func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { + return vk.writeTo(w) +} + +// WriteRawTo writes binary encoding of VerifyingKey to w without point compression +func (vk *VerifyingKey) WriteRawTo(w io.Writer) (int64, error) { + return vk.writeTo(w, curve.RawEncoding()) +} + +func (vk *VerifyingKey) writeTo(w io.Writer, options ...func(*curve.Encoder)) (n int64, err error) { enc := curve.NewEncoder(w) toEncode := []interface{}{ @@ -207,6 +216,7 @@ func (vk *VerifyingKey) WriteTo(w io.Writer) (n int64, err error) { &vk.Qo, &vk.Qk, &vk.Qcp, + vk.CommitmentConstraintIndexes, } for _, v := range toEncode { @@ -236,6 +246,7 @@ func (vk *VerifyingKey) ReadFrom(r io.Reader) (int64, error) { &vk.Qo, &vk.Qk, &vk.Qcp, + &vk.CommitmentConstraintIndexes, } for _, v := range toDecode { diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.setup.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.setup.go.tmpl index 233b89c076..7b03b94c32 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.setup.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.setup.go.tmpl @@ -3,7 +3,6 @@ import ( {{- template "import_kzg" . }} {{- template "import_fr" . }} {{- template "import_fft" . }} - "github.com/consensys/gnark/constraint" {{- template "import_backend_cs" . }} "github.com/consensys/gnark-crypto/ecc/{{toLower .Curve}}/fr/iop" "github.com/consensys/gnark-crypto/ecc" @@ -58,7 +57,7 @@ type VerifyingKey struct { // In particular Qk is not complete. Ql, Qr, Qm, Qo, Qk, Qcp kzg.Digest - CommitmentInfo constraint.Commitment + CommitmentConstraintIndexes []uint64 } // ProvingKey stores the data needed to generate a proof: @@ -104,7 +103,9 @@ func Setup(spr *cs.SparseR1CS, srs *kzg.SRS) (*ProvingKey, *VerifyingKey, error) var pk ProvingKey var vk VerifyingKey pk.Vk = &vk - vk.CommitmentInfo = spr.CommitmentInfo + if spr.CommitmentInfo.Is() { + vk.CommitmentConstraintIndexes = []uint64{uint64(spr.CommitmentInfo.CommitmentIndex)} + } // nbConstraints := len(spr.Constraints) // step 0: set the fft domains diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl index c6823ec6c5..4970f37113 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl @@ -91,22 +91,22 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness fr.Vector) error { } } - if vk.CommitmentInfo.Is() { - var hashRes []fr.Element + for i := range vk.CommitmentConstraintIndexes { + var hashRes []fr.Element // TODO: when multi commits are implemented: PI2 -> PI2[i] if hashRes, err = fr.Hash(proof.PI2.Marshal(), []byte("BSB22-Plonk"), 1); err != nil { return err } // Computing L_{CommitmentIndex} - wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentInfo.CommitmentIndex))) + wPowI.Exp(vk.Generator, big.NewInt(int64(vk.NbPublicVariables)+int64(vk.CommitmentConstraintIndexes[i]))) den.Sub(&zeta, &wPowI) // ζ-wⁱ lagrange.SetOne(). - Sub(&zeta, &lagrange). // ζ-1 - Mul(&lagrange, &wPowI). // wⁱ(ζ-1) - Div(&lagrange, &den). // wⁱ(ζ-1)/(ζ-wⁱ) - Mul(&lagrange, &lagrangeOne) // wⁱ/n (ζⁿ-1)/(ζ-wⁱ) + Sub(&zeta, &lagrange). // ζ-1 + Mul(&lagrange, &wPowI). // wⁱ(ζ-1) + Div(&lagrange, &den). // wⁱ(ζ-1)/(ζ-wⁱ) + Mul(&lagrange, &lagrangeOne) // wⁱ/n (ζⁿ-1)/(ζ-wⁱ) xiLi.Mul(&lagrange, &hashRes[0]) pi.Add(&pi, &xiLi) diff --git a/internal/generator/backend/template/zkpschemes/plonk/tests/marshal.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/tests/marshal.go.tmpl index f1ef42add9..63d96b40f0 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/tests/marshal.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/tests/marshal.go.tmpl @@ -133,6 +133,7 @@ func (vk *VerifyingKey) randomize() { vk.SizeInv.SetRandom() vk.Generator.SetRandom() vk.NbPublicVariables = rand.Uint64() + vk.CommitmentConstraintIndexes = []uint64{rand.Uint64()} vk.CosetShift.SetRandom() vk.S[0] = randomPoint()