ark_gm17/
lib.rs

1//! An implementation of the [`Groth-Maller`] simulation extractable zkSNARK.
2//!
3//! [`Groth-Maller`]: https://eprint.iacr.org/2017/540
4#![cfg_attr(not(feature = "std"), no_std)]
5#![deny(
6    warnings,
7    unused,
8    future_incompatible,
9    nonstandard_style,
10    rust_2018_idioms,
11    missing_docs
12)]
13#![allow(clippy::many_single_char_names, clippy::op_ref)]
14#![forbid(unsafe_code)]
15
16#[macro_use]
17extern crate ark_std;
18
19#[cfg(feature = "r1cs")]
20#[macro_use]
21extern crate derivative;
22
23/// Reduce an R1CS instance to a *Square Arithmetic Program* instance.
24pub mod r1cs_to_sap;
25
26/// Data structures used by the prover, verifier, and generator.
27pub mod data_structures;
28
29/// Generate public parameters for the GM17 zkSNARK construction.
30pub mod generator;
31
32/// Create proofs for the GM17 zkSNARK construction.
33pub mod prover;
34
35/// Verify proofs for the GM17 zkSNARK construction.
36pub mod verifier;
37
38/// Constraints for the GM17 verifier.
39#[cfg(feature = "r1cs")]
40pub mod constraints;
41
42#[cfg(test)]
43mod test;
44
45pub use self::data_structures::*;
46pub use self::{generator::*, prover::*, verifier::*};
47
48use ark_crypto_primitives::snark::{CircuitSpecificSetupSNARK, SNARK};
49use ark_ec::PairingEngine;
50use ark_relations::r1cs::{ConstraintSynthesizer, SynthesisError};
51use ark_std::marker::PhantomData;
52use ark_std::rand::RngCore;
53
54/// The SNARK of [[GrothMaller17]](https://eprint.iacr.org/2017/540).
55pub struct GM17<E: PairingEngine> {
56    e_phantom: PhantomData<E>,
57}
58
59impl<E: PairingEngine> SNARK<E::Fr> for GM17<E> {
60    type ProvingKey = ProvingKey<E>;
61    type VerifyingKey = VerifyingKey<E>;
62    type Proof = Proof<E>;
63    type ProcessedVerifyingKey = PreparedVerifyingKey<E>;
64    type Error = SynthesisError;
65
66    fn circuit_specific_setup<C: ConstraintSynthesizer<E::Fr>, R: RngCore>(
67        circuit: C,
68        rng: &mut R,
69    ) -> Result<(Self::ProvingKey, Self::VerifyingKey), Self::Error> {
70        let pk = generate_random_parameters::<E, C, R>(circuit, rng)?;
71        let vk = pk.vk.clone();
72
73        Ok((pk, vk))
74    }
75
76    fn prove<C: ConstraintSynthesizer<E::Fr>, R: RngCore>(
77        pk: &Self::ProvingKey,
78        circuit: C,
79        rng: &mut R,
80    ) -> Result<Self::Proof, Self::Error> {
81        create_random_proof::<E, _, _>(circuit, pk, rng)
82    }
83
84    fn process_vk(
85        circuit_vk: &Self::VerifyingKey,
86    ) -> Result<Self::ProcessedVerifyingKey, Self::Error> {
87        Ok(prepare_verifying_key(circuit_vk))
88    }
89
90    fn verify_with_processed_vk(
91        circuit_pvk: &Self::ProcessedVerifyingKey,
92        x: &[E::Fr],
93        proof: &Self::Proof,
94    ) -> Result<bool, Self::Error> {
95        Ok(verify_proof(&circuit_pvk, proof, &x)?)
96    }
97}
98
99impl<E: PairingEngine> CircuitSpecificSetupSNARK<E::Fr> for GM17<E> {}