ark_groth16/
data_structures.rs

1use ark_crypto_primitives::sponge::Absorb;
2use ark_ec::pairing::Pairing;
3use ark_ff::PrimeField;
4use ark_serialize::*;
5use ark_std::vec::Vec;
6
7/// A proof in the Groth16 SNARK.
8#[derive(Clone, Debug, PartialEq, CanonicalSerialize, CanonicalDeserialize)]
9pub struct Proof<E: Pairing> {
10    /// The `A` element in `G1`.
11    pub a: E::G1Affine,
12    /// The `B` element in `G2`.
13    pub b: E::G2Affine,
14    /// The `C` element in `G1`.
15    pub c: E::G1Affine,
16}
17
18impl<E: Pairing> Default for Proof<E> {
19    fn default() -> Self {
20        Self {
21            a: E::G1Affine::default(),
22            b: E::G2Affine::default(),
23            c: E::G1Affine::default(),
24        }
25    }
26}
27
28////////////////////////////////////////////////////////////////////////////////
29
30/// A verification key in the Groth16 SNARK.
31#[derive(Clone, Debug, PartialEq, CanonicalSerialize, CanonicalDeserialize)]
32pub struct VerifyingKey<E: Pairing> {
33    /// The `alpha * G`, where `G` is the generator of `E::G1`.
34    pub alpha_g1: E::G1Affine,
35    /// The `alpha * H`, where `H` is the generator of `E::G2`.
36    pub beta_g2: E::G2Affine,
37    /// The `gamma * H`, where `H` is the generator of `E::G2`.
38    pub gamma_g2: E::G2Affine,
39    /// The `delta * H`, where `H` is the generator of `E::G2`.
40    pub delta_g2: E::G2Affine,
41    /// The `gamma^{-1} * (beta * a_i + alpha * b_i + c_i) * H`, where `H` is
42    /// the generator of `E::G1`.
43    pub gamma_abc_g1: Vec<E::G1Affine>,
44}
45
46impl<E: Pairing> Default for VerifyingKey<E> {
47    fn default() -> Self {
48        Self {
49            alpha_g1: E::G1Affine::default(),
50            beta_g2: E::G2Affine::default(),
51            gamma_g2: E::G2Affine::default(),
52            delta_g2: E::G2Affine::default(),
53            gamma_abc_g1: Vec::new(),
54        }
55    }
56}
57
58impl<E> Absorb for VerifyingKey<E>
59where
60    E: Pairing,
61    E::G1Affine: Absorb,
62    E::G2Affine: Absorb,
63{
64    fn to_sponge_bytes(&self, dest: &mut Vec<u8>) {
65        self.alpha_g1.to_sponge_bytes(dest);
66        self.beta_g2.to_sponge_bytes(dest);
67        self.gamma_g2.to_sponge_bytes(dest);
68        self.delta_g2.to_sponge_bytes(dest);
69        self.gamma_abc_g1
70            .iter()
71            .for_each(|g| g.to_sponge_bytes(dest));
72    }
73
74    fn to_sponge_field_elements<F: PrimeField>(&self, dest: &mut Vec<F>) {
75        self.alpha_g1.to_sponge_field_elements(dest);
76        self.beta_g2.to_sponge_field_elements(dest);
77        self.gamma_g2.to_sponge_field_elements(dest);
78        self.delta_g2.to_sponge_field_elements(dest);
79        self.gamma_abc_g1
80            .iter()
81            .for_each(|g| g.to_sponge_field_elements(dest));
82    }
83}
84
85/// Preprocessed verification key parameters that enable faster verification
86/// at the expense of larger size in memory.
87#[derive(Clone, Debug, PartialEq, CanonicalSerialize, CanonicalDeserialize)]
88pub struct PreparedVerifyingKey<E: Pairing> {
89    /// The unprepared verification key.
90    pub vk: VerifyingKey<E>,
91    /// The element `e(alpha * G, beta * H)` in `E::GT`.
92    pub alpha_g1_beta_g2: E::TargetField,
93    /// The element `- gamma * H` in `E::G2`, prepared for use in pairings.
94    pub gamma_g2_neg_pc: E::G2Prepared,
95    /// The element `- delta * H` in `E::G2`, prepared for use in pairings.
96    pub delta_g2_neg_pc: E::G2Prepared,
97}
98
99impl<E: Pairing> From<PreparedVerifyingKey<E>> for VerifyingKey<E> {
100    fn from(other: PreparedVerifyingKey<E>) -> Self {
101        other.vk
102    }
103}
104
105impl<E: Pairing> From<VerifyingKey<E>> for PreparedVerifyingKey<E> {
106    fn from(other: VerifyingKey<E>) -> Self {
107        crate::prepare_verifying_key(&other)
108    }
109}
110
111impl<E: Pairing> Default for PreparedVerifyingKey<E> {
112    fn default() -> Self {
113        Self {
114            vk: VerifyingKey::default(),
115            alpha_g1_beta_g2: E::TargetField::default(),
116            gamma_g2_neg_pc: E::G2Prepared::default(),
117            delta_g2_neg_pc: E::G2Prepared::default(),
118        }
119    }
120}
121
122////////////////////////////////////////////////////////////////////////////////
123
124/// The prover key for for the Groth16 zkSNARK.
125#[derive(Clone, Debug, PartialEq, CanonicalSerialize, CanonicalDeserialize)]
126pub struct ProvingKey<E: Pairing> {
127    /// The underlying verification key.
128    pub vk: VerifyingKey<E>,
129    /// The element `beta * G` in `E::G1`.
130    pub beta_g1: E::G1Affine,
131    /// The element `delta * G` in `E::G1`.
132    pub delta_g1: E::G1Affine,
133    /// The elements `a_i * G` in `E::G1`.
134    pub a_query: Vec<E::G1Affine>,
135    /// The elements `b_i * G` in `E::G1`.
136    pub b_g1_query: Vec<E::G1Affine>,
137    /// The elements `b_i * H` in `E::G2`.
138    pub b_g2_query: Vec<E::G2Affine>,
139    /// The elements `h_i * G` in `E::G1`.
140    pub h_query: Vec<E::G1Affine>,
141    /// The elements `l_i * G` in `E::G1`.
142    pub l_query: Vec<E::G1Affine>,
143}