ark_groth16/
lib.rs

1//! An implementation of the [`Groth16`] zkSNARK.
2//!
3//! [`Groth16`]: https://eprint.iacr.org/2016/260.pdf
4#![cfg_attr(not(feature = "std"), no_std)]
5#![warn(
6    unused,
7    future_incompatible,
8    nonstandard_style,
9    rust_2018_idioms,
10    missing_docs
11)]
12#![allow(clippy::many_single_char_names, clippy::op_ref)]
13#![forbid(unsafe_code)]
14
15#[macro_use]
16extern crate ark_std;
17
18#[cfg(feature = "r1cs")]
19#[macro_use]
20extern crate derivative;
21
22/// Reduce an R1CS instance to a *Quadratic Arithmetic Program* instance.
23pub mod r1cs_to_qap;
24
25/// Data structures used by the prover, verifier, and generator.
26pub mod data_structures;
27
28/// Generate public parameters for the Groth16 zkSNARK construction.
29pub mod generator;
30
31/// Create proofs for the Groth16 zkSNARK construction.
32pub mod prover;
33
34/// Verify proofs for the Groth16 zkSNARK construction.
35pub mod verifier;
36
37/// Constraints for the Groth16 verifier.
38#[cfg(feature = "r1cs")]
39pub mod constraints;
40
41#[cfg(test)]
42mod test;
43
44pub use self::data_structures::*;
45pub use self::verifier::*;
46
47use ark_crypto_primitives::snark::*;
48use ark_ec::pairing::Pairing;
49use ark_relations::r1cs::{ConstraintSynthesizer, SynthesisError};
50use ark_std::rand::RngCore;
51use ark_std::{marker::PhantomData, vec::Vec};
52use r1cs_to_qap::{LibsnarkReduction, R1CSToQAP};
53
54/// The SNARK of [[Groth16]](https://eprint.iacr.org/2016/260.pdf).
55pub struct Groth16<E: Pairing, QAP: R1CSToQAP = LibsnarkReduction> {
56    _p: PhantomData<(E, QAP)>,
57}
58
59impl<E: Pairing, QAP: R1CSToQAP> SNARK<E::ScalarField> for Groth16<E, QAP> {
60    type ProvingKey = ProvingKey<E>;
61    type VerifyingKey = VerifyingKey<E>;
62    type Proof = Proof<E>;
63    type ProcessedVerifyingKey = PreparedVerifyingKey<E>;
64    type Error = SynthesisError;
65
66    fn circuit_specific_setup<C: ConstraintSynthesizer<E::ScalarField>, R: RngCore>(
67        circuit: C,
68        rng: &mut R,
69    ) -> Result<(Self::ProvingKey, Self::VerifyingKey), Self::Error> {
70        let pk = Self::generate_random_parameters_with_reduction(circuit, rng)?;
71        let vk = pk.vk.clone();
72
73        Ok((pk, vk))
74    }
75
76    fn prove<C: ConstraintSynthesizer<E::ScalarField>, R: RngCore>(
77        pk: &Self::ProvingKey,
78        circuit: C,
79        rng: &mut R,
80    ) -> Result<Self::Proof, Self::Error> {
81        Self::create_random_proof_with_reduction(circuit, pk, rng)
82    }
83
84    fn process_vk(
85        circuit_vk: &Self::VerifyingKey,
86    ) -> Result<Self::ProcessedVerifyingKey, Self::Error> {
87        Ok(prepare_verifying_key(circuit_vk))
88    }
89
90    fn verify_with_processed_vk(
91        circuit_pvk: &Self::ProcessedVerifyingKey,
92        x: &[E::ScalarField],
93        proof: &Self::Proof,
94    ) -> Result<bool, Self::Error> {
95        Ok(Self::verify_proof(&circuit_pvk, proof, &x)?)
96    }
97}
98
99impl<E: Pairing, QAP: R1CSToQAP> CircuitSpecificSetupSNARK<E::ScalarField> for Groth16<E, QAP> {}