dusk-plonk 0.20.2

A pure-Rust implementation of the PLONK ZK-Proof algorithm
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
//
// Copyright (c) DUSK NETWORK. All rights reserved.

use super::Commitment;
use dusk_bls12_381::BlsScalar;

/// Proof that a polynomial `p` was correctly evaluated at a point `z`
/// producing the evaluated point p(z).
#[derive(Copy, Clone, Debug)]
#[allow(dead_code)]
pub(crate) struct Proof {
    /// This is a commitment to the witness polynomial.
    pub(crate) commitment_to_witness: Commitment,
    /// This is the result of evaluating a polynomial at the point `z`.
    pub(crate) evaluated_point: BlsScalar,
    /// This is the commitment to the polynomial that you want to prove a
    /// statement about.
    pub(crate) commitment_to_polynomial: Commitment,
}

#[cfg(feature = "alloc")]
pub(crate) mod alloc {
    use super::*;
    use crate::util::powers_of;
    #[rustfmt::skip]
    use ::alloc::vec::Vec;
    use dusk_bls12_381::G1Projective;
    #[cfg(feature = "std")]
    use rayon::prelude::*;

    /// Proof that multiple polynomials were correctly evaluated at a point `z`,
    /// each producing their respective evaluated points p_i(z).
    #[derive(Debug)]
    #[allow(dead_code)]
    pub(crate) struct AggregateProof {
        /// This is a commitment to the aggregated witness polynomial.
        pub(crate) commitment_to_witness: Commitment,
        /// These are the results of the evaluating each polynomial at the
        /// point `z`.
        pub(crate) evaluated_points: Vec<BlsScalar>,
        /// These are the commitments to the polynomials which you want to
        /// prove a statement about.
        pub(crate) commitments_to_polynomials: Vec<Commitment>,
    }

    #[allow(dead_code)]
    impl AggregateProof {
        /// Initializes an `AggregatedProof` with the commitment to the witness.
        pub(crate) fn with_witness(witness: Commitment) -> AggregateProof {
            AggregateProof {
                commitment_to_witness: witness,
                evaluated_points: Vec::new(),
                commitments_to_polynomials: Vec::new(),
            }
        }

        /// Adds an evaluated point with the commitment to the polynomial which
        /// produced it.
        pub(crate) fn add_part(&mut self, part: (BlsScalar, Commitment)) {
            self.evaluated_points.push(part.0);
            self.commitments_to_polynomials.push(part.1);
        }

        /// Flattens an `AggregateProof` into a `Proof`.
        pub(crate) fn flatten(&self, v_challenge: &BlsScalar) -> Proof {
            let powers = powers_of(
                v_challenge,
                self.commitments_to_polynomials.len() - 1,
            );

            #[cfg(not(feature = "std"))]
            let flattened_poly_commitments_iter =
                self.commitments_to_polynomials.iter().zip(powers.iter());
            #[cfg(not(feature = "std"))]
            let flattened_poly_evaluations_iter =
                self.evaluated_points.iter().zip(powers.iter());

            #[cfg(feature = "std")]
            let flattened_poly_commitments_iter = self
                .commitments_to_polynomials
                .par_iter()
                .zip(powers.par_iter());
            #[cfg(feature = "std")]
            let flattened_poly_evaluations_iter =
                self.evaluated_points.par_iter().zip(powers.par_iter());

            // Flattened polynomial commitments using challenge `v`
            let flattened_poly_commitments: G1Projective =
                flattened_poly_commitments_iter
                    .map(|(poly, v_challenge)| poly.0 * v_challenge)
                    .sum();
            // Flattened evaluation points
            let flattened_poly_evaluations: BlsScalar =
                flattened_poly_evaluations_iter
                    .map(|(eval, v_challenge)| eval * v_challenge)
                    .sum();

            Proof {
                commitment_to_witness: self.commitment_to_witness,
                evaluated_point: flattened_poly_evaluations,
                commitment_to_polynomial: Commitment::from(
                    flattened_poly_commitments,
                ),
            }
        }
    }
}