dusk-plonk 0.20.3

A pure-Rust implementation of the PLONK ZK-Proof algorithm
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
//
// Copyright (c) DUSK NETWORK. All rights reserved.

use crate::commitment_scheme::Commitment;

#[cfg(feature = "rkyv-impl")]
use bytecheck::CheckBytes;
#[cfg(feature = "rkyv-impl")]
use rkyv::{
    ser::{ScratchSpace, Serializer},
    Archive, Deserialize, Serialize,
};

#[derive(Debug, PartialEq, Eq, Copy, Clone)]
#[cfg_attr(
    feature = "rkyv-impl",
    derive(Archive, Deserialize, Serialize),
    archive(bound(serialize = "__S: Serializer + ScratchSpace")),
    archive_attr(derive(CheckBytes))
)]
pub(crate) struct VerifierKey {
    #[cfg_attr(feature = "rkyv-impl", omit_bounds)]
    pub(crate) q_variable_group_add: Commitment,
}

#[cfg(feature = "alloc")]
mod alloc {
    use super::*;
    use crate::proof_system::linearization_poly::ProofEvaluations;
    #[rustfmt::skip]
    use ::alloc::vec::Vec;
    use dusk_bls12_381::{BlsScalar, G1Affine};
    use dusk_jubjub::EDWARDS_D;

    impl VerifierKey {
        pub(crate) fn compute_linearization_commitment(
            &self,
            curve_add_separation_challenge: &BlsScalar,
            scalars: &mut Vec<BlsScalar>,
            points: &mut Vec<G1Affine>,
            evaluations: &ProofEvaluations,
        ) {
            let kappa = curve_add_separation_challenge.square();

            let x_1 = evaluations.a_eval;
            let x_3 = evaluations.a_w_eval;
            let y_1 = evaluations.b_eval;
            let y_3 = evaluations.b_w_eval;
            let x_2 = evaluations.c_eval;
            let y_2 = evaluations.d_eval;
            let x1_y2 = evaluations.d_w_eval;

            // Checks
            //
            // Check x1 * y2 is correct
            let xy_consistency = x_1 * y_2 - x1_y2;

            let y1_x2 = y_1 * x_2;
            let y1_y2 = y_1 * y_2;
            let x1_x2 = x_1 * x_2;

            // Check x_3 is correct
            let x3_lhs = x1_y2 + y1_x2;
            let x3_rhs = x_3 + (x_3 * (EDWARDS_D * x1_y2 * y1_x2));
            let x3_consistency = (x3_lhs - x3_rhs) * kappa;

            // Check y_3 is correct
            let y3_lhs = y1_y2 + x1_x2;
            let y3_rhs = y_3 - (y_3 * EDWARDS_D * x1_y2 * y1_x2);
            let y3_consistency = (y3_lhs - y3_rhs) * kappa.square();

            let identity = xy_consistency + x3_consistency + y3_consistency;

            scalars.push(identity * curve_add_separation_challenge);
            points.push(self.q_variable_group_add.0);
        }
    }
}