dusk-plonk 0.9.1

A pure-Rust implementation of the PLONK ZK-Proof algorithm
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
//
// Copyright (c) DUSK NETWORK. All rights reserved.

use crate::commitment_scheme::Commitment;

#[derive(Debug, PartialEq, Eq, Copy, Clone)]
pub struct VerifierKey {
    pub(crate) q_lookup: Commitment,
    pub(crate) table_1: Commitment,
    pub(crate) table_2: Commitment,
    pub(crate) table_3: Commitment,
    pub(crate) table_4: Commitment,
}

#[cfg(feature = "alloc")]
mod alloc {
    use super::VerifierKey;
    use crate::proof_system::linearisation_poly::ProofEvaluations;
    use alloc::vec::Vec;
    use dusk_bls12_381::{BlsScalar, G1Affine};

    impl VerifierKey {
        pub(crate) fn compute_linearisation_commitment(
            &self,
            lookup_separation_challenge: &BlsScalar,
            scalars: &mut Vec<BlsScalar>,
            points: &mut Vec<G1Affine>,
            evaluations: &ProofEvaluations,
            (delta, epsilon): (&BlsScalar, &BlsScalar),
            zeta: &BlsScalar,
            l1_eval: &BlsScalar,
            t_eval: &BlsScalar,
            t_next_eval: &BlsScalar,
            h_2_comm: G1Affine,
            p_comm: G1Affine,
        ) {
            let l_sep_2 = lookup_separation_challenge.square();
            let l_sep_3 = lookup_separation_challenge * l_sep_2;
            let zeta_sq = zeta * zeta;
            let zeta_cu = zeta * zeta_sq;

            // (a_eval + zeta*b_eval + zeta^2*c_eval + zeta^3d_eval - f_eval) *
            // q_lookup * alpha_1
            let a = {
                let a_0 = evaluations.a_eval
                    + zeta * evaluations.b_eval
                    + zeta_sq * evaluations.c_eval
                    + zeta_cu * evaluations.d_eval;
                let a_1 = evaluations.f_eval;

                (a_0 - a_1) * lookup_separation_challenge
            };

            scalars.push(a);
            points.push(self.q_lookup.0);

            //
            // - (p_next_eval*(epsilon*(1 + delta) + h_1_eval +
            //   delta*h_2_eval)*alpha_1^3)*h_2
            let c = {
                let c_0 = &evaluations.lookup_perm_eval;

                let c_1 = epsilon * (BlsScalar::one() + delta)
                    + evaluations.h_1_eval
                    + delta * evaluations.h_2_eval;

                -c_0 * c_1 * l_sep_3
            };
            scalars.push(c);
            points.push(h_2_comm);

            // (1 + delta)(e + f_eval)(epsilon*(1 + delta) + t_eval + (delta *
            // t_next_eval) * alpha_1^3 + l_1(z) * alpha_1^2
            let d = {
                let d_0 = BlsScalar::one() + delta;

                let d_1 = epsilon + evaluations.f_eval;

                let d_2 =
                    (epsilon * d_0 + t_eval + (delta * t_next_eval)) * l_sep_3;

                let d_3 = l1_eval * l_sep_2;

                (d_0 * d_1 * d_2) + d_3
            };

            scalars.push(d);
            points.push(p_comm);
        }
    }
}