Trait prio::pcp::Value

pub trait Value: Sized + PartialEq + Eq + Debug + for<'a> TryFrom<(Self::Param, &'a [Self::Field]), Error = TypeError> {
    type Field: FieldElement;
    type Param: Clone + Debug;
    fn valid(
        &self, 
        gadgets: &mut Vec<Box<dyn Gadget<Self::Field>>>, 
        joint_rand: &[Self::Field]
    ) -> Result<Self::Field, PcpError>;
    fn as_slice(&self) -> &[Self::Field];
    fn joint_rand_len(&self) -> usize;
    fn prove_rand_len(&self) -> usize;
    fn query_rand_len(&self) -> usize;
    fn valid_gadget_calls(&self) -> Vec<usize>;
    fn gadget(&self) -> Vec<Box<dyn Gadget<Self::Field>>>;
    fn param(&self) -> Self::Param;

    fn set_leader(&mut self, _is_leader: bool) { ... }
}

A value of a certain type. Implementations of this trait specify an arithmetic circuit that determines whether a given value is valid.

Associated Types

type Field: FieldElement

The finite field used for this type.

type Param: Clone + Debug

Parameters used to construct a value of this type from a vector of field elements.

Required methods

fn valid(
    &self,
    gadgets: &mut Vec<Box<dyn Gadget<Self::Field>>>,
    joint_rand: &[Self::Field]
) -> Result<Self::Field, PcpError>

Evaluates the validity circuit on the given input (i.e., self) and returns the output. joint_rand is the joint randomness shared by the prover and verifier. g is the sequence of gadgets called by the circuit.

use prio::pcp::types::Boolean;
use prio::pcp::Value;
use prio::field::{random_vector, FieldElement, Field64};

let x: Boolean<Field64> = Boolean::new(false);
let joint_rand = random_vector(x.joint_rand_len()).unwrap();
let v = x.valid(&mut x.gadget(), &joint_rand).unwrap();
assert_eq!(v, Field64::zero());

fn as_slice(&self) -> &[Self::Field]

Returns a reference to the underlying data.

fn joint_rand_len(&self) -> usize

The length of the random input used by both the prover and the verifier.

fn prove_rand_len(&self) -> usize

The length of the random input consumed by the prover to generate a proof. This is the same as the sum of the arity of each gadget in the validity circuit.

fn query_rand_len(&self) -> usize

The length of the random input consumed by the verifier to make queries against inputs and proofs. This is the same as the number of gadgets in the validity circuit.

fn valid_gadget_calls(&self) -> Vec<usize>

The number of calls to the gadget made when evaluating the validity circuit.

fn gadget(&self) -> Vec<Box<dyn Gadget<Self::Field>>>

Returns the sequence of gadgets associated with the validity circuit.

NOTE The construction of [BBC+19, Theorem 4.3] uses a single gadget rather than many. The idea to generalize the proof system to allow multiple gadgets is discussed briefly in [BBC+19, Remark 4.5], but no construction is given. The construction implemented here requires security analysis.

fn param(&self) -> Self::Param

Returns a copy of the associated type parameters for this value.

Provided methods

fn set_leader(&mut self, _is_leader: bool)

When verifying a proof over secret shared data, this method may be used to distinguish the “leader” share from the others. This is useful, for example, when some of the gadget inputs are constants used for both proof generation and verification.

use prio::pcp::types::MeanVarUnsignedVector;
use prio::pcp::{decide, prove, query, Value, Proof, Verifier};
use prio::field::{random_vector, split_vector, FieldElement, Field64};

use std::convert::TryFrom;

let measurement = [1, 2, 3];
let bits = 8;
let input: MeanVarUnsignedVector<Field64> =
    MeanVarUnsignedVector::new(bits, &measurement).unwrap();
let input_shares: Vec<MeanVarUnsignedVector<Field64>> = split_vector(input.as_slice(), 2)
    .unwrap()
    .into_iter()
    .enumerate()
    .map(|(i, data)| {
        let mut share =
            MeanVarUnsignedVector::try_from((input.param(), data.as_slice())).unwrap();
        share.set_leader(i == 0);
        share
    })
    .collect();

let joint_rand = random_vector(input.joint_rand_len()).unwrap();
let prove_rand = random_vector(input.prove_rand_len()).unwrap();
let query_rand = random_vector(input.query_rand_len()).unwrap();

let proof = prove(&input, &prove_rand, &joint_rand).unwrap();
let proof_shares: Vec<Proof<Field64>> = split_vector(proof.as_slice(), 2)
    .unwrap()
    .into_iter()
    .map(Proof::from)
    .collect();

let verifier_shares = vec![
    query(&input_shares[0], &proof_shares[0], &query_rand, &joint_rand).unwrap(),
    query(&input_shares[1], &proof_shares[1], &query_rand, &joint_rand).unwrap(),
];

let verifier = Verifier::try_from(verifier_shares.as_slice()).unwrap();
let res = decide(&input_shares[0], &verifier).unwrap();
assert_eq!(res, true);

Implementors

impl<F: FieldElement> Value for Boolean<F>

type Field = F

type Param = ()

impl<F: FieldElement> Value for MeanVarUnsignedVector<F>

type Field = F

type Param = usize

impl<F: FieldElement> Value for PolyCheckedVector<F>

type Field = F

type Param = Vec<F>