Trait prio::pcp::Value [−][src]
pub trait Value: Sized + PartialEq + Eq + Debug + for<'a> TryFrom<(Self::Param, &'a [Self::Field]), Error = TypeError> {
type Field: FieldElement;
type Param: Clone + Debug;
fn valid(
&self,
gadgets: &mut Vec<Box<dyn Gadget<Self::Field>>>,
joint_rand: &[Self::Field]
) -> Result<Self::Field, PcpError>;
fn as_slice(&self) -> &[Self::Field];
fn joint_rand_len(&self) -> usize;
fn prove_rand_len(&self) -> usize;
fn query_rand_len(&self) -> usize;
fn valid_gadget_calls(&self) -> Vec<usize>;
fn gadget(&self) -> Vec<Box<dyn Gadget<Self::Field>>>;
fn param(&self) -> Self::Param;
fn set_leader(&mut self, _is_leader: bool) { ... }
}
Expand description
A value of a certain type. Implementations of this trait specify an arithmetic circuit that determines whether a given value is valid.
Associated Types
type Field: FieldElement
type Field: FieldElement
The finite field used for this type.
Required methods
Evaluates the validity circuit on the given input (i.e., self
) and returns the output.
joint_rand
is the joint randomness shared by the prover and verifier. g
is the sequence
of gadgets called by the circuit.
use prio::pcp::types::Boolean;
use prio::pcp::Value;
use prio::field::{random_vector, FieldElement, Field64};
let x: Boolean<Field64> = Boolean::new(false);
let joint_rand = random_vector(x.joint_rand_len()).unwrap();
let v = x.valid(&mut x.gadget(), &joint_rand).unwrap();
assert_eq!(v, Field64::zero());
fn joint_rand_len(&self) -> usize
fn joint_rand_len(&self) -> usize
The length of the random input used by both the prover and the verifier.
fn prove_rand_len(&self) -> usize
fn prove_rand_len(&self) -> usize
The length of the random input consumed by the prover to generate a proof. This is the same as the sum of the arity of each gadget in the validity circuit.
fn query_rand_len(&self) -> usize
fn query_rand_len(&self) -> usize
The length of the random input consumed by the verifier to make queries against inputs and proofs. This is the same as the number of gadgets in the validity circuit.
fn valid_gadget_calls(&self) -> Vec<usize>
fn valid_gadget_calls(&self) -> Vec<usize>
The number of calls to the gadget made when evaluating the validity circuit.
Returns the sequence of gadgets associated with the validity circuit.
NOTE The construction of [BBC+19, Theorem 4.3] uses a single gadget rather than many. The idea to generalize the proof system to allow multiple gadgets is discussed briefly in [BBC+19, Remark 4.5], but no construction is given. The construction implemented here requires security analysis.
Provided methods
fn set_leader(&mut self, _is_leader: bool)
fn set_leader(&mut self, _is_leader: bool)
When verifying a proof over secret shared data, this method may be used to distinguish the “leader” share from the others. This is useful, for example, when some of the gadget inputs are constants used for both proof generation and verification.
use prio::pcp::types::MeanVarUnsignedVector;
use prio::pcp::{decide, prove, query, Value, Proof, Verifier};
use prio::field::{random_vector, split_vector, FieldElement, Field64};
use std::convert::TryFrom;
let measurement = [1, 2, 3];
let bits = 8;
let input: MeanVarUnsignedVector<Field64> =
MeanVarUnsignedVector::new(bits, &measurement).unwrap();
let input_shares: Vec<MeanVarUnsignedVector<Field64>> = split_vector(input.as_slice(), 2)
.unwrap()
.into_iter()
.enumerate()
.map(|(i, data)| {
let mut share =
MeanVarUnsignedVector::try_from((input.param(), data.as_slice())).unwrap();
share.set_leader(i == 0);
share
})
.collect();
let joint_rand = random_vector(input.joint_rand_len()).unwrap();
let prove_rand = random_vector(input.prove_rand_len()).unwrap();
let query_rand = random_vector(input.query_rand_len()).unwrap();
let proof = prove(&input, &prove_rand, &joint_rand).unwrap();
let proof_shares: Vec<Proof<Field64>> = split_vector(proof.as_slice(), 2)
.unwrap()
.into_iter()
.map(Proof::from)
.collect();
let verifier_shares = vec![
query(&input_shares[0], &proof_shares[0], &query_rand, &joint_rand).unwrap(),
query(&input_shares[1], &proof_shares[1], &query_rand, &joint_rand).unwrap(),
];
let verifier = Verifier::try_from(verifier_shares.as_slice()).unwrap();
let res = decide(&input_shares[0], &verifier).unwrap();
assert_eq!(res, true);