Crate r1cs

This is a rust library for building R1CS gadgets over prime fields, which are useful in SNARKs and other argument systems.

See the readme for more information and examples.

Re-exports

pub use num;

Macros

binary_unsigned_values	Creates an instance of WireValues from the given binary wires and BigUint values.
boolean_values	Creates an instance of WireValues from the given boolean wires and boolean values.
values	Creates an instance of WireValues from the given wires and field element values.

Structs

BinaryExpression	A BinaryExpression is comprised of several bits, each one being a BooleanExpression.
BinaryWire	A "binary wire" which is comprised of several bits, each one being a boolean wire.
Bls12_381	The BLS12-381 curve.
Bn128	The BN128 curve.
BooleanExpression	An Expression whose value is known to be binary.
BooleanWire	A Wire whose value is constrained to be binary.
Constraint	An rank-1 constraint of the form a * b = c, where a, b, and c are linear combinations of wires.
DaviesMeyer	The additive variant of Davies-Meyer, which creates a one-way compression function from a block cipher.
Element	An element of a prime field.
ElementMatrix	A matrix of prime field elements.
Expression	A linear combination of wires.
Gadget	An R1CS gadget.
GadgetBuilder
InversePermutation	The permutation 1 / x, with zero being mapped to itself.
MdsMatrix	A Maximum Distance Separable matrix.
MerkleDamgard	A hash function based on the Merkle–Damgård construction.
MerklePath	The path from a leaf to the root of a binary Merkle tree.
MiMCBlockCipher	The MiMC block cipher.
MiMCPermutation	The MiMC permutation, which is equivalent to MiMC encryption with a key of zero.
MonomialPermutation	The permutation x^n.
Poseidon	The Poseidon permutation.
Sponge	A sponge function. In a SNARK setting, efficiency demands that the two sections of sponge state memory (R and C) be stored in separate field elements, so that inputs can be efficiently added to R without affecting C.
Wire	A wire represents a witness element.
WireValues	An assignment of wire values, where each value is an element of the field F.
WitnessGenerator	Generates some elements of the witness.

Traits

BlockCipher	A symmetric-key block cipher.
CompressionFunction	A function which compresses two field elements into one, and is intended to be one-way.
Field	A prime order field.
HashFunction	A function which hashes a sequence of field elements, outputting a single field element.
MultiPermutation	A permutation whose inputs and outputs consist of multiple field elements.
Permutation	A permutation of single field elements.