Crate snarkvm_wasm[][src]

Modules

algorithms
bits
blake2s
blake2s
bowe_hopwood_pedersen
bowe_hopwood_pedersen_compressed
bowe_hopwood_pedersen_parameters
commitment_path
commitment_tree
curves
data_structures

Data structures used by a polynomial commitment scheme.

domain

This module contains an EvaluationDomain abstraction for performing various kinds of polynomial arithmetic on top of the scalar field.

elligator2
error

Errors pertaining to query sets.

errors
errors
evaluations

A polynomial represented in evaluations form.

fields
fixed_base
fp6_2over3
fp6_3over2
fq
fq
fq
fq
fq2
fq3
fq6
fq6
fq12
fr
fr
fr
fr
g1
g1
g2
g2
gm17

An implementation of the Groth-Maller simulation extractable zkSNARK. GM17: https://eprint.iacr.org/2017/540

groth16

An implementation of the Groth16 zkSNARK.

group
group
group_parameters
integers
kzg10

The core [KZG10] construction.

marlin_pc

Polynomial commitment scheme from [KZG10] that enforces strict degree bounds and (optionally) enables hiding commitments by following the approach outlined in [CHMMVW20, “Marlin”].

merkle_path
merkle_tree
nonnative

This module provides the non-native field gadget for the snarkVM constraint-writing platform. The non-native field gadget can be used as a standard FieldVar, given reasonable non-native gadget parameters.

optional_rng

A random number generator that bypasses some limitations of the Rust borrow checker.

parameters
parameters
parameters
parameters
pedersen
pedersen
pedersen_compressed
pedersen_compressed
pedersen_parameters
pedersen_parameters
polynomial

Work with sparse and dense polynomials.

prelude
schnorr
schnorr_parameters
sha256
sonic_pc

Polynomial commitment scheme based on the construction in [KZG10], modified to obtain batching and to enforce strict degree bounds by following the approach outlined in [MBKM19, “Sonic”] (more precisely, via the variant in [Gabizon19, “AuroraLight”] that avoids negative G1 powers).

tests_field
traits
variable_base

Macros

field
impl_bytes

Helper macro to forward all derived implementations to the ToBytes and FromBytes traits

uint_impl_common

Structs

AllocatedBit

Represents a variable in the constraint system which is guaranteed to be either zero or one.

Ancestors
BW6_761G1Parameters
BW6_761Parameters
BatchLCProof

A proof of satisfaction of linear combinations.

Blake2s
Blake2sCommitment
Bls12_377G1Parameters
Bls12_377G2Parameters
Bls12_377G2Parameters
Bls12_377Parameters
BooleanInputGadget

Conversion of field elements by converting them to boolean sequences Used by Groth16 and Gm17

BoweHopwoodPedersenCRH
BoweHopwoodPedersenCRHParameters
BoweHopwoodPedersenCompressedCRH
CommitmentMerklePath
CommitmentMerkleTree
ConstraintCounter

Constraint counter for testing purposes.

DensePolynomial

Stores a polynomial in coefficient form.

EdwardsParameters
EdwardsParameters
Elligator2
EvaluationDomain

Defines a domain over which finite field (I)FFTs can be performed. Works only for fields that have a large multiplicative subgroup of size that is a power-of-2.

Evaluations

Stores a polynomial in evaluation form.

EvaluationsVar

An allocated version of Evaluations.

FixedBaseMSM
Fp2
Fp3
Fp12

An element of Fp12, represented by c0 + c1 * v

Fp256
Fp320
Fp384
Fp768
Fp832
Fq2Parameters
Fq3Parameters
Fq6Parameters
Fq6Parameters
Fq12Parameters
FqParameters
FqParameters
FqParameters
FqParameters
FrParameters
FrParameters
FrParameters
FrParameters
FrParameters
GroupEncryption
GroupEncryptionParameters
GroupEncryptionPublicKey
LabeledCommitment

A commitment along with information about its degree bound (if any).

LabeledPointVar

A labeled point variable, for queries to a polynomial commitment.

LabeledPolynomial

A polynomial along with information about its degree bound (if any), and the maximum number of queries that will be made to it. This latter number determines the amount of protection that will be provided to a commitment for this polynomial.

LinearCombination

A labeled linear combinations of polynomials.

LinearCombination

This represents a linear combination of some variables, with coefficients in the field F. The (coeff, var) pairs in a LinearCombination are kept sorted according to the index of the variable in its constraint system.

LinearCombinationVar

An allocated version of LinearCombination.

MerklePath

Stores the hashes of a particular path (in order) from leaf to root. Our path is_left_child() if the boolean in path is true.

MerkleTree
Namespace

This is a “namespaced” constraint system which borrows a constraint system (pushing a namespace context) and, when dropped, pops out of the namespace context.

OptionalVec
PCCheckRandomDataVar

A collection of random data used in the polynomial commitment checking.

PedersenCRH
PedersenCRHParameters
PedersenCommitment
PedersenCommitmentParameters
PedersenCompressedCRH
PedersenCompressedCommitment
Polynomial

Stores a polynomial in coefficient form.

QuerySetVar

An allocated version of QuerySet.

SchnorrOutput
SchnorrParameters
SchnorrPublicKey
SchnorrSignature
SparsePolynomial

Stores a sparse polynomial in coefficient form.

TestConstraintSystem

Constraint system for testing purposes.

Variable

Represents a variable in a constraint system.

VariableBaseMSM

Enums

Boolean

This is a boolean value which may be either a constant or an interpretation of an AllocatedBit.

ConstraintFieldError
ConstraintVariable

Either a Variable or a LinearCombination.

DenseOrSparsePolynomial

Represents either a sparse polynomial or a dense one.

Error

The error type for PolynomialCommitment.

FieldError
Index

Represents the index of either a public variable (input) or a private variable (auxiliary).

LCTerm

A term in a linear combination.

LegendreSymbol
LinearCombinationCoeffVar

A coefficient of LinearCombination.

SignedIntegerError
SynthesisError

This is an error that could occur during circuit synthesis contexts, such as CRS generation, proving or verification.

UnsignedIntegerError

Constants

BOWE_HOPWOOD_CHUNK_SIZE
BOWE_HOPWOOD_LOOKUP_SIZE
G1_GENERATOR_X

G1_GENERATOR_X = 81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695

G1_GENERATOR_X

G1_GENERATOR_X = 6238772257594679368032145693622812838779005809760824733138787810501188623461307351759238099287535516224314149266511977132140828635950940021790489507611754366317801811090811367945064510304504157188661901055903167026722666149426237

G1_GENERATOR_Y

G1_GENERATOR_Y = 241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030

G1_GENERATOR_Y

G1_GENERATOR_Y = 2101735126520897423911504562215834951148127555913367997162789335052900271653517958562461315794228241561913734371411178226936527683203879553093934185950470971848972085321797958124416462268292467002957525517188485984766314758624099

G2_GENERATOR_X
G2_GENERATOR_X

G2_GENERATOR_X = 6445332910596979336035888152774071626898886139774101364933948236926875073754470830732273879639675437155036544153105017729592600560631678554299562762294743927912429096636156401171909259073181112518725201388196280039960074422214428

G2_GENERATOR_X_C0

G2_GENERATOR_X_C0 = 233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294

G2_GENERATOR_X_C1

G2_GENERATOR_X_C1 = 140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118

G2_GENERATOR_Y
G2_GENERATOR_Y

G2_GENERATOR_Y = 562923658089539719386922163444547387757586534741080263946953401595155211934630598999300396317104182598044793758153214972605680357108252243146746187917218885078195819486220416605630144001533548163105316661692978285266378674355041

G2_GENERATOR_Y_C0

G2_GENERATOR_Y_C0 = 63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423

G2_GENERATOR_Y_C1

G2_GENERATOR_Y_C1 = 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491

Traits

Add

Returns addition of self + other in the constraint system.

AllocBytesGadget
AllocGadget
Assignment
CRHGadget
CommitmentGadget
ComparatorGadget
CompressedGroupGadget
CondSelectGadget

If condition is true, return first; else, select second.

ConditionalEqGadget

If condition == 1, then enforces that self and other are equal; otherwise, it doesn’t enforce anything.

ConditionalOrEqualsGadget
ConstraintSynthesizer

Computations are expressed in terms of rank-1 constraint systems (R1CS). The generate_constraints method is called to generate constraints for both CRS generation and for proving.

ConstraintSystem

Represents a constraint system which can have new variables allocated and constrains between them formed.

Div

Returns division of self / other in the constraint system.

EncryptionGadget
EqGadget
EvaluateEqGadget
EvaluateLtGadget
Field

The interface for a generic field.

FieldGadget
FieldParameters

A trait that defines parameters for a prime field.

Fp2Parameters
Fp3Parameters
Fp12Parameters
Fp256Parameters
Fp320Parameters
Fp384Parameters
Fp768Parameters
Fp832Parameters
FullAdder

Single bit binary adder with carry bit https://en.wikipedia.org/wiki/Adder_(electronics)#Full_adder sum = (a XOR b) XOR carry carry = a AND b OR carry AND (a XOR b) Returns (sum, carry)

GroupGadget
Integer

The interface for a singed or unsigned integer gadget.

MaskedCRHGadget
Mul

Returns multiplication of self * other in the constraint system.

NEqGadget
Neg

Returns a negated representation of self in the constraint system.

One
OrEqualsGadget
PCCheckVar

Describes the interface for a gadget for a PolynomialCommitment verifier.

PCCommitment

Defines the minimal interface of commitments for any polynomial commitment scheme.

PCCommitterKey

Defines the minimal interface of committer keys for any polynomial commitment scheme.

PCPreparedCommitment

Defines the minimal interface of prepared commitments for any polynomial commitment scheme.

PCPreparedVerifierKey

Defines the minimal interface of prepared verifier keys for any polynomial commitment scheme.

PCProof

Defines the minimal interface of evaluation proofs for any polynomial commitment scheme.

PCRandomness

Defines the minimal interface of commitment randomness for any polynomial commitment scheme.

PCUniversalParams

Defines the minimal interface for public params for any polynomial commitment scheme.

PCVerifierKey

Defines the minimal interface of verifier keys for any polynomial commitment scheme.

PRFGadget
PairingGadget
PedersenSize
PolynomialCommitment

Describes the interface for a polynomial commitment scheme that allows a sender to commit to multiple polynomials and later provide a succinct proof of evaluation for the corresponding commitments at a query set Q, while enforcing per-polynomial degree bounds.

Pow

Returns exponentiation of self ** other in the constraint system.

PrepareGadget

Define the minimal interface of prepared allocated structures.

PrimeField

The interface for a prime field.

RippleCarryAdder

Returns the bitwise sum of a n-bit number with carry bit

SNARKGadget

This implements constraints for SNARK verifiers.

SNARKVerifierGadget
SignExtend

Sign extends an array of bits to the desired length. Expects least significant bit first

SignaturePublicKeyRandomizationGadget
SquareRootField

The interface for a field that supports an efficient square-root operation.

Sub

Returns subtraction of self - other in the constraint system.

ThreeBitCondNegLookupGadget

Uses three bits to perform a lookup into a table, where the last bit performs negation

ToBitsBEGadget
ToBitsLEGadget
ToBytesGadget
ToConstraintField

Types that can be converted to a vector of F elements. Useful for specifying how public inputs to a constraint system should be represented inside that constraint system.

ToConstraintFieldGadget

Specifies how to convert a variable of type Self to variables of type FpGadget<F>

TwoBitLookupGadget

Uses two bits to perform a lookup into a table

Xor

Performs a bitwise XOR operation between self and other in the constraint system.

Zero

Functions

batch_inversion
double_sha256
evaluate_query_set

Evaluate the given polynomials at query_set.

prng
sha256
sha256d_to_u64

Type Definitions

BW6_761
Bls12_377
EdwardsAffine
EdwardsAffine
EdwardsProjective
EdwardsProjective
Evaluations

Evaluations is the result of querying a set of labeled polynomials or equations p at a QuerySet Q. It maps each element of Q to the resulting evaluation. That is, if (label, query) is an element of Q, then evaluation.get((label, query)) should equal p[label].evaluate(query).

Fq
Fq
Fq
Fq
Fq2
Fq3
Fq6
Fq6
Fq12
Fr
Fr
Fr
Fr
Fr

This field is the scalar field (Fr) of BLS12-377.

G1Affine
G1Affine
G1Projective
G1Projective
G2Affine
G2Affine
G2Projective
G2Projective
MerkleTreeDigest
PolynomialLabel

Labels a LabeledPolynomial or a LabeledCommitment.

QuerySet

QuerySet is the set of queries that are to be made to a set of labeled polynomials/equations p that have previously been committed to. Each element of a QuerySet is a (label, query) pair, where label is the label of a polynomial in p, and query is the field element that p[label] is to be queried at.

SynthesisResult