ConstraintSystem

noah_bulletproofs::r1cs

Trait ConstraintSystem 

Source 
pub trait ConstraintSystem {
    // Required methods
    fn transcript(&mut self) -> &mut Transcript;
    fn multiply(
        &mut self,
        left: LinearCombination,
        right: LinearCombination,
    ) -> (Variable, Variable, Variable);
    fn allocate(
        &mut self,
        assignment: Option<Scalar>,
    ) -> Result<Variable, R1CSError>;
    fn allocate_multiplier(
        &mut self,
        input_assignments: Option<(Scalar, Scalar)>,
    ) -> Result<(Variable, Variable, Variable), R1CSError>;
    fn multipliers_len(&self) -> usize;
    fn constrain(&mut self, lc: LinearCombination);
}
Expand description

The interface for a constraint system, abstracting over the prover and verifier’s roles.

Statements to be proved by an R1CSProof are specified by programmatically constructing constraints. These constraints need to be identical between the prover and verifier, since the prover and verifier need to construct the same statement.

To prevent code duplication or mismatches between the prover and verifier, gadgets for the constraint system should be written using the ConstraintSystem trait, so that the prover and verifier share the logic for specifying constraints.

Required Methods§

Source

fn transcript(&mut self) -> &mut Transcript

Leases the proof transcript to the user, so they can add extra data to which the proof must be bound, but which is not available before creation of the constraint system.

Source

fn multiply( &mut self, left: LinearCombination, right: LinearCombination, ) -> (Variable, Variable, Variable)

Allocate and constrain multiplication variables.

Allocate variables left, right, and out with the implicit constraint that

left * right = out

and add the explicit constraints that

left = left_constraint
right = right_constraint

Returns (left, right, out) for use in further constraints.

Source

fn allocate( &mut self, assignment: Option<Scalar>, ) -> Result<Variable, R1CSError>

Allocate a single variable.

This either allocates a new multiplier and returns its left variable, or returns a right variable of a multiplier previously allocated by this method. The output of a multiplier is assigned on a even call, when right is assigned.

When CS is committed at the end of the first or second phase, the half-assigned multiplier has the right assigned to zero and all its variables committed.

Returns unconstrained Variable for use in further constraints.

Source

fn allocate_multiplier( &mut self, input_assignments: Option<(Scalar, Scalar)>, ) -> Result<(Variable, Variable, Variable), R1CSError>

Allocate variables left, right, and out with the implicit constraint that

left * right = out

Returns (left, right, out) for use in further constraints.

Source

fn multipliers_len(&self) -> usize

Counts the amount of allocated multipliers.

Source

fn constrain(&mut self, lc: LinearCombination)

Enforce the explicit constraint that

lc = 0

Implementors§