Crate r1cs

This is a rust library for building R1CS gadgets over prime fields, which are useful in SNARKs and other argument systems.

See the readme for more information and examples.

Re-exports

pub use num;

Macros

binary_unsigned_values

Creates an instance of WireValues from the given binary wires and BigUint values.

boolean_values

Creates an instance of WireValues from the given boolean wires and boolean values.

values

Creates an instance of WireValues from the given wires and field element values.

Structs

BinaryExpression

A BinaryExpression is comprised of several bits, each one being a BooleanExpression.

BinaryWire

A “binary wire” which is comprised of several bits, each one being a boolean wire.

Bls12_381

The BLS12-381 curve.

Bn128

The BN128 curve.

BooleanExpression

An Expression whose value is known to be binary.

BooleanWire

A Wire whose value is constrained to be binary.

Constraint

An rank-1 constraint of the form a * b = c, where a, b, and c are linear combinations of wires.

DaviesMeyer

The additive variant of Davies-Meyer, which creates a one-way compression function from a block cipher.

EdwardsPoint

An embedded Edwards curve point defined over the same base field as the constraint system, with affine coordinates as elements.

EdwardsPointExpression

An embedded Edwards curve point defined over the same base field as the field used in the constraint system, with affine coordinates as expressions.

Element

An element of a prime field.

ElementMatrix

A matrix of prime field elements.

Expression

A linear combination of wires.

Gadget

An R1CS gadget.

GadgetBuilder

InversePermutation

The permutation 1 / x, with zero being mapped to itself.

JubJub

LCG

A simple linear congruential generator, with parameters taken from Numerical Recipes.

MdsMatrix

A Maximum Distance Separable matrix.

MerkleDamgard

A hash function based on the Merkle–Damgård construction.

MerklePath

The path from a leaf to the root of a binary Merkle tree.

MiMCBlockCipher

The MiMC block cipher.

MiMCPermutation

The MiMC permutation, which is equivalent to MiMC encryption with a key of zero.

MiyaguchiPreneel

The additive variant of Miyaguchi-Preneel, which creates a one-way compression function from a block cipher.

MonomialPermutation

The permutation x^n.

MontgomeryPointExpression

An embedded Montgomery curve point defined over the same base field as the field used in the constraint system, with affine coordinates as expressions.

NumberOfRounds

The number of full and partial rounds to use in an instance of Poseidon.

Poseidon

The Poseidon permutation.

PoseidonBuilder

Builds a Poseidon instance.

ProjWeierstrassPointExpression

An embedded Weierstrass curve point defined over the same base field as the field used in the constraint system, with projective coordinates as expressions.

Rescue

The Rescue permutation.

RescueBuilder

Builds a Rescue instance.

Sponge

A sponge function.

WeierstrassPointExpression

An embedded Weierstrass curve point defined over the same base field as the field used in the constraint system, with affine coordinates as expressions.

Wire

A wire represents a witness element.

WireValues

An assignment of wire values, where each value is an element of the field F.

WitnessGenerator

Generates some elements of the witness.

Enums

PoseidonSbox

An S-Box that can be used with Poseidon.

Traits

BlockCipher

A symmetric-key block cipher.

CompressionFunction

A function which compresses two field elements into one, and is intended to be one-way.

Curve

CurvePoint

EdwardsCurve

An embedded twisted Edwards curve defined over the same base field as the field used in the constraint system

Field

A prime order field.

HashFunction

A function which hashes a sequence of field elements, outputting a single field element.

MultiPermutation

A permutation whose inputs and outputs consist of multiple field elements.

Permutation

A permutation of single field elements.