Crate snarkvm_wasm
source · [−]Modules
Implements an Algebraic Holographic Proof (AHP) for the R1CS indexed relation.
Implements the Marlin verification gadget.
Data structures used by a polynomial commitment scheme.
This module contains an EvaluationDomain abstraction for
performing various kinds of polynomial arithmetic on top of
the scalar field.
Errors pertaining to query sets.
A polynomial represented in evaluations form.
RNGs for the Marlin SNARK.
Implements the base Marlin zkSNARK proof system.
Polynomial commitment scheme from [KZG10] that enforces strict degree bounds and (optionally) enables hiding commitments by following the approach outlined in [CHMMVW20, “Marlin”].
This module provides the non-native field gadget for the snarkVM constraint-writing platform.
The non-native field gadget can be used as a standard FieldVar, given
reasonable non-native gadget parameters.
A random number generator that bypasses some limitations of the Rust borrow checker.
Work with sparse and dense polynomials.
Polynomial commitment scheme based on the construction in [KZG10], modified to obtain batching and to enforce strict degree bounds by following the approach outlined in [MBKM19, “Sonic”] (more precisely, via the variant in [Gabizon19, “AuroraLight”] that avoids negative G1 powers).
Macros
Converts a string of 2 characters into a u16 for a human-readable prefix in Bech32.
Converts a string of 4 characters into a u32 for a human-readable prefix in Bech32.
Implements Add, Sub, AddAssign, and SubAssign on Self by deferring to an implementation on &Self
Helper macro to forward all derived implementations to the ToBytes and FromBytes traits
Implements Mul, Div, MulAssign, and DivAssign on Self by deferring to an implementation on &Self
Structs
The algebraic holographic proof defined in CHMMVW19. Currently, this AHP only supports inputs of size one less than a power of 2 (i.e., of the form 2^n - 1).
Represents the amount of ALEOs.
Represents a variable in the constraint system which is guaranteed to be either zero or one.
Represents a variable in the constraint system whose value can be an arbitrary field element.
A proof of satisfaction of linear combinations.
Block header.
Block header metadata.
The block template used by miners to mine the next block.
Conversion of field elements by converting them to boolean sequences Used by Groth16 and Gm17
Constraint counter for testing purposes.
Stores a polynomial in coefficient form.
Defines a domain over which finite field (I)FFTs can be performed. Works only for fields that have a large multiplicative subgroup of size that is a power-of-2.
Stores a polynomial in evaluation form.
An allocated version of Evaluations.
Program ID, program path, verifying key, and proof.
An RNG from any algebraic sponge
Building the Fiat-Shamir sponge’s gadget from any algebraic sponge’s gadget.
Implements a Fiat-Shamir based Rng that allows one to incrementally update the seed based on new messages in the proof transcript. Use a ChaCha stream cipher to generate the actual pseudorandom bits. Use a digest function to do absorbing.
An element of Fp12, represented by c0 + c1 * v
A commitment along with information about its degree bound (if any).
A labeled point variable, for queries to a polynomial commitment.
A polynomial along with information about its degree bound (if any), and the maximum number of queries that will be made to it. This latter number determines the amount of protection that will be provided to a commitment for this polynomial.
A ledger proof of inclusion.
A ledger tree contains all block hashes on the ledger.
A labeled linear combinations of polynomials.
This represents a linear combination of some variables, with coefficients
in the field F.
The (coeff, var) pairs in a LinearCombination are kept sorted according
to the index of the variable in its constraint system.
An allocated version of LinearCombination.
Defines a Merkle tree using the provided hash and depth.
Stores the hashes of a particular path (in order) from leaf to root.
Our path is_left_child() if the boolean in path is true.
Defines a Merkle tree using the provided hash and depth.
This is a “namespaced” constraint system which borrows a constraint system (pushing a namespace context) and, when dropped, pops out of the namespace context.
A collection of random data used in the polynomial commitment checking.
Stores a polynomial in coefficient form.
An entry in the default Poseidon parameters
Parameters and RNG used
A duplex sponge based using the Poseidon permutation.
the gadget for Poseidon sponge
A program defines all possible state transitions for a record.
An allocated version of QuerySet.
A proof of inclusion for a record in a block.
Stores a sparse polynomial in coefficient form.
Constraint system for testing purposes.
Constraint system for testing purposes.
Represents a variable in a constraint system.
Enums
Describes the failure modes of the AHP scheme.
This is a boolean value which may be either a constant or
an interpretation of an AllocatedBit.
Either a Variable or a LinearCombination.
Represents either a sparse polynomial or a dense one.
The mode structure for duplex sponges
The error type for PolynomialCommitment.
A enum specifying the possible failure modes of FiatShamir.
Represent variables corresponding to a field element in F.
Represents the index of either a public variable (input) or a private variable (auxiliary).
A term in a linear combination.
A coefficient of LinearCombination.
An error when generating/verifying a Proof of Succinct Work
A wrapper enum for a PoSW proof.
This is an error that could occur during circuit synthesis contexts, such as CRS generation, proving or verification.
Constants
G1_GENERATOR_X = 89363714989903307245735717098563574705733591463163614225748337416674727625843187853442697973404985688481508350822
G1_GENERATOR_X = 3475636518786498766590810745250126945968740010631847578009395853050342820108308881971249946821118240925527322852779996711186385119856316194209542863985484661252056926060250383124450299173357715156750061459909058938784631925098185
G1_GENERATOR_Y = 3702177272937190650578065972808860481433820514072818216637796320125658674906330993856598323293086021583822603349
G1_GENERATOR_Y = 6386045741560615474115286751221519546327665724453260780636948036691066354033553926136039329128245771826622081935656169693501570527441758504134165160161290809285880130747815459138453114895109629685668115497335848801906309831854449
G2_GENERATOR_X = 927956984471615468124472746554543101337527312348662621347440770917496233677004806656401789322295154757803076219469766862850983203848259151794917476784348647741097824043386936111698873760942854285698387656381822040687217598671475
G2_GENERATOR_X_C0 = 170590608266080109581922461902299092015242589883741236963254737235977648828052995125541529645051927918098146183295
G2_GENERATOR_X_C1 = 83407003718128594709087171351153471074446327721872642659202721143408712182996929763094113874399921859453255070254
G2_GENERATOR_Y = 608205995591379252593575348853717734690994487823225986322386812170777664697317078928599401333750023327415326429631777048153067399834460761103119533693592159593385004303526978878263449123862579622710147286865775614857922338717660
G2_GENERATOR_Y_C0 = 1843833842842620867708835993770650838640642469700861403869757682057607397502738488921663703124647238454792872005
G2_GENERATOR_Y_C1 = 33145532013610981697337930729788870077912093258611421158732879580766461459275194744385880708057348608045241477209
Statics
Traits
Returns addition of self + other in the constraint system.
The interface for a cryptographic sponge.
A sponge can absorb or take in inputs and later squeeze or output bytes or field elements.
The outputs are dependent on previous absorb and squeeze calls.
The interface for a cryptographic sponge constraints on field CF.
A sponge can absorb or take in inputs and later squeeze or output bytes or field elements.
The outputs are dependent on previous absorb and squeeze calls.
If condition is true, return first; else, select second.
If condition == 1, then enforces that self and other are equal;
otherwise, it doesn’t enforce anything.
Computations are expressed in terms of rank-1 constraint systems (R1CS).
The generate_constraints method is called to generate constraints for
both CRS generation and for proving.
Represents a constraint system which can have new variables allocated and constrains between them formed.
Trait for an algebraic sponge such as Poseidon.
Returns division of self / other in the constraint system.
Types that can be FFT-ed must implement this trait.
Abstraction that provides evaluations of (linear combinations of) polynomials
The interface for fields that are able to be used in FFTs.
A trait that defines parameters for a field that can be used for FFTs.
Trait for a Fiat-Shamir RNG.
Constraints for a RNG for use in a Fiat-Shamir transform.
The interface for a generic field.
A trait that defines parameters for a prime field.
Specifies how to convert variables of type FpGadget<F> to a variable of type Self
Single bit binary adder with carry bit https://en.wikipedia.org/wiki/Adder_(electronics)#Full_adder sum = (a XOR b) XOR carry carry = a AND b OR carry AND (a XOR b) Returns (sum, carry)
The interface for a singed or unsigned integer gadget.
The ledger tree is a core state tree.
Returns multiplication of self * other in the constraint system.
Returns a negated representation of self in the constraint system.
Describes the interface for a gadget for a PolynomialCommitment
verifier.
Defines the minimal interface of commitments for any polynomial commitment scheme.
Defines the minimal interface of committer keys for any polynomial commitment scheme.
Defines the minimal interface of evaluation proofs for any polynomial commitment scheme.
Defines the minimal interface of commitment randomness for any polynomial commitment scheme.
Defines the minimal interface for public params for any polynomial commitment scheme.
Defines the minimal interface of verifier keys for any polynomial commitment scheme.
Describes the interface for a polynomial commitment scheme that allows
a sender to commit to multiple polynomials and later provide a succinct proof
of evaluation for the corresponding commitments at a query set Q, while
enforcing per-polynomial degree bounds.
A trait for default Poseidon parameters associated with a prime field
A field with Poseidon parameters associated
Returns exponentiation of self ** other in the constraint system.
The interface for a prime field.
Returns the bitwise sum of a n-bit number with carry bit
Sign extends an array of bits to the desired length. Expects least significant bit first
The interface for a field that supports an efficient square-root operation.
Uses three bits to perform a lookup into a table, where the last bit performs negation
Types that can be converted to a vector of F elements. Useful for specifying
how public inputs to a constraint system should be represented inside
that constraint system.
Specifies how to convert a variable of type Self to variables of
type FpGadget<F>
Uses two bits to perform a lookup into a table
The derivative of the vanishing polynomial
Performs a bitwise XOR operation between self and other in the constraint system.
Functions
Evaluate the given polynomials at query_set.
Internal function that computes the ark and mds from the Poseidon Grain LFSR.
Internal function that uses the PoseidonDefaultParameters to compute the Poseidon parameters.
Type Definitions
Evaluations is the result of querying a set of labeled polynomials or equations
p at a QuerySet Q. It maps each element of Q to the resulting evaluation.
That is, if (label, query) is an element of Q, then evaluation.get((label, query))
should equal p[label].evaluate(query).
BLS12-377 scalar field.
BLS12-377 scalar field.
This field is the scalar field (Fr) of BLS12-377.
Labels a LabeledPolynomial or a LabeledCommitment.
QuerySet is the set of queries that are to be made to a set of labeled polynomials/equations
p that have previously been committed to. Each element of a QuerySet is a (label, query)
pair, where label is the label of a polynomial in p, and query is the field element
that p[label] is to be queried at.