Struct tari_bulletproofs::r1cs::Prover

source · 
pub struct Prover<'g, T: BorrowMut<Transcript>> { /* private fields */ }
Expand description

A ConstraintSystem implementation for use by the prover.

The prover commits high-level variables and their blinding factors (v, v_blinding), allocates low-level variables and creates constraints in terms of these high-level variables and low-level variables.

When all constraints are added, the proving code calls prove which consumes the Prover instance, samples random challenges that instantiate the randomized constraints, and creates a complete proof.

Implementations§

source§

impl<'g, T: BorrowMut<Transcript>> Prover<'g, T>

source

pub fn new(pc_gens: &'g PedersenGens, transcript: T) -> Self

Construct an empty constraint system with specified external input variables.

Inputs

The bp_gens and pc_gens are generators for Bulletproofs and for the Pedersen commitments, respectively. The BulletproofGens should have gens_capacity greater than the number of multiplication constraints that will eventually be added into the constraint system.

The transcript parameter is a Merlin proof transcript. The ProverCS holds onto the &mut Transcript until it consumes itself during [ProverCS::prove], releasing its borrow of the transcript. This ensures that the transcript cannot be altered except by the ProverCS before proving is complete.

Returns

Returns a new Prover instance.

source

pub fn commit( &mut self, v: Scalar, v_blinding: Scalar ) -> (CompressedRistretto, Variable)

Creates commitment to a high-level variable and adds it to the transcript.

Inputs

The v and v_blinding parameters are openings to the commitment to the external variable for the constraint system. Passing the opening (the value together with the blinding factor) makes it possible to reference pre-existing commitments in the constraint system. All external variables must be passed up-front, so that challenges produced by [ConstraintSystem::challenge_scalar] are bound to the external variables.

Returns

Returns a pair of a Pedersen commitment (as a compressed Ristretto point), and a Variable corresponding to it, which can be used to form constraints.

source

pub fn eval(&self, lc: &LinearCombination) -> Scalar

Returns the secret value of the linear combination.

source

pub fn prove(self, bp_gens: &BulletproofGens) -> Result<R1CSProof, R1CSError>

Consume this ConstraintSystem to produce a proof.

source

pub fn prove_and_return_transcript( self, bp_gens: &BulletproofGens ) -> Result<(R1CSProof, T), R1CSError>

Consume this ConstraintSystem to produce a proof. Returns the proof and the transcript passed in Prover::new.

Trait Implementations§

source§

impl<'g, T: BorrowMut<Transcript>> ConstraintSystem for Prover<'g, T>

source§

fn transcript(&mut self) -> &mut Transcript

Leases the proof transcript to the user, so they can add extra data to which the proof must be bound, but which is not available before creation of the constraint system.
source§

fn multiply( &mut self, left: LinearCombination, right: LinearCombination ) -> (Variable, Variable, Variable)

Allocate and constrain multiplication variables. Read more
source§

fn allocate( &mut self, assignment: Option<Scalar> ) -> Result<Variable, R1CSError>

Allocate a single variable. Read more
source§

fn allocate_multiplier( &mut self, input_assignments: Option<(Scalar, Scalar)> ) -> Result<(Variable, Variable, Variable), R1CSError>

Allocate variables left, right, and out with the implicit constraint that Read more
source§

fn metrics(&self) -> Metrics

Counts the amount of constraints in the constraint system.
source§

fn constrain(&mut self, lc: LinearCombination)

Enforce the explicit constraint that Read more
source§

impl<'g, T: BorrowMut<Transcript>> RandomizableConstraintSystem for Prover<'g, T>

§

type RandomizedCS = RandomizingProver<'g, T>

Represents a concrete type for the CS in a randomization phase.
source§

fn specify_randomized_constraints<F>( &mut self, callback: F ) -> Result<(), R1CSError>where F: 'static + FnOnce(&mut Self::RandomizedCS) -> Result<(), R1CSError>,

Specify additional variables and constraints randomized using a challenge scalar bound to the assignments of the non-randomized variables. Read more

Auto Trait Implementations§

§

impl<'g, T> !RefUnwindSafe for Prover<'g, T>

§

impl<'g, T> !Send for Prover<'g, T>

§

impl<'g, T> !Sync for Prover<'g, T>

§

impl<'g, T> Unpin for Prover<'g, T>where T: Unpin,

§

impl<'g, T> !UnwindSafe for Prover<'g, T>

Blanket Implementations§

source§

impl<T> Any for Twhere T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same<T> for T

§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

§

fn vzip(self) -> V