Ring

w3f_ring_proof::ring

Struct Ring 

Source 
pub struct Ring<F: PrimeField, KzgCurve: Pairing<ScalarField = F>, VrfCurveConfig: TECurveConfig<BaseField = F>> {
    pub cx: KzgCurve::G1Affine,
    pub cy: KzgCurve::G1Affine,
    pub selector: KzgCurve::G1Affine,
    pub max_keys: usize,
    pub curr_keys: usize,
    pub padding: Affine<VrfCurveConfig>,
}
Expand description

Commitment to a list of VRF public keys as is used as a public input to the ring proof SNARK verifier.

The VRF keys are (inner) curve points that we represent in the affine Twisted Edwards coordinates. We commit to the coordinate vectors independently using KZG on the outer curve. To make the commitment updatable we use SRS in the Lagrangian form: L1, ..., Ln, where Li = L_i(t)G. The commitment to a vector a1, ..., an is then a1L1 + ... + anLn.

We pad the list of keys with a padding point with unknown dlog up to a certain size. Additionally, to make the commitment compatible with the snark, we append the power-of-2 powers of the VRF blinding Pedersen base H, 2H, 4H, ..., 2^(s-1)H, where s is the bitness of the VRF curve scalar field. The last IDLE_ROWS = 4 elements are set to (0, 0).

Thus, the vector of points we commit to coordinatewise is pk1, ..., pkn, padding, ..., padding, H, 2H, ..., 2^(s-1)H, 0, 0, 0, 0

Fields§

§cx: KzgCurve::G1Affine

KZG commitment to the x coordinates of the described vector.

§cy: KzgCurve::G1Affine

KZG commitment to the y coordinates of the described vector.

§selector: KzgCurve::G1Affine

KZG commitment to a bitvector highlighting the part of the vector corresponding to the public keys.

§max_keys: usize

Maximal number of keys the commitment can “store”. For domain of size N it is N - (s + IDLE_ROWS).

§curr_keys: usize

Number of keys “stored” in this commitment.

§padding: Affine<VrfCurveConfig>

Implementations§

Source§

impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>, VrfCurveConfig: TECurveConfig<BaseField = F>> Ring<F, KzgCurve, VrfCurveConfig>

Source

pub fn empty( piop_params: &PiopParams<F, VrfCurveConfig>, srs: impl Fn(Range<usize>) -> Result<Vec<KzgCurve::G1Affine>, ()>, g: KzgCurve::G1, ) -> Self

Builds the commitment to the vector padding, ..., padding, H, 2H, ..., 2^(s-1)H, 0, 0, 0, 0.

We compute it as a sum of commitments of 2 vectors: padding, ..., padding, and 0, ..., 0, (H - padding), (2H - padding), ..., (2^(s-1)H - padding), -padding, -padding, -padding, -padding. The first one is padding * G, the second requires an (IDLE_ROWS + s)-msm to compute.

  • piop_params: SNARK parameters
  • srs: Should return srs[range] for range = (piop_params.keyset_part_size..domain_size)
  • g: Generator used in the SRS
Source

pub fn append( &mut self, keys: &[Affine<VrfCurveConfig>], srs: impl Fn(Range<usize>) -> Result<Vec<KzgCurve::G1Affine>, ()>, )

Appends a set key sequence to the ring.

  • keys: Keys to append.
  • srs: Should return srs[range] for range = (self.curr_keys..self.curr_keys + keys.len())
Source

pub fn with_keys( piop_params: &PiopParams<F, VrfCurveConfig>, keys: &[Affine<VrfCurveConfig>], srs: &RingBuilderKey<F, KzgCurve>, ) -> Self

Builds the ring from the keys provided with 2 MSMs of size keys.len() + scalar_bitlen + 5.

In some cases it may be beneficial to cash the empty ring, as updating it costs 2 MSMs of size keys.len().

  • piop_params: SNARK parameters.
  • srs: full-size Lagrangian SRS.
Source

pub fn slots_left(&self) -> usize

Source

pub const fn empty_unchecked( domain_size: usize, cx: KzgCurve::G1Affine, cy: KzgCurve::G1Affine, selector: KzgCurve::G1Affine, padding: Affine<VrfCurveConfig>, ) -> Self

Trait Implementations§

Source§

impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>, VrfCurveConfig: TECurveConfig<BaseField = F>> CanonicalDeserialize for Ring<F, KzgCurve, VrfCurveConfig>

Source§

fn deserialize_with_mode<R: Read>( reader: R, compress: Compress, validate: Validate, ) -> Result<Self, SerializationError>

The general deserialize method that takes in customization flags.
Source§

fn deserialize_compressed<R>(reader: R) -> Result<Self, SerializationError>
where R: Read,

Source§

fn deserialize_compressed_unchecked<R>( reader: R, ) -> Result<Self, SerializationError>
where R: Read,

Source§

fn deserialize_uncompressed<R>(reader: R) -> Result<Self, SerializationError>
where R: Read,

Source§

fn deserialize_uncompressed_unchecked<R>( reader: R, ) -> Result<Self, SerializationError>
where R: Read,

Source§

impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>, VrfCurveConfig: TECurveConfig<BaseField = F>> CanonicalSerialize for Ring<F, KzgCurve, VrfCurveConfig>

Source§

fn serialize_with_mode<W: Write>( &self, writer: W, compress: Compress, ) -> Result<(), SerializationError>

The general serialize method that takes in customization flags.
Source§

fn serialized_size(&self, compress: Compress) -> usize

Source§

fn serialize_compressed<W>(&self, writer: W) -> Result<(), SerializationError>
where W: Write,

Source§

fn compressed_size(&self) -> usize

Source§

fn serialize_uncompressed<W>(&self, writer: W) -> Result<(), SerializationError>
where W: Write,

Source§

fn uncompressed_size(&self) -> usize

Source§

impl<F: Clone + PrimeField, KzgCurve: Clone + Pairing<ScalarField = F>, VrfCurveConfig: Clone + TECurveConfig<BaseField = F>> Clone for Ring<F, KzgCurve, VrfCurveConfig>
where KzgCurve::G1Affine: Clone,

Source§

fn clone(&self) -> Ring<F, KzgCurve, VrfCurveConfig>

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>, VrfCurveConfig: TECurveConfig<BaseField = F>> Debug for Ring<F, KzgCurve, VrfCurveConfig>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<F: PartialEq + PrimeField, KzgCurve: PartialEq + Pairing<ScalarField = F>, VrfCurveConfig: PartialEq + TECurveConfig<BaseField = F>> PartialEq for Ring<F, KzgCurve, VrfCurveConfig>
where KzgCurve::G1Affine: PartialEq,

Source§

fn eq(&self, other: &Ring<F, KzgCurve, VrfCurveConfig>) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>, VrfCurveConfig: TECurveConfig<BaseField = F>> Valid for Ring<F, KzgCurve, VrfCurveConfig>

Source§

fn check(&self) -> Result<(), SerializationError>

Source§

fn batch_check<'a>( batch: impl Iterator<Item = &'a Self> + Send, ) -> Result<(), SerializationError>
where Self: 'a,

Source§

impl<F: Eq + PrimeField, KzgCurve: Eq + Pairing<ScalarField = F>, VrfCurveConfig: Eq + TECurveConfig<BaseField = F>> Eq for Ring<F, KzgCurve, VrfCurveConfig>
where KzgCurve::G1Affine: Eq,

Source§

impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>, VrfCurveConfig: TECurveConfig<BaseField = F>> StructuralPartialEq for Ring<F, KzgCurve, VrfCurveConfig>

Auto Trait Implementations§

§

impl<F, KzgCurve, VrfCurveConfig> Freeze for Ring<F, KzgCurve, VrfCurveConfig>
where <KzgCurve as Pairing>::G1Affine: Freeze, F: Freeze,

§

impl<F, KzgCurve, VrfCurveConfig> RefUnwindSafe for Ring<F, KzgCurve, VrfCurveConfig>
where <KzgCurve as Pairing>::G1Affine: RefUnwindSafe, F: RefUnwindSafe,

§

impl<F, KzgCurve, VrfCurveConfig> Send for Ring<F, KzgCurve, VrfCurveConfig>

§

impl<F, KzgCurve, VrfCurveConfig> Sync for Ring<F, KzgCurve, VrfCurveConfig>

§

impl<F, KzgCurve, VrfCurveConfig> Unpin for Ring<F, KzgCurve, VrfCurveConfig>
where <KzgCurve as Pairing>::G1Affine: Unpin, F: Unpin,

§

impl<F, KzgCurve, VrfCurveConfig> UnwindSafe for Ring<F, KzgCurve, VrfCurveConfig>
where <KzgCurve as Pairing>::G1Affine: UnwindSafe, F: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CanonicalSerializeHashExt for T
where T: CanonicalSerialize,

Source§

fn hash<H>(&self) -> GenericArray<u8, <H as OutputSizeUser>::OutputSize>
where H: Digest,

Source§

fn hash_uncompressed<H>( &self, ) -> GenericArray<u8, <H as OutputSizeUser>::OutputSize>
where H: Digest,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V