Struct zkplonk::Plonk

pub struct Plonk<C: TwistedEdwardsAffine> { /* private fields */ }

Construct and prove circuits

Implementations

impl<C: TwistedEdwardsAffine> Plonk<C>

pub const ZERO: PrivateWire = _

Zero representation inside the constraint system.

A turbo composer expects the first witness to be always present and to be zero.

pub fn append_witness<W: Into<C::Range>>(&mut self, witness: W) -> PrivateWire

Allocate a witness value into the composer and return its index.

pub fn append_custom_gate(&mut self, constraint: Constraint<C::Range>)

Append a new width-4 poly gate/constraint.

pub fn append_witness_internal(&mut self, witness: C::Range) -> PrivateWire

pub fn append_custom_gate_internal(&mut self, constraint: Constraint<C::Range>)

pub fn component_mul_generator<A: Into<C::Extended>>( &mut self, jubjub: PrivateWire, generator: A ) -> Result<WitnessPoint, Error>

Evaluate jubjub · Generator as a WitnessPoint

generator will be appended to the circuit description as constant

Will error if jubjub doesn’t fit Fr

pub fn append_gate(&mut self, constraint: Constraint<C::Range>)

Append a new width-4 poly gate/constraint.

The constraint added will enforce the following: q_m · a · b + q_l · a + q_r · b + q_o · o + q_4 · d + q_c + PI = 0.

pub fn append_evaluated_output( &mut self, s: Constraint<C::Range> ) -> Option<PrivateWire>

Evaluate the polynomial and append an output that satisfies the equation

Return None if the output selector is zero

pub fn append_dummy_gates(&mut self)

Adds blinding factors to the witness polynomials with two dummy arithmetic constraints

pub fn append_constant<A: Into<C::Range>>(&mut self, constant: A) -> PrivateWire

Constrain a scalar into the circuit description and return an allocated PrivateWire with its value

pub fn append_point<A: Into<C>>(&mut self, affine: A) -> WitnessPoint

Appends a point in affine form as WitnessPoint

pub fn append_constant_point<A: Into<C>>(&mut self, affine: A) -> WitnessPoint

Constrain a point into the circuit description and return an allocated WitnessPoint with its coordinates

pub fn append_public_point<A: Into<C>>(&mut self, affine: A) -> WitnessPoint

Appends a point in affine form as WitnessPoint

Creates two public inputs as (x, y)

pub fn append_public<A: Into<C::Range>>(&mut self, public: A) -> PrivateWire

Allocate a witness value into the composer and return its index.

Create a public input with the scalar

pub fn assert_equal(&mut self, a: PrivateWire, b: PrivateWire)

Asserts a == b by appending a gate

pub fn append_logic_and( &mut self, a: PrivateWire, b: PrivateWire, num_bits: usize ) -> PrivateWire

Adds a logical AND gate that performs the bitwise AND between two values for the specified first num_bits returning a PrivateWire holding the result.

Panics

If the num_bits specified in the fn params is odd.

pub fn append_logic_xor( &mut self, a: PrivateWire, b: PrivateWire, num_bits: usize ) -> PrivateWire

Adds a logical XOR gate that performs the XOR between two values for the specified first num_bits returning a PrivateWire holding the result.

Panics

If the num_bits specified in the fn params is odd.

pub fn assert_equal_constant<A: Into<C::Range>>( &mut self, a: PrivateWire, constant: A, public: Option<C::Range> )

Constrain a to be equal to constant + pi.

constant will be defined as part of the public circuit description.

pub fn assert_equal_point(&mut self, a: WitnessPoint, b: WitnessPoint)

Asserts a == b by appending two gates

pub fn assert_equal_public_point<A: Into<C>>( &mut self, point: WitnessPoint, public: A )

Asserts point == public.

Will add public affine coordinates (x,y) as public inputs

pub fn component_add_point( &mut self, a: WitnessPoint, b: WitnessPoint ) -> WitnessPoint

Adds two curve points by consuming 2 gates.

pub fn component_boolean(&mut self, a: PrivateWire)

Adds a boolean constraint (also known as binary constraint) where the gate eq. will enforce that the PrivateWire received is either 0 or 1 by adding a constraint in the circuit.

Note that using this constraint with whatever PrivateWire that is not representing a value equalling 0 or 1, will always force the equation to fail.

pub fn component_decomposition<const N: usize>( &mut self, scalar: PrivateWire ) -> [PrivateWire; N]

Decomposes scalar into an array truncated to N bits (max 256).

Asserts the reconstruction of the bits to be equal to scalar.

Consume 2 · N + 1 gates

pub fn component_select_identity( &mut self, bit: PrivateWire, a: WitnessPoint ) -> WitnessPoint

Conditionally selects identity as WitnessPoint based on an input bit.

bit == 1 => a, bit == 0 => identity,

bit is expected to be constrained by [Composer::component_boolean]

pub fn component_mul_point( &mut self, jubjub: PrivateWire, point: WitnessPoint ) -> WitnessPoint

Evaluate jubjub · point as a WitnessPoint

pub fn component_select( &mut self, bit: PrivateWire, a: PrivateWire, b: PrivateWire ) -> PrivateWire

Conditionally selects a PrivateWire based on an input bit.

bit == 1 => a, bit == 0 => b,

bit is expected to be constrained by [Composer::component_boolean]

pub fn component_select_one( &mut self, bit: PrivateWire, value: PrivateWire ) -> PrivateWire

Conditionally selects a PrivateWire based on an input bit.

bit == 1 => value, bit == 0 => 1,

bit is expected to be constrained by [Composer::component_boolean]

pub fn component_select_point( &mut self, bit: PrivateWire, a: WitnessPoint, b: WitnessPoint ) -> WitnessPoint

Conditionally selects a WitnessPoint based on an input bit.

bit == 1 => a, bit == 0 => b,

bit is expected to be constrained by [Composer::component_boolean]

pub fn component_select_zero( &mut self, bit: PrivateWire, value: PrivateWire ) -> PrivateWire

Conditionally selects a PrivateWire based on an input bit.

bit == 1 => value, bit == 0 => 0,

bit is expected to be constrained by [Composer::component_boolean]

pub fn component_range(&mut self, witness: PrivateWire, num_bits: usize)

Adds a range-constraint gate that checks and constrains a PrivateWire to be inside of the range [0,num_bits].

This function adds num_bits/4 gates to the circuit description in order to add the range constraint.

Panics

This function will panic if the num_bits specified is not even, ie. num_bits % 2 != 0.

pub fn gate_add(&mut self, s: Constraint<C::Range>) -> PrivateWire

Evaluate and return o by appending a new constraint into the circuit.

Set q_o = (-1) and override the output of the constraint with: o := q_l · a + q_r · b + q_4 · d + q_c + PI

pub fn gate_mul(&mut self, s: Constraint<C::Range>) -> PrivateWire

Evaluate and return o by appending a new constraint into the circuit.

Set q_o = (-1) and override the output of the constraint with: o := q_m · a · b + q_4 · d + q_c + PI

Trait Implementations

impl<C: Clone + TwistedEdwardsAffine> Clone for Plonk<C>

where C::Range: Clone,

fn clone(&self) -> Plonk<C>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<C: TwistedEdwardsAffine> ConstraintSystem<C> for Plonk<C>

type Wire = PrivateWire

type Constraints = Vec<Constraint<<C as TwistedEdwardsCurve>::Range>>

fn initialize() -> Self

init constraint system

fn m(&self) -> usize

return constraints length

fn alloc_instance(&mut self, instance: C::Range) -> Self::Wire

allocate instance

fn alloc_witness(&mut self, witness: C::Range) -> Self::Wire

allocate witness

impl<C: Debug + TwistedEdwardsAffine> Debug for Plonk<C>

where C::Range: Debug,

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<C: TwistedEdwardsAffine> Index<PrivateWire> for Plonk<C>

type Output = <C as TwistedEdwardsCurve>::Range

The returned type after indexing.

fn index(&self, w: PrivateWire) -> &Self::Output

Performs the indexing (container[index]) operation.