#include <libsnark/gadgetlib1/gadgets/delegated_ra_memory/memory_load_gadget.hpp>#include <libsnark/gadgetlib1/gadgets/delegated_ra_memory/memory_load_store_gadget.hpp>#include <libsnark/relations/ram_computations/memory/delegated_ra_memory.hpp>#include <libsnark/relations/ram_computations/rams/ram_params.hpp>#include <libsnark/zk_proof_systems/pcd/r1cs_pcd/compliance_predicate/compliance_predicate.hpp>#include <libsnark/zk_proof_systems/pcd/r1cs_pcd/compliance_predicate/cp_handler.hpp>#include <numeric>#include <libsnark/zk_proof_systems/zksnark/ram_zksnark/ram_compliance_predicate.tcc>
Go to the source code of this file.
Namespaces | |
| libsnark | |
Detailed Description
Declaration of interfaces for a compliance predicate for RAM.
The implementation follows, extends, and optimizes the approach described in [BCTV14].
Essentially, the RAM's CPU, which is expressed as an R1CS constraint system, is augmented to obtain another R1CS constraint system that implements a RAM compliance predicate. This predicate is responsible for checking: (1) transitions from a CPU state to the next; (2) correct load/stores; and (3) corner cases such as the first and last steps of the machine. The first can be done by suitably embedding the RAM's CPU in the constraint system. The second can be done by verifying authentication paths for the values of memory. The third mostly consists of bookkeeping (with some subtleties arising from the need to not break zero knowledge).
The laying out of R1CS constraints is done via gadgetlib1 (a minimalistic library for writing R1CS constraint systems).
References:
[BCTV14]: "Scalable Zero Knowledge via Cycles of Elliptic Curves", Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, Madars Virza, CRYPTO 2014, http://eprint.iacr.org/2014/595
- Copyright
- MIT license (see LICENSE file)
Definition in file ram_compliance_predicate.hpp.
