Clearmatics Libsnark  0.1
C++ library for zkSNARK proofs
weierstrass_g1_gadget.hpp
Go to the documentation of this file.
1 
15 #ifndef WEIERSTRASS_G1_GADGET_HPP_
16 #define WEIERSTRASS_G1_GADGET_HPP_
17 
18 #include "libsnark/gadgetlib1/gadget.hpp"
19 #include "libsnark/gadgetlib1/gadgets/curves/scalar_multiplication.hpp"
20 #include "libsnark/gadgetlib1/gadgets/pairing/pairing_params.hpp"
21 
22 #include <libff/algebra/curves/public_params.hpp>
23 
24 namespace libsnark
25 {
26 
28 template<typename ppT> class G1_variable : public gadget<libff::Fr<ppT>>
29 {
30 public:
31  typedef libff::Fr<ppT> FieldT;
32 
33  pb_linear_combination<FieldT> X;
34  pb_linear_combination<FieldT> Y;
35 
36  pb_linear_combination_array<FieldT> all_vars;
37 
38  G1_variable(protoboard<FieldT> &pb, const std::string &annotation_prefix);
39  G1_variable(
40  protoboard<FieldT> &pb,
41  const libff::G1<other_curve<ppT>> &P,
42  const std::string &annotation_prefix);
43 
44  // NOTE: pb and annotation_prefix are redundant here, but required because
45  // of the inheritance from gadget (and in order to construct a new
46  // pb_linear_combination in operator-()).
47  G1_variable(
48  protoboard<FieldT> &pb,
49  const pb_linear_combination<FieldT> &X,
50  const pb_linear_combination<FieldT> &Y,
51  const std::string &annotation_prefix);
52 
53  G1_variable operator-() const;
54 
55  void generate_r1cs_witness(const libff::G1<other_curve<ppT>> &elt);
56 
57  libff::G1<other_curve<ppT>> get_element() const;
58 
59  // (See a comment in r1cs_ppzksnark_verifier_gadget.hpp about why
60  // we mark this function noinline.) TODO: remove later
61  static size_t __attribute__((noinline)) size_in_bits();
62  static size_t num_variables();
63 };
64 
68 template<typename ppT>
69 class G1_variable_selector_gadget : public gadget<libff::Fr<ppT>>
70 {
71 public:
72  using Field = libff::Fr<ppT>;
73 
74  const pb_linear_combination<Field> selector;
75  const G1_variable<ppT> zero_case;
76  const G1_variable<ppT> one_case;
77  G1_variable<ppT> result;
78 
79  G1_variable_selector_gadget(
80  protoboard<Field> &pb,
81  const pb_linear_combination<Field> &selector,
82  const G1_variable<ppT> &zero_case,
83  const G1_variable<ppT> &one_case,
84  const G1_variable<ppT> &result,
85  const std::string &annotation_prefix);
86 
87  void generate_r1cs_constraints();
88  void generate_r1cs_witness();
89 };
90 
94 template<typename ppT> class G1_checker_gadget : public gadget<libff::Fr<ppT>>
95 {
96 public:
97  typedef libff::Fr<ppT> FieldT;
98 
99  G1_variable<ppT> P;
100  pb_variable<FieldT> P_X_squared;
101  pb_variable<FieldT> P_Y_squared;
102 
103  G1_checker_gadget(
104  protoboard<FieldT> &pb,
105  const G1_variable<ppT> &P,
106  const std::string &annotation_prefix);
107  void generate_r1cs_constraints();
108  void generate_r1cs_witness();
109 };
110 
114 template<typename ppT> class G1_add_gadget : public gadget<libff::Fr<ppT>>
115 {
116 public:
117  typedef libff::Fr<ppT> FieldT;
118 
119  pb_variable<FieldT> lambda;
120  pb_variable<FieldT> inv;
121 
122  G1_variable<ppT> A;
123  G1_variable<ppT> B;
124  G1_variable<ppT> result;
125 
126  G1_add_gadget(
127  protoboard<FieldT> &pb,
128  const G1_variable<ppT> &A,
129  const G1_variable<ppT> &B,
130  const G1_variable<ppT> &result,
131  const std::string &annotation_prefix);
132  void generate_r1cs_constraints();
133  void generate_r1cs_witness();
134 };
135 
139 template<typename ppT> class G1_dbl_gadget : public gadget<libff::Fr<ppT>>
140 {
141 public:
142  typedef libff::Fr<ppT> FieldT;
143 
144  pb_variable<FieldT> Xsquared;
145  pb_variable<FieldT> lambda;
146 
147  G1_variable<ppT> A;
148  G1_variable<ppT> result;
149 
150  G1_dbl_gadget(
151  protoboard<FieldT> &pb,
152  const G1_variable<ppT> &A,
153  const G1_variable<ppT> &result,
154  const std::string &annotation_prefix);
155  void generate_r1cs_constraints();
156  void generate_r1cs_witness();
157 };
158 
162 template<typename ppT>
163 class G1_multiscalar_mul_gadget : public gadget<libff::Fr<ppT>>
164 {
165 public:
166  typedef libff::Fr<ppT> FieldT;
167 
168  std::vector<G1_variable<ppT>> computed_results;
169  std::vector<G1_variable<ppT>> chosen_results;
170  std::vector<G1_add_gadget<ppT>> adders;
171  std::vector<G1_dbl_gadget<ppT>> doublers;
172 
173  G1_variable<ppT> base;
174  pb_variable_array<FieldT> scalars;
175  std::vector<G1_variable<ppT>> points;
176  std::vector<G1_variable<ppT>> points_and_powers;
177  G1_variable<ppT> result;
178 
179  const size_t elt_size;
180  const size_t num_points;
181  const size_t scalar_size;
182 
183  G1_multiscalar_mul_gadget(
184  protoboard<FieldT> &pb,
185  const G1_variable<ppT> &base,
186  const pb_variable_array<FieldT> &scalars,
187  const size_t elt_size,
188  const std::vector<G1_variable<ppT>> &points,
189  const G1_variable<ppT> &result,
190  const std::string &annotation_prefix);
191  void generate_r1cs_constraints();
192  void generate_r1cs_witness();
193 };
194 
197 template<typename wppT, mp_size_t scalarLimbs>
198 using G1_mul_by_const_scalar_gadget = point_mul_by_const_scalar_gadget<
199  libff::G1<other_curve<wppT>>,
200  G1_variable<wppT>,
201  G1_add_gadget<wppT>,
202  G1_dbl_gadget<wppT>,
203  libff::bigint<scalarLimbs>>;
204 
205 template<typename wppT>
206 using G1_variable_or_identity =
207  variable_or_identity<wppT, libff::G1<other_curve<wppT>>, G1_variable<wppT>>;
208 
209 template<typename wppT>
210 using G1_variable_or_identity_selector_gadget = variable_or_identity_selector<
211  wppT,
212  libff::G1<other_curve<wppT>>,
213  G1_variable<wppT>,
214  G1_variable_selector_gadget<wppT>>;
215 
216 template<typename wppT>
217 using G1_variable_and_variable_or_identity_selector_gadget =
218  variable_and_variable_or_identity_selector<
219  wppT,
220  libff::G1<other_curve<wppT>>,
221  G1_variable<wppT>,
222  G1_variable_selector_gadget<wppT>>;
223 
224 template<typename wppT>
225 using G1_add_variable_or_identity_gadget = add_variable_or_identity<
226  wppT,
227  libff::G1<other_curve<wppT>>,
228  G1_variable<wppT>,
229  G1_variable_selector_gadget<wppT>,
230  G1_add_gadget<wppT>>;
231 
232 template<typename wppT>
233 using G1_add_variable_and_variable_or_identity_gadget =
234  add_variable_and_variable_or_identity<
235  wppT,
236  libff::G1<other_curve<wppT>>,
237  G1_variable<wppT>,
238  G1_variable_selector_gadget<wppT>,
239  G1_add_gadget<wppT>>;
240 
241 template<typename wppT>
242 using G1_dbl_variable_or_identity_gadget = dbl_variable_or_identity<
243  wppT,
244  libff::G1<other_curve<wppT>>,
245  G1_variable<wppT>,
246  G1_dbl_gadget<wppT>>;
247 
248 template<typename wppT>
249 using G1_mul_by_scalar_gadget = point_mul_by_scalar_gadget<
250  wppT,
251  libff::G1<other_curve<wppT>>,
252  G1_variable<wppT>,
253  G1_variable_selector_gadget<wppT>,
254  G1_add_gadget<wppT>,
255  G1_dbl_gadget<wppT>>;
256 
257 } // namespace libsnark
258 
259 #include <libsnark/gadgetlib1/gadgets/curves/weierstrass_g1_gadget.tcc>
260 
261 #endif // WEIERSTRASS_G1_GADGET_TCC_
libsnark::G1_multiscalar_mul_gadget::num_points
const size_t num_points
Definition: weierstrass_g1_gadget.hpp:180
libsnark::G1_variable::get_element
libff::G1< other_curve< ppT > > get_element() const
libsnark::gadget< libff::Fr< ppT > >::annotation_prefix
const std::string annotation_prefix
Definition: gadget.hpp:20
scalar_multiplication.hpp
libsnark::G1_checker_gadget
Definition: weierstrass_g1_gadget.hpp:94
libsnark::G1_checker_gadget::P_X_squared
pb_variable< FieldT > P_X_squared
Definition: weierstrass_g1_gadget.hpp:100
libsnark::G1_variable::Y
pb_linear_combination< FieldT > Y
Definition: weierstrass_g1_gadget.hpp:34
libsnark
Definition: accumulation_vector.hpp:18
libsnark::G1_add_gadget::lambda
pb_variable< FieldT > lambda
Definition: weierstrass_g1_gadget.hpp:119
libsnark::G1_add_gadget::result
G1_variable< ppT > result
Definition: weierstrass_g1_gadget.hpp:124
libsnark::G1_add_gadget::FieldT
libff::Fr< ppT > FieldT
Definition: weierstrass_g1_gadget.hpp:117
libsnark::G1_multiscalar_mul_gadget::FieldT
libff::Fr< ppT > FieldT
Definition: weierstrass_g1_gadget.hpp:166
libsnark::gadget< libff::Fr< ppT > >::pb
protoboard< libff::Fr< ppT > > & pb
Definition: gadget.hpp:19
libsnark::G1_variable_selector_gadget::result
G1_variable< ppT > result
Definition: weierstrass_g1_gadget.hpp:77
libsnark::G1_checker_gadget::G1_checker_gadget
G1_checker_gadget(protoboard< FieldT > &pb, const G1_variable< ppT > &P, const std::string &annotation_prefix)
libsnark::G1_add_gadget
Definition: weierstrass_g1_gadget.hpp:114
libsnark::G1_variable::num_variables
static size_t num_variables()
libsnark::G1_multiscalar_mul_gadget::scalar_size
const size_t scalar_size
Definition: weierstrass_g1_gadget.hpp:181
libsnark::G1_variable_selector_gadget
Definition: weierstrass_g1_gadget.hpp:69
libsnark::G1_add_gadget::B
G1_variable< ppT > B
Definition: weierstrass_g1_gadget.hpp:123
gadget.hpp
libsnark::G1_dbl_gadget::generate_r1cs_constraints
void generate_r1cs_constraints()
libsnark::dbl_variable_or_identity
Definition: scalar_multiplication.hpp:269
libsnark::G1_add_gadget::inv
pb_variable< FieldT > inv
Definition: weierstrass_g1_gadget.hpp:120
libsnark::G1_variable::generate_r1cs_witness
void generate_r1cs_witness(const libff::G1< other_curve< ppT >> &elt)
libsnark::G1_dbl_gadget::A
G1_variable< ppT > A
Definition: weierstrass_g1_gadget.hpp:147
libsnark::gadget
Definition: gadget.hpp:16
libsnark::G1_add_gadget::generate_r1cs_witness
void generate_r1cs_witness()
libsnark::add_variable_or_identity
Definition: scalar_multiplication.hpp:151
libsnark::G1_checker_gadget::P
G1_variable< ppT > P
Definition: weierstrass_g1_gadget.hpp:99
libsnark::G1_multiscalar_mul_gadget::base
G1_variable< ppT > base
Definition: weierstrass_g1_gadget.hpp:173
libsnark::G1_multiscalar_mul_gadget::scalars
pb_variable_array< FieldT > scalars
Definition: weierstrass_g1_gadget.hpp:174
libsnark::G1_variable_selector_gadget::generate_r1cs_constraints
void generate_r1cs_constraints()
libsnark::G1_variable::FieldT
libff::Fr< ppT > FieldT
Definition: weierstrass_g1_gadget.hpp:31
libsnark::G1_variable::all_vars
pb_linear_combination_array< FieldT > all_vars
Definition: weierstrass_g1_gadget.hpp:36
libsnark::G1_multiscalar_mul_gadget::result
G1_variable< ppT > result
Definition: weierstrass_g1_gadget.hpp:177
weierstrass_g1_gadget.tcc
libsnark::G1_variable_selector_gadget::zero_case
const G1_variable< ppT > zero_case
Definition: weierstrass_g1_gadget.hpp:75
libsnark::G1_multiscalar_mul_gadget::chosen_results
std::vector< G1_variable< ppT > > chosen_results
Definition: weierstrass_g1_gadget.hpp:169
libsnark::G1_checker_gadget::FieldT
libff::Fr< ppT > FieldT
Definition: weierstrass_g1_gadget.hpp:97
libsnark::G1_multiscalar_mul_gadget::adders
std::vector< G1_add_gadget< ppT > > adders
Definition: weierstrass_g1_gadget.hpp:170
libsnark::G1_variable_selector_gadget::generate_r1cs_witness
void generate_r1cs_witness()
libsnark::pb_linear_combination_array
Definition: pb_variable.hpp:118
libsnark::G1_dbl_gadget
Definition: weierstrass_g1_gadget.hpp:139
libsnark::G1_multiscalar_mul_gadget::points
std::vector< G1_variable< ppT > > points
Definition: weierstrass_g1_gadget.hpp:175
libsnark::G1_multiscalar_mul_gadget::elt_size
const size_t elt_size
Definition: weierstrass_g1_gadget.hpp:179
pairing_params.hpp
libsnark::G1_add_gadget::A
G1_variable< ppT > A
Definition: weierstrass_g1_gadget.hpp:122
libsnark::G1_checker_gadget::generate_r1cs_witness
void generate_r1cs_witness()
libsnark::G1_checker_gadget::P_Y_squared
pb_variable< FieldT > P_Y_squared
Definition: weierstrass_g1_gadget.hpp:101
libsnark::G1_variable_selector_gadget::G1_variable_selector_gadget
G1_variable_selector_gadget(protoboard< Field > &pb, const pb_linear_combination< Field > &selector, const G1_variable< ppT > &zero_case, const G1_variable< ppT > &one_case, const G1_variable< ppT > &result, const std::string &annotation_prefix)
libsnark::pb_linear_combination
Definition: pb_variable.hpp:101
libsnark::G1_multiscalar_mul_gadget::points_and_powers
std::vector< G1_variable< ppT > > points_and_powers
Definition: weierstrass_g1_gadget.hpp:176
libsnark::variable_or_identity_selector
Selector gadget for variable_or_identity.
Definition: scalar_multiplication.hpp:81
libsnark::variable_or_identity
Definition: scalar_multiplication.hpp:35
libsnark::G1_multiscalar_mul_gadget
Definition: weierstrass_g1_gadget.hpp:163
libsnark::G1_variable
Gadget that represents a G1 variable.
Definition: weierstrass_g1_gadget.hpp:28
libsnark::G1_variable_selector_gadget::Field
libff::Fr< ppT > Field
Definition: weierstrass_g1_gadget.hpp:72
libsnark::pb_variable
Definition: pb_variable.hpp:24
libsnark::G1_variable::X
pb_linear_combination< FieldT > X
Definition: weierstrass_g1_gadget.hpp:33
libsnark::G1_variable_selector_gadget::one_case
const G1_variable< ppT > one_case
Definition: weierstrass_g1_gadget.hpp:76
libsnark::G1_checker_gadget::generate_r1cs_constraints
void generate_r1cs_constraints()
libsnark::G1_add_gadget::G1_add_gadget
G1_add_gadget(protoboard< FieldT > &pb, const G1_variable< ppT > &A, const G1_variable< ppT > &B, const G1_variable< ppT > &result, const std::string &annotation_prefix)
libsnark::G1_multiscalar_mul_gadget::generate_r1cs_constraints
void generate_r1cs_constraints()
libsnark::G1_multiscalar_mul_gadget::generate_r1cs_witness
void generate_r1cs_witness()
libsnark::pb_variable_array
Definition: pb_variable.hpp:44
libsnark::other_curve
typename pairing_selector< ppT >::other_curve_type other_curve
Definition: pairing_params.hpp:117
libsnark::G1_dbl_gadget::Xsquared
pb_variable< FieldT > Xsquared
Definition: weierstrass_g1_gadget.hpp:144
libsnark::G1_variable::G1_variable
G1_variable(protoboard< FieldT > &pb, const std::string &annotation_prefix)
libsnark::G1_dbl_gadget::lambda
pb_variable< FieldT > lambda
Definition: weierstrass_g1_gadget.hpp:145
libsnark::G1_dbl_gadget::generate_r1cs_witness
void generate_r1cs_witness()
libsnark::G1_variable::operator-
G1_variable operator-() const
libsnark::G1_multiscalar_mul_gadget::G1_multiscalar_mul_gadget
G1_multiscalar_mul_gadget(protoboard< FieldT > &pb, const G1_variable< ppT > &base, const pb_variable_array< FieldT > &scalars, const size_t elt_size, const std::vector< G1_variable< ppT >> &points, const G1_variable< ppT > &result, const std::string &annotation_prefix)
libsnark::G1_dbl_gadget::FieldT
libff::Fr< ppT > FieldT
Definition: weierstrass_g1_gadget.hpp:142
libsnark::G1_multiscalar_mul_gadget::computed_results
std::vector< G1_variable< ppT > > computed_results
Definition: weierstrass_g1_gadget.hpp:168
libsnark::G1_multiscalar_mul_gadget::doublers
std::vector< G1_dbl_gadget< ppT > > doublers
Definition: weierstrass_g1_gadget.hpp:171
libsnark::G1_dbl_gadget::G1_dbl_gadget
G1_dbl_gadget(protoboard< FieldT > &pb, const G1_variable< ppT > &A, const G1_variable< ppT > &result, const std::string &annotation_prefix)
libsnark::G1_add_gadget::generate_r1cs_constraints
void generate_r1cs_constraints()
libsnark::G1_variable_selector_gadget::selector
const pb_linear_combination< Field > selector
Definition: weierstrass_g1_gadget.hpp:74
libsnark::G1_dbl_gadget::result
G1_variable< ppT > result
Definition: weierstrass_g1_gadget.hpp:148
libsnark::add_variable_and_variable_or_identity
Definition: scalar_multiplication.hpp:224
libsnark::point_mul_by_scalar_gadget
Definition: scalar_multiplication.hpp:342
libsnark::point_mul_by_const_scalar_gadget
Definition: scalar_multiplication.hpp:310
libsnark::variable_and_variable_or_identity_selector
Selector gadget for a variable_or_identity, and a variable.
Definition: scalar_multiplication.hpp:116
libsnark::protoboard
Definition: pb_variable.hpp:22
libsnark::G1_variable::__attribute__
static size_t __attribute__((noinline)) size_in_bits()
Generated on Wed Jan 25 2023 11:05:57 for Clearmatics Libsnark by   doxygen 1.8.17