Zeth - Zerocash on Ethereum  0.8
Reference implementation of the Zeth protocol by Clearmatics
Classes | Typedefs | Functions | Variables
libzeth Namespace Reference

Classes

class  bit_utils
 Compile-time computations related to bit representations of size_t values. More...
 
class  bits
 Generic class representing a bit-array of a specific size. More...
 
class  BLAKE2s_256
 
class  BLAKE2s_256_comp
 
class  chacha_rng
 
class  circuit_wrapper
 
class  COMM_cm_gadget
 
class  COMM_gadget
 
class  double_bit32_sum_eq_gadget
 
class  evaluator_from_lagrange
 
class  extended_proof
 
class  g_primitive
 
class  groth16_api_handler
 Implementation of API-related functions for the Groth16 snark. More...
 
class  groth16_snark
 Core types and operations for the GROTH16 snark. More...
 
class  hash_istream_wrapper
 Wrap some istream, hashing all data as it is read. More...
 
class  hash_ostream
 Simple ostream which hashes any incoming data and discards it. More...
 
class  hash_ostream_wrapper
 Wrap some ostream, hashing data as it is written. More...
 
class  hash_streambuf
 Internal streambuf for hash_ostream. Hash and discard all written data. More...
 
class  hash_streambuf_wrapper
 Internal streambuf for wrapped streams. Hash data and forward. More...
 
class  input_note_gadget
 
class  joinsplit_input
 
class  merkle_path_authenticator
 Merkle path authenticator, verifies computed root matches expected result. More...
 
class  merkle_path_compute
 
class  merkle_path_selector
 
class  merkle_tree_field
 
class  mimc_compression_function_selector
 
class  mimc_compression_function_selector< libff::alt_bn128_Fr >
 
class  mimc_compression_function_selector< libff::bls12_377_Fr >
 
class  mimc_compression_function_selector< libff::bw6_761_Fr >
 
class  mimc_compression_function_selector< libff::mnt4_Fr >
 
class  mimc_compression_function_selector< libff::mnt6_Fr >
 
class  mimc_input_hasher
 
class  MiMC_mp_gadget
 
class  MiMC_permutation_gadget
 
class  MiMC_round_gadget
 
class  mpc_hash
 
class  note_gadget
 
class  output_note_gadget
 Commit to the output notes of the Joinsplit. More...
 
class  pghr13_api_handler
 Implementation of API-related functions for the PGHR13 snark. More...
 
class  pghr13_snark
 
class  PRF_addr_a_pk_gadget
 
class  PRF_gadget
 
class  PRF_nf_gadget
 
class  PRF_pk_gadget
 
class  PRF_rho_gadget
 
class  sha256_ethereum
 
class  srs_lagrange_evaluations
 
class  srs_mpc_layer_L1
 
class  srs_mpc_phase2_accumulator
 
class  srs_mpc_phase2_challenge
 
class  srs_mpc_phase2_publickey
 
class  srs_mpc_phase2_response
 
class  srs_powersoftau
 
class  xor_constant_gadget
 
class  xor_gadget
 
class  xor_rot_gadget
 
class  zeth_note
 

Typedefs

template<typename FieldT >
using HashT = BLAKE2s_256< FieldT >
 
template<typename FieldT >
using HashTreeT = mimc_compression_function_gadget< FieldT >
 
template<typename ppT , typename snarkT >
using JoinsplitCircuitT = circuit_wrapper< HashT< libff::Fr< ppT > >, HashTreeT< libff::Fr< ppT > >, ppT, snarkT, libzeth::ZETH_NUM_JS_INPUTS, libzeth::ZETH_NUM_JS_OUTPUTS, libzeth::ZETH_MERKLE_TREE_DEPTH >
 
template<typename FieldT >
using mimc_compression_function_gadget = typename mimc_compression_function_selector< FieldT >::compression_function_gadget
 
using bits32 = bits< 32 >
 32-bit array More...
 
using bits64 = bits< 64 >
 64-bit array More...
 
using bits256 = bits< 256 >
 
using bits384 = bits< 384 >
 
template<size_t TreeDepth>
using bits_addr = bits< TreeDepth >
 
using hash_repr_word = uint32_t
 
using mpc_hash_t = size_t[MPC_HASH_ARRAY_LENGTH]
 
using mpc_hash_state_t = crypto_generichash_blake2b_state
 
using mpc_hash_ostream = hash_ostream< mpc_hash >
 
using mpc_hash_ostream_wrapper = hash_ostream_wrapper< mpc_hash >
 
using mpc_hash_istream_wrapper = hash_istream_wrapper< mpc_hash >
 
template<typename CollectionT >
using MemberT = typename std::decay< decltype((*(CollectionT *) nullptr)[0])>::type
 

Functions

template<typename FieldT >
libsnark::linear_combination< FieldT > packed_addition (const libsnark::pb_variable_array< FieldT > &input)
 
template<typename FieldT >
libsnark::pb_variable_array< FieldT > pb_variable_array_from_bit_vector (libsnark::protoboard< FieldT > &pb, const std::vector< bool > &bits, const std::string &annotation_prefix)
 
template<typename FieldT , typename HashT >
libsnark::pb_variable_array< FieldT > gen_256_zeroes (const libsnark::pb_variable< FieldT > &ZERO)
 
template<typename FieldT >
libsnark::pb_variable_array< FieldT > get_tag_addr (const libsnark::pb_variable< FieldT > &ZERO, const libsnark::pb_variable_array< FieldT > &x)
 
template<typename FieldT >
libsnark::pb_variable_array< FieldT > get_tag_nf (const libsnark::pb_variable< FieldT > &ZERO, const libsnark::pb_variable_array< FieldT > &a_sk)
 
template<typename FieldT >
libsnark::pb_variable_array< FieldT > get_tag_pk (const libsnark::pb_variable< FieldT > &ZERO, const libsnark::pb_variable_array< FieldT > &a_sk, size_t index)
 
template<typename FieldT >
libsnark::pb_variable_array< FieldT > get_tag_rho (const libsnark::pb_variable< FieldT > &ZERO, const libsnark::pb_variable_array< FieldT > &phi, size_t index)
 
std::size_t subtract_with_clamp (std::size_t a, std::size_t b)
 
size_t subtract_with_clamp (size_t a, size_t b)
 
std::vector< bool > bit_vector_from_hex (const std::string &hex_str)
 
std::vector< bool > bit_vector_from_size_t_le (size_t x)
 Returns the little endian binary encoding of the integer x. More...
 
std::vector< bool > bit_vector_from_size_t_be (size_t x)
 Returns the big endian binary encoding of the integer x. More...
 
void bit_vector_write_string (const std::vector< bool > &bits, std::ostream &out_s)
 
template<size_t numBits>
bits< numBits > bits_xor (const bits< numBits > &a, const bits< numBits > &b)
 XOR two binary strings of the same length. More...
 
template<size_t numBits>
bits< numBits > bits_add (const bits< numBits > &a, const bits< numBits > &b, bool with_carry=false)
 Sum 2 binary strings with or without carry. More...
 
template<typename FieldT >
std::string base_field_element_to_hex (const FieldT &field_el)
 
template<typename FieldT >
FieldT base_field_element_from_hex (const std::string &field_str)
 
template<typename FieldT >
void field_element_write_json (const FieldT &el, std::ostream &out_s)
 
template<typename FieldT >
void field_element_read_json (FieldT &el, std::istream &in_s)
 
template<typename FieldT >
std::string field_element_to_json (const FieldT &el)
 
template<typename FieldT >
FieldT field_element_from_json (const std::string &json)
 
template<typename FieldT >
void field_element_write_bytes (const FieldT &el, std::ostream &out_s)
 
template<typename FieldT >
void field_element_read_bytes (FieldT &el, std::istream &in_s)
 
template<typename GroupT >
void group_element_write_json (const GroupT &point, std::ostream &out_s)
 Write a group element as a json string to a stream. More...
 
template<typename GroupT >
void group_element_read_json (GroupT &point, std::istream &in_s)
 Read a JSON string from a stream and convert it into a group element. More...
 
template<typename GroupT >
std::string group_element_to_json (const GroupT &point)
 Convert a group element to a json string (array of hexadecimal strings). More...
 
template<typename GroupT >
GroupT group_element_from_json (const std::string &json)
 Convert a JSON string into a group element. More...
 
template<typename GroupT >
void group_element_write_bytes (const GroupT &point, std::ostream &out_s)
 
template<typename GroupT >
void group_element_read_bytes (GroupT &point, std::istream &in_s)
 
template<typename GroupCollectionT >
void group_elements_write_bytes (const GroupCollectionT &points, std::ostream &out_s)
 
template<typename GroupCollectionT >
void group_elements_read_bytes (GroupCollectionT &points, std::istream &in_s)
 
template<typename FieldT , typename GroupT >
GroupT multi_exp (typename std::vector< GroupT >::const_iterator gs_start, typename std::vector< GroupT >::const_iterator gs_end, typename std::vector< FieldT >::const_iterator fs_start, typename std::vector< FieldT >::const_iterator fs_end)
 
template<typename ppT , typename GroupT >
GroupT multi_exp (const std::vector< GroupT > &gs, const libff::Fr_vector< ppT > &fs)
 
uint8_t char_to_nibble (const char c)
 
void hex_to_bytes (const std::string &hex, void *dest, size_t bytes)
 Convert hex to bytes (first chars at lowest address) More...
 
void hex_to_bytes_reversed (const std::string &hex, void *dest, size_t bytes)
 
std::string hex_to_bytes (const std::string &s)
 Decode hexadecimal string to an std::string of bytes. More...
 
std::string bytes_to_hex (const void *bytes, size_t num_bytes, bool prefix)
 
std::string bytes_to_hex_reversed (const void *bytes, size_t num_bytes, bool prefix)
 
template<typename T >
swap_byte_endianness (T v)
 
template<typename StructuredT >
void check_well_formed (const StructuredT &v, const char *name)
 
template<typename StructuredTs >
bool container_is_well_formed (const StructuredTs &values)
 
void mpc_hash_init (mpc_hash_state_t &state)
 
void mpc_hash_update (mpc_hash_state_t &state, const void *in, size_t size)
 
void mpc_hash_final (mpc_hash_state_t &state, mpc_hash_t out_hash)
 
void mpc_compute_hash (mpc_hash_t out_hash, const void *data, size_t data_size)
 
void mpc_compute_hash (mpc_hash_t out_hash, const std::string &data)
 
void mpc_hash_write (const mpc_hash_t hash, std::ostream &out)
 
bool mpc_hash_read (mpc_hash_t out_hash, std::istream &in)
 
template<typename ppT >
srs_mpc_layer_L1< ppT > mpc_compute_linearcombination (const srs_powersoftau< ppT > &pot, const srs_lagrange_evaluations< ppT > &lagrange, const libsnark::qap_instance< libff::Fr< ppT >> &qap)
 
template<mp_size_t n, const libff::bigint< n > & modulus>
void srs_mpc_digest_to_fp (const mpc_hash_t transcript_digest, libff::Fp_model< n, modulus > &out_fr)
 
template<typename ppT >
libff::G2< ppT > srs_mpc_digest_to_g2 (const mpc_hash_t digest)
 
template<typename ppT >
srs_mpc_phase2_accumulator< ppT > srs_mpc_phase2_begin (const mpc_hash_t cs_hash, const srs_mpc_layer_L1< ppT > &layer_L1, size_t num_inputs)
 
template<typename ppT >
srs_mpc_phase2_publickey< ppT > srs_mpc_phase2_compute_public_key (const mpc_hash_t transcript_digest, const libff::G1< ppT > &last_delta, const libff::Fr< ppT > &secret)
 
template<typename ppT >
bool srs_mpc_phase2_verify_publickey (const libff::G1< ppT > last_delta_g1, const srs_mpc_phase2_publickey< ppT > &publickey)
 
template<typename ppT >
srs_mpc_phase2_accumulator< ppT > srs_mpc_phase2_update_accumulator (const srs_mpc_phase2_accumulator< ppT > &last_accum, const libff::Fr< ppT > &delta_j)
 
template<typename ppT >
bool srs_mpc_phase2_update_is_consistent (const srs_mpc_phase2_accumulator< ppT > &last, const srs_mpc_phase2_accumulator< ppT > &updated)
 
template<typename ppT >
bool srs_mpc_phase2_verify_update (const srs_mpc_phase2_accumulator< ppT > &last, const srs_mpc_phase2_accumulator< ppT > &updated, const srs_mpc_phase2_publickey< ppT > &publickey)
 
template<typename ppT >
srs_mpc_phase2_challenge< ppT > srs_mpc_phase2_initial_challenge (srs_mpc_phase2_accumulator< ppT > &&initial_accumulator)
 
template<typename ppT >
srs_mpc_phase2_response< ppT > srs_mpc_phase2_compute_response (const srs_mpc_phase2_challenge< ppT > &challenge, const libff::Fr< ppT > &delta_j)
 
template<typename ppT >
bool srs_mpc_phase2_verify_response (const srs_mpc_phase2_challenge< ppT > &challenge, const srs_mpc_phase2_response< ppT > &response)
 
template<typename ppT >
srs_mpc_phase2_challenge< ppT > srs_mpc_phase2_compute_challenge (srs_mpc_phase2_response< ppT > &&response)
 
template<typename ppT , bool enable_contribution_check = true>
bool srs_mpc_phase2_verify_transcript (const mpc_hash_t initial_transcript_digest, const libff::G1< ppT > &initial_delta, const mpc_hash_t check_for_contribution, std::istream &transcript_stream, libff::G1< ppT > &out_final_delta, mpc_hash_t out_final_transcript_digest, bool &out_contribution_found)
 
template<typename ppT >
bool srs_mpc_phase2_verify_transcript (const mpc_hash_t initial_transcript_digest, const libff::G1< ppT > &initial_delta, std::istream &transcript_stream, libff::G1< ppT > &out_final_delta, mpc_hash_t out_final_transcript_digest)
 
template<typename ppT >
srs_mpc_phase2_challenge< ppT > srs_mpc_dummy_phase2 (const srs_mpc_layer_L1< ppT > &layer1, const libff::Fr< ppT > &delta, size_t num_inputs)
 
template<typename ppT , libff::multi_exp_base_form BaseForm = libff::multi_exp_base_form_normal>
libsnark::r1cs_gg_ppzksnark_keypair< ppT > mpc_create_key_pair (srs_powersoftau< ppT > &&pot, srs_mpc_layer_L1< ppT > &&layer1, srs_mpc_phase2_accumulator< ppT > &&layer2, libsnark::r1cs_constraint_system< libff::Fr< ppT >> &&cs, const libsnark::qap_instance< libff::Fr< ppT >> &qap)
 
template<>
void read_powersoftau_g2< libff::alt_bn128_pp > (std::istream &in, libff::alt_bn128_G2 &out)
 
template<>
void write_powersoftau_g2< libff::alt_bn128_pp > (std::ostream &out, const libff::alt_bn128_G2 &g2)
 
template<typename ppT >
srs_powersoftau< ppT > dummy_powersoftau_from_secrets (const libff::Fr< ppT > &tau, const libff::Fr< ppT > &alpha, const libff::Fr< ppT > &beta, size_t n)
 
template<typename ppT >
srs_powersoftau< ppT > dummy_powersoftau (size_t n)
 
template<typename ppT >
void read_powersoftau_fr (std::istream &in, libff::Fr< ppT > &fr_out)
 
template<typename ppT >
void read_powersoftau_g1 (std::istream &in, libff::G1< ppT > &out)
 
template<typename ppT >
void read_powersoftau_g2 (std::istream &in, libff::G2< ppT > &out)
 
template<typename ppT >
void write_powersoftau_fr (std::ostream &out, const libff::Fr< ppT > &fr)
 
template<typename ppT >
void write_powersoftau_g1 (std::ostream &out, const libff::G1< ppT > &g1)
 
template<typename ppT >
void write_powersoftau_g2 (std::ostream &out, const libff::G2< ppT > &g2)
 
template<typename ppT >
srs_powersoftau< ppT > powersoftau_load (std::istream &in, size_t n)
 
template<typename ppT >
void powersoftau_write (std::ostream &out, const srs_powersoftau< ppT > &pot)
 
template<typename ppT >
bool same_ratio (const libff::G1< ppT > &a1, const libff::G1< ppT > &b1, const libff::G2< ppT > &a2, const libff::G2< ppT > &b2)
 
template<typename ppT >
bool same_ratio_vectors (const std::vector< libff::G1< ppT >> &a1s, const std::vector< libff::G1< ppT >> &b1s, const libff::G2< ppT > &a2, const libff::G2< ppT > &b2)
 
template<typename ppT >
bool same_ratio_vectors (const libff::G1< ppT > &a1, const libff::G1< ppT > &b1, const std::vector< libff::G2< ppT >> &a2s, const std::vector< libff::G2< ppT >> &b2s)
 same_ratio_vectors implementation for vectors of G2 elements. More...
 
template<typename ppT >
bool same_ratio_consecutive (const std::vector< libff::G1< ppT >> &a1s, const libff::G2< ppT > &a2, const libff::G2< ppT > &b2)
 
template<typename ppT >
bool same_ratio_consecutive (const libff::G1< ppT > &a1, const libff::G1< ppT > &b1, const std::vector< libff::G2< ppT >> &a2s)
 same_ratio_consecutive implementation for vectors of G2 elements. More...
 
template<typename ppT >
bool powersoftau_is_well_formed (const srs_powersoftau< ppT > &pot)
 Verify that the pot data is well formed. More...
 
template<typename ppT >
srs_lagrange_evaluations< ppT > powersoftau_compute_lagrange_evaluations (const srs_powersoftau< ppT > &pot, const size_t n)
 
boost::filesystem::path get_path_to_setup_directory ()
 
boost::filesystem::path get_path_to_debug_directory ()
 
template<>
std::string pp_name< libff::alt_bn128_pp > ()
 
template<>
std::string pp_name< libff::bls12_377_pp > ()
 
template<>
std::string pp_name< libff::bw6_761_pp > ()
 
zeth_note zeth_note_from_proto (const zeth_proto::ZethNote &note)
 
template<typename ppT >
zeth_proto::Group1Point point_g1_affine_to_proto (const libff::G1< ppT > &point)
 
template<typename ppT >
libff::G1< ppT > point_g1_affine_from_proto (const zeth_proto::Group1Point &point)
 
template<typename ppT >
zeth_proto::Group2Point point_g2_affine_to_proto (const libff::G2< ppT > &point)
 
template<typename ppT >
libff::G2< ppT > point_g2_affine_from_proto (const zeth_proto::Group2Point &point)
 
template<typename FieldT , size_t TreeDepth>
joinsplit_input< FieldT, TreeDepth > joinsplit_input_from_proto (const zeth_proto::JoinsplitInput &input)
 
template<typename ppT >
std::string pp_name ()
 
template<typename ppT >
void pp_to_proto (zeth_proto::PairingParameters &pp_proto)
 Populate a protobuf description of some pairing parameters. More...
 
template<typename FieldT >
std::ostream & primary_inputs_write_json (const std::vector< FieldT > &public_inputs, std::ostream &out_s)
 
template<typename FieldT >
std::istream & primary_inputs_read_json (std::vector< FieldT > &public_inputs, std::istream &in_s)
 
template<typename ppT >
std::string accumulation_vector_to_json (const libsnark::accumulation_vector< libff::G1< ppT >> &acc_vector)
 
template<typename ppT >
libsnark::accumulation_vector< libff::G1< ppT > > accumulation_vector_from_json (const std::string &acc_vector_str)
 
template<typename FieldT >
std::ostream & r1cs_write_json (const libsnark::r1cs_constraint_system< FieldT > &r1cs, std::ostream &out_s)
 
template<typename FieldT >
void r1cs_read_bytes (libsnark::r1cs_constraint_system< FieldT > &r1cs, std::istream &in_s)
 
template<typename FieldT >
void r1cs_write_bytes (const libsnark::r1cs_constraint_system< FieldT > &r1cs, std::ostream &out_s)
 
template<typename FieldT >
void r1cs_variable_assignment_read_bytes (libsnark::r1cs_variable_assignment< FieldT > &assignment, std::istream &in_s)
 
template<typename FieldT >
void r1cs_variable_assignment_read_bytes (libsnark::r1cs_primary_input< FieldT > &primary, libsnark::r1cs_auxiliary_input< FieldT > &auxiliary, const size_t primary_input_size, std::istream &in_s)
 
template<typename FieldT >
void r1cs_variable_assignment_write_bytes (const libsnark::r1cs_variable_assignment< FieldT > &assignment, std::ostream &out_s)
 
template<typename FieldT >
void r1cs_variable_assignment_write_bytes (const libsnark::r1cs_primary_input< FieldT > &primary, const libsnark::r1cs_auxiliary_input< FieldT > &auxiliary, std::ostream &out_s)
 
template<typename T >
std::enable_if< std::is_fundamental< T >::value, T >::type read_bytes (std::istream &in_s)
 Read a primitive datatype from a stream as raw bytes. More...
 
template<typename T >
std::enable_if< std::is_fundamental< T >::value, void >::type read_bytes (T &val, std::istream &in_s)
 Read a primitive datatype from a stream as raw bytes. More...
 
template<typename T >
std::enable_if< std::is_fundamental< T >::value, void >::type write_bytes (const T &val, std::ostream &out_s)
 
template<typename CollectionT , void(WriterT)(const MemberT< CollectionT > &, std::ostream &) >
void collection_n_write_bytes (const CollectionT &collection, const size_t n, std::ostream &out_s)
 
template<typename CollectionT , void(ReaderT)(MemberT< CollectionT > &, std::istream &) >
void collection_n_read_bytes_n (CollectionT &collection, const size_t n, std::istream &in_s)
 
template<typename CollectionT , void(WriterT)(const MemberT< CollectionT > &, std::ostream &) >
void collection_write_bytes (const CollectionT &collection, std::ostream &out_s)
 
template<typename CollectionT , void(ReaderT)(MemberT< CollectionT > &, std::istream &) >
void collection_read_bytes (CollectionT &points, std::istream &in_s)
 
template<typename T , void(ReaderFn)(T &, std::istream &) >
void sparse_vector_read_bytes (libsnark::sparse_vector< T > &sparse_vector, std::istream &in_s)
 
template<typename T , void(WriterFn)(const T &, std::ostream &) >
void sparse_vector_write_bytes (const libsnark::sparse_vector< T > &sparse_vector, std::ostream &out_s)
 
template<typename T , void(ReaderFn)(T &, std::istream &) >
void accumulation_vector_read_bytes (libsnark::accumulation_vector< T > &acc_vector, std::istream &in_s)
 
template<typename T , void(WriterFn)(const T &, std::ostream &) >
void accumulation_vector_write_bytes (const libsnark::accumulation_vector< T > &acc_vector, std::ostream &out_s)
 
template<typename kcT >
void knowledge_commitment_read_bytes (kcT &knowledge_commitment, std::istream &in_s)
 
template<typename kcT >
void knowledge_commitment_write_bytes (const kcT &knowledge_commitment, std::ostream &out_s)
 
template<typename kcvectorT >
void knowledge_commitment_vector_read_bytes (kcvectorT &knowledge_commitment, std::istream &in_s)
 
template<typename kcvectorT >
void knowledge_commitment_vector_write_bytes (const kcvectorT &knowledge_commitment, std::ostream &out_s)
 

Variables

const size_t BLAKE2s_digest_size = 256
 
const size_t BLAKE2s_block_size = 512
 
const size_t BLAKE2s_word_number = 16
 Number of words composing the state of BLAKE2s. More...
 
const size_t BLAKE2s_word_size = 32
 Bit-length of the words composing the state of BLAKE2s. More...
 
const size_t SHA256_ETH_digest_size = 256
 
const size_t SHA256_ETH_block_size = 512
 

Detailed Description

RNG based on: https://docs.rs/rand/0.4.6/src/rand/prng/chacha.rs.html

Typedef Documentation

◆ bits256

using libzeth::bits256 = typedef bits<256>

Definition at line 75 of file bits.hpp.

◆ bits32

using libzeth::bits32 = typedef bits<32>

32-bit array

Definition at line 69 of file bits.hpp.

◆ bits384

using libzeth::bits384 = typedef bits<384>

Definition at line 77 of file bits.hpp.

◆ bits64

using libzeth::bits64 = typedef bits<64>

64-bit array

Definition at line 72 of file bits.hpp.

◆ bits_addr

template<size_t TreeDepth>
using libzeth::bits_addr = typedef bits<TreeDepth>

Definition at line 79 of file bits.hpp.

◆ hash_repr_word

using libzeth::hash_repr_word = typedef uint32_t

Definition at line 14 of file mpc_hash.cpp.

◆ HashT

template<typename FieldT >
using libzeth::HashT = typedef BLAKE2s_256<FieldT>

Definition at line 24 of file circuit_types.hpp.

◆ HashTreeT

template<typename FieldT >
using libzeth::HashTreeT = typedef mimc_compression_function_gadget<FieldT>

Definition at line 28 of file circuit_types.hpp.

◆ JoinsplitCircuitT

template<typename ppT , typename snarkT >
using libzeth::JoinsplitCircuitT = typedef circuit_wrapper< HashT<libff::Fr<ppT> >, HashTreeT<libff::Fr<ppT> >, ppT, snarkT, libzeth::ZETH_NUM_JS_INPUTS, libzeth::ZETH_NUM_JS_OUTPUTS, libzeth::ZETH_MERKLE_TREE_DEPTH>

Definition at line 38 of file circuit_types.hpp.

◆ MemberT

template<typename CollectionT >
using libzeth::MemberT = typedef typename std::decay<decltype((*(CollectionT *)nullptr)[0])>::type

Statically derive the type of the element contained in a (vector-like) collection.

Definition at line 20 of file stream_utils.hpp.

◆ mimc_compression_function_gadget

template<typename FieldT >
using libzeth::mimc_compression_function_gadget = typedef typename mimc_compression_function_selector< FieldT>::compression_function_gadget

Definition at line 73 of file mimc_selector.hpp.

◆ mpc_hash_istream_wrapper

using libzeth::mpc_hash_istream_wrapper = typedef hash_istream_wrapper<mpc_hash>

Definition at line 55 of file mpc_hash.hpp.

◆ mpc_hash_ostream

using libzeth::mpc_hash_ostream = typedef hash_ostream<mpc_hash>

Definition at line 53 of file mpc_hash.hpp.

◆ mpc_hash_ostream_wrapper

using libzeth::mpc_hash_ostream_wrapper = typedef hash_ostream_wrapper<mpc_hash>

Definition at line 54 of file mpc_hash.hpp.

◆ mpc_hash_state_t

using libzeth::mpc_hash_state_t = typedef crypto_generichash_blake2b_state

Definition at line 22 of file mpc_hash.hpp.

◆ mpc_hash_t

using libzeth::mpc_hash_t = typedef size_t[MPC_HASH_ARRAY_LENGTH]

Definition at line 21 of file mpc_hash.hpp.

Function Documentation

◆ accumulation_vector_from_json()

template<typename ppT >
libsnark::accumulation_vector<libff::G1<ppT> > libzeth::accumulation_vector_from_json ( const std::string &  acc_vector_str)

A valid string is on the form: "[[\"0x...", ..., "0x..."], ..., ["0x...", ... "0x..."]]" As such, we verify the prefix and suffix of the input string to verify that it starts with "[[" and finishes with "]]".

TODO: Have proper and more robust implementation.

◆ accumulation_vector_read_bytes()

template<typename T , void(ReaderFn)(T &, std::istream &) >
void libzeth::accumulation_vector_read_bytes ( libsnark::accumulation_vector< T > &  acc_vector,
std::istream &  in_s 
)

◆ accumulation_vector_to_json()

template<typename ppT >
std::string libzeth::accumulation_vector_to_json ( const libsnark::accumulation_vector< libff::G1< ppT >> &  acc_vector)

◆ accumulation_vector_write_bytes()

template<typename T , void(WriterFn)(const T &, std::ostream &) >
void libzeth::accumulation_vector_write_bytes ( const libsnark::accumulation_vector< T > &  acc_vector,
std::ostream &  out_s 
)

◆ base_field_element_from_hex()

template<typename FieldT >
FieldT libzeth::base_field_element_from_hex ( const std::string &  field_str)

Convert a plain hex string (without any JSON decoration such as '"') to a base field element (single component).

◆ base_field_element_to_hex()

template<typename FieldT >
std::string libzeth::base_field_element_to_hex ( const FieldT &  field_el)

Convert a base field element (single component) to a hexadecimal string (without any JSON decoration such as '"').

Here is the caller graph for this function:

◆ bit_vector_from_hex()

std::vector< bool > libzeth::bit_vector_from_hex ( const std::string &  str)

Takes a hexadecimal string and converts it into a bit-vector. Throws an exception if called with an invalid hexadecimal string.

Definition at line 13 of file bits.cpp.

14 {
15  std::vector<bool> result;
16  result.reserve(4 * hex_str.size());
17  for (char c : hex_str) {
18  const uint8_t nibble = char_to_nibble(c);
19  result.push_back(nibble & 8);
20  result.push_back(nibble & 4);
21  result.push_back(nibble & 2);
22  result.push_back(nibble & 1);
23  }
24 
25  return result;
26 }
Here is the call graph for this function:

◆ bit_vector_from_size_t_be()

std::vector< bool > libzeth::bit_vector_from_size_t_be ( size_t  x)

Returns the big endian binary encoding of the integer x.

Definition at line 39 of file bits.cpp.

40 {
41  std::vector<bool> res;
42  size_t num_bits = 8 * sizeof(size_t);
43  const size_t mask = 1ULL << (num_bits - 1);
44 
45  // Remove 0-bits at the front
46  while (num_bits > 0) {
47  if ((x & mask) != 0) {
48  break;
49  }
50  x = x << 1;
51  --num_bits;
52  }
53 
54  // Pre-allocate and fill the vector with remaining bits
55  res.reserve(num_bits);
56  while (num_bits > 0) {
57  res.push_back((x & mask) != 0);
58  x = x << 1;
59  --num_bits;
60  }
61 
62  return res;
63 }

◆ bit_vector_from_size_t_le()

std::vector< bool > libzeth::bit_vector_from_size_t_le ( size_t  x)

Returns the little endian binary encoding of the integer x.

Definition at line 28 of file bits.cpp.

29 {
30  std::vector<bool> ret;
31  while (x) {
32  ret.push_back((x & 1) != 0);
33  x >>= 1;
34  }
35 
36  return ret;
37 }

◆ bit_vector_write_string()

void libzeth::bit_vector_write_string ( const std::vector< bool > &  bits,
std::ostream &  out_s 
)

Definition at line 65 of file bits.cpp.

66 {
67  out_s << "{";
68  for (size_t i = 0; i < bits.size() - 1; ++i) {
69  out_s << bits[i] << ", ";
70  }
71  out_s << bits[bits.size() - 1] << "}\n";
72 }

◆ bits_add()

template<size_t numBits>
bits<numBits> libzeth::bits_add ( const bits< numBits > &  a,
const bits< numBits > &  b,
bool  with_carry = false 
)

Sum 2 binary strings with or without carry.

◆ bits_xor()

template<size_t numBits>
bits<numBits> libzeth::bits_xor ( const bits< numBits > &  a,
const bits< numBits > &  b 
)

XOR two binary strings of the same length.

◆ bytes_to_hex()

std::string libzeth::bytes_to_hex ( const void *  bytes,
size_t  num_bytes,
bool  prefix = false 
)

Encode bytes as a hex string. If prefix is true, the string is prepended with "0x".

Definition at line 105 of file utils.cpp.

106 {
107  std::string out;
108  if (prefix) {
109  out.reserve(num_bytes * 2 + 2);
110  out.push_back('0');
111  out.push_back('x');
112  } else {
113  out.reserve(num_bytes * 2);
114  }
115 
116  const uint8_t *in = (const uint8_t *)bytes;
117  for (size_t i = 0; i < num_bytes; ++i) {
118  const uint8_t byte = in[i];
119  out.push_back(nibble_hex(byte >> 4));
120  out.push_back(nibble_hex(byte & 0x0f));
121  }
122 
123  return out;
124 }
Here is the caller graph for this function:

◆ bytes_to_hex_reversed()

std::string libzeth::bytes_to_hex_reversed ( const void *  bytes,
size_t  num_bytes,
bool  prefix = false 
)

Encode bytes as a hex string. If prefix is true, the string is prepended with "0x".

Definition at line 126 of file utils.cpp.

128 {
129  if (num_bytes == 0) {
130  return "";
131  }
132 
133  std::string out;
134  if (prefix) {
135  out.reserve(num_bytes * 2 + 2);
136  out.push_back('0');
137  out.push_back('x');
138  } else {
139  out.reserve(num_bytes * 2);
140  }
141 
142  const uint8_t *const src_bytes_end = (const uint8_t *)bytes;
143  const uint8_t *src_bytes = src_bytes_end + num_bytes;
144  do {
145  --src_bytes;
146  const uint8_t byte = *src_bytes;
147  out.push_back(nibble_hex(byte >> 4));
148  out.push_back(nibble_hex(byte & 0x0f));
149  } while (src_bytes > src_bytes_end);
150 
151  return out;
152 }

◆ char_to_nibble()

uint8_t libzeth::char_to_nibble ( const char  c)

Convert a single character to a nibble (uint8_t < 0x10). Throws std::invalid_argument if the character is invalid.

Definition at line 15 of file utils.cpp.

16 {
17  const char cc = (char)std::tolower(c);
18  if (cc < '0') {
19  throw std::invalid_argument("invalid hex character");
20  }
21  if (cc <= '9') {
22  return cc - '0';
23  }
24  if (cc < 'a') {
25  throw std::invalid_argument("invalid hex character");
26  }
27  if (cc <= 'f') {
28  return cc - 'a' + 10;
29  }
30  throw std::invalid_argument("invalid hex character");
31 }
Here is the caller graph for this function:

◆ check_well_formed()

template<typename StructuredT >
void libzeth::check_well_formed ( const StructuredT &  v,
const char *  name 
)

Convenience function to throw if input is not well-formed. Here StructuredT is assumed to have the form:

{ bool is_well_formed() const; }

◆ collection_n_read_bytes_n()

template<typename CollectionT , void(ReaderT)(MemberT< CollectionT > &, std::istream &) >
void libzeth::collection_n_read_bytes_n ( CollectionT &  collection,
const size_t  n,
std::istream &  in_s 
)

Read n element using a specified reader function, appending to the given collection.

◆ collection_n_write_bytes()

template<typename CollectionT , void(WriterT)(const MemberT< CollectionT > &, std::ostream &) >
void libzeth::collection_n_write_bytes ( const CollectionT &  collection,
const size_t  n,
std::ostream &  out_s 
)

Write the first n from a collection of values, using a specified writer function.

◆ collection_read_bytes()

template<typename CollectionT , void(ReaderT)(MemberT< CollectionT > &, std::istream &) >
void libzeth::collection_read_bytes ( CollectionT &  points,
std::istream &  in_s 
)

Read a collection of group elements as bytes, using group_elements_read_bytes.

◆ collection_write_bytes()

template<typename CollectionT , void(WriterT)(const MemberT< CollectionT > &, std::ostream &) >
void libzeth::collection_write_bytes ( const CollectionT &  collection,
std::ostream &  out_s 
)

Write a full collection of group elements to a stream as bytes, using a specific writer function.

◆ container_is_well_formed()

template<typename StructuredTs >
bool libzeth::container_is_well_formed ( const StructuredTs &  values)

For some iterable container of objects comforming to StructuredT, throw if any entry is not well-formed.

◆ dummy_powersoftau()

template<typename ppT >
srs_powersoftau<ppT> libzeth::dummy_powersoftau ( size_t  n)

Same as dummy_powersoftau_from_secrets(), where the secrets are not of interest.

◆ dummy_powersoftau_from_secrets()

template<typename ppT >
srs_powersoftau<ppT> libzeth::dummy_powersoftau_from_secrets ( const libff::Fr< ppT > &  tau,
const libff::Fr< ppT > &  alpha,
const libff::Fr< ppT > &  beta,
size_t  n 
)

Given some secrets, compute a dummy set of powersoftau, for circuits with polynomials A, B, C order-bound by n .

◆ field_element_from_json()

template<typename FieldT >
FieldT libzeth::field_element_from_json ( const std::string &  json)

◆ field_element_read_bytes()

template<typename FieldT >
void libzeth::field_element_read_bytes ( FieldT &  el,
std::istream &  in_s 
)

Read a field element as bytes, in the format described for field_element_write_bytes.

◆ field_element_read_json()

template<typename FieldT >
void libzeth::field_element_read_json ( FieldT &  el,
std::istream &  in_s 
)

◆ field_element_to_json()

template<typename FieldT >
std::string libzeth::field_element_to_json ( const FieldT &  el)

◆ field_element_write_bytes()

template<typename FieldT >
void libzeth::field_element_write_bytes ( const FieldT &  el,
std::ostream &  out_s 
)

Write a field element as bytes. Base field elements are written in plain (non-Montgomery) form as fixed-size big-endian integers. Extension field elements are written as a series of components.

◆ field_element_write_json()

template<typename FieldT >
void libzeth::field_element_write_json ( const FieldT &  el,
std::ostream &  out_s 
)

◆ gen_256_zeroes()

template<typename FieldT , typename HashT >
libsnark::pb_variable_array<FieldT> libzeth::gen_256_zeroes ( const libsnark::pb_variable< FieldT > &  ZERO)

◆ get_path_to_debug_directory()

boost::filesystem::path libzeth::get_path_to_debug_directory ( )

This function returns the path to the debug directory used in Zeth. It assumes that the host OS is compliant with the POSIX specification since it assumes that the HOME environment variable is set. See: https://pubs.opengroup.org/onlinepubs/9699919799/

Definition at line 28 of file filesystem_util.cpp.

29 {
30  const char *path = std::getenv("ZETH_DEBUG_DIR");
31  if (path != nullptr) {
32  return boost::filesystem::path(path);
33  }
34 
35  // Fallback destination if the ZETH_DEBUG_DIR env var is not set
36  // We assume below that `std::getenv("HOME")` does not return `nullptr`
37  boost::filesystem::path home_path =
38  boost::filesystem::path(std::getenv("HOME"));
39  boost::filesystem::path zeth_debug("zeth_debug");
40  boost::filesystem::path default_path = home_path / zeth_debug;
41  return default_path;
42 }

◆ get_path_to_setup_directory()

boost::filesystem::path libzeth::get_path_to_setup_directory ( )

This function returns the path to the setup directory in which the SRS will be written and/or read from. It uses the ZETH_SETUP_DIR environment variable, if available, falling back to ${HOME}/zeth_setup (using the POSIX HOME environment variable, see: https://pubs.opengroup.org/onlinepubs/9699919799/), and finally the current directory.

Definition at line 10 of file filesystem_util.cpp.

11 {
12  // If the ZETH_SETUP_DIR env var is not set, check HOME, and
13  // fallback to current directory.
14 
15  const char *path = std::getenv("ZETH_SETUP_DIR");
16  if (path != nullptr) {
17  return path;
18  }
19 
20  path = std::getenv("HOME");
21  if (path != nullptr) {
22  return boost::filesystem::path(path) / "zeth_setup";
23  }
24 
25  return "";
26 }
Here is the caller graph for this function:

◆ get_tag_addr()

template<typename FieldT >
libsnark::pb_variable_array<FieldT> libzeth::get_tag_addr ( const libsnark::pb_variable< FieldT > &  ZERO,
const libsnark::pb_variable_array< FieldT > &  x 
)

◆ get_tag_nf()

template<typename FieldT >
libsnark::pb_variable_array<FieldT> libzeth::get_tag_nf ( const libsnark::pb_variable< FieldT > &  ZERO,
const libsnark::pb_variable_array< FieldT > &  a_sk 
)

◆ get_tag_pk()

template<typename FieldT >
libsnark::pb_variable_array<FieldT> libzeth::get_tag_pk ( const libsnark::pb_variable< FieldT > &  ZERO,
const libsnark::pb_variable_array< FieldT > &  a_sk,
size_t  index 
)

◆ get_tag_rho()

template<typename FieldT >
libsnark::pb_variable_array<FieldT> libzeth::get_tag_rho ( const libsnark::pb_variable< FieldT > &  ZERO,
const libsnark::pb_variable_array< FieldT > &  phi,
size_t  index 
)

◆ group_element_from_json()

template<typename GroupT >
GroupT libzeth::group_element_from_json ( const std::string &  json)

Convert a JSON string into a group element.

◆ group_element_read_bytes()

template<typename GroupT >
void libzeth::group_element_read_bytes ( GroupT &  point,
std::istream &  in_s 
)

Read a group elements as bytes from a stream, in the format described for group_element_write_bytes.

◆ group_element_read_json()

template<typename GroupT >
void libzeth::group_element_read_json ( GroupT &  point,
std::istream &  in_s 
)

Read a JSON string from a stream and convert it into a group element.

◆ group_element_to_json()

template<typename GroupT >
std::string libzeth::group_element_to_json ( const GroupT &  point)

Convert a group element to a json string (array of hexadecimal strings).

◆ group_element_write_bytes()

template<typename GroupT >
void libzeth::group_element_write_bytes ( const GroupT &  point,
std::ostream &  out_s 
)

Write a group element as bytes to a stream. The elements are written as X and Y coordinates of the affine form, where each coordinate is written using field_element_write_bytes.

◆ group_element_write_json()

template<typename GroupT >
void libzeth::group_element_write_json ( const GroupT &  point,
std::ostream &  out_s 
)

Write a group element as a json string to a stream.

◆ group_elements_read_bytes()

template<typename GroupCollectionT >
void libzeth::group_elements_read_bytes ( GroupCollectionT &  points,
std::istream &  in_s 
)

Read a collection of group elements as bytes, using group_elements_read_bytes.

◆ group_elements_write_bytes()

template<typename GroupCollectionT >
void libzeth::group_elements_write_bytes ( const GroupCollectionT &  points,
std::ostream &  out_s 
)

Write a collection of group elements as bytes to a stream, using group_element_write_bytes.

◆ hex_to_bytes() [1/2]

void libzeth::hex_to_bytes ( const std::string &  hex,
void *  dest,
size_t  bytes 
)

Convert hex to bytes (first chars at lowest address)

Definition at line 68 of file utils.cpp.

69 {
70  const char *cur = find_hex_string_of_length(hex, bytes);
71  uint8_t *dest_bytes = (uint8_t *)dest;
72  const uint8_t *const dest_bytes_end = dest_bytes + bytes;
73  while (dest_bytes < dest_bytes_end) {
74  *dest_bytes = chars_to_byte(cur);
75  cur += 2;
76  ++dest_bytes;
77  }
78 }
Here is the caller graph for this function:

◆ hex_to_bytes() [2/2]

std::string libzeth::hex_to_bytes ( const std::string &  s)

Decode hexadecimal string to an std::string of bytes.

Definition at line 95 of file utils.cpp.

96 {
97  const size_t num_bytes = s.size() / 2;
98  assert(s.size() == 2 * num_bytes);
99  std::string out;
100  out.resize(num_bytes);
101  hex_to_bytes(s, &out[0], num_bytes);
102  return out;
103 }
Here is the call graph for this function:

◆ hex_to_bytes_reversed()

void libzeth::hex_to_bytes_reversed ( const std::string &  hex,
void *  dest,
size_t  bytes 
)

Convert hex to bytes (first chars at highest address, for little-endian numbers, etc)

Definition at line 80 of file utils.cpp.

81 {
82  if (bytes == 0) {
83  return;
84  }
85  const char *cur = find_hex_string_of_length(hex, bytes);
86  uint8_t *const dest_bytes_end = (uint8_t *)dest;
87  uint8_t *dest_bytes = dest_bytes_end + bytes;
88  do {
89  --dest_bytes;
90  *dest_bytes = chars_to_byte(cur);
91  cur += 2;
92  } while (dest_bytes > dest_bytes_end);
93 }

◆ joinsplit_input_from_proto()

template<typename FieldT , size_t TreeDepth>
joinsplit_input<FieldT, TreeDepth> libzeth::joinsplit_input_from_proto ( const zeth_proto::JoinsplitInput &  input)
Here is the caller graph for this function:

◆ knowledge_commitment_read_bytes()

template<typename kcT >
void libzeth::knowledge_commitment_read_bytes ( kcT &  knowledge_commitment,
std::istream &  in_s 
)

◆ knowledge_commitment_vector_read_bytes()

template<typename kcvectorT >
void libzeth::knowledge_commitment_vector_read_bytes ( kcvectorT &  knowledge_commitment,
std::istream &  in_s 
)

◆ knowledge_commitment_vector_write_bytes()

template<typename kcvectorT >
void libzeth::knowledge_commitment_vector_write_bytes ( const kcvectorT &  knowledge_commitment,
std::ostream &  out_s 
)

◆ knowledge_commitment_write_bytes()

template<typename kcT >
void libzeth::knowledge_commitment_write_bytes ( const kcT &  knowledge_commitment,
std::ostream &  out_s 
)

◆ mpc_compute_hash() [1/2]

void libzeth::mpc_compute_hash ( mpc_hash_t  out_hash,
const std::string &  data 
)

Definition at line 48 of file mpc_hash.cpp.

49 {
50  mpc_compute_hash(out_hash, data.data(), data.size());
51 }
Here is the call graph for this function:

◆ mpc_compute_hash() [2/2]

void libzeth::mpc_compute_hash ( mpc_hash_t  out_hash,
const void *  data,
size_t  data_size 
)

Definition at line 40 of file mpc_hash.cpp.

41 {
42  mpc_hash_state_t s;
43  mpc_hash_init(s);
44  mpc_hash_update(s, data, data_size);
45  mpc_hash_final(s, out_hash);
46 }
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mpc_compute_linearcombination()

template<typename ppT >
srs_mpc_layer_L1<ppT> libzeth::mpc_compute_linearcombination ( const srs_powersoftau< ppT > &  pot,
const srs_lagrange_evaluations< ppT > &  lagrange,
const libsnark::qap_instance< libff::Fr< ppT >> &  qap 
)

Given a circuit and a powersoftau with pre-computed lagrange polynomials, perform the correct linear combination for the CRS MPC.

◆ mpc_create_key_pair()

template<typename ppT , libff::multi_exp_base_form BaseForm = libff::multi_exp_base_form_normal>
libsnark::r1cs_gg_ppzksnark_keypair<ppT> libzeth::mpc_create_key_pair ( srs_powersoftau< ppT > &&  pot,
srs_mpc_layer_L1< ppT > &&  layer1,
srs_mpc_phase2_accumulator< ppT > &&  layer2,
libsnark::r1cs_constraint_system< libff::Fr< ppT >> &&  cs,
const libsnark::qap_instance< libff::Fr< ppT >> &  qap 
)

Given the output from all phases of the MPC, create the proving and verification keys for the given circuit. If BaseForm = libff::multi_exp_base_form_special, all arrays are converted to special form for more efficient proving (This will happen naturally as a side effect of (de)serialization, and hence this batch conversion is disabled by default).

◆ mpc_hash_final()

void libzeth::mpc_hash_final ( mpc_hash_state_t state,
mpc_hash_t  out_hash 
)

Definition at line 34 of file mpc_hash.cpp.

35 {
36  crypto_generichash_blake2b_final(
37  &state, (uint8_t *)out_hash, MPC_HASH_SIZE_BYTES);
38 }
Here is the caller graph for this function:

◆ mpc_hash_init()

void libzeth::mpc_hash_init ( mpc_hash_state_t state)

Definition at line 24 of file mpc_hash.cpp.

25 {
26  crypto_generichash_blake2b_init(&state, nullptr, 0, MPC_HASH_SIZE_BYTES);
27 }
Here is the caller graph for this function:

◆ mpc_hash_read()

bool libzeth::mpc_hash_read ( mpc_hash_t  out_hash,
std::istream &  in 
)

Parse a human-readable string (4 x 4 x 4-byte hex words) representing an mpc_hash_t.

Definition at line 63 of file mpc_hash.cpp.

64 {
65  hash_repr_word *out_data = (hash_repr_word *)out_hash;
66 
67  std::string word;
68  for (size_t i = 0; i < HASH_REPR_WORDS_PER_HASH; ++i) {
69  if (!(in >> word)) {
70  std::cerr << "Read failed" << std::endl;
71  return false;
72  }
73 
74  const std::string bin = hex_to_bytes(word);
75  if (bin.size() != HASH_REPR_WORD_SIZE) {
76  std::cerr << "Invalid word size" << std::endl;
77  return false;
78  }
79 
80  memcpy(&out_data[i], bin.data(), HASH_REPR_WORD_SIZE);
81  }
82 
83  return true;
84 }
Here is the call graph for this function:

◆ mpc_hash_update()

void libzeth::mpc_hash_update ( mpc_hash_state_t state,
const void *  in,
size_t  size 
)

Definition at line 29 of file mpc_hash.cpp.

30 {
31  crypto_generichash_blake2b_update(&state, (const uint8_t *)in, size);
32 }
Here is the caller graph for this function:

◆ mpc_hash_write()

void libzeth::mpc_hash_write ( const mpc_hash_t  hash,
std::ostream &  out 
)

Convert a hash to a human-readable string (4 x 4 x 4-byte hex words), following the format used in the "powersoftau" and "Sapling MPC" code.

Definition at line 53 of file mpc_hash.cpp.

54 {
55  const hash_repr_word *words = (const hash_repr_word *)hash;
56 
57  for (size_t i = 0; i < HASH_REPR_WORDS_PER_HASH; ++i) {
58  char sep = ((i % 4) == 3) ? '\n' : ' ';
59  out << bytes_to_hex(&words[i], sizeof(words[i])) << sep;
60  }
61 }
Here is the call graph for this function:

◆ multi_exp() [1/2]

template<typename ppT , typename GroupT >
GroupT libzeth::multi_exp ( const std::vector< GroupT > &  gs,
const libff::Fr_vector< ppT > &  fs 
)

◆ multi_exp() [2/2]

template<typename FieldT , typename GroupT >
GroupT libzeth::multi_exp ( typename std::vector< GroupT >::const_iterator  gs_start,
typename std::vector< GroupT >::const_iterator  gs_end,
typename std::vector< FieldT >::const_iterator  fs_start,
typename std::vector< FieldT >::const_iterator  fs_end 
)

◆ packed_addition()

template<typename FieldT >
libsnark::linear_combination<FieldT> libzeth::packed_addition ( const libsnark::pb_variable_array< FieldT > &  input)

◆ pb_variable_array_from_bit_vector()

template<typename FieldT >
libsnark::pb_variable_array<FieldT> libzeth::pb_variable_array_from_bit_vector ( libsnark::protoboard< FieldT > &  pb,
const std::vector< bool > &  bits,
const std::string &  annotation_prefix 
)

◆ point_g1_affine_from_proto()

template<typename ppT >
libff::G1<ppT> libzeth::point_g1_affine_from_proto ( const zeth_proto::Group1Point &  point)

◆ point_g1_affine_to_proto()

template<typename ppT >
zeth_proto::Group1Point libzeth::point_g1_affine_to_proto ( const libff::G1< ppT > &  point)

◆ point_g2_affine_from_proto()

template<typename ppT >
libff::G2<ppT> libzeth::point_g2_affine_from_proto ( const zeth_proto::Group2Point &  point)

◆ point_g2_affine_to_proto()

template<typename ppT >
zeth_proto::Group2Point libzeth::point_g2_affine_to_proto ( const libff::G2< ppT > &  point)

◆ powersoftau_compute_lagrange_evaluations()

template<typename ppT >
srs_lagrange_evaluations<ppT> libzeth::powersoftau_compute_lagrange_evaluations ( const srs_powersoftau< ppT > &  pot,
const size_t  n 
)

Compute the evaluation of the lagrange polynomials in G1 and G2, along with some useful factors. The results can be cached and used against any QAP, provided its domain size matched.

◆ powersoftau_is_well_formed()

template<typename ppT >
bool libzeth::powersoftau_is_well_formed ( const srs_powersoftau< ppT > &  pot)

Verify that the pot data is well formed.

◆ powersoftau_load()

template<typename ppT >
srs_powersoftau<ppT> libzeth::powersoftau_load ( std::istream &  in,
size_t  n 
)

Load data generated by zcash's powersoftau tools (modified to use the bn library): https://github.com/clearmatics/powersoftau

Expect at least 'n' powers in the file.

◆ powersoftau_write()

template<typename ppT >
void libzeth::powersoftau_write ( std::ostream &  out,
const srs_powersoftau< ppT > &  pot 
)

Write powersoftau data, in the format compatible with powersoftau_load.

◆ pp_name()

template<typename ppT >
std::string libzeth::pp_name ( )

◆ pp_name< libff::alt_bn128_pp >()

template<>
std::string libzeth::pp_name< libff::alt_bn128_pp > ( )

Definition at line 17 of file proto_utils.cpp.

18 {
19  return std::string("alt-bn128");
20 }

◆ pp_name< libff::bls12_377_pp >()

template<>
std::string libzeth::pp_name< libff::bls12_377_pp > ( )

Definition at line 22 of file proto_utils.cpp.

23 {
24  return std::string("bls12-377");
25 }

◆ pp_name< libff::bw6_761_pp >()

template<>
std::string libzeth::pp_name< libff::bw6_761_pp > ( )

Definition at line 27 of file proto_utils.cpp.

28 {
29  return std::string("bw6-761");
30 }

◆ pp_to_proto()

template<typename ppT >
void libzeth::pp_to_proto ( zeth_proto::PairingParameters &  pp_proto)

Populate a protobuf description of some pairing parameters.

◆ primary_inputs_read_json()

template<typename FieldT >
std::istream& libzeth::primary_inputs_read_json ( std::vector< FieldT > &  public_inputs,
std::istream &  in_s 
)

◆ primary_inputs_write_json()

template<typename FieldT >
std::ostream& libzeth::primary_inputs_write_json ( const std::vector< FieldT > &  public_inputs,
std::ostream &  out_s 
)

◆ r1cs_read_bytes()

template<typename FieldT >
void libzeth::r1cs_read_bytes ( libsnark::r1cs_constraint_system< FieldT > &  r1cs,
std::istream &  in_s 
)

◆ r1cs_variable_assignment_read_bytes() [1/2]

template<typename FieldT >
void libzeth::r1cs_variable_assignment_read_bytes ( libsnark::r1cs_primary_input< FieldT > &  primary,
libsnark::r1cs_auxiliary_input< FieldT > &  auxiliary,
const size_t  primary_input_size,
std::istream &  in_s 
)

◆ r1cs_variable_assignment_read_bytes() [2/2]

template<typename FieldT >
void libzeth::r1cs_variable_assignment_read_bytes ( libsnark::r1cs_variable_assignment< FieldT > &  assignment,
std::istream &  in_s 
)
Here is the caller graph for this function:

◆ r1cs_variable_assignment_write_bytes() [1/2]

template<typename FieldT >
void libzeth::r1cs_variable_assignment_write_bytes ( const libsnark::r1cs_primary_input< FieldT > &  primary,
const libsnark::r1cs_auxiliary_input< FieldT > &  auxiliary,
std::ostream &  out_s 
)

◆ r1cs_variable_assignment_write_bytes() [2/2]

template<typename FieldT >
void libzeth::r1cs_variable_assignment_write_bytes ( const libsnark::r1cs_variable_assignment< FieldT > &  assignment,
std::ostream &  out_s 
)
Here is the caller graph for this function:

◆ r1cs_write_bytes()

template<typename FieldT >
void libzeth::r1cs_write_bytes ( const libsnark::r1cs_constraint_system< FieldT > &  r1cs,
std::ostream &  out_s 
)
Here is the caller graph for this function:

◆ r1cs_write_json()

template<typename FieldT >
std::ostream& libzeth::r1cs_write_json ( const libsnark::r1cs_constraint_system< FieldT > &  r1cs,
std::ostream &  out_s 
)
Here is the caller graph for this function:

◆ read_bytes() [1/2]

template<typename T >
std::enable_if<std::is_fundamental<T>::value, T>::type libzeth::read_bytes ( std::istream &  in_s)

Read a primitive datatype from a stream as raw bytes.

◆ read_bytes() [2/2]

template<typename T >
std::enable_if<std::is_fundamental<T>::value, void>::type libzeth::read_bytes ( T &  val,
std::istream &  in_s 
)

Read a primitive datatype from a stream as raw bytes.

◆ read_powersoftau_fr()

template<typename ppT >
void libzeth::read_powersoftau_fr ( std::istream &  in,
libff::Fr< ppT > &  fr_out 
)

◆ read_powersoftau_g1()

template<typename ppT >
void libzeth::read_powersoftau_g1 ( std::istream &  in,
libff::G1< ppT > &  out 
)

◆ read_powersoftau_g2()

template<typename ppT >
void libzeth::read_powersoftau_g2 ( std::istream &  in,
libff::G2< ppT > &  out 
)

◆ read_powersoftau_g2< libff::alt_bn128_pp >()

template<>
void libzeth::read_powersoftau_g2< libff::alt_bn128_pp > ( std::istream &  in,
libff::alt_bn128_G2 &  out 
)

Definition at line 13 of file powersoftau_utils.cpp.

15 {
16  uint8_t marker;
17  in.read((char *)&marker, 1);
18 
19  switch (marker) {
20  case 0x00:
21  // zero
22  out = libff::alt_bn128_G2::zero();
23  break;
24 
25  case 0x04:
26  // Uncompressed
27  read_powersoftau_fp2(in, out.X);
28  read_powersoftau_fp2(in, out.Y);
29  out.Z = libff::alt_bn128_Fq2::one();
30  break;
31 
32  default:
33  assert(false);
34  break;
35  }
36 }

◆ same_ratio()

template<typename ppT >
bool libzeth::same_ratio ( const libff::G1< ppT > &  a1,
const libff::G1< ppT > &  b1,
const libff::G2< ppT > &  a2,
const libff::G2< ppT > &  b2 
)

Implements the SameRatio described in "Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model" http://eprint.iacr.org/2017/1050

◆ same_ratio_consecutive() [1/2]

template<typename ppT >
bool libzeth::same_ratio_consecutive ( const libff::G1< ppT > &  a1,
const libff::G1< ppT > &  b1,
const std::vector< libff::G2< ppT >> &  a2s 
)

same_ratio_consecutive implementation for vectors of G2 elements.

◆ same_ratio_consecutive() [2/2]

template<typename ppT >
bool libzeth::same_ratio_consecutive ( const std::vector< libff::G1< ppT >> &  a1s,
const libff::G2< ppT > &  a2,
const libff::G2< ppT > &  b2 
)

Checks that consecutive entries in a1s all have a ratio consistent with (a2, b2).

◆ same_ratio_vectors() [1/2]

template<typename ppT >
bool libzeth::same_ratio_vectors ( const libff::G1< ppT > &  a1,
const libff::G1< ppT > &  b1,
const std::vector< libff::G2< ppT >> &  a2s,
const std::vector< libff::G2< ppT >> &  b2s 
)

same_ratio_vectors implementation for vectors of G2 elements.

◆ same_ratio_vectors() [2/2]

template<typename ppT >
bool libzeth::same_ratio_vectors ( const std::vector< libff::G1< ppT >> &  a1s,
const std::vector< libff::G1< ppT >> &  b1s,
const libff::G2< ppT > &  a2,
const libff::G2< ppT > &  b2 
)

Given two sequences a1s and b1s, check (with high probability) that same_ratio((a1s[i], b1s[i]), (a2, b2)) holds for all i. For random field values r_i, sum up: a1 = a1s[0] * r_0 + ... + a1s[n] * r_n b1 = b1s[0] * r_0 + ... + b1s[n] * r_n and check same_ratio((a1, b1), (a2, b2)).

(Based on merge_pairs function from https://github.com/ebfull/powersoftau/)

◆ sparse_vector_read_bytes()

template<typename T , void(ReaderFn)(T &, std::istream &) >
void libzeth::sparse_vector_read_bytes ( libsnark::sparse_vector< T > &  sparse_vector,
std::istream &  in_s 
)

◆ sparse_vector_write_bytes()

template<typename T , void(WriterFn)(const T &, std::ostream &) >
void libzeth::sparse_vector_write_bytes ( const libsnark::sparse_vector< T > &  sparse_vector,
std::ostream &  out_s 
)

◆ srs_mpc_digest_to_fp()

template<mp_size_t n, const libff::bigint< n > & modulus>
void libzeth::srs_mpc_digest_to_fp ( const mpc_hash_t  transcript_digest,
libff::Fp_model< n, modulus > &  out_fr 
)

◆ srs_mpc_digest_to_g2()

template<typename ppT >
libff::G2<ppT> libzeth::srs_mpc_digest_to_g2 ( const mpc_hash_t  digest)

◆ srs_mpc_dummy_phase2()

template<typename ppT >
srs_mpc_phase2_challenge<ppT> libzeth::srs_mpc_dummy_phase2 ( const srs_mpc_layer_L1< ppT > &  layer1,
const libff::Fr< ppT > &  delta,
size_t  num_inputs 
)

Given the output from the first layer of the MPC, perform the 2nd layer computation using just local randomness for delta. This is not a substitute for the full MPC with an auditable log of contributions, but is useful for testing.

◆ srs_mpc_phase2_begin()

template<typename ppT >
srs_mpc_phase2_accumulator<ppT> libzeth::srs_mpc_phase2_begin ( const mpc_hash_t  cs_hash,
const srs_mpc_layer_L1< ppT > &  layer_L1,
size_t  num_inputs 
)

Given the output from the linear combination of the L1 layer of the SRS circuit, compute the starting parameters for Phase 2 (the MPC for C2 layer). See "Initialization" in section 7.3 of [BoweGM17].

◆ srs_mpc_phase2_compute_challenge()

template<typename ppT >
srs_mpc_phase2_challenge<ppT> libzeth::srs_mpc_phase2_compute_challenge ( srs_mpc_phase2_response< ppT > &&  response)

Given a response (which should already have been validated with srs_mpc_phase2_verify_response), create a new challenge object. This essentially copies the accumulator, and updates the transcript digest for the next contributor.

◆ srs_mpc_phase2_compute_public_key()

template<typename ppT >
srs_mpc_phase2_publickey<ppT> libzeth::srs_mpc_phase2_compute_public_key ( const mpc_hash_t  transcript_digest,
const libff::G1< ppT > &  last_delta,
const libff::Fr< ppT > &  secret 
)

Outputs the public key (which includes the POK) for our secret. Corresponds to steps 1 and 2 in "Computation", section 7.3 of [BoweGM17]

◆ srs_mpc_phase2_compute_response()

template<typename ppT >
srs_mpc_phase2_response<ppT> libzeth::srs_mpc_phase2_compute_response ( const srs_mpc_phase2_challenge< ppT > &  challenge,
const libff::Fr< ppT > &  delta_j 
)

Wraps srs_mpc_phase2_compute_public_key and srs_mpc_phase2_update_accumulator to implement the "Computation" operation in section 7.3 of [BoweGM17], and produce a response for the protocol coordinator.

◆ srs_mpc_phase2_initial_challenge()

template<typename ppT >
srs_mpc_phase2_challenge<ppT> libzeth::srs_mpc_phase2_initial_challenge ( srs_mpc_phase2_accumulator< ppT > &&  initial_accumulator)

Given an initial accumulator, create the first challenge object. Uses the hash of the empty string for the initial transcript digest.

◆ srs_mpc_phase2_update_accumulator()

template<typename ppT >
srs_mpc_phase2_accumulator<ppT> libzeth::srs_mpc_phase2_update_accumulator ( const srs_mpc_phase2_accumulator< ppT > &  last_accum,
const libff::Fr< ppT > &  delta_j 
)

Core update function, which applies a secret contribution to an accumulator. Corresponds to steps 3 onwards in "Computation", section 7.3 of [BoweGM17].

◆ srs_mpc_phase2_update_is_consistent()

template<typename ppT >
bool libzeth::srs_mpc_phase2_update_is_consistent ( const srs_mpc_phase2_accumulator< ppT > &  last,
const srs_mpc_phase2_accumulator< ppT > &  updated 
)

Assuming last is fully verified, and updated.delta_g1 has the appropriate ratio, check that all other elements of updated are correct. This covers the G2 part of step 2, and all of steps 3 and 4 of "Verification" in section 7.3 of [BoweGM17]. Primarily used directly by srs_mpc_phase2_verify_update, as part of the validation process for a contribution and resulting accumulator. It also used when verifying the final transcript, to check consistency of initial and final accumulators without intermediate values.

◆ srs_mpc_phase2_verify_publickey()

template<typename ppT >
bool libzeth::srs_mpc_phase2_verify_publickey ( const libff::G1< ppT >  last_delta_g1,
const srs_mpc_phase2_publickey< ppT > &  publickey 
)

Verifies that a public key is correct, given some previous delta. Corresponds to steps 1 and 2 from "Verification" in section 7.3 of [BoweGM17] (for a single contributor $j$). Note that the caller is responsible for checking the transcript_hash.

◆ srs_mpc_phase2_verify_response()

template<typename ppT >
bool libzeth::srs_mpc_phase2_verify_response ( const srs_mpc_phase2_challenge< ppT > &  challenge,
const srs_mpc_phase2_response< ppT > &  response 
)

Verify a response against a given challenge. Checks that the response matches the expected hash in the challenge, and leverages srs_mpc_phase2_verify_update to validate the claimed contribution.

◆ srs_mpc_phase2_verify_transcript() [1/2]

template<typename ppT , bool enable_contribution_check = true>
bool libzeth::srs_mpc_phase2_verify_transcript ( const mpc_hash_t  initial_transcript_digest,
const libff::G1< ppT > &  initial_delta,
const mpc_hash_t  check_for_contribution,
std::istream &  transcript_stream,
libff::G1< ppT > &  out_final_delta,
mpc_hash_t  out_final_transcript_digest,
bool &  out_contribution_found 
)

The transcript of the MPC is formed of a sequence of contributions (public key). Each contribution contains the digest of the previous one, and the value of delta after it has been applied. Therefore the final accumulator can be fully verified using just the transcript as follows:

  • establish the initial value of accumulator and the transcript digest
  • confirm the transcript of contributions based on this, yielding an encoding of the final delta
  • check that the final accumulator is consistent with the initial accumulator, based on the final delta

This function validates the transcript as a stream of publickey objects, outputting the encoding of the final delta in G1.

◆ srs_mpc_phase2_verify_transcript() [2/2]

template<typename ppT >
bool libzeth::srs_mpc_phase2_verify_transcript ( const mpc_hash_t  initial_transcript_digest,
const libff::G1< ppT > &  initial_delta,
std::istream &  transcript_stream,
libff::G1< ppT > &  out_final_delta,
mpc_hash_t  out_final_transcript_digest 
)

Similar to other transcript verification above, but does not check for the presence of a specific contribution digest.

◆ srs_mpc_phase2_verify_update()

template<typename ppT >
bool libzeth::srs_mpc_phase2_verify_update ( const srs_mpc_phase2_accumulator< ppT > &  last,
const srs_mpc_phase2_accumulator< ppT > &  updated,
const srs_mpc_phase2_publickey< ppT > &  publickey 
)

Core verification function for a single contribution. Checks the self-consistency of a public key, and that the corresponding contribution has been correctly applied to all values in 'last', to generate 'updated'. This corresponds to "Verification" in section 7.3 of [BoweGM17] (for a single contributor $j$). Note that the caller must verify that publickey.transcript_digest corresponds the correct challenge.

◆ subtract_with_clamp() [1/2]

size_t libzeth::subtract_with_clamp ( size_t  a,
size_t  b 
)

Subtract b from a, clamping the result to 0, a.

◆ subtract_with_clamp() [2/2]

std::size_t libzeth::subtract_with_clamp ( std::size_t  a,
std::size_t  b 
)

Definition at line 10 of file safe_arithmetic.cpp.

11 {
12  if (b > a) {
13  return 0;
14  }
15  return a - b;
16 };

◆ swap_byte_endianness()

template<typename T >
T libzeth::swap_byte_endianness ( v)

Takes a container with a size() method containing a multiple of 8 elements. The elements (considered to be bit-like) are divided into "bytes" (groups of 8), and the order of these "bytes" is reversed. The order of "bits" within each "byte" is preserved.

◆ write_bytes()

template<typename T >
std::enable_if<std::is_fundamental<T>::value, void>::type libzeth::write_bytes ( const T &  val,
std::ostream &  out_s 
)

◆ write_powersoftau_fr()

template<typename ppT >
void libzeth::write_powersoftau_fr ( std::ostream &  out,
const libff::Fr< ppT > &  fr 
)

◆ write_powersoftau_g1()

template<typename ppT >
void libzeth::write_powersoftau_g1 ( std::ostream &  out,
const libff::G1< ppT > &  g1 
)

◆ write_powersoftau_g2()

template<typename ppT >
void libzeth::write_powersoftau_g2 ( std::ostream &  out,
const libff::G2< ppT > &  g2 
)

◆ write_powersoftau_g2< libff::alt_bn128_pp >()

template<>
void libzeth::write_powersoftau_g2< libff::alt_bn128_pp > ( std::ostream &  out,
const libff::alt_bn128_G2 &  g2 
)

Definition at line 39 of file powersoftau_utils.cpp.

41 {
42  if (g2.is_zero()) {
43  const uint8_t zero = 0;
44  out.write((const char *)&zero, 1);
45  return;
46  }
47 
48  libff::alt_bn128_G2 copy(g2);
49  copy.to_affine_coordinates();
50 
51  const uint8_t marker = 0x04;
52  out.write((const char *)&marker, 1);
53  write_powersoftau_fp2(out, copy.X);
54  write_powersoftau_fp2(out, copy.Y);
55 }

◆ zeth_note_from_proto()

zeth_note libzeth::zeth_note_from_proto ( const zeth_proto::ZethNote &  note)

Definition at line 32 of file proto_utils.cpp.

33 {
34  return zeth_note(
35  bits256::from_hex(note.apk()),
36  bits64::from_hex(note.value()),
37  bits256::from_hex(note.rho()),
38  bits256::from_hex(note.trap_r()));
39 }
Here is the call graph for this function:
Here is the caller graph for this function:

Variable Documentation

◆ BLAKE2s_block_size

const size_t libzeth::BLAKE2s_block_size = 512

Definition at line 23 of file blake2s_comp.hpp.

◆ BLAKE2s_digest_size

const size_t libzeth::BLAKE2s_digest_size = 256

Definition at line 22 of file blake2s_comp.hpp.

◆ BLAKE2s_word_number

const size_t libzeth::BLAKE2s_word_number = 16

Number of words composing the state of BLAKE2s.

Definition at line 26 of file blake2s_comp.hpp.

◆ BLAKE2s_word_size

const size_t libzeth::BLAKE2s_word_size = 32

Bit-length of the words composing the state of BLAKE2s.

Definition at line 28 of file blake2s_comp.hpp.

◆ SHA256_ETH_block_size

const size_t libzeth::SHA256_ETH_block_size = 512

Definition at line 23 of file sha256_ethereum.hpp.

◆ SHA256_ETH_digest_size

const size_t libzeth::SHA256_ETH_digest_size = 256

Definition at line 22 of file sha256_ethereum.hpp.

libzeth::hex_to_bytes
void hex_to_bytes(const std::string &hex, void *dest, size_t bytes)
Convert hex to bytes (first chars at lowest address)
Definition: utils.cpp:68
libzeth::hex_to_bytes
std::string hex_to_bytes(const std::string &s)
Decode hexadecimal string to an std::string of bytes.
Definition: utils.cpp:95
libzeth::mpc_hash_final
void mpc_hash_final(mpc_hash_state_t &state, mpc_hash_t out_hash)
Definition: mpc_hash.cpp:34
libzeth::mpc_hash_state_t
crypto_generichash_blake2b_state mpc_hash_state_t
Definition: mpc_hash.hpp:22
zeth.core.encryption.bytes
bytes
Definition: encryption.py:87
libzeth::mpc_compute_hash
void mpc_compute_hash(mpc_hash_t out_hash, const std::string &data)
Definition: mpc_hash.cpp:48
libzeth::mpc_hash_update
void mpc_hash_update(mpc_hash_state_t &state, const void *in, size_t size)
Definition: mpc_hash.cpp:29
libzeth::hash_repr_word
uint32_t hash_repr_word
Definition: mpc_hash.cpp:14
analyzer.parse_r1cs.res
def res
Definition: parse_r1cs.py:144
libzeth::char_to_nibble
uint8_t char_to_nibble(const char c)
Definition: utils.cpp:15
libzeth::bytes_to_hex
std::string bytes_to_hex(const void *bytes, size_t num_bytes, bool prefix)
Definition: utils.cpp:105
analyzer.parse_r1cs.data
data
Definition: parse_r1cs.py:116
libzeth::mpc_hash_init
void mpc_hash_init(mpc_hash_state_t &state)
Definition: mpc_hash.cpp:24
Generated on Mon Nov 28 2022 10:29:03 for Zeth - Zerocash on Ethereum by   doxygen 1.8.17