Parameter `Make.MP`

module PP : Plonk_for_distribution.Polynomial_protocol.S

type proof = {

perm_and_plook : PP.PC.Commitment.t;
wires_cm : PP.PC.Commitment.t;
pp_proof : PP.proof;

}

include Plonk.Main_protocol_intf.S with type proof := proof

exception Rest_not_null of string

Raised by the prover when the provided inputs are not a satisfying assignment of the circuit.

exception Entry_not_in_table of string

Raised by the prover when the provided inputs are not a satisfying assignment of the circuit when using Plookup.

module Input_commitment : Plonk.Input_commitment.S

type scalar = Plonk.Bls.Scalar.t

val scalar_t : scalar Repr.t

val scalar_encoding : scalar Data_encoding.t

type circuit_map = (Plonk.Circuit.t * int) Plonk.SMap.t

Before proving and verifying, circuits go through a pre-processing step called setup. The setup takes as input a circuit_map, which associates an identifier to a circuit and the number of statements that can be proved with that circuit. This produces a set of public_parameters which are bound to the circuits and can be reused.

type prover_public_parameters

Set of public_parameters needed by the prover. Its size is linear in the size of the circuits.

val prover_public_parameters_t : prover_public_parameters Repr.t

type verifier_public_parameters

Set of public_parameters needed by the verifier. Its size is constant w.r.t. the size of the circuits.

val verifier_public_parameters_t : verifier_public_parameters Repr.t

val verifier_public_parameters_encoding : 
  verifier_public_parameters Data_encoding.t

val proof_t : proof Repr.t

val proof_encoding : proof Data_encoding.t

type circuit_prover_input = {

witness : scalar array;
input_commitments : Input_commitment.t list;

}

Witness is the whole trace for the circuit, including input_commitment values first, followed by public input values and followed by the rest of the trace. This is the prover input for a single proof.

val circuit_prover_input_t : circuit_prover_input Repr.t

type prover_inputs = circuit_prover_input list Plonk.SMap.t

Map where each circuit identifier is bound to a list of circuit_prover_input for a list of statements.

val prover_inputs_t : prover_inputs Repr.t

type public_inputs

The public inputs for one circuit & several statements

val public_inputs_t : public_inputs Repr.t

type verifier_inputs =
  (public_inputs * Input_commitment.public list list) Plonk.SMap.t

The verifier inputs, represented as a map where each circuit is binded to the verifier inputs for this circuit.

val verifier_inputs_t : verifier_inputs Repr.t

val to_verifier_inputs : 
  prover_public_parameters ->
  prover_inputs ->
  verifier_inputs

Conversion from prover_inputs to verifier_inputs.

val input_commit : 
  ?size:int ->
  ?shift:int ->
  prover_public_parameters ->
  scalar array ->
  Input_commitment.t

input_commit ~shift pp secret produces a commitment to the secret array and additional prover information. This commitment is designed to be easily involved in a PlonK proof. In particular, the values of secret will be added to the arithmetic identity in such a way that secret.(i) participates in constraint number shift + i, where equality will be asserted with respect to a PlonK variable in the same constraint. This allows us to "load" the value of secret.(i) into the variable, which may be reused across the circuit. The optional argument shift has a default value of 0. The commitment is relative to a certain domain size n, included in pp, the secret will remain information-theoretically hidden as long as the commitment is involved in at most n - |secret| different proofs. If the optionnal argument size is given, the secret will be padded with zeros to have the length size (note that an error will be risen if size is smaller than the secret length).

val setup : 
  zero_knowledge:bool ->
  circuit_map ->
  srs:
    (Octez_bls12_381_polynomial.Bls12_381_polynomial.Srs.t
     * Octez_bls12_381_polynomial.Bls12_381_polynomial.Srs.t) ->
  prover_public_parameters * verifier_public_parameters

setup ~zero_knowledge circuit_map ~srs pre-processes the circuit_map producing the public parameters. The SRSs of ZCash and Filecoin can be loaded from file using the Bls12_381_polynomial library. Activating zero_knowledge adds an overhead in proving time.

val update_prover_public_parameters : 
  Bytes.t ->
  prover_public_parameters ->
  prover_public_parameters

Enrich the prover_public_parameters with extra application data to prevent replay attacks. The same data must be used for updating the prover and verifier public parameters.

val update_verifier_public_parameters : 
  Bytes.t ->
  verifier_public_parameters ->
  verifier_public_parameters

Enrich the verifier_public_parameters with extra application data to prevent replay attacks. The same data must be used for updating the prover and verifier public parameters.

val prove : prover_public_parameters -> inputs:prover_inputs -> proof

prove public_parameters ~inputs produces a proof for the collection of statements implied by inputs and the circuits used for generating public_parameters.

raises Rest_not_null

raises Entry_not_in_table

val verify : 
  verifier_public_parameters ->
  inputs:verifier_inputs ->
  proof ->
  bool

verify public_parameters ~inputs proof checks the validity of the proof with regards to public_parameters and inputs.

module Internal_for_tests : sig ... end

type gate_randomness = {

beta_perm : Plonk.Bls.Scalar.t;
gamma_perm : Plonk.Bls.Scalar.t;
beta_plook : Plonk.Bls.Scalar.t;
gamma_plook : Plonk.Bls.Scalar.t;
beta_rc : Plonk.Bls.Scalar.t;
gamma_rc : Plonk.Bls.Scalar.t;
delta : Plonk.Bls.Scalar.t;

}

val build_gates_randomness : bytes -> gate_randomness * bytes

val filter_prv_pp_circuits : 
  prover_public_parameters ->
  'a Plonk_for_distribution.Main_protocol.SMap.t ->
  prover_public_parameters

val hash_verifier_inputs : verifier_inputs -> bytes

module Prover : sig ... end

type worker_inputs

val worker_inputs_t : worker_inputs Repr.t

val split_inputs_map : 
  nb_workers:int ->
  circuit_prover_input list Plonk_for_distribution.Main_protocol.SMap.t ->
  worker_inputs Plonk_for_distribution.Main_protocol.SMap.t list

type commit_to_wires_reply = PP.PC.Commitment.t

val commit_to_wires_reply_t : commit_to_wires_reply Repr.t

type commit_to_wires_remember = {

all_f_wires : Plonk.Bls.Poly.t Plonk_for_distribution.Main_protocol.SMap.t;
wires_list_map : Plonk.Bls.Evaluations.t Plonk_for_distribution.Main_protocol.SMap.t list Plonk_for_distribution.Main_protocol.SMap.t;
inputs_map : circuit_prover_input list Plonk_for_distribution.Main_protocol.SMap.t;
shifts_map : (int * int) Plonk_for_distribution.Main_protocol.SMap.t;
f_wires : Plonk.Bls.Poly.t Plonk_for_distribution.Main_protocol.SMap.t list Plonk_for_distribution.Main_protocol.SMap.t;
cm_aux_wires : PP.PC.Commitment.prover_aux;

}

val worker_commit_to_wires : 
  prover_public_parameters ->
  worker_inputs Plonk_for_distribution.Main_protocol.SMap.t ->
  commit_to_wires_reply * commit_to_wires_remember

type commit_to_plook_rc_reply = {

batched_wires_map : Plonk.Bls.Evaluations.t Plonk_for_distribution.Main_protocol.SMap.t Plonk_for_distribution.Main_protocol.SMap.t;
cmt : PP.PC.Commitment.t;
f_map : Plonk.Bls.Poly.t Plonk_for_distribution.Main_protocol.SMap.t;
prover_aux : PP.PC.Commitment.prover_aux;

}

val commit_to_plook_rc_reply_t : commit_to_plook_rc_reply Repr.t

type commit_to_plook_rc_remember = {

beta_plook : scalar;
gamma_plook : scalar;
beta_rc : scalar;
gamma_rc : scalar;

}

val commit_to_plook_rc : 
  prover_public_parameters ->
  (int * int) Plonk_for_distribution.Main_protocol.SMap.t ->
  bytes ->
  Plonk.Bls.Evaluations.t Plonk_for_distribution.Main_protocol.SMap.t list
    Plonk_for_distribution.Main_protocol.SMap.t ->
  commit_to_plook_rc_reply * commit_to_plook_rc_remember

val batch_evaluated_ids : 
  alpha:scalar ->
  Plonk.Bls.Evaluations.t Plonk_for_distribution.Main_protocol.SMap.t ->
  string list ->
  Plonk.Bls.Evaluations.t

val kzg_eval_at_x : 
  prover_public_parameters ->
  PP.transcript ->
  (PP.PC.secret * PP.PC.Commitment.prover_aux) list ->
  scalar ->
  PP.PC.answer list

val shared_perm_argument : 
  prover_public_parameters ->
  int ->
  gate_randomness ->
  'a list Plonk_for_distribution.Main_protocol.SMap.t ->
  commit_to_plook_rc_reply list ->
  Plonk.Bls.Poly.t Plonk_for_distribution.Main_protocol.SMap.t
  * Plonk.Bls.Evaluations.t Plonk_for_distribution.Main_protocol.SMap.t
  * (commit_to_wires_reply * PP.PC.Commitment.prover_aux)

val make_secret : 
  prover_public_parameters ->
  (Plonk.Bls.Poly.t Plonk_for_distribution.Main_protocol.SMap.t
   * PP.PC.Commitment.prover_aux) ->
  (Plonk.Bls.Poly.t Plonk_for_distribution.Main_protocol.SMap.t
   * PP.PC.Commitment.prover_aux)
    list

val make_eval_points : 
  prover_public_parameters ->
  Plonk.Identities.eval_point list list * Plonk.Identities.eval_point list list

val get_srs : prover_public_parameters -> PP.prover_public_parameters

val get_gen_n_nbt : prover_public_parameters -> scalar * int * int

Returns (g, n, nb_t), where n is the size of the circuit padded to the next power of two, g is a primitive n-th root of unity, & nb_t is the number of T polynomials in the answers

val get_transcript : prover_public_parameters -> bytes

val check_no_zk : prover_public_parameters -> unit

Install

dune-project
Dependency

Authors

Maintainers

Sources

doc/octez-plonk.communication/Communication/Message/Make/argument-1-MP/index.html

Parameter `Make.MP`

package octez-plonk

Install

dune-project Dependency

Authors

Maintainers

Sources

doc/octez-plonk.communication/Communication/Message/Make/argument-1-MP/index.html

Parameter Make.MP

dune-project
Dependency

Parameter `Make.MP`