PLONK

This is a pure Rust implementation of the PLONK proving system over BLS12-381

This library contains a modularised implementation of KZG10 as the default polynomial commitment scheme.

免责声明: This library is currently unstable and still needs to go through an exhaustive security analysis. Use at your own risk.

用法

use zero_plonk::prelude::*;
use rand_core::OsRng;

// Implement a circuit that checks:
// 1) a + b = c where C is a PI
// 2) a <= 2^6
// 3) b <= 2^5
// 4) a * b = d where D is a PI
// 5) JubJub::GENERATOR * e(JubJubScalar) = f where F is a Public Input
#[derive(Debug, Default)]
pub struct TestCircuit {
    a: BlsScalar,
    b: BlsScalar,
    c: BlsScalar,
    d: BlsScalar,
    e: JubJubScalar,
    f: JubJubAffine,
}

impl Circuit for TestCircuit {
    fn circuit<C>(&self, composer: &mut C) -> Result<(), Error>
    where
        C: Composer,
    {
        let a = composer.append_witness(self.a);
        let b = composer.append_witness(self.b);

        // Make first constraint a + b = c
        let constraint =
            Constraint::new().left(1).right(1).public(-self.c).a(a).b(b);

        composer.append_gate(constraint);

        // Check that a and b are in range
        composer.component_range(a, 1 << 6);
        composer.component_range(b, 1 << 5);

        // Make second constraint a * b = d
        let constraint =
            Constraint::new().mult(1).public(-self.d).a(a).b(b);

        composer.append_gate(constraint);

        let e = composer.append_witness(self.e);
        let scalar_mul_result = composer
            .component_mul_generator(e, zero_jubjub::GENERATOR_EXTENDED)?;

        // Apply the constraint
        composer.assert_equal_public_point(scalar_mul_result, self.f);

        Ok(())
    }
}

let label = b"transcript-arguments";
let pp = PublicParameters::setup(1 << 12, &mut OsRng)
    .expect("failed to setup");

let (prover, verifier) = Compiler::compile::<TestCircuit>(&pp, label)
    .expect("failed to compile circuit");

// Generate the proof and its public inputs
let (proof, public_inputs) = prover
    .prove(&mut OsRng, &TestCircuit::default())
    .expect("failed to prove");

// Verify the generated proof
verifier
    .verify(&proof, &public_inputs)
    .expect("failed to verify proof");

功能

This crate includes a variety of features which will briefly be explained below

• alloc: Enables the usage of an allocator and with it the capability of performing Proof constructions and verifications. Without this feature it IS NOT possible to prove or verify anything. Its absence only makes dusk-plonk export certain fixed-size data structures such as Proof which can be useful in no_std environments where we don't have allocators either.
• std: Enables std usage as well as rayon parallelization in some proving and verifying ops. It also uses the std versions of the elliptic curve deps, which utilizes the parallel feature from dusk-bls12-381. By default, this is the feature that comes enabled with the crate.
• debug: Enables the runtime debugger backend. Will output CDF files to the path defined in the CDF_OUTPUT environment variable. If used, the binary must be compiled with debug = true. For more info, check the cargo book. The recommended method is to derive the std output, and the std error, and then place them in text file which can be used to efficiently analyse the gates.
• canon: 启用特定数据结构的 canonical 序列化，这在将此库集成到 Dusk 栈的其他部分中非常有用，尤其是用于存储目的。

文档

本存储库中有两种主要的文档类型。

• 包文档。这提供了关于库提供的所有函数的信息，以及它导出的数据结构的文档。要查看这些信息，请访问文档页面，或运行 make doc 或 make doc-internal。

• 笔记。这是文档的一个特定子集，它解释了 PLONK 的关键数学概念以及它们是如何进行数学证明的。要查看这些信息，请运行 make doc 并打开生成的文档，这些文档位于 /target 下，您可以使用浏览器打开。

性能

在 Apple M1 上进行的基准测试，针对电路大小为 2^16 的约束。

• 证明时间：7.871s
• 验证时间：7.643ms （此时间不会因电路大小而变化。）

要获取更多结果，请运行 cargo bench 以获取关于约束数的完整基准测试报告。

致谢

• AztecProtocol/Barretenberg 的参考实现。
• FFT 模块和 KZG10 模块分别从 zexe/zcash 和 scipr-lab 取得并进行了修改。

许可

此代码根据 Mozilla 公共许可证版本 2.0 (MPL-2.0) 许可。有关更多信息，请参阅LICENSE。

关于

由 dusk 团队设计的实现。

贡献

• 如果您想为此存储库/项目做出贡献，请查阅CONTRIBUTING.md。
• 如果您想报告错误或请求添加新功能，请在此存储库上打开一个问题。