# [−][src]Struct bulletproofs::r1cs::Prover

A `ConstraintSystem`

implementation for use by the prover.

The prover commits high-level variables and their blinding factors `(v, v_blinding)`

,
allocates low-level variables and creates constraints in terms of these
high-level variables and low-level variables.

When all constraints are added, the proving code calls `prove`

which consumes the `Prover`

instance, samples random challenges
that instantiate the randomized constraints, and creates a complete proof.

## Fields

`transcript: &'t mut Transcript`

`pc_gens: &'g PedersenGens`

`constraints: Vec<LinearCombination>`

The constraints accumulated so far.

`a_L: Vec<Scalar>`

Stores assignments to the "left" of multiplication gates

`a_R: Vec<Scalar>`

Stores assignments to the "right" of multiplication gates

`a_O: Vec<Scalar>`

Stores assignments to the "output" of multiplication gates

`v: Vec<Scalar>`

High-level witness data (value openings to V commitments)

`v_blinding: Vec<Scalar>`

High-level witness data (blinding openings to V commitments)

`deferred_constraints: Vec<Box<dyn Fn(&mut RandomizingProver<'t, 'g>) -> Result<(), R1CSError>>>`

This list holds closures that will be called in the second phase of the protocol, when non-randomized variables are committed.

`pending_multiplier: Option<usize>`

Index of a pending multiplier that's not fully assigned yet.

## Methods

`impl<'t, 'g> Prover<'t, 'g>`

[src]

`pub fn new(pc_gens: &'g PedersenGens, transcript: &'t mut Transcript) -> Self`

[src]

Construct an empty constraint system with specified external input variables.

# Inputs

The `bp_gens`

and `pc_gens`

are generators for Bulletproofs
and for the Pedersen commitments, respectively. The
`BulletproofGens`

should have `gens_capacity`

greater than
the number of multiplication constraints that will eventually
be added into the constraint system.

The `transcript`

parameter is a Merlin proof transcript. The
`ProverCS`

holds onto the `&mut Transcript`

until it consumes
itself during [`ProverCS::prove`

], releasing its borrow of the
transcript. This ensures that the transcript cannot be
altered except by the `ProverCS`

before proving is complete.

# Returns

Returns a new `Prover`

instance.

`pub fn commit(`

&mut self,

v: Scalar,

v_blinding: Scalar

) -> (CompressedRistretto, Variable)

[src]

&mut self,

v: Scalar,

v_blinding: Scalar

) -> (CompressedRistretto, Variable)

Creates commitment to a high-level variable and adds it to the transcript.

# Inputs

The `v`

and `v_blinding`

parameters are openings to the
commitment to the external variable for the constraint
system. Passing the opening (the value together with the
blinding factor) makes it possible to reference pre-existing
commitments in the constraint system. All external variables
must be passed up-front, so that challenges produced by
[`ConstraintSystem::challenge_scalar`

] are bound to the
external variables.

# Returns

Returns a pair of a Pedersen commitment (as a compressed Ristretto point),
and a `Variable`

corresponding to it, which can be used to form constraints.

`fn flattened_constraints(`

&mut self,

z: &Scalar

) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>, Vec<Scalar>)

[src]

&mut self,

z: &Scalar

) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>, Vec<Scalar>)

Use a challenge, `z`

, to flatten the constraints in the
constraint system into vectors used for proving and
verification.

# Output

Returns a tuple of

```
(wL, wR, wO, wV)
```

where `w{L,R,O}`

is \( z \cdot z^Q \cdot W_{L,R,O} \).

`fn eval(&self, lc: &LinearCombination) -> Scalar`

[src]

`fn create_randomized_constraints(self) -> Result<Self, R1CSError>`

[src]

Calls all remembered callbacks with an API that allows generating challenge scalars.

`pub fn prove(self, bp_gens: &BulletproofGens) -> Result<R1CSProof, R1CSError>`

[src]

Consume this `ConstraintSystem`

to produce a proof.

## Trait Implementations

`impl<'t, 'g> ConstraintSystem for Prover<'t, 'g>`

[src]

`fn transcript(&mut self) -> &mut Transcript`

[src]

`fn multiply(`

&mut self,

left: LinearCombination,

right: LinearCombination

) -> (Variable, Variable, Variable)

[src]

&mut self,

left: LinearCombination,

right: LinearCombination

) -> (Variable, Variable, Variable)

`fn allocate(`

&mut self,

assignment: Option<Scalar>

) -> Result<Variable, R1CSError>

[src]

&mut self,

assignment: Option<Scalar>

) -> Result<Variable, R1CSError>

`fn allocate_multiplier(`

&mut self,

input_assignments: Option<(Scalar, Scalar)>

) -> Result<(Variable, Variable, Variable), R1CSError>

[src]

&mut self,

input_assignments: Option<(Scalar, Scalar)>

) -> Result<(Variable, Variable, Variable), R1CSError>

`fn constrain(&mut self, lc: LinearCombination)`

[src]

`impl<'t, 'g> Drop for Prover<'t, 'g>`

[src]

Overwrite secrets with null bytes when they go out of scope.

`impl<'t, 'g> RandomizableConstraintSystem for Prover<'t, 'g>`

[src]

`type RandomizedCS = RandomizingProver<'t, 'g>`

Represents a concrete type for the CS in a randomization phase.

`fn specify_randomized_constraints<F>(`

&mut self,

callback: F

) -> Result<(), R1CSError> where

F: 'static + Fn(&mut Self::RandomizedCS) -> Result<(), R1CSError>,

[src]

&mut self,

callback: F

) -> Result<(), R1CSError> where

F: 'static + Fn(&mut Self::RandomizedCS) -> Result<(), R1CSError>,

## Auto Trait Implementations

`impl<'t, 'g> !RefUnwindSafe for Prover<'t, 'g>`

`impl<'t, 'g> !Send for Prover<'t, 'g>`

`impl<'t, 'g> !Sync for Prover<'t, 'g>`

`impl<'t, 'g> Unpin for Prover<'t, 'g>`

`impl<'t, 'g> !UnwindSafe for Prover<'t, 'g>`

## Blanket Implementations

`impl<T> Any for T where`

T: 'static + ?Sized,

[src]

T: 'static + ?Sized,

`impl<T> Borrow<T> for T where`

T: ?Sized,

[src]

T: ?Sized,

`impl<T> BorrowMut<T> for T where`

T: ?Sized,

[src]

T: ?Sized,

`fn borrow_mut(&mut self) -> &mut T`

[src]

`impl<T> From<T> for T`

[src]

`impl<T, U> Into<U> for T where`

U: From<T>,

[src]

U: From<T>,

`impl<T> Same<T> for T`

`type Output = T`

Should always be `Self`

`impl<T, U> TryFrom<U> for T where`

U: Into<T>,

[src]

U: Into<T>,

`type Error = !`

The type returned in the event of a conversion error.

`fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>`

[src]

`impl<T, U> TryInto<U> for T where`

U: TryFrom<T>,

[src]

U: TryFrom<T>,