[][src]Struct bulletproofs::r1cs::Prover

pub struct Prover<'t, 'g> {
    transcript: &'t mut Transcript,
    pc_gens: &'g PedersenGens,
    constraints: Vec<LinearCombination>,
    a_L: Vec<Scalar>,
    a_R: Vec<Scalar>,
    a_O: Vec<Scalar>,
    v: Vec<Scalar>,
    v_blinding: Vec<Scalar>,
    deferred_constraints: Vec<Box<dyn Fn(&mut RandomizingProver<'t, 'g>) -> Result<(), R1CSError>>>,
    pending_multiplier: Option<usize>,
}

A ConstraintSystem implementation for use by the prover.

The prover commits high-level variables and their blinding factors (v, v_blinding), allocates low-level variables and creates constraints in terms of these high-level variables and low-level variables.

When all constraints are added, the proving code calls prove which consumes the Prover instance, samples random challenges that instantiate the randomized constraints, and creates a complete proof.

Fields

transcript: &'t mut Transcriptpc_gens: &'g PedersenGensconstraints: Vec<LinearCombination>

The constraints accumulated so far.

a_L: Vec<Scalar>

Stores assignments to the "left" of multiplication gates

a_R: Vec<Scalar>

Stores assignments to the "right" of multiplication gates

a_O: Vec<Scalar>

Stores assignments to the "output" of multiplication gates

v: Vec<Scalar>

High-level witness data (value openings to V commitments)

v_blinding: Vec<Scalar>

High-level witness data (blinding openings to V commitments)

deferred_constraints: Vec<Box<dyn Fn(&mut RandomizingProver<'t, 'g>) -> Result<(), R1CSError>>>

This list holds closures that will be called in the second phase of the protocol, when non-randomized variables are committed.

pending_multiplier: Option<usize>

Index of a pending multiplier that's not fully assigned yet.

Methods

impl<'t, 'g> Prover<'t, 'g>[src]

pub fn new(pc_gens: &'g PedersenGens, transcript: &'t mut Transcript) -> Self[src]

Construct an empty constraint system with specified external input variables.

Inputs

The bp_gens and pc_gens are generators for Bulletproofs and for the Pedersen commitments, respectively. The BulletproofGens should have gens_capacity greater than the number of multiplication constraints that will eventually be added into the constraint system.

The transcript parameter is a Merlin proof transcript. The ProverCS holds onto the &mut Transcript until it consumes itself during [ProverCS::prove], releasing its borrow of the transcript. This ensures that the transcript cannot be altered except by the ProverCS before proving is complete.

Returns

Returns a new Prover instance.

pub fn commit(
    &mut self,
    v: Scalar,
    v_blinding: Scalar
) -> (CompressedRistretto, Variable)
[src]

Creates commitment to a high-level variable and adds it to the transcript.

Inputs

The v and v_blinding parameters are openings to the commitment to the external variable for the constraint system. Passing the opening (the value together with the blinding factor) makes it possible to reference pre-existing commitments in the constraint system. All external variables must be passed up-front, so that challenges produced by [ConstraintSystem::challenge_scalar] are bound to the external variables.

Returns

Returns a pair of a Pedersen commitment (as a compressed Ristretto point), and a Variable corresponding to it, which can be used to form constraints.

fn flattened_constraints(
    &mut self,
    z: &Scalar
) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>, Vec<Scalar>)
[src]

Use a challenge, z, to flatten the constraints in the constraint system into vectors used for proving and verification.

Output

Returns a tuple of

(wL, wR, wO, wV)

where w{L,R,O} is \( z \cdot z^Q \cdot W_{L,R,O} \).

fn eval(&self, lc: &LinearCombination) -> Scalar[src]

fn create_randomized_constraints(self) -> Result<Self, R1CSError>[src]

Calls all remembered callbacks with an API that allows generating challenge scalars.

pub fn prove(self, bp_gens: &BulletproofGens) -> Result<R1CSProof, R1CSError>[src]

Consume this ConstraintSystem to produce a proof.

Trait Implementations

impl<'t, 'g> ConstraintSystem for Prover<'t, 'g>[src]

impl<'t, 'g> Drop for Prover<'t, 'g>[src]

Overwrite secrets with null bytes when they go out of scope.

impl<'t, 'g> RandomizableConstraintSystem for Prover<'t, 'g>[src]

type RandomizedCS = RandomizingProver<'t, 'g>

Represents a concrete type for the CS in a randomization phase.

Auto Trait Implementations

impl<'t, 'g> !RefUnwindSafe for Prover<'t, 'g>

impl<'t, 'g> !Send for Prover<'t, 'g>

impl<'t, 'g> !Sync for Prover<'t, 'g>

impl<'t, 'g> Unpin for Prover<'t, 'g>

impl<'t, 'g> !UnwindSafe for Prover<'t, 'g>

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = !

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.