[][src]Struct bulletproofs::r1cs::proof::R1CSProof

pub struct R1CSProof {
    pub(super) A_I1: CompressedRistretto,
    pub(super) A_O1: CompressedRistretto,
    pub(super) S1: CompressedRistretto,
    pub(super) A_I2: CompressedRistretto,
    pub(super) A_O2: CompressedRistretto,
    pub(super) S2: CompressedRistretto,
    pub(super) T_1: CompressedRistretto,
    pub(super) T_3: CompressedRistretto,
    pub(super) T_4: CompressedRistretto,
    pub(super) T_5: CompressedRistretto,
    pub(super) T_6: CompressedRistretto,
    pub(super) t_x: Scalar,
    pub(super) t_x_blinding: Scalar,
    pub(super) e_blinding: Scalar,
    pub(super) ipp_proof: InnerProductProof,
}

A proof of some statement specified by a ConstraintSystem.

Statements are specified by writing gadget functions which add constraints to a ConstraintSystem implementation. To construct an R1CSProof, a prover constructs a ProverCS, then passes it to gadget functions to build the constraint system, then consumes the constraint system using ProverCS::prove to produce an R1CSProof. To verify an R1CSProof, a verifier constructs a VerifierCS, then passes it to the same gadget functions to (re)build the constraint system, then consumes the constraint system using VerifierCS::verify to verify the proof.

Fields

A_I1: CompressedRistretto

Commitment to the values of input wires in the first phase.

A_O1: CompressedRistretto

Commitment to the values of output wires in the first phase.

S1: CompressedRistretto

Commitment to the blinding factors in the first phase.

A_I2: CompressedRistretto

Commitment to the values of input wires in the second phase.

A_O2: CompressedRistretto

Commitment to the values of output wires in the second phase.

S2: CompressedRistretto

Commitment to the blinding factors in the second phase.

T_1: CompressedRistretto

Commitment to the \(t_1\) coefficient of \( t(x) \)

T_3: CompressedRistretto

Commitment to the \(t_3\) coefficient of \( t(x) \)

T_4: CompressedRistretto

Commitment to the \(t_4\) coefficient of \( t(x) \)

T_5: CompressedRistretto

Commitment to the \(t_5\) coefficient of \( t(x) \)

T_6: CompressedRistretto

Commitment to the \(t_6\) coefficient of \( t(x) \)

t_x: Scalar

Evaluation of the polynomial \(t(x)\) at the challenge point \(x\)

t_x_blinding: Scalar

Blinding factor for the synthetic commitment to \( t(x) \)

e_blinding: Scalar

Blinding factor for the synthetic commitment to the inner-product arguments

ipp_proof: InnerProductProof

Proof data for the inner-product argument.

Methods

impl R1CSProof[src]

pub fn to_bytes(&self) -> Vec<u8>[src]

Serializes the proof into a byte array of 1 version byte + \((13 or 16) + 2k\) 32-byte elements, where \(k=\lceil \log_2(n) \rceil\) and \(n\) is the number of multiplication gates.

Layout

The layout of the r1cs proof encoding is:

  • 1 version byte indicating whether the proof contains second-phase commitments or not,
  • 8 or 11 compressed Ristretto points \(A_{I1},A_{O1},S_1,(A_{I2},A_{O2},S_2),T_1,...,T_6\) (\(A_{I2},A_{O2},S_2\) are skipped if there were no multipliers added in the randomized phase),
  • three scalars \(t_x, \tilde{t}_x, \tilde{e}\),
  • \(k\) pairs of compressed Ristretto points \(L_0,R_0\dots,L_{k-1},R_{k-1}\),
  • two scalars \(a, b\).

pub fn serialized_size(&self) -> usize[src]

Returns the size in bytes required to serialize the R1CSProof.

fn missing_phase2_commitments(&self) -> bool[src]

pub fn from_bytes(slice: &[u8]) -> Result<R1CSProof, R1CSError>[src]

Deserializes the proof from a byte slice.

Returns an error if the byte slice cannot be parsed into a R1CSProof.

Trait Implementations

impl Clone for R1CSProof[src]

impl Debug for R1CSProof[src]

impl<'de> Deserialize<'de> for R1CSProof[src]

impl Serialize for R1CSProof[src]

Auto Trait Implementations

impl RefUnwindSafe for R1CSProof

impl Send for R1CSProof

impl Sync for R1CSProof

impl Unpin for R1CSProof

impl UnwindSafe for R1CSProof

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T, U> Cast<U> for T where
    U: FromCast<T>, 

impl<T> DeserializeOwned for T where
    T: Deserialize<'de>, 
[src]

impl<T> From<T> for T[src]

impl<T> FromBits<T> for T

impl<T> FromCast<T> for T

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T, U> IntoBits<U> for T where
    U: FromBits<T>, 

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone
[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = !

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.