[−][src]Struct bulletproofs::r1cs::Prover
A ConstraintSystem
implementation for use by the prover.
The prover commits high-level variables and their blinding factors (v, v_blinding)
,
allocates low-level variables and creates constraints in terms of these
high-level variables and low-level variables.
When all constraints are added, the proving code calls prove
which consumes the Prover
instance, samples random challenges
that instantiate the randomized constraints, and creates a complete proof.
Fields
transcript: &'t mut Transcript
pc_gens: &'g PedersenGens
constraints: Vec<LinearCombination>
The constraints accumulated so far.
a_L: Vec<Scalar>
Stores assignments to the "left" of multiplication gates
a_R: Vec<Scalar>
Stores assignments to the "right" of multiplication gates
a_O: Vec<Scalar>
Stores assignments to the "output" of multiplication gates
v: Vec<Scalar>
High-level witness data (value openings to V commitments)
v_blinding: Vec<Scalar>
High-level witness data (blinding openings to V commitments)
deferred_constraints: Vec<Box<dyn Fn(&mut RandomizingProver<'t, 'g>) -> Result<(), R1CSError>>>
This list holds closures that will be called in the second phase of the protocol, when non-randomized variables are committed.
pending_multiplier: Option<usize>
Index of a pending multiplier that's not fully assigned yet.
Methods
impl<'t, 'g> Prover<'t, 'g>
[src]
pub fn new(pc_gens: &'g PedersenGens, transcript: &'t mut Transcript) -> Self
[src]
Construct an empty constraint system with specified external input variables.
Inputs
The bp_gens
and pc_gens
are generators for Bulletproofs
and for the Pedersen commitments, respectively. The
BulletproofGens
should have gens_capacity
greater than
the number of multiplication constraints that will eventually
be added into the constraint system.
The transcript
parameter is a Merlin proof transcript. The
ProverCS
holds onto the &mut Transcript
until it consumes
itself during [ProverCS::prove
], releasing its borrow of the
transcript. This ensures that the transcript cannot be
altered except by the ProverCS
before proving is complete.
Returns
Returns a new Prover
instance.
pub fn commit(
&mut self,
v: Scalar,
v_blinding: Scalar
) -> (CompressedRistretto, Variable)
[src]
&mut self,
v: Scalar,
v_blinding: Scalar
) -> (CompressedRistretto, Variable)
Creates commitment to a high-level variable and adds it to the transcript.
Inputs
The v
and v_blinding
parameters are openings to the
commitment to the external variable for the constraint
system. Passing the opening (the value together with the
blinding factor) makes it possible to reference pre-existing
commitments in the constraint system. All external variables
must be passed up-front, so that challenges produced by
[ConstraintSystem::challenge_scalar
] are bound to the
external variables.
Returns
Returns a pair of a Pedersen commitment (as a compressed Ristretto point),
and a Variable
corresponding to it, which can be used to form constraints.
fn flattened_constraints(
&mut self,
z: &Scalar
) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>, Vec<Scalar>)
[src]
&mut self,
z: &Scalar
) -> (Vec<Scalar>, Vec<Scalar>, Vec<Scalar>, Vec<Scalar>)
Use a challenge, z
, to flatten the constraints in the
constraint system into vectors used for proving and
verification.
Output
Returns a tuple of
(wL, wR, wO, wV)
where w{L,R,O}
is \( z \cdot z^Q \cdot W_{L,R,O} \).
fn eval(&self, lc: &LinearCombination) -> Scalar
[src]
fn create_randomized_constraints(self) -> Result<Self, R1CSError>
[src]
Calls all remembered callbacks with an API that allows generating challenge scalars.
pub fn prove(self, bp_gens: &BulletproofGens) -> Result<R1CSProof, R1CSError>
[src]
Consume this ConstraintSystem
to produce a proof.
Trait Implementations
impl<'t, 'g> ConstraintSystem for Prover<'t, 'g>
[src]
fn transcript(&mut self) -> &mut Transcript
[src]
fn multiply(
&mut self,
left: LinearCombination,
right: LinearCombination
) -> (Variable, Variable, Variable)
[src]
&mut self,
left: LinearCombination,
right: LinearCombination
) -> (Variable, Variable, Variable)
fn allocate(
&mut self,
assignment: Option<Scalar>
) -> Result<Variable, R1CSError>
[src]
&mut self,
assignment: Option<Scalar>
) -> Result<Variable, R1CSError>
fn allocate_multiplier(
&mut self,
input_assignments: Option<(Scalar, Scalar)>
) -> Result<(Variable, Variable, Variable), R1CSError>
[src]
&mut self,
input_assignments: Option<(Scalar, Scalar)>
) -> Result<(Variable, Variable, Variable), R1CSError>
fn multipliers_len(&self) -> usize
[src]
fn constrain(&mut self, lc: LinearCombination)
[src]
impl<'t, 'g> Drop for Prover<'t, 'g>
[src]
Overwrite secrets with null bytes when they go out of scope.
impl<'t, 'g> RandomizableConstraintSystem for Prover<'t, 'g>
[src]
type RandomizedCS = RandomizingProver<'t, 'g>
Represents a concrete type for the CS in a randomization phase.
fn specify_randomized_constraints<F>(
&mut self,
callback: F
) -> Result<(), R1CSError> where
F: 'static + Fn(&mut Self::RandomizedCS) -> Result<(), R1CSError>,
[src]
&mut self,
callback: F
) -> Result<(), R1CSError> where
F: 'static + Fn(&mut Self::RandomizedCS) -> Result<(), R1CSError>,
Auto Trait Implementations
impl<'t, 'g> !RefUnwindSafe for Prover<'t, 'g>
impl<'t, 'g> !Send for Prover<'t, 'g>
impl<'t, 'g> !Sync for Prover<'t, 'g>
impl<'t, 'g> Unpin for Prover<'t, 'g>
impl<'t, 'g> !UnwindSafe for Prover<'t, 'g>
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T, U> Cast<U> for T where
U: FromCast<T>,
U: FromCast<T>,
fn cast(self) -> U
impl<T> From<T> for T
[src]
impl<T> FromBits<T> for T
fn from_bits(t: T) -> T
impl<T> FromCast<T> for T
fn from_cast(t: T) -> T
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> IntoBits<U> for T where
U: FromBits<T>,
U: FromBits<T>,
fn into_bits(self) -> U
impl<T> Same<T> for T
type Output = T
Should always be Self
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = !
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,