From 470dff3d9221b4393f50e5fcb82949ef8551e7a4 Mon Sep 17 00:00:00 2001 From: Kobi Gurkan Date: Wed, 4 Sep 2019 13:15:17 +0300 Subject: [PATCH] adds verify.rs to verify transcript and working phase2 for bn254 --- phase2/src/lib.rs | 14 +- powersoftau/Cargo.lock | 108 ++------- powersoftau/Cargo.toml | 2 +- powersoftau/src/accumulator.rs | 8 +- powersoftau/src/batched_accumulator.rs | 207 ++++++++++++++++- powersoftau/src/bin/beacon_constrained.rs | 6 +- powersoftau/src/bin/compute_constrained.rs | 4 +- powersoftau/src/bin/new.rs | 4 +- powersoftau/src/bin/new_constrained.rs | 4 +- .../bin/{verify.rs.nocompile => verify.rs} | 210 ++++++++++++++---- .../src/bin/verify_transform_constrained.rs | 6 +- powersoftau/src/bls12_381/mod.rs | 51 ----- powersoftau/src/bn256/mod.rs | 16 +- powersoftau/src/keypair.rs | 8 +- powersoftau/src/parameters.rs | 10 +- powersoftau/src/small_bn256/mod.rs | 10 +- powersoftau/src/utils.rs | 11 +- powersoftau/test.sh | 3 + 18 files changed, 440 insertions(+), 242 deletions(-) rename powersoftau/src/bin/{verify.rs.nocompile => verify.rs} (55%) diff --git a/phase2/src/lib.rs b/phase2/src/lib.rs index 311f5c9..87a4680 100644 --- a/phase2/src/lib.rs +++ b/phase2/src/lib.rs @@ -235,8 +235,8 @@ use bellman_ce::pairing::{ CurveAffine, CurveProjective, Wnaf, - bls12_381::{ - Bls12, + bn256::{ + Bn256, Fr, G1, G2, @@ -380,7 +380,7 @@ impl ConstraintSystem for KeypairAssembly { /// they contain a transcript of contributions at the end, which can be verified. #[derive(Clone)] pub struct MPCParameters { - params: Parameters, + params: Parameters, cs_hash: [u8; 64], contributions: Vec } @@ -400,7 +400,7 @@ impl MPCParameters { pub fn new( circuit: C, ) -> Result - where C: Circuit + where C: Circuit { let mut assembly = KeypairAssembly { num_inputs: 0, @@ -511,7 +511,7 @@ impl MPCParameters { let beta_coeffs_g1 = Arc::new(beta_coeffs_g1); let mut h = Vec::with_capacity(m - 1); - for _ in 0..(m - 1) { + for i in 0..(m - 1) { h.push(read_g1(f)?); } @@ -686,7 +686,7 @@ impl MPCParameters { } /// Get the underlying Groth16 `Parameters` - pub fn get_params(&self) -> &Parameters { + pub fn get_params(&self) -> &Parameters { &self.params } @@ -781,7 +781,7 @@ impl MPCParameters { /// contributors obtained when they ran /// `MPCParameters::contribute`, for ensuring that contributions /// exist in the final parameters. - pub fn verify>( + pub fn verify>( &self, circuit: C ) -> Result, ()> diff --git a/powersoftau/Cargo.lock b/powersoftau/Cargo.lock index 1b98e54..807f1eb 100644 --- a/powersoftau/Cargo.lock +++ b/powersoftau/Cargo.lock @@ -9,18 +9,17 @@ dependencies = [ ] [[package]] -name = "bellman" -version = "0.2.0" -source = "git+https://github.com/matterinc/bellman?tag=0.2.0#6e45a4b233e97a71f4a8a0565c8f8d753c04c08f" +name = "bellman_ce" +version = "0.3.1" dependencies = [ "bit-vec 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)", - "blake2-rfc 0.2.18 (git+https://github.com/gtank/blake2-rfc?rev=7a5b5fc99ae483a0043db7547fb79a6fa44b88a9)", "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", + "cfg-if 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", "crossbeam 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", "futures 0.1.25 (registry+https://github.com/rust-lang/crates.io-index)", "futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)", "num_cpus 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)", - "pairing 0.16.2 (git+https://github.com/matterinc/pairing?tag=0.16.2)", + "pairing_ce 0.18.0 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -40,16 +39,6 @@ dependencies = [ "generic-array 0.8.3 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "blake2-rfc" -version = "0.2.18" -source = "git+https://github.com/gtank/blake2-rfc?rev=7a5b5fc99ae483a0043db7547fb79a6fa44b88a9#7a5b5fc99ae483a0043db7547fb79a6fa44b88a9" -dependencies = [ - "arrayvec 0.4.10 (registry+https://github.com/rust-lang/crates.io-index)", - "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", - "constant_time_eq 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", -] - [[package]] name = "byte-tools" version = "0.2.0" @@ -159,26 +148,26 @@ version = "1.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] -name = "ff" -version = "0.5.0" -source = "git+https://github.com/matterinc/ff?tag=0.5#056a13b95f4b971a9ae2c6fbb5fbc9f1e4f4828e" +name = "ff_ce" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", - "ff_derive 0.4.0 (git+https://github.com/matterinc/ff?tag=0.5)", + "ff_derive_ce 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", + "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] -name = "ff_derive" -version = "0.4.0" -source = "git+https://github.com/matterinc/ff?tag=0.5#056a13b95f4b971a9ae2c6fbb5fbc9f1e4f4828e" +name = "ff_derive_ce" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "num-bigint 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", "num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)", "num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", "proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)", "quote 0.6.11 (registry+https://github.com/rust-lang/crates.io-index)", - "serde_derive 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)", "syn 0.14.9 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -245,11 +234,6 @@ dependencies = [ "either 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "itoa" -version = "0.4.3" -source = "registry+https://github.com/rust-lang/crates.io-index" - [[package]] name = "lazy_static" version = "1.3.0" @@ -310,24 +294,20 @@ dependencies = [ ] [[package]] -name = "pairing" -version = "0.16.2" -source = "git+https://github.com/matterinc/pairing?tag=0.16.2#c2af46cac3e6ebc8e1e1f37bb993e5e6c7f689d1" +name = "pairing_ce" +version = "0.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", - "ff 0.5.0 (git+https://github.com/matterinc/ff?tag=0.5)", - "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", + "ff_ce 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", - "serde 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)", - "serde_derive 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)", - "serde_json 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] name = "powersoftau" version = "0.2.0" dependencies = [ - "bellman 0.2.0 (git+https://github.com/matterinc/bellman?tag=0.2.0)", + "bellman_ce 0.3.1", "blake2 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)", "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "crossbeam 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", @@ -434,41 +414,11 @@ name = "rustc-serialize" version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -[[package]] -name = "ryu" -version = "0.2.7" -source = "registry+https://github.com/rust-lang/crates.io-index" - [[package]] name = "scopeguard" version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -[[package]] -name = "serde" -version = "1.0.88" -source = "registry+https://github.com/rust-lang/crates.io-index" - -[[package]] -name = "serde_derive" -version = "1.0.88" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)", - "quote 0.6.11 (registry+https://github.com/rust-lang/crates.io-index)", - "syn 0.15.26 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "serde_json" -version = "1.0.38" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "itoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", - "ryu 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)", - "serde 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)", -] - [[package]] name = "smallvec" version = "0.6.9" @@ -484,16 +434,6 @@ dependencies = [ "unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "syn" -version = "0.15.26" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)", - "quote 0.6.11 (registry+https://github.com/rust-lang/crates.io-index)", - "unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", -] - [[package]] name = "time" version = "0.1.42" @@ -535,10 +475,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [metadata] "checksum arrayvec 0.4.10 (registry+https://github.com/rust-lang/crates.io-index)" = "92c7fb76bc8826a8b33b4ee5bb07a247a81e76764ab4d55e8f73e3a4d8808c71" -"checksum bellman 0.2.0 (git+https://github.com/matterinc/bellman?tag=0.2.0)" = "" "checksum bit-vec 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "02b4ff8b16e6076c3e14220b39fbc1fabb6737522281a388998046859400895f" "checksum blake2 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)" = "53bf612c0f2839b7e764ebac65d6cb985f7c6812de399d0728038f4b1da141bc" -"checksum blake2-rfc 0.2.18 (git+https://github.com/gtank/blake2-rfc?rev=7a5b5fc99ae483a0043db7547fb79a6fa44b88a9)" = "" "checksum byte-tools 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "560c32574a12a89ecd91f5e742165893f86e3ab98d21f8ea548658eb9eef5f40" "checksum byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "a019b10a2a7cdeb292db131fc8113e57ea2a908f6e7894b0c3c671893b65dbeb" "checksum cfg-if 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "11d43355396e872eefb45ce6342e4374ed7bc2b3a502d1b28e36d6e23c05d1f4" @@ -553,8 +491,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum crypto-mac 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "779015233ac67d65098614aec748ac1c756ab6677fa2e14cf8b37c08dfed1198" "checksum digest 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e5b29bf156f3f4b3c4f610a25ff69370616ae6e0657d416de22645483e72af0a" "checksum either 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "c67353c641dc847124ea1902d69bd753dee9bb3beff9aa3662ecf86c971d1fac" -"checksum ff 0.5.0 (git+https://github.com/matterinc/ff?tag=0.5)" = "" -"checksum ff_derive 0.4.0 (git+https://github.com/matterinc/ff?tag=0.5)" = "" +"checksum ff_ce 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "18af1ea1b80a4b474fae13af4c58cf0a5a2bc33832d5fa70f68a4b286178fdb5" +"checksum ff_derive_ce 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1d245b4e76c5b36bb7721ea15b7fbc61bebf0c5d2890eaf49fe1e2a3eed36db9" "checksum fuchsia-cprng 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba" "checksum futures 0.1.25 (registry+https://github.com/rust-lang/crates.io-index)" = "49e7653e374fe0d0c12de4250f0bdb60680b8c80eed558c5c7538eec9c89e21b" "checksum futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4" @@ -564,7 +502,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum hex-literal 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "27455ce8b4a6666c87220e4b59c9a83995476bdadc10197905e61dbe906e36fa" "checksum hex-literal-impl 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1d340b6514f232f6db1bd16db65302a5278a04fef9ce867cb932e7e5fa21130a" "checksum itertools 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5b8467d9c1cebe26feb08c640139247fac215782d35371ade9a2136ed6085358" -"checksum itoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "1306f3464951f30e30d12373d31c79fbd52d236e5e896fd92f96ec7babbbe60b" "checksum lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bc5729f27f159ddd61f4df6228e827e86643d4d3e7c32183cb30a1c08f604a14" "checksum libc 0.2.49 (registry+https://github.com/rust-lang/crates.io-index)" = "413f3dfc802c5dc91dc570b05125b6cda9855edfaa9825c9849807876376e70e" "checksum memmap 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6585fd95e7bb50d6cc31e20d4cf9afb4e2ba16c5846fc76793f11218da9c475b" @@ -574,7 +511,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)" = "e83d528d2677f0518c570baf2b7abdcf0cd2d248860b68507bdcb3e91d4c0cea" "checksum num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0b3a5d7cc97d6d30d8b9bc8fa19bf45349ffe46241e8816f50f62f6d6aaabee1" "checksum num_cpus 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1a23f0ed30a54abaa0c7e83b1d2d87ada7c3c23078d1d87815af3e3b6385fbba" -"checksum pairing 0.16.2 (git+https://github.com/matterinc/pairing?tag=0.16.2)" = "" +"checksum pairing_ce 0.18.0 (registry+https://github.com/rust-lang/crates.io-index)" = "f075a9c570e2026111cb6dddf6a320e5163c42aa32500b315ec34acbcf7c9b36" "checksum proc-macro-hack 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2c725b36c99df7af7bf9324e9c999b9e37d92c8f8caf106d82e1d7953218d2d8" "checksum proc-macro-hack-impl 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2b753ad9ed99dd8efeaa7d2fb8453c8f6bc3e54b97966d35f1bc77ca6865254a" "checksum proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)" = "4d317f9caece796be1980837fd5cb3dfec5613ebdb04ad0956deea83ce168915" @@ -587,14 +524,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum redox_syscall 0.1.51 (registry+https://github.com/rust-lang/crates.io-index)" = "423e376fffca3dfa06c9e9790a9ccd282fafb3cc6e6397d01dbf64f9bacc6b85" "checksum rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)" = "f76d05d3993fd5f4af9434e8e436db163a12a9d40e1a58a726f27a01dfd12a2a" "checksum rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)" = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda" -"checksum ryu 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)" = "eb9e9b8cde282a9fe6a42dd4681319bfb63f121b8a8ee9439c6f4107e58a46f7" "checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27" -"checksum serde 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)" = "9f301d728f2b94c9a7691c90f07b0b4e8a4517181d9461be94c04bddeb4bd850" -"checksum serde_derive 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)" = "beed18e6f5175aef3ba670e57c60ef3b1b74d250d962a26604bff4c80e970dd4" -"checksum serde_json 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)" = "27dce848e7467aa0e2fcaf0a413641499c0b745452aaca1194d24dedde9e13c9" "checksum smallvec 0.6.9 (registry+https://github.com/rust-lang/crates.io-index)" = "c4488ae950c49d403731982257768f48fada354a5203fe81f9bb6f43ca9002be" "checksum syn 0.14.9 (registry+https://github.com/rust-lang/crates.io-index)" = "261ae9ecaa397c42b960649561949d69311f08eeaea86a65696e6e46517cf741" -"checksum syn 0.15.26 (registry+https://github.com/rust-lang/crates.io-index)" = "f92e629aa1d9c827b2bb8297046c1ccffc57c99b947a680d3ccff1f136a3bee9" "checksum time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)" = "db8dcfca086c1143c9270ac42a2bbd8a7ee477b78ac8e45b19abfb0cbede4b6f" "checksum typenum 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "612d636f949607bdf9b123b4a6f6d966dedf3ff669f7f045890d3a4a73948169" "checksum unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc" diff --git a/powersoftau/Cargo.toml b/powersoftau/Cargo.toml index 98c49b7..cde5869 100644 --- a/powersoftau/Cargo.toml +++ b/powersoftau/Cargo.toml @@ -24,7 +24,7 @@ rust-crypto = "0.2" memmap = "0.7.0" itertools = "0.8.0" -bellman = { git = 'https://github.com/matterinc/bellman', tag = "0.2.0"} +bellman_ce = { path = "../bellman" } [features] diff --git a/powersoftau/src/accumulator.rs b/powersoftau/src/accumulator.rs index cce9d3a..f0054a0 100644 --- a/powersoftau/src/accumulator.rs +++ b/powersoftau/src/accumulator.rs @@ -32,16 +32,16 @@ extern crate blake2; extern crate generic_array; extern crate typenum; extern crate byteorder; -extern crate bellman; +extern crate bellman_ce; extern crate memmap; use memmap::{Mmap, MmapMut}; -use bellman::pairing::ff::{Field, PrimeField}; +use bellman_ce::pairing::ff::{Field, PrimeField}; use byteorder::{ReadBytesExt, BigEndian}; use rand::{SeedableRng, Rng, Rand}; use rand::chacha::ChaChaRng; -use bellman::pairing::bn256::{Bn256}; -use bellman::pairing::*; +use bellman_ce::pairing::bn256::{Bn256}; +use bellman_ce::pairing::*; use std::io::{self, Read, Write}; use std::sync::{Arc, Mutex}; use generic_array::GenericArray; diff --git a/powersoftau/src/batched_accumulator.rs b/powersoftau/src/batched_accumulator.rs index ca01671..1f2f248 100644 --- a/powersoftau/src/batched_accumulator.rs +++ b/powersoftau/src/batched_accumulator.rs @@ -8,18 +8,18 @@ extern crate blake2; extern crate generic_array; extern crate typenum; extern crate byteorder; -extern crate bellman; +extern crate bellman_ce; extern crate memmap; extern crate itertools; use itertools::Itertools; use memmap::{Mmap, MmapMut}; -use bellman::pairing::ff::{Field, PrimeField}; +use bellman_ce::pairing::ff::{Field, PrimeField}; use byteorder::{ReadBytesExt, BigEndian}; use rand::{SeedableRng, Rng, Rand}; use rand::chacha::ChaChaRng; -use bellman::pairing::bn256::{Bn256}; -use bellman::pairing::*; +use bellman_ce::pairing::bn256::{Bn256}; +use bellman_ce::pairing::*; use std::io::{self, Read, Write}; use std::sync::{Arc, Mutex}; use generic_array::GenericArray; @@ -73,8 +73,7 @@ impl BachedAccumulator { let mut hasher = Blake2b::default(); for chunk in input_map.chunks(chunk_size) { hasher.input(&chunk); - } - + } hasher.result() } } @@ -91,6 +90,18 @@ impl BachedAccumulator { marker: std::marker::PhantomData::

{} } } + + pub fn new_for_verify() -> Self { + Self { + tau_powers_g1: vec![E::G1Affine::one(); P::TAU_POWERS_G1_LENGTH], + tau_powers_g2: vec![E::G2Affine::one(); P::TAU_POWERS_LENGTH], + alpha_tau_powers_g1: vec![E::G1Affine::one(); P::TAU_POWERS_LENGTH], + beta_tau_powers_g1: vec![E::G1Affine::one(); P::TAU_POWERS_LENGTH], + beta_g2: E::G2Affine::one(), + hash: blank_hash(), + marker: std::marker::PhantomData::

{} + } + } } impl BachedAccumulator { @@ -189,6 +200,71 @@ impl BachedAccumulator { } } +/// Verifies a transformation of the `Accumulator` with the `PublicKey`, given a 64-byte transcript `digest`. +pub fn verify_transform(before: &BachedAccumulator, after: &BachedAccumulator, key: &PublicKey, digest: &[u8]) -> bool +{ + assert_eq!(digest.len(), 64); + + let tau_g2_s = compute_g2_s::(&digest, &key.tau_g1.0, &key.tau_g1.1, 0); + let alpha_g2_s = compute_g2_s::(&digest, &key.alpha_g1.0, &key.alpha_g1.1, 1); + let beta_g2_s = compute_g2_s::(&digest, &key.beta_g1.0, &key.beta_g1.1, 2); + + // Check the proofs-of-knowledge for tau/alpha/beta + + // g1^s / g1^(s*x) = g2^s / g2^(s*x) + if !same_ratio(key.tau_g1, (tau_g2_s, key.tau_g2)) { + return false; + } + if !same_ratio(key.alpha_g1, (alpha_g2_s, key.alpha_g2)) { + return false; + } + if !same_ratio(key.beta_g1, (beta_g2_s, key.beta_g2)) { + return false; + } + + // Check the correctness of the generators for tau powers + if after.tau_powers_g1[0] != E::G1Affine::one() { + return false; + } + if after.tau_powers_g2[0] != E::G2Affine::one() { + return false; + } + + // Did the participant multiply the previous tau by the new one? + if !same_ratio((before.tau_powers_g1[1], after.tau_powers_g1[1]), (tau_g2_s, key.tau_g2)) { + return false; + } + + // Did the participant multiply the previous alpha by the new one? + if !same_ratio((before.alpha_tau_powers_g1[0], after.alpha_tau_powers_g1[0]), (alpha_g2_s, key.alpha_g2)) { + return false; + } + + // Did the participant multiply the previous beta by the new one? + if !same_ratio((before.beta_tau_powers_g1[0], after.beta_tau_powers_g1[0]), (beta_g2_s, key.beta_g2)) { + return false; + } + if !same_ratio((before.beta_tau_powers_g1[0], after.beta_tau_powers_g1[0]), (before.beta_g2, after.beta_g2)) { + return false; + } + + // Are the powers of tau correct? + if !same_ratio(power_pairs(&after.tau_powers_g1), (after.tau_powers_g2[0], after.tau_powers_g2[1])) { + return false; + } + if !same_ratio(power_pairs(&after.tau_powers_g2), (after.tau_powers_g1[0], after.tau_powers_g1[1])) { + return false; + } + if !same_ratio(power_pairs(&after.alpha_tau_powers_g1), (after.tau_powers_g2[0], after.tau_powers_g2[1])) { + return false; + } + if !same_ratio(power_pairs(&after.beta_tau_powers_g1), (after.tau_powers_g2[0], after.tau_powers_g2[1])) { + return false; + } + + true +} + impl BachedAccumulator { /// Verifies a transformation of the `Accumulator` with the `PublicKey`, given a 64-byte transcript `digest`. pub fn verify_transformation( @@ -368,6 +444,112 @@ impl BachedAccumulator { Ok(()) } + + pub fn deserialize( + input_map: &Mmap, + check_input_for_correctness: CheckForCorrectness, + compression: UseCompression, + ) -> io::Result> + { + use itertools::MinMaxResult::{MinMax}; + + let mut accumulator = Self::empty(); + + let mut tau_powers_g1 = vec![]; + let mut tau_powers_g2 = vec![]; + let mut alpha_tau_powers_g1 = vec![]; + let mut beta_tau_powers_g1 = vec![]; + let mut beta_g2 = vec![]; + + for chunk in &(0..P::TAU_POWERS_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) { + if let MinMax(start, end) = chunk.minmax() { + let size = end - start + 1; + accumulator.read_chunk(start, size, compression, check_input_for_correctness, &input_map).expect(&format!("must read a chunk from {} to {} from source of decompression", start, end)); + tau_powers_g1.extend_from_slice(&accumulator.tau_powers_g1); + tau_powers_g2.extend_from_slice(&accumulator.tau_powers_g2); + alpha_tau_powers_g1.extend_from_slice(&accumulator.alpha_tau_powers_g1); + beta_tau_powers_g1.extend_from_slice(&accumulator.beta_tau_powers_g1); + if start == 0 { + beta_g2.extend_from_slice(&[accumulator.beta_g2]); + } + } else { + panic!("Chunk does not have a min and max"); + } + } + + for chunk in &(P::TAU_POWERS_LENGTH..P::TAU_POWERS_G1_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) { + if let MinMax(start, end) = chunk.minmax() { + let size = end - start + 1; + accumulator.read_chunk(start, size, compression, check_input_for_correctness, &input_map).expect(&format!("must read a chunk from {} to {} from source of decompression", start, end)); + assert_eq!(accumulator.tau_powers_g2.len(), 0, "during rest of tau g1 generation tau g2 must be empty"); + assert_eq!(accumulator.alpha_tau_powers_g1.len(), 0, "during rest of tau g1 generation alpha*tau in g1 must be empty"); + assert_eq!(accumulator.beta_tau_powers_g1.len(), 0, "during rest of tau g1 generation beta*tau in g1 must be empty"); + + tau_powers_g1.extend_from_slice(&accumulator.tau_powers_g1); + tau_powers_g2.extend_from_slice(&accumulator.tau_powers_g2); + alpha_tau_powers_g1.extend_from_slice(&accumulator.alpha_tau_powers_g1); + beta_tau_powers_g1.extend_from_slice(&accumulator.beta_tau_powers_g1); + } else { + panic!("Chunk does not have a min and max"); + } + } + + Ok(BachedAccumulator { + tau_powers_g1: tau_powers_g1, + tau_powers_g2: tau_powers_g2, + alpha_tau_powers_g1: alpha_tau_powers_g1, + beta_tau_powers_g1: beta_tau_powers_g1, + beta_g2: beta_g2[0], + hash: blank_hash(), + marker: std::marker::PhantomData::

{} + }) + } + + pub fn serialize( + &mut self, + output_map: &mut MmapMut, + compression: UseCompression + ) -> io::Result<()> + { + use itertools::MinMaxResult::{MinMax}; + + for chunk in &(0..P::TAU_POWERS_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) { + if let MinMax(start, end) = chunk.minmax() { + let mut tmp_acc = BachedAccumulator:: { + tau_powers_g1: (&self.tau_powers_g1[start..end+1]).to_vec(), + tau_powers_g2: (&self.tau_powers_g2[start..end+1]).to_vec(), + alpha_tau_powers_g1: (&self.alpha_tau_powers_g1[start..end+1]).to_vec(), + beta_tau_powers_g1: (&self.beta_tau_powers_g1[start..end+1]).to_vec(), + beta_g2: self.beta_g2.clone(), + hash: self.hash.clone(), + marker: std::marker::PhantomData::

{} + }; + tmp_acc.write_chunk(start, compression, output_map)?; + } else { + panic!("Chunk does not have a min and max"); + } + } + + for chunk in &(P::TAU_POWERS_LENGTH..P::TAU_POWERS_G1_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) { + if let MinMax(start, end) = chunk.minmax() { + let mut tmp_acc = BachedAccumulator:: { + tau_powers_g1: (&self.tau_powers_g1[start..end+1]).to_vec(), + tau_powers_g2: vec![], + alpha_tau_powers_g1: vec![], + beta_tau_powers_g1: vec![], + beta_g2: self.beta_g2.clone(), + hash: self.hash.clone(), + marker: std::marker::PhantomData::

{} + }; + tmp_acc.write_chunk(start, compression, output_map)?; + } else { + panic!("Chunk does not have a min and max"); + } + } + + Ok(()) + } + } impl BachedAccumulator { @@ -726,7 +908,7 @@ impl BachedAccumulator { crossbeam::scope(|scope| { for (i, taupowers) in taupowers.chunks_mut(chunk_size).enumerate() { scope.spawn(move || { - let mut acc = key.tau.pow(&[(i * chunk_size) as u64]); + let mut acc = key.tau.pow(&[(start + i * chunk_size) as u64]); for t in taupowers { *t = acc; @@ -740,10 +922,11 @@ impl BachedAccumulator { batch_exp::(&mut accumulator.tau_powers_g2, &taupowers[0..], None); batch_exp::(&mut accumulator.alpha_tau_powers_g1, &taupowers[0..], Some(&key.alpha)); batch_exp::(&mut accumulator.beta_tau_powers_g1, &taupowers[0..], Some(&key.beta)); - accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine(); + if start == 0 { + accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine(); + } assert!(!accumulator.beta_g2.is_zero(), "your contribution happed to produce a point at infinity, please re-run"); accumulator.write_chunk(start, compress_the_output, output_map)?; - println!("Done processing {} powers of tau", end); } else { panic!("Chunk does not have a min and max"); @@ -764,7 +947,7 @@ impl BachedAccumulator { crossbeam::scope(|scope| { for (i, taupowers) in taupowers.chunks_mut(chunk_size).enumerate() { scope.spawn(move || { - let mut acc = key.tau.pow(&[(i * chunk_size) as u64]); + let mut acc = key.tau.pow(&[(start + i * chunk_size) as u64]); for t in taupowers { *t = acc; @@ -775,8 +958,8 @@ impl BachedAccumulator { }); batch_exp::(&mut accumulator.tau_powers_g1, &taupowers[0..], None); - accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine(); - assert!(!accumulator.beta_g2.is_zero(), "your contribution happed to produce a point at infinity, please re-run"); + //accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine(); + //assert!(!accumulator.beta_g2.is_zero(), "your contribution happed to produce a point at infinity, please re-run"); accumulator.write_chunk(start, compress_the_output, output_map)?; println!("Done processing {} powers of tau", end); diff --git a/powersoftau/src/bin/beacon_constrained.rs b/powersoftau/src/bin/beacon_constrained.rs index bcedef3..24e5dcb 100644 --- a/powersoftau/src/bin/beacon_constrained.rs +++ b/powersoftau/src/bin/beacon_constrained.rs @@ -1,5 +1,5 @@ extern crate powersoftau; -extern crate bellman; +extern crate bellman_ce; extern crate memmap; extern crate rand; extern crate blake2; @@ -13,7 +13,7 @@ use powersoftau::keypair::{keypair}; use powersoftau::parameters::{UseCompression, CheckForCorrectness}; use std::fs::OpenOptions; -use bellman::pairing::bn256::Bn256; +use bellman_ce::pairing::bn256::Bn256; use memmap::*; use std::io::Write; @@ -44,7 +44,7 @@ fn main() { let mut cur_hash: [u8; 32] = hex!("0000000000000000000a558a61ddc8ee4e488d647a747fe4dcc362fe2026c620"); // Performs 2^n hash iterations over it - const N: usize = 31; + const N: usize = 10; for i in 0..(1u64< String { let mut f = String::new(); @@ -29,20 +39,54 @@ fn into_hex(h: &[u8]) -> String { // given the current state of the accumulator and the last // response file hash. fn get_challenge_file_hash( - acc: &Accumulator, - last_response_file_hash: &[u8; 64] + acc: &mut BachedAccumulator::, + last_response_file_hash: &[u8; 64], + is_initial: bool, ) -> [u8; 64] { let sink = io::sink(); let mut sink = HashWriter::new(sink); - sink.write_all(last_response_file_hash) - .unwrap(); + let file_name = "tmp_challenge_file_hash"; - acc.serialize( - &mut sink, - UseCompression::No - ).unwrap(); + if Path::new(file_name).exists() { + remove_file(file_name).unwrap(); + } + { + let writer = OpenOptions::new() + .read(true) + .write(true) + .create_new(true) + .open(file_name) + .expect("unable to create temporary tmp_challenge_file_hash"); + + writer.set_len(Bn256CeremonyParameters::ACCUMULATOR_BYTE_SIZE as u64).expect("must make output file large enough"); + let mut writable_map = unsafe { MmapOptions::new().map_mut(&writer).expect("unable to create a memory map for output") }; + + (&mut writable_map[0..]).write(&last_response_file_hash[..]).expect("unable to write a default hash to mmap"); + writable_map.flush().expect("unable to write blank hash to `./challenge`"); + + if is_initial { + BachedAccumulator::::generate_initial(&mut writable_map, UseCompression::No).expect("generation of initial accumulator is successful"); + } else { + acc.serialize( + &mut writable_map, + UseCompression::No + ).unwrap(); + } + + writable_map.flush().expect("must flush the memory map"); + } + + let mut challenge_reader = OpenOptions::new() + .read(true) + .open(file_name).expect("unable to open temporary tmp_challenge_file_hash"); + + let mut contents = vec![]; + challenge_reader.read_to_end(&mut contents).unwrap(); + + sink.write_all(&contents) + .unwrap(); let mut tmp = [0; 64]; tmp.copy_from_slice(sink.into_hash().as_slice()); @@ -54,23 +98,51 @@ fn get_challenge_file_hash( // accumulator, the player's public key, and the challenge // file's hash. fn get_response_file_hash( - acc: &Accumulator, - pubkey: &PublicKey, + acc: &mut BachedAccumulator::, + pubkey: &PublicKey::, last_challenge_file_hash: &[u8; 64] ) -> [u8; 64] { let sink = io::sink(); let mut sink = HashWriter::new(sink); - sink.write_all(last_challenge_file_hash) + let file_name = "tmp_response_file_hash"; + if Path::new(file_name).exists() { + remove_file(file_name).unwrap(); + } + { + let writer = OpenOptions::new() + .read(true) + .write(true) + .create_new(true) + .open(file_name) + .expect("unable to create temporary tmp_response_file_hash"); + + writer.set_len(Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE as u64).expect("must make output file large enough"); + let mut writable_map = unsafe { MmapOptions::new().map_mut(&writer).expect("unable to create a memory map for output") }; + + (&mut writable_map[0..]).write(&last_challenge_file_hash[..]).expect("unable to write a default hash to mmap"); + writable_map.flush().expect("unable to write blank hash to `./challenge`"); + + acc.serialize( + &mut writable_map, + UseCompression::Yes + ).unwrap(); + + pubkey.write::(&mut writable_map, UseCompression::Yes).expect("unable to write public key"); + writable_map.flush().expect("must flush the memory map"); + } + + let mut challenge_reader = OpenOptions::new() + .read(true) + .open(file_name).expect("unable to open temporary tmp_response_file_hash"); + + let mut contents = vec![]; + challenge_reader.read_to_end(&mut contents).unwrap(); + + sink.write_all(&contents) .unwrap(); - acc.serialize( - &mut sink, - UseCompression::Yes - ).unwrap(); - - pubkey.serialize(&mut sink).unwrap(); let mut tmp = [0; 64]; tmp.copy_from_slice(sink.into_hash().as_slice()); @@ -78,17 +150,51 @@ fn get_response_file_hash( tmp } +fn new_accumulator_for_verify() -> BachedAccumulator { + let file_name = "tmp_initial_challenge"; + { + if Path::new(file_name).exists() { + remove_file(file_name).unwrap(); + } + + let file = OpenOptions::new() + .read(true) + .write(true) + .create_new(true) + .open(file_name).expect("unable to create `./tmp_initial_challenge`"); + + let expected_challenge_length = Bn256CeremonyParameters::ACCUMULATOR_BYTE_SIZE; + file.set_len(expected_challenge_length as u64).expect("unable to allocate large enough file"); + + let mut writable_map = unsafe { MmapOptions::new().map_mut(&file).expect("unable to create a memory map") }; + BachedAccumulator::::generate_initial(&mut writable_map, UseCompression::No).expect("generation of initial accumulator is successful"); + writable_map.flush().expect("unable to flush memmap to disk"); + } + + let reader = OpenOptions::new() + .read(true) + .open(file_name) + .expect("unable open `./transcript` in this directory"); + let readable_map = unsafe { MmapOptions::new().map(&reader).expect("unable to create a memory map for input") }; + let initial_accumulator = BachedAccumulator::deserialize( + &readable_map, + CheckForCorrectness::Yes, + UseCompression::No, + ).expect("unable to read uncompressed accumulator"); + + initial_accumulator +} + fn main() { // Try to load `./transcript` from disk. let reader = OpenOptions::new() .read(true) .open("transcript") .expect("unable open `./transcript` in this directory"); - - let mut reader = BufReader::with_capacity(1024 * 1024, reader); + let transcript_readable_map = unsafe { MmapOptions::new().map(&reader).expect("unable to create a memory map for input") }; // Initialize the accumulator - let mut current_accumulator = Accumulator::new(); + let mut current_accumulator = new_accumulator_for_verify(); // The "last response file hash" is just a blank BLAKE2b hash // at the beginning of the hash chain. @@ -96,38 +202,62 @@ fn main() { last_response_file_hash.copy_from_slice(blank_hash().as_slice()); // There were 89 rounds. - for _ in 0..89 { + for i in 0..2 { // Compute the hash of the challenge file that the player // should have received. + + let file_name = "tmp_response"; + if Path::new(file_name).exists() { + remove_file(file_name).unwrap(); + } + + let memory_slice = transcript_readable_map.get(i*Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE..(i+1)*Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE).expect("must read point data from file"); + let writer = OpenOptions::new() + .read(true) + .write(true) + .create_new(true) + .open(file_name) + .expect("unable to create temporary tmp_response"); + + writer.set_len(Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE as u64).expect("must make output file large enough"); + let mut writable_map = unsafe { MmapOptions::new().map_mut(&writer).expect("unable to create a memory map for output") }; + + (&mut writable_map[0..]).write(&memory_slice[..]).expect("unable to write a default hash to mmap"); + writable_map.flush().expect("must flush the memory map"); + + let response_readable_map = writable_map.make_read_only().expect("must make a map readonly"); + let last_challenge_file_hash = get_challenge_file_hash( - ¤t_accumulator, - &last_response_file_hash + &mut current_accumulator, + &last_response_file_hash, + i == 0, ); + println!("last challenge hash: {}", into_hex(&last_challenge_file_hash)); // Deserialize the accumulator provided by the player in // their response file. It's stored in the transcript in // uncompressed form so that we can more efficiently // deserialize it. - let response_file_accumulator = Accumulator::deserialize( - &mut reader, - UseCompression::No, - CheckForCorrectness::Yes + + let mut response_file_accumulator = BachedAccumulator::deserialize( + &response_readable_map, + CheckForCorrectness::Yes, + UseCompression::Yes, ).expect("unable to read uncompressed accumulator"); - // Deserialize the public key provided by the player. - let response_file_pubkey = PublicKey::deserialize(&mut reader) - .expect("wasn't able to deserialize the response file's public key"); + println!("test: {}", response_file_accumulator.tau_powers_g1[8190]); + let response_file_pubkey = PublicKey::::read::(&response_readable_map, UseCompression::Yes).unwrap(); // Compute the hash of the response file. (we had it in uncompressed // form in the transcript, but the response file is compressed to save // participants bandwidth.) last_response_file_hash = get_response_file_hash( - &response_file_accumulator, + &mut response_file_accumulator, &response_file_pubkey, &last_challenge_file_hash ); - print!("{}", into_hex(&last_response_file_hash)); + println!("last response file hash: {}", into_hex(&last_response_file_hash)); // Verify the transformation from the previous accumulator to the new // one. This also verifies the correctness of the accumulators and the diff --git a/powersoftau/src/bin/verify_transform_constrained.rs b/powersoftau/src/bin/verify_transform_constrained.rs index 07e5833..0923754 100644 --- a/powersoftau/src/bin/verify_transform_constrained.rs +++ b/powersoftau/src/bin/verify_transform_constrained.rs @@ -1,5 +1,5 @@ extern crate powersoftau; -extern crate bellman; +extern crate bellman_ce; extern crate memmap; extern crate rand; extern crate blake2; @@ -12,7 +12,7 @@ use powersoftau::keypair::{PublicKey}; use powersoftau::parameters::{UseCompression, CheckForCorrectness}; use std::fs::OpenOptions; -use bellman::pairing::bn256::Bn256; +use bellman_ce::pairing::bn256::Bn256; use memmap::*; use std::io::{Read, Write}; @@ -35,7 +35,7 @@ fn main() { let metadata = challenge_reader.metadata().expect("unable to get filesystem metadata for `./challenge`"); let expected_challenge_length = match PREVIOUS_CHALLENGE_IS_COMPRESSED { UseCompression::Yes => { - Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE + Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE - Bn256CeremonyParameters::PUBLIC_KEY_SIZE }, UseCompression::No => { Bn256CeremonyParameters::ACCUMULATOR_BYTE_SIZE diff --git a/powersoftau/src/bls12_381/mod.rs b/powersoftau/src/bls12_381/mod.rs index 665c23b..b98d1c2 100644 --- a/powersoftau/src/bls12_381/mod.rs +++ b/powersoftau/src/bls12_381/mod.rs @@ -191,22 +191,6 @@ pub fn keypair(rng: &mut R, digest: &[u8]) -> (PublicKey, PrivateKey) ) } -/// Determines if point compression should be used. -#[derive(Copy, Clone)] -pub enum UseCompression { - Yes, - No -} - -/// Determines if points should be checked for correctness during deserialization. -/// This is not necessary for participants, because a transcript verifier can -/// check this theirself. -#[derive(Copy, Clone)] -pub enum CheckForCorrectness { - Yes, - No -} - fn write_point( writer: &mut W, p: &G, @@ -822,39 +806,4 @@ impl Read for HashReader { } } -/// Abstraction over a writer which hashes the data being written. -pub struct HashWriter { - writer: W, - hasher: Blake2b -} -impl HashWriter { - /// Construct a new `HashWriter` given an existing `writer` by value. - pub fn new(writer: W) -> Self { - HashWriter { - writer: writer, - hasher: Blake2b::default() - } - } - - /// Destroy this writer and return the hash of what was written. - pub fn into_hash(self) -> GenericArray { - self.hasher.result() - } -} - -impl Write for HashWriter { - fn write(&mut self, buf: &[u8]) -> io::Result { - let bytes = self.writer.write(buf)?; - - if bytes > 0 { - self.hasher.input(&buf[0..bytes]); - } - - Ok(bytes) - } - - fn flush(&mut self) -> io::Result<()> { - self.writer.flush() - } -} diff --git a/powersoftau/src/bn256/mod.rs b/powersoftau/src/bn256/mod.rs index 9a289f1..39445a9 100644 --- a/powersoftau/src/bn256/mod.rs +++ b/powersoftau/src/bn256/mod.rs @@ -5,14 +5,14 @@ extern crate blake2; extern crate generic_array; extern crate typenum; extern crate byteorder; -extern crate bellman; +extern crate bellman_ce; -use self::bellman::pairing::ff::{Field, PrimeField}; +use self::bellman_ce::pairing::ff::{Field, PrimeField}; use self::byteorder::{ReadBytesExt, BigEndian}; use self::rand::{SeedableRng, Rng, Rand}; use self::rand::chacha::ChaChaRng; -use self::bellman::pairing::bn256::{Bn256}; -use self::bellman::pairing::*; +use self::bellman_ce::pairing::bn256::{Bn256}; +use self::bellman_ce::pairing::*; use std::io::{self, Read, Write}; use std::sync::{Arc, Mutex}; use self::generic_array::GenericArray; @@ -56,7 +56,7 @@ fn test_pubkey_serialization() { #[test] fn test_power_pairs() { use self::rand::thread_rng; - use self::bellman::pairing::bn256::{Fr, G1Affine, G2Affine}; + use self::bellman_ce::pairing::bn256::{Fr, G1Affine, G2Affine}; let rng = &mut thread_rng(); let mut v = vec![]; @@ -79,7 +79,7 @@ fn test_power_pairs() { #[test] fn test_same_ratio() { use self::rand::thread_rng; - use self::bellman::pairing::bn256::{Fr, G1Affine, G2Affine}; + use self::bellman_ce::pairing::bn256::{Fr, G1Affine, G2Affine}; let rng = &mut thread_rng(); @@ -98,7 +98,7 @@ fn test_accumulator_serialization() { use crate::accumulator::*; use self::rand::thread_rng; - use self::bellman::pairing::bn256::{Bn256, Fr, G1Affine, G2Affine}; + use self::bellman_ce::pairing::bn256::{Bn256, Fr, G1Affine, G2Affine}; use self::PowersOfTauParameters; let rng = &mut thread_rng(); @@ -116,4 +116,4 @@ fn test_accumulator_serialization() { assert_eq!(v.len(), Bn256CeremonyParameters::ACCUMULATOR_BYTE_SIZE - 64); let deserialized = Accumulator::deserialize(&mut &v[..], UseCompression::No, CheckForCorrectness::No, params).unwrap(); assert!(acc == deserialized); -} \ No newline at end of file +} diff --git a/powersoftau/src/keypair.rs b/powersoftau/src/keypair.rs index e3bb9ac..ba38a82 100644 --- a/powersoftau/src/keypair.rs +++ b/powersoftau/src/keypair.rs @@ -5,18 +5,18 @@ extern crate blake2; extern crate generic_array; extern crate typenum; extern crate byteorder; -extern crate bellman; +extern crate bellman_ce; extern crate memmap; extern crate itertools; use itertools::Itertools; use memmap::{Mmap, MmapMut}; -use self::bellman::pairing::ff::{Field, PrimeField}; +use self::bellman_ce::pairing::ff::{Field, PrimeField}; use self::byteorder::{ReadBytesExt, BigEndian}; use self::rand::{SeedableRng, Rng, Rand}; use self::rand::chacha::ChaChaRng; -use self::bellman::pairing::bn256::{Bn256}; -use self::bellman::pairing::*; +use self::bellman_ce::pairing::bn256::{Bn256}; +use self::bellman_ce::pairing::*; use std::io::{self, Read, Write}; use std::sync::{Arc, Mutex}; use self::generic_array::GenericArray; diff --git a/powersoftau/src/parameters.rs b/powersoftau/src/parameters.rs index 0b56013..32895e6 100644 --- a/powersoftau/src/parameters.rs +++ b/powersoftau/src/parameters.rs @@ -5,14 +5,14 @@ extern crate blake2; extern crate generic_array; extern crate typenum; extern crate byteorder; -extern crate bellman; +extern crate bellman_ce; -use bellman::pairing::ff::{Field, PrimeField}; +use bellman_ce::pairing::ff::{Field, PrimeField}; use byteorder::{ReadBytesExt, BigEndian}; use rand::{SeedableRng, Rng, Rand}; use rand::chacha::ChaChaRng; -use bellman::pairing::bn256::{Bn256}; -use bellman::pairing::*; +use bellman_ce::pairing::bn256::{Bn256}; +use bellman_ce::pairing::*; use std::io::{self, Read, Write}; use std::sync::{Arc, Mutex}; use generic_array::GenericArray; @@ -114,4 +114,4 @@ pub enum ElementType { AlphaG1, BetaG1, BetaG2 -} \ No newline at end of file +} diff --git a/powersoftau/src/small_bn256/mod.rs b/powersoftau/src/small_bn256/mod.rs index a5311a6..d7cf89d 100644 --- a/powersoftau/src/small_bn256/mod.rs +++ b/powersoftau/src/small_bn256/mod.rs @@ -5,14 +5,14 @@ extern crate blake2; extern crate generic_array; extern crate typenum; extern crate byteorder; -extern crate bellman; +extern crate bellman_ce; -use self::bellman::pairing::ff::{Field, PrimeField}; +use self::bellman_ce::pairing::ff::{Field, PrimeField}; use self::byteorder::{ReadBytesExt, BigEndian}; use self::rand::{SeedableRng, Rng, Rand}; use self::rand::chacha::ChaChaRng; -use self::bellman::pairing::bn256::{Bn256}; -use self::bellman::pairing::*; +use self::bellman_ce::pairing::bn256::{Bn256}; +use self::bellman_ce::pairing::*; use std::io::{self, Read, Write}; use std::sync::{Arc, Mutex}; use self::generic_array::GenericArray; @@ -30,7 +30,7 @@ pub struct Bn256CeremonyParameters { } impl PowersOfTauParameters for Bn256CeremonyParameters { - const REQUIRED_POWER: usize = 25; // generate to have roughly 2 million constraints + const REQUIRED_POWER: usize = 12; // generate to have roughly 2 million constraints // This ceremony is based on the BN256 elliptic curve construction. const G1_UNCOMPRESSED_BYTE_SIZE: usize = 64; diff --git a/powersoftau/src/utils.rs b/powersoftau/src/utils.rs index c309833..bd20ecf 100644 --- a/powersoftau/src/utils.rs +++ b/powersoftau/src/utils.rs @@ -5,14 +5,14 @@ extern crate blake2; extern crate generic_array; extern crate typenum; extern crate byteorder; -extern crate bellman; +extern crate bellman_ce; -use bellman::pairing::ff::{Field, PrimeField, PrimeFieldRepr}; +use bellman_ce::pairing::ff::{Field, PrimeField, PrimeFieldRepr}; use byteorder::{ReadBytesExt, BigEndian}; use rand::{SeedableRng, Rng, Rand}; use rand::chacha::ChaChaRng; -use bellman::pairing::bn256::{Bn256}; -use bellman::pairing::*; +use bellman_ce::pairing::bn256::{Bn256}; +use bellman_ce::pairing::*; use std::io::{self, Read, Write}; use std::sync::{Arc, Mutex}; use generic_array::GenericArray; @@ -297,4 +297,5 @@ fn dense_multiexp_inner( return next_region; } -} \ No newline at end of file +} + diff --git a/powersoftau/test.sh b/powersoftau/test.sh index 78eaa4a..e5e9eca 100755 --- a/powersoftau/test.sh +++ b/powersoftau/test.sh @@ -16,3 +16,6 @@ mv response response_old mv new_challenge challenge cargo run --release --bin beacon_constrained cargo run --release --bin verify_transform_constrained + +cat response_old response > transcript +cargo run --release --bin verify