jf_plonk/proof_system/mod.rs
1// Copyright (c) 2022 Espresso Systems (espressosys.com)
2// This file is part of the Jellyfish library.
3
4// You should have received a copy of the MIT License
5// along with the Jellyfish library. If not, see <https://mit-license.org/>.
6
7//! Interfaces for Plonk-based proof systems
8use ark_ec::pairing::Pairing;
9use ark_std::{
10 error::Error,
11 fmt::Debug,
12 rand::{CryptoRng, RngCore},
13 vec::Vec,
14};
15use jf_relation::Arithmetization;
16pub mod batch_arg;
17pub(crate) mod prover;
18pub(crate) mod snark;
19pub mod structs;
20pub(crate) mod verifier;
21use crate::transcript::PlonkTranscript;
22pub use snark::PlonkKzgSnark;
23
24// TODO: (alex) should we name it `PlonkishSNARK` instead? since we use
25// `PlonkTranscript` on prove and verify.
26/// An interface for SNARKs with universal setup.
27pub trait UniversalSNARK<E: Pairing> {
28 /// The SNARK proof computed by the prover.
29 type Proof: Clone;
30
31 /// The parameters required by the prover to compute a proof for a specific
32 /// circuit.
33 type ProvingKey: Clone;
34
35 /// The parameters required by the verifier to validate a proof for a
36 /// specific circuit.
37 type VerifyingKey: Clone;
38
39 /// Universal Structured Reference String from `universal_setup`, used for
40 /// all subsequent circuit-specific preprocessing
41 type UniversalSRS: Clone + Debug;
42
43 /// SNARK related error
44 type Error: 'static + Error;
45
46 /// Generate the universal SRS for the argument system.
47 /// This setup is for trusted party to run, and mostly only used for
48 /// testing purpose. In practice, a MPC flavor of the setup will be carried
49 /// out to have higher assurance on the "toxic waste"/trapdoor being thrown
50 /// away to ensure soundness of the argument system.
51 fn universal_setup<R: RngCore + CryptoRng>(
52 _max_degree: usize,
53 _rng: &mut R,
54 ) -> Result<Self::UniversalSRS, Self::Error> {
55 unimplemented!("Should load from files in practice.");
56 }
57
58 /// Same as `universal_setup`, but for testing and benchmarking code only.
59 /// Insecure local generation for trusted setup! Don't use in production!
60 #[cfg(any(test, feature = "test-srs"))]
61 fn universal_setup_for_testing<R: RngCore + CryptoRng>(
62 _max_degree: usize,
63 _rng: &mut R,
64 ) -> Result<Self::UniversalSRS, Self::Error>;
65
66 /// Circuit-specific preprocessing to compute the proving/verifying keys.
67 fn preprocess<C: Arithmetization<E::ScalarField>>(
68 srs: &Self::UniversalSRS,
69 circuit: &C,
70 ) -> Result<(Self::ProvingKey, Self::VerifyingKey), Self::Error>;
71
72 /// Compute a SNARK proof of a circuit `circuit`, using the corresponding
73 /// proving key `prove_key`. The witness used to
74 /// generate the proof can be obtained from `circuit`.
75 ///
76 /// `extra_transcript_init_msg` is the optional message to be
77 /// appended to the transcript during its initialization before obtaining
78 /// any challenges. This field allows application-specific data bound to the
79 /// resulting proof without any check on the data. It does not incur any
80 /// additional cost in proof size or prove time.
81 fn prove<C, R, T>(
82 rng: &mut R,
83 circuit: &C,
84 prove_key: &Self::ProvingKey,
85 extra_transcript_init_msg: Option<Vec<u8>>,
86 ) -> Result<Self::Proof, Self::Error>
87 where
88 C: Arithmetization<E::ScalarField>,
89 R: CryptoRng + RngCore,
90 T: PlonkTranscript<E::BaseField>;
91
92 /// Verify a SNARK proof `proof` of the circuit `circuit`, with respect to
93 /// the public input `pub_input`.
94 ///
95 /// `extra_transcript_init_msg`: refer to documentation of `prove`
96 fn verify<T: PlonkTranscript<E::BaseField>>(
97 verify_key: &Self::VerifyingKey,
98 public_input: &[E::ScalarField],
99 proof: &Self::Proof,
100 extra_transcript_init_msg: Option<Vec<u8>>,
101 ) -> Result<(), Self::Error>;
102}