|
1 | 1 | #![allow(non_snake_case)] |
2 | 2 |
|
3 | | -use core::slice::SlicePattern; |
4 | 3 | use std::ops::Mul; |
5 | 4 |
|
6 | 5 | use ark_bls12_381::{Config, Fr, G1Affine, G1Projective}; |
@@ -39,16 +38,13 @@ pub struct InnerProductProof { |
39 | 38 | } |
40 | 39 |
|
41 | 40 | pub struct WeightedInnerProductProof { |
42 | | - G: Vec<G1Affine>, |
43 | | - H: Vec<G1Affine>, |
44 | | - g: G1Projective, |
45 | | - h: G1Projective, |
46 | | - |
47 | 41 | vec_L: Vec<G1Projective>, |
48 | 42 | vec_R: Vec<G1Projective>, |
49 | | - |
50 | | - c_final: Fr, |
51 | | - d_final: Fr, |
| 43 | + pub a_tag: G1Projective, |
| 44 | + pub b_tag: G1Projective, |
| 45 | + pub r_prime: Fr, |
| 46 | + pub s_prime: Fr, |
| 47 | + pub delta_prime: Fr, |
52 | 48 | } |
53 | 49 |
|
54 | 50 | /// Generate two blinder vectors `r` and `z` that satisfy the following constraints: |
@@ -415,8 +411,8 @@ impl WeightedInnerProductProof { |
415 | 411 | .take(n) |
416 | 412 | .collect::<Vec<Fr>>(); |
417 | 413 |
|
418 | | - let mut vec_z_L = Vec::with_capacity(lg_n); |
419 | | - let mut vec_z_R = Vec::with_capacity(lg_n); |
| 414 | + let mut vec_L = Vec::with_capacity(lg_n); |
| 415 | + let mut vec_R = Vec::with_capacity(lg_n); |
420 | 416 |
|
421 | 417 | // Step 1 |
422 | 418 | /* |
@@ -475,11 +471,6 @@ impl WeightedInnerProductProof { |
475 | 471 | // Compute z_R |
476 | 472 | let z_R = weighted_inner_product(&yn_c_R, d_L, y.clone()); |
477 | 473 |
|
478 | | - // Append elements to the proof |
479 | | - vec_z_L.push(z_L); |
480 | | - vec_z_R.push(z_R); |
481 | | - |
482 | | - transcript.append_list(b"ipa_loop", &[&z_L, &z_R]); |
483 | 474 | /*let gamma = transcript.get_and_append_challenge(b"ipa_gamma"); |
484 | 475 | let gamma_inv = gamma.inverse().expect("gamma must have an inverse");*/ |
485 | 476 |
|
@@ -538,6 +529,10 @@ impl WeightedInnerProductProof { |
538 | 529 | } |
539 | 530 | }); |
540 | 531 |
|
| 532 | + // Append elements to the proof |
| 533 | + vec_L.push(L); |
| 534 | + vec_R.push(R); |
| 535 | + |
541 | 536 | transcript.append_list(b"LR_step", &[&L, &R]); |
542 | 537 | let e = transcript.get_and_append_challenge(b"ipa_e"); |
543 | 538 | let e_inv = e.inverse().expect("e must have an inverse"); |
@@ -598,15 +593,57 @@ impl WeightedInnerProductProof { |
598 | 593 | slice_H = &mut H_hat.as_slice(); |
599 | 594 | } |
600 | 595 |
|
| 596 | + // n should now be equal to 1, and every vector should therefore have length 1 |
| 597 | + let r = Fr::rand(rng); |
| 598 | + let s = Fr::rand(rng); |
| 599 | + let delta = Fr::rand(rng); |
| 600 | + let eta = Fr::rand(rng); |
| 601 | + |
| 602 | + // Now we compute A |
| 603 | + let Gr: G1Projective = slice_G[0] * r; |
| 604 | + let Hs: G1Projective = slice_H[0] * s; |
| 605 | + let c_s = slice_c[0] * s; |
| 606 | + let c_sy = c_s*y; |
| 607 | + let d_r = slice_d[0] * r; |
| 608 | + let d_ry = d_r * y; |
| 609 | + let c_sy_d_ry = c_sy + d_ry; |
| 610 | + let g_c_sy_d_ry: G1Projective = *crs_G * c_sy_d_ry; |
| 611 | + let h_delta: G1Projective = *crs_H * delta; |
| 612 | + let A: G1Projective = Gr + Hs + g_c_sy_d_ry + h_delta; |
| 613 | + |
| 614 | + // Now we compute B |
| 615 | + let r_s = r * s; |
| 616 | + let r_sy = y * r_s; |
| 617 | + let g_r_sy: G1Projective = *crs_G * r_sy; |
| 618 | + let h_eta: G1Projective = *crs_H * eta; |
| 619 | + let B: G1Projective = g_r_sy + h_eta; |
| 620 | + |
| 621 | + |
| 622 | + transcript.append_list(b"final_A_and_B_step", &[&A, &B]); |
| 623 | + // compute challenge ee |
| 624 | + let ee = transcript.get_and_append_challenge(b"final_e"); |
| 625 | + let ee_inv = ee.inverse().expect("ee must have an inverse"); |
| 626 | + let ee_squared = ee * ee; |
| 627 | + |
| 628 | + // compute r_prime, s_prime, delta_prime |
| 629 | + let cee = slice_c[0] * ee; |
| 630 | + let dee = slice_d[0] * ee; |
| 631 | + let r_prime = r + cee; |
| 632 | + let s_prime = s + dee; |
| 633 | + |
| 634 | + let deltaee = delta * ee; |
| 635 | + let alpha_ee2 = alpha * ee_squared; |
| 636 | + let deltaee_alpha_ee2 = deltaee + alpha_ee2; |
| 637 | + let delta_prime = eta + deltaee_alpha_ee2; |
| 638 | + |
601 | 639 | WeightedInnerProductProof { |
602 | | - G: crs_G_vec, |
603 | | - H: crs_H_vec, |
604 | | - g: *crs_G, |
605 | | - h: *crs_H, |
606 | | - vec_L: L, |
607 | | - vec_R: R, |
608 | | - c_final: slice_c[0], |
609 | | - d_final: slice_d[0], |
| 640 | + vec_L, |
| 641 | + vec_R, |
| 642 | + a_tag: A, |
| 643 | + b_tag: B, |
| 644 | + r_prime, |
| 645 | + s_prime, |
| 646 | + delta_prime |
610 | 647 | } |
611 | 648 | } |
612 | 649 |
|
|
0 commit comments