Skip to content

Commit 1b2283c

Browse files
imecklerimeckler
committed
change SE SNARK verification key to contain e(G_alpha, H_beta)
1 parent 3e92af1 commit 1b2283c

File tree

2 files changed

+23
-8
lines changed

2 files changed

+23
-8
lines changed

libsnark/zk_proof_systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.hpp

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,9 @@ class r1cs_se_ppzksnark_verification_key {
194194
// H^{gamma}
195195
libff::G2<ppT> H_gamma;
196196

197+
// e (G^{alpha}, H^{beta})
198+
libff::Fqk<ppT> G_alpha_H_beta;
199+
197200
// G^{gamma * A_i(t) + (alpha + beta) * A_i(t)}
198201
// for 0 <= i <= sap.num_inputs()
199202
libff::G1_vector<ppT> query;
@@ -210,7 +213,8 @@ class r1cs_se_ppzksnark_verification_key {
210213
H_beta(H_beta),
211214
G_gamma(G_gamma),
212215
H_gamma(H_gamma),
213-
query(std::move(query))
216+
query(std::move(query)),
217+
G_alpha_H_beta(ppT::reduced_pairing(G_alpha, H_beta))
214218
{};
215219

216220
size_t G1_size() const
@@ -223,10 +227,17 @@ class r1cs_se_ppzksnark_verification_key {
223227
return 3;
224228
}
225229

230+
size_t GT_size() const
231+
{
232+
return 1;
233+
}
234+
226235
size_t size_in_bits() const
227236
{
228237
return (G1_size() * libff::G1<ppT>::size_in_bits() +
229238
G2_size() * libff::G2<ppT>::size_in_bits());
239+
// TODO: This depends on a change in libff:
240+
// + GT_size() * libff::Fqk<ppT>::size_in_bits()
230241
}
231242

232243
void print_size() const
@@ -269,7 +280,7 @@ class r1cs_se_ppzksnark_processed_verification_key {
269280
public:
270281
libff::G1<ppT> G_alpha;
271282
libff::G2<ppT> H_beta;
272-
libff::Fqk<ppT> G_alpha_H_beta_ml;
283+
libff::Fqk<ppT> G_alpha_H_beta;
273284
libff::G1_precomp<ppT> G_gamma_pc;
274285
libff::G2_precomp<ppT> H_gamma_pc;
275286
libff::G2_precomp<ppT> H_pc;

libsnark/zk_proof_systems/ppzksnark/r1cs_se_ppzksnark/r1cs_se_ppzksnark.tcc

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ std::ostream& operator<<(std::ostream &out, const r1cs_se_ppzksnark_verification
101101
out << vk.H_beta << OUTPUT_NEWLINE;
102102
out << vk.G_gamma << OUTPUT_NEWLINE;
103103
out << vk.H_gamma << OUTPUT_NEWLINE;
104+
out << vk.G_alpha_H_beta << OUTPUT_NEWLINE;
104105
out << vk.query << OUTPUT_NEWLINE;
105106

106107
return out;
@@ -119,6 +120,8 @@ std::istream& operator>>(std::istream &in, r1cs_se_ppzksnark_verification_key<pp
119120
libff::consume_OUTPUT_NEWLINE(in);
120121
in >> vk.H_gamma;
121122
libff::consume_OUTPUT_NEWLINE(in);
123+
in >> vk.G_alpha_H_beta;
124+
libff::consume_OUTPUT_NEWLINE(in);
122125
in >> vk.query;
123126
libff::consume_OUTPUT_NEWLINE(in);
124127

@@ -130,7 +133,7 @@ bool r1cs_se_ppzksnark_processed_verification_key<ppT>::operator==(const r1cs_se
130133
{
131134
return (this->G_alpha == other.G_alpha &&
132135
this->H_beta == other.H_beta &&
133-
this->G_alpha_H_beta_ml == other.G_alpha_H_beta_ml &&
136+
this->G_alpha_H_beta == other.G_alpha_H_beta &&
134137
this->G_gamma_pc == other.G_gamma_pc &&
135138
this->H_gamma_pc == other.H_gamma_pc &&
136139
this->H_pc == other.H_pc &&
@@ -142,7 +145,7 @@ std::ostream& operator<<(std::ostream &out, const r1cs_se_ppzksnark_processed_ve
142145
{
143146
out << pvk.G_alpha << OUTPUT_NEWLINE;
144147
out << pvk.H_beta << OUTPUT_NEWLINE;
145-
out << pvk.G_alpha_H_beta_ml << OUTPUT_NEWLINE;
148+
out << pvk.G_alpha_H_beta << OUTPUT_NEWLINE;
146149
out << pvk.G_gamma_pc << OUTPUT_NEWLINE;
147150
out << pvk.H_gamma_pc << OUTPUT_NEWLINE;
148151
out << pvk.H_pc << OUTPUT_NEWLINE;
@@ -158,7 +161,7 @@ std::istream& operator>>(std::istream &in, r1cs_se_ppzksnark_processed_verificat
158161
libff::consume_OUTPUT_NEWLINE(in);
159162
in >> pvk.H_beta;
160163
libff::consume_OUTPUT_NEWLINE(in);
161-
in >> pvk.G_alpha_H_beta_ml;
164+
in >> pvk.G_alpha_H_beta;
162165
libff::consume_OUTPUT_NEWLINE(in);
163166
in >> pvk.G_gamma_pc;
164167
libff::consume_OUTPUT_NEWLINE(in);
@@ -212,6 +215,7 @@ r1cs_se_ppzksnark_verification_key<ppT> r1cs_se_ppzksnark_verification_key<ppT>:
212215
result.H_beta = libff::Fr<ppT>::random_element() * libff::G2<ppT>::one();
213216
result.G_gamma = libff::Fr<ppT>::random_element() * libff::G1<ppT>::one();
214217
result.H_gamma = libff::Fr<ppT>::random_element() * libff::G2<ppT>::one();
218+
result.G_alpha_H_beta = ppT::reduced_pairing(result.G_alpha, result.H_beta);
215219

216220
libff::G1_vector<ppT> v;
217221
for (size_t i = 0; i < input_size + 1; ++i)
@@ -582,7 +586,7 @@ r1cs_se_ppzksnark_processed_verification_key<ppT> r1cs_se_ppzksnark_verifier_pro
582586
r1cs_se_ppzksnark_processed_verification_key<ppT> pvk;
583587
pvk.G_alpha = vk.G_alpha;
584588
pvk.H_beta = vk.H_beta;
585-
pvk.G_alpha_H_beta_ml = ppT::miller_loop(G_alpha_pc, H_beta_pc);
589+
pvk.G_alpha_H_beta = ppT::final_exponentiation(ppT::miller_loop(G_alpha_pc, H_beta_pc));
586590
pvk.G_gamma_pc = ppT::precompute_G1(vk.G_gamma);
587591
pvk.H_gamma_pc = ppT::precompute_G2(vk.H_gamma);
588592
pvk.H_pc = ppT::precompute_G2(vk.H);
@@ -638,13 +642,13 @@ bool r1cs_se_ppzksnark_online_verifier_weak_IC(const r1cs_se_ppzksnark_processed
638642

639643
libff::Fqk<ppT> test1_l = ppT::miller_loop(ppT::precompute_G1(proof.A + pvk.G_alpha),
640644
ppT::precompute_G2(proof.B + pvk.H_beta)),
641-
test1_r1 = pvk.G_alpha_H_beta_ml,
645+
test1_r1 = pvk.G_alpha_H_beta,
642646
test1_r2 = ppT::miller_loop(ppT::precompute_G1(G_psi),
643647
pvk.H_gamma_pc),
644648
test1_r3 = ppT::miller_loop(ppT::precompute_G1(proof.C),
645649
pvk.H_pc);
646650
libff::GT<ppT> test1 = ppT::final_exponentiation(
647-
test1_l.unitary_inverse() * test1_r1 * test1_r2 * test1_r3);
651+
test1_l.unitary_inverse() * test1_r2 * test1_r3) * test1_r1;
648652

649653
if (test1 != libff::GT<ppT>::one())
650654
{

0 commit comments

Comments
 (0)