package octez-libs

  1. Overview
  2. Docs
package octez-libs
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Source file main_protocol_intf.ml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
(*****************************************************************************)
(*                                                                           *)
(* MIT License                                                               *)
(* Copyright (c) 2022 Nomadic Labs <contact@nomadic-labs.com>                *)
(*                                                                           *)
(* Permission is hereby granted, free of charge, to any person obtaining a   *)
(* copy of this software and associated documentation files (the "Software"),*)
(* to deal in the Software without restriction, including without limitation *)
(* the rights to use, copy, modify, merge, publish, distribute, sublicense,  *)
(* and/or sell copies of the Software, and to permit persons to whom the     *)
(* Software is furnished to do so, subject to the following conditions:      *)
(*                                                                           *)
(* The above copyright notice and this permission notice shall be included   *)
(* in all copies or substantial portions of the Software.                    *)
(*                                                                           *)
(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*)
(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,  *)
(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL   *)
(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*)
(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING   *)
(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER       *)
(* DEALINGS IN THE SOFTWARE.                                                 *)
(*                                                                           *)
(*****************************************************************************)
open Kzg.Bls
module SMap = Kzg.SMap

module type S = sig
  (** Raised by the prover when the provided inputs are not a satisfying
      assignment of the circuit. *)
  exception Rest_not_null of string

  (** Raised by the prover when the provided inputs are not a satisfying
      assignment of the circuit when using Plookup. *)
  exception Entry_not_in_table of string

  module Input_commitment : Input_commitment.S

  type scalar = Scalar.t [@@deriving repr]

  (**  *)
  val scalar_encoding : scalar Data_encoding.t

  (** Before proving and verifying, circuits go through a pre-processing
      step called [setup].
      The [setup] takes as input a [circuit_map], which associates
      an identifier to a circuit and the number of statements that can be
      proved with that circuit.
      This produces a set of [public_parameters] which are bound to the
      circuits and can be reused.
  *)
  type circuit_map = (Circuit.t * int) SMap.t

  (** Set of [public_parameters] needed by the prover.
      Its size is linear in the size of the circuits.
  *)
  type prover_public_parameters [@@deriving repr]

  (** Set of [public_parameters] needed by the verifier.
      Its size is constant w.r.t. the size of the circuits.
  *)
  type verifier_public_parameters [@@deriving repr]

  val verifier_public_parameters_encoding :
    verifier_public_parameters Data_encoding.t

  (** Succinct proof for a collection of statements. *)
  type proof [@@deriving repr]

  val proof_encoding : proof Data_encoding.t

  (** Witness is the whole trace for the circuit, including
      input_commitment values first, followed by public input
      values and followed by the rest of the trace.
      This is the prover input for a single proof. *)
  type circuit_prover_input = {
    witness : scalar array;
    input_commitments : Input_commitment.t list;
  }
  [@@deriving repr]

  (** Map where each circuit identifier is bound to
      a list of [circuit_prover_input] for a list of statements. *)
  type prover_inputs = circuit_prover_input list SMap.t [@@deriving repr]

  (** The public inputs for one circuit & several statements *)
  type public_inputs [@@deriving repr]

  (** The verifier input for a circuit, represented as the actual number of
      proofs that have been proved by the prover, the public inputs & the input
      commitments *)
  type circuit_verifier_input = {
    nb_proofs : int;
    public : public_inputs;
    commitments : Input_commitment.public list list;
  }
  [@@deriving repr]

  (** The verifier inputs, represented as a map where each circuit is binded to
      the verifier inputs for this circuit. *)
  type verifier_inputs = circuit_verifier_input SMap.t [@@deriving repr]

  (** Conversion from [prover_inputs] to [verifier_inputs]. *)
  val to_verifier_inputs :
    prover_public_parameters -> prover_inputs -> verifier_inputs

  (** [input_commit ~shift pp secret] produces a commitment to the [secret]
      array and additional prover information. This commitment is designed to be
      easily involved in a PlonK proof. In particular, the values of [secret]
      will be added to the arithmetic identity in such a way that [secret.(i)]
      participates in constraint number [shift + i], where equality will be
      asserted with respect to a PlonK variable in the same constraint.
      This allows us to "load" the value of [secret.(i)] into the variable, which
      may be reused across the circuit.
      The optional argument [shift] has a default value of 0.
      The commitment is relative to a certain domain size [n], included in [pp],
      the secret will remain information-theoretically hidden as long as the
      commitment is involved in at most [n - |secret|] different proofs.
      If the optionnal argument [size] is given, the secret will be padded with
      zeros to have the length [size] (note that an error will be risen if size
      is smaller than the secret length).
   *)
  val input_commit :
    ?size:int ->
    ?shift:int ->
    prover_public_parameters ->
    scalar array ->
    Input_commitment.t

  (** [setup ~zero_knowledge circuit_map ~srs] pre-processes the [circuit_map]
      producing the public parameters.
      The SRSs of ZCash and Filecoin can be loaded from file using the
      {!Bls12_381_polynomial} library.
      Activating [zero_knowledge] adds an overhead in proving time.
  *)
  val setup :
    zero_knowledge:bool ->
    circuit_map ->
    srs:Srs.t * Srs.t ->
    prover_public_parameters * verifier_public_parameters

  (** Enrich the [prover_public_parameters] with extra application data to
      prevent replay attacks.
      The same data must be used for updating the prover and verifier
      public parameters.
  *)
  val update_prover_public_parameters :
    'a Repr.ty -> 'a -> prover_public_parameters -> prover_public_parameters

  (** Enrich the [verifier_public_parameters] with extra application data to
      prevent replay attacks.
      The same data must be used for updating the prover and verifier
      public parameters.
  *)
  val update_verifier_public_parameters :
    'a Repr.ty -> 'a -> verifier_public_parameters -> verifier_public_parameters

  (** [prove public_parameters ~inputs] produces a proof for the collection
      of statements implied by [inputs] and the circuits used for generating
      [public_parameters].

      @raises Rest_not_null
      @raises Entry_not_in_table
    *)
  val prove : prover_public_parameters -> inputs:prover_inputs -> proof

  (** [verify public_parameters ~inputs proof] checks the validity of the
      [proof] with regards to [public_parameters] and [inputs].
  *)
  val verify :
    verifier_public_parameters -> inputs:verifier_inputs -> proof -> bool

  module Internal_for_tests : sig
    (** [mutate_vi vi] returns None if vi is empty and Some vi' else.
          vi' is slightly different from vi *)
    val mutate_vi : verifier_inputs -> verifier_inputs option
  end
end
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct