Common transcript class for both parties. Stores the data for the current round, as well as the manifest.
More...
|
| | BaseTranscript () |
| |
| std::vector< DataType > | export_proof () |
| | Return the proof data starting at proof_start.
|
| |
| void | load_proof (const std::vector< DataType > &proof) |
| |
| size_t | size_proof_data () |
| | Return the size of proof_data.
|
| |
| void | enable_manifest () |
| | Enables the manifest.
|
| |
| template<typename ChallengeType , typename... Strings> |
| std::array< ChallengeType, sizeof...(Strings)> | get_challenges (const Strings &... labels) |
| | After all the prover messages have been sent, finalize the round by hashing all the data and then create the number of requested challenges.
|
| |
| template<typename ChallengeType , typename String , std::size_t N> |
| std::array< ChallengeType, N > | get_challenges (std::array< String, N > const &labels) |
| | Wrapper around get_challenges to handle array of challenges.
|
| |
| template<typename ChallengeType > |
| std::vector< ChallengeType > | compute_round_challenge_pows (const size_t num_powers, const ChallengeType &round_challenge) |
| | Given δ, compute the vector [δ, δ^2,..., δ^2^num_powers].
|
| |
| template<typename ChallengeType , typename String > |
| std::vector< ChallengeType > | get_powers_of_challenge (const String &label, size_t num_challenges) |
| |
| template<class T > |
| void | add_to_independent_hash_buffer (const std::string &label, const T &element) |
| | Adds an element to an independent hash buffer.
|
| |
| DataType | hash_independent_buffer () |
| | Hashes the independent hash buffer and clears it.
|
| |
| template<class T > |
| void | add_to_hash_buffer (const std::string &label, const T &element) |
| | Adds an element to the transcript.
|
| |
| template<class T > |
| void | send_to_verifier (const std::string &label, const T &element) |
| | Adds a prover message to the transcript, only intended to be used by the prover.
|
| |
| template<class T > |
| T | receive_from_prover (const std::string &label) |
| | Reads the next element of type T from the transcript, with a predefined label, only used by verifier.
|
| |
| template<typename ChallengeType > |
| ChallengeType | get_challenge (const std::string &label) |
| |
| TranscriptManifest | get_manifest () const |
| |
| void | print () |
| |
| BaseTranscript | branch_transcript () |
| | Branch a transcript to perform verifier-only computations.
|
| |
template<typename Codec_, typename HashFunction>
class bb::BaseTranscript< Codec_, HashFunction >
Common transcript class for both parties. Stores the data for the current round, as well as the manifest.
Definition at line 54 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
template<class T >
| void bb::BaseTranscript< Codec_, HashFunction >::add_to_independent_hash_buffer |
( |
const std::string & |
label, |
|
|
const T & |
element |
|
) |
| |
|
inline |
Adds an element to an independent hash buffer.
Serializes the element to frs and adds it to the independent hash buffer. Does NOT add the element to the proof.
- Parameters
-
| label | Human-readable name for the challenge. |
| element | Element to be added. |
Definition at line 369 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
Branch a transcript to perform verifier-only computations.
This function takes the current state of a transcript and creates a new transcript that starts from that state. In this way, computations that are not part of the prover's transcript (e.g., computations that can be used to perform calculations more efficiently) will not affect the verifier's transcript.
If transcript = (.., previous_challenge), then for soundness it is enough that branched_transcript = (previous_challenge, ...) However, there are a few implementation details we need to take into account:
branched_transcript will interact with witnesses that come from transcript. To prevent the tool that detects FS bugs from raising an error, we must ensure that branched_transcript.transcript_index = transcript.transcript_index.- To aid debugging, we set
branched_transcript.round_index = transcript.round_index, so that it is clear that branched_transcript builds on the current state of transcript.
- To aid debugging, we increase
transcript.round_index by BRANCHING_JUMP, so that there is a gap between what happens before and after the transcript is branched.
- To ensure soundness: a. We add to the hash buffer of
branched_transcript the value transcript.previous_challenge b. We enforce ASSERT(current_round_data.empty())
- Note
- We could remove 4.b and add to the hash buffer of
branched_transcript both transcript.previous_challenge and transcript.current_round_data. However, this would conflict with 3 (as the round in transcript is not finished yet). There seems to be no reason why the branching cannot happen after the round is concluded, so we choose this implementation.
The relation between the transcript and the branched transcript is the following:
round_index transcript branched_transcript 0 * 1 | | | | | n * ================= *
n+BRANCHING_JUMP * | n+6 | | | | | ... ... ...
- Returns
- BaseTranscript
Definition at line 650 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
template<typename ChallengeType >
| std::vector< ChallengeType > bb::BaseTranscript< Codec_, HashFunction >::compute_round_challenge_pows |
( |
const size_t |
num_powers, |
|
|
const ChallengeType & |
round_challenge |
|
) |
| |
|
inline |
Given δ, compute the vector [δ, δ^2,..., δ^2^num_powers].
This is Step 2 of the protocol as written in the Protogalaxy paper.
Definition at line 344 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
template<typename T >
| T bb::BaseTranscript< Codec_, HashFunction >::deserialize_from_buffer |
( |
const Proof & |
proof_data, |
|
|
size_t & |
offset |
|
) |
| const |
|
inlineprotected |
Deserializes the frs starting at offset into the typed element and returns that element.
Using the template parameter and the offset argument, this function deserializes the frs with from_buffer and then increments the offset appropriately based on the number of frs that were deserialized.
- Template Parameters
-
- Parameters
-
- Returns
- T
Definition at line 188 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
Return the proof data starting at proof_start.
This function returns the elements of the transcript in the interval [proof_start : proof_start + num_frs_written] and then updates proof_start. It is useful for when two provers share a transcript, as calling export_proof at the end of each provers' code returns the slices T_1, T_2 of the transcript that must be loaded by the verifiers via load_proof.
Definition at line 209 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
template<typename ChallengeType , typename... Strings>
| std::array< ChallengeType, sizeof...(Strings)> bb::BaseTranscript< Codec_, HashFunction >::get_challenges |
( |
const Strings &... |
labels | ) |
|
|
inline |
After all the prover messages have been sent, finalize the round by hashing all the data and then create the number of requested challenges.
Challenges are generated by iteratively hashing over the previous challenge, using get_next_challenge_buffer(). Note that the pairs of challenges will be 128 and 126 bits, as in they will be [128, 126, 128, 126, ...].
- Parameters
-
| labels | human-readable names for the challenges for the manifest |
- Returns
- std::array<Fr, num_challenges> challenges for this round.
Definition at line 275 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
Compute next challenge c_next = H( Compress(c_prev || round_buffer) )
This function computes a new challenge for the current round using the previous challenge and the current round data, if they exist. It clears the current_round_data if nonempty after computing the challenge to minimize how much we compress. It also sets previous_challenge to the current challenge buffer to set up next function call.
- Returns
- std::array<DataType, 2>
Definition at line 107 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
Static hash method that forwards to Codec hash.
This method allows hash to be called on the Transcript class directly, which is needed for verification key hashing.
- Parameters
-
| data | Vector of field elements to hash |
- Returns
- Fr Hash result
Definition at line 244 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
template<class T >
| void bb::BaseTranscript< Codec_, HashFunction >::send_to_verifier |
( |
const std::string & |
label, |
|
|
const T & |
element |
|
) |
| |
|
inline |
Adds a prover message to the transcript, only intended to be used by the prover.
Serializes the provided object into proof_data, and updates the current round state in add_element_frs_to_hash_buffer.
- Parameters
-
| label | Description/name of the object being added. |
| element | Serializable object that will be added to the transcript |
- Todo:
- Use a concept to only allow certain types to be passed. Requirements are that the object should be serializable.
Definition at line 471 of file transcript.hpp.
template<typename Codec_ , typename HashFunction >
template<typename T >
Serializes object and appends it to proof_data.
Calls to_buffer on element to serialize, and modifies proof_data object by appending the serialized frs to it.
- Template Parameters
-
- Parameters
-
Definition at line 174 of file transcript.hpp.
