1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
//! This module provides an implementation of a variant of (Turbo)[PLONK][plonk]
//! that is designed specifically for the polynomial commitment scheme described
//! in the [Halo][halo] paper.
//!
//! [halo]: https://eprint.iacr.org/2019/1021
//! [plonk]: https://eprint.iacr.org/2019/953
mod error;
mod keygen;
mod prover;
mod verifier {
pub use halo2_backend::plonk::verifier::verify_proof_multi;
}
use halo2_frontend::circuit::compile_circuit;
pub use keygen::{keygen_pk, keygen_pk_custom, keygen_vk, keygen_vk_custom};
pub use prover::{create_proof, create_proof_with_engine};
pub use verifier::verify_proof_multi;
pub use error::Error;
pub use halo2_backend::plonk::{Error as ErrorBack, ProvingKey, VerifyingKey};
pub use halo2_frontend::plonk::{
Advice, Assigned, Assignment, Challenge, Circuit, Column, ColumnType, ConstraintSystem,
Constraints, Error as ErrorFront, Expression, FirstPhase, Fixed, FixedQuery, FloorPlanner,
Instance, Phase, SecondPhase, Selector, TableColumn, ThirdPhase, VirtualCells,
};
pub use halo2_middleware::circuit::{Any, ConstraintSystemMid};
use group::ff::FromUniformBytes;
use halo2_backend::helpers::{SerdeCurveAffine, SerdeFormat, SerdePrimeField};
use std::io;
/// Reads a verification key from a buffer.
///
/// Reads a curve element from the buffer and parses it according to the `format`:
/// - `Processed`: Reads a compressed curve element and decompresses it.
/// Reads a field element in standard form, with endianness specified by the
/// `PrimeField` implementation, and checks that the element is less than the modulus.
/// - `RawBytes`: Reads an uncompressed curve element with coordinates in Montgomery form.
/// Checks that field elements are less than modulus, and then checks that the point is on the curve.
/// - `RawBytesUnchecked`: Reads an uncompressed curve element with coordinates in Montgomery form;
/// does not perform any checks
pub fn vk_read<C: SerdeCurveAffine, R: io::Read, ConcreteCircuit: Circuit<C::Scalar>>(
reader: &mut R,
format: SerdeFormat,
k: u32,
circuit: &ConcreteCircuit,
compress_selectors: bool,
) -> io::Result<VerifyingKey<C>>
where
C::Scalar: SerdePrimeField + FromUniformBytes<64>,
{
let (_, _, cs) = compile_circuit(k, circuit, compress_selectors)
.map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?;
let cs_mid: ConstraintSystemMid<_> = cs.into();
VerifyingKey::read(reader, format, cs_mid.into())
}
/// Reads a proving key from a buffer.
/// Does so by reading verification key first, and then deserializing the rest of the file into the
/// remaining proving key data.
///
/// Reads a curve element from the buffer and parses it according to the `format`:
/// - `Processed`: Reads a compressed curve element and decompresses it.
/// Reads a field element in standard form, with endianness specified by the
/// `PrimeField` implementation, and checks that the element is less than the modulus.
/// - `RawBytes`: Reads an uncompressed curve element with coordinates in Montgomery form.
/// Checks that field elements are less than modulus, and then checks that the point is on the curve.
/// - `RawBytesUnchecked`: Reads an uncompressed curve element with coordinates in Montgomery form;
/// does not perform any checks
pub fn pk_read<C: SerdeCurveAffine, R: io::Read, ConcreteCircuit: Circuit<C::Scalar>>(
reader: &mut R,
format: SerdeFormat,
k: u32,
circuit: &ConcreteCircuit,
compress_selectors: bool,
) -> io::Result<ProvingKey<C>>
where
C::Scalar: SerdePrimeField + FromUniformBytes<64>,
{
let (_, _, cs) = compile_circuit(k, circuit, compress_selectors)
.map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?;
let cs_mid: ConstraintSystemMid<_> = cs.into();
ProvingKey::read(reader, format, cs_mid.into())
}