Longfellow ZK 0290cb32
Loading...
Searching...
No Matches
prover.h
1// Copyright 2025 Google LLC.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15#ifndef PRIVACY_PROOFS_ZK_LIB_SUMCHECK_PROVER_H_
16#define PRIVACY_PROOFS_ZK_LIB_SUMCHECK_PROVER_H_
17
18#include <stddef.h>
19
20#include "random/transcript.h"
21#include "sumcheck/circuit.h"
22#include "sumcheck/prover_layers.h"
23#include "sumcheck/transcript_sumcheck.h"
24
25namespace proofs {
26
27// A high level idea is partially described in chapter 4.6.7 "Leveraging Data
28// Parallelism for Further Speedups" in the book "Proofs, Arguments, and
29// Zero-Knowledge" by Justin Thaler.
30template <class Field>
31class Prover : public ProverLayers<Field> {
32 using super = ProverLayers<Field>;
33 using typename super::bindings;
34
35 public:
36 using typename super::inputs;
37
38 explicit Prover(const Field& f) : ProverLayers<Field>(f) {}
39
40 // Generate proof for circuit. pad can be nullptr if the caller does not
41 // want to add any pad to the proof. Caller must ensure in, t, and F remain
42 // valid during call duration.
43 // This method always succeeds, but may not produce a verifying proof if
44 // the inputs do not satisfy the circuit.
45 void prove(Proof<Field>* proof, const Proof<Field>* pad,
46 const Circuit<Field>* circ, const inputs& in, Transcript& t) {
47 if (proof == nullptr || circ == nullptr) return;
48
49 TranscriptSumcheck<Field> ts(t, super::f_);
50 // The input X is stored at in's layer nl - 1.
51 ts.write_input(in.at(circ->nl - 1).get());
52 bindings bnd;
53 super::prove(proof, pad, circ, in, /*aux=*/nullptr, bnd, ts, super::f_);
54 }
55};
56
57} // namespace proofs
58
59#endif // PRIVACY_PROOFS_ZK_LIB_SUMCHECK_PROVER_H_
proofs::TranscriptSumcheck
Definition transcript_sumcheck.h:32
proofs::Transcript
Definition transcript.h:65
proofs::Circuit
Definition circuit.h:45
proofs::Proof
Definition circuit.h:130
proofs::ProverLayers::bindings
Definition prover_layers.h:104
Generated by doxygen 1.15.0