This is a pure Rust implementation of the PLONK proving system over BLS12-381
This library contains a modularised implementation of KZG10 as the default polynomial commitment scheme.
```rust use dusk-plonk::prelude::*;
// Implement a circuit that checks: // 1) a + b = c where C is a PI // 2) a <= 2^6 // 3) b <= 2^5 // 4) a * b = d where D is a PI // 5) JubJub::GENERATOR * e(JubJubScalar) = f where F is a Public Input
pub struct TestCircuit { a: BlsScalar, b: BlsScalar, c: BlsScalar, d: BlsScalar, e: JubJubScalar, f: JubJubAffine, }
impl Circuit for TestCircuit { const CIRCUITID: [u8; 32] = [0xff; 32]; fn gadget( &mut self, composer: &mut StandardComposer, ) -> Result<(), Error> { let a = composer.addinput(self.a); let b = composer.addinput(self.b); // Make first constraint a + b = c composer.polygate( a, b, composer.zerovar, BlsScalar::zero(), BlsScalar::one(), BlsScalar::one(), BlsScalar::zero(), BlsScalar::zero(), Some(-self.c), ); // Check that a and b are in range composer.rangegate(a, 1 << 6); composer.rangegate(b, 1 << 5); // Make second constraint a * b = d composer.polygate( a, b, composer.zero_var, BlsScalar::one(), BlsScalar::zero(), BlsScalar::zero(), BlsScalar::one(), BlsScalar::zero(), Some(-self.d), );
let e = composer.add_input(self.e.into());
let scalar_mul_result = composer
.fixed_base_scalar_mul(e, dusk_jubjub::GENERATOR_EXTENDED);
// Apply the constrain
composer.assert_equal_public_point(scalar_mul_result, self.f);
Ok(())
}
fn padded_circuit_size(&self) -> usize {
1 << 11
}
}
// Now let's use the Circuit we've just implemented!
let pp = PublicParameters::setup(1 << 12, &mut OsRng)?;
// Initialize the circuit
let mut circuit = TestCircuit::default();
// Compile the circuit
let (pk, vd) = circuit.compile(&pp)?;
// Prover POV
let proof = {
let mut circuit = TestCircuit {
a: BlsScalar::from(20u64),
b: BlsScalar::from(5u64),
c: BlsScalar::from(25u64),
d: BlsScalar::from(100u64),
e: JubJubScalar::from(2u64),
f: JubJubAffine::from(
duskjubjub::GENERATOREXTENDED * JubJubScalar::from(2u64),
),
};
circuit.genproof(&pp, &pk, b"Test")
}?;
// Verifier POV
let publicinputs: Vec
This crate includes a variety of features which will briefly be explained below:
- alloc: Enables the usage of an allocator and with it the capability of performing Proof constructions and
verifications. Without this feature it IS NOT possible to prove or verify anything.
Its absence only makes dusk-plonk export certain fixed-size data structures such as Proof which can be useful in no_std envoirments where we don't have allocators either.
- std: Enables std usage as well as rayon parallelisation in some proving and verifying ops.
It also uses the std versions of the elliptic curve deps, which utilises the parallel feature
from dusk-bls12-381. By default, this is the feature that comes enabled with the crate.
- nightly: This feature is used to compile the extended docs and has KateX rendering enabled.
See the Documentationsection below.
- trace: Enables the Circuit debugger tooling. This is essentially the capability of using the
StandardComposer::check_circuit_satisfied function. The function will output information about each circuit gate until
one of the gates does not satisfy the equation, or there are no more gates. If there is an unsatisfied gate
equation, the function will panic and return the gate number.
- trace-print: Goes a step further than trace and prints each gate component data, giving a clear overview of all the
values which make up the circuit that we're constructing.
The recommended method is to derive the std output, and the std error, and then place them in text file
which can be used to efficiently analyse the gates.
- canon: Enables canonical serialisation for particular data structures, which is very useful in integrating
this library within the rest of the Dusk stack - especially for storage purposes.
There are two main types of documentation in this repository:
Crate documentation. This provides info about all of the functions that the library provides, as well
as the documentation regarding the data structures that it exports. To check this, please feel free to go to
the documentation page or run make doc or make doc-internal.
Notes. This is a specific subset of documentation which explains the key mathematical concepts
of PLONK and how they work with mathematical demonstrations. To check it, run make doc and open the resulting docs,
which will be located under /target with your browser.
Benchmarks taken on Intel(R) Xeon(R) CPU E5-1620 v4 @ 3.50GHz.
All results are presented on a min/avg/max time based on the number of constraints performed in a circuit. None of the tests used public inputs and its number may affect the verification time.
2^5 = 32 constraints time: [31.788 ms 31.825 ms 31.862 ms]
2^6 = 64 constraints time: [41.388 ms 41.429 ms 41.471 ms]
2^7 = 128 constraints time: [63.496 ms 63.539 ms 63.573 ms]
2^8 = 256 constraints time: [100.32 ms 100.45 ms 100.68 ms]
2^9 = 512 constraints time: [140.36 ms 140.58 ms 140.78 ms]
2^10 = 1024 constraints time: [256.18 ms 256.48 ms 256.83 ms]
2^11 = 2048 constraints time: [478.55 ms 480.41 ms 482.70 ms]
2^12 = 4096 constraints time: [772.29 ms 776.97 ms 781.71 ms]
2^13 = 8192 constraints time: [1.3406 s 1.3448 s 1.3494 s]
2^14 = 16384 constraints time: [2.6250 s 2.6316 s 2.6379 s]
2^15 = 32768 constraints time: [5.1982 s 5.2228 s 5.2460 s]
2^16 = 65536 constraints time: [9.2356 s 9.3039 s 9.3636 s]
2^17 = 131072 constraints time: [17.836 s 17.883 s 17.936 s]
2^5 = 32 constraints time: [15.287 ms 15.700 ms 16.066 ms]
2^6 = 64 constraints time: [15.172 ms 15.438 ms 15.657 ms]
2^7 = 128 constraints time: [15.335 ms 15.666 ms 15.996 ms]
2^8 = 256 constraints time: [14.988 ms 15.116 ms 15.383 ms]
2^9 = 512 constraints time: [15.047 ms 15.181 ms 15.471 ms]
2^10 = 1024 constraints time: [15.630 ms 15.888 ms 16.303 ms]
2^11 = 2048 constraints time: [15.524 ms 15.719 ms 15.913 ms]
2^12 = 4096 constraints time: [15.178 ms 15.445 ms 15.593 ms]
2^13 = 8192 constraints time: [15.437 ms 15.874 ms 16.553 ms]
2^14 = 16384 constraints time: [16.059 ms 16.386 ms 16.608 ms]
2^15 = 32768 constraints time: [15.969 ms 16.357 ms 16.660 ms]
2^16 = 65536 constraints time: [16.233 ms 16.462 ms 16.639 ms]
2^17 = 131072 constraints time: [18.213 ms 18.680 ms 18.886 ms]
This code is licensed under Mozilla Public License Version 2.0 (MPL-2.0). Please see LICENSE for further info.
Implementation designed by the dusk team.