@@ -91,16 +91,18 @@ template<typename ppT>
9191bool r1cs_gg_ppzksnark_verification_key<ppT>::
operator ==(
const r1cs_gg_ppzksnark_verification_key<ppT> &other)
const 9292{
9393 return (this ->alpha_g1_beta_g2 == other.alpha_g1_beta_g2 &&
94+ this ->gamma_g2 == other.gamma_g2 &&
9495 this ->delta_g2 == other.delta_g2 &&
95- this ->ABC_g1 == other.ABC_g1 );
96+ this ->gamma_ABC_g1 == other.gamma_ABC_g1 );
9697}
9798
9899template <typename ppT>
99100std::ostream&
operator <<(std::ostream &out,
const r1cs_gg_ppzksnark_verification_key<ppT> &vk)
100101{
101102 out << vk.alpha_g1_beta_g2 << OUTPUT_NEWLINE;
103+ out << vk.gamma_g2 << OUTPUT_NEWLINE;
102104 out << vk.delta_g2 << OUTPUT_NEWLINE;
103- out << vk.ABC_g1 << OUTPUT_NEWLINE;
105+ out << vk.gamma_ABC_g1 << OUTPUT_NEWLINE;
104106
105107 return out;
106108}
@@ -110,9 +112,11 @@ std::istream& operator>>(std::istream &in, r1cs_gg_ppzksnark_verification_key<pp
110112{
111113 in >> vk.alpha_g1_beta_g2 ;
112114 libff::consume_OUTPUT_NEWLINE (in);
115+ in >> vk.gamma_g2 ;
116+ libff::consume_OUTPUT_NEWLINE (in);
113117 in >> vk.delta_g2 ;
114118 libff::consume_OUTPUT_NEWLINE (in);
115- in >> vk.ABC_g1 ;
119+ in >> vk.gamma_ABC_g1 ;
116120 libff::consume_OUTPUT_NEWLINE (in);
117121
118122 return in;
@@ -122,18 +126,18 @@ template<typename ppT>
122126bool r1cs_gg_ppzksnark_processed_verification_key<ppT>::
operator ==(
const r1cs_gg_ppzksnark_processed_verification_key<ppT> &other)
const 123127{
124128 return (this ->vk_alpha_g1_beta_g2 == other.vk_alpha_g1_beta_g2 &&
125- this ->vk_generator_g2_precomp == other.vk_generator_g2_precomp &&
129+ this ->vk_gamma_g2_precomp == other.vk_gamma_g2_precomp &&
126130 this ->vk_delta_g2_precomp == other.vk_delta_g2_precomp &&
127- this ->ABC_g1 == other.ABC_g1 );
131+ this ->gamma_ABC_g1 == other.gamma_ABC_g1 );
128132}
129133
130134template <typename ppT>
131135std::ostream&
operator <<(std::ostream &out,
const r1cs_gg_ppzksnark_processed_verification_key<ppT> &pvk)
132136{
133137 out << pvk.vk_alpha_g1_beta_g2 << OUTPUT_NEWLINE;
134- out << pvk.vk_generator_g2_precomp << OUTPUT_NEWLINE;
138+ out << pvk.vk_gamma_g2_precomp << OUTPUT_NEWLINE;
135139 out << pvk.vk_delta_g2_precomp << OUTPUT_NEWLINE;
136- out << pvk.ABC_g1 << OUTPUT_NEWLINE;
140+ out << pvk.gamma_ABC_g1 << OUTPUT_NEWLINE;
137141
138142 return out;
139143}
@@ -143,11 +147,11 @@ std::istream& operator>>(std::istream &in, r1cs_gg_ppzksnark_processed_verificat
143147{
144148 in >> pvk.vk_alpha_g1_beta_g2 ;
145149 libff::consume_OUTPUT_NEWLINE (in);
146- in >> pvk.vk_generator_g2_precomp ;
150+ in >> pvk.vk_gamma_g2_precomp ;
147151 libff::consume_OUTPUT_NEWLINE (in);
148152 in >> pvk.vk_delta_g2_precomp ;
149153 libff::consume_OUTPUT_NEWLINE (in);
150- in >> pvk.ABC_g1 ;
154+ in >> pvk.gamma_ABC_g1 ;
151155 libff::consume_OUTPUT_NEWLINE (in);
152156
153157 return in;
@@ -189,6 +193,7 @@ r1cs_gg_ppzksnark_verification_key<ppT> r1cs_gg_ppzksnark_verification_key<ppT>:
189193{
190194 r1cs_gg_ppzksnark_verification_key<ppT> result;
191195 result.
alpha_g1_beta_g2 = libff::Fr<ppT>::
random_element () * libff::GT<ppT>::
random_element ();
196+ result.
gamma_g2 = libff::G2<ppT>::
random_element ();
192197 result.
delta_g2 = libff::G2<ppT>::
random_element ();
193198
194199 libff::G1<ppT> base = libff::G1<ppT>::random_element ();
@@ -198,7 +203,7 @@ r1cs_gg_ppzksnark_verification_key<ppT> r1cs_gg_ppzksnark_verification_key<ppT>:
198203 v.
emplace_back (libff::G1<ppT>::
random_element ());
199204 }
200205
201- result.
ABC_g1 = accumulation_vector<libff::G1<ppT> >(
std::move (base),
std::move (v));
206+ result.
gamma_ABC_g1 = accumulation_vector<libff::G1<ppT> >(
std::move (base),
std::move (v));
202207
203208 return result;
204209}
@@ -216,7 +221,9 @@ r1cs_gg_ppzksnark_keypair<ppT> r1cs_gg_ppzksnark_generator(const r1cs_gg_ppzksna
216221 const libff::Fr<ppT> t = libff::Fr<ppT>::
random_element ();
217222 const libff::Fr<ppT> alpha = libff::Fr<ppT>::
random_element ();
218223 const libff::Fr<ppT> beta = libff::Fr<ppT>::
random_element ();
224+ const libff::Fr<ppT>
gamma = libff::Fr<ppT>::
random_element ();
219225 const libff::Fr<ppT> delta = libff::Fr<ppT>::
random_element ();
226+ const libff::Fr<ppT> gamma_inverse =
gamma .
inverse ();
220227 const libff::Fr<ppT> delta_inverse = delta.
inverse ();
221228
222229 /* A quadratic arithmetic program evaluated at t. */
@@ -249,17 +256,17 @@ r1cs_gg_ppzksnark_keypair<ppT> r1cs_gg_ppzksnark_generator(const r1cs_gg_ppzksna
249256 libff::Fr_vector<ppT> Ct = std::move (qap.Ct );
250257 libff::Fr_vector<ppT> Ht = std::move (qap.Ht );
251258
252- /* The product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)). */
253- libff::enter_block (" Compute ABC for R1CS verification key"
254- libff::Fr_vector<ppT> ABC ;
255- ABC .reserve (qap.num_inputs ());
259+ /* The gamma inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * gamma^{-1} . */
260+ libff::enter_block (" Compute gamma_ABC for R1CS verification key"
261+ libff::Fr_vector<ppT> gamma_ABC ;
262+ gamma_ABC .reserve (qap.num_inputs ());
256263
257- const libff::Fr<ppT>
ABC_0 = beta * At[
0 ] + alpha * Bt[
0 ] + Ct[
0 ];
264+ const libff::Fr<ppT>
gamma_ABC_0 =
( beta * At[
0 ] + alpha * Bt[
0 ] + Ct[
0 ]
) * gamma_inverse ;
258265 for (size_t i = 1 ; i < qap.num_inputs () + 1 ; ++i)
259266 {
260- ABC .emplace_back (beta * At[i] + alpha * Bt[i] + Ct[i]);
267+ gamma_ABC .emplace_back (( beta * At[i] + alpha * Bt[i] + Ct[i]) * gamma_inverse );
261268 }
262- libff::leave_block (" Compute ABC for R1CS verification key"
269+ libff::leave_block (" Compute gamma_ABC for R1CS verification key"
263270
264271 /* The delta inverse product component: (beta*A_i(t) + alpha*B_i(t) + C_i(t)) * delta^{-1}. */
265272 libff::enter_block (" Compute L query for R1CS proving key"
@@ -346,20 +353,22 @@ r1cs_gg_ppzksnark_keypair<ppT> r1cs_gg_ppzksnark_generator(const r1cs_gg_ppzksna
346353
347354 libff::enter_block (" Generate R1CS verification key"
348355 libff::GT<ppT> alpha_g1_beta_g2 = ppT::reduced_pairing (alpha_g1, beta_g2);
356+ libff::G2<ppT> gamma_g2 = gamma * G2_gen;
349357
350- libff::enter_block (" Encode ABC for R1CS verification key"
351- libff::G1<ppT> ABC_g1_0 = ABC_0 * g1_generator;
352- libff::G1_vector<ppT> ABC_g1_values = batch_exp (g1_scalar_size, g1_window_size, g1_table, ABC );
353- libff::leave_block (" Encode ABC for R1CS verification key"
358+ libff::enter_block (" Encode gamma_ABC for R1CS verification key"
359+ libff::G1<ppT> gamma_ABC_g1_0 = gamma_ABC_0 * g1_generator;
360+ libff::G1_vector<ppT> gamma_ABC_g1_values = batch_exp (g1_scalar_size, g1_window_size, g1_table, gamma_ABC );
361+ libff::leave_block (" Encode gamma_ABC for R1CS verification key"
354362 libff::leave_block (" Generate R1CS verification key"
355363
356364 libff::leave_block (" Call to r1cs_gg_ppzksnark_generator"
357365
358- accumulation_vector<libff::G1<ppT> > ABC_g1 (std::move (ABC_g1_0 ), std::move (ABC_g1_values ));
366+ accumulation_vector<libff::G1<ppT> > gamma_ABC_g1 (std::move (gamma_ABC_g1_0 ), std::move (gamma_ABC_g1_values ));
359367
360368 r1cs_gg_ppzksnark_verification_key<ppT> vk = r1cs_gg_ppzksnark_verification_key<ppT>(alpha_g1_beta_g2,
369+ gamma_g2,
361370 delta_g2,
362- ABC_g1 );
371+ gamma_ABC_g1 );
363372
364373 r1cs_gg_ppzksnark_proving_key<ppT> pk = r1cs_gg_ppzksnark_proving_key<ppT>(std::move (alpha_g1),
365374 std::move (beta_g1),
@@ -502,9 +511,9 @@ r1cs_gg_ppzksnark_processed_verification_key<ppT> r1cs_gg_ppzksnark_verifier_pro
502511
503512 r1cs_gg_ppzksnark_processed_verification_key<ppT> pvk;
504513 pvk.vk_alpha_g1_beta_g2 = vk.alpha_g1_beta_g2 ;
505- pvk.vk_generator_g2_precomp = ppT::precompute_G2 (libff::G2<ppT>:: one () );
514+ pvk.vk_gamma_g2_precomp = ppT::precompute_G2 (vk. gamma_g2 );
506515 pvk.vk_delta_g2_precomp = ppT::precompute_G2 (vk.delta_g2 );
507- pvk.ABC_g1 = vk.ABC_g1 ;
516+ pvk.gamma_ABC_g1 = vk.gamma_ABC_g1 ;
508517
509518 libff::leave_block (" Call to r1cs_gg_ppzksnark_verifier_process_vk"
510519
@@ -517,10 +526,10 @@ bool r1cs_gg_ppzksnark_online_verifier_weak_IC(const r1cs_gg_ppzksnark_processed
517526 const r1cs_gg_ppzksnark_proof<ppT> &proof)
518527{
519528 libff::enter_block (" Call to r1cs_gg_ppzksnark_online_verifier_weak_IC"
520- assert (pvk.ABC_g1 .domain_size () >= primary_input.size ());
529+ assert (pvk.gamma_ABC_g1 .domain_size () >= primary_input.size ());
521530
522531 libff::enter_block (" Accumulate input"
523- const accumulation_vector<libff::G1<ppT> > accumulated_IC = pvk.
ABC_g1 .
template accumulate_chunk <libff::Fr<ppT> >(primary_input.
begin (), primary_input.
end (),
0 );
532+ const accumulation_vector<libff::G1<ppT> > accumulated_IC = pvk.
gamma_ABC_g1 .
template accumulate_chunk <libff::Fr<ppT> >(primary_input.
begin (), primary_input.
end (),
0 );
524533 const libff::G1<ppT> &acc = accumulated_IC.
first ;
525534 libff::leave_block (" Accumulate input"
526535
@@ -546,7 +555,7 @@ bool r1cs_gg_ppzksnark_online_verifier_weak_IC(const r1cs_gg_ppzksnark_processed
546555
547556 const libff::Fqk<ppT> QAP1 =
ppT::miller_loop (proof_g_A_precomp, proof_g_B_precomp);
548557 const libff::Fqk<ppT> QAP2 =
ppT::double_miller_loop (
549- acc_precomp, pvk.vk_generator_g2_precomp ,
558+ acc_precomp, pvk.vk_gamma_g2_precomp ,
550559 proof_g_C_precomp, pvk.vk_delta_g2_precomp );
551560 const libff::GT<ppT> QAP =
ppT::final_exponentiation (QAP1 * QAP2.
unitary_inverse ());
552561
@@ -586,9 +595,9 @@ bool r1cs_gg_ppzksnark_online_verifier_strong_IC(const r1cs_gg_ppzksnark_process
586595 bool result = true ;
587596 libff::enter_block (" Call to r1cs_gg_ppzksnark_online_verifier_strong_IC"
588597
589- if (pvk.ABC_g1 .domain_size () != primary_input.size ())
598+ if (pvk.gamma_ABC_g1 .domain_size () != primary_input.size ())
590599 {
591- libff::print_indent (); printf (" Input length differs from expected (got %zu, expected %zu).\n " size (), pvk.ABC_g1 .domain_size ());
600+ libff::print_indent (); printf (" Input length differs from expected (got %zu, expected %zu).\n " size (), pvk.gamma_ABC_g1 .domain_size ());
592601 result = false ;
593602 }
594603 else
@@ -618,13 +627,13 @@ bool r1cs_gg_ppzksnark_affine_verifier_weak_IC(const r1cs_gg_ppzksnark_verificat
618627 const r1cs_gg_ppzksnark_proof<ppT> &proof)
619628{
620629 libff::enter_block (" Call to r1cs_gg_ppzksnark_affine_verifier_weak_IC"
621- assert (vk.ABC_g1 .domain_size () >= primary_input.size ());
630+ assert (vk.gamma_ABC_g1 .domain_size () >= primary_input.size ());
622631
623- libff::affine_ate_G2_precomp<ppT> pvk_vk_generator_g2_precomp = ppT::affine_ate_precompute_G2 (libff::G2<ppT>:: one () );
632+ libff::affine_ate_G2_precomp<ppT> pvk_vk_gamma_g2_precomp = ppT::affine_ate_precompute_G2 (vk. gamma_g2 );
624633 libff::affine_ate_G2_precomp<ppT> pvk_vk_delta_g2_precomp = ppT::affine_ate_precompute_G2 (vk.delta_g2 );
625634
626635 libff::enter_block (" Accumulate input"
627- const accumulation_vector<libff::G1<ppT> > accumulated_IC = vk.
ABC_g1 .
template accumulate_chunk <libff::Fr<ppT> >(primary_input.
begin (), primary_input.
end (),
0 );
636+ const accumulation_vector<libff::G1<ppT> > accumulated_IC = vk.
gamma_ABC_g1 .
template accumulate_chunk <libff::Fr<ppT> >(primary_input.
begin (), primary_input.
end (),
0 );
628637 const libff::G1<ppT> &acc = accumulated_IC.
first ;
629638 libff::leave_block (" Accumulate input"
630639
@@ -648,7 +657,7 @@ bool r1cs_gg_ppzksnark_affine_verifier_weak_IC(const r1cs_gg_ppzksnark_verificat
648657 const libff::affine_ate_G1_precomp<ppT> acc_precomp =
ppT::affine_ate_precompute_G1 (acc);
649658
650659 const libff::Fqk<ppT> QAP_miller =
ppT::affine_ate_e_times_e_over_e_miller_loop (
651- acc_precomp, pvk_vk_generator_g2_precomp ,
660+ acc_precomp, pvk_vk_gamma_g2_precomp ,
652661 proof_g_C_precomp, pvk_vk_delta_g2_precomp,
653662 proof_g_A_precomp, proof_g_B_precomp);
654663 const libff::GT<ppT> QAP =
ppT::final_exponentiation (QAP_miller.
unitary_inverse ());
0 commit comments