-
Notifications
You must be signed in to change notification settings - Fork 10
/
prover.rs
73 lines (65 loc) · 2.42 KB
/
prover.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
//! Common data structures for the prover algorith in the scalar-product sub-argument.
use ark_ff::AdditiveGroup;
use ark_serialize::*;
use ark_std::iter::Sum;
use ark_std::ops::{Add, Mul};
use ark_std::vec::Vec;
use super::module::BilinearModule;
/// Each message from the prover in a sumcheck protocol is a pair of FF-elements.
#[derive(CanonicalSerialize, CanonicalDeserialize, Copy, Clone, Debug, PartialEq, Eq)]
pub struct SumcheckMsg<M: AdditiveGroup>(pub(crate) M, pub(crate) M);
/// Messages sent by the prover throughout the protocol.
#[derive(CanonicalSerialize, Clone, Debug, PartialEq, Eq)]
pub struct ProverMsgs<M: BilinearModule>(
pub(crate) Vec<SumcheckMsg<M::Target>>,
pub(crate) Vec<(M::Lhs, M::Rhs)>,
);
impl<M: AdditiveGroup> Add<Self> for SumcheckMsg<M> {
type Output = Self;
fn add(self, other: Self) -> Self {
SumcheckMsg(self.0 + other.0, self.1 + other.1)
}
}
impl<M: AdditiveGroup> Sum for SumcheckMsg<M> {
fn sum<I: Iterator<Item = Self>>(iter: I) -> Self {
iter.reduce(|fst, snd| SumcheckMsg(fst.0 + snd.0, fst.1 + snd.1))
.unwrap_or_else(|| SumcheckMsg(M::zero(), M::zero()))
}
}
impl<M: AdditiveGroup> SumcheckMsg<M> {
pub(crate) fn ip<I: Iterator<Item = Self>, J: Iterator<Item = M::Scalar>>(
iter: I,
scalars: J,
) -> Self {
iter.zip(scalars)
.fold(SumcheckMsg(M::zero(), M::zero()), |acc, (snd, scalar)| {
Self(acc.0 + snd.0 * scalar, acc.1 + snd.1 * scalar)
})
}
}
impl<M: AdditiveGroup> Mul<&M::Scalar> for SumcheckMsg<M> {
type Output = Self;
fn mul(self, rhs: &M::Scalar) -> Self {
SumcheckMsg(self.0 * rhs, self.1 * rhs)
}
}
/// Prover trait interface for both time-efficient and space-efficient prover.
pub trait Prover<M>: Send + Sync
where
M: BilinearModule,
{
/// Return the next prover message (if any).
fn next_message(
&mut self,
verifier_message: Option<M::ScalarField>,
) -> Option<SumcheckMsg<M::Target>>;
/// Peform even/odd folding of the instance using the challenge `challenge`.
fn fold(&mut self, challenge: M::ScalarField);
// Return the total number of rouds in the protocol.
fn rounds(&self) -> usize;
/// Current round number.
fn round(&self) -> usize;
/// Return the fully-folded isntances if at the final round,
/// otherwise return None.
fn final_foldings(&self) -> Option<(M::Lhs, M::Rhs)>;
}