diff --git a/Makefile b/Makefile index 751141e..b5e5795 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,6 @@ LIBMAC = /opt/homebrew/lib/libgmp.a /opt/homebrew/opt/libomp/lib/libomp.a /opt/h LIBCROSS = $(MCLPATH)/lib/libmclbn384_256.a $(MCLPATH)/lib/libmcl.a $(GMPPATH)/lib/libgmp.a -I $(MCLPATH)/include -I $(GMPPATH)/include -lstdc++ SRC = $(shell pwd)/src/*.c $(shell pwd)/circuits/*.c $(shell pwd)/src/*.h -MULEXP = MCL_MULEXP CURVE = BN128 ARCH = None MULTI = off @@ -22,22 +21,22 @@ endif zpie: $(SRC) ifeq ($(ARCH), x86) - $(CC) -m32 $(COMMON) $(LIBCROSS) -D $(MULEXP) -D $(CURVE) $(MULTI_SET) + $(CC) -m32 $(COMMON) $(LIBCROSS) -D $(CURVE) $(MULTI_SET) else ifeq ($(ARCH), x86_64) - $(CC) -m64 $(COMMON) $(LIBCROSS) -D $(MULEXP) -D $(CURVE) $(MULTI_SET) + $(CC) -m64 $(COMMON) $(LIBCROSS) -D $(CURVE) $(MULTI_SET) else ifeq ($(ARCH), aarch64) - $(CAARCH64) $(COMMON) $(LIBCROSS) -D $(MULEXP) -D $(CURVE) $(MULTI_SET) + $(CAARCH64) $(COMMON) $(LIBCROSS) -D $(CURVE) $(MULTI_SET) else ifeq ($(ARCH), arm) - $(CARM) $(COMMON) $(LIBCROSS) -D $(MULEXP) -D $(CURVE) $(MULTI_SET) + $(CARM) $(COMMON) $(LIBCROSS) -D $(CURVE) $(MULTI_SET) else ifeq ($(shell uname), Darwin) - $(CC) $(COMMON) $(LIBMAC) -D $(MULEXP) -D $(CURVE) $(MULTI_SET) + $(CC) $(COMMON) $(LIBMAC)-D $(CURVE) $(MULTI_SET) else - $(CC) $(COMMON) $(LIB) -D $(MULEXP) -D $(CURVE) $(MULTI_SET) + $(CC) $(COMMON) $(LIB) -D $(CURVE) $(MULTI_SET) endif test: diff --git a/README.md b/README.md index add3786..f514b75 100644 --- a/README.md +++ b/README.md @@ -25,9 +25,11 @@ ZPiE needs [GMP](https://gmplib.org/) and [MCL](https://github.com/herumi/mcl). sudo apt install libgmp-dev libcunit1-dev git clone https://github.com/herumi/mcl cd mcl -make -j4 +make -j8 ``` +If willing to use the multi-thread execution, compile MCL using `make -j8 MCL_USE_OMP=1`. + ## Test ZPiE can be tested as follows: @@ -57,7 +59,7 @@ BN128 (default) BLS12_381 ``` -We can specify to run the code in multi-thread mode: +We can specify to run the code in multi-thread mode (if MCL was compiled accordingly): ``` make bench MULTI=on @@ -94,7 +96,7 @@ int main() // we perform the setup setup_keys keys = perform_setup(&circuit); - // we generate a proof (../data/proof.params) + // we generate a proof proof p = generate_proof(&circuit, keys.pk); // we verify the proof diff --git a/circuits/mimc.c b/circuits/mimc.c index 9e5d1ca..a81df29 100644 --- a/circuits/mimc.c +++ b/circuits/mimc.c @@ -5,26 +5,9 @@ void mimc7(element *h, element *x_in, element *k) { - char buff[2048]; - FILE *cnst; - cnst = fopen("circuits/constants.txt", "r"); - - element c[91]; - init_array(c, 91); - - for (int i = 0; i < 91; i++) - { - fgets(buff, sizeof buff, cnst); - input(&c[i], buff); - } - - fclose(cnst); - - element t[NROUNDS]; element r[NROUNDS]; element f[NROUNDS*3]; - init_array(t, NROUNDS); init_array(r, NROUNDS); init_array(f, NROUNDS*3); @@ -32,13 +15,13 @@ void mimc7(element *h, element *x_in, element *k) for (int i = 0; i < NROUNDS; i++) { - if (i == 0) addmul(&t[i], k, x_in, &one); - else add3mul(&t[i], k, &r[i-1], &c[i], &one); + if (i == 0) addmuladd(&f[it], k, x_in, k, x_in); + else add3muladd3(&f[it], k, &r[i-1], &c_mimc[i], k, &r[i-1], &c_mimc[i]); - mul(&f[it], &t[i], &t[i]); mul(&f[it+1], &f[it], &f[it]); mul(&f[it+2], &f[it+1], &f[it]); - mul(&r[i], &f[it+2], &t[i]); + if (i == 0) addmul(&r[i], k, x_in, &f[it+2]); + else add3mul(&r[i], k, &r[i-1], &c_mimc[i], &f[it+2]); it = it + 3; } diff --git a/circuits/utils.c b/circuits/utils.c index a39fabc..3c73630 100644 --- a/circuits/utils.c +++ b/circuits/utils.c @@ -1,14 +1,6 @@ void add(element uOut, element vOut, element u1, element v1, element u2, element v2) { - element a, d, dNeg; - init(&a); - init(&d); - init(&dNeg); - input(&a, "-168700"); - input(&d, "168696"); - input(&dNeg, "-168696"); - - element factor, factor1, factor2, factor3, factor4, factor5, factor6, factor7, factor8, factor9, factor10; + element factor, factor1, factor2, factor3, factor4, factor5, factor6, factor7; init(&factor); init(&factor1); init(&factor2); @@ -17,44 +9,55 @@ void add(element uOut, element vOut, element u1, element v1, element u2, element init(&factor5); init(&factor6); init(&factor7); - init(&factor8); - init(&factor9); - init(&factor10); // uOut = (u1*v2 + v1*u2) / (1 + d*u1*u2*v1*v2) mul(&factor1, &u1, &v2); - mul(&factor2, &v1, &u2); - mul(&factor3, &factor1, &factor2); - mul(&factor, &factor3, &d); + int d = 168696; + int one_int = 1; - addmul(&factor4, &factor, &one, &one); + mul_constants(&factor, &one_int, &factor1, &d, &factor2); mpz_t invFactor; mpz_init(invFactor); - if(!setParams) mpz_invert(invFactor, uw[factor4.index], pPrime); + + if(!setParams) + { + mpz_t f_check; + mpz_init(f_check); + mpz_add(f_check, uw[one.index], uw[factor.index]); + mpz_invert(invFactor, f_check, pPrime); + } char buff[2048]; mpz_get_str(buff, 10, invFactor); - input(&factor5, buff); - addmul(&uOut, &factor1, &factor2, &factor5); + input(&factor4, buff); + + addmul(&one, &factor, &one, &factor4); // verify x * 1/x = 1 + addmul(&uOut, &factor1, &factor2, &factor4); // vOut = (v1*v2 - a*u1*u2) / (1 - d*u1*u2*v1*v2) - mul(&factor6, &v1, &v2); - mul(&factor7, &u1, &u2); - mul(&factor8, &factor7, &a); + mul(&factor5, &v1, &v2); + + int a = -168700; + int one_neg = -1; - element factorNeg; - init(&factorNeg); + mul_constants(&factor6, &a, &u1, &one_int, &u2); - mul(&factorNeg, &factor3, &dNeg); - addmul(&factor9, &one, &factorNeg, &one); + if(!setParams) + { + mpz_t f_check; + mpz_init(f_check); + mpz_sub(f_check, uw[one.index], uw[factor.index]); + mpz_invert(invFactor, f_check, pPrime); + } - if(!setParams) mpz_invert(invFactor, uw[factor9.index], pPrime); mpz_get_str(buff, 10, invFactor); - input(&factor10, buff); - addmul(&vOut, &factor6, &factor8, &factor10); + input(&factor7, buff); + + addmul_constants(&one, &one_int, &one, &one_neg, &factor, &one_int, &factor7); // verify x * 1/x = 1 + addmul(&vOut, &factor5, &factor6, &factor7); } void mul_scalar(element mulOut1, element mulOut2, element A1, element A2, element *bits, int size) @@ -99,27 +102,32 @@ void mul_scalar(element mulOut1, element mulOut2, element A1, element A2, elemen add(doubledP1[i], doubledP2[i], doubledP1[i-1], doubledP2[i-1], doubledP1[i-1], doubledP2[i-1]); } - element f1, f2, f3, f4, f5; + element f1, f2, f4, f5; init(&f1); init(&f2); - init(&f3); init(&f4); init(&f5); mul(&f1, &accumulatedP1[i+1], &bits[i]); mul(&f2, &accumulatedP2[i+1], &bits[i]); - addmul(&f3, &oneNeg, &bits[i], &oneNeg); + int one_alone = 1; + int one_neg = -1; - mul(&f4, &step1[i], &f3); - mul(&f5, &step2[i], &f3); + mul_constants(&f4, &one_neg, &bits[i], &one_alone, &step1[i]); + mul_constants(&f5, &one_neg, &bits[i], &one_alone, &step2[i]); - addmul(&step1[i+1], &f1, &f4, &one); - addmul(&step2[i+1], &f2, &f5, &one); + if(i+1 != size) + { + add3mul(&step1[i+1], &f1, &f4, &step1[i], &one); + add3mul(&step2[i+1], &f2, &f5, &step2[i], &one); + } + else + { + add3mul(&mulOut1, &f1, &f4, &step1[i], &one); + add3mul(&mulOut2, &f2, &f5, &step2[i], &one); + } } - - mul(&mulOut1, &step1[size], &one); - mul(&mulOut2, &step2[size], &one); } void to_bits(element *bits, element val, int size) @@ -130,11 +138,10 @@ void to_bits(element *bits, element val, int size) mpz_init(t3); mpz_init(total); - element oneNeg; - init(&oneNeg); - input(&oneNeg, "-1"); mpz_set_str(t2, "1", 10); + element b[size]; + for (int i = 0; i < size; i++) { if(!setParams) @@ -143,28 +150,24 @@ void to_bits(element *bits, element val, int size) mpz_and(t3, t1, t2); } - element b; - init(&b); char buff[2048]; mpz_get_str(buff, 10, t3); input(&bits[i], buff); - addmul(&b, &bits[i], &oneNeg, &bits[i]); - mpz_t pow; - mpz_init(pow); - mpz_ui_pow_ui(pow, 2, i); - mpz_mul(t3, t3, pow); - mpz_add(total, total, t3); + mpz_ui_pow_ui(total, 2, i); + + mpz_t one_mpz; + mpz_init_set_ui(one_mpz, 1); + + init(&b[i]); + mul_big_constants(&b[i], &total, &bits[i], &one_mpz, &one); } - element check, checkCnst; - init(&check); - init(&checkCnst); - char buff[2048]; - mpz_get_str(buff, 10, total); - input(&check, buff); + element fa; + init(&fa); - mul(&checkCnst, &check, &one); + addsmul(&fa, &size, b, &one); + assert_equal(&fa, &val); } typedef struct diff --git a/src/bench.c b/src/bench.c index dfebc43..948ff30 100644 --- a/src/bench.c +++ b/src/bench.c @@ -24,7 +24,7 @@ int main(int argc, char *argv[]) bench = 1; if (argc < 3) { - printf("******************* ZPiE v0.3 *******************\n"); + printf("******************* ZPiE v0.4 *******************\n"); printf("USAGE: ./zpie [ACTIONS] [OPTIONS]\n\n"); printf("[ACTIONS]:\n"); printf("-s : Perform setup of 'c' constraints.\n"); @@ -38,7 +38,7 @@ int main(int argc, char *argv[]) if ((argc == 4) && (strcmp(argv[3], "-l") == 0)) logs = 1; - printf("******************* ZPiE v0.3 *******************\n"); + printf("******************* ZPiE v0.4 *******************\n"); if ((strcmp(argv[1], "-s") == 0) || (strcmp(argv[1], "-p") == 0) || (strcmp(argv[1], "-v") == 0)) { diff --git a/src/common/utils.c b/src/common/utils.c index 62c6ece..6119f09 100644 --- a/src/common/utils.c +++ b/src/common/utils.c @@ -36,6 +36,8 @@ void init_setup(void *circuit) M = 0; N = 0; nPublic = 0; + nConst = 0; + lro_const_total = 0; mclBn_init(USEDCURVE, MCLBN_COMPILED_TIME_VAR); @@ -44,10 +46,11 @@ void init_setup(void *circuit) setParams = 0; uw = (mpz_t*) malloc((M) * sizeof(mpz_t)); + LRO_constants = (mpz_t*) malloc((lro_const_total) * sizeof(mpz_t)); for (int i = 0; i < M; i++) { - mpz_init2(uw[i], BITS); + mpz_init2(uw[i], BITS); } } @@ -149,12 +152,7 @@ void bos_coster_bp(mclBnG1 *chunk, mclBnG1 *points, mclBnFr *scalars, int heapsi static inline void mult_exp(mclBnG1 *chunk, mclBnG1 *points, mclBnFr *scalars, int heapsize) { - #ifdef BOSCOSTER_MULEXP - if ((heapsize > 32) && ((heapsize != 0) && ((heapsize & (heapsize - 1)) == 0))) bos_coster_bp(chunk, points, scalars, heapsize); - else mclBnG1_mulVec(chunk, points, scalars, heapsize); - #elif MCL_MULEXP - mclBnG1_mulVec(chunk, points, scalars, heapsize); - #endif + mclBnG1_mulVec(chunk, points, scalars, heapsize); } char *to_hex(const unsigned char *array, size_t length) diff --git a/src/gro16/gro16.h b/src/gro16/gro16.h index fb322a7..ba7ff13 100644 --- a/src/gro16/gro16.h +++ b/src/gro16/gro16.h @@ -8,7 +8,7 @@ typedef struct int index; } element; -element one, oneNeg; +element one, oneNeg, c_mimc[91]; int logs; int test_no_rand; @@ -35,9 +35,11 @@ void binarymaxheap(mpz_t *exp[], int i, int heapsize); static mpz_t pPrime; static gmp_randstate_t state; -char **L; -char **R; -char **O; +int **L; +int **R; +int **O; + +mpz_t *LRO_constants; static mclBnFr *AsFr; static mclBnFr *BsFr; @@ -53,7 +55,11 @@ static mpz_t *wM; int prover; int cn; -int uwn; +int lro_constants_n; +int lro_const_total; +int wn; +int un; +int constant_n; #include "parser.c" @@ -93,6 +99,7 @@ typedef struct int qap_size; int *LRO; + mpz_t *LRO_constants; mclBnG1 alpha1; mclBnG1 beta1; @@ -119,6 +126,7 @@ struct mulExpResult typedef struct { + mpz_t *constants; mclBnGT alphabetaT; mclBnG2 gamma2; mclBnG2 delta2; diff --git a/src/gro16/parser.c b/src/gro16/parser.c index 489d6f4..b4d18bc 100644 --- a/src/gro16/parser.c +++ b/src/gro16/parser.c @@ -65,6 +65,63 @@ void add3mul(element *oo, element *lo1, element *lo2, element *lo3, element *ro) } } +void addsmul(element *oo, int *size, element *los, element *ro) +{ + if (setParams) N++; + else if (prover) + { + for (int i = 0; i < *size; i++) + { + mpz_add(uw[oo->index], uw[oo->index], uw[los[i].index]); + mpz_mod(uw[oo->index], uw[oo->index], pPrime); + } + + mpz_mul(uw[oo->index], uw[oo->index], uw[ro->index]); + mpz_mod(uw[oo->index], uw[oo->index], pPrime); + } + else + { + for (int i = 0; i < *size; i++) + { + L[cn][los[i].index] = 1; + } + + R[cn][ro->index] = 1; + O[cn][oo->index] = 1; + + cn++; + } +} + +void add3muladd3(element *oo, element *lo1, element *lo2, element *lo3, element *ro1, element *ro2, element *ro3) +{ + if (setParams) N++; + else if (prover) + { + mpz_t factor; + mpz_init(factor); + mpz_add(uw[oo->index], uw[lo1->index], uw[lo2->index]); + mpz_add(uw[oo->index], uw[oo->index], uw[lo3->index]); + mpz_add(factor, uw[ro1->index], uw[ro2->index]); + mpz_add(factor, factor, uw[ro3->index]); + mpz_mul(uw[oo->index], uw[oo->index], factor); + mpz_mod(uw[oo->index], uw[oo->index], pPrime); + mpz_clear(factor); + } + else + { + L[cn][lo1->index] = 1; + L[cn][lo2->index] = 1; + L[cn][lo3->index] = 1; + R[cn][ro1->index] = 1; + R[cn][ro2->index] = 1; + R[cn][ro3->index] = 1; + O[cn][oo->index] = 1; + + cn++; + } +} + void addmuladd(element *oo, element *lo1, element *lo2, element *ro1, element *ro2) { if (setParams) N++; @@ -108,6 +165,85 @@ void mul(element *oo, element *lo, element *ro) } } +void addmul_constants(element *oo, int *lc1, element *lo1, int *lc2, element *lo2, int *rc, element *ro) +{ + if (setParams) N++; + else if (prover) + { + mpz_t factor; + mpz_init(factor); + mpz_mul_si(factor, uw[lo1->index], *lc1); + mpz_mul_si(uw[oo->index], uw[lo2->index], *lc2); + mpz_add(factor, factor, uw[oo->index]); + mpz_mul_si(uw[oo->index], uw[ro->index], *rc); + mpz_mul(uw[oo->index], uw[oo->index], factor); + mpz_mod(uw[oo->index], uw[oo->index], pPrime); + mpz_clear(factor); + } + else + { + L[cn][lo1->index] = *lc1; + L[cn][lo2->index] = *lc2; + R[cn][ro->index] = *rc; + O[cn][oo->index] = 1; + + cn++; + } +} + +void mul_constants(element *oo, int *lc, element *lo, int *rc, element *ro) +{ + if (setParams) N++; + else if (prover) + { + mpz_t factor; + mpz_init(factor); + mpz_mul_si(factor, uw[lo->index], *lc); + mpz_mul_si(uw[oo->index], uw[ro->index], *rc); + mpz_mul(uw[oo->index], uw[oo->index], factor); + mpz_mod(uw[oo->index], uw[oo->index], pPrime); + mpz_clear(factor); + } + else + { + L[cn][lo->index] = *lc; + R[cn][ro->index] = *rc; + O[cn][oo->index] = 1; + + cn++; + } +} + +void mul_big_constants(element *oo, mpz_t *lc, element *lo, mpz_t *rc, element *ro) +{ + if (setParams) + { + lro_const_total += 2; + N++; + } + else if (prover) + { + mpz_t factor; + mpz_init(factor); + mpz_mul(factor, uw[lo->index], *lc); + mpz_mul(uw[oo->index], uw[ro->index], *rc); + mpz_mul(uw[oo->index], uw[oo->index], factor); + mpz_mod(uw[oo->index], uw[oo->index], pPrime); + mpz_clear(factor); + } + else + { + L[cn][lo->index] = INT_MAX; + R[cn][ro->index] = INT_MAX; + O[cn][oo->index] = 1; + + cn++; + mpz_init_set(LRO_constants[lro_constants_n], *lc); + mpz_init_set(LRO_constants[lro_constants_n + 1], *rc); + lro_constants_n += 2; + } +} + void assert_equal(element *lo, element *ro) { element factor1, factor2; @@ -123,9 +259,26 @@ void input(element *var, char *val) if (!setParams) mpz_set_str(uw[var->index], val, 10); } +void init_constant(element *toAdd, char *val) +{ + if (setParams) M++; + else + { + toAdd->index = constant_n; + constant_n++; + mpz_set_str(uw[toAdd->index], val, 10); + } + if (setParams) nConst++; +} + void init_public(element *toAdd) { - init(toAdd); + if (setParams) M++; + else + { + toAdd->index = un; + un++; + } if (setParams) nPublic++; } @@ -142,18 +295,27 @@ void init(element *toAdd) if (setParams) M++; else { - toAdd->index = uwn; - uwn++; + toAdd->index = wn; + wn++; } } void init_circuit(void *circuit) { - init_public(&one); - init_public(&oneNeg); + init_constant(&one, "1"); + init_constant(&oneNeg, "-1"); + + char buff[2048]; + FILE *cnst; + cnst = fopen("circuits/constants.txt", "r"); + + for (int i = 0; i < 91; i++) + { + fgets(buff, sizeof buff, cnst); + init_constant(&c_mimc[i], buff); + } - input(&one, "1"); - input(&oneNeg, "-1"); + fclose(cnst); ((void(*)(void))circuit)(); } @@ -181,10 +343,14 @@ void test_full_api() void test_constraint_system(void) { - uw = (mpz_t*) malloc((8) * sizeof(mpz_t)); - uwn = 0; + uw = (mpz_t*) malloc((99) * sizeof(mpz_t)); + wn = nPublic + nConst; + un = nConst; + constant_n = 0; + lro_constants_n = 0; + lro_const_total = 0; - for (int i = 0; i < 8; i++) + for (int i = 0; i < 99; i++) { mpz_init2(uw[i], BITS); } @@ -193,8 +359,8 @@ void test_constraint_system(void) init_circuit(&test_full_api); prover = 0; - CU_ASSERT(mpz_cmp_ui(uw[2], 50) == 0); - CU_ASSERT(mpz_cmp_ui(uw[3], 150) == 0); - CU_ASSERT(mpz_cmp_ui(uw[4], 150) == 0); - CU_ASSERT(mpz_cmp_ui(uw[5], 200) == 0); + CU_ASSERT(mpz_cmp_ui(uw[nConst], 50) == 0); + CU_ASSERT(mpz_cmp_ui(uw[1+nConst], 150) == 0); + CU_ASSERT(mpz_cmp_ui(uw[2+nConst], 150) == 0); + CU_ASSERT(mpz_cmp_ui(uw[3+nConst], 200) == 0); } \ No newline at end of file diff --git a/src/gro16/prover.c b/src/gro16/prover.c index 81b760b..c77e31a 100644 --- a/src/gro16/prover.c +++ b/src/gro16/prover.c @@ -18,6 +18,9 @@ void h_coefficients(proving_key pk) mclBnFr_clear(&CsFr[j]); } + int l_it = 0; + int r_it = 1; + for (int j = 0; j < pk.qap_size; j+=3) { switch (pk.LRO[j]) @@ -25,6 +28,42 @@ void h_coefficients(proving_key pk) case 1: mclBnFr_add(&AsFr[pk.LRO[j+1]], &AsFr[pk.LRO[j+1]], &uwFr[pk.LRO[j+2]]); break; case 2: mclBnFr_add(&BsFr[pk.LRO[j+1]], &BsFr[pk.LRO[j+1]], &uwFr[pk.LRO[j+2]]); break; case 3: mclBnFr_add(&CsFr[pk.LRO[j+1]], &CsFr[pk.LRO[j+1]], &uwFr[pk.LRO[j+2]]); break; + case 10: + { + mclBnFr factorFr; + if (pk.LRO[j+3] != INT_MAX) + { + mclBnFr_setInt(&factorFr, pk.LRO[j+3]); + mclBnFr_mul(&factorFr, &uwFr[pk.LRO[j+2]], &factorFr); + } + else + { + mpz_to_fr(&factorFr, &pk.LRO_constants[l_it]); + mclBnFr_mul(&factorFr, &uwFr[pk.LRO[j+2]], &factorFr); + l_it+=2; + } + mclBnFr_add(&AsFr[pk.LRO[j+1]], &AsFr[pk.LRO[j+1]], &factorFr); + j+=1; + break; + } + case 20: + { + mclBnFr factorFr; + if (pk.LRO[j+3] != INT_MAX) + { + mclBnFr_setInt(&factorFr, pk.LRO[j+3]); + mclBnFr_mul(&factorFr, &uwFr[pk.LRO[j+2]], &factorFr); + } + else + { + mpz_to_fr(&factorFr, &pk.LRO_constants[r_it]); + mclBnFr_mul(&factorFr, &uwFr[pk.LRO[j+2]], &factorFr); + r_it+=2; + } + mclBnFr_add(&BsFr[pk.LRO[j+1]], &BsFr[pk.LRO[j+1]], &factorFr); + j+=1; + break; + } } } @@ -57,242 +96,28 @@ void mul_exp(struct mulExpResult *result, mpz_t *uwProof, proving_key pk) { int n = mpz_get_ui(pk.Ne); - int totTh = 16; - - for (int i = 0; i < nPublic; i++) - { - mpz_set(uwProof[i], uw[i]); - } - - #ifdef MULTI_SET - mclBnG1 htdeltaTh[totTh]; - - #pragma omp parallel num_threads(totTh) - { - mpz_t *exp[n/totTh]; - mclBnFr frFactor; - int th = omp_get_thread_num(); - - for (int i = th*(n/totTh); i < (th+1)*(n/totTh); i++) - { - fr_to_mpz(&wM[i], &AsFr[i]); - exp[i-(th*(n/totTh))] = &wM[i]; - } - - bos_coster(exp, n/totTh, 1, &pk); - mpz_to_fr(&frFactor, exp[0]); - mclBnG1_mul(&htdeltaTh[th], &pk.xt1_rand[exp[0]-wM], &frFactor); - } - - mclBnG1_add(&result->htdelta, &htdeltaTh[0], &htdeltaTh[1]); - - for (int i = 2; i < totTh; i++) - { - mclBnG1_add(&result->htdelta, &result->htdelta, &htdeltaTh[i]); - } - - mclBnG1 thA1[totTh]; - mclBnG1 thB1[totTh]; - mclBnG2 thB2[totTh]; - mclBnG1 thC1[totTh]; - - #pragma omp parallel num_threads(totTh) - { - int sizeM; - int end; - int th = omp_get_thread_num(); - - if (th == totTh-1) - { - sizeM = (M - (totTh*(M/totTh))) + (M/totTh); - end = M; - } - else - { - sizeM = M/totTh; - end = (th+1)*(M/totTh); - } - - mclBnFr frFactor; - mpz_t *exp[sizeM]; - - int start = th*(M/totTh); - - for (int i = start; i < end; i++) - { - exp[i-start] = &uw[i]; - } - - bos_coster(exp, sizeM, 0, &pk); - - mpz_to_fr(&frFactor, exp[0]); - mclBnG1_mul(&thA1[th], &pk.A1[exp[0]-uw], &frFactor); - mclBnG1_mul(&thB1[th], &pk.B1[exp[0]-uw], &frFactor); - mclBnG2_mul(&thB2[th], &pk.B2[exp[0]-uw], &frFactor); - mclBnG1_mul(&thC1[th], &pk.pk1[exp[0]-uw], &frFactor); - } - - mclBnG1_add(&result->uwA1, &thA1[0], &thA1[1]); - mclBnG1_add(&result->uwB1, &thB1[0], &thB1[1]); - mclBnG2_add(&result->uwB2, &thB2[0], &thB2[1]); - mclBnG1_add(&result->uwC1, &thC1[0], &thC1[1]); - - for (int i = 2; i < totTh; i++) - { - mclBnG1_add(&result->uwA1, &result->uwA1, &thA1[i]); - mclBnG1_add(&result->uwB1, &result->uwB1, &thB1[i]); - mclBnG2_add(&result->uwB2, &result->uwB2, &thB2[i]); - mclBnG1_add(&result->uwC1, &result->uwC1, &thC1[i]); - } - - #else - mpz_t *exp[n]; - mclBnFr frFactor; - proving_key bpk; - bpk.xt1 = (mclBnG1*) malloc((n) * sizeof(mclBnG1)); - - for (int i = 0; i < n; i++) - { - fr_to_mpz(&wM[i], &AsFr[i]); - exp[i] = &wM[i]; - mclBnG1_add(&bpk.xt1[i], &bpk.xt1[i], &pk.xt1_rand[i]); - } - - bos_coster(exp, n, 1, &bpk); - mpz_to_fr(&frFactor, exp[0]); - mclBnG1_mul(&result->htdelta, &bpk.xt1[exp[0]-wM], &frFactor); - - /*mpz_t *expM[M]; - bpk.A1 = (mclBnG1*) malloc((M) * sizeof(mclBnG1)); - bpk.B1 = (mclBnG1*) malloc((M) * sizeof(mclBnG1)); - bpk.B2 = (mclBnG2*) malloc((M) * sizeof(mclBnG2)); - bpk.pk1 = (mclBnG1*) malloc((M) * sizeof(mclBnG1)); - - #pragma omp parallel for - for (int i = 0; i < M; i++) - { - expM[i] = &uw[i]; - mclBnG1_add(&bpk.A1[i], &bpk.A1[i], &pk.A1[i]); - mclBnG1_add(&bpk.B1[i], &bpk.B1[i], &pk.B1[i]); - mclBnG2_add(&bpk.B2[i], &bpk.B2[i], &pk.B2[i]); - mclBnG1_add(&bpk.pk1[i], &bpk.pk1[i], &pk.pk1[i]); - } - - bos_coster(expM, M, 0, &bpk); - - mpz_to_fr(&frFactor, expM[0]); - mclBnG1_mul(&result->uwA1, &bpk.A1[expM[0]-uw], &frFactor); - mclBnG1_mul(&result->uwB1, &bpk.B1[expM[0]-uw], &frFactor); - mclBnG2_mul(&result->uwB2, &bpk.B2[expM[0]-uw], &frFactor); - mclBnG1_mul(&result->uwC1, &bpk.pk1[expM[0]-uw], &frFactor);*/ - - // to be replaced ----> - mclBnFr uwFactor[M]; - mclBnFr uwFactorPublic[M-nPublic]; - - #pragma omp parallel for - for (int i = 0; i < M; i++) - { - mpz_to_fr(&uwFactor[i], &uw[i]); - if(i >= nPublic) mpz_to_fr(&uwFactorPublic[i-nPublic], &uw[i]); - } - - mclBnG1_mulVec(&result->uwA1, pk.A1, uwFactor, M); - mclBnG1_mulVec(&result->uwB1, pk.B1, uwFactor, M); - mclBnG2_mulVec(&result->uwB2, pk.B2, uwFactor, M); - mclBnG1_mulVec(&result->uwC1, pk.pk1, uwFactorPublic, M-nPublic); - // <------ to be replaced - #endif -} - -void mcl_mul_exp(struct mulExpResult *result, mpz_t *uwProof, proving_key pk) -{ - int n = mpz_get_ui(pk.Ne); - mclBnFr uwFactor[M]; - mclBnFr uwFactorPublic[M-nPublic]; + mclBnFr uwFactorPublic[M-(nPublic + nConst)]; - for (int i = 0; i < nPublic; i++) + for (int i = nConst; i < (nPublic + nConst); i++) { - mpz_set(uwProof[i], uw[i]); + mpz_set(uwProof[i-nConst], uw[i]); } #pragma omp parallel for for (int i = 0; i < M; i++) { mpz_to_fr(&uwFactor[i], &uw[i]); - if(i >= nPublic) mpz_to_fr(&uwFactorPublic[i-nPublic], &uw[i]); - } - - #pragma omp parallel num_threads(5) - { - switch (get_thread()) - { - case 0: mclBnG1_mulVec(&result->uwA1, pk.A1, uwFactor, M); break; - case 1: mclBnG1_mulVec(&result->uwB1, pk.B1, uwFactor, M); break; - case 2: mclBnG2_mulVec(&result->uwB2, pk.B2, uwFactor, M); break; - case 3: mclBnG1_mulVec(&result->uwC1, pk.pk1, uwFactorPublic, M-nPublic); break; - case 4: mclBnG1_mulVec(&result->htdelta, pk.xt1_rand, AsFr, n); break; - case 99: - mclBnG1_mulVec(&result->uwA1, pk.A1, uwFactor, M); - mclBnG1_mulVec(&result->uwB1, pk.B1, uwFactor, M); - mclBnG2_mulVec(&result->uwB2, pk.B2, uwFactor, M); - mclBnG1_mulVec(&result->uwC1, pk.pk1, uwFactorPublic, M-nPublic); - mclBnG1_mulVec(&result->htdelta, pk.xt1_rand, AsFr, n); - break; - } - } -} - -void naive_mul_exp(struct mulExpResult *result, mpz_t *uwProof, proving_key pk) -{ - int n = mpz_get_ui(pk.Ne); - - mclBnFr frFactor[M]; - for (int i = 0; i < nPublic; i++) - { - mpz_set(uwProof[i], uw[i]); - } - - #pragma omp parallel for - for (int i = 0; i < M; i++) - { - mpz_to_fr(&frFactor[i], &uw[i]); - // Auw = Auw + u[i] * s1.A[i]; - mclBnG1_mul(&pk.A1[i], &pk.A1[i], &frFactor[i]); - // B1uw = B1uw + u[i] * s1.B[i]; - mclBnG1_mul(&pk.B1[i], &pk.B1[i], &frFactor[i]); - // B2uw = B2uw + u[i] * s2.B[i]; - mclBnG2_mul(&pk.B2[i], &pk.B2[i], &frFactor[i]); - // Cw = Cw + w[i] * s1.pk[i]; - if(i < M-nPublic) mclBnG1_mul(&pk.pk1[i], &pk.pk1[i], &frFactor[i]); + if(i >= (nPublic + nConst)) mpz_to_fr(&uwFactorPublic[i-(nPublic + nConst)], &uw[i]); } - mclBnG1_clear(&result->uwA1); - mclBnG1_clear(&result->uwB1); - mclBnG2_clear(&result->uwB2); - mclBnG1_clear(&result->uwC1); + int num_threads = get_nprocs(); - for (int i = M; i--;) - { - mclBnG1_add(&result->uwA1, &result->uwA1, &pk.A1[i]); - mclBnG1_add(&result->uwB1, &result->uwB1, &pk.B1[i]); - mclBnG2_add(&result->uwB2, &result->uwB2, &pk.B2[i]); - if(i < M-nPublic) mclBnG1_add(&result->uwC1, &result->uwC1, &pk.pk1[i]); - } - - #pragma omp parallel for - for (int i = 0; i < n; i++) - { - mclBnG1_mul(&pk.xt1_rand[i], &pk.xt1_rand[i], &AsFr[i]); - } - - mclBnG1_clear(&result->htdelta); - - for (int i = n; i--;) - { - mclBnG1_add(&result->htdelta, &result->htdelta, &pk.xt1_rand[i]); - } + mclBnG1_mulVecMT(&result->uwA1, pk.A1, uwFactor, M, num_threads); + mclBnG1_mulVecMT(&result->uwB1, pk.B1, uwFactor, M, num_threads); + mclBnG2_mulVecMT(&result->uwB2, pk.B2, uwFactor, M, num_threads); + mclBnG1_mulVecMT(&result->uwC1, pk.pk1, uwFactorPublic, M-(nPublic + nConst), num_threads); + mclBnG1_mulVecMT(&result->htdelta, pk.xt1_rand, AsFr, n, num_threads); } void prove(int *circuit, mclBnG1 *piA, mclBnG2 *piB2, mclBnG1 *piC, mpz_t *uwProof, proving_key pk) @@ -324,31 +149,13 @@ void prove(int *circuit, mclBnG1 *piA, mclBnG2 *piB2, mclBnG1 *piC, mpz_t *uwPro clock_gettime(CLOCK_MONOTONIC, &begin); struct mulExpResult result; - - #ifdef AUTO_MULEXP - if(M > 1000) mul_exp(&result, uwProof, pk); - else mcl_mul_exp(&result, uwProof, pk); - #elif BOSCOSTER_MULEXP - mul_exp(&result, uwProof, pk); - #elif NAIVE_MULEXP - naive_mul_exp(&result, uwProof, pk); - #elif MCL_MULEXP - mcl_mul_exp(&result, uwProof, pk); - #endif + mul_exp(&result, uwProof, pk); clock_gettime(CLOCK_MONOTONIC, &end); elapsed = (end.tv_sec - begin.tv_sec); elapsed += (end.tv_nsec - begin.tv_nsec) / 1000000000.0; - if (bench) printf(" |--- G1, G2 multiexponentiations: [%fs]\n", elapsed); - #ifdef MULTI - #elif BOSCOSTER_MULEXP - if (bench) printf(" |--- Bos-Coster: [%fs]\n", elapsedBosCoster); - if (bench) printf(" |--- Heap sorting: [%fs]\n", elapsedSort); - #elif AUTO_MULEXP - if (bench) printf(" |--- Bos-Coster: [%fs]\n", elapsedBosCoster); - if (bench) printf(" |--- Heap sorting: [%fs]\n", elapsedSort); - #endif + if (bench) printf(" |--- G1, G2 multiexponentiations: [%fs]\n", elapsed); log_message("Computing piA, piB1, piB2, piC, htdelta..."); mclBnG1 piB1; diff --git a/src/gro16/qap.c b/src/gro16/qap.c index cd8a232..06049af 100644 --- a/src/gro16/qap.c +++ b/src/gro16/qap.c @@ -9,15 +9,15 @@ void generateqap(void *circuit, mpz_t *A, mpz_t *B, mpz_t *C, struct Trapdoor t, mpz_init(C[i]); } - L = (char **)malloc(N * sizeof(char*)); - R = (char **)malloc(N * sizeof(char*)); - O = (char **)malloc(N * sizeof(char*)); + L = (int **)malloc(N * sizeof(int*)); + R = (int **)malloc(N * sizeof(int*)); + O = (int **)malloc(N * sizeof(int*)); for (int i = 0; i < N; i++) { - L[i] = (char*) malloc(M * sizeof(char)); - R[i] = (char*) malloc(M * sizeof(char)); - O[i] = (char*) malloc(M * sizeof(char)); + L[i] = (int*) malloc(M * sizeof(int)); + R[i] = (int*) malloc(M * sizeof(int)); + O[i] = (int*) malloc(M * sizeof(int)); for (int j = 0; j < M; j++) { @@ -30,7 +30,10 @@ void generateqap(void *circuit, mpz_t *A, mpz_t *B, mpz_t *C, struct Trapdoor t, log_message("Computing R1CS..."); cn = 0; - uwn = 0; + lro_constants_n = 0; + wn = nPublic + nConst; + un = nConst; + constant_n = 0; init_circuit(circuit); log_state(1); @@ -99,14 +102,30 @@ void generateqap(void *circuit, mpz_t *A, mpz_t *B, mpz_t *C, struct Trapdoor t, mpz_mod(uL, uL, pPrime); } + int l_it = lro_const_total-2; + int r_it = lro_const_total-1; + for (int j = N; j--;) { - #pragma omp parallel for - for (int i = 0; i < M; i++) + for (int i = M; i--;) { - mpz_addmul_ui(A[i], u[j], L[j][i]); + mpz_t factor; + mpz_init(factor); + if (L[j][i] != INT_MAX) mpz_mul_si(factor, u[j], L[j][i]); + else + { + mpz_mul(factor, u[j], LRO_constants[l_it]); + l_it-=2; + } + mpz_add(A[i], A[i], factor); mpz_mod(A[i], A[i], pPrime); - mpz_addmul_ui(B[i], u[j], R[j][i]); + if (R[j][i] != INT_MAX) mpz_mul_si(factor, u[j], R[j][i]); + else + { + mpz_mul(factor, u[j], LRO_constants[r_it]); + r_it-=2; + } + mpz_add(B[i], B[i], factor); mpz_mod(B[i], B[i], pPrime); mpz_addmul_ui(C[i], u[j], O[j][i]); mpz_mod(C[i], C[i], pPrime); @@ -118,9 +137,12 @@ void generateqap(void *circuit, mpz_t *A, mpz_t *B, mpz_t *C, struct Trapdoor t, { for (int j = 0; j < N; j++) { - if(L[j][i]) *qap_size += 3; - if(R[j][i]) *qap_size += 3; - if(O[j][i]) *qap_size += 3; + if (L[j][i] == 1) *qap_size += 3; + else if (L[j][i] != 0) *qap_size += 4; + if (R[j][i] == 1) *qap_size += 3; + else if (R[j][i] != 0) *qap_size += 4; + + if (O[j][i]) *qap_size += 3; } } } \ No newline at end of file diff --git a/src/gro16/setup.c b/src/gro16/setup.c index c77fff4..328054b 100644 --- a/src/gro16/setup.c +++ b/src/gro16/setup.c @@ -61,7 +61,7 @@ void setup(void *circuit, struct Trapdoor *t, struct Sigma1 *s1, struct Sigma2 * } #pragma omp parallel for - for (int i = 0; i < nPublic; i++) + for (int i = 0; i < (nPublic + nConst); i++) { mpz_t f; mpz_init(f); @@ -79,16 +79,16 @@ void setup(void *circuit, struct Trapdoor *t, struct Sigma1 *s1, struct Sigma2 * } #pragma omp parallel for - for (int i = 0; i < M-nPublic; i++) + for (int i = 0; i < M-(nPublic + nConst); i++) { mpz_t f; mpz_init(f); // (t->beta * A[i] + t->alpha * B[i] + C[i]) * invDelta - mpz_mul(f, t->beta, A[i+nPublic]); + mpz_mul(f, t->beta, A[i+(nPublic + nConst)]); mpz_mod(f, f, pPrime); - mpz_addmul(f, t->alpha, B[i+nPublic]); + mpz_addmul(f, t->alpha, B[i+(nPublic + nConst)]); mpz_mod(f, f, pPrime); - mpz_add(f, f, C[i+nPublic]); + mpz_add(f, f, C[i+(nPublic + nConst)]); mpz_mul(f, f, invDelta); mpz_mod(f, f, pPrime); mpz_to_fr(&frFactor[i], &f); diff --git a/src/gro16/verifier.c b/src/gro16/verifier.c index b2327e6..ae2e167 100644 --- a/src/gro16/verifier.c +++ b/src/gro16/verifier.c @@ -1,5 +1,5 @@ -int verify(mclBnG1 *piA, mclBnG2 *piB2, mclBnG1 *piC, mpz_t u[nPublic], verifying_key vk) +int verify(mclBnG1 *piA, mclBnG2 *piB2, mclBnG1 *piC, mpz_t u[(nPublic + nConst)], verifying_key vk) { mclBnG1 factorG1; mclBnFr frFactor; @@ -7,10 +7,18 @@ int verify(mclBnG1 *piA, mclBnG2 *piB2, mclBnG1 *piC, mpz_t u[nPublic], verifyin mclBnG1 Vu; mclBnG1_clear(&Vu); - for (int i = nPublic; i--;) + for (int i = (nPublic); i--;) { // Vu = Vu + u[i] * s1.vk[i] mpz_to_fr(&frFactor, &u[i]); + mclBnG1_mul(&factorG1, &vk.vk1[i+nConst], &frFactor); + mclBnG1_add(&Vu, &Vu, &factorG1); + } + + for (int i = (nConst); i--;) + { + // Vu = Vu + u[i] * s1.vk[i] + mpz_to_fr(&frFactor, &vk.constants[i]); mclBnG1_mul(&factorG1, &vk.vk1[i], &frFactor); mclBnG1_add(&Vu, &Vu, &factorG1); } diff --git a/src/tests.c b/src/tests.c index dfa8dbc..7e399b7 100644 --- a/src/tests.c +++ b/src/tests.c @@ -67,13 +67,13 @@ void test_setup(void) sha256_update(&ctx, pk_bytes, strlen(pk_bytes)); sha256_final(&ctx, hash_bytes); - CU_ASSERT(!strcmp(to_hex(hash_bytes, sizeof hash_bytes), "b8a812b4c6576d343f0c269157a0020ca63e808244f2e0f75b9940797502d4fa")); + CU_ASSERT(!strcmp(to_hex(hash_bytes, sizeof hash_bytes), "26047d607444ba18b641499f11483896560195b1f16b0a12c734ccf0f6552cf4")); sha256_init(&ctx); sha256_update(&ctx, vk_bytes, strlen(vk_bytes)); sha256_final(&ctx, hash_bytes); - CU_ASSERT(!strcmp(to_hex(hash_bytes, sizeof hash_bytes), "dac6dfe723f1874422a4235e38a6f4ac4bb1b18716c90babe3d4a97f189ac15e")); + CU_ASSERT(!strcmp(to_hex(hash_bytes, sizeof hash_bytes), "1c91757242555e6705802233a5b7ca934fd33278c2461f21df343321c8ffb5d0")); test_no_rand = 0; } diff --git a/src/zpie.c b/src/zpie.c index 3392074..4eeeb1a 100644 --- a/src/zpie.c +++ b/src/zpie.c @@ -34,34 +34,40 @@ setup_keys perform_setup(void *circuit) int n = mpz_get_ui(Ne); - setup_keys provk; - mpz_init_set(provk.pk.Ne, Ne); + setup_keys keys; + mpz_init_set(keys.pk.Ne, Ne); - provk.pk.wMFr = (mclBnFr*) malloc((n) * sizeof(mclBnFr)); - provk.vk.vk1 = (mclBnG1*) malloc((nPublic) * sizeof(mclBnG1)); + keys.pk.LRO_constants = (mpz_t*) malloc((lro_const_total) * sizeof(mpz_t)); + keys.pk.wMFr = (mclBnFr*) malloc((n) * sizeof(mclBnFr)); + keys.vk.vk1 = (mclBnG1*) malloc(((nPublic + nConst)) * sizeof(mclBnG1)); wM = (mpz_t*) malloc((n) * sizeof(mpz_t)); s1.xt = (mclBnG1*) malloc((n) * sizeof(mclBnG1)); s1.A = (mclBnG1*) malloc((M) * sizeof(mclBnG1)); s1.B = (mclBnG1*) malloc((M) * sizeof(mclBnG1)); - s1.vk = (mclBnG1*) malloc((nPublic) * sizeof(mclBnG1)); - s1.pk = (mclBnG1*) malloc((M-nPublic) * sizeof(mclBnG1)); + s1.vk = (mclBnG1*) malloc(((nPublic + nConst)) * sizeof(mclBnG1)); + s1.pk = (mclBnG1*) malloc((M-(nPublic + nConst)) * sizeof(mclBnG1)); s2.B = (mclBnG2*) malloc((M) * sizeof(mclBnG2)); for (int i = 0; i < n; i++) { mpz_init(wM[i]); mpz_powm_ui(wM[i], w, i, pPrime); - mpz_to_fr(&provk.pk.wMFr[i], &wM[i]); + mpz_to_fr(&keys.pk.wMFr[i], &wM[i]); } struct timespec begin, end; double elapsed; clock_gettime(CLOCK_MONOTONIC, &begin); - setup(circuit, &t, &s1, &s2, &alphabetaT, &provk.pk.qap_size, &provk.pk.Ne); + setup(circuit, &t, &s1, &s2, &alphabetaT, &keys.pk.qap_size, &keys.pk.Ne); - provk.pk.LRO = (int*) malloc((provk.pk.qap_size) * sizeof(int)); + keys.pk.LRO = (int*) malloc((keys.pk.qap_size) * sizeof(int)); + + for (int i = 0; i < lro_const_total; i++) + { + mpz_init_set(keys.pk.LRO_constants[i], LRO_constants[i]); + } int it = 0; @@ -69,50 +75,77 @@ setup_keys perform_setup(void *circuit) { for (int j = 0; j < N; j++) { - if(L[j][i]) + if(L[j][i] != 0) { - provk.pk.LRO[it] = 1; - provk.pk.LRO[it+1] = j; - provk.pk.LRO[it+2] = i; - it+=3; + keys.pk.LRO[it+1] = j; + keys.pk.LRO[it+2] = i; + + if (L[j][i] != 1) + { + keys.pk.LRO[it] = 10; + keys.pk.LRO[it+3] = L[j][i]; + it+=4; + } + else + { + keys.pk.LRO[it] = 1; + it+=3; + } } - if(R[j][i]) + if(R[j][i] != 0) { - provk.pk.LRO[it] = 2; - provk.pk.LRO[it+1] = j; - provk.pk.LRO[it+2] = i; - it+=3; + keys.pk.LRO[it+1] = j; + keys.pk.LRO[it+2] = i; + + if (R[j][i] != 1) + { + keys.pk.LRO[it] = 20; + keys.pk.LRO[it+3] = R[j][i]; + it+=4; + } + else + { + keys.pk.LRO[it] = 2; + it+=3; + } } if(O[j][i]) { - provk.pk.LRO[it] = 3; - provk.pk.LRO[it+1] = j; - provk.pk.LRO[it+2] = i; + keys.pk.LRO[it] = 3; + keys.pk.LRO[it+1] = j; + keys.pk.LRO[it+2] = i; it+=3; } } } - provk.pk.alpha1 = s1.alpha; - provk.pk.beta1 = s1.beta; - provk.pk.beta2 = s2.beta; - provk.pk.delta1 = s1.delta; - provk.pk.delta2 = s2.delta; - provk.pk.A1 = s1.A; - provk.pk.B1 = s1.B; - provk.pk.B2 = s2.B; - provk.pk.pk1 = s1.pk; - provk.pk.xt1 = s1.xt; - provk.pk.xt1_rand = (mclBnG1*) malloc((n) * sizeof(mclBnG1)); + keys.pk.alpha1 = s1.alpha; + keys.pk.beta1 = s1.beta; + keys.pk.beta2 = s2.beta; + keys.pk.delta1 = s1.delta; + keys.pk.delta2 = s2.delta; + keys.pk.A1 = s1.A; + keys.pk.B1 = s1.B; + keys.pk.B2 = s2.B; + keys.pk.pk1 = s1.pk; + keys.pk.xt1 = s1.xt; + keys.pk.xt1_rand = (mclBnG1*) malloc((n) * sizeof(mclBnG1)); - provk.vk.alphabetaT = alphabetaT; - provk.vk.gamma2 = s2.gamma; - provk.vk.delta2 = s2.delta; + keys.vk.alphabetaT = alphabetaT; + keys.vk.gamma2 = s2.gamma; + keys.vk.delta2 = s2.delta; + keys.vk.constants = (mpz_t*) malloc((nConst) * sizeof(mpz_t)); - for (int i = 0; i < nPublic; i++) + for (int i = 0; i < (nConst); i++) { - provk.vk.vk1[i] = s1.vk[i]; + mpz_init(keys.vk.constants[i]); + mpz_set(keys.vk.constants[i], uw[i]); + } + + for (int i = 0; i < (nPublic + nConst); i++) + { + keys.vk.vk1[i] = s1.vk[i]; } clock_gettime(CLOCK_MONOTONIC, &end); @@ -122,7 +155,7 @@ setup_keys perform_setup(void *circuit) log_success("Setup generated successfully in", 1); if (bench) printf(" %fs\n", elapsed); - return provk; + return keys; } char* serialize_pk(proving_key *pk) @@ -160,6 +193,13 @@ char* serialize_pk(proving_key *pk) strcat(pk_bytes, "\n"); } + for (int i = 0; i < lro_const_total; i++) + { + mpz_get_str(buff, 16, pk->LRO_constants[i]); + strcat(pk_bytes, buff); + strcat(pk_bytes, "\n"); + } + mclBnG1_getStr(buff, sizeof(buff), &pk->alpha1, 16); strcat(pk_bytes, buff); strcat(pk_bytes, "\n"); @@ -189,7 +229,7 @@ char* serialize_pk(proving_key *pk) strcat(pk_bytes, "\n"); } - for (int i = 0; i < M-nPublic; i++) + for (int i = 0; i < M-(nPublic + nConst); i++) { mclBnG1_getStr(buff, sizeof(buff), &pk->pk1[i], 16); strcat(pk_bytes, buff); @@ -209,14 +249,21 @@ char* serialize_pk(proving_key *pk) char* serialize_vk(verifying_key *vk) { char *vk_bytes; - vk_bytes = (char *) malloc(1024 * nPublic * sizeof(char)); + vk_bytes = (char *) malloc(1024 * (nPublic + nConst) * sizeof(char)); - for (int i = 0; i < 1024 * nPublic * sizeof(char); i++) + for (int i = 0; i < 1024 * (nPublic + nConst) * sizeof(char); i++) { vk_bytes[i] = 0; } char buff[2048]; + for (int i = 0; i < nConst; i++) + { + mpz_get_str(buff, 10, vk->constants[i]); + strcat(vk_bytes, buff); + strcat(vk_bytes, "\n"); + } + mclBnGT_getStr(buff, sizeof(buff), &vk->alphabetaT, 10); strcat(vk_bytes, buff); strcat(vk_bytes, "\n"); @@ -229,7 +276,7 @@ char* serialize_vk(verifying_key *vk) strcat(vk_bytes, buff); strcat(vk_bytes, "\n"); - for (int i = 0; i < nPublic; i++) + for (int i = 0; i < (nPublic + nConst); i++) { mclBnG1_getStr(buff, sizeof(buff), &vk->vk1[i], 10); strcat(vk_bytes, buff); @@ -276,14 +323,16 @@ setup_keys read_setup(void *circuit) int n = mpz_get_ui(keys.pk.Ne); keys.pk.wMFr = (mclBnFr*) malloc((n) * sizeof(mclBnFr)); - keys.vk.vk1 = (mclBnG1*) malloc((nPublic) * sizeof(mclBnG1)); + keys.vk.vk1 = (mclBnG1*) malloc(((nPublic + nConst)) * sizeof(mclBnG1)); + keys.vk.constants = (mpz_t*) malloc(((nConst)) * sizeof(mpz_t)); keys.pk.xt1 = (mclBnG1*) malloc((n) * sizeof(mclBnG1)); keys.pk.xt1_rand = (mclBnG1*) malloc((n) * sizeof(mclBnG1)); keys.pk.A1 = (mclBnG1*) malloc((M) * sizeof(mclBnG1)); keys.pk.B1 = (mclBnG1*) malloc((M) * sizeof(mclBnG1)); - keys.pk.pk1 = (mclBnG1*) malloc((M-nPublic) * sizeof(mclBnG1)); + keys.pk.pk1 = (mclBnG1*) malloc((M-(nPublic + nConst)) * sizeof(mclBnG1)); keys.pk.B2 = (mclBnG2*) malloc((M) * sizeof(mclBnG2)); + keys.pk.LRO_constants = (mpz_t*) malloc((lro_const_total) * sizeof(mpz_t)); for (int i = 0; i < n; i++) { @@ -302,6 +351,12 @@ setup_keys read_setup(void *circuit) keys.pk.LRO[i] = atoi(buff); } + for (int i = 0; i < lro_const_total; i++) + { + fgets(buff, sizeof buff, fpk); + mpz_init_set_str(keys.pk.LRO_constants[i], buff, 16); + } + fgets(buff, sizeof buff, fpk); mclBnG1_setStr(&keys.pk.alpha1, buff, strlen(buff), 16); fgets(buff,sizeof buff, fpk); @@ -323,7 +378,7 @@ setup_keys read_setup(void *circuit) mclBnG2_setStr(&keys.pk.B2[i], buff, strlen(buff), 16); } - for (int i = 0; i < M-nPublic; i++) + for (int i = 0; i < M-(nPublic + nConst); i++) { fgets(buff,sizeof buff, fpk); mclBnG1_setStr(&keys.pk.pk1[i], buff, strlen(buff), 16); @@ -334,6 +389,12 @@ setup_keys read_setup(void *circuit) fgets(buff,sizeof buff, fpk); mclBnG1_setStr(&keys.pk.xt1[i], buff, strlen(buff), 16); } + + for (int i = 0; i < nConst; i++) + { + fgets(buff,sizeof buff, fvk); + mpz_init_set_str(keys.vk.constants[i], buff, 10); + } fgets(buff, sizeof buff, fvk); mclBnGT_setStr(&keys.vk.alphabetaT, buff, strlen(buff), 10); @@ -344,9 +405,9 @@ setup_keys read_setup(void *circuit) fgets(buff, sizeof buff, fvk); mclBnG2_setStr(&keys.vk.delta2, buff, strlen(buff), 10); - keys.vk.vk1 = (mclBnG1*) malloc((nPublic) * sizeof(mclBnG1)); + keys.vk.vk1 = (mclBnG1*) malloc(((nPublic + nConst)) * sizeof(mclBnG1)); - for (int i = 0; i < nPublic; i++) + for (int i = 0; i < (nPublic + nConst); i++) { fgets(buff, sizeof buff, fvk); mclBnG1_setStr(&keys.vk.vk1[i], buff, strlen(buff), 10); @@ -362,7 +423,9 @@ proof generate_proof(void *circuit, proving_key pk) { init_prover(circuit, pk); - uwn = 0; + wn = nPublic + nConst; + un = nConst; + constant_n = 0; for (int i = 0; i < M; i++) { mpz_init(uw[i]); @@ -375,7 +438,7 @@ proof generate_proof(void *circuit, proving_key pk) p.uwProof = (mpz_t*) malloc((nPublic) * sizeof(mpz_t)); - for (int i = 0; i < nPublic; i++) + for (int i = 0; i < (nPublic); i++) { mpz_init(p.uwProof[i]); } @@ -420,7 +483,7 @@ void store_proof(proof p) FILE *fproof; fproof = fopen("data/proof.params", "w"); - for (int i = 0; i < nPublic; i++) + for (int i = 0; i < (nPublic); i++) { mpz_out_str(fproof, 10, p.uwProof[i]); fprintf(fproof, "\n"); @@ -448,7 +511,7 @@ proof read_proof() p.uwProof = (mpz_t*) malloc((nPublic) * sizeof(mpz_t)); - for (int i = 0; i < nPublic; i++) + for (int i = 0; i < (nPublic); i++) { fgets(buff, sizeof buff, fproof); mpz_init(p.uwProof[i]); diff --git a/src/zpie.h b/src/zpie.h index b72d788..9735422 100644 --- a/src/zpie.h +++ b/src/zpie.h @@ -42,6 +42,7 @@ int Mc; static int M; int N; int nPublic; +int nConst; int setParams; mpz_t *uw;