Struct bulletproofs::r1cs::Prover

pub struct Prover<'t, 'g> { /* fields omitted */ }

A ConstraintSystem implementation for use by the prover.

The prover commits high-level variables and their blinding factors (v, v_blinding), allocates low-level variables and creates constraints in terms of these high-level variables and low-level variables.

When all constraints are added, the proving code calls prove which consumes the Prover instance, samples random challenges that instantiate the randomized constraints, and creates a complete proof.

Methods

impl<'t, 'g> Prover<'t, 'g>

pub fn new(pc_gens: &'g PedersenGens, transcript: &'t mut Transcript) -> Self

Construct an empty constraint system with specified external input variables.

Inputs

The bp_gens and pc_gens are generators for Bulletproofs and for the Pedersen commitments, respectively. The BulletproofGens should have gens_capacity greater than the number of multiplication constraints that will eventually be added into the constraint system.

The transcript parameter is a Merlin proof transcript. The ProverCS holds onto the &mut Transcript until it consumes itself during [ProverCS::prove], releasing its borrow of the transcript. This ensures that the transcript cannot be altered except by the ProverCS before proving is complete.

Returns

Returns a new Prover instance.

pub fn commit(
    &mut self,
    v: Scalar,
    v_blinding: Scalar
) -> (CompressedRistretto, Variable)

Creates commitment to a high-level variable and adds it to the transcript.

Inputs

The v and v_blinding parameters are openings to the commitment to the external variable for the constraint system. Passing the opening (the value together with the blinding factor) makes it possible to reference pre-existing commitments in the constraint system. All external variables must be passed up-front, so that challenges produced by [ConstraintSystem::challenge_scalar] are bound to the external variables.

Returns

Returns a pair of a Pedersen commitment (as a compressed Ristretto point), and a Variable corresponding to it, which can be used to form constraints.

pub fn prove(self, bp_gens: &BulletproofGens) -> Result<R1CSProof, R1CSError>

Consume this ConstraintSystem to produce a proof.

Trait Implementations

impl<'t, 'g> ConstraintSystem for Prover<'t, 'g>

fn transcript(&mut self) -> &mut Transcript

Leases the proof transcript to the user, so they can add extra data to which the proof must be bound, but which is not available before creation of the constraint system.

fn multiply(
    &mut self,
    left: LinearCombination,
    right: LinearCombination
) -> (Variable, Variable, Variable)

Allocate and constrain multiplication variables.

fn allocate(
    &mut self,
    assignment: Option<Scalar>
) -> Result<Variable, R1CSError>

Allocate a single variable.

fn allocate_multiplier(
    &mut self,
    input_assignments: Option<(Scalar, Scalar)>
) -> Result<(Variable, Variable, Variable), R1CSError>

Allocate variables left, right, and out with the implicit constraint that text left * right = out

fn constrain(&mut self, lc: LinearCombination)

Enforce the explicit constraint that text lc = 0

impl<'t, 'g> Drop for Prover<'t, 'g>

Overwrite secrets with null bytes when they go out of scope.

fn drop(&mut self)

Executes the destructor for this type.

impl<'t, 'g> RandomizableConstraintSystem for Prover<'t, 'g>

type RandomizedCS = RandomizingProver<'t, 'g>

Represents a concrete type for the CS in a randomization phase.

fn specify_randomized_constraints<F>(
    &mut self,
    callback: F
) -> Result<(), R1CSError> where
    F: 'static + Fn(&mut Self::RandomizedCS) -> Result<(), R1CSError>, 

Specify additional variables and constraints randomized using a challenge scalar bound to the assignments of the non-randomized variables.