-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmimc_snark.cpp
111 lines (75 loc) · 2.09 KB
/
mimc_snark.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#ifndef MIMC_SNARK_CPP
#define MIMC_SNARK_CPP
/*
// generates round constants over F_{2^n}
*/
void generate_mimc_roundconst(std::vector< NTL::GF2E > &roundconst,
int blocksize, int numround)
{
for(int i = 0;i < numround;i++) {
NTL::GF2X tmp;
NTL::GF2E c;
for(int j = 0;j < blocksize;j++) {
NTL::SetCoeff(tmp, (long)j, (NTL::GF2)getrandbit());
}
NTL::conv(c, tmp); //conv to GF2E from GF2X
roundconst.emplace_back(c);
}
}
/*
// generates round constants over F_p
*/
void generate_mimc_roundconst_gfp(std::vector< NTL::ZZ_p > &roundconst,
int numround)
{
for(int i = 0;i < numround;i++) {
NTL::ZZ_p rc = NTL::random_ZZ_p();
roundconst.emplace_back(rc);
}
}
template<typename field_t>
mimc_em_snark<field_t>::mimc_em_snark():
xorCount(0), multCount(0)
{
}
template<typename field_t>
void mimc_em_snark<field_t>::generate_r1_constraint()
{
index_t var_index = 1;
for(int jround = 0;jround < num_round;jround++) {
linear_term< field_t > x0(0, roundConst[jround]);
linear_term < field_t > x1(var_index, (field_t) 1 );
linear_term < field_t > y(var_index+1, (field_t) 1 );
linear_term < field_t > z(var_index+2, (field_t) 1 );
linear_combination< field_t > A(x0 + x1);
linear_combination< field_t > B(A), C(y);
//std::cout<<x1<<"\n";
constraint<field_t> constr(A, B, C);
mimc_constr_wit.add_constraint(constr);
A.reset(C);
C.clear();
C.add_term(z);
constr.reset_constraint(A, B, C);
mimc_constr_wit.add_constraint(constr);
var_index += 2;
}
//mimc_constr_wit.print_constraints();
}
template<typename field_t>
void mimc_em_snark<field_t>::generate_witness(field_t xval)
{
//index_t var_index = 1;
mimc_constr_wit.add_witness(xval);
for(int jround = 0;jround < num_round;jround++) {
field_t temp = xval + roundConst[jround];
xorCount++;
field_t yval = temp*temp;
multCount++;
mimc_constr_wit.add_witness(yval);
temp = temp*yval;
multCount++;
mimc_constr_wit.add_witness(temp);
xval = temp;
}
}
#endif