clearmatics · dtebbs · Sep 16, 2022 · Jul 21, 2022 · Aug 16, 2022 · Aug 17, 2022
diff --git a/libsnark/CMakeLists.txt b/libsnark/CMakeLists.txt
@@ -200,7 +200,7 @@ if ("${IS_LIBSNARK_PARENT}")
   libsnark_test(test_r1cs_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_r1cs_gg_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_gg_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_kzg10_verifier_gadget gadgetlib1/tests/test_kzg10_verifier_gadget.cpp)
-  libsnark_test(test_plonk zk_proof_systems/plonk/tests/test_plonk.cpp)
+  libsnark_test(test_plonk zk_proof_systems/plonk/tests/example.cpp zk_proof_systems/plonk/tests/bls12_381_test_vector_transcript_hasher.cpp zk_proof_systems/plonk/tests/test_plonk.cpp)
 
   # TODO (howardwu): Resolve runtime on targets:
   # libsnark_test(gadgetlib1_fooram_test gadgetlib1/gadgets/cpu_checkers/foora# m/examples/test_fooram.cpp)

diff --git a/libsnark/transcript_hasher/transcript_hasher.hpp b/libsnark/transcript_hasher/transcript_hasher.hpp
@@ -0,0 +1,32 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_TRANSCRIPT_HASHER_TRANSCRIPT_HASHER_HPP_
+#define LIBSNARK_TRANSCRIPT_HASHER_TRANSCRIPT_HASHER_HPP_
+
+// // interface for a common transcript_hasher class used to implement
+// // functionality for hashing the communication transcript in ZK proof
+// // systems under ./zk_proof_systems
+// template<typename ppT> class transcript_hasher
+// {
+// public:
+//     transcript_hasher();
+//
+//     // add an Fr element to the transcript buffer for hashing
+//     void add_element(const libff::Fr<ppT> &element);
+//     // add the coordinates of a G1 curve point to the transcript buffer for
+//     // hashing
+//     void add_element(const libff::G1<ppT> &element);
+//     // add the coordinates of a G2 curve point to the transcript buffer for
+//     // hashing
+//     void add_element(const libff::G2<ppT> &element);
+//     // return the hash value of the communication transcript
+//     libff::Fr<ppT> get_hash();
+// };
+
+#endif // LIBSNARK_ZK_PROOF_SYSTEMS_PLONK_SRS_HPP_
diff --git a/libsnark/zk_proof_systems/plonk/circuit.hpp b/libsnark/zk_proof_systems/plonk/circuit.hpp
@@ -11,6 +11,8 @@
 
 #include "libsnark/zk_proof_systems/plonk/utils.hpp"
 
+#include <libff/algebra/curves/public_params.hpp>
+
 /// Declaration of Common Preprocessed Input data structures for a
 /// specific arithmetic circuit.
 ///

diff --git a/libsnark/zk_proof_systems/plonk/circuit.tcc b/libsnark/zk_proof_systems/plonk/circuit.tcc
@@ -9,16 +9,15 @@
 #ifndef LIBSNARK_ZK_PROOF_SYSTEMS_PLONK_CIRCUIT_TCC_
 #define LIBSNARK_ZK_PROOF_SYSTEMS_PLONK_CIRCUIT_TCC_
 
-/// Implementation of Common Preprocessed Input interfaces for a
-/// ppzkSNARK for Plonk. See circuit.hpp .
+// Implementation of Common Preprocessed Input interfaces for a
+// ppzkSNARK for Plonk. See circuit.hpp .
 
 namespace libsnark
 {
 
 // TODO: add here function for describing the target circuit through
 // the circuit_t structure
 
-/// stuct constructor
 template<typename ppT>
 circuit_t<ppT>::circuit_t(
     size_t num_gates,

diff --git a/libsnark/zk_proof_systems/plonk/prover.hpp b/libsnark/zk_proof_systems/plonk/prover.hpp
@@ -97,7 +97,6 @@ template<typename ppT> struct round_zero_out_t {
     /// - neg_one_poly: -1 polynomial (from round 0)
     polynomial<libff::Fr<ppT>> neg_one_poly;
 
-    /// stuct constructor
     round_zero_out_t(
         const std::vector<libff::Fr<ppT>> &&zh_poly,
         const polynomial<libff::Fr<ppT>> &&null_poly,
@@ -119,7 +118,6 @@ template<typename ppT> struct round_one_out_t {
     ///   [GWC19]
     std::vector<libff::G1<ppT>> W_polys_blinded_at_secret_g1;
 
-    /// stuct constructor
     round_one_out_t(
         const std::vector<polynomial<libff::Fr<ppT>>> &&W_polys,
         const std::vector<std::vector<libff::Fr<ppT>>> &&W_polys_blinded,
@@ -136,7 +134,6 @@ template<typename ppT> struct round_two_out_t {
     /// secret
     libff::G1<ppT> z_poly_at_secret_g1;
 
-    /// stuct constructor
     round_two_out_t(
         polynomial<libff::Fr<ppT>> &&z_poly,
         libff::G1<ppT> &&z_poly_at_secret_g1);
@@ -160,7 +157,6 @@ template<typename ppT> struct round_three_out_t {
     ///   i.e. t(zeta)
     std::vector<libff::G1<ppT>> t_poly_at_secret_g1;
 
-    /// stuct constructor
     round_three_out_t(
         std::vector<libff::Fr<ppT>> &&z_poly_xomega,
         std::vector<polynomial<libff::Fr<ppT>>> &&t_poly,
@@ -195,7 +191,7 @@ template<typename ppT> struct round_four_out_t {
     ///   same in order to match the test vectors. TODO can remove t_zeta
     ///   in the future
     libff::Fr<ppT> t_zeta;
-    /// stuct constructor
+
     round_four_out_t(
         libff::Fr<ppT> &&a_zeta,
         libff::Fr<ppT> &&b_zeta,
@@ -221,15 +217,15 @@ template<typename ppT> struct round_five_out_t {
     ///   W_{zeta omega}(x) at secert input i.e. [W_{zeta omega}(secret)]_1
     libff::G1<ppT> W_zeta_omega_at_secret;
 
-    /// struct constructor
     round_five_out_t(
         libff::Fr<ppT> &&r_zeta,
         libff::G1<ppT> &&W_zeta_at_secret,
         libff::G1<ppT> &&W_zeta_omega_at_secret);
 };
 
 /// Plonk prover. Computes object of class plonk_proof.
-template<typename ppT> class plonk_prover
+template<typename ppT, class transcript_hasher> class plonk_prover
+// template<typename ppT> class plonk_prover
 {
     using Field = libff::Fr<ppT>;
 
@@ -269,11 +265,15 @@ template<typename ppT> class plonk_prover
     /// \param[out] W_polys_blinded_at_secret_g1: the blinded witness
     ///             polynomials evaluated at the secret input denoted
     ///             [a]_1, [b]_1, [c]_1 in [GWC19]
+    /// \param[out] transcript_hasher: accumulates the communication
+    ///             transcript into a buffer to be hashed after prover
+    ///             rounds 1,2,3,4,5 (cf. fiat-shamir heuristic).
     static round_one_out_t<ppT> round_one(
         const round_zero_out_t<ppT> &round_zero_out,
         const std::vector<libff::Fr<ppT>> &blind_scalars,
         const std::vector<libff::Fr<ppT>> &witness,
-        const srs<ppT> &srs);
+        const srs<ppT> &srs,
+        transcript_hasher &hasher);
 
     /// Prover Round 2
     ///
@@ -289,13 +289,17 @@ template<typename ppT> class plonk_prover
     /// \param[out] z_poly: blinded accumulator poly z(x)
     /// \param[out] z_poly_at_secret_g1: blinded accumulator poly z(x)
     ///             evaluated at secret
+    /// \param[out] transcript_hasher: accumulates the communication
+    ///             transcript into a buffer to be hashed after prover
+    ///             rounds 1,2,3,4,5 (cf. fiat-shamir heuristic).
     static round_two_out_t<ppT> round_two(
         const libff::Fr<ppT> &beta,
         const libff::Fr<ppT> &gamma,
         const round_zero_out_t<ppT> &round_zero_out,
         const std::vector<libff::Fr<ppT>> blind_scalars,
         const std::vector<libff::Fr<ppT>> &witness,
-        const srs<ppT> &srs);
+        const srs<ppT> &srs,
+        transcript_hasher &hasher);
 
     /// Prover Round 3
     ///
@@ -318,14 +322,18 @@ template<typename ppT> class plonk_prover
     ///             input zeta i.e. t(zeta)
     /// \param[out] z_poly_xomega: the polynomial z(x*w) i.e. z(x) shifted
     ///             by w
+    /// \param[out] transcript_hasher: accumulates the communication
+    ///             transcript into a buffer to be hashed after prover
+    ///             rounds 1,2,3,4,5 (cf. fiat-shamir heuristic).
     static round_three_out_t<ppT> round_three(
         const libff::Fr<ppT> &alpha,
         const libff::Fr<ppT> &beta,
         const libff::Fr<ppT> &gamma,
         const round_zero_out_t<ppT> &round_zero_out,
         const round_one_out_t<ppT> &round_one_out,
         const round_two_out_t<ppT> &round_two_out,
-        const srs<ppT> &srs);
+        const srs<ppT> &srs,
+        transcript_hasher &hasher);
 
     /// Prover Round 4
     ///
@@ -358,11 +366,15 @@ template<typename ppT> class plonk_prover
     ///             Python reference implementation does, so we do the
     ///             same in order to match the test vectors. TODO can
     ///             remove t_zeta in the future
+    /// \param[out] transcript_hasher: accumulates the communication
+    ///             transcript into a buffer to be hashed after prover
+    ///             rounds 1,2,3,4,5 (cf. fiat-shamir heuristic).
     static round_four_out_t<ppT> round_four(
         const libff::Fr<ppT> &zeta,
         const round_one_out_t<ppT> &round_one_out,
         const round_three_out_t<ppT> &round_three_out,
-        const srs<ppT> &srs);
+        const srs<ppT> &srs,
+        transcript_hasher &hasher);
 
     /// Prover Round 5
     ///
@@ -408,6 +420,9 @@ template<typename ppT> class plonk_prover
     /// \param[out] W_zeta_omega_at_secret: commitment to opening proof
     ///             polynomial W_{zeta omega}(x) at secert input
     ///             i.e. [W_{zeta omega}(secret)]_1
+    /// \param[out] transcript_hasher: accumulates the communication
+    ///             transcript into a buffer to be hashed after prover
+    ///             rounds 1,2,3,4,5 (cf. fiat-shamir heuristic).
     static round_five_out_t<ppT> round_five(
         const libff::Fr<ppT> &alpha,
         const libff::Fr<ppT> &beta,
@@ -419,7 +434,8 @@ template<typename ppT> class plonk_prover
         const round_two_out_t<ppT> &round_two_out,
         const round_three_out_t<ppT> &round_three_out,
         const round_four_out_t<ppT> &round_four_out,
-        const srs<ppT> &srs);
+        const srs<ppT> &srs,
+        transcript_hasher &hasher);
 
     /// Prover compute SNARK proof
     ///
@@ -461,23 +477,16 @@ template<typename ppT> class plonk_prover
     /// \param[in] blind_scalars: random blinding scalars b1, b2, ..., b9
     ///            used in prover rounds 1 and 2 (see Sect. 8.3, roumds
     ///            1,2 [GWC19])
-    /// \param[in] transcript_hash: hashes of the communication transcript
-    ///            after prover rounds 1,2,3,4,5. TODO: \attention
-    ///            currently the structure is used as an input initialized
-    ///            with hard-coded example values for debug purposes. In
-    ///            the long run it should be modified to be used as an
-    ///            output. More specifically, the hard-coded values should
-    ///            be overwritten with the actual transcript hashes
-    ///            produced after the respective rounds within \ref
-    ///            compute_proof
+    /// \param[in] transcript_hasher: hashes of the communication
+    ///            transcript after prover rounds 1,2,3,4,5.
     ///
     /// OUTPUT
     /// \param[out] proof: SNARK proof Pi (see above)
     static plonk_proof<ppT> compute_proof(
         const srs<ppT> &srs,
         const std::vector<Field> &witness,
         const std::vector<libff::Fr<ppT>> &blind_scalars,
-        transcript_hash_t<ppT> &transcript_hash);
+        transcript_hasher &hasher);
 };
 
 } // namespace libsnark