longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_BYTE_DECODER_H_
|
|
16
|
+
#define PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_BYTE_DECODER_H_
|
|
17
|
+
|
|
18
|
+
#include <stddef.h>
|
|
19
|
+
#include <stdint.h>
|
|
20
|
+
|
|
21
|
+
#include "circuits/logic/counter.h"
|
|
22
|
+
|
|
23
|
+
namespace proofs {
|
|
24
|
+
template <class Logic>
|
|
25
|
+
class CborByteDecoder2 {
|
|
26
|
+
public:
|
|
27
|
+
using CounterL = Counter<Logic>;
|
|
28
|
+
using Field = typename Logic::Field;
|
|
29
|
+
using EltW = typename Logic::EltW;
|
|
30
|
+
using CEltW = typename CounterL::CEltW;
|
|
31
|
+
using BitW = typename Logic::BitW;
|
|
32
|
+
using v8 = typename Logic::v8;
|
|
33
|
+
|
|
34
|
+
explicit CborByteDecoder2(const Logic& l) : l_(l), ctr_(l) {}
|
|
35
|
+
|
|
36
|
+
//------------------------------------------------------------
|
|
37
|
+
// Decoder (lexer)
|
|
38
|
+
//------------------------------------------------------------
|
|
39
|
+
struct decode {
|
|
40
|
+
BitW atomp;
|
|
41
|
+
BitW itemsp;
|
|
42
|
+
BitW stringp;
|
|
43
|
+
BitW arrayp;
|
|
44
|
+
BitW mapp;
|
|
45
|
+
BitW tagp;
|
|
46
|
+
BitW specialp;
|
|
47
|
+
BitW simple_specialp; // One of false, true, null, or undefined.
|
|
48
|
+
BitW count0_23;
|
|
49
|
+
BitW count24_27;
|
|
50
|
+
BitW count24;
|
|
51
|
+
BitW count25;
|
|
52
|
+
BitW count26;
|
|
53
|
+
BitW count27;
|
|
54
|
+
BitW length_plus_next_v8;
|
|
55
|
+
BitW count_is_next_v8;
|
|
56
|
+
BitW invalid;
|
|
57
|
+
CEltW length; // of this item
|
|
58
|
+
EltW as_scalar;
|
|
59
|
+
CEltW as_counter;
|
|
60
|
+
CEltW count_as_counter;
|
|
61
|
+
v8 as_bits;
|
|
62
|
+
};
|
|
63
|
+
|
|
64
|
+
// Extract whatever we can from one v8 alone, without looking
|
|
65
|
+
// at witnesses, assuming that
|
|
66
|
+
// this v8 is the start of a cbor token.
|
|
67
|
+
struct decode decode_one_v8(const v8& v) const {
|
|
68
|
+
const Logic& L = l_; // shorthand
|
|
69
|
+
struct decode s;
|
|
70
|
+
L.vassert_is_bit(v);
|
|
71
|
+
|
|
72
|
+
// v = type:3 count:5
|
|
73
|
+
auto count = L.template slice<0, 5>(v);
|
|
74
|
+
auto type = L.template slice<5, 8>(v);
|
|
75
|
+
|
|
76
|
+
s.atomp = L.veqmask(type, /*mask*/ 0b110, /*val*/ 0b000);
|
|
77
|
+
s.stringp = L.veqmask(type, /*mask*/ 0b110, /*val*/ 0b010);
|
|
78
|
+
s.itemsp = L.veqmask(type, /*mask*/ 0b110, /*val*/ 0b100);
|
|
79
|
+
|
|
80
|
+
s.specialp = L.veq(type, 7);
|
|
81
|
+
s.tagp = L.veq(type, 6);
|
|
82
|
+
s.arrayp = L.land(s.itemsp, L.lnot(type[0]));
|
|
83
|
+
s.mapp = L.land(s.itemsp, type[0]);
|
|
84
|
+
|
|
85
|
+
// count0_23 = (0 <= count < 24) = ~(count == 11xxx)
|
|
86
|
+
s.count0_23 = L.lnot(L.veqmask(count, /*mask*/ 0b11000, /*val*/ 0b11000));
|
|
87
|
+
s.count24_27 = L.veqmask(count, /*mask*/ 0b11100, /*val*/ 0b11000);
|
|
88
|
+
|
|
89
|
+
s.count24 = L.veq(count, 24);
|
|
90
|
+
s.count25 = L.veq(count, 25);
|
|
91
|
+
s.count26 = L.veq(count, 26);
|
|
92
|
+
s.count27 = L.veq(count, 27);
|
|
93
|
+
|
|
94
|
+
BitW count20_23 = L.veqmask(count, /*mask*/ 0b11100, /*val*/ 0b10100);
|
|
95
|
+
s.simple_specialp = L.land(s.specialp, count20_23);
|
|
96
|
+
|
|
97
|
+
// stringp && count24
|
|
98
|
+
s.length_plus_next_v8 =
|
|
99
|
+
L.veqmask(v, /*mask*/ 0b110'11111, /*val*/ 0b010'11000);
|
|
100
|
+
|
|
101
|
+
// itemsp && count24
|
|
102
|
+
s.count_is_next_v8 =
|
|
103
|
+
L.veqmask(v, /*mask*/ 0b110'11111, /*val*/ 0b100'11000);
|
|
104
|
+
|
|
105
|
+
BitW count0_24 = L.lor_exclusive(s.count24, s.count0_23);
|
|
106
|
+
BitW atom_or_tag = L.lor_exclusive(s.atomp, s.tagp);
|
|
107
|
+
|
|
108
|
+
// count0_24 works for all types (except invalid special)
|
|
109
|
+
// but atom_or_tag supports count <= 27
|
|
110
|
+
BitW good_count = L.lor(count0_24, L.land(atom_or_tag, s.count24_27));
|
|
111
|
+
BitW invalid_special = L.land(s.specialp, L.lnot(s.simple_specialp));
|
|
112
|
+
s.invalid = L.lor(invalid_special, L.lnot(good_count));
|
|
113
|
+
|
|
114
|
+
s.count_as_counter = ctr_.as_counter(count);
|
|
115
|
+
|
|
116
|
+
// Hack to compute the length. Unclear what the right
|
|
117
|
+
// abstraction should be.
|
|
118
|
+
|
|
119
|
+
// Compute l24_27, the length assuming count24_27
|
|
120
|
+
CEltW l1 = ctr_.as_counter(1 + 1);
|
|
121
|
+
CEltW l2 = ctr_.as_counter(1 + 2);
|
|
122
|
+
CEltW l4 = ctr_.as_counter(1 + 4);
|
|
123
|
+
CEltW l8 = ctr_.as_counter(1 + 8);
|
|
124
|
+
CEltW l24_25 = ctr_.mux(count[0], l2, l1);
|
|
125
|
+
CEltW l26_27 = ctr_.mux(count[0], l8, l4);
|
|
126
|
+
CEltW l24_27 = ctr_.mux(count[1], l26_27, l24_25);
|
|
127
|
+
|
|
128
|
+
// choose between count0_23 and count24_27
|
|
129
|
+
CEltW x1 = ctr_.as_counter(1);
|
|
130
|
+
s.length = ctr_.mux(s.count0_23, x1, l24_27);
|
|
131
|
+
|
|
132
|
+
// adjust for strings
|
|
133
|
+
BitW str_23 = L.land(s.stringp, s.count0_23);
|
|
134
|
+
CEltW adjust_if_string = ctr_.ite0(str_23, s.count_as_counter);
|
|
135
|
+
s.length = ctr_.add(s.length, adjust_if_string);
|
|
136
|
+
|
|
137
|
+
s.as_counter = ctr_.as_counter(v);
|
|
138
|
+
s.as_scalar = L.as_scalar(v);
|
|
139
|
+
s.as_bits = v;
|
|
140
|
+
|
|
141
|
+
return s;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
private:
|
|
145
|
+
const Logic& l_;
|
|
146
|
+
const CounterL ctr_;
|
|
147
|
+
};
|
|
148
|
+
} // namespace proofs
|
|
149
|
+
|
|
150
|
+
#endif // PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_BYTE_DECODER_H_
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include "circuits/cbor_parser_v2/cbor_byte_decoder.h"
|
|
16
|
+
|
|
17
|
+
#include <stddef.h>
|
|
18
|
+
|
|
19
|
+
#include "algebra/fp.h"
|
|
20
|
+
#include "circuits/logic/counter.h"
|
|
21
|
+
#include "circuits/logic/evaluation_backend.h"
|
|
22
|
+
#include "circuits/logic/logic.h"
|
|
23
|
+
#include "gf2k/gf2_128.h"
|
|
24
|
+
#include "gtest/gtest.h"
|
|
25
|
+
|
|
26
|
+
namespace proofs {
|
|
27
|
+
namespace {
|
|
28
|
+
|
|
29
|
+
template <class Field>
|
|
30
|
+
void test_decode_one_v8(const Field& F) {
|
|
31
|
+
using EvalBackend = EvaluationBackend<Field>;
|
|
32
|
+
using Logic = Logic<Field, EvalBackend>;
|
|
33
|
+
using CounterL = Counter<Logic>;
|
|
34
|
+
|
|
35
|
+
const EvalBackend ebk(F);
|
|
36
|
+
const Logic L(&ebk, F);
|
|
37
|
+
const CounterL CTR(L);
|
|
38
|
+
|
|
39
|
+
using CborBD = CborByteDecoder2<Logic>;
|
|
40
|
+
const CborBD CBORBD(L);
|
|
41
|
+
for (size_t type = 0; type < 8; ++type) {
|
|
42
|
+
for (size_t count = 0; count < 32; ++count) {
|
|
43
|
+
size_t v_as_size_t = (type << 5) | count;
|
|
44
|
+
typename Logic::v8 v = L.template vbit<8>(v_as_size_t);
|
|
45
|
+
auto ds = CBORBD.decode_one_v8(v);
|
|
46
|
+
|
|
47
|
+
bool atomp = (type == 0) || (type == 1);
|
|
48
|
+
bool stringp = (type == 2) || (type == 3);
|
|
49
|
+
bool arrayp = (type == 4);
|
|
50
|
+
bool mapp = (type == 5);
|
|
51
|
+
bool itemsp = arrayp || mapp;
|
|
52
|
+
bool tagp = (type == 6);
|
|
53
|
+
bool specialp = (type == 7);
|
|
54
|
+
bool simple_specialp = specialp && (20 <= count && count < 24);
|
|
55
|
+
bool count0_23 = (count < 24);
|
|
56
|
+
bool count24_27 = (24 <= count) && (count < 28);
|
|
57
|
+
bool count24 = (count == 24);
|
|
58
|
+
bool count25 = (count == 25);
|
|
59
|
+
bool count26 = (count == 26);
|
|
60
|
+
bool count27 = (count == 27);
|
|
61
|
+
|
|
62
|
+
bool length_plus_next_v8 = false;
|
|
63
|
+
bool count_is_next_v8 = false;
|
|
64
|
+
bool invalid = false;
|
|
65
|
+
size_t length = ~0; // bogus
|
|
66
|
+
size_t count_as_counter = count;
|
|
67
|
+
if (atomp || tagp) {
|
|
68
|
+
if (count0_23) {
|
|
69
|
+
length = 1;
|
|
70
|
+
} else if (count24) {
|
|
71
|
+
length = 1 + 1;
|
|
72
|
+
} else if (count25) {
|
|
73
|
+
length = 1 + 2;
|
|
74
|
+
} else if (count26) {
|
|
75
|
+
length = 1 + 4;
|
|
76
|
+
} else if (count27) {
|
|
77
|
+
length = 1 + 8;
|
|
78
|
+
} else {
|
|
79
|
+
invalid = true;
|
|
80
|
+
}
|
|
81
|
+
} else if (itemsp) {
|
|
82
|
+
if (count0_23) {
|
|
83
|
+
length = 1;
|
|
84
|
+
} else if (count24) {
|
|
85
|
+
length = 2;
|
|
86
|
+
count_is_next_v8 = true;
|
|
87
|
+
} else {
|
|
88
|
+
invalid = true;
|
|
89
|
+
}
|
|
90
|
+
} else if (stringp) {
|
|
91
|
+
if (count0_23) {
|
|
92
|
+
length = 1 + count;
|
|
93
|
+
} else if (count24) {
|
|
94
|
+
length = 2;
|
|
95
|
+
length_plus_next_v8 = true;
|
|
96
|
+
} else {
|
|
97
|
+
invalid = true;
|
|
98
|
+
}
|
|
99
|
+
} else if (simple_specialp) {
|
|
100
|
+
length = 1;
|
|
101
|
+
} else {
|
|
102
|
+
invalid = true;
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
EXPECT_EQ(L.eval(ds.atomp), L.eval(L.bit(atomp)));
|
|
106
|
+
EXPECT_EQ(L.eval(ds.itemsp), L.eval(L.bit(itemsp)));
|
|
107
|
+
EXPECT_EQ(L.eval(ds.stringp), L.eval(L.bit(stringp)));
|
|
108
|
+
EXPECT_EQ(L.eval(ds.arrayp), L.eval(L.bit(arrayp)));
|
|
109
|
+
EXPECT_EQ(L.eval(ds.mapp), L.eval(L.bit(mapp)));
|
|
110
|
+
EXPECT_EQ(L.eval(ds.tagp), L.eval(L.bit(tagp)));
|
|
111
|
+
EXPECT_EQ(L.eval(ds.specialp), L.eval(L.bit(specialp)));
|
|
112
|
+
EXPECT_EQ(L.eval(ds.simple_specialp), L.eval(L.bit(simple_specialp)));
|
|
113
|
+
|
|
114
|
+
EXPECT_EQ(L.eval(ds.count0_23), L.eval(L.bit(count0_23)));
|
|
115
|
+
EXPECT_EQ(L.eval(ds.count24_27), L.eval(L.bit(count24_27)));
|
|
116
|
+
EXPECT_EQ(L.eval(ds.count24), L.eval(L.bit(count24)));
|
|
117
|
+
EXPECT_EQ(L.eval(ds.count25), L.eval(L.bit(count25)));
|
|
118
|
+
EXPECT_EQ(L.eval(ds.count26), L.eval(L.bit(count26)));
|
|
119
|
+
EXPECT_EQ(L.eval(ds.count27), L.eval(L.bit(count27)));
|
|
120
|
+
EXPECT_EQ(L.eval(ds.length_plus_next_v8),
|
|
121
|
+
L.eval(L.bit(length_plus_next_v8)));
|
|
122
|
+
EXPECT_EQ(L.eval(ds.count_is_next_v8), L.eval(L.bit(count_is_next_v8)));
|
|
123
|
+
EXPECT_EQ(L.eval(ds.invalid), L.eval(L.bit(invalid)));
|
|
124
|
+
|
|
125
|
+
if (!invalid) {
|
|
126
|
+
// the length is don't care unless valid
|
|
127
|
+
EXPECT_EQ(ds.length.e, CTR.as_counter(length).e);
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
EXPECT_EQ(ds.count_as_counter.e, CTR.as_counter(count_as_counter).e);
|
|
131
|
+
EXPECT_EQ(ds.as_counter.e, CTR.as_counter(v_as_size_t).e);
|
|
132
|
+
EXPECT_EQ(ds.as_scalar, L.konst(v_as_size_t));
|
|
133
|
+
for (size_t k = 0; k < 8; ++k) {
|
|
134
|
+
EXPECT_EQ(L.eval(ds.as_bits[k]), L.eval(L.bit((v_as_size_t >> k) & 1)));
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
TEST(CborByteDecoder, PrimeField) {
|
|
141
|
+
test_decode_one_v8(Fp<1>("18446744073709551557"));
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
TEST(CborByteDecoder, BinaryField) { test_decode_one_v8(GF2_128<>()); }
|
|
145
|
+
|
|
146
|
+
} // namespace
|
|
147
|
+
} // namespace proofs
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_CONSTANTS_H_
|
|
16
|
+
#define PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_CONSTANTS_H_
|
|
17
|
+
|
|
18
|
+
#include <stddef.h>
|
|
19
|
+
|
|
20
|
+
namespace proofs {
|
|
21
|
+
struct CborConstants {
|
|
22
|
+
static constexpr size_t kNCounters = 4;
|
|
23
|
+
static constexpr size_t kIndexBits = 12;
|
|
24
|
+
};
|
|
25
|
+
} // namespace proofs
|
|
26
|
+
|
|
27
|
+
#endif // PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_CONSTANTS_H_
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_TESTING_H_
|
|
16
|
+
#define PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_TESTING_H_
|
|
17
|
+
|
|
18
|
+
#include <stddef.h>
|
|
19
|
+
|
|
20
|
+
#include "circuits/cbor_parser_v2/cbor.h"
|
|
21
|
+
#include "circuits/cbor_parser_v2/cbor_constants.h"
|
|
22
|
+
#include "circuits/cbor_parser_v2/cbor_witness.h"
|
|
23
|
+
#include "circuits/logic/counter.h"
|
|
24
|
+
#include "circuits/logic/evaluation_backend.h"
|
|
25
|
+
#include "circuits/logic/logic.h"
|
|
26
|
+
|
|
27
|
+
// The purpose of this class is to convert the witnesses from Elt to
|
|
28
|
+
// EltW.
|
|
29
|
+
//
|
|
30
|
+
// Why?
|
|
31
|
+
//
|
|
32
|
+
// We want EltW in the evaluation backend to be a distinct type from
|
|
33
|
+
// Elt. They are really the same thing, but we want to be able to
|
|
34
|
+
// instantiate circuits in the compiler backend as well, and thus
|
|
35
|
+
// circuits ought not to rely on the fact that EvaluationBackend::EltW
|
|
36
|
+
// is really an Elt in disguise.
|
|
37
|
+
// Consequently, tests in the evaluation backend must accept EltW.
|
|
38
|
+
//
|
|
39
|
+
// The witness generator must produce Elt, otherwise this forces the
|
|
40
|
+
// inclusion of Logic in the app. We don't like that because Logic
|
|
41
|
+
// is just a set of helpers to generate circuits, and the final app
|
|
42
|
+
// is not supposed to generate circuits (since circuits are part of the
|
|
43
|
+
// prover<->verifier API and so they must be set in stone in advance.)
|
|
44
|
+
//
|
|
45
|
+
// So this class is the price to be paid to maintain this typing
|
|
46
|
+
// hygiene. Time will tell whether it was worth it.
|
|
47
|
+
|
|
48
|
+
namespace proofs {
|
|
49
|
+
|
|
50
|
+
template <class Field>
|
|
51
|
+
class CborTesting {
|
|
52
|
+
using EvalBackend = EvaluationBackend<Field>;
|
|
53
|
+
using LogicF = Logic<Field, EvalBackend>;
|
|
54
|
+
using EltW = typename LogicF::EltW;
|
|
55
|
+
using BitW = typename LogicF::BitW;
|
|
56
|
+
using CborL = Cbor<LogicF>;
|
|
57
|
+
using CborWitnessF = CborWitness<Field>;
|
|
58
|
+
|
|
59
|
+
public:
|
|
60
|
+
explicit CborTesting(const Field& F) : f_(F) {}
|
|
61
|
+
|
|
62
|
+
void convert_witnesses(
|
|
63
|
+
size_t n, typename CborL::v8 in[/*n*/],
|
|
64
|
+
typename CborL::position_witness pw[/*n*/],
|
|
65
|
+
const typename CborWitnessF::v8 inS[/*n*/],
|
|
66
|
+
const typename CborWitnessF::position_witness pwS[/*n*/]) const {
|
|
67
|
+
const EvalBackend ebk(f_);
|
|
68
|
+
const LogicF L(&ebk, f_);
|
|
69
|
+
const Counter<LogicF> CTR(L);
|
|
70
|
+
|
|
71
|
+
for (size_t i = 0; i < n; ++i) {
|
|
72
|
+
for (size_t j = 0; j < 8; ++j) {
|
|
73
|
+
in[i][j] = BitW(L.konst(inS[i][j]), f_);
|
|
74
|
+
}
|
|
75
|
+
pw[i].encoded_header = L.konst(pwS[i].encoded_header);
|
|
76
|
+
pw[i].encoded_sel = L.konst(pwS[i].encoded_sel);
|
|
77
|
+
pw[i].slen_next = CTR.as_counter(pwS[i].slen_next);
|
|
78
|
+
for (size_t j = 0; j < CborWitnessF::kNCounters; ++j) {
|
|
79
|
+
pw[i].cc_next[j] = CTR.as_counter(pwS[i].cc_next[j]);
|
|
80
|
+
}
|
|
81
|
+
pw[i].invprod_decode = L.konst(pwS[i].invprod_decode);
|
|
82
|
+
pw[i].invprod_parse = L.konst(pwS[i].invprod_parse);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
// Return an index that can be fed to a circuit in the
|
|
87
|
+
// evaluation backend (i.e., a bit vector).
|
|
88
|
+
typename CborL::vindex index(size_t j) const {
|
|
89
|
+
const EvalBackend ebk(f_);
|
|
90
|
+
const LogicF L(&ebk, f_);
|
|
91
|
+
return L.template vbit<CborConstants::kIndexBits>(j);
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
private:
|
|
95
|
+
const Field& f_;
|
|
96
|
+
};
|
|
97
|
+
} // namespace proofs
|
|
98
|
+
|
|
99
|
+
#endif // PRIVACY_PROOFS_ZK_LIB_CIRCUITS_CBOR_PARSER_V2_CBOR_TESTING_H_
|