github.com/consensys/gnark@v0.11.0/backend/groth16/bn254/mpcsetup/setup.go

github.com/consensys/gnark@v0.11.0/backend/groth16/bn254/mpcsetup/setup.go (about)

     1  // Copyright 2020 ConsenSys Software Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Code generated by gnark DO NOT EDIT
    16  
    17  package mpcsetup
    18  
    19  import (
    20  	curve "github.com/consensys/gnark-crypto/ecc/bn254"
    21  	"github.com/consensys/gnark-crypto/ecc/bn254/fr/fft"
    22  	groth16 "github.com/consensys/gnark/backend/groth16/bn254"
    23  )
    24  
    25  func ExtractKeys(srs1 *Phase1, srs2 *Phase2, evals *Phase2Evaluations, nConstraints int) (pk groth16.ProvingKey, vk groth16.VerifyingKey) {
    26  	_, _, _, g2 := curve.Generators()
    27  
    28  	// Initialize PK
    29  	pk.Domain = *fft.NewDomain(uint64(nConstraints))
    30  	pk.G1.Alpha.Set(&srs1.Parameters.G1.AlphaTau[0])
    31  	pk.G1.Beta.Set(&srs1.Parameters.G1.BetaTau[0])
    32  	pk.G1.Delta.Set(&srs2.Parameters.G1.Delta)
    33  	pk.G1.Z = srs2.Parameters.G1.Z
    34  	bitReverse(pk.G1.Z)
    35  
    36  	pk.G1.K = srs2.Parameters.G1.L
    37  	pk.G2.Beta.Set(&srs1.Parameters.G2.Beta)
    38  	pk.G2.Delta.Set(&srs2.Parameters.G2.Delta)
    39  
    40  	// Filter out infinity points
    41  	nWires := len(evals.G1.A)
    42  	pk.InfinityA = make([]bool, nWires)
    43  	A := make([]curve.G1Affine, nWires)
    44  	j := 0
    45  	for i, e := range evals.G1.A {
    46  		if e.IsInfinity() {
    47  			pk.InfinityA[i] = true
    48  			continue
    49  		}
    50  		A[j] = evals.G1.A[i]
    51  		j++
    52  	}
    53  	pk.G1.A = A[:j]
    54  	pk.NbInfinityA = uint64(nWires - j)
    55  
    56  	pk.InfinityB = make([]bool, nWires)
    57  	B := make([]curve.G1Affine, nWires)
    58  	j = 0
    59  	for i, e := range evals.G1.B {
    60  		if e.IsInfinity() {
    61  			pk.InfinityB[i] = true
    62  			continue
    63  		}
    64  		B[j] = evals.G1.B[i]
    65  		j++
    66  	}
    67  	pk.G1.B = B[:j]
    68  	pk.NbInfinityB = uint64(nWires - j)
    69  
    70  	B2 := make([]curve.G2Affine, nWires)
    71  	j = 0
    72  	for i, e := range evals.G2.B {
    73  		if e.IsInfinity() {
    74  			// pk.InfinityB[i] = true should be the same as in B
    75  			continue
    76  		}
    77  		B2[j] = evals.G2.B[i]
    78  		j++
    79  	}
    80  	pk.G2.B = B2[:j]
    81  
    82  	// Initialize VK
    83  	vk.G1.Alpha.Set(&srs1.Parameters.G1.AlphaTau[0])
    84  	vk.G1.Beta.Set(&srs1.Parameters.G1.BetaTau[0])
    85  	vk.G1.Delta.Set(&srs2.Parameters.G1.Delta)
    86  	vk.G2.Beta.Set(&srs1.Parameters.G2.Beta)
    87  	vk.G2.Delta.Set(&srs2.Parameters.G2.Delta)
    88  	vk.G2.Gamma.Set(&g2)
    89  	vk.G1.K = evals.G1.VKK
    90  
    91  	// sets e, -[δ]2, -[γ]2
    92  	if err := vk.Precompute(); err != nil {
    93  		panic(err)
    94  	}
    95  
    96  	return pk, vk
    97  }