Module humidor::ligero

source · []
Expand description

This module implements Ligero according to section 4.7 of https://dl.acm.org/doi/pdf/10.1145/3133956.3134104

Running Ligero using a witness shared with another proof system ZKP2:

  1. Create a circuit with a non-empty shared-witness range using the new_with_shared constructor.
  2. In the prover: a. Create a prover with the noninteractive::Prover constructor. b. Call the shared_mask method to retrieve the shared mask m and commit to the shared witness u and the mask using the ZKP2 commitment (sending it to the verifier). c. Run make_proof_and_shared_check using the ZKP2 commitment to (u,m) to get the proof, matrix A, and vector b. Send the proof to the verifier. d. Prove that A*u + m = b in ZKP2.
  3. In the verifier: a. Create a verifier with the noninteractive::Verifier constructor. b. Get the proof from the prover. c. Call verify_with_shared on the ZKP2 commitment to (u,m), checking whether the verifier accepts and retrieving the matrix A and the vector b. d. Verify that A*u + m = b in ZKP2.

Modules

interactive
Interactive Ligero implementation.
noninteractive
Non-interactive Ligero implementation, created by applying Fiat-Shamir to the interactive implementation.

Structs

Round0
Round 0: Prover -> Verifier
Round1
Round 1: Verifier -> Prover
Round2
Round 2: Prover -> Verifier
Round3
Round 3: Verifier -> Prover
Round4
Round 4: Prover -> Verifier

Traits

FieldForLigero
This is a marker trait consolidating the traits needed for a Ligero field. In addition, it supplies a field-size, to be used in parameter selection.

Functions

expected_proof_size
The theoretical proof size according to Section 5.3 of https://dl.acm.org/doi/pdf/10.1145/3133956.3134104