Browse Source

Support MNT4 and MNT6 in addition to BN128

Ian Goldberg 4 years ago
parent
commit
b53ab3ed4a
10 changed files with 152 additions and 81 deletions
  1. 2 1
      README.md
  2. 132 63
      ecgadget.hpp
  3. 6 0
      libsnark_headers.hpp
  4. 8 7
      pedersen.cpp
  5. 0 5
      pedersen.hpp
  6. 1 0
      ratchetcommit.cpp
  7. 1 0
      scalarmul.cpp
  8. 0 5
      scalarmul.hpp
  9. 1 0
      varscalarmul.cpp
  10. 1 0
      verifenc.cpp

+ 2 - 1
README.md

@@ -1,6 +1,6 @@
 # zkSNARK for a Pedersen commitment
 
-*Ian Goldberg (iang@uwaterloo.ca), updated January 2020*
+*Ian Goldberg (iang@uwaterloo.ca), updated March 2020*
 
 I spent a day learning how to use [libsnark](https://github.com/scipr-lab/libsnark), and thought an interesting first project would be to create a zkSNARK for knowledge of a preimage for a Pedersen commitment.  I spent another day reimplementing it with a better scalar multiplication algorithm.  A few months later, I did a little more work on the algorithm, further reducing the cost of scalar multiplication (with a constant base point) to 3 constraints per bit, and implementing new features like scalar multiplication of non-constant points.
 
@@ -14,6 +14,7 @@ C(2,4950745124018817972378217179409499695353526031437053848725554590521829916331
 A(4,1929778687269876629657252589535788315400602403700102541701561325064015752665).
 
 If you switch to a different underlying curve for the zkSNARKs than BN128, you will need to find a new E and new generators, and change the precomputed values in [ecgadget.hpp](ecgadget.hpp) to match.
+(Update 30 March 2020: MNT4 and MNT6 are now also supported.)
 
 The code produces a zkSNARK for the statment "I know values _a_ and _b_ such that _a_*G + _b_*H equals the given Pedersen commitment P."
 

+ 132 - 63
ecgadget.hpp

@@ -13,6 +13,93 @@ using namespace libsnark;
 //   _private variables_ are values known only to the prover
 //       and change in each use of the circuit
 
+// The elliptic curve we're operating on must have a _modulus_ that is
+// the same as the _order_ of the underlying SNARK curve (BN128, MNT4,
+// etc.).  So we need to be able to specify a suitable curve and
+// generators for each such underlying SNARK curve.
+template<typename FieldT>
+struct curveParams {
+    // Some generators
+    static FieldT Gx, Gy, Hx, Hy, Cx, Cy, Ax, Ay;
+};
+
+typedef libff::Fr<libff::bn128_pp> BN128Fr;
+typedef curveParams<BN128Fr> BN128Params;
+typedef libff::Fr<libff::mnt4_pp> MNT4Fr;
+typedef curveParams<MNT4Fr> MNT4Params;
+typedef libff::Fr<libff::mnt6_pp> MNT6Fr;
+typedef curveParams<MNT6Fr> MNT6Params;
+
+void init_curveparams(void) {
+    // BN128 has order 21888242871839275222246405745257275088548364400416034343698204186575808495617.
+    // The curve we use has that number as a modulus, equation
+    // y^2 = x^3 - 3*x + 7950939520449436327800262930799465135910802758673292356620796789196167463969,
+    // order 21888242871839275222246405745257275088760161411100494528458776273921456643749,
+    // and twist order 21888242871839275222246405745257275088336567389731574158937632099230160347487
+    BN128Params::Gx = BN128Fr(0);
+    BN128Params::Gy = BN128Fr("11977228949870389393715360594190192321220966033310912010610740966317727761886");
+    BN128Params::Hx = BN128Fr(1);
+    BN128Params::Hy = BN128Fr("21803877843449984883423225223478944275188924769286999517937427649571474907279");
+    BN128Params::Cx = BN128Fr(2);
+    BN128Params::Cy = BN128Fr("4950745124018817972378217179409499695353526031437053848725554590521829916331");
+    BN128Params::Ax = BN128Fr(4);
+    BN128Params::Ay = BN128Fr("1929778687269876629657252589535788315400602403700102541701561325064015752665");
+
+    // MNT4 has order 475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137.
+    // The curve we use has that number as a modulus, equation
+    // y^2 = x^3 - 3*x + 231167148323223259519222248276530122498019837271767399092881541755570759528915690054257617,
+    // order 475922286169261325753349249653048451545124877609388602970058907680650183700694415633043899,
+    // and twist order 475922286169261325753349249653048451545124879496258428136476563797679110914122565486882377
+    MNT4Params::Gx = MNT4Fr(0);
+    MNT4Params::Gy = MNT4Fr("69340010096176642671075936244233205591761175107929619077175443746098492155210682688004000");
+    MNT4Params::Hx = MNT4Fr(4);
+    MNT4Params::Hy = MNT4Fr("89962085395108430328776481330922276788164520703635405311225917405228387147951802989614963");
+    MNT4Params::Cx = MNT4Fr(5);
+    MNT4Params::Cy = MNT4Fr("52902001285898935334481582927659505082867000922458881015269230130767369971501119682509581");
+    MNT4Params::Ax = MNT4Fr(13);
+    MNT4Params::Ay = MNT4Fr("121053423448209007180763047755032137130187089528003831161099799540651189694573076331882906");
+
+    // MNT6 has order 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081
+    // The curve we use has that number as a modulus, equation
+    // y^2 = x^3 - 3*x + 24546313041565681523715355676371506472020535518551005057500340479469011985449670363024622,
+    // order 475922286169261325753349249653048451545124878803858277348714592806990498327174348276061263,
+    // and twist order 475922286169261325753349249653048451545124879681531173442395664345430027308737252691454901
+    MNT6Params::Gx = MNT6Fr(6);
+    MNT6Params::Gy = MNT6Fr("24197108752891306593933912637919640614809244712814357996916386860820196450211056738894088");
+    MNT6Params::Hx = MNT6Fr(7);
+    MNT6Params::Hy = MNT6Fr("38986684752414230937697051240187730249331222579878762386361563720275249449300503095108315");
+    MNT6Params::Cx = MNT6Fr(10);
+    MNT6Params::Cy = MNT6Fr("16456076723096839034614236624058053946787958080849874304391400047777491942015349039526487");
+    MNT6Params::Ax = MNT6Fr(15);
+    MNT6Params::Ay = MNT6Fr("217167731603808417993030053532106278784760282438477394477321645018696010454906317296597425");
+}
+
+// These need to be here for the linker to work
+template<> BN128Fr BN128Params::Gx = 0;
+template<> BN128Fr BN128Params::Gy = 0;
+template<> BN128Fr BN128Params::Hx = 0;
+template<> BN128Fr BN128Params::Hy = 0;
+template<> BN128Fr BN128Params::Cx = 0;
+template<> BN128Fr BN128Params::Cy = 0;
+template<> BN128Fr BN128Params::Ax = 0;
+template<> BN128Fr BN128Params::Ay = 0;
+template<> MNT4Fr MNT4Params::Gx = 0;
+template<> MNT4Fr MNT4Params::Gy = 0;
+template<> MNT4Fr MNT4Params::Hx = 0;
+template<> MNT4Fr MNT4Params::Hy = 0;
+template<> MNT4Fr MNT4Params::Cx = 0;
+template<> MNT4Fr MNT4Params::Cy = 0;
+template<> MNT4Fr MNT4Params::Ax = 0;
+template<> MNT4Fr MNT4Params::Ay = 0;
+template<> MNT6Fr MNT6Params::Gx = 0;
+template<> MNT6Fr MNT6Params::Gy = 0;
+template<> MNT6Fr MNT6Params::Hx = 0;
+template<> MNT6Fr MNT6Params::Hy = 0;
+template<> MNT6Fr MNT6Params::Cx = 0;
+template<> MNT6Fr MNT6Params::Cy = 0;
+template<> MNT6Fr MNT6Params::Ax = 0;
+template<> MNT6Fr MNT6Params::Ay = 0;
+
 // Double a constant EC point (inx,iny) to yield (outx,outy).  The input
 // point must not be the point at infinity.
 template<typename FieldT>
@@ -403,7 +490,6 @@ public:
 template<typename FieldT>
 class ec_constant_scalarmul_vec_accum_gadget : public gadget<FieldT> {
 private:
-  FieldT Cx, Cy;
   pb_variable_array<FieldT> accumx, accumy;
   std::vector<ec_4_constant_add_gadget<FieldT> > fouradders;
   std::vector<ec_2_constant_add_gadget<FieldT> > twoadders;
@@ -427,9 +513,6 @@ public:
               const FieldT &Px, const FieldT &Py,
               FieldT &AXSx, FieldT &AXSy) :
     gadget<FieldT>(pb, "ec_constant_scalarmul_vec_accum_gadget"),
-    // Precomputed coordinates of C
-    Cx(2),
-    Cy("4950745124018817972378217179409499695353526031437053848725554590521829916331"),
     outx(outx), outy(outy), Ax(Ax), Ay(Ay), svec(svec), Px(Px), Py(Py)
   {
     size_t numbits = svec.size();
@@ -454,13 +537,16 @@ public:
 
         if (i == numbits-1) {
             FieldT twoiPCx, twoiPCy;
-            ec_add_points(twoiPCx, twoiPCy, twoiPx, twoiPy, Cx, Cy);
+            ec_add_points(twoiPCx, twoiPCy, twoiPx, twoiPy,
+                curveParams<FieldT>::Cx, curveParams<FieldT>::Cy);
 
             twoadders.emplace_back(this->pb,
                 outx, outy,
                 (i == 0 ? Ax : accumx[accnext-1]),
                 (i == 0 ? Ay : accumy[accnext-1]),
-                svec[i], Cx, Cy, twoiPCx, twoiPCy);
+                svec[i],
+                curveParams<FieldT>::Cx, curveParams<FieldT>::Cy,
+                twoiPCx, twoiPCy);
 
             // This makes i odd, but also exits the loop with
             // i = numbits and accnext = (numbits-1)/2
@@ -472,9 +558,11 @@ public:
             FieldT twoi2Px, twoi2Py;
             FieldT twoi1PCx, twoi1PCy, twoi2PCx, twoi2PCy, twoi3PCx, twoi3PCy;
 
-            ec_add_points(twoi1PCx, twoi1PCy, twoiPx, twoiPy, Cx, Cy);
+            ec_add_points(twoi1PCx, twoi1PCy, twoiPx, twoiPy,
+                    curveParams<FieldT>::Cx, curveParams<FieldT>::Cy);
             ec_double_point(twoi2Px, twoi2Py, twoiPx, twoiPy);
-            ec_add_points(twoi2PCx, twoi2PCy, twoi2Px, twoi2Py, Cx, Cy);
+            ec_add_points(twoi2PCx, twoi2PCy, twoi2Px, twoi2Py,
+                    curveParams<FieldT>::Cx, curveParams<FieldT>::Cy);
             ec_add_points(twoi3PCx, twoi3PCy, twoi2Px, twoi2Py,
                     twoi1PCx, twoi1PCy);
 
@@ -483,7 +571,9 @@ public:
                 (i == numbits-2 ? outy : accumy[accnext]),
                 (i == 0 ? Ax : accumx[accnext-1]),
                 (i == 0 ? Ay : accumy[accnext-1]),
-                svec[i], svec[i+1], Cx, Cy, twoi1PCx, twoi1PCy,
+                svec[i], svec[i+1],
+                curveParams<FieldT>::Cx, curveParams<FieldT>::Cy,
+                twoi1PCx, twoi1PCy,
                 twoi2PCx, twoi2PCy, twoi3PCx, twoi3PCy);
 
             // If i == numbits-2, we write directly to out and not accum above, and
@@ -496,7 +586,8 @@ public:
         }
 
         FieldT newAXSx, newAXSy;
-        ec_add_points(newAXSx, newAXSy, AXSx, AXSy, Cx, Cy);
+        ec_add_points(newAXSx, newAXSy, AXSx, AXSy,
+                curveParams<FieldT>::Cx, curveParams<FieldT>::Cy);
         AXSx = newAXSx;
         AXSy = newAXSy;
     }
@@ -579,7 +670,7 @@ public:
 template<typename FieldT>
 class ec_constant_scalarmul_vec_gadget : public gadget<FieldT> {
 private:
-  FieldT Cx, Cy, Ax, Ay, AXSx, AXSy;
+  FieldT AXSx, AXSy;
   pb_variable<FieldT> accinx, acciny, accoutx, accouty;
   std::vector<ec_constant_scalarmul_vec_accum_gadget<FieldT> > scalarmuls;
   std::vector<ec_constant_add_gadget<FieldT> > adders;
@@ -594,15 +685,10 @@ public:
               const pb_variable_array<FieldT> &svec,
               const FieldT &Px, const FieldT &Py) :
     gadget<FieldT>(pb, "ec_constant_scalarmul_vec_gadget"),
-    // Precomputed coordinates of C and A
-    Cx(2),
-    Cy("4950745124018817972378217179409499695353526031437053848725554590521829916331"),
-    Ax(4),
-    Ay("1929778687269876629657252589535788315400602403700102541701561325064015752665"),
     outx(outx), outy(outy), svec(svec), Px(Px), Py(Py)
   {
-    AXSx = Ax;
-    AXSy = Ay;
+    AXSx = curveParams<FieldT>::Ax;
+    AXSy = curveParams<FieldT>::Ay;
     accinx.allocate(this->pb, "accinx");
     acciny.allocate(this->pb, "acciny");
     accoutx.allocate(this->pb, "accoutx");
@@ -614,16 +700,16 @@ public:
 
   void generate_r1cs_constraints()
   {
-    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(accinx, 1, Ax));
-    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(acciny, 1, Ay));
+    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(accinx, 1, curveParams<FieldT>::Ax));
+    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(acciny, 1, curveParams<FieldT>::Ay));
     scalarmuls[0].generate_r1cs_constraints();
     adders[0].generate_r1cs_constraints();
   }
 
   void generate_r1cs_witness()
   {
-    this->pb.val(accinx) = Ax;
-    this->pb.val(acciny) = Ay;
+    this->pb.val(accinx) = curveParams<FieldT>::Ax;
+    this->pb.val(acciny) = curveParams<FieldT>::Ay;
     scalarmuls[0].generate_r1cs_witness();
     adders[0].generate_r1cs_witness();
   }
@@ -692,7 +778,6 @@ class ec_scalarmul_gadget;
 template<typename FieldT>
 class ec_scalarmul_vec_accum_gadget : public gadget<FieldT> {
 private:
-  FieldT Cx, Cy;
   pb_variable_array<FieldT> accumx, accumy;
   pb_variable_array<FieldT> twoiPx, twoiPy;
   std::vector<ec_constant_add_gadget<FieldT> > cadders;
@@ -719,9 +804,6 @@ public:
               bool Ptable_fill_values,
               FieldT &AXSx, FieldT &AXSy) :
     gadget<FieldT>(pb, "ec_scalarmul_vec_accum_gadget"),
-    // Precomputed coordinates of C
-    Cx(2),
-    Cy("4950745124018817972378217179409499695353526031437053848725554590521829916331"),
     outx(outx), outy(outy), Ax(Ax), Ay(Ay), svec(svec),
     Px(Px), Py(Py), Ptable(Ptable),
     Ptable_set_constraints(Ptable_set_constraints),
@@ -737,7 +819,7 @@ public:
         if (numbits > 0) {
             // Add P and C to get Ptable[0,1] = P+C
             cadders.emplace_back(this->pb, Ptable[0], Ptable[1],
-                    Px, Py, Cx, Cy);
+                    Px, Py, curveParams<FieldT>::Cx, curveParams<FieldT>::Cy);
         }
         if (numbits > 1) {
             // Add P and P+C to get Ptable[2,3] = 2*P+C
@@ -755,7 +837,7 @@ public:
             cadders.emplace_back(this->pb,
                     twoiPx[i-2], twoiPy[i-2],
                     Ptable[2*(i-1)], Ptable[2*(i-1)+1],
-                    Cx, -Cy);
+                    curveParams<FieldT>::Cx, -curveParams<FieldT>::Cy);
 
             // Compute 2^{i}*P + C = (2^{i-1}*P + C) + (2^{i-1}*P)
             adders.emplace_back(this->pb,
@@ -774,10 +856,10 @@ public:
             (i == numbits-1 ? outy : accumy[i]),
             (i == 0 ? Ax : accumx[i-1]),
             (i == 0 ? Ay : accumy[i-1]),
-            svec[i], Cx, Cy, Ptable[2*i], Ptable[2*i+1]);
+            svec[i], curveParams<FieldT>::Cx, curveParams<FieldT>::Cy, Ptable[2*i], Ptable[2*i+1]);
 
         FieldT newAXSx, newAXSy;
-        ec_add_points(newAXSx, newAXSy, AXSx, AXSy, Cx, Cy);
+        ec_add_points(newAXSx, newAXSy, AXSx, AXSy, curveParams<FieldT>::Cx, curveParams<FieldT>::Cy);
         AXSx = newAXSx;
         AXSy = newAXSy;
     }
@@ -907,7 +989,7 @@ public:
 template<typename FieldT>
 class ec_scalarmul_vec_gadget : public gadget<FieldT> {
 private:
-  FieldT Cx, Cy, Ax, Ay, AXSx, AXSy;
+  FieldT AXSx, AXSy;
   pb_variable<FieldT> accinx, acciny, accoutx, accouty;
   std::vector<ec_scalarmul_vec_accum_gadget<FieldT> > scalarmuls;
   std::vector<ec_constant_add_gadget<FieldT> > adders;
@@ -928,18 +1010,13 @@ public:
               bool Ptable_set_constraints,
               bool Ptable_fill_values) :
     gadget<FieldT>(pb, "ec_scalarmul_vec_gadget"),
-    // Precomputed coordinates of C and A
-    Cx(2),
-    Cy("4950745124018817972378217179409499695353526031437053848725554590521829916331"),
-    Ax(4),
-    Ay("1929778687269876629657252589535788315400602403700102541701561325064015752665"),
     outx(outx), outy(outy), svec(svec),
     Px(Px), Py(Py), Ptable(Ptable),
     Ptable_set_constraints(Ptable_set_constraints),
     Ptable_fill_values(Ptable_fill_values)
   {
-    AXSx = Ax;
-    AXSy = Ay;
+    AXSx = curveParams<FieldT>::Ax;
+    AXSy = curveParams<FieldT>::Ay;
     accinx.allocate(this->pb, "accinx");
     acciny.allocate(this->pb, "acciny");
     accoutx.allocate(this->pb, "accoutx");
@@ -953,16 +1030,16 @@ public:
 
   void generate_r1cs_constraints()
   {
-    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(accinx, 1, Ax));
-    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(acciny, 1, Ay));
+    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(accinx, 1, curveParams<FieldT>::Ax));
+    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(acciny, 1, curveParams<FieldT>::Ay));
     scalarmuls[0].generate_r1cs_constraints();
     adders[0].generate_r1cs_constraints();
   }
 
   void generate_r1cs_witness()
   {
-    this->pb.val(accinx) = Ax;
-    this->pb.val(acciny) = Ay;
+    this->pb.val(accinx) = curveParams<FieldT>::Ax;
+    this->pb.val(acciny) = curveParams<FieldT>::Ay;
     scalarmuls[0].generate_r1cs_witness();
     adders[0].generate_r1cs_witness();
   }
@@ -1036,9 +1113,6 @@ public:
                 const pb_variable<FieldT> &Px,
                 const pb_variable<FieldT> &Py)
   {
-    const FieldT Cx(2);
-    const FieldT Cy("4950745124018817972378217179409499695353526031437053848725554590521829916331");
-
     assert(Ptable.size() % 2 == 0);
     size_t numbits = Ptable.size() / 2;
 
@@ -1050,7 +1124,8 @@ public:
 
         // Compute 2^i * P + C
         FieldT twoiPCx, twoiPCy;
-        ec_add_points(twoiPCx, twoiPCy, twoiPx, twoiPy, Cx, Cy);
+        ec_add_points(twoiPCx, twoiPCy, twoiPx, twoiPy,
+                curveParams<FieldT>::Cx, curveParams<FieldT>::Cy);
         pb.val(Ptable[2*i]) = twoiPCx;
         pb.val(Ptable[2*i+1]) = twoiPCy;
 
@@ -1070,7 +1145,6 @@ private:
   pb_variable<FieldT> accinx, acciny, accmidx, accmidy, accoutx, accouty;
   std::vector<ec_constant_scalarmul_accum_gadget<FieldT> > mulgadgets;
   std::vector<ec_constant_add_gadget<FieldT> > addgadget;
-  const FieldT Gx, Gy, Hx, Hy, Ax, Ay;
 
 public:
   const pb_variable<FieldT> outx, outy, a, b;
@@ -1081,14 +1155,7 @@ public:
               const pb_variable<FieldT> &a,
               const pb_variable<FieldT> &b) :
     gadget<FieldT>(pb, "ec_pedersen_gadget"),
-    outx(outx), outy(outy), a(a), b(b),
-  // Precomputed coordinates of G, H, and A
-  Gx(0),
-  Gy("11977228949870389393715360594190192321220966033310912010610740966317727761886"),
-  Hx(1),
-  Hy("21803877843449984883423225223478944275188924769286999517937427649571474907279"),
-  Ax(4),
-  Ay("1929778687269876629657252589535788315400602403700102541701561325064015752665")
+    outx(outx), outy(outy), a(a), b(b)
   {
     // Allocate variables to protoboard
     // The strings (like "x") are only for debugging purposes
@@ -1101,22 +1168,22 @@ public:
     accouty.allocate(this->pb, "accouty");
 
     // Initialize the accumulator
-    FieldT AXSx = Ax;
-    FieldT AXSy = Ay;
-    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(accinx, 1, Ax));
-    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(acciny, 1, Ay));
+    FieldT AXSx = curveParams<FieldT>::Ax;
+    FieldT AXSy = curveParams<FieldT>::Ay;
+    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(accinx, 1, curveParams<FieldT>::Ax));
+    this->pb.add_r1cs_constraint(r1cs_constraint<FieldT>(acciny, 1, curveParams<FieldT>::Ay));
 
     // Initialize the gadgets
-    mulgadgets.emplace_back(this->pb, accmidx, accmidy, accinx, acciny, a, Gx, Gy, AXSx, AXSy);
-    mulgadgets.emplace_back(this->pb, accoutx, accouty, accmidx, accmidy, b, Hx, Hy, AXSx, AXSy);
+    mulgadgets.emplace_back(this->pb, accmidx, accmidy, accinx, acciny, a,
+            curveParams<FieldT>::Gx, curveParams<FieldT>::Gy, AXSx, AXSy);
+    mulgadgets.emplace_back(this->pb, accoutx, accouty, accmidx, accmidy, b,
+            curveParams<FieldT>::Hx, curveParams<FieldT>::Hy, AXSx, AXSy);
     // Subtract the accumulator excess to get the result
     addgadget.emplace_back(this->pb, outx, outy, accoutx, accouty, AXSx, -AXSy);
   }
 
   void generate_r1cs_constraints()
   {
-    this->pb.val(accinx) = Ax;
-    this->pb.val(acciny) = Ay;
     mulgadgets[0].generate_r1cs_constraints();
     mulgadgets[1].generate_r1cs_constraints();
     addgadget[0].generate_r1cs_constraints();
@@ -1124,6 +1191,8 @@ public:
 
   void generate_r1cs_witness()
   {
+    this->pb.val(accinx) = curveParams<FieldT>::Ax;
+    this->pb.val(acciny) = curveParams<FieldT>::Ay;
     mulgadgets[0].generate_r1cs_witness();
     mulgadgets[1].generate_r1cs_witness();
     addgadget[0].generate_r1cs_witness();

+ 6 - 0
libsnark_headers.hpp

@@ -1 +1,7 @@
 #include "libsnark/gadgetlib1/gadgets/basic_gadgets.hpp"
+#include "libff/algebra/curves/mnt/mnt4/mnt4_pp.hpp"
+#include "libff/algebra/curves/mnt/mnt6/mnt6_pp.hpp"
+#include "libff/algebra/fields/field_utils.hpp"
+#include "libsnark/zk_proof_systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.hpp"
+#include "libsnark/common/default_types/r1cs_gg_ppzksnark_pp.hpp"
+#include "libsnark/gadgetlib1/pb_variable.hpp"

+ 8 - 7
pedersen.cpp

@@ -10,11 +10,12 @@ using namespace std;
 
 int main()
 {
-  // Initialize the curve parameters
-
-  default_r1cs_gg_ppzksnark_pp::init_public_params();
+  typedef libff::bn128_pp ppT;
+  typedef libff::Fr<ppT> FieldT;
 
-  typedef libff::Fr<default_r1cs_gg_ppzksnark_pp> FieldT;
+  // Initialize the curve parameters
+  ppT::init_public_params();
+  init_curveparams();
   
   // Create protoboard
 
@@ -44,7 +45,7 @@ int main()
   
   const r1cs_constraint_system<FieldT> constraint_system = pb.get_constraint_system();
 
-  const r1cs_gg_ppzksnark_keypair<default_r1cs_gg_ppzksnark_pp> keypair = r1cs_gg_ppzksnark_generator<default_r1cs_gg_ppzksnark_pp>(constraint_system);
+  const r1cs_gg_ppzksnark_keypair<ppT> keypair = r1cs_gg_ppzksnark_generator<ppT>(constraint_system);
 
   // Add witness values
 
@@ -56,11 +57,11 @@ int main()
 
   ped.generate_r1cs_witness();
 
-  const r1cs_gg_ppzksnark_proof<default_r1cs_gg_ppzksnark_pp> proof = r1cs_gg_ppzksnark_prover<default_r1cs_gg_ppzksnark_pp>(keypair.pk, pb.primary_input(), pb.auxiliary_input());
+  const r1cs_gg_ppzksnark_proof<ppT> proof = r1cs_gg_ppzksnark_prover<ppT>(keypair.pk, pb.primary_input(), pb.auxiliary_input());
 
   cout << "Verifier" << endl;
 
-  bool verified = r1cs_gg_ppzksnark_verifier_strong_IC<default_r1cs_gg_ppzksnark_pp>(keypair.vk, pb.primary_input(), proof);
+  bool verified = r1cs_gg_ppzksnark_verifier_strong_IC<ppT>(keypair.vk, pb.primary_input(), proof);
 
   cout << "Number of R1CS constraints: " << constraint_system.num_constraints() << endl;
   cout << "Primary (public) input: " << pb.primary_input() << endl;

+ 0 - 5
pedersen.hpp

@@ -1,9 +1,4 @@
 #ifndef __PEDERSEN_HPP__
 #define __PEDERSEN_HPP__
 
-#include "libff/algebra/fields/field_utils.hpp"
-#include "libsnark/zk_proof_systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.hpp"
-#include "libsnark/common/default_types/r1cs_gg_ppzksnark_pp.hpp"
-#include "libsnark/gadgetlib1/pb_variable.hpp"
-
 #endif

+ 1 - 0
ratchetcommit.cpp

@@ -81,6 +81,7 @@ int main(int argc, char **argv)
   // Initialize the curve parameters
 
   default_r1cs_gg_ppzksnark_pp::init_public_params();
+  init_curveparams();
 
   typedef libff::Fr<default_r1cs_gg_ppzksnark_pp> FieldT;
   

+ 1 - 0
scalarmul.cpp

@@ -13,6 +13,7 @@ int main()
   // Initialize the curve parameters
 
   default_r1cs_gg_ppzksnark_pp::init_public_params();
+  init_curveparams();
 
   typedef libff::Fr<default_r1cs_gg_ppzksnark_pp> FieldT;
   

+ 0 - 5
scalarmul.hpp

@@ -1,9 +1,4 @@
 #ifndef __SCALARMUL_H__
 #define __SCALARMUL_H__
 
-#include "libff/algebra/fields/field_utils.hpp"
-#include "libsnark/zk_proof_systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.hpp"
-#include "libsnark/common/default_types/r1cs_gg_ppzksnark_pp.hpp"
-#include "libsnark/gadgetlib1/pb_variable.hpp"
-
 #endif

+ 1 - 0
varscalarmul.cpp

@@ -34,6 +34,7 @@ int main(int argc, char **argv)
   // Initialize the curve parameters
 
   default_r1cs_gg_ppzksnark_pp::init_public_params();
+  init_curveparams();
 
   typedef libff::Fr<default_r1cs_gg_ppzksnark_pp> FieldT;
   

+ 1 - 0
verifenc.cpp

@@ -240,6 +240,7 @@ int main(int argc, char **argv)
   // Initialize the curve parameters
 
   default_r1cs_gg_ppzksnark_pp::init_public_params();
+  init_curveparams();
 
   typedef libff::Fr<default_r1cs_gg_ppzksnark_pp> FieldT;