def run_one_test(nInBits, nCopies, nLayers, qStat):
nOutBits = nInBits
in0vv = []
in1vv = []
typvv = []
for _ in xrange(0, nLayers):
(in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
in0vv.append(in0v)
in1vv.append(in1v)
typvv.append(typv)
prv = CircuitProverNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv)
# blind some of the inputs to the verifier
nondet_bits = random.randint(0, nInBits - 1)
prv.set_nondet_range(nondet_bits)
inputs = randutil.rand_inputs(nInBits, nCopies)
pf = prv.run(inputs)
ver = CircuitVerifierNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv)
ver.run(pf)
if not qStat:
print "nInBits: %d, nCopies: %d, nLayers: %d" % (nInBits, nCopies,
nLayers)
print " %d group elems, %d bytes in proof" % FiatShamir.proof_size(
pf)
for fArith in [ver.in_a, ver.out_a, ver.sc_a, ver.tV_a, ver.nlay_a]:
if fArith is not None:
print " %s: %s" % (fArith.cat, str(fArith))
def run_rdl_test(nInBits, nCopies, nLayers, qStat):
(in0vv, in1vv, typvv) = rand_ckt(nInBits, nLayers)
nRDLBits = nInBits - random.randint(0, 2)
nRDLInputs = 2**nRDLBits
nInputs = 2**nInBits
rdl = [[random.randint(0, nRDLInputs - 1) for _ in xrange(0, nInputs)]
for _ in xrange(0, nCopies)]
prv = CircuitProverVecWitNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv)
prv.set_rdl(rdl, nRDLInputs)
inputs = randutil.rand_inputs(nRDLBits, 1)
pf = prv.run(inputs)
ver = CircuitVerifierVecWitNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv)
ver.set_rdl(rdl, nRDLInputs)
ver.run(pf)
if not qStat:
print "nInBits: %d, nCopies: %d, nLayers: %d" % (nInBits, nCopies,
nLayers)
print " %d group elems, %d bytes in proof" % FiatShamir.proof_size(
pf)
for fArith in [ver.in_a, ver.out_a, ver.sc_a, ver.tV_a, ver.nlay_a]:
if fArith is not None:
print " %s: %s" % (fArith.cat, str(fArith))
def run_one_test(nInBits, nCopies):
nOutBits = nInBits
(in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
inputs = randutil.rand_inputs(nInBits, nCopies)
circuit = CircuitProver(nCopies, 2**nInBits, [in0v], [in1v], [typv])
circuit.set_inputs(inputs)
z1 = [Defs.gen_random() for _ in xrange(0, nOutBits)]
z2 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]
circuit.set_z(z1, z2, None, None, True)
# mlExt of outputs
outflat = util.flatten(circuit.ckt_outputs)
inLayer_mults = LayerComputeBeta(nOutBits + circuit.nCopyBits, z1 + z2)
assert len(outflat) == len(inLayer_mults.outputs)
inLayermul = util.mul_vecs(inLayer_mults.outputs, outflat)
inLayerExt = sum(inLayermul) % Defs.prime
w1 = [Defs.gen_random() for _ in xrange(0, nInBits)]
w2 = [Defs.gen_random() for _ in xrange(0, nInBits)]
w3 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]
initOutputs = circuit.get_outputs()
assert inLayerExt == (initOutputs[0] + sum(initOutputs)) % Defs.prime
for i in xrange(0, len(w3)):
circuit.next_round(w3[i])
circuit.get_outputs()
for i in xrange(0, len(w1)):
circuit.next_round(w1[i])
circuit.get_outputs()
for i in xrange(0, len(w2)):
circuit.next_round(w2[i])
finalOutputs = circuit.get_outputs()
# check the outputs by computing mlext of layer input directly
inflat = util.flatten(inputs)
v1_mults = LayerComputeBeta(circuit.layer_inbits[0] + circuit.nCopyBits,
w1 + w3)
assert len(inflat) == len(v1_mults.outputs)
v1inmul = util.mul_vecs(v1_mults.outputs, inflat)
v1 = sum(v1inmul) % Defs.prime
v2_mults = LayerComputeBeta(circuit.layer_inbits[0] + circuit.nCopyBits,
w2 + w3)
assert len(inflat) == len(v2_mults.outputs)
v2inmul = util.mul_vecs(v2_mults.outputs, inflat)
v2 = sum(v2inmul) % Defs.prime
assert v1 == finalOutputs[0]
assert v2 == sum(finalOutputs) % Defs.prime
def get_inputs(verifier_info, input_layer):
nCopies = verifier_info.nCopies if verifier_info.rdlFile is None else 1
if verifier_info.inputFile is None:
inputs = randutil.rand_inputs(0, nCopies, input_layer)
else:
inputs = util.get_inputs(verifier_info.inputFile, input_layer, nCopies)
if len(inputs) != nCopies:
print "ERROR: input file has too few lines (got %d, expected %d)" % (
len(inputs), nCopies)
sys.exit(1)
return inputs
def run_one_test(nInBits, nCopies, nLayers, qStat):
nOutBits = nInBits
in0vv = []
in1vv = []
typvv = []
for _ in xrange(0, nLayers):
(in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
in0vv.append(in0v)
in1vv.append(in1v)
typvv.append(typv)
ver = CircuitVerifier(nCopies, 2**nInBits, in0vv, in1vv, typvv)
inputs = randutil.rand_inputs(nInBits, nCopies)
ver.run(inputs)
if not qStat:
print "nInBits: %d, nCopies: %d, nLayers: %d" % (nInBits, nCopies,
nLayers)
for fArith in [ver.in_a, ver.out_a, ver.sc_a, ver.tV_a, ver.nlay_a]:
if fArith is not None:
print " %s: %s" % (fArith.cat, str(fArith))
def run_one_test(nInBits, nCopies):
nOutBits = nInBits
circuit = _DummyCircuitProver(nCopies)
(in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
typc = [tc.cgate for tc in typv]
inputs = randutil.rand_inputs(nInBits, nCopies)
# compute outputs
ckt = ArithCircuit()
inCktLayer = ArithCircuitInputLayer(ckt, nOutBits)
outCktLayer = ArithCircuitLayer(ckt, inCktLayer, in0v, in1v, typc)
ckt.layers = [inCktLayer, outCktLayer]
outputs = []
for inp in inputs:
ckt.run(inp)
outputs.append(ckt.outputs)
z1 = [Defs.gen_random() for _ in xrange(0, nOutBits)]
z2 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]
outLayer = LayerProver(nInBits, circuit, in0v, in1v, typv)
outLayer.set_inputs(inputs)
outLayer.set_z(z1, z2, None, None, True)
# mlExt of outputs
outflat = util.flatten(outputs)
inLayer_mults = LayerComputeBeta(nOutBits + outLayer.circuit.nCopyBits,
z1 + z2)
assert len(outflat) == len(inLayer_mults.outputs)
inLayermul = util.mul_vecs(inLayer_mults.outputs, outflat)
inLayerExt = sum(inLayermul) % Defs.prime
w3 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]
w1 = [Defs.gen_random() for _ in xrange(0, nInBits)]
w2 = [Defs.gen_random() for _ in xrange(0, nInBits)]
outLayer.compute_outputs()
initOutputs = outLayer.output
assert inLayerExt == (initOutputs[0] + sum(initOutputs)) % Defs.prime
for i in xrange(0, len(w3)):
outLayer.next_round(w3[i])
outLayer.compute_outputs()
for i in xrange(0, len(w1)):
outLayer.next_round(w1[i])
outLayer.compute_outputs()
for i in xrange(0, len(w2)):
outLayer.next_round(w2[i])
outLayer.compute_outputs()
finalOutputs = outLayer.output
# check the outputs by computing mlext of layer input directly
inflat = util.flatten(inputs)
v1_mults = LayerComputeBeta(outLayer.nInBits + outLayer.circuit.nCopyBits,
w1 + w3)
assert len(inflat) == len(v1_mults.outputs)
v1inmul = util.mul_vecs(v1_mults.outputs, inflat)
v1 = sum(v1inmul) % Defs.prime
v2_mults = LayerComputeBeta(outLayer.nInBits + outLayer.circuit.nCopyBits,
w2 + w3)
assert len(inflat) == len(v2_mults.outputs)
v2inmul = util.mul_vecs(v2_mults.outputs, inflat)
v2 = sum(v2inmul) % Defs.prime
assert v1 == finalOutputs[0]
assert v2 == sum(finalOutputs) % Defs.prime
