Exemple #1
0
def run_one_test(nInBits, nCopies, nLayers, qStat):
    nOutBits = nInBits

    in0vv = []
    in1vv = []
    typvv = []
    for _ in xrange(0, nLayers):
        (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
        in0vv.append(in0v)
        in1vv.append(in1v)
        typvv.append(typv)

    prv = CircuitProverNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv)

    # blind some of the inputs to the verifier
    nondet_bits = random.randint(0, nInBits - 1)
    prv.set_nondet_range(nondet_bits)

    inputs = randutil.rand_inputs(nInBits, nCopies)
    pf = prv.run(inputs)

    ver = CircuitVerifierNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv)
    ver.run(pf)

    if not qStat:
        print "nInBits: %d, nCopies: %d, nLayers: %d" % (nInBits, nCopies,
                                                         nLayers)
        print "    %d group elems, %d bytes in proof" % FiatShamir.proof_size(
            pf)
        for fArith in [ver.in_a, ver.out_a, ver.sc_a, ver.tV_a, ver.nlay_a]:
            if fArith is not None:
                print "    %s: %s" % (fArith.cat, str(fArith))
Exemple #2
0
def run_one_test(nInBits, nCopies):
    nOutBits = nInBits

    (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
    inputs = randutil.rand_inputs(nInBits, nCopies)

    circuit = CircuitProver(nCopies, 2**nInBits, [in0v], [in1v], [typv])
    circuit.set_inputs(inputs)

    z1 = [Defs.gen_random() for _ in xrange(0, nOutBits)]
    z2 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]

    circuit.set_z(z1, z2, None, None, True)

    # mlExt of outputs
    outflat = util.flatten(circuit.ckt_outputs)
    inLayer_mults = LayerComputeBeta(nOutBits + circuit.nCopyBits, z1 + z2)
    assert len(outflat) == len(inLayer_mults.outputs)
    inLayermul = util.mul_vecs(inLayer_mults.outputs, outflat)
    inLayerExt = sum(inLayermul) % Defs.prime

    w1 = [Defs.gen_random() for _ in xrange(0, nInBits)]
    w2 = [Defs.gen_random() for _ in xrange(0, nInBits)]
    w3 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]

    initOutputs = circuit.get_outputs()

    assert inLayerExt == (initOutputs[0] + sum(initOutputs)) % Defs.prime

    for i in xrange(0, len(w3)):
        circuit.next_round(w3[i])
        circuit.get_outputs()

    for i in xrange(0, len(w1)):
        circuit.next_round(w1[i])
        circuit.get_outputs()

    for i in xrange(0, len(w2)):
        circuit.next_round(w2[i])
        finalOutputs = circuit.get_outputs()

    # check the outputs by computing mlext of layer input directly

    inflat = util.flatten(inputs)

    v1_mults = LayerComputeBeta(circuit.layer_inbits[0] + circuit.nCopyBits,
                                w1 + w3)
    assert len(inflat) == len(v1_mults.outputs)
    v1inmul = util.mul_vecs(v1_mults.outputs, inflat)
    v1 = sum(v1inmul) % Defs.prime

    v2_mults = LayerComputeBeta(circuit.layer_inbits[0] + circuit.nCopyBits,
                                w2 + w3)
    assert len(inflat) == len(v2_mults.outputs)
    v2inmul = util.mul_vecs(v2_mults.outputs, inflat)
    v2 = sum(v2inmul) % Defs.prime

    assert v1 == finalOutputs[0]
    assert v2 == sum(finalOutputs) % Defs.prime
Exemple #3
0
def rand_ckt(nInBits, nLayers):
    in0vv = []
    in1vv = []
    typvv = []
    for _ in xrange(0, nLayers):
        (in0v, in1v, typv) = randutil.rand_ckt(nInBits, nInBits)
        in0vv.append(in0v)
        in1vv.append(in1v)
        typvv.append(typv)
    return (in0vv, in1vv, typvv)
Exemple #4
0
def run_one_test(nInBits, nCopies, nLayers, qStat):
    nOutBits = nInBits

    in0vv = []
    in1vv = []
    typvv = []
    for _ in xrange(0, nLayers):
        (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
        in0vv.append(in0v)
        in1vv.append(in1v)
        typvv.append(typv)

    ver = CircuitVerifier(nCopies, 2**nInBits, in0vv, in1vv, typvv)
    inputs = randutil.rand_inputs(nInBits, nCopies)
    ver.run(inputs)

    if not qStat:
        print "nInBits: %d, nCopies: %d, nLayers: %d" % (nInBits, nCopies,
                                                         nLayers)
        for fArith in [ver.in_a, ver.out_a, ver.sc_a, ver.tV_a, ver.nlay_a]:
            if fArith is not None:
                print "    %s: %s" % (fArith.cat, str(fArith))
Exemple #5
0
def run_one_test(nInBits, nCopies):
    nOutBits = nInBits

    circuit = _DummyCircuitProver(nCopies)

    (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits)
    typc = [tc.cgate for tc in typv]
    inputs = randutil.rand_inputs(nInBits, nCopies)

    # compute outputs
    ckt = ArithCircuit()
    inCktLayer = ArithCircuitInputLayer(ckt, nOutBits)
    outCktLayer = ArithCircuitLayer(ckt, inCktLayer, in0v, in1v, typc)
    ckt.layers = [inCktLayer, outCktLayer]
    outputs = []
    for inp in inputs:
        ckt.run(inp)
        outputs.append(ckt.outputs)

    z1 = [Defs.gen_random() for _ in xrange(0, nOutBits)]
    z2 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]

    outLayer = LayerProver(nInBits, circuit, in0v, in1v, typv)
    outLayer.set_inputs(inputs)
    outLayer.set_z(z1, z2, None, None, True)

    # mlExt of outputs
    outflat = util.flatten(outputs)
    inLayer_mults = LayerComputeBeta(nOutBits + outLayer.circuit.nCopyBits,
                                     z1 + z2)
    assert len(outflat) == len(inLayer_mults.outputs)
    inLayermul = util.mul_vecs(inLayer_mults.outputs, outflat)
    inLayerExt = sum(inLayermul) % Defs.prime

    w3 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)]
    w1 = [Defs.gen_random() for _ in xrange(0, nInBits)]
    w2 = [Defs.gen_random() for _ in xrange(0, nInBits)]

    outLayer.compute_outputs()
    initOutputs = outLayer.output

    assert inLayerExt == (initOutputs[0] + sum(initOutputs)) % Defs.prime

    for i in xrange(0, len(w3)):
        outLayer.next_round(w3[i])
        outLayer.compute_outputs()

    for i in xrange(0, len(w1)):
        outLayer.next_round(w1[i])
        outLayer.compute_outputs()

    for i in xrange(0, len(w2)):
        outLayer.next_round(w2[i])
        outLayer.compute_outputs()

    finalOutputs = outLayer.output

    # check the outputs by computing mlext of layer input directly

    inflat = util.flatten(inputs)

    v1_mults = LayerComputeBeta(outLayer.nInBits + outLayer.circuit.nCopyBits,
                                w1 + w3)
    assert len(inflat) == len(v1_mults.outputs)
    v1inmul = util.mul_vecs(v1_mults.outputs, inflat)
    v1 = sum(v1inmul) % Defs.prime

    v2_mults = LayerComputeBeta(outLayer.nInBits + outLayer.circuit.nCopyBits,
                                w2 + w3)
    assert len(inflat) == len(v2_mults.outputs)
    v2inmul = util.mul_vecs(v2_mults.outputs, inflat)
    v2 = sum(v2inmul) % Defs.prime

    assert v1 == finalOutputs[0]
    assert v2 == sum(finalOutputs) % Defs.prime