def run_one_test(nInBits, nCopies, nLayers, qStat): nOutBits = nInBits in0vv = [] in1vv = [] typvv = [] for _ in xrange(0, nLayers): (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits) in0vv.append(in0v) in1vv.append(in1v) typvv.append(typv) prv = CircuitProverNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv) # blind some of the inputs to the verifier nondet_bits = random.randint(0, nInBits - 1) prv.set_nondet_range(nondet_bits) inputs = randutil.rand_inputs(nInBits, nCopies) pf = prv.run(inputs) ver = CircuitVerifierNIZK(nCopies, 2**nInBits, in0vv, in1vv, typvv) ver.run(pf) if not qStat: print "nInBits: %d, nCopies: %d, nLayers: %d" % (nInBits, nCopies, nLayers) print " %d group elems, %d bytes in proof" % FiatShamir.proof_size( pf) for fArith in [ver.in_a, ver.out_a, ver.sc_a, ver.tV_a, ver.nlay_a]: if fArith is not None: print " %s: %s" % (fArith.cat, str(fArith))
def run_one_test(nInBits, nCopies): nOutBits = nInBits (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits) inputs = randutil.rand_inputs(nInBits, nCopies) circuit = CircuitProver(nCopies, 2**nInBits, [in0v], [in1v], [typv]) circuit.set_inputs(inputs) z1 = [Defs.gen_random() for _ in xrange(0, nOutBits)] z2 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)] circuit.set_z(z1, z2, None, None, True) # mlExt of outputs outflat = util.flatten(circuit.ckt_outputs) inLayer_mults = LayerComputeBeta(nOutBits + circuit.nCopyBits, z1 + z2) assert len(outflat) == len(inLayer_mults.outputs) inLayermul = util.mul_vecs(inLayer_mults.outputs, outflat) inLayerExt = sum(inLayermul) % Defs.prime w1 = [Defs.gen_random() for _ in xrange(0, nInBits)] w2 = [Defs.gen_random() for _ in xrange(0, nInBits)] w3 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)] initOutputs = circuit.get_outputs() assert inLayerExt == (initOutputs[0] + sum(initOutputs)) % Defs.prime for i in xrange(0, len(w3)): circuit.next_round(w3[i]) circuit.get_outputs() for i in xrange(0, len(w1)): circuit.next_round(w1[i]) circuit.get_outputs() for i in xrange(0, len(w2)): circuit.next_round(w2[i]) finalOutputs = circuit.get_outputs() # check the outputs by computing mlext of layer input directly inflat = util.flatten(inputs) v1_mults = LayerComputeBeta(circuit.layer_inbits[0] + circuit.nCopyBits, w1 + w3) assert len(inflat) == len(v1_mults.outputs) v1inmul = util.mul_vecs(v1_mults.outputs, inflat) v1 = sum(v1inmul) % Defs.prime v2_mults = LayerComputeBeta(circuit.layer_inbits[0] + circuit.nCopyBits, w2 + w3) assert len(inflat) == len(v2_mults.outputs) v2inmul = util.mul_vecs(v2_mults.outputs, inflat) v2 = sum(v2inmul) % Defs.prime assert v1 == finalOutputs[0] assert v2 == sum(finalOutputs) % Defs.prime
def rand_ckt(nInBits, nLayers): in0vv = [] in1vv = [] typvv = [] for _ in xrange(0, nLayers): (in0v, in1v, typv) = randutil.rand_ckt(nInBits, nInBits) in0vv.append(in0v) in1vv.append(in1v) typvv.append(typv) return (in0vv, in1vv, typvv)
def run_one_test(nInBits, nCopies, nLayers, qStat): nOutBits = nInBits in0vv = [] in1vv = [] typvv = [] for _ in xrange(0, nLayers): (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits) in0vv.append(in0v) in1vv.append(in1v) typvv.append(typv) ver = CircuitVerifier(nCopies, 2**nInBits, in0vv, in1vv, typvv) inputs = randutil.rand_inputs(nInBits, nCopies) ver.run(inputs) if not qStat: print "nInBits: %d, nCopies: %d, nLayers: %d" % (nInBits, nCopies, nLayers) for fArith in [ver.in_a, ver.out_a, ver.sc_a, ver.tV_a, ver.nlay_a]: if fArith is not None: print " %s: %s" % (fArith.cat, str(fArith))
def run_one_test(nInBits, nCopies): nOutBits = nInBits circuit = _DummyCircuitProver(nCopies) (in0v, in1v, typv) = randutil.rand_ckt(nOutBits, nInBits) typc = [tc.cgate for tc in typv] inputs = randutil.rand_inputs(nInBits, nCopies) # compute outputs ckt = ArithCircuit() inCktLayer = ArithCircuitInputLayer(ckt, nOutBits) outCktLayer = ArithCircuitLayer(ckt, inCktLayer, in0v, in1v, typc) ckt.layers = [inCktLayer, outCktLayer] outputs = [] for inp in inputs: ckt.run(inp) outputs.append(ckt.outputs) z1 = [Defs.gen_random() for _ in xrange(0, nOutBits)] z2 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)] outLayer = LayerProver(nInBits, circuit, in0v, in1v, typv) outLayer.set_inputs(inputs) outLayer.set_z(z1, z2, None, None, True) # mlExt of outputs outflat = util.flatten(outputs) inLayer_mults = LayerComputeBeta(nOutBits + outLayer.circuit.nCopyBits, z1 + z2) assert len(outflat) == len(inLayer_mults.outputs) inLayermul = util.mul_vecs(inLayer_mults.outputs, outflat) inLayerExt = sum(inLayermul) % Defs.prime w3 = [Defs.gen_random() for _ in xrange(0, circuit.nCopyBits)] w1 = [Defs.gen_random() for _ in xrange(0, nInBits)] w2 = [Defs.gen_random() for _ in xrange(0, nInBits)] outLayer.compute_outputs() initOutputs = outLayer.output assert inLayerExt == (initOutputs[0] + sum(initOutputs)) % Defs.prime for i in xrange(0, len(w3)): outLayer.next_round(w3[i]) outLayer.compute_outputs() for i in xrange(0, len(w1)): outLayer.next_round(w1[i]) outLayer.compute_outputs() for i in xrange(0, len(w2)): outLayer.next_round(w2[i]) outLayer.compute_outputs() finalOutputs = outLayer.output # check the outputs by computing mlext of layer input directly inflat = util.flatten(inputs) v1_mults = LayerComputeBeta(outLayer.nInBits + outLayer.circuit.nCopyBits, w1 + w3) assert len(inflat) == len(v1_mults.outputs) v1inmul = util.mul_vecs(v1_mults.outputs, inflat) v1 = sum(v1inmul) % Defs.prime v2_mults = LayerComputeBeta(outLayer.nInBits + outLayer.circuit.nCopyBits, w2 + w3) assert len(inflat) == len(v2_mults.outputs) v2inmul = util.mul_vecs(v2_mults.outputs, inflat) v2 = sum(v2inmul) % Defs.prime assert v1 == finalOutputs[0] assert v2 == sum(finalOutputs) % Defs.prime