Low-level API for SNARK trait #342
Description
Summary
Introduce a low-level API for setup, indexing, proving, and verifying that directly reasons about the relation, instead of going via our ConstraintSystem API.
Problem Definition
Right now, for proving R1CS via our SNARK traits, we have to go via the ConstraintSynthesizer (and hence ConstraintSystem) trait. This is unsatisfactory for a couple of reasons:
- Using our libraries with external R1CS formats like
zkinterfaceincurs performance overheads because we have to convert toConstraintSystemand then back to matrices, instead of directly reading the matrices from the external format. - The
relationscrate is at the moment more about data structures for working with a particular relation (R1CS) rather than about the relation itself. For example, theR1CSrelation consists of(i, x, w)whereiconsists of theR1CSmatrices, andxandware the public input and witness, respectively. However, the currentark_relations::r1csmodule doesn't have any data structure reflecting these, and only has data structures likeConstraintSystemRef.
Proposal
- Add a
Relationtrait inrelationsthat looks like:
pub trait Relation {
type Index;
type Instance;
type Witness;
fn check_membership(i: &Self::Index, x: &Self::Instance, w: &Self::Witness) -> bool;
}- Modify the
SNARKtrait as follows:
pub trait SNARK<R: Relation> {
fn index(pp: &Self::Parameters, i: &R::Index) -> (Self::ProvingKey, Self::VerifyingKey);
// same for proving and verifying
}Additionally, we add a new R1CS-specific trait:
pub trait R1CSSnark: SNARK<R1CS> {
fn index_from_cs<CS: ConstraintSynthesizer>(pp: &Self::Parameters, cs: CS) -> (Self::ProvingKey, Self::VerifyingKey) {
// default impl using the `SNARK::index`, by `calling cs.into_matrices()`.
}
}(We might need equivalents for PreprocessingSNARK.)
For Admin Use
- Not duplicate issue
- Appropriate labels applied
- Appropriate contributors tagged
- Contributor assigned/self-assigned