bulletproofs: add closure to allow increases to prover generator capacity

benches/r1cs.rs

@@ -122,7 +122,7 @@ impl KShuffleGadget {
 
     pub fn prove<'a, 'b>(
         pc_gens: &'b PedersenGens,
-        bp_gens: &'b BulletproofGens,
+        bp_gens: &'b mut BulletproofGens,
         transcript: &'a mut Transcript,
         input: &[Scalar],
         output: &[Scalar],
@@ -156,7 +156,7 @@ impl KShuffleGadget {
             .unzip();
 
         Self::fill_cs(&mut prover, input_vars, output_vars)?;
-        let proof = prover.prove(&bp_gens)?;
+        let proof = prover.prove(bp_gens)?;
 
         Ok((proof, input_commitments, output_commitments))
     }
@@ -206,11 +206,17 @@ fn bench_kshuffle_prove(c: &mut Criterion) {
 
             // Make kshuffle proof
             let pc_gens = PedersenGens::default();
-            let bp_gens = BulletproofGens::new(128, 1);
+            let mut bp_gens = BulletproofGens::new(128, 1);
             b.iter(|| {
                 let mut prover_transcript = Transcript::new(b"ShuffleTest");
-                KShuffleGadget::prove(&pc_gens, &bp_gens, &mut prover_transcript, &input, &output)
-                    .unwrap();
+                KShuffleGadget::prove(
+                    &pc_gens,
+                    &mut bp_gens,
+                    &mut prover_transcript,
+                    &input,
+                    &output,
+                )
+                .unwrap();
             })
         },
         vec![8, 16, 32, 64, 17],
@@ -239,11 +245,16 @@ fn bench_kshuffle_verify(c: &mut Criterion) {
 
             // Make kshuffle proof
             let pc_gens = PedersenGens::default();
-            let bp_gens = BulletproofGens::new(128, 1);
+            let mut bp_gens = BulletproofGens::new(128, 1);
             let mut prover_transcript = Transcript::new(b"ShuffleTest");
-            let (proof, in_commitments, out_commitments) =
-                KShuffleGadget::prove(&pc_gens, &bp_gens, &mut prover_transcript, &input, &output)
-                    .unwrap();
+            let (proof, in_commitments, out_commitments) = KShuffleGadget::prove(
+                &pc_gens,
+                &mut bp_gens,
+                &mut prover_transcript,
+                &input,
+                &output,
+            )
+            .unwrap();
 
             // Verify kshuffle proof
             b.iter(|| {

docs/r1cs-docs-example.md

@@ -202,7 +202,7 @@ impl ShuffleProof {
     /// Returns a tuple `(proof, input_commitments || output_commitments)`.
     pub fn prove<'a, 'b>(
         pc_gens: &'b PedersenGens,
-        bp_gens: &'b BulletproofGens,
+        bp_gens: &'b mut BulletproofGens,
         transcript: &'a mut Transcript,
         input: &[Scalar],
         output: &[Scalar],
@@ -232,7 +232,7 @@ impl ShuffleProof {
 
         ShuffleProof::gadget(&mut prover, input_vars, output_vars)?;
 
-        let proof = prover.prove(&bp_gens)?;
+        let proof = prover.prove(bp_gens)?;
 
         Ok((ShuffleProof(proof), input_commitments, output_commitments))
     }
@@ -309,7 +309,7 @@ The verifier receives a proof, and a list of committed inputs and outputs, from
 #     /// Returns a tuple `(proof, input_commitments || output_commitments)`.
 #     pub fn prove<'a, 'b>(
 #         pc_gens: &'b PedersenGens,
-#         bp_gens: &'b BulletproofGens,
+#         bp_gens: &'b mut BulletproofGens,
 #         transcript: &'a mut Transcript,
 #         input: &[Scalar],
 #         output: &[Scalar],
@@ -339,7 +339,7 @@ The verifier receives a proof, and a list of committed inputs and outputs, from
 #
 #         ShuffleProof::gadget(&mut prover, input_vars, output_vars)?;
 #
-#         let proof = prover.prove(&bp_gens)?;
+#         let proof = prover.prove(bp_gens)?;
 #
 #         Ok((ShuffleProof(proof), input_commitments, output_commitments))
 #     }
@@ -449,7 +449,7 @@ Because only the prover knows the scalar values of the inputs and outputs, and t
 #     /// Returns a tuple `(proof, input_commitments || output_commitments)`.
 #     pub fn prove<'a, 'b>(
 #         pc_gens: &'b PedersenGens,
-#         bp_gens: &'b BulletproofGens,
+#         bp_gens: &'b mut BulletproofGens,
 #         transcript: &'a mut Transcript,
 #         input: &[Scalar],
 #         output: &[Scalar],
@@ -479,7 +479,7 @@ Because only the prover knows the scalar values of the inputs and outputs, and t
 #
 #         ShuffleProof::gadget(&mut prover, input_vars, output_vars)?;
 #
-#         let proof = prover.prove(&bp_gens)?;
+#         let proof = prover.prove(bp_gens)?;
 #
 #         Ok((ShuffleProof(proof), input_commitments, output_commitments))
 #     }
@@ -517,7 +517,7 @@ Because only the prover knows the scalar values of the inputs and outputs, and t
 # fn main() {
 // Construct generators. 1024 Bulletproofs generators is enough for 512-size shuffles.
 let pc_gens = PedersenGens::default();
-let bp_gens = BulletproofGens::new(1024, 1);
+let mut bp_gens = BulletproofGens::new(1024, 1);
 
 // Putting the prover code in its own scope means we can't
 // accidentally reuse prover data in the test.
@@ -538,7 +538,7 @@ let (proof, in_commitments, out_commitments) = {
     let mut prover_transcript = Transcript::new(b"ShuffleProofTest");
     ShuffleProof::prove(
         &pc_gens,
-        &bp_gens,
+        &mut bp_gens,
         &mut prover_transcript,
         &inputs,
         &outputs,

src/generators.rs

@@ -101,6 +101,35 @@ impl Iterator for GeneratorsChain {
     }
 }
 
+/// Defines a Bulletproofs generator
+pub trait BulletproofGensTrait {
+    /// Optionally resizes the generator capacity
+    fn increase_capacity(&mut self, new_capacity: usize);
+
+    /// Returns capacity
+    fn capacity(&self) -> usize;
+
+    /// Returns j-th share of generators, with an appropriate
+    /// slice of vectors G and H for the j-th range proof.
+    fn share(&self, j: usize) -> BulletproofGensShare;
+}
+
+/// Defines a static, non-resizable BulletproofGens object.
+pub struct BulletproofGensStatic(pub BulletproofGens);
+
+impl BulletproofGensTrait for BulletproofGensStatic {
+    /// For static generator, `increase_capacity` does nothing.
+    fn increase_capacity(&mut self, _: usize) {}
+
+    fn share(&self, j: usize) -> BulletproofGensShare {
+        self.0.share(j)
+    }
+
+    fn capacity(&self) -> usize {
+        self.0.gens_capacity
+    }
+}
+
 /// The `BulletproofGens` struct contains all the generators needed
 /// for aggregating up to `m` range proofs of up to `n` bits each.
 ///
@@ -163,18 +192,37 @@ impl BulletproofGens {
         gens
     }
 
-    /// Returns j-th share of generators, with an appropriate
-    /// slice of vectors G and H for the j-th range proof.
-    pub fn share(&self, j: usize) -> BulletproofGensShare {
-        BulletproofGensShare {
-            gens: &self,
-            share: j,
+    /// Return an iterator over the aggregation of the parties' G generators with given size `n`.
+    pub(crate) fn G(&self, n: usize, m: usize) -> impl Iterator<Item = &RistrettoPoint> {
+        AggregatedGensIter {
+            n,
+            m,
+            array: &self.G_vec,
+            party_idx: 0,
+            gen_idx: 0,
+        }
+    }
+
+    /// Return an iterator over the aggregation of the parties' H generators with given size `n`.
+    pub(crate) fn H(&self, n: usize, m: usize) -> impl Iterator<Item = &RistrettoPoint> {
+        AggregatedGensIter {
+            n,
+            m,
+            array: &self.H_vec,
+            party_idx: 0,
+            gen_idx: 0,
         }
     }
+}
+
+impl BulletproofGensTrait for BulletproofGens {
+    fn capacity(&self) -> usize {
+        self.gens_capacity
+    }
 
     /// Increases the generators' capacity to the amount specified.
     /// If less than or equal to the current capacity, does nothing.
-    pub fn increase_capacity(&mut self, new_capacity: usize) {
+    fn increase_capacity(&mut self, new_capacity: usize) {
         use byteorder::{ByteOrder, LittleEndian};
 
         if self.gens_capacity >= new_capacity {
@@ -201,25 +249,10 @@ impl BulletproofGens {
         self.gens_capacity = new_capacity;
     }
 
-    /// Return an iterator over the aggregation of the parties' G generators with given size `n`.
-    pub(crate) fn G(&self, n: usize, m: usize) -> impl Iterator<Item = &RistrettoPoint> {
-        AggregatedGensIter {
-            n,
-            m,
-            array: &self.G_vec,
-            party_idx: 0,
-            gen_idx: 0,
-        }
-    }
-
-    /// Return an iterator over the aggregation of the parties' H generators with given size `n`.
-    pub(crate) fn H(&self, n: usize, m: usize) -> impl Iterator<Item = &RistrettoPoint> {
-        AggregatedGensIter {
-            n,
-            m,
-            array: &self.H_vec,
-            party_idx: 0,
-            gen_idx: 0,
+    fn share(&self, j: usize) -> BulletproofGensShare {
+        BulletproofGensShare {
+            gens: &self,
+            share: j,
         }
     }
 }

src/inner_product_proof.rs

@@ -415,7 +415,7 @@ mod tests {
     fn test_helper_create(n: usize) {
         let mut rng = rand::thread_rng();
 
-        use generators::BulletproofGens;
+        use generators::{BulletproofGens, BulletproofGensTrait};
         let bp_gens = BulletproofGens::new(n, 1);
         let G: Vec<RistrettoPoint> = bp_gens.share(0).G(n).cloned().collect();
         let H: Vec<RistrettoPoint> = bp_gens.share(0).H(n).cloned().collect();

src/lib.rs

@@ -44,7 +44,10 @@ mod range_proof;
 mod transcript;
 
 pub use errors::ProofError;
-pub use generators::{BulletproofGens, BulletproofGensShare, PedersenGens};
+pub use generators::{
+    BulletproofGens, BulletproofGensShare, BulletproofGensStatic, BulletproofGensTrait,
+    PedersenGens,
+};
 pub use range_proof::RangeProof;
 
 #[doc(include = "../docs/aggregation-api.md")]

src/r1cs/prover.rs

@@ -10,7 +10,7 @@ use merlin::Transcript;
 use super::{ConstraintSystem, LinearCombination, R1CSProof, RandomizedConstraintSystem, Variable};
 
 use errors::R1CSError;
-use generators::{BulletproofGens, PedersenGens};
+use generators::{BulletproofGens, BulletproofGensTrait, PedersenGens};
 use inner_product_proof::InnerProductProof;
 use transcript::TranscriptProtocol;
 
@@ -359,7 +359,10 @@ impl<'t, 'g> Prover<'t, 'g> {
     }
 
     /// Consume this `ConstraintSystem` to produce a proof.
-    pub fn prove(mut self, bp_gens: &BulletproofGens) -> Result<R1CSProof, R1CSError> {
+    pub fn prove<G>(mut self, bp_gens: &mut G) -> Result<R1CSProof, R1CSError>
+    where
+        G: BulletproofGensTrait,
+    {
         use std::iter;
         use util;
 
@@ -397,7 +400,9 @@ impl<'t, 'g> Prover<'t, 'g> {
         // Commit to the first-phase low-level witness variables.
         let n1 = self.a_L.len();
 
-        if bp_gens.gens_capacity < n1 {
+        /// Get resized generators and check sufficient capacity
+        bp_gens.increase_capacity(n1);
+        if bp_gens.capacity() < n1 {
             return Err(R1CSError::InvalidGeneratorsLength);
         }
 
@@ -455,9 +460,12 @@ impl<'t, 'g> Prover<'t, 'g> {
         let padded_n = self.a_L.len().next_power_of_two();
         let pad = padded_n - n;
 
-        if bp_gens.gens_capacity < padded_n {
+        // Resize from phase 2 and check capacity
+        bp_gens.increase_capacity(padded_n);
+        if bp_gens.capacity() < padded_n {
             return Err(R1CSError::InvalidGeneratorsLength);
         }
+        let gens = bp_gens.share(0);
 
         // Commit to the second-phase low-level witness variables
 

src/r1cs/verifier.rs

@@ -9,7 +9,7 @@ use merlin::Transcript;
 use super::{ConstraintSystem, LinearCombination, R1CSProof, RandomizedConstraintSystem, Variable};
 
 use errors::R1CSError;
-use generators::{BulletproofGens, PedersenGens};
+use generators::{BulletproofGens, BulletproofGensTrait, PedersenGens};
 use transcript::TranscriptProtocol;
 
 /// A [`ConstraintSystem`] implementation for use by the verifier.

src/range_proof/messages.rs

@@ -7,7 +7,7 @@
 use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
 use curve25519_dalek::scalar::Scalar;
 
-use generators::{BulletproofGens, PedersenGens};
+use generators::{BulletproofGens, BulletproofGensTrait, PedersenGens};
 
 /// A commitment to the bits of a party's value.
 #[derive(Serialize, Deserialize, Copy, Clone, Debug)]

src/range_proof/party.rs

@@ -16,7 +16,7 @@ use curve25519_dalek::traits::MultiscalarMul;
 
 use clear_on_drop::clear::Clear;
 use errors::MPCError;
-use generators::{BulletproofGens, PedersenGens};
+use generators::{BulletproofGens, BulletproofGensTrait, PedersenGens};
 use rand;
 use std::iter;
 use util;