| benchmarked.rs |
This module provides wrappers around internal components of this crate that we want to
benchmark, but which we don't want to expose in the public API. |
1682 |
| codec.rs |
Support for encoding and decoding messages to or from the TLS wire encoding, as specified in
[RFC 8446, Section 3][1].
The [`Encode`], [`Decode`], [`ParameterizedEncode`] and [`ParameterizedDecode`] traits can be
implemented on values that need to be encoded or decoded. Utility functions are provided to
encode or decode sequences of values.
[1]: https://datatracker.ietf.org/doc/html/rfc8446#section-3 |
25335 |
| dp |
|
|
| dp.rs |
Differential privacy (DP) primitives.
There are three main traits defined in this module:
- `DifferentialPrivacyBudget`: Implementors should be types of DP-budgets,
i.e., methods to measure the amount of privacy provided by DP-mechanisms.
Examples: zCDP, ApproximateDP (Epsilon-Delta), PureDP
- `DifferentialPrivacyDistribution`: Distribution from which noise is sampled.
Examples: DiscreteGaussian, DiscreteLaplace
- `DifferentialPrivacyStrategy`: This is a combination of choices for budget and distribution.
Examples: zCDP-DiscreteGaussian, EpsilonDelta-DiscreteGaussian
|
4911 |
| fft.rs |
This module implements an iterative FFT algorithm for computing the (inverse) Discrete Fourier
Transform (DFT) over a slice of field elements. |
6774 |
| field |
|
|
| field.rs |
Finite field arithmetic.
Basic field arithmetic is captured in the [`FieldElement`] trait. Fields used in Prio implement
[`FftFriendlyFieldElement`], and have an associated element called the "generator" that
generates a multiplicative subgroup of order `2^n` for some `n`. |
42771 |
| flp |
|
|
| flp.rs |
Implementation of the generic Fully Linear Proof (FLP) system specified in
[[draft-irtf-cfrg-vdaf-08]]. This is the main building block of [`Prio3`](crate::vdaf::prio3).
The FLP is derived for any implementation of the [`Type`] trait. Such an implementation
specifies a validity circuit that defines the set of valid measurements, as well as the finite
field in which the validity circuit is evaluated. It also determines how raw measurements are
encoded as inputs to the validity circuit, and how aggregates are decoded from sums of
measurements.
# Overview
The proof system is comprised of three algorithms. The first, `prove`, is run by the prover in
order to generate a proof of a statement's validity. The second and third, `query` and
`decide`, are run by the verifier in order to check the proof. The proof asserts that the input
is an element of a language recognized by the arithmetic circuit. If an input is _not_ valid,
then the verification step will fail with high probability:
```
use prio::flp::types::Count;
use prio::flp::Type;
use prio::field::{random_vector, FieldElement, Field64};
// The prover chooses a measurement.
let count = Count::new();
let input: Vec<Field64> = count.encode_measurement(&false).unwrap();
// The prover and verifier agree on "joint randomness" used to generate and
// check the proof. The application needs to ensure that the prover
// "commits" to the input before this point. In Prio3, the joint
// randomness is derived from additive shares of the input.
let joint_rand = random_vector(count.joint_rand_len()).unwrap();
// The prover generates the proof.
let prove_rand = random_vector(count.prove_rand_len()).unwrap();
let proof = count.prove(&input, &prove_rand, &joint_rand).unwrap();
// The verifier checks the proof. In the first step, the verifier "queries"
// the input and proof, getting the "verifier message" in response. It then
// inspects the verifier to decide if the input is valid.
let query_rand = random_vector(count.query_rand_len()).unwrap();
let verifier = count.query(&input, &proof, &query_rand, &joint_rand, 1).unwrap();
assert!(count.decide(&verifier).unwrap());
```
[draft-irtf-cfrg-vdaf-08]: https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/08/ |
45330 |
| fp.rs |
Finite field arithmetic for any field GF(p) for which p < 2^128. |
17287 |
| idpf.rs |
This module implements the incremental distributed point function (IDPF) described in
[[draft-irtf-cfrg-vdaf-08]].
[draft-irtf-cfrg-vdaf-08]: https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/08/ |
79186 |
| lib.rs |
# libprio-rs
Implementation of the [Prio](https://crypto.stanford.edu/prio/) private data aggregation
protocol.
Prio3 is available in the `vdaf` module as part of an implementation of [Verifiable Distributed
Aggregation Functions][vdaf], along with an experimental implementation of Poplar1.
[vdaf]: https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/05/ |
1147 |
| polynomial.rs |
Functions for polynomial interpolation and evaluation |
10571 |
| prng.rs |
Tool for generating pseudorandom field elements.
NOTE: The public API for this module is a work in progress. |
10217 |
| topology |
|
|
| vdaf |
|
|
| vdaf.rs |
Verifiable Distributed Aggregation Functions (VDAFs) as described in
[[draft-irtf-cfrg-vdaf-08]].
[draft-irtf-cfrg-vdaf-08]: https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf/08/ |
26438 |
| vidpf.rs |
Verifiable Incremental Distributed Point Function (VIDPF).
The VIDPF construction is specified in [[draft-mouris-cfrg-mastic]] and builds
on techniques from [[MST23]] and [[CP22]] to lift an IDPF to a VIDPF.
[CP22]: https://eprint.iacr.org/2021/580
[MST23]: https://eprint.iacr.org/2023/080
[draft-mouris-cfrg-mastic]: https://datatracker.ietf.org/doc/draft-mouris-cfrg-mastic/02/ |
26778 |