adds verify.rs to verify transcript and working phase2 for bn254

phase2/src/lib.rs

@@ -235,8 +235,8 @@ use bellman_ce::pairing::{
     CurveAffine,
     CurveProjective,
     Wnaf,
-    bls12_381::{
+    bn256::{
-        Bls12,
+        Bn256,
         Fr,
         G1,
         G2,
@@ -380,7 +380,7 @@ impl<E: Engine> ConstraintSystem<E> for KeypairAssembly<E> {
 /// they contain a transcript of contributions at the end, which can be verified.
 #[derive(Clone)]
 pub struct MPCParameters {
-    params: Parameters<Bls12>,
+    params: Parameters<Bn256>,
     cs_hash: [u8; 64],
     contributions: Vec<PublicKey>
 }
@@ -400,7 +400,7 @@ impl MPCParameters {
     pub fn new<C>(
         circuit: C,
     ) -> Result<MPCParameters, SynthesisError>
-        where C: Circuit<Bls12>
+        where C: Circuit<Bn256>
     {
         let mut assembly = KeypairAssembly {
             num_inputs: 0,
@@ -511,7 +511,7 @@ impl MPCParameters {
         let beta_coeffs_g1 = Arc::new(beta_coeffs_g1);
 
         let mut h = Vec::with_capacity(m - 1);
-        for _ in 0..(m - 1) {
+        for i in 0..(m - 1) {
             h.push(read_g1(f)?);
         }
 
@@ -686,7 +686,7 @@ impl MPCParameters {
     }
 
     /// Get the underlying Groth16 `Parameters`
-    pub fn get_params(&self) -> &Parameters<Bls12> {
+    pub fn get_params(&self) -> &Parameters<Bn256> {
         &self.params
     }
 
@@ -781,7 +781,7 @@ impl MPCParameters {
     /// contributors obtained when they ran
     /// `MPCParameters::contribute`, for ensuring that contributions
     /// exist in the final parameters.
-    pub fn verify<C: Circuit<Bls12>>(
+    pub fn verify<C: Circuit<Bn256>>(
         &self,
         circuit: C
     ) -> Result<Vec<[u8; 64]>, ()>

powersoftau/Cargo.lock

@@ -9,18 +9,17 @@ dependencies = [
 ]
 
 [[package]]
-name = "bellman"
+name = "bellman_ce"
-version = "0.2.0"
+version = "0.3.1"
-source = "git+https://github.com/matterinc/bellman?tag=0.2.0#6e45a4b233e97a71f4a8a0565c8f8d753c04c08f"
 dependencies = [
  "bit-vec 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
- "blake2-rfc 0.2.18 (git+https://github.com/gtank/blake2-rfc?rev=7a5b5fc99ae483a0043db7547fb79a6fa44b88a9)",
  "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cfg-if 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
  "crossbeam 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures 0.1.25 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
  "num_cpus 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "pairing 0.16.2 (git+https://github.com/matterinc/pairing?tag=0.16.2)",
+ "pairing_ce 0.18.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
@@ -40,16 +39,6 @@ dependencies = [
  "generic-array 0.8.3 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
-[[package]]
-name = "blake2-rfc"
-version = "0.2.18"
-source = "git+https://github.com/gtank/blake2-rfc?rev=7a5b5fc99ae483a0043db7547fb79a6fa44b88a9#7a5b5fc99ae483a0043db7547fb79a6fa44b88a9"
-dependencies = [
- "arrayvec 0.4.10 (registry+https://github.com/rust-lang/crates.io-index)",
- "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "constant_time_eq 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
-]
-
 [[package]]
 name = "byte-tools"
 version = "0.2.0"
@@ -159,26 +148,26 @@ version = "1.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
-name = "ff"
+name = "ff_ce"
-version = "0.5.0"
+version = "0.7.1"
-source = "git+https://github.com/matterinc/ff?tag=0.5#056a13b95f4b971a9ae2c6fbb5fbc9f1e4f4828e"
+source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "ff_derive 0.4.0 (git+https://github.com/matterinc/ff?tag=0.5)",
+ "ff_derive_ce 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
+ "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
-name = "ff_derive"
+name = "ff_derive_ce"
-version = "0.4.0"
+version = "0.5.1"
-source = "git+https://github.com/matterinc/ff?tag=0.5#056a13b95f4b971a9ae2c6fbb5fbc9f1e4f4828e"
+source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "num-bigint 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)",
  "num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
  "proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)",
  "quote 0.6.11 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde_derive 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)",
  "syn 0.14.9 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
@@ -245,11 +234,6 @@ dependencies = [
  "either 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
-[[package]]
-name = "itoa"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-
 [[package]]
 name = "lazy_static"
 version = "1.3.0"
@@ -310,24 +294,20 @@ dependencies = [
 ]
 
 [[package]]
-name = "pairing"
+name = "pairing_ce"
-version = "0.16.2"
+version = "0.18.0"
-source = "git+https://github.com/matterinc/pairing?tag=0.16.2#c2af46cac3e6ebc8e1e1f37bb993e5e6c7f689d1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
  "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "ff 0.5.0 (git+https://github.com/matterinc/ff?tag=0.5)",
+ "ff_ce 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde_derive 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde_json 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
 [[package]]
 name = "powersoftau"
 version = "0.2.0"
 dependencies = [
- "bellman 0.2.0 (git+https://github.com/matterinc/bellman?tag=0.2.0)",
+ "bellman_ce 0.3.1",
  "blake2 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "crossbeam 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -434,41 +414,11 @@ name = "rustc-serialize"
 version = "0.3.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
-[[package]]
-name = "ryu"
-version = "0.2.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-
 [[package]]
 name = "scopeguard"
 version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 
-[[package]]
-name = "serde"
-version = "1.0.88"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-
-[[package]]
-name = "serde_derive"
-version = "1.0.88"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-dependencies = [
- "proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)",
- "quote 0.6.11 (registry+https://github.com/rust-lang/crates.io-index)",
- "syn 0.15.26 (registry+https://github.com/rust-lang/crates.io-index)",
-]
-
-[[package]]
-name = "serde_json"
-version = "1.0.38"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-dependencies = [
- "itoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
- "ryu 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)",
- "serde 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)",
-]
-
 [[package]]
 name = "smallvec"
 version = "0.6.9"
@@ -484,16 +434,6 @@ dependencies = [
  "unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
-[[package]]
-name = "syn"
-version = "0.15.26"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-dependencies = [
- "proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)",
- "quote 0.6.11 (registry+https://github.com/rust-lang/crates.io-index)",
- "unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
-]
-
 [[package]]
 name = "time"
 version = "0.1.42"
@@ -535,10 +475,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [metadata]
 "checksum arrayvec 0.4.10 (registry+https://github.com/rust-lang/crates.io-index)" = "92c7fb76bc8826a8b33b4ee5bb07a247a81e76764ab4d55e8f73e3a4d8808c71"
-"checksum bellman 0.2.0 (git+https://github.com/matterinc/bellman?tag=0.2.0)" = "<none>"
 "checksum bit-vec 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "02b4ff8b16e6076c3e14220b39fbc1fabb6737522281a388998046859400895f"
 "checksum blake2 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)" = "53bf612c0f2839b7e764ebac65d6cb985f7c6812de399d0728038f4b1da141bc"
-"checksum blake2-rfc 0.2.18 (git+https://github.com/gtank/blake2-rfc?rev=7a5b5fc99ae483a0043db7547fb79a6fa44b88a9)" = "<none>"
 "checksum byte-tools 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "560c32574a12a89ecd91f5e742165893f86e3ab98d21f8ea548658eb9eef5f40"
 "checksum byteorder 1.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "a019b10a2a7cdeb292db131fc8113e57ea2a908f6e7894b0c3c671893b65dbeb"
 "checksum cfg-if 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "11d43355396e872eefb45ce6342e4374ed7bc2b3a502d1b28e36d6e23c05d1f4"
@@ -553,8 +491,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum crypto-mac 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "779015233ac67d65098614aec748ac1c756ab6677fa2e14cf8b37c08dfed1198"
 "checksum digest 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e5b29bf156f3f4b3c4f610a25ff69370616ae6e0657d416de22645483e72af0a"
 "checksum either 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "c67353c641dc847124ea1902d69bd753dee9bb3beff9aa3662ecf86c971d1fac"
-"checksum ff 0.5.0 (git+https://github.com/matterinc/ff?tag=0.5)" = "<none>"
+"checksum ff_ce 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "18af1ea1b80a4b474fae13af4c58cf0a5a2bc33832d5fa70f68a4b286178fdb5"
-"checksum ff_derive 0.4.0 (git+https://github.com/matterinc/ff?tag=0.5)" = "<none>"
+"checksum ff_derive_ce 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1d245b4e76c5b36bb7721ea15b7fbc61bebf0c5d2890eaf49fe1e2a3eed36db9"
 "checksum fuchsia-cprng 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba"
 "checksum futures 0.1.25 (registry+https://github.com/rust-lang/crates.io-index)" = "49e7653e374fe0d0c12de4250f0bdb60680b8c80eed558c5c7538eec9c89e21b"
 "checksum futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4"
@@ -564,7 +502,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum hex-literal 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "27455ce8b4a6666c87220e4b59c9a83995476bdadc10197905e61dbe906e36fa"
 "checksum hex-literal-impl 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "1d340b6514f232f6db1bd16db65302a5278a04fef9ce867cb932e7e5fa21130a"
 "checksum itertools 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5b8467d9c1cebe26feb08c640139247fac215782d35371ade9a2136ed6085358"
-"checksum itoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "1306f3464951f30e30d12373d31c79fbd52d236e5e896fd92f96ec7babbbe60b"
 "checksum lazy_static 1.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bc5729f27f159ddd61f4df6228e827e86643d4d3e7c32183cb30a1c08f604a14"
 "checksum libc 0.2.49 (registry+https://github.com/rust-lang/crates.io-index)" = "413f3dfc802c5dc91dc570b05125b6cda9855edfaa9825c9849807876376e70e"
 "checksum memmap 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "6585fd95e7bb50d6cc31e20d4cf9afb4e2ba16c5846fc76793f11218da9c475b"
@@ -574,7 +511,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)" = "e83d528d2677f0518c570baf2b7abdcf0cd2d248860b68507bdcb3e91d4c0cea"
 "checksum num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0b3a5d7cc97d6d30d8b9bc8fa19bf45349ffe46241e8816f50f62f6d6aaabee1"
 "checksum num_cpus 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "1a23f0ed30a54abaa0c7e83b1d2d87ada7c3c23078d1d87815af3e3b6385fbba"
-"checksum pairing 0.16.2 (git+https://github.com/matterinc/pairing?tag=0.16.2)" = "<none>"
+"checksum pairing_ce 0.18.0 (registry+https://github.com/rust-lang/crates.io-index)" = "f075a9c570e2026111cb6dddf6a320e5163c42aa32500b315ec34acbcf7c9b36"
 "checksum proc-macro-hack 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2c725b36c99df7af7bf9324e9c999b9e37d92c8f8caf106d82e1d7953218d2d8"
 "checksum proc-macro-hack-impl 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2b753ad9ed99dd8efeaa7d2fb8453c8f6bc3e54b97966d35f1bc77ca6865254a"
 "checksum proc-macro2 0.4.27 (registry+https://github.com/rust-lang/crates.io-index)" = "4d317f9caece796be1980837fd5cb3dfec5613ebdb04ad0956deea83ce168915"
@@ -587,14 +524,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum redox_syscall 0.1.51 (registry+https://github.com/rust-lang/crates.io-index)" = "423e376fffca3dfa06c9e9790a9ccd282fafb3cc6e6397d01dbf64f9bacc6b85"
 "checksum rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)" = "f76d05d3993fd5f4af9434e8e436db163a12a9d40e1a58a726f27a01dfd12a2a"
 "checksum rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)" = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda"
-"checksum ryu 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)" = "eb9e9b8cde282a9fe6a42dd4681319bfb63f121b8a8ee9439c6f4107e58a46f7"
 "checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27"
-"checksum serde 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)" = "9f301d728f2b94c9a7691c90f07b0b4e8a4517181d9461be94c04bddeb4bd850"
-"checksum serde_derive 1.0.88 (registry+https://github.com/rust-lang/crates.io-index)" = "beed18e6f5175aef3ba670e57c60ef3b1b74d250d962a26604bff4c80e970dd4"
-"checksum serde_json 1.0.38 (registry+https://github.com/rust-lang/crates.io-index)" = "27dce848e7467aa0e2fcaf0a413641499c0b745452aaca1194d24dedde9e13c9"
 "checksum smallvec 0.6.9 (registry+https://github.com/rust-lang/crates.io-index)" = "c4488ae950c49d403731982257768f48fada354a5203fe81f9bb6f43ca9002be"
 "checksum syn 0.14.9 (registry+https://github.com/rust-lang/crates.io-index)" = "261ae9ecaa397c42b960649561949d69311f08eeaea86a65696e6e46517cf741"
-"checksum syn 0.15.26 (registry+https://github.com/rust-lang/crates.io-index)" = "f92e629aa1d9c827b2bb8297046c1ccffc57c99b947a680d3ccff1f136a3bee9"
 "checksum time 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)" = "db8dcfca086c1143c9270ac42a2bbd8a7ee477b78ac8e45b19abfb0cbede4b6f"
 "checksum typenum 1.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "612d636f949607bdf9b123b4a6f6d966dedf3ff669f7f045890d3a4a73948169"
 "checksum unicode-xid 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "fc72304796d0818e357ead4e000d19c9c174ab23dc11093ac919054d20a6a7fc"

powersoftau/Cargo.toml

@@ -24,7 +24,7 @@ rust-crypto = "0.2"
 memmap = "0.7.0"
 itertools = "0.8.0"
 
-bellman = { git = 'https://github.com/matterinc/bellman', tag = "0.2.0"}
+bellman_ce = { path = "../bellman" }
 
 [features]
 

powersoftau/src/accumulator.rs

@@ -32,16 +32,16 @@ extern crate blake2;
 extern crate generic_array;
 extern crate typenum;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 extern crate memmap;
 
 use memmap::{Mmap, MmapMut};
-use bellman::pairing::ff::{Field, PrimeField};
+use bellman_ce::pairing::ff::{Field, PrimeField};
 use byteorder::{ReadBytesExt, BigEndian};
 use rand::{SeedableRng, Rng, Rand};
 use rand::chacha::ChaChaRng;
-use bellman::pairing::bn256::{Bn256};
+use bellman_ce::pairing::bn256::{Bn256};
-use bellman::pairing::*;
+use bellman_ce::pairing::*;
 use std::io::{self, Read, Write};
 use std::sync::{Arc, Mutex};
 use generic_array::GenericArray;

powersoftau/src/batched_accumulator.rs

@@ -8,18 +8,18 @@ extern crate blake2;
 extern crate generic_array;
 extern crate typenum;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 extern crate memmap;
 extern crate itertools;
 
 use itertools::Itertools;
 use memmap::{Mmap, MmapMut};
-use bellman::pairing::ff::{Field, PrimeField};
+use bellman_ce::pairing::ff::{Field, PrimeField};
 use byteorder::{ReadBytesExt, BigEndian};
 use rand::{SeedableRng, Rng, Rand};
 use rand::chacha::ChaChaRng;
-use bellman::pairing::bn256::{Bn256};
+use bellman_ce::pairing::bn256::{Bn256};
-use bellman::pairing::*;
+use bellman_ce::pairing::*;
 use std::io::{self, Read, Write};
 use std::sync::{Arc, Mutex};
 use generic_array::GenericArray;
@@ -74,7 +74,6 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
         for chunk in input_map.chunks(chunk_size) {
             hasher.input(&chunk);
         } 
-
         hasher.result()
     }
 }
@@ -91,6 +90,18 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
             marker: std::marker::PhantomData::<P>{}
         }
     }
+
+    pub fn new_for_verify() -> Self {
+        Self {
+            tau_powers_g1: vec![E::G1Affine::one(); P::TAU_POWERS_G1_LENGTH],
+            tau_powers_g2: vec![E::G2Affine::one(); P::TAU_POWERS_LENGTH],
+            alpha_tau_powers_g1: vec![E::G1Affine::one(); P::TAU_POWERS_LENGTH],
+            beta_tau_powers_g1: vec![E::G1Affine::one(); P::TAU_POWERS_LENGTH],
+            beta_g2: E::G2Affine::one(),
+            hash: blank_hash(),
+            marker: std::marker::PhantomData::<P>{}
+        }
+    }
 }
 
 impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
@@ -189,6 +200,71 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
     }
 }
 
+/// Verifies a transformation of the `Accumulator` with the `PublicKey`, given a 64-byte transcript `digest`.
+pub fn verify_transform<E: Engine, P: PowersOfTauParameters>(before: &BachedAccumulator<E, P>, after: &BachedAccumulator<E, P>, key: &PublicKey<E>, digest: &[u8]) -> bool
+{
+    assert_eq!(digest.len(), 64);
+
+    let tau_g2_s = compute_g2_s::<E>(&digest, &key.tau_g1.0, &key.tau_g1.1, 0);
+    let alpha_g2_s = compute_g2_s::<E>(&digest, &key.alpha_g1.0, &key.alpha_g1.1, 1);
+    let beta_g2_s = compute_g2_s::<E>(&digest, &key.beta_g1.0, &key.beta_g1.1, 2);
+
+    // Check the proofs-of-knowledge for tau/alpha/beta
+    
+    // g1^s / g1^(s*x) = g2^s / g2^(s*x)
+    if !same_ratio(key.tau_g1, (tau_g2_s, key.tau_g2)) {
+        return false;
+    }
+    if !same_ratio(key.alpha_g1, (alpha_g2_s, key.alpha_g2)) {
+        return false;
+    }
+    if !same_ratio(key.beta_g1, (beta_g2_s, key.beta_g2)) {
+        return false;
+    }
+
+    // Check the correctness of the generators for tau powers
+    if after.tau_powers_g1[0] != E::G1Affine::one() {
+        return false;
+    }
+    if after.tau_powers_g2[0] != E::G2Affine::one() {
+        return false;
+    }
+
+    // Did the participant multiply the previous tau by the new one?
+    if !same_ratio((before.tau_powers_g1[1], after.tau_powers_g1[1]), (tau_g2_s, key.tau_g2)) {
+        return false;
+    }
+
+    // Did the participant multiply the previous alpha by the new one?
+    if !same_ratio((before.alpha_tau_powers_g1[0], after.alpha_tau_powers_g1[0]), (alpha_g2_s, key.alpha_g2)) {
+        return false;
+    }
+
+    // Did the participant multiply the previous beta by the new one?
+    if !same_ratio((before.beta_tau_powers_g1[0], after.beta_tau_powers_g1[0]), (beta_g2_s, key.beta_g2)) {
+        return false;
+    }
+    if !same_ratio((before.beta_tau_powers_g1[0], after.beta_tau_powers_g1[0]), (before.beta_g2, after.beta_g2)) {
+        return false;
+    }
+
+    // Are the powers of tau correct?
+    if !same_ratio(power_pairs(&after.tau_powers_g1), (after.tau_powers_g2[0], after.tau_powers_g2[1])) {
+        return false;
+    }
+    if !same_ratio(power_pairs(&after.tau_powers_g2), (after.tau_powers_g1[0], after.tau_powers_g1[1])) {
+        return false;
+    }
+    if !same_ratio(power_pairs(&after.alpha_tau_powers_g1), (after.tau_powers_g2[0], after.tau_powers_g2[1])) {
+        return false;
+    }
+    if !same_ratio(power_pairs(&after.beta_tau_powers_g1), (after.tau_powers_g2[0], after.tau_powers_g2[1])) {
+        return false;
+    }
+
+    true
+}
+
 impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
     /// Verifies a transformation of the `Accumulator` with the `PublicKey`, given a 64-byte transcript `digest`.
     pub fn verify_transformation(
@@ -368,6 +444,112 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
 
         Ok(())
     }
+
+    pub fn deserialize(
+        input_map: &Mmap,
+        check_input_for_correctness: CheckForCorrectness,
+        compression: UseCompression,
+    ) -> io::Result<BachedAccumulator<E, P>>
+    {
+        use itertools::MinMaxResult::{MinMax};
+
+        let mut accumulator = Self::empty();
+
+        let mut tau_powers_g1 = vec![];
+        let mut tau_powers_g2 = vec![];
+        let mut alpha_tau_powers_g1 = vec![];
+        let mut beta_tau_powers_g1 = vec![];
+        let mut beta_g2 = vec![];
+
+        for chunk in &(0..P::TAU_POWERS_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) {
+            if let MinMax(start, end) = chunk.minmax() {
+                let size = end - start + 1;
+                accumulator.read_chunk(start, size, compression, check_input_for_correctness, &input_map).expect(&format!("must read a chunk from {} to {} from source of decompression", start, end));
+                tau_powers_g1.extend_from_slice(&accumulator.tau_powers_g1);
+                tau_powers_g2.extend_from_slice(&accumulator.tau_powers_g2);
+                alpha_tau_powers_g1.extend_from_slice(&accumulator.alpha_tau_powers_g1);
+                beta_tau_powers_g1.extend_from_slice(&accumulator.beta_tau_powers_g1);
+                if start == 0 {
+                    beta_g2.extend_from_slice(&[accumulator.beta_g2]);
+                }
+            } else {
+                panic!("Chunk does not have a min and max");
+            }
+        }
+
+        for chunk in &(P::TAU_POWERS_LENGTH..P::TAU_POWERS_G1_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) {
+            if let MinMax(start, end) = chunk.minmax() {
+                let size = end - start + 1;
+                accumulator.read_chunk(start, size, compression, check_input_for_correctness, &input_map).expect(&format!("must read a chunk from {} to {} from source of decompression", start, end));
+                assert_eq!(accumulator.tau_powers_g2.len(), 0, "during rest of tau g1 generation tau g2 must be empty");
+                assert_eq!(accumulator.alpha_tau_powers_g1.len(), 0, "during rest of tau g1 generation alpha*tau in g1 must be empty");
+                assert_eq!(accumulator.beta_tau_powers_g1.len(), 0, "during rest of tau g1 generation beta*tau in g1 must be empty");
+
+                tau_powers_g1.extend_from_slice(&accumulator.tau_powers_g1);
+                tau_powers_g2.extend_from_slice(&accumulator.tau_powers_g2);
+                alpha_tau_powers_g1.extend_from_slice(&accumulator.alpha_tau_powers_g1);
+                beta_tau_powers_g1.extend_from_slice(&accumulator.beta_tau_powers_g1);
+            } else {
+                panic!("Chunk does not have a min and max");
+            }
+        }
+
+        Ok(BachedAccumulator {
+            tau_powers_g1: tau_powers_g1,
+            tau_powers_g2: tau_powers_g2,
+            alpha_tau_powers_g1: alpha_tau_powers_g1,
+            beta_tau_powers_g1: beta_tau_powers_g1,
+            beta_g2: beta_g2[0],
+            hash: blank_hash(),
+            marker: std::marker::PhantomData::<P>{}
+        })
+    }
+
+    pub fn serialize(
+        &mut self,
+        output_map: &mut MmapMut,
+        compression: UseCompression
+    ) -> io::Result<()>
+    {
+        use itertools::MinMaxResult::{MinMax};
+
+        for chunk in &(0..P::TAU_POWERS_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) {
+            if let MinMax(start, end) = chunk.minmax() {
+                let mut tmp_acc = BachedAccumulator::<E,P> {
+                    tau_powers_g1: (&self.tau_powers_g1[start..end+1]).to_vec(),
+                    tau_powers_g2: (&self.tau_powers_g2[start..end+1]).to_vec(),
+                    alpha_tau_powers_g1: (&self.alpha_tau_powers_g1[start..end+1]).to_vec(),
+                    beta_tau_powers_g1: (&self.beta_tau_powers_g1[start..end+1]).to_vec(),
+                    beta_g2: self.beta_g2.clone(),
+                    hash: self.hash.clone(),
+                    marker: std::marker::PhantomData::<P>{}
+                };
+                tmp_acc.write_chunk(start, compression, output_map)?;
+            } else {
+                panic!("Chunk does not have a min and max");
+            }
+        }
+
+        for chunk in &(P::TAU_POWERS_LENGTH..P::TAU_POWERS_G1_LENGTH).into_iter().chunks(P::EMPIRICAL_BATCH_SIZE) {
+            if let MinMax(start, end) = chunk.minmax() {
+                let mut tmp_acc = BachedAccumulator::<E,P> {
+                    tau_powers_g1: (&self.tau_powers_g1[start..end+1]).to_vec(),
+                    tau_powers_g2: vec![],
+                    alpha_tau_powers_g1: vec![],
+                    beta_tau_powers_g1: vec![],
+                    beta_g2: self.beta_g2.clone(),
+                    hash: self.hash.clone(),
+                    marker: std::marker::PhantomData::<P>{}
+                };
+                tmp_acc.write_chunk(start, compression, output_map)?;
+            } else {
+                panic!("Chunk does not have a min and max");
+            }
+        }
+
+        Ok(())
+    }
+
 }
 
 impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
@@ -726,7 +908,7 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
                 crossbeam::scope(|scope| {
                     for (i, taupowers) in taupowers.chunks_mut(chunk_size).enumerate() {
                         scope.spawn(move || {
-                            let mut acc = key.tau.pow(&[(i * chunk_size) as u64]);
+                            let mut acc = key.tau.pow(&[(start + i * chunk_size) as u64]);
 
                             for t in taupowers {
                                 *t = acc;
@@ -740,10 +922,11 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
                 batch_exp::<E, _>(&mut accumulator.tau_powers_g2, &taupowers[0..], None);
                 batch_exp::<E, _>(&mut accumulator.alpha_tau_powers_g1, &taupowers[0..], Some(&key.alpha));
                 batch_exp::<E, _>(&mut accumulator.beta_tau_powers_g1, &taupowers[0..], Some(&key.beta));
-                accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine();
+                if start == 0 {
+                    accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine();
+                }
                 assert!(!accumulator.beta_g2.is_zero(), "your contribution happed to produce a point at infinity, please re-run");
                 accumulator.write_chunk(start, compress_the_output, output_map)?;
-
                 println!("Done processing {} powers of tau", end);
             } else {
                 panic!("Chunk does not have a min and max");
@@ -764,7 +947,7 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
                 crossbeam::scope(|scope| {
                     for (i, taupowers) in taupowers.chunks_mut(chunk_size).enumerate() {
                         scope.spawn(move || {
-                            let mut acc = key.tau.pow(&[(i * chunk_size) as u64]);
+                            let mut acc = key.tau.pow(&[(start + i * chunk_size) as u64]);
 
                             for t in taupowers {
                                 *t = acc;
@@ -775,8 +958,8 @@ impl<E:Engine, P: PowersOfTauParameters> BachedAccumulator<E, P> {
                 });
 
                 batch_exp::<E, _>(&mut accumulator.tau_powers_g1, &taupowers[0..], None);
-                accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine();
+                //accumulator.beta_g2 = accumulator.beta_g2.mul(key.beta).into_affine();
-                assert!(!accumulator.beta_g2.is_zero(), "your contribution happed to produce a point at infinity, please re-run");
+                //assert!(!accumulator.beta_g2.is_zero(), "your contribution happed to produce a point at infinity, please re-run");
                 accumulator.write_chunk(start, compress_the_output, output_map)?;
 
                 println!("Done processing {} powers of tau", end);

powersoftau/src/bin/beacon_constrained.rs

@@ -1,5 +1,5 @@
 extern crate powersoftau;
-extern crate bellman;
+extern crate bellman_ce;
 extern crate memmap;
 extern crate rand;
 extern crate blake2;
@@ -13,7 +13,7 @@ use powersoftau::keypair::{keypair};
 use powersoftau::parameters::{UseCompression, CheckForCorrectness};
 
 use std::fs::OpenOptions;
-use bellman::pairing::bn256::Bn256;
+use bellman_ce::pairing::bn256::Bn256;
 use memmap::*;
 
 use std::io::Write;
@@ -44,7 +44,7 @@ fn main() {
         let mut cur_hash: [u8; 32] = hex!("0000000000000000000a558a61ddc8ee4e488d647a747fe4dcc362fe2026c620");
 
         // Performs 2^n hash iterations over it
-        const N: usize = 31;
+        const N: usize = 10;
 
         for i in 0..(1u64<<N) {
             // Print 1024 of the interstitial states

powersoftau/src/bin/compute_constrained.rs

@@ -1,5 +1,5 @@
 extern crate powersoftau;
-extern crate bellman;
+extern crate bellman_ce;
 extern crate memmap;
 extern crate rand;
 extern crate blake2;
@@ -12,7 +12,7 @@ use powersoftau::keypair::{keypair};
 use powersoftau::parameters::{UseCompression, CheckForCorrectness};
 
 use std::fs::OpenOptions;
-use bellman::pairing::bn256::Bn256;
+use bellman_ce::pairing::bn256::Bn256;
 use memmap::*;
 
 use std::io::{Read, Write};

powersoftau/src/bin/new.rs

@@ -1,5 +1,5 @@
 extern crate powersoftau;
-extern crate bellman;
+extern crate bellman_ce;
 
 // use powersoftau::bn256::{Bn256CeremonyParameters};
 use powersoftau::small_bn256::{Bn256CeremonyParameters};
@@ -9,7 +9,7 @@ use powersoftau::parameters::{UseCompression};
 
 use std::fs::OpenOptions;
 use std::io::{Write, BufWriter};
-use bellman::pairing::bn256::Bn256;
+use bellman_ce::pairing::bn256::Bn256;
 
 fn main() {
     let writer = OpenOptions::new()

powersoftau/src/bin/new_constrained.rs

@@ -1,5 +1,5 @@
 extern crate powersoftau;
-extern crate bellman;
+extern crate bellman_ce;
 extern crate memmap;
 
 // use powersoftau::bn256::{Bn256CeremonyParameters};
@@ -10,7 +10,7 @@ use powersoftau::utils::{blank_hash};
 
 use std::fs::OpenOptions;
 use std::io::{Write};
-use bellman::pairing::bn256::Bn256;
+use bellman_ce::pairing::bn256::Bn256;
 use memmap::*;
 
 use powersoftau::parameters::PowersOfTauParameters;

powersoftau/src/bin/verify.rs

@@ -1,19 +1,29 @@
-extern crate pairing;
 extern crate powersoftau;
 extern crate rand;
 extern crate blake2;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 
-use bellman::pairing::{CurveAffine, CurveProjective};
+use bellman_ce::pairing::{CurveAffine, CurveProjective};
-use bellman::pairing::bls12_381::{G1, G2};
+use bellman_ce::pairing::bn256::Bn256;
+use bellman_ce::pairing::bn256::{G1, G2};
+use powersoftau::small_bn256::{Bn256CeremonyParameters};
+use powersoftau::batched_accumulator::*;
+use powersoftau::accumulator::HashWriter;
 use powersoftau::*;
 
-use bellman::multicore::Worker;
+use crate::utils::*;
-use bellman::domain::{EvaluationDomain, Point};
+use crate::parameters::*;
+use crate::keypair::*;
 
-use std::fs::OpenOptions;
+use bellman_ce::multicore::Worker;
-use std::io::{self, BufReader, BufWriter, Write};
+use bellman_ce::domain::{EvaluationDomain, Point};
+
+use std::path::Path;
+use std::fs::{OpenOptions, remove_file};
+use std::io::{self, Read, BufWriter, Write};
+
+use memmap::*;
 
 fn into_hex(h: &[u8]) -> String {
     let mut f = String::new();
@@ -29,20 +39,54 @@ fn into_hex(h: &[u8]) -> String {
 // given the current state of the accumulator and the last
 // response file hash.
 fn get_challenge_file_hash(
-    acc: &Accumulator,
+    acc: &mut BachedAccumulator::<Bn256, Bn256CeremonyParameters>,
-    last_response_file_hash: &[u8; 64]
+    last_response_file_hash: &[u8; 64],
+    is_initial: bool,
 ) -> [u8; 64]
 {
     let sink = io::sink();
     let mut sink = HashWriter::new(sink);
 
-    sink.write_all(last_response_file_hash)
+    let file_name = "tmp_challenge_file_hash";
-        .unwrap();
 
-    acc.serialize(
+    if Path::new(file_name).exists() {
-        &mut sink,
+        remove_file(file_name).unwrap();
-        UseCompression::No
+    }
-    ).unwrap();
+    {
+        let writer = OpenOptions::new()
+            .read(true)
+            .write(true)
+            .create_new(true)
+            .open(file_name)
+            .expect("unable to create temporary tmp_challenge_file_hash");
+
+        writer.set_len(Bn256CeremonyParameters::ACCUMULATOR_BYTE_SIZE as u64).expect("must make output file large enough");
+        let mut writable_map = unsafe { MmapOptions::new().map_mut(&writer).expect("unable to create a memory map for output") };
+
+        (&mut writable_map[0..]).write(&last_response_file_hash[..]).expect("unable to write a default hash to mmap");
+        writable_map.flush().expect("unable to write blank hash to `./challenge`");
+
+        if is_initial {
+            BachedAccumulator::<Bn256, Bn256CeremonyParameters>::generate_initial(&mut writable_map, UseCompression::No).expect("generation of initial accumulator is successful");
+        } else {
+            acc.serialize(
+                &mut writable_map,
+                UseCompression::No
+            ).unwrap();
+        }
+
+        writable_map.flush().expect("must flush the memory map");
+    }
+
+    let mut challenge_reader = OpenOptions::new()
+        .read(true)
+        .open(file_name).expect("unable to open temporary tmp_challenge_file_hash");
+
+    let mut contents = vec![];
+    challenge_reader.read_to_end(&mut contents).unwrap();
+
+    sink.write_all(&contents)
+        .unwrap();
 
     let mut tmp = [0; 64];
     tmp.copy_from_slice(sink.into_hash().as_slice());
@@ -54,23 +98,51 @@ fn get_challenge_file_hash(
 // accumulator, the player's public key, and the challenge
 // file's hash.
 fn get_response_file_hash(
-    acc: &Accumulator,
+    acc: &mut BachedAccumulator::<Bn256, Bn256CeremonyParameters>,
-    pubkey: &PublicKey,
+    pubkey: &PublicKey::<Bn256>,
     last_challenge_file_hash: &[u8; 64]
 ) -> [u8; 64]
 {
     let sink = io::sink();
     let mut sink = HashWriter::new(sink);
 
-    sink.write_all(last_challenge_file_hash)
+    let file_name = "tmp_response_file_hash";
+    if Path::new(file_name).exists() {
+        remove_file(file_name).unwrap();
+    }
+    {
+        let writer = OpenOptions::new()
+            .read(true)
+            .write(true)
+            .create_new(true)
+            .open(file_name)
+            .expect("unable to create temporary tmp_response_file_hash");
+
+        writer.set_len(Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE as u64).expect("must make output file large enough");
+        let mut writable_map = unsafe { MmapOptions::new().map_mut(&writer).expect("unable to create a memory map for output") };
+
+        (&mut writable_map[0..]).write(&last_challenge_file_hash[..]).expect("unable to write a default hash to mmap");
+        writable_map.flush().expect("unable to write blank hash to `./challenge`");
+
+        acc.serialize(
+            &mut writable_map,
+            UseCompression::Yes
+        ).unwrap();
+
+        pubkey.write::<Bn256CeremonyParameters>(&mut writable_map, UseCompression::Yes).expect("unable to write public key");
+        writable_map.flush().expect("must flush the memory map");
+    }
+
+    let mut challenge_reader = OpenOptions::new()
+        .read(true)
+        .open(file_name).expect("unable to open temporary tmp_response_file_hash");
+
+    let mut contents = vec![];
+    challenge_reader.read_to_end(&mut contents).unwrap();
+
+    sink.write_all(&contents)
         .unwrap();
 
-    acc.serialize(
-        &mut sink,
-        UseCompression::Yes
-    ).unwrap();
-
-    pubkey.serialize(&mut sink).unwrap();
 
     let mut tmp = [0; 64];
     tmp.copy_from_slice(sink.into_hash().as_slice());
@@ -78,17 +150,51 @@ fn get_response_file_hash(
     tmp
 }
 
+fn new_accumulator_for_verify() -> BachedAccumulator<Bn256, Bn256CeremonyParameters> {
+    let file_name = "tmp_initial_challenge";
+    {
+        if Path::new(file_name).exists() {
+            remove_file(file_name).unwrap();
+        }
+
+        let file = OpenOptions::new()
+                                .read(true)
+                                .write(true)
+                                .create_new(true)
+                                .open(file_name).expect("unable to create `./tmp_initial_challenge`");
+                
+        let expected_challenge_length = Bn256CeremonyParameters::ACCUMULATOR_BYTE_SIZE;
+        file.set_len(expected_challenge_length as u64).expect("unable to allocate large enough file");
+
+        let mut writable_map = unsafe { MmapOptions::new().map_mut(&file).expect("unable to create a memory map") };
+        BachedAccumulator::<Bn256, Bn256CeremonyParameters>::generate_initial(&mut writable_map, UseCompression::No).expect("generation of initial accumulator is successful");
+        writable_map.flush().expect("unable to flush memmap to disk");
+    }
+
+    let reader = OpenOptions::new()
+                            .read(true)
+                            .open(file_name)
+                            .expect("unable open `./transcript` in this directory");
+    let readable_map = unsafe { MmapOptions::new().map(&reader).expect("unable to create a memory map for input") };
+    let initial_accumulator = BachedAccumulator::deserialize(
+        &readable_map,
+        CheckForCorrectness::Yes,
+        UseCompression::No,
+    ).expect("unable to read uncompressed accumulator");
+
+    initial_accumulator
+}
+
 fn main() {
     // Try to load `./transcript` from disk.
     let reader = OpenOptions::new()
                             .read(true)
                             .open("transcript")
                             .expect("unable open `./transcript` in this directory");
-
+    let transcript_readable_map = unsafe { MmapOptions::new().map(&reader).expect("unable to create a memory map for input") };
-    let mut reader = BufReader::with_capacity(1024 * 1024, reader);
 
     // Initialize the accumulator
-    let mut current_accumulator = Accumulator::new();
+    let mut current_accumulator = new_accumulator_for_verify();
 
     // The "last response file hash" is just a blank BLAKE2b hash
     // at the beginning of the hash chain.
@@ -96,38 +202,62 @@ fn main() {
     last_response_file_hash.copy_from_slice(blank_hash().as_slice());
 
     // There were 89 rounds.
-    for _ in 0..89 {
+    for i in 0..2 {
         // Compute the hash of the challenge file that the player
         // should have received.
+
+        let file_name = "tmp_response";
+        if Path::new(file_name).exists() {
+            remove_file(file_name).unwrap();
+        }
+
+        let memory_slice = transcript_readable_map.get(i*Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE..(i+1)*Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE).expect("must read point data from file");
+        let writer = OpenOptions::new()
+            .read(true)
+            .write(true)
+            .create_new(true)
+            .open(file_name)
+            .expect("unable to create temporary tmp_response");
+
+        writer.set_len(Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE as u64).expect("must make output file large enough");
+        let mut writable_map = unsafe { MmapOptions::new().map_mut(&writer).expect("unable to create a memory map for output") };
+
+        (&mut writable_map[0..]).write(&memory_slice[..]).expect("unable to write a default hash to mmap");
+        writable_map.flush().expect("must flush the memory map");
+
+        let response_readable_map = writable_map.make_read_only().expect("must make a map readonly");
+
         let last_challenge_file_hash = get_challenge_file_hash(
-            &current_accumulator,
+            &mut current_accumulator,
-            &last_response_file_hash
+            &last_response_file_hash,
+            i == 0,
         );
+        println!("last challenge hash: {}", into_hex(&last_challenge_file_hash));
 
         // Deserialize the accumulator provided by the player in
         // their response file. It's stored in the transcript in
         // uncompressed form so that we can more efficiently
         // deserialize it.
-        let response_file_accumulator = Accumulator::deserialize(
+
-            &mut reader,
+        let mut response_file_accumulator = BachedAccumulator::deserialize(
-            UseCompression::No,
+            &response_readable_map,
-            CheckForCorrectness::Yes
+            CheckForCorrectness::Yes,
+            UseCompression::Yes,
         ).expect("unable to read uncompressed accumulator");
 
-        // Deserialize the public key provided by the player.
+        println!("test: {}", response_file_accumulator.tau_powers_g1[8190]);
-        let response_file_pubkey = PublicKey::deserialize(&mut reader)
-            .expect("wasn't able to deserialize the response file's public key");
 
+        let response_file_pubkey = PublicKey::<Bn256>::read::<Bn256CeremonyParameters>(&response_readable_map, UseCompression::Yes).unwrap();
         // Compute the hash of the response file. (we had it in uncompressed
         // form in the transcript, but the response file is compressed to save
         // participants bandwidth.)
         last_response_file_hash = get_response_file_hash(
-            &response_file_accumulator,
+            &mut response_file_accumulator,
             &response_file_pubkey,
             &last_challenge_file_hash
         );
 
-        print!("{}", into_hex(&last_response_file_hash));
+        println!("last response file hash: {}", into_hex(&last_response_file_hash));
 
         // Verify the transformation from the previous accumulator to the new
         // one. This also verifies the correctness of the accumulators and the

powersoftau/src/bin/verify_transform_constrained.rs

@@ -1,5 +1,5 @@
 extern crate powersoftau;
-extern crate bellman;
+extern crate bellman_ce;
 extern crate memmap;
 extern crate rand;
 extern crate blake2;
@@ -12,7 +12,7 @@ use powersoftau::keypair::{PublicKey};
 use powersoftau::parameters::{UseCompression, CheckForCorrectness};
 
 use std::fs::OpenOptions;
-use bellman::pairing::bn256::Bn256;
+use bellman_ce::pairing::bn256::Bn256;
 use memmap::*;
 
 use std::io::{Read, Write};
@@ -35,7 +35,7 @@ fn main() {
         let metadata = challenge_reader.metadata().expect("unable to get filesystem metadata for `./challenge`");
         let expected_challenge_length = match PREVIOUS_CHALLENGE_IS_COMPRESSED {
             UseCompression::Yes => {
-                Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE
+                Bn256CeremonyParameters::CONTRIBUTION_BYTE_SIZE - Bn256CeremonyParameters::PUBLIC_KEY_SIZE
             },
             UseCompression::No => {
                 Bn256CeremonyParameters::ACCUMULATOR_BYTE_SIZE

powersoftau/src/bls12_381/mod.rs

@@ -191,22 +191,6 @@ pub fn keypair<R: Rng>(rng: &mut R, digest: &[u8]) -> (PublicKey, PrivateKey)
     )
 }
 
-/// Determines if point compression should be used.
-#[derive(Copy, Clone)]
-pub enum UseCompression {
-    Yes,
-    No
-}
-
-/// Determines if points should be checked for correctness during deserialization.
-/// This is not necessary for participants, because a transcript verifier can
-/// check this theirself.
-#[derive(Copy, Clone)]
-pub enum CheckForCorrectness {
-    Yes,
-    No
-}
-
 fn write_point<W, G>(
     writer: &mut W,
     p: &G,
@@ -822,39 +806,4 @@ impl<R: Read> Read for HashReader<R> {
     }
 }
 
-/// Abstraction over a writer which hashes the data being written.
-pub struct HashWriter<W: Write> {
-    writer: W,
-    hasher: Blake2b
-}
 
-impl<W: Write> HashWriter<W> {
-    /// Construct a new `HashWriter` given an existing `writer` by value.
-    pub fn new(writer: W) -> Self {
-        HashWriter {
-            writer: writer,
-            hasher: Blake2b::default()
-        }
-    }
-
-    /// Destroy this writer and return the hash of what was written.
-    pub fn into_hash(self) -> GenericArray<u8, U64> {
-        self.hasher.result()
-    }
-}
-
-impl<W: Write> Write for HashWriter<W> {
-    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
-        let bytes = self.writer.write(buf)?;
-
-        if bytes > 0 {
-            self.hasher.input(&buf[0..bytes]);
-        }
-
-        Ok(bytes)
-    }
-
-    fn flush(&mut self) -> io::Result<()> {
-        self.writer.flush()
-    }
-}

powersoftau/src/bn256/mod.rs

@@ -5,14 +5,14 @@ extern crate blake2;
 extern crate generic_array;
 extern crate typenum;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 
-use self::bellman::pairing::ff::{Field, PrimeField};
+use self::bellman_ce::pairing::ff::{Field, PrimeField};
 use self::byteorder::{ReadBytesExt, BigEndian};
 use self::rand::{SeedableRng, Rng, Rand};
 use self::rand::chacha::ChaChaRng;
-use self::bellman::pairing::bn256::{Bn256};
+use self::bellman_ce::pairing::bn256::{Bn256};
-use self::bellman::pairing::*;
+use self::bellman_ce::pairing::*;
 use std::io::{self, Read, Write};
 use std::sync::{Arc, Mutex};
 use self::generic_array::GenericArray;
@@ -56,7 +56,7 @@ fn test_pubkey_serialization() {
 #[test]
 fn test_power_pairs() {
     use self::rand::thread_rng;
-    use self::bellman::pairing::bn256::{Fr, G1Affine, G2Affine};
+    use self::bellman_ce::pairing::bn256::{Fr, G1Affine, G2Affine};
     let rng = &mut thread_rng();
 
     let mut v = vec![];
@@ -79,7 +79,7 @@ fn test_power_pairs() {
 #[test]
 fn test_same_ratio() {
     use self::rand::thread_rng;
-    use self::bellman::pairing::bn256::{Fr, G1Affine, G2Affine};
+    use self::bellman_ce::pairing::bn256::{Fr, G1Affine, G2Affine};
 
     let rng = &mut thread_rng();
 
@@ -98,7 +98,7 @@ fn test_accumulator_serialization() {
     use crate::accumulator::*;
 
     use self::rand::thread_rng;
-    use self::bellman::pairing::bn256::{Bn256, Fr, G1Affine, G2Affine};
+    use self::bellman_ce::pairing::bn256::{Bn256, Fr, G1Affine, G2Affine};
     use self::PowersOfTauParameters;
 
     let rng = &mut thread_rng();

powersoftau/src/keypair.rs

@@ -5,18 +5,18 @@ extern crate blake2;
 extern crate generic_array;
 extern crate typenum;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 extern crate memmap;
 extern crate itertools;
 
 use itertools::Itertools;
 use memmap::{Mmap, MmapMut};
-use self::bellman::pairing::ff::{Field, PrimeField};
+use self::bellman_ce::pairing::ff::{Field, PrimeField};
 use self::byteorder::{ReadBytesExt, BigEndian};
 use self::rand::{SeedableRng, Rng, Rand};
 use self::rand::chacha::ChaChaRng;
-use self::bellman::pairing::bn256::{Bn256};
+use self::bellman_ce::pairing::bn256::{Bn256};
-use self::bellman::pairing::*;
+use self::bellman_ce::pairing::*;
 use std::io::{self, Read, Write};
 use std::sync::{Arc, Mutex};
 use self::generic_array::GenericArray;

powersoftau/src/parameters.rs

@@ -5,14 +5,14 @@ extern crate blake2;
 extern crate generic_array;
 extern crate typenum;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 
-use bellman::pairing::ff::{Field, PrimeField};
+use bellman_ce::pairing::ff::{Field, PrimeField};
 use byteorder::{ReadBytesExt, BigEndian};
 use rand::{SeedableRng, Rng, Rand};
 use rand::chacha::ChaChaRng;
-use bellman::pairing::bn256::{Bn256};
+use bellman_ce::pairing::bn256::{Bn256};
-use bellman::pairing::*;
+use bellman_ce::pairing::*;
 use std::io::{self, Read, Write};
 use std::sync::{Arc, Mutex};
 use generic_array::GenericArray;

powersoftau/src/small_bn256/mod.rs

@@ -5,14 +5,14 @@ extern crate blake2;
 extern crate generic_array;
 extern crate typenum;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 
-use self::bellman::pairing::ff::{Field, PrimeField};
+use self::bellman_ce::pairing::ff::{Field, PrimeField};
 use self::byteorder::{ReadBytesExt, BigEndian};
 use self::rand::{SeedableRng, Rng, Rand};
 use self::rand::chacha::ChaChaRng;
-use self::bellman::pairing::bn256::{Bn256};
+use self::bellman_ce::pairing::bn256::{Bn256};
-use self::bellman::pairing::*;
+use self::bellman_ce::pairing::*;
 use std::io::{self, Read, Write};
 use std::sync::{Arc, Mutex};
 use self::generic_array::GenericArray;
@@ -30,7 +30,7 @@ pub struct Bn256CeremonyParameters {
 }
 
 impl PowersOfTauParameters for Bn256CeremonyParameters {
-    const REQUIRED_POWER: usize = 25; // generate to have roughly 2 million constraints
+    const REQUIRED_POWER: usize = 12; // generate to have roughly 2 million constraints
 
     // This ceremony is based on the BN256 elliptic curve construction.
     const G1_UNCOMPRESSED_BYTE_SIZE: usize = 64;

powersoftau/src/utils.rs

@@ -5,14 +5,14 @@ extern crate blake2;
 extern crate generic_array;
 extern crate typenum;
 extern crate byteorder;
-extern crate bellman;
+extern crate bellman_ce;
 
-use bellman::pairing::ff::{Field, PrimeField, PrimeFieldRepr};
+use bellman_ce::pairing::ff::{Field, PrimeField, PrimeFieldRepr};
 use byteorder::{ReadBytesExt, BigEndian};
 use rand::{SeedableRng, Rng, Rand};
 use rand::chacha::ChaChaRng;
-use bellman::pairing::bn256::{Bn256};
+use bellman_ce::pairing::bn256::{Bn256};
-use bellman::pairing::*;
+use bellman_ce::pairing::*;
 use std::io::{self, Read, Write};
 use std::sync::{Arc, Mutex};
 use generic_array::GenericArray;
@@ -298,3 +298,4 @@ fn dense_multiexp_inner<G: CurveAffine>(
         return next_region;
     }
 }
+

powersoftau/test.sh

@@ -16,3 +16,6 @@ mv response response_old
 mv new_challenge challenge
 cargo run --release --bin beacon_constrained
 cargo run --release --bin verify_transform_constrained
+
+cat response_old response > transcript
+cargo run --release --bin verify