From 700870b3c2bd699dda40057101c0067cedb3e2e5 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Sun, 18 Jul 2021 11:12:09 -0700 Subject: [PATCH 01/26] WIP field ext --- src/fields/cubic_extension.rs | 233 ++++++++------- src/fields/fp/mod.rs | 17 +- src/fields/fp12.rs | 16 +- src/fields/fp2.rs | 9 +- src/fields/fp3.rs | 9 +- src/fields/fp4.rs | 9 +- src/fields/fp6_2over3.rs | 9 +- src/fields/fp6_3over2.rs | 21 +- src/fields/mod.rs | 4 + src/fields/quadratic_extension.rs | 205 +++++++------- src/groups/curves/short_weierstrass/mod.rs | 266 +++++++++--------- .../short_weierstrass/non_zero_affine.rs | 59 ++-- src/lib.rs | 4 +- 13 files changed, 467 insertions(+), 394 deletions(-) diff --git a/src/fields/cubic_extension.rs b/src/fields/cubic_extension.rs index 5a5f5aff..6bba59a1 100644 --- a/src/fields/cubic_extension.rs +++ b/src/fields/cubic_extension.rs @@ -6,7 +6,7 @@ use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; use core::{borrow::Borrow, marker::PhantomData}; use crate::{ - fields::{fp::FpVar, FieldOpsBounds, FieldVar}, + fields::{FieldExt, fp::FpVar, FieldOpsBounds, FieldVar}, prelude::*, ToConstraintFieldGadget, Vec, }; @@ -14,42 +14,54 @@ use crate::{ /// This struct is the `R1CS` equivalent of the cubic extension field type /// in `ark-ff`, i.e. `ark_ff::CubicExtField`. #[derive(Derivative)] -#[derivative(Debug(bound = "BF: core::fmt::Debug"), Clone(bound = "BF: Clone"))] +#[derivative( + Debug(bound = "P::BaseField: FieldExt"), + Clone(bound = "P::BaseField: FieldExt") +)] #[must_use] -pub struct CubicExtVar, P: CubicExtVarParams> +pub struct CubicExtVar where - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, + P::BaseField: FieldExt, { /// The zero-th coefficient of this field element. - pub c0: BF, + pub c0: BFVar

, /// The first coefficient of this field element. - pub c1: BF, + pub c1: BFVar

, /// The second coefficient of this field element. - pub c2: BF, + pub c2: BFVar

, #[derivative(Debug = "ignore")] _params: PhantomData

, } +type BFVar

= <

::BaseField as FieldExt>::Var; + +impl FieldExt for CubicExtField

+where + P::BaseField: FieldExt, +{ + type Var = CubicExtVar

; +} + /// This trait describes parameters that are used to implement arithmetic for /// `CubicExtVar`. -pub trait CubicExtVarParams>: - CubicExtParameters +pub trait CubicExtVarParams: CubicExtParameters where - for<'a> &'a BF: FieldOpsBounds<'a, Self::BaseField, BF>, + Self::BaseField: FieldExt, { /// Multiply the base field of the `CubicExtVar` by the appropriate /// Frobenius coefficient. This is equivalent to /// `Self::mul_base_field_by_frob_coeff(c1, c2, power)`. - fn mul_base_field_vars_by_frob_coeff(c1: &mut BF, c2: &mut BF, power: usize); + fn mul_base_field_vars_by_frob_coeff(c1: &mut BFVar, c2: &mut BFVar, power: usize); } -impl, P: CubicExtVarParams> CubicExtVar +impl CubicExtVar

where - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, + P::BaseField: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Constructs a `CubicExtVar` from the underlying coefficients. #[inline] - pub fn new(c0: BF, c1: BF, c2: BF) -> Self { + pub fn new(c0: BFVar

, c1: BFVar

, c2: BFVar

) -> Self { let _params = PhantomData; Self { c0, @@ -62,7 +74,7 @@ where /// Multiplies a variable of the base field by the cubic nonresidue /// `P::NONRESIDUE` that is used to construct the extension field. #[inline] - pub fn mul_base_field_by_nonresidue(fe: &BF) -> Result { + pub fn mul_base_field_by_nonresidue(fe: &BFVar

) -> Result, SynthesisError> { Ok(fe * P::NONRESIDUE) } @@ -82,11 +94,11 @@ where } } -impl R1CSVar for CubicExtVar +impl

R1CSVar for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { type Value = CubicExtField

; @@ -103,59 +115,59 @@ where } } -impl From> for CubicExtVar +impl

From> for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { fn from(other: Boolean) -> Self { - let c0 = BF::from(other); - let c1 = BF::zero(); - let c2 = BF::zero(); + let c0 = BFVar::from(other); + let c1 = BFVar::zero(); + let c2 = BFVar::zero(); Self::new(c0, c1, c2) } } -impl<'a, BF, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar> for CubicExtVar +impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for CubicExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: CubicExtVarParams, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { } -impl<'a, BF, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar> for &'a CubicExtVar +impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for &'a CubicExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: CubicExtVarParams, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { } -impl FieldVar, P::BasePrimeField> for CubicExtVar +impl

FieldVar, P::BasePrimeField> for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { fn constant(other: CubicExtField

) -> Self { - let c0 = BF::constant(other.c0); - let c1 = BF::constant(other.c1); - let c2 = BF::constant(other.c2); + let c0 = BFVar::constant(other.c0); + let c1 = BFVar::constant(other.c1); + let c2 = BFVar::constant(other.c2); Self::new(c0, c1, c2) } fn zero() -> Self { - let c0 = BF::zero(); - let c1 = BF::zero(); - let c2 = BF::zero(); + let c0 = BFVar::zero(); + let c1 = BFVar::zero(); + let c2 = BFVar::zero(); Self::new(c0, c1, c2) } fn one() -> Self { - let c0 = BF::one(); - let c1 = BF::zero(); - let c2 = BF::zero(); + let c0 = BFVar::one(); + let c1 = BFVar::zero(); + let c2 = BFVar::zero(); Self::new(c0, c1, c2) } @@ -286,51 +298,53 @@ where } impl_bounded_ops!( - CubicExtVar, + CubicExtVar

, CubicExtField

, Add, add, AddAssign, add_assign, - |this: &'a CubicExtVar, other: &'a CubicExtVar| { + |this: &'a CubicExtVar

, other: &'a CubicExtVar

| { let c0 = &this.c0 + &other.c0; let c1 = &this.c1 + &other.c1; let c2 = &this.c2 + &other.c2; CubicExtVar::new(c0, c1, c2) }, - |this: &'a CubicExtVar, other: CubicExtField

| { + |this: &'a CubicExtVar

, other: CubicExtField

| { this + CubicExtVar::constant(other) }, - (BF: FieldVar, P: CubicExtVarParams), - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, + (P: CubicExtVarParams), + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldExt, ); impl_bounded_ops!( - CubicExtVar, + CubicExtVar

, CubicExtField

, Sub, sub, SubAssign, sub_assign, - |this: &'a CubicExtVar, other: &'a CubicExtVar| { + |this: &'a CubicExtVar

, other: &'a CubicExtVar

| { let c0 = &this.c0 - &other.c0; let c1 = &this.c1 - &other.c1; let c2 = &this.c2 - &other.c2; CubicExtVar::new(c0, c1, c2) }, - |this: &'a CubicExtVar, other: CubicExtField

| { + |this: &'a CubicExtVar

, other: CubicExtField

| { this - CubicExtVar::constant(other) }, - (BF: FieldVar, P: CubicExtVarParams), - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, + (P: CubicExtVarParams), + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldExt, ); impl_bounded_ops!( - CubicExtVar, + CubicExtVar

, CubicExtField

, Mul, mul, MulAssign, mul_assign, - |this: &'a CubicExtVar, other: &'a CubicExtVar| { + |this: &'a CubicExtVar

, other: &'a CubicExtVar

| { // Karatsuba multiplication for cubic extensions: // v0 = A.c0 * B.c0 // v1 = A.c1 * B.c1 @@ -354,18 +368,19 @@ impl_bounded_ops!( CubicExtVar::new(c0, c1, c2) }, - |this: &'a CubicExtVar, other: CubicExtField

| { + |this: &'a CubicExtVar

, other: CubicExtField

| { this * CubicExtVar::constant(other) }, - (BF: FieldVar, P: CubicExtVarParams), - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, + (P: CubicExtVarParams), + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldExt, ); -impl EqGadget for CubicExtVar +impl

EqGadget for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { #[tracing::instrument(target = "r1cs")] fn is_eq(&self, other: &Self) -> Result, SynthesisError> { @@ -402,11 +417,11 @@ where } } -impl ToBitsGadget for CubicExtVar +impl

ToBitsGadget for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + P::BaseField: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, { #[tracing::instrument(target = "r1cs")] fn to_bits_le(&self) -> Result>, SynthesisError> { @@ -429,11 +444,11 @@ where } } -impl ToBytesGadget for CubicExtVar +impl

ToBytesGadget for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -459,12 +474,12 @@ where } } -impl ToConstraintFieldGadget for CubicExtVar +impl

ToConstraintFieldGadget for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, - BF: ToConstraintFieldGadget, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, + BFVar

: ToConstraintFieldGadget, { #[tracing::instrument(target = "r1cs")] fn to_constraint_field(&self) -> Result>, SynthesisError> { @@ -478,11 +493,11 @@ where } } -impl CondSelectGadget for CubicExtVar +impl

CondSelectGadget for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { #[inline] #[tracing::instrument(target = "r1cs")] @@ -491,19 +506,19 @@ where true_value: &Self, false_value: &Self, ) -> Result { - let c0 = BF::conditionally_select(cond, &true_value.c0, &false_value.c0)?; - let c1 = BF::conditionally_select(cond, &true_value.c1, &false_value.c1)?; - let c2 = BF::conditionally_select(cond, &true_value.c2, &false_value.c2)?; + let c0 = BFVar::conditionally_select(cond, &true_value.c0, &false_value.c0)?; + let c1 = BFVar::conditionally_select(cond, &true_value.c1, &false_value.c1)?; + let c2 = BFVar::conditionally_select(cond, &true_value.c2, &false_value.c2)?; Ok(Self::new(c0, c1, c2)) } } -impl TwoBitLookupGadget for CubicExtVar +impl

TwoBitLookupGadget for CubicExtVar

where - BF: FieldVar - + TwoBitLookupGadget, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + BFVar

: TwoBitLookupGadget, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { type TableConstant = CubicExtField

; @@ -515,19 +530,19 @@ where let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = BF::two_bit_lookup(b, &c0s)?; - let c1 = BF::two_bit_lookup(b, &c1s)?; - let c2 = BF::two_bit_lookup(b, &c2s)?; + let c0 = BFVar::two_bit_lookup(b, &c0s)?; + let c1 = BFVar::two_bit_lookup(b, &c1s)?; + let c2 = BFVar::two_bit_lookup(b, &c2s)?; Ok(Self::new(c0, c1, c2)) } } -impl ThreeBitCondNegLookupGadget for CubicExtVar +impl

ThreeBitCondNegLookupGadget for CubicExtVar

where - BF: FieldVar - + ThreeBitCondNegLookupGadget, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + BFVar

: ThreeBitCondNegLookupGadget, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { type TableConstant = CubicExtField

; @@ -540,18 +555,18 @@ where let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = BF::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; - let c1 = BF::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; - let c2 = BF::three_bit_cond_neg_lookup(b, b0b1, &c2s)?; + let c0 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; + let c1 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; + let c2 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c2s)?; Ok(Self::new(c0, c1, c2)) } } -impl AllocVar, P::BasePrimeField> for CubicExtVar +impl

AllocVar, P::BasePrimeField> for CubicExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: CubicExtVarParams, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P: CubicExtVarParams, + P::BaseField: FieldExt, { fn new_variable>>( cs: impl Into>, @@ -571,9 +586,9 @@ where ), }; - let c0 = BF::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; - let c1 = BF::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; - let c2 = BF::new_variable(ark_relations::ns!(cs, "c2"), || c2, mode)?; + let c0 = BFVar::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; + let c1 = BFVar::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; + let c2 = BFVar::new_variable(ark_relations::ns!(cs, "c2"), || c2, mode)?; Ok(Self::new(c0, c1, c2)) } } diff --git a/src/fields/fp/mod.rs b/src/fields/fp/mod.rs index 69782e34..2ba2ef4a 100644 --- a/src/fields/fp/mod.rs +++ b/src/fields/fp/mod.rs @@ -6,7 +6,7 @@ use ark_relations::r1cs::{ use core::borrow::Borrow; use crate::{ - fields::{FieldOpsBounds, FieldVar}, + fields::{FieldOpsBounds, FieldVar, FieldExt}, prelude::*, Assignment, ToConstraintFieldGadget, Vec, }; @@ -49,6 +49,21 @@ pub enum FpVar { Var(AllocatedFp), } +macro_rules! impl_field_ext { + ($Fp:ident, $FpParams:ident) => { + impl FieldExt for ark_ff::models::$Fp

{ + type Var = FpVar; + } + }; +} + +impl_field_ext!(Fp256, Fp256Parameters); +impl_field_ext!(Fp320, Fp320Parameters); +impl_field_ext!(Fp384, Fp384Parameters); +impl_field_ext!(Fp768, Fp768Parameters); +impl_field_ext!(Fp832, Fp832Parameters); + + impl R1CSVar for FpVar { type Value = F; diff --git a/src/fields/fp12.rs b/src/fields/fp12.rs index 3f60c202..491e72e2 100644 --- a/src/fields/fp12.rs +++ b/src/fields/fp12.rs @@ -1,15 +1,18 @@ -use crate::fields::{fp2::Fp2Var, fp6_3over2::Fp6Var, quadratic_extension::*, FieldVar}; +use crate::fields::{FieldExt, fp2::Fp2Var, fp6_3over2::Fp6Var, quadratic_extension::*, FieldVar}; use ark_ff::fields::{fp12_2over3over2::*, fp6_3over2::Fp6Parameters, Field, QuadExtParameters}; use ark_relations::r1cs::SynthesisError; /// A degree-12 extension field constructed as the tower of a /// quadratic extension over a cubic extension over a quadratic extension field. /// This is the R1CS equivalent of `ark_ff::fp12_2over3over2::Fp12

`. -pub type Fp12Var

= QuadExtVar::Fp6Params>, Fp12ParamsWrapper

>; +pub type Fp12Var

= QuadExtVar>; type Fp2Params

= <

::Fp6Params as Fp6Parameters>::Fp2Params; -impl QuadExtVarParams> for Fp12ParamsWrapper

{ +impl QuadExtVarParams for Fp12ParamsWrapper

+where + Self::BasePrimeField: FieldExt +{ fn mul_base_field_var_by_frob_coeff(fe: &mut Fp6Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; @@ -17,7 +20,12 @@ impl QuadExtVarParams> for Fp12ParamsWra } } -impl Fp12Var

{ +type Fp

= as QuadExtParameters>::BasePrimeField; + +impl Fp12Var

+where + Fp

: FieldExt +{ /// Multiplies by a sparse element of the form `(c0 = (c0, c1, 0), c1 = (0, /// d1, 0))`. #[inline] diff --git a/src/fields/fp2.rs b/src/fields/fp2.rs index f1183df3..5f293743 100644 --- a/src/fields/fp2.rs +++ b/src/fields/fp2.rs @@ -1,11 +1,14 @@ -use crate::fields::{fp::FpVar, quadratic_extension::*}; +use crate::fields::{FieldExt, fp::FpVar, quadratic_extension::*}; use ark_ff::fields::{Fp2Parameters, Fp2ParamsWrapper, QuadExtParameters}; /// A quadratic extension field constructed over a prime field. /// This is the R1CS equivalent of `ark_ff::Fp2

`. -pub type Fp2Var

= QuadExtVar::Fp>, Fp2ParamsWrapper

>; +pub type Fp2Var

= QuadExtVar>; -impl QuadExtVarParams> for Fp2ParamsWrapper

{ +impl QuadExtVarParams for Fp2ParamsWrapper

+where + Self::BaseField: FieldExt +{ fn mul_base_field_var_by_frob_coeff(fe: &mut FpVar, power: usize) { *fe *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; } diff --git a/src/fields/fp3.rs b/src/fields/fp3.rs index b20b80ca..52f81c93 100644 --- a/src/fields/fp3.rs +++ b/src/fields/fp3.rs @@ -1,11 +1,14 @@ -use crate::fields::{cubic_extension::*, fp::FpVar}; +use crate::fields::{FieldExt, cubic_extension::*, fp::FpVar}; use ark_ff::fields::{CubicExtParameters, Fp3Parameters, Fp3ParamsWrapper}; /// A cubic extension field constructed over a prime field. /// This is the R1CS equivalent of `ark_ff::Fp3

`. -pub type Fp3Var

= CubicExtVar::Fp>, Fp3ParamsWrapper

>; +pub type Fp3Var

= CubicExtVar>; -impl CubicExtVarParams> for Fp3ParamsWrapper

{ +impl CubicExtVarParams for Fp3ParamsWrapper

+where + Self::BasePrimeField: FieldExt +{ fn mul_base_field_vars_by_frob_coeff( c1: &mut FpVar, c2: &mut FpVar, diff --git a/src/fields/fp4.rs b/src/fields/fp4.rs index 10238730..a0fb53f8 100644 --- a/src/fields/fp4.rs +++ b/src/fields/fp4.rs @@ -1,12 +1,15 @@ -use crate::fields::{fp2::Fp2Var, quadratic_extension::*}; +use crate::fields::{FieldExt, fp2::Fp2Var, quadratic_extension::*}; use ark_ff::fields::{Fp4Parameters, Fp4ParamsWrapper, QuadExtParameters}; /// A quartic extension field constructed as the tower of a /// quadratic extension over a quadratic extension field. /// This is the R1CS equivalent of `ark_ff::Fp4

`. -pub type Fp4Var

= QuadExtVar::Fp2Params>, Fp4ParamsWrapper

>; +pub type Fp4Var

= QuadExtVar>; -impl QuadExtVarParams> for Fp4ParamsWrapper

{ +impl QuadExtVarParams for Fp4ParamsWrapper

+where + Self::BasePrimeField: FieldExt +{ fn mul_base_field_var_by_frob_coeff(fe: &mut Fp2Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; diff --git a/src/fields/fp6_2over3.rs b/src/fields/fp6_2over3.rs index 07b172b1..dff78c63 100644 --- a/src/fields/fp6_2over3.rs +++ b/src/fields/fp6_2over3.rs @@ -1,12 +1,15 @@ -use crate::fields::{fp3::Fp3Var, quadratic_extension::*}; +use crate::fields::{FieldExt, fp3::Fp3Var, quadratic_extension::*}; use ark_ff::fields::{fp6_2over3::*, QuadExtParameters}; /// A sextic extension field constructed as the tower of a /// quadratic extension over a cubic extension field. /// This is the R1CS equivalent of `ark_ff::fp6_2over3::Fp6

`. -pub type Fp6Var

= QuadExtVar::Fp3Params>, Fp6ParamsWrapper

>; +pub type Fp6Var

= QuadExtVar>; -impl QuadExtVarParams> for Fp6ParamsWrapper

{ +impl QuadExtVarParams for Fp6ParamsWrapper

+where + Self::BasePrimeField: FieldExt +{ fn mul_base_field_var_by_frob_coeff(fe: &mut Fp3Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; diff --git a/src/fields/fp6_3over2.rs b/src/fields/fp6_3over2.rs index fdef07dc..09e50759 100644 --- a/src/fields/fp6_3over2.rs +++ b/src/fields/fp6_3over2.rs @@ -1,4 +1,4 @@ -use crate::fields::{cubic_extension::*, fp2::*}; +use crate::fields::{FieldExt, cubic_extension::*, fp2::*}; use ark_ff::fields::{fp6_3over2::*, CubicExtParameters, Fp2}; use ark_relations::r1cs::SynthesisError; use core::ops::MulAssign; @@ -6,9 +6,12 @@ use core::ops::MulAssign; /// A sextic extension field constructed as the tower of a /// cubic extension over a quadratic extension field. /// This is the R1CS equivalent of `ark_ff::fp6_3over3::Fp6

`. -pub type Fp6Var

= CubicExtVar::Fp2Params>, Fp6ParamsWrapper

>; +pub type Fp6Var

= CubicExtVar>; -impl CubicExtVarParams> for Fp6ParamsWrapper

{ +impl CubicExtVarParams for Fp6ParamsWrapper

+where + Fp

: FieldExt +{ fn mul_base_field_vars_by_frob_coeff( c1: &mut Fp2Var, c2: &mut Fp2Var, @@ -19,7 +22,12 @@ impl CubicExtVarParams> for Fp6ParamsWrap } } -impl Fp6Var

{ +type Fp

= as CubicExtParameters>::BasePrimeField; + +impl Fp6Var

+where + Fp

: FieldExt +{ /// Multiplies `self` by a sparse element which has `c0 == c2 == zero`. pub fn mul_by_0_c1_0(&self, c1: &Fp2Var) -> Result { // Karatsuba multiplication @@ -76,7 +84,10 @@ impl Fp6Var

{ } } -impl MulAssign> for Fp6Var

{ +impl MulAssign> for Fp6Var

+where + Fp

: FieldExt +{ fn mul_assign(&mut self, other: Fp2) { self.c0 *= other; self.c1 *= other; diff --git a/src/fields/mod.rs b/src/fields/mod.rs index a199d739..472bd14d 100644 --- a/src/fields/mod.rs +++ b/src/fields/mod.rs @@ -49,6 +49,10 @@ pub mod fp6_2over3; /// `ark_ff::fp6_3over2::Fp6` pub mod fp6_3over2; +pub trait FieldExt: Field { + type Var: FieldVar; +} + /// This trait is a hack used to work around the lack of implied bounds. pub trait FieldOpsBounds<'a, F, T: 'a>: Sized diff --git a/src/fields/quadratic_extension.rs b/src/fields/quadratic_extension.rs index 28b771dc..e67b59bd 100644 --- a/src/fields/quadratic_extension.rs +++ b/src/fields/quadratic_extension.rs @@ -11,42 +11,56 @@ use crate::{ ToConstraintFieldGadget, Vec, }; +use super::FieldExt; + /// This struct is the `R1CS` equivalent of the quadratic extension field type /// in `ark-ff`, i.e. `ark_ff::QuadExtField`. #[derive(Derivative)] -#[derivative(Debug(bound = "BF: core::fmt::Debug"), Clone(bound = "BF: Clone"))] +#[derivative( + Debug(bound = "P::BaseField: FieldExt"), + Clone(bound = "P::BaseField: FieldExt") +)] #[must_use] -pub struct QuadExtVar, P: QuadExtVarParams> +pub struct QuadExtVar where - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, + P::BaseField: FieldExt, { /// The zero-th coefficient of this field element. - pub c0: BF, + pub c0: BFVar

, /// The first coefficient of this field element. - pub c1: BF, + pub c1: BFVar

, #[derivative(Debug = "ignore")] _params: PhantomData

, } +type BFVar

= <

::BaseField as FieldExt>::Var; + +impl FieldExt for QuadExtField

+where + P::BaseField: FieldExt, +{ + type Var = QuadExtVar

; +} + /// This trait describes parameters that are used to implement arithmetic for /// `QuadExtVar`. -pub trait QuadExtVarParams>: - QuadExtParameters +pub trait QuadExtVarParams: QuadExtParameters where - for<'a> &'a BF: FieldOpsBounds<'a, Self::BaseField, BF>, + Self::BaseField: FieldExt { /// Multiply the base field of the `QuadExtVar` by the appropriate Frobenius /// coefficient. This is equivalent to /// `Self::mul_base_field_by_frob_coeff(power)`. - fn mul_base_field_var_by_frob_coeff(fe: &mut BF, power: usize); + fn mul_base_field_var_by_frob_coeff(fe: &mut BFVar, power: usize); } -impl, P: QuadExtVarParams> QuadExtVar +impl QuadExtVar

where - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, + P::BaseField: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Constructs a `QuadExtVar` from the underlying coefficients. - pub fn new(c0: BF, c1: BF) -> Self { + pub fn new(c0: BFVar

, c1: BFVar

) -> Self { Self { c0, c1, @@ -57,7 +71,7 @@ where /// Multiplies a variable of the base field by the quadratic nonresidue /// `P::NONRESIDUE` that is used to construct the extension field. #[inline] - pub fn mul_base_field_by_nonresidue(fe: &BF) -> Result { + pub fn mul_base_field_by_nonresidue(fe: &BFVar

) -> Result, SynthesisError> { Ok(fe * P::NONRESIDUE) } @@ -116,11 +130,10 @@ where } } -impl R1CSVar for QuadExtVar +impl R1CSVar for QuadExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { type Value = QuadExtField

; @@ -137,55 +150,52 @@ where } } -impl From> for QuadExtVar +impl From> for QuadExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn from(other: Boolean) -> Self { - let c0 = BF::from(other); - let c1 = BF::zero(); + let c0 = BFVar::from(other); + let c1 = BFVar::zero(); Self::new(c0, c1) } } -impl<'a, BF, P> FieldOpsBounds<'a, QuadExtField

, QuadExtVar> for QuadExtVar +impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for QuadExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } -impl<'a, BF, P> FieldOpsBounds<'a, QuadExtField

, QuadExtVar> for &'a QuadExtVar + +impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for &'a QuadExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } -impl FieldVar, P::BasePrimeField> for QuadExtVar +impl FieldVar, P::BasePrimeField> for QuadExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(other: QuadExtField

) -> Self { - let c0 = BF::constant(other.c0); - let c1 = BF::constant(other.c1); + let c0 = BFVar::constant(other.c0); + let c1 = BFVar::constant(other.c1); Self::new(c0, c1) } fn zero() -> Self { - let c0 = BF::zero(); - let c1 = BF::zero(); + let c0 = BFVar::zero(); + let c1 = BFVar::zero(); Self::new(c0, c1) } fn one() -> Self { - let c0 = BF::one(); - let c1 = BF::zero(); + let c0 = BFVar::one(); + let c1 = BFVar::zero(); Self::new(c0, c1) } @@ -294,49 +304,51 @@ where } impl_bounded_ops!( - QuadExtVar, + QuadExtVar

, QuadExtField

, Add, add, AddAssign, add_assign, - |this: &'a QuadExtVar, other: &'a QuadExtVar| { + |this: &'a QuadExtVar

, other: &'a QuadExtVar

| { let c0 = &this.c0 + &other.c0; let c1 = &this.c1 + &other.c1; QuadExtVar::new(c0, c1) }, - |this: &'a QuadExtVar, other: QuadExtField

| { + |this: &'a QuadExtVar

, other: QuadExtField

| { this + QuadExtVar::constant(other) }, - (BF: FieldVar, P: QuadExtVarParams), - for <'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF> + (P: QuadExtVarParams), + P::BaseField: FieldExt, + for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> ); impl_bounded_ops!( - QuadExtVar, + QuadExtVar

, QuadExtField

, Sub, sub, SubAssign, sub_assign, - |this: &'a QuadExtVar, other: &'a QuadExtVar| { + |this: &'a QuadExtVar

, other: &'a QuadExtVar

| { let c0 = &this.c0 - &other.c0; let c1 = &this.c1 - &other.c1; QuadExtVar::new(c0, c1) }, - |this: &'a QuadExtVar, other: QuadExtField

| { + |this: &'a QuadExtVar

, other: QuadExtField

| { this - QuadExtVar::constant(other) }, - (BF: FieldVar, P: QuadExtVarParams), - for <'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF> + (P: QuadExtVarParams), + P::BaseField: FieldExt, + for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> ); impl_bounded_ops!( - QuadExtVar, + QuadExtVar

, QuadExtField

, Mul, mul, MulAssign, mul_assign, - |this: &'a QuadExtVar, other: &'a QuadExtVar| { + |this: &'a QuadExtVar

, other: &'a QuadExtVar

| { // Karatsuba multiplication for Fp2: // v0 = A.c0 * B.c0 // v1 = A.c1 * B.c1 @@ -357,21 +369,22 @@ impl_bounded_ops!( result.c1 *= &other.c0 + &other.c1; result.c1 -= &v0; result.c1 -= &v1; - result.c0 = v0 + &QuadExtVar::::mul_base_field_by_nonresidue(&v1).unwrap(); + result.c0 = v0 + &QuadExtVar::

::mul_base_field_by_nonresidue(&v1).unwrap(); result }, - |this: &'a QuadExtVar, other: QuadExtField

| { + |this: &'a QuadExtVar

, other: QuadExtField

| { this * QuadExtVar::constant(other) }, - (BF: FieldVar, P: QuadExtVarParams), - for <'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF> + (P: QuadExtVarParams), + P::BaseField: FieldExt, + for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> ); -impl EqGadget for QuadExtVar +impl

EqGadget for QuadExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P: QuadExtVarParams, { #[tracing::instrument(target = "r1cs")] fn is_eq(&self, other: &Self) -> Result, SynthesisError> { @@ -406,11 +419,10 @@ where } } -impl ToBitsGadget for QuadExtVar +impl ToBitsGadget for QuadExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn to_bits_le(&self) -> Result>, SynthesisError> { @@ -429,11 +441,10 @@ where } } -impl ToBytesGadget for QuadExtVar +impl ToBytesGadget for QuadExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -452,12 +463,11 @@ where } } -impl ToConstraintFieldGadget for QuadExtVar +impl ToConstraintFieldGadget for QuadExtVar

where - BF: FieldVar, - for<'a> &'a BF: FieldOpsBounds<'a, P::BaseField, BF>, - P: QuadExtVarParams, - BF: ToConstraintFieldGadget, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + BFVar

: ToConstraintFieldGadget, { #[tracing::instrument(target = "r1cs")] fn to_constraint_field(&self) -> Result>, SynthesisError> { @@ -470,11 +480,10 @@ where } } -impl CondSelectGadget for QuadExtVar +impl CondSelectGadget for QuadExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { #[inline] fn conditionally_select( @@ -482,18 +491,16 @@ where true_value: &Self, false_value: &Self, ) -> Result { - let c0 = BF::conditionally_select(cond, &true_value.c0, &false_value.c0)?; - let c1 = BF::conditionally_select(cond, &true_value.c1, &false_value.c1)?; + let c0 = BFVar::conditionally_select(cond, &true_value.c0, &false_value.c0)?; + let c1 = BFVar::conditionally_select(cond, &true_value.c1, &false_value.c1)?; Ok(Self::new(c0, c1)) } } -impl TwoBitLookupGadget for QuadExtVar +impl TwoBitLookupGadget for QuadExtVar

where - BF: FieldVar - + TwoBitLookupGadget, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { type TableConstant = QuadExtField

; @@ -504,18 +511,16 @@ where ) -> Result { let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = BF::two_bit_lookup(b, &c0s)?; - let c1 = BF::two_bit_lookup(b, &c1s)?; + let c0 = BFVar::two_bit_lookup(b, &c0s)?; + let c1 = BFVar::two_bit_lookup(b, &c1s)?; Ok(Self::new(c0, c1)) } } -impl ThreeBitCondNegLookupGadget for QuadExtVar +impl ThreeBitCondNegLookupGadget for QuadExtVar

where - BF: FieldVar - + ThreeBitCondNegLookupGadget, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { type TableConstant = QuadExtField

; @@ -527,17 +532,17 @@ where ) -> Result { let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = BF::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; - let c1 = BF::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; + let c0 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; + let c1 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; Ok(Self::new(c0, c1)) } } -impl AllocVar, P::BasePrimeField> for QuadExtVar + +impl AllocVar, P::BasePrimeField> for QuadExtVar

where - BF: FieldVar, - for<'b> &'b BF: FieldOpsBounds<'b, P::BaseField, BF>, - P: QuadExtVarParams, + P::BaseField: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { fn new_variable>>( cs: impl Into>, @@ -554,8 +559,8 @@ where ), }; - let c0 = BF::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; - let c1 = BF::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; + let c0 = BFVar::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; + let c1 = BFVar::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; Ok(Self::new(c0, c1)) } } diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index cf023c44..7c315256 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -1,46 +1,52 @@ use ark_ec::{ short_weierstrass_jacobian::{GroupAffine as SWAffine, GroupProjective as SWProjective}, - AffineCurve, ProjectiveCurve, SWModelParameters, + AffineCurve, ProjectiveCurve, SWModelParameters, ModelParameters }; use ark_ff::{BigInteger, BitIteratorBE, Field, One, PrimeField, Zero}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; use core::{borrow::Borrow, marker::PhantomData}; use non_zero_affine::NonZeroAffineVar; -use crate::{fields::fp::FpVar, prelude::*, ToConstraintFieldGadget, Vec}; +use crate::{fields::{FieldExt, fp::FpVar}, prelude::*, ToConstraintFieldGadget, Vec}; /// This module provides a generic implementation of G1 and G2 for /// the [\[BLS12]\]() family of bilinear groups. -pub mod bls12; +// pub mod bls12; /// This module provides a generic implementation of G1 and G2 for /// the [\[MNT4]\]() /// family of bilinear groups. -pub mod mnt4; +// pub mod mnt4; /// This module provides a generic implementation of G1 and G2 for /// the [\[MNT6]\]() /// family of bilinear groups. -pub mod mnt6; +// pub mod mnt6; mod non_zero_affine; + +type BF

=

::BaseField; +type CF

= as Field>::BasePrimeField; +type BFVar

= as FieldExt>::Var; + /// An implementation of arithmetic for Short Weierstrass curves that relies on /// the complete formulae derived in the paper of /// [[Renes, Costello, Batina 2015]](). #[derive(Derivative)] -#[derivative(Debug, Clone)] +#[derivative( + Debug(bound = "P: SWModelParameters"), + Clone(bound = "P: SWModelParameters"), +)] #[must_use] -pub struct ProjectiveVar< - P: SWModelParameters, - F: FieldVar::BasePrimeField>, -> where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, +pub struct ProjectiveVar +where + BF

: FieldExt { /// The x-coordinate. - pub x: F, + pub x: BFVar

, /// The y-coordinate. - pub y: F, + pub y: BFVar

, /// The z-coordinate. - pub z: F, + pub z: BFVar

, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -49,29 +55,26 @@ pub struct ProjectiveVar< #[derive(Derivative)] #[derivative(Debug, Clone)] #[must_use] -pub struct AffineVar< - P: SWModelParameters, - F: FieldVar::BasePrimeField>, -> where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, +pub struct AffineVar +where + BF

: FieldExt { /// The x-coordinate. - pub x: F, + pub x: BFVar

, /// The y-coordinate. - pub y: F, + pub y: BFVar

, /// Is `self` the point at infinity. - pub infinity: Boolean<::BasePrimeField>, + pub infinity: Boolean>, #[derivative(Debug = "ignore")] _params: PhantomData

, } -impl AffineVar +impl AffineVar

where - P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { - fn new(x: F, y: F, infinity: Boolean<::BasePrimeField>) -> Self { + fn new(x: BFVar

, y: BFVar

, infinity: Boolean>) -> Self { Self { x, y, @@ -91,17 +94,17 @@ where } } -impl ToConstraintFieldGadget<::BasePrimeField> for AffineVar +impl

ToConstraintFieldGadget> for AffineVar

where + BF

: FieldExt, P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, - F: ToConstraintFieldGadget<::BasePrimeField>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BFVar

: ToConstraintFieldGadget>, { fn to_constraint_field( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { - let mut res = Vec::::BasePrimeField>>::new(); + ) -> Result>>, SynthesisError> { + let mut res = Vec::>>::new(); res.extend_from_slice(&self.x.to_constraint_field()?); res.extend_from_slice(&self.y.to_constraint_field()?); @@ -111,15 +114,15 @@ where } } -impl R1CSVar<::BasePrimeField> for ProjectiveVar +impl

R1CSVar> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { type Value = SWProjective

; - fn cs(&self) -> ConstraintSystemRef<::BasePrimeField> { + fn cs(&self) -> ConstraintSystemRef> { self.x.cs().or(self.y.cs()).or(self.z.cs()) } @@ -134,13 +137,13 @@ where } } -impl::BasePrimeField>> - ProjectiveVar +impl ProjectiveVar

where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Constructs `Self` from an `(x, y, z)` coordinate triple. - pub fn new(x: F, y: F, z: F) -> Self { + pub fn new(x: BFVar

, y: BFVar

, z: BFVar

) -> Self { Self { x, y, @@ -151,21 +154,21 @@ where /// Convert this point into affine form. #[tracing::instrument(target = "r1cs")] - pub fn to_affine(&self) -> Result, SynthesisError> { + pub fn to_affine(&self) -> Result, SynthesisError> { if self.is_constant() { let point = self.value()?.into_affine(); - let x = F::new_constant(ConstraintSystemRef::None, point.x)?; - let y = F::new_constant(ConstraintSystemRef::None, point.y)?; + let x = BFVar::

::new_constant(ConstraintSystemRef::None, point.x)?; + let y = BFVar::

::new_constant(ConstraintSystemRef::None, point.y)?; let infinity = Boolean::constant(point.infinity); Ok(AffineVar::new(x, y, infinity)) } else { let cs = self.cs(); let infinity = self.is_zero()?; - let zero_x = F::zero(); - let zero_y = F::one(); + let zero_x = BFVar::

::zero(); + let zero_y = BFVar::

::one(); // Allocate a variable whose value is either `self.z.inverse()` if the inverse exists, // and is zero otherwise. - let z_inv = F::new_witness(ark_relations::ns!(cs, "z_inverse"), || { + let z_inv = BFVar::

::new_witness(ark_relations::ns!(cs, "z_inverse"), || { Ok(self.z.value()?.inverse().unwrap_or_else(P::BaseField::zero)) })?; // The inverse exists if `!self.is_zero()`. @@ -173,7 +176,7 @@ where // `z_inv * self.z = 0` if `self.is_zero()`. // // Thus, `z_inv * self.z = !self.is_zero()`. - z_inv.mul_equals(&self.z, &F::from(infinity.not()))?; + z_inv.mul_equals(&self.z, &BFVar::

::from(infinity.not()))?; let non_zero_x = &self.x * &z_inv; let non_zero_y = &self.y * &z_inv; @@ -190,7 +193,7 @@ where /// is a constant or is a public input). #[tracing::instrument(target = "r1cs", skip(cs, f))] pub fn new_variable_omit_on_curve_check( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, SynthesisError>, mode: AllocationMode, ) -> Result { @@ -217,16 +220,16 @@ where ), }; - let x = F::new_variable(ark_relations::ns!(cs, "x"), || x, mode)?; - let y = F::new_variable(ark_relations::ns!(cs, "y"), || y, mode)?; - let z = F::new_variable(ark_relations::ns!(cs, "z"), || z, mode)?; + let x = BFVar::

::new_variable(ark_relations::ns!(cs, "x"), || x, mode)?; + let y = BFVar::

::new_variable(ark_relations::ns!(cs, "y"), || y, mode)?; + let z = BFVar::

::new_variable(ark_relations::ns!(cs, "z"), || z, mode)?; Ok(Self::new(x, y, z)) } /// Mixed addition, which is useful when `other = (x2, y2)` is known to have z = 1. #[tracing::instrument(target = "r1cs", skip(self, other))] - pub(crate) fn add_mixed(&self, other: &NonZeroAffineVar) -> Result { + pub(crate) fn add_mixed(&self, other: &NonZeroAffineVar

) -> Result { // Complete mixed addition formula from Renes-Costello-Batina 2015 // Algorithm 2 // (https://eprint.iacr.org/2015/1060). @@ -245,18 +248,18 @@ where let xz_pairs = (x2 * z1) + x1; // 8, 9 let yz_pairs = (y2 * z1) + y1; // 10, 11 - let axz = mul_by_coeff_a::(&xz_pairs); // 12 + let axz = mul_by_coeff_a::

(&xz_pairs); // 12 let bz3_part = &axz + z1 * three_b; // 13, 14 let yy_m_bz3 = &yy - &bz3_part; // 15 let yy_p_bz3 = &yy + &bz3_part; // 16 - let azz = mul_by_coeff_a::(z1); // 20 + let azz = mul_by_coeff_a::

(z1); // 20 let xx3_p_azz = xx.double().unwrap() + &xx + &azz; // 18, 19, 22 let bxz3 = &xz_pairs * three_b; // 21 - let b3_xz_pairs = mul_by_coeff_a::(&(&xx - &azz)) + &bxz3; // 23, 24, 25 + let b3_xz_pairs = mul_by_coeff_a::

(&(&xx - &azz)) + &bxz3; // 23, 24, 25 let x = (&yy_m_bz3 * &xy_pairs) - &yz_pairs * &b3_xz_pairs; // 28,29, 30 let y = (&yy_p_bz3 * &yy_m_bz3) + &xx3_p_azz * b3_xz_pairs; // 17, 26, 27 @@ -273,8 +276,8 @@ where fn fixed_scalar_mul_le( &self, mul_result: &mut Self, - multiple_of_power_of_two: &mut NonZeroAffineVar, - bits: &[&Boolean<::BasePrimeField>], + multiple_of_power_of_two: &mut NonZeroAffineVar

, + bits: &[&Boolean>], ) -> Result<(), SynthesisError> { let scalar_modulus_bits = ::size_in_bits(); @@ -352,12 +355,11 @@ where } } -impl CurveVar, ::BasePrimeField> - for ProjectiveVar +impl

CurveVar, CF

> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(g: SWProjective

) -> Self { let cs = ConstraintSystemRef::None; @@ -365,16 +367,16 @@ where } fn zero() -> Self { - Self::new(F::zero(), F::one(), F::zero()) + Self::new(BFVar::

::zero(), BFVar::

::one(), BFVar::

::zero()) } - fn is_zero(&self) -> Result::BasePrimeField>, SynthesisError> { + fn is_zero(&self) -> Result>, SynthesisError> { self.z.is_zero() } #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable_omit_prime_order_check( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, SynthesisError>, mode: AllocationMode, ) -> Result { @@ -451,7 +453,7 @@ where let xy2 = (&self.x * &self.y).double()?; // 4, 5 let xz2 = (&self.x * &self.z).double()?; // 6, 7 - let axz2 = mul_by_coeff_a::(&xz2); // 8 + let axz2 = mul_by_coeff_a::

(&xz2); // 8 let bzz3_part = &axz2 + &zz * three_b; // 9, 10 let yy_m_bzz3 = &yy - &bzz3_part; // 11 @@ -460,8 +462,8 @@ where let x_frag = yy_m_bzz3 * &xy2; // 14 let bxz3 = xz2 * three_b; // 15 - let azz = mul_by_coeff_a::(&zz); // 16 - let b3_xz_pairs = mul_by_coeff_a::(&(&xx - &azz)) + &bxz3; // 15, 16, 17, 18, 19 + let azz = mul_by_coeff_a::

(&zz); // 16 + let b3_xz_pairs = mul_by_coeff_a::

(&(&xx - &azz)) + &bxz3; // 15, 16, 17, 18, 19 let xx3_p_azz = (xx.double()? + &xx + &azz) * &b3_xz_pairs; // 23, 24, 25 let y = y_frag + &xx3_p_azz; // 26, 27 @@ -484,7 +486,7 @@ where #[tracing::instrument(target = "r1cs", skip(bits))] fn scalar_mul_le<'a>( &self, - bits: impl Iterator::BasePrimeField>>, + bits: impl Iterator>>, ) -> Result { if self.is_constant() { if self.value().unwrap().is_zero() { @@ -536,7 +538,7 @@ where ) -> Result<(), SynthesisError> where I: Iterator)>, - B: Borrow::BasePrimeField>>, + B: Borrow>>, { // We just ignore the provided bases and use the faster scalar multiplication. let (bits, bases): (Vec<_>, Vec<_>) = scalar_bits_with_bases @@ -548,44 +550,40 @@ where } } -impl ToConstraintFieldGadget<::BasePrimeField> for ProjectiveVar +impl

ToConstraintFieldGadget> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, - F: ToConstraintFieldGadget<::BasePrimeField>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BFVar

: ToConstraintFieldGadget>, { fn to_constraint_field( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { self.to_affine()?.to_constraint_field() } } -fn mul_by_coeff_a< - P: SWModelParameters, - F: FieldVar::BasePrimeField>, ->( - f: &F, -) -> F +fn mul_by_coeff_a(f: &BFVar

) -> BFVar

where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BF

: FieldExt, { if !P::COEFF_A.is_zero() { f * P::COEFF_A } else { - F::zero() + BFVar::

::zero() } } impl_bounded_ops!( - ProjectiveVar, + ProjectiveVar

, SWProjective

, Add, add, AddAssign, add_assign, - |mut this: &'a ProjectiveVar, mut other: &'a ProjectiveVar| { + |mut this: &'a ProjectiveVar

, mut other: &'a ProjectiveVar

| { // Implement complete addition for Short Weierstrass curves, following // the complete addition formula from Renes-Costello-Batina 2015 // (https://eprint.iacr.org/2015/1060). @@ -604,8 +602,8 @@ impl_bounded_ops!( this.clone() } else { // We'll use mixed addition to add non-zero constants. - let x = F::constant(other.x); - let y = F::constant(other.y); + let x = BFVar::

::constant(other.x); + let y = BFVar::

::constant(other.y); this.add_mixed(&NonZeroAffineVar::new(x, y)).unwrap() } } else { @@ -628,18 +626,18 @@ impl_bounded_ops!( let xz_pairs = ((x1 + z1) * &(x2 + z2)) - (&xx + &zz); // 9, 10, 11, 12, 13 let yz_pairs = ((y1 + z1) * &(y2 + z2)) - (&yy + &zz); // 14, 15, 16, 17, 18 - let axz = mul_by_coeff_a::(&xz_pairs); // 19 + let axz = mul_by_coeff_a::

(&xz_pairs); // 19 let bzz3_part = &axz + &zz * three_b; // 20, 21 let yy_m_bzz3 = &yy - &bzz3_part; // 22 let yy_p_bzz3 = &yy + &bzz3_part; // 23 - let azz = mul_by_coeff_a::(&zz); + let azz = mul_by_coeff_a::

(&zz); let xx3_p_azz = xx.double().unwrap() + &xx + &azz; // 25, 26, 27, 29 let bxz3 = &xz_pairs * three_b; // 28 - let b3_xz_pairs = mul_by_coeff_a::(&(&xx - &azz)) + &bxz3; // 30, 31, 32 + let b3_xz_pairs = mul_by_coeff_a::

(&(&xx - &azz)) + &bxz3; // 30, 31, 32 let x = (&yy_m_bzz3 * &xy_pairs) - &yz_pairs * &b3_xz_pairs; // 35, 39, 40 let y = (&yy_p_bzz3 * &yy_m_bzz3) + &xx3_p_azz * b3_xz_pairs; // 24, 36, 37, 38 @@ -649,52 +647,54 @@ impl_bounded_ops!( } }, - |this: &'a ProjectiveVar, other: SWProjective

| { + |this: &'a ProjectiveVar

, other: SWProjective

| { this + ProjectiveVar::constant(other) }, - (F: FieldVar::BasePrimeField>, P: SWModelParameters), - for <'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + (P: SWModelParameters), + for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + BF

: FieldExt, ); impl_bounded_ops!( - ProjectiveVar, + ProjectiveVar

, SWProjective

, Sub, sub, SubAssign, sub_assign, - |this: &'a ProjectiveVar, other: &'a ProjectiveVar| this + other.negate().unwrap(), - |this: &'a ProjectiveVar, other: SWProjective

| this - ProjectiveVar::constant(other), - (F: FieldVar::BasePrimeField>, P: SWModelParameters), - for <'b> &'b F: FieldOpsBounds<'b, P::BaseField, F> + |this: &'a ProjectiveVar

, other: &'a ProjectiveVar

| this + other.negate().unwrap(), + |this: &'a ProjectiveVar

, other: SWProjective

| this - ProjectiveVar::constant(other), + (P: SWModelParameters), + for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + BF

: FieldExt, ); -impl<'a, P, F> GroupOpsBounds<'a, SWProjective

, ProjectiveVar> for ProjectiveVar +impl<'a, P> GroupOpsBounds<'a, SWProjective

, ProjectiveVar

> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + BF

: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } -impl<'a, P, F> GroupOpsBounds<'a, SWProjective

, ProjectiveVar> for &'a ProjectiveVar +impl<'a, P> GroupOpsBounds<'a, SWProjective

, ProjectiveVar

> for &'a ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + BF

: FieldExt, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } -impl CondSelectGadget<::BasePrimeField> for ProjectiveVar +impl

CondSelectGadget> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[inline] #[tracing::instrument(target = "r1cs")] fn conditionally_select( - cond: &Boolean<::BasePrimeField>, + cond: &Boolean>, true_value: &Self, false_value: &Self, ) -> Result { @@ -706,17 +706,17 @@ where } } -impl EqGadget<::BasePrimeField> for ProjectiveVar +impl

EqGadget> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn is_eq( &self, other: &Self, - ) -> Result::BasePrimeField>, SynthesisError> { + ) -> Result>, SynthesisError> { let x_equal = (&self.x * &other.z).is_eq(&(&other.x * &self.z))?; let y_equal = (&self.y * &other.z).is_eq(&(&other.y * &self.z))?; let coordinates_equal = x_equal.and(&y_equal)?; @@ -729,7 +729,7 @@ where fn conditional_enforce_equal( &self, other: &Self, - condition: &Boolean<::BasePrimeField>, + condition: &Boolean>, ) -> Result<(), SynthesisError> { let x_equal = (&self.x * &other.z).is_eq(&(&other.x * &self.z))?; let y_equal = (&self.y * &other.z).is_eq(&(&other.y * &self.z))?; @@ -746,7 +746,7 @@ where fn conditional_enforce_not_equal( &self, other: &Self, - condition: &Boolean<::BasePrimeField>, + condition: &Boolean>, ) -> Result<(), SynthesisError> { let is_equal = self.is_eq(other)?; is_equal @@ -755,14 +755,14 @@ where } } -impl AllocVar, ::BasePrimeField> for ProjectiveVar +impl

AllocVar, CF

> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn new_variable>>( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> Result { @@ -770,15 +770,15 @@ where } } -impl AllocVar, ::BasePrimeField> - for ProjectiveVar +impl

AllocVar, CF

> + for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn new_variable>>( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> Result { @@ -882,16 +882,16 @@ fn div2(limbs: &mut [u64]) { } } -impl ToBitsGadget<::BasePrimeField> for ProjectiveVar +impl

ToBitsGadget> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn to_bits_le( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bits = g.x.to_bits_le()?; let y_bits = g.y.to_bits_le()?; @@ -903,7 +903,7 @@ where #[tracing::instrument(target = "r1cs")] fn to_non_unique_bits_le( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bits = g.x.to_non_unique_bits_le()?; let y_bits = g.y.to_non_unique_bits_le()?; @@ -913,16 +913,16 @@ where } } -impl ToBytesGadget<::BasePrimeField> for ProjectiveVar +impl

ToBytesGadget> for ProjectiveVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn to_bytes( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bytes = g.x.to_bytes()?; let y_bytes = g.y.to_bytes()?; @@ -935,7 +935,7 @@ where #[tracing::instrument(target = "r1cs")] fn to_non_unique_bytes( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bytes = g.x.to_non_unique_bytes()?; let y_bytes = g.y.to_non_unique_bytes()?; diff --git a/src/groups/curves/short_weierstrass/non_zero_affine.rs b/src/groups/curves/short_weierstrass/non_zero_affine.rs index a746c52d..b25876d9 100644 --- a/src/groups/curves/short_weierstrass/non_zero_affine.rs +++ b/src/groups/curves/short_weierstrass/non_zero_affine.rs @@ -3,29 +3,32 @@ use super::*; /// An affine representation of a prime order curve point that is guaranteed /// to *not* be the point at infinity. #[derive(Derivative)] -#[derivative(Debug, Clone)] +#[derivative( + Debug(bound = "P: SWModelParameters"), + Clone(bound = "P: SWModelParameters"), +)] #[must_use] -pub struct NonZeroAffineVar< - P: SWModelParameters, - F: FieldVar::BasePrimeField>, -> where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, +pub struct NonZeroAffineVar + where + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// The x-coordinate. - pub x: F, + pub x: BFVar

, /// The y-coordinate. - pub y: F, + pub y: BFVar

, #[derivative(Debug = "ignore")] _params: PhantomData

, } -impl NonZeroAffineVar +impl

NonZeroAffineVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + BFVar

: FieldVar>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { - pub(crate) fn new(x: F, y: F) -> Self { + pub(crate) fn new(x: BFVar

, y: BFVar

) -> Self { Self { x, y, @@ -35,8 +38,8 @@ where /// Converts self into a non-zero projective point. #[tracing::instrument(target = "r1cs", skip(self))] - pub(crate) fn into_projective(&self) -> ProjectiveVar { - ProjectiveVar::new(self.x.clone(), self.y.clone(), F::one()) + pub(crate) fn into_projective(&self) -> ProjectiveVar

{ + ProjectiveVar::new(self.x.clone(), self.y.clone(), BFVar::

::one()) } /// Performs an addition without checking that other != ±self. @@ -45,7 +48,7 @@ where if [self, other].is_constant() { let result = (self.value()?.into_projective() + other.value()?.into_projective()).into_affine(); - Ok(Self::new(F::constant(result.x), F::constant(result.y))) + Ok(Self::new(BFVar::

::constant(result.x), BFVar::

::constant(result.y))) } else { let (x1, y1) = (&self.x, &self.y); let (x2, y2) = (&other.x, &other.y); @@ -72,7 +75,7 @@ where let result = self.value()?.into_projective().double().into_affine(); // Panic if the result is zero. assert!(!result.is_zero()); - Ok(Self::new(F::constant(result.x), F::constant(result.y))) + Ok(Self::new(BFVar::

::constant(result.x), BFVar::

::constant(result.y))) } else { let (x1, y1) = (&self.x, &self.y); let x1_sqr = x1.square()?; @@ -132,15 +135,15 @@ where } } -impl R1CSVar<::BasePrimeField> for NonZeroAffineVar +impl

R1CSVar> for NonZeroAffineVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { type Value = SWAffine

; - fn cs(&self) -> ConstraintSystemRef<::BasePrimeField> { + fn cs(&self) -> ConstraintSystemRef> { self.x.cs().or(self.y.cs()) } @@ -149,16 +152,16 @@ where } } -impl CondSelectGadget<::BasePrimeField> for NonZeroAffineVar +impl

CondSelectGadget> for NonZeroAffineVar

where P: SWModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + BF

: FieldExt, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[inline] #[tracing::instrument(target = "r1cs")] fn conditionally_select( - cond: &Boolean<::BasePrimeField>, + cond: &Boolean>, true_value: &Self, false_value: &Self, ) -> Result { @@ -203,7 +206,7 @@ mod test_non_zero_affine { // (1 + 2 + ... + 2^9) G let sum_a = { - let mut a = ProjectiveVar::>::new( + let mut a = ProjectiveVar::::new( x.clone(), y.clone(), FpVar::Constant(Fq::one()), @@ -227,7 +230,7 @@ mod test_non_zero_affine { }; let sum_b = { - let mut a = NonZeroAffineVar::>::new(x, y); + let mut a = NonZeroAffineVar::::new(x, y); let mut double_sequence = Vec::new(); double_sequence.push(a.clone()); @@ -268,7 +271,7 @@ mod test_non_zero_affine { // The following code tests `double_and_add`. let sum_a = { - let a = ProjectiveVar::>::new( + let a = ProjectiveVar::::new( x.clone(), y.clone(), FpVar::Constant(Fq::one()), @@ -286,7 +289,7 @@ mod test_non_zero_affine { }; let sum_b = { - let a = NonZeroAffineVar::>::new(x, y); + let a = NonZeroAffineVar::::new(x, y); let mut cur = a.double().unwrap(); for _ in 1..10 { diff --git a/src/lib.rs b/src/lib.rs index 8ff44b0d..584f9b6e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,7 +1,7 @@ #![cfg_attr(not(feature = "std"), no_std)] //! This crate implements common "gadgets" that make //! programming rank-1 constraint systems easier. -#![deny( +#![warn( warnings, unused, future_incompatible, @@ -42,7 +42,7 @@ pub mod groups; /// This module implements gadgets related to computing pairings in bilinear /// groups. -pub mod pairing; +// pub mod pairing; /// This module describes a trait for allocating new variables in a constraint /// system. From 195d74fe0a4d1f366c623eff425e0d7002b147dc Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 5 Aug 2021 22:14:03 -0700 Subject: [PATCH 02/26] Get fields to compile --- src/fields/cubic_extension.rs | 276 ++++++++++++++++-------------- src/fields/fp/mod.rs | 87 ++++++---- src/fields/fp12.rs | 18 +- src/fields/fp2.rs | 10 +- src/fields/fp3.rs | 16 +- src/fields/fp4.rs | 6 +- src/fields/fp6_2over3.rs | 6 +- src/fields/fp6_3over2.rs | 22 +-- src/fields/mod.rs | 35 ++-- src/fields/quadratic_extension.rs | 226 ++++++++++++------------ 10 files changed, 370 insertions(+), 332 deletions(-) diff --git a/src/fields/cubic_extension.rs b/src/fields/cubic_extension.rs index 6bba59a1..6be0112c 100644 --- a/src/fields/cubic_extension.rs +++ b/src/fields/cubic_extension.rs @@ -3,10 +3,11 @@ use ark_ff::{ Zero, }; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; +use ark_std::iter::Sum; use core::{borrow::Borrow, marker::PhantomData}; use crate::{ - fields::{FieldExt, fp::FpVar, FieldOpsBounds, FieldVar}, + fields::{fp::FpVar, FieldOpsBounds, FieldVar, FieldWithVar}, prelude::*, ToConstraintFieldGadget, Vec, }; @@ -15,13 +16,13 @@ use crate::{ /// in `ark-ff`, i.e. `ark_ff::CubicExtField`. #[derive(Derivative)] #[derivative( - Debug(bound = "P::BaseField: FieldExt"), - Clone(bound = "P::BaseField: FieldExt") + Debug(bound = "P::BaseField: FieldWithVar"), + Clone(bound = "P::BaseField: FieldWithVar") )] #[must_use] pub struct CubicExtVar where - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { /// The zero-th coefficient of this field element. pub c0: BFVar

, @@ -33,20 +34,20 @@ where _params: PhantomData

, } -type BFVar

= <

::BaseField as FieldExt>::Var; +type BFVar

= <

::BaseField as FieldWithVar>::Var; -impl FieldExt for CubicExtField

+impl FieldWithVar for CubicExtField

where - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { type Var = CubicExtVar

; } /// This trait describes parameters that are used to implement arithmetic for /// `CubicExtVar`. -pub trait CubicExtVarParams: CubicExtParameters +pub trait CubicExtVarParams: CubicExtParameters where - Self::BaseField: FieldExt, + Self::BaseField: FieldWithVar, { /// Multiply the base field of the `CubicExtVar` by the appropriate /// Frobenius coefficient. This is equivalent to @@ -56,8 +57,7 @@ where impl CubicExtVar

where - P::BaseField: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { /// Constructs a `CubicExtVar` from the underlying coefficients. #[inline] @@ -75,16 +75,17 @@ where /// `P::NONRESIDUE` that is used to construct the extension field. #[inline] pub fn mul_base_field_by_nonresidue(fe: &BFVar

) -> Result, SynthesisError> { - Ok(fe * P::NONRESIDUE) + Ok(fe.clone() * P::NONRESIDUE) } /// Multiplies `self` by a constant from the base field. #[inline] pub fn mul_by_base_field_constant(&self, fe: P::BaseField) -> Self { - let c0 = &self.c0 * fe; - let c1 = &self.c1 * fe; - let c2 = &self.c2 * fe; - Self::new(c0, c1, c2) + let mut result = self.clone(); + result.c0 *= fe; + result.c1 *= fe; + result.c2 *= fe; + result } /// Sets `self = self.mul_by_base_field_constant(fe)`. @@ -96,9 +97,8 @@ where impl

R1CSVar for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { type Value = CubicExtField

; @@ -117,77 +117,72 @@ where impl

From> for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { fn from(other: Boolean) -> Self { - let c0 = BFVar::from(other); - let c1 = BFVar::zero(); - let c2 = BFVar::zero(); + let c0 = BFVar::

::from(other); + let c1 = BFVar::

::zero(); + let c2 = BFVar::

::zero(); Self::new(c0, c1, c2) } } impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for CubicExtVar

where - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { } impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for &'a CubicExtVar

where - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { } impl

FieldVar, P::BasePrimeField> for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { fn constant(other: CubicExtField

) -> Self { - let c0 = BFVar::constant(other.c0); - let c1 = BFVar::constant(other.c1); - let c2 = BFVar::constant(other.c2); + let c0 = BFVar::

::constant(other.c0); + let c1 = BFVar::

::constant(other.c1); + let c2 = BFVar::

::constant(other.c2); Self::new(c0, c1, c2) } fn zero() -> Self { - let c0 = BFVar::zero(); - let c1 = BFVar::zero(); - let c2 = BFVar::zero(); + let c0 = BFVar::

::zero(); + let c1 = BFVar::

::zero(); + let c2 = BFVar::

::zero(); Self::new(c0, c1, c2) } fn one() -> Self { - let c0 = BFVar::one(); - let c1 = BFVar::zero(); - let c2 = BFVar::zero(); + let c0 = BFVar::

::one(); + let c1 = BFVar::

::zero(); + let c2 = BFVar::

::zero(); Self::new(c0, c1, c2) } #[inline] #[tracing::instrument(target = "r1cs")] - fn double(&self) -> Result { - let c0 = self.c0.double()?; - let c1 = self.c1.double()?; - let c2 = self.c2.double()?; - Ok(Self::new(c0, c1, c2)) + fn double_in_place(&mut self) -> Result<&mut Self, SynthesisError> { + self.c0.double_in_place()?; + self.c1.double_in_place()?; + self.c2.double_in_place()?; + Ok(self) } #[inline] #[tracing::instrument(target = "r1cs")] - fn negate(&self) -> Result { - let mut result = self.clone(); - result.c0.negate_in_place()?; - result.c1.negate_in_place()?; - result.c2.negate_in_place()?; - Ok(result) + fn negate_in_place(&mut self) -> Result<&mut Self, SynthesisError> { + self.c0.negate_in_place()?; + self.c1.negate_in_place()?; + self.c2.negate_in_place()?; + Ok(self) } /// Use the Chung-Hasan asymmetric squaring formula. @@ -197,23 +192,23 @@ where /// Fields.pdf; Section 4 (CH-SQR2)) #[inline] #[tracing::instrument(target = "r1cs")] - fn square(&self) -> Result { + fn square_in_place(&mut self) -> Result<&mut Self, SynthesisError> { let a = self.c0.clone(); let b = self.c1.clone(); let c = self.c2.clone(); let s0 = a.square()?; - let ab = &a * &b; + let ab = a.clone() * &b; let s1 = ab.double()?; - let s2 = (&a - &b + &c).square()?; - let s3 = (&b * &c).double()?; + let s2 = (a - &b + &c).square()?; + let s3 = (b * &c).double()?; let s4 = c.square()?; - let c0 = Self::mul_base_field_by_nonresidue(&s3)? + &s0; - let c1 = Self::mul_base_field_by_nonresidue(&s4)? + &s1; - let c2 = s1 + &s2 + &s3 - &s0 - &s4; + self.c0 = Self::mul_base_field_by_nonresidue(&s3)? + &s0; + self.c1 = Self::mul_base_field_by_nonresidue(&s4)? + &s1; + self.c2 = s1 + &s2 + &s3 - &s0 - &s4; - Ok(Self::new(c0, c1, c2)) + Ok(self) } #[tracing::instrument(target = "r1cs")] @@ -240,28 +235,28 @@ where // // This implementation adapted from // https://github.com/ZencashOfficial/ginger-lib/blob/development/r1cs/gadgets/std/src/fields/fp3.rs - let v0 = &self.c0 * &other.c0; - let v1 = &self.c1 * &other.c1; - let v2 = &self.c2 * &other.c2; + let v0 = self.c0.clone() * &other.c0; + let v1 = self.c1.clone() * &other.c1; + let v2 = self.c2.clone() * &other.c2; // Check c0 - let nr_a1_plus_a2 = (&self.c1 + &self.c2) * P::NONRESIDUE; - let b1_plus_b2 = &other.c1 + &other.c2; - let nr_v1 = &v1 * P::NONRESIDUE; - let nr_v2 = &v2 * P::NONRESIDUE; - let to_check = &result.c0 - &v0 + &nr_v1 + &nr_v2; + let nr_a1_plus_a2 = (self.c1.clone() + &self.c2) * P::NONRESIDUE; + let b1_plus_b2 = other.c1.clone() + &other.c2; + let nr_v1 = v1.clone() * P::NONRESIDUE; + let nr_v2 = v2.clone() * P::NONRESIDUE; + let to_check = result.c0.clone() - &v0 + &nr_v1 + &nr_v2; nr_a1_plus_a2.mul_equals(&b1_plus_b2, &to_check)?; // Check c1 - let a0_plus_a1 = &self.c0 + &self.c1; - let b0_plus_b1 = &other.c0 + &other.c1; - let to_check = &result.c1 - &nr_v2 + &v0 + &v1; + let a0_plus_a1 = self.c0.clone() + &self.c1; + let b0_plus_b1 = other.c0.clone() + &other.c1; + let to_check = result.c1.clone() - &nr_v2 + &v0 + &v1; a0_plus_a1.mul_equals(&b0_plus_b1, &to_check)?; // Check c2 - let a0_plus_a2 = &self.c0 + &self.c2; - let b0_plus_b2 = &other.c0 + &other.c2; - let to_check = &result.c2 + &v0 - &v1 + &v2; + let a0_plus_a2 = self.c0.clone() + &self.c2; + let b0_plus_b2 = other.c0.clone() + &other.c2; + let to_check = result.c2.clone() + &v0 - &v1 + &v2; a0_plus_a2.mul_equals(&b0_plus_b2, &to_check)?; Ok(()) } @@ -304,18 +299,16 @@ impl_bounded_ops!( add, AddAssign, add_assign, - |this: &'a CubicExtVar

, other: &'a CubicExtVar

| { - let c0 = &this.c0 + &other.c0; - let c1 = &this.c1 + &other.c1; - let c2 = &this.c2 + &other.c2; - CubicExtVar::new(c0, c1, c2) + |this: &mut CubicExtVar

, other: &'a CubicExtVar

| { + this.c0 += &other.c0; + this.c1 += &other.c1; + this.c2 += &other.c2; }, - |this: &'a CubicExtVar

, other: CubicExtField

| { - this + CubicExtVar::constant(other) + |this: &mut CubicExtVar

, other: CubicExtField

| { + *this = &*this + CubicExtVar::constant(other) }, (P: CubicExtVarParams), - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, ); impl_bounded_ops!( CubicExtVar

, @@ -324,18 +317,16 @@ impl_bounded_ops!( sub, SubAssign, sub_assign, - |this: &'a CubicExtVar

, other: &'a CubicExtVar

| { - let c0 = &this.c0 - &other.c0; - let c1 = &this.c1 - &other.c1; - let c2 = &this.c2 - &other.c2; - CubicExtVar::new(c0, c1, c2) + |this: &mut CubicExtVar

, other: &'a CubicExtVar

| { + this.c0 -= &other.c0; + this.c1 -= &other.c1; + this.c2 -= &other.c2; }, - |this: &'a CubicExtVar

, other: CubicExtField

| { - this - CubicExtVar::constant(other) + |this: &mut CubicExtVar

, other: CubicExtField

| { + *this = &*this - CubicExtVar::constant(other) }, (P: CubicExtVarParams), - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, ); impl_bounded_ops!( CubicExtVar

, @@ -344,7 +335,7 @@ impl_bounded_ops!( mul, MulAssign, mul_assign, - |this: &'a CubicExtVar

, other: &'a CubicExtVar

| { + |this: &mut CubicExtVar

, other: &'a CubicExtVar

| { // Karatsuba multiplication for cubic extensions: // v0 = A.c0 * B.c0 // v1 = A.c1 * B.c1 @@ -356,31 +347,31 @@ impl_bounded_ops!( // Reference: // "Multiplication and Squaring on Pairing-Friendly Fields" // Devegili, OhEigeartaigh, Scott, Dahab - let v0 = &this.c0 * &other.c0; - let v1 = &this.c1 * &other.c1; - let v2 = &this.c2 * &other.c2; - let c0 = - (((&this.c1 + &this.c2) * (&other.c1 + &other.c2) - &v1 - &v2) * P::NONRESIDUE) + &v0 ; - let c1 = - (&this.c0 + &this.c1) * (&other.c0 + &other.c1) - &v0 - &v1 + (&v2 * P::NONRESIDUE); - let c2 = - (&this.c0 + &this.c2) * (&other.c0 + &other.c2) - &v0 + &v1 - &v2; - - CubicExtVar::new(c0, c1, c2) + let this_copy = this.clone(); + let v0 = this_copy.c0 * &other.c0; + let v1 = this_copy.c1 * &other.c1; + let v2 = this_copy.c2 * &other.c2; + let c0 = (((this.c1.clone() + &this.c2) * (other.c1.clone() + &other.c2) - &v1 - &v2) + * P::NONRESIDUE) + + &v0; + let c1 = (this.c0.clone() + &this.c1) * (other.c0.clone() + &other.c1) - &v0 - &v1 + + (v2.clone() * P::NONRESIDUE); + let c2 = (this.c0.clone() + &this.c2) * (other.c0.clone() + &other.c2) - &v0 + &v1 - &v2; + this.c0 = c0; + this.c1 = c1; + this.c2 = c2; }, - |this: &'a CubicExtVar

, other: CubicExtField

| { - this * CubicExtVar::constant(other) + |this: &mut CubicExtVar

, other: CubicExtField

| { + *this = CubicExtVar::constant(other) * &*this; }, (P: CubicExtVarParams), - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, ); impl

EqGadget for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] fn is_eq(&self, other: &Self) -> Result, SynthesisError> { @@ -419,8 +410,7 @@ where impl

ToBitsGadget for CubicExtVar

where - P::BaseField: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, P: CubicExtVarParams, { #[tracing::instrument(target = "r1cs")] @@ -446,9 +436,8 @@ where impl

ToBytesGadget for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -476,9 +465,8 @@ where impl

ToConstraintFieldGadget for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, BFVar

: ToConstraintFieldGadget, { #[tracing::instrument(target = "r1cs")] @@ -495,9 +483,8 @@ where impl

CondSelectGadget for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { #[inline] #[tracing::instrument(target = "r1cs")] @@ -506,9 +493,9 @@ where true_value: &Self, false_value: &Self, ) -> Result { - let c0 = BFVar::conditionally_select(cond, &true_value.c0, &false_value.c0)?; - let c1 = BFVar::conditionally_select(cond, &true_value.c1, &false_value.c1)?; - let c2 = BFVar::conditionally_select(cond, &true_value.c2, &false_value.c2)?; + let c0 = BFVar::

::conditionally_select(cond, &true_value.c0, &false_value.c0)?; + let c1 = BFVar::

::conditionally_select(cond, &true_value.c1, &false_value.c1)?; + let c2 = BFVar::

::conditionally_select(cond, &true_value.c2, &false_value.c2)?; Ok(Self::new(c0, c1, c2)) } } @@ -516,9 +503,8 @@ where impl

TwoBitLookupGadget for CubicExtVar

where BFVar

: TwoBitLookupGadget, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { type TableConstant = CubicExtField

; @@ -530,9 +516,9 @@ where let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = BFVar::two_bit_lookup(b, &c0s)?; - let c1 = BFVar::two_bit_lookup(b, &c1s)?; - let c2 = BFVar::two_bit_lookup(b, &c2s)?; + let c0 = BFVar::

::two_bit_lookup(b, &c0s)?; + let c1 = BFVar::

::two_bit_lookup(b, &c1s)?; + let c2 = BFVar::

::two_bit_lookup(b, &c2s)?; Ok(Self::new(c0, c1, c2)) } } @@ -540,9 +526,8 @@ where impl

ThreeBitCondNegLookupGadget for CubicExtVar

where BFVar

: ThreeBitCondNegLookupGadget, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { type TableConstant = CubicExtField

; @@ -555,18 +540,17 @@ where let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; - let c1 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; - let c2 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c2s)?; + let c0 = BFVar::

::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; + let c1 = BFVar::

::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; + let c2 = BFVar::

::three_bit_cond_neg_lookup(b, b0b1, &c2s)?; Ok(Self::new(c0, c1, c2)) } } impl

AllocVar, P::BasePrimeField> for CubicExtVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, P: CubicExtVarParams, - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { fn new_variable>>( cs: impl Into>, @@ -586,9 +570,35 @@ where ), }; - let c0 = BFVar::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; - let c1 = BFVar::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; - let c2 = BFVar::new_variable(ark_relations::ns!(cs, "c2"), || c2, mode)?; + let c0 = BFVar::

::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; + let c1 = BFVar::

::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; + let c2 = BFVar::

::new_variable(ark_relations::ns!(cs, "c2"), || c2, mode)?; Ok(Self::new(c0, c1, c2)) } } + +impl<'a, P: CubicExtVarParams> Sum<&'a CubicExtVar

> for CubicExtVar

+where + P::BaseField: FieldWithVar, +{ + fn sum>(iter: I) -> Self { + let elements = iter.collect::>(); + let c0 = elements.iter().map(|v| &v.c0).sum::>(); + let c1 = elements.iter().map(|v| &v.c1).sum::>(); + let c2 = elements.iter().map(|v| &v.c2).sum::>(); + Self::new(c0, c1, c2) + } +} + +impl<'a, P: CubicExtVarParams> Sum> for CubicExtVar

+where + P::BaseField: FieldWithVar, +{ + fn sum>(iter: I) -> Self { + let elements = iter.collect::>(); + let c0 = elements.iter().map(|v| &v.c0).sum::>(); + let c1 = elements.iter().map(|v| &v.c1).sum::>(); + let c2 = elements.iter().map(|v| &v.c2).sum::>(); + Self::new(c0, c1, c2) + } +} diff --git a/src/fields/fp/mod.rs b/src/fields/fp/mod.rs index 2ba2ef4a..32171a51 100644 --- a/src/fields/fp/mod.rs +++ b/src/fields/fp/mod.rs @@ -6,7 +6,7 @@ use ark_relations::r1cs::{ use core::borrow::Borrow; use crate::{ - fields::{FieldOpsBounds, FieldVar, FieldExt}, + fields::{FieldOpsBounds, FieldVar, FieldWithVar}, prelude::*, Assignment, ToConstraintFieldGadget, Vec, }; @@ -51,7 +51,7 @@ pub enum FpVar { macro_rules! impl_field_ext { ($Fp:ident, $FpParams:ident) => { - impl FieldExt for ark_ff::models::$Fp

{ + impl FieldWithVar for ark_ff::models::$Fp

{ type Var = FpVar; } }; @@ -63,7 +63,6 @@ impl_field_ext!(Fp384, Fp384Parameters); impl_field_ext!(Fp768, Fp768Parameters); impl_field_ext!(Fp832, Fp832Parameters); - impl R1CSVar for FpVar { type Value = F; @@ -701,27 +700,30 @@ impl FieldVar for FpVar { } #[tracing::instrument(target = "r1cs")] - fn double(&self) -> Result { - match self { - Self::Constant(c) => Ok(Self::Constant(c.double())), - Self::Var(v) => Ok(Self::Var(v.double()?)), - } + fn double_in_place(&mut self) -> Result<&mut Self, SynthesisError> { + *self = match self { + Self::Constant(c) => Self::Constant(c.double()), + Self::Var(v) => Self::Var(v.double()?), + }; + Ok(self) } #[tracing::instrument(target = "r1cs")] - fn negate(&self) -> Result { - match self { - Self::Constant(c) => Ok(Self::Constant(-*c)), - Self::Var(v) => Ok(Self::Var(v.negate())), - } + fn negate_in_place(&mut self) -> Result<&mut Self, SynthesisError> { + *self = match self { + Self::Constant(c) => Self::Constant(-*c), + Self::Var(v) => Self::Var(v.negate()), + }; + Ok(self) } #[tracing::instrument(target = "r1cs")] - fn square(&self) -> Result { - match self { - Self::Constant(c) => Ok(Self::Constant(c.square())), - Self::Var(v) => Ok(Self::Var(v.square()?)), - } + fn square_in_place(&mut self) -> Result<&mut Self, SynthesisError> { + *self = match self { + Self::Constant(c) => Self::Constant(c.square()), + Self::Var(v) => Self::Var(v.square()?), + }; + Ok(self) } /// Enforce that `self * other == result`. @@ -796,15 +798,15 @@ impl_ops!( add, AddAssign, add_assign, - |this: &'a FpVar, other: &'a FpVar| { + |this: &mut FpVar, other: &'a FpVar| { use FpVar::*; - match (this, other) { + *this = match (&*this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 + *c2), (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.add_constant(*c)), (Var(v1), Var(v2)) => Var(v1.add(v2)), - } + }; }, - |this: &'a FpVar, other: F| { this + &FpVar::Constant(other) }, + |this: &mut FpVar, other: F| { *this = &*this + &FpVar::Constant(other) }, F: PrimeField, ); @@ -815,16 +817,16 @@ impl_ops!( sub, SubAssign, sub_assign, - |this: &'a FpVar, other: &'a FpVar| { + |this: &mut FpVar, other: &'a FpVar| { use FpVar::*; - match (this, other) { + *this = match (&*this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 - *c2), (Var(v), Constant(c)) => Var(v.sub_constant(*c)), (Constant(c), Var(v)) => Var(v.sub_constant(*c).negate()), (Var(v1), Var(v2)) => Var(v1.sub(v2)), - } + }; }, - |this: &'a FpVar, other: F| { this - &FpVar::Constant(other) }, + |this: &mut FpVar, other: F| { *this = &*this - &FpVar::Constant(other) }, F: PrimeField ); @@ -835,20 +837,20 @@ impl_ops!( mul, MulAssign, mul_assign, - |this: &'a FpVar, other: &'a FpVar| { + |this: &mut FpVar, other: &'a FpVar| { use FpVar::*; - match (this, other) { + *this = match (&*this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 * *c2), (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.mul_constant(*c)), (Var(v1), Var(v2)) => Var(v1.mul(v2)), - } + }; }, - |this: &'a FpVar, other: F| { - if other.is_zero() { + |this: &mut FpVar, other: F| { + *this = if other.is_zero() { FpVar::zero() } else { - this * &FpVar::Constant(other) - } + &*this * FpVar::Constant(other) + }; }, F: PrimeField ); @@ -1073,6 +1075,25 @@ impl<'a, F: PrimeField> Sum<&'a FpVar> for FpVar { } } +impl Sum> for FpVar { + fn sum>>(iter: I) -> FpVar { + let mut sum_constants = F::zero(); + let vars = iter + .filter_map(|x| match x { + FpVar::Constant(c) => { + sum_constants += c; + None + } + FpVar::Var(v) => Some(v), + }) + .collect::>(); + let sum_variables = FpVar::Var(AllocatedFp::::addmany(vars.iter())); + + let sum = sum_variables + sum_constants; + sum + } +} + #[cfg(test)] mod test { use crate::alloc::{AllocVar, AllocationMode}; diff --git a/src/fields/fp12.rs b/src/fields/fp12.rs index 491e72e2..80059b4b 100644 --- a/src/fields/fp12.rs +++ b/src/fields/fp12.rs @@ -1,4 +1,6 @@ -use crate::fields::{FieldExt, fp2::Fp2Var, fp6_3over2::Fp6Var, quadratic_extension::*, FieldVar}; +use crate::fields::{ + fp2::Fp2Var, fp6_3over2::Fp6Var, quadratic_extension::*, FieldVar, FieldWithVar, +}; use ark_ff::fields::{fp12_2over3over2::*, fp6_3over2::Fp6Parameters, Field, QuadExtParameters}; use ark_relations::r1cs::SynthesisError; @@ -9,9 +11,9 @@ pub type Fp12Var

= QuadExtVar>; type Fp2Params

= <

::Fp6Params as Fp6Parameters>::Fp2Params; -impl QuadExtVarParams for Fp12ParamsWrapper

-where - Self::BasePrimeField: FieldExt +impl QuadExtVarParams for Fp12ParamsWrapper

+where + Self::BasePrimeField: FieldWithVar, { fn mul_base_field_var_by_frob_coeff(fe: &mut Fp6Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; @@ -20,11 +22,9 @@ where } } -type Fp

= as QuadExtParameters>::BasePrimeField; - -impl Fp12Var

-where - Fp

: FieldExt +impl Fp12Var

+where + as Field>::BasePrimeField: FieldWithVar, { /// Multiplies by a sparse element of the form `(c0 = (c0, c1, 0), c1 = (0, /// d1, 0))`. diff --git a/src/fields/fp2.rs b/src/fields/fp2.rs index 5f293743..4d12674a 100644 --- a/src/fields/fp2.rs +++ b/src/fields/fp2.rs @@ -1,15 +1,17 @@ -use crate::fields::{FieldExt, fp::FpVar, quadratic_extension::*}; +use crate::fields::{quadratic_extension::*, FieldWithVar}; use ark_ff::fields::{Fp2Parameters, Fp2ParamsWrapper, QuadExtParameters}; +type FpVar

= < as QuadExtParameters>::BasePrimeField as FieldWithVar>::Var; + /// A quadratic extension field constructed over a prime field. /// This is the R1CS equivalent of `ark_ff::Fp2

`. pub type Fp2Var

= QuadExtVar>; -impl QuadExtVarParams for Fp2ParamsWrapper

+impl QuadExtVarParams for Fp2ParamsWrapper

where - Self::BaseField: FieldExt + Self::BaseField: FieldWithVar, { - fn mul_base_field_var_by_frob_coeff(fe: &mut FpVar, power: usize) { + fn mul_base_field_var_by_frob_coeff(fe: &mut FpVar

, power: usize) { *fe *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; } } diff --git a/src/fields/fp3.rs b/src/fields/fp3.rs index 52f81c93..c0dc3981 100644 --- a/src/fields/fp3.rs +++ b/src/fields/fp3.rs @@ -1,19 +1,17 @@ -use crate::fields::{FieldExt, cubic_extension::*, fp::FpVar}; +use crate::fields::{cubic_extension::*, FieldWithVar}; use ark_ff::fields::{CubicExtParameters, Fp3Parameters, Fp3ParamsWrapper}; +type FpVar

= < as CubicExtParameters>::BasePrimeField as FieldWithVar>::Var; + /// A cubic extension field constructed over a prime field. /// This is the R1CS equivalent of `ark_ff::Fp3

`. pub type Fp3Var

= CubicExtVar>; -impl CubicExtVarParams for Fp3ParamsWrapper

-where - Self::BasePrimeField: FieldExt +impl CubicExtVarParams for Fp3ParamsWrapper

+where + Self::BasePrimeField: FieldWithVar, { - fn mul_base_field_vars_by_frob_coeff( - c1: &mut FpVar, - c2: &mut FpVar, - power: usize, - ) { + fn mul_base_field_vars_by_frob_coeff(c1: &mut FpVar

, c2: &mut FpVar

, power: usize) { *c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; *c2 *= Self::FROBENIUS_COEFF_C2[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; } diff --git a/src/fields/fp4.rs b/src/fields/fp4.rs index a0fb53f8..1e0f294b 100644 --- a/src/fields/fp4.rs +++ b/src/fields/fp4.rs @@ -1,4 +1,4 @@ -use crate::fields::{FieldExt, fp2::Fp2Var, quadratic_extension::*}; +use crate::fields::{fp2::Fp2Var, quadratic_extension::*, FieldWithVar}; use ark_ff::fields::{Fp4Parameters, Fp4ParamsWrapper, QuadExtParameters}; /// A quartic extension field constructed as the tower of a @@ -6,9 +6,9 @@ use ark_ff::fields::{Fp4Parameters, Fp4ParamsWrapper, QuadExtParameters}; /// This is the R1CS equivalent of `ark_ff::Fp4

`. pub type Fp4Var

= QuadExtVar>; -impl QuadExtVarParams for Fp4ParamsWrapper

+impl QuadExtVarParams for Fp4ParamsWrapper

where - Self::BasePrimeField: FieldExt + Self::BasePrimeField: FieldWithVar, { fn mul_base_field_var_by_frob_coeff(fe: &mut Fp2Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; diff --git a/src/fields/fp6_2over3.rs b/src/fields/fp6_2over3.rs index dff78c63..2c252882 100644 --- a/src/fields/fp6_2over3.rs +++ b/src/fields/fp6_2over3.rs @@ -1,4 +1,4 @@ -use crate::fields::{FieldExt, fp3::Fp3Var, quadratic_extension::*}; +use crate::fields::{fp3::Fp3Var, quadratic_extension::*, FieldWithVar}; use ark_ff::fields::{fp6_2over3::*, QuadExtParameters}; /// A sextic extension field constructed as the tower of a @@ -6,9 +6,9 @@ use ark_ff::fields::{fp6_2over3::*, QuadExtParameters}; /// This is the R1CS equivalent of `ark_ff::fp6_2over3::Fp6

`. pub type Fp6Var

= QuadExtVar>; -impl QuadExtVarParams for Fp6ParamsWrapper

+impl QuadExtVarParams for Fp6ParamsWrapper

where - Self::BasePrimeField: FieldExt + Self::BasePrimeField: FieldWithVar, { fn mul_base_field_var_by_frob_coeff(fe: &mut Fp3Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; diff --git a/src/fields/fp6_3over2.rs b/src/fields/fp6_3over2.rs index 09e50759..c8a657d9 100644 --- a/src/fields/fp6_3over2.rs +++ b/src/fields/fp6_3over2.rs @@ -1,4 +1,4 @@ -use crate::fields::{FieldExt, cubic_extension::*, fp2::*}; +use crate::fields::{cubic_extension::*, fp2::*, FieldWithVar}; use ark_ff::fields::{fp6_3over2::*, CubicExtParameters, Fp2}; use ark_relations::r1cs::SynthesisError; use core::ops::MulAssign; @@ -8,9 +8,11 @@ use core::ops::MulAssign; /// This is the R1CS equivalent of `ark_ff::fp6_3over3::Fp6

`. pub type Fp6Var

= CubicExtVar>; -impl CubicExtVarParams for Fp6ParamsWrapper

-where - Fp

: FieldExt +type Fp

= as CubicExtParameters>::BasePrimeField; + +impl CubicExtVarParams for Fp6ParamsWrapper

+where + Fp

: FieldWithVar, { fn mul_base_field_vars_by_frob_coeff( c1: &mut Fp2Var, @@ -22,11 +24,9 @@ where } } -type Fp

= as CubicExtParameters>::BasePrimeField; - -impl Fp6Var

-where - Fp

: FieldExt +impl Fp6Var

+where + Fp

: FieldWithVar, { /// Multiplies `self` by a sparse element which has `c0 == c2 == zero`. pub fn mul_by_0_c1_0(&self, c1: &Fp2Var) -> Result { @@ -84,9 +84,9 @@ where } } -impl MulAssign> for Fp6Var

+impl MulAssign> for Fp6Var

where - Fp

: FieldExt + Fp

: FieldWithVar, { fn mul_assign(&mut self, other: Fp2) { self.c0 *= other; diff --git a/src/fields/mod.rs b/src/fields/mod.rs index 472bd14d..bd998ff0 100644 --- a/src/fields/mod.rs +++ b/src/fields/mod.rs @@ -2,6 +2,7 @@ use ark_ff::{prelude::*, BitIteratorBE}; use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; use core::{ fmt::Debug, + iter::Sum, ops::{Add, AddAssign, Mul, MulAssign, Sub, SubAssign}, }; @@ -49,7 +50,7 @@ pub mod fp6_2over3; /// `ark_ff::fp6_3over2::Fp6` pub mod fp6_3over2; -pub trait FieldExt: Field { +pub trait FieldWithVar: Field { type Var: FieldVar; } @@ -90,6 +91,8 @@ pub trait FieldVar: + SubAssign + MulAssign + Debug + + for<'a> Sum<&'a Self> + + Sum { /// Returns the constant `F::zero()`. fn zero() -> Self; @@ -114,24 +117,23 @@ pub trait FieldVar: /// Computes `self + self`. fn double(&self) -> Result { - Ok(self.clone() + self) + let mut result = self.clone(); + result.double_in_place()?; + Ok(result) } /// Sets `self = self + self`. - fn double_in_place(&mut self) -> Result<&mut Self, SynthesisError> { - *self += self.double()?; - Ok(self) - } + fn double_in_place(&mut self) -> Result<&mut Self, SynthesisError>; /// Coputes `-self`. - fn negate(&self) -> Result; + fn negate(&self) -> Result { + let mut result = self.clone(); + result.negate_in_place()?; + Ok(result) + } /// Sets `self = -self`. - #[inline] - fn negate_in_place(&mut self) -> Result<&mut Self, SynthesisError> { - *self = self.negate()?; - Ok(self) - } + fn negate_in_place(&mut self) -> Result<&mut Self, SynthesisError>; /// Computes `self * self`. /// @@ -139,14 +141,13 @@ pub trait FieldVar: /// multiplication routine. However, this method should be specialized /// for extension fields, where faster algorithms exist for squaring. fn square(&self) -> Result { - Ok(self.clone() * self) + let mut result = self.clone(); + result.square_in_place()?; + Ok(result) } /// Sets `self = self.square()`. - fn square_in_place(&mut self) -> Result<&mut Self, SynthesisError> { - *self = self.square()?; - Ok(self) - } + fn square_in_place(&mut self) -> Result<&mut Self, SynthesisError>; /// Enforces that `self * other == result`. fn mul_equals(&self, other: &Self, result: &Self) -> Result<(), SynthesisError> { diff --git a/src/fields/quadratic_extension.rs b/src/fields/quadratic_extension.rs index e67b59bd..dbe9eb6a 100644 --- a/src/fields/quadratic_extension.rs +++ b/src/fields/quadratic_extension.rs @@ -10,20 +10,21 @@ use crate::{ prelude::*, ToConstraintFieldGadget, Vec, }; +use ark_std::iter::Sum; -use super::FieldExt; +use super::FieldWithVar; /// This struct is the `R1CS` equivalent of the quadratic extension field type /// in `ark-ff`, i.e. `ark_ff::QuadExtField`. #[derive(Derivative)] #[derivative( - Debug(bound = "P::BaseField: FieldExt"), - Clone(bound = "P::BaseField: FieldExt") + Debug(bound = "P::BaseField: FieldWithVar"), + Clone(bound = "P::BaseField: FieldWithVar") )] #[must_use] pub struct QuadExtVar where - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { /// The zero-th coefficient of this field element. pub c0: BFVar

, @@ -33,11 +34,11 @@ where _params: PhantomData

, } -type BFVar

= <

::BaseField as FieldExt>::Var; +type BFVar

= <

::BaseField as FieldWithVar>::Var; -impl FieldExt for QuadExtField

+impl FieldWithVar for QuadExtField

where - P::BaseField: FieldExt, + P::BaseField: FieldWithVar, { type Var = QuadExtVar

; } @@ -46,7 +47,7 @@ where /// `QuadExtVar`. pub trait QuadExtVarParams: QuadExtParameters where - Self::BaseField: FieldExt + Self::BaseField: FieldWithVar, { /// Multiply the base field of the `QuadExtVar` by the appropriate Frobenius /// coefficient. This is equivalent to @@ -56,8 +57,7 @@ where impl QuadExtVar

where - P::BaseField: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { /// Constructs a `QuadExtVar` from the underlying coefficients. pub fn new(c0: BFVar

, c1: BFVar

) -> Self { @@ -72,7 +72,7 @@ where /// `P::NONRESIDUE` that is used to construct the extension field. #[inline] pub fn mul_base_field_by_nonresidue(fe: &BFVar

) -> Result, SynthesisError> { - Ok(fe * P::NONRESIDUE) + Ok(fe.clone() * P::NONRESIDUE) } /// Multiplies `self` by a constant from the base field. @@ -132,8 +132,7 @@ where impl R1CSVar for QuadExtVar

where - P::BaseField: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { type Value = QuadExtField

; @@ -152,93 +151,89 @@ where impl From> for QuadExtVar

where - P::BaseField: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { fn from(other: Boolean) -> Self { - let c0 = BFVar::from(other); - let c1 = BFVar::zero(); + let c0 = BFVar::

::from(other); + let c1 = BFVar::

::zero(); Self::new(c0, c1) } } -impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for QuadExtVar

-where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, +impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for QuadExtVar

where + P::BaseField: FieldWithVar { } -impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for &'a QuadExtVar

+impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> + for &'a QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { } impl FieldVar, P::BasePrimeField> for QuadExtVar

where - P::BaseField: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { fn constant(other: QuadExtField

) -> Self { - let c0 = BFVar::constant(other.c0); - let c1 = BFVar::constant(other.c1); + let c0 = BFVar::

::constant(other.c0); + let c1 = BFVar::

::constant(other.c1); Self::new(c0, c1) } fn zero() -> Self { - let c0 = BFVar::zero(); - let c1 = BFVar::zero(); + let c0 = BFVar::

::zero(); + let c1 = BFVar::

::zero(); Self::new(c0, c1) } fn one() -> Self { - let c0 = BFVar::one(); - let c1 = BFVar::zero(); + let c0 = BFVar::

::one(); + let c1 = BFVar::

::zero(); Self::new(c0, c1) } #[inline] #[tracing::instrument(target = "r1cs")] - fn double(&self) -> Result { - let c0 = self.c0.double()?; - let c1 = self.c1.double()?; - Ok(Self::new(c0, c1)) + fn double_in_place(&mut self) -> Result<&mut Self, SynthesisError> { + self.c0.double_in_place()?; + self.c1.double_in_place()?; + Ok(self) } #[inline] #[tracing::instrument(target = "r1cs")] - fn negate(&self) -> Result { - let mut result = self.clone(); - result.c0.negate_in_place()?; - result.c1.negate_in_place()?; - Ok(result) + fn negate_in_place(&mut self) -> Result<&mut Self, SynthesisError> { + self.c0.negate_in_place()?; + self.c1.negate_in_place()?; + Ok(self) } #[inline] #[tracing::instrument(target = "r1cs")] - fn square(&self) -> Result { + fn square_in_place(&mut self) -> Result<&mut Self, SynthesisError> { // From Libsnark/fp2_gadget.tcc // Complex multiplication for Fp2: // "Multiplication and Squaring on Pairing-Friendly Fields" // Devegili, OhEigeartaigh, Scott, Dahab // v0 = c0 - c1 - let mut v0 = &self.c0 - &self.c1; + let self_c0 = self.c0.clone(); + let mut v0 = self_c0.clone() - &self.c1; // v3 = c0 - beta * c1 - let v3 = &self.c0 - &Self::mul_base_field_by_nonresidue(&self.c1)?; + let v3 = self_c0.clone() - &Self::mul_base_field_by_nonresidue(&self.c1)?; // v2 = c0 * c1 - let v2 = &self.c0 * &self.c1; + let v2 = self_c0 * &self.c1; // v0 = (v0 * v3) + v2 v0 *= &v3; v0 += &v2; - let c0 = &v0 + &Self::mul_base_field_by_nonresidue(&v2)?; - let c1 = v2.double()?; + self.c0 = v0 + &Self::mul_base_field_by_nonresidue(&v2)?; + self.c1 = v2.double()?; - Ok(Self::new(c0, c1)) + Ok(self) } #[tracing::instrument(target = "r1cs")] @@ -256,19 +251,19 @@ where // "Multiplication and Squaring on Pairing-Friendly Fields" // Devegili, OhEigeartaigh, Scott, Dahab // Compute v1 - let v1 = &self.c1 * &other.c1; + let v1 = self.c1.clone() * &other.c1; // Perform second check let non_residue_times_v1 = Self::mul_base_field_by_nonresidue(&v1)?; - let rhs = &result.c0 - &non_residue_times_v1; + let rhs = result.c0.clone() - &non_residue_times_v1; self.c0.mul_equals(&other.c0, &rhs)?; // Last check - let a0_plus_a1 = &self.c0 + &self.c1; - let b0_plus_b1 = &other.c0 + &other.c1; - let one_minus_non_residue_v1 = &v1 - &non_residue_times_v1; + let a0_plus_a1 = self.c0.clone() + &self.c1; + let b0_plus_b1 = other.c0.clone() + &other.c1; + let one_minus_non_residue_v1 = v1 - non_residue_times_v1; - let tmp = &(&result.c1 + &result.c0) + &one_minus_non_residue_v1; + let tmp = one_minus_non_residue_v1 + &result.c1 + &result.c0; a0_plus_a1.mul_equals(&b0_plus_b1, &tmp)?; Ok(()) @@ -310,17 +305,15 @@ impl_bounded_ops!( add, AddAssign, add_assign, - |this: &'a QuadExtVar

, other: &'a QuadExtVar

| { - let c0 = &this.c0 + &other.c0; - let c1 = &this.c1 + &other.c1; - QuadExtVar::new(c0, c1) + |this: &mut QuadExtVar

, other: &'a QuadExtVar

| { + this.c0 += &other.c0; + this.c1 += &other.c1; }, - |this: &'a QuadExtVar

, other: QuadExtField

| { - this + QuadExtVar::constant(other) + |this: &mut QuadExtVar

, other: QuadExtField

| { + *this = &*this + QuadExtVar::constant(other); }, (P: QuadExtVarParams), - P::BaseField: FieldExt, - for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> + P::BaseField: FieldWithVar, ); impl_bounded_ops!( QuadExtVar

, @@ -329,17 +322,15 @@ impl_bounded_ops!( sub, SubAssign, sub_assign, - |this: &'a QuadExtVar

, other: &'a QuadExtVar

| { - let c0 = &this.c0 - &other.c0; - let c1 = &this.c1 - &other.c1; - QuadExtVar::new(c0, c1) + |this: &mut QuadExtVar

, other: &'a QuadExtVar

| { + this.c0 -= &other.c0; + this.c1 -= &other.c1; }, - |this: &'a QuadExtVar

, other: QuadExtField

| { - this - QuadExtVar::constant(other) + |this: &mut QuadExtVar

, other: QuadExtField

| { + *this = &*this - QuadExtVar::constant(other); }, (P: QuadExtVarParams), - P::BaseField: FieldExt, - for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> + P::BaseField: FieldWithVar, ); impl_bounded_ops!( QuadExtVar

, @@ -348,7 +339,7 @@ impl_bounded_ops!( mul, MulAssign, mul_assign, - |this: &'a QuadExtVar

, other: &'a QuadExtVar

| { + |this: &mut QuadExtVar

, other: &'a QuadExtVar

| { // Karatsuba multiplication for Fp2: // v0 = A.c0 * B.c0 // v1 = A.c1 * B.c1 @@ -361,29 +352,26 @@ impl_bounded_ops!( // Reference: // "Multiplication and Squaring on Pairing-Friendly Fields" // Devegili, OhEigeartaigh, Scott, Dahab - let mut result = this.clone(); - let v0 = &this.c0 * &other.c0; - let v1 = &this.c1 * &other.c1; - - result.c1 += &this.c0; - result.c1 *= &other.c0 + &other.c1; - result.c1 -= &v0; - result.c1 -= &v1; - result.c0 = v0 + &QuadExtVar::

::mul_base_field_by_nonresidue(&v1).unwrap(); - result + let this_copy = this.clone(); + let v0 = this_copy.c0 * &other.c0; + let v1 = this_copy.c1 * &other.c1; + + this.c1 += &this.c0; + this.c1 *= &(other.c0.clone() + &other.c1); + this.c1 -= &v0; + this.c1 -= &v1; + this.c0 = v0 + &QuadExtVar::

::mul_base_field_by_nonresidue(&v1).unwrap(); }, - |this: &'a QuadExtVar

, other: QuadExtField

| { - this * QuadExtVar::constant(other) + |this: &mut QuadExtVar

, other: QuadExtField

| { + *this = QuadExtVar::constant(other) * &*this; }, (P: QuadExtVarParams), - P::BaseField: FieldExt, - for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> + P::BaseField: FieldWithVar, ); impl

EqGadget for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, P: QuadExtVarParams, { #[tracing::instrument(target = "r1cs")] @@ -421,8 +409,7 @@ where impl ToBitsGadget for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] fn to_bits_le(&self) -> Result>, SynthesisError> { @@ -443,8 +430,7 @@ where impl ToBytesGadget for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -465,8 +451,7 @@ where impl ToConstraintFieldGadget for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, BFVar

: ToConstraintFieldGadget, { #[tracing::instrument(target = "r1cs")] @@ -482,8 +467,7 @@ where impl CondSelectGadget for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { #[inline] fn conditionally_select( @@ -491,16 +475,16 @@ where true_value: &Self, false_value: &Self, ) -> Result { - let c0 = BFVar::conditionally_select(cond, &true_value.c0, &false_value.c0)?; - let c1 = BFVar::conditionally_select(cond, &true_value.c1, &false_value.c1)?; + let c0 = BFVar::

::conditionally_select(cond, &true_value.c0, &false_value.c0)?; + let c1 = BFVar::

::conditionally_select(cond, &true_value.c1, &false_value.c1)?; Ok(Self::new(c0, c1)) } } impl TwoBitLookupGadget for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, + BFVar

: TwoBitLookupGadget, { type TableConstant = QuadExtField

; @@ -511,16 +495,16 @@ where ) -> Result { let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = BFVar::two_bit_lookup(b, &c0s)?; - let c1 = BFVar::two_bit_lookup(b, &c1s)?; + let c0 = BFVar::

::two_bit_lookup(b, &c0s)?; + let c1 = BFVar::

::two_bit_lookup(b, &c1s)?; Ok(Self::new(c0, c1)) } } impl ThreeBitCondNegLookupGadget for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, + BFVar

: ThreeBitCondNegLookupGadget, { type TableConstant = QuadExtField

; @@ -532,17 +516,15 @@ where ) -> Result { let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; - let c1 = BFVar::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; + let c0 = BFVar::

::three_bit_cond_neg_lookup(b, b0b1, &c0s)?; + let c1 = BFVar::

::three_bit_cond_neg_lookup(b, b0b1, &c1s)?; Ok(Self::new(c0, c1)) } } - impl AllocVar, P::BasePrimeField> for QuadExtVar

where - P::BaseField: FieldExt, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + P::BaseField: FieldWithVar, { fn new_variable>>( cs: impl Into>, @@ -559,8 +541,32 @@ where ), }; - let c0 = BFVar::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; - let c1 = BFVar::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; + let c0 = BFVar::

::new_variable(ark_relations::ns!(cs, "c0"), || c0, mode)?; + let c1 = BFVar::

::new_variable(ark_relations::ns!(cs, "c1"), || c1, mode)?; Ok(Self::new(c0, c1)) } } + +impl<'a, P: QuadExtVarParams> Sum<&'a QuadExtVar

> for QuadExtVar

+where + P::BaseField: FieldWithVar, +{ + fn sum>(iter: I) -> Self { + let (c0_s, c1_s): (Vec<_>, Vec<_>) = iter.map(|v| (&v.c0, &v.c1)).unzip(); + let c0 = c0_s.into_iter().sum::>(); + let c1 = c1_s.into_iter().sum::>(); + Self::new(c0, c1) + } +} + +impl<'a, P: QuadExtVarParams> Sum> for QuadExtVar

+where + P::BaseField: FieldWithVar, +{ + fn sum>(iter: I) -> Self { + let (c0_s, c1_s): (Vec<_>, Vec<_>) = iter.map(|v| (v.c0, v.c1)).unzip(); + let c0 = c0_s.iter().sum::>(); + let c1 = c1_s.iter().sum::>(); + Self::new(c0, c1) + } +} From 66e90730bb13e08443792acb811a8cb781a6e949 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 5 Aug 2021 22:14:19 -0700 Subject: [PATCH 03/26] Get groups to compile --- .../curves/short_weierstrass/bls12/mod.rs | 70 +++-- .../curves/short_weierstrass/mnt4/mod.rs | 133 +++++++--- .../curves/short_weierstrass/mnt6/mod.rs | 124 ++++++--- src/groups/curves/short_weierstrass/mod.rs | 157 ++++++------ .../short_weierstrass/non_zero_affine.rs | 34 ++- src/groups/curves/twisted_edwards/mod.rs | 242 +++++++++--------- src/groups/mod.rs | 4 + 7 files changed, 472 insertions(+), 292 deletions(-) diff --git a/src/groups/curves/short_weierstrass/bls12/mod.rs b/src/groups/curves/short_weierstrass/bls12/mod.rs index 9563c050..9ac314c7 100644 --- a/src/groups/curves/short_weierstrass/bls12/mod.rs +++ b/src/groups/curves/short_weierstrass/bls12/mod.rs @@ -6,36 +6,44 @@ use ark_ff::{BitIteratorBE, Field, One}; use ark_relations::r1cs::{Namespace, SynthesisError}; use crate::{ - fields::{fp::FpVar, fp2::Fp2Var, FieldVar}, + fields::{fp2::Fp2Var, FieldVar}, groups::curves::short_weierstrass::*, Vec, }; use core::fmt::Debug; +type FpVar

= <

::Fp as FieldWithVar>::Var; + /// Represents a projective point in G1. -pub type G1Var

= - ProjectiveVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1Var

= ProjectiveVar<

::G1Parameters>; /// Represents an affine point on G1. Should be used only for comparison and /// when a canonical representation of a point is required, and not for /// arithmetic. -pub type G1AffineVar

= - AffineVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1AffineVar

= AffineVar<

::G1Parameters>; /// Represents a projective point in G2. -pub type G2Var

= ProjectiveVar<

::G2Parameters, Fp2G

>; +pub type G2Var

= ProjectiveVar<

::G2Parameters>; /// Represents an affine point on G2. Should be used only for comparison and /// when a canonical representation of a point is required, and not for /// arithmetic. -pub type G2AffineVar

= AffineVar<

::G2Parameters, Fp2G

>; +pub type G2AffineVar

= AffineVar<

::G2Parameters>; /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "G1Var

: Clone"), Debug(bound = "G1Var

: Debug"))] -pub struct G1PreparedVar(pub AffineVar>); +#[derivative( + Clone(bound = "P: Bls12Parameters, P::Fp: FieldWithVar"), + Debug(bound = "P: Bls12Parameters, P::Fp: FieldWithVar") +)] +pub struct G1PreparedVar(pub G1AffineVar

) +where + P::Fp: FieldWithVar; -impl G1PreparedVar

{ +impl G1PreparedVar

+where + P::Fp: FieldWithVar, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -53,7 +61,10 @@ impl G1PreparedVar

{ } } -impl AllocVar, P::Fp> for G1PreparedVar

{ +impl AllocVar, P::Fp> for G1PreparedVar

+where + P::Fp: FieldWithVar, +{ fn new_variable>>( cs: impl Into>, f: impl FnOnce() -> Result, @@ -63,19 +74,24 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ let cs = ns.cs(); let g1_prep = f().map(|b| b.borrow().0); - let x = FpVar::new_variable(ark_relations::ns!(cs, "x"), || g1_prep.map(|g| g.x), mode)?; - let y = FpVar::new_variable(ark_relations::ns!(cs, "y"), || g1_prep.map(|g| g.y), mode)?; + let x = + FpVar::

::new_variable(ark_relations::ns!(cs, "x"), || g1_prep.map(|g| g.x), mode)?; + let y = + FpVar::

::new_variable(ark_relations::ns!(cs, "y"), || g1_prep.map(|g| g.y), mode)?; let infinity = Boolean::new_variable( ark_relations::ns!(cs, "inf"), || g1_prep.map(|g| g.infinity), mode, )?; - let g = AffineVar::new(x, y, infinity); + let g = G1AffineVar::

::new(x, y, infinity); Ok(Self(g)) } } -impl ToBytesGadget for G1PreparedVar

{ +impl ToBytesGadget for G1PreparedVar

+where + P::Fp: FieldWithVar, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -104,15 +120,21 @@ type LCoeff

= (Fp2G

, Fp2G

); /// which enables speeding up pairing computation. #[derive(Derivative)] #[derivative( - Clone(bound = "Fp2Var: Clone"), - Debug(bound = "Fp2Var: Debug") + Clone(bound = "P::Fp: FieldWithVar"), + Debug(bound = "P::Fp: FieldWithVar") )] -pub struct G2PreparedVar { +pub struct G2PreparedVar +where + P::Fp: FieldWithVar, +{ #[doc(hidden)] pub ell_coeffs: Vec>, } -impl AllocVar, P::Fp> for G2PreparedVar

{ +impl AllocVar, P::Fp> for G2PreparedVar

+where + P::Fp: FieldWithVar, +{ #[tracing::instrument(target = "r1cs", skip(cs, f, mode))] fn new_variable>>( cs: impl Into>, @@ -170,7 +192,10 @@ impl AllocVar, P::Fp> for G2PreparedVar

{ } } -impl ToBytesGadget for G2PreparedVar

{ +impl ToBytesGadget for G2PreparedVar

+where + P::Fp: FieldWithVar, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -193,7 +218,10 @@ impl ToBytesGadget for G2PreparedVar

{ } } -impl G2PreparedVar

{ +impl G2PreparedVar

+where + P::Fp: FieldWithVar, +{ /// Constructs `Self` from a `G2Var`. #[tracing::instrument(target = "r1cs")] pub fn from_group_var(q: &G2Var

) -> Result { diff --git a/src/groups/curves/short_weierstrass/mnt4/mod.rs b/src/groups/curves/short_weierstrass/mnt4/mod.rs index bd0bdc6a..77bb5ec6 100644 --- a/src/groups/curves/short_weierstrass/mnt4/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt4/mod.rs @@ -6,26 +6,31 @@ use ark_ff::Field; use ark_relations::r1cs::{Namespace, SynthesisError}; use crate::{ - fields::{fp::FpVar, fp2::Fp2Var, FieldVar}, + fields::{fp::FpVar, fp2::Fp2Var, FieldVar, FieldWithVar}, groups::curves::short_weierstrass::ProjectiveVar, - pairing::mnt4::PairingVar, + pairing::mnt4::MNT4Gadget, prelude::*, Vec, }; use core::borrow::Borrow; /// Represents a projective point in G1. -pub type G1Var

= - ProjectiveVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1Var

= ProjectiveVar<

::G1Parameters>; /// Represents a projective point in G2. -pub type G2Var

= ProjectiveVar<

::G2Parameters, Fp2G

>; +pub type G2Var

= ProjectiveVar<

::G2Parameters>; /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct G1PreparedVar { +#[derivative( + Clone(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>"), + Debug(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>") +)] +pub struct G1PreparedVar +where + P::Fp: FieldWithVar>, +{ #[doc(hidden)] pub x: FpVar, #[doc(hidden)] @@ -36,7 +41,10 @@ pub struct G1PreparedVar { pub y_twist: Fp2Var, } -impl AllocVar, P::Fp> for G1PreparedVar

{ +impl AllocVar, P::Fp> for G1PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -48,8 +56,16 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ let g1_prep = f().map(|b| *b.borrow()); - let x = FpVar::new_variable(ark_relations::ns!(cs, "x"), || g1_prep.map(|g| g.x), mode)?; - let y = FpVar::new_variable(ark_relations::ns!(cs, "y"), || g1_prep.map(|g| g.y), mode)?; + let x = FpVar::::new_variable( + ark_relations::ns!(cs, "x"), + || g1_prep.map(|g| g.x), + mode, + )?; + let y = FpVar::::new_variable( + ark_relations::ns!(cs, "y"), + || g1_prep.map(|g| g.y), + mode, + )?; let x_twist = Fp2Var::new_variable( ark_relations::ns!(cs, "x_twist"), || g1_prep.map(|g| g.x_twist), @@ -69,7 +85,10 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ } } -impl G1PreparedVar

{ +impl G1PreparedVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -91,8 +110,8 @@ impl G1PreparedVar

{ #[tracing::instrument(target = "r1cs")] pub fn from_group_var(q: &G1Var

) -> Result { let q = q.to_affine()?; - let x_twist = Fp2Var::new(&q.x * P::TWIST.c0, &q.x * P::TWIST.c1); - let y_twist = Fp2Var::new(&q.y * P::TWIST.c0, &q.y * P::TWIST.c1); + let x_twist = Fp2Var::new(q.x.clone() * P::TWIST.c0, q.x.clone() * P::TWIST.c1); + let y_twist = Fp2Var::new(q.y.clone() * P::TWIST.c0, q.y.clone() * P::TWIST.c1); Ok(G1PreparedVar { x: q.x, y: q.y, @@ -102,7 +121,10 @@ impl G1PreparedVar

{ } } -impl ToBytesGadget for G1PreparedVar

{ +impl ToBytesGadget for G1PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -136,8 +158,14 @@ type Fp2G

= Fp2Var<

::Fp2Params>; /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct G2PreparedVar { +#[derivative( + Clone(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>"), + Debug(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>") +)] +pub struct G2PreparedVar +where + P::Fp: FieldWithVar>, +{ #[doc(hidden)] pub x: Fp2Var, #[doc(hidden)] @@ -152,7 +180,10 @@ pub struct G2PreparedVar { pub addition_coefficients: Vec>, } -impl AllocVar, P::Fp> for G2PreparedVar

{ +impl AllocVar, P::Fp> for G2PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -198,7 +229,10 @@ impl AllocVar, P::Fp> for G2PreparedVar

{ } } -impl ToBytesGadget for G2PreparedVar

{ +impl ToBytesGadget for G2PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -241,7 +275,10 @@ impl ToBytesGadget for G2PreparedVar

{ } } -impl G2PreparedVar

{ +impl G2PreparedVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -304,12 +341,12 @@ impl G2PreparedVar

{ } for bit in v.iter().rev() { - let (r2, coeff) = PairingVar::

::doubling_step_for_flipped_miller_loop(&r)?; + let (r2, coeff) = MNT4Gadget::

::doubling_step_for_flipped_miller_loop(&r)?; g2p.double_coefficients.push(coeff); r = r2; if *bit { - let (r2, coeff) = PairingVar::

::mixed_addition_step_for_flipped_miller_loop( + let (r2, coeff) = MNT4Gadget::

::mixed_addition_step_for_flipped_miller_loop( &q.x, &q.y, &r, )?; g2p.addition_coefficients.push(coeff); @@ -328,7 +365,7 @@ impl G2PreparedVar

{ let minus_r_affine_x = &r.x * &rz2_inv; let minus_r_affine_y = r.y.negate()? * &rz3_inv; - let add_result = PairingVar::

::mixed_addition_step_for_flipped_miller_loop( + let add_result = MNT4Gadget::

::mixed_addition_step_for_flipped_miller_loop( &minus_r_affine_x, &minus_r_affine_y, &r, @@ -342,15 +379,24 @@ impl G2PreparedVar

{ #[doc(hidden)] #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct AteDoubleCoefficientsVar { +#[derivative( + Clone(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>"), + Debug(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>") +)] +pub struct AteDoubleCoefficientsVar +where + P::Fp: FieldWithVar>, +{ pub c_h: Fp2Var, pub c_4c: Fp2Var, pub c_j: Fp2Var, pub c_l: Fp2Var, } -impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

{ +impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -377,7 +423,10 @@ impl AllocVar, P::Fp> for AteDoubleC } } -impl ToBytesGadget for AteDoubleCoefficientsVar

{ +impl ToBytesGadget for AteDoubleCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -406,7 +455,10 @@ impl ToBytesGadget for AteDoubleCoefficientsVar

{ } } -impl AteDoubleCoefficientsVar

{ +impl AteDoubleCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -427,14 +479,22 @@ impl AteDoubleCoefficientsVar

{ #[doc(hidden)] #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct AteAdditionCoefficientsVar { +#[derivative( + Clone(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>"), + Debug(bound = "P: MNT4Parameters, P::Fp: FieldWithVar>") +)] +pub struct AteAdditionCoefficientsVar +where + P::Fp: FieldWithVar>, +{ pub c_l1: Fp2Var, pub c_rz: Fp2Var, } impl AllocVar, P::Fp> for AteAdditionCoefficientsVar

+where + P::Fp: FieldWithVar>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -456,7 +516,10 @@ impl AllocVar, P::Fp> } } -impl ToBytesGadget for AteAdditionCoefficientsVar

{ +impl ToBytesGadget for AteAdditionCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -477,7 +540,10 @@ impl ToBytesGadget for AteAdditionCoefficientsVar

{ } } -impl AteAdditionCoefficientsVar

{ +impl AteAdditionCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -487,7 +553,10 @@ impl AteAdditionCoefficientsVar

{ } #[doc(hidden)] -pub struct G2ProjectiveExtendedVar { +pub struct G2ProjectiveExtendedVar +where + P::Fp: FieldWithVar>, +{ pub x: Fp2Var, pub y: Fp2Var, pub z: Fp2Var, diff --git a/src/groups/curves/short_weierstrass/mnt6/mod.rs b/src/groups/curves/short_weierstrass/mnt6/mod.rs index 8234230a..0b989bb3 100644 --- a/src/groups/curves/short_weierstrass/mnt6/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt6/mod.rs @@ -6,26 +6,31 @@ use ark_ff::Field; use ark_relations::r1cs::{Namespace, SynthesisError}; use crate::{ - fields::{fp::FpVar, fp3::Fp3Var, FieldVar}, + fields::{fp::FpVar, fp3::Fp3Var, FieldVar, FieldWithVar}, groups::curves::short_weierstrass::ProjectiveVar, - pairing::mnt6::PairingVar, + pairing::mnt6::MNT6Gadget, prelude::*, Vec, }; use core::borrow::Borrow; /// Represents a projective point in G1. -pub type G1Var

= - ProjectiveVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1Var

= ProjectiveVar<

::G1Parameters>; /// Represents a projective point in G2. -pub type G2Var

= ProjectiveVar<

::G2Parameters, Fp3G

>; +pub type G2Var

= ProjectiveVar<

::G2Parameters>; /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct G1PreparedVar { +#[derivative( + Clone(bound = "P: MNT6Parameters, P::Fp: FieldWithVar>"), + Debug(bound = "P: MNT6Parameters, P::Fp: FieldWithVar>") +)] +pub struct G1PreparedVar +where + P::Fp: FieldWithVar>, +{ #[doc(hidden)] pub x: FpVar, #[doc(hidden)] @@ -36,7 +41,10 @@ pub struct G1PreparedVar { pub y_twist: Fp3Var, } -impl G1PreparedVar

{ +impl G1PreparedVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -69,7 +77,10 @@ impl G1PreparedVar

{ } } -impl AllocVar, P::Fp> for G1PreparedVar

{ +impl AllocVar, P::Fp> for G1PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -81,8 +92,16 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ let g1_prep = f().map(|b| *b.borrow()); - let x = FpVar::new_variable(ark_relations::ns!(cs, "x"), || g1_prep.map(|g| g.x), mode)?; - let y = FpVar::new_variable(ark_relations::ns!(cs, "y"), || g1_prep.map(|g| g.y), mode)?; + let x = FpVar::::new_variable( + ark_relations::ns!(cs, "x"), + || g1_prep.map(|g| g.x), + mode, + )?; + let y = FpVar::::new_variable( + ark_relations::ns!(cs, "y"), + || g1_prep.map(|g| g.y), + mode, + )?; let x_twist = Fp3Var::new_variable( ark_relations::ns!(cs, "x_twist"), || g1_prep.map(|g| g.x_twist), @@ -102,7 +121,10 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ } } -impl ToBytesGadget for G1PreparedVar

{ +impl ToBytesGadget for G1PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -136,8 +158,14 @@ type Fp3G

= Fp3Var<

::Fp3Params>; /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct G2PreparedVar { +#[derivative( + Clone(bound = "P: MNT6Parameters, P::Fp: FieldWithVar>"), + Debug(bound = "P: MNT6Parameters, P::Fp: FieldWithVar>") +)] +pub struct G2PreparedVar +where + P::Fp: FieldWithVar>, +{ #[doc(hidden)] pub x: Fp3Var, #[doc(hidden)] @@ -152,7 +180,10 @@ pub struct G2PreparedVar { pub addition_coefficients: Vec>, } -impl AllocVar, P::Fp> for G2PreparedVar

{ +impl AllocVar, P::Fp> for G2PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -198,7 +229,10 @@ impl AllocVar, P::Fp> for G2PreparedVar

{ } } -impl ToBytesGadget for G2PreparedVar

{ +impl ToBytesGadget for G2PreparedVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -241,7 +275,10 @@ impl ToBytesGadget for G2PreparedVar

{ } } -impl G2PreparedVar

{ +impl G2PreparedVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -304,12 +341,12 @@ impl G2PreparedVar

{ } for bit in v.iter().rev() { - let (r2, coeff) = PairingVar::

::doubling_step_for_flipped_miller_loop(&r)?; + let (r2, coeff) = MNT6Gadget::

::doubling_step_for_flipped_miller_loop(&r)?; g2p.double_coefficients.push(coeff); r = r2; if *bit { - let (r2, coeff) = PairingVar::

::mixed_addition_step_for_flipped_miller_loop( + let (r2, coeff) = MNT6Gadget::

::mixed_addition_step_for_flipped_miller_loop( &q.x, &q.y, &r, )?; g2p.addition_coefficients.push(coeff); @@ -328,7 +365,7 @@ impl G2PreparedVar

{ let minus_r_affine_x = &r.x * &rz2_inv; let minus_r_affine_y = r.y.negate()? * &rz3_inv; - let add_result = PairingVar::

::mixed_addition_step_for_flipped_miller_loop( + let add_result = MNT6Gadget::

::mixed_addition_step_for_flipped_miller_loop( &minus_r_affine_x, &minus_r_affine_y, &r, @@ -342,15 +379,24 @@ impl G2PreparedVar

{ #[doc(hidden)] #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct AteDoubleCoefficientsVar { +#[derivative( + Clone(bound = "P: MNT6Parameters, P::Fp: FieldWithVar>"), + Debug(bound = "P: MNT6Parameters, P::Fp: FieldWithVar>") +)] +pub struct AteDoubleCoefficientsVar +where + P::Fp: FieldWithVar>, +{ pub c_h: Fp3Var, pub c_4c: Fp3Var, pub c_j: Fp3Var, pub c_l: Fp3Var, } -impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

{ +impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -377,7 +423,10 @@ impl AllocVar, P::Fp> for AteDoubleC } } -impl ToBytesGadget for AteDoubleCoefficientsVar

{ +impl ToBytesGadget for AteDoubleCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -406,7 +455,10 @@ impl ToBytesGadget for AteDoubleCoefficientsVar

{ } } -impl AteDoubleCoefficientsVar

{ +impl AteDoubleCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -426,13 +478,18 @@ impl AteDoubleCoefficientsVar

{ #[doc(hidden)] #[derive(Derivative)] #[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct AteAdditionCoefficientsVar { +pub struct AteAdditionCoefficientsVar +where + P::Fp: FieldWithVar>, +{ pub c_l1: Fp3Var, pub c_rz: Fp3Var, } impl AllocVar, P::Fp> for AteAdditionCoefficientsVar

+where + P::Fp: FieldWithVar>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -454,7 +511,10 @@ impl AllocVar, P::Fp> } } -impl ToBytesGadget for AteAdditionCoefficientsVar

{ +impl ToBytesGadget for AteAdditionCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -475,7 +535,10 @@ impl ToBytesGadget for AteAdditionCoefficientsVar

{ } } -impl AteAdditionCoefficientsVar

{ +impl AteAdditionCoefficientsVar

+where + P::Fp: FieldWithVar>, +{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -486,7 +549,10 @@ impl AteAdditionCoefficientsVar

{ } #[doc(hidden)] -pub struct G2ProjectiveExtendedVar { +pub struct G2ProjectiveExtendedVar +where + P::Fp: FieldWithVar>, +{ pub x: Fp3Var, pub y: Fp3Var, pub z: Fp3Var, diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 7c315256..5b8e4dd2 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -1,32 +1,37 @@ use ark_ec::{ short_weierstrass_jacobian::{GroupAffine as SWAffine, GroupProjective as SWProjective}, - AffineCurve, ProjectiveCurve, SWModelParameters, ModelParameters + AffineCurve, ModelParameters, ProjectiveCurve, SWModelParameters, }; use ark_ff::{BigInteger, BitIteratorBE, Field, One, PrimeField, Zero}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; use core::{borrow::Borrow, marker::PhantomData}; use non_zero_affine::NonZeroAffineVar; -use crate::{fields::{FieldExt, fp::FpVar}, prelude::*, ToConstraintFieldGadget, Vec}; +use crate::{ + fields::{fp::FpVar, FieldWithVar}, + prelude::*, + ToConstraintFieldGadget, Vec, +}; /// This module provides a generic implementation of G1 and G2 for /// the [\[BLS12]\]() family of bilinear groups. -// pub mod bls12; +pub mod bls12; /// This module provides a generic implementation of G1 and G2 for /// the [\[MNT4]\]() /// family of bilinear groups. -// pub mod mnt4; +pub mod mnt4; + /// This module provides a generic implementation of G1 and G2 for /// the [\[MNT6]\]() /// family of bilinear groups. -// pub mod mnt6; +pub mod mnt6; mod non_zero_affine; type BF

=

::BaseField; type CF

= as Field>::BasePrimeField; -type BFVar

= as FieldExt>::Var; +type BFVar

= as FieldWithVar>::Var; /// An implementation of arithmetic for Short Weierstrass curves that relies on /// the complete formulae derived in the paper of @@ -34,12 +39,12 @@ type BFVar

= as FieldExt>::Var; #[derive(Derivative)] #[derivative( Debug(bound = "P: SWModelParameters"), - Clone(bound = "P: SWModelParameters"), + Clone(bound = "P: SWModelParameters") )] #[must_use] -pub struct ProjectiveVar -where - BF

: FieldExt +pub struct ProjectiveVar +where + BF

: FieldWithVar, { /// The x-coordinate. pub x: BFVar

, @@ -53,11 +58,14 @@ where /// An affine representation of a curve point. #[derive(Derivative)] -#[derivative(Debug, Clone)] +#[derivative( + Debug(bound = "P: SWModelParameters, BF

: FieldWithVar"), + Clone(bound = "P: SWModelParameters, BF

: FieldWithVar") +)] #[must_use] -pub struct AffineVar +pub struct AffineVar where - BF

: FieldExt + BF

: FieldWithVar, { /// The x-coordinate. pub x: BFVar

, @@ -71,8 +79,7 @@ where impl AffineVar

where - BF

: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BF

: FieldWithVar, { fn new(x: BFVar

, y: BFVar

, infinity: Boolean>) -> Self { Self { @@ -96,14 +103,11 @@ where impl

ToConstraintFieldGadget> for AffineVar

where - BF

: FieldExt, + BF

: FieldWithVar, P: SWModelParameters, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, BFVar

: ToConstraintFieldGadget>, { - fn to_constraint_field( - &self, - ) -> Result>>, SynthesisError> { + fn to_constraint_field(&self) -> Result>>, SynthesisError> { let mut res = Vec::>>::new(); res.extend_from_slice(&self.x.to_constraint_field()?); @@ -117,8 +121,7 @@ where impl

R1CSVar> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BF

: FieldWithVar, { type Value = SWProjective

; @@ -137,10 +140,9 @@ where } } -impl ProjectiveVar

+impl ProjectiveVar

where - BF

: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BF

: FieldWithVar, { /// Constructs `Self` from an `(x, y, z)` coordinate triple. pub fn new(x: BFVar

, y: BFVar

, z: BFVar

) -> Self { @@ -152,6 +154,10 @@ where } } + fn is_zero(&self) -> Result>, SynthesisError> { + self.z.is_zero() + } + /// Convert this point into affine form. #[tracing::instrument(target = "r1cs")] pub fn to_affine(&self) -> Result, SynthesisError> { @@ -178,8 +184,8 @@ where // Thus, `z_inv * self.z = !self.is_zero()`. z_inv.mul_equals(&self.z, &BFVar::

::from(infinity.not()))?; - let non_zero_x = &self.x * &z_inv; - let non_zero_y = &self.y * &z_inv; + let non_zero_x = z_inv.clone() * &self.x; + let non_zero_y = z_inv * &self.y; let x = infinity.select(&zero_x, &non_zero_x)?; let y = infinity.select(&zero_y, &non_zero_y)?; @@ -226,7 +232,13 @@ where Ok(Self::new(x, y, z)) } +} +impl ProjectiveVar

+where + BF

: FieldWithVar, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, +{ /// Mixed addition, which is useful when `other = (x2, y2)` is known to have z = 1. #[tracing::instrument(target = "r1cs", skip(self, other))] pub(crate) fn add_mixed(&self, other: &NonZeroAffineVar

) -> Result { @@ -358,7 +370,7 @@ where impl

CurveVar, CF

> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(g: SWProjective

) -> Self { @@ -553,13 +565,11 @@ where impl

ToConstraintFieldGadget> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BF

: FieldWithVar, BFVar

: ToConstraintFieldGadget>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { - fn to_constraint_field( - &self, - ) -> Result>>, SynthesisError> { + fn to_constraint_field(&self) -> Result>>, SynthesisError> { self.to_affine()?.to_constraint_field() } } @@ -567,7 +577,7 @@ where fn mul_by_coeff_a(f: &BFVar

) -> BFVar

where for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, - BF

: FieldExt, + BF

: FieldWithVar, { if !P::COEFF_A.is_zero() { f * P::COEFF_A @@ -583,28 +593,31 @@ impl_bounded_ops!( add, AddAssign, add_assign, - |mut this: &'a ProjectiveVar

, mut other: &'a ProjectiveVar

| { + |this: &mut ProjectiveVar

, other: &'a ProjectiveVar

| { // Implement complete addition for Short Weierstrass curves, following // the complete addition formula from Renes-Costello-Batina 2015 // (https://eprint.iacr.org/2015/1060). // // We special case handling of constants to get better constraint weight. if this.is_constant() { - // we'll just act like `other` is constant. - core::mem::swap(&mut this, &mut other); + // The value should exist because `other` is a constant. + let this_val = this.value().unwrap(); + if !this_val.is_zero() { + // We'll use mixed addition to add non-zero constants. + let x = BFVar::

::constant(this_val.x); + let y = BFVar::

::constant(this_val.y); + *this = other.add_mixed(&NonZeroAffineVar::new(x, y)).unwrap() + } } if other.is_constant() { // The value should exist because `other` is a constant. let other = other.value().unwrap(); - if other.is_zero() { - // this + 0 = this - this.clone() - } else { + if !other.is_zero() { // We'll use mixed addition to add non-zero constants. let x = BFVar::

::constant(other.x); let y = BFVar::

::constant(other.y); - this.add_mixed(&NonZeroAffineVar::new(x, y)).unwrap() + *this = this.add_mixed(&NonZeroAffineVar::new(x, y)).unwrap() } } else { // Complete addition formula from Renes-Costello-Batina 2015 @@ -639,20 +652,18 @@ impl_bounded_ops!( let bxz3 = &xz_pairs * three_b; // 28 let b3_xz_pairs = mul_by_coeff_a::

(&(&xx - &azz)) + &bxz3; // 30, 31, 32 - let x = (&yy_m_bzz3 * &xy_pairs) - &yz_pairs * &b3_xz_pairs; // 35, 39, 40 - let y = (&yy_p_bzz3 * &yy_m_bzz3) + &xx3_p_azz * b3_xz_pairs; // 24, 36, 37, 38 - let z = (&yy_p_bzz3 * &yz_pairs) + xy_pairs * xx3_p_azz; // 41, 42, 43 - - ProjectiveVar::new(x, y, z) + this.x = (&yy_m_bzz3 * &xy_pairs) - &yz_pairs * &b3_xz_pairs; // 35, 39, 40 + this.y = (&yy_p_bzz3 * &yy_m_bzz3) + &xx3_p_azz * b3_xz_pairs; // 24, 36, 37, 38 + this.z = (yy_p_bzz3 * &yz_pairs) + xy_pairs * xx3_p_azz; // 41, 42, 43 } }, - |this: &'a ProjectiveVar

, other: SWProjective

| { - this + ProjectiveVar::constant(other) + |this: &mut ProjectiveVar

, other: SWProjective

| { + *this = &*this + ProjectiveVar::constant(other) }, (P: SWModelParameters), for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, - BF

: FieldExt, + BF

: FieldWithVar, ); impl_bounded_ops!( @@ -662,17 +673,17 @@ impl_bounded_ops!( sub, SubAssign, sub_assign, - |this: &'a ProjectiveVar

, other: &'a ProjectiveVar

| this + other.negate().unwrap(), - |this: &'a ProjectiveVar

, other: SWProjective

| this - ProjectiveVar::constant(other), + |this: &mut ProjectiveVar

, other: &'a ProjectiveVar

| *this += other.negate().unwrap(), + |this: &mut ProjectiveVar

, other: SWProjective

| *this = &*this - ProjectiveVar::constant(other), (P: SWModelParameters), for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, - BF

: FieldExt, + BF

: FieldWithVar, ); impl<'a, P> GroupOpsBounds<'a, SWProjective

, ProjectiveVar

> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -680,7 +691,7 @@ where impl<'a, P> GroupOpsBounds<'a, SWProjective

, ProjectiveVar

> for &'a ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -688,7 +699,7 @@ where impl

CondSelectGadget> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[inline] @@ -709,14 +720,11 @@ where impl

EqGadget> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] - fn is_eq( - &self, - other: &Self, - ) -> Result>, SynthesisError> { + fn is_eq(&self, other: &Self) -> Result>, SynthesisError> { let x_equal = (&self.x * &other.z).is_eq(&(&other.x * &self.z))?; let y_equal = (&self.y * &other.z).is_eq(&(&other.y * &self.z))?; let coordinates_equal = x_equal.and(&y_equal)?; @@ -758,7 +766,7 @@ where impl

AllocVar, CF

> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn new_variable>>( @@ -770,11 +778,10 @@ where } } -impl

AllocVar, CF

> - for ProjectiveVar

+impl

AllocVar, CF

> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn new_variable>>( @@ -885,13 +892,11 @@ fn div2(limbs: &mut [u64]) { impl

ToBitsGadget> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] - fn to_bits_le( - &self, - ) -> Result>>, SynthesisError> { + fn to_bits_le(&self) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bits = g.x.to_bits_le()?; let y_bits = g.y.to_bits_le()?; @@ -901,9 +906,7 @@ where } #[tracing::instrument(target = "r1cs")] - fn to_non_unique_bits_le( - &self, - ) -> Result>>, SynthesisError> { + fn to_non_unique_bits_le(&self) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bits = g.x.to_non_unique_bits_le()?; let y_bits = g.y.to_non_unique_bits_le()?; @@ -916,13 +919,11 @@ where impl

ToBytesGadget> for ProjectiveVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] - fn to_bytes( - &self, - ) -> Result>>, SynthesisError> { + fn to_bytes(&self) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bytes = g.x.to_bytes()?; let y_bytes = g.y.to_bytes()?; @@ -933,9 +934,7 @@ where } #[tracing::instrument(target = "r1cs")] - fn to_non_unique_bytes( - &self, - ) -> Result>>, SynthesisError> { + fn to_non_unique_bytes(&self) -> Result>>, SynthesisError> { let g = self.to_affine()?; let mut bytes = g.x.to_non_unique_bytes()?; let y_bytes = g.y.to_non_unique_bytes()?; diff --git a/src/groups/curves/short_weierstrass/non_zero_affine.rs b/src/groups/curves/short_weierstrass/non_zero_affine.rs index b25876d9..c9283a8a 100644 --- a/src/groups/curves/short_weierstrass/non_zero_affine.rs +++ b/src/groups/curves/short_weierstrass/non_zero_affine.rs @@ -5,13 +5,12 @@ use super::*; #[derive(Derivative)] #[derivative( Debug(bound = "P: SWModelParameters"), - Clone(bound = "P: SWModelParameters"), + Clone(bound = "P: SWModelParameters") )] #[must_use] pub struct NonZeroAffineVar - where - BF

: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, +where + BF

: FieldWithVar, { /// The x-coordinate. pub x: BFVar

, @@ -24,9 +23,8 @@ pub struct NonZeroAffineVar impl

NonZeroAffineVar

where P: SWModelParameters, - BF

: FieldExt, + BF

: FieldWithVar, BFVar

: FieldVar>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { pub(crate) fn new(x: BFVar

, y: BFVar

) -> Self { Self { @@ -41,14 +39,25 @@ where pub(crate) fn into_projective(&self) -> ProjectiveVar

{ ProjectiveVar::new(self.x.clone(), self.y.clone(), BFVar::

::one()) } +} +impl

NonZeroAffineVar

+where + P: SWModelParameters, + BF

: FieldWithVar, + BFVar

: FieldVar>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, +{ /// Performs an addition without checking that other != ±self. #[tracing::instrument(target = "r1cs", skip(self, other))] pub(crate) fn add_unchecked(&self, other: &Self) -> Result { if [self, other].is_constant() { let result = (self.value()?.into_projective() + other.value()?.into_projective()).into_affine(); - Ok(Self::new(BFVar::

::constant(result.x), BFVar::

::constant(result.y))) + Ok(Self::new( + BFVar::

::constant(result.x), + BFVar::

::constant(result.y), + )) } else { let (x1, y1) = (&self.x, &self.y); let (x2, y2) = (&other.x, &other.y); @@ -75,7 +84,10 @@ where let result = self.value()?.into_projective().double().into_affine(); // Panic if the result is zero. assert!(!result.is_zero()); - Ok(Self::new(BFVar::

::constant(result.x), BFVar::

::constant(result.y))) + Ok(Self::new( + BFVar::

::constant(result.x), + BFVar::

::constant(result.y), + )) } else { let (x1, y1) = (&self.x, &self.y); let x1_sqr = x1.square()?; @@ -138,8 +150,7 @@ where impl

R1CSVar> for NonZeroAffineVar

where P: SWModelParameters, - BF

: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BF

: FieldWithVar, { type Value = SWAffine

; @@ -155,8 +166,7 @@ where impl

CondSelectGadget> for NonZeroAffineVar

where P: SWModelParameters, - BF

: FieldExt, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BF

: FieldWithVar, { #[inline] #[tracing::instrument(target = "r1cs")] diff --git a/src/groups/curves/twisted_edwards/mod.rs b/src/groups/curves/twisted_edwards/mod.rs index aed8f825..6614c25f 100644 --- a/src/groups/curves/twisted_edwards/mod.rs +++ b/src/groups/curves/twisted_edwards/mod.rs @@ -1,16 +1,18 @@ use ark_ec::{ twisted_edwards_extended::{GroupAffine as TEAffine, GroupProjective as TEProjective}, - AffineCurve, MontgomeryModelParameters, ProjectiveCurve, TEModelParameters, + AffineCurve, ModelParameters, MontgomeryModelParameters, ProjectiveCurve, TEModelParameters, }; use ark_ff::{BigInteger, BitIteratorBE, Field, One, PrimeField, Zero}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; -use crate::{prelude::*, ToConstraintFieldGadget, Vec}; +use crate::{fields::FieldWithVar, prelude::*, ToConstraintFieldGadget, Vec}; use crate::fields::fp::FpVar; use core::{borrow::Borrow, marker::PhantomData}; +type BFVar

= <

::BaseField as FieldWithVar>::Var; + /// An implementation of arithmetic for Montgomery curves that relies on /// incomplete addition formulae for the affine model, as outlined in the /// [EFD](https://www.hyperelliptic.org/EFD/g1p/auto-montgom.html). @@ -18,18 +20,19 @@ use core::{borrow::Borrow, marker::PhantomData}; /// This is intended for use primarily for implementing efficient /// multi-scalar-multiplication in the Bowe-Hopwood-Pedersen hash. #[derive(Derivative)] -#[derivative(Debug, Clone)] +#[derivative( + Debug(bound = "P: TEModelParameters, P::BaseField: FieldWithVar"), + Clone(bound = "P: TEModelParameters, P::BaseField: FieldWithVar") +)] #[must_use] -pub struct MontgomeryAffineVar< - P: TEModelParameters, - F: FieldVar::BasePrimeField>, -> where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, +pub struct MontgomeryAffineVar +where + P::BaseField: FieldWithVar, { /// The x-coordinate. - pub x: F, + pub x: BFVar

, /// The y-coordinate. - pub y: F, + pub y: BFVar

, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -40,11 +43,10 @@ mod montgomery_affine_impl { use ark_ff::Field; use core::ops::Add; - impl R1CSVar<::BasePrimeField> for MontgomeryAffineVar + impl

R1CSVar<::BasePrimeField> for MontgomeryAffineVar

where + P::BaseField: FieldWithVar, P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, { type Value = (P::BaseField, P::BaseField); @@ -59,15 +61,12 @@ mod montgomery_affine_impl { } } - impl< - P: TEModelParameters, - F: FieldVar::BasePrimeField>, - > MontgomeryAffineVar + impl MontgomeryAffineVar

where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + P::BaseField: FieldWithVar, { /// Constructs `Self` from an `(x, y)` coordinate pair. - pub fn new(x: F, y: F) -> Self { + pub fn new(x: BFVar

, y: BFVar

) -> Self { Self { x, y, @@ -103,14 +102,22 @@ mod montgomery_affine_impl { p: &TEAffine

, ) -> Result { let montgomery_coords = Self::from_edwards_to_coords(p)?; - let u = F::new_witness(ark_relations::ns!(cs, "u"), || Ok(montgomery_coords.0))?; - let v = F::new_witness(ark_relations::ns!(cs, "v"), || Ok(montgomery_coords.1))?; + let u = + BFVar::

::new_witness(ark_relations::ns!(cs, "u"), || Ok(montgomery_coords.0))?; + let v = + BFVar::

::new_witness(ark_relations::ns!(cs, "v"), || Ok(montgomery_coords.1))?; Ok(Self::new(u, v)) } + } + impl MontgomeryAffineVar

+ where + P::BaseField: FieldWithVar, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, + { /// Converts `self` into a Twisted Edwards curve point variable. #[tracing::instrument(target = "r1cs")] - pub fn into_edwards(&self) -> Result, SynthesisError> { + pub fn into_edwards(&self) -> Result, SynthesisError> { let cs = self.cs(); let mode = if cs.is_none() { @@ -120,7 +127,7 @@ mod montgomery_affine_impl { }; // Compute u = x / y - let u = F::new_variable( + let u = BFVar::

::new_variable( ark_relations::ns!(cs, "u"), || { let y_inv = self @@ -135,7 +142,7 @@ mod montgomery_affine_impl { u.mul_equals(&self.y, &self.x)?; - let v = F::new_variable( + let v = BFVar::

::new_variable( ark_relations::ns!(cs, "v"), || { let mut t0 = self.x.value()?; @@ -156,13 +163,13 @@ mod montgomery_affine_impl { } } - impl<'a, P, F> Add<&'a MontgomeryAffineVar> for MontgomeryAffineVar + impl<'a, P> Add<&'a MontgomeryAffineVar

> for MontgomeryAffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { - type Output = MontgomeryAffineVar; + type Output = MontgomeryAffineVar

; #[tracing::instrument(target = "r1cs")] fn add(self, other: &'a Self) -> Self::Output { @@ -176,7 +183,7 @@ mod montgomery_affine_impl { let coeff_b = P::MontgomeryModelParameters::COEFF_B; let coeff_a = P::MontgomeryModelParameters::COEFF_A; - let lambda = F::new_variable( + let lambda = BFVar::

::new_variable( ark_relations::ns!(cs, "lambda"), || { let n = other.y.value()? - &self.y.value()?; @@ -191,7 +198,7 @@ mod montgomery_affine_impl { lambda_d.mul_equals(&lambda, &lambda_n).unwrap(); // Compute x'' = B*lambda^2 - A - x - x' - let xprime = F::new_variable( + let xprime = BFVar::

::new_variable( ark_relations::ns!(cs, "xprime"), || { Ok(lambda.value()?.square() * &coeff_b @@ -208,7 +215,7 @@ mod montgomery_affine_impl { let lambda_b = &lambda * coeff_b; lambda_b.mul_equals(&lambda, &xprime_lc).unwrap(); - let yprime = F::new_variable( + let yprime = BFVar::

::new_variable( ark_relations::ns!(cs, "yprime"), || { Ok(-(self.y.value()? @@ -230,29 +237,29 @@ mod montgomery_affine_impl { /// the complete formulae for the affine model, as outlined in the /// [EFD](https://www.hyperelliptic.org/EFD/g1p/auto-twisted.html). #[derive(Derivative)] -#[derivative(Debug, Clone)] +#[derivative( + Debug(bound = "P: TEModelParameters, P::BaseField: FieldWithVar"), + Clone(bound = "P: TEModelParameters, P::BaseField: FieldWithVar") +)] #[must_use] -pub struct AffineVar< - P: TEModelParameters, - F: FieldVar::BasePrimeField>, -> where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, +pub struct AffineVar +where + P::BaseField: FieldWithVar, { /// The x-coordinate. - pub x: F, + pub x: BFVar

, /// The y-coordinate. - pub y: F, + pub y: BFVar

, #[derivative(Debug = "ignore")] _params: PhantomData

, } -impl::BasePrimeField>> - AffineVar +impl AffineVar

where - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + P::BaseField: FieldWithVar, { /// Constructs `Self` from an `(x, y)` coordinate triple. - pub fn new(x: F, y: F) -> Self { + pub fn new(x: BFVar

, y: BFVar

) -> Self { Self { x, y, @@ -283,24 +290,23 @@ where ), }; - let x = F::new_variable(ark_relations::ns!(cs, "x"), || x, mode)?; - let y = F::new_variable(ark_relations::ns!(cs, "y"), || y, mode)?; + let x = BFVar::

::new_variable(ark_relations::ns!(cs, "x"), || x, mode)?; + let y = BFVar::

::new_variable(ark_relations::ns!(cs, "y"), || y, mode)?; Ok(Self::new(x, y)) } } -impl::BasePrimeField>> - AffineVar +impl AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField> + P::BaseField: FieldWithVar, + BFVar

: TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField> + ThreeBitCondNegLookupGadget< ::BasePrimeField, TableConstant = P::BaseField, >, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Compute a scalar multiplication of `bases` with respect to `scalars`, /// where the elements of `scalars` are length-three slices of bits, and @@ -316,10 +322,10 @@ where J: Borrow<[Boolean<::BasePrimeField>]>, { const CHUNK_SIZE: usize = 3; - let mut ed_result: Option> = None; - let mut result: Option> = None; + let mut ed_result: Option> = None; + let mut result: Option> = None; - let mut process_segment_result = |result: &MontgomeryAffineVar| { + let mut process_segment_result = |result: &MontgomeryAffineVar

| { let sgmt_result = result.into_edwards()?; ed_result = match ed_result.as_ref() { None => Some(sgmt_result), @@ -358,14 +364,14 @@ where let precomp = bits[0].and(&bits[1])?; - let x = F::zero() + let x = BFVar::

::zero() + x_coeffs[0] - + F::from(bits[0].clone()) * (x_coeffs[1] - &x_coeffs[0]) - + F::from(bits[1].clone()) * (x_coeffs[2] - &x_coeffs[0]) - + F::from(precomp.clone()) + + BFVar::

::from(bits[0].clone()) * (x_coeffs[1] - &x_coeffs[0]) + + BFVar::

::from(bits[1].clone()) * (x_coeffs[2] - &x_coeffs[0]) + + BFVar::

::from(precomp.clone()) * (x_coeffs[3] - &x_coeffs[2] - &x_coeffs[1] + &x_coeffs[0]); - let y = F::three_bit_cond_neg_lookup(&bits, &precomp, &y_coeffs)?; + let y = BFVar::

::three_bit_cond_neg_lookup(&bits, &precomp, &y_coeffs)?; let tmp = MontgomeryAffineVar::new(x, y); result = match result.as_ref() { @@ -384,11 +390,10 @@ where } } -impl R1CSVar<::BasePrimeField> for AffineVar +impl

R1CSVar<::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + P::BaseField: FieldWithVar, { type Value = TEProjective

; @@ -404,12 +409,13 @@ where } } -impl CurveVar, ::BasePrimeField> for AffineVar +impl

CurveVar, ::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + P::BaseField: FieldWithVar, + BFVar

: + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(g: TEProjective

) -> Self { let cs = ConstraintSystemRef::None; @@ -417,7 +423,7 @@ where } fn zero() -> Self { - Self::new(F::zero(), F::one()) + Self::new(BFVar::

::zero(), BFVar::

::one()) } fn is_zero(&self) -> Result::BasePrimeField>, SynthesisError> { @@ -490,7 +496,7 @@ where let a_x2 = &x2 * a; // Compute x3 = (2xy) / (ax^2 + y^2) - let x3 = F::new_witness(ark_relations::ns!(cs, "x3"), || { + let x3 = BFVar::

::new_witness(ark_relations::ns!(cs, "x3"), || { let t0 = xy.value()?.double(); let t1 = a * &x2.value()? + &y2.value()?; Ok(t0 * &t1.inverse().ok_or(SynthesisError::DivisionByZero)?) @@ -502,7 +508,7 @@ where // Compute y3 = (y^2 - ax^2) / (2 - ax^2 - y^2) let two = P::BaseField::one().double(); - let y3 = F::new_witness(ark_relations::ns!(cs, "y3"), || { + let y3 = BFVar::

::new_witness(ark_relations::ns!(cs, "y3"), || { let a_x2 = a * &x2.value()?; let t0 = y2.value()? - &a_x2; let t1 = two - &a_x2 - &y2.value()?; @@ -544,8 +550,8 @@ where let x_s = [zero.x, table[0].x, table[1].x, table[2].x]; let y_s = [zero.y, table[0].y, table[1].y, table[2].y]; - let x = F::two_bit_lookup(&bits, &x_s)?; - let y = F::two_bit_lookup(&bits, &y_s)?; + let x = BFVar::

::two_bit_lookup(&bits, &x_s)?; + let y = BFVar::

::two_bit_lookup(&bits, &y_s)?; *self += Self::new(x, y); } else if bits.len() == 1 { let bit = &bits[0]; @@ -558,12 +564,13 @@ where } } -impl AllocVar, ::BasePrimeField> for AffineVar +impl

AllocVar, ::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + P::BaseField: FieldWithVar, + BFVar

: + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -659,12 +666,13 @@ where } } -impl AllocVar, ::BasePrimeField> for AffineVar +impl

AllocVar, ::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, + P::BaseField: FieldWithVar, + BFVar

: + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -676,12 +684,11 @@ where } } -impl ToConstraintFieldGadget<::BasePrimeField> for AffineVar +impl

ToConstraintFieldGadget<::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'a> &'a F: FieldOpsBounds<'a, P::BaseField, F>, - F: ToConstraintFieldGadget<::BasePrimeField>, + P::BaseField: FieldWithVar, + BFVar

: ToConstraintFieldGadget<::BasePrimeField>, { fn to_constraint_field( &self, @@ -707,15 +714,14 @@ fn div2(limbs: &mut [u64]) { } impl_bounded_ops!( - AffineVar, + AffineVar

, TEProjective

, Add, add, AddAssign, add_assign, - |this: &'a AffineVar, other: &'a AffineVar| { - - if [this, other].is_constant() { + |this: &mut AffineVar

, other: &'a AffineVar

| { + *this = if [this, other].is_constant() { assert!(this.is_constant() && other.is_constant()); AffineVar::constant(this.value().unwrap() + &other.value().unwrap()) } else { @@ -739,7 +745,7 @@ impl_bounded_ops!( let v2 = &v0 * &v1 * d; // Compute x3 = (v0 + v1) / (1 + v2) - let x3 = F::new_witness(ark_relations::ns!(cs, "x3"), || { + let x3 = BFVar::

::new_witness(ark_relations::ns!(cs, "x3"), || { let t0 = v0.value()? + &v1.value()?; let t1 = P::BaseField::one() + &v2.value()?; Ok(t0 * &t1.inverse().ok_or(SynthesisError::DivisionByZero)?) @@ -750,7 +756,7 @@ impl_bounded_ops!( x3.mul_equals(&v2_plus_one, &v0_plus_v1).unwrap(); // Compute y3 = (U + a * v0 - v1) / (1 - v2) - let y3 = F::new_witness(ark_relations::ns!(cs, "y3"), || { + let y3 = BFVar::

::new_witness(ark_relations::ns!(cs, "y3"), || { let t0 = u.value()? + &(a * &v0.value()?) - &v1.value()?; let t1 = P::BaseField::one() - &v2.value()?; Ok(t0 * &t1.inverse().ok_or(SynthesisError::DivisionByZero)?) @@ -763,57 +769,58 @@ impl_bounded_ops!( y3.mul_equals(&one_minus_v2, &u_plus_a_v0_minus_v1).unwrap(); AffineVar::new(x3, y3) - } + }; }, - |this: &'a AffineVar, other: TEProjective

| this + AffineVar::constant(other), + |this: &mut AffineVar

, other: TEProjective

| *this = &*this + AffineVar::constant(other), ( - F :FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, P: TEModelParameters, ), - for <'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, + BFVar

: TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, ); impl_bounded_ops!( - AffineVar, + AffineVar

, TEProjective

, Sub, sub, SubAssign, sub_assign, - |this: &'a AffineVar, other: &'a AffineVar| this + other.negate().unwrap(), - |this: &'a AffineVar, other: TEProjective

| this - AffineVar::constant(other), + |this: &mut AffineVar

, other: &'a AffineVar

| *this += other.negate().unwrap(), + |this: &mut AffineVar

, other: TEProjective

| *this = &*this - AffineVar::constant(other), ( - F :FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, P: TEModelParameters, ), - for <'b> &'b F: FieldOpsBounds<'b, P::BaseField, F> + P::BaseField: FieldWithVar, + BFVar

: TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> ); -impl<'a, P, F> GroupOpsBounds<'a, TEProjective

, AffineVar> for AffineVar +impl<'a, P> GroupOpsBounds<'a, TEProjective

, AffineVar

> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, + BFVar

: + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } -impl<'a, P, F> GroupOpsBounds<'a, TEProjective

, AffineVar> for &'a AffineVar +impl<'a, P> GroupOpsBounds<'a, TEProjective

, AffineVar

> for &'a AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField> - + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, + BFVar

: + TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } -impl CondSelectGadget<::BasePrimeField> for AffineVar +impl

CondSelectGadget<::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, { #[inline] #[tracing::instrument(target = "r1cs")] @@ -829,11 +836,10 @@ where } } -impl EqGadget<::BasePrimeField> for AffineVar +impl

EqGadget<::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] fn is_eq( @@ -870,11 +876,10 @@ where } } -impl ToBitsGadget<::BasePrimeField> for AffineVar +impl

ToBitsGadget<::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] fn to_bits_le( @@ -898,11 +903,10 @@ where } } -impl ToBytesGadget<::BasePrimeField> for AffineVar +impl

ToBytesGadget<::BasePrimeField> for AffineVar

where P: TEModelParameters, - F: FieldVar::BasePrimeField>, - for<'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, + P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] fn to_bytes( diff --git a/src/groups/mod.rs b/src/groups/mod.rs index 881c5663..e7e0b6fe 100644 --- a/src/groups/mod.rs +++ b/src/groups/mod.rs @@ -23,6 +23,10 @@ pub trait GroupOpsBounds<'a, F, T: 'a>: { } +pub trait CurveWithVar: ProjectiveCurve { + type Var: CurveVar; +} + /// A variable that represents a curve point for /// the curve `C`. pub trait CurveVar: From d71692b56e53443c60a7d12af5b893975811cd44 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 5 Aug 2021 22:14:44 -0700 Subject: [PATCH 04/26] Get pairings to compile --- src/pairing/bls12/mod.rs | 23 ++++++++++++++++++----- src/pairing/mnt4/mod.rs | 23 ++++++++++++++++++----- src/pairing/mnt6/mod.rs | 23 ++++++++++++++++++----- src/pairing/mod.rs | 31 ++++++++++++++----------------- 4 files changed, 68 insertions(+), 32 deletions(-) diff --git a/src/pairing/bls12/mod.rs b/src/pairing/bls12/mod.rs index 33454c41..d9f22352 100644 --- a/src/pairing/bls12/mod.rs +++ b/src/pairing/bls12/mod.rs @@ -1,9 +1,9 @@ use ark_relations::r1cs::SynthesisError; -use super::PairingVar as PG; +use super::{PairingGadget as PG, PairingWithGadget}; use crate::{ - fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, FieldVar}, + fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, FieldVar, FieldWithVar}, groups::bls12::{G1AffineVar, G1PreparedVar, G1Var, G2PreparedVar, G2Var}, }; use ark_ec::bls12::{Bls12, Bls12Parameters, TwistType}; @@ -11,11 +11,14 @@ use ark_ff::fields::BitIteratorBE; use core::marker::PhantomData; /// Specifies the constraints for computing a pairing in a BLS12 bilinear group. -pub struct PairingVar(PhantomData

); +pub struct Bls12Gadget(PhantomData

); type Fp2V

= Fp2Var<

::Fp2Params>; -impl PairingVar

{ +impl Bls12Gadget

+where + P::Fp: FieldWithVar>, +{ // Evaluate the line function at point p. #[tracing::instrument(target = "r1cs")] fn ell( @@ -59,7 +62,17 @@ impl PairingVar

{ } } -impl PG, P::Fp> for PairingVar

{ +impl PairingWithGadget for Bls12

+where + P::Fp: FieldWithVar>, +{ + type Gadget = Bls12Gadget

; +} + +impl PG> for Bls12Gadget

+where + P::Fp: FieldWithVar>, +{ type G1Var = G1Var

; type G2Var = G2Var

; type G1PreparedVar = G1PreparedVar

; diff --git a/src/pairing/mnt4/mod.rs b/src/pairing/mnt4/mod.rs index 0ddbec59..f9024058 100644 --- a/src/pairing/mnt4/mod.rs +++ b/src/pairing/mnt4/mod.rs @@ -1,9 +1,9 @@ use ark_relations::r1cs::SynthesisError; -use super::PairingVar as PG; +use super::{PairingGadget as PG, PairingWithGadget}; use crate::{ - fields::{fp::FpVar, fp2::Fp2Var, fp4::Fp4Var, FieldVar}, + fields::{fp::FpVar, fp2::Fp2Var, fp4::Fp4Var, FieldVar, FieldWithVar}, groups::mnt4::{ AteAdditionCoefficientsVar, AteDoubleCoefficientsVar, G1PreparedVar, G1Var, G2PreparedVar, G2ProjectiveExtendedVar, G2Var, @@ -15,14 +15,17 @@ use ark_ff::BitIteratorBE; use core::marker::PhantomData; /// Specifies the constraints for computing a pairing in a MNT4 bilinear group. -pub struct PairingVar(PhantomData

); +pub struct MNT4Gadget(PhantomData

); type Fp2G

= Fp2Var<

::Fp2Params>; type Fp4G

= Fp4Var<

::Fp4Params>; /// A variable corresponding to `ark_ec::mnt4::GT`. pub type GTVar

= Fp4G

; -impl PairingVar

{ +impl MNT4Gadget

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(r))] pub(crate) fn doubling_step_for_flipped_miller_loop( r: &G2ProjectiveExtendedVar

, @@ -186,7 +189,17 @@ impl PairingVar

{ } } -impl PG, P::Fp> for PairingVar

{ +impl PairingWithGadget for MNT4

+where + P::Fp: FieldWithVar>, +{ + type Gadget = MNT4Gadget

; +} + +impl PG> for MNT4Gadget

+where + P::Fp: FieldWithVar>, +{ type G1Var = G1Var

; type G2Var = G2Var

; type G1PreparedVar = G1PreparedVar

; diff --git a/src/pairing/mnt6/mod.rs b/src/pairing/mnt6/mod.rs index bb849b29..4711d304 100644 --- a/src/pairing/mnt6/mod.rs +++ b/src/pairing/mnt6/mod.rs @@ -1,9 +1,9 @@ use ark_relations::r1cs::SynthesisError; -use super::PairingVar as PG; +use super::{PairingGadget as PG, PairingWithGadget}; use crate::{ - fields::{fp::FpVar, fp3::Fp3Var, fp6_2over3::Fp6Var, FieldVar}, + fields::{fp::FpVar, fp3::Fp3Var, fp6_2over3::Fp6Var, FieldVar, FieldWithVar}, groups::mnt6::{ AteAdditionCoefficientsVar, AteDoubleCoefficientsVar, G1PreparedVar, G1Var, G2PreparedVar, G2ProjectiveExtendedVar, G2Var, @@ -14,14 +14,17 @@ use ark_ff::fields::BitIteratorBE; use core::marker::PhantomData; /// Specifies the constraints for computing a pairing in a MNT6 bilinear group. -pub struct PairingVar(PhantomData

); +pub struct MNT6Gadget(PhantomData

); type Fp3G

= Fp3Var<

::Fp3Params>; type Fp6G

= Fp6Var<

::Fp6Params>; /// A variable corresponding to `ark_ec::mnt6::GT`. pub type GTVar

= Fp6G

; -impl PairingVar

{ +impl MNT6Gadget

+where + P::Fp: FieldWithVar>, +{ #[tracing::instrument(target = "r1cs", skip(r))] pub(crate) fn doubling_step_for_flipped_miller_loop( r: &G2ProjectiveExtendedVar

, @@ -181,7 +184,17 @@ impl PairingVar

{ } } -impl PG, P::Fp> for PairingVar

{ +impl PairingWithGadget for MNT6

+where + P::Fp: FieldWithVar>, +{ + type Gadget = MNT6Gadget

; +} + +impl PG> for MNT6Gadget

+where + P::Fp: FieldWithVar>, +{ type G1Var = G1Var

; type G2Var = G2Var

; type G1PreparedVar = G1PreparedVar

; diff --git a/src/pairing/mod.rs b/src/pairing/mod.rs index 157f26d8..7ac4d797 100644 --- a/src/pairing/mod.rs +++ b/src/pairing/mod.rs @@ -1,6 +1,5 @@ use crate::prelude::*; use ark_ec::PairingEngine; -use ark_ff::Field; use ark_relations::r1cs::SynthesisError; use core::fmt::Debug; @@ -11,39 +10,37 @@ pub mod mnt4; /// This module implements pairings for MNT6 bilinear groups. pub mod mnt6; +pub trait PairingWithGadget: PairingEngine { + type Gadget: PairingGadget; +} + /// Specifies the constraints for computing a pairing in the yybilinear group /// `E`. -pub trait PairingVar::Fq> { +pub trait PairingGadget { /// An variable representing an element of `G1`. /// This is the R1CS equivalent of `E::G1Projective`. - type G1Var: CurveVar - + AllocVar - + AllocVar; + type G1Var: CurveVar + + AllocVar + + AllocVar; /// An variable representing an element of `G2`. /// This is the R1CS equivalent of `E::G2Projective`. - type G2Var: CurveVar - + AllocVar - + AllocVar; + type G2Var: CurveVar + + AllocVar + + AllocVar; /// An variable representing an element of `GT`. /// This is the R1CS equivalent of `E::GT`. - type GTVar: FieldVar; + type GTVar: FieldVar; /// An variable representing cached precomputation that can speed up /// pairings computations. This is the R1CS equivalent of /// `E::G1Prepared`. - type G1PreparedVar: ToBytesGadget - + AllocVar - + Clone - + Debug; + type G1PreparedVar: ToBytesGadget + AllocVar + Clone + Debug; /// An variable representing cached precomputation that can speed up /// pairings computations. This is the R1CS equivalent of /// `E::G2Prepared`. - type G2PreparedVar: ToBytesGadget - + AllocVar - + Clone - + Debug; + type G2PreparedVar: ToBytesGadget + AllocVar + Clone + Debug; /// Computes a multi-miller loop between elements /// of `p` and `q`. From 329e83925e4b03b86910dae1895c7c3ef0c01524 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 5 Aug 2021 22:15:36 -0700 Subject: [PATCH 05/26] Rest --- src/lib.rs | 4 ++-- src/macros.rs | 33 ++++++++++++++++++--------------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 584f9b6e..1bd58407 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -42,7 +42,7 @@ pub mod groups; /// This module implements gadgets related to computing pairings in bilinear /// groups. -// pub mod pairing; +pub mod pairing; /// This module describes a trait for allocating new variables in a constraint /// system. @@ -63,7 +63,7 @@ pub mod prelude { eq::*, fields::{FieldOpsBounds, FieldVar}, groups::{CurveVar, GroupOpsBounds}, - pairing::PairingVar, + pairing::PairingGadget, select::*, R1CSVar, }; diff --git a/src/macros.rs b/src/macros.rs index 2770a7e3..0fc62baf 100644 --- a/src/macros.rs +++ b/src/macros.rs @@ -52,7 +52,9 @@ macro_rules! impl_bounded_ops { #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces, clippy::redundant_closure_call)] fn $fn(self, other: Self) -> Self::Output { - ($impl)(self, other) + let mut result = self.clone(); + core::ops::$assign_trait::$assign_fn(&mut result, other); + result } } @@ -77,8 +79,9 @@ macro_rules! impl_bounded_ops { #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces)] - fn $fn(self, other: &'a $type) -> Self::Output { - core::ops::$trait::$fn(&self, other) + fn $fn(mut self, other: &'a $type) -> Self::Output { + core::ops::$assign_trait::$assign_fn(&mut self, other); + self } } @@ -91,8 +94,9 @@ macro_rules! impl_bounded_ops { #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces)] - fn $fn(self, other: $type) -> Self::Output { - core::ops::$trait::$fn(&self, &other) + fn $fn(mut self, other: $type) -> Self::Output { + core::ops::$assign_trait::$assign_fn(&mut self, &other); + self } } @@ -104,8 +108,7 @@ macro_rules! impl_bounded_ops { #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces)] fn $assign_fn(&mut self, other: $type) { - let result = core::ops::$trait::$fn(&*self, &other); - *self = result + core::ops::$assign_trait::$assign_fn(self, &other); } } @@ -117,8 +120,7 @@ macro_rules! impl_bounded_ops { #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces)] fn $assign_fn(&mut self, other: &'a $type) { - let result = core::ops::$trait::$fn(&*self, other); - *self = result + ($impl)(self, other) } } @@ -132,7 +134,9 @@ macro_rules! impl_bounded_ops { #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces, clippy::redundant_closure_call)] fn $fn(self, other: $native) -> Self::Output { - ($constant_impl)(self, other) + let mut result = self.clone(); + core::ops::$assign_trait::$assign_fn(&mut result, other); + result } } @@ -145,8 +149,9 @@ macro_rules! impl_bounded_ops { #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces)] - fn $fn(self, other: $native) -> Self::Output { - core::ops::$trait::$fn(&self, other) + fn $fn(mut self, other: $native) -> Self::Output { + core::ops::$assign_trait::$assign_fn(&mut self, other); + self } } @@ -155,12 +160,10 @@ macro_rules! impl_bounded_ops { $($bounds)* { - #[tracing::instrument(target = "r1cs", skip(self))] #[allow(unused_braces)] fn $assign_fn(&mut self, other: $native) { - let result = core::ops::$trait::$fn(&*self, other); - *self = result + ($constant_impl)(self, other) } } } From 0c81335a8587048cd04d0385280690dfee58afbc Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Fri, 6 Aug 2021 12:14:55 -0700 Subject: [PATCH 06/26] Update prelude --- src/lib.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 1bd58407..bca97e75 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -61,9 +61,9 @@ pub mod prelude { alloc::*, bits::{boolean::Boolean, uint32::UInt32, uint8::UInt8, ToBitsGadget, ToBytesGadget}, eq::*, - fields::{FieldOpsBounds, FieldVar}, - groups::{CurveVar, GroupOpsBounds}, - pairing::PairingGadget, + fields::{FieldOpsBounds, FieldVar, FieldWithVar}, + groups::{CurveVar, GroupOpsBounds, CurveWithVar}, + pairing::{PairingGadget, PairingWithGadget}, select::*, R1CSVar, }; From 2dac12729de34a34813178286bba66e35f02a5bc Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 11 Aug 2021 11:46:34 -0700 Subject: [PATCH 07/26] Tweak --- src/groups/curves/short_weierstrass/bls12/mod.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/groups/curves/short_weierstrass/bls12/mod.rs b/src/groups/curves/short_weierstrass/bls12/mod.rs index 9ac314c7..974b2b83 100644 --- a/src/groups/curves/short_weierstrass/bls12/mod.rs +++ b/src/groups/curves/short_weierstrass/bls12/mod.rs @@ -10,7 +10,6 @@ use crate::{ groups::curves::short_weierstrass::*, Vec, }; -use core::fmt::Debug; type FpVar

= <

::Fp as FieldWithVar>::Var; From c28febd12e8d4c27dd554543459a04ff17ae5ae5 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 11 Aug 2021 11:46:50 -0700 Subject: [PATCH 08/26] Tweak --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index bca97e75..3a0c6a06 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -62,7 +62,7 @@ pub mod prelude { bits::{boolean::Boolean, uint32::UInt32, uint8::UInt8, ToBitsGadget, ToBytesGadget}, eq::*, fields::{FieldOpsBounds, FieldVar, FieldWithVar}, - groups::{CurveVar, GroupOpsBounds, CurveWithVar}, + groups::{CurveVar, CurveWithVar, GroupOpsBounds}, pairing::{PairingGadget, PairingWithGadget}, select::*, R1CSVar, From a2d2d47c0ecd3ea8d2d8f9b68f1d8731abff4c1b Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 11 Aug 2021 13:37:17 -0700 Subject: [PATCH 09/26] Add `Sum` for `nonnative` --- src/fields/fp/mod.rs | 6 +- src/fields/nonnative/allocated_field_var.rs | 42 ++++++++ src/fields/nonnative/field_var.rs | 109 ++++++++++++++++---- src/fields/nonnative/mul_result.rs | 8 +- 4 files changed, 137 insertions(+), 28 deletions(-) diff --git a/src/fields/fp/mod.rs b/src/fields/fp/mod.rs index 32171a51..feae65ab 100644 --- a/src/fields/fp/mod.rs +++ b/src/fields/fp/mod.rs @@ -142,7 +142,7 @@ impl AllocatedFp { /// Add many allocated Fp elements together. /// /// This does not create any constraints and only creates one linear combination. - pub fn addmany<'a, I: Iterator>(iter: I) -> Self { + pub fn add_many<'a, I: Iterator>(iter: I) -> Self { let mut cs = ConstraintSystemRef::None; let mut has_value = true; let mut value = F::zero(); @@ -1062,7 +1062,7 @@ impl AllocVar for FpVar { impl<'a, F: PrimeField> Sum<&'a FpVar> for FpVar { fn sum>>(iter: I) -> FpVar { let mut sum_constants = F::zero(); - let sum_variables = FpVar::Var(AllocatedFp::::addmany(iter.filter_map(|x| match x { + let sum_variables = FpVar::Var(AllocatedFp::::add_many(iter.filter_map(|x| match x { FpVar::Constant(c) => { sum_constants += c; None @@ -1087,7 +1087,7 @@ impl Sum> for FpVar { FpVar::Var(v) => Some(v), }) .collect::>(); - let sum_variables = FpVar::Var(AllocatedFp::::addmany(vars.iter())); + let sum_variables = FpVar::Var(AllocatedFp::::add_many(vars.iter())); let sum = sum_variables + sum_constants; sum diff --git a/src/fields/nonnative/allocated_field_var.rs b/src/fields/nonnative/allocated_field_var.rs index 4c6220b3..a6bac22d 100644 --- a/src/fields/nonnative/allocated_field_var.rs +++ b/src/fields/nonnative/allocated_field_var.rs @@ -176,6 +176,48 @@ impl Ok(res) } + /// Add many allocated elements together. + /// + /// This does not create any constraints and only creates #limbs linear combinations. + /// + /// If there are 0 items in the iterator, then this returns `Ok(None)`. + pub fn add_many<'a, I: Iterator>( + iter: I, + ) -> Result, SynthesisError> { + let mut limbs_iter = Vec::new(); + let cs; + let mut num_of_additions_over_normal_form = BaseField::zero(); + let is_in_the_normal_form = false; + if let Some(first) = iter.next() { + cs = first.cs(); + for limb in &first.limbs { + limbs_iter.push(vec![limb]); + } + for elem in iter { + for (cur_limb, limbs) in elem.limbs.iter().zip(limbs_iter) { + limbs.push(cur_limb); + } + num_of_additions_over_normal_form += BaseField::one(); + } + let limbs = limbs_iter + .into_iter() + .map(|limbs| limbs.into_iter().sum::>()) + .collect::>(); + + let result = Self { + cs, + limbs, + num_of_additions_over_normal_form, + is_in_the_normal_form, + target_phantom: PhantomData, + }; + Reducer::::post_add_reduce(&mut result)?; + Ok(Some(result)) + } else { + Ok(None) + } + } + /// Subtract a nonnative field element, without the final reduction step #[tracing::instrument(target = "r1cs")] pub fn sub_without_reduce(&self, other: &Self) -> R1CSResult { diff --git a/src/fields/nonnative/field_var.rs b/src/fields/nonnative/field_var.rs index eb7ccf10..f87b38d9 100644 --- a/src/fields/nonnative/field_var.rs +++ b/src/fields/nonnative/field_var.rs @@ -10,7 +10,7 @@ use ark_ff::{to_bytes, FpParameters}; use ark_relations::r1cs::Result as R1CSResult; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; use ark_std::hash::{Hash, Hasher}; -use ark_std::{borrow::Borrow, vec::Vec}; +use ark_std::{borrow::Borrow, iter::Sum, vec::Vec}; /// A gadget for representing non-native (`TargetField`) field elements over the constraint field (`BaseField`). #[derive(Clone, Debug)] @@ -116,11 +116,30 @@ impl FieldVar R1CSResult { - match self { - Self::Constant(c) => Ok(Self::Constant(-*c)), - Self::Var(v) => Ok(Self::Var(v.negate()?)), - } + fn negate_in_place(&mut self) -> R1CSResult<&mut Self> { + *self = match self { + Self::Constant(c) => Self::Constant(-*c), + Self::Var(v) => Self::Var(v.negate()?), + }; + Ok(self) + } + + #[tracing::instrument(target = "r1cs")] + fn double_in_place(&mut self) -> R1CSResult<&mut Self> { + *self = match self { + Self::Constant(c) => Self::Constant(c.double()), + Self::Var(v) => Self::Var(v.add(&*v)?), + }; + Ok(self) + } + + #[tracing::instrument(target = "r1cs")] + fn square_in_place(&mut self) -> R1CSResult<&mut Self> { + *self = match self { + Self::Constant(c) => Self::Constant(c.square()), + Self::Var(v) => Self::Var(v.mul(&*v)?), + }; + Ok(self) } #[tracing::instrument(target = "r1cs")] @@ -154,15 +173,15 @@ impl_bounded_ops!( add, AddAssign, add_assign, - |this: &'a NonNativeFieldVar, other: &'a NonNativeFieldVar| { + |this: &mut NonNativeFieldVar, other: &'a NonNativeFieldVar| { use NonNativeFieldVar::*; - match (this, other) { + *this = match (&*this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 + c2), (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.add_constant(c).unwrap()), (Var(v1), Var(v2)) => Var(v1.add(v2).unwrap()), - } + }; }, - |this: &'a NonNativeFieldVar, other: TargetField| { this + &NonNativeFieldVar::Constant(other) }, + |this: &mut NonNativeFieldVar, other: TargetField| { *this = &*this + &NonNativeFieldVar::Constant(other) }, (TargetField: PrimeField, BaseField: PrimeField), ); @@ -173,17 +192,17 @@ impl_bounded_ops!( sub, SubAssign, sub_assign, - |this: &'a NonNativeFieldVar, other: &'a NonNativeFieldVar| { + |this: &mut NonNativeFieldVar, other: &'a NonNativeFieldVar| { use NonNativeFieldVar::*; - match (this, other) { + *this = match (&*this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 - c2), (Var(v), Constant(c)) => Var(v.sub_constant(c).unwrap()), (Constant(c), Var(v)) => Var(v.sub_constant(c).unwrap().negate().unwrap()), (Var(v1), Var(v2)) => Var(v1.sub(v2).unwrap()), - } + }; }, - |this: &'a NonNativeFieldVar, other: TargetField| { - this - &NonNativeFieldVar::Constant(other) + |this: &mut NonNativeFieldVar, other: TargetField| { + *this = &*this - &NonNativeFieldVar::Constant(other) }, (TargetField: PrimeField, BaseField: PrimeField), ); @@ -195,20 +214,20 @@ impl_bounded_ops!( mul, MulAssign, mul_assign, - |this: &'a NonNativeFieldVar, other: &'a NonNativeFieldVar| { + |this: &mut NonNativeFieldVar, other: &'a NonNativeFieldVar| { use NonNativeFieldVar::*; - match (this, other) { + *this = match (&*this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 * c2), (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.mul_constant(c).unwrap()), (Var(v1), Var(v2)) => Var(v1.mul(v2).unwrap()), } }, - |this: &'a NonNativeFieldVar, other: TargetField| { - if other.is_zero() { + |this: &mut NonNativeFieldVar, other: TargetField| { + *this = if other.is_zero() { NonNativeFieldVar::zero() } else { - this * &NonNativeFieldVar::Constant(other) - } + &*this * &NonNativeFieldVar::Constant(other) + }; }, (TargetField: PrimeField, BaseField: PrimeField), ); @@ -454,6 +473,54 @@ impl ToConstraintFieldGadget Sum<&'a Self> + for NonNativeFieldVar +{ + fn sum>(iter: I) -> Self { + let mut sum_constants = TargetField::zero(); + let vars = iter + .filter_map(|x| match x { + Self::Constant(c) => { + sum_constants += c; + None + } + Self::Var(v) => Some(v), + }) + .collect::>(); + let sum_variables = AllocatedNonNativeFieldVar::add_many(vars.into_iter()) + .unwrap() + .map(Self::Var) + .unwrap_or(Self::zero()); + + let sum = sum_variables + sum_constants; + sum + } +} + +impl Sum + for NonNativeFieldVar +{ + fn sum>(iter: I) -> Self { + let mut sum_constants = TargetField::zero(); + let vars = iter + .filter_map(|x| match x { + Self::Constant(c) => { + sum_constants += c; + None + } + Self::Var(v) => Some(v), + }) + .collect::>(); + let sum_variables = AllocatedNonNativeFieldVar::add_many(vars.iter()) + .unwrap() + .map(Self::Var) + .unwrap_or(Self::zero()); + + let sum = sum_variables + sum_constants; + sum + } +} + impl NonNativeFieldVar { /// The `mul_without_reduce` for `NonNativeFieldVar` #[tracing::instrument(target = "r1cs")] diff --git a/src/fields/nonnative/mul_result.rs b/src/fields/nonnative/mul_result.rs index b1eb58cb..0de5772c 100644 --- a/src/fields/nonnative/mul_result.rs +++ b/src/fields/nonnative/mul_result.rs @@ -65,14 +65,14 @@ impl_bounded_ops!( add, AddAssign, add_assign, - |this: &'a NonNativeFieldMulResultVar, other: &'a NonNativeFieldMulResultVar| { + |this: &mut NonNativeFieldMulResultVar, other: &'a NonNativeFieldMulResultVar| { use NonNativeFieldMulResultVar::*; - match (this, other) { + *this = match (&*this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 + c2), (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.add_constant(c).unwrap()), (Var(v1), Var(v2)) => Var(v1.add(v2).unwrap()), - } + }; }, - |this: &'a NonNativeFieldMulResultVar, other: TargetField| { this + &NonNativeFieldMulResultVar::Constant(other) }, + |this: &mut NonNativeFieldMulResultVar, other: TargetField| { *this = &*this + &NonNativeFieldMulResultVar::Constant(other) }, (TargetField: PrimeField, BaseField: PrimeField), ); From 0f44d4f87ff39fc1fceeb9e62d7efe0eb5c2e8af Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 11 Aug 2021 15:17:04 -0700 Subject: [PATCH 10/26] Fix summation for `nonnative` --- src/fields/nonnative/allocated_field_var.rs | 47 ++++++++++++-------- src/fields/nonnative/allocated_mul_result.rs | 2 +- src/fields/nonnative/mul_result.rs | 2 +- src/fields/nonnative/reduce.rs | 26 ++++++----- 4 files changed, 46 insertions(+), 31 deletions(-) diff --git a/src/fields/nonnative/allocated_field_var.rs b/src/fields/nonnative/allocated_field_var.rs index a6bac22d..0ff6c57b 100644 --- a/src/fields/nonnative/allocated_field_var.rs +++ b/src/fields/nonnative/allocated_field_var.rs @@ -182,36 +182,47 @@ impl /// /// If there are 0 items in the iterator, then this returns `Ok(None)`. pub fn add_many<'a, I: Iterator>( - iter: I, + mut iter: I, ) -> Result, SynthesisError> { - let mut limbs_iter = Vec::new(); + let mut intermediate_results = Vec::new(); let cs; - let mut num_of_additions_over_normal_form = BaseField::zero(); + let mut num_of_additions_over_normal_form ; let is_in_the_normal_form = false; if let Some(first) = iter.next() { + let mut limbs_iter = Vec::new(); cs = first.cs(); + let optimization_type = first.get_optimization_type(); for limb in &first.limbs { limbs_iter.push(vec![limb]); } + num_of_additions_over_normal_form = first.num_of_additions_over_normal_form; for elem in iter { - for (cur_limb, limbs) in elem.limbs.iter().zip(limbs_iter) { + for (cur_limb, limbs) in elem.limbs.iter().zip(&mut limbs_iter) { limbs.push(cur_limb); } - num_of_additions_over_normal_form += BaseField::one(); + num_of_additions_over_normal_form += elem.num_of_additions_over_normal_form + BaseField::one(); + + // Reduce the result if we're past the budget. + if Reducer::::should_reduce_post_addition(num_of_additions_over_normal_form, optimization_type) { + let limbs = limbs_iter + .into_iter() + .map(|limbs| limbs.into_iter().sum::>()) + .collect::>(); + + let mut result = Self { + cs: cs.clone(), + limbs, + num_of_additions_over_normal_form, + is_in_the_normal_form, + target_phantom: PhantomData, + }; + Reducer::::post_add_reduce(&mut result)?; + intermediate_results.push(result); + limbs_iter = Vec::new(); + } } - let limbs = limbs_iter - .into_iter() - .map(|limbs| limbs.into_iter().sum::>()) - .collect::>(); - - let result = Self { - cs, - limbs, - num_of_additions_over_normal_form, - is_in_the_normal_form, - target_phantom: PhantomData, - }; - Reducer::::post_add_reduce(&mut result)?; + let result = intermediate_results.into_iter().fold(Self::zero(cs.clone()).unwrap(), |sum, new| sum.add(&new).unwrap()); + Ok(Some(result)) } else { Ok(None) diff --git a/src/fields/nonnative/allocated_mul_result.rs b/src/fields/nonnative/allocated_mul_result.rs index 28bf1e88..854b6f81 100644 --- a/src/fields/nonnative/allocated_mul_result.rs +++ b/src/fields/nonnative/allocated_mul_result.rs @@ -11,7 +11,7 @@ use ark_std::vec::Vec; use num_bigint::BigUint; /// The allocated form of `NonNativeFieldMulResultVar` (introduced below) -#[derive(Debug)] +#[derive(Debug, Clone)] #[must_use] pub struct AllocatedNonNativeFieldMulResultVar { /// Constraint system reference diff --git a/src/fields/nonnative/mul_result.rs b/src/fields/nonnative/mul_result.rs index 0de5772c..62afcc8c 100644 --- a/src/fields/nonnative/mul_result.rs +++ b/src/fields/nonnative/mul_result.rs @@ -9,7 +9,7 @@ use ark_relations::r1cs::Result as R1CSResult; /// obtain this intermediate representation, which can still be added. /// Then, one can call `reduce` to reduce it back to `NonNativeFieldVar`. /// This may help cut the number of reduce operations. -#[derive(Debug)] +#[derive(Debug, Clone)] #[must_use] pub enum NonNativeFieldMulResultVar { /// as a constant diff --git a/src/fields/nonnative/reduce.rs b/src/fields/nonnative/reduce.rs index c5d2089f..ed572b0e 100644 --- a/src/fields/nonnative/reduce.rs +++ b/src/fields/nonnative/reduce.rs @@ -1,4 +1,4 @@ -use super::overhead; +use super::{overhead, params::OptimizationType}; use super::params::get_params; use super::AllocatedNonNativeFieldVar; use crate::eq::EqGadget; @@ -125,22 +125,26 @@ impl Reducer, - ) -> R1CSResult<()> { + pub fn should_reduce_post_addition(num_of_additions_over_normal_form: BaseField, optimization_type: OptimizationType) -> bool { let params = get_params( TargetField::size_in_bits(), BaseField::size_in_bits(), - elem.get_optimization_type(), + optimization_type, ); - let surfeit = overhead!(elem.num_of_additions_over_normal_form + BaseField::one()) + 1; + let surfeit = overhead!(num_of_additions_over_normal_form + BaseField::one()) + 1; - if BaseField::size_in_bits() > 2 * params.bits_per_limb + surfeit + 1 { - Ok(()) - } else { + BaseField::size_in_bits() <= (2 * params.bits_per_limb + surfeit + 1) + } + + /// Reduction to be enforced after additions + #[tracing::instrument(target = "r1cs")] + pub fn post_add_reduce( + elem: &mut AllocatedNonNativeFieldVar, + ) -> R1CSResult<()> { + if Self::should_reduce_post_addition(elem.num_of_additions_over_normal_form, elem.get_optimization_type()) { Self::reduce(elem) + } else { + Ok(()) } } From dbdd94980ca3e5122bba0bd4b59177d45473a7e7 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 11 Aug 2021 15:19:34 -0700 Subject: [PATCH 11/26] Format --- src/fields/nonnative/allocated_field_var.rs | 18 +++++++++++++----- src/fields/nonnative/reduce.rs | 12 +++++++++--- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/src/fields/nonnative/allocated_field_var.rs b/src/fields/nonnative/allocated_field_var.rs index 0ff6c57b..123032b0 100644 --- a/src/fields/nonnative/allocated_field_var.rs +++ b/src/fields/nonnative/allocated_field_var.rs @@ -186,7 +186,7 @@ impl ) -> Result, SynthesisError> { let mut intermediate_results = Vec::new(); let cs; - let mut num_of_additions_over_normal_form ; + let mut num_of_additions_over_normal_form; let is_in_the_normal_form = false; if let Some(first) = iter.next() { let mut limbs_iter = Vec::new(); @@ -200,10 +200,14 @@ impl for (cur_limb, limbs) in elem.limbs.iter().zip(&mut limbs_iter) { limbs.push(cur_limb); } - num_of_additions_over_normal_form += elem.num_of_additions_over_normal_form + BaseField::one(); + num_of_additions_over_normal_form += + elem.num_of_additions_over_normal_form + BaseField::one(); // Reduce the result if we're past the budget. - if Reducer::::should_reduce_post_addition(num_of_additions_over_normal_form, optimization_type) { + if Reducer::::should_reduce_post_addition( + num_of_additions_over_normal_form, + optimization_type, + ) { let limbs = limbs_iter .into_iter() .map(|limbs| limbs.into_iter().sum::>()) @@ -221,8 +225,12 @@ impl limbs_iter = Vec::new(); } } - let result = intermediate_results.into_iter().fold(Self::zero(cs.clone()).unwrap(), |sum, new| sum.add(&new).unwrap()); - + let result = intermediate_results + .into_iter() + .fold(Self::zero(cs.clone()).unwrap(), |sum, new| { + sum.add(&new).unwrap() + }); + Ok(Some(result)) } else { Ok(None) diff --git a/src/fields/nonnative/reduce.rs b/src/fields/nonnative/reduce.rs index ed572b0e..321ea51c 100644 --- a/src/fields/nonnative/reduce.rs +++ b/src/fields/nonnative/reduce.rs @@ -1,6 +1,6 @@ -use super::{overhead, params::OptimizationType}; use super::params::get_params; use super::AllocatedNonNativeFieldVar; +use super::{overhead, params::OptimizationType}; use crate::eq::EqGadget; use crate::fields::fp::FpVar; use crate::fields::FieldVar; @@ -125,7 +125,10 @@ impl Reducer bool { + pub fn should_reduce_post_addition( + num_of_additions_over_normal_form: BaseField, + optimization_type: OptimizationType, + ) -> bool { let params = get_params( TargetField::size_in_bits(), BaseField::size_in_bits(), @@ -141,7 +144,10 @@ impl Reducer, ) -> R1CSResult<()> { - if Self::should_reduce_post_addition(elem.num_of_additions_over_normal_form, elem.get_optimization_type()) { + if Self::should_reduce_post_addition( + elem.num_of_additions_over_normal_form, + elem.get_optimization_type(), + ) { Self::reduce(elem) } else { Ok(()) From fd0c5623234fc881a52d3218a1cef65719d05d01 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Mon, 16 Aug 2021 13:19:14 -0700 Subject: [PATCH 12/26] Add `CurveWithVar` impls for SW and TE --- src/groups/curves/short_weierstrass/mod.rs | 8 ++ src/groups/curves/twisted_edwards/mod.rs | 92 +++++++++++++--------- 2 files changed, 61 insertions(+), 39 deletions(-) diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 5b8e4dd2..1bf8e306 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -367,6 +367,14 @@ where } } +impl CurveWithVar> for SWProjective

+where + BF

: FieldWithVar, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, +{ + type Var = ProjectiveVar

; +} + impl

CurveVar, CF

> for ProjectiveVar

where P: SWModelParameters, diff --git a/src/groups/curves/twisted_edwards/mod.rs b/src/groups/curves/twisted_edwards/mod.rs index 6614c25f..a9c287c2 100644 --- a/src/groups/curves/twisted_edwards/mod.rs +++ b/src/groups/curves/twisted_edwards/mod.rs @@ -43,14 +43,14 @@ mod montgomery_affine_impl { use ark_ff::Field; use core::ops::Add; - impl

R1CSVar<::BasePrimeField> for MontgomeryAffineVar

+ impl

R1CSVar> for MontgomeryAffineVar

where P::BaseField: FieldWithVar, P: TEModelParameters, { type Value = (P::BaseField, P::BaseField); - fn cs(&self) -> ConstraintSystemRef<::BasePrimeField> { + fn cs(&self) -> ConstraintSystemRef> { self.x.cs().or(self.y.cs()) } @@ -98,7 +98,7 @@ mod montgomery_affine_impl { /// corresponding affine Montgomery curve point. #[tracing::instrument(target = "r1cs")] pub fn new_witness_from_edwards( - cs: ConstraintSystemRef<::BasePrimeField>, + cs: ConstraintSystemRef>, p: &TEAffine

, ) -> Result { let montgomery_coords = Self::from_edwards_to_coords(p)?; @@ -272,7 +272,7 @@ where /// is a constant or is a public input). #[tracing::instrument(target = "r1cs", skip(cs, f))] pub fn new_variable_omit_on_curve_check>>( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> Result { @@ -301,9 +301,9 @@ impl AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, - BFVar

: TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField> + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField> + ThreeBitCondNegLookupGadget< - ::BasePrimeField, + CF

, TableConstant = P::BaseField, >, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, @@ -319,7 +319,7 @@ where scalars: &[impl Borrow<[J]>], ) -> Result where - J: Borrow<[Boolean<::BasePrimeField>]>, + J: Borrow<[Boolean>]>, { const CHUNK_SIZE: usize = 3; let mut ed_result: Option> = None; @@ -390,14 +390,14 @@ where } } -impl

R1CSVar<::BasePrimeField> for AffineVar

+impl

R1CSVar> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, { type Value = TEProjective

; - fn cs(&self) -> ConstraintSystemRef<::BasePrimeField> { + fn cs(&self) -> ConstraintSystemRef> { self.x.cs().or(self.y.cs()) } @@ -409,12 +409,26 @@ where } } -impl

CurveVar, ::BasePrimeField> for AffineVar

+ +type CF

= <

::BaseField as Field>::BasePrimeField; + +impl CurveWithVar> for TEProjective

+where + P::BaseField: FieldWithVar, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, + BFVar

: + TwoBitLookupGadget, TableConstant = P::BaseField>, + for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, +{ + type Var = AffineVar

; +} + +impl

CurveVar, CF

> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, BFVar

: - TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + TwoBitLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(g: TEProjective

) -> Self { @@ -426,13 +440,13 @@ where Self::new(BFVar::

::zero(), BFVar::

::one()) } - fn is_zero(&self) -> Result::BasePrimeField>, SynthesisError> { + fn is_zero(&self) -> Result>, SynthesisError> { self.x.is_zero()?.and(&self.x.is_one()?) } #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable_omit_prime_order_check( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, SynthesisError>, mode: AllocationMode, ) -> Result { @@ -536,7 +550,7 @@ where ) -> Result<(), SynthesisError> where I: Iterator)>, - B: Borrow::BasePrimeField>>, + B: Borrow>>, { let (bits, multiples): (Vec<_>, Vec<_>) = scalar_bits_with_base_multiples .map(|(bit, base)| (bit.borrow().clone(), *base)) @@ -564,17 +578,17 @@ where } } -impl

AllocVar, ::BasePrimeField> for AffineVar

+impl

AllocVar, CF

> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, BFVar

: - TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + TwoBitLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> Result { @@ -666,17 +680,17 @@ where } } -impl

AllocVar, ::BasePrimeField> for AffineVar

+impl

AllocVar, CF

> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, BFVar

: - TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + TwoBitLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( - cs: impl Into::BasePrimeField>>, + cs: impl Into>>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> Result { @@ -684,15 +698,15 @@ where } } -impl

ToConstraintFieldGadget<::BasePrimeField> for AffineVar

+impl

ToConstraintFieldGadget> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, - BFVar

: ToConstraintFieldGadget<::BasePrimeField>, + BFVar

: ToConstraintFieldGadget>, { fn to_constraint_field( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let mut res = Vec::new(); res.extend_from_slice(&self.x.to_constraint_field()?); @@ -776,7 +790,7 @@ impl_bounded_ops!( P: TEModelParameters, ), P::BaseField: FieldWithVar, - BFVar

: TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, ); @@ -793,7 +807,7 @@ impl_bounded_ops!( P: TEModelParameters, ), P::BaseField: FieldWithVar, - BFVar

: TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> ); @@ -802,7 +816,7 @@ where P: TEModelParameters, P::BaseField: FieldWithVar, BFVar

: - TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + TwoBitLookupGadget, TableConstant = P::BaseField>, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -812,12 +826,12 @@ where P: TEModelParameters, P::BaseField: FieldWithVar, BFVar

: - TwoBitLookupGadget<::BasePrimeField, TableConstant = P::BaseField>, + TwoBitLookupGadget, TableConstant = P::BaseField>, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } -impl

CondSelectGadget<::BasePrimeField> for AffineVar

+impl

CondSelectGadget> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, @@ -825,7 +839,7 @@ where #[inline] #[tracing::instrument(target = "r1cs")] fn conditionally_select( - cond: &Boolean<::BasePrimeField>, + cond: &Boolean>, true_value: &Self, false_value: &Self, ) -> Result { @@ -836,7 +850,7 @@ where } } -impl

EqGadget<::BasePrimeField> for AffineVar

+impl

EqGadget> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, @@ -845,7 +859,7 @@ where fn is_eq( &self, other: &Self, - ) -> Result::BasePrimeField>, SynthesisError> { + ) -> Result>, SynthesisError> { let x_equal = self.x.is_eq(&other.x)?; let y_equal = self.y.is_eq(&other.y)?; x_equal.and(&y_equal) @@ -856,7 +870,7 @@ where fn conditional_enforce_equal( &self, other: &Self, - condition: &Boolean<::BasePrimeField>, + condition: &Boolean>, ) -> Result<(), SynthesisError> { self.x.conditional_enforce_equal(&other.x, condition)?; self.y.conditional_enforce_equal(&other.y, condition)?; @@ -868,7 +882,7 @@ where fn conditional_enforce_not_equal( &self, other: &Self, - condition: &Boolean<::BasePrimeField>, + condition: &Boolean>, ) -> Result<(), SynthesisError> { self.is_eq(other)? .and(condition)? @@ -876,7 +890,7 @@ where } } -impl

ToBitsGadget<::BasePrimeField> for AffineVar

+impl

ToBitsGadget> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, @@ -884,7 +898,7 @@ where #[tracing::instrument(target = "r1cs")] fn to_bits_le( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let mut x_bits = self.x.to_bits_le()?; let y_bits = self.y.to_bits_le()?; x_bits.extend_from_slice(&y_bits); @@ -894,7 +908,7 @@ where #[tracing::instrument(target = "r1cs")] fn to_non_unique_bits_le( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let mut x_bits = self.x.to_non_unique_bits_le()?; let y_bits = self.y.to_non_unique_bits_le()?; x_bits.extend_from_slice(&y_bits); @@ -903,7 +917,7 @@ where } } -impl

ToBytesGadget<::BasePrimeField> for AffineVar

+impl

ToBytesGadget> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, @@ -911,7 +925,7 @@ where #[tracing::instrument(target = "r1cs")] fn to_bytes( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let mut x_bytes = self.x.to_bytes()?; let y_bytes = self.y.to_bytes()?; x_bytes.extend_from_slice(&y_bytes); @@ -921,7 +935,7 @@ where #[tracing::instrument(target = "r1cs")] fn to_non_unique_bytes( &self, - ) -> Result::BasePrimeField>>, SynthesisError> { + ) -> Result>>, SynthesisError> { let mut x_bytes = self.x.to_non_unique_bytes()?; let y_bytes = self.y.to_non_unique_bytes()?; x_bytes.extend_from_slice(&y_bytes); From 6d1f4e09ebb744bd990eaf7daa25853a014aebc3 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Mon, 16 Aug 2021 13:27:03 -0700 Subject: [PATCH 13/26] Format --- src/groups/curves/short_weierstrass/mod.rs | 2 +- src/groups/curves/twisted_edwards/mod.rs | 51 ++++++---------------- 2 files changed, 15 insertions(+), 38 deletions(-) diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 1bf8e306..594b9f80 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -367,7 +367,7 @@ where } } -impl CurveWithVar> for SWProjective

+impl CurveWithVar> for SWProjective

where BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, diff --git a/src/groups/curves/twisted_edwards/mod.rs b/src/groups/curves/twisted_edwards/mod.rs index a9c287c2..d3253557 100644 --- a/src/groups/curves/twisted_edwards/mod.rs +++ b/src/groups/curves/twisted_edwards/mod.rs @@ -302,10 +302,7 @@ where P: TEModelParameters, P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField> - + ThreeBitCondNegLookupGadget< - CF

, - TableConstant = P::BaseField, - >, + + ThreeBitCondNegLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Compute a scalar multiplication of `bases` with respect to `scalars`, @@ -409,15 +406,13 @@ where } } - type CF

= <

::BaseField as Field>::BasePrimeField; -impl CurveWithVar> for TEProjective

+impl CurveWithVar> for TEProjective

where P::BaseField: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, - BFVar

: - TwoBitLookupGadget, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { type Var = AffineVar

; @@ -427,8 +422,7 @@ impl

CurveVar, CF

> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, - BFVar

: - TwoBitLookupGadget, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(g: TEProjective

) -> Self { @@ -582,8 +576,7 @@ impl

AllocVar, CF

> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, - BFVar

: - TwoBitLookupGadget, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] @@ -684,8 +677,7 @@ impl

AllocVar, CF

> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, - BFVar

: - TwoBitLookupGadget, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] @@ -704,9 +696,7 @@ where P::BaseField: FieldWithVar, BFVar

: ToConstraintFieldGadget>, { - fn to_constraint_field( - &self, - ) -> Result>>, SynthesisError> { + fn to_constraint_field(&self) -> Result>>, SynthesisError> { let mut res = Vec::new(); res.extend_from_slice(&self.x.to_constraint_field()?); @@ -815,8 +805,7 @@ impl<'a, P> GroupOpsBounds<'a, TEProjective

, AffineVar

> for AffineVar

where P: TEModelParameters, P::BaseField: FieldWithVar, - BFVar

: - TwoBitLookupGadget, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -825,8 +814,7 @@ impl<'a, P> GroupOpsBounds<'a, TEProjective

, AffineVar

> for &'a AffineVar< where P: TEModelParameters, P::BaseField: FieldWithVar, - BFVar

: - TwoBitLookupGadget, TableConstant = P::BaseField>, + BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -856,10 +844,7 @@ where P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] - fn is_eq( - &self, - other: &Self, - ) -> Result>, SynthesisError> { + fn is_eq(&self, other: &Self) -> Result>, SynthesisError> { let x_equal = self.x.is_eq(&other.x)?; let y_equal = self.y.is_eq(&other.y)?; x_equal.and(&y_equal) @@ -896,9 +881,7 @@ where P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] - fn to_bits_le( - &self, - ) -> Result>>, SynthesisError> { + fn to_bits_le(&self) -> Result>>, SynthesisError> { let mut x_bits = self.x.to_bits_le()?; let y_bits = self.y.to_bits_le()?; x_bits.extend_from_slice(&y_bits); @@ -906,9 +889,7 @@ where } #[tracing::instrument(target = "r1cs")] - fn to_non_unique_bits_le( - &self, - ) -> Result>>, SynthesisError> { + fn to_non_unique_bits_le(&self) -> Result>>, SynthesisError> { let mut x_bits = self.x.to_non_unique_bits_le()?; let y_bits = self.y.to_non_unique_bits_le()?; x_bits.extend_from_slice(&y_bits); @@ -923,9 +904,7 @@ where P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] - fn to_bytes( - &self, - ) -> Result>>, SynthesisError> { + fn to_bytes(&self) -> Result>>, SynthesisError> { let mut x_bytes = self.x.to_bytes()?; let y_bytes = self.y.to_bytes()?; x_bytes.extend_from_slice(&y_bytes); @@ -933,9 +912,7 @@ where } #[tracing::instrument(target = "r1cs")] - fn to_non_unique_bytes( - &self, - ) -> Result>>, SynthesisError> { + fn to_non_unique_bytes(&self) -> Result>>, SynthesisError> { let mut x_bytes = self.x.to_non_unique_bytes()?; let y_bytes = self.y.to_non_unique_bytes()?; x_bytes.extend_from_slice(&y_bytes); From 3ec003bd7e4bf697eec4de2ce4d36073634c77da Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Mon, 16 Aug 2021 17:48:38 -0700 Subject: [PATCH 14/26] PairingWithGadget -> PairingGadget --- src/lib.rs | 2 +- src/pairing/bls12/mod.rs | 25 ++++++++------------- src/pairing/mnt4/mod.rs | 15 ++++--------- src/pairing/mnt6/mod.rs | 15 ++++--------- src/pairing/mod.rs | 47 ++++++++++++++++++++++++---------------- 5 files changed, 46 insertions(+), 58 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 3a0c6a06..b552432c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -63,7 +63,7 @@ pub mod prelude { eq::*, fields::{FieldOpsBounds, FieldVar, FieldWithVar}, groups::{CurveVar, CurveWithVar, GroupOpsBounds}, - pairing::{PairingGadget, PairingWithGadget}, + pairing::PairingGadget, select::*, R1CSVar, }; diff --git a/src/pairing/bls12/mod.rs b/src/pairing/bls12/mod.rs index d9f22352..e8ceb93c 100644 --- a/src/pairing/bls12/mod.rs +++ b/src/pairing/bls12/mod.rs @@ -1,6 +1,6 @@ use ark_relations::r1cs::SynthesisError; -use super::{PairingGadget as PG, PairingWithGadget}; +use super::PairingGadget as PG; use crate::{ fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, FieldVar, FieldWithVar}, @@ -62,14 +62,7 @@ where } } -impl PairingWithGadget for Bls12

-where - P::Fp: FieldWithVar>, -{ - type Gadget = Bls12Gadget

; -} - -impl PG> for Bls12Gadget

+impl PG for Bls12

where P::Fp: FieldWithVar>, { @@ -94,12 +87,12 @@ where f.square_in_place()?; for &mut (p, ref mut coeffs) in pairs.iter_mut() { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0)?; + Bls12Gadget::

::ell(&mut f, coeffs.next().unwrap(), &p.0)?; } if i { for &mut (p, ref mut coeffs) in pairs.iter_mut() { - Self::ell(&mut f, &coeffs.next().unwrap(), &p.0)?; + Bls12Gadget::

::ell(&mut f, &coeffs.next().unwrap(), &p.0)?; } } } @@ -141,15 +134,15 @@ where let mut y0 = r.cyclotomic_square()?; y0 = y0.unitary_inverse()?; - let mut y5 = Self::exp_by_x(&r)?; + let mut y5 = Bls12Gadget::

::exp_by_x(&r)?; let mut y1 = y5.cyclotomic_square()?; let mut y3 = y0 * &y5; - y0 = Self::exp_by_x(&y3)?; - let y2 = Self::exp_by_x(&y0)?; - let mut y4 = Self::exp_by_x(&y2)?; + y0 = Bls12Gadget::

::exp_by_x(&y3)?; + let y2 = Bls12Gadget::

::exp_by_x(&y0)?; + let mut y4 = Bls12Gadget::

::exp_by_x(&y2)?; y4 *= &y1; - y1 = Self::exp_by_x(&y4)?; + y1 = Bls12Gadget::

::exp_by_x(&y4)?; y3 = y3.unitary_inverse()?; y1 *= &y3; y1 *= &r; diff --git a/src/pairing/mnt4/mod.rs b/src/pairing/mnt4/mod.rs index f9024058..16cfdc90 100644 --- a/src/pairing/mnt4/mod.rs +++ b/src/pairing/mnt4/mod.rs @@ -1,6 +1,6 @@ use ark_relations::r1cs::SynthesisError; -use super::{PairingGadget as PG, PairingWithGadget}; +use super::PairingGadget as PG; use crate::{ fields::{fp::FpVar, fp2::Fp2Var, fp4::Fp4Var, FieldVar, FieldWithVar}, @@ -189,14 +189,7 @@ where } } -impl PairingWithGadget for MNT4

-where - P::Fp: FieldWithVar>, -{ - type Gadget = MNT4Gadget

; -} - -impl PG> for MNT4Gadget

+impl PG for MNT4

where P::Fp: FieldWithVar>, { @@ -213,7 +206,7 @@ where ) -> Result { let mut result = Fp4G::

::one(); for (p, q) in ps.iter().zip(qs) { - result *= Self::ate_miller_loop(p, q)?; + result *= MNT4Gadget::ate_miller_loop(p, q)?; } Ok(result) @@ -221,7 +214,7 @@ where #[tracing::instrument(target = "r1cs")] fn final_exponentiation(r: &Self::GTVar) -> Result { - Self::final_exponentiation(r) + MNT4Gadget::

::final_exponentiation(r) } #[tracing::instrument(target = "r1cs")] diff --git a/src/pairing/mnt6/mod.rs b/src/pairing/mnt6/mod.rs index 4711d304..b876edc1 100644 --- a/src/pairing/mnt6/mod.rs +++ b/src/pairing/mnt6/mod.rs @@ -1,6 +1,6 @@ use ark_relations::r1cs::SynthesisError; -use super::{PairingGadget as PG, PairingWithGadget}; +use super::PairingGadget as PG; use crate::{ fields::{fp::FpVar, fp3::Fp3Var, fp6_2over3::Fp6Var, FieldVar, FieldWithVar}, @@ -184,14 +184,7 @@ where } } -impl PairingWithGadget for MNT6

-where - P::Fp: FieldWithVar>, -{ - type Gadget = MNT6Gadget

; -} - -impl PG> for MNT6Gadget

+impl PG for MNT6

where P::Fp: FieldWithVar>, { @@ -208,7 +201,7 @@ where ) -> Result { let mut result = Fp6G::

::one(); for (p, q) in ps.iter().zip(qs) { - result *= Self::ate_miller_loop(p, q)?; + result *= MNT6Gadget::ate_miller_loop(p, q)?; } Ok(result) @@ -216,7 +209,7 @@ where #[tracing::instrument(target = "r1cs")] fn final_exponentiation(r: &Self::GTVar) -> Result { - Self::final_exponentiation(r) + MNT6Gadget::

::final_exponentiation(r) } #[tracing::instrument(target = "r1cs")] diff --git a/src/pairing/mod.rs b/src/pairing/mod.rs index 7ac4d797..2fe994c7 100644 --- a/src/pairing/mod.rs +++ b/src/pairing/mod.rs @@ -1,4 +1,4 @@ -use crate::prelude::*; +use crate::{fields::fp::FpVar, prelude::*}; use ark_ec::PairingEngine; use ark_relations::r1cs::SynthesisError; use core::fmt::Debug; @@ -10,37 +10,46 @@ pub mod mnt4; /// This module implements pairings for MNT6 bilinear groups. pub mod mnt6; -pub trait PairingWithGadget: PairingEngine { - type Gadget: PairingGadget; -} - /// Specifies the constraints for computing a pairing in the yybilinear group /// `E`. -pub trait PairingGadget { +pub trait PairingGadget: PairingEngine +where + Self::Fq: FieldWithVar>, + Self::Fqe: FieldWithVar, + Self::Fqk: FieldWithVar, + Self::G1Projective: CurveWithVar, + Self::G2Projective: CurveWithVar, +{ /// An variable representing an element of `G1`. /// This is the R1CS equivalent of `E::G1Projective`. - type G1Var: CurveVar - + AllocVar - + AllocVar; + type G1Var: CurveVar + + AllocVar + + AllocVar; /// An variable representing an element of `G2`. /// This is the R1CS equivalent of `E::G2Projective`. - type G2Var: CurveVar - + AllocVar - + AllocVar; + type G2Var: CurveVar + + AllocVar + + AllocVar; /// An variable representing an element of `GT`. /// This is the R1CS equivalent of `E::GT`. - type GTVar: FieldVar; + type GTVar: FieldVar; /// An variable representing cached precomputation that can speed up /// pairings computations. This is the R1CS equivalent of /// `E::G1Prepared`. - type G1PreparedVar: ToBytesGadget + AllocVar + Clone + Debug; + type G1PreparedVar: ToBytesGadget + + AllocVar + + Clone + + Debug; /// An variable representing cached precomputation that can speed up /// pairings computations. This is the R1CS equivalent of /// `E::G2Prepared`. - type G2PreparedVar: ToBytesGadget + AllocVar + Clone + Debug; + type G2PreparedVar: ToBytesGadget + + AllocVar + + Clone + + Debug; /// Computes a multi-miller loop between elements /// of `p` and `q`. @@ -58,8 +67,8 @@ pub trait PairingGadget { p: Self::G1PreparedVar, q: Self::G2PreparedVar, ) -> Result { - let tmp = Self::miller_loop(&[p], &[q])?; - Self::final_exponentiation(&tmp) + let tmp = ::miller_loop(&[p], &[q])?; + ::final_exponentiation(&tmp) } /// Computes a product of pairings over the elements in `p` and `q`. @@ -69,8 +78,8 @@ pub trait PairingGadget { p: &[Self::G1PreparedVar], q: &[Self::G2PreparedVar], ) -> Result { - let miller_result = Self::miller_loop(p, q)?; - Self::final_exponentiation(&miller_result) + let miller_result = ::miller_loop(p, q)?; + ::final_exponentiation(&miller_result) } /// Performs the precomputation to generate `Self::G1PreparedVar`. From 3228392436d953abb9d439c270923c0798d986c6 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Tue, 17 Aug 2021 13:06:24 -0700 Subject: [PATCH 15/26] Fix addition with zero --- src/groups/curves/short_weierstrass/mod.rs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 594b9f80..4b3380ec 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -610,7 +610,9 @@ impl_bounded_ops!( if this.is_constant() { // The value should exist because `other` is a constant. let this_val = this.value().unwrap(); - if !this_val.is_zero() { + if this_val.is_zero() { + *this = other.clone(); + } else { // We'll use mixed addition to add non-zero constants. let x = BFVar::

::constant(this_val.x); let y = BFVar::

::constant(this_val.y); From 91f8bde94eece2d3c96cff6ae4e17b43ce4589c0 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Tue, 17 Aug 2021 13:13:53 -0700 Subject: [PATCH 16/26] Fix handling of constants in zero --- src/groups/curves/short_weierstrass/mod.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 4b3380ec..8117dc96 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -618,9 +618,7 @@ impl_bounded_ops!( let y = BFVar::

::constant(this_val.y); *this = other.add_mixed(&NonZeroAffineVar::new(x, y)).unwrap() } - } - - if other.is_constant() { + } else if other.is_constant() { // The value should exist because `other` is a constant. let other = other.value().unwrap(); if !other.is_zero() { From 4ede4a12676b587ba5173487e2238f25785ba866 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Tue, 17 Aug 2021 13:19:22 -0700 Subject: [PATCH 17/26] Disambiguate pairing methods in native and constraint worlds --- src/groups/curves/short_weierstrass/mod.rs | 2 +- src/pairing/bls12/mod.rs | 4 ++-- src/pairing/mnt4/mod.rs | 4 ++-- src/pairing/mnt6/mod.rs | 4 ++-- src/pairing/mod.rs | 16 ++++++++-------- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 8117dc96..1c4732df 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -608,7 +608,7 @@ impl_bounded_ops!( // // We special case handling of constants to get better constraint weight. if this.is_constant() { - // The value should exist because `other` is a constant. + // The value should exist because `this` is a constant. let this_val = this.value().unwrap(); if this_val.is_zero() { *this = other.clone(); diff --git a/src/pairing/bls12/mod.rs b/src/pairing/bls12/mod.rs index e8ceb93c..d5864bc3 100644 --- a/src/pairing/bls12/mod.rs +++ b/src/pairing/bls12/mod.rs @@ -73,7 +73,7 @@ where type GTVar = Fp12Var; #[tracing::instrument(target = "r1cs")] - fn miller_loop( + fn miller_loop_gadget( ps: &[Self::G1PreparedVar], qs: &[Self::G2PreparedVar], ) -> Result { @@ -105,7 +105,7 @@ where } #[tracing::instrument(target = "r1cs")] - fn final_exponentiation(f: &Self::GTVar) -> Result { + fn final_exponentiation_gadget(f: &Self::GTVar) -> Result { // Computing the final exponentation following // https://eprint.iacr.org/2016/130.pdf. // We don't use their "faster" formula because it is difficult to make diff --git a/src/pairing/mnt4/mod.rs b/src/pairing/mnt4/mod.rs index 16cfdc90..cc2b5ec7 100644 --- a/src/pairing/mnt4/mod.rs +++ b/src/pairing/mnt4/mod.rs @@ -200,7 +200,7 @@ where type GTVar = GTVar

; #[tracing::instrument(target = "r1cs")] - fn miller_loop( + fn miller_loop_gadget( ps: &[Self::G1PreparedVar], qs: &[Self::G2PreparedVar], ) -> Result { @@ -213,7 +213,7 @@ where } #[tracing::instrument(target = "r1cs")] - fn final_exponentiation(r: &Self::GTVar) -> Result { + fn final_exponentiation_gadget(r: &Self::GTVar) -> Result { MNT4Gadget::

::final_exponentiation(r) } diff --git a/src/pairing/mnt6/mod.rs b/src/pairing/mnt6/mod.rs index b876edc1..5aec333d 100644 --- a/src/pairing/mnt6/mod.rs +++ b/src/pairing/mnt6/mod.rs @@ -195,7 +195,7 @@ where type GTVar = GTVar

; #[tracing::instrument(target = "r1cs")] - fn miller_loop( + fn miller_loop_gadget( ps: &[Self::G1PreparedVar], qs: &[Self::G2PreparedVar], ) -> Result { @@ -208,7 +208,7 @@ where } #[tracing::instrument(target = "r1cs")] - fn final_exponentiation(r: &Self::GTVar) -> Result { + fn final_exponentiation_gadget(r: &Self::GTVar) -> Result { MNT6Gadget::

::final_exponentiation(r) } diff --git a/src/pairing/mod.rs b/src/pairing/mod.rs index 2fe994c7..5572644a 100644 --- a/src/pairing/mod.rs +++ b/src/pairing/mod.rs @@ -53,33 +53,33 @@ where /// Computes a multi-miller loop between elements /// of `p` and `q`. - fn miller_loop( + fn miller_loop_gadget( p: &[Self::G1PreparedVar], q: &[Self::G2PreparedVar], ) -> Result; /// Computes a final exponentiation over `p`. - fn final_exponentiation(p: &Self::GTVar) -> Result; + fn final_exponentiation_gadget(p: &Self::GTVar) -> Result; /// Computes a pairing over `p` and `q`. #[tracing::instrument(target = "r1cs")] - fn pairing( + fn pairing_gadget( p: Self::G1PreparedVar, q: Self::G2PreparedVar, ) -> Result { - let tmp = ::miller_loop(&[p], &[q])?; - ::final_exponentiation(&tmp) + let tmp = ::miller_loop_gadget(&[p], &[q])?; + ::final_exponentiation_gadget(&tmp) } /// Computes a product of pairings over the elements in `p` and `q`. #[must_use] #[tracing::instrument(target = "r1cs")] - fn product_of_pairings( + fn product_of_pairings_gadget( p: &[Self::G1PreparedVar], q: &[Self::G2PreparedVar], ) -> Result { - let miller_result = ::miller_loop(p, q)?; - ::final_exponentiation(&miller_result) + let miller_result = ::miller_loop_gadget(p, q)?; + ::final_exponentiation_gadget(&miller_result) } /// Performs the precomputation to generate `Self::G1PreparedVar`. From 02d739b31757d7fbebd3c70329da6f81b0d3066f Mon Sep 17 00:00:00 2001 From: Marcin Date: Sat, 19 Nov 2022 13:24:07 +0100 Subject: [PATCH 18/26] Bump the dependencies and remove patch --- Cargo.toml | 26 +++++--------------------- 1 file changed, 5 insertions(+), 21 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 8f0668a7..cbe700d8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "ark-r1cs-std" -version = "0.3.1" +version = "0.4.0-alpha.0" authors = [ "arkworks contributors" ] description = "A standard library for constraint system gadgets" homepage = "https://arkworks.rs" @@ -13,10 +13,10 @@ license = "MIT/Apache-2.0" edition = "2018" [dependencies] -ark-ff = { version = "^0.3.0", default-features = false } -ark-ec = { version = "^0.3.0", default-features = false } -ark-std = { version = "^0.3.0", default-features = false } -ark-relations = { version = "^0.3.0", default-features = false } +ark-ff = { version = "0.4.0-alpha", default-features = false } +ark-ec = { version = "0.4.0-alpha", default-features = false } +ark-std = { version = "0.4.0-alpha", default-features = false } +ark-relations = { version = "0.4.0-alpha", default-features = false } derivative = { version = "2", features = ["use_core"] } tracing = { version = "0.1", default-features = false, features = [ "attributes" ] } @@ -70,19 +70,3 @@ lto = "thin" incremental = true debug-assertions = true debug = true - -# To be removed in the new release. -[patch.crates-io] -ark-std = { git = "https://github.com/arkworks-rs/std" } -ark-ec = { git = "https://github.com/arkworks-rs/algebra" } -ark-ff = { git = "https://github.com/arkworks-rs/algebra" } -ark-poly = { git = "https://github.com/arkworks-rs/algebra" } -ark-serialize = { git = "https://github.com/arkworks-rs/algebra" } -ark-test-curves = { git = "https://github.com/arkworks-rs/algebra" } -ark-bls12-381 = { git = "https://github.com/arkworks-rs/curves" } -ark-bls12-377 = { git = "https://github.com/arkworks-rs/curves" } -ark-mnt4-298 = { git = "https://github.com/arkworks-rs/curves" } -ark-mnt4-753 = { git = "https://github.com/arkworks-rs/curves" } -ark-mnt6-298 = { git = "https://github.com/arkworks-rs/curves" } -ark-mnt6-753 = { git = "https://github.com/arkworks-rs/curves" } -ark-pallas = { git = "https://github.com/arkworks-rs/curves" } From e6c305013dfcb8a2f6fcfcc693c42441837e7695 Mon Sep 17 00:00:00 2001 From: Marcin Date: Sat, 19 Nov 2022 13:24:37 +0100 Subject: [PATCH 19/26] temp remove dev-dependencies (until curves are published) due to circular dev-dependencies --- Cargo.toml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index cbe700d8..d06e81cd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,17 +24,17 @@ num-bigint = {version = "0.4", default-features = false } num-traits = {version = "0.2", default-features = false } num-integer = { version = "0.1.44", default-features = false } -[dev-dependencies] -ark-test-curves = { version = "^0.3.0", default-features = false, features = ["bls12_381_scalar_field", "bls12_381_curve", "mnt4_753_scalar_field"] } -ark-poly = { version = "^0.3.0", default-features = false } -paste = "1.0" -ark-bls12-377 = { version = "^0.3.0", features = ["curve"], default-features = false } -ark-bls12-381 = { version = "^0.3.0", features = ["curve"], default-features = false } -ark-mnt4-298 = { version = "^0.3.0", features = ["curve"], default-features = false } -ark-mnt4-753 = { version = "^0.3.0", features = ["curve"], default-features = false } -ark-mnt6-298 = { version = "^0.3.0", default-features = false } -ark-mnt6-753 = { version = "^0.3.0", default-features = false } -ark-pallas = { version = "^0.3.0", features = ["curve"], default-features = false } +# [dev-dependencies] +# ark-test-curves = { version = "0.4.0-alpha", default-features = false, features = ["bls12_381_scalar_field", "bls12_381_curve", "mnt4_753_scalar_field"] } +# ark-poly = { version = "0.4.0-alpha", default-features = false } +# paste = "1.0" +# ark-bls12-377 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +# ark-bls12-381 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +# ark-mnt4-298 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +# ark-mnt4-753 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +# ark-mnt6-298 = { version = "0.4.0-alpha", default-features = false } +# ark-mnt6-753 = { version = "0.4.0-alpha", default-features = false } +# ark-pallas = { version = "0.4.0-alpha", features = ["curve"], default-features = false } [features] default = ["std"] From 84768ff85292e591799e6d3214d05866ca274849 Mon Sep 17 00:00:00 2001 From: Marcin Date: Sat, 19 Nov 2022 13:31:29 +0100 Subject: [PATCH 20/26] bring back dev-dependencies to be merged only after curves crates are released --- Cargo.toml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d06e81cd..ede13448 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,17 +24,17 @@ num-bigint = {version = "0.4", default-features = false } num-traits = {version = "0.2", default-features = false } num-integer = { version = "0.1.44", default-features = false } -# [dev-dependencies] -# ark-test-curves = { version = "0.4.0-alpha", default-features = false, features = ["bls12_381_scalar_field", "bls12_381_curve", "mnt4_753_scalar_field"] } -# ark-poly = { version = "0.4.0-alpha", default-features = false } -# paste = "1.0" -# ark-bls12-377 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } -# ark-bls12-381 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } -# ark-mnt4-298 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } -# ark-mnt4-753 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } -# ark-mnt6-298 = { version = "0.4.0-alpha", default-features = false } -# ark-mnt6-753 = { version = "0.4.0-alpha", default-features = false } -# ark-pallas = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +[dev-dependencies] +ark-test-curves = { version = "0.4.0-alpha", default-features = false, features = ["bls12_381_scalar_field", "bls12_381_curve", "mnt4_753_scalar_field"] } +ark-poly = { version = "0.4.0-alpha", default-features = false } +paste = "1.0" +ark-bls12-377 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +ark-bls12-381 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +ark-mnt4-298 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +ark-mnt4-753 = { version = "0.4.0-alpha", features = ["curve"], default-features = false } +ark-mnt6-298 = { version = "0.4.0-alpha", default-features = false } +ark-mnt6-753 = { version = "0.4.0-alpha", default-features = false } +ark-pallas = { version = "0.4.0-alpha", features = ["curve"], default-features = false } [features] default = ["std"] From 6606d9b9831d228f58afa5803a0302214aba6356 Mon Sep 17 00:00:00 2001 From: Marcin Date: Sat, 19 Nov 2022 13:33:19 +0100 Subject: [PATCH 21/26] bump patch version --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index ede13448..cf563445 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "ark-r1cs-std" -version = "0.4.0-alpha.0" +version = "0.4.0-alpha.1" authors = [ "arkworks contributors" ] description = "A standard library for constraint system gadgets" homepage = "https://arkworks.rs" From bdffd136f955ccb437183862964612d235148615 Mon Sep 17 00:00:00 2001 From: onewayfunc Date: Sun, 18 Dec 2022 11:15:11 -0800 Subject: [PATCH 22/26] fix --- .../curves/short_weierstrass/bls12/mod.rs | 30 +++++------ .../curves/short_weierstrass/mnt4/mod.rs | 53 +++++++++---------- .../curves/short_weierstrass/mnt6/mod.rs | 53 +++++++++---------- src/pairing/bls12/mod.rs | 10 ++-- src/pairing/mnt4/mod.rs | 12 ++--- src/pairing/mnt6/mod.rs | 12 ++--- 6 files changed, 81 insertions(+), 89 deletions(-) diff --git a/src/groups/curves/short_weierstrass/bls12/mod.rs b/src/groups/curves/short_weierstrass/bls12/mod.rs index 99dcd116..263a1bd5 100644 --- a/src/groups/curves/short_weierstrass/bls12/mod.rs +++ b/src/groups/curves/short_weierstrass/bls12/mod.rs @@ -1,5 +1,5 @@ use ark_ec::{ - bls12::{Bls12Parameters, G1Prepared, G2Prepared, TwistType}, + bls12::{Bls12Config, G1Prepared, G2Prepared, TwistType}, short_weierstrass::Affine as GroupAffine, }; use ark_ff::{BitIteratorBE, Field, One}; @@ -13,29 +13,27 @@ use crate::{ use core::fmt::Debug; /// Represents a projective point in G1. -pub type G1Var

= - ProjectiveVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1Var

= ProjectiveVar<

::G1Config, FpVar<

::Fp>>; /// Represents an affine point on G1. Should be used only for comparison and /// when a canonical representation of a point is required, and not for /// arithmetic. -pub type G1AffineVar

= - AffineVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1AffineVar

= AffineVar<

::G1Config, FpVar<

::Fp>>; /// Represents a projective point in G2. -pub type G2Var

= ProjectiveVar<

::G2Parameters, Fp2G

>; +pub type G2Var

= ProjectiveVar<

::G2Config, Fp2G

>; /// Represents an affine point on G2. Should be used only for comparison and /// when a canonical representation of a point is required, and not for /// arithmetic. -pub type G2AffineVar

= AffineVar<

::G2Parameters, Fp2G

>; +pub type G2AffineVar

= AffineVar<

::G2Config, Fp2G

>; /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. #[derive(Derivative)] #[derivative(Clone(bound = "G1Var

: Clone"), Debug(bound = "G1Var

: Debug"))] -pub struct G1PreparedVar(pub AffineVar>); +pub struct G1PreparedVar(pub AffineVar>); -impl G1PreparedVar

{ +impl G1PreparedVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -56,7 +54,7 @@ impl G1PreparedVar

{ } } -impl AllocVar, P::Fp> for G1PreparedVar

{ +impl AllocVar, P::Fp> for G1PreparedVar

{ fn new_variable>>( cs: impl Into>, f: impl FnOnce() -> Result, @@ -78,7 +76,7 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ } } -impl ToBytesGadget for G1PreparedVar

{ +impl ToBytesGadget for G1PreparedVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -101,7 +99,7 @@ impl ToBytesGadget for G1PreparedVar

{ } } -type Fp2G

= Fp2Var<

::Fp2Config>; +type Fp2G

= Fp2Var<

::Fp2Config>; type LCoeff

= (Fp2G

, Fp2G

); /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. @@ -110,12 +108,12 @@ type LCoeff

= (Fp2G

, Fp2G

); Clone(bound = "Fp2Var: Clone"), Debug(bound = "Fp2Var: Debug") )] -pub struct G2PreparedVar { +pub struct G2PreparedVar { #[doc(hidden)] pub ell_coeffs: Vec>, } -impl AllocVar, P::Fp> for G2PreparedVar

{ +impl AllocVar, P::Fp> for G2PreparedVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f, mode))] fn new_variable>>( cs: impl Into>, @@ -173,7 +171,7 @@ impl AllocVar, P::Fp> for G2PreparedVar

{ } } -impl ToBytesGadget for G2PreparedVar

{ +impl ToBytesGadget for G2PreparedVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -196,7 +194,7 @@ impl ToBytesGadget for G2PreparedVar

{ } } -impl G2PreparedVar

{ +impl G2PreparedVar

{ /// Constructs `Self` from a `G2Var`. #[tracing::instrument(target = "r1cs")] pub fn from_group_var(q: &G2Var

) -> Result { diff --git a/src/groups/curves/short_weierstrass/mnt4/mod.rs b/src/groups/curves/short_weierstrass/mnt4/mod.rs index 51e98c56..1bd768e0 100644 --- a/src/groups/curves/short_weierstrass/mnt4/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt4/mod.rs @@ -1,6 +1,6 @@ use ark_ec::mnt4::{ g2::{AteAdditionCoefficients, AteDoubleCoefficients}, - G1Prepared, G2Prepared, MNT4Parameters, + G1Prepared, G2Prepared, MNT4Config, }; use ark_ff::Field; use ark_relations::r1cs::{Namespace, SynthesisError}; @@ -15,17 +15,16 @@ use crate::{ use core::borrow::Borrow; /// Represents a projective point in G1. -pub type G1Var

= - ProjectiveVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1Var

= ProjectiveVar<

::G1Config, FpVar<

::Fp>>; /// Represents a projective point in G2. -pub type G2Var

= ProjectiveVar<

::G2Parameters, Fp2G

>; +pub type G2Var

= ProjectiveVar<

::G2Config, Fp2G

>; /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct G1PreparedVar { +#[derivative(Clone(bound = "P: MNT4Config"), Debug(bound = "P: MNT4Config"))] +pub struct G1PreparedVar { #[doc(hidden)] pub x: FpVar, #[doc(hidden)] @@ -36,7 +35,7 @@ pub struct G1PreparedVar { pub y_twist: Fp2Var, } -impl AllocVar, P::Fp> for G1PreparedVar

{ +impl AllocVar, P::Fp> for G1PreparedVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -69,7 +68,7 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ } } -impl G1PreparedVar

{ +impl G1PreparedVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -102,7 +101,7 @@ impl G1PreparedVar

{ } } -impl ToBytesGadget for G1PreparedVar

{ +impl ToBytesGadget for G1PreparedVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -131,13 +130,13 @@ impl ToBytesGadget for G1PreparedVar

{ } } -type Fp2G

= Fp2Var<

::Fp2Config>; +type Fp2G

= Fp2Var<

::Fp2Config>; /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct G2PreparedVar { +#[derivative(Clone(bound = "P: MNT4Config"), Debug(bound = "P: MNT4Config"))] +pub struct G2PreparedVar { #[doc(hidden)] pub x: Fp2Var, #[doc(hidden)] @@ -152,7 +151,7 @@ pub struct G2PreparedVar { pub addition_coefficients: Vec>, } -impl AllocVar, P::Fp> for G2PreparedVar

{ +impl AllocVar, P::Fp> for G2PreparedVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -198,7 +197,7 @@ impl AllocVar, P::Fp> for G2PreparedVar

{ } } -impl ToBytesGadget for G2PreparedVar

{ +impl ToBytesGadget for G2PreparedVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -241,7 +240,7 @@ impl ToBytesGadget for G2PreparedVar

{ } } -impl G2PreparedVar

{ +impl G2PreparedVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -341,15 +340,15 @@ impl G2PreparedVar

{ #[doc(hidden)] #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct AteDoubleCoefficientsVar { +#[derivative(Clone(bound = "P: MNT4Config"), Debug(bound = "P: MNT4Config"))] +pub struct AteDoubleCoefficientsVar { pub c_h: Fp2Var, pub c_4c: Fp2Var, pub c_j: Fp2Var, pub c_l: Fp2Var, } -impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

{ +impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -376,7 +375,7 @@ impl AllocVar, P::Fp> for AteDoubleC } } -impl ToBytesGadget for AteDoubleCoefficientsVar

{ +impl ToBytesGadget for AteDoubleCoefficientsVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -405,7 +404,7 @@ impl ToBytesGadget for AteDoubleCoefficientsVar

{ } } -impl AteDoubleCoefficientsVar

{ +impl AteDoubleCoefficientsVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -426,15 +425,13 @@ impl AteDoubleCoefficientsVar

{ #[doc(hidden)] #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] -pub struct AteAdditionCoefficientsVar { +#[derivative(Clone(bound = "P: MNT4Config"), Debug(bound = "P: MNT4Config"))] +pub struct AteAdditionCoefficientsVar { pub c_l1: Fp2Var, pub c_rz: Fp2Var, } -impl AllocVar, P::Fp> - for AteAdditionCoefficientsVar

-{ +impl AllocVar, P::Fp> for AteAdditionCoefficientsVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -455,7 +452,7 @@ impl AllocVar, P::Fp> } } -impl ToBytesGadget for AteAdditionCoefficientsVar

{ +impl ToBytesGadget for AteAdditionCoefficientsVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -476,7 +473,7 @@ impl ToBytesGadget for AteAdditionCoefficientsVar

{ } } -impl AteAdditionCoefficientsVar

{ +impl AteAdditionCoefficientsVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -486,7 +483,7 @@ impl AteAdditionCoefficientsVar

{ } #[doc(hidden)] -pub struct G2ProjectiveExtendedVar { +pub struct G2ProjectiveExtendedVar { pub x: Fp2Var, pub y: Fp2Var, pub z: Fp2Var, diff --git a/src/groups/curves/short_weierstrass/mnt6/mod.rs b/src/groups/curves/short_weierstrass/mnt6/mod.rs index b3ab838e..6d216e14 100644 --- a/src/groups/curves/short_weierstrass/mnt6/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt6/mod.rs @@ -1,6 +1,6 @@ use ark_ec::mnt6::{ g2::{AteAdditionCoefficients, AteDoubleCoefficients}, - G1Prepared, G2Prepared, MNT6Parameters, + G1Prepared, G2Prepared, MNT6Config, }; use ark_ff::Field; use ark_relations::r1cs::{Namespace, SynthesisError}; @@ -15,17 +15,16 @@ use crate::{ use core::borrow::Borrow; /// Represents a projective point in G1. -pub type G1Var

= - ProjectiveVar<

::G1Parameters, FpVar<

::Fp>>; +pub type G1Var

= ProjectiveVar<

::G1Config, FpVar<

::Fp>>; /// Represents a projective point in G2. -pub type G2Var

= ProjectiveVar<

::G2Parameters, Fp3G

>; +pub type G2Var

= ProjectiveVar<

::G2Config, Fp3G

>; /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct G1PreparedVar { +#[derivative(Clone(bound = "P: MNT6Config"), Debug(bound = "P: MNT6Config"))] +pub struct G1PreparedVar { #[doc(hidden)] pub x: FpVar, #[doc(hidden)] @@ -36,7 +35,7 @@ pub struct G1PreparedVar { pub y_twist: Fp3Var, } -impl G1PreparedVar

{ +impl G1PreparedVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -69,7 +68,7 @@ impl G1PreparedVar

{ } } -impl AllocVar, P::Fp> for G1PreparedVar

{ +impl AllocVar, P::Fp> for G1PreparedVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -102,7 +101,7 @@ impl AllocVar, P::Fp> for G1PreparedVar

{ } } -impl ToBytesGadget for G1PreparedVar

{ +impl ToBytesGadget for G1PreparedVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -131,13 +130,13 @@ impl ToBytesGadget for G1PreparedVar

{ } } -type Fp3G

= Fp3Var<

::Fp3Config>; +type Fp3G

= Fp3Var<

::Fp3Config>; /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct G2PreparedVar { +#[derivative(Clone(bound = "P: MNT6Config"), Debug(bound = "P: MNT6Config"))] +pub struct G2PreparedVar { #[doc(hidden)] pub x: Fp3Var, #[doc(hidden)] @@ -152,7 +151,7 @@ pub struct G2PreparedVar { pub addition_coefficients: Vec>, } -impl AllocVar, P::Fp> for G2PreparedVar

{ +impl AllocVar, P::Fp> for G2PreparedVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -198,7 +197,7 @@ impl AllocVar, P::Fp> for G2PreparedVar

{ } } -impl ToBytesGadget for G2PreparedVar

{ +impl ToBytesGadget for G2PreparedVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -241,7 +240,7 @@ impl ToBytesGadget for G2PreparedVar

{ } } -impl G2PreparedVar

{ +impl G2PreparedVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -341,15 +340,15 @@ impl G2PreparedVar

{ #[doc(hidden)] #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct AteDoubleCoefficientsVar { +#[derivative(Clone(bound = "P: MNT6Config"), Debug(bound = "P: MNT6Config"))] +pub struct AteDoubleCoefficientsVar { pub c_h: Fp3Var, pub c_4c: Fp3Var, pub c_j: Fp3Var, pub c_l: Fp3Var, } -impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

{ +impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -376,7 +375,7 @@ impl AllocVar, P::Fp> for AteDoubleC } } -impl ToBytesGadget for AteDoubleCoefficientsVar

{ +impl ToBytesGadget for AteDoubleCoefficientsVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -405,7 +404,7 @@ impl ToBytesGadget for AteDoubleCoefficientsVar

{ } } -impl AteDoubleCoefficientsVar

{ +impl AteDoubleCoefficientsVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -424,15 +423,13 @@ impl AteDoubleCoefficientsVar

{ #[doc(hidden)] #[derive(Derivative)] -#[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] -pub struct AteAdditionCoefficientsVar { +#[derivative(Clone(bound = "P: MNT6Config"), Debug(bound = "P: MNT6Config"))] +pub struct AteAdditionCoefficientsVar { pub c_l1: Fp3Var, pub c_rz: Fp3Var, } -impl AllocVar, P::Fp> - for AteAdditionCoefficientsVar

-{ +impl AllocVar, P::Fp> for AteAdditionCoefficientsVar

{ #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( cs: impl Into>, @@ -453,7 +450,7 @@ impl AllocVar, P::Fp> } } -impl ToBytesGadget for AteAdditionCoefficientsVar

{ +impl ToBytesGadget for AteAdditionCoefficientsVar

{ #[inline] #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>, SynthesisError> { @@ -474,7 +471,7 @@ impl ToBytesGadget for AteAdditionCoefficientsVar

{ } } -impl AteAdditionCoefficientsVar

{ +impl AteAdditionCoefficientsVar

{ /// Returns the value assigned to `self` in the underlying constraint /// system. pub fn value(&self) -> Result, SynthesisError> { @@ -485,7 +482,7 @@ impl AteAdditionCoefficientsVar

{ } #[doc(hidden)] -pub struct G2ProjectiveExtendedVar { +pub struct G2ProjectiveExtendedVar { pub x: Fp3Var, pub y: Fp3Var, pub z: Fp3Var, diff --git a/src/pairing/bls12/mod.rs b/src/pairing/bls12/mod.rs index 91adbb78..727f1e93 100644 --- a/src/pairing/bls12/mod.rs +++ b/src/pairing/bls12/mod.rs @@ -6,16 +6,16 @@ use crate::{ fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, FieldVar}, groups::bls12::{G1AffineVar, G1PreparedVar, G1Var, G2PreparedVar, G2Var}, }; -use ark_ec::bls12::{Bls12, Bls12Parameters, TwistType}; +use ark_ec::bls12::{Bls12, Bls12Config, TwistType}; use ark_ff::BitIteratorBE; use ark_std::marker::PhantomData; /// Specifies the constraints for computing a pairing in a BLS12 bilinear group. -pub struct PairingVar(PhantomData

); +pub struct PairingVar(PhantomData

); -type Fp2V

= Fp2Var<

::Fp2Config>; +type Fp2V

= Fp2Var<

::Fp2Config>; -impl PairingVar

{ +impl PairingVar

{ // Evaluate the line function at point p. #[tracing::instrument(target = "r1cs")] fn ell( @@ -59,7 +59,7 @@ impl PairingVar

{ } } -impl PG, P::Fp> for PairingVar

{ +impl PG, P::Fp> for PairingVar

{ type G1Var = G1Var

; type G2Var = G2Var

; type G1PreparedVar = G1PreparedVar

; diff --git a/src/pairing/mnt4/mod.rs b/src/pairing/mnt4/mod.rs index b7ce0b35..73e43ddc 100644 --- a/src/pairing/mnt4/mod.rs +++ b/src/pairing/mnt4/mod.rs @@ -9,19 +9,19 @@ use crate::{ G2ProjectiveExtendedVar, G2Var, }, }; -use ark_ec::mnt4::{MNT4Parameters, MNT4}; +use ark_ec::mnt4::{MNT4Config, MNT4}; use core::marker::PhantomData; /// Specifies the constraints for computing a pairing in a MNT4 bilinear group. -pub struct PairingVar(PhantomData

); +pub struct PairingVar(PhantomData

); -type Fp2G

= Fp2Var<

::Fp2Config>; -type Fp4G

= Fp4Var<

::Fp4Config>; +type Fp2G

= Fp2Var<

::Fp2Config>; +type Fp4G

= Fp4Var<

::Fp4Config>; /// A variable corresponding to `ark_ec::mnt4::GT`. pub type GTVar

= Fp4G

; -impl PairingVar

{ +impl PairingVar

{ #[tracing::instrument(target = "r1cs", skip(r))] pub(crate) fn doubling_step_for_flipped_miller_loop( r: &G2ProjectiveExtendedVar

, @@ -196,7 +196,7 @@ impl PairingVar

{ } } -impl PG, P::Fp> for PairingVar

{ +impl PG, P::Fp> for PairingVar

{ type G1Var = G1Var

; type G2Var = G2Var

; type G1PreparedVar = G1PreparedVar

; diff --git a/src/pairing/mnt6/mod.rs b/src/pairing/mnt6/mod.rs index 350eb620..b469549c 100644 --- a/src/pairing/mnt6/mod.rs +++ b/src/pairing/mnt6/mod.rs @@ -9,18 +9,18 @@ use crate::{ G2ProjectiveExtendedVar, G2Var, }, }; -use ark_ec::mnt6::{MNT6Parameters, MNT6}; +use ark_ec::mnt6::{MNT6Config, MNT6}; use core::marker::PhantomData; /// Specifies the constraints for computing a pairing in a MNT6 bilinear group. -pub struct PairingVar(PhantomData

); +pub struct PairingVar(PhantomData

); -type Fp3G

= Fp3Var<

::Fp3Config>; -type Fp6G

= Fp6Var<

::Fp6Config>; +type Fp3G

= Fp3Var<

::Fp3Config>; +type Fp6G

= Fp6Var<

::Fp6Config>; /// A variable corresponding to `ark_ec::mnt6::GT`. pub type GTVar

= Fp6G

; -impl PairingVar

{ +impl PairingVar

{ #[tracing::instrument(target = "r1cs", skip(r))] pub(crate) fn doubling_step_for_flipped_miller_loop( r: &G2ProjectiveExtendedVar

, @@ -191,7 +191,7 @@ impl PairingVar

{ } } -impl PG, P::Fp> for PairingVar

{ +impl PG, P::Fp> for PairingVar

{ type G1Var = G1Var

; type G2Var = G2Var

; type G1PreparedVar = G1PreparedVar

; From ea86966bcf913bb8b5d1ee34bd51a54b4b924f7b Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 21 Dec 2022 02:29:33 +0530 Subject: [PATCH 23/26] Parameters -> Config --- src/bits/boolean.rs | 2 +- src/bits/uint.rs | 2 +- src/bits/uint8.rs | 4 +- src/fields/cubic_extension.rs | 48 ++++++++--------- src/fields/fp/mod.rs | 22 ++++---- src/fields/fp12.rs | 26 ++++----- src/fields/fp2.rs | 8 +-- src/fields/fp3.rs | 8 +-- src/fields/fp4.rs | 8 +-- src/fields/fp6_2over3.rs | 8 +-- src/fields/fp6_3over2.rs | 24 ++++----- src/fields/nonnative/allocated_field_var.rs | 4 +- src/fields/nonnative/allocated_mul_result.rs | 6 +-- src/fields/nonnative/field_var.rs | 4 +- src/fields/nonnative/mod.rs | 4 +- src/fields/nonnative/params.rs | 6 +-- src/fields/nonnative/reduce.rs | 4 +- src/fields/quadratic_extension.rs | 48 ++++++++--------- .../curves/short_weierstrass/bls12/mod.rs | 10 ++-- .../curves/short_weierstrass/mnt4/mod.rs | 34 ++++++------ .../curves/short_weierstrass/mnt6/mod.rs | 34 ++++++------ src/groups/curves/short_weierstrass/mod.rs | 54 +++++++++---------- .../short_weierstrass/non_zero_affine.rs | 34 ++++++------ src/pairing/mnt4/mod.rs | 4 +- src/pairing/mnt6/mod.rs | 4 +- 25 files changed, 205 insertions(+), 205 deletions(-) diff --git a/src/bits/boolean.rs b/src/bits/boolean.rs index 3e25b3f6..d7be855e 100644 --- a/src/bits/boolean.rs +++ b/src/bits/boolean.rs @@ -1,4 +1,4 @@ -use ark_ff::{BitIteratorBE, Field, FpParameters, PrimeField}; +use ark_ff::{BitIteratorBE, Field, FpConfig, PrimeField}; use crate::{fields::fp::FpVar, prelude::*, Assignment, ToConstraintFieldGadget, Vec}; use ark_relations::r1cs::{ diff --git a/src/bits/uint.rs b/src/bits/uint.rs index cc5053e8..57defc42 100644 --- a/src/bits/uint.rs +++ b/src/bits/uint.rs @@ -6,7 +6,7 @@ macro_rules! make_uint { #[doc = $native_doc_name] #[doc = " type."] pub mod $mod_name { - use ark_ff::{Field, FpParameters, One, PrimeField, Zero}; + use ark_ff::{Field, FpConfig, One, PrimeField, Zero}; use core::borrow::Borrow; use core::convert::TryFrom; use num_bigint::BigUint; diff --git a/src/bits/uint8.rs b/src/bits/uint8.rs index dd479d0a..52c2ff5b 100644 --- a/src/bits/uint8.rs +++ b/src/bits/uint8.rs @@ -1,4 +1,4 @@ -use ark_ff::{Field, FpParameters, PrimeField, ToConstraintField}; +use ark_ff::{Field, FpConfig, PrimeField, ToConstraintField}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; @@ -363,7 +363,7 @@ mod test { use crate::fields::fp::FpVar; use crate::prelude::AllocationMode::{Constant, Input, Witness}; use crate::{prelude::*, ToConstraintFieldGadget, Vec}; - use ark_ff::{FpParameters, PrimeField, ToConstraintField}; + use ark_ff::{FpConfig, PrimeField, ToConstraintField}; use ark_relations::r1cs::{ConstraintSystem, SynthesisError}; use ark_std::rand::distributions::Uniform; use ark_std::rand::Rng; diff --git a/src/fields/cubic_extension.rs b/src/fields/cubic_extension.rs index 6be0112c..a6992af5 100644 --- a/src/fields/cubic_extension.rs +++ b/src/fields/cubic_extension.rs @@ -1,5 +1,5 @@ use ark_ff::{ - fields::{CubicExtField, CubicExtParameters, Field}, + fields::{CubicExtField, CubicExtConfig, Field}, Zero, }; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; @@ -20,7 +20,7 @@ use crate::{ Clone(bound = "P::BaseField: FieldWithVar") )] #[must_use] -pub struct CubicExtVar +pub struct CubicExtVar where P::BaseField: FieldWithVar, { @@ -34,9 +34,9 @@ where _params: PhantomData

, } -type BFVar

= <

::BaseField as FieldWithVar>::Var; +type BFVar

= <

::BaseField as FieldWithVar>::Var; -impl FieldWithVar for CubicExtField

+impl FieldWithVar for CubicExtField

where P::BaseField: FieldWithVar, { @@ -45,7 +45,7 @@ where /// This trait describes parameters that are used to implement arithmetic for /// `CubicExtVar`. -pub trait CubicExtVarParams: CubicExtParameters +pub trait CubicExtVarConfig: CubicExtConfig where Self::BaseField: FieldWithVar, { @@ -55,7 +55,7 @@ where fn mul_base_field_vars_by_frob_coeff(c1: &mut BFVar, c2: &mut BFVar, power: usize); } -impl CubicExtVar

+impl CubicExtVar

where P::BaseField: FieldWithVar, { @@ -97,7 +97,7 @@ where impl

R1CSVar for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { type Value = CubicExtField

; @@ -117,7 +117,7 @@ where impl

From> for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { fn from(other: Boolean) -> Self { @@ -130,20 +130,20 @@ where impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { } impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for &'a CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { } impl

FieldVar, P::BasePrimeField> for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { fn constant(other: CubicExtField

) -> Self { @@ -307,7 +307,7 @@ impl_bounded_ops!( |this: &mut CubicExtVar

, other: CubicExtField

| { *this = &*this + CubicExtVar::constant(other) }, - (P: CubicExtVarParams), + (P: CubicExtVarConfig), P::BaseField: FieldWithVar, ); impl_bounded_ops!( @@ -325,7 +325,7 @@ impl_bounded_ops!( |this: &mut CubicExtVar

, other: CubicExtField

| { *this = &*this - CubicExtVar::constant(other) }, - (P: CubicExtVarParams), + (P: CubicExtVarConfig), P::BaseField: FieldWithVar, ); impl_bounded_ops!( @@ -364,13 +364,13 @@ impl_bounded_ops!( |this: &mut CubicExtVar

, other: CubicExtField

| { *this = CubicExtVar::constant(other) * &*this; }, - (P: CubicExtVarParams), + (P: CubicExtVarConfig), P::BaseField: FieldWithVar, ); impl

EqGadget for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] @@ -411,7 +411,7 @@ where impl

ToBitsGadget for CubicExtVar

where P::BaseField: FieldWithVar, - P: CubicExtVarParams, + P: CubicExtVarConfig, { #[tracing::instrument(target = "r1cs")] fn to_bits_le(&self) -> Result>, SynthesisError> { @@ -436,7 +436,7 @@ where impl

ToBytesGadget for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { #[tracing::instrument(target = "r1cs")] @@ -465,7 +465,7 @@ where impl

ToConstraintFieldGadget for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, BFVar

: ToConstraintFieldGadget, { @@ -483,7 +483,7 @@ where impl

CondSelectGadget for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { #[inline] @@ -503,7 +503,7 @@ where impl

TwoBitLookupGadget for CubicExtVar

where BFVar

: TwoBitLookupGadget, - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { type TableConstant = CubicExtField

; @@ -526,7 +526,7 @@ where impl

ThreeBitCondNegLookupGadget for CubicExtVar

where BFVar

: ThreeBitCondNegLookupGadget, - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { type TableConstant = CubicExtField

; @@ -549,7 +549,7 @@ where impl

AllocVar, P::BasePrimeField> for CubicExtVar

where - P: CubicExtVarParams, + P: CubicExtVarConfig, P::BaseField: FieldWithVar, { fn new_variable>>( @@ -577,7 +577,7 @@ where } } -impl<'a, P: CubicExtVarParams> Sum<&'a CubicExtVar

> for CubicExtVar

+impl<'a, P: CubicExtVarConfig> Sum<&'a CubicExtVar

> for CubicExtVar

where P::BaseField: FieldWithVar, { @@ -590,7 +590,7 @@ where } } -impl<'a, P: CubicExtVarParams> Sum> for CubicExtVar

+impl<'a, P: CubicExtVarConfig> Sum> for CubicExtVar

where P::BaseField: FieldWithVar, { diff --git a/src/fields/fp/mod.rs b/src/fields/fp/mod.rs index feae65ab..50976a87 100644 --- a/src/fields/fp/mod.rs +++ b/src/fields/fp/mod.rs @@ -1,4 +1,4 @@ -use ark_ff::{BigInteger, FpParameters, PrimeField}; +use ark_ff::{BigInteger, FpConfig, PrimeField}; use ark_relations::r1cs::{ ConstraintSystemRef, LinearCombination, Namespace, SynthesisError, Variable, }; @@ -50,18 +50,18 @@ pub enum FpVar { } macro_rules! impl_field_ext { - ($Fp:ident, $FpParams:ident) => { - impl FieldWithVar for ark_ff::models::$Fp

{ + ($Fp:ident, $FpConfig:ident) => { + impl FieldWithVar for ark_ff::models::$Fp

{ type Var = FpVar; } }; } -impl_field_ext!(Fp256, Fp256Parameters); -impl_field_ext!(Fp320, Fp320Parameters); -impl_field_ext!(Fp384, Fp384Parameters); -impl_field_ext!(Fp768, Fp768Parameters); -impl_field_ext!(Fp832, Fp832Parameters); +impl_field_ext!(Fp256, Fp256Config); +impl_field_ext!(Fp320, Fp320Config); +impl_field_ext!(Fp384, Fp384Config); +impl_field_ext!(Fp768, Fp768Config); +impl_field_ext!(Fp832, Fp832Config); impl R1CSVar for FpVar { type Value = F; @@ -487,10 +487,10 @@ impl ToBitsGadget for AllocatedFp { .skip_while(|(_, c)| !c) .map(|(b, _)| Some(b)) .collect(); - assert_eq!(bits.len(), F::Params::MODULUS_BITS as usize); + assert_eq!(bits.len(), F::Config::MODULUS_BITS as usize); bits } else { - vec![None; F::Params::MODULUS_BITS as usize] + vec![None; F::Config::MODULUS_BITS as usize] }; // Convert to little-endian @@ -921,7 +921,7 @@ impl ToBitsGadget for FpVar { use ark_ff::BitIteratorLE; match self { Self::Constant(c) => Ok(BitIteratorLE::new(&c.into_repr()) - .take((F::Params::MODULUS_BITS) as usize) + .take((F::Config::MODULUS_BITS) as usize) .map(Boolean::constant) .collect::>()), Self::Var(v) => v.to_non_unique_bits_le(), diff --git a/src/fields/fp12.rs b/src/fields/fp12.rs index 80059b4b..7e31f838 100644 --- a/src/fields/fp12.rs +++ b/src/fields/fp12.rs @@ -1,28 +1,28 @@ use crate::fields::{ fp2::Fp2Var, fp6_3over2::Fp6Var, quadratic_extension::*, FieldVar, FieldWithVar, }; -use ark_ff::fields::{fp12_2over3over2::*, fp6_3over2::Fp6Parameters, Field, QuadExtParameters}; +use ark_ff::fields::{fp12_2over3over2::*, fp6_3over2::Fp6Config, Field, QuadExtConfig}; use ark_relations::r1cs::SynthesisError; /// A degree-12 extension field constructed as the tower of a /// quadratic extension over a cubic extension over a quadratic extension field. /// This is the R1CS equivalent of `ark_ff::fp12_2over3over2::Fp12

`. -pub type Fp12Var

= QuadExtVar>; +pub type Fp12Var

= QuadExtVar>; -type Fp2Params

= <

::Fp6Params as Fp6Parameters>::Fp2Params; +type Fp2Config

= <

::Fp6Config as Fp6Config>::Fp2Config; -impl QuadExtVarParams for Fp12ParamsWrapper

+impl QuadExtVarConfig for Fp12ConfigWrapper

where Self::BasePrimeField: FieldWithVar, { - fn mul_base_field_var_by_frob_coeff(fe: &mut Fp6Var, power: usize) { + fn mul_base_field_var_by_frob_coeff(fe: &mut Fp6Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c2 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; } } -impl Fp12Var

+impl Fp12Var

where as Field>::BasePrimeField: FieldWithVar, { @@ -31,9 +31,9 @@ where #[inline] pub fn mul_by_014( &self, - c0: &Fp2Var>, - c1: &Fp2Var>, - d1: &Fp2Var>, + c0: &Fp2Var>, + c1: &Fp2Var>, + d1: &Fp2Var>, ) -> Result { let v0 = self.c0.mul_by_c0_c1_0(&c0, &c1)?; let v1 = self.c1.mul_by_0_c1_0(&d1)?; @@ -48,9 +48,9 @@ where #[inline] pub fn mul_by_034( &self, - c0: &Fp2Var>, - d0: &Fp2Var>, - d1: &Fp2Var>, + c0: &Fp2Var>, + d0: &Fp2Var>, + d1: &Fp2Var>, ) -> Result { let a0 = &self.c0.c0 * c0; let a1 = &self.c0.c1 * c0; @@ -70,7 +70,7 @@ where /// Squares `self` when `self` is in the cyclotomic subgroup. pub fn cyclotomic_square(&self) -> Result { if characteristic_square_mod_6_is_one(Fp12::

::characteristic()) { - let fp2_nr = ::NONRESIDUE; + let fp2_nr = ::NONRESIDUE; let z0 = &self.c0.c0; let z4 = &self.c0.c1; diff --git a/src/fields/fp2.rs b/src/fields/fp2.rs index 4d12674a..fca20cda 100644 --- a/src/fields/fp2.rs +++ b/src/fields/fp2.rs @@ -1,13 +1,13 @@ use crate::fields::{quadratic_extension::*, FieldWithVar}; -use ark_ff::fields::{Fp2Parameters, Fp2ParamsWrapper, QuadExtParameters}; +use ark_ff::fields::{Fp2Config, Fp2ConfigWrapper, QuadExtConfig}; -type FpVar

= < as QuadExtParameters>::BasePrimeField as FieldWithVar>::Var; +type FpVar

= < as QuadExtConfig>::BasePrimeField as FieldWithVar>::Var; /// A quadratic extension field constructed over a prime field. /// This is the R1CS equivalent of `ark_ff::Fp2

`. -pub type Fp2Var

= QuadExtVar>; +pub type Fp2Var

= QuadExtVar>; -impl QuadExtVarParams for Fp2ParamsWrapper

+impl QuadExtVarConfig for Fp2ConfigWrapper

where Self::BaseField: FieldWithVar, { diff --git a/src/fields/fp3.rs b/src/fields/fp3.rs index c0dc3981..3819250c 100644 --- a/src/fields/fp3.rs +++ b/src/fields/fp3.rs @@ -1,13 +1,13 @@ use crate::fields::{cubic_extension::*, FieldWithVar}; -use ark_ff::fields::{CubicExtParameters, Fp3Parameters, Fp3ParamsWrapper}; +use ark_ff::fields::{CubicExtConfig, Fp3Config, Fp3ConfigWrapper}; -type FpVar

= < as CubicExtParameters>::BasePrimeField as FieldWithVar>::Var; +type FpVar

= < as CubicExtConfig>::BasePrimeField as FieldWithVar>::Var; /// A cubic extension field constructed over a prime field. /// This is the R1CS equivalent of `ark_ff::Fp3

`. -pub type Fp3Var

= CubicExtVar>; +pub type Fp3Var

= CubicExtVar>; -impl CubicExtVarParams for Fp3ParamsWrapper

+impl CubicExtVarConfig for Fp3ConfigWrapper

where Self::BasePrimeField: FieldWithVar, { diff --git a/src/fields/fp4.rs b/src/fields/fp4.rs index 1e0f294b..0373e339 100644 --- a/src/fields/fp4.rs +++ b/src/fields/fp4.rs @@ -1,16 +1,16 @@ use crate::fields::{fp2::Fp2Var, quadratic_extension::*, FieldWithVar}; -use ark_ff::fields::{Fp4Parameters, Fp4ParamsWrapper, QuadExtParameters}; +use ark_ff::fields::{Fp4Config, Fp4ConfigWrapper, QuadExtConfig}; /// A quartic extension field constructed as the tower of a /// quadratic extension over a quadratic extension field. /// This is the R1CS equivalent of `ark_ff::Fp4

`. -pub type Fp4Var

= QuadExtVar>; +pub type Fp4Var

= QuadExtVar>; -impl QuadExtVarParams for Fp4ParamsWrapper

+impl QuadExtVarConfig for Fp4ConfigWrapper

where Self::BasePrimeField: FieldWithVar, { - fn mul_base_field_var_by_frob_coeff(fe: &mut Fp2Var, power: usize) { + fn mul_base_field_var_by_frob_coeff(fe: &mut Fp2Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; } diff --git a/src/fields/fp6_2over3.rs b/src/fields/fp6_2over3.rs index 2c252882..a5f144f8 100644 --- a/src/fields/fp6_2over3.rs +++ b/src/fields/fp6_2over3.rs @@ -1,16 +1,16 @@ use crate::fields::{fp3::Fp3Var, quadratic_extension::*, FieldWithVar}; -use ark_ff::fields::{fp6_2over3::*, QuadExtParameters}; +use ark_ff::fields::{fp6_2over3::*, QuadExtConfig}; /// A sextic extension field constructed as the tower of a /// quadratic extension over a cubic extension field. /// This is the R1CS equivalent of `ark_ff::fp6_2over3::Fp6

`. -pub type Fp6Var

= QuadExtVar>; +pub type Fp6Var

= QuadExtVar>; -impl QuadExtVarParams for Fp6ParamsWrapper

+impl QuadExtVarConfig for Fp6ConfigWrapper

where Self::BasePrimeField: FieldWithVar, { - fn mul_base_field_var_by_frob_coeff(fe: &mut Fp3Var, power: usize) { + fn mul_base_field_var_by_frob_coeff(fe: &mut Fp3Var, power: usize) { fe.c0 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; fe.c2 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; diff --git a/src/fields/fp6_3over2.rs b/src/fields/fp6_3over2.rs index c8a657d9..d9737cdd 100644 --- a/src/fields/fp6_3over2.rs +++ b/src/fields/fp6_3over2.rs @@ -1,22 +1,22 @@ use crate::fields::{cubic_extension::*, fp2::*, FieldWithVar}; -use ark_ff::fields::{fp6_3over2::*, CubicExtParameters, Fp2}; +use ark_ff::fields::{fp6_3over2::*, CubicExtConfig, Fp2}; use ark_relations::r1cs::SynthesisError; use core::ops::MulAssign; /// A sextic extension field constructed as the tower of a /// cubic extension over a quadratic extension field. /// This is the R1CS equivalent of `ark_ff::fp6_3over3::Fp6

`. -pub type Fp6Var

= CubicExtVar>; +pub type Fp6Var

= CubicExtVar>; -type Fp

= as CubicExtParameters>::BasePrimeField; +type Fp

= as CubicExtConfig>::BasePrimeField; -impl CubicExtVarParams for Fp6ParamsWrapper

+impl CubicExtVarConfig for Fp6ConfigWrapper

where Fp

: FieldWithVar, { fn mul_base_field_vars_by_frob_coeff( - c1: &mut Fp2Var, - c2: &mut Fp2Var, + c1: &mut Fp2Var, + c2: &mut Fp2Var, power: usize, ) { *c1 *= Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; @@ -24,12 +24,12 @@ where } } -impl Fp6Var

+impl Fp6Var

where Fp

: FieldWithVar, { /// Multiplies `self` by a sparse element which has `c0 == c2 == zero`. - pub fn mul_by_0_c1_0(&self, c1: &Fp2Var) -> Result { + pub fn mul_by_0_c1_0(&self, c1: &Fp2Var) -> Result { // Karatsuba multiplication // v0 = a0 * b0 = 0 @@ -59,8 +59,8 @@ where /// Multiplies `self` by a sparse element which has `c2 == zero`. pub fn mul_by_c0_c1_0( &self, - c0: &Fp2Var, - c1: &Fp2Var, + c0: &Fp2Var, + c1: &Fp2Var, ) -> Result { let v0 = &self.c0 * c0; let v1 = &self.c1 * c1; @@ -84,11 +84,11 @@ where } } -impl MulAssign> for Fp6Var

+impl MulAssign> for Fp6Var

where Fp

: FieldWithVar, { - fn mul_assign(&mut self, other: Fp2) { + fn mul_assign(&mut self, other: Fp2) { self.c0 *= other; self.c1 *= other; self.c2 *= other; diff --git a/src/fields/nonnative/allocated_field_var.rs b/src/fields/nonnative/allocated_field_var.rs index 123032b0..617499f2 100644 --- a/src/fields/nonnative/allocated_field_var.rs +++ b/src/fields/nonnative/allocated_field_var.rs @@ -4,7 +4,7 @@ use super::AllocatedNonNativeFieldMulResultVar; use crate::fields::fp::FpVar; use crate::prelude::*; use crate::ToConstraintFieldGadget; -use ark_ff::{BigInteger, FpParameters, PrimeField}; +use ark_ff::{BigInteger, FpConfig, PrimeField}; use ark_relations::r1cs::{OptimizationGoal, Result as R1CSResult}; use ark_relations::{ ns, @@ -512,7 +512,7 @@ impl // Get p let p_representations = AllocatedNonNativeFieldVar::::get_limbs_representations_from_big_integer( - &::Params::MODULUS, + &::Config::MODULUS, self.get_optimization_type() )?; let p_bigint = limbs_to_bigint(params.bits_per_limb, &p_representations); diff --git a/src/fields/nonnative/allocated_mul_result.rs b/src/fields/nonnative/allocated_mul_result.rs index 854b6f81..36f37fb4 100644 --- a/src/fields/nonnative/allocated_mul_result.rs +++ b/src/fields/nonnative/allocated_mul_result.rs @@ -3,7 +3,7 @@ use super::reduce::{bigint_to_basefield, limbs_to_bigint, Reducer}; use super::AllocatedNonNativeFieldVar; use crate::fields::fp::FpVar; use crate::prelude::*; -use ark_ff::{FpParameters, PrimeField}; +use ark_ff::{FpConfig, PrimeField}; use ark_relations::r1cs::{OptimizationGoal, Result as R1CSResult}; use ark_relations::{ns, r1cs::ConstraintSystemRef}; use ark_std::marker::PhantomData; @@ -69,7 +69,7 @@ impl let p_representations = AllocatedNonNativeFieldVar::::get_limbs_representations_from_big_integer( - &::Params::MODULUS, + &::Config::MODULUS, self.get_optimization_type() )?; let p_bigint = limbs_to_bigint(params.bits_per_limb, &p_representations); @@ -95,7 +95,7 @@ impl // Step 1: get p let p_representations = AllocatedNonNativeFieldVar::::get_limbs_representations_from_big_integer( - &::Params::MODULUS, + &::Config::MODULUS, self.get_optimization_type() )?; let p_bigint = limbs_to_bigint(params.bits_per_limb, &p_representations); diff --git a/src/fields/nonnative/field_var.rs b/src/fields/nonnative/field_var.rs index f87b38d9..86c0a10f 100644 --- a/src/fields/nonnative/field_var.rs +++ b/src/fields/nonnative/field_var.rs @@ -6,7 +6,7 @@ use crate::fields::FieldVar; use crate::prelude::*; use crate::{R1CSVar, ToConstraintFieldGadget}; use ark_ff::PrimeField; -use ark_ff::{to_bytes, FpParameters}; +use ark_ff::{to_bytes, FpConfig}; use ark_relations::r1cs::Result as R1CSResult; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; use ark_std::hash::{Hash, Hasher}; @@ -316,7 +316,7 @@ impl ToBitsGadget use ark_ff::BitIteratorLE; match self { Self::Constant(c) => Ok(BitIteratorLE::new(&c.into_repr()) - .take((TargetField::Params::MODULUS_BITS) as usize) + .take((TargetField::Config::MODULUS_BITS) as usize) .map(Boolean::constant) .collect::>()), Self::Var(v) => v.to_non_unique_bits_le(), diff --git a/src/fields/nonnative/mod.rs b/src/fields/nonnative/mod.rs index 45e2b902..500fee77 100644 --- a/src/fields/nonnative/mod.rs +++ b/src/fields/nonnative/mod.rs @@ -157,9 +157,9 @@ macro_rules! overhead { pub(crate) use overhead; -/// Parameters for a specific `NonNativeFieldVar` instantiation +/// Config for a specific `NonNativeFieldVar` instantiation #[derive(Clone, Debug)] -pub struct NonNativeFieldParams { +pub struct NonNativeFieldConfig { /// The number of limbs (`BaseField` elements) used to represent a `TargetField` element. Highest limb first. pub num_limbs: usize, diff --git a/src/fields/nonnative/params.rs b/src/fields/nonnative/params.rs index 63455477..8380413b 100644 --- a/src/fields/nonnative/params.rs +++ b/src/fields/nonnative/params.rs @@ -1,4 +1,4 @@ -use super::NonNativeFieldParams; +use super::NonNativeFieldConfig; /// Obtain the parameters from a `ConstraintSystem`'s cache or generate a new one #[must_use] @@ -6,10 +6,10 @@ pub const fn get_params( target_field_size: usize, base_field_size: usize, optimization_type: OptimizationType, -) -> NonNativeFieldParams { +) -> NonNativeFieldConfig { let (num_of_limbs, limb_size) = find_parameters(base_field_size, target_field_size, optimization_type); - NonNativeFieldParams { + NonNativeFieldConfig { num_limbs: num_of_limbs, bits_per_limb: limb_size, } diff --git a/src/fields/nonnative/reduce.rs b/src/fields/nonnative/reduce.rs index 321ea51c..7cf0fa1e 100644 --- a/src/fields/nonnative/reduce.rs +++ b/src/fields/nonnative/reduce.rs @@ -5,7 +5,7 @@ use crate::eq::EqGadget; use crate::fields::fp::FpVar; use crate::fields::FieldVar; use crate::{alloc::AllocVar, boolean::Boolean, R1CSVar}; -use ark_ff::{biginteger::BigInteger, fields::FpParameters, BitIteratorBE, One, PrimeField, Zero}; +use ark_ff::{biginteger::BigInteger, fields::FpConfig, BitIteratorBE, One, PrimeField, Zero}; use ark_relations::{ ns, r1cs::{ConstraintSystemRef, Result as R1CSResult}, @@ -75,7 +75,7 @@ impl Reducer::Params as FpParameters>::REPR_SHAVE_BITS as usize + <::Config as FpConfig>::REPR_SHAVE_BITS as usize + (BaseField::size_in_bits() - num_bits), ) { bits_considered.push(b); diff --git a/src/fields/quadratic_extension.rs b/src/fields/quadratic_extension.rs index dbe9eb6a..5b0d6dfc 100644 --- a/src/fields/quadratic_extension.rs +++ b/src/fields/quadratic_extension.rs @@ -1,5 +1,5 @@ use ark_ff::{ - fields::{Field, QuadExtField, QuadExtParameters}, + fields::{Field, QuadExtField, QuadExtConfig}, Zero, }; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; @@ -22,7 +22,7 @@ use super::FieldWithVar; Clone(bound = "P::BaseField: FieldWithVar") )] #[must_use] -pub struct QuadExtVar +pub struct QuadExtVar where P::BaseField: FieldWithVar, { @@ -34,9 +34,9 @@ where _params: PhantomData

, } -type BFVar

= <

::BaseField as FieldWithVar>::Var; +type BFVar

= <

::BaseField as FieldWithVar>::Var; -impl FieldWithVar for QuadExtField

+impl FieldWithVar for QuadExtField

where P::BaseField: FieldWithVar, { @@ -45,7 +45,7 @@ where /// This trait describes parameters that are used to implement arithmetic for /// `QuadExtVar`. -pub trait QuadExtVarParams: QuadExtParameters +pub trait QuadExtVarConfig: QuadExtConfig where Self::BaseField: FieldWithVar, { @@ -55,7 +55,7 @@ where fn mul_base_field_var_by_frob_coeff(fe: &mut BFVar, power: usize); } -impl QuadExtVar

+impl QuadExtVar

where P::BaseField: FieldWithVar, { @@ -130,7 +130,7 @@ where } } -impl R1CSVar for QuadExtVar

+impl R1CSVar for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -149,7 +149,7 @@ where } } -impl From> for QuadExtVar

+impl From> for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -160,19 +160,19 @@ where } } -impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for QuadExtVar

where +impl<'a, P: QuadExtVarConfig> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for QuadExtVar

where P::BaseField: FieldWithVar { } -impl<'a, P: QuadExtVarParams> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> +impl<'a, P: QuadExtVarConfig> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for &'a QuadExtVar

where P::BaseField: FieldWithVar, { } -impl FieldVar, P::BasePrimeField> for QuadExtVar

+impl FieldVar, P::BasePrimeField> for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -312,7 +312,7 @@ impl_bounded_ops!( |this: &mut QuadExtVar

, other: QuadExtField

| { *this = &*this + QuadExtVar::constant(other); }, - (P: QuadExtVarParams), + (P: QuadExtVarConfig), P::BaseField: FieldWithVar, ); impl_bounded_ops!( @@ -329,7 +329,7 @@ impl_bounded_ops!( |this: &mut QuadExtVar

, other: QuadExtField

| { *this = &*this - QuadExtVar::constant(other); }, - (P: QuadExtVarParams), + (P: QuadExtVarConfig), P::BaseField: FieldWithVar, ); impl_bounded_ops!( @@ -365,14 +365,14 @@ impl_bounded_ops!( |this: &mut QuadExtVar

, other: QuadExtField

| { *this = QuadExtVar::constant(other) * &*this; }, - (P: QuadExtVarParams), + (P: QuadExtVarConfig), P::BaseField: FieldWithVar, ); impl

EqGadget for QuadExtVar

where P::BaseField: FieldWithVar, - P: QuadExtVarParams, + P: QuadExtVarConfig, { #[tracing::instrument(target = "r1cs")] fn is_eq(&self, other: &Self) -> Result, SynthesisError> { @@ -407,7 +407,7 @@ where } } -impl ToBitsGadget for QuadExtVar

+impl ToBitsGadget for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -428,7 +428,7 @@ where } } -impl ToBytesGadget for QuadExtVar

+impl ToBytesGadget for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -449,7 +449,7 @@ where } } -impl ToConstraintFieldGadget for QuadExtVar

+impl ToConstraintFieldGadget for QuadExtVar

where P::BaseField: FieldWithVar, BFVar

: ToConstraintFieldGadget, @@ -465,7 +465,7 @@ where } } -impl CondSelectGadget for QuadExtVar

+impl CondSelectGadget for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -481,7 +481,7 @@ where } } -impl TwoBitLookupGadget for QuadExtVar

+impl TwoBitLookupGadget for QuadExtVar

where P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, @@ -501,7 +501,7 @@ where } } -impl ThreeBitCondNegLookupGadget for QuadExtVar

+impl ThreeBitCondNegLookupGadget for QuadExtVar

where P::BaseField: FieldWithVar, BFVar

: ThreeBitCondNegLookupGadget, @@ -522,7 +522,7 @@ where } } -impl AllocVar, P::BasePrimeField> for QuadExtVar

+impl AllocVar, P::BasePrimeField> for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -547,7 +547,7 @@ where } } -impl<'a, P: QuadExtVarParams> Sum<&'a QuadExtVar

> for QuadExtVar

+impl<'a, P: QuadExtVarConfig> Sum<&'a QuadExtVar

> for QuadExtVar

where P::BaseField: FieldWithVar, { @@ -559,7 +559,7 @@ where } } -impl<'a, P: QuadExtVarParams> Sum> for QuadExtVar

+impl<'a, P: QuadExtVarConfig> Sum> for QuadExtVar

where P::BaseField: FieldWithVar, { diff --git a/src/groups/curves/short_weierstrass/bls12/mod.rs b/src/groups/curves/short_weierstrass/bls12/mod.rs index 974b2b83..8b1f2ee7 100644 --- a/src/groups/curves/short_weierstrass/bls12/mod.rs +++ b/src/groups/curves/short_weierstrass/bls12/mod.rs @@ -14,19 +14,19 @@ use crate::{ type FpVar

= <

::Fp as FieldWithVar>::Var; /// Represents a projective point in G1. -pub type G1Var

= ProjectiveVar<

::G1Parameters>; +pub type G1Var

= ProjectiveVar<

::G1Config>; /// Represents an affine point on G1. Should be used only for comparison and /// when a canonical representation of a point is required, and not for /// arithmetic. -pub type G1AffineVar

= AffineVar<

::G1Parameters>; +pub type G1AffineVar

= AffineVar<

::G1Config>; /// Represents a projective point in G2. -pub type G2Var

= ProjectiveVar<

::G2Parameters>; +pub type G2Var

= ProjectiveVar<

::G2Config>; /// Represents an affine point on G2. Should be used only for comparison and /// when a canonical representation of a point is required, and not for /// arithmetic. -pub type G2AffineVar

= AffineVar<

::G2Parameters>; +pub type G2AffineVar

= AffineVar<

::G2Config>; /// Represents the cached precomputation that can be performed on a G1 element /// which enables speeding up pairing computation. @@ -113,7 +113,7 @@ where } } -type Fp2G

= Fp2Var<

::Fp2Params>; +type Fp2G

= Fp2Var<

::Fp2Config>; type LCoeff

= (Fp2G

, Fp2G

); /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. diff --git a/src/groups/curves/short_weierstrass/mnt4/mod.rs b/src/groups/curves/short_weierstrass/mnt4/mod.rs index 77bb5ec6..2794e1d0 100644 --- a/src/groups/curves/short_weierstrass/mnt4/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt4/mod.rs @@ -36,9 +36,9 @@ where #[doc(hidden)] pub y: FpVar, #[doc(hidden)] - pub x_twist: Fp2Var, + pub x_twist: Fp2Var, #[doc(hidden)] - pub y_twist: Fp2Var, + pub y_twist: Fp2Var, } impl AllocVar, P::Fp> for G1PreparedVar

@@ -153,7 +153,7 @@ where } } -type Fp2G

= Fp2Var<

::Fp2Params>; +type Fp2G

= Fp2Var<

::Fp2Config>; /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. @@ -167,13 +167,13 @@ where P::Fp: FieldWithVar>, { #[doc(hidden)] - pub x: Fp2Var, + pub x: Fp2Var, #[doc(hidden)] - pub y: Fp2Var, + pub y: Fp2Var, #[doc(hidden)] - pub x_over_twist: Fp2Var, + pub x_over_twist: Fp2Var, #[doc(hidden)] - pub y_over_twist: Fp2Var, + pub y_over_twist: Fp2Var, #[doc(hidden)] pub double_coefficients: Vec>, #[doc(hidden)] @@ -387,10 +387,10 @@ pub struct AteDoubleCoefficientsVar where P::Fp: FieldWithVar>, { - pub c_h: Fp2Var, - pub c_4c: Fp2Var, - pub c_j: Fp2Var, - pub c_l: Fp2Var, + pub c_h: Fp2Var, + pub c_4c: Fp2Var, + pub c_j: Fp2Var, + pub c_l: Fp2Var, } impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

@@ -487,8 +487,8 @@ pub struct AteAdditionCoefficientsVar where P::Fp: FieldWithVar>, { - pub c_l1: Fp2Var, - pub c_rz: Fp2Var, + pub c_l1: Fp2Var, + pub c_rz: Fp2Var, } impl AllocVar, P::Fp> @@ -557,8 +557,8 @@ pub struct G2ProjectiveExtendedVar where P::Fp: FieldWithVar>, { - pub x: Fp2Var, - pub y: Fp2Var, - pub z: Fp2Var, - pub t: Fp2Var, + pub x: Fp2Var, + pub y: Fp2Var, + pub z: Fp2Var, + pub t: Fp2Var, } diff --git a/src/groups/curves/short_weierstrass/mnt6/mod.rs b/src/groups/curves/short_weierstrass/mnt6/mod.rs index 0b989bb3..dafede04 100644 --- a/src/groups/curves/short_weierstrass/mnt6/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt6/mod.rs @@ -36,9 +36,9 @@ where #[doc(hidden)] pub y: FpVar, #[doc(hidden)] - pub x_twist: Fp3Var, + pub x_twist: Fp3Var, #[doc(hidden)] - pub y_twist: Fp3Var, + pub y_twist: Fp3Var, } impl G1PreparedVar

@@ -153,7 +153,7 @@ where } } -type Fp3G

= Fp3Var<

::Fp3Params>; +type Fp3G

= Fp3Var<

::Fp3Config>; /// Represents the cached precomputation that can be performed on a G2 element /// which enables speeding up pairing computation. @@ -167,13 +167,13 @@ where P::Fp: FieldWithVar>, { #[doc(hidden)] - pub x: Fp3Var, + pub x: Fp3Var, #[doc(hidden)] - pub y: Fp3Var, + pub y: Fp3Var, #[doc(hidden)] - pub x_over_twist: Fp3Var, + pub x_over_twist: Fp3Var, #[doc(hidden)] - pub y_over_twist: Fp3Var, + pub y_over_twist: Fp3Var, #[doc(hidden)] pub double_coefficients: Vec>, #[doc(hidden)] @@ -387,10 +387,10 @@ pub struct AteDoubleCoefficientsVar where P::Fp: FieldWithVar>, { - pub c_h: Fp3Var, - pub c_4c: Fp3Var, - pub c_j: Fp3Var, - pub c_l: Fp3Var, + pub c_h: Fp3Var, + pub c_4c: Fp3Var, + pub c_j: Fp3Var, + pub c_l: Fp3Var, } impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

@@ -482,8 +482,8 @@ pub struct AteAdditionCoefficientsVar where P::Fp: FieldWithVar>, { - pub c_l1: Fp3Var, - pub c_rz: Fp3Var, + pub c_l1: Fp3Var, + pub c_rz: Fp3Var, } impl AllocVar, P::Fp> @@ -553,8 +553,8 @@ pub struct G2ProjectiveExtendedVar where P::Fp: FieldWithVar>, { - pub x: Fp3Var, - pub y: Fp3Var, - pub z: Fp3Var, - pub t: Fp3Var, + pub x: Fp3Var, + pub y: Fp3Var, + pub z: Fp3Var, + pub t: Fp3Var, } diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 1c4732df..95ca7acc 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -1,6 +1,6 @@ use ark_ec::{ short_weierstrass_jacobian::{GroupAffine as SWAffine, GroupProjective as SWProjective}, - AffineCurve, ModelParameters, ProjectiveCurve, SWModelParameters, + AffineCurve, ModelConfig, ProjectiveCurve, SWModelConfig, }; use ark_ff::{BigInteger, BitIteratorBE, Field, One, PrimeField, Zero}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; @@ -29,7 +29,7 @@ pub mod mnt6; mod non_zero_affine; -type BF

=

::BaseField; +type BF

=

::BaseField; type CF

= as Field>::BasePrimeField; type BFVar

= as FieldWithVar>::Var; @@ -38,11 +38,11 @@ type BFVar

= as FieldWithVar>::Var; /// [[Renes, Costello, Batina 2015]](). #[derive(Derivative)] #[derivative( - Debug(bound = "P: SWModelParameters"), - Clone(bound = "P: SWModelParameters") + Debug(bound = "P: SWModelConfig"), + Clone(bound = "P: SWModelConfig") )] #[must_use] -pub struct ProjectiveVar +pub struct ProjectiveVar where BF

: FieldWithVar, { @@ -59,11 +59,11 @@ where /// An affine representation of a curve point. #[derive(Derivative)] #[derivative( - Debug(bound = "P: SWModelParameters, BF

: FieldWithVar"), - Clone(bound = "P: SWModelParameters, BF

: FieldWithVar") + Debug(bound = "P: SWModelConfig, BF

: FieldWithVar"), + Clone(bound = "P: SWModelConfig, BF

: FieldWithVar") )] #[must_use] -pub struct AffineVar +pub struct AffineVar where BF

: FieldWithVar, { @@ -77,7 +77,7 @@ where _params: PhantomData

, } -impl AffineVar

+impl AffineVar

where BF

: FieldWithVar, { @@ -104,7 +104,7 @@ where impl

ToConstraintFieldGadget> for AffineVar

where BF

: FieldWithVar, - P: SWModelParameters, + P: SWModelConfig, BFVar

: ToConstraintFieldGadget>, { fn to_constraint_field(&self) -> Result>>, SynthesisError> { @@ -120,7 +120,7 @@ where impl

R1CSVar> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, { type Value = SWProjective

; @@ -140,7 +140,7 @@ where } } -impl ProjectiveVar

+impl ProjectiveVar

where BF

: FieldWithVar, { @@ -234,7 +234,7 @@ where } } -impl ProjectiveVar

+impl ProjectiveVar

where BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, @@ -367,7 +367,7 @@ where } } -impl CurveWithVar> for SWProjective

+impl CurveWithVar> for SWProjective

where BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, @@ -377,7 +377,7 @@ where impl

CurveVar, CF

> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { @@ -572,7 +572,7 @@ where impl

ToConstraintFieldGadget> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, BFVar

: ToConstraintFieldGadget>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, @@ -582,7 +582,7 @@ where } } -fn mul_by_coeff_a(f: &BFVar

) -> BFVar

+fn mul_by_coeff_a(f: &BFVar

) -> BFVar

where for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, BF

: FieldWithVar, @@ -669,7 +669,7 @@ impl_bounded_ops!( |this: &mut ProjectiveVar

, other: SWProjective

| { *this = &*this + ProjectiveVar::constant(other) }, - (P: SWModelParameters), + (P: SWModelConfig), for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, BF

: FieldWithVar, ); @@ -683,14 +683,14 @@ impl_bounded_ops!( sub_assign, |this: &mut ProjectiveVar

, other: &'a ProjectiveVar

| *this += other.negate().unwrap(), |this: &mut ProjectiveVar

, other: SWProjective

| *this = &*this - ProjectiveVar::constant(other), - (P: SWModelParameters), + (P: SWModelConfig), for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, BF

: FieldWithVar, ); impl<'a, P> GroupOpsBounds<'a, SWProjective

, ProjectiveVar

> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { @@ -698,7 +698,7 @@ where impl<'a, P> GroupOpsBounds<'a, SWProjective

, ProjectiveVar

> for &'a ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { @@ -706,7 +706,7 @@ where impl

CondSelectGadget> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { @@ -727,7 +727,7 @@ where impl

EqGadget> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { @@ -773,7 +773,7 @@ where impl

AllocVar, CF

> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { @@ -788,7 +788,7 @@ where impl

AllocVar, CF

> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { @@ -899,7 +899,7 @@ fn div2(limbs: &mut [u64]) { impl

ToBitsGadget> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { @@ -926,7 +926,7 @@ where impl

ToBytesGadget> for ProjectiveVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { diff --git a/src/groups/curves/short_weierstrass/non_zero_affine.rs b/src/groups/curves/short_weierstrass/non_zero_affine.rs index c9283a8a..7ef889a3 100644 --- a/src/groups/curves/short_weierstrass/non_zero_affine.rs +++ b/src/groups/curves/short_weierstrass/non_zero_affine.rs @@ -4,11 +4,11 @@ use super::*; /// to *not* be the point at infinity. #[derive(Derivative)] #[derivative( - Debug(bound = "P: SWModelParameters"), - Clone(bound = "P: SWModelParameters") + Debug(bound = "P: SWModelConfig"), + Clone(bound = "P: SWModelConfig") )] #[must_use] -pub struct NonZeroAffineVar +pub struct NonZeroAffineVar where BF

: FieldWithVar, { @@ -22,7 +22,7 @@ where impl

NonZeroAffineVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, BFVar

: FieldVar>, { @@ -43,7 +43,7 @@ where impl

NonZeroAffineVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, BFVar

: FieldVar>, for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, @@ -149,7 +149,7 @@ where impl

R1CSVar> for NonZeroAffineVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, { type Value = SWAffine

; @@ -165,7 +165,7 @@ where impl

CondSelectGadget> for NonZeroAffineVar

where - P: SWModelParameters, + P: SWModelConfig, BF

: FieldWithVar, { #[inline] @@ -190,10 +190,10 @@ mod test_non_zero_affine { use crate::groups::curves::short_weierstrass::ProjectiveVar; use crate::groups::CurveVar; use crate::R1CSVar; - use ark_ec::{ProjectiveCurve, SWModelParameters}; + use ark_ec::{ProjectiveCurve, SWModelConfig}; use ark_relations::r1cs::ConstraintSystem; use ark_std::{vec::Vec, One}; - use ark_test_curves::bls12_381::{g1::Parameters as G1Parameters, Fq}; + use ark_test_curves::bls12_381::{g1::Config as G1Config, Fq}; #[test] fn correctness_test_1() { @@ -201,13 +201,13 @@ mod test_non_zero_affine { let x = FpVar::Var( AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Parameters::AFFINE_GENERATOR_COEFFS.0) + Ok(G1Config::AFFINE_GENERATOR_COEFFS.0) }) .unwrap(), ); let y = FpVar::Var( AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Parameters::AFFINE_GENERATOR_COEFFS.1) + Ok(G1Config::AFFINE_GENERATOR_COEFFS.1) }) .unwrap(), ); @@ -216,7 +216,7 @@ mod test_non_zero_affine { // (1 + 2 + ... + 2^9) G let sum_a = { - let mut a = ProjectiveVar::::new( + let mut a = ProjectiveVar::::new( x.clone(), y.clone(), FpVar::Constant(Fq::one()), @@ -240,7 +240,7 @@ mod test_non_zero_affine { }; let sum_b = { - let mut a = NonZeroAffineVar::::new(x, y); + let mut a = NonZeroAffineVar::::new(x, y); let mut double_sequence = Vec::new(); double_sequence.push(a.clone()); @@ -268,20 +268,20 @@ mod test_non_zero_affine { let x = FpVar::Var( AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Parameters::AFFINE_GENERATOR_COEFFS.0) + Ok(G1Config::AFFINE_GENERATOR_COEFFS.0) }) .unwrap(), ); let y = FpVar::Var( AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Parameters::AFFINE_GENERATOR_COEFFS.1) + Ok(G1Config::AFFINE_GENERATOR_COEFFS.1) }) .unwrap(), ); // The following code tests `double_and_add`. let sum_a = { - let a = ProjectiveVar::::new( + let a = ProjectiveVar::::new( x.clone(), y.clone(), FpVar::Constant(Fq::one()), @@ -299,7 +299,7 @@ mod test_non_zero_affine { }; let sum_b = { - let a = NonZeroAffineVar::::new(x, y); + let a = NonZeroAffineVar::::new(x, y); let mut cur = a.double().unwrap(); for _ in 1..10 { diff --git a/src/pairing/mnt4/mod.rs b/src/pairing/mnt4/mod.rs index cc2b5ec7..2024397f 100644 --- a/src/pairing/mnt4/mod.rs +++ b/src/pairing/mnt4/mod.rs @@ -17,8 +17,8 @@ use core::marker::PhantomData; /// Specifies the constraints for computing a pairing in a MNT4 bilinear group. pub struct MNT4Gadget(PhantomData

); -type Fp2G

= Fp2Var<

::Fp2Params>; -type Fp4G

= Fp4Var<

::Fp4Params>; +type Fp2G

= Fp2Var<

::Fp2Config>; +type Fp4G

= Fp4Var<

::Fp4Config>; /// A variable corresponding to `ark_ec::mnt4::GT`. pub type GTVar

= Fp4G

; diff --git a/src/pairing/mnt6/mod.rs b/src/pairing/mnt6/mod.rs index 5aec333d..9a2e0930 100644 --- a/src/pairing/mnt6/mod.rs +++ b/src/pairing/mnt6/mod.rs @@ -16,8 +16,8 @@ use core::marker::PhantomData; /// Specifies the constraints for computing a pairing in a MNT6 bilinear group. pub struct MNT6Gadget(PhantomData

); -type Fp3G

= Fp3Var<

::Fp3Params>; -type Fp6G

= Fp6Var<

::Fp6Params>; +type Fp3G

= Fp3Var<

::Fp3Config>; +type Fp6G

= Fp6Var<

::Fp6Config>; /// A variable corresponding to `ark_ec::mnt6::GT`. pub type GTVar

= Fp6G

; From 7e2b67827160d62c7cb63675b8c3663de23b8fea Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 21 Dec 2022 02:29:40 +0530 Subject: [PATCH 24/26] Format --- benches/bench.rs | 2 +- src/bits/boolean.rs | 106 +++++++++--------- src/bits/uint.rs | 22 ++-- src/bits/uint8.rs | 4 +- src/fields/cubic_extension.rs | 2 +- src/fields/fp/cmp.rs | 12 +- src/fields/fp/mod.rs | 28 ++--- src/fields/mod.rs | 2 +- src/fields/nonnative/field_var.rs | 20 ++-- src/fields/nonnative/mul_result.rs | 2 +- src/fields/nonnative/params.rs | 8 +- src/fields/quadratic_extension.rs | 2 +- .../curves/short_weierstrass/bls12/mod.rs | 4 +- src/groups/curves/short_weierstrass/mod.rs | 9 +- .../short_weierstrass/non_zero_affine.rs | 43 +++---- src/groups/curves/twisted_edwards/mod.rs | 4 +- src/pairing/bls12/mod.rs | 4 +- tests/arithmetic_tests.rs | 6 +- 18 files changed, 130 insertions(+), 150 deletions(-) diff --git a/benches/bench.rs b/benches/bench.rs index 8765a011..07fe3c53 100644 --- a/benches/bench.rs +++ b/benches/bench.rs @@ -19,7 +19,7 @@ fn get_density(cs: &ConstraintSystemRef) -> us let matrices = cs_bak.to_matrices().unwrap(); matrices.a_num_non_zero + matrices.b_num_non_zero + matrices.c_num_non_zero - } + }, } } diff --git a/src/bits/boolean.rs b/src/bits/boolean.rs index d7be855e..4f55f859 100644 --- a/src/bits/boolean.rs +++ b/src/bits/boolean.rs @@ -396,7 +396,7 @@ impl Boolean { // a XOR (NOT b) = NOT(a XOR b) (is @ &Is(_), not @ &Not(_)) | (not @ &Not(_), is @ &Is(_)) => { Ok(is.xor(¬.not())?.not()) - } + }, // a XOR b = (NOT a) XOR (NOT b) (&Is(ref a), &Is(ref b)) | (&Not(ref a), &Not(ref b)) => Ok(Is(a.xor(b)?)), } @@ -438,7 +438,7 @@ impl Boolean { // a OR b = NOT ((NOT a) AND (NOT b)) (a @ &Is(_), b @ &Not(_)) | (b @ &Not(_), a @ &Is(_)) | (b @ &Not(_), a @ &Not(_)) => { Ok(a.not().and(&b.not())?.not()) - } + }, (&Is(ref a), &Is(ref b)) => a.or(b).map(From::from), } } @@ -604,7 +604,7 @@ impl Boolean { Is(_) | Not(_) => { r.cs() .enforce_constraint(r.lc(), lc!() + Variable::One, lc!() + Variable::One) - } + }, } } @@ -946,7 +946,7 @@ impl CondSelectGadget for Boolean { )?; Ok(result) - } + }, }, } } @@ -1247,30 +1247,30 @@ mod test { (OpType::AllocatedTrue, OpType::False, Boolean::Is(_)) => (), (OpType::AllocatedTrue, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedTrue, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedTrue, OpType::NegatedAllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedTrue, OpType::NegatedAllocatedFalse, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedFalse, OpType::True, Boolean::Not(_)) => (), (OpType::AllocatedFalse, OpType::False, Boolean::Is(_)) => (), (OpType::AllocatedFalse, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedFalse, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedFalse, OpType::NegatedAllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, ( OpType::AllocatedFalse, OpType::NegatedAllocatedFalse, @@ -1278,18 +1278,18 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedTrue, OpType::True, Boolean::Is(_)) => (), (OpType::NegatedAllocatedTrue, OpType::False, Boolean::Not(_)) => (), (OpType::NegatedAllocatedTrue, OpType::AllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedTrue, OpType::AllocatedFalse, Boolean::Not(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, ( OpType::NegatedAllocatedTrue, OpType::NegatedAllocatedTrue, @@ -1297,7 +1297,7 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedTrue, OpType::NegatedAllocatedFalse, @@ -1305,14 +1305,14 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, (OpType::NegatedAllocatedFalse, OpType::True, Boolean::Is(_)) => (), (OpType::NegatedAllocatedFalse, OpType::False, Boolean::Not(_)) => (), (OpType::NegatedAllocatedFalse, OpType::AllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::AllocatedFalse, @@ -1320,7 +1320,7 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::NegatedAllocatedTrue, @@ -1328,7 +1328,7 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::NegatedAllocatedFalse, @@ -1336,7 +1336,7 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, _ => unreachable!(), } @@ -1409,85 +1409,85 @@ mod test { (OpType::AllocatedTrue, OpType::False, Boolean::Is(_)) => (), (OpType::AllocatedTrue, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedTrue, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedTrue, OpType::NegatedAllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedTrue, OpType::NegatedAllocatedFalse, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedFalse, OpType::True, Boolean::Constant(true)) => (), (OpType::AllocatedFalse, OpType::False, Boolean::Is(_)) => (), (OpType::AllocatedFalse, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedFalse, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedFalse, OpType::NegatedAllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(true)); - } + }, ( OpType::AllocatedFalse, OpType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedTrue, OpType::True, Boolean::Constant(true)) => (), (OpType::NegatedAllocatedTrue, OpType::False, Boolean::Not(_)) => (), (OpType::NegatedAllocatedTrue, OpType::AllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedTrue, OpType::AllocatedFalse, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(true)); - } + }, ( OpType::NegatedAllocatedTrue, OpType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value(), Ok(true)); - } + }, ( OpType::NegatedAllocatedTrue, OpType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedFalse, OpType::True, Boolean::Constant(true)) => (), (OpType::NegatedAllocatedFalse, OpType::False, Boolean::Not(_)) => (), (OpType::NegatedAllocatedFalse, OpType::AllocatedTrue, Boolean::Not(ref v)) => { assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::AllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value(), Ok(false)); - } + }, _ => panic!( "this should never be encountered, in case: (a = {:?}, b = {:?}, c = {:?})", @@ -1531,49 +1531,49 @@ mod test { (OpType::AllocatedTrue, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedTrue, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedTrue, OpType::NegatedAllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedTrue, OpType::NegatedAllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, (OpType::AllocatedFalse, OpType::True, Boolean::Is(_)) => (), (OpType::AllocatedFalse, OpType::False, Boolean::Constant(false)) => (), (OpType::AllocatedFalse, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedFalse, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedFalse, OpType::NegatedAllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::AllocatedFalse, OpType::NegatedAllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedTrue, OpType::True, Boolean::Not(_)) => (), (OpType::NegatedAllocatedTrue, OpType::False, Boolean::Constant(false)) => (), (OpType::NegatedAllocatedTrue, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedTrue, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedTrue, OpType::NegatedAllocatedTrue, @@ -1581,7 +1581,7 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedTrue, OpType::NegatedAllocatedFalse, @@ -1589,18 +1589,18 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, (OpType::NegatedAllocatedFalse, OpType::True, Boolean::Not(_)) => (), (OpType::NegatedAllocatedFalse, OpType::False, Boolean::Constant(false)) => (), (OpType::NegatedAllocatedFalse, OpType::AllocatedTrue, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, (OpType::NegatedAllocatedFalse, OpType::AllocatedFalse, Boolean::Is(ref v)) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::NegatedAllocatedTrue, @@ -1608,7 +1608,7 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::zero()); assert_eq!(v.value(), Ok(false)); - } + }, ( OpType::NegatedAllocatedFalse, OpType::NegatedAllocatedFalse, @@ -1616,14 +1616,14 @@ mod test { ) => { assert_eq!(cs.assigned_value(v.variable()).unwrap(), Fr::one()); assert_eq!(v.value(), Ok(true)); - } + }, _ => { panic!( "unexpected behavior at {:?} AND {:?}", first_operand, second_operand ); - } + }, } } } diff --git a/src/bits/uint.rs b/src/bits/uint.rs index 57defc42..14181e65 100644 --- a/src/bits/uint.rs +++ b/src/bits/uint.rs @@ -103,17 +103,17 @@ macro_rules! make_uint { match *b { Boolean::Constant(b) => { value.as_mut().map(|v| *v |= $native::from(b)); - } + }, Boolean::Is(ref b) => match b.value() { Ok(b) => { value.as_mut().map(|v| *v |= $native::from(b)); - } + }, Err(_) => value = None, }, Boolean::Not(ref b) => match b.value() { Ok(b) => { value.as_mut().map(|v| *v |= $native::from(!b)); - } + }, Err(_) => value = None, }, } @@ -202,13 +202,13 @@ macro_rules! make_uint { match op.value { Some(val) => { result_value.as_mut().map(|v| *v += BigUint::from(val)); - } + }, None => { // If any of our operands have unknown value, we won't // know the value of the result result_value = None; - } + }, } // Iterate over each bit_gadget of the operand and add the operand to @@ -221,18 +221,18 @@ macro_rules! make_uint { // Add coeff * bit_gadget lc += (coeff, bit.variable()); - } + }, Boolean::Not(ref bit) => { all_constants = false; // Add coeff * (1 - bit_gadget) = coeff * ONE - coeff * bit_gadget lc = lc + (coeff, Variable::One) - (coeff, bit.variable()); - } + }, Boolean::Constant(bit) => { if bit { lc += (coeff, Variable::One); } - } + }, } coeff.double_in_place(); @@ -407,7 +407,7 @@ macro_rules! make_uint { match bit { &Boolean::Constant(bit) => { assert_eq!(bit, ((b.value()? >> i) & 1 == 1)); - } + }, _ => unreachable!(), } } @@ -416,8 +416,8 @@ macro_rules! make_uint { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {} - (&Boolean::Constant(false), &Boolean::Constant(false)) => {} + (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, + (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, _ => unreachable!(), } } diff --git a/src/bits/uint8.rs b/src/bits/uint8.rs index 52c2ff5b..ecceba1e 100644 --- a/src/bits/uint8.rs +++ b/src/bits/uint8.rs @@ -426,8 +426,8 @@ mod test { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {} - (&Boolean::Constant(false), &Boolean::Constant(false)) => {} + (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, + (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, _ => unreachable!(), } } diff --git a/src/fields/cubic_extension.rs b/src/fields/cubic_extension.rs index a6992af5..c1bf205f 100644 --- a/src/fields/cubic_extension.rs +++ b/src/fields/cubic_extension.rs @@ -1,5 +1,5 @@ use ark_ff::{ - fields::{CubicExtField, CubicExtConfig, Field}, + fields::{CubicExtConfig, CubicExtField, Field}, Zero, }; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; diff --git a/src/fields/fp/cmp.rs b/src/fields/fp/cmp.rs index 5a826359..6ffb1ee4 100644 --- a/src/fields/fp/cmp.rs +++ b/src/fields/fp/cmp.rs @@ -186,12 +186,12 @@ mod test { Ordering::Less => { a_var.enforce_cmp(&b_var, Ordering::Less, false).unwrap(); a_var.enforce_cmp(&b_var, Ordering::Less, true).unwrap(); - } + }, Ordering::Greater => { a_var.enforce_cmp(&b_var, Ordering::Greater, false).unwrap(); a_var.enforce_cmp(&b_var, Ordering::Greater, true).unwrap(); - } - _ => {} + }, + _ => {}, } if i == 0 { @@ -212,12 +212,12 @@ mod test { Ordering::Less => { a_var.enforce_cmp(&b_var, Ordering::Less, false).unwrap(); a_var.enforce_cmp(&b_var, Ordering::Less, true).unwrap(); - } + }, Ordering::Greater => { a_var.enforce_cmp(&b_var, Ordering::Greater, false).unwrap(); a_var.enforce_cmp(&b_var, Ordering::Greater, true).unwrap(); - } - _ => {} + }, + _ => {}, } assert!(!cs.is_satisfied().unwrap()); diff --git a/src/fields/fp/mod.rs b/src/fields/fp/mod.rs index 50976a87..cbdf6f32 100644 --- a/src/fields/fp/mod.rs +++ b/src/fields/fp/mod.rs @@ -587,7 +587,7 @@ impl CondSelectGadget for AllocatedFp { )?; Ok(result) - } + }, } } } @@ -734,13 +734,13 @@ impl FieldVar for FpVar { (Constant(_), Constant(_), Constant(_)) => Ok(()), (Constant(_), Constant(_), _) | (Constant(_), Var(_), _) | (Var(_), Constant(_), _) => { result.enforce_equal(&(self * other)) - } // this multiplication should be free + }, // this multiplication should be free (Var(v1), Var(v2), Var(v3)) => v1.mul_equals(v2, v3), (Var(v1), Var(v2), Constant(f)) => { let cs = v1.cs.clone(); let v3 = AllocatedFp::new_constant(cs, f).unwrap(); v1.mul_equals(v2, &v3) - } + }, } } @@ -754,12 +754,12 @@ impl FieldVar for FpVar { let cs = r.cs.clone(); let v = AllocatedFp::new_witness(cs, || Ok(f))?; v.square_equals(&r) - } + }, (Var(v), Constant(f)) => { let cs = v.cs.clone(); let r = AllocatedFp::new_witness(cs, || Ok(f))?; v.square_equals(&r) - } + }, (Var(v1), Var(v2)) => v1.square_equals(v2), } } @@ -780,7 +780,7 @@ impl FieldVar for FpVar { let mut f = *f; f.frobenius_map(power); Ok(FpVar::Constant(f)) - } + }, } } @@ -867,7 +867,7 @@ impl EqGadget for FpVar { let cs = v.cs.clone(); let c = AllocatedFp::new_constant(cs, c)?; c.is_eq(v) - } + }, (Self::Var(v1), Self::Var(v2)) => v1.is_eq(v2), } } @@ -884,7 +884,7 @@ impl EqGadget for FpVar { let cs = v.cs.clone(); let c = AllocatedFp::new_constant(cs, c)?; c.conditional_enforce_equal(v, should_enforce) - } + }, (Self::Var(v1), Self::Var(v2)) => v1.conditional_enforce_equal(v2, should_enforce), } } @@ -901,7 +901,7 @@ impl EqGadget for FpVar { let cs = v.cs.clone(); let c = AllocatedFp::new_constant(cs, c)?; c.conditional_enforce_not_equal(v, should_enforce) - } + }, (Self::Var(v1), Self::Var(v2)) => v1.conditional_enforce_not_equal(v2, should_enforce), } } @@ -973,7 +973,7 @@ impl CondSelectGadget for FpVar { let not = AllocatedFp::from(cond.not()); // cond * t + (1 - cond) * f Ok(is.mul_constant(*t).add(¬.mul_constant(*f)).into()) - } + }, (..) => { let cs = cond.cs(); let true_value = match true_value { @@ -985,9 +985,9 @@ impl CondSelectGadget for FpVar { Self::Var(v) => v.clone(), }; cond.select(&true_value, &false_value).map(Self::Var) - } + }, } - } + }, } } } @@ -1066,7 +1066,7 @@ impl<'a, F: PrimeField> Sum<&'a FpVar> for FpVar { FpVar::Constant(c) => { sum_constants += c; None - } + }, FpVar::Var(v) => Some(v), }))); @@ -1083,7 +1083,7 @@ impl Sum> for FpVar { FpVar::Constant(c) => { sum_constants += c; None - } + }, FpVar::Var(v) => Some(v), }) .collect::>(); diff --git a/src/fields/mod.rs b/src/fields/mod.rs index bd998ff0..2929c848 100644 --- a/src/fields/mod.rs +++ b/src/fields/mod.rs @@ -195,7 +195,7 @@ pub trait FieldVar: })?; result.mul_equals(d, self)?; Ok(result) - } + }, } } diff --git a/src/fields/nonnative/field_var.rs b/src/fields/nonnative/field_var.rs index 86c0a10f..585043c0 100644 --- a/src/fields/nonnative/field_var.rs +++ b/src/fields/nonnative/field_var.rs @@ -267,12 +267,12 @@ impl EqGadget should_enforce.enforce_equal(&Boolean::FALSE)?; } Ok(()) - } + }, (Self::Constant(c), Self::Var(v)) | (Self::Var(v), Self::Constant(c)) => { let cs = v.cs(); let c = AllocatedNonNativeFieldVar::new_constant(cs, c)?; c.conditional_enforce_equal(v, should_enforce) - } + }, (Self::Var(v1), Self::Var(v2)) => v1.conditional_enforce_equal(v2, should_enforce), } } @@ -289,12 +289,12 @@ impl EqGadget should_enforce.enforce_equal(&Boolean::FALSE)?; } Ok(()) - } + }, (Self::Constant(c), Self::Var(v)) | (Self::Var(v), Self::Constant(c)) => { let cs = v.cs(); let c = AllocatedNonNativeFieldVar::new_constant(cs, c)?; c.conditional_enforce_not_equal(v, should_enforce) - } + }, (Self::Var(v1), Self::Var(v2)) => v1.conditional_enforce_not_equal(v2, should_enforce), } } @@ -369,7 +369,7 @@ impl CondSelectGadget Self::Var(v) => v.clone(), }; cond.select(&true_value, &false_value).map(Self::Var) - } + }, } } } @@ -483,7 +483,7 @@ impl<'a, TargetField: PrimeField, BaseField: PrimeField> Sum<&'a Self> Self::Constant(c) => { sum_constants += c; None - } + }, Self::Var(v) => Some(v), }) .collect::>(); @@ -507,7 +507,7 @@ impl Sum Self::Constant(c) => { sum_constants += c; None - } + }, Self::Var(v) => Some(v), }) .collect::>(); @@ -540,7 +540,7 @@ impl NonNativeFieldVar { let other_v = match other { @@ -549,13 +549,13 @@ impl NonNativeFieldVar other_v.clone(), }; Ok(NonNativeFieldMulResultVar::Var( v.mul_without_reduce(&other_v)?, )) - } + }, } } } diff --git a/src/fields/nonnative/mul_result.rs b/src/fields/nonnative/mul_result.rs index 62afcc8c..8f247314 100644 --- a/src/fields/nonnative/mul_result.rs +++ b/src/fields/nonnative/mul_result.rs @@ -53,7 +53,7 @@ impl TargetField, BaseField, >::from(v)) - } + }, } } } diff --git a/src/fields/nonnative/params.rs b/src/fields/nonnative/params.rs index 8380413b..160a273a 100644 --- a/src/fields/nonnative/params.rs +++ b/src/fields/nonnative/params.rs @@ -54,10 +54,10 @@ pub const fn find_parameters( match optimization_type { OptimizationType::Constraints => { this_cost += 2 * num_of_limbs - 1; - } + }, OptimizationType::Weight => { this_cost += 6 * num_of_limbs * num_of_limbs; - } + }, }; match optimization_type { @@ -67,7 +67,7 @@ pub const fn find_parameters( //this_cost += 2 * num_of_limbs - 1; // compute kp this_cost += num_of_groups + (num_of_groups - 1) * (limb_size * 2 + surfeit) + 1; // equality check - } + }, OptimizationType::Weight => { this_cost += target_field_prime_bit_length * 3 + target_field_prime_bit_length; // allocation of k this_cost += target_field_prime_bit_length * 3 @@ -79,7 +79,7 @@ pub const fn find_parameters( + 6 * num_of_groups + (num_of_groups - 1) * (2 * limb_size + surfeit) * 4 + 2; // equality check - } + }, }; if !found || this_cost < min_cost { diff --git a/src/fields/quadratic_extension.rs b/src/fields/quadratic_extension.rs index 5b0d6dfc..b8888245 100644 --- a/src/fields/quadratic_extension.rs +++ b/src/fields/quadratic_extension.rs @@ -1,5 +1,5 @@ use ark_ff::{ - fields::{Field, QuadExtField, QuadExtConfig}, + fields::{Field, QuadExtConfig, QuadExtField}, Zero, }; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; diff --git a/src/groups/curves/short_weierstrass/bls12/mod.rs b/src/groups/curves/short_weierstrass/bls12/mod.rs index 8b1f2ee7..49fdd741 100644 --- a/src/groups/curves/short_weierstrass/bls12/mod.rs +++ b/src/groups/curves/short_weierstrass/bls12/mod.rs @@ -156,7 +156,7 @@ where .zip(z_s) .map(|((x, y, _), z_inv)| (*x * &z_inv, *y * &z_inv)) .collect::>() - } + }, TwistType::D => { let mut z_s = projective_coeffs .iter() @@ -168,7 +168,7 @@ where .zip(z_s) .map(|((_, x, y), z_inv)| (*x * &z_inv, *y * &z_inv)) .collect::>() - } + }, } }); diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 95ca7acc..6a1d737b 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -37,10 +37,7 @@ type BFVar

= as FieldWithVar>::Var; /// the complete formulae derived in the paper of /// [[Renes, Costello, Batina 2015]](). #[derive(Derivative)] -#[derivative( - Debug(bound = "P: SWModelConfig"), - Clone(bound = "P: SWModelConfig") -)] +#[derivative(Debug(bound = "P: SWModelConfig"), Clone(bound = "P: SWModelConfig"))] #[must_use] pub struct ProjectiveVar where @@ -218,7 +215,7 @@ where } else { (Ok(ge.x), Ok(ge.y), Ok(P::BaseField::one())) } - } + }, _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -881,7 +878,7 @@ where ge.enforce_equal(&ge)?; Ok(ge) } - } + }, } } } diff --git a/src/groups/curves/short_weierstrass/non_zero_affine.rs b/src/groups/curves/short_weierstrass/non_zero_affine.rs index 7ef889a3..87bad343 100644 --- a/src/groups/curves/short_weierstrass/non_zero_affine.rs +++ b/src/groups/curves/short_weierstrass/non_zero_affine.rs @@ -3,10 +3,7 @@ use super::*; /// An affine representation of a prime order curve point that is guaranteed /// to *not* be the point at infinity. #[derive(Derivative)] -#[derivative( - Debug(bound = "P: SWModelConfig"), - Clone(bound = "P: SWModelConfig") -)] +#[derivative(Debug(bound = "P: SWModelConfig"), Clone(bound = "P: SWModelConfig"))] #[must_use] pub struct NonZeroAffineVar where @@ -200,27 +197,20 @@ mod test_non_zero_affine { let cs = ConstraintSystem::::new_ref(); let x = FpVar::Var( - AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Config::AFFINE_GENERATOR_COEFFS.0) - }) - .unwrap(), + AllocatedFp::::new_witness(cs.clone(), || Ok(G1Config::AFFINE_GENERATOR_COEFFS.0)) + .unwrap(), ); let y = FpVar::Var( - AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Config::AFFINE_GENERATOR_COEFFS.1) - }) - .unwrap(), + AllocatedFp::::new_witness(cs.clone(), || Ok(G1Config::AFFINE_GENERATOR_COEFFS.1)) + .unwrap(), ); // The following code uses `double` and `add` (`add_unchecked`) to compute // (1 + 2 + ... + 2^9) G let sum_a = { - let mut a = ProjectiveVar::::new( - x.clone(), - y.clone(), - FpVar::Constant(Fq::one()), - ); + let mut a = + ProjectiveVar::::new(x.clone(), y.clone(), FpVar::Constant(Fq::one())); let mut double_sequence = Vec::new(); double_sequence.push(a.clone()); @@ -267,25 +257,18 @@ mod test_non_zero_affine { let cs = ConstraintSystem::::new_ref(); let x = FpVar::Var( - AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Config::AFFINE_GENERATOR_COEFFS.0) - }) - .unwrap(), + AllocatedFp::::new_witness(cs.clone(), || Ok(G1Config::AFFINE_GENERATOR_COEFFS.0)) + .unwrap(), ); let y = FpVar::Var( - AllocatedFp::::new_witness(cs.clone(), || { - Ok(G1Config::AFFINE_GENERATOR_COEFFS.1) - }) - .unwrap(), + AllocatedFp::::new_witness(cs.clone(), || Ok(G1Config::AFFINE_GENERATOR_COEFFS.1)) + .unwrap(), ); // The following code tests `double_and_add`. let sum_a = { - let a = ProjectiveVar::::new( - x.clone(), - y.clone(), - FpVar::Constant(Fq::one()), - ); + let a = + ProjectiveVar::::new(x.clone(), y.clone(), FpVar::Constant(Fq::one())); let mut cur = a.clone(); cur.double_in_place().unwrap(); diff --git a/src/groups/curves/twisted_edwards/mod.rs b/src/groups/curves/twisted_edwards/mod.rs index d3253557..2e65200e 100644 --- a/src/groups/curves/twisted_edwards/mod.rs +++ b/src/groups/curves/twisted_edwards/mod.rs @@ -283,7 +283,7 @@ where Ok(ge) => { let ge: TEAffine

= ge.into(); (Ok(ge.x), Ok(ge.y)) - } + }, _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -668,7 +668,7 @@ where ge.enforce_equal(&ge)?; Ok(ge) } - } + }, } } } diff --git a/src/pairing/bls12/mod.rs b/src/pairing/bls12/mod.rs index d5864bc3..19b99121 100644 --- a/src/pairing/bls12/mod.rs +++ b/src/pairing/bls12/mod.rs @@ -38,7 +38,7 @@ where c1.c1 *= &p.x; *f = f.mul_by_014(&c0, &c1, &c2)?; Ok(()) - } + }, TwistType::D => { let c0 = Fp2V::

::new(p.y.clone(), zero); let mut c1 = coeffs.0.clone(); @@ -48,7 +48,7 @@ where c1.c1 *= &p.x; *f = f.mul_by_034(&c0, &c1, &c2)?; Ok(()) - } + }, } } diff --git a/tests/arithmetic_tests.rs b/tests/arithmetic_tests.rs index 9fa75ad6..afcfa715 100644 --- a/tests/arithmetic_tests.rs +++ b/tests/arithmetic_tests.rs @@ -327,15 +327,15 @@ fn randomized_arithmetic_test { num_native += &next_native; num += &next; - } + }, 1 => { num_native *= &next_native; num *= &next; - } + }, 2 => { num_native -= &next_native; num -= &next; - } + }, _ => (), }; From 9db36c587adabe7431c7f1d1dc798bcd759ca482 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 21 Dec 2022 04:16:38 +0530 Subject: [PATCH 25/26] Format --- src/fields/nonnative/field_var.rs | 2 +- src/fields/nonnative/reduce.rs | 6 +++++- src/groups/curves/short_weierstrass/mnt4/mod.rs | 15 +++++++-------- src/groups/curves/short_weierstrass/mnt6/mod.rs | 7 +++---- src/groups/curves/short_weierstrass/mod.rs | 6 ++---- .../curves/short_weierstrass/non_zero_affine.rs | 6 ++---- src/groups/curves/twisted_edwards/mod.rs | 5 ++--- 7 files changed, 22 insertions(+), 25 deletions(-) diff --git a/src/fields/nonnative/field_var.rs b/src/fields/nonnative/field_var.rs index f511be5b..c7a6284b 100644 --- a/src/fields/nonnative/field_var.rs +++ b/src/fields/nonnative/field_var.rs @@ -10,8 +10,8 @@ use ark_relations::r1cs::{ConstraintSystemRef, Namespace, Result as R1CSResult, use ark_std::{ borrow::Borrow, hash::{Hash, Hasher}, - vec::Vec, iter::Sum, + vec::Vec, }; /// A gadget for representing non-native (`TargetField`) field elements over the diff --git a/src/fields/nonnative/reduce.rs b/src/fields/nonnative/reduce.rs index a770ddcf..7f29ea06 100644 --- a/src/fields/nonnative/reduce.rs +++ b/src/fields/nonnative/reduce.rs @@ -1,4 +1,8 @@ -use super::{overhead, params::{get_params, OptimizationType}, AllocatedNonNativeFieldVar}; +use super::{ + overhead, + params::{get_params, OptimizationType}, + AllocatedNonNativeFieldVar, +}; use crate::{ alloc::AllocVar, boolean::Boolean, diff --git a/src/groups/curves/short_weierstrass/mnt4/mod.rs b/src/groups/curves/short_weierstrass/mnt4/mod.rs index a2c6f974..a37d7941 100644 --- a/src/groups/curves/short_weierstrass/mnt4/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt4/mod.rs @@ -392,7 +392,7 @@ where pub c_l: Fp2Var, } -impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

+impl AllocVar, P::Fp> for AteDoubleCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -422,7 +422,7 @@ where } } -impl ToBytesGadget for AteDoubleCoefficientsVar

+impl ToBytesGadget for AteDoubleCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -454,7 +454,7 @@ where } } -impl AteDoubleCoefficientsVar

+impl AteDoubleCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -490,8 +490,7 @@ where pub c_rz: Fp2Var, } -impl AllocVar, P::Fp> - for AteAdditionCoefficientsVar

+impl AllocVar, P::Fp> for AteAdditionCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -515,7 +514,7 @@ where } } -impl ToBytesGadget for AteAdditionCoefficientsVar

+impl ToBytesGadget for AteAdditionCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -539,7 +538,7 @@ where } } -impl AteAdditionCoefficientsVar

+impl AteAdditionCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -552,7 +551,7 @@ where } #[doc(hidden)] -pub struct G2ProjectiveExtendedVar +pub struct G2ProjectiveExtendedVar where P::Fp: FieldWithVar>, { diff --git a/src/groups/curves/short_weierstrass/mnt6/mod.rs b/src/groups/curves/short_weierstrass/mnt6/mod.rs index 704d5285..8521fcc0 100644 --- a/src/groups/curves/short_weierstrass/mnt6/mod.rs +++ b/src/groups/curves/short_weierstrass/mnt6/mod.rs @@ -485,8 +485,7 @@ where pub c_rz: Fp3Var, } -impl AllocVar, P::Fp> - for AteAdditionCoefficientsVar

+impl AllocVar, P::Fp> for AteAdditionCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -510,7 +509,7 @@ where } } -impl ToBytesGadget for AteAdditionCoefficientsVar

+impl ToBytesGadget for AteAdditionCoefficientsVar

where P::Fp: FieldWithVar>, { @@ -534,7 +533,7 @@ where } } -impl AteAdditionCoefficientsVar

+impl AteAdditionCoefficientsVar

where P::Fp: FieldWithVar>, { diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 69adac16..38146295 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -1,8 +1,6 @@ use ark_ec::{ - short_weierstrass::{ - Affine, Projective, SWCurveConfig, - }, - AffineRepr, CurveGroup, CurveConfig, + short_weierstrass::{Affine, Projective, SWCurveConfig}, + AffineRepr, CurveConfig, CurveGroup, }; use ark_ff::{BigInteger, BitIteratorBE, Field, One, PrimeField, Zero}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; diff --git a/src/groups/curves/short_weierstrass/non_zero_affine.rs b/src/groups/curves/short_weierstrass/non_zero_affine.rs index 77b3f320..781a0f2a 100644 --- a/src/groups/curves/short_weierstrass/non_zero_affine.rs +++ b/src/groups/curves/short_weierstrass/non_zero_affine.rs @@ -1,5 +1,5 @@ use super::*; -use ark_ec::{Group, models::short_weierstrass::SWCurveConfig}; +use ark_ec::{models::short_weierstrass::SWCurveConfig, Group}; use ark_std::ops::Add; /// An affine representation of a prime order curve point that is guaranteed @@ -79,9 +79,7 @@ where #[tracing::instrument(target = "r1cs", skip(self))] pub fn double(&self) -> Result { if [self].is_constant() { - let result = Projective::

::from(self.value()?) - .double() - .into_affine(); + let result = Projective::

::from(self.value()?).double().into_affine(); // Panic if the result is zero. assert!(!result.is_zero()); Ok(Self::new( diff --git a/src/groups/curves/twisted_edwards/mod.rs b/src/groups/curves/twisted_edwards/mod.rs index 1fa59c24..f18a745a 100644 --- a/src/groups/curves/twisted_edwards/mod.rs +++ b/src/groups/curves/twisted_edwards/mod.rs @@ -1,9 +1,8 @@ use ark_ec::{ twisted_edwards::{ - Affine as TEAffine, MontCurveConfig, - Projective as TEProjective, TECurveConfig as TECurveConfig, + Affine as TEAffine, MontCurveConfig, Projective as TEProjective, TECurveConfig, }, - AffineRepr, CurveGroup, Group, CurveConfig, + AffineRepr, CurveConfig, CurveGroup, Group, }; use ark_ff::{BigInteger, BitIteratorBE, Field, One, PrimeField, Zero}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; From 7e498048c4d0c706d8b8cfdf719f46f86ea9f783 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 18 Jan 2023 14:25:19 -0800 Subject: [PATCH 26/26] Tweak --- src/fields/cubic_extension.rs | 6 +-- src/fields/fp/mod.rs | 6 +-- src/fields/mod.rs | 40 ++++++++++++------- src/fields/nonnative/field_var.rs | 6 +-- src/fields/quadratic_extension.rs | 6 +-- src/groups/curves/short_weierstrass/mod.rs | 17 +------- .../short_weierstrass/non_zero_affine.rs | 1 - src/groups/curves/twisted_edwards/mod.rs | 12 ------ 8 files changed, 39 insertions(+), 55 deletions(-) diff --git a/src/fields/cubic_extension.rs b/src/fields/cubic_extension.rs index c1bf205f..5694e173 100644 --- a/src/fields/cubic_extension.rs +++ b/src/fields/cubic_extension.rs @@ -7,7 +7,7 @@ use ark_std::iter::Sum; use core::{borrow::Borrow, marker::PhantomData}; use crate::{ - fields::{fp::FpVar, FieldOpsBounds, FieldVar, FieldWithVar}, + fields::{fp::FpVar, FieldRefOpsBounds, FieldOpsBounds, FieldVar, FieldWithVar}, prelude::*, ToConstraintFieldGadget, Vec, }; @@ -128,13 +128,13 @@ where } } -impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for CubicExtVar

+impl<'a, P> FieldOpsBounds, &'a Self> for CubicExtVar

where P: CubicExtVarConfig, P::BaseField: FieldWithVar, { } -impl<'a, P> FieldOpsBounds<'a, CubicExtField

, CubicExtVar

> for &'a CubicExtVar

+impl<'a, P> FieldRefOpsBounds, CubicExtVar

> for &'a CubicExtVar

where P: CubicExtVarConfig, P::BaseField: FieldWithVar, diff --git a/src/fields/fp/mod.rs b/src/fields/fp/mod.rs index 0e7091ee..792c10ae 100644 --- a/src/fields/fp/mod.rs +++ b/src/fields/fp/mod.rs @@ -6,7 +6,7 @@ use ark_relations::r1cs::{ use core::borrow::Borrow; use crate::{ - fields::{FieldOpsBounds, FieldVar, FieldWithVar}, + fields::{FieldOpsBounds, FieldRefOpsBounds, FieldVar, FieldWithVar}, prelude::*, Assignment, ToConstraintFieldGadget, Vec, }; @@ -94,8 +94,8 @@ impl From> for FpVar { } } -impl<'a, F: PrimeField> FieldOpsBounds<'a, F, Self> for FpVar {} -impl<'a, F: PrimeField> FieldOpsBounds<'a, F, FpVar> for &'a FpVar {} +impl<'a, F: PrimeField> FieldOpsBounds for FpVar {} +impl<'a, F: PrimeField> FieldRefOpsBounds> for &'a FpVar {} impl AllocatedFp { /// Constructs `Self` from a `Boolean`: if `other` is false, this outputs diff --git a/src/fields/mod.rs b/src/fields/mod.rs index 8db551ca..772fb026 100644 --- a/src/fields/mod.rs +++ b/src/fields/mod.rs @@ -51,15 +51,14 @@ pub mod fp6_2over3; pub mod fp6_3over2; pub trait FieldWithVar: Field { - type Var: FieldVar; + type Var: FieldVar + for<'a> FieldOpsBounds; } -/// This trait is a hack used to work around the lack of implied bounds. -pub trait FieldOpsBounds<'a, F, T: 'a>: +pub trait FieldRefOpsBounds: Sized - + Add<&'a T, Output = T> - + Sub<&'a T, Output = T> - + Mul<&'a T, Output = T> + + for<'a> Add<&'a T, Output = T> + + for<'a> Sub<&'a T, Output = T> + + for<'a> Mul<&'a T, Output = T> + Add + Sub + Mul @@ -69,6 +68,22 @@ pub trait FieldOpsBounds<'a, F, T: 'a>: { } +/// This trait is a hack used to work around the lack of implied bounds. +pub trait FieldOpsBounds>: + 'static + + Sized + + for<'a> Add<&'a Self, Output = Self> + + for<'a> Sub<&'a Self, Output = Self> + + for<'a> Mul<&'a Self, Output = Self> + + Add + + Sub + + Mul + + Add + + Sub + + Mul +{ +} + /// A variable representing a field. Corresponds to the native type `F`. pub trait FieldVar: 'static @@ -80,7 +95,7 @@ pub trait FieldVar: + AllocVar + ToBytesGadget + CondSelectGadget - + for<'a> FieldOpsBounds<'a, F, Self> + + for<'a> FieldOpsBounds + for<'a> AddAssign<&'a Self> + for<'a> SubAssign<&'a Self> + for<'a> MulAssign<&'a Self> @@ -125,7 +140,7 @@ pub trait FieldVar: /// Sets `self = self + self`. fn double_in_place(&mut self) -> Result<&mut Self, SynthesisError>; - /// Coputes `-self`. + /// Computes `-self`. fn negate(&self) -> Result { let mut result = self.clone(); result.negate_in_place()?; @@ -136,20 +151,17 @@ pub trait FieldVar: fn negate_in_place(&mut self) -> Result<&mut Self, SynthesisError>; /// Computes `self * self`. - /// - /// A default implementation is provided which just invokes the underlying - /// multiplication routine. However, this method should be specialized - /// for extension fields, where faster algorithms exist for squaring. fn square(&self) -> Result { let mut result = self.clone(); result.square_in_place()?; Ok(result) } - /// Sets `self = self.square()`. + /// Sets `self = self * self`. fn square_in_place(&mut self) -> Result<&mut Self, SynthesisError>; /// Enforces that `self * other == result`. + /// Provides a default implementation in terms of `mul` and `self.enforce_equal`. fn mul_equals(&self, other: &Self, result: &Self) -> Result<(), SynthesisError> { let actual_result = self.clone() * other; result.enforce_equal(&actual_result) @@ -199,7 +211,7 @@ pub trait FieldVar: } } - /// Computes the frobenius map over `self`. + /// Computes the Frobenius map over `self`. fn frobenius_map(&self, power: usize) -> Result; /// Sets `self = self.frobenius_map()`. diff --git a/src/fields/nonnative/field_var.rs b/src/fields/nonnative/field_var.rs index c7a6284b..8b558c68 100644 --- a/src/fields/nonnative/field_var.rs +++ b/src/fields/nonnative/field_var.rs @@ -1,7 +1,7 @@ use super::{params::OptimizationType, AllocatedNonNativeFieldVar, NonNativeFieldMulResultVar}; use crate::{ boolean::Boolean, - fields::{fp::FpVar, FieldVar}, + fields::{fp::FpVar, FieldVar, FieldRefOpsBounds}, prelude::*, R1CSVar, ToConstraintFieldGadget, }; @@ -92,13 +92,13 @@ impl } } -impl<'a, TargetField: PrimeField, BaseField: PrimeField> FieldOpsBounds<'a, TargetField, Self> +impl<'a, TargetField: PrimeField, BaseField: PrimeField> FieldOpsBounds for NonNativeFieldVar { } impl<'a, TargetField: PrimeField, BaseField: PrimeField> - FieldOpsBounds<'a, TargetField, NonNativeFieldVar> + FieldRefOpsBounds> for &'a NonNativeFieldVar { } diff --git a/src/fields/quadratic_extension.rs b/src/fields/quadratic_extension.rs index 54d1feec..ae3602a4 100644 --- a/src/fields/quadratic_extension.rs +++ b/src/fields/quadratic_extension.rs @@ -12,7 +12,7 @@ use crate::{ }; use ark_std::iter::Sum; -use super::FieldWithVar; +use super::{FieldWithVar, FieldRefOpsBounds}; /// This struct is the `R1CS` equivalent of the quadratic extension field type /// in `ark-ff`, i.e. `ark_ff::QuadExtField`. @@ -160,12 +160,12 @@ where } } -impl<'a, P: QuadExtVarConfig> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> for QuadExtVar

where +impl<'a, P: QuadExtVarConfig> FieldOpsBounds, &'a Self> for QuadExtVar

where P::BaseField: FieldWithVar { } -impl<'a, P: QuadExtVarConfig> FieldOpsBounds<'a, QuadExtField

, QuadExtVar

> +impl<'a, P: QuadExtVarConfig> FieldRefOpsBounds, QuadExtVar

> for &'a QuadExtVar

where P::BaseField: FieldWithVar, diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index 38146295..9044170a 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -241,7 +241,6 @@ where impl ProjectiveVar

where BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Mixed addition, which is useful when `other = (x2, y2)` is known to have /// z = 1. @@ -261,7 +260,7 @@ where let xx = x1 * x2; // 1 let yy = y1 * y2; // 2 - let xy_pairs = ((x1 + y1) * &(x2 + y2)) - (&xx + &yy); // 4, 5, 6, 7, 8 + let xy_pairs = ((x1 + y1) * (x2 + y2)) - (&xx + &yy); // 4, 5, 6, 7, 8 let xz_pairs = (x2 * z1) + x1; // 8, 9 let yz_pairs = (y2 * z1) + y1; // 10, 11 @@ -381,7 +380,6 @@ where impl CurveWithVar> for Projective

where BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { type Var = ProjectiveVar

; } @@ -390,7 +388,6 @@ impl

CurveVar, CF

> for ProjectiveVar

where P: SWCurveConfig, BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(g: Projective

) -> Self { let cs = ConstraintSystemRef::None; @@ -586,7 +583,6 @@ where P: SWCurveConfig, BF

: FieldWithVar, BFVar

: ToConstraintFieldGadget>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn to_constraint_field(&self) -> Result>>, SynthesisError> { self.to_affine()?.to_constraint_field() @@ -595,7 +591,6 @@ where fn mul_by_coeff_a(f: &BFVar

) -> BFVar

where - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, BF

: FieldWithVar, { if !P::COEFF_A.is_zero() { @@ -681,7 +676,6 @@ impl_bounded_ops!( *this = &*this + ProjectiveVar::constant(other) }, (P: SWCurveConfig), - for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, BF

: FieldWithVar, ); @@ -695,7 +689,6 @@ impl_bounded_ops!( |this: &mut ProjectiveVar

, other: &'a ProjectiveVar

| *this += other.negate().unwrap(), |this: &mut ProjectiveVar

, other: Projective

| *this = &*this - ProjectiveVar::constant(other), (P: SWCurveConfig), - for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, BF

: FieldWithVar, ); @@ -703,7 +696,6 @@ impl<'a, P> GroupOpsBounds<'a, Projective

, ProjectiveVar

> for ProjectiveVa where P: SWCurveConfig, BF

: FieldWithVar, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -711,7 +703,6 @@ impl<'a, P> GroupOpsBounds<'a, Projective

, ProjectiveVar

> for &'a Projecti where P: SWCurveConfig, BF

: FieldWithVar, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -719,7 +710,6 @@ impl

CondSelectGadget> for ProjectiveVar

where P: SWCurveConfig, BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[inline] #[tracing::instrument(target = "r1cs")] @@ -740,7 +730,6 @@ impl

EqGadget> for ProjectiveVar

where P: SWCurveConfig, BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn is_eq(&self, other: &Self) -> Result>, SynthesisError> { @@ -786,7 +775,6 @@ impl

AllocVar, CF

> for ProjectiveVar

where P: SWCurveConfig, BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn new_variable>>( cs: impl Into>>, @@ -805,7 +793,6 @@ impl

AllocVar, CF

> for ProjectiveVar

where P: SWCurveConfig, BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn new_variable>>( cs: impl Into>>, @@ -916,7 +903,6 @@ impl

ToBitsGadget> for ProjectiveVar

where P: SWCurveConfig, BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn to_bits_le(&self) -> Result>>, SynthesisError> { @@ -943,7 +929,6 @@ impl

ToBytesGadget> for ProjectiveVar

where P: SWCurveConfig, BF

: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs")] fn to_bytes(&self) -> Result>>, SynthesisError> { diff --git a/src/groups/curves/short_weierstrass/non_zero_affine.rs b/src/groups/curves/short_weierstrass/non_zero_affine.rs index 781a0f2a..a3ffc434 100644 --- a/src/groups/curves/short_weierstrass/non_zero_affine.rs +++ b/src/groups/curves/short_weierstrass/non_zero_affine.rs @@ -44,7 +44,6 @@ where P: SWCurveConfig, BF

: FieldWithVar, BFVar

: FieldVar>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Performs an addition without checking that other != ±self. #[tracing::instrument(target = "r1cs", skip(self, other))] diff --git a/src/groups/curves/twisted_edwards/mod.rs b/src/groups/curves/twisted_edwards/mod.rs index f18a745a..ef21910c 100644 --- a/src/groups/curves/twisted_edwards/mod.rs +++ b/src/groups/curves/twisted_edwards/mod.rs @@ -114,7 +114,6 @@ mod montgomery_affine_impl { impl MontgomeryAffineVar

where P::BaseField: FieldWithVar, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { /// Converts `self` into a Twisted Edwards curve point variable. #[tracing::instrument(target = "r1cs")] @@ -168,7 +167,6 @@ mod montgomery_affine_impl { where P: TECurveConfig, P::BaseField: FieldWithVar, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { type Output = MontgomeryAffineVar

; @@ -304,7 +302,6 @@ where P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField> + ThreeBitCondNegLookupGadget, TableConstant = P::BaseField>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { /// Compute a scalar multiplication of `bases` with respect to `scalars`, /// where the elements of `scalars` are length-three slices of bits, and @@ -412,9 +409,7 @@ type CF

= <

::BaseField as Field>::BasePrimeField; impl CurveWithVar> for TEProjective

where P::BaseField: FieldWithVar, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { type Var = AffineVar

; } @@ -424,7 +419,6 @@ where P: TECurveConfig, P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { fn constant(g: TEProjective

) -> Self { let cs = ConstraintSystemRef::None; @@ -578,7 +572,6 @@ where P: TECurveConfig, P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -679,7 +672,6 @@ where P: TECurveConfig, P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for<'a> &'a BFVar

: FieldOpsBounds<'a, P::BaseField, BFVar

>, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -786,7 +778,6 @@ impl_bounded_ops!( ), P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, ); impl_bounded_ops!( @@ -803,7 +794,6 @@ impl_bounded_ops!( ), P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for <'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

> ); impl<'a, P> GroupOpsBounds<'a, TEProjective

, AffineVar

> for AffineVar

@@ -811,7 +801,6 @@ where P: TECurveConfig, P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { } @@ -820,7 +809,6 @@ where P: TECurveConfig, P::BaseField: FieldWithVar, BFVar

: TwoBitLookupGadget, TableConstant = P::BaseField>, - for<'b> &'b BFVar

: FieldOpsBounds<'b, P::BaseField, BFVar

>, { }