From 06192ac3d43c7b24de6c8511fe7646553d985512 Mon Sep 17 00:00:00 2001
From: Srinath Setty <srinath@microsoft.com>
Date: Wed, 27 Jul 2022 14:07:44 -0700
Subject: [PATCH] Optimizations (#100)

* avoid creating commitments to zero vectors

* reduce the number of constraints in each iteration from 4 to 3
---
 examples/minroot.rs | 19 ++++++++++++-------
 src/commitments.rs  |  6 ++++++
 src/lib.rs          |  8 ++++++++
 src/pasta.rs        | 18 +++++++++++++++++-
 src/r1cs.rs         |  4 ++--
 src/traits/mod.rs   |  6 ++++++
 6 files changed, 51 insertions(+), 10 deletions(-)

diff --git a/examples/minroot.rs b/examples/minroot.rs
index 10655a7..80a3787 100644
--- a/examples/minroot.rs
+++ b/examples/minroot.rs
@@ -124,14 +124,10 @@ where
         x_i_plus_1.square(cs.namespace(|| format!("x_i_plus_1_sq_iter_{}", i)))?;
       let x_i_plus_1_quad =
         x_i_plus_1_sq.square(cs.namespace(|| format!("x_i_plus_1_quad_{}", i)))?;
-      let x_i_plus_1_pow_5 = x_i_plus_1_quad.mul(
-        cs.namespace(|| format!("x_i_plus_1_pow_5_{}", i)),
-        &x_i_plus_1,
-      )?;
       cs.enforce(
-        || format!("x_i_plus_1_pow_5 = x_i + y_i_iter_{}", i),
-        |lc| lc + x_i_plus_1_pow_5.get_variable(),
-        |lc| lc + CS::one(),
+        || format!("x_i_plus_1_quad * x_i_plus_1 = x_i + y_i_iter_{}", i),
+        |lc| lc + x_i_plus_1_quad.get_variable(),
+        |lc| lc + x_i_plus_1.get_variable(),
         |lc| lc + x_i.get_variable() + y_i.get_variable(),
       );
 
@@ -211,6 +207,15 @@ fn main() {
     pp.num_constraints().1
   );
 
+  println!(
+    "Number of variables per step (primary circuit): {}",
+    pp.num_variables().0
+  );
+  println!(
+    "Number of variables per step (secondary circuit): {}",
+    pp.num_variables().1
+  );
+
   // produce non-deterministic advice
   let (z0_primary, minroot_iterations) = MinRootIteration::new(
     num_iters_per_step * num_steps,
diff --git a/src/commitments.rs b/src/commitments.rs
index ef13fc6..695e1eb 100644
--- a/src/commitments.rs
+++ b/src/commitments.rs
@@ -134,6 +134,12 @@ impl<G: Group> Commitment<G> {
   }
 }
 
+impl<G: Group> Default for Commitment<G> {
+  fn default() -> Self {
+    Commitment { comm: G::zero() }
+  }
+}
+
 impl<C: CompressedGroup> CompressedCommitment<C> {
   pub fn decompress(&self) -> Result<Commitment<C::GroupElement>, NovaError> {
     let comm = self.comm.decompress();
diff --git a/src/lib.rs b/src/lib.rs
index cbd5dea..aead67a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -135,6 +135,14 @@ where
       self.r1cs_shape_secondary.num_cons,
     )
   }
+
+  /// Returns the number of variables in the primary and secondary circuits
+  pub fn num_variables(&self) -> (usize, usize) {
+    (
+      self.r1cs_shape_primary.num_vars,
+      self.r1cs_shape_secondary.num_vars,
+    )
+  }
 }
 
 /// A SNARK that proves the correct execution of an incremental computation
diff --git a/src/pasta.rs b/src/pasta.rs
index 89a0481..62289f1 100644
--- a/src/pasta.rs
+++ b/src/pasta.rs
@@ -11,7 +11,7 @@ use num_traits::Num;
 use pasta_curves::{
   self,
   arithmetic::{CurveAffine, CurveExt, Group as OtherGroup},
-  group::{Curve, GroupEncoding},
+  group::{Curve, Group as AnotherGroup, GroupEncoding},
   pallas, vesta, Ep, Eq,
 };
 use rand::SeedableRng;
@@ -96,6 +96,14 @@ impl Group for pallas::Point {
     )
     .unwrap()
   }
+
+  fn zero() -> Self {
+    pallas::Point::group_zero()
+  }
+
+  fn get_generator() -> Self {
+    pallas::Point::generator()
+  }
 }
 
 impl ChallengeTrait for pallas::Scalar {
@@ -194,6 +202,14 @@ impl Group for vesta::Point {
     )
     .unwrap()
   }
+
+  fn zero() -> Self {
+    vesta::Point::group_zero()
+  }
+
+  fn get_generator() -> Self {
+    vesta::Point::generator()
+  }
 }
 
 impl ChallengeTrait for vesta::Scalar {
diff --git a/src/r1cs.rs b/src/r1cs.rs
index a099ab5..8a82ca5 100644
--- a/src/r1cs.rs
+++ b/src/r1cs.rs
@@ -577,8 +577,8 @@ impl<G: Group> RelaxedR1CSWitness<G> {
 
 impl<G: Group> RelaxedR1CSInstance<G> {
   /// Produces a default RelaxedR1CSInstance given R1CSGens and R1CSShape
-  pub fn default(gens: &R1CSGens<G>, S: &R1CSShape<G>) -> RelaxedR1CSInstance<G> {
-    let (comm_W, comm_E) = RelaxedR1CSWitness::default(S).commit(gens);
+  pub fn default(_gens: &R1CSGens<G>, S: &R1CSShape<G>) -> RelaxedR1CSInstance<G> {
+    let (comm_W, comm_E) = (Commitment::default(), Commitment::default());
     RelaxedR1CSInstance {
       comm_W,
       comm_E,
diff --git a/src/traits/mod.rs b/src/traits/mod.rs
index 3866bff..ddcd97b 100644
--- a/src/traits/mod.rs
+++ b/src/traits/mod.rs
@@ -64,6 +64,12 @@ pub trait Group:
 
   /// Returns the order of the group as a big integer
   fn get_order() -> BigInt;
+
+  /// Returns an element that is the additive identity of the group
+  fn zero() -> Self;
+
+  /// Returns the generator of the group
+  fn get_generator() -> Self;
 }
 
 /// Represents a compressed version of a group element