add hash(params, U, z0, zi, i) when generating a challenge (#51)

* add hash(params, U, z0, zi, i) when generating a challenge

* address clippy

src/circuit.rs

@@ -201,7 +201,7 @@ where
     u: AllocatedR1CSInstance<G>,
     T: AllocatedPoint<G::Base>,
   ) -> Result<(AllocatedRelaxedR1CSInstance<G>, AllocatedBit), SynthesisError> {
-    // Check that u.x[0] = Hash(params, U,i,z0,zi)
+    // Check that u.x[0] = Hash(params, U, i, z0, zi)
     let mut ro: PoseidonROGadget<G::Base> = PoseidonROGadget::new(self.poseidon_constants.clone());
     ro.absorb(params);
     ro.absorb(i);
@@ -220,6 +220,7 @@ where
     // Run NIFS Verifier
     let U_fold = U.fold_with_r1cs(
       cs.namespace(|| "compute fold of U and u"),
+      hash, // hash of the (params, U, i, z0, zi)
       u,
       T,
       self.poseidon_constants.clone(),

src/gadgets/r1cs.rs

@@ -212,9 +212,11 @@ where
   }
 
   /// Folds self with a relaxed r1cs instance and returns the result
+  #[allow(clippy::too_many_arguments)]
   pub fn fold_with_r1cs<CS: ConstraintSystem<<G as Group>::Base>>(
     &self,
     mut cs: CS,
+    hash: AllocatedNum<G::Base>, // hash of (params, running_instance, i, z0, zi)
     u: AllocatedR1CSInstance<G>,
     T: AllocatedPoint<G::Base>,
     poseidon_constants: NovaPoseidonConstants<G::Base>,
@@ -223,6 +225,7 @@ where
   ) -> Result<AllocatedRelaxedR1CSInstance<G>, SynthesisError> {
     // Compute r:
     let mut ro: PoseidonROGadget<G::Base> = PoseidonROGadget::new(poseidon_constants);
+    ro.absorb(hash);
     u.absorb_in_ro(&mut ro);
     ro.absorb(T.x.clone());
     ro.absorb(T.y.clone());

src/poseidon.rs

@@ -12,7 +12,7 @@ use bellperson::{
 };
 use core::marker::PhantomData;
 use ff::{PrimeField, PrimeFieldBits};
-use generic_array::typenum::{U27, U8};
+use generic_array::typenum::{U27, U9};
 use neptune::{
   circuit::poseidon_hash,
   poseidon::{Poseidon, PoseidonConstants},
@@ -25,7 +25,7 @@ pub struct NovaPoseidonConstants<Scalar>
 where
   Scalar: PrimeField,
 {
-  constants8: PoseidonConstants<Scalar, U8>,
+  constants9: PoseidonConstants<Scalar, U9>,
   constants27: PoseidonConstants<Scalar, U27>,
 }
 
@@ -36,10 +36,10 @@ where
   /// Generate Poseidon constants for the arities that Nova uses
   #[allow(clippy::new_without_default)]
   fn new() -> Self {
-    let constants8 = PoseidonConstants::<Scalar, U8>::new_with_strength(Strength::Strengthened);
+    let constants9 = PoseidonConstants::<Scalar, U9>::new_with_strength(Strength::Strengthened);
     let constants27 = PoseidonConstants::<Scalar, U27>::new_with_strength(Strength::Strengthened);
     Self {
-      constants8,
+      constants9,
       constants27,
     }
   }
@@ -65,7 +65,7 @@ where
 {
   fn hash_inner(&self) -> Base {
     match self.state.len() {
-      8 => Poseidon::<Base, U8>::new_with_preimage(&self.state, &self.constants.constants8).hash(),
+      9 => Poseidon::<Base, U9>::new_with_preimage(&self.state, &self.constants.constants9).hash(),
       27 => {
         Poseidon::<Base, U27>::new_with_preimage(&self.state, &self.constants.constants27).hash()
       }
@@ -169,10 +169,10 @@ where
     CS: ConstraintSystem<Scalar>,
   {
     let out = match self.state.len() {
-      8 => poseidon_hash(
+      9 => poseidon_hash(
         cs.namespace(|| "Posideon hash"),
         self.state.clone(),
-        &self.constants.constants8,
+        &self.constants.constants9,
       )?,
       27 => poseidon_hash(
         cs.namespace(|| "Poseidon hash"),