PrimeField --> ff::PrimeField (#28)

* PrimeField --> ff::PrimeField

* cargo fmt

Cargo.toml

@@ -19,6 +19,7 @@ digest = "0.8.1"
 sha3 = "0.8.2"
 rayon = "1.3.0"
 rand_core = { version = "0.5", default-features = false }
+rand_chacha = "0.3"
 itertools = "0.9.0"
 subtle = "2.4"
 pasta_curves = "0.3.0"

src/bellperson/shape_cs.rs

@@ -5,7 +5,7 @@ use std::{
   collections::{BTreeMap, HashMap},
 };
 
-use crate::traits::{Group, PrimeField as PF};
+use crate::traits::Group;
 use ff::{Field, PrimeField};
 
 use bellperson::{ConstraintSystem, Index, LinearCombination, SynthesisError, Variable};
@@ -142,7 +142,7 @@ where
       s.push_str(&format!("INPUT {}\n", &input))
     }
 
-    let negone = -<G::Scalar as PF>::one();
+    let negone = -<G::Scalar>::one();
 
     let powers_of_two = (0..G::Scalar::NUM_BITS)
       .map(|i| G::Scalar::from(2u64).pow_vartime(&[u64::from(i)]))
@@ -159,7 +159,7 @@ where
         }
         is_first = false;
 
-        if coeff != <G::Scalar as PF>::one() && coeff != negone {
+        if coeff != <G::Scalar>::one() && coeff != negone {
           for (i, x) in powers_of_two.iter().enumerate() {
             if x == &coeff {
               s.push_str(&format!("2^{} . ", i));

src/bellperson/solver.rs

@@ -1,7 +1,7 @@
 //! Support for generating R1CS witness using bellperson.
 
-use crate::traits::{Group, PrimeField as PF};
-use ff::PrimeField;
+use crate::traits::Group;
+use ff::{Field, PrimeField};
 
 use bellperson::{
   multiexp::DensityTracker, ConstraintSystem, Index, LinearCombination, SynthesisError, Variable,

src/circuit.rs

@@ -21,7 +21,7 @@ use super::{
   },
   poseidon::{NovaPoseidonConstants, PoseidonROGadget},
   r1cs::RelaxedR1CSInstance,
-  traits::{Group, PrimeField, StepCircuit},
+  traits::{Group, StepCircuit},
 };
 use bellperson::{
   gadgets::{boolean::Boolean, num::AllocatedNum, Assignment},
@@ -31,7 +31,7 @@ use bellperson_nonnative::{
   mp::bignat::BigNat,
   util::{convert::f_to_nat, num::Num},
 };
-use ff::PrimeFieldBits;
+use ff::{Field, PrimeField, PrimeFieldBits};
 
 #[derive(Debug, Clone)]
 pub struct NIFSVerifierCircuitParams {
@@ -137,7 +137,7 @@ where
 impl<G, SC> Circuit<<G as Group>::Base> for NIFSVerifierCircuit<G, SC>
 where
   G: Group,
-  <G as Group>::Base: ff::PrimeField + PrimeField + PrimeFieldBits,
+  <G as Group>::Base: PrimeField + PrimeFieldBits,
   <G as Group>::Scalar: PrimeFieldBits,
   SC: StepCircuit<G::Base>,
 {
@@ -421,7 +421,7 @@ where
     // Allocate the order of the non-native field as a constant
     let m_bn = alloc_bignat_constant(
       cs.namespace(|| "alloc m"),
-      &G::Scalar::get_order(),
+      &G::get_order(),
       self.params.limb_width,
       self.params.n_limbs,
     )?;
@@ -781,11 +781,11 @@ mod tests {
     let inputs: NIFSVerifierCircuitInputs<G2> = NIFSVerifierCircuitInputs::new(
       default_hash,
       RelaxedR1CSInstance::default(&gens2, &shape2),
-      <<G2 as Group>::Base as PrimeField>::zero(), // TODO: provide real inputs
-      <<G2 as Group>::Base as PrimeField>::zero(), // TODO: provide real inputs
-      <<G2 as Group>::Base as PrimeField>::zero(), // TODO: provide real inputs
-      <<G2 as Group>::Scalar as PrimeField>::zero(), // TODO: provide real inputs
-      <<G2 as Group>::Base as PrimeField>::zero(), // TODO: provide real inputs
+      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
+      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
+      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
+      <<G2 as Group>::Scalar as Field>::zero(), // TODO: provide real inputs
+      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
       T,                                      // TODO: provide real inputs
       w,
     );

src/lib.rs

@@ -139,7 +139,7 @@ impl<G: Group> FinalSNARK<G> {
 #[cfg(test)]
 mod tests {
   use super::*;
-  use crate::traits::PrimeField;
+  use ff::Field;
   use rand::rngs::OsRng;
 
   type S = pasta_curves::pallas::Scalar;

src/pasta.rs

@@ -1,13 +1,15 @@
 //! This module implements the Nova traits for pallas::Point, pallas::Scalar, vesta::Point, vesta::Scalar.
-use crate::traits::{ChallengeTrait, CompressedGroup, Group, PrimeField};
+use crate::traits::{ChallengeTrait, CompressedGroup, Group};
+use ff::Field;
 use merlin::Transcript;
 use pasta_curves::{
   self,
-  arithmetic::{CurveAffine, CurveExt, FieldExt, Group as Grp},
+  arithmetic::{CurveAffine, CurveExt, Group as Grp},
   group::{Curve, GroupEncoding},
-  pallas, vesta, Ep, Eq, Fp, Fq,
+  pallas, vesta, Ep, Eq,
 };
-use rand::{CryptoRng, RngCore};
+use rand::SeedableRng;
+use rand_chacha::ChaCha20Rng;
 use rug::Integer;
 use std::{borrow::Borrow, ops::Mul};
 
@@ -74,28 +76,6 @@ impl Group for pallas::Point {
       (Self::Base::zero(), Self::Base::zero(), true)
     }
   }
-}
-
-impl PrimeField for pallas::Scalar {
-  fn zero() -> Self {
-    Fq::zero()
-  }
-  fn one() -> Self {
-    Fq::one()
-  }
-  fn from_bytes_mod_order_wide(bytes: &[u8]) -> Option<Self> {
-    if bytes.len() != 64 {
-      None
-    } else {
-      let mut arr = [0; 64];
-      arr.copy_from_slice(&bytes[0..64]);
-      Some(Fq::from_bytes_wide(&arr))
-    }
-  }
-
-  fn random(rng: &mut (impl RngCore + CryptoRng)) -> Self {
-    <Fq as ff::Field>::random(rng)
-  }
 
   fn get_order() -> Integer {
     Integer::from_str_radix(
@@ -108,9 +88,10 @@ impl PrimeField for pallas::Scalar {
 
 impl ChallengeTrait for pallas::Scalar {
   fn challenge(label: &'static [u8], transcript: &mut Transcript) -> Self {
-    let mut buf = [0u8; 64];
-    transcript.challenge_bytes(label, &mut buf);
-    pallas::Scalar::from_bytes_mod_order_wide(&buf).unwrap()
+    let mut key: <ChaCha20Rng as SeedableRng>::Seed = Default::default();
+    transcript.challenge_bytes(label, &mut key);
+    let mut rng = ChaCha20Rng::from_seed(key);
+    pallas::Scalar::random(&mut rng)
   }
 }
 
@@ -188,28 +169,6 @@ impl Group for vesta::Point {
       (Self::Base::zero(), Self::Base::zero(), true)
     }
   }
-}
-
-impl PrimeField for vesta::Scalar {
-  fn zero() -> Self {
-    Fp::zero()
-  }
-  fn one() -> Self {
-    Fp::one()
-  }
-  fn from_bytes_mod_order_wide(bytes: &[u8]) -> Option<Self> {
-    if bytes.len() != 64 {
-      None
-    } else {
-      let mut arr = [0; 64];
-      arr.copy_from_slice(&bytes[0..64]);
-      Some(Fp::from_bytes_wide(&arr))
-    }
-  }
-
-  fn random(rng: &mut (impl RngCore + CryptoRng)) -> Self {
-    <Fp as ff::Field>::random(rng)
-  }
 
   fn get_order() -> Integer {
     Integer::from_str_radix(
@@ -222,9 +181,10 @@ impl PrimeField for vesta::Scalar {
 
 impl ChallengeTrait for vesta::Scalar {
   fn challenge(label: &'static [u8], transcript: &mut Transcript) -> Self {
-    let mut buf = [0u8; 64];
-    transcript.challenge_bytes(label, &mut buf);
-    vesta::Scalar::from_bytes_mod_order_wide(&buf).unwrap()
+    let mut key: <ChaCha20Rng as SeedableRng>::Seed = Default::default();
+    transcript.challenge_bytes(label, &mut key);
+    let mut rng = ChaCha20Rng::from_seed(key);
+    vesta::Scalar::random(&mut rng)
   }
 }
 

src/poseidon.rs

@@ -189,9 +189,8 @@ mod tests {
   use super::*;
   type S = pasta_curves::pallas::Scalar;
   type G = pasta_curves::pallas::Point;
-  use crate::{
-    bellperson::solver::SatisfyingAssignment, gadgets::utils::le_bits_to_num, traits::PrimeField,
-  };
+  use crate::{bellperson::solver::SatisfyingAssignment, gadgets::utils::le_bits_to_num};
+  use ff::Field;
   use rand::rngs::OsRng;
 
   #[test]

src/r1cs.rs

@@ -3,8 +3,9 @@
 use super::{
   commitments::{CommitGens, CommitTrait, Commitment, CompressedCommitment},
   errors::NovaError,
-  traits::{Group, PrimeField},
+  traits::Group,
 };
+use ff::Field;
 use itertools::concat;
 use rayon::prelude::*;
 

src/traits.rs

@@ -3,52 +3,12 @@ use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::{
   borrow::Borrow,
   fmt::Debug,
-  ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign},
+  ops::{Add, AddAssign, Mul, MulAssign, Sub, SubAssign},
 };
+use ff::PrimeField;
 use merlin::Transcript;
-use rand::{CryptoRng, RngCore};
 use rug::Integer;
 
-/// Represents an element of a prime field
-pub trait PrimeField:
-  Sized
-  + Eq
-  + Copy
-  + Clone
-  + Default
-  + Send
-  + Sync
-  + Debug
-  + Add<Output = Self>
-  + Sub<Output = Self>
-  + Mul<Output = Self>
-  + Neg<Output = Self>
-  + for<'a> Add<&'a Self, Output = Self>
-  + for<'a> Mul<&'a Self, Output = Self>
-  + for<'a> Sub<&'a Self, Output = Self>
-  + AddAssign
-  + MulAssign
-  + SubAssign
-  + for<'a> AddAssign<&'a Self>
-  + for<'a> MulAssign<&'a Self>
-  + for<'a> SubAssign<&'a Self>
-{
-  /// returns the additive identity of the field
-  fn zero() -> Self;
-
-  /// returns the multiplicative identity of the field
-  fn one() -> Self;
-
-  /// converts the supplied bytes into an element of the field
-  fn from_bytes_mod_order_wide(bytes: &[u8]) -> Option<Self>;
-
-  /// returns an uniformly random element from the finite field
-  fn random(rng: &mut (impl RngCore + CryptoRng)) -> Self;
-
-  /// Get prime field order as a rug::Integer
-  fn get_order() -> Integer;
-}
-
 /// Represents an element of a group
 pub trait Group:
   Clone
@@ -88,6 +48,9 @@ pub trait Group:
 
   /// Returns the affine coordinates (x, y, infinty) for the point
   fn to_coordinates(&self) -> (Self::Base, Self::Base, bool);
+
+  /// Returns the order of the group as a big integer
+  fn get_order() -> Integer;
 }
 
 /// Represents a compressed version of a group element
@@ -134,7 +97,7 @@ pub trait ScalarMulOwned<Rhs, Output = Self>: for<'r> ScalarMul<&'r Rhs, Output>
 impl<T, Rhs, Output> ScalarMulOwned<Rhs, Output> for T where T: for<'r> ScalarMul<&'r Rhs, Output> {}
 
 /// A helper trait for a step of the incremental computation (i.e., circuit for F)
-pub trait StepCircuit<F: PrimeField + ff::PrimeField> {
+pub trait StepCircuit<F: PrimeField> {
   /// Sythesize the circuit for a computation step and return variable
   /// that corresponds to the output of the step z_{i+1}
   fn synthesize<CS: ConstraintSystem<F>>(