arnaucube/Nova
1
0
Fork 0
mirror of https://github.com/arnaucube/Nova.git synced 2026-01-11 08:31:29 +01:00
Code Issues Projects Releases Wiki Activity

chore: update to ff/group 0.13 (#166)

Browse Source 
* chore: update to ff/group 0.13 and associated dependencies

Updates:
- zkcrypto/ff, zkcrypto/group to 0.13,
- bellperson to 0.25,
- pasta_curves to 0.5.1, and removes the fil_pasta_curves fork
- pasta-msm should no longer need a fork (WIP)

Adapts source in function, mostly for const usage and API updates.

* expose the portable feature of pasta-MSM

* update pointer to pasta-msm

* Clippy

---------

Co-authored-by: François Garillot <francois@garillot.net>
This commit is contained in:
Samuel Burnham
2023-05-10 15:15:17 -04:00
committed by GitHub
parent b76d7aa7ea
commit cddd707fad
22 changed files with 275 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Cargo.toml
View File

@@ -11,8 +11,8 @@ license-file = "LICENSE"
keywords = ["zkSNARKs", "cryptography", "proofs"]
[dependencies]
bellperson = { version = "0.24", default-features = false }
ff = { version = "0.12.0", features = ["derive"] }
bellperson = { version = "0.25", default-features = false }
ff = { version = "0.13.0", features = ["derive"] }
digest = "0.8.1"
sha3 = "0.8.2"
rayon = "1.3.0"
@@ -20,8 +20,8 @@ rand_core = { version = "0.6.0", default-features = false }
rand_chacha = "0.3"
itertools = "0.9.0"
subtle = "2.4"
pasta_curves = { version = "0.5.2", features = ["repr-c", "serde"], package = "fil_pasta_curves" }
neptune = { version = "8.1.0", default-features = false }
pasta_curves = { version = "0.5", features = ["repr-c", "serde"] }
neptune = { version = "9.0.0", default-features = false }
generic-array = "0.14.4"
num-bigint = { version = "0.4", features = ["serde", "rand"] }
num-traits = "0.2"
@@ -34,7 +34,7 @@ byteorder = "1.4.3"
thiserror = "1.0"
[target.'cfg(any(target_arch = "x86_64", target_arch = "aarch64"))'.dependencies]
pasta-msm = { version = "0.1.0", package = "lurk-pasta-msm" }
pasta-msm = { version = "0.1.4" }
[dev-dependencies]
criterion = "0.3.1"
@@ -51,5 +51,7 @@ harness = false
[features]
default = []
# Compiles in portable mode, w/o ISA extensions => binary can be executed on all systems.
portable = ["pasta-msm/portable"]
cuda = ["neptune/cuda", "neptune/pasta", "neptune/arity24"]
opencl = ["neptune/opencl", "neptune/pasta", "neptune/arity24"]

6
examples/signature.rs
View File

@@ -73,7 +73,7 @@ where
}
fn mul_bits<B: AsRef<[u64]>>(s: &G::Scalar, bits: BitIterator<B>) -> G::Scalar {
let mut x = G::Scalar::zero();
let mut x = G::Scalar::ZERO;
for bit in bits {
x = x.double();
@@ -88,14 +88,14 @@ where
assert_eq!(digest.len(), 64);
let mut bits: [u64; 8] = [0; 8];
LittleEndian::read_u64_into(digest, &mut bits);
Self::mul_bits(&G::Scalar::one(), BitIterator::new(bits))
Self::mul_bits(&G::Scalar::ONE, BitIterator::new(bits))
}
pub fn to_uniform_32(digest: &[u8]) -> G::Scalar {
assert_eq!(digest.len(), 32);
let mut bits: [u64; 4] = [0; 4];
LittleEndian::read_u64_into(digest, &mut bits);
Self::mul_bits(&G::Scalar::one(), BitIterator::new(bits))
Self::mul_bits(&G::Scalar::ONE, BitIterator::new(bits))
}
pub fn hash_to_scalar(persona: &[u8], a: &[u8], b: &[u8]) -> G::Scalar {

4
src/bellperson/mod.rs
View File

@@ -20,7 +20,7 @@ mod tests {
cs: &mut CS,
) -> Result<(), SynthesisError> {
// get two bits as input and check that they are indeed bits
let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::one()))?;
let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::ONE))?;
let _ = a.inputize(cs.namespace(|| "a is input"));
cs.enforce(
|| "check a is 0 or 1",
@@ -28,7 +28,7 @@ mod tests {
|lc| lc + a.get_variable(),
|lc| lc,
);
let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::one()))?;
let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::ONE))?;
let _ = b.inputize(cs.namespace(|| "b is input"));
cs.enforce(
|| "check b is 0 or 1",

2
src/bellperson/r1cs.rs
View File

@@ -102,7 +102,7 @@ fn add_constraint<S: PrimeField>(
) {
let (A, B, C, nn) = X;
let n = **nn;
let one = S::one();
let one = S::ONE;
let add_constraint_component = |index: Index, coeff, V: &mut Vec<_>| {
match index {

6
src/bellperson/shape_cs.rs
View File

@@ -73,7 +73,7 @@ fn proc_lc<Scalar: PrimeField>(
for (var, &coeff) in terms.iter() {
map
.entry(OrderedVariable(var))
.or_insert_with(Scalar::zero)
.or_insert_with(|| Scalar::ZERO)
.add_assign(&coeff);
}
@@ -144,7 +144,7 @@ where
writeln!(s, "INPUT {}", &input).unwrap()
}
let negone = -<G::Scalar>::one();
let negone = -<G::Scalar>::ONE;
let powers_of_two = (0..G::Scalar::NUM_BITS)
.map(|i| G::Scalar::from(2u64).pow_vartime([u64::from(i)]))
@@ -161,7 +161,7 @@ where
}
is_first = false;
if coeff != <G::Scalar>::one() && coeff != negone {
if coeff != <G::Scalar>::ONE && coeff != negone {
for (i, x) in powers_of_two.iter().enumerate() {
if x == &coeff {
write!(s, "2^{i} . ").unwrap();

2
src/bellperson/solver.rs
View File

@@ -91,7 +91,7 @@ where
type Root = Self;
fn new() -> Self {
let input_assignment = vec![G::Scalar::one()];
let input_assignment = vec![G::Scalar::ONE];
let mut d = DensityTracker::new();
d.add_element();

8
src/circuit.rs
View File

@@ -146,7 +146,7 @@ impl<G: Group, SC: StepCircuit<G::Base>> NovaAugmentedCircuit<G, SC> {
.collect::<Result<Vec<AllocatedNum<G::Base>>, _>>()?;
// Allocate zi. If inputs.zi is not provided (base case) allocate default value 0
let zero = vec![G::Base::zero(); arity];
let zero = vec![G::Base::ZERO; arity];
let z_i = (0..arity)
.map(|i| {
AllocatedNum::alloc(cs.namespace(|| format!("zi_{i}")), || {
@@ -318,7 +318,7 @@ impl<G: Group, SC: StepCircuit<G::Base>> Circuit<<G as Group>::Base>
// Compute i + 1
let i_new = AllocatedNum::alloc(cs.namespace(|| "i + 1"), || {
Ok(*i.get_value().get()? + G::Base::one())
Ok(*i.get_value().get()? + G::Base::ONE)
})?;
cs.enforce(
|| "check i + 1",
@@ -417,7 +417,7 @@ mod tests {
assert_eq!(cs.num_constraints(), 10347);
// Execute the base case for the primary
let zero1 = <<G2 as Group>::Base as Field>::zero();
let zero1 = <<G2 as Group>::Base as Field>::ZERO;
let mut cs1: SatisfyingAssignment<G1> = SatisfyingAssignment::new();
let inputs1: NovaAugmentedCircuitInputs<G2> = NovaAugmentedCircuitInputs::new(
shape2.get_digest(),
@@ -441,7 +441,7 @@ mod tests {
assert!(shape1.is_sat(&ck1, &inst1, &witness1).is_ok());
// Execute the base case for the secondary
let zero2 = <<G1 as Group>::Base as Field>::zero();
let zero2 = <<G1 as Group>::Base as Field>::ZERO;
let mut cs2: SatisfyingAssignment<G2> = SatisfyingAssignment::new();
let inputs2: NovaAugmentedCircuitInputs<G1> = NovaAugmentedCircuitInputs::new(
shape1.get_digest(),

60
src/gadgets/ecc.rs
View File

@@ -43,16 +43,16 @@ where
CS: ConstraintSystem<G::Base>,
{
let x = AllocatedNum::alloc(cs.namespace(|| "x"), || {
Ok(coords.map_or(G::Base::zero(), |c| c.0))
Ok(coords.map_or(G::Base::ZERO, |c| c.0))
})?;
let y = AllocatedNum::alloc(cs.namespace(|| "y"), || {
Ok(coords.map_or(G::Base::zero(), |c| c.1))
Ok(coords.map_or(G::Base::ZERO, |c| c.1))
})?;
let is_infinity = AllocatedNum::alloc(cs.namespace(|| "is_infinity"), || {
Ok(if coords.map_or(true, |c| c.2) {
G::Base::one()
G::Base::ONE
} else {
G::Base::zero()
G::Base::ZERO
})
})?;
cs.enforce(
@@ -177,9 +177,9 @@ where
// NOT(NOT(self.is_ifninity) AND NOT(other.is_infinity))
let at_least_one_inf = AllocatedNum::alloc(cs.namespace(|| "at least one inf"), || {
Ok(
G::Base::one()
- (G::Base::one() - *self.is_infinity.get_value().get()?)
* (G::Base::one() - *other.is_infinity.get_value().get()?),
G::Base::ONE
- (G::Base::ONE - *self.is_infinity.get_value().get()?)
* (G::Base::ONE - *other.is_infinity.get_value().get()?),
)
})?;
cs.enforce(
@@ -193,7 +193,7 @@ where
let x_diff_is_actual =
AllocatedNum::alloc(cs.namespace(|| "allocate x_diff_is_actual"), || {
Ok(if *equal_x.get_value().get()? {
G::Base::one()
G::Base::ONE
} else {
*at_least_one_inf.get_value().get()?
})
@@ -215,9 +215,9 @@ where
)?;
let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || {
let x_diff_inv = if *x_diff_is_actual.get_value().get()? == G::Base::one() {
let x_diff_inv = if *x_diff_is_actual.get_value().get()? == G::Base::ONE {
// Set to default
G::Base::one()
G::Base::ONE
} else {
// Set to the actual inverse
(*other.x.get_value().get()? - *self.x.get_value().get()?)
@@ -328,7 +328,7 @@ where
// * (G::Base::from(2)) * self.y).invert().unwrap();
/*************************************************************/
// Compute tmp = (G::Base::one() + G::Base::one())* self.y ? self != inf : 1
// Compute tmp = (G::Base::ONE + G::Base::ONE)* self.y ? self != inf : 1
let tmp_actual = AllocatedNum::alloc(cs.namespace(|| "tmp_actual"), || {
Ok(*self.y.get_value().get()? + *self.y.get_value().get()?)
})?;
@@ -354,9 +354,9 @@ where
);
let lambda = AllocatedNum::alloc(cs.namespace(|| "alloc lambda"), || {
let tmp_inv = if *self.is_infinity.get_value().get()? == G::Base::one() {
let tmp_inv = if *self.is_infinity.get_value().get()? == G::Base::ONE {
// Return default value 1
G::Base::one()
G::Base::ONE
} else {
// Return the actual inverse
(*tmp.get_value().get()?).invert().unwrap()
@@ -622,7 +622,7 @@ where
// allocate a free variable that an honest prover sets to lambda = (y2-y1)/(x2-x1)
let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || {
if *other.x.get_value().get()? == *self.x.get_value().get()? {
Ok(G::Base::one())
Ok(G::Base::ONE)
} else {
Ok(
(*other.y.get_value().get()? - *self.y.get_value().get()?)
@@ -688,8 +688,8 @@ where
let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || {
let n = G::Base::from(3) * x_sq.get_value().get()? + G::get_curve_params().0;
let d = G::Base::from(2) * *self.y.get_value().get()?;
if d == G::Base::zero() {
Ok(G::Base::one())
if d == G::Base::ZERO {
Ok(G::Base::ONE)
} else {
Ok(n * d.invert().unwrap())
}
@@ -803,8 +803,8 @@ mod tests {
} else {
// if self.x == other.x and self.y != other.y then return infinity
Self {
x: G::Base::zero(),
y: G::Base::zero(),
x: G::Base::ZERO,
y: G::Base::ZERO,
is_infinity: true,
}
}
@@ -836,8 +836,8 @@ mod tests {
pub fn double(&self) -> Self {
if self.is_infinity {
return Self {
x: G::Base::zero(),
y: G::Base::zero(),
x: G::Base::ZERO,
y: G::Base::ZERO,
is_infinity: true,
};
}
@@ -845,9 +845,7 @@ mod tests {
let lambda = G::Base::from(3)
* self.x
* self.x
* ((G::Base::one() + G::Base::one()) * self.y)
.invert()
.unwrap();
* ((G::Base::ONE + G::Base::ONE) * self.y).invert().unwrap();
let x = lambda * lambda - self.x - self.x;
let y = lambda * (self.x - x) - self.y;
Self {
@@ -859,8 +857,8 @@ mod tests {
pub fn scalar_mul(&self, scalar: &G::Scalar) -> Self {
let mut res = Self {
x: G::Base::zero(),
y: G::Base::zero(),
x: G::Base::ZERO,
y: G::Base::ZERO,
is_infinity: true,
};
@@ -985,12 +983,12 @@ mod tests {
let a_p: Point<G1> = Point::new(
a.x.get_value().unwrap(),
a.y.get_value().unwrap(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_p: Point<G1> = Point::new(
e.x.get_value().unwrap(),
e.y.get_value().unwrap(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_new = a_p.scalar_mul(&s);
assert!(e_p.x == e_new.x && e_p.y == e_new.y);
@@ -1025,12 +1023,12 @@ mod tests {
let a_p: Point<G1> = Point::new(
a.x.get_value().unwrap(),
a.y.get_value().unwrap(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_p: Point<G1> = Point::new(
e.x.get_value().unwrap(),
e.y.get_value().unwrap(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_new = a_p.add(&a_p);
assert!(e_p.x == e_new.x && e_p.y == e_new.y);
@@ -1047,7 +1045,7 @@ mod tests {
inputize_allocted_point(&a, cs.namespace(|| "inputize a")).unwrap();
let mut b = a.clone();
b.y = AllocatedNum::alloc(cs.namespace(|| "allocate negation of a"), || {
Ok(G::Base::zero())
Ok(G::Base::ZERO)
})
.unwrap();
inputize_allocted_point(&b, cs.namespace(|| "inputize b")).unwrap();
@@ -1070,7 +1068,7 @@ mod tests {
let e_p: Point<G1> = Point::new(
e.x.get_value().unwrap(),
e.y.get_value().unwrap(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
assert!(e_p.is_infinity);
// Make sure that it is satisfiable

37
src/gadgets/nonnative/bignat.rs
View File

@@ -249,7 +249,7 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
Ok(bignat)
}
pub fn as_limbs<CS: ConstraintSystem<Scalar>>(&self) -> Vec<Num<Scalar>> {
pub fn as_limbs(&self) -> Vec<Num<Scalar>> {
let mut limbs = Vec::new();
for (i, lc) in self.limbs.iter().enumerate() {
limbs.push(Num::new(
@@ -364,7 +364,7 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
let carry_bits = (((max_word.to_f64().unwrap() * 2.0).log2() - self.params.limb_width as f64)
.ceil()
+ 0.1) as usize;
let mut carry_in = Num::new(Some(Scalar::zero()), LinearCombination::zero());
let mut carry_in = Num::new(Some(Scalar::ZERO), LinearCombination::zero());
for i in 0..n {
let carry = Num::alloc(cs.namespace(|| format!("carry value {i}")), || {
@@ -449,10 +449,7 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
self_grouped.equal_when_carried(cs.namespace(|| "grouped"), &other_grouped)
}
pub fn add<CS: ConstraintSystem<Scalar>>(
&self,
other: &Self,
) -> Result<BigNat<Scalar>, SynthesisError> {
pub fn add(&self, other: &Self) -> Result<BigNat<Scalar>, SynthesisError> {
self.enforce_limb_width_agreement(other, "add")?;
let n_limbs = max(self.params.n_limbs, other.params.n_limbs);
let max_word = &self.params.max_word + &other.params.max_word;
@@ -617,15 +614,15 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
pub fn group_limbs(&self, limbs_per_group: usize) -> BigNat<Scalar> {
let n_groups = (self.limbs.len() - 1) / limbs_per_group + 1;
let limb_values = self.limb_values.as_ref().map(|vs| {
let mut values: Vec<Scalar> = vec![Scalar::zero(); n_groups];
let mut shift = Scalar::one();
let limb_block = (0..self.params.limb_width).fold(Scalar::one(), |mut l, _| {
let mut values: Vec<Scalar> = vec![Scalar::ZERO; n_groups];
let mut shift = Scalar::ONE;
let limb_block = (0..self.params.limb_width).fold(Scalar::ONE, |mut l, _| {
l = l.double();
l
});
for (i, v) in vs.iter().enumerate() {
if i % limbs_per_group == 0 {
shift = Scalar::one();
shift = Scalar::ONE;
}
let mut a = shift;
a *= v;
@@ -636,14 +633,14 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
});
let limbs = {
let mut limbs: Vec<LinearCombination<Scalar>> = vec![LinearCombination::zero(); n_groups];
let mut shift = Scalar::one();
let limb_block = (0..self.params.limb_width).fold(Scalar::one(), |mut l, _| {
let mut shift = Scalar::ONE;
let limb_block = (0..self.params.limb_width).fold(Scalar::ONE, |mut l, _| {
l = l.double();
l
});
for (i, limb) in self.limbs.iter().enumerate() {
if i % limbs_per_group == 0 {
shift = Scalar::one();
shift = Scalar::ONE;
}
limbs[i / limbs_per_group] =
std::mem::replace(&mut limbs[i / limbs_per_group], LinearCombination::zero())
@@ -689,7 +686,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
let n_product_coeffs = self.coefficients.len() + other.coefficients.len() - 1;
let values = self.values.as_ref().and_then(|self_vs| {
other.values.as_ref().map(|other_vs| {
let mut values: Vec<Scalar> = std::iter::repeat_with(Scalar::zero)
let mut values: Vec<Scalar> = std::iter::repeat_with(|| Scalar::ZERO)
.take(n_product_coeffs)
.collect();
for (self_i, self_v) in self_vs.iter().enumerate() {
@@ -711,14 +708,14 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
coefficients,
values,
};
let one = Scalar::one();
let mut x = Scalar::zero();
let one = Scalar::ONE;
let mut x = Scalar::ZERO;
for _ in 1..(n_product_coeffs + 1) {
x.add_assign(&one);
cs.enforce(
|| format!("pointwise product @ {x:?}"),
|lc| {
let mut i = Scalar::one();
let mut i = Scalar::ONE;
self.coefficients.iter().fold(lc, |lc, c| {
let r = lc + (i, c);
i.mul_assign(&x);
@@ -726,7 +723,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
})
},
|lc| {
let mut i = Scalar::one();
let mut i = Scalar::ONE;
other.coefficients.iter().fold(lc, |lc, c| {
let r = lc + (i, c);
i.mul_assign(&x);
@@ -734,7 +731,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
})
},
|lc| {
let mut i = Scalar::one();
let mut i = Scalar::ONE;
product.coefficients.iter().fold(lc, |lc, c| {
let r = lc + (i, c);
i.mul_assign(&x);
@@ -752,7 +749,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
other.values.as_ref().map(|other_vs| {
(0..n_coeffs)
.map(|i| {
let mut s = Scalar::zero();
let mut s = Scalar::ZERO;
if i < self_vs.len() {
s.add_assign(&self_vs[i]);
}

16
src/gadgets/nonnative/util.rs
View File

@@ -40,9 +40,9 @@ impl<Scalar: PrimeField> Bit<Scalar> {
|| "boolean",
|| {
if *value.grab()? {
Ok(Scalar::one())
Ok(Scalar::ONE)
} else {
Ok(Scalar::zero())
Ok(Scalar::ZERO)
}
},
)?;
@@ -109,9 +109,9 @@ impl<Scalar: PrimeField> Num<Scalar> {
|| format!("bit {i}"),
|| {
let r = if *v.grab()?.get_bit(i).grab()? {
Scalar::one()
Scalar::ONE
} else {
Scalar::zero()
Scalar::ZERO
};
Ok(r)
},
@@ -132,7 +132,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
cs.enforce(
|| "last bit",
|mut lc| {
let mut f = Scalar::one();
let mut f = Scalar::ONE;
lc = lc + &self.num;
for v in bits.iter() {
f = f.double();
@@ -142,7 +142,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
},
|mut lc| {
lc = lc + CS::one();
let mut f = Scalar::one();
let mut f = Scalar::ONE;
lc = lc - &self.num;
for v in bits.iter() {
f = f.double();
@@ -163,7 +163,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
other: &Bitvector<Scalar>,
) -> Result<(), SynthesisError> {
let allocations = other.allocations.clone();
let mut f = Scalar::one();
let mut f = Scalar::ONE;
let sum = allocations
.iter()
.fold(LinearCombination::zero(), |lc, bit| {
@@ -196,7 +196,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
)
})
.collect::<Result<Vec<_>, _>>()?;
let mut f = Scalar::one();
let mut f = Scalar::ONE;
let sum = allocations
.iter()
.fold(LinearCombination::zero(), |lc, bit| {

16
src/gadgets/r1cs.rs
View File

@@ -106,7 +106,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
cs.namespace(|| "allocate X[0]"),
|| {
Ok(f_to_nat(
&inst.clone().map_or(G::Scalar::zero(), |inst| inst.X[0]),
&inst.clone().map_or(G::Scalar::ZERO, |inst| inst.X[0]),
))
},
limb_width,
@@ -117,7 +117,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
cs.namespace(|| "allocate X[1]"),
|| {
Ok(f_to_nat(
&inst.clone().map_or(G::Scalar::zero(), |inst| inst.X[1]),
&inst.clone().map_or(G::Scalar::ZERO, |inst| inst.X[1]),
))
},
limb_width,
@@ -141,14 +141,14 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
let X0 = BigNat::alloc_from_nat(
cs.namespace(|| "allocate x_default[0]"),
|| Ok(f_to_nat(&G::Scalar::zero())),
|| Ok(f_to_nat(&G::Scalar::ZERO)),
limb_width,
n_limbs,
)?;
let X1 = BigNat::alloc_from_nat(
cs.namespace(|| "allocate x_default[1]"),
|| Ok(f_to_nat(&G::Scalar::zero())),
|| Ok(f_to_nat(&G::Scalar::ZERO)),
limb_width,
n_limbs,
)?;
@@ -208,7 +208,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Analyze X0 as limbs
let X0_bn = self
.X0
.as_limbs::<CS>()
.as_limbs()
.iter()
.enumerate()
.map(|(i, limb)| {
@@ -224,7 +224,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Analyze X1 as limbs
let X1_bn = self
.X1
.as_limbs::<CS>()
.as_limbs()
.iter()
.enumerate()
.map(|(i, limb)| {
@@ -310,7 +310,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Fold self.X[0] + r * X[0]
let (_, r_0) = X0_bn.mult_mod(cs.namespace(|| "r*X[0]"), &r_bn, &m_bn)?;
// add X_r[0]
let r_new_0 = self.X0.add::<CS>(&r_0)?;
let r_new_0 = self.X0.add(&r_0)?;
// Now reduce
let X0_fold = r_new_0.red_mod(cs.namespace(|| "reduce folded X[0]"), &m_bn)?;
@@ -325,7 +325,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Fold self.X[1] + r * X[1]
let (_, r_1) = X1_bn.mult_mod(cs.namespace(|| "r*X[1]"), &r_bn, &m_bn)?;
// add X_r[1]
let r_new_1 = self.X1.add::<CS>(&r_1)?;
let r_new_1 = self.X1.add(&r_1)?;
// Now reduce
let X1_fold = r_new_1.red_mod(cs.namespace(|| "reduce folded X[1]"), &m_bn)?;

50
src/gadgets/utils.rs
View File

@@ -24,8 +24,8 @@ where
// We loop over the input bits and construct the constraint
// and the field element that corresponds to the result
let mut lc = LinearCombination::zero();
let mut coeff = Scalar::one();
let mut fe = Some(Scalar::zero());
let mut coeff = Scalar::ONE;
let mut fe = Some(Scalar::ZERO);
for bit in bits.iter() {
lc = lc + (coeff, bit.get_variable());
fe = bit.get_value().map(|val| {
@@ -49,7 +49,7 @@ where
pub fn alloc_zero<F: PrimeField, CS: ConstraintSystem<F>>(
mut cs: CS,
) -> Result<AllocatedNum<F>, SynthesisError> {
let zero = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::zero()))?;
let zero = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::ZERO))?;
cs.enforce(
|| "check zero is valid",
|lc| lc,
@@ -63,7 +63,7 @@ pub fn alloc_zero<F: PrimeField, CS: ConstraintSystem<F>>(
pub fn alloc_one<F: PrimeField, CS: ConstraintSystem<F>>(
mut cs: CS,
) -> Result<AllocatedNum<F>, SynthesisError> {
let one = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::one()))?;
let one = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::ONE))?;
cs.enforce(
|| "check one is valid",
|lc| lc + CS::one(),
@@ -85,9 +85,9 @@ where
CS: ConstraintSystem<<G as Group>::Base>,
{
AllocatedNum::alloc(cs.namespace(|| "allocate scalar as base"), || {
let input_bits = input.unwrap_or_else(G::Scalar::zero).clone().to_le_bits();
let mut mult = G::Base::one();
let mut val = G::Base::zero();
let input_bits = input.unwrap_or(G::Scalar::ZERO).clone().to_le_bits();
let mut mult = G::Base::ONE;
let mut val = G::Base::ZERO;
for bit in input_bits {
if bit {
val += mult;
@@ -101,8 +101,8 @@ where
/// interepret scalar as base
pub fn scalar_as_base<G: Group>(input: G::Scalar) -> G::Base {
let input_bits = input.to_le_bits();
let mut mult = G::Base::one();
let mut val = G::Base::zero();
let mut mult = G::Base::ONE;
let mut val = G::Base::ZERO;
for bit in input_bits {
if bit {
val += mult;
@@ -159,7 +159,7 @@ pub fn alloc_num_equals<F: PrimeField, CS: ConstraintSystem<F>>(
let t = AllocatedNum::alloc(cs.namespace(|| "t"), || {
Ok(if *a.get_value().get()? == *b.get_value().get()? {
F::one()
F::ONE
} else {
(*a.get_value().get()? - *b.get_value().get()?)
.invert()
@@ -204,7 +204,7 @@ pub fn conditionally_select<F: PrimeField, CS: ConstraintSystem<F>>(
cs.enforce(
|| "conditional select constraint",
|lc| lc + a.get_variable() - b.get_variable(),
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + c.get_variable() - b.get_variable(),
);
@@ -254,7 +254,7 @@ pub fn conditionally_select_bignat<F: PrimeField, CS: ConstraintSystem<F>>(
cs.enforce(
|| format!("conditional select constraint {i}"),
|lc| lc + &a.limbs[i] - &b.limbs[i],
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + &c.limbs[i] - &b.limbs[i],
);
}
@@ -270,7 +270,7 @@ pub fn conditionally_select2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
if *condition.get_value().get()? == F::ONE {
Ok(*a.get_value().get()?)
} else {
Ok(*b.get_value().get()?)
@@ -296,8 +296,8 @@ pub fn select_zero_or_num2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
Ok(F::zero())
if *condition.get_value().get()? == F::ONE {
Ok(F::ZERO)
} else {
Ok(*a.get_value().get()?)
}
@@ -321,10 +321,10 @@ pub fn select_num_or_zero2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
if *condition.get_value().get()? == F::ONE {
Ok(*a.get_value().get()?)
} else {
Ok(F::zero())
Ok(F::ZERO)
}
})?;
@@ -348,14 +348,14 @@ pub fn select_num_or_zero<F: PrimeField, CS: ConstraintSystem<F>>(
if *condition.get_value().get()? {
Ok(*a.get_value().get()?)
} else {
Ok(F::zero())
Ok(F::ZERO)
}
})?;
cs.enforce(
|| "conditional select constraint",
|lc| lc + a.get_variable(),
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + c.get_variable(),
);
@@ -369,8 +369,8 @@ pub fn select_one_or_num2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
Ok(F::one())
if *condition.get_value().get()? == F::ONE {
Ok(F::ONE)
} else {
Ok(*a.get_value().get()?)
}
@@ -393,8 +393,8 @@ pub fn select_one_or_diff2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
Ok(F::one())
if *condition.get_value().get()? == F::ONE {
Ok(F::ONE)
} else {
Ok(*a.get_value().get()? - *b.get_value().get()?)
}
@@ -419,14 +419,14 @@ pub fn select_num_or_one<F: PrimeField, CS: ConstraintSystem<F>>(
if *condition.get_value().get()? {
Ok(*a.get_value().get()?)
} else {
Ok(F::one())
Ok(F::ONE)
}
})?;
cs.enforce(
|| "conditional select constraint",
|lc| lc + a.get_variable() - CS::one(),
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + c.get_variable() - CS::one(),
);

74
src/lib.rs
View File

@@ -206,7 +206,7 @@ where
let mut cs_primary: SatisfyingAssignment<G1> = SatisfyingAssignment::new();
let inputs_primary: NovaAugmentedCircuitInputs<G2> = NovaAugmentedCircuitInputs::new(
pp.r1cs_shape_secondary.get_digest(),
G1::Scalar::zero(),
G1::Scalar::ZERO,
z0_primary.clone(),
None,
None,
@@ -229,7 +229,7 @@ where
let mut cs_secondary: SatisfyingAssignment<G2> = SatisfyingAssignment::new();
let inputs_secondary: NovaAugmentedCircuitInputs<G1> = NovaAugmentedCircuitInputs::new(
pp.r1cs_shape_primary.get_digest(),
G2::Scalar::zero(),
G2::Scalar::ZERO,
z0_secondary.clone(),
None,
None,
@@ -862,8 +862,8 @@ mod tests {
None,
TrivialTestCircuit::default(),
TrivialTestCircuit::default(),
vec![<G1 as Group>::Scalar::zero()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ZERO],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
let recursive_snark = res.unwrap();
@@ -872,8 +872,8 @@ mod tests {
let res = recursive_snark.verify(
&pp,
num_steps,
vec![<G1 as Group>::Scalar::zero()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ZERO],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
}
@@ -909,8 +909,8 @@ mod tests {
recursive_snark,
circuit_primary.clone(),
circuit_secondary.clone(),
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
let recursive_snark_unwrapped = res.unwrap();
@@ -919,8 +919,8 @@ mod tests {
let res = recursive_snark_unwrapped.verify(
&pp,
i + 1,
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
@@ -935,16 +935,16 @@ mod tests {
let res = recursive_snark.verify(
&pp,
num_steps,
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
let (zn_primary, zn_secondary) = res.unwrap();
// sanity: check the claimed output with a direct computation of the same
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::one()]);
let mut zn_secondary_direct = vec![<G2 as Group>::Scalar::zero()];
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::ONE]);
let mut zn_secondary_direct = vec![<G2 as Group>::Scalar::ZERO];
for _i in 0..num_steps {
zn_secondary_direct = CubicCircuit::default().output(&zn_secondary_direct);
}
@@ -983,8 +983,8 @@ mod tests {
recursive_snark,
circuit_primary.clone(),
circuit_secondary.clone(),
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
recursive_snark = Some(res.unwrap());
@@ -997,16 +997,16 @@ mod tests {
let res = recursive_snark.verify(
&pp,
num_steps,
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
let (zn_primary, zn_secondary) = res.unwrap();
// sanity: check the claimed output with a direct computation of the same
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::one()]);
let mut zn_secondary_direct = vec![<G2 as Group>::Scalar::zero()];
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::ONE]);
let mut zn_secondary_direct = vec![<G2 as Group>::Scalar::ZERO];
for _i in 0..num_steps {
zn_secondary_direct = CubicCircuit::default().output(&zn_secondary_direct);
}
@@ -1025,8 +1025,8 @@ mod tests {
let res = compressed_snark.verify(
&vk,
num_steps,
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
}
@@ -1062,8 +1062,8 @@ mod tests {
recursive_snark,
circuit_primary.clone(),
circuit_secondary.clone(),
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
recursive_snark = Some(res.unwrap());
@@ -1076,16 +1076,16 @@ mod tests {
let res = recursive_snark.verify(
&pp,
num_steps,
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
let (zn_primary, zn_secondary) = res.unwrap();
// sanity: check the claimed output with a direct computation of the same
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::one()]);
let mut zn_secondary_direct = vec![<G2 as Group>::Scalar::zero()];
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::ONE]);
let mut zn_secondary_direct = vec![<G2 as Group>::Scalar::ZERO];
for _i in 0..num_steps {
zn_secondary_direct = CubicCircuit::default().output(&zn_secondary_direct);
}
@@ -1108,8 +1108,8 @@ mod tests {
let res = compressed_snark.verify(
&vk,
num_steps,
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
}
@@ -1198,7 +1198,7 @@ mod tests {
}
let circuit_primary = FifthRootCheckingCircuit {
y: <G1 as Group>::Scalar::zero(),
y: <G1 as Group>::Scalar::ZERO,
};
let circuit_secondary = TrivialTestCircuit::default();
@@ -1215,7 +1215,7 @@ mod tests {
// produce non-deterministic advice
let (z0_primary, roots) = FifthRootCheckingCircuit::new(num_steps);
let z0_secondary = vec![<G2 as Group>::Scalar::zero()];
let z0_secondary = vec![<G2 as Group>::Scalar::ZERO];
// produce a recursive SNARK
let mut recursive_snark: Option<
@@ -1278,8 +1278,8 @@ mod tests {
None,
TrivialTestCircuit::default(),
CubicCircuit::default(),
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
let recursive_snark = res.unwrap();
@@ -1288,14 +1288,14 @@ mod tests {
let res = recursive_snark.verify(
&pp,
num_steps,
vec![<G1 as Group>::Scalar::one()],
vec![<G2 as Group>::Scalar::zero()],
vec![<G1 as Group>::Scalar::ONE],
vec![<G2 as Group>::Scalar::ZERO],
);
assert!(res.is_ok());
let (zn_primary, zn_secondary) = res.unwrap();
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::one()]);
assert_eq!(zn_primary, vec![<G1 as Group>::Scalar::ONE]);
assert_eq!(zn_secondary, vec![<G2 as Group>::Scalar::from(5u64)]);
}
}

16
src/provider/ipa_pc.rs
View File

@@ -118,7 +118,7 @@ where
(0..a.len())
.into_par_iter()
.map(|i| a[i] * b[i])
.reduce(T::zero, |x, y| x + y)
.reduce(|| T::ZERO, |x, y| x + y)
}
/// An inner product instance consists of a commitment to a vector `a` and another vector `b`
@@ -323,8 +323,8 @@ where
let P = U.comm_a_vec + CE::<G>::commit(&ck_c, &[U.c]);
let batch_invert = |v: &[G::Scalar]| -> Result<Vec<G::Scalar>, NovaError> {
let mut products = vec![G::Scalar::zero(); v.len()];
let mut acc = G::Scalar::one();
let mut products = vec![G::Scalar::ZERO; v.len()];
let mut acc = G::Scalar::ONE;
for i in 0..v.len() {
products[i] = acc;
@@ -332,14 +332,14 @@ where
}
// we can compute an inversion only if acc is non-zero
if acc == G::Scalar::zero() {
if acc == G::Scalar::ZERO {
return Err(NovaError::InvalidInputLength);
}
// compute the inverse once for all entries
acc = acc.invert().unwrap();
let mut inv = vec![G::Scalar::zero(); v.len()];
let mut inv = vec![G::Scalar::ZERO; v.len()];
for i in 0..v.len() {
let tmp = acc * v[v.len() - 1 - i];
inv[v.len() - 1 - i] = products[v.len() - 1 - i] * acc;
@@ -371,9 +371,9 @@ where
// compute the vector with the tensor structure
let s = {
let mut s = vec![G::Scalar::zero(); n];
let mut s = vec![G::Scalar::ZERO; n];
s[0] = {
let mut v = G::Scalar::one();
let mut v = G::Scalar::ONE;
for r_inverse_i in &r_inverse {
v *= r_inverse_i;
}
@@ -406,7 +406,7 @@ where
&r_square
.iter()
.chain(r_inverse_square.iter())
.chain(iter::once(&G::Scalar::one()))
.chain(iter::once(&G::Scalar::ONE))
.copied()
.collect::<Vec<G::Scalar>>(),
)

8
src/provider/pasta.rs
View File

@@ -8,12 +8,12 @@ use crate::{
traits::{CompressedGroup, Group, PrimeFieldExt, TranscriptReprTrait},
};
use digest::{ExtendableOutput, Input};
use ff::PrimeField;
use ff::{FromUniformBytes, PrimeField};
use num_bigint::BigInt;
use num_traits::Num;
use pasta_curves::{
self,
arithmetic::{CurveAffine, CurveExt, FieldExt, Group as OtherGroup},
arithmetic::{CurveAffine, CurveExt},
group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup, GroupEncoding},
pallas, vesta, Ep, EpAffine, Eq, EqAffine,
};
@@ -163,7 +163,7 @@ macro_rules! impl_traits {
}
fn zero() -> Self {
$name::Point::group_zero()
$name::Point::identity()
}
fn get_generator() -> Self {
@@ -174,7 +174,7 @@ macro_rules! impl_traits {
impl PrimeFieldExt for $name::Scalar {
fn from_uniform(bytes: &[u8]) -> Self {
let bytes_arr: [u8; 64] = bytes.try_into().unwrap();
$name::Scalar::from_bytes_wide(&bytes_arr)
$name::Scalar::from_uniform_bytes(&bytes_arr)
}
}

4
src/provider/pedersen.rs
View File

@@ -85,9 +85,9 @@ impl<G: Group> AbsorbInROTrait<G> for Commitment<G> {
ro.absorb(x);
ro.absorb(y);
ro.absorb(if is_infinity {
G::Base::one()
G::Base::ONE
} else {
G::Base::zero()
G::Base::ZERO
});
}
}

4
src/provider/poseidon.rs
View File

@@ -96,8 +96,8 @@ where
// Only return `num_bits`
let bits = hash[0].to_le_bits();
let mut res = Scalar::zero();
let mut coeff = Scalar::one();
let mut res = Scalar::ZERO;
let mut coeff = Scalar::ONE;
for bit in bits[0..num_bits].into_iter() {
if *bit {
res += coeff;

42
src/r1cs.rs
View File

@@ -159,7 +159,7 @@ impl<G: Group> R1CSShape<G> {
let (row, col, val) = M[i];
(row, val * z[col])
})
.fold(vec![G::Scalar::zero(); num_rows], |mut Mz, (r, v)| {
.fold(vec![G::Scalar::ZERO; num_rows], |mut Mz, (r, v)| {
Mz[r] += v;
Mz
})
@@ -230,7 +230,7 @@ impl<G: Group> R1CSShape<G> {
// verify if Az * Bz = u*Cz
let res_eq: bool = {
let z = concat(vec![W.W.clone(), vec![G::Scalar::one()], U.X.clone()]);
let z = concat(vec![W.W.clone(), vec![G::Scalar::ONE], U.X.clone()]);
let (Az, Bz, Cz) = self.multiply_vec(&z)?;
assert_eq!(Az.len(), self.num_cons);
assert_eq!(Bz.len(), self.num_cons);
@@ -269,7 +269,7 @@ impl<G: Group> R1CSShape<G> {
};
let (AZ_2, BZ_2, CZ_2) = {
let Z2 = concat(vec![W2.W.clone(), vec![G::Scalar::one()], U2.X.clone()]);
let Z2 = concat(vec![W2.W.clone(), vec![G::Scalar::ONE], U2.X.clone()]);
self.multiply_vec(&Z2)?
};
@@ -353,8 +353,8 @@ impl<G: Group> R1CSShape<G> {
});
// turn the bit vector into a scalar
let mut res = G::Scalar::zero();
let mut coeff = G::Scalar::one();
let mut res = G::Scalar::ZERO;
let mut coeff = G::Scalar::ONE;
for bit in bv {
if bit {
res += coeff;
@@ -397,11 +397,15 @@ impl<G: Group> R1CSShape<G> {
let apply_pad = |M: &[(usize, usize, G::Scalar)]| -> Vec<(usize, usize, G::Scalar)> {
M.par_iter()
.map(|(r, c, v)| {
if c >= &self.num_vars {
(*r, c + num_vars_padded - self.num_vars, *v)
} else {
(*r, *c, *v)
}
(
*r,
if c >= &self.num_vars {
c + num_vars_padded - self.num_vars
} else {
*c
},
*v,
)
})
.collect::<Vec<_>>()
};
@@ -490,8 +494,8 @@ impl<G: Group> RelaxedR1CSWitness<G> {
/// Produces a default RelaxedR1CSWitness given an R1CSShape
pub fn default(S: &R1CSShape<G>) -> RelaxedR1CSWitness<G> {
RelaxedR1CSWitness {
W: vec![G::Scalar::zero(); S.num_vars],
E: vec![G::Scalar::zero(); S.num_cons],
W: vec![G::Scalar::ZERO; S.num_vars],
E: vec![G::Scalar::ZERO; S.num_cons],
}
}
@@ -499,7 +503,7 @@ impl<G: Group> RelaxedR1CSWitness<G> {
pub fn from_r1cs_witness(S: &R1CSShape<G>, witness: &R1CSWitness<G>) -> RelaxedR1CSWitness<G> {
RelaxedR1CSWitness {
W: witness.W.clone(),
E: vec![G::Scalar::zero(); S.num_cons],
E: vec![G::Scalar::ZERO; S.num_cons],
}
}
@@ -539,13 +543,13 @@ impl<G: Group> RelaxedR1CSWitness<G> {
pub fn pad(&self, S: &R1CSShape<G>) -> RelaxedR1CSWitness<G> {
let W = {
let mut W = self.W.clone();
W.extend(vec![G::Scalar::zero(); S.num_vars - W.len()]);
W.extend(vec![G::Scalar::ZERO; S.num_vars - W.len()]);
W
};
let E = {
let mut E = self.E.clone();
E.extend(vec![G::Scalar::zero(); S.num_cons - E.len()]);
E.extend(vec![G::Scalar::ZERO; S.num_cons - E.len()]);
E
};
@@ -560,8 +564,8 @@ impl<G: Group> RelaxedR1CSInstance<G> {
RelaxedR1CSInstance {
comm_W,
comm_E,
u: G::Scalar::zero(),
X: vec![G::Scalar::zero(); S.num_io],
u: G::Scalar::ZERO,
X: vec![G::Scalar::ZERO; S.num_io],
}
}
@@ -573,7 +577,7 @@ impl<G: Group> RelaxedR1CSInstance<G> {
) -> RelaxedR1CSInstance<G> {
let mut r_instance = RelaxedR1CSInstance::default(ck, S);
r_instance.comm_W = instance.comm_W;
r_instance.u = G::Scalar::one();
r_instance.u = G::Scalar::ONE;
r_instance.X = instance.X.clone();
r_instance
}
@@ -586,7 +590,7 @@ impl<G: Group> RelaxedR1CSInstance<G> {
RelaxedR1CSInstance {
comm_W: *comm_W,
comm_E: Commitment::<G>::default(),
u: G::Scalar::one(),
u: G::Scalar::ONE,
X: X.to_vec(),
}
}

38
src/spartan/mod.rs
View File

@@ -23,7 +23,7 @@ use sumcheck::SumcheckProof;
fn powers<G: Group>(s: &G::Scalar, n: usize) -> Vec<G::Scalar> {
assert!(n >= 1);
let mut powers = Vec::new();
powers.push(G::Scalar::one());
powers.push(G::Scalar::ONE);
for i in 1..n {
powers.push(powers[i - 1] * s);
}
@@ -42,7 +42,7 @@ impl<G: Group> PolyEvalWitness<G> {
W.iter()
.map(|w| {
let mut p = w.p.clone();
p.resize(n, G::Scalar::zero());
p.resize(n, G::Scalar::ZERO);
PolyEvalWitness { p }
})
.collect()
@@ -53,7 +53,7 @@ impl<G: Group> PolyEvalWitness<G> {
fn weighted_sum(W: &[PolyEvalWitness<G>], s: &[G::Scalar]) -> PolyEvalWitness<G> {
assert_eq!(W.len(), s.len());
let mut p = vec![G::Scalar::zero(); W[0].p.len()];
let mut p = vec![G::Scalar::ZERO; W[0].p.len()];
for i in 0..W.len() {
for j in 0..W[i].p.len() {
p[j] += W[i].p[j] * s[i]
@@ -64,7 +64,7 @@ impl<G: Group> PolyEvalWitness<G> {
fn batch(p_vec: &[&Vec<G::Scalar>], s: &G::Scalar) -> PolyEvalWitness<G> {
let powers_of_s = powers::<G>(s, p_vec.len());
let mut p = vec![G::Scalar::zero(); p_vec[0].len()];
let mut p = vec![G::Scalar::ZERO; p_vec[0].len()];
for i in 0..p_vec.len() {
for (j, item) in p.iter_mut().enumerate().take(p_vec[i].len()) {
*item += p_vec[i][j] * powers_of_s[i]
@@ -87,7 +87,7 @@ impl<G: Group> PolyEvalInstance<G> {
if let Some(ell) = U.iter().map(|u| u.x.len()).max() {
U.iter()
.map(|u| {
let mut x = vec![G::Scalar::zero(); ell - u.x.len()];
let mut x = vec![G::Scalar::ZERO; ell - u.x.len()];
x.extend(u.x.clone());
PolyEvalInstance { c: u.c, x, e: u.e }
})
@@ -108,7 +108,7 @@ impl<G: Group> PolyEvalInstance<G> {
.iter()
.zip(powers_of_s.iter())
.map(|(e, p)| *e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let c = c_vec
.iter()
.zip(powers_of_s.iter())
@@ -233,7 +233,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
poly_D_comp: &G::Scalar|
-> G::Scalar { *poly_A_comp * (*poly_B_comp * *poly_C_comp - *poly_D_comp) };
let (sc_proof_outer, r_x, claims_outer) = SumcheckProof::prove_cubic_with_additive_term(
&G::Scalar::zero(), // claim is zero
&G::Scalar::ZERO, // claim is zero
num_rounds_x,
&mut poly_tau,
&mut poly_Az,
@@ -273,19 +273,19 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
let (A_evals, (B_evals, C_evals)) = rayon::join(
|| {
let mut A_evals: Vec<G::Scalar> = vec![G::Scalar::zero(); 2 * S.num_vars];
let mut A_evals: Vec<G::Scalar> = vec![G::Scalar::ZERO; 2 * S.num_vars];
inner(&S.A, &mut A_evals);
A_evals
},
|| {
rayon::join(
|| {
let mut B_evals: Vec<G::Scalar> = vec![G::Scalar::zero(); 2 * S.num_vars];
let mut B_evals: Vec<G::Scalar> = vec![G::Scalar::ZERO; 2 * S.num_vars];
inner(&S.B, &mut B_evals);
B_evals
},
|| {
let mut C_evals: Vec<G::Scalar> = vec![G::Scalar::zero(); 2 * S.num_vars];
let mut C_evals: Vec<G::Scalar> = vec![G::Scalar::ZERO; 2 * S.num_vars];
inner(&S.C, &mut C_evals);
C_evals
},
@@ -307,7 +307,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
};
let poly_z = {
z.resize(pk.S.num_vars * 2, G::Scalar::zero());
z.resize(pk.S.num_vars * 2, G::Scalar::ZERO);
z
};
@@ -366,7 +366,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(u, p)| u.e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let mut polys_left: Vec<MultilinearPolynomial<G::Scalar>> = w_vec_padded
.iter()
@@ -408,7 +408,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_gamma.iter())
.map(|(e, g_i)| *e * *g_i)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let eval_arg = EE::prove(
ck,
@@ -453,7 +453,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
let (claim_outer_final, r_x) =
self
.sc_proof_outer
.verify(G::Scalar::zero(), num_rounds_x, 3, &mut transcript)?;
.verify(G::Scalar::ZERO, num_rounds_x, 3, &mut transcript)?;
// verify claim_outer_final
let (claim_Az, claim_Bz, claim_Cz) = self.claims_outer;
@@ -498,7 +498,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
);
SparsePolynomial::new((vk.S.num_vars as f64).log2() as usize, poly_X).evaluate(&r_y[1..])
};
(G::Scalar::one() - r_y[0]) * self.eval_W + r_y[0] * eval_X
(G::Scalar::ONE - r_y[0]) * self.eval_W + r_y[0] * eval_X
};
// compute evaluations of R1CS matrices
@@ -515,7 +515,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
let (row, col, val) = M[i];
T_x[row] * T_y[col] * val
})
.reduce(G::Scalar::zero, |acc, x| acc + x)
.reduce(|| G::Scalar::ZERO, |acc, x| acc + x)
};
let (T_x, T_y) = rayon::join(
@@ -561,7 +561,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(u, p)| u.e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let num_rounds_z = u_vec_padded[0].x.len();
let (claim_batch_final, r_z) =
@@ -581,7 +581,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.zip(self.evals_batch.iter())
.zip(powers_of_rho.iter())
.map(|((e_i, p_i), rho_i)| *e_i * *p_i * rho_i)
.fold(G::Scalar::zero(), |acc, item| acc + item)
.fold(G::Scalar::ZERO, |acc, item| acc + item)
};
if claim_batch_final != claim_batch_final_expected {
@@ -603,7 +603,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_gamma.iter())
.map(|(e, g_i)| *e * *g_i)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
// verify
EE::verify(

20
src/spartan/polynomial.rs
View File

@@ -18,15 +18,15 @@ impl<Scalar: PrimeField> EqPolynomial<Scalar> {
pub fn evaluate(&self, rx: &[Scalar]) -> Scalar {
assert_eq!(self.r.len(), rx.len());
(0..rx.len())
.map(|i| rx[i] * self.r[i] + (Scalar::one() - rx[i]) * (Scalar::one() - self.r[i]))
.fold(Scalar::one(), |acc, item| acc * item)
.map(|i| rx[i] * self.r[i] + (Scalar::ONE - rx[i]) * (Scalar::ONE - self.r[i]))
.fold(Scalar::ONE, |acc, item| acc * item)
}
pub fn evals(&self) -> Vec<Scalar> {
let ell = self.r.len();
let mut evals: Vec<Scalar> = vec![Scalar::zero(); (2_usize).pow(ell as u32)];
let mut evals: Vec<Scalar> = vec![Scalar::ZERO; (2_usize).pow(ell as u32)];
let mut size = 1;
evals[0] = Scalar::one();
evals[0] = Scalar::ONE;
for r in self.r.iter().rev() {
let (evals_left, evals_right) = evals.split_at_mut(size);
@@ -82,7 +82,7 @@ impl<Scalar: PrimeField> MultilinearPolynomial<Scalar> {
*a += *r * (*b - *a);
});
self.Z.resize(n, Scalar::zero());
self.Z.resize(n, Scalar::ZERO);
self.num_vars -= 1;
}
@@ -96,7 +96,7 @@ impl<Scalar: PrimeField> MultilinearPolynomial<Scalar> {
(0..chis.len())
.into_par_iter()
.map(|i| chis[i] * self.Z[i])
.reduce(Scalar::zero, |x, y| x + y)
.reduce(|| Scalar::ZERO, |x, y| x + y)
}
pub fn evaluate_with(Z: &[Scalar], r: &[Scalar]) -> Scalar {
@@ -105,7 +105,7 @@ impl<Scalar: PrimeField> MultilinearPolynomial<Scalar> {
.into_par_iter()
.zip(Z.into_par_iter())
.map(|(a, b)| a * b)
.reduce(Scalar::zero, |x, y| x + y)
.reduce(|| Scalar::ZERO, |x, y| x + y)
}
}
@@ -130,12 +130,12 @@ impl<Scalar: PrimeField> SparsePolynomial<Scalar> {
fn compute_chi(a: &[bool], r: &[Scalar]) -> Scalar {
assert_eq!(a.len(), r.len());
let mut chi_i = Scalar::one();
let mut chi_i = Scalar::ONE;
for j in 0..r.len() {
if a[j] {
chi_i *= r[j];
} else {
chi_i *= Scalar::one() - r[j];
chi_i *= Scalar::ONE - r[j];
}
}
chi_i
@@ -158,6 +158,6 @@ impl<Scalar: PrimeField> SparsePolynomial<Scalar> {
let bits = get_bits(self.Z[i].0, r.len());
SparsePolynomial::compute_chi(&bits, r) * self.Z[i].1
})
.reduce(Scalar::zero, |x, y| x + y)
.reduce(|| Scalar::ZERO, |x, y| x + y)
}
}

110
src/spartan/pp.rs
View File

@@ -53,7 +53,7 @@ impl<Scalar: PrimeField> IdentityPolynomial<Scalar> {
assert_eq!(self.ell, r.len());
(0..self.ell)
.map(|i| Scalar::from(2_usize.pow((self.ell - i - 1) as u32) as u64) * r[i])
.fold(Scalar::zero(), |acc, item| acc + item)
.fold(Scalar::ZERO, |acc, item| acc + item)
}
}
@@ -149,25 +149,25 @@ impl<G: Group> R1CSShapeSparkRepr<G> {
let val_A = {
let mut val = S.A.iter().map(|(_, _, v)| *v).collect::<Vec<G::Scalar>>();
val.resize(N, G::Scalar::zero());
val.resize(N, G::Scalar::ZERO);
val
};
let val_B = {
// prepend zeros
let mut val = vec![G::Scalar::zero(); S.A.len()];
let mut val = vec![G::Scalar::ZERO; S.A.len()];
val.extend(S.B.iter().map(|(_, _, v)| *v).collect::<Vec<G::Scalar>>());
// append zeros
val.resize(N, G::Scalar::zero());
val.resize(N, G::Scalar::ZERO);
val
};
let val_C = {
// prepend zeros
let mut val = vec![G::Scalar::zero(); S.A.len() + S.B.len()];
let mut val = vec![G::Scalar::ZERO; S.A.len() + S.B.len()];
val.extend(S.C.iter().map(|(_, _, v)| *v).collect::<Vec<G::Scalar>>());
// append zeros
val.resize(N, G::Scalar::zero());
val.resize(N, G::Scalar::ZERO);
val
};
@@ -262,7 +262,7 @@ impl<G: Group> R1CSShapeSparkRepr<G> {
Vec<G::Scalar>,
) {
let r_x_padded = {
let mut x = vec![G::Scalar::zero(); self.N.log_2() - r_x.len()];
let mut x = vec![G::Scalar::ZERO; self.N.log_2() - r_x.len()];
x.extend(r_x);
x
};
@@ -270,7 +270,7 @@ impl<G: Group> R1CSShapeSparkRepr<G> {
let mem_row = EqPolynomial::new(r_x_padded).evals();
let mem_col = {
let mut z = z.to_vec();
z.resize(self.N, G::Scalar::zero());
z.resize(self.N, G::Scalar::ZERO);
z
};
@@ -374,8 +374,8 @@ impl<G: Group> ProductSumcheckInstance<G> {
// add a dummy product operation to make the left.len() == right.len() == output.len() == input.len()
left.push(output[output.len() - 1]);
right.push(G::Scalar::zero());
output.push(G::Scalar::zero());
right.push(G::Scalar::ZERO);
output.push(G::Scalar::ZERO);
// output is stored at the last but one position
let product = output[output.len() - 2];
@@ -445,7 +445,7 @@ impl<G: Group> ProductSumcheckInstance<G> {
impl<G: Group> SumcheckEngine<G> for ProductSumcheckInstance<G> {
fn initial_claims(&self) -> Vec<G::Scalar> {
vec![G::Scalar::zero(); 8]
vec![G::Scalar::ZERO; 8]
}
fn degree(&self) -> usize {
@@ -515,7 +515,7 @@ impl<G: Group> SumcheckEngine<G> for ProductSumcheckInstance<G> {
(eval_point_0, eval_point_2, eval_point_3)
})
.reduce(
|| (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()),
|| (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO),
|a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2),
);
vec![eval_point_0, eval_point_2, eval_point_3]
@@ -561,7 +561,7 @@ struct OuterSumcheckInstance<G: Group> {
impl<G: Group> SumcheckEngine<G> for OuterSumcheckInstance<G> {
fn initial_claims(&self) -> Vec<G::Scalar> {
vec![G::Scalar::zero()]
vec![G::Scalar::ZERO]
}
fn degree(&self) -> usize {
@@ -623,7 +623,7 @@ impl<G: Group> SumcheckEngine<G> for OuterSumcheckInstance<G> {
(eval_point_0, eval_point_2, eval_point_3)
})
.reduce(
|| (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()),
|| (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO),
|a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2),
);
@@ -706,7 +706,7 @@ impl<G: Group> SumcheckEngine<G> for InnerSumcheckInstance<G> {
(eval_point_0, eval_point_2, eval_point_3)
})
.reduce(
|| (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()),
|| (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO),
|a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2),
);
@@ -860,7 +860,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARK<G, EE>
.iter()
.zip(coeffs.iter())
.map(|(c_1, c_2)| *c_1 * c_2)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let mut e = claim;
let mut r: Vec<G::Scalar> = Vec::new();
@@ -875,13 +875,13 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARK<G, EE>
let evals_combined_0 = (0..evals.len())
.map(|i| evals[i][0] * coeffs[i])
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let evals_combined_2 = (0..evals.len())
.map(|i| evals[i][1] * coeffs[i])
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let evals_combined_3 = (0..evals.len())
.map(|i| evals[i][2] * coeffs[i])
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let evals = vec![
evals_combined_0,
@@ -1000,12 +1000,12 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
// (1) send commitments to Az, Bz, and Cz along with their evaluations at tau
let (Az, Bz, Cz, E) = {
Az.resize(pk.S_repr.N, G::Scalar::zero());
Bz.resize(pk.S_repr.N, G::Scalar::zero());
Cz.resize(pk.S_repr.N, G::Scalar::zero());
Az.resize(pk.S_repr.N, G::Scalar::ZERO);
Bz.resize(pk.S_repr.N, G::Scalar::ZERO);
Cz.resize(pk.S_repr.N, G::Scalar::ZERO);
let mut E = W.E.clone();
E.resize(pk.S_repr.N, G::Scalar::zero());
E.resize(pk.S_repr.N, G::Scalar::ZERO);
(Az, Bz, Cz, E)
};
@@ -1092,7 +1092,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
};
let init_row = (0..mem_row.len())
.map(|i| hash_func(&G::Scalar::from(i as u64), &mem_row[i], &G::Scalar::zero()))
.map(|i| hash_func(&G::Scalar::from(i as u64), &mem_row[i], &G::Scalar::ZERO))
.collect::<Vec<G::Scalar>>();
let read_row = (0..E_row.len())
.map(|i| hash_func(&pk.S_repr.row[i], &E_row[i], &pk.S_repr.row_read_ts[i]))
@@ -1102,7 +1102,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
hash_func(
&pk.S_repr.row[i],
&E_row[i],
&(pk.S_repr.row_read_ts[i] + G::Scalar::one()),
&(pk.S_repr.row_read_ts[i] + G::Scalar::ONE),
)
})
.collect::<Vec<G::Scalar>>();
@@ -1117,7 +1117,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.collect::<Vec<G::Scalar>>();
let init_col = (0..mem_col.len())
.map(|i| hash_func(&G::Scalar::from(i as u64), &mem_col[i], &G::Scalar::zero()))
.map(|i| hash_func(&G::Scalar::from(i as u64), &mem_col[i], &G::Scalar::ZERO))
.collect::<Vec<G::Scalar>>();
let read_col = (0..E_col.len())
.map(|i| hash_func(&pk.S_repr.col[i], &E_col[i], &pk.S_repr.col_read_ts[i]))
@@ -1127,7 +1127,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
hash_func(
&pk.S_repr.col[i],
&E_col[i],
&(pk.S_repr.col_read_ts[i] + G::Scalar::one()),
&(pk.S_repr.col_read_ts[i] + G::Scalar::ONE),
)
})
.collect::<Vec<G::Scalar>>();
@@ -1190,7 +1190,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
// into claims about input and output
let c = transcript.squeeze(b"c")?;
// eval = (G::Scalar::one() - c) * eval_left + c * eval_right
// eval = (G::Scalar::ONE - c) * eval_left + c * eval_right
// eval is claimed evaluation of input||output(r, c), which can be proven by proving input(r[1..], c) and output(r[1..], c)
let rand_ext = {
let mut r = r_sat.clone();
@@ -1233,13 +1233,13 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(e, p)| *e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let eval_output = eval_output_vec
.iter()
.zip(powers_of_rho.iter())
.map(|(e, p)| *e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let comm_output = mem_sc_inst
.comm_output_vec
@@ -1250,7 +1250,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
let weighted_sum = |W: &[Vec<G::Scalar>], s: &[G::Scalar]| -> Vec<G::Scalar> {
assert_eq!(W.len(), s.len());
let mut p = vec![G::Scalar::zero(); W[0].len()];
let mut p = vec![G::Scalar::ZERO; W[0].len()];
for i in 0..W.len() {
for (j, item) in W[i].iter().enumerate().take(W[i].len()) {
p[j] += *item * s[i]
@@ -1265,7 +1265,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(e, p)| *e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
// eval_output = output(r_sat)
w_u_vec.push((
@@ -1281,8 +1281,8 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
// claimed_product = output(1, ..., 1, 0)
let x = {
let mut x = vec![G::Scalar::one(); r_sat.len()];
x[r_sat.len() - 1] = G::Scalar::zero();
let mut x = vec![G::Scalar::ONE; r_sat.len()];
x[r_sat.len() - 1] = G::Scalar::ZERO;
x
};
w_u_vec.push((
@@ -1457,7 +1457,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(u, p)| u.e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let mut polys_left: Vec<MultilinearPolynomial<G::Scalar>> = w_vec_padded
.iter()
@@ -1499,7 +1499,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_gamma.iter())
.map(|(e, g_i)| *e * *g_i)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let eval_arg = EE::prove(
ck,
@@ -1674,7 +1674,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
* rand_eq_bound_r_sat
* (self.eval_left_arr[i] * self.eval_right_arr[i] - self.eval_output_arr[i])
})
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let claim_outer_final_expected = coeffs[8]
* taus_bound_r_sat
* (self.eval_Az * self.eval_Bz - U.u * self.eval_Cz - self.eval_E);
@@ -1712,7 +1712,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
// into claims about input and output
let c = transcript.squeeze(b"c")?;
// eval = (G::Scalar::one() - c) * eval_left + c * eval_right
// eval = (G::Scalar::ONE - c) * eval_left + c * eval_right
// eval is claimed evaluation of input||output(r, c), which can be proven by proving input(r[1..], c) and output(r[1..], c)
let rand_ext = {
let mut r = r_sat.clone();
@@ -1744,14 +1744,14 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(e, p)| *e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let eval_output = self
.eval_output_arr
.iter()
.zip(powers_of_rho.iter())
.map(|(e, p)| *e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let comm_output = comm_output_vec
.iter()
@@ -1764,7 +1764,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(e, p)| *e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
// eval_output = output(r_sat)
u_vec.push(PolyEvalInstance {
@@ -1775,8 +1775,8 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
// claimed_product = output(1, ..., 1, 0)
let x = {
let mut x = vec![G::Scalar::one(); r_sat.len()];
x[r_sat.len() - 1] = G::Scalar::zero();
let mut x = vec![G::Scalar::ONE; r_sat.len()];
x[r_sat.len() - 1] = G::Scalar::ZERO;
x
};
u_vec.push(PolyEvalInstance {
@@ -1842,9 +1842,9 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
let (factor, r_prod_unpad) = {
let l = vk.S_comm.N.log_2() - (2 * vk.num_vars).log_2();
let mut factor = G::Scalar::one();
let mut factor = G::Scalar::ONE;
for r_p in r_prod.iter().take(l) {
factor *= G::Scalar::one() - r_p
factor *= G::Scalar::ONE - r_p
}
let r_prod_unpad = {
@@ -1868,7 +1868,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.evaluate(&r_prod_unpad[1..])
};
let eval_Z =
factor * ((G::Scalar::one() - r_prod_unpad[0]) * self.eval_W + r_prod_unpad[0] * eval_X);
factor * ((G::Scalar::ONE - r_prod_unpad[0]) * self.eval_W + r_prod_unpad[0] * eval_X);
(eval_Z, r_prod_unpad)
};
@@ -1884,7 +1884,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
let addr = IdentityPolynomial::new(r_prod.len()).evaluate(&r_prod);
let val = EqPolynomial::new(tau.to_vec()).evaluate(&r_prod);
(
hash_func(&addr, &val, &G::Scalar::zero()),
hash_func(&addr, &val, &G::Scalar::ZERO),
hash_func(&addr, &val, &self.eval_row_audit_ts),
)
};
@@ -1899,7 +1899,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
hash_func(
&self.eval_row,
&self.eval_E_row_at_r_prod,
&(self.eval_row_read_ts + G::Scalar::one()),
&(self.eval_row_read_ts + G::Scalar::ONE),
),
)
};
@@ -1917,7 +1917,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
let addr = IdentityPolynomial::new(r_prod.len()).evaluate(&r_prod);
let val = eval_Z;
(
hash_func(&addr, &val, &G::Scalar::zero()),
hash_func(&addr, &val, &G::Scalar::ZERO),
hash_func(&addr, &val, &self.eval_col_audit_ts),
)
};
@@ -1932,7 +1932,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
hash_func(
&self.eval_col,
&self.eval_E_col_at_r_prod,
&(self.eval_col_read_ts + G::Scalar::one()),
&(self.eval_col_read_ts + G::Scalar::ONE),
),
)
};
@@ -1985,7 +1985,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_rho.iter())
.map(|(u, p)| u.e * p)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let num_rounds_z = u_vec_padded[0].x.len();
let (claim_batch_final, r_z) =
@@ -2005,7 +2005,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.zip(self.evals_batch_arr.iter())
.zip(powers_of_rho.iter())
.map(|((e_i, p_i), rho_i)| *e_i * *p_i * rho_i)
.fold(G::Scalar::zero(), |acc, item| acc + item)
.fold(G::Scalar::ZERO, |acc, item| acc + item)
};
if claim_batch_final != claim_batch_final_expected {
@@ -2027,7 +2027,7 @@ impl<G: Group, EE: EvaluationEngineTrait<G, CE = G::CE>> RelaxedR1CSSNARKTrait<G
.iter()
.zip(powers_of_gamma.iter())
.map(|(e, g_i)| *e * *g_i)
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
// verify
EE::verify(
@@ -2055,7 +2055,7 @@ impl<G: Group, SC: StepCircuit<G::Scalar>> Circuit<G::Scalar> for SpartanCircuit
let arity = self.sc.arity();
// Allocate zi. If inputs.zi is not provided, allocate default value 0
let zero = vec![G::Scalar::zero(); arity];
let zero = vec![G::Scalar::ZERO; arity];
let z_i = (0..arity)
.map(|i| {
AllocatedNum::alloc(cs.namespace(|| format!("zi_{i}")), || {
@@ -2248,7 +2248,7 @@ mod tests {
let num_steps = 3;
// setup inputs
let z0 = vec![<G as Group>::Scalar::zero()];
let z0 = vec![<G as Group>::Scalar::ZERO];
let mut z_i = z0;
for _i in 0..num_steps {

14
src/spartan/sumcheck.rs
View File

@@ -93,7 +93,7 @@ impl<G: Group> SumcheckProof<G> {
(eval_point_0, eval_point_2)
})
.reduce(
|| (G::Scalar::zero(), G::Scalar::zero()),
|| (G::Scalar::ZERO, G::Scalar::ZERO),
|a, b| (a.0 + b.0, a.1 + b.1),
);
@@ -146,8 +146,8 @@ impl<G: Group> SumcheckProof<G> {
let mut evals: Vec<(G::Scalar, G::Scalar)> = Vec::new();
for (poly_A, poly_B) in poly_A_vec.iter().zip(poly_B_vec.iter()) {
let mut eval_point_0 = G::Scalar::zero();
let mut eval_point_2 = G::Scalar::zero();
let mut eval_point_0 = G::Scalar::ZERO;
let mut eval_point_2 = G::Scalar::ZERO;
let len = poly_A.len() / 2;
for i in 0..len {
@@ -165,10 +165,10 @@ impl<G: Group> SumcheckProof<G> {
let evals_combined_0 = (0..evals.len())
.map(|i| evals[i].0 * coeffs[i])
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let evals_combined_2 = (0..evals.len())
.map(|i| evals[i].1 * coeffs[i])
.fold(G::Scalar::zero(), |acc, item| acc + item);
.fold(G::Scalar::ZERO, |acc, item| acc + item);
let evals = vec![evals_combined_0, e - evals_combined_0, evals_combined_2];
let poly = UniPoly::from_evals(&evals);
@@ -251,7 +251,7 @@ impl<G: Group> SumcheckProof<G> {
(eval_point_0, eval_point_2, eval_point_3)
})
.reduce(
|| (G::Scalar::zero(), G::Scalar::zero(), G::Scalar::zero()),
|| (G::Scalar::ZERO, G::Scalar::ZERO, G::Scalar::ZERO),
|a, b| (a.0 + b.0, a.1 + b.1, a.2 + b.2),
);
@@ -353,7 +353,7 @@ impl<G: Group> UniPoly<G> {
(0..self.coeffs.len())
.into_par_iter()
.map(|i| self.coeffs[i])
.reduce(G::Scalar::zero, |a, b| a + b)
.reduce(|| G::Scalar::ZERO, |a, b| a + b)
}
pub fn evaluate(&self, r: &G::Scalar) -> G::Scalar {