arnaucube/Nova
1
0
Fork 0
mirror of https://github.com/arnaucube/Nova.git synced 2026-01-12 09:01:28 +01:00
Code Issues Projects Releases Wiki Activity

chore: update to ff/group 0.13 (#166)

Browse Source 
* chore: update to ff/group 0.13 and associated dependencies

Updates:
- zkcrypto/ff, zkcrypto/group to 0.13,
- bellperson to 0.25,
- pasta_curves to 0.5.1, and removes the fil_pasta_curves fork
- pasta-msm should no longer need a fork (WIP)

Adapts source in function, mostly for const usage and API updates.

* expose the portable feature of pasta-MSM

* update pointer to pasta-msm

* Clippy

---------

Co-authored-by: François Garillot <francois@garillot.net>
This commit is contained in:
Samuel Burnham
2023-05-10 15:15:17 -04:00
committed by GitHub
parent b76d7aa7ea
commit cddd707fad
22 changed files with 275 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
src/gadgets/ecc.rs
View File

@@ -43,16 +43,16 @@ where
CS: ConstraintSystem<G::Base>,
{
let x = AllocatedNum::alloc(cs.namespace(|| "x"), || {
Ok(coords.map_or(G::Base::zero(), |c| c.0))
Ok(coords.map_or(G::Base::ZERO, |c| c.0))
})?;
let y = AllocatedNum::alloc(cs.namespace(|| "y"), || {
Ok(coords.map_or(G::Base::zero(), |c| c.1))
Ok(coords.map_or(G::Base::ZERO, |c| c.1))
})?;
let is_infinity = AllocatedNum::alloc(cs.namespace(|| "is_infinity"), || {
Ok(if coords.map_or(true, |c| c.2) {
G::Base::one()
G::Base::ONE
} else {
G::Base::zero()
G::Base::ZERO
})
})?;
cs.enforce(
@@ -177,9 +177,9 @@ where
// NOT(NOT(self.is_ifninity) AND NOT(other.is_infinity))
let at_least_one_inf = AllocatedNum::alloc(cs.namespace(|| "at least one inf"), || {
Ok(
G::Base::one()
- (G::Base::one() - *self.is_infinity.get_value().get()?)
* (G::Base::one() - *other.is_infinity.get_value().get()?),
G::Base::ONE
- (G::Base::ONE - *self.is_infinity.get_value().get()?)
* (G::Base::ONE - *other.is_infinity.get_value().get()?),
)
})?;
cs.enforce(
@@ -193,7 +193,7 @@ where
let x_diff_is_actual =
AllocatedNum::alloc(cs.namespace(|| "allocate x_diff_is_actual"), || {
Ok(if *equal_x.get_value().get()? {
G::Base::one()
G::Base::ONE
} else {
*at_least_one_inf.get_value().get()?
})
@@ -215,9 +215,9 @@ where
)?;
let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || {
let x_diff_inv = if *x_diff_is_actual.get_value().get()? == G::Base::one() {
let x_diff_inv = if *x_diff_is_actual.get_value().get()? == G::Base::ONE {
// Set to default
G::Base::one()
G::Base::ONE
} else {
// Set to the actual inverse
(*other.x.get_value().get()? - *self.x.get_value().get()?)
@@ -328,7 +328,7 @@ where
// * (G::Base::from(2)) * self.y).invert().unwrap();
/*************************************************************/
// Compute tmp = (G::Base::one() + G::Base::one())* self.y ? self != inf : 1
// Compute tmp = (G::Base::ONE + G::Base::ONE)* self.y ? self != inf : 1
let tmp_actual = AllocatedNum::alloc(cs.namespace(|| "tmp_actual"), || {
Ok(*self.y.get_value().get()? + *self.y.get_value().get()?)
})?;
@@ -354,9 +354,9 @@ where
);
let lambda = AllocatedNum::alloc(cs.namespace(|| "alloc lambda"), || {
let tmp_inv = if *self.is_infinity.get_value().get()? == G::Base::one() {
let tmp_inv = if *self.is_infinity.get_value().get()? == G::Base::ONE {
// Return default value 1
G::Base::one()
G::Base::ONE
} else {
// Return the actual inverse
(*tmp.get_value().get()?).invert().unwrap()
@@ -622,7 +622,7 @@ where
// allocate a free variable that an honest prover sets to lambda = (y2-y1)/(x2-x1)
let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || {
if *other.x.get_value().get()? == *self.x.get_value().get()? {
Ok(G::Base::one())
Ok(G::Base::ONE)
} else {
Ok(
(*other.y.get_value().get()? - *self.y.get_value().get()?)
@@ -688,8 +688,8 @@ where
let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || {
let n = G::Base::from(3) * x_sq.get_value().get()? + G::get_curve_params().0;
let d = G::Base::from(2) * *self.y.get_value().get()?;
if d == G::Base::zero() {
Ok(G::Base::one())
if d == G::Base::ZERO {
Ok(G::Base::ONE)
} else {
Ok(n * d.invert().unwrap())
}
@@ -803,8 +803,8 @@ mod tests {
} else {
// if self.x == other.x and self.y != other.y then return infinity
Self {
x: G::Base::zero(),
y: G::Base::zero(),
x: G::Base::ZERO,
y: G::Base::ZERO,
is_infinity: true,
}
}
@@ -836,8 +836,8 @@ mod tests {
pub fn double(&self) -> Self {
if self.is_infinity {
return Self {
x: G::Base::zero(),
y: G::Base::zero(),
x: G::Base::ZERO,
y: G::Base::ZERO,
is_infinity: true,
};
}
@@ -845,9 +845,7 @@ mod tests {
let lambda = G::Base::from(3)
* self.x
* self.x
* ((G::Base::one() + G::Base::one()) * self.y)
.invert()
.unwrap();
* ((G::Base::ONE + G::Base::ONE) * self.y).invert().unwrap();
let x = lambda * lambda - self.x - self.x;
let y = lambda * (self.x - x) - self.y;
Self {
@@ -859,8 +857,8 @@ mod tests {
pub fn scalar_mul(&self, scalar: &G::Scalar) -> Self {
let mut res = Self {
x: G::Base::zero(),
y: G::Base::zero(),
x: G::Base::ZERO,
y: G::Base::ZERO,
is_infinity: true,
};
@@ -985,12 +983,12 @@ mod tests {
let a_p: Point<G1> = Point::new(
a.x.get_value().unwrap(),
a.y.get_value().unwrap(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_p: Point<G1> = Point::new(
e.x.get_value().unwrap(),
e.y.get_value().unwrap(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_new = a_p.scalar_mul(&s);
assert!(e_p.x == e_new.x && e_p.y == e_new.y);
@@ -1025,12 +1023,12 @@ mod tests {
let a_p: Point<G1> = Point::new(
a.x.get_value().unwrap(),
a.y.get_value().unwrap(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
a.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_p: Point<G1> = Point::new(
e.x.get_value().unwrap(),
e.y.get_value().unwrap(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
let e_new = a_p.add(&a_p);
assert!(e_p.x == e_new.x && e_p.y == e_new.y);
@@ -1047,7 +1045,7 @@ mod tests {
inputize_allocted_point(&a, cs.namespace(|| "inputize a")).unwrap();
let mut b = a.clone();
b.y = AllocatedNum::alloc(cs.namespace(|| "allocate negation of a"), || {
Ok(G::Base::zero())
Ok(G::Base::ZERO)
})
.unwrap();
inputize_allocted_point(&b, cs.namespace(|| "inputize b")).unwrap();
@@ -1070,7 +1068,7 @@ mod tests {
let e_p: Point<G1> = Point::new(
e.x.get_value().unwrap(),
e.y.get_value().unwrap(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::one(),
e.is_infinity.get_value().unwrap() == <G1 as Group>::Base::ONE,
);
assert!(e_p.is_infinity);
// Make sure that it is satisfiable

37
src/gadgets/nonnative/bignat.rs
View File

@@ -249,7 +249,7 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
Ok(bignat)
}
pub fn as_limbs<CS: ConstraintSystem<Scalar>>(&self) -> Vec<Num<Scalar>> {
pub fn as_limbs(&self) -> Vec<Num<Scalar>> {
let mut limbs = Vec::new();
for (i, lc) in self.limbs.iter().enumerate() {
limbs.push(Num::new(
@@ -364,7 +364,7 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
let carry_bits = (((max_word.to_f64().unwrap() * 2.0).log2() - self.params.limb_width as f64)
.ceil()
+ 0.1) as usize;
let mut carry_in = Num::new(Some(Scalar::zero()), LinearCombination::zero());
let mut carry_in = Num::new(Some(Scalar::ZERO), LinearCombination::zero());
for i in 0..n {
let carry = Num::alloc(cs.namespace(|| format!("carry value {i}")), || {
@@ -449,10 +449,7 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
self_grouped.equal_when_carried(cs.namespace(|| "grouped"), &other_grouped)
}
pub fn add<CS: ConstraintSystem<Scalar>>(
&self,
other: &Self,
) -> Result<BigNat<Scalar>, SynthesisError> {
pub fn add(&self, other: &Self) -> Result<BigNat<Scalar>, SynthesisError> {
self.enforce_limb_width_agreement(other, "add")?;
let n_limbs = max(self.params.n_limbs, other.params.n_limbs);
let max_word = &self.params.max_word + &other.params.max_word;
@@ -617,15 +614,15 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
pub fn group_limbs(&self, limbs_per_group: usize) -> BigNat<Scalar> {
let n_groups = (self.limbs.len() - 1) / limbs_per_group + 1;
let limb_values = self.limb_values.as_ref().map(|vs| {
let mut values: Vec<Scalar> = vec![Scalar::zero(); n_groups];
let mut shift = Scalar::one();
let limb_block = (0..self.params.limb_width).fold(Scalar::one(), |mut l, _| {
let mut values: Vec<Scalar> = vec![Scalar::ZERO; n_groups];
let mut shift = Scalar::ONE;
let limb_block = (0..self.params.limb_width).fold(Scalar::ONE, |mut l, _| {
l = l.double();
l
});
for (i, v) in vs.iter().enumerate() {
if i % limbs_per_group == 0 {
shift = Scalar::one();
shift = Scalar::ONE;
}
let mut a = shift;
a *= v;
@@ -636,14 +633,14 @@ impl<Scalar: PrimeField> BigNat<Scalar> {
});
let limbs = {
let mut limbs: Vec<LinearCombination<Scalar>> = vec![LinearCombination::zero(); n_groups];
let mut shift = Scalar::one();
let limb_block = (0..self.params.limb_width).fold(Scalar::one(), |mut l, _| {
let mut shift = Scalar::ONE;
let limb_block = (0..self.params.limb_width).fold(Scalar::ONE, |mut l, _| {
l = l.double();
l
});
for (i, limb) in self.limbs.iter().enumerate() {
if i % limbs_per_group == 0 {
shift = Scalar::one();
shift = Scalar::ONE;
}
limbs[i / limbs_per_group] =
std::mem::replace(&mut limbs[i / limbs_per_group], LinearCombination::zero())
@@ -689,7 +686,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
let n_product_coeffs = self.coefficients.len() + other.coefficients.len() - 1;
let values = self.values.as_ref().and_then(|self_vs| {
other.values.as_ref().map(|other_vs| {
let mut values: Vec<Scalar> = std::iter::repeat_with(Scalar::zero)
let mut values: Vec<Scalar> = std::iter::repeat_with(|| Scalar::ZERO)
.take(n_product_coeffs)
.collect();
for (self_i, self_v) in self_vs.iter().enumerate() {
@@ -711,14 +708,14 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
coefficients,
values,
};
let one = Scalar::one();
let mut x = Scalar::zero();
let one = Scalar::ONE;
let mut x = Scalar::ZERO;
for _ in 1..(n_product_coeffs + 1) {
x.add_assign(&one);
cs.enforce(
|| format!("pointwise product @ {x:?}"),
|lc| {
let mut i = Scalar::one();
let mut i = Scalar::ONE;
self.coefficients.iter().fold(lc, |lc, c| {
let r = lc + (i, c);
i.mul_assign(&x);
@@ -726,7 +723,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
})
},
|lc| {
let mut i = Scalar::one();
let mut i = Scalar::ONE;
other.coefficients.iter().fold(lc, |lc, c| {
let r = lc + (i, c);
i.mul_assign(&x);
@@ -734,7 +731,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
})
},
|lc| {
let mut i = Scalar::one();
let mut i = Scalar::ONE;
product.coefficients.iter().fold(lc, |lc, c| {
let r = lc + (i, c);
i.mul_assign(&x);
@@ -752,7 +749,7 @@ impl<Scalar: PrimeField> Polynomial<Scalar> {
other.values.as_ref().map(|other_vs| {
(0..n_coeffs)
.map(|i| {
let mut s = Scalar::zero();
let mut s = Scalar::ZERO;
if i < self_vs.len() {
s.add_assign(&self_vs[i]);
}

16
src/gadgets/nonnative/util.rs
View File

@@ -40,9 +40,9 @@ impl<Scalar: PrimeField> Bit<Scalar> {
|| "boolean",
|| {
if *value.grab()? {
Ok(Scalar::one())
Ok(Scalar::ONE)
} else {
Ok(Scalar::zero())
Ok(Scalar::ZERO)
}
},
)?;
@@ -109,9 +109,9 @@ impl<Scalar: PrimeField> Num<Scalar> {
|| format!("bit {i}"),
|| {
let r = if *v.grab()?.get_bit(i).grab()? {
Scalar::one()
Scalar::ONE
} else {
Scalar::zero()
Scalar::ZERO
};
Ok(r)
},
@@ -132,7 +132,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
cs.enforce(
|| "last bit",
|mut lc| {
let mut f = Scalar::one();
let mut f = Scalar::ONE;
lc = lc + &self.num;
for v in bits.iter() {
f = f.double();
@@ -142,7 +142,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
},
|mut lc| {
lc = lc + CS::one();
let mut f = Scalar::one();
let mut f = Scalar::ONE;
lc = lc - &self.num;
for v in bits.iter() {
f = f.double();
@@ -163,7 +163,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
other: &Bitvector<Scalar>,
) -> Result<(), SynthesisError> {
let allocations = other.allocations.clone();
let mut f = Scalar::one();
let mut f = Scalar::ONE;
let sum = allocations
.iter()
.fold(LinearCombination::zero(), |lc, bit| {
@@ -196,7 +196,7 @@ impl<Scalar: PrimeField> Num<Scalar> {
)
})
.collect::<Result<Vec<_>, _>>()?;
let mut f = Scalar::one();
let mut f = Scalar::ONE;
let sum = allocations
.iter()
.fold(LinearCombination::zero(), |lc, bit| {

16
src/gadgets/r1cs.rs
View File

@@ -106,7 +106,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
cs.namespace(|| "allocate X[0]"),
|| {
Ok(f_to_nat(
&inst.clone().map_or(G::Scalar::zero(), |inst| inst.X[0]),
&inst.clone().map_or(G::Scalar::ZERO, |inst| inst.X[0]),
))
},
limb_width,
@@ -117,7 +117,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
cs.namespace(|| "allocate X[1]"),
|| {
Ok(f_to_nat(
&inst.clone().map_or(G::Scalar::zero(), |inst| inst.X[1]),
&inst.clone().map_or(G::Scalar::ZERO, |inst| inst.X[1]),
))
},
limb_width,
@@ -141,14 +141,14 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
let X0 = BigNat::alloc_from_nat(
cs.namespace(|| "allocate x_default[0]"),
|| Ok(f_to_nat(&G::Scalar::zero())),
|| Ok(f_to_nat(&G::Scalar::ZERO)),
limb_width,
n_limbs,
)?;
let X1 = BigNat::alloc_from_nat(
cs.namespace(|| "allocate x_default[1]"),
|| Ok(f_to_nat(&G::Scalar::zero())),
|| Ok(f_to_nat(&G::Scalar::ZERO)),
limb_width,
n_limbs,
)?;
@@ -208,7 +208,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Analyze X0 as limbs
let X0_bn = self
.X0
.as_limbs::<CS>()
.as_limbs()
.iter()
.enumerate()
.map(|(i, limb)| {
@@ -224,7 +224,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Analyze X1 as limbs
let X1_bn = self
.X1
.as_limbs::<CS>()
.as_limbs()
.iter()
.enumerate()
.map(|(i, limb)| {
@@ -310,7 +310,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Fold self.X[0] + r * X[0]
let (_, r_0) = X0_bn.mult_mod(cs.namespace(|| "r*X[0]"), &r_bn, &m_bn)?;
// add X_r[0]
let r_new_0 = self.X0.add::<CS>(&r_0)?;
let r_new_0 = self.X0.add(&r_0)?;
// Now reduce
let X0_fold = r_new_0.red_mod(cs.namespace(|| "reduce folded X[0]"), &m_bn)?;
@@ -325,7 +325,7 @@ impl<G: Group> AllocatedRelaxedR1CSInstance<G> {
// Fold self.X[1] + r * X[1]
let (_, r_1) = X1_bn.mult_mod(cs.namespace(|| "r*X[1]"), &r_bn, &m_bn)?;
// add X_r[1]
let r_new_1 = self.X1.add::<CS>(&r_1)?;
let r_new_1 = self.X1.add(&r_1)?;
// Now reduce
let X1_fold = r_new_1.red_mod(cs.namespace(|| "reduce folded X[1]"), &m_bn)?;

50
src/gadgets/utils.rs
View File

@@ -24,8 +24,8 @@ where
// We loop over the input bits and construct the constraint
// and the field element that corresponds to the result
let mut lc = LinearCombination::zero();
let mut coeff = Scalar::one();
let mut fe = Some(Scalar::zero());
let mut coeff = Scalar::ONE;
let mut fe = Some(Scalar::ZERO);
for bit in bits.iter() {
lc = lc + (coeff, bit.get_variable());
fe = bit.get_value().map(|val| {
@@ -49,7 +49,7 @@ where
pub fn alloc_zero<F: PrimeField, CS: ConstraintSystem<F>>(
mut cs: CS,
) -> Result<AllocatedNum<F>, SynthesisError> {
let zero = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::zero()))?;
let zero = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::ZERO))?;
cs.enforce(
|| "check zero is valid",
|lc| lc,
@@ -63,7 +63,7 @@ pub fn alloc_zero<F: PrimeField, CS: ConstraintSystem<F>>(
pub fn alloc_one<F: PrimeField, CS: ConstraintSystem<F>>(
mut cs: CS,
) -> Result<AllocatedNum<F>, SynthesisError> {
let one = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::one()))?;
let one = AllocatedNum::alloc(cs.namespace(|| "alloc"), || Ok(F::ONE))?;
cs.enforce(
|| "check one is valid",
|lc| lc + CS::one(),
@@ -85,9 +85,9 @@ where
CS: ConstraintSystem<<G as Group>::Base>,
{
AllocatedNum::alloc(cs.namespace(|| "allocate scalar as base"), || {
let input_bits = input.unwrap_or_else(G::Scalar::zero).clone().to_le_bits();
let mut mult = G::Base::one();
let mut val = G::Base::zero();
let input_bits = input.unwrap_or(G::Scalar::ZERO).clone().to_le_bits();
let mut mult = G::Base::ONE;
let mut val = G::Base::ZERO;
for bit in input_bits {
if bit {
val += mult;
@@ -101,8 +101,8 @@ where
/// interepret scalar as base
pub fn scalar_as_base<G: Group>(input: G::Scalar) -> G::Base {
let input_bits = input.to_le_bits();
let mut mult = G::Base::one();
let mut val = G::Base::zero();
let mut mult = G::Base::ONE;
let mut val = G::Base::ZERO;
for bit in input_bits {
if bit {
val += mult;
@@ -159,7 +159,7 @@ pub fn alloc_num_equals<F: PrimeField, CS: ConstraintSystem<F>>(
let t = AllocatedNum::alloc(cs.namespace(|| "t"), || {
Ok(if *a.get_value().get()? == *b.get_value().get()? {
F::one()
F::ONE
} else {
(*a.get_value().get()? - *b.get_value().get()?)
.invert()
@@ -204,7 +204,7 @@ pub fn conditionally_select<F: PrimeField, CS: ConstraintSystem<F>>(
cs.enforce(
|| "conditional select constraint",
|lc| lc + a.get_variable() - b.get_variable(),
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + c.get_variable() - b.get_variable(),
);
@@ -254,7 +254,7 @@ pub fn conditionally_select_bignat<F: PrimeField, CS: ConstraintSystem<F>>(
cs.enforce(
|| format!("conditional select constraint {i}"),
|lc| lc + &a.limbs[i] - &b.limbs[i],
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + &c.limbs[i] - &b.limbs[i],
);
}
@@ -270,7 +270,7 @@ pub fn conditionally_select2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
if *condition.get_value().get()? == F::ONE {
Ok(*a.get_value().get()?)
} else {
Ok(*b.get_value().get()?)
@@ -296,8 +296,8 @@ pub fn select_zero_or_num2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
Ok(F::zero())
if *condition.get_value().get()? == F::ONE {
Ok(F::ZERO)
} else {
Ok(*a.get_value().get()?)
}
@@ -321,10 +321,10 @@ pub fn select_num_or_zero2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
if *condition.get_value().get()? == F::ONE {
Ok(*a.get_value().get()?)
} else {
Ok(F::zero())
Ok(F::ZERO)
}
})?;
@@ -348,14 +348,14 @@ pub fn select_num_or_zero<F: PrimeField, CS: ConstraintSystem<F>>(
if *condition.get_value().get()? {
Ok(*a.get_value().get()?)
} else {
Ok(F::zero())
Ok(F::ZERO)
}
})?;
cs.enforce(
|| "conditional select constraint",
|lc| lc + a.get_variable(),
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + c.get_variable(),
);
@@ -369,8 +369,8 @@ pub fn select_one_or_num2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
Ok(F::one())
if *condition.get_value().get()? == F::ONE {
Ok(F::ONE)
} else {
Ok(*a.get_value().get()?)
}
@@ -393,8 +393,8 @@ pub fn select_one_or_diff2<F: PrimeField, CS: ConstraintSystem<F>>(
condition: &AllocatedNum<F>,
) -> Result<AllocatedNum<F>, SynthesisError> {
let c = AllocatedNum::alloc(cs.namespace(|| "conditional select result"), || {
if *condition.get_value().get()? == F::one() {
Ok(F::one())
if *condition.get_value().get()? == F::ONE {
Ok(F::ONE)
} else {
Ok(*a.get_value().get()? - *b.get_value().get()?)
}
@@ -419,14 +419,14 @@ pub fn select_num_or_one<F: PrimeField, CS: ConstraintSystem<F>>(
if *condition.get_value().get()? {
Ok(*a.get_value().get()?)
} else {
Ok(F::one())
Ok(F::ONE)
}
})?;
cs.enforce(
|| "conditional select constraint",
|lc| lc + a.get_variable() - CS::one(),
|_| condition.lc(CS::one(), F::one()),
|_| condition.lc(CS::one(), F::ONE),
|lc| lc + c.get_variable() - CS::one(),
);