output h2 as AllocatedNum (#31)

* output h2 as AllocatedNum * clippy
2026-01-10 16:11:29 +01:00 · 2022-04-15 16:59:41 -07:00
parent 9a0f5604d6
commit dcea0be01f
2 changed files with 36 additions and 29 deletions
--- a/src/circuit.rs
+++ b/src/circuit.rs
@@ -54,7 +54,7 @@ where
  G: Group,
 {
  h1: G::Base,
-  h2: G::Scalar,
+  h2: G::Base,
  u2: RelaxedR1CSInstance<G>,
  i: G::Base,
  z0: G::Base,
@@ -76,7 +76,7 @@ where
    i: G::Base,
    z0: G::Base,
    zi: G::Base,
-    h2: G::Scalar,
+    h2: G::Base,
    params: G::Base,
    T: Commitment<G>,
    w: Commitment<G>,
@@ -145,21 +145,6 @@ where
    self,
    cs: &mut CS,
  ) -> Result<(), SynthesisError> {
-    /***********************************************************************/
-    // This circuit does not modify h2 but it outputs it.
-    // Allocate it and output it.
-    /***********************************************************************/
-
-    // Allocate h2 as a big number with 8 limbs
-    let h2_bn = BigNat::alloc_from_nat(
-      cs.namespace(|| "allocate h2"),
-      || Ok(f_to_nat(&self.inputs.get()?.h2)),
-      self.params.limb_width,
-      self.params.n_limbs,
-    )?;
-
-    let _ = h2_bn.inputize(cs.namespace(|| "Output 1"))?;
-
    /***********************************************************************/
    // Allocate h1
    /***********************************************************************/
@@ -172,6 +157,22 @@ where
      self.params.n_limbs,
    )?;

+    /***********************************************************************/
+    // This circuit does not modify h2 but it outputs it.
+    // Allocate it and output it.
+    /***********************************************************************/
+
+    // Allocate h2 as a big number with 8 limbs
+    let h2 = AllocatedNum::alloc(cs.namespace(|| "allocate h2"), || Ok(self.inputs.get()?.h2))?;
+    let h2_bn = BigNat::from_num(
+      cs.namespace(|| "allocate h2_bn"),
+      Num::from(h2.clone()),
+      self.params.limb_width,
+      self.params.n_limbs,
+    )?;
+
+    let _ = h2.inputize(cs.namespace(|| "Output 1"))?;
+
    /***********************************************************************/
    // Allocate u2 by allocating W_r, E_r, u_r, X_r
    /***********************************************************************/
@@ -291,8 +292,6 @@ where

    // Allocate 0 and 1
    let zero = alloc_zero(cs.namespace(|| "zero"))?;
-    // Hack: We just do this because the number of inputs must be even!!
-    zero.inputize(cs.namespace(|| "allocate zero as input"))?;
    let one = alloc_one(cs.namespace(|| "one"))?;

    // Compute default values of U2':
@@ -325,13 +324,7 @@ where
    let mut ro: PoseidonROGadget<G::Base> = PoseidonROGadget::new(self.poseidon_constants.clone());

    ro.absorb(h1.clone());
-    // absorb each of the limbs of h2
-    // TODO: Check if it is more efficient to treat h2 as allocNum
-    for (i, limb) in h2_bn.as_limbs::<CS>().iter().enumerate() {
-      let limb_num = limb
-        .as_sapling_allocated_num(cs.namespace(|| format!("convert limb {} of h2 to num", i)))?;
-      ro.absorb(limb_num);
-    }
+    ro.absorb(h2);
    ro.absorb(W.x.clone());
    ro.absorb(W.y.clone());
    ro.absorb(W.is_infinity.clone());
@@ -684,7 +677,7 @@ mod tests {
      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
-      <<G2 as Group>::Scalar as Field>::zero(), // TODO: provide real inputs
+      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
      <<G2 as Group>::Base as Field>::zero(), // TODO: provide real inputs
      T,                                      // TODO: provide real inputs
      w,
--- a/src/poseidon.rs
+++ b/src/poseidon.rs
@@ -7,7 +7,7 @@ use bellperson::{
  ConstraintSystem, SynthesisError,
 };
 use ff::{PrimeField, PrimeFieldBits};
-use generic_array::typenum::{U25, U27, U31};
+use generic_array::typenum::{U24, U25, U27, U31};
 use neptune::{
  circuit::poseidon_hash,
  poseidon::{Poseidon, PoseidonConstants},
@@ -22,6 +22,7 @@ pub struct NovaPoseidonConstants<F>
 where
  F: PrimeField,
 {
+  constants24: PoseidonConstants<F, U24>,
  constants25: PoseidonConstants<F, U25>,
  constants27: PoseidonConstants<F, U27>,
  constants31: PoseidonConstants<F, U31>,
@@ -34,10 +35,12 @@ where
 {
  /// Generate Poseidon constants for the arities that Nova uses
  pub fn new() -> Self {
+    let constants24 = PoseidonConstants::<F, U24>::new_with_strength(Strength::Strengthened);
    let constants25 = PoseidonConstants::<F, U25>::new_with_strength(Strength::Strengthened);
    let constants27 = PoseidonConstants::<F, U27>::new_with_strength(Strength::Strengthened);
    let constants31 = PoseidonConstants::<F, U31>::new_with_strength(Strength::Strengthened);
    Self {
+      constants24,
      constants25,
      constants27,
      constants31,
@@ -82,6 +85,9 @@ where

  fn hash_inner(&mut self) -> Scalar {
    match self.state.len() {
+      24 => {
+        Poseidon::<Scalar, U24>::new_with_preimage(&self.state, &self.constants.constants24).hash()
+      }
      25 => {
        Poseidon::<Scalar, U25>::new_with_preimage(&self.state, &self.constants.constants25).hash()
      }
@@ -170,6 +176,11 @@ where
    CS: ConstraintSystem<Scalar>,
  {
    let out = match self.state.len() {
+      24 => poseidon_hash(
+        cs.namespace(|| "Posideon hash"),
+        self.state.clone(),
+        &self.constants.constants24,
+      )?,
      25 => poseidon_hash(
        cs.namespace(|| "Poseidon hash"),
        self.state.clone(),
@@ -186,7 +197,10 @@ where
        &self.constants.constants31,
      )?,
      _ => {
-        panic!("Number of elements in the RO state does not match any of the arities used in Nova")
+        panic!(
+          "Number of elements in the RO state does not match any of the arities used in Nova {}",
+          self.state.len()
+        )
      }
    };