Add constraints for relevant curves (#3)

bls12_377/src/constraints/curves.rs

@@ -0,0 +1,29 @@
+use crate::Parameters;
+use ark_r1cs_std::groups::bls12;
+
+/// An element of G1 in the BLS12-377 bilinear group.
+pub type G1Var = bls12::G1Var<Parameters>;
+/// An element of G2 in the BLS12-377 bilinear group.
+pub type G2Var = bls12::G2Var<Parameters>;
+
+/// Represents the cached precomputation that can be performed on a G1 element
+/// which enables speeding up pairing computation.
+pub type G1PreparedVar = bls12::G1PreparedVar<Parameters>;
+/// Represents the cached precomputation that can be performed on a G2 element
+/// which enables speeding up pairing computation.
+pub type G2PreparedVar = bls12::G2PreparedVar<Parameters>;
+
+#[test]
+fn test() {
+    use ark_ec::models::bls12::Bls12Parameters;
+    ark_curve_constraint_tests::curves::sw_test::<
+        <Parameters as Bls12Parameters>::G1Parameters,
+        G1Var,
+    >()
+    .unwrap();
+    ark_curve_constraint_tests::curves::sw_test::<
+        <Parameters as Bls12Parameters>::G2Parameters,
+        G2Var,
+    >()
+    .unwrap();
+}

bls12_377/src/constraints/fields.rs

@@ -0,0 +1,32 @@
+use crate::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
+
+use ark_r1cs_std::fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, fp6_3over2::Fp6Var};
+
+/// A variable that is the R1CS equivalent of `crate::Fq`.
+pub type FqVar = FpVar<Fq>;
+
+/// A variable that is the R1CS equivalent of `crate::Fq2`.
+pub type Fq2Var = Fp2Var<Fq2Parameters>;
+/// A variable that is the R1CS equivalent of `crate::Fq6`.
+pub type Fq6Var = Fp6Var<Fq6Parameters>;
+/// A variable that is the R1CS equivalent of `crate::Fq12`.
+pub type Fq12Var = Fp12Var<Fq12Parameters>;
+
+#[test]
+fn bls12_377_field_test() {
+    use super::*;
+    use crate::{Fq, Fq12, Fq2, Fq6};
+    use ark_curve_constraint_tests::fields::*;
+
+    field_test::<_, _, FqVar>().unwrap();
+    frobenius_tests::<Fq, _, FqVar>(13).unwrap();
+
+    field_test::<_, _, Fq2Var>().unwrap();
+    frobenius_tests::<Fq2, _, Fq2Var>(13).unwrap();
+
+    field_test::<_, _, Fq6Var>().unwrap();
+    frobenius_tests::<Fq6, _, Fq6Var>(13).unwrap();
+
+    field_test::<_, _, Fq12Var>().unwrap();
+    frobenius_tests::<Fq12, _, Fq12Var>(13).unwrap();
+}

bls12_377/src/constraints/mod.rs

@@ -0,0 +1,163 @@
+//! This module implements the R1CS equivalent of `crate`.
+//!
+//! It implements field variables for `crate::{Fq, Fq2, Fq6, Fq12}`,
+//! group variables for `crate::{G1, G2}`, and implements constraint
+//! generation for computing `Bls12_377::pairing`.
+//!
+//! The field underlying these constraints is `crate::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
+//! use ark_ff::UniformRand;
+//! use ark_relations::r1cs::*;
+//! use ark_r1cs_std::prelude::*;
+//! use ark_bls12_377::{*, constraints::*};
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = ark_ff::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(ark_relations::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(ark_relations::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
+//!
+//! ```
+//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
+//! # use ark_ff::UniformRand;
+//! # use ark_relations::r1cs::*;
+//! # use ark_r1cs_std::prelude::*;
+//! # use ark_bls12_377::{*, constraints::*};
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = ark_ff::test_rng();
+//!
+//! // Generate some random `G1` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G1Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G1Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G1Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `G1`.
+//! let zero = G1Var::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! Finally, one can check pairing computations as well:
+//!
+//! ```
+//! # fn main() -> Result<(), ark_relations::r1cs::SynthesisError> {
+//! # use ark_ff::UniformRand;
+//! # use ark_ec::PairingEngine;
+//! # use ark_relations::r1cs::*;
+//! # use ark_r1cs_std::prelude::*;
+//! # use ark_bls12_377::{*, constraints::*};
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = ark_ff::test_rng();
+//!
+//! // Generate random `G1` and `G2` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G2Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(ark_relations::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G2Var::new_witness(ark_relations::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(ark_relations::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G2Var::new_constant(ark_relations::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let pairing_result_native = Bls12_377::pairing(a_native, b_native);
+//!
+//! // Prepare `a` and `b` for pairing.
+//! let a_prep = constraints::PairingVar::prepare_g1(&a)?;
+//! let b_prep = constraints::PairingVar::prepare_g2(&b)?;
+//! let pairing_result = constraints::PairingVar::pairing(a_prep, b_prep)?;
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! let a_prep_const = constraints::PairingVar::prepare_g1(&a_const)?;
+//! let b_prep_const = constraints::PairingVar::prepare_g2(&b_const)?;
+//! let pairing_result_const = constraints::PairingVar::pairing(a_prep_const, b_prep_const)?;
+//! println!("Done here 3");
+//!
+//! pairing_result.enforce_equal(&pairing_result_const)?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
+mod fields;
+pub use fields::*;
+
+#[cfg(feature = "curve")]
+mod curves;
+#[cfg(feature = "curve")]
+mod pairing;
+
+#[cfg(feature = "curve")]
+pub use curves::*;
+#[cfg(feature = "curve")]
+pub use pairing::*;

bls12_377/src/constraints/pairing.rs

@@ -0,0 +1,10 @@
+use crate::Parameters;
+
+/// Specifies the constraints for computing a pairing in the BLS12-377 bilinear group.
+pub type PairingVar = ark_r1cs_std::pairing::bls12::PairingVar<Parameters>;
+
+#[test]
+fn test() {
+    use crate::Bls12_377;
+    ark_curve_constraint_tests::pairing::bilinearity_test::<Bls12_377, PairingVar>().unwrap()
+}

bls12_377/src/lib.rs

@@ -29,6 +29,9 @@ mod curves;
 
 mod fields;
 
+#[cfg(feature = "r1cs")]
+pub mod constraints;
+
 #[cfg(feature = "curve")]
 pub use curves::*;