diff --git a/.hooks/pre-commit b/.hooks/pre-commit index b8a7c30..8d4d19f 100755 --- a/.hooks/pre-commit +++ b/.hooks/pre-commit @@ -13,7 +13,7 @@ problem_files=() # collect ill-formatted files for file in $(git diff --name-only --cached); do if [ ${file: -3} == ".rs" ]; then - rustfmt +nightly --check $file &>/dev/null + rustfmt +stable --check $file &>/dev/null if [ $? != 0 ]; then problem_files+=($file) fi @@ -27,7 +27,7 @@ else # reformat the files that need it and re-stage them. printf "[pre_commit] the following files were rustfmt'd before commit: \n" for file in ${problem_files[@]}; do - rustfmt $file + rustfmt +stable $file git add $file printf "\033[0;32m $file\033[0m \n" done diff --git a/cp-benches/benches/crypto_primitives/nizk.rs b/cp-benches/benches/crypto_primitives/nizk.rs index ac68acd..991a405 100644 --- a/cp-benches/benches/crypto_primitives/nizk.rs +++ b/cp-benches/benches/crypto_primitives/nizk.rs @@ -11,7 +11,7 @@ use rand::{thread_rng, Rng}; type TestProofSystem = Gm17, Fr>; struct Bench { - inputs: Vec>, + inputs: Vec>, num_constraints: usize, } diff --git a/crypto-primitives/src/commitment/injective_map/constraints.rs b/crypto-primitives/src/commitment/injective_map/constraints.rs index 91c30a2..2afe0bc 100644 --- a/crypto-primitives/src/commitment/injective_map/constraints.rs +++ b/crypto-primitives/src/commitment/injective_map/constraints.rs @@ -26,9 +26,9 @@ where GG: GroupGadget, IG: InjectiveMapGadget, { - _compressor: PhantomData, + _compressor: PhantomData, _compressor_gadget: PhantomData, - _crh: PedersenCommitmentGadget, + _crh: PedersenCommitmentGadget, } impl CommitmentGadget, ConstraintF> diff --git a/crypto-primitives/src/commitment/injective_map/mod.rs b/crypto-primitives/src/commitment/injective_map/mod.rs index 83d9242..cbb41c5 100644 --- a/crypto-primitives/src/commitment/injective_map/mod.rs +++ b/crypto-primitives/src/commitment/injective_map/mod.rs @@ -13,9 +13,9 @@ use algebra_core::groups::Group; pub mod constraints; pub struct PedersenCommCompressor, W: PedersenWindow> { - _group: PhantomData, + _group: PhantomData, _compressor: PhantomData, - _comm: PedersenCommitment, + _comm: PedersenCommitment, } impl, W: PedersenWindow> CommitmentScheme diff --git a/crypto-primitives/src/commitment/pedersen/constraints.rs b/crypto-primitives/src/commitment/pedersen/constraints.rs index 20cf766..3b591e8 100644 --- a/crypto-primitives/src/commitment/pedersen/constraints.rs +++ b/crypto-primitives/src/commitment/pedersen/constraints.rs @@ -15,9 +15,9 @@ use r1cs_std::prelude::*; #[derive(Derivative)] #[derivative(Clone(bound = "G: Group, W: PedersenWindow, ConstraintF: Field"))] pub struct PedersenCommitmentGadgetParameters { - params: PedersenParameters, + params: PedersenParameters, #[doc(hidden)] - _group: PhantomData, + _group: PhantomData, #[doc(hidden)] _engine: PhantomData, #[doc(hidden)] @@ -109,8 +109,8 @@ where let parameters = temp.borrow().clone(); Ok(PedersenCommitmentGadgetParameters { - params: parameters, - _group: PhantomData, + params: parameters, + _group: PhantomData, _engine: PhantomData, _window: PhantomData, }) @@ -128,8 +128,8 @@ where let parameters = temp.borrow().clone(); Ok(PedersenCommitmentGadgetParameters { - params: parameters, - _group: PhantomData, + params: parameters, + _group: PhantomData, _engine: PhantomData, _window: PhantomData, }) diff --git a/crypto-primitives/src/commitment/pedersen/mod.rs b/crypto-primitives/src/commitment/pedersen/mod.rs index cc729d0..369c19b 100644 --- a/crypto-primitives/src/commitment/pedersen/mod.rs +++ b/crypto-primitives/src/commitment/pedersen/mod.rs @@ -23,11 +23,11 @@ pub mod constraints; #[derive(Clone)] pub struct PedersenParameters { pub randomness_generator: Vec, - pub generators: Vec>, + pub generators: Vec>, } pub struct PedersenCommitment { - group: PhantomData, + group: PhantomData, window: PhantomData, } diff --git a/crypto-primitives/src/crh/bowe_hopwood/constraints.rs b/crypto-primitives/src/crh/bowe_hopwood/constraints.rs index eaba73f..5a077ec 100644 --- a/crypto-primitives/src/crh/bowe_hopwood/constraints.rs +++ b/crypto-primitives/src/crh/bowe_hopwood/constraints.rs @@ -21,10 +21,10 @@ pub struct BoweHopwoodPedersenCRHGadgetParameters< ConstraintF: Field, GG: GroupGadget, > { - params: BoweHopwoodPedersenParameters, + params: BoweHopwoodPedersenParameters, _group_g: PhantomData, - _engine: PhantomData, - _window: PhantomData, + _engine: PhantomData, + _window: PhantomData, } pub struct BoweHopwoodPedersenCRHGadget< @@ -32,9 +32,9 @@ pub struct BoweHopwoodPedersenCRHGadget< ConstraintF: Field, GG: GroupGadget, > { - _group: PhantomData<*const G>, + _group: PhantomData<*const G>, _group_gadget: PhantomData<*const GG>, - _engine: PhantomData, + _engine: PhantomData, } impl FixedLengthCRHGadget, ConstraintF> diff --git a/crypto-primitives/src/crh/bowe_hopwood/mod.rs b/crypto-primitives/src/crh/bowe_hopwood/mod.rs index a0ad3c4..f7d9681 100644 --- a/crypto-primitives/src/crh/bowe_hopwood/mod.rs +++ b/crypto-primitives/src/crh/bowe_hopwood/mod.rs @@ -23,7 +23,7 @@ pub struct BoweHopwoodPedersenParameters { } pub struct BoweHopwoodPedersenCRH { - group: PhantomData, + group: PhantomData, window: PhantomData, } diff --git a/crypto-primitives/src/crh/injective_map/constraints.rs b/crypto-primitives/src/crh/injective_map/constraints.rs index 29bf585..599e5f3 100644 --- a/crypto-primitives/src/crh/injective_map/constraints.rs +++ b/crypto-primitives/src/crh/injective_map/constraints.rs @@ -97,9 +97,9 @@ where GG: GroupGadget, IG: InjectiveMapGadget, { - _compressor: PhantomData, + _compressor: PhantomData, _compressor_gadget: PhantomData, - _crh: PedersenCRHGadget, + _crh: PedersenCRHGadget, } impl FixedLengthCRHGadget, ConstraintF> diff --git a/crypto-primitives/src/crh/injective_map/mod.rs b/crypto-primitives/src/crh/injective_map/mod.rs index 64bcb9e..0f88f28 100644 --- a/crypto-primitives/src/crh/injective_map/mod.rs +++ b/crypto-primitives/src/crh/injective_map/mod.rs @@ -46,9 +46,9 @@ impl InjectiveMap> for TECompressor { } pub struct PedersenCRHCompressor, W: PedersenWindow> { - _group: PhantomData, + _group: PhantomData, _compressor: PhantomData, - _crh: PedersenCRH, + _crh: PedersenCRH, } impl, W: PedersenWindow> FixedLengthCRH diff --git a/crypto-primitives/src/crh/pedersen/constraints.rs b/crypto-primitives/src/crh/pedersen/constraints.rs index 6ec30df..4404e2d 100644 --- a/crypto-primitives/src/crh/pedersen/constraints.rs +++ b/crypto-primitives/src/crh/pedersen/constraints.rs @@ -18,19 +18,19 @@ pub struct PedersenCRHGadgetParameters< ConstraintF: Field, GG: GroupGadget, > { - params: PedersenParameters, + params: PedersenParameters, _group_g: PhantomData, - _engine: PhantomData, - _window: PhantomData, + _engine: PhantomData, + _window: PhantomData, } pub struct PedersenCRHGadget> { #[doc(hideen)] - _group: PhantomData<*const G>, + _group: PhantomData<*const G>, #[doc(hideen)] _group_gadget: PhantomData<*const GG>, #[doc(hideen)] - _engine: PhantomData, + _engine: PhantomData, } impl FixedLengthCRHGadget, ConstraintF> diff --git a/crypto-primitives/src/crh/pedersen/mod.rs b/crypto-primitives/src/crh/pedersen/mod.rs index 5f01c50..d1d6000 100644 --- a/crypto-primitives/src/crh/pedersen/mod.rs +++ b/crypto-primitives/src/crh/pedersen/mod.rs @@ -25,7 +25,7 @@ pub struct PedersenParameters { } pub struct PedersenCRH { - group: PhantomData, + group: PhantomData, window: PhantomData, } diff --git a/crypto-primitives/src/merkle_tree/mod.rs b/crypto-primitives/src/merkle_tree/mod.rs index ecc8745..2861def 100644 --- a/crypto-primitives/src/merkle_tree/mod.rs +++ b/crypto-primitives/src/merkle_tree/mod.rs @@ -82,13 +82,13 @@ impl MerkleTreePath

{ } pub struct MerkleHashTree { - tree: Vec<::Output>, + tree: Vec<::Output>, padding_tree: Vec<( ::Output, ::Output, )>, - parameters: ::Parameters, - root: Option<::Output>, + parameters: ::Parameters, + root: Option<::Output>, } impl MerkleHashTree

{ @@ -248,7 +248,7 @@ impl core::fmt::Display for MerkleTreeError { let msg = match self { MerkleTreeError::IncorrectLeafIndex(index) => { format!("incorrect leaf index: {}", index) - }, + } MerkleTreeError::IncorrectPathLength(len) => format!("incorrect path length: {}", len), }; write!(f, "{}", msg) diff --git a/crypto-primitives/src/nizk/gm17/constraints.rs b/crypto-primitives/src/nizk/gm17/constraints.rs index fdf2361..dc95a8a 100644 --- a/crypto-primitives/src/nizk/gm17/constraints.rs +++ b/crypto-primitives/src/nizk/gm17/constraints.rs @@ -28,12 +28,12 @@ pub struct VerifyingKeyGadget< ConstraintF: Field, P: PairingGadget, > { - pub h_g2: P::G2Gadget, + pub h_g2: P::G2Gadget, pub g_alpha_g1: P::G1Gadget, - pub h_beta_g2: P::G2Gadget, + pub h_beta_g2: P::G2Gadget, pub g_gamma_g1: P::G1Gadget, pub h_gamma_g2: P::G2Gadget, - pub query: Vec, + pub query: Vec, } impl> @@ -72,14 +72,14 @@ pub struct PreparedVerifyingKeyGadget< ConstraintF: Field, P: PairingGadget, > { - pub g_alpha: P::G1Gadget, - pub h_beta: P::G2Gadget, + pub g_alpha: P::G1Gadget, + pub h_beta: P::G2Gadget, pub g_alpha_pc: P::G1PreparedGadget, - pub h_beta_pc: P::G2PreparedGadget, + pub h_beta_pc: P::G2PreparedGadget, pub g_gamma_pc: P::G1PreparedGadget, pub h_gamma_pc: P::G2PreparedGadget, - pub h_pc: P::G2PreparedGadget, - pub query: Vec, + pub h_pc: P::G2PreparedGadget, + pub query: Vec, } pub struct Gm17VerifierGadget @@ -89,7 +89,7 @@ where P: PairingGadget, { _pairing_engine: PhantomData, - _engine: PhantomData, + _engine: PhantomData, _pairing_gadget: PhantomData

, } @@ -412,7 +412,7 @@ mod test { type TestVkGadget = VerifyingKeyGadget; struct Bench { - inputs: Vec>, + inputs: Vec>, num_constraints: usize, } @@ -564,7 +564,7 @@ mod test_recursive { #[derive(Clone)] struct Bench { - inputs: Vec>, + inputs: Vec>, num_constraints: usize, } @@ -612,7 +612,7 @@ mod test_recursive { struct Wrapper { inputs: Vec>, params: Parameters, - proof: Proof, + proof: Proof, } impl ConstraintSynthesizer for Wrapper { @@ -709,7 +709,7 @@ mod test_recursive { let c = Wrapper { inputs: inputs.clone(), params: inner_params.clone(), - proof: inner_proof.clone(), + proof: inner_proof.clone(), }; generate_random_parameters(c, rng).unwrap() @@ -722,7 +722,7 @@ mod test_recursive { let c = Wrapper { inputs: inputs.clone(), params: inner_params.clone(), - proof: inner_proof.clone(), + proof: inner_proof.clone(), }; // Create a groth16 proof with our parameters. create_random_proof(c, ¶ms, rng).unwrap() diff --git a/crypto-primitives/src/nizk/gm17/mod.rs b/crypto-primitives/src/nizk/gm17/mod.rs index 80732a3..82c312c 100644 --- a/crypto-primitives/src/nizk/gm17/mod.rs +++ b/crypto-primitives/src/nizk/gm17/mod.rs @@ -23,9 +23,9 @@ pub struct Gm17< V: ToConstraintField + ?Sized, > { #[doc(hidden)] - _engine: PhantomData, + _engine: PhantomData, #[doc(hidden)] - _circuit: PhantomData, + _circuit: PhantomData, #[doc(hidden)] _verifier_input: PhantomData, } diff --git a/crypto-primitives/src/nizk/groth16/constraints.rs b/crypto-primitives/src/nizk/groth16/constraints.rs index dfb9b74..e238185 100644 --- a/crypto-primitives/src/nizk/groth16/constraints.rs +++ b/crypto-primitives/src/nizk/groth16/constraints.rs @@ -28,10 +28,10 @@ pub struct VerifyingKeyGadget< ConstraintF: Field, P: PairingGadget, > { - pub alpha_g1: P::G1Gadget, - pub beta_g2: P::G2Gadget, - pub gamma_g2: P::G2Gadget, - pub delta_g2: P::G2Gadget, + pub alpha_g1: P::G1Gadget, + pub beta_g2: P::G2Gadget, + pub gamma_g2: P::G2Gadget, + pub delta_g2: P::G2Gadget, pub gamma_abc_g1: Vec, } @@ -78,9 +78,9 @@ pub struct PreparedVerifyingKeyGadget< P: PairingGadget, > { pub alpha_g1_beta_g2: P::GTGadget, - pub gamma_g2_neg_pc: P::G2PreparedGadget, - pub delta_g2_neg_pc: P::G2PreparedGadget, - pub gamma_abc_g1: Vec, + pub gamma_g2_neg_pc: P::G2PreparedGadget, + pub delta_g2_neg_pc: P::G2PreparedGadget, + pub gamma_abc_g1: Vec, } pub struct Groth16VerifierGadget @@ -90,7 +90,7 @@ where P: PairingGadget, { _pairing_engine: PhantomData, - _engine: PhantomData, + _engine: PhantomData, _pairing_gadget: PhantomData

, } @@ -359,7 +359,7 @@ mod test { type TestVkGadget = VerifyingKeyGadget; struct Bench { - inputs: Vec>, + inputs: Vec>, num_constraints: usize, } @@ -511,7 +511,7 @@ mod test_recursive { #[derive(Clone)] struct Bench { - inputs: Vec>, + inputs: Vec>, num_constraints: usize, } @@ -559,7 +559,7 @@ mod test_recursive { struct Wrapper { inputs: Vec>, params: Parameters, - proof: Proof, + proof: Proof, } impl ConstraintSynthesizer for Wrapper { @@ -656,7 +656,7 @@ mod test_recursive { let c = Wrapper { inputs: inputs.clone(), params: inner_params.clone(), - proof: inner_proof.clone(), + proof: inner_proof.clone(), }; generate_random_parameters(c, rng).unwrap() @@ -669,7 +669,7 @@ mod test_recursive { let c = Wrapper { inputs: inputs.clone(), params: inner_params.clone(), - proof: inner_proof.clone(), + proof: inner_proof.clone(), }; // Create a groth16 proof with our parameters. create_random_proof(c, ¶ms, rng).unwrap() diff --git a/crypto-primitives/src/nizk/groth16/mod.rs b/crypto-primitives/src/nizk/groth16/mod.rs index ba9062f..44faec9 100644 --- a/crypto-primitives/src/nizk/groth16/mod.rs +++ b/crypto-primitives/src/nizk/groth16/mod.rs @@ -23,9 +23,9 @@ pub struct Groth16< V: ToConstraintField + ?Sized, > { #[doc(hidden)] - _engine: PhantomData, + _engine: PhantomData, #[doc(hidden)] - _circuit: PhantomData, + _circuit: PhantomData, #[doc(hidden)] _verifier_input: PhantomData, } diff --git a/crypto-primitives/src/nizk/mod.rs b/crypto-primitives/src/nizk/mod.rs index c003dab..268c824 100644 --- a/crypto-primitives/src/nizk/mod.rs +++ b/crypto-primitives/src/nizk/mod.rs @@ -67,17 +67,17 @@ mod test { #[derive(Copy, Clone)] struct R1CSCircuit { - x: Option, + x: Option, sum: Option, - w: Option, + w: Option, } impl R1CSCircuit { pub(super) fn new(x: Fr, sum: Fr, w: Fr) -> Self { Self { - x: Some(x), + x: Some(x), sum: Some(sum), - w: Some(w), + w: Some(w), } } } diff --git a/crypto-primitives/src/prf/blake2s/constraints.rs b/crypto-primitives/src/prf/blake2s/constraints.rs index 2d779f0..7695f4c 100644 --- a/crypto-primitives/src/prf/blake2s/constraints.rs +++ b/crypto-primitives/src/prf/blake2s/constraints.rs @@ -664,14 +664,14 @@ mod test { match b { Boolean::Is(b) => { assert!(s.next().unwrap() == b.get_value().unwrap()); - }, + } Boolean::Not(b) => { assert!(s.next().unwrap() != b.get_value().unwrap()); - }, + } Boolean::Constant(b) => { assert!(input_len == 0); assert!(s.next().unwrap() == b); - }, + } } } } diff --git a/crypto-primitives/src/prf/blake2s/mod.rs b/crypto-primitives/src/prf/blake2s/mod.rs index 0aa15a5..c1ce030 100644 --- a/crypto-primitives/src/prf/blake2s/mod.rs +++ b/crypto-primitives/src/prf/blake2s/mod.rs @@ -30,17 +30,17 @@ impl PRF for Blake2s { #[derive(Clone)] pub struct Blake2sWithParameterBlock { - pub digest_length: u8, - pub key_length: u8, - pub fan_out: u8, - pub depth: u8, - pub leaf_length: u32, - pub node_offset: u32, + pub digest_length: u8, + pub key_length: u8, + pub fan_out: u8, + pub depth: u8, + pub leaf_length: u32, + pub node_offset: u32, pub xof_digest_length: u16, - pub node_depth: u8, - pub inner_length: u8, - pub salt: [u8; 8], - pub personalization: [u8; 8], + pub node_depth: u8, + pub inner_length: u8, + pub salt: [u8; 8], + pub personalization: [u8; 8], } impl Blake2sWithParameterBlock { diff --git a/crypto-primitives/src/signature/schnorr/constraints.rs b/crypto-primitives/src/signature/schnorr/constraints.rs index 558fcd1..5790659 100644 --- a/crypto-primitives/src/signature/schnorr/constraints.rs +++ b/crypto-primitives/src/signature/schnorr/constraints.rs @@ -12,8 +12,8 @@ use digest::Digest; pub struct SchnorrSigGadgetParameters> { generator: GG, - _group: PhantomData<*const G>, - _engine: PhantomData<*const ConstraintF>, + _group: PhantomData<*const G>, + _engine: PhantomData<*const ConstraintF>, } impl> Clone @@ -22,8 +22,8 @@ impl> Clone fn clone(&self) -> Self { Self { generator: self.generator.clone(), - _group: PhantomData, - _engine: PhantomData, + _group: PhantomData, + _engine: PhantomData, } } } @@ -38,18 +38,18 @@ impl> Clone pub struct SchnorrSigGadgetPk> { pub_key: GG, #[doc(hidden)] - _group: PhantomData<*const G>, + _group: PhantomData<*const G>, #[doc(hidden)] _engine: PhantomData<*const ConstraintF>, } pub struct SchnorrRandomizePkGadget> { #[doc(hidden)] - _group: PhantomData<*const G>, + _group: PhantomData<*const G>, #[doc(hidden)] _group_gadget: PhantomData<*const GG>, #[doc(hidden)] - _engine: PhantomData<*const ConstraintF>, + _engine: PhantomData<*const ConstraintF>, } impl SigRandomizePkGadget, ConstraintF> @@ -81,7 +81,7 @@ where )?; Ok(SchnorrSigGadgetPk { pub_key: rand_pk, - _group: PhantomData, + _group: PhantomData, _engine: PhantomData, }) } diff --git a/crypto-primitives/src/signature/schnorr/mod.rs b/crypto-primitives/src/signature/schnorr/mod.rs index 445ab49..b7519bb 100644 --- a/crypto-primitives/src/signature/schnorr/mod.rs +++ b/crypto-primitives/src/signature/schnorr/mod.rs @@ -15,15 +15,15 @@ pub mod constraints; pub struct SchnorrSignature { _group: PhantomData, - _hash: PhantomData, + _hash: PhantomData, } #[derive(Derivative)] #[derivative(Clone(bound = "G: Group, H: Digest"))] pub struct SchnorrSigParameters { - _hash: PhantomData, + _hash: PhantomData, pub generator: G, - pub salt: [u8; 32], + pub salt: [u8; 32], } pub type SchnorrPublicKey = G; @@ -42,7 +42,7 @@ impl ToBytes for SchnorrSecretKey { #[derive(Derivative)] #[derivative(Clone(bound = "G: Group"), Default(bound = "G: Group"))] pub struct SchnorrSig { - pub prover_response: G::ScalarField, + pub prover_response: G::ScalarField, pub verifier_challenge: G::ScalarField, } @@ -198,7 +198,7 @@ where } let new_sig = SchnorrSig { - prover_response: *prover_response - &(*verifier_challenge * &multiplier), + prover_response: *prover_response - &(*verifier_challenge * &multiplier), verifier_challenge: *verifier_challenge, }; end_timer!(rand_signature_time); diff --git a/r1cs-std/src/bits/boolean.rs b/r1cs-std/src/bits/boolean.rs index 22d2c1c..b696055 100644 --- a/r1cs-std/src/bits/boolean.rs +++ b/r1cs-std/src/bits/boolean.rs @@ -9,7 +9,7 @@ use r1cs_core::{ConstraintSystem, ConstraintVar, LinearCombination, SynthesisErr #[derive(Copy, Clone, Debug)] pub struct AllocatedBit { variable: Variable, - value: Option, + value: Option, } impl AllocatedBit { @@ -69,7 +69,7 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } @@ -108,7 +108,7 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } @@ -145,7 +145,7 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } @@ -183,7 +183,7 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } @@ -221,7 +221,7 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } } @@ -362,7 +362,7 @@ fn cond_select_helper>( ); Ok(AllocatedBit { - value: result_val, + value: result_val, variable: result_var, }) } @@ -400,11 +400,11 @@ impl Boolean { } else { LinearCombination::::zero() } - }, + } Boolean::Is(ref v) => (coeff, v.get_variable()).into(), Boolean::Not(ref v) => { LinearCombination::::zero() + (coeff, one) - (coeff, v.get_variable()) - }, + } } } @@ -458,12 +458,12 @@ impl Boolean { (is @ &Boolean::Is(_), not @ &Boolean::Not(_)) | (not @ &Boolean::Not(_), is @ &Boolean::Is(_)) => { Ok(Boolean::xor(cs, is, ¬.not())?.not()) - }, + } // a XOR b = (NOT a) XOR (NOT b) (&Boolean::Is(ref a), &Boolean::Is(ref b)) | (&Boolean::Not(ref a), &Boolean::Not(ref b)) => { Ok(Boolean::Is(AllocatedBit::xor(cs, a, b)?)) - }, + } } } @@ -477,16 +477,16 @@ impl Boolean { (&Boolean::Constant(false), x) | (x, &Boolean::Constant(false)) => Ok(*x), (&Boolean::Constant(true), _) | (_, &Boolean::Constant(true)) => { Ok(Boolean::Constant(true)) - }, + } // a OR b = NOT ((NOT a) AND b) (a @ &Boolean::Is(_), b @ &Boolean::Not(_)) | (b @ &Boolean::Not(_), a @ &Boolean::Is(_)) | (b @ &Boolean::Not(_), a @ &Boolean::Not(_)) => { Ok(Boolean::and(cs, &a.not(), &b.not())?.not()) - }, + } (&Boolean::Is(ref a), &Boolean::Is(ref b)) => { AllocatedBit::or(cs, a, b).map(Boolean::from) - }, + } } } @@ -504,22 +504,22 @@ impl Boolean { // false AND x is always false (&Boolean::Constant(false), _) | (_, &Boolean::Constant(false)) => { Ok(Boolean::Constant(false)) - }, + } // true AND x is always x (&Boolean::Constant(true), x) | (x, &Boolean::Constant(true)) => Ok(*x), // a AND (NOT b) (&Boolean::Is(ref is), &Boolean::Not(ref not)) | (&Boolean::Not(ref not), &Boolean::Is(ref is)) => { Ok(Boolean::Is(AllocatedBit::and_not(cs, is, not)?)) - }, + } // (NOT a) AND (NOT b) = a NOR b (&Boolean::Not(ref a), &Boolean::Not(ref b)) => { Ok(Boolean::Is(AllocatedBit::nor(cs, a, b)?)) - }, + } // a AND b (&Boolean::Is(ref a), &Boolean::Is(ref b)) => { Ok(Boolean::Is(AllocatedBit::and(cs, a, b)?)) - }, + } } } @@ -559,7 +559,7 @@ impl Boolean { ); Ok(()) - }, + } Boolean::Not(ref res) => { cs.enforce( || "enforce nand", @@ -569,7 +569,7 @@ impl Boolean { ); Ok(()) - }, + } } } @@ -760,25 +760,25 @@ impl ConditionalEqGadget for Boolean { // 1 - a (Constant(true), Is(a)) | (Is(a), Constant(true)) => { LinearCombination::zero() + one - a.get_variable() - }, + } // a - 0 = a (Constant(false), Is(a)) | (Is(a), Constant(false)) => { LinearCombination::zero() + a.get_variable() - }, + } // 1 - !a = 1 - (1 - a) = a (Constant(true), Not(a)) | (Not(a), Constant(true)) => { LinearCombination::zero() + a.get_variable() - }, + } // !a - 0 = !a = 1 - a (Constant(false), Not(a)) | (Not(a), Constant(false)) => { LinearCombination::zero() + one - a.get_variable() - }, + } // b - a, (Is(a), Is(b)) => LinearCombination::zero() + b.get_variable() - a.get_variable(), // !b - a = (1 - b) - a (Is(a), Not(b)) | (Not(b), Is(a)) => { LinearCombination::zero() + one - b.get_variable() - a.get_variable() - }, + } // !b - !a = (1 - b) - (1 - a) = a - b, (Not(a), Not(b)) => LinearCombination::zero() + a.get_variable() - b.get_variable(), }; @@ -831,7 +831,7 @@ impl CondSelectGadget for Boolean { Boolean::Constant(false) => Ok(false_value.clone()), cond @ Boolean::Not(_) => { Self::conditionally_select(cs, &cond.not(), false_value, true_value) - }, + } cond @ Boolean::Is(_) => match (true_value, false_value) { (x, &Boolean::Constant(false)) => Boolean::and(cs.ns(|| "and"), cond, x).into(), (&Boolean::Constant(false), x) => Boolean::and(cs.ns(|| "and"), &cond.not(), x), @@ -847,7 +847,7 @@ impl CondSelectGadget for Boolean { cond_select_helper(cs, cond, (a.get_value(), a_lc), (b.get_value(), b_lc))? .into(), ) - }, + } }, } } @@ -1138,42 +1138,42 @@ mod test { let mut b = Boolean::from(AllocatedBit::alloc(&mut cs, || Ok(true)).unwrap()); match b { - Boolean::Is(_) => {}, + Boolean::Is(_) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Not(_) => {}, + Boolean::Not(_) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Is(_) => {}, + Boolean::Is(_) => {} _ => panic!("unexpected value"), } b = Boolean::constant(true); match b { - Boolean::Constant(true) => {}, + Boolean::Constant(true) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Constant(false) => {}, + Boolean::Constant(false) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Constant(true) => {}, + Boolean::Constant(true) => {} _ => panic!("unexpected value"), } } @@ -1215,16 +1215,16 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() - }, + } OperandType::NegatedAllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() - }, + } } }; @@ -1237,22 +1237,22 @@ mod test { assert!(cs.is_satisfied()); match (first_operand, second_operand, c) { - (OperandType::True, OperandType::True, Boolean::Constant(false)) => {}, - (OperandType::True, OperandType::False, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::AllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::True, OperandType::AllocatedFalse, Boolean::Not(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Is(_)) => {}, - - (OperandType::False, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::False, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {}, - - (OperandType::AllocatedTrue, OperandType::True, Boolean::Not(_)) => {}, - (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::True, OperandType::True, Boolean::Constant(false)) => {} + (OperandType::True, OperandType::False, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::AllocatedTrue, Boolean::Not(_)) => {} + (OperandType::True, OperandType::AllocatedFalse, Boolean::Not(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Is(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Is(_)) => {} + + (OperandType::False, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::False, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {} + (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {} + + (OperandType::AllocatedTrue, OperandType::True, Boolean::Not(_)) => {} + (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedTrue, OperandType::AllocatedTrue, @@ -1260,7 +1260,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::AllocatedFalse, @@ -1268,7 +1268,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1276,7 +1276,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1284,10 +1284,10 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } - (OperandType::AllocatedFalse, OperandType::True, Boolean::Not(_)) => {}, - (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::AllocatedFalse, OperandType::True, Boolean::Not(_)) => {} + (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedFalse, OperandType::AllocatedTrue, @@ -1295,7 +1295,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedFalse, @@ -1303,7 +1303,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -1311,7 +1311,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -1319,10 +1319,10 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } - (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Is(_)) => {}, - (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Is(_)) => {} + (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedTrue, @@ -1330,7 +1330,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedFalse, @@ -1338,7 +1338,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1346,7 +1346,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1354,10 +1354,10 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } - (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Is(_)) => {}, - (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Is(_)) => {} + (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedTrue, @@ -1365,7 +1365,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedFalse, @@ -1373,7 +1373,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -1381,7 +1381,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -1389,7 +1389,7 @@ mod test { ) => { assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } _ => panic!("this should never be encountered"), } @@ -1426,18 +1426,18 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) .not() - }, + } OperandType::NegatedAllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) .not() - }, + } } }; @@ -1498,16 +1498,16 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() - }, + } OperandType::NegatedAllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() - }, + } } }; @@ -1520,159 +1520,159 @@ mod test { assert!(cs.is_satisfied()); match (first_operand, second_operand, c) { - (OperandType::True, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::False, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::AllocatedTrue, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::AllocatedFalse, Boolean::Constant(true)) => {}, + (OperandType::True, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::False, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::AllocatedTrue, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::AllocatedFalse, Boolean::Constant(true)) => {} ( OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Constant(true), - ) => {}, + ) => {} ( OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Constant(true), - ) => {}, + ) => {} - (OperandType::False, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::False, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {}, + (OperandType::False, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::False, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {} + (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {} - (OperandType::AllocatedTrue, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::AllocatedTrue, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedTrue, OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } - (OperandType::AllocatedFalse, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::AllocatedFalse, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedFalse, OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Constant(true), - ) => {}, - (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {}, + ) => {} + (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Constant(true), - ) => {}, - (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {}, + ) => {} + (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } _ => panic!( "this should never be encountered, in case: (a = {:?}, b = {:?}, c = {:?})", @@ -1710,16 +1710,16 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() - }, + } OperandType::NegatedAllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() - }, + } } }; @@ -1732,33 +1732,31 @@ mod test { assert!(cs.is_satisfied()); match (first_operand, second_operand, c) { - (OperandType::True, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::True, OperandType::AllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::True, OperandType::AllocatedFalse, Boolean::Is(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {}, - - (OperandType::False, OperandType::True, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::AllocatedTrue, Boolean::Constant(false)) => { - }, + (OperandType::True, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::True, OperandType::AllocatedTrue, Boolean::Is(_)) => {} + (OperandType::True, OperandType::AllocatedFalse, Boolean::Is(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {} + + (OperandType::False, OperandType::True, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::AllocatedTrue, Boolean::Constant(false)) => {} (OperandType::False, OperandType::AllocatedFalse, Boolean::Constant(false)) => { - }, + } ( OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Constant(false), - ) => {}, + ) => {} ( OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Constant(false), - ) => {}, + ) => {} - (OperandType::AllocatedTrue, OperandType::True, Boolean::Is(_)) => {}, - (OperandType::AllocatedTrue, OperandType::False, Boolean::Constant(false)) => { - }, + (OperandType::AllocatedTrue, OperandType::True, Boolean::Is(_)) => {} + (OperandType::AllocatedTrue, OperandType::False, Boolean::Constant(false)) => {} ( OperandType::AllocatedTrue, OperandType::AllocatedTrue, @@ -1766,7 +1764,7 @@ mod test { ) => { assert!(cs.get("and result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::AllocatedFalse, @@ -1774,7 +1772,7 @@ mod test { ) => { assert!(cs.get("and result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1782,7 +1780,7 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1790,11 +1788,11 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } - (OperandType::AllocatedFalse, OperandType::True, Boolean::Is(_)) => {}, + (OperandType::AllocatedFalse, OperandType::True, Boolean::Is(_)) => {} (OperandType::AllocatedFalse, OperandType::False, Boolean::Constant(false)) => { - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedTrue, @@ -1802,7 +1800,7 @@ mod test { ) => { assert!(cs.get("and result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedFalse, @@ -1810,7 +1808,7 @@ mod test { ) => { assert!(cs.get("and result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -1818,7 +1816,7 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -1826,14 +1824,14 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } - (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Constant(false), - ) => {}, + ) => {} ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedTrue, @@ -1841,7 +1839,7 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedFalse, @@ -1849,7 +1847,7 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1857,7 +1855,7 @@ mod test { ) => { assert!(cs.get("nor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1865,14 +1863,14 @@ mod test { ) => { assert!(cs.get("nor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } - (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Constant(false), - ) => {}, + ) => {} ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedTrue, @@ -1880,7 +1878,7 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedFalse, @@ -1888,7 +1886,7 @@ mod test { ) => { assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -1896,7 +1894,7 @@ mod test { ) => { assert!(cs.get("nor result") == Fr::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -1904,14 +1902,14 @@ mod test { ) => { assert!(cs.get("nor result") == Fr::one()); assert_eq!(v.value, Some(true)); - }, + } _ => { panic!( "unexpected behavior at {:?} AND {:?}", first_operand, second_operand ); - }, + } } } } @@ -2072,7 +2070,7 @@ mod test { match r { Boolean::Is(ref r) => { assert_eq!(r.value.unwrap(), expected); - }, + } _ => unreachable!(), } } diff --git a/r1cs-std/src/bits/uint32.rs b/r1cs-std/src/bits/uint32.rs index 846d5a2..6029015 100644 --- a/r1cs-std/src/bits/uint32.rs +++ b/r1cs-std/src/bits/uint32.rs @@ -13,7 +13,7 @@ use crate::{ #[derive(Clone, Debug)] pub struct UInt32 { // Least significant bit_gadget first - bits: Vec, + bits: Vec, value: Option, } @@ -55,7 +55,7 @@ impl UInt32 { } v - }, + } None => vec![None; 32], }; @@ -94,19 +94,19 @@ impl UInt32 { if b { value.as_mut().map(|v| *v |= 1); } - }, + } &Boolean::Is(ref b) => match b.get_value() { Some(true) => { value.as_mut().map(|v| *v |= 1); - }, - Some(false) => {}, + } + Some(false) => {} None => value = None, }, &Boolean::Not(ref b) => match b.get_value() { Some(false) => { value.as_mut().map(|v| *v |= 1); - }, - Some(true) => {}, + } + Some(true) => {} None => value = None, }, } @@ -128,7 +128,7 @@ impl UInt32 { .collect(); UInt32 { - bits: new_bits, + bits: new_bits, value: self.value.map(|v| v.rotate_right(by as u32)), } } @@ -193,12 +193,12 @@ impl UInt32 { match op.value { Some(val) => { result_value.as_mut().map(|v| *v += u64::from(val)); - }, + } None => { // If any of our operands have unknown value, we won't // know the value of the result result_value = None; - }, + } } // Iterate over each bit_gadget of the operand and add the operand to @@ -211,18 +211,18 @@ impl UInt32 { // Add coeff * bit_gadget lc += (coeff, bit.get_variable()); - }, + } Boolean::Not(ref bit) => { all_constants = false; // Add coeff * (1 - bit_gadget) = coeff * ONE - coeff * bit_gadget lc = lc + (coeff, CS::one()) - (coeff, bit.get_variable()); - }, + } Boolean::Constant(bit) => { if bit { lc += (coeff, CS::one()); } - }, + } } coeff.double_in_place(); @@ -269,7 +269,7 @@ impl UInt32 { result_bits.truncate(32); Ok(UInt32 { - bits: result_bits, + bits: result_bits, value: modular_value, }) } @@ -298,7 +298,7 @@ impl ToBytesGadget for UInt32 { let mut bytes = Vec::new(); for (i, chunk8) in self.to_bits_le().chunks(8).enumerate() { let byte = UInt8 { - bits: chunk8.to_vec(), + bits: chunk8.to_vec(), value: value_chunks[i], }; bytes.push(byte); @@ -362,7 +362,7 @@ mod test { match bit_gadget { &Boolean::Constant(bit_gadget) => { assert!(bit_gadget == ((b.value.unwrap() >> i) & 1 == 1)); - }, + } _ => unreachable!(), } } @@ -371,8 +371,8 @@ mod test { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, - (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, + (&Boolean::Constant(true), &Boolean::Constant(true)) => {} + (&Boolean::Constant(false), &Boolean::Constant(false)) => {} _ => unreachable!(), } } @@ -407,13 +407,13 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; @@ -448,7 +448,7 @@ mod test { &Boolean::Not(_) => panic!(), &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; @@ -486,10 +486,10 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(_) => unreachable!(), } @@ -525,7 +525,7 @@ mod test { match b { &Boolean::Constant(b) => { assert_eq!(b, tmp & 1 == 1); - }, + } _ => unreachable!(), } diff --git a/r1cs-std/src/bits/uint64.rs b/r1cs-std/src/bits/uint64.rs index babc1f1..b834479 100644 --- a/r1cs-std/src/bits/uint64.rs +++ b/r1cs-std/src/bits/uint64.rs @@ -14,7 +14,7 @@ use core::borrow::Borrow; #[derive(Clone, Debug)] pub struct UInt64 { // Least significant bit_gadget first - bits: Vec, + bits: Vec, value: Option, } @@ -56,7 +56,7 @@ impl UInt64 { } v - } + }, None => vec![None; 64], }; @@ -95,19 +95,19 @@ impl UInt64 { if b { value.as_mut().map(|v| *v |= 1); } - } + }, &Boolean::Is(ref b) => match b.get_value() { Some(true) => { value.as_mut().map(|v| *v |= 1); - } - Some(false) => {} + }, + Some(false) => {}, None => value = None, }, &Boolean::Not(ref b) => match b.get_value() { Some(false) => { value.as_mut().map(|v| *v |= 1); - } - Some(true) => {} + }, + Some(true) => {}, None => value = None, }, } @@ -129,7 +129,7 @@ impl UInt64 { .collect(); UInt64 { - bits: new_bits, + bits: new_bits, value: self.value.map(|v| v.rotate_right(by as u32)), } } @@ -194,12 +194,12 @@ impl UInt64 { match op.value { Some(val) => { result_value.as_mut().map(|v| *v += u128::from(val)); - } + }, None => { // If any of our operands have unknown value, we won't // know the value of the result result_value = None; - } + }, } // Iterate over each bit_gadget of the operand and add the operand to @@ -212,18 +212,18 @@ impl UInt64 { // Add coeff * bit_gadget lc += (coeff, bit.get_variable()); - } + }, Boolean::Not(ref bit) => { all_constants = false; // Add coeff * (1 - bit_gadget) = coeff * ONE - coeff * bit_gadget lc = lc + (coeff, CS::one()) - (coeff, bit.get_variable()); - } + }, Boolean::Constant(bit) => { if bit { lc += (coeff, CS::one()); } - } + }, } coeff.double_in_place(); @@ -270,7 +270,7 @@ impl UInt64 { result_bits.truncate(64); Ok(UInt64 { - bits: result_bits, + bits: result_bits, value: modular_value, }) } @@ -330,7 +330,7 @@ impl ToBytesGadget for UInt64 { let mut bytes = Vec::new(); for (i, chunk8) in self.to_bits_le().chunks(8).enumerate() { let byte = UInt8 { - bits: chunk8.to_vec(), + bits: chunk8.to_vec(), value: value_chunks[i], }; bytes.push(byte); @@ -397,7 +397,7 @@ mod test { match bit_gadget { &Boolean::Constant(bit_gadget) => { assert!(bit_gadget == ((b.value.unwrap() >> i) & 1 == 1)); - } + }, _ => unreachable!(), } } @@ -406,8 +406,8 @@ mod test { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {} - (&Boolean::Constant(false), &Boolean::Constant(false)) => {} + (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, + (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, _ => unreachable!(), } } @@ -442,13 +442,13 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - } + }, &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - } + }, &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - } + }, } expected >>= 1; @@ -483,7 +483,7 @@ mod test { &Boolean::Not(_) => panic!(), &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - } + }, } expected >>= 1; @@ -521,10 +521,10 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - } + }, &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - } + }, &Boolean::Constant(_) => unreachable!(), } @@ -560,7 +560,7 @@ mod test { match b { &Boolean::Constant(b) => { assert_eq!(b, tmp & 1 == 1); - } + }, _ => unreachable!(), } diff --git a/r1cs-std/src/bits/uint8.rs b/r1cs-std/src/bits/uint8.rs index d55e804..6cb67e0 100644 --- a/r1cs-std/src/bits/uint8.rs +++ b/r1cs-std/src/bits/uint8.rs @@ -10,7 +10,7 @@ use core::borrow::Borrow; #[derive(Clone, Debug)] pub struct UInt8 { // Least significant bit_gadget first - pub(crate) bits: Vec, + pub(crate) bits: Vec, pub(crate) value: Option, } @@ -134,19 +134,19 @@ impl UInt8 { if b { value.as_mut().map(|v| *v |= 1); } - }, + } Boolean::Is(ref b) => match b.get_value() { Some(true) => { value.as_mut().map(|v| *v |= 1); - }, - Some(false) => {}, + } + Some(false) => {} None => value = None, }, Boolean::Not(ref b) => match b.get_value() { Some(false) => { value.as_mut().map(|v| *v |= 1); - }, - Some(true) => {}, + } + Some(true) => {} None => value = None, }, } @@ -233,7 +233,7 @@ impl AllocGadget for UInt8 { } v - }, + } _ => vec![None; 8], }; @@ -272,7 +272,7 @@ impl AllocGadget for UInt8 { } v - }, + } _ => vec![None; 8], }; @@ -342,7 +342,7 @@ mod test { match bit_gadget { &Boolean::Constant(bit_gadget) => { assert!(bit_gadget == ((b.value.unwrap() >> i) & 1 == 1)); - }, + } _ => unreachable!(), } } @@ -351,8 +351,8 @@ mod test { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, - (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, + (&Boolean::Constant(true), &Boolean::Constant(true)) => {} + (&Boolean::Constant(false), &Boolean::Constant(false)) => {} _ => unreachable!(), } } @@ -387,13 +387,13 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; diff --git a/r1cs-std/src/fields/fp/cmp.rs b/r1cs-std/src/fields/fp/cmp.rs index 8034ec8..1414aea 100644 --- a/r1cs-std/src/fields/fp/cmp.rs +++ b/r1cs-std/src/fields/fp/cmp.rs @@ -111,14 +111,14 @@ impl FpGadget { Ordering::Less => { left = a; right = b; - }, + } Ordering::Greater => { left = b; right = a; - }, + } Ordering::Equal => { return Err(SynthesisError::Unsatisfiable); - }, + } }; let right_for_check = if should_also_check_equality { right.add_constant(cs.ns(|| "plus one"), &F::one())? @@ -252,7 +252,7 @@ mod test { true, ) .unwrap(); - }, + } Ordering::Greater => { a_var .enforce_cmp( @@ -270,8 +270,8 @@ mod test { true, ) .unwrap(); - }, - _ => {}, + } + _ => {} } if i == 0 { @@ -300,7 +300,7 @@ mod test { true, ) .unwrap(); - }, + } Ordering::Greater => { a_var .enforce_cmp( @@ -318,8 +318,8 @@ mod test { true, ) .unwrap(); - }, - _ => {}, + } + _ => {} } assert!(!cs.is_satisfied()); diff --git a/r1cs-std/src/fields/fp/mod.rs b/r1cs-std/src/fields/fp/mod.rs index df7ea1b..2f8c937 100644 --- a/r1cs-std/src/fields/fp/mod.rs +++ b/r1cs-std/src/fields/fp/mod.rs @@ -13,7 +13,7 @@ pub mod cmp; #[derive(Debug)] pub struct FpGadget { - pub value: Option, + pub value: Option, pub variable: ConstraintVar, } @@ -364,7 +364,7 @@ impl ToBitsGadget for FpGadget { assert_eq!(tmp.len(), num_bits as usize); tmp - }, + } None => vec![None; num_bits as usize], }; @@ -422,7 +422,7 @@ impl ToBytesGadget for FpGadget { let default = F::default(); let default_len = to_bytes![&default].unwrap().len(); vec![None; default_len] - }, + } }; let bytes = UInt8::alloc_vec(cs.ns(|| "Alloc bytes"), &byte_values)?; @@ -438,7 +438,7 @@ impl ToBytesGadget for FpGadget { Boolean::Is(bit) => { lc += (coeff, bit.get_variable()); coeff.double_in_place(); - }, + } Boolean::Constant(_) | Boolean::Not(_) => unreachable!(), } } @@ -577,7 +577,7 @@ impl ThreeBitCondNegLookupGadget for FpGadget { impl Clone for FpGadget { fn clone(&self) -> Self { Self { - value: self.value.clone(), + value: self.value.clone(), variable: self.variable.clone(), } } diff --git a/r1cs-std/src/fields/fp12.rs b/r1cs-std/src/fields/fp12.rs index 4df3ca8..7131676 100644 --- a/r1cs-std/src/fields/fp12.rs +++ b/r1cs-std/src/fields/fp12.rs @@ -6,11 +6,11 @@ use algebra::{ fp6_3over2::{Fp6, Fp6Parameters}, Fp2Parameters, }, - BitIterator, Field, One, PrimeField, + BitIterator, PrimeField, }; use core::{borrow::Borrow, marker::PhantomData}; -use crate::{prelude::*, Assignment, Vec}; +use crate::{prelude::*, Vec}; type Fp2Gadget = super::fp2::Fp2Gadget< <

::Fp6Params as Fp6Parameters>::Fp2Params, @@ -31,8 +31,8 @@ where P: Fp12Parameters, ::Fp2Params: Fp2Parameters, { - pub c0: Fp6Gadget, - pub c1: Fp6Gadget, + pub c0: Fp6Gadget, + pub c1: Fp6Gadget, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -546,47 +546,6 @@ where Ok(self) } - fn inverse>( - &self, - mut cs: CS, - ) -> Result { - let inverse = Self::alloc(&mut cs.ns(|| "alloc inverse"), || { - self.get_value().and_then(|val| val.inverse()).get() - })?; - - // Karatsuba multiplication for Fp2 with the inverse: - // v0 = A.c0 * B.c0 - // v1 = A.c1 * B.c1 - // - // 1 = v0 + non_residue * v1 - // => v0 = 1 - non_residue * v1 - // - // 0 = result.c1 = (A.c0 + A.c1) * (B.c0 + B.c1) - v0 - v1 - // => v0 + v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Enforced with 2 constraints: - // A.c1 * B.c1 = v1 - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // Constraint 1 - let v1 = self.c1.mul(cs.ns(|| "inv_constraint_1"), &inverse.c1)?; - - // Constraint 2 - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - let b0_plus_b1 = inverse.c0.add(cs.ns(|| "b0 + b1"), &inverse.c1)?; - - let one = Fp6::::one(); - let rhs = Self::mul_fp6_by_nonresidue(cs.ns(|| "nr * v1"), &v1)? - .sub(cs.ns(|| "sub v1"), &v1)? - .negate(cs.ns(|| "negate it"))? - .add_constant(cs.ns(|| "add one"), &one)?; - a0_plus_a1.mul_equals(cs.ns(|| "inv_constraint_2"), &b0_plus_b1, &rhs)?; - Ok(inverse) - } - fn mul_equals>( &self, mut cs: CS, @@ -639,16 +598,12 @@ where } fn cost_of_mul() -> usize { - unimplemented!() + 3 * Fp6Gadget::::cost_of_mul() } fn cost_of_mul_equals() -> usize { Self::cost_of_mul() } - - fn cost_of_inv() -> usize { - Self::cost_of_mul() + >::cost() - } } impl PartialEq for Fp12Gadget @@ -892,7 +847,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -917,7 +872,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/fields/fp2.rs b/r1cs-std/src/fields/fp2.rs index 463bf75..5dbc369 100644 --- a/r1cs-std/src/fields/fp2.rs +++ b/r1cs-std/src/fields/fp2.rs @@ -1,18 +1,18 @@ use algebra::{ fields::{Fp2, Fp2Parameters}, - Field, PrimeField, + PrimeField, }; use core::{borrow::Borrow, marker::PhantomData}; use r1cs_core::{ConstraintSystem, ConstraintVar, SynthesisError}; -use crate::{fields::fp::FpGadget, prelude::*, Assignment, Vec}; +use crate::{fields::fp::FpGadget, prelude::*, Vec}; #[derive(Derivative)] #[derivative(Debug(bound = "P: Fp2Parameters, ConstraintF: PrimeField"))] #[must_use] pub struct Fp2Gadget, ConstraintF: PrimeField> { - pub c0: FpGadget, - pub c1: FpGadget, + pub c0: FpGadget, + pub c1: FpGadget, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -289,47 +289,6 @@ impl, ConstraintF: PrimeField> FieldGadget>( - &self, - mut cs: CS, - ) -> Result { - let inverse = Self::alloc(&mut cs.ns(|| "alloc inverse"), || { - self.get_value().and_then(|val| val.inverse()).get() - })?; - - // Karatsuba multiplication for Fp2 with the inverse: - // v0 = A.c0 * B.c0 - // v1 = A.c1 * B.c1 - // - // 1 = v0 + non_residue * v1 - // => v0 = 1 - non_residue * v1 - // - // 0 = result.c1 = (A.c0 + A.c1) * (B.c0 + B.c1) - v0 - v1 - // => v0 + v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Enforced with 2 constraints: - // A.c1 * B.c1 = v1 - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // Constraint 1 - let mut v1 = self.c1.mul(cs.ns(|| "inv_constraint_1"), &inverse.c1)?; - - // Constraint 2 - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - let b0_plus_b1 = inverse.c0.add(cs.ns(|| "b0 + b1"), &inverse.c1)?; - - let one = P::Fp::one(); - let rhs = v1 - .mul_by_constant_in_place(cs.ns(|| "(1 - nonresidue) * v1"), &(one - &P::NONRESIDUE))? - .add_constant_in_place(cs.ns(|| "add one"), &one)?; - a0_plus_a1.mul_equals(cs.ns(|| "inv_constraint_2"), &b0_plus_b1, rhs)?; - Ok(inverse) - } - fn mul_equals>( &self, mut cs: CS, @@ -450,16 +409,12 @@ impl, ConstraintF: PrimeField> FieldGadget usize { - 3 + 3 * FpGadget::::cost_of_mul() } fn cost_of_mul_equals() -> usize { Self::cost_of_mul() } - - fn cost_of_inv() -> usize { - 2 - } } impl, ConstraintF: PrimeField> PartialEq @@ -571,8 +526,8 @@ impl, ConstraintF: PrimeField> Clone { fn clone(&self) -> Self { Self { - c0: self.c0.clone(), - c1: self.c1.clone(), + c0: self.c0.clone(), + c1: self.c1.clone(), _params: PhantomData, } } @@ -669,7 +624,7 @@ impl, ConstraintF: PrimeField> AllocGadget { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -694,7 +649,7 @@ impl, ConstraintF: PrimeField> AllocGadget { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/fields/fp3.rs b/r1cs-std/src/fields/fp3.rs index ec5dfb9..39c6006 100644 --- a/r1cs-std/src/fields/fp3.rs +++ b/r1cs-std/src/fields/fp3.rs @@ -1,14 +1,11 @@ use algebra::{ - fields::{ - fp3::{Fp3, Fp3Parameters}, - Field, - }, + fields::fp3::{Fp3, Fp3Parameters}, PrimeField, SquareRootField, }; use core::{borrow::Borrow, marker::PhantomData}; use r1cs_core::{ConstraintSystem, ConstraintVar, SynthesisError}; -use crate::{fields::fp::FpGadget, prelude::*, Assignment, Vec}; +use crate::{fields::fp::FpGadget, prelude::*, Vec}; #[derive(Derivative)] #[derivative(Debug( @@ -17,9 +14,9 @@ use crate::{fields::fp::FpGadget, prelude::*, Assignment, Vec}; #[must_use] pub struct Fp3Gadget, ConstraintF: PrimeField + SquareRootField> { - pub c0: FpGadget, - pub c1: FpGadget, - pub c2: FpGadget, + pub c0: FpGadget, + pub c1: FpGadget, + pub c2: FpGadget, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -40,6 +37,7 @@ impl, ConstraintF: PrimeField + SquareRootFie _params: PhantomData, } } + /// Multiply a FpGadget by quadratic nonresidue P::NONRESIDUE. #[inline] pub fn mul_fp_gadget_by_nonresidue>( @@ -332,120 +330,113 @@ impl, ConstraintF: PrimeField + SquareRootFie Ok(Self::new(c0, c1, c2)) } - /// Use the Toom-Cook-3x method to compute multiplication. #[inline] - fn square>( + fn mul_equals>( &self, mut cs: CS, - ) -> Result { - // Uses Toom-Cook-3x multiplication from + other: &Self, + result: &Self, + ) -> Result<(), SynthesisError> { + // Karatsuba multiplication for Fp3: + // v0 = A.c0 * B.c0 + // v1 = A.c1 * B.c1 + // v2 = A.c2 * B.c2 + // result.c0 = v0 + β((a1 + a2)(b1 + b2) − v1 − v2) + // result.c1 = (a0 + a1)(b0 + b1) − v0 − v1 + βv2 + // result.c2 = (a0 + a2)(b0 + b2) − v0 + v1 − v2, + // We enforce this with six constraints: + // + // v0 = A.c0 * B.c0 + // v1 = A.c1 * B.c1 + // v2 = A.c2 * B.c2 // + // result.c0 - v0 + \beta*(v1 + v2) = β(a1 + a2)(b1 + b2)) + // result.c1 + v0 + v1 - βv2 = (a0 + a1)(b0 + b1) + // result.c2 + v0 - v1 + v2 = (a0 + a2)(b0 + b2) // Reference: // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // v0 = a(0)^2 = a0^2 - let v0 = self.c0.square(&mut cs.ns(|| "Calc v0"))?; - - // v1 = a(1)^2 = (a0 + a1 + a2)^2 - let v1 = { - let a0_plus_a1_plus_a2 = self - .c0 - .add(cs.ns(|| "a0 + a1"), &self.c1)? - .add(cs.ns(|| "a0 + a1 + a2"), &self.c2)?; - a0_plus_a1_plus_a2.square(&mut cs.ns(|| "(a0 + a1 + a2)^2"))? - }; - - // v2 = a(−1)^2 = (a0 − a1 + a2)^2 - let v2 = { - let a0_minus_a1_plus_a2 = self - .c0 - .sub(cs.ns(|| "a0 - a1"), &self.c1)? - .add(cs.ns(|| "a0 - a2 + a2"), &self.c2)?; - a0_minus_a1_plus_a2.square(&mut cs.ns(|| "(a0 - a1 + a2)^2"))? - }; - - // v3 = a(2)^2 = (a0 + 2a1 + 4a2)^2 - let v3 = { - let a1_double = self.c1.double(cs.ns(|| "2a1"))?; - let a2_quad = self.c2.double(cs.ns(|| "2a2"))?.double(cs.ns(|| "4a2"))?; - let a0_plus_2_a1_plus_4_a2 = self - .c0 - .add(cs.ns(|| "a0 + 2a1"), &a1_double)? - .add(cs.ns(|| "a0 + 2a1 + 4a2"), &a2_quad)?; - - a0_plus_2_a1_plus_4_a2.square(&mut cs.ns(|| "(a0 + 2a1 + 4a2)^2"))? - }; - - // v4 = a(∞)^2 = a2^2 - let v4 = self.c2.square(&mut cs.ns(|| "a2^2"))?; - - let two = P::Fp::one().double(); - let six = two.double() + &two; - let mut two_and_six = [two, six]; - algebra::fields::batch_inversion(&mut two_and_six); - let (two_inverse, six_inverse) = (two_and_six[0], two_and_six[1]); - - let half_v0 = v0.mul_by_constant(cs.ns(|| "half_v0"), &two_inverse)?; - let half_v1 = v1.mul_by_constant(cs.ns(|| "half_v1"), &two_inverse)?; - let one_sixth_v2 = v2.mul_by_constant(cs.ns(|| "one_sixth_v2"), &six_inverse)?; - let one_sixth_v3 = v3.mul_by_constant(cs.ns(|| "one_sixth_v3"), &six_inverse)?; - let two_v4 = v4.double(cs.ns(|| "double_v4"))?; - - // c0 = v0 + β((1/2)v0 − (1/2)v1 − (1/6)v2 + (1/6)v3 − 2v4) - let c0 = { - let mut c0_cs = cs.ns(|| "c0"); - // No constraints, only get a linear combination back. - let inner = half_v0 - .sub(c0_cs.ns(|| "sub1"), &half_v1)? - .sub(c0_cs.ns(|| "sub2"), &one_sixth_v2)? - .add(c0_cs.ns(|| "add3"), &one_sixth_v3)? - .sub(c0_cs.ns(|| "sub4"), &two_v4)?; - let non_residue_times_inner = - inner.mul_by_constant(c0_cs.ns(|| "mul_by_res"), &P::NONRESIDUE)?; - v0.add(c0_cs.ns(|| "add5"), &non_residue_times_inner)? - }; - - // −(1/2)v0 + v1 − (1/3)v2 − (1/6)v3 + 2v4 + βv4 - let c1 = { - let mut c1_cs = cs.ns(|| "c1"); - let one_third_v2 = one_sixth_v2.double(c1_cs.ns(|| "v2_by_3"))?; - let non_residue_v4 = v4.mul_by_constant(c1_cs.ns(|| "mul_by_res"), &P::NONRESIDUE)?; - - half_v0 - .negate(c1_cs.ns(|| "neg1"))? - .add(c1_cs.ns(|| "add1"), &v1)? - .sub(c1_cs.ns(|| "sub2"), &one_third_v2)? - .sub(c1_cs.ns(|| "sub3"), &one_sixth_v3)? - .add(c1_cs.ns(|| "add4"), &two_v4)? - .add(c1_cs.ns(|| "add5"), &non_residue_v4)? - }; - - // -v0 + (1/2)v1 + (1/2)v2 −v4 - let c2 = { - let mut c2_cs = cs.ns(|| "c2"); - let half_v2 = v2.mul_by_constant(c2_cs.ns(|| "half_v2"), &two_inverse)?; - half_v1 - .add(c2_cs.ns(|| "add1"), &half_v2)? - .sub(c2_cs.ns(|| "sub1"), &v4)? - .sub(c2_cs.ns(|| "sub2"), &v0)? - }; - - Ok(Self::new(c0, c1, c2)) + // Devegili, OhEigeartaigh, Scott, Dahab + // + // This implementation adapted from + // https://github.com/ZencashOfficial/ginger-lib/blob/development/r1cs/gadgets/std/src/fields/fp3.rs + let v0 = self.c0.mul(cs.ns(|| "v0 = a0 * b0"), &other.c0)?; + let v1 = self.c1.mul(cs.ns(|| "v1 = a1 * b1"), &other.c1)?; + let v2 = self.c2.mul(cs.ns(|| "v2 = a2 * b2"), &other.c2)?; + + // Check c0 + let nr_a1_plus_a2 = self + .c1 + .add(cs.ns(|| "a1 + a2"), &self.c2)? + .mul_by_constant(cs.ns(|| "nr*(a1 + a2)"), &P::NONRESIDUE)?; + let b1_plus_b2 = other.c1.add(cs.ns(|| "b1 + b2"), &other.c2)?; + let nr_v1 = v1.mul_by_constant(cs.ns(|| "nr * v1"), &P::NONRESIDUE)?; + let nr_v2 = v2.mul_by_constant(cs.ns(|| "nr * v2"), &P::NONRESIDUE)?; + let to_check = result + .c0 + .sub(cs.ns(|| "c0 - v0"), &v0)? + .add(cs.ns(|| "c0 - v0 + nr * v1"), &nr_v1)? + .add(cs.ns(|| "c0 - v0 + nr * v1 + nr * v2"), &nr_v2)?; + nr_a1_plus_a2.mul_equals(cs.ns(|| "check c0"), &b1_plus_b2, &to_check)?; + + // Check c1 + let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; + let b0_plus_b1 = other.c0.add(cs.ns(|| "b0 + b1"), &other.c1)?; + let to_check = result + .c1 + .sub(cs.ns(|| "c1 - nr * v2"), &nr_v2)? + .add(cs.ns(|| "c1 - nr * v2 + v0"), &v0)? + .add(cs.ns(|| "c1 - nr * v2 + v0 + v1"), &v1)?; + a0_plus_a1.mul_equals(cs.ns(|| "check c1"), &b0_plus_b1, &to_check)?; + + // Check c2 + let a0_plus_a2 = self.c0.add(cs.ns(|| "a0 + a2"), &self.c2)?; + let b0_plus_b2 = other.c0.add(cs.ns(|| "b0 + b2"), &other.c2)?; + let to_check = result + .c2 + .add(cs.ns(|| "c2 + v0"), &v0)? + .sub(cs.ns(|| "c2 + v0 - v1"), &v1)? + .add(cs.ns(|| "c2 + v0 - v1 + v2"), &v2)?; + a0_plus_a2.mul_equals(cs.ns(|| "check c2"), &b0_plus_b2, &to_check)?; + Ok(()) } - // 18 constraints, we can probably do better but not sure it's worth it. + /// Use the Chung-Hasan asymmetric squaring formula. + /// + /// (Devegili OhEig Scott Dahab --- Multiplication and Squaring on + /// Abstract Pairing-Friendly + /// Fields.pdf; Section 4 (CH-SQR2)) #[inline] - fn inverse>( + fn square>( &self, mut cs: CS, ) -> Result { - let inverse = Self::alloc(&mut cs.ns(|| "alloc inverse"), || { - self.get_value().and_then(|val| val.inverse()).get() - })?; - let one = Self::one(cs.ns(|| "one"))?; - inverse.mul_equals(cs.ns(|| "check inverse"), &self, &one)?; - Ok(inverse) + let a = self.c0.clone(); + let b = self.c1.clone(); + let c = self.c2.clone(); + + let s0 = a.square(cs.ns(|| "s0"))?; + let ab = a.mul(cs.ns(|| "ab"), &b)?; + let s1 = ab.double(cs.ns(|| "s1"))?; + let s2 = a + .sub(cs.ns(|| "a-b"), &b)? + .add(cs.ns(|| "plus c"), &c)? + .square(cs.ns(|| "s2"))?; + let s3 = b.mul(cs.ns(|| "bc"), &c)?.double(cs.ns(|| "s3"))?; + let s4 = c.square(cs.ns(|| "s4"))?; + + let c0 = Self::mul_fp_gadget_by_nonresidue(cs.ns(|| "c0 part 1"), &s3)? + .add(cs.ns(|| "c0"), &s0)?; + + let c1 = Self::mul_fp_gadget_by_nonresidue(cs.ns(|| "c1 part 1"), &s4)? + .add(cs.ns(|| "c1"), &s1)?; + + let c2 = s1 + .add(cs.ns(|| "c2 part1"), &s2)? + .add(cs.ns(|| "c2 part2"), &s3)? + .sub(cs.ns(|| "c2 part3"), &s0)? + .sub(cs.ns(|| "c2 part4"), &s4)?; + + Ok(Self::new(c0, c1, c2)) } #[inline] @@ -634,8 +625,8 @@ impl, ConstraintF: PrimeField + SquareRootFie 5 * FpGadget::::cost_of_mul() } - fn cost_of_inv() -> usize { - Self::cost_of_mul() + >::cost() + fn cost_of_mul_equals() -> usize { + 6 * FpGadget::::cost_of_mul() } } @@ -889,7 +880,7 @@ impl, ConstraintF: PrimeField + SquareRootFie Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -916,7 +907,7 @@ impl, ConstraintF: PrimeField + SquareRootFie Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/fields/fp4.rs b/r1cs-std/src/fields/fp4.rs index c57774d..8c05cb7 100644 --- a/r1cs-std/src/fields/fp4.rs +++ b/r1cs-std/src/fields/fp4.rs @@ -1,11 +1,11 @@ use algebra::{ fields::{Fp2, Fp2Parameters, Fp4, Fp4Parameters}, - BigInteger, Field, One, PrimeField, + BigInteger, PrimeField, }; use core::{borrow::Borrow, marker::PhantomData}; use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::{prelude::*, Assignment, Vec}; +use crate::{prelude::*, Vec}; type Fp2Gadget = super::fp2::Fp2Gadget<

::Fp2Params, ConstraintF>; @@ -22,8 +22,8 @@ where P: Fp4Parameters, P::Fp2Params: Fp2Parameters, { - pub c0: Fp2Gadget, - pub c1: Fp2Gadget, + pub c0: Fp2Gadget, + pub c1: Fp2Gadget, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -308,48 +308,6 @@ where Ok(Self::new(c0, c1)) } - #[inline] - fn inverse>( - &self, - mut cs: CS, - ) -> Result { - let inverse = Self::alloc(&mut cs.ns(|| "alloc inverse"), || { - self.get_value().and_then(|val| val.inverse()).get() - })?; - - // Karatsuba multiplication for Fp4 with the inverse: - // v0 = A.c0 * B.c0 - // v1 = A.c1 * B.c1 - // - // 1 = v0 + non_residue * v1 - // => v0 = 1 - non_residue * v1 - // - // 0 = result.c1 = (A.c0 + A.c1) * (B.c0 + B.c1) - v0 - v1 - // => v0 + v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Enforced with 2 constraints: - // A.c1 * B.c1 = v1 - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // Constraint 1 - let v1 = self.c1.mul(cs.ns(|| "inv_constraint_1"), &inverse.c1)?; - - // Constraint 2 - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - let b0_plus_b1 = inverse.c0.add(cs.ns(|| "b0 + b1"), &inverse.c1)?; - - let one = Fp2::<

::Fp2Params>::one(); - let rhs = Self::mul_fp2_gadget_by_nonresidue(cs.ns(|| "nr * v1"), &v1)? - .sub(cs.ns(|| "sub v1"), &v1)? - .negate(cs.ns(|| "negate it"))? - .add_constant(cs.ns(|| "add one"), &one)?; - a0_plus_a1.mul_equals(cs.ns(|| "inv_constraint_2"), &b0_plus_b1, &rhs)?; - Ok(inverse) - } - fn mul_equals>( &self, mut cs: CS, @@ -475,17 +433,12 @@ where } fn cost_of_mul() -> usize { - 3 * as FieldGadget, ConstraintF>>::cost_of_mul( - ) + 3 * Fp2Gadget::::cost_of_mul() } fn cost_of_mul_equals() -> usize { Self::cost_of_mul() } - - fn cost_of_inv() -> usize { - unimplemented!() - } } impl PartialEq for Fp4Gadget @@ -616,8 +569,8 @@ where { fn clone(&self) -> Self { Self { - c0: self.c0.clone(), - c1: self.c1.clone(), + c0: self.c0.clone(), + c1: self.c1.clone(), _params: PhantomData, } } @@ -733,7 +686,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -758,7 +711,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/fields/fp6_2over3.rs b/r1cs-std/src/fields/fp6_2over3.rs index 9064022..29ec485 100644 --- a/r1cs-std/src/fields/fp6_2over3.rs +++ b/r1cs-std/src/fields/fp6_2over3.rs @@ -3,12 +3,12 @@ use algebra::{ fp6_2over3::{Fp6, Fp6Parameters}, Fp3, Fp3Parameters, }, - BigInteger, Field, One, PrimeField, SquareRootField, + BigInteger, PrimeField, SquareRootField, }; use core::{borrow::Borrow, marker::PhantomData}; use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::{prelude::*, Assignment, Vec}; +use crate::{prelude::*, Vec}; type Fp3Gadget = super::fp3::Fp3Gadget<

::Fp3Params, ConstraintF>; @@ -25,8 +25,8 @@ where P: Fp6Parameters, P::Fp3Params: Fp3Parameters, { - pub c0: Fp3Gadget, - pub c1: Fp3Gadget, + pub c0: Fp3Gadget, + pub c1: Fp3Gadget, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -291,48 +291,6 @@ where Ok(Self::new(c0, c1)) } - #[inline] - fn inverse>( - &self, - mut cs: CS, - ) -> Result { - let inverse = Self::alloc(&mut cs.ns(|| "alloc inverse"), || { - self.get_value().and_then(|val| val.inverse()).get() - })?; - - // Karatsuba multiplication for Fp6 with the inverse: - // v0 = A.c0 * B.c0 - // v1 = A.c1 * B.c1 - // - // 1 = v0 + non_residue * v1 - // => v0 = 1 - non_residue * v1 - // - // 0 = result.c1 = (A.c0 + A.c1) * (B.c0 + B.c1) - v0 - v1 - // => v0 + v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Enforced with 2 constraints: - // A.c1 * B.c1 = v1 - // => 1 + (1 - non_residue) * v1 = (A.c0 + A.c1) * (B.c0 + B.c1) - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // Constraint 1 - let v1 = self.c1.mul(cs.ns(|| "inv_constraint_1"), &inverse.c1)?; - - // Constraint 2 - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - let b0_plus_b1 = inverse.c0.add(cs.ns(|| "b0 + b1"), &inverse.c1)?; - - let one = Fp3::<

::Fp3Params>::one(); - let rhs = Self::mul_fp3_gadget_by_nonresidue(cs.ns(|| "nr * v1"), &v1)? - .sub(cs.ns(|| "sub v1"), &v1)? - .negate(cs.ns(|| "negate it"))? - .add_constant(cs.ns(|| "add one"), &one)?; - a0_plus_a1.mul_equals(cs.ns(|| "inv_constraint_2"), &b0_plus_b1, &rhs)?; - Ok(inverse) - } - fn mul_equals>( &self, mut cs: CS, @@ -458,17 +416,12 @@ where } fn cost_of_mul() -> usize { - 3 * as FieldGadget, ConstraintF>>::cost_of_mul( - ) + 2 * Fp3Gadget::::cost_of_mul() } fn cost_of_mul_equals() -> usize { Self::cost_of_mul() } - - fn cost_of_inv() -> usize { - unimplemented!() - } } impl PartialEq for Fp6Gadget @@ -604,8 +557,8 @@ where { fn clone(&self) -> Self { Self { - c0: self.c0.clone(), - c1: self.c1.clone(), + c0: self.c0.clone(), + c1: self.c1.clone(), _params: PhantomData, } } @@ -724,7 +677,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -749,7 +702,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/fields/fp6_3over2.rs b/r1cs-std/src/fields/fp6_3over2.rs index abb8f7b..a7f3b49 100644 --- a/r1cs-std/src/fields/fp6_3over2.rs +++ b/r1cs-std/src/fields/fp6_3over2.rs @@ -8,7 +8,7 @@ use algebra::{ use core::{borrow::Borrow, marker::PhantomData}; use r1cs_core::{ConstraintSystem, ConstraintVar, SynthesisError}; -use crate::{prelude::*, Assignment, Vec}; +use crate::{prelude::*, Vec}; type Fp2Gadget = super::fp2::Fp2Gadget<

::Fp2Params, ConstraintF>; @@ -21,9 +21,9 @@ where P: Fp6Parameters, P::Fp2Params: Fp2Parameters, { - pub c0: Fp2Gadget, - pub c1: Fp2Gadget, - pub c2: Fp2Gadget, + pub c0: Fp2Gadget, + pub c1: Fp2Gadget, + pub c2: Fp2Gadget, #[derivative(Debug = "ignore")] _params: PhantomData

, } @@ -398,120 +398,113 @@ where Ok(Self::new(c0, c1, c2)) } - /// Use the Toom-Cook-3x method to compute multiplication. + /// Use the Chung-Hasan asymmetric squaring formula. + /// + /// (Devegili OhEig Scott Dahab --- Multiplication and Squaring on + /// Abstract Pairing-Friendly + /// Fields.pdf; Section 4 (CH-SQR2)) #[inline] fn square>( &self, mut cs: CS, ) -> Result { - // Uses Toom-Cook-3x multiplication from - // - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // v0 = a(0)^2 = a0^2 - let v0 = self.c0.square(&mut cs.ns(|| "Calc v0"))?; - - // v1 = a(1)^2 = (a0 + a1 + a2)^2 - let v1 = { - let a0_plus_a1_plus_a2 = self - .c0 - .add(cs.ns(|| "a0 + a1"), &self.c1)? - .add(cs.ns(|| "a0 + a1 + a2"), &self.c2)?; - a0_plus_a1_plus_a2.square(&mut cs.ns(|| "(a0 + a1 + a2)^2"))? - }; - - // v2 = a(−1)^2 = (a0 − a1 + a2)^2 - let v2 = { - let a0_minus_a1_plus_a2 = self - .c0 - .sub(cs.ns(|| "a0 - a1"), &self.c1)? - .add(cs.ns(|| "a0 - a2 + a2"), &self.c2)?; - a0_minus_a1_plus_a2.square(&mut cs.ns(|| "(a0 - a1 + a2)^2"))? - }; - - // v3 = a(2)^2 = (a0 + 2a1 + 4a2)^2 - let v3 = { - let a1_double = self.c1.double(cs.ns(|| "2a1"))?; - let a2_quad = self.c2.double(cs.ns(|| "2a2"))?.double(cs.ns(|| "4a2"))?; - let a0_plus_2_a1_plus_4_a2 = self - .c0 - .add(cs.ns(|| "a0 + 2a1"), &a1_double)? - .add(cs.ns(|| "a0 + 2a1 + 4a2"), &a2_quad)?; - - a0_plus_2_a1_plus_4_a2.square(&mut cs.ns(|| "(a0 + 2a1 + 4a2)^2"))? - }; - - // v4 = a(∞)^2 = a2^2 - let v4 = self.c2.square(&mut cs.ns(|| "a2^2"))?; - - let two = ::Fp::one().double(); - let six = two.double() + &two; - let mut two_and_six = [two, six]; - algebra::fields::batch_inversion(&mut two_and_six); - let (two_inverse, six_inverse) = (two_and_six[0], two_and_six[1]); - - let half_v0 = v0.mul_by_fp_constant(cs.ns(|| "half_v0"), &two_inverse)?; - let half_v1 = v1.mul_by_fp_constant(cs.ns(|| "half_v1"), &two_inverse)?; - let one_sixth_v2 = v2.mul_by_fp_constant(cs.ns(|| "one_sixth_v2"), &six_inverse)?; - let one_sixth_v3 = v3.mul_by_fp_constant(cs.ns(|| "one_sixth_v3"), &six_inverse)?; - let two_v4 = v4.double(cs.ns(|| "double_v4"))?; - - // c0 = v0 + β((1/2)v0 − (1/2)v1 − (1/6)v2 + (1/6)v3 − 2v4) - let c0 = { - let mut c0_cs = cs.ns(|| "c0"); - // No constraints, only get a linear combination back. - let inner = half_v0 - .sub(c0_cs.ns(|| "sub1"), &half_v1)? - .sub(c0_cs.ns(|| "sub2"), &one_sixth_v2)? - .add(c0_cs.ns(|| "add3"), &one_sixth_v3)? - .sub(c0_cs.ns(|| "sub4"), &two_v4)?; - let non_residue_times_inner = - inner.mul_by_constant(c0_cs.ns(|| "mul_by_res"), &P::NONRESIDUE)?; - v0.add(c0_cs.ns(|| "add5"), &non_residue_times_inner)? - }; - - // −(1/2)v0 + v1 − (1/3)v2 − (1/6)v3 + 2v4 + βv4 - let c1 = { - let mut c1_cs = cs.ns(|| "c1"); - let one_third_v2 = one_sixth_v2.double(c1_cs.ns(|| "v2_by_3"))?; - let non_residue_v4 = v4.mul_by_constant(c1_cs.ns(|| "mul_by_res"), &P::NONRESIDUE)?; - - half_v0 - .negate(c1_cs.ns(|| "neg1"))? - .add(c1_cs.ns(|| "add1"), &v1)? - .sub(c1_cs.ns(|| "sub2"), &one_third_v2)? - .sub(c1_cs.ns(|| "sub3"), &one_sixth_v3)? - .add(c1_cs.ns(|| "add4"), &two_v4)? - .add(c1_cs.ns(|| "add5"), &non_residue_v4)? - }; - - // -v0 + (1/2)v1 + (1/2)v2 −v4 - let c2 = { - let mut c2_cs = cs.ns(|| "c2"); - let half_v2 = v2.mul_by_fp_constant(c2_cs.ns(|| "half_v2"), &two_inverse)?; - half_v1 - .add(c2_cs.ns(|| "add1"), &half_v2)? - .sub(c2_cs.ns(|| "sub1"), &v4)? - .sub(c2_cs.ns(|| "sub2"), &v0)? - }; + let a = self.c0.clone(); + let b = self.c1.clone(); + let c = self.c2.clone(); + + let s0 = a.square(cs.ns(|| "s0"))?; + let ab = a.mul(cs.ns(|| "ab"), &b)?; + let s1 = ab.double(cs.ns(|| "s1"))?; + let s2 = a + .sub(cs.ns(|| "a-b"), &b)? + .add(cs.ns(|| "plus c"), &c)? + .square(cs.ns(|| "s2"))?; + let s3 = b.mul(cs.ns(|| "bc"), &c)?.double(cs.ns(|| "s3"))?; + let s4 = c.square(cs.ns(|| "s4"))?; + + let c0 = Self::mul_fp2_gadget_by_nonresidue(cs.ns(|| "c0 part 1"), &s3)? + .add(cs.ns(|| "c0"), &s0)?; + + let c1 = Self::mul_fp2_gadget_by_nonresidue(cs.ns(|| "c1 part 1"), &s4)? + .add(cs.ns(|| "c1"), &s1)?; + + let c2 = s1 + .add(cs.ns(|| "c2 part1"), &s2)? + .add(cs.ns(|| "c2 part2"), &s3)? + .sub(cs.ns(|| "c2 part3"), &s0)? + .sub(cs.ns(|| "c2 part4"), &s4)?; Ok(Self::new(c0, c1, c2)) } - // 18 constraints, we can probably do better but not sure it's worth it. #[inline] - fn inverse>( + fn mul_equals>( &self, mut cs: CS, - ) -> Result { - let inverse = Self::alloc(&mut cs.ns(|| "alloc inverse"), || { - self.get_value().and_then(|val| val.inverse()).get() - })?; - let one = Self::one(cs.ns(|| "one"))?; - inverse.mul_equals(cs.ns(|| "check inverse"), &self, &one)?; - Ok(inverse) + other: &Self, + result: &Self, + ) -> Result<(), SynthesisError> { + // Karatsuba multiplication for Fp3: + // v0 = A.c0 * B.c0 + // v1 = A.c1 * B.c1 + // v2 = A.c2 * B.c2 + // result.c0 = v0 + β((a1 + a2)(b1 + b2) − v1 − v2) + // result.c1 = (a0 + a1)(b0 + b1) − v0 − v1 + βv2 + // result.c2 = (a0 + a2)(b0 + b2) − v0 + v1 − v2, + // We enforce this with six constraints: + // + // v0 = A.c0 * B.c0 + // v1 = A.c1 * B.c1 + // v2 = A.c2 * B.c2 + // + // result.c0 - v0 + \beta*(v1 + v2) = β(a1 + a2)(b1 + b2)) + // result.c1 + v0 + v1 - βv2 = (a0 + a1)(b0 + b1) + // result.c2 + v0 - v1 + v2 = (a0 + a2)(b0 + b2) + // Reference: + // "Multiplication and Squaring on Pairing-Friendly Fields" + // Devegili, OhEigeartaigh, Scott, Dahab + // + // This implementation adapted from + // https://github.com/ZencashOfficial/ginger-lib/blob/development/r1cs/gadgets/std/src/fields/fp3.rs + let v0 = self.c0.mul(cs.ns(|| "v0 = a0 * b0"), &other.c0)?; + let v1 = self.c1.mul(cs.ns(|| "v1 = a1 * b1"), &other.c1)?; + let v2 = self.c2.mul(cs.ns(|| "v2 = a2 * b2"), &other.c2)?; + + // Check c0 + let nr_a1_plus_a2 = self + .c1 + .add(cs.ns(|| "a1 + a2"), &self.c2)? + .mul_by_constant(cs.ns(|| "nr*(a1 + a2)"), &P::NONRESIDUE)?; + let b1_plus_b2 = other.c1.add(cs.ns(|| "b1 + b2"), &other.c2)?; + let nr_v1 = v1.mul_by_constant(cs.ns(|| "nr * v1"), &P::NONRESIDUE)?; + let nr_v2 = v2.mul_by_constant(cs.ns(|| "nr * v2"), &P::NONRESIDUE)?; + let to_check = result + .c0 + .sub(cs.ns(|| "c0 - v0"), &v0)? + .add(cs.ns(|| "c0 - v0 + nr * v1"), &nr_v1)? + .add(cs.ns(|| "c0 - v0 + nr * v1 + nr * v2"), &nr_v2)?; + nr_a1_plus_a2.mul_equals(cs.ns(|| "check c0"), &b1_plus_b2, &to_check)?; + + // Check c1 + let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; + let b0_plus_b1 = other.c0.add(cs.ns(|| "b0 + b1"), &other.c1)?; + let to_check = result + .c1 + .sub(cs.ns(|| "c1 - nr * v2"), &nr_v2)? + .add(cs.ns(|| "c1 - nr * v2 + v0"), &v0)? + .add(cs.ns(|| "c1 - nr * v2 + v0 + v1"), &v1)?; + a0_plus_a1.mul_equals(cs.ns(|| "check c1"), &b0_plus_b1, &to_check)?; + + // Check c2 + let a0_plus_a2 = self.c0.add(cs.ns(|| "a0 + a2"), &self.c2)?; + let b0_plus_b2 = other.c0.add(cs.ns(|| "b0 + b2"), &other.c2)?; + let to_check = result + .c2 + .add(cs.ns(|| "c2 + v0"), &v0)? + .sub(cs.ns(|| "c2 + v0 - v1"), &v1)? + .add(cs.ns(|| "c2 + v0 - v1 + v2"), &v2)?; + a0_plus_a2.mul_equals(cs.ns(|| "check c2"), &b0_plus_b2, &to_check)?; + Ok(()) } #[inline] @@ -704,8 +697,8 @@ where 5 * Fp2Gadget::::cost_of_mul() } - fn cost_of_inv() -> usize { - Self::cost_of_mul() + >::cost() + fn cost_of_mul_equals() -> usize { + 6 * Fp2Gadget::::cost_of_mul() } } @@ -984,7 +977,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -1011,7 +1004,7 @@ where Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/fields/mod.rs b/r1cs-std/src/fields/mod.rs index 75f617c..60e22de 100644 --- a/r1cs-std/src/fields/mod.rs +++ b/r1cs-std/src/fields/mod.rs @@ -2,7 +2,7 @@ use algebra::{fields::BitIterator, Field}; use core::fmt::Debug; use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::prelude::*; +use crate::{prelude::*, Assignment}; pub mod fp; pub mod fp12; @@ -188,7 +188,17 @@ pub trait FieldGadget: Ok(self) } - fn inverse>(&self, _: CS) -> Result; + fn inverse>( + &self, + mut cs: CS, + ) -> Result { + let one = Self::one(&mut cs.ns(|| "one"))?; + let inverse = Self::alloc(&mut cs.ns(|| "alloc inverse"), || { + self.get_value().and_then(|val| val.inverse()).get() + })?; + self.mul_equals(cs.ns(|| "check inv"), &inverse, &one)?; + Ok(inverse) + } fn frobenius_map>( &self, @@ -255,7 +265,9 @@ pub trait FieldGadget: Self::cost_of_mul() + >::cost() } - fn cost_of_inv() -> usize; + fn cost_of_inv() -> usize { + Self::cost_of_mul_equals() + } } #[cfg(test)] diff --git a/r1cs-std/src/groups/curves/short_weierstrass/mnt4/mod.rs b/r1cs-std/src/groups/curves/short_weierstrass/mnt4/mod.rs index 8db3307..2ecfdbf 100644 --- a/r1cs-std/src/groups/curves/short_weierstrass/mnt4/mod.rs +++ b/r1cs-std/src/groups/curves/short_weierstrass/mnt4/mod.rs @@ -27,8 +27,8 @@ pub type G2Gadget

= #[derive(Derivative)] #[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] pub struct G1PreparedGadget { - pub x: FpGadget, - pub y: FpGadget, + pub x: FpGadget, + pub y: FpGadget, pub x_twist: Fp2Gadget, pub y_twist: Fp2Gadget, } @@ -113,11 +113,11 @@ type Fp2G

= Fp2Gadget<

::Fp2Params,

#[derive(Derivative)] #[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] pub struct G2PreparedGadget { - pub x: Fp2Gadget, - pub y: Fp2Gadget, - pub x_over_twist: Fp2Gadget, - pub y_over_twist: Fp2Gadget, - pub double_coefficients: Vec>, + pub x: Fp2Gadget, + pub y: Fp2Gadget, + pub x_over_twist: Fp2Gadget, + pub y_over_twist: Fp2Gadget, + pub double_coefficients: Vec>, pub addition_coefficients: Vec>, } @@ -222,11 +222,11 @@ impl G2PreparedGadget

{ let twist_inv = P::TWIST.inverse().unwrap(); let mut g2p = G2PreparedGadget { - x: q.x.clone(), - y: q.y.clone(), - x_over_twist: q.x.mul_by_constant(cs.ns(|| "x over twist"), &twist_inv)?, - y_over_twist: q.y.mul_by_constant(cs.ns(|| "y over twist"), &twist_inv)?, - double_coefficients: vec![], + x: q.x.clone(), + y: q.y.clone(), + x_over_twist: q.x.mul_by_constant(cs.ns(|| "x over twist"), &twist_inv)?, + y_over_twist: q.y.mul_by_constant(cs.ns(|| "y over twist"), &twist_inv)?, + double_coefficients: vec![], addition_coefficients: vec![], }; @@ -302,10 +302,10 @@ impl G2PreparedGadget

{ #[derive(Derivative)] #[derivative(Clone(bound = "P: MNT4Parameters"), Debug(bound = "P: MNT4Parameters"))] pub struct AteDoubleCoefficientsGadget { - pub c_h: Fp2Gadget, + pub c_h: Fp2Gadget, pub c_4c: Fp2Gadget, - pub c_j: Fp2Gadget, - pub c_l: Fp2Gadget, + pub c_j: Fp2Gadget, + pub c_l: Fp2Gadget, } impl ToBytesGadget for AteDoubleCoefficientsGadget

{ diff --git a/r1cs-std/src/groups/curves/short_weierstrass/mnt6/mod.rs b/r1cs-std/src/groups/curves/short_weierstrass/mnt6/mod.rs index 25cbef1..8929757 100644 --- a/r1cs-std/src/groups/curves/short_weierstrass/mnt6/mod.rs +++ b/r1cs-std/src/groups/curves/short_weierstrass/mnt6/mod.rs @@ -27,8 +27,8 @@ pub type G2Gadget

= #[derive(Derivative)] #[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] pub struct G1PreparedGadget { - pub x: FpGadget, - pub y: FpGadget, + pub x: FpGadget, + pub y: FpGadget, pub x_twist: Fp3Gadget, pub y_twist: Fp3Gadget, } @@ -115,11 +115,11 @@ type Fp3G

= Fp3Gadget<

::Fp3Params,

#[derive(Derivative)] #[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] pub struct G2PreparedGadget { - pub x: Fp3Gadget, - pub y: Fp3Gadget, - pub x_over_twist: Fp3Gadget, - pub y_over_twist: Fp3Gadget, - pub double_coefficients: Vec>, + pub x: Fp3Gadget, + pub y: Fp3Gadget, + pub x_over_twist: Fp3Gadget, + pub y_over_twist: Fp3Gadget, + pub double_coefficients: Vec>, pub addition_coefficients: Vec>, } @@ -224,11 +224,11 @@ impl G2PreparedGadget

{ let twist_inv = P::TWIST.inverse().unwrap(); let mut g2p = G2PreparedGadget { - x: q.x.clone(), - y: q.y.clone(), - x_over_twist: q.x.mul_by_constant(cs.ns(|| "x over twist"), &twist_inv)?, - y_over_twist: q.y.mul_by_constant(cs.ns(|| "y over twist"), &twist_inv)?, - double_coefficients: vec![], + x: q.x.clone(), + y: q.y.clone(), + x_over_twist: q.x.mul_by_constant(cs.ns(|| "x over twist"), &twist_inv)?, + y_over_twist: q.y.mul_by_constant(cs.ns(|| "y over twist"), &twist_inv)?, + double_coefficients: vec![], addition_coefficients: vec![], }; @@ -304,10 +304,10 @@ impl G2PreparedGadget

{ #[derive(Derivative)] #[derivative(Clone(bound = "P: MNT6Parameters"), Debug(bound = "P: MNT6Parameters"))] pub struct AteDoubleCoefficientsGadget { - pub c_h: Fp3Gadget, + pub c_h: Fp3Gadget, pub c_4c: Fp3Gadget, - pub c_j: Fp3Gadget, - pub c_l: Fp3Gadget, + pub c_j: Fp3Gadget, + pub c_l: Fp3Gadget, } impl ToBytesGadget for AteDoubleCoefficientsGadget

{ diff --git a/r1cs-std/src/groups/curves/short_weierstrass/mod.rs b/r1cs-std/src/groups/curves/short_weierstrass/mod.rs index 4c723f4..116e2d4 100644 --- a/r1cs-std/src/groups/curves/short_weierstrass/mod.rs +++ b/r1cs-std/src/groups/curves/short_weierstrass/mod.rs @@ -22,11 +22,11 @@ pub struct AffineGadget< ConstraintF: Field, F: FieldGadget, > { - pub x: F, - pub y: F, + pub x: F, + pub y: F, pub infinity: Boolean, - _params: PhantomData

, - _engine: PhantomData, + _params: PhantomData

, + _engine: PhantomData, } impl> @@ -53,7 +53,7 @@ impl { let ge = ge.into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -107,7 +107,7 @@ where ) { (Some(x), Some(y), Some(infinity)) => { Some(SWAffine::new(x, y, infinity).into_projective()) - }, + } (None, None, None) => None, _ => unreachable!(), } @@ -450,7 +450,7 @@ where Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -574,7 +574,7 @@ where Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/groups/curves/twisted_edwards/mod.rs b/r1cs-std/src/groups/curves/twisted_edwards/mod.rs index fddfcb3..ed071b8 100644 --- a/r1cs-std/src/groups/curves/twisted_edwards/mod.rs +++ b/r1cs-std/src/groups/curves/twisted_edwards/mod.rs @@ -21,8 +21,8 @@ pub struct MontgomeryAffineGadget< ConstraintF: Field, F: FieldGadget, > { - pub x: F, - pub y: F, + pub x: F, + pub y: F, #[derivative(Debug = "ignore")] _params: PhantomData

, #[derivative(Debug = "ignore")] @@ -90,7 +90,7 @@ mod montgomery_affine_impl { t0.mul_assign(&invy); Ok(t0) - }, + } None => Err(SynthesisError::DivisionByZero), } })?; @@ -108,7 +108,7 @@ mod montgomery_affine_impl { t0.mul_assign(&t1); Ok(t0) - }, + } None => Err(SynthesisError::DivisionByZero), } })?; @@ -140,7 +140,7 @@ mod montgomery_affine_impl { Some(d) => { n.mul_assign(&d); Ok(n) - }, + } None => Err(SynthesisError::DivisionByZero), } })?; @@ -193,8 +193,8 @@ pub struct AffineGadget< ConstraintF: Field, F: FieldGadget, > { - pub x: F, - pub y: F, + pub x: F, + pub y: F, #[derivative(Debug = "ignore")] _params: PhantomData

, #[derivative(Debug = "ignore")] @@ -504,7 +504,7 @@ mod affine_impl { Ok(ge) => { let ge = *ge.borrow(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -621,7 +621,7 @@ mod affine_impl { Ok(ge) => { let ge = *ge.borrow(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -960,14 +960,14 @@ mod projective_impl { match edwards_result { None => { edwards_result = Some(segment_result); - }, + } Some(ref mut edwards_result) => { *edwards_result = GroupGadget::, ConstraintF>::add( &segment_result, cs.ns(|| "edwards addition"), edwards_result, )?; - }, + } } Ok(()) @@ -1050,13 +1050,13 @@ mod projective_impl { match result { None => { result = Some(tmp); - }, + } Some(ref mut result) => { *result = tmp.add( cs.ns(|| format!("addition of window {}, {}", segment_i, i)), result, )?; - }, + } } } @@ -1101,7 +1101,7 @@ mod projective_impl { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -1223,7 +1223,7 @@ mod projective_impl { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), diff --git a/r1cs-std/src/lib.rs b/r1cs-std/src/lib.rs index a458af2..6736471 100644 --- a/r1cs-std/src/lib.rs +++ b/r1cs-std/src/lib.rs @@ -33,8 +33,8 @@ use ralloc::{collections::BTreeMap, string::String, vec::Vec}; #[cfg(feature = "std")] use std::{collections::BTreeMap, string::String, vec::Vec}; -pub mod test_constraint_system; pub mod test_constraint_counter; +pub mod test_constraint_system; pub mod bits; pub use self::bits::*; diff --git a/r1cs-std/src/pairing/bls12/mod.rs b/r1cs-std/src/pairing/bls12/mod.rs index 7cf32cb..6501248 100644 --- a/r1cs-std/src/pairing/bls12/mod.rs +++ b/r1cs-std/src/pairing/bls12/mod.rs @@ -36,7 +36,7 @@ impl PairingGadget

{ c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; *f = f.mul_by_014(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; Ok(()) - }, + } TwistType::D => { let c0 = Fp2G::

::new(p.y.clone(), zero); let mut c1 = coeffs.0.clone(); @@ -46,7 +46,7 @@ impl PairingGadget

{ c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; *f = f.mul_by_034(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; Ok(()) - }, + } } } diff --git a/r1cs-std/src/test_constraint_counter.rs b/r1cs-std/src/test_constraint_counter.rs index 359f71d..0adf53e 100644 --- a/r1cs-std/src/test_constraint_counter.rs +++ b/r1cs-std/src/test_constraint_counter.rs @@ -4,16 +4,16 @@ use r1cs_core::{ConstraintSystem, Index, LinearCombination, SynthesisError, Vari /// Constraint counter for testing purposes. pub struct ConstraintCounter { - pub num_inputs: usize, - pub num_aux: usize, + pub num_inputs: usize, + pub num_aux: usize, pub num_constraints: usize, } impl ConstraintCounter { pub fn new() -> Self { Self { - num_aux: 0, - num_inputs: 0, + num_aux: 0, + num_inputs: 0, num_constraints: 0, } } diff --git a/r1cs-std/src/test_constraint_system.rs b/r1cs-std/src/test_constraint_system.rs index 765df33..41c1bb9 100644 --- a/r1cs-std/src/test_constraint_system.rs +++ b/r1cs-std/src/test_constraint_system.rs @@ -11,7 +11,7 @@ enum NamedObject { /// Constraint system for testing purposes. pub struct TestConstraintSystem { - named_objects: BTreeMap, + named_objects: BTreeMap, current_namespace: Vec, pub constraints: Vec<( LinearCombination, @@ -19,8 +19,8 @@ pub struct TestConstraintSystem { LinearCombination, String, )>, - inputs: Vec<(ConstraintF, String)>, - aux: Vec<(ConstraintF, String)>, + inputs: Vec<(ConstraintF, String)>, + aux: Vec<(ConstraintF, String)>, } impl TestConstraintSystem { @@ -54,11 +54,11 @@ impl TestConstraintSystem { ); TestConstraintSystem { - named_objects: map, + named_objects: map, current_namespace: vec![], - constraints: vec![], - inputs: vec![(ConstraintF::one(), "ONE".into())], - aux: vec![], + constraints: vec![], + inputs: vec![(ConstraintF::one(), "ONE".into())], + aux: vec![], } } diff --git a/rustfmt.toml b/rustfmt.toml index 0527c73..7171213 100644 --- a/rustfmt.toml +++ b/rustfmt.toml @@ -1,13 +1,9 @@ reorder_imports = true wrap_comments = true normalize_comments = true -format_strings = true -struct_field_align_threshold = 40 use_try_shorthand = true match_block_trailing_comma = true use_field_init_shorthand = true edition = "2018" condense_wildcard_suffixes = true merge_imports = true -imports_layout = "Mixed" -unstable_features = true