From 3a18ecee0d44c13ecc9e7fe24427391ce908a5b2 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Sun, 13 Sep 2020 17:24:17 -0700 Subject: [PATCH] Add examples and doctests for instantiated curves --- r1cs-std/src/fields/cubic_extension.rs | 24 +-- r1cs-std/src/fields/fp/mod.rs | 2 +- r1cs-std/src/fields/quadratic_extension.rs | 22 ++- .../groups/curves/short_weierstrass/mod.rs | 6 +- .../src/groups/curves/twisted_edwards/mod.rs | 19 ++- r1cs-std/src/instantiated/bls12_377/fields.rs | 1 + r1cs-std/src/instantiated/bls12_377/mod.rs | 150 ++++++++++++++++++ .../src/instantiated/ed_on_bls12_377/mod.rs | 102 ++++++++++++ .../src/instantiated/ed_on_bls12_381/mod.rs | 102 ++++++++++++ r1cs-std/src/instantiated/ed_on_bn254/mod.rs | 102 ++++++++++++ .../src/instantiated/ed_on_bw6_761/mod.rs | 102 ++++++++++++ .../src/instantiated/ed_on_cp6_782/mod.rs | 101 ++++++++++++ .../src/instantiated/ed_on_mnt4_298/mod.rs | 102 ++++++++++++ .../src/instantiated/ed_on_mnt4_753/mod.rs | 102 ++++++++++++ r1cs-std/src/instantiated/mnt4_298/mod.rs | 150 ++++++++++++++++++ r1cs-std/src/instantiated/mnt4_753/mod.rs | 150 ++++++++++++++++++ r1cs-std/src/instantiated/mnt6_298/mod.rs | 150 ++++++++++++++++++ r1cs-std/src/instantiated/mnt6_753/mod.rs | 150 ++++++++++++++++++ r1cs-std/src/instantiated/mod.rs | 12 -- 19 files changed, 1511 insertions(+), 38 deletions(-) diff --git a/r1cs-std/src/fields/cubic_extension.rs b/r1cs-std/src/fields/cubic_extension.rs index 717c13a..8c2ef13 100644 --- a/r1cs-std/src/fields/cubic_extension.rs +++ b/r1cs-std/src/fields/cubic_extension.rs @@ -1,6 +1,6 @@ use algebra::{ fields::{CubicExtField, CubicExtParameters, Field}, - One, Zero, + Zero, }; use core::{borrow::Borrow, marker::PhantomData}; use r1cs_core::{ConstraintSystemRef, Namespace, SynthesisError}; @@ -266,14 +266,20 @@ where #[tracing::instrument(target = "r1cs")] fn inverse(&self) -> Result { - let cs = self.cs().get()?.clone(); - let one = Self::new_constant(cs.clone(), CubicExtField::one())?; - - let inverse = Self::new_witness(self.cs().get()?.clone(), || { - self.value() - .map(|f| f.inverse().unwrap_or(CubicExtField::zero())) - })?; - self.mul_equals(&inverse, &one)?; + let mode = if self.is_constant() { + AllocationMode::Constant + } else { + AllocationMode::Witness + }; + let inverse = Self::new_variable( + self.cs().get()?.clone(), + || { + self.value() + .map(|f| f.inverse().unwrap_or(CubicExtField::zero())) + }, + mode, + )?; + self.mul_equals(&inverse, &Self::one())?; Ok(inverse) } } diff --git a/r1cs-std/src/fields/fp/mod.rs b/r1cs-std/src/fields/fp/mod.rs index cc5cfd9..3614ead 100644 --- a/r1cs-std/src/fields/fp/mod.rs +++ b/r1cs-std/src/fields/fp/mod.rs @@ -48,7 +48,7 @@ impl R1CSVar for FpVar { fn cs(&self) -> Option> { match self { - Self::Constant(_) => None, + Self::Constant(_) => Some(ConstraintSystemRef::None), Self::Var(a) => Some(a.cs.clone()), } } diff --git a/r1cs-std/src/fields/quadratic_extension.rs b/r1cs-std/src/fields/quadratic_extension.rs index be29c67..bf2c9ae 100644 --- a/r1cs-std/src/fields/quadratic_extension.rs +++ b/r1cs-std/src/fields/quadratic_extension.rs @@ -1,6 +1,6 @@ use algebra::{ fields::{Field, QuadExtField, QuadExtParameters}, - One, Zero, + Zero, }; use core::{borrow::Borrow, marker::PhantomData}; use r1cs_core::{ConstraintSystemRef, Namespace, SynthesisError}; @@ -273,12 +273,20 @@ where #[tracing::instrument(target = "r1cs")] fn inverse(&self) -> Result { - let one = Self::new_constant(self.cs().get()?.clone(), QuadExtField::one())?; - let inverse = Self::new_witness(self.cs().get()?.clone(), || { - self.value() - .map(|f| f.inverse().unwrap_or(QuadExtField::zero())) - })?; - self.mul_equals(&inverse, &one)?; + let mode = if self.is_constant() { + AllocationMode::Constant + } else { + AllocationMode::Witness + }; + let inverse = Self::new_variable( + self.cs().get()?.clone(), + || { + self.value() + .map(|f| f.inverse().unwrap_or(QuadExtField::zero())) + }, + mode, + )?; + self.mul_equals(&inverse, &Self::one())?; Ok(inverse) } } diff --git a/r1cs-std/src/groups/curves/short_weierstrass/mod.rs b/r1cs-std/src/groups/curves/short_weierstrass/mod.rs index 46d38e4..21091fc 100644 --- a/r1cs-std/src/groups/curves/short_weierstrass/mod.rs +++ b/r1cs-std/src/groups/curves/short_weierstrass/mod.rs @@ -154,7 +154,11 @@ where pub fn to_affine(&self) -> Result, SynthesisError> { let cs = self.cs().unwrap_or(ConstraintSystemRef::None); let mode = if self.is_constant() { - AllocationMode::Constant + let point = self.value()?.into_affine(); + let x = F::new_constant(ConstraintSystemRef::None, point.x)?; + let y = F::new_constant(ConstraintSystemRef::None, point.y)?; + let infinity = Boolean::constant(point.infinity); + return Ok(AffineVar::new(x, y, infinity)); } else { AllocationMode::Witness }; diff --git a/r1cs-std/src/groups/curves/twisted_edwards/mod.rs b/r1cs-std/src/groups/curves/twisted_edwards/mod.rs index 404af8e..77e205f 100644 --- a/r1cs-std/src/groups/curves/twisted_edwards/mod.rs +++ b/r1cs-std/src/groups/curves/twisted_edwards/mod.rs @@ -461,7 +461,11 @@ where #[inline] #[tracing::instrument(target = "r1cs")] fn double_in_place(&mut self) -> Result<(), SynthesisError> { - if let Some(cs) = self.cs() { + if self.is_constant() { + let value = self.value()?; + *self = Self::constant(value.double()); + } else { + let cs = self.cs().unwrap(); let a = P::COEFF_A; // xy @@ -496,9 +500,6 @@ where y3.mul_equals(&two_minus_ax2_minus_y2, &y2_minus_a_x2)?; self.x = x3; self.y = y3; - } else { - let value = self.value()?; - *self = Self::constant(value.double()); } Ok(()) } @@ -708,7 +709,12 @@ impl_bounded_ops!( AddAssign, add_assign, |this: &'a AffineVar, other: &'a AffineVar| { - if let Some(cs) = [this, other].cs() { + + if [this, other].is_constant() { + assert!(this.is_constant() && other.is_constant()); + AffineVar::constant(this.value().unwrap() + &other.value().unwrap()) + } else { + let cs = [this, other].cs().unwrap(); let a = P::COEFF_A; let d = P::COEFF_D; @@ -752,9 +758,6 @@ impl_bounded_ops!( y3.mul_equals(&one_minus_v2, &u_plus_a_v0_minus_v1).unwrap(); AffineVar::new(x3, y3) - } else { - assert!(this.is_constant() && other.is_constant()); - AffineVar::constant(this.value().unwrap() + &other.value().unwrap()) } }, |this: &'a AffineVar, other: TEProjective

| this + AffineVar::constant(other), diff --git a/r1cs-std/src/instantiated/bls12_377/fields.rs b/r1cs-std/src/instantiated/bls12_377/fields.rs index 446e77f..f64a281 100644 --- a/r1cs-std/src/instantiated/bls12_377/fields.rs +++ b/r1cs-std/src/instantiated/bls12_377/fields.rs @@ -4,6 +4,7 @@ use crate::fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, fp6_3over2::Fp6Var}; /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq`. pub type FqVar = FpVar; + /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq2`. pub type Fq2Var = Fp2Var; /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq6`. diff --git a/r1cs-std/src/instantiated/bls12_377/mod.rs b/r1cs-std/src/instantiated/bls12_377/mod.rs index 5e10f69..d1df08d 100644 --- a/r1cs-std/src/instantiated/bls12_377/mod.rs +++ b/r1cs-std/src/instantiated/bls12_377/mod.rs @@ -1,3 +1,153 @@ +//! This module implements the R1CS equivalent of `algebra::bls12_377`. +//! +//! It implements field variables for `algebra::bls12_377::{Fq, Fq2, Fq6, Fq12}`, +//! group variables for `algebra::bls12_377::{G1, G2}`, and implements constraint +//! generation for computing `Bls12_377::pairing`. +//! +//! The field underlying these constraints is `algebra::bls12_377::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, bls12_377::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::bls12_377::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `G1Var` and `G2Var`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, bls12_377::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::bls12_377::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `G1` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G1Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `G1`. +//! let zero = G1Var::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! Finally, one can check pairing computations as well: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, PairingEngine, bls12_377::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::bls12_377::{self, *}; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate random `G1` and `G2` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G2Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let pairing_result_native = Bls12_377::pairing(a_native, b_native); +//! +//! // Prepare `a` and `b` for pairing. +//! let a_prep = bls12_377::PairingVar::prepare_g1(&a)?; +//! let b_prep = bls12_377::PairingVar::prepare_g2(&b)?; +//! let pairing_result = bls12_377::PairingVar::pairing(a_prep, b_prep)?; +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!(pairing_result.value()?, pairing_result_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! let a_prep_const = bls12_377::PairingVar::prepare_g1(&a_const)?; +//! let b_prep_const = bls12_377::PairingVar::prepare_g2(&b_const)?; +//! let pairing_result_const = bls12_377::PairingVar::pairing(a_prep_const, b_prep_const)?; +//! println!("Done here 3"); +//! +//! pairing_result.enforce_equal(&pairing_result_const)?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; mod pairing; diff --git a/r1cs-std/src/instantiated/ed_on_bls12_377/mod.rs b/r1cs-std/src/instantiated/ed_on_bls12_377/mod.rs index cd5e758..f7d3da3 100644 --- a/r1cs-std/src/instantiated/ed_on_bls12_377/mod.rs +++ b/r1cs-std/src/instantiated/ed_on_bls12_377/mod.rs @@ -1,3 +1,105 @@ +//! This module implements the R1CS equivalent of `algebra::ed_on_bls12_377`. +//! +//! It implements field variables for `algebra::ed_on_bls12_377::Fq`, +//! and group variables for `algebra::ed_on_bls12_377::GroupProjective`. +//! +//! The field underlying these constraints is `algebra::ed_on_bls12_377::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, ed_on_bls12_377::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::ed_on_bls12_377::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `EdwardsVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, ed_on_bls12_377::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::ed_on_bls12_377::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Edwards` elements. +//! let a_native = EdwardsProjective::rand(&mut rng); +//! let b_native = EdwardsProjective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity. +//! let zero = EdwardsVar::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; diff --git a/r1cs-std/src/instantiated/ed_on_bls12_381/mod.rs b/r1cs-std/src/instantiated/ed_on_bls12_381/mod.rs index cd5e758..8368f6d 100644 --- a/r1cs-std/src/instantiated/ed_on_bls12_381/mod.rs +++ b/r1cs-std/src/instantiated/ed_on_bls12_381/mod.rs @@ -1,3 +1,105 @@ +//! This module implements the R1CS equivalent of `algebra::ed_on_bls12_381`. +//! +//! It implements field variables for `algebra::ed_on_bls12_381::Fq`, +//! and group variables for `algebra::ed_on_bls12_381::GroupProjective`. +//! +//! The field underlying these constraints is `algebra::ed_on_bls12_381::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, ed_on_bls12_381::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::ed_on_bls12_381::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `EdwardsVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, ed_on_bls12_381::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::ed_on_bls12_381::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Edwards` elements. +//! let a_native = EdwardsProjective::rand(&mut rng); +//! let b_native = EdwardsProjective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `Edwards`. +//! let zero = EdwardsVar::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; diff --git a/r1cs-std/src/instantiated/ed_on_bn254/mod.rs b/r1cs-std/src/instantiated/ed_on_bn254/mod.rs index cd5e758..c4facd7 100644 --- a/r1cs-std/src/instantiated/ed_on_bn254/mod.rs +++ b/r1cs-std/src/instantiated/ed_on_bn254/mod.rs @@ -1,3 +1,105 @@ +//! This module implements the R1CS equivalent of `algebra::ed_on_bn254`. +//! +//! It implements field variables for `algebra::ed_on_bn254::Fq`, +//! and group variables for `algebra::ed_on_bn254::GroupProjective`. +//! +//! The field underlying these constraints is `algebra::ed_on_bn254::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, ed_on_bn254::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::ed_on_bn254::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `EdwardsVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, ed_on_bn254::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::ed_on_bn254::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Edwards` elements. +//! let a_native = EdwardsProjective::rand(&mut rng); +//! let b_native = EdwardsProjective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `Edwards`. +//! let zero = EdwardsVar::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; diff --git a/r1cs-std/src/instantiated/ed_on_bw6_761/mod.rs b/r1cs-std/src/instantiated/ed_on_bw6_761/mod.rs index 8c475c0..73ae181 100644 --- a/r1cs-std/src/instantiated/ed_on_bw6_761/mod.rs +++ b/r1cs-std/src/instantiated/ed_on_bw6_761/mod.rs @@ -1 +1,103 @@ +//! This module implements the R1CS equivalent of `algebra::ed_on_bw6_761`. +//! +//! It implements field variables for `algebra::ed_on_bw6_761::Fq`, +//! and group variables for `algebra::ed_on_bw6_761::GroupProjective`. +//! +//! The field underlying these constraints is `algebra::ed_on_bw6_761::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, ed_on_bw6_761::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::ed_on_bw6_761::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `EdwardsVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, ed_on_bw6_761::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::ed_on_bw6_761::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Edwards` elements. +//! let a_native = EdwardsProjective::rand(&mut rng); +//! let b_native = EdwardsProjective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `Edwards`. +//! let zero = EdwardsVar::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + pub use crate::instantiated::ed_on_cp6_782::*; diff --git a/r1cs-std/src/instantiated/ed_on_cp6_782/mod.rs b/r1cs-std/src/instantiated/ed_on_cp6_782/mod.rs index 0119106..24e43f6 100644 --- a/r1cs-std/src/instantiated/ed_on_cp6_782/mod.rs +++ b/r1cs-std/src/instantiated/ed_on_cp6_782/mod.rs @@ -1,4 +1,105 @@ #![allow(unreachable_pub)] +//! This module implements the R1CS equivalent of `algebra::ed_on_cp6_782`. +//! +//! It implements field variables for `algebra::ed_on_cp6_782::Fq`, +//! and group variables for `algebra::ed_on_cp6_782::GroupProjective`. +//! +//! The field underlying these constraints is `algebra::ed_on_cp6_782::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, ed_on_cp6_782::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::ed_on_cp6_782::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `EdwardsVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, ed_on_cp6_782::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::ed_on_cp6_782::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Edwards` elements. +//! let a_native = EdwardsProjective::rand(&mut rng); +//! let b_native = EdwardsProjective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `Edwards`. +//! let zero = EdwardsVar::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` mod curves; mod fields; diff --git a/r1cs-std/src/instantiated/ed_on_mnt4_298/mod.rs b/r1cs-std/src/instantiated/ed_on_mnt4_298/mod.rs index cd5e758..aa3d206 100644 --- a/r1cs-std/src/instantiated/ed_on_mnt4_298/mod.rs +++ b/r1cs-std/src/instantiated/ed_on_mnt4_298/mod.rs @@ -1,3 +1,105 @@ +//! This module implements the R1CS equivalent of `algebra::ed_on_mnt4_298`. +//! +//! It implements field variables for `algebra::ed_on_mnt4_298::Fq`, +//! and group variables for `algebra::ed_on_mnt4_298::GroupProjective`. +//! +//! The field underlying these constraints is `algebra::ed_on_mnt4_298::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, ed_on_mnt4_298::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::ed_on_mnt4_298::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `EdwardsVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, ed_on_mnt4_298::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::ed_on_mnt4_298::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Edwards` elements. +//! let a_native = EdwardsProjective::rand(&mut rng); +//! let b_native = EdwardsProjective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `Edwards`. +//! let zero = EdwardsVar::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; diff --git a/r1cs-std/src/instantiated/ed_on_mnt4_753/mod.rs b/r1cs-std/src/instantiated/ed_on_mnt4_753/mod.rs index cd5e758..9d030ac 100644 --- a/r1cs-std/src/instantiated/ed_on_mnt4_753/mod.rs +++ b/r1cs-std/src/instantiated/ed_on_mnt4_753/mod.rs @@ -1,3 +1,105 @@ +//! This module implements the R1CS equivalent of `algebra::ed_on_mnt4_753`. +//! +//! It implements field variables for `algebra::ed_on_mnt4_753::Fq`, +//! and group variables for `algebra::ed_on_mnt4_753::GroupProjective`. +//! +//! The field underlying these constraints is `algebra::ed_on_mnt4_753::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, ed_on_mnt4_753::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::ed_on_mnt4_753::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `EdwardsVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, ed_on_mnt4_753::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::ed_on_mnt4_753::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Edwards` elements. +//! let a_native = EdwardsProjective::rand(&mut rng); +//! let b_native = EdwardsProjective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `Edwards`. +//! let zero = EdwardsVar::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; diff --git a/r1cs-std/src/instantiated/mnt4_298/mod.rs b/r1cs-std/src/instantiated/mnt4_298/mod.rs index 5e10f69..fe65742 100644 --- a/r1cs-std/src/instantiated/mnt4_298/mod.rs +++ b/r1cs-std/src/instantiated/mnt4_298/mod.rs @@ -1,3 +1,153 @@ +//! This module implements the R1CS equivalent of `algebra::mnt4_298`. +//! +//! It implements field variables for `algebra::mnt4_298::{Fq, Fq2, Fq4}`, +//! group variables for `algebra::mnt4_298::{G1, G2}`, and implements constraint +//! generation for computing `MNT4_298::pairing`. +//! +//! The field underlying these constraints is `algebra::mnt4_298::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, mnt4_298::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::mnt4_298::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `G1Var` and `G2Var`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, mnt4_298::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt4_298::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `G1` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G1Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `G1`. +//! let zero = G1Var::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! Finally, one can check pairing computations as well: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, PairingEngine, mnt4_298::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt4_298::{self, *}; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate random `G1` and `G2` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G2Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let pairing_result_native = MNT4_298::pairing(a_native, b_native); +//! +//! // Prepare `a` and `b` for pairing. +//! let a_prep = mnt4_298::PairingVar::prepare_g1(&a)?; +//! let b_prep = mnt4_298::PairingVar::prepare_g2(&b)?; +//! let pairing_result = mnt4_298::PairingVar::pairing(a_prep, b_prep)?; +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!(pairing_result.value()?, pairing_result_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! let a_prep_const = mnt4_298::PairingVar::prepare_g1(&a_const)?; +//! let b_prep_const = mnt4_298::PairingVar::prepare_g2(&b_const)?; +//! let pairing_result_const = mnt4_298::PairingVar::pairing(a_prep_const, b_prep_const)?; +//! println!("Done here 3"); +//! +//! pairing_result.enforce_equal(&pairing_result_const)?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; mod pairing; diff --git a/r1cs-std/src/instantiated/mnt4_753/mod.rs b/r1cs-std/src/instantiated/mnt4_753/mod.rs index 5e10f69..c717fdc 100644 --- a/r1cs-std/src/instantiated/mnt4_753/mod.rs +++ b/r1cs-std/src/instantiated/mnt4_753/mod.rs @@ -1,3 +1,153 @@ +//! This module implements the R1CS equivalent of `algebra::mnt4_753`. +//! +//! It implements field variables for `algebra::mnt4_753::{Fq, Fq2, Fq4}`, +//! group variables for `algebra::mnt4_753::{G1, G2}`, and implements constraint +//! generation for computing `MNT4_753::pairing`. +//! +//! The field underlying these constraints is `algebra::mnt4_753::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, mnt4_753::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::mnt4_753::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `G1Var` and `G2Var`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, mnt4_753::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt4_753::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `G1` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G1Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `G1`. +//! let zero = G1Var::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! Finally, one can check pairing computations as well: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, PairingEngine, mnt4_753::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt4_753::{self, *}; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate random `G1` and `G2` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G2Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let pairing_result_native = MNT4_753::pairing(a_native, b_native); +//! +//! // Prepare `a` and `b` for pairing. +//! let a_prep = mnt4_753::PairingVar::prepare_g1(&a)?; +//! let b_prep = mnt4_753::PairingVar::prepare_g2(&b)?; +//! let pairing_result = mnt4_753::PairingVar::pairing(a_prep, b_prep)?; +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!(pairing_result.value()?, pairing_result_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! let a_prep_const = mnt4_753::PairingVar::prepare_g1(&a_const)?; +//! let b_prep_const = mnt4_753::PairingVar::prepare_g2(&b_const)?; +//! let pairing_result_const = mnt4_753::PairingVar::pairing(a_prep_const, b_prep_const)?; +//! println!("Done here 3"); +//! +//! pairing_result.enforce_equal(&pairing_result_const)?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; mod pairing; diff --git a/r1cs-std/src/instantiated/mnt6_298/mod.rs b/r1cs-std/src/instantiated/mnt6_298/mod.rs index 5e10f69..292345e 100644 --- a/r1cs-std/src/instantiated/mnt6_298/mod.rs +++ b/r1cs-std/src/instantiated/mnt6_298/mod.rs @@ -1,3 +1,153 @@ +//! This module implements the R1CS equivalent of `algebra::mnt6_298`. +//! +//! It implements field variables for `algebra::mnt6_298::{Fq, Fq3, Fq6}`, +//! group variables for `algebra::mnt6_298::{G1, G2}`, and implements constraint +//! generation for computing `MNT6_298::pairing`. +//! +//! The field underlying these constraints is `algebra::mnt6_298::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, mnt6_298::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::mnt6_298::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `G1Var` and `G2Var`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, mnt6_298::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt6_298::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `G1` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G1Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `G1`. +//! let zero = G1Var::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! Finally, one can check pairing computations as well: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, PairingEngine, mnt6_298::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt6_298::{self, *}; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate random `G1` and `G2` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G2Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let pairing_result_native = MNT6_298::pairing(a_native, b_native); +//! +//! // Prepare `a` and `b` for pairing. +//! let a_prep = mnt6_298::PairingVar::prepare_g1(&a)?; +//! let b_prep = mnt6_298::PairingVar::prepare_g2(&b)?; +//! let pairing_result = mnt6_298::PairingVar::pairing(a_prep, b_prep)?; +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!(pairing_result.value()?, pairing_result_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! let a_prep_const = mnt6_298::PairingVar::prepare_g1(&a_const)?; +//! let b_prep_const = mnt6_298::PairingVar::prepare_g2(&b_const)?; +//! let pairing_result_const = mnt6_298::PairingVar::pairing(a_prep_const, b_prep_const)?; +//! println!("Done here 3"); +//! +//! pairing_result.enforce_equal(&pairing_result_const)?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; mod pairing; diff --git a/r1cs-std/src/instantiated/mnt6_753/mod.rs b/r1cs-std/src/instantiated/mnt6_753/mod.rs index 5e10f69..914a582 100644 --- a/r1cs-std/src/instantiated/mnt6_753/mod.rs +++ b/r1cs-std/src/instantiated/mnt6_753/mod.rs @@ -1,3 +1,153 @@ +//! This module implements the R1CS equivalent of `algebra::mnt6_753`. +//! +//! It implements field variables for `algebra::mnt6_753::{Fq, Fq3, Fq6}`, +//! group variables for `algebra::mnt6_753::{G1, G2}`, and implements constraint +//! generation for computing `MNT6_753::pairing`. +//! +//! The field underlying these constraints is `algebra::mnt6_753::Fq`. +//! +//! # Examples +//! +//! One can perform standard algebraic operations on `FqVar`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! use algebra::{UniformRand, mnt6_753::*}; +//! use r1cs_core::*; +//! use r1cs_std::prelude::*; +//! use r1cs_std::mnt6_753::*; +//! +//! let cs = ConstraintSystem::::new_ref(); +//! // This rng is just for test purposes; do not use it +//! // in real applications. +//! let mut rng = algebra::test_rng(); +//! +//! // Generate some random `Fq` elements. +//! let a_native = Fq::rand(&mut rng); +//! let b_native = Fq::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?; +//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let one = FqVar::one(); +//! let zero = FqVar::zero(); +//! +//! // Sanity check one + one = two +//! let two = &one + &one + &zero; +//! two.enforce_equal(&one.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that the value of &a * &b is correct. +//! assert_eq!((&a * &b).value()?, a_native * &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! One can also perform standard algebraic operations on `G1Var` and `G2Var`: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, mnt6_753::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt6_753::*; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate some random `G1` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G1Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! // This returns the identity of `G1`. +//! let zero = G1Var::zero(); +//! +//! // Sanity check one + one = two +//! let two_a = &a + &a + &zero; +//! two_a.enforce_equal(&a.double()?)?; +//! +//! assert!(cs.is_satisfied()?); +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!((&a + &b).value()?, a_native + &b_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! (&a + &b).enforce_equal(&(&a_const + &b_const))?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` +//! +//! Finally, one can check pairing computations as well: +//! +//! ``` +//! # fn main() -> Result<(), r1cs_core::SynthesisError> { +//! # use algebra::{UniformRand, PairingEngine, mnt6_753::*}; +//! # use r1cs_core::*; +//! # use r1cs_std::prelude::*; +//! # use r1cs_std::mnt6_753::{self, *}; +//! +//! # let cs = ConstraintSystem::::new_ref(); +//! # let mut rng = algebra::test_rng(); +//! +//! // Generate random `G1` and `G2` elements. +//! let a_native = G1Projective::rand(&mut rng); +//! let b_native = G2Projective::rand(&mut rng); +//! +//! // Allocate `a_native` and `b_native` as witness variables in `cs`. +//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?; +//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?; +//! +//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any +//! // constraints or variables. +//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?; +//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?; +//! +//! let pairing_result_native = MNT6_753::pairing(a_native, b_native); +//! +//! // Prepare `a` and `b` for pairing. +//! let a_prep = mnt6_753::PairingVar::prepare_g1(&a)?; +//! let b_prep = mnt6_753::PairingVar::prepare_g2(&b)?; +//! let pairing_result = mnt6_753::PairingVar::pairing(a_prep, b_prep)?; +//! +//! // Check that the value of &a + &b is correct. +//! assert_eq!(pairing_result.value()?, pairing_result_native); +//! +//! // Check that operations on variables and constants are equivalent. +//! let a_prep_const = mnt6_753::PairingVar::prepare_g1(&a_const)?; +//! let b_prep_const = mnt6_753::PairingVar::prepare_g2(&b_const)?; +//! let pairing_result_const = mnt6_753::PairingVar::pairing(a_prep_const, b_prep_const)?; +//! println!("Done here 3"); +//! +//! pairing_result.enforce_equal(&pairing_result_const)?; +//! assert!(cs.is_satisfied()?); +//! # Ok(()) +//! # } +//! ``` + mod curves; mod fields; mod pairing; diff --git a/r1cs-std/src/instantiated/mod.rs b/r1cs-std/src/instantiated/mod.rs index 210f268..0ca6c2c 100644 --- a/r1cs-std/src/instantiated/mod.rs +++ b/r1cs-std/src/instantiated/mod.rs @@ -1,50 +1,38 @@ -/// This module implements the R1CS equivalent of `algebra::bls12_377`. #[cfg(feature = "bls12_377")] pub mod bls12_377; -/// This module implements the R1CS equivalent of `algebra::ed_on_bls12_377`. #[cfg(feature = "ed_on_bls12_377")] pub mod ed_on_bls12_377; -/// This module implements the R1CS equivalent of `algebra::ed_on_cp6_782`. #[cfg(feature = "ed_on_cp6_782")] pub mod ed_on_cp6_782; #[cfg(all(not(feature = "ed_on_cp6_782"), feature = "ed_on_bw6_761"))] pub(crate) mod ed_on_cp6_782; -/// This module implements the R1CS equivalent of `algebra::ed_on_bw6_761`. #[cfg(feature = "ed_on_bw6_761")] pub mod ed_on_bw6_761; -/// This module implements the R1CS equivalent of `algebra::ed_on_bn254`. #[cfg(feature = "ed_on_bn254")] pub mod ed_on_bn254; -/// This module implements the R1CS equivalent of `algebra::ed_on_bls12_381`. #[cfg(feature = "ed_on_bls12_381")] pub mod ed_on_bls12_381; -/// This module implements the R1CS equivalent of `algebra::ed_on_mnt4_298`. #[cfg(feature = "ed_on_mnt4_298")] pub mod ed_on_mnt4_298; -/// This module implements the R1CS equivalent of `algebra::ed_on_mnt4_753`. #[cfg(feature = "ed_on_mnt4_753")] pub mod ed_on_mnt4_753; -/// This module implements the R1CS equivalent of `algebra::mnt4_298`. #[cfg(feature = "mnt4_298")] pub mod mnt4_298; -/// This module implements the R1CS equivalent of `algebra::mnt4_753`. #[cfg(feature = "mnt4_753")] pub mod mnt4_753; -/// This module implements the R1CS equivalent of `algebra::mnt6_298`. #[cfg(feature = "mnt6_298")] pub mod mnt6_298; -/// This module implements the R1CS equivalent of `algebra::mnt6_753`. #[cfg(feature = "mnt6_753")] pub mod mnt6_753;