Add examples and doctests for instantiated curves

r1cs-std/src/fields/cubic_extension.rs

@@ -1,6 +1,6 @@
 use algebra::{
     fields::{CubicExtField, CubicExtParameters, Field},
-    One, Zero,
+    Zero,
 };
 use core::{borrow::Borrow, marker::PhantomData};
 use r1cs_core::{ConstraintSystemRef, Namespace, SynthesisError};
@@ -266,14 +266,20 @@ where
 
     #[tracing::instrument(target = "r1cs")]
     fn inverse(&self) -> Result<Self, SynthesisError> {
-        let cs = self.cs().get()?.clone();
-        let one = Self::new_constant(cs.clone(), CubicExtField::one())?;
-
-        let inverse = Self::new_witness(self.cs().get()?.clone(), || {
-            self.value()
-                .map(|f| f.inverse().unwrap_or(CubicExtField::zero()))
-        })?;
-        self.mul_equals(&inverse, &one)?;
+        let mode = if self.is_constant() {
+            AllocationMode::Constant
+        } else {
+            AllocationMode::Witness
+        };
+        let inverse = Self::new_variable(
+            self.cs().get()?.clone(),
+            || {
+                self.value()
+                    .map(|f| f.inverse().unwrap_or(CubicExtField::zero()))
+            },
+            mode,
+        )?;
+        self.mul_equals(&inverse, &Self::one())?;
         Ok(inverse)
     }
 }

r1cs-std/src/fields/fp/mod.rs

@@ -48,7 +48,7 @@ impl R1CSVar for FpVar {
 
     fn cs(&self) -> Option<ConstraintSystemRef<F>> {
         match self {
-            Self::Constant(_) => None,
+            Self::Constant(_) => Some(ConstraintSystemRef::None),
             Self::Var(a) => Some(a.cs.clone()),
         }
     }

r1cs-std/src/fields/quadratic_extension.rs

@@ -1,6 +1,6 @@
 use algebra::{
     fields::{Field, QuadExtField, QuadExtParameters},
-    One, Zero,
+    Zero,
 };
 use core::{borrow::Borrow, marker::PhantomData};
 use r1cs_core::{ConstraintSystemRef, Namespace, SynthesisError};
@@ -273,12 +273,20 @@ where
 
     #[tracing::instrument(target = "r1cs")]
     fn inverse(&self) -> Result<Self, SynthesisError> {
-        let one = Self::new_constant(self.cs().get()?.clone(), QuadExtField::one())?;
-        let inverse = Self::new_witness(self.cs().get()?.clone(), || {
-            self.value()
-                .map(|f| f.inverse().unwrap_or(QuadExtField::zero()))
-        })?;
-        self.mul_equals(&inverse, &one)?;
+        let mode = if self.is_constant() {
+            AllocationMode::Constant
+        } else {
+            AllocationMode::Witness
+        };
+        let inverse = Self::new_variable(
+            self.cs().get()?.clone(),
+            || {
+                self.value()
+                    .map(|f| f.inverse().unwrap_or(QuadExtField::zero()))
+            },
+            mode,
+        )?;
+        self.mul_equals(&inverse, &Self::one())?;
         Ok(inverse)
     }
 }

r1cs-std/src/groups/curves/short_weierstrass/mod.rs

@@ -154,7 +154,11 @@ where
     pub fn to_affine(&self) -> Result<AffineVar<P, F>, SynthesisError> {
         let cs = self.cs().unwrap_or(ConstraintSystemRef::None);
         let mode = if self.is_constant() {
-            AllocationMode::Constant
+            let point = self.value()?.into_affine();
+            let x = F::new_constant(ConstraintSystemRef::None, point.x)?;
+            let y = F::new_constant(ConstraintSystemRef::None, point.y)?;
+            let infinity = Boolean::constant(point.infinity);
+            return Ok(AffineVar::new(x, y, infinity));
         } else {
             AllocationMode::Witness
         };

r1cs-std/src/groups/curves/twisted_edwards/mod.rs

@@ -461,7 +461,11 @@ where
     #[inline]
     #[tracing::instrument(target = "r1cs")]
     fn double_in_place(&mut self) -> Result<(), SynthesisError> {
-        if let Some(cs) = self.cs() {
+        if self.is_constant() {
+            let value = self.value()?;
+            *self = Self::constant(value.double());
+        } else {
+            let cs = self.cs().unwrap();
             let a = P::COEFF_A;
 
             // xy
@@ -496,9 +500,6 @@ where
             y3.mul_equals(&two_minus_ax2_minus_y2, &y2_minus_a_x2)?;
             self.x = x3;
             self.y = y3;
-        } else {
-            let value = self.value()?;
-            *self = Self::constant(value.double());
         }
         Ok(())
     }
@@ -708,7 +709,12 @@ impl_bounded_ops!(
     AddAssign,
     add_assign,
     |this: &'a AffineVar<P, F>, other: &'a AffineVar<P, F>| {
-        if let Some(cs) = [this, other].cs() {
+
+        if [this, other].is_constant() {
+            assert!(this.is_constant() && other.is_constant());
+            AffineVar::constant(this.value().unwrap() + &other.value().unwrap())
+        } else {
+            let cs = [this, other].cs().unwrap();
             let a = P::COEFF_A;
             let d = P::COEFF_D;
 
@@ -752,9 +758,6 @@ impl_bounded_ops!(
             y3.mul_equals(&one_minus_v2, &u_plus_a_v0_minus_v1).unwrap();
 
             AffineVar::new(x3, y3)
-        } else {
-            assert!(this.is_constant() && other.is_constant());
-            AffineVar::constant(this.value().unwrap() + &other.value().unwrap())
         }
     },
     |this: &'a AffineVar<P, F>, other: TEProjective<P>| this + AffineVar::constant(other),

r1cs-std/src/instantiated/bls12_377/fields.rs

@@ -4,6 +4,7 @@ use crate::fields::{fp::FpVar, fp12::Fp12Var, fp2::Fp2Var, fp6_3over2::Fp6Var};
 
 /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq`.
 pub type FqVar = FpVar<Fq>;
+
 /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq2`.
 pub type Fq2Var = Fp2Var<Fq2Parameters>;
 /// A variable that is the R1CS equivalent of `algebra::bls12_377::Fq6`.

r1cs-std/src/instantiated/bls12_377/mod.rs

@@ -1,3 +1,153 @@
+//! This module implements the R1CS equivalent of `algebra::bls12_377`.
+//!
+//! It implements field variables for `algebra::bls12_377::{Fq, Fq2, Fq6, Fq12}`,
+//! group variables for `algebra::bls12_377::{G1, G2}`, and implements constraint
+//! generation for computing `Bls12_377::pairing`.
+//!
+//! The field underlying these constraints is `algebra::bls12_377::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, bls12_377::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::bls12_377::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, bls12_377::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::bls12_377::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `G1` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G1Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `G1`.
+//! let zero = G1Var::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! Finally, one can check pairing computations as well:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, PairingEngine, bls12_377::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::bls12_377::{self, *};
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate random `G1` and `G2` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G2Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let pairing_result_native = Bls12_377::pairing(a_native, b_native);
+//!
+//! // Prepare `a` and `b` for pairing.
+//! let a_prep = bls12_377::PairingVar::prepare_g1(&a)?;
+//! let b_prep = bls12_377::PairingVar::prepare_g2(&b)?;
+//! let pairing_result = bls12_377::PairingVar::pairing(a_prep, b_prep)?;
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! let a_prep_const = bls12_377::PairingVar::prepare_g1(&a_const)?;
+//! let b_prep_const = bls12_377::PairingVar::prepare_g2(&b_const)?;
+//! let pairing_result_const = bls12_377::PairingVar::pairing(a_prep_const, b_prep_const)?;
+//! println!("Done here 3");
+//!
+//! pairing_result.enforce_equal(&pairing_result_const)?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 mod pairing;

r1cs-std/src/instantiated/ed_on_bls12_377/mod.rs

@@ -1,3 +1,105 @@
+//! This module implements the R1CS equivalent of `algebra::ed_on_bls12_377`.
+//!
+//! It implements field variables for `algebra::ed_on_bls12_377::Fq`,
+//! and group variables for `algebra::ed_on_bls12_377::GroupProjective`.
+//!
+//! The field underlying these constraints is `algebra::ed_on_bls12_377::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, ed_on_bls12_377::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::ed_on_bls12_377::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `EdwardsVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, ed_on_bls12_377::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::ed_on_bls12_377::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Edwards` elements.
+//! let a_native = EdwardsProjective::rand(&mut rng);
+//! let b_native = EdwardsProjective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity.
+//! let zero = EdwardsVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 

r1cs-std/src/instantiated/ed_on_bls12_381/mod.rs

@@ -1,3 +1,105 @@
+//! This module implements the R1CS equivalent of `algebra::ed_on_bls12_381`.
+//!
+//! It implements field variables for `algebra::ed_on_bls12_381::Fq`,
+//! and group variables for `algebra::ed_on_bls12_381::GroupProjective`.
+//!
+//! The field underlying these constraints is `algebra::ed_on_bls12_381::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, ed_on_bls12_381::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::ed_on_bls12_381::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `EdwardsVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, ed_on_bls12_381::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::ed_on_bls12_381::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Edwards` elements.
+//! let a_native = EdwardsProjective::rand(&mut rng);
+//! let b_native = EdwardsProjective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `Edwards`.
+//! let zero = EdwardsVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 

r1cs-std/src/instantiated/ed_on_bn254/mod.rs

@@ -1,3 +1,105 @@
+//! This module implements the R1CS equivalent of `algebra::ed_on_bn254`.
+//!
+//! It implements field variables for `algebra::ed_on_bn254::Fq`,
+//! and group variables for `algebra::ed_on_bn254::GroupProjective`.
+//!
+//! The field underlying these constraints is `algebra::ed_on_bn254::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, ed_on_bn254::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::ed_on_bn254::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `EdwardsVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, ed_on_bn254::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::ed_on_bn254::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Edwards` elements.
+//! let a_native = EdwardsProjective::rand(&mut rng);
+//! let b_native = EdwardsProjective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `Edwards`.
+//! let zero = EdwardsVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 

r1cs-std/src/instantiated/ed_on_bw6_761/mod.rs

@@ -1 +1,103 @@
+//! This module implements the R1CS equivalent of `algebra::ed_on_bw6_761`.
+//!
+//! It implements field variables for `algebra::ed_on_bw6_761::Fq`,
+//! and group variables for `algebra::ed_on_bw6_761::GroupProjective`.
+//!
+//! The field underlying these constraints is `algebra::ed_on_bw6_761::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, ed_on_bw6_761::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::ed_on_bw6_761::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `EdwardsVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, ed_on_bw6_761::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::ed_on_bw6_761::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Edwards` elements.
+//! let a_native = EdwardsProjective::rand(&mut rng);
+//! let b_native = EdwardsProjective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `Edwards`.
+//! let zero = EdwardsVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 pub use crate::instantiated::ed_on_cp6_782::*;

r1cs-std/src/instantiated/ed_on_cp6_782/mod.rs

@@ -1,4 +1,105 @@
 #![allow(unreachable_pub)]
+//! This module implements the R1CS equivalent of `algebra::ed_on_cp6_782`.
+//!
+//! It implements field variables for `algebra::ed_on_cp6_782::Fq`,
+//! and group variables for `algebra::ed_on_cp6_782::GroupProjective`.
+//!
+//! The field underlying these constraints is `algebra::ed_on_cp6_782::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, ed_on_cp6_782::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::ed_on_cp6_782::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `EdwardsVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, ed_on_cp6_782::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::ed_on_cp6_782::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Edwards` elements.
+//! let a_native = EdwardsProjective::rand(&mut rng);
+//! let b_native = EdwardsProjective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `Edwards`.
+//! let zero = EdwardsVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
 
 mod curves;
 mod fields;

r1cs-std/src/instantiated/ed_on_mnt4_298/mod.rs

@@ -1,3 +1,105 @@
+//! This module implements the R1CS equivalent of `algebra::ed_on_mnt4_298`.
+//!
+//! It implements field variables for `algebra::ed_on_mnt4_298::Fq`,
+//! and group variables for `algebra::ed_on_mnt4_298::GroupProjective`.
+//!
+//! The field underlying these constraints is `algebra::ed_on_mnt4_298::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, ed_on_mnt4_298::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::ed_on_mnt4_298::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `EdwardsVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, ed_on_mnt4_298::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::ed_on_mnt4_298::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Edwards` elements.
+//! let a_native = EdwardsProjective::rand(&mut rng);
+//! let b_native = EdwardsProjective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `Edwards`.
+//! let zero = EdwardsVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 

r1cs-std/src/instantiated/ed_on_mnt4_753/mod.rs

@@ -1,3 +1,105 @@
+//! This module implements the R1CS equivalent of `algebra::ed_on_mnt4_753`.
+//!
+//! It implements field variables for `algebra::ed_on_mnt4_753::Fq`,
+//! and group variables for `algebra::ed_on_mnt4_753::GroupProjective`.
+//!
+//! The field underlying these constraints is `algebra::ed_on_mnt4_753::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, ed_on_mnt4_753::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::ed_on_mnt4_753::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `EdwardsVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, ed_on_mnt4_753::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::ed_on_mnt4_753::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Edwards` elements.
+//! let a_native = EdwardsProjective::rand(&mut rng);
+//! let b_native = EdwardsProjective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = EdwardsVar::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = EdwardsVar::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = EdwardsVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `Edwards`.
+//! let zero = EdwardsVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 

r1cs-std/src/instantiated/mnt4_298/mod.rs

@@ -1,3 +1,153 @@
+//! This module implements the R1CS equivalent of `algebra::mnt4_298`.
+//!
+//! It implements field variables for `algebra::mnt4_298::{Fq, Fq2, Fq4}`,
+//! group variables for `algebra::mnt4_298::{G1, G2}`, and implements constraint
+//! generation for computing `MNT4_298::pairing`.
+//!
+//! The field underlying these constraints is `algebra::mnt4_298::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, mnt4_298::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::mnt4_298::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, mnt4_298::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt4_298::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `G1` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G1Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `G1`.
+//! let zero = G1Var::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! Finally, one can check pairing computations as well:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, PairingEngine, mnt4_298::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt4_298::{self, *};
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate random `G1` and `G2` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G2Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let pairing_result_native = MNT4_298::pairing(a_native, b_native);
+//!
+//! // Prepare `a` and `b` for pairing.
+//! let a_prep = mnt4_298::PairingVar::prepare_g1(&a)?;
+//! let b_prep = mnt4_298::PairingVar::prepare_g2(&b)?;
+//! let pairing_result = mnt4_298::PairingVar::pairing(a_prep, b_prep)?;
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! let a_prep_const = mnt4_298::PairingVar::prepare_g1(&a_const)?;
+//! let b_prep_const = mnt4_298::PairingVar::prepare_g2(&b_const)?;
+//! let pairing_result_const = mnt4_298::PairingVar::pairing(a_prep_const, b_prep_const)?;
+//! println!("Done here 3");
+//!
+//! pairing_result.enforce_equal(&pairing_result_const)?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 mod pairing;

r1cs-std/src/instantiated/mnt4_753/mod.rs

@@ -1,3 +1,153 @@
+//! This module implements the R1CS equivalent of `algebra::mnt4_753`.
+//!
+//! It implements field variables for `algebra::mnt4_753::{Fq, Fq2, Fq4}`,
+//! group variables for `algebra::mnt4_753::{G1, G2}`, and implements constraint
+//! generation for computing `MNT4_753::pairing`.
+//!
+//! The field underlying these constraints is `algebra::mnt4_753::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, mnt4_753::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::mnt4_753::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, mnt4_753::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt4_753::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `G1` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G1Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `G1`.
+//! let zero = G1Var::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! Finally, one can check pairing computations as well:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, PairingEngine, mnt4_753::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt4_753::{self, *};
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate random `G1` and `G2` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G2Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let pairing_result_native = MNT4_753::pairing(a_native, b_native);
+//!
+//! // Prepare `a` and `b` for pairing.
+//! let a_prep = mnt4_753::PairingVar::prepare_g1(&a)?;
+//! let b_prep = mnt4_753::PairingVar::prepare_g2(&b)?;
+//! let pairing_result = mnt4_753::PairingVar::pairing(a_prep, b_prep)?;
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! let a_prep_const = mnt4_753::PairingVar::prepare_g1(&a_const)?;
+//! let b_prep_const = mnt4_753::PairingVar::prepare_g2(&b_const)?;
+//! let pairing_result_const = mnt4_753::PairingVar::pairing(a_prep_const, b_prep_const)?;
+//! println!("Done here 3");
+//!
+//! pairing_result.enforce_equal(&pairing_result_const)?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 mod pairing;

r1cs-std/src/instantiated/mnt6_298/mod.rs

@@ -1,3 +1,153 @@
+//! This module implements the R1CS equivalent of `algebra::mnt6_298`.
+//!
+//! It implements field variables for `algebra::mnt6_298::{Fq, Fq3, Fq6}`,
+//! group variables for `algebra::mnt6_298::{G1, G2}`, and implements constraint
+//! generation for computing `MNT6_298::pairing`.
+//!
+//! The field underlying these constraints is `algebra::mnt6_298::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, mnt6_298::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::mnt6_298::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, mnt6_298::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt6_298::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `G1` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G1Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `G1`.
+//! let zero = G1Var::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! Finally, one can check pairing computations as well:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, PairingEngine, mnt6_298::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt6_298::{self, *};
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate random `G1` and `G2` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G2Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let pairing_result_native = MNT6_298::pairing(a_native, b_native);
+//!
+//! // Prepare `a` and `b` for pairing.
+//! let a_prep = mnt6_298::PairingVar::prepare_g1(&a)?;
+//! let b_prep = mnt6_298::PairingVar::prepare_g2(&b)?;
+//! let pairing_result = mnt6_298::PairingVar::pairing(a_prep, b_prep)?;
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! let a_prep_const = mnt6_298::PairingVar::prepare_g1(&a_const)?;
+//! let b_prep_const = mnt6_298::PairingVar::prepare_g2(&b_const)?;
+//! let pairing_result_const = mnt6_298::PairingVar::pairing(a_prep_const, b_prep_const)?;
+//! println!("Done here 3");
+//!
+//! pairing_result.enforce_equal(&pairing_result_const)?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 mod pairing;

r1cs-std/src/instantiated/mnt6_753/mod.rs

@@ -1,3 +1,153 @@
+//! This module implements the R1CS equivalent of `algebra::mnt6_753`.
+//!
+//! It implements field variables for `algebra::mnt6_753::{Fq, Fq3, Fq6}`,
+//! group variables for `algebra::mnt6_753::{G1, G2}`, and implements constraint
+//! generation for computing `MNT6_753::pairing`.
+//!
+//! The field underlying these constraints is `algebra::mnt6_753::Fq`.
+//!
+//! # Examples
+//!
+//! One can perform standard algebraic operations on `FqVar`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! use algebra::{UniformRand, mnt6_753::*};
+//! use r1cs_core::*;
+//! use r1cs_std::prelude::*;
+//! use r1cs_std::mnt6_753::*;
+//!
+//! let cs = ConstraintSystem::<Fq>::new_ref();
+//! // This rng is just for test purposes; do not use it
+//! // in real applications.
+//! let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `Fq` elements.
+//! let a_native = Fq::rand(&mut rng);
+//! let b_native = Fq::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = FqVar::new_witness(r1cs_core::ns!(cs, "generate_a"), || Ok(a_native))?;
+//! let b = FqVar::new_witness(r1cs_core::ns!(cs, "generate_b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = FqVar::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = FqVar::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let one = FqVar::one();
+//! let zero = FqVar::zero();
+//!
+//! // Sanity check one + one = two
+//! let two = &one + &one + &zero;
+//! two.enforce_equal(&one.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that the value of &a * &b is correct.
+//! assert_eq!((&a * &b).value()?, a_native * &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! One can also perform standard algebraic operations on `G1Var` and `G2Var`:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, mnt6_753::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt6_753::*;
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate some random `G1` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G1Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G1Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G1Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! // This returns the identity of `G1`.
+//! let zero = G1Var::zero();
+//!
+//! // Sanity check one + one = two
+//! let two_a = &a + &a + &zero;
+//! two_a.enforce_equal(&a.double()?)?;
+//!
+//! assert!(cs.is_satisfied()?);
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!((&a + &b).value()?, a_native + &b_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! (&a + &b).enforce_equal(&(&a_const + &b_const))?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+//!
+//! Finally, one can check pairing computations as well:
+//!
+//! ```
+//! # fn main() -> Result<(), r1cs_core::SynthesisError> {
+//! # use algebra::{UniformRand, PairingEngine, mnt6_753::*};
+//! # use r1cs_core::*;
+//! # use r1cs_std::prelude::*;
+//! # use r1cs_std::mnt6_753::{self, *};
+//!
+//! # let cs = ConstraintSystem::<Fq>::new_ref();
+//! # let mut rng = algebra::test_rng();
+//!
+//! // Generate random `G1` and `G2` elements.
+//! let a_native = G1Projective::rand(&mut rng);
+//! let b_native = G2Projective::rand(&mut rng);
+//!
+//! // Allocate `a_native` and `b_native` as witness variables in `cs`.
+//! let a = G1Var::new_witness(r1cs_core::ns!(cs, "a"), || Ok(a_native))?;
+//! let b = G2Var::new_witness(r1cs_core::ns!(cs, "b"), || Ok(b_native))?;
+//!
+//! // Allocate `a_native` and `b_native` as constants in `cs`. This does not add any
+//! // constraints or variables.
+//! let a_const = G1Var::new_constant(r1cs_core::ns!(cs, "a_as_constant"), a_native)?;
+//! let b_const = G2Var::new_constant(r1cs_core::ns!(cs, "b_as_constant"), b_native)?;
+//!
+//! let pairing_result_native = MNT6_753::pairing(a_native, b_native);
+//!
+//! // Prepare `a` and `b` for pairing.
+//! let a_prep = mnt6_753::PairingVar::prepare_g1(&a)?;
+//! let b_prep = mnt6_753::PairingVar::prepare_g2(&b)?;
+//! let pairing_result = mnt6_753::PairingVar::pairing(a_prep, b_prep)?;
+//!
+//! // Check that the value of &a + &b is correct.
+//! assert_eq!(pairing_result.value()?, pairing_result_native);
+//!
+//! // Check that operations on variables and constants are equivalent.
+//! let a_prep_const = mnt6_753::PairingVar::prepare_g1(&a_const)?;
+//! let b_prep_const = mnt6_753::PairingVar::prepare_g2(&b_const)?;
+//! let pairing_result_const = mnt6_753::PairingVar::pairing(a_prep_const, b_prep_const)?;
+//! println!("Done here 3");
+//!
+//! pairing_result.enforce_equal(&pairing_result_const)?;
+//! assert!(cs.is_satisfied()?);
+//! # Ok(())
+//! # }
+//! ```
+
 mod curves;
 mod fields;
 mod pairing;

r1cs-std/src/instantiated/mod.rs

@@ -1,50 +1,38 @@
-/// This module implements the R1CS equivalent of `algebra::bls12_377`.
 #[cfg(feature = "bls12_377")]
 pub mod bls12_377;
 
-/// This module implements the R1CS equivalent of `algebra::ed_on_bls12_377`.
 #[cfg(feature = "ed_on_bls12_377")]
 pub mod ed_on_bls12_377;
 
-/// This module implements the R1CS equivalent of `algebra::ed_on_cp6_782`.
 #[cfg(feature = "ed_on_cp6_782")]
 pub mod ed_on_cp6_782;
 
 #[cfg(all(not(feature = "ed_on_cp6_782"), feature = "ed_on_bw6_761"))]
 pub(crate) mod ed_on_cp6_782;
 
-/// This module implements the R1CS equivalent of `algebra::ed_on_bw6_761`.
 #[cfg(feature = "ed_on_bw6_761")]
 pub mod ed_on_bw6_761;
 
-/// This module implements the R1CS equivalent of `algebra::ed_on_bn254`.
 #[cfg(feature = "ed_on_bn254")]
 pub mod ed_on_bn254;
 
-/// This module implements the R1CS equivalent of `algebra::ed_on_bls12_381`.
 #[cfg(feature = "ed_on_bls12_381")]
 pub mod ed_on_bls12_381;
 
-/// This module implements the R1CS equivalent of `algebra::ed_on_mnt4_298`.
 #[cfg(feature = "ed_on_mnt4_298")]
 pub mod ed_on_mnt4_298;
 
-/// This module implements the R1CS equivalent of `algebra::ed_on_mnt4_753`.
 #[cfg(feature = "ed_on_mnt4_753")]
 pub mod ed_on_mnt4_753;
 
-/// This module implements the R1CS equivalent of `algebra::mnt4_298`.
 #[cfg(feature = "mnt4_298")]
 pub mod mnt4_298;
 
-/// This module implements the R1CS equivalent of `algebra::mnt4_753`.
 #[cfg(feature = "mnt4_753")]
 pub mod mnt4_753;
 
-/// This module implements the R1CS equivalent of `algebra::mnt6_298`.
 #[cfg(feature = "mnt6_298")]
 pub mod mnt6_298;
 
-/// This module implements the R1CS equivalent of `algebra::mnt6_753`.
 #[cfg(feature = "mnt6_753")]
 pub mod mnt6_753;