Runs cargo fmt

5 years ago · fb87c421e7
26 changed files with 284 additions and 240 deletions
--- a/crypto-primitives/benches/crypto_primitives/comm.rs
+++ b/crypto-primitives/benches/crypto_primitives/comm.rs
@ -3,7 +3,7 @@ use rand;
 #[macro_use]
 extern crate criterion;

 use algebra::{UniformRand, curves::edwards_bls12::EdwardsProjective as Edwards};
 use algebra::{curves::edwards_bls12::EdwardsProjective as Edwards, UniformRand};
 use criterion::Criterion;
 use crypto_primitives::commitment::{pedersen::*, CommitmentScheme};

--- a/crypto-primitives/src/commitment/blake2s/constraints.rs
+++ b/crypto-primitives/src/commitment/blake2s/constraints.rs
@ -5,7 +5,7 @@ use crate::{
    prf::blake2s::constraints::{blake2s_gadget, Blake2sOutputGadget},
    CommitmentGadget,
 };
 use algebra::{PrimeField, Field};
 use algebra::{Field, PrimeField};
 use r1cs_std::prelude::*;

 use std::borrow::Borrow;
@ -18,7 +18,9 @@ pub struct Blake2sRandomnessGadget(pub Vec);

 pub struct Blake2sCommitmentGadget;

 impl<ConstraintF: PrimeField> CommitmentGadget<Blake2sCommitment, ConstraintF> for Blake2sCommitmentGadget {
 impl<ConstraintF: PrimeField> CommitmentGadget<Blake2sCommitment, ConstraintF>
    for Blake2sCommitmentGadget
 {
    type OutputGadget = Blake2sOutputGadget;
    type ParametersGadget = Blake2sParametersGadget;
    type RandomnessGadget = Blake2sRandomnessGadget;
@ -54,7 +56,10 @@ impl AllocGadget<(), ConstraintF> for Blake2sParametersGadge
        Ok(Blake2sParametersGadget)
    }

    fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(_: CS, _: F) -> Result<Self, SynthesisError>
    fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(
        _: CS,
        _: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<()>,
@ -65,7 +70,10 @@ impl AllocGadget<(), ConstraintF> for Blake2sParametersGadge

 impl<ConstraintF: PrimeField> AllocGadget<[u8; 32], ConstraintF> for Blake2sRandomnessGadget {
    #[inline]
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, value_gen: F) -> Result<Self, SynthesisError>
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
        cs: CS,
        value_gen: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<[u8; 32]>,
@ -105,14 +113,15 @@ mod test {
    use algebra::fields::bls12_381::Fr;
    use rand::{thread_rng, Rng};

    use crate::*;
    use crate::{
        commitment::blake2s::Blake2sCommitment,
        commitment::blake2s::constraints::{Blake2sCommitmentGadget, Blake2sRandomnessGadget},
        commitment::blake2s::{
            constraints::{Blake2sCommitmentGadget, Blake2sRandomnessGadget},
            Blake2sCommitment,
        },
        *,
    };
    use r1cs_core::ConstraintSystem;
    use r1cs_std::prelude::*;
    use r1cs_std::test_constraint_system::TestConstraintSystem;
    use r1cs_std::{prelude::*, test_constraint_system::TestConstraintSystem};

    #[test]
    fn commitment_gadget_test() {
--- a/crypto-primitives/src/commitment/blake2s/mod.rs
+++ b/crypto-primitives/src/commitment/blake2s/mod.rs
@ -1,7 +1,7 @@
 use super::CommitmentScheme;
 use crate::Error;
 use blake2::Blake2s as b2s;
 use digest::Digest;
 use crate::Error;
 use rand::Rng;

 pub struct Blake2sCommitment;
@ -9,7 +9,6 @@ pub struct Blake2sCommitment;
 #[cfg(feature = "r1cs")]
 pub mod constraints;


 impl CommitmentScheme for Blake2sCommitment {
    type Parameters = ();
    type Randomness = [u8; 32];
--- a/crypto-primitives/src/commitment/injective_map/constraints.rs
+++ b/crypto-primitives/src/commitment/injective_map/constraints.rs
@ -2,9 +2,11 @@ use algebra::{Field, PrimeField};

 use crate::commitment::{
    injective_map::{InjectiveMap, PedersenCommCompressor},
    pedersen::PedersenWindow,
    pedersen::constraints::{
        PedersenCommitmentGadget, PedersenCommitmentGadgetParameters, PedersenRandomnessGadget,
    pedersen::{
        constraints::{
            PedersenCommitmentGadget, PedersenCommitmentGadgetParameters, PedersenRandomnessGadget,
        },
        PedersenWindow,
    },
    CommitmentGadget,
 };
@ -23,7 +25,6 @@ where
    ConstraintF: Field,
    GG: GroupGadget<G, ConstraintF>,
    IG: InjectiveMapGadget<G, I, ConstraintF, GG>,

 {
    _compressor:        PhantomData<I>,
    _compressor_gadget: PhantomData<IG>,
--- a/crypto-primitives/src/commitment/mod.rs
+++ b/crypto-primitives/src/commitment/mod.rs
@ -1,5 +1,5 @@
 use rand::Rng;
 use algebra::UniformRand;
 use rand::Rng;
 use std::{fmt::Debug, hash::Hash};

 use algebra::bytes::ToBytes;
--- a/crypto-primitives/src/commitment/pedersen/constraints.rs
+++ b/crypto-primitives/src/commitment/pedersen/constraints.rs
@ -13,9 +13,9 @@ use std::{borrow::Borrow, marker::PhantomData};
 #[derive(Derivative)]
 #[derivative(Clone(bound = "G: Group, W: PedersenWindow, ConstraintF: Field"))]
 pub struct PedersenCommitmentGadgetParameters<G: Group, W: PedersenWindow, ConstraintF: Field> {
    params:  PedersenParameters<G>,
    params: PedersenParameters<G>,
    #[doc(hidden)]
    _group:  PhantomData<G>,
    _group: PhantomData<G>,
    #[doc(hidden)]
    _engine: PhantomData<ConstraintF>,
    #[doc(hidden)]
@ -26,10 +26,8 @@ pub struct PedersenCommitmentGadgetParameters
 pub struct PedersenRandomnessGadget(Vec<UInt8>);

 pub struct PedersenCommitmentGadget<G: Group, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>>(
    #[doc(hidden)]
    PhantomData<*const G>,
    #[doc(hidden)]
    PhantomData<*const GG>,
    #[doc(hidden)] PhantomData<*const G>,
    #[doc(hidden)] PhantomData<*const GG>,
    PhantomData<ConstraintF>,
 );

@ -90,13 +88,17 @@ where
    }
 }

 impl<G, W, ConstraintF> AllocGadget<PedersenParameters<G>, ConstraintF> for PedersenCommitmentGadgetParameters<G, W, ConstraintF>
 impl<G, W, ConstraintF> AllocGadget<PedersenParameters<G>, ConstraintF>
    for PedersenCommitmentGadgetParameters<G, W, ConstraintF>
 where
    G: Group,
    W: PedersenWindow,
    ConstraintF: PrimeField,
 {
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(_cs: CS, value_gen: F) -> Result<Self, SynthesisError>
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
        _cs: CS,
        value_gen: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<PedersenParameters<G>>,
@ -137,7 +139,10 @@ where
    G: Group,
    ConstraintF: PrimeField,
 {
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, value_gen: F) -> Result<Self, SynthesisError>
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
        cs: CS,
        value_gen: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<PedersenRandomness<G>>,
@ -166,22 +171,25 @@ where

 #[cfg(test)]
 mod test {
    use algebra::{fields::jubjub::{fq::Fq, fr::Fr}};
    use algebra::{
        fields::jubjub::{fq::Fq, fr::Fr},
        UniformRand,
    };
    use rand::thread_rng;
    use algebra::UniformRand;

    use crate::{
        commitment::{
            pedersen::{PedersenCommitment, PedersenRandomness, constraints::PedersenCommitmentGadget},
            CommitmentScheme,
            CommitmentGadget,
            pedersen::{
                constraints::PedersenCommitmentGadget, PedersenCommitment, PedersenRandomness,
            },
            CommitmentGadget, CommitmentScheme,
        },
        crh::pedersen::PedersenWindow,
    };
    use algebra::curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve};
    use r1cs_core::ConstraintSystem;
    use r1cs_std::{
        groups::jubjub::JubJubGadget, test_constraint_system::TestConstraintSystem, prelude::*,
        groups::jubjub::JubJubGadget, prelude::*, test_constraint_system::TestConstraintSystem,
    };

    #[test]
--- a/crypto-primitives/src/commitment/pedersen/mod.rs
+++ b/crypto-primitives/src/commitment/pedersen/mod.rs
@ -1,7 +1,8 @@
 use crate::Error;
 use algebra::UniformRand;
 use algebra::{Field, ToConstraintField};
 use algebra::{bytes::ToBytes, groups::Group, BitIterator, FpParameters, PrimeField};
 use algebra::{
    bytes::ToBytes, groups::Group, BitIterator, Field, FpParameters, PrimeField, ToConstraintField,
    UniformRand,
 };

 use rand::Rng;
 use std::marker::PhantomData;
@ -124,8 +125,9 @@ impl CommitmentScheme for PedersenCommitment
    }
 }


 impl<ConstraintF: Field, G: Group + ToConstraintField<ConstraintF>> ToConstraintField<ConstraintF> for PedersenParameters<G> {
 impl<ConstraintF: Field, G: Group + ToConstraintField<ConstraintF>> ToConstraintField<ConstraintF>
    for PedersenParameters<G>
 {
    #[inline]
    fn to_field_elements(&self) -> Result<Vec<ConstraintF>, Error> {
        Ok(Vec::new())
--- a/crypto-primitives/src/crh/injective_map/constraints.rs
+++ b/crypto-primitives/src/crh/injective_map/constraints.rs
@ -1,12 +1,12 @@
 use std::{fmt::Debug, marker::PhantomData};

 use crate::crh::{
    FixedLengthCRHGadget,
    injective_map::{InjectiveMap, PedersenCRHCompressor, TECompressor},
    pedersen::{
        PedersenWindow,
        constraints::{PedersenCRHGadget, PedersenCRHGadgetParameters},
    }
        PedersenWindow,
    },
    FixedLengthCRHGadget,
 };

 use algebra::{
@ -24,7 +24,13 @@ use r1cs_std::{
    prelude::*,
 };

 pub trait InjectiveMapGadget<G: Group, I: InjectiveMap<G>, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>> {
 pub trait InjectiveMapGadget<
    G: Group,
    I: InjectiveMap<G>,
    ConstraintF: Field,
    GG: GroupGadget<G, ConstraintF>,
 >
 {
    type OutputGadget: EqGadget<ConstraintF>
        + ToBytesGadget<ConstraintF>
        + CondSelectGadget<ConstraintF>
@ -41,8 +47,13 @@ pub trait InjectiveMapGadget, ConstraintF: Field, G

 pub struct TECompressorGadget;

 impl<ConstraintF, P> InjectiveMapGadget<TEAffine<P>, TECompressor, ConstraintF, TwistedEdwardsGadget<P, ConstraintF, FpGadget<ConstraintF>>>
    for TECompressorGadget
 impl<ConstraintF, P>
    InjectiveMapGadget<
        TEAffine<P>,
        TECompressor,
        ConstraintF,
        TwistedEdwardsGadget<P, ConstraintF, FpGadget<ConstraintF>>,
    > for TECompressorGadget
 where
    ConstraintF: PrimeField + SquareRootField,
    P: TEModelParameters + ModelParameters<BaseField = ConstraintF>,
@ -58,8 +69,12 @@ where
 }

 impl<ConstraintF, P>
    InjectiveMapGadget<TEProjective<P>, TECompressor, ConstraintF, TwistedEdwardsGadget<P, ConstraintF, FpGadget<ConstraintF>>>
    for TECompressorGadget
    InjectiveMapGadget<
        TEProjective<P>,
        TECompressor,
        ConstraintF,
        TwistedEdwardsGadget<P, ConstraintF, FpGadget<ConstraintF>>,
    > for TECompressorGadget
 where
    ConstraintF: PrimeField + SquareRootField,
    P: TEModelParameters + ModelParameters<BaseField = ConstraintF>,
--- a/crypto-primitives/src/crh/injective_map/mod.rs
+++ b/crypto-primitives/src/crh/injective_map/mod.rs
@ -1,6 +1,5 @@
 use crate::CryptoError;
 use crate::{CryptoError, Error};
 use algebra::bytes::ToBytes;
 use crate::Error;
 use rand::Rng;
 use std::{fmt::Debug, hash::Hash, marker::PhantomData};

@ -17,7 +16,6 @@ use algebra::{
    groups::Group,
 };


 #[cfg(feature = "r1cs")]
 pub mod constraints;

--- a/crypto-primitives/src/crh/mod.rs
+++ b/crypto-primitives/src/crh/mod.rs
@ -7,13 +7,11 @@ pub mod pedersen;

 use crate::Error;


 #[cfg(feature = "r1cs")]
 pub mod constraints;
 #[cfg(feature = "r1cs")]
 pub use constraints::*;


 pub trait FixedLengthCRH {
    const INPUT_SIZE_BITS: usize;
    type Output: ToBytes + Clone + Eq + Hash + Default;
--- a/crypto-primitives/src/crh/pedersen/constraints.rs
+++ b/crypto-primitives/src/crh/pedersen/constraints.rs
@ -1,7 +1,6 @@

 use crate::crh::{
    FixedLengthCRHGadget,
    pedersen::{PedersenCRH, PedersenParameters, PedersenWindow},
    FixedLengthCRHGadget,
 };
 use algebra::{Field, Group};
 use r1cs_core::{ConstraintSystem, SynthesisError};
@ -27,14 +26,15 @@ pub struct PedersenCRHGadgetParameters<

 pub struct PedersenCRHGadget<G: Group, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>> {
    #[doc(hideen)]
    _group:        PhantomData<*const G>,
    _group: PhantomData<*const G>,
    #[doc(hideen)]
    _group_gadget: PhantomData<*const GG>,
    #[doc(hideen)]
    _engine:       PhantomData<ConstraintF>,
    _engine: PhantomData<ConstraintF>,
 }

 impl<ConstraintF, G, GG, W> FixedLengthCRHGadget<PedersenCRH<G, W>, ConstraintF> for PedersenCRHGadget<G, ConstraintF, GG>
 impl<ConstraintF, G, GG, W> FixedLengthCRHGadget<PedersenCRH<G, W>, ConstraintF>
    for PedersenCRHGadget<G, ConstraintF, GG>
 where
    ConstraintF: Field,
    G: Group,
@ -74,9 +74,13 @@ where
 }

 impl<G: Group, W: PedersenWindow, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>>
    AllocGadget<PedersenParameters<G>, ConstraintF> for PedersenCRHGadgetParameters<G, W, ConstraintF, GG>
    AllocGadget<PedersenParameters<G>, ConstraintF>
    for PedersenCRHGadgetParameters<G, W, ConstraintF, GG>
 {
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(_cs: CS, value_gen: F) -> Result<Self, SynthesisError>
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
        _cs: CS,
        value_gen: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<PedersenParameters<G>>,
@ -114,16 +118,14 @@ mod test {
    use rand::{thread_rng, Rng};

    use crate::crh::{
        pedersen::{PedersenCRH, PedersenWindow},
        pedersen::constraints::PedersenCRHGadget, 
        FixedLengthCRH,
        FixedLengthCRHGadget
        pedersen::{constraints::PedersenCRHGadget, PedersenCRH, PedersenWindow},
        FixedLengthCRH, FixedLengthCRHGadget,
    };
    use algebra::curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve};
    use r1cs_core::ConstraintSystem;
    use r1cs_std::{
        groups::curves::twisted_edwards::jubjub::JubJubGadget,
        test_constraint_system::TestConstraintSystem, prelude::*,
        groups::curves::twisted_edwards::jubjub::JubJubGadget, prelude::*,
        test_constraint_system::TestConstraintSystem,
    };

    type TestCRH = PedersenCRH<JubJub, Window>;
--- a/crypto-primitives/src/crh/pedersen/mod.rs
+++ b/crypto-primitives/src/crh/pedersen/mod.rs
@ -7,9 +7,7 @@ use std::{
 };

 use crate::crh::FixedLengthCRH;
 use algebra::{Field, ToConstraintField};
 use algebra::groups::Group;

 use algebra::{groups::Group, Field, ToConstraintField};

 #[cfg(feature = "r1cs")]
 pub mod constraints;
@ -141,8 +139,9 @@ impl Debug for PedersenParameters {
    }
 }


 impl<ConstraintF: Field, G: Group + ToConstraintField<ConstraintF>> ToConstraintField<ConstraintF> for PedersenParameters<G> {
 impl<ConstraintF: Field, G: Group + ToConstraintField<ConstraintF>> ToConstraintField<ConstraintF>
    for PedersenParameters<G>
 {
    #[inline]
    fn to_field_elements(&self) -> Result<Vec<ConstraintF>, Error> {
        Ok(Vec::new())
--- a/crypto-primitives/src/lib.rs
+++ b/crypto-primitives/src/lib.rs
@ -14,7 +14,7 @@ pub mod signature;
 pub use self::{
    commitment::CommitmentScheme,
    crh::FixedLengthCRH,
    merkle_tree::{MerkleTreePath, MerkleHashTree},
    merkle_tree::{MerkleHashTree, MerkleTreePath},
    nizk::NIZK,
    prf::PRF,
    signature::SignatureScheme,
@ -22,16 +22,12 @@ pub use self::{

 #[cfg(feature = "r1cs")]
 pub use self::{
    commitment::CommitmentGadget,
    crh::FixedLengthCRHGadget,
    merkle_tree::constraints::MerkleTreePathGadget,
    nizk::NIZKVerifierGadget,
    prf::PRFGadget,
    commitment::CommitmentGadget, crh::FixedLengthCRHGadget,
    merkle_tree::constraints::MerkleTreePathGadget, nizk::NIZKVerifierGadget, prf::PRFGadget,
    signature::SigRandomizePkGadget,
 };


 pub type Error  = Box<dyn std::error::Error>;
 pub type Error = Box<dyn std::error::Error>;

 #[derive(Debug)]
 pub enum CryptoError {
--- a/crypto-primitives/src/merkle_tree/constraints.rs
+++ b/crypto-primitives/src/merkle_tree/constraints.rs
@ -1,10 +1,11 @@
 use algebra::Field;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;
 use r1cs_std::boolean::AllocatedBit;
 use r1cs_std::{boolean::AllocatedBit, prelude::*};

 use crate::merkle_tree::*;
 use crate::crh::{FixedLengthCRH, FixedLengthCRHGadget};
 use crate::{
    crh::{FixedLengthCRH, FixedLengthCRHGadget},
    merkle_tree::*,
 };

 use std::borrow::Borrow;

@ -14,7 +15,7 @@ where
    HGadget: FixedLengthCRHGadget<P::H, ConstraintF>,
    ConstraintF: Field,
 {
    path:    Vec<(HGadget::OutputGadget, HGadget::OutputGadget)>,
    path: Vec<(HGadget::OutputGadget, HGadget::OutputGadget)>,
 }

 impl<P, CRHGadget, ConstraintF> MerkleTreePathGadget<P, CRHGadget, ConstraintF>
@ -30,13 +31,7 @@ where
        root: &CRHGadget::OutputGadget,
        leaf: impl ToBytesGadget<ConstraintF>,
    ) -> Result<(), SynthesisError> {
    self.conditionally_check_membership(
            cs,
            parameters,
            root,
            leaf,
            &Boolean::Constant(true),
        )
        self.conditionally_check_membership(cs, parameters, root, leaf, &Boolean::Constant(true))
    }

    pub fn conditionally_check_membership<CS: ConstraintSystem<ConstraintF>>(
@ -153,9 +148,7 @@ where
                })?;
            path.push((l_hash, r_hash));
        }
        Ok(MerkleTreePathGadget {
            path,
        })
        Ok(MerkleTreePathGadget { path })
    }

    fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(
@ -179,9 +172,7 @@ where
            path.push((l_hash, r_hash));
        }

        Ok(MerkleTreePathGadget {
            path,
        })
        Ok(MerkleTreePathGadget { path })
    }
 }

@ -191,20 +182,15 @@ mod test {

    use crate::{
        crh::{
            pedersen::{PedersenCRH, PedersenWindow},
            pedersen::constraints::PedersenCRHGadget, 
            FixedLengthCRH,
            FixedLengthCRHGadget,
            pedersen::{constraints::PedersenCRHGadget, PedersenCRH, PedersenWindow},
            FixedLengthCRH, FixedLengthCRHGadget,
        },
        merkle_tree::*,
    };
    use algebra::{
        curves::jubjub::JubJubAffine as JubJub,
        fields::jubjub::fq::Fq,
    };
    use algebra::{curves::jubjub::JubJubAffine as JubJub, fields::jubjub::fq::Fq};
    use r1cs_core::ConstraintSystem;
    use rand::SeedableRng;
    use rand_xorshift::XorShiftRng;
    use r1cs_core::ConstraintSystem;

    use super::*;
    use r1cs_std::{
@ -223,7 +209,7 @@ mod test {
    type HG = PedersenCRHGadget<JubJub, Fq, JubJubGadget>;

    struct JubJubMerkleTreeParams;
    

    impl MerkleTreeConfig for JubJubMerkleTreeParams {
        const HEIGHT: usize = 32;
        type H = H;
@ -244,25 +230,27 @@ mod test {
            assert!(proof.verify(&crh_parameters, &root, &leaf).unwrap());

            // Allocate Merkle Tree Root
            let root = <HG as FixedLengthCRHGadget<H, _>>::OutputGadget::alloc(&mut cs.ns(|| format!("new_digest_{}", i)), || {
                if use_bad_root {
                    Ok(<H as FixedLengthCRH>::Output::default())
                } else {
                    Ok(root)
                }
            })
            let root = <HG as FixedLengthCRHGadget<H, _>>::OutputGadget::alloc(
                &mut cs.ns(|| format!("new_digest_{}", i)),
                || {
                    if use_bad_root {
                        Ok(<H as FixedLengthCRH>::Output::default())
                    } else {
                        Ok(root)
                    }
                },
            )
            .unwrap();

            let constraints_from_digest = cs.num_constraints();
            println!("constraints from digest: {}", constraints_from_digest);

            // Allocate Parameters for CRH
            let crh_parameters =
                <HG as FixedLengthCRHGadget<H, Fq>>::ParametersGadget::alloc(
                    &mut cs.ns(|| format!("new_parameters_{}", i)),
                    || Ok(crh_parameters.clone()),
                )
                .unwrap();
            let crh_parameters = <HG as FixedLengthCRHGadget<H, Fq>>::ParametersGadget::alloc(
                &mut cs.ns(|| format!("new_parameters_{}", i)),
                || Ok(crh_parameters.clone()),
            )
            .unwrap();

            let constraints_from_parameters = cs.num_constraints() - constraints_from_digest;
            println!(
@ -272,15 +260,16 @@ mod test {

            // Allocate Leaf
            let leaf_g = UInt8::constant_vec(leaf);
                

            let constraints_from_leaf =
                cs.num_constraints() - constraints_from_parameters - constraints_from_digest;
            println!("constraints from leaf: {}", constraints_from_leaf);

            // Allocate Merkle Tree Path
            let cw = MerkleTreePathGadget::<_, HG, _>::alloc(&mut cs.ns(|| format!("new_witness_{}", i)), || {
                Ok(proof)
            })
            let cw = MerkleTreePathGadget::<_, HG, _>::alloc(
                &mut cs.ns(|| format!("new_witness_{}", i)),
                || Ok(proof),
            )
            .unwrap();

            let constraints_from_path = cs.num_constraints()
@ -320,7 +309,7 @@ mod test {
    fn good_root_test() {
        let mut leaves = Vec::new();
        for i in 0..4u8 {
            let input = [i ; 30];
            let input = [i; 30];
            leaves.push(input);
        }
        generate_merkle_tree(&leaves, false);
@ -331,7 +320,7 @@ mod test {
    fn bad_root_test() {
        let mut leaves = Vec::new();
        for i in 0..4u8 {
            let input = [i ; 30];
            let input = [i; 30];
            leaves.push(input);
        }
        generate_merkle_tree(&leaves, true);
--- a/crypto-primitives/src/merkle_tree/mod.rs
+++ b/crypto-primitives/src/merkle_tree/mod.rs
@ -1,9 +1,7 @@
 use crate::crh::FixedLengthCRH;
 use crate::{crh::FixedLengthCRH, Error};
 use algebra::bytes::ToBytes;
 use crate::Error;
 use std::{fmt, rc::Rc};


 #[cfg(feature = "r1cs")]
 pub mod constraints;

@ -20,22 +18,25 @@ pub trait MerkleTreeConfig {
    Debug(bound = "P: MerkleTreeConfig, <P::H as FixedLengthCRH>::Output: fmt::Debug")
 )]
 pub struct MerkleTreePath<P: MerkleTreeConfig> {
    pub(crate) path: Vec<(<P::H as FixedLengthCRH>::Output, <P::H as FixedLengthCRH>::Output)>,
    pub(crate) path: Vec<(
        <P::H as FixedLengthCRH>::Output,
        <P::H as FixedLengthCRH>::Output,
    )>,
 }

 pub type MerkleTreeParams<P> = <<P as MerkleTreeConfig>::H as FixedLengthCRH>::Parameters;
 pub type MerkleTreeDigest<P> = <<P as MerkleTreeConfig>::H as FixedLengthCRH>::Output;


 impl<P: MerkleTreeConfig> Default for MerkleTreePath<P> {
    fn default() -> Self {
        let mut path = Vec::with_capacity(P::HEIGHT as usize);
        for _i in 1..P::HEIGHT as usize {
            path.push((<P::H as FixedLengthCRH>::Output::default(), <P::H as FixedLengthCRH>::Output::default()));
        }
        Self {
            path,
            path.push((
                <P::H as FixedLengthCRH>::Output::default(),
                <P::H as FixedLengthCRH>::Output::default(),
            ));
        }
        Self { path }
    }
 }

@ -82,7 +83,10 @@ impl MerkleTreePath {

 pub struct MerkleHashTree<P: MerkleTreeConfig> {
    tree:         Vec<<P::H as FixedLengthCRH>::Output>,
    padding_tree: Vec<(<P::H as FixedLengthCRH>::Output, <P::H as FixedLengthCRH>::Output)>,
    padding_tree: Vec<(
        <P::H as FixedLengthCRH>::Output,
        <P::H as FixedLengthCRH>::Output,
    )>,
    parameters:   Rc<<P::H as FixedLengthCRH>::Parameters>,
    root:         Option<<P::H as FixedLengthCRH>::Output>,
 }
@ -99,7 +103,10 @@ impl MerkleHashTree {
        }
    }

    pub fn new<L: ToBytes>(parameters: Rc<<P::H as FixedLengthCRH>::Parameters>, leaves: &[L]) -> Result<Self, Error> {
    pub fn new<L: ToBytes>(
        parameters: Rc<<P::H as FixedLengthCRH>::Parameters>,
        leaves: &[L],
    ) -> Result<Self, Error> {
        let new_time = start_timer!(|| "MerkleTree::New");

        let last_level_size = leaves.len().next_power_of_two();
@ -225,9 +232,7 @@ impl MerkleHashTree {
        if path.len() != (Self::HEIGHT - 1) as usize {
            Err(MerkleTreeError::IncorrectPathLength(path.len()))?
        } else {
            Ok(MerkleTreePath {
                path,
            })
            Ok(MerkleTreePath { path })
        }
    }
 }
@ -241,7 +246,9 @@ pub enum MerkleTreeError {
 impl std::fmt::Display for MerkleTreeError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        let msg = match self {
            MerkleTreeError::IncorrectLeafIndex(index) => format!("incorrect leaf index: {}", index),
            MerkleTreeError::IncorrectLeafIndex(index) => {
                format!("incorrect leaf index: {}", index)
            },
            MerkleTreeError::IncorrectPathLength(len) => format!("incorrect path length: {}", len),
        };
        write!(f, "{}", msg)
@ -358,10 +365,12 @@ pub(crate) fn hash_empty(
    H::evaluate(parameters, &empty_buffer)
 }


 #[cfg(test)]
 mod test {
    use crate::{crh::{pedersen::*, *}, merkle_tree::*};
    use crate::{
        crh::{pedersen::*, *},
        merkle_tree::*,
    };
    use algebra::curves::jubjub::JubJubAffine as JubJub;
    use rand::SeedableRng;
    use rand_xorshift::XorShiftRng;
@ -373,18 +382,16 @@ mod test {
        const NUM_WINDOWS: usize = 256;
    }


    type H = PedersenCRH<JubJub, Window4x256>;

    struct JubJubMerkleTreeParams;
    

    impl MerkleTreeConfig for JubJubMerkleTreeParams {
        const HEIGHT: usize = 32;
        type H = H;
    }
    type JubJubMerkleTree = MerkleHashTree<JubJubMerkleTreeParams>;


    fn generate_merkle_tree<L: ToBytes + Clone + Eq>(leaves: &[L]) -> () {
        let mut rng = XorShiftRng::seed_from_u64(9174123u64);

--- a/crypto-primitives/src/nizk/constraints.rs
+++ b/crypto-primitives/src/nizk/constraints.rs
@ -5,7 +5,8 @@ use r1cs_std::prelude::*;
 use crate::nizk::NIZK;

 pub trait NIZKVerifierGadget<N: NIZK, ConstraintF: Field> {
    type VerificationKeyGadget: AllocGadget<N::VerificationParameters, ConstraintF> + ToBytesGadget<ConstraintF>;
    type VerificationKeyGadget: AllocGadget<N::VerificationParameters, ConstraintF>
        + ToBytesGadget<ConstraintF>;

    type ProofGadget: AllocGadget<N::Proof, ConstraintF>;

--- a/crypto-primitives/src/nizk/gm17/constraints.rs
+++ b/crypto-primitives/src/nizk/gm17/constraints.rs
@ -1,5 +1,5 @@
 use crate::nizk::{gm17::Gm17, NIZKVerifierGadget};
 use algebra::{Field, ToConstraintField, AffineCurve, PairingEngine};
 use algebra::{AffineCurve, Field, PairingEngine, ToConstraintField};
 use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;

@ -36,11 +36,8 @@ pub struct VerifyingKeyGadget<
    pub query:      Vec<P::G1Gadget>,
 }

 impl<
        PairingE: PairingEngine,
        ConstraintF: Field,
        P: PairingGadget<PairingE, ConstraintF>,
    > VerifyingKeyGadget<PairingE, ConstraintF, P>
 impl<PairingE: PairingEngine, ConstraintF: Field, P: PairingGadget<PairingE, ConstraintF>>
    VerifyingKeyGadget<PairingE, ConstraintF, P>
 {
    pub fn prepare<CS: ConstraintSystem<ConstraintF>>(
        &self,
@ -408,15 +405,14 @@ mod test {
    use super::*;
    use algebra::{
        curves::bls12_377::Bls12_377,
        fields::bls12_377::Fr,
        fields::bls12_377::Fq,
        fields::bls12_377::{Fq, Fr},
        BitIterator, PrimeField,
    };
    use rand::{thread_rng, Rng};
    use r1cs_std::{
        boolean::Boolean, pairing::bls12_377::PairingGadget as Bls12_377PairingGadget,
        test_constraint_system::TestConstraintSystem,
    };
    use rand::{thread_rng, Rng};

    type TestProofSystem = Gm17<Bls12_377, Bench<Fr>, Fr>;
    type TestVerifierGadget = Gm17VerifierGadget<Bls12_377, Fq, Bls12_377PairingGadget>;
@ -429,7 +425,10 @@ mod test {
    }

    impl<F: Field> ConstraintSynthesizer<F> for Bench<F> {
        fn generate_constraints<CS: ConstraintSystem<F>>(self, cs: &mut CS) -> Result<(), SynthesisError> {
        fn generate_constraints<CS: ConstraintSystem<F>>(
            self,
            cs: &mut CS,
        ) -> Result<(), SynthesisError> {
            assert!(self.inputs.len() >= 2);
            assert!(self.num_constraints >= self.inputs.len());

--- a/crypto-primitives/src/nizk/gm17/mod.rs
+++ b/crypto-primitives/src/nizk/gm17/mod.rs
@ -1,11 +1,11 @@
 use algebra::PairingEngine;
 use crate::Error;
 use rand::Rng;
 use algebra::PairingEngine;
 use gm17::{
    create_random_proof, generate_random_parameters, prepare_verifying_key, verify_proof,
    Parameters, PreparedVerifyingKey, Proof, VerifyingKey,
 };
 use r1cs_core::ConstraintSynthesizer;
 use rand::Rng;

 use algebra::ToConstraintField;
 use std::marker::PhantomData;
@ -17,16 +17,22 @@ pub mod constraints;

 /// Note: V should serialize its contents to `Vec<E::Fr>` in the same order as
 /// during the constraint generation.
 pub struct Gm17<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::Fr> + ?Sized> {
 pub struct Gm17<
    E: PairingEngine,
    C: ConstraintSynthesizer<E::Fr>,
    V: ToConstraintField<E::Fr> + ?Sized,
 > {
    #[doc(hidden)]
    _engine:         PhantomData<E>,
    _engine: PhantomData<E>,
    #[doc(hidden)]
    _circuit:        PhantomData<C>,
    _circuit: PhantomData<C>,
    #[doc(hidden)]
    _verifier_input: PhantomData<V>,
 }

 impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::Fr> + ?Sized> NIZK for Gm17<E, C, V> {
 impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::Fr> + ?Sized> NIZK
    for Gm17<E, C, V>
 {
    type Circuit = C;
    type AssignedCircuit = C;
    type ProvingParameters = Parameters<E>;
--- a/crypto-primitives/src/nizk/groth16/constraints.rs
+++ b/crypto-primitives/src/nizk/groth16/constraints.rs
@ -1,5 +1,5 @@
 use crate::nizk::{groth16::Groth16, NIZKVerifierGadget};
 use algebra::{Field, ToConstraintField, AffineCurve, PairingEngine};
 use algebra::{AffineCurve, Field, PairingEngine, ToConstraintField};
 use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;

@ -28,18 +28,15 @@ pub struct VerifyingKeyGadget<
    ConstraintF: Field,
    P: PairingGadget<PairingE, ConstraintF>,
 > {
    pub alpha_g1:       P::G1Gadget,
    pub beta_g2:       P::G2Gadget,
    pub gamma_g2: P::G2Gadget,
    pub delta_g2:  P::G2Gadget,
    pub gamma_abc_g1:  Vec<P::G1Gadget>,
    pub alpha_g1:     P::G1Gadget,
    pub beta_g2:      P::G2Gadget,
    pub gamma_g2:     P::G2Gadget,
    pub delta_g2:     P::G2Gadget,
    pub gamma_abc_g1: Vec<P::G1Gadget>,
 }

 impl<
        PairingE: PairingEngine,
        ConstraintF: Field,
        P: PairingGadget<PairingE, ConstraintF>,
    > VerifyingKeyGadget<PairingE, ConstraintF, P>
 impl<PairingE: PairingEngine, ConstraintF: Field, P: PairingGadget<PairingE, ConstraintF>>
    VerifyingKeyGadget<PairingE, ConstraintF, P>
 {
    pub fn prepare<CS: ConstraintSystem<ConstraintF>>(
        &self,
@ -49,7 +46,11 @@ impl<
        let alpha_g1_pc = P::prepare_g1(&mut cs.ns(|| "Prepare alpha_g1"), &self.alpha_g1)?;
        let beta_g2_pc = P::prepare_g2(&mut cs.ns(|| "Prepare beta_g2"), &self.beta_g2)?;

        let alpha_g1_beta_g2 = P::pairing(&mut cs.ns(|| "Precompute e(alpha_g1, beta_g2)"), alpha_g1_pc, beta_g2_pc)?;
        let alpha_g1_beta_g2 = P::pairing(
            &mut cs.ns(|| "Precompute e(alpha_g1, beta_g2)"),
            alpha_g1_pc,
            beta_g2_pc,
        )?;

        let gamma_g2_neg = self.gamma_g2.negate(&mut cs.ns(|| "Negate gamma_g2"))?;
        let gamma_g2_neg_pc = P::prepare_g2(&mut cs.ns(|| "Prepare gamma_g2_neg"), &gamma_g2_neg)?;
@ -58,10 +59,10 @@ impl<
        let delta_g2_neg_pc = P::prepare_g2(&mut cs.ns(|| "Prepare delta_g2_neg"), &delta_g2_neg)?;

        Ok(PreparedVerifyingKeyGadget {
            alpha_g1_beta_g2:  alpha_g1_beta_g2,
            gamma_g2_neg_pc:       gamma_g2_neg_pc,
            delta_g2_neg_pc:       delta_g2_neg_pc,
            gamma_abc_g1:      self.gamma_abc_g1.clone(),
            alpha_g1_beta_g2,
            gamma_g2_neg_pc,
            delta_g2_neg_pc,
            gamma_abc_g1:     self.gamma_abc_g1.clone(),
        })
    }
 }
@ -76,10 +77,10 @@ pub struct PreparedVerifyingKeyGadget<
    ConstraintF: Field,
    P: PairingGadget<PairingE, ConstraintF>,
 > {
    pub alpha_g1_beta_g2:  P::GTGadget,
    pub gamma_g2_neg_pc:       P::G2PreparedGadget,
    pub delta_g2_neg_pc:       P::G2PreparedGadget,
    pub gamma_abc_g1:      Vec<P::G1Gadget>,
    pub alpha_g1_beta_g2: P::GTGadget,
    pub gamma_g2_neg_pc:  P::G2PreparedGadget,
    pub delta_g2_neg_pc:  P::G2PreparedGadget,
    pub gamma_abc_g1:     Vec<P::G1Gadget>,
 }

 pub struct Groth16VerifierGadget<PairingE, ConstraintF, P>
@ -146,11 +147,7 @@ where

            P::miller_loop(
                cs.ns(|| "Miller loop 1"),
                &[
                    proof_a_prep,
                    g_ic_prep,
                    proof_c_prep,
                ],
                &[proof_a_prep, g_ic_prep, proof_c_prep],
                &[
                    proof_b_prep,
                    pvk.gamma_g2_neg_pc.clone(),
@ -190,7 +187,8 @@ where
                delta_g2,
                gamma_abc_g1,
            } = vk.borrow().clone();
            let alpha_g1 = P::G1Gadget::alloc(cs.ns(|| "alpha_g1"), || Ok(alpha_g1.into_projective()))?;
            let alpha_g1 =
                P::G1Gadget::alloc(cs.ns(|| "alpha_g1"), || Ok(alpha_g1.into_projective()))?;
            let beta_g2 =
                P::G2Gadget::alloc(cs.ns(|| "beta_g2"), || Ok(beta_g2.into_projective()))?;
            let gamma_g2 =
@ -236,7 +234,8 @@ where
                delta_g2,
                gamma_abc_g1,
            } = vk.borrow().clone();
            let alpha_g1 = P::G1Gadget::alloc_input(cs.ns(|| "alpha_g1"), || Ok(alpha_g1.into_projective()))?;
            let alpha_g1 =
                P::G1Gadget::alloc_input(cs.ns(|| "alpha_g1"), || Ok(alpha_g1.into_projective()))?;
            let beta_g2 =
                P::G2Gadget::alloc_input(cs.ns(|| "beta_g2"), || Ok(beta_g2.into_projective()))?;
            let gamma_g2 =
@ -327,21 +326,9 @@ where
    ) -> Result<Vec<UInt8>, SynthesisError> {
        let mut bytes = Vec::new();
        bytes.extend_from_slice(&self.alpha_g1.to_bytes(&mut cs.ns(|| "alpha_g1 to bytes"))?);
        bytes.extend_from_slice(
            &self
                .beta_g2
                .to_bytes(&mut cs.ns(|| "beta_g2 to bytes"))?,
        );
        bytes.extend_from_slice(
            &self
                .gamma_g2
                .to_bytes(&mut cs.ns(|| "gamma_g2 to bytes"))?,
        );
        bytes.extend_from_slice(
            &self
                .delta_g2
                .to_bytes(&mut cs.ns(|| "delta_g2 to bytes"))?,
        );
        bytes.extend_from_slice(&self.beta_g2.to_bytes(&mut cs.ns(|| "beta_g2 to bytes"))?);
        bytes.extend_from_slice(&self.gamma_g2.to_bytes(&mut cs.ns(|| "gamma_g2 to bytes"))?);
        bytes.extend_from_slice(&self.delta_g2.to_bytes(&mut cs.ns(|| "delta_g2 to bytes"))?);
        for (i, g) in self.gamma_abc_g1.iter().enumerate() {
            let mut cs = cs.ns(|| format!("Iteration {}", i));
            bytes.extend_from_slice(&g.to_bytes(&mut cs.ns(|| "g"))?);
@ -365,15 +352,14 @@ mod test {
    use super::*;
    use algebra::{
        curves::bls12_377::Bls12_377,
        fields::bls12_377::Fr,
        fields::bls12_377::Fq,
        fields::bls12_377::{Fq, Fr},
        BitIterator, PrimeField,
    };
    use rand::{thread_rng, Rng};
    use r1cs_std::{
        boolean::Boolean, pairing::bls12_377::PairingGadget as Bls12_377PairingGadget,
        test_constraint_system::TestConstraintSystem,
    };
    use rand::{thread_rng, Rng};

    type TestProofSystem = Groth16<Bls12_377, Bench<Fr>, Fr>;
    type TestVerifierGadget = Groth16VerifierGadget<Bls12_377, Fq, Bls12_377PairingGadget>;
@ -386,7 +372,10 @@ mod test {
    }

    impl<F: Field> ConstraintSynthesizer<F> for Bench<F> {
        fn generate_constraints<CS: ConstraintSystem<F>>(self, cs: &mut CS) -> Result<(), SynthesisError> {
        fn generate_constraints<CS: ConstraintSystem<F>>(
            self,
            cs: &mut CS,
        ) -> Result<(), SynthesisError> {
            assert!(self.inputs.len() >= 2);
            assert!(self.num_constraints >= self.inputs.len());

--- a/crypto-primitives/src/nizk/groth16/mod.rs
+++ b/crypto-primitives/src/nizk/groth16/mod.rs
@ -1,11 +1,11 @@
 use algebra::PairingEngine;
 use crate::Error;
 use rand::Rng;
 use algebra::PairingEngine;
 use groth16::{
    create_random_proof, generate_random_parameters, prepare_verifying_key, verify_proof,
    Parameters, PreparedVerifyingKey, Proof, VerifyingKey,
 };
 use r1cs_core::ConstraintSynthesizer;
 use rand::Rng;

 use algebra::ToConstraintField;
 use std::marker::PhantomData;
@ -17,16 +17,22 @@ pub mod constraints;

 /// Note: V should serialize its contents to `Vec<E::Fr>` in the same order as
 /// during the constraint generation.
 pub struct Groth16<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::Fr> + ?Sized> {
 pub struct Groth16<
    E: PairingEngine,
    C: ConstraintSynthesizer<E::Fr>,
    V: ToConstraintField<E::Fr> + ?Sized,
 > {
    #[doc(hidden)]
    _engine:         PhantomData<E>,
    _engine: PhantomData<E>,
    #[doc(hidden)]
    _circuit:        PhantomData<C>,
    _circuit: PhantomData<C>,
    #[doc(hidden)]
    _verifier_input: PhantomData<V>,
 }

 impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::Fr> + ?Sized> NIZK for Groth16<E, C, V> {
 impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::Fr> + ?Sized> NIZK
    for Groth16<E, C, V>
 {
    type Circuit = C;
    type AssignedCircuit = C;
    type ProvingParameters = Parameters<E>;
--- a/crypto-primitives/src/prf/blake2s/constraints.rs
+++ b/crypto-primitives/src/prf/blake2s/constraints.rs
@ -411,7 +411,10 @@ impl ConditionalEqGadget for Blake2sOutput

 impl<ConstraintF: PrimeField> ToBytesGadget<ConstraintF> for Blake2sOutputGadget {
    #[inline]
    fn to_bytes<CS: ConstraintSystem<ConstraintF>>(&self, _cs: CS) -> Result<Vec<UInt8>, SynthesisError> {
    fn to_bytes<CS: ConstraintSystem<ConstraintF>>(
        &self,
        _cs: CS,
    ) -> Result<Vec<UInt8>, SynthesisError> {
        Ok(self.0.clone())
    }

@ -426,7 +429,10 @@ impl ToBytesGadget for Blake2sOutputGadget

 impl<ConstraintF: PrimeField> AllocGadget<[u8; 32], ConstraintF> for Blake2sOutputGadget {
    #[inline]
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, value_gen: F) -> Result<Self, SynthesisError>
    fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
        cs: CS,
        value_gen: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<[u8; 32]>,
@ -498,12 +504,14 @@ mod test {
    use rand::{Rng, SeedableRng};
    use rand_xorshift::XorShiftRng;

    use crate::prf::blake2s::{Blake2s as B2SPRF, constraints::blake2s_gadget};
    use crate::prf::blake2s::{constraints::blake2s_gadget, Blake2s as B2SPRF};
    use blake2::Blake2s;
    use r1cs_core::ConstraintSystem;

    use super::Blake2sGadget;
    use r1cs_std::{prelude::*, boolean::AllocatedBit, test_constraint_system::TestConstraintSystem};
    use r1cs_std::{
        boolean::AllocatedBit, prelude::*, test_constraint_system::TestConstraintSystem,
    };

    #[test]
    fn test_blake2s_constraints() {
@ -522,7 +530,7 @@ mod test {

    #[test]
    fn test_blake2s_prf() {
        use crate::prf::{PRF, PRFGadget};
        use crate::prf::{PRFGadget, PRF};
        use rand::Rng;

        let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
--- a/crypto-primitives/src/prf/constraints.rs
+++ b/crypto-primitives/src/prf/constraints.rs
@ -7,7 +7,11 @@ use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;

 pub trait PRFGadget<P: PRF, ConstraintF: Field> {
    type OutputGadget: EqGadget<ConstraintF> + ToBytesGadget<ConstraintF> + AllocGadget<P::Output, ConstraintF> + Clone + Debug;
    type OutputGadget: EqGadget<ConstraintF>
        + ToBytesGadget<ConstraintF>
        + AllocGadget<P::Output, ConstraintF>
        + Clone
        + Debug;

    fn new_seed<CS: ConstraintSystem<ConstraintF>>(cs: CS, output: &P::Seed) -> Vec<UInt8>;

--- a/crypto-primitives/src/signature/constraints.rs
+++ b/crypto-primitives/src/signature/constraints.rs
@ -7,7 +7,10 @@ use crate::signature::SignatureScheme;
 pub trait SigRandomizePkGadget<S: SignatureScheme, ConstraintF: Field> {
    type ParametersGadget: AllocGadget<S::Parameters, ConstraintF> + Clone;

    type PublicKeyGadget: ToBytesGadget<ConstraintF> + EqGadget<ConstraintF> + AllocGadget<S::PublicKey, ConstraintF> + Clone;
    type PublicKeyGadget: ToBytesGadget<ConstraintF>
        + EqGadget<ConstraintF>
        + AllocGadget<S::PublicKey, ConstraintF>
        + Clone;

    fn check_randomization_gadget<CS: ConstraintSystem<ConstraintF>>(
        cs: CS,
--- a/crypto-primitives/src/signature/mod.rs
+++ b/crypto-primitives/src/signature/mod.rs
@ -1,5 +1,5 @@
 use algebra::bytes::ToBytes;
 use crate::Error;
 use algebra::bytes::ToBytes;
 use rand::Rng;
 use std::hash::Hash;

@ -8,7 +8,6 @@ pub mod constraints;
 #[cfg(feature = "r1cs")]
 pub use constraints::*;


 pub mod schnorr;

 pub trait SignatureScheme {
@ -56,10 +55,10 @@ mod test {
    use crate::{signature::schnorr::SchnorrSignature, SignatureScheme};
    use algebra::{
        curves::edwards_sw6::EdwardsAffine as Edwards, groups::Group, to_bytes, ToBytes,
        UniformRand,
    };
    use blake2::Blake2s;
    use rand::thread_rng;
    use algebra::UniformRand;

    fn sign_and_verify<S: SignatureScheme>(message: &[u8]) {
        let rng = &mut thread_rng();
--- a/crypto-primitives/src/signature/schnorr/constraints.rs
+++ b/crypto-primitives/src/signature/schnorr/constraints.rs
@ -6,12 +6,11 @@ use crate::signature::SigRandomizePkGadget;

 use std::{borrow::Borrow, marker::PhantomData};

 use crate::signature::schnorr::{
    SchnorrPublicKey, SchnorrSigParameters, SchnorrSignature,
 };
 use crate::signature::schnorr::{SchnorrPublicKey, SchnorrSigParameters, SchnorrSignature};
 use digest::Digest;

 pub struct SchnorrSigGadgetParameters<G: Group, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>> {
 pub struct SchnorrSigGadgetParameters<G: Group, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>>
 {
    generator: GG,
    _group:    PhantomData<*const G>,
    _engine:   PhantomData<*const ConstraintF>,
@ -39,18 +38,18 @@ impl> Clone
 pub struct SchnorrSigGadgetPk<G: Group, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>> {
    pub_key: GG,
    #[doc(hidden)]
    _group:  PhantomData<*const G>,
    _group: PhantomData<*const G>,
    #[doc(hidden)]
    _engine: PhantomData<*const ConstraintF>,
 }

 pub struct SchnorrRandomizePkGadget<G: Group, ConstraintF: Field, GG: GroupGadget<G, ConstraintF>> {
    #[doc(hidden)]
    _group:        PhantomData<*const G>,
    _group: PhantomData<*const G>,
    #[doc(hidden)]
    _group_gadget: PhantomData<*const GG>,
    #[doc(hidden)]
    _engine:       PhantomData<*const ConstraintF>,
    _engine: PhantomData<*const ConstraintF>,
 }

 impl<G, GG, D, ConstraintF> SigRandomizePkGadget<SchnorrSignature<G, D>, ConstraintF>
@ -109,7 +108,10 @@ where
        })
    }

    fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, f: F) -> Result<Self, SynthesisError>
    fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(
        cs: CS,
        f: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<SchnorrSigParameters<G, D>>,
@ -123,7 +125,8 @@ where
    }
 }

 impl<G, ConstraintF, GG> AllocGadget<SchnorrPublicKey<G>, ConstraintF> for SchnorrSigGadgetPk<G, ConstraintF, GG>
 impl<G, ConstraintF, GG> AllocGadget<SchnorrPublicKey<G>, ConstraintF>
    for SchnorrSigGadgetPk<G, ConstraintF, GG>
 where
    G: Group,
    ConstraintF: Field,
@ -142,7 +145,10 @@ where
        })
    }

    fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, f: F) -> Result<Self, SynthesisError>
    fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(
        cs: CS,
        f: F,
    ) -> Result<Self, SynthesisError>
    where
        F: FnOnce() -> Result<T, SynthesisError>,
        T: Borrow<SchnorrPublicKey<G>>,
@ -196,7 +202,10 @@ where
    ConstraintF: Field,
    GG: GroupGadget<G, ConstraintF>,
 {
    fn to_bytes<CS: ConstraintSystem<ConstraintF>>(&self, mut cs: CS) -> Result<Vec<UInt8>, SynthesisError> {
    fn to_bytes<CS: ConstraintSystem<ConstraintF>>(
        &self,
        mut cs: CS,
    ) -> Result<Vec<UInt8>, SynthesisError> {
        self.pub_key.to_bytes(&mut cs.ns(|| "PubKey To Bytes"))
    }

--- a/crypto-primitives/src/signature/schnorr/mod.rs
+++ b/crypto-primitives/src/signature/schnorr/mod.rs
@ -1,14 +1,11 @@
 use crate::SignatureScheme;
 use crate::{Error, SignatureScheme};
 use algebra::{
    ToConstraintField,
    bytes::ToBytes,
    fields::{Field, PrimeField},
    groups::Group,
    to_bytes,
    to_bytes, ToConstraintField, UniformRand,
 };
 use digest::Digest;
 use crate::Error;
 use algebra::UniformRand;
 use rand::Rng;
 use std::{
    hash::Hash,
@ -223,8 +220,8 @@ pub fn bytes_to_bits(bytes: &[u8]) -> Vec {
    bits
 }

 impl<ConstraintF: Field, G: Group + ToConstraintField<ConstraintF>, D: Digest> ToConstraintField<ConstraintF>
    for SchnorrSigParameters<G, D>
 impl<ConstraintF: Field, G: Group + ToConstraintField<ConstraintF>, D: Digest>
    ToConstraintField<ConstraintF> for SchnorrSigParameters<G, D>
 {
    #[inline]
    fn to_field_elements(&self) -> Result<Vec<ConstraintF>, Error> {