Support commit and prove

2026-01-08 15:01:29 +01:00 · 2024-05-30 07:40:56 +08:00
parent f1640df6a6
commit 65e7fb1ef1
6 changed files with 36 additions and 18 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -87,3 +87,4 @@ ark-mnt4-753 = { git = "https://github.com/arkworks-rs/curves/" }
 ark-mnt6-298 = { git = "https://github.com/arkworks-rs/curves/" }
 ark-mnt6-753 = { git = "https://github.com/arkworks-rs/curves/" }
 ark-pallas = { git = "https://github.com/arkworks-rs/curves/" }
+ark-relations = { git = "https://github.com/winderica/snark/", branch = "cp" }
--- a/src/alloc.rs
+++ b/src/alloc.rs
@@ -19,19 +19,22 @@ pub enum AllocationMode {
    /// Indicate to the `ConstraintSystem` that the high-level variable should
    /// be allocated as a private witness to the `ConstraintSystem`.
    Witness = 2,
+
+    Committed = 3,
 }

 impl AllocationMode {
    /// Outputs the maximum according to the relation `Constant < Input <
    /// Witness`.
    pub fn max(&self, other: Self) -> Self {
-        use AllocationMode::*;
-        match (self, other) {
-            (Constant, _) => other,
-            (Input, Constant) => *self,
-            (Input, _) => other,
-            (Witness, _) => *self,
-        }
+        // use AllocationMode::*;
+        // match (self, other) {
+        //     (Constant, _) => other,
+        //     (Input, Constant) => *self,
+        //     (Input, _) => other,
+        //     (Witness, _) => *self,
+        // }
+        unimplemented!()
    }
 }

@@ -77,6 +80,16 @@ pub trait AllocVar<V: ?Sized, F: Field>: Sized {
        Self::new_variable(cs, f, AllocationMode::Witness)
    }

+    /// Allocates a new commitment of type `Self` in the `ConstraintSystem`
+    /// `cs`.
+    #[tracing::instrument(target = "r1cs", skip(cs, f))]
+    fn new_committed<T: Borrow<V>>(
+        cs: impl Into<Namespace<F>>,
+        f: impl FnOnce() -> Result<T, SynthesisError>,
+    ) -> Result<Self, SynthesisError> {
+        Self::new_variable(cs, f, AllocationMode::Committed)
+    }
+
    /// Allocates a new constant or private witness of type `Self` in the
    /// `ConstraintSystem` `cs` with the allocation mode inferred from `cs`.
    /// A constant is allocated if `cs` is `None`, and a private witness is
--- a/src/fields/fp/mod.rs
+++ b/src/fields/fp/mod.rs
@@ -703,10 +703,11 @@ impl<F: PrimeField> AllocVar<F, F> for AllocatedFp<F> {
                value = Some(*f()?.borrow());
                value.ok_or(SynthesisError::AssignmentMissing)
            };
-            let variable = if mode == AllocationMode::Input {
-                cs.new_input_variable(value_generator)?
-            } else {
-                cs.new_witness_variable(value_generator)?
+            let variable = match mode {
+                AllocationMode::Input => cs.new_input_variable(value_generator)?,
+                AllocationMode::Witness => cs.new_witness_variable(value_generator)?,
+                AllocationMode::Committed => cs.new_committed_variable(value_generator)?,
+                _ => unreachable!(),
            };
            Ok(Self::new(value, variable, cs))
        }
--- a/src/groups/curves/short_weierstrass/mod.rs
+++ b/src/groups/curves/short_weierstrass/mod.rs
@@ -514,12 +514,13 @@ where
        // zero if `self` was zero. However, we also want to make sure that generated
        // constraints are satisfiable in both cases.
        //
-        // In particular, using non-sensible values for `x` and `y` in zero-case may cause
-        // `unchecked` operations to generate constraints that can never be satisfied, depending
-        // on the curve equation coefficients.
+        // In particular, using non-sensible values for `x` and `y` in zero-case may
+        // cause `unchecked` operations to generate constraints that can never
+        // be satisfied, depending on the curve equation coefficients.
        //
-        // The safest approach is to use coordinates of some point from the curve, thus not
-        // violating assumptions of `NonZeroAffine`. For instance, generator point.
+        // The safest approach is to use coordinates of some point from the curve, thus
+        // not violating assumptions of `NonZeroAffine`. For instance, generator
+        // point.
        let x = infinity.select(&F::constant(P::GENERATOR.x), &x)?;
        let y = infinity.select(&F::constant(P::GENERATOR.y), &y)?;
        let non_zero_self = NonZeroAffineVar::new(x, y);
@@ -904,6 +905,7 @@ where
                    Ok(ge)
                }
            },
+            _ => unimplemented!(),
        }
    }
 }
--- a/src/groups/curves/twisted_edwards/mod.rs
+++ b/src/groups/curves/twisted_edwards/mod.rs
@@ -650,6 +650,7 @@ where
                    Ok(ge)
                }
            },
+            _ => unimplemented!(),
        }
    }
 }
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -2,8 +2,8 @@
 //! This crate implements common "gadgets" that make
 //! programming rank-1 constraint systems easier.
 #![deny(
-    warnings,
-    unused,
+    // warnings,
+    // unused,
    future_incompatible,
    nonstandard_style,
    rust_2018_idioms