Refactor algebra API, split into algebra and algebra-core. (#100)

Cargo.toml

@@ -1,6 +1,7 @@
 [workspace]
 
 members = [
+    "algebra-core",
     "algebra",
     "algebra-benches",
     "bench-utils",

crypto-primitives/Cargo.toml

@@ -22,24 +22,30 @@ edition = "2018"
 ################################# Dependencies ################################
 
 [dependencies]
-algebra = { path = "../algebra", default-features = false }
+algebra-core = { path = "../algebra-core", default-features = false }
 bench-utils = { path = "../bench-utils" }
+
 blake2 = { version = "0.7", default-features = false }
-derivative = { version = "1.0", features = ["use_core"] }
 digest = "0.7"
+
 ff-fft = { path = "../ff-fft", default-features = false }
 gm17 = { path = "../gm17", optional = true, default-features = false }
 groth16 = { path = "../groth16", optional = true, default-features = false }
+
 r1cs-core = { path = "../r1cs-core", optional = true, default-features = false }
 r1cs-std = { path = "../r1cs-std", optional = true, default-features = false }
+
 rand = { version = "0.7", default-features = false }
 rayon = { version = "1.0", optional = true }
+derivative = { version = "1.0", features = ["use_core"] }
 
 [features]
-default = ["parallel"]
+default = ["std"]
 r1cs = ["r1cs-core", "r1cs-std"]
-std = ["r1cs", "algebra/std", "r1cs-core/std", "r1cs-std/std", "gm17/std", "groth16/std", "ff-fft/std"]
+std = ["r1cs", "algebra-core/std", "r1cs-core/std", "r1cs-std/std"]
-parallel = ["std", "rayon"]
+parallel = ["std", "rayon", "gm17/parallel", "groth16/parallel", "ff-fft/parallel"]
 
 [dev-dependencies]
+algebra = { path = "../algebra", default-features = false, features = [ "jubjub", "bls12_377" ] }
+r1cs-std = { path = "../r1cs-std", default-features = false, features = [ "jubjub", "bls12_377" ] }
 rand_xorshift = { version = "0.2" }

crypto-primitives/src/commitment/blake2s/constraints.rs

@@ -5,7 +5,7 @@ use crate::{
     prf::blake2s::constraints::{blake2s_gadget, Blake2sOutputGadget},
     CommitmentGadget,
 };
-use algebra::{Field, PrimeField};
+use algebra_core::{Field, PrimeField};
 use r1cs_std::prelude::*;
 
 use core::borrow::Borrow;
@@ -117,7 +117,7 @@ mod test {
         },
         *,
     };
-    use algebra::{fields::bls12_381::Fr, test_rng};
+    use algebra::{jubjub::Fq as Fr, test_rng};
     use r1cs_core::ConstraintSystem;
     use r1cs_std::{prelude::*, test_constraint_system::TestConstraintSystem};
     use rand::Rng;

crypto-primitives/src/commitment/constraints.rs

@@ -1,5 +1,5 @@
 use crate::CommitmentScheme;
-use algebra::Field;
+use algebra_core::Field;
 use core::fmt::Debug;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;

crypto-primitives/src/commitment/injective_map/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::{Field, PrimeField};
+use algebra_core::{Field, PrimeField};
 
 use crate::commitment::{
     injective_map::{InjectiveMap, PedersenCommCompressor},
@@ -12,7 +12,7 @@ use crate::commitment::{
 };
 
 pub use crate::crh::injective_map::constraints::InjectiveMapGadget;
-use algebra::groups::Group;
+use algebra_core::groups::Group;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::{groups::GroupGadget, uint8::UInt8};
 

crypto-primitives/src/commitment/injective_map/mod.rs

@@ -7,7 +7,7 @@ use super::{
     CommitmentScheme,
 };
 pub use crate::crh::injective_map::InjectiveMap;
-use algebra::groups::Group;
+use algebra_core::groups::Group;
 
 #[cfg(feature = "r1cs")]
 pub mod constraints;

crypto-primitives/src/commitment/mod.rs

@@ -1,8 +1,8 @@
-use algebra::UniformRand;
+use algebra_core::UniformRand;
 use core::{fmt::Debug, hash::Hash};
 use rand::Rng;
 
-use algebra::bytes::ToBytes;
+use algebra_core::bytes::ToBytes;
 
 pub mod blake2s;
 pub mod injective_map;

crypto-primitives/src/commitment/pedersen/constraints.rs

@@ -2,11 +2,13 @@ use crate::{
     commitment::pedersen::{PedersenCommitment, PedersenParameters, PedersenRandomness},
     crh::pedersen::PedersenWindow,
 };
-use algebra::{to_bytes, Group, ToBytes};
+use algebra_core::{
+    fields::{Field, PrimeField},
+    to_bytes, Group, ToBytes,
+};
 use r1cs_core::{ConstraintSystem, SynthesisError};
 
 use crate::commitment::CommitmentGadget;
-use algebra::fields::{Field, PrimeField};
 use core::{borrow::Borrow, marker::PhantomData};
 use r1cs_std::prelude::*;
 
@@ -171,6 +173,11 @@ where
 
 #[cfg(test)]
 mod test {
+    use algebra::{
+        jubjub::{Fq, Fr, JubJubProjective as JubJub},
+        test_rng, ProjectiveCurve, UniformRand,
+    };
+
     use crate::{
         commitment::{
             pedersen::{
@@ -180,14 +187,9 @@ mod test {
         },
         crh::pedersen::PedersenWindow,
     };
-    use algebra::{
-        curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve},
-        fields::jubjub::{fq::Fq, fr::Fr},
-        test_rng, UniformRand,
-    };
     use r1cs_core::ConstraintSystem;
     use r1cs_std::{
-        groups::jubjub::JubJubGadget, prelude::*, test_constraint_system::TestConstraintSystem,
+        jubjub::JubJubGadget, prelude::*, test_constraint_system::TestConstraintSystem,
     };
 
     #[test]

crypto-primitives/src/commitment/pedersen/mod.rs

@@ -1,14 +1,15 @@
 use crate::{Error, Vec};
-use algebra::{
+use algebra_core::{
-    bytes::ToBytes, groups::Group, BitIterator, Field, FpParameters, PrimeField, ToConstraintField,
+    bytes::ToBytes,
-    UniformRand,
+    groups::Group,
+    io::{Result as IoResult, Write},
+    BitIterator, Field, FpParameters, PrimeField, ToConstraintField, UniformRand,
 };
 
 use core::marker::PhantomData;
 use rand::Rng;
 
 use super::CommitmentScheme;
-use algebra::io::{Result as IoResult, Write};
 
 pub use crate::crh::pedersen::PedersenWindow;
 use crate::crh::{

crypto-primitives/src/crh/bowe_hopwood/constraints.rs

@@ -1,16 +1,14 @@
-use algebra::Field;
+use core::{borrow::Borrow, hash::Hash, marker::PhantomData};
-use core::hash::Hash;
 
 use crate::crh::{
     bowe_hopwood::{BoweHopwoodPedersenCRH, BoweHopwoodPedersenParameters, CHUNK_SIZE},
     pedersen::PedersenWindow,
     FixedLengthCRHGadget,
 };
-use algebra::groups::Group;
+use algebra_core::{groups::Group, Field};
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::{alloc::AllocGadget, groups::GroupGadget, uint8::UInt8};
 
-use core::{borrow::Borrow, marker::PhantomData};
 use r1cs_std::bits::boolean::Boolean;
 
 #[derive(Derivative)]
@@ -125,38 +123,39 @@ impl<G: Group, W: PedersenWindow, ConstraintF: Field, GG: GroupGadget<G, Constra
 
 #[cfg(test)]
 mod test {
+    use rand::Rng;
+
     use crate::crh::{
         bowe_hopwood::{constraints::BoweHopwoodPedersenCRHGadget, BoweHopwoodPedersenCRH},
         pedersen::PedersenWindow,
         FixedLengthCRH, FixedLengthCRHGadget,
     };
     use algebra::{
-        curves::edwards_sw6::EdwardsProjective as Edwards, fields::sw6::fr::Fr, test_rng,
+        jubjub::{Fq as Fr, JubJubProjective as JubJub},
-        ProjectiveCurve,
+        test_rng, ProjectiveCurve,
     };
     use r1cs_core::ConstraintSystem;
     use r1cs_std::{
-        alloc::AllocGadget, groups::curves::twisted_edwards::edwards_sw6::EdwardsSWGadget,
+        alloc::AllocGadget, jubjub::JubJubGadget, test_constraint_system::TestConstraintSystem,
-        test_constraint_system::TestConstraintSystem, uint8::UInt8,
+        uint8::UInt8,
     };
-    use rand::Rng;
 
-    type TestCRH = BoweHopwoodPedersenCRH<Edwards, Window>;
+    type TestCRH = BoweHopwoodPedersenCRH<JubJub, Window>;
-    type TestCRHGadget = BoweHopwoodPedersenCRHGadget<Edwards, Fr, EdwardsSWGadget>;
+    type TestCRHGadget = BoweHopwoodPedersenCRHGadget<JubJub, Fr, JubJubGadget>;
 
     #[derive(Clone, PartialEq, Eq, Hash)]
     pub(super) struct Window;
 
     impl PedersenWindow for Window {
-        const WINDOW_SIZE: usize = 90;
+        const WINDOW_SIZE: usize = 63;
         const NUM_WINDOWS: usize = 8;
     }
 
     fn generate_input<CS: ConstraintSystem<Fr>, R: Rng>(
         mut cs: CS,
         rng: &mut R,
-    ) -> ([u8; 270], Vec<UInt8>) {
+    ) -> ([u8; 189], Vec<UInt8>) {
-        let mut input = [1u8; 270];
+        let mut input = [1u8; 189];
         rng.fill_bytes(&mut input);
 
         let mut input_bytes = vec![];

crypto-primitives/src/crh/bowe_hopwood/mod.rs

@@ -9,7 +9,7 @@ use rayon::prelude::*;
 
 use super::pedersen::{bytes_to_bits, PedersenCRH, PedersenWindow};
 use crate::crh::FixedLengthCRH;
-use algebra::{biginteger::BigInteger, fields::PrimeField, groups::Group};
+use algebra_core::{biginteger::BigInteger, fields::PrimeField, groups::Group};
 use ff_fft::cfg_chunks;
 
 #[cfg(feature = "r1cs")]
@@ -173,22 +173,22 @@ mod test {
         crh::{bowe_hopwood::BoweHopwoodPedersenCRH, pedersen::PedersenWindow},
         FixedLengthCRH,
     };
-    use algebra::{curves::edwards_sw6::EdwardsProjective, test_rng};
+    use algebra::{jubjub::JubJubProjective, test_rng};
 
     #[test]
     fn test_simple_bh() {
         #[derive(Clone)]
         struct TestWindow {}
         impl PedersenWindow for TestWindow {
-            const WINDOW_SIZE: usize = 90;
+            const WINDOW_SIZE: usize = 63;
             const NUM_WINDOWS: usize = 8;
         }
 
         let rng = &mut test_rng();
         let params =
-            <BoweHopwoodPedersenCRH<EdwardsProjective, TestWindow> as FixedLengthCRH>::setup(rng)
+            <BoweHopwoodPedersenCRH<JubJubProjective, TestWindow> as FixedLengthCRH>::setup(rng)
                 .unwrap();
-        <BoweHopwoodPedersenCRH<EdwardsProjective, TestWindow> as FixedLengthCRH>::evaluate(
+        <BoweHopwoodPedersenCRH<JubJubProjective, TestWindow> as FixedLengthCRH>::evaluate(
             &params,
             &[1, 2, 3],
         )

crypto-primitives/src/crh/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::Field;
+use algebra_core::Field;
 use core::fmt::Debug;
 
 use crate::crh::FixedLengthCRH;

crypto-primitives/src/crh/injective_map/constraints.rs

@@ -9,7 +9,7 @@ use crate::crh::{
     FixedLengthCRHGadget,
 };
 
-use algebra::{
+use algebra_core::{
     curves::{
         models::{ModelParameters, TEModelParameters},
         twisted_edwards_extended::{GroupAffine as TEAffine, GroupProjective as TEProjective},

crypto-primitives/src/crh/injective_map/mod.rs

@@ -1,5 +1,5 @@
 use crate::{CryptoError, Error};
-use algebra::bytes::ToBytes;
+use algebra_core::bytes::ToBytes;
 use core::{fmt::Debug, hash::Hash, marker::PhantomData};
 use rand::Rng;
 
@@ -7,7 +7,7 @@ use super::{
     pedersen::{PedersenCRH, PedersenParameters, PedersenWindow},
     FixedLengthCRH,
 };
-use algebra::{
+use algebra_core::{
     curves::{
         models::{ModelParameters, TEModelParameters},
         twisted_edwards_extended::{GroupAffine as TEAffine, GroupProjective as TEProjective},

crypto-primitives/src/crh/mod.rs

@@ -1,4 +1,4 @@
-use algebra::bytes::ToBytes;
+use algebra_core::bytes::ToBytes;
 use core::hash::Hash;
 use rand::Rng;
 

crypto-primitives/src/crh/pedersen/constraints.rs

@@ -2,7 +2,7 @@ use crate::crh::{
     pedersen::{PedersenCRH, PedersenParameters, PedersenWindow},
     FixedLengthCRHGadget,
 };
-use algebra::{Field, Group};
+use algebra_core::{Field, Group};
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;
 
@@ -119,14 +119,12 @@ mod test {
         FixedLengthCRH, FixedLengthCRHGadget,
     };
     use algebra::{
-        curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve},
+        jubjub::{Fq as Fr, JubJubProjective as JubJub},
-        fields::bls12_381::fr::Fr,
+        test_rng, ProjectiveCurve,
-        test_rng,
     };
     use r1cs_core::ConstraintSystem;
     use r1cs_std::{
-        groups::curves::twisted_edwards::jubjub::JubJubGadget, prelude::*,
+        jubjub::JubJubGadget, prelude::*, test_constraint_system::TestConstraintSystem,
-        test_constraint_system::TestConstraintSystem,
     };
     use rand::Rng;
 

crypto-primitives/src/crh/pedersen/mod.rs

@@ -8,7 +8,7 @@ use rand::Rng;
 use rayon::prelude::*;
 
 use crate::crh::FixedLengthCRH;
-use algebra::{groups::Group, Field, ToConstraintField};
+use algebra_core::{groups::Group, Field, ToConstraintField};
 use ff_fft::cfg_chunks;
 
 #[cfg(feature = "r1cs")]

crypto-primitives/src/lib.rs

@@ -42,7 +42,7 @@ pub use self::{
 pub type Error = Box<dyn std::error::Error>;
 
 #[cfg(not(feature = "std"))]
-pub type Error = Box<dyn algebra::Error>;
+pub type Error = Box<dyn algebra_core::Error>;
 
 #[derive(Debug)]
 pub enum CryptoError {
@@ -69,4 +69,4 @@ impl std::error::Error for CryptoError {
 }
 
 #[cfg(not(feature = "std"))]
-impl algebra::Error for CryptoError {}
+impl algebra_core::Error for CryptoError {}

crypto-primitives/src/merkle_tree/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::Field;
+use algebra_core::Field;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::{boolean::AllocatedBit, prelude::*};
 
@@ -185,16 +185,13 @@ mod test {
         },
         merkle_tree::*,
     };
-    use algebra::{curves::jubjub::JubJubAffine as JubJub, fields::jubjub::fq::Fq};
+    use algebra::jubjub::{Fq, JubJubAffine as JubJub};
     use r1cs_core::ConstraintSystem;
     use rand::SeedableRng;
     use rand_xorshift::XorShiftRng;
 
     use super::*;
-    use r1cs_std::{
+    use r1cs_std::{jubjub::JubJubGadget, test_constraint_system::TestConstraintSystem};
-        groups::curves::twisted_edwards::jubjub::JubJubGadget,
-        test_constraint_system::TestConstraintSystem,
-    };
 
     #[derive(Clone)]
     pub(super) struct Window4x256;

crypto-primitives/src/merkle_tree/mod.rs

@@ -1,5 +1,5 @@
 use crate::{crh::FixedLengthCRH, Error, Vec};
-use algebra::{bytes::ToBytes, io::Cursor};
+use algebra_core::{bytes::ToBytes, io::Cursor};
 use core::fmt;
 
 #[cfg(feature = "r1cs")]
@@ -264,12 +264,12 @@ impl std::error::Error for MerkleTreeError {
 }
 
 #[cfg(not(feature = "std"))]
-impl algebra::Error for MerkleTreeError {}
+impl algebra_core::Error for MerkleTreeError {}
 
 /// Returns the log2 value of the given number.
 #[inline]
 fn log2(number: usize) -> usize {
-    algebra::log2(number) as usize
+    algebra_core::log2(number) as usize
 }
 
 /// Returns the height of the tree, given the size of the tree.
@@ -371,7 +371,7 @@ mod test {
         crh::{pedersen::*, *},
         merkle_tree::*,
     };
-    use algebra::{curves::jubjub::JubJubAffine as JubJub, Zero};
+    use algebra::{jubjub::JubJubAffine as JubJub, Zero};
     use rand::SeedableRng;
     use rand_xorshift::XorShiftRng;
 

crypto-primitives/src/nizk/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::Field;
+use algebra_core::Field;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;
 

crypto-primitives/src/nizk/gm17/constraints.rs

@@ -1,5 +1,5 @@
 use crate::nizk::{gm17::Gm17, NIZKVerifierGadget};
-use algebra::{AffineCurve, Field, PairingEngine, ToConstraintField};
+use algebra_core::{AffineCurve, Field, PairingEngine, ToConstraintField};
 use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;
 
@@ -404,12 +404,11 @@ mod test {
 
     use super::*;
     use algebra::{
-        curves::bls12_377::Bls12_377,
+        bls12_377::{Bls12_377, Fq, Fr},
-        fields::bls12_377::{Fq, Fr},
         test_rng, BitIterator, PrimeField,
     };
     use r1cs_std::{
-        boolean::Boolean, pairing::bls12_377::PairingGadget as Bls12_377PairingGadget,
+        bls12_377::PairingGadget as Bls12_377PairingGadget, boolean::Boolean,
         test_constraint_system::TestConstraintSystem,
     };
     use rand::Rng;

crypto-primitives/src/nizk/gm17/mod.rs

@@ -1,5 +1,5 @@
 use crate::Error;
-use algebra::PairingEngine;
+use algebra_core::PairingEngine;
 use gm17::{
     create_random_proof, generate_random_parameters, prepare_verifying_key, verify_proof,
     Parameters, PreparedVerifyingKey, Proof, VerifyingKey,
@@ -7,7 +7,7 @@ use gm17::{
 use r1cs_core::ConstraintSynthesizer;
 use rand::Rng;
 
-use algebra::ToConstraintField;
+use algebra_core::ToConstraintField;
 use core::marker::PhantomData;
 
 use super::NIZK;

crypto-primitives/src/nizk/groth16/constraints.rs

@@ -1,5 +1,5 @@
 use crate::nizk::{groth16::Groth16, NIZKVerifierGadget};
-use algebra::{AffineCurve, Field, PairingEngine, ToConstraintField};
+use algebra_core::{AffineCurve, Field, PairingEngine, ToConstraintField};
 use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;
 
@@ -351,12 +351,11 @@ mod test {
 
     use super::*;
     use algebra::{
-        curves::bls12_377::Bls12_377,
+        bls12_377::{Bls12_377, Fq, Fr},
-        fields::bls12_377::{Fq, Fr},
         test_rng, BitIterator, PrimeField,
     };
     use r1cs_std::{
-        boolean::Boolean, pairing::bls12_377::PairingGadget as Bls12_377PairingGadget,
+        bls12_377::PairingGadget as Bls12_377PairingGadget, boolean::Boolean,
         test_constraint_system::TestConstraintSystem,
     };
     use rand::Rng;

crypto-primitives/src/nizk/groth16/mod.rs

@@ -1,5 +1,5 @@
 use crate::Error;
-use algebra::PairingEngine;
+use algebra_core::PairingEngine;
 use groth16::{
     create_random_proof, generate_random_parameters, prepare_verifying_key, verify_proof,
     Parameters, PreparedVerifyingKey, Proof, VerifyingKey,
@@ -7,7 +7,7 @@ use groth16::{
 use r1cs_core::ConstraintSynthesizer;
 use rand::Rng;
 
-use algebra::ToConstraintField;
+use algebra_core::ToConstraintField;
 use core::marker::PhantomData;
 
 use super::NIZK;

crypto-primitives/src/nizk/mod.rs

@@ -1,4 +1,4 @@
-use algebra::bytes::ToBytes;
+use algebra_core::bytes::ToBytes;
 use rand::Rng;
 
 #[cfg(feature = "gm17")]
@@ -59,7 +59,10 @@ mod test {
     #[test]
     fn test_gm17() {
         use crate::nizk::{gm17::Gm17, NIZK};
-        use algebra::{curves::bls12_381::Bls12_381, fields::bls12_381::Fr, One};
+        use algebra::{
+            bls12_377::{Bls12_377, Fr},
+            One,
+        };
         use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
 
         #[derive(Copy, Clone)]
@@ -104,13 +107,13 @@ mod test {
 
         let rng = &mut test_rng();
 
-        let parameters = Gm17::<Bls12_381, R1CSCircuit, [Fr]>::setup(circuit, rng).unwrap();
+        let parameters = Gm17::<Bls12_377, R1CSCircuit, [Fr]>::setup(circuit, rng).unwrap();
 
         let proof =
-            Gm17::<Bls12_381, R1CSCircuit, [Fr]>::prove(&parameters.0, circuit, rng).unwrap();
+            Gm17::<Bls12_377, R1CSCircuit, [Fr]>::prove(&parameters.0, circuit, rng).unwrap();
 
         let result =
-            Gm17::<Bls12_381, R1CSCircuit, [Fr]>::verify(&parameters.1, &[Fr::one(), sum], &proof)
+            Gm17::<Bls12_377, R1CSCircuit, [Fr]>::verify(&parameters.1, &[Fr::one(), sum], &proof)
                 .unwrap();
         assert!(result);
     }

crypto-primitives/src/prf/blake2s/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::PrimeField;
+use algebra_core::PrimeField;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 
 use crate::prf::PRFGadget;
@@ -499,7 +499,7 @@ impl<ConstraintF: PrimeField> PRFGadget<Blake2s, ConstraintF> for Blake2sGadget
 
 #[cfg(test)]
 mod test {
-    use algebra::fields::bls12_377::fr::Fr;
+    use algebra::jubjub::Fq as Fr;
     use digest::{FixedOutput, Input};
     use rand::{Rng, SeedableRng};
     use rand_xorshift::XorShiftRng;

crypto-primitives/src/prf/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::Field;
+use algebra_core::Field;
 use core::fmt::Debug;
 
 use crate::prf::PRF;

crypto-primitives/src/prf/mod.rs

@@ -1,4 +1,4 @@
-use algebra::bytes::{FromBytes, ToBytes};
+use algebra_core::bytes::{FromBytes, ToBytes};
 use core::{fmt::Debug, hash::Hash};
 
 use crate::CryptoError;

crypto-primitives/src/signature/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::Field;
+use algebra_core::Field;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;
 

crypto-primitives/src/signature/mod.rs

@@ -1,5 +1,5 @@
 use crate::Error;
-use algebra::bytes::ToBytes;
+use algebra_core::bytes::ToBytes;
 use core::hash::Hash;
 use rand::Rng;
 
@@ -54,8 +54,7 @@ pub trait SignatureScheme {
 mod test {
     use crate::{signature::schnorr::SchnorrSignature, SignatureScheme};
     use algebra::{
-        curves::edwards_sw6::EdwardsAffine as Edwards, groups::Group, test_rng, to_bytes, ToBytes,
+        groups::Group, jubjub::JubJubAffine as JubJub, test_rng, to_bytes, ToBytes, UniformRand,
-        UniformRand,
     };
     use blake2::Blake2s;
 
@@ -90,13 +89,13 @@ mod test {
     fn schnorr_signature_test() {
         let message = "Hi, I am a Schnorr signature!";
         let rng = &mut test_rng();
-        sign_and_verify::<SchnorrSignature<Edwards, Blake2s>>(message.as_bytes());
+        sign_and_verify::<SchnorrSignature<JubJub, Blake2s>>(message.as_bytes());
-        failed_verification::<SchnorrSignature<Edwards, Blake2s>>(
+        failed_verification::<SchnorrSignature<JubJub, Blake2s>>(
             message.as_bytes(),
             "Bad message".as_bytes(),
         );
-        let random_scalar = to_bytes!(<Edwards as Group>::ScalarField::rand(rng)).unwrap();
+        let random_scalar = to_bytes!(<JubJub as Group>::ScalarField::rand(rng)).unwrap();
-        randomize_and_verify::<SchnorrSignature<Edwards, Blake2s>>(
+        randomize_and_verify::<SchnorrSignature<JubJub, Blake2s>>(
             message.as_bytes(),
             &random_scalar.as_slice(),
         );

crypto-primitives/src/signature/schnorr/constraints.rs

@@ -1,4 +1,4 @@
-use algebra::{groups::Group, Field};
+use algebra_core::{groups::Group, Field};
 use r1cs_core::{ConstraintSystem, SynthesisError};
 use r1cs_std::prelude::*;
 

crypto-primitives/src/signature/schnorr/mod.rs

@@ -1,5 +1,5 @@
 use crate::{Error, SignatureScheme, Vec};
-use algebra::{
+use algebra_core::{
     bytes::ToBytes,
     fields::{Field, PrimeField},
     groups::Group,

r1cs-std/Cargo.toml

@@ -29,7 +29,18 @@ derivative = { version = "1", features = ["use_core"] }
 [dev-dependencies]
 rand = { version = "0.7", default-features = false }
 rand_xorshift = { version = "0.2" }
+# Currently this means that all downstream users of `r1cs-std` will be using
+# `algebra` with the `bls12_381` feature.
+algebra = { path = "../algebra", default-features = false, features = [ "bls12_381" ] }
 
 [features]
 default = ["std"]
-std = ["algebra/std", "r1cs-core/std"]
+full = [ "bls12_377", "jubjub", "edwards_bls12", "edwards_sw6", ]
+
+bls12_377 = [ "algebra/bls12_377" ]
+jubjub = [ "algebra/jubjub" ]
+edwards_bls12 = [ "algebra/edwards_bls12" ]
+edwards_sw6 = [ "algebra/edwards_sw6" ]
+
+std = [ "algebra/std" ]
+parallel = [ "std", "algebra/parallel" ]

r1cs-std/src/bits/boolean.rs

@@ -834,7 +834,7 @@ impl<ConstraintF: PrimeField> CondSelectGadget<ConstraintF> for Boolean {
 mod test {
     use super::{AllocatedBit, Boolean};
     use crate::{prelude::*, test_constraint_system::TestConstraintSystem};
-    use algebra::{fields::bls12_381::Fr, BitIterator, Field, One, PrimeField, UniformRand, Zero};
+    use algebra::{bls12_381::Fr, BitIterator, Field, One, PrimeField, UniformRand, Zero};
     use core::str::FromStr;
     use r1cs_core::ConstraintSystem;
     use rand::SeedableRng;

r1cs-std/src/bits/uint32.rs

@@ -344,7 +344,7 @@ impl<ConstraintF: Field> ConditionalEqGadget<ConstraintF> for UInt32 {
 mod test {
     use super::UInt32;
     use crate::{bits::boolean::Boolean, test_constraint_system::TestConstraintSystem, Vec};
-    use algebra::{fields::bls12_381::Fr, One, Zero};
+    use algebra::{bls12_381::Fr, One, Zero};
     use r1cs_core::ConstraintSystem;
     use rand::{Rng, SeedableRng};
     use rand_xorshift::XorShiftRng;

r1cs-std/src/bits/uint8.rs

@@ -298,7 +298,7 @@ impl<ConstraintF: Field> AllocGadget<u8, ConstraintF> for UInt8 {
 mod test {
     use super::UInt8;
     use crate::{prelude::*, test_constraint_system::TestConstraintSystem, Vec};
-    use algebra::fields::bls12_381::Fr;
+    use algebra::bls12_381::Fr;
     use r1cs_core::ConstraintSystem;
     use rand::{Rng, SeedableRng};
     use rand_xorshift::XorShiftRng;

r1cs-std/src/fields/bls12_377.rs

@@ -1,8 +0,0 @@
-use algebra::fields::bls12_377::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
-
-use super::{fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, fp6_3over2::Fp6Gadget};
-
-pub type FqGadget = FpGadget<Fq>;
-pub type Fq2Gadget = Fp2Gadget<Fq2Parameters, Fq>;
-pub type Fq6Gadget = Fp6Gadget<Fq6Parameters, Fq>;
-pub type Fq12Gadget = Fp12Gadget<Fq12Parameters, Fq>;

r1cs-std/src/fields/edwards_bls12.rs

@@ -1,4 +0,0 @@
-use crate::fields::fp::FpGadget;
-use algebra::fields::edwards_bls12::fq::Fq;
-
-pub type FqGadget = FpGadget<Fq>;

r1cs-std/src/fields/edwards_sw6.rs

@@ -1,4 +0,0 @@
-use crate::fields::fp::FpGadget;
-use algebra::fields::edwards_sw6::fq::Fq;
-
-pub type FqGadget = FpGadget<Fq>;

r1cs-std/src/fields/jubjub.rs

@@ -1,6 +0,0 @@
-use algebra::fields::jubjub::fq::Fq;
-
-use crate::fields::fp::FpGadget;
-
-// JubJub Fq uses BLS12-381 Fr.
-pub type FqGadget = FpGadget<Fq>;

r1cs-std/src/fields/mod.rs

@@ -9,11 +9,6 @@ pub mod fp12;
 pub mod fp2;
 pub mod fp6_3over2;
 
-pub mod bls12_377;
-pub mod edwards_bls12;
-pub mod edwards_sw6;
-pub mod jubjub;
-
 pub trait FieldGadget<F: Field, ConstraintF: Field>:
     Sized
     + Clone
@@ -235,7 +230,7 @@ pub trait FieldGadget<F: Field, ConstraintF: Field>:
 }
 
 #[cfg(test)]
-mod test {
+pub(crate) mod tests {
     use rand::{self, SeedableRng};
     use rand_xorshift::XorShiftRng;
 
@@ -243,18 +238,15 @@ mod test {
     use algebra::{test_rng, BitIterator, Field, UniformRand};
     use r1cs_core::ConstraintSystem;
 
-    fn field_test<
+    #[allow(dead_code)]
-        FE: Field,
+    pub(crate) fn field_test<FE: Field, ConstraintF: Field, F: FieldGadget<FE, ConstraintF>>() {
-        ConstraintF: Field,
+        let mut cs = TestConstraintSystem::<ConstraintF>::new();
-        F: FieldGadget<FE, ConstraintF>,
+
-        CS: ConstraintSystem<ConstraintF>,
+        let mut rng = test_rng();
-    >(
+        let a_native = FE::rand(&mut rng);
-        mut cs: CS,
+        let b_native = FE::rand(&mut rng);
-        a: F,
+        let a = F::alloc(&mut cs.ns(|| "generate_a"), || Ok(a_native)).unwrap();
-        b: F,
+        let b = F::alloc(&mut cs.ns(|| "generate_b"), || Ok(b_native)).unwrap();
-    ) {
-        let a_native = a.get_value().unwrap();
-        let b_native = b.get_value().unwrap();
 
         let zero = F::zero(cs.ns(|| "zero")).unwrap();
         let zero_native = zero.get_value().unwrap();
@@ -447,17 +439,22 @@ mod test {
             )
             .unwrap();
         assert_eq!(ab_true.get_value().unwrap(), a_native + &b_native);
+
+        if !cs.is_satisfied() {
+            println!("{:?}", cs.which_is_unsatisfied().unwrap());
+        }
+        assert!(cs.is_satisfied());
     }
 
-    fn random_frobenius_tests<
+    #[allow(dead_code)]
+    pub(crate) fn frobenius_tests<
         FE: Field,
         ConstraintF: Field,
         F: FieldGadget<FE, ConstraintF>,
-        CS: ConstraintSystem<ConstraintF>,
     >(
-        mut cs: CS,
         maxpower: usize,
     ) {
+        let mut cs = TestConstraintSystem::<ConstraintF>::new();
         let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
         for i in 0..=maxpower {
             let mut a = FE::rand(&mut rng);
@@ -469,87 +466,7 @@ mod test {
 
             assert_eq!(a_gadget.get_value().unwrap(), a);
         }
-    }
 
-    #[test]
-    fn bls12_377_field_gadgets_test() {
-        use crate::fields::bls12_377::{Fq12Gadget, Fq2Gadget, Fq6Gadget, FqGadget};
-        use algebra::fields::bls12_377::{Fq, Fq12, Fq2, Fq6};
-
-        let mut cs = TestConstraintSystem::<Fq>::new();
-
-        let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
-
-        let a = FqGadget::alloc(&mut cs.ns(|| "generate_a"), || Ok(Fq::rand(&mut rng))).unwrap();
-        let b = FqGadget::alloc(&mut cs.ns(|| "generate_b"), || Ok(Fq::rand(&mut rng))).unwrap();
-        field_test(cs.ns(|| "test_fq"), a, b);
-        if !cs.is_satisfied() {
-            println!("{:?}", cs.which_is_unsatisfied().unwrap());
-        }
-
-        let c = Fq2Gadget::alloc(&mut cs.ns(|| "generate_c"), || Ok(Fq2::rand(&mut rng))).unwrap();
-        let d = Fq2Gadget::alloc(&mut cs.ns(|| "generate_d"), || Ok(Fq2::rand(&mut rng))).unwrap();
-        field_test(cs.ns(|| "test_fq2"), c, d);
-        random_frobenius_tests::<Fq2, _, Fq2Gadget, _>(cs.ns(|| "test_frob_fq2"), 13);
-        if !cs.is_satisfied() {
-            println!("{:?}", cs.which_is_unsatisfied().unwrap());
-        }
-
-        let a = Fq6Gadget::alloc(&mut cs.ns(|| "generate_e"), || Ok(Fq6::rand(&mut rng))).unwrap();
-        let b = Fq6Gadget::alloc(&mut cs.ns(|| "generate_f"), || Ok(Fq6::rand(&mut rng))).unwrap();
-        field_test(cs.ns(|| "test_fq6"), a, b);
-        random_frobenius_tests::<Fq6, _, Fq6Gadget, _>(cs.ns(|| "test_frob_fq6"), 13);
-        if !cs.is_satisfied() {
-            println!("{:?}", cs.which_is_unsatisfied().unwrap());
-        }
-
-        let c =
-            Fq12Gadget::alloc(&mut cs.ns(|| "generate_g"), || Ok(Fq12::rand(&mut rng))).unwrap();
-        let d =
-            Fq12Gadget::alloc(&mut cs.ns(|| "generate_h"), || Ok(Fq12::rand(&mut rng))).unwrap();
-        field_test(cs.ns(|| "test_fq12"), c, d);
-        random_frobenius_tests::<Fq12, _, Fq12Gadget, _>(cs.ns(|| "test_frob_fq12"), 13);
-        if !cs.is_satisfied() {
-            println!("Here!");
-            println!("{:?}", cs.which_is_unsatisfied().unwrap());
-        }
-
-        assert!(cs.is_satisfied());
-    }
-
-    #[test]
-    fn jubjub_field_gadgets_test() {
-        use crate::fields::jubjub::FqGadget;
-        use algebra::fields::jubjub::fq::Fq;
-
-        let mut cs = TestConstraintSystem::<Fq>::new();
-
-        let mut rng = test_rng();
-
-        let a = FqGadget::alloc(&mut cs.ns(|| "generate_a"), || Ok(Fq::rand(&mut rng))).unwrap();
-        let b = FqGadget::alloc(&mut cs.ns(|| "generate_b"), || Ok(Fq::rand(&mut rng))).unwrap();
-        field_test(cs.ns(|| "test_fq"), a, b);
-        if !cs.is_satisfied() {
-            println!("{:?}", cs.which_is_unsatisfied().unwrap());
-        }
-        assert!(cs.is_satisfied());
-    }
-
-    #[test]
-    fn edwards_field_gadgets_test() {
-        use crate::fields::edwards_bls12::FqGadget;
-        use algebra::fields::edwards_bls12::fq::Fq;
-
-        let mut cs = TestConstraintSystem::<Fq>::new();
-
-        let mut rng = test_rng();
-
-        let a = FqGadget::alloc(&mut cs.ns(|| "generate_a"), || Ok(Fq::rand(&mut rng))).unwrap();
-        let b = FqGadget::alloc(&mut cs.ns(|| "generate_b"), || Ok(Fq::rand(&mut rng))).unwrap();
-        field_test(cs.ns(|| "test_fq"), a, b);
-        if !cs.is_satisfied() {
-            println!("{:?}", cs.which_is_unsatisfied().unwrap());
-        }
         assert!(cs.is_satisfied());
     }
 }

r1cs-std/src/groups/curves/short_weierstrass/bls12/mod.rs

@@ -14,13 +14,12 @@ use crate::{
 
 use core::fmt::Debug;
 
-pub mod bls12_377;
-
 pub type G1Gadget<P> = AffineGadget<
     <P as Bls12Parameters>::G1Parameters,
     <P as Bls12Parameters>::Fp,
     FpGadget<<P as Bls12Parameters>::Fp>,
 >;
+
 pub type G2Gadget<P> =
     AffineGadget<<P as Bls12Parameters>::G2Parameters, <P as Bls12Parameters>::Fp, Fp2G<P>>;
 
@@ -33,9 +32,7 @@ pub struct G1PreparedGadget<P: Bls12Parameters>(pub G1Gadget<P>);
 
 impl<P: Bls12Parameters> G1PreparedGadget<P> {
     pub fn get_value(&self) -> Option<G1Prepared<P>> {
-        Some(G1Prepared::from_affine(
+        Some(G1Prepared::from(self.0.get_value().unwrap().into_affine()))
-            self.0.get_value().unwrap().into_affine(),
-        ))
     }
 
     pub fn from_affine<CS: ConstraintSystem<P::Fp>>(

r1cs-std/src/groups/curves/twisted_edwards/edwards_bls12.rs

@@ -1,30 +0,0 @@
-use crate::groups::curves::twisted_edwards::AffineGadget;
-use algebra::{curves::edwards_bls12::EdwardsParameters, fields::edwards_bls12::fq::Fq};
-
-use crate::fields::edwards_bls12::FqGadget;
-
-pub type EdwardsBlsGadget = AffineGadget<EdwardsParameters, Fq, FqGadget>;
-
-#[cfg(test)]
-mod test {
-    use super::EdwardsBlsGadget as EdwardsG;
-    use crate::{
-        groups::curves::twisted_edwards::test::{edwards_constraint_costs, edwards_test},
-        test_constraint_system::TestConstraintSystem,
-    };
-    use algebra::{curves::edwards_bls12::EdwardsParameters, fields::edwards_bls12::fq::Fq};
-
-    #[test]
-    fn edwards_constraint_costs_test() {
-        let mut cs = TestConstraintSystem::<Fq>::new();
-        edwards_constraint_costs::<_, EdwardsParameters, EdwardsG, _>(&mut cs);
-        assert!(cs.is_satisfied());
-    }
-
-    #[test]
-    fn edwards_bls12_gadget_test() {
-        let mut cs = TestConstraintSystem::<Fq>::new();
-        edwards_test::<_, EdwardsParameters, EdwardsG, _>(&mut cs);
-        assert!(cs.is_satisfied());
-    }
-}

r1cs-std/src/groups/curves/twisted_edwards/edwards_sw6.rs

@@ -1,30 +0,0 @@
-use crate::groups::curves::twisted_edwards::AffineGadget;
-use algebra::{curves::edwards_sw6::EdwardsParameters, fields::edwards_sw6::fq::Fq};
-
-use crate::fields::edwards_sw6::FqGadget;
-
-pub type EdwardsSWGadget = AffineGadget<EdwardsParameters, Fq, FqGadget>;
-
-#[cfg(test)]
-mod test {
-    use super::EdwardsSWGadget as EdwardsG;
-    use crate::{
-        groups::curves::twisted_edwards::test::{edwards_constraint_costs, edwards_test},
-        test_constraint_system::TestConstraintSystem,
-    };
-    use algebra::{curves::edwards_sw6::EdwardsParameters, fields::edwards_sw6::fq::Fq};
-
-    #[test]
-    fn edwards_constraint_costs_test() {
-        let mut cs = TestConstraintSystem::<Fq>::new();
-        edwards_constraint_costs::<_, EdwardsParameters, EdwardsG, _>(&mut cs);
-        assert!(cs.is_satisfied());
-    }
-
-    #[test]
-    fn edwards_sw6_gadget_test() {
-        let mut cs = TestConstraintSystem::<Fq>::new();
-        edwards_test::<_, EdwardsParameters, EdwardsG, _>(&mut cs);
-        assert!(cs.is_satisfied());
-    }
-}

r1cs-std/src/groups/curves/twisted_edwards/jubjub.rs

@@ -1,30 +0,0 @@
-use crate::groups::curves::twisted_edwards::AffineGadget;
-use algebra::{curves::jubjub::JubJubParameters, fields::jubjub::fq::Fq};
-
-use crate::fields::jubjub::FqGadget;
-
-pub type JubJubGadget = AffineGadget<JubJubParameters, Fq, FqGadget>;
-
-#[cfg(test)]
-mod test {
-    use super::JubJubGadget as EdwardsG;
-    use crate::{
-        groups::curves::twisted_edwards::test::{edwards_constraint_costs, edwards_test},
-        test_constraint_system::TestConstraintSystem,
-    };
-    use algebra::{curves::jubjub::JubJubParameters as EdwardsParameters, fields::jubjub::fq::Fq};
-
-    #[test]
-    fn edwards_constraint_costs_test() {
-        let mut cs = TestConstraintSystem::<Fq>::new();
-        edwards_constraint_costs::<_, EdwardsParameters, EdwardsG, _>(&mut cs);
-        assert!(cs.is_satisfied());
-    }
-
-    #[test]
-    fn jubjub_gadget_test() {
-        let mut cs = TestConstraintSystem::<Fq>::new();
-        edwards_test::<_, EdwardsParameters, EdwardsG, _>(&mut cs);
-        assert!(cs.is_satisfied());
-    }
-}

r1cs-std/src/groups/curves/twisted_edwards/mod.rs

@@ -12,12 +12,6 @@ use crate::{prelude::*, Vec};
 
 use core::{borrow::Borrow, marker::PhantomData};
 
-pub mod edwards_bls12;
-pub mod edwards_sw6;
-pub mod jubjub;
-#[cfg(test)]
-mod test;
-
 #[derive(Derivative)]
 #[derivative(Debug, Clone)]
 #[derivative(Debug(bound = "P: TEModelParameters, ConstraintF: Field"))]
@@ -1404,3 +1398,65 @@ where
         Ok(x_bytes)
     }
 }
+
+#[cfg(test)]
+#[allow(dead_code)]
+pub(crate) fn test<ConstraintF, P, GG>()
+where
+    ConstraintF: Field,
+    P: TEModelParameters,
+    GG: GroupGadget<TEAffine<P>, ConstraintF, Value = TEAffine<P>>,
+{
+    use crate::{
+        boolean::AllocatedBit, groups::test::group_test, prelude::*,
+        test_constraint_system::TestConstraintSystem,
+    };
+    use algebra::{test_rng, Group, PrimeField, UniformRand};
+    use rand::Rng;
+
+    group_test::<ConstraintF, TEAffine<P>, GG>();
+
+    let mut cs = TestConstraintSystem::new();
+
+    let a: TEAffine<P> = UniformRand::rand(&mut test_rng());
+    let gadget_a = GG::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
+    // Check mul_bits
+    let scalar: <TEAffine<P> as Group>::ScalarField = UniformRand::rand(&mut test_rng());
+    let native_result = a.mul(&scalar);
+
+    let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
+    // Get the scalar bits into little-endian form.
+    scalar.reverse();
+    let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
+    let zero = GG::zero(cs.ns(|| "zero")).unwrap();
+    let result = gadget_a
+        .mul_bits(cs.ns(|| "mul_bits"), &zero, input.iter())
+        .unwrap();
+    let gadget_value = result.get_value().expect("Gadget_result failed");
+    assert_eq!(native_result, gadget_value);
+
+    assert!(cs.is_satisfied());
+
+    // Test the cost of allocation, conditional selection, and point addition.
+    let mut cs = TestConstraintSystem::new();
+
+    let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
+        .unwrap()
+        .into();
+
+    let mut rng = test_rng();
+    let a: TEAffine<P> = rng.gen();
+    let b: TEAffine<P> = rng.gen();
+    let gadget_a = GG::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
+    let gadget_b = GG::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
+    let alloc_cost = cs.num_constraints();
+    let _ =
+        GG::conditionally_select(&mut cs.ns(|| "cond_select"), &bit, &gadget_a, &gadget_b).unwrap();
+    let cond_select_cost = cs.num_constraints() - alloc_cost;
+
+    let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
+    let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
+    assert_eq!(cond_select_cost, <GG as CondSelectGadget<_>>::cost());
+    assert_eq!(add_cost, GG::cost_of_add());
+    assert!(cs.is_satisfied());
+}

r1cs-std/src/groups/curves/twisted_edwards/test.rs

@@ -1,72 +0,0 @@
-use crate::{groups::test::group_test, prelude::*, Vec};
-use algebra::{
-    curves::{models::TEModelParameters, twisted_edwards_extended::GroupAffine as TEAffine},
-    test_rng, BitIterator, Field, Group, PrimeField, UniformRand,
-};
-use rand::Rng;
-
-use r1cs_core::ConstraintSystem;
-
-pub(crate) fn edwards_test<ConstraintF, P, GG, CS>(cs: &mut CS)
-where
-    ConstraintF: Field,
-    P: TEModelParameters,
-    GG: GroupGadget<TEAffine<P>, ConstraintF, Value = TEAffine<P>>,
-    CS: ConstraintSystem<ConstraintF>,
-{
-    let a: TEAffine<P> = UniformRand::rand(&mut test_rng());
-    let b: TEAffine<P> = UniformRand::rand(&mut test_rng());
-    let gadget_a = GG::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
-    let gadget_b = GG::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
-    assert_eq!(gadget_a.get_value().unwrap(), a);
-    assert_eq!(gadget_b.get_value().unwrap(), b);
-    group_test::<ConstraintF, TEAffine<P>, GG, _>(
-        &mut cs.ns(|| "GroupTest(a, b)"),
-        gadget_a.clone(),
-        gadget_b,
-    );
-
-    // Check mul_bits
-    let scalar: <TEAffine<P> as Group>::ScalarField = UniformRand::rand(&mut test_rng());
-    let native_result = a.mul(&scalar);
-
-    let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
-    // Get the scalar bits into little-endian form.
-    scalar.reverse();
-    let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
-    let zero = GG::zero(cs.ns(|| "zero")).unwrap();
-    let result = gadget_a
-        .mul_bits(cs.ns(|| "mul_bits"), &zero, input.iter())
-        .unwrap();
-    let gadget_value = result.get_value().expect("Gadget_result failed");
-    assert_eq!(native_result, gadget_value);
-}
-
-pub(crate) fn edwards_constraint_costs<ConstraintF, P, GG, CS>(cs: &mut CS)
-where
-    ConstraintF: Field,
-    P: TEModelParameters,
-    GG: GroupGadget<TEAffine<P>, ConstraintF, Value = TEAffine<P>>,
-    CS: ConstraintSystem<ConstraintF>,
-{
-    use crate::boolean::AllocatedBit;
-
-    let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
-        .unwrap()
-        .into();
-
-    let mut rng = test_rng();
-    let a: TEAffine<P> = rng.gen();
-    let b: TEAffine<P> = rng.gen();
-    let gadget_a = GG::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
-    let gadget_b = GG::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
-    let alloc_cost = cs.num_constraints();
-    let _ =
-        GG::conditionally_select(&mut cs.ns(|| "cond_select"), &bit, &gadget_a, &gadget_b).unwrap();
-    let cond_select_cost = cs.num_constraints() - alloc_cost;
-
-    let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
-    let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
-    assert_eq!(cond_select_cost, <GG as CondSelectGadget<_>>::cost());
-    assert_eq!(add_cost, GG::cost_of_add());
-}

r1cs-std/src/groups/mod.rs

@@ -6,10 +6,7 @@ use core::{borrow::Borrow, fmt::Debug};
 
 pub mod curves;
 
-pub use self::curves::{
+pub use self::curves::short_weierstrass::bls12;
-    short_weierstrass::bls12,
-    twisted_edwards::{edwards_sw6, jubjub},
-};
 
 pub trait GroupGadget<G: Group, ConstraintF: Field>:
     Sized
@@ -165,21 +162,19 @@ pub trait GroupGadget<G: Group, ConstraintF: Field>:
 mod test {
     use algebra::{test_rng, Field};
     use r1cs_core::ConstraintSystem;
-    use rand::Rng;
 
     use crate::{prelude::*, test_constraint_system::TestConstraintSystem};
     use algebra::groups::Group;
 
-    pub(crate) fn group_test<
+    pub(crate) fn group_test<ConstraintF: Field, G: Group, GG: GroupGadget<G, ConstraintF>>() {
-        ConstraintF: Field,
+        let mut cs = TestConstraintSystem::<ConstraintF>::new();
-        G: Group,
+
-        GG: GroupGadget<G, ConstraintF>,
+        let mut rng = test_rng();
-        CS: ConstraintSystem<ConstraintF>,
+        let a_native = G::rand(&mut rng);
-    >(
+        let b_native = G::rand(&mut rng);
-        cs: &mut CS,
+        let a = GG::alloc(&mut cs.ns(|| "generate_a"), || Ok(a_native)).unwrap();
-        a: GG,
+        let b = GG::alloc(&mut cs.ns(|| "generate_b"), || Ok(b_native)).unwrap();
-        b: GG,
+
-    ) {
         let zero = GG::zero(cs.ns(|| "Zero")).unwrap();
         assert_eq!(zero, zero);
 
@@ -217,21 +212,9 @@ mod test {
         let _ = b
             .to_bytes_strict(&mut cs.ns(|| "b ToBytes Strict"))
             .unwrap();
-    }
+        if !cs.is_satisfied() {
-
+            println!("{:?}", cs.which_is_unsatisfied().unwrap());
-    #[test]
+        }
-    fn jubjub_group_gadgets_test() {
+        assert!(cs.is_satisfied());
-        use crate::groups::jubjub::JubJubGadget;
-        use algebra::{curves::jubjub::JubJubProjective, fields::jubjub::fq::Fq};
-
-        let mut cs = TestConstraintSystem::<Fq>::new();
-
-        let mut rng = test_rng();
-        let a: JubJubProjective = rng.gen();
-        let b: JubJubProjective = rng.gen();
-
-        let a = JubJubGadget::alloc(&mut cs.ns(|| "generate_a"), || Ok(a)).unwrap();
-        let b = JubJubGadget::alloc(&mut cs.ns(|| "generate_b"), || Ok(b)).unwrap();
-        group_test::<_, JubJubProjective, _, _>(&mut cs.ns(|| "GroupTest(a, b)"), a, b);
     }
 }

r1cs-std/src/instantiated/bls12_377/curves.rs

@@ -1,14 +1,11 @@
-use crate::groups::bls12::{
+use crate::groups::bls12;
-    G1Gadget as Bls12G1Gadget, G1PreparedGadget as Bls12G1PreparedGadget,
+use algebra::bls12_377::Parameters;
-    G2Gadget as Bls12G2Gadget, G2PreparedGadget as Bls12G2PreparedGadget,
-};
-use algebra::curves::bls12_377::Bls12_377Parameters;
 
-pub type G1Gadget = Bls12G1Gadget<Bls12_377Parameters>;
+pub type G1Gadget = bls12::G1Gadget<Parameters>;
-pub type G2Gadget = Bls12G2Gadget<Bls12_377Parameters>;
+pub type G2Gadget = bls12::G2Gadget<Parameters>;
 
-pub type G1PreparedGadget = Bls12G1PreparedGadget<Bls12_377Parameters>;
+pub type G1PreparedGadget = bls12::G1PreparedGadget<Parameters>;
-pub type G2PreparedGadget = Bls12G2PreparedGadget<Bls12_377Parameters>;
+pub type G2PreparedGadget = bls12::G2PreparedGadget<Parameters>;
 
 #[cfg(test)]
 mod test {
@@ -16,11 +13,7 @@ mod test {
 
     use super::{G1Gadget, G2Gadget};
     use crate::{prelude::*, test_constraint_system::TestConstraintSystem, Vec};
-    use algebra::{
+    use algebra::{bls12_377::*, test_rng, AffineCurve, BitIterator, PrimeField, ProjectiveCurve};
-        curves::bls12_377::{G1Projective as G1, G2Projective as G2},
-        fields::bls12_377::{Fq, Fr},
-        test_rng, AffineCurve, BitIterator, PrimeField, ProjectiveCurve,
-    };
     use r1cs_core::ConstraintSystem;
 
     #[test]
@@ -34,8 +27,8 @@ mod test {
             .into();
 
         let mut rng = test_rng();
-        let a: G1 = rng.gen();
+        let a: G1Projective = rng.gen();
-        let b: G1 = rng.gen();
+        let b: G1Projective = rng.gen();
         let gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
         let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
         let alloc_cost = cs.num_constraints();
@@ -67,8 +60,8 @@ mod test {
             .into();
 
         let mut rng = test_rng();
-        let a: G2 = rng.gen();
+        let a: G2Projective = rng.gen();
-        let b: G2 = rng.gen();
+        let b: G2Projective = rng.gen();
         let gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
         let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
         let alloc_cost = cs.num_constraints();
@@ -98,8 +91,8 @@ mod test {
 
         let mut cs = TestConstraintSystem::<Fq>::new();
 
-        let a = G1::rand(&mut rng);
+        let a = G1Projective::rand(&mut rng);
-        let b = G1::rand(&mut rng);
+        let b = G1Projective::rand(&mut rng);
         let a_affine = a.into_affine();
         let b_affine = b.into_affine();
         let mut gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
@@ -167,8 +160,8 @@ mod test {
         let mut cs = TestConstraintSystem::<Fq>::new();
 
         let mut rng = test_rng();
-        let a: G2 = rng.gen();
+        let a: G2Projective = rng.gen();
-        let b: G2 = rng.gen();
+        let b: G2Projective = rng.gen();
         let a_affine = a.into_affine();
         let b_affine = b.into_affine();
 

r1cs-std/src/instantiated/bls12_377/fields.rs

@@ -0,0 +1,27 @@
+use algebra::bls12_377::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters};
+
+use crate::fields::{fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, fp6_3over2::Fp6Gadget};
+
+pub type FqGadget = FpGadget<Fq>;
+pub type Fq2Gadget = Fp2Gadget<Fq2Parameters, Fq>;
+pub type Fq6Gadget = Fp6Gadget<Fq6Parameters, Fq>;
+pub type Fq12Gadget = Fp12Gadget<Fq12Parameters, Fq>;
+
+#[test]
+fn bls12_377_field_gadgets_test() {
+    use super::*;
+    use crate::fields::tests::*;
+    use algebra::bls12_377::{Fq, Fq12, Fq2, Fq6};
+
+    field_test::<_, Fq, FqGadget>();
+    frobenius_tests::<Fq, Fq, FqGadget>(13);
+
+    field_test::<_, Fq, Fq2Gadget>();
+    frobenius_tests::<Fq2, Fq, Fq2Gadget>(13);
+
+    field_test::<_, Fq, Fq6Gadget>();
+    frobenius_tests::<Fq6, Fq, Fq6Gadget>(13);
+
+    field_test::<_, Fq, Fq12Gadget>();
+    frobenius_tests::<Fq12, Fq, Fq12Gadget>(13);
+}

r1cs-std/src/instantiated/bls12_377/mod.rs

@@ -0,0 +1,7 @@
+mod curves;
+mod fields;
+mod pairing;
+
+pub use curves::*;
+pub use fields::*;
+pub use pairing::*;

r1cs-std/src/instantiated/bls12_377/pairing.rs

@@ -0,0 +1,8 @@
+use algebra::bls12_377::Parameters;
+
+pub type PairingGadget = crate::pairing::bls12::PairingGadget<Parameters>;
+
+#[test]
+fn test() {
+    crate::pairing::tests::bilinearity_test::<algebra::Bls12_377, _, PairingGadget>()
+}

r1cs-std/src/instantiated/edwards_bls12/curves.rs

@@ -0,0 +1,11 @@
+use crate::groups::curves::twisted_edwards::AffineGadget;
+use algebra::edwards_bls12::*;
+
+use crate::edwards_bls12::FqGadget;
+
+pub type EdwardsBlsGadget = AffineGadget<EdwardsParameters, Fq, FqGadget>;
+
+#[test]
+fn test() {
+    crate::groups::curves::twisted_edwards::test::<_, EdwardsParameters, EdwardsBlsGadget>();
+}

r1cs-std/src/instantiated/edwards_bls12/fields.rs

@@ -0,0 +1,9 @@
+use crate::fields::fp::FpGadget;
+use algebra::edwards_bls12::fq::Fq;
+
+pub type FqGadget = FpGadget<Fq>;
+
+#[test]
+fn test() {
+    crate::fields::tests::field_test::<_, Fq, FqGadget>();
+}

r1cs-std/src/instantiated/edwards_bls12/mod.rs

@@ -0,0 +1,5 @@
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;

r1cs-std/src/instantiated/edwards_sw6/curves.rs

@@ -0,0 +1,11 @@
+use crate::groups::curves::twisted_edwards::AffineGadget;
+use algebra::edwards_sw6::*;
+
+use crate::edwards_sw6::FqGadget;
+
+pub type EdwardsSWGadget = AffineGadget<EdwardsParameters, Fq, FqGadget>;
+
+#[test]
+fn test() {
+    crate::groups::curves::twisted_edwards::test::<_, EdwardsParameters, EdwardsSWGadget>();
+}

r1cs-std/src/instantiated/edwards_sw6/fields.rs

@@ -0,0 +1,9 @@
+use crate::fields::fp::FpGadget;
+use algebra::edwards_sw6::fq::Fq;
+
+pub type FqGadget = FpGadget<Fq>;
+
+#[test]
+fn test() {
+    crate::fields::tests::field_test::<_, Fq, FqGadget>();
+}

r1cs-std/src/instantiated/edwards_sw6/mod.rs

@@ -0,0 +1,5 @@
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;

r1cs-std/src/instantiated/jubjub/curves.rs

@@ -0,0 +1,11 @@
+use crate::groups::curves::twisted_edwards::AffineGadget;
+use algebra::jubjub::*;
+
+use crate::jubjub::FqGadget;
+
+pub type JubJubGadget = AffineGadget<JubJubParameters, Fq, FqGadget>;
+
+#[test]
+fn test() {
+    crate::groups::curves::twisted_edwards::test::<Fq, _, JubJubGadget>();
+}

r1cs-std/src/instantiated/jubjub/fields.rs

@@ -0,0 +1,8 @@
+use crate::fields::fp::FpGadget;
+
+pub type FqGadget = FpGadget<algebra::jubjub::Fq>;
+
+#[test]
+fn test() {
+    crate::fields::tests::field_test::<_, algebra::jubjub::Fq, FqGadget>();
+}

r1cs-std/src/instantiated/jubjub/mod.rs

@@ -0,0 +1,5 @@
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;

r1cs-std/src/instantiated/mod.rs

@@ -0,0 +1,11 @@
+#[cfg(feature = "bls12_377")]
+pub mod bls12_377;
+
+#[cfg(feature = "edwards_bls12")]
+pub mod edwards_bls12;
+
+#[cfg(feature = "edwards_sw6")]
+pub mod edwards_sw6;
+
+#[cfg(feature = "jubjub")]
+pub mod jubjub;

r1cs-std/src/lib.rs

@@ -1,37 +1,10 @@
 #![cfg_attr(not(feature = "std"), no_std)]
-#![deny(
+#![deny(unused_import_braces, unused_qualifications, trivial_casts)]
-    unused_import_braces,
+#![deny(trivial_numeric_casts, variant_size_differences, unreachable_pub)]
-    unused_qualifications,
+#![deny(non_shorthand_field_patterns, unused_attributes, unused_imports)]
-    trivial_casts,
+#![deny(unused_extern_crates, renamed_and_removed_lints, unused_allocation)]
-    trivial_numeric_casts
+#![deny(unused_comparisons, bare_trait_objects, const_err, unused_must_use)]
-)]
+#![deny(unused_mut, unused_unsafe, private_in_public, unsafe_code)]
-#![deny(
-    unused_qualifications,
-    variant_size_differences,
-    stable_features,
-    unreachable_pub
-)]
-#![deny(
-    non_shorthand_field_patterns,
-    unused_attributes,
-    unused_imports,
-    unused_extern_crates
-)]
-#![deny(
-    renamed_and_removed_lints,
-    stable_features,
-    unused_allocation,
-    unused_comparisons,
-    bare_trait_objects
-)]
-#![deny(
-    const_err,
-    unused_must_use,
-    unused_mut,
-    unused_unsafe,
-    private_in_public,
-    unsafe_code
-)]
 #![forbid(unsafe_code)]
 
 #[cfg(all(test, not(feature = "std")))]
@@ -69,6 +42,20 @@ pub mod fields;
 
 pub mod groups;
 
+mod instantiated;
+
+#[cfg(feature = "bls12_377")]
+pub use instantiated::bls12_377;
+
+#[cfg(feature = "edwards_bls12")]
+pub use instantiated::edwards_bls12;
+
+#[cfg(feature = "edwards_sw6")]
+pub use instantiated::edwards_sw6;
+
+#[cfg(feature = "jubjub")]
+pub use instantiated::jubjub;
+
 pub mod pairing;
 
 pub mod alloc;
@@ -82,6 +69,7 @@ pub mod prelude {
         eq::*,
         fields::FieldGadget,
         groups::GroupGadget,
+        instantiated::*,
         pairing::PairingGadget,
         select::*,
     };

r1cs-std/src/pairing/bls12/bls12_377.rs

@@ -1,4 +0,0 @@
-use crate::pairing::bls12::PairingGadget as Bls12PG;
-use algebra::curves::bls12_377::Bls12_377Parameters;
-
-pub type PairingGadget = Bls12PG<Bls12_377Parameters>;

r1cs-std/src/pairing/bls12/mod.rs

@@ -7,20 +7,11 @@ use crate::{
     groups::bls12::{G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget},
 };
 use algebra::{
-    curves::{
+    curves::bls12::{Bls12, Bls12Parameters, TwistType},
-        bls12::{
+    fields::BitIterator,
-            Bls12, Bls12Parameters, G1Affine, G1Prepared, G1Projective, G2Affine, G2Prepared,
-            G2Projective, TwistType,
-        },
-        models::ModelParameters,
-        PairingCurve,
-    },
-    fields::{fp12_2over3over2::Fp12, BitIterator},
 };
 use core::marker::PhantomData;
 
-pub mod bls12_377;
-
 pub struct PairingGadget<P: Bls12Parameters>(PhantomData<P>);
 
 type Fp2G<P> = Fp2Gadget<<P as Bls12Parameters>::Fp2Params, <P as Bls12Parameters>::Fp>;
@@ -71,25 +62,7 @@ impl<P: Bls12Parameters> PairingGadget<P> {
     }
 }
 
-impl<P: Bls12Parameters> PG<Bls12<P>, P::Fp> for PairingGadget<P>
+impl<P: Bls12Parameters> PG<Bls12<P>, P::Fp> for PairingGadget<P> {
-where
-    G1Affine<P>: PairingCurve<
-        BaseField = <P::G1Parameters as ModelParameters>::BaseField,
-        ScalarField = <P::G1Parameters as ModelParameters>::ScalarField,
-        Projective = G1Projective<P>,
-        PairWith = G2Affine<P>,
-        Prepared = G1Prepared<P>,
-        PairingResult = Fp12<P::Fp12Params>,
-    >,
-    G2Affine<P>: PairingCurve<
-        BaseField = <P::G2Parameters as ModelParameters>::BaseField,
-        ScalarField = <P::G1Parameters as ModelParameters>::ScalarField,
-        Projective = G2Projective<P>,
-        PairWith = G1Affine<P>,
-        Prepared = G2Prepared<P>,
-        PairingResult = Fp12<P::Fp12Params>,
-    >,
-{
     type G1Gadget = G1Gadget<P>;
     type G2Gadget = G2Gadget<P>;
     type G1PreparedGadget = G1PreparedGadget<P>;

r1cs-std/src/pairing/mod.rs

@@ -4,7 +4,6 @@ use core::fmt::Debug;
 use r1cs_core::{ConstraintSystem, SynthesisError};
 
 pub mod bls12;
-pub use self::bls12::bls12_377;
 
 pub trait PairingGadget<PairingE: PairingEngine, ConstraintF: Field> {
     type G1Gadget: GroupGadget<PairingE::G1Projective, ConstraintF>;
@@ -56,67 +55,53 @@ pub trait PairingGadget<PairingE: PairingEngine, ConstraintF: Field> {
 }
 
 #[cfg(test)]
-mod test {
+pub(crate) mod tests {
-    use crate::{test_constraint_system::TestConstraintSystem, Vec};
+    use crate::{
-    use algebra::{BitIterator, Field, One};
+        bits::boolean::Boolean, prelude::*, test_constraint_system::TestConstraintSystem, Vec,
+    };
+    use algebra::{
+        test_rng, BitIterator, Field, PairingEngine, PrimeField, ProjectiveCurve, UniformRand,
+    };
     use r1cs_core::ConstraintSystem;
 
-    #[test]
+    #[allow(dead_code)]
-    fn bls12_377_gadget_bilinearity_test() {
+    pub(crate) fn bilinearity_test<
-        use algebra::{
+        E: PairingEngine,
-            fields::{
+        ConstraintF: Field,
-                bls12_377::{fq::Fq, fr::Fr},
+        P: PairingGadget<E, ConstraintF>,
-                PrimeField,
+    >() {
-            },
+        let mut cs = TestConstraintSystem::<ConstraintF>::new();
-            PairingEngine, ProjectiveCurve,
-        };
 
-        use super::bls12_377::PairingGadget;
+        let mut rng = test_rng();
-        use crate::{
+        let a = E::G1Projective::rand(&mut rng);
-            groups::bls12::bls12_377::{G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget},
+        let b = E::G2Projective::rand(&mut rng);
-            pairing::PairingGadget as _,
+        let s = E::Fr::rand(&mut rng);
-            prelude::*,
-        };
-        use algebra::curves::bls12_377::{Bls12_377, G1Projective, G2Projective};
-        use core::ops::Mul;
 
-        let mut cs = TestConstraintSystem::<Fq>::new();
+        let mut sa = a;
+        sa.mul_assign(s);
+        let mut sb = b;
+        sb.mul_assign(s);
 
-        // let a: G1Projective = rand::random();
+        let a_g = P::G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
-        // let b: G2Projective = rand::random();
+        let b_g = P::G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
-        // let s: Fr = rand::random();
+        let sa_g = P::G1Gadget::alloc(&mut cs.ns(|| "sa"), || Ok(sa)).unwrap();
+        let sb_g = P::G2Gadget::alloc(&mut cs.ns(|| "sb"), || Ok(sb)).unwrap();
 
-        let a: G1Projective = G1Projective::prime_subgroup_generator();
+        let a_prep_g = P::prepare_g1(&mut cs.ns(|| "a_prep"), &a_g).unwrap();
-        let b: G2Projective = G2Projective::prime_subgroup_generator();
+        let b_prep_g = P::prepare_g2(&mut cs.ns(|| "b_prep"), &b_g).unwrap();
-        let s: Fr = Fr::one() + &Fr::one();
 
-        let sa = a.mul(&s);
+        let sa_prep_g = P::prepare_g1(&mut cs.ns(|| "sa_prep"), &sa_g).unwrap();
-        let sb = b.mul(&s);
+        let sb_prep_g = P::prepare_g2(&mut cs.ns(|| "sb_prep"), &sb_g).unwrap();
-
-        let a_g = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
-        let b_g = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
-        let sa_g = G1Gadget::alloc(&mut cs.ns(|| "sa"), || Ok(sa)).unwrap();
-        let sb_g = G2Gadget::alloc(&mut cs.ns(|| "sb"), || Ok(sb)).unwrap();
-
-        let a_prep_g = G1PreparedGadget::from_affine(&mut cs.ns(|| "a_prep"), &a_g).unwrap();
-        let b_prep_g = G2PreparedGadget::from_affine(&mut cs.ns(|| "b_prep"), &b_g).unwrap();
-
-        let sa_prep_g = G1PreparedGadget::from_affine(&mut cs.ns(|| "sa_prep"), &sa_g).unwrap();
-        let sb_prep_g = G2PreparedGadget::from_affine(&mut cs.ns(|| "sb_prep"), &sb_g).unwrap();
 
         let (ans1_g, ans1_n) = {
-            let ans_g =
+            let ans_g = P::pairing(cs.ns(|| "pair(sa, b)"), sa_prep_g, b_prep_g.clone()).unwrap();
-                PairingGadget::pairing(cs.ns(|| "pair(sa, b)"), sa_prep_g, b_prep_g.clone())
+            let ans_n = E::pairing(sa, b);
-                    .unwrap();
-            let ans_n = Bls12_377::pairing(sa, b);
             (ans_g, ans_n)
         };
 
         let (ans2_g, ans2_n) = {
-            let ans_g =
+            let ans_g = P::pairing(cs.ns(|| "pair(a, sb)"), a_prep_g.clone(), sb_prep_g).unwrap();
-                PairingGadget::pairing(cs.ns(|| "pair(a, sb)"), a_prep_g.clone(), sb_prep_g)
+            let ans_n = E::pairing(a, sb);
-                    .unwrap();
-            let ans_n = Bls12_377::pairing(a, sb);
             (ans_g, ans_n)
         };
 
@@ -125,9 +110,8 @@ mod test {
                 .map(Boolean::constant)
                 .collect::<Vec<_>>();
 
-            let mut ans_g =
+            let mut ans_g = P::pairing(cs.ns(|| "pair(a, b)"), a_prep_g, b_prep_g).unwrap();
-                PairingGadget::pairing(cs.ns(|| "pair(a, b)"), a_prep_g, b_prep_g).unwrap();
+            let mut ans_n = E::pairing(a, b);
-            let mut ans_n = Bls12_377::pairing(a, b);
             ans_n = ans_n.pow(s.into_repr());
             ans_g = ans_g.pow(cs.ns(|| "pow"), &s_iter).unwrap();