arnaucube/ark-r1cs-std
1
0
Fork 0
mirror of https://github.com/arnaucube/ark-r1cs-std.git synced 2026-01-30 15:36:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into inline-asm

Browse Source
This commit is contained in:
jon-chuang
2020-04-23 08:26:20 +08:00
committed by GitHub
parent 535f93d378 bbb7d75ec8
commit b1f4c50fd8
33 changed files with 801 additions and 1005 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
crypto-primitives/src/commitment/blake2s/constraints.rs
View File

@@ -3,7 +3,7 @@ use r1cs_core::{ConstraintSystem, SynthesisError};
use crate::{
commitment::blake2s::Blake2sCommitment,
prf::blake2s::constraints::{blake2s_gadget, Blake2sOutputGadget},
CommitmentGadget,
CommitmentGadget, Vec,
};
use algebra_core::{Field, PrimeField};
use r1cs_std::prelude::*;
@@ -48,6 +48,16 @@ impl<ConstraintF: PrimeField> CommitmentGadget<Blake2sCommitment, ConstraintF>
}
impl<ConstraintF: Field> AllocGadget<(), ConstraintF> for Blake2sParametersGadget {
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<()>,
{
Self::alloc(cs, || Ok(val))
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(_: CS, _: F) -> Result<Self, SynthesisError>
where
F: FnOnce() -> Result<T, SynthesisError>,
@@ -69,6 +79,22 @@ impl<ConstraintF: Field> AllocGadget<(), ConstraintF> for Blake2sParametersGadge
}
impl<ConstraintF: PrimeField> AllocGadget<[u8; 32], ConstraintF> for Blake2sRandomnessGadget {
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<[u8; 32]>,
{
let mut bytes = vec![];
for (i, b) in val.borrow().iter().enumerate() {
bytes.push(UInt8::alloc_constant(cs.ns(|| format!("value {}", i)), b)?)
}
Ok(Blake2sRandomnessGadget(bytes))
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,

36
crypto-primitives/src/commitment/pedersen/constraints.rs
View File

@@ -1,6 +1,7 @@
use crate::{
commitment::pedersen::{PedersenCommitment, PedersenParameters, PedersenRandomness},
crh::pedersen::PedersenWindow,
Vec,
};
use algebra_core::{
fields::{Field, PrimeField},
@@ -97,16 +98,14 @@ where
W: PedersenWindow,
ConstraintF: PrimeField,
{
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
value_gen: F,
val: T,
) -> Result<Self, SynthesisError>
where
F: FnOnce() -> Result<T, SynthesisError>,
T: Borrow<PedersenParameters<G>>,
{
let temp = value_gen()?;
let parameters = temp.borrow().clone();
let parameters = val.borrow().clone();
Ok(PedersenCommitmentGadgetParameters {
params: parameters,
@@ -116,6 +115,18 @@ where
})
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
value_gen: F,
) -> Result<Self, SynthesisError>
where
F: FnOnce() -> Result<T, SynthesisError>,
T: Borrow<PedersenParameters<G>>,
{
let temp = value_gen()?;
Self::alloc_constant(cs, temp)
}
fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
value_gen: F,
@@ -141,6 +152,21 @@ where
G: Group,
ConstraintF: PrimeField,
{
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<PedersenRandomness<G>>,
{
let mut result_bytes = vec![];
for (i, byte) in to_bytes![val.borrow().0].unwrap().into_iter().enumerate() {
let cur = UInt8::alloc_constant(cs.ns(|| format!("byte {}", i)), byte)?;
result_bytes.push(cur);
}
Ok(PedersenRandomnessGadget(result_bytes))
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
value_gen: F,

30
crypto-primitives/src/crh/bowe_hopwood/constraints.rs
View File

@@ -1,9 +1,12 @@
use core::{borrow::Borrow, hash::Hash, marker::PhantomData};
use crate::crh::{
use crate::{
crh::{
bowe_hopwood::{BoweHopwoodPedersenCRH, BoweHopwoodPedersenParameters, CHUNK_SIZE},
pedersen::PedersenWindow,
FixedLengthCRHGadget,
},
Vec,
};
use algebra_core::{groups::Group, Field};
use r1cs_core::{ConstraintSystem, SynthesisError};
@@ -86,8 +89,24 @@ impl<G: Group, W: PedersenWindow, ConstraintF: Field, GG: GroupGadget<G, Constra
AllocGadget<BoweHopwoodPedersenParameters<G>, ConstraintF>
for BoweHopwoodPedersenCRHGadgetParameters<G, W, ConstraintF, GG>
{
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<BoweHopwoodPedersenParameters<G>>,
{
let params = val.borrow().clone();
Ok(BoweHopwoodPedersenCRHGadgetParameters {
params,
_group_g: PhantomData,
_engine: PhantomData,
_window: PhantomData,
})
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
value_gen: F,
) -> Result<Self, SynthesisError>
where
@@ -95,12 +114,7 @@ impl<G: Group, W: PedersenWindow, ConstraintF: Field, GG: GroupGadget<G, Constra
T: Borrow<BoweHopwoodPedersenParameters<G>>,
{
let params = value_gen()?.borrow().clone();
Ok(BoweHopwoodPedersenCRHGadgetParameters {
params,
_group_g: PhantomData,
_engine: PhantomData,
_window: PhantomData,
})
Self::alloc_constant(cs, params)
}
fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(

30
crypto-primitives/src/crh/pedersen/constraints.rs
View File

@@ -1,6 +1,9 @@
use crate::crh::{
use crate::{
crh::{
pedersen::{PedersenCRH, PedersenParameters, PedersenWindow},
FixedLengthCRHGadget,
},
Vec,
};
use algebra_core::{Field, Group};
use r1cs_core::{ConstraintSystem, SynthesisError};
@@ -77,8 +80,24 @@ impl<G: Group, W: PedersenWindow, ConstraintF: Field, GG: GroupGadget<G, Constra
AllocGadget<PedersenParameters<G>, ConstraintF>
for PedersenCRHGadgetParameters<G, W, ConstraintF, GG>
{
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<PedersenParameters<G>>,
{
let params = val.borrow().clone();
Ok(PedersenCRHGadgetParameters {
params,
_group_g: PhantomData,
_engine: PhantomData,
_window: PhantomData,
})
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
value_gen: F,
) -> Result<Self, SynthesisError>
where
@@ -86,12 +105,7 @@ impl<G: Group, W: PedersenWindow, ConstraintF: Field, GG: GroupGadget<G, Constra
T: Borrow<PedersenParameters<G>>,
{
let params = value_gen()?.borrow().clone();
Ok(PedersenCRHGadgetParameters {
params,
_group_g: PhantomData,
_engine: PhantomData,
_window: PhantomData,
})
Self::alloc_constant(cs, params)
}
fn alloc_input<F, T, CS: ConstraintSystem<ConstraintF>>(

22
crypto-primitives/src/merkle_tree/constraints.rs
View File

@@ -128,6 +128,28 @@ where
HGadget: FixedLengthCRHGadget<P::H, ConstraintF>,
ConstraintF: Field,
{
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<MerkleTreePath<P>>,
{
let mut path = Vec::new();
for (i, &(ref l, ref r)) in val.borrow().path.iter().enumerate() {
let l_hash = HGadget::OutputGadget::alloc_constant(
&mut cs.ns(|| format!("l_child_{}", i)),
l.clone(),
)?;
let r_hash = HGadget::OutputGadget::alloc_constant(
&mut cs.ns(|| format!("r_child_{}", i)),
r.clone(),
)?;
path.push((l_hash, r_hash));
}
Ok(MerkleTreePathGadget { path })
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
value_gen: F,

12
crypto-primitives/src/nizk/constraints.rs
View File

@@ -20,4 +20,16 @@ pub trait NIZKVerifierGadget<N: NIZK, ConstraintF: Field> {
CS: ConstraintSystem<ConstraintF>,
I: Iterator<Item = &'a T>,
T: 'a + ToBitsGadget<ConstraintF> + ?Sized;
fn conditional_check_verify<'a, CS, I, T>(
cs: CS,
verification_key: &Self::VerificationKeyGadget,
input: I,
proof: &Self::ProofGadget,
condition: &Boolean,
) -> Result<(), SynthesisError>
where
CS: ConstraintSystem<ConstraintF>,
I: Iterator<Item = &'a T>,
T: 'a + ToBitsGadget<ConstraintF> + ?Sized;
}

93
crypto-primitives/src/nizk/gm17/constraints.rs
View File

@@ -1,4 +1,7 @@
use crate::nizk::{gm17::Gm17, NIZKVerifierGadget};
use crate::{
nizk::{gm17::Gm17, NIZKVerifierGadget},
Vec,
};
use algebra_core::{AffineCurve, Field, PairingEngine, ToConstraintField};
use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
use r1cs_std::prelude::*;
@@ -106,10 +109,31 @@ where
type ProofGadget = ProofGadget<PairingE, ConstraintF, P>;
fn check_verify<'a, CS, I, T>(
cs: CS,
vk: &Self::VerificationKeyGadget,
public_inputs: I,
proof: &Self::ProofGadget,
) -> Result<(), SynthesisError>
where
CS: ConstraintSystem<ConstraintF>,
I: Iterator<Item = &'a T>,
T: 'a + ToBitsGadget<ConstraintF> + ?Sized,
{
<Self as NIZKVerifierGadget<Gm17<PairingE, C, V>, ConstraintF>>::conditional_check_verify(
cs,
vk,
public_inputs,
proof,
&Boolean::constant(true),
)
}
fn conditional_check_verify<'a, CS, I, T>(
mut cs: CS,
vk: &Self::VerificationKeyGadget,
mut public_inputs: I,
proof: &Self::ProofGadget,
condition: &Boolean,
) -> Result<(), SynthesisError>
where
CS: ConstraintSystem<ConstraintF>,
@@ -186,8 +210,8 @@ where
let test2 = P::final_exponentiation(cs.ns(|| "Final Exp 2"), &test2_exp)?;
let one = P::GTGadget::one(cs.ns(|| "GT One"))?;
test1.enforce_equal(cs.ns(|| "Test 1"), &one)?;
test2.enforce_equal(cs.ns(|| "Test 2"), &one)?;
test1.conditional_enforce_equal(cs.ns(|| "Test 1"), &one, condition)?;
test2.conditional_enforce_equal(cs.ns(|| "Test 2"), &one, condition)?;
Ok(())
}
}
@@ -199,6 +223,54 @@ where
ConstraintF: Field,
P: PairingGadget<PairingE, ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<VerifyingKey<PairingE>>,
{
let VerifyingKey {
h_g2,
g_alpha_g1,
h_beta_g2,
g_gamma_g1,
h_gamma_g2,
query,
} = val.borrow().clone();
let h_g2 = P::G2Gadget::alloc_constant(cs.ns(|| "h_g2"), h_g2.into_projective())?;
let g_alpha_g1 =
P::G1Gadget::alloc_constant(cs.ns(|| "g_alpha"), g_alpha_g1.into_projective())?;
let h_beta_g2 =
P::G2Gadget::alloc_constant(cs.ns(|| "h_beta"), h_beta_g2.into_projective())?;
let g_gamma_g1 =
P::G1Gadget::alloc_constant(cs.ns(|| "g_gamma_g1"), g_gamma_g1.into_projective())?;
let h_gamma_g2 =
P::G2Gadget::alloc_constant(cs.ns(|| "h_gamma_g2"), h_gamma_g2.into_projective())?;
let query = query
.into_iter()
.enumerate()
.map(|(i, query_i)| {
P::G1Gadget::alloc_constant(
cs.ns(|| format!("query_{}", i)),
query_i.into_projective(),
)
})
.collect::<Vec<_>>()
.into_iter()
.collect::<Result<_, _>>()?;
Ok(Self {
h_g2,
g_alpha_g1,
h_beta_g2,
g_gamma_g1,
h_gamma_g2,
query,
})
}
#[inline]
fn alloc<FN, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
@@ -309,6 +381,21 @@ where
ConstraintF: Field,
P: PairingGadget<PairingE, ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Proof<PairingE>>,
{
let Proof { a, b, c } = val.borrow().clone();
let a = P::G1Gadget::alloc_constant(cs.ns(|| "a"), a.into_projective())?;
let b = P::G2Gadget::alloc_constant(cs.ns(|| "b"), b.into_projective())?;
let c = P::G1Gadget::alloc_constant(cs.ns(|| "c"), c.into_projective())?;
Ok(Self { a, b, c })
}
#[inline]
fn alloc<FN, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

2
crypto-primitives/src/nizk/gm17/mod.rs
View File

@@ -35,10 +35,10 @@ impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::
{
type Circuit = C;
type AssignedCircuit = C;
type VerifierInput = V;
type ProvingParameters = Parameters<E>;
type VerificationParameters = VerifyingKey<E>;
type PreparedVerificationParameters = PreparedVerifyingKey<E>;
type VerifierInput = V;
type Proof = Proof<E>;
fn setup<R: Rng>(

87
crypto-primitives/src/nizk/groth16/constraints.rs
View File

@@ -1,4 +1,7 @@
use crate::nizk::{groth16::Groth16, NIZKVerifierGadget};
use crate::{
nizk::{groth16::Groth16, NIZKVerifierGadget},
Vec,
};
use algebra_core::{AffineCurve, Field, PairingEngine, ToConstraintField};
use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError};
use r1cs_std::prelude::*;
@@ -107,10 +110,31 @@ where
type ProofGadget = ProofGadget<PairingE, ConstraintF, P>;
fn check_verify<'a, CS, I, T>(
cs: CS,
vk: &Self::VerificationKeyGadget,
public_inputs: I,
proof: &Self::ProofGadget,
) -> Result<(), SynthesisError>
where
CS: ConstraintSystem<ConstraintF>,
I: Iterator<Item = &'a T>,
T: 'a + ToBitsGadget<ConstraintF> + ?Sized,
{
<Self as NIZKVerifierGadget<Groth16<PairingE, C, V>, ConstraintF>>::conditional_check_verify(
cs,
vk,
public_inputs,
proof,
&Boolean::constant(true),
)
}
fn conditional_check_verify<'a, CS, I, T>(
mut cs: CS,
vk: &Self::VerificationKeyGadget,
mut public_inputs: I,
proof: &Self::ProofGadget,
condition: &Boolean,
) -> Result<(), SynthesisError>
where
CS: ConstraintSystem<ConstraintF>,
@@ -158,7 +182,7 @@ where
let test = P::final_exponentiation(cs.ns(|| "Final Exp"), &test_exp).unwrap();
test.enforce_equal(cs.ns(|| "Test 1"), &pvk.alpha_g1_beta_g2)?;
test.conditional_enforce_equal(cs.ns(|| "Test 1"), &pvk.alpha_g1_beta_g2, condition)?;
Ok(())
}
}
@@ -170,6 +194,50 @@ where
ConstraintF: Field,
P: PairingGadget<PairingE, ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<VerifyingKey<PairingE>>,
{
let VerifyingKey {
alpha_g1,
beta_g2,
gamma_g2,
delta_g2,
gamma_abc_g1,
} = val.borrow().clone();
let alpha_g1 =
P::G1Gadget::alloc_constant(cs.ns(|| "alpha_g1"), alpha_g1.into_projective())?;
let beta_g2 = P::G2Gadget::alloc_constant(cs.ns(|| "beta_g2"), beta_g2.into_projective())?;
let gamma_g2 =
P::G2Gadget::alloc_constant(cs.ns(|| "gamma_g2"), gamma_g2.into_projective())?;
let delta_g2 =
P::G2Gadget::alloc_constant(cs.ns(|| "delta_g2"), delta_g2.into_projective())?;
let gamma_abc_g1 = gamma_abc_g1
.into_iter()
.enumerate()
.map(|(i, gamma_abc_i)| {
P::G1Gadget::alloc_constant(
cs.ns(|| format!("gamma_abc_{}", i)),
gamma_abc_i.into_projective(),
)
})
.collect::<Vec<_>>()
.into_iter()
.collect::<Result<_, _>>()?;
Ok(Self {
alpha_g1,
beta_g2,
gamma_g2,
delta_g2,
gamma_abc_g1,
})
}
#[inline]
fn alloc<FN, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
@@ -273,6 +341,21 @@ where
ConstraintF: Field,
P: PairingGadget<PairingE, ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Proof<PairingE>>,
{
let Proof { a, b, c } = val.borrow().clone();
let a = P::G1Gadget::alloc_constant(cs.ns(|| "a"), a.into_projective())?;
let b = P::G2Gadget::alloc_constant(cs.ns(|| "b"), b.into_projective())?;
let c = P::G1Gadget::alloc_constant(cs.ns(|| "c"), c.into_projective())?;
Ok(Self { a, b, c })
}
#[inline]
fn alloc<FN, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

2
crypto-primitives/src/nizk/groth16/mod.rs
View File

@@ -35,10 +35,10 @@ impl<E: PairingEngine, C: ConstraintSynthesizer<E::Fr>, V: ToConstraintField<E::
{
type Circuit = C;
type AssignedCircuit = C;
type VerifierInput = V;
type ProvingParameters = Parameters<E>;
type VerificationParameters = VerifyingKey<E>;
type PreparedVerificationParameters = PreparedVerifyingKey<E>;
type VerifierInput = V;
type Proof = Proof<E>;
fn setup<R: Rng>(

18
crypto-primitives/src/prf/blake2s/constraints.rs
View File

@@ -1,7 +1,7 @@
use algebra_core::PrimeField;
use r1cs_core::{ConstraintSystem, SynthesisError};
use crate::prf::PRFGadget;
use crate::{prf::PRFGadget, Vec};
use r1cs_std::prelude::*;
use core::borrow::Borrow;
@@ -450,6 +450,22 @@ impl<ConstraintF: PrimeField> ToBytesGadget<ConstraintF> for Blake2sOutputGadget
}
impl<ConstraintF: PrimeField> AllocGadget<[u8; 32], ConstraintF> for Blake2sOutputGadget {
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<[u8; 32]>,
{
let mut bytes = vec![];
for (i, b) in val.borrow().iter().enumerate() {
bytes.push(UInt8::alloc_constant(cs.ns(|| format!("value {}", i)), b)?)
}
Ok(Blake2sOutputGadget(bytes))
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,

2
crypto-primitives/src/prf/constraints.rs
View File

@@ -1,7 +1,7 @@
use algebra_core::Field;
use core::fmt::Debug;
use crate::prf::PRF;
use crate::{prf::PRF, Vec};
use r1cs_core::{ConstraintSystem, SynthesisError};
use r1cs_std::prelude::*;

31
crypto-primitives/src/signature/schnorr/constraints.rs
View File

@@ -1,3 +1,4 @@
use crate::Vec;
use algebra_core::{groups::Group, Field};
use r1cs_core::{ConstraintSystem, SynthesisError};
use r1cs_std::prelude::*;
@@ -95,6 +96,21 @@ where
GG: GroupGadget<G, ConstraintF>,
D: Digest,
{
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<SchnorrSigParameters<G, D>>,
{
let generator = GG::alloc_constant(cs, val.borrow().generator)?;
Ok(Self {
generator,
_engine: PhantomData,
_group: PhantomData,
})
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, f: F) -> Result<Self, SynthesisError>
where
F: FnOnce() -> Result<T, SynthesisError>,
@@ -132,6 +148,21 @@ where
ConstraintF: Field,
GG: GroupGadget<G, ConstraintF>,
{
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
val: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<SchnorrPublicKey<G>>,
{
let pub_key = GG::alloc_constant(cs, val.borrow())?;
Ok(Self {
pub_key,
_engine: PhantomData,
_group: PhantomData,
})
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, f: F) -> Result<Self, SynthesisError>
where
F: FnOnce() -> Result<T, SynthesisError>,

22
r1cs-std/src/alloc.rs
View File

@@ -8,6 +8,13 @@ where
Self: Sized,
V: ?Sized,
{
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<V>;
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(cs: CS, f: F) -> Result<Self, SynthesisError>
where
F: FnOnce() -> Result<T, SynthesisError>,
@@ -47,6 +54,21 @@ where
impl<I, ConstraintF: Field, A: AllocGadget<I, ConstraintF>> AllocGadget<[I], ConstraintF>
for Vec<A>
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<[I]>,
{
let mut vec = Vec::new();
for (i, value) in t.borrow().iter().enumerate() {
vec.push(A::alloc_constant(cs.ns(|| format!("value_{}", i)), value)?);
}
Ok(vec)
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
f: F,

36
r1cs-std/src/bits/boolean.rs
View File

@@ -235,6 +235,16 @@ impl PartialEq for AllocatedBit {
impl Eq for AllocatedBit {}
impl<ConstraintF: Field> AllocGadget<bool, ConstraintF> for AllocatedBit {
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
_t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<bool>,
{
unimplemented!();
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
value_gen: F,
@@ -539,6 +549,22 @@ impl Boolean {
Ok(cur)
}
pub fn kary_or<ConstraintF, CS>(mut cs: CS, bits: &[Self]) -> Result<Self, SynthesisError>
where
ConstraintF: Field,
CS: ConstraintSystem<ConstraintF>,
{
assert!(!bits.is_empty());
let mut bits = bits.iter();
let mut cur: Self = *bits.next().unwrap();
for (i, next) in bits.enumerate() {
cur = Boolean::or(cs.ns(|| format!("OR {}", i)), &cur, next)?;
}
Ok(cur)
}
/// Asserts that at least one operand is false.
pub fn enforce_nand<ConstraintF, CS>(mut cs: CS, bits: &[Self]) -> Result<(), SynthesisError>
where
@@ -715,6 +741,16 @@ impl From<AllocatedBit> for Boolean {
}
impl<ConstraintF: Field> AllocGadget<bool, ConstraintF> for Boolean {
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<bool>,
{
Ok(Boolean::constant(*t.borrow()))
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
cs: CS,
value_gen: F,

22
r1cs-std/src/bits/mod.rs
View File

@@ -58,6 +58,15 @@ impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for Vec<Boolean> {
}
}
impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for UInt8 {
fn to_bits<CS: ConstraintSystem<ConstraintF>>(
&self,
_cs: CS,
) -> Result<Vec<Boolean>, SynthesisError> {
Ok(self.into_bits_le())
}
}
impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for [UInt8] {
fn to_bits<CS: ConstraintSystem<ConstraintF>>(
&self,
@@ -71,6 +80,19 @@ impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for [UInt8] {
}
}
impl<ConstraintF: Field> ToBitsGadget<ConstraintF> for Vec<UInt8> {
fn to_bits<CS: ConstraintSystem<ConstraintF>>(
&self,
_cs: CS,
) -> Result<Vec<Boolean>, SynthesisError> {
let mut result = Vec::with_capacity(&self.len() * 8);
for byte in self {
result.extend_from_slice(&byte.into_bits_le());
}
Ok(result)
}
}
pub trait ToBytesGadget<ConstraintF: Field> {
/// Outputs a canonical byte-wise representation of `self`.
///

52
r1cs-std/src/bits/uint64.rs
View File

@@ -56,7 +56,7 @@ impl UInt64 {
}
v
},
}
None => vec![None; 64],
};
@@ -95,19 +95,19 @@ impl UInt64 {
if b {
value.as_mut().map(|v| *v |= 1);
}
},
}
&Boolean::Is(ref b) => match b.get_value() {
Some(true) => {
value.as_mut().map(|v| *v |= 1);
},
Some(false) => {},
}
Some(false) => {}
None => value = None,
},
&Boolean::Not(ref b) => match b.get_value() {
Some(false) => {
value.as_mut().map(|v| *v |= 1);
},
Some(true) => {},
}
Some(true) => {}
None => value = None,
},
}
@@ -194,12 +194,12 @@ impl UInt64 {
match op.value {
Some(val) => {
result_value.as_mut().map(|v| *v += u128::from(val));
},
}
None => {
// If any of our operands have unknown value, we won't
// know the value of the result
result_value = None;
},
}
}
// Iterate over each bit_gadget of the operand and add the operand to
@@ -212,18 +212,18 @@ impl UInt64 {
// Add coeff * bit_gadget
lc += (coeff, bit.get_variable());
},
}
Boolean::Not(ref bit) => {
all_constants = false;
// Add coeff * (1 - bit_gadget) = coeff * ONE - coeff * bit_gadget
lc = lc + (coeff, CS::one()) - (coeff, bit.get_variable());
},
}
Boolean::Constant(bit) => {
if bit {
lc += (coeff, CS::one());
}
},
}
}
coeff.double_in_place();
@@ -277,6 +277,16 @@ impl UInt64 {
}
impl<ConstraintF: Field> AllocGadget<u64, ConstraintF> for UInt64 {
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<u64>,
{
Ok(UInt64::constant(*t.borrow()))
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
value_gen: F,
@@ -397,7 +407,7 @@ mod test {
match bit_gadget {
&Boolean::Constant(bit_gadget) => {
assert!(bit_gadget == ((b.value.unwrap() >> i) & 1 == 1));
},
}
_ => unreachable!(),
}
}
@@ -406,8 +416,8 @@ mod test {
for x in v.iter().zip(expected_to_be_same.iter()) {
match x {
(&Boolean::Constant(true), &Boolean::Constant(true)) => {},
(&Boolean::Constant(false), &Boolean::Constant(false)) => {},
(&Boolean::Constant(true), &Boolean::Constant(true)) => {}
(&Boolean::Constant(false), &Boolean::Constant(false)) => {}
_ => unreachable!(),
}
}
@@ -442,13 +452,13 @@ mod test {
match b {
&Boolean::Is(ref b) => {
assert!(b.get_value().unwrap() == (expected & 1 == 1));
},
}
&Boolean::Not(ref b) => {
assert!(!b.get_value().unwrap() == (expected & 1 == 1));
},
}
&Boolean::Constant(b) => {
assert!(b == (expected & 1 == 1));
},
}
}
expected >>= 1;
@@ -483,7 +493,7 @@ mod test {
&Boolean::Not(_) => panic!(),
&Boolean::Constant(b) => {
assert!(b == (expected & 1 == 1));
},
}
}
expected >>= 1;
@@ -521,10 +531,10 @@ mod test {
match b {
&Boolean::Is(ref b) => {
assert!(b.get_value().unwrap() == (expected & 1 == 1));
},
}
&Boolean::Not(ref b) => {
assert!(!b.get_value().unwrap() == (expected & 1 == 1));
},
}
&Boolean::Constant(_) => unreachable!(),
}
@@ -560,7 +570,7 @@ mod test {
match b {
&Boolean::Constant(b) => {
assert_eq!(b, tmp & 1 == 1);
},
}
_ => unreachable!(),
}

10
r1cs-std/src/bits/uint8.rs
View File

@@ -214,6 +214,16 @@ impl<ConstraintF: Field> ConditionalEqGadget<ConstraintF> for UInt8 {
impl<ConstraintF: Field> EqGadget<ConstraintF> for UInt8 {}
impl<ConstraintF: Field> AllocGadget<u8, ConstraintF> for UInt8 {
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
_cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<u8>,
{
Ok(UInt8::constant(*t.borrow()))
}
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
value_gen: F,

12
r1cs-std/src/fields/fp/mod.rs
View File

@@ -584,6 +584,18 @@ impl<F: PrimeField> Clone for FpGadget<F> {
}
impl<F: PrimeField> AllocGadget<F, F> for FpGadget<F> {
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<F>>(_cs: CS, t: T) -> Result<Self, SynthesisError>
where
T: Borrow<F>,
{
let value = t.borrow().clone();
Ok(Self {
value: Some(value),
variable: LinearCombination::from((value, CS::one())).into(),
})
}
#[inline]
fn alloc<FN, T, CS: ConstraintSystem<F>>(
mut cs: CS,

11
r1cs-std/src/fields/fp12.rs
View File

@@ -834,6 +834,17 @@ where
P: Fp12Parameters,
<P::Fp6Params as Fp6Parameters>::Fp2Params: Fp2Parameters<Fp = ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Fp12<P>>,
{
Self::zero(cs.ns(|| "zero"))?.add_constant(cs.ns(|| "add constant"), t.borrow())
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

11
r1cs-std/src/fields/fp2.rs
View File

@@ -611,6 +611,17 @@ impl<P: Fp2Parameters<Fp = ConstraintF>, ConstraintF: PrimeField>
impl<P: Fp2Parameters<Fp = ConstraintF>, ConstraintF: PrimeField> AllocGadget<Fp2<P>, ConstraintF>
for Fp2Gadget<P, ConstraintF>
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Fp2<P>>,
{
Self::zero(cs.ns(|| "zero"))?.add_constant(cs.ns(|| "add constant"), t.borrow())
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

11
r1cs-std/src/fields/fp3.rs
View File

@@ -867,6 +867,17 @@ impl<P: Fp3Parameters<Fp = ConstraintF>, ConstraintF: PrimeField + SquareRootFie
impl<P: Fp3Parameters<Fp = ConstraintF>, ConstraintF: PrimeField + SquareRootField>
AllocGadget<Fp3<P>, ConstraintF> for Fp3Gadget<P, ConstraintF>
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Fp3<P>>,
{
Self::zero(cs.ns(|| "zero"))?.add_constant(cs.ns(|| "add constant"), t.borrow())
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

11
r1cs-std/src/fields/fp4.rs
View File

@@ -673,6 +673,17 @@ where
P: Fp4Parameters,
P::Fp2Params: Fp2Parameters<Fp = ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Fp4<P>>,
{
Self::zero(cs.ns(|| "zero"))?.add_constant(cs.ns(|| "add constant"), t.borrow())
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

11
r1cs-std/src/fields/fp6_2over3.rs
View File

@@ -664,6 +664,17 @@ where
P: Fp6Parameters,
P::Fp3Params: Fp3Parameters<Fp = ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Fp6<P>>,
{
Self::zero(cs.ns(|| "zero"))?.add_constant(cs.ns(|| "add constant"), t.borrow())
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

11
r1cs-std/src/fields/fp6_3over2.rs
View File

@@ -964,6 +964,17 @@ where
P: Fp6Parameters,
P::Fp2Params: Fp2Parameters<Fp = ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<Fp6<P>>,
{
Self::zero(cs.ns(|| "zero"))?.add_constant(cs.ns(|| "add constant"), t.borrow())
}
#[inline]
fn alloc<F, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,

128
r1cs-std/src/groups/curves/short_weierstrass/mod.rs
View File

@@ -437,6 +437,24 @@ where
ConstraintF: PrimeField,
F: FieldGadget<P::BaseField, ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<SWProjective<P>>,
{
let p = t.borrow().into_affine();
Ok(Self {
x: F::alloc_constant(cs.ns(|| "x"), &p.x)?,
y: F::alloc_constant(cs.ns(|| "y"), &p.y)?,
infinity: Boolean::constant(p.infinity),
_params: PhantomData,
_engine: PhantomData,
})
}
#[inline]
fn alloc<FN, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
@@ -661,3 +679,113 @@ where
Ok(x_bytes)
}
}
#[cfg(test)]
#[allow(dead_code)]
pub(crate) fn test<ConstraintF, P, GG>()
where
ConstraintF: Field,
P: SWModelParameters,
GG: GroupGadget<SWProjective<P>, ConstraintF, Value = SWProjective<P>>,
{
use crate::{boolean::AllocatedBit, prelude::*, test_constraint_system::TestConstraintSystem};
use algebra::{test_rng, Group, UniformRand};
use rand::Rng;
// Incomplete addition doesn't allow us to call the group_test.
// group_test::<ConstraintF, SWProjective<P>, GG>();
let mut rng = test_rng();
let mut cs = TestConstraintSystem::<ConstraintF>::new();
let a = SWProjective::<P>::rand(&mut rng);
let b = SWProjective::<P>::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = GG::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = GG::alloc_checked(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.get_value().unwrap().x, a_affine.x);
assert_eq!(gadget_a.get_value().unwrap().y, a_affine.y);
assert_eq!(gadget_b.get_value().unwrap().x, b_affine.x);
assert_eq!(gadget_b.get_value().unwrap().y, b_affine.y);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
let ab_val = gadget_ab
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
// Check doubling
let aa = Group::double(&a);
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
let aa_val = gadget_a
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
// Check mul_bits
let scalar = P::ScalarField::rand(&mut rng);
let native_result = aa.into_affine().mul(scalar) + &b;
let native_result = native_result.into_affine();
let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
// Get the scalar bits into little-endian form.
scalar.reverse();
let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
let result = gadget_a
.mul_bits(cs.ns(|| "mul_bits"), &gadget_b, input.iter())
.unwrap();
let result_val = result.get_value().unwrap().into_affine();
assert_eq!(
result_val, native_result,
"gadget & native values are diff. after scalar mul"
);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
// Constraint cost etc.
let mut cs = TestConstraintSystem::<ConstraintF>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: SWProjective<P> = rng.gen();
let b: SWProjective<P> = rng.gen();
let gadget_a = GG::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = GG::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ =
GG::conditionally_select(&mut cs.ns(|| "cond_select"), &bit, &gadget_a, &gadget_b).unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(
cond_select_cost,
<GG as CondSelectGadget<ConstraintF>>::cost()
);
assert_eq!(add_cost, GG::cost_of_add());
}

34
r1cs-std/src/groups/curves/twisted_edwards/mod.rs
View File

@@ -492,6 +492,23 @@ mod affine_impl {
F: FieldGadget<P::BaseField, ConstraintF>,
Self: GroupGadget<TEAffine<P>, ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<TEAffine<P>>,
{
let p = t.borrow();
Ok(Self {
x: F::alloc_constant(cs.ns(|| "x"), &p.x)?,
y: F::alloc_constant(cs.ns(|| "y"), &p.y)?,
_params: PhantomData,
_engine: PhantomData,
})
}
fn alloc<FN, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
value_gen: FN,
@@ -1089,6 +1106,23 @@ mod projective_impl {
F: FieldGadget<P::BaseField, ConstraintF>,
Self: GroupGadget<TEProjective<P>, ConstraintF>,
{
#[inline]
fn alloc_constant<T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
t: T,
) -> Result<Self, SynthesisError>
where
T: Borrow<TEProjective<P>>,
{
let p = t.borrow().into_affine();
Ok(Self {
x: F::alloc_constant(cs.ns(|| "x"), &p.x)?,
y: F::alloc_constant(cs.ns(|| "y"), &p.y)?,
_params: PhantomData,
_engine: PhantomData,
})
}
fn alloc<FN, T, CS: ConstraintSystem<ConstraintF>>(
mut cs: CS,
value_gen: FN,

201
r1cs-std/src/instantiated/bls12_377/curves.rs
View File

@@ -7,192 +7,17 @@ pub type G2Gadget = bls12::G2Gadget<Parameters>;
pub type G1PreparedGadget = bls12::G1PreparedGadget<Parameters>;
pub type G2PreparedGadget = bls12::G2PreparedGadget<Parameters>;
#[cfg(test)]
mod test {
use rand::Rng;
use super::{G1Gadget, G2Gadget};
use crate::{prelude::*, test_constraint_system::TestConstraintSystem, Vec};
use algebra::{bls12_377::*, test_rng, AffineCurve, BitIterator, PrimeField, ProjectiveCurve};
use r1cs_core::ConstraintSystem;
#[test]
fn bls12_g1_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
let gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G1Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G1Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G1Gadget::cost_of_add());
}
#[test]
fn bls12_g2_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G2Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G2Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G2Gadget::cost_of_add());
}
#[test]
fn bls12_g1_gadget_test() {
use algebra::UniformRand;
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut cs = TestConstraintSystem::<Fq>::new();
let a = G1Projective::rand(&mut rng);
let b = G1Projective::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.value.unwrap(), a_affine.x);
assert_eq!(gadget_a.y.value.unwrap(), a_affine.y);
assert_eq!(gadget_b.x.value.unwrap(), b_affine.x);
assert_eq!(gadget_b.y.value.unwrap(), b_affine.y);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
let ab_val = gadget_ab
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
// Check doubling
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
let aa_val = gadget_a
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
// Check mul_bits
let scalar = Fr::rand(&mut rng);
let native_result = aa.into_affine().mul(scalar) + &b;
let native_result = native_result.into_affine();
let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
// Get the scalar bits into little-endian form.
scalar.reverse();
let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
let result = gadget_a
.mul_bits(cs.ns(|| "mul_bits"), &gadget_b, input.iter())
.unwrap();
let result_val = result.get_value().unwrap().into_affine();
assert_eq!(
result_val, native_result,
"gadget & native values are diff. after scalar mul"
);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn bls12_g2_gadget_test() {
let mut cs = TestConstraintSystem::<Fq>::new();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), a_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), a_affine.y);
assert_eq!(gadget_b.x.get_value().unwrap(), b_affine.x);
assert_eq!(gadget_b.y.get_value().unwrap(), b_affine.y);
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
assert_eq!(gadget_ab.x.get_value().unwrap(), ab_affine.x);
assert_eq!(gadget_ab.y.get_value().unwrap(), ab_affine.y);
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), aa_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), aa_affine.y);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn test() {
use algebra::curves::models::bls12::Bls12Parameters;
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as Bls12Parameters>::G1Parameters,
G1Gadget,
>();
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as Bls12Parameters>::G2Parameters,
G2Gadget,
>();
}

201
r1cs-std/src/instantiated/mnt4_298/curves.rs
View File

@@ -7,192 +7,17 @@ pub type G2Gadget = mnt4::G2Gadget<Parameters>;
pub type G1PreparedGadget = mnt4::G1PreparedGadget<Parameters>;
pub type G2PreparedGadget = mnt4::G2PreparedGadget<Parameters>;
#[cfg(test)]
mod test {
use rand::Rng;
use super::{G1Gadget, G2Gadget};
use crate::{prelude::*, test_constraint_system::TestConstraintSystem, Vec};
use algebra::{mnt4_298::*, test_rng, AffineCurve, BitIterator, PrimeField, ProjectiveCurve};
use r1cs_core::ConstraintSystem;
#[test]
fn mnt4_298_g1_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
let gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G1Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G1Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G1Gadget::cost_of_add());
}
#[test]
fn mnt4_298_g2_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G2Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G2Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G2Gadget::cost_of_add());
}
#[test]
fn mnt4_298_g1_gadget_test() {
use algebra::UniformRand;
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut cs = TestConstraintSystem::<Fq>::new();
let a = G1Projective::rand(&mut rng);
let b = G1Projective::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.value.unwrap(), a_affine.x);
assert_eq!(gadget_a.y.value.unwrap(), a_affine.y);
assert_eq!(gadget_b.x.value.unwrap(), b_affine.x);
assert_eq!(gadget_b.y.value.unwrap(), b_affine.y);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
let ab_val = gadget_ab
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
// Check doubling
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
let aa_val = gadget_a
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
// Check mul_bits
let scalar = Fr::rand(&mut rng);
let native_result = aa.into_affine().mul(scalar) + &b;
let native_result = native_result.into_affine();
let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
// Get the scalar bits into little-endian form.
scalar.reverse();
let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
let result = gadget_a
.mul_bits(cs.ns(|| "mul_bits"), &gadget_b, input.iter())
.unwrap();
let result_val = result.get_value().unwrap().into_affine();
assert_eq!(
result_val, native_result,
"gadget & native values are diff. after scalar mul"
);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn mnt4_298_g2_gadget_test() {
let mut cs = TestConstraintSystem::<Fq>::new();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), a_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), a_affine.y);
assert_eq!(gadget_b.x.get_value().unwrap(), b_affine.x);
assert_eq!(gadget_b.y.get_value().unwrap(), b_affine.y);
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
assert_eq!(gadget_ab.x.get_value().unwrap(), ab_affine.x);
assert_eq!(gadget_ab.y.get_value().unwrap(), ab_affine.y);
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), aa_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), aa_affine.y);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn test() {
use algebra::curves::models::mnt4::MNT4Parameters;
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT4Parameters>::G1Parameters,
G1Gadget,
>();
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT4Parameters>::G2Parameters,
G2Gadget,
>();
}

201
r1cs-std/src/instantiated/mnt4_753/curves.rs
View File

@@ -7,192 +7,17 @@ pub type G2Gadget = mnt4::G2Gadget<Parameters>;
pub type G1PreparedGadget = mnt4::G1PreparedGadget<Parameters>;
pub type G2PreparedGadget = mnt4::G2PreparedGadget<Parameters>;
#[cfg(test)]
mod test {
use rand::Rng;
use super::{G1Gadget, G2Gadget};
use crate::{prelude::*, test_constraint_system::TestConstraintSystem, Vec};
use algebra::{mnt4_753::*, test_rng, AffineCurve, BitIterator, PrimeField, ProjectiveCurve};
use r1cs_core::ConstraintSystem;
#[test]
fn mnt4_753_g1_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
let gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G1Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G1Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G1Gadget::cost_of_add());
}
#[test]
fn mnt4_753_g2_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G2Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G2Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G2Gadget::cost_of_add());
}
#[test]
fn mnt4_753_g1_gadget_test() {
use algebra::UniformRand;
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut cs = TestConstraintSystem::<Fq>::new();
let a = G1Projective::rand(&mut rng);
let b = G1Projective::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.value.unwrap(), a_affine.x);
assert_eq!(gadget_a.y.value.unwrap(), a_affine.y);
assert_eq!(gadget_b.x.value.unwrap(), b_affine.x);
assert_eq!(gadget_b.y.value.unwrap(), b_affine.y);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
let ab_val = gadget_ab
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
// Check doubling
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
let aa_val = gadget_a
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
// Check mul_bits
let scalar = Fr::rand(&mut rng);
let native_result = aa.into_affine().mul(scalar) + &b;
let native_result = native_result.into_affine();
let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
// Get the scalar bits into little-endian form.
scalar.reverse();
let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
let result = gadget_a
.mul_bits(cs.ns(|| "mul_bits"), &gadget_b, input.iter())
.unwrap();
let result_val = result.get_value().unwrap().into_affine();
assert_eq!(
result_val, native_result,
"gadget & native values are diff. after scalar mul"
);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn mnt4_753_g2_gadget_test() {
let mut cs = TestConstraintSystem::<Fq>::new();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), a_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), a_affine.y);
assert_eq!(gadget_b.x.get_value().unwrap(), b_affine.x);
assert_eq!(gadget_b.y.get_value().unwrap(), b_affine.y);
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
assert_eq!(gadget_ab.x.get_value().unwrap(), ab_affine.x);
assert_eq!(gadget_ab.y.get_value().unwrap(), ab_affine.y);
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), aa_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), aa_affine.y);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn test() {
use algebra::curves::models::mnt4::MNT4Parameters;
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT4Parameters>::G1Parameters,
G1Gadget,
>();
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT4Parameters>::G2Parameters,
G2Gadget,
>();
}

201
r1cs-std/src/instantiated/mnt6_298/curves.rs
View File

@@ -7,192 +7,17 @@ pub type G2Gadget = mnt6::G2Gadget<Parameters>;
pub type G1PreparedGadget = mnt6::G1PreparedGadget<Parameters>;
pub type G2PreparedGadget = mnt6::G2PreparedGadget<Parameters>;
#[cfg(test)]
mod test {
use rand::Rng;
use super::{G1Gadget, G2Gadget};
use crate::{prelude::*, test_constraint_system::TestConstraintSystem, Vec};
use algebra::{mnt6_298::*, test_rng, AffineCurve, BitIterator, PrimeField, ProjectiveCurve};
use r1cs_core::ConstraintSystem;
#[test]
fn mnt6_298_g1_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
let gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G1Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G1Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G1Gadget::cost_of_add());
}
#[test]
fn mnt6_298_g2_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G2Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G2Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G2Gadget::cost_of_add());
}
#[test]
fn mnt6_298_g1_gadget_test() {
use algebra::UniformRand;
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut cs = TestConstraintSystem::<Fq>::new();
let a = G1Projective::rand(&mut rng);
let b = G1Projective::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.value.unwrap(), a_affine.x);
assert_eq!(gadget_a.y.value.unwrap(), a_affine.y);
assert_eq!(gadget_b.x.value.unwrap(), b_affine.x);
assert_eq!(gadget_b.y.value.unwrap(), b_affine.y);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
let ab_val = gadget_ab
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
// Check doubling
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
let aa_val = gadget_a
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
// Check mul_bits
let scalar = Fr::rand(&mut rng);
let native_result = aa.into_affine().mul(scalar) + &b;
let native_result = native_result.into_affine();
let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
// Get the scalar bits into little-endian form.
scalar.reverse();
let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
let result = gadget_a
.mul_bits(cs.ns(|| "mul_bits"), &gadget_b, input.iter())
.unwrap();
let result_val = result.get_value().unwrap().into_affine();
assert_eq!(
result_val, native_result,
"gadget & native values are diff. after scalar mul"
);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn mnt6_298_g2_gadget_test() {
let mut cs = TestConstraintSystem::<Fq>::new();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), a_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), a_affine.y);
assert_eq!(gadget_b.x.get_value().unwrap(), b_affine.x);
assert_eq!(gadget_b.y.get_value().unwrap(), b_affine.y);
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
assert_eq!(gadget_ab.x.get_value().unwrap(), ab_affine.x);
assert_eq!(gadget_ab.y.get_value().unwrap(), ab_affine.y);
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), aa_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), aa_affine.y);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn test() {
use algebra::curves::models::mnt6::MNT6Parameters;
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT6Parameters>::G1Parameters,
G1Gadget,
>();
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT6Parameters>::G2Parameters,
G2Gadget,
>();
}

201
r1cs-std/src/instantiated/mnt6_753/curves.rs
View File

@@ -7,192 +7,17 @@ pub type G2Gadget = mnt6::G2Gadget<Parameters>;
pub type G1PreparedGadget = mnt6::G1PreparedGadget<Parameters>;
pub type G2PreparedGadget = mnt6::G2PreparedGadget<Parameters>;
#[cfg(test)]
mod test {
use rand::Rng;
use super::{G1Gadget, G2Gadget};
use crate::{prelude::*, test_constraint_system::TestConstraintSystem, Vec};
use algebra::{mnt6_753::*, test_rng, AffineCurve, BitIterator, PrimeField, ProjectiveCurve};
use r1cs_core::ConstraintSystem;
#[test]
fn mnt6_753_g1_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G1Projective = rng.gen();
let b: G1Projective = rng.gen();
let gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G1Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G1Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G1Gadget::cost_of_add());
}
#[test]
fn mnt6_753_g2_constraint_costs() {
use crate::boolean::AllocatedBit;
let mut cs = TestConstraintSystem::<Fq>::new();
let bit = AllocatedBit::alloc(&mut cs.ns(|| "bool"), || Ok(true))
.unwrap()
.into();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
let alloc_cost = cs.num_constraints();
let _ = G2Gadget::conditionally_select(
&mut cs.ns(|| "cond_select"),
&bit,
&gadget_a,
&gadget_b,
)
.unwrap();
let cond_select_cost = cs.num_constraints() - alloc_cost;
let _ = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let add_cost = cs.num_constraints() - cond_select_cost - alloc_cost;
assert!(cs.is_satisfied());
assert_eq!(cond_select_cost, <G2Gadget as CondSelectGadget<Fq>>::cost());
assert_eq!(add_cost, G2Gadget::cost_of_add());
}
#[test]
fn mnt6_753_g1_gadget_test() {
use algebra::UniformRand;
use rand::SeedableRng;
use rand_xorshift::XorShiftRng;
let mut rng = XorShiftRng::seed_from_u64(1231275789u64);
let mut cs = TestConstraintSystem::<Fq>::new();
let a = G1Projective::rand(&mut rng);
let b = G1Projective::rand(&mut rng);
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G1Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.value.unwrap(), a_affine.x);
assert_eq!(gadget_a.y.value.unwrap(), a_affine.y);
assert_eq!(gadget_b.x.value.unwrap(), b_affine.x);
assert_eq!(gadget_b.y.value.unwrap(), b_affine.y);
// Check addition
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
let ab_val = gadget_ab
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(ab_val, ab_affine, "Result of addition is unequal");
// Check doubling
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
let aa_val = gadget_a
.get_value()
.expect("Doubling should be successful")
.into_affine();
assert_eq!(
aa_val, aa_affine,
"Gadget and native values are unequal after double."
);
// Check mul_bits
let scalar = Fr::rand(&mut rng);
let native_result = aa.into_affine().mul(scalar) + &b;
let native_result = native_result.into_affine();
let mut scalar: Vec<bool> = BitIterator::new(scalar.into_repr()).collect();
// Get the scalar bits into little-endian form.
scalar.reverse();
let input = Vec::<Boolean>::alloc(cs.ns(|| "Input"), || Ok(scalar)).unwrap();
let result = gadget_a
.mul_bits(cs.ns(|| "mul_bits"), &gadget_b, input.iter())
.unwrap();
let result_val = result.get_value().unwrap().into_affine();
assert_eq!(
result_val, native_result,
"gadget & native values are diff. after scalar mul"
);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn mnt6_753_g2_gadget_test() {
let mut cs = TestConstraintSystem::<Fq>::new();
let mut rng = test_rng();
let a: G2Projective = rng.gen();
let b: G2Projective = rng.gen();
let a_affine = a.into_affine();
let b_affine = b.into_affine();
let mut gadget_a = G2Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap();
let gadget_b = G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), a_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), a_affine.y);
assert_eq!(gadget_b.x.get_value().unwrap(), b_affine.x);
assert_eq!(gadget_b.y.get_value().unwrap(), b_affine.y);
let ab = a + &b;
let ab_affine = ab.into_affine();
let gadget_ab = gadget_a.add(&mut cs.ns(|| "ab"), &gadget_b).unwrap();
let gadget_ba = gadget_b.add(&mut cs.ns(|| "ba"), &gadget_a).unwrap();
gadget_ba
.enforce_equal(&mut cs.ns(|| "b + a == a + b?"), &gadget_ab)
.unwrap();
assert_eq!(gadget_ab.x.get_value().unwrap(), ab_affine.x);
assert_eq!(gadget_ab.y.get_value().unwrap(), ab_affine.y);
let aa = a.double();
let aa_affine = aa.into_affine();
gadget_a.double_in_place(&mut cs.ns(|| "2a")).unwrap();
assert_eq!(gadget_a.x.get_value().unwrap(), aa_affine.x);
assert_eq!(gadget_a.y.get_value().unwrap(), aa_affine.y);
if !cs.is_satisfied() {
println!("{:?}", cs.which_is_unsatisfied().unwrap());
}
assert!(cs.is_satisfied());
}
#[test]
fn test() {
use algebra::curves::models::mnt6::MNT6Parameters;
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT6Parameters>::G1Parameters,
G1Gadget,
>();
crate::groups::curves::short_weierstrass::test::<
_,
<Parameters as MNT6Parameters>::G2Parameters,
G2Gadget,
>();
}