arnaucube
/
folding-schemes
mirror of https://github.com/arnaucube/folding-schemes.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

update RelaxedR1CSGadget to work with FieldVar trait so we can plug in FpVar and NonNativeFieldVar indistinctly (#46) 

This is to be able to instantiate the CycleFoldCircuit over Curve2
constraint field, and check it's RelaxedR1CS relation non-natively
inside the Curve1 constraint field, while reusing the same code that we
already have for checking the main circuit RelaxedR1CS over Curve1
constraint field natively.
main
arnaucube 10 months ago
committed by GitHub
parent
b9af3188f9
commit
4b929e8dc4
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 135 additions and 55 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +134
    -55
      src/decider/circuit.rs
  2. +1
    -0
      src/folding/nova/cyclefold.rs

+ 134
- 55
src/decider/circuit.rs
View File

@ -2,8 +2,7 @@ use ark_ec::CurveGroup;
use ark_ff::{Field, PrimeField}; use ark_ff::{Field, PrimeField};
use ark_r1cs_std::{ use ark_r1cs_std::{
alloc::{AllocVar, AllocationMode}, alloc::{AllocVar, AllocationMode},
eq::EqGadget,
fields::{fp::FpVar, FieldVar},
fields::FieldVar,
}; };
use ark_relations::r1cs::{Namespace, SynthesisError}; use ark_relations::r1cs::{Namespace, SynthesisError};
use core::{borrow::Borrow, marker::PhantomData}; use core::{borrow::Borrow, marker::PhantomData};
@ -15,12 +14,14 @@ use crate::Error;
pub type ConstraintF<C> = <<C as CurveGroup>::BaseField as Field>::BasePrimeField; pub type ConstraintF<C> = <<C as CurveGroup>::BaseField as Field>::BasePrimeField;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct RelaxedR1CSGadget<F: PrimeField> {
pub struct RelaxedR1CSGadget<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>> {
_f: PhantomData<F>, _f: PhantomData<F>,
_cf: PhantomData<CF>,
_fv: PhantomData<FV>,
} }
impl<F: PrimeField> RelaxedR1CSGadget<F> {
impl<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>> RelaxedR1CSGadget<F, CF, FV> {
/// performs the RelaxedR1CS check (Az∘Bz==uCz+E) /// performs the RelaxedR1CS check (Az∘Bz==uCz+E)
pub fn check(rel_r1cs: RelaxedR1CSVar<F>, z: Vec<FpVar<F>>) -> Result<(), Error> {
pub fn check(rel_r1cs: RelaxedR1CSVar<F, CF, FV>, z: Vec<FV>) -> Result<(), Error> {
let Az = mat_vec_mul_sparse(rel_r1cs.A, z.clone()); let Az = mat_vec_mul_sparse(rel_r1cs.A, z.clone());
let Bz = mat_vec_mul_sparse(rel_r1cs.B, z.clone()); let Bz = mat_vec_mul_sparse(rel_r1cs.B, z.clone());
let Cz = mat_vec_mul_sparse(rel_r1cs.C, z.clone()); let Cz = mat_vec_mul_sparse(rel_r1cs.C, z.clone());
@ -34,19 +35,22 @@ impl RelaxedR1CSGadget {
} }
} }
fn mat_vec_mul_sparse<F: PrimeField>(m: SparseMatrixVar<F>, v: Vec<FpVar<F>>) -> Vec<FpVar<F>> {
let mut res = vec![FpVar::<F>::zero(); m.n_rows];
fn mat_vec_mul_sparse<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>>(
m: SparseMatrixVar<F, CF, FV>,
v: Vec<FV>,
) -> Vec<FV> {
let mut res = vec![FV::zero(); m.n_rows];
for (row_i, row) in m.coeffs.iter().enumerate() { for (row_i, row) in m.coeffs.iter().enumerate() {
for (value, col_i) in row.iter() { for (value, col_i) in row.iter() {
res[row_i] += value * v[*col_i].clone();
res[row_i] += value.clone().mul(&v[*col_i].clone());
} }
} }
res res
} }
pub fn vec_add<F: PrimeField>(
a: &Vec<FpVar<F>>,
b: &Vec<FpVar<F>>,
) -> Result<Vec<FpVar<F>>, Error> {
pub fn vec_add<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>>(
a: &Vec<FV>,
b: &Vec<FV>,
) -> Result<Vec<FV>, Error> {
if a.len() != b.len() { if a.len() != b.len() {
return Err(Error::NotSameLength( return Err(Error::NotSameLength(
"a.len()".to_string(), "a.len()".to_string(),
@ -55,23 +59,26 @@ pub fn vec_add(
b.len(), b.len(),
)); ));
} }
let mut r: Vec<FpVar<F>> = vec![FpVar::<F>::zero(); a.len()];
let mut r: Vec<FV> = vec![FV::zero(); a.len()];
for i in 0..a.len() { for i in 0..a.len() {
r[i] = a[i].clone() + b[i].clone(); r[i] = a[i].clone() + b[i].clone();
} }
Ok(r) Ok(r)
} }
pub fn vec_scalar_mul<F: PrimeField>(vec: &Vec<FpVar<F>>, c: &FpVar<F>) -> Vec<FpVar<F>> {
let mut result = vec![FpVar::<F>::zero(); vec.len()];
pub fn vec_scalar_mul<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>>(
vec: &Vec<FV>,
c: &FV,
) -> Vec<FV> {
let mut result = vec![FV::zero(); vec.len()];
for (i, a) in vec.iter().enumerate() { for (i, a) in vec.iter().enumerate() {
result[i] = a.clone() * c; result[i] = a.clone() * c;
} }
result result
} }
pub fn hadamard<F: PrimeField>(
a: &Vec<FpVar<F>>,
b: &Vec<FpVar<F>>,
) -> Result<Vec<FpVar<F>>, Error> {
pub fn hadamard<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>>(
a: &Vec<FV>,
b: &Vec<FV>,
) -> Result<Vec<FV>, Error> {
if a.len() != b.len() { if a.len() != b.len() {
return Err(Error::NotSameLength( return Err(Error::NotSameLength(
"a.len()".to_string(), "a.len()".to_string(),
@ -80,7 +87,7 @@ pub fn hadamard(
b.len(), b.len(),
)); ));
} }
let mut r: Vec<FpVar<F>> = vec![FpVar::<F>::zero(); a.len()];
let mut r: Vec<FV> = vec![FV::zero(); a.len()];
for i in 0..a.len() { for i in 0..a.len() {
r[i] = a[i].clone() * b[i].clone(); r[i] = a[i].clone() * b[i].clone();
} }
@ -88,36 +95,44 @@ pub fn hadamard(
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct SparseMatrixVar<F: PrimeField> {
pub struct SparseMatrixVar<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>> {
_f: PhantomData<F>,
_cf: PhantomData<CF>,
_fv: PhantomData<FV>,
pub n_rows: usize, pub n_rows: usize,
pub n_cols: usize, pub n_cols: usize,
// same format as the native SparseMatrix (which follows ark_relations::r1cs::Matrix format // same format as the native SparseMatrix (which follows ark_relations::r1cs::Matrix format
pub coeffs: Vec<Vec<(FpVar<F>, usize)>>,
pub coeffs: Vec<Vec<(FV, usize)>>,
} }
impl<F> AllocVar<SparseMatrix<F>, F> for SparseMatrixVar<F>
impl<F, CF, FV> AllocVar<SparseMatrix<F>, CF> for SparseMatrixVar<F, CF, FV>
where where
F: PrimeField, F: PrimeField,
CF: PrimeField,
FV: FieldVar<F, CF>,
{ {
fn new_variable<T: Borrow<SparseMatrix<F>>>( fn new_variable<T: Borrow<SparseMatrix<F>>>(
cs: impl Into<Namespace<F>>,
cs: impl Into<Namespace<CF>>,
f: impl FnOnce() -> Result<T, SynthesisError>, f: impl FnOnce() -> Result<T, SynthesisError>,
mode: AllocationMode, mode: AllocationMode,
) -> Result<Self, SynthesisError> { ) -> Result<Self, SynthesisError> {
f().and_then(|val| { f().and_then(|val| {
let cs = cs.into(); let cs = cs.into();
let mut coeffs: Vec<Vec<(FpVar<F>, usize)>> = Vec::new();
let mut coeffs: Vec<Vec<(FV, usize)>> = Vec::new();
for row in val.borrow().coeffs.iter() { for row in val.borrow().coeffs.iter() {
let mut rowVar: Vec<(FpVar<F>, usize)> = Vec::new();
let mut rowVar: Vec<(FV, usize)> = Vec::new();
for &(value, col_i) in row.iter() { for &(value, col_i) in row.iter() {
let coeffVar = FpVar::<F>::new_variable(cs.clone(), || Ok(value), mode)?;
let coeffVar = FV::new_variable(cs.clone(), || Ok(value), mode)?;
rowVar.push((coeffVar, col_i)); rowVar.push((coeffVar, col_i));
} }
coeffs.push(rowVar); coeffs.push(rowVar);
} }
Ok(Self { Ok(Self {
_f: PhantomData,
_cf: PhantomData,
_fv: PhantomData,
n_rows: val.borrow().n_rows, n_rows: val.borrow().n_rows,
n_cols: val.borrow().n_cols, n_cols: val.borrow().n_cols,
coeffs, coeffs,
@ -127,33 +142,47 @@ where
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct RelaxedR1CSVar<F: PrimeField> {
pub A: SparseMatrixVar<F>,
pub B: SparseMatrixVar<F>,
pub C: SparseMatrixVar<F>,
pub u: FpVar<F>,
pub E: Vec<FpVar<F>>,
pub struct RelaxedR1CSVar<F: PrimeField, CF: PrimeField, FV: FieldVar<F, CF>> {
_f: PhantomData<F>,
_cf: PhantomData<CF>,
_fv: PhantomData<FV>,
pub A: SparseMatrixVar<F, CF, FV>,
pub B: SparseMatrixVar<F, CF, FV>,
pub C: SparseMatrixVar<F, CF, FV>,
pub u: FV,
pub E: Vec<FV>,
} }
impl<F> AllocVar<RelaxedR1CS<F>, F> for RelaxedR1CSVar<F>
impl<F, CF, FV> AllocVar<RelaxedR1CS<F>, CF> for RelaxedR1CSVar<F, CF, FV>
where where
F: PrimeField, F: PrimeField,
CF: PrimeField,
FV: FieldVar<F, CF>,
{ {
fn new_variable<T: Borrow<RelaxedR1CS<F>>>( fn new_variable<T: Borrow<RelaxedR1CS<F>>>(
cs: impl Into<Namespace<F>>,
cs: impl Into<Namespace<CF>>,
f: impl FnOnce() -> Result<T, SynthesisError>, f: impl FnOnce() -> Result<T, SynthesisError>,
mode: AllocationMode, mode: AllocationMode,
) -> Result<Self, SynthesisError> { ) -> Result<Self, SynthesisError> {
f().and_then(|val| { f().and_then(|val| {
let cs = cs.into(); let cs = cs.into();
let A = SparseMatrixVar::<F>::new_constant(cs.clone(), &val.borrow().A)?;
let B = SparseMatrixVar::<F>::new_constant(cs.clone(), &val.borrow().B)?;
let C = SparseMatrixVar::<F>::new_constant(cs.clone(), &val.borrow().C)?;
let E = Vec::<FpVar<F>>::new_variable(cs.clone(), || Ok(val.borrow().E.clone()), mode)?;
let u = FpVar::<F>::new_variable(cs.clone(), || Ok(val.borrow().u), mode)?;
let A = SparseMatrixVar::<F, CF, FV>::new_constant(cs.clone(), &val.borrow().A)?;
let B = SparseMatrixVar::<F, CF, FV>::new_constant(cs.clone(), &val.borrow().B)?;
let C = SparseMatrixVar::<F, CF, FV>::new_constant(cs.clone(), &val.borrow().C)?;
let E = Vec::<FV>::new_variable(cs.clone(), || Ok(val.borrow().E.clone()), mode)?;
let u = FV::new_variable(cs.clone(), || Ok(val.borrow().u), mode)?;
Ok(Self { A, B, C, E, u })
Ok(Self {
_f: PhantomData,
_cf: PhantomData,
_fv: PhantomData,
A,
B,
C,
E,
u,
})
}) })
} }
} }
@ -169,8 +198,13 @@ mod tests {
CRHScheme, CRHSchemeGadget, CRHScheme, CRHSchemeGadget,
}; };
use ark_ff::BigInteger; use ark_ff::BigInteger;
use ark_pallas::Fr;
use ark_r1cs_std::{alloc::AllocVar, bits::uint8::UInt8};
use ark_pallas::{Fq, Fr};
use ark_r1cs_std::{
alloc::AllocVar,
bits::uint8::UInt8,
eq::EqGadget,
fields::{fp::FpVar, nonnative::NonNativeFieldVar},
};
use ark_relations::r1cs::{ use ark_relations::r1cs::{
ConstraintSynthesizer, ConstraintSystem, ConstraintSystemRef, SynthesisError, ConstraintSynthesizer, ConstraintSystem, ConstraintSystemRef, SynthesisError,
}; };
@ -191,11 +225,11 @@ mod tests {
let cs = ConstraintSystem::<Fr>::new_ref(); let cs = ConstraintSystem::<Fr>::new_ref();
let zVar = Vec::<FpVar<Fr>>::new_witness(cs.clone(), || Ok(z)).unwrap(); let zVar = Vec::<FpVar<Fr>>::new_witness(cs.clone(), || Ok(z)).unwrap();
let rel_r1csVar = RelaxedR1CSVar::<Fr>::new_witness(cs.clone(), || Ok(rel_r1cs)).unwrap();
let rel_r1csVar =
RelaxedR1CSVar::<Fr, Fr, FpVar<Fr>>::new_witness(cs.clone(), || Ok(rel_r1cs)).unwrap();
RelaxedR1CSGadget::<Fr>::check(rel_r1csVar, zVar).unwrap();
RelaxedR1CSGadget::<Fr, Fr, FpVar<Fr>>::check(rel_r1csVar, zVar).unwrap();
assert!(cs.is_satisfied().unwrap()); assert!(cs.is_satisfied().unwrap());
dbg!(cs.num_constraints());
} }
// gets as input a circuit that implements the ConstraintSynthesizer trait, and that has been // gets as input a circuit that implements the ConstraintSynthesizer trait, and that has been
@ -207,9 +241,6 @@ mod tests {
cs.finalize(); cs.finalize();
assert!(cs.is_satisfied().unwrap()); assert!(cs.is_satisfied().unwrap());
// num constraints of the original circuit
dbg!(cs.num_constraints());
let cs = cs.into_inner().unwrap(); let cs = cs.into_inner().unwrap();
let (r1cs, z) = extract_r1cs_and_z::<Fr>(&cs); let (r1cs, z) = extract_r1cs_and_z::<Fr>(&cs);
@ -223,13 +254,11 @@ mod tests {
// prepare the inputs for our circuit // prepare the inputs for our circuit
let zVar = Vec::<FpVar<Fr>>::new_witness(cs.clone(), || Ok(z)).unwrap(); let zVar = Vec::<FpVar<Fr>>::new_witness(cs.clone(), || Ok(z)).unwrap();
let rel_r1csVar = let rel_r1csVar =
RelaxedR1CSVar::<Fr>::new_witness(cs.clone(), || Ok(relaxed_r1cs)).unwrap();
RelaxedR1CSVar::<Fr, Fr, FpVar<Fr>>::new_witness(cs.clone(), || Ok(relaxed_r1cs))
.unwrap();
RelaxedR1CSGadget::<Fr>::check(rel_r1csVar, zVar).unwrap();
RelaxedR1CSGadget::<Fr, Fr, FpVar<Fr>>::check(rel_r1csVar, zVar).unwrap();
assert!(cs.is_satisfied().unwrap()); assert!(cs.is_satisfied().unwrap());
// num constraints of the circuit that checks the RelaxedR1CS of the original circuit
dbg!(cs.num_constraints());
} }
#[test] #[test]
@ -269,7 +298,7 @@ mod tests {
test_relaxed_r1cs_gadget(circuit); test_relaxed_r1cs_gadget(circuit);
} }
// circuit that has the numer of constraints specified in the `n_constraints` parameter. Note
// circuit that has the number of constraints specified in the `n_constraints` parameter. Note
// that the generated circuit will have very sparse matrices, so the resulting constraints // that the generated circuit will have very sparse matrices, so the resulting constraints
// number of the RelaxedR1CS gadget must take that into account. // number of the RelaxedR1CS gadget must take that into account.
struct CustomTestCircuit<F: PrimeField> { struct CustomTestCircuit<F: PrimeField> {
@ -278,6 +307,21 @@ mod tests {
pub x: F, pub x: F,
pub y: F, pub y: F,
} }
impl<F: PrimeField> CustomTestCircuit<F> {
fn new(n_constraints: usize) -> Self {
let x = F::from(5_u32);
let mut y = F::one();
for _ in 0..n_constraints - 1 {
y *= x;
}
Self {
_f: PhantomData,
n_constraints,
x,
y,
}
}
}
impl<F: PrimeField> ConstraintSynthesizer<F> for CustomTestCircuit<F> { impl<F: PrimeField> ConstraintSynthesizer<F> for CustomTestCircuit<F> {
fn generate_constraints(self, cs: ConstraintSystemRef<F>) -> Result<(), SynthesisError> { fn generate_constraints(self, cs: ConstraintSystemRef<F>) -> Result<(), SynthesisError> {
let x = FpVar::<F>::new_witness(cs.clone(), || Ok(self.x))?; let x = FpVar::<F>::new_witness(cs.clone(), || Ok(self.x))?;
@ -292,6 +336,7 @@ mod tests {
Ok(()) Ok(())
} }
} }
#[test] #[test]
fn test_relaxed_r1cs_custom_circuit() { fn test_relaxed_r1cs_custom_circuit() {
let n_constraints = 10_000; let n_constraints = 10_000;
@ -309,4 +354,38 @@ mod tests {
}; };
test_relaxed_r1cs_gadget(circuit); test_relaxed_r1cs_gadget(circuit);
} }
#[test]
fn test_relaxed_r1cs_nonnative_circuit() {
let cs = ConstraintSystem::<Fq>::new_ref();
// in practice we would use CycleFoldCircuit, but is a very big circuit (when computed
// non-natively inside the RelaxedR1CS circuit), so in order to have a short test we use a
// custom circuit.
let circuit = CustomTestCircuit::<Fq>::new(10);
circuit.generate_constraints(cs.clone()).unwrap();
cs.finalize();
let cs = cs.into_inner().unwrap();
let (r1cs, z) = extract_r1cs_and_z::<Fq>(&cs);
let relaxed_r1cs = r1cs.relax();
// natively
let cs = ConstraintSystem::<Fq>::new_ref();
let zVar = Vec::<FpVar<Fq>>::new_witness(cs.clone(), || Ok(z.clone())).unwrap();
let rel_r1csVar = RelaxedR1CSVar::<Fq, Fq, FpVar<Fq>>::new_witness(cs.clone(), || {
Ok(relaxed_r1cs.clone())
})
.unwrap();
RelaxedR1CSGadget::<Fq, Fq, FpVar<Fq>>::check(rel_r1csVar, zVar).unwrap();
// non-natively
let cs = ConstraintSystem::<Fr>::new_ref();
let zVar = Vec::<NonNativeFieldVar<Fq, Fr>>::new_witness(cs.clone(), || Ok(z)).unwrap();
let rel_r1csVar =
RelaxedR1CSVar::<Fq, Fr, NonNativeFieldVar<Fq, Fr>>::new_witness(cs.clone(), || {
Ok(relaxed_r1cs)
})
.unwrap();
RelaxedR1CSGadget::<Fq, Fr, NonNativeFieldVar<Fq, Fr>>::check(rel_r1csVar, zVar).unwrap();
}
} }

+ 1
- 0
src/folding/nova/cyclefold.rs
View File

@ -386,6 +386,7 @@ where
// the CycleFoldCircuit are the sames used in the public inputs 'x', which come from the // the CycleFoldCircuit are the sames used in the public inputs 'x', which come from the
// AugmentedFCircuit. // AugmentedFCircuit.
// TODO: Issue to keep track of this: https://github.com/privacy-scaling-explorations/folding-schemes/issues/44 // TODO: Issue to keep track of this: https://github.com/privacy-scaling-explorations/folding-schemes/issues/44
// and https://github.com/privacy-scaling-explorations/folding-schemes/issues/48
Ok(()) Ok(())
} }

Write Preview
Loading…
Cancel
Save