Unify the computation of digests and challenges in different folding schemes (#94)

* Remove the trait bound `C::BaseField: PrimeField` for better DX * Methods in `TranscriptVar` now exactly matches the ones in `Transcript` * Add `ProtoGalaxyTranscriptVar` and `CommittedInstanceVar` for protogalaxy * betas are unnecessary in "plain" (incoming) instances * Absorb the result of `get_challenge_nbits` as well * `ProtoGalaxyTranscript` now allows absorbing mulitple instances * Always return `Result<(), SynthesisError>` in `ProtoGalaxyTranscriptVar` * Impl `Transcript{Var}` for `PoseidonSponge{Var}` directly and remove `PoseidonTranscript{Var}` * `Transcript::absorb_point` doesn't need to return `Error` * Add `AbsorbNonNative` trait for hashing non-native values Note that now `absorb_point` only supports hashing points whose BaseField is equal to the sponge's field * More efficient `TranscriptVar::absorb_point` by securely removing `is_inf` * Use `sponge` and `transcript` consistently * Clarify the usage of `AbsorbNonNative{Gadget}` * Generic `sponge` and `transcript` params * Avoid unstable `associated_type_bounds` * Reuse `sponge` in hypernova * Clean up redundant imports * Remove unstable code * Clarify the usage of `absorb_point` and `absorb_nonnative`
2026-01-13 01:11:32 +01:00 · 2024-07-08 09:25:08 +01:00
parent c17fcf56c6
commit 16d51d757b
36 changed files with 1030 additions and 1033 deletions
--- a/folding-schemes/src/folding/hypernova/lcccs.rs
+++ b/folding-schemes/src/folding/hypernova/lcccs.rs
@@ -1,7 +1,4 @@
-use ark_crypto_primitives::{
-    crh::{poseidon::CRH, CRHScheme},
-    sponge::{poseidon::PoseidonConfig, Absorb},
-};
+use ark_crypto_primitives::sponge::Absorb;
 use ark_ec::{CurveGroup, Group};
 use ark_ff::PrimeField;
 use ark_poly::DenseMultilinearExtension;
@@ -12,7 +9,7 @@ use ark_std::Zero;
 use super::Witness;
 use crate::arith::ccs::CCS;
 use crate::commitment::CommitmentScheme;
-use crate::folding::circuits::nonnative::affine::nonnative_affine_to_field_elements;
+use crate::transcript::{AbsorbNonNative, Transcript};
 use crate::utils::mle::dense_vec_to_dense_mle;
 use crate::utils::vec::mat_vec_mul;
 use crate::Error;
@@ -118,6 +115,29 @@ impl<C: CurveGroup> LCCCS<C> {
    }
 }

+impl<C: CurveGroup> Absorb for LCCCS<C>
+where
+    C::ScalarField: Absorb,
+{
+    fn to_sponge_bytes(&self, _dest: &mut Vec<u8>) {
+        // This is never called
+        unimplemented!()
+    }
+
+    fn to_sponge_field_elements<F: PrimeField>(&self, dest: &mut Vec<F>) {
+        // We cannot call `to_native_sponge_field_elements(dest)` directly, as
+        // `to_native_sponge_field_elements` needs `F` to be `C::ScalarField`,
+        // but here `F` is a generic `PrimeField`.
+        self.C
+            .to_native_sponge_field_elements_as_vec()
+            .to_sponge_field_elements(dest);
+        self.u.to_sponge_field_elements(dest);
+        self.x.to_sponge_field_elements(dest);
+        self.r_x.to_sponge_field_elements(dest);
+        self.v.to_sponge_field_elements(dest);
+    }
+}
+
 impl<C: CurveGroup> LCCCS<C>
 where
    <C as Group>::ScalarField: Absorb,
@@ -126,32 +146,21 @@ where
    /// [`LCCCS`].hash implements the committed instance hash compatible with the gadget
    /// implemented in nova/circuits.rs::CommittedInstanceVar.hash.
    /// Returns `H(i, z_0, z_i, U_i)`, where `i` can be `i` but also `i+1`, and `U_i` is the LCCCS.
-    pub fn hash(
+    pub fn hash<T: Transcript<C::ScalarField>>(
        &self,
-        poseidon_config: &PoseidonConfig<C::ScalarField>,
+        sponge: &T,
        pp_hash: C::ScalarField,
        i: C::ScalarField,
        z_0: Vec<C::ScalarField>,
        z_i: Vec<C::ScalarField>,
-    ) -> Result<C::ScalarField, Error> {
-        let (C_x, C_y) = nonnative_affine_to_field_elements::<C>(self.C)?;
-
-        CRH::<C::ScalarField>::evaluate(
-            poseidon_config,
-            vec![
-                vec![pp_hash, i],
-                z_0,
-                z_i,
-                C_x,
-                C_y,
-                vec![self.u],
-                self.x.clone(),
-                self.r_x.clone(),
-                self.v.clone(),
-            ]
-            .concat(),
-        )
-        .map_err(|e| Error::Other(e.to_string()))
+    ) -> C::ScalarField {
+        let mut sponge = sponge.clone();
+        sponge.absorb(&pp_hash);
+        sponge.absorb(&i);
+        sponge.absorb(&z_0);
+        sponge.absorb(&z_i);
+        sponge.absorb(&self);
+        sponge.squeeze_field_elements(1)[0]
    }
 }

@@ -161,7 +170,6 @@ pub mod tests {
    use ark_std::test_rng;
    use ark_std::One;
    use ark_std::UniformRand;
-    use ark_std::Zero;
    use std::sync::Arc;

    use super::*;