impl hash committed instance gadget (#17) (#31)

together with the native impl compatible with the gadget one
2026-02-02 17:26:44 +01:00 · 2023-10-12 11:04:45 +02:00
parent 9a2a1fdd13
commit 422db752f9
5 changed files with 249 additions and 44 deletions
--- a/src/folding/nova/mod.rs
+++ b/src/folding/nova/mod.rs
@@ -1,10 +1,15 @@
 /// Implements the scheme described in [Nova](https://eprint.iacr.org/2021/370.pdf)
-use ark_crypto_primitives::sponge::Absorb;
+use ark_crypto_primitives::{
+    crh::{poseidon::CRH, CRHScheme},
+    sponge::{poseidon::PoseidonConfig, Absorb},
+};
 use ark_ec::{CurveGroup, Group};
 use ark_std::fmt::Debug;
 use ark_std::{One, Zero};

+use crate::folding::circuits::nonnative::point_to_nonnative_limbs;
 use crate::pedersen::{Params as PedersenParams, Pedersen};
+use crate::Error;

 pub mod circuits;
 pub mod nifs;
@@ -17,7 +22,11 @@ pub struct CommittedInstance<C: CurveGroup> {
    pub x: Vec<C::ScalarField>,
 }

-impl<C: CurveGroup> CommittedInstance<C> {
+impl<C: CurveGroup> CommittedInstance<C>
+where
+    <C as Group>::ScalarField: Absorb,
+    <C as ark_ec::CurveGroup>::BaseField: ark_ff::PrimeField,
+{
    pub fn empty() -> Self {
        CommittedInstance {
            cmE: C::zero(),
@@ -26,6 +35,35 @@ impl<C: CurveGroup> CommittedInstance<C> {
            x: Vec::new(),
        }
    }
+
+    /// hash implements the committed instance hash compatible with the gadget implemented in
+    /// nova/circuits.rs::CommittedInstanceVar.hash.
+    /// Returns `H(i, z_0, z_i, U_i)`, where `i` can be `i` but also `i+1`, and `U` is the
+    /// `CommittedInstance`.
+    pub fn hash(
+        &self,
+        poseidon_config: &PoseidonConfig<C::ScalarField>,
+        i: C::ScalarField,
+        z_0: C::ScalarField,
+        z_i: C::ScalarField,
+    ) -> Result<C::ScalarField, Error> {
+        let (cmE_x, cmE_y) = point_to_nonnative_limbs::<C>(self.cmE)?;
+        let (cmW_x, cmW_y) = point_to_nonnative_limbs::<C>(self.cmW)?;
+
+        Ok(CRH::<C::ScalarField>::evaluate(
+            poseidon_config,
+            vec![
+                vec![i, z_0, z_i, self.u],
+                self.x.clone(),
+                cmE_x,
+                cmE_y,
+                cmW_x,
+                cmW_y,
+            ]
+            .concat(),
+        )
+        .unwrap())
+    }
 }

 #[derive(Debug, Clone, Eq, PartialEq)]