implement Nova's AugmentedFCircuit (#33)

* impl AugmentedFCircuit non-base case * add multiple iterations to AugmentedFCircuit test * implement base case on AugmentedFCircuit and test * Update cmE of E=0-vec to work as zero point Update cmE of E=0-vec to work as zero point instead of as cm(0-vec) * patch r1cs-std dep to a cherry-picked version with the zero-scalar-mult fix * refactor FCircuit to make it more suitable inside the AugmentedFCircuit
2026-02-02 17:26:44 +01:00 · 2023-10-30 09:02:19 +01:00
parent 7656c6bd6c
commit 597ac27288
7 changed files with 552 additions and 76 deletions
--- a/src/folding/nova/mod.rs
+++ b/src/folding/nova/mod.rs
@@ -7,8 +7,10 @@ use ark_ec::{CurveGroup, Group};
 use ark_std::fmt::Debug;
 use ark_std::{One, Zero};

+use crate::ccs::r1cs::R1CS;
 use crate::folding::circuits::nonnative::point_to_nonnative_limbs;
 use crate::pedersen::{Params as PedersenParams, Pedersen};
+use crate::utils::vec::is_zero_vec;
 use crate::Error;

 pub mod circuits;
@@ -27,12 +29,12 @@ where
    <C as Group>::ScalarField: Absorb,
    <C as ark_ec::CurveGroup>::BaseField: ark_ff::PrimeField,
 {
-    pub fn empty() -> Self {
-        CommittedInstance {
+    pub fn dummy(io_len: usize) -> Self {
+        Self {
            cmE: C::zero(),
-            u: C::ScalarField::one(),
+            u: C::ScalarField::zero(),
            cmW: C::zero(),
-            x: Vec::new(),
+            x: vec![C::ScalarField::zero(); io_len],
        }
    }

@@ -81,7 +83,7 @@ where
    pub fn new(w: Vec<C::ScalarField>, e_len: usize) -> Self {
        Self {
            E: vec![C::ScalarField::zero(); e_len],
-            rE: C::ScalarField::one(),
+            rE: C::ScalarField::zero(), // because we use C::zero() as cmE
            W: w,
            rW: C::ScalarField::one(),
        }
@@ -91,7 +93,10 @@ where
        params: &PedersenParams<C>,
        x: Vec<C::ScalarField>,
    ) -> CommittedInstance<C> {
-        let cmE = Pedersen::commit(params, &self.E, &self.rE);
+        let mut cmE = C::zero();
+        if !is_zero_vec::<C::ScalarField>(&self.E) {
+            cmE = Pedersen::commit(params, &self.E, &self.rE);
+        }
        let cmW = Pedersen::commit(params, &self.W, &self.rW);
        CommittedInstance {
            cmE,
@@ -101,3 +106,16 @@ where
        }
    }
 }
+
+pub fn check_instance_relation<C: CurveGroup>(
+    r1cs: &R1CS<C::ScalarField>,
+    W: &Witness<C>,
+    U: &CommittedInstance<C>,
+) -> Result<(), Error> {
+    let mut rel_r1cs = r1cs.clone().relax();
+    rel_r1cs.u = U.u;
+    rel_r1cs.E = W.E.clone();
+
+    let Z: Vec<C::ScalarField> = [vec![U.u], U.x.to_vec(), W.W.to_vec()].concat();
+    rel_r1cs.check_relation(&Z)
+}