Add HyperNova's NIMFS circuit (#99)

* add HyperNova's NIMFS verifier circuit * update poseidon usage after rebasing to latest main branch changes
2026-01-28 14:56:40 +01:00 · 2024-06-04 10:57:39 +02:00
parent 852134a898
commit 59b8bdb0c4
12 changed files with 604 additions and 204 deletions
--- a/folding-schemes/src/folding/nova/circuits.rs
+++ b/folding-schemes/src/folding/nova/circuits.rs
@@ -8,8 +8,8 @@ use ark_crypto_primitives::sponge::{
    poseidon::{constraints::PoseidonSpongeVar, PoseidonConfig, PoseidonSponge},
    Absorb, CryptographicSponge,
 };
-use ark_ec::{AffineRepr, CurveGroup, Group};
-use ark_ff::{Field, PrimeField};
+use ark_ec::{CurveGroup, Group};
+use ark_ff::PrimeField;
 use ark_r1cs_std::{
    alloc::{AllocVar, AllocationMode},
    boolean::Boolean,
@@ -30,20 +30,15 @@ use super::{
    CommittedInstance,
 };
 use crate::constants::N_BITS_RO;
-use crate::folding::circuits::nonnative::{
-    affine::{nonnative_affine_to_field_elements, NonNativeAffineVar},
-    uint::NonNativeUintVar,
+use crate::folding::circuits::{
+    nonnative::{
+        affine::{nonnative_affine_to_field_elements, NonNativeAffineVar},
+        uint::NonNativeUintVar,
+    },
+    CF1, CF2,
 };
 use crate::frontend::FCircuit;

-/// CF1 represents the ConstraintField used for the main Nova circuit which is over E1::Fr, where
-/// E1 is the main curve where we do the folding.
-pub type CF1<C> = <<C as CurveGroup>::Affine as AffineRepr>::ScalarField;
-/// CF2 represents the ConstraintField used for the CycleFold circuit which is over E2::Fr=E1::Fq,
-/// where E2 is the auxiliary curve (from [CycleFold](https://eprint.iacr.org/2023/1192.pdf)
-/// approach) where we check the folding of the commitments (elliptic curve points).
-pub type CF2<C> = <<C as CurveGroup>::BaseField as Field>::BasePrimeField;
-
 /// CommittedInstanceVar contains the u, x, cmE and cmW values which are folded on the main Nova
 /// constraints field (E1::Fr, where E1 is the main curve). The peculiarity is that cmE and cmW are
 /// represented non-natively over the constraint field.
--- a/folding-schemes/src/folding/nova/cyclefold.rs
+++ b/folding-schemes/src/folding/nova/cyclefold.rs
@@ -26,10 +26,9 @@ use ark_std::fmt::Debug;
 use ark_std::{One, Zero};
 use core::{borrow::Borrow, marker::PhantomData};

-use super::circuits::CF2;
 use super::CommittedInstance;
 use crate::constants::N_BITS_RO;
-use crate::folding::circuits::nonnative::uint::NonNativeUintVar;
+use crate::folding::circuits::{nonnative::uint::NonNativeUintVar, CF2};
 use crate::Error;

 // public inputs length for the CycleFoldCircuit: |[r, p1.x,y, p2.x,y, p3.x,y]|
--- a/folding-schemes/src/folding/nova/decider_eth.rs
+++ b/folding-schemes/src/folding/nova/decider_eth.rs
@@ -11,13 +11,13 @@ use ark_std::{One, Zero};
 use core::marker::PhantomData;

 pub use super::decider_eth_circuit::{DeciderEthCircuit, KZGChallengesGadget};
-use super::{circuits::CF2, nifs::NIFS, CommittedInstance, Nova};
+use super::{nifs::NIFS, CommittedInstance, Nova};
 use crate::commitment::{
    kzg::{Proof as KZGProof, KZG},
    pedersen::Params as PedersenParams,
    CommitmentScheme,
 };
-use crate::folding::circuits::nonnative::affine::NonNativeAffineVar;
+use crate::folding::circuits::{nonnative::affine::NonNativeAffineVar, CF2};
 use crate::frontend::FCircuit;
 use crate::Error;
 use crate::{Decider as DeciderTrait, FoldingScheme};
--- a/folding-schemes/src/folding/nova/decider_eth_circuit.rs
+++ b/folding-schemes/src/folding/nova/decider_eth_circuit.rs
@@ -22,14 +22,14 @@ use core::{borrow::Borrow, marker::PhantomData};
 use super::{circuits::ChallengeGadget, nifs::NIFS};
 use crate::ccs::r1cs::R1CS;
 use crate::commitment::{pedersen::Params as PedersenParams, CommitmentScheme};
-use crate::folding::circuits::nonnative::{
-    affine::{nonnative_affine_to_field_elements, NonNativeAffineVar},
-    uint::NonNativeUintVar,
-};
-use crate::folding::nova::{
-    circuits::{CommittedInstanceVar, CF1, CF2},
-    CommittedInstance, Nova, Witness,
+use crate::folding::circuits::{
+    nonnative::{
+        affine::{nonnative_affine_to_field_elements, NonNativeAffineVar},
+        uint::NonNativeUintVar,
+    },
+    CF1, CF2,
 };
+use crate::folding::nova::{circuits::CommittedInstanceVar, CommittedInstance, Nova, Witness};
 use crate::frontend::FCircuit;
 use crate::transcript::{
    poseidon::{PoseidonTranscript, PoseidonTranscriptVar},
--- a/folding-schemes/src/folding/nova/mod.rs
+++ b/folding-schemes/src/folding/nova/mod.rs
@@ -15,8 +15,11 @@ use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystem};

 use crate::ccs::r1cs::{extract_r1cs, extract_w_x, R1CS};
 use crate::commitment::CommitmentScheme;
-use crate::folding::circuits::nonnative::{
-    affine::nonnative_affine_to_field_elements, uint::nonnative_field_to_field_elements,
+use crate::folding::circuits::{
+    nonnative::{
+        affine::nonnative_affine_to_field_elements, uint::nonnative_field_to_field_elements,
+    },
+    CF2,
 };
 use crate::frontend::FCircuit;
 use crate::utils::vec::is_zero_vec;
@@ -30,7 +33,7 @@ pub mod decider_eth_circuit;
 pub mod nifs;
 pub mod traits;

-use circuits::{AugmentedFCircuit, ChallengeGadget, CF2};
+use circuits::{AugmentedFCircuit, ChallengeGadget};
 use cyclefold::{CycleFoldChallengeGadget, CycleFoldCircuit};
 use nifs::NIFS;
 use traits::NovaR1CS;