Onchain decider circuit for Protogalaxy (#145)

* Move r1cs and ccs to standalone folders * Simplify type bounds of SparseMatrixVar * Implement `EquivalenceGadget` trait for `FpVar` and `NonNativeUintVar`. Together with the existing `MatrixGadget` and `VectorGadget`, we can now use the same logic for checking R1CS satisfiability of `R1CSVar` both natively and non-natively. * Simplify trait bounds * Implement `ArithGadget` for `R1CSMatricesVar` and `CCSMatricesVar` * `PedersenGadget::commit` now takes slices as input * Structs for proofs and auxiliary values in protogalaxy * `u` in LCCCS should be `z[0]` * `Inputize` trait * Generic decider circuits * Verifier should check the commitments in committed instances * Update the comments according to the new docs * Fix examples * Add `DeciderEnabledNIFS::fold_group_elements_native` to wrap code for folding commitments * Fix incorrect endian * Format * Get rid of `unwrap` when possible
2026-01-19 20:31:35 +01:00 · 2024-11-04 17:34:50 +08:00
parent 6d8f297f11
commit b812dd66df
46 changed files with 2735 additions and 2408 deletions
--- a/folding-schemes/src/folding/nova/traits.rs
+++ b/folding-schemes/src/folding/nova/traits.rs
@@ -1,11 +1,18 @@
 use ark_ec::CurveGroup;
+use ark_r1cs_std::fields::fp::FpVar;
+use ark_relations::r1cs::SynthesisError;
 use ark_std::{rand::RngCore, UniformRand};

+use super::circuits::CommittedInstanceVar;
+use super::decider_eth_circuit::WitnessVar;
 use super::{CommittedInstance, Witness};
-use crate::arith::ArithSampler;
-use crate::arith::{r1cs::R1CS, Arith};
+use crate::arith::{
+    r1cs::{circuits::R1CSMatricesVar, R1CS},
+    Arith, ArithGadget, ArithSampler,
+};
 use crate::commitment::CommitmentScheme;
 use crate::folding::circuits::CF1;
+use crate::utils::gadgets::{EquivalenceGadget, VectorGadget};
 use crate::Error;

 /// Implements `Arith` for R1CS, where the witness is of type [`Witness`], and
@@ -95,3 +102,25 @@ impl<C: CurveGroup> ArithSampler<C, Witness<C>, CommittedInstance<C>> for R1CS<C
        Ok((witness, cm_witness))
    }
 }
+
+impl<C: CurveGroup> ArithGadget<WitnessVar<C>, CommittedInstanceVar<C>>
+    for R1CSMatricesVar<C::ScalarField, FpVar<C::ScalarField>>
+{
+    type Evaluation = (Vec<FpVar<C::ScalarField>>, Vec<FpVar<C::ScalarField>>);
+
+    fn eval_relation(
+        &self,
+        w: &WitnessVar<C>,
+        u: &CommittedInstanceVar<C>,
+    ) -> Result<Self::Evaluation, SynthesisError> {
+        self.eval_at_z(&[&[u.u.clone()][..], &u.x, &w.W].concat())
+    }
+
+    fn enforce_evaluation(
+        w: &WitnessVar<C>,
+        _u: &CommittedInstanceVar<C>,
+        (AzBz, uCz): Self::Evaluation,
+    ) -> Result<(), SynthesisError> {
+        EquivalenceGadget::<C::ScalarField>::enforce_equivalent(&AzBz[..], &uCz.add(&w.E)?[..])
+    }
+}