Link committed instances and r to the public input x in cyclefold circuit (#81)

* CycleFold circuit: link r,U_i,u_i point coords as inputs * DeciderEth::prove: rm repeated cmT, r, W_i1 computation
2026-01-20 21:01:34 +01:00 · 2024-04-04 09:58:26 +02:00
parent fe9a488f63
commit b8db622a08
7 changed files with 73 additions and 88 deletions
--- a/folding-schemes/src/folding/nova/decider_eth.rs
+++ b/folding-schemes/src/folding/nova/decider_eth.rs
@@ -1,20 +1,16 @@
 /// This file implements the onchain (Ethereum's EVM) decider.
-use ark_crypto_primitives::sponge::{poseidon::PoseidonConfig, Absorb};
+use ark_crypto_primitives::sponge::Absorb;
 use ark_ec::{CurveGroup, Group};
-use ark_ff::{BigInteger, PrimeField};
+use ark_ff::PrimeField;
 use ark_r1cs_std::fields::nonnative::params::OptimizationType;
-use ark_r1cs_std::{groups::GroupOpsBounds, prelude::CurveVar};
+use ark_r1cs_std::{groups::GroupOpsBounds, prelude::CurveVar, ToConstraintFieldGadget};
 use ark_snark::SNARK;
 use ark_std::rand::{CryptoRng, RngCore};
 use ark_std::Zero;
 use core::marker::PhantomData;

 pub use super::decider_eth_circuit::{DeciderEthCircuit, KZGChallengesGadget};
-use super::{
-    circuits::{ChallengeGadget, CF2},
-    nifs::NIFS,
-    CommittedInstance, Nova, Witness,
-};
+use super::{circuits::CF2, nifs::NIFS, CommittedInstance, Nova};
 use crate::commitment::{
    kzg::Proof as KZGProof, pedersen::Params as PedersenParams, CommitmentScheme,
 };
@@ -60,7 +56,7 @@ impl<C1, GC1, C2, GC2, FC, CS1, CS2, S, FS> DeciderTrait<C1, C2, FC, FS>
 where
    C1: CurveGroup,
    C2: CurveGroup,
-    GC1: CurveVar<C1, CF2<C1>>,
+    GC1: CurveVar<C1, CF2<C1>> + ToConstraintFieldGadget<CF2<C1>>,
    GC2: CurveVar<C2, CF2<C2>>,
    FC: FCircuit<C1::ScalarField>,
    CS1: CommitmentScheme<
@@ -82,11 +78,7 @@ where
    // constrain FS into Nova, since this is a Decider specifically for Nova
    Nova<C1, GC1, C2, GC2, FC, CS1, CS2>: From<FS>,
 {
-    type ProverParam = (
-        PoseidonConfig<C1::ScalarField>,
-        S::ProvingKey,
-        CS1::ProverParams,
-    );
+    type ProverParam = (S::ProvingKey, CS1::ProverParams);
    type Proof = Proof<C1, CS1, S>;
    type VerifierParam = (S::VerifyingKey, CS1::VerifierParams);
    type PublicInput = Vec<C1::ScalarField>;
@@ -98,11 +90,7 @@ where
        mut rng: impl RngCore + CryptoRng,
        folding_scheme: FS,
    ) -> Result<Self::Proof, Error> {
-        let (poseidon_config, snark_pk, cs_pk): (
-            PoseidonConfig<C1::ScalarField>,
-            S::ProvingKey,
-            CS1::ProverParams,
-        ) = pp;
+        let (snark_pk, cs_pk): (S::ProvingKey, CS1::ProverParams) = pp;

        let circuit = DeciderEthCircuit::<C1, GC1, C2, GC2, CS1, CS2>::from_nova::<FC>(
            folding_scheme.into(),
@@ -111,35 +99,9 @@ where
        let snark_proof = S::prove(&snark_pk, circuit.clone(), &mut rng)
            .map_err(|e| Error::Other(e.to_string()))?;

-        let U_i = circuit
-            .U_i
-            .clone()
-            .ok_or(Error::MissingValue("U_i".to_string()))?;
-        let W_i = circuit
-            .W_i
-            .clone()
-            .ok_or(Error::MissingValue("W_i".to_string()))?;
-        let u_i = circuit
-            .u_i
-            .clone()
-            .ok_or(Error::MissingValue("u_i".to_string()))?;
-        let w_i = circuit
-            .w_i
-            .clone()
-            .ok_or(Error::MissingValue("w_i".to_string()))?;
-
-        // compute NIFS.P((U_d, W_d), (u_d, w_d)) = (U_{d+1}, W_{d+1}, cmT)
-        let (T, cmT) = NIFS::<C1, CS1>::compute_cmT(&cs_pk, &circuit.r1cs, &w_i, &u_i, &W_i, &U_i)?;
-        let r_bits = ChallengeGadget::<C1>::get_challenge_native(
-            &poseidon_config,
-            U_i.clone(),
-            u_i.clone(),
-            cmT,
-        )?;
-        let r_Fr = C1::ScalarField::from_bigint(BigInteger::from_bits_le(&r_bits))
-            .ok_or(Error::OutOfBounds)?;
-        let (W_i1, _): (Witness<C1>, CommittedInstance<C1>) =
-            NIFS::<C1, CS1>::fold_instances(r_Fr, &W_i, &U_i, &w_i, &u_i, &T, cmT)?;
+        let cmT = circuit.cmT.unwrap();
+        let r_Fr = circuit.r.unwrap();
+        let W_i1 = circuit.W_i1.unwrap();

        // get the challenges that have been already computed when preparing the circuit inputs in
        // the above `from_nova` call
@@ -332,7 +294,7 @@ pub mod tests {

        // decider proof generation
        let start = Instant::now();
-        let decider_pp = (poseidon_config.clone(), g16_pk, kzg_pk);
+        let decider_pp = (g16_pk, kzg_pk);
        let proof = DECIDER::prove(decider_pp, rng, nova.clone()).unwrap();
        println!("Decider prove, {:?}", start.elapsed());