|
@ -6,7 +6,7 @@ use ark_crypto_primitives::{ |
|
|
};
|
|
|
};
|
|
|
use ark_ec::{AffineRepr, CurveGroup, Group};
|
|
|
use ark_ec::{AffineRepr, CurveGroup, Group};
|
|
|
use ark_ff::{BigInteger, PrimeField};
|
|
|
use ark_ff::{BigInteger, PrimeField};
|
|
|
use ark_r1cs_std::{groups::GroupOpsBounds, prelude::CurveVar};
|
|
|
|
|
|
|
|
|
use ark_r1cs_std::{groups::GroupOpsBounds, prelude::CurveVar, ToConstraintFieldGadget};
|
|
|
use ark_std::fmt::Debug;
|
|
|
use ark_std::fmt::Debug;
|
|
|
use ark_std::{One, Zero};
|
|
|
use ark_std::{One, Zero};
|
|
|
use core::marker::PhantomData;
|
|
|
use core::marker::PhantomData;
|
|
@ -160,7 +160,7 @@ pub struct VerifierParams { |
|
|
pub struct Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
pub struct Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
where
|
|
|
where
|
|
|
C1: CurveGroup,
|
|
|
C1: CurveGroup,
|
|
|
GC1: CurveVar<C1, CF2<C1>>,
|
|
|
|
|
|
|
|
|
GC1: CurveVar<C1, CF2<C1>> + ToConstraintFieldGadget<CF2<C1>>,
|
|
|
C2: CurveGroup,
|
|
|
C2: CurveGroup,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
@ -201,7 +201,7 @@ impl FoldingScheme |
|
|
for Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
for Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
where
|
|
|
where
|
|
|
C1: CurveGroup,
|
|
|
C1: CurveGroup,
|
|
|
GC1: CurveVar<C1, CF2<C1>>,
|
|
|
|
|
|
|
|
|
GC1: CurveVar<C1, CF2<C1>> + ToConstraintFieldGadget<CF2<C1>>,
|
|
|
C2: CurveGroup,
|
|
|
C2: CurveGroup,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
@ -289,8 +289,6 @@ where |
|
|
/// Implements IVC.P of Nova+CycleFold
|
|
|
/// Implements IVC.P of Nova+CycleFold
|
|
|
fn prove_step(&mut self) -> Result<(), Error> {
|
|
|
fn prove_step(&mut self) -> Result<(), Error> {
|
|
|
let augmented_F_circuit: AugmentedFCircuit<C1, C2, GC2, FC>;
|
|
|
let augmented_F_circuit: AugmentedFCircuit<C1, C2, GC2, FC>;
|
|
|
let cfW_circuit: CycleFoldCircuit<C1, GC1>;
|
|
|
|
|
|
let cfE_circuit: CycleFoldCircuit<C1, GC1>;
|
|
|
|
|
|
|
|
|
|
|
|
if self.i > C1::ScalarField::from_le_bytes_mod_order(&std::usize::MAX.to_le_bytes()) {
|
|
|
if self.i > C1::ScalarField::from_le_bytes_mod_order(&std::usize::MAX.to_le_bytes()) {
|
|
|
return Err(Error::MaxStep);
|
|
|
return Err(Error::MaxStep);
|
|
@ -313,6 +311,8 @@ where |
|
|
)?;
|
|
|
)?;
|
|
|
let r_Fr = C1::ScalarField::from_bigint(BigInteger::from_bits_le(&r_bits))
|
|
|
let r_Fr = C1::ScalarField::from_bigint(BigInteger::from_bits_le(&r_bits))
|
|
|
.ok_or(Error::OutOfBounds)?;
|
|
|
.ok_or(Error::OutOfBounds)?;
|
|
|
|
|
|
let r_Fq = C1::BaseField::from_bigint(BigInteger::from_bits_le(&r_bits))
|
|
|
|
|
|
.ok_or(Error::OutOfBounds)?;
|
|
|
|
|
|
|
|
|
// fold Nova instances
|
|
|
// fold Nova instances
|
|
|
let (W_i1, U_i1): (Witness<C1>, CommittedInstance<C1>) = NIFS::<C1, CS1>::fold_instances(
|
|
|
let (W_i1, U_i1): (Witness<C1>, CommittedInstance<C1>) = NIFS::<C1, CS1>::fold_instances(
|
|
@ -340,6 +340,7 @@ where |
|
|
u_i: Some(self.u_i.clone()), // = dummy
|
|
|
u_i: Some(self.u_i.clone()), // = dummy
|
|
|
U_i: Some(self.U_i.clone()), // = dummy
|
|
|
U_i: Some(self.U_i.clone()), // = dummy
|
|
|
U_i1: Some(U_i1.clone()),
|
|
|
U_i1: Some(U_i1.clone()),
|
|
|
|
|
|
r_nonnat: Some(r_Fq),
|
|
|
cmT: Some(cmT),
|
|
|
cmT: Some(cmT),
|
|
|
F: self.F.clone(),
|
|
|
F: self.F.clone(),
|
|
|
x: Some(u_i1_x),
|
|
|
x: Some(u_i1_x),
|
|
@ -361,6 +362,7 @@ where |
|
|
// get the vector used as public inputs 'x' in the CycleFold circuit
|
|
|
// get the vector used as public inputs 'x' in the CycleFold circuit
|
|
|
// cyclefold circuit for cmW
|
|
|
// cyclefold circuit for cmW
|
|
|
let cfW_u_i_x = [
|
|
|
let cfW_u_i_x = [
|
|
|
|
|
|
vec![r_Fq],
|
|
|
get_cm_coordinates(&self.U_i.cmW),
|
|
|
get_cm_coordinates(&self.U_i.cmW),
|
|
|
get_cm_coordinates(&self.u_i.cmW),
|
|
|
get_cm_coordinates(&self.u_i.cmW),
|
|
|
get_cm_coordinates(&U_i1.cmW),
|
|
|
get_cm_coordinates(&U_i1.cmW),
|
|
@ -368,13 +370,14 @@ where |
|
|
.concat();
|
|
|
.concat();
|
|
|
// cyclefold circuit for cmE
|
|
|
// cyclefold circuit for cmE
|
|
|
let cfE_u_i_x = [
|
|
|
let cfE_u_i_x = [
|
|
|
|
|
|
vec![r_Fq],
|
|
|
get_cm_coordinates(&self.U_i.cmE),
|
|
|
get_cm_coordinates(&self.U_i.cmE),
|
|
|
get_cm_coordinates(&self.u_i.cmE),
|
|
|
|
|
|
|
|
|
get_cm_coordinates(&cmT),
|
|
|
get_cm_coordinates(&U_i1.cmE),
|
|
|
get_cm_coordinates(&U_i1.cmE),
|
|
|
]
|
|
|
]
|
|
|
.concat();
|
|
|
.concat();
|
|
|
|
|
|
|
|
|
cfW_circuit = CycleFoldCircuit::<C1, GC1> {
|
|
|
|
|
|
|
|
|
let cfW_circuit = CycleFoldCircuit::<C1, GC1> {
|
|
|
_gc: PhantomData,
|
|
|
_gc: PhantomData,
|
|
|
r_bits: Some(r_bits.clone()),
|
|
|
r_bits: Some(r_bits.clone()),
|
|
|
p1: Some(self.U_i.clone().cmW),
|
|
|
p1: Some(self.U_i.clone().cmW),
|
|
@ -382,7 +385,7 @@ where |
|
|
p3: Some(U_i1.clone().cmW),
|
|
|
p3: Some(U_i1.clone().cmW),
|
|
|
x: Some(cfW_u_i_x.clone()),
|
|
|
x: Some(cfW_u_i_x.clone()),
|
|
|
};
|
|
|
};
|
|
|
cfE_circuit = CycleFoldCircuit::<C1, GC1> {
|
|
|
|
|
|
|
|
|
let cfE_circuit = CycleFoldCircuit::<C1, GC1> {
|
|
|
_gc: PhantomData,
|
|
|
_gc: PhantomData,
|
|
|
r_bits: Some(r_bits.clone()),
|
|
|
r_bits: Some(r_bits.clone()),
|
|
|
p1: Some(self.U_i.clone().cmE),
|
|
|
p1: Some(self.U_i.clone().cmE),
|
|
@ -413,6 +416,7 @@ where |
|
|
u_i: Some(self.u_i.clone()),
|
|
|
u_i: Some(self.u_i.clone()),
|
|
|
U_i: Some(self.U_i.clone()),
|
|
|
U_i: Some(self.U_i.clone()),
|
|
|
U_i1: Some(U_i1.clone()),
|
|
|
U_i1: Some(U_i1.clone()),
|
|
|
|
|
|
r_nonnat: Some(r_Fq),
|
|
|
cmT: Some(cmT),
|
|
|
cmT: Some(cmT),
|
|
|
F: self.F.clone(),
|
|
|
F: self.F.clone(),
|
|
|
x: Some(u_i1_x),
|
|
|
x: Some(u_i1_x),
|
|
@ -539,7 +543,7 @@ where |
|
|
impl<C1, GC1, C2, GC2, FC, CS1, CS2> Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
impl<C1, GC1, C2, GC2, FC, CS1, CS2> Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
where
|
|
|
where
|
|
|
C1: CurveGroup,
|
|
|
C1: CurveGroup,
|
|
|
GC1: CurveVar<C1, CF2<C1>>,
|
|
|
|
|
|
|
|
|
GC1: CurveVar<C1, CF2<C1>> + ToConstraintFieldGadget<CF2<C1>>,
|
|
|
C2: CurveGroup,
|
|
|
C2: CurveGroup,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
@ -583,7 +587,7 @@ where |
|
|
impl<C1, GC1, C2, GC2, FC, CS1, CS2> Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
impl<C1, GC1, C2, GC2, FC, CS1, CS2> Nova<C1, GC1, C2, GC2, FC, CS1, CS2>
|
|
|
where
|
|
|
where
|
|
|
C1: CurveGroup,
|
|
|
C1: CurveGroup,
|
|
|
GC1: CurveVar<C1, CF2<C1>>,
|
|
|
|
|
|
|
|
|
GC1: CurveVar<C1, CF2<C1>> + ToConstraintFieldGadget<CF2<C1>>,
|
|
|
C2: CurveGroup,
|
|
|
C2: CurveGroup,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
@ -674,7 +678,7 @@ pub fn get_r1cs( |
|
|
) -> Result<(R1CS<C1::ScalarField>, R1CS<C2::ScalarField>), Error>
|
|
|
) -> Result<(R1CS<C1::ScalarField>, R1CS<C2::ScalarField>), Error>
|
|
|
where
|
|
|
where
|
|
|
C1: CurveGroup,
|
|
|
C1: CurveGroup,
|
|
|
GC1: CurveVar<C1, CF2<C1>>,
|
|
|
|
|
|
|
|
|
GC1: CurveVar<C1, CF2<C1>> + ToConstraintFieldGadget<CF2<C1>>,
|
|
|
C2: CurveGroup,
|
|
|
C2: CurveGroup,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
@ -702,7 +706,7 @@ pub fn get_cs_params_len( |
|
|
) -> Result<(usize, usize), Error>
|
|
|
) -> Result<(usize, usize), Error>
|
|
|
where
|
|
|
where
|
|
|
C1: CurveGroup,
|
|
|
C1: CurveGroup,
|
|
|
GC1: CurveVar<C1, CF2<C1>>,
|
|
|
|
|
|
|
|
|
GC1: CurveVar<C1, CF2<C1>> + ToConstraintFieldGadget<CF2<C1>>,
|
|
|
C2: CurveGroup,
|
|
|
C2: CurveGroup,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
GC2: CurveVar<C2, CF2<C2>>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
|
FC: FCircuit<C1::ScalarField>,
|
|
@ -718,7 +722,8 @@ where |
|
|
Ok((r1cs.A.n_rows, cf_r1cs.A.n_rows))
|
|
|
Ok((r1cs.A.n_rows, cf_r1cs.A.n_rows))
|
|
|
}
|
|
|
}
|
|
|
|
|
|
|
|
|
/// returns the coordinates of a commitment point
|
|
|
|
|
|
|
|
|
/// returns the coordinates of a commitment point. This is compatible with the arkworks
|
|
|
|
|
|
/// GC.to_constraint_field()[..2]
|
|
|
pub(crate) fn get_cm_coordinates<C: CurveGroup>(cm: &C) -> Vec<C::BaseField> {
|
|
|
pub(crate) fn get_cm_coordinates<C: CurveGroup>(cm: &C) -> Vec<C::BaseField> {
|
|
|
let zero = (&C::BaseField::zero(), &C::BaseField::one());
|
|
|
let zero = (&C::BaseField::zero(), &C::BaseField::one());
|
|
|
let cm = cm.into_affine();
|
|
|
let cm = cm.into_affine();
|
|
|