Implement Nova's NIFS.Verify circuits (with CycleFold) (#11)

* Implement Nova's NIFS.Verify circuits (with CycleFold) - Add circuit for NIFS.Verify on the main curve to check the folded `u` & `x` - Add circuit for NIFS.Verify on the CycleFold's auxiliary curve to check the folded `cm(E)` & `cm(W)` - Add transcript.get_challenge_nbits - Add tests for utils::vec.rs * replace bls12-377 & bw6-761 by pallas & vesta curves (only affects tests) We will use pallas & vesta curves (for tests only, the non-tests code uses generics) for the logic that does not require pairings, and while Grumpkin is not available (https://github.com/privacy-scaling-explorations/folding-schemes/issues/12). * update links to papers to markdown style
2026-01-12 00:41:28 +01:00 · 2023-09-05 17:17:59 +02:00
parent 9ae046c4fc
commit d9887af535
16 changed files with 480 additions and 87 deletions
--- a/src/ccs/mod.rs
+++ b/src/ccs/mod.rs
@@ -10,12 +10,12 @@ pub mod r1cs;
 use r1cs::R1CS;

 /// CCS represents the Customizable Constraint Systems structure defined in
-/// https://eprint.iacr.org/2023/552
+/// the [CCS paper](https://eprint.iacr.org/2023/552)
 #[derive(Debug, Clone, Eq, PartialEq)]
 pub struct CCS<C: CurveGroup> {
-    /// m: number of columns in M_i (such that M_i \in F^{m, n})
+    /// m: number of rows in M_i (such that M_i \in F^{m, n})
    pub m: usize,
-    /// n = |z|, number of rows in M_i
+    /// n = |z|, number of cols in M_i
    pub n: usize,
    /// l = |io|, size of public input/output
    pub l: usize,
@@ -73,13 +73,13 @@ impl<C: CurveGroup> CCS<C> {
 }

 impl<C: CurveGroup> CCS<C> {
-    pub fn from_r1cs(r1cs: R1CS<C::ScalarField>, io_len: usize) -> Self {
-        let m = r1cs.A.n_cols;
-        let n = r1cs.A.n_rows;
+    pub fn from_r1cs(r1cs: R1CS<C::ScalarField>) -> Self {
+        let m = r1cs.A.n_rows;
+        let n = r1cs.A.n_cols;
        CCS {
            m,
            n,
-            l: io_len,
+            l: r1cs.l,
            s: log2(m) as usize,
            s_prime: log2(n) as usize,
            t: 3,
@@ -105,17 +105,17 @@ impl<C: CurveGroup> CCS<C> {
 mod tests {
    use super::*;
    use crate::ccs::r1cs::tests::{get_test_r1cs, get_test_z};
-    use ark_bls12_377::G1Projective;
+    use ark_pallas::Projective;

    pub fn get_test_ccs<C: CurveGroup>() -> CCS<C> {
        let r1cs = get_test_r1cs::<C::ScalarField>();
-        CCS::<C>::from_r1cs(r1cs, 1)
+        CCS::<C>::from_r1cs(r1cs)
    }

    /// Test that a basic CCS relation can be satisfied
    #[test]
    fn test_ccs_relation() {
-        let ccs = get_test_ccs::<G1Projective>();
+        let ccs = get_test_ccs::<Projective>();
        let z = get_test_z(3);

        ccs.check_relation(&z).unwrap();
--- a/src/ccs/r1cs.rs
+++ b/src/ccs/r1cs.rs
@@ -19,24 +19,7 @@ impl<F: PrimeField> R1CS<F> {
 #[cfg(test)]
 pub mod tests {
    use super::*;
-
-    pub fn to_F_matrix<F: PrimeField>(M: Vec<Vec<usize>>) -> Vec<Vec<F>> {
-        let mut R: Vec<Vec<F>> = vec![Vec::new(); M.len()];
-        for i in 0..M.len() {
-            R[i] = vec![F::zero(); M[i].len()];
-            for j in 0..M[i].len() {
-                R[i][j] = F::from(M[i][j] as u64);
-            }
-        }
-        R
-    }
-    pub fn to_F_vec<F: PrimeField>(z: Vec<usize>) -> Vec<F> {
-        let mut r: Vec<F> = vec![F::zero(); z.len()];
-        for i in 0..z.len() {
-            r[i] = F::from(z[i] as u64);
-        }
-        r
-    }
+    use crate::utils::vec::tests::{to_F_matrix, to_F_vec};

    pub fn get_test_r1cs<F: PrimeField>() -> R1CS<F> {
        // R1CS for: x^3 + x + 5 = y (example from article
@@ -72,8 +55,6 @@ pub mod tests {
            input * input,                     // x^2
            input * input * input,             // x^2 * x
            input * input * input + input,     // x^3 + x
-            0,                                 // pad to pow of 2
-            0,
        ])
    }
 }