* Add KZG commitment scheme adapted to vector commitment
Add KZG commitment scheme adapted to vector commitment
Also move the `src/pedersen.rs` into `src/commitment/pedersen.rs` where
it will coexist with `kzg.rs` and the trait defined in
`src/commitment/mod.rs`.
* Adapt Pedersen into the new CommitmentProver trait
* add CommitmentProver (Pedersen&KZG) homomorphic property test
* polishing
* Use divide_with_q_and_r, rename skip_first_zero_coeffs
Co-authored-by: han0110 <tinghan0110@gmail.com>
---------
Co-authored-by: han0110 <tinghan0110@gmail.com>
Port ProtoGalaxy initial version from
https://github.com/arnaucube/protogalaxy-poc adapting it to the current
folding-schemes lib, which is a first iteration that implements the
Lagrange-basis version from
[ProtoGalaxy](https://eprint.iacr.org/2023/1106) folding scheme. There
are some pending optimizations, but is a first step towards integrating
ProtoGalaxy in the library.
* Implement Nova IVC's new & prove_step methods
Implement Nova IVC's new & prove_step methods (without CycleFold part yet)
* transcript.absorb_point err handling, and update C.xy() usage
* add transcript usage to IVC prove, add NovaTranscript trait extending Transcript trait, refactor NIFS.P to allow absorbing in transcript inbetween
* Implement Nova's IVC.V method (without CycleFold part yet)
* clippy lints
* move challenge r computation in-circuit
* reuse computed points with coordinates over CF (non-native) to save constraints in AugmentedFCircuit
(constraint count went down ~6k)
* rm 128 bit constant
* add params to Errors
* Updates from review suggestions. Additionally refactored nova/nifs fold, and rm transcript from nova/IVC.
- Updates from PR suggestions
- Additionally updated:
- in nova/nifs.rs: reuse folded_committed_instance for verify_folded_instance, computationally is the same, but reusing the same code so avoiding duplication and having an error on one of the two versions.
- in nova/ivc.rs: remove transcript from IVC (not needed, it uses the RO)
- Add naive decider circuit `RelaxedR1CSGadget`, which in-circuit checks
that the given z satisfies the given RelaxedR1CS instance
- Add method to relax the R1CS instance
- Add check_relation (for testing only) to R1CS & RelaxedR1CS
- Migrate from own SparseMatrix to use ark_relations::r1cs::Matrix
- Add frontend helper to use arkworks circuits
* Implement Nova's NIFS.Verify circuits (with CycleFold)
- Add circuit for NIFS.Verify on the main curve to check the folded `u`
& `x`
- Add circuit for NIFS.Verify on the CycleFold's auxiliary curve to
check the folded `cm(E)` & `cm(W)`
- Add transcript.get_challenge_nbits
- Add tests for utils::vec.rs
* replace bls12-377 & bw6-761 by pallas & vesta curves (only affects tests)
We will use pallas & vesta curves (for tests only, the non-tests code
uses generics) for the logic that does not require pairings, and while
Grumpkin is not available
(https://github.com/privacy-scaling-explorations/folding-schemes/issues/12).
* update links to papers to markdown style
* feat: draft traits `FoldingScheme` and `Decider`
Co-authored-by: arnaucube <root@arnaucube.com>
* Add Transcript trait, with PoseidonTranscript impl (#1)
Add also the PoseidonTranscriptVar (gadget).
* Update FoldingScheme trait to take C1 & C2 as params (#2)
* Update FoldingScheme trait to take C1 & C2 as params
Update FoldingScheme trait to take C1 & C2 as params which are used by
the diverse folding schemes as a cycle of curves.
* Add constraint to FoldingScheme C1,C2 fields swap.
Co-authored-by: Han <tinghan0110@gmail.com>
---------
Co-authored-by: Han <tinghan0110@gmail.com>
* move transcript to it's own mod
---------
Co-authored-by: han0110 <tinghan0110@gmail.com>
arnaucube
Pierre
arnaucube