* add new NIFSGadgetTrait
* implement Mova's NIFSGadget
* refactor Nova NIFSGadget to fit into the new NIFSGadgetTrait
* abstract NIFSGadget related tests for all implementors of
NIFSGadgetTrait to avoid duplicated code in the tests between the
different Nova variants gadget tests
* frontends/noir update mimc usage since it has been migrated from
noir's std into it's own repo
* Move r1cs and ccs to standalone folders
* Simplify type bounds of SparseMatrixVar
* Implement `EquivalenceGadget` trait for `FpVar` and `NonNativeUintVar`.
Together with the existing `MatrixGadget` and `VectorGadget`, we can now use the same logic for checking R1CS satisfiability of `R1CSVar` both natively and non-natively.
* Simplify trait bounds
* Implement `ArithGadget` for `R1CSMatricesVar` and `CCSMatricesVar`
* `PedersenGadget::commit` now takes slices as input
* Structs for proofs and auxiliary values in protogalaxy
* `u` in LCCCS should be `z[0]`
* `Inputize` trait
* Generic decider circuits
* Verifier should check the commitments in committed instances
* Update the comments according to the new docs
* Fix examples
* Add `DeciderEnabledNIFS::fold_group_elements_native` to wrap code for folding commitments
* Fix incorrect endian
* Format
* Get rid of `unwrap` when possible
* Adding Mova
Co-Authored-By: Togzhan Barakbayeva <45527668+btogzhan2000@users.noreply.github.com>
Co-Authored-By: Ilia Vlasov <5365540+elijahvlasov@users.noreply.github.com>
Co-Authored-By: matthew-a-klein <96837318+matthew-a-klein@users.noreply.github.com>
* Fix CLI
* Updated from main
* Solution to stop the CLI from complaining about deadcode
PR comment
Co-authored-by: arnaucube <root@arnaucube.com>
* Requested changes and update from main
* Refactor NIFSTrait & port Mova impl to it
* refactor NIFSTrait interface to fit Nova variants (Nova,Mova,Ova)
Refactor NIFSTrait interface to fit Nova variants (Nova,Mova,Ova). The relevant
change is instead of passing the challenge as input, now it passes the
transcript and computes the challenges internally (Nova & Ova still compute a
single challenge, but Mova computes multiple while absorbing at different
steps).
* port Mova impl to the NIFSTrait
* remove unnecessary wrappers in the nova/zk.rs
* remove Nova NIFS methods that are no longer needed after the refactor
* put together the different NIFS implementations (Nova, Mova, Ova) so
that they can interchanged at usage.
The idea is that Nova and its variants (Ova & Mova) share most of the
logic for the circuits & IVC & Deciders, so with the abstracted NIFS
interface we will be able to reuse most of the already existing Nova
code for having the Mova & Ova circuits, IVC, and Decider.
* adapt Nova's DeciderEth prepare_calldata & update examples to it
* small update to fix solidity tests
---------
Co-authored-by: Togzhan Barakbayeva <45527668+btogzhan2000@users.noreply.github.com>
Co-authored-by: Ilia Vlasov <5365540+elijahvlasov@users.noreply.github.com>
Co-authored-by: matthew-a-klein <96837318+matthew-a-klein@users.noreply.github.com>
Co-authored-by: arnaucube <root@arnaucube.com>
Co-authored-by: arnaucube <git@arnaucube.com>
* add NIFS trait abstraction (based on the needs for Nova, Mova, Ova), defining a common interface between the three Nova variants
The recent Ova NIFS PR #163 (https://github.com/privacy-scaling-explorations/sonobe/pull/163)
and Mova NIFS PR #161 (https://github.com/privacy-scaling-explorations/sonobe/pull/161)
PRs add Nova NIFS variants implementations which differ from Nova in the
logic done for the `E` error terms of the instances.
The current Ova implementation (https://github.com/privacy-scaling-explorations/sonobe/pull/163)
is based on the existing Nova NIFS code base and adds the modifications
to the `E` logic on top of it, and thus duplicating the code. Similarly
for the Mova NIFS impl.
The rest of the Mova & Ova schemes logic that is not yet implemented is
pretty similar to Nova one (ie. the IVC logic, the circuits and the
Decider), so ideally that can be done reusing most of the already
existing Nova code without duplicating it. This PR is a first step in
that direction for the existing Ova NIFS code.
This commit adds the NIFS trait abstraction with the idea of allowing to
reduce the amount of duplicated code for the Ova's NIFS impl on top of
the Nova's code.
* add Ova variant on top of the new NIFS trait abstraction
This is done from the existing Ova implementation at
`folding/ova/{mod.rs,nofs.rs}`, but removing when possible code that is not
needed or duplicated from the Nova logic.
* rm old Ova duplicated code
This commit combined with the other ones (add nifs abstraction & port
Ova to the nifs abstraction) allows to effectively get rid of ~400 lines
of code that were duplicated in the Ova NIFS impl from the Nova impl.
* small polishing & rebase to latest `main` branch updates
* feat: Basic Ova NIFS impl working
The implementation follows the spec outlined by Bunz in:
https://hackmd.io/V4838nnlRKal9ZiTHiGYzw?view.
With this, the NIFS works and passes all tests.
* chore: Resolve all TODOs and warnings
* add: Docs for the NIMFS of the scheme and related structs
* chore: update imports
* add: Docs for all Ova NIFS functions
* fix: Unify nomenclature for all variables and elements within NIFS tests
* fix: Uniformize instance order in fn calls
* chore: pass clippy
* chore: clear all clippy findings in tests
* chore: Remove `mimc` from spelling checks
* chore: Address PR reviews
* `Dummy` trait
* More generic design for `Arith`
* Distinguish between incoming and running instances in ProtoGalaxy
* Format
* Fix unit test
* Fix incorrect arguments supplied to `CycleFoldWitness::dummy`
* `RUNNING` and `INCOMING` constants
* Better name and docs for `eval_core`
* More docs for `Arith` methods and implementations
* Fix missing imports
* Parallelize vector and matrix operations
* Implement convenient methods for `NonNativeAffineVar`
* Return `L_X_evals` and intermediate `phi_star`s from ProtoGalaxy prover.
These values will be used as hints to the augmented circuit
* Correctly use number of variables, number of constraints, and `t`
* Fix the size of `F_coeffs` and `K_coeffs` for in-circuit consistency
* Improve prover's performance
* Make `prepare_inputs` generic
* Remove redundant parameters in verifier
* Move `eval_f` to arith
* `u` is unnecessary in ProtoGalaxy
* Convert `RelaxedR1CS` to a trait that can be used in both Nova and ProtoGalaxy
* Implement several traits for ProtoGalaxy
* Move `FCircuit` impls to `utils.rs` and add `DummyCircuit`
* `AugmentedFCircuit` and ProtoGalaxy-based IVC
* Add explanations about IVC prover and in-circuit operations
* Avoid using unstable features
* Rename `PROTOGALAXY` to `PG` to make clippy happy
* Fix merge conflicts in `RelaxedR1CS::sample`
* Fix merge conflicts in `CycleFoldCircuit`
* Swap `m` and `n` for protogalaxy
* Add `#[cfg(test)]` to test-only util circuits
* Prefer unit struct over empty struct
* Add documents to `AugmentedFCircuit` for ProtoGalaxy
* Fix the names for CycleFold cricuits in ProtoGalaxy
* Fix usize conversion when targeting wasm
* Restrict the visibility of fields in `AugmentedFCircuit` to `pub(super)`
* Make CycleFold circuits and configs public
* Add docs for `ProverParams` and `VerifierParams`
* Refactor `pow_i`
* Fix imports
* Remove lint reasons
* Fix type inference
* feat: enable hiding commitments in nova and hypernova
* fix: set blinding values for witness vector
* fix: remove cloning of the cyclefold running instance
* fix: do not re-use blinding values between prove steps
* fix: specify whether the witness should use blinding values using a
const generic
* feat: create a `dummy` method for nova witnesses as well
* chore: clippy - removed unused imports
- implement hash of public params for Nova & HyperNova
- abstract pp_hash computation for folding schemes
- add pp_hash to solidity contract generator to verify the decider proof
- implement the IVC `FoldingScheme` trait for HyperNova
- refactor Nova's preprocess logic to make it simplier to use
- add to Decider trait (& Nova's DeciderEth) a preprocess method
- get rid of the `init_nova_ivc_params` and `init_ivc_and_decider_params` methods in `examples` since this is achieved with the `FS::preprocess` & `Decider::preprocess` methods
- (update the examples code to the simplified interface using
FS::preprocess & Decider::preprocess)
* change: Refactor structure into workspace
* chore: Add empty readme
* change: Transform repo into workspace
* add: Create folding-verifier-solidity crate
* add: Include askama.toml for `sol` extension escaper
* add: Jordi's old Groth16 verifier .sol template and adapt it
* tmp: create simple template struct to test
* Update FoldingSchemes trait, fit Nova+CycleFold
- update lib.rs's `FoldingScheme` trait interface
- fit Nova+CycleFold into the `FoldingScheme` trait
- refactor `src/nova/*`
* chore: add serialization assets for testing
Now we include an `assets` folder with a serialized proof & vk for tests
* Add `examples` dir, with Nova's `FoldingScheme` example
* polishing
* expose poseidon_test_config outside tests
* change: Refactor structure into workspace
* chore: Add empty readme
* change: Transform repo into workspace
* add: Create folding-verifier-solidity crate
* add: Include askama.toml for `sol` extension escaper
* add: Jordi's old Groth16 verifier .sol template and adapt it
* tmp: create simple template struct to test
* feat: templating kzg working
* chore: add emv and revm
* feat: start evm file
* chore: add ark-poly-commit
* chore: move `commitment` to `folding-schemes`
* chore: update `.gitignore` to ignore generated contracts
* chore: update template with bn254 lib on it (avoids import), update for loop to account for whitespaces
* refactor: update template with no lib
* feat: add evm deploy code, compile and create kzg verifier
* chore: update `Cargo.toml` to have `folding-schemes` available with verifiers
* feat: start kzg prove and verify with sol
* chore: compute crs from kzg prover
* feat: evm kzg verification passing
* tmp
* change: Swap order of G2 coordinates within the template
* Update way to serialize proof with correct order
* chore: update `Cargo.toml`
* chore: add revm
* chore: add `save_solidity`
* refactor: verifiers in dedicated mod
* refactor: have dedicated `utils` module
* chore: expose modules
* chore: update verifier for kzg
* chore: rename templates
* fix: look for binary using also name of contract
* refactor: generate groth16 proof for sha256 pre-image, generate groth16 template with verifying key
* chore: template renaming
* fix: switch circuit for circuit that simply adds
* feat: generates test data on the fly
* feat: update to latest groth16 verifier
* refactor: rename folder, update `.gitignore`
* chore: update `Cargo.toml`
* chore: update templates extension to indicate that they are templates
* chore: rename templates, both files and structs
* fix: template inheritance working
* feat: template spdx and pragma statements
* feat: decider verifier compiles, update test for kzg10 and groth16 templates
* feat: parameterize which size of the crs should be stored on the contract
* chore: add comment on how the groth16 and kzg10 proofs will be linked together
* chore: cargo clippy run
* chore: cargo clippy tests
* chore: cargo fmt
* refactor: remove unused lifetime parameter
* chore: end merge
* chore: move examples to `folding-schemes` workspace
* get latest main changes
* fix: temp fix clippy warnings, will remove lints once not used in tests only
* fix: cargo clippy lint added on `code_size`
* fix: update path to test circuit and add step for installing solc
* chore: remove `save_solidity` steps
* fix: the borrowed expression implements the required traits
* chore: update `Cargo.toml`
* chore: remove extra `[patch.crates-io]`
* fix: update to patch at the workspace level and add comment explaining this
* refactor: correct `staticcall` with valid input/output sizes and change return syntax for pairing
* refactor: expose modules and remove `dead_code` calls
* chore: update `README.md`, add additional comments on `kzg10` template and update `groth16` template comments
* chore: be clearer on attributions on `kzg10`
---------
Co-authored-by: CPerezz <c.perezbaro@gmail.com>
Co-authored-by: arnaucube <root@arnaucube.com>
* Implement Nova IVC's new & prove_step methods
Implement Nova IVC's new & prove_step methods (without CycleFold part yet)
* transcript.absorb_point err handling, and update C.xy() usage
* add transcript usage to IVC prove, add NovaTranscript trait extending Transcript trait, refactor NIFS.P to allow absorbing in transcript inbetween
* Implement Nova's IVC.V method (without CycleFold part yet)
* clippy lints
* move challenge r computation in-circuit
* reuse computed points with coordinates over CF (non-native) to save constraints in AugmentedFCircuit
(constraint count went down ~6k)
* rm 128 bit constant
* add params to Errors
* Updates from review suggestions. Additionally refactored nova/nifs fold, and rm transcript from nova/IVC.
- Updates from PR suggestions
- Additionally updated:
- in nova/nifs.rs: reuse folded_committed_instance for verify_folded_instance, computationally is the same, but reusing the same code so avoiding duplication and having an error on one of the two versions.
- in nova/ivc.rs: remove transcript from IVC (not needed, it uses the RO)
arnaucube
winderica
Nick Dimitriou
Carlos Pérez
Pierre