Skip to content

Commit

Permalink
Upgrade for latest r1cs-std (#52)
Browse files Browse the repository at this point in the history
  • Loading branch information
Pratyush authored Jan 8, 2024
1 parent c7e8ade commit 42b38f1
Show file tree
Hide file tree
Showing 7 changed files with 64 additions and 50 deletions.
22 changes: 21 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ rayon = { version = "1", optional = true }
csv = { version = "1" }
ark-bls12-381 = { version = "0.4.0", default-features = false, features = ["curve"] }
ark-bls12-377 = { version = "0.4.0", default-features = false, features = ["curve"] }
ark-cp6-782 = { version = "0.4.0", default-features = false }
ark-bw6-761 = { version = "0.4.0", default-features = false }
ark-mnt4-298 = { version = "0.4.0", default-features = false, features = ["r1cs", "curve"] }
ark-mnt6-298 = { version = "0.4.0", default-features = false, features = ["r1cs"] }
ark-mnt4-753 = { version = "0.4.0", default-features = false, features = ["r1cs", "curve"] }
Expand Down Expand Up @@ -77,3 +77,23 @@ lto = "thin"
incremental = true
debug-assertions = true
debug = true


[patch.crates-io]
ark-ff = { git = "https://github.com/arkworks-rs/algebra/" }
ark-ec = { git = "https://github.com/arkworks-rs/algebra/" }
ark-poly = { git = "https://github.com/arkworks-rs/algebra/" }
ark-serialize = { git = "https://github.com/arkworks-rs/algebra/" }
ark-bls12-381 = { git = "https://github.com/arkworks-rs/algebra/" }
ark-mnt4-298 = { git = "https://github.com/arkworks-rs/algebra/" }
ark-mnt6-298 = { git = "https://github.com/arkworks-rs/algebra/" }
ark-mnt4-753 = { git = "https://github.com/arkworks-rs/algebra/" }
ark-mnt6-753 = { git = "https://github.com/arkworks-rs/algebra/" }
ark-bls12-377 = { git = "https://github.com/arkworks-rs/algebra/" }
ark-bw6-761 = { git = "https://github.com/arkworks-rs/algebra/" }

ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std/" }
ark-crypto-primitives = { git = "https://github.com/arkworks-rs/crypto-primitives/" }

ark-relations = { git = "https://github.com/arkworks-rs/snark/" }
ark-snark = { git = "https://github.com/arkworks-rs/snark/" }
3 changes: 1 addition & 2 deletions benches/bench.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ use ark_relations::{
lc,
r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError},
};
use ark_std::ops::Mul;

const NUM_PROVE_REPETITIONS: usize = 1;
const NUM_VERIFY_REPETITIONS: usize = 50;
Expand Down Expand Up @@ -109,7 +108,7 @@ macro_rules! groth16_verify_bench {
let (pk, vk) = Groth16::<$bench_pairing_engine>::circuit_specific_setup(c, rng).unwrap();
let proof = Groth16::<$bench_pairing_engine>::prove(&pk, c.clone(), rng).unwrap();

let v = c.a.unwrap().mul(c.b.unwrap());
let v = c.a.unwrap() * c.b.unwrap();

let start = ark_std::time::Instant::now();

Expand Down
53 changes: 26 additions & 27 deletions src/constraints.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,26 +4,26 @@ use crate::{
};
use ark_crypto_primitives::snark::constraints::{CircuitSpecificSetupSNARKGadget, SNARKGadget};
use ark_crypto_primitives::snark::{BooleanInputVar, SNARK};
use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup};
use ark_ec::{pairing::Pairing, AffineRepr};
use ark_ff::Field;
use ark_r1cs_std::groups::CurveVar;
use ark_r1cs_std::{
alloc::{AllocVar, AllocationMode},
bits::boolean::Boolean,
bits::uint8::UInt8,
boolean::Boolean,
convert::{ToBitsGadget, ToBytesGadget},
eq::EqGadget,
pairing::PairingVar,
ToBitsGadget, ToBytesGadget,
uint8::UInt8,
};
use ark_relations::r1cs::{Namespace, SynthesisError};
use ark_std::{borrow::Borrow, marker::PhantomData, vec::Vec};

type BasePrimeField<E> = <<<E as Pairing>::G1 as CurveGroup>::BaseField as Field>::BasePrimeField;
type BasePrimeField<E> = <<E as Pairing>::BaseField as Field>::BasePrimeField;

/// The proof variable for the Groth16 construction
#[derive(Derivative)]
#[derivative(Clone(bound = "P::G1Var: Clone, P::G2Var: Clone"))]
pub struct ProofVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
pub struct ProofVar<E: Pairing, P: PairingVar<E>> {
/// The `A` element in `G1`.
pub a: P::G1Var,
/// The `B` element in `G2`.
Expand All @@ -34,11 +34,10 @@ pub struct ProofVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {

/// A variable representing the Groth16 verifying key in the constraint system.
#[derive(Derivative)]
#[derivative(
Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \
P::G2PreparedVar: Clone, ")
)]
pub struct VerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
#[derivative(Clone(
bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, P::G2PreparedVar: Clone"
))]
pub struct VerifyingKeyVar<E: Pairing, P: PairingVar<E>> {
#[doc(hidden)]
pub alpha_g1: P::G1Var,
#[doc(hidden)]
Expand All @@ -51,7 +50,7 @@ pub struct VerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
pub gamma_abc_g1: Vec<P::G1Var>,
}

impl<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> VerifyingKeyVar<E, P> {
impl<E: Pairing, P: PairingVar<E>> VerifyingKeyVar<E, P> {
/// Prepare `self` for use in proof verification.
pub fn prepare(&self) -> Result<PreparedVerifyingKeyVar<E, P>, SynthesisError> {
let alpha_g1_pc = P::prepare_g1(&self.alpha_g1)?;
Expand All @@ -76,7 +75,7 @@ impl<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> VerifyingKeyVar<E, P> {
Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \
P::G2PreparedVar: Clone, ")
)]
pub struct PreparedVerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
pub struct PreparedVerifyingKeyVar<E: Pairing, P: PairingVar<E>> {
#[doc(hidden)]
pub alpha_g1_beta_g2: P::GTVar,
#[doc(hidden)]
Expand All @@ -91,7 +90,7 @@ pub struct PreparedVerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E
pub struct Groth16VerifierGadget<E, P, QAP = LibsnarkReduction>
where
E: Pairing,
P: PairingVar<E, BasePrimeField<E>>,
P: PairingVar<E>,
QAP: R1CSToQAP,
{
_pairing_engine: PhantomData<E>,
Expand All @@ -104,7 +103,7 @@ impl<E, QAP, P> SNARKGadget<E::ScalarField, BasePrimeField<E>, Groth16<E, QAP>>
where
E: Pairing,
QAP: R1CSToQAP,
P: PairingVar<E, BasePrimeField<E>>,
P: PairingVar<E>,
{
type ProcessedVerifyingKeyVar = PreparedVerifyingKeyVar<E, P>;
type VerifyingKeyVar = VerifyingKeyVar<E, P>;
Expand Down Expand Up @@ -267,15 +266,15 @@ impl<E, P, QAP: R1CSToQAP>
for Groth16VerifierGadget<E, P, QAP>
where
E: Pairing,
P: PairingVar<E, BasePrimeField<E>>,
P: PairingVar<E>,
QAP: R1CSToQAP,
{
}

impl<E, P> AllocVar<PreparedVerifyingKey<E>, BasePrimeField<E>> for PreparedVerifyingKeyVar<E, P>
where
E: Pairing,
P: PairingVar<E, BasePrimeField<E>>,
P: PairingVar<E>,
{
#[tracing::instrument(target = "r1cs", skip(cs, f))]
fn new_variable<T: Borrow<PreparedVerifyingKey<E>>>(
Expand Down Expand Up @@ -325,7 +324,7 @@ where
impl<E, P> AllocVar<VerifyingKey<E>, BasePrimeField<E>> for VerifyingKeyVar<E, P>
where
E: Pairing,
P: PairingVar<E, BasePrimeField<E>>,
P: PairingVar<E>,
{
#[tracing::instrument(target = "r1cs", skip(cs, f))]
fn new_variable<T: Borrow<VerifyingKey<E>>>(
Expand Down Expand Up @@ -368,7 +367,7 @@ where
impl<E, P> AllocVar<Proof<E>, BasePrimeField<E>> for ProofVar<E, P>
where
E: Pairing,
P: PairingVar<E, BasePrimeField<E>>,
P: PairingVar<E>,
{
#[tracing::instrument(target = "r1cs", skip(cs, f))]
fn new_variable<T: Borrow<Proof<E>>>(
Expand All @@ -392,18 +391,18 @@ where
impl<E, P> ToBytesGadget<BasePrimeField<E>> for VerifyingKeyVar<E, P>
where
E: Pairing,
P: PairingVar<E, BasePrimeField<E>>,
P: PairingVar<E>,
{
#[inline]
#[tracing::instrument(target = "r1cs", skip(self))]
fn to_bytes(&self) -> Result<Vec<UInt8<BasePrimeField<E>>>, SynthesisError> {
fn to_bytes_le(&self) -> Result<Vec<UInt8<BasePrimeField<E>>>, SynthesisError> {
let mut bytes = Vec::new();
bytes.extend_from_slice(&self.alpha_g1.to_bytes()?);
bytes.extend_from_slice(&self.beta_g2.to_bytes()?);
bytes.extend_from_slice(&self.gamma_g2.to_bytes()?);
bytes.extend_from_slice(&self.delta_g2.to_bytes()?);
bytes.extend_from_slice(&self.alpha_g1.to_bytes_le()?);
bytes.extend_from_slice(&self.beta_g2.to_bytes_le()?);
bytes.extend_from_slice(&self.gamma_g2.to_bytes_le()?);
bytes.extend_from_slice(&self.delta_g2.to_bytes_le()?);
for g in &self.gamma_abc_g1 {
bytes.extend_from_slice(&g.to_bytes()?);
bytes.extend_from_slice(&g.to_bytes_le()?);
}
Ok(bytes)
}
Expand All @@ -418,7 +417,7 @@ mod test {
use ark_ff::{Field, UniformRand};
use ark_mnt4_298::{constraints::PairingVar as MNT4PairingVar, Fr as MNT4Fr, MNT4_298 as MNT4};
use ark_mnt6_298::Fr as MNT6Fr;
use ark_r1cs_std::bits::boolean::Boolean;
use ark_r1cs_std::boolean::Boolean;
use ark_r1cs_std::{alloc::AllocVar, eq::EqGadget};
use ark_relations::{
lc, ns,
Expand Down
14 changes: 7 additions & 7 deletions src/generator.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use crate::{r1cs_to_qap::R1CSToQAP, Groth16, ProvingKey, Vec, VerifyingKey};
use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup, Group};
use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup};
use ark_ff::{Field, PrimeField, UniformRand, Zero};
use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
use ark_relations::r1cs::{
Expand Down Expand Up @@ -148,11 +148,11 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
// Generate the R1CS proving key
let proving_key_time = start_timer!(|| "Generate the R1CS proving key");

let alpha_g1 = g1_generator.mul_bigint(&alpha.into_bigint());
let beta_g1 = g1_generator.mul_bigint(&beta.into_bigint());
let beta_g2 = g2_generator.mul_bigint(&beta.into_bigint());
let delta_g1 = g1_generator.mul_bigint(&delta.into_bigint());
let delta_g2 = g2_generator.mul_bigint(&delta.into_bigint());
let alpha_g1 = g1_generator * &alpha;
let beta_g1 = g1_generator * &beta;
let beta_g2 = g2_generator * &beta;
let delta_g1 = g1_generator * &delta;
let delta_g2 = g2_generator * &delta;

// Compute the A-query
let a_time = start_timer!(|| "Calculate A");
Expand Down Expand Up @@ -187,7 +187,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {

// Generate R1CS verification key
let verifying_key_time = start_timer!(|| "Generate the R1CS verification key");
let gamma_g2 = g2_generator.mul_bigint(&gamma.into_bigint());
let gamma_g2 = g2_generator * &gamma;
let gamma_abc_g1 = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &gamma_abc);

drop(g1_table);
Expand Down
2 changes: 1 addition & 1 deletion src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ pub mod constraints;
mod test;

pub use self::data_structures::*;
pub use self::{generator::*, prover::*, verifier::*};
pub use self::verifier::*;

use ark_crypto_primitives::snark::*;
use ark_ec::pairing::Pairing;
Expand Down
12 changes: 4 additions & 8 deletions src/prover.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use crate::{r1cs_to_qap::R1CSToQAP, Groth16, Proof, ProvingKey, VerifyingKey};
use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, Group, VariableBaseMSM};
use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, VariableBaseMSM};
use ark_ff::{Field, PrimeField, UniformRand, Zero};
use ark_poly::GeneralEvaluationDomain;
use ark_relations::r1cs::{
Expand Down Expand Up @@ -73,11 +73,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {

let l_aux_acc = E::G1::msm_bigint(&pk.l_query, &aux_assignment);

let r_s_delta_g1 = pk
.delta_g1
.into_group()
.mul_bigint(&r.into_bigint())
.mul_bigint(&s.into_bigint());
let r_s_delta_g1 = pk.delta_g1 * (r * s);

end_timer!(c_acc_time);

Expand All @@ -95,7 +91,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {

let g_a = Self::calculate_coeff(r_g1, &pk.a_query, pk.vk.alpha_g1, &assignment);

let s_g_a = g_a.mul_bigint(&s.into_bigint());
let s_g_a = g_a * &s;
end_timer!(a_acc_time);

// Compute B in G1 if needed
Expand All @@ -115,7 +111,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
let b_g2_acc_time = start_timer!(|| "Compute B in G2");
let s_g2 = pk.vk.delta_g2.mul(s);
let g2_b = Self::calculate_coeff(s_g2, &pk.b_g2_query, pk.vk.beta_g2, &assignment);
let r_g1_b = g1_b.mul_bigint(&r.into_bigint());
let r_g1_b = g1_b * &r;
drop(assignment);

end_timer!(b_g2_acc_time);
Expand Down
8 changes: 4 additions & 4 deletions src/test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -132,18 +132,18 @@ mod bls12_377 {
}
}

mod cp6_782 {
mod bw6_761 {
use super::{test_prove_and_verify, test_rerandomize};

use ark_cp6_782::CP6_782;
use ark_bw6_761::BW6_761;

#[test]
fn prove_and_verify() {
test_prove_and_verify::<CP6_782>(1);
test_prove_and_verify::<BW6_761>(1);
}

#[test]
fn rerandomize() {
test_rerandomize::<CP6_782>();
test_rerandomize::<BW6_761>();
}
}

0 comments on commit 42b38f1

Please sign in to comment.