From ad97a8cde9afb90fc1dad17c83402427dba9525a Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Wed, 3 Jan 2024 15:56:14 -0500 Subject: [PATCH] `{to,from}_bytes` changes --- Cargo.toml | 2 +- src/commitment/blake2s/constraints.rs | 2 +- src/crh/bowe_hopwood/constraints.rs | 6 +- src/crh/injective_map/constraints.rs | 4 +- src/crh/pedersen/constraints.rs | 4 +- src/crh/sha256/constraints.rs | 87 ++++++++++-------- src/crh/sha256/mod.rs | 3 - src/crh/sha256/r1cs_utils.rs | 122 -------------------------- src/encryption/elgamal/constraints.rs | 2 +- src/merkle_tree/constraints.rs | 106 ++++++++++------------ src/merkle_tree/tests/constraints.rs | 7 +- src/signature/schnorr/constraints.rs | 4 +- src/snark/constraints.rs | 1 - src/sponge/constraints/absorb.rs | 14 +-- src/sponge/constraints/mod.rs | 4 +- src/sponge/poseidon/constraints.rs | 2 +- 16 files changed, 121 insertions(+), 249 deletions(-) delete mode 100644 src/crh/sha256/r1cs_utils.rs diff --git a/Cargo.toml b/Cargo.toml index aa001515..5135b10b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -115,7 +115,7 @@ harness = false required-features = [ "merkle_tree" ] [patch.crates-io] -ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std/" } +ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std/", branch = "add-convert-traits-to-prelude" } ark-ff = { git = "https://github.com/arkworks-rs/algebra/" } ark-ec = { git = "https://github.com/arkworks-rs/algebra/" } ark-poly = { git = "https://github.com/arkworks-rs/algebra/" } diff --git a/src/commitment/blake2s/constraints.rs b/src/commitment/blake2s/constraints.rs index 4659faae..f38b7378 100644 --- a/src/commitment/blake2s/constraints.rs +++ b/src/commitment/blake2s/constraints.rs @@ -35,7 +35,7 @@ impl CommitmentGadget for CommGadget { } let mut result = Vec::new(); for int in evaluate_blake2s(&input_bits)?.into_iter() { - let chunk = int.to_bytes()?; + let chunk = int.to_bytes_le()?; result.extend_from_slice(&chunk); } Ok(OutputVar(result)) diff --git a/src/crh/bowe_hopwood/constraints.rs b/src/crh/bowe_hopwood/constraints.rs index ca2ae0ff..c58baeba 100644 --- a/src/crh/bowe_hopwood/constraints.rs +++ b/src/crh/bowe_hopwood/constraints.rs @@ -17,7 +17,7 @@ use ark_r1cs_std::{ use ark_relations::r1cs::{Namespace, SynthesisError}; use crate::crh::bowe_hopwood::{TwoToOneCRH, CRH}; -use ark_r1cs_std::bits::boolean::Boolean; +use ark_r1cs_std::boolean::Boolean; type ConstraintF

= <

::BaseField as Field>::BasePrimeField; @@ -140,8 +140,8 @@ where left_input: &Self::OutputVar, right_input: &Self::OutputVar, ) -> Result { - let left_input_bytes = left_input.to_bytes()?; - let right_input_bytes = right_input.to_bytes()?; + let left_input_bytes = left_input.to_bytes_le()?; + let right_input_bytes = right_input.to_bytes_le()?; Self::evaluate(parameters, &left_input_bytes, &right_input_bytes) } } diff --git a/src/crh/injective_map/constraints.rs b/src/crh/injective_map/constraints.rs index ef312709..8e9cd703 100644 --- a/src/crh/injective_map/constraints.rs +++ b/src/crh/injective_map/constraints.rs @@ -151,8 +151,8 @@ where left_input: &Self::OutputVar, right_input: &Self::OutputVar, ) -> Result { - let left_input_bytes = left_input.to_non_unique_bytes()?; - let right_input_bytes = right_input.to_non_unique_bytes()?; + let left_input_bytes = left_input.to_non_unique_bytes_le()?; + let right_input_bytes = right_input.to_non_unique_bytes_le()?; >::evaluate( parameters, &left_input_bytes, diff --git a/src/crh/pedersen/constraints.rs b/src/crh/pedersen/constraints.rs index 1b32a111..fdf2340a 100644 --- a/src/crh/pedersen/constraints.rs +++ b/src/crh/pedersen/constraints.rs @@ -127,8 +127,8 @@ where right_input: &Self::OutputVar, ) -> Result { // convert output to bytes - let left_input = left_input.to_bytes()?; - let right_input = right_input.to_bytes()?; + let left_input = left_input.to_bytes_le()?; + let right_input = right_input.to_bytes_le()?; Self::evaluate(parameters, &left_input, &right_input) } } diff --git a/src/crh/sha256/constraints.rs b/src/crh/sha256/constraints.rs index 60f5ee09..c7080809 100644 --- a/src/crh/sha256/constraints.rs +++ b/src/crh/sha256/constraints.rs @@ -3,19 +3,19 @@ // See LICENSE-MIT in the root directory for a copy of the license // Thank you! -use crate::crh::{ - sha256::{r1cs_utils::UInt32Ext, Sha256}, - CRHSchemeGadget, TwoToOneCRHSchemeGadget, -}; +use crate::crh::{sha256::Sha256, CRHSchemeGadget, TwoToOneCRHSchemeGadget}; use core::{borrow::Borrow, iter, marker::PhantomData}; use ark_ff::PrimeField; use ark_r1cs_std::{ alloc::{AllocVar, AllocationMode}, - bits::{boolean::Boolean, uint32::UInt32, uint8::UInt8, ToBytesGadget}, + boolean::Boolean, + convert::ToBytesGadget, eq::EqGadget, select::CondSelectGadget, + uint32::UInt32, + uint8::UInt8, R1CSVar, }; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; @@ -75,61 +75,66 @@ impl Sha256Gadget { for i in 16..64 { let s0 = { - let x1 = w[i - 15].rotr(7); - let x2 = w[i - 15].rotr(18); - let x3 = w[i - 15].shr(3); - x1.xor(&x2)?.xor(&x3)? + let x1 = w[i - 15].rotate_right(7); + let x2 = w[i - 15].rotate_right(18); + let x3 = &w[i - 15] >> 3u8; + x1 ^ &x2 ^ &x3 }; let s1 = { - let x1 = w[i - 2].rotr(17); - let x2 = w[i - 2].rotr(19); - let x3 = w[i - 2].shr(10); - x1.xor(&x2)?.xor(&x3)? + let x1 = w[i - 2].rotate_right(17); + let x2 = w[i - 2].rotate_right(19); + let x3 = &w[i - 2] >> 10u8; + x1 ^ &x2 ^ &x3 }; - w[i] = UInt32::addmany(&[w[i - 16].clone(), s0, w[i - 7].clone(), s1])?; + w[i] = UInt32::wrapping_add_many(&[w[i - 16].clone(), s0, w[i - 7].clone(), s1])?; } let mut h = state.to_vec(); for i in 0..64 { let ch = { - let x1 = h[4].bitand(&h[5])?; - let x2 = h[4].not().bitand(&h[6])?; - x1.xor(&x2)? + let x1 = &h[4] & &h[5]; + let x2 = (!&h[4]) & &h[6]; + x1 ^ &x2 }; let ma = { - let x1 = h[0].bitand(&h[1])?; - let x2 = h[0].bitand(&h[2])?; - let x3 = h[1].bitand(&h[2])?; - x1.xor(&x2)?.xor(&x3)? + let x1 = &h[0] & &h[1]; + let x2 = &h[0] & &h[2]; + let x3 = &h[1] & &h[2]; + x1 ^ &x2 ^ &x3 }; let s0 = { - let x1 = h[0].rotr(2); - let x2 = h[0].rotr(13); - let x3 = h[0].rotr(22); - x1.xor(&x2)?.xor(&x3)? + let x1 = h[0].rotate_right(2); + let x2 = h[0].rotate_right(13); + let x3 = h[0].rotate_right(22); + x1 ^ &x2 ^ &x3 }; let s1 = { - let x1 = h[4].rotr(6); - let x2 = h[4].rotr(11); - let x3 = h[4].rotr(25); - x1.xor(&x2)?.xor(&x3)? + let x1 = h[4].rotate_right(6); + let x2 = h[4].rotate_right(11); + let x3 = h[4].rotate_right(25); + x1 ^ &x2 ^ &x3 }; - let t0 = - UInt32::addmany(&[h[7].clone(), s1, ch, UInt32::constant(K[i]), w[i].clone()])?; - let t1 = UInt32::addmany(&[s0, ma])?; + let t0 = UInt32::wrapping_add_many(&[ + h[7].clone(), + s1, + ch, + UInt32::constant(K[i]), + w[i].clone(), + ])?; + let t1 = s0.wrapping_add(&ma); h[7] = h[6].clone(); h[6] = h[5].clone(); h[5] = h[4].clone(); - h[4] = UInt32::addmany(&[h[3].clone(), t0.clone()])?; + h[4] = h[3].wrapping_add(&t0); h[3] = h[2].clone(); h[2] = h[1].clone(); h[1] = h[0].clone(); - h[0] = UInt32::addmany(&[t0, t1])?; + h[0] = t0.wrapping_add(&t1); } for (s, hi) in state.iter_mut().zip(h.iter()) { - *s = UInt32::addmany(&[s.clone(), hi.clone()])?; + *s = s.wrapping_add(hi); } Ok(()) @@ -192,7 +197,11 @@ impl Sha256Gadget { self.update(&pending[..offset + 8])?; // Collect the state into big-endian bytes - let bytes: Vec<_> = self.state.iter().flat_map(UInt32::to_bytes_be).collect(); + let bytes = Vec::from_iter( + self.state + .iter() + .flat_map(|i| UInt32::to_bytes_be(i).unwrap()), + ); Ok(DigestVar(bytes)) } @@ -221,7 +230,7 @@ where } impl ToBytesGadget for DigestVar { - fn to_bytes(&self) -> Result>, SynthesisError> { + fn to_bytes_le(&self) -> Result>, SynthesisError> { Ok(self.0.clone()) } } @@ -360,8 +369,8 @@ where right_input: &Self::OutputVar, ) -> Result { // Convert output to bytes - let left_input = left_input.to_bytes()?; - let right_input = right_input.to_bytes()?; + let left_input = left_input.to_bytes_le()?; + let right_input = right_input.to_bytes_le()?; >::evaluate( parameters, &left_input, diff --git a/src/crh/sha256/mod.rs b/src/crh/sha256/mod.rs index 5f89482e..6010be32 100644 --- a/src/crh/sha256/mod.rs +++ b/src/crh/sha256/mod.rs @@ -6,9 +6,6 @@ use ark_std::rand::Rng; // Re-export the RustCrypto Sha256 type and its associated traits pub use sha2::{digest, Sha256}; -#[cfg(feature = "r1cs")] -mod r1cs_utils; - #[cfg(feature = "r1cs")] pub mod constraints; diff --git a/src/crh/sha256/r1cs_utils.rs b/src/crh/sha256/r1cs_utils.rs deleted file mode 100644 index 88866313..00000000 --- a/src/crh/sha256/r1cs_utils.rs +++ /dev/null @@ -1,122 +0,0 @@ -use crate::Vec; - -use ark_ff::PrimeField; -use ark_r1cs_std::bits::{boolean::Boolean, uint32::UInt32, uint8::UInt8, ToBitsGadget}; -use ark_relations::r1cs::SynthesisError; -use core::iter; - -/// Extra traits not automatically implemented by UInt32 -pub(crate) trait UInt32Ext: Sized { - /// Right shift - fn shr(&self, by: usize) -> Self; - - /// Bitwise NOT - fn not(&self) -> Self; - - /// Bitwise AND - fn bitand(&self, rhs: &Self) -> Result; - - /// Converts from big-endian bytes - fn from_bytes_be(bytes: &[UInt8]) -> Result; - - /// Converts to big-endian bytes - fn to_bytes_be(&self) -> Vec>; -} - -impl UInt32Ext for UInt32 { - fn shr(&self, by: usize) -> Self { - assert!(by < 32); - - let zeros = iter::repeat(Boolean::constant(false)).take(by); - let new_bits: Vec<_> = self - .to_bits_le() - .into_iter() - .skip(by) - .chain(zeros) - .collect(); - UInt32::from_bits_le(&new_bits) - } - - fn not(&self) -> Self { - let new_bits: Vec<_> = self.to_bits_le().iter().map(Boolean::not).collect(); - UInt32::from_bits_le(&new_bits) - } - - fn bitand(&self, rhs: &Self) -> Result { - let new_bits: Result, SynthesisError> = self - .to_bits_le() - .into_iter() - .zip(rhs.to_bits_le().into_iter()) - .map(|(a, b)| a.and(&b)) - .collect(); - Ok(UInt32::from_bits_le(&new_bits?)) - } - - fn from_bytes_be(bytes: &[UInt8]) -> Result { - assert_eq!(bytes.len(), 4); - - let mut bits: Vec> = Vec::new(); - for byte in bytes.iter().rev() { - let b: Vec> = byte.to_bits_le()?; - bits.extend(b); - } - Ok(UInt32::from_bits_le(&bits)) - } - - fn to_bytes_be(&self) -> Vec> { - self.to_bits_le() - .chunks(8) - .rev() - .map(UInt8::from_bits_le) - .collect() - } -} - -#[cfg(test)] -mod test { - use super::*; - - use ark_bls12_377::Fr; - use ark_r1cs_std::{bits::uint32::UInt32, R1CSVar}; - use ark_std::rand::Rng; - - const NUM_TESTS: usize = 10_000; - - #[test] - fn test_shr() { - let mut rng = ark_std::test_rng(); - for _ in 0..NUM_TESTS { - let x = rng.gen::(); - let by = rng.gen::() % 32; - assert_eq!(UInt32::::constant(x).shr(by).value().unwrap(), x >> by); - } - } - - #[test] - fn test_bitand() { - let mut rng = ark_std::test_rng(); - for _ in 0..NUM_TESTS { - let x = rng.gen::(); - let y = rng.gen::(); - assert_eq!( - UInt32::::constant(x) - .bitand(&UInt32::constant(y)) - .unwrap() - .value() - .unwrap(), - x & y - ); - } - } - - #[test] - fn test_to_from_bytes_be() { - let mut rng = ark_std::test_rng(); - for _ in 0..NUM_TESTS { - let x = UInt32::::constant(rng.gen::()); - let bytes = x.to_bytes_be(); - let y = UInt32::from_bytes_be(&bytes).unwrap(); - assert_eq!(x.value(), y.value()); - } - } -} diff --git a/src/encryption/elgamal/constraints.rs b/src/encryption/elgamal/constraints.rs index 2846d307..7527352a 100644 --- a/src/encryption/elgamal/constraints.rs +++ b/src/encryption/elgamal/constraints.rs @@ -176,7 +176,7 @@ where { #[inline] fn is_eq(&self, other: &Self) -> Result>, SynthesisError> { - self.c1.is_eq(&other.c1)?.and(&self.c2.is_eq(&other.c2)?) + Ok(self.c1.is_eq(&other.c1)? & &self.c2.is_eq(&other.c2)?) } } diff --git a/src/merkle_tree/constraints.rs b/src/merkle_tree/constraints.rs index d5917b07..e243079c 100644 --- a/src/merkle_tree/constraints.rs +++ b/src/merkle_tree/constraints.rs @@ -1,12 +1,8 @@ use crate::crh::TwoToOneCRHSchemeGadget; use crate::merkle_tree::{Config, IdentityDigestConverter}; use crate::{crh::CRHSchemeGadget, merkle_tree::Path}; -use ark_ff::Field; -use ark_r1cs_std::alloc::AllocVar; -use ark_r1cs_std::boolean::Boolean; -#[allow(unused)] +use ark_ff::PrimeField; use ark_r1cs_std::prelude::*; -use ark_r1cs_std::ToBytesGadget; use ark_relations::r1cs::{Namespace, SynthesisError}; use ark_std::borrow::Borrow; use ark_std::fmt::Debug; @@ -25,91 +21,85 @@ impl DigestVarConverter for IdentityDigestConverter { } } -pub struct BytesVarDigestConverter, ConstraintF: Field> { +pub struct BytesVarDigestConverter, F: PrimeField> { _prev_layer_digest: T, - _constraint_field: ConstraintF, + _constraint_field: F, } -impl, ConstraintF: Field> DigestVarConverter]> - for BytesVarDigestConverter +impl, F: PrimeField> DigestVarConverter]> + for BytesVarDigestConverter { - type TargetType = Vec>; + type TargetType = Vec>; fn convert(from: T) -> Result { - from.to_non_unique_bytes() + from.to_non_unique_bytes_le() } } -pub trait ConfigGadget { +pub trait ConfigGadget { type Leaf: Debug + ?Sized; - type LeafDigest: AllocVar - + EqGadget - + ToBytesGadget - + CondSelectGadget - + R1CSVar + type LeafDigest: AllocVar + + EqGadget + + ToBytesGadget + + CondSelectGadget + + R1CSVar + Debug + Clone + Sized; type LeafInnerConverter: DigestVarConverter< Self::LeafDigest, - >::InputVar, + >::InputVar, >; - type InnerDigest: AllocVar - + EqGadget - + ToBytesGadget - + CondSelectGadget - + R1CSVar + type InnerDigest: AllocVar + + EqGadget + + ToBytesGadget + + CondSelectGadget + + R1CSVar + Debug + Clone + Sized; type LeafHash: CRHSchemeGadget< P::LeafHash, - ConstraintF, + F, InputVar = Self::Leaf, OutputVar = Self::LeafDigest, >; - type TwoToOneHash: TwoToOneCRHSchemeGadget< - P::TwoToOneHash, - ConstraintF, - OutputVar = Self::InnerDigest, - >; + type TwoToOneHash: TwoToOneCRHSchemeGadget; } -type LeafParam = - <>::LeafHash as CRHSchemeGadget< -

::LeafHash, - ConstraintF, - >>::ParametersVar; -type TwoToOneParam = - <>::TwoToOneHash as TwoToOneCRHSchemeGadget< +type LeafParam = <>::LeafHash as CRHSchemeGadget< +

::LeafHash, + F, +>>::ParametersVar; +type TwoToOneParam = + <>::TwoToOneHash as TwoToOneCRHSchemeGadget<

::TwoToOneHash, - ConstraintF, + F, >>::ParametersVar; /// Represents a merkle tree path gadget. #[derive(Debug, Derivative)] -#[derivative(Clone(bound = "P: Config, ConstraintF: Field, PG: ConfigGadget"))] -pub struct PathVar> { +#[derivative(Clone(bound = "P: Config, F: PrimeField, PG: ConfigGadget"))] +pub struct PathVar> { /// `path[i]` is 0 (false) iff ith non-leaf node from top to bottom is left. - path: Vec>, + path: Vec>, /// `auth_path[i]` is the entry of sibling of ith non-leaf node from top to bottom. auth_path: Vec, /// The sibling of leaf. leaf_sibling: PG::LeafDigest, /// Is this leaf the right child? - leaf_is_right_child: Boolean, + leaf_is_right_child: Boolean, } -impl> AllocVar, ConstraintF> - for PathVar +impl> AllocVar, F> for PathVar where P: Config, - ConstraintF: Field, + F: PrimeField, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( - cs: impl Into>, + cs: impl Into>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> Result { @@ -148,12 +138,12 @@ where } } -impl> PathVar { +impl> PathVar { /// Set the leaf index of the path to a given value. Verifier can use function before calling `verify` /// to check the correctness leaf position. /// * `leaf_index`: leaf index encoded in little-endian format #[tracing::instrument(target = "r1cs", skip(self))] - pub fn set_leaf_position(&mut self, leaf_index: Vec>) { + pub fn set_leaf_position(&mut self, leaf_index: Vec>) { // The path to a leaf is described by the branching // decisions taken at each node. This corresponds to the position // of the leaf. @@ -180,7 +170,7 @@ impl> PathVar Vec> { + pub fn get_leaf_position(&self) -> Vec> { ark_std::iter::once(self.leaf_is_right_child.clone()) .chain(self.path.clone().into_iter().rev()) .collect() @@ -190,8 +180,8 @@ impl> PathVar, - two_to_one_params: &TwoToOneParam, + leaf_params: &LeafParam, + two_to_one_params: &TwoToOneParam, leaf: &PG::Leaf, ) -> Result { let claimed_leaf_hash = PG::LeafHash::evaluate(leaf_params, leaf)?; @@ -236,11 +226,11 @@ impl> PathVar, - two_to_one_params: &TwoToOneParam, + leaf_params: &LeafParam, + two_to_one_params: &TwoToOneParam, root: &PG::InnerDigest, leaf: &PG::Leaf, - ) -> Result, SynthesisError> { + ) -> Result, SynthesisError> { let expected_root = self.calculate_root(leaf_params, two_to_one_params, leaf)?; Ok(expected_root.is_eq(root)?) } @@ -250,8 +240,8 @@ impl> PathVar, - two_to_one_params: &TwoToOneParam, + leaf_params: &LeafParam, + two_to_one_params: &TwoToOneParam, old_root: &PG::InnerDigest, old_leaf: &PG::Leaf, new_leaf: &PG::Leaf, @@ -267,13 +257,13 @@ impl> PathVar, - two_to_one_params: &TwoToOneParam, + leaf_params: &LeafParam, + two_to_one_params: &TwoToOneParam, old_root: &PG::InnerDigest, new_root: &PG::InnerDigest, old_leaf: &PG::Leaf, new_leaf: &PG::Leaf, - ) -> Result, SynthesisError> { + ) -> Result, SynthesisError> { let actual_new_root = self.update_leaf(leaf_params, two_to_one_params, old_root, old_leaf, new_leaf)?; Ok(actual_new_root.is_eq(&new_root)?) diff --git a/src/merkle_tree/tests/constraints.rs b/src/merkle_tree/tests/constraints.rs index 8f1602d7..134e5092 100644 --- a/src/merkle_tree/tests/constraints.rs +++ b/src/merkle_tree/tests/constraints.rs @@ -5,9 +5,7 @@ mod byte_mt_tests { use crate::merkle_tree::constraints::{BytesVarDigestConverter, ConfigGadget}; use crate::merkle_tree::{constraints::PathVar, ByteDigestConverter, Config, MerkleTree}; use ark_ed_on_bls12_381::{constraints::EdwardsVar, EdwardsProjective as JubJub, Fq}; - #[allow(unused)] use ark_r1cs_std::prelude::*; - #[allow(unused)] use ark_relations::r1cs::ConstraintSystem; #[derive(Clone)] @@ -239,10 +237,10 @@ mod field_mt_tests { use crate::merkle_tree::constraints::ConfigGadget; use crate::merkle_tree::tests::test_utils::poseidon_parameters; use crate::merkle_tree::{constraints::PathVar, Config, IdentityDigestConverter, MerkleTree}; - use ark_r1cs_std::alloc::AllocVar; use ark_r1cs_std::fields::fp::FpVar; use ark_r1cs_std::uint32::UInt32; use ark_r1cs_std::R1CSVar; + use ark_r1cs_std::{alloc::AllocVar, convert::ToBitsGadget}; use ark_relations::r1cs::ConstraintSystem; use ark_std::{test_rng, One, UniformRand}; @@ -348,7 +346,8 @@ mod field_mt_tests { // try replace the path index let leaf_pos = UInt32::new_witness(cs.clone(), || Ok(i as u32)) .unwrap() - .to_bits_le(); + .to_bits_le() + .unwrap(); cw.set_leaf_position(leaf_pos.clone()); // check if get_leaf_position is correct diff --git a/src/signature/schnorr/constraints.rs b/src/signature/schnorr/constraints.rs index 20dd2b47..0f663825 100644 --- a/src/signature/schnorr/constraints.rs +++ b/src/signature/schnorr/constraints.rs @@ -153,7 +153,7 @@ where GC: CurveVar>, for<'a> &'a GC: GroupOpsBounds<'a, C, GC>, { - fn to_bytes(&self) -> Result>>, SynthesisError> { - self.pub_key.to_bytes() + fn to_bytes_le(&self) -> Result>>, SynthesisError> { + self.pub_key.to_bytes_le() } } diff --git a/src/snark/constraints.rs b/src/snark/constraints.rs index 93480ec1..66419198 100644 --- a/src/snark/constraints.rs +++ b/src/snark/constraints.rs @@ -1,7 +1,6 @@ use ark_ff::{BigInteger, PrimeField}; use ark_r1cs_std::prelude::*; use ark_r1cs_std::{ - bits::boolean::Boolean, fields::{ emulated_fp::{ params::{get_params, OptimizationType}, diff --git a/src/sponge/constraints/absorb.rs b/src/sponge/constraints/absorb.rs index 4ee6335c..58779a02 100644 --- a/src/sponge/constraints/absorb.rs +++ b/src/sponge/constraints/absorb.rs @@ -3,15 +3,15 @@ use ark_ec::{ twisted_edwards::TECurveConfig as TEModelParameters, CurveConfig as ModelParameters, }; use ark_ff::{Field, PrimeField}; -use ark_r1cs_std::bits::boolean::Boolean; -use ark_r1cs_std::bits::uint8::UInt8; +use ark_r1cs_std::boolean::Boolean; +use ark_r1cs_std::convert::{ToBytesGadget, ToConstraintFieldGadget}; use ark_r1cs_std::fields::fp::FpVar; use ark_r1cs_std::fields::{FieldOpsBounds, FieldVar}; use ark_r1cs_std::groups::curves::short_weierstrass::{ AffineVar as SWAffineVar, ProjectiveVar as SWProjectiveVar, }; use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar as TEAffineVar; -use ark_r1cs_std::{ToBytesGadget, ToConstraintFieldGadget}; +use ark_r1cs_std::uint8::UInt8; use ark_relations::r1cs::SynthesisError; use ark_std::vec; use ark_std::vec::Vec; @@ -71,7 +71,7 @@ impl AbsorbGadget for UInt8 { impl AbsorbGadget for Boolean { fn to_sponge_bytes(&self) -> Result>, SynthesisError> { - self.to_bytes() + self.to_bytes_le() } fn to_sponge_field_elements(&self) -> Result>, SynthesisError> { @@ -81,7 +81,7 @@ impl AbsorbGadget for Boolean { impl AbsorbGadget for FpVar { fn to_sponge_bytes(&self) -> Result>, SynthesisError> { - self.to_bytes() + self.to_bytes_le() } fn to_sponge_field_elements(&self) -> Result>, SynthesisError> { @@ -125,7 +125,7 @@ where ) -> Result::BasePrimeField>>, SynthesisError> { let mut bytes = self.x.to_constraint_field()?.to_sponge_bytes()?; bytes.append(&mut self.y.to_constraint_field()?.to_sponge_bytes()?); - bytes.append(&mut self.infinity.to_bytes()?.to_sponge_bytes()?); + bytes.append(&mut self.infinity.to_bytes_le()?.to_sponge_bytes()?); Ok(bytes) } @@ -150,7 +150,7 @@ where Vec::BaseField as Field>::BasePrimeField>>, SynthesisError, > { - self.to_bytes() + self.to_bytes_le() } fn to_sponge_field_elements( diff --git a/src/sponge/constraints/mod.rs b/src/sponge/constraints/mod.rs index 12fb28c3..0d29efe9 100644 --- a/src/sponge/constraints/mod.rs +++ b/src/sponge/constraints/mod.rs @@ -1,11 +1,11 @@ use crate::sponge::{Absorb, CryptographicSponge, FieldElementSize}; use ark_ff::PrimeField; use ark_r1cs_std::alloc::AllocVar; -use ark_r1cs_std::bits::boolean::Boolean; -use ark_r1cs_std::bits::uint8::UInt8; +use ark_r1cs_std::boolean::Boolean; use ark_r1cs_std::fields::emulated_fp::params::{get_params, OptimizationType}; use ark_r1cs_std::fields::emulated_fp::{AllocatedEmulatedFpVar, EmulatedFpVar}; use ark_r1cs_std::fields::fp::{AllocatedFp, FpVar}; +use ark_r1cs_std::uint8::UInt8; use ark_r1cs_std::R1CSVar; use ark_relations::lc; use ark_relations::r1cs::{ConstraintSystemRef, LinearCombination, SynthesisError}; diff --git a/src/sponge/poseidon/constraints.rs b/src/sponge/poseidon/constraints.rs index 54222206..8cbec6d2 100644 --- a/src/sponge/poseidon/constraints.rs +++ b/src/sponge/poseidon/constraints.rs @@ -240,7 +240,7 @@ impl CryptographicSpongeVar> for PoseidonSpo let mut bytes: Vec> = Vec::with_capacity(usable_bytes * num_elements); for elem in &src_elements { - bytes.extend_from_slice(&elem.to_bytes()?[..usable_bytes]); + bytes.extend_from_slice(&elem.to_bytes_le()?[..usable_bytes]); } bytes.truncate(num_bytes);