From 42b38f1675fd45aa4429a2d335653e37507ec95c Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Sun, 7 Jan 2024 23:00:24 -0500 Subject: [PATCH] Upgrade for latest `r1cs-std` (#52) --- Cargo.toml | 22 ++++++++++++++++++- benches/bench.rs | 3 +-- src/constraints.rs | 53 +++++++++++++++++++++++----------------------- src/generator.rs | 14 ++++++------ src/lib.rs | 2 +- src/prover.rs | 12 ++++------- src/test.rs | 8 +++---- 7 files changed, 64 insertions(+), 50 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 8db5d6b..be1ce71 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -33,7 +33,7 @@ rayon = { version = "1", optional = true } csv = { version = "1" } ark-bls12-381 = { version = "0.4.0", default-features = false, features = ["curve"] } ark-bls12-377 = { version = "0.4.0", default-features = false, features = ["curve"] } -ark-cp6-782 = { version = "0.4.0", default-features = false } +ark-bw6-761 = { version = "0.4.0", default-features = false } ark-mnt4-298 = { version = "0.4.0", default-features = false, features = ["r1cs", "curve"] } ark-mnt6-298 = { version = "0.4.0", default-features = false, features = ["r1cs"] } ark-mnt4-753 = { version = "0.4.0", default-features = false, features = ["r1cs", "curve"] } @@ -77,3 +77,23 @@ lto = "thin" incremental = true debug-assertions = true debug = true + + +[patch.crates-io] +ark-ff = { git = "https://github.com/arkworks-rs/algebra/" } +ark-ec = { git = "https://github.com/arkworks-rs/algebra/" } +ark-poly = { git = "https://github.com/arkworks-rs/algebra/" } +ark-serialize = { git = "https://github.com/arkworks-rs/algebra/" } +ark-bls12-381 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-mnt4-298 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-mnt6-298 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-mnt4-753 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-mnt6-753 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-bls12-377 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-bw6-761 = { git = "https://github.com/arkworks-rs/algebra/" } + +ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std/" } +ark-crypto-primitives = { git = "https://github.com/arkworks-rs/crypto-primitives/" } + +ark-relations = { git = "https://github.com/arkworks-rs/snark/" } +ark-snark = { git = "https://github.com/arkworks-rs/snark/" } \ No newline at end of file diff --git a/benches/bench.rs b/benches/bench.rs index 4c3a8be..7a82d79 100644 --- a/benches/bench.rs +++ b/benches/bench.rs @@ -14,7 +14,6 @@ use ark_relations::{ lc, r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}, }; -use ark_std::ops::Mul; const NUM_PROVE_REPETITIONS: usize = 1; const NUM_VERIFY_REPETITIONS: usize = 50; @@ -109,7 +108,7 @@ macro_rules! groth16_verify_bench { let (pk, vk) = Groth16::<$bench_pairing_engine>::circuit_specific_setup(c, rng).unwrap(); let proof = Groth16::<$bench_pairing_engine>::prove(&pk, c.clone(), rng).unwrap(); - let v = c.a.unwrap().mul(c.b.unwrap()); + let v = c.a.unwrap() * c.b.unwrap(); let start = ark_std::time::Instant::now(); diff --git a/src/constraints.rs b/src/constraints.rs index f292cc6..ec3502b 100644 --- a/src/constraints.rs +++ b/src/constraints.rs @@ -4,26 +4,26 @@ use crate::{ }; use ark_crypto_primitives::snark::constraints::{CircuitSpecificSetupSNARKGadget, SNARKGadget}; use ark_crypto_primitives::snark::{BooleanInputVar, SNARK}; -use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup}; +use ark_ec::{pairing::Pairing, AffineRepr}; use ark_ff::Field; use ark_r1cs_std::groups::CurveVar; use ark_r1cs_std::{ alloc::{AllocVar, AllocationMode}, - bits::boolean::Boolean, - bits::uint8::UInt8, + boolean::Boolean, + convert::{ToBitsGadget, ToBytesGadget}, eq::EqGadget, pairing::PairingVar, - ToBitsGadget, ToBytesGadget, + uint8::UInt8, }; use ark_relations::r1cs::{Namespace, SynthesisError}; use ark_std::{borrow::Borrow, marker::PhantomData, vec::Vec}; -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; +type BasePrimeField = <::BaseField as Field>::BasePrimeField; /// The proof variable for the Groth16 construction #[derive(Derivative)] #[derivative(Clone(bound = "P::G1Var: Clone, P::G2Var: Clone"))] -pub struct ProofVar>> { +pub struct ProofVar> { /// The `A` element in `G1`. pub a: P::G1Var, /// The `B` element in `G2`. @@ -34,11 +34,10 @@ pub struct ProofVar>> { /// A variable representing the Groth16 verifying key in the constraint system. #[derive(Derivative)] -#[derivative( - Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \ - P::G2PreparedVar: Clone, ") -)] -pub struct VerifyingKeyVar>> { +#[derivative(Clone( + bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, P::G2PreparedVar: Clone" +))] +pub struct VerifyingKeyVar> { #[doc(hidden)] pub alpha_g1: P::G1Var, #[doc(hidden)] @@ -51,7 +50,7 @@ pub struct VerifyingKeyVar>> { pub gamma_abc_g1: Vec, } -impl>> VerifyingKeyVar { +impl> VerifyingKeyVar { /// Prepare `self` for use in proof verification. pub fn prepare(&self) -> Result, SynthesisError> { let alpha_g1_pc = P::prepare_g1(&self.alpha_g1)?; @@ -76,7 +75,7 @@ impl>> VerifyingKeyVar { Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \ P::G2PreparedVar: Clone, ") )] -pub struct PreparedVerifyingKeyVar>> { +pub struct PreparedVerifyingKeyVar> { #[doc(hidden)] pub alpha_g1_beta_g2: P::GTVar, #[doc(hidden)] @@ -91,7 +90,7 @@ pub struct PreparedVerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, QAP: R1CSToQAP, { _pairing_engine: PhantomData, @@ -104,7 +103,7 @@ impl SNARKGadget, Groth16> where E: Pairing, QAP: R1CSToQAP, - P: PairingVar>, + P: PairingVar, { type ProcessedVerifyingKeyVar = PreparedVerifyingKeyVar; type VerifyingKeyVar = VerifyingKeyVar; @@ -267,7 +266,7 @@ impl for Groth16VerifierGadget where E: Pairing, - P: PairingVar>, + P: PairingVar, QAP: R1CSToQAP, { } @@ -275,7 +274,7 @@ where impl AllocVar, BasePrimeField> for PreparedVerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -325,7 +324,7 @@ where impl AllocVar, BasePrimeField> for VerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -368,7 +367,7 @@ where impl AllocVar, BasePrimeField> for ProofVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -392,18 +391,18 @@ where impl ToBytesGadget> for VerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[inline] #[tracing::instrument(target = "r1cs", skip(self))] - fn to_bytes(&self) -> Result>>, SynthesisError> { + fn to_bytes_le(&self) -> Result>>, SynthesisError> { let mut bytes = Vec::new(); - bytes.extend_from_slice(&self.alpha_g1.to_bytes()?); - bytes.extend_from_slice(&self.beta_g2.to_bytes()?); - bytes.extend_from_slice(&self.gamma_g2.to_bytes()?); - bytes.extend_from_slice(&self.delta_g2.to_bytes()?); + bytes.extend_from_slice(&self.alpha_g1.to_bytes_le()?); + bytes.extend_from_slice(&self.beta_g2.to_bytes_le()?); + bytes.extend_from_slice(&self.gamma_g2.to_bytes_le()?); + bytes.extend_from_slice(&self.delta_g2.to_bytes_le()?); for g in &self.gamma_abc_g1 { - bytes.extend_from_slice(&g.to_bytes()?); + bytes.extend_from_slice(&g.to_bytes_le()?); } Ok(bytes) } @@ -418,7 +417,7 @@ mod test { use ark_ff::{Field, UniformRand}; use ark_mnt4_298::{constraints::PairingVar as MNT4PairingVar, Fr as MNT4Fr, MNT4_298 as MNT4}; use ark_mnt6_298::Fr as MNT6Fr; - use ark_r1cs_std::bits::boolean::Boolean; + use ark_r1cs_std::boolean::Boolean; use ark_r1cs_std::{alloc::AllocVar, eq::EqGadget}; use ark_relations::{ lc, ns, diff --git a/src/generator.rs b/src/generator.rs index f45c3ab..91f7936 100644 --- a/src/generator.rs +++ b/src/generator.rs @@ -1,5 +1,5 @@ use crate::{r1cs_to_qap::R1CSToQAP, Groth16, ProvingKey, Vec, VerifyingKey}; -use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup, Group}; +use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup}; use ark_ff::{Field, PrimeField, UniformRand, Zero}; use ark_poly::{EvaluationDomain, GeneralEvaluationDomain}; use ark_relations::r1cs::{ @@ -148,11 +148,11 @@ impl Groth16 { // Generate the R1CS proving key let proving_key_time = start_timer!(|| "Generate the R1CS proving key"); - let alpha_g1 = g1_generator.mul_bigint(&alpha.into_bigint()); - let beta_g1 = g1_generator.mul_bigint(&beta.into_bigint()); - let beta_g2 = g2_generator.mul_bigint(&beta.into_bigint()); - let delta_g1 = g1_generator.mul_bigint(&delta.into_bigint()); - let delta_g2 = g2_generator.mul_bigint(&delta.into_bigint()); + let alpha_g1 = g1_generator * α + let beta_g1 = g1_generator * β + let beta_g2 = g2_generator * β + let delta_g1 = g1_generator * δ + let delta_g2 = g2_generator * δ // Compute the A-query let a_time = start_timer!(|| "Calculate A"); @@ -187,7 +187,7 @@ impl Groth16 { // Generate R1CS verification key let verifying_key_time = start_timer!(|| "Generate the R1CS verification key"); - let gamma_g2 = g2_generator.mul_bigint(&gamma.into_bigint()); + let gamma_g2 = g2_generator * γ let gamma_abc_g1 = FixedBase::msm::(scalar_bits, g1_window, &g1_table, &gamma_abc); drop(g1_table); diff --git a/src/lib.rs b/src/lib.rs index 514cf2a..3764f18 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -42,7 +42,7 @@ pub mod constraints; mod test; pub use self::data_structures::*; -pub use self::{generator::*, prover::*, verifier::*}; +pub use self::verifier::*; use ark_crypto_primitives::snark::*; use ark_ec::pairing::Pairing; diff --git a/src/prover.rs b/src/prover.rs index cfb7277..a741842 100644 --- a/src/prover.rs +++ b/src/prover.rs @@ -1,5 +1,5 @@ use crate::{r1cs_to_qap::R1CSToQAP, Groth16, Proof, ProvingKey, VerifyingKey}; -use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, Group, VariableBaseMSM}; +use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, VariableBaseMSM}; use ark_ff::{Field, PrimeField, UniformRand, Zero}; use ark_poly::GeneralEvaluationDomain; use ark_relations::r1cs::{ @@ -73,11 +73,7 @@ impl Groth16 { let l_aux_acc = E::G1::msm_bigint(&pk.l_query, &aux_assignment); - let r_s_delta_g1 = pk - .delta_g1 - .into_group() - .mul_bigint(&r.into_bigint()) - .mul_bigint(&s.into_bigint()); + let r_s_delta_g1 = pk.delta_g1 * (r * s); end_timer!(c_acc_time); @@ -95,7 +91,7 @@ impl Groth16 { let g_a = Self::calculate_coeff(r_g1, &pk.a_query, pk.vk.alpha_g1, &assignment); - let s_g_a = g_a.mul_bigint(&s.into_bigint()); + let s_g_a = g_a * &s; end_timer!(a_acc_time); // Compute B in G1 if needed @@ -115,7 +111,7 @@ impl Groth16 { let b_g2_acc_time = start_timer!(|| "Compute B in G2"); let s_g2 = pk.vk.delta_g2.mul(s); let g2_b = Self::calculate_coeff(s_g2, &pk.b_g2_query, pk.vk.beta_g2, &assignment); - let r_g1_b = g1_b.mul_bigint(&r.into_bigint()); + let r_g1_b = g1_b * &r; drop(assignment); end_timer!(b_g2_acc_time); diff --git a/src/test.rs b/src/test.rs index e46eb56..9ce5280 100644 --- a/src/test.rs +++ b/src/test.rs @@ -132,18 +132,18 @@ mod bls12_377 { } } -mod cp6_782 { +mod bw6_761 { use super::{test_prove_and_verify, test_rerandomize}; - use ark_cp6_782::CP6_782; + use ark_bw6_761::BW6_761; #[test] fn prove_and_verify() { - test_prove_and_verify::(1); + test_prove_and_verify::(1); } #[test] fn rerandomize() { - test_rerandomize::(); + test_rerandomize::(); } }