Constraints

Cargo.toml

@@ -25,7 +25,7 @@ ark-ff = { git = "https://github.com/arkworks-rs/algebra", default-features = fa
 ark-std = { git = "https://github.com/arkworks-rs/utils", default-features = false }
 ark-poly = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
 ark-relations = { git = "https://github.com/arkworks-rs/snark", default-features = false }
-ark-poly-commit = { git = "https://github.com/arkworks-rs/poly-commit", default-features = false }
+ark-poly-commit = { git = "https://github.com/arkworks-rs/poly-commit", branch = "constraints", default-features = false }
 bench-utils = { git = "https://github.com/arkworks-rs/utils", default-features = false }
 
 rand_core = { version = "0.5" }
@@ -34,10 +34,20 @@ rayon = { version = "1", optional = true }
 digest = { version = "0.8" }
 derivative = { version = "2", features = ["use_core"] }
 
+ark-ec = { git = "https://github.com/arkworks-rs/algebra", default-features = false }
+ark-crypto-primitives = { git = "https://github.com/arkworks-rs/crypto-primitives", branch = "main", default-features = false, features = [ "r1cs" ] }
+ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std", default-features = false }
+ark-nonnative-field = { git = "https://github.com/arkworks-rs/nonnative", default-features = false }
+ark-snark = { git = "https://github.com/arkworks-rs/snark", default-features = false }
+hashbrown = "0.9"
+tracing = { version = "0.1", default-features = false, features = [ "attributes" ] }
+tracing-subscriber = { version = "0.2", default-features = false, optional = true }
+
 [dev-dependencies]
 blake2 = { version = "0.8", default-features = false }
 ark-bls12-381 = { git = "https://github.com/arkworks-rs/curves", default-features = false, features = [ "curve" ] }
-
+ark-mnt4-298 = { git = "https://github.com/arkworks-rs/curves", default-features = false, features = [ "curve", "r1cs" ] }
+ark-mnt6-298 = { git = "https://github.com/arkworks-rs/curves", default-features = false }
 
 [profile.release]
 opt-level = 3
@@ -53,6 +63,7 @@ debug = true
 
 [features]
 default = ["std", "parallel"]
-std = [ "ark-ff/std", "ark-poly/std", "ark-relations/std", "ark-std/std", "ark-serialize/std", "ark-poly-commit/std" ]
+std = [ "ark-crypto-primitives/std", "tracing-subscriber", "ark-ff/std", "ark-nonnative-field/std", "ark-poly/std", "ark-relations/std", "ark-std/std", "ark-serialize/std", "ark-poly-commit/std" ]
 print-trace = [ "bench-utils/print-trace" ]
 parallel = [ "std", "ark-ff/parallel", "ark-poly/parallel", "ark-std/parallel", "ark-poly-commit/parallel", "rayon" ]
+density-optimized = [ "ark-nonnative-field/density-optimized" ]

README.md

@@ -39,7 +39,7 @@ rustup install stable
 
 After that, use `cargo` (the standard Rust build tool) to build the library:
 ```bash
-git clone https://github.com/scipr-lab/marlin.git
+git clone https://github.com/arkworks-rs/marlin.git
 cd marlin
 cargo build --release
 ```

src/ahp/constraint_systems.rs

@@ -2,15 +2,17 @@
 
 use crate::ahp::indexer::Matrix;
 use crate::ahp::*;
-use crate::{BTreeMap, Cow, ToString};
+use crate::ToString;
 use ark_ff::{Field, PrimeField};
 use ark_poly::{EvaluationDomain, Evaluations as EvaluationsOnDomain, GeneralEvaluationDomain};
+use ark_poly_commit::LabeledPolynomial;
 use ark_relations::{
  lc,
  r1cs::{ConstraintMatrices, ConstraintSystemRef},
 };
 use ark_std::cfg_iter_mut;
 use derivative::Derivative;
+use hashbrown::HashMap;
 
 /* ************************************************************************* */
 /* ************************************************************************* */
@@ -91,51 +93,51 @@ pub(crate) fn make_matrices_square<F: Field>(
 
 #[derive(Derivative)]
 #[derivative(Clone(bound = "F: PrimeField"))]
-pub struct MatrixEvals<'a, F: PrimeField> {
+pub struct MatrixEvals<F: PrimeField> {
  /// Evaluations of the LDE of row.
- pub row: Cow<'a, EvaluationsOnDomain<F>>,
+ pub row: EvaluationsOnDomain<F>,
  /// Evaluations of the LDE of col.
- pub col: Cow<'a, EvaluationsOnDomain<F>>,
+ pub col: EvaluationsOnDomain<F>,
  /// Evaluations of the LDE of val.
- pub val: Cow<'a, EvaluationsOnDomain<F>>,
+ pub val: EvaluationsOnDomain<F>,
 }
 
 /// Contains information about the arithmetization of the matrix M^*.
 /// Here `M^*(i, j) := M(j, i) * u_H(j, j)`. For more details, see [COS19].
 #[derive(Derivative)]
 #[derivative(Clone(bound = "F: PrimeField"))]
-pub struct MatrixArithmetization<'a, F: PrimeField> {
+pub struct MatrixArithmetization<F: PrimeField> {
  /// LDE of the row indices of M^*.
- pub row: LabeledPolynomial<F>,
+ pub row: LabeledPolynomial<F, DensePolynomial<F>>,
  /// LDE of the column indices of M^*.
- pub col: LabeledPolynomial<F>,
+ pub col: LabeledPolynomial<F, DensePolynomial<F>>,
  /// LDE of the non-zero entries of M^*.
- pub val: LabeledPolynomial<F>,
+ pub val: LabeledPolynomial<F, DensePolynomial<F>>,
  /// LDE of the vector containing entry-wise products of `row` and `col`,
  /// where `row` and `col` are as above.
- pub row_col: LabeledPolynomial<F>,
+ pub row_col: LabeledPolynomial<F, DensePolynomial<F>>,
 
  /// Evaluation of `self.row`, `self.col`, and `self.val` on the domain `K`.
- pub evals_on_K: MatrixEvals<'a, F>,
+ pub evals_on_K: MatrixEvals<F>,
 
  /// Evaluation of `self.row`, `self.col`, and, `self.val` on
  /// an extended domain B (of size > `3K`).
  // TODO: rename B everywhere.
- pub evals_on_B: MatrixEvals<'a, F>,
+ pub evals_on_B: MatrixEvals<F>,
 
  /// Evaluation of `self.row_col` on an extended domain B (of size > `3K`).
- pub row_col_evals_on_B: Cow<'a, EvaluationsOnDomain<F>>,
+ pub row_col_evals_on_B: EvaluationsOnDomain<F>,
 }
 
 // TODO for debugging: add test that checks result of arithmetize_matrix(M).
-pub(crate) fn arithmetize_matrix<'a, F: PrimeField>(
+pub(crate) fn arithmetize_matrix<F: PrimeField>(
  matrix_name: &str,
  matrix: &mut Matrix<F>,
  interpolation_domain: GeneralEvaluationDomain<F>,
  output_domain: GeneralEvaluationDomain<F>,
  input_domain: GeneralEvaluationDomain<F>,
  expanded_domain: GeneralEvaluationDomain<F>,
-) -> MatrixArithmetization<'a, F> {
+) -> MatrixArithmetization<F> {
  let matrix_time = start_timer!(|| "Computing row, col, and val LDEs");
 
  let elems: Vec<_> = output_domain.elements().collect();
@@ -145,7 +147,7 @@ pub(crate) fn arithmetize_matrix<'a, F: PrimeField>(
  let mut val_vec = Vec::new();
 
  let eq_poly_vals_time = start_timer!(|| "Precomputing eq_poly_vals");
- let eq_poly_vals: BTreeMap<F, F> = output_domain
+ let eq_poly_vals: HashMap<F, F> = output_domain
  .elements()
  .zip(output_domain.batch_eval_unnormalized_bivariate_lagrange_poly_with_same_inputs())
  .collect();
@@ -158,7 +160,7 @@ pub(crate) fn arithmetize_matrix<'a, F: PrimeField>(
 
  // Recall that we are computing the arithmetization of M^*,
  // where `M^*(i, j) := M(j, i) * u_H(j, j)`.
- for (r, row) in matrix.into_iter().enumerate() {
+ for (r, row) in matrix.iter_mut().enumerate() {
  if !is_in_ascending_order(&row, |(_, a), (_, b)| a < b) {
  row.sort_by(|(_, a), (_, b)| a.cmp(b));
  };
@@ -218,25 +220,25 @@ pub(crate) fn arithmetize_matrix<'a, F: PrimeField>(
 
  end_timer!(matrix_time);
  let evals_on_K = MatrixEvals {
- row: Cow::Owned(row_evals_on_K),
- col: Cow::Owned(col_evals_on_K),
- val: Cow::Owned(val_evals_on_K),
+ row: row_evals_on_K,
+ col: col_evals_on_K,
+ val: val_evals_on_K,
  };
  let evals_on_B = MatrixEvals {
- row: Cow::Owned(row_evals_on_B),
- col: Cow::Owned(col_evals_on_B),
- val: Cow::Owned(val_evals_on_B),
+ row: row_evals_on_B,
+ col: col_evals_on_B,
+ val: val_evals_on_B,
  };
 
  let m_name = matrix_name.to_string();
  MatrixArithmetization {
  row: LabeledPolynomial::new(m_name.clone() + "_row", row, None, None),
  col: LabeledPolynomial::new(m_name.clone() + "_col", col, None, None),
  val: LabeledPolynomial::new(m_name.clone() + "_val", val, None, None),
- row_col: LabeledPolynomial::new(m_name.clone() + "_row_col", row_col, None, None),
+ row_col: LabeledPolynomial::new(m_name + "_row_col", row_col, None, None),
  evals_on_K,
  evals_on_B,
- row_col_evals_on_B: Cow::Owned(row_col_evals_on_B),
+ row_col_evals_on_B,
  }
 }
 

src/ahp/indexer.rs

@@ -20,7 +20,7 @@ use core::marker::PhantomData;
 /// entries in any of the constraint matrices.
 #[derive(Derivative)]
 #[derivative(Clone(bound = ""), Copy(bound = ""))]
-pub struct IndexInfo<F, C> {
+pub struct IndexInfo<F> {
  /// The total number of variables in the constraint system.
  pub num_variables: usize,
  /// The number of constraints.
@@ -29,20 +29,18 @@ pub struct IndexInfo<F, C> {
  pub num_non_zero: usize,
 
  #[doc(hidden)]
- f: PhantomData<F>,
- #[doc(hidden)]
- cs: PhantomData<fn() -> C>,
+ pub f: PhantomData<F>,
 }
 
-impl<F: PrimeField, C: ConstraintSynthesizer<F>> ark_ff::ToBytes for IndexInfo<F, C> {
+impl<F: PrimeField> ark_ff::ToBytes for IndexInfo<F> {
  fn write<W: ark_std::io::Write>(&self, mut w: W) -> ark_std::io::Result<()> {
  (self.num_variables as u64).write(&mut w)?;
  (self.num_constraints as u64).write(&mut w)?;
  (self.num_non_zero as u64).write(&mut w)
  }
 }
 
-impl<F: PrimeField, C> IndexInfo<F, C> {
+impl<F: PrimeField> IndexInfo<F> {
  /// The maximum degree of polynomial required to represent this index in the
  /// the AHP.
  pub fn max_degree(&self) -> usize {
@@ -63,9 +61,9 @@ pub type Matrix<F> = Vec<Vec<(F, usize)>>;
 /// 2) `{a,b,c}` are the matrices defining the R1CS instance
 /// 3) `{a,b,c}_star_arith` are structs containing information about A^*, B^*, and C^*,
 /// which are matrices defined as `M^*(i, j) = M(j, i) * u_H(j, j)`.
-pub struct Index<'a, F: PrimeField, C> {
+pub struct Index<F: PrimeField> {
  /// Information about the index.
- pub index_info: IndexInfo<F, C>,
+ pub index_info: IndexInfo<F>,
 
  /// The A matrix for the R1CS instance
  pub a: Matrix<F>,
@@ -75,22 +73,22 @@ pub struct Index<'a, F: PrimeField, C> {
  pub c: Matrix<F>,
 
  /// Arithmetization of the A* matrix.
- pub a_star_arith: MatrixArithmetization<'a, F>,
+ pub a_star_arith: MatrixArithmetization<F>,
  /// Arithmetization of the B* matrix.
- pub b_star_arith: MatrixArithmetization<'a, F>,
+ pub b_star_arith: MatrixArithmetization<F>,
  /// Arithmetization of the C* matrix.
- pub c_star_arith: MatrixArithmetization<'a, F>,
+ pub c_star_arith: MatrixArithmetization<F>,
 }
 
-impl<'a, F: PrimeField, C: ConstraintSynthesizer<F>> Index<'a, F, C> {
+impl<'a, F: PrimeField> Index<F> {
  /// The maximum degree required to represent polynomials of this index.
  pub fn max_degree(&self) -> usize {
  self.index_info.max_degree()
  }
 
  /// Iterate over the indexed polynomials.
  pub fn iter(&self) -> impl Iterator<Item = &LabeledPolynomial<F>> {
- ark_std::vec![
+ vec![
  &self.a_star_arith.row,
  &self.a_star_arith.col,
  &self.a_star_arith.val,
@@ -110,7 +108,7 @@ impl<'a, F: PrimeField, C: ConstraintSynthesizer<F>> Index<'a, F, C> {
 
 impl<F: PrimeField> AHPForR1CS<F> {
  /// Generate the index for this constraint system.
- pub fn index<'a, C: ConstraintSynthesizer<F>>(c: C) -> Result<Index<'a, F, C>, Error> {
+ pub fn index<C: ConstraintSynthesizer<F>>(c: C) -> Result<Index<F>, Error> {
  let index_time = start_timer!(|| "AHP::Index");
 
  let constraint_time = start_timer!(|| "Generating constraints");
@@ -120,10 +118,10 @@ impl<F: PrimeField> AHPForR1CS<F> {
  end_timer!(constraint_time);
 
  let padding_time = start_timer!(|| "Padding matrices to make them square");
- make_matrices_square_for_indexer(ics.clone());
  end_timer!(padding_time);
  let matrix_processing_time = start_timer!(|| "Processing matrices");
- ics.inline_all_lcs();
+ ics.outline_lcs();
+ make_matrices_square_for_indexer(ics.clone());
  let matrices = ics.to_matrices().expect("should not be `None`");
  let num_non_zero_val = num_non_zero::<F>(&matrices);
  let (mut a, mut b, mut c) = (matrices.a, matrices.b, matrices.c);
@@ -150,7 +148,7 @@ impl<F: PrimeField> AHPForR1CS<F> {
  }
 
  if !Self::num_formatted_public_inputs_is_admissible(num_formatted_input_variables) {
- Err(Error::InvalidPublicInputLength)?
+ return Err(Error::InvalidPublicInputLength);
  }
 
  let index_info = IndexInfo {
@@ -159,7 +157,6 @@ impl<F: PrimeField> AHPForR1CS<F> {
  num_non_zero,
 
  f: PhantomData,
- cs: PhantomData,
  };
 
  let domain_h = GeneralEvaluationDomain::new(num_constraints)