diff --git a/Cargo.toml b/Cargo.toml index 43ce364..824a68b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] -name = "dpc" -version = "0.1.1-alpha.0" +name = "ark-dpc" +version = "0.3.0" authors = [ "Sean Bowe", "Alessandro Chiesa", @@ -10,9 +10,9 @@ authors = [ "Howard Wu" ] description = "A library for decentralized private computation" -homepage = "https://libzexe.org" -repository = "https://github.com/scipr/zexe" -documentation = "https://docs.rs/zexe/" +homepage = "https://arkworks.rs" +repository = "https://github.com/arkworks-rs/dpc" +documentation = "https://docs.rs/ark-dpc/" keywords = ["zero knowledge", "cryptography", "smart contracts", "cryptocurrency"] categories = ["cryptography"] include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] @@ -22,18 +22,21 @@ edition = "2018" ################################# Dependencies ################################ [dependencies] -algebra = { git = "https://github.com/scipr-lab/zexe", features = [ "bls12_377", "ed_on_bls12_377", "ed_on_cp6_782", "cp6_782" ] } -r1cs-core = { git = "https://github.com/scipr-lab/zexe" } -r1cs-std = { git = "https://github.com/scipr-lab/zexe", features = [ "bls12_377", "ed_on_bls12_377", "ed_on_cp6_782" ] } -crypto-primitives = { git = "https://github.com/scipr-lab/zexe", features = [ "groth16", "r1cs" ] } -groth16 = { git = "https://github.com/scipr-lab/zexe" } -bench-utils = { git = "https://github.com/scipr-lab/zexe" } - -rand = { version = "0.7" } +ark-std = { version = "0.3", default-features = false } +ark-ff = { version = "0.3", default-features = false } +ark-ec = { version = "0.3", default-features = false } +ark-bls12-377 = { version = "0.3", default-features = false, features = ["curve", "r1cs"] } +ark-ed-on-bls12-377 = { version = "0.3", default-features = false, features = ["r1cs"] } +ark-bw6-761 = { version = "0.3", default-features = false } +ark-ed-on-bw6-761 = { version = "0.3", default-features = false, features = ["r1cs"] } +ark-relations = { version = "0.3", default-features = false } +ark-r1cs-std = { version = "0.3", default-features = false } +ark-crypto-primitives = { version = "0.3", default-features = false, features = ["r1cs"] } +ark-groth16 = { version = "0.3", default-features = false, features = [ "r1cs" ] } + derivative = "2" [dev-dependencies] -rand_xorshift = { version = "0.2" } tracing-subscriber = { version = "0.2" } tracing = { version = "0.1", default-features = false } @@ -42,6 +45,6 @@ tracing = { version = "0.1", default-features = false } ################################## Features ################################### [features] -print-trace = [ "bench-utils/print-trace" ] +print-trace = [ "ark-std/print-trace" ] ############################################################################### diff --git a/src/constraints/delegable_dpc.rs b/src/constraints/delegable_dpc.rs index fe329b7..3bb024f 100644 --- a/src/constraints/delegable_dpc.rs +++ b/src/constraints/delegable_dpc.rs @@ -1,6 +1,6 @@ -use crypto_primitives::{ - merkle_tree, CommitmentGadget, CommitmentScheme, FixedLengthCRH, FixedLengthCRHGadget, - NIZKVerifierGadget, PRFGadget, SigRandomizePkGadget, SignatureScheme, PRF, +use ark_crypto_primitives::{ + merkle_tree, CRHGadget, CommitmentGadget, CommitmentScheme, PRFGadget, SNARKGadget, + SigRandomizePkGadget, SignatureScheme, CRH, PRF, }; use crate::dpc::{ @@ -10,9 +10,9 @@ use crate::dpc::{ }, Record, }; -use algebra::{to_bytes, FpParameters, PrimeField, ToConstraintField}; -use r1cs_core::{ConstraintSystemRef, SynthesisError}; -use r1cs_std::{boolean::Boolean, prelude::*}; +use ark_ff::{to_bytes, FpParameters, PrimeField, ToConstraintField}; +use ark_r1cs_std::{boolean::Boolean, prelude::*}; +use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; pub fn execute_core_checks_gadget( cs: ConstraintSystemRef, @@ -130,12 +130,12 @@ where >, AddrC: CommitmentScheme, RecC: CommitmentScheme, - SnNonceH: FixedLengthCRH, + SnNonceH: CRH, P: PRF, RecC::Output: Eq, AddrCGadget: CommitmentGadget, RecCGadget: CommitmentGadget, - SnNonceHGadget: FixedLengthCRHGadget, + SnNonceHGadget: CRHGadget, PGadget: PRFGadget, { let mut old_sns = Vec::with_capacity(old_records.len()); @@ -170,43 +170,42 @@ where sig_pp, ledger_pp, ) = { - let _ns = r1cs_core::ns!(cs, "Declare Comm and CRH parameters"); + let _ns = ark_relations::ns!(cs, "Declare Comm and CRH parameters"); let addr_comm_pp = AddrCGadget::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare Addr Comm parameters"), + ark_relations::ns!(cs, "Declare Addr Comm parameters"), || Ok(&comm_crh_sig_parameters.addr_comm_pp), )?; let rec_comm_pp = RecCGadget::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare Rec Comm parameters"), + ark_relations::ns!(cs, "Declare Rec Comm parameters"), || Ok(&comm_crh_sig_parameters.rec_comm_pp), )?; let local_data_comm_pp = >::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare Pred Input Comm parameters"), + ark_relations::ns!(cs, "Declare Pred Input Comm parameters"), || Ok(&comm_crh_sig_parameters.local_data_comm_pp), )?; let pred_vk_comm_pp = >::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare Pred Vk COMM parameters"), + ark_relations::ns!(cs, "Declare Pred Vk COMM parameters"), || Ok(&comm_crh_sig_parameters.pred_vk_comm_pp), )?; let sn_nonce_crh_pp = SnNonceHGadget::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare SN Nonce CRH parameters"), + ark_relations::ns!(cs, "Declare SN Nonce CRH parameters"), || Ok(&comm_crh_sig_parameters.sn_nonce_crh_pp), )?; let sig_pp = >::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare SIG Parameters"), + ark_relations::ns!(cs, "Declare SIG Parameters"), || Ok(&comm_crh_sig_parameters.sig_pp), )?; - let ledger_pp = - >::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare Ledger Parameters"), - || Ok(ledger_parameters), - )?; + let ledger_pp = >::ParametersVar::new_input( + ark_relations::ns!(cs, "Declare Ledger Parameters"), + || Ok(ledger_parameters), + )?; ( addr_comm_pp, rec_comm_pp, @@ -218,8 +217,8 @@ where ) }; - let digest_gadget = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Declare ledger digest"), + let digest_gadget = >::OutputVar::new_input( + ark_relations::ns!(cs, "Declare ledger digest"), || Ok(ledger_digest), )?; @@ -229,7 +228,7 @@ where .zip(old_address_secret_keys) .zip(old_serial_numbers) { - let _ns = r1cs_core::ns!(cs, "Process input record"); + let _ns = ark_relations::ns!(cs, "Process input record"); // Declare record contents let ( given_apk, @@ -241,51 +240,51 @@ where given_comm_rand, sn_nonce, ) = { - let _declare_ns = r1cs_core::ns!(cs, "Declare input record"); + let _declare_ns = ark_relations::ns!(cs, "Declare input record"); // No need to check that commitments, public keys and hashes are in // prime order subgroup because the commitment and CRH parameters // are trusted, and so when we recompute these, the newly computed // values will always be in correct subgroup. If the input cm, pk // or hash is incorrect, then it will not match the computed equivalent. let given_apk = - AddrCGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Addr PubKey"), || { + AddrCGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Addr PubKey"), || { Ok(&record.address_public_key().public_key) })?; old_apks.push(given_apk.clone()); let given_commitment = - RecCGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Commitment"), || { + RecCGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Commitment"), || { Ok(record.commitment()) })?; old_rec_comms.push(given_commitment.clone()); let given_is_dummy = - Boolean::new_witness(r1cs_core::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; + Boolean::new_witness(ark_relations::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; old_dummy_flags.push(given_is_dummy.clone()); let given_payload = - UInt8::new_witness_vec(r1cs_core::ns!(cs, "Payload"), record.payload())?; + UInt8::new_witness_vec(ark_relations::ns!(cs, "Payload"), record.payload())?; old_payloads.push(given_payload.clone()); let given_birth_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Birth predicate"), + ark_relations::ns!(cs, "Birth predicate"), &record.birth_predicate_repr(), )?; old_birth_pred_hashes.push(given_birth_pred_hash.clone()); let given_death_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Death predicate"), + ark_relations::ns!(cs, "Death predicate"), &record.death_predicate_repr(), )?; old_death_pred_hashes.push(given_death_pred_hash.clone()); let given_comm_rand = RecCGadget::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(record.commitment_randomness()), )?; let sn_nonce = - SnNonceHGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Sn nonce"), || { + SnNonceHGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Sn nonce"), || { Ok(record.serial_number_nonce()) })?; ( @@ -306,11 +305,11 @@ where // transaction set digest. // ******************************************************************** { - let _witness_ns = r1cs_core::ns!(cs, "Check membership witness"); + let _witness_ns = ark_relations::ns!(cs, "Check membership witness"); let witness = merkle_tree::constraints::PathVar::<_, C::MerkleTreeHGadget, _>::new_witness( - r1cs_core::ns!(cs, "Declare witness"), + ark_relations::ns!(cs, "Declare witness"), || Ok(witness), )?; @@ -328,20 +327,20 @@ where let (sk_prf, pk_sig) = { // Declare variables for addr_sk contents. - let _address_ns = r1cs_core::ns!(cs, "Check address keypair"); + let _address_ns = ark_relations::ns!(cs, "Check address keypair"); let pk_sig = >::PublicKeyVar::new_witness( - r1cs_core::ns!(cs, "Declare pk_sig"), + ark_relations::ns!(cs, "Declare pk_sig"), || Ok(&secret_key.pk_sig), )?; let pk_sig_bytes = pk_sig.to_bytes()?; let sk_prf = PGadget::new_seed(cs.clone(), &secret_key.sk_prf); let metadata = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Declare metadata"), + ark_relations::ns!(cs, "Declare metadata"), &secret_key.metadata, )?; let r_pk = AddrCGadget::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Declare r_pk"), + ark_relations::ns!(cs, "Declare r_pk"), || Ok(&secret_key.r_pk), )?; @@ -360,7 +359,7 @@ where // Check that the serial number is derived correctly. // ******************************************************************** let sn_nonce_bytes = { - let _sn_ns = r1cs_core::ns!(cs, "Check that sn is derived correctly"); + let _sn_ns = ark_relations::ns!(cs, "Check that sn is derived correctly"); let sn_nonce_bytes = sn_nonce.to_bytes()?; @@ -371,7 +370,7 @@ where let candidate_sn = C::SGadget::randomize(&sig_pp, &pk_sig, &randomizer_bytes)?; let given_sn = >::PublicKeyVar::new_input( - r1cs_core::ns!(cs, "Declare given serial number"), + ark_relations::ns!(cs, "Declare given serial number"), || Ok(given_serial_number), )?; @@ -384,7 +383,7 @@ where // Check that the record is well-formed. { - let _comm_ns = r1cs_core::ns!(cs, "Check that record is well-formed"); + let _comm_ns = ark_relations::ns!(cs, "Check that record is well-formed"); let apk_bytes = given_apk.to_bytes()?; let is_dummy_bytes = given_is_dummy.to_bytes()?; @@ -402,7 +401,7 @@ where } let sn_nonce_input = { - let _ns = r1cs_core::ns!(cs, "Convert input serial numbers to bytes"); + let _ns = ark_relations::ns!(cs, "Convert input serial numbers to bytes"); let mut sn_nonce_input = Vec::new(); for old_sn in old_sns.iter() { let bytes = old_sn.to_bytes()?; @@ -417,7 +416,7 @@ where .zip(new_commitments) .enumerate() { - let _ns = r1cs_core::ns!(cs, "Process output record"); + let _ns = ark_relations::ns!(cs, "Process output record"); let j = j as u8; let ( @@ -431,48 +430,48 @@ where given_comm_rand, sn_nonce, ) = { - let _declare_ns = r1cs_core::ns!(cs, "Declare output record"); + let _declare_ns = ark_relations::ns!(cs, "Declare output record"); let given_apk = - AddrCGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Addr PubKey"), || { + AddrCGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Addr PubKey"), || { Ok(&record.address_public_key().public_key) })?; new_apks.push(given_apk.clone()); let given_record_comm = RecCGadget::OutputVar::new_witness( - r1cs_core::ns!(cs, "Record Commitment"), + ark_relations::ns!(cs, "Record Commitment"), || Ok(record.commitment()), )?; new_rec_comms.push(given_record_comm.clone()); - let given_comm = - RecCGadget::OutputVar::new_input(r1cs_core::ns!(cs, "Given Commitment"), || { - Ok(commitment) - })?; + let given_comm = RecCGadget::OutputVar::new_input( + ark_relations::ns!(cs, "Given Commitment"), + || Ok(commitment), + )?; let given_is_dummy = - Boolean::new_witness(r1cs_core::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; + Boolean::new_witness(ark_relations::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; new_dummy_flags.push(given_is_dummy.clone()); let given_payload = - UInt8::new_witness_vec(r1cs_core::ns!(cs, "Payload"), record.payload())?; + UInt8::new_witness_vec(ark_relations::ns!(cs, "Payload"), record.payload())?; new_payloads.push(given_payload.clone()); let given_birth_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Birth predicate"), + ark_relations::ns!(cs, "Birth predicate"), &record.birth_predicate_repr(), )?; new_birth_pred_hashes.push(given_birth_pred_hash.clone()); let given_death_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Death predicate"), + ark_relations::ns!(cs, "Death predicate"), &record.death_predicate_repr(), )?; new_death_pred_hashes.push(given_death_pred_hash.clone()); let given_comm_rand = RecCGadget::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(record.commitment_randomness()), )?; let sn_nonce = - SnNonceHGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Sn nonce"), || { + SnNonceHGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Sn nonce"), || { Ok(record.serial_number_nonce()) })?; @@ -493,12 +492,13 @@ where // Check that the serial number nonce is computed correctly. // ******************************************************************* { - let _sn_ns = r1cs_core::ns!(cs, "Check that serial number nonce is computed correctly"); + let _sn_ns = + ark_relations::ns!(cs, "Check that serial number nonce is computed correctly"); let cur_record_num = UInt8::constant(j); let mut cur_record_num_bytes_le = vec![cur_record_num]; let sn_nonce_randomness = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Allocate serial number nonce randomness"), + ark_relations::ns!(cs, "Allocate serial number nonce randomness"), sn_nonce_rand, )?; cur_record_num_bytes_le.extend_from_slice(&sn_nonce_randomness); @@ -515,7 +515,7 @@ where // Check that the record is well-formed. // ******************************************************************* { - let _comm_cs = r1cs_core::ns!(cs, "Check that record is well-formed"); + let _comm_cs = ark_relations::ns!(cs, "Check that record is well-formed"); let apk_bytes = given_apk.to_bytes()?; let is_dummy_bytes = given_is_dummy.to_bytes()?; let sn_nonce_bytes = sn_nonce.to_bytes()?; @@ -538,7 +538,7 @@ where // Check that predicate commitment is well formed. // ******************************************************************* { - let _comm_ns = r1cs_core::ns!(cs, "Check that predicate commitment is well-formed"); + let _comm_ns = ark_relations::ns!(cs, "Check that predicate commitment is well-formed"); let mut input = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { @@ -551,13 +551,13 @@ where let given_comm_rand = >::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(predicate_rand), )?; let given_comm = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Commitment output"), + ark_relations::ns!(cs, "Commitment output"), || Ok(predicate_comm), )?; @@ -571,11 +571,11 @@ where candidate_commitment.enforce_equal(&given_comm)?; } { - let _ns = r1cs_core::ns!(cs, "Check that local data commitment is valid."); + let _ns = ark_relations::ns!(cs, "Check that local data commitment is valid."); let mut local_data_bytes = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Construct local data with Input Record"); + let _ns = ark_relations::ns!(cs, "Construct local data with Input Record"); local_data_bytes.extend_from_slice(&old_rec_comms[i].to_bytes()?); local_data_bytes.extend_from_slice(&old_apks[i].to_bytes()?); local_data_bytes.extend_from_slice(&old_dummy_flags[i].to_bytes()?); @@ -586,7 +586,7 @@ where } for j in 0..C::NUM_OUTPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Construct local data with Output Record"); + let _ns = ark_relations::ns!(cs, "Construct local data with Output Record"); local_data_bytes.extend_from_slice(&new_rec_comms[j].to_bytes()?); local_data_bytes.extend_from_slice(&new_apks[j].to_bytes()?); local_data_bytes.extend_from_slice(&new_dummy_flags[j].to_bytes()?); @@ -594,22 +594,24 @@ where local_data_bytes.extend_from_slice(&new_birth_pred_hashes[j]); local_data_bytes.extend_from_slice(&new_death_pred_hashes[j]); } - let memo = UInt8::new_input_vec(r1cs_core::ns!(cs, "Allocate memorandum"), memo)?; + let memo = UInt8::new_input_vec(ark_relations::ns!(cs, "Allocate memorandum"), memo)?; local_data_bytes.extend_from_slice(&memo); - let auxiliary = - UInt8::new_witness_vec(r1cs_core::ns!(cs, "Allocate auxiliary input"), auxiliary)?; + let auxiliary = UInt8::new_witness_vec( + ark_relations::ns!(cs, "Allocate auxiliary input"), + auxiliary, + )?; local_data_bytes.extend_from_slice(&auxiliary); let local_data_comm_rand = >::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Allocate local data commitment randomness"), + ark_relations::ns!(cs, "Allocate local data commitment randomness"), || Ok(local_data_rand), )?; let declared_local_data_comm = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Allocate local data commitment"), + ark_relations::ns!(cs, "Allocate local data commitment"), || Ok(local_data_comm), )?; @@ -647,18 +649,19 @@ where { // Declare public parameters. let (pred_vk_comm_pp, pred_vk_crh_pp) = { - let _ns = r1cs_core::ns!(cs, "Declare Comm and CRH parameters"); + let _ns = ark_relations::ns!(cs, "Declare Comm and CRH parameters"); let pred_vk_comm_pp = >::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare Pred Vk COMM parameters"), + ark_relations::ns!(cs, "Declare Pred Vk COMM parameters"), || Ok(&comm_crh_sig_parameters.pred_vk_comm_pp), )?; - let pred_vk_crh_pp = >::ParametersVar::new_input( - r1cs_core::ns!(cs, "Declare Pred Vk CRH parameters"), - || Ok(&comm_crh_sig_parameters.pred_vk_crh_pp), - )?; + let pred_vk_crh_pp = + >::ParametersVar::new_input( + ark_relations::ns!(cs, "Declare Pred Vk CRH parameters"), + || Ok(&comm_crh_sig_parameters.pred_vk_crh_pp), + )?; (pred_vk_comm_pp, pred_vk_crh_pp) }; @@ -682,7 +685,7 @@ where // We new_witnessate these bytes let local_data_new_witness_bytes = UInt8::new_input_vec( - r1cs_core::ns!(cs, "Allocate predicate input commitment bytes"), + ark_relations::ns!(cs, "Allocate predicate input commitment bytes"), &local_data_bytes, )?; @@ -708,17 +711,17 @@ where let mut old_death_pred_hashes = Vec::new(); let mut new_birth_pred_hashes = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Check death predicate for input record"); + let _ns = ark_relations::ns!(cs, "Check death predicate for input record"); let death_pred_proof = - >::ProofVar::new_witness( - r1cs_core::ns!(cs, "Allocate proof"), + >::ProofVar::new_witness( + ark_relations::ns!(cs, "Allocate proof"), || Ok(&old_death_pred_vk_and_pf[i].proof), )?; let death_pred_vk = - >::new_verification_key_unchecked( - r1cs_core::ns!(cs, "Allocate verification key"), + >::new_verification_key_unchecked( + ark_relations::ns!(cs, "Allocate verification key"), || Ok(&old_death_pred_vk_and_pf[i].vk), AllocationMode::Witness, )?; @@ -742,17 +745,17 @@ where } for j in 0..C::NUM_OUTPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Check birth predicate for output record"); + let _ns = ark_relations::ns!(cs, "Check birth predicate for output record"); let birth_pred_proof = - >::ProofVar::new_witness( - r1cs_core::ns!(cs, "Allocate proof"), + >::ProofVar::new_witness( + ark_relations::ns!(cs, "Allocate proof"), || Ok(&new_birth_pred_vk_and_pf[j].proof), )?; let birth_pred_vk = - >::new_verification_key_unchecked( - r1cs_core::ns!(cs, "Allocate verification key"), + >::new_verification_key_unchecked( + ark_relations::ns!(cs, "Allocate verification key"), || Ok(&new_birth_pred_vk_and_pf[j].vk), AllocationMode::Witness, )?; @@ -775,7 +778,7 @@ where .enforce_equal(&Boolean::TRUE)?; } { - let _comm_ns = r1cs_core::ns!(cs, "Check that predicate commitment is well-formed"); + let _comm_ns = ark_relations::ns!(cs, "Check that predicate commitment is well-formed"); let mut input = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { @@ -788,13 +791,13 @@ where let given_comm_rand = >::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(predicate_rand), )?; let given_comm = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Commitment output"), + ark_relations::ns!(cs, "Commitment output"), || Ok(predicate_comm), )?; diff --git a/src/constraints/mod.rs b/src/constraints/mod.rs index 1854bae..8af18af 100644 --- a/src/constraints/mod.rs +++ b/src/constraints/mod.rs @@ -2,14 +2,14 @@ pub mod delegable_dpc; pub mod plain_dpc; pub trait Assignment { - fn get(&self) -> Result<&T, r1cs_core::SynthesisError>; + fn get(&self) -> Result<&T, ark_relations::r1cs::SynthesisError>; } impl Assignment for Option { - fn get(&self) -> Result<&T, r1cs_core::SynthesisError> { + fn get(&self) -> Result<&T, ark_relations::r1cs::SynthesisError> { match *self { Some(ref v) => Ok(v), - None => Err(r1cs_core::SynthesisError::AssignmentMissing), + None => Err(ark_relations::r1cs::SynthesisError::AssignmentMissing), } } } diff --git a/src/constraints/plain_dpc.rs b/src/constraints/plain_dpc.rs index 90d0910..4e7e1e4 100644 --- a/src/constraints/plain_dpc.rs +++ b/src/constraints/plain_dpc.rs @@ -5,15 +5,14 @@ use crate::dpc::{ }, Record, }; -use algebra::{to_bytes, ToConstraintField}; -use crypto_primitives::{ - merkle_tree, CommitmentGadget, CommitmentScheme, FixedLengthCRH, FixedLengthCRHGadget, - NIZKVerifierGadget, PRFGadget, PRF, +use ark_crypto_primitives::{ + merkle_tree, CRHGadget, CommitmentGadget, CommitmentScheme, PRFGadget, SNARKGadget, CRH, PRF, }; -use r1cs_core::{ConstraintSystemRef, SynthesisError}; -use r1cs_std::prelude::*; +use ark_ff::{to_bytes, ToConstraintField}; +use ark_r1cs_std::prelude::*; +use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; -use r1cs_std::boolean::Boolean; +use ark_r1cs_std::boolean::Boolean; pub fn execute_core_checks_gadget( cs: ConstraintSystemRef, @@ -131,12 +130,12 @@ where >, AddrC: CommitmentScheme, RecC: CommitmentScheme, - SnNonceH: FixedLengthCRH, + SnNonceH: CRH, P: PRF, RecC::Output: Eq, AddrCGadget: CommitmentGadget, RecCGadget: CommitmentGadget, - SnNonceHGadget: FixedLengthCRHGadget, + SnNonceHGadget: CRHGadget, PGadget: PRFGadget, { let mut old_sns = Vec::with_capacity(old_records.len()); @@ -170,39 +169,38 @@ where sn_nonce_crh_pp, ledger_pp, ) = { - let _ns = r1cs_core::ns!(cs, "Declare Comm and CRH parameters"); + let _ns = ark_relations::ns!(cs, "Declare Comm and CRH parameters"); let addr_comm_pp = AddrCGadget::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Addr Comm parameters"), + ark_relations::ns!(cs, "Declare Addr Comm parameters"), &comm_crh_parameters.addr_comm_pp, )?; let rec_comm_pp = RecCGadget::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Rec Comm parameters"), + ark_relations::ns!(cs, "Declare Rec Comm parameters"), &comm_crh_parameters.rec_comm_pp, )?; let local_data_comm_pp = >::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Local Data Comm parameters"), + ark_relations::ns!(cs, "Declare Local Data Comm parameters"), &comm_crh_parameters.local_data_comm_pp, )?; let pred_vk_comm_pp = >::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Pred Vk COMM parameters"), + ark_relations::ns!(cs, "Declare Pred Vk COMM parameters"), &comm_crh_parameters.pred_vk_comm_pp, )?; let sn_nonce_crh_pp = SnNonceHGadget::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare SN Nonce CRH parameters"), + ark_relations::ns!(cs, "Declare SN Nonce CRH parameters"), &comm_crh_parameters.sn_nonce_crh_pp, )?; - let ledger_pp = - >::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Ledger Parameters"), - ledger_parameters, - )?; + let ledger_pp = >::ParametersVar::new_constant( + ark_relations::ns!(cs, "Declare Ledger Parameters"), + ledger_parameters, + )?; ( addr_comm_pp, rec_comm_pp, @@ -213,8 +211,8 @@ where ) }; - let digest_gadget = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Declare ledger digest"), + let digest_gadget = >::OutputVar::new_input( + ark_relations::ns!(cs, "Declare ledger digest"), || Ok(ledger_digest), )?; @@ -224,7 +222,7 @@ where .zip(old_address_secret_keys) .zip(old_serial_numbers) { - let _input_ns = r1cs_core::ns!(cs, "Process input record"); + let _input_ns = ark_relations::ns!(cs, "Process input record"); // Declare record contents let ( given_apk, @@ -236,51 +234,51 @@ where given_comm_rand, sn_nonce, ) = { - let _declare_ns = r1cs_core::ns!(cs, "Declare input record"); + let _declare_ns = ark_relations::ns!(cs, "Declare input record"); // No need to check that commitments, public keys and hashes are in // prime order subgroup because the commitment and CRH parameters // are trusted, and so when we recompute these, the newly computed // values will always be in correct subgroup. If the input cm, pk // or hash is incorrect, then it will not match the computed equivalent. let given_apk = - AddrCGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Addr PubKey"), || { + AddrCGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Addr PubKey"), || { Ok(&record.address_public_key().public_key) })?; old_apks.push(given_apk.clone()); let given_commitment = - RecCGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Commitment"), || { + RecCGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Commitment"), || { Ok(record.commitment()) })?; old_rec_comms.push(given_commitment.clone()); let given_is_dummy = - Boolean::new_witness(r1cs_core::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; + Boolean::new_witness(ark_relations::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; old_dummy_flags.push(given_is_dummy.clone()); let given_payload = - UInt8::new_witness_vec(r1cs_core::ns!(cs, "Payload"), record.payload())?; + UInt8::new_witness_vec(ark_relations::ns!(cs, "Payload"), record.payload())?; old_payloads.push(given_payload.clone()); let given_birth_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Birth predicate"), + ark_relations::ns!(cs, "Birth predicate"), &record.birth_predicate_repr(), )?; old_birth_pred_hashes.push(given_birth_pred_hash.clone()); let given_death_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Death predicate"), + ark_relations::ns!(cs, "Death predicate"), &record.death_predicate_repr(), )?; old_death_pred_hashes.push(given_death_pred_hash.clone()); let given_comm_rand = RecCGadget::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(record.commitment_randomness()), )?; let sn_nonce = - SnNonceHGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Sn nonce"), || { + SnNonceHGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Sn nonce"), || { Ok(record.serial_number_nonce()) })?; ( @@ -301,11 +299,11 @@ where // transaction set digest. // ******************************************************************** { - let _witness_ns = r1cs_core::ns!(cs, "Check membership witness"); + let _witness_ns = ark_relations::ns!(cs, "Check membership witness"); let witness = merkle_tree::constraints::PathVar::<_, C::MerkleTreeHGadget, _>::new_witness( - r1cs_core::ns!(cs, "Declare witness"), + ark_relations::ns!(cs, "Declare witness"), || Ok(witness), )?; @@ -323,14 +321,14 @@ where let sk_prf = { // Declare variables for addr_sk contents. - let _address_ns = r1cs_core::ns!(cs, "Check address keypair"); + let _address_ns = ark_relations::ns!(cs, "Check address keypair"); let sk_prf = PGadget::new_seed(cs.clone(), &secret_key.sk_prf); let metadata = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Declare metadata"), + ark_relations::ns!(cs, "Declare metadata"), &secret_key.metadata, )?; let r_pk = AddrCGadget::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Declare r_pk"), + ark_relations::ns!(cs, "Declare r_pk"), || Ok(&secret_key.r_pk), )?; @@ -348,7 +346,7 @@ where // Check that the serial number is derived correctly. // ******************************************************************** let sn_nonce_bytes = { - let _sn_ns = r1cs_core::ns!(cs, "Check that sn is derived correctly"); + let _sn_ns = ark_relations::ns!(cs, "Check that sn is derived correctly"); let sn_nonce_bytes = sn_nonce.to_bytes()?; @@ -356,7 +354,7 @@ where let candidate_serial_number = PGadget::evaluate(&prf_seed, &sn_nonce_bytes)?; let given_sn = PGadget::OutputVar::new_input( - r1cs_core::ns!(cs, "Declare given serial number"), + ark_relations::ns!(cs, "Declare given serial number"), || Ok(given_serial_number), )?; @@ -368,7 +366,7 @@ where // Check that the record is well-formed. { - let _comm_ns = r1cs_core::ns!(cs, "Check that record is well-formed"); + let _comm_ns = ark_relations::ns!(cs, "Check that record is well-formed"); let apk_bytes = given_apk.to_bytes()?; let is_dummy_bytes = given_is_dummy.to_bytes()?; @@ -386,7 +384,7 @@ where } let sn_nonce_input = { - let _ns = r1cs_core::ns!(cs, "Convert input serial numbers to bytes"); + let _ns = ark_relations::ns!(cs, "Convert input serial numbers to bytes"); let mut sn_nonce_input = Vec::new(); for (_i, old_sn) in old_sns.iter().enumerate() { let bytes = old_sn.to_bytes()?; @@ -401,7 +399,7 @@ where .zip(new_commitments) .enumerate() { - let _ns = r1cs_core::ns!(cs, "Process output record"); + let _ns = ark_relations::ns!(cs, "Process output record"); let j = j as u8; let ( @@ -415,48 +413,48 @@ where given_comm_rand, sn_nonce, ) = { - let _declare_ns = r1cs_core::ns!(cs, "Declare output record"); + let _declare_ns = ark_relations::ns!(cs, "Declare output record"); let given_apk = - AddrCGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Addr PubKey"), || { + AddrCGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Addr PubKey"), || { Ok(&record.address_public_key().public_key) })?; new_apks.push(given_apk.clone()); let given_record_comm = RecCGadget::OutputVar::new_witness( - r1cs_core::ns!(cs, "Record Commitment"), + ark_relations::ns!(cs, "Record Commitment"), || Ok(record.commitment()), )?; new_rec_comms.push(given_record_comm.clone()); - let given_comm = - RecCGadget::OutputVar::new_input(r1cs_core::ns!(cs, "Given Commitment"), || { - Ok(commitment) - })?; + let given_comm = RecCGadget::OutputVar::new_input( + ark_relations::ns!(cs, "Given Commitment"), + || Ok(commitment), + )?; let given_is_dummy = - Boolean::new_witness(r1cs_core::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; + Boolean::new_witness(ark_relations::ns!(cs, "is_dummy"), || Ok(record.is_dummy()))?; new_dummy_flags.push(given_is_dummy.clone()); let given_payload = - UInt8::new_witness_vec(r1cs_core::ns!(cs, "Payload"), record.payload())?; + UInt8::new_witness_vec(ark_relations::ns!(cs, "Payload"), record.payload())?; new_payloads.push(given_payload.clone()); let given_birth_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Birth predicate"), + ark_relations::ns!(cs, "Birth predicate"), &record.birth_predicate_repr(), )?; new_birth_pred_hashes.push(given_birth_pred_hash.clone()); let given_death_pred_hash = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Death predicate"), + ark_relations::ns!(cs, "Death predicate"), &record.death_predicate_repr(), )?; new_death_pred_hashes.push(given_death_pred_hash.clone()); let given_comm_rand = RecCGadget::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(record.commitment_randomness()), )?; let sn_nonce = - SnNonceHGadget::OutputVar::new_witness(r1cs_core::ns!(cs, "Sn nonce"), || { + SnNonceHGadget::OutputVar::new_witness(ark_relations::ns!(cs, "Sn nonce"), || { Ok(record.serial_number_nonce()) })?; @@ -477,13 +475,14 @@ where // Check that the serial number nonce is computed correctly. // ******************************************************************* { - let _sn_ns = r1cs_core::ns!(cs, "Check that serial number nonce is computed correctly"); + let _sn_ns = + ark_relations::ns!(cs, "Check that serial number nonce is computed correctly"); let cur_record_num = UInt8::constant(j); let mut cur_record_num_bytes_le = vec![cur_record_num]; let sn_nonce_randomness = UInt8::new_witness_vec( - r1cs_core::ns!(cs, "Allocate serial number nonce randomness"), + ark_relations::ns!(cs, "Allocate serial number nonce randomness"), sn_nonce_rand, )?; cur_record_num_bytes_le.extend_from_slice(&sn_nonce_randomness); @@ -500,7 +499,7 @@ where // Check that the record is well-formed. // ******************************************************************* { - let _comm_ns = r1cs_core::ns!(cs, "Check that record is well-formed"); + let _comm_ns = ark_relations::ns!(cs, "Check that record is well-formed"); let apk_bytes = given_apk.to_bytes()?; let is_dummy_bytes = given_is_dummy.to_bytes()?; let sn_nonce_bytes = sn_nonce.to_bytes()?; @@ -523,7 +522,7 @@ where // Check that predicate commitment is well formed. // ******************************************************************* { - let _comm_ns = r1cs_core::ns!(cs, "Check that predicate commitment is well-formed"); + let _comm_ns = ark_relations::ns!(cs, "Check that predicate commitment is well-formed"); let mut input = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { @@ -536,13 +535,13 @@ where let given_comm_rand = >::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(predicate_rand), )?; let given_comm = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Commitment output"), + ark_relations::ns!(cs, "Commitment output"), || Ok(predicate_comm), )?; @@ -556,11 +555,11 @@ where candidate_commitment.enforce_equal(&given_comm)?; } { - let _ns = r1cs_core::ns!(cs, "Check that local data commitment is valid."); + let _ns = ark_relations::ns!(cs, "Check that local data commitment is valid."); let mut local_data_bytes = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Construct local data with Input Record"); + let _ns = ark_relations::ns!(cs, "Construct local data with Input Record"); local_data_bytes.extend_from_slice(&old_rec_comms[i].to_bytes()?); local_data_bytes.extend_from_slice(&old_apks[i].to_bytes()?); local_data_bytes.extend_from_slice(&old_dummy_flags[i].to_bytes()?); @@ -571,7 +570,7 @@ where } for j in 0..C::NUM_OUTPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Construct local data with Output Record"); + let _ns = ark_relations::ns!(cs, "Construct local data with Output Record"); local_data_bytes.extend_from_slice(&new_rec_comms[j].to_bytes()?); local_data_bytes.extend_from_slice(&new_apks[j].to_bytes()?); local_data_bytes.extend_from_slice(&new_dummy_flags[j].to_bytes()?); @@ -579,22 +578,24 @@ where local_data_bytes.extend_from_slice(&new_birth_pred_hashes[j]); local_data_bytes.extend_from_slice(&new_death_pred_hashes[j]); } - let memo = UInt8::new_input_vec(r1cs_core::ns!(cs, "Allocate memorandum"), memo)?; + let memo = UInt8::new_input_vec(ark_relations::ns!(cs, "Allocate memorandum"), memo)?; local_data_bytes.extend_from_slice(&memo); - let auxiliary = - UInt8::new_witness_vec(r1cs_core::ns!(cs, "Allocate auxiliary input"), auxiliary)?; + let auxiliary = UInt8::new_witness_vec( + ark_relations::ns!(cs, "Allocate auxiliary input"), + auxiliary, + )?; local_data_bytes.extend_from_slice(&auxiliary); let local_data_comm_rand = >::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Allocate local data commitment randomness"), + ark_relations::ns!(cs, "Allocate local data commitment randomness"), || Ok(local_data_rand), )?; let declared_local_data_comm = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Allocate local data commitment"), + ark_relations::ns!(cs, "Allocate local data commitment"), || Ok(local_data_comm), )?; @@ -632,18 +633,19 @@ where { // Declare public parameters. let (pred_vk_comm_pp, pred_vk_crh_pp) = { - let _ns = r1cs_core::ns!(cs, "Declare Comm and CRH parameters"); + let _ns = ark_relations::ns!(cs, "Declare Comm and CRH parameters"); let pred_vk_comm_pp = >::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Pred Vk COMM parameters"), + ark_relations::ns!(cs, "Declare Pred Vk COMM parameters"), &comm_crh_parameters.pred_vk_comm_pp, )?; - let pred_vk_crh_pp = >::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Pred Vk CRH parameters"), - &comm_crh_parameters.pred_vk_crh_pp, - )?; + let pred_vk_crh_pp = + >::ParametersVar::new_constant( + ark_relations::ns!(cs, "Declare Pred Vk CRH parameters"), + &comm_crh_parameters.pred_vk_crh_pp, + )?; (pred_vk_comm_pp, pred_vk_crh_pp) }; @@ -670,11 +672,11 @@ where let pred_input_bytes = [ UInt8::new_input_vec( - r1cs_core::ns!(cs, "Allocate local data pp "), + ark_relations::ns!(cs, "Allocate local data pp "), &pred_input[0], )?, UInt8::new_input_vec( - r1cs_core::ns!(cs, "Allocate local data comm"), + ark_relations::ns!(cs, "Allocate local data comm"), &pred_input[1], )?, ]; @@ -689,37 +691,37 @@ where let mut old_death_pred_hashes = Vec::new(); let mut new_birth_pred_hashes = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Check death predicate for input record"); + let _ns = ark_relations::ns!(cs, "Check death predicate for input record"); let death_pred_proof = - >::ProofVar::new_witness( - r1cs_core::ns!(cs, "Allocate proof"), + >::ProofVar::new_witness( + ark_relations::ns!(cs, "Allocate proof"), || Ok(&old_death_pred_vk_and_pf[i].proof), )?; let death_pred_vk = - >::new_verification_key_unchecked( - r1cs_core::ns!(cs, "Allocate verification key"), + >::new_verification_key_unchecked( + ark_relations::ns!(cs, "Allocate verification key"), || Ok(&old_death_pred_vk_and_pf[i].vk), AllocationMode::Witness, )?; - let _ns = r1cs_core::ns!(cs, "Convert vk to bytes"); + let _ns = ark_relations::ns!(cs, "Convert vk to bytes"); let death_pred_vk_bytes = death_pred_vk.to_bytes()?; drop(_ns); - let _ns = r1cs_core::ns!(cs, "Evaluate death predicate hash"); + let _ns = ark_relations::ns!(cs, "Evaluate death predicate hash"); let claimed_death_pred_hash = C::PredVkHGadget::evaluate(&pred_vk_crh_pp, &death_pred_vk_bytes)?; drop(_ns); - let _ns = r1cs_core::ns!(cs, "Convert death predicate hash to bytes"); + let _ns = ark_relations::ns!(cs, "Convert death predicate hash to bytes"); let claimed_death_pred_hash_bytes = claimed_death_pred_hash.to_bytes()?; drop(_ns); old_death_pred_hashes.push(claimed_death_pred_hash_bytes); - let _ns = r1cs_core::ns!(cs, "Verify death predicate"); + let _ns = ark_relations::ns!(cs, "Verify death predicate"); let position = UInt8::constant(i as u8).to_bits_le()?; C::PredicateNIZKGadget::verify( &death_pred_vk, @@ -732,37 +734,37 @@ where } for j in 0..C::NUM_OUTPUT_RECORDS { - let _ns = r1cs_core::ns!(cs, "Check birth predicate for output record"); + let _ns = ark_relations::ns!(cs, "Check birth predicate for output record"); let birth_pred_proof = - >::ProofVar::new_witness( - r1cs_core::ns!(cs, "Allocate proof"), + >::ProofVar::new_witness( + ark_relations::ns!(cs, "Allocate proof"), || Ok(&new_birth_pred_vk_and_pf[j].proof), )?; let birth_pred_vk = - >::new_verification_key_unchecked( - r1cs_core::ns!(cs, "Allocate verification key"), + >::new_verification_key_unchecked( + ark_relations::ns!(cs, "Allocate verification key"), || Ok(&new_birth_pred_vk_and_pf[j].vk), AllocationMode::Witness, )?; - let _ns = r1cs_core::ns!(cs, "Convert vk to bytes"); + let _ns = ark_relations::ns!(cs, "Convert vk to bytes"); let birth_pred_vk_bytes = birth_pred_vk.to_bytes()?; drop(_ns); - let _ns = r1cs_core::ns!(cs, "Evaluate birth predicate hash"); + let _ns = ark_relations::ns!(cs, "Evaluate birth predicate hash"); let claimed_birth_pred_hash = C::PredVkHGadget::evaluate(&pred_vk_crh_pp, &birth_pred_vk_bytes)?; drop(_ns); - let _ns = r1cs_core::ns!(cs, "Convert birth predicate hash to bytes"); + let _ns = ark_relations::ns!(cs, "Convert birth predicate hash to bytes"); let claimed_birth_pred_hash_bytes = claimed_birth_pred_hash.to_bytes()?; drop(_ns); new_birth_pred_hashes.push(claimed_birth_pred_hash_bytes); - let _ns = r1cs_core::ns!(cs, "Verify birth predicate"); + let _ns = ark_relations::ns!(cs, "Verify birth predicate"); let position = UInt8::constant(j as u8).to_bits_le()?; C::PredicateNIZKGadget::verify( &birth_pred_vk, @@ -774,7 +776,7 @@ where .enforce_equal(&Boolean::TRUE)?; } { - let _comm_ns = r1cs_core::ns!(cs, "Check that predicate commitment is well-formed"); + let _comm_ns = ark_relations::ns!(cs, "Check that predicate commitment is well-formed"); let mut input = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { @@ -787,13 +789,13 @@ where let given_comm_rand = >::RandomnessVar::new_witness( - r1cs_core::ns!(cs, "Commitment randomness"), + ark_relations::ns!(cs, "Commitment randomness"), || Ok(predicate_rand), )?; let given_comm = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Commitment output"), + ark_relations::ns!(cs, "Commitment output"), || Ok(predicate_comm), )?; diff --git a/src/dpc/delegable_dpc/address.rs b/src/dpc/delegable_dpc/address.rs index 906337f..d3d8af2 100644 --- a/src/dpc/delegable_dpc/address.rs +++ b/src/dpc/delegable_dpc/address.rs @@ -1,6 +1,6 @@ use crate::dpc::{delegable_dpc::DelegableDPCComponents, AddressKeyPair}; -use algebra::bytes::ToBytes; -use crypto_primitives::{CommitmentScheme, SignatureScheme, PRF}; +use ark_crypto_primitives::{CommitmentScheme, SignatureScheme, PRF}; +use ark_ff::bytes::ToBytes; use std::io::{Result as IoResult, Write}; #[derive(Derivative)] diff --git a/src/dpc/delegable_dpc/core_checks_circuit.rs b/src/dpc/delegable_dpc/core_checks_circuit.rs index 71704d1..b3361f8 100644 --- a/src/dpc/delegable_dpc/core_checks_circuit.rs +++ b/src/dpc/delegable_dpc/core_checks_circuit.rs @@ -1,7 +1,7 @@ use crate::Error; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; +use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; -use crypto_primitives::{merkle_tree, CommitmentScheme, FixedLengthCRH, SignatureScheme}; +use ark_crypto_primitives::{merkle_tree, CommitmentScheme, SignatureScheme, CRH}; use crate::{ constraints::{delegable_dpc::execute_core_checks_gadget, Assignment}, @@ -10,7 +10,7 @@ use crate::{ }, }; -use algebra::ToConstraintField; +use ark_ff::ToConstraintField; pub struct CoreChecksVerifierInput { // Commitment and CRH parameters @@ -40,7 +40,7 @@ where ::Parameters: ToConstraintField, ::Output: ToConstraintField, - ::Parameters: ToConstraintField, + ::Parameters: ToConstraintField, ::Parameters: ToConstraintField, ::Output: ToConstraintField, diff --git a/src/dpc/delegable_dpc/mod.rs b/src/dpc/delegable_dpc/mod.rs index 12c1736..558bde0 100644 --- a/src/dpc/delegable_dpc/mod.rs +++ b/src/dpc/delegable_dpc/mod.rs @@ -1,15 +1,15 @@ use crate::Error; -use algebra::{bytes::FromBytes, to_bytes, PrimeField, UniformRand}; -use rand::Rng; +use ark_ff::{bytes::FromBytes, to_bytes, PrimeField, UniformRand}; +use ark_std::{end_timer, rand::Rng, start_timer}; use std::marker::PhantomData; use crate::{ dpc::{AddressKeyPair, DPCScheme, Predicate, Record, Transaction}, ledger::*, }; -use crypto_primitives::{ - merkle_tree, CommitmentGadget, CommitmentScheme, FixedLengthCRH, FixedLengthCRHGadget, - NIZKVerifierGadget, PRFGadget, SigRandomizePkGadget, SignatureScheme, NIZK, PRF, +use ark_crypto_primitives::{ + merkle_tree, CRHGadget, CommitmentGadget, CommitmentScheme, PRFGadget, SNARKGadget, + SigRandomizePkGadget, SignatureScheme, CRH, PRF, SNARK, }; pub mod address; @@ -61,20 +61,20 @@ pub trait DelegableDPCComponents: 'static + Sized { // Parameters for MerkleTree type MerkleTreeConfig: merkle_tree::Config; - type MerkleTreeHGadget: FixedLengthCRHGadget< + type MerkleTreeHGadget: CRHGadget< ::H, Self::CoreCheckF, >; // CRH for computing the serial number nonce. Invoked only over // `Self::CoreCheckF`. - type SnNonceH: FixedLengthCRH; - type SnNonceHGadget: FixedLengthCRHGadget; + type SnNonceH: CRH; + type SnNonceHGadget: CRHGadget; // CRH for hashes of birth and death verification keys. // This is invoked only on the larger curve. - type PredVkH: FixedLengthCRH; - type PredVkHGadget: FixedLengthCRHGadget; + type PredVkH: CRH; + type PredVkHGadget: CRHGadget; // Commitment scheme for committing to hashes of birth and death verification // keys @@ -85,37 +85,37 @@ pub trait DelegableDPCComponents: 'static + Sized { + CommitmentGadget; // Commitment scheme for committing to predicate input. Invoked inside - // `Self::MainN` and every predicate NIZK. + // `Self::MainN` and every predicate SNARK. type LocalDataComm: CommitmentScheme; type LocalDataCommGadget: CommitmentGadget; type S: SignatureScheme; type SGadget: SigRandomizePkGadget; - // NIZK for non-proof-verification checks - type MainNIZK: NIZK< + // SNARK for non-proof-verification checks + type MainNIZK: SNARK< Circuit = CoreChecksCircuit, AssignedCircuit = CoreChecksCircuit, VerifierInput = CoreChecksVerifierInput, >; - // NIZK for proof-verification checks - type ProofCheckNIZK: NIZK< + // SNARK for proof-verification checks + type ProofCheckNIZK: SNARK< Circuit = ProofCheckCircuit, AssignedCircuit = ProofCheckCircuit, VerifierInput = ProofCheckVerifierInput, >; - // NIZK for a "dummy predicate" that does nothing with its input. - type PredicateNIZK: NIZK< + // SNARK for a "dummy predicate" that does nothing with its input. + type PredicateNIZK: SNARK< Circuit = EmptyPredicateCircuit, AssignedCircuit = EmptyPredicateCircuit, VerifierInput = PredicateLocalData, >; - // NIZK Verifier gadget for the "dummy predicate" that does nothing with its + // SNARK Verifier gadget for the "dummy predicate" that does nothing with its // input. - type PredicateNIZKGadget: NIZKVerifierGadget; + type PredicateNIZKGadget: SNARKGadget; // PRF for computing serial numbers. Invoked only over `Self::CoreCheckF`. type P: PRF; @@ -277,7 +277,7 @@ impl DPC { pub fn generate_record( parameters: &CommCRHSigPublicParameters, - sn_nonce: &::Output, + sn_nonce: &::Output, address_public_key: &AddressPublicKey, is_dummy: bool, payload: &[u8; 32], @@ -571,7 +571,7 @@ where let setup_time = start_timer!(|| "DelegableDPC::Setup"); let comm_crh_sig_pp = Self::generate_comm_crh_sig_parameters(rng)?; - let pred_nizk_setup_time = start_timer!(|| "Dummy Predicate NIZK Setup"); + let pred_nizk_setup_time = start_timer!(|| "Dummy Predicate SNARK Setup"); let pred_nizk_pp = Self::generate_pred_nizk_parameters(&comm_crh_sig_pp, rng)?; end_timer!(pred_nizk_setup_time); @@ -580,14 +580,14 @@ where proof: pred_nizk_pp.proof.clone(), }; - let nizk_setup_time = start_timer!(|| "Execute Tx Core Checks NIZK Setup"); + let nizk_setup_time = start_timer!(|| "Execute Tx Core Checks SNARK Setup"); let core_nizk_pp = Components::MainNIZK::setup( CoreChecksCircuit::blank(&comm_crh_sig_pp, ledger_pp), rng, )?; end_timer!(nizk_setup_time); - let nizk_setup_time = start_timer!(|| "Execute Tx Proof Checks NIZK Setup"); + let nizk_setup_time = start_timer!(|| "Execute Tx Proof Checks SNARK Setup"); let proof_check_nizk_pp = Components::ProofCheckNIZK::setup( ProofCheckCircuit::blank(&comm_crh_sig_pp, &private_pred_input), rng, diff --git a/src/dpc/delegable_dpc/parameters.rs b/src/dpc/delegable_dpc/parameters.rs index 5885099..f31dc5d 100644 --- a/src/dpc/delegable_dpc/parameters.rs +++ b/src/dpc/delegable_dpc/parameters.rs @@ -1,5 +1,5 @@ use crate::dpc::delegable_dpc::DelegableDPCComponents; -use crypto_primitives::{CommitmentScheme, FixedLengthCRH, SignatureScheme, NIZK}; +use ark_crypto_primitives::{CommitmentScheme, SignatureScheme, CRH, SNARK}; #[derive(Derivative)] #[derivative(Clone(bound = "C: DelegableDPCComponents"))] @@ -9,8 +9,8 @@ pub struct CommCRHSigPublicParameters { pub pred_vk_comm_pp: ::Parameters, pub local_data_comm_pp: ::Parameters, - pub sn_nonce_crh_pp: ::Parameters, - pub pred_vk_crh_pp: ::Parameters, + pub sn_nonce_crh_pp: ::Parameters, + pub pred_vk_crh_pp: ::Parameters, pub sig_pp: ::Parameters, } @@ -18,21 +18,21 @@ pub struct CommCRHSigPublicParameters { #[derive(Derivative)] #[derivative(Clone(bound = "C: DelegableDPCComponents"))] pub struct PredNIZKParameters { - pub pk: ::ProvingParameters, - pub vk: ::VerificationParameters, - pub proof: ::Proof, + pub pk: ::ProvingKey, + pub vk: ::VerifyingKey, + pub proof: ::Proof, } pub struct PublicParameters { pub comm_crh_sig_pp: CommCRHSigPublicParameters, pub pred_nizk_pp: PredNIZKParameters, pub proof_check_nizk_pp: ( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ), pub core_nizk_pp: ( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ), } @@ -40,8 +40,8 @@ impl PublicParameters { pub fn core_check_nizk_pp( &self, ) -> &( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ) { &self.core_nizk_pp } @@ -49,8 +49,8 @@ impl PublicParameters { pub fn proof_check_nizk_pp( &self, ) -> &( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ) { &self.proof_check_nizk_pp } @@ -59,11 +59,11 @@ impl PublicParameters { &self.pred_nizk_pp } - pub fn sn_nonce_crh_pp(&self) -> &::Parameters { + pub fn sn_nonce_crh_pp(&self) -> &::Parameters { &self.comm_crh_sig_pp.sn_nonce_crh_pp } - pub fn pred_vk_crh_pp(&self) -> &::Parameters { + pub fn pred_vk_crh_pp(&self) -> &::Parameters { &self.comm_crh_sig_pp.pred_vk_crh_pp } diff --git a/src/dpc/delegable_dpc/predicate.rs b/src/dpc/delegable_dpc/predicate.rs index d0aa1a9..c52b5f8 100644 --- a/src/dpc/delegable_dpc/predicate.rs +++ b/src/dpc/delegable_dpc/predicate.rs @@ -1,17 +1,17 @@ use crate::dpc::{delegable_dpc::DelegableDPCComponents, Predicate}; -use crypto_primitives::NIZK; +use ark_crypto_primitives::SNARK; use std::marker::PhantomData; pub struct PrivatePredInput { - pub vk: ::VerificationParameters, - pub proof: ::Proof, + pub vk: ::VerifyingKey, + pub proof: ::Proof, } impl Default for PrivatePredInput { fn default() -> Self { Self { - vk: ::VerificationParameters::default(), - proof: ::Proof::default(), + vk: ::VerifyingKey::default(), + proof: ::Proof::default(), } } } diff --git a/src/dpc/delegable_dpc/predicate_circuit.rs b/src/dpc/delegable_dpc/predicate_circuit.rs index 790dd4f..17e8f9b 100644 --- a/src/dpc/delegable_dpc/predicate_circuit.rs +++ b/src/dpc/delegable_dpc/predicate_circuit.rs @@ -3,14 +3,14 @@ use crate::{ delegable_dpc::*, dpc::{delegable_dpc::DPCRecord, Record}, }; -use crypto_primitives::CommitmentScheme; -use r1cs_std::prelude::*; +use ark_crypto_primitives::CommitmentScheme; +use ark_r1cs_std::prelude::*; use std::io::{Result as IoResult, Write}; -use algebra::{bytes::ToBytes, ToConstraintField}; +use ark_ff::{bytes::ToBytes, ToConstraintField}; // We'll use these interfaces to construct our circuit. -use r1cs_core::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; +use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; use crate::Error; @@ -159,10 +159,10 @@ impl ConstraintSynthesizer for EmptyPr cs: ConstraintSystemRef, ) -> Result<(), SynthesisError> { let _position = - UInt8::new_input_vec(r1cs_core::ns!(cs, "Alloc position"), &[self.position])?; + UInt8::new_input_vec(ark_relations::ns!(cs, "Alloc position"), &[self.position])?; >::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Pred Input Comm parameters"), + ark_relations::ns!(cs, "Declare Pred Input Comm parameters"), self.comm_and_crh_parameters .as_ref() .get()? @@ -172,7 +172,7 @@ impl ConstraintSynthesizer for EmptyPr let _local_data_comm = >::OutputVar::new_witness( - r1cs_core::ns!(cs, "Allocate predicate commitment"), + ark_relations::ns!(cs, "Allocate predicate commitment"), || self.local_data_comm.get(), )?; diff --git a/src/dpc/delegable_dpc/proof_check_circuit.rs b/src/dpc/delegable_dpc/proof_check_circuit.rs index 616d4ac..f600255 100644 --- a/src/dpc/delegable_dpc/proof_check_circuit.rs +++ b/src/dpc/delegable_dpc/proof_check_circuit.rs @@ -1,8 +1,8 @@ -use algebra::{to_bytes, ToConstraintField}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; +use ark_ff::{to_bytes, ToConstraintField}; +use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; use crate::Error; -use crypto_primitives::{CommitmentScheme, FixedLengthCRH}; +use ark_crypto_primitives::{CommitmentScheme, CRH}; use crate::{ constraints::{delegable_dpc::execute_proof_check_gadget, Assignment}, @@ -22,7 +22,7 @@ where ::Parameters: ToConstraintField, ::Output: ToConstraintField, - ::Parameters: ToConstraintField, + ::Parameters: ToConstraintField, ::Parameters: ToConstraintField, ::Output: ToConstraintField, diff --git a/src/dpc/delegable_dpc/record.rs b/src/dpc/delegable_dpc/record.rs index 867d230..13c6d28 100644 --- a/src/dpc/delegable_dpc/record.rs +++ b/src/dpc/delegable_dpc/record.rs @@ -2,8 +2,8 @@ use crate::dpc::{ delegable_dpc::{AddressPublicKey, DPCPredicate, DelegableDPCComponents}, Record, }; -use algebra::to_bytes; -use crypto_primitives::{CommitmentScheme, FixedLengthCRH, SignatureScheme}; +use ark_crypto_primitives::{CommitmentScheme, SignatureScheme, CRH}; +use ark_ff::to_bytes; use std::marker::PhantomData; #[derive(Derivative)] @@ -22,7 +22,7 @@ pub struct DPCRecord { #[derivative(Default(value = "default_predicate_hash::()"))] pub(super) death_predicate_repr: Vec, - pub(super) serial_number_nonce: ::Output, + pub(super) serial_number_nonce: ::Output, pub(super) commitment: ::Output, pub(super) commitment_randomness: ::Randomness, @@ -30,7 +30,7 @@ pub struct DPCRecord { pub(super) _components: PhantomData, } -fn default_predicate_hash() -> Vec { +fn default_predicate_hash() -> Vec { to_bytes![C::Output::default()].unwrap() } @@ -41,7 +41,7 @@ impl Record for DPCRecord { type Payload = [u8; 32]; type Predicate = DPCPredicate; - type SerialNumberNonce = ::Output; + type SerialNumberNonce = ::Output; type SerialNumber = ::PublicKey; fn address_public_key(&self) -> &Self::AddressPublicKey { diff --git a/src/dpc/delegable_dpc/test.rs b/src/dpc/delegable_dpc/test.rs index c8a1368..a865c62 100644 --- a/src/dpc/delegable_dpc/test.rs +++ b/src/dpc/delegable_dpc/test.rs @@ -6,7 +6,7 @@ use algebra::curves::ed_on_cp6_782::EdwardsProjective as E; use algebra::{to_bytes, ToBytes}; use rand::thread_rng; -use crate::crypto_primitives::{ +use crate::ark_crypto_primitives::{ commitment::{blake2s::Blake2sCommitment, injective_map::PedersenCommCompressor}, crh::{ injective_map::{PedersenCRHCompressor, TECompressor}, @@ -17,10 +17,10 @@ use crate::crypto_primitives::{ prf::blake2s::Blake2s, signature::schnorr::SchnorrSignature, }; -use crate::crypto_primitives::{CommitmentScheme, FixedLengthCRH}; +use crate::ark_crypto_primitives::{CommitmentScheme, CRH}; use blake2::Blake2s as Blake2sHash; -use r1cs_core::ConstraintSystem; +use ark_relations::r1cs::ConstraintSystem; use crate::constraints::commitment::{ blake2s::Blake2sCommitmentGadget, injective_map::PedersenCommitmentCompressorGadget, diff --git a/src/dpc/delegable_dpc/transaction.rs b/src/dpc/delegable_dpc/transaction.rs index fbe00e6..f230051 100644 --- a/src/dpc/delegable_dpc/transaction.rs +++ b/src/dpc/delegable_dpc/transaction.rs @@ -2,7 +2,7 @@ use crate::{ dpc::delegable_dpc::{DelegableDPCComponents, Transaction}, ledger::*, }; -use crypto_primitives::{CommitmentScheme, SignatureScheme, NIZK}; +use ark_crypto_primitives::{CommitmentScheme, SignatureScheme, SNARK}; #[derive(Derivative)] #[derivative( @@ -27,10 +27,10 @@ pub struct DPCStuff { pub digest: merkle_tree::Digest, #[derivative(PartialEq = "ignore")] - pub core_proof: ::Proof, + pub core_proof: ::Proof, #[derivative(PartialEq = "ignore")] - pub predicate_proof: ::Proof, + pub predicate_proof: ::Proof, #[derivative(PartialEq = "ignore")] pub predicate_comm: ::Output, @@ -48,8 +48,8 @@ impl DPCTransaction { new_commitments: Vec<::Commitment>, memorandum: ::Memorandum, digest: merkle_tree::Digest, - core_proof: ::Proof, - predicate_proof: ::Proof, + core_proof: ::Proof, + predicate_proof: ::Proof, predicate_comm: ::Output, local_data_comm: ::Output, signatures: Vec<::Signature>, diff --git a/src/dpc/mod.rs b/src/dpc/mod.rs index e2737b5..0e94160 100644 --- a/src/dpc/mod.rs +++ b/src/dpc/mod.rs @@ -1,5 +1,5 @@ use crate::Error; -use rand::Rng; +use ark_std::rand::Rng; use std::hash::Hash; pub mod delegable_dpc; diff --git a/src/dpc/plain_dpc/address.rs b/src/dpc/plain_dpc/address.rs index aeb0d40..bcbdedc 100644 --- a/src/dpc/plain_dpc/address.rs +++ b/src/dpc/plain_dpc/address.rs @@ -1,6 +1,6 @@ use crate::dpc::{plain_dpc::PlainDPCComponents, AddressKeyPair}; -use algebra::bytes::ToBytes; -use crypto_primitives::{CommitmentScheme, PRF}; +use ark_crypto_primitives::{CommitmentScheme, PRF}; +use ark_ff::bytes::ToBytes; use std::io::{Result as IoResult, Write}; #[derive(Derivative)] diff --git a/src/dpc/plain_dpc/core_checks_circuit.rs b/src/dpc/plain_dpc/core_checks_circuit.rs index 656eec0..c9264b1 100644 --- a/src/dpc/plain_dpc/core_checks_circuit.rs +++ b/src/dpc/plain_dpc/core_checks_circuit.rs @@ -1,14 +1,14 @@ use crate::Error; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; +use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; -use crypto_primitives::{merkle_tree, CommitmentScheme, FixedLengthCRH, PRF}; +use ark_crypto_primitives::{merkle_tree, CommitmentScheme, CRH, PRF}; use crate::{ constraints::{plain_dpc::execute_core_checks_gadget, Assignment}, dpc::plain_dpc::{AddressSecretKey, CommAndCRHPublicParameters, DPCRecord, PlainDPCComponents}, }; -use algebra::ToConstraintField; +use ark_ff::ToConstraintField; pub struct CoreChecksVerifierInput { // Commitment and CRH parameters @@ -38,7 +38,7 @@ where ::Parameters: ToConstraintField, ::Output: ToConstraintField, - ::Parameters: ToConstraintField, + ::Parameters: ToConstraintField, ::Parameters: ToConstraintField, ::Output: ToConstraintField, diff --git a/src/dpc/plain_dpc/instantiated.rs b/src/dpc/plain_dpc/instantiated.rs index 17e471a..db8ddc9 100644 --- a/src/dpc/plain_dpc/instantiated.rs +++ b/src/dpc/plain_dpc/instantiated.rs @@ -1,29 +1,28 @@ -use algebra::{ - bls12_377, cp6_782::CP6_782, ed_on_bls12_377::EdwardsProjective as EdwardsBls, - ed_on_cp6_782::EdwardsProjective as EdwardsCP6, Bls12_377, +use ark_bls12_377::{constraints::PairingVar, Bls12_377}; +use ark_bw6_761::BW6_761; +use ark_ed_on_bls12_377::{ + constraints::EdwardsVar as EdwardsBlsVar, EdwardsProjective as EdwardsBls, +}; +use ark_ed_on_bw6_761::{ + constraints::EdwardsVar as EdwardsBw6Var, EdwardsProjective as EdwardsBw6, }; -use crypto_primitives::{ +use ark_crypto_primitives::{ commitment::{blake2s, injective_map::PedersenCommCompressor}, crh::{ injective_map::{PedersenCRHCompressor, TECompressor}, pedersen, }, merkle_tree, - nizk::Groth16, prf::blake2s::Blake2s, }; +use ark_groth16::{constraints::Groth16VerifierGadget, Groth16}; -use crypto_primitives::{ +use ark_crypto_primitives::{ commitment::injective_map, crh::injective_map::constraints::{PedersenCRHCompressorGadget, TECompressorGadget}, - nizk::groth16::constraints::Groth16VerifierGadget, prf::blake2s::constraints::Blake2sGadget, }; -use r1cs_std::{ - bls12_377::PairingVar, ed_on_bls12_377::EdwardsVar as EdwardsBlsVar, - ed_on_cp6_782::EdwardsVar as EdwardsCP6Var, -}; use crate::dpc::plain_dpc::{ core_checks_circuit::*, predicate::DPCPredicate, predicate_circuit::*, proof_check_circuit::*, @@ -128,9 +127,9 @@ impl PlainDPCComponents for Components { // Native primitives pub type EdwardsCompressor = TECompressor; pub type CoreCheckPairing = Bls12_377; -pub type ProofCheckPairing = CP6_782; -pub type CoreCheckF = bls12_377::Fr; -pub type ProofCheckF = bls12_377::Fq; +pub type ProofCheckPairing = BW6_761; +pub type CoreCheckF = ark_bls12_377::Fr; +pub type ProofCheckF = ark_bls12_377::Fq; pub type AddressComm = PedersenCommCompressor; pub type RecordComm = PedersenCommCompressor; @@ -139,7 +138,7 @@ pub type LocalDataComm = PedersenCommCompressor; pub type SnNonceCRH = PedersenCRHCompressor; -pub type PredVkCRH = PedersenCRHCompressor; +pub type PredVkCRH = PedersenCRHCompressor; pub type Predicate = DPCPredicate; pub type CoreCheckNIZK = @@ -191,10 +190,10 @@ pub type MerkleTreeCRHGadget = PedersenCRHCompressorGadget< EdwardsCompressorGadget, >; pub type PredVkCRHGadget = PedersenCRHCompressorGadget< - EdwardsCP6, + EdwardsBw6, EdwardsCompressor, PredVkHashWindow, - EdwardsCP6Var, + EdwardsBw6Var, EdwardsCompressorGadget, >; diff --git a/src/dpc/plain_dpc/mod.rs b/src/dpc/plain_dpc/mod.rs index 41ae290..aeccc0f 100644 --- a/src/dpc/plain_dpc/mod.rs +++ b/src/dpc/plain_dpc/mod.rs @@ -1,15 +1,14 @@ use crate::Error; -use algebra::{bytes::FromBytes, to_bytes, PrimeField, UniformRand}; -use rand::Rng; -use std::marker::PhantomData; +use ark_ff::{bytes::FromBytes, to_bytes, PrimeField}; +use ark_std::{end_timer, marker::PhantomData, rand::Rng, start_timer, UniformRand}; use crate::{ dpc::{AddressKeyPair, DPCScheme, Predicate, Record, Transaction}, ledger::*, }; -use crypto_primitives::{ - merkle_tree, CommitmentGadget, CommitmentScheme, FixedLengthCRH, FixedLengthCRHGadget, - NIZKVerifierGadget, PRFGadget, NIZK, PRF, +use ark_crypto_primitives::{ + merkle_tree, CRHGadget, CommitmentGadget, CommitmentScheme, PRFGadget, SNARKGadget, CRH, PRF, + SNARK, }; pub mod address; @@ -63,20 +62,20 @@ pub trait PlainDPCComponents: 'static + Sized { // Ledger digest type. type MerkleTreeConfig: merkle_tree::Config; - type MerkleTreeHGadget: FixedLengthCRHGadget< + type MerkleTreeHGadget: CRHGadget< ::H, Self::CoreCheckF, >; // CRH for computing the serial number nonce. Invoked only over // `Self::CoreCheckF`. - type SnNonceH: FixedLengthCRH; - type SnNonceHGadget: FixedLengthCRHGadget; + type SnNonceH: CRH; + type SnNonceHGadget: CRHGadget; // CRH for hashes of birth and death verification keys. // This is invoked only on the larger curve. - type PredVkH: FixedLengthCRH; - type PredVkHGadget: FixedLengthCRHGadget; + type PredVkH: CRH; + type PredVkHGadget: CRHGadget; // Commitment scheme for committing to hashes of birth and death verification // keys @@ -87,34 +86,34 @@ pub trait PlainDPCComponents: 'static + Sized { + CommitmentGadget; // Commitment scheme for committing to predicate input. Invoked inside - // `Self::MainN` and every predicate NIZK. + // `Self::MainN` and every predicate SNARK. type LocalDataComm: CommitmentScheme; type LocalDataCommGadget: CommitmentGadget; - // NIZK for non-proof-verification checks - type MainNIZK: NIZK< + // SNARK for non-proof-verification checks + type MainNIZK: SNARK< Circuit = CoreChecksCircuit, AssignedCircuit = CoreChecksCircuit, VerifierInput = CoreChecksVerifierInput, >; - // NIZK for proof-verification checks - type ProofCheckNIZK: NIZK< + // SNARK for proof-verification checks + type ProofCheckNIZK: SNARK< Circuit = ProofCheckCircuit, AssignedCircuit = ProofCheckCircuit, VerifierInput = ProofCheckVerifierInput, >; - // NIZK for a "dummy predicate" that does nothing with its input. - type PredicateNIZK: NIZK< + // SNARK for a "dummy predicate" that does nothing with its input. + type PredicateNIZK: SNARK< Circuit = EmptyPredicateCircuit, AssignedCircuit = EmptyPredicateCircuit, VerifierInput = PredicateLocalData, >; - // NIZK Verifier gadget for the "dummy predicate" that does nothing with its + // SNARK Verifier gadget for the "dummy predicate" that does nothing with its // input. - type PredicateNIZKGadget: NIZKVerifierGadget; + type PredicateNIZKGadget: SNARKGadget; // PRF for computing serial numbers. Invoked only over `Self::CoreCheckF`. type P: PRF; @@ -265,7 +264,7 @@ impl DPC { pub fn generate_record( parameters: &CommAndCRHPublicParameters, - sn_nonce: &::Output, + sn_nonce: &::Output, address_public_key: &AddressPublicKey, is_dummy: bool, payload: &[u8; 32], @@ -551,7 +550,7 @@ where let setup_time = start_timer!(|| "PlainDPC::Setup"); let comm_and_crh_pp = Self::generate_comm_and_crh_parameters(rng)?; - let pred_nizk_setup_time = start_timer!(|| "Dummy Predicate NIZK Setup"); + let pred_nizk_setup_time = start_timer!(|| "Dummy Predicate SNARK Setup"); let pred_nizk_pp = Self::generate_pred_nizk_parameters(&comm_and_crh_pp, rng)?; end_timer!(pred_nizk_setup_time); @@ -560,14 +559,14 @@ where proof: pred_nizk_pp.proof.clone(), }; - let nizk_setup_time = start_timer!(|| "Execute Tx Core Checks NIZK Setup"); + let nizk_setup_time = start_timer!(|| "Execute Tx Core Checks SNARK Setup"); let core_nizk_pp = Components::MainNIZK::setup( CoreChecksCircuit::blank(&comm_and_crh_pp, ledger_pp), rng, )?; end_timer!(nizk_setup_time); - let nizk_setup_time = start_timer!(|| "Execute Tx Proof Checks NIZK Setup"); + let nizk_setup_time = start_timer!(|| "Execute Tx Proof Checks SNARK Setup"); let proof_check_nizk_pp = Components::ProofCheckNIZK::setup( ProofCheckCircuit::blank(&comm_and_crh_pp, &private_pred_input), rng, @@ -747,7 +746,7 @@ where &input, &transaction.stuff.core_proof, )? { - eprintln!("Core NIZK didn't verify."); + eprintln!("Core SNARK didn't verify."); return Ok(false); }; @@ -762,7 +761,7 @@ where &input, &transaction.stuff.predicate_proof, )? { - eprintln!("Predicate check NIZK didn't verify."); + eprintln!("Predicate check SNARK didn't verify."); return Ok(false); } end_timer!(verify_time); diff --git a/src/dpc/plain_dpc/parameters.rs b/src/dpc/plain_dpc/parameters.rs index ef2e267..a4b4393 100644 --- a/src/dpc/plain_dpc/parameters.rs +++ b/src/dpc/plain_dpc/parameters.rs @@ -1,5 +1,5 @@ use crate::dpc::plain_dpc::PlainDPCComponents; -use crypto_primitives::{CommitmentScheme, FixedLengthCRH, NIZK}; +use ark_crypto_primitives::{CommitmentScheme, CRH, SNARK}; #[derive(Derivative)] #[derivative(Clone(bound = "C: PlainDPCComponents"))] @@ -9,28 +9,28 @@ pub struct CommAndCRHPublicParameters { pub pred_vk_comm_pp: ::Parameters, pub local_data_comm_pp: ::Parameters, - pub sn_nonce_crh_pp: ::Parameters, - pub pred_vk_crh_pp: ::Parameters, + pub sn_nonce_crh_pp: ::Parameters, + pub pred_vk_crh_pp: ::Parameters, } #[derive(Derivative)] #[derivative(Clone(bound = "C: PlainDPCComponents"))] pub struct PredNIZKParameters { - pub pk: ::ProvingParameters, - pub vk: ::VerificationParameters, - pub proof: ::Proof, + pub pk: ::ProvingKey, + pub vk: ::VerifyingKey, + pub proof: ::Proof, } pub struct PublicParameters { pub comm_and_crh_pp: CommAndCRHPublicParameters, pub pred_nizk_pp: PredNIZKParameters, pub proof_check_nizk_pp: ( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ), pub core_nizk_pp: ( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ), } @@ -38,8 +38,8 @@ impl PublicParameters { pub fn core_check_nizk_pp( &self, ) -> &( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ) { &self.core_nizk_pp } @@ -47,8 +47,8 @@ impl PublicParameters { pub fn proof_check_nizk_pp( &self, ) -> &( - ::ProvingParameters, - ::PreparedVerificationParameters, + ::ProvingKey, + ::ProcessedVerifyingKey, ) { &self.proof_check_nizk_pp } @@ -57,11 +57,11 @@ impl PublicParameters { &self.pred_nizk_pp } - pub fn sn_nonce_crh_pp(&self) -> &::Parameters { + pub fn sn_nonce_crh_pp(&self) -> &::Parameters { &self.comm_and_crh_pp.sn_nonce_crh_pp } - pub fn pred_vk_crh_pp(&self) -> &::Parameters { + pub fn pred_vk_crh_pp(&self) -> &::Parameters { &self.comm_and_crh_pp.pred_vk_crh_pp } diff --git a/src/dpc/plain_dpc/predicate.rs b/src/dpc/plain_dpc/predicate.rs index ca0f990..cead96b 100644 --- a/src/dpc/plain_dpc/predicate.rs +++ b/src/dpc/plain_dpc/predicate.rs @@ -1,17 +1,17 @@ use crate::dpc::{plain_dpc::PlainDPCComponents, Predicate}; -use crypto_primitives::NIZK; +use ark_crypto_primitives::SNARK; use std::marker::PhantomData; pub struct PrivatePredInput { - pub vk: ::VerificationParameters, - pub proof: ::Proof, + pub vk: ::VerifyingKey, + pub proof: ::Proof, } impl Default for PrivatePredInput { fn default() -> Self { Self { - vk: ::VerificationParameters::default(), - proof: ::Proof::default(), + vk: ::VerifyingKey::default(), + proof: ::Proof::default(), } } } diff --git a/src/dpc/plain_dpc/predicate_circuit.rs b/src/dpc/plain_dpc/predicate_circuit.rs index de31036..10917f3 100644 --- a/src/dpc/plain_dpc/predicate_circuit.rs +++ b/src/dpc/plain_dpc/predicate_circuit.rs @@ -3,13 +3,13 @@ use crate::{ dpc::{plain_dpc::DPCRecord, Record}, plain_dpc::*, }; -use crypto_primitives::{CommitmentScheme, PRF}; -use r1cs_std::prelude::*; -use std::io::{Result as IoResult, Write}; +use ark_crypto_primitives::{CommitmentScheme, PRF}; +use ark_r1cs_std::prelude::*; +use ark_std::io::{Result as IoResult, Write}; -use algebra::{bytes::ToBytes, ToConstraintField}; +use ark_ff::{bytes::ToBytes, ToConstraintField}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; +use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; use crate::Error; @@ -154,11 +154,11 @@ impl ConstraintSynthesizer for EmptyPredic cs: ConstraintSystemRef, ) -> Result<(), SynthesisError> { let _position = - UInt8::new_input_vec(r1cs_core::ns!(cs, "Alloc position"), &[self.position])?; + UInt8::new_input_vec(ark_relations::ns!(cs, "Alloc position"), &[self.position])?; let _local_data_comm_pp = >::ParametersVar::new_constant( - r1cs_core::ns!(cs, "Declare Pred Input Comm parameters"), + ark_relations::ns!(cs, "Declare Pred Input Comm parameters"), self.comm_and_crh_parameters .as_ref() .get()? @@ -168,7 +168,7 @@ impl ConstraintSynthesizer for EmptyPredic let _local_data_comm = >::OutputVar::new_input( - r1cs_core::ns!(cs, "Allocate predicate commitment"), + ark_relations::ns!(cs, "Allocate predicate commitment"), || self.local_data_comm.get(), )?; diff --git a/src/dpc/plain_dpc/proof_check_circuit.rs b/src/dpc/plain_dpc/proof_check_circuit.rs index 45f1d59..972b9e5 100644 --- a/src/dpc/plain_dpc/proof_check_circuit.rs +++ b/src/dpc/plain_dpc/proof_check_circuit.rs @@ -1,8 +1,8 @@ use crate::Error; -use algebra::{to_bytes, ToConstraintField}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; +use ark_ff::{to_bytes, ToConstraintField}; +use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError}; -use crypto_primitives::{CommitmentScheme, FixedLengthCRH}; +use ark_crypto_primitives::{CommitmentScheme, CRH}; use crate::{ constraints::{plain_dpc::execute_proof_check_gadget, Assignment}, @@ -22,7 +22,7 @@ where ::Parameters: ToConstraintField, ::Output: ToConstraintField, - ::Parameters: ToConstraintField, + ::Parameters: ToConstraintField, ::Parameters: ToConstraintField, ::Output: ToConstraintField, diff --git a/src/dpc/plain_dpc/record.rs b/src/dpc/plain_dpc/record.rs index 82c01ce..bd9ef58 100644 --- a/src/dpc/plain_dpc/record.rs +++ b/src/dpc/plain_dpc/record.rs @@ -2,8 +2,8 @@ use crate::dpc::{ plain_dpc::{AddressPublicKey, DPCPredicate, PlainDPCComponents}, Record, }; -use algebra::to_bytes; -use crypto_primitives::{CommitmentScheme, FixedLengthCRH, PRF}; +use ark_crypto_primitives::{CommitmentScheme, CRH, PRF}; +use ark_ff::to_bytes; use std::marker::PhantomData; #[derive(Derivative)] @@ -22,7 +22,7 @@ pub struct DPCRecord { #[derivative(Default(value = "default_predicate_hash::()"))] pub(super) death_predicate_repr: Vec, - pub(super) serial_number_nonce: ::Output, + pub(super) serial_number_nonce: ::Output, pub(super) commitment: ::Output, pub(super) commitment_randomness: ::Randomness, @@ -30,7 +30,7 @@ pub struct DPCRecord { pub(super) _components: PhantomData, } -fn default_predicate_hash() -> Vec { +fn default_predicate_hash() -> Vec { to_bytes![C::Output::default()].unwrap() } @@ -41,7 +41,7 @@ impl Record for DPCRecord { type Payload = [u8; 32]; type Predicate = DPCPredicate; - type SerialNumberNonce = ::Output; + type SerialNumberNonce = ::Output; type SerialNumber = ::Output; fn address_public_key(&self) -> &Self::AddressPublicKey { diff --git a/src/dpc/plain_dpc/test.rs b/src/dpc/plain_dpc/test.rs index e5fb420..f6fc8bb 100644 --- a/src/dpc/plain_dpc/test.rs +++ b/src/dpc/plain_dpc/test.rs @@ -1,18 +1,15 @@ use super::instantiated::*; -use algebra::{ - bls12_377::{Fq, Fr}, - to_bytes, -}; +use ark_bls12_377::{Fq, Fr}; +use ark_ff::to_bytes; use tracing_subscriber::layer::SubscriberExt; #[cfg(debug_assertions)] -use groth16::PreparedVerifyingKey; -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; +use ark_groth16::PreparedVerifyingKey; +use ark_std::{rand::SeedableRng, rand::XorShiftRng}; -use crypto_primitives::FixedLengthCRH; +use ark_crypto_primitives::CRH; -use r1cs_core::{ConstraintLayer, ConstraintSystem}; +use ark_relations::r1cs::{ConstraintLayer, ConstraintSystem}; use crate::constraints::plain_dpc::{execute_core_checks_gadget, execute_proof_check_gadget}; @@ -26,7 +23,7 @@ use crate::ledger::Ledger; #[test] fn test_execute_constraint_systems() { let mut layer = ConstraintLayer::default(); - layer.mode = r1cs_core::TracingMode::OnlyConstraints; + layer.mode = ark_relations::r1cs::TracingMode::OnlyConstraints; let subscriber = tracing_subscriber::Registry::default().with(layer); tracing::subscriber::set_global_default(subscriber).unwrap(); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); @@ -140,7 +137,7 @@ fn test_execute_constraint_systems() { // Check that the core check constraint system was satisfied. let core_cs = ConstraintSystem::::new_ref(); - let core_ns = r1cs_core::ns!(core_cs, "Core checks"); + let core_ns = ark_relations::ns!(core_cs, "Core checks"); let cs = core_ns.cs(); execute_core_checks_gadget::<_>( cs.clone(), @@ -189,7 +186,7 @@ fn test_execute_constraint_systems() { let mut old_proof_and_vk = vec![]; for i in 0..NUM_INPUT_RECORDS { - use crypto_primitives::nizk::NIZK; + use ark_crypto_primitives::nizk::SNARK; let proof = PredicateNIZK::prove( &pred_nizk_pp.pk, EmptyPredicateCircuit::new(&comm_and_crh_pp, &local_data_comm, i as u8), @@ -217,7 +214,7 @@ fn test_execute_constraint_systems() { let mut new_proof_and_vk = vec![]; for i in 0..NUM_OUTPUT_RECORDS { - use crypto_primitives::nizk::NIZK; + use ark_crypto_primitives::nizk::SNARK; let proof = PredicateNIZK::prove( &pred_nizk_pp.pk, EmptyPredicateCircuit::new(&comm_and_crh_pp, &local_data_comm, i as u8), @@ -231,7 +228,7 @@ fn test_execute_constraint_systems() { new_proof_and_vk.push(private_input); } - let pf_check_ns = r1cs_core::ns!(pf_check_cs, "Check predicate proofs"); + let pf_check_ns = ark_relations::ns!(pf_check_cs, "Check predicate proofs"); let cs = pf_check_ns.cs(); execute_proof_check_gadget::<_>( cs, diff --git a/src/dpc/plain_dpc/transaction.rs b/src/dpc/plain_dpc/transaction.rs index 521381f..c284818 100644 --- a/src/dpc/plain_dpc/transaction.rs +++ b/src/dpc/plain_dpc/transaction.rs @@ -2,7 +2,7 @@ use crate::{ dpc::plain_dpc::{PlainDPCComponents, Transaction}, ledger::*, }; -use crypto_primitives::{CommitmentScheme, NIZK, PRF}; +use ark_crypto_primitives::{CommitmentScheme, PRF, SNARK}; #[derive(Derivative)] #[derivative( @@ -26,9 +26,9 @@ pub struct DPCTransaction { pub struct DPCStuff { pub digest: merkle_tree::Digest, #[derivative(PartialEq = "ignore")] - pub core_proof: ::Proof, + pub core_proof: ::Proof, #[derivative(PartialEq = "ignore")] - pub predicate_proof: ::Proof, + pub predicate_proof: ::Proof, #[derivative(PartialEq = "ignore")] pub predicate_comm: ::Output, #[derivative(PartialEq = "ignore")] @@ -41,8 +41,8 @@ impl DPCTransaction { new_commitments: Vec<::Commitment>, memorandum: ::Memorandum, digest: merkle_tree::Digest, - core_proof: ::Proof, - predicate_proof: ::Proof, + core_proof: ::Proof, + predicate_proof: ::Proof, predicate_comm: ::Output, local_data_comm: ::Output, ) -> Self { diff --git a/src/ledger/ideal_ledger.rs b/src/ledger/ideal_ledger.rs index 7c5c2ab..1f8f829 100644 --- a/src/ledger/ideal_ledger.rs +++ b/src/ledger/ideal_ledger.rs @@ -1,32 +1,34 @@ use crate::Error; -use rand::Rng; -use std::{ - collections::{HashMap, HashSet}, +use ark_std::rand::Rng; +use ark_std::{ + collections::{BTreeMap, BTreeSet}, + end_timer, hash::Hash, + start_timer, }; use crate::{dpc::Transaction, ledger::*}; -use algebra::bytes::ToBytes; -use crypto_primitives::{ +use ark_crypto_primitives::{ merkle_tree::{self, MerkleTree}, - FixedLengthCRH, + CRH, }; +use ark_ff::bytes::ToBytes; pub struct IdealLedger where T::Commitment: ToBytes, { - crh_params: ::Parameters, + crh_params: ::Parameters, transactions: Vec, cm_merkle_tree: MerkleTree

, cur_cm_index: usize, cur_sn_index: usize, cur_memo_index: usize, - comm_to_index: HashMap, - sn_to_index: HashMap, - memo_to_index: HashMap, + comm_to_index: BTreeMap, + sn_to_index: BTreeMap, + memo_to_index: BTreeMap, current_digest: Option>, - past_digests: HashSet>, + past_digests: BTreeSet>, genesis_cm: T::Commitment, genesis_sn: T::SerialNumber, genesis_memo: T::Memorandum, @@ -51,7 +53,7 @@ where } fn new( - parameters: ::Parameters, + parameters: ::Parameters, genesis_cm: Self::Commitment, genesis_sn: Self::SerialNumber, genesis_memo: Self::Memo, @@ -60,12 +62,12 @@ where MerkleTree::

::new(parameters.clone(), &[genesis_cm.clone()]).unwrap(); let mut cur_cm_index = 0; - let mut comm_to_index = HashMap::new(); + let mut comm_to_index = BTreeMap::new(); comm_to_index.insert(genesis_cm.clone(), cur_cm_index); cur_cm_index += 1; let root = cm_merkle_tree.root(); - let mut past_digests = HashSet::new(); + let mut past_digests = BTreeSet::new(); past_digests.insert(root.clone()); IdealLedger { @@ -77,8 +79,8 @@ where cur_memo_index: 0, comm_to_index, - sn_to_index: HashMap::new(), - memo_to_index: HashMap::new(), + sn_to_index: BTreeMap::new(), + memo_to_index: BTreeMap::new(), current_digest: Some(root), past_digests, genesis_cm, diff --git a/src/ledger/mod.rs b/src/ledger/mod.rs index d92f4c2..3072daf 100644 --- a/src/ledger/mod.rs +++ b/src/ledger/mod.rs @@ -1,6 +1,6 @@ use crate::{dpc::Transaction, Error}; -pub use crypto_primitives::merkle_tree; -use rand::Rng; +pub use ark_crypto_primitives::merkle_tree; +use ark_std::rand::Rng; pub mod ideal_ledger; pub use self::ideal_ledger::*; diff --git a/src/lib.rs b/src/lib.rs index a5d9955..8d12a59 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -42,9 +42,6 @@ #![cfg_attr(feature = "clippy", allow(many_single_char_names))] #![cfg_attr(feature = "clippy", allow(new_without_default_derive))] -#[macro_use] -extern crate bench_utils; - #[macro_use] extern crate derivative; diff --git a/src/predicates/plain_dpc/predicate_circuit.rs b/src/predicates/plain_dpc/predicate_circuit.rs index 4d2d802..5f7b99a 100644 --- a/src/predicates/plain_dpc/predicate_circuit.rs +++ b/src/predicates/plain_dpc/predicate_circuit.rs @@ -1,6 +1,6 @@ use crate::common::ToConstraintField; use crate::constraints::Assignment; -use crate::crypto_primitives::{CommitmentScheme, PRF}; +use crate::ark_crypto_primitives::{CommitmentScheme, PRF}; use crate::dpc::plain_dpc::DPCRecord; use crate::dpc::Record; use crate::plain_dpc::*; @@ -10,7 +10,7 @@ use std::io::{Result as IoResult, Write}; use algebra::PairingEngine; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; +use ark_relations::r1cs::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use crate::Error; @@ -56,85 +56,85 @@ impl ConstraintSynthesizer for EmptyPredicateCircui cs: &mut CS, ) -> Result<(), SynthesisError> { let _position = - UInt8::alloc_input_vec(r1cs_core::ns!(cs, || "Alloc position"), &[self.position])?; + UInt8::alloc_input_vec(ark_relations::ns!(cs, || "Alloc position"), &[self.position])?; { - let mut cs = r1cs_core::ns!(cs, || "Declare public parameters"); + let mut cs = ark_relations::ns!(cs, || "Declare public parameters"); let _local_data_comm_pp = >::ParametersGadget::alloc_input_from_value( - &mut r1cs_core::ns!(cs, || "Declare Pred Input Comm parameters"), + &mut ark_relations::ns!(cs, || "Declare Pred Input Comm parameters"), || self.comm_and_crh_parameters.get().map(|pp| &pp.local_data_comm_pp), )?; } let _local_data_comm = >::OutputGadget::alloc_from_value( - r1cs_core::ns!(cs, || "Allocate predicate commitment"), + ark_relations::ns!(cs, || "Allocate predicate commitment"), || self.local_data_comm.get(), )?; { - let mut cs = r1cs_core::ns!(cs, || "Check that local data commitment is valid."); + let mut cs = ark_relations::ns!(cs, || "Check that local data commitment is valid."); let mut local_data_bytes = Vec::new(); for i in 0..C::NUM_INPUT_RECORDS { let mut cs = - r1cs_core::ns!(cs, || format!("Construct local data with Input Record")); + ark_relations::ns!(cs, || format!("Construct local data with Input Record")); local_data_bytes.extend_from_slice( - &old_rec_comms[i].to_bytes(&mut r1cs_core::ns!(cs, || "Record Comm"))?, + &old_rec_comms[i].to_bytes(&mut ark_relations::ns!(cs, || "Record Comm"))?, ); local_data_bytes - .extend_from_slice(&old_apks[i].to_bytes(&mut r1cs_core::ns!(cs, || "Apk"))?); + .extend_from_slice(&old_apks[i].to_bytes(&mut ark_relations::ns!(cs, || "Apk"))?); local_data_bytes.extend_from_slice( - &old_dummy_flags[i].to_bytes(&mut r1cs_core::ns!(cs, || "IsDummy"))?, + &old_dummy_flags[i].to_bytes(&mut ark_relations::ns!(cs, || "IsDummy"))?, ); local_data_bytes.extend_from_slice(&old_payloads[i]); local_data_bytes.extend_from_slice(&old_birth_pred_hashes[i]); local_data_bytes.extend_from_slice(&old_death_pred_hashes[i]); local_data_bytes - .extend_from_slice(&old_sns[i].to_bytes(&mut r1cs_core::ns!(cs, || "Sn"))?); + .extend_from_slice(&old_sns[i].to_bytes(&mut ark_relations::ns!(cs, || "Sn"))?); } for j in 0..C::NUM_OUTPUT_RECORDS { let mut cs = - r1cs_core::ns!(cs, || format!("Construct local data with Output Record")); + ark_relations::ns!(cs, || format!("Construct local data with Output Record")); local_data_bytes.extend_from_slice( - &new_rec_comms[j].to_bytes(&mut r1cs_core::ns!(cs, || "Record Comm"))?, + &new_rec_comms[j].to_bytes(&mut ark_relations::ns!(cs, || "Record Comm"))?, ); local_data_bytes - .extend_from_slice(&new_apks[j].to_bytes(&mut r1cs_core::ns!(cs, || "Apk"))?); + .extend_from_slice(&new_apks[j].to_bytes(&mut ark_relations::ns!(cs, || "Apk"))?); local_data_bytes.extend_from_slice( - &new_dummy_flags[j].to_bytes(&mut r1cs_core::ns!(cs, || "IsDummy"))?, + &new_dummy_flags[j].to_bytes(&mut ark_relations::ns!(cs, || "IsDummy"))?, ); local_data_bytes.extend_from_slice(&new_payloads[j]); local_data_bytes.extend_from_slice(&new_birth_pred_hashes[j]); local_data_bytes.extend_from_slice(&new_death_pred_hashes[j]); } - let memo = UInt8::alloc_input_vec(r1cs_core::ns!(cs, || "Allocate memorandum"), memo)?; + let memo = UInt8::alloc_input_vec(ark_relations::ns!(cs, || "Allocate memorandum"), memo)?; local_data_bytes.extend_from_slice(&memo); let auxiliary = - UInt8::alloc_vec(r1cs_core::ns!(cs, || "Allocate auxiliary input"), auxiliary)?; + UInt8::alloc_vec(ark_relations::ns!(cs, || "Allocate auxiliary input"), auxiliary)?; local_data_bytes.extend_from_slice(&auxiliary); let local_data_comm_rand = >::RandomnessGadget::alloc_from_value( - r1cs_core::ns!(cs, || "Allocate local data commitment randomness"), + ark_relations::ns!(cs, || "Allocate local data commitment randomness"), || Ok(local_data_rand) )?; let declared_local_data_comm = >::OutputGadget::alloc_input_from_value( - r1cs_core::ns!(cs, || "Allocate local data commitment"), + ark_relations::ns!(cs, || "Allocate local data commitment"), || self.local_data_comm.get() )?; let comm = C::LocalDataCommGadget::check_commitment_gadget( - r1cs_core::ns!(cs, || "Commit to local data"), + ark_relations::ns!(cs, || "Commit to local data"), &local_data_comm_pp, &local_data_bytes, &local_data_comm_rand, )?; comm.enforce_equal( - &mut r1cs_core::ns!(cs, || "Check that local data commitment is valid"), + &mut ark_relations::ns!(cs, || "Check that local data commitment is valid"), &declared_local_data_comm, )?; } diff --git a/tests/plain_dpc.rs b/tests/plain_dpc.rs index 8c70789..967d168 100644 --- a/tests/plain_dpc.rs +++ b/tests/plain_dpc.rs @@ -1,10 +1,10 @@ -use algebra::to_bytes; +use ark_ff::to_bytes; #[cfg(debug_assertions)] -use groth16::PreparedVerifyingKey; -use rand::SeedableRng; +use ark_groth16::PreparedVerifyingKey; +use ark_std::rand::SeedableRng; use rand_xorshift::XorShiftRng; -use crypto_primitives::{nizk::NIZK, FixedLengthCRH}; +use ark_crypto_primitives::{CRH, SNARK}; use dpc::{ plain_dpc::{