Upgrade for latest r1cs-std

Cargo.toml

@@ -77,3 +77,17 @@ lto = "thin"
 incremental = true
 debug-assertions = true
 debug = true
+
+
+[patch.crates-io]
+ark-ff = { git = "https://github.com/arkworks-rs/algebra/" }
+ark-ec = { git = "https://github.com/arkworks-rs/algebra/" }
+ark-poly = { git = "https://github.com/arkworks-rs/algebra/" }
+ark-serialize = { git = "https://github.com/arkworks-rs/algebra/" }
+ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std/" }
+ark-crypto-primitives = { git = "https://github.com/arkworks-rs/crypto-primitives/" }
+ark-relations = { git = "https://github.com/arkworks-rs/snark/" }
+ark-snark = { git = "https://github.com/arkworks-rs/snark/" }
+ark-mnt4-298 = { git = "https://github.com/arkworks-rs/algebra/" }
+ark-mnt6-298 = { git = "https://github.com/arkworks-rs/algebra/" }
+ark-bls12-377 = { git = "https://github.com/arkworks-rs/algebra/" }

src/constraints.rs

@@ -4,26 +4,26 @@ use crate::{
 };
 use ark_crypto_primitives::snark::constraints::{CircuitSpecificSetupSNARKGadget, SNARKGadget};
 use ark_crypto_primitives::snark::{BooleanInputVar, SNARK};
-use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup};
+use ark_ec::{pairing::Pairing, AffineRepr};
 use ark_ff::Field;
 use ark_r1cs_std::groups::CurveVar;
 use ark_r1cs_std::{
     alloc::{AllocVar, AllocationMode},
-    bits::boolean::Boolean,
-    bits::uint8::UInt8,
+    boolean::Boolean,
+    uint8::UInt8,
     eq::EqGadget,
     pairing::PairingVar,
-    ToBitsGadget, ToBytesGadget,
+    convert::{ToBitsGadget, ToBytesGadget},
 };
 use ark_relations::r1cs::{Namespace, SynthesisError};
 use ark_std::{borrow::Borrow, marker::PhantomData, vec::Vec};
 
-type BasePrimeField<E> = <<<E as Pairing>::G1 as CurveGroup>::BaseField as Field>::BasePrimeField;
+type BasePrimeField<E> = <<E as Pairing>::BaseField as Field>::BasePrimeField;
 
 /// The proof variable for the Groth16 construction
 #[derive(Derivative)]
 #[derivative(Clone(bound = "P::G1Var: Clone, P::G2Var: Clone"))]
-pub struct ProofVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
+pub struct ProofVar<E: Pairing, P: PairingVar<E>> {
     /// The `A` element in `G1`.
     pub a: P::G1Var,
     /// The `B` element in `G2`.
@@ -35,10 +35,10 @@ pub struct ProofVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
 /// A variable representing the Groth16 verifying key in the constraint system.
 #[derive(Derivative)]
 #[derivative(
-    Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \
-    P::G2PreparedVar: Clone, ")
+    Clone(bound = 
+        "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, P::G2PreparedVar: Clone")
 )]
-pub struct VerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
+pub struct VerifyingKeyVar<E: Pairing, P: PairingVar<E>> {
     #[doc(hidden)]
     pub alpha_g1: P::G1Var,
     #[doc(hidden)]
@@ -51,7 +51,7 @@ pub struct VerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
     pub gamma_abc_g1: Vec<P::G1Var>,
 }
 
-impl<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> VerifyingKeyVar<E, P> {
+impl<E: Pairing, P: PairingVar<E>> VerifyingKeyVar<E, P> {
     /// Prepare `self` for use in proof verification.
     pub fn prepare(&self) -> Result<PreparedVerifyingKeyVar<E, P>, SynthesisError> {
         let alpha_g1_pc = P::prepare_g1(&self.alpha_g1)?;
@@ -76,7 +76,7 @@ impl<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> VerifyingKeyVar<E, P> {
     Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \
     P::G2PreparedVar: Clone, ")
 )]
-pub struct PreparedVerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E>>> {
+pub struct PreparedVerifyingKeyVar<E: Pairing, P: PairingVar<E>> {
     #[doc(hidden)]
     pub alpha_g1_beta_g2: P::GTVar,
     #[doc(hidden)]
@@ -91,7 +91,7 @@ pub struct PreparedVerifyingKeyVar<E: Pairing, P: PairingVar<E, BasePrimeField<E
 pub struct Groth16VerifierGadget<E, P, QAP = LibsnarkReduction>
 where
     E: Pairing,
-    P: PairingVar<E, BasePrimeField<E>>,
+    P: PairingVar<E>,
     QAP: R1CSToQAP,
 {
     _pairing_engine: PhantomData<E>,
@@ -104,7 +104,7 @@ impl<E, QAP, P> SNARKGadget<E::ScalarField, BasePrimeField<E>, Groth16<E, QAP>>
 where
     E: Pairing,
     QAP: R1CSToQAP,
-    P: PairingVar<E, BasePrimeField<E>>,
+    P: PairingVar<E>,
 {
     type ProcessedVerifyingKeyVar = PreparedVerifyingKeyVar<E, P>;
     type VerifyingKeyVar = VerifyingKeyVar<E, P>;
@@ -267,15 +267,15 @@ impl<E, P, QAP: R1CSToQAP>
     for Groth16VerifierGadget<E, P, QAP>
 where
     E: Pairing,
-    P: PairingVar<E, BasePrimeField<E>>,
+    P: PairingVar<E>,
     QAP: R1CSToQAP,
 {
 }
 
 impl<E, P> AllocVar<PreparedVerifyingKey<E>, BasePrimeField<E>> for PreparedVerifyingKeyVar<E, P>
 where
     E: Pairing,
-    P: PairingVar<E, BasePrimeField<E>>,
+    P: PairingVar<E>,
 {
     #[tracing::instrument(target = "r1cs", skip(cs, f))]
     fn new_variable<T: Borrow<PreparedVerifyingKey<E>>>(
@@ -325,7 +325,7 @@ where
 impl<E, P> AllocVar<VerifyingKey<E>, BasePrimeField<E>> for VerifyingKeyVar<E, P>
 where
     E: Pairing,
-    P: PairingVar<E, BasePrimeField<E>>,
+    P: PairingVar<E>,
 {
     #[tracing::instrument(target = "r1cs", skip(cs, f))]
     fn new_variable<T: Borrow<VerifyingKey<E>>>(
@@ -368,7 +368,7 @@ where
 impl<E, P> AllocVar<Proof<E>, BasePrimeField<E>> for ProofVar<E, P>
 where
     E: Pairing,
-    P: PairingVar<E, BasePrimeField<E>>,
+    P: PairingVar<E>,
 {
     #[tracing::instrument(target = "r1cs", skip(cs, f))]
     fn new_variable<T: Borrow<Proof<E>>>(
@@ -392,18 +392,18 @@ where
 impl<E, P> ToBytesGadget<BasePrimeField<E>> for VerifyingKeyVar<E, P>
 where
     E: Pairing,
-    P: PairingVar<E, BasePrimeField<E>>,
+    P: PairingVar<E>,
 {
     #[inline]
     #[tracing::instrument(target = "r1cs", skip(self))]
-    fn to_bytes(&self) -> Result<Vec<UInt8<BasePrimeField<E>>>, SynthesisError> {
+    fn to_bytes_le(&self) -> Result<Vec<UInt8<BasePrimeField<E>>>, SynthesisError> {
         let mut bytes = Vec::new();
-        bytes.extend_from_slice(&self.alpha_g1.to_bytes()?);
-        bytes.extend_from_slice(&self.beta_g2.to_bytes()?);
-        bytes.extend_from_slice(&self.gamma_g2.to_bytes()?);
-        bytes.extend_from_slice(&self.delta_g2.to_bytes()?);
+        bytes.extend_from_slice(&self.alpha_g1.to_bytes_le()?);
+        bytes.extend_from_slice(&self.beta_g2.to_bytes_le()?);
+        bytes.extend_from_slice(&self.gamma_g2.to_bytes_le()?);
+        bytes.extend_from_slice(&self.delta_g2.to_bytes_le()?);
         for g in &self.gamma_abc_g1 {
-            bytes.extend_from_slice(&g.to_bytes()?);
+            bytes.extend_from_slice(&g.to_bytes_le()?);
         }
         Ok(bytes)
     }

src/generator.rs

@@ -1,5 +1,5 @@
 use crate::{r1cs_to_qap::R1CSToQAP, Groth16, ProvingKey, Vec, VerifyingKey};
-use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup, Group};
+use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup};
 use ark_ff::{Field, PrimeField, UniformRand, Zero};
 use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
 use ark_relations::r1cs::{
@@ -148,11 +148,11 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
         // Generate the R1CS proving key
         let proving_key_time = start_timer!(|| "Generate the R1CS proving key");
 
-        let alpha_g1 = g1_generator.mul_bigint(&alpha.into_bigint());
-        let beta_g1 = g1_generator.mul_bigint(&beta.into_bigint());
-        let beta_g2 = g2_generator.mul_bigint(&beta.into_bigint());
-        let delta_g1 = g1_generator.mul_bigint(&delta.into_bigint());
-        let delta_g2 = g2_generator.mul_bigint(&delta.into_bigint());
+        let alpha_g1 = g1_generator * &alpha;
+        let beta_g1 = g1_generator * &beta;
+        let beta_g2 = g2_generator * &beta;
+        let delta_g1 = g1_generator * &delta;
+        let delta_g2 = g2_generator * &delta;
 
         // Compute the A-query
         let a_time = start_timer!(|| "Calculate A");
@@ -187,7 +187,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
 
         // Generate R1CS verification key
         let verifying_key_time = start_timer!(|| "Generate the R1CS verification key");
-        let gamma_g2 = g2_generator.mul_bigint(&gamma.into_bigint());
+        let gamma_g2 = g2_generator * &gamma;
         let gamma_abc_g1 = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &gamma_abc);
 
         drop(g1_table);

src/lib.rs

@@ -42,7 +42,7 @@ pub mod constraints;
 mod test;
 
 pub use self::data_structures::*;
-pub use self::{generator::*, prover::*, verifier::*};
+pub use self::{verifier::*};
 
 use ark_crypto_primitives::snark::*;
 use ark_ec::pairing::Pairing;

src/prover.rs

@@ -1,5 +1,5 @@
 use crate::{r1cs_to_qap::R1CSToQAP, Groth16, Proof, ProvingKey, VerifyingKey};
-use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, Group, VariableBaseMSM};
+use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, VariableBaseMSM};
 use ark_ff::{Field, PrimeField, UniformRand, Zero};
 use ark_poly::GeneralEvaluationDomain;
 use ark_relations::r1cs::{
@@ -73,11 +73,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
 
         let l_aux_acc = E::G1::msm_bigint(&pk.l_query, &aux_assignment);
 
-        let r_s_delta_g1 = pk
-            .delta_g1
-            .into_group()
-            .mul_bigint(&r.into_bigint())
-            .mul_bigint(&s.into_bigint());
+        let r_s_delta_g1 = pk.delta_g1 * (r * s);
 
         end_timer!(c_acc_time);
 
@@ -95,7 +91,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
 
         let g_a = Self::calculate_coeff(r_g1, &pk.a_query, pk.vk.alpha_g1, &assignment);
 
-        let s_g_a = g_a.mul_bigint(&s.into_bigint());
+        let s_g_a = g_a * &s;
         end_timer!(a_acc_time);
 
         // Compute B in G1 if needed
@@ -115,7 +111,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
         let b_g2_acc_time = start_timer!(|| "Compute B in G2");
         let s_g2 = pk.vk.delta_g2.mul(s);
         let g2_b = Self::calculate_coeff(s_g2, &pk.b_g2_query, pk.vk.beta_g2, &assignment);
-        let r_g1_b = g1_b.mul_bigint(&r.into_bigint());
+        let r_g1_b = g1_b * &r;
         drop(assignment);
 
         end_timer!(b_g2_acc_time);