diff --git a/Cargo.toml b/Cargo.toml index 8db5d6b..2956a14 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,3 +77,17 @@ lto = "thin" incremental = true debug-assertions = true debug = true + + +[patch.crates-io] +ark-ff = { git = "https://github.com/arkworks-rs/algebra/" } +ark-ec = { git = "https://github.com/arkworks-rs/algebra/" } +ark-poly = { git = "https://github.com/arkworks-rs/algebra/" } +ark-serialize = { git = "https://github.com/arkworks-rs/algebra/" } +ark-r1cs-std = { git = "https://github.com/arkworks-rs/r1cs-std/" } +ark-crypto-primitives = { git = "https://github.com/arkworks-rs/crypto-primitives/" } +ark-relations = { git = "https://github.com/arkworks-rs/snark/" } +ark-snark = { git = "https://github.com/arkworks-rs/snark/" } +ark-mnt4-298 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-mnt6-298 = { git = "https://github.com/arkworks-rs/algebra/" } +ark-bls12-377 = { git = "https://github.com/arkworks-rs/algebra/" } \ No newline at end of file diff --git a/src/constraints.rs b/src/constraints.rs index f292cc6..32b1ad9 100644 --- a/src/constraints.rs +++ b/src/constraints.rs @@ -4,26 +4,26 @@ use crate::{ }; use ark_crypto_primitives::snark::constraints::{CircuitSpecificSetupSNARKGadget, SNARKGadget}; use ark_crypto_primitives::snark::{BooleanInputVar, SNARK}; -use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup}; +use ark_ec::{pairing::Pairing, AffineRepr}; use ark_ff::Field; use ark_r1cs_std::groups::CurveVar; use ark_r1cs_std::{ alloc::{AllocVar, AllocationMode}, - bits::boolean::Boolean, - bits::uint8::UInt8, + boolean::Boolean, + uint8::UInt8, eq::EqGadget, pairing::PairingVar, - ToBitsGadget, ToBytesGadget, + convert::{ToBitsGadget, ToBytesGadget}, }; use ark_relations::r1cs::{Namespace, SynthesisError}; use ark_std::{borrow::Borrow, marker::PhantomData, vec::Vec}; -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; +type BasePrimeField = <::BaseField as Field>::BasePrimeField; /// The proof variable for the Groth16 construction #[derive(Derivative)] #[derivative(Clone(bound = "P::G1Var: Clone, P::G2Var: Clone"))] -pub struct ProofVar>> { +pub struct ProofVar> { /// The `A` element in `G1`. pub a: P::G1Var, /// The `B` element in `G2`. @@ -35,10 +35,10 @@ pub struct ProofVar>> { /// A variable representing the Groth16 verifying key in the constraint system. #[derive(Derivative)] #[derivative( - Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \ - P::G2PreparedVar: Clone, ") + Clone(bound = + "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, P::G2PreparedVar: Clone") )] -pub struct VerifyingKeyVar>> { +pub struct VerifyingKeyVar> { #[doc(hidden)] pub alpha_g1: P::G1Var, #[doc(hidden)] @@ -51,7 +51,7 @@ pub struct VerifyingKeyVar>> { pub gamma_abc_g1: Vec, } -impl>> VerifyingKeyVar { +impl> VerifyingKeyVar { /// Prepare `self` for use in proof verification. pub fn prepare(&self) -> Result, SynthesisError> { let alpha_g1_pc = P::prepare_g1(&self.alpha_g1)?; @@ -76,7 +76,7 @@ impl>> VerifyingKeyVar { Clone(bound = "P::G1Var: Clone, P::GTVar: Clone, P::G1PreparedVar: Clone, \ P::G2PreparedVar: Clone, ") )] -pub struct PreparedVerifyingKeyVar>> { +pub struct PreparedVerifyingKeyVar> { #[doc(hidden)] pub alpha_g1_beta_g2: P::GTVar, #[doc(hidden)] @@ -91,7 +91,7 @@ pub struct PreparedVerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, QAP: R1CSToQAP, { _pairing_engine: PhantomData, @@ -104,7 +104,7 @@ impl SNARKGadget, Groth16> where E: Pairing, QAP: R1CSToQAP, - P: PairingVar>, + P: PairingVar, { type ProcessedVerifyingKeyVar = PreparedVerifyingKeyVar; type VerifyingKeyVar = VerifyingKeyVar; @@ -267,7 +267,7 @@ impl for Groth16VerifierGadget where E: Pairing, - P: PairingVar>, + P: PairingVar, QAP: R1CSToQAP, { } @@ -275,7 +275,7 @@ where impl AllocVar, BasePrimeField> for PreparedVerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -325,7 +325,7 @@ where impl AllocVar, BasePrimeField> for VerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -368,7 +368,7 @@ where impl AllocVar, BasePrimeField> for ProofVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[tracing::instrument(target = "r1cs", skip(cs, f))] fn new_variable>>( @@ -392,18 +392,18 @@ where impl ToBytesGadget> for VerifyingKeyVar where E: Pairing, - P: PairingVar>, + P: PairingVar, { #[inline] #[tracing::instrument(target = "r1cs", skip(self))] - fn to_bytes(&self) -> Result>>, SynthesisError> { + fn to_bytes_le(&self) -> Result>>, SynthesisError> { let mut bytes = Vec::new(); - bytes.extend_from_slice(&self.alpha_g1.to_bytes()?); - bytes.extend_from_slice(&self.beta_g2.to_bytes()?); - bytes.extend_from_slice(&self.gamma_g2.to_bytes()?); - bytes.extend_from_slice(&self.delta_g2.to_bytes()?); + bytes.extend_from_slice(&self.alpha_g1.to_bytes_le()?); + bytes.extend_from_slice(&self.beta_g2.to_bytes_le()?); + bytes.extend_from_slice(&self.gamma_g2.to_bytes_le()?); + bytes.extend_from_slice(&self.delta_g2.to_bytes_le()?); for g in &self.gamma_abc_g1 { - bytes.extend_from_slice(&g.to_bytes()?); + bytes.extend_from_slice(&g.to_bytes_le()?); } Ok(bytes) } diff --git a/src/generator.rs b/src/generator.rs index f45c3ab..91f7936 100644 --- a/src/generator.rs +++ b/src/generator.rs @@ -1,5 +1,5 @@ use crate::{r1cs_to_qap::R1CSToQAP, Groth16, ProvingKey, Vec, VerifyingKey}; -use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup, Group}; +use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup}; use ark_ff::{Field, PrimeField, UniformRand, Zero}; use ark_poly::{EvaluationDomain, GeneralEvaluationDomain}; use ark_relations::r1cs::{ @@ -148,11 +148,11 @@ impl Groth16 { // Generate the R1CS proving key let proving_key_time = start_timer!(|| "Generate the R1CS proving key"); - let alpha_g1 = g1_generator.mul_bigint(&alpha.into_bigint()); - let beta_g1 = g1_generator.mul_bigint(&beta.into_bigint()); - let beta_g2 = g2_generator.mul_bigint(&beta.into_bigint()); - let delta_g1 = g1_generator.mul_bigint(&delta.into_bigint()); - let delta_g2 = g2_generator.mul_bigint(&delta.into_bigint()); + let alpha_g1 = g1_generator * α + let beta_g1 = g1_generator * β + let beta_g2 = g2_generator * β + let delta_g1 = g1_generator * δ + let delta_g2 = g2_generator * δ // Compute the A-query let a_time = start_timer!(|| "Calculate A"); @@ -187,7 +187,7 @@ impl Groth16 { // Generate R1CS verification key let verifying_key_time = start_timer!(|| "Generate the R1CS verification key"); - let gamma_g2 = g2_generator.mul_bigint(&gamma.into_bigint()); + let gamma_g2 = g2_generator * γ let gamma_abc_g1 = FixedBase::msm::(scalar_bits, g1_window, &g1_table, &gamma_abc); drop(g1_table); diff --git a/src/lib.rs b/src/lib.rs index 514cf2a..8b880fe 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -42,7 +42,7 @@ pub mod constraints; mod test; pub use self::data_structures::*; -pub use self::{generator::*, prover::*, verifier::*}; +pub use self::{verifier::*}; use ark_crypto_primitives::snark::*; use ark_ec::pairing::Pairing; diff --git a/src/prover.rs b/src/prover.rs index cfb7277..a741842 100644 --- a/src/prover.rs +++ b/src/prover.rs @@ -1,5 +1,5 @@ use crate::{r1cs_to_qap::R1CSToQAP, Groth16, Proof, ProvingKey, VerifyingKey}; -use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, Group, VariableBaseMSM}; +use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, VariableBaseMSM}; use ark_ff::{Field, PrimeField, UniformRand, Zero}; use ark_poly::GeneralEvaluationDomain; use ark_relations::r1cs::{ @@ -73,11 +73,7 @@ impl Groth16 { let l_aux_acc = E::G1::msm_bigint(&pk.l_query, &aux_assignment); - let r_s_delta_g1 = pk - .delta_g1 - .into_group() - .mul_bigint(&r.into_bigint()) - .mul_bigint(&s.into_bigint()); + let r_s_delta_g1 = pk.delta_g1 * (r * s); end_timer!(c_acc_time); @@ -95,7 +91,7 @@ impl Groth16 { let g_a = Self::calculate_coeff(r_g1, &pk.a_query, pk.vk.alpha_g1, &assignment); - let s_g_a = g_a.mul_bigint(&s.into_bigint()); + let s_g_a = g_a * &s; end_timer!(a_acc_time); // Compute B in G1 if needed @@ -115,7 +111,7 @@ impl Groth16 { let b_g2_acc_time = start_timer!(|| "Compute B in G2"); let s_g2 = pk.vk.delta_g2.mul(s); let g2_b = Self::calculate_coeff(s_g2, &pk.b_g2_query, pk.vk.beta_g2, &assignment); - let r_g1_b = g1_b.mul_bigint(&r.into_bigint()); + let r_g1_b = g1_b * &r; drop(assignment); end_timer!(b_g2_acc_time);