Fix and update dependencies to 0.3

Cargo.toml

@@ -20,34 +20,35 @@ license = "MIT/Apache-2.0"
 edition = "2018"
 
 [dependencies]
-ark-serialize = { version = "^0.2.0", default-features = false, features = [ "derive" ] }
-ark-ff = { version = "^0.2.0", default-features = false }
-ark-std = { version = "^0.2.0", default-features = false }
-ark-poly = { version = "^0.2.0", default-features = false }
-ark-relations = { version = "^0.2.0", default-features = false }
+ark-serialize = { version = "0.3", default-features = false, features = [ "derive" ] }
+ark-ff = { version = "0.3", default-features = false }
+ark-std = { version = "0.3", default-features = false }
+ark-poly = { version = "0.3", default-features = false }
+ark-relations = { version = "0.3", default-features = false }
 ark-poly-commit = { git = "https://github.com/arkworks-rs/poly-commit", branch = "constraints", default-features = false, features = [ "r1cs" ] }
+ark-sponge = { version = "0.3", default-features = false }
 
-rand_chacha = { version = "0.2.1", default-features = false }
+rand_chacha = { version = "0.3", default-features = false }
 rayon = { version = "1", optional = true }
 digest = { version = "0.9" }
 derivative = { version = "2", features = ["use_core"] }
 
-ark-ec = { version = "^0.2.0", default-features = false }
-ark-crypto-primitives = { version = "^0.2.0", default-features = false, features = [ "r1cs" ] }
-ark-r1cs-std = { version = "^0.2.0", default-features = false }
-ark-nonnative-field = { version = "^0.2.0", default-features = false }
-ark-snark = { version = "^0.2.0", default-features = false }
+ark-ec = { version = "0.3", default-features = false }
+ark-crypto-primitives = { version = "0.3", default-features = false, features = [ "r1cs" ] }
+ark-r1cs-std = { version = "0.3", default-features = false }
+ark-nonnative-field = { version = "0.3", default-features = false }
+ark-snark = { version = "0.3", default-features = false }
 hashbrown = "0.9"
 tracing = { version = "0.1", default-features = false, features = [ "attributes" ] }
 tracing-subscriber = { version = "0.2", default-features = false, optional = true }
 
 [dev-dependencies]
 blake2 = { version = "0.9", default-features = false }
-ark-bls12-381 = { version = "^0.2.0", default-features = false, features = [ "curve" ] }
-ark-mnt4-298 = { version = "^0.2.0", default-features = false, features = ["r1cs", "curve"] }
-ark-mnt6-298 = { version = "^0.2.0", default-features = false, features = ["r1cs"] }
-ark-mnt4-753 = { version = "^0.2.0", default-features = false, features = ["r1cs", "curve"] }
-ark-mnt6-753 = { version = "^0.2.0", default-features = false, features = ["r1cs"] }
+ark-bls12-381 = { version = "0.3", default-features = false, features = [ "curve" ] }
+ark-mnt4-298 = { version = "0.3", default-features = false, features = ["r1cs", "curve"] }
+ark-mnt6-298 = { version = "0.3", default-features = false, features = ["r1cs"] }
+ark-mnt4-753 = { version = "0.3", default-features = false, features = ["r1cs", "curve"] }
+ark-mnt6-753 = { version = "0.3", default-features = false, features = ["r1cs"] }
 
 [profile.release]
 opt-level = 3
@@ -76,4 +77,4 @@ parallel = [ "std", "ark-ff/parallel", "ark-poly/parallel", "ark-std/parallel",
 name = "marlin-benches"
 path = "benches/bench.rs"
 harness = false
-required-features = ["std"]
+required-features = ["std"]

src/ahp/mod.rs

@@ -1,9 +1,12 @@
 use crate::{String, ToString, Vec};
 use ark_ff::{Field, PrimeField};
+use ark_nonnative_field::NonNativeFieldVar;
 use ark_poly::univariate::DensePolynomial;
 use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
 use ark_poly_commit::{LCTerm, LinearCombination};
-use ark_relations::r1cs::SynthesisError;
+use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError};
+use ark_sponge::constraints::CryptographicSpongeVar;
+use ark_sponge::CryptographicSponge;
 use ark_std::{borrow::Borrow, cfg_iter_mut, format, marker::PhantomData, vec};
 
 #[cfg(feature = "parallel")]
@@ -20,6 +23,34 @@ pub mod verifier;
 /// A labeled DensePolynomial with coefficients over `F`
 pub type LabeledPolynomial<F> = ark_poly_commit::LabeledPolynomial<F, DensePolynomial<F>>;
 
+/// The interface for a cryptographic sponge with default parameters
+pub trait CryptographicSpongeWithDefault: CryptographicSponge {
+    /// Default parametes for the cryptographic sponge
+    ///
+    /// Replacement for the requirement of S::Parameters: Default to minimize the upwards impact of
+    /// this implementation
+    fn default_params() -> Self::Parameters;
+}
+
+/// The interface for a cryptographic sponge constraints on field `F`.
+/// A sponge can `absorb` or take in inputs and later `squeeze` or output bytes or field elements.
+/// The outputs are dependent on previous `absorb` and `squeeze` calls.
+pub trait CryptographicSpongeVarNonNative<F: PrimeField, CF: PrimeField, S: CryptographicSponge>:
+    CryptographicSpongeVar<CF, S>
+{
+    /// Default parametes for the cryptographic sponge var
+    fn default_params() -> <Self as CryptographicSpongeVar<CF, S>>::Parameters;
+
+    /// Plaintext sponge
+    fn constant(cs: ConstraintSystemRef<CF>) -> Self;
+
+    /// Absorb non native `CF` elements
+    fn absorb_nonnative(
+        &mut self,
+        input: &[NonNativeFieldVar<F, CF>],
+    ) -> Result<(), SynthesisError>;
+}
+
 /// The algebraic holographic proof defined in [CHMMVW19](https://eprint.iacr.org/2019/1047).
 /// Currently, this AHP only supports inputs of size one
 /// less than a power of 2 (i.e., of the form 2^n - 1).

src/ahp/prover.rs

@@ -444,10 +444,9 @@ impl<F: PrimeField> AHPForR1CS<F> {
     }
 
     /// Output the second round message and the next state.
-    pub fn prover_second_round<'a, R: RngCore>(
+    pub fn prover_second_round<'a>(
         ver_message: &VerifierFirstMsg<F>,
         mut state: ProverState<'a, F>,
-        _r: &mut R,
         hiding: bool,
     ) -> (ProverMsg<F>, ProverSecondOracles<F>, ProverState<'a, F>) {
         let round_time = start_timer!(|| "AHP::Prover::SecondRound");
@@ -598,10 +597,9 @@ impl<F: PrimeField> AHPForR1CS<F> {
     }
 
     /// Output the third round message and the next state.
-    pub fn prover_third_round<'a, R: RngCore>(
+    pub fn prover_third_round<'a>(
         ver_message: &VerifierSecondMsg<F>,
         prover_state: ProverState<'a, F>,
-        _r: &mut R,
     ) -> Result<(ProverMsg<F>, ProverThirdOracles<F>), Error> {
         let round_time = start_timer!(|| "AHP::Prover::ThirdRound");
 

src/ahp/verifier.rs

@@ -3,11 +3,9 @@
 use crate::ahp::indexer::IndexInfo;
 use crate::ahp::*;
 
-use crate::fiat_shamir::FiatShamirRng;
 use ark_ff::PrimeField;
-use ark_nonnative_field::params::OptimizationType;
-use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
 use ark_poly_commit::QuerySet;
+use ark_sponge::CryptographicSponge;
 
 /// State of the AHP verifier
 pub struct VerifierState<F: PrimeField> {
@@ -42,21 +40,22 @@ pub struct VerifierSecondMsg<F> {
 
 impl<F: PrimeField> AHPForR1CS<F> {
     /// Output the first message and next round state.
-    pub fn verifier_first_round<FSF: PrimeField, R: FiatShamirRng<F, FSF>>(
+    pub fn verifier_first_round<FSF: PrimeField, S: CryptographicSponge>(
         index_info: IndexInfo<F>,
-        fs_rng: &mut R,
+        sponge: &mut S,
     ) -> Result<(VerifierFirstMsg<F>, VerifierState<F>), Error> {
         if index_info.num_constraints != index_info.num_variables {
             return Err(Error::NonSquareMatrix);
         }
 
-        let domain_h = GeneralEvaluationDomain::new(index_info.num_constraints)
-            .ok_or(SynthesisError::PolynomialDegreeTooLarge)?;
+        let domain_h: GeneralEvaluationDomain<F> =
+            GeneralEvaluationDomain::new(index_info.num_constraints)
+                .ok_or(SynthesisError::PolynomialDegreeTooLarge)?;
 
         let domain_k = GeneralEvaluationDomain::new(index_info.num_non_zero)
             .ok_or(SynthesisError::PolynomialDegreeTooLarge)?;
 
-        let elems = fs_rng.squeeze_nonnative_field_elements(4, OptimizationType::Weight);
+        let elems = sponge.squeeze_field_elements(4);
         let alpha = elems[0];
         let eta_a = elems[1];
         let eta_b = elems[2];
@@ -82,11 +81,11 @@ impl<F: PrimeField> AHPForR1CS<F> {
     }
 
     /// Output the second message and next round state.
-    pub fn verifier_second_round<FSF: PrimeField, R: FiatShamirRng<F, FSF>>(
+    pub fn verifier_second_round<FSF: PrimeField, S: CryptographicSponge>(
         mut state: VerifierState<F>,
-        fs_rng: &mut R,
+        sponge: &mut S,
     ) -> (VerifierSecondMsg<F>, VerifierState<F>) {
-        let elems = fs_rng.squeeze_nonnative_field_elements(1, OptimizationType::Weight);
+        let elems = sponge.squeeze_field_elements(1);
         let beta = elems[0];
         assert!(!state.domain_h.evaluate_vanishing_polynomial(beta).is_zero());
 
@@ -97,21 +96,20 @@ impl<F: PrimeField> AHPForR1CS<F> {
     }
 
     /// Output the third message and next round state.
-    pub fn verifier_third_round<FSF: PrimeField, R: FiatShamirRng<F, FSF>>(
+    pub fn verifier_third_round<FSF: PrimeField, S: CryptographicSponge>(
         mut state: VerifierState<F>,
-        fs_rng: &mut R,
+        sponge: &mut S,
     ) -> VerifierState<F> {
-        let elems = fs_rng.squeeze_nonnative_field_elements(1, OptimizationType::Weight);
+        let elems = sponge.squeeze_field_elements(1);
         let gamma = elems[0];
 
         state.gamma = Some(gamma);
         state
     }
 
     /// Output the query state and next round state.
-    pub fn verifier_query_set<'a, FSF: PrimeField, R: FiatShamirRng<F, FSF>>(
+    pub fn verifier_query_set<'a, FSF: PrimeField>(
         state: VerifierState<F>,
-        _: &'a mut R,
         with_vanishing: bool,
     ) -> (QuerySet<F>, VerifierState<F>) {
         let alpha = state.first_round_msg.unwrap().alpha;