Upgrade to v0.4.0

CHANGELOG.md

@@ -14,6 +14,13 @@
 
 ### Bug fixes
 
+## v0.4.0
+
+- Change dependency to version `0.4.0` of other arkwork-rs crates.
+- Fiat-Shamir transformation for the AHP uses the Poseidon sponge function.
+- Introduced fast_prove and fast_verify methods for PrimeFields that also implement the Absorb trait.
+- Added RngCore and CryptographicSponge traits for rng sources.
+
 ## v0.3.0
 
 - Change dependency to version `0.3.0` of other arkworks-rs crates.

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ark-marlin"
-version = "0.3.0"
+version = "0.4.0"
 authors = [
   "Alessandro Chiesa <[email protected]>",
   "Mary Maller <[email protected]>",
@@ -17,28 +17,31 @@ keywords = ["cryptography", "commitments", "zkSNARK"]
 categories = ["cryptography"]
 include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
 license = "MIT/Apache-2.0"
-edition = "2018"
+edition = "2021"
 
 [dependencies]
-ark-serialize = { version = "^0.3.0", default-features = false, features = [ "derive" ] }
-ark-ff = { version = "^0.3.0", default-features = false }
-ark-std = { version = "^0.3.0", default-features = false }
-ark-poly = { version = "^0.3.0", default-features = false }
-ark-relations = { version = "^0.3.0", default-features = false }
-ark-poly-commit = { version = "^0.3.0", default-features = false }
+ark-serialize = { version = "^0.4.0", default-features = false, features = [ "derive" ] }
+ark-ff = { version = "^0.4.0", default-features = false }
+ark-ec = { version = "^0.4.0", default-features = false }
+ark-std = { version = "^0.4.0", default-features = false }
+ark-poly = { version = "^0.4.0", default-features = false }
+ark-relations = { version = "^0.4.0", default-features = false }
+ark-poly-commit = { version = "^0.4.0", default-features = false }
+ark-crypto-primitives = { version = "^0.4.0", default-features = false, features = [ "r1cs" ] }
 
 rayon = { version = "1", optional = true }
 digest = { version = "0.9" }
 derivative = { version = "2", features = ["use_core"] }
+itertools = "0.11.0"
 
 [dev-dependencies]
-rand_chacha = { version = "0.3.0", default-features = false }
+rand_chacha = { version = "^0.3.0", default-features = false }
 blake2 = { version = "0.9", default-features = false }
-ark-bls12-381 = { version = "^0.3.0", default-features = false, features = [ "curve" ] }
-ark-mnt4-298 = { version = "^0.3.0", default-features = false, features = ["r1cs", "curve"] }
-ark-mnt6-298 = { version = "^0.3.0", default-features = false, features = ["r1cs"] }
-ark-mnt4-753 = { version = "^0.3.0", default-features = false, features = ["r1cs", "curve"] }
-ark-mnt6-753 = { version = "^0.3.0", default-features = false, features = ["r1cs"] }
+ark-bls12-381 = { version = "^0.4.0", default-features = false, features = [ "curve" ] }
+ark-mnt4-298 = { version = "^0.4.0", default-features = false, features = ["r1cs", "curve"] }
+ark-mnt6-298 = { version = "^0.4.0", default-features = false, features = ["r1cs"] }
+ark-mnt4-753 = { version = "^0.4.0", default-features = false, features = ["r1cs", "curve"] }
+ark-mnt6-753 = { version = "^0.4.0", default-features = false, features = ["r1cs"] }
 
 [profile.release]
 opt-level = 3

benches/bench.rs

@@ -3,8 +3,10 @@
 // where N is the number of threads you want to use (N = 1 for single-thread).
 
 use ark_bls12_381::{Bls12_381, Fr as BlsFr};
+
+use ark_crypto_primitives::sponge::CryptographicSponge;
 use ark_ff::PrimeField;
-use ark_marlin::{Marlin, SimpleHashFiatShamirRng};
+use ark_marlin::{Marlin, SimplePoseidonRng};
 use ark_mnt4_298::{Fr as MNT4Fr, MNT4_298};
 use ark_mnt4_753::{Fr as MNT4BigFr, MNT4_753};
 use ark_mnt6_298::{Fr as MNT6Fr, MNT6_298};
@@ -15,9 +17,8 @@ use ark_relations::{
     lc,
     r1cs::{ConstraintSynthesizer, ConstraintSystemRef, SynthesisError},
 };
-use ark_std::{ops::Mul, UniformRand};
-use blake2::Blake2s;
-use rand_chacha::ChaChaRng;
+use ark_std::{ops::Mul, rand::RngCore};
+use itertools::Itertools;
 
 const NUM_PROVE_REPEATITIONS: usize = 10;
 const NUM_VERIFY_REPEATITIONS: usize = 50;
@@ -68,24 +69,40 @@ impl<F: PrimeField> ConstraintSynthesizer<F> for DummyCircuit<F> {
 
 macro_rules! marlin_prove_bench {
     ($bench_name:ident, $bench_field:ty, $bench_pairing_engine:ty) => {
-        let rng = &mut ark_std::test_rng();
+        let mut rng_seed = ark_std::test_rng();
+        let mut rng: SimplePoseidonRng<$bench_field> = SimplePoseidonRng::default();
+        rng.absorb(&rng_seed.next_u64());
+        let (a, b) = rng
+            .squeeze_field_elements(2)
+            .iter()
+            .map(|x: &$bench_field| x.to_owned())
+            .collect_tuple()
+            .unwrap();
         let c = DummyCircuit::<$bench_field> {
-            a: Some(<$bench_field>::rand(rng)),
-            b: Some(<$bench_field>::rand(rng)),
+            a: Some(a),
+            b: Some(b),
             num_variables: 10,
             num_constraints: 65536,
         };
 
         let srs = Marlin::<
             $bench_field,
-            SonicKZG10<$bench_pairing_engine, DensePolynomial<$bench_field>>,
-            SimpleHashFiatShamirRng<Blake2s, ChaChaRng>,
-        >::universal_setup(65536, 65536, 3 * 65536, rng)
+            SonicKZG10<
+                $bench_pairing_engine,
+                DensePolynomial<$bench_field>,
+                SimplePoseidonRng<$bench_field>,
+            >,
+            SimplePoseidonRng<$bench_field>,
+        >::universal_setup(65536, 65536, 3 * 65536, &mut rng)
         .unwrap();
         let (pk, _) = Marlin::<
             $bench_field,
-            SonicKZG10<$bench_pairing_engine, DensePolynomial<$bench_field>>,
-            SimpleHashFiatShamirRng<Blake2s, ChaChaRng>,
+            SonicKZG10<
+                $bench_pairing_engine,
+                DensePolynomial<$bench_field>,
+                SimplePoseidonRng<$bench_field>,
+            >,
+            SimplePoseidonRng<$bench_field>,
         >::index(&srs, c)
         .unwrap();
 
@@ -94,9 +111,13 @@ macro_rules! marlin_prove_bench {
         for _ in 0..NUM_PROVE_REPEATITIONS {
             let _ = Marlin::<
                 $bench_field,
-                SonicKZG10<$bench_pairing_engine, DensePolynomial<$bench_field>>,
-                SimpleHashFiatShamirRng<Blake2s, ChaChaRng>,
-            >::prove(&pk, c.clone(), rng)
+                SonicKZG10<
+                    $bench_pairing_engine,
+                    DensePolynomial<$bench_field>,
+                    SimplePoseidonRng<$bench_field>,
+                >,
+                SimplePoseidonRng<$bench_field>,
+            >::prove(&pk, c.clone(), &mut rng)
             .unwrap();
         }
 
@@ -110,31 +131,51 @@ macro_rules! marlin_prove_bench {
 
 macro_rules! marlin_verify_bench {
     ($bench_name:ident, $bench_field:ty, $bench_pairing_engine:ty) => {
-        let rng = &mut ark_std::test_rng();
+        let mut rng_seed = ark_std::test_rng();
+        let mut rng: SimplePoseidonRng<$bench_field> = SimplePoseidonRng::default();
+        rng.absorb(&rng_seed.next_u64());
+        let (a, b) = rng
+            .squeeze_field_elements(2)
+            .iter()
+            .map(|x: &$bench_field| x.to_owned())
+            .collect_tuple()
+            .unwrap();
         let c = DummyCircuit::<$bench_field> {
-            a: Some(<$bench_field>::rand(rng)),
-            b: Some(<$bench_field>::rand(rng)),
+            a: Some(a),
+            b: Some(b),
             num_variables: 10,
             num_constraints: 65536,
         };
 
         let srs = Marlin::<
             $bench_field,
-            SonicKZG10<$bench_pairing_engine, DensePolynomial<$bench_field>>,
-            SimpleHashFiatShamirRng<Blake2s, ChaChaRng>,
-        >::universal_setup(65536, 65536, 3 * 65536, rng)
+            SonicKZG10<
+                $bench_pairing_engine,
+                DensePolynomial<$bench_field>,
+                SimplePoseidonRng<$bench_field>,
+            >,
+            SimplePoseidonRng<$bench_field>,
+        >::universal_setup(65536, 65536, 3 * 65536, &mut rng)
         .unwrap();
         let (pk, vk) = Marlin::<
             $bench_field,
-            SonicKZG10<$bench_pairing_engine, DensePolynomial<$bench_field>>,
-            SimpleHashFiatShamirRng<Blake2s, ChaChaRng>,
+            SonicKZG10<
+                $bench_pairing_engine,
+                DensePolynomial<$bench_field>,
+                SimplePoseidonRng<$bench_field>,
+            >,
+            SimplePoseidonRng<$bench_field>,
         >::index(&srs, c)
         .unwrap();
         let proof = Marlin::<
             $bench_field,
-            SonicKZG10<$bench_pairing_engine, DensePolynomial<$bench_field>>,
-            SimpleHashFiatShamirRng<Blake2s, ChaChaRng>,
-        >::prove(&pk, c.clone(), rng)
+            SonicKZG10<
+                $bench_pairing_engine,
+                DensePolynomial<$bench_field>,
+                SimplePoseidonRng<$bench_field>,
+            >,
+            SimplePoseidonRng<$bench_field>,
+        >::prove(&pk, c.clone(), &mut rng)
         .unwrap();
 
         let v = c.a.unwrap().mul(c.b.unwrap());
@@ -144,9 +185,13 @@ macro_rules! marlin_verify_bench {
         for _ in 0..NUM_VERIFY_REPEATITIONS {
             let _ = Marlin::<
                 $bench_field,
-                SonicKZG10<$bench_pairing_engine, DensePolynomial<$bench_field>>,
-                SimpleHashFiatShamirRng<Blake2s, ChaChaRng>,
-            >::verify(&vk, &vec![v], &proof, rng)
+                SonicKZG10<
+                    $bench_pairing_engine,
+                    DensePolynomial<$bench_field>,
+                    SimplePoseidonRng<$bench_field>,
+                >,
+                SimplePoseidonRng<$bench_field>,
+            >::verify(&vk, &vec![v], &proof, &mut rng)
             .unwrap();
         }
 

src/ahp/constraint_systems.rs

@@ -6,11 +6,8 @@ use crate::BTreeMap;
 use ark_ff::{Field, PrimeField};
 use ark_poly::{EvaluationDomain, Evaluations as EvaluationsOnDomain, GeneralEvaluationDomain};
 use ark_relations::{lc, r1cs::ConstraintSystemRef};
-use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError};
-use ark_std::{
-    cfg_iter_mut,
-    io::{Read, Write},
-};
+use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+use ark_std::cfg_iter_mut;
 use derivative::Derivative;
 
 /* ************************************************************************* */
@@ -291,13 +288,18 @@ pub(crate) fn make_matrices_square_for_prover<F: PrimeField>(cs: ConstraintSyste
 
 #[cfg(test)]
 mod tests {
+    use crate::SimplePoseidonRng;
+
     use super::*;
+    use ark_crypto_primitives::sponge::CryptographicSponge;
     use ark_relations::r1cs::Matrix;
-    use ark_std::{collections::BTreeMap, UniformRand};
+    use ark_std::collections::BTreeMap;
 
     use ark_bls12_381::Fr as F;
     use ark_ff::{One, Zero};
     use ark_poly::EvaluationDomain;
+    use itertools::Itertools;
+    use rand_chacha::rand_core::RngCore;
 
     fn entry(matrix: &Matrix<F>, row: usize, col: usize) -> F {
         matrix[row]
@@ -372,10 +374,15 @@ mod tests {
             .zip(output_domain.batch_eval_unnormalized_bivariate_lagrange_poly_with_same_inputs())
             .collect();
 
-        let mut rng = ark_std::test_rng();
-        let eta_a = F::rand(&mut rng);
-        let eta_b = F::rand(&mut rng);
-        let eta_c = F::rand(&mut rng);
+        let mut rng_seed = ark_std::test_rng();
+        let mut rng: SimplePoseidonRng<F> = SimplePoseidonRng::default();
+        rng.absorb(&rng_seed.next_u64());
+        let (eta_a, eta_b, eta_c) = rng
+            .squeeze_field_elements(3)
+            .iter()
+            .map(|x: &F| x.to_owned())
+            .collect_tuple()
+            .unwrap();
         for (k_index, k) in interpolation_domain.elements().enumerate() {
             let row_val = joint_arith.row.evaluate(&k);
             let col_val = joint_arith.col.evaluate(&k);

src/ahp/indexer.rs

@@ -7,16 +7,13 @@ use crate::ahp::{
     AHPForR1CS, Error, LabeledPolynomial,
 };
 use crate::Vec;
-use ark_ff::PrimeField;
+use ark_ff::{Field, PrimeField};
 use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
 use ark_relations::r1cs::{
     ConstraintSynthesizer, ConstraintSystem, OptimizationGoal, SynthesisError, SynthesisMode,
 };
-use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError};
-use ark_std::{
-    io::{Read, Write},
-    marker::PhantomData,
-};
+use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+use ark_std::marker::PhantomData;
 use derivative::Derivative;
 
 use crate::ahp::constraint_systems::{
@@ -28,7 +25,7 @@ use crate::ahp::constraint_systems::{
 /// entries in any of the constraint matrices.
 #[derive(Derivative, CanonicalSerialize, CanonicalDeserialize)]
 #[derivative(Clone(bound = ""), Copy(bound = ""))]
-pub struct IndexInfo<F> {
+pub struct IndexInfo<F: Field> {
     /// The total number of variables in the constraint system.
     pub num_variables: usize,
     /// The number of constraints.
@@ -42,7 +39,7 @@ pub struct IndexInfo<F> {
     f: PhantomData<F>,
 }
 
-impl<F> IndexInfo<F> {
+impl<F: Field> IndexInfo<F> {
     /// Construct a new index info
     pub fn new(
         num_variables: usize,
@@ -60,14 +57,6 @@ impl<F> IndexInfo<F> {
     }
 }
 
-impl<F: PrimeField> ark_ff::ToBytes for IndexInfo<F> {
-    fn write<W: Write>(&self, mut w: W) -> ark_std::io::Result<()> {
-        (self.num_variables as u64).write(&mut w)?;
-        (self.num_constraints as u64).write(&mut w)?;
-        (self.num_non_zero as u64).write(&mut w)
-    }
-}
-
 impl<F: PrimeField> IndexInfo<F> {
     /// The maximum degree of polynomial required to represent this index in the
     /// the AHP.

src/ahp/mod.rs

@@ -334,7 +334,7 @@ mod tests {
     use ark_ff::{One, UniformRand, Zero};
     use ark_poly::{
         univariate::{DenseOrSparsePolynomial, DensePolynomial},
-        Polynomial, UVPolynomial,
+        DenseUVPolynomial, Polynomial,
     };
 
     #[test]
@@ -414,11 +414,7 @@ mod tests {
             divisor
                 .coeffs
                 .iter()
-                .filter_map(|f| if !f.is_zero() {
-                    Some(f.into_repr())
-                } else {
-                    None
-                })
+                .filter(|f| !f.is_zero())
                 .collect::<Vec<_>>()
         );
 
@@ -446,11 +442,7 @@ mod tests {
             quotient
                 .coeffs
                 .iter()
-                .filter_map(|f| if !f.is_zero() {
-                    Some(f.into_repr())
-                } else {
-                    None
-                })
+                .filter(|f| !f.is_zero())
                 .collect::<Vec<_>>()
         );