Skip to content

Commit

Permalink
Updated from main
Browse files Browse the repository at this point in the history
  • Loading branch information
@NiDimi
NiDimi committed Sep 20, 2024
1 parent 4940b48 commit a38eba0
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 64 deletions.
21 changes: 15 additions & 6 deletions folding-schemes/src/folding/mova/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ use crate::utils::mle::dense_vec_to_dense_mle;
use crate::utils::vec::is_zero_vec;
use crate::Error;
use ark_crypto_primitives::sponge::Absorb;
use ark_ec::{CurveGroup, Group};
use ark_ec::CurveGroup;
use ark_ff::PrimeField;
use ark_poly::MultilinearExtension;
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use ark_std::{log2, One, UniformRand, Zero};
use ark_std::rand::RngCore;

use ark_std::{log2, One, UniformRand, Zero};

/// Implements the scheme described in [Mova](https://eprint.iacr.org/2024/1220.pdf)
mod nifs;
Expand Down Expand Up @@ -40,10 +40,7 @@ pub struct InstanceWitness<C: CurveGroup> {
pub w: Witness<C>,
}

impl<C: CurveGroup> Witness<C>
where
<C as Group>::ScalarField: Absorb,
{
impl<C: CurveGroup> Witness<C> {
pub fn new<const H: bool>(w: Vec<C::ScalarField>, e_len: usize, mut rng: impl RngCore) -> Self {
let rW = if H {
C::ScalarField::rand(&mut rng)
Expand Down Expand Up @@ -94,6 +91,18 @@ where
}
}

impl<C: CurveGroup> CommittedInstance<C> {
pub fn dummy(io_len: usize) -> Self {
Self {
rE: vec![C::ScalarField::zero(); io_len],
mleE: C::ScalarField::zero(),
u: C::ScalarField::zero(),
cmW: C::zero(),
x: vec![C::ScalarField::zero(); io_len],
}
}
}

impl<C: CurveGroup> Absorb for CommittedInstance<C>
where
C::ScalarField: Absorb,
Expand Down
34 changes: 16 additions & 18 deletions folding-schemes/src/folding/mova/nifs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,12 @@ where

#[cfg(test)]
pub mod tests {
use crate::arith::r1cs::{
tests::{get_test_r1cs, get_test_z},
RelaxedR1CS,
};
use crate::commitment::pedersen::{Params as PedersenParams, Pedersen};
use crate::transcript::poseidon::poseidon_canonical_config;
use ark_crypto_primitives::sponge::{
poseidon::{PoseidonConfig, PoseidonSponge},
CryptographicSponge,
Expand All @@ -228,11 +234,6 @@ pub mod tests {
use ark_pallas::{Fr, Projective};
use ark_std::{test_rng, UniformRand, Zero};

use crate::arith::r1cs::tests::{get_test_r1cs, get_test_z};
use crate::commitment::pedersen::{Params as PedersenParams, Pedersen};
use crate::folding::mova::traits::MovaR1CS;
use crate::transcript::poseidon::poseidon_canonical_config;

use super::*;

#[allow(clippy::type_complexity)]
Expand Down Expand Up @@ -332,8 +333,8 @@ pub mod tests {
let W_i = w_dummy.clone();
let U_i = u_dummy.clone();

r1cs.check_relaxed_instance_relation(&w_i, &u_i).unwrap();
r1cs.check_relaxed_instance_relation(&W_i, &U_i).unwrap();
r1cs.check_relaxed_relation(&w_i, &u_i).unwrap();
r1cs.check_relaxed_relation(&W_i, &U_i).unwrap();

let poseidon_config = poseidon_canonical_config::<ark_pallas::Fr>();
let mut transcript_p: PoseidonSponge<Fr> = PoseidonSponge::<Fr>::new(&poseidon_config);
Expand All @@ -349,7 +350,7 @@ pub mod tests {
.unwrap();

let (_proof, instance_witness) = result;
r1cs.check_relaxed_instance_relation(&instance_witness.w, &instance_witness.ci)
r1cs.check_relaxed_relation(&instance_witness.w, &instance_witness.ci)
.unwrap();
}

Expand All @@ -371,9 +372,9 @@ pub mod tests {
assert_eq!(ci3, instance.ci);

// check that relations hold for the 2 inputted instances and the folded one
r1cs.check_relaxed_instance_relation(&w1, &ci1).unwrap();
r1cs.check_relaxed_instance_relation(&w2, &ci2).unwrap();
r1cs.check_relaxed_instance_relation(&instance.w, &instance.ci)
r1cs.check_relaxed_relation(&w1, &ci1).unwrap();
r1cs.check_relaxed_relation(&w2, &ci2).unwrap();
r1cs.check_relaxed_relation(&instance.w, &instance.ci)
.unwrap();

// check that folded commitments from folded instance (ci) are equal to folding the
Expand Down Expand Up @@ -402,7 +403,7 @@ pub mod tests {
.commit::<Pedersen<Projective>>(&pedersen_params, x, rE)
.unwrap();

r1cs.check_relaxed_instance_relation(&running_instance_w, &running_committed_instance)
r1cs.check_relaxed_relation(&running_instance_w, &running_committed_instance)
.unwrap();

let num_iters = 10;
Expand All @@ -416,11 +417,8 @@ pub mod tests {
let incoming_committed_instance = incoming_instance_w
.commit::<Pedersen<Projective>>(&pedersen_params, x, rE)
.unwrap();
r1cs.check_relaxed_instance_relation(
&incoming_instance_w,
&incoming_committed_instance,
)
.unwrap();
r1cs.check_relaxed_relation(&incoming_instance_w, &incoming_committed_instance)
.unwrap();

// NIFS.P
let poseidon_config = poseidon_canonical_config::<Fr>();
Expand Down Expand Up @@ -448,7 +446,7 @@ pub mod tests {
)
.unwrap();

r1cs.check_relaxed_instance_relation(&instance_witness.w, &instance_witness.ci)
r1cs.check_relaxed_relation(&instance_witness.w, &instance_witness.ci)
.unwrap();

// set running_instance for next loop iteration
Expand Down
78 changes: 38 additions & 40 deletions folding-schemes/src/folding/mova/traits.rs
View file
Original file line number Diff line number Diff line change
@@ -1,51 +1,49 @@
use crate::arith::r1cs::R1CS;
use crate::arith::r1cs::{RelaxedR1CS, R1CS};
use crate::folding::mova::{CommittedInstance, Witness};
use crate::Error;
use ark_crypto_primitives::sponge::Absorb;
use ark_ec::{CurveGroup, Group};
use ark_ec::CurveGroup;
use ark_std::{rand::RngCore, One, Zero};

///MovaR1CS extends R1CS methods with Mova specific methods
pub trait MovaR1CS<C: CurveGroup> {
/// checks the R1CS relation (un-relaxed) for the given Witness and CommittedInstance.
fn check_instance_relation(
&self,
W: &Witness<C>,
U: &CommittedInstance<C>,
) -> Result<(), Error>;
impl<C: CurveGroup> RelaxedR1CS<C, Witness<C>, CommittedInstance<C>> for R1CS<C::ScalarField> {
fn dummy_running_instance(&self) -> (Witness<C>, CommittedInstance<C>) {
let w_len = self.A.n_cols - 1 - self.l;
let w_dummy = Witness::<C>::dummy(w_len, self.A.n_rows);
let u_dummy = CommittedInstance::<C>::dummy(self.l);
(w_dummy, u_dummy)
}

/// checks the Relaxed R1CS relation (corresponding to the current R1CS) for the given Witness
/// and CommittedInstance.
fn check_relaxed_instance_relation(
&self,
W: &Witness<C>,
U: &CommittedInstance<C>,
) -> Result<(), Error>;
}
fn dummy_incoming_instance(&self) -> (Witness<C>, CommittedInstance<C>) {
self.dummy_running_instance()
}

impl<C: CurveGroup> MovaR1CS<C> for R1CS<C::ScalarField>
where
<C as Group>::ScalarField: Absorb,
<C as CurveGroup>::BaseField: ark_ff::PrimeField,
{
fn check_instance_relation(
&self,
_W: &Witness<C>,
_U: &CommittedInstance<C>,
) -> Result<(), Error> {
// This is never called
unimplemented!()
fn is_relaxed(_w: &Witness<C>, u: &CommittedInstance<C>) -> bool {
u.mleE != C::ScalarField::zero() || u.u != C::ScalarField::one()
}

fn check_relaxed_instance_relation(
&self,
W: &Witness<C>,
U: &CommittedInstance<C>,
fn extract_z(w: &Witness<C>, u: &CommittedInstance<C>) -> Vec<C::ScalarField> {
[&[u.u][..], &u.x, &w.W].concat()
}

fn check_error_terms(
w: &Witness<C>,
_u: &CommittedInstance<C>,
e: Vec<C::ScalarField>,
) -> Result<(), Error> {
let mut rel_r1cs = self.clone().relax();
rel_r1cs.u = U.u;
rel_r1cs.E = W.E.clone();
if w.E == e {
Ok(())
} else {
Err(Error::NotSatisfied)
}
}

let Z: Vec<C::ScalarField> = [vec![U.u], U.x.to_vec(), W.W.to_vec()].concat();
rel_r1cs.check_relation(&Z)
fn sample<CS>(
&self,
_params: &CS::ProverParams,
_rng: impl RngCore,
) -> Result<(Witness<C>, CommittedInstance<C>), Error>
where
CS: crate::commitment::CommitmentScheme<C, true>,
{
unimplemented!()
}
}

0 comments on commit a38eba0

Please sign in to comment.