From a38eba049a1a110c336499130a200647c4066700 Mon Sep 17 00:00:00 2001 From: Nick Dimitriou Date: Fri, 20 Sep 2024 10:13:28 +0100 Subject: [PATCH] Updated from main --- folding-schemes/src/folding/mova/mod.rs | 21 ++++-- folding-schemes/src/folding/mova/nifs.rs | 34 +++++----- folding-schemes/src/folding/mova/traits.rs | 78 +++++++++++----------- 3 files changed, 69 insertions(+), 64 deletions(-) diff --git a/folding-schemes/src/folding/mova/mod.rs b/folding-schemes/src/folding/mova/mod.rs index 596b8bb8..42b4ddd2 100644 --- a/folding-schemes/src/folding/mova/mod.rs +++ b/folding-schemes/src/folding/mova/mod.rs @@ -4,13 +4,13 @@ use crate::utils::mle::dense_vec_to_dense_mle; use crate::utils::vec::is_zero_vec; use crate::Error; use ark_crypto_primitives::sponge::Absorb; -use ark_ec::{CurveGroup, Group}; +use ark_ec::CurveGroup; use ark_ff::PrimeField; use ark_poly::MultilinearExtension; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; -use ark_std::{log2, One, UniformRand, Zero}; use ark_std::rand::RngCore; +use ark_std::{log2, One, UniformRand, Zero}; /// Implements the scheme described in [Mova](https://eprint.iacr.org/2024/1220.pdf) mod nifs; @@ -40,10 +40,7 @@ pub struct InstanceWitness { pub w: Witness, } -impl Witness -where - ::ScalarField: Absorb, -{ +impl Witness { pub fn new(w: Vec, e_len: usize, mut rng: impl RngCore) -> Self { let rW = if H { C::ScalarField::rand(&mut rng) @@ -94,6 +91,18 @@ where } } +impl CommittedInstance { + pub fn dummy(io_len: usize) -> Self { + Self { + rE: vec![C::ScalarField::zero(); io_len], + mleE: C::ScalarField::zero(), + u: C::ScalarField::zero(), + cmW: C::zero(), + x: vec![C::ScalarField::zero(); io_len], + } + } +} + impl Absorb for CommittedInstance where C::ScalarField: Absorb, diff --git a/folding-schemes/src/folding/mova/nifs.rs b/folding-schemes/src/folding/mova/nifs.rs index b2db3fd0..85cb4e48 100644 --- a/folding-schemes/src/folding/mova/nifs.rs +++ b/folding-schemes/src/folding/mova/nifs.rs @@ -220,6 +220,12 @@ where #[cfg(test)] pub mod tests { + use crate::arith::r1cs::{ + tests::{get_test_r1cs, get_test_z}, + RelaxedR1CS, + }; + use crate::commitment::pedersen::{Params as PedersenParams, Pedersen}; + use crate::transcript::poseidon::poseidon_canonical_config; use ark_crypto_primitives::sponge::{ poseidon::{PoseidonConfig, PoseidonSponge}, CryptographicSponge, @@ -228,11 +234,6 @@ pub mod tests { use ark_pallas::{Fr, Projective}; use ark_std::{test_rng, UniformRand, Zero}; - use crate::arith::r1cs::tests::{get_test_r1cs, get_test_z}; - use crate::commitment::pedersen::{Params as PedersenParams, Pedersen}; - use crate::folding::mova::traits::MovaR1CS; - use crate::transcript::poseidon::poseidon_canonical_config; - use super::*; #[allow(clippy::type_complexity)] @@ -332,8 +333,8 @@ pub mod tests { let W_i = w_dummy.clone(); let U_i = u_dummy.clone(); - r1cs.check_relaxed_instance_relation(&w_i, &u_i).unwrap(); - r1cs.check_relaxed_instance_relation(&W_i, &U_i).unwrap(); + r1cs.check_relaxed_relation(&w_i, &u_i).unwrap(); + r1cs.check_relaxed_relation(&W_i, &U_i).unwrap(); let poseidon_config = poseidon_canonical_config::(); let mut transcript_p: PoseidonSponge = PoseidonSponge::::new(&poseidon_config); @@ -349,7 +350,7 @@ pub mod tests { .unwrap(); let (_proof, instance_witness) = result; - r1cs.check_relaxed_instance_relation(&instance_witness.w, &instance_witness.ci) + r1cs.check_relaxed_relation(&instance_witness.w, &instance_witness.ci) .unwrap(); } @@ -371,9 +372,9 @@ pub mod tests { assert_eq!(ci3, instance.ci); // check that relations hold for the 2 inputted instances and the folded one - r1cs.check_relaxed_instance_relation(&w1, &ci1).unwrap(); - r1cs.check_relaxed_instance_relation(&w2, &ci2).unwrap(); - r1cs.check_relaxed_instance_relation(&instance.w, &instance.ci) + r1cs.check_relaxed_relation(&w1, &ci1).unwrap(); + r1cs.check_relaxed_relation(&w2, &ci2).unwrap(); + r1cs.check_relaxed_relation(&instance.w, &instance.ci) .unwrap(); // check that folded commitments from folded instance (ci) are equal to folding the @@ -402,7 +403,7 @@ pub mod tests { .commit::>(&pedersen_params, x, rE) .unwrap(); - r1cs.check_relaxed_instance_relation(&running_instance_w, &running_committed_instance) + r1cs.check_relaxed_relation(&running_instance_w, &running_committed_instance) .unwrap(); let num_iters = 10; @@ -416,11 +417,8 @@ pub mod tests { let incoming_committed_instance = incoming_instance_w .commit::>(&pedersen_params, x, rE) .unwrap(); - r1cs.check_relaxed_instance_relation( - &incoming_instance_w, - &incoming_committed_instance, - ) - .unwrap(); + r1cs.check_relaxed_relation(&incoming_instance_w, &incoming_committed_instance) + .unwrap(); // NIFS.P let poseidon_config = poseidon_canonical_config::(); @@ -448,7 +446,7 @@ pub mod tests { ) .unwrap(); - r1cs.check_relaxed_instance_relation(&instance_witness.w, &instance_witness.ci) + r1cs.check_relaxed_relation(&instance_witness.w, &instance_witness.ci) .unwrap(); // set running_instance for next loop iteration diff --git a/folding-schemes/src/folding/mova/traits.rs b/folding-schemes/src/folding/mova/traits.rs index 939be1e7..bcd6f2d2 100644 --- a/folding-schemes/src/folding/mova/traits.rs +++ b/folding-schemes/src/folding/mova/traits.rs @@ -1,51 +1,49 @@ -use crate::arith::r1cs::R1CS; +use crate::arith::r1cs::{RelaxedR1CS, R1CS}; use crate::folding::mova::{CommittedInstance, Witness}; use crate::Error; -use ark_crypto_primitives::sponge::Absorb; -use ark_ec::{CurveGroup, Group}; +use ark_ec::CurveGroup; +use ark_std::{rand::RngCore, One, Zero}; -///MovaR1CS extends R1CS methods with Mova specific methods -pub trait MovaR1CS { - /// checks the R1CS relation (un-relaxed) for the given Witness and CommittedInstance. - fn check_instance_relation( - &self, - W: &Witness, - U: &CommittedInstance, - ) -> Result<(), Error>; +impl RelaxedR1CS, CommittedInstance> for R1CS { + fn dummy_running_instance(&self) -> (Witness, CommittedInstance) { + let w_len = self.A.n_cols - 1 - self.l; + let w_dummy = Witness::::dummy(w_len, self.A.n_rows); + let u_dummy = CommittedInstance::::dummy(self.l); + (w_dummy, u_dummy) + } - /// checks the Relaxed R1CS relation (corresponding to the current R1CS) for the given Witness - /// and CommittedInstance. - fn check_relaxed_instance_relation( - &self, - W: &Witness, - U: &CommittedInstance, - ) -> Result<(), Error>; -} + fn dummy_incoming_instance(&self) -> (Witness, CommittedInstance) { + self.dummy_running_instance() + } -impl MovaR1CS for R1CS -where - ::ScalarField: Absorb, - ::BaseField: ark_ff::PrimeField, -{ - fn check_instance_relation( - &self, - _W: &Witness, - _U: &CommittedInstance, - ) -> Result<(), Error> { - // This is never called - unimplemented!() + fn is_relaxed(_w: &Witness, u: &CommittedInstance) -> bool { + u.mleE != C::ScalarField::zero() || u.u != C::ScalarField::one() } - fn check_relaxed_instance_relation( - &self, - W: &Witness, - U: &CommittedInstance, + fn extract_z(w: &Witness, u: &CommittedInstance) -> Vec { + [&[u.u][..], &u.x, &w.W].concat() + } + + fn check_error_terms( + w: &Witness, + _u: &CommittedInstance, + e: Vec, ) -> Result<(), Error> { - let mut rel_r1cs = self.clone().relax(); - rel_r1cs.u = U.u; - rel_r1cs.E = W.E.clone(); + if w.E == e { + Ok(()) + } else { + Err(Error::NotSatisfied) + } + } - let Z: Vec = [vec![U.u], U.x.to_vec(), W.W.to_vec()].concat(); - rel_r1cs.check_relation(&Z) + fn sample( + &self, + _params: &CS::ProverParams, + _rng: impl RngCore, + ) -> Result<(Witness, CommittedInstance), Error> + where + CS: crate::commitment::CommitmentScheme, + { + unimplemented!() } }