From ed2d55e6ff1b2f2b9fb693fda07caeb32cf817e6 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 28 Dec 2023 13:14:08 -0500 Subject: [PATCH] Rename `NonNativeFieldVar` -> `EmulatedFpVar` (#135) --- CHANGELOG.md | 17 + Cargo.toml | 2 +- benches/bench.rs | 78 ++-- .../allocated_field_var.rs | 350 +++++++++--------- .../allocated_mul_result.rs | 118 +++--- .../{nonnative => emulated_fp}/field_var.rs | 225 +++++------ src/fields/{nonnative => emulated_fp}/mod.rs | 36 +- src/fields/emulated_fp/mul_result.rs | 73 ++++ .../{nonnative => emulated_fp}/params.rs | 2 +- .../{nonnative => emulated_fp}/reduce.rs | 129 +++---- src/fields/mod.rs | 4 +- src/fields/nonnative/mul_result.rs | 79 ---- src/groups/curves/short_weierstrass/mod.rs | 12 +- src/groups/curves/twisted_edwards/mod.rs | 8 +- src/groups/mod.rs | 8 +- tests/arithmetic_tests.rs | 256 +++++++------ tests/from_test.rs | 6 +- tests/to_constraint_field_test.rs | 6 +- 18 files changed, 669 insertions(+), 740 deletions(-) rename src/fields/{nonnative => emulated_fp}/allocated_field_var.rs (69%) rename src/fields/{nonnative => emulated_fp}/allocated_mul_result.rs (66%) rename src/fields/{nonnative => emulated_fp}/field_var.rs (58%) rename src/fields/{nonnative => emulated_fp}/mod.rs (82%) create mode 100644 src/fields/emulated_fp/mul_result.rs rename src/fields/{nonnative => emulated_fp}/params.rs (98%) rename src/fields/{nonnative => emulated_fp}/reduce.rs (66%) delete mode 100644 src/fields/nonnative/mul_result.rs diff --git a/CHANGELOG.md b/CHANGELOG.md index b9d5cf67..a31ffb83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,23 @@ # CHANGELOG ## Pending + +### Breaking changes + +- [\#134](https://github.com/arkworks-rs/r1cs-std/pull/134) Add `Mul` bounds and impls for `CurveVar`. +- [\#135](https://github.com/arkworks-rs/r1cs-std/pull/135) + - Rename `NonNativeFieldVar` to `EmulatedFpVar`. + - Rename `fields::nonnative` to `fields::emulated_fp`. + - Rename `fields::nonnative::{Allocated}NonNativeMulResultVar` to `fields::emulated_fp::{Allocated}MulResultVar`. + +### Features + +### Improvements + +### Bug Fixes + +## 0.4.0 + - [\#117](https://github.com/arkworks-rs/r1cs-std/pull/117) Fix result of `precomputed_base_scalar_mul_le` to not discard previous value. - [\#124](https://github.com/arkworks-rs/r1cs-std/pull/124) Fix `scalar_mul_le` constraints unsatisfiability when short Weierstrass point is zero. - [\#127](https://github.com/arkworks-rs/r1cs-std/pull/127) Convert `NonNativeFieldVar` constants to little-endian bytes instead of big-endian (`ToBytesGadget`). diff --git a/Cargo.toml b/Cargo.toml index ec426708..6f69d8dc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -44,7 +44,7 @@ std = [ "ark-ff/std", "ark-relations/std", "ark-std/std", "num-bigint/std" ] parallel = [ "std", "ark-ff/parallel", "ark-std/parallel"] [[bench]] -name = "nonnative-bench" +name = "emulated-bench" path = "benches/bench.rs" harness = false diff --git a/benches/bench.rs b/benches/bench.rs index 1a14d1f4..d9fff676 100644 --- a/benches/bench.rs +++ b/benches/bench.rs @@ -2,7 +2,7 @@ use ark_ff::PrimeField; use ark_r1cs_std::{ alloc::AllocVar, eq::EqGadget, - fields::{nonnative::NonNativeFieldVar, FieldVar}, + fields::{emulated_fp::EmulatedFpVar, FieldVar}, }; use ark_relations::{ ns, @@ -26,20 +26,18 @@ fn get_density(cs: &ConstraintSystemRef) -> us } } -fn allocation( +fn allocation( cs: ConstraintSystemRef, rng: &mut R, ) -> (usize, usize) { - let a_native = TargetField::rand(rng); + let a_native = TargetF::rand(rng); let constraints_before = cs.num_constraints(); let nonzeros_before = get_density(&cs); // There will be a check that ensures it has the reasonable number of bits - let _ = NonNativeFieldVar::::new_witness(ns!(cs, "alloc a"), || { - Ok(a_native) - }) - .unwrap(); + let _ = EmulatedFpVar::::new_witness(ns!(cs, "alloc a"), || Ok(a_native)) + .unwrap(); let constraints_after = cs.num_constraints(); let nonzeros_after = get_density(&cs); @@ -50,21 +48,17 @@ fn allocation( ); } -fn addition( +fn addition( cs: ConstraintSystemRef, rng: &mut R, ) -> (usize, usize) { - let a_native = TargetField::rand(rng); - let a = NonNativeFieldVar::::new_witness(ns!(cs, "alloc a"), || { - Ok(a_native) - }) - .unwrap(); - - let b_native = TargetField::rand(rng); - let b = NonNativeFieldVar::::new_witness(ns!(cs, "alloc b"), || { - Ok(b_native) - }) - .unwrap(); + let a_native = TargetF::rand(rng); + let a = EmulatedFpVar::::new_witness(ns!(cs, "alloc a"), || Ok(a_native)) + .unwrap(); + + let b_native = TargetF::rand(rng); + let b = EmulatedFpVar::::new_witness(ns!(cs, "alloc b"), || Ok(b_native)) + .unwrap(); let constraints_before = cs.num_constraints(); let nonzeros_before = get_density(&cs); @@ -80,19 +74,15 @@ fn addition( ); } -fn equality( +fn equality( cs: ConstraintSystemRef, rng: &mut R, ) -> (usize, usize) { - let a_native = TargetField::rand(rng); - let a1 = NonNativeFieldVar::::new_witness(ns!(cs, "alloc a1"), || { - Ok(a_native) - }) - .unwrap(); - let a2 = NonNativeFieldVar::::new_witness(ns!(cs, "alloc a2"), || { - Ok(a_native) - }) - .unwrap(); + let a_native = TargetF::rand(rng); + let a1 = EmulatedFpVar::::new_witness(ns!(cs, "alloc a1"), || Ok(a_native)) + .unwrap(); + let a2 = EmulatedFpVar::::new_witness(ns!(cs, "alloc a2"), || Ok(a_native)) + .unwrap(); let constraints_before = cs.num_constraints(); let nonzeros_before = get_density(&cs); @@ -108,21 +98,17 @@ fn equality( ); } -fn multiplication( +fn multiplication( cs: ConstraintSystemRef, rng: &mut R, ) -> (usize, usize) { - let a_native = TargetField::rand(rng); - let a = NonNativeFieldVar::::new_witness(ns!(cs, "initial a"), || { - Ok(a_native) - }) - .unwrap(); - - let b_native = TargetField::rand(rng); - let b = NonNativeFieldVar::::new_witness(ns!(cs, "initial b"), || { - Ok(b_native) - }) - .unwrap(); + let a_native = TargetF::rand(rng); + let a = EmulatedFpVar::::new_witness(ns!(cs, "initial a"), || Ok(a_native)) + .unwrap(); + + let b_native = TargetF::rand(rng); + let b = EmulatedFpVar::::new_witness(ns!(cs, "initial b"), || Ok(b_native)) + .unwrap(); let constraints_before = cs.num_constraints(); let nonzeros_before = get_density(&cs); @@ -138,15 +124,13 @@ fn multiplication( ); } -fn inverse( +fn inverse( cs: ConstraintSystemRef, rng: &mut R, ) -> (usize, usize) { - let num_native = TargetField::rand(rng); - let num = NonNativeFieldVar::::new_witness(ns!(cs, "alloc"), || { - Ok(num_native) - }) - .unwrap(); + let num_native = TargetF::rand(rng); + let num = EmulatedFpVar::::new_witness(ns!(cs, "alloc"), || Ok(num_native)) + .unwrap(); let constraints_before = cs.num_constraints(); let nonzeros_before = get_density(&cs); diff --git a/src/fields/nonnative/allocated_field_var.rs b/src/fields/emulated_fp/allocated_field_var.rs similarity index 69% rename from src/fields/nonnative/allocated_field_var.rs rename to src/fields/emulated_fp/allocated_field_var.rs index ee4e2439..6679425d 100644 --- a/src/fields/nonnative/allocated_field_var.rs +++ b/src/fields/emulated_fp/allocated_field_var.rs @@ -1,7 +1,7 @@ use super::{ params::{get_params, OptimizationType}, reduce::{bigint_to_basefield, limbs_to_bigint, Reducer}, - AllocatedNonNativeFieldMulResultVar, + AllocatedMulResultVar, }; use crate::{fields::fp::FpVar, prelude::*, ToConstraintFieldGadget}; use ark_ff::{BigInteger, PrimeField}; @@ -19,58 +19,53 @@ use ark_std::{ vec::Vec, }; -/// The allocated version of `NonNativeFieldVar` (introduced below) +/// The allocated version of `EmulatedFpVar` (introduced below) #[derive(Debug)] #[must_use] -pub struct AllocatedNonNativeFieldVar { +pub struct AllocatedEmulatedFpVar { /// Constraint system reference - pub cs: ConstraintSystemRef, - /// The limbs, each of which is a BaseField gadget. - pub limbs: Vec>, + pub cs: ConstraintSystemRef, + /// The limbs, each of which is a BaseF gadget. + pub limbs: Vec>, /// Number of additions done over this gadget, using which the gadget /// decides when to reduce. - pub num_of_additions_over_normal_form: BaseField, + pub num_of_additions_over_normal_form: BaseF, /// Whether the limb representation is the normal form (using only the bits /// specified in the parameters, and the representation is strictly within - /// the range of TargetField). + /// the range of TargetF). pub is_in_the_normal_form: bool, #[doc(hidden)] - pub target_phantom: PhantomData, + pub target_phantom: PhantomData, } -impl - AllocatedNonNativeFieldVar -{ +impl AllocatedEmulatedFpVar { /// Return cs - pub fn cs(&self) -> ConstraintSystemRef { + pub fn cs(&self) -> ConstraintSystemRef { self.cs.clone() } /// Obtain the value of limbs - pub fn limbs_to_value( - limbs: Vec, - optimization_type: OptimizationType, - ) -> TargetField { + pub fn limbs_to_value(limbs: Vec, optimization_type: OptimizationType) -> TargetF { let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, optimization_type, ); - // Convert 2^{(params.bits_per_limb - 1)} into the TargetField and then double + // Convert 2^{(params.bits_per_limb - 1)} into the TargetF and then double // the base This is because 2^{(params.bits_per_limb)} might indeed be // larger than the target field's prime. - let base_repr = TargetField::ONE.into_bigint() << (params.bits_per_limb - 1) as u32; + let base_repr = TargetF::ONE.into_bigint() << (params.bits_per_limb - 1) as u32; - let mut base = TargetField::from_bigint(base_repr).unwrap(); + let mut base = TargetF::from_bigint(base_repr).unwrap(); base.double_in_place(); - let mut result = TargetField::zero(); - let mut power = TargetField::one(); + let mut result = TargetF::zero(); + let mut power = TargetF::one(); for limb in limbs.iter().rev() { - let mut val = TargetField::zero(); - let mut cur = TargetField::one(); + let mut val = TargetF::zero(); + let mut cur = TargetF::one(); for bit in limb.into_bigint().to_bits_be().iter().rev() { if *bit { @@ -86,8 +81,8 @@ impl result } - /// Obtain the value of a nonnative field element - pub fn value(&self) -> R1CSResult { + /// Obtain the value of a emulated field element + pub fn value(&self) -> R1CSResult { let mut limbs = Vec::new(); for limb in self.limbs.iter() { limbs.push(limb.value()?); @@ -96,8 +91,8 @@ impl Ok(Self::limbs_to_value(limbs, self.get_optimization_type())) } - /// Obtain the nonnative field element of a constant value - pub fn constant(cs: ConstraintSystemRef, value: TargetField) -> R1CSResult { + /// Obtain the emulated field element of a constant value + pub fn constant(cs: ConstraintSystemRef, value: TargetF) -> R1CSResult { let optimization_type = match cs.optimization_goal() { OptimizationGoal::None => OptimizationType::Constraints, OptimizationGoal::Constraints => OptimizationType::Constraints, @@ -109,32 +104,29 @@ impl let mut limbs = Vec::new(); for limb_value in limbs_value.iter() { - limbs.push(FpVar::::new_constant( - ns!(cs, "limb"), - limb_value, - )?); + limbs.push(FpVar::::new_constant(ns!(cs, "limb"), limb_value)?); } Ok(Self { cs, limbs, - num_of_additions_over_normal_form: BaseField::zero(), + num_of_additions_over_normal_form: BaseF::zero(), is_in_the_normal_form: true, target_phantom: PhantomData, }) } - /// Obtain the nonnative field element of one - pub fn one(cs: ConstraintSystemRef) -> R1CSResult { - Self::constant(cs, TargetField::one()) + /// Obtain the emulated field element of one + pub fn one(cs: ConstraintSystemRef) -> R1CSResult { + Self::constant(cs, TargetF::one()) } - /// Obtain the nonnative field element of zero - pub fn zero(cs: ConstraintSystemRef) -> R1CSResult { - Self::constant(cs, TargetField::zero()) + /// Obtain the emulated field element of zero + pub fn zero(cs: ConstraintSystemRef) -> R1CSResult { + Self::constant(cs, TargetF::zero()) } - /// Add a nonnative field element + /// Add a emulated field element #[tracing::instrument(target = "r1cs")] pub fn add(&self, other: &Self) -> R1CSResult { assert_eq!(self.get_optimization_type(), other.get_optimization_type()); @@ -150,18 +142,18 @@ impl num_of_additions_over_normal_form: self .num_of_additions_over_normal_form .add(&other.num_of_additions_over_normal_form) - .add(&BaseField::one()), + .add(&BaseF::one()), is_in_the_normal_form: false, target_phantom: PhantomData, }; - Reducer::::post_add_reduce(&mut res)?; + Reducer::::post_add_reduce(&mut res)?; Ok(res) } /// Add a constant #[tracing::instrument(target = "r1cs")] - pub fn add_constant(&self, other: &TargetField) -> R1CSResult { + pub fn add_constant(&self, other: &TargetF) -> R1CSResult { let other_limbs = Self::get_limbs_representations(other, self.get_optimization_type())?; let mut limbs = Vec::new(); @@ -174,50 +166,50 @@ impl limbs, num_of_additions_over_normal_form: self .num_of_additions_over_normal_form - .add(&BaseField::one()), + .add(&BaseF::one()), is_in_the_normal_form: false, target_phantom: PhantomData, }; - Reducer::::post_add_reduce(&mut res)?; + Reducer::::post_add_reduce(&mut res)?; Ok(res) } - /// Subtract a nonnative field element, without the final reduction step + /// Subtract a emulated field element, without the final reduction step #[tracing::instrument(target = "r1cs")] pub fn sub_without_reduce(&self, other: &Self) -> R1CSResult { assert_eq!(self.get_optimization_type(), other.get_optimization_type()); let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, self.get_optimization_type(), ); // Step 1: reduce the `other` if needed - let mut surfeit = overhead!(other.num_of_additions_over_normal_form + BaseField::one()) + 1; + let mut surfeit = overhead!(other.num_of_additions_over_normal_form + BaseF::one()) + 1; let mut other = other.clone(); - if (surfeit + params.bits_per_limb > BaseField::MODULUS_BIT_SIZE as usize - 1) + if (surfeit + params.bits_per_limb > BaseF::MODULUS_BIT_SIZE as usize - 1) || (surfeit - + (TargetField::MODULUS_BIT_SIZE as usize + + (TargetF::MODULUS_BIT_SIZE as usize - params.bits_per_limb * (params.num_limbs - 1)) - > BaseField::MODULUS_BIT_SIZE as usize - 1) + > BaseF::MODULUS_BIT_SIZE as usize - 1) { Reducer::reduce(&mut other)?; - surfeit = overhead!(other.num_of_additions_over_normal_form + BaseField::ONE) + 1; + surfeit = overhead!(other.num_of_additions_over_normal_form + BaseF::ONE) + 1; } // Step 2: construct the padding - let mut pad_non_top_limb = BaseField::ONE.into_bigint(); + let mut pad_non_top_limb = BaseF::ONE.into_bigint(); let mut pad_top_limb = pad_non_top_limb; pad_non_top_limb <<= (surfeit + params.bits_per_limb) as u32; - let pad_non_top_limb = BaseField::from_bigint(pad_non_top_limb).unwrap(); + let pad_non_top_limb = BaseF::from_bigint(pad_non_top_limb).unwrap(); - pad_top_limb <<= (surfeit + TargetField::MODULUS_BIT_SIZE as usize + pad_top_limb <<= (surfeit + TargetF::MODULUS_BIT_SIZE as usize - params.bits_per_limb * (params.num_limbs - 1)) as u32; - let pad_top_limb = BaseField::from_bigint(pad_top_limb).unwrap(); + let pad_top_limb = BaseF::from_bigint(pad_top_limb).unwrap(); let mut pad_limbs = Vec::with_capacity(self.limbs.len()); pad_limbs.push(pad_top_limb); @@ -246,12 +238,12 @@ impl } } - let result = AllocatedNonNativeFieldVar:: { + let result = AllocatedEmulatedFpVar:: { cs: self.cs(), limbs, num_of_additions_over_normal_form: self.num_of_additions_over_normal_form - + (other.num_of_additions_over_normal_form + BaseField::one()) - + (other.num_of_additions_over_normal_form + BaseField::one()), + + (other.num_of_additions_over_normal_form + BaseF::one()) + + (other.num_of_additions_over_normal_form + BaseF::one()), is_in_the_normal_form: false, target_phantom: PhantomData, }; @@ -259,23 +251,23 @@ impl Ok(result) } - /// Subtract a nonnative field element + /// Subtract a emulated field element #[tracing::instrument(target = "r1cs")] pub fn sub(&self, other: &Self) -> R1CSResult { assert_eq!(self.get_optimization_type(), other.get_optimization_type()); let mut result = self.sub_without_reduce(other)?; - Reducer::::post_add_reduce(&mut result)?; + Reducer::::post_add_reduce(&mut result)?; Ok(result) } /// Subtract a constant #[tracing::instrument(target = "r1cs")] - pub fn sub_constant(&self, other: &TargetField) -> R1CSResult { + pub fn sub_constant(&self, other: &TargetF) -> R1CSResult { self.sub(&Self::constant(self.cs(), *other)?) } - /// Multiply a nonnative field element + /// Multiply a emulated field element #[tracing::instrument(target = "r1cs")] pub fn mul(&self, other: &Self) -> R1CSResult { assert_eq!(self.get_optimization_type(), other.get_optimization_type()); @@ -284,21 +276,21 @@ impl } /// Multiply a constant - pub fn mul_constant(&self, other: &TargetField) -> R1CSResult { + pub fn mul_constant(&self, other: &TargetF) -> R1CSResult { self.mul(&Self::constant(self.cs(), *other)?) } - /// Compute the negate of a nonnative field element + /// Compute the negate of a emulated field element #[tracing::instrument(target = "r1cs")] pub fn negate(&self) -> R1CSResult { Self::zero(self.cs())?.sub(self) } - /// Compute the inverse of a nonnative field element + /// Compute the inverse of a emulated field element #[tracing::instrument(target = "r1cs")] pub fn inverse(&self) -> R1CSResult { let inverse = Self::new_witness(self.cs(), || { - Ok(self.value()?.inverse().unwrap_or_else(TargetField::zero)) + Ok(self.value()?.inverse().unwrap_or_else(TargetF::zero)) })?; let actual_result = self.clone().mul(&inverse)?; @@ -306,36 +298,36 @@ impl Ok(inverse) } - /// Convert a `TargetField` element into limbs (not constraints) + /// Convert a `TargetF` element into limbs (not constraints) /// This is an internal function that would be reused by a number of other /// functions pub fn get_limbs_representations( - elem: &TargetField, + elem: &TargetF, optimization_type: OptimizationType, - ) -> R1CSResult> { + ) -> R1CSResult> { Self::get_limbs_representations_from_big_integer(&elem.into_bigint(), optimization_type) } /// Obtain the limbs directly from a big int pub fn get_limbs_representations_from_big_integer( - elem: &::BigInt, + elem: &::BigInt, optimization_type: OptimizationType, - ) -> R1CSResult> { + ) -> R1CSResult> { let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, optimization_type, ); // push the lower limbs first - let mut limbs: Vec = Vec::new(); + let mut limbs: Vec = Vec::new(); let mut cur = *elem; for _ in 0..params.num_limbs { let cur_bits = cur.to_bits_be(); // `to_bits` is big endian - let cur_mod_r = ::BigInt::from_bits_be( + let cur_mod_r = ::BigInt::from_bits_be( &cur_bits[cur_bits.len() - params.bits_per_limb..], ); // therefore, the lowest `bits_per_non_top_limb` bits is what we want. - limbs.push(BaseField::from_bigint(cur_mod_r).unwrap()); + limbs.push(BaseF::from_bigint(cur_mod_r).unwrap()); cur >>= params.bits_per_limb as u32; } @@ -348,28 +340,28 @@ impl /// for advanced use, multiply and output the intermediate representations /// (without reduction) This intermediate representations can be added /// with each other, and they can later be reduced back to the - /// `NonNativeFieldVar`. + /// `EmulatedFpVar`. #[tracing::instrument(target = "r1cs")] pub fn mul_without_reduce( &self, other: &Self, - ) -> R1CSResult> { + ) -> R1CSResult> { assert_eq!(self.get_optimization_type(), other.get_optimization_type()); let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, self.get_optimization_type(), ); // Step 1: reduce `self` and `other` if neceessary let mut self_reduced = self.clone(); let mut other_reduced = other.clone(); - Reducer::::pre_mul_reduce(&mut self_reduced, &mut other_reduced)?; + Reducer::::pre_mul_reduce(&mut self_reduced, &mut other_reduced)?; let mut prod_limbs = Vec::new(); if self.get_optimization_type() == OptimizationType::Weight { - let zero = FpVar::::zero(); + let zero = FpVar::::zero(); for _ in 0..2 * params.num_limbs - 1 { prod_limbs.push(zero.clone()); @@ -386,7 +378,7 @@ impl for z_index in 0..2 * params.num_limbs - 1 { prod_limbs.push(FpVar::new_witness(ns!(cs, "limb product"), || { - let mut z_i = BaseField::zero(); + let mut z_i = BaseF::zero(); for i in 0..=min(params.num_limbs - 1, z_index) { let j = z_index - i; if j < params.num_limbs { @@ -402,7 +394,7 @@ impl for c in 0..(2 * params.num_limbs - 1) { let c_pows: Vec<_> = (0..(2 * params.num_limbs - 1)) - .map(|i| BaseField::from((c + 1) as u128).pow(&vec![i as u64])) + .map(|i| BaseF::from((c + 1) as u128).pow(&vec![i as u64])) .collect(); let x = self_reduced @@ -429,12 +421,12 @@ impl } } - Ok(AllocatedNonNativeFieldMulResultVar { + Ok(AllocatedMulResultVar { cs: self.cs(), limbs: prod_limbs, prod_of_num_of_additions: (self_reduced.num_of_additions_over_normal_form - + BaseField::one()) - * (other_reduced.num_of_additions_over_normal_form + BaseField::one()), + + BaseF::one()) + * (other_reduced.num_of_additions_over_normal_form + BaseF::one()), target_phantom: PhantomData, }) } @@ -446,32 +438,32 @@ impl pub(crate) fn conditional_enforce_equal( &self, other: &Self, - should_enforce: &Boolean, + should_enforce: &Boolean, ) -> R1CSResult<()> { assert_eq!(self.get_optimization_type(), other.get_optimization_type()); let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, self.get_optimization_type(), ); // Get p let p_representations = - AllocatedNonNativeFieldVar::::get_limbs_representations_from_big_integer( - &::MODULUS, - self.get_optimization_type() + AllocatedEmulatedFpVar::::get_limbs_representations_from_big_integer( + &::MODULUS, + self.get_optimization_type(), )?; let p_bigint = limbs_to_bigint(params.bits_per_limb, &p_representations); let mut p_gadget_limbs = Vec::new(); for limb in p_representations.iter() { - p_gadget_limbs.push(FpVar::::Constant(*limb)); + p_gadget_limbs.push(FpVar::::Constant(*limb)); } - let p_gadget = AllocatedNonNativeFieldVar:: { + let p_gadget = AllocatedEmulatedFpVar:: { cs: self.cs(), limbs: p_gadget_limbs, - num_of_additions_over_normal_form: BaseField::one(), + num_of_additions_over_normal_form: BaseF::one(), is_in_the_normal_form: false, target_phantom: PhantomData, }; @@ -482,19 +474,19 @@ impl delta = should_enforce.select(&delta, &Self::zero(cs.clone())?)?; // Allocate k = delta / p - let k_gadget = FpVar::::new_witness(ns!(cs, "k"), || { - let mut delta_limbs_values = Vec::::new(); + let k_gadget = FpVar::::new_witness(ns!(cs, "k"), || { + let mut delta_limbs_values = Vec::::new(); for limb in delta.limbs.iter() { delta_limbs_values.push(limb.value()?); } let delta_bigint = limbs_to_bigint(params.bits_per_limb, &delta_limbs_values); - Ok(bigint_to_basefield::(&(delta_bigint / p_bigint))) + Ok(bigint_to_basefield::(&(delta_bigint / p_bigint))) })?; - let surfeit = overhead!(delta.num_of_additions_over_normal_form + BaseField::one()) + 1; - Reducer::::limb_to_bits(&k_gadget, surfeit)?; + let surfeit = overhead!(delta.num_of_additions_over_normal_form + BaseF::one()) + 1; + Reducer::::limb_to_bits(&k_gadget, surfeit)?; // Compute k * p let mut kp_gadget_limbs = Vec::new(); @@ -503,7 +495,7 @@ impl } // Enforce delta = kp - Reducer::::group_and_check_equality( + Reducer::::group_and_check_equality( surfeit, params.bits_per_limb, params.bits_per_limb, @@ -518,7 +510,7 @@ impl pub(crate) fn conditional_enforce_not_equal( &self, other: &Self, - should_enforce: &Boolean, + should_enforce: &Boolean, ) -> R1CSResult<()> { assert_eq!(self.get_optimization_type(), other.get_optimization_type()); @@ -541,8 +533,8 @@ impl /// Allocates a new variable, but does not check that the allocation's limbs /// are in-range. - fn new_variable_unchecked>( - cs: impl Into>, + fn new_variable_unchecked>( + cs: impl Into>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> R1CSResult { @@ -555,7 +547,7 @@ impl OptimizationGoal::Weight => OptimizationType::Weight, }; - let zero = TargetField::zero(); + let zero = TargetF::zero(); let elem = match f() { Ok(t) => *(t.borrow()), @@ -565,7 +557,7 @@ impl let mut limbs = Vec::new(); for limb in elem_representations.iter() { - limbs.push(FpVar::::new_variable( + limbs.push(FpVar::::new_variable( ark_relations::ns!(cs, "alloc"), || Ok(limb), mode, @@ -573,9 +565,9 @@ impl } let num_of_additions_over_normal_form = if mode != AllocationMode::Witness { - BaseField::zero() + BaseF::zero() } else { - BaseField::one() + BaseF::one() }; Ok(Self { @@ -591,10 +583,7 @@ impl /// the whole number is less than the modulus. /// /// Returns the bits of the element, in little-endian form - fn enforce_in_range( - &self, - cs: impl Into>, - ) -> R1CSResult>> { + fn enforce_in_range(&self, cs: impl Into>) -> R1CSResult>> { let ns = cs.into(); let cs = ns.cs(); let optimization_type = match cs.optimization_goal() { @@ -603,24 +592,23 @@ impl OptimizationGoal::Weight => OptimizationType::Weight, }; let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, optimization_type, ); let mut bits = Vec::new(); for limb in self.limbs.iter().rev().take(params.num_limbs - 1) { bits.extend( - Reducer::::limb_to_bits(limb, params.bits_per_limb)? + Reducer::::limb_to_bits(limb, params.bits_per_limb)? .into_iter() .rev(), ); } bits.extend( - Reducer::::limb_to_bits( + Reducer::::limb_to_bits( &self.limbs[0], - TargetField::MODULUS_BIT_SIZE as usize - - (params.num_limbs - 1) * params.bits_per_limb, + TargetF::MODULUS_BIT_SIZE as usize - (params.num_limbs - 1) * params.bits_per_limb, )? .into_iter() .rev(), @@ -633,10 +621,10 @@ impl /// and returns the bits of its binary representation. /// The bits are in little-endian (i.e., the bit at index 0 is the LSB) and the /// bit-vector is empty in non-witness allocation modes. - pub fn new_witness_with_le_bits>( - cs: impl Into>, + pub fn new_witness_with_le_bits>( + cs: impl Into>, f: impl FnOnce() -> Result, - ) -> R1CSResult<(Self, Vec>)> { + ) -> R1CSResult<(Self, Vec>)> { let ns = cs.into(); let cs = ns.cs(); let this = Self::new_variable_unchecked(ns!(cs, "alloc"), f, AllocationMode::Witness)?; @@ -645,36 +633,36 @@ impl } } -impl ToBitsGadget - for AllocatedNonNativeFieldVar +impl ToBitsGadget + for AllocatedEmulatedFpVar { #[tracing::instrument(target = "r1cs")] - fn to_bits_le(&self) -> R1CSResult>> { + fn to_bits_le(&self) -> R1CSResult>> { let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, self.get_optimization_type(), ); // Reduce to the normal form // Though, a malicious prover can make it slightly larger than p let mut self_normal = self.clone(); - Reducer::::pre_eq_reduce(&mut self_normal)?; + Reducer::::pre_eq_reduce(&mut self_normal)?; // Therefore, we convert it to bits and enforce that it is in the field - let mut bits = Vec::>::new(); + let mut bits = Vec::>::new(); for limb in self_normal.limbs.iter() { - bits.extend_from_slice(&Reducer::::limb_to_bits( + bits.extend_from_slice(&Reducer::::limb_to_bits( &limb, params.bits_per_limb, )?); } bits.reverse(); - let mut b = TargetField::characteristic().to_vec(); + let mut b = TargetF::characteristic().to_vec(); assert_eq!(b[0] % 2, 1); b[0] -= 1; // This works, because the LSB is one, so there's no borrows. - let run = Boolean::::enforce_smaller_or_equal_than_le(&bits, b)?; + let run = Boolean::::enforce_smaller_or_equal_than_le(&bits, b)?; // We should always end in a "run" of zeros, because // the characteristic is an odd prime. So, this should @@ -685,14 +673,14 @@ impl ToBitsGadget } } -impl ToBytesGadget - for AllocatedNonNativeFieldVar +impl ToBytesGadget + for AllocatedEmulatedFpVar { #[tracing::instrument(target = "r1cs")] - fn to_bytes(&self) -> R1CSResult>> { + fn to_bytes(&self) -> R1CSResult>> { let mut bits = self.to_bits_le()?; - let num_bits = TargetField::BigInt::NUM_LIMBS * 64; + let num_bits = TargetF::BigInt::NUM_LIMBS * 64; assert!(bits.len() <= num_bits); bits.resize_with(num_bits, || Boolean::constant(false)); @@ -701,12 +689,12 @@ impl ToBytesGadget } } -impl CondSelectGadget - for AllocatedNonNativeFieldVar +impl CondSelectGadget + for AllocatedEmulatedFpVar { #[tracing::instrument(target = "r1cs")] fn conditionally_select( - cond: &Boolean, + cond: &Boolean, true_value: &Self, false_value: &Self, ) -> R1CSResult { @@ -718,7 +706,7 @@ impl CondSelectGadget let mut limbs_sel = Vec::with_capacity(true_value.limbs.len()); for (x, y) in true_value.limbs.iter().zip(&false_value.limbs) { - limbs_sel.push(FpVar::::conditionally_select(cond, x, y)?); + limbs_sel.push(FpVar::::conditionally_select(cond, x, y)?); } Ok(Self { @@ -735,14 +723,14 @@ impl CondSelectGadget } } -impl TwoBitLookupGadget - for AllocatedNonNativeFieldVar +impl TwoBitLookupGadget + for AllocatedEmulatedFpVar { - type TableConstant = TargetField; + type TableConstant = TargetF; #[tracing::instrument(target = "r1cs")] fn two_bit_lookup( - bits: &[Boolean], + bits: &[Boolean], constants: &[Self::TableConstant], ) -> R1CSResult { debug_assert!(bits.len() == 2); @@ -757,8 +745,8 @@ impl TwoBitLookupGadget TwoBitLookupGadget::get_limbs_representations( + AllocatedEmulatedFpVar::::get_limbs_representations( constant, optimization_type, )?; @@ -780,28 +768,28 @@ impl TwoBitLookupGadget::two_bit_lookup(bits, limbs_constant)?); + limbs.push(FpVar::::two_bit_lookup(bits, limbs_constant)?); } - Ok(AllocatedNonNativeFieldVar:: { + Ok(AllocatedEmulatedFpVar:: { cs, limbs, - num_of_additions_over_normal_form: BaseField::zero(), + num_of_additions_over_normal_form: BaseF::zero(), is_in_the_normal_form: true, target_phantom: PhantomData, }) } } -impl ThreeBitCondNegLookupGadget - for AllocatedNonNativeFieldVar +impl ThreeBitCondNegLookupGadget + for AllocatedEmulatedFpVar { - type TableConstant = TargetField; + type TableConstant = TargetF; #[tracing::instrument(target = "r1cs")] fn three_bit_cond_neg_lookup( - bits: &[Boolean], - b0b1: &Boolean, + bits: &[Boolean], + b0b1: &Boolean, constants: &[Self::TableConstant], ) -> R1CSResult { debug_assert!(bits.len() == 3); @@ -816,8 +804,8 @@ impl ThreeBitCondNegLookupGadget }; let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, optimization_type, ); @@ -828,7 +816,7 @@ impl ThreeBitCondNegLookupGadget for constant in constants.iter() { let representations = - AllocatedNonNativeFieldVar::::get_limbs_representations( + AllocatedEmulatedFpVar::::get_limbs_representations( constant, optimization_type, )?; @@ -840,28 +828,28 @@ impl ThreeBitCondNegLookupGadget let mut limbs = Vec::new(); for limbs_constant in limbs_constants.iter() { - limbs.push(FpVar::::three_bit_cond_neg_lookup( + limbs.push(FpVar::::three_bit_cond_neg_lookup( bits, b0b1, limbs_constant, )?); } - Ok(AllocatedNonNativeFieldVar:: { + Ok(AllocatedEmulatedFpVar:: { cs, limbs, - num_of_additions_over_normal_form: BaseField::zero(), + num_of_additions_over_normal_form: BaseF::zero(), is_in_the_normal_form: true, target_phantom: PhantomData, }) } } -impl AllocVar - for AllocatedNonNativeFieldVar +impl AllocVar + for AllocatedEmulatedFpVar { - fn new_variable>( - cs: impl Into>, + fn new_variable>( + cs: impl Into>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> R1CSResult { @@ -875,18 +863,18 @@ impl AllocVar ToConstraintFieldGadget - for AllocatedNonNativeFieldVar +impl ToConstraintFieldGadget + for AllocatedEmulatedFpVar { - fn to_constraint_field(&self) -> R1CSResult>> { - // provide a unique representation of the nonnative variable + fn to_constraint_field(&self) -> R1CSResult>> { + // provide a unique representation of the emulated variable // step 1: convert it into a bit sequence let bits = self.to_bits_le()?; // step 2: obtain the parameters for weight-optimized (often, fewer limbs) let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, OptimizationType::Weight, ); @@ -894,15 +882,15 @@ impl ToConstraintFieldGadget::zero(); - let mut w = BaseField::one(); + let mut limb = FpVar::::zero(); + let mut w = BaseF::one(); for b in chunk.iter() { limb += FpVar::from(b.clone()) * w; w.double_in_place(); } limb }) - .collect::>>(); + .collect::>>(); limbs.reverse(); @@ -913,11 +901,9 @@ impl ToConstraintFieldGadget Clone - for AllocatedNonNativeFieldVar -{ +impl Clone for AllocatedEmulatedFpVar { fn clone(&self) -> Self { - AllocatedNonNativeFieldVar { + AllocatedEmulatedFpVar { cs: self.cs(), limbs: self.limbs.clone(), num_of_additions_over_normal_form: self.num_of_additions_over_normal_form, diff --git a/src/fields/nonnative/allocated_mul_result.rs b/src/fields/emulated_fp/allocated_mul_result.rs similarity index 66% rename from src/fields/nonnative/allocated_mul_result.rs rename to src/fields/emulated_fp/allocated_mul_result.rs index 07c74daf..458f6223 100644 --- a/src/fields/nonnative/allocated_mul_result.rs +++ b/src/fields/emulated_fp/allocated_mul_result.rs @@ -1,7 +1,7 @@ use super::{ params::{get_params, OptimizationType}, reduce::{bigint_to_basefield, limbs_to_bigint, Reducer}, - AllocatedNonNativeFieldVar, + AllocatedEmulatedFpVar, }; use crate::{fields::fp::FpVar, prelude::*}; use ark_ff::PrimeField; @@ -12,37 +12,36 @@ use ark_relations::{ use ark_std::{marker::PhantomData, vec::Vec}; use num_bigint::BigUint; -/// The allocated form of `NonNativeFieldMulResultVar` (introduced below) +/// The allocated form of `MulResultVar` (introduced below) #[derive(Debug)] #[must_use] -pub struct AllocatedNonNativeFieldMulResultVar { +pub struct AllocatedMulResultVar { /// Constraint system reference - pub cs: ConstraintSystemRef, + pub cs: ConstraintSystemRef, /// Limbs of the intermediate representations - pub limbs: Vec>, + pub limbs: Vec>, /// The cumulative num of additions - pub prod_of_num_of_additions: BaseField, + pub prod_of_num_of_additions: BaseF, #[doc(hidden)] - pub target_phantom: PhantomData, + pub target_phantom: PhantomData, } -impl - From<&AllocatedNonNativeFieldVar> - for AllocatedNonNativeFieldMulResultVar +impl From<&AllocatedEmulatedFpVar> + for AllocatedMulResultVar { - fn from(src: &AllocatedNonNativeFieldVar) -> Self { + fn from(src: &AllocatedEmulatedFpVar) -> Self { let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, src.get_optimization_type(), ); let mut limbs = src.limbs.clone(); limbs.reverse(); - limbs.resize(2 * params.num_limbs - 1, FpVar::::zero()); + limbs.resize(2 * params.num_limbs - 1, FpVar::::zero()); limbs.reverse(); - let prod_of_num_of_additions = src.num_of_additions_over_normal_form + &BaseField::one(); + let prod_of_num_of_additions = src.num_of_additions_over_normal_form + &BaseF::one(); Self { cs: src.cs(), @@ -53,76 +52,74 @@ impl } } -impl - AllocatedNonNativeFieldMulResultVar -{ +impl AllocatedMulResultVar { /// Get the CS - pub fn cs(&self) -> ConstraintSystemRef { + pub fn cs(&self) -> ConstraintSystemRef { self.cs.clone() } /// Get the value of the multiplication result - pub fn value(&self) -> R1CSResult { + pub fn value(&self) -> R1CSResult { let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, self.get_optimization_type(), ); let p_representations = - AllocatedNonNativeFieldVar::::get_limbs_representations_from_big_integer( - &::MODULUS, - self.get_optimization_type() + AllocatedEmulatedFpVar::::get_limbs_representations_from_big_integer( + &::MODULUS, + self.get_optimization_type(), )?; let p_bigint = limbs_to_bigint(params.bits_per_limb, &p_representations); - let mut limbs_values = Vec::::new(); + let mut limbs_values = Vec::::new(); for limb in self.limbs.iter() { limbs_values.push(limb.value().unwrap_or_default()); } let value_bigint = limbs_to_bigint(params.bits_per_limb, &limbs_values); - let res = bigint_to_basefield::(&(value_bigint % p_bigint)); + let res = bigint_to_basefield::(&(value_bigint % p_bigint)); Ok(res) } /// Constraints for reducing the result of a multiplication mod p, to get an /// original representation. - pub fn reduce(&self) -> R1CSResult> { + pub fn reduce(&self) -> R1CSResult> { let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, self.get_optimization_type(), ); // Step 1: get p let p_representations = - AllocatedNonNativeFieldVar::::get_limbs_representations_from_big_integer( - &::MODULUS, - self.get_optimization_type() + AllocatedEmulatedFpVar::::get_limbs_representations_from_big_integer( + &::MODULUS, + self.get_optimization_type(), )?; let p_bigint = limbs_to_bigint(params.bits_per_limb, &p_representations); let mut p_gadget_limbs = Vec::new(); for limb in p_representations.iter() { - p_gadget_limbs.push(FpVar::::new_constant(self.cs(), limb)?); + p_gadget_limbs.push(FpVar::::new_constant(self.cs(), limb)?); } - let p_gadget = AllocatedNonNativeFieldVar:: { + let p_gadget = AllocatedEmulatedFpVar:: { cs: self.cs(), limbs: p_gadget_limbs, - num_of_additions_over_normal_form: BaseField::one(), + num_of_additions_over_normal_form: BaseF::one(), is_in_the_normal_form: false, target_phantom: PhantomData, }; // Step 2: compute surfeit - let surfeit = overhead!(self.prod_of_num_of_additions + BaseField::one()) + 1 + 1; + let surfeit = overhead!(self.prod_of_num_of_additions + BaseF::one()) + 1 + 1; // Step 3: allocate k let k_bits = { let mut res = Vec::new(); - let mut limbs_values = Vec::::new(); + let mut limbs_values = Vec::::new(); for limb in self.limbs.iter() { limbs_values.push(limb.value().unwrap_or_default()); } @@ -130,10 +127,10 @@ impl let value_bigint = limbs_to_bigint(params.bits_per_limb, &limbs_values); let mut k_cur = value_bigint / p_bigint; - let total_len = TargetField::MODULUS_BIT_SIZE as usize + surfeit; + let total_len = TargetF::MODULUS_BIT_SIZE as usize + surfeit; for _ in 0..total_len { - res.push(Boolean::::new_witness(self.cs(), || { + res.push(Boolean::::new_witness(self.cs(), || { Ok(&k_cur % 2u64 == BigUint::from(1u64)) })?); k_cur /= 2u64; @@ -142,7 +139,7 @@ impl }; let k_limbs = { - let zero = FpVar::Constant(BaseField::zero()); + let zero = FpVar::Constant(BaseF::zero()); let mut limbs = Vec::new(); let mut k_bits_cur = k_bits.clone(); @@ -158,10 +155,10 @@ impl k_bits_cur = k_bits_cur[this_limb_size..].to_vec(); let mut limb = zero.clone(); - let mut cur = BaseField::one(); + let mut cur = BaseF::one(); for bit in this_limb_bits.iter() { - limb += &(FpVar::::from(bit.clone()) * cur); + limb += &(FpVar::::from(bit.clone()) * cur); cur.double_in_place(); } limbs.push(limb); @@ -171,7 +168,7 @@ impl limbs }; - let k_gadget = AllocatedNonNativeFieldVar:: { + let k_gadget = AllocatedEmulatedFpVar:: { cs: self.cs(), limbs: k_limbs, num_of_additions_over_normal_form: self.prod_of_num_of_additions, @@ -181,20 +178,19 @@ impl let cs = self.cs(); - let r_gadget = AllocatedNonNativeFieldVar::::new_witness( - ns!(cs, "r"), - || Ok(self.value()?), - )?; + let r_gadget = AllocatedEmulatedFpVar::::new_witness(ns!(cs, "r"), || { + Ok(self.value()?) + })?; let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, self.get_optimization_type(), ); // Step 1: reduce `self` and `other` if neceessary let mut prod_limbs = Vec::new(); - let zero = FpVar::::zero(); + let zero = FpVar::::zero(); for _ in 0..2 * params.num_limbs - 1 { prod_limbs.push(zero.clone()); @@ -209,9 +205,8 @@ impl let mut kp_plus_r_gadget = Self { cs, limbs: prod_limbs, - prod_of_num_of_additions: (p_gadget.num_of_additions_over_normal_form - + BaseField::one()) - * (k_gadget.num_of_additions_over_normal_form + BaseField::one()), + prod_of_num_of_additions: (p_gadget.num_of_additions_over_normal_form + BaseF::one()) + * (k_gadget.num_of_additions_over_normal_form + BaseF::one()), target_phantom: PhantomData, }; @@ -220,7 +215,7 @@ impl kp_plus_r_gadget.limbs[kp_plus_r_limbs_len - 1 - i] += limb; } - Reducer::::group_and_check_equality( + Reducer::::group_and_check_equality( surfeit, 2 * params.bits_per_limb, params.bits_per_limb, @@ -254,12 +249,11 @@ impl /// Add native constant elem #[tracing::instrument(target = "r1cs")] - pub fn add_constant(&self, other: &TargetField) -> R1CSResult { - let mut other_limbs = - AllocatedNonNativeFieldVar::::get_limbs_representations( - other, - self.get_optimization_type(), - )?; + pub fn add_constant(&self, other: &TargetF) -> R1CSResult { + let mut other_limbs = AllocatedEmulatedFpVar::::get_limbs_representations( + other, + self.get_optimization_type(), + )?; other_limbs.reverse(); let mut new_limbs = Vec::new(); @@ -277,7 +271,7 @@ impl Ok(Self { cs: self.cs(), limbs: new_limbs, - prod_of_num_of_additions: self.prod_of_num_of_additions + BaseField::one(), + prod_of_num_of_additions: self.prod_of_num_of_additions + BaseF::one(), target_phantom: PhantomData, }) } diff --git a/src/fields/nonnative/field_var.rs b/src/fields/emulated_fp/field_var.rs similarity index 58% rename from src/fields/nonnative/field_var.rs rename to src/fields/emulated_fp/field_var.rs index 2879e636..41c2b7af 100644 --- a/src/fields/nonnative/field_var.rs +++ b/src/fields/emulated_fp/field_var.rs @@ -1,4 +1,4 @@ -use super::{params::OptimizationType, AllocatedNonNativeFieldVar, NonNativeFieldMulResultVar}; +use super::{params::OptimizationType, AllocatedEmulatedFpVar, MulResultVar}; use crate::{ boolean::Boolean, fields::{fp::FpVar, FieldVar}, @@ -13,20 +13,18 @@ use ark_std::{ vec::Vec, }; -/// A gadget for representing non-native (`TargetField`) field elements over the -/// constraint field (`BaseField`). +/// A gadget for representing non-native (`TargetF`) field elements over the +/// constraint field (`BaseF`). #[derive(Clone, Debug)] #[must_use] -pub enum NonNativeFieldVar { +pub enum EmulatedFpVar { /// Constant - Constant(TargetField), + Constant(TargetF), /// Allocated gadget - Var(AllocatedNonNativeFieldVar), + Var(AllocatedEmulatedFpVar), } -impl PartialEq - for NonNativeFieldVar -{ +impl PartialEq for EmulatedFpVar { fn eq(&self, other: &Self) -> bool { self.value() .unwrap_or_default() @@ -34,25 +32,18 @@ impl PartialEq } } -impl Eq - for NonNativeFieldVar -{ -} +impl Eq for EmulatedFpVar {} -impl Hash - for NonNativeFieldVar -{ +impl Hash for EmulatedFpVar { fn hash(&self, state: &mut H) { self.value().unwrap_or_default().hash(state); } } -impl R1CSVar - for NonNativeFieldVar -{ - type Value = TargetField; +impl R1CSVar for EmulatedFpVar { + type Value = TargetF; - fn cs(&self) -> ConstraintSystemRef { + fn cs(&self) -> ConstraintSystemRef { match self { Self::Constant(_) => ConstraintSystemRef::None, Self::Var(a) => a.cs(), @@ -67,53 +58,52 @@ impl R1CSVar } } -impl From> - for NonNativeFieldVar +impl From> + for EmulatedFpVar { - fn from(other: Boolean) -> Self { + fn from(other: Boolean) -> Self { if let Boolean::Constant(b) = other { - Self::Constant(>::from(b as u128)) + Self::Constant(>::from(b as u128)) } else { // `other` is a variable - let one = Self::Constant(TargetField::one()); - let zero = Self::Constant(TargetField::zero()); + let one = Self::Constant(TargetF::one()); + let zero = Self::Constant(TargetF::zero()); Self::conditionally_select(&other, &one, &zero).unwrap() } } } -impl - From> - for NonNativeFieldVar +impl From> + for EmulatedFpVar { - fn from(other: AllocatedNonNativeFieldVar) -> Self { + fn from(other: AllocatedEmulatedFpVar) -> Self { Self::Var(other) } } -impl<'a, TargetField: PrimeField, BaseField: PrimeField> FieldOpsBounds<'a, TargetField, Self> - for NonNativeFieldVar +impl<'a, TargetF: PrimeField, BaseF: PrimeField> FieldOpsBounds<'a, TargetF, Self> + for EmulatedFpVar { } -impl<'a, TargetField: PrimeField, BaseField: PrimeField> - FieldOpsBounds<'a, TargetField, NonNativeFieldVar> - for &'a NonNativeFieldVar +impl<'a, TargetF: PrimeField, BaseF: PrimeField> + FieldOpsBounds<'a, TargetF, EmulatedFpVar> + for &'a EmulatedFpVar { } -impl FieldVar - for NonNativeFieldVar +impl FieldVar + for EmulatedFpVar { fn zero() -> Self { - Self::Constant(TargetField::zero()) + Self::Constant(TargetF::zero()) } fn one() -> Self { - Self::Constant(TargetField::one()) + Self::Constant(TargetF::one()) } - fn constant(v: TargetField) -> Self { + fn constant(v: TargetF) -> Self { Self::Constant(v) } @@ -147,33 +137,33 @@ impl FieldVar, - TargetField, + EmulatedFpVar, + TargetF, Add, add, AddAssign, add_assign, - |this: &'a NonNativeFieldVar, other: &'a NonNativeFieldVar| { - use NonNativeFieldVar::*; + |this: &'a EmulatedFpVar, other: &'a EmulatedFpVar| { + use EmulatedFpVar::*; match (this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 + c2), (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.add_constant(c).unwrap()), (Var(v1), Var(v2)) => Var(v1.add(v2).unwrap()), } }, - |this: &'a NonNativeFieldVar, other: TargetField| { this + &NonNativeFieldVar::Constant(other) }, - (TargetField: PrimeField, BaseField: PrimeField), + |this: &'a EmulatedFpVar, other: TargetF| { this + &EmulatedFpVar::Constant(other) }, + (TargetF: PrimeField, BaseF: PrimeField), ); impl_bounded_ops!( - NonNativeFieldVar, - TargetField, + EmulatedFpVar, + TargetF, Sub, sub, SubAssign, sub_assign, - |this: &'a NonNativeFieldVar, other: &'a NonNativeFieldVar| { - use NonNativeFieldVar::*; + |this: &'a EmulatedFpVar, other: &'a EmulatedFpVar| { + use EmulatedFpVar::*; match (this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 - c2), (Var(v), Constant(c)) => Var(v.sub_constant(c).unwrap()), @@ -181,45 +171,43 @@ impl_bounded_ops!( (Var(v1), Var(v2)) => Var(v1.sub(v2).unwrap()), } }, - |this: &'a NonNativeFieldVar, other: TargetField| { - this - &NonNativeFieldVar::Constant(other) + |this: &'a EmulatedFpVar, other: TargetF| { + this - &EmulatedFpVar::Constant(other) }, - (TargetField: PrimeField, BaseField: PrimeField), + (TargetF: PrimeField, BaseF: PrimeField), ); impl_bounded_ops!( - NonNativeFieldVar, - TargetField, + EmulatedFpVar, + TargetF, Mul, mul, MulAssign, mul_assign, - |this: &'a NonNativeFieldVar, other: &'a NonNativeFieldVar| { - use NonNativeFieldVar::*; + |this: &'a EmulatedFpVar, other: &'a EmulatedFpVar| { + use EmulatedFpVar::*; match (this, other) { (Constant(c1), Constant(c2)) => Constant(*c1 * c2), (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.mul_constant(c).unwrap()), (Var(v1), Var(v2)) => Var(v1.mul(v2).unwrap()), } }, - |this: &'a NonNativeFieldVar, other: TargetField| { + |this: &'a EmulatedFpVar, other: TargetF| { if other.is_zero() { - NonNativeFieldVar::zero() + EmulatedFpVar::zero() } else { - this * &NonNativeFieldVar::Constant(other) + this * &EmulatedFpVar::Constant(other) } }, - (TargetField: PrimeField, BaseField: PrimeField), + (TargetF: PrimeField, BaseF: PrimeField), ); /// ************************************************************************* /// ************************************************************************* -impl EqGadget - for NonNativeFieldVar -{ +impl EqGadget for EmulatedFpVar { #[tracing::instrument(target = "r1cs")] - fn is_eq(&self, other: &Self) -> R1CSResult> { + fn is_eq(&self, other: &Self) -> R1CSResult> { let cs = self.cs().or(other.cs()); if cs == ConstraintSystemRef::None { @@ -239,7 +227,7 @@ impl EqGadget fn conditional_enforce_equal( &self, other: &Self, - should_enforce: &Boolean, + should_enforce: &Boolean, ) -> R1CSResult<()> { match (self, other) { (Self::Constant(c1), Self::Constant(c2)) => { @@ -250,7 +238,7 @@ impl EqGadget }, (Self::Constant(c), Self::Var(v)) | (Self::Var(v), Self::Constant(c)) => { let cs = v.cs(); - let c = AllocatedNonNativeFieldVar::new_constant(cs, c)?; + let c = AllocatedEmulatedFpVar::new_constant(cs, c)?; c.conditional_enforce_equal(v, should_enforce) }, (Self::Var(v1), Self::Var(v2)) => v1.conditional_enforce_equal(v2, should_enforce), @@ -261,7 +249,7 @@ impl EqGadget fn conditional_enforce_not_equal( &self, other: &Self, - should_enforce: &Boolean, + should_enforce: &Boolean, ) -> R1CSResult<()> { match (self, other) { (Self::Constant(c1), Self::Constant(c2)) => { @@ -272,7 +260,7 @@ impl EqGadget }, (Self::Constant(c), Self::Var(v)) | (Self::Var(v), Self::Constant(c)) => { let cs = v.cs(); - let c = AllocatedNonNativeFieldVar::new_constant(cs, c)?; + let c = AllocatedEmulatedFpVar::new_constant(cs, c)?; c.conditional_enforce_not_equal(v, should_enforce) }, (Self::Var(v1), Self::Var(v2)) => v1.conditional_enforce_not_equal(v2, should_enforce), @@ -280,11 +268,9 @@ impl EqGadget } } -impl ToBitsGadget - for NonNativeFieldVar -{ +impl ToBitsGadget for EmulatedFpVar { #[tracing::instrument(target = "r1cs")] - fn to_bits_le(&self) -> R1CSResult>> { + fn to_bits_le(&self) -> R1CSResult>> { match self { Self::Constant(_) => self.to_non_unique_bits_le(), Self::Var(v) => v.to_bits_le(), @@ -292,11 +278,11 @@ impl ToBitsGadget } #[tracing::instrument(target = "r1cs")] - fn to_non_unique_bits_le(&self) -> R1CSResult>> { + fn to_non_unique_bits_le(&self) -> R1CSResult>> { use ark_ff::BitIteratorLE; match self { Self::Constant(c) => Ok(BitIteratorLE::new(&c.into_bigint()) - .take((TargetField::MODULUS_BIT_SIZE) as usize) + .take((TargetF::MODULUS_BIT_SIZE) as usize) .map(Boolean::constant) .collect::>()), Self::Var(v) => v.to_non_unique_bits_le(), @@ -304,13 +290,13 @@ impl ToBitsGadget } } -impl ToBytesGadget - for NonNativeFieldVar +impl ToBytesGadget + for EmulatedFpVar { /// Outputs the unique byte decomposition of `self` in *little-endian* /// form. #[tracing::instrument(target = "r1cs")] - fn to_bytes(&self) -> R1CSResult>> { + fn to_bytes(&self) -> R1CSResult>> { match self { Self::Constant(c) => Ok(UInt8::constant_vec( c.into_bigint().to_bytes_le().as_slice(), @@ -321,7 +307,7 @@ impl ToBytesGadget } #[tracing::instrument(target = "r1cs")] - fn to_non_unique_bytes(&self) -> R1CSResult>> { + fn to_non_unique_bytes(&self) -> R1CSResult>> { match self { Self::Constant(c) => Ok(UInt8::constant_vec( c.into_bigint().to_bytes_le().as_slice(), @@ -331,12 +317,12 @@ impl ToBytesGadget } } -impl CondSelectGadget - for NonNativeFieldVar +impl CondSelectGadget + for EmulatedFpVar { #[tracing::instrument(target = "r1cs")] fn conditionally_select( - cond: &Boolean, + cond: &Boolean, true_value: &Self, false_value: &Self, ) -> R1CSResult { @@ -346,11 +332,11 @@ impl CondSelectGadget _ => { let cs = cond.cs(); let true_value = match true_value { - Self::Constant(f) => AllocatedNonNativeFieldVar::new_constant(cs.clone(), f)?, + Self::Constant(f) => AllocatedEmulatedFpVar::new_constant(cs.clone(), f)?, Self::Var(v) => v.clone(), }; let false_value = match false_value { - Self::Constant(f) => AllocatedNonNativeFieldVar::new_constant(cs, f)?, + Self::Constant(f) => AllocatedEmulatedFpVar::new_constant(cs, f)?, Self::Var(v) => v.clone(), }; cond.select(&true_value, &false_value).map(Self::Var) @@ -361,13 +347,13 @@ impl CondSelectGadget /// Uses two bits to perform a lookup into a table /// `b` is little-endian: `b[0]` is LSB. -impl TwoBitLookupGadget - for NonNativeFieldVar +impl TwoBitLookupGadget + for EmulatedFpVar { - type TableConstant = TargetField; + type TableConstant = TargetF; #[tracing::instrument(target = "r1cs")] - fn two_bit_lookup(b: &[Boolean], c: &[Self::TableConstant]) -> R1CSResult { + fn two_bit_lookup(b: &[Boolean], c: &[Self::TableConstant]) -> R1CSResult { debug_assert_eq!(b.len(), 2); debug_assert_eq!(c.len(), 4); if b.cs().is_none() { @@ -378,20 +364,20 @@ impl TwoBitLookupGadget ThreeBitCondNegLookupGadget - for NonNativeFieldVar +impl ThreeBitCondNegLookupGadget + for EmulatedFpVar { - type TableConstant = TargetField; + type TableConstant = TargetF; #[tracing::instrument(target = "r1cs")] fn three_bit_cond_neg_lookup( - b: &[Boolean], - b0b1: &Boolean, + b: &[Boolean], + b0b1: &Boolean, c: &[Self::TableConstant], ) -> R1CSResult { debug_assert_eq!(b.len(), 3); @@ -413,16 +399,16 @@ impl ThreeBitCondNegLookupGadget }; Ok(Self::Constant(y)) } else { - AllocatedNonNativeFieldVar::three_bit_cond_neg_lookup(b, b0b1, c).map(Self::Var) + AllocatedEmulatedFpVar::three_bit_cond_neg_lookup(b, b0b1, c).map(Self::Var) } } } -impl AllocVar - for NonNativeFieldVar +impl AllocVar + for EmulatedFpVar { - fn new_variable>( - cs: impl Into>, + fn new_variable>( + cs: impl Into>, f: impl FnOnce() -> Result, mode: AllocationMode, ) -> R1CSResult { @@ -432,22 +418,22 @@ impl AllocVar ToConstraintFieldGadget - for NonNativeFieldVar +impl ToConstraintFieldGadget + for EmulatedFpVar { #[tracing::instrument(target = "r1cs")] - fn to_constraint_field(&self) -> R1CSResult>> { + fn to_constraint_field(&self) -> R1CSResult>> { // Use one group element to represent the optimization type. // // By default, the constant is converted in the weight-optimized type, because // it results in fewer elements. match self { - Self::Constant(c) => Ok(AllocatedNonNativeFieldVar::get_limbs_representations( + Self::Constant(c) => Ok(AllocatedEmulatedFpVar::get_limbs_representations( c, OptimizationType::Weight, )? @@ -459,40 +445,27 @@ impl ToConstraintFieldGadget NonNativeFieldVar { - /// The `mul_without_reduce` for `NonNativeFieldVar` +impl EmulatedFpVar { + /// The `mul_without_reduce` for `EmulatedFpVar` #[tracing::instrument(target = "r1cs")] - pub fn mul_without_reduce( - &self, - other: &Self, - ) -> R1CSResult> { + pub fn mul_without_reduce(&self, other: &Self) -> R1CSResult> { match self { Self::Constant(c) => match other { - Self::Constant(other_c) => Ok(NonNativeFieldMulResultVar::Constant(*c * other_c)), + Self::Constant(other_c) => Ok(MulResultVar::Constant(*c * other_c)), Self::Var(other_v) => { let self_v = - AllocatedNonNativeFieldVar::::new_constant( - self.cs(), - c, - )?; - Ok(NonNativeFieldMulResultVar::Var( - other_v.mul_without_reduce(&self_v)?, - )) + AllocatedEmulatedFpVar::::new_constant(self.cs(), c)?; + Ok(MulResultVar::Var(other_v.mul_without_reduce(&self_v)?)) }, }, Self::Var(v) => { let other_v = match other { Self::Constant(other_c) => { - AllocatedNonNativeFieldVar::::new_constant( - self.cs(), - other_c, - )? + AllocatedEmulatedFpVar::::new_constant(self.cs(), other_c)? }, Self::Var(other_v) => other_v.clone(), }; - Ok(NonNativeFieldMulResultVar::Var( - v.mul_without_reduce(&other_v)?, - )) + Ok(MulResultVar::Var(v.mul_without_reduce(&other_v)?)) }, } } diff --git a/src/fields/nonnative/mod.rs b/src/fields/emulated_fp/mod.rs similarity index 82% rename from src/fields/nonnative/mod.rs rename to src/fields/emulated_fp/mod.rs index 548a40f2..17b394cb 100644 --- a/src/fields/nonnative/mod.rs +++ b/src/fields/emulated_fp/mod.rs @@ -17,8 +17,8 @@ //! //! ## Usage //! -//! Because [`NonNativeFieldVar`] implements the [`FieldVar`] trait in arkworks, -//! we can treat it like a native field variable ([`FpVar`]). +//! Because [`EmulatedFpVar`] implements the [`FieldVar`] trait in arkworks, +//! we can treat it like a native prime field variable ([`FpVar`]). //! //! We can do the standard field operations, such as `+`, `-`, and `*`. See the //! following example: @@ -28,7 +28,7 @@ //! # use ark_std::UniformRand; //! # use ark_relations::{ns, r1cs::ConstraintSystem}; //! # use ark_r1cs_std::prelude::*; -//! use ark_r1cs_std::fields::nonnative::NonNativeFieldVar; +//! use ark_r1cs_std::fields::emulated_fp::EmulatedFpVar; //! use ark_bls12_377::{Fr, Fq}; //! //! # let mut rng = ark_std::test_rng(); @@ -36,8 +36,8 @@ //! # let b_value = Fr::rand(&mut rng); //! # let cs = ConstraintSystem::::new_ref(); //! -//! let a = NonNativeFieldVar::::new_witness(ns!(cs, "a"), || Ok(a_value))?; -//! let b = NonNativeFieldVar::::new_witness(ns!(cs, "b"), || Ok(b_value))?; +//! let a = EmulatedFpVar::::new_witness(ns!(cs, "a"), || Ok(a_value))?; +//! let b = EmulatedFpVar::::new_witness(ns!(cs, "b"), || Ok(b_value))?; //! //! // add //! let a_plus_b = &a + &b; @@ -57,15 +57,15 @@ //! ## Advanced optimization //! //! After each multiplication, our library internally performs a *reduce* -//! operation, which reduces an intermediate type [`NonNativeFieldMulResultVar`] -//! to the normalized type [`NonNativeFieldVar`]. This enables a user to +//! operation, which reduces an intermediate type [`MulResultVar`] +//! to the normalized type [`EmulatedFpVar`]. This enables a user to //! seamlessly perform a sequence of operations without worrying about the //! underlying details. //! //! However, this operation is expensive and is sometimes avoidable. We can //! reduce the number of constraints by using this intermediate type, which only //! supports additions. To multiply, it must be reduced back to -//! [`NonNativeFieldVar`]. See below for a skeleton example. +//! [`EmulatedFpVar`]. See below for a skeleton example. //! //! --- //! @@ -82,7 +82,7 @@ //! //! --- //! -//! We can save one reduction by using the [`NonNativeFieldMulResultVar`], as +//! We can save one reduction by using [`MulResultVar`], as //! follows: //! //! ```ignore @@ -98,11 +98,11 @@ //! //! This implementation employs the standard idea of using multiple **limbs** to //! represent an element of the target field. For example, an element in the -//! TargetField may be represented by three BaseField elements (i.e., the +//! TargetF may be represented by three BaseF elements (i.e., the //! limbs). //! //! ```text -//! TargetField -> limb 1, limb 2, and limb 3 (each is a BaseField element) +//! TargetF -> limb 1, limb 2, and limb 3 (each is a BaseF element) //! ``` //! //! After some computation, the limbs become saturated and need to be @@ -122,8 +122,8 @@ //! //! \[OWWB20\]: A. Ozdemir, R. S. Wahby, B. Whitehat, and D. Boneh. "Scaling verifiable computation using efficient set accumulators," in *Proceedings of the 29th USENIX Security Symposium*, ser. Security ’20, 2020. //! -//! [`NonNativeFieldVar`]: crate::fields::nonnative::NonNativeFieldVar -//! [`NonNativeFieldMulResultVar`]: crate::fields::nonnative::NonNativeFieldMulResultVar +//! [`EmulatedFpVar`]: crate::fields::emulated_fp::EmulatedFpVar +//! [`MulResultVar`]: crate::fields::emulated_fp::MulResultVar //! [`FpVar`]: crate::fields::fp::FpVar #![allow( @@ -138,8 +138,8 @@ use ark_std::fmt::Debug; /// Utilities for sampling parameters for non-native field gadgets /// -/// - `BaseField`: the constraint field -/// - `TargetField`: the field being simulated +/// - `BaseF`: the constraint field +/// - `TargetF`: the field being simulated /// - `num_limbs`: how many limbs are used /// - `bits_per_limb`: the size of the limbs pub mod params; @@ -178,11 +178,11 @@ macro_rules! overhead { pub(crate) use overhead; -/// Parameters for a specific `NonNativeFieldVar` instantiation +/// Parameters for a specific `EmulatedFpVar` instantiation #[derive(Clone, Debug)] pub struct NonNativeFieldConfig { - /// The number of limbs (`BaseField` elements) used to represent a - /// `TargetField` element. Highest limb first. + /// The number of limbs (`BaseF` elements) used to represent a + /// `TargetF` element. Highest limb first. pub num_limbs: usize, /// The number of bits of the limb diff --git a/src/fields/emulated_fp/mul_result.rs b/src/fields/emulated_fp/mul_result.rs new file mode 100644 index 00000000..f3ada272 --- /dev/null +++ b/src/fields/emulated_fp/mul_result.rs @@ -0,0 +1,73 @@ +use super::{AllocatedMulResultVar, EmulatedFpVar}; +use ark_ff::PrimeField; +use ark_relations::r1cs::Result as R1CSResult; + +/// An intermediate representation especially for the result of a +/// multiplication, containing more limbs. It is intended for advanced usage to +/// improve the efficiency. +/// +/// That is, instead of calling `mul`, one can call `mul_without_reduce` to +/// obtain this intermediate representation, which can still be added. +/// Then, one can call `reduce` to reduce it back to `EmulatedFpVar`. +/// This may help cut the number of reduce operations. +#[derive(Debug)] +#[must_use] +pub enum MulResultVar { + /// as a constant + Constant(TargetF), + /// as an allocated gadget + Var(AllocatedMulResultVar), +} + +impl MulResultVar { + /// Create a zero `MulResultVar` (used for additions) + pub fn zero() -> Self { + Self::Constant(TargetF::zero()) + } + + /// Create an `MulResultVar` from a constant + pub fn constant(v: TargetF) -> Self { + Self::Constant(v) + } + + /// Reduce the `MulResultVar` back to EmulatedFpVar + #[tracing::instrument(target = "r1cs")] + pub fn reduce(&self) -> R1CSResult> { + match self { + Self::Constant(c) => Ok(EmulatedFpVar::Constant(*c)), + Self::Var(v) => Ok(EmulatedFpVar::Var(v.reduce()?)), + } + } +} + +impl From<&EmulatedFpVar> + for MulResultVar +{ + fn from(src: &EmulatedFpVar) -> Self { + match src { + EmulatedFpVar::Constant(c) => MulResultVar::Constant(*c), + EmulatedFpVar::Var(v) => { + MulResultVar::Var(AllocatedMulResultVar::::from(v)) + }, + } + } +} + +impl_bounded_ops!( + MulResultVar, + TargetF, + Add, + add, + AddAssign, + add_assign, + |this: &'a MulResultVar, other: &'a MulResultVar| { + use MulResultVar::*; + match (this, other) { + (Constant(c1), Constant(c2)) => Constant(*c1 + c2), + (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.add_constant(c).unwrap()), + (Var(v1), Var(v2)) => Var(v1.add(v2).unwrap()), + } + }, + |this: &'a MulResultVar, other: TargetF| { this + &MulResultVar::Constant(other) }, + (TargetF: PrimeField, BaseF: PrimeField), +); diff --git a/src/fields/nonnative/params.rs b/src/fields/emulated_fp/params.rs similarity index 98% rename from src/fields/nonnative/params.rs rename to src/fields/emulated_fp/params.rs index c7ad48b0..47892b4b 100644 --- a/src/fields/nonnative/params.rs +++ b/src/fields/emulated_fp/params.rs @@ -25,7 +25,7 @@ pub enum OptimizationType { Weight, } -/// A function to search for parameters for nonnative field gadgets +/// A function to search for parameters for emulated field gadgets pub const fn find_parameters( base_field_prime_length: usize, target_field_prime_bit_length: usize, diff --git a/src/fields/nonnative/reduce.rs b/src/fields/emulated_fp/reduce.rs similarity index 66% rename from src/fields/nonnative/reduce.rs rename to src/fields/emulated_fp/reduce.rs index b7de396f..d3cd0c28 100644 --- a/src/fields/nonnative/reduce.rs +++ b/src/fields/emulated_fp/reduce.rs @@ -1,4 +1,4 @@ -use super::{overhead, params::get_params, AllocatedNonNativeFieldVar}; +use super::{overhead, params::get_params, AllocatedEmulatedFpVar}; use crate::{ alloc::AllocVar, boolean::Boolean, @@ -15,10 +15,7 @@ use ark_std::{cmp::min, marker::PhantomData, vec, vec::Vec}; use num_bigint::BigUint; use num_integer::Integer; -pub fn limbs_to_bigint( - bits_per_limb: usize, - limbs: &[BaseField], -) -> BigUint { +pub fn limbs_to_bigint(bits_per_limb: usize, limbs: &[BaseF]) -> BigUint { let mut val = BigUint::zero(); let mut big_cur = BigUint::one(); let two = BigUint::from(2u32); @@ -37,16 +34,15 @@ pub fn limbs_to_bigint( val } -pub fn bigint_to_basefield(bigint: &BigUint) -> BaseField { - let mut val = BaseField::zero(); - let mut cur = BaseField::one(); +pub fn bigint_to_basefield(bigint: &BigUint) -> BaseF { + let mut val = BaseF::zero(); + let mut cur = BaseF::one(); let bytes = bigint.to_bytes_be(); - let basefield_256 = - BaseField::from_bigint(::BigInt::from(256u64)).unwrap(); + let basefield_256 = BaseF::from_bigint(::BigInt::from(256u64)).unwrap(); for byte in bytes.iter().rev() { - let bytes_basefield = BaseField::from(*byte as u128); + let bytes_basefield = BaseF::from(*byte as u128); val += cur * bytes_basefield; cur *= &basefield_256; @@ -56,32 +52,28 @@ pub fn bigint_to_basefield(bigint: &BigUint) -> BaseField } /// the collections of methods for reducing the presentations -pub struct Reducer { - pub target_phantom: PhantomData, - pub base_phantom: PhantomData, +pub struct Reducer { + pub target_phantom: PhantomData, + pub base_phantom: PhantomData, } -impl Reducer { - /// convert limbs to bits (take at most `BaseField::MODULUS_BIT_SIZE as +impl Reducer { + /// convert limbs to bits (take at most `BaseF::MODULUS_BIT_SIZE as /// usize - 1` bits) This implementation would be more efficient than /// the original `to_bits` or `to_non_unique_bits` since we enforce that /// some bits are always zero. #[tracing::instrument(target = "r1cs")] - pub fn limb_to_bits( - limb: &FpVar, - num_bits: usize, - ) -> R1CSResult>> { + pub fn limb_to_bits(limb: &FpVar, num_bits: usize) -> R1CSResult>> { let cs = limb.cs(); - let num_bits = min(BaseField::MODULUS_BIT_SIZE as usize - 1, num_bits); + let num_bits = min(BaseF::MODULUS_BIT_SIZE as usize - 1, num_bits); let mut bits_considered = Vec::with_capacity(num_bits); let limb_value = limb.value().unwrap_or_default(); - let num_bits_to_shave = - BaseField::BigInt::NUM_LIMBS * 64 - (BaseField::MODULUS_BIT_SIZE as usize); + let num_bits_to_shave = BaseF::BigInt::NUM_LIMBS * 64 - (BaseF::MODULUS_BIT_SIZE as usize); for b in BitIteratorBE::new(limb_value.into_bigint()) - .skip(num_bits_to_shave + (BaseField::MODULUS_BIT_SIZE as usize - num_bits)) + .skip(num_bits_to_shave + (BaseF::MODULUS_BIT_SIZE as usize - num_bits)) { bits_considered.push(b); } @@ -89,25 +81,24 @@ impl Reducer::Constant(b)); + bits.push(Boolean::::Constant(b)); } Ok(bits) } else { let mut bits = vec![]; for b in bits_considered { - bits.push(Boolean::::new_witness( + bits.push(Boolean::::new_witness( ark_relations::ns!(cs, "bit"), || Ok(b), )?); } - let mut bit_sum = FpVar::::zero(); - let mut coeff = BaseField::one(); + let mut bit_sum = FpVar::::zero(); + let mut coeff = BaseF::one(); for bit in bits.iter().rev() { - bit_sum += - as From>>::from((*bit).clone()) * coeff; + bit_sum += as From>>::from((*bit).clone()) * coeff; coeff.double_in_place(); } @@ -119,11 +110,10 @@ impl Reducer) -> R1CSResult<()> { - let new_elem = - AllocatedNonNativeFieldVar::new_witness(ns!(elem.cs(), "normal_form"), || { - Ok(elem.value().unwrap_or_default()) - })?; + pub fn reduce(elem: &mut AllocatedEmulatedFpVar) -> R1CSResult<()> { + let new_elem = AllocatedEmulatedFpVar::new_witness(ns!(elem.cs(), "normal_form"), || { + Ok(elem.value().unwrap_or_default()) + })?; elem.conditional_enforce_equal(&new_elem, &Boolean::TRUE)?; *elem = new_elem; @@ -132,17 +122,15 @@ impl Reducer, - ) -> R1CSResult<()> { + pub fn post_add_reduce(elem: &mut AllocatedEmulatedFpVar) -> R1CSResult<()> { let params = get_params( - TargetField::MODULUS_BIT_SIZE as usize, - BaseField::MODULUS_BIT_SIZE as usize, + TargetF::MODULUS_BIT_SIZE as usize, + BaseF::MODULUS_BIT_SIZE as usize, elem.get_optimization_type(), ); - let surfeit = overhead!(elem.num_of_additions_over_normal_form + BaseField::one()) + 1; + let surfeit = overhead!(elem.num_of_additions_over_normal_form + BaseF::one()) + 1; - if BaseField::MODULUS_BIT_SIZE as usize > 2 * params.bits_per_limb + surfeit + 1 { + if BaseF::MODULUS_BIT_SIZE as usize > 2 * params.bits_per_limb + surfeit + 1 { Ok(()) } else { Self::reduce(elem) @@ -153,8 +141,8 @@ impl Reducer, - elem_other: &mut AllocatedNonNativeFieldVar, + elem: &mut AllocatedEmulatedFpVar, + elem_other: &mut AllocatedEmulatedFpVar, ) -> R1CSResult<()> { assert_eq!( elem.get_optimization_type(), @@ -162,30 +150,29 @@ impl Reducer BaseField::MODULUS_BIT_SIZE as usize - 1 + > BaseF::MODULUS_BIT_SIZE as usize - 1 { panic!("The current limb parameters do not support multiplication."); } loop { - let prod_of_num_of_additions = (elem.num_of_additions_over_normal_form - + BaseField::one()) - * (elem_other.num_of_additions_over_normal_form + BaseField::one()); + let prod_of_num_of_additions = (elem.num_of_additions_over_normal_form + BaseF::one()) + * (elem_other.num_of_additions_over_normal_form + BaseF::one()); let overhead_limb = overhead!(prod_of_num_of_additions.mul( - &BaseField::from_bigint(::BigInt::from( + &BaseF::from_bigint(::BigInt::from( (params.num_limbs) as u64 )) .unwrap() )); let bits_per_mulresult_limb = 2 * (params.bits_per_limb + 1) + overhead_limb; - if bits_per_mulresult_limb < BaseField::MODULUS_BIT_SIZE as usize { + if bits_per_mulresult_limb < BaseF::MODULUS_BIT_SIZE as usize { break; } @@ -203,9 +190,7 @@ impl Reducer, - ) -> R1CSResult<()> { + pub fn pre_eq_reduce(elem: &mut AllocatedEmulatedFpVar) -> R1CSResult<()> { if elem.is_in_the_normal_form { return Ok(()); } @@ -219,14 +204,14 @@ impl Reducer], - right: &[FpVar], + left: &[FpVar], + right: &[FpVar], ) -> R1CSResult<()> { let cs = left.cs().or(right.cs()); - let zero = FpVar::::zero(); + let zero = FpVar::::zero(); - let mut limb_pairs = Vec::<(FpVar, FpVar)>::new(); - let num_limb_in_a_group = (BaseField::MODULUS_BIT_SIZE as usize + let mut limb_pairs = Vec::<(FpVar, FpVar)>::new(); + let num_limb_in_a_group = (BaseF::MODULUS_BIT_SIZE as usize - 1 - surfeit - 1 @@ -237,9 +222,9 @@ impl Reducer Reducer, FpVar, usize)>::new(); + let mut groupped_limb_pairs = Vec::<(FpVar, FpVar, usize)>::new(); for limb_pairs_in_a_group in limb_pairs.chunks(num_limb_in_a_group) { let mut left_total_limb = zero.clone(); @@ -275,19 +260,19 @@ impl Reducer Reducer> (shift_per_limb * num_limb_in_this_group) as u32; - carry_value = BaseField::from_bigint(carry_repr).unwrap(); + carry_value = BaseF::from_bigint(carry_repr).unwrap(); let carry = FpVar::new_witness(cs.clone(), || Ok(carry_value))?; @@ -307,7 +292,7 @@ impl Reducer(&remainder); + let remainder_limb = bigint_to_basefield::(&remainder); // Now check // left_total_limb + pad_limb + carry_in - right_total_limb @@ -316,21 +301,21 @@ impl Reducer::TRUE)?; + eqn_left.conditional_enforce_equal(&eqn_right, &Boolean::::TRUE)?; accumulated_extra = new_accumulated_extra; carry_in = carry.clone(); carry_in_value = carry_value; if group_id == groupped_limb_pairs.len() - 1 { - carry.enforce_equal(&FpVar::::Constant(bigint_to_basefield( + carry.enforce_equal(&FpVar::::Constant(bigint_to_basefield( &accumulated_extra, )))?; } else { - Reducer::::limb_to_bits(&carry, surfeit + bits_per_limb)?; + Reducer::::limb_to_bits(&carry, surfeit + bits_per_limb)?; } } diff --git a/src/fields/mod.rs b/src/fields/mod.rs index 0c342998..bb82c5f2 100644 --- a/src/fields/mod.rs +++ b/src/fields/mod.rs @@ -20,9 +20,9 @@ pub mod quadratic_extension; /// That is, it implements the R1CS equivalent of `ark_ff::Fp*`. pub mod fp; -/// This module contains a generic implementation of "nonnative" prime field +/// This module contains a generic implementation of "emulated" prime field /// variables. It emulates `Fp` arithmetic using `Fq` operations, where `p != q`. -pub mod nonnative; +pub mod emulated_fp; /// This module contains a generic implementation of the degree-12 tower /// extension field. That is, it implements the R1CS equivalent of diff --git a/src/fields/nonnative/mul_result.rs b/src/fields/nonnative/mul_result.rs deleted file mode 100644 index a04e8d6e..00000000 --- a/src/fields/nonnative/mul_result.rs +++ /dev/null @@ -1,79 +0,0 @@ -use super::{AllocatedNonNativeFieldMulResultVar, NonNativeFieldVar}; -use ark_ff::PrimeField; -use ark_relations::r1cs::Result as R1CSResult; - -/// An intermediate representation especially for the result of a -/// multiplication, containing more limbs. It is intended for advanced usage to -/// improve the efficiency. -/// -/// That is, instead of calling `mul`, one can call `mul_without_reduce` to -/// obtain this intermediate representation, which can still be added. -/// Then, one can call `reduce` to reduce it back to `NonNativeFieldVar`. -/// This may help cut the number of reduce operations. -#[derive(Debug)] -#[must_use] -pub enum NonNativeFieldMulResultVar { - /// as a constant - Constant(TargetField), - /// as an allocated gadget - Var(AllocatedNonNativeFieldMulResultVar), -} - -impl - NonNativeFieldMulResultVar -{ - /// Create a zero `NonNativeFieldMulResultVar` (used for additions) - pub fn zero() -> Self { - Self::Constant(TargetField::zero()) - } - - /// Create an `NonNativeFieldMulResultVar` from a constant - pub fn constant(v: TargetField) -> Self { - Self::Constant(v) - } - - /// Reduce the `NonNativeFieldMulResultVar` back to NonNativeFieldVar - #[tracing::instrument(target = "r1cs")] - pub fn reduce(&self) -> R1CSResult> { - match self { - Self::Constant(c) => Ok(NonNativeFieldVar::Constant(*c)), - Self::Var(v) => Ok(NonNativeFieldVar::Var(v.reduce()?)), - } - } -} - -impl - From<&NonNativeFieldVar> - for NonNativeFieldMulResultVar -{ - fn from(src: &NonNativeFieldVar) -> Self { - match src { - NonNativeFieldVar::Constant(c) => NonNativeFieldMulResultVar::Constant(*c), - NonNativeFieldVar::Var(v) => { - NonNativeFieldMulResultVar::Var(AllocatedNonNativeFieldMulResultVar::< - TargetField, - BaseField, - >::from(v)) - }, - } - } -} - -impl_bounded_ops!( - NonNativeFieldMulResultVar, - TargetField, - Add, - add, - AddAssign, - add_assign, - |this: &'a NonNativeFieldMulResultVar, other: &'a NonNativeFieldMulResultVar| { - use NonNativeFieldMulResultVar::*; - match (this, other) { - (Constant(c1), Constant(c2)) => Constant(*c1 + c2), - (Constant(c), Var(v)) | (Var(v), Constant(c)) => Var(v.add_constant(c).unwrap()), - (Var(v1), Var(v2)) => Var(v1.add(v2).unwrap()), - } - }, - |this: &'a NonNativeFieldMulResultVar, other: TargetField| { this + &NonNativeFieldMulResultVar::Constant(other) }, - (TargetField: PrimeField, BaseField: PrimeField), -); diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs index ea721fe2..1499ffd0 100644 --- a/src/groups/curves/short_weierstrass/mod.rs +++ b/src/groups/curves/short_weierstrass/mod.rs @@ -7,7 +7,7 @@ use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; use ark_std::{borrow::Borrow, marker::PhantomData, ops::Mul}; use non_zero_affine::NonZeroAffineVar; -use crate::fields::nonnative::NonNativeFieldVar; +use crate::fields::emulated_fp::EmulatedFpVar; use crate::{fields::fp::FpVar, prelude::*, ToConstraintFieldGadget, Vec}; /// This module provides a generic implementation of G1 and G2 for @@ -688,13 +688,13 @@ impl_bounded_ops!( impl_bounded_ops_diff!( ProjectiveVar, SWProjective

, - NonNativeFieldVar>, + EmulatedFpVar>, P::ScalarField, Mul, mul, MulAssign, mul_assign, - |this: &'a ProjectiveVar, other: &'a NonNativeFieldVar>| { + |this: &'a ProjectiveVar, other: &'a EmulatedFpVar>| { if this.is_constant() && other.is_constant() { assert!(this.is_constant() && other.is_constant()); ProjectiveVar::constant(this.value().unwrap() * &other.value().unwrap()) @@ -703,7 +703,7 @@ impl_bounded_ops_diff!( this.scalar_mul_le(bits.iter()).unwrap() } }, - |this: &'a ProjectiveVar, other: P::ScalarField| this * NonNativeFieldVar::constant(other), + |this: &'a ProjectiveVar, other: P::ScalarField| this * EmulatedFpVar::constant(other), (F: FieldVar>, P: SWCurveConfig), for <'b> &'b F: FieldOpsBounds<'b, P::BaseField, F>, ); @@ -981,7 +981,7 @@ mod test_sw_curve { use crate::{ alloc::AllocVar, eq::EqGadget, - fields::{fp::FpVar, nonnative::NonNativeFieldVar}, + fields::{emulated_fp::EmulatedFpVar, fp::FpVar}, groups::{curves::short_weierstrass::ProjectiveVar, CurveVar}, ToBitsGadget, }; @@ -1015,7 +1015,7 @@ mod test_sw_curve { ProjectiveVar::>::new_input(cs.clone(), || { Ok(point_out) })?; - let scalar = NonNativeFieldVar::new_input(cs.clone(), || Ok(scalar))?; + let scalar = EmulatedFpVar::new_input(cs.clone(), || Ok(scalar))?; let mul = point_in.scalar_mul_le(scalar.to_bits_le().unwrap().iter())?; diff --git a/src/groups/curves/twisted_edwards/mod.rs b/src/groups/curves/twisted_edwards/mod.rs index 861ecfac..62bce203 100644 --- a/src/groups/curves/twisted_edwards/mod.rs +++ b/src/groups/curves/twisted_edwards/mod.rs @@ -8,7 +8,7 @@ use ark_ec::{ use ark_ff::{BitIteratorBE, Field, One, PrimeField, Zero}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, SynthesisError}; -use crate::fields::nonnative::NonNativeFieldVar; +use crate::fields::emulated_fp::EmulatedFpVar; use crate::{prelude::*, ToConstraintFieldGadget, Vec}; use crate::fields::fp::FpVar; @@ -787,13 +787,13 @@ impl_bounded_ops!( impl_bounded_ops_diff!( AffineVar, TEProjective

, - NonNativeFieldVar>, + EmulatedFpVar>, P::ScalarField, Mul, mul, MulAssign, mul_assign, - |this: &'a AffineVar, other: &'a NonNativeFieldVar>| { + |this: &'a AffineVar, other: &'a EmulatedFpVar>| { if this.is_constant() && other.is_constant() { assert!(this.is_constant() && other.is_constant()); AffineVar::constant(this.value().unwrap() * &other.value().unwrap()) @@ -802,7 +802,7 @@ impl_bounded_ops_diff!( this.scalar_mul_le(bits.iter()).unwrap() } }, - |this: &'a AffineVar, other: P::ScalarField| this * NonNativeFieldVar::constant(other), + |this: &'a AffineVar, other: P::ScalarField| this * EmulatedFpVar::constant(other), ( F :FieldVar> + TwoBitLookupGadget, TableConstant = P::BaseField>, diff --git a/src/groups/mod.rs b/src/groups/mod.rs index 84c63352..444cdf18 100644 --- a/src/groups/mod.rs +++ b/src/groups/mod.rs @@ -1,4 +1,4 @@ -use crate::{fields::nonnative::NonNativeFieldVar, prelude::*}; +use crate::{fields::emulated_fp::EmulatedFpVar, prelude::*}; use ark_ff::PrimeField; use ark_relations::r1cs::{Namespace, SynthesisError}; use core::ops::{Add, AddAssign, Mul, MulAssign, Sub, SubAssign}; @@ -44,9 +44,9 @@ pub trait CurveVar: + SubAssign + AddAssign + SubAssign - + Mul, Output = Self> - + for<'a> Mul<&'a NonNativeFieldVar, Output = Self> - + MulAssign> + + Mul, Output = Self> + + for<'a> Mul<&'a EmulatedFpVar, Output = Self> + + MulAssign> { /// Returns the constant `F::zero()`. This is the identity /// of the group. diff --git a/tests/arithmetic_tests.rs b/tests/arithmetic_tests.rs index 983a8fc3..83d72828 100644 --- a/tests/arithmetic_tests.rs +++ b/tests/arithmetic_tests.rs @@ -10,7 +10,7 @@ use ark_r1cs_std::{ alloc::AllocVar, eq::EqGadget, fields::{ - nonnative::{AllocatedNonNativeFieldVar, NonNativeFieldVar}, + emulated_fp::{AllocatedEmulatedFpVar, EmulatedFpVar}, FieldVar, }, R1CSVar, @@ -28,16 +28,16 @@ const TEST_COUNT: usize = 100; #[cfg(ci)] const TEST_COUNT: usize = 1; -fn allocation_test( +fn allocation_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let a_native = TargetField::rand(rng); - let a = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc a"), - || Ok(a_native), - ) - .unwrap(); + let a_native = TargetF::rand(rng); + let a = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc a"), || { + Ok(a_native) + }) + .unwrap(); let a_actual = a.value().unwrap(); let a_expected = a_native; @@ -46,39 +46,38 @@ fn allocation_test( "allocated value does not equal the expected value" ); - let (_a, a_bits) = - AllocatedNonNativeFieldVar::::new_witness_with_le_bits( - ark_relations::ns!(cs, "alloc a2"), - || Ok(a_native), - ) - .unwrap(); + let (_a, a_bits) = AllocatedEmulatedFpVar::::new_witness_with_le_bits( + ark_relations::ns!(cs, "alloc a2"), + || Ok(a_native), + ) + .unwrap(); let a_bits_actual: Vec = a_bits.into_iter().map(|b| b.value().unwrap()).collect(); let mut a_bits_expected = a_native.into_bigint().to_bits_le(); - a_bits_expected.truncate(TargetField::MODULUS_BIT_SIZE as usize); + a_bits_expected.truncate(TargetF::MODULUS_BIT_SIZE as usize); assert_eq!( a_bits_actual, a_bits_expected, "allocated bits does not equal the expected bits" ); } -fn addition_test( +fn addition_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let a_native = TargetField::rand(rng); - let a = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc a"), - || Ok(a_native), - ) - .unwrap(); + let a_native = TargetF::rand(rng); + let a = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc a"), || { + Ok(a_native) + }) + .unwrap(); - let b_native = TargetField::rand(rng); - let b = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc b"), - || Ok(b_native), - ) - .unwrap(); + let b_native = TargetF::rand(rng); + let b = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc b"), || { + Ok(b_native) + }) + .unwrap(); let a_plus_b = a + &b; @@ -87,23 +86,23 @@ fn addition_test( assert!(a_plus_b_actual.eq(&a_plus_b_expected), "a + b failed"); } -fn multiplication_test( +fn multiplication_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let a_native = TargetField::rand(rng); - let a = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc a"), - || Ok(a_native), - ) - .unwrap(); + let a_native = TargetF::rand(rng); + let a = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc a"), || { + Ok(a_native) + }) + .unwrap(); - let b_native = TargetField::rand(rng); - let b = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc b"), - || Ok(b_native), - ) - .unwrap(); + let b_native = TargetF::rand(rng); + let b = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc b"), || { + Ok(b_native) + }) + .unwrap(); let a_times_b = a * &b; @@ -119,28 +118,28 @@ fn multiplication_test( +fn equality_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let a_native = TargetField::rand(rng); - let a = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc a"), - || Ok(a_native), - ) - .unwrap(); + let a_native = TargetF::rand(rng); + let a = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc a"), || { + Ok(a_native) + }) + .unwrap(); - let b_native = TargetField::rand(rng); - let b = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc b"), - || Ok(b_native), - ) - .unwrap(); + let b_native = TargetF::rand(rng); + let b = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc b"), || { + Ok(b_native) + }) + .unwrap(); let a_times_b = a * &b; let a_times_b_expected = a_native * &b_native; - let a_times_b_expected_gadget = NonNativeFieldVar::::new_witness( + let a_times_b_expected_gadget = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "alloc a * b"), || Ok(a_times_b_expected), ) @@ -149,21 +148,21 @@ fn equality_test( a_times_b.enforce_equal(&a_times_b_expected_gadget).unwrap(); } -fn edge_cases_test( +fn edge_cases_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let zero_native = TargetField::zero(); - let zero = NonNativeFieldVar::::zero(); - let one = NonNativeFieldVar::::one(); - - let a_native = TargetField::rand(rng); - let minus_a_native = TargetField::zero() - &a_native; - let a = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "alloc a"), - || Ok(a_native), - ) - .unwrap(); + let zero_native = TargetF::zero(); + let zero = EmulatedFpVar::::zero(); + let one = EmulatedFpVar::::one(); + + let a_native = TargetF::rand(rng); + let minus_a_native = TargetF::zero() - &a_native; + let a = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "alloc a"), || { + Ok(a_native) + }) + .unwrap(); let a_plus_zero = &a + &zero; let a_minus_zero = &a - &zero; @@ -235,13 +234,13 @@ fn edge_cases_test( ); } -fn distribution_law_test( +fn distribution_law_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let a_native = TargetField::rand(rng); - let b_native = TargetField::rand(rng); - let c_native = TargetField::rand(rng); + let a_native = TargetF::rand(rng); + let b_native = TargetF::rand(rng); + let c_native = TargetF::rand(rng); let a_plus_b_native = a_native.clone() + &b_native; let a_times_c_native = a_native.clone() * &c_native; @@ -254,20 +253,17 @@ fn distribution_law_test::new_witness( - ark_relations::ns!(cs, "a"), - || Ok(a_native), - ) + let a = EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "a"), || { + Ok(a_native) + }) .unwrap(); - let b = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "b"), - || Ok(b_native), - ) + let b = EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "b"), || { + Ok(b_native) + }) .unwrap(); - let c = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "c"), - || Ok(c_native), - ) + let c = EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "c"), || { + Ok(c_native) + }) .unwrap(); let a_plus_b = &a + &b; @@ -308,7 +304,7 @@ fn distribution_law_test( +fn randomized_arithmetic_test( cs: ConstraintSystemRef, rng: &mut R, ) { @@ -317,15 +313,15 @@ fn randomized_arithmetic_test::new_witness( + let mut num_native = TargetF::rand(rng); + let mut num = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "initial num"), || Ok(num_native), ) .unwrap(); for op in operations.iter() { - let next_native = TargetField::rand(rng); - let next = NonNativeFieldVar::::new_witness( + let next_native = TargetF::rand(rng); + let next = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "next num for repetition"), || Ok(next_native), ) @@ -353,17 +349,17 @@ fn randomized_arithmetic_test( +fn addition_stress_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let mut num_native = TargetField::rand(rng); + let mut num_native = TargetF::rand(rng); let mut num = - NonNativeFieldVar::new_witness(ark_relations::ns!(cs, "initial num"), || Ok(num_native)) + EmulatedFpVar::new_witness(ark_relations::ns!(cs, "initial num"), || Ok(num_native)) .unwrap(); for _ in 0..TEST_COUNT { - let next_native = TargetField::rand(rng); - let next = NonNativeFieldVar::::new_witness( + let next_native = TargetF::rand(rng); + let next = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "next num for repetition"), || Ok(next_native), ) @@ -375,19 +371,19 @@ fn addition_stress_test( +fn multiplication_stress_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let mut num_native = TargetField::rand(rng); - let mut num = NonNativeFieldVar::::new_witness( + let mut num_native = TargetF::rand(rng); + let mut num = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "initial num"), || Ok(num_native), ) .unwrap(); for _ in 0..TEST_COUNT { - let next_native = TargetField::rand(rng); - let next = NonNativeFieldVar::::new_witness( + let next_native = TargetF::rand(rng); + let next = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "next num for repetition"), || Ok(next_native), ) @@ -399,25 +395,25 @@ fn multiplication_stress_test( +fn mul_and_add_stress_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let mut num_native = TargetField::rand(rng); - let mut num = NonNativeFieldVar::::new_witness( + let mut num_native = TargetF::rand(rng); + let mut num = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "initial num"), || Ok(num_native), ) .unwrap(); for _ in 0..TEST_COUNT { - let next_add_native = TargetField::rand(rng); - let next_add = NonNativeFieldVar::::new_witness( + let next_add_native = TargetF::rand(rng); + let next_add = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "next to add num for repetition"), || Ok(next_add_native), ) .unwrap(); - let next_mul_native = TargetField::rand(rng); - let next_mul = NonNativeFieldVar::::new_witness( + let next_mul_native = TargetF::rand(rng); + let next_mul = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "next to mul num for repetition"), || Ok(next_mul_native), ) @@ -430,25 +426,25 @@ fn mul_and_add_stress_test( +fn square_mul_add_stress_test( cs: ConstraintSystemRef, rng: &mut R, ) { - let mut num_native = TargetField::rand(rng); - let mut num = NonNativeFieldVar::::new_witness( + let mut num_native = TargetF::rand(rng); + let mut num = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "initial num"), || Ok(num_native), ) .unwrap(); for _ in 0..TEST_COUNT { - let next_add_native = TargetField::rand(rng); - let next_add = NonNativeFieldVar::::new_witness( + let next_add_native = TargetF::rand(rng); + let next_add = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "next to add num for repetition"), || Ok(next_add_native), ) .unwrap(); - let next_mul_native = TargetField::rand(rng); - let next_mul = NonNativeFieldVar::::new_witness( + let next_mul_native = TargetF::rand(rng); + let next_mul = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "next to mul num for repetition"), || Ok(next_mul_native), ) @@ -461,12 +457,12 @@ fn square_mul_add_stress_test( +fn double_stress_test_1( cs: ConstraintSystemRef, rng: &mut R, ) { - let mut num_native = TargetField::rand(rng); - let mut num = NonNativeFieldVar::::new_witness( + let mut num_native = TargetF::rand(rng); + let mut num = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "initial num"), || Ok(num_native), ) @@ -482,12 +478,12 @@ fn double_stress_test_1( +fn double_stress_test_2( cs: ConstraintSystemRef, rng: &mut R, ) { - let mut num_native = TargetField::rand(rng); - let mut num = NonNativeFieldVar::::new_witness( + let mut num_native = TargetF::rand(rng); + let mut num = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "initial num"), || Ok(num_native), ) @@ -506,12 +502,12 @@ fn double_stress_test_2( +fn double_stress_test_3( cs: ConstraintSystemRef, rng: &mut R, ) { - let mut num_native = TargetField::rand(rng); - let mut num = NonNativeFieldVar::::new_witness( + let mut num_native = TargetF::rand(rng); + let mut num = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "initial num"), || Ok(num_native), ) @@ -526,7 +522,7 @@ fn double_stress_test_3::new_witness( + let num_square_native_gadget = EmulatedFpVar::::new_witness( ark_relations::ns!(cs, "repetition: alloc_native num"), || Ok(num_square_native), ) @@ -536,19 +532,19 @@ fn double_stress_test_3( +fn inverse_stress_test( cs: ConstraintSystemRef, rng: &mut R, ) { for _ in 0..TEST_COUNT { - let num_native = TargetField::rand(rng); - let num = NonNativeFieldVar::::new_witness( - ark_relations::ns!(cs, "num"), - || Ok(num_native), - ) - .unwrap(); + let num_native = TargetF::rand(rng); + let num = + EmulatedFpVar::::new_witness(ark_relations::ns!(cs, "num"), || { + Ok(num_native) + }) + .unwrap(); - if num_native == TargetField::zero() { + if num_native == TargetF::zero() { continue; } diff --git a/tests/from_test.rs b/tests/from_test.rs index b17d1438..ddfd08cb 100644 --- a/tests/from_test.rs +++ b/tests/from_test.rs @@ -1,6 +1,6 @@ use ark_r1cs_std::{ alloc::AllocVar, - fields::nonnative::{NonNativeFieldMulResultVar, NonNativeFieldVar}, + fields::emulated_fp::{EmulatedFpVar, MulResultVar}, R1CSVar, }; use ark_relations::r1cs::ConstraintSystem; @@ -15,8 +15,8 @@ fn from_test() { let cs = ConstraintSystem::::new_ref(); let f = F::rand(&mut rng); - let f_var = NonNativeFieldVar::::new_input(cs.clone(), || Ok(f)).unwrap(); - let f_var_converted = NonNativeFieldMulResultVar::::from(&f_var); + let f_var = EmulatedFpVar::::new_input(cs.clone(), || Ok(f)).unwrap(); + let f_var_converted = MulResultVar::::from(&f_var); let f_var_converted_reduced = f_var_converted.reduce().unwrap(); let f_var_value = f_var.value().unwrap(); diff --git a/tests/to_constraint_field_test.rs b/tests/to_constraint_field_test.rs index d0a5ac02..db985b9d 100644 --- a/tests/to_constraint_field_test.rs +++ b/tests/to_constraint_field_test.rs @@ -1,5 +1,5 @@ use ark_r1cs_std::{ - alloc::AllocVar, fields::nonnative::NonNativeFieldVar, R1CSVar, ToConstraintFieldGadget, + alloc::AllocVar, fields::emulated_fp::EmulatedFpVar, R1CSVar, ToConstraintFieldGadget, }; use ark_relations::r1cs::ConstraintSystem; @@ -10,8 +10,8 @@ fn to_constraint_field_test() { let cs = ConstraintSystem::::new_ref(); - let a = NonNativeFieldVar::Constant(F::from(12u8)); - let b = NonNativeFieldVar::new_input(cs.clone(), || Ok(F::from(6u8))).unwrap(); + let a = EmulatedFpVar::Constant(F::from(12u8)); + let b = EmulatedFpVar::new_input(cs.clone(), || Ok(F::from(6u8))).unwrap(); let b2 = &b + &b;