diff --git a/src/circuit.rs b/src/circuit.rs index ebb1c2fe1..1d44d4d2c 100644 --- a/src/circuit.rs +++ b/src/circuit.rs @@ -119,7 +119,7 @@ impl<'a, E: Engine, SC: StepCircuit> NovaAugmentedCircuit<'a, E, SC> { Vec>, AllocatedRelaxedR1CSInstance, AllocatedR1CSInstance, - AllocatedPoint, + AllocatedPoint, ), SynthesisError, > { @@ -214,7 +214,7 @@ impl<'a, E: Engine, SC: StepCircuit> NovaAugmentedCircuit<'a, E, SC> { z_i: &[AllocatedNum], U: &AllocatedRelaxedR1CSInstance, u: &AllocatedR1CSInstance, - T: &AllocatedPoint, + T: &AllocatedPoint, arity: usize, ) -> Result<(AllocatedRelaxedR1CSInstance, AllocatedBit), SynthesisError> { // Check that u.x[0] = Hash(params, U, i, z0, zi) diff --git a/src/gadgets/ecc.rs b/src/gadgets/ecc.rs index f174f6f0f..61e1785d9 100644 --- a/src/gadgets/ecc.rs +++ b/src/gadgets/ecc.rs @@ -6,7 +6,7 @@ use crate::{ select_num_or_one, select_num_or_zero, select_num_or_zero2, select_one_or_diff2, select_one_or_num2, select_zero_or_num2, }, - traits::{Engine, Group}, + traits::Group, }; use bellpepper::gadgets::Assignment; use bellpepper_core::{ @@ -18,33 +18,30 @@ use ff::{Field, PrimeField}; /// `AllocatedPoint` provides an elliptic curve abstraction inside a circuit. #[derive(Debug, Clone)] -pub struct AllocatedPoint { - pub(crate) x: AllocatedNum, - pub(crate) y: AllocatedNum, - pub(crate) is_infinity: AllocatedNum, +pub struct AllocatedPoint { + pub(crate) x: AllocatedNum, + pub(crate) y: AllocatedNum, + pub(crate) is_infinity: AllocatedNum, } -impl AllocatedPoint -where - E: Engine, -{ +impl AllocatedPoint { /// Allocates a new point on the curve using coordinates provided by `coords`. /// If coords = None, it allocates the default infinity point - pub fn alloc>( + pub fn alloc>( mut cs: CS, - coords: Option<(E::Base, E::Base, bool)>, + coords: Option<(G::Base, G::Base, bool)>, ) -> Result { let x = AllocatedNum::alloc(cs.namespace(|| "x"), || { - Ok(coords.map_or(E::Base::ZERO, |c| c.0)) + Ok(coords.map_or(G::Base::ZERO, |c| c.0)) })?; let y = AllocatedNum::alloc(cs.namespace(|| "y"), || { - Ok(coords.map_or(E::Base::ZERO, |c| c.1)) + Ok(coords.map_or(G::Base::ZERO, |c| c.1)) })?; let is_infinity = AllocatedNum::alloc(cs.namespace(|| "is_infinity"), || { Ok(if coords.map_or(true, |c| c.2) { - E::Base::ONE + G::Base::ONE } else { - E::Base::ZERO + G::Base::ZERO }) })?; cs.enforce( @@ -60,7 +57,7 @@ where /// checks if `self` is on the curve or if it is infinity pub fn check_on_curve(&self, mut cs: CS) -> Result<(), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { // check that (x,y) is on the curve if it is not infinity // we will check that (1- is_infinity) * y^2 = (1-is_infinity) * (x^3 + Ax + B) @@ -70,13 +67,13 @@ where let x_cube = self.x.mul(cs.namespace(|| "x_cube"), &x_square)?; let rhs = AllocatedNum::alloc(cs.namespace(|| "rhs"), || { - if *self.is_infinity.get_value().get()? == E::Base::ONE { - Ok(E::Base::ZERO) + if *self.is_infinity.get_value().get()? == G::Base::ONE { + Ok(G::Base::ZERO) } else { Ok( *x_cube.get_value().get()? - + *self.x.get_value().get()? * E::GE::group_params().0 - + E::GE::group_params().1, + + *self.x.get_value().get()? * G::group_params().0 + + G::group_params().1, ) } })?; @@ -85,8 +82,8 @@ where || "rhs = (1-is_infinity) * (x^3 + Ax + B)", |lc| { lc + x_cube.get_variable() - + (E::GE::group_params().0, self.x.get_variable()) - + (E::GE::group_params().1, CS::one()) + + (G::group_params().0, self.x.get_variable()) + + (G::group_params().1, CS::one()) }, |lc| lc + CS::one() - self.is_infinity.get_variable(), |lc| lc + rhs.get_variable(), @@ -104,7 +101,7 @@ where } /// Allocates a default point on the curve, set to the identity point. - pub fn default>(mut cs: CS) -> Result { + pub fn default>(mut cs: CS) -> Result { let zero = alloc_zero(cs.namespace(|| "zero")); let one = alloc_one(cs.namespace(|| "one")); @@ -119,15 +116,15 @@ where pub const fn get_coordinates( &self, ) -> ( - &AllocatedNum, - &AllocatedNum, - &AllocatedNum, + &AllocatedNum, + &AllocatedNum, + &AllocatedNum, ) { (&self.x, &self.y, &self.is_infinity) } /// Negates the provided point - pub fn negate>(&self, mut cs: CS) -> Result { + pub fn negate>(&self, mut cs: CS) -> Result { let y = AllocatedNum::alloc(cs.namespace(|| "y"), || Ok(-*self.y.get_value().get()?))?; cs.enforce( @@ -145,7 +142,7 @@ where } /// Add two points (may be equal) - pub fn add>( + pub fn add>( &self, mut cs: CS, other: &Self, @@ -194,7 +191,7 @@ where /// Adds other point to this point and returns the result. Assumes that the two points are /// different and that both `other.is_infinity` and `this.is_infinity` are bits - pub fn add_internal>( + pub fn add_internal>( &self, mut cs: CS, other: &Self, @@ -212,9 +209,9 @@ where // NOT(NOT(self.is_ifninity) AND NOT(other.is_infinity)) let at_least_one_inf = AllocatedNum::alloc(cs.namespace(|| "at least one inf"), || { Ok( - E::Base::ONE - - (E::Base::ONE - *self.is_infinity.get_value().get()?) - * (E::Base::ONE - *other.is_infinity.get_value().get()?), + G::Base::ONE + - (G::Base::ONE - *self.is_infinity.get_value().get()?) + * (G::Base::ONE - *other.is_infinity.get_value().get()?), ) })?; cs.enforce( @@ -228,7 +225,7 @@ where let x_diff_is_actual = AllocatedNum::alloc(cs.namespace(|| "allocate x_diff_is_actual"), || { Ok(if *equal_x.get_value().get()? { - E::Base::ONE + G::Base::ONE } else { *at_least_one_inf.get_value().get()? }) @@ -250,9 +247,9 @@ where )?; let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || { - let x_diff_inv = if *x_diff_is_actual.get_value().get()? == E::Base::ONE { + let x_diff_inv = if *x_diff_is_actual.get_value().get()? == G::Base::ONE { // Set to default - E::Base::ONE + G::Base::ONE } else { // Set to the actual inverse (*other.x.get_value().get()? - *self.x.get_value().get()?) @@ -357,13 +354,13 @@ where } /// Doubles the supplied point. - pub fn double>(&self, mut cs: CS) -> Result { + pub fn double>(&self, mut cs: CS) -> Result { //*************************************************************/ - // lambda = (E::Base::from(3) * self.x * self.x + E::GE::A()) - // * (E::Base::from(2)) * self.y).invert().unwrap(); + // lambda = (G::Base::from(3) * self.x * self.x + G::GG::A()) + // * (G::Base::from(2)) * self.y).invert().unwrap(); /*************************************************************/ - // Compute tmp = (E::Base::ONE + E::Base::ONE)* self.y ? self != inf : 1 + // Compute tmp = (G::Base::ONE + G::Base::ONE)* self.y ? self != inf : 1 let tmp_actual = AllocatedNum::alloc(cs.namespace(|| "tmp_actual"), || { Ok(*self.y.get_value().get()? + *self.y.get_value().get()?) })?; @@ -376,35 +373,35 @@ where let tmp = select_one_or_num2(cs.namespace(|| "tmp"), &tmp_actual, &self.is_infinity)?; - // Now compute lambda as (E::Base::from(3) * self.x * self.x + E::GE::A()) * tmp_inv + // Now compute lambda as (G::Base::from(3) * self.x * self.x + G::GG::A()) * tmp_inv let prod_1 = AllocatedNum::alloc(cs.namespace(|| "alloc prod 1"), || { - Ok(E::Base::from(3) * self.x.get_value().get()? * self.x.get_value().get()?) + Ok(G::Base::from(3) * self.x.get_value().get()? * self.x.get_value().get()?) })?; cs.enforce( || "Check prod 1", - |lc| lc + (E::Base::from(3), self.x.get_variable()), + |lc| lc + (G::Base::from(3), self.x.get_variable()), |lc| lc + self.x.get_variable(), |lc| lc + prod_1.get_variable(), ); let lambda = AllocatedNum::alloc(cs.namespace(|| "alloc lambda"), || { - let tmp_inv = if *self.is_infinity.get_value().get()? == E::Base::ONE { + let tmp_inv = if *self.is_infinity.get_value().get()? == G::Base::ONE { // Return default value 1 - E::Base::ONE + G::Base::ONE } else { // Return the actual inverse (*tmp.get_value().get()?).invert().unwrap() }; - Ok(tmp_inv * (*prod_1.get_value().get()? + E::GE::group_params().0)) + Ok(tmp_inv * (*prod_1.get_value().get()? + G::group_params().0)) })?; cs.enforce( || "Check lambda", |lc| lc + tmp.get_variable(), |lc| lc + lambda.get_variable(), - |lc| lc + prod_1.get_variable() + (E::GE::group_params().0, CS::one()), + |lc| lc + prod_1.get_variable() + (G::group_params().0, CS::one()), ); /*************************************************************/ @@ -461,12 +458,12 @@ where /// A gadget for scalar multiplication, optimized to use incomplete addition law. /// The optimization here is analogous to , /// except we use complete addition law over affine coordinates instead of projective coordinates for the tail bits - pub fn scalar_mul>( + pub fn scalar_mul>( &self, mut cs: CS, scalar_bits: &[AllocatedBit], ) -> Result { - let split_len = core::cmp::min(scalar_bits.len(), (E::Base::NUM_BITS - 2) as usize); + let split_len = core::cmp::min(scalar_bits.len(), (G::Base::NUM_BITS - 2) as usize); let (incomplete_bits, complete_bits) = scalar_bits.split_at(split_len); // we convert AllocatedPoint into AllocatedPointNonInfinity; we deal with the case where self.is_infinity = 1 below @@ -550,7 +547,7 @@ where } /// If condition outputs a otherwise outputs b - pub fn conditionally_select>( + pub fn conditionally_select>( mut cs: CS, a: &Self, b: &Self, @@ -571,7 +568,7 @@ where } /// If condition outputs a otherwise infinity - pub fn select_point_or_infinity>( + pub fn select_point_or_infinity>( mut cs: CS, a: &Self, condition: &Boolean, @@ -592,24 +589,21 @@ where #[derive(Clone, Debug)] /// `AllocatedPoint` but one that is guaranteed to be not infinity -pub struct AllocatedPointNonInfinity { - x: AllocatedNum, - y: AllocatedNum, +pub struct AllocatedPointNonInfinity { + x: AllocatedNum, + y: AllocatedNum, } -impl AllocatedPointNonInfinity -where - E: Engine, -{ +impl AllocatedPointNonInfinity { /// Creates a new `AllocatedPointNonInfinity` from the specified coordinates - pub const fn new(x: AllocatedNum, y: AllocatedNum) -> Self { + pub const fn new(x: AllocatedNum, y: AllocatedNum) -> Self { Self { x, y } } /// Allocates a new point on the curve using coordinates provided by `coords`. - pub fn alloc>( + pub fn alloc>( mut cs: CS, - coords: Option<(E::Base, E::Base)>, + coords: Option<(G::Base, G::Base)>, ) -> Result { let x = AllocatedNum::alloc(cs.namespace(|| "x"), || { coords.map_or(Err(SynthesisError::AssignmentMissing), |c| Ok(c.0)) @@ -622,7 +616,7 @@ where } /// Turns an `AllocatedPoint` into an `AllocatedPointNonInfinity` (assumes it is not infinity) - pub fn from_allocated_point(p: &AllocatedPoint) -> Self { + pub fn from_allocated_point(p: &AllocatedPoint) -> Self { Self { x: p.x.clone(), y: p.y.clone(), @@ -632,8 +626,8 @@ where /// Returns an `AllocatedPoint` from an `AllocatedPointNonInfinity` pub fn to_allocated_point( &self, - is_infinity: &AllocatedNum, - ) -> Result, SynthesisError> { + is_infinity: &AllocatedNum, + ) -> Result, SynthesisError> { Ok(AllocatedPoint { x: self.x.clone(), y: self.y.clone(), @@ -642,19 +636,19 @@ where } /// Returns coordinates associated with the point. - pub const fn get_coordinates(&self) -> (&AllocatedNum, &AllocatedNum) { + pub const fn get_coordinates(&self) -> (&AllocatedNum, &AllocatedNum) { (&self.x, &self.y) } /// Add two points assuming self != +/- other pub fn add_incomplete(&self, mut cs: CS, other: &Self) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { // allocate a free variable that an honest prover sets to lambda = (y2-y1)/(x2-x1) let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || { if *other.x.get_value().get()? == *self.x.get_value().get()? { - Ok(E::Base::ONE) + Ok(G::Base::ONE) } else { Ok( (*other.y.get_value().get()? - *self.y.get_value().get()?) @@ -709,7 +703,7 @@ where } /// doubles the point; since this is called with a point not at infinity, it is guaranteed to be not infinity - pub fn double_incomplete>( + pub fn double_incomplete>( &self, mut cs: CS, ) -> Result { @@ -718,10 +712,10 @@ where let x_sq = self.x.square(cs.namespace(|| "x_sq"))?; let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || { - let n = E::Base::from(3) * x_sq.get_value().get()? + E::GE::group_params().0; - let d = E::Base::from(2) * *self.y.get_value().get()?; - if d == E::Base::ZERO { - Ok(E::Base::ONE) + let n = G::Base::from(3) * x_sq.get_value().get()? + G::group_params().0; + let d = G::Base::from(2) * *self.y.get_value().get()?; + if d == G::Base::ZERO { + Ok(G::Base::ONE) } else { Ok(n * d.invert().unwrap()) } @@ -729,8 +723,8 @@ where cs.enforce( || "Check that lambda is computed correctly", |lc| lc + lambda.get_variable(), - |lc| lc + (E::Base::from(2), self.y.get_variable()), - |lc| lc + (E::Base::from(3), x_sq.get_variable()) + (E::GE::group_params().0, CS::one()), + |lc| lc + (G::Base::from(2), self.y.get_variable()), + |lc| lc + (G::Base::from(3), x_sq.get_variable()) + (G::group_params().0, CS::one()), ); let x = AllocatedNum::alloc(cs.namespace(|| "x"), || { @@ -745,7 +739,7 @@ where || "check that x is correct", |lc| lc + lambda.get_variable(), |lc| lc + lambda.get_variable(), - |lc| lc + x.get_variable() + (E::Base::from(2), self.x.get_variable()), + |lc| lc + x.get_variable() + (G::Base::from(2), self.x.get_variable()), ); let y = AllocatedNum::alloc(cs.namespace(|| "y"), || { @@ -766,7 +760,7 @@ where } /// If condition outputs a otherwise outputs b - pub fn conditionally_select>( + pub fn conditionally_select>( mut cs: CS, a: &Self, b: &Self, @@ -785,14 +779,15 @@ mod tests { use crate::{ bellpepper::{ r1cs::{NovaShape, NovaWitness}, - {solver::SatisfyingAssignment, test_shape_cs::TestShapeCS}, + solver::SatisfyingAssignment, + test_shape_cs::TestShapeCS, }, provider::{ bn256_grumpkin::{bn256, grumpkin}, secp_secq::{secp256k1, secq256k1}, - Bn256Engine, GrumpkinEngine, Secp256k1Engine, Secq256k1Engine, {PallasEngine, VestaEngine}, + Bn256Engine, GrumpkinEngine, PallasEngine, Secp256k1Engine, Secq256k1Engine, VestaEngine, }, - traits::snark::default_ck_hint, + traits::{snark::default_ck_hint, Engine}, }; use expect_test::{expect, Expect}; use ff::{Field, PrimeFieldBits}; @@ -800,21 +795,21 @@ mod tests { use rand::rngs::OsRng; #[derive(Debug, Clone)] - pub struct Point { - x: E::Base, - y: E::Base, + pub struct Point { + x: G::Base, + y: G::Base, is_infinity: bool, } - impl Point { - pub fn new(x: E::Base, y: E::Base, is_infinity: bool) -> Self { + impl Point { + pub fn new(x: G::Base, y: G::Base, is_infinity: bool) -> Self { Self { x, y, is_infinity } } pub fn random_vartime() -> Self { loop { - let x = E::Base::random(&mut OsRng); - let y = (x.square() * x + E::GE::group_params().1).sqrt(); + let x = G::Base::random(&mut OsRng); + let y = (x.square() * x + G::group_params().1).sqrt(); if y.is_some().unwrap_u8() == 1 { return Self { x, @@ -834,8 +829,8 @@ mod tests { } else { // if self.x == other.x and self.y != other.y then return infinity Self { - x: E::Base::ZERO, - y: E::Base::ZERO, + x: G::Base::ZERO, + y: G::Base::ZERO, is_infinity: true, } } @@ -867,16 +862,16 @@ mod tests { pub fn double(&self) -> Self { if self.is_infinity { return Self { - x: E::Base::ZERO, - y: E::Base::ZERO, + x: G::Base::ZERO, + y: G::Base::ZERO, is_infinity: true, }; } - let lambda = E::Base::from(3) + let lambda = G::Base::from(3) * self.x * self.x - * ((E::Base::ONE + E::Base::ONE) * self.y).invert().unwrap(); + * ((G::Base::ONE + G::Base::ONE) * self.y).invert().unwrap(); let x = lambda * lambda - self.x - self.x; let y = lambda * (self.x - x) - self.y; Self { @@ -886,10 +881,10 @@ mod tests { } } - pub fn scalar_mul(&self, scalar: &E::Scalar) -> Self { + pub fn scalar_mul(&self, scalar: &G::Scalar) -> Self { let mut res = Self { - x: E::Base::ZERO, - y: E::Base::ZERO, + x: G::Base::ZERO, + y: G::Base::ZERO, is_infinity: true, }; @@ -905,17 +900,17 @@ mod tests { } // Allocate a random point. Only used for testing - pub fn alloc_random_point>( + pub fn alloc_random_point>( mut cs: CS, - ) -> Result, SynthesisError> { + ) -> Result, SynthesisError> { // get a random point - let p = Point::::random_vartime(); + let p = Point::::random_vartime(); AllocatedPoint::alloc(cs.namespace(|| "alloc p"), Some((p.x, p.y, p.is_infinity))) } /// Make the point io - pub fn inputize_allocted_point>( - p: &AllocatedPoint, + pub fn inputize_allocted_point>( + p: &AllocatedPoint, mut cs: CS, ) { let _ = p.x.inputize(cs.namespace(|| "Input point.x")); @@ -927,27 +922,27 @@ mod tests { #[test] fn test_ecc_ops() { - test_ecc_ops_with::(); - test_ecc_ops_with::(); + test_ecc_ops_with::::GE>(); + test_ecc_ops_with::::GE>(); - test_ecc_ops_with::(); - test_ecc_ops_with::(); + test_ecc_ops_with::::GE>(); + test_ecc_ops_with::::GE>(); - test_ecc_ops_with::(); - test_ecc_ops_with::(); + test_ecc_ops_with::::GE>(); + test_ecc_ops_with::::GE>(); } - fn test_ecc_ops_with() + fn test_ecc_ops_with() where - E: Engine, - C: CurveAffine, + G: Group, + C: CurveAffine, { // perform some curve arithmetic - let a = Point::::random_vartime(); - let b = Point::::random_vartime(); + let a = Point::::random_vartime(); + let b = Point::::random_vartime(); let c = a.add(&b); let d = a.double(); - let s = ::Scalar::random(&mut OsRng); + let s = G::Scalar::random(&mut OsRng); let e = a.scalar_mul(&s); // perform the same computation by translating to curve types @@ -990,15 +985,15 @@ mod tests { assert_eq!(e_curve, e_curve_2); } - fn synthesize_smul(mut cs: CS) -> (AllocatedPoint, AllocatedPoint, E::Scalar) + fn synthesize_smul(mut cs: CS) -> (AllocatedPoint, AllocatedPoint, G::Scalar) where - E: Engine, - CS: ConstraintSystem, + G: Group, + CS: ConstraintSystem, { let a = alloc_random_point(cs.namespace(|| "a")).unwrap(); inputize_allocted_point(&a, cs.namespace(|| "inputize a")); - let s = E::Scalar::random(&mut OsRng); + let s = G::Scalar::random(&mut OsRng); // Allocate bits for s let bits: Vec = s .to_le_bits() @@ -1037,22 +1032,22 @@ mod tests { { // First create the shape let mut cs: TestShapeCS = TestShapeCS::new(); - let _ = synthesize_smul::(cs.namespace(|| "synthesize")); + let _ = synthesize_smul::(cs.namespace(|| "synthesize")); expected_constraints.assert_eq(&cs.num_constraints().to_string()); expected_variables.assert_eq(&cs.num_aux().to_string()); let (shape, ck) = cs.r1cs_shape_and_key(&*default_ck_hint()); // Then the satisfying assignment let mut cs = SatisfyingAssignment::::new(); - let (a, e, s) = synthesize_smul::(cs.namespace(|| "synthesize")); + let (a, e, s) = synthesize_smul::(cs.namespace(|| "synthesize")); let (inst, witness) = cs.r1cs_instance_and_witness(&shape, &ck).unwrap(); - let a_p: Point = Point::new( + let a_p: Point = Point::new( a.x.get_value().unwrap(), a.y.get_value().unwrap(), a.is_infinity.get_value().unwrap() == ::Base::ONE, ); - let e_p: Point = Point::new( + let e_p: Point = Point::new( e.x.get_value().unwrap(), e.y.get_value().unwrap(), e.is_infinity.get_value().unwrap() == ::Base::ONE, @@ -1063,10 +1058,10 @@ mod tests { assert!(shape.is_sat(&ck, &inst, &witness).is_ok()); } - fn synthesize_add_equal(mut cs: CS) -> (AllocatedPoint, AllocatedPoint) + fn synthesize_add_equal(mut cs: CS) -> (AllocatedPoint, AllocatedPoint) where - E: Engine, - CS: ConstraintSystem, + G: Group, + CS: ConstraintSystem, { let a = alloc_random_point(cs.namespace(|| "a")).unwrap(); inputize_allocted_point(&a, cs.namespace(|| "inputize a")); @@ -1094,20 +1089,20 @@ mod tests { { // First create the shape let mut cs: TestShapeCS = TestShapeCS::new(); - let _ = synthesize_add_equal::(cs.namespace(|| "synthesize add equal")); + let _ = synthesize_add_equal::(cs.namespace(|| "synthesize add equal")); println!("Number of constraints: {}", cs.num_constraints()); let (shape, ck) = cs.r1cs_shape_and_key(&*default_ck_hint()); // Then the satisfying assignment let mut cs = SatisfyingAssignment::::new(); - let (a, e) = synthesize_add_equal::(cs.namespace(|| "synthesize add equal")); + let (a, e) = synthesize_add_equal::(cs.namespace(|| "synthesize add equal")); let (inst, witness) = cs.r1cs_instance_and_witness(&shape, &ck).unwrap(); - let a_p: Point = Point::new( + let a_p: Point = Point::new( a.x.get_value().unwrap(), a.y.get_value().unwrap(), a.is_infinity.get_value().unwrap() == ::Base::ONE, ); - let e_p: Point = Point::new( + let e_p: Point = Point::new( e.x.get_value().unwrap(), e.y.get_value().unwrap(), e.is_infinity.get_value().unwrap() == ::Base::ONE, @@ -1118,16 +1113,16 @@ mod tests { assert!(shape.is_sat(&ck, &inst, &witness).is_ok()); } - fn synthesize_add_negation(mut cs: CS) -> AllocatedPoint + fn synthesize_add_negation(mut cs: CS) -> AllocatedPoint where - E: Engine, - CS: ConstraintSystem, + G: Group, + CS: ConstraintSystem, { let a = alloc_random_point(cs.namespace(|| "a")).unwrap(); inputize_allocted_point(&a, cs.namespace(|| "inputize a")); let b = &mut a.clone(); b.y = AllocatedNum::alloc(cs.namespace(|| "allocate negation of a"), || { - Ok(E::Base::ZERO) + Ok(G::Base::ZERO) }) .unwrap(); inputize_allocted_point(b, cs.namespace(|| "inputize b")); @@ -1168,16 +1163,16 @@ mod tests { { // First create the shape let mut cs: TestShapeCS = TestShapeCS::new(); - let _ = synthesize_add_negation::(cs.namespace(|| "synthesize add equal")); + let _ = synthesize_add_negation::(cs.namespace(|| "synthesize add equal")); expected_constraints.assert_eq(&cs.num_constraints().to_string()); expected_variables.assert_eq(&cs.num_aux().to_string()); let (shape, ck) = cs.r1cs_shape_and_key(&*default_ck_hint()); // Then the satisfying assignment let mut cs = SatisfyingAssignment::::new(); - let e = synthesize_add_negation::(cs.namespace(|| "synthesize add negation")); + let e = synthesize_add_negation::(cs.namespace(|| "synthesize add negation")); let (inst, witness) = cs.r1cs_instance_and_witness(&shape, &ck).unwrap(); - let e_p: Point = Point::new( + let e_p: Point = Point::new( e.x.get_value().unwrap(), e.y.get_value().unwrap(), e.is_infinity.get_value().unwrap() == ::Base::ONE, diff --git a/src/gadgets/r1cs.rs b/src/gadgets/r1cs.rs index 2fd5c6b24..144e1e968 100644 --- a/src/gadgets/r1cs.rs +++ b/src/gadgets/r1cs.rs @@ -23,7 +23,7 @@ use itertools::Itertools as _; /// An Allocated R1CS Instance #[derive(Clone)] pub struct AllocatedR1CSInstance { - pub(crate) W: AllocatedPoint, + pub(crate) W: AllocatedPoint, pub(crate) X0: AllocatedNum, pub(crate) X1: AllocatedNum, } @@ -59,8 +59,8 @@ impl AllocatedR1CSInstance { /// An Allocated Relaxed R1CS Instance #[derive(Clone)] pub struct AllocatedRelaxedR1CSInstance { - pub(crate) W: AllocatedPoint, - pub(crate) E: AllocatedPoint, + pub(crate) W: AllocatedPoint, + pub(crate) E: AllocatedPoint, pub(crate) u: AllocatedNum, pub(crate) X0: BigNat, pub(crate) X1: BigNat, @@ -231,7 +231,7 @@ impl AllocatedRelaxedR1CSInstance { mut cs: CS, params: &AllocatedNum, // hash of R1CSShape of F' u: &AllocatedR1CSInstance, - T: &AllocatedPoint, + T: &AllocatedPoint, ro_consts: ROConstantsCircuit, limb_width: usize, n_limbs: usize, @@ -404,12 +404,12 @@ pub fn conditionally_select_vec_allocated_relaxed_r1cs_instance< } /// c = cond ? a: b, where a, b: `AllocatedPoint` -pub fn conditionally_select_point::Base>>( +pub fn conditionally_select_point>( mut cs: CS, - a: &AllocatedPoint, - b: &AllocatedPoint, + a: &AllocatedPoint, + b: &AllocatedPoint, condition: &Boolean, -) -> Result, SynthesisError> { +) -> Result, SynthesisError> { let c = AllocatedPoint { x: conditionally_select( cs.namespace(|| "x = cond ? a.x : b.x"), diff --git a/src/supernova/circuit.rs b/src/supernova/circuit.rs index f9f27c934..0bec073db 100644 --- a/src/supernova/circuit.rs +++ b/src/supernova/circuit.rs @@ -272,7 +272,7 @@ impl<'a, E: Engine, SC: EnforcingStepCircuit> SuperNovaAugmentedCircuit Vec>, Vec>, AllocatedR1CSInstance, - AllocatedPoint, + AllocatedPoint, Option>, Vec, ), @@ -437,7 +437,7 @@ impl<'a, E: Engine, SC: EnforcingStepCircuit> SuperNovaAugmentedCircuit z_i: &[AllocatedNum], U: &[AllocatedRelaxedR1CSInstance], u: &AllocatedR1CSInstance, - T: &AllocatedPoint, + T: &AllocatedPoint, arity: usize, last_augmented_circuit_selector: &[Boolean], program_counter: &Option>,