Shrink dependencies for ring-proof (#27)

Cargo.toml

@@ -11,23 +11,19 @@ ark-ec = { version = "0.4", default-features = false }
 ark-ff = { version = "0.4", default-features = false }
 ark-std = { version = "0.4", default-features = false }
 ark-serialize = { version = "0.4", default-features = false }
-rand_core = { version = "0.6", default-features = false, optional = true }
+zeroize = { version = "1.8", default-features = false }
+digest = { version = "0.10", default-features = false }
+sha2 = { version = "0.10", default-features = false }
 rand_chacha = { version = "0.3", default-features = false }
 rayon = { version = "1.10", default-features = false, optional = true }
-zeroize = { version = "1.8", default-features = false }
 hmac = {version = "0.12", default-features = false, optional = true }
-digest = { version = "0.10", default-features = false }
-merlin = { version = "3.0", default-features = false, optional = true }
+# Waiting for crates.io
+ring-proof = { package = "ring", git = "https://github.com/davxy/ring-proof", branch = "extended", default-features = false, optional = true }
 # Curves
 ark-secp256r1 = { version = "0.4.0", default-features = false, optional = true }
 ark-ed25519 = { version = "0.4.0", default-features = false, optional = true }
 ark-ed-on-bls12-381-bandersnatch = { version = "0.4.0", default-features = false, optional = true }
 ark-bls12-381 = { version = "0.4.0", default-features = false, optional = true }
-# Hashing
-sha2 = { version = "0.10", default-features = false }
-# Ring VRF (waiting for crates.io)
-fflonk = { git = "https://github.com/w3f/fflonk", default-features = false, optional = true }
-ring-proof = { package = "ring", git = "https://github.com/davxy/ring-proof", branch = "extended", default-features = false, optional = true }
 
 [dev-dependencies]
 ark-ed25519 = "0.4"
@@ -39,48 +35,44 @@ indexmap = { version = "2.2.6", features = ["serde"] }
 [features]
 default = [ "std" ]
 std = [
-  "getrandom",
   "ark-std/std",
+  "ark-std/getrandom",
   "ark-ec/std",
-  "rand_core/std",
-  "fflonk/std",
   "ring-proof/std",
 ]
-getrandom = [
-  "rand_core",
-  "ark-std/getrandom"
-]
-curves = [
-  "secp256r1",
-  "ed25519",
-  "bandersnatch",
-]
 secp256r1 = [
   "ark-secp256r1",
   "rfc-6979",
 ]
 ed25519 = [ "ark-ed25519" ]
 bandersnatch = [ "ark-ed-on-bls12-381-bandersnatch" ]
-parallel = [
-  "ark-ec/parallel",
-  "ark-ff/parallel",
-  "ark-std/parallel",
-  "ring-proof?/parallel",
-  "fflonk?/parallel",
-  "rayon",
-]
 ring = [
   "bandersnatch",
-  "fflonk",
   "ring-proof",
   "ark-bls12-381/curve",
-  "merlin",
 ]
 rfc-6979 = [ "hmac" ]
 full = [
-  "curves",
+  "secp256r1",
+  "ed25519",
+  "bandersnatch",
   "ring",
 ]
+
+# Optimizations
+parallel = [
+  "ark-ec/parallel",
+  "ark-ff/parallel",
+  "ark-std/parallel",
+  "ring-proof?/parallel",
+  "rayon",
+]
+asm = [
+  "ark-ff/asm",
+  "ring-proof?/asm"
+]
+
+# Deterministic ring-proof (unsafe)
 test-vectors = [
   "ring-proof?/test-vectors"
 ]

src/lib.rs

@@ -211,12 +211,10 @@ impl<S: Suite> Secret<S> {
         Self::from_scalar(scalar)
     }
 
-    /// Construct an ephemeral `Secret` using system randomness.
-    #[cfg(feature = "getrandom")]
-    pub fn ephemeral() -> Self {
-        use rand_core::RngCore;
+    /// Construct an ephemeral `Secret` using some random generator.
+    pub fn from_rand(rng: &mut impl ark_std::rand::RngCore) -> Self {
         let mut seed = [0u8; 32];
-        rand_core::OsRng.fill_bytes(&mut seed);
+        rng.fill_bytes(&mut seed);
         Self::from_seed(&seed)
     }
 

src/ring.rs

@@ -3,11 +3,6 @@ use crate::*;
 use ark_ec::short_weierstrass::SWCurveConfig;
 use pedersen::{PedersenSuite, Proof as PedersenProof};
 
-pub mod prelude {
-    pub use fflonk;
-    pub use ring_proof;
-}
-
 /// Ring suite.
 pub trait RingSuite: PedersenSuite {
     /// Pairing type.
@@ -18,21 +13,21 @@ pub trait RingSuite: PedersenSuite {
 }
 
 /// Polinomial Commitment Scheme (KZG)
-type Pcs<S> = fflonk::pcs::kzg::KZG<<S as RingSuite>::Pairing>;
+type Pcs<S> = ring_proof::pcs::kzg::KZG<<S as RingSuite>::Pairing>;
+
+/// Single PCS commitment.
+type PcsCommitment<S> = ring_proof::pcs::kzg::commitment::KzgCommitment<<S as RingSuite>::Pairing>;
 
-/// PCS setup parameters.
+/// KZG "Polynomial Commitment Scheme" (PCS) parameters.
 ///
-/// Basically the powers of tau SRS.
-pub type PcsParams<S> = fflonk::pcs::kzg::urs::URS<<S as RingSuite>::Pairing>;
+/// Basically powers of tau SRS.
+pub type PcsParams<S> = ring_proof::pcs::kzg::urs::URS<<S as RingSuite>::Pairing>;
 
-/// Polynomial Interactive Oracle Proof (IOP) parameters.
+/// Polynomial "Interactive Oracle Proof" (IOP) parameters.
 ///
 /// Basically all the application specific parameters required to construct and
 /// verify the ring proof.
-pub type PiopParams<S> = ring_proof::PiopParams<BaseField<S>, CurveConfig<S>>;
-
-/// Single PCS commitment.
-pub type PcsCommitment<S> = fflonk::pcs::kzg::commitment::KzgCommitment<<S as RingSuite>::Pairing>;
+type PiopParams<S> = ring_proof::PiopParams<BaseField<S>, CurveConfig<S>>;
 
 /// Ring keys commitment.
 pub type RingCommitment<S> = ring_proof::FixedColumnsCommitted<BaseField<S>, PcsCommitment<S>>;
@@ -149,8 +144,8 @@ where
     BaseField<S>: ark_ff::PrimeField,
     CurveConfig<S>: SWCurveConfig + Clone,
 {
-    pub pcs_params: PcsParams<S>,
-    pub piop_params: PiopParams<S>,
+    pcs_params: PcsParams<S>,
+    piop_params: PiopParams<S>,
 }
 
 #[inline(always)]
@@ -170,12 +165,12 @@ where
     pub fn from_seed(ring_size: usize, seed: [u8; 32]) -> Self {
         use ark_std::rand::SeedableRng;
         let mut rng = rand_chacha::ChaCha20Rng::from_seed(seed);
-        Self::new_random(ring_size, &mut rng)
+        Self::from_rand(ring_size, &mut rng)
     }
 
     /// Construct a new random ring context suitable for the given ring size.
-    pub fn new_random<R: ark_std::rand::RngCore>(ring_size: usize, rng: &mut R) -> Self {
-        use fflonk::pcs::PCS;
+    pub fn from_rand(ring_size: usize, rng: &mut impl ark_std::rand::RngCore) -> Self {
+        use ring_proof::pcs::PCS;
         let domain_size = domain_size(ring_size);
         let pcs_params = Pcs::<S>::setup(3 * domain_size, rng);
         Self::from_srs(ring_size, pcs_params).expect("PCS params is correct")
@@ -217,6 +212,19 @@ where
         ring_proof::index(&self.pcs_params, &self.piop_params, &pks).0
     }
 
+    /// Construct `RingProver` from `ProverKey` for the prover implied by `key_index`.
+    ///
+    /// Key index is the prover index within the `pks` sequence passed to construct the
+    /// `ProverKey` via the `prover_key` method.
+    pub fn prover(&self, prover_key: ProverKey<S>, key_index: usize) -> RingProver<S> {
+        RingProver::<S>::init(
+            prover_key,
+            self.piop_params.clone(),
+            key_index,
+            ring_proof::Transcript::new(b""),
+        )
+    }
+
     /// Construct a `VerifierKey` instance for the given ring.
     ///
     /// Note: if `pks.len() > self.max_ring_size()` the extra keys in the tail are ignored.
@@ -225,20 +233,23 @@ where
         ring_proof::index(&self.pcs_params, &self.piop_params, &pks).1
     }
 
-    pub fn prover(&self, prover_key: ProverKey<S>, key_index: usize) -> RingProver<S> {
-        RingProver::<S>::init(
-            prover_key,
-            self.piop_params.clone(),
-            key_index,
-            merlin::Transcript::new(b""),
-        )
+    /// Construct `VerifierKey` instance for the ring previously committed.
+    ///
+    /// The `RingCommitment` instance can be obtained via the `VerifierKey::commitment()` method.
+    ///
+    /// This allows to quickly reconstruct the verifier key without having to recompute the
+    /// keys commitment.
+    pub fn verifier_key_from_commitment(&self, commitment: RingCommitment<S>) -> VerifierKey<S> {
+        use ring_proof::pcs::PcsParams;
+        VerifierKey::<S>::from_commitment_and_kzg_vk(commitment, self.pcs_params.raw_vk())
     }
 
+    /// Construct `RingVerifier` from `VerifierKey`.
     pub fn verifier(&self, verifier_key: VerifierKey<S>) -> RingVerifier<S> {
         RingVerifier::<S>::init(
             verifier_key,
             self.piop_params.clone(),
-            merlin::Transcript::new(b""),
+            ring_proof::Transcript::new(b""),
         )
     }
 }

src/suites/bandersnatch.rs

@@ -89,6 +89,7 @@ pub mod weierstrass {
 
         pub type PcsParams = ring_suite::PcsParams<BandersnatchSha512Tai>;
         pub type RingContext = ring_suite::RingContext<BandersnatchSha512Tai>;
+        pub type RingCommitment = ring_suite::RingCommitment<BandersnatchSha512Tai>;
         pub type VerifierKey = ring_suite::VerifierKey<BandersnatchSha512Tai>;
         pub type RingProver = ring_suite::RingProver<BandersnatchSha512Tai>;
         pub type RingVerifier = ring_suite::RingVerifier<BandersnatchSha512Tai>;
@@ -177,6 +178,7 @@ pub mod edwards {
 
         pub type PcsParams = ring_suite::PcsParams<BandersnatchSha512Ell2>;
         pub type RingContext = ring_suite::RingContext<BandersnatchSha512Ell2>;
+        pub type RingCommitment = ring_suite::RingCommitment<BandersnatchSha512Ell2>;
         pub type VerifierKey = ring_suite::VerifierKey<BandersnatchSha512Ell2>;
         pub type RingProver = ring_suite::RingProver<BandersnatchSha512Ell2>;
         pub type RingVerifier = ring_suite::RingVerifier<BandersnatchSha512Ell2>;

src/testing.rs

@@ -81,7 +81,7 @@ where
     use ring::{Prover, RingContext, Verifier};
 
     let rng = &mut ark_std::test_rng();
-    let ring_ctx = RingContext::<S>::new_random(512, rng);
+    let ring_ctx = RingContext::<S>::from_rand(512, rng);
 
     let secret = Secret::<S>::from_seed(TEST_SEED);
     let public = secret.public();