From d2c52bd73e6a91c20f23ae4971f24ad70a9d0395 Mon Sep 17 00:00:00 2001 From: Srinath Setty Date: Wed, 3 Jul 2024 11:18:28 -0700 Subject: [PATCH] avoid explicit compression/decompression (#326) * avoid explicit compression/decompression * update version --- Cargo.toml | 2 +- src/errors.rs | 3 -- src/lib.rs | 9 ++-- src/nifs.rs | 18 +++----- src/provider/bn256_grumpkin.rs | 32 ++----------- src/provider/hyperkzg.rs | 34 +------------- src/provider/ipa_pc.rs | 29 ++++++------ src/provider/pasta.rs | 59 +----------------------- src/provider/pedersen.rs | 48 +++----------------- src/provider/secp_secq.rs | 11 ++--- src/provider/traits.rs | 56 +---------------------- src/spartan/ppsnark.rs | 82 +++++++++++++++------------------- src/traits/commitment.rs | 22 +-------- 13 files changed, 77 insertions(+), 328 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index f06cc94e..aa22a7c2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "nova-snark" -version = "0.36.0" +version = "0.37.0" authors = ["Srinath Setty "] edition = "2021" description = "High-speed recursive arguments from folding schemes" diff --git a/src/errors.rs b/src/errors.rs index 8a0912bc..a779b4bb 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -22,9 +22,6 @@ pub enum NovaError { /// returned if the supplied witness is not a satisfying witness to a given shape and instance #[error("UnSat")] UnSat, - /// returned when the supplied compressed commitment cannot be decompressed - #[error("DecompressionError")] - DecompressionError, /// returned if proof verification fails #[error("ProofVerifyError")] ProofVerifyError, diff --git a/src/lib.rs b/src/lib.rs index 0d6c3dc7..995d6413 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -46,9 +46,7 @@ use r1cs::{ }; use serde::{Deserialize, Serialize}; use traits::{ - circuit::StepCircuit, - commitment::{CommitmentEngineTrait, CommitmentTrait}, - snark::RelaxedR1CSSNARKTrait, + circuit::StepCircuit, commitment::CommitmentEngineTrait, snark::RelaxedR1CSSNARKTrait, AbsorbInROTrait, Engine, ROConstants, ROConstantsCircuit, ROTrait, }; @@ -399,7 +397,7 @@ where Some(self.zi_primary.clone()), Some(self.r_U_secondary.clone()), Some(self.l_u_secondary.clone()), - Some(Commitment::::decompress(&nifs_secondary.comm_T)?), + Some(nifs_secondary.comm_T), ); let circuit_primary: NovaAugmentedCircuit<'_, E2, C1> = NovaAugmentedCircuit::new( @@ -433,7 +431,7 @@ where Some(self.zi_secondary.clone()), Some(self.r_U_primary.clone()), Some(l_u_primary), - Some(Commitment::::decompress(&nifs_primary.comm_T)?), + Some(nifs_primary.comm_T), ); let circuit_secondary: NovaAugmentedCircuit<'_, E1, C2> = NovaAugmentedCircuit::new( @@ -847,7 +845,6 @@ where type CommitmentKey = <::CE as CommitmentEngineTrait>::CommitmentKey; type Commitment = <::CE as CommitmentEngineTrait>::Commitment; -type CompressedCommitment = <<::CE as CommitmentEngineTrait>::Commitment as CommitmentTrait>::CompressedCommitment; type CE = ::CE; #[cfg(test)] diff --git a/src/nifs.rs b/src/nifs.rs index 0329d38b..6ba63549 100644 --- a/src/nifs.rs +++ b/src/nifs.rs @@ -6,8 +6,8 @@ use crate::{ errors::NovaError, r1cs::{R1CSInstance, R1CSShape, R1CSWitness, RelaxedR1CSInstance, RelaxedR1CSWitness}, scalar_as_base, - traits::{commitment::CommitmentTrait, AbsorbInROTrait, Engine, ROTrait}, - Commitment, CommitmentKey, CompressedCommitment, + traits::{AbsorbInROTrait, Engine, ROTrait}, + Commitment, CommitmentKey, }; use serde::{Deserialize, Serialize}; @@ -16,7 +16,7 @@ use serde::{Deserialize, Serialize}; #[derive(Clone, Debug, Serialize, Deserialize)] #[serde(bound = "")] pub struct NIFS { - pub(crate) comm_T: CompressedCommitment, + pub(crate) comm_T: Commitment, } type ROConstants = @@ -70,12 +70,7 @@ impl NIFS { let W = W1.fold(W2, &T, &r)?; // return the folded instance and witness - Ok(( - Self { - comm_T: comm_T.compress(), - }, - (U, W), - )) + Ok((Self { comm_T }, (U, W))) } /// Takes as input a relaxed R1CS instance `U1` and R1CS instance `U2` @@ -100,14 +95,13 @@ impl NIFS { U2.absorb_in_ro(&mut ro); // append `comm_T` to the transcript and obtain a challenge - let comm_T = Commitment::::decompress(&self.comm_T)?; - comm_T.absorb_in_ro(&mut ro); + self.comm_T.absorb_in_ro(&mut ro); // compute a challenge from the RO let r = ro.squeeze(NUM_CHALLENGE_BITS); // fold the instance using `r` and `comm_T` - let U = U1.fold(U2, &comm_T, &r); + let U = U1.fold(U2, &self.comm_T, &r); // return the folded instance Ok(U) diff --git a/src/provider/bn256_grumpkin.rs b/src/provider/bn256_grumpkin.rs index bb753155..7ad8f3ea 100644 --- a/src/provider/bn256_grumpkin.rs +++ b/src/provider/bn256_grumpkin.rs @@ -1,22 +1,18 @@ //! This module implements the Nova traits for `bn256::Point`, `bn256::Scalar`, `grumpkin::Point`, `grumpkin::Scalar`. use crate::{ - errors::NovaError, impl_traits, - provider::traits::{CompressedGroup, DlogGroup, PairingGroup}, + provider::traits::{DlogGroup, PairingGroup}, traits::{Group, PrimeFieldExt, TranscriptReprTrait}, }; use digest::{ExtendableOutput, Update}; use ff::{FromUniformBytes, PrimeField}; -use group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup, GroupEncoding}; +use group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup}; use num_bigint::BigInt; use num_traits::Num; // Remove this when https://github.com/zcash/pasta_curves/issues/41 resolves use halo2curves::{ - bn256::{ - pairing, G1Affine as Bn256Affine, G1Compressed as Bn256Compressed, G2Affine, G2Compressed, Gt, - G1 as Bn256Point, G2, - }, - grumpkin::{G1Affine as GrumpkinAffine, G1Compressed as GrumpkinCompressed, G1 as GrumpkinPoint}, + bn256::{pairing, G1Affine as Bn256Affine, G2Affine, G2Compressed, Gt, G1 as Bn256Point, G2}, + grumpkin::{G1Affine as GrumpkinAffine, G1 as GrumpkinPoint}, msm::best_multiexp, }; use pasta_curves::arithmetic::{CurveAffine, CurveExt}; @@ -36,7 +32,6 @@ pub mod grumpkin { impl_traits!( bn256, - Bn256Compressed, Bn256Point, Bn256Affine, "30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001", @@ -45,7 +40,6 @@ impl_traits!( impl_traits!( grumpkin, - GrumpkinCompressed, GrumpkinPoint, GrumpkinAffine, "30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47", @@ -84,7 +78,6 @@ impl Group for G2 { } impl DlogGroup for G2 { - type CompressedGroupElement = G2Compressed; type AffineGroupElement = G2Affine; fn vartime_multiscalar_mul(scalars: &[Self::Scalar], bases: &[Self::AffineGroupElement]) -> Self { @@ -99,10 +92,6 @@ impl DlogGroup for G2 { G2::from(*p) } - fn compress(&self) -> Self::CompressedGroupElement { - self.to_bytes() - } - fn from_label(_label: &'static [u8], _n: usize) -> Vec { unimplemented!() } @@ -126,19 +115,6 @@ impl TranscriptReprTrait for G2Compressed { } } -impl CompressedGroup for G2Compressed { - type GroupElement = G2; - - fn decompress(&self) -> Result { - let d = G2::from_bytes(self); - if d.is_some().into() { - Ok(d.unwrap()) - } else { - Err(NovaError::DecompressionError) - } - } -} - impl TranscriptReprTrait for G2Affine { fn to_transcript_bytes(&self) -> Vec { unimplemented!() diff --git a/src/provider/hyperkzg.rs b/src/provider/hyperkzg.rs index 30d9d395..18ef7924 100644 --- a/src/provider/hyperkzg.rs +++ b/src/provider/hyperkzg.rs @@ -8,7 +8,7 @@ #![allow(non_snake_case)] use crate::{ errors::NovaError, - provider::traits::{CompressedGroup, DlogGroup, PairingGroup}, + provider::traits::{DlogGroup, PairingGroup}, traits::{ commitment::{CommitmentEngineTrait, CommitmentTrait, Len}, evaluation::EvaluationEngineTrait, @@ -62,37 +62,14 @@ where comm: ::GE, } -/// A compressed commitment (suitable for serialization) -#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] -pub struct CompressedCommitment -where - E: Engine, - E::GE: PairingGroup, -{ - comm: ::CompressedGroupElement, -} - impl CommitmentTrait for Commitment where E: Engine, E::GE: PairingGroup, { - type CompressedCommitment = CompressedCommitment; - - fn compress(&self) -> Self::CompressedCommitment { - CompressedCommitment { - comm: self.comm.compress(), - } - } - fn to_coordinates(&self) -> (E::Base, E::Base, bool) { self.comm.to_coordinates() } - - fn decompress(c: &Self::CompressedCommitment) -> Result { - let comm = <::GE as DlogGroup>::CompressedGroupElement::decompress(&c.comm)?; - Ok(Commitment { comm }) - } } impl Default for Commitment @@ -141,15 +118,6 @@ where } } -impl TranscriptReprTrait for CompressedCommitment -where - E::GE: PairingGroup, -{ - fn to_transcript_bytes(&self) -> Vec { - self.comm.to_transcript_bytes() - } -} - impl MulAssign for Commitment where E: Engine, diff --git a/src/provider/ipa_pc.rs b/src/provider/ipa_pc.rs index 37ab4b24..cfe5e876 100644 --- a/src/provider/ipa_pc.rs +++ b/src/provider/ipa_pc.rs @@ -4,11 +4,10 @@ use crate::{ provider::{pedersen::CommitmentKeyExtTrait, traits::DlogGroup}, spartan::polys::eq::EqPolynomial, traits::{ - commitment::{CommitmentEngineTrait, CommitmentTrait}, - evaluation::EvaluationEngineTrait, - Engine, TranscriptEngineTrait, TranscriptReprTrait, + commitment::CommitmentEngineTrait, evaluation::EvaluationEngineTrait, Engine, + TranscriptEngineTrait, TranscriptReprTrait, }, - Commitment, CommitmentKey, CompressedCommitment, CE, + Commitment, CommitmentKey, CE, }; use core::iter; use ff::Field; @@ -156,8 +155,8 @@ impl InnerProductWitness { #[derive(Clone, Debug, Serialize, Deserialize)] #[serde(bound = "")] pub struct InnerProductArgument { - L_vec: Vec>, - R_vec: Vec>, + L_vec: Vec>, + R_vec: Vec>, a_hat: E::Scalar, } @@ -200,8 +199,8 @@ where transcript: &mut E::TE| -> Result< ( - CompressedCommitment, - CompressedCommitment, + Commitment, + Commitment, Vec, Vec, CommitmentKey, @@ -221,8 +220,7 @@ where .chain(iter::once(&c_L)) .copied() .collect::>(), - ) - .compress(); + ); let R = CE::::commit( &ck_L.combine(&ck_c), &a_vec[n / 2..n] @@ -230,8 +228,7 @@ where .chain(iter::once(&c_R)) .copied() .collect::>(), - ) - .compress(); + ); transcript.absorb(b"L", &L); transcript.absorb(b"R", &R); @@ -258,8 +255,8 @@ where }; // two vectors to hold the logarithmic number of group elements - let mut L_vec: Vec> = Vec::new(); - let mut R_vec: Vec> = Vec::new(); + let mut L_vec: Vec> = Vec::new(); + let mut R_vec: Vec> = Vec::new(); // we create mutable copies of vectors and generators let mut a_vec = W.a_vec.to_vec(); @@ -375,7 +372,7 @@ where }; let ck_hat = { - let c = CE::::commit(&ck, &s).compress(); + let c = CE::::commit(&ck, &s); CommitmentKey::::reinterpret_commitments_as_ck(&[c])? }; @@ -385,7 +382,7 @@ where let ck_folded = { let ck_L = CommitmentKey::::reinterpret_commitments_as_ck(&self.L_vec)?; let ck_R = CommitmentKey::::reinterpret_commitments_as_ck(&self.R_vec)?; - let ck_P = CommitmentKey::::reinterpret_commitments_as_ck(&[P.compress()])?; + let ck_P = CommitmentKey::::reinterpret_commitments_as_ck(&[P])?; ck_L.combine(&ck_R).combine(&ck_P) }; diff --git a/src/provider/pasta.rs b/src/provider/pasta.rs index 199a38bf..aaa4bee2 100644 --- a/src/provider/pasta.rs +++ b/src/provider/pasta.rs @@ -1,7 +1,6 @@ //! This module implements the Nova traits for `pallas::Point`, `pallas::Scalar`, `vesta::Point`, `vesta::Scalar`. use crate::{ - errors::NovaError, - provider::traits::{CompressedGroup, DlogGroup}, + provider::traits::DlogGroup, traits::{Group, PrimeFieldExt, TranscriptReprTrait}, }; use digest::{ExtendableOutput, Update}; @@ -12,44 +11,16 @@ use num_traits::Num; use pasta_curves::{ self, arithmetic::{CurveAffine, CurveExt}, - group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup, GroupEncoding}, + group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup}, pallas, vesta, Ep, EpAffine, Eq, EqAffine, }; use rayon::prelude::*; -use serde::{Deserialize, Serialize}; use sha3::Shake256; use std::io::Read; -/// A wrapper for compressed group elements of pallas -#[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize)] -pub struct PallasCompressedElementWrapper { - repr: [u8; 32], -} - -impl PallasCompressedElementWrapper { - /// Wraps repr into the wrapper - pub const fn new(repr: [u8; 32]) -> Self { - Self { repr } - } -} - -/// A wrapper for compressed group elements of vesta -#[derive(Clone, Copy, Debug, Eq, PartialEq, Serialize, Deserialize)] -pub struct VestaCompressedElementWrapper { - repr: [u8; 32], -} - -impl VestaCompressedElementWrapper { - /// Wraps repr into the wrapper - pub const fn new(repr: [u8; 32]) -> Self { - Self { repr } - } -} - macro_rules! impl_traits { ( $name:ident, - $name_compressed:ident, $name_curve:ident, $name_curve_affine:ident, $order_str:literal, @@ -70,7 +41,6 @@ macro_rules! impl_traits { } impl DlogGroup for $name::Point { - type CompressedGroupElement = $name_compressed; type AffineGroupElement = $name::Affine; fn vartime_multiscalar_mul( @@ -95,10 +65,6 @@ macro_rules! impl_traits { $name::Point::from(*p) } - fn compress(&self) -> Self::CompressedGroupElement { - $name_compressed::new(self.to_bytes()) - } - fn from_label(label: &'static [u8], n: usize) -> Vec { let mut shake = Shake256::default(); shake.update(label); @@ -170,25 +136,6 @@ macro_rules! impl_traits { } } - impl CompressedGroup for $name_compressed { - type GroupElement = $name::Point; - - fn decompress(&self) -> Result<$name::Point, NovaError> { - let d = $name_curve::from_bytes(&self.repr); - if d.is_some().into() { - Ok(d.unwrap()) - } else { - Err(NovaError::DecompressionError) - } - } - } - - impl TranscriptReprTrait for $name_compressed { - fn to_transcript_bytes(&self) -> Vec { - self.repr.to_vec() - } - } - impl TranscriptReprTrait for $name::Scalar { fn to_transcript_bytes(&self) -> Vec { self.to_repr().to_vec() @@ -207,7 +154,6 @@ macro_rules! impl_traits { impl_traits!( pallas, - PallasCompressedElementWrapper, Ep, EpAffine, "40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001", @@ -216,7 +162,6 @@ impl_traits!( impl_traits!( vesta, - VestaCompressedElementWrapper, Eq, EqAffine, "40000000000000000000000000000000224698fc094cf91b992d30ed00000001", diff --git a/src/provider/pedersen.rs b/src/provider/pedersen.rs index d1c03ce5..dc8579e4 100644 --- a/src/provider/pedersen.rs +++ b/src/provider/pedersen.rs @@ -1,7 +1,7 @@ //! This module provides an implementation of a commitment engine use crate::{ errors::NovaError, - provider::traits::{CompressedGroup, DlogGroup}, + provider::traits::DlogGroup, traits::{ commitment::{CommitmentEngineTrait, CommitmentTrait, Len}, AbsorbInROTrait, Engine, ROTrait, TranscriptReprTrait, @@ -43,38 +43,14 @@ pub struct Commitment { pub(crate) comm: E::GE, } -/// A type that holds a compressed commitment -#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)] -#[serde(bound = "")] -pub struct CompressedCommitment -where - E: Engine, - E::GE: DlogGroup, -{ - comm: ::CompressedGroupElement, -} - impl CommitmentTrait for Commitment where E: Engine, E::GE: DlogGroup, { - type CompressedCommitment = CompressedCommitment; - - fn compress(&self) -> Self::CompressedCommitment { - CompressedCommitment { - comm: self.comm.compress(), - } - } - fn to_coordinates(&self) -> (E::Base, E::Base, bool) { self.comm.to_coordinates() } - - fn decompress(c: &Self::CompressedCommitment) -> Result { - let comm = <::GE as DlogGroup>::CompressedGroupElement::decompress(&c.comm)?; - Ok(Commitment { comm }) - } } impl Default for Commitment @@ -123,16 +99,6 @@ where } } -impl TranscriptReprTrait for CompressedCommitment -where - E: Engine, - E::GE: DlogGroup, -{ - fn to_transcript_bytes(&self) -> Vec { - self.comm.to_transcript_bytes() - } -} - impl MulAssign for Commitment where E: Engine, @@ -236,7 +202,7 @@ where /// Reinterprets commitments as commitment keys fn reinterpret_commitments_as_ck( - c: &[<<::CE as CommitmentEngineTrait>::Commitment as CommitmentTrait>::CompressedCommitment], + c: &[>::Commitment], ) -> Result where Self: Sized; @@ -296,14 +262,10 @@ where } /// reinterprets a vector of commitments as a set of generators - fn reinterpret_commitments_as_ck(c: &[CompressedCommitment]) -> Result { - let d = (0..c.len()) - .into_par_iter() - .map(|i| Commitment::::decompress(&c[i])) - .collect::>, NovaError>>()?; - let ck = (0..d.len()) + fn reinterpret_commitments_as_ck(c: &[Commitment]) -> Result { + let ck = (0..c.len()) .into_par_iter() - .map(|i| d[i].comm.affine()) + .map(|i| c[i].comm.affine()) .collect(); Ok(CommitmentKey { ck }) } diff --git a/src/provider/secp_secq.rs b/src/provider/secp_secq.rs index 8b1786cd..d4727158 100644 --- a/src/provider/secp_secq.rs +++ b/src/provider/secp_secq.rs @@ -1,17 +1,16 @@ //! This module implements the Nova traits for `secp::Point`, `secp::Scalar`, `secq::Point`, `secq::Scalar`. use crate::{ - errors::NovaError, impl_traits, - provider::traits::{CompressedGroup, DlogGroup}, + provider::traits::DlogGroup, traits::{Group, PrimeFieldExt, TranscriptReprTrait}, }; use digest::{ExtendableOutput, Update}; use ff::{FromUniformBytes, PrimeField}; -use group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup, GroupEncoding}; +use group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup}; use halo2curves::{ msm::best_multiexp, - secp256k1::{Secp256k1, Secp256k1Affine, Secp256k1Compressed}, - secq256k1::{Secq256k1, Secq256k1Affine, Secq256k1Compressed}, + secp256k1::{Secp256k1, Secp256k1Affine}, + secq256k1::{Secq256k1, Secq256k1Affine}, }; use num_bigint::BigInt; use num_traits::Num; @@ -36,7 +35,6 @@ pub mod secq256k1 { impl_traits!( secp256k1, - Secp256k1Compressed, Secp256k1, Secp256k1Affine, "fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", @@ -45,7 +43,6 @@ impl_traits!( impl_traits!( secq256k1, - Secq256k1Compressed, Secq256k1, Secq256k1Affine, "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", diff --git a/src/provider/traits.rs b/src/provider/traits.rs index 28367b01..3e6886c2 100644 --- a/src/provider/traits.rs +++ b/src/provider/traits.rs @@ -1,33 +1,10 @@ -use crate::{ - errors::NovaError, - traits::{commitment::ScalarMul, Group, TranscriptReprTrait}, -}; +use crate::traits::{commitment::ScalarMul, Group, TranscriptReprTrait}; use core::{ fmt::Debug, ops::{Add, AddAssign, Sub, SubAssign}, }; use serde::{Deserialize, Serialize}; -/// Represents a compressed version of a group element -pub trait CompressedGroup: - Clone - + Copy - + Debug - + Eq - + Send - + Sync - + TranscriptReprTrait - + Serialize - + for<'de> Deserialize<'de> - + 'static -{ - /// A type that holds the decompressed version of the compressed group element - type GroupElement: DlogGroup; - - /// Decompresses the compressed group element - fn decompress(&self) -> Result; -} - /// A helper trait for types with a group operation. pub trait GroupOps: Add + Sub + AddAssign + SubAssign @@ -57,9 +34,6 @@ pub trait DlogGroup: + ScalarMul<::Scalar> + ScalarMulOwned<::Scalar> { - /// A type representing the compressed version of the group element - type CompressedGroupElement: CompressedGroup; - /// A type representing preprocessed group element type AffineGroupElement: Clone + Debug @@ -77,9 +51,6 @@ pub trait DlogGroup: /// Produce a vector of group elements using a static label fn from_label(label: &'static [u8], n: usize) -> Vec; - /// Compresses the group element - fn compress(&self) -> Self::CompressedGroupElement; - /// Produces a preprocessed element fn affine(&self) -> Self::AffineGroupElement; @@ -117,7 +88,6 @@ pub trait PairingGroup: DlogGroup { macro_rules! impl_traits { ( $name:ident, - $name_compressed:ident, $name_curve:ident, $name_curve_affine:ident, $order_str:literal, @@ -138,7 +108,6 @@ macro_rules! impl_traits { } impl DlogGroup for $name::Point { - type CompressedGroupElement = $name_compressed; type AffineGroupElement = $name::Affine; fn vartime_multiscalar_mul( @@ -156,10 +125,6 @@ macro_rules! impl_traits { $name::Point::from(*p) } - fn compress(&self) -> Self::CompressedGroupElement { - self.to_bytes() - } - fn from_label(label: &'static [u8], n: usize) -> Vec { let mut shake = Shake256::default(); shake.update(label); @@ -233,25 +198,6 @@ macro_rules! impl_traits { } } - impl TranscriptReprTrait for $name_compressed { - fn to_transcript_bytes(&self) -> Vec { - self.as_ref().to_vec() - } - } - - impl CompressedGroup for $name_compressed { - type GroupElement = $name::Point; - - fn decompress(&self) -> Result<$name::Point, NovaError> { - let d = $name_curve::from_bytes(&self); - if d.is_some().into() { - Ok(d.unwrap()) - } else { - Err(NovaError::DecompressionError) - } - } - } - impl TranscriptReprTrait for $name::Scalar { fn to_transcript_bytes(&self) -> Vec { self.to_repr().to_vec() diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs index 04743f10..04f7a233 100644 --- a/src/spartan/ppsnark.rs +++ b/src/spartan/ppsnark.rs @@ -23,12 +23,12 @@ use crate::{ PolyEvalInstance, PolyEvalWitness, }, traits::{ - commitment::{CommitmentEngineTrait, CommitmentTrait, Len}, + commitment::{CommitmentEngineTrait, Len}, evaluation::EvaluationEngineTrait, snark::{DigestHelperTrait, RelaxedR1CSSNARKTrait}, Engine, TranscriptEngineTrait, TranscriptReprTrait, }, - zip_with, Commitment, CommitmentKey, CompressedCommitment, + zip_with, Commitment, CommitmentKey, }; use core::cmp::max; use ff::Field; @@ -869,17 +869,17 @@ impl> SimpleDigestible for VerifierKey> { // commitment to oracles: the first three are for Az, Bz, Cz, // and the last two are for memory reads - comm_Az: CompressedCommitment, - comm_Bz: CompressedCommitment, - comm_Cz: CompressedCommitment, - comm_L_row: CompressedCommitment, - comm_L_col: CompressedCommitment, + comm_Az: Commitment, + comm_Bz: Commitment, + comm_Cz: Commitment, + comm_L_row: Commitment, + comm_L_col: Commitment, // commitments to aid the memory checks - comm_t_plus_r_inv_row: CompressedCommitment, - comm_w_plus_r_inv_row: CompressedCommitment, - comm_t_plus_r_inv_col: CompressedCommitment, - comm_w_plus_r_inv_col: CompressedCommitment, + comm_t_plus_r_inv_row: Commitment, + comm_w_plus_r_inv_row: Commitment, + comm_t_plus_r_inv_col: Commitment, + comm_w_plus_r_inv_col: Commitment, // claims about Az, Bz, and Cz polynomials eval_Az_at_tau: E::Scalar, @@ -1367,16 +1367,16 @@ impl> RelaxedR1CSSNARKTrait for Relax let eval_arg = EE::prove(ck, &pk.pk_ee, &mut transcript, &u.c, &w.p, &rand_sc, &u.e)?; Ok(RelaxedR1CSSNARK { - comm_Az: comm_Az.compress(), - comm_Bz: comm_Bz.compress(), - comm_Cz: comm_Cz.compress(), - comm_L_row: comm_L_row.compress(), - comm_L_col: comm_L_col.compress(), + comm_Az, + comm_Bz, + comm_Cz, + comm_L_row, + comm_L_col, - comm_t_plus_r_inv_row: comm_mem_oracles[0].compress(), - comm_w_plus_r_inv_row: comm_mem_oracles[1].compress(), - comm_t_plus_r_inv_col: comm_mem_oracles[2].compress(), - comm_w_plus_r_inv_col: comm_mem_oracles[3].compress(), + comm_t_plus_r_inv_row: comm_mem_oracles[0], + comm_w_plus_r_inv_row: comm_mem_oracles[1], + comm_t_plus_r_inv_col: comm_mem_oracles[2], + comm_w_plus_r_inv_col: comm_mem_oracles[3], eval_Az_at_tau, eval_Bz_at_tau, @@ -1418,17 +1418,7 @@ impl> RelaxedR1CSSNARKTrait for Relax transcript.absorb(b"vk", &vk.digest()); transcript.absorb(b"U", U); - let comm_Az = Commitment::::decompress(&self.comm_Az)?; - let comm_Bz = Commitment::::decompress(&self.comm_Bz)?; - let comm_Cz = Commitment::::decompress(&self.comm_Cz)?; - let comm_L_row = Commitment::::decompress(&self.comm_L_row)?; - let comm_L_col = Commitment::::decompress(&self.comm_L_col)?; - let comm_t_plus_r_inv_row = Commitment::::decompress(&self.comm_t_plus_r_inv_row)?; - let comm_w_plus_r_inv_row = Commitment::::decompress(&self.comm_w_plus_r_inv_row)?; - let comm_t_plus_r_inv_col = Commitment::::decompress(&self.comm_t_plus_r_inv_col)?; - let comm_w_plus_r_inv_col = Commitment::::decompress(&self.comm_w_plus_r_inv_col)?; - - transcript.absorb(b"c", &[comm_Az, comm_Bz, comm_Cz].as_slice()); + transcript.absorb(b"c", &[self.comm_Az, self.comm_Bz, self.comm_Cz].as_slice()); let num_rounds_sc = vk.S_comm.N.log_2(); let tau = transcript.squeeze(b"t")?; @@ -1445,8 +1435,8 @@ impl> RelaxedR1CSSNARKTrait for Relax transcript.absorb(b"e", &eval_vec.as_slice()); - transcript.absorb(b"e", &vec![comm_L_row, comm_L_col].as_slice()); - let comm_vec = vec![comm_Az, comm_Bz, comm_Cz]; + transcript.absorb(b"e", &vec![self.comm_L_row, self.comm_L_col].as_slice()); + let comm_vec = vec![self.comm_Az, self.comm_Bz, self.comm_Cz]; let c = transcript.squeeze(b"c")?; let u: PolyEvalInstance = PolyEvalInstance::batch(&comm_vec, &tau_coords, &eval_vec, &c); let claim = u.e; @@ -1458,10 +1448,10 @@ impl> RelaxedR1CSSNARKTrait for Relax transcript.absorb( b"l", &vec![ - comm_t_plus_r_inv_row, - comm_w_plus_r_inv_row, - comm_t_plus_r_inv_col, - comm_w_plus_r_inv_col, + self.comm_t_plus_r_inv_row, + self.comm_w_plus_r_inv_row, + self.comm_t_plus_r_inv_col, + self.comm_w_plus_r_inv_col, ] .as_slice(), ); @@ -1608,22 +1598,22 @@ impl> RelaxedR1CSSNARKTrait for Relax .collect::>(); let comm_vec = [ U.comm_W, - comm_Az, - comm_Bz, - comm_Cz, + self.comm_Az, + self.comm_Bz, + self.comm_Cz, U.comm_E, - comm_L_row, - comm_L_col, + self.comm_L_row, + self.comm_L_col, vk.S_comm.comm_val_A, vk.S_comm.comm_val_B, vk.S_comm.comm_val_C, - comm_t_plus_r_inv_row, + self.comm_t_plus_r_inv_row, vk.S_comm.comm_row, - comm_w_plus_r_inv_row, + self.comm_w_plus_r_inv_row, vk.S_comm.comm_ts_row, - comm_t_plus_r_inv_col, + self.comm_t_plus_r_inv_col, vk.S_comm.comm_col, - comm_w_plus_r_inv_col, + self.comm_w_plus_r_inv_col, vk.S_comm.comm_ts_col, ]; transcript.absorb(b"e", &eval_vec.as_slice()); // comm_vec is already in the transcript diff --git a/src/traits/commitment.rs b/src/traits/commitment.rs index e42768ca..f23182eb 100644 --- a/src/traits/commitment.rs +++ b/src/traits/commitment.rs @@ -1,9 +1,6 @@ //! This module defines a collection of traits that define the behavior of a commitment engine //! We require the commitment engine to provide a commitment to vectors with a single group element -use crate::{ - errors::NovaError, - traits::{AbsorbInROTrait, Engine, TranscriptReprTrait}, -}; +use crate::traits::{AbsorbInROTrait, Engine, TranscriptReprTrait}; use core::{ fmt::Debug, ops::{Add, Mul, MulAssign}, @@ -33,25 +30,8 @@ pub trait CommitmentTrait: + Add + ScalarMul { - /// Holds the type of the compressed commitment - type CompressedCommitment: Clone - + Debug - + PartialEq - + Eq - + Send - + Sync - + TranscriptReprTrait - + Serialize - + for<'de> Deserialize<'de>; - - /// Compresses self into a compressed commitment - fn compress(&self) -> Self::CompressedCommitment; - /// Returns the coordinate representation of the commitment fn to_coordinates(&self) -> (E::Base, E::Base, bool); - - /// Decompresses a compressed commitment into a commitment - fn decompress(c: &Self::CompressedCommitment) -> Result; } /// A trait that helps determine the length of a structure.