Miscellaneous improvements (details in commit messages) (#308)

* move KZG engine to provider module; update paths everywhere

* add a sparse matrix entry only if the coefficient is non-zero; update digests

* move test code to place where it is used

* move asm to default and add a note

* update constants

* update link

* simplify test_pp_digest

.github/workflows/rust.yml

@@ -32,7 +32,7 @@ jobs:
       - uses: actions-rs/cargo@v1
         with:
           command: build
-          args: --target wasm32-unknown-unknown
+          args: --no-default-features --target wasm32-unknown-unknown
 
   test:
     runs-on: ubuntu-latest

Cargo.toml

@@ -24,7 +24,7 @@ subtle = "2.5"
 pasta_curves = { version = "0.5", features = ["repr-c", "serde"] }
 halo2curves = { version = "0.6.0", features = ["bits", "derive_serde"] }
 neptune = { version = "13.0.0", default-features = false }
-generic-array = "0.14"
+generic-array = "1.0.0"
 num-bigint = { version = "0.4", features = ["serde", "rand"] }
 num-traits = "0.2"
 num-integer = "0.1"
@@ -41,14 +41,13 @@ itertools = "0.12.0"
 pasta-msm = { version = "0.1.4" }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
-# see https://github.com/rust-random/rand/pull/948
 getrandom = { version = "0.2.0", default-features = false, features = ["js"] }
 
 [dev-dependencies]
-criterion = { version = "0.4", features = ["html_reports"] }
+criterion = { version = "0.5", features = ["html_reports"] }
 flate2 = "1.0"
 hex = "0.4.3"
-pprof = { version = "0.11" }
+pprof = { version = "0.13" }
 cfg-if = "1.0.0"
 sha2 = "0.10.7"
 proptest = "1.2.0"
@@ -76,8 +75,7 @@ name = "ppsnark"
 harness = false
 
 [features]
-default = []
-asm = ["halo2curves/asm"]
+default = ["halo2curves/asm"]
 # Compiles in portable mode, w/o ISA extensions => binary can be executed on all systems.
 portable = ["pasta-msm/portable"]
 cuda = ["neptune/cuda", "neptune/pasta", "neptune/arity24"]

README.md

@@ -32,12 +32,14 @@ A front-end is a tool to take a high-level program and turn it into an intermedi
 In the future, we plan to support [Noir](https://noir-lang.org/), a Rust-like DSL and a compiler to transform those programs into an IR. See [this](https://github.com/microsoft/Nova/issues/275) GitHub issue for details.
 
 ## Tests and examples
+By default, we enable the `asm` feature of an underlying library (which boosts performance by up to 50\%). If the library fails to build or run, one can pass `--no-default-features` to `cargo` commands noted below.
+
 To run tests (we recommend the release mode to drastically shorten run times):
 ```text
 cargo test --release
 ```
 
-To run example:
+To run an example:
 ```text
 cargo run --release --example minroot
 ```

benches/compressed-snark.rs

@@ -5,7 +5,7 @@ use core::marker::PhantomData;
 use criterion::{measurement::WallTime, *};
 use ff::PrimeField;
 use nova_snark::{
-  provider::{PallasEngine, VestaEngine},
+  provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},
     snark::RelaxedR1CSSNARKTrait,
@@ -15,9 +15,9 @@ use nova_snark::{
 };
 use std::time::Duration;
 
-type E1 = PallasEngine;
-type E2 = VestaEngine;
-type EE1 = nova_snark::provider::ipa_pc::EvaluationEngine<E1>;
+type E1 = Bn256EngineKZG;
+type E2 = GrumpkinEngine;
+type EE1 = nova_snark::provider::hyperkzg::EvaluationEngine<E1>;
 type EE2 = nova_snark::provider::ipa_pc::EvaluationEngine<E2>;
 // SNARKs without computational commitments
 type S1 = nova_snark::spartan::snark::RelaxedR1CSSNARK<E1, EE1>;
@@ -50,8 +50,8 @@ cfg_if::cfg_if! {
 
 criterion_main!(compressed_snark);
 
-// This should match the value for the primary in test_recursive_circuit_pasta
-const NUM_CONS_VERIFIER_CIRCUIT_PRIMARY: usize = 9817;
+// This should match the value for the primary in test_recursive_circuit_bn256_grumpkin
+const NUM_CONS_VERIFIER_CIRCUIT_PRIMARY: usize = 9985;
 const NUM_SAMPLES: usize = 10;
 
 /// Benchmarks the compressed SNARK at a provided number of constraints

benches/compute-digest.rs

@@ -4,7 +4,7 @@ use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use criterion::{black_box, criterion_group, criterion_main, Criterion};
 use ff::PrimeField;
 use nova_snark::{
-  provider::{PallasEngine, VestaEngine},
+  provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},
     snark::default_ck_hint,
@@ -13,8 +13,8 @@ use nova_snark::{
   PublicParams,
 };
 
-type E1 = PallasEngine;
-type E2 = VestaEngine;
+type E1 = Bn256EngineKZG;
+type E2 = GrumpkinEngine;
 type C1 = NonTrivialCircuit<<E1 as Engine>::Scalar>;
 type C2 = TrivialCircuit<<E2 as Engine>::Scalar>;
 

benches/ppsnark.rs

@@ -5,7 +5,7 @@ use core::marker::PhantomData;
 use criterion::*;
 use ff::PrimeField;
 use nova_snark::{
-  provider::hyperkzg::Bn256EngineKZG,
+  provider::Bn256EngineKZG,
   spartan::direct::DirectSNARK,
   traits::{circuit::StepCircuit, Engine},
 };

benches/recursive-snark.rs

@@ -5,7 +5,7 @@ use core::marker::PhantomData;
 use criterion::*;
 use ff::PrimeField;
 use nova_snark::{
-  provider::{PallasEngine, VestaEngine},
+  provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},
     snark::default_ck_hint,
@@ -15,8 +15,8 @@ use nova_snark::{
 };
 use std::time::Duration;
 
-type E1 = PallasEngine;
-type E2 = VestaEngine;
+type E1 = Bn256EngineKZG;
+type E2 = GrumpkinEngine;
 type C1 = NonTrivialCircuit<<E1 as Engine>::Scalar>;
 type C2 = TrivialCircuit<<E2 as Engine>::Scalar>;
 
@@ -42,8 +42,8 @@ cfg_if::cfg_if! {
 
 criterion_main!(recursive_snark);
 
-// This should match the value for the primary in test_recursive_circuit_pasta
-const NUM_CONS_VERIFIER_CIRCUIT_PRIMARY: usize = 9817;
+// This should match the value for the primary in test_recursive_circuit_bn256_grumpkin
+const NUM_CONS_VERIFIER_CIRCUIT_PRIMARY: usize = 9985;
 const NUM_SAMPLES: usize = 10;
 
 fn bench_recursive_snark(c: &mut Criterion) {

benches/sha256.rs

@@ -14,7 +14,7 @@ use core::time::Duration;
 use criterion::*;
 use ff::{PrimeField, PrimeFieldBits};
 use nova_snark::{
-  provider::{PallasEngine, VestaEngine},
+  provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},
     snark::default_ck_hint,
@@ -24,8 +24,8 @@ use nova_snark::{
 };
 use sha2::{Digest, Sha256};
 
-type E1 = PallasEngine;
-type E2 = VestaEngine;
+type E1 = Bn256EngineKZG;
+type E2 = GrumpkinEngine;
 
 #[derive(Clone, Debug)]
 struct Sha256Circuit<Scalar: PrimeField> {

examples/and.rs

@@ -9,7 +9,7 @@ use ff::Field;
 use ff::{PrimeField, PrimeFieldBits};
 use flate2::{write::ZlibEncoder, Compression};
 use nova_snark::{
-  provider::{hyperkzg::Bn256EngineKZG, GrumpkinEngine},
+  provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},
     snark::RelaxedR1CSSNARKTrait,

examples/minroot.rs

@@ -5,7 +5,7 @@ use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use ff::Field;
 use flate2::{write::ZlibEncoder, Compression};
 use nova_snark::{
-  provider::{hyperkzg::Bn256EngineKZG, GrumpkinEngine},
+  provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},
     snark::RelaxedR1CSSNARKTrait,

src/bellpepper/mod.rs

@@ -15,7 +15,7 @@ mod tests {
       shape_cs::ShapeCS,
       solver::SatisfyingAssignment,
     },
-    provider::{Bn256Engine, PallasEngine, Secp256k1Engine},
+    provider::{Bn256EngineKZG, PallasEngine, Secp256k1Engine},
     traits::{snark::default_ck_hint, Engine},
   };
   use bellpepper_core::{num::AllocatedNum, ConstraintSystem};
@@ -59,7 +59,7 @@ mod tests {
   #[test]
   fn test_alloc_bit() {
     test_alloc_bit_with::<PallasEngine>();
-    test_alloc_bit_with::<Bn256Engine>();
+    test_alloc_bit_with::<Bn256EngineKZG>();
     test_alloc_bit_with::<Secp256k1Engine>();
   }
 }

src/bellpepper/r1cs.rs

@@ -111,17 +111,20 @@ fn add_constraint<S: PrimeField>(
   assert_eq!(n + 1, C.indptr.len(), "C: invalid shape");
 
   let add_constraint_component = |index: Index, coeff: &S, M: &mut SparseMatrix<S>| {
-    match index {
-      Index::Input(idx) => {
-        // Inputs come last, with input 0, representing 'one',
-        // at position num_vars within the witness vector.
-        let idx = idx + num_vars;
-        M.data.push(*coeff);
-        M.indices.push(idx);
-      }
-      Index::Aux(idx) => {
-        M.data.push(*coeff);
-        M.indices.push(idx);
+    // we add constraints to the matrix only if the associated coefficient is non-zero
+    if *coeff != S::ZERO {
+      match index {
+        Index::Input(idx) => {
+          // Inputs come last, with input 0, representing 'one',
+          // at position num_vars within the witness vector.
+          let idx = idx + num_vars;
+          M.data.push(*coeff);
+          M.indices.push(idx);
+        }
+        Index::Aux(idx) => {
+          M.data.push(*coeff);
+          M.indices.push(idx);
+        }
       }
     }
   };

src/bellpepper/test_shape_cs.rs

@@ -14,6 +14,7 @@ use ff::{Field, PrimeField};
 #[derive(Clone, Copy)]
 struct OrderedVariable(Variable);
 
+#[allow(unused)]
 #[derive(Debug)]
 enum NamedObject {
   Constraint(usize),

src/circuit.rs

@@ -372,7 +372,7 @@ mod tests {
     gadgets::utils::scalar_as_base,
     provider::{
       poseidon::PoseidonConstantsCircuit,
-      {Bn256Engine, GrumpkinEngine}, {PallasEngine, VestaEngine},
+      {Bn256EngineKZG, GrumpkinEngine}, {PallasEngine, VestaEngine},
       {Secp256k1Engine, Secq256k1Engine},
     },
     traits::{circuit::TrivialCircuit, snark::default_ck_hint},
@@ -461,19 +461,19 @@ mod tests {
   }
 
   #[test]
-  fn test_recursive_circuit_grumpkin() {
+  fn test_recursive_circuit_bn256_grumpkin() {
     let params1 = NovaAugmentedCircuitParams::new(BN_LIMB_WIDTH, BN_N_LIMBS, true);
     let params2 = NovaAugmentedCircuitParams::new(BN_LIMB_WIDTH, BN_N_LIMBS, false);
     let ro_consts1: ROConstantsCircuit<GrumpkinEngine> = PoseidonConstantsCircuit::default();
-    let ro_consts2: ROConstantsCircuit<Bn256Engine> = PoseidonConstantsCircuit::default();
+    let ro_consts2: ROConstantsCircuit<Bn256EngineKZG> = PoseidonConstantsCircuit::default();
 
-    test_recursive_circuit_with::<Bn256Engine, GrumpkinEngine>(
+    test_recursive_circuit_with::<Bn256EngineKZG, GrumpkinEngine>(
       &params1, &params2, ro_consts1, ro_consts2, 9985, 10538,
     );
   }
 
   #[test]
-  fn test_recursive_circuit_secp() {
+  fn test_recursive_circuit_secpq() {
     let params1 = NovaAugmentedCircuitParams::new(BN_LIMB_WIDTH, BN_N_LIMBS, true);
     let params2 = NovaAugmentedCircuitParams::new(BN_LIMB_WIDTH, BN_N_LIMBS, false);
     let ro_consts1: ROConstantsCircuit<Secq256k1Engine> = PoseidonConstantsCircuit::default();

src/gadgets/ecc.rs

@@ -790,7 +790,8 @@ mod tests {
     provider::{
       bn256_grumpkin::{bn256, grumpkin},
       secp_secq::{secp256k1, secq256k1},
-      Bn256Engine, GrumpkinEngine, Secp256k1Engine, Secq256k1Engine, {PallasEngine, VestaEngine},
+      Bn256EngineKZG, GrumpkinEngine, Secp256k1Engine, Secq256k1Engine,
+      {PallasEngine, VestaEngine},
     },
     traits::snark::default_ck_hint,
   };
@@ -929,7 +930,7 @@ mod tests {
     test_ecc_ops_with::<pallas::Affine, PallasEngine>();
     test_ecc_ops_with::<vesta::Affine, VestaEngine>();
 
-    test_ecc_ops_with::<bn256::Affine, Bn256Engine>();
+    test_ecc_ops_with::<bn256::Affine, Bn256EngineKZG>();
     test_ecc_ops_with::<grumpkin::Affine, GrumpkinEngine>();
 
     test_ecc_ops_with::<secp256k1::Affine, Secp256k1Engine>();
@@ -1016,8 +1017,8 @@ mod tests {
     test_ecc_circuit_ops_with::<PallasEngine, VestaEngine>();
     test_ecc_circuit_ops_with::<VestaEngine, PallasEngine>();
 
-    test_ecc_circuit_ops_with::<Bn256Engine, GrumpkinEngine>();
-    test_ecc_circuit_ops_with::<GrumpkinEngine, Bn256Engine>();
+    test_ecc_circuit_ops_with::<Bn256EngineKZG, GrumpkinEngine>();
+    test_ecc_circuit_ops_with::<GrumpkinEngine, Bn256EngineKZG>();
 
     test_ecc_circuit_ops_with::<Secp256k1Engine, Secq256k1Engine>();
     test_ecc_circuit_ops_with::<Secq256k1Engine, Secp256k1Engine>();
@@ -1072,8 +1073,8 @@ mod tests {
     test_ecc_circuit_add_equal_with::<PallasEngine, VestaEngine>();
     test_ecc_circuit_add_equal_with::<VestaEngine, PallasEngine>();
 
-    test_ecc_circuit_add_equal_with::<Bn256Engine, GrumpkinEngine>();
-    test_ecc_circuit_add_equal_with::<GrumpkinEngine, Bn256Engine>();
+    test_ecc_circuit_add_equal_with::<Bn256EngineKZG, GrumpkinEngine>();
+    test_ecc_circuit_add_equal_with::<GrumpkinEngine, Bn256EngineKZG>();
 
     test_ecc_circuit_add_equal_with::<Secp256k1Engine, Secq256k1Engine>();
     test_ecc_circuit_add_equal_with::<Secq256k1Engine, Secp256k1Engine>();
@@ -1132,8 +1133,8 @@ mod tests {
     test_ecc_circuit_add_negation_with::<PallasEngine, VestaEngine>();
     test_ecc_circuit_add_negation_with::<VestaEngine, PallasEngine>();
 
-    test_ecc_circuit_add_negation_with::<Bn256Engine, GrumpkinEngine>();
-    test_ecc_circuit_add_negation_with::<GrumpkinEngine, Bn256Engine>();
+    test_ecc_circuit_add_negation_with::<Bn256EngineKZG, GrumpkinEngine>();
+    test_ecc_circuit_add_negation_with::<GrumpkinEngine, Bn256EngineKZG>();
 
     test_ecc_circuit_add_negation_with::<Secp256k1Engine, Secq256k1Engine>();
     test_ecc_circuit_add_negation_with::<Secq256k1Engine, Secp256k1Engine>();