From c2547c7dd961a9d43a3b8479042f004ae13465fa Mon Sep 17 00:00:00 2001 From: hrxi Date: Wed, 13 Nov 2024 01:31:53 +0100 Subject: [PATCH] Upgrade to `ark-* 0.5.0` This allows us to drop our local patches. :) --- Cargo.lock | 173 +++++++++++++----- Cargo.toml | 5 - bls/Cargo.toml | 12 +- bls/src/types/public_key.rs | 2 +- bls/src/types/signature.rs | 2 +- primitives/Cargo.toml | 6 +- primitives/block/Cargo.toml | 2 +- primitives/block/src/macro_block.rs | 2 +- primitives/block/tests/verify.rs | 2 +- rpc-interface/Cargo.toml | 4 +- test-utils/Cargo.toml | 8 +- zkp-circuits/Cargo.toml | 22 +-- zkp-circuits/src/blake2s.rs | 9 +- zkp-circuits/src/circuits/mnt6/macro_block.rs | 2 +- zkp-circuits/src/circuits/mnt6/merger.rs | 2 +- zkp-circuits/src/circuits/mod.rs | 7 +- zkp-circuits/src/circuits/vk_commitments.rs | 33 ++-- zkp-circuits/src/gadgets/be_bytes.rs | 30 --- zkp-circuits/src/gadgets/bits.rs | 2 +- zkp-circuits/src/gadgets/compressed_vk.rs | 6 +- zkp-circuits/src/gadgets/mnt4/y_to_bit.rs | 4 +- zkp-circuits/src/gadgets/mnt6/check_sig.rs | 2 +- .../src/gadgets/mnt6/hash_to_curve.rs | 3 +- zkp-circuits/src/gadgets/mnt6/macro_block.rs | 3 +- zkp-circuits/src/gadgets/mnt6/y_to_bit.rs | 2 +- zkp-circuits/src/gadgets/mod.rs | 1 - zkp-circuits/src/gadgets/recursive_input.rs | 2 +- zkp-circuits/src/gadgets/serialize.rs | 16 +- zkp-circuits/src/gadgets/vk_commitment.rs | 18 +- zkp-circuits/src/gadgets/vks_commitment.rs | 22 ++- zkp-circuits/src/gadgets/y_to_bit.rs | 3 +- zkp-circuits/src/setup.rs | 10 +- zkp-circuits/src/test_setup.rs | 63 +++---- zkp-component/Cargo.toml | 8 +- zkp-primitives/Cargo.toml | 20 +- zkp-primitives/pedersen-generators/Cargo.toml | 12 +- .../pedersen-generators/src/generators.rs | 2 +- zkp-primitives/src/ext_traits.rs | 5 +- zkp-primitives/src/lib.rs | 3 + zkp-primitives/src/pedersen.rs | 8 +- zkp-primitives/src/traits.rs | 14 ++ zkp-primitives/src/vk_commitment.rs | 10 +- zkp/Cargo.toml | 20 +- zkp/src/proof_system/prove.rs | 6 +- 44 files changed, 333 insertions(+), 255 deletions(-) delete mode 100644 zkp-circuits/src/gadgets/be_bytes.rs create mode 100644 zkp-primitives/src/traits.rs diff --git a/Cargo.lock b/Cargo.lock index 2ffaca6a22..35f8dd38ea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -179,10 +179,12 @@ checksum = "c042108f3ed77fd83760a5fd79b53be043192bb3b9dba91d8c574c0ada7850c8" [[package]] name = "ark-crypto-primitives" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f3a13b34da09176a8baba701233fdffbaa7c1b1192ce031a3da4e55ce1f1a56" +checksum = "1e0c292754729c8a190e50414fd1a37093c786c709899f29c9f7daccecfa855e" dependencies = [ + "ahash", + "ark-crypto-primitives-macros", "ark-ec", "ark-ff", "ark-r1cs-std", @@ -193,23 +195,41 @@ dependencies = [ "blake2", "derivative", "digest", + "fnv", + "merlin", "rayon", "sha2", "tracing", ] +[[package]] +name = "ark-crypto-primitives-macros" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7e89fe77d1f0f4fe5b96dfc940923d88d17b6a773808124f21e764dfb063c6a" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.85", +] + [[package]] name = "ark-ec" -version = "0.4.2" -source = "git+https://github.com/paberr/algebra?branch=pb/0.4#1ab82cb767bc4e462cfd1a4b89e9d4996586fbf6" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43d68f2d516162846c1238e755a7c4d131b892b70cc70c471a8e3ca3ed818fce" dependencies = [ + "ahash", "ark-ff", "ark-poly", "ark-serialize", "ark-std", - "derivative", - "hashbrown 0.13.2", - "itertools 0.10.5", + "educe", + "fnv", + "hashbrown 0.15.0", + "itertools 0.13.0", + "num-bigint 0.4.5", + "num-integer", "num-traits", "rayon", "zeroize", @@ -217,52 +237,53 @@ dependencies = [ [[package]] name = "ark-ff" -version = "0.4.2" -source = "git+https://github.com/paberr/algebra?branch=pb/0.4#1ab82cb767bc4e462cfd1a4b89e9d4996586fbf6" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a177aba0ed1e0fbb62aa9f6d0502e9b46dad8c2eab04c14258a1212d2557ea70" dependencies = [ "ark-ff-asm", "ark-ff-macros", "ark-serialize", "ark-std", - "derivative", + "arrayvec 0.7.4", "digest", - "itertools 0.10.5", + "educe", + "itertools 0.13.0", "num-bigint 0.4.5", "num-traits", "paste", "rayon", - "rustc_version", "zeroize", ] [[package]] name = "ark-ff-asm" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ed4aa4fe255d0bc6d79373f7e31d2ea147bcf486cba1be5ba7ea85abdb92348" +checksum = "62945a2f7e6de02a31fe400aa489f0e0f5b2502e69f95f853adb82a96c7a6b60" dependencies = [ "quote", - "syn 1.0.109", + "syn 2.0.85", ] [[package]] name = "ark-ff-macros" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7abe79b0e4288889c4574159ab790824d0033b9fdcb2a112a3182fac2e514565" +checksum = "09be120733ee33f7693ceaa202ca41accd5653b779563608f1234f78ae07c4b3" dependencies = [ "num-bigint 0.4.5", "num-traits", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.85", ] [[package]] name = "ark-groth16" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "20ceafa83848c3e390f1cbf124bc3193b3e639b3f02009e0e290809a501b95fc" +checksum = "88f1d0f3a534bb54188b8dcc104307db6c56cdae574ddc3212aec0625740fc7e" dependencies = [ "ark-crypto-primitives", "ark-ec", @@ -279,9 +300,9 @@ dependencies = [ [[package]] name = "ark-mnt4-753" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d27256f8a5cfb4ac27f43cabfbadf45ab60a153a8f65a3474b4c89e48fd35e40" +checksum = "8e33982ce85d021036f94e47847f127697552b0f65431daa5d36acb57be2d5c4" dependencies = [ "ark-ec", "ark-ff", @@ -291,9 +312,9 @@ dependencies = [ [[package]] name = "ark-mnt6-753" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "380c58d43c24fd113d41094f5e183e9a2e6ef8bbc8a281e304bfd5076fda7e7f" +checksum = "5c59ccd175dae4e117d11bf282263bd1d9d2393ee1e8754b516a3c452a0320cf" dependencies = [ "ark-ec", "ark-ff", @@ -304,28 +325,31 @@ dependencies = [ [[package]] name = "ark-poly" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d320bfc44ee185d899ccbadfa8bc31aab923ce1558716e1997a1e74057fe86bf" +checksum = "579305839da207f02b89cd1679e50e67b4331e2f9294a57693e5051b7703fe27" dependencies = [ + "ahash", "ark-ff", "ark-serialize", "ark-std", - "derivative", - "hashbrown 0.13.2", + "educe", + "fnv", + "hashbrown 0.15.0", "rayon", ] [[package]] name = "ark-r1cs-std" -version = "0.4.0" -source = "git+https://github.com/paberr/r1cs-std?branch=pb/fix-pedersen#6eebca4dcab85efa6a855296137b2a9d4022a221" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "941551ef1df4c7a401de7068758db6503598e6f01850bdb2cfdb614a1f9dbea1" dependencies = [ "ark-ec", "ark-ff", "ark-relations", "ark-std", - "derivative", + "educe", "num-bigint 0.4.5", "num-integer", "num-traits", @@ -334,9 +358,9 @@ dependencies = [ [[package]] name = "ark-relations" -version = "0.4.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00796b6efc05a3f48225e59cb6a2cda78881e7c390872d5786aaf112f31fb4f0" +checksum = "ec46ddc93e7af44bcab5230937635b06fb5744464dd6a7e7b083e80ebd274384" dependencies = [ "ark-ff", "ark-std", @@ -346,32 +370,34 @@ dependencies = [ [[package]] name = "ark-serialize" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5" +checksum = "3f4d068aaf107ebcd7dfb52bc748f8030e0fc930ac8e360146ca54c1203088f7" dependencies = [ "ark-serialize-derive", "ark-std", + "arrayvec 0.7.4", "digest", "num-bigint 0.4.5", + "rayon", ] [[package]] name = "ark-serialize-derive" -version = "0.4.2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae3281bc6d0fd7e549af32b52511e1302185bd688fd3359fa36423346ff682ea" +checksum = "213888f660fddcca0d257e88e54ac05bca01885f258ccdf695bafd77031bb69d" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.85", ] [[package]] name = "ark-snark" -version = "0.4.0" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84d3cc6833a335bb8a600241889ead68ee89a3cf8448081fb7694c0fe503da63" +checksum = "d368e2848c2d4c129ce7679a7d0d2d612b6a274d3ea6a13bad4445d61b381b88" dependencies = [ "ark-ff", "ark-relations", @@ -381,9 +407,9 @@ dependencies = [ [[package]] name = "ark-std" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94893f1e0c6eeab764ade8dc4c0db24caf4fe7cbbaafc0eba0a9030f447b5185" +checksum = "246a225cc6131e9ee4f24619af0f19d67761fff15d7ccc22e42b80846e69449a" dependencies = [ "num-traits", "rand", @@ -1528,6 +1554,18 @@ dependencies = [ "zeroize", ] +[[package]] +name = "educe" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d7bc049e1bd8cdeb31b68bbd586a9464ecf9f3944af3958a7a9d0f8b9799417" +dependencies = [ + "enum-ordinalize", + "proc-macro2", + "quote", + "syn 2.0.85", +] + [[package]] name = "either" version = "1.12.0" @@ -1588,6 +1626,26 @@ dependencies = [ "syn 2.0.85", ] +[[package]] +name = "enum-ordinalize" +version = "4.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fea0dcfa4e54eeb516fe454635a95753ddd39acda650ce703031c6973e315dd5" +dependencies = [ + "enum-ordinalize-derive", +] + +[[package]] +name = "enum-ordinalize-derive" +version = "4.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d28318a75d4aead5c4db25382e8ef717932d0346600cacae6357eb5941bc5ff" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.85", +] + [[package]] name = "equivalent" version = "1.0.1" @@ -1999,20 +2057,20 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.13.2" +version = "0.14.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" dependencies = [ "ahash", + "allocator-api2", ] [[package]] name = "hashbrown" -version = "0.14.5" +version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" +checksum = "1e087f84d4f86bf4b218b927129862374b72199ae7d8657835f1e89000eea4fb" dependencies = [ - "ahash", "allocator-api2", ] @@ -2699,6 +2757,15 @@ dependencies = [ "thiserror", ] +[[package]] +name = "keccak" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654" +dependencies = [ + "cpufeatures", +] + [[package]] name = "keyed_priority_queue" version = "0.4.2" @@ -3354,6 +3421,18 @@ dependencies = [ "libc", ] +[[package]] +name = "merlin" +version = "3.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58c38e2799fc0978b65dfff8023ec7843e2330bb462f19198840b34b6582397d" +dependencies = [ + "byteorder", + "keccak", + "rand_core", + "zeroize", +] + [[package]] name = "mime" version = "0.3.17" diff --git a/Cargo.toml b/Cargo.toml index 340e9cf9a9..1602db8c25 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -150,11 +150,6 @@ opt-level = 2 [profile.test.package.ark-crypto-primitives] opt-level = 2 -[patch.crates-io] -ark-ec = { git = "https://github.com/paberr/algebra", branch = "pb/0.4" } -ark-ff = { git = "https://github.com/paberr/algebra", branch = "pb/0.4" } -ark-r1cs-std = { git = "https://github.com/paberr/r1cs-std", branch = "pb/fix-pedersen" } - [workspace.package] version = "1.0.0-rc.2" authors = ["The Nimiq Core Development Team "] diff --git a/bls/Cargo.toml b/bls/Cargo.toml index 961b3b06ea..ae21a9e398 100644 --- a/bls/Cargo.toml +++ b/bls/Cargo.toml @@ -22,12 +22,12 @@ rand = "0.8" serde = { version = "1.0", optional = true } thiserror = "1.0" -ark-std = "0.4" -ark-ff = "0.4" -ark-ec = "0.4" -ark-mnt4-753 = "0.4" -ark-mnt6-753 = "0.4" -ark-serialize = "0.4" +ark-std = "0.5" +ark-ff = "0.5" +ark-ec = "0.5" +ark-mnt4-753 = "0.5" +ark-mnt6-753 = "0.5" +ark-serialize = "0.5" nimiq-hash = { workspace = true } nimiq-hash_derive = { workspace = true } diff --git a/bls/src/types/public_key.rs b/bls/src/types/public_key.rs index 20c55c30af..c3d78c219f 100644 --- a/bls/src/types/public_key.rs +++ b/bls/src/types/public_key.rs @@ -1,6 +1,6 @@ use std::{cmp::Ordering, fmt, ops::MulAssign}; -use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, Group}; +use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup, PrimeGroup}; use ark_ff::Zero; pub use ark_mnt6_753::G2Projective; use ark_mnt6_753::{G1Projective, MNT6_753}; diff --git a/bls/src/types/signature.rs b/bls/src/types/signature.rs index 058ce604f9..699a88044f 100644 --- a/bls/src/types/signature.rs +++ b/bls/src/types/signature.rs @@ -1,6 +1,6 @@ use std::fmt; -use ark_ec::{AffineRepr, Group}; +use ark_ec::{AffineRepr, PrimeGroup}; use ark_ff::{One, PrimeField, ToConstraintField}; use ark_mnt6_753::{Fq, G1Affine, G1Projective}; use nimiq_hash::{blake2s::Blake2xParameters, HashOutput}; diff --git a/primitives/Cargo.toml b/primitives/Cargo.toml index 7f49882fdd..76d511e9b7 100644 --- a/primitives/Cargo.toml +++ b/primitives/Cargo.toml @@ -20,9 +20,9 @@ maintenance = { status = "experimental" } workspace = true [dependencies] -ark-ec = "0.4" -ark-mnt6-753 = "0.4" -ark-serialize = "0.4" +ark-ec = "0.5" +ark-mnt6-753 = "0.5" +ark-serialize = "0.5" byteorder = "1.5" cfg_eval = "0.1" hex = { version = "0.4", optional = true } diff --git a/primitives/block/Cargo.toml b/primitives/block/Cargo.toml index e0e97c403f..341f12c8f7 100644 --- a/primitives/block/Cargo.toml +++ b/primitives/block/Cargo.toml @@ -18,7 +18,7 @@ travis-ci = { repository = "nimiq/core-rs", branch = "master" } maintenance = { status = "experimental" } [dependencies] -ark-ec = "0.4" +ark-ec = "0.5" bitflags = { version = "2.6", features = ["serde"] } byteorder = "1.5" hex = "0.4" diff --git a/primitives/block/src/macro_block.rs b/primitives/block/src/macro_block.rs index 5b6b1ef9c2..513e2d6349 100644 --- a/primitives/block/src/macro_block.rs +++ b/primitives/block/src/macro_block.rs @@ -1,6 +1,6 @@ use std::{fmt, io}; -use ark_ec::Group; +use ark_ec::PrimeGroup; use nimiq_bls::{G2Projective, PublicKey as BlsPublicKey}; use nimiq_collections::bitset::BitSet; use nimiq_hash::{Blake2bHash, Blake2sHash, Hash, HashOutput, Hasher, SerializeContent}; diff --git a/primitives/block/tests/verify.rs b/primitives/block/tests/verify.rs index 7fac53c0e0..86225f7f79 100644 --- a/primitives/block/tests/verify.rs +++ b/primitives/block/tests/verify.rs @@ -1,4 +1,4 @@ -use ark_ec::Group; +use ark_ec::PrimeGroup; use nimiq_block::{ Block, BlockError, EquivocationProof, ForkProof, MacroBlock, MacroBody, MacroHeader, MicroBlock, MicroBody, MicroHeader, MicroJustification, MultiSignature, SkipBlockProof, diff --git a/rpc-interface/Cargo.toml b/rpc-interface/Cargo.toml index b7b9e0cbf7..1b7e8c4b5b 100644 --- a/rpc-interface/Cargo.toml +++ b/rpc-interface/Cargo.toml @@ -20,8 +20,8 @@ maintenance = { status = "experimental" } workspace = true [dependencies] -ark-groth16 = { version = "0.4", default-features = false } -ark-mnt6-753 = "0.4" +ark-groth16 = { version = "0.5", default-features = false } +ark-mnt6-753 = "0.5" async-trait = "0.1" clap = { version = "4.5", features = ["derive"] } futures = { workspace = true } diff --git a/test-utils/Cargo.toml b/test-utils/Cargo.toml index 630e907cfd..3c28abb86d 100644 --- a/test-utils/Cargo.toml +++ b/test-utils/Cargo.toml @@ -26,10 +26,10 @@ name = "nimiq-performance-blockchain-push" path = "src/performance/blockchain-push/main.rs" [dependencies] -ark-ff = "0.4" -ark-groth16 = { version = "0.4", default-features = false } -ark-mnt6-753 = "0.4" -ark-serialize = "0.4" +ark-ff = "0.5" +ark-groth16 = { version = "0.5", default-features = false } +ark-mnt6-753 = "0.5" +ark-serialize = "0.5" async-trait = "0.1" clap = { version = "4.5", features = ["derive"] } futures = { workspace = true } diff --git a/zkp-circuits/Cargo.toml b/zkp-circuits/Cargo.toml index efce54ae03..fb75aae06c 100644 --- a/zkp-circuits/Cargo.toml +++ b/zkp-circuits/Cargo.toml @@ -34,17 +34,17 @@ serde = "1.0" serde_json = "1.0" tracing-subscriber = { version = "0.3", optional = true } -ark-crypto-primitives = { version = "0.4", features = ["crh", "prf"] } -ark-ec = "0.4" -ark-ff = "0.4" -ark-groth16 = { version = "0.4", default-features = false } -ark-mnt4-753 = "0.4" -ark-mnt6-753 = "0.4" -ark-poly = { version = "0.4", optional = true } -ark-relations = "0.4" -ark-r1cs-std = "0.4" -ark-serialize = { version = "0.4", features = ["derive"] } -ark-std = "0.4" +ark-crypto-primitives = { version = "0.5", features = ["crh", "prf"] } +ark-ec = "0.5" +ark-ff = "0.5" +ark-groth16 = { version = "0.5", default-features = false } +ark-mnt4-753 = "0.5" +ark-mnt6-753 = "0.5" +ark-poly = { version = "0.5", optional = true } +ark-relations = "0.5" +ark-r1cs-std = "0.5" +ark-serialize = { version = "0.5", features = ["derive"] } +ark-std = "0.5" nimiq-block = { workspace = true } nimiq-bls = { workspace = true } diff --git a/zkp-circuits/src/blake2s.rs b/zkp-circuits/src/blake2s.rs index dbfdff9d2f..e8d7c7634d 100644 --- a/zkp-circuits/src/blake2s.rs +++ b/zkp-circuits/src/blake2s.rs @@ -1,6 +1,9 @@ use ark_crypto_primitives::prf::blake2s::constraints; use ark_ff::PrimeField; -use ark_r1cs_std::{uint8::UInt8, ToBitsGadget, ToBytesGadget}; +use ark_r1cs_std::{ + convert::{ToBitsGadget, ToBytesGadget}, + uint8::UInt8, +}; use ark_relations::r1cs::SynthesisError; pub fn evaluate_blake2s( @@ -9,7 +12,7 @@ pub fn evaluate_blake2s( let hash = constraints::evaluate_blake2s(&input.to_bits_le()?)?; Ok(hash .into_iter() - .flat_map(|int| int.to_bytes().unwrap()) + .flat_map(|int| int.to_bytes_le().unwrap()) .collect()) } @@ -20,6 +23,6 @@ pub fn evaluate_blake2s_with_parameters( let hash = constraints::evaluate_blake2s_with_parameters(&input.to_bits_le()?, parameters)?; Ok(hash .into_iter() - .flat_map(|int| int.to_bytes().unwrap()) + .flat_map(|int| int.to_bytes_le().unwrap()) .collect()) } diff --git a/zkp-circuits/src/circuits/mnt6/macro_block.rs b/zkp-circuits/src/circuits/mnt6/macro_block.rs index 7811d19711..f4581727f6 100644 --- a/zkp-circuits/src/circuits/mnt6/macro_block.rs +++ b/zkp-circuits/src/circuits/mnt6/macro_block.rs @@ -191,7 +191,7 @@ impl ConstraintSynthesizer for MacroBlockCircuit { // Check that the previous block and the final block are exactly one epoch length apart. let calculated_block_number = - UInt32::addmany(&[prev_block_var.block_number.clone(), epoch_length_var])?; + UInt32::wrapping_add_many(&[prev_block_var.block_number.clone(), epoch_length_var])?; calculated_block_number.enforce_equal(&final_block_var.block_number)?; diff --git a/zkp-circuits/src/circuits/mnt6/merger.rs b/zkp-circuits/src/circuits/mnt6/merger.rs index ce7745eb9f..4bd7c97248 100644 --- a/zkp-circuits/src/circuits/mnt6/merger.rs +++ b/zkp-circuits/src/circuits/mnt6/merger.rs @@ -201,7 +201,7 @@ impl ConstraintSynthesizer for MergerCircuit { &proof_inputs.into(), &proof_merger_wrapper_var, )? - .enforce_equal(&genesis_flag_var.not())?; + .enforce_equal(&!genesis_flag_var)?; // Verify the ZK proof for the Macro Block Wrapper circuit. let mut proof_inputs = RecursiveInputVar::new(); diff --git a/zkp-circuits/src/circuits/mod.rs b/zkp-circuits/src/circuits/mod.rs index 1f1160a143..4f22852318 100644 --- a/zkp-circuits/src/circuits/mod.rs +++ b/zkp-circuits/src/circuits/mod.rs @@ -5,15 +5,16 @@ pub mod mnt4; pub mod mnt6; pub mod vk_commitments; -use ark_ec::{pairing::Pairing, CurveGroup}; +use ark_ec::pairing::Pairing; use ark_ff::{Field, PrimeField}; +use nimiq_zkp_primitives::FixedPairing; pub trait CircuitInput { const NUM_INPUTS: usize; } -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; -pub const fn num_inputs(num_bytes: &[usize]) -> usize { +type BasePrimeField = <::BaseField as Field>::BasePrimeField; +pub const fn num_inputs(num_bytes: &[usize]) -> usize { let capacity = BasePrimeField::

::MODULUS_BIT_SIZE as usize - 1; let mut num_inputs = 0; diff --git a/zkp-circuits/src/circuits/vk_commitments.rs b/zkp-circuits/src/circuits/vk_commitments.rs index d04e6af4e4..ab1ac2d5dc 100644 --- a/zkp-circuits/src/circuits/vk_commitments.rs +++ b/zkp-circuits/src/circuits/vk_commitments.rs @@ -5,14 +5,18 @@ use ark_groth16::{constraints::VerifyingKeyVar, VerifyingKey}; use ark_mnt4_753::MNT4_753; use ark_mnt6_753::MNT6_753; use ark_r1cs_std::{ - alloc::AllocVar, eq::EqGadget, groups::GroupOpsBounds, pairing::PairingVar, uint8::UInt8, + alloc::AllocVar, + eq::EqGadget, + groups::{CurveVar, GroupOpsBounds}, + pairing::PairingVar, + uint8::UInt8, }; use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; use ark_std::UniformRand; use log::error; use nimiq_zkp_primitives::{ ext_traits::CompressedComposite, non_native_vk_commitment, - pedersen::DefaultPedersenParameters95, vk_commitment, vks_commitment, + pedersen::DefaultPedersenParameters95, vk_commitment, vks_commitment, FixedPairing, }; use rand::Rng; @@ -34,9 +38,10 @@ use crate::gadgets::{ vks_commitment::VksCommitmentGadget, }; -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; +type BasePrimeField = <::BaseField as Field>::BasePrimeField; +type ConstraintF = <::BaseField as Field>::BasePrimeField; -fn dummy_vk(num_public_inputs: usize) -> VerifyingKey { +fn dummy_vk(num_public_inputs: usize) -> VerifyingKey { let mut vk = VerifyingKey::::default(); for _ in 0..num_public_inputs + 1 { vk.gamma_abc_g1.push(Default::default()); @@ -54,7 +59,7 @@ pub struct VerifyingKeys { pk_tree_mnt4: Vec>, } -fn randomize_vk(vk: &mut VerifyingKey, rng: &mut R) { +fn randomize_vk(vk: &mut VerifyingKey, rng: &mut R) { vk.alpha_g1 = UniformRand::rand(rng); vk.beta_g2 = UniformRand::rand(rng); vk.gamma_g2 = UniformRand::rand(rng); @@ -165,7 +170,7 @@ impl VerifyingKeys { } #[allow(clippy::len_without_is_empty)] -pub trait PairingRelatedKeys { +pub trait PairingRelatedKeys { fn get_keys(&self) -> Vec<&VerifyingKey>; fn get_key(&self, circuit_id: CircuitId) -> Option<&VerifyingKey>; fn len(&self) -> usize; @@ -259,16 +264,16 @@ impl VkCommitmentIndex for MNT4_753 { const VK_COMMITMENT_INDEX: usize = 1; } -pub struct VerifyingKeyHelper { +pub struct VerifyingKeyHelper { keys: VerifyingKeys, vks_commitment_gadget: VksCommitmentGadget

, } -impl VerifyingKeyHelper

+impl VerifyingKeyHelper

where VerifyingKeys: PairingRelatedKeys

, { - pub fn new_and_verify>>( + pub fn new_and_verify>( cs: ConstraintSystemRef>, keys: VerifyingKeys, commitment: &[UInt8>], @@ -276,6 +281,7 @@ where ) -> Result where PV::G1Var: SerializeGadget>, + PV::G1Var: CurveVar>, for<'a> &'a PV::G1Var: GroupOpsBounds<'a, P::G1, PV::G1Var>, { let sub_commitment = @@ -302,13 +308,14 @@ where }) } - pub fn get_and_verify_vk>, W: Window>( + pub fn get_and_verify_vk, W: Window>( &self, cs: ConstraintSystemRef>, circuit_id: CircuitId, pedersen_generators: &PedersenParametersVar, ) -> Result, SynthesisError> where + PV::G1Var: CurveVar>, for<'a> &'a PV::G1Var: GroupOpsBounds<'a, P::G1, PV::G1Var>, PV::G1Var: SerializeGadget>, PV::G2Var: SerializeGadget>, @@ -329,7 +336,7 @@ where Ok(vk_commitment_gadget.vk) } - pub fn get_and_verify_nonnative_vk>, W: Window>( + pub fn get_and_verify_nonnative_vk, W: Window>( &self, cs: ConstraintSystemRef>, circuit_id: CircuitId, @@ -342,9 +349,9 @@ where SynthesisError, > where + PV::G1Var: CurveVar>, for<'a> &'a PV::G1Var: GroupOpsBounds<'a, P::G1, PV::G1Var>, PV::G1Var: SerializeGadget>, - PV::G2Var: SerializeGadget>, { let (c_index, _) = circuit_id.index(); // Check preconditions for this function: @@ -409,7 +416,7 @@ mod tests { vk_commitment::VkCommitmentWindow, }; - fn assert_eq_vk>>( + fn assert_eq_vk>( vk: &VerifyingKey, vk_var: &VerifyingKeyVar, ) { diff --git a/zkp-circuits/src/gadgets/be_bytes.rs b/zkp-circuits/src/gadgets/be_bytes.rs deleted file mode 100644 index a25b674dd4..0000000000 --- a/zkp-circuits/src/gadgets/be_bytes.rs +++ /dev/null @@ -1,30 +0,0 @@ -use ark_ff::Field; -use ark_r1cs_std::{uint16::UInt16, uint32::UInt32, uint8::UInt8, ToBytesGadget}; -use ark_relations::r1cs::SynthesisError; - -/// Specifies constraints for conversion to a big-endian byte representation -/// of `self`. -pub trait ToBeBytesGadget { - /// Outputs a canonical, big-endian, byte decomposition of `self`. - fn to_bytes_be(&self) -> Result>, SynthesisError>; -} - -impl ToBeBytesGadget for UInt32 { - fn to_bytes_be(&self) -> Result>, SynthesisError> { - // Get the big-endian byte representation by reversing the little-endian byte representation. - // We do not care about the order of the bits within each byte. - let mut bytes = self.to_bytes()?; - bytes.reverse(); - Ok(bytes) - } -} - -impl ToBeBytesGadget for UInt16 { - fn to_bytes_be(&self) -> Result>, SynthesisError> { - // Get the big-endian byte representation by reversing the little-endian byte representation. - // We do not care about the order of the bits within each byte. - let mut bytes = self.to_bytes()?; - bytes.reverse(); - Ok(bytes) - } -} diff --git a/zkp-circuits/src/gadgets/bits.rs b/zkp-circuits/src/gadgets/bits.rs index 0d3a4b7278..1fc2a9576d 100644 --- a/zkp-circuits/src/gadgets/bits.rs +++ b/zkp-circuits/src/gadgets/bits.rs @@ -1,8 +1,8 @@ use ark_ff::{Field, PrimeField}; use ark_r1cs_std::{ + convert::ToBitsGadget, prelude::{AllocVar, Boolean}, uint8::UInt8, - ToBitsGadget, }; use ark_relations::r1cs::{Namespace, SynthesisError}; diff --git a/zkp-circuits/src/gadgets/compressed_vk.rs b/zkp-circuits/src/gadgets/compressed_vk.rs index 6bc6e50445..dedbf9c818 100644 --- a/zkp-circuits/src/gadgets/compressed_vk.rs +++ b/zkp-circuits/src/gadgets/compressed_vk.rs @@ -1,17 +1,17 @@ use std::borrow::Borrow; -use ark_ec::{pairing::Pairing, CurveGroup}; +use ark_ec::pairing::Pairing; use ark_ff::Field; use ark_groth16::{constraints::VerifyingKeyVar, VerifyingKey}; use ark_mnt4_753::{constraints::PairingVar as MNT4PairingVar, MNT4_753}; use ark_mnt6_753::{constraints::PairingVar as MNT6PairingVar, MNT6_753}; -use ark_r1cs_std::{uint8::UInt8, ToBitsGadget}; +use ark_r1cs_std::{convert::ToBitsGadget, uint8::UInt8}; use ark_relations::r1cs::{Namespace, SynthesisError}; use nimiq_zkp_primitives::ext_traits::CompressedComposite; use super::compressed_affine::CompressedAffineVar; -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; +type BasePrimeField = <::BaseField as Field>::BasePrimeField; pub trait CompressedInput where diff --git a/zkp-circuits/src/gadgets/mnt4/y_to_bit.rs b/zkp-circuits/src/gadgets/mnt4/y_to_bit.rs index 6aa1096539..27fd76c877 100644 --- a/zkp-circuits/src/gadgets/mnt4/y_to_bit.rs +++ b/zkp-circuits/src/gadgets/mnt4/y_to_bit.rs @@ -38,9 +38,9 @@ impl YToBitGadget for AffineVar<::G2Config, Fq2Var // (y_c1 > half) || (y_c1 == 0 && y_c0 > half) let cond0 = y_c1_bit; - let cond1 = Boolean::and(&y_c1_eq_bit, &y_c0_bit)?; + let cond1 = y_c1_eq_bit & y_c0_bit; - let y_bit = Boolean::or(&cond0, &cond1)?; + let y_bit = cond0 | cond1; Ok(y_bit) } diff --git a/zkp-circuits/src/gadgets/mnt6/check_sig.rs b/zkp-circuits/src/gadgets/mnt6/check_sig.rs index 30efa648ca..f82f723c62 100644 --- a/zkp-circuits/src/gadgets/mnt6/check_sig.rs +++ b/zkp-circuits/src/gadgets/mnt6/check_sig.rs @@ -1,4 +1,4 @@ -use ark_ec::Group; +use ark_ec::PrimeGroup; use ark_mnt6_753::{ constraints::{G1Var, G2Var, PairingVar}, Fq as MNT6Fq, G2Projective, diff --git a/zkp-circuits/src/gadgets/mnt6/hash_to_curve.rs b/zkp-circuits/src/gadgets/mnt6/hash_to_curve.rs index 87b6b9cc59..f1fe3fb329 100644 --- a/zkp-circuits/src/gadgets/mnt6/hash_to_curve.rs +++ b/zkp-circuits/src/gadgets/mnt6/hash_to_curve.rs @@ -1,10 +1,11 @@ use ark_ff::{One, PrimeField, ToConstraintField}; use ark_mnt6_753::{constraints::G1Var, Fq as MNT6Fq, G1Affine}; use ark_r1cs_std::{ + convert::{ToBitsGadget, ToConstraintFieldGadget}, fields::{fp::FpVar, FieldVar}, prelude::{AllocVar, EqGadget}, uint8::UInt8, - R1CSVar, ToBitsGadget, ToConstraintFieldGadget, + R1CSVar, }; use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; use ark_std::Zero; diff --git a/zkp-circuits/src/gadgets/mnt6/macro_block.rs b/zkp-circuits/src/gadgets/mnt6/macro_block.rs index 95d85f5164..3afdb0aee5 100644 --- a/zkp-circuits/src/gadgets/mnt6/macro_block.rs +++ b/zkp-circuits/src/gadgets/mnt6/macro_block.rs @@ -20,7 +20,6 @@ use nimiq_primitives::{policy::Policy, TendermintStep}; use crate::{ blake2s::evaluate_blake2s, gadgets::{ - be_bytes::ToBeBytesGadget, bits::BitVec, mnt6::{CheckSigGadget, HashToCurve}, }, @@ -74,7 +73,7 @@ impl MacroBlockGadget { let valid_sig = CheckSigGadget::check_signature(cs, agg_pk, &hash, &self.signature)?; // Only return true if we have enough signers and a valid signature. - enough_signers.and(&valid_sig) + Ok(enough_signers & valid_sig) } /// Calculates the header hash of the block. diff --git a/zkp-circuits/src/gadgets/mnt6/y_to_bit.rs b/zkp-circuits/src/gadgets/mnt6/y_to_bit.rs index ed6e81ff3c..698d5c713c 100644 --- a/zkp-circuits/src/gadgets/mnt6/y_to_bit.rs +++ b/zkp-circuits/src/gadgets/mnt6/y_to_bit.rs @@ -42,7 +42,7 @@ impl YToBitGadget for AffineVar<::G2Config, Fq3Var // (y_c2 > half) || (y_c2 == 0 && y_c1 > half) || (y_c2 == 0 && y_c1 == 0 && y_c0 > half) let cond0 = y_c2_bit; - let cond1 = Boolean::and(&y_c2_eq_bit, &y_c1_bit)?; + let cond1 = &y_c2_eq_bit & y_c1_bit; let cond2 = Boolean::kary_and(vec![y_c2_eq_bit, y_c1_eq_bit, y_c0_bit].as_ref())?; diff --git a/zkp-circuits/src/gadgets/mod.rs b/zkp-circuits/src/gadgets/mod.rs index 3c1a8041c5..640accb342 100644 --- a/zkp-circuits/src/gadgets/mod.rs +++ b/zkp-circuits/src/gadgets/mod.rs @@ -4,7 +4,6 @@ pub mod mnt4; pub mod mnt6; -pub mod be_bytes; pub mod bits; pub mod compressed_affine; pub mod compressed_vk; diff --git a/zkp-circuits/src/gadgets/recursive_input.rs b/zkp-circuits/src/gadgets/recursive_input.rs index ceb5526ab1..10d285be81 100644 --- a/zkp-circuits/src/gadgets/recursive_input.rs +++ b/zkp-circuits/src/gadgets/recursive_input.rs @@ -2,7 +2,7 @@ use std::{cmp::min, marker::PhantomData}; use ark_crypto_primitives::snark::BooleanInputVar; use ark_ff::PrimeField; -use ark_r1cs_std::{prelude::Boolean, ToBitsGadget}; +use ark_r1cs_std::{convert::ToBitsGadget, prelude::Boolean}; use ark_relations::r1cs::SynthesisError; #[derive(Debug, Clone)] diff --git a/zkp-circuits/src/gadgets/serialize.rs b/zkp-circuits/src/gadgets/serialize.rs index b96318476c..bd2db3e20c 100644 --- a/zkp-circuits/src/gadgets/serialize.rs +++ b/zkp-circuits/src/gadgets/serialize.rs @@ -1,20 +1,21 @@ -use ark_ec::{pairing::Pairing, short_weierstrass::SWCurveConfig, CurveGroup}; +use ark_ec::{pairing::Pairing, short_weierstrass::SWCurveConfig}; use ark_ff::{Field, PrimeField}; use ark_groth16::constraints::VerifyingKeyVar; use ark_r1cs_std::{ + convert::{ToBitsGadget, ToBytesGadget}, groups::curves::short_weierstrass::{AffineVar, ProjectiveVar}, pairing::PairingVar, - prelude::{FieldOpsBounds, FieldVar, ToBitsGadget}, + prelude::{FieldOpsBounds, FieldVar}, uint64::UInt64, uint8::UInt8, - ToBytesGadget, }; use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; use ark_serialize::buffer_byte_size; +use nimiq_zkp_primitives::FixedPairing; use super::y_to_bit::YToBitGadget; -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; +type BasePrimeField = <::BaseField as Field>::BasePrimeField; /// A gadget that takes as input a G1 or G2 point and serializes it into a vector of Booleans. pub trait SerializeGadget { fn serialize_compressed( @@ -28,7 +29,7 @@ impl SerializeGadget for UInt64 { &self, _cs: ConstraintSystemRef, ) -> Result>, SynthesisError> { - self.to_bytes() + self.to_bytes_le() } } @@ -43,7 +44,7 @@ where cs: ConstraintSystemRef<::BasePrimeField>, ) -> Result::BasePrimeField>>, SynthesisError> { // Get bits from the x coordinate. - let x_bytes = self.x.to_bytes()?; + let x_bytes = self.x.to_bytes_le()?; // Truncate unnecessary bytes for each extension degree of x. let extension_degree = P::BaseField::extension_degree() as usize; @@ -86,8 +87,7 @@ where } } -impl>> SerializeGadget> - for VerifyingKeyVar +impl> SerializeGadget> for VerifyingKeyVar where P::G1Var: SerializeGadget>, P::G2Var: SerializeGadget>, diff --git a/zkp-circuits/src/gadgets/vk_commitment.rs b/zkp-circuits/src/gadgets/vk_commitment.rs index 038fac0766..45b4ad5722 100644 --- a/zkp-circuits/src/gadgets/vk_commitment.rs +++ b/zkp-circuits/src/gadgets/vk_commitment.rs @@ -5,17 +5,23 @@ use ark_ec::{pairing::Pairing, CurveGroup}; use ark_ff::Field; use ark_groth16::{constraints::VerifyingKeyVar, VerifyingKey}; use ark_r1cs_std::{ - alloc::AllocVar, eq::EqGadget, groups::GroupOpsBounds, pairing::PairingVar, uint8::UInt8, + alloc::AllocVar, + eq::EqGadget, + groups::{CurveVar, GroupOpsBounds}, + pairing::PairingVar, + uint8::UInt8, }; use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; use nimiq_pedersen_generators::DefaultWindow; +use nimiq_zkp_primitives::FixedPairing; use crate::gadgets::{ pedersen::{PedersenHashGadget, PedersenParametersVar}, serialize::SerializeGadget, }; -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; +type BasePrimeField = <::BaseField as Field>::BasePrimeField; +type ConstraintF = <::BaseField as Field>::BasePrimeField; pub type VkCommitmentWindow = DefaultWindow; @@ -23,7 +29,7 @@ pub type VkCommitmentWindow = DefaultWindow; /// Since the verifying key might not be compatible with the current curve, it supports opening /// the commitment to the serialization only. Then, on a recursive circuit, the verifying key can /// be matched to its corresponding serialization. -pub struct VkCommitmentGadget>, W: Window> { +pub struct VkCommitmentGadget, W: Window> { // Public input: vk commitment pub vk_commitment: Vec>>, @@ -33,7 +39,7 @@ pub struct VkCommitmentGadget>, W _window: PhantomData, } -impl>, W: Window> VkCommitmentGadget +impl, W: Window> VkCommitmentGadget where P::G1Var: SerializeGadget>, P::G2Var: SerializeGadget>, @@ -46,6 +52,7 @@ where pedersen_generators: &PedersenParametersVar, ) -> Result where + P::G1Var: CurveVar>, for<'a> &'a P::G1Var: GroupOpsBounds<'a, E::G1, P::G1Var>, { let gadget = Self::new(cs.clone(), vk, commitment)?; @@ -61,7 +68,7 @@ where ) -> Result { Ok(Self { vk_commitment: commitment, - vk: VerifyingKeyVar::new_witness(cs, || Ok(vk))?, + vk: VerifyingKeyVar::::new_witness::<&VerifyingKey>(cs, || Ok(vk))?, _window: PhantomData, }) } @@ -73,6 +80,7 @@ where pedersen_generators: &PedersenParametersVar, ) -> Result<(), SynthesisError> where + P::G1Var: CurveVar>, for<'a> &'a P::G1Var: GroupOpsBounds<'a, E::G1, P::G1Var>, { // Initialize Boolean vector. diff --git a/zkp-circuits/src/gadgets/vks_commitment.rs b/zkp-circuits/src/gadgets/vks_commitment.rs index ee7e9dba6a..605aaa230c 100644 --- a/zkp-circuits/src/gadgets/vks_commitment.rs +++ b/zkp-circuits/src/gadgets/vks_commitment.rs @@ -1,8 +1,13 @@ use ark_ec::{pairing::Pairing, CurveGroup}; use ark_ff::Field; -use ark_r1cs_std::{eq::EqGadget, groups::GroupOpsBounds, pairing::PairingVar, uint8::UInt8}; +use ark_r1cs_std::{ + eq::EqGadget, + groups::{CurveVar, GroupOpsBounds}, + pairing::PairingVar, + uint8::UInt8, +}; use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; -use nimiq_zkp_primitives::pedersen::DefaultPedersenParameters95; +use nimiq_zkp_primitives::{pedersen::DefaultPedersenParameters95, FixedPairing}; use super::vk_commitment::VkCommitmentWindow; use crate::gadgets::{ @@ -10,10 +15,11 @@ use crate::gadgets::{ serialize::SerializeGadget, }; -type BasePrimeField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField; +type BasePrimeField = <::BaseField as Field>::BasePrimeField; +type ConstraintF = <::BaseField as Field>::BasePrimeField; /// This gadget is meant to calculate a commitment in-circuit over a list of other commitments. -pub struct VksCommitmentGadget { +pub struct VksCommitmentGadget { // Public input: commitment over all vk commitments pub main_commitment: Vec>>, @@ -21,9 +27,9 @@ pub struct VksCommitmentGadget { pub vk_commitments: Vec>>>, } -impl VksCommitmentGadget { +impl VksCommitmentGadget { /// Allocate gadget and verify - pub fn new_and_verify>>( + pub fn new_and_verify>( cs: ConstraintSystemRef>, vk_commitments: Vec>, main_commitment: Vec>>, @@ -31,6 +37,7 @@ impl VksCommitmentGadget { ) -> Result where P::G1Var: SerializeGadget>, + P::G1Var: CurveVar>, for<'a> &'a P::G1Var: GroupOpsBounds<'a, E::G1, P::G1Var>, { let gadget = Self::new(cs.clone(), vk_commitments, main_commitment)?; @@ -58,13 +65,14 @@ impl VksCommitmentGadget { } /// Calculates the verifying key commitment. - pub fn verify>>( + pub fn verify>( &self, cs: ConstraintSystemRef>, pedersen_generators: &PedersenParametersVar, ) -> Result<(), SynthesisError> where P::G1Var: SerializeGadget>, + P::G1Var: CurveVar>, for<'a> &'a P::G1Var: GroupOpsBounds<'a, E::G1, P::G1Var>, { // Initialize Boolean vector. diff --git a/zkp-circuits/src/gadgets/y_to_bit.rs b/zkp-circuits/src/gadgets/y_to_bit.rs index 23f1859829..4c58cbcddf 100644 --- a/zkp-circuits/src/gadgets/y_to_bit.rs +++ b/zkp-circuits/src/gadgets/y_to_bit.rs @@ -1,9 +1,10 @@ use ark_ff::PrimeField; use ark_r1cs_std::{ boolean::Boolean, + convert::ToBitsGadget, fields::fp::FpVar, prelude::{AllocVar, EqGadget, FieldVar}, - R1CSVar, ToBitsGadget, + R1CSVar, }; use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError}; diff --git a/zkp-circuits/src/setup.rs b/zkp-circuits/src/setup.rs index f6317d0db9..fea03ee8fd 100644 --- a/zkp-circuits/src/setup.rs +++ b/zkp-circuits/src/setup.rs @@ -4,7 +4,6 @@ use std::{ }; use ark_crypto_primitives::snark::CircuitSpecificSetupSNARK; -use ark_ec::pairing::Pairing; use ark_groth16::{Groth16, ProvingKey, VerifyingKey}; use ark_mnt4_753::MNT4_753; use ark_mnt6_753::MNT6_753; @@ -12,7 +11,7 @@ use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; use nimiq_genesis::NetworkInfo; use nimiq_primitives::networks::NetworkId; use nimiq_serde::Deserialize; -use nimiq_zkp_primitives::{NanoZKPError, VerifyingData}; +use nimiq_zkp_primitives::{FixedPairing, NanoZKPError, VerifyingData}; use rand::{CryptoRng, Rng}; use crate::{ @@ -84,7 +83,10 @@ pub fn load_verifying_data(path: &Path) -> Result { }) } -fn load_key(dir_path: &Path, file_name: &str) -> Result, NanoZKPError> { +fn load_key( + dir_path: &Path, + file_name: &str, +) -> Result, NanoZKPError> { let mut file = File::open(dir_path.join(format!("{file_name}.bin")))?; Ok(VerifyingKey::deserialize_uncompressed_unchecked(&mut file)?) } @@ -280,7 +282,7 @@ pub(crate) fn keys_exist(name: &str, path: &Path) -> bool { proving_key.exists() && verifying_key.exists() } -pub(crate) fn keys_to_file( +pub(crate) fn keys_to_file( pk: &ProvingKey, vk: &VerifyingKey, name: &str, diff --git a/zkp-circuits/src/test_setup.rs b/zkp-circuits/src/test_setup.rs index 5a1fb698e3..a7318975f5 100644 --- a/zkp-circuits/src/test_setup.rs +++ b/zkp-circuits/src/test_setup.rs @@ -1,6 +1,6 @@ use std::{fs::File, path::Path}; -use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup, Group}; +use ark_ec::{scalar_mul::BatchMulPreprocessing, CurveGroup, PrimeGroup}; use ark_ff::{Field, PrimeField, UniformRand, Zero}; use ark_groth16::{ r1cs_to_qap::{LibsnarkReduction, R1CSToQAP}, @@ -14,7 +14,7 @@ use ark_relations::r1cs::{ }; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; use ark_std::{cfg_into_iter, cfg_iter, rand::Rng}; -use nimiq_zkp_primitives::NanoZKPError; +use nimiq_zkp_primitives::{FixedPairing, NanoZKPError}; use rand::CryptoRng; #[cfg(feature = "parallel")] use rayon::iter::{ @@ -30,7 +30,7 @@ pub const UNIT_TOXIC_WASTE_SEED: [u8; 32] = [ ]; #[derive(CanonicalSerialize, CanonicalDeserialize)] -pub struct ToxicWaste { +pub struct ToxicWaste { alpha: E::ScalarField, beta: E::ScalarField, gamma: E::ScalarField, @@ -42,7 +42,7 @@ pub struct ToxicWaste { abc: Vec, } -impl UniformRand for ToxicWaste { +impl UniformRand for ToxicWaste { fn rand(rng: &mut R) -> Self { Self { alpha: E::ScalarField::rand(rng), @@ -56,7 +56,7 @@ impl UniformRand for ToxicWaste { } } -impl ToxicWaste { +impl ToxicWaste { pub fn setup_groth16(circuit: C, rng: &mut impl Rng) -> R1CSResult<(Self, ProvingKey)> where C: ConstraintSynthesizer, @@ -115,8 +115,6 @@ impl ToxicWaste { .map(|i| usize::from(!b[i].is_zero())) .sum(); - let scalar_bits = E::ScalarField::MODULUS_BIT_SIZE as usize; - let gamma_inverse = self .gamma .inverse() @@ -147,51 +145,42 @@ impl ToxicWaste { drop(c); // Compute B window table - let g2_window = FixedBase::get_mul_window_size(non_zero_b); - let g2_table = - FixedBase::get_window_table::(scalar_bits, g2_window, self.g2_generator); + let g2_table = BatchMulPreprocessing::new(self.g2_generator, non_zero_b); // Compute the B-query in G2 - let b_g2_query = FixedBase::msm::(scalar_bits, g2_window, &g2_table, &b); - drop(g2_table); + let b_g2_query = g2_table.batch_mul(&b); // Compute G window table - let g1_window = - FixedBase::get_mul_window_size(non_zero_a + non_zero_b + qap_num_variables + m_raw + 1); - let g1_table = - FixedBase::get_window_table::(scalar_bits, g1_window, self.g1_generator); + let num_scalars = non_zero_a + non_zero_b + qap_num_variables + m_raw + 1; + let g1_table = BatchMulPreprocessing::new(self.g1_generator, num_scalars); // Generate the R1CS proving key - let alpha_g1 = self.g1_generator.mul_bigint(&self.alpha.into_bigint()); - let beta_g1 = self.g1_generator.mul_bigint(&self.beta.into_bigint()); - let beta_g2 = self.g2_generator.mul_bigint(&self.beta.into_bigint()); - let delta_g1 = self.g1_generator.mul_bigint(&self.delta.into_bigint()); - let delta_g2 = self.g2_generator.mul_bigint(&self.delta.into_bigint()); + let alpha_g1 = self.g1_generator * &self.alpha; + let beta_g1 = self.g1_generator * &self.beta; + let beta_g2 = self.g2_generator * &self.beta; + let delta_g1 = self.g1_generator * &self.delta; + let delta_g2 = self.g2_generator * &self.delta; // Compute the A-query - let a_query = FixedBase::msm::(scalar_bits, g1_window, &g1_table, &a); + let a_query = g1_table.batch_mul(&a); drop(a); // Compute the B-query in G1 - let b_g1_query = FixedBase::msm::(scalar_bits, g1_window, &g1_table, &b); + let b_g1_query = g1_table.batch_mul(&b); drop(b); // Compute the H-query - let h_query = FixedBase::msm::( - scalar_bits, - g1_window, - &g1_table, - &QAP::h_query_scalars::<_, D>(m_raw - 1, t, zt, delta_inverse)?, - ); + let h_scalars = + QAP::h_query_scalars::<_, D>(m_raw - 1, t, zt, delta_inverse)?; + let h_query = g1_table.batch_mul(&h_scalars); // Compute the L-query - let l_query = FixedBase::msm::(scalar_bits, g1_window, &g1_table, &l); + let l_query = g1_table.batch_mul(&l); drop(l); // Generate R1CS verification key - let gamma_g2 = self.g2_generator.mul_bigint(&self.gamma.into_bigint()); - let gamma_abc_g1 = FixedBase::msm::(scalar_bits, g1_window, &g1_table, &gamma_abc); - + let gamma_g2 = self.g2_generator * &self.gamma; + let gamma_abc_g1 = g1_table.batch_mul(&gamma_abc); drop(g1_table); let vk = VerifyingKey:: { @@ -199,15 +188,9 @@ impl ToxicWaste { beta_g2: beta_g2.into_affine(), gamma_g2: gamma_g2.into_affine(), delta_g2: delta_g2.into_affine(), - gamma_abc_g1: E::G1::normalize_batch(&gamma_abc_g1), + gamma_abc_g1, }; - let a_query = E::G1::normalize_batch(&a_query); - let b_g1_query = E::G1::normalize_batch(&b_g1_query); - let b_g2_query = E::G2::normalize_batch(&b_g2_query); - let h_query = E::G1::normalize_batch(&h_query); - let l_query = E::G1::normalize_batch(&l_query); - Ok(ProvingKey { vk, beta_g1: beta_g1.into_affine(), diff --git a/zkp-component/Cargo.toml b/zkp-component/Cargo.toml index a4913baeba..c60c1685e1 100644 --- a/zkp-component/Cargo.toml +++ b/zkp-component/Cargo.toml @@ -24,10 +24,10 @@ name = "nimiq-test-prover" required-features = ["test-prover", "tokio/rt-multi-thread"] [dependencies] -ark-groth16 = { version = "0.4", default-features = false } -ark-mnt4-753 = "0.4" -ark-mnt6-753 = "0.4" -ark-serialize = "0.4" +ark-groth16 = { version = "0.5", default-features = false } +ark-mnt4-753 = "0.5" +ark-mnt6-753 = "0.5" +ark-serialize = "0.5" async-trait = "0.1" futures = { workspace = true } hex = "0.4" diff --git a/zkp-primitives/Cargo.toml b/zkp-primitives/Cargo.toml index 6ab43636a7..d6cb8b8cd0 100644 --- a/zkp-primitives/Cargo.toml +++ b/zkp-primitives/Cargo.toml @@ -14,16 +14,16 @@ keywords.workspace = true workspace = true [dependencies] -ark-crypto-primitives = { version = "0.4", features = ["crh"] } -ark-ec = "0.4" -ark-ff = "0.4" -ark-groth16 = { version = "0.4", default-features = false } -ark-mnt4-753 = "0.4" -ark-mnt6-753 = "0.4" -ark-relations = "0.4" -ark-r1cs-std = "0.4" -ark-serialize = "0.4" -ark-std = "0.4" +ark-crypto-primitives = { version = "0.5", features = ["crh"] } +ark-ec = "0.5" +ark-ff = "0.5" +ark-groth16 = { version = "0.5", default-features = false } +ark-mnt4-753 = "0.5" +ark-mnt6-753 = "0.5" +ark-relations = "0.5" +ark-r1cs-std = "0.5" +ark-serialize = "0.5" +ark-std = "0.5" hex = "0.4" log = { workspace = true } rand = { version = "0.8", features = ["small_rng"] } diff --git a/zkp-primitives/pedersen-generators/Cargo.toml b/zkp-primitives/pedersen-generators/Cargo.toml index b3907913d9..38b8f3fd89 100644 --- a/zkp-primitives/pedersen-generators/Cargo.toml +++ b/zkp-primitives/pedersen-generators/Cargo.toml @@ -18,12 +18,12 @@ name = "generate" harness = false [dependencies] -ark-crypto-primitives = { version = "0.4", features = ["crh"] } -ark-ec = "0.4" -ark-ff = "0.4" -ark-std = "0.4" -ark-mnt4-753 = "0.4" -ark-mnt6-753 = "0.4" +ark-crypto-primitives = { version = "0.5", features = ["crh"] } +ark-ec = "0.5" +ark-ff = "0.5" +ark-std = "0.5" +ark-mnt4-753 = "0.5" +ark-mnt6-753 = "0.5" hex = "0.4" rand = "0.8" diff --git a/zkp-primitives/pedersen-generators/src/generators.rs b/zkp-primitives/pedersen-generators/src/generators.rs index c08451f9d7..5595793f58 100644 --- a/zkp-primitives/pedersen-generators/src/generators.rs +++ b/zkp-primitives/pedersen-generators/src/generators.rs @@ -1,5 +1,5 @@ use ark_crypto_primitives::crh::pedersen::{Parameters, Window}; -use ark_ec::{pairing::Pairing, CurveGroup, Group}; +use ark_ec::{pairing::Pairing, AdditiveGroup, CurveGroup}; use ark_ff::PrimeField; use ark_mnt6_753::Fq; use ark_std::UniformRand; diff --git a/zkp-primitives/src/ext_traits.rs b/zkp-primitives/src/ext_traits.rs index ddc26f5f6b..f91ec7c534 100644 --- a/zkp-primitives/src/ext_traits.rs +++ b/zkp-primitives/src/ext_traits.rs @@ -1,11 +1,12 @@ use ark_ec::{ - pairing::Pairing, short_weierstrass::{Affine, SWCurveConfig, SWFlags}, AffineRepr, }; use ark_ff::{Field, ToConstraintField}; use ark_groth16::VerifyingKey; +use crate::FixedPairing; + pub trait CompressedAffine { /// Returns the y-is-negative bit and the x coordinate. fn to_field_elements(&self) -> Option<(bool, Vec)>; @@ -41,7 +42,7 @@ where } } -impl CompressedComposite for VerifyingKey

+impl CompressedComposite for VerifyingKey

where P::G1Affine: CompressedAffine, P::G2Affine: CompressedAffine, diff --git a/zkp-primitives/src/lib.rs b/zkp-primitives/src/lib.rs index c466321356..c59d476e8f 100644 --- a/zkp-primitives/src/lib.rs +++ b/zkp-primitives/src/lib.rs @@ -7,9 +7,12 @@ pub use pedersen::pedersen_parameters_mnt6; pub use serialize::*; pub use vk_commitment::*; +pub use self::traits::FixedPairing; + pub mod ext_traits; pub mod pedersen; mod serialize; +mod traits; mod vk_commitment; use std::io; diff --git a/zkp-primitives/src/pedersen.rs b/zkp-primitives/src/pedersen.rs index 2081dfc641..4a1c739fc1 100644 --- a/zkp-primitives/src/pedersen.rs +++ b/zkp-primitives/src/pedersen.rs @@ -4,12 +4,14 @@ use ark_crypto_primitives::crh::{ pedersen::{Window, CRH}, CRHScheme, }; -use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup}; +use ark_ec::{AffineRepr, CurveGroup}; use ark_mnt4_753::{G1Projective as MNT4_G1Projective, MNT4_753}; use ark_mnt6_753::{G1Projective as MNT6_G1Projective, MNT6_753}; use ark_serialize::CanonicalSerialize; use nimiq_pedersen_generators::{default_mnt4, default_mnt6, DefaultWindow, PedersenParameters}; +use crate::FixedPairing; + pub fn pedersen_parameters_mnt6() -> &'static PedersenParameters { static CACHE: OnceLock> = OnceLock::new(); CACHE.get_or_init(default_mnt6) @@ -20,7 +22,7 @@ pub fn pedersen_parameters_mnt4() -> &'static PedersenParameters &'static PedersenParameters; fn g1_to_bytes(g1: &Self::G1) -> [u8; 95]; } @@ -55,7 +57,7 @@ impl DefaultPedersenParameters95 for MNT6_753 { /// We then calculate the commitment like so: /// H = G_0 + s_1 * G_1 + ... + s_n * G_n /// where G_0 is a generator that is used as a blinding factor. -pub fn default_pedersen_hash(input: &[u8]) -> P::G1 { +pub fn default_pedersen_hash(input: &[u8]) -> P::G1 { pedersen_hash::<_, DefaultWindow>(input, P::pedersen_parameters()) } diff --git a/zkp-primitives/src/traits.rs b/zkp-primitives/src/traits.rs new file mode 100644 index 0000000000..45dc5b10f3 --- /dev/null +++ b/zkp-primitives/src/traits.rs @@ -0,0 +1,14 @@ +use ark_ec::{pairing::Pairing, CurveGroup}; +use ark_ff::Field; + +pub trait FixedPairing: + Pairing::G1 as CurveGroup>::BaseField as Field>::BasePrimeField> +{ +} + +impl FixedPairing for T where + T: Pairing< + BaseField = <<::G1 as CurveGroup>::BaseField as Field>::BasePrimeField, + > +{ +} diff --git a/zkp-primitives/src/vk_commitment.rs b/zkp-primitives/src/vk_commitment.rs index 431cf87bf8..fd79409a30 100644 --- a/zkp-primitives/src/vk_commitment.rs +++ b/zkp-primitives/src/vk_commitment.rs @@ -1,4 +1,3 @@ -use ark_ec::pairing::Pairing; use ark_groth16::VerifyingKey; use ark_mnt6_753::MNT6_753; use ark_serialize::CanonicalSerialize; @@ -6,6 +5,7 @@ use ark_serialize::CanonicalSerialize; use crate::{ ext_traits::{CompressedAffine, CompressedComposite}, pedersen::{default_pedersen_hash, DefaultPedersenParameters95}, + FixedPairing, }; /// This function is meant to calculate a commitment off-circuit for a verifying key of a SNARK in the @@ -14,7 +14,9 @@ use crate::{ /// We calculate it by first serializing the verifying key and feeding it to the Pedersen hash /// function, then we serialize the output and convert it to bits. This provides an efficient way /// of compressing the state and representing it across different curves. -pub fn vk_commitment(vk: &VerifyingKey) -> [u8; 95] { +pub fn vk_commitment( + vk: &VerifyingKey, +) -> [u8; 95] { // Serialize the verifying key into bits. let mut serialized_vk = vec![]; vk.serialize_compressed(&mut serialized_vk).unwrap(); @@ -26,7 +28,7 @@ pub fn vk_commitment(vk: &VerifyingKey E::g1_to_bytes(&hash) } -pub fn non_native_vk_commitment( +pub fn non_native_vk_commitment( vk: &VerifyingKey

, ) -> [u8; 95] where @@ -44,7 +46,7 @@ where } /// Combines multiple commitments into one. -pub fn vks_commitment( +pub fn vks_commitment( commitments: &[[u8; 95]], ) -> [u8; 95] { let mut bytes: Vec = vec![]; diff --git a/zkp/Cargo.toml b/zkp/Cargo.toml index 03ce686325..0165fbb071 100644 --- a/zkp/Cargo.toml +++ b/zkp/Cargo.toml @@ -14,16 +14,16 @@ keywords.workspace = true workspace = true [dependencies] -ark-crypto-primitives = { version = "0.4", features = ["prf", "sponge"] } -ark-ec = "0.4" -ark-ff = "0.4" -ark-groth16 = { version = "0.4", default-features = false } -ark-mnt4-753 = "0.4" -ark-mnt6-753 = "0.4" -ark-relations = "0.4" -ark-r1cs-std = "0.4" -ark-serialize = "0.4" -ark-std = "0.4" +ark-crypto-primitives = { version = "0.5", features = ["prf", "sponge"] } +ark-ec = "0.5" +ark-ff = "0.5" +ark-groth16 = { version = "0.5", default-features = false } +ark-mnt4-753 = "0.5" +ark-mnt6-753 = "0.5" +ark-relations = "0.5" +ark-r1cs-std = "0.5" +ark-serialize = "0.5" +ark-std = "0.5" log = { workspace = true } once_cell = "1.20" parking_lot = "0.12" diff --git a/zkp/src/proof_system/prove.rs b/zkp/src/proof_system/prove.rs index bb3063f52e..54c4fcd06b 100644 --- a/zkp/src/proof_system/prove.rs +++ b/zkp/src/proof_system/prove.rs @@ -5,7 +5,7 @@ use std::{ }; use ark_crypto_primitives::snark::SNARK; -use ark_ec::{pairing::Pairing, CurveGroup}; +use ark_ec::CurveGroup; use ark_ff::{ToConstraintField, Zero}; use ark_groth16::{Groth16, Proof, ProvingKey, VerifyingKey}; use ark_mnt4_753::{Fq as MNT4Fq, MNT4_753}; @@ -31,7 +31,7 @@ use nimiq_zkp_circuits::{ }; use nimiq_zkp_primitives::{ ext_traits::CompressedComposite, pedersen::default_pedersen_hash, serialize_g1_mnt6, - serialize_g2_mnt6, NanoZKPError, + serialize_g2_mnt6, FixedPairing, NanoZKPError, }; use rand::{thread_rng, CryptoRng, Rng}; @@ -948,7 +948,7 @@ fn prove_merger_wrapper( } // Cache proof to file. -fn proof_to_file( +fn proof_to_file( pk: Proof, name: &str, number: Option,