Make the whole RingProof compiles with TE and SW add constraints (tes…

…ts still needs to be fixed)
w3f · Sep 24, 2024 · eae2f00 · eae2f00
1 parent 16c6975
commit eae2f00
Show file tree

Hide file tree

Showing 10 changed files with 161 additions and 100 deletions.
diff --git a/common/src/gadgets/cond_add.rs b/common/src/gadgets/cond_add.rs
@@ -1,6 +1,8 @@
-use ark_ec::{AffineRepr, CurveConfig};
+use ark_ec::{AffineRepr};
 use ark_ff::{FftField, Field};
+use ark_poly::{Evaluations};
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+use ark_std::{vec::Vec};
 use crate::{Column, FieldColumn};
 use crate::domain::Domain;
 use crate::gadgets::booleanity::BitColumn;
@@ -38,9 +40,8 @@ impl<F: FftField, P: AffineRepr<BaseField=F>> AffineColumn<F, P> {
     }
 }
 
-pub trait CondAdd<F, Curve, AffinePoint> where
+pub trait CondAdd<F, AffinePoint> where
     F: FftField,
-    Curve: CurveConfig,
     AffinePoint: AffineRepr<BaseField=F>,
 
 {
@@ -51,7 +52,8 @@ pub trait CondAdd<F, Curve, AffinePoint> where
                 domain: &Domain<F>) -> Self;
 
     fn evaluate_assignment(&self, z: &F) -> Self::CondAddValT;
-
+    fn get_acc(&self) -> AffineColumn<F, AffinePoint>;
+    fn get_result(&self) -> AffinePoint;
 }
 
 pub trait CondAddValues<F>
@@ -60,4 +62,11 @@ pub trait CondAddValues<F>
     fn acc_coeffs_1(&self) -> (F, F);
     fn acc_coeffs_2(&self) -> (F, F);
 
+    fn init(
+        bitmask: F,
+        points: (F, F),
+        not_last: F,
+        acc: (F, F),
+    )-> Self;
+
 }
diff --git a/common/src/gadgets/sw_cond_add.rs b/common/src/gadgets/sw_cond_add.rs
@@ -31,7 +31,7 @@ pub struct SwCondAddValues<F: Field> {
     pub acc: (F, F),
 }
 
-impl<F, Curve> CondAdd<F, Curve, Affine<Curve> > for SwCondAdd<F, Affine<Curve>> where
+impl<F, Curve> CondAdd<F, Affine<Curve> > for SwCondAdd<F, Affine<Curve>> where
     F: FftField,
     Curve: SWCurveConfig<BaseField=F>,
 {
@@ -75,6 +75,15 @@ impl<F, Curve> CondAdd<F, Curve, Affine<Curve> > for SwCondAdd<F, Affine<Curve>>
             acc: self.acc.evaluate(z),
         }
     }
+
+    fn get_acc(&self) -> AffineColumn<F, Affine<Curve>> {
+        self.acc.clone()
+    }
+
+    fn get_result(&self) -> Affine<Curve> {
+        self.result.clone()
+    }
+
 }
 
 
@@ -187,6 +196,19 @@ impl<F: Field> VerifierGadget<F> for SwCondAddValues<F> {
 
 
 impl<F: Field> CondAddValues<F> for SwCondAddValues<F> {
+    fn init(
+        bitmask: F,
+        points: (F, F),
+        not_last: F,
+        acc: (F, F),
+    )-> Self {
+        SwCondAddValues::<F> {
+            bitmask,
+            points,
+            not_last,
+            acc,
+        }
+    }
 
     fn acc_coeffs_1(&self) -> (F, F) {
         let b = self.bitmask;

diff --git a/common/src/gadgets/te_cond_add.rs b/common/src/gadgets/te_cond_add.rs
@@ -4,7 +4,7 @@ use ark_ff::{FftField, Field};
 use ark_poly::{Evaluations, GeneralEvaluationDomain};
 use ark_poly::univariate::DensePolynomial;
 use ark_std::{vec, vec::Vec};
-use std::marker::PhantomData;
+use core::marker::PhantomData;
 
 use crate::{Column, FieldColumn, const_evals};
 use crate::domain::Domain;
@@ -33,7 +33,7 @@ pub struct TeCondAddValues<F: Field, Curve: TECurveConfig<BaseField=F>> {
     pub _curve: PhantomData<Curve>,
 }
 
-impl<F, Curve> CondAdd<F, Curve, Affine<Curve>> for TeCondAdd<F, Affine<Curve>> where
+impl<F, Curve> CondAdd<F, Affine<Curve>> for TeCondAdd<F, Affine<Curve>> where
     F: FftField,
     Curve: TECurveConfig<BaseField=F>,
 {
@@ -77,6 +77,15 @@ impl<F, Curve> CondAdd<F, Curve, Affine<Curve>> for TeCondAdd<F, Affine<Curve>>
             _curve: PhantomData,
         }
     }
+
+    fn get_acc(&self) -> AffineColumn<F, Affine<Curve>> {
+        self.acc.clone()
+    }
+
+    fn get_result(&self) -> Affine<Curve> {
+        self.result.clone()
+    }
+
 }
 
 impl<F, Curve> ProverGadget<F> for TeCondAdd<F, Affine<Curve>>
@@ -146,7 +155,7 @@ impl<F, Curve> ProverGadget<F> for TeCondAdd<F, Affine<Curve>>
         vec![c1, c2]
     }
 
-    /// Mary-Oana Linearization technique. See: https://hackmd.io/0kdBl3GVSmmcB7QJe1NTuw?view#Linearizationo
+    /// Mary-Oana Linearization technique. See: https://hackmd.io/0kdBl3GVSmmcB7QJe1NTuw?view#Linearization
     fn constraints_linearized(&self, z: &F) -> Vec<DensePolynomial<F>> {
         let vals = self.evaluate_assignment(z);
         let acc_x = self.acc.xs.as_poly();
@@ -195,6 +204,20 @@ impl<F: Field, Curve: TECurveConfig<BaseField=F>> VerifierGadget<F> for TeCondAd
 }
 
 impl<F: Field, Curve: TECurveConfig<BaseField=F>> CondAddValues<F> for TeCondAddValues<F, Curve> {
+    fn init(
+        bitmask: F,
+        points: (F, F),
+        not_last: F,
+        acc: (F, F),
+    )-> Self {
+        TeCondAddValues::<F, Curve> {
+            bitmask,
+            points,
+            not_last,
+            acc,
+            _curve : PhantomData,
+        }
+    }
     fn acc_coeffs_1(&self) -> (F, F) {
         let b = self.bitmask;
         let (x1, y1) = self.acc;

diff --git a/ring/src/piop/mod.rs b/ring/src/piop/mod.rs
@@ -11,7 +11,7 @@ use fflonk::pcs::kzg::KZG;
 use fflonk::pcs::kzg::params::RawKzgVerifierKey;
 
 use common::{Column, ColumnsCommited, ColumnsEvaluated, FieldColumn};
-use common::gadgets::sw_cond_add::AffineColumn;
+use common::gadgets::cond_add::AffineColumn;
 pub(crate) use prover::PiopProver;
 pub(crate) use verifier::PiopVerifier;
 
@@ -157,8 +157,8 @@ impl<F: PrimeField, C: Commitment<F>> FixedColumnsCommitted<F, C> {
 }
 
 impl<E: Pairing> FixedColumnsCommitted<E::ScalarField, KzgCommitment<E>> {
-    pub fn from_ring<G: SWCurveConfig<BaseField=E::ScalarField>>(
-        ring: &Ring<E::ScalarField, E, G>,
+    pub fn from_ring<P: AffineRepr<BaseField=E::ScalarField>>(
+        ring: &Ring<E::ScalarField, E, P>,
     ) -> Self {
         let cx = KzgCommitment(ring.cx);
         let cy = KzgCommitment(ring.cy);
@@ -170,7 +170,7 @@ impl<E: Pairing> FixedColumnsCommitted<E::ScalarField, KzgCommitment<E>> {
     }
 }
 
-impl<F: PrimeField, G: AffineRepr<BaseField=F>> FixedColumns<F, G> {
+impl<F: PrimeField, P: AffineRepr<BaseField=F>> FixedColumns<F, P> {
     fn commit<CS: PCS<F>>(&self, ck: &CS::CK) -> FixedColumnsCommitted<F, CS::C> {
         let points = [
             CS::commit(ck, self.points.xs.as_poly()),
@@ -182,9 +182,9 @@ impl<F: PrimeField, G: AffineRepr<BaseField=F>> FixedColumns<F, G> {
 }
 
 #[derive(CanonicalSerialize, CanonicalDeserialize)]
-pub struct ProverKey<F: PrimeField, CS: PCS<F>, G: AffineRepr<BaseField=F>> {
+pub struct ProverKey<F: PrimeField, CS: PCS<F>, P: AffineRepr<BaseField=F>> {
     pub(crate) pcs_ck: CS::CK,
-    pub(crate) fixed_columns: FixedColumns<F, G>,
+    pub(crate) fixed_columns: FixedColumns<F, P>,
     pub(crate) verifier_key: VerifierKey<F, CS>, // used in the Fiat-Shamir transform
 }
 
@@ -196,8 +196,8 @@ pub struct VerifierKey<F: PrimeField, CS: PCS<F>> {
 }
 
 impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> {
-    pub fn from_ring_and_kzg_vk<G: SWCurveConfig<BaseField=E::ScalarField>>(
-        ring: &Ring<E::ScalarField, E, G>,
+    pub fn from_ring_and_kzg_vk<P: AffineRepr<BaseField=E::ScalarField>>(
+        ring: &Ring<E::ScalarField, E, P>,
         kzg_vk: RawKzgVerifierKey<E>,
     ) -> Self {
         Self::from_commitment_and_kzg_vk(FixedColumnsCommitted::from_ring(ring), kzg_vk)
@@ -219,11 +219,11 @@ impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> {
 }
 
 
-pub fn index<F: PrimeField, CS: PCS<F>, Curve: SWCurveConfig<BaseField=F>>(
+pub fn index<F: PrimeField, CS: PCS<F>, P: AffineRepr<BaseField=F>,>(
     pcs_params: &CS::Params,
-    piop_params: &PiopParams<F, Curve>,
-    keys: &[Affine<Curve>],
-) -> (ProverKey<F, CS, Affine<Curve>>, VerifierKey<F, CS>) {
+    piop_params: &PiopParams<F, P>,
+    keys: &[P],
+) -> (ProverKey<F, CS, P>, VerifierKey<F, CS>) {
     let pcs_ck = pcs_params.ck();
     let pcs_raw_vk = pcs_params.raw_vk();
     let fixed_columns = piop_params.fixed_columns(&keys);

diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs
@@ -1,15 +1,15 @@
-use ark_ec::{AffineRepr, CurveGroup, Group};
+use ark_ec::{AffineRepr, CurveGroup, Group, CurveConfig};
 use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
 use ark_ff::{BigInteger, PrimeField};
 use ark_std::{vec, vec::Vec};
 
 use common::domain::Domain;
-use common::gadgets::sw_cond_add::AffineColumn;
+use common::gadgets::cond_add::AffineColumn;
 
 use crate::piop::FixedColumns;
 
 #[derive(Clone)]
-pub struct PiopParams<F: PrimeField, Curve: SWCurveConfig<BaseField=F>> {
+pub struct PiopParams<F: PrimeField, P: AffineRepr<BaseField=F>> {
     // Domain over which the piop is represented.
     pub(crate) domain: Domain<F>,
 
@@ -20,20 +20,20 @@ pub struct PiopParams<F: PrimeField, Curve: SWCurveConfig<BaseField=F>> {
     pub keyset_part_size: usize,
 
     // The blinding base, a point from jubjub.
-    pub(crate) h: Affine<Curve>,
+    pub(crate) h: P,
 
     // The point to start the summation from (as zero doesn't have a SW affine representation),
     // should be from the jubjub prime-order subgroup complement.
-    pub(crate) seed: Affine<Curve>,
+    pub(crate) seed: P,
 
     // The point used to pad the actual list of public keys. Should be of an unknown dlog.
-    pub(crate) padding_point: Affine<Curve>,
+    pub(crate) padding_point: P,
 }
 
-impl<F: PrimeField, Curve: SWCurveConfig<BaseField=F>> PiopParams<F, Curve> {
-    pub fn setup(domain: Domain<F>, h: Affine<Curve>, seed: Affine<Curve>) -> Self {
-        let padding_point = crate::hash_to_curve::<Affine<Curve>>(b"w3f/ring-proof/common/padding");
-        let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize;
+impl<F: PrimeField, P: AffineRepr<BaseField=F>> PiopParams<F, P> {
+    pub fn setup(domain: Domain<F>, h: P, seed: P) -> Self {
+        let padding_point = crate::hash_to_curve::<P>(b"w3f/ring-proof/common/padding");
+        let scalar_bitlen = P::ScalarField::MODULUS_BIT_SIZE as usize;
         // 1 accounts for the last cells of the points and bits columns that remain unconstrained
         let keyset_part_size = domain.capacity - scalar_bitlen - 1;
         Self {
@@ -46,14 +46,14 @@ impl<F: PrimeField, Curve: SWCurveConfig<BaseField=F>> PiopParams<F, Curve> {
         }
     }
 
-    pub fn fixed_columns(&self, keys: &[Affine<Curve>]) -> FixedColumns<F, Affine<Curve>> {
+    pub fn fixed_columns(&self, keys: &[P]) -> FixedColumns<F, P> {
         let ring_selector = self.keyset_part_selector();
         let ring_selector = self.domain.public_column(ring_selector);
         let points = self.points_column(&keys);
         FixedColumns { points, ring_selector }
     }
 
-    pub fn points_column(&self, keys: &[Affine<Curve>]) -> AffineColumn<F, Affine<Curve>> {
+    pub fn points_column(&self, keys: &[P]) -> AffineColumn<F, P> {
         assert!(keys.len() <= self.keyset_part_size);
         let padding_len = self.keyset_part_size - keys.len();
         let padding = vec![self.padding_point; padding_len];
@@ -66,7 +66,7 @@ impl<F: PrimeField, Curve: SWCurveConfig<BaseField=F>> PiopParams<F, Curve> {
         AffineColumn::public_column(points, &self.domain)
     }
 
-    pub fn power_of_2_multiples_of_h(&self) -> Vec<Affine::<Curve>> {
+    pub fn power_of_2_multiples_of_h(&self) -> Vec<P> {
         let mut h = self.h.into_group();
         let mut multiples = Vec::with_capacity(self.scalar_bitlen);
         multiples.push(h);
@@ -77,7 +77,7 @@ impl<F: PrimeField, Curve: SWCurveConfig<BaseField=F>> PiopParams<F, Curve> {
         CurveGroup::normalize_batch(&multiples)
     }
 
-    pub fn scalar_part(&self, e: Curve::ScalarField) -> Vec<bool> {
+    pub fn scalar_part(&self, e: P::ScalarField) -> Vec<bool> {
         let bits_with_trailing_zeroes = e.into_bigint().to_bits_le();
         let significant_bits = &bits_with_trailing_zeroes[..self.scalar_bitlen];
         significant_bits.to_vec()