ring points are in TE form

ring/src/lib.rs

@@ -1,10 +1,10 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 
 use ark_ec::{
-    short_weierstrass::{Affine, SWCurveConfig},
     AffineRepr,
 };
-use ark_ff::{One, PrimeField, Zero};
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
+use ark_ff::PrimeField;
 use ark_serialize::CanonicalSerialize;
 use ark_std::rand::RngCore;
 use fflonk::pcs::PCS;
@@ -26,20 +26,8 @@ pub type RingProof<F, CS> = Proof<F, CS, RingCommitments<F, <CS as PCS<F>>::C>,
 /// Polynomial Commitment Schemes.
 pub use fflonk::pcs;
 
-// Calling the method for a prime-order curve results in an infinite loop.
-pub fn find_complement_point<Curve: SWCurveConfig>() -> Affine<Curve> {
-    let mut x = Curve::BaseField::zero();
-    loop {
-        let p = Affine::<Curve>::get_point_from_x_unchecked(x, false);
-        if p.is_some() && !p.unwrap().is_in_correct_subgroup_assuming_on_curve() {
-            return p.unwrap();
-        }
-        x = x + Curve::BaseField::one()
-    }
-}
-
 // Try and increment hash to curve.
-pub(crate) fn hash_to_curve<F: PrimeField, Curve: SWCurveConfig<BaseField = F>>(
+pub(crate) fn hash_to_curve<F: PrimeField, Curve: TECurveConfig<BaseField = F>>(
     message: &[u8],
 ) -> Affine<Curve> {
     use blake2::Digest;
@@ -49,7 +37,7 @@ pub(crate) fn hash_to_curve<F: PrimeField, Curve: SWCurveConfig<BaseField = F>>(
     loop {
         let hash: [u8; 64] = blake2::Blake2b::digest(&seed[..]).into();
         let x = F::from_le_bytes_mod_order(&hash);
-        if let Some(point) = Affine::<Curve>::get_point_from_x_unchecked(x, false) {
+        if let Some(point) = Affine::<Curve>::get_point_from_y_unchecked(x, false) {
             let point = point.clear_cofactor();
             assert!(point.is_in_correct_subgroup_assuming_on_curve());
             return point;
@@ -86,8 +74,7 @@ impl ArkTranscript {
 mod tests {
     use ark_bls12_381::Bls12_381;
     use ark_ec::CurveGroup;
-    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, SWAffine};
-    use ark_ff::MontFp;
+    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, EdwardsAffine};
     use ark_std::ops::Mul;
     use ark_std::rand::Rng;
     use ark_std::{end_timer, start_timer, test_rng, UniformRand};
@@ -109,7 +96,7 @@ mod tests {
 
         let max_keyset_size = piop_params.keyset_part_size;
         let keyset_size: usize = rng.gen_range(0..max_keyset_size);
-        let pks = random_vec::<SWAffine, _>(keyset_size, rng);
+        let pks = random_vec::<EdwardsAffine, _>(keyset_size, rng);
         let k = rng.gen_range(0..keyset_size); // prover's secret index
         let pk = pks[k].clone();
 
@@ -150,7 +137,7 @@ mod tests {
 
         let max_keyset_size = piop_params.keyset_part_size;
         let keyset_size: usize = rng.gen_range(0..max_keyset_size);
-        let pks = random_vec::<SWAffine, _>(keyset_size, rng);
+        let pks = random_vec::<EdwardsAffine, _>(keyset_size, rng);
 
         let (_, verifier_key) = index::<_, KZG<Bls12_381>, _>(&pcs_params, &piop_params, &pks);
 
@@ -171,29 +158,13 @@ mod tests {
         let pcs_params = CS::setup(setup_degree, rng);
 
         let domain = Domain::new(domain_size, true);
-        let h = SWAffine::rand(rng);
-        let seed = find_complement_point::<BandersnatchConfig>();
+        let h = EdwardsAffine::rand(rng);
+        let seed = EdwardsAffine::rand(rng);
         let piop_params = PiopParams::setup(domain, h, seed);
 
         (pcs_params, piop_params)
     }
 
-    #[test]
-    fn test_complement_point() {
-        let p = find_complement_point::<BandersnatchConfig>();
-        assert!(p.is_on_curve());
-        assert!(!p.is_in_correct_subgroup_assuming_on_curve());
-        assert_eq!(
-            p,
-            SWAffine::new_unchecked(
-                MontFp!("0"),
-                MontFp!(
-                    "11982629110561008531870698410380659621661946968466267969586599013782997959645"
-                )
-            )
-        )
-    }
-
     #[test]
     fn test_ring_proof_kzg() {
         _test_ring_proof::<KZG<Bls12_381>>(2usize.pow(10));

ring/src/piop/mod.rs

@@ -1,6 +1,6 @@
 use ark_ec::pairing::Pairing;
-use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
 use ark_ec::AffineRepr;
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ff::PrimeField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use ark_std::marker::PhantomData;
@@ -97,7 +97,7 @@ impl<F: PrimeField, C: Commitment<F>> FixedColumnsCommitted<F, C> {
 }
 
 impl<E: Pairing> FixedColumnsCommitted<E::ScalarField, KzgCommitment<E>> {
-    pub fn from_ring<G: SWCurveConfig<BaseField = E::ScalarField>>(
+    pub fn from_ring<G: TECurveConfig<BaseField = E::ScalarField>>(
         ring: &Ring<E::ScalarField, E, G>,
     ) -> Self {
         let cx = KzgCommitment(ring.cx);
@@ -140,7 +140,7 @@ pub struct VerifierKey<F: PrimeField, CS: PCS<F>> {
 }
 
 impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> {
-    pub fn from_ring_and_kzg_vk<G: SWCurveConfig<BaseField = E::ScalarField>>(
+    pub fn from_ring_and_kzg_vk<G: TECurveConfig<BaseField = E::ScalarField>>(
         ring: &Ring<E::ScalarField, E, G>,
         kzg_vk: RawKzgVerifierKey<E>,
     ) -> Self {
@@ -162,7 +162,7 @@ impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> {
     }
 }
 
-pub fn index<F: PrimeField, CS: PCS<F>, Curve: SWCurveConfig<BaseField = F>>(
+pub fn index<F: PrimeField, CS: PCS<F>, Curve: TECurveConfig<BaseField = F>>(
     pcs_params: &CS::Params,
     piop_params: &PiopParams<F, Curve>,
     keys: &[Affine<Curve>],

ring/src/piop/params.rs

@@ -1,5 +1,5 @@
-use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
 use ark_ec::{AdditiveGroup, AffineRepr, CurveGroup};
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ff::{BigInteger, PrimeField};
 use ark_std::{vec, vec::Vec};
 
@@ -9,7 +9,7 @@ use common::gadgets::ec::AffineColumn;
 use crate::piop::FixedColumns;
 
 #[derive(Clone)]
-pub struct PiopParams<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> {
+pub struct PiopParams<F: PrimeField, Curve: TECurveConfig<BaseField = F>> {
     // Domain over which the piop is represented.
     pub(crate) domain: Domain<F>,
 
@@ -30,7 +30,7 @@ pub struct PiopParams<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> {
     pub(crate) padding_point: Affine<Curve>,
 }
 
-impl<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> PiopParams<F, Curve> {
+impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopParams<F, Curve> {
     pub fn setup(domain: Domain<F>, h: Affine<Curve>, seed: Affine<Curve>) -> Self {
         let padding_point = crate::hash_to_curve(b"/w3f/ring-proof/padding");
         let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize;
@@ -93,7 +93,7 @@ impl<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> PiopParams<F, Curve> {
 
 #[cfg(test)]
 mod tests {
-    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, SWAffine};
+    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, EdwardsAffine};
     use ark_std::ops::Mul;
     use ark_std::{test_rng, UniformRand};
 
@@ -105,8 +105,8 @@ mod tests {
     #[test]
     fn test_powers_of_h() {
         let rng = &mut test_rng();
-        let h = SWAffine::rand(rng);
-        let seed = SWAffine::rand(rng);
+        let h = EdwardsAffine::rand(rng);
+        let seed = EdwardsAffine::rand(rng);
         let domain = Domain::new(1024, false);
         let params = PiopParams::<Fq, BandersnatchConfig>::setup(domain, h, seed);
         let t = Fr::rand(rng);

ring/src/piop/prover.rs

@@ -1,4 +1,4 @@
-use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ff::PrimeField;
 use ark_poly::univariate::DensePolynomial;
 use ark_poly::Evaluations;
@@ -21,7 +21,7 @@ use crate::piop::{RingCommitments, RingEvaluations};
 
 // The 'table': columns representing the execution trace of the computation
 // and the constraints -- polynomials that vanish on every 2 consecutive rows.
-pub struct PiopProver<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> {
+pub struct PiopProver<F: PrimeField, Curve: TECurveConfig<BaseField = F>> {
     domain: Domain<F>,
     // Fixed (public input) columns:
     points: AffineColumn<F, Affine<Curve>>,
@@ -37,7 +37,7 @@ pub struct PiopProver<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> {
     cond_add_acc_y: FixedCells<F>,
 }
 
-impl<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> PiopProver<F, Curve> {
+impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopProver<F, Curve> {
     pub fn build(
         params: &PiopParams<F, Curve>,
         fixed_columns: FixedColumns<F, Affine<Curve>>,
@@ -88,7 +88,7 @@ impl<F, C, Curve> ProverPiop<F, C> for PiopProver<F, Curve>
 where
     F: PrimeField,
     C: Commitment<F>,
-    Curve: SWCurveConfig<BaseField = F>,
+    Curve: TECurveConfig<BaseField = F>,
 {
     type Commitments = RingCommitments<F, C>;
     type Evaluations = RingEvaluations<F>;

ring/src/piop/verifier.rs

@@ -1,6 +1,6 @@
 use std::marker::PhantomData;
 use ark_ec::AffineRepr;
-use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ff::PrimeField;
 use ark_std::{vec, vec::Vec};
 use fflonk::pcs::Commitment;
@@ -101,7 +101,7 @@ impl<F: PrimeField, C: Commitment<F>, P: AffineRepr<BaseField = F>> PiopVerifier
     }
 }
 
-impl<F: PrimeField, C: Commitment<F>, Jubjub: SWCurveConfig<BaseField = F>> VerifierPiop<F, C> for PiopVerifier<F, C, Affine<Jubjub>> {
+impl<F: PrimeField, C: Commitment<F>, Jubjub: TECurveConfig<BaseField = F>> VerifierPiop<F, C> for PiopVerifier<F, C, Affine<Jubjub>> {
     const N_CONSTRAINTS: usize = 7;
     const N_COLUMNS: usize = 7;
 

ring/src/ring.rs

@@ -1,6 +1,6 @@
 use ark_ec::pairing::Pairing;
-use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
 use ark_ec::{AffineRepr, CurveGroup, VariableBaseMSM};
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ff::PrimeField;
 use ark_poly::EvaluationDomain;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
@@ -40,7 +40,7 @@ const IDLE_ROWS: usize = ZK_ROWS + 1;
 pub struct Ring<
     F: PrimeField,
     KzgCurve: Pairing<ScalarField = F>,
-    VrfCurveConfig: SWCurveConfig<BaseField = F>,
+    VrfCurveConfig: TECurveConfig<BaseField = F>,
 > {
     // KZG commitments to the coordinates of the vector described above
     pub cx: KzgCurve::G1Affine,
@@ -58,7 +58,7 @@ pub struct Ring<
 impl<
         F: PrimeField,
         KzgCurve: Pairing<ScalarField = F>,
-        VrfCurveConfig: SWCurveConfig<BaseField = F>,
+        VrfCurveConfig: TECurveConfig<BaseField = F>,
     > fmt::Debug for Ring<F, KzgCurve, VrfCurveConfig>
 {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
@@ -73,7 +73,7 @@ impl<
 impl<
         F: PrimeField,
         KzgCurve: Pairing<ScalarField = F>,
-        VrfCurveConfig: SWCurveConfig<BaseField = F>,
+        VrfCurveConfig: TECurveConfig<BaseField = F>,
     > Ring<F, KzgCurve, VrfCurveConfig>
 {
     // Builds the commitment to the vector
@@ -255,7 +255,7 @@ impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>> RingBuilderKey<F, KzgCur
 #[cfg(test)]
 mod tests {
     use ark_bls12_381::{Bls12_381, Fr, G1Affine};
-    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, SWAffine};
+    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, EdwardsAffine};
     use ark_std::{test_rng, UniformRand};
     use fflonk::pcs::kzg::urs::URS;
     use fflonk::pcs::kzg::KZG;
@@ -282,8 +282,8 @@ mod tests {
         let srs = |range: Range<usize>| Ok(ring_builder_key.lis_in_g1[range].to_vec());
 
         // piop params
-        let h = SWAffine::rand(rng);
-        let seed = SWAffine::rand(rng);
+        let h = EdwardsAffine::rand(rng);
+        let seed = EdwardsAffine::rand(rng);
         let domain = Domain::new(domain_size, true);
         let piop_params = PiopParams::setup(domain, h, seed);
 
@@ -292,7 +292,7 @@ mod tests {
         assert_eq!(ring.cx, monimial_cx);
         assert_eq!(ring.cy, monimial_cy);
 
-        let keys = random_vec::<SWAffine, _>(ring.max_keys, rng);
+        let keys = random_vec::<EdwardsAffine, _>(ring.max_keys, rng);
         ring.append(&keys, srs);
         let (monimial_cx, monimial_cy) = get_monomial_commitment(&pcs_params, &piop_params, &keys);
         assert_eq!(ring.cx, monimial_cx);
@@ -313,8 +313,8 @@ mod tests {
         let srs = |range: Range<usize>| Ok(ring_builder_key.lis_in_g1[range].to_vec());
 
         // piop params
-        let h = SWAffine::rand(rng);
-        let seed = SWAffine::rand(rng);
+        let h = EdwardsAffine::rand(rng);
+        let seed = EdwardsAffine::rand(rng);
         let domain = Domain::new(domain_size, true);
         let piop_params = PiopParams::setup(domain, h, seed);
 
@@ -326,7 +326,7 @@ mod tests {
     fn get_monomial_commitment(
         pcs_params: &URS<Bls12_381>,
         piop_params: &PiopParams<Fr, BandersnatchConfig>,
-        keys: &[SWAffine],
+        keys: &[EdwardsAffine],
     ) -> (G1Affine, G1Affine) {
         let (_, verifier_key) =
             crate::piop::index::<_, KZG<Bls12_381>, _>(pcs_params, piop_params, keys);

ring/src/ring_prover.rs

@@ -1,4 +1,4 @@
-use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ff::PrimeField;
 use fflonk::pcs::PCS;
 
@@ -13,7 +13,7 @@ pub struct RingProver<F, CS, Curve, T>
 where
     F: PrimeField,
     CS: PCS<F>,
-    Curve: SWCurveConfig<BaseField = F>,
+    Curve: TECurveConfig<BaseField = F>,
     T: PlonkTranscript<F, CS>,
 {
     piop_params: PiopParams<F, Curve>,
@@ -26,7 +26,7 @@ impl<F, CS, Curve, T> RingProver<F, CS, Curve, T>
 where
     F: PrimeField,
     CS: PCS<F>,
-    Curve: SWCurveConfig<BaseField = F>,
+    Curve: TECurveConfig<BaseField = F>,
     T: PlonkTranscript<F, CS>,
 {
     pub fn init(

ring/src/ring_verifier.rs

@@ -1,5 +1,5 @@
-use ark_ec::short_weierstrass::{Affine, SWCurveConfig};
 use ark_ec::CurveGroup;
+use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ff::PrimeField;
 use fflonk::pcs::{RawVerifierKey, PCS};
 
@@ -16,7 +16,7 @@ pub struct RingVerifier<F, CS, Jubjub, T>
 where
     F: PrimeField,
     CS: PCS<F>,
-    Jubjub: SWCurveConfig<BaseField = F>,
+    Jubjub: TECurveConfig<BaseField = F>,
     T: PlonkTranscript<F, CS>,
 {
     piop_params: PiopParams<F, Jubjub>,
@@ -28,7 +28,7 @@ impl<F, CS, Jubjub, T> RingVerifier<F, CS, Jubjub, T>
 where
     F: PrimeField,
     CS: PCS<F>,
-    Jubjub: SWCurveConfig<BaseField = F>,
+    Jubjub: TECurveConfig<BaseField = F>,
     T: PlonkTranscript<F, CS>,
 {
     pub fn init(