diff --git a/ring/src/lib.rs b/ring/src/lib.rs index e410daa..13c1901 100644 --- a/ring/src/lib.rs +++ b/ring/src/lib.rs @@ -1,10 +1,10 @@ #![cfg_attr(not(feature = "std"), no_std)] use ark_ec::{ - short_weierstrass::{Affine, SWCurveConfig}, AffineRepr, }; -use ark_ff::{One, PrimeField, Zero}; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; +use ark_ff::PrimeField; use ark_serialize::CanonicalSerialize; use ark_std::rand::RngCore; use fflonk::pcs::PCS; @@ -26,20 +26,8 @@ pub type RingProof<F, CS> = Proof<F, CS, RingCommitments<F, <CS as PCS<F>>::C>, /// Polynomial Commitment Schemes. pub use fflonk::pcs; -// Calling the method for a prime-order curve results in an infinite loop. -pub fn find_complement_point<Curve: SWCurveConfig>() -> Affine<Curve> { - let mut x = Curve::BaseField::zero(); - loop { - let p = Affine::<Curve>::get_point_from_x_unchecked(x, false); - if p.is_some() && !p.unwrap().is_in_correct_subgroup_assuming_on_curve() { - return p.unwrap(); - } - x = x + Curve::BaseField::one() - } -} - // Try and increment hash to curve. -pub(crate) fn hash_to_curve<F: PrimeField, Curve: SWCurveConfig<BaseField = F>>( +pub(crate) fn hash_to_curve<F: PrimeField, Curve: TECurveConfig<BaseField = F>>( message: &[u8], ) -> Affine<Curve> { use blake2::Digest; @@ -49,7 +37,7 @@ pub(crate) fn hash_to_curve<F: PrimeField, Curve: SWCurveConfig<BaseField = F>>( loop { let hash: [u8; 64] = blake2::Blake2b::digest(&seed[..]).into(); let x = F::from_le_bytes_mod_order(&hash); - if let Some(point) = Affine::<Curve>::get_point_from_x_unchecked(x, false) { + if let Some(point) = Affine::<Curve>::get_point_from_y_unchecked(x, false) { let point = point.clear_cofactor(); assert!(point.is_in_correct_subgroup_assuming_on_curve()); return point; @@ -86,8 +74,7 @@ impl ArkTranscript { mod tests { use ark_bls12_381::Bls12_381; use ark_ec::CurveGroup; - use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, SWAffine}; - use ark_ff::MontFp; + use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, EdwardsAffine}; use ark_std::ops::Mul; use ark_std::rand::Rng; use ark_std::{end_timer, start_timer, test_rng, UniformRand}; @@ -109,7 +96,7 @@ mod tests { let max_keyset_size = piop_params.keyset_part_size; let keyset_size: usize = rng.gen_range(0..max_keyset_size); - let pks = random_vec::<SWAffine, _>(keyset_size, rng); + let pks = random_vec::<EdwardsAffine, _>(keyset_size, rng); let k = rng.gen_range(0..keyset_size); // prover's secret index let pk = pks[k].clone(); @@ -150,7 +137,7 @@ mod tests { let max_keyset_size = piop_params.keyset_part_size; let keyset_size: usize = rng.gen_range(0..max_keyset_size); - let pks = random_vec::<SWAffine, _>(keyset_size, rng); + let pks = random_vec::<EdwardsAffine, _>(keyset_size, rng); let (_, verifier_key) = index::<_, KZG<Bls12_381>, _>(&pcs_params, &piop_params, &pks); @@ -171,29 +158,13 @@ mod tests { let pcs_params = CS::setup(setup_degree, rng); let domain = Domain::new(domain_size, true); - let h = SWAffine::rand(rng); - let seed = find_complement_point::<BandersnatchConfig>(); + let h = EdwardsAffine::rand(rng); + let seed = EdwardsAffine::rand(rng); let piop_params = PiopParams::setup(domain, h, seed); (pcs_params, piop_params) } - #[test] - fn test_complement_point() { - let p = find_complement_point::<BandersnatchConfig>(); - assert!(p.is_on_curve()); - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - assert_eq!( - p, - SWAffine::new_unchecked( - MontFp!("0"), - MontFp!( - "11982629110561008531870698410380659621661946968466267969586599013782997959645" - ) - ) - ) - } - #[test] fn test_ring_proof_kzg() { _test_ring_proof::<KZG<Bls12_381>>(2usize.pow(10)); diff --git a/ring/src/piop/mod.rs b/ring/src/piop/mod.rs index 43e4d66..d6ba3cf 100644 --- a/ring/src/piop/mod.rs +++ b/ring/src/piop/mod.rs @@ -1,6 +1,6 @@ use ark_ec::pairing::Pairing; -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; use ark_ec::AffineRepr; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; use ark_ff::PrimeField; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; use ark_std::marker::PhantomData; @@ -97,7 +97,7 @@ impl<F: PrimeField, C: Commitment<F>> FixedColumnsCommitted<F, C> { } impl<E: Pairing> FixedColumnsCommitted<E::ScalarField, KzgCommitment<E>> { - pub fn from_ring<G: SWCurveConfig<BaseField = E::ScalarField>>( + pub fn from_ring<G: TECurveConfig<BaseField = E::ScalarField>>( ring: &Ring<E::ScalarField, E, G>, ) -> Self { let cx = KzgCommitment(ring.cx); @@ -140,7 +140,7 @@ pub struct VerifierKey<F: PrimeField, CS: PCS<F>> { } impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> { - pub fn from_ring_and_kzg_vk<G: SWCurveConfig<BaseField = E::ScalarField>>( + pub fn from_ring_and_kzg_vk<G: TECurveConfig<BaseField = E::ScalarField>>( ring: &Ring<E::ScalarField, E, G>, kzg_vk: RawKzgVerifierKey<E>, ) -> Self { @@ -162,7 +162,7 @@ impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> { } } -pub fn index<F: PrimeField, CS: PCS<F>, Curve: SWCurveConfig<BaseField = F>>( +pub fn index<F: PrimeField, CS: PCS<F>, Curve: TECurveConfig<BaseField = F>>( pcs_params: &CS::Params, piop_params: &PiopParams<F, Curve>, keys: &[Affine<Curve>], diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index c840142..97826be 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -1,5 +1,5 @@ -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; use ark_ec::{AdditiveGroup, AffineRepr, CurveGroup}; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; use ark_ff::{BigInteger, PrimeField}; use ark_std::{vec, vec::Vec}; @@ -9,7 +9,7 @@ use common::gadgets::ec::AffineColumn; use crate::piop::FixedColumns; #[derive(Clone)] -pub struct PiopParams<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> { +pub struct PiopParams<F: PrimeField, Curve: TECurveConfig<BaseField = F>> { // Domain over which the piop is represented. pub(crate) domain: Domain<F>, @@ -30,7 +30,7 @@ pub struct PiopParams<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> { pub(crate) padding_point: Affine<Curve>, } -impl<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> PiopParams<F, Curve> { +impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopParams<F, Curve> { pub fn setup(domain: Domain<F>, h: Affine<Curve>, seed: Affine<Curve>) -> Self { let padding_point = crate::hash_to_curve(b"/w3f/ring-proof/padding"); let scalar_bitlen = Curve::ScalarField::MODULUS_BIT_SIZE as usize; @@ -93,7 +93,7 @@ impl<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> PiopParams<F, Curve> { #[cfg(test)] mod tests { - use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, SWAffine}; + use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, EdwardsAffine}; use ark_std::ops::Mul; use ark_std::{test_rng, UniformRand}; @@ -105,8 +105,8 @@ mod tests { #[test] fn test_powers_of_h() { let rng = &mut test_rng(); - let h = SWAffine::rand(rng); - let seed = SWAffine::rand(rng); + let h = EdwardsAffine::rand(rng); + let seed = EdwardsAffine::rand(rng); let domain = Domain::new(1024, false); let params = PiopParams::<Fq, BandersnatchConfig>::setup(domain, h, seed); let t = Fr::rand(rng); diff --git a/ring/src/piop/prover.rs b/ring/src/piop/prover.rs index 55f9995..c38c337 100644 --- a/ring/src/piop/prover.rs +++ b/ring/src/piop/prover.rs @@ -1,4 +1,4 @@ -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; use ark_ff::PrimeField; use ark_poly::univariate::DensePolynomial; use ark_poly::Evaluations; @@ -21,7 +21,7 @@ use crate::piop::{RingCommitments, RingEvaluations}; // The 'table': columns representing the execution trace of the computation // and the constraints -- polynomials that vanish on every 2 consecutive rows. -pub struct PiopProver<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> { +pub struct PiopProver<F: PrimeField, Curve: TECurveConfig<BaseField = F>> { domain: Domain<F>, // Fixed (public input) columns: points: AffineColumn<F, Affine<Curve>>, @@ -37,7 +37,7 @@ pub struct PiopProver<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> { cond_add_acc_y: FixedCells<F>, } -impl<F: PrimeField, Curve: SWCurveConfig<BaseField = F>> PiopProver<F, Curve> { +impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopProver<F, Curve> { pub fn build( params: &PiopParams<F, Curve>, fixed_columns: FixedColumns<F, Affine<Curve>>, @@ -88,7 +88,7 @@ impl<F, C, Curve> ProverPiop<F, C> for PiopProver<F, Curve> where F: PrimeField, C: Commitment<F>, - Curve: SWCurveConfig<BaseField = F>, + Curve: TECurveConfig<BaseField = F>, { type Commitments = RingCommitments<F, C>; type Evaluations = RingEvaluations<F>; diff --git a/ring/src/piop/verifier.rs b/ring/src/piop/verifier.rs index 00acd88..50ea6e8 100644 --- a/ring/src/piop/verifier.rs +++ b/ring/src/piop/verifier.rs @@ -1,6 +1,6 @@ use std::marker::PhantomData; use ark_ec::AffineRepr; -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; use ark_ff::PrimeField; use ark_std::{vec, vec::Vec}; use fflonk::pcs::Commitment; @@ -101,7 +101,7 @@ impl<F: PrimeField, C: Commitment<F>, P: AffineRepr<BaseField = F>> PiopVerifier } } -impl<F: PrimeField, C: Commitment<F>, Jubjub: SWCurveConfig<BaseField = F>> VerifierPiop<F, C> for PiopVerifier<F, C, Affine<Jubjub>> { +impl<F: PrimeField, C: Commitment<F>, Jubjub: TECurveConfig<BaseField = F>> VerifierPiop<F, C> for PiopVerifier<F, C, Affine<Jubjub>> { const N_CONSTRAINTS: usize = 7; const N_COLUMNS: usize = 7; diff --git a/ring/src/ring.rs b/ring/src/ring.rs index 8ee6c03..8ddb190 100644 --- a/ring/src/ring.rs +++ b/ring/src/ring.rs @@ -1,6 +1,6 @@ use ark_ec::pairing::Pairing; -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; use ark_ec::{AffineRepr, CurveGroup, VariableBaseMSM}; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; use ark_ff::PrimeField; use ark_poly::EvaluationDomain; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; @@ -40,7 +40,7 @@ const IDLE_ROWS: usize = ZK_ROWS + 1; pub struct Ring< F: PrimeField, KzgCurve: Pairing<ScalarField = F>, - VrfCurveConfig: SWCurveConfig<BaseField = F>, + VrfCurveConfig: TECurveConfig<BaseField = F>, > { // KZG commitments to the coordinates of the vector described above pub cx: KzgCurve::G1Affine, @@ -58,7 +58,7 @@ pub struct Ring< impl< F: PrimeField, KzgCurve: Pairing<ScalarField = F>, - VrfCurveConfig: SWCurveConfig<BaseField = F>, + VrfCurveConfig: TECurveConfig<BaseField = F>, > fmt::Debug for Ring<F, KzgCurve, VrfCurveConfig> { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { @@ -73,7 +73,7 @@ impl< impl< F: PrimeField, KzgCurve: Pairing<ScalarField = F>, - VrfCurveConfig: SWCurveConfig<BaseField = F>, + VrfCurveConfig: TECurveConfig<BaseField = F>, > Ring<F, KzgCurve, VrfCurveConfig> { // Builds the commitment to the vector @@ -255,7 +255,7 @@ impl<F: PrimeField, KzgCurve: Pairing<ScalarField = F>> RingBuilderKey<F, KzgCur #[cfg(test)] mod tests { use ark_bls12_381::{Bls12_381, Fr, G1Affine}; - use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, SWAffine}; + use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, EdwardsAffine}; use ark_std::{test_rng, UniformRand}; use fflonk::pcs::kzg::urs::URS; use fflonk::pcs::kzg::KZG; @@ -282,8 +282,8 @@ mod tests { let srs = |range: Range<usize>| Ok(ring_builder_key.lis_in_g1[range].to_vec()); // piop params - let h = SWAffine::rand(rng); - let seed = SWAffine::rand(rng); + let h = EdwardsAffine::rand(rng); + let seed = EdwardsAffine::rand(rng); let domain = Domain::new(domain_size, true); let piop_params = PiopParams::setup(domain, h, seed); @@ -292,7 +292,7 @@ mod tests { assert_eq!(ring.cx, monimial_cx); assert_eq!(ring.cy, monimial_cy); - let keys = random_vec::<SWAffine, _>(ring.max_keys, rng); + let keys = random_vec::<EdwardsAffine, _>(ring.max_keys, rng); ring.append(&keys, srs); let (monimial_cx, monimial_cy) = get_monomial_commitment(&pcs_params, &piop_params, &keys); assert_eq!(ring.cx, monimial_cx); @@ -313,8 +313,8 @@ mod tests { let srs = |range: Range<usize>| Ok(ring_builder_key.lis_in_g1[range].to_vec()); // piop params - let h = SWAffine::rand(rng); - let seed = SWAffine::rand(rng); + let h = EdwardsAffine::rand(rng); + let seed = EdwardsAffine::rand(rng); let domain = Domain::new(domain_size, true); let piop_params = PiopParams::setup(domain, h, seed); @@ -326,7 +326,7 @@ mod tests { fn get_monomial_commitment( pcs_params: &URS<Bls12_381>, piop_params: &PiopParams<Fr, BandersnatchConfig>, - keys: &[SWAffine], + keys: &[EdwardsAffine], ) -> (G1Affine, G1Affine) { let (_, verifier_key) = crate::piop::index::<_, KZG<Bls12_381>, _>(pcs_params, piop_params, keys); diff --git a/ring/src/ring_prover.rs b/ring/src/ring_prover.rs index bacfcba..776e782 100644 --- a/ring/src/ring_prover.rs +++ b/ring/src/ring_prover.rs @@ -1,4 +1,4 @@ -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; use ark_ff::PrimeField; use fflonk::pcs::PCS; @@ -13,7 +13,7 @@ pub struct RingProver<F, CS, Curve, T> where F: PrimeField, CS: PCS<F>, - Curve: SWCurveConfig<BaseField = F>, + Curve: TECurveConfig<BaseField = F>, T: PlonkTranscript<F, CS>, { piop_params: PiopParams<F, Curve>, @@ -26,7 +26,7 @@ impl<F, CS, Curve, T> RingProver<F, CS, Curve, T> where F: PrimeField, CS: PCS<F>, - Curve: SWCurveConfig<BaseField = F>, + Curve: TECurveConfig<BaseField = F>, T: PlonkTranscript<F, CS>, { pub fn init( diff --git a/ring/src/ring_verifier.rs b/ring/src/ring_verifier.rs index c1e665e..11ae904 100644 --- a/ring/src/ring_verifier.rs +++ b/ring/src/ring_verifier.rs @@ -1,5 +1,5 @@ -use ark_ec::short_weierstrass::{Affine, SWCurveConfig}; use ark_ec::CurveGroup; +use ark_ec::twisted_edwards::{Affine, TECurveConfig}; use ark_ff::PrimeField; use fflonk::pcs::{RawVerifierKey, PCS}; @@ -16,7 +16,7 @@ pub struct RingVerifier<F, CS, Jubjub, T> where F: PrimeField, CS: PCS<F>, - Jubjub: SWCurveConfig<BaseField = F>, + Jubjub: TECurveConfig<BaseField = F>, T: PlonkTranscript<F, CS>, { piop_params: PiopParams<F, Jubjub>, @@ -28,7 +28,7 @@ impl<F, CS, Jubjub, T> RingVerifier<F, CS, Jubjub, T> where F: PrimeField, CS: PCS<F>, - Jubjub: SWCurveConfig<BaseField = F>, + Jubjub: TECurveConfig<BaseField = F>, T: PlonkTranscript<F, CS>, { pub fn init(