Add FiatShamir sponge RNG

src/constraints/snark.rs

@@ -470,22 +470,24 @@ mod test {
     type TestSNARK = MarlinSNARK<
         MNT4Fr,
         MNT4Fq,
-        PoseidonSponge<MNT4Fr>,
-        MarlinKZG10<MNT4_298, DensePolynomial<MNT4Fr>, PoseidonSponge<MNT4Fr>>,
+        PoseidonSponge<MNT4Fq>,
+        MarlinKZG10<MNT4_298, DensePolynomial<MNT4Fr>, PoseidonSponge<MNT4Fq>>,
         TestMarlinConfig,
     >;
+
     type PCGadget4 = MarlinKZG10Gadget<
         Mnt64298cycle,
         DensePolynomial<MNT4Fr>,
         MNT4PairingVar,
-        PoseidonSponge<MNT4Fr>,
+        PoseidonSponge<MNT4Fq>,
     >;
+
     type TestSNARKGadget = MarlinSNARKGadget<
         MNT4Fr,
         MNT4Fq,
-        PoseidonSponge<MNT4Fr>,
+        PoseidonSponge<MNT4Fq>,
         PoseidonSpongeVar<MNT4Fq>,
-        MarlinKZG10<MNT4_298, DensePolynomial<MNT4Fr>, PoseidonSponge<MNT4Fr>>,
+        MarlinKZG10<MNT4_298, DensePolynomial<MNT4Fr>, PoseidonSponge<MNT4Fq>>,
         TestMarlinConfig,
         PCGadget4,
     >;
@@ -521,7 +523,6 @@ mod test {
         let cs = ConstraintSystemRef::new(cs_sys);
         cs.set_optimization_goal(OptimizationGoal::Weight);
 
-        /*
         let input_gadget = <TestSNARKGadget as SNARKGadget<
             <MNT4_298 as PairingEngine>::Fr,
             <MNT4_298 as PairingEngine>::Fq,
@@ -555,6 +556,7 @@ mod test {
         >>::verify(&vk_gadget, &input_gadget, &proof_gadget)
         .unwrap();
 
+        /*
         assert!(
             cs.is_satisfied().unwrap(),
             "Constraints not satisfied: {}",

src/lib.rs

@@ -347,7 +347,7 @@ where
         if for_recursion {
             sponge.absorb(&to_bytes![&Self::PROTOCOL_NAME].unwrap());
             //sponge.absorb(&compute_vk_hash::<F, FSF, S, PC>(&index_pk.index_vk));
-            sponge.absorb(&public_input);
+            //sponge.absorb(&public_input);
         } else {
             sponge.absorb(
                 &to_bytes![&Self::PROTOCOL_NAME, &index_pk.index_vk, &public_input].unwrap(),
@@ -557,7 +557,7 @@ where
         end_timer!(eval_time);
 
         if for_recursion {
-            sponge.absorb(&evaluations);
+            //sponge.absorb(&evaluations);
         } else {
             sponge.absorb(&to_bytes![&evaluations].unwrap());
         }
@@ -621,7 +621,7 @@ where
         if for_recursion {
             sponge.absorb(&to_bytes![&Self::PROTOCOL_NAME].unwrap());
             //sponge.absorb(&compute_vk_hash::<F, FSF, S, PC>(index_vk));
-            sponge.absorb(&public_input);
+            //sponge.absorb(&public_input);
         } else {
             sponge.absorb(&to_bytes![&Self::PROTOCOL_NAME, &index_vk, &public_input].unwrap());
         }
@@ -730,7 +730,7 @@ where
             AHPForR1CS::verifier_query_set::<FSF>(verifier_state, for_recursion);
 
         if for_recursion {
-            sponge.absorb(&proof.evaluations);
+            //sponge.absorb(&proof.evaluations);
         } else {
             sponge.absorb(&to_bytes![&proof.evaluations].unwrap());
         }

src/sponge/mod.rs

@@ -41,7 +41,7 @@ where
         <Self as CryptographicSpongeVar<CF, S>>::new(cs, &params)
     }
 
-    /// Absorb non native `CF` elements
+    /// Absorb non native elements
     fn absorb_nonnative(
         &mut self,
         input: &[NonNativeFieldVar<F, CF>],

src/sponge/poseidon.rs

@@ -1,9 +1,20 @@
 use core::marker::PhantomData;
 
 use ark_ff::{FpParameters, PrimeField};
-use ark_sponge::poseidon::PoseidonParameters;
+use ark_nonnative_field::{
+    params::OptimizationType, AllocatedNonNativeFieldVar, NonNativeFieldVar,
+};
+use ark_r1cs_std::alloc::AllocVar;
+use ark_r1cs_std::fields::fp::FpVar;
+use ark_relations::r1cs::SynthesisError;
+use ark_sponge::{
+    constraints::CryptographicSpongeVar,
+    poseidon::{constraints::PoseidonSpongeVar, PoseidonParameters},
+    CryptographicSponge,
+};
 
-use super::CryptographicSpongeParameters;
+use super::{CryptographicSpongeParameters, CryptographicSpongeVarNonNative};
+use crate::overhead;
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub struct PoseidonArguments<F: PrimeField> {
@@ -53,3 +64,105 @@ impl<F: PrimeField> CryptographicSpongeParameters for PoseidonParameters<F> {
         Self::new(full_rounds, partial_rounds, alpha, mds, ark)
     }
 }
+
+impl<F: PrimeField, CF: PrimeField, S: CryptographicSponge>
+    CryptographicSpongeVarNonNative<F, CF, S> for PoseidonSpongeVar<CF>
+where
+    PoseidonSpongeVar<CF>: CryptographicSpongeVar<CF, S>,
+    <Self as CryptographicSpongeVar<CF, S>>::Parameters: CryptographicSpongeParameters,
+{
+    fn absorb_nonnative(
+        &mut self,
+        input: &[NonNativeFieldVar<F, CF>],
+        ty: OptimizationType,
+    ) -> Result<(), SynthesisError> {
+        let mut src_limbs: Vec<(FpVar<CF>, CF)> = Vec::new();
+
+        for elem in input.iter() {
+            match elem {
+                NonNativeFieldVar::Constant(c) => {
+                    let v = AllocatedNonNativeFieldVar::<F, CF>::new_constant(self.cs(), c)?;
+
+                    for limb in v.limbs.iter() {
+                        let num_of_additions_over_normal_form =
+                            if v.num_of_additions_over_normal_form == CF::zero() {
+                                CF::one()
+                            } else {
+                                v.num_of_additions_over_normal_form
+                            };
+
+                        src_limbs.push((limb.clone(), num_of_additions_over_normal_form));
+                    }
+                }
+                NonNativeFieldVar::Var(v) => {
+                    for limb in v.limbs.iter() {
+                        let num_of_additions_over_normal_form =
+                            if v.num_of_additions_over_normal_form == CF::zero() {
+                                CF::one()
+                            } else {
+                                v.num_of_additions_over_normal_form
+                            };
+
+                        src_limbs.push((limb.clone(), num_of_additions_over_normal_form));
+                    }
+                }
+            }
+        }
+
+        let capacity = CF::size_in_bits() - 1;
+        let mut dest_limbs = Vec::<FpVar<CF>>::new();
+
+        if !src_limbs.is_empty() {
+            let params =
+                ark_nonnative_field::params::get_params(F::size_in_bits(), CF::size_in_bits(), ty);
+
+            let adjustment_factor_lookup_table = {
+                let mut table = Vec::<CF>::new();
+
+                let mut cur = CF::one();
+                for _ in 1..=capacity {
+                    table.push(cur);
+                    cur.double_in_place();
+                }
+
+                table
+            };
+
+            let mut i: usize = 0;
+            let src_len = src_limbs.len();
+            while i < src_len {
+                let first = &src_limbs[i];
+                let second = if i + 1 < src_len {
+                    Some(&src_limbs[i + 1])
+                } else {
+                    None
+                };
+
+                let first_max_bits_per_limb =
+                    params.bits_per_limb + overhead!(first.1 + &CF::one());
+                let second_max_bits_per_limb = if second.is_some() {
+                    params.bits_per_limb + overhead!(second.unwrap().1 + &CF::one())
+                } else {
+                    0
+                };
+
+                if second.is_some()
+                    && first_max_bits_per_limb + second_max_bits_per_limb <= capacity
+                {
+                    let adjustment_factor =
+                        &adjustment_factor_lookup_table[second_max_bits_per_limb];
+
+                    dest_limbs.push(&first.0 * *adjustment_factor + &second.unwrap().0);
+                    i += 2;
+                } else {
+                    dest_limbs.push(first.0.clone());
+                    i += 1;
+                }
+            }
+        }
+
+        self.absorb(&dest_limbs)?;
+
+        Ok(())
+    }
+}