diff --git a/src/constraints.rs b/src/constraints.rs index a21fec2d..729b833c 100644 --- a/src/constraints.rs +++ b/src/constraints.rs @@ -100,13 +100,13 @@ pub trait PCCheckVar< >: Clone { /// An allocated version of `PC::VerifierKey`. - type VerifierKeyVar: AllocVar + Clone + ToBytesGadget; + type VerifierKeyVar: AllocVar + Clone; /// An allocated version of `PC::PreparedVerifierKey`. type PreparedVerifierKeyVar: AllocVar + Clone + PrepareGadget; /// An allocated version of `PC::Commitment`. - type CommitmentVar: AllocVar + Clone + ToBytesGadget; + type CommitmentVar: AllocVar + Clone; /// An allocated version of `PC::PreparedCommitment`. type PreparedCommitmentVar: AllocVar + PrepareGadget diff --git a/src/data_structures.rs b/src/data_structures.rs index 516a7094..2259451e 100644 --- a/src/data_structures.rs +++ b/src/data_structures.rs @@ -56,9 +56,7 @@ pub trait PCPreparedVerifierKey { /// Defines the minimal interface of commitments for any polynomial /// commitment scheme. -pub trait PCCommitment: - Clone + ark_ff::ToBytes + CanonicalSerialize + CanonicalDeserialize -{ +pub trait PCCommitment: Clone + CanonicalSerialize + CanonicalDeserialize { /// Outputs a non-hiding commitment to the zero polynomial. fn empty() -> Self; @@ -100,7 +98,7 @@ pub trait PCRandomness: Clone + CanonicalSerialize + CanonicalDeserialize { /// Defines the minimal interface of evaluation proofs for any polynomial /// commitment scheme. -pub trait PCProof: Clone + ark_ff::ToBytes + CanonicalSerialize + CanonicalDeserialize { +pub trait PCProof: Clone + CanonicalSerialize + CanonicalDeserialize { /// Size in bytes #[deprecated(since = "0.4.0", note = "Please use `.serialized_size()` instead.")] fn size_in_bytes(&self) -> usize { @@ -232,13 +230,6 @@ impl LabeledCommitment { } } -impl ark_ff::ToBytes for LabeledCommitment { - #[inline] - fn write(&self, writer: W) -> ark_std::io::Result<()> { - self.commitment.write(writer) - } -} - /// A term in a linear combination. #[derive(Hash, Ord, PartialOrd, Clone, Eq, PartialEq, Debug)] pub enum LCTerm { diff --git a/src/ipa_pc/data_structures.rs b/src/ipa_pc/data_structures.rs index dcaed801..8369becf 100644 --- a/src/ipa_pc/data_structures.rs +++ b/src/ipa_pc/data_structures.rs @@ -1,7 +1,7 @@ use crate::*; use crate::{PCCommitterKey, PCVerifierKey, Vec}; use ark_ec::AffineCurve; -use ark_ff::{Field, ToBytes, UniformRand, Zero}; +use ark_ff::{Field, UniformRand, Zero}; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError}; use ark_std::rand::RngCore; use ark_std::{ @@ -121,19 +121,6 @@ impl PCCommitment for Commitment { } } -impl ToBytes for Commitment { - #[inline] - fn write(&self, mut writer: W) -> ark_std::io::Result<()> { - self.comm.write(&mut writer)?; - let shifted_exists = self.shifted_comm.is_some(); - shifted_exists.write(&mut writer)?; - self.shifted_comm - .as_ref() - .unwrap_or(&G::zero()) - .write(&mut writer) - } -} - /// Nothing to do to prepare this commitment (for now). pub type PreparedCommitment = Commitment; @@ -214,24 +201,6 @@ pub struct Proof { impl PCProof for Proof {} -impl ToBytes for Proof { - #[inline] - fn write(&self, mut writer: W) -> ark_std::io::Result<()> { - self.l_vec.write(&mut writer)?; - self.r_vec.write(&mut writer)?; - self.final_comm_key.write(&mut writer)?; - self.c.write(&mut writer)?; - self.hiding_comm - .as_ref() - .unwrap_or(&G::zero()) - .write(&mut writer)?; - self.rand - .as_ref() - .unwrap_or(&G::ScalarField::zero()) - .write(&mut writer) - } -} - /// `SuccinctCheckPolynomial` is a succinctly-representated polynomial /// generated from the `log_d` random oracle challenges generated in `open`. /// It has the special property that can be evaluated in `O(log_d)` time. diff --git a/src/ipa_pc/mod.rs b/src/ipa_pc/mod.rs index 4aed822e..4751f8c0 100644 --- a/src/ipa_pc/mod.rs +++ b/src/ipa_pc/mod.rs @@ -1,12 +1,13 @@ use crate::{BTreeMap, BTreeSet, String, ToString, Vec, CHALLENGE_SIZE}; -use crate::{BatchLCProof, Error, Evaluations, QuerySet, UVPolynomial}; +use crate::{BatchLCProof, DenseUVPolynomial, Error, Evaluations, QuerySet}; use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; use crate::{PCCommitterKey, PCRandomness, PCUniversalParams, PolynomialCommitment}; -use ark_ec::{msm::VariableBase, AffineCurve, ProjectiveCurve}; -use ark_ff::{to_bytes, Field, One, PrimeField, UniformRand, Zero}; +use ark_ec::{msm::VariableBaseMSM, AffineCurve, ProjectiveCurve}; +use ark_ff::{Field, One, PrimeField, UniformRand, Zero}; +use ark_serialize::CanonicalSerialize; use ark_std::rand::RngCore; -use ark_std::{convert::TryInto, format, marker::PhantomData, vec}; +use ark_std::{convert::TryInto, format, marker::PhantomData, ops::Mul, vec}; mod data_structures; pub use data_structures::*; @@ -34,7 +35,7 @@ use digest::Digest; pub struct InnerProductArgPC< G: AffineCurve, D: Digest, - P: UVPolynomial, + P: DenseUVPolynomial, S: CryptographicSponge, > { _projective: PhantomData, @@ -46,8 +47,9 @@ pub struct InnerProductArgPC< impl InnerProductArgPC where G: AffineCurve, + G::Projective: VariableBaseMSM, D: Digest, - P: UVPolynomial, + P: DenseUVPolynomial, S: CryptographicSponge, { /// `PROTOCOL_NAME` is used as a seed for the setup function. @@ -65,7 +67,7 @@ where .map(|s| s.into_bigint()) .collect::>(); - let mut comm = VariableBase::msm(comm_key, &scalars_bigint); + let mut comm = ::msm_bigint(comm_key, &scalars_bigint); if randomizer.is_some() { assert!(hiding_generator.is_some()); @@ -79,8 +81,9 @@ where let mut i = 0u64; let mut challenge = None; while challenge.is_none() { - let hash_input = ark_ff::to_bytes![bytes, i].unwrap(); - let hash = D::digest(&hash_input); + let mut hash_input = bytes.to_vec(); + hash_input.extend(i.to_le_bytes()); + let hash = D::digest(&hash_input.as_slice()); challenge = ::from_random_bytes(&hash); i += 1; @@ -143,32 +146,47 @@ where if proof.hiding_comm.is_some() { let hiding_comm = proof.hiding_comm.unwrap(); let rand = proof.rand.unwrap(); - - let hiding_challenge = Self::compute_random_oracle_challenge( - &ark_ff::to_bytes![combined_commitment, point, combined_v, hiding_comm].unwrap(), - ); + let mut byte_vec = Vec::new(); + combined_commitment + .serialize_uncompressed(&mut byte_vec) + .unwrap(); + point.serialize_uncompressed(&mut byte_vec).unwrap(); + combined_v.serialize_uncompressed(&mut byte_vec).unwrap(); + hiding_comm.serialize_uncompressed(&mut byte_vec).unwrap(); + let bytes = byte_vec.as_slice(); + let hiding_challenge = Self::compute_random_oracle_challenge(bytes); combined_commitment_proj += &(hiding_comm.mul(hiding_challenge) - &vk.s.mul(rand)); combined_commitment = combined_commitment_proj.into_affine(); } // Challenge for each round let mut round_challenges = Vec::with_capacity(log_d); - let mut round_challenge = Self::compute_random_oracle_challenge( - &ark_ff::to_bytes![combined_commitment, point, combined_v].unwrap(), - ); + let mut byte_vec = Vec::new(); + combined_commitment + .serialize_uncompressed(&mut byte_vec) + .unwrap(); + point.serialize_uncompressed(&mut byte_vec).unwrap(); + combined_v.serialize_uncompressed(&mut byte_vec).unwrap(); + let bytes = byte_vec.as_slice(); + let mut round_challenge = Self::compute_random_oracle_challenge(bytes); let h_prime = vk.h.mul(round_challenge); - let mut round_commitment_proj = - combined_commitment_proj + &h_prime.mul(&combined_v.into_bigint()); + let mut round_commitment_proj = combined_commitment_proj + &h_prime.mul(&combined_v); let l_iter = proof.l_vec.iter(); let r_iter = proof.r_vec.iter(); for (l, r) in l_iter.zip(r_iter) { - round_challenge = Self::compute_random_oracle_challenge( - &ark_ff::to_bytes![round_challenge, l, r].unwrap(), - ); + let mut byte_vec = Vec::new(); + round_challenge + .serialize_uncompressed(&mut byte_vec) + .unwrap(); + l.serialize_uncompressed(&mut byte_vec).unwrap(); + r.serialize_uncompressed(&mut byte_vec).unwrap(); + let bytes = byte_vec.as_slice(); + + round_challenge = Self::compute_random_oracle_challenge(bytes); round_challenges.push(round_challenge); round_commitment_proj += &(l.mul(round_challenge.inverse().unwrap()) + &r.mul(round_challenge)); @@ -295,11 +313,16 @@ where let generators: Vec<_> = ark_std::cfg_into_iter!(0..num_generators) .map(|i| { let i = i as u64; - let mut hash = D::digest(&to_bytes![&Self::PROTOCOL_NAME, i].unwrap()); + let mut hash = + D::digest([Self::PROTOCOL_NAME, &i.to_le_bytes()].concat().as_slice()); let mut g = G::from_random_bytes(&hash); let mut j = 0u64; while g.is_none() { - hash = D::digest(&to_bytes![&Self::PROTOCOL_NAME, i, j].unwrap()); + // PROTOCOL NAME, i, j + let mut bytes = Self::PROTOCOL_NAME.to_vec(); + bytes.extend(i.to_le_bytes()); + bytes.extend(j.to_le_bytes()); + hash = D::digest(bytes.as_slice()); g = G::from_random_bytes(&hash); j += 1; } @@ -315,8 +338,9 @@ where impl PolynomialCommitment for InnerProductArgPC where G: AffineCurve, + G::Projective: VariableBaseMSM, D: Digest, - P: UVPolynomial, + P: DenseUVPolynomial, S: CryptographicSponge, { type UniversalParams = UniversalParams; @@ -563,8 +587,7 @@ where let hiding_time = start_timer!(|| "Applying hiding."); let mut hiding_polynomial = P::rand(d, &mut rng); hiding_polynomial -= &P::from_coefficients_slice(&[hiding_polynomial.evaluate(point)]); - - let hiding_rand = G::ScalarField::rand(rng); + let hiding_rand = G::ScalarField::rand(&mut rng); let hiding_commitment_proj = Self::cm_commit( ck.comm_key.as_slice(), hiding_polynomial.coeffs(), @@ -579,15 +602,18 @@ where hiding_commitment = Some(batch.pop().unwrap()); combined_commitment = batch.pop().unwrap(); - let hiding_challenge = Self::compute_random_oracle_challenge( - &ark_ff::to_bytes![ - combined_commitment, - point, - combined_v, - hiding_commitment.unwrap() - ] - .unwrap(), - ); + let mut byte_vec = Vec::new(); + combined_commitment + .serialize_uncompressed(&mut byte_vec) + .unwrap(); + point.serialize_uncompressed(&mut byte_vec).unwrap(); + combined_v.serialize_uncompressed(&mut byte_vec).unwrap(); + hiding_commitment + .unwrap() + .serialize_uncompressed(&mut byte_vec) + .unwrap(); + let bytes = byte_vec.as_slice(); + let hiding_challenge = Self::compute_random_oracle_challenge(bytes); combined_polynomial += (hiding_challenge, &hiding_polynomial); combined_rand += &(hiding_challenge * &hiding_rand); combined_commitment_proj += @@ -608,9 +634,14 @@ where combined_commitment = combined_commitment_proj.into_affine(); // ith challenge - let mut round_challenge = Self::compute_random_oracle_challenge( - &ark_ff::to_bytes![combined_commitment, point, combined_v].unwrap(), - ); + let mut byte_vec = Vec::new(); + combined_commitment + .serialize_uncompressed(&mut byte_vec) + .unwrap(); + point.serialize_uncompressed(&mut byte_vec).unwrap(); + combined_v.serialize_uncompressed(&mut byte_vec).unwrap(); + let bytes = byte_vec.as_slice(); + let mut round_challenge = Self::compute_random_oracle_challenge(bytes); let h_prime = ck.h.mul(round_challenge).into_affine(); @@ -662,9 +693,14 @@ where l_vec.push(lr[0]); r_vec.push(lr[1]); - round_challenge = Self::compute_random_oracle_challenge( - &ark_ff::to_bytes![round_challenge, lr[0], lr[1]].unwrap(), - ); + let mut byte_vec = Vec::new(); + round_challenge + .serialize_uncompressed(&mut byte_vec) + .unwrap(); + lr[0].serialize_uncompressed(&mut byte_vec).unwrap(); + lr[1].serialize_uncompressed(&mut byte_vec).unwrap(); + let bytes = byte_vec.as_slice(); + round_challenge = Self::compute_random_oracle_challenge(bytes); let round_challenge_inv = round_challenge.inverse().unwrap(); ark_std::cfg_iter_mut!(coeffs_l) @@ -1042,7 +1078,7 @@ mod tests { use ark_ec::AffineCurve; use ark_ed_on_bls12_381::{EdwardsAffine, Fr}; use ark_ff::PrimeField; - use ark_poly::{univariate::DensePolynomial as DensePoly, UVPolynomial}; + use ark_poly::{univariate::DensePolynomial as DensePoly, DenseUVPolynomial}; use ark_sponge::poseidon::PoseidonSponge; use blake2::Blake2s; use rand_chacha::ChaCha20Rng; diff --git a/src/kzg10/data_structures.rs b/src/kzg10/data_structures.rs index 640fccbe..161e86f8 100644 --- a/src/kzg10/data_structures.rs +++ b/src/kzg10/data_structures.rs @@ -1,6 +1,6 @@ use crate::*; -use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; -use ark_ff::{PrimeField, ToBytes, ToConstraintField, Zero}; +use ark_ec::{PairingEngine, ProjectiveCurve}; +use ark_ff::{PrimeField, ToConstraintField, Zero}; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError}; use ark_std::{ borrow::Cow, @@ -346,18 +346,6 @@ impl CanonicalDeserialize for VerifierKey { } } -impl ToBytes for VerifierKey { - #[inline] - fn write(&self, mut writer: W) -> ark_std::io::Result<()> { - self.g.write(&mut writer)?; - self.gamma_g.write(&mut writer)?; - self.h.write(&mut writer)?; - self.beta_h.write(&mut writer)?; - self.prepared_h.write(&mut writer)?; - self.prepared_beta_h.write(&mut writer) - } -} - impl ToConstraintField<::BasePrimeField> for VerifierKey where E::G1Affine: ToConstraintField<::BasePrimeField>, @@ -424,13 +412,6 @@ pub struct Commitment( pub E::G1Affine, ); -impl ToBytes for Commitment { - #[inline] - fn write(&self, writer: W) -> ark_std::io::Result<()> { - self.0.write(writer) - } -} - impl PCCommitment for Commitment { #[inline] fn empty() -> Self { @@ -454,7 +435,7 @@ where impl<'a, E: PairingEngine> AddAssign<(E::Fr, &'a Commitment)> for Commitment { #[inline] fn add_assign(&mut self, (f, other): (E::Fr, &'a Commitment)) { - let mut other = other.0.mul(f.into_bigint()); + let mut other = other.0 * f; other.add_assign_mixed(&self.0); self.0 = other.into(); } @@ -501,13 +482,13 @@ impl PreparedCommitment { PartialEq(bound = ""), Eq(bound = "") )] -pub struct Randomness> { +pub struct Randomness> { /// For KZG10, the commitment randomness is a random polynomial. pub blinding_polynomial: P, _field: PhantomData, } -impl> Randomness { +impl> Randomness { /// Does `self` provide any hiding properties to the corresponding commitment? /// `self.is_hiding() == true` only if the underlying polynomial is non-zero. #[inline] @@ -522,7 +503,7 @@ impl> Randomness { } } -impl> PCRandomness for Randomness { +impl> PCRandomness for Randomness { fn empty() -> Self { Self { blinding_polynomial: P::zero(), @@ -538,7 +519,7 @@ impl> PCRandomness for Randomness { } } -impl<'a, F: PrimeField, P: UVPolynomial> Add<&'a Randomness> for Randomness { +impl<'a, F: PrimeField, P: DenseUVPolynomial> Add<&'a Randomness> for Randomness { type Output = Self; #[inline] @@ -548,7 +529,9 @@ impl<'a, F: PrimeField, P: UVPolynomial> Add<&'a Randomness> for Random } } -impl<'a, F: PrimeField, P: UVPolynomial> Add<(F, &'a Randomness)> for Randomness { +impl<'a, F: PrimeField, P: DenseUVPolynomial> Add<(F, &'a Randomness)> + for Randomness +{ type Output = Self; #[inline] @@ -558,14 +541,16 @@ impl<'a, F: PrimeField, P: UVPolynomial> Add<(F, &'a Randomness)> for R } } -impl<'a, F: PrimeField, P: UVPolynomial> AddAssign<&'a Randomness> for Randomness { +impl<'a, F: PrimeField, P: DenseUVPolynomial> AddAssign<&'a Randomness> + for Randomness +{ #[inline] fn add_assign(&mut self, other: &'a Self) { self.blinding_polynomial += &other.blinding_polynomial; } } -impl<'a, F: PrimeField, P: UVPolynomial> AddAssign<(F, &'a Randomness)> +impl<'a, F: PrimeField, P: DenseUVPolynomial> AddAssign<(F, &'a Randomness)> for Randomness { #[inline] @@ -594,14 +579,3 @@ pub struct Proof { } impl PCProof for Proof {} - -impl ToBytes for Proof { - #[inline] - fn write(&self, mut writer: W) -> ark_std::io::Result<()> { - self.w.write(&mut writer)?; - self.random_v - .as_ref() - .unwrap_or(&E::Fr::zero()) - .write(&mut writer) - } -} diff --git a/src/kzg10/mod.rs b/src/kzg10/mod.rs index fd1bcd71..33fcdb18 100644 --- a/src/kzg10/mod.rs +++ b/src/kzg10/mod.rs @@ -6,11 +6,11 @@ //! This construction achieves extractability in the algebraic group model (AGM). use crate::{BTreeMap, Error, LabeledPolynomial, PCRandomness, ToString, Vec}; -use ark_ec::msm::{FixedBase, VariableBase}; -use ark_ec::{group::Group, AffineCurve, PairingEngine, ProjectiveCurve}; +use ark_ec::msm::{FixedBase, VariableBaseMSM}; +use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; use ark_ff::{One, PrimeField, UniformRand, Zero}; -use ark_poly::UVPolynomial; -use ark_std::{format, marker::PhantomData, ops::Div, vec}; +use ark_poly::DenseUVPolynomial; +use ark_std::{format, marker::PhantomData, ops::Div, ops::Mul, vec}; use ark_std::rand::RngCore; #[cfg(feature = "parallel")] @@ -23,7 +23,7 @@ pub use data_structures::*; /// [Kate, Zaverucha and Goldbgerg][kzg10] /// /// [kzg10]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf -pub struct KZG10> { +pub struct KZG10> { _engine: PhantomData, _poly: PhantomData

, } @@ -31,7 +31,7 @@ pub struct KZG10> { impl KZG10 where E: PairingEngine, - P: UVPolynomial, + P: DenseUVPolynomial, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { /// Constructs public parameters when given as input the maximum degree `degree` @@ -152,8 +152,10 @@ where skip_leading_zeros_and_convert_to_bigints(polynomial); let msm_time = start_timer!(|| "MSM to compute commitment to plaintext poly"); - let mut commitment = - VariableBase::msm(&powers.powers_of_g[num_leading_zeros..], &plain_coeffs); + let mut commitment = ::msm_bigint( + &powers.powers_of_g[num_leading_zeros..], + &plain_coeffs, + ); end_timer!(msm_time); let mut randomness = Randomness::::empty(); @@ -174,8 +176,11 @@ where let random_ints = convert_to_bigints(&randomness.blinding_polynomial.coeffs()); let msm_time = start_timer!(|| "MSM to compute commitment to random poly"); - let random_commitment = - VariableBase::msm(&powers.powers_of_gamma_g, random_ints.as_slice()).into_affine(); + let random_commitment = ::msm_bigint( + &powers.powers_of_gamma_g, + random_ints.as_slice(), + ) + .into_affine(); end_timer!(msm_time); commitment.add_assign_mixed(&random_commitment); @@ -226,7 +231,10 @@ where skip_leading_zeros_and_convert_to_bigints(witness_polynomial); let witness_comm_time = start_timer!(|| "Computing commitment to witness polynomial"); - let mut w = VariableBase::msm(&powers.powers_of_g[num_leading_zeros..], &witness_coeffs); + let mut w = ::msm_bigint( + &powers.powers_of_g[num_leading_zeros..], + &witness_coeffs, + ); end_timer!(witness_comm_time); let random_v = if let Some(hiding_witness_polynomial) = hiding_witness_polynomial { @@ -238,7 +246,10 @@ where let random_witness_coeffs = convert_to_bigints(&hiding_witness_polynomial.coeffs()); let witness_comm_time = start_timer!(|| "Computing commitment to random witness polynomial"); - w += &VariableBase::msm(&powers.powers_of_gamma_g, &random_witness_coeffs); + w += &::msm_bigint( + &powers.powers_of_gamma_g, + &random_witness_coeffs, + ); end_timer!(witness_comm_time); Some(blinding_evaluation) } else { @@ -331,8 +342,8 @@ where if let Some(random_v) = proof.random_v { gamma_g_multiplier += &(randomizer * &random_v); } - total_c += &c.mul(randomizer.into_bigint()); - total_w += &w.mul(randomizer.into_bigint()); + total_c += &c.mul(randomizer); + total_w += &w.mul(randomizer); // We don't need to sample randomizers from the full field, // only from 128-bit strings. randomizer = u128::rand(rng).into(); @@ -416,7 +427,7 @@ where } } -fn skip_leading_zeros_and_convert_to_bigints>( +fn skip_leading_zeros_and_convert_to_bigints>( p: &P, ) -> (usize, Vec) { let mut num_leading_zeros = 0; @@ -453,7 +464,7 @@ mod tests { type UniPoly_377 = DensePoly<::Fr>; type KZG_Bls12_381 = KZG10; - impl> KZG10 { + impl> KZG10 { /// Specializes the public parameters for a given maximum degree `d` for polynomials /// `d` should be less that `pp.max_degree()`. pub(crate) fn trim( @@ -514,7 +525,7 @@ mod tests { fn end_to_end_test_template() -> Result<(), Error> where E: PairingEngine, - P: UVPolynomial, + P: DenseUVPolynomial, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { let rng = &mut test_rng(); @@ -545,7 +556,7 @@ mod tests { fn linear_polynomial_test_template() -> Result<(), Error> where E: PairingEngine, - P: UVPolynomial, + P: DenseUVPolynomial, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { let rng = &mut test_rng(); @@ -573,7 +584,7 @@ mod tests { fn batch_check_test_template() -> Result<(), Error> where E: PairingEngine, - P: UVPolynomial, + P: DenseUVPolynomial, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { let rng = &mut test_rng(); diff --git a/src/lib.rs b/src/lib.rs index e8712db9..068906bf 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -17,7 +17,7 @@ extern crate derivative; extern crate ark_std; use ark_ff::{Field, PrimeField}; -pub use ark_poly::{Polynomial, UVPolynomial}; +pub use ark_poly::{DenseUVPolynomial, Polynomial}; use ark_std::rand::RngCore; use ark_std::{ diff --git a/src/marlin/marlin_pc/data_structures.rs b/src/marlin/marlin_pc/data_structures.rs index 71333585..955312d5 100644 --- a/src/marlin/marlin_pc/data_structures.rs +++ b/src/marlin/marlin_pc/data_structures.rs @@ -1,9 +1,9 @@ use crate::{ - PCCommitment, PCCommitterKey, PCPreparedCommitment, PCPreparedVerifierKey, PCRandomness, - PCVerifierKey, UVPolynomial, Vec, + DenseUVPolynomial, PCCommitment, PCCommitterKey, PCPreparedCommitment, PCPreparedVerifierKey, + PCRandomness, PCVerifierKey, Vec, }; use ark_ec::{PairingEngine, ProjectiveCurve}; -use ark_ff::{Field, PrimeField, ToBytes, ToConstraintField}; +use ark_ff::{Field, PrimeField, ToConstraintField}; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError}; use ark_std::io::{Read, Write}; use ark_std::ops::{Add, AddAssign}; @@ -132,22 +132,6 @@ impl PCVerifierKey for VerifierKey { } } -impl ToBytes for VerifierKey { - #[inline] - fn write(&self, mut writer: W) -> ark_std::io::Result<()> { - self.vk.write(&mut writer)?; - if let Some(degree_bounds_and_shift_powers) = &self.degree_bounds_and_shift_powers { - writer.write_all(°ree_bounds_and_shift_powers.len().to_le_bytes())?; - for (degree_bound, shift_power) in degree_bounds_and_shift_powers { - writer.write_all(°ree_bound.to_le_bytes())?; - shift_power.write(&mut writer)?; - } - } - writer.write_all(&self.supported_degree.to_le_bytes())?; - writer.write_all(&self.max_degree.to_le_bytes()) - } -} - impl ToConstraintField<::BasePrimeField> for VerifierKey where E::G1Affine: ToConstraintField<::BasePrimeField>, @@ -249,19 +233,6 @@ pub struct Commitment { pub shifted_comm: Option>, } -impl ToBytes for Commitment { - #[inline] - fn write(&self, mut writer: W) -> ark_std::io::Result<()> { - self.comm.write(&mut writer)?; - let shifted_exists = self.shifted_comm.is_some(); - shifted_exists.write(&mut writer)?; - self.shifted_comm - .as_ref() - .unwrap_or(&kzg10::Commitment::empty()) - .write(&mut writer) - } -} - impl ToConstraintField<::BasePrimeField> for Commitment where E::G1Affine: ToConstraintField<::BasePrimeField>, @@ -329,7 +300,7 @@ impl PCPreparedCommitment> for PreparedCommitmen PartialEq(bound = ""), Eq(bound = "") )] -pub struct Randomness> { +pub struct Randomness> { /// Commitment randomness for a KZG10 commitment. pub rand: kzg10::Randomness, /// Commitment randomness for a KZG10 commitment to the shifted polynomial. @@ -338,7 +309,7 @@ pub struct Randomness> { pub shifted_rand: Option>, } -impl<'a, F: PrimeField, P: UVPolynomial> Add<&'a Self> for Randomness { +impl<'a, F: PrimeField, P: DenseUVPolynomial> Add<&'a Self> for Randomness { type Output = Self; fn add(mut self, other: &'a Self) -> Self { @@ -347,7 +318,7 @@ impl<'a, F: PrimeField, P: UVPolynomial> Add<&'a Self> for Randomness { } } -impl<'a, F: PrimeField, P: UVPolynomial> AddAssign<&'a Self> for Randomness { +impl<'a, F: PrimeField, P: DenseUVPolynomial> AddAssign<&'a Self> for Randomness { #[inline] fn add_assign(&mut self, other: &'a Self) { self.rand += &other.rand; @@ -362,7 +333,9 @@ impl<'a, F: PrimeField, P: UVPolynomial> AddAssign<&'a Self> for Randomness> Add<(F, &'a Randomness)> for Randomness { +impl<'a, F: PrimeField, P: DenseUVPolynomial> Add<(F, &'a Randomness)> + for Randomness +{ type Output = Self; #[inline] @@ -372,7 +345,7 @@ impl<'a, F: PrimeField, P: UVPolynomial> Add<(F, &'a Randomness)> for R } } -impl<'a, F: PrimeField, P: UVPolynomial> AddAssign<(F, &'a Randomness)> +impl<'a, F: PrimeField, P: DenseUVPolynomial> AddAssign<(F, &'a Randomness)> for Randomness { #[inline] @@ -387,7 +360,7 @@ impl<'a, F: PrimeField, P: UVPolynomial> AddAssign<(F, &'a Randomness)> } } -impl> PCRandomness for Randomness { +impl> PCRandomness for Randomness { fn empty() -> Self { Self { rand: kzg10::Randomness::empty(), diff --git a/src/marlin/marlin_pc/mod.rs b/src/marlin/marlin_pc/mod.rs index 535fde40..c52f2790 100644 --- a/src/marlin/marlin_pc/mod.rs +++ b/src/marlin/marlin_pc/mod.rs @@ -5,7 +5,7 @@ use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; use crate::{PCRandomness, PCUniversalParams, PolynomialCommitment}; use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; use ark_ff::Zero; -use ark_poly::UVPolynomial; +use ark_poly::DenseUVPolynomial; use ark_std::rand::RngCore; use ark_std::{marker::PhantomData, ops::Div, vec}; @@ -26,13 +26,13 @@ pub use data_structures::*; /// /// [kzg]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf /// [marlin]: https://eprint.iacr.org/2019/104 -pub struct MarlinKZG10, S: CryptographicSponge> { +pub struct MarlinKZG10, S: CryptographicSponge> { _engine: PhantomData, _poly: PhantomData

, _sponge: PhantomData, } -pub(crate) fn shift_polynomial>( +pub(crate) fn shift_polynomial>( ck: &CommitterKey, p: &P, degree_bound: usize, @@ -56,7 +56,7 @@ pub(crate) fn shift_polynomial>( impl PolynomialCommitment for MarlinKZG10 where E: PairingEngine, - P: UVPolynomial, + P: DenseUVPolynomial, S: CryptographicSponge, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { @@ -540,7 +540,7 @@ mod tests { use ark_bls12_381::Bls12_381; use ark_ec::PairingEngine; use ark_ff::UniformRand; - use ark_poly::{univariate::DensePolynomial as DensePoly, UVPolynomial}; + use ark_poly::{univariate::DensePolynomial as DensePoly, DenseUVPolynomial}; use ark_sponge::poseidon::PoseidonSponge; use rand_chacha::ChaCha20Rng; diff --git a/src/marlin/marlin_pst13_pc/data_structures.rs b/src/marlin/marlin_pst13_pc/data_structures.rs index ca8ddc61..62c9d31f 100644 --- a/src/marlin/marlin_pst13_pc/data_structures.rs +++ b/src/marlin/marlin_pst13_pc/data_structures.rs @@ -3,8 +3,8 @@ use crate::{ PCCommitterKey, PCPreparedVerifierKey, PCProof, PCRandomness, PCUniversalParams, PCVerifierKey, }; use ark_ec::PairingEngine; -use ark_ff::{ToBytes, Zero}; -use ark_poly::MVPolynomial; +use ark_ff::Zero; +use ark_poly::DenseMVPolynomial; use ark_std::{ io::{Read, Write}, marker::PhantomData, @@ -20,7 +20,7 @@ use ark_std::rand::RngCore; pub struct UniversalParams where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { /// Contains group elements corresponding to all possible monomials with @@ -51,7 +51,7 @@ where impl CanonicalSerialize for UniversalParams where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { fn serialize(&self, mut writer: W) -> Result<(), SerializationError> { @@ -108,7 +108,7 @@ where impl CanonicalDeserialize for UniversalParams where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { fn deserialize(mut reader: R) -> Result { @@ -184,7 +184,7 @@ where impl PCUniversalParams for UniversalParams where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { fn max_degree(&self) -> usize { @@ -199,7 +199,7 @@ where pub struct CommitterKey where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { /// Contains group elements corresponding to all possible monomials with @@ -223,7 +223,7 @@ where impl PCCommitterKey for CommitterKey where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { fn max_degree(&self) -> usize { @@ -419,7 +419,7 @@ impl PCPreparedVerifierKey> for PreparedVerifie pub struct Randomness where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { /// A multivariate polynomial where each monomial is univariate with random coefficient @@ -430,7 +430,7 @@ where impl Randomness where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { /// Does `self` provide any hiding properties to the corresponding commitment? @@ -450,7 +450,7 @@ where impl PCRandomness for Randomness where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { fn empty() -> Self { @@ -474,10 +474,11 @@ where } } -impl<'a, E: PairingEngine, P: MVPolynomial> Add<&'a Randomness> for Randomness +impl<'a, E: PairingEngine, P: DenseMVPolynomial> Add<&'a Randomness> + for Randomness where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { type Output = Self; @@ -492,7 +493,7 @@ where impl<'a, E, P> Add<(E::Fr, &'a Randomness)> for Randomness where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { type Output = Self; @@ -507,7 +508,7 @@ where impl<'a, E, P> AddAssign<&'a Randomness> for Randomness where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { #[inline] @@ -519,7 +520,7 @@ where impl<'a, E, P> AddAssign<(E::Fr, &'a Randomness)> for Randomness where E: PairingEngine, - P: MVPolynomial, + P: DenseMVPolynomial, P::Point: Index, { #[inline] @@ -549,24 +550,10 @@ pub struct Proof { impl PCProof for Proof { fn size_in_bytes(&self) -> usize { let hiding_size = if self.random_v.is_some() { - ark_ff::to_bytes![E::Fr::zero()].unwrap().len() + E::Fr::zero().serialized_size() } else { 0 }; - (self.w.len() * ark_ff::to_bytes![E::G1Affine::zero()].unwrap().len()) / 2 + hiding_size - } -} - -impl ToBytes for Proof { - #[inline] - fn write(&self, mut writer: W) -> ark_std::io::Result<()> { - self.w - .iter() - .map(|e| e.write(&mut writer)) - .collect::>()?; - self.random_v - .as_ref() - .unwrap_or(&E::Fr::zero()) - .write(&mut writer) + (self.w.len() * E::G1Affine::zero().serialized_size()) / 2 + hiding_size } } diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index 45a78b5c..20f7096b 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -8,13 +8,13 @@ use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; use crate::{PCRandomness, PCUniversalParams, PolynomialCommitment}; use crate::{ToString, Vec}; use ark_ec::{ - msm::{FixedBase, VariableBase}, + msm::{FixedBase, VariableBaseMSM}, AffineCurve, PairingEngine, ProjectiveCurve, }; use ark_ff::{One, PrimeField, UniformRand, Zero}; -use ark_poly::{multivariate::Term, MVPolynomial}; +use ark_poly::{multivariate::Term, DenseMVPolynomial}; use ark_std::rand::RngCore; -use ark_std::{marker::PhantomData, ops::Index, vec}; +use ark_std::{marker::PhantomData, ops::Index, ops::Mul, vec}; mod data_structures; pub use data_structures::*; @@ -33,13 +33,13 @@ use rayon::prelude::*; /// /// [pst]: https://eprint.iacr.org/2011/587 /// [marlin]: https://eprint.iacr.org/2019/104 -pub struct MarlinPST13, S: CryptographicSponge> { +pub struct MarlinPST13, S: CryptographicSponge> { _engine: PhantomData, _poly: PhantomData

, _sponge: PhantomData, } -impl, S: CryptographicSponge> MarlinPST13 { +impl, S: CryptographicSponge> MarlinPST13 { /// Given some point `z`, compute the quotients `w_i(X)` s.t /// /// `p(X) - p(z) = (X_1-z_1)*w_1(X) + (X_2-z_2)*w_2(X) + ... + (X_l-z_l)*w_l(X)` @@ -143,7 +143,7 @@ impl, S: CryptographicSponge> MarlinPST impl PolynomialCommitment for MarlinPST13 where E: PairingEngine, - P: MVPolynomial + Sync, + P: DenseMVPolynomial + Sync, S: CryptographicSponge, P::Point: Index, { @@ -254,10 +254,7 @@ where .into_iter() .map(|v| E::G1Projective::batch_normalization_into_affine(&v)) .collect(); - let beta_h: Vec<_> = betas - .iter() - .map(|b| h.mul(&(*b).into_bigint()).into_affine()) - .collect(); + let beta_h: Vec<_> = betas.iter().map(|b| h.mul(b).into_affine()).collect(); let h = h.into_affine(); let prepared_h = h.into(); let prepared_beta_h = beta_h.iter().map(|bh| (*bh).into()).collect(); @@ -383,7 +380,8 @@ where end_timer!(to_bigint_time); let msm_time = start_timer!(|| "MSM to compute commitment to plaintext poly"); - let mut commitment = VariableBase::msm(&powers_of_g, &plain_ints); + let mut commitment = + ::msm_bigint(&powers_of_g, &plain_ints); end_timer!(msm_time); // Sample random polynomial @@ -419,7 +417,8 @@ where let msm_time = start_timer!(|| "MSM to compute commitment to random poly"); let random_commitment = - VariableBase::msm(&powers_of_gamma_g, &random_ints).into_affine(); + ::msm_bigint(&powers_of_gamma_g, &random_ints) + .into_affine(); end_timer!(msm_time); // Mask commitment with random poly @@ -487,7 +486,7 @@ where // Convert coefficients to BigInt let witness_ints = Self::convert_to_bigints(&w); // Compute MSM - VariableBase::msm(&powers_of_g, &witness_ints) + ::msm_bigint(&powers_of_g, &witness_ints) }) .collect::>(); end_timer!(witness_comm_time); @@ -517,7 +516,10 @@ where // Convert coefficients to BigInt let hiding_witness_ints = Self::convert_to_bigints(hiding_witness); // Compute MSM and add result to witness - *witness += &VariableBase::msm(&powers_of_gamma_g, &hiding_witness_ints); + *witness += &::msm_bigint( + &powers_of_gamma_g, + &hiding_witness_ints, + ); }); end_timer!(witness_comm_time); Some(r.blinding_polynomial.evaluate(point)) @@ -625,7 +627,7 @@ where if let Some(random_v) = proof.random_v { gamma_g_multiplier += &(randomizer * &random_v); } - total_c += &c.mul(&randomizer.into_bigint()); + total_c += &c.mul(&randomizer); ark_std::cfg_iter_mut!(total_w) .enumerate() .for_each(|(i, w_i)| *w_i += &w[i].mul(randomizer)); @@ -633,8 +635,8 @@ where // only from 128-bit strings. randomizer = u128::rand(rng).into(); } - total_c -= &g.mul(&g_multiplier.into_bigint()); - total_c -= &gamma_g.mul(&gamma_g_multiplier.into_bigint()); + total_c -= &g.mul(&g_multiplier); + total_c -= &gamma_g.mul(&gamma_g_multiplier); end_timer!(combination_time); let to_affine_time = start_timer!(|| "Converting results to affine for pairing"); @@ -717,7 +719,7 @@ mod tests { use ark_ff::UniformRand; use ark_poly::{ multivariate::{SparsePolynomial as SparsePoly, SparseTerm}, - MVPolynomial, + DenseMVPolynomial, }; use ark_sponge::poseidon::PoseidonSponge; use rand_chacha::ChaCha20Rng; diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index 05ba0570..eff8c4ce 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -7,7 +7,7 @@ use crate::{PCRandomness, Polynomial, PolynomialCommitment}; use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; use ark_ff::{One, Zero}; use ark_sponge::CryptographicSponge; -use ark_std::{convert::TryInto, hash::Hash, ops::AddAssign}; +use ark_std::{convert::TryInto, hash::Hash, ops::AddAssign, ops::Mul}; /// Polynomial commitment scheme from [[KZG10]][kzg] that enforces /// strict degree bounds and (optionally) enables hiding commitments by diff --git a/src/multilinear_pc/mod.rs b/src/multilinear_pc/mod.rs index 8473a7b9..6d001639 100644 --- a/src/multilinear_pc/mod.rs +++ b/src/multilinear_pc/mod.rs @@ -1,7 +1,7 @@ use crate::multilinear_pc::data_structures::{ Commitment, CommitterKey, Proof, UniversalParams, VerifierKey, }; -use ark_ec::msm::{FixedBase, VariableBase}; +use ark_ec::msm::{FixedBase, VariableBaseMSM}; use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; use ark_ff::{Field, PrimeField}; use ark_ff::{One, Zero}; @@ -9,6 +9,7 @@ use ark_poly::{DenseMultilinearExtension, MultilinearExtension}; use ark_std::collections::LinkedList; use ark_std::iter::FromIterator; use ark_std::marker::PhantomData; +use ark_std::ops::Mul; use ark_std::rand::RngCore; use ark_std::vec::Vec; use ark_std::UniformRand; @@ -146,7 +147,11 @@ impl MultilinearPC { .into_iter() .map(|x| x.into_bigint()) .collect(); - let g_product = VariableBase::msm(&ck.powers_of_g[0], scalars.as_slice()).into_affine(); + let g_product = ::msm_bigint( + &ck.powers_of_g[0], + scalars.as_slice(), + ) + .into_affine(); Commitment { nv, g_product } } @@ -178,7 +183,9 @@ impl MultilinearPC { .map(|x| q[k][x >> 1].into_bigint()) // fine .collect(); - let pi_h = VariableBase::msm(&ck.powers_of_h[i], &scalars).into_affine(); // no need to move outside and partition + let pi_h = + ::msm_bigint(&ck.powers_of_h[i], &scalars) + .into_affine(); // no need to move outside and partition proofs.push(pi_h); } diff --git a/src/sonic_pc/mod.rs b/src/sonic_pc/mod.rs index c8b579b9..7c48de7f 100644 --- a/src/sonic_pc/mod.rs +++ b/src/sonic_pc/mod.rs @@ -1,13 +1,13 @@ use crate::{kzg10, PCCommitterKey, CHALLENGE_SIZE}; use crate::{BTreeMap, BTreeSet, String, ToString, Vec}; -use crate::{BatchLCProof, Error, Evaluations, QuerySet, UVPolynomial}; +use crate::{BatchLCProof, DenseUVPolynomial, Error, Evaluations, QuerySet}; use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; use crate::{PCRandomness, PCUniversalParams, PolynomialCommitment}; use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; -use ark_ff::{One, PrimeField, UniformRand, Zero}; +use ark_ff::{One, UniformRand, Zero}; use ark_std::rand::RngCore; -use ark_std::{convert::TryInto, marker::PhantomData, ops::Div, vec}; +use ark_std::{convert::TryInto, marker::PhantomData, ops::Div, ops::Mul, vec}; mod data_structures; use crate::challenge::ChallengeGenerator; @@ -24,7 +24,7 @@ pub use data_structures::*; /// [sonic]: https://eprint.iacr.org/2019/099 /// [al]: https://eprint.iacr.org/2019/601 /// [marlin]: https://eprint.iacr.org/2019/1047 -pub struct SonicKZG10, S: CryptographicSponge> { +pub struct SonicKZG10, S: CryptographicSponge> { _engine: PhantomData, _poly: PhantomData

, _sponge: PhantomData, @@ -33,7 +33,7 @@ pub struct SonicKZG10, S: Cryptographic impl SonicKZG10 where E: PairingEngine, - P: UVPolynomial, + P: DenseUVPolynomial, S: CryptographicSponge, { fn accumulate_elems<'a>( @@ -66,7 +66,7 @@ where let mut comm_with_challenge: E::G1Projective = comm.0.mul(curr_challenge); if let Some(randomizer) = randomizer { - comm_with_challenge = comm_with_challenge.mul(&randomizer.into_bigint()); + comm_with_challenge = comm_with_challenge.mul(&randomizer); } // Accumulate values in the BTreeMap @@ -85,7 +85,7 @@ where if let Some(randomizer) = randomizer { witness = proof.w.mul(randomizer); - adjusted_witness = adjusted_witness.mul(&randomizer.into_bigint()); + adjusted_witness = adjusted_witness.mul(&randomizer); } *combined_witness += &witness; @@ -137,7 +137,7 @@ where impl PolynomialCommitment for SonicKZG10 where E: PairingEngine, - P: UVPolynomial, + P: DenseUVPolynomial, S: CryptographicSponge, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { @@ -683,7 +683,7 @@ mod tests { use ark_bls12_381::Bls12_381; use ark_ec::PairingEngine; use ark_ff::UniformRand; - use ark_poly::{univariate::DensePolynomial as DensePoly, UVPolynomial}; + use ark_poly::{univariate::DensePolynomial as DensePoly, DenseUVPolynomial}; use ark_sponge::poseidon::PoseidonSponge; use rand_chacha::ChaCha20Rng; diff --git a/src/streaming_kzg/mod.rs b/src/streaming_kzg/mod.rs index 06019cca..4c5e8385 100644 --- a/src/streaming_kzg/mod.rs +++ b/src/streaming_kzg/mod.rs @@ -87,6 +87,7 @@ mod space; mod time; use ark_ec::ProjectiveCurve; +use ark_serialize::CanonicalSerialize; use ark_std::vec::Vec; pub use data_structures::*; pub use space::CommitterKeyStream; @@ -96,14 +97,13 @@ pub use time::CommitterKey; pub mod tests; use ark_ff::{Field, One, PrimeField, Zero}; -use ark_poly::{univariate::DensePolynomial, UVPolynomial}; -use ark_std::io::Write; +use ark_poly::{univariate::DensePolynomial, DenseUVPolynomial}; use ark_std::ops::{Add, Mul}; use ark_std::borrow::Borrow; use ark_std::fmt; -use ark_ec::{msm::VariableBase, AffineCurve, PairingEngine}; +use ark_ec::{msm::VariableBaseMSM, AffineCurve, PairingEngine}; /// A Kate polynomial commitment over a bilinear group, represented as a single \\(\GG_1\\) element. #[derive(Debug, Copy, Clone, PartialEq, Eq)] @@ -112,24 +112,18 @@ pub struct Commitment(pub(crate) E::G1Affine); impl Commitment { /// Return the size of Commitment in bytes. pub fn size_in_bytes(&self) -> usize { - ark_ff::to_bytes![E::G1Affine::zero()].unwrap().len() / 2 + // ark_ff::to_bytes![E::G1Affine::zero()].unwrap().len() / 2 + E::G1Affine::zero().serialized_size() / 2 } } #[inline] fn msm(bases: &[E::G1Affine], scalars: &[E::Fr]) -> E::G1Affine { let scalars = scalars.iter().map(|x| x.into_bigint()).collect::>(); - let sp = VariableBase::msm(bases, &scalars); + let sp = ::msm_bigint(bases, &scalars); sp.into_affine() } -impl ark_ff::ToBytes for Commitment { - #[inline] - fn write(&self, writer: W) -> ark_std::io::Result<()> { - self.0.write(writer) - } -} - /// Polynomial evaluation proof, represented as a single \\(\GG_1\\) element. #[derive(Clone, Debug, PartialEq, Eq)] pub struct EvaluationProof(pub E::G1Affine); @@ -184,9 +178,8 @@ impl VerifierKey { proof: &EvaluationProof, ) -> VerificationResult { let scalars = [(-alpha).into_bigint(), E::Fr::one().into_bigint()]; - let ep = VariableBase::msm(&self.powers_of_g2, &scalars); - let lhs = - commitment.0.into_projective() - self.powers_of_g[0].mul(evaluation.into_bigint()); + let ep = ::msm_bigint(&self.powers_of_g2, &scalars); + let lhs = commitment.0.into_projective() - self.powers_of_g[0].mul(evaluation); let g2 = self.powers_of_g2[0]; if E::pairing(lhs, g2) == E::pairing(proof.0, ep) { @@ -213,7 +206,8 @@ impl VerifierKey { // Computing the vanishing polynomial over eval_points let zeros = vanishing_polynomial(eval_points); let zeros_repr = zeros.iter().map(|x| x.into_bigint()).collect::>(); - let zeros = VariableBase::msm(&self.powers_of_g2, &zeros_repr); + let zeros = + ::msm_bigint(&self.powers_of_g2, &zeros_repr); // Computing the inverse for the interpolation let mut sca_inverse = Vec::new(); @@ -256,7 +250,7 @@ impl VerifierKey { // Gathering commitments let comm_vec = commitments.iter().map(|x| x.0).collect::>(); let etas_repr = etas.iter().map(|e| e.into_bigint()).collect::>(); - let f_comm = VariableBase::msm(&comm_vec, &etas_repr); + let f_comm = ::msm_bigint(&comm_vec, &etas_repr); let g2 = self.powers_of_g2[0]; diff --git a/src/streaming_kzg/space.rs b/src/streaming_kzg/space.rs index f5c7365b..4fd4d13a 100644 --- a/src/streaming_kzg/space.rs +++ b/src/streaming_kzg/space.rs @@ -7,7 +7,7 @@ use ark_std::collections::VecDeque; use ark_std::vec::Vec; use crate::streaming_kzg::{ceil_div, vanishing_polynomial, FoldedPolynomialTree}; -use ark_ec::msm::{ChunkedPippenger, HashMapPippenger, VariableBase}; +use ark_ec::msm::{ChunkedPippenger, HashMapPippenger, VariableBaseMSM}; use ark_std::iterable::{Iterable, Reverse}; use super::{time::CommitterKey, VerifierKey}; @@ -135,7 +135,10 @@ where { assert!(self.powers_of_g.len() >= polynomial.len()); - Commitment(VariableBase::msm_chunks(&self.powers_of_g, polynomial).into_affine()) + Commitment( + ::msm_chunks(&self.powers_of_g, polynomial) + .into_affine(), + ) } /// The batch commitment procedures, that takes as input a committer key and the streaming coefficients of a list of polynomials, and produces the desired commitments. diff --git a/src/streaming_kzg/tests.rs b/src/streaming_kzg/tests.rs index 2f84182c..bb2aa34e 100644 --- a/src/streaming_kzg/tests.rs +++ b/src/streaming_kzg/tests.rs @@ -1,6 +1,6 @@ use ark_bls12_381::{Bls12_381, Fr}; use ark_poly::univariate::DensePolynomial; -use ark_poly::UVPolynomial; +use ark_poly::DenseUVPolynomial; use ark_std::vec::Vec; use ark_std::{UniformRand, Zero}; @@ -153,7 +153,7 @@ fn test_trivial_commitment() { use ark_bls12_381::Bls12_381; use ark_bls12_381::Fr; use ark_poly::univariate::DensePolynomial; - use ark_poly::UVPolynomial; + use ark_poly::DenseUVPolynomial; use ark_std::One; let rng = &mut ark_std::test_rng(); @@ -173,8 +173,8 @@ fn test_commitment() { use ark_bls12_381::Bls12_381; use ark_bls12_381::Fr; use ark_poly::univariate::DensePolynomial; + use ark_poly::DenseUVPolynomial; use ark_poly::Polynomial; - use ark_poly::UVPolynomial; let rng = &mut ark_std::test_rng(); let ck = CommitterKey::::new(100, 3, rng); @@ -195,7 +195,7 @@ fn test_open_multi_points() { use ark_bls12_381::{Bls12_381, Fr}; use ark_ff::Field; use ark_poly::univariate::DensePolynomial; - use ark_poly::UVPolynomial; + use ark_poly::DenseUVPolynomial; use ark_std::test_rng; let max_msm_buffer = 1 << 20; diff --git a/src/streaming_kzg/time.rs b/src/streaming_kzg/time.rs index d4a0d0f9..251a0e9e 100644 --- a/src/streaming_kzg/time.rs +++ b/src/streaming_kzg/time.rs @@ -2,11 +2,11 @@ //! with optimization from [\[BDFG20\]](https://eprint.iacr.org/2020/081.pdf). use ark_ec::msm::FixedBase; use ark_ec::PairingEngine; -use ark_ec::{AffineCurve, ProjectiveCurve}; +use ark_ec::ProjectiveCurve; use ark_ff::{PrimeField, Zero}; -use ark_poly::{univariate::DensePolynomial, UVPolynomial}; +use ark_poly::{univariate::DensePolynomial, DenseUVPolynomial}; use ark_std::borrow::Borrow; -use ark_std::ops::Div; +use ark_std::ops::{Div, Mul}; use ark_std::rand::RngCore; use ark_std::vec::Vec; use ark_std::UniformRand; @@ -64,7 +64,7 @@ impl CommitterKey { let powers_of_g2 = powers_of_tau .iter() .take(max_eval_points + 1) - .map(|t| g2.mul(t.into_bigint()).into_affine()) + .map(|t| g2.mul(t).into_affine()) .collect::>(); CommitterKey {