Update arkworks to 0.4.2 (only up to kimchi) (p-s develop/mina compat…

…ible)

Update arkworks to 0.4.2 for pallas and vesta

Update test cases to new version of test suite 0.4.2

Upgrade utils to arkworks 0.4.2

Upgrade poseidon to arkworks 0.4.2

Upgrade export test vectors of poseidon to arkworks 0.4.2

Upgrade groupmap to arkworks 0.4.2

Upgrade hasher to arkworks 0.4.2

Upgrade signer to arkworks 0.4.2

Upgrade turshi to arkworks 0.4.2

Convert poly-comm to arkworks 0.4.2

Upgrade arkworks for `kimchi` and other libraries/tools

Fixup compilation errors in OCaml conversion helpers

Adjust serde_as regression test to 0.4.2

Use compressed serialization

Fix erroneous implicit Affine->Proj conversions

Fix from_address bug

Fix ocaml printing: use hex instead of integer

Cargo.toml

@@ -24,13 +24,13 @@ members = [
 resolver = "2"
 
 [workspace.dependencies]
-ark-algebra-test-templates = "0.3.0"
-ark-bn254 = { version = "0.3.0" }
-ark-ec = { version = "0.3.0", features = ["parallel"] }
-ark-ff = { version = "0.3.0", features = ["parallel", "asm"] }
-ark-poly = { version = "0.3.0", features = ["parallel"] }
-ark-serialize = "0.3.0"
-ark-std = "0.3.0"
+ark-algebra-test-templates = "0.4.2"
+ark-bn254 = { version = "0.4.0" }
+ark-ec = { version = "0.4.2", features = ["parallel"] }
+ark-ff = { version = "0.4.2", features = ["parallel", "asm"] }
+ark-poly = { version = "0.4.2", features = ["parallel"] }
+ark-serialize = "0.4.2"
+ark-std = "0.4.0"
 bcs = "0.1.3"
 base64 = "0.21.5"
 bitvec = "1.0.0"

book/src/specs/kimchi.md

@@ -2037,7 +2037,7 @@ pub struct ProofEvaluations<Evals> {
 #[serde_as]
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(bound = "G: ark_serialize::CanonicalDeserialize + ark_serialize::CanonicalSerialize")]
-pub struct LookupCommitments<G: AffineCurve> {
+pub struct LookupCommitments<G: AffineRepr> {
     /// Commitments to the sorted lookup table polynomial (may have chunks)
     pub sorted: Vec<PolyComm<G>>,
     /// Commitment to the lookup aggregation polynomial
@@ -2050,7 +2050,7 @@ pub struct LookupCommitments<G: AffineCurve> {
 #[serde_as]
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(bound = "G: ark_serialize::CanonicalDeserialize + ark_serialize::CanonicalSerialize")]
-pub struct ProverCommitments<G: AffineCurve> {
+pub struct ProverCommitments<G: AffineRepr> {
     /// The commitments to the witness (execution trace)
     pub w_comm: [PolyComm<G>; COLUMNS],
     /// The commitment to the permutation polynomial
@@ -2065,7 +2065,7 @@ pub struct ProverCommitments<G: AffineCurve> {
 #[serde_as]
 #[derive(Debug, Clone, Serialize, Deserialize)]
 #[serde(bound = "G: ark_serialize::CanonicalDeserialize + ark_serialize::CanonicalSerialize")]
-pub struct ProverProof<G: AffineCurve, OpeningProof> {
+pub struct ProverProof<G: AffineRepr, OpeningProof> {
     /// All the polynomial commitments required in the proof
     pub commitments: ProverCommitments<G>,
 
@@ -2093,7 +2093,7 @@ pub struct ProverProof<G: AffineCurve, OpeningProof> {
 #[serde(bound = "G: ark_serialize::CanonicalDeserialize + ark_serialize::CanonicalSerialize")]
 pub struct RecursionChallenge<G>
 where
-    G: AffineCurve,
+    G: AffineRepr,
 {
     /// Vector of scalar field elements
     #[serde_as(as = "Vec<o1_utils::serialization::SerdeAs>")]

circuit-construction/Cargo.toml

@@ -0,0 +1,47 @@
+[package]
+name = "circuit-construction"
+version = "0.1.0"
+description = "A simple circuit writer for kimchi"
+repository = "https://github.com/o1-labs/proof-systems"
+edition = "2021"
+license = "Apache-2.0"
+homepage = "https://o1-labs.github.io/proof-systems/"
+documentation = "https://o1-labs.github.io/proof-systems/rustdoc/"
+readme = "../README.md"
+
+[lib]
+path = "src/lib.rs"
+bench = false # needed for criterion (https://bheisler.github.io/criterion.rs/book/faq.html#cargo-bench-gives-unrecognized-option-errors-for-valid-command-line-options)
+
+[dependencies]
+ark-ff = { version = "0.4.2", features = [ "parallel", "asm" ] }
+ark-ec = { version = "0.4.2", features = [ "parallel" ] }
+ark-poly = { version = "0.4.2", features = [ "parallel" ] }
+ark-serialize = "0.4.2"
+blake2 = "0.10.0"
+num-derive = "0.3"
+num-traits = "0.2"
+itertools = "0.10.3"
+rand = "0.8.0"
+rand_core = "0.6.3"
+rayon = "1.5.0"
+rmp-serde = "1.0.0"
+serde = "1.0.130"
+serde_with = "1.10.0"
+thiserror = "1.0.30"
+
+poly-commitment = { path = "../poly-commitment", version = "0.1.0" }
+groupmap = { path = "../groupmap", version = "0.1.0" }
+mina-curves = { path = "../curves", version = "0.1.0" }
+o1-utils = { path = "../utils", version = "0.1.0" }
+mina-poseidon = { path = "../poseidon", version = "0.1.0" }
+kimchi = { path = "../kimchi", version = "0.1.0" }
+
+[dev-dependencies]
+proptest = "1.0.0"
+proptest-derive = "0.3.0"
+colored = "2.0.0"
+
+# benchmarks
+criterion = "0.3"
+iai = "0.1"

circuit-construction/src/constants.rs

@@ -0,0 +1,44 @@
+use ark_ec::AffineRepr;
+use ark_ff::Field;
+use kimchi::curve::KimchiCurve;
+use mina_curves::pasta::{Fp, Fq, Pallas as PallasAffine, Vesta as VestaAffine};
+use mina_poseidon::poseidon::ArithmeticSpongeParams;
+use poly_commitment::{commitment::CommitmentCurve, srs::endos};
+
+/// The type of possible constants in the circuit
+#[derive(Clone)]
+pub struct Constants<F: Field + 'static> {
+    pub poseidon: &'static ArithmeticSpongeParams<F>,
+    pub endo: F,
+    pub base: (F, F),
+}
+
+/// Constants for the base field of Pallas
+/// ///
+/// # Panics
+///
+/// Will panic if `PallasAffine::generator()` returns None.
+pub fn fp_constants() -> Constants<Fp> {
+    let (endo_q, _endo_r) = endos::<PallasAffine>();
+    let base = PallasAffine::generator().to_coordinates().unwrap();
+    Constants {
+        poseidon: VestaAffine::sponge_params(),
+        endo: endo_q,
+        base,
+    }
+}
+
+/// Constants for the base field of Vesta
+///
+/// # Panics
+///
+/// Will panic if `VestaAffine::generator()` returns None.
+pub fn fq_constants() -> Constants<Fq> {
+    let (endo_q, _endo_r) = endos::<VestaAffine>();
+    let base = VestaAffine::generator().to_coordinates().unwrap();
+    Constants {
+        poseidon: PallasAffine::sponge_params(),
+        endo: endo_q,
+        base,
+    }
+}

circuit-construction/src/lib.rs

@@ -0,0 +1,33 @@
+#![doc = include_str!("../../README.md")]
+
+/// Definition of possible constants in circuits
+pub mod constants;
+/// This contains the prover functions, ranging from curves definitions to prover index and proof generation
+pub mod prover;
+/// This is the actual writer with all of the available functions to set up a circuit and its corresponding constraint system
+pub mod writer;
+
+#[cfg(test)]
+mod tests;
+
+/// This contains the Kimchi dependencies being used
+pub mod prologue {
+    pub use super::constants::{fp_constants, fq_constants, Constants};
+    pub use super::prover::{generate_prover_index, prove, CoordinateCurve};
+    pub use super::writer::{Cs, Var};
+    pub use ark_ec::{AffineRepr, CurveGroup};
+    pub use ark_ff::{FftField, PrimeField, UniformRand};
+    pub use ark_poly::{EvaluationDomain, Radix2EvaluationDomain};
+    pub use groupmap::GroupMap;
+    pub use kimchi::verifier::verify;
+    pub use mina_curves::pasta::{
+        Fp, Pallas as PallasAffine, Vesta as VestaAffine, VestaParameters,
+    };
+    pub use mina_poseidon::{
+        constants::*,
+        poseidon::{ArithmeticSponge, Sponge},
+        sponge::{DefaultFqSponge, DefaultFrSponge},
+    };
+    pub use poly_commitment::{commitment::CommitmentCurve, srs::SRS};
+    pub use std::sync::Arc;
+}

circuit-construction/src/prover.rs

@@ -0,0 +1,136 @@
+use crate::writer::{Cs, GateSpec, System, Var, WitnessGenerator};
+use ark_ec::AffineRepr;
+use ark_ff::{One, PrimeField, Zero};
+use kimchi::{
+    circuits::{constraints::ConstraintSystem, gate::GateType, wires::COLUMNS},
+    curve::KimchiCurve,
+    plonk_sponge::FrSponge,
+    proof::ProverProof,
+    prover_index::ProverIndex,
+};
+use mina_poseidon::FqSponge;
+use poly_commitment::{
+    commitment::{CommitmentCurve, PolyComm},
+    srs::{endos, SRS},
+};
+use std::array;
+
+/// Given an index, a group map, custom blinders for the witness, a public input vector, and a circuit `main`, it creates a proof.
+///
+/// # Panics
+///
+/// Will panic if recursive proof creation returns `ProverError`.
+pub fn prove<G, H, EFqSponge, EFrSponge>(
+    index: &ProverIndex<G>,
+    group_map: &G::Map,
+    blinders: Option<[Option<G::ScalarField>; COLUMNS]>,
+    public_input: &[G::ScalarField],
+    mut main: H,
+) -> ProverProof<G>
+where
+    H: FnMut(&mut WitnessGenerator<G::ScalarField>, Vec<Var<G::ScalarField>>),
+    G::BaseField: PrimeField,
+    G: KimchiCurve,
+    EFqSponge: Clone + FqSponge<G::BaseField, G, G::ScalarField>,
+    EFrSponge: FrSponge<G::ScalarField>,
+{
+    // create the witness generator
+    let mut gen: WitnessGenerator<G::ScalarField> = WitnessGenerator::new(public_input);
+
+    // run the witness generation
+    let public_vars = public_input
+        .iter()
+        .map(|x| Var {
+            index: 0,
+            value: Some(*x),
+        })
+        .collect();
+    main(&mut gen, public_vars);
+
+    // get the witness columns
+    gen.curr_gate_count();
+    let columns = gen.columns();
+
+    // custom blinders for the witness commitment
+    let blinders: [Option<PolyComm<G::ScalarField>>; COLUMNS] = match blinders {
+        None => array::from_fn(|_| None),
+        Some(bs) => array::from_fn(|i| {
+            bs[i].map(|b| PolyComm {
+                unshifted: vec![b],
+                shifted: None,
+            })
+        }),
+    };
+
+    // create the proof
+    ProverProof::create_recursive::<EFqSponge, EFrSponge>(
+        group_map,
+        columns,
+        &[],
+        index,
+        vec![],
+        Some(blinders),
+    )
+    .unwrap()
+}
+
+/// Creates the prover index on input an `srs`, used `constants`, parameters for Poseidon, number of public inputs, and a specific circuit
+///
+/// # Panics
+///
+/// Will panic if `constraint_system` is not built with `public` input.
+pub fn generate_prover_index<Curve, Circuit>(
+    srs: std::sync::Arc<SRS<Curve>>,
+    public: usize,
+    main: Circuit,
+) -> ProverIndex<Curve>
+where
+    Circuit: FnOnce(&mut System<Curve::ScalarField>, Vec<Var<Curve::ScalarField>>),
+    Curve: KimchiCurve,
+{
+    let mut system: System<Curve::ScalarField> = System::default();
+    let z = Curve::ScalarField::zero();
+
+    // create public input variables
+    let public_input_row = vec![Curve::ScalarField::one(), z, z, z, z, z, z, z, z, z];
+    let public_input: Vec<_> = (0..public)
+        .map(|_| {
+            let v = system.var(|| panic!("fail"));
+
+            system.gate(GateSpec {
+                typ: GateType::Generic,
+                row: vec![Some(v)],
+                coeffs: public_input_row.clone(),
+            });
+            v
+        })
+        .collect();
+
+    main(&mut system, public_input);
+
+    let gates = system.gates();
+
+    // Other base field = self scalar field
+    let (endo_q, _endo_r) = endos::<Curve::OtherCurve>();
+    //let (endo_q, _endo_r) = Curve::endos();
+
+    let constraint_system = ConstraintSystem::<Curve::ScalarField>::create(gates)
+        .public(public)
+        .build()
+        // TODO: return a Result instead of panicking
+        .expect("couldn't construct constraint system");
+
+    ProverIndex::<Curve>::create(constraint_system, endo_q, srs)
+}
+
+/// Handling coordinates in an affine curve
+pub trait CoordinateCurve: AffineRepr {
+    /// Returns the coordinates in the curve as two points of the base field
+    fn to_coords(&self) -> Option<(Self::BaseField, Self::BaseField)>;
+}
+
+impl<G: CommitmentCurve> CoordinateCurve for G {
+    fn to_coords(&self) -> Option<(Self::BaseField, Self::BaseField)> {
+        CommitmentCurve::to_coordinates(self)
+    }
+}