Skip to content

Commit

Permalink
ff 0.11, group 0.11, pairing 0.21
Browse files Browse the repository at this point in the history
  • Loading branch information
str4d committed Sep 8, 2021
1 parent 2ab56b7 commit 4c9d14a
Show file tree
Hide file tree
Showing 12 changed files with 60 additions and 73 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ and this project adheres to Rust's notion of
- `Default` bound for `bellman::gadgets::test::TestConstraintSystem`.

### Changed
- Bumped dependencies to `ff 0.11`, `group 0.11`, `pairing 0.21`.
- `bellman::multicore` has migrated from `crossbeam` to `rayon`:
- `bellman::multicore::Worker::compute` now returns
`bellman::multicore::Waiter`.
Expand Down
8 changes: 4 additions & 4 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ edition = "2018"
[dependencies]
bitvec = "0.22"
blake2s_simd = "0.5"
ff = "0.10"
group = "0.10"
pairing = { version = "0.20", optional = true }
ff = "0.11"
group = "0.11"
pairing = { version = "0.21", optional = true }
rand_core = "0.6"
byteorder = "1"
subtle = "2.2.1"
Expand All @@ -30,7 +30,7 @@ num_cpus = { version = "1", optional = true }
rayon = { version = "1.5.1", optional = true }

[dev-dependencies]
bls12_381 = "0.5"
bls12_381 = "0.6"
criterion = "0.3"
hex-literal = "0.3"
rand = "0.8"
Expand Down
2 changes: 1 addition & 1 deletion src/domain.rs
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ impl<S: PrimeField, G: Group<S>> EvaluationDomain<S, G> {
omega,
omegainv: omega.invert().unwrap(),
geninv: S::multiplicative_generator().invert().unwrap(),
minv: S::from_str(&format!("{}", m)).unwrap().invert().unwrap(),
minv: S::from(m as u64).invert().unwrap(),
})
}

Expand Down
4 changes: 2 additions & 2 deletions src/gadgets/boolean.rs
Original file line number Diff line number Diff line change
Expand Up @@ -759,7 +759,7 @@ mod test {
assert!(cs.is_satisfied());
cs.set("boolean", Scalar::zero());
assert!(cs.is_satisfied());
cs.set("boolean", Scalar::from_str("2").unwrap());
cs.set("boolean", Scalar::from(2));
assert!(!cs.is_satisfied());
assert!(cs.which_is_unsatisfied() == Some("boolean constraint"));
}
Expand Down Expand Up @@ -1548,7 +1548,7 @@ mod test {
fn test_field_into_allocated_bits_le() {
let mut cs = TestConstraintSystem::<Scalar>::new();

let r = Scalar::from_str(
let r = Scalar::from_str_vartime(
"9147677615426976802526883532204139322118074541891858454835346926874644257775",
)
.unwrap();
Expand Down
4 changes: 1 addition & 3 deletions src/gadgets/multieq.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,7 @@ impl<Scalar: PrimeField, CS: ConstraintSystem<Scalar>> MultiEq<Scalar, CS> {

assert!((Scalar::CAPACITY as usize) > (self.bits_used + num_bits));

let coeff = Scalar::from_str("2")
.unwrap()
.pow_vartime(&[self.bits_used as u64]);
let coeff = Scalar::from(2).pow_vartime(&[self.bits_used as u64]);
self.lhs = self.lhs.clone() + (coeff, lhs);
self.rhs = self.rhs.clone() + (coeff, rhs);
self.bits_used += num_bits;
Expand Down
26 changes: 12 additions & 14 deletions src/gadgets/num.rs
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@ impl<Scalar: PrimeField> AllocatedNum<Scalar> {
|| {
let tmp = *self.value.get()?;

if tmp.is_zero() {
if tmp.is_zero_vartime() {
Err(SynthesisError::DivisionByZero)
} else {
Ok(tmp.invert().unwrap())
Expand Down Expand Up @@ -439,30 +439,28 @@ mod test {
fn test_num_squaring() {
let mut cs = TestConstraintSystem::new();

let n = AllocatedNum::alloc(&mut cs, || Ok(Scalar::from_str("3").unwrap())).unwrap();
let n = AllocatedNum::alloc(&mut cs, || Ok(Scalar::from(3))).unwrap();
let n2 = n.square(&mut cs).unwrap();

assert!(cs.is_satisfied());
assert!(cs.get("squared num") == Scalar::from_str("9").unwrap());
assert!(n2.value.unwrap() == Scalar::from_str("9").unwrap());
cs.set("squared num", Scalar::from_str("10").unwrap());
assert!(cs.get("squared num") == Scalar::from(9));
assert!(n2.value.unwrap() == Scalar::from(9));
cs.set("squared num", Scalar::from(10));
assert!(!cs.is_satisfied());
}

#[test]
fn test_num_multiplication() {
let mut cs = TestConstraintSystem::new();

let n = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Scalar::from_str("12").unwrap()))
.unwrap();
let n2 = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Scalar::from_str("10").unwrap()))
.unwrap();
let n = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Scalar::from(12))).unwrap();
let n2 = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Scalar::from(10))).unwrap();
let n3 = n.mul(&mut cs, &n2).unwrap();

assert!(cs.is_satisfied());
assert!(cs.get("product num") == Scalar::from_str("120").unwrap());
assert!(n3.value.unwrap() == Scalar::from_str("120").unwrap());
cs.set("product num", Scalar::from_str("121").unwrap());
assert!(cs.get("product num") == Scalar::from(120));
assert!(n3.value.unwrap() == Scalar::from(120));
cs.set("product num", Scalar::from(121));
assert!(!cs.is_satisfied());
}

Expand Down Expand Up @@ -510,11 +508,11 @@ mod test {
{
let mut cs = TestConstraintSystem::new();

let n = AllocatedNum::alloc(&mut cs, || Ok(Scalar::from_str("3").unwrap())).unwrap();
let n = AllocatedNum::alloc(&mut cs, || Ok(Scalar::from(3))).unwrap();
n.assert_nonzero(&mut cs).unwrap();

assert!(cs.is_satisfied());
cs.set("ephemeral inverse", Scalar::from_str("3").unwrap());
cs.set("ephemeral inverse", Scalar::from(3));
assert!(cs.which_is_unsatisfied() == Some("nonzero assertion constraint"));
}
{
Expand Down
19 changes: 8 additions & 11 deletions src/gadgets/test/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ fn proc_lc<Scalar: PrimeField>(terms: &[(Variable, Scalar)]) -> BTreeMap<Ordered
// Remove terms that have a zero coefficient to normalize
let mut to_remove = vec![];
for (var, coeff) in map.iter() {
if coeff.is_zero() {
if coeff.is_zero_vartime() {
to_remove.push(*var);
}
}
Expand Down Expand Up @@ -166,7 +166,7 @@ impl<Scalar: PrimeField> TestConstraintSystem<Scalar> {
let negone = Scalar::one().neg();

let powers_of_two = (0..Scalar::NUM_BITS)
.map(|i| Scalar::from_str("2").unwrap().pow_vartime(&[u64::from(i)]))
.map(|i| Scalar::from(2).pow_vartime(&[u64::from(i)]))
.collect::<Vec<_>>();

let pp = |s: &mut String, lc: &LinearCombination<Scalar>| {
Expand Down Expand Up @@ -428,38 +428,35 @@ impl<Scalar: PrimeField> ConstraintSystem<Scalar> for TestConstraintSystem<Scala
#[test]
fn test_cs() {
use bls12_381::Scalar;
use ff::PrimeField;

let mut cs = TestConstraintSystem::new();
assert!(cs.is_satisfied());
assert_eq!(cs.num_constraints(), 0);
let a = cs
.namespace(|| "a")
.alloc(|| "var", || Ok(Scalar::from_str("10").unwrap()))
.alloc(|| "var", || Ok(Scalar::from(10)))
.unwrap();
let b = cs
.namespace(|| "b")
.alloc(|| "var", || Ok(Scalar::from_str("4").unwrap()))
.unwrap();
let c = cs
.alloc(|| "product", || Ok(Scalar::from_str("40").unwrap()))
.alloc(|| "var", || Ok(Scalar::from(4)))
.unwrap();
let c = cs.alloc(|| "product", || Ok(Scalar::from(40))).unwrap();

cs.enforce(|| "mult", |lc| lc + a, |lc| lc + b, |lc| lc + c);
assert!(cs.is_satisfied());
assert_eq!(cs.num_constraints(), 1);

cs.set("a/var", Scalar::from_str("4").unwrap());
cs.set("a/var", Scalar::from(4));

let one = TestConstraintSystem::<Scalar>::one();
cs.enforce(|| "eq", |lc| lc + a, |lc| lc + one, |lc| lc + b);

assert!(!cs.is_satisfied());
assert!(cs.which_is_unsatisfied() == Some("mult"));

assert!(cs.get("product") == Scalar::from_str("40").unwrap());
assert!(cs.get("product") == Scalar::from(40));

cs.set("product", Scalar::from_str("16").unwrap());
cs.set("product", Scalar::from(16));
assert!(cs.is_satisfied());

{
Expand Down
2 changes: 1 addition & 1 deletion src/gadgets/uint32.rs
Original file line number Diff line number Diff line change
Expand Up @@ -626,7 +626,7 @@ mod test {
}

// Flip a bit and see if the addition constraint still works
if cs.get("addition/result bit 0/boolean").is_zero() {
if cs.get("addition/result bit 0/boolean").is_zero_vartime() {
cs.set("addition/result bit 0/boolean", Field::one());
} else {
cs.set("addition/result bit 0/boolean", Field::zero());
Expand Down
4 changes: 2 additions & 2 deletions src/groth16/generator.rs
Original file line number Diff line number Diff line change
Expand Up @@ -389,12 +389,12 @@ where
let ct = eval_at_tau(powers_of_tau, ct);

// Compute A query (in G1)
if !at.is_zero() {
if !at.is_zero_vartime() {
*a = g1_wnaf.scalar(&at);
}

// Compute B query (in G1/G2)
if !bt.is_zero() {
if !bt.is_zero_vartime() {
*b_g1 = g1_wnaf.scalar(&bt);
*b_g2 = g2_wnaf.scalar(&bt);
}
Expand Down
37 changes: 15 additions & 22 deletions src/groth16/tests/dummy_engine.rs
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ impl Neg for Fr {
type Output = Self;

fn neg(mut self) -> Self {
if !<Fr as Field>::is_zero(&self) {
if !<Fr as Field>::is_zero_vartime(&self) {
self.0 = MODULUS_R - self.0;
}
self
Expand Down Expand Up @@ -197,8 +197,8 @@ impl Field for Fr {
Fr(Wrapping(1))
}

fn is_zero(&self) -> bool {
(self.0).0 == 0
fn is_zero(&self) -> Choice {
(self.0).0.ct_eq(&0)
}

fn square(&self) -> Self {
Expand All @@ -210,14 +210,10 @@ impl Field for Fr {
}

fn invert(&self) -> CtOption<Self> {
if <Fr as Field>::is_zero(self) {
CtOption::new(<Fr as Field>::zero(), Choice::from(0))
} else {
CtOption::new(
self.pow_vartime(&[(MODULUS_R.0 as u64) - 2]),
Choice::from(1),
)
}
CtOption::new(
self.pow_vartime(&[(MODULUS_R.0 as u64) - 2]),
!<Fr as Field>::is_zero(self),
)
}

#[allow(clippy::many_single_char_names)]
Expand Down Expand Up @@ -297,21 +293,18 @@ impl PrimeField for Fr {
const CAPACITY: u32 = 15;
const S: u32 = 10;

fn from_repr(repr: FrRepr) -> Option<Self> {
fn from_repr(repr: FrRepr) -> CtOption<Self> {
let v = u64::from_le_bytes(repr.0);
if v >= (MODULUS_R.0 as u64) {
None
} else {
Some(Fr(Wrapping(v as u32)))
}
let is_some = Choice::from(if v >= (MODULUS_R.0 as u64) { 0 } else { 1 });
CtOption::new(Fr(Wrapping(v as u32)), is_some)
}

fn to_repr(&self) -> FrRepr {
FrRepr::from(*self)
}

fn is_odd(&self) -> bool {
(self.0).0 % 2 != 0
fn is_odd(&self) -> Choice {
Choice::from(((self.0).0 % 2) as u8)
}

fn multiplicative_generator() -> Fr {
Expand All @@ -335,7 +328,7 @@ impl PrimeFieldBits for Fr {
}
}

#[derive(Clone)]
#[derive(Clone, Debug)]
pub struct DummyEngine;

impl Engine for DummyEngine {
Expand Down Expand Up @@ -396,7 +389,7 @@ impl Group for Fr {
}

fn is_identity(&self) -> Choice {
Choice::from(if <Fr as Field>::is_zero(self) { 1 } else { 0 })
<Fr as Field>::is_zero(self)
}

fn double(&self) -> Self {
Expand Down Expand Up @@ -452,7 +445,7 @@ impl PrimeCurveAffine for Fr {
}

fn is_identity(&self) -> Choice {
Choice::from(if <Fr as Field>::is_zero(self) { 1 } else { 0 })
<Fr as Field>::is_zero(self)
}

fn to_curve(&self) -> Self::Curve {
Expand Down
24 changes: 12 additions & 12 deletions src/groth16/tests/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -92,11 +92,11 @@ impl<Scalar: PrimeField> Circuit<Scalar> for XorDemo<Scalar> {
fn test_xordemo() {
let g1 = Fr::one();
let g2 = Fr::one();
let alpha = Fr::from_str("48577").unwrap();
let beta = Fr::from_str("22580").unwrap();
let gamma = Fr::from_str("53332").unwrap();
let delta = Fr::from_str("5481").unwrap();
let tau = Fr::from_str("3673").unwrap();
let alpha = Fr::from(48577);
let beta = Fr::from(22580);
let gamma = Fr::from(53332);
let delta = Fr::from(5481);
let tau = Fr::from(3673);

let params = {
let c = XorDemo {
Expand Down Expand Up @@ -131,7 +131,7 @@ fn test_xordemo() {
// Let's turn it into a 2^3 root of unity.
root_of_unity = root_of_unity.pow_vartime(&[1u64 << 7]);
assert_eq!(Fr::one(), root_of_unity.pow_vartime(&[1u64 << 3]));
assert_eq!(Fr::from_str("20201").unwrap(), root_of_unity);
assert_eq!(Fr::from(20201), root_of_unity);

// Let's compute all the points in our evaluation domain.
let mut points = Vec::with_capacity(8);
Expand Down Expand Up @@ -215,15 +215,15 @@ fn test_xordemo() {

let u_i = [59158, 48317, 21767, 10402]
.iter()
.map(|e| Fr::from_str(&format!("{}", e)).unwrap())
.map(|e| Fr::from(*e))
.collect::<Vec<Fr>>();
let v_i = [0, 0, 60619, 30791]
.iter()
.map(|e| Fr::from_str(&format!("{}", e)).unwrap())
.map(|e| Fr::from(*e))
.collect::<Vec<Fr>>();
let w_i = [0, 23320, 41193, 41193]
.iter()
.map(|e| Fr::from_str(&format!("{}", e)).unwrap())
.map(|e| Fr::from(*e))
.collect::<Vec<Fr>>();

for (u, a) in u_i.iter().zip(&params.a[..]) {
Expand Down Expand Up @@ -279,8 +279,8 @@ fn test_xordemo() {

let pvk = prepare_verifying_key(&params.vk);

let r = Fr::from_str("27134").unwrap();
let s = Fr::from_str("17146").unwrap();
let r = Fr::from(27134);
let s = Fr::from(17146);

let proof = {
let c = XorDemo {
Expand Down Expand Up @@ -367,7 +367,7 @@ fn test_xordemo() {
.iter()
.enumerate()
{
let coeff = Fr::from_str(&format!("{:?}", coeff)).unwrap();
let coeff = Fr::from(*coeff);

let mut tmp = params.h[i];
tmp.mul_assign(&coeff);
Expand Down
2 changes: 1 addition & 1 deletion src/groth16/verifier/batch.rs
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ where
// actually loop, but handles the edge case.
let z = loop {
let z = E::Fr::random(&mut rng);
if !z.is_zero() {
if !z.is_zero_vartime() {
break z;
}
};
Expand Down

0 comments on commit 4c9d14a

Please sign in to comment.