ivc assignment

groth16/src/lib.rs

@@ -22,7 +22,7 @@ mod tests {
     use crate::error::Error;
     use crate::zksnark::ZkSnark;
 
-    use bn_254::Fr as BnScalar;
+    use bn_254::Fr as GrumpkinBase;
     use grumpkin::driver::GrumpkinDriver;
     use zkstd::circuit::prelude::{FieldAssignment, R1cs};
     use zkstd::common::OsRng;
@@ -31,12 +31,12 @@ mod tests {
     fn arithmetic_test() {
         #[derive(Debug)]
         pub struct DummyCircuit {
-            x: BnScalar,
-            o: BnScalar,
+            x: GrumpkinBase,
+            o: GrumpkinBase,
         }
 
         impl DummyCircuit {
-            pub fn new(x: BnScalar, o: BnScalar) -> Self {
+            pub fn new(x: GrumpkinBase, o: GrumpkinBase) -> Self {
                 Self { x, o }
             }
         }
@@ -51,7 +51,7 @@ mod tests {
             fn synthesize(&self, composer: &mut R1cs<GrumpkinDriver>) -> Result<(), Error> {
                 let x = FieldAssignment::instance(composer, self.x);
                 let o = FieldAssignment::instance(composer, self.o);
-                let c = FieldAssignment::constant(&BnScalar::from(5));
+                let c = FieldAssignment::constant(&GrumpkinBase::from(5));
 
                 let sym1 = FieldAssignment::mul(composer, &x, &x);
                 let y = FieldAssignment::mul(composer, &sym1, &x);
@@ -64,8 +64,8 @@ mod tests {
             }
         }
 
-        let x = BnScalar::from(3);
-        let o = BnScalar::from(35);
+        let x = GrumpkinBase::from(3);
+        let o = GrumpkinBase::from(35);
         let circuit = DummyCircuit::new(x, o);
 
         let (mut prover, verifier) =

grumpkin/src/driver.rs

@@ -1,19 +1,21 @@
+use crate::curve::Affine;
 use crate::params::PARAM_B3;
-use bn_254::{Fq, Fr, G1Affine};
+use bn_254::{Fq, Fr};
 use zkstd::circuit::CircuitDriver;
 
 #[derive(Clone, Debug, Default, PartialEq, Eq)]
 pub struct GrumpkinDriver;
 
 impl CircuitDriver for GrumpkinDriver {
     const NUM_BITS: u16 = 254;
-    type Affine = G1Affine;
 
-    type Base = Fq;
+    type Affine = Affine;
 
-    type Scalar = Fr;
+    type Base = Fr;
 
-    fn b3() -> Self::Scalar {
+    type Scalar = Fq;
+
+    fn b3() -> Self::Base {
         PARAM_B3
     }
 }

nova/src/circuit/transcript.rs

@@ -14,7 +14,7 @@ impl<const ROUND: usize, C: CircuitDriver> Default for MimcROCircuit<ROUND, C> {
         Self {
             hasher: MimcAssignment::default(),
             state: Vec::default(),
-            key: FieldAssignment::constant(&C::Scalar::zero()),
+            key: FieldAssignment::constant(&C::Base::zero()),
         }
     }
 }
@@ -47,7 +47,7 @@ mod tests {
     use grumpkin::{driver::GrumpkinDriver, Affine};
     use rand_core::OsRng;
     use zkstd::circuit::prelude::{FieldAssignment, PointAssignment, R1cs};
-    use zkstd::common::{CurveGroup, Group};
+    use zkstd::common::Group;
 
     #[test]
     fn mimc_circuit() {
@@ -57,9 +57,8 @@ mod tests {
         let point = Affine::random(OsRng);
         let scalar = Fr::random(OsRng);
 
-        let point_assignment =
-            PointAssignment::instance(&mut cs, point.get_x(), point.get_y(), point.is_identity());
-        let scalar_assignment = FieldAssignment::instance(&mut cs, scalar);
+        let point_assignment = PointAssignment::instance(&mut cs, point);
+        let scalar_assignment = FieldAssignment::instance(&mut cs, scalar.into());
         mimc.append(scalar);
         mimc.append_point(point);
         mimc_circuit.append(scalar_assignment);

nova/src/driver.rs

@@ -0,0 +1,37 @@
+use bn_254::{Fq, Fr, G1Affine as BN254Affine, params::PARAM_B3 as BN254_B3};
+use grumpkin::{Affine as GrumpkinAffine, params::PARAM_B3 as Grumpkin_B3};
+use zkstd::circuit::CircuitDriver;
+
+#[derive(Clone, Debug, Default, PartialEq, Eq)]
+pub struct GrumpkinDriver;
+
+impl CircuitDriver for GrumpkinDriver {
+    const NUM_BITS: u16 = 254;
+
+    type Affine = GrumpkinAffine;
+
+    type Base = Fr;
+
+    type Scalar = Fq;
+
+    fn b3() -> Self::Base {
+        Grumpkin_B3
+    }
+}
+
+#[derive(Clone, Debug, Default, PartialEq, Eq)]
+pub struct BN254Driver;
+
+impl CircuitDriver for BN254Driver {
+    const NUM_BITS: u16 = 254;
+
+    type Affine = BN254Affine;
+
+    type Base = Fq;
+
+    type Scalar = Fr;
+
+    fn b3() -> Self::Base {
+        BN254_B3
+    }
+}

nova/src/gadget/mimc.rs

@@ -3,13 +3,13 @@ use crate::hash::Mimc;
 use zkstd::circuit::prelude::{CircuitDriver, FieldAssignment, R1cs};
 
 pub(crate) struct MimcAssignment<const ROUND: usize, C: CircuitDriver> {
-    constants: [C::Scalar; ROUND],
+    constants: [C::Base; ROUND],
 }
 
 impl<const ROUND: usize, C: CircuitDriver> Default for MimcAssignment<ROUND, C> {
     fn default() -> Self {
         Self {
-            constants: Mimc::<ROUND, C::Scalar>::default().constants,
+            constants: Mimc::<ROUND, C::Base>::default().constants,
         }
     }
 }

nova/src/ivc.rs

@@ -74,6 +74,7 @@ mod tests {
     use crate::test::ExampleFunction;
 
     use grumpkin::driver::GrumpkinDriver;
+    use bn_254::Fq;
     use rand_core::OsRng;
     use zkstd::circuit::prelude::R1cs;
     use zkstd::matrix::DenseVectors;
@@ -82,7 +83,7 @@ mod tests {
     #[test]
     fn ivc_test() {
         let r1cs: R1cs<GrumpkinDriver> = example_r1cs(1);
-        let z0 = DenseVectors::new(r1cs.x());
+        let z0 = DenseVectors::new(r1cs.x().iter().map(|x| Fq::from(*x)).collect());
         let mut ivc = Ivc::new(r1cs, OsRng, z0);
         ivc.recurse::<ExampleFunction<GrumpkinDriver>>();
         let proof = ivc.prove();

nova/src/lib.rs

@@ -2,6 +2,7 @@
 #![allow(unused_variables, dead_code)]
 
 mod circuit;
+mod driver;
 mod function;
 mod gadget;
 mod hash;

nova/src/prover.rs

@@ -8,15 +8,15 @@ use zkstd::circuit::prelude::{CircuitDriver, R1cs};
 use zkstd::common::{Ring, RngCore};
 use zkstd::matrix::DenseVectors;
 
-pub struct Prover<C: CircuitDriver> {
+pub struct Prover<C1: CircuitDriver, C2: CircuitDriver> {
     // public parameters
     pp: PedersenCommitment<C::Affine>,
 
     // r1cs structure
-    f: R1cs<C>,
+    f: R1cs<C2>,
 }
 
-impl<C: CircuitDriver> Prover<C> {
+impl<C1: CircuitDriver, C2: CircuitDriver> Prover<C1, C2> {
     pub fn new(f: R1cs<C>, rng: impl RngCore) -> Self {
         let m = f.m();
         let n = m.next_power_of_two() as u64;
@@ -61,8 +61,8 @@ impl<C: CircuitDriver> Prover<C> {
         let u2 = relaxed_r1cs.u();
         let m = self.f.m();
         let (a, b, c) = self.f.matrices();
-        let (w0, w1) = (DenseVectors::new(r1cs.w()), relaxed_r1cs.w());
-        let (x0, x1) = (DenseVectors::new(r1cs.x()), relaxed_r1cs.x());
+        let (w0, w1) = (DenseVectors::new(r1cs.w().iter().map(|c| C::Scalar::from(*c)).collect()), relaxed_r1cs.w());
+        let (x0, x1) = (DenseVectors::new(r1cs.x().iter().map(|c| C::Scalar::from(*c)).collect()), relaxed_r1cs.x());
 
         // matrices and z vector matrix multiplication
         let az2 = a.prod(&m, &x1, &w1);

nova/src/relaxed_r1cs/instance.rs

@@ -31,7 +31,7 @@ impl<C: CircuitDriver> RelaxedR1csInstance<C> {
             C::Affine::ADDITIVE_IDENTITY,
             C::Scalar::one(),
             C::Affine::ADDITIVE_IDENTITY,
-            DenseVectors::new(r1cs.x()),
+            DenseVectors::new(r1cs.x().iter().map(|x| C::Scalar::from(*x)).collect()),
         );
         let (e2, u2, w2, x2) = (self.commit_e, self.u, self.commit_w, self.x.clone());
 

nova/src/relaxed_r1cs/witness.rs

@@ -21,7 +21,7 @@ impl<C: CircuitDriver> RelaxedR1csWitness<C> {
     pub(crate) fn fold(&self, r1cs: &R1cs<C>, r: C::Scalar, t: DenseVectors<C::Scalar>) -> Self {
         let r2 = r.square();
         let e2 = self.e.clone();
-        let w1 = DenseVectors::new(r1cs.w());
+        let w1 = DenseVectors::new(r1cs.w().iter().map(|x| C::Scalar::from(*x)).collect());
         let w2 = self.w.clone();
 
         let e = t * r + e2 * r2;

zkstd/src/circuit.rs

@@ -13,6 +13,7 @@ pub trait CircuitDriver: Clone {
 
     // curve scalar field
     type Scalar: PrimeField + From<Self::Base> + Serialize + for<'de> Deserialize<'de>;
+
     // bn curve 3b param
-    fn b3() -> Self::Scalar;
+    fn b3() -> Self::Base;
 }

zkstd/src/circuit/gadget/binary.rs

@@ -8,14 +8,14 @@ pub struct BinaryAssignment<C: CircuitDriver>(Wire, PhantomData<C>);
 impl<C: CircuitDriver> BinaryAssignment<C> {
     pub fn instance(cs: &mut R1cs<C>, bit: u8) -> Self {
         let wire = cs.public_wire();
-        cs.x.push(C::Scalar::from(bit as u64));
+        cs.x.push(C::Base::from(bit as u64));
 
         Self(wire, PhantomData::default())
     }
 
     pub fn witness(cs: &mut R1cs<C>, bit: u8) -> Self {
         let wire = cs.private_wire();
-        cs.w.push(C::Scalar::from(bit as u64));
+        cs.w.push(C::Base::from(bit as u64));
 
         Self(wire, PhantomData::default())
     }

zkstd/src/circuit/gadget/curve.rs

@@ -4,6 +4,7 @@ use super::field::FieldAssignment;
 use crate::circuit::CircuitDriver;
 use crate::common::{BNProjective, CurveGroup, Group, IntGroup, Ring};
 use crate::r1cs::R1cs;
+use crate::traits::BNAffine;
 
 #[derive(Clone)]
 pub struct PointAssignment<C: CircuitDriver> {
@@ -13,30 +14,30 @@ pub struct PointAssignment<C: CircuitDriver> {
 }
 
 impl<C: CircuitDriver> PointAssignment<C> {
-    pub fn instance(cs: &mut R1cs<C>, x: C::Scalar, y: C::Scalar, is_infinity: bool) -> Self {
-        let x = FieldAssignment::instance(cs, x);
-        let y = FieldAssignment::instance(cs, y);
+    pub fn instance(cs: &mut R1cs<C>, point: C::Affine) -> Self {
+        let x = FieldAssignment::instance(cs, point.get_x().into());
+        let y = FieldAssignment::instance(cs, point.get_y().into());
         let z = FieldAssignment::instance(
             cs,
-            if is_infinity {
-                C::Scalar::zero()
+            if point.is_identity() {
+                C::Base::zero()
             } else {
-                C::Scalar::one()
+                C::Base::one()
             },
         );
 
         Self { x, y, z }
     }
 
-    pub fn witness(cs: &mut R1cs<C>, x: C::Scalar, y: C::Scalar, is_infinity: bool) -> Self {
+    pub fn witness(cs: &mut R1cs<C>, x: C::Base, y: C::Base, is_infinity: bool) -> Self {
         let x = FieldAssignment::witness(cs, x);
         let y = FieldAssignment::witness(cs, y);
         let z = FieldAssignment::witness(
             cs,
             if is_infinity {
-                C::Scalar::zero()
+                C::Base::zero()
             } else {
-                C::Scalar::one()
+                C::Base::one()
             },
         );
 
@@ -46,11 +47,11 @@ impl<C: CircuitDriver> PointAssignment<C> {
     pub fn assert_equal_public_point(
         &self,
         cs: &mut R1cs<C>,
-        point: impl BNProjective<Scalar = C::Base, Base = C::Scalar>,
+        point: <C::Affine as BNAffine>::Extended,
     ) {
-        let point_x = FieldAssignment::constant(&point.get_x());
-        let point_y = FieldAssignment::constant(&point.get_y());
-        let point_z = FieldAssignment::constant(&point.get_z());
+        let point_x = FieldAssignment::constant(&C::Base::from(point.get_x()));
+        let point_y = FieldAssignment::constant(&C::Base::from(point.get_y()));
+        let point_z = FieldAssignment::constant(&C::Base::from(point.get_z()));
 
         let xz1 = FieldAssignment::mul(cs, &self.x, &point_z);
         let xz2 = FieldAssignment::mul(cs, &point_x, &self.z);
@@ -64,7 +65,7 @@ impl<C: CircuitDriver> PointAssignment<C> {
     }
 
     pub fn add(&self, rhs: &Self, cs: &mut R1cs<C>) -> Self {
-        let b3 = FieldAssignment::<C>::constant(&C::b3());
+        let b3 = FieldAssignment::<C>::constant(&C::Base::from(C::b3()));
         let t0 = FieldAssignment::mul(cs, &self.x, &rhs.x);
         let t1 = FieldAssignment::mul(cs, &self.y, &rhs.y);
         let t2 = FieldAssignment::mul(cs, &self.z, &rhs.z);
@@ -107,7 +108,7 @@ impl<C: CircuitDriver> PointAssignment<C> {
     }
 
     pub fn double(&self, cs: &mut R1cs<C>) -> Self {
-        let b3 = FieldAssignment::<C>::constant(&C::b3());
+        let b3 = FieldAssignment::<C>::constant(&C::Base::from(C::b3()));
         let t0 = FieldAssignment::mul(cs, &self.y, &self.y);
         let z3 = &t0 + &t0;
         let z3 = &z3 + &z3;
@@ -137,8 +138,7 @@ impl<C: CircuitDriver> PointAssignment<C> {
     /// coordinate scalar
     pub fn scalar_point(&self, cs: &mut R1cs<C>, scalar: &FieldAssignment<C>) -> Self {
         let i = C::Affine::ADDITIVE_IDENTITY;
-        let mut res =
-            PointAssignment::instance(cs, i.get_x().into(), i.get_y().into(), i.is_identity());
+        let mut res = PointAssignment::instance(cs, i);
         for bit in FieldAssignment::to_bits(cs, scalar).iter() {
             res = res.double(cs);
             let point_to_add = self.select_identity(cs, bit);
@@ -153,8 +153,7 @@ impl<C: CircuitDriver> PointAssignment<C> {
         let bit = FieldAssignment::from(bit);
         Self {
             x: FieldAssignment::mul(cs, &x, &bit),
-            y: &(&FieldAssignment::mul(cs, &y, &bit)
-                + &FieldAssignment::constant(&C::Scalar::one()))
+            y: &(&FieldAssignment::mul(cs, &y, &bit) + &FieldAssignment::constant(&C::Base::one()))
                 - &bit,
             z: FieldAssignment::mul(cs, &z, &bit),
         }