Revert "feat: support scalar mul of arkworks curve using precomputed …

…table (#34)"

This reverts commit a91d908.

manta-crypto/src/ecc.rs

@@ -137,9 +137,6 @@ pub trait ScalarMul<COM = ()> {
 /// Elliptic Curve Pre-processed Scalar Multiplication Operation
 pub trait PreprocessedScalarMul<COM, const N: usize>: ScalarMul<COM> + Sized {
     /// Performs the scalar multiplication against a pre-computed table.
-    ///
-    /// The pre-computed table is powers of two of `scalar`, such that
-    /// `table[i] = 2^i * G`.
     #[must_use]
     fn preprocessed_scalar_mul(
         table: &[Self; N],
@@ -165,9 +162,7 @@ where
 /// Elliptic Curve Group
 pub trait Group<COM = ()>: PointAdd<COM> + PointDouble<COM> + ScalarMul<COM> {}
 
-/// Pre-processed Scalar Multiplication Table.
-///
-/// This table contains power-of-two multiples of a fixed base group element.
+/// Pre-processed Scalar Multiplication Table
 #[cfg_attr(
     feature = "serde",
     derive(Deserialize, Serialize),
@@ -185,16 +180,17 @@ pub struct PreprocessedScalarMulTable<G, const N: usize> {
 }
 
 impl<G, const N: usize> PreprocessedScalarMulTable<G, N> {
-    /// Builds a new [`PreprocessedScalarMulTable`] collection from `base`, such that `table[i] = 2^i * base`.
+    /// Builds a new [`PreprocessedScalarMulTable`] collection from `base`.
     #[inline]
     pub fn from_base<COM>(mut base: G, compiler: &mut COM) -> Self
     where
         G: Clone + PointAdd<COM, Output = G> + PointDouble<COM, Output = G>,
     {
         let mut powers = Vec::with_capacity(N);
+        let double = base.double(compiler);
         for _ in 0..N {
             powers.push(base.clone());
-            base.double_assign(compiler);
+            base.add_assign(&double, compiler);
         }
         Self::from_powers_unchecked(
             powers

manta-pay/Cargo.toml

@@ -120,4 +120,3 @@ tungstenite = { version = "0.17.2", optional = true, default-features = false, f
 
 [dev-dependencies]
 manta-pay = { path = ".", features = ["groth16", "test"] }
-manta-crypto = { path = "../manta-crypto", default-features = false, features = ["getrandom"] }

manta-pay/src/crypto/constraint/arkworks/mod.rs

@@ -276,14 +276,6 @@ where
         cs.set_optimization_goal(ark_r1cs::OptimizationGoal::Constraints);
         Self { cs }
     }
-
-    /// Check if all constraints are satisfied.
-    #[inline]
-    pub fn is_satisfied(&self) -> bool {
-        self.cs
-            .is_satisfied()
-            .expect("is_satisfied is not allowed to fail")
-    }
 }
 
 impl<F> ConstraintSystem for R1CS<F>

manta-pay/src/crypto/ecc/arkworks.rs

@@ -25,7 +25,7 @@ use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError
 use core::marker::PhantomData;
 use manta_crypto::{
     constraint::{Allocator, Constant, Equal, Public, Secret, ValueSource, Variable},
-    ecc::{self, PointAdd, PointDouble},
+    ecc,
     key::kdf,
     rand::{CryptoRng, RngCore, Sample, Standard},
 };
@@ -43,9 +43,6 @@ type ConstraintField<C> = <<C as ProjectiveCurve>::BaseField as Field>::BasePrim
 /// Compiler Type
 type Compiler<C> = R1CS<ConstraintField<C>>;
 
-/// Curve Scalar Parameter
-type ScalarParam<C> = <<C as ProjectiveCurve>::ScalarField as PrimeField>::Params;
-
 /// Scalar Field Element
 pub type Scalar<C> = Fp<<C as ProjectiveCurve>::ScalarField>;
 
@@ -366,8 +363,6 @@ where
 }
 
 /// Elliptic Curve Group Element Variable
-#[derive(derivative::Derivative)]
-#[derivative(Clone)]
 pub struct GroupVar<C, CV>(pub(crate) CV, PhantomData<C>)
 where
     C: ProjectiveCurve,
@@ -411,45 +406,6 @@ where
     }
 }
 
-macro_rules! impl_processed_scalar_mul {
-    ($curve: ty) => {
-        impl<CV>
-            ecc::PreprocessedScalarMul<
-                Compiler<$curve>,
-                {
-                    <<$curve as ProjectiveCurve>::ScalarField as PrimeField>::Params::MODULUS_BITS
-                        as usize
-                },
-            > for GroupVar<$curve, CV>
-        where
-            CV: CurveVar<$curve, ConstraintField<$curve>>,
-        {
-            #[inline]
-            fn preprocessed_scalar_mul(
-                table: &[Self; ScalarParam::<$curve>::MODULUS_BITS as usize],
-                scalar: &Self::Scalar,
-                compiler: &mut Compiler<$curve>,
-            ) -> Self::Output {
-                let _ = compiler;
-                let mut result = CV::zero();
-                let scalar_bits = scalar
-                    .0
-                    .to_bits_le()
-                    .expect("Bit decomposition is not allowed to fail.");
-                // TODO: Add `+` implementations, `conditional_add` to avoid unnecessary clones.
-                for (bit, base) in scalar_bits.into_iter().zip(table.iter()) {
-                    result = bit
-                        .select(&(result.clone() + &base.0), &result)
-                        .expect("Conditional select is not allowed to fail. ");
-                }
-                Self(result, PhantomData)
-            }
-        }
-    };
-}
-
-impl_processed_scalar_mul!(ark_ed_on_bls12_381::EdwardsProjective);
-
 impl<C, CV> Equal<Compiler<C>> for GroupVar<C, CV>
 where
     C: ProjectiveCurve,
@@ -539,82 +495,3 @@ where
         )
     }
 }
-
-impl<C, CV> PointAdd<Compiler<C>> for GroupVar<C, CV>
-where
-    C: ProjectiveCurve,
-    CV: CurveVar<C, ConstraintField<C>>,
-{
-    type Output = Self;
-
-    #[inline]
-    fn add(&self, rhs: &Self, compiler: &mut Compiler<C>) -> Self::Output {
-        let _ = compiler;
-        let mut result = self.0.clone();
-        result += &rhs.0;
-        Self::new(result)
-    }
-}
-
-impl<C, CV> PointDouble<Compiler<C>> for GroupVar<C, CV>
-where
-    C: ProjectiveCurve,
-    CV: CurveVar<C, ConstraintField<C>>,
-{
-    type Output = Self;
-
-    #[inline]
-    fn double(&self, compiler: &mut Compiler<C>) -> Self::Output {
-        let _ = compiler;
-        Self::new(self.0.double().expect("Doubling is not allowed to fail."))
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use super::*;
-    use ark_ec::ProjectiveCurve;
-    use ark_ed_on_bls12_381::{constraints::EdwardsVar, EdwardsProjective};
-    use ecc::PreprocessedScalarMul;
-    use manta_crypto::{
-        constraint::ConstraintSystem,
-        ecc::{PreprocessedScalarMulTable, ScalarMul},
-        rand::OsRng,
-    };
-
-    /// Tests preprocessed scalar multiplication on curve `C`.
-    fn preprocessed_scalar_mul_test_template<C, CV, const N: usize>(rng: &mut OsRng)
-    where
-        C: ProjectiveCurve,
-        CV: CurveVar<C, ConstraintField<C>>,
-        GroupVar<C, CV>: PreprocessedScalarMul<
-            Compiler<C>,
-            N,
-            Scalar = ScalarVar<C, CV>,
-            Output = GroupVar<C, CV>,
-        >,
-    {
-        const NUM_TRIALS: usize = 5;
-
-        let mut cs = R1CS::for_known();
-        for _ in 0..NUM_TRIALS {
-            let base = Group::<_>::gen(rng).as_known::<Secret, GroupVar<_, _>>(&mut cs);
-            let scalar = Scalar::<C>::gen(rng).as_known::<Secret, _>(&mut cs);
-            let expected = base.scalar_mul(&scalar, &mut cs);
-            let table = PreprocessedScalarMulTable::<_, N>::from_base(base, &mut cs);
-            let actual = table.scalar_mul(&scalar, &mut cs);
-            cs.assert_eq(&expected, &actual);
-        }
-        assert!(cs.is_satisfied());
-    }
-
-    /// Tests preprocessed scalar multiplication on different curves.
-    #[test]
-    fn preprocessed_scalar_mul() {
-        preprocessed_scalar_mul_test_template::<
-            EdwardsProjective,
-            EdwardsVar,
-            { ScalarParam::<EdwardsProjective>::MODULUS_BITS as usize },
-        >(&mut OsRng);
-    }
-}