Manta-Network · BoyuanFeng · Jul 29, 2022 · Jul 15, 2022 · Jul 15, 2022 · Jul 15, 2022
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Added
 - [\#131](https://github.com/Manta-Network/manta-rs/pull/131) Add abstract Phase 1 for Groth16 trusted setup
 - [\#175](https://github.com/Manta-Network/manta-rs/pull/175) Add more documentation around `cargo-hakari`
+- [\#172](https://github.com/Manta-Network/manta-rs/pull/172) Add abstract Phase 2 for Groth16 trusted setup 
 
 ### Changed
 

diff --git a/manta-pay/src/crypto/constraint/arkworks/groth16.rs b/manta-pay/src/crypto/constraint/arkworks/groth16.rs
@@ -252,9 +252,9 @@ where
         } = &self.0;
         vk.serialize(&mut writer)?;
         alpha_g1_beta_g2.serialize(&mut writer)?;
-        <E::G2Prepared as HasSerialization>::Serialize::from(gamma_g2_neg_pc)
+        <E::G2Prepared as HasSerialization<'_>>::Serialize::from(gamma_g2_neg_pc)
             .serialize(&mut writer)?;
-        <E::G2Prepared as HasSerialization>::Serialize::from(delta_g2_neg_pc)
+        <E::G2Prepared as HasSerialization<'_>>::Serialize::from(delta_g2_neg_pc)
             .serialize(&mut writer)?;
         Ok(())
     }
@@ -269,9 +269,9 @@ where
         } = &self.0;
         vk.serialized_size()
             + alpha_g1_beta_g2.serialized_size()
-            + <E::G2Prepared as HasSerialization>::Serialize::from(gamma_g2_neg_pc)
+            + <E::G2Prepared as HasSerialization<'_>>::Serialize::from(gamma_g2_neg_pc)
                 .serialized_size()
-            + <E::G2Prepared as HasSerialization>::Serialize::from(delta_g2_neg_pc)
+            + <E::G2Prepared as HasSerialization<'_>>::Serialize::from(delta_g2_neg_pc)
                 .serialized_size()
     }
 
@@ -288,9 +288,9 @@ where
         } = &self.0;
         vk.serialize_uncompressed(&mut writer)?;
         alpha_g1_beta_g2.serialize_uncompressed(&mut writer)?;
-        <E::G2Prepared as HasSerialization>::Serialize::from(gamma_g2_neg_pc)
+        <E::G2Prepared as HasSerialization<'_>>::Serialize::from(gamma_g2_neg_pc)
             .serialize_uncompressed(&mut writer)?;
-        <E::G2Prepared as HasSerialization>::Serialize::from(delta_g2_neg_pc)
+        <E::G2Prepared as HasSerialization<'_>>::Serialize::from(delta_g2_neg_pc)
             .serialize_uncompressed(&mut writer)?;
         Ok(())
     }
@@ -308,9 +308,9 @@ where
         } = &self.0;
         vk.serialize_unchecked(&mut writer)?;
         alpha_g1_beta_g2.serialize_unchecked(&mut writer)?;
-        <E::G2Prepared as HasSerialization>::Serialize::from(gamma_g2_neg_pc)
+        <E::G2Prepared as HasSerialization<'_>>::Serialize::from(gamma_g2_neg_pc)
             .serialize_unchecked(&mut writer)?;
-        <E::G2Prepared as HasSerialization>::Serialize::from(delta_g2_neg_pc)
+        <E::G2Prepared as HasSerialization<'_>>::Serialize::from(delta_g2_neg_pc)
             .serialize_unchecked(&mut writer)?;
         Ok(())
     }
@@ -325,9 +325,9 @@ where
         } = &self.0;
         vk.uncompressed_size()
             + alpha_g1_beta_g2.uncompressed_size()
-            + <E::G2Prepared as HasSerialization>::Serialize::from(gamma_g2_neg_pc)
+            + <E::G2Prepared as HasSerialization<'_>>::Serialize::from(gamma_g2_neg_pc)
                 .uncompressed_size()
-            + <E::G2Prepared as HasSerialization>::Serialize::from(delta_g2_neg_pc)
+            + <E::G2Prepared as HasSerialization<'_>>::Serialize::from(delta_g2_neg_pc)
                 .uncompressed_size()
     }
 }

diff --git a/manta-trusted-setup/Cargo.toml b/manta-trusted-setup/Cargo.toml
@@ -26,7 +26,7 @@ maintenance = { status = "actively-developed" }
 
 [features]
 # Rayon Parallelization
-rayon = ["dep:rayon", "manta-util/rayon"]
+rayon = ["manta-util/rayon"]
 
 # Standard Library
 std = []
@@ -35,13 +35,20 @@ std = []
 ark-ec = { version = "0.3.0", default-features = false }
 ark-ff = { version = "0.3.0", default-features = false }
 ark-groth16 = { version = "0.3.0", default-features = false }
-ark-r1cs-std = { version = "0.3.1", default-features = false }
+ark-poly = { version = "0.3.0", default-features = false }
 ark-relations = { version = "0.3.0", default-features = false }
 ark-serialize = { version = "0.3.0", default-features = false, features = ["derive"] }
-ark-snark = { version = "0.3.0", default-features = false }
 ark-std = { version = "0.3.0", default-features = false }
+blake2 = { version = "0.10.4", default-features = false }
+byteorder = { version = "1.4.3", default-features = false }
 derivative = { version = "2.2.0", default-features = false, features = ["use_core"] }
 manta-crypto = { path = "../manta-crypto", default-features = false, features = ["getrandom"] }
-manta-util = { path = "../manta-util", default-features = false, features = ["alloc"] }
-rayon = { version = "1.5.3", optional = true, default-features = false }
+manta-util = { path = "../manta-util", default-features = false }
+rand_chacha = { version = "0.3.1", default-features = false }
 workspace-hack = { version = "0.1.0", path = "../workspace-hack" }
+
+[dev-dependencies]
+ark-bls12-381 = { version = "0.3.0", default-features = false, features = ["curve", "scalar_field"] }
+ark-r1cs-std = { version = "0.3.1", default-features = false }
+ark-snark = { version = "0.3.0", default-features = false }
+manta-pay = { path = "../manta-pay", default-features = false, features = ["groth16"] } # TODO: To be removed
diff --git a/manta-trusted-setup/src/groth16/kzg.rs b/manta-trusted-setup/src/groth16/kzg.rs
@@ -16,20 +16,21 @@
 
 //! KZG Trusted Setup for Groth16
 
-use crate::util::{
-    power_pairs, scalar_mul, CanonicalDeserialize, CanonicalSerialize, Deserializer,
-    HasDistribution, NonZero, One, PairingEngineExt, Read, Sample, SerializationError, Serializer,
-    Write, Zero,
+use crate::{
+    pairing::{Pairing, PairingEngineExt},
+    ratio::{HashToGroup, RatioProof},
+    util::{
+        power_pairs, scalar_mul, CanonicalDeserialize, CanonicalSerialize, Deserializer, NonZero,
+        One, Read, Sample, SerializationError, Serializer, UniformRand, Write,
+    },
 };
 use alloc::{vec, vec::Vec};
-use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
-use ark_ff::{PrimeField, UniformRand};
 use core::{iter, ops::Mul};
-use manta_crypto::rand::{CryptoRng, Rand, RngCore};
+use manta_crypto::rand::{CryptoRng, RngCore};
 use manta_util::{cfg_iter, cfg_iter_mut, from_variant, vec::VecExt};
 
 #[cfg(feature = "rayon")]
-use rayon::iter::{IndexedParallelIterator, ParallelIterator};
+use manta_util::rayon::iter::{IndexedParallelIterator, ParallelIterator};
 
 /// KZG Trusted Setup Size
 pub trait Size {
@@ -44,42 +45,6 @@ pub trait Size {
     const G2_POWERS: usize;
 }
 
-/// Pairing Configuration
-pub trait Pairing: HasDistribution {
-    /// Underlying Scalar Field
-    type Scalar: PrimeField;
-
-    /// First Group of the Pairing
-    type G1: AffineCurve<ScalarField = Self::Scalar>
-        + Into<Self::G1Prepared>
-        + Sample<Self::Distribution>;
-
-    /// First Group Pairing-Prepared Point
-    type G1Prepared;
-
-    /// Second Group of the Pairing
-    type G2: AffineCurve<ScalarField = Self::Scalar>
-        + Into<Self::G2Prepared>
-        + Sample<Self::Distribution>;
-
-    /// Second Group Pairing-Prepared Point
-    type G2Prepared;
-
-    /// Pairing Engine Type
-    type Pairing: PairingEngine<
-        G1Affine = Self::G1,
-        G2Affine = Self::G2,
-        G1Prepared = Self::G1Prepared,
-        G2Prepared = Self::G2Prepared,
-    >;
-
-    /// Returns the base G1 generator for this configuration.
-    fn g1_prime_subgroup_generator() -> Self::G1;
-
-    /// Returns the base G2 generator for this configuration.
-    fn g2_prime_subgroup_generator() -> Self::G2;
-}
-
 /// Trusted Setup Configuration
 pub trait Configuration: Pairing + Size {
     /// Domain Tag
@@ -91,21 +56,20 @@ pub trait Configuration: Pairing + Size {
     /// Response Type
     type Response;
 
-    /// Tau Domain Tag for [`hash_to_g2`](Self::hash_to_g2)
+    /// Hash To Group Type
+    type HashToGroup: HashToGroup<Self, Self::Challenge>;
+
+    /// Tau Domain Tag Type
     const TAU_DOMAIN_TAG: Self::DomainTag;
 
-    /// Alpha Domain Tag for [`hash_to_g2`](Self::hash_to_g2)
+    /// Alpha Domain Tag Type
     const ALPHA_DOMAIN_TAG: Self::DomainTag;
 
-    /// Beta Domain Tag for [`hash_to_g2`](Self::hash_to_g2)
+    /// Beta Domain Tag Type
     const BETA_DOMAIN_TAG: Self::DomainTag;
 
-    /// Computes the challenge G2 point from `domain_tag`, `challenge`, and `ratio`.
-    fn hash_to_g2(
-        domain_tag: Self::DomainTag,
-        challenge: &Self::Challenge,
-        ratio: (&Self::G1, &Self::G1),
-    ) -> Self::G2;
+    /// Generates a [`HashToGroup`](Self::HashToGroup) instance paramterized by `domain_tag`.
+    fn hasher(domain_tag: Self::DomainTag) -> Self::HashToGroup;
 
     /// Computes the challenge response from `state`, `challenge`, and `proof`.
     fn response(
@@ -190,9 +154,9 @@ where
         R: CryptoRng + RngCore + ?Sized,
     {
         Some(Proof {
-            tau: RatioProof::build(C::TAU_DOMAIN_TAG, challenge, &self.tau, rng)?,
-            alpha: RatioProof::build(C::ALPHA_DOMAIN_TAG, challenge, &self.alpha, rng)?,
-            beta: RatioProof::build(C::BETA_DOMAIN_TAG, challenge, &self.beta, rng)?,
+            tau: RatioProof::prove(&C::hasher(C::TAU_DOMAIN_TAG), challenge, &self.tau, rng)?,
+            alpha: RatioProof::prove(&C::hasher(C::ALPHA_DOMAIN_TAG), challenge, &self.alpha, rng)?,
+            beta: RatioProof::prove(&C::hasher(C::BETA_DOMAIN_TAG), challenge, &self.beta, rng)?,
         })
     }
 }
@@ -214,88 +178,6 @@ where
     }
 }
 
-/// Pairing Ratio Proof of Knowledge
-#[derive(derivative::Derivative)]
-#[derivative(Clone, Debug, Default, Eq, Hash, PartialEq)]
-pub struct RatioProof<C>
-where
-    C: Pairing + ?Sized,
-{
-    /// Ratio in G1
-    pub ratio: (C::G1, C::G1),
-
-    /// Matching Point in G2
-    pub matching_point: C::G2,
-}
-
-impl<C> RatioProof<C>
-where
-    C: Pairing,
-{
-    /// Builds a [`RatioProof`] for `scalar` against `challenge`.
-    #[inline]
-    pub fn build<R>(
-        domain_tag: C::DomainTag,
-        challenge: &C::Challenge,
-        scalar: &C::Scalar,
-        rng: &mut R,
-    ) -> Option<Self>
-    where
-        C: Configuration,
-        R: CryptoRng + RngCore + ?Sized,
-    {
-        let g1_point = rng.gen::<_, C::G1>();
-        if g1_point.is_zero() {
-            return None;
-        }
-        let scaled_g1_point = g1_point.mul(*scalar).into_affine();
-        if scaled_g1_point.is_zero() {
-            return None;
-        }
-        let ratio = (g1_point, scaled_g1_point);
-        let g2_point = C::hash_to_g2(domain_tag, challenge, (&ratio.0, &ratio.1));
-        if g2_point.is_zero() {
-            return None;
-        }
-        let scaled_g2_point = g2_point.mul(*scalar).into_affine();
-        if scaled_g2_point.is_zero() {
-            return None;
-        }
-        Some(Self {
-            ratio,
-            matching_point: scaled_g2_point,
-        })
-    }
-
-    /// Computes the challenge point that corresponds with the given `challenge`.
-    #[inline]
-    pub fn challenge_point(&self, domain_tag: C::DomainTag, challenge: &C::Challenge) -> C::G2
-    where
-        C: Configuration,
-    {
-        C::hash_to_g2(domain_tag, challenge, (&self.ratio.0, &self.ratio.1))
-    }
-
-    /// Verifies that `self` is a valid ratio proof-of-knowledge, returning the G2 ratio of the
-    /// underlying scalar.
-    #[inline]
-    pub fn verify(
-        self,
-        domain_tag: C::DomainTag,
-        challenge: &C::Challenge,
-    ) -> Option<(C::G2Prepared, C::G2Prepared)>
-    where
-        C: Configuration,
-    {
-        let challenge_point = self.challenge_point(domain_tag, challenge);
-        let ((_, matching_point), (_, challenge_point)) = C::Pairing::same(
-            (self.ratio.0, self.matching_point),
-            (self.ratio.1, challenge_point),
-        )?;
-        Some((matching_point, challenge_point))
-    }
-}
-
 /// Knowledge Proof Certificate
 pub struct KnowledgeProofCertificate<C>
 where
@@ -345,16 +227,19 @@ where
         Ok(KnowledgeProofCertificate {
             tau: self
                 .tau
-                .verify(C::TAU_DOMAIN_TAG, challenge)
-                .ok_or(KnowledgeError::TauKnowledgeProof)?,
+                .verify(&C::hasher(C::TAU_DOMAIN_TAG), challenge)
+                .ok_or(KnowledgeError::TauKnowledgeProof)?
+                .1,
             alpha: self
                 .alpha
-                .verify(C::ALPHA_DOMAIN_TAG, challenge)
-                .ok_or(KnowledgeError::AlphaKnowledgeProof)?,
+                .verify(&C::hasher(C::ALPHA_DOMAIN_TAG), challenge)
+                .ok_or(KnowledgeError::AlphaKnowledgeProof)?
+                .1,
             beta: self
                 .beta
-                .verify(C::BETA_DOMAIN_TAG, challenge)
-                .ok_or(KnowledgeError::BetaKnowledgeProof)?,
+                .verify(&C::hasher(C::BETA_DOMAIN_TAG), challenge)
+                .ok_or(KnowledgeError::BetaKnowledgeProof)?
+                .1,
         })
     }
 }
@@ -502,19 +387,19 @@ where
     C: Pairing + Size + ?Sized,
 {
     /// Vector of Tau Powers in G1 of size [`G1_POWERS`](Size::G1_POWERS)
-    tau_powers_g1: Vec<C::G1>,
+    pub tau_powers_g1: Vec<C::G1>,
 
     /// Vector of Tau Powers in G2 of size [`G2_POWERS`](Size::G2_POWERS)
-    tau_powers_g2: Vec<C::G2>,
+    pub tau_powers_g2: Vec<C::G2>,
 
     /// Vector of Alpha Multiplied by Tau Powers in G1 of size [`G2_POWERS`](Size::G2_POWERS)
-    alpha_tau_powers_g1: Vec<C::G1>,
+    pub alpha_tau_powers_g1: Vec<C::G1>,
 
     /// Vector of Beta Multiplied by Tau Powers in G1 of size [`G2_POWERS`](Size::G2_POWERS)
-    beta_tau_powers_g1: Vec<C::G1>,
+    pub beta_tau_powers_g1: Vec<C::G1>,
 
     /// Beta in G2
-    beta_g2: C::G2,
+    pub beta_g2: C::G2,
 }
 
 impl<C> Accumulator<C>

diff --git a/manta-trusted-setup/src/groth16/mod.rs b/manta-trusted-setup/src/groth16/mod.rs
@@ -17,3 +17,7 @@
 //! Groth16 Trusted Setup
 
 pub mod kzg;
+pub mod mpc;
+
+#[cfg(test)]
+pub mod test;