sync with main branch

Cargo.toml

@@ -9,19 +9,20 @@ readme = "README.md"
 repository = "https://github.com/Microsoft/Nova"
 license-file = "LICENSE"
 keywords = ["zkSNARKs", "cryptography", "proofs"]
+rust-version="1.67.1"
 
 [dependencies]
-bellperson = { version = "0.25", default-features = false }
+bellpepper-core = { version="0.2.0", default-features = false }
+bellpepper = { version="0.2.0", default-features = false }
 ff = { version = "0.13.0", features = ["derive"] }
 digest = "0.10"
 sha3 = "0.10"
 rayon = "1.7"
 rand_core = { version = "0.6", default-features = false }
 rand_chacha = "0.3"
-itertools = "0.11"
 subtle = "2.5"
 pasta_curves = { version = "0.5", features = ["repr-c", "serde"] }
-neptune = { version = "10.0.0", default-features = false }
+neptune = { version = "11.0.0", default-features = false }
 generic-array = "0.14"
 num-bigint = { version = "0.4", features = ["serde", "rand"] }
 num-traits = "0.2"
@@ -31,7 +32,8 @@ bincode = "1.3"
 bitvec = "1.0"
 byteorder = "1.4.3"
 thiserror = "1.0"
-halo2curves = { version = "0.1.0", features = ["derive_serde"] }
+halo2curves = { version = "0.4.0", features = ["derive_serde"] }
+group = "0.13.0"
 log = "0.4.17"
 
 [target.'cfg(any(target_arch = "x86_64", target_arch = "aarch64"))'.dependencies]

benches/compressed-snark.rs

@@ -1,6 +1,6 @@
 #![allow(non_snake_case)]
 
-use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
+use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::marker::PhantomData;
 use criterion::*;
 use ff::PrimeField;
@@ -233,7 +233,7 @@ where
   pub fn new(num_cons: usize) -> Self {
     Self {
       num_cons,
-      _p: Default::default(),
+      _p: PhantomData,
     }
   }
 }

benches/compute-digest.rs

@@ -1,6 +1,6 @@
 use std::{marker::PhantomData, time::Duration};
 
-use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
+use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use criterion::{black_box, criterion_group, criterion_main, Criterion};
 use ff::PrimeField;
 use nova_snark::{
@@ -45,7 +45,7 @@ where
   pub fn new(num_cons: usize) -> Self {
     Self {
       num_cons,
-      _p: Default::default(),
+      _p: PhantomData,
     }
   }
 }

benches/recursive-snark-supernova.rs

@@ -1,6 +1,6 @@
 #![allow(non_snake_case)]
 
-use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
+use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::marker::PhantomData;
 use criterion::*;
 use ff::PrimeField;

benches/recursive-snark.rs

@@ -1,6 +1,6 @@
 #![allow(non_snake_case)]
 
-use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
+use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::marker::PhantomData;
 use criterion::*;
 use ff::PrimeField;
@@ -136,7 +136,7 @@ where
   pub fn new(num_cons: usize) -> Self {
     Self {
       num_cons,
-      _p: Default::default(),
+      _p: PhantomData,
     }
   }
 }

benches/sha256.rs

@@ -5,13 +5,10 @@
 #![allow(non_snake_case)]
 type G1 = pasta_curves::pallas::Point;
 type G2 = pasta_curves::vesta::Point;
-use ::bellperson::{
-  gadgets::{
-    boolean::{AllocatedBit, Boolean},
-    num::{AllocatedNum, Num},
-    sha256::sha256,
-    Assignment,
-  },
+use bellpepper::gadgets::{sha256::sha256, Assignment};
+use bellpepper_core::{
+  boolean::{AllocatedBit, Boolean},
+  num::{AllocatedNum, Num},
   ConstraintSystem, SynthesisError,
 };
 use core::time::Duration;
@@ -37,7 +34,7 @@ impl<Scalar: PrimeField + PrimeFieldBits> Sha256Circuit<Scalar> {
   pub fn new(preimage: Vec<u8>) -> Self {
     Self {
       preimage,
-      _p: Default::default(),
+      _p: PhantomData,
     }
   }
 }

examples/minroot.rs

@@ -3,7 +3,7 @@
 //! We execute a configurable number of iterations of the MinRoot function per step of Nova's recursion.
 type G1 = pasta_curves::pallas::Point;
 type G2 = pasta_curves::vesta::Point;
-use ::bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
+use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use ff::PrimeField;
 use flate2::{write::ZlibEncoder, Compression};
 use nova_snark::{

examples/signature.rs

@@ -1,6 +1,5 @@
-use bellperson::{
-  gadgets::{boolean::AllocatedBit, test::TestConstraintSystem},
-  ConstraintSystem, SynthesisError,
+use bellpepper_core::{
+  boolean::AllocatedBit, test_cs::TestConstraintSystem, ConstraintSystem, SynthesisError,
 };
 use core::ops::{AddAssign, MulAssign};
 use ff::{
@@ -179,7 +178,7 @@ impl<E: AsRef<[u64]>> Iterator for BitIterator<E> {
 // Synthesize a bit representation into circuit gadgets.
 pub fn synthesize_bits<F: PrimeField, CS: ConstraintSystem<F>>(
   cs: &mut CS,
-  bits: Option<Vec<bool>>,
+  bits: &Option<Vec<bool>>,
 ) -> Result<Vec<AllocatedBit>, SynthesisError> {
   (0..F::NUM_BITS)
     .map(|i| {
@@ -193,10 +192,10 @@ pub fn synthesize_bits<F: PrimeField, CS: ConstraintSystem<F>>(
 
 pub fn verify_signature<G: NovaGroup, CS: ConstraintSystem<G::Base>>(
   cs: &mut CS,
-  pk: AllocatedPoint<G>,
-  r: AllocatedPoint<G>,
-  s_bits: Vec<AllocatedBit>,
-  c_bits: Vec<AllocatedBit>,
+  pk: &AllocatedPoint<G>,
+  r: &AllocatedPoint<G>,
+  s_bits: &[AllocatedBit],
+  c_bits: &[AllocatedBit],
 ) -> Result<(), SynthesisError> {
   let g = AllocatedPoint::<G>::alloc(
     cs.namespace(|| "g"),
@@ -233,9 +232,9 @@ pub fn verify_signature<G: NovaGroup, CS: ConstraintSystem<G::Base>>(
     |lc| lc + (G::Base::from_str_vartime("2").unwrap(), CS::one()),
   );
 
-  let sg = g.scalar_mul(cs.namespace(|| "[s]G"), &s_bits)?;
-  let cpk = pk.scalar_mul(&mut cs.namespace(|| "[c]PK"), &c_bits)?;
-  let rcpk = cpk.add(&mut cs.namespace(|| "R + [c]PK"), &r)?;
+  let sg = g.scalar_mul(cs.namespace(|| "[s]G"), s_bits)?;
+  let cpk = pk.scalar_mul(&mut cs.namespace(|| "[c]PK"), c_bits)?;
+  let rcpk = cpk.add(&mut cs.namespace(|| "R + [c]PK"), r)?;
 
   let (rcpk_x, rcpk_y, _) = rcpk.get_coordinates();
   let (sg_x, sg_y, _) = sg.get_coordinates();
@@ -298,16 +297,16 @@ fn main() {
       .map(|b| *b)
       .collect::<Vec<bool>>();
 
-    synthesize_bits(&mut cs.namespace(|| "s bits"), Some(s_bits)).unwrap()
+    synthesize_bits(&mut cs.namespace(|| "s bits"), &Some(s_bits)).unwrap()
   };
   let c = {
     let c_bits = c.to_le_bits().iter().map(|b| *b).collect::<Vec<bool>>();
 
-    synthesize_bits(&mut cs.namespace(|| "c bits"), Some(c_bits)).unwrap()
+    synthesize_bits(&mut cs.namespace(|| "c bits"), &Some(c_bits)).unwrap()
   };
 
   // Check the signature was signed by the correct sk using the pk
-  verify_signature(&mut cs, pk, r, s, c).unwrap();
+  verify_signature(&mut cs, &pk, &r, &s, &c).unwrap();
 
   assert!(cs.is_satisfied());
 }

src/bellperson/mod.rs → src/bellpepper/mod.rs

@@ -1,22 +1,23 @@
-//! Support for generating R1CS from [Bellperson].
+//! Support for generating R1CS from [Bellpepper].
 //!
-//! [Bellperson]: https://github.com/filecoin-project/bellperson
+//! [Bellpepper]: https://github.com/lurk-lab/bellpepper
 
 pub mod r1cs;
 pub mod shape_cs;
 pub mod solver;
+pub mod test_shape_cs;
 
 #[cfg(test)]
 mod tests {
   use crate::{
-    bellperson::{
+    bellpepper::{
       r1cs::{NovaShape, NovaWitness},
       shape_cs::ShapeCS,
       solver::SatisfyingAssignment,
     },
     traits::Group,
   };
-  use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
+  use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
   use ff::PrimeField;
 
   fn synthesize_alloc_bit<Fr: PrimeField, CS: ConstraintSystem<Fr>>(

src/bellperson/r1cs.rs → src/bellpepper/r1cs.rs

@@ -1,15 +1,15 @@
-//! Support for generating R1CS using bellperson.
+//! Support for generating R1CS using bellpepper.
 
 #![allow(non_snake_case)]
 
-use super::{shape_cs::ShapeCS, solver::SatisfyingAssignment};
+use super::{shape_cs::ShapeCS, solver::SatisfyingAssignment, test_shape_cs::TestShapeCS};
 use crate::{
   errors::NovaError,
   r1cs::{R1CSInstance, R1CSShape, R1CSWitness, R1CS},
   traits::Group,
   CommitmentKey,
 };
-use bellperson::{Index, LinearCombination};
+use bellpepper_core::{Index, LinearCombination};
 use ff::PrimeField;
 
 /// `NovaWitness` provide a method for acquiring an `R1CSInstance` and `R1CSWitness` from implementers.
@@ -52,41 +52,51 @@ impl<G: Group> NovaWitness<G> for SatisfyingAssignment<G> {
   }
 }
 
-impl<G: Group> NovaShape<G> for ShapeCS<G> {
-  fn r1cs_shape(&self) -> R1CSShape<G> {
-    let mut A: Vec<(usize, usize, G::Scalar)> = Vec::new();
-    let mut B: Vec<(usize, usize, G::Scalar)> = Vec::new();
-    let mut C: Vec<(usize, usize, G::Scalar)> = Vec::new();
-
-    let mut num_cons_added = 0;
-    let mut X = (&mut A, &mut B, &mut C, &mut num_cons_added);
-
-    let num_inputs = self.num_inputs();
-    let num_constraints = self.num_constraints();
-    let num_vars = self.num_aux();
-
-    for constraint in self.constraints.iter() {
-      add_constraint(
-        &mut X,
-        num_vars,
-        &constraint.0,
-        &constraint.1,
-        &constraint.2,
-      );
+macro_rules! impl_nova_shape {
+  ( $name:ident) => {
+    impl<G: Group> NovaShape<G> for $name<G>
+    where
+      G::Scalar: PrimeField,
+    {
+      fn r1cs_shape(&self) -> R1CSShape<G> {
+        let mut A: Vec<(usize, usize, G::Scalar)> = Vec::new();
+        let mut B: Vec<(usize, usize, G::Scalar)> = Vec::new();
+        let mut C: Vec<(usize, usize, G::Scalar)> = Vec::new();
+
+        let mut num_cons_added = 0;
+        let mut X = (&mut A, &mut B, &mut C, &mut num_cons_added);
+
+        let num_inputs = self.num_inputs();
+        let num_constraints = self.num_constraints();
+        let num_vars = self.num_aux();
+
+        for constraint in self.constraints.iter() {
+          add_constraint(
+            &mut X,
+            num_vars,
+            &constraint.0,
+            &constraint.1,
+            &constraint.2,
+          );
+        }
+
+        assert_eq!(num_cons_added, num_constraints);
+
+        let S: R1CSShape<G> = {
+          // Don't count One as an input for shape's purposes.
+          let res = R1CSShape::new(num_constraints, num_vars, num_inputs - 1, &A, &B, &C);
+          res.unwrap()
+        };
+
+        S
+      }
     }
-
-    assert_eq!(num_cons_added, num_constraints);
-
-    let S: R1CSShape<G> = {
-      // Don't count One as an input for shape's purposes.
-      let res = R1CSShape::new(num_constraints, num_vars, num_inputs - 1, &A, &B, &C);
-      res.unwrap()
-    };
-
-    S
-  }
+  };
 }
 
+impl_nova_shape!(ShapeCS);
+impl_nova_shape!(TestShapeCS);
+
 fn add_constraint<S: PrimeField>(
   X: &mut (
     &mut Vec<(usize, usize, S)>,