diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 6bec65d..9d63802 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -1,10 +1,16 @@ name: Rust on: + # Run CI on push only for 'main' branch push: - branches: [ "**" ] + branches: [master] + # Run CI on pull request for all branches pull_request: - branches: [ "**" ] + branches: ["**"] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true env: CARGO_TERM_COLOR: always @@ -12,8 +18,23 @@ env: RUST_BACKTRACE: 1 jobs: + format: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v3 + - name: Install toolchain + uses: actions-rs/toolchain@v1 + with: + profile: minimal + toolchain: stable + components: rustfmt + - name: Format + run: cargo fmt --all --check + build: runs-on: ubuntu-latest + timeout-minutes: 5 steps: - uses: actions/checkout@v3 - name: Install toolchain @@ -26,6 +47,7 @@ jobs: build-wasm32: runs-on: ubuntu-latest + timeout-minutes: 5 steps: - uses: actions/checkout@v3 - name: Install toolchain @@ -39,6 +61,7 @@ jobs: test: runs-on: ubuntu-latest + timeout-minutes: 5 steps: - uses: actions/checkout@v3 - name: Install toolchain @@ -48,3 +71,4 @@ jobs: toolchain: stable - name: Run tests run: cargo test --release + diff --git a/Cargo.toml b/Cargo.toml index c1ae074..9fd3cfa 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,10 +6,10 @@ members = [ ] [workspace.dependencies] -ark-std = { version = "0.4", default-features = false } -ark-ff = { version = "0.4", default-features = false } -ark-ec = { version = "0.4", default-features = false } -ark-poly = { version = "0.4", default-features = false } -ark-serialize = { version = "0.4", default-features = false, features = ["derive"] } +ark-std = { version = "0.5", default-features = false } +ark-ff = { version = "0.5", default-features = false } +ark-ec = { version = "0.5", default-features = false } +ark-poly = { version = "0.5", default-features = false } +ark-serialize = { version = "0.5", default-features = false, features = ["derive"] } fflonk = { git = "https://github.com/w3f/fflonk", default-features = false } rayon = { version = "1", default-features = false } diff --git a/common/Cargo.toml b/common/Cargo.toml index fe150fc..ab9b89f 100644 --- a/common/Cargo.toml +++ b/common/Cargo.toml @@ -5,7 +5,7 @@ edition = "2021" authors = ["Sergey Vasilyev "] license = "MIT/Apache-2.0" description = "Infrastructure for creating plonk-like proofs" -keywords = ["crypto", "cryptography", "plonk"] +keywords = ["cryptography", "plonk"] [dependencies] ark-std.workspace = true @@ -18,7 +18,7 @@ rayon = { workspace = true, optional = true } getrandom_or_panic = { version = "0.0.3", default-features = false } [dev-dependencies] -ark-ed-on-bls12-381-bandersnatch = { version = "0.4", default-features = false } +ark-ed-on-bls12-381-bandersnatch = { version = "0.5", default-features = false } [features] default = ["std"] diff --git a/common/src/domain.rs b/common/src/domain.rs index fe74227..d576c69 100644 --- a/common/src/domain.rs +++ b/common/src/domain.rs @@ -98,11 +98,9 @@ impl Domain { pub(crate) fn divide_by_vanishing_poly(&self, poly: &DensePolynomial) -> DensePolynomial { let (quotient, remainder) = if self.hiding { let exclude_zk_rows = poly * self.zk_rows_vanishing_poly.as_ref().unwrap(); - exclude_zk_rows - .divide_by_vanishing_poly(self.domains.x1) - .unwrap() //TODO error-handling + exclude_zk_rows.divide_by_vanishing_poly(self.domains.x1) } else { - poly.divide_by_vanishing_poly(self.domains.x1).unwrap() //TODO error-handling + poly.divide_by_vanishing_poly(self.domains.x1) }; assert!(remainder.is_zero()); //TODO error-handling quotient diff --git a/common/src/gadgets/booleanity.rs b/common/src/gadgets/booleanity.rs index 92d180a..46820e2 100644 --- a/common/src/gadgets/booleanity.rs +++ b/common/src/gadgets/booleanity.rs @@ -42,7 +42,7 @@ pub struct Booleanity { bits: BitColumn, } -impl Booleanity { +impl<'a, F: FftField> Booleanity { pub fn init(bits: BitColumn) -> Self { Self { bits } } diff --git a/common/src/gadgets/mod.rs b/common/src/gadgets/mod.rs index e1d4d85..fa9fce2 100644 --- a/common/src/gadgets/mod.rs +++ b/common/src/gadgets/mod.rs @@ -5,6 +5,7 @@ use ark_std::vec::Vec; pub mod booleanity; pub mod cond_add; +// pub mod inner_prod_pub; pub mod fixed_cells; pub mod inner_prod; pub mod powers_of_two_multiples; diff --git a/common/src/gadgets/powers_of_two_multiples.rs b/common/src/gadgets/powers_of_two_multiples.rs index 7632f0a..807e551 100644 --- a/common/src/gadgets/powers_of_two_multiples.rs +++ b/common/src/gadgets/powers_of_two_multiples.rs @@ -1,6 +1,6 @@ use core::marker::PhantomData; -use ark_ec::{AffineRepr, CurveGroup, Group}; +use ark_ec::{AdditiveGroup, AffineRepr, CurveGroup}; use ark_ff::{FftField, Field, PrimeField}; use ark_poly::univariate::DensePolynomial; use ark_poly::{Evaluations, GeneralEvaluationDomain}; @@ -73,7 +73,7 @@ where fn evaluate_assignment(&self, z: &F) -> PowersOfTwoMultipleValuesTE { PowersOfTwoMultipleValuesTE { - point: (*self.point.x().unwrap(), *self.point.y().unwrap()), + point: (self.point.x().unwrap(), self.point.y().unwrap()), not_last: self.not_last.evaluate(z), multiples: self.multiples.evaluate(z), _curve: PhantomData, diff --git a/common/src/gadgets/sw_cond_add.rs b/common/src/gadgets/sw_cond_add.rs index 96e706d..4fb0eab 100644 --- a/common/src/gadgets/sw_cond_add.rs +++ b/common/src/gadgets/sw_cond_add.rs @@ -239,6 +239,7 @@ where let mut c1 = b * ((x1 - x2) * (x1 - x2) * (x1 + x2 + x3) - (y2 - y1) * (y2 - y1)) + (F::one() - b) * (y3 - y1); + #[rustfmt::skip] let mut c2 = b * ((x1 - x2) * (y3 + y1) - (y2 - y1) * (x3 - x1)) + (F::one() - b) * (x3 - x1); diff --git a/common/src/test_helpers.rs b/common/src/test_helpers.rs index f3c2926..83cf31b 100644 --- a/common/src/test_helpers.rs +++ b/common/src/test_helpers.rs @@ -1,4 +1,4 @@ -use ark_ec::{AffineRepr, CurveGroup, Group}; +use ark_ec::{AdditiveGroup, AffineRepr, CurveGroup}; use ark_std::rand::Rng; use ark_std::vec::Vec; use ark_std::UniformRand; diff --git a/common/src/transcript.rs b/common/src/transcript.rs index c64ed98..a0e279b 100644 --- a/common/src/transcript.rs +++ b/common/src/transcript.rs @@ -36,6 +36,11 @@ pub trait PlonkTranscript>: Clone { self._add_serializable(b"quotient", point); } + fn add_kzg_proofs(&mut self, in_zeta: &CS::Proof, in_zeta_omega: &CS::Proof) { + self._add_serializable(b"kzg_proof_zeta", in_zeta); + self._add_serializable(b"kzg_proof_zeta_omega", in_zeta_omega); + } + fn get_evaluation_point(&mut self) -> F { self._128_bit_point(b"evaluation_point") } diff --git a/common/src/verifier.rs b/common/src/verifier.rs index a59fbfa..4d94b97 100644 --- a/common/src/verifier.rs +++ b/common/src/verifier.rs @@ -6,9 +6,7 @@ use fflonk::pcs::{Commitment, PcsParams, PCS}; use crate::piop::VerifierPiop; use crate::transcript::PlonkTranscript; -use crate::ColumnsCommited; -use crate::ColumnsEvaluated; -use crate::Proof; +use crate::{ColumnsCommited, ColumnsEvaluated, Proof}; pub struct PlonkVerifier, T: PlonkTranscript> { // Polynomial commitment scheme verifier's key. @@ -110,8 +108,8 @@ impl, T: PlonkTranscript> PlonkVerifier"] license = "MIT/Apache-2.0" description = "zk-proof of knowledge of the blinding factor for a Pedersen commitment" -keywords = ["crypto", "cryptography", "zk-proof"] +keywords = ["cryptography", "ring-vrf"] [dependencies] ark-std.workspace = true @@ -16,12 +16,12 @@ ark-serialize.workspace = true fflonk.workspace = true rayon = { workspace = true, optional = true } common = { path = "../common", default-features = false } -arrayvec = { version = "0.7", default-features = false } -ark-transcript = { version = "0.0.2", default-features = false } +blake2 = { version = "0.10", default-features = false } +ark-transcript = { git = "https://github.com/w3f/ark-transcript", default-features = false } [dev-dependencies] -ark-bls12-381 = { version = "0.4", default-features = false, features = ["curve"] } -ark-ed-on-bls12-381-bandersnatch = { version = "0.4", default-features = false } +ark-bls12-381 = { version = "0.5", default-features = false, features = ["curve"] } +ark-ed-on-bls12-381-bandersnatch = { version = "0.5", default-features = false } [features] default = [ "std" ] diff --git a/ring/src/piop/mod.rs b/ring/src/piop/mod.rs index 7434eb8..8a8a16b 100644 --- a/ring/src/piop/mod.rs +++ b/ring/src/piop/mod.rs @@ -21,81 +21,11 @@ pub mod params; mod prover; mod verifier; -// Workaround while waiting for https://github.com/arkworks-rs/algebra/pull/837 -// to be on [crates.io](https://crates.io/crates/ark-serialize) (allegedly ark-serialize 0.4.3 ) -mod ark_serialize_837 { - use ark_serialize::{ - CanonicalDeserialize, CanonicalSerialize, Compress, Read, SerializationError, Valid, - Validate, - }; - - #[derive(Clone, CanonicalSerialize)] - #[repr(transparent)] - pub struct ArrayWrap(pub [T; N]); - - impl Valid for ArrayWrap { - fn check(&self) -> Result<(), SerializationError> { - self.0.check() - } - } - - impl CanonicalDeserialize - for ArrayWrap - { - fn deserialize_with_mode( - mut reader: R, - compress: Compress, - validate: Validate, - ) -> Result { - let mut array = arrayvec::ArrayVec::::new(); - for _ in 0..N { - array.push(T::deserialize_with_mode( - &mut reader, - compress, - Validate::No, - )?); - } - if let ark_serialize::Validate::Yes = validate { - T::batch_check(array.iter())? - } - Ok(ArrayWrap(array.into_inner().ok().unwrap())) - } - } - - impl core::ops::Deref - for ArrayWrap - { - type Target = [T; N]; - - fn deref(&self) -> &Self::Target { - &self.0 - } - } - - // This is expected to panic until https://github.com/arkworks-rs/algebra/pull/837 - // doesn't land on crates.io - #[test] - #[should_panic] - fn panics_without_ark_serialize_827() { - let buf = [0u8; 96]; - let res = <[ark_bls12_381::G1Affine; 2]>::deserialize_compressed(&buf[..]); - assert!(res.is_err()); - } - - #[test] - fn workaround_waiting_for_ark_serialize_837() { - let buf = [0u8; 96]; - let res = >::deserialize_compressed(&buf[..]); - assert!(res.is_err()); - } -} -use ark_serialize_837::*; - #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] pub struct RingCommitments> { pub(crate) bits: C, pub(crate) inn_prod_acc: C, - pub(crate) cond_add_acc: ArrayWrap, + pub(crate) cond_add_acc: [C; 2], pub(crate) phantom: PhantomData, } @@ -112,11 +42,11 @@ impl> ColumnsCommited for RingCommitments< #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] pub struct RingEvaluations { - pub(crate) points: ArrayWrap, + pub(crate) points: [F; 2], pub(crate) ring_selector: F, pub(crate) bits: F, pub(crate) inn_prod_acc: F, - pub(crate) cond_add_acc: ArrayWrap, + pub(crate) cond_add_acc: [F; 2], } impl ColumnsEvaluated for RingEvaluations { diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs index c6d9d8d..30160e6 100644 --- a/ring/src/piop/params.rs +++ b/ring/src/piop/params.rs @@ -1,4 +1,4 @@ -use ark_ec::{AffineRepr, CurveGroup, Group}; +use ark_ec::{AdditiveGroup, AffineRepr, CurveGroup}; use ark_ff::{BigInteger, PrimeField}; use ark_std::{vec, vec::Vec}; @@ -47,7 +47,7 @@ impl> PiopParams { pub fn fixed_columns(&self, keys: &[P]) -> FixedColumns { let ring_selector = self.keyset_part_selector(); let ring_selector = self.domain.public_column(ring_selector); - let points = self.points_column(keys); + let points = self.points_column(&keys); FixedColumns { points, ring_selector, @@ -87,10 +87,6 @@ impl> PiopParams { ] .concat() } - - pub fn padding_point(&self) -> P { - self.padding_point - } } #[cfg(test)] diff --git a/ring/src/piop/prover.rs b/ring/src/piop/prover.rs index 2db52be..43cba22 100644 --- a/ring/src/piop/prover.rs +++ b/ring/src/piop/prover.rs @@ -103,10 +103,10 @@ where commit: Fun, ) -> Self::Commitments { let bits = commit(self.bits.as_poly()); - let cond_add_acc = super::ArrayWrap([ + let cond_add_acc = [ commit(self.cond_add.get_acc().xs.as_poly()), commit(self.cond_add.get_acc().ys.as_poly()), - ]); + ]; let inn_prod_acc = commit(self.inner_prod.acc.as_poly()); Self::Commitments { bits, @@ -131,15 +131,14 @@ where } fn columns_evaluated(&self, zeta: &F) -> Self::Evaluations { - let points = - super::ArrayWrap([self.points.xs.evaluate(zeta), self.points.ys.evaluate(zeta)]); + let points = [self.points.xs.evaluate(zeta), self.points.ys.evaluate(zeta)]; let ring_selector = self.ring_selector.evaluate(zeta); let bits = self.bits.evaluate(zeta); let inn_prod_acc = self.inner_prod.acc.evaluate(zeta); - let cond_add_acc = super::ArrayWrap([ + let cond_add_acc = [ self.cond_add.get_acc().xs.evaluate(zeta), self.cond_add.get_acc().ys.evaluate(zeta), - ]); + ]; Self::Evaluations { points, ring_selector, diff --git a/ring/src/ring.rs b/ring/src/ring.rs index fe55443..a8dcdfa 100644 --- a/ring/src/ring.rs +++ b/ring/src/ring.rs @@ -88,10 +88,10 @@ impl, P: AffineRepr, Vec) = powers_of_h .iter() .map(|p| p.xy().unwrap()) - .map(|(&x, &y)| (x - padding_x, y - padding_y)) + .map(|(x, y)| (x - padding_x, y - padding_y)) .unzip(); - xs.resize(xs.len() + IDLE_ROWS, -*padding_x); - ys.resize(ys.len() + IDLE_ROWS, -*padding_y); + xs.resize(xs.len() + IDLE_ROWS, -padding_x); + ys.resize(ys.len() + IDLE_ROWS, -padding_y); let domain_size = piop_params.domain.domain().size(); let srs_segment = &srs(piop_params.keyset_part_size..domain_size).unwrap(); let c2x = KzgCurve::G1::msm(srs_segment, &xs).unwrap(); @@ -127,7 +127,7 @@ impl, P: AffineRepr, Vec) = keys .iter() .map(|p| p.xy().unwrap()) - .map(|(&x, &y)| (x - padding_x, y - padding_y)) + .map(|(x, y)| (x - padding_x, y - padding_y)) .unzip(); let srs_segment = &srs(self.curr_keys..self.curr_keys + keys.len()).unwrap(); let cx_delta = KzgCurve::G1::msm(srs_segment, &xs).unwrap(); @@ -153,7 +153,7 @@ impl, P: AffineRepr, ) -> Self { let padding_point = piop_params.padding_point; - let (&padding_x, &padding_y) = padding_point.xy().unwrap(); // panics on inf, never happens + let (padding_x, padding_y) = padding_point.xy().unwrap(); // panics on inf, never happens let powers_of_h = piop_params.power_of_2_multiples_of_h(); // Computes @@ -165,7 +165,7 @@ impl, P: AffineRepr, P: AffineRepr, - T: PlonkTranscript = ArkTranscript, + T: PlonkTranscript, > { piop_params: PiopParams, fixed_columns: FixedColumns, diff --git a/ring/src/ring_verifier.rs b/ring/src/ring_verifier.rs index a9c83a6..f9a2476 100644 --- a/ring/src/ring_verifier.rs +++ b/ring/src/ring_verifier.rs @@ -10,15 +10,15 @@ use common::piop::VerifierPiop; use common::transcript::PlonkTranscript; use common::verifier::PlonkVerifier; -use crate::piop::{params::PiopParams, FixedColumnsCommitted, PiopVerifier, VerifierKey}; -use crate::ArkTranscript; +use crate::piop::params::PiopParams; +use crate::piop::{FixedColumnsCommitted, PiopVerifier, VerifierKey}; use crate::RingProof; pub struct RingVerifier< F: PrimeField, CS: PCS, P: AffineRepr, - T: PlonkTranscript = ArkTranscript, + T: PlonkTranscript, > { piop_params: PiopParams, fixed_columns_committed: FixedColumnsCommitted, @@ -65,11 +65,8 @@ where self.fixed_columns_committed.clone(), proof.column_commitments.clone(), proof.columns_at_zeta.clone(), - (*seed.x().unwrap(), *seed.y().unwrap()), - ( - *seed_plus_result.x().unwrap(), - *seed_plus_result.y().unwrap(), - ), + (seed.x().unwrap(), seed.y().unwrap()), + (seed_plus_result.x().unwrap(), seed_plus_result.y().unwrap()), ); self.plonk_verifier