Circuit

Cargo.toml

@@ -4,7 +4,7 @@ members = [
 #    "evm-vrfier",
     "pasta-tree",
     "w3f-plonk-common",
-    "w3f-ring-proof",
+#    "w3f-ring-proof",
     #    "w3f-ring-vrf-snark",
 ]
 

pasta-tree/Cargo.toml

@@ -11,7 +11,7 @@ repository = "https://github.com/w3f/ring-proof"
 [dependencies]
 w3f-pcs.workspace = true
 w3f-plonk-common.workspace = true
-w3f-ring-proof = { path = "../w3f-ring-proof", default-features = false }
+#w3f-ring-proof = { path = "../w3f-ring-proof", default-features = false }
 ark-pallas = { version = "0.6", default-features = false, features = ["curve"] }
 ark-vesta = { version = "0.6", default-features = false }
 ark-transcript.workspace = true
@@ -23,7 +23,9 @@ ark-serialize.workspace = true
 rayon = { workspace = true, optional = true }
 
 [dev-dependencies]
+num-format = "0.4"
 ark-bls12-381.workspace = true
+ark-ed-on-bls12-381-bandersnatch.workspace = true
 criterion.workspace = true
 
 [features]
@@ -36,7 +38,7 @@ std = [
     "ark-serialize/std",
     "w3f-pcs/std",
     "w3f-plonk-common/std",
-    "w3f-ring-proof/std",
+#    "w3f-ring-proof/std",
 ]
 parallel = [
     "std",
@@ -47,7 +49,7 @@ parallel = [
     "ark-poly/parallel",
     "w3f-pcs/parallel",
     "w3f-plonk-common/parallel",
-    "w3f-ring-proof/parallel",
+#    "w3f-ring-proof/parallel",
 ]
 print-trace = ["ark-std/print-trace", ]
 asm = ["w3f-pcs/asm"]

pasta-tree/src/auth_path/blinded.rs

@@ -1,7 +1,8 @@
 use crate::auth_path::node::LevelWitnessWithBlinding;
-use crate::{CycleParams, CycleSide};
+use crate::{CircuitParams, CycleParams, CycleSide};
 use ark_ec::CurveGroup;
 use ark_ff::PrimeField;
+use w3f_pcs::pcs::ipa::hiding::HidingIpa;
 
 pub struct AuthenticationPathWithBlinding<C0: CurveGroup, C1: CurveGroup> {
     pub(crate) c0_path: Vec<LevelWitnessWithBlinding<C0::Affine>>,
@@ -14,41 +15,36 @@ pub struct BlindedAuthenticationPath<C0: CurveGroup, C1: CurveGroup> {
     pub(crate) c1_path: Vec<C1::Affine>,
 }
 
-impl<F0, F1, C0, C1> AuthenticationPathWithBlinding<C0, C1>
+impl<C0, C1> AuthenticationPathWithBlinding<C0, C1>
 where
-    F0: PrimeField,
-    F1: PrimeField,
-    C0: CurveGroup<BaseField = F1, ScalarField = F0>,
-    C1: CurveGroup<BaseField = F0, ScalarField = F1>,
+    C0: CurveGroup<BaseField: PrimeField>,
+    C1: CurveGroup<BaseField = C0::ScalarField, ScalarField = C0::BaseField>,
 {
     pub(crate) fn apply_bfs(
         &self,
-        params: &CycleParams<C0, C1>,
+        c0_pcs_params: &HidingIpa<C0>,
+        c1_pcs_params: &HidingIpa<C1>,
     ) -> BlindedAuthenticationPath<C0, C1> {
         let c0_path = self
             .c0_path
             .iter()
-            .map(|c0_level| {
-                c0_level
-                    .blinded_path_node(&params.c0_params.pcs_params)
-                    .unwrap()
-            })
+            .map(|c0_level| c0_level.blinded_path_node(c0_pcs_params).unwrap())
             .collect();
         let c1_path = self
             .c1_path
             .iter()
-            .map(|c1_level| {
-                c1_level
-                    .blinded_path_node(&params.c1_params.pcs_params)
-                    .unwrap()
-            })
+            .map(|c1_level| c1_level.blinded_path_node(c1_pcs_params).unwrap())
             .collect();
         BlindedAuthenticationPath { c0_path, c1_path }
     }
-    pub fn compute_root(
+    pub fn compute_root<P0, P1>(
         &self,
-        params: &CycleParams<C0, C1>,
-    ) -> Result<CycleSide<C0::Affine, C1::Affine>, ()> {
+        params: &CycleParams<C0, C1, P0, P1>,
+    ) -> Result<CycleSide<C0::Affine, C1::Affine>, ()>
+    where
+        P0: CircuitParams<C0, C1::Affine>,
+        P1: CircuitParams<C1, C0::Affine>,
+    {
         let mut c0_path_iter = self.c0_path.iter();
         let c0_nodes = c0_path_iter.next().unwrap();
         let mut parent_on_c1 = c0_nodes.compute_parent(&params.c1_params)?;

pasta-tree/src/auth_path/node.rs

@@ -1,4 +1,4 @@
-use crate::CycleSideParams;
+use crate::{CircuitParams, CycleSideParams};
 use ark_ec::{AffineRepr, CurveGroup};
 use ark_ff::{PrimeField, Zero};
 use ark_std::UniformRand;
@@ -53,29 +53,31 @@ impl<G: AffineRepr> LevelWitness<G> {
         self.with_blinding(G::ScalarField::rand(rng), parent_bf)
     }
 
-    pub fn compute_parent<C: CurveGroup<ScalarField = G::BaseField>>(
-        &self,
-        params: &CycleSideParams<C, G>,
-    ) -> Result<C::Affine, ()>
+    pub fn compute_parent<C, P>(&self, params: &CycleSideParams<C, G, P>) -> Result<C::Affine, ()>
     where
         G::BaseField: PrimeField,
+        C: CurveGroup<ScalarField = G::BaseField>,
+        P: CircuitParams<C, G>,
     {
         self.compute_parent_with_bf(params, C::ScalarField::zero())
     }
 
-    fn compute_parent_with_bf<C: CurveGroup<ScalarField = G::BaseField>>(
+    fn compute_parent_with_bf<C, P>(
         &self,
-        params: &CycleSideParams<C, G>,
+        params: &CycleSideParams<C, G, P>,
         bf: C::ScalarField,
     ) -> Result<C::Affine, ()>
     where
         G::BaseField: PrimeField,
+        C: CurveGroup<ScalarField = G::BaseField>,
+        P: CircuitParams<C, G>,
     {
-        params.commit_nodes(&self.siblings, bf)
+        params.commit_tree_nodes(&self.x_coords(), bf).map(|c| c.0)
     }
 }
 
 /// NB! It is not "blinded", meaning that the blinding factor hasn't been applied.
+#[derive(Clone)]
 pub struct LevelWitnessWithBlinding<G: AffineRepr> {
     pub(crate) level_witness: LevelWitness<G>,
     /// the verifier gets `Ci' = siblings[i] + bf.H`
@@ -98,12 +100,14 @@ impl<G: AffineRepr> LevelWitnessWithBlinding<G> {
         Ok(blinded_path_node.0)
     }
 
-    pub(crate) fn compute_parent<C: CurveGroup<ScalarField = G::BaseField>>(
+    pub(crate) fn compute_parent<C, P>(
         &self,
-        params: &CycleSideParams<C, G>,
+        params: &CycleSideParams<C, G, P>,
     ) -> Result<C::Affine, ()>
     where
         G::BaseField: PrimeField,
+        C: CurveGroup<ScalarField = G::BaseField>,
+        P: CircuitParams<C, G>,
     {
         self.level_witness
             .compute_parent_with_bf(params, self.parent_bf)

pasta-tree/src/auth_path/path.rs

@@ -1,8 +1,9 @@
 use crate::auth_path::blinded::AuthenticationPathWithBlinding;
 use crate::auth_path::node::LevelWitness;
-use crate::{CycleParams, CycleSide};
+use crate::{CircuitParams, CycleParams, CycleSide};
 use ark_ec::CurveGroup;
-use ark_ff::PrimeField;
+use ark_ff::UniformRand;
+use ark_ff::{PrimeField, Zero};
 use ark_std::rand::Rng;
 
 /// A non-hiding authentication path from a leaf to the root, split between the curves of the cycle.
@@ -19,27 +20,25 @@ pub struct AuthenticationPath<C0: CurveGroup, C1: CurveGroup> {
     pub c1_path: Vec<LevelWitness<C1::Affine>>,
 }
 
-impl<F0, F1, C0, C1> AuthenticationPath<C0, C1>
+impl<C0, C1> AuthenticationPath<C0, C1>
 where
-    F0: PrimeField,
-    F1: PrimeField,
-    C0: CurveGroup<BaseField = F1, ScalarField = F0>,
-    C1: CurveGroup<BaseField = F0, ScalarField = F1>,
+    C0: CurveGroup<BaseField: PrimeField>,
+    C1: CurveGroup<BaseField = C0::ScalarField, ScalarField = C0::BaseField>,
 {
     pub fn with_blinding<R: Rng>(&self, rng: &mut R) -> AuthenticationPathWithBlinding<C0, C1> {
         let mut path_0 = Vec::with_capacity(self.c0_path.len());
         let mut path_1 = Vec::with_capacity(self.c1_path.len());
 
         let mut c0_path_iter = self.c0_path.iter();
         let mut c0_nodes = c0_path_iter.next().unwrap(); // shouldn't be empty
-        let mut c0_bf = C0::ScalarField::rand(rng);
+        let mut c0_bf = C0::ScalarField::from(u128::rand(rng));
         for c1_nodes in self.c1_path.iter() {
-            let c1_bf = C1::ScalarField::rand(rng);
+            let c1_bf = C1::ScalarField::from(u128::rand(rng));
             path_0.push(c0_nodes.with_blinding(c0_bf, c1_bf));
             match c0_path_iter.next() {
                 Some(c0_nodes_) => {
                     c0_nodes = c0_nodes_;
-                    c0_bf = C0::ScalarField::rand(rng);
+                    c0_bf = C0::ScalarField::from(u128::rand(rng));
                     path_1.push(c1_nodes.with_blinding(c1_bf, c0_bf));
                 }
                 None => {
@@ -69,10 +68,14 @@ where
         self.c0_path[0].path_node()
     }
 
-    pub fn compute_root(
+    pub fn compute_root<P0, P1>(
         &self,
-        params: &CycleParams<C0, C1>,
-    ) -> Result<CycleSide<C0::Affine, C1::Affine>, ()> {
+        params: &CycleParams<C0, C1, P0, P1>,
+    ) -> Result<CycleSide<C0::Affine, C1::Affine>, ()>
+    where
+        P0: CircuitParams<C0, C1::Affine>,
+        P1: CircuitParams<C1, C0::Affine>,
+    {
         let mut c0_path_iter = self.c0_path.iter();
         let c0_nodes = c0_path_iter.next().unwrap(); // shouldn't be empty
         let mut parent_on_c1 = c0_nodes.compute_parent(&params.c1_params)?;
@@ -100,6 +103,7 @@ where
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::circuit_tall::params::PiopParams;
     use crate::tests::random_path;
     use ark_std::test_rng;
 
@@ -108,8 +112,12 @@ mod tests {
         let rng = &mut test_rng();
 
         let domain_size = 2usize.pow(9);
-        let params =
-            CycleParams::<ark_pallas::Projective, ark_vesta::Projective>::setup(domain_size, rng);
+        let params = CycleParams::<
+            ark_pallas::Projective,
+            ark_vesta::Projective,
+            PiopParams<ark_vesta::Affine>,
+            PiopParams<ark_pallas::Affine>,
+        >::setup(domain_size, rng);
 
         let (leaf, path, root) = random_path(&params, 2, rng);
 

pasta-tree/src/circuit_fat/mod.rs

@@ -0,0 +1,72 @@
+use ark_ec::CurveGroup;
+use ark_ff::PrimeField;
+use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
+use ark_std::{vec, vec::Vec};
+use w3f_pcs::pcs::commitment::WrappedAffine;
+use w3f_plonk_common::{ColumnsCommited, ColumnsEvaluated};
+
+pub mod params;
+pub mod prover;
+pub mod verifier;
+
+#[derive(Clone, Debug, CanonicalSerialize, CanonicalDeserialize)]
+pub struct ProofComms<C: CurveGroup> {
+    pub(crate) node_idx: WrappedAffine<C>,
+    pub(crate) bf_bits: WrappedAffine<C>,
+    pub(crate) selected_node_acc: WrappedAffine<C>,
+    pub(crate) blinded_node_acc: [WrappedAffine<C>; 2],
+    pub(crate) node_idx_sum_acc: WrappedAffine<C>,
+}
+
+impl<C: CurveGroup> ColumnsCommited<C::ScalarField, WrappedAffine<C>> for ProofComms<C> {
+    fn to_vec(self) -> Vec<WrappedAffine<C>> {
+        self.into()
+    }
+}
+
+impl<C: CurveGroup> From<ProofComms<C>> for Vec<WrappedAffine<C>> {
+    fn from(value: ProofComms<C>) -> Self {
+        let [blinded_node_acc_x, blinded_node_acc_y] = value.blinded_node_acc;
+        vec![
+            value.node_idx,
+            value.bf_bits,
+            value.selected_node_acc,
+            blinded_node_acc_x,
+            blinded_node_acc_y,
+            value.node_idx_sum_acc,
+        ]
+    }
+}
+
+#[derive(Clone, Debug, CanonicalSerialize, CanonicalDeserialize)]
+pub struct ProofEvals<F: PrimeField> {
+    pub(crate) x_coords: F,
+    pub(crate) h_powers: [F; 2],
+    pub(crate) node_idx: F,
+    pub(crate) bf_bits: F,
+    pub(crate) selected_node_acc: F,
+    pub(crate) blinded_node_acc: [F; 2],
+    pub(crate) node_idx_sum_acc: F,
+}
+
+impl<F: PrimeField> From<ProofEvals<F>> for Vec<F> {
+    fn from(value: ProofEvals<F>) -> Self {
+        vec![
+            value.x_coords,
+            value.h_powers[0],
+            value.h_powers[1],
+            value.node_idx,
+            value.bf_bits,
+            value.selected_node_acc,
+            value.blinded_node_acc[0],
+            value.blinded_node_acc[1],
+            value.node_idx_sum_acc,
+        ]
+    }
+}
+
+impl<F: PrimeField> ColumnsEvaluated<F> for ProofEvals<F> {
+    fn to_vec(self) -> Vec<F> {
+        self.into()
+    }
+}