Chore/sync upstream (#51)

Sync upstream

---------

Co-authored-by: François Garillot <4142+huitseeker@users.noreply.github.com>
Co-authored-by: Srinath Setty <srinath@microsoft.com>

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "nova-snark"
-version = "0.22.0"
+version = "0.23.0"
 authors = ["Srinath Setty <srinath@microsoft.com>"]
 edition = "2021"
 description = "Recursive zkSNARKs without trusted setup"
@@ -28,7 +28,6 @@ num-traits = "0.2"
 num-integer = "0.1"
 serde = { version = "1.0", features = ["derive"] }
 bincode = "1.3"
-flate2 = "1.0"
 bitvec = "1.0"
 byteorder = "1.4.3"
 thiserror = "1.0" 
@@ -45,10 +44,12 @@ getrandom = { version = "0.2.0", default-features = false, features = ["js"] }
 [dev-dependencies]
 criterion = { version = "0.4", features = ["html_reports"] }
 rand = "0.8.4"
+flate2 = "1.0"
 hex = "0.4.3"
 pprof = { version = "0.11" }
 cfg-if = "1.0.0"
 sha2 = "0.10.7"
+proptest = "1.2.0"
 
 [[bench]]
 name = "recursive-snark"

benches/compressed-snark.rs

@@ -17,8 +17,12 @@ type G1 = pasta_curves::pallas::Point;
 type G2 = pasta_curves::vesta::Point;
 type EE1 = nova_snark::provider::ipa_pc::EvaluationEngine<G1>;
 type EE2 = nova_snark::provider::ipa_pc::EvaluationEngine<G2>;
+// SNARKs without computational commitments
 type S1 = nova_snark::spartan::snark::RelaxedR1CSSNARK<G1, EE1>;
 type S2 = nova_snark::spartan::snark::RelaxedR1CSSNARK<G2, EE2>;
+// SNARKs with computational commitments
+type SS1 = nova_snark::spartan::ppsnark::RelaxedR1CSSNARK<G1, EE1>;
+type SS2 = nova_snark::spartan::ppsnark::RelaxedR1CSSNARK<G2, EE2>;
 type C1 = NonTrivialTestCircuit<<G1 as Group>::Scalar>;
 type C2 = TrivialTestCircuit<<G2 as Group>::Scalar>;
 
@@ -31,13 +35,13 @@ cfg_if::cfg_if! {
     criterion_group! {
       name = compressed_snark;
       config = Criterion::default().warm_up_time(Duration::from_millis(3000)).with_profiler(pprof::criterion::PProfProfiler::new(100, pprof::criterion::Output::Flamegraph(None)));
-      targets = bench_compressed_snark
+      targets = bench_compressed_snark, bench_compressed_snark_with_computational_commitments
     }
   } else {
     criterion_group! {
       name = compressed_snark;
       config = Criterion::default().warm_up_time(Duration::from_millis(3000));
-      targets = bench_compressed_snark
+      targets = bench_compressed_snark, bench_compressed_snark_with_computational_commitments
     }
   }
 }
@@ -61,7 +65,7 @@ fn bench_compressed_snark(c: &mut Criterion) {
     let c_secondary = TrivialTestCircuit::default();
 
     // Produce public parameters
-    let pp = PublicParams::<G1, G2, C1, C2>::setup(c_primary.clone(), c_secondary.clone());
+    let pp = PublicParams::<G1, G2, C1, C2>::setup(&c_primary, &c_secondary);
 
     // Produce prover and verifier keys for CompressedSNARK
     let (pk, vk) = CompressedSNARK::<_, _, _, _, S1, S2>::setup(&pp).unwrap();
@@ -129,6 +133,93 @@ fn bench_compressed_snark(c: &mut Criterion) {
   }
 }
 
+fn bench_compressed_snark_with_computational_commitments(c: &mut Criterion) {
+  let num_samples = 10;
+  let num_cons_verifier_circuit_primary = 9819;
+  // we vary the number of constraints in the step circuit
+  for &num_cons_in_augmented_circuit in [9819, 16384, 32768, 65536, 131072, 262144].iter() {
+    // number of constraints in the step circuit
+    let num_cons = num_cons_in_augmented_circuit - num_cons_verifier_circuit_primary;
+
+    let mut group = c.benchmark_group(format!(
+      "CompressedSNARK-Commitments-StepCircuitSize-{num_cons}"
+    ));
+    group
+      .sampling_mode(SamplingMode::Flat)
+      .sample_size(num_samples);
+
+    let c_primary = NonTrivialTestCircuit::new(num_cons);
+    let c_secondary = TrivialTestCircuit::default();
+
+    // Produce public parameters
+    let pp = PublicParams::<G1, G2, C1, C2>::setup(&c_primary, &c_secondary);
+
+    // Produce prover and verifier keys for CompressedSNARK
+    let (pk, vk) = CompressedSNARK::<_, _, _, _, SS1, SS2>::setup(&pp).unwrap();
+
+    // produce a recursive SNARK
+    let num_steps = 3;
+    let mut recursive_snark: RecursiveSNARK<G1, G2, C1, C2> = RecursiveSNARK::new(
+      &pp,
+      &c_primary,
+      &c_secondary,
+      vec![<G1 as Group>::Scalar::from(2u64)],
+      vec![<G2 as Group>::Scalar::from(2u64)],
+    );
+
+    for i in 0..num_steps {
+      let res = recursive_snark.prove_step(
+        &pp,
+        &c_primary,
+        &c_secondary,
+        vec![<G1 as Group>::Scalar::from(2u64)],
+        vec![<G2 as Group>::Scalar::from(2u64)],
+      );
+      assert!(res.is_ok());
+
+      // verify the recursive snark at each step of recursion
+      let res = recursive_snark.verify(
+        &pp,
+        i + 1,
+        &[<G1 as Group>::Scalar::from(2u64)],
+        &[<G2 as Group>::Scalar::from(2u64)],
+      );
+      assert!(res.is_ok());
+    }
+
+    // Bench time to produce a compressed SNARK
+    group.bench_function("Prove", |b| {
+      b.iter(|| {
+        assert!(CompressedSNARK::<_, _, _, _, SS1, SS2>::prove(
+          black_box(&pp),
+          black_box(&pk),
+          black_box(&recursive_snark)
+        )
+        .is_ok());
+      })
+    });
+    let res = CompressedSNARK::<_, _, _, _, SS1, SS2>::prove(&pp, &pk, &recursive_snark);
+    assert!(res.is_ok());
+    let compressed_snark = res.unwrap();
+
+    // Benchmark the verification time
+    group.bench_function("Verify", |b| {
+      b.iter(|| {
+        assert!(black_box(&compressed_snark)
+          .verify(
+            black_box(&vk),
+            black_box(num_steps),
+            black_box(vec![<G1 as Group>::Scalar::from(2u64)]),
+            black_box(vec![<G2 as Group>::Scalar::from(2u64)]),
+          )
+          .is_ok());
+      })
+    });
+
+    group.finish();
+  }
+}
+
 #[derive(Clone, Debug, Default)]
 struct NonTrivialTestCircuit<F: PrimeField> {
   num_cons: usize,

benches/compute-digest.rs

@@ -27,7 +27,7 @@ criterion_main!(compute_digest);
 fn bench_compute_digest(c: &mut Criterion) {
   c.bench_function("compute_digest", |b| {
     b.iter(|| {
-      PublicParams::<G1, G2, C1, C2>::setup(black_box(C1::new(10)), black_box(C2::default()))
+      PublicParams::<G1, G2, C1, C2>::setup(black_box(&C1::new(10)), black_box(&C2::default()))
     })
   });
 }

benches/recursive-snark.rs

@@ -56,7 +56,7 @@ fn bench_recursive_snark(c: &mut Criterion) {
     let c_secondary = TrivialTestCircuit::default();
 
     // Produce public parameters
-    let pp = PublicParams::<G1, G2, C1, C2>::setup(c_primary.clone(), c_secondary.clone());
+    let pp = PublicParams::<G1, G2, C1, C2>::setup(&c_primary, &c_secondary);
 
     // Bench time to produce a recursive SNARK;
     // we execute a certain number of warm-up steps since executing

benches/sha256.rs

@@ -200,8 +200,8 @@ fn bench_recursive_snark(c: &mut Criterion) {
     group.sample_size(10);
 
     // Produce public parameters
-    let pp =
-      PublicParams::<G1, G2, C1, C2>::setup(circuit_primary.clone(), TrivialTestCircuit::default());
+    let ttc = TrivialTestCircuit::default();
+    let pp = PublicParams::<G1, G2, C1, C2>::setup(&circuit_primary, &ttc);
 
     let circuit_secondary = TrivialTestCircuit::default();
     let z0_primary = vec![<G1 as Group>::Scalar::from(2u64)];

examples/minroot.rs

@@ -172,7 +172,7 @@ fn main() {
       G2,
       MinRootCircuit<<G1 as Group>::Scalar>,
       TrivialTestCircuit<<G2 as Group>::Scalar>,
-    >::setup(circuit_primary.clone(), circuit_secondary.clone());
+    >::setup(&circuit_primary, &circuit_secondary);
     println!("PublicParams::setup, took {:?} ", start.elapsed());
 
     println!(

src/bellperson/r1cs.rs

@@ -28,10 +28,7 @@ pub trait NovaShape<G: Group> {
   fn r1cs_shape(&self) -> (R1CSShape<G>, CommitmentKey<G>);
 }
 
-impl<G: Group> NovaWitness<G> for SatisfyingAssignment<G>
-where
-  G::Scalar: PrimeField,
-{
+impl<G: Group> NovaWitness<G> for SatisfyingAssignment<G> {
   fn r1cs_instance_and_witness(
     &self,
     shape: &R1CSShape<G>,
@@ -48,10 +45,7 @@ where
   }
 }
 
-impl<G: Group> NovaShape<G> for ShapeCS<G>
-where
-  G::Scalar: PrimeField,
-{
+impl<G: Group> NovaShape<G> for ShapeCS<G> {
   fn r1cs_shape(&self) -> (R1CSShape<G>, CommitmentKey<G>) {
     let mut A: Vec<(usize, usize, G::Scalar)> = Vec::new();
     let mut B: Vec<(usize, usize, G::Scalar)> = Vec::new();

src/bellperson/shape_cs.rs

@@ -48,10 +48,7 @@ impl Ord for OrderedVariable {
 
 #[allow(clippy::upper_case_acronyms)]
 /// `ShapeCS` is a `ConstraintSystem` for creating `R1CSShape`s for a circuit.
-pub struct ShapeCS<G: Group>
-where
-  G::Scalar: PrimeField + Field,
-{
+pub struct ShapeCS<G: Group> {
   named_objects: HashMap<String, NamedObject>,
   current_namespace: Vec<String>,
   #[allow(clippy::type_complexity)]
@@ -92,10 +89,7 @@ fn proc_lc<Scalar: PrimeField>(
   map
 }
 
-impl<G: Group> ShapeCS<G>
-where
-  G::Scalar: PrimeField,
-{
+impl<G: Group> ShapeCS<G> {
   /// Create a new, default `ShapeCS`,
   pub fn new() -> Self {
     ShapeCS::default()
@@ -216,10 +210,7 @@ where
   }
 }
 
-impl<G: Group> Default for ShapeCS<G>
-where
-  G::Scalar: PrimeField,
-{
+impl<G: Group> Default for ShapeCS<G> {
   fn default() -> Self {
     let mut map = HashMap::new();
     map.insert("ONE".into(), NamedObject::Var(ShapeCS::<G>::one()));
@@ -233,10 +224,7 @@ where
   }
 }
 
-impl<G: Group> ConstraintSystem<G::Scalar> for ShapeCS<G>
-where
-  G::Scalar: PrimeField,
-{
+impl<G: Group> ConstraintSystem<G::Scalar> for ShapeCS<G> {
   type Root = Self;
 
   fn alloc<F, A, AR>(&mut self, annotation: A, _f: F) -> Result<Variable, SynthesisError>

src/bellperson/solver.rs

@@ -1,18 +1,15 @@
 //! Support for generating R1CS witness using bellperson.
 
 use crate::traits::Group;
-use ff::{Field, PrimeField};
+use ff::Field;
 
 use bellperson::{
   multiexp::DensityTracker, ConstraintSystem, Index, LinearCombination, SynthesisError, Variable,
 };
 
 /// A `ConstraintSystem` which calculates witness values for a concrete instance of an R1CS circuit.
 #[derive(PartialEq)]
-pub struct SatisfyingAssignment<G: Group>
-where
-  G::Scalar: PrimeField,
-{
+pub struct SatisfyingAssignment<G: Group> {
   // Density of queries
   a_aux_density: DensityTracker,
   b_input_density: DensityTracker,
@@ -29,10 +26,7 @@ where
 }
 use std::fmt;
 
-impl<G: Group> fmt::Debug for SatisfyingAssignment<G>
-where
-  G::Scalar: PrimeField,
-{
+impl<G: Group> fmt::Debug for SatisfyingAssignment<G> {
   fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
     fmt
       .debug_struct("SatisfyingAssignment")
@@ -69,10 +63,7 @@ where
   }
 }
 
-impl<G: Group> ConstraintSystem<G::Scalar> for SatisfyingAssignment<G>
-where
-  G::Scalar: PrimeField,
-{
+impl<G: Group> ConstraintSystem<G::Scalar> for SatisfyingAssignment<G> {
   type Root = Self;
 
   fn new() -> Self {

src/ccs/cccs.rs

@@ -18,7 +18,6 @@ use crate::{
 use bitvec::vec;
 use core::{cmp::max, marker::PhantomData};
 use ff::{Field, PrimeField};
-use flate2::{write::ZlibEncoder, Compression};
 use itertools::concat;
 use rayon::prelude::*;
 use serde::{Deserialize, Serialize};

src/ccs/lcccs.rs

@@ -21,7 +21,6 @@ use crate::{
 use bitvec::vec;
 use core::{cmp::max, marker::PhantomData};
 use ff::{Field, PrimeField};
-use flate2::{write::ZlibEncoder, Compression};
 use itertools::concat;
 use rand_core::RngCore;
 use rayon::prelude::*;

src/ccs/mod.rs

@@ -24,7 +24,6 @@ use crate::{
 use bitvec::vec;
 use core::{cmp::max, marker::PhantomData};
 use ff::Field;
-use flate2::{write::ZlibEncoder, Compression};
 use itertools::concat;
 use rand_core::RngCore;
 use rayon::prelude::*;

src/ccs/multifolding.rs

@@ -24,7 +24,6 @@ use crate::{
 use bitvec::vec;
 use core::{cmp::max, marker::PhantomData};
 use ff::{Field, PrimeField};
-use flate2::{write::ZlibEncoder, Compression};
 use itertools::concat;
 use rand_core::RngCore;
 use rayon::prelude::*;

src/ccs/util/mod.rs

@@ -18,7 +18,6 @@ use crate::{
 use bitvec::vec;
 use core::{cmp::max, marker::PhantomData};
 use ff::{Field, PrimeField};
-use flate2::{write::ZlibEncoder, Compression};
 use itertools::concat;
 use rayon::prelude::*;
 use serde::{Deserialize, Serialize};

src/ccs/util/virtual_poly.rs

@@ -18,7 +18,6 @@ use crate::{
 use bitvec::vec;
 use core::{cmp::max, marker::PhantomData};
 use ff::{Field, PrimeField};
-use flate2::{write::ZlibEncoder, Compression};
 use itertools::concat;
 use rand::Rng;
 use rand_core::RngCore;