Skip to content

Commit

Permalink
Apply PR review suggestions
Browse files Browse the repository at this point in the history
  • Loading branch information
arnaucube committed Dec 13, 2023
1 parent c446c3f commit fd47295
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 66 deletions.
16 changes: 2 additions & 14 deletions src/folding/nova/circuits.rs
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,6 @@ where
let z_i1 = self.F.generate_step_constraints(cs.clone(), z_i.clone())?;

let zero = FpVar::<CF1<C1>>::new_constant(cs.clone(), CF1::<C1>::zero())?;
let is_basecase = i.is_zero()?;
let is_not_basecase = i.is_neq(&zero)?;

// 1. u_i.x == H(i, z_0, z_i, U_i)
Expand Down Expand Up @@ -406,26 +405,15 @@ where
let nifs_check = NIFSGadget::<C1>::verify(r, u_i.clone(), U_i.clone(), U_i1.clone())?;
nifs_check.conditional_enforce_equal(&Boolean::TRUE, &is_not_basecase)?;

// 4. (base case) u_{i+1}.X == H(1, z_0, F(z_0)=F(z_i)=z_{i+1}, U_1=U_{i+1})
let u_i1_x_basecase = U_i1.clone().hash(
&crh_params,
FpVar::<CF1<C1>>::one(),
z_0.clone(),
z_i1.clone(),
)?;

// 4. (non-base case). u_{i+1}.x = H(i+1, z_0, z_i+1, U_{i+1}), this is the output of F'
// 4. u_{i+1}.x = H(i+1, z_0, z_i+1, U_{i+1}), this is the output of F'
let u_i1_x = U_i1.clone().hash(
&crh_params,
i + FpVar::<CF1<C1>>::one(),
z_0.clone(),
z_i1.clone(),
)?;

// if i==0: check x==u_{i+1}.x_basecase
u_i1_x_basecase.conditional_enforce_equal(&x, &is_basecase)?;
// else: check x==u_{i+1}.x
u_i1_x.conditional_enforce_equal(&x, &is_not_basecase)?;
u_i1_x.enforce_equal(&x)?;

// CycleFold part
let cf_u_dummy_native = CommittedInstance::<C2>::dummy(CF_IO_LEN);
Expand Down
77 changes: 25 additions & 52 deletions src/folding/nova/ivc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -127,40 +127,39 @@ where

/// Implements IVC.P
pub fn prove_step(&mut self) -> Result<(), Error> {
let u_i1_x: C1::ScalarField;

let augmented_F_circuit: AugmentedFCircuit<C1, C2, GC2, FC>;
let cf_circuit: CycleFoldCircuit<C1, GC1>;

let z_i1 = self.F.step_native(self.z_i.clone());

let (W_i1, U_i1): (Witness<C1>, CommittedInstance<C1>);

if self.i == C1::ScalarField::zero() {
let (T, cmT) = self.compute_cmT()?;

let r_bits = ChallengeGadget::<C1>::get_challenge_native(
&self.poseidon_config,
self.u_i.clone(),
self.U_i.clone(),
cmT,
)?;
let r_Fr = C1::ScalarField::from_bigint(BigInteger::from_bits_le(&r_bits))
.ok_or(Error::OutOfBounds)?;

// fold dummy (initial) instances, compute W_{i+1} and U_{i+1}
(W_i1, U_i1) = NIFS::<C1>::fold_instances(
r_Fr, &self.w_i, &self.u_i, &self.W_i, &self.U_i, &T, cmT,
)?;

// u_i+1.x = H(1, z_0, z_i+1, U_1=U_i+1)
u_i1_x = U_i1.hash(
&self.poseidon_config,
C1::ScalarField::one(),
self.z_0.clone(),
z_i1.clone(),
)?;
// compute T and cmT for AugmentedFCircuit
let (T, cmT) = self.compute_cmT()?;

let r_bits = ChallengeGadget::<C1>::get_challenge_native(
&self.poseidon_config,
self.u_i.clone(),
self.U_i.clone(),
cmT,
)?;
let r_Fr = C1::ScalarField::from_bigint(BigInteger::from_bits_le(&r_bits))
.ok_or(Error::OutOfBounds)?;

// fold Nova instances
(W_i1, U_i1) =
NIFS::<C1>::fold_instances(r_Fr, &self.w_i, &self.u_i, &self.W_i, &self.U_i, &T, cmT)?;

// folded instance output (public input, x)
// u_{i+1}.x = H(i+1, z_0, z_{i+1}, U_{i+1})
let u_i1_x = U_i1.hash(
&self.poseidon_config,
self.i + C1::ScalarField::one(),
self.z_0.clone(),
z_i1.clone(),
)?;

if self.i == C1::ScalarField::zero() {
// base case
augmented_F_circuit = AugmentedFCircuit::<C1, C2, GC2, FC> {
_gc2: PhantomData,
Expand All @@ -183,32 +182,6 @@ where
#[cfg(test)]
NIFS::verify_folded_instance(r_Fr, &self.u_i, &self.U_i, &U_i1, &cmT)?;
} else {
// compute T and cmT for AugmentedFCircuit
let (T, cmT) = self.compute_cmT()?;

let r_bits = ChallengeGadget::<C1>::get_challenge_native(
&self.poseidon_config,
self.u_i.clone(),
self.U_i.clone(),
cmT,
)?;
let r_Fr = C1::ScalarField::from_bigint(BigInteger::from_bits_le(&r_bits))
.ok_or(Error::OutOfBounds)?;

// fold Nova instances
(W_i1, U_i1) = NIFS::<C1>::fold_instances(
r_Fr, &self.w_i, &self.u_i, &self.W_i, &self.U_i, &T, cmT,
)?;

// folded instance output (public input, x)
// u_{i+1}.x = H(i+1, z_0, z_{i+1}, U_{i+1})
u_i1_x = U_i1.hash(
&self.poseidon_config,
self.i + C1::ScalarField::one(),
self.z_0.clone(),
z_i1.clone(),
)?;

// CycleFold part:
// get the vector used as public inputs 'x' in the CycleFold circuit
let cf_u_i_x = [
Expand Down

0 comments on commit fd47295

Please sign in to comment.