Move generic circuit gadgets into bellman

2025-02-12 01:55:48 +00:00 · 2019-08-06 01:13:35 +01:00 · 2019-08-06 01:13:35 +01:00 · b8af749b40
commit b8af749b40
parent 61c633db1e
25 changed files with 86 additions and 65 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -57,16 +57,20 @@ name = "bellman"
 version = "0.1.0"
 dependencies = [
 "bit-vec 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "blake2s_simd 0.5.5 (registry+https://github.com/rust-lang/crates.io-index)",
 "byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "crossbeam 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "ff 0.4.0",
 "futures 0.1.28 (registry+https://github.com/rust-lang/crates.io-index)",
 "futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
 "group 0.1.0",
+ "hex-literal 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)",
 "num_cpus 1.10.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "pairing 0.14.2",
 "rand 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "rand_core 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rand_xorshift 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]

 [[package]]
--- a/bellman/Cargo.toml
+++ b/bellman/Cargo.toml
@ -10,6 +10,7 @@ version = "0.1.0"

 [dependencies]
 bit-vec = "0.4.4"
+blake2s_simd = "0.5"
 ff = { path = "../ff" }
 futures = "0.1"
 futures-cpupool = { version = "0.1", optional = true }
@ -21,7 +22,10 @@ rand_core = "0.5"
 byteorder = "1"

 [dev-dependencies]
+hex-literal = "0.1"
 rand = "0.7"
+rand_xorshift = "0.2"
+sha2 = "0.8"

 [features]
 groth16 = ["pairing"]
--- a/sapling-crypto/src/circuit/mod.rs
+++ b/sapling-crypto/src/circuit/mod.rs
@ -9,7 +9,7 @@ pub mod lookup;
 pub mod multipack;
 pub mod sha256;

-use bellman::{
+use crate::{
    SynthesisError
 };

--- a/sapling-crypto/src/circuit/blake2s.rs
+++ b/sapling-crypto/src/circuit/blake2s.rs
@ -2,7 +2,7 @@ use pairing::{
    Engine,
 };

-use bellman::{
+use crate::{
    SynthesisError,
    ConstraintSystem
 };
@ -325,10 +325,10 @@ mod test {
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;

-    use ::circuit::boolean::{Boolean, AllocatedBit};
-    use ::circuit::test::TestConstraintSystem;
+    use crate::gadgets::boolean::{Boolean, AllocatedBit};
+    use crate::gadgets::test::TestConstraintSystem;
    use super::blake2s;
-    use bellman::{ConstraintSystem};
+    use crate::{ConstraintSystem};

    #[test]
    fn test_blank_hash() {
--- a/sapling-crypto/src/circuit/boolean.rs
+++ b/sapling-crypto/src/circuit/boolean.rs
@ -1,7 +1,7 @@
 use ff::{BitIterator, Field, PrimeField};
 use pairing::Engine;

-use bellman::{
+use crate::{
    ConstraintSystem,
    SynthesisError,
    LinearCombination,
@ -801,10 +801,10 @@ impl From<AllocatedBit> for Boolean {

 #[cfg(test)]
 mod test {
-    use bellman::{ConstraintSystem};
+    use crate::{ConstraintSystem};
    use ff::{Field, PrimeField};
    use pairing::bls12_381::{Bls12, Fr};
-    use ::circuit::test::*;
+    use crate::gadgets::test::*;
    use super::{
        AllocatedBit,
        Boolean,
--- a/sapling-crypto/src/circuit/lookup.rs
+++ b/sapling-crypto/src/circuit/lookup.rs
@ -7,7 +7,7 @@ use super::num::{
    Num
 };
 use super::boolean::Boolean;
-use bellman::{
+use crate::{
    ConstraintSystem
 };

@ -197,8 +197,8 @@ pub fn lookup3_xy_with_conditional_negation<E: Engine, CS>(
 #[cfg(test)]
 mod test {
    use super::*;
-    use ::circuit::test::*;
-    use ::circuit::boolean::{Boolean, AllocatedBit};
+    use crate::gadgets::test::*;
+    use crate::gadgets::boolean::{Boolean, AllocatedBit};
    use pairing::bls12_381::{Bls12, Fr};
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;
--- a/sapling-crypto/src/circuit/multieq.rs
+++ b/sapling-crypto/src/circuit/multieq.rs
@ -1,7 +1,7 @@
 use ff::{Field, PrimeField};
 use pairing::Engine;

-use bellman::{
+use crate::{
    SynthesisError,
    ConstraintSystem,
    LinearCombination,
--- a/sapling-crypto/src/circuit/multipack.rs
+++ b/sapling-crypto/src/circuit/multipack.rs
@ -1,6 +1,6 @@
 use ff::{Field, PrimeField};
 use pairing::Engine;
-use bellman::{ConstraintSystem, SynthesisError};
+use crate::{ConstraintSystem, SynthesisError};
 use super::boolean::{Boolean};
 use super::num::Num;
 use super::Assignment;
@ -80,12 +80,12 @@ pub fn compute_multipacking<E: Engine>(

 #[test]
 fn test_multipacking() {
-    use bellman::{ConstraintSystem};
+    use crate::{ConstraintSystem};
    use pairing::bls12_381::{Bls12};
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;

-    use ::circuit::test::*;
+    use crate::gadgets::test::*;
    use super::boolean::{AllocatedBit, Boolean};

    let mut rng = XorShiftRng::from_seed([
--- a/sapling-crypto/src/circuit/num.rs
+++ b/sapling-crypto/src/circuit/num.rs
@ -1,7 +1,7 @@
 use ff::{BitIterator, Field, PrimeField, PrimeFieldRepr};
 use pairing::Engine;

-use bellman::{
+use crate::{
    SynthesisError,
    ConstraintSystem,
    LinearCombination,
@ -455,13 +455,13 @@ impl<E: Engine> Num<E> {

 #[cfg(test)]
 mod test {
-    use bellman::{ConstraintSystem};
+    use crate::{ConstraintSystem};
    use ff::{BitIterator, Field, PrimeField};
    use pairing::bls12_381::{Bls12, Fr};
    use rand_core::SeedableRng;
    use rand_xorshift::XorShiftRng;

-    use ::circuit::test::*;
+    use crate::gadgets::test::*;
    use super::{AllocatedNum, Boolean};

    #[test]
--- a/sapling-crypto/src/circuit/sha256.rs
+++ b/sapling-crypto/src/circuit/sha256.rs
@ -1,7 +1,7 @@
 use super::uint32::UInt32;
 use super::multieq::MultiEq;
 use super::boolean::Boolean;
-use bellman::{ConstraintSystem, SynthesisError};
+use crate::{ConstraintSystem, SynthesisError};
 use pairing::Engine;

 const ROUND_CONSTANTS: [u32; 64] = [
@ -305,9 +305,9 @@ fn sha256_compression_function<E, CS>(
 #[cfg(test)]
 mod test {
    use super::*;
-    use circuit::boolean::AllocatedBit;
+    use crate::gadgets::boolean::AllocatedBit;
    use pairing::bls12_381::Bls12;
-    use circuit::test::TestConstraintSystem;
+    use crate::gadgets::test::TestConstraintSystem;
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;

--- a/sapling-crypto/src/circuit/test/mod.rs
+++ b/sapling-crypto/src/circuit/test/mod.rs
@ -1,7 +1,7 @@
 use ff::{Field, PrimeField, PrimeFieldRepr};
 use pairing::Engine;

-use bellman::{
+use crate::{
    LinearCombination,
    SynthesisError,
    ConstraintSystem,
--- a/sapling-crypto/src/circuit/uint32.rs
+++ b/sapling-crypto/src/circuit/uint32.rs
@ -1,7 +1,7 @@
 use ff::{Field, PrimeField};
 use pairing::Engine;

-use bellman::{
+use crate::{
    SynthesisError,
    ConstraintSystem,
    LinearCombination
@ -409,13 +409,13 @@ impl UInt32 {

 #[cfg(test)]
 mod test {
-    use ::circuit::boolean::{Boolean};
+    use crate::gadgets::boolean::{Boolean};
    use super::{UInt32};
    use ff::Field;
    use pairing::bls12_381::{Bls12};
-    use ::circuit::test::*;
-    use bellman::{ConstraintSystem};
-    use circuit::multieq::MultiEq;
+    use crate::gadgets::test::*;
+    use crate::{ConstraintSystem};
+    use crate::gadgets::multieq::MultiEq;
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;

--- a/bellman/src/lib.rs
+++ b/bellman/src/lib.rs
@ -6,6 +6,7 @@ extern crate rand_core;

 extern crate futures;
 extern crate bit_vec;
+extern crate blake2s_simd;
 extern crate byteorder;

 #[cfg(feature = "multicore")]
@ -15,9 +16,20 @@ extern crate futures_cpupool;
 #[cfg(feature = "multicore")]
 extern crate num_cpus;

+#[cfg(test)]
+#[macro_use]
+extern crate hex_literal;
+
 #[cfg(test)]
 extern crate rand;

+#[cfg(test)]
+extern crate rand_xorshift;
+
+#[cfg(test)]
+extern crate sha2;
+
+pub mod gadgets;
 pub mod multicore;
 mod multiexp;
 pub mod domain;
--- a/librustzcash/src/rustzcash.rs
+++ b/librustzcash/src/rustzcash.rs
@ -17,7 +17,6 @@ use ff::{PrimeField, PrimeFieldRepr};
 use pairing::bls12_381::{Bls12, Fr, FrRepr};

 use sapling_crypto::{
-    circuit::multipack,
    constants::CRH_IVK_PERSONALIZATION,
    jubjub::{
        edwards,
@ -29,6 +28,7 @@ use sapling_crypto::{
 use zcash_proofs::circuit::sapling::TREE_DEPTH as SAPLING_TREE_DEPTH;
 use zcash_proofs::circuit::sprout::{self, TREE_DEPTH as SPROUT_TREE_DEPTH};

+use bellman::gadgets::multipack;
 use bellman::groth16::{
    create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof,
 };
--- a/sapling-crypto/src/lib.rs
+++ b/sapling-crypto/src/lib.rs
@ -19,7 +19,6 @@ extern crate sha2;

 pub mod jubjub;
 pub mod group_hash;
-pub mod circuit;
 pub mod pedersen_hash;
 pub mod primitives;
 pub mod constants;
--- a/zcash_proofs/src/circuit/ecc.rs
+++ b/zcash_proofs/src/circuit/ecc.rs
@ -6,11 +6,11 @@ use bellman::{
    ConstraintSystem
 };

-use sapling_crypto::circuit::{
+use bellman::gadgets::{
    Assignment
 };

-use sapling_crypto::circuit::num::{
+use bellman::gadgets::num::{
    AllocatedNum,
    Num
 };
@ -22,11 +22,11 @@ use sapling_crypto::jubjub::{
    FixedGenerators
 };

-use sapling_crypto::circuit::lookup::{
+use bellman::gadgets::lookup::{
    lookup3_xy
 };

-use sapling_crypto::circuit::boolean::Boolean;
+use bellman::gadgets::boolean::Boolean;

 #[derive(Clone)]
 pub struct EdwardsPoint<E: Engine> {
@ -753,7 +753,7 @@ mod test {
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;

-    use sapling_crypto::circuit::test::*;
+    use bellman::gadgets::test::*;
    use sapling_crypto::jubjub::{
        montgomery,
        edwards,
@ -769,7 +769,7 @@ mod test {
        AllocatedNum,
        fixed_base_multiplication
    };
-    use sapling_crypto::circuit::boolean::{
+    use bellman::gadgets::boolean::{
        Boolean,
        AllocatedBit
    };
--- a/zcash_proofs/src/circuit/pedersen_hash.rs
+++ b/zcash_proofs/src/circuit/pedersen_hash.rs
@ -2,12 +2,12 @@ use super::ecc::{
    MontgomeryPoint,
    EdwardsPoint
 };
-use sapling_crypto::circuit::boolean::Boolean;
+use bellman::gadgets::boolean::Boolean;
 use sapling_crypto::jubjub::*;
 use bellman::{
    ConstraintSystem, SynthesisError
 };
-use sapling_crypto::circuit::lookup::*;
+use bellman::gadgets::lookup::*;
 pub use sapling_crypto::pedersen_hash::Personalization;

 fn get_constant_bools(person: &Personalization) -> Vec<Boolean> {
@ -110,8 +110,8 @@ pub fn pedersen_hash<E: JubjubEngine, CS>(
 #[cfg(test)]
 mod test {
    use super::*;
-    use sapling_crypto::circuit::test::*;
-    use sapling_crypto::circuit::boolean::{Boolean, AllocatedBit};
+    use bellman::gadgets::test::*;
+    use bellman::gadgets::boolean::{Boolean, AllocatedBit};
    use sapling_crypto::pedersen_hash;
    use ff::PrimeField;
    use pairing::bls12_381::{Bls12, Fr};
--- a/zcash_proofs/src/circuit/sapling.rs
+++ b/zcash_proofs/src/circuit/sapling.rs
@ -19,13 +19,13 @@ use sapling_crypto::primitives::{
    PaymentAddress
 };

-use sapling_crypto::circuit::Assignment;
-use sapling_crypto::circuit::boolean;
+use bellman::gadgets::Assignment;
+use bellman::gadgets::boolean;
 use super::ecc;
 use super::pedersen_hash;
-use sapling_crypto::circuit::blake2s;
-use sapling_crypto::circuit::num;
-use sapling_crypto::circuit::multipack;
+use bellman::gadgets::blake2s;
+use bellman::gadgets::num;
+use bellman::gadgets::multipack;

 pub const TREE_DEPTH: usize = zcash_primitives::sapling::SAPLING_COMMITMENT_TREE_DEPTH;

@ -598,12 +598,12 @@ impl<'a, E: JubjubEngine> Circuit<E> for Output<'a, E> {

 #[test]
 fn test_input_circuit_with_bls12_381() {
+    use bellman::gadgets::test::*;
    use ff::{BitIterator, Field};
    use pairing::bls12_381::*;
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;
    use sapling_crypto::{
-        circuit::test::*,
        jubjub::{JubjubBls12, fs, edwards},
        pedersen_hash,
        primitives::{Diversifier, Note, ProofGenerationKey},
@ -742,12 +742,12 @@ fn test_input_circuit_with_bls12_381() {

 #[test]
 fn test_output_circuit_with_bls12_381() {
+    use bellman::gadgets::test::*;
    use ff::Field;
    use pairing::bls12_381::*;
    use rand_core::{RngCore, SeedableRng};
    use rand_xorshift::XorShiftRng;
    use sapling_crypto::{
-        circuit::test::*,
        jubjub::{JubjubBls12, fs, edwards},
        primitives::{Diversifier, ProofGenerationKey},
    };
--- a/zcash_proofs/src/circuit/sprout/commitment.rs
+++ b/zcash_proofs/src/circuit/sprout/commitment.rs
@ -1,9 +1,9 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use sapling_crypto::circuit::sha256::{
+use bellman::gadgets::sha256::{
    sha256
 };
-use sapling_crypto::circuit::boolean::{
+use bellman::gadgets::boolean::{
    Boolean
 };

--- a/zcash_proofs/src/circuit/sprout/input.rs
+++ b/zcash_proofs/src/circuit/sprout/input.rs
@ -1,9 +1,9 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use sapling_crypto::circuit::sha256::{
+use bellman::gadgets::sha256::{
    sha256_block_no_padding
 };
-use sapling_crypto::circuit::boolean::{
+use bellman::gadgets::boolean::{
    AllocatedBit,
    Boolean
 };
--- a/zcash_proofs/src/circuit/sprout/mod.rs
+++ b/zcash_proofs/src/circuit/sprout/mod.rs
@ -1,11 +1,11 @@
 use ff::Field;
 use pairing::Engine;
 use bellman::{ConstraintSystem, SynthesisError, Circuit, LinearCombination};
-use sapling_crypto::circuit::boolean::{
+use bellman::gadgets::boolean::{
    AllocatedBit,
    Boolean
 };
-use sapling_crypto::circuit::multipack::pack_into_inputs;
+use bellman::gadgets::multipack::pack_into_inputs;

 mod prfs;
 mod commitment;
@ -355,7 +355,7 @@ fn witness_u252<E, CS>(
 #[test]
 fn test_sprout_constraints() {
    use pairing::bls12_381::{Bls12};
-    use sapling_crypto::circuit::test::*;
+    use bellman::gadgets::test::*;

    use byteorder::{WriteBytesExt, ReadBytesExt, LittleEndian};

@ -479,7 +479,7 @@ fn test_sprout_constraints() {
        expected_inputs.write_u64::<LittleEndian>(vpub_old.unwrap()).unwrap();
        expected_inputs.write_u64::<LittleEndian>(vpub_new.unwrap()).unwrap();

-        use sapling_crypto::circuit::multipack;
+        use bellman::gadgets::multipack;

        let expected_inputs = multipack::bytes_to_bits(&expected_inputs);
        let expected_inputs = multipack::compute_multipacking::<Bls12>(&expected_inputs);
--- a/zcash_proofs/src/circuit/sprout/output.rs
+++ b/zcash_proofs/src/circuit/sprout/output.rs
@ -1,6 +1,6 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use sapling_crypto::circuit::boolean::{Boolean};
+use bellman::gadgets::boolean::{Boolean};

 use super::*;
 use super::prfs::*;
--- a/zcash_proofs/src/circuit/sprout/prfs.rs
+++ b/zcash_proofs/src/circuit/sprout/prfs.rs
@ -1,9 +1,9 @@
 use pairing::{Engine};
 use bellman::{ConstraintSystem, SynthesisError};
-use sapling_crypto::circuit::sha256::{
+use bellman::gadgets::sha256::{
    sha256_block_no_padding
 };
-use sapling_crypto::circuit::boolean::{
+use bellman::gadgets::boolean::{
    Boolean
 };

--- a/zcash_proofs/src/sapling/prover.rs
+++ b/zcash_proofs/src/sapling/prover.rs
@ -1,11 +1,13 @@
-use bellman::groth16::{
-    create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof,
+use bellman::{
+    gadgets::multipack,
+    groth16::{
+        create_random_proof, verify_proof, Parameters, PreparedVerifyingKey, Proof,
+    },
 };
 use ff::Field;
 use pairing::bls12_381::{Bls12, Fr};
 use rand_os::OsRng;
 use sapling_crypto::{
-    circuit::multipack,
    jubjub::{edwards, fs::Fs, FixedGenerators, JubjubBls12, Unknown},
    primitives::{Diversifier, Note, PaymentAddress, ProofGenerationKey, ValueCommitment},
 };
--- a/zcash_proofs/src/sapling/verifier.rs
+++ b/zcash_proofs/src/sapling/verifier.rs
@ -1,10 +1,10 @@
-use bellman::groth16::{verify_proof, PreparedVerifyingKey, Proof};
+use bellman::{
+    gadgets::multipack,
+    groth16::{verify_proof, PreparedVerifyingKey, Proof},
+};
 use ff::Field;
 use pairing::bls12_381::{Bls12, Fr};
-use sapling_crypto::{
-    circuit::multipack,
-    jubjub::{edwards, FixedGenerators, JubjubBls12, Unknown},
-};
+use sapling_crypto::jubjub::{edwards, FixedGenerators, JubjubBls12, Unknown};
 use zcash_primitives::{
    redjubjub::{PublicKey, Signature},
    transaction::components::Amount,