From 36492ddc17a00f0c1b7f77cec2d4a37ec6b123fd Mon Sep 17 00:00:00 2001 From: kilic Date: Fri, 29 Dec 2023 01:42:33 +0300 Subject: [PATCH] update `halo2curves` to 0.5.0 --- halo2_proofs/Cargo.toml | 2 +- halo2_proofs/src/dev/cost.rs | 6 +- halo2_proofs/src/poly/kzg/commitment.rs | 48 ++++++------- halo2_proofs/src/poly/kzg/msm.rs | 67 ++++++++++++++----- .../src/poly/kzg/multiopen/gwc/prover.rs | 6 +- .../src/poly/kzg/multiopen/gwc/verifier.rs | 9 +-- .../src/poly/kzg/multiopen/shplonk/prover.rs | 22 +++--- .../poly/kzg/multiopen/shplonk/verifier.rs | 18 ++--- halo2_proofs/src/poly/kzg/strategy.rs | 57 +++++++++++----- rust-toolchain | 2 +- 10 files changed, 150 insertions(+), 87 deletions(-) diff --git a/halo2_proofs/Cargo.toml b/halo2_proofs/Cargo.toml index 7393de10..15bd97e7 100644 --- a/halo2_proofs/Cargo.toml +++ b/halo2_proofs/Cargo.toml @@ -51,7 +51,7 @@ harness = false backtrace = { version = "0.3", optional = true } ff = "0.13" group = "0.13" -halo2curves = { version = "0.1.0" } +halo2curves = { version = "0.5.0" } rand_core = { version = "0.6", default-features = false } tracing = "0.1" blake2b_simd = "1" # MSRV 1.66.0 diff --git a/halo2_proofs/src/dev/cost.rs b/halo2_proofs/src/dev/cost.rs index 1f131a2d..735f1f0d 100644 --- a/halo2_proofs/src/dev/cost.rs +++ b/halo2_proofs/src/dev/cost.rs @@ -102,11 +102,11 @@ impl Layout { total_rows: 0, total_advice_rows: 0, total_fixed_rows: 0, - /// Any cells assigned outside of a region. + // Any cells assigned outside of a region. loose_cells: vec![], - /// Pairs of cells between which we have equality constraints. + // Pairs of cells between which we have equality constraints. equality: vec![], - /// Selector assignments used for optimization pass + // Selector assignments used for optimization pass selectors: vec![vec![false; n]; num_selectors], } } diff --git a/halo2_proofs/src/poly/kzg/commitment.rs b/halo2_proofs/src/poly/kzg/commitment.rs index c9157f84..114b9ac0 100644 --- a/halo2_proofs/src/poly/kzg/commitment.rs +++ b/halo2_proofs/src/poly/kzg/commitment.rs @@ -7,6 +7,7 @@ use crate::SerdeFormat; use ff::{Field, PrimeField}; use group::{prime::PrimeCurveAffine, Curve, Group}; use halo2curves::pairing::Engine; +use halo2curves::CurveExt; use rand_core::{OsRng, RngCore}; use std::fmt::Debug; use std::marker::PhantomData; @@ -34,11 +35,11 @@ pub struct KZGCommitmentScheme { impl CommitmentScheme for KZGCommitmentScheme where - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { - type Scalar = E::Scalar; + type Scalar = E::Fr; type Curve = E::G1Affine; type ParamsProver = ParamsKZG; @@ -55,19 +56,20 @@ where impl ParamsKZG where - E::Scalar: PrimeField, + E::G1Affine: SerdeCurveAffine, + E::G1: CurveExt, { /// Initializes parameters for the curve, draws toxic secret from given rng. /// MUST NOT be used in production. pub fn setup(k: u32, rng: R) -> Self { - // Largest root of unity exponent of the Engine is `2^E::Scalar::S`, so we can - // only support FFTs of polynomials below degree `2^E::Scalar::S`. - assert!(k <= E::Scalar::S); + // Largest root of unity exponent of the Engine is `2^E::Fr::S`, so we can + // only support FFTs of polynomials below degree `2^E::Fr::S`. + assert!(k <= E::Fr::S); let n: u64 = 1 << k; // Calculate g = [G1, [s] G1, [s^2] G1, ..., [s^(n-1)] G1] in parallel. let g1 = E::G1Affine::generator(); - let s = ::random(rng); + let s = ::random(rng); let mut g_projective = vec![E::G1::identity(); n as usize]; parallelize(&mut g_projective, |g, start| { @@ -88,14 +90,14 @@ where }; let mut g_lagrange_projective = vec![E::G1::identity(); n as usize]; - let mut root = E::Scalar::ROOT_OF_UNITY; - for _ in k..E::Scalar::S { + let mut root = E::Fr::ROOT_OF_UNITY; + for _ in k..E::Fr::S { root = root.square(); } - let n_inv = E::Scalar::from(n) + let n_inv = E::Fr::from(n) .invert() .expect("inversion should be ok for n = 1<(&self, writer: &mut W, format: SerdeFormat) -> io::Result<()> where - E::G1Affine: SerdeCurveAffine, E::G2Affine: SerdeCurveAffine, { writer.write_all(&self.k.to_le_bytes())?; @@ -182,7 +183,6 @@ where /// Reads params from a buffer. pub fn read_custom(reader: &mut R, format: SerdeFormat) -> io::Result where - E::G1Affine: SerdeCurveAffine, E::G2Affine: SerdeCurveAffine, { let mut k = [0u8; 4]; @@ -274,8 +274,8 @@ pub type ParamsVerifierKZG = ParamsKZG; impl<'params, E: Engine + Debug> Params<'params, E::G1Affine> for ParamsKZG where - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { type MSM = MSMKZG; @@ -302,11 +302,7 @@ where MSMKZG::new() } - fn commit_lagrange( - &self, - poly: &Polynomial, - _: Blind, - ) -> E::G1 { + fn commit_lagrange(&self, poly: &Polynomial, _: Blind) -> E::G1 { let mut scalars = Vec::with_capacity(poly.len()); scalars.extend(poly.iter()); let bases = &self.g_lagrange; @@ -328,16 +324,16 @@ where impl<'params, E: Engine + Debug> ParamsVerifier<'params, E::G1Affine> for ParamsKZG where - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { } impl<'params, E: Engine + Debug> ParamsProver<'params, E::G1Affine> for ParamsKZG where - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { type ParamsVerifier = ParamsVerifierKZG; @@ -350,7 +346,7 @@ where Self::setup(k, OsRng) } - fn commit(&self, poly: &Polynomial, _: Blind) -> E::G1 { + fn commit(&self, poly: &Polynomial, _: Blind) -> E::G1 { let mut scalars = Vec::with_capacity(poly.len()); scalars.extend(poly.iter()); let bases = &self.g; diff --git a/halo2_proofs/src/poly/kzg/msm.rs b/halo2_proofs/src/poly/kzg/msm.rs index 77758d1b..f9b8c284 100644 --- a/halo2_proofs/src/poly/kzg/msm.rs +++ b/halo2_proofs/src/poly/kzg/msm.rs @@ -6,16 +6,27 @@ use crate::{ poly::commitment::MSM, }; use group::{Curve, Group}; -use halo2curves::pairing::{Engine, MillerLoopResult, MultiMillerLoop}; +use halo2curves::{ + pairing::{Engine, MillerLoopResult, MultiMillerLoop}, + CurveAffine, CurveExt, +}; /// A multiscalar multiplication in the polynomial commitment scheme #[derive(Clone, Default, Debug)] -pub struct MSMKZG { - pub(crate) scalars: Vec, +pub struct MSMKZG +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ + pub(crate) scalars: Vec, pub(crate) bases: Vec, } -impl MSMKZG { +impl MSMKZG +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ /// Create an empty MSM instance pub fn new() -> Self { MSMKZG { @@ -25,9 +36,9 @@ impl MSMKZG { } /// Prepares all scalars in the MSM to linear combination - pub fn combine_with_base(&mut self, base: E::Scalar) { + pub fn combine_with_base(&mut self, base: E::Fr) { use ff::Field; - let mut acc = E::Scalar::ONE; + let mut acc = E::Fr::ONE; if !self.scalars.is_empty() { for scalar in self.scalars.iter_mut().rev() { *scalar *= &acc; @@ -37,8 +48,12 @@ impl MSMKZG { } } -impl MSM for MSMKZG { - fn append_term(&mut self, scalar: E::Scalar, point: E::G1) { +impl MSM for MSMKZG +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ + fn append_term(&mut self, scalar: E::Fr, point: E::G1) { self.scalars.push(scalar); self.bases.push(point); } @@ -48,7 +63,7 @@ impl MSM for MSMKZG { self.bases.extend(other.bases().iter()); } - fn scale(&mut self, factor: E::Scalar) { + fn scale(&mut self, factor: E::Fr) { if !self.scalars.is_empty() { parallelize(&mut self.scalars, |scalars, _| { for other_scalar in scalars { @@ -73,18 +88,26 @@ impl MSM for MSMKZG { self.bases.clone() } - fn scalars(&self) -> Vec { + fn scalars(&self) -> Vec { self.scalars.clone() } } /// A projective point collector #[derive(Debug, Clone)] -pub(crate) struct PreMSM { +pub(crate) struct PreMSM +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ projectives_msms: Vec>, } -impl PreMSM { +impl PreMSM +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ pub(crate) fn new() -> Self { PreMSM { projectives_msms: vec![], @@ -109,7 +132,11 @@ impl PreMSM { } } -impl<'params, E: MultiMillerLoop + Debug> From<&'params ParamsKZG> for DualMSM<'params, E> { +impl<'params, E: MultiMillerLoop + Debug> From<&'params ParamsKZG> for DualMSM<'params, E> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ fn from(params: &'params ParamsKZG) -> Self { DualMSM::new(params) } @@ -117,13 +144,21 @@ impl<'params, E: MultiMillerLoop + Debug> From<&'params ParamsKZG> for DualMS /// Two channel MSM accumulator #[derive(Debug, Clone)] -pub struct DualMSM<'a, E: Engine> { +pub struct DualMSM<'a, E: Engine> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ pub(crate) params: &'a ParamsKZG, pub(crate) left: MSMKZG, pub(crate) right: MSMKZG, } -impl<'a, E: MultiMillerLoop + Debug> DualMSM<'a, E> { +impl<'a, E: MultiMillerLoop + Debug> DualMSM<'a, E> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ /// Create a new two channel MSM accumulator instance pub fn new(params: &'a ParamsKZG) -> Self { Self { @@ -134,7 +169,7 @@ impl<'a, E: MultiMillerLoop + Debug> DualMSM<'a, E> { } /// Scale all scalars in the MSM by some scaling factor - pub fn scale(&mut self, e: E::Scalar) { + pub fn scale(&mut self, e: E::Fr) { self.left.scale(e); self.right.scale(e); } diff --git a/halo2_proofs/src/poly/kzg/multiopen/gwc/prover.rs b/halo2_proofs/src/poly/kzg/multiopen/gwc/prover.rs index 8add3eef..ecea01cb 100644 --- a/halo2_proofs/src/poly/kzg/multiopen/gwc/prover.rs +++ b/halo2_proofs/src/poly/kzg/multiopen/gwc/prover.rs @@ -8,9 +8,9 @@ use crate::poly::query::ProverQuery; use crate::poly::{commitment::Blind, Polynomial}; use crate::transcript::{EncodedChallenge, TranscriptWrite}; -use ff::PrimeField; use group::Curve; use halo2curves::pairing::Engine; +use halo2curves::CurveExt; use rand_core::RngCore; use std::fmt::Debug; use std::io; @@ -25,8 +25,8 @@ pub struct ProverGWC<'params, E: Engine> { /// Create a multi-opening proof impl<'params, E: Engine + Debug> Prover<'params, KZGCommitmentScheme> for ProverGWC<'params, E> where - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { const QUERY_INSTANCE: bool = false; diff --git a/halo2_proofs/src/poly/kzg/multiopen/gwc/verifier.rs b/halo2_proofs/src/poly/kzg/multiopen/gwc/verifier.rs index 776c8408..fcfda694 100644 --- a/halo2_proofs/src/poly/kzg/multiopen/gwc/verifier.rs +++ b/halo2_proofs/src/poly/kzg/multiopen/gwc/verifier.rs @@ -13,8 +13,9 @@ use crate::poly::query::{CommitmentReference, VerifierQuery}; use crate::poly::Error; use crate::transcript::{EncodedChallenge, TranscriptRead}; -use ff::{Field, PrimeField}; +use ff::Field; use halo2curves::pairing::{Engine, MultiMillerLoop}; +use halo2curves::CurveExt; #[derive(Debug)] /// Concrete KZG verifier with GWC variant @@ -25,8 +26,8 @@ pub struct VerifierGWC<'params, E: Engine> { impl<'params, E> Verifier<'params, KZGCommitmentScheme> for VerifierGWC<'params, E> where E: MultiMillerLoop + Debug, - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { type Guard = GuardKZG<'params, E>; @@ -63,7 +64,7 @@ where let u: ChallengeU<_> = transcript.squeeze_challenge_scalar(); let mut commitment_multi = MSMKZG::::new(); - let mut eval_multi = E::Scalar::ZERO; + let mut eval_multi = E::Fr::ZERO; let mut witness = MSMKZG::::new(); let mut witness_with_aux = MSMKZG::::new(); diff --git a/halo2_proofs/src/poly/kzg/multiopen/shplonk/prover.rs b/halo2_proofs/src/poly/kzg/multiopen/shplonk/prover.rs index 31fe3a0c..b18bf491 100644 --- a/halo2_proofs/src/poly/kzg/multiopen/shplonk/prover.rs +++ b/halo2_proofs/src/poly/kzg/multiopen/shplonk/prover.rs @@ -13,9 +13,10 @@ use crate::poly::{Coeff, Polynomial}; use crate::transcript::{EncodedChallenge, TranscriptWrite}; use crate::multicore::IntoParallelIterator; -use ff::{Field, PrimeField}; +use ff::Field; use group::Curve; use halo2curves::pairing::Engine; +use halo2curves::CurveExt; use rand_core::RngCore; use std::fmt::Debug; use std::io; @@ -107,8 +108,9 @@ impl<'a, E: Engine> ProverSHPLONK<'a, E> { impl<'params, E: Engine + Debug> Prover<'params, KZGCommitmentScheme> for ProverSHPLONK<'params, E> where - E::Scalar: Ord + PrimeField, - E::G1Affine: SerdeCurveAffine, + E::Fr: Ord, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { const QUERY_INSTANCE: bool = false; @@ -166,7 +168,7 @@ where // Q_i(X) = N_i(X) / Z_i(X) where // Z_i(X) = (x - r_i_0) * (x - r_i_1) * ... let mut poly = div_by_vanishing(n_x, points); - poly.resize(self.params.n as usize, E::Scalar::ZERO); + poly.resize(self.params.n as usize, E::Fr::ZERO); Polynomial { values: poly, @@ -202,7 +204,7 @@ where .map(quotient_contribution) .collect::>(); - let h_x: Polynomial = quotient_polynomials + let h_x: Polynomial = quotient_polynomials .into_iter() .zip(powers(*v)) .map(|(poly, power_of_v)| poly * power_of_v) @@ -240,7 +242,7 @@ where // and combine polynomials with same evaluation point set // L_i(X) = linear_combination(y, L_i_j(X)) // where y is random scalar to combine inner contributors - let l_x: Polynomial = inner_contributions + let l_x: Polynomial = inner_contributions .into_iter() .zip(powers(*y)) .map(|(poly, power_of_y)| poly * power_of_y) @@ -253,14 +255,14 @@ where #[allow(clippy::type_complexity)] let (linearisation_contributions, z_diffs): ( - Vec>, - Vec, + Vec>, + Vec, ) = rotation_sets .into_par_iter() .map(linearisation_contribution) .unzip(); - let l_x: Polynomial = linearisation_contributions + let l_x: Polynomial = linearisation_contributions .into_iter() .zip(powers(*v)) .map(|(poly, power_of_v)| poly * power_of_v) @@ -275,7 +277,7 @@ where #[cfg(debug_assertions)] { let must_be_zero = eval_polynomial(&l_x.values[..], *u); - assert_eq!(must_be_zero, E::Scalar::ZERO); + assert_eq!(must_be_zero, E::Fr::ZERO); } let mut h_x = div_by_vanishing(l_x, &[*u]); diff --git a/halo2_proofs/src/poly/kzg/multiopen/shplonk/verifier.rs b/halo2_proofs/src/poly/kzg/multiopen/shplonk/verifier.rs index 53930f88..5d039401 100644 --- a/halo2_proofs/src/poly/kzg/multiopen/shplonk/verifier.rs +++ b/halo2_proofs/src/poly/kzg/multiopen/shplonk/verifier.rs @@ -15,8 +15,9 @@ use crate::poly::kzg::strategy::GuardKZG; use crate::poly::query::{CommitmentReference, VerifierQuery}; use crate::poly::Error; use crate::transcript::{EncodedChallenge, TranscriptRead}; -use ff::{Field, PrimeField}; +use ff::Field; use halo2curves::pairing::{Engine, MultiMillerLoop}; +use halo2curves::CurveExt; use std::ops::MulAssign; /// Concrete KZG multiopen verifier with SHPLONK variant @@ -28,8 +29,9 @@ pub struct VerifierSHPLONK<'params, E: Engine> { impl<'params, E> Verifier<'params, KZGCommitmentScheme> for VerifierSHPLONK<'params, E> where E: MultiMillerLoop + Debug, - E::Scalar: PrimeField + Ord, - E::G1Affine: SerdeCurveAffine, + E::Fr: Ord, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { type Guard = GuardKZG<'params, E>; @@ -69,10 +71,10 @@ where let u: ChallengeU<_> = transcript.squeeze_challenge_scalar(); let h2 = transcript.read_point().map_err(|_| Error::SamplingError)?; - let (mut z_0_diff_inverse, mut z_0) = (E::Scalar::ZERO, E::Scalar::ZERO); - let (mut outer_msm, mut r_outer_acc) = (PreMSM::::new(), E::Scalar::ZERO); + let (mut z_0_diff_inverse, mut z_0) = (E::Fr::ZERO, E::Fr::ZERO); + let (mut outer_msm, mut r_outer_acc) = (PreMSM::::new(), E::Fr::ZERO); for (i, (rotation_set, power_of_v)) in rotation_sets.iter().zip(powers(*v)).enumerate() { - let diffs: Vec = super_point_set + let diffs: Vec = super_point_set .iter() .filter(|point| !rotation_set.points.contains(point)) .copied() @@ -83,7 +85,7 @@ where if i == 0 { z_0 = evaluate_vanishing_polynomial(&rotation_set.points[..], *u); z_0_diff_inverse = z_diff_i.invert().unwrap(); - z_diff_i = E::Scalar::ONE; + z_diff_i = E::Fr::ONE; } else { z_diff_i.mul_assign(z_0_diff_inverse); } @@ -129,7 +131,7 @@ where outer_msm.append_term(-z_0, h1.into()); outer_msm.append_term(*u, h2.into()); - msm_accumulator.left.append_term(E::Scalar::ONE, h2.into()); + msm_accumulator.left.append_term(E::Fr::ONE, h2.into()); msm_accumulator.right.add_msm(&outer_msm); diff --git a/halo2_proofs/src/poly/kzg/strategy.rs b/halo2_proofs/src/poly/kzg/strategy.rs index 14b6565b..ee80d800 100644 --- a/halo2_proofs/src/poly/kzg/strategy.rs +++ b/halo2_proofs/src/poly/kzg/strategy.rs @@ -10,30 +10,41 @@ use crate::{ strategy::{Guard, VerificationStrategy}, }, }; -use ff::{Field, PrimeField}; -use halo2curves::pairing::{Engine, MultiMillerLoop}; +use ff::Field; +use halo2curves::{ + pairing::{Engine, MultiMillerLoop}, + CurveAffine, CurveExt, +}; use rand_core::OsRng; use std::fmt::Debug; /// Wrapper for linear verification accumulator #[derive(Debug, Clone)] -pub struct GuardKZG<'params, E: MultiMillerLoop + Debug> { +pub struct GuardKZG<'params, E: MultiMillerLoop + Debug> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ pub(crate) msm_accumulator: DualMSM<'params, E>, } /// Define accumulator type as `DualMSM` impl<'params, E> Guard> for GuardKZG<'params, E> where - E::Scalar: PrimeField, E: MultiMillerLoop + Debug, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { type MSMAccumulator = DualMSM<'params, E>; } /// KZG specific operations -impl<'params, E: MultiMillerLoop + Debug> GuardKZG<'params, E> { +impl<'params, E: MultiMillerLoop + Debug> GuardKZG<'params, E> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ pub(crate) fn new(msm_accumulator: DualMSM<'params, E>) -> Self { Self { msm_accumulator } } @@ -41,11 +52,19 @@ impl<'params, E: MultiMillerLoop + Debug> GuardKZG<'params, E> { /// A verifier that checks multiple proofs in a batch #[derive(Clone, Debug)] -pub struct AccumulatorStrategy<'params, E: Engine> { +pub struct AccumulatorStrategy<'params, E: Engine> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ pub(crate) msm_accumulator: DualMSM<'params, E>, } -impl<'params, E: MultiMillerLoop + Debug> AccumulatorStrategy<'params, E> { +impl<'params, E: MultiMillerLoop + Debug> AccumulatorStrategy<'params, E> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ /// Constructs an empty batch verifier pub fn new(params: &'params ParamsKZG) -> Self { AccumulatorStrategy { @@ -61,11 +80,19 @@ impl<'params, E: MultiMillerLoop + Debug> AccumulatorStrategy<'params, E> { /// A verifier that checks a single proof #[derive(Clone, Debug)] -pub struct SingleStrategy<'params, E: Engine> { +pub struct SingleStrategy<'params, E: Engine> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ pub(crate) msm: DualMSM<'params, E>, } -impl<'params, E: MultiMillerLoop + Debug> SingleStrategy<'params, E> { +impl<'params, E: MultiMillerLoop + Debug> SingleStrategy<'params, E> +where + E::G1Affine: CurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, +{ /// Constructs an empty batch verifier pub fn new(params: &'params ParamsKZG) -> Self { SingleStrategy { @@ -85,8 +112,8 @@ impl< >, > VerificationStrategy<'params, KZGCommitmentScheme, V> for AccumulatorStrategy<'params, E> where - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { type Output = Self; @@ -99,7 +126,7 @@ where mut self, f: impl FnOnce(V::MSMAccumulator) -> Result, ) -> Result { - self.msm_accumulator.scale(E::Scalar::random(OsRng)); + self.msm_accumulator.scale(E::Fr::random(OsRng)); // Guard is updated with new msm contributions let guard = f(self.msm_accumulator)?; @@ -124,8 +151,8 @@ impl< >, > VerificationStrategy<'params, KZGCommitmentScheme, V> for SingleStrategy<'params, E> where - E::Scalar: PrimeField, - E::G1Affine: SerdeCurveAffine, + E::G1Affine: SerdeCurveAffine::Fr, CurveExt = ::G1>, + E::G1: CurveExt, E::G2Affine: SerdeCurveAffine, { type Output = (); diff --git a/rust-toolchain b/rust-toolchain index b6148bc0..65ee0959 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1 +1 @@ -1.66.0 +1.67.0