Merge branch 'master' into feat/format-specifiers

CODE_OF_CONDUCT.md

@@ -26,7 +26,7 @@ Examples of unacceptable behavior by participants include:
   advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or electronic
+* Publishing others' private information, such as physical or electronic
   address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
   professional setting
@@ -70,4 +70,4 @@ members of the project's leadership.
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 
-[homepage]: https://www.contributor-covenant.org
+[homepage]: https://www.contributor-covenant.org

README.md

@@ -5,7 +5,7 @@
 [![PkgGoDev](https://pkg.go.dev/badge/mod/github.com/consensys/gnark)](https://pkg.go.dev/mod/github.com/consensys/gnark)
 [![Documentation Status](https://readthedocs.com/projects/pegasys-gnark/badge/)][`gnark` User Documentation] [![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.5819104.svg)](https://doi.org/10.5281/zenodo.5819104)
 
-`gnark` is a fast zk-SNARK library that offers a high-level API to design circuits. The library is open source and developed under the Apache 2.0 license.
+`gnark` is a fast zk-SNARK library that offers a high-level API to design circuits. The library is open-source and developed under the Apache 2.0 license.
 
 `gnark` uses [`gnark-crypto`] for the finite-field arithmetic and out-circuit implementation of cryptographic algorithms.
 
@@ -29,7 +29,7 @@ Checkout the [online playground][`gnark` Playground] to compile circuits and vis
 
 ## Security
 
-**`gnark` and [`gnark-crypto`] have been [extensively audited](#audits), but are provided as-is, we make no guarantees or warranties to its safety and reliability. In particular, `gnark` makes no security guarantees such as constant time implementation or side-channel attack resistance.**
+**`gnark` and [`gnark-crypto`] have been [extensively audited](#audits), but are provided as-is, we make no guarantees or warranties to their safety and reliability. In particular, `gnark` makes no security guarantees such as constant time implementation or side-channel attack resistance.**
 
 **To report a security bug, please refer to [`gnark` Security Policy](SECURITY.md).**
 
@@ -56,7 +56,7 @@ The tests are automatically run during every PR and merge commit. We run full te
 
 ## Performance
 
-`gnark` and `gnark-crypto` packages are optimized for 64bits architectures (x86 `amd64`) using assembly operations. We have generic implementation of the same arithmetic algorithms for ARM backends (`arm64`). We do not implement vector operations.
+`gnark` and `gnark-crypto` packages are optimized for 64bits architectures (x86 `amd64`) using assembly operations. We have a generic implementation of the same arithmetic algorithms for ARM backends (`arm64`). We do not implement vector operations.
 
 ## Backwards compatibility
 
@@ -228,4 +228,4 @@ This project is licensed under the Apache 2 License - see the [LICENSE](LICENSE)
 [`gnark-announce`]: https://groups.google.com/g/gnark-announce
 [@gnark_team]: https://twitter.com/gnark_team
 [`gnark-crypto`]: https://github.com/Consensys/gnark-crypto
-[`gnark-solidity-checker`]: https://github.com/Consensys/gnark-solidity-checker
+[`gnark-solidity-checker`]: https://github.com/Consensys/gnark-solidity-checker

SECURITY.md

@@ -28,7 +28,7 @@ Issues in the **PUBLIC** track affect niche configurations, have very limited im
 
 Issues in the **PRIVATE** track are violations of committed security properties.
 
-**PRIVATE** track issues are fixed in the next scheduled minor releases , and are kept private until then.
+**PRIVATE** track issues are fixed in the next scheduled minor releases, and are kept private until then.
 
 Three to seven days before the release, a pre-announcement is sent to [`gnark-announce`] and [@gnark_team], announcing the presence of a security fix in the upcoming releases, and which component in gnark is affected; compiler, constraint system or proof system (but not disclosing any more details).
 
@@ -59,4 +59,4 @@ This process can take some time, especially when coordination is required with m
 The best way to receive security announcements is to subscribe to the [`gnark-announce`] mailing list. Any messages pertaining to a security issue will be prefixed with \[security\].
 
 [`gnark-announce`]: https://groups.google.com/g/gnark-announce
-[@gnark_team]: https://twitter.com/gnark_team
+[@gnark_team]: https://twitter.com/gnark_team

backend/groth16/bn254/solidity.go

@@ -206,7 +206,7 @@ contract Verifier {
     /// @notice Will revert with InvalidProof() if
     ///   * the input is not a square,
     ///   * the hint is incorrect, or
-    ///   * the input coefficents are not reduced.
+    ///   * the input coefficients are not reduced.
     /// @param a0 The real part of the input.
     /// @param a1 The imaginary part of the input.
     /// @param hint A hint which of two possible signs to pick in the equation.

frontend/api.go

@@ -24,7 +24,7 @@ type API interface {
 	// doing:
 	//
 	//     acopy := api.Mul(a, 1)
-	//     acopy = MulAcc(acopy, b, c)
+	//     acopy = api.MulAcc(acopy, b, c)
 	//
 	// ! But it may not modify a, always use MulAcc(...) result for correctness.
 	MulAcc(a, b, c Variable) Variable
@@ -146,7 +146,7 @@ type API interface {
 	ConstantValue(v Variable) (*big.Int, bool)
 }
 
-// BatchInvert returns a slice of variables containing the inverse of each element in i1
+// BatchInverter returns a slice of variables containing the inverse of each element in i1
 // This is a temporary API, do not use it in your circuit
 type BatchInverter interface {
 	// BatchInvert returns a slice of variables containing the inverse of each element in i1

frontend/builder.go

@@ -14,7 +14,7 @@ type NewBuilder func(*big.Int, CompileConfig) (Builder, error)
 type Compiler interface {
 	constraint.CustomizableSystem
 
-	// MarkBoolean sets (but do not constraint!) v to be boolean
+	// MarkBoolean sets (but does not constrain!) v to be boolean
 	// This is useful in scenarios where a variable is known to be boolean through a constraint
 	// that is not api.AssertIsBoolean. If v is a constant, this is a no-op.
 	MarkBoolean(v Variable)

frontend/variable.go

@@ -13,7 +13,7 @@ import (
 type Variable interface{}
 
 // IsCanonical returns true if the Variable has been normalized in a (internal) LinearExpression
-// by one of the constraint system builder. In other words, if the Variable is a circuit input OR
+// by one of the constraint system builders. In other words, if the Variable is a circuit input OR
 // returned by the API.
 func IsCanonical(v Variable) bool {
 	switch v.(type) {

logger/logger.go

@@ -29,7 +29,7 @@ func SetOutput(w io.Writer) {
 	logger = logger.Output(w)
 }
 
-// Set allow a gnark user to overhide the global logger
+// Set allows a gnark user to overhide the global logger
 func Set(l zerolog.Logger) {
 	logger = l
 }

profile/profile.go

@@ -26,7 +26,7 @@ var (
 // Profile represents an active constraint system profiling session.
 type Profile struct {
 	// defaults to ./gnark.pprof
-	// if blank, profiile is not written to disk
+	// if blank, profile is not written to disk
 	filePath string
 
 	// actual pprof profile struct

std/algebra/algopts/algopts.go

@@ -5,7 +5,9 @@
 // implementations.
 package algopts
 
-import "fmt"
+import (
+	"errors"
+)
 
 type algebraCfg struct {
 	NbScalarBits       int
@@ -24,7 +26,7 @@ type AlgebraOption func(*algebraCfg) error
 func WithNbScalarBits(bits int) AlgebraOption {
 	return func(ac *algebraCfg) error {
 		if ac.NbScalarBits != 0 {
-			return fmt.Errorf("WithNbBits already set")
+			return errors.New("WithNbBits already set")
 		}
 		ac.NbScalarBits = bits
 		return nil
@@ -39,7 +41,7 @@ func WithNbScalarBits(bits int) AlgebraOption {
 func WithFoldingScalarMul() AlgebraOption {
 	return func(ac *algebraCfg) error {
 		if ac.FoldMulti {
-			return fmt.Errorf("withFoldingScalarMul already set")
+			return errors.New("withFoldingScalarMul already set")
 		}
 		ac.FoldMulti = true
 		return nil
@@ -51,7 +53,7 @@ func WithFoldingScalarMul() AlgebraOption {
 func WithCompleteArithmetic() AlgebraOption {
 	return func(ac *algebraCfg) error {
 		if ac.CompleteArithmetic {
-			return fmt.Errorf("WithCompleteArithmetic already set")
+			return errors.New("WithCompleteArithmetic already set")
 		}
 		ac.CompleteArithmetic = true
 		return nil
@@ -70,7 +72,7 @@ func WithCompleteArithmetic() AlgebraOption {
 func WithCanonicalBitRepresentation() AlgebraOption {
 	return func(ac *algebraCfg) error {
 		if ac.ToBitsCanonical {
-			return fmt.Errorf("WithCanonicalBitRepresentation already set")
+			return errors.New("WithCanonicalBitRepresentation already set")
 		}
 		ac.ToBitsCanonical = true
 		return nil

std/algebra/defaults.go

@@ -1,6 +1,7 @@
 package algebra
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/consensys/gnark/frontend"
@@ -58,7 +59,7 @@ func GetCurve[FR emulated.FieldParams, G1El G1ElementT](api frontend.API) (Curve
 		}
 		*s = c
 	default:
-		return ret, fmt.Errorf("unknown type parametrisation")
+		return ret, errors.New("unknown type parametrisation")
 	}
 	return ret, nil
 }
@@ -94,7 +95,7 @@ func GetPairing[G1El G1ElementT, G2El G2ElementT, GtEl GtElementT](api frontend.
 		p := sw_bls24315.NewPairing(api)
 		*s = p
 	default:
-		return ret, fmt.Errorf("unknown type parametrisation")
+		return ret, errors.New("unknown type parametrisation")
 	}
 	return ret, nil
 }

std/algebra/emulated/sw_emulated/hints.go

@@ -2,6 +2,7 @@ package sw_emulated
 
 import (
 	"crypto/elliptic"
+	"errors"
 	"fmt"
 	"math/big"
 
@@ -42,10 +43,10 @@ func GetHints() []solver.Hint {
 func decomposeScalarG1Subscalars(mod *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	return emulated.UnwrapHint(inputs, outputs, func(field *big.Int, inputs, outputs []*big.Int) error {
 		if len(inputs) != 2 {
-			return fmt.Errorf("expecting two inputs")
+			return errors.New("expecting two inputs")
 		}
 		if len(outputs) != 2 {
-			return fmt.Errorf("expecting two outputs")
+			return errors.New("expecting two outputs")
 		}
 		glvBasis := new(ecc.Lattice)
 		ecc.PrecomputeLattice(field, inputs[1], glvBasis)
@@ -71,10 +72,10 @@ func decomposeScalarG1Subscalars(mod *big.Int, inputs []*big.Int, outputs []*big
 func decomposeScalarG1Signs(mod *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	return emulated.UnwrapHintWithNativeOutput(inputs, outputs, func(field *big.Int, inputs, outputs []*big.Int) error {
 		if len(inputs) != 2 {
-			return fmt.Errorf("expecting two inputs")
+			return errors.New("expecting two inputs")
 		}
 		if len(outputs) != 2 {
-			return fmt.Errorf("expecting two outputs")
+			return errors.New("expecting two outputs")
 		}
 		glvBasis := new(ecc.Lattice)
 		ecc.PrecomputeLattice(field, inputs[1], glvBasis)
@@ -97,10 +98,10 @@ func decomposeScalarG1Signs(mod *big.Int, inputs []*big.Int, outputs []*big.Int)
 func scalarMulHint(_ *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	return emulated.UnwrapHintWithNativeInput(inputs, outputs, func(field *big.Int, inputs, outputs []*big.Int) error {
 		if len(outputs) != 2 {
-			return fmt.Errorf("expecting two outputs")
+			return errors.New("expecting two outputs")
 		}
 		if len(outputs) != 2 {
-			return fmt.Errorf("expecting two outputs")
+			return errors.New("expecting two outputs")
 		}
 		if field.Cmp(elliptic.P256().Params().P) == 0 {
 			var fp emparams.P256Fp
@@ -282,7 +283,7 @@ func scalarMulHint(_ *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 			P.Y.BigInt(outputs[1])
 
 		} else {
-			return fmt.Errorf("unsupported curve")
+			return errors.New("unsupported curve")
 		}
 
 		return nil

std/algebra/native/sw_bls12377/hints.go

@@ -1,7 +1,7 @@
 package sw_bls12377
 
 import (
-	"fmt"
+	"errors"
 	"math/big"
 
 	"github.com/consensys/gnark-crypto/ecc"
@@ -27,10 +27,10 @@ func init() {
 
 func decomposeScalarG1Simple(scalarField *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	if len(inputs) != 1 {
-		return fmt.Errorf("expecting one input")
+		return errors.New("expecting one input")
 	}
 	if len(outputs) != 2 {
-		return fmt.Errorf("expecting two outputs")
+		return errors.New("expecting two outputs")
 	}
 	cc := getInnerCurveConfig(scalarField)
 	sp := ecc.SplitScalar(inputs[0], cc.glvBasis)
@@ -42,10 +42,10 @@ func decomposeScalarG1Simple(scalarField *big.Int, inputs []*big.Int, outputs []
 
 func decomposeScalarG1(scalarField *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	if len(inputs) != 1 {
-		return fmt.Errorf("expecting one input")
+		return errors.New("expecting one input")
 	}
 	if len(outputs) != 3 {
-		return fmt.Errorf("expecting three outputs")
+		return errors.New("expecting three outputs")
 	}
 	cc := getInnerCurveConfig(scalarField)
 	sp := ecc.SplitScalar(inputs[0], cc.glvBasis)
@@ -69,10 +69,10 @@ func decomposeScalarG1(scalarField *big.Int, inputs []*big.Int, outputs []*big.I
 
 func decomposeScalarG2(scalarField *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	if len(inputs) != 1 {
-		return fmt.Errorf("expecting one input")
+		return errors.New("expecting one input")
 	}
 	if len(outputs) != 3 {
-		return fmt.Errorf("expecting three outputs")
+		return errors.New("expecting three outputs")
 	}
 	cc := getInnerCurveConfig(scalarField)
 	sp := ecc.SplitScalar(inputs[0], cc.glvBasis)
@@ -96,10 +96,10 @@ func decomposeScalarG2(scalarField *big.Int, inputs []*big.Int, outputs []*big.I
 
 func scalarMulGLVG1Hint(scalarField *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	if len(inputs) != 3 {
-		return fmt.Errorf("expecting three inputs")
+		return errors.New("expecting three inputs")
 	}
 	if len(outputs) != 2 {
-		return fmt.Errorf("expecting two outputs")
+		return errors.New("expecting two outputs")
 	}
 
 	// compute the resulting point [s]Q
@@ -114,10 +114,10 @@ func scalarMulGLVG1Hint(scalarField *big.Int, inputs []*big.Int, outputs []*big.
 
 func halfGCDEisenstein(scalarField *big.Int, inputs []*big.Int, outputs []*big.Int) error {
 	if len(inputs) != 2 {
-		return fmt.Errorf("expecting two input")
+		return errors.New("expecting two input")
 	}
 	if len(outputs) != 5 {
-		return fmt.Errorf("expecting five outputs")
+		return errors.New("expecting five outputs")
 	}
 	cc := getInnerCurveConfig(scalarField)
 	glvBasis := new(ecc.Lattice)
@@ -168,10 +168,10 @@ func halfGCDEisenstein(scalarField *big.Int, inputs []*big.Int, outputs []*big.I
 
 func halfGCDEisensteinSigns(scalarField *big.Int, inputs, outputs []*big.Int) error {
 	if len(inputs) != 2 {
-		return fmt.Errorf("expecting two input")
+		return errors.New("expecting two input")
 	}
 	if len(outputs) != 5 {
-		return fmt.Errorf("expecting five outputs")
+		return errors.New("expecting five outputs")
 	}
 	cc := getInnerCurveConfig(scalarField)
 	glvBasis := new(ecc.Lattice)

std/algebra/native/sw_bls12377/pairing2.go

@@ -1,6 +1,7 @@
 package sw_bls12377
 
 import (
+	"errors"
 	"fmt"
 	"math/big"
 	"slices"
@@ -28,7 +29,7 @@ type Curve struct {
 func NewCurve(api frontend.API) (*Curve, error) {
 	f, err := emulated.NewField[ScalarField](api)
 	if err != nil {
-		return nil, fmt.Errorf("scalar field")
+		return nil, errors.New("scalar field")
 	}
 	return &Curve{
 		api: api,
@@ -166,7 +167,7 @@ func (c *Curve) MultiScalarMul(P []*G1Affine, scalars []*Scalar, opts ...algopts
 	}
 	if !cfg.FoldMulti {
 		if len(P) != len(scalars) {
-			return nil, fmt.Errorf("mismatching points and scalars slice lengths")
+			return nil, errors.New("mismatching points and scalars slice lengths")
 		}
 		// points and scalars must be non-zero
 		n := len(P)
@@ -184,7 +185,7 @@ func (c *Curve) MultiScalarMul(P []*G1Affine, scalars []*Scalar, opts ...algopts
 	} else {
 		// scalars are powers
 		if len(scalars) == 0 {
-			return nil, fmt.Errorf("need scalar for folding")
+			return nil, errors.New("need scalar for folding")
 		}
 		gamma := c.packScalarToVar(scalars[0])
 		// decompose gamma in the endomorphism eigenvalue basis and bit-decompose the sub-scalars