modify relaxed r1cs

src/constraint_system.rs

@@ -2,14 +2,14 @@ use crate::matrix::Element;
 use crate::r1cs::R1csInstance;
 use crate::wire::Wire;
 
-use zkstd::common::PrimeField;
+use zkstd::common::{Ring, TwistedEdwardsAffine};
 
 #[derive(Debug)]
-pub struct ConstraintSystem<F: PrimeField> {
-    r1cs: R1csInstance<F>,
+pub struct ConstraintSystem<C: TwistedEdwardsAffine> {
+    r1cs: R1csInstance<C>,
 }
 
-impl<F: PrimeField> ConstraintSystem<F> {
+impl<C: TwistedEdwardsAffine> ConstraintSystem<C> {
     /// init constraint system with first instance one
     pub fn new() -> Self {
         Self {
@@ -18,14 +18,14 @@ impl<F: PrimeField> ConstraintSystem<F> {
     }
 
     /// assign instance value to constraint system
-    pub fn public_wire(&mut self, instance: F) -> Wire {
+    pub fn public_wire(&mut self, instance: C::Scalar) -> Wire {
         let index = self.r1cs.witness.public_len();
         self.r1cs.witness.append_instance(instance);
         Wire::instance(index)
     }
 
     /// assign witness value to constraint system
-    pub fn private_wire(&mut self, witness: F) -> Wire {
+    pub fn private_wire(&mut self, witness: C::Scalar) -> Wire {
         let index = self.r1cs.witness.private_len();
         self.r1cs.witness.append_witness(witness);
         Wire::witness(index)
@@ -34,7 +34,7 @@ impl<F: PrimeField> ConstraintSystem<F> {
     /// constrain a + b == c
     pub fn add_constraint(&mut self, a: Wire, b: Wire, c: Wire) {
         self.r1cs.r1cs.append_a(a);
-        self.enable_constraint(b, F::one(), c)
+        self.enable_constraint(b, C::Scalar::one(), c)
     }
 
     /// constrain a * b == c
@@ -44,15 +44,15 @@ impl<F: PrimeField> ConstraintSystem<F> {
 
     /// constrain a == b
     pub fn equal_constraint(&mut self, a: Wire, b: Wire) {
-        self.enable_constraint(a, F::one(), b)
+        self.enable_constraint(a, C::Scalar::one(), b)
     }
 
     /// add constraint internally
     fn enable_constraint(
         &mut self,
-        a: impl Into<Element<F>>,
-        b: impl Into<Element<F>>,
-        c: impl Into<Element<F>>,
+        a: impl Into<Element<C::Scalar>>,
+        b: impl Into<Element<C::Scalar>>,
+        c: impl Into<Element<C::Scalar>>,
     ) {
         self.r1cs.r1cs.append(a, b, c);
         self.r1cs.r1cs.increment()
@@ -68,14 +68,14 @@ impl<F: PrimeField> ConstraintSystem<F> {
 mod tests {
     use super::ConstraintSystem;
 
-    use jub_jub::Fr as Scalar;
+    use jub_jub::{Fr as Scalar, JubjubAffine as Curve};
     use zkstd::common::PrimeField;
 
     #[test]
     fn equal_constraint_test() {
         let x = Scalar::one().double();
 
-        let mut cs = ConstraintSystem::<Scalar>::new();
+        let mut cs = ConstraintSystem::<Curve>::new();
         let (a, b) = (cs.public_wire(x), cs.public_wire(x));
         cs.equal_constraint(a, b);
 
@@ -88,7 +88,7 @@ mod tests {
         let y = Scalar::one().double().double();
         let z = x * y;
 
-        let mut cs = ConstraintSystem::<Scalar>::new();
+        let mut cs = ConstraintSystem::<Curve>::new();
         let (a, b, c) = (cs.public_wire(x), cs.public_wire(y), cs.public_wire(z));
         cs.mul_constraint(a, b, c);
 
@@ -106,7 +106,7 @@ mod tests {
         let five = Scalar::from(5);
         let output = Scalar::from(35);
 
-        let mut cs = ConstraintSystem::<Scalar>::new();
+        let mut cs = ConstraintSystem::<Curve>::new();
         let (a, b, e, f) = (
             cs.public_wire(x),
             cs.public_wire(y),

src/nifs.rs

@@ -2,20 +2,20 @@ use crate::prover::Prover;
 use crate::public_param::PedersenCommitment;
 use crate::r1cs::R1csStructure;
 
-use zkstd::common::{CurveAffine, PrimeField, RngCore};
+use zkstd::common::{PrimeField, RngCore, TwistedEdwardsAffine};
 
-struct Nifs<C: CurveAffine> {
+struct Nifs<C: TwistedEdwardsAffine> {
     pp: PedersenCommitment<C>,
 }
 
-impl<C: CurveAffine> Nifs<C> {
+impl<C: TwistedEdwardsAffine> Nifs<C> {
     pub(crate) fn g(λ: u64, r: impl RngCore) -> PedersenCommitment<C> {
         PedersenCommitment::new(λ, r)
     }
 
     pub(crate) fn k(
         pp: PedersenCommitment<C>,
-        r1cs: R1csStructure<C::Scalar>,
+        r1cs: R1csStructure<C>,
     ) -> (Prover<C>, VerificationKey<C::Scalar>) {
         let digest = pp.digest();
         (Prover { pp, f: r1cs, i: 0 }, VerificationKey { digest })

src/proof.rs

@@ -1,12 +1,9 @@
 use crate::r1cs::{Instance as R1csInstance, Witness as R1csWitness};
 use crate::relaxed_r1cs::{Instance as RelaxedR1csInstance, Witness as RelaxedR1csWitness};
 
-use zkstd::common::CurveAffine;
+use zkstd::common::TwistedEdwardsAffine;
 
-pub(crate) struct IvcProof<C: CurveAffine> {
-    pub(crate) upper_pair: (
-        RelaxedR1csInstance<C::Scalar>,
-        RelaxedR1csWitness<C::Scalar>,
-    ),
-    pub(crate) lower_pair: (R1csInstance<C::Scalar>, R1csWitness<C::Scalar>),
+pub(crate) struct IvcProof<C: TwistedEdwardsAffine> {
+    pub(crate) upper_pair: (RelaxedR1csInstance<C>, RelaxedR1csWitness<C>),
+    pub(crate) lower_pair: (R1csInstance<C::Scalar>, R1csWitness<C>),
 }

src/prover.rs

@@ -2,16 +2,16 @@ use crate::proof::IvcProof;
 use crate::public_param::PedersenCommitment;
 use crate::r1cs::R1csStructure;
 
-use zkstd::common::CurveAffine;
+use zkstd::common::TwistedEdwardsAffine;
 
-pub(crate) struct Prover<C: CurveAffine> {
+pub(crate) struct Prover<C: TwistedEdwardsAffine> {
     pub(crate) pp: PedersenCommitment<C>,
-    pub(crate) f: R1csStructure<C::Scalar>,
+    pub(crate) f: R1csStructure<C>,
     pub(crate) i: usize,
 }
 
-impl<C: CurveAffine> Prover<C> {
-    pub(crate) fn new(pp: PedersenCommitment<C>, f: R1csStructure<C::Scalar>) -> Self {
+impl<C: TwistedEdwardsAffine> Prover<C> {
+    pub(crate) fn new(pp: PedersenCommitment<C>, f: R1csStructure<C>) -> Self {
         Self { pp, f, i: 0 }
     }
 
@@ -28,14 +28,14 @@ impl<C: CurveAffine> Prover<C> {
 
 #[cfg(test)]
 mod tests {
-    use crate::relaxed_r1cs::{Instance as RelaxedR1csInstance, Witness as RelaxedR1csWitness};
+    use crate::relaxed_r1cs::Witness as RelaxedR1csWitness;
     use crate::tests::example_r1cs;
 
-    use jub_jub::Fr as Scalar;
+    use jub_jub::JubjubAffine as Curve;
 
     #[test]
     fn folding_test() {
-        let r1cs = example_r1cs::<Scalar>();
+        let r1cs = example_r1cs::<Curve>();
         let w0 = RelaxedR1csWitness::init(r1cs);
     }
 }

src/r1cs.rs

@@ -10,17 +10,17 @@ use crate::matrix::Element;
 use crate::relaxed_r1cs::RelaxedR1csInstance;
 use crate::wire::Wire;
 
-use zkstd::common::PrimeField;
+use zkstd::common::{Group, TwistedEdwardsAffine};
 
 #[derive(Debug, Default)]
-pub struct R1csInstance<F: PrimeField> {
-    pub(crate) r1cs: R1csStructure<F>,
-    pub(crate) instance: Instance<F>,
-    pub(crate) witness: Witness<F>,
+pub struct R1csInstance<C: TwistedEdwardsAffine> {
+    pub(crate) r1cs: R1csStructure<C>,
+    pub(crate) instance: Instance<C::Scalar>,
+    pub(crate) witness: Witness<C>,
 }
 
-impl<F: PrimeField> R1csInstance<F> {
-    pub(crate) fn new(r1cs: &R1csStructure<F>, witness: &Vec<F>) -> Self {
+impl<C: TwistedEdwardsAffine> R1csInstance<C> {
+    pub(crate) fn new(r1cs: &R1csStructure<C>, witness: &Vec<C::Scalar>) -> Self {
         let (instance, witness) = r1cs.instance_and_witness(witness);
         let r1cs = r1cs.clone();
         Self {
@@ -30,7 +30,7 @@ impl<F: PrimeField> R1csInstance<F> {
         }
     }
 
-    pub(crate) fn relax(&self) -> RelaxedR1csInstance<F> {
+    pub(crate) fn relax(&self) -> RelaxedR1csInstance<C> {
         let relaxed_r1cs = self.r1cs.relax();
         let (witness, instance) = self.witness.relax(self.r1cs.m);
         RelaxedR1csInstance {
@@ -52,8 +52,8 @@ impl<F: PrimeField> R1csInstance<F> {
     }
 
     // dot product for each gate
-    fn dot_product(&self, elements: &Vec<Element<F>>) -> F {
-        elements.iter().fold(F::zero(), |sum, element| {
+    fn dot_product(&self, elements: &Vec<Element<C::Scalar>>) -> C::Scalar {
+        elements.iter().fold(C::Scalar::zero(), |sum, element| {
             let (wire, value) = (element.0, element.1);
             let coeff = match wire {
                 Wire::Witness(index) => self.witness.w[index],
@@ -70,11 +70,11 @@ mod tests {
     use super::{R1csInstance, R1csStructure};
     use crate::tests::{example_r1cs, example_r1cs_witness};
 
-    use jub_jub::Fr as Scalar;
+    use jub_jub::JubjubAffine as Curve;
 
     #[test]
     fn r1cs_instance_test() {
-        let r1cs: R1csStructure<Scalar> = example_r1cs();
+        let r1cs: R1csStructure<Curve> = example_r1cs();
         for i in 0..100 {
             let z = example_r1cs_witness(i);
             let r1cs_instance = R1csInstance::new(&r1cs, &z);

src/r1cs/blueprint.rs

@@ -1,7 +1,7 @@
 use crate::matrix::{DenseVectors, Element, SparseMatrix};
 use crate::relaxed_r1cs::RelaxedR1csStructure;
 
-use zkstd::common::PrimeField;
+use zkstd::common::{Ring, TwistedEdwardsAffine};
 
 pub(crate) use super::instance::Instance;
 pub(crate) use super::witness::Witness;
@@ -11,17 +11,17 @@ use super::R1csInstance;
 /// 4.1 Definition 10 R1CS
 ///  (A · Z) ◦ (B · Z) = C · Z
 #[derive(Clone, Debug)]
-pub struct R1csStructure<F: PrimeField> {
+pub struct R1csStructure<C: TwistedEdwardsAffine> {
     /// matrix length
     pub(crate) m: usize,
     /// instance length
     pub(crate) l: usize,
-    pub(crate) a: SparseMatrix<F>,
-    pub(crate) b: SparseMatrix<F>,
-    pub(crate) c: SparseMatrix<F>,
+    pub(crate) a: SparseMatrix<C::Scalar>,
+    pub(crate) b: SparseMatrix<C::Scalar>,
+    pub(crate) c: SparseMatrix<C::Scalar>,
 }
 
-impl<F: PrimeField> Default for R1csStructure<F> {
+impl<C: TwistedEdwardsAffine> Default for R1csStructure<C> {
     fn default() -> Self {
         Self {
             m: 0,
@@ -33,19 +33,19 @@ impl<F: PrimeField> Default for R1csStructure<F> {
     }
 }
 
-impl<F: PrimeField> R1csStructure<F> {
+impl<C: TwistedEdwardsAffine> R1csStructure<C> {
     pub(crate) fn append(
         &mut self,
-        a: impl Into<Element<F>>,
-        b: impl Into<Element<F>>,
-        c: impl Into<Element<F>>,
+        a: impl Into<Element<C::Scalar>>,
+        b: impl Into<Element<C::Scalar>>,
+        c: impl Into<Element<C::Scalar>>,
     ) {
         self.a[self.m].push(a.into());
         self.b[self.m].push(b.into());
         self.c[self.m].push(c.into());
     }
 
-    pub(crate) fn append_a(&mut self, a: impl Into<Element<F>>) {
+    pub(crate) fn append_a(&mut self, a: impl Into<Element<C::Scalar>>) {
         self.a[self.m].push(a.into())
     }
 
@@ -56,7 +56,7 @@ impl<F: PrimeField> R1csStructure<F> {
         self.m += 1
     }
 
-    pub(crate) fn instantiate(&self, z: &Vec<F>) -> R1csInstance<F> {
+    pub(crate) fn instantiate(&self, z: &Vec<C::Scalar>) -> R1csInstance<C> {
         let (instance, witness) = self.instance_and_witness(z);
         R1csInstance {
             r1cs: self.clone(),
@@ -65,14 +65,17 @@ impl<F: PrimeField> R1csStructure<F> {
         }
     }
 
-    pub(crate) fn instance_and_witness(&self, witnesses: &Vec<F>) -> (Instance<F>, Witness<F>) {
+    pub(crate) fn instance_and_witness(
+        &self,
+        witnesses: &Vec<C::Scalar>,
+    ) -> (Instance<C::Scalar>, Witness<C>) {
         let w = DenseVectors(witnesses[self.l..].to_vec());
         let x = DenseVectors(witnesses[..self.l].to_vec());
-        let one = F::one();
+        let one = C::Scalar::one();
         (Instance { x: x.clone() }, Witness { w, x, one })
     }
 
-    pub(crate) fn relax(&self) -> RelaxedR1csStructure<F> {
+    pub(crate) fn relax(&self) -> RelaxedR1csStructure<C::Scalar> {
         let Self { m, l, a, b, c } = self.clone();
         RelaxedR1csStructure { m, l, a, b, c }
     }