Delete IOPTranscript for Hyrax

poly-commit/benches/hyrax_times.rs

@@ -1,3 +1,4 @@
+use ark_crypto_primitives::sponge::poseidon::PoseidonSponge;
 use ark_pcs_bench_templates::*;
 use ark_poly::{DenseMultilinearExtension, MultilinearExtension};
 
@@ -8,7 +9,7 @@ use ark_poly_commit::hyrax::HyraxPC;
 use rand_chacha::ChaCha20Rng;
 
 // Hyrax PCS over BN254
-type Hyrax254 = HyraxPC<G1Affine, DenseMultilinearExtension<Fr>>;
+type Hyrax254 = HyraxPC<G1Affine, DenseMultilinearExtension<Fr>, PoseidonSponge<Fr>>;
 
 fn rand_poly_hyrax<F: PrimeField>(
     num_vars: usize,

poly-commit/src/hyrax/mod.rs

@@ -1,30 +1,26 @@
-mod data_structures;
-mod utils;
-pub use data_structures::*;
-
-#[cfg(test)]
-mod tests;
-
-use ark_crypto_primitives::sponge::poseidon::PoseidonSponge;
+use crate::hyrax::utils::tensor_prime;
+use crate::to_bytes;
+use crate::utils::{inner_product, scalar_by_vector, vector_sum, Matrix};
+use crate::{
+    hyrax::utils::flat_to_matrix_column_major, Error, LabeledCommitment, LabeledPolynomial,
+    PolynomialCommitment,
+};
+use ark_crypto_primitives::sponge::{Absorb, CryptographicSponge};
 use ark_ec::{AffineRepr, CurveGroup, VariableBaseMSM};
 use ark_ff::PrimeField;
 use ark_poly::MultilinearExtension;
-use ark_std::{rand::RngCore, string::ToString, vec::Vec, UniformRand};
+use ark_std::{marker::PhantomData, rand::RngCore, string::ToString, vec::Vec, UniformRand};
 use blake2::Blake2s256;
-use core::marker::PhantomData;
 use digest::Digest;
 
 #[cfg(feature = "parallel")]
 use rayon::prelude::*;
 
-use crate::hyrax::utils::tensor_prime;
-use crate::utils::{inner_product, scalar_by_vector, vector_sum, IOPTranscript, Matrix};
-
-use crate::{
-    hyrax::utils::flat_to_matrix_column_major, Error,
-    LabeledCommitment, LabeledPolynomial, PolynomialCommitment,
-};
-
+mod data_structures;
+pub use data_structures::*;
+#[cfg(test)]
+mod tests;
+mod utils;
 /// String of bytes used to seed the randomness during the setup function.
 /// Note that the latter should never be used in production environments.
 pub const PROTOCOL_NAME: &'static [u8] = b"Hyrax protocol";
@@ -70,11 +66,18 @@ pub struct HyraxPC<
     G: AffineRepr,
     // A polynomial type representing multilinear polynomials
     P: MultilinearExtension<G::ScalarField>,
+    // The sponge used in the protocol as random oracle
+    S: CryptographicSponge,
 > {
-    _phantom: PhantomData<(G, P)>,
+    _phantom: PhantomData<(G, P, S)>,
 }
 
-impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>> HyraxPC<G, P> {
+impl<G, P, S> HyraxPC<G, P, S>
+where
+    G: AffineRepr,
+    P: MultilinearExtension<G::ScalarField>,
+    S: CryptographicSponge,
+{
     /// Pedersen commitment to a vector of scalars as described in appendix A.1
     /// of the reference article.
     /// The caller must either directly pass hiding exponent `r` inside Some,
@@ -116,13 +119,12 @@ impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>> HyraxPC<G, P> {
     }
 }
 
-impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>>
-    PolynomialCommitment<
-        G::ScalarField,
-        P,
-        // Dummy sponge - required by the trait, not used in this implementation
-        PoseidonSponge<G::ScalarField>,
-    > for HyraxPC<G, P>
+impl<G, P, S> PolynomialCommitment<G::ScalarField, P, S> for HyraxPC<G, P, S>
+where
+    G: AffineRepr,
+    G::ScalarField: Absorb,
+    P: MultilinearExtension<G::ScalarField>,
+    S: CryptographicSponge,
 {
     type UniversalParams = HyraxUniversalParams<G>;
     type CommitterKey = HyraxCommitterKey<G>;
@@ -295,16 +297,12 @@ impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>>
     /// polynomial.
     /// - The number of variables of a polynomial doesn't match that of the
     /// point.
-    ///
-    /// # Disregarded arguments
-    /// - `sponge`
     fn open<'a>(
         ck: &Self::CommitterKey,
         labeled_polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<G::ScalarField, P>>,
         commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
         point: &'a P::Point,
-        // Not used and not generic on the cryptographic sponge S
-        _sponge: &mut PoseidonSponge<G::ScalarField>,
+        sponge: &mut S,
         states: impl IntoIterator<Item = &'a Self::CommitmentState>,
         rng: Option<&mut dyn RngCore>,
     ) -> Result<Self::Proof, Self::Error>
@@ -361,17 +359,14 @@ impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>>
                 });
             }
 
-            // Initialising the transcript
-            let mut transcript: IOPTranscript<G::ScalarField> = IOPTranscript::new(b"transcript");
-
             // Absorbing public parameters
-            transcript.append_serializable_element(b"public parameters", ck)?;
+            sponge.absorb(&to_bytes!(ck).map_err(|_| Error::TranscriptError)?);
 
             // Absorbing the commitment to the polynomial
-            transcript.append_serializable_element(b"commitment", &com.row_coms)?;
+            sponge.absorb(&to_bytes!(&com.row_coms).map_err(|_| Error::TranscriptError)?);
 
             // Absorbing the point
-            transcript.append_serializable_element(b"point", point)?;
+            sponge.absorb(point);
 
             // Commiting to the matrix formed by the polynomial coefficients
             let t = &state.mat;
@@ -405,15 +400,15 @@ impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>>
             let (com_b, r_b) = Self::pedersen_commit(ck, &[b], None, Some(rng_inner));
 
             // Absorbing the commitment to the evaluation
-            transcript.append_serializable_element(b"com_eval", &com_eval)?;
+            sponge.absorb(&to_bytes!(&com_eval).map_err(|_| Error::TranscriptError)?);
 
             // Absorbing the two auxiliary commitments
-            transcript.append_serializable_element(b"com_d", &com_d)?;
-            transcript.append_serializable_element(b"com_b", &com_b)?;
+            sponge.absorb(&to_bytes!(&com_d).map_err(|_| Error::TranscriptError)?);
+            sponge.absorb(&to_bytes!(&com_b).map_err(|_| Error::TranscriptError)?);
 
             // Receive the random challenge c from the verifier, i.e. squeeze
             // it from the transcript.
-            let c = transcript.get_and_append_challenge(b"c").unwrap();
+            let c = sponge.squeeze_field_elements(1)[0];
 
             let z = vector_sum(&d, &scalar_by_vector(c, &lt));
             let z_d = c * r_lt + r_d;
@@ -441,16 +436,14 @@ impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>>
     /// point (specifically, commitment length should be 2^(point-length/2)).
     ///
     /// # Disregarded arguments
-    /// - `sponge`
     /// - `rng`
     fn check<'a>(
         vk: &Self::VerifierKey,
         commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
         point: &'a P::Point,
         _values: impl IntoIterator<Item = G::ScalarField>,
         proof: &Self::Proof,
-        // Not used and not generic on the cryptographic sponge S
-        _sponge: &mut PoseidonSponge<G::ScalarField>,
+        sponge: &mut S,
         _rng: Option<&mut dyn RngCore>,
     ) -> Result<bool, Self::Error>
     where
@@ -502,29 +495,25 @@ impl<G: AffineRepr, P: MultilinearExtension<G::ScalarField>>
                 .collect::<Vec<_>>();
             let t_prime: G = <G::Group as VariableBaseMSM>::msm_bigint(row_coms, &l_bigint).into();
 
-            // Construct transcript and squeeze the challenge c from it
-
-            let mut transcript: IOPTranscript<G::ScalarField> = IOPTranscript::new(b"transcript");
-
             // Absorbing public parameters
-            transcript.append_serializable_element(b"public parameters", vk)?;
+            sponge.absorb(&to_bytes!(vk).map_err(|_| Error::TranscriptError)?);
 
             // Absorbing the commitment to the polynomial
-            transcript.append_serializable_element(b"commitment", row_coms)?;
+            sponge.absorb(&to_bytes!(row_coms).map_err(|_| Error::TranscriptError)?);
 
             // Absorbing the point
-            transcript.append_serializable_element(b"point", point)?;
+            sponge.absorb(point);
 
             // Absorbing the commitment to the evaluation
-            transcript.append_serializable_element(b"com_eval", com_eval)?;
+            sponge.absorb(&to_bytes!(com_eval).map_err(|_| Error::TranscriptError)?);
 
             // Absorbing the two auxiliary commitments
-            transcript.append_serializable_element(b"com_d", com_d)?;
-            transcript.append_serializable_element(b"com_b", com_b)?;
+            sponge.absorb(&to_bytes!(com_d).map_err(|_| Error::TranscriptError)?);
+            sponge.absorb(&to_bytes!(com_b).map_err(|_| Error::TranscriptError)?);
 
             // Receive the random challenge c from the verifier, i.e. squeeze
             // it from the transcript.
-            let c = transcript.get_and_append_challenge(b"c").unwrap();
+            let c: G::ScalarField = sponge.squeeze_field_elements(1)[0];
 
             // First check
             let com_z_zd = Self::pedersen_commit(vk, z, Some(*z_d), None).0;

poly-commit/src/hyrax/tests.rs

@@ -1,28 +1,26 @@
+use crate::hyrax::HyraxPC;
+use crate::tests::*;
+use crate::utils::test_sponge;
+use crate::{LabeledPolynomial, PolynomialCommitment};
 use ark_bls12_377::G1Affine;
+use ark_crypto_primitives::sponge::poseidon::PoseidonSponge;
 use ark_ec::AffineRepr;
 use ark_ed_on_bls12_381::EdwardsAffine;
 use ark_ff::PrimeField;
 use ark_poly::{DenseMultilinearExtension, MultilinearExtension};
 use ark_std::test_rng;
 use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng};
 
-use crate::hyrax::HyraxPC;
-
-use crate::utils::test_sponge;
-use crate::{LabeledPolynomial, PolynomialCommitment};
-
-use crate::tests::*;
-
 // The test structure is largely taken from the multilinear_ligero module
 // inside this crate
 
 // ****************** types ******************
 
-type Fr = <EdwardsAffine as AffineRepr>::ScalarField;
-type Hyrax381 = HyraxPC<EdwardsAffine, DenseMultilinearExtension<Fr>>;
-
 type Fq = <G1Affine as AffineRepr>::ScalarField;
-type Hyrax377 = HyraxPC<G1Affine, DenseMultilinearExtension<Fq>>;
+type Hyrax377 = HyraxPC<G1Affine, DenseMultilinearExtension<Fq>, PoseidonSponge<Fq>>;
+
+type Fr = <EdwardsAffine as AffineRepr>::ScalarField;
+type Hyrax381 = HyraxPC<EdwardsAffine, DenseMultilinearExtension<Fr>, PoseidonSponge<Fr>>;
 
 // ******** auxiliary test functions ********
 
@@ -108,35 +106,35 @@ fn test_hyrax_construction() {
 
 #[test]
 fn hyrax_single_poly_test() {
-    single_poly_test::<_, _, Hyrax381, _>(
+    single_poly_test::<_, _, Hyrax377, _>(
         Some(10),
-        rand_poly::<Fr>,
-        rand_point::<Fr>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
-    .expect("test failed for bls12-381");
-    single_poly_test::<_, _, Hyrax377, _>(
+    .expect("test failed for bls12-377");
+    single_poly_test::<_, _, Hyrax381, _>(
         Some(10),
-        rand_poly::<Fq>,
-        rand_point::<Fq>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
-    .expect("test failed for bls12-377");
+    .expect("test failed for bls12-381");
 }
 
 #[test]
 fn hyrax_constant_poly_test() {
     single_poly_test::<_, _, Hyrax377, _>(
         Some(0),
-        constant_poly::<Fq>,
-        rand_point::<Fq>,
+        constant_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-377");
     single_poly_test::<_, _, Hyrax381, _>(
         Some(0),
-        constant_poly::<Fr>,
-        rand_point::<Fr>,
+        constant_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-381");
@@ -146,15 +144,15 @@ fn hyrax_constant_poly_test() {
 fn hyrax_full_end_to_end_test() {
     full_end_to_end_test::<_, _, Hyrax377, _>(
         Some(8),
-        rand_poly::<Fq>,
-        rand_point::<Fq>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-377");
     full_end_to_end_test::<_, _, Hyrax381, _>(
         Some(10),
-        rand_poly::<Fr>,
-        rand_point::<Fr>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-381");
@@ -164,15 +162,15 @@ fn hyrax_full_end_to_end_test() {
 fn hyrax_single_equation_test() {
     single_equation_test::<_, _, Hyrax377, _>(
         Some(6),
-        rand_poly::<Fq>,
-        rand_point::<Fq>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-377");
     single_equation_test::<_, _, Hyrax381, _>(
         Some(6),
-        rand_poly::<Fr>,
-        rand_point::<Fr>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-381");
@@ -182,15 +180,15 @@ fn hyrax_single_equation_test() {
 fn hyrax_two_equation_test() {
     two_equation_test::<_, _, Hyrax377, _>(
         Some(10),
-        rand_poly::<Fq>,
-        rand_point::<Fq>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-377");
     two_equation_test::<_, _, Hyrax381, _>(
         Some(10),
-        rand_poly::<Fr>,
-        rand_point::<Fr>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-381");
@@ -200,15 +198,15 @@ fn hyrax_two_equation_test() {
 fn hyrax_full_end_to_end_equation_test() {
     full_end_to_end_equation_test::<_, _, Hyrax377, _>(
         Some(8),
-        rand_poly::<Fq>,
-        rand_point::<Fq>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-377");
     full_end_to_end_equation_test::<_, _, Hyrax381, _>(
         Some(8),
-        rand_poly::<Fr>,
-        rand_point::<Fr>,
+        rand_poly,
+        rand_point,
         poseidon_sponge_for_test,
     )
     .expect("test failed for bls12-381");