From 908eb8080d86f72333370bc15e03d4b784688713 Mon Sep 17 00:00:00 2001 From: Arya Tabaie Date: Tue, 20 Dec 2022 15:14:35 -0600 Subject: [PATCH] Reflect PRs in gnark-crypto: A field element is always in Montgomery form and big.Ints are always non-Mont (#422) * refactor: no non-mont on bls12-377 * refactor: groth16 backend tests pass * refactor: MSM takes Montgomery only - Plonk * fix:`ToBigIntRegular` => `BigInt` * fix: more `ToBigIntRegular` => `BigInt` --- constraint/bls12-377/coeff.go | 2 +- constraint/bls12-377/solution.go | 2 +- constraint/bls12-381/coeff.go | 2 +- constraint/bls12-381/solution.go | 2 +- constraint/bls24-315/coeff.go | 2 +- constraint/bls24-315/solution.go | 2 +- constraint/bls24-317/coeff.go | 2 +- constraint/bls24-317/solution.go | 2 +- constraint/bn254/coeff.go | 2 +- constraint/bn254/solution.go | 2 +- constraint/bw6-633/coeff.go | 2 +- constraint/bw6-633/solution.go | 2 +- constraint/bw6-761/coeff.go | 2 +- constraint/bw6-761/solution.go | 2 +- constraint/tinyfield/coeff.go | 2 +- constraint/tinyfield/solution.go | 2 +- examples/rollup/operator.go | 4 +- go.mod | 2 +- go.sum | 2 + internal/backend/bls12-377/groth16/prove.go | 22 +---- internal/backend/bls12-377/groth16/setup.go | 30 ++---- internal/backend/bls12-377/groth16/verify.go | 4 +- internal/backend/bls12-377/plonk/prove.go | 2 +- internal/backend/bls12-377/plonk/verify.go | 4 +- internal/backend/bls12-381/groth16/prove.go | 22 +---- internal/backend/bls12-381/groth16/setup.go | 30 ++---- internal/backend/bls12-381/groth16/verify.go | 4 +- internal/backend/bls12-381/plonk/prove.go | 2 +- internal/backend/bls12-381/plonk/verify.go | 4 +- internal/backend/bls24-315/groth16/prove.go | 22 +---- internal/backend/bls24-315/groth16/setup.go | 30 ++---- internal/backend/bls24-315/groth16/verify.go | 4 +- internal/backend/bls24-315/plonk/prove.go | 2 +- internal/backend/bls24-315/plonk/verify.go | 4 +- internal/backend/bls24-317/groth16/prove.go | 22 +---- internal/backend/bls24-317/groth16/setup.go | 30 ++---- internal/backend/bls24-317/groth16/verify.go | 4 +- internal/backend/bls24-317/plonk/prove.go | 2 +- internal/backend/bls24-317/plonk/verify.go | 4 +- internal/backend/bn254/groth16/prove.go | 22 +---- internal/backend/bn254/groth16/setup.go | 30 ++---- internal/backend/bn254/groth16/verify.go | 4 +- internal/backend/bn254/plonk/prove.go | 2 +- internal/backend/bn254/plonk/verify.go | 4 +- internal/backend/bw6-633/groth16/prove.go | 22 +---- internal/backend/bw6-633/groth16/setup.go | 30 ++---- internal/backend/bw6-633/groth16/verify.go | 4 +- internal/backend/bw6-633/plonk/prove.go | 2 +- internal/backend/bw6-633/plonk/verify.go | 4 +- internal/backend/bw6-761/groth16/prove.go | 22 +---- internal/backend/bw6-761/groth16/setup.go | 30 ++---- internal/backend/bw6-761/groth16/verify.go | 4 +- internal/backend/bw6-761/plonk/prove.go | 2 +- internal/backend/bw6-761/plonk/verify.go | 4 +- .../template/representations/coeff.go.tmpl | 2 +- .../template/representations/solution.go.tmpl | 2 +- .../zkpschemes/groth16/groth16.prove.go.tmpl | 24 +---- .../zkpschemes/groth16/groth16.setup.go.tmpl | 30 ++---- .../zkpschemes/groth16/groth16.verify.go.tmpl | 4 +- .../zkpschemes/plonk/plonk.prove.go.tmpl | 2 +- .../zkpschemes/plonk/plonk.verify.go.tmpl | 4 +- internal/tinyfield/element.go | 4 +- internal/tinyfield/element_test.go | 42 ++++---- std/algebra/fields_bls12377/e12.go | 50 +++++----- std/algebra/fields_bls12377/e2.go | 8 +- std/algebra/fields_bls12377/e6.go | 24 ++--- std/algebra/fields_bls24315/e12.go | 48 ++++----- std/algebra/fields_bls24315/e2.go | 8 +- std/algebra/fields_bls24315/e24.go | 98 +++++++++---------- std/algebra/fields_bls24315/e4.go | 16 +-- std/algebra/sw_bls12377/g1_test.go | 8 +- std/algebra/sw_bls12377/g2_test.go | 8 +- std/algebra/sw_bls12377/pairing_test.go | 4 +- std/algebra/sw_bls24315/g1_test.go | 8 +- std/algebra/sw_bls24315/g2_test.go | 8 +- std/algebra/sw_bls24315/pairing_test.go | 4 +- std/algebra/twistededwards/twistededwards.go | 80 +++++++-------- 77 files changed, 353 insertions(+), 607 deletions(-) diff --git a/constraint/bls12-377/coeff.go b/constraint/bls12-377/coeff.go index facfe7b96f..f602e1845a 100644 --- a/constraint/bls12-377/coeff.go +++ b/constraint/bls12-377/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/bls12-377/solution.go b/constraint/bls12-377/solution.go index 08fd188b34..1ff8f07fb4 100644 --- a/constraint/bls12-377/solution.go +++ b/constraint/bls12-377/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/constraint/bls12-381/coeff.go b/constraint/bls12-381/coeff.go index 683e6fd869..762d1e5b00 100644 --- a/constraint/bls12-381/coeff.go +++ b/constraint/bls12-381/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/bls12-381/solution.go b/constraint/bls12-381/solution.go index 9dc5ca7450..2924e1b28d 100644 --- a/constraint/bls12-381/solution.go +++ b/constraint/bls12-381/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/constraint/bls24-315/coeff.go b/constraint/bls24-315/coeff.go index c2bbf9898b..0c0242c9ef 100644 --- a/constraint/bls24-315/coeff.go +++ b/constraint/bls24-315/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/bls24-315/solution.go b/constraint/bls24-315/solution.go index 0cab97252f..b19b3d0211 100644 --- a/constraint/bls24-315/solution.go +++ b/constraint/bls24-315/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/constraint/bls24-317/coeff.go b/constraint/bls24-317/coeff.go index 1e380539ed..1fbe8c9f47 100644 --- a/constraint/bls24-317/coeff.go +++ b/constraint/bls24-317/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/bls24-317/solution.go b/constraint/bls24-317/solution.go index 6dfd404832..1f00341ae8 100644 --- a/constraint/bls24-317/solution.go +++ b/constraint/bls24-317/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/constraint/bn254/coeff.go b/constraint/bn254/coeff.go index 8327df511a..9ac0f66610 100644 --- a/constraint/bn254/coeff.go +++ b/constraint/bn254/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/bn254/solution.go b/constraint/bn254/solution.go index 316a386f12..e9c69b49c3 100644 --- a/constraint/bn254/solution.go +++ b/constraint/bn254/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/constraint/bw6-633/coeff.go b/constraint/bw6-633/coeff.go index 42c94edc65..1020168cab 100644 --- a/constraint/bw6-633/coeff.go +++ b/constraint/bw6-633/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/bw6-633/solution.go b/constraint/bw6-633/solution.go index 8c02849824..88218a9136 100644 --- a/constraint/bw6-633/solution.go +++ b/constraint/bw6-633/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/constraint/bw6-761/coeff.go b/constraint/bw6-761/coeff.go index 093bc5cdc2..92643d2d79 100644 --- a/constraint/bw6-761/coeff.go +++ b/constraint/bw6-761/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/bw6-761/solution.go b/constraint/bw6-761/solution.go index 5bf53da194..7410ca3056 100644 --- a/constraint/bw6-761/solution.go +++ b/constraint/bw6-761/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/constraint/tinyfield/coeff.go b/constraint/tinyfield/coeff.go index 7324e01794..175611602b 100644 --- a/constraint/tinyfield/coeff.go +++ b/constraint/tinyfield/coeff.go @@ -108,7 +108,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/constraint/tinyfield/solution.go b/constraint/tinyfield/solution.go index cf1b5d215a..c7c2a38470 100644 --- a/constraint/tinyfield/solution.go +++ b/constraint/tinyfield/solution.go @@ -191,7 +191,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } err := f(q, inputs, outputs) diff --git a/examples/rollup/operator.go b/examples/rollup/operator.go index daba40c7dc..b3a73aef91 100644 --- a/examples/rollup/operator.go +++ b/examples/rollup/operator.go @@ -197,8 +197,8 @@ func (o *Operator) updateState(t Transfer, numTransfer int) error { // checks if the amount is correct var bAmount, bBalance big.Int - receiverAccount.balance.ToBigIntRegular(&bBalance) - t.amount.ToBigIntRegular(&bAmount) + receiverAccount.balance.BigInt(&bBalance) + t.amount.BigInt(&bAmount) if bAmount.Cmp(&bBalance) == 1 { return ErrAmountTooHigh } diff --git a/go.mod b/go.mod index 218f6a1f41..fa0fe8e9b6 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.18 require ( github.com/blang/semver/v4 v4.0.0 github.com/consensys/bavard v0.1.13 - github.com/consensys/gnark-crypto v0.8.1-0.20221205155504-6b860ba21fbd + github.com/consensys/gnark-crypto v0.8.1-0.20221220191316-4b7364bddab8 github.com/fxamacker/cbor/v2 v2.2.0 github.com/google/go-cmp v0.5.8 github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1 diff --git a/go.sum b/go.sum index 477796b8ba..b5683a69d8 100644 --- a/go.sum +++ b/go.sum @@ -4,6 +4,8 @@ github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/Yj github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI= github.com/consensys/gnark-crypto v0.8.1-0.20221205155504-6b860ba21fbd h1:xpAhzOw3dZvRiQeTWmIO8KemBS5XdBsU+/jLfwibEmc= github.com/consensys/gnark-crypto v0.8.1-0.20221205155504-6b860ba21fbd/go.mod h1:CkbdF9hbRidRJYMRzmfX8TMOr95I2pYXRHF18MzRrvA= +github.com/consensys/gnark-crypto v0.8.1-0.20221220191316-4b7364bddab8 h1:Ij6UQpKx4/Ox6L6qFPk8NhEnTsYCEXlILnh+1Hi1grY= +github.com/consensys/gnark-crypto v0.8.1-0.20221220191316-4b7364bddab8/go.mod h1:CkbdF9hbRidRJYMRzmfX8TMOr95I2pYXRHF18MzRrvA= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/internal/backend/bls12-377/groth16/prove.go b/internal/backend/bls12-377/groth16/prove.go index ac9a6ad2d6..37888c2cd5 100644 --- a/internal/backend/bls12-377/groth16/prove.go +++ b/internal/backend/bls12-377/groth16/prove.go @@ -88,7 +88,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls12_377witness.Witness, opt var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -110,13 +110,6 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls12_377witness.Witness, opt } start := time.Now() - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) - // H (witness reduction / FFT part) var h []fr.Element chHDone := make(chan struct{}, 1) @@ -167,11 +160,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls12_377witness.Witness, opt } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -364,11 +354,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } diff --git a/internal/backend/bls12-377/groth16/setup.go b/internal/backend/bls12-377/groth16/setup.go index c67feab458..8b3beb485e 100644 --- a/internal/backend/bls12-377/groth16/setup.go +++ b/internal/backend/bls12-377/groth16/setup.go @@ -161,26 +161,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -191,7 +183,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -224,7 +216,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -281,7 +273,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -401,9 +393,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -439,11 +428,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -490,7 +474,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/backend/bls12-377/groth16/verify.go b/internal/backend/bls12-377/groth16/verify.go index 2407a6313b..242705a35a 100644 --- a/internal/backend/bls12-377/groth16/verify.go +++ b/internal/backend/bls12-377/groth16/verify.go @@ -71,7 +71,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_377witness.Witne publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -82,7 +82,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_377witness.Witne // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/backend/bls12-377/plonk/prove.go b/internal/backend/bls12-377/plonk/prove.go index 880467371f..3796066585 100644 --- a/internal/backend/bls12-377/plonk/prove.go +++ b/internal/backend/bls12-377/plonk/prove.go @@ -323,7 +323,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bls12_377witness.Witn bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/backend/bls12-377/plonk/verify.go b/internal/backend/bls12-377/plonk/verify.go index 36719cc1f2..74c3b02849 100644 --- a/internal/backend/bls12-377/plonk/verify.go +++ b/internal/backend/bls12-377/plonk/verify.go @@ -158,7 +158,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_377witness.Witne var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -202,7 +202,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_377witness.Witne l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/backend/bls12-381/groth16/prove.go b/internal/backend/bls12-381/groth16/prove.go index 26b393b74f..44ed5f6ef5 100644 --- a/internal/backend/bls12-381/groth16/prove.go +++ b/internal/backend/bls12-381/groth16/prove.go @@ -88,7 +88,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls12_381witness.Witness, opt var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -110,13 +110,6 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls12_381witness.Witness, opt } start := time.Now() - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) - // H (witness reduction / FFT part) var h []fr.Element chHDone := make(chan struct{}, 1) @@ -167,11 +160,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls12_381witness.Witness, opt } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -364,11 +354,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } diff --git a/internal/backend/bls12-381/groth16/setup.go b/internal/backend/bls12-381/groth16/setup.go index 9f41bb2f3a..f1b05f3cc8 100644 --- a/internal/backend/bls12-381/groth16/setup.go +++ b/internal/backend/bls12-381/groth16/setup.go @@ -161,26 +161,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -191,7 +183,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -224,7 +216,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -281,7 +273,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -401,9 +393,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -439,11 +428,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -490,7 +474,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/backend/bls12-381/groth16/verify.go b/internal/backend/bls12-381/groth16/verify.go index 2672803d0e..5ee3e1c349 100644 --- a/internal/backend/bls12-381/groth16/verify.go +++ b/internal/backend/bls12-381/groth16/verify.go @@ -71,7 +71,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_381witness.Witne publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -82,7 +82,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_381witness.Witne // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/backend/bls12-381/plonk/prove.go b/internal/backend/bls12-381/plonk/prove.go index 6bd637e609..e1d44cd47f 100644 --- a/internal/backend/bls12-381/plonk/prove.go +++ b/internal/backend/bls12-381/plonk/prove.go @@ -323,7 +323,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bls12_381witness.Witn bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/backend/bls12-381/plonk/verify.go b/internal/backend/bls12-381/plonk/verify.go index a1289d5caa..47ee78494d 100644 --- a/internal/backend/bls12-381/plonk/verify.go +++ b/internal/backend/bls12-381/plonk/verify.go @@ -158,7 +158,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_381witness.Witne var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -202,7 +202,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls12_381witness.Witne l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/backend/bls24-315/groth16/prove.go b/internal/backend/bls24-315/groth16/prove.go index 2b1c54f6e9..136f249a34 100644 --- a/internal/backend/bls24-315/groth16/prove.go +++ b/internal/backend/bls24-315/groth16/prove.go @@ -88,7 +88,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls24_315witness.Witness, opt var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -110,13 +110,6 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls24_315witness.Witness, opt } start := time.Now() - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) - // H (witness reduction / FFT part) var h []fr.Element chHDone := make(chan struct{}, 1) @@ -167,11 +160,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls24_315witness.Witness, opt } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -364,11 +354,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } diff --git a/internal/backend/bls24-315/groth16/setup.go b/internal/backend/bls24-315/groth16/setup.go index 6d89d9affb..8a80f7f023 100644 --- a/internal/backend/bls24-315/groth16/setup.go +++ b/internal/backend/bls24-315/groth16/setup.go @@ -161,26 +161,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -191,7 +183,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -224,7 +216,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -281,7 +273,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -401,9 +393,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -439,11 +428,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -490,7 +474,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/backend/bls24-315/groth16/verify.go b/internal/backend/bls24-315/groth16/verify.go index a199b02a84..26ba626c1f 100644 --- a/internal/backend/bls24-315/groth16/verify.go +++ b/internal/backend/bls24-315/groth16/verify.go @@ -71,7 +71,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_315witness.Witne publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -82,7 +82,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_315witness.Witne // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/backend/bls24-315/plonk/prove.go b/internal/backend/bls24-315/plonk/prove.go index 71acb960aa..6ba044e124 100644 --- a/internal/backend/bls24-315/plonk/prove.go +++ b/internal/backend/bls24-315/plonk/prove.go @@ -323,7 +323,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bls24_315witness.Witn bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/backend/bls24-315/plonk/verify.go b/internal/backend/bls24-315/plonk/verify.go index b182368f93..c8a25c60fa 100644 --- a/internal/backend/bls24-315/plonk/verify.go +++ b/internal/backend/bls24-315/plonk/verify.go @@ -158,7 +158,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_315witness.Witne var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -202,7 +202,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_315witness.Witne l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/backend/bls24-317/groth16/prove.go b/internal/backend/bls24-317/groth16/prove.go index 3c665a16c5..16e4bd68db 100644 --- a/internal/backend/bls24-317/groth16/prove.go +++ b/internal/backend/bls24-317/groth16/prove.go @@ -88,7 +88,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls24_317witness.Witness, opt var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -110,13 +110,6 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls24_317witness.Witness, opt } start := time.Now() - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) - // H (witness reduction / FFT part) var h []fr.Element chHDone := make(chan struct{}, 1) @@ -167,11 +160,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bls24_317witness.Witness, opt } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -364,11 +354,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } diff --git a/internal/backend/bls24-317/groth16/setup.go b/internal/backend/bls24-317/groth16/setup.go index db5559dc39..c49e1718ea 100644 --- a/internal/backend/bls24-317/groth16/setup.go +++ b/internal/backend/bls24-317/groth16/setup.go @@ -161,26 +161,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -191,7 +183,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -224,7 +216,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -281,7 +273,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -401,9 +393,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -439,11 +428,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -490,7 +474,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/backend/bls24-317/groth16/verify.go b/internal/backend/bls24-317/groth16/verify.go index f742834a29..95fb0c993f 100644 --- a/internal/backend/bls24-317/groth16/verify.go +++ b/internal/backend/bls24-317/groth16/verify.go @@ -71,7 +71,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_317witness.Witne publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -82,7 +82,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_317witness.Witne // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/backend/bls24-317/plonk/prove.go b/internal/backend/bls24-317/plonk/prove.go index 1ec854f108..a24b602f18 100644 --- a/internal/backend/bls24-317/plonk/prove.go +++ b/internal/backend/bls24-317/plonk/prove.go @@ -323,7 +323,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bls24_317witness.Witn bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/backend/bls24-317/plonk/verify.go b/internal/backend/bls24-317/plonk/verify.go index 24faf644e1..808d123729 100644 --- a/internal/backend/bls24-317/plonk/verify.go +++ b/internal/backend/bls24-317/plonk/verify.go @@ -158,7 +158,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_317witness.Witne var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -202,7 +202,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bls24_317witness.Witne l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/backend/bn254/groth16/prove.go b/internal/backend/bn254/groth16/prove.go index 42032df8c8..153d42562b 100644 --- a/internal/backend/bn254/groth16/prove.go +++ b/internal/backend/bn254/groth16/prove.go @@ -88,7 +88,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bn254witness.Witness, opt back var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -110,13 +110,6 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bn254witness.Witness, opt back } start := time.Now() - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) - // H (witness reduction / FFT part) var h []fr.Element chHDone := make(chan struct{}, 1) @@ -167,11 +160,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bn254witness.Witness, opt back } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -364,11 +354,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } diff --git a/internal/backend/bn254/groth16/setup.go b/internal/backend/bn254/groth16/setup.go index 97f128f102..e13869bbcb 100644 --- a/internal/backend/bn254/groth16/setup.go +++ b/internal/backend/bn254/groth16/setup.go @@ -161,26 +161,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -191,7 +183,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -224,7 +216,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -281,7 +273,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -401,9 +393,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -439,11 +428,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -490,7 +474,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/backend/bn254/groth16/verify.go b/internal/backend/bn254/groth16/verify.go index 6018d45ac5..ed8a9cc0b3 100644 --- a/internal/backend/bn254/groth16/verify.go +++ b/internal/backend/bn254/groth16/verify.go @@ -72,7 +72,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bn254witness.Witness) publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -83,7 +83,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bn254witness.Witness) // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/backend/bn254/plonk/prove.go b/internal/backend/bn254/plonk/prove.go index 1a43704666..1050e08ad5 100644 --- a/internal/backend/bn254/plonk/prove.go +++ b/internal/backend/bn254/plonk/prove.go @@ -323,7 +323,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bn254witness.Witness, bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/backend/bn254/plonk/verify.go b/internal/backend/bn254/plonk/verify.go index ca3a2fba03..b7e562abf8 100644 --- a/internal/backend/bn254/plonk/verify.go +++ b/internal/backend/bn254/plonk/verify.go @@ -160,7 +160,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bn254witness.Witness) var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -204,7 +204,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bn254witness.Witness) l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/backend/bw6-633/groth16/prove.go b/internal/backend/bw6-633/groth16/prove.go index caecec7243..a815f5de04 100644 --- a/internal/backend/bw6-633/groth16/prove.go +++ b/internal/backend/bw6-633/groth16/prove.go @@ -88,7 +88,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bw6_633witness.Witness, opt ba var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -110,13 +110,6 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bw6_633witness.Witness, opt ba } start := time.Now() - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) - // H (witness reduction / FFT part) var h []fr.Element chHDone := make(chan struct{}, 1) @@ -167,11 +160,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bw6_633witness.Witness, opt ba } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -364,11 +354,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } diff --git a/internal/backend/bw6-633/groth16/setup.go b/internal/backend/bw6-633/groth16/setup.go index 4debf9e355..d6777090eb 100644 --- a/internal/backend/bw6-633/groth16/setup.go +++ b/internal/backend/bw6-633/groth16/setup.go @@ -161,26 +161,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -191,7 +183,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -224,7 +216,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -281,7 +273,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -401,9 +393,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -439,11 +428,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -490,7 +474,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/backend/bw6-633/groth16/verify.go b/internal/backend/bw6-633/groth16/verify.go index 460cf1736d..ddc6e62223 100644 --- a/internal/backend/bw6-633/groth16/verify.go +++ b/internal/backend/bw6-633/groth16/verify.go @@ -71,7 +71,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_633witness.Witness publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -82,7 +82,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_633witness.Witness // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/backend/bw6-633/plonk/prove.go b/internal/backend/bw6-633/plonk/prove.go index 4e8657bcf3..aea57b48f5 100644 --- a/internal/backend/bw6-633/plonk/prove.go +++ b/internal/backend/bw6-633/plonk/prove.go @@ -323,7 +323,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bw6_633witness.Witnes bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/backend/bw6-633/plonk/verify.go b/internal/backend/bw6-633/plonk/verify.go index 42c339db32..3807f8faba 100644 --- a/internal/backend/bw6-633/plonk/verify.go +++ b/internal/backend/bw6-633/plonk/verify.go @@ -158,7 +158,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_633witness.Witness var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -202,7 +202,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_633witness.Witness l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/backend/bw6-761/groth16/prove.go b/internal/backend/bw6-761/groth16/prove.go index f1943122dc..0026d7e65b 100644 --- a/internal/backend/bw6-761/groth16/prove.go +++ b/internal/backend/bw6-761/groth16/prove.go @@ -88,7 +88,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bw6_761witness.Witness, opt ba var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -110,13 +110,6 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bw6_761witness.Witness, opt ba } start := time.Now() - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) - // H (witness reduction / FFT part) var h []fr.Element chHDone := make(chan struct{}, 1) @@ -167,11 +160,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness bw6_761witness.Witness, opt ba } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -364,11 +354,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } diff --git a/internal/backend/bw6-761/groth16/setup.go b/internal/backend/bw6-761/groth16/setup.go index 89b3044f54..c0616ff53a 100644 --- a/internal/backend/bw6-761/groth16/setup.go +++ b/internal/backend/bw6-761/groth16/setup.go @@ -161,26 +161,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -191,7 +183,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -224,7 +216,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -281,7 +273,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -401,9 +393,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -439,11 +428,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -490,7 +474,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/backend/bw6-761/groth16/verify.go b/internal/backend/bw6-761/groth16/verify.go index 821b9167fa..6d1db17677 100644 --- a/internal/backend/bw6-761/groth16/verify.go +++ b/internal/backend/bw6-761/groth16/verify.go @@ -71,7 +71,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_761witness.Witness publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -82,7 +82,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_761witness.Witness // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/backend/bw6-761/plonk/prove.go b/internal/backend/bw6-761/plonk/prove.go index fe51467b47..5101cfb90c 100644 --- a/internal/backend/bw6-761/plonk/prove.go +++ b/internal/backend/bw6-761/plonk/prove.go @@ -323,7 +323,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness bw6_761witness.Witnes bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/backend/bw6-761/plonk/verify.go b/internal/backend/bw6-761/plonk/verify.go index ae74c7f2fd..e951e0811e 100644 --- a/internal/backend/bw6-761/plonk/verify.go +++ b/internal/backend/bw6-761/plonk/verify.go @@ -158,7 +158,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_761witness.Witness var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -202,7 +202,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness bw6_761witness.Witness l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/generator/backend/template/representations/coeff.go.tmpl b/internal/generator/backend/template/representations/coeff.go.tmpl index 56ddffccc7..ca3e47dfca 100644 --- a/internal/generator/backend/template/representations/coeff.go.tmpl +++ b/internal/generator/backend/template/representations/coeff.go.tmpl @@ -93,7 +93,7 @@ func (engine *arithEngine) FromInterface(i interface{}) constraint.Coeff { func (engine *arithEngine) ToBigInt(c *constraint.Coeff) *big.Int { e := (*fr.Element)(c[:]) r := new(big.Int) - e.ToBigIntRegular(r) + e.BigInt(r) return r } diff --git a/internal/generator/backend/template/representations/solution.go.tmpl b/internal/generator/backend/template/representations/solution.go.tmpl index 1d262cc214..ff4ef0842d 100644 --- a/internal/generator/backend/template/representations/solution.go.tmpl +++ b/internal/generator/backend/template/representations/solution.go.tmpl @@ -172,7 +172,7 @@ func (s *solution) solveWithHint(vID int, h *constraint.Hint) error { } s.accumulateInto(term, &v) } - v.ToBigIntRegular(inputs[i]) + v.BigInt(inputs[i]) } diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.prove.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.prove.go.tmpl index 61f466a2cc..b6915ed590 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.prove.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.prove.go.tmpl @@ -71,7 +71,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness {{ toLower .CurveID }}witness. var res fr.Element res, err = solveCommitmentWire(&r1cs.CommitmentInfo, &proof.Commitment, in[:r1cs.CommitmentInfo.NbPublicCommitted()]) - res.ToBigIntRegular(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? + res.BigInt(out[0]) //Perf-TODO: Regular (non-mont) hashToField to obviate this conversion? return err } } @@ -91,14 +91,7 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness {{ toLower .CurveID }}witness. } } } - start := time.Now() - - // set the wire values in regular form - utils.Parallelize(len(wireValues), func(start, end int) { - for i := start; i < end; i++ { - wireValues[i].FromMont() - } - }) + start := time.Now() // H (witness reduction / FFT part) var h []fr.Element @@ -150,11 +143,8 @@ func Prove(r1cs *cs.R1CS, pk *ProvingKey, witness {{ toLower .CurveID }}witness. } _kr.Mul(&_r, &_s).Neg(&_kr) - _r.FromMont() - _s.FromMont() - _kr.FromMont() - _r.ToBigInt(&r) - _s.ToBigInt(&s) + _r.BigInt(&r) + _s.BigInt(&s) // computes r[δ], s[δ], kr[δ] deltas := curve.BatchScalarMultiplicationG1(&pk.G1.Delta, []fr.Element{_r, _s, _kr}) @@ -347,11 +337,5 @@ func computeH(a, b, c []fr.Element, domain *fft.Domain) []fr.Element { // ifft_coset domain.FFTInverse(a, fft.DIF, true) - utils.Parallelize(len(a), func(start, end int) { - for i := start; i < end; i++ { - a[i].FromMont() - } - }) - return a } \ No newline at end of file diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl index d106ec0df4..1c7ca7dbbb 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.setup.go.tmpl @@ -143,26 +143,18 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { computeK(i, &toxicWaste.gammaInv) if isCommittedPrivate { - ckK[cI] = t1.ToRegular() + ckK[cI] = t1 cI++ } else { - vkK[vI] = t1.ToRegular() + vkK[vI] = t1 vI++ } } else { computeK(i, &toxicWaste.deltaInv) - pkK[i-vI-cI] = t1.ToRegular() + pkK[i-vI-cI] = t1 } } - // convert A and B to regular form - for i := 0; i < nbWires; i++ { - A[i].FromMont() - } - for i := 0; i < nbWires; i++ { - B[i].FromMont() - } - // Z part of the proving key (scalars) Z := make([]fr.Element, domain.Cardinality) one := fr.One() @@ -173,7 +165,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { Mul(&zdt, &toxicWaste.deltaInv) // sets Zdt to Zdt/delta for i := 0; i < int(domain.Cardinality); i++ { - Z[i] = zdt.ToRegular() + Z[i] = zdt zdt.Mul(&zdt, &toxicWaste.t) } @@ -206,7 +198,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // compute our batch scalar multiplication with g1 elements g1Scalars := make([]fr.Element, 0, (nbWires*3)+int(domain.Cardinality)+3) - g1Scalars = append(g1Scalars, toxicWaste.alphaReg, toxicWaste.betaReg, toxicWaste.deltaReg) + g1Scalars = append(g1Scalars, toxicWaste.alpha, toxicWaste.beta, toxicWaste.delta) g1Scalars = append(g1Scalars, A...) g1Scalars = append(g1Scalars, B...) g1Scalars = append(g1Scalars, Z...) @@ -263,7 +255,7 @@ func Setup(r1cs *cs.R1CS, pk *ProvingKey, vk *VerifyingKey) error { // len(B) == nbWires // compute our batch scalar multiplication with g2 elements - g2Scalars := append(B, toxicWaste.betaReg, toxicWaste.deltaReg, toxicWaste.gammaReg) + g2Scalars := append(B, toxicWaste.beta, toxicWaste.delta, toxicWaste.gamma) g2PointsAff := curve.BatchScalarMultiplicationG2(&g2, g2Scalars) @@ -383,9 +375,6 @@ type toxicWaste struct { // Montgomery form of params t, alpha, beta, gamma, delta fr.Element gammaInv, deltaInv fr.Element - - // Non Montgomery form of params - alphaReg, betaReg, gammaReg, deltaReg fr.Element } func sampleToxicWaste() (toxicWaste, error) { @@ -421,11 +410,6 @@ func sampleToxicWaste() (toxicWaste, error) { res.gammaInv.Inverse(&res.gamma) res.deltaInv.Inverse(&res.delta) - res.alphaReg = res.alpha.ToRegular() - res.betaReg = res.beta.ToRegular() - res.gammaReg = res.gamma.ToRegular() - res.deltaReg = res.delta.ToRegular() - return res, nil } @@ -472,7 +456,7 @@ func DummySetup(r1cs *cs.R1CS, pk *ProvingKey) error { var r1Aff curve.G1Affine var b big.Int g1, g2, _, _ := curve.Generators() - r1Jac.ScalarMultiplication(&g1, toxicWaste.alphaReg.ToBigInt(&b)) + r1Jac.ScalarMultiplication(&g1, toxicWaste.alpha.BigInt(&b)) r1Aff.FromJacobian(&r1Jac) var r2Jac curve.G2Jac var r2Aff curve.G2Affine diff --git a/internal/generator/backend/template/zkpschemes/groth16/groth16.verify.go.tmpl b/internal/generator/backend/template/zkpschemes/groth16/groth16.verify.go.tmpl index 378e22e792..e2b5ae6f34 100644 --- a/internal/generator/backend/template/zkpschemes/groth16/groth16.verify.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/groth16/groth16.verify.go.tmpl @@ -56,7 +56,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness {{ toLower .CurveID}}w publicCommitted := make([]*big.Int, vk.CommitmentInfo.NbPublicCommitted()) for i := range publicCommitted { var b big.Int - publicWitness[vk.CommitmentInfo.Committed[i]-1].ToBigIntRegular(&b) + publicWitness[vk.CommitmentInfo.Committed[i]-1].BigInt(&b) publicCommitted[i] = &b } @@ -67,7 +67,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness {{ toLower .CurveID}}w // compute e(Σx.[Kvk(t)]1, -[γ]2) var kSum curve.G1Jac - if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{ScalarsMont:true}); err != nil { + if _, err := kSum.MultiExp(vk.G1.K[1:], publicWitness, ecc.MultiExpConfig{}); err != nil { return err } kSum.AddMixed(&vk.G1.K[0]) diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl index a153f943bc..3dd97520db 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl @@ -300,7 +300,7 @@ func Prove(spr *cs.SparseR1CS, pk *ProvingKey, fullWitness {{ toLower .CurveID } bSize.SetUint64(pk.Domain[0].Cardinality + 2) // +2 because of the masking (h of degree 3(n+2)-1) var zetaPowerm fr.Element zetaPowerm.Exp(zeta, &bSize) - zetaPowerm.ToBigIntRegular(&bZetaPowerm) + zetaPowerm.BigInt(&bZetaPowerm) foldedHDigest := proof.H[2] foldedHDigest.ScalarMultiplication(&foldedHDigest, &bZetaPowerm) foldedHDigest.Add(&foldedHDigest, &proof.H[1]) // ζᵐ⁺²*Comm(h3) diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl index d57f5c0977..9b96e671c3 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.verify.go.tmpl @@ -138,7 +138,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness {{ toLower .CurveID }} var zetaMPlusTwo fr.Element zetaMPlusTwo.Exp(zeta, mPlusTwo) var zetaMPlusTwoBigInt big.Int - zetaMPlusTwo.ToBigIntRegular(&zetaMPlusTwoBigInt) + zetaMPlusTwo.BigInt(&zetaMPlusTwoBigInt) foldedH := proof.H[2] foldedH.ScalarMultiplication(&foldedH, &zetaMPlusTwoBigInt) foldedH.Add(&foldedH, &proof.H[1]) @@ -182,7 +182,7 @@ func Verify(proof *Proof, vk *VerifyingKey, publicWitness {{ toLower .CurveID }} l, r, rl, o, one, // first part _s1, _s2, // second & third part } - if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{ScalarsMont: true}); err != nil { + if _, err := linearizedPolynomialDigest.MultiExp(points, scalars, ecc.MultiExpConfig{}); err != nil { return err } diff --git a/internal/tinyfield/element.go b/internal/tinyfield/element.go index 18b05910f3..18e496c364 100644 --- a/internal/tinyfield/element.go +++ b/internal/tinyfield/element.go @@ -681,8 +681,8 @@ func (z *Element) ToBigInt(res *big.Int) *big.Int { return res.SetBytes(b[:]) } -// ToBigIntRegular returns z as a big.Int in regular form -func (z Element) ToBigIntRegular(res *big.Int) *big.Int { +// BigInt returns z as a big.Int in regular form +func (z Element) BigInt(res *big.Int) *big.Int { z.FromMont() return z.ToBigInt(res) } diff --git a/internal/tinyfield/element_test.go b/internal/tinyfield/element_test.go index e8fb7e4c94..5328795aa1 100644 --- a/internal/tinyfield/element_test.go +++ b/internal/tinyfield/element_test.go @@ -710,7 +710,7 @@ func TestElementAdd(t *testing.T) { for _, r := range testValues { var d, e, rb big.Int - r.ToBigIntRegular(&rb) + r.BigInt(&rb) var c Element c.Add(&a.element, &r) @@ -745,11 +745,11 @@ func TestElementAdd(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) for _, b := range testValues { var bBig, d, e big.Int - b.ToBigIntRegular(&bBig) + b.BigInt(&bBig) var c Element c.Add(&a, &b) @@ -819,7 +819,7 @@ func TestElementSub(t *testing.T) { for _, r := range testValues { var d, e, rb big.Int - r.ToBigIntRegular(&rb) + r.BigInt(&rb) var c Element c.Sub(&a.element, &r) @@ -854,11 +854,11 @@ func TestElementSub(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) for _, b := range testValues { var bBig, d, e big.Int - b.ToBigIntRegular(&bBig) + b.BigInt(&bBig) var c Element c.Sub(&a, &b) @@ -928,7 +928,7 @@ func TestElementMul(t *testing.T) { for _, r := range testValues { var d, e, rb big.Int - r.ToBigIntRegular(&rb) + r.BigInt(&rb) var c Element c.Mul(&a.element, &r) @@ -982,11 +982,11 @@ func TestElementMul(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) for _, b := range testValues { var bBig, d, e big.Int - b.ToBigIntRegular(&bBig) + b.BigInt(&bBig) var c Element c.Mul(&a, &b) @@ -1064,7 +1064,7 @@ func TestElementDiv(t *testing.T) { for _, r := range testValues { var d, e, rb big.Int - r.ToBigIntRegular(&rb) + r.BigInt(&rb) var c Element c.Div(&a.element, &r) @@ -1100,11 +1100,11 @@ func TestElementDiv(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) for _, b := range testValues { var bBig, d, e big.Int - b.ToBigIntRegular(&bBig) + b.BigInt(&bBig) var c Element c.Div(&a, &b) @@ -1175,7 +1175,7 @@ func TestElementExp(t *testing.T) { for _, r := range testValues { var d, e, rb big.Int - r.ToBigIntRegular(&rb) + r.BigInt(&rb) var c Element c.Exp(a.element, &rb) @@ -1210,11 +1210,11 @@ func TestElementExp(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) for _, b := range testValues { var bBig, d, e big.Int - b.ToBigIntRegular(&bBig) + b.BigInt(&bBig) var c Element c.Exp(a, &bBig) @@ -1286,7 +1286,7 @@ func TestElementSquare(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) var c Element c.Square(&a) @@ -1358,7 +1358,7 @@ func TestElementInverse(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) var c Element c.Inverse(&a) @@ -1430,7 +1430,7 @@ func TestElementSqrt(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) var c Element c.Sqrt(&a) @@ -1502,7 +1502,7 @@ func TestElementDouble(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) var c Element c.Double(&a) @@ -1574,7 +1574,7 @@ func TestElementNeg(t *testing.T) { for _, a := range testValues { var aBig big.Int - a.ToBigIntRegular(&aBig) + a.BigInt(&aBig) var c Element c.Neg(&a) @@ -2150,7 +2150,7 @@ func gen() gopter.Gen { } } - g.element.ToBigIntRegular(&g.bigint) + g.element.BigInt(&g.bigint) genResult := gopter.NewGenResult(g, gopter.NoShrinker) return genResult } diff --git a/std/algebra/fields_bls12377/e12.go b/std/algebra/fields_bls12377/e12.go index 5fe7e6b55e..64ed8fc024 100644 --- a/std/algebra/fields_bls12377/e12.go +++ b/std/algebra/fields_bls12377/e12.go @@ -272,7 +272,7 @@ func (e *E12) Decompress(api frontend.API, x E12) *E12 { t[1].Sub(api, t[0], x.C0.B2). Double(api, t[1]). Add(api, t[1], t[0]) - // t0 = E * g5² + t1 + // t0 = E * g5² + t1 t[2].Square(api, x.C1.B2) t[0].MulByNonResidue(api, t[2]). Add(api, t[0], t[1]) @@ -447,18 +447,18 @@ var InverseE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&a) - c.C0.B0.A0.ToBigIntRegular(res[0]) - c.C0.B0.A1.ToBigIntRegular(res[1]) - c.C0.B1.A0.ToBigIntRegular(res[2]) - c.C0.B1.A1.ToBigIntRegular(res[3]) - c.C0.B2.A0.ToBigIntRegular(res[4]) - c.C0.B2.A1.ToBigIntRegular(res[5]) - c.C1.B0.A0.ToBigIntRegular(res[6]) - c.C1.B0.A1.ToBigIntRegular(res[7]) - c.C1.B1.A0.ToBigIntRegular(res[8]) - c.C1.B1.A1.ToBigIntRegular(res[9]) - c.C1.B2.A0.ToBigIntRegular(res[10]) - c.C1.B2.A1.ToBigIntRegular(res[11]) + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C0.B2.A0.BigInt(res[4]) + c.C0.B2.A1.BigInt(res[5]) + c.C1.B0.A0.BigInt(res[6]) + c.C1.B0.A1.BigInt(res[7]) + c.C1.B1.A0.BigInt(res[8]) + c.C1.B1.A1.BigInt(res[9]) + c.C1.B2.A0.BigInt(res[10]) + c.C1.B2.A1.BigInt(res[11]) return nil } @@ -520,18 +520,18 @@ var DivE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&b).Mul(&c, &a) - c.C0.B0.A0.ToBigIntRegular(res[0]) - c.C0.B0.A1.ToBigIntRegular(res[1]) - c.C0.B1.A0.ToBigIntRegular(res[2]) - c.C0.B1.A1.ToBigIntRegular(res[3]) - c.C0.B2.A0.ToBigIntRegular(res[4]) - c.C0.B2.A1.ToBigIntRegular(res[5]) - c.C1.B0.A0.ToBigIntRegular(res[6]) - c.C1.B0.A1.ToBigIntRegular(res[7]) - c.C1.B1.A0.ToBigIntRegular(res[8]) - c.C1.B1.A1.ToBigIntRegular(res[9]) - c.C1.B2.A0.ToBigIntRegular(res[10]) - c.C1.B2.A1.ToBigIntRegular(res[11]) + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C0.B2.A0.BigInt(res[4]) + c.C0.B2.A1.BigInt(res[5]) + c.C1.B0.A0.BigInt(res[6]) + c.C1.B0.A1.BigInt(res[7]) + c.C1.B1.A0.BigInt(res[8]) + c.C1.B1.A1.BigInt(res[9]) + c.C1.B2.A0.BigInt(res[10]) + c.C1.B2.A1.BigInt(res[11]) return nil } diff --git a/std/algebra/fields_bls12377/e2.go b/std/algebra/fields_bls12377/e2.go index 27a17e32ef..067e8242c4 100644 --- a/std/algebra/fields_bls12377/e2.go +++ b/std/algebra/fields_bls12377/e2.go @@ -147,8 +147,8 @@ var InverseE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&a) - c.A0.ToBigIntRegular(res[0]) - c.A1.ToBigIntRegular(res[1]) + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) return nil } @@ -189,8 +189,8 @@ var DivE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&b).Mul(&c, &a) - c.A0.ToBigIntRegular(res[0]) - c.A1.ToBigIntRegular(res[1]) + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) return nil } diff --git a/std/algebra/fields_bls12377/e6.go b/std/algebra/fields_bls12377/e6.go index f3091da62b..b8d15605e8 100644 --- a/std/algebra/fields_bls12377/e6.go +++ b/std/algebra/fields_bls12377/e6.go @@ -187,12 +187,12 @@ var DivE6Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&b).Mul(&c, &a) - c.B0.A0.ToBigIntRegular(res[0]) - c.B0.A1.ToBigIntRegular(res[1]) - c.B1.A0.ToBigIntRegular(res[2]) - c.B1.A1.ToBigIntRegular(res[3]) - c.B2.A0.ToBigIntRegular(res[4]) - c.B2.A1.ToBigIntRegular(res[5]) + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) + c.B2.A0.BigInt(res[4]) + c.B2.A1.BigInt(res[5]) return nil } @@ -235,12 +235,12 @@ var InverseE6Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&a) - c.B0.A0.ToBigIntRegular(res[0]) - c.B0.A1.ToBigIntRegular(res[1]) - c.B1.A0.ToBigIntRegular(res[2]) - c.B1.A1.ToBigIntRegular(res[3]) - c.B2.A0.ToBigIntRegular(res[4]) - c.B2.A1.ToBigIntRegular(res[5]) + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) + c.B2.A0.BigInt(res[4]) + c.B2.A1.BigInt(res[5]) return nil } diff --git a/std/algebra/fields_bls24315/e12.go b/std/algebra/fields_bls24315/e12.go index 87c5e0aad2..2a8583f3f8 100644 --- a/std/algebra/fields_bls24315/e12.go +++ b/std/algebra/fields_bls24315/e12.go @@ -192,18 +192,18 @@ var InverseE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&a) - c.C0.B0.A0.ToBigIntRegular(res[0]) - c.C0.B0.A1.ToBigIntRegular(res[1]) - c.C0.B1.A0.ToBigIntRegular(res[2]) - c.C0.B1.A1.ToBigIntRegular(res[3]) - c.C1.B0.A0.ToBigIntRegular(res[4]) - c.C1.B0.A1.ToBigIntRegular(res[5]) - c.C1.B1.A0.ToBigIntRegular(res[6]) - c.C1.B1.A1.ToBigIntRegular(res[7]) - c.C2.B0.A0.ToBigIntRegular(res[8]) - c.C2.B0.A1.ToBigIntRegular(res[9]) - c.C2.B1.A0.ToBigIntRegular(res[10]) - c.C2.B1.A1.ToBigIntRegular(res[11]) + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C1.B0.A0.BigInt(res[4]) + c.C1.B0.A1.BigInt(res[5]) + c.C1.B1.A0.BigInt(res[6]) + c.C1.B1.A1.BigInt(res[7]) + c.C2.B0.A0.BigInt(res[8]) + c.C2.B0.A1.BigInt(res[9]) + c.C2.B1.A0.BigInt(res[10]) + c.C2.B1.A1.BigInt(res[11]) return nil } @@ -265,18 +265,18 @@ var DivE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&b).Mul(&c, &a) - c.C0.B0.A0.ToBigIntRegular(res[0]) - c.C0.B0.A1.ToBigIntRegular(res[1]) - c.C0.B1.A0.ToBigIntRegular(res[2]) - c.C0.B1.A1.ToBigIntRegular(res[3]) - c.C1.B0.A0.ToBigIntRegular(res[4]) - c.C1.B0.A1.ToBigIntRegular(res[5]) - c.C1.B1.A0.ToBigIntRegular(res[6]) - c.C1.B1.A1.ToBigIntRegular(res[7]) - c.C2.B0.A0.ToBigIntRegular(res[8]) - c.C2.B0.A1.ToBigIntRegular(res[9]) - c.C2.B1.A0.ToBigIntRegular(res[10]) - c.C2.B1.A1.ToBigIntRegular(res[11]) + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C1.B0.A0.BigInt(res[4]) + c.C1.B0.A1.BigInt(res[5]) + c.C1.B1.A0.BigInt(res[6]) + c.C1.B1.A1.BigInt(res[7]) + c.C2.B0.A0.BigInt(res[8]) + c.C2.B0.A1.BigInt(res[9]) + c.C2.B1.A0.BigInt(res[10]) + c.C2.B1.A1.BigInt(res[11]) return nil } diff --git a/std/algebra/fields_bls24315/e2.go b/std/algebra/fields_bls24315/e2.go index d04df41c02..b850ef025b 100644 --- a/std/algebra/fields_bls24315/e2.go +++ b/std/algebra/fields_bls24315/e2.go @@ -153,8 +153,8 @@ var DivE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&b).Mul(&c, &a) - c.A0.ToBigIntRegular(res[0]) - c.A1.ToBigIntRegular(res[1]) + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) return nil } @@ -192,8 +192,8 @@ var InverseE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&a) - c.A0.ToBigIntRegular(res[0]) - c.A1.ToBigIntRegular(res[1]) + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) return nil } diff --git a/std/algebra/fields_bls24315/e24.go b/std/algebra/fields_bls24315/e24.go index b21c8004e3..d70722cb70 100644 --- a/std/algebra/fields_bls24315/e24.go +++ b/std/algebra/fields_bls24315/e24.go @@ -270,7 +270,7 @@ func (e *E24) Decompress(api frontend.API, x E24) *E24 { t[1].Sub(api, t[0], x.D0.C2). Double(api, t[1]). Add(api, t[1], t[0]) - // t0 = E * g5² + t1 + // t0 = E * g5² + t1 t[2].Square(api, x.D1.C2) t[0].MulByNonResidue(api, t[2]). Add(api, t[0], t[1]) @@ -418,30 +418,30 @@ var InverseE24Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&a) - c.D0.C0.B0.A0.ToBigIntRegular(res[0]) - c.D0.C0.B0.A1.ToBigIntRegular(res[1]) - c.D0.C0.B1.A0.ToBigIntRegular(res[2]) - c.D0.C0.B1.A1.ToBigIntRegular(res[3]) - c.D0.C1.B0.A0.ToBigIntRegular(res[4]) - c.D0.C1.B0.A1.ToBigIntRegular(res[5]) - c.D0.C1.B1.A0.ToBigIntRegular(res[6]) - c.D0.C1.B1.A1.ToBigIntRegular(res[7]) - c.D0.C2.B0.A0.ToBigIntRegular(res[8]) - c.D0.C2.B0.A1.ToBigIntRegular(res[9]) - c.D0.C2.B1.A0.ToBigIntRegular(res[10]) - c.D0.C2.B1.A1.ToBigIntRegular(res[11]) - c.D1.C0.B0.A0.ToBigIntRegular(res[12]) - c.D1.C0.B0.A1.ToBigIntRegular(res[13]) - c.D1.C0.B1.A0.ToBigIntRegular(res[14]) - c.D1.C0.B1.A1.ToBigIntRegular(res[15]) - c.D1.C1.B0.A0.ToBigIntRegular(res[16]) - c.D1.C1.B0.A1.ToBigIntRegular(res[17]) - c.D1.C1.B1.A0.ToBigIntRegular(res[18]) - c.D1.C1.B1.A1.ToBigIntRegular(res[19]) - c.D1.C2.B0.A0.ToBigIntRegular(res[20]) - c.D1.C2.B0.A1.ToBigIntRegular(res[21]) - c.D1.C2.B1.A0.ToBigIntRegular(res[22]) - c.D1.C2.B1.A1.ToBigIntRegular(res[23]) + c.D0.C0.B0.A0.BigInt(res[0]) + c.D0.C0.B0.A1.BigInt(res[1]) + c.D0.C0.B1.A0.BigInt(res[2]) + c.D0.C0.B1.A1.BigInt(res[3]) + c.D0.C1.B0.A0.BigInt(res[4]) + c.D0.C1.B0.A1.BigInt(res[5]) + c.D0.C1.B1.A0.BigInt(res[6]) + c.D0.C1.B1.A1.BigInt(res[7]) + c.D0.C2.B0.A0.BigInt(res[8]) + c.D0.C2.B0.A1.BigInt(res[9]) + c.D0.C2.B1.A0.BigInt(res[10]) + c.D0.C2.B1.A1.BigInt(res[11]) + c.D1.C0.B0.A0.BigInt(res[12]) + c.D1.C0.B0.A1.BigInt(res[13]) + c.D1.C0.B1.A0.BigInt(res[14]) + c.D1.C0.B1.A1.BigInt(res[15]) + c.D1.C1.B0.A0.BigInt(res[16]) + c.D1.C1.B0.A1.BigInt(res[17]) + c.D1.C1.B1.A0.BigInt(res[18]) + c.D1.C1.B1.A1.BigInt(res[19]) + c.D1.C2.B0.A0.BigInt(res[20]) + c.D1.C2.B0.A1.BigInt(res[21]) + c.D1.C2.B1.A0.BigInt(res[22]) + c.D1.C2.B1.A1.BigInt(res[23]) return nil } @@ -528,30 +528,30 @@ var DivE24Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&b).Mul(&c, &a) - c.D0.C0.B0.A0.ToBigIntRegular(res[0]) - c.D0.C0.B0.A1.ToBigIntRegular(res[1]) - c.D0.C0.B1.A0.ToBigIntRegular(res[2]) - c.D0.C0.B1.A1.ToBigIntRegular(res[3]) - c.D0.C1.B0.A0.ToBigIntRegular(res[4]) - c.D0.C1.B0.A1.ToBigIntRegular(res[5]) - c.D0.C1.B1.A0.ToBigIntRegular(res[6]) - c.D0.C1.B1.A1.ToBigIntRegular(res[7]) - c.D0.C2.B0.A0.ToBigIntRegular(res[8]) - c.D0.C2.B0.A1.ToBigIntRegular(res[9]) - c.D0.C2.B1.A0.ToBigIntRegular(res[10]) - c.D0.C2.B1.A1.ToBigIntRegular(res[11]) - c.D1.C0.B0.A0.ToBigIntRegular(res[12]) - c.D1.C0.B0.A1.ToBigIntRegular(res[13]) - c.D1.C0.B1.A0.ToBigIntRegular(res[14]) - c.D1.C0.B1.A1.ToBigIntRegular(res[15]) - c.D1.C1.B0.A0.ToBigIntRegular(res[16]) - c.D1.C1.B0.A1.ToBigIntRegular(res[17]) - c.D1.C1.B1.A0.ToBigIntRegular(res[18]) - c.D1.C1.B1.A1.ToBigIntRegular(res[19]) - c.D1.C2.B0.A0.ToBigIntRegular(res[20]) - c.D1.C2.B0.A1.ToBigIntRegular(res[21]) - c.D1.C2.B1.A0.ToBigIntRegular(res[22]) - c.D1.C2.B1.A1.ToBigIntRegular(res[23]) + c.D0.C0.B0.A0.BigInt(res[0]) + c.D0.C0.B0.A1.BigInt(res[1]) + c.D0.C0.B1.A0.BigInt(res[2]) + c.D0.C0.B1.A1.BigInt(res[3]) + c.D0.C1.B0.A0.BigInt(res[4]) + c.D0.C1.B0.A1.BigInt(res[5]) + c.D0.C1.B1.A0.BigInt(res[6]) + c.D0.C1.B1.A1.BigInt(res[7]) + c.D0.C2.B0.A0.BigInt(res[8]) + c.D0.C2.B0.A1.BigInt(res[9]) + c.D0.C2.B1.A0.BigInt(res[10]) + c.D0.C2.B1.A1.BigInt(res[11]) + c.D1.C0.B0.A0.BigInt(res[12]) + c.D1.C0.B0.A1.BigInt(res[13]) + c.D1.C0.B1.A0.BigInt(res[14]) + c.D1.C0.B1.A1.BigInt(res[15]) + c.D1.C1.B0.A0.BigInt(res[16]) + c.D1.C1.B0.A1.BigInt(res[17]) + c.D1.C1.B1.A0.BigInt(res[18]) + c.D1.C1.B1.A1.BigInt(res[19]) + c.D1.C2.B0.A0.BigInt(res[20]) + c.D1.C2.B0.A1.BigInt(res[21]) + c.D1.C2.B1.A0.BigInt(res[22]) + c.D1.C2.B1.A1.BigInt(res[23]) return nil } diff --git a/std/algebra/fields_bls24315/e4.go b/std/algebra/fields_bls24315/e4.go index bb800abea7..57abb6ccf8 100644 --- a/std/algebra/fields_bls24315/e4.go +++ b/std/algebra/fields_bls24315/e4.go @@ -156,10 +156,10 @@ var DivE4Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&b).Mul(&c, &a) - c.B0.A0.ToBigIntRegular(res[0]) - c.B0.A1.ToBigIntRegular(res[1]) - c.B1.A0.ToBigIntRegular(res[2]) - c.B1.A1.ToBigIntRegular(res[3]) + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) return nil } @@ -199,10 +199,10 @@ var InverseE4Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { c.Inverse(&a) - c.B0.A0.ToBigIntRegular(res[0]) - c.B0.A1.ToBigIntRegular(res[1]) - c.B1.A0.ToBigIntRegular(res[2]) - c.B1.A1.ToBigIntRegular(res[3]) + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) return nil } diff --git a/std/algebra/sw_bls12377/g1_test.go b/std/algebra/sw_bls12377/g1_test.go index 8e921803a9..2a0a83a1a5 100644 --- a/std/algebra/sw_bls12377/g1_test.go +++ b/std/algebra/sw_bls12377/g1_test.go @@ -281,7 +281,7 @@ func TestConstantScalarMulG1(t *testing.T) { witness.A.Assign(&a) // compute the result br := new(big.Int) - r.ToBigIntRegular(br) + r.BigInt(br) // br is a circuit parameter circuit.R = br _a.ScalarMultiplication(&_a, br) @@ -321,7 +321,7 @@ func TestVarScalarMulG1(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -361,7 +361,7 @@ func TestScalarMulG1(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -376,7 +376,7 @@ func randomPointG1() bls12377.G1Jac { var r1 fr.Element var b big.Int _, _ = r1.SetRandom() - p1.ScalarMultiplication(&p1, r1.ToBigIntRegular(&b)) + p1.ScalarMultiplication(&p1, r1.BigInt(&b)) return p1 } diff --git a/std/algebra/sw_bls12377/g2_test.go b/std/algebra/sw_bls12377/g2_test.go index e647c96ac0..534a58b54c 100644 --- a/std/algebra/sw_bls12377/g2_test.go +++ b/std/algebra/sw_bls12377/g2_test.go @@ -287,7 +287,7 @@ func TestConstantScalarMulG2(t *testing.T) { witness.A.Assign(&a) // compute the result br := new(big.Int) - r.ToBigIntRegular(br) + r.BigInt(br) // br is a circuit parameter circuit.R = br _a.ScalarMultiplication(&_a, br) @@ -327,7 +327,7 @@ func TestVarScalarMulG2(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -367,7 +367,7 @@ func TestScalarMulG2(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -380,7 +380,7 @@ func randomPointG2() bls12377.G2Jac { var r1 fr.Element var b big.Int _, _ = r1.SetRandom() - p2.ScalarMultiplication(&p2, r1.ToBigIntRegular(&b)) + p2.ScalarMultiplication(&p2, r1.BigInt(&b)) return p2 } diff --git a/std/algebra/sw_bls12377/pairing_test.go b/std/algebra/sw_bls12377/pairing_test.go index b16e3617b3..bf09b6efad 100644 --- a/std/algebra/sw_bls12377/pairing_test.go +++ b/std/algebra/sw_bls12377/pairing_test.go @@ -141,8 +141,8 @@ func triplePairingData() (P [3]bls12377.G1Affine, Q [3]bls12377.G2Affine, pairin for i := 1; i < 3; i++ { _, _ = u.SetRandom() _, _ = v.SetRandom() - u.ToBigIntRegular(&_u) - v.ToBigIntRegular(&_v) + u.BigInt(&_u) + v.BigInt(&_v) P[i].ScalarMultiplication(&P[0], &_u) Q[i].ScalarMultiplication(&Q[0], &_v) } diff --git a/std/algebra/sw_bls24315/g1_test.go b/std/algebra/sw_bls24315/g1_test.go index 82d385e59d..86feeeb571 100644 --- a/std/algebra/sw_bls24315/g1_test.go +++ b/std/algebra/sw_bls24315/g1_test.go @@ -281,7 +281,7 @@ func TestConstantScalarMulG1(t *testing.T) { witness.A.Assign(&a) // compute the result br := new(big.Int) - r.ToBigIntRegular(br) + r.BigInt(br) // br is a circuit parameter circuit.R = br _a.ScalarMultiplication(&_a, br) @@ -321,7 +321,7 @@ func TestVarScalarMulG1(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -361,7 +361,7 @@ func TestScalarMulG1(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -376,7 +376,7 @@ func randomPointG1() bls24315.G1Jac { var r1 fr.Element var b big.Int _, _ = r1.SetRandom() - p1.ScalarMultiplication(&p1, r1.ToBigIntRegular(&b)) + p1.ScalarMultiplication(&p1, r1.BigInt(&b)) return p1 } diff --git a/std/algebra/sw_bls24315/g2_test.go b/std/algebra/sw_bls24315/g2_test.go index 478be13146..0c8fb3ad20 100644 --- a/std/algebra/sw_bls24315/g2_test.go +++ b/std/algebra/sw_bls24315/g2_test.go @@ -287,7 +287,7 @@ func TestConstantScalarMulG2(t *testing.T) { witness.A.Assign(&a) // compute the result br := new(big.Int) - r.ToBigIntRegular(br) + r.BigInt(br) // br is a circuit parameter circuit.R = br _a.ScalarMultiplication(&_a, br) @@ -327,7 +327,7 @@ func TestVarScalarMulG2(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -367,7 +367,7 @@ func TestScalarMulG2(t *testing.T) { witness.A.Assign(&a) // compute the result var br big.Int - _a.ScalarMultiplication(&_a, r.ToBigIntRegular(&br)) + _a.ScalarMultiplication(&_a, r.BigInt(&br)) c.FromJacobian(&_a) witness.C.Assign(&c) @@ -380,7 +380,7 @@ func randomPointG2() bls24315.G2Jac { var r1 fr.Element var b big.Int _, _ = r1.SetRandom() - p2.ScalarMultiplication(&p2, r1.ToBigIntRegular(&b)) + p2.ScalarMultiplication(&p2, r1.BigInt(&b)) return p2 } diff --git a/std/algebra/sw_bls24315/pairing_test.go b/std/algebra/sw_bls24315/pairing_test.go index f8d78b2384..c7bb53b4a5 100644 --- a/std/algebra/sw_bls24315/pairing_test.go +++ b/std/algebra/sw_bls24315/pairing_test.go @@ -142,8 +142,8 @@ func triplePairingData() (P [3]bls24315.G1Affine, Q [3]bls24315.G2Affine, pairin for i := 1; i < 3; i++ { _, _ = u.SetRandom() _, _ = v.SetRandom() - u.ToBigIntRegular(&_u) - v.ToBigIntRegular(&_v) + u.BigInt(&_u) + v.BigInt(&_v) P[i].ScalarMultiplication(&P[0], &_u) Q[i].ScalarMultiplication(&Q[0], &_v) } diff --git a/std/algebra/twistededwards/twistededwards.go b/std/algebra/twistededwards/twistededwards.go index 9f93e53bfa..20c0de3aba 100644 --- a/std/algebra/twistededwards/twistededwards.go +++ b/std/algebra/twistededwards/twistededwards.go @@ -158,12 +158,12 @@ func newEdBN254() *CurveParams { edcurve := edbn254.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r } @@ -173,12 +173,12 @@ func newEdBLS12_381() *CurveParams { edcurve := edbls12381.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r } @@ -188,12 +188,12 @@ func newEdBLS12_381_BANDERSNATCH() *CurveParams { edcurve := edbls12381_bandersnatch.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r } @@ -203,12 +203,12 @@ func newEdBLS12_377() *CurveParams { edcurve := edbls12377.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r } @@ -218,12 +218,12 @@ func newEdBW6_633() *CurveParams { edcurve := edbw6633.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r } @@ -233,12 +233,12 @@ func newEdBW6_761() *CurveParams { edcurve := edbw6761.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r } @@ -248,12 +248,12 @@ func newEdBLS24_317() *CurveParams { edcurve := edbls24317.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r } @@ -263,12 +263,12 @@ func newEdBLS24_315() *CurveParams { edcurve := edbls24315.GetEdwardsCurve() r := newCurveParams() - edcurve.A.ToBigIntRegular(r.A) - edcurve.D.ToBigIntRegular(r.D) - edcurve.Cofactor.ToBigIntRegular(r.Cofactor) + edcurve.A.BigInt(r.A) + edcurve.D.BigInt(r.D) + edcurve.Cofactor.BigInt(r.Cofactor) r.Order.Set(&edcurve.Order) - edcurve.Base.X.ToBigIntRegular(r.Base[0]) - edcurve.Base.Y.ToBigIntRegular(r.Base[1]) + edcurve.Base.X.BigInt(r.Base[0]) + edcurve.Base.Y.BigInt(r.Base[1]) return r }