Use generic Groth16 for BN254

fastcrypto-zkp/Cargo.toml

@@ -21,15 +21,14 @@ name = "poseidon"
 harness = false
 
 [dependencies]
-ark-bls12-381 = "0.4.0"
 ark-bn254 = "0.4.0"
 ark-ec = { version = "0.4.1" }
 ark-ff = { version = "0.4.1", features = ["asm"] }
 ark-groth16 = { version = "0.4.0", default-features = false }
 ark-relations = "0.4.0"
 ark-serialize = "0.4.1"
 ark-snark = "0.4.0"
-blst = "0.3.11"
+bcs.workspace = true
 byte-slice-cast = "1.2.2"
 fastcrypto = { path = "../fastcrypto", version = "0.1.5" }
 derive_more = "0.99.16"
@@ -48,6 +47,7 @@ itertools = "0.12.0"
 
 [dev-dependencies]
 ark-bls12-377 = "0.4.0"
+ark-bls12-381 = "0.4.0"
 ark-crypto-primitives = { version = "0.4.0", features = ["r1cs", "prf"] }
 ark-r1cs-std = "0.4.0"
 ark-std = "0.4.0"

fastcrypto-zkp/benches/proving.rs

@@ -1,24 +1,27 @@
 // Copyright (c) 2022, Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
-use ark_bls12_377::{Bls12_377, Fr as Bls377Fr};
+
+use std::ops::Mul;
+
 use ark_bls12_381::{Bls12_381, Fr as BlsFr};
 use ark_bn254::{Bn254, Fr as Bn254Fr};
-
 use ark_ec::pairing::Pairing;
 use ark_ff::{PrimeField, UniformRand};
 use ark_groth16::Groth16;
+use ark_serialize::CanonicalSerialize;
 use ark_snark::SNARK;
 use ark_std::rand::thread_rng;
 use criterion::{
     criterion_group, criterion_main, measurement::Measurement, BenchmarkGroup, BenchmarkId,
     Criterion, SamplingMode,
 };
-use fastcrypto_zkp::dummy_circuits::DummyCircuit;
-use fastcrypto_zkp::{bls12381, bn254};
-use std::ops::Mul;
 
-#[path = "./conversions.rs"]
-mod conversions;
+use crate::utils::vk_from_arkworks;
+use fastcrypto::groups::bls12381::{G1Element, Scalar};
+use fastcrypto::serde_helpers::ToFromByteArray;
+use fastcrypto_zkp::bn254;
+use fastcrypto_zkp::dummy_circuits::DummyCircuit;
+use fastcrypto_zkp::groth16::{Proof, VerifyingKey};
 
 #[path = "./utils.rs"]
 mod utils;
@@ -238,7 +241,7 @@ fn bench_verify_elusiv_circuit<M: Measurement>(grp: &mut BenchmarkGroup<M>) {
         ),
     ];
 
-    let vk: bn254::VerifyingKey = ark_groth16::VerifyingKey {
+    let vk: bn254::VerifyingKey = vk_from_arkworks(ark_groth16::VerifyingKey {
         alpha_g1: utils::G1Affine_from_str_projective((
             "8057073471822347335074195152835286348058235024870127707965681971765888348219",
             "14493022634743109860560137600871299171677470588934003383462482807829968516757",
@@ -357,8 +360,7 @@ fn bench_verify_elusiv_circuit<M: Measurement>(grp: &mut BenchmarkGroup<M>) {
         .into_iter()
         .map(|s| utils::G1Affine_from_str_projective((s[0], s[1], s[2])))
         .collect(),
-    }
-    .into();
+    });
 
     grp.bench_with_input(
         BenchmarkId::new(
@@ -367,12 +369,12 @@ fn bench_verify_elusiv_circuit<M: Measurement>(grp: &mut BenchmarkGroup<M>) {
         ),
         &vk,
         |b, vk| {
-            b.iter(|| bn254::verifier::PreparedVerifyingKey::from(vk));
+            b.iter(|| bn254::PreparedVerifyingKey::from(vk));
         },
     );
 
-    let pvk = bn254::verifier::PreparedVerifyingKey::from(&vk);
-    let bytes = pvk.serialize().unwrap();
+    let pvk = bn254::PreparedVerifyingKey::from(&vk);
+    let bytes = pvk.serialize_into_parts();
     let vk_gamma_abc_g1_bytes = &bytes[0];
     let alpha_g1_beta_g2_bytes = &bytes[1];
     let gamma_g2_neg_pc_bytes = &bytes[2];
@@ -427,25 +429,36 @@ fn bench_our_verify<M: Measurement>(grp: &mut BenchmarkGroup<M>) {
         };
 
         let (pk, ark_vk) = Groth16::<Bls12_381>::circuit_specific_setup(c, rng).unwrap();
-        let proof = bls12381::Proof::from(Groth16::<Bls12_381>::prove(&pk, c, rng).unwrap());
+
+        let ark_proof = Groth16::<Bls12_381>::prove(&pk, c, rng).unwrap();
+        let mut proof_bytes = Vec::new();
+        ark_proof.serialize_compressed(&mut proof_bytes).unwrap();
+        let proof: Proof<G1Element> = bcs::from_bytes(&proof_bytes).unwrap();
+
         let v = c.a.unwrap().mul(c.b.unwrap());
+        let mut v_bytes = [0u8; 32];
+        v.serialize_compressed(v_bytes.as_mut_slice()).unwrap();
+        v_bytes.reverse();
+        let v = Scalar::from_byte_array(&v_bytes).unwrap();
 
-        let vk = ark_vk.into();
+        let mut vk_bytes = Vec::new();
+        ark_vk.serialize_compressed(&mut vk_bytes).unwrap();
+        let vk = VerifyingKey::from_arkworks_format(&vk_bytes).unwrap();
 
         grp.bench_with_input(
             BenchmarkId::new("BLST-based Groth16 process verifying key", *size),
             &vk,
             |b, vk| {
-                b.iter(|| bls12381::verifier::PreparedVerifyingKey::from(vk));
+                b.iter(|| fastcrypto_zkp::bls12381::PreparedVerifyingKey::from(vk));
             },
         );
-        let pvk = bls12381::verifier::PreparedVerifyingKey::from(&vk);
+        let pvk = fastcrypto_zkp::bls12381::PreparedVerifyingKey::from(&vk);
 
         grp.bench_with_input(
             BenchmarkId::new("BLST-based Groth16 verify with processed vk", *size),
             &(pvk, v),
             |b, (pvk, v)| {
-                b.iter(|| pvk.verify(&[(*v).into()], &proof).unwrap());
+                b.iter(|| pvk.verify(&[*v], &proof).unwrap());
             },
         );
     }
@@ -464,12 +477,6 @@ fn prove(c: &mut Criterion) {
     group.sample_size(10);
     bench_prove::<Bn254Fr, Bn254, _>(&mut group);
     group.finish();
-
-    let mut group: BenchmarkGroup<_> = c.benchmark_group("BLS12-377 Proving");
-    group.sampling_mode(SamplingMode::Flat); // This can take a *while*
-    group.sample_size(10);
-    bench_prove::<Bls377Fr, Bls12_377, _>(&mut group);
-    group.finish();
 }
 
 fn verify(c: &mut Criterion) {
@@ -484,10 +491,6 @@ fn verify(c: &mut Criterion) {
     bench_verify::<Bn254Fr, Bn254, _>(&mut group);
     group.finish();
 
-    let mut group: BenchmarkGroup<_> = c.benchmark_group("BLS12-377 Verification");
-    bench_verify::<Bls377Fr, Bls12_377, _>(&mut group);
-    group.finish();
-
     let mut group: BenchmarkGroup<_> = c.benchmark_group("Elusiv Circuit Verification");
     bench_verify_elusiv_circuit::<_>(&mut group);
     group.finish();
@@ -501,4 +504,4 @@ criterion_group! {
        prove,
 }
 
-criterion_main!(conversions::conversion_benches, proving_benches,);
+criterion_main!(proving_benches,);

fastcrypto-zkp/benches/utils.rs

@@ -1,11 +1,25 @@
 // Copyright (c) 2022, Mysten Labs, Inc.
 // SPDX-License-Identifier: Apache-2.0
 
-use ark_bn254::{Fq, Fq2, G1Affine, G1Projective, G2Affine};
+use ark_bn254::{Bn254, Fq, Fq2, G1Affine, G1Projective, G2Affine, G2Projective};
+use fastcrypto_zkp::bn254::VerifyingKey;
 
 type StrPair = (&'static str, &'static str);
 type StrTriplet = (&'static str, &'static str, &'static str);
 
+pub fn vk_from_arkworks(vk: ark_groth16::VerifyingKey<Bn254>) -> VerifyingKey {
+    VerifyingKey::new(
+        G1Projective::from(vk.alpha_g1).into(),
+        G2Projective::from(vk.beta_g2).into(),
+        G2Projective::from(vk.gamma_g2).into(),
+        G2Projective::from(vk.delta_g2).into(),
+        vk.gamma_abc_g1
+            .iter()
+            .map(|x| G1Projective::from(*x).into())
+            .collect(),
+    )
+}
+
 #[allow(non_snake_case)]
 pub fn G1Affine_from_str_projective(#[allow(clippy::type_complexity)] s: StrTriplet) -> G1Affine {
     G1Projective::new(
@@ -18,7 +32,6 @@ pub fn G1Affine_from_str_projective(#[allow(clippy::type_complexity)] s: StrTrip
 
 #[allow(non_snake_case)]
 pub fn G2Affine_from_str_projective(s: (StrPair, StrPair, StrPair)) -> G2Affine {
-    use ark_bn254::G2Projective;
     G2Projective::new(
         Fq2::new(s.0 .0.parse::<Fq>().unwrap(), s.0 .1.parse::<Fq>().unwrap()),
         Fq2::new(s.1 .0.parse::<Fq>().unwrap(), s.1 .1.parse::<Fq>().unwrap()),