Refactor ScalarChallenge and how it's used

Author: sebastiencs

ledger/src/proofs/accumulator_check.rs

@@ -1,12 +1,11 @@
 use std::array;
 
-use mina_curves::pasta::{Fq, Vesta};
+use mina_curves::pasta::Vesta;
 use mina_hasher::Fp;
 use mina_p2p_messages::{bigint::BigInt, v2::PicklesProofProofsVerified2ReprStableV2};
 use poly_commitment::{commitment::CommitmentCurve, srs::SRS};
 
 use super::public_input::scalar_challenge::ScalarChallenge;
-use super::transaction::endos;
 use super::urs_utils;
 
 pub fn accumulator_check(
@@ -18,8 +17,6 @@ pub fn accumulator_check(
     // comms: statement.proof_state.messages_for_next_wrap_proof.challenge_polynomial_commitment
     // chals: statement.proof_state.deferred_values.bulletproof_challenges
 
-    let (_, endo) = endos::<Fq>();
-
     let deferred_values = &proof.statement.proof_state.deferred_values;
     let bulletproof_challenges = &deferred_values.bulletproof_challenges;
     let bulletproof_challenges: Vec<Fp> = bulletproof_challenges
@@ -28,11 +25,11 @@ pub fn accumulator_check(
             let prechallenge = &chal.prechallenge.inner;
             let prechallenge: [u64; 2] = array::from_fn(|k| prechallenge[k].as_u64());
 
-            ScalarChallenge::from(prechallenge).to_field(&endo)
+            ScalarChallenge::limbs_to_field(&prechallenge)
         })
         .collect();
 
-    let of_coord = |x: &(BigInt, BigInt)| Vesta::of_coordinates(x.0.to_field(), x.1.to_field());
+    let of_coord = |(x, y): &(BigInt, BigInt)| Vesta::of_coordinates(x.to_field(), y.to_field());
 
     // statement.proof_state.messages_for_next_wrap_proof.challenge_polynomial_commitment
     let acc_comm = &proof

ledger/src/proofs/prover.rs

@@ -11,8 +11,6 @@ use mina_hasher::Fp;
 use once_cell::sync::Lazy;
 use poly_commitment::{commitment::CommitmentCurve, evaluation_proof::OpeningProof};
 
-use crate::proofs::transaction::endos;
-
 use super::util::extract_bulletproof;
 use mina_curves::pasta::Fq;
 use mina_p2p_messages::{bigint::BigInt, v2::PicklesProofProofsVerified2ReprStableV2};
@@ -115,19 +113,14 @@ pub fn make_padded_proof_from_p2p(
 
     let ft_eval1: Fq = proof.ft_eval1.to_field();
 
-    let (_, endo) = endos::<Fp>();
-
     let old_bulletproof_challenges = &statement
         .proof_state
         .messages_for_next_wrap_proof
         .old_bulletproof_challenges;
-    let old_bulletproof_challenges: Vec<[Fq; 15]> = extract_bulletproof(
-        &[
-            old_bulletproof_challenges.0[0].0.clone(),
-            old_bulletproof_challenges.0[1].0.clone(),
-        ],
-        &endo,
-    );
+    let old_bulletproof_challenges: Vec<[Fq; 15]> = extract_bulletproof(&[
+        old_bulletproof_challenges.0[0].0.clone(),
+        old_bulletproof_challenges.0[1].0.clone(),
+    ]);
 
     let make_poly = |poly: &(BigInt, BigInt)| {
         let point = of_coord(poly);

ledger/src/proofs/public_input/scalar_challenge.rs

@@ -2,7 +2,7 @@ use std::array::IntoIter;
 
 use ark_ff::{BigInteger256, Field};
 
-use crate::proofs::field::FieldWitness;
+use crate::proofs::{field::FieldWitness, transaction::endos};
 
 #[derive(Clone, Debug)]
 pub struct ScalarChallenge {
@@ -92,6 +92,16 @@ impl ScalarChallenge {
 
         (a * endo) + b
     }
+
+    pub fn array_to_fields<F: FieldWitness, const N: usize>(array: &[F; N]) -> [F; N] {
+        let (_, endo) = endos::<F::Scalar>();
+        std::array::from_fn(|i| Self::from(array[i]).to_field(&endo))
+    }
+
+    pub fn limbs_to_field<F: FieldWitness>(limbs: &[u64; 2]) -> F {
+        let (_, endo) = endos::<F::Scalar>();
+        Self::from(*limbs).to_field(&endo)
+    }
 }
 
 #[cfg(test)]

ledger/src/proofs/step.rs

@@ -1820,8 +1820,8 @@ pub fn expand_deferred(params: ExpandDeferredParams) -> DeferredValues<Fp> {
 
     let plonk0 = &proof_state.deferred_values.plonk;
 
-    let zeta = ScalarChallenge::from(plonk0.zeta_bytes).to_field(&endo);
-    let alpha = ScalarChallenge::from(plonk0.alpha_bytes).to_field(&endo);
+    let zeta = ScalarChallenge::limbs_to_field(&plonk0.zeta_bytes);
+    let alpha = ScalarChallenge::limbs_to_field(&plonk0.alpha_bytes);
     let step_domain: u8 = proof_state.deferred_values.branch_data.domain_log2.as_u8();
     let domain: Radix2EvaluationDomain<Fp> =
         Radix2EvaluationDomain::new(1 << step_domain as u64).unwrap();
@@ -1877,7 +1877,7 @@ pub fn expand_deferred(params: ExpandDeferredParams) -> DeferredValues<Fp> {
 
     let old_bulletproof_challenges: Vec<_> = old_bulletproof_challenges
         .iter()
-        .map(|v| std::array::from_fn(|i| ScalarChallenge::from(v[i]).to_field(&endo)))
+        .map(ScalarChallenge::array_to_fields)
         .collect();
 
     let challenges_digest = {
@@ -1926,7 +1926,7 @@ pub fn expand_deferred(params: ExpandDeferredParams) -> DeferredValues<Fp> {
         .deferred_values
         .bulletproof_challenges
         .iter()
-        .map(|v| ScalarChallenge::from(*v).to_field(&endo))
+        .map(ScalarChallenge::limbs_to_field)
         .collect();
 
     let b_actual = {
@@ -1950,11 +1950,9 @@ pub fn expand_deferred(params: ExpandDeferredParams) -> DeferredValues<Fp> {
 fn wrap_compute_sg(challenges: &[[u64; 2]]) -> GroupAffine<Fp> {
     use super::public_input::scalar_challenge::ScalarChallenge;
 
-    let (_, endo) = endos::<Fp>();
-
     let challenges = challenges
         .iter()
-        .map(|c| ScalarChallenge::from(*c).to_field(&endo))
+        .map(ScalarChallenge::limbs_to_field)
         .collect::<Vec<_>>();
 
     let coeffs = b_poly_coefficients(&challenges);
@@ -2004,9 +2002,8 @@ fn expand_proof(params: ExpandProofParams) -> ExpandedProof {
             .domain_log2
             .as_u8();
 
-        let (_, endo) = endos::<Fq>();
-        let alpha = ScalarChallenge::from(plonk0.alpha_bytes).to_field(&endo);
-        let zeta = ScalarChallenge::from(plonk0.zeta_bytes).to_field(&endo);
+        let alpha = ScalarChallenge::limbs_to_field(&plonk0.alpha_bytes);
+        let zeta = ScalarChallenge::limbs_to_field(&plonk0.zeta_bytes);
         // let w: Fp = Radix2EvaluationDomain::new(1 << dlog_vk.domain.log_size_of_group)
         let w: Fp = Radix2EvaluationDomain::new(1 << domain).unwrap().group_gen;
         let zetaw = zeta * w;
@@ -2037,19 +2034,14 @@ fn expand_proof(params: ExpandProofParams) -> ExpandedProof {
     let statement = &t.statement;
 
     let prev_challenges: Vec<[Fq; BACKEND_TOCK_ROUNDS_N]> = {
-        let (_, endo) = endos::<Fp>();
-
         let old_bulletproof_challenges = &statement
             .proof_state
             .messages_for_next_wrap_proof
             .old_bulletproof_challenges;
-        extract_bulletproof(
-            &[
-                old_bulletproof_challenges.0[0].0.clone(),
-                old_bulletproof_challenges.0[1].0.clone(),
-            ],
-            &endo,
-        )
+        extract_bulletproof(&[
+            old_bulletproof_challenges.0[0].0.clone(),
+            old_bulletproof_challenges.0[1].0.clone(),
+        ])
     };
 
     let old_bulletproof_challenges: Vec<[Fp; 16]> = statement
@@ -2073,10 +2065,9 @@ fn expand_proof(params: ExpandProofParams) -> ExpandedProof {
         })
     };
 
-    let (_, endo) = endos::<Fq>();
     let old_bulletproof_challenges: Vec<_> = old_bulletproof_challenges
         .iter()
-        .map(|v| std::array::from_fn(|i| ScalarChallenge::from(v[i]).to_field(&endo)))
+        .map(ScalarChallenge::array_to_fields)
         .collect();
 
     let messages_for_next_step_proof = MessagesForNextStepProof {
@@ -2486,8 +2477,6 @@ pub fn extract_recursion_challenges<const N: usize>(
 ) -> Vec<RecursionChallenge<GroupAffine<Fq>>> {
     use poly_commitment::PolyComm;
 
-    let (_, endo) = endos::<Fq>();
-
     let comms: [(Fq, Fq); N] = std::array::from_fn(|i| {
         let p = &proofs[i];
         let (a, b) = &p
@@ -2508,7 +2497,7 @@ pub fn extract_recursion_challenges<const N: usize>(
                 .clone()
         })
         .collect::<Vec<_>>();
-    let challs = extract_bulletproof(&challs, &endo);
+    let challs = extract_bulletproof(&challs);
 
     challs
         .into_iter()

ledger/src/proofs/unfinalized.rs

@@ -4,8 +4,8 @@ use mina_hasher::Fp;
 use mina_p2p_messages::v2;
 
 use crate::proofs::{
-    field::FieldWitness, public_input::plonk_checks::derive_plonk, transaction::endos,
-    verification::make_scalars_env, BACKEND_TICK_ROUNDS_N,
+    field::FieldWitness, public_input::plonk_checks::derive_plonk, verification::make_scalars_env,
+    BACKEND_TICK_ROUNDS_N,
 };
 
 use super::{
@@ -288,9 +288,7 @@ pub fn dummy_ipa_step_challenges() -> [[u64; 2]; BACKEND_TICK_ROUNDS_N] {
 pub fn dummy_ipa_step_challenges_computed() -> [Fp; BACKEND_TICK_ROUNDS_N] {
     cache_one!([Fp; BACKEND_TICK_ROUNDS_N], {
         let challenges = dummy_ipa_step_challenges();
-        let (_, endo) = endos::<Fq>();
-
-        std::array::from_fn(|i| ScalarChallenge::from(challenges[i]).to_field(&endo))
+        std::array::from_fn(|i| ScalarChallenge::limbs_to_field(&challenges[i]))
     })
 }
 
@@ -303,10 +301,8 @@ impl Unfinalized {
         let gamma_bytes: [u64; 2] = [8902445049614368905, -5479804816757020655i64 as u64];
         let zeta_bytes: [u64; 2] = [621834770194220300, -4327941673388439925i64 as u64];
 
-        let (_, endo) = endos::<Fp>();
-
-        let zeta: Fq = ScalarChallenge::from(zeta_bytes).to_field(&endo);
-        let alpha: Fq = ScalarChallenge::from(alpha_bytes).to_field(&endo);
+        let zeta: Fq = ScalarChallenge::limbs_to_field(&zeta_bytes);
+        let alpha: Fq = ScalarChallenge::limbs_to_field(&alpha_bytes);
         let beta: Fq = u64_to_field(&beta_bytes);
         let gamma: Fq = u64_to_field(&gamma_bytes);
 

ledger/src/proofs/util.rs

@@ -26,19 +26,18 @@ pub fn extract_polynomial_commitment<F: FieldWitness>(
         .collect()
 }
 
-pub fn extract_bulletproof<F: Field + From<i32>, const N: usize>(
+pub fn extract_bulletproof<F: FieldWitness, const N: usize>(
     v: &[PaddedSeq<
         PicklesReducedMessagesForNextProofOverSameFieldWrapChallengesVectorStableV2A,
         N,
     >],
-    endo: &F,
 ) -> Vec<[F; N]> {
     v.iter()
         .map(|old| {
             array::from_fn(|j| {
                 let prechallenge = &old[j].prechallenge.inner;
                 let prechallenge: [u64; 2] = array::from_fn(|k| prechallenge[k].as_u64());
-                ScalarChallenge::from(prechallenge).to_field(endo)
+                ScalarChallenge::limbs_to_field(&prechallenge)
             })
         })
         .collect()

ledger/src/proofs/verification.rs

@@ -7,7 +7,6 @@ use crate::{
     proofs::{
         accumulator_check,
         step::{expand_deferred, StatementProofState},
-        transaction::endos,
         unfinalized::AllEvals,
         verifier_index::make_zkapp_verifier_index,
         wrap::Domain,
@@ -346,12 +345,9 @@ where
         old_bulletproof_challenges,
     } = messages_for_next_step_proof;
 
-    let (_, endo) = endos::<Fq>();
-
     let challenge_polynomial_commitments: Vec<InnerCurve<Fp>> =
         extract_polynomial_commitment(challenge_polynomial_commitments);
-    let old_bulletproof_challenges: Vec<[Fp; 16]> =
-        extract_bulletproof(old_bulletproof_challenges, &endo);
+    let old_bulletproof_challenges: Vec<[Fp; 16]> = extract_bulletproof(old_bulletproof_challenges);
     let dlog_plonk_index = commitments;
 
     MessagesForNextStepProof {
@@ -371,15 +367,10 @@ fn get_message_for_next_wrap_proof(
     let challenge_polynomial_commitments: Vec<InnerCurve<Fq>> =
         extract_polynomial_commitment(&[challenge_polynomial_commitment.clone()]);
 
-    let (_, endo) = endos::<Fp>();
-
-    let old_bulletproof_challenges: Vec<[Fq; 15]> = extract_bulletproof(
-        &[
-            old_bulletproof_challenges[0].0.clone(),
-            old_bulletproof_challenges[1].0.clone(),
-        ],
-        &endo,
-    );
+    let old_bulletproof_challenges: Vec<[Fq; 15]> = extract_bulletproof(&[
+        old_bulletproof_challenges[0].0.clone(),
+        old_bulletproof_challenges[1].0.clone(),
+    ]);
 
     MessagesForNextWrapProof {
         challenge_polynomial_commitment: challenge_polynomial_commitments[0].clone(),

ledger/src/proofs/verifier_index.rs

@@ -32,9 +32,6 @@ use super::{
     wrap::{Domain, Domains},
 };
 
-const PERMUTS: usize = 7;
-const COLUMNS: usize = 15;
-
 pub enum VerifierKind {
     Blockchain,
     Transaction,

ledger/src/proofs/wrap.rs

@@ -548,6 +548,8 @@ pub struct WrapParams<'a> {
 }
 
 pub fn wrap<C: ProofConstants + ForWrapData>(params: WrapParams, w: &mut Witness<Fq>) -> WrapProof {
+    use crate::proofs::public_input::scalar_challenge::ScalarChallenge;
+
     let WrapParams {
         app_state,
         proof,
@@ -566,8 +568,6 @@ pub fn wrap<C: ProofConstants + ForWrapData>(params: WrapParams, w: &mut Witness
         wrap_domain_indices,
     } = C::wrap_data();
 
-    let (_, endo) = endos::<Fq>();
-
     let messages_for_next_step_proof_hash = crate::proofs::transaction::MessagesForNextStepProof {
         app_state,
         challenge_polynomial_commitments: step_statement
@@ -580,10 +580,7 @@ pub fn wrap<C: ProofConstants + ForWrapData>(params: WrapParams, w: &mut Witness
             .messages_for_next_step_proof
             .old_bulletproof_challenges
             .iter()
-            .map(|v| {
-                use crate::proofs::public_input::scalar_challenge::ScalarChallenge;
-                std::array::from_fn(|i| ScalarChallenge::from(v[i]).to_field(&endo))
-            })
+            .map(ScalarChallenge::array_to_fields)
             .collect(),
         dlog_plonk_index,
     }
@@ -594,15 +591,10 @@ pub fn wrap<C: ProofConstants + ForWrapData>(params: WrapParams, w: &mut Witness
         .iter()
         .cloned()
         .map(|mut v| {
-            let (_, endo) = endos::<Fp>();
-
             let old_bulletproof_challenges = v
                 .old_bulletproof_challenges
                 .iter()
-                .map(|v| {
-                    use crate::proofs::public_input::scalar_challenge::ScalarChallenge;
-                    std::array::from_fn(|i| ScalarChallenge::from(v[i]).to_field(&endo))
-                })
+                .map(ScalarChallenge::array_to_fields)
                 .collect();
             v.old_bulletproof_challenges = old_bulletproof_challenges;
             v
@@ -627,10 +619,7 @@ pub fn wrap<C: ProofConstants + ForWrapData>(params: WrapParams, w: &mut Witness
         .messages_for_next_step_proof
         .old_bulletproof_challenges
         .iter()
-        .map(|v| {
-            use crate::proofs::public_input::scalar_challenge::ScalarChallenge;
-            std::array::from_fn(|i| ScalarChallenge::from(v[i]).to_field(&endo))
-        })
+        .map(ScalarChallenge::array_to_fields)
         .collect();
 
     let actual_proofs_verified = prev_challenges.len();
@@ -666,20 +655,16 @@ pub fn wrap<C: ProofConstants + ForWrapData>(params: WrapParams, w: &mut Witness
     };
 
     let messages_for_next_wrap_proof_prepared = {
-        use crate::proofs::public_input::scalar_challenge::ScalarChallenge;
-
         let MessagesForNextWrapProof {
             challenge_polynomial_commitment,
             old_bulletproof_challenges,
         } = &messages_for_next_wrap_proof;
 
-        let (_, endo) = endos::<Fp>();
-
         MessagesForNextWrapProof {
             challenge_polynomial_commitment: challenge_polynomial_commitment.clone(),
             old_bulletproof_challenges: old_bulletproof_challenges
                 .iter()
-                .map(|c| c.map(|c| ScalarChallenge::from(c).to_field(&endo)))
+                .map(ScalarChallenge::array_to_fields)
                 .collect(),
         }
     };