avoid explicit compression/decompression (#326)

* avoid explicit compression/decompression

* update version

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "nova-snark"
-version = "0.36.0"
+version = "0.37.0"
 authors = ["Srinath Setty <[email protected]>"]
 edition = "2021"
 description = "High-speed recursive arguments from folding schemes"

src/errors.rs

@@ -22,9 +22,6 @@ pub enum NovaError {
   /// returned if the supplied witness is not a satisfying witness to a given shape and instance
   #[error("UnSat")]
   UnSat,
-  /// returned when the supplied compressed commitment cannot be decompressed
-  #[error("DecompressionError")]
-  DecompressionError,
   /// returned if proof verification fails
   #[error("ProofVerifyError")]
   ProofVerifyError,

src/lib.rs

@@ -46,9 +46,7 @@ use r1cs::{
 };
 use serde::{Deserialize, Serialize};
 use traits::{
-  circuit::StepCircuit,
-  commitment::{CommitmentEngineTrait, CommitmentTrait},
-  snark::RelaxedR1CSSNARKTrait,
+  circuit::StepCircuit, commitment::CommitmentEngineTrait, snark::RelaxedR1CSSNARKTrait,
   AbsorbInROTrait, Engine, ROConstants, ROConstantsCircuit, ROTrait,
 };
 
@@ -399,7 +397,7 @@ where
       Some(self.zi_primary.clone()),
       Some(self.r_U_secondary.clone()),
       Some(self.l_u_secondary.clone()),
-      Some(Commitment::<E2>::decompress(&nifs_secondary.comm_T)?),
+      Some(nifs_secondary.comm_T),
     );
 
     let circuit_primary: NovaAugmentedCircuit<'_, E2, C1> = NovaAugmentedCircuit::new(
@@ -433,7 +431,7 @@ where
       Some(self.zi_secondary.clone()),
       Some(self.r_U_primary.clone()),
       Some(l_u_primary),
-      Some(Commitment::<E1>::decompress(&nifs_primary.comm_T)?),
+      Some(nifs_primary.comm_T),
     );
 
     let circuit_secondary: NovaAugmentedCircuit<'_, E1, C2> = NovaAugmentedCircuit::new(
@@ -847,7 +845,6 @@ where
 
 type CommitmentKey<E> = <<E as Engine>::CE as CommitmentEngineTrait<E>>::CommitmentKey;
 type Commitment<E> = <<E as Engine>::CE as CommitmentEngineTrait<E>>::Commitment;
-type CompressedCommitment<E> = <<<E as Engine>::CE as CommitmentEngineTrait<E>>::Commitment as CommitmentTrait<E>>::CompressedCommitment;
 type CE<E> = <E as Engine>::CE;
 
 #[cfg(test)]

src/nifs.rs

@@ -6,8 +6,8 @@ use crate::{
   errors::NovaError,
   r1cs::{R1CSInstance, R1CSShape, R1CSWitness, RelaxedR1CSInstance, RelaxedR1CSWitness},
   scalar_as_base,
-  traits::{commitment::CommitmentTrait, AbsorbInROTrait, Engine, ROTrait},
-  Commitment, CommitmentKey, CompressedCommitment,
+  traits::{AbsorbInROTrait, Engine, ROTrait},
+  Commitment, CommitmentKey,
 };
 use serde::{Deserialize, Serialize};
 
@@ -16,7 +16,7 @@ use serde::{Deserialize, Serialize};
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(bound = "")]
 pub struct NIFS<E: Engine> {
-  pub(crate) comm_T: CompressedCommitment<E>,
+  pub(crate) comm_T: Commitment<E>,
 }
 
 type ROConstants<E> =
@@ -70,12 +70,7 @@ impl<E: Engine> NIFS<E> {
     let W = W1.fold(W2, &T, &r)?;
 
     // return the folded instance and witness
-    Ok((
-      Self {
-        comm_T: comm_T.compress(),
-      },
-      (U, W),
-    ))
+    Ok((Self { comm_T }, (U, W)))
   }
 
   /// Takes as input a relaxed R1CS instance `U1` and R1CS instance `U2`
@@ -100,14 +95,13 @@ impl<E: Engine> NIFS<E> {
     U2.absorb_in_ro(&mut ro);
 
     // append `comm_T` to the transcript and obtain a challenge
-    let comm_T = Commitment::<E>::decompress(&self.comm_T)?;
-    comm_T.absorb_in_ro(&mut ro);
+    self.comm_T.absorb_in_ro(&mut ro);
 
     // compute a challenge from the RO
     let r = ro.squeeze(NUM_CHALLENGE_BITS);
 
     // fold the instance using `r` and `comm_T`
-    let U = U1.fold(U2, &comm_T, &r);
+    let U = U1.fold(U2, &self.comm_T, &r);
 
     // return the folded instance
     Ok(U)

src/provider/bn256_grumpkin.rs

@@ -1,22 +1,18 @@
 //! This module implements the Nova traits for `bn256::Point`, `bn256::Scalar`, `grumpkin::Point`, `grumpkin::Scalar`.
 use crate::{
-  errors::NovaError,
   impl_traits,
-  provider::traits::{CompressedGroup, DlogGroup, PairingGroup},
+  provider::traits::{DlogGroup, PairingGroup},
   traits::{Group, PrimeFieldExt, TranscriptReprTrait},
 };
 use digest::{ExtendableOutput, Update};
 use ff::{FromUniformBytes, PrimeField};
-use group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup, GroupEncoding};
+use group::{cofactor::CofactorCurveAffine, Curve, Group as AnotherGroup};
 use num_bigint::BigInt;
 use num_traits::Num;
 // Remove this when https://github.com/zcash/pasta_curves/issues/41 resolves
 use halo2curves::{
-  bn256::{
-    pairing, G1Affine as Bn256Affine, G1Compressed as Bn256Compressed, G2Affine, G2Compressed, Gt,
-    G1 as Bn256Point, G2,
-  },
-  grumpkin::{G1Affine as GrumpkinAffine, G1Compressed as GrumpkinCompressed, G1 as GrumpkinPoint},
+  bn256::{pairing, G1Affine as Bn256Affine, G2Affine, G2Compressed, Gt, G1 as Bn256Point, G2},
+  grumpkin::{G1Affine as GrumpkinAffine, G1 as GrumpkinPoint},
   msm::best_multiexp,
 };
 use pasta_curves::arithmetic::{CurveAffine, CurveExt};
@@ -36,7 +32,6 @@ pub mod grumpkin {
 
 impl_traits!(
   bn256,
-  Bn256Compressed,
   Bn256Point,
   Bn256Affine,
   "30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001",
@@ -45,7 +40,6 @@ impl_traits!(
 
 impl_traits!(
   grumpkin,
-  GrumpkinCompressed,
   GrumpkinPoint,
   GrumpkinAffine,
   "30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47",
@@ -84,7 +78,6 @@ impl Group for G2 {
 }
 
 impl DlogGroup for G2 {
-  type CompressedGroupElement = G2Compressed;
   type AffineGroupElement = G2Affine;
 
   fn vartime_multiscalar_mul(scalars: &[Self::Scalar], bases: &[Self::AffineGroupElement]) -> Self {
@@ -99,10 +92,6 @@ impl DlogGroup for G2 {
     G2::from(*p)
   }
 
-  fn compress(&self) -> Self::CompressedGroupElement {
-    self.to_bytes()
-  }
-
   fn from_label(_label: &'static [u8], _n: usize) -> Vec<Self::AffineGroupElement> {
     unimplemented!()
   }
@@ -126,19 +115,6 @@ impl<G: DlogGroup> TranscriptReprTrait<G> for G2Compressed {
   }
 }
 
-impl CompressedGroup for G2Compressed {
-  type GroupElement = G2;
-
-  fn decompress(&self) -> Result<G2, NovaError> {
-    let d = G2::from_bytes(self);
-    if d.is_some().into() {
-      Ok(d.unwrap())
-    } else {
-      Err(NovaError::DecompressionError)
-    }
-  }
-}
-
 impl<G: DlogGroup> TranscriptReprTrait<G> for G2Affine {
   fn to_transcript_bytes(&self) -> Vec<u8> {
     unimplemented!()

src/provider/hyperkzg.rs

@@ -8,7 +8,7 @@
 #![allow(non_snake_case)]
 use crate::{
   errors::NovaError,
-  provider::traits::{CompressedGroup, DlogGroup, PairingGroup},
+  provider::traits::{DlogGroup, PairingGroup},
   traits::{
     commitment::{CommitmentEngineTrait, CommitmentTrait, Len},
     evaluation::EvaluationEngineTrait,
@@ -62,37 +62,14 @@ where
   comm: <E as Engine>::GE,
 }
 
-/// A compressed commitment (suitable for serialization)
-#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
-pub struct CompressedCommitment<E>
-where
-  E: Engine,
-  E::GE: PairingGroup,
-{
-  comm: <E::GE as DlogGroup>::CompressedGroupElement,
-}
-
 impl<E> CommitmentTrait<E> for Commitment<E>
 where
   E: Engine,
   E::GE: PairingGroup,
 {
-  type CompressedCommitment = CompressedCommitment<E>;
-
-  fn compress(&self) -> Self::CompressedCommitment {
-    CompressedCommitment {
-      comm: self.comm.compress(),
-    }
-  }
-
   fn to_coordinates(&self) -> (E::Base, E::Base, bool) {
     self.comm.to_coordinates()
   }
-
-  fn decompress(c: &Self::CompressedCommitment) -> Result<Self, NovaError> {
-    let comm = <<E as Engine>::GE as DlogGroup>::CompressedGroupElement::decompress(&c.comm)?;
-    Ok(Commitment { comm })
-  }
 }
 
 impl<E> Default for Commitment<E>
@@ -141,15 +118,6 @@ where
   }
 }
 
-impl<E: Engine> TranscriptReprTrait<E::GE> for CompressedCommitment<E>
-where
-  E::GE: PairingGroup,
-{
-  fn to_transcript_bytes(&self) -> Vec<u8> {
-    self.comm.to_transcript_bytes()
-  }
-}
-
 impl<E> MulAssign<E::Scalar> for Commitment<E>
 where
   E: Engine,

src/provider/ipa_pc.rs

@@ -4,11 +4,10 @@ use crate::{
   provider::{pedersen::CommitmentKeyExtTrait, traits::DlogGroup},
   spartan::polys::eq::EqPolynomial,
   traits::{
-    commitment::{CommitmentEngineTrait, CommitmentTrait},
-    evaluation::EvaluationEngineTrait,
-    Engine, TranscriptEngineTrait, TranscriptReprTrait,
+    commitment::CommitmentEngineTrait, evaluation::EvaluationEngineTrait, Engine,
+    TranscriptEngineTrait, TranscriptReprTrait,
   },
-  Commitment, CommitmentKey, CompressedCommitment, CE,
+  Commitment, CommitmentKey, CE,
 };
 use core::iter;
 use ff::Field;
@@ -156,8 +155,8 @@ impl<E: Engine> InnerProductWitness<E> {
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(bound = "")]
 pub struct InnerProductArgument<E: Engine> {
-  L_vec: Vec<CompressedCommitment<E>>,
-  R_vec: Vec<CompressedCommitment<E>>,
+  L_vec: Vec<Commitment<E>>,
+  R_vec: Vec<Commitment<E>>,
   a_hat: E::Scalar,
 }
 
@@ -200,8 +199,8 @@ where
                        transcript: &mut E::TE|
      -> Result<
       (
-        CompressedCommitment<E>,
-        CompressedCommitment<E>,
+        Commitment<E>,
+        Commitment<E>,
         Vec<E::Scalar>,
         Vec<E::Scalar>,
         CommitmentKey<E>,
@@ -221,17 +220,15 @@ where
           .chain(iter::once(&c_L))
           .copied()
           .collect::<Vec<E::Scalar>>(),
-      )
-      .compress();
+      );
       let R = CE::<E>::commit(
         &ck_L.combine(&ck_c),
         &a_vec[n / 2..n]
           .iter()
           .chain(iter::once(&c_R))
           .copied()
           .collect::<Vec<E::Scalar>>(),
-      )
-      .compress();
+      );
 
       transcript.absorb(b"L", &L);
       transcript.absorb(b"R", &R);
@@ -258,8 +255,8 @@ where
     };
 
     // two vectors to hold the logarithmic number of group elements
-    let mut L_vec: Vec<CompressedCommitment<E>> = Vec::new();
-    let mut R_vec: Vec<CompressedCommitment<E>> = Vec::new();
+    let mut L_vec: Vec<Commitment<E>> = Vec::new();
+    let mut R_vec: Vec<Commitment<E>> = Vec::new();
 
     // we create mutable copies of vectors and generators
     let mut a_vec = W.a_vec.to_vec();
@@ -375,7 +372,7 @@ where
     };
 
     let ck_hat = {
-      let c = CE::<E>::commit(&ck, &s).compress();
+      let c = CE::<E>::commit(&ck, &s);
       CommitmentKey::<E>::reinterpret_commitments_as_ck(&[c])?
     };
 
@@ -385,7 +382,7 @@ where
       let ck_folded = {
         let ck_L = CommitmentKey::<E>::reinterpret_commitments_as_ck(&self.L_vec)?;
         let ck_R = CommitmentKey::<E>::reinterpret_commitments_as_ck(&self.R_vec)?;
-        let ck_P = CommitmentKey::<E>::reinterpret_commitments_as_ck(&[P.compress()])?;
+        let ck_P = CommitmentKey::<E>::reinterpret_commitments_as_ck(&[P])?;
         ck_L.combine(&ck_R).combine(&ck_P)
       };