R1cs nark pcd

[Will-Lin4]

Dummy PR

[Pratyush]

Suggested change

	pub(crate) type MainField<E> = <<E as CurveCycle>::E2 as AffineCurve>::BaseField;
	pub(crate) type MainField<E> = <<E as CurveCycle>::E1 as AffineCurve>::ScalarField;

[Will-Lin4]

For some reason, applying this change causes the library to not compile. An example of an error is: the trait ark_ff::PrimeField is not implemented for <<E as CurveCycle>::E2 as AffineCurve>::BaseField. It isn't clear to me why it isn't detecting it as a PrimeField. Maybe it is just substituting the BaseField in without doing anything else due to https://github.com/arkworks-rs/algebra/blob/dae430780082b8ebd3e092f08759c8e274d47e56/ec/src/lib.rs#L336-L338?

[Pratyush]

If we know we're only ever allocating one variable, we can hard code the result of cs.num_instance_variables(). If that can change, we should instead invoke the appropriate code (eg: SpongeOutout::new_input(cs.clone(), || Ok(dummy_output))).

[Will-Lin4]

I agree that we should invoke the appropriate code rather than directly using the HelpField.

However, wouldn't it be a poor choice to break the abstraction of the ConstraintSystem by hard coding the expected number of instance variables? If I am remembering correctly, one implementation detail of ConstraintSystem is that it adds a one when initializing the instance variables. However, such detail isn't very relevant to this library (we only care that we are using the outputs of CS) and if that implementation detail ever changes (would it?), then it may introduce some difficult to find bugs.

Considering this point, would we still want to hard code the number of instance variables?

[Pratyush]

Maybe we should make this also placeholder, instead of zero?

[Will-Lin4]

I have opened a PR in accumulation to apply this change (arkworks-rs/accumulation#34).

[Pratyush]

We can avoid the _var suffix; we aren't using claimed_input_hash anywhere afterwards, right? Similarly for the other cases.

[Will-Lin4]

claimed_input_hash_var and other variables have their native counterparts, so I think having _var is necessary.

pcd/src/r1cs_nark_pcd/help_circuit.rs

Line 178 in 30ae1ef

let claimed_input_hash: HelpField<E> =

pcd/src/r1cs_nark_pcd/help_circuit.rs

Lines 133 to 141 in 30ae1ef

	let HelpCircuit {
	main_avk,
	main_accumulation_input_instances: main_input_instances,
	main_old_accumulator_instances,
	main_new_accumulator_instance,
	mut main_accumulation_proof,
	_config_phantom,
	_predicate_phantom,
	} = self;

[Pratyush]

This should be allocated as a input, otherwise the prover can always set it to true, forcing the accumulation part to be ignored.

EDIT: unless this is checked via the hash, which it isn't right now.

[Will-Lin4]

If we allocate base_case_var as an input, the prover in the next recursive step would need to know whether the prior step was a base case for the accumulation right? Currently, I don't think the PCD library gives the prover this information. Would we need to modify the API to include such detail or is there any other way of passing such information around?

[Pratyush]

Maybe you can extract this into a CurveCycleGadget trait, similar to CurveCycle?

[Will-Lin4]

Would putting this relation into a gadget/var be appropriate? The constraint fields are different. Gadgets and vars usually specify a single constraint field right?

[rozbb]

Hi all, what is the status of this PR? I'm trying to play with some IVC stuff and I'd like to see the feasibility of this scheme for our idea. Currently this branch doesn't compile. The errors are coming from the ark-poly-commit dependency.

[Will-Lin4]

Hi all, what is the status of this PR? I'm trying to play with some IVC stuff and I'd like to see the feasibility of this scheme for our idea. Currently this branch doesn't compile. The errors are coming from the ark-poly-commit dependency.

Hello! I am not currently developing for this repository. This branch depended on an older version of ark-poly-commit, which is likely the reason the branch is not compiling.