proof-linking: arithmetization: Add wiring preservation test

plonk/benches/collaborative_proof.rs

@@ -71,11 +71,8 @@ fn bench_singleprover(c: &mut Criterion) {
 
 /// Benchmark a collaborative proof on a test circuit
 fn bench_multiprover(c: &mut Criterion) {
-    let runtime = RuntimeBuilder::new_multi_thread()
-        .worker_threads(3)
-        .enable_all()
-        .build()
-        .unwrap();
+    let runtime =
+        RuntimeBuilder::new_multi_thread().worker_threads(3).enable_all().build().unwrap();
 
     let pk = setup_pk();
 
@@ -103,10 +100,7 @@ fn bench_multiprover(c: &mut Criterion) {
 /// Return the latency excluding the MPC setup time
 async fn multiprover_prove(pk: &ProvingKey<TestCurve>) -> Duration {
     // These values are fine tuned
-    let size = ExecutorSizeHints {
-        n_ops: 5_000,
-        n_results: 5_000_000,
-    };
+    let size = ExecutorSizeHints { n_ops: 5_000, n_results: 5_000_000 };
 
     let (elapsed1, elapsed2) = execute_mock_mpc_with_size_hint(
         |fabric| {

plonk/examples/proof_of_exp.rs

@@ -135,9 +135,7 @@ where
     circuit.enforce_point_equal(&X_var_computed, &X_var)?;
 
     // Sanity check: the circuit must be satisfied.
-    assert!(circuit
-        .check_circuit_satisfiability(&[X_jf.get_x(), X_jf.get_y()])
-        .is_ok());
+    assert!(circuit.check_circuit_satisfiability(&[X_jf.get_x(), X_jf.get_y()]).is_ok());
 
     // And we are done!
     circuit.finalize_for_arithmetization()?;

plonk/src/circuit/plonk_verifier/gadgets.rs

@@ -146,9 +146,7 @@ where
             add_pcs_eval_circuit(
                 circuit,
                 &mut result,
-                v_and_uv_basis
-                    .next()
-                    .ok_or(PlonkError::IteratorOutOfRange)?,
+                v_and_uv_basis.next().ok_or(PlonkError::IteratorOutOfRange)?,
                 wire_eval,
                 &non_native_field_info.modulus_fp_elem,
             )?;
@@ -157,9 +155,7 @@ where
             add_pcs_eval_circuit(
                 circuit,
                 &mut result,
-                v_and_uv_basis
-                    .next()
-                    .ok_or(PlonkError::IteratorOutOfRange)?,
+                v_and_uv_basis.next().ok_or(PlonkError::IteratorOutOfRange)?,
                 sigma_eval,
                 &non_native_field_info.modulus_fp_elem,
             )?;
@@ -168,9 +164,7 @@ where
         add_pcs_eval_circuit(
             circuit,
             &mut result,
-            v_and_uv_basis
-                .next()
-                .ok_or(PlonkError::IteratorOutOfRange)?,
+            v_and_uv_basis.next().ok_or(PlonkError::IteratorOutOfRange)?,
             &poly_evals.perm_next_eval,
             &non_native_field_info.modulus_fp_elem,
         )?;
@@ -208,10 +202,8 @@ where
     let mut transcript_var = RescueTranscriptVar::new(circuit);
     if let Some(msg) = extra_transcript_init_msg {
         let msg_fs = bytes_to_field_elements::<_, F>(msg.as_ref());
-        let msg_vars = msg_fs
-            .iter()
-            .map(|x| circuit.create_variable(*x))
-            .collect::<Result<Vec<_>, _>>()?;
+        let msg_vars =
+            msg_fs.iter().map(|x| circuit.create_variable(*x)).collect::<Result<Vec<_>, _>>()?;
         transcript_var.append_message_vars(EXTRA_TRANSCRIPT_MSG_LABEL, &msg_vars)?;
     }
     for (&vk, &pi) in verify_keys.iter().zip(public_inputs.iter()) {
@@ -243,15 +235,7 @@ where
     let u = transcript_var.get_and_append_challenge_var::<E>(b"u", circuit)?;
 
     // convert challenge vars into FpElemVars
-    let challenge_var = ChallengesVar {
-        tau,
-        alpha,
-        beta,
-        gamma,
-        zeta,
-        v,
-        u,
-    };
+    let challenge_var = ChallengesVar { tau, alpha, beta, gamma, zeta, v, u };
 
     let challenge_fp_elem_var =
         challenge_var_to_fp_elem_var(circuit, &challenge_var, &non_native_field_info)?;
@@ -432,11 +416,8 @@ fn compute_alpha_basis<F: PrimeField>(
     non_native_field_info: NonNativeFieldInfo<F>,
 ) -> Result<Vec<FpElemVar<F>>, CircuitError> {
     let mut res = Vec::new();
-    let mut alpha_base_elem_var = FpElemVar::<F>::one(
-        circuit,
-        non_native_field_info.m,
-        non_native_field_info.two_power_m,
-    );
+    let mut alpha_base_elem_var =
+        FpElemVar::<F>::one(circuit, non_native_field_info.m, non_native_field_info.two_power_m);
     res.push(alpha_base_elem_var);
     for _ in 0..len - 1 {
         alpha_base_elem_var = circuit.mod_mul(
@@ -513,14 +494,10 @@ mod test {
             BatchArgument::batch_prove::<_, T>(rng, &instances_type_a, &instances_type_b)?;
 
         // 4. Aggregate verification keys
-        let vks_type_a: Vec<&VerifyingKey<E>> = instances_type_a
-            .iter()
-            .map(|pred| pred.verify_key_ref())
-            .collect();
-        let vks_type_b: Vec<&VerifyingKey<E>> = instances_type_b
-            .iter()
-            .map(|pred| pred.verify_key_ref())
-            .collect();
+        let vks_type_a: Vec<&VerifyingKey<E>> =
+            instances_type_a.iter().map(|pred| pred.verify_key_ref()).collect();
+        let vks_type_b: Vec<&VerifyingKey<E>> =
+            instances_type_b.iter().map(|pred| pred.verify_key_ref()).collect();
         let merged_vks = BatchArgument::aggregate_verify_keys(&vks_type_a, &vks_type_b)?;
         // error path: inconsistent length between vks_type_a and vks_type_b
         assert!(BatchArgument::aggregate_verify_keys(&vks_type_a[1..], &vks_type_b).is_err());
@@ -551,12 +528,8 @@ mod test {
         let fr_modulus_bits = <E::ScalarField as PrimeField>::MODULUS.to_bytes_le();
         let modulus_in_f = F::from_le_bytes_mod_order(&fr_modulus_bits);
         let modulus_fp_elem = FpElem::new(&modulus_in_f, m, two_power_m)?;
-        let non_native_field_info = NonNativeFieldInfo::<F> {
-            m,
-            two_power_m,
-            modulus_in_f,
-            modulus_fp_elem,
-        };
+        let non_native_field_info =
+            NonNativeFieldInfo::<F> { m, two_power_m, modulus_in_f, modulus_fp_elem };
 
         // vk
         let vk_vars = merged_vks
@@ -587,9 +560,7 @@ mod test {
         let public_inputs = [tmp];
 
         assert!(
-            circuit
-                .check_circuit_satisfiability(public_inputs.as_ref())
-                .is_ok(),
+            circuit.check_circuit_satisfiability(public_inputs.as_ref()).is_ok(),
             "{:?}",
             circuit.check_circuit_satisfiability(public_inputs.as_ref())
         );

plonk/src/circuit/plonk_verifier/mod.rs

@@ -108,9 +108,7 @@ impl<E: Pairing> VerifyingKeyVar<E> {
         P: TEParam<BaseField = F>,
     {
         if self.is_merged || other.is_merged {
-            return Err(ParameterError(
-                "cannot merge a merged key again".to_string(),
-            ));
+            return Err(ParameterError("cannot merge a merged key again".to_string()));
         }
         if self.domain_size != other.domain_size {
             return Err(ParameterError(
@@ -195,12 +193,8 @@ impl<E: Pairing> VerifyingKeyVar<E> {
         let modulus_in_f = F::from_le_bytes_mod_order(&fr_modulus_bits);
         let modulus_fp_elem = FpElem::new(&modulus_in_f, m, two_power_m)?;
 
-        let non_native_field_info = NonNativeFieldInfo::<F> {
-            m,
-            two_power_m,
-            modulus_in_f,
-            modulus_fp_elem,
-        };
+        let non_native_field_info =
+            NonNativeFieldInfo::<F> { m, two_power_m, modulus_in_f, modulus_fp_elem };
 
         let verifier = Verifier::<E>::new(domain_size)?;
         let domain = verifier.domain;
@@ -227,11 +221,8 @@ impl<E: Pairing> VerifyingKeyVar<E> {
         //  + u * [shifted_open_proof]
         //  + blinding_factor * [1]1
         let generator_g_var = circuit.create_constant_point_variable(*generator_g)?;
-        let bases = [
-            pcs_info_var.opening_proof,
-            pcs_info_var.shifted_opening_proof,
-            generator_g_var,
-        ];
+        let bases =
+            [pcs_info_var.opening_proof, pcs_info_var.shifted_opening_proof, generator_g_var];
         let u_var = pcs_info_var.u.convert_to_var(circuit)?;
         let scalars = [circuit.one(), u_var, blinding_factor];
 
@@ -247,15 +238,10 @@ impl<E: Pairing> VerifyingKeyVar<E> {
         scalars_and_bases.scalars.push(pcs_info_var.eval_point);
         scalars_and_bases.bases.push(pcs_info_var.opening_proof);
 
-        let tmp = circuit.mod_mul(
-            &pcs_info_var.next_eval_point,
-            &pcs_info_var.u,
-            &modulus_fp_elem,
-        )?;
+        let tmp =
+            circuit.mod_mul(&pcs_info_var.next_eval_point, &pcs_info_var.u, &modulus_fp_elem)?;
         scalars_and_bases.scalars.push(tmp);
-        scalars_and_bases
-            .bases
-            .push(pcs_info_var.shifted_opening_proof);
+        scalars_and_bases.bases.push(pcs_info_var.shifted_opening_proof);
 
         let generator_g_inv_var = circuit.create_constant_point_variable(generator_g.inverse())?;
         scalars_and_bases.scalars.push(pcs_info_var.eval);
@@ -429,9 +415,7 @@ mod test {
         // merged keys can't be merged again.
         let mut bad_vk_vars = vk_type_a_vars.clone();
         bad_vk_vars[0].is_merged = true;
-        assert!(circuit
-            .aggregate_verify_keys::<E, Q>(&bad_vk_vars, &vk_type_b_vars)
-            .is_err());
+        assert!(circuit.aggregate_verify_keys::<E, Q>(&bad_vk_vars, &vk_type_b_vars).is_err());
 
         Ok(())
     }
@@ -508,14 +492,10 @@ mod test {
                 BatchArgument::batch_prove::<_, T>(rng, &instances_type_a, &instances_type_b)?;
 
             // 4. Aggregate verification keys
-            let vks_type_a: Vec<&VerifyingKey<E>> = instances_type_a
-                .iter()
-                .map(|pred| pred.verify_key_ref())
-                .collect();
-            let vks_type_b: Vec<&VerifyingKey<E>> = instances_type_b
-                .iter()
-                .map(|pred| pred.verify_key_ref())
-                .collect();
+            let vks_type_a: Vec<&VerifyingKey<E>> =
+                instances_type_a.iter().map(|pred| pred.verify_key_ref()).collect();
+            let vks_type_b: Vec<&VerifyingKey<E>> =
+                instances_type_b.iter().map(|pred| pred.verify_key_ref()).collect();
             let merged_vks = BatchArgument::aggregate_verify_keys(&vks_type_a, &vks_type_b)?;
             // error path: inconsistent length between vks_type_a and vks_type_b
             assert!(BatchArgument::aggregate_verify_keys(&vks_type_a[1..], &vks_type_b).is_err());
@@ -571,26 +551,20 @@ mod test {
                 // =======================================
                 // instance inputs = partial verify inputs != satisfiability inputs
                 let wrong_public_inputs = [[F::rand(rng)].as_ref()].concat();
-                assert!(circuit
-                    .check_circuit_satisfiability(&wrong_public_inputs)
-                    .is_err(),);
+                assert!(circuit.check_circuit_satisfiability(&wrong_public_inputs).is_err(),);
 
                 // =======================================
                 // bad path: wrong number of pub inputs
                 // =======================================
                 let wrong_public_inputs =
                     [[field_switching(&shared_public_input); 3].as_ref()].concat();
-                assert!(circuit
-                    .check_circuit_satisfiability(&wrong_public_inputs)
-                    .is_err(),);
+                assert!(circuit.check_circuit_satisfiability(&wrong_public_inputs).is_err(),);
 
                 // =======================================
                 // bad path: wrong witness
                 // =======================================
                 *circuit.witness_mut(10) = F::from(0u32);
-                assert!(circuit
-                    .check_circuit_satisfiability(&public_inputs)
-                    .is_err());
+                assert!(circuit.check_circuit_satisfiability(&public_inputs).is_err());
             }
             // ==============================================
             // more bad path: wrong inputs length
@@ -643,9 +617,7 @@ mod test {
                 )?;
 
                 assert!(
-                    circuit
-                        .check_circuit_satisfiability(&public_inputs)
-                        .is_err(),
+                    circuit.check_circuit_satisfiability(&public_inputs).is_err(),
                     "{:?}",
                     circuit.check_circuit_satisfiability(public_inputs.as_ref())
                 );
@@ -666,9 +638,7 @@ mod test {
                 let wrong_public_inputs =
                     [[field_switching(&wrong_shared_public_input)].as_ref()].concat();
                 assert!(
-                    circuit
-                        .check_circuit_satisfiability(&wrong_public_inputs)
-                        .is_ok(),
+                    circuit.check_circuit_satisfiability(&wrong_public_inputs).is_ok(),
                     "{:?}",
                     circuit.check_circuit_satisfiability(wrong_public_inputs.as_ref())
                 );
@@ -797,14 +767,10 @@ mod test {
                 BatchArgument::batch_prove::<_, T>(rng, &instances_type_a, &instances_type_b)?;
 
             // 4. Aggregate verification keys
-            let vks_type_a: Vec<&VerifyingKey<E>> = instances_type_a
-                .iter()
-                .map(|pred| pred.verify_key_ref())
-                .collect();
-            let vks_type_b: Vec<&VerifyingKey<E>> = instances_type_b
-                .iter()
-                .map(|pred| pred.verify_key_ref())
-                .collect();
+            let vks_type_a: Vec<&VerifyingKey<E>> =
+                instances_type_a.iter().map(|pred| pred.verify_key_ref()).collect();
+            let vks_type_b: Vec<&VerifyingKey<E>> =
+                instances_type_b.iter().map(|pred| pred.verify_key_ref()).collect();
             let merged_vks = BatchArgument::aggregate_verify_keys(&vks_type_a, &vks_type_b)?;
 
             // 5. Build circuit