More refactor

Author: mmaker

nimue-anemoi/Cargo.toml

@@ -6,7 +6,7 @@ license = "MIT/Apache-2.0"
 
 [dependencies]
 ark-ff = { workspace = true }
-nimue = { workspace = true, features = ["ark"] }
+nimue = { workspace = true, features = ["arkworks-algebra"] }
 zeroize = { workspace = true }
 anemoi = { workspace = true, features = ["bls12_381"] }
 ark-bls12-381 = { workspace = true }

nimue-poseidon/Cargo.toml

@@ -5,7 +5,7 @@ edition = "2021"
 license = "MIT/Apache-2.0"
 
 [dependencies]
-nimue = { workspace = true, features = ["ark"] }
+nimue = { workspace = true, features = ["arkworks-algebra"] }
 ark-ff = { workspace = true }
 zeroize = { workspace = true }
 ark-bls12-381 = { workspace = true, optional = true }
@@ -21,8 +21,8 @@ blake2 = { workspace = true }
 [features]
 bn254 = ["ark-bn254"]
 solinas = []
-bls12-381 = ["nimue/ark", "dep:ark-bls12-381"]
-ark-bls12-381 = ["nimue/ark", "dep:ark-bls12-381"]
+bls12-381 = ["nimue/arkworks-algebra", "dep:ark-bls12-381"]
+ark-bls12-381 = ["nimue/arkworks-algebra", "dep:ark-bls12-381"]
 
 [[example]]
 name = "schnorr_algebraic_hash"

nimue-poseidon/examples/schnorr_algebraic_hash.rs

@@ -4,20 +4,20 @@
 use ark_ec::{CurveGroup, PrimeGroup};
 use ark_ff::PrimeField;
 use ark_std::UniformRand;
-use nimue::codecs::ark::*;
+use nimue::codecs::arkworks_algebra::*;
 
 /// Extend the IO pattern with the Schnorr protocol.
-trait SchnorrIOPattern<G: CurveGroup> {
+trait SchnorrDomainSeparator<G: CurveGroup> {
     /// Adds the entire Schnorr protocol to the IO pattern (statement and proof).
     fn add_schnorr_io(self) -> Self;
 }
 
-impl<G, H, U> SchnorrIOPattern<G> for IOPattern<H, U>
+impl<G, H, U> SchnorrDomainSeparator<G> for DomainSeparator<H, U>
 where
     G: CurveGroup,
     U: Unit,
-    H: DuplexInterface<U>,
-    IOPattern<H, U>: GroupIOPattern<G> + ByteIOPattern,
+    H: DuplexSpongeInterface<U>,
+    DomainSeparator<H, U>: GroupDomainSeparator<G> + ByteDomainSeparator,
 {
     fn add_schnorr_io(self) -> Self {
         self.add_points(1, "generator (P)")
@@ -39,15 +39,15 @@ fn keygen<G: CurveGroup>() -> (G::ScalarField, G) {
 }
 
 /// The prove algorithm takes as input
-/// - the prover state `ProverTranscript`, that has access to a random oracle `H` and can absorb/squeeze elements from the group `G`.
+/// - the prover state `ProverState`, that has access to a random oracle `H` and can absorb/squeeze elements from the group `G`.
 /// - The generator `P` in the group.
 /// - the secret key $x \in \mathbb{Z}_p$
 /// It returns a zero-knowledge proof of knowledge of `x` as a sequence of bytes.
 #[allow(non_snake_case)]
 fn prove<G, H, U>(
     // the hash function `H` works over bytes.
     // Algebraic hashes over a particular domain can be denoted with an additional type argument implementing `nimue::Unit`.
-    merlin: &mut ProverTranscript<H, U>,
+    merlin: &mut ProverPrivateState<H, U>,
     // the generator
     P: G,
     // the secret key
@@ -56,11 +56,11 @@ fn prove<G, H, U>(
 where
     U: Unit,
     G::BaseField: PrimeField,
-    H: DuplexInterface<U>,
+    H: DuplexSpongeInterface<U>,
     G: CurveGroup,
-    ProverTranscript<H, U>: GroupWriter<G> + FieldWriter<G::BaseField> + ByteChallenges,
+    ProverPrivateState<H, U>: ProverMessageGroup<G> + ProverMessageField<G::BaseField> + VerifierMessageBytes,
 {
-    // `ProverTranscript` types implement a cryptographically-secure random number generator that is tied to the protocol transcript
+    // `ProverState` types implement a cryptographically-secure random number generator that is tied to the protocol transcript
     // and that can be accessed via the `rng()` function.
     let k = G::ScalarField::rand(merlin.rng());
     let K = P * k;
@@ -79,18 +79,18 @@ where
     merlin.add_scalars(&[r_q])?;
 
     // Output the current protocol transcript as a sequence of bytes.
-    Ok(merlin.transcript())
+    Ok(merlin.narg_string())
 }
 
 /// The verify algorithm takes as input
-/// - the verifier state `VerifierTranscript`, that has access to a random oracle `H` and can deserialize/squeeze elements from the group `G`.
+/// - the verifier state `VerifierState`, that has access to a random oracle `H` and can deserialize/squeeze elements from the group `G`.
 /// - the secret key `witness`
 /// It returns a zero-knowledge proof of knowledge of `witness` as a sequence of bytes.
 #[allow(non_snake_case)]
 fn verify<'a, G, H, U>(
     // `ArkGroupMelin` contains the veirifier state, including the messages currently read. In addition, it is aware of the group `G`
     // from which it can serialize/deserialize elements.
-    arthur: &mut VerifierTranscript<'a, H, U>,
+    arthur: &mut VerifierState<'a, H, U>,
     // The group generator `P``
     P: G,
     // The public key `X`
@@ -100,8 +100,8 @@ where
     U: Unit,
     G::BaseField: PrimeField,
     G: CurveGroup,
-    H: DuplexInterface<U>,
-    VerifierTranscript<'a, H, U>: GroupReader<G> + FieldReader<G::BaseField> + ByteChallenges,
+    H: DuplexSpongeInterface<U>,
+    VerifierState<'a, H, U>: DeserializeGroup<G> + DeserializeField<G::BaseField> + VerifierMessageBytes,
 {
     // Read the protocol from the transcript:
     let [K] = arthur.next_points()?;
@@ -137,15 +137,15 @@ fn main() {
     // type U = ark_bls12_381::Fq;
 
     // Set up the IO for the protocol transcript with domain separator "nimue::examples::schnorr"
-    let io = IOPattern::<H, U>::new("nimue::examples::schnorr");
-    let io = SchnorrIOPattern::<G>::add_schnorr_io(io);
+    let domain_separator = DomainSeparator::<H, U>::new("nimue::examples::schnorr");
+    let domain_separator = SchnorrDomainSeparator::<G>::add_schnorr_io(domain_separator);
 
     // Set up the elements to prove
     let P = G::generator();
     let (x, X) = keygen();
 
     // Create the prover transcript, add the statement to it, and then invoke the prover.
-    let mut merlin = io.to_merlin();
+    let mut merlin = domain_separator.to_merlin();
     merlin.public_points(&[P, X]).unwrap();
     merlin.ratchet().unwrap();
     let proof = prove(&mut merlin, P, x).expect("Invalid proof");
@@ -154,7 +154,7 @@ fn main() {
     println!("Here's a Schnorr signature:\n{}", hex::encode(proof));
 
     // Verify the proof: create the verifier transcript, add the statement to it, and invoke the verifier.
-    let mut arthur = VerifierTranscript::<H, U>::new(&io, &proof);
+    let mut arthur = VerifierState::<H, U>::new(&domain_separator, &proof);
     arthur.public_points(&[P, X]).unwrap();
     arthur.ratchet().unwrap();
     verify(&mut arthur, P, X).expect("Invalid proof");

nimue-poseidon/src/bls12_381.rs

@@ -1,7 +1,7 @@
 use nimue::duplex_sponge::DuplexSponge;
 
-poseidon_sponge!(255, PoseidonPermx5_255_3, x5_255_3);
-poseidon_sponge!(255, PoseidonPermx5_255_5, x5_255_5);
+poseidon_permutation!(255, PoseidonPermx5_255_3, x5_255_3);
+poseidon_permutation!(255, PoseidonPermx5_255_5, x5_255_5);
 
 pub type Poseidonx5_255_3 = DuplexSponge<PoseidonPermx5_255_3>;
 pub type Poseidonx5_255_5 = DuplexSponge<PoseidonPermx5_255_5>;

nimue-poseidon/src/bn254.rs

@@ -1,5 +1,5 @@
-poseidon_sponge!(254, PoseidonPermx5_254_3, x5_254_3);
-poseidon_sponge!(254, PoseidonPermx5_254_5, x5_254_5);
+poseidon_permutation!(254, PoseidonPermx5_254_3, x5_254_3);
+poseidon_permutation!(254, PoseidonPermx5_254_5, x5_254_5);
 mod x5_254_3 {
     use ark_ff::MontFp;
     pub type Field = ark_bn254::Fr;

nimue-poseidon/src/f64.rs

@@ -7,7 +7,7 @@ pub struct FConfig64;
 
 pub type Field64 = Fp64<MontBackend<FConfig64, 1>>;
 
-poseidon_sponge!(64, PoseidonPermx3_64_24, x3_64_24);
+poseidon_permutation!(64, PoseidonPermx3_64_24, x3_64_24);
 
 mod x3_64_24 {
 

nimue-poseidon/src/lib.rs

@@ -12,7 +12,7 @@ use nimue::duplex_sponge::Unit;
 /// The `NAME` const is to distinbuish between different bitsizes of the same Field.
 /// For instance Bls12_381 and Bn254 both have field type Fp<MontBackend<FrConfig, 4>, 4> but are different fields.
 #[derive(Clone)]
-pub struct PoseidonSponge<const NAME: u32, F: PrimeField, const R: usize, const N: usize> {
+pub struct PoseidonPermutation<const NAME: u32, F: PrimeField, const R: usize, const N: usize> {
     /// Number of rounds in a full-round operation.
     pub full_rounds: usize,
     /// Number of rounds in a partial-round operation.
@@ -25,30 +25,30 @@ pub struct PoseidonSponge<const NAME: u32, F: PrimeField, const R: usize, const
     /// Maximally Distance Separating (MDS) Matrix.
     pub mds: &'static [[F; N]],
 
-    /// Sponge state
+    /// Permutation state
     pub state: [F; N],
 }
 
 pub type PoseidonHash<const NAME: u32, F, const R: usize, const N: usize> =
-    DuplexSponge<PoseidonSponge<NAME, F, R, N>>;
+    DuplexSponge<PoseidonPermutation<NAME, F, R, N>>;
 
 impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> AsRef<[F]>
-    for PoseidonSponge<NAME, F, R, N>
+    for PoseidonPermutation<NAME, F, R, N>
 {
     fn as_ref(&self) -> &[F] {
         &self.state
     }
 }
 
 impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> AsMut<[F]>
-    for PoseidonSponge<NAME, F, R, N>
+    for PoseidonPermutation<NAME, F, R, N>
 {
     fn as_mut(&mut self) -> &mut [F] {
         &mut self.state
     }
 }
 
-impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> PoseidonSponge<NAME, F, R, N> {
+impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> PoseidonPermutation<NAME, F, R, N> {
     fn apply_s_box(&self, state: &mut [F], is_full_round: bool) {
         // Full rounds apply the S Box (x^alpha) to every element of state
         if is_full_round {
@@ -84,17 +84,17 @@ impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> PoseidonSpo
 }
 
 impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> zeroize::Zeroize
-    for PoseidonSponge<NAME, F, R, N>
+    for PoseidonPermutation<NAME, F, R, N>
 {
     fn zeroize(&mut self) {
         self.state.zeroize();
     }
 }
 
 impl<const NAME: u32, F, const R: usize, const N: usize> Permutation
-    for PoseidonSponge<NAME, F, R, N>
+    for PoseidonPermutation<NAME, F, R, N>
 where
-    PoseidonSponge<NAME, F, R, N>: Default,
+    PoseidonPermutation<NAME, F, R, N>: Default,
     F: PrimeField + Unit,
 {
     type U = F;
@@ -134,7 +134,7 @@ where
 }
 
 impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> Debug
-    for PoseidonSponge<NAME, F, R, N>
+    for PoseidonPermutation<NAME, F, R, N>
 {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         self.state.fmt(f)
@@ -143,9 +143,9 @@ impl<const NAME: u32, F: PrimeField, const R: usize, const N: usize> Debug
 
 /// Initialization of constants.
 #[allow(unused)]
-macro_rules! poseidon_sponge {
+macro_rules! poseidon_permutation {
     ($bits: expr, $name: ident, $path: tt) => {
-        pub type $name = crate::PoseidonSponge<$bits, $path::Field, { $path::R }, { $path::N }>;
+        pub type $name = crate::PoseidonPermutation<$bits, $path::Field, { $path::R }, { $path::N }>;
 
         impl Default for $name {
             fn default() -> Self {

nimue-poseidon/src/tests.rs

@@ -14,22 +14,22 @@ where
 #[cfg(feature = "bls12-381")]
 #[test]
 fn test_squeeze_bytes_from_algebraic_hash() {
-    use nimue::ByteChallenges;
+    use nimue::VerifierMessageBytes;
 
     type F = ark_bls12_381::Fr;
     type H = crate::bls12_381::Poseidonx5_255_3;
 
-    let io = nimue::IOPattern::<H, F>::new("test").absorb(1, "in");
-    let io = <nimue::IOPattern<H, F> as nimue::codecs::ark::ByteIOPattern>::challenge_bytes(
-        io, 2048, "out",
+    let domain_separator = nimue::DomainSeparator::<H, F>::new("test").absorb(1, "in");
+    let domain_separator = <nimue::DomainSeparator<H, F> as nimue::codecs::arkworks_algebra::ByteDomainSeparator>::challenge_bytes(
+        domain_separator, 2048, "out",
     );
-    let mut merlin = io.to_merlin();
+    let mut merlin = domain_separator.to_merlin();
     merlin.add_units(&[F::from(0x42)]).unwrap();
 
     let mut merlin_challenges = [0u8; 2048];
     merlin.fill_challenge_bytes(&mut merlin_challenges).unwrap();
 
-    let mut arthur = io.to_arthur(merlin.transcript());
+    let mut arthur = domain_separator.to_verifier_state(merlin.narg_string());
     // write the unit to an throw-away array
     arthur.fill_next_units(&mut [F::from(0)]).unwrap();
     let arthur_challenges: [u8; 2048] = arthur.challenge_bytes().unwrap();
@@ -51,7 +51,7 @@ fn test_squeeze_bytes_from_algebraic_hash() {
 fn test_poseidon_bls12_381() {
     use crate::bls12_381::{PoseidonPermx5_255_3, PoseidonPermx5_255_5};
     use ark_ff::MontFp;
-    use nimue::IOPattern;
+    use nimue::DomainSeparator;
     use nimue::UnitTranscript;
 
     type F = ark_bls12_381::Fr;
@@ -86,10 +86,10 @@ fn test_poseidon_bls12_381() {
 
     // Check that poseidon can indeed be instantiated and doesn't do terribly stupid things like give 0 challenges.
     use crate::bls12_381::Poseidonx5_255_3;
-    let io = IOPattern::<Poseidonx5_255_3, F>::new("test")
+    let domain_separator = DomainSeparator::<Poseidonx5_255_3, F>::new("test")
         .absorb(1, "in")
         .squeeze(10, "out");
-    let mut merlin = io.to_merlin();
+    let mut merlin = domain_separator.to_merlin();
     merlin.add_units(&[F::from(0x42)]).unwrap();
 
     let mut challenges = [F::from(0); 10];

nimue-pow/src/blake3.rs

@@ -144,20 +144,20 @@ impl Blake3PoW {
 
 #[test]
 fn test_pow_blake3() {
-    use crate::{ByteIOPattern, ByteReader, ByteWriter, PoWChallenge, PoWIOPattern};
-    use nimue::{DefaultHash, IOPattern};
+    use crate::{ByteDomainSeparator, ByteReader, ByteWriter, PoWChallenge, PoWDomainSeparator};
+    use nimue::{DefaultHash, DomainSeparator};
 
     const BITS: f64 = 10.0;
 
-    let iopattern = IOPattern::<DefaultHash>::new("the proof of work lottery 🎰")
+    let domain_separator = DomainSeparator::<DefaultHash>::new("the proof of work lottery 🎰")
         .add_bytes(1, "something")
         .challenge_pow("rolling dices");
 
-    let mut prover = iopattern.to_merlin();
-    prover.add_bytes(b"\0").expect("Invalid IOPattern");
+    let mut prover = domain_separator.to_merlin();
+    prover.add_bytes(b"\0").expect("Invalid DomainSeparator");
     prover.challenge_pow::<Blake3PoW>(BITS).unwrap();
 
-    let mut verifier = iopattern.to_arthur(prover.transcript());
+    let mut verifier = domain_separator.to_verifier_state(prover.narg_string());
     let byte = verifier.next_bytes::<1>().unwrap();
     assert_eq!(&byte, b"\0");
     verifier.challenge_pow::<Blake3PoW>(BITS).unwrap();

nimue-pow/src/keccak.rs

@@ -30,20 +30,20 @@ impl PowStrategy for KeccakPoW {
 
 #[test]
 fn test_pow_keccak() {
-    use crate::{ByteIOPattern, ByteReader, ByteWriter, PoWChallenge, PoWIOPattern};
-    use nimue::{DefaultHash, IOPattern};
+    use crate::{ByteDomainSeparator, ByteReader, ByteWriter, PoWChallenge, PoWDomainSeparator};
+    use nimue::{DefaultHash, DomainSeparator};
 
     const BITS: f64 = 10.0;
 
-    let iopattern = IOPattern::<DefaultHash>::new("the proof of work lottery 🎰")
+    let domain_separator = DomainSeparator::<DefaultHash>::new("the proof of work lottery 🎰")
         .add_bytes(1, "something")
         .challenge_pow("rolling dices");
 
-    let mut prover = iopattern.to_merlin();
-    prover.add_bytes(b"\0").expect("Invalid IOPattern");
+    let mut prover = domain_separator.to_merlin();
+    prover.add_bytes(b"\0").expect("Invalid DomainSeparator");
     prover.challenge_pow::<KeccakPoW>(BITS).unwrap();
 
-    let mut verifier = iopattern.to_arthur(prover.transcript());
+    let mut verifier = domain_separator.to_verifier_state(prover.narg_string());
     let byte = verifier.next_bytes::<1>().unwrap();
     assert_eq!(&byte, b"\0");
     verifier.challenge_pow::<KeccakPoW>(BITS).unwrap();