integrate pairing/bellperson/blst

Cargo.toml

@@ -16,13 +16,14 @@ num_cpus = "1"
 crossbeam = "0.7"
 ff = { version = "0.2.1", package = "fff" }
 blake2b_simd = "0.5.8"
-bellperson = "0.9.0"
-paired = "0.20.1"
+bellperson = { git = "https://github.com/filecoin-project/bellman", branch = "blstrs", default-features = false }
 groupy = "0.3.0"
 rand_chacha = "0.2.1"
 rayon = "1.2.1"
 log = "0.4.7"
 
 [features]
-default = []
+default = ["pairing"]
 gpu = ["bellperson/gpu"]
+pairing = ["bellperson/pairing"]
+blst = ["bellperson/blst"]

examples/mimc.rs

@@ -1,6 +1,5 @@
 extern crate bellperson;
 extern crate ff;
-extern crate paired;
 extern crate phase21;
 extern crate rand;
 
@@ -10,13 +9,9 @@ use rand::thread_rng;
 // For benchmarking
 use std::time::{Duration, Instant};
 
-// Bring in some tools for using pairing-friendly curves
-use paired::Engine;
-
 use ff::Field;
 
-// We're going to use the BLS12-381 pairing-friendly elliptic curve.
-use paired::bls12_381::{Bls12, Fr};
+use bellperson::bls::{Bls12, Fr, Engine};
 
 // We'll use these interfaces to construct our circuit.
 use bellperson::{Circuit, ConstraintSystem, SynthesisError};

src/lib.rs

@@ -2,21 +2,20 @@
 //!
 //! ## Make your circuit
 //!
-//! Grab the [`bellperson`](https://github.com/filecoin-project/bellman) and
-//! [`paired`](https://github.com/filecoin-project/pairing) crates. Bellman
+//! Grab the [`bellperson`](https://github.com/filecoin-project/bellman) crate. Bellman
 //! provides a trait called `Circuit`, which you must implement
 //! for your computation.
 //!
 //! Here's a silly example: proving you know the cube root of
 //! a field element.
 //!
 //! ```rust
-//! use paired::Engine;
 //! use ff::Field;
 //! use bellperson::{
 //!     Circuit,
 //!     ConstraintSystem,
 //!     SynthesisError,
+//!     bls::Engine,
 //! };
 //!
 //! struct CubeRoot<E: Engine> {
@@ -81,7 +80,7 @@
 //! let's create some parameters and make some proofs.
 //!
 //! ```rust,ignore
-//! use paired::bls12_381::{Bls12, Fr};
+//! use bellperson::bls::{Bls12, Fr};
 //! use bellperson::groth16::{
 //!     generate_random_parameters,
 //!     create_random_proof,
@@ -209,8 +208,8 @@ use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
 use ff::{Field, PrimeField};
 use groupy::{CurveAffine, CurveProjective, EncodedPoint, Wnaf};
 use log::{error, info};
-use paired::{
-    bls12_381::{Bls12, Fr, G1Affine, G1Uncompressed, G2Affine, G2Uncompressed, G1, G2},
+use bellperson::bls::{
+    Bls12, Fr, G1Affine, G1Uncompressed, G2Affine, G2Uncompressed, G1Projective, G2Projective,
     Engine, PairingCurveAffine,
 };
 use rand::{Rng, SeedableRng};
@@ -543,15 +542,15 @@ impl MPCParameters {
         let alpha_coeffs_g1 = Arc::new(alpha_coeffs_g1);
         let beta_coeffs_g1 = Arc::new(beta_coeffs_g1);
 
-        let mut ic = vec![G1::zero(); assembly.num_inputs];
+        let mut ic = vec![G1Projective::zero(); assembly.num_inputs];
         info!("phase2::MPCParameters::new() initialized ic vector");
-        let mut l = vec![G1::zero(); assembly.num_aux];
+        let mut l = vec![G1Projective::zero(); assembly.num_aux];
         info!("phase2::MPCParameters::new() initialized l vector");
-        let mut a_g1 = vec![G1::zero(); assembly.num_inputs + assembly.num_aux];
+        let mut a_g1 = vec![G1Projective::zero(); assembly.num_inputs + assembly.num_aux];
         info!("phase2::MPCParameters::new() initialized a_g1 vector");
-        let mut b_g1 = vec![G1::zero(); assembly.num_inputs + assembly.num_aux];
+        let mut b_g1 = vec![G1Projective::zero(); assembly.num_inputs + assembly.num_aux];
         info!("phase2::MPCParameters::new() initialized b_g1 vector");
-        let mut b_g2 = vec![G2::zero(); assembly.num_inputs + assembly.num_aux];
+        let mut b_g2 = vec![G2Projective::zero(); assembly.num_inputs + assembly.num_aux];
         info!("phase2::MPCParameters::new() initialized b_g2 vector");
 
         #[allow(clippy::too_many_arguments)]
@@ -568,10 +567,10 @@ impl MPCParameters {
             ct: &[Vec<(Fr, usize)>],
 
             // Resulting evaluated QAP polynomials
-            a_g1: &mut [G1],
-            b_g1: &mut [G1],
-            b_g2: &mut [G2],
-            ext: &mut [G1],
+            a_g1: &mut [G1Projective],
+            b_g1: &mut [G1Projective],
+            b_g2: &mut [G2Projective],
+            ext: &mut [G1Projective],
 
             // Worker
             worker: &Worker,
@@ -627,10 +626,10 @@ impl MPCParameters {
                         }
 
                         // Batch normalize
-                        G1::batch_normalization(a_g1);
-                        G1::batch_normalization(b_g1);
-                        G2::batch_normalization(b_g2);
-                        G1::batch_normalization(ext);
+                        G1Projective::batch_normalization(a_g1);
+                        G1Projective::batch_normalization(b_g1);
+                        G2Projective::batch_normalization(b_g2);
+                        G1Projective::batch_normalization(ext);
                     });
                 }
             });
@@ -1508,7 +1507,7 @@ fn keypair<R: Rng>(rng: &mut R, current: &MPCParameters) -> (PublicKey, PrivateK
     let delta: Fr = Fr::random(rng);
 
     // Compute delta s-pair in G1
-    let s = G1::random(rng).into_affine();
+    let s = G1Projective::random(rng).into_affine();
     let s_delta = s.mul(delta).into_affine();
 
     // H(cs_hash | <previous pubkeys> | s | s_delta)
@@ -1549,13 +1548,13 @@ fn keypair<R: Rng>(rng: &mut R, current: &MPCParameters) -> (PublicKey, PrivateK
 
 /// Hashes to G2 using the first 32 bytes of `digest`. Panics if `digest` is less
 /// than 32 bytes.
-pub(crate) fn hash_to_g2(digest: &[u8]) -> G2 {
+pub(crate) fn hash_to_g2(digest: &[u8]) -> G2Projective {
     assert!(digest.len() >= 32);
 
     let mut seed = [0u8; 32];
     seed.copy_from_slice(&digest[..32]);
 
-    G2::random(&mut ChaChaRng::from_seed(seed))
+    G2Projective::random(&mut ChaChaRng::from_seed(seed))
 }
 
 /// Abstraction over a writer which hashes the data being written.

src/small.rs

@@ -7,8 +7,8 @@ use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
 use ff::{Field, PrimeField};
 use groupy::{CurveAffine, CurveProjective, EncodedPoint, Wnaf};
 use log::{error, info};
-use paired::bls12_381::{
-    Fr, G1Affine, G1Uncompressed, G2Affine, G2Uncompressed, G1 as G1Projective,
+use bellperson::bls::{
+    Fr, G1Affine, G1Uncompressed, G2Affine, G2Uncompressed, G1Projective,
 };
 use rand::Rng;
 

tests/large.rs

@@ -4,7 +4,7 @@ use std::path::Path;
 
 use bellperson::groth16::{create_random_proof, prepare_verifying_key, verify_proof};
 use ff::Field;
-use paired::bls12_381::{Bls12, Fr};
+use bellperson::bls::{Bls12, Fr};
 use phase21::{contains_contribution, MPCParameters, verify_contribution};
 use rand::thread_rng;
 

tests/mimc/mod.rs

@@ -1,6 +1,6 @@
 use bellperson::{Circuit, ConstraintSystem, SynthesisError};
 use ff::Field;
-use paired::Engine;
+use bellperson::bls::Engine;
 
 pub const MIMC_ROUNDS: usize = 322;
 

tests/small.rs

@@ -6,7 +6,7 @@ use std::path::Path;
 
 use bellperson::groth16::{create_random_proof, prepare_verifying_key, verify_proof};
 use ff::Field;
-use paired::bls12_381::{Bls12, Fr};
+use bellperson::bls::{Bls12, Fr};
 use phase21::small::{read_small_params_from_large_file, verify_contribution_small, MPCSmall};
 use phase21::{verify_contribution, MPCParameters};
 use rand::{thread_rng, SeedableRng};