Remove ChallengeGenerator for Brakedown (#53)

* Squash and merge `delete-chalgen` onto here

* Fix Brakedown for `ChallengeGenerator` and `AsRef` for Merkle tree

* Remove `IOPTranscript` (#52)

* Replace the `IOPTranscript` with `CryptographicSponge`

* Delete extra comments

* Delete TODOs and do not absorb what you just squeezed

README.md

@@ -57,7 +57,7 @@ This trait defines the interface for a polynomial commitment scheme. It is recom
 // In this example, we will commit to a single polynomial, open it first at one point, and then batched at two points, and finally verify the proofs.
 // We will use the KZG10 polynomial commitment scheme, following the approach from Marlin.
 
-use ark_poly_commit::{Polynomial, marlin_pc::MarlinKZG10, LabeledPolynomial, PolynomialCommitment, QuerySet, Evaluations, challenge::ChallengeGenerator};
+use ark_poly_commit::{Polynomial, marlin_pc::MarlinKZG10, LabeledPolynomial, PolynomialCommitment, QuerySet, Evaluations};
 use ark_bls12_377::Bls12_377;
 use ark_crypto_primitives::sponge::poseidon::{PoseidonSponge, PoseidonConfig};
 use ark_crypto_primitives::sponge::CryptographicSponge;
@@ -130,15 +130,13 @@ let (ck, vk) = PCS::trim(&pp, degree, 2, Some(&[degree])).unwrap();
 // The prover commits to the polynomial using their committer key `ck`.
 let (comms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); 
 
-let challenge_generator: ChallengeGenerator<<Bls12_377 as Pairing>::ScalarField, Sponge_Bls12_377> = ChallengeGenerator::new_univariate(&mut test_sponge);
-
 // 4a. PolynomialCommitment::open
 // Opening proof at a single point.
-let proof_single = PCS::open(&ck, [&labeled_poly], &comms, &point_1, &mut (challenge_generator.clone()), &states, None).unwrap(); 
+let proof_single = PCS::open(&ck, [&labeled_poly], &comms, &point_1, &mut (test_sponge.clone()), &states, None).unwrap(); 
 
 // 5a. PolynomialCommitment::check
 // Verifying the proof at a single point, given the commitment, the point, the claimed evaluation, and the proof.
-assert!(PCS::check(&vk, &comms, &point_1, [secret_poly.evaluate(&point_1)], &proof_single, &mut (challenge_generator.clone()), Some(rng)).unwrap()); 
+assert!(PCS::check(&vk, &comms, &point_1, [secret_poly.evaluate(&point_1)], &proof_single, &mut (test_sponge.clone()), Some(rng)).unwrap()); 
 
 let mut query_set = QuerySet::new();
 let mut values = Evaluations::new();
@@ -155,7 +153,7 @@ let proof_batched = PCS::batch_open(
    [&labeled_poly],
    &comms,
    &query_set,
-   &mut (challenge_generator.clone()),
+   &mut (test_sponge.clone()),
    &states,
    Some(rng),
 ).unwrap();
@@ -167,7 +165,7 @@ assert!(PCS::batch_check(
    &query_set,
    &values,
    &proof_batched,
-   &mut (challenge_generator.clone()),
+   &mut (test_sponge.clone()),
    rng,
 ).unwrap());
 ```

bench-templates/src/lib.rs

@@ -17,9 +17,7 @@ use rand_chacha::{
 use core::time::Duration;
 use std::{borrow::Borrow, marker::PhantomData, time::Instant};
 
-use ark_poly_commit::{
-    challenge::ChallengeGenerator, to_bytes, LabeledPolynomial, PolynomialCommitment,
-};
+use ark_poly_commit::{to_bytes, LabeledPolynomial, PolynomialCommitment};
 
 pub use criterion::*;
 pub use paste::paste;
@@ -140,7 +138,7 @@ where
         [&labeled_poly],
         &coms,
         &point,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
+        &mut test_sponge(),
         &states,
         Some(rng),
     )
@@ -173,7 +171,7 @@ where
         [&labeled_poly],
         &coms,
         &point,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
+        &mut test_sponge(),
         &states,
         Some(rng),
     )
@@ -210,7 +208,7 @@ where
         [&labeled_poly],
         &coms,
         &point,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
+        &mut test_sponge(),
         &states,
         Some(rng),
     )
@@ -223,7 +221,7 @@ where
         &point,
         [claimed_eval],
         &proof,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
+        &mut test_sponge(),
         None,
     )
     .unwrap();

poly-commit/src/constraints.rs

@@ -5,7 +5,7 @@ use crate::{
 use ark_crypto_primitives::sponge::CryptographicSponge;
 use ark_ff::PrimeField;
 use ark_poly::Polynomial;
-use ark_r1cs_std::fields::nonnative::NonNativeFieldVar;
+use ark_r1cs_std::fields::emulated_fp::EmulatedFpVar;
 use ark_r1cs_std::{fields::fp::FpVar, prelude::*};
 use ark_relations::r1cs::{ConstraintSystemRef, Namespace, Result as R1CSResult, SynthesisError};
 use ark_std::{borrow::Borrow, cmp::Eq, cmp::PartialEq, hash::Hash, marker::Sized};
@@ -24,8 +24,8 @@ pub enum LinearCombinationCoeffVar<TargetField: PrimeField, BaseField: PrimeFiel
     One,
     /// Coefficient -1.
     MinusOne,
-    /// Other coefficient, represented as a nonnative field element.
-    Var(NonNativeFieldVar<TargetField, BaseField>),
+    /// Other coefficient, represented as a "emulated" field element.
+    Var(EmulatedFpVar<TargetField, BaseField>),
 }
 
 /// An allocated version of `LinearCombination`.
@@ -60,7 +60,7 @@ impl<TargetField: PrimeField, BaseField: PrimeField>
                 let (f, lc_term) = term;
 
                 let fg =
-                    NonNativeFieldVar::new_variable(ark_relations::ns!(cs, "term"), || Ok(f), mode)
+                    EmulatedFpVar::new_variable(ark_relations::ns!(cs, "term"), || Ok(f), mode)
                         .unwrap();
 
                 (LinearCombinationCoeffVar::Var(fg), lc_term.clone())
@@ -79,12 +79,12 @@ impl<TargetField: PrimeField, BaseField: PrimeField>
 pub struct PCCheckRandomDataVar<TargetField: PrimeField, BaseField: PrimeField> {
     /// Opening challenges.
     /// The prover and the verifier MUST use the same opening challenges.
-    pub opening_challenges: Vec<NonNativeFieldVar<TargetField, BaseField>>,
+    pub opening_challenges: Vec<EmulatedFpVar<TargetField, BaseField>>,
     /// Bit representations of the opening challenges.
     pub opening_challenges_bits: Vec<Vec<Boolean<BaseField>>>,
     /// Batching random numbers.
     /// The verifier can choose these numbers freely, as long as they are random.
-    pub batching_rands: Vec<NonNativeFieldVar<TargetField, BaseField>>,
+    pub batching_rands: Vec<EmulatedFpVar<TargetField, BaseField>>,
     /// Bit representations of the batching random numbers.
     pub batching_rands_bits: Vec<Vec<Boolean<BaseField>>>,
 }
@@ -172,7 +172,7 @@ pub struct LabeledPointVar<TargetField: PrimeField, BaseField: PrimeField> {
     /// MUST be a unique identifier in a query set.
     pub name: String,
     /// The point value.
-    pub value: NonNativeFieldVar<TargetField, BaseField>,
+    pub value: EmulatedFpVar<TargetField, BaseField>,
 }
 
 /// An allocated version of `QuerySet`.
@@ -184,16 +184,16 @@ pub struct QuerySetVar<TargetField: PrimeField, BaseField: PrimeField>(
 /// An allocated version of `Evaluations`.
 #[derive(Clone)]
 pub struct EvaluationsVar<TargetField: PrimeField, BaseField: PrimeField>(
-    pub HashMap<LabeledPointVar<TargetField, BaseField>, NonNativeFieldVar<TargetField, BaseField>>,
+    pub HashMap<LabeledPointVar<TargetField, BaseField>, EmulatedFpVar<TargetField, BaseField>>,
 );
 
 impl<TargetField: PrimeField, BaseField: PrimeField> EvaluationsVar<TargetField, BaseField> {
     /// find the evaluation result
     pub fn get_lc_eval(
         &self,
         lc_string: &str,
-        point: &NonNativeFieldVar<TargetField, BaseField>,
-    ) -> Result<NonNativeFieldVar<TargetField, BaseField>, SynthesisError> {
+        point: &EmulatedFpVar<TargetField, BaseField>,
+    ) -> Result<EmulatedFpVar<TargetField, BaseField>, SynthesisError> {
         let key = LabeledPointVar::<TargetField, BaseField> {
             name: String::from(lc_string),
             value: point.clone(),

poly-commit/src/ipa_pc/mod.rs

@@ -15,7 +15,6 @@ pub use data_structures::*;
 #[cfg(feature = "parallel")]
 use rayon::prelude::*;
 
-use crate::challenge::ChallengeGenerator;
 use ark_crypto_primitives::sponge::CryptographicSponge;
 use digest::Digest;
 
@@ -105,7 +104,7 @@ where
         point: G::ScalarField,
         values: impl IntoIterator<Item = G::ScalarField>,
         proof: &Proof<G>,
-        opening_challenges: &mut ChallengeGenerator<G::ScalarField, S>,
+        sponge: &mut S,
     ) -> Option<SuccinctCheckPolynomial<G::ScalarField>> {
         let check_time = start_timer!(|| "Succinct checking");
 
@@ -117,7 +116,8 @@ where
         let mut combined_commitment_proj = G::Group::zero();
         let mut combined_v = G::ScalarField::zero();
 
-        let mut cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE);
+        let mut cur_challenge: G::ScalarField =
+            sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
 
         let labeled_commitments = commitments.into_iter();
         let values = values.into_iter();
@@ -126,7 +126,7 @@ where
             let commitment = labeled_commitment.commitment();
             combined_v += &(cur_challenge * &value);
             combined_commitment_proj += &labeled_commitment.commitment().comm.mul(cur_challenge);
-            cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE);
+            cur_challenge = sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
 
             let degree_bound = labeled_commitment.degree_bound();
             assert_eq!(degree_bound.is_some(), commitment.shifted_comm.is_some());
@@ -137,7 +137,7 @@ where
                 combined_commitment_proj += &commitment.shifted_comm.unwrap().mul(cur_challenge);
             }
 
-            cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE);
+            cur_challenge = sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
         }
 
         let mut combined_commitment = combined_commitment_proj.into_affine();
@@ -488,7 +488,7 @@ where
         labeled_polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<G::ScalarField, P>>,
         commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
         point: &'a P::Point,
-        opening_challenges: &mut ChallengeGenerator<G::ScalarField, S>,
+        sponge: &mut S,
         states: impl IntoIterator<Item = &'a Self::CommitmentState>,
         rng: Option<&mut dyn RngCore>,
     ) -> Result<Self::Proof, Self::Error>
@@ -509,7 +509,7 @@ where
 
         let combine_time = start_timer!(|| "Combining polynomials, randomness, and commitments.");
 
-        let mut cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE);
+        let mut cur_challenge = sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
 
         for (labeled_polynomial, (labeled_commitment, state)) in
             polys_iter.zip(comms_iter.zip(states_iter))
@@ -531,7 +531,7 @@ where
                 combined_rand += &(cur_challenge * &state.rand);
             }
 
-            cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE);
+            cur_challenge = sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
 
             let has_degree_bound = degree_bound.is_some();
 
@@ -564,7 +564,7 @@ where
                 }
             }
 
-            cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE);
+            cur_challenge = sponge.squeeze_field_elements_with_sizes(&[CHALLENGE_SIZE])[0];
         }
 
         end_timer!(combine_time);
@@ -739,7 +739,7 @@ where
         point: &'a P::Point,
         values: impl IntoIterator<Item = G::ScalarField>,
         proof: &Self::Proof,
-        opening_challenges: &mut ChallengeGenerator<G::ScalarField, S>,
+        sponge: &mut S,
         _rng: Option<&mut dyn RngCore>,
     ) -> Result<bool, Self::Error>
     where
@@ -762,8 +762,7 @@ where
             ));
         }
 
-        let check_poly =
-            Self::succinct_check(vk, commitments, *point, values, proof, opening_challenges);
+        let check_poly = Self::succinct_check(vk, commitments, *point, values, proof, sponge);
 
         if check_poly.is_none() {
             return Ok(false);
@@ -790,7 +789,7 @@ where
         query_set: &QuerySet<P::Point>,
         values: &Evaluations<G::ScalarField, P::Point>,
         proof: &Self::BatchProof,
-        opening_challenges: &mut ChallengeGenerator<G::ScalarField, S>,
+        sponge: &mut S,
         rng: &mut R,
     ) -> Result<bool, Self::Error>
     where
@@ -833,14 +832,8 @@ where
                 vals.push(*v_i);
             }
 
-            let check_poly = Self::succinct_check(
-                vk,
-                comms.into_iter(),
-                *point,
-                vals.into_iter(),
-                p,
-                opening_challenges,
-            );
+            let check_poly =
+                Self::succinct_check(vk, comms.into_iter(), *point, vals.into_iter(), p, sponge);
 
             if check_poly.is_none() {
                 return Ok(false);
@@ -876,7 +869,7 @@ where
         polynomials: impl IntoIterator<Item = &'a LabeledPolynomial<G::ScalarField, P>>,
         commitments: impl IntoIterator<Item = &'a LabeledCommitment<Self::Commitment>>,
         query_set: &QuerySet<P::Point>,
-        opening_challenges: &mut ChallengeGenerator<G::ScalarField, S>,
+        sponge: &mut S,
         states: impl IntoIterator<Item = &'a Self::CommitmentState>,
         rng: Option<&mut dyn RngCore>,
     ) -> Result<BatchLCProof<G::ScalarField, Self::BatchProof>, Self::Error>
@@ -971,7 +964,7 @@ where
             lc_polynomials.iter(),
             lc_commitments.iter(),
             &query_set,
-            opening_challenges,
+            sponge,
             lc_states.iter(),
             rng,
         )?;
@@ -987,7 +980,7 @@ where
         eqn_query_set: &QuerySet<P::Point>,
         eqn_evaluations: &Evaluations<P::Point, G::ScalarField>,
         proof: &BatchLCProof<G::ScalarField, Self::BatchProof>,
-        opening_challenges: &mut ChallengeGenerator<G::ScalarField, S>,
+        sponge: &mut S,
         rng: &mut R,
     ) -> Result<bool, Self::Error>
     where
@@ -1060,7 +1053,7 @@ where
             &eqn_query_set,
             &evaluations,
             proof,
-            opening_challenges,
+            sponge,
             rng,
         )
     }