v0.5.0

[gbotrel]

[v0.5.0] - 2021-08-20

Build

• updated to latest gnark-crypto v0.5.0

Feat

• add bls24-315 to gnark
• PlonK implementation as-in-the-paper, with decent performance
• removed gnarkd and examples/benchmark
• better errors for incorrect variable assignments #120
• call stack displayed when AssertIsEqual fails
• remove term.CoeffValue and use constant coeff ID for special values instead
• added NbG1 and NbG2 apis on groth16 Proving and Verifying keys closes #116
• addition of circuit component FiatShamir in std
• remove serialization test by default in assert helper
• addition of unit test for cyclo square in std/../e12.go
• LinearExpression implements Sort interface. replaced quickSort() by sort.Sort(...)
• SparseR1CS and PlonK objects implements io.ReaderFrom and io.WriterTo
• invalid gnark struct tag options return error at compile time fixes #111

Fix

• use of doubling formula instead of add(x,x) fixes #114
• create cbor decoder with MaxArrayElements set to max value
• fix #96
• r1cs compilation is deterministic, fixes #90
• plonk circuit compiled with no constraints #112

Perf

• frontend: compile takes optional expected constraint number to reserve memory and speed up compile time
• plonk: prover uses available CPUs, memory allocation clean up
• plonk: frontend have fast path for -1, 0, 1 and 2 coefficients. less mem allocs.
• replaced string concat in frontend with strings.Builder
• plonk: when doing fft on domainH with coset, don't scale zero values
• plonk: minor tweaks, removing un-needed bitreverse and mem allocs
• scs: sparse r1cs have fast path for special coeffs operations
• std: adds E2/E12 square and cyclo square in E12 (used FinalExp)

Refactor

• mimc uses Write(data) then Sum() instead of Sum(data)
• Hash-->Sum in mimc gadget
• groth16: SizePublicWitness to NbPublicWitness
• renamed GetCurveID() to CurveID() on groth16 objects

Test

• test for Fiat Shamir gadget
• added reference frontend.Compile benchmarks