Use Bn256/Grumpkin curves as a default setting (#1039)

* chore: Use Bn256/Grumpkin curves by default in field.rs

* chore: Use Bn256/Grumpkin curves by default in symbol.rs

* chore: Use Bn256/Grumpkin curves by default in parser/syntax.rs

* chore: Use Bn256/Grumpkin curves by default in eval/lang.rs

* chore: Use Bn256/Grumpkin curves by default in parser/string.rs

* chore: Use Bn256/Grumpkin curves by default in public_parameters/mod.rs

* chore: Use Bn256/Grumpkin curves by default in parser/base.rs

* chore: Use Bn256/Grumpkin curves by default in z_data/z_cont.rs

* chore: Use Bn256/Grumpkin curves by default in z_data/z_expr.rs

* chore: Use Bn256/Grumpkin curves by default in z_data/z_store.rs

* chore: Use Bn256/Grumpkin curves by default in circuit/gadgets/constraints.rs

* chore: Use Bn256/Grumpkin curves by default in z_data/serde/mod.rs

* chore: Use Bn256/Grumpkin curves by default in z_data/z_ptr.rs

* chore: Use Bn256/Grumpkin curves by default in circuit/circuit_frame.rs

* chore: Use Bn256/Grumpkin curves by default in lem/store.rs

* chore: Use Bn256/Grumpkin curves by default in num.rs

* chore: Use Bn256/Grumpkin curves by default in num.rs

* chore: Use Bn256/Grumpkin curves by default in lem/tests/eval_tests.rs

* chore: Use Bn256/Grumpkin curves by default in lem/tests/misc.rs

* chore: Use Bn256/Grumpkin curves by default in lem/tests/nivc_steps.rs

* chore: Use Bn256/Grumpkin curves by default in proof/tests/nova_tests_lem.rs

* chore: Use Bn256/Grumpkin curves by default in coprocessor/trie/mod.rs

* chore: Use Bn256/Grumpkin curves by default in lem/multiframe.rs

* chore: Use Bn256/Grumpkin curves by default in coroutine/memoset/demo.rs

* chore: Use Bn256/Grumpkin curves by default in coroutine/memoset/mod.rs

* chore: Use Bn256/Grumpkin curves by default in coprocessor/gadgets.rs

---------

Co-authored-by: Gabriel Barreto <gabriel.aquino.barreto@gmail.com>

src/circuit/circuit_frame.rs

@@ -37,7 +37,7 @@ mod tests {
     use bellpepper_core::test_cs::TestConstraintSystem;
     use bellpepper_core::ConstraintSystem;
 
-    use pasta_curves::pallas::Scalar as Fr;
+    use halo2curves::bn256::Fr;
 
     #[test]
     fn test_enforce_popcount() {

src/circuit/gadgets/constraints.rs

@@ -823,7 +823,7 @@ mod tests {
 
     use bellpepper_core::test_cs::TestConstraintSystem;
     use ff::Field;
-    use pasta_curves::pallas::Scalar as Fr;
+    use halo2curves::bn256::Fr;
     use proptest::prelude::*;
     use std::ops::{AddAssign, SubAssign};
 

src/coprocessor/gadgets.rs

@@ -529,7 +529,7 @@ pub fn a_ptr_as_z_ptr<T: Tag, F: LurkField>(
 mod test {
     use bellpepper::util_cs::witness_cs::WitnessCS;
     use bellpepper_core::{boolean::Boolean, test_cs::TestConstraintSystem, ConstraintSystem};
-    use pasta_curves::Fq;
+    use halo2curves::bn256::Fr as Fq;
 
     use crate::{
         circuit::gadgets::pointer::AllocatedPtr,

src/coprocessor/trie/mod.rs

@@ -617,10 +617,14 @@ impl<'a, F: LurkField, const ARITY: usize, const HEIGHT: usize> Trie<'a, F, ARIT
         cs: &mut CS,
         key: &AllocatedNum<F>,
     ) -> Result<Vec<Vec<Boolean>>, SynthesisError> {
+        let (arity_bits, bits_needed) = Self::path_bit_dimensions();
+
         let mut bits = key.to_bits_le_strict(&mut cs.namespace(|| "bits"))?;
+        for _ in 0..bits_needed - bits.len() {
+            bits.push(Boolean::Constant(false));
+        }
         bits.reverse();
 
-        let (arity_bits, bits_needed) = Self::path_bit_dimensions();
         // each chunk is reversed due to little-endian encoding
         let path = bits[bits.len() - bits_needed..]
             .chunks(arity_bits)
@@ -911,9 +915,9 @@ impl<'a, F: LurkField, const ARITY: usize, const HEIGHT: usize> Default
 #[cfg(test)]
 mod test {
     use super::*;
-    use ff::PrimeField;
+    use expect_test::{expect, Expect};
+    use halo2curves::bn256::Fr;
     use once_cell::sync::OnceCell;
-    use pasta_curves::pallas::Scalar as Fr;
 
     static POSEIDON_CACHE: OnceCell<PoseidonCache<Fr>> = OnceCell::new();
     static INVERSE_POSEIDON_CACHE: OnceCell<InversePoseidonCache<Fr>> = OnceCell::new();
@@ -926,39 +930,28 @@ mod test {
         INVERSE_POSEIDON_CACHE.get_or_init(InversePoseidonCache::default)
     }
 
+    fn check(actual: Fr, expect: &Expect) {
+        let actual = format!("{:?}", actual);
+        expect.assert_eq(&actual);
+    }
+
     #[test]
     fn test_empty_roots() {
         let t: Trie<'_, Fr, 8, 3> =
             Trie::new_with_capacity(poseidon_cache(), inverse_poseidon_cache(), 512);
         assert_eq!(Fr::zero(), Trie::<'_, Fr, 8, 3>::empty_element());
         assert_eq!(Fr::zero(), t.empty_root_for_height(0));
-        assert_eq!(
-            scalar_from_u64s([
-                0xa81830c13a876b1c,
-                0x83b4610d346c2a33,
-                0x528056fe84bb9846,
-                0x0ef417527046e53c
-            ]),
-            t.empty_root_for_height(1)
+        check(
+            t.empty_root_for_height(1),
+            &expect!["0x1ca5b207085f3f0f324a2e0704b18fff1cda2e2d686aa85343fea91df77bf35b"],
         );
-
-        assert_eq!(
-            scalar_from_u64s([
-                0x33ff39660bc554aa,
-                0xd85d92c9279a65e7,
-                0x8e0f305f27de3d65,
-                0x089120e96e4b6dc5
-            ]),
-            t.empty_root_for_height(2)
+        check(
+            t.empty_root_for_height(2),
+            &expect!["0x0637ddaef5cd53ba6711c328952208d846222066701e10c34d3a6df7350de8aa"],
         );
-        assert_eq!(
-            scalar_from_u64s([
-                0xa52e7d0bbbee086b,
-                0x06e4ba3d56dbd7fa,
-                0xed7adffde497af73,
-                0x2fd6f6c5e5d21d60
-            ]),
-            t.empty_root_for_height(3)
+        check(
+            t.empty_root_for_height(3),
+            &expect!["0x08127a45502f5939273edd1957c8748ae39992e2a459d99f999992a842df99a5"],
         );
     }
 
@@ -994,72 +987,41 @@ mod test {
         }
     }
 
-    pub(crate) fn scalar_from_u64s(parts: [u64; 4]) -> Fr {
-        let mut le_bytes = [0u8; 32];
-        le_bytes[0..8].copy_from_slice(&parts[0].to_le_bytes());
-        le_bytes[8..16].copy_from_slice(&parts[1].to_le_bytes());
-        le_bytes[16..24].copy_from_slice(&parts[2].to_le_bytes());
-        le_bytes[24..32].copy_from_slice(&parts[3].to_le_bytes());
-        let mut repr = <Fr as PrimeField>::Repr::default();
-        repr.as_mut().copy_from_slice(&le_bytes[..]);
-        Fr::from_repr_vartime(repr).expect("u64s exceed scalar field modulus")
-    }
-
     #[test]
     fn test_hashes() {
         {
             let mut t0: Trie<'_, Fr, 8, 1> =
                 Trie::new_with_capacity(poseidon_cache(), inverse_poseidon_cache(), 8);
-            assert_eq!(
-                scalar_from_u64s([
-                    0xa81830c13a876b1c,
-                    0x83b4610d346c2a33,
-                    0x528056fe84bb9846,
-                    0x0ef417527046e53c
-                ]),
-                t0.empty_root()
+            check(
+                t0.empty_root(),
+                &expect!["0x1ca5b207085f3f0f324a2e0704b18fff1cda2e2d686aa85343fea91df77bf35b"],
             );
             assert_eq!(t0.empty_root(), t0.root());
         }
         {
             let mut t1: Trie<'_, Fr, 8, 2> =
                 Trie::new_with_capacity(poseidon_cache(), inverse_poseidon_cache(), 64);
-            assert_eq!(
-                scalar_from_u64s([
-                    0x33ff39660bc554aa,
-                    0xd85d92c9279a65e7,
-                    0x8e0f305f27de3d65,
-                    0x089120e96e4b6dc5
-                ]),
-                t1.empty_root()
+            check(
+                t1.empty_root(),
+                &expect!["0x0637ddaef5cd53ba6711c328952208d846222066701e10c34d3a6df7350de8aa"],
             );
             assert_eq!(t1.empty_root(), t1.root());
         }
         {
             let mut t2: Trie<'_, Fr, 8, 3> =
                 Trie::new_with_capacity(poseidon_cache(), inverse_poseidon_cache(), 512);
-            assert_eq!(
-                scalar_from_u64s([
-                    0xa52e7d0bbbee086b,
-                    0x06e4ba3d56dbd7fa,
-                    0xed7adffde497af73,
-                    0x2fd6f6c5e5d21d60
-                ]),
-                t2.empty_root()
+            check(
+                t2.empty_root(),
+                &expect!["0x08127a45502f5939273edd1957c8748ae39992e2a459d99f999992a842df99a5"],
             );
             assert_eq!(t2.empty_root(), t2.root());
         }
         {
             let mut t3: Trie<'_, Fr, 8, 4> =
                 Trie::new_with_capacity(poseidon_cache(), inverse_poseidon_cache(), 4096);
-            assert_eq!(
-                scalar_from_u64s([
-                    0xd95987b58e6c5852,
-                    0x261c08dca064c6c3,
-                    0x191320220a5d5d84,
-                    0x2cdb105f591c0e94
-                ]),
-                t3.empty_root()
+            check(
+                t3.empty_root(),
+                &expect!["0x12c2ef2ab5df25442fe23d8711bf985f02c39e83930517f7103d4bd4228c6cfb"],
             );
             assert_eq!(t3.empty_root(), t3.root());
         }

src/coroutine/memoset/demo.rs

@@ -235,7 +235,7 @@ mod test {
     use super::*;
 
     use ff::Field;
-    use pasta_curves::pallas::Scalar as F;
+    use halo2curves::bn256::Fr as F;
 
     #[test]
     fn test_factorial() {

src/coroutine/memoset/mod.rs

@@ -819,7 +819,7 @@ mod test {
     use bellpepper_core::{test_cs::TestConstraintSystem, Comparable};
     use demo::DemoQuery;
     use expect_test::{expect, Expect};
-    use pasta_curves::pallas::Scalar as F;
+    use halo2curves::bn256::Fr as F;
     use std::default::Default;
 
     #[test]

src/eval/lang.rs

@@ -181,7 +181,7 @@ pub(crate) mod test {
     use crate::sym;
 
     use super::*;
-    use pasta_curves::pallas::Scalar as Fr;
+    use halo2curves::bn256::Fr;
 
     #[test]
     fn lang() {

src/field.rs

@@ -346,8 +346,8 @@ impl<'de, F: LurkField> Deserialize<'de> for FWrap<F> {
 #[cfg(test)]
 pub mod tests {
     use crate::z_data::{from_z_data, to_z_data};
-    use pasta_curves::pallas::Scalar as Fr;
-    use pasta_curves::{pallas, vesta};
+    use halo2curves::bn256::Fr;
+    use halo2curves::{bn256, grumpkin};
 
     use super::*;
 
@@ -359,11 +359,11 @@ pub mod tests {
 
     proptest! {
       #[test]
-      fn prop_pallas_repr_bytes_consistency(f1 in any::<FWrap<pallas::Scalar>>()) {
+      fn prop_bn256_repr_bytes_consistency(f1 in any::<FWrap<bn256::Fr>>()) {
           repr_bytes_consistency(f1)
       }
       #[test]
-      fn prop_vesta_repr_bytes_consistency(f1 in any::<FWrap<vesta::Scalar>>()) {
+      fn prop_grumpkin_repr_bytes_consistency(f1 in any::<FWrap<grumpkin::Fr>>()) {
           repr_bytes_consistency(f1)
       }
     }
@@ -418,11 +418,11 @@ pub mod tests {
         repr_canonicity(f1)
       }
       #[test]
-      fn prop_pallas_repr_canonicity(f1 in any::<FWrap<pallas::Scalar>>()) {
+      fn prop_bn256_repr_canonicity(f1 in any::<FWrap<bn256::Fr>>()) {
           repr_canonicity(f1)
       }
       #[test]
-      fn prop_vesta_repr_canonicity(f1 in any::<FWrap<vesta::Scalar>>()) {
+      fn prop_grumpkin_repr_canonicity(f1 in any::<FWrap<grumpkin::Fr>>()) {
           repr_canonicity(f1)
       }
       #[test]
@@ -448,17 +448,17 @@ pub mod tests {
     // we use this library with.
     proptest! {
         #[test]
-        fn prop_pallas_tag_roundtrip(x in any::<u64>()){
-            let f1 = pallas::Scalar::from(x);
+        fn prop_bn256_tag_roundtrip(x in any::<u64>()){
+            let f1 = bn256::Fr::from(x);
             let bytes = f1.to_repr().as_ref().to_vec();
             let mut bytes_from_u64 = [0u8; 32];
             bytes_from_u64[..8].copy_from_slice(&x.to_le_bytes());
             assert_eq!(bytes, bytes_from_u64);
         }
 
         #[test]
-        fn prop_vesta_tag_roundtrip(x in any::<u64>()){
-            let f1 = vesta::Scalar::from(x);
+        fn prop_grumpkin_tag_roundtrip(x in any::<u64>()){
+            let f1 = grumpkin::Fr::from(x);
             let bytes = f1.to_repr().as_ref().to_vec();
             let mut bytes_from_u64 = [0u8; 32];
             bytes_from_u64[..8].copy_from_slice(&x.to_le_bytes());

src/lem/circuit.rs

@@ -1680,6 +1680,8 @@ impl Func {
         let bit_decomp_cost = match F::FIELD {
             LanguageField::Pallas => 298,
             LanguageField::Vesta => 301,
+            // TODO: investigate how to properly compute this number, as it was obtained empirically
+            LanguageField::BN256 => 354,
             _ => todo!(),
         };
 

src/lem/eval.rs

@@ -1726,7 +1726,7 @@ mod tests {
     };
     use bellpepper_core::{test_cs::TestConstraintSystem, Comparable};
     use expect_test::{expect, Expect};
-    use pasta_curves::pallas::Scalar as Fr;
+    use halo2curves::bn256::Fr;
 
     #[test]
     fn test_counts() {
@@ -1745,8 +1745,8 @@ mod tests {
         expect_eq(func.slots_count.commitment, expect!["1"]);
         expect_eq(func.slots_count.bit_decomp, expect!["3"]);
         expect_eq(cs.num_inputs(), expect!["1"]);
-        expect_eq(cs.aux().len(), expect!["8927"]);
-        expect_eq(cs.num_constraints(), expect!["10857"]);
+        expect_eq(cs.aux().len(), expect!["9095"]);
+        expect_eq(cs.num_constraints(), expect!["11025"]);
         assert_eq!(func.num_constraints(&store), cs.num_constraints());
     }
 }

src/lem/multiframe.rs

@@ -976,12 +976,12 @@ mod tests {
     fn test_sequential_and_parallel_witnesses_equivalences() {
         let lurk_step = eval_step();
         let num_slots_per_frame = lurk_step.slots_count.total();
-        let store = Store::<Fq>::default();
+        let store = Store::<Bn>::default();
         let mut cs = WitnessCS::new();
 
         let expr = store.read_with_default_state("(if t (+ 5 5) 6)").unwrap();
 
-        let frames = evaluate::<Fq, Coproc<Fq>>(None, expr, &store, 10).unwrap();
+        let frames = evaluate::<Bn, Coproc<Bn>>(None, expr, &store, 10).unwrap();
 
         let sequential_slots_witnesses =
             generate_slots_witnesses(&store, &frames, num_slots_per_frame, false);
@@ -1046,7 +1046,7 @@ mod tests {
 
         let mut cs_clone = cs.clone();
 
-        let lang = Lang::<Fq, Coproc<Fq>>::new();
+        let lang = Lang::<Bn, Coproc<Bn>>::new();
 
         let output_sequential = synthesize_frames_sequential(
             &mut cs,
@@ -1082,20 +1082,20 @@ mod tests {
 
     #[test]
     fn non_self_evaluating() {
-        let store = Store::default();
+        let store = Store::<Bn>::default();
 
         // not self-evaluating
         let expr = store.read_with_default_state("(+ 1 2)").unwrap();
 
-        let lang = Arc::new(Lang::<Fq, Coproc<Fq>>::new());
-        let mut frames = evaluate::<Fq, Coproc<Fq>>(None, expr, &store, 1).unwrap();
+        let lang = Arc::new(Lang::<Bn, Coproc<Bn>>::new());
+        let mut frames = evaluate::<Bn, Coproc<Bn>>(None, expr, &store, 1).unwrap();
         assert_eq!(frames.len(), 1);
 
         let mut frame = frames.pop().unwrap();
         // faking a trivial evaluation frame
         frame.output = vec![expr, store.intern_empty_env(), store.cont_terminal()];
 
-        let mut cs = TestConstraintSystem::<Fq>::new();
+        let mut cs = TestConstraintSystem::<Bn>::new();
 
         let folding_config = Arc::new(FoldingConfig::new_ivc(lang.clone(), 1));
 

src/lem/store.rs

@@ -1346,7 +1346,7 @@ impl Ptr {
 #[cfg(test)]
 mod tests {
     use ff::Field;
-    use pasta_curves::pallas::Scalar as Fr;
+    use halo2curves::bn256::Fr;
     use proptest::prelude::*;
 
     use crate::{