Enabling Nova to be used in no_std environments

Cargo.toml

@@ -12,28 +12,52 @@ keywords = ["zkSNARKs", "cryptography", "proofs"]
 rust-version = "1.79.0"
 
 [dependencies]
-ff = { version = "0.13.0", features = ["derive"] }
-digest = "0.10"
-sha3 = "0.10"
-rayon = "1.10"
+ff = { version = "0.13.0", features = [
+    "derive",
+    "bits",
+], default-features = false }
+digest = { version = "0.10", default-features = false }
+sha3 = { version = "0.10", default-features = false }
+
 rand_core = { version = "0.6", default-features = false }
-rand_chacha = "0.3"
-subtle = "2.6.1"
-halo2curves = { version = "0.8.0", features = ["bits", "derive_serde"] }
-generic-array = "1.2.0"
-num-bigint = { version = "0.4.6", features = ["serde", "rand"] }
-num-traits = "0.2.19"
-num-integer = "0.1.46"
-serde = { version = "1.0.217", features = ["derive"] }
-bincode = "1.3"
-bitvec = "1.0"
-byteorder = "1.4.3"
-thiserror = "2.0.11"
-once_cell = "1.18.0"
-itertools = "0.14.0"
+rand_chacha = { version = "0.3", default-features = false }
+subtle = { version = "2.6.1", default-features = false }
+
+generic-array = { version = "1.2.0", default-features = false }
+num-bigint = { version = "0.4.6", features = [
+    "serde",
+    "rand",
+], default-features = false }
+num-traits = { version = "0.2.19", default-features = false }
+num-integer = { version = "0.1.46", default-features = false }
+serde = { version = "1.0.217", features = ["derive"], default-features = false }
+bincode = { version = "2.0.0-rc.3", default-features = false, features = [
+    "alloc",
+    "derive",
+    "serde",
+] }
+bitvec = { version = "1.0", default-features = false }
+thiserror = { version = "2.0.11", default-features = false }
+itertools = { version = "0.14.0", default-features = false }
+pasta_curves = { version = "0.5", features = ["repr-c", "serde"] }
+libm = { version = "0.2.11", default-features = false }
+hashbrown = { version = "0.15.2" }
+
+
+# ! OPTIONAL 
+rayon = { version = "1.10", optional = true, default-features = false }
+halo2curves = { version = "0.8.0", features = [
+    "bits",
+    "derive_serde",
+], optional = true }
+once_cell = { version = "1.18.0", optional = true }
+byteorder = { version = "1.4.3", optional = true }
+
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
-getrandom = { version = "0.2.15", default-features = false, features = ["js"] }
+getrandom = { version = "0.2.15", default-features = false, features = [
+    "js",
+], optional = true }
 
 [dev-dependencies]
 criterion = { version = "0.5", features = ["html_reports"] }
@@ -63,6 +87,8 @@ name = "ppsnark"
 harness = false
 
 [features]
-default = ["halo2curves/asm"]
+default = ["std"]
+std = ["halo2curves", "rayon", "getrandom", "once_cell", "byteorder"]
+asm = ["halo2curves/asm"]
 flamegraph = ["pprof2/flamegraph", "pprof2/criterion"]
 experimental = []

examples/and.rs

@@ -1,9 +1,9 @@
 //! This example executes a batch of 64-bit AND operations.
 //! It performs the AND operation by first decomposing the operands into bits and then performing the operation bit-by-bit.
 //! We execute a configurable number of AND operations per step of Nova's recursion.
+use bincode::config::legacy;
 use core::marker::PhantomData;
 use ff::{Field, PrimeField, PrimeFieldBits};
-use flate2::{write::ZlibEncoder, Compression};
 use nova_snark::{
   frontend::{
     num::AllocatedNum, AllocatedBit, ConstraintSystem, LinearCombination, SynthesisError,
@@ -286,9 +286,9 @@ fn main() {
     assert!(res.is_ok());
     let compressed_snark = res.unwrap();
 
-    let mut encoder = ZlibEncoder::new(Vec::new(), Compression::default());
-    bincode::serialize_into(&mut encoder, &compressed_snark).unwrap();
-    let compressed_snark_encoded = encoder.finish().unwrap();
+    // let mut encoder = ZlibEncoder::new(Vec::new(), Compression::default());
+    let compressed_snark_encoded =
+      bincode::serde::encode_to_vec(&compressed_snark, legacy()).unwrap();
     println!(
       "CompressedSNARK::len {:?} bytes",
       compressed_snark_encoded.len()

examples/hashchain.rs

@@ -1,7 +1,7 @@
 //! This example proves the knowledge of preimage to a hash chain tail, with a configurable number of elements per hash chain node.
 //! The output of each step tracks the current tail of the hash chain
+use bincode::config::legacy;
 use ff::Field;
-use flate2::{write::ZlibEncoder, Compression};
 use generic_array::typenum::U24;
 use nova_snark::{
   frontend::{
@@ -179,9 +179,8 @@ fn main() {
     assert!(res.is_ok());
     let compressed_snark = res.unwrap();
 
-    let mut encoder = ZlibEncoder::new(Vec::new(), Compression::default());
-    bincode::serialize_into(&mut encoder, &compressed_snark).unwrap();
-    let compressed_snark_encoded = encoder.finish().unwrap();
+    let compressed_snark_encoded =
+      bincode::serde::encode_to_vec(&compressed_snark, legacy()).unwrap();
     println!(
       "CompressedSNARK::len {:?} bytes",
       compressed_snark_encoded.len()

examples/minroot.rs

@@ -1,8 +1,8 @@
 //! Demonstrates how to use Nova to produce a recursive proof of the correct execution of
 //! iterations of the `MinRoot` function, thereby realizing a Nova-based verifiable delay function (VDF).
 //! We execute a configurable number of iterations of the `MinRoot` function per step of Nova's recursion.
+use bincode::config::legacy;
 use ff::Field;
-use flate2::{write::ZlibEncoder, Compression};
 use nova_snark::{
   frontend::{num::AllocatedNum, ConstraintSystem, SynthesisError},
   nova::{CompressedSNARK, PublicParams, RecursiveSNARK},
@@ -248,9 +248,8 @@ fn main() {
     assert!(res.is_ok());
     let compressed_snark = res.unwrap();
 
-    let mut encoder = ZlibEncoder::new(Vec::new(), Compression::default());
-    bincode::serialize_into(&mut encoder, &compressed_snark).unwrap();
-    let compressed_snark_encoded = encoder.finish().unwrap();
+    let compressed_snark_encoded =
+      bincode::serde::encode_to_vec(&compressed_snark, legacy()).unwrap();
     println!(
       "CompressedSNARK::len {:?} bytes",
       compressed_snark_encoded.len()

src/digest.rs

@@ -1,29 +1,28 @@
-use crate::constants::NUM_HASH_BITS;
-use bincode::Options;
+#[cfg(not(feature = "std"))]
+use crate::prelude::*;
+use crate::{constants::NUM_HASH_BITS, errors::NovaError};
+use bincode::config::legacy;
 use ff::PrimeField;
 use serde::Serialize;
 use sha3::{Digest, Sha3_256};
-use std::{io, marker::PhantomData};
+#[cfg(feature = "std")]
+use std::marker::PhantomData;
 
 /// Trait for components with potentially discrete digests to be included in their container's digest.
 pub trait Digestible {
   /// Write the byte representation of Self in a byte buffer
-  fn write_bytes<W: Sized + io::Write>(&self, byte_sink: &mut W) -> Result<(), io::Error>;
+  fn write_bytes(&self) -> Result<Vec<u8>, NovaError>;
 }
 
 /// Marker trait to be implemented for types that implement `Digestible` and `Serialize`.
 /// Their instances will be serialized to bytes then digested.
 pub trait SimpleDigestible: Serialize {}
 
 impl<T: SimpleDigestible> Digestible for T {
-  fn write_bytes<W: Sized + io::Write>(&self, byte_sink: &mut W) -> Result<(), io::Error> {
-    let config = bincode::DefaultOptions::new()
-      .with_little_endian()
-      .with_fixint_encoding();
-    // Note: bincode recursively length-prefixes every field!
-    config
-      .serialize_into(byte_sink, self)
-      .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))
+  fn write_bytes(&self) -> Result<Vec<u8>, NovaError> {
+    bincode::serde::encode_to_vec(self, legacy()).map_err(|e| NovaError::DigestError {
+      reason: e.to_string(),
+    })
   }
 }
 
@@ -45,15 +44,15 @@ impl<'a, F: PrimeField, T: Digestible> DigestComputer<'a, F, T> {
     });
 
     // turn the bit vector into a scalar
-    let mut digest = F::ZERO;
+    let mut result = F::ZERO;
     let mut coeff = F::ONE;
     for bit in bv {
       if bit {
-        digest += coeff;
+        result += coeff;
       }
       coeff += coeff;
     }
-    digest
+    result
   }
 
   /// Create a new `DigestComputer`
@@ -65,13 +64,15 @@ impl<'a, F: PrimeField, T: Digestible> DigestComputer<'a, F, T> {
   }
 
   /// Compute the digest of a `Digestible` instance.
-  pub fn digest(&self) -> Result<F, io::Error> {
+  pub fn digest(&self) -> Result<F, core::fmt::Error> {
+    let bytes = self.inner.write_bytes().expect("Serialization error");
+
     let mut hasher = Self::hasher();
-    self
-      .inner
-      .write_bytes(&mut hasher)
-      .expect("Serialization error");
-    let bytes: [u8; 32] = hasher.finalize().into();
+    hasher.update(&bytes);
+    let final_bytes = hasher.finalize();
+    let bytes: Vec<u8> = final_bytes.to_vec();
+
+    // Now map to the field or handle it as necessary
     Ok(Self::map_to_field(&bytes))
   }
 }
@@ -80,47 +81,38 @@ impl<'a, F: PrimeField, T: Digestible> DigestComputer<'a, F, T> {
 mod tests {
   use super::{DigestComputer, SimpleDigestible};
   use crate::{provider::PallasEngine, traits::Engine};
+  use bincode::config::legacy;
   use ff::Field;
-  use once_cell::sync::OnceCell;
   use serde::{Deserialize, Serialize};
 
   type E = PallasEngine;
 
   #[derive(Serialize, Deserialize)]
   struct S<E: Engine> {
     i: usize,
-    #[serde(skip, default = "OnceCell::new")]
-    digest: OnceCell<E::Scalar>,
+    #[serde(skip)]
+    digest: Option<E::Scalar>,
   }
 
   impl<E: Engine> SimpleDigestible for S<E> {}
 
   impl<E: Engine> S<E> {
     fn new(i: usize) -> Self {
-      S {
-        i,
-        digest: OnceCell::new(),
-      }
+      S { i, digest: None }
     }
 
-    fn digest(&self) -> E::Scalar {
-      self
-        .digest
-        .get_or_try_init(|| DigestComputer::new(self).digest())
-        .cloned()
-        .unwrap()
+    fn digest(&mut self) -> E::Scalar {
+      let digest: E::Scalar = DigestComputer::new(self).digest().unwrap();
+      *self.digest.get_or_insert(digest)
     }
   }
 
   #[test]
   fn test_digest_field_not_ingested_in_computation() {
     let s1 = S::<E>::new(42);
 
-    // let's set up a struct with a weird digest field to make sure the digest computation does not depend of it
-    let oc = OnceCell::new();
-    oc.set(<E as Engine>::Scalar::ONE).unwrap();
-
-    let s2: S<E> = S { i: 42, digest: oc };
+    let mut s2 = S::<E>::new(42);
+    s2.digest = Some(<E as Engine>::Scalar::ONE); // Set manually for test
 
     assert_eq!(
       DigestComputer::<<E as Engine>::Scalar, _>::new(&s1)
@@ -143,19 +135,18 @@ mod tests {
 
   #[test]
   fn test_digest_impervious_to_serialization() {
-    let good_s = S::<E>::new(42);
-
-    // let's set up a struct with a weird digest field to confuse deserializers
-    let oc = OnceCell::new();
-    oc.set(<E as Engine>::Scalar::ONE).unwrap();
+    let mut good_s = S::<E>::new(42);
+    let mut bad_s = S::<E>::new(42);
+    bad_s.digest = Some(<E as Engine>::Scalar::ONE); // Set manually for test
 
-    let bad_s: S<E> = S { i: 42, digest: oc };
     // this justifies the adjective "bad"
     assert_ne!(good_s.digest(), bad_s.digest());
 
-    let naughty_bytes = bincode::serialize(&bad_s).unwrap();
+    let naughty_bytes = bincode::serde::encode_to_vec(&bad_s, legacy()).unwrap();
+    let mut retrieved_s: S<E> = bincode::serde::decode_from_slice(&naughty_bytes, legacy())
+      .unwrap()
+      .0;
 
-    let retrieved_s: S<E> = bincode::deserialize(&naughty_bytes).unwrap();
     assert_eq!(good_s.digest(), retrieved_s.digest())
   }
 }

src/errors.rs

@@ -1,5 +1,7 @@
 //! This module defines errors returned by the library.
 use crate::frontend::SynthesisError;
+#[cfg(not(feature = "std"))]
+use crate::prelude::*;
 use core::fmt::Debug;
 use thiserror::Error;
 
@@ -70,7 +72,10 @@ pub enum NovaError {
   },
   /// returned when there is an error creating a digest
   #[error("DigestError")]
-  DigestError,
+  DigestError {
+    /// The reason for digest creation failure
+    reason: String,
+  },
   /// returned when the prover cannot prove the provided statement due to completeness error
   #[error("InternalError")]
   InternalError,

src/frontend/constraint_system.rs

@@ -1,8 +1,9 @@
-use std::{io, marker::PhantomData};
-
-use ff::PrimeField;
-
 use super::lc::{Index, LinearCombination, Variable};
+#[cfg(not(feature = "std"))]
+use crate::prelude::*;
+use ff::PrimeField;
+#[cfg(feature = "std")]
+use std::marker::PhantomData;
 
 /// Computations are expressed in terms of arithmetic circuits, in particular
 /// rank-1 quadratic constraint systems. The `Circuit` trait represents a
@@ -33,9 +34,6 @@ pub enum SynthesisError {
   /// During proof generation, we encountered an identity in the CRS
   #[error("encountered an identity element in the CRS")]
   UnexpectedIdentity,
-  /// During proof generation, we encountered an I/O error with the CRS
-  #[error("encountered an I/O error: {0}")]
-  IoError(#[from] io::Error),
   /// During verification, our verifying key was malformed.
   #[error("malformed verifying key")]
   MalformedVerifyingKey,

src/frontend/gadgets/boolean.rs

@@ -1,8 +1,9 @@
 //! Gadgets for allocating bits in the circuit and performing boolean logic.
 
-use ff::{PrimeField, PrimeFieldBits};
-
 use crate::frontend::{ConstraintSystem, LinearCombination, SynthesisError, Variable};
+#[cfg(not(feature = "std"))]
+use crate::prelude::*;
+use ff::{PrimeField, PrimeFieldBits};
 
 /// Represents a variable in the constraint system which is guaranteed
 /// to be either zero or one.

src/frontend/gadgets/multieq.rs

@@ -1,6 +1,7 @@
-use ff::PrimeField;
-
 use crate::frontend::{ConstraintSystem, LinearCombination, SynthesisError, Variable};
+#[cfg(not(feature = "std"))]
+use crate::prelude::*;
+use ff::PrimeField;
 
 #[derive(Debug)]
 pub struct MultiEq<Scalar: PrimeField, CS: ConstraintSystem<Scalar>> {

src/frontend/gadgets/num.rs

@@ -1,12 +1,14 @@
 //! Gadgets representing numbers in the scalar field of the underlying curve.
 
+use crate::frontend::{
+  gadgets::boolean::{self, AllocatedBit, Boolean},
+  ConstraintSystem, LinearCombination, SynthesisError, Variable,
+};
+#[cfg(not(feature = "std"))]
+use crate::prelude::*;
 use ff::{PrimeField, PrimeFieldBits};
 use serde::{Deserialize, Serialize};
 
-use crate::frontend::{ConstraintSystem, LinearCombination, SynthesisError, Variable};
-
-use crate::frontend::gadgets::boolean::{self, AllocatedBit, Boolean};
-
 /// Represents an allocated number in the circuit.
 #[derive(Debug, Serialize, Deserialize)]
 pub struct AllocatedNum<Scalar: PrimeField> {