Upgrade CS

Cargo.toml

@@ -9,11 +9,9 @@ readme = "README.md"
 repository = "https://github.com/Microsoft/Nova"
 license-file = "LICENSE"
 keywords = ["zkSNARKs", "cryptography", "proofs"]
-rust-version="1.79.0"
+rust-version = "1.79.0"
 
 [dependencies]
-bellpepper-core = { version="0.4.0", default-features = false }
-bellpepper = { version="0.4.0", default-features = false }
 ff = { version = "0.13.0", features = ["derive"] }
 digest = "0.10"
 sha3 = "0.10"
@@ -23,7 +21,6 @@ rand_chacha = "0.3"
 subtle = "2.5"
 pasta_curves = { version = "0.5", features = ["repr-c", "serde"] }
 halo2curves = { version = "0.6.0", features = ["bits", "derive_serde"] }
-neptune = { version = "13.0.0", default-features = false }
 generic-array = "1.0.0"
 num-bigint = { version = "0.4", features = ["serde", "rand"] }
 num-traits = "0.2"
@@ -78,6 +75,4 @@ harness = false
 default = ["halo2curves/asm"]
 # Compiles in portable mode, w/o ISA extensions => binary can be executed on all systems.
 portable = ["pasta-msm/portable"]
-cuda = ["neptune/cuda", "neptune/pasta", "neptune/arity24"]
-opencl = ["neptune/opencl", "neptune/pasta", "neptune/arity24"]
 flamegraph = ["pprof/flamegraph", "pprof/criterion"]

benches/compressed-snark.rs

@@ -1,10 +1,10 @@
 #![allow(non_snake_case)]
 
-use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::marker::PhantomData;
 use criterion::{measurement::WallTime, *};
 use ff::PrimeField;
 use nova_snark::{
+  frontend::{num::AllocatedNum, ConstraintSystem, SynthesisError},
   provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},

benches/compute-digest.rs

@@ -1,9 +1,9 @@
 use std::{marker::PhantomData, time::Duration};
 
-use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use criterion::{black_box, criterion_group, criterion_main, Criterion};
 use ff::PrimeField;
 use nova_snark::{
+  frontend::{num::AllocatedNum, ConstraintSystem, SynthesisError},
   provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},

benches/ppsnark.rs

@@ -1,10 +1,10 @@
 #![allow(non_snake_case)]
 
-use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::marker::PhantomData;
 use criterion::*;
 use ff::PrimeField;
 use nova_snark::{
+  frontend::{num::AllocatedNum, ConstraintSystem, SynthesisError},
   provider::Bn256EngineKZG,
   spartan::direct::DirectSNARK,
   traits::{circuit::StepCircuit, Engine},

benches/recursive-snark.rs

@@ -1,10 +1,10 @@
 #![allow(non_snake_case)]
 
-use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::marker::PhantomData;
 use criterion::*;
 use ff::PrimeField;
 use nova_snark::{
+  frontend::{num::AllocatedNum, ConstraintSystem, SynthesisError},
   provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},

benches/sha256.rs

@@ -3,17 +3,14 @@
 //! This code invokes a hand-written SHA-256 gadget from bellman/bellperson.
 //! It also uses code from bellman/bellperson to compare circuit-generated digest with sha2 crate's output
 #![allow(non_snake_case)]
-use bellpepper::gadgets::{sha256::sha256, Assignment};
-use bellpepper_core::{
-  boolean::{AllocatedBit, Boolean},
-  num::{AllocatedNum, Num},
-  ConstraintSystem, SynthesisError,
-};
-use core::marker::PhantomData;
-use core::time::Duration;
+use core::{marker::PhantomData, time::Duration};
 use criterion::*;
 use ff::{PrimeField, PrimeFieldBits};
 use nova_snark::{
+  frontend::{
+    num::{AllocatedNum, Num},
+    sha256, AllocatedBit, Assignment, Boolean, ConstraintSystem, SynthesisError,
+  },
   provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},

examples/and.rs

@@ -1,14 +1,13 @@
 //! This example executes a batch of 64-bit AND operations.
 //! It performs the AND operation by first decomposing the operands into bits and then performing the operation bit-by-bit.
 //! We execute a configurable number of AND operations per step of Nova's recursion.
-use bellpepper_core::{
-  boolean::AllocatedBit, num::AllocatedNum, ConstraintSystem, LinearCombination, SynthesisError,
-};
 use core::marker::PhantomData;
-use ff::Field;
-use ff::{PrimeField, PrimeFieldBits};
+use ff::{Field, PrimeField, PrimeFieldBits};
 use flate2::{write::ZlibEncoder, Compression};
 use nova_snark::{
+  frontend::{
+    num::AllocatedNum, AllocatedBit, ConstraintSystem, LinearCombination, SynthesisError,
+  },
   provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},

examples/hashchain.rs

@@ -1,20 +1,16 @@
 //! This example proves the knowledge of preimage to a hash chain tail, with a configurable number of elements per hash chain node.
 //! The output of each step tracks the current tail of the hash chain
-use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use ff::Field;
 use flate2::{write::ZlibEncoder, Compression};
 use generic_array::typenum::U24;
-use neptune::{
-  circuit2::Elt,
-  sponge::{
-    api::{IOPattern, SpongeAPI, SpongeOp},
-    circuit::SpongeCircuit,
-    vanilla::{Mode::Simplex, Sponge, SpongeTrait},
-  },
-  Strength,
-};
 use nova_snark::{
-  provider::{Bn256EngineKZG, GrumpkinEngine},
+  frontend::{num::AllocatedNum, ConstraintSystem, SynthesisError},
+  provider::{
+    poseidon::{
+      Elt, IOPattern, Simplex, Sponge, SpongeAPI, SpongeCircuit, SpongeOp, SpongeTrait, Strength,
+    },
+    Bn256EngineKZG, GrumpkinEngine,
+  },
   traits::{
     circuit::{StepCircuit, TrivialCircuit},
     snark::RelaxedR1CSSNARKTrait,
@@ -91,9 +87,9 @@ impl<G: Group> StepCircuit<G::Scalar> for HashChainCircuit<G> {
       let acc = &mut ns;
 
       sponge.start(parameter, None, acc);
-      neptune::sponge::api::SpongeAPI::absorb(&mut sponge, num_absorbs, &elt, acc);
+      SpongeAPI::absorb(&mut sponge, num_absorbs, &elt, acc);
 
-      let output = neptune::sponge::api::SpongeAPI::squeeze(&mut sponge, 1, acc);
+      let output = SpongeAPI::squeeze(&mut sponge, 1, acc);
       sponge.finish(acc).unwrap();
       Elt::ensure_allocated(&output[0], &mut ns.namespace(|| "ensure allocated"), true)?
     };

examples/minroot.rs

@@ -1,10 +1,10 @@
 //! Demonstrates how to use Nova to produce a recursive proof of the correct execution of
 //! iterations of the `MinRoot` function, thereby realizing a Nova-based verifiable delay function (VDF).
 //! We execute a configurable number of iterations of the `MinRoot` function per step of Nova's recursion.
-use bellpepper_core::{num::AllocatedNum, ConstraintSystem, SynthesisError};
 use ff::Field;
 use flate2::{write::ZlibEncoder, Compression};
 use nova_snark::{
+  frontend::{num::AllocatedNum, ConstraintSystem, SynthesisError},
   provider::{Bn256EngineKZG, GrumpkinEngine},
   traits::{
     circuit::{StepCircuit, TrivialCircuit},

src/circuit.rs

@@ -6,6 +6,9 @@
 
 use crate::{
   constants::{NUM_FE_WITHOUT_IO_FOR_CRHF, NUM_HASH_BITS},
+  frontend::{
+    num::AllocatedNum, AllocatedBit, Assignment, Boolean, ConstraintSystem, SynthesisError,
+  },
   gadgets::{
     ecc::AllocatedPoint,
     r1cs::{AllocatedR1CSInstance, AllocatedRelaxedR1CSInstance},
@@ -19,12 +22,6 @@ use crate::{
   },
   Commitment,
 };
-use bellpepper::gadgets::Assignment;
-use bellpepper_core::{
-  boolean::{AllocatedBit, Boolean},
-  num::AllocatedNum,
-  ConstraintSystem, SynthesisError,
-};
 use ff::Field;
 use serde::{Deserialize, Serialize};
 
@@ -383,17 +380,16 @@ impl<'a, E: Engine, SC: StepCircuit<E::Base>> NovaAugmentedCircuit<'a, E, SC> {
 mod tests {
   use super::*;
   use crate::{
-    bellpepper::{
+    constants::{BN_LIMB_WIDTH, BN_N_LIMBS},
+    frontend::{
       r1cs::{NovaShape, NovaWitness},
       solver::SatisfyingAssignment,
       test_shape_cs::TestShapeCS,
     },
-    constants::{BN_LIMB_WIDTH, BN_N_LIMBS},
     gadgets::utils::scalar_as_base,
     provider::{
-      poseidon::PoseidonConstantsCircuit,
-      {Bn256EngineKZG, GrumpkinEngine}, {PallasEngine, VestaEngine},
-      {Secp256k1Engine, Secq256k1Engine},
+      poseidon::PoseidonConstantsCircuit, Bn256EngineKZG, GrumpkinEngine, PallasEngine,
+      Secp256k1Engine, Secq256k1Engine, VestaEngine,
     },
     traits::{circuit::TrivialCircuit, snark::default_ck_hint},
   };

src/digest.rs

@@ -2,8 +2,7 @@ use bincode::Options;
 use ff::PrimeField;
 use serde::Serialize;
 use sha3::{Digest, Sha3_256};
-use std::io;
-use std::marker::PhantomData;
+use std::{io, marker::PhantomData};
 
 use crate::constants::NUM_HASH_BITS;
 

src/errors.rs

@@ -2,6 +2,8 @@
 use core::fmt::Debug;
 use thiserror::Error;
 
+use crate::frontend::SynthesisError;
+
 /// Errors returned by Nova
 #[derive(Clone, Debug, Eq, PartialEq, Error)]
 #[non_exhaustive]
@@ -69,8 +71,8 @@ pub enum NovaError {
   InternalError,
 }
 
-impl From<bellpepper_core::SynthesisError> for NovaError {
-  fn from(err: bellpepper_core::SynthesisError) -> Self {
+impl From<SynthesisError> for NovaError {
+  fn from(err: SynthesisError) -> Self {
     Self::SynthesisError {
       reason: err.to_string(),
     }