Fix boolean ops

Pratyush · Pratyush · commit 1bf9ecb86463 · 2020-08-17T10:02:12.000-07:00
diff --git a/r1cs-std/src/bits/boolean.rs b/r1cs-std/src/bits/boolean.rs
@@ -32,10 +32,29 @@ impl<F: Field> AllocatedBit<F> {
         self.variable
     }
 
+    /// Allocate a witness variable without a booleanity check.
+    fn new_witness_without_booleanity_check<T: Borrow<bool>>(
+        cs: ConstraintSystemRef<F>,
+        f: impl FnOnce() -> Result<T, SynthesisError>,
+    ) -> Result<Self, SynthesisError> {
+        let mut value = None;
+        let variable = cs.new_witness_variable(|| {
+            value = Some(*f()?.borrow());
+            value.get().map(bool_to_field)
+        })?;
+        Ok(Self {
+            value,
+            variable,
+            cs,
+        })
+    }
+
     /// Performs an XOR operation over the two operands, returning
     /// an `AllocatedBit`.
     pub fn xor(&self, b: &Self) -> Result<Self, SynthesisError> {
-        let result = Self::new_witness(self.cs.clone(), || Ok(self.value()? ^ b.value()?))?;
+        let result = Self::new_witness_without_booleanity_check(self.cs.clone(), || {
+            Ok(self.value()? ^ b.value()?)
+        })?;
 
         // Constrain (a + a) * (b) = (a + b - c)
         // Given that a and b are boolean constrained, if they
@@ -64,7 +83,9 @@ impl<F: Field> AllocatedBit<F> {
     /// Performs an AND operation over the two operands, returning
     /// an `AllocatedBit`.
     pub fn and(&self, b: &Self) -> Result<Self, SynthesisError> {
-        let result = Self::new_witness(self.cs.clone(), || Ok(self.value()? & b.value()?))?;
+        let result = Self::new_witness_without_booleanity_check(self.cs.clone(), || {
+            Ok(self.value()? & b.value()?)
+        })?;
 
         // Constrain (a) * (b) = (c), ensuring c is 1 iff
         // a AND b are both 1.
@@ -80,7 +101,9 @@ impl<F: Field> AllocatedBit<F> {
     /// Performs an OR operation over the two operands, returning
     /// an `AllocatedBit`.
     pub fn or(&self, b: &Self) -> Result<Self, SynthesisError> {
-        let result = Self::new_witness(self.cs.clone(), || Ok(self.value()? | b.value()?))?;
+        let result = Self::new_witness_without_booleanity_check(self.cs.clone(), || {
+            Ok(self.value()? | b.value()?)
+        })?;
 
         // Constrain (1 - a) * (1 - b) = (c), ensuring c is 1 iff
         // a and b are both false, and otherwise c is 0.
@@ -95,7 +118,9 @@ impl<F: Field> AllocatedBit<F> {
 
     /// Calculates `a AND (NOT b)`.
     pub fn and_not(&self, b: &Self) -> Result<Self, SynthesisError> {
-        let result = Self::new_witness(self.cs.clone(), || Ok(self.value()? & !b.value()?))?;
+        let result = Self::new_witness_without_booleanity_check(self.cs.clone(), || {
+            Ok(self.value()? & !b.value()?)
+        })?;
 
         // Constrain (a) * (1 - b) = (c), ensuring c is 1 iff
         // a is true and b is false, and otherwise c is 0.
@@ -110,7 +135,9 @@ impl<F: Field> AllocatedBit<F> {
 
     /// Calculates `(NOT a) AND (NOT b)`.
     pub fn nor(&self, b: &Self) -> Result<Self, SynthesisError> {
-        let result = Self::new_witness(self.cs.clone(), || Ok(!(self.value()? | b.value()?)))?;
+        let result = Self::new_witness_without_booleanity_check(self.cs.clone(), || {
+            Ok(!(self.value()? | b.value()?))
+        })?;
 
         // Constrain (1 - a) * (1 - b) = (c), ensuring c is 1 iff
         // a and b are both false, and otherwise c is 0.
@@ -596,10 +623,12 @@ impl<F: Field> CondSelectGadget<F> for Boolean<F> {
                 (x, &Constant(true)) => cond.not().or(x),
                 (a, b) => {
                     let cs = cond.cs().unwrap();
-                    let result = Boolean::new_witness(cs.clone(), || {
-                        let cond = cond.value()?;
-                        Ok(if cond { a.value()? } else { b.value()? })
-                    })?;
+                    let result: Boolean<F> =
+                        AllocatedBit::new_witness_without_booleanity_check(cs.clone(), || {
+                            let cond = cond.value()?;
+                            Ok(if cond { a.value()? } else { b.value()? })
+                        })?
+                        .into();
                     // a = self; b = other; c = cond;
                     //
                     // r = c * a + (1  - c) * b
@@ -1014,7 +1043,7 @@ mod test {
     }
 
     #[test]
-    fn test_boolean_cond_select() -> Result<(), r1cs_core::SynthesisError> {
+    fn test_boolean_cond_select() -> Result<(), SynthesisError> {
         for condition in VARIANTS.iter().cloned() {
             for first_operand in VARIANTS.iter().cloned() {
                 for second_operand in VARIANTS.iter().cloned() {
diff --git a/r1cs-std/src/fields/mod.rs b/r1cs-std/src/fields/mod.rs
@@ -185,7 +185,7 @@ pub(crate) mod tests {
     #[allow(dead_code)]
     pub(crate) fn field_test<F: Field, AF: FieldVar<F>>() -> Result<(), SynthesisError>
     where
-        AF: crate::select::TwoBitLookupGadget<<AF as FieldVar<F>>::ConstraintF, TableConstant = F>,
+        AF: TwoBitLookupGadget<<AF as FieldVar<F>>::ConstraintF, TableConstant = F>,
         for<'a> &'a AF: FieldOpsBounds<'a, F, AF>,
     {
         let cs = ConstraintSystem::<AF::ConstraintF>::new_ref();

Original file line number	Diff line number	Diff line change
`@@ -185,7 +185,7 @@ pub(crate) mod tests {`
`185`	`185`	`#[allow(dead_code)]`
`186`	`186`	`pub(crate) fn field_test<F: Field, AF: FieldVar<F>>() -> Result<(), SynthesisError>`
`187`	`187`	`where`
`188`		`- AF: crate::select::TwoBitLookupGadget<<AF as FieldVar<F>>::ConstraintF, TableConstant = F>,`
	`188`	`+ AF: TwoBitLookupGadget<<AF as FieldVar<F>>::ConstraintF, TableConstant = F>,`
`189`	`189`	`for<'a> &'a AF: FieldOpsBounds<'a, F, AF>,`
`190`	`190`	`{`
`191`	`191`	`let cs = ConstraintSystem::<AF::ConstraintF>::new_ref();`