correct error type for PlonkVerifierGadget

plonk/src/circuit/plonk_verifier/gadgets.rs

@@ -8,7 +8,7 @@
 use crate::{
     circuit::{plonk_verifier::*, transcript::RescueTranscriptVar},
     constants::EXTRA_TRANSCRIPT_MSG_LABEL,
-    errors::{PlonkError, SnarkError::ParameterError},
+    errors::PlonkError,
 };
 use ark_ec::{
     short_weierstrass_jacobian::GroupAffine, PairingEngine, SWModelParameters as SWParam,
@@ -18,6 +18,7 @@ use ark_poly::{EvaluationDomain, Radix2EvaluationDomain};
 use ark_std::{format, vec::Vec};
 use jf_primitives::rescue::RescueParameter;
 use jf_relation::{
+    errors::{CircuitError, CircuitError::ParameterError},
     gadgets::{
         ecc::{PointVariable, SWToTEConParam},
         ultraplonk::mod_arith::{FpElem, FpElemVar},
@@ -48,7 +49,7 @@ pub(super) fn aggregate_poly_commitments_circuit<E, F>(
     batch_proof: &BatchProofVar<F>,
     alpha_bases: &[FpElemVar<F>],
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<(ScalarsAndBasesVar<F>, Vec<FpElemVar<F>>), PlonkError>
+) -> Result<(ScalarsAndBasesVar<F>, Vec<FpElemVar<F>>), CircuitError>
 where
     E: PairingEngine<Fq = F>,
     F: PrimeField,
@@ -58,8 +59,7 @@ where
             "the number of verification keys {} != the number of instances {}",
             vks.len(),
             batch_proof.len()
-        ))
-        .into());
+        )));
     }
 
     // Compute the first part of the batched polynomial commitment `[D]1` described in Sec 8.4, step 9 of https://eprint.iacr.org/2019/953.pdf
@@ -132,7 +132,7 @@ pub(super) fn aggregate_evaluations_circuit<E, F>(
     poly_evals_vec: &[ProofEvaluationsVar<F>],
     non_native_field_info: NonNativeFieldInfo<F>,
     buffer_v_and_uv_basis: &[FpElemVar<F>],
-) -> Result<FpElemVar<F>, PlonkError>
+) -> Result<FpElemVar<F>, CircuitError>
 where
     E: PairingEngine<Fq = F>,
     F: PrimeField,
@@ -177,7 +177,7 @@ where
     }
     // ensure all the buffer has been consumed
     if v_and_uv_basis.next().is_some() {
-        return Err(PlonkError::IteratorOutOfRange);
+        return Err(PlonkError::IteratorOutOfRange)?;
     }
     Ok(result)
 }
@@ -191,7 +191,7 @@ pub(super) fn compute_challenges_vars<E, F, P>(
     batch_proof: &BatchProofVar<F>,
     extra_transcript_init_msg: &Option<Vec<u8>>,
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<ChallengesFpElemVar<F>, PlonkError>
+) -> Result<ChallengesFpElemVar<F>, CircuitError>
 where
     E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
     F: RescueParameter + SWToTEConParam,
@@ -270,7 +270,7 @@ pub(super) fn prepare_pcs_info_var<E, F, P>(
 
     domain: Radix2EvaluationDomain<E::Fr>,
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<PcsInfoVar<F>, PlonkError>
+) -> Result<PcsInfoVar<F>, CircuitError>
 where
     E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
     F: RescueParameter + SWToTEConParam,
@@ -398,7 +398,7 @@ fn add_poly_comm_circuit<F>(
     comm: &PointVariable,
     r: &FpElemVar<F>,
     p: &FpElem<F>,
-) -> Result<(), PlonkError>
+) -> Result<(), CircuitError>
 where
     F: PrimeField,
 {
@@ -417,7 +417,7 @@ fn add_pcs_eval_circuit<F>(
     random_combiner: &FpElemVar<F>,
     eval: &FpElemVar<F>,
     p: &FpElem<F>,
-) -> Result<(), PlonkError>
+) -> Result<(), CircuitError>
 where
     F: PrimeField,
 {
@@ -434,7 +434,7 @@ fn compute_alpha_basis<F: PrimeField>(
     alpha_to_3: FpElemVar<F>,
     len: usize,
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<Vec<FpElemVar<F>>, PlonkError> {
+) -> Result<Vec<FpElemVar<F>>, CircuitError> {
     let mut res = Vec::new();
     let mut alpha_base_elem_var = FpElemVar::<F>::one(
         circuit,
@@ -472,12 +472,12 @@ mod test {
 
     const RANGE_BIT_LEN_FOR_TEST: usize = 16;
     #[test]
-    fn test_compute_challenges_vars_circuit() -> Result<(), PlonkError> {
+    fn test_compute_challenges_vars_circuit() -> Result<(), CircuitError> {
         test_compute_challenges_vars_circuit_helper::<Bls12_377, _, _, Param377, RescueTranscript<_>>(
         )
     }
 
-    fn test_compute_challenges_vars_circuit_helper<E, F, P, Q, T>() -> Result<(), PlonkError>
+    fn test_compute_challenges_vars_circuit_helper<E, F, P, Q, T>() -> Result<(), CircuitError>
     where
         E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
         F: RescueParameter + SWToTEConParam,

plonk/src/circuit/plonk_verifier/mod.rs

@@ -5,10 +5,7 @@
 // along with the Jellyfish library. If not, see <https://mit-license.org/>.
 
 //! Circuits for Plonk verifiers.
-use crate::{
-    errors::{PlonkError, SnarkError::ParameterError},
-    proof_system::{structs::VerifyingKey, verifier::Verifier},
-};
+use crate::proof_system::{structs::VerifyingKey, verifier::Verifier};
 use ark_ec::{
     short_weierstrass_jacobian::GroupAffine, PairingEngine, SWModelParameters as SWParam,
     TEModelParameters as TEParam,
@@ -17,7 +14,7 @@ use ark_ff::{BigInteger, FpParameters, PrimeField};
 use ark_std::{format, string::ToString, vec, vec::Vec};
 use jf_primitives::rescue::RescueParameter;
 use jf_relation::{
-    errors::CircuitError,
+    errors::{CircuitError, CircuitError::ParameterError},
     gadgets::{
         ecc::{MultiScalarMultiplicationCircuit, Point, PointVariable, SWToTEConParam},
         ultraplonk::mod_arith::{FpElem, FpElemVar},
@@ -58,7 +55,7 @@ impl<E: PairingEngine> VerifyingKeyVar<E> {
     pub fn new<F, P>(
         circuit: &mut PlonkCircuit<F>,
         verify_key: &VerifyingKey<E>,
-    ) -> Result<Self, PlonkError>
+    ) -> Result<Self, CircuitError>
     where
         E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
         F: PrimeField + SWToTEConParam,
@@ -103,7 +100,7 @@ impl<E: PairingEngine> VerifyingKeyVar<E> {
         &self,
         circuit: &mut PlonkCircuit<F>,
         other: &Self,
-    ) -> Result<Self, PlonkError>
+    ) -> Result<Self, CircuitError>
     where
         F: PrimeField,
         P: TEParam<BaseField = F>,
@@ -157,7 +154,7 @@ impl<E: PairingEngine> VerifyingKeyVar<E> {
         shared_public_input_vars: &[FpElemVar<F>],
         batch_proof: &BatchProofVar<F>,
         blinding_factor: Variable,
-    ) -> Result<(PointVariable, PointVariable), PlonkError>
+    ) -> Result<(PointVariable, PointVariable), CircuitError>
     where
         E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
         F: RescueParameter + SWToTEConParam,
@@ -287,7 +284,7 @@ pub trait BatchableCircuit<F> {
         &mut self,
         vk_type_a_vars: &[VerifyingKeyVar<E>],
         vk_type_b_vars: &[VerifyingKeyVar<E>],
-    ) -> Result<Vec<VerifyingKeyVar<E>>, PlonkError>
+    ) -> Result<Vec<VerifyingKeyVar<E>>, CircuitError>
     where
         E: PairingEngine,
         P: TEParam<BaseField = F>;
@@ -302,7 +299,7 @@ where
         &mut self,
         vk_type_a_vars: &[VerifyingKeyVar<E>],
         vk_type_b_vars: &[VerifyingKeyVar<E>],
-    ) -> Result<Vec<VerifyingKeyVar<E>>, PlonkError>
+    ) -> Result<Vec<VerifyingKeyVar<E>>, CircuitError>
     where
         E: PairingEngine,
         P: TEParam<BaseField = F>,
@@ -318,7 +315,7 @@ where
             .iter()
             .zip(vk_type_b_vars.iter())
             .map(|(vk_b, vk_d)| vk_b.merge::<F, P>(self, vk_d))
-            .collect::<Result<Vec<_>, PlonkError>>()
+            .collect::<Result<Vec<_>, CircuitError>>()
     }
 }
 
@@ -346,11 +343,11 @@ mod test {
     const RANGE_BIT_LEN_FOR_TEST: usize = 16;
 
     #[test]
-    fn test_aggregate_vks() -> Result<(), PlonkError> {
+    fn test_aggregate_vks() -> Result<(), CircuitError> {
         test_aggregate_vks_helper::<Bls12_377, Fq377, _, Param377>()
     }
 
-    fn test_aggregate_vks_helper<E, F, P, Q>() -> Result<(), PlonkError>
+    fn test_aggregate_vks_helper<E, F, P, Q>() -> Result<(), CircuitError>
     where
         E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
         F: PrimeField + RescueParameter + SWToTEConParam,
@@ -396,15 +393,15 @@ mod test {
         let vk_type_a_vars = vks_type_a
             .iter()
             .map(|vk| VerifyingKeyVar::new(&mut circuit, vk))
-            .collect::<Result<Vec<_>, PlonkError>>()?;
+            .collect::<Result<Vec<_>, CircuitError>>()?;
         for (vk_var, vk) in vk_type_a_vars.iter().zip(vks_type_a.iter()) {
             check_vk_equality(&circuit, vk_var, vk);
         }
 
         let vk_type_b_vars = vks_type_b
             .iter()
             .map(|vk| VerifyingKeyVar::new(&mut circuit, vk))
-            .collect::<Result<Vec<_>, PlonkError>>()?;
+            .collect::<Result<Vec<_>, CircuitError>>()?;
         for (vk_var, vk) in vk_type_b_vars.iter().zip(vks_type_b.iter()) {
             check_vk_equality(&circuit, vk_var, vk);
         }
@@ -460,11 +457,11 @@ mod test {
     }
 
     #[test]
-    fn test_partial_verification_circuit() -> Result<(), PlonkError> {
+    fn test_partial_verification_circuit() -> Result<(), CircuitError> {
         test_partial_verification_circuit_helper::<Bls12_377, _, _, Param377, RescueTranscript<_>>()
     }
 
-    fn test_partial_verification_circuit_helper<E, F, P, Q, T>() -> Result<(), PlonkError>
+    fn test_partial_verification_circuit_helper<E, F, P, Q, T>() -> Result<(), CircuitError>
     where
         E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
         F: RescueParameter + SWToTEConParam,
@@ -697,7 +694,7 @@ mod test {
         beta_g_ref: &GroupAffine<P>,
         generator_g: &GroupAffine<P>,
         blinding_factor: &E::Fr,
-    ) -> Result<(PlonkCircuit<F>, (PointVariable, PointVariable)), PlonkError>
+    ) -> Result<(PlonkCircuit<F>, (PointVariable, PointVariable)), CircuitError>
     where
         E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
         F: RescueParameter + SWToTEConParam,
@@ -742,7 +739,7 @@ mod test {
     }
 
     #[test]
-    fn test_variable_independence_for_partial_verification_circuit() -> Result<(), PlonkError> {
+    fn test_variable_independence_for_partial_verification_circuit() -> Result<(), CircuitError> {
         test_variable_independence_for_partial_verification_circuit_helper::<
             Bls12_377,
             _,
@@ -753,7 +750,7 @@ mod test {
     }
 
     fn test_variable_independence_for_partial_verification_circuit_helper<E, F, P, Q, T>(
-    ) -> Result<(), PlonkError>
+    ) -> Result<(), CircuitError>
     where
         E: PairingEngine<Fq = F, G1Affine = GroupAffine<P>>,
         F: RescueParameter + SWToTEConParam,

plonk/src/circuit/plonk_verifier/poly.rs

@@ -5,16 +5,14 @@
 // along with the Jellyfish library. If not, see <https://mit-license.org/>.
 
 //! Circuits for the polynomial evaluations within Plonk verifiers.
-use crate::{
-    circuit::plonk_verifier::*,
-    errors::{PlonkError, SnarkError::ParameterError},
-};
+use crate::{circuit::plonk_verifier::*, errors::PlonkError};
 use ark_ec::PairingEngine;
 use ark_ff::PrimeField;
 use ark_poly::{EvaluationDomain, Radix2EvaluationDomain};
 use ark_std::{format, string::ToString, vec, vec::Vec, One};
 use jf_relation::{
     constants::GATE_WIDTH,
+    errors::{CircuitError, CircuitError::ParameterError},
     gadgets::ultraplonk::mod_arith::{FpElem, FpElemVar},
     PlonkCircuit,
 };
@@ -41,7 +39,7 @@ pub(super) fn evaluate_poly_helper<E, F>(
     zeta_fp_elem_var: &FpElemVar<F>,
     domain_size: usize,
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<([FpElemVar<F>; 3]), PlonkError>
+) -> Result<([FpElemVar<F>; 3]), CircuitError>
 where
     E: PairingEngine<Fq = F>,
     F: PrimeField,
@@ -188,14 +186,14 @@ pub(super) fn evaluate_pi_poly_circuit<E, F>(
     vanish_eval_fp_elem_var: &FpElemVar<F>,
     circuit_is_merged: bool,
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<FpElemVar<F>, PlonkError>
+) -> Result<FpElemVar<F>, CircuitError>
 where
     E: PairingEngine<Fq = F>,
     F: PrimeField,
 {
     // the circuit is already merged
     if !circuit_is_merged {
-        return Err(PlonkError::InvalidParameters(
+        return Err(CircuitError::ParameterError(
             "Circuit should already been merged".to_string(),
         ));
     }
@@ -319,7 +317,7 @@ pub(super) fn compute_lin_poly_constant_term_circuit<E, F>(
     evals: &[FpElemVar<F>; 3],
     alpha_bases: &[FpElemVar<F>],
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<FpElemVar<F>, PlonkError>
+) -> Result<FpElemVar<F>, CircuitError>
 where
     E: PairingEngine<Fq = F>,
     F: PrimeField,
@@ -343,7 +341,7 @@ where
     let pi = public_inputs[0];
     for &pi_i in public_inputs.iter().skip(1) {
         if pi != pi_i {
-            return Err(PlonkError::PublicInputsDoNotMatch);
+            return Err(PlonkError::PublicInputsDoNotMatch)?;
         }
     }
 
@@ -465,7 +463,7 @@ where
     }
     // ensure all the buffer has been consumed
     if alpha_bases_elem_var.next().is_some() {
-        return Err(PlonkError::IteratorOutOfRange);
+        return Err(PlonkError::IteratorOutOfRange)?;
     }
     // =====================================================
     // second statement
@@ -492,7 +490,7 @@ pub(super) fn linearization_scalars_and_bases_circuit<E, F>(
     batch_proof: &BatchProofVar<F>,
     alpha_bases: &[FpElemVar<F>],
     non_native_field_info: NonNativeFieldInfo<F>,
-) -> Result<ScalarsAndBasesVar<F>, PlonkError>
+) -> Result<ScalarsAndBasesVar<F>, CircuitError>
 where
     E: PairingEngine<Fq = F>,
     F: PrimeField,
@@ -616,7 +614,7 @@ where
 
         // Add output wire sigma polynomial commitment.
         scalars_and_bases.scalars.push(coeff_fp_elem_var);
-        let tmp = circuit.inverse_point(vk.sigma_comms.last().ok_or(PlonkError::IndexError)?)?;
+        let tmp = circuit.inverse_point(vk.sigma_comms.last().ok_or(CircuitError::IndexError)?)?;
 
         scalars_and_bases.bases.push(tmp);
 
@@ -693,7 +691,7 @@ where
 
     // ensure all the buffer has been consumed
     if alpha_bases_elem_var.next().is_some() {
-        return Err(PlonkError::IteratorOutOfRange);
+        return Err(PlonkError::IteratorOutOfRange)?;
     }
     // ============================================
     // Add splitted quotient commitments
@@ -714,7 +712,7 @@ where
         batch_proof
             .split_quot_poly_comms
             .first()
-            .ok_or(PlonkError::IndexError)?,
+            .ok_or(CircuitError::IndexError)?,
     )?;
     scalars_and_bases.scalars.push(poly_evals[1]);
     scalars_and_bases.bases.push(tmp);

plonk/src/errors.rs

@@ -6,7 +6,7 @@
 
 //! Error module.
 
-use ark_std::string::String;
+use ark_std::{format, string::String};
 use displaydoc::Display;
 use jf_relation::errors::CircuitError;
 
@@ -97,3 +97,11 @@ impl From<CircuitError> for PlonkError {
         Self::CircuitError(e)
     }
 }
+
+impl From<PlonkError> for CircuitError {
+    // this happen during invocation of Plonk proof system API inside Verifier
+    // gadget
+    fn from(e: PlonkError) -> Self {
+        Self::ParameterError(format!("Plonk proof system err: {:?}", e))
+    }
+}