chore: Pedersen verification key reference field

backend/groth16/bn254/solidity.go

@@ -104,11 +104,11 @@ contract Verifier {
     uint256 constant PEDERSEN_G_Y_0 = {{ (fpstr $cmtVk0.G.Y.A0) }};
     uint256 constant PEDERSEN_G_Y_1 = {{ (fpstr $cmtVk0.G.Y.A1) }};
 
-    // Pedersen GSigma point in G2 in powers of i
-    uint256 constant PEDERSEN_GSIGMA_X_0 = {{ (fpstr $cmtVk0.GSigma.X.A0) }};
-    uint256 constant PEDERSEN_GSIGMA_X_1 = {{ (fpstr $cmtVk0.GSigma.X.A1) }};
-    uint256 constant PEDERSEN_GSIGMA_Y_0 = {{ (fpstr $cmtVk0.GSigma.Y.A0) }};
-    uint256 constant PEDERSEN_GSIGMA_Y_1 = {{ (fpstr $cmtVk0.GSigma.Y.A1) }};
+    // Pedersen GSigmaNeg point in G2 in powers of i
+    uint256 constant PEDERSEN_GSIGMANEG_X_0 = {{ (fpstr $cmtVk0.GSigmaNeg.X.A0) }};
+    uint256 constant PEDERSEN_GSIGMANEG_X_1 = {{ (fpstr $cmtVk0.GSigmaNeg.X.A1) }};
+    uint256 constant PEDERSEN_GSIGMANEG_Y_0 = {{ (fpstr $cmtVk0.GSigmaNeg.Y.A0) }};
+    uint256 constant PEDERSEN_GSIGMANEG_Y_1 = {{ (fpstr $cmtVk0.GSigmaNeg.Y.A1) }};
     {{- end }}
 
     // Constant and public input points
@@ -579,10 +579,10 @@ contract Verifier {
             // Commitments
             pairings[ 0] = commitments[0];
             pairings[ 1] = commitments[1];
-            pairings[ 2] = PEDERSEN_GSIGMA_X_1;
-            pairings[ 3] = PEDERSEN_GSIGMA_X_0;
-            pairings[ 4] = PEDERSEN_GSIGMA_Y_1;
-            pairings[ 5] = PEDERSEN_GSIGMA_Y_0;
+            pairings[ 2] = PEDERSEN_GSIGMANEG_X_1;
+            pairings[ 3] = PEDERSEN_GSIGMANEG_X_0;
+            pairings[ 4] = PEDERSEN_GSIGMANEG_Y_1;
+            pairings[ 5] = PEDERSEN_GSIGMANEG_Y_0;
             pairings[ 6] = Px;
             pairings[ 7] = Py;
             pairings[ 8] = PEDERSEN_G_X_1;
@@ -730,10 +730,10 @@ contract Verifier {
             let f := mload(0x40)
 
             calldatacopy(f, commitments, 0x40) // Copy Commitments
-            mstore(add(f, 0x40), PEDERSEN_GSIGMA_X_1)
-            mstore(add(f, 0x60), PEDERSEN_GSIGMA_X_0)
-            mstore(add(f, 0x80), PEDERSEN_GSIGMA_Y_1)
-            mstore(add(f, 0xa0), PEDERSEN_GSIGMA_Y_0)
+            mstore(add(f, 0x40), PEDERSEN_GSIGMANEG_X_1)
+            mstore(add(f, 0x60), PEDERSEN_GSIGMANEG_X_0)
+            mstore(add(f, 0x80), PEDERSEN_GSIGMANEG_Y_1)
+            mstore(add(f, 0xa0), PEDERSEN_GSIGMANEG_Y_0)
             calldatacopy(add(f, 0xc0), commitmentPok, 0x40)
             mstore(add(f, 0x100), PEDERSEN_G_X_1)
             mstore(add(f, 0x120), PEDERSEN_G_X_0)

go.mod

@@ -7,9 +7,9 @@ toolchain go1.22.6
 require (
 	github.com/bits-and-blooms/bitset v1.14.2
 	github.com/blang/semver/v4 v4.0.0
-	github.com/consensys/bavard v0.1.13
+	github.com/consensys/bavard v0.1.15
 	github.com/consensys/compress v0.2.5
-	github.com/consensys/gnark-crypto v0.14.1-0.20240909142611-e6b99e74cec1
+	github.com/consensys/gnark-crypto v0.14.1-0.20241002214024-485db50997ef
 	github.com/fxamacker/cbor/v2 v2.7.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8

go.sum

@@ -57,12 +57,12 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ=
-github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
+github.com/consensys/bavard v0.1.15 h1:fxv2mg1afRMJvZgpwEgLmyr2MsQwaAYcyKf31UBHzw4=
+github.com/consensys/bavard v0.1.15/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
 github.com/consensys/compress v0.2.5 h1:gJr1hKzbOD36JFsF1AN8lfXz1yevnJi1YolffY19Ntk=
 github.com/consensys/compress v0.2.5/go.mod h1:pyM+ZXiNUh7/0+AUjUf9RKUM6vSH7T/fsn5LLS0j1Tk=
-github.com/consensys/gnark-crypto v0.14.1-0.20240909142611-e6b99e74cec1 h1:xsKDyn8I+lnrLFsJL6bbDavs7xTrmKeQE/xe/htVt3I=
-github.com/consensys/gnark-crypto v0.14.1-0.20240909142611-e6b99e74cec1/go.mod h1:CU4UijNPsHawiVGNxe9co07FkzCeWHHrb1li/n1XoU0=
+github.com/consensys/gnark-crypto v0.14.1-0.20241002214024-485db50997ef h1:ZK7HNEFMkTslyLKLbWpDATuZYUWbOcjm8yl50rL9XdQ=
+github.com/consensys/gnark-crypto v0.14.1-0.20241002214024-485db50997ef/go.mod h1:AL8vs/7MyZ0P93tcNDkUWVwf2rWLUGFUP/1iqiF7h4E=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=

internal/generator/backend/template/zkpschemes/groth16/tests/groth16.marshal.go.tmpl

@@ -92,7 +92,7 @@ func TestVerifyingKeySerialization(t *testing.T) {
 					for j := range bases[i] {
 						bases[i][j] = elem
 						elem.Add(&elem, &p1)
-						vk.CommitmentKeys = append(vk.CommitmentKeys, pedersen.VerifyingKey{G: p2, GSigma: p2})
+						vk.CommitmentKeys = append(vk.CommitmentKeys, pedersen.VerifyingKey{G: p2, GSigmaNeg: p2})
 					}
 				}
 				assert.NoError(t, err)

std/commitments/pedersen/assignment.go

@@ -34,35 +34,35 @@ func ValueOfVerifyingKey[G2El algebra.G2ElementT](vk any) (VerifyingKey[G2El], e
 			return ret, fmt.Errorf("expected *ped_bls12377.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bls12377.NewG2Affine(tVk.G)
-		s.GSigma = sw_bls12377.NewG2Affine(tVk.GSigma)
+		s.GSigmaNeg = sw_bls12377.NewG2Affine(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bls12381.G2Affine]:
 		tVk, ok := vk.(*ped_bls12381.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bls12381.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bls12381.NewG2Affine(tVk.G)
-		s.GSigma = sw_bls12381.NewG2Affine(tVk.GSigma)
+		s.GSigmaNeg = sw_bls12381.NewG2Affine(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bls24315.G2Affine]:
 		tVk, ok := vk.(*ped_bls24315.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bls24315.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bls24315.NewG2Affine(tVk.G)
-		s.GSigma = sw_bls24315.NewG2Affine(tVk.GSigma)
+		s.GSigmaNeg = sw_bls24315.NewG2Affine(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bw6761.G2Affine]:
 		tVk, ok := vk.(*ped_bw6761.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bw6761.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bw6761.NewG2Affine(tVk.G)
-		s.GSigma = sw_bw6761.NewG2Affine(tVk.GSigma)
+		s.GSigmaNeg = sw_bw6761.NewG2Affine(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bn254.G2Affine]:
 		tVk, ok := vk.(*ped_bn254.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bn254.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bn254.NewG2Affine(tVk.G)
-		s.GSigma = sw_bn254.NewG2Affine(tVk.GSigma)
+		s.GSigmaNeg = sw_bn254.NewG2Affine(tVk.GSigmaNeg)
 	default:
 		panic(fmt.Sprintf("unknown parametric type: %T", s))
 	}
@@ -82,35 +82,35 @@ func ValueOfVerifyingKeyFixed[G2El algebra.G2ElementT](vk any) (VerifyingKey[G2E
 			return ret, fmt.Errorf("expected *ped_bls12377.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bls12377.NewG2AffineFixed(tVk.G)
-		s.GSigma = sw_bls12377.NewG2AffineFixed(tVk.GSigma)
+		s.GSigmaNeg = sw_bls12377.NewG2AffineFixed(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bls12381.G2Affine]:
 		tVk, ok := vk.(*ped_bls12381.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bls12381.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bls12381.NewG2AffineFixed(tVk.G)
-		s.GSigma = sw_bls12381.NewG2AffineFixed(tVk.GSigma)
+		s.GSigmaNeg = sw_bls12381.NewG2AffineFixed(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bls24315.G2Affine]:
 		tVk, ok := vk.(*ped_bls24315.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bls24315.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bls24315.NewG2AffineFixed(tVk.G)
-		s.GSigma = sw_bls24315.NewG2AffineFixed(tVk.GSigma)
+		s.GSigmaNeg = sw_bls24315.NewG2AffineFixed(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bw6761.G2Affine]:
 		tVk, ok := vk.(*ped_bw6761.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bw6761.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bw6761.NewG2AffineFixed(tVk.G)
-		s.GSigma = sw_bw6761.NewG2AffineFixed(tVk.GSigma)
+		s.GSigmaNeg = sw_bw6761.NewG2AffineFixed(tVk.GSigmaNeg)
 	case *VerifyingKey[sw_bn254.G2Affine]:
 		tVk, ok := vk.(*ped_bn254.VerifyingKey)
 		if !ok {
 			return ret, fmt.Errorf("expected *ped_bn254.VerifyingKey, got %T", vk)
 		}
 		s.G = sw_bn254.NewG2AffineFixed(tVk.G)
-		s.GSigma = sw_bn254.NewG2AffineFixed(tVk.GSigma)
+		s.GSigmaNeg = sw_bn254.NewG2AffineFixed(tVk.GSigmaNeg)
 	default:
 		return ret, fmt.Errorf("unknown parametric type: %T", s)
 	}

std/commitments/pedersen/verifier.go

@@ -21,8 +21,8 @@ type KnowledgeProof[G1El algebra.G1ElementT] struct {
 
 // VerifyingKey is a verifying key for Pedersen vector commitments.
 type VerifyingKey[G2El algebra.G2ElementT] struct {
-	G      G2El
-	GSigma G2El // (-1/σ)[G] for toxic σ
+	G         G2El
+	GSigmaNeg G2El // (-1/σ)[G] for toxic σ
 }
 
 // Verifier verifies the knowledge proofs for a Pedersen commitments
@@ -63,7 +63,7 @@ func (v *Verifier[FR, G1El, G2El, GtEl]) AssertCommitment(commitment Commitment[
 		v.pairing.AssertIsOnG1(&knowledgeProof.G1El)
 	}
 
-	if err = v.pairing.PairingCheck([]*G1El{&commitment.G1El, &knowledgeProof.G1El}, []*G2El{&vk.GSigma, &vk.G}); err != nil {
+	if err = v.pairing.PairingCheck([]*G1El{&commitment.G1El, &knowledgeProof.G1El}, []*G2El{&vk.GSigmaNeg, &vk.G}); err != nil {
 		return fmt.Errorf("pairing check failed: %w", err)
 	}
 	return nil