refactor(fs): return named structs from fold APIs

crates/fs/src/definitions/algorithms.rs

@@ -7,6 +7,18 @@ use sonobe_primitives::{relations::Relation, transcripts::Transcript};
 
 use super::{FoldingSchemeDef, errors::Error, keys::DeciderKey};
 
+/// The artifacts produced by a single folding step.
+pub struct FoldStep<FS: FoldingSchemeDef + ?Sized, const M: usize, const N: usize> {
+    /// The next running witness after folding.
+    pub next_running_witness: FS::RW,
+    /// The next running instance after folding.
+    pub next_running_instance: FS::RU,
+    /// The proof artifact emitted by the folding step.
+    pub proof: FS::Proof<M, N>,
+    /// The challenge derived during the folding step.
+    pub challenge: FS::Challenge,
+}
+
 /// [`FoldingSchemePreprocessor`] is the trait for folding scheme preprocessor.
 pub trait FoldingSchemePreprocessor: FoldingSchemeDef {
     /// [`FoldingSchemePreprocessor::preprocess`] defines the preprocessing
@@ -56,7 +68,7 @@ pub trait FoldingSchemeProver<const M: usize, const N: usize>: FoldingSchemeDef
         ws: &[impl Borrow<Self::IW>; N],
         us: &[impl Borrow<Self::IU>; N],
         rng: impl RngCore,
-    ) -> Result<(Self::RW, Self::RU, Self::Proof<M, N>, Self::Challenge), Error>;
+    ) -> Result<FoldStep<Self, M, N>, Error>;
 }
 
 /// [`FoldingSchemeVerifier`] is the trait for folding scheme verifier.

crates/fs/src/definitions/circuits.rs

@@ -6,6 +6,14 @@ use sonobe_primitives::{commitments::CommitmentDefGadget, transcripts::Transcrip
 
 use super::{FoldingSchemeDefGadget, algorithms::FoldingSchemeOps};
 
+/// The artifacts produced by a partial in-circuit verification step.
+pub struct PartialVerifierStep<RU, Challenge> {
+    /// The next running instance after partial verification.
+    pub next_running_instance: RU,
+    /// The challenge derived during partial verification.
+    pub challenge: Challenge,
+}
+
 /// [`FoldingSchemePartialVerifierGadget`] is the partial in-circuit verifier.
 ///
 /// For schemes that have circuit-unfriendly parts in their verification, the
@@ -32,7 +40,7 @@ pub trait FoldingSchemePartialVerifierGadget<const M: usize, const N: usize>:
         Us: [&Self::RU; M],
         us: [&Self::IU; N],
         proof: &Self::Proof<M, N>,
-    ) -> Result<(Self::RU, Self::Challenge), SynthesisError>;
+    ) -> Result<PartialVerifierStep<Self::RU, Self::Challenge>, SynthesisError>;
 }
 
 /// [`FoldingSchemeFullVerifierGadget`] is the full in-circuit verifier.

crates/fs/src/hypernova/algorithms/prover.rs

@@ -19,7 +19,7 @@ use sonobe_primitives::{
 };
 
 use crate::{
-    Error, FoldingSchemeProver,
+    Error, FoldStep, FoldingSchemeProver,
     hypernova::{HyperNova, HyperNova2, HyperNovaKey, NIMFSProof},
 };
 
@@ -40,7 +40,7 @@ impl<
         ws: &[impl Borrow<Self::IW>; N],
         us: &[impl Borrow<Self::IU>; N],
         _rng: impl RngCore,
-    ) -> Result<(Self::RW, Self::RU, Self::Proof<M, N>, Self::Challenge), Error> {
+    ) -> Result<FoldStep<Self, M, N>, Error> {
         let Ws = &Ws.iter().map(|i| i.borrow()).collect::<Vec<_>>();
         let Us = &Us.iter().map(|i| i.borrow()).collect::<Vec<_>>();
         let ws = &ws.iter().map(|i| i.borrow()).collect::<Vec<_>>();
@@ -124,8 +124,8 @@ impl<
 
         let rho_powers = rho.powers(M + N);
 
-        Ok((
-            Self::RW {
+        Ok(FoldStep {
+            next_running_witness: Self::RW {
                 w: Ws
                     .iter()
                     .map(|w| &w.w[..])
@@ -137,7 +137,7 @@ impl<
                     .chain(ws.iter().map(|w| w.r))
                     .scalar_rlc(&rho_powers),
             },
-            Self::RU {
+            next_running_instance: Self::RU {
                 cm: Us
                     .iter()
                     .map(|u| u.cm)
@@ -159,13 +159,13 @@ impl<
                     .chain(thetas.chunks(t))
                     .slice_rlc(&rho_powers),
             },
-            NIMFSProof {
+            proof: NIMFSProof {
                 sc_proof: sumcheck_proof,
                 sigmas,
                 thetas,
             },
-            rho_bits.try_into().unwrap(),
-        ))
+            challenge: rho_bits.try_into().unwrap(),
+        })
     }
 }
 
@@ -186,7 +186,7 @@ impl<
         ws: &[impl Borrow<Self::IW>; N],
         us: &[impl Borrow<Self::IU>; N],
         mut rng: impl RngCore,
-    ) -> Result<(Self::RW, Self::RU, Self::Proof<M, N>, Self::Challenge), Error> {
+    ) -> Result<FoldStep<Self, M, N>, Error> {
         let Ws = &Ws.iter().map(|i| i.borrow()).collect::<Vec<_>>();
         let Us = &Us.iter().map(|i| i.borrow()).collect::<Vec<_>>();
         let ws = &ws.iter().map(|i| i.borrow()).collect::<Vec<_>>();
@@ -279,16 +279,16 @@ impl<
 
         let rho_powers = rho.powers(M + N);
 
-        Ok((
-            Self::RW {
+        Ok(FoldStep {
+            next_running_witness: Self::RW {
                 w: Ws
                     .iter()
                     .map(|w| &w.w[..])
                     .chain(ws.iter().map(|w| &w[..]))
                     .slice_rlc(&rho_powers),
                 r: Ws.iter().map(|w| w.r).chain(rs).scalar_rlc(&rho_powers),
             },
-            Self::RU {
+            next_running_instance: Self::RU {
                 cm: Us
                     .iter()
                     .map(|u| u.cm)
@@ -310,15 +310,15 @@ impl<
                     .chain(thetas.chunks(t))
                     .slice_rlc(&rho_powers),
             },
-            (
+            proof: (
                 cms,
                 NIMFSProof {
                     sc_proof: sumcheck_proof,
                     sigmas,
                     thetas,
                 },
             ),
-            rho_bits.try_into().unwrap(),
-        ))
+            challenge: rho_bits.try_into().unwrap(),
+        })
     }
 }

crates/fs/src/hypernova/circuits/verifier.rs

@@ -22,7 +22,7 @@ use sonobe_primitives::{
     transcripts::TranscriptGadget,
 };
 
-use crate::{FoldingSchemePartialVerifierGadget, hypernova::HyperNovaGadget};
+use crate::{FoldingSchemePartialVerifierGadget, PartialVerifierStep, hypernova::HyperNovaGadget};
 
 impl<
     CM: GroupBasedCommitment,
@@ -39,7 +39,7 @@ impl<
         Us: [&Self::RU; M],
         us: [&Self::IU; N],
         proof: &Self::Proof<M, N>,
-    ) -> Result<(Self::RU, Self::Challenge), SynthesisError> {
+    ) -> Result<PartialVerifierStep<Self::RU, Self::Challenge>, SynthesisError> {
         let d = V::degree();
         let s = proof.sc_proof.len();
         let t = V::n_matrices();
@@ -113,8 +113,8 @@ impl<
 
         let rho_powers = rho.powers(M + N);
 
-        Ok((
-            Self::RU {
+        Ok(PartialVerifierStep {
+            next_running_instance: Self::RU {
                 cm: {
                     let cms = Us
                         .iter()
@@ -147,7 +147,7 @@ impl<
                     .chain(proof.thetas.chunks(t))
                     .slice_rlc(&rho_powers),
             },
-            rho_bits.try_into().unwrap(),
-        ))
+            challenge: rho_bits.try_into().unwrap(),
+        })
     }
 }

crates/fs/src/lib.rs

@@ -35,10 +35,12 @@ pub mod definitions;
 pub use self::definitions::{
     FoldingSchemeDef, FoldingSchemeDefGadget,
     algorithms::{
-        FoldingSchemeDecider, FoldingSchemeKeyGenerator, FoldingSchemeOps,
+        FoldStep, FoldingSchemeDecider, FoldingSchemeKeyGenerator, FoldingSchemeOps,
         FoldingSchemePreprocessor, FoldingSchemeProver, FoldingSchemeVerifier,
     },
-    circuits::{FoldingSchemeFullVerifierGadget, FoldingSchemePartialVerifierGadget},
+    circuits::{
+        FoldingSchemeFullVerifierGadget, FoldingSchemePartialVerifierGadget, PartialVerifierStep,
+    },
     errors::Error,
     instances::{FoldingInstance, FoldingInstanceVar, PlainInstance, PlainInstanceVar},
     keys::DeciderKey,
@@ -117,9 +119,12 @@ mod tests {
             let ws = ws.try_into().unwrap();
             let us = us.try_into().unwrap();
 
-            let (WW, UU, pi, _) = FS::prove(pk, &mut transcript_p, &Ws, &Us, &ws, &us, &mut rng)?;
-            FS::decide_running(&dk, &WW, &UU)?;
-            assert_eq!(FS::verify(vk, &mut transcript_v, &Us, &us, &pi)?, UU);
+            let step = FS::prove(pk, &mut transcript_p, &Ws, &Us, &ws, &us, &mut rng)?;
+            FS::decide_running(&dk, &step.next_running_witness, &step.next_running_instance)?;
+            assert_eq!(
+                FS::verify(vk, &mut transcript_v, &Us, &us, &step.proof)?,
+                step.next_running_instance
+            );
 
             for i in 0..M {
                 let (W, U) = WitnessInstanceSampler::<FS::RW, FS::RU>::sample(&dk, (), &mut rng)?;
@@ -129,8 +134,8 @@ mod tests {
             }
             if M != 0 {
                 let idx = rng.gen_range(0..M);
-                Ws[idx] = WW;
-                Us[idx] = UU;
+                Ws[idx] = step.next_running_witness;
+                Us[idx] = step.next_running_instance;
             }
         }
 

crates/fs/src/mova/algorithms/prover.rs

@@ -16,7 +16,7 @@ use sonobe_primitives::{
 };
 
 use crate::{
-    Error, FoldingSchemeProver,
+    Error, FoldStep, FoldingSchemeProver,
     mova::{Mova, MovaKey, MovaProof},
 };
 
@@ -32,7 +32,7 @@ impl<CM: GroupBasedCommitment, const CHALLENGE_BITS: usize> FoldingSchemeProver<
         ws: &[impl Borrow<Self::IW>; 1],
         us: &[impl Borrow<Self::IU>; 1],
         rng: impl RngCore,
-    ) -> Result<(Self::RW, Self::RU, Self::Proof<1, 1>, Self::Challenge), Error> {
+    ) -> Result<FoldStep<Self, 1, 1>, Error> {
         let (W, U) = (Ws[0].borrow(), Us[0].borrow());
         let (w, u) = (ws[0].borrow(), us[0].borrow());
 
@@ -111,16 +111,16 @@ impl<CM: GroupBasedCommitment, const CHALLENGE_BITS: usize> FoldingSchemeProver<
         let rho = CM::Scalar::from_bits_le(&rho_bits);
 
         // Step 7.3: Compute new W and U
-        Ok((
-            Self::RW {
+        Ok(FoldStep {
+            next_running_witness: Self::RW {
                 e: cfg_iter!(W.e).zip(&T).map(|(a, b)| rho * b + a).collect(),
                 w: cfg_iter!(W.w)
                     .zip(&w[..])
                     .map(|(a, b)| rho * b + a)
                     .collect(),
                 r_w: W.r_w + r_w * rho,
             },
-            Self::RU {
+            next_running_instance: Self::RU {
                 r_e: r_e_prime,
                 v: h1.evaluate(&beta) + rho * t,
                 u: U.u + rho,
@@ -130,8 +130,8 @@ impl<CM: GroupBasedCommitment, const CHALLENGE_BITS: usize> FoldingSchemeProver<
                     .map(|(a, b)| rho * b + a)
                     .collect(),
             },
-            MovaProof { h1_coeffs, t, cm_w },
-            rho_bits.try_into().unwrap(),
-        ))
+            proof: MovaProof { h1_coeffs, t, cm_w },
+            challenge: rho_bits.try_into().unwrap(),
+        })
     }
 }

crates/fs/src/mova/circuits/verifier.rs

@@ -10,7 +10,7 @@ use sonobe_primitives::{
     transcripts::TranscriptGadget,
 };
 
-use crate::{FoldingSchemePartialVerifierGadget, mova::MovaGadget};
+use crate::{FoldingSchemePartialVerifierGadget, PartialVerifierStep, mova::MovaGadget};
 
 impl<CM: GroupBasedCommitment, const CHALLENGE_BITS: usize> FoldingSchemePartialVerifierGadget<1, 1>
     for MovaGadget<CM, CHALLENGE_BITS>
@@ -22,7 +22,7 @@ impl<CM: GroupBasedCommitment, const CHALLENGE_BITS: usize> FoldingSchemePartial
         [U]: [&Self::RU; 1],
         [u]: [&Self::IU; 1],
         proof: &Self::Proof<1, 1>,
-    ) -> Result<(Self::RU, Self::Challenge), SynthesisError> {
+    ) -> Result<PartialVerifierStep<Self::RU, Self::Challenge>, SynthesisError> {
         let h1 = DensePolynomialVar::from_coefficients_vec(
             [&[U.v.clone()][..], &proof.h1_coeffs].concat(),
         );
@@ -42,8 +42,8 @@ impl<CM: GroupBasedCommitment, const CHALLENGE_BITS: usize> FoldingSchemePartial
         let rho_bits = transcript.challenge_bits(CHALLENGE_BITS)?;
         let rho = FpVar::from_bits_le(&rho_bits)?;
 
-        Ok((
-            Self::RU {
+        Ok(PartialVerifierStep {
+            next_running_instance: Self::RU {
                 r_e: U
                     .r_e
                     .iter()
@@ -58,7 +58,7 @@ impl<CM: GroupBasedCommitment, const CHALLENGE_BITS: usize> FoldingSchemePartial
                 })?,
                 x: U.x.iter().zip(&u[..]).map(|(a, b)| &rho * b + a).collect(),
             },
-            rho_bits.try_into().unwrap(),
-        ))
+            challenge: rho_bits.try_into().unwrap(),
+        })
     }
 }