paritytech · swasilyev · May 18, 2026 · May 17, 2026 · May 17, 2026 · May 17, 2026
diff --git a/w3f-ring-proof/src/piop/mod.rs b/w3f-ring-proof/src/piop/mod.rs
@@ -1,5 +1,4 @@
 use ark_ec::pairing::Pairing;
-use ark_ec::twisted_edwards::{Affine, TECurveConfig};
 use ark_ec::AffineRepr;
 use ark_ff::PrimeField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
@@ -97,7 +96,7 @@ impl<F: PrimeField, C: Commitment<F>> FixedColumnsCommitted<F, C> {
 }
 
 impl<E: Pairing> FixedColumnsCommitted<E::ScalarField, KzgCommitment<E>> {
-    pub fn from_ring<G: TECurveConfig<BaseField = E::ScalarField>>(
+    pub fn from_ring<G: AffineRepr<BaseField = E::ScalarField>>(
         ring: &Ring<E::ScalarField, E, G>,
     ) -> Self {
         let cx = KzgCommitment(ring.cx);
@@ -159,7 +158,7 @@ impl<F: PrimeField, CS: PCS<F>> Clone for VerifierKey<F, CS> {
 }
 
 impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> {
-    pub fn from_ring_and_kzg_vk<G: TECurveConfig<BaseField = E::ScalarField>>(
+    pub fn from_ring_and_kzg_vk<G: AffineRepr<BaseField = E::ScalarField>>(
         ring: &Ring<E::ScalarField, E, G>,
         kzg_vk: RawKzgVerifierKey<E>,
     ) -> Self {
@@ -181,11 +180,11 @@ impl<E: Pairing> VerifierKey<E::ScalarField, KZG<E>> {
     }
 }
 
-pub fn index<F: PrimeField, CS: PCS<F>, Curve: TECurveConfig<BaseField = F>>(
+pub fn index<F: PrimeField, CS: PCS<F>, G: AffineRepr<BaseField = F>>(
     pcs_params: &CS::Params,
-    piop_params: &PiopParams<Affine<Curve>>,
-    keys: &[Affine<Curve>],
-) -> (ProverKey<F, CS, Affine<Curve>>, VerifierKey<F, CS>) {
+    piop_params: &PiopParams<G>,
+    keys: &[G],
+) -> (ProverKey<F, CS, G>, VerifierKey<F, CS>) {
     let pcs_ck = pcs_params.ck();
     let pcs_raw_vk = pcs_params.raw_vk();
     let fixed_columns = piop_params.fixed_columns(&keys);

diff --git a/w3f-ring-proof/src/piop/prover.rs b/w3f-ring-proof/src/piop/prover.rs
@@ -1,4 +1,6 @@
-use ark_ec::twisted_edwards::{Affine, TECurveConfig};
+use ark_ec::short_weierstrass::{Affine as SwAffine, SWCurveConfig};
+use ark_ec::twisted_edwards::{Affine as TeAffine, TECurveConfig};
+use ark_ec::AffineRepr;
 use ark_ff::PrimeField;
 use ark_poly::univariate::DensePolynomial;
 use ark_poly::Evaluations;
@@ -22,28 +24,28 @@ use w3f_plonk_common::FieldColumn;
 
 // The 'table': columns representing the execution trace of the computation
 // and the constraints -- polynomials that vanish on every 2 consecutive rows.
-pub struct PiopProver<F: PrimeField, Curve: TECurveConfig<BaseField = F>> {
+pub struct PiopProver<F: PrimeField, G: AffineRepr<BaseField = F>> {
     domain: Domain<F>,
     /// Advice (public input) columns
-    points: AffineColumn<F, Affine<Curve>>,
+    points: AffineColumn<F, G>,
     ring_selector: FieldColumn<F>,
     // Private input column.
     bits: BitColumn<F>,
     // Gadgets:
     booleanity: Booleanity<F>,
     inner_prod: InnerProd<F>,
     inner_prod_acc: FixedCells<F>,
-    cond_add: CondAdd<F, Affine<Curve>>,
+    cond_add: CondAdd<F, G>,
     cond_add_acc_x: FixedCells<F>,
     cond_add_acc_y: FixedCells<F>,
 }
 
-impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopProver<F, Curve> {
+impl<F: PrimeField, G: AffineRepr<BaseField = F>> PiopProver<F, G> {
     pub fn build(
-        params: &PiopParams<Affine<Curve>>,
-        fixed_columns: FixedColumns<F, Affine<Curve>>,
+        params: &PiopParams<G>,
+        fixed_columns: FixedColumns<F, G>,
         prover_index_in_keys: usize,
-        secret: Curve::ScalarField,
+        secret: G::ScalarField,
     ) -> Self {
         let domain = params.domain.clone();
         let FixedColumns {
@@ -73,9 +75,9 @@ impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopProver<F, Curve> {
 
     // TODO: move to params?
     fn bits_column(
-        params: &PiopParams<Affine<Curve>>,
+        params: &PiopParams<G>,
         index_in_keys: usize,
-        secret: Curve::ScalarField,
+        secret: G::ScalarField,
     ) -> BitColumn<F> {
         let mut keyset_part = vec![false; params.keyset_part_size];
         keyset_part[index_in_keys] = true;
@@ -84,29 +86,18 @@ impl<F: PrimeField, Curve: TECurveConfig<BaseField = F>> PiopProver<F, Curve> {
         assert_eq!(bits.len(), params.domain.capacity - 1);
         BitColumn::init(bits, &params.domain)
     }
-}
-
-impl<F, C, Curve> ProverPiop<F, C> for PiopProver<F, Curve>
-where
-    F: PrimeField,
-    C: Commitment<F>,
-    Curve: TECurveConfig<BaseField = F>,
-{
-    type Commitments = RingCommitments<F, C>;
-    type Evaluations = RingEvaluations<F>;
-    type Instance = Affine<Curve>;
 
-    fn committed_columns<Fun: Fn(&DensePolynomial<F>) -> C>(
+    fn _committed_columns<C: Commitment<F>, Fun: Fn(&DensePolynomial<F>) -> C>(
         &self,
         commit: Fun,
-    ) -> Self::Commitments {
+    ) -> RingCommitments<F, C> {
         let bits = commit(self.bits.as_poly());
         let cond_add_acc = [
             commit(self.cond_add.acc.xs.as_poly()),
             commit(self.cond_add.acc.ys.as_poly()),
         ];
         let inn_prod_acc = commit(self.inner_prod.acc.as_poly());
-        Self::Commitments {
+        RingCommitments {
             bits,
             cond_add_acc,
             inn_prod_acc,
@@ -116,7 +107,7 @@ where
 
     // Should return polynomials in the consistent with
     // Self::Evaluations::to_vec() and Self::Commitments::to_vec().
-    fn columns(&self) -> Vec<DensePolynomial<F>> {
+    fn _columns(&self) -> Vec<DensePolynomial<F>> {
         vec![
             self.points.xs.as_poly().clone(),
             self.points.ys.as_poly().clone(),
@@ -128,7 +119,7 @@ where
         ]
     }
 
-    fn columns_evaluated(&self, zeta: &F) -> Self::Evaluations {
+    fn _columns_evaluated(&self, zeta: &F) -> RingEvaluations<F> {
         let points = [self.points.xs.evaluate(zeta), self.points.ys.evaluate(zeta)];
         let ring_selector = self.ring_selector.evaluate(zeta);
         let bits = self.bits.evaluate(zeta);
@@ -137,14 +128,102 @@ where
             self.cond_add.acc.xs.evaluate(zeta),
             self.cond_add.acc.ys.evaluate(zeta),
         ];
-        Self::Evaluations {
+        RingEvaluations {
             points,
             ring_selector,
             bits,
             inn_prod_acc,
             cond_add_acc,
         }
     }
+}
+
+impl<F, C, Curve> ProverPiop<F, C> for PiopProver<F, TeAffine<Curve>>
+where
+    F: PrimeField,
+    C: Commitment<F>,
+    Curve: TECurveConfig<BaseField = F>,
+{
+    type Commitments = RingCommitments<F, C>;
+    type Evaluations = RingEvaluations<F>;
+    type Instance = TeAffine<Curve>;
+
+    fn committed_columns<Fun: Fn(&DensePolynomial<F>) -> C>(
+        &self,
+        commit: Fun,
+    ) -> Self::Commitments {
+        self._committed_columns(commit)
+    }
+
+    // Should return polynomials in the consistent with
+    // Self::Evaluations::to_vec() and Self::Commitments::to_vec().
+    fn columns(&self) -> Vec<DensePolynomial<F>> {
+        self._columns()
+    }
+
+    fn columns_evaluated(&self, zeta: &F) -> Self::Evaluations {
+        self._columns_evaluated(zeta)
+    }
+
+    fn constraints(&self) -> Vec<Evaluations<F>> {
+        vec![
+            self.inner_prod.constraints(),
+            self.cond_add.constraints(),
+            self.booleanity.constraints(),
+            self.cond_add_acc_x.constraints(),
+            self.cond_add_acc_y.constraints(),
+            self.inner_prod_acc.constraints(),
+        ]
+        .concat()
+    }
+
+    fn constraints_lin(&self, zeta: &F) -> Vec<DensePolynomial<F>> {
+        vec![
+            self.inner_prod.constraints_linearized(zeta),
+            self.cond_add.constraints_linearized(zeta),
+            self.booleanity.constraints_linearized(zeta),
+            self.cond_add_acc_x.constraints_linearized(zeta),
+            self.cond_add_acc_y.constraints_linearized(zeta),
+            self.inner_prod_acc.constraints_linearized(zeta),
+        ]
+        .concat()
+    }
+
+    fn domain(&self) -> &Domain<F> {
+        &self.domain
+    }
+
+    fn result(&self) -> Self::Instance {
+        self.cond_add.result()
+    }
+}
+
+impl<F, C, Curve> ProverPiop<F, C> for PiopProver<F, SwAffine<Curve>>
+where
+    F: PrimeField,
+    C: Commitment<F>,
+    Curve: SWCurveConfig<BaseField = F>,
+{
+    type Commitments = RingCommitments<F, C>;
+    type Evaluations = RingEvaluations<F>;
+    type Instance = SwAffine<Curve>;
+
+    fn committed_columns<Fun: Fn(&DensePolynomial<F>) -> C>(
+        &self,
+        commit: Fun,
+    ) -> Self::Commitments {
+        self._committed_columns(commit)
+    }
+
+    // Should return polynomials in the consistent with
+    // Self::Evaluations::to_vec() and Self::Commitments::to_vec().
+    fn columns(&self) -> Vec<DensePolynomial<F>> {
+        self._columns()
+    }
+
+    fn columns_evaluated(&self, zeta: &F) -> Self::Evaluations {
+        self._columns_evaluated(zeta)
+    }
 
     fn constraints(&self) -> Vec<Evaluations<F>> {
         vec![

diff --git a/w3f-ring-proof/src/piop/verifier.rs b/w3f-ring-proof/src/piop/verifier.rs
@@ -1,4 +1,5 @@
-use ark_ec::twisted_edwards::{Affine, TECurveConfig};
+use ark_ec::short_weierstrass::{Affine as SwAffine, SWCurveConfig};
+use ark_ec::twisted_edwards::{Affine as TeAffine, TECurveConfig};
 use ark_ec::AffineRepr;
 use ark_ff::PrimeField;
 use ark_std::marker::PhantomData;
@@ -102,7 +103,55 @@ impl<F: PrimeField, C: Commitment<F>, P: AffineRepr<BaseField = F>> PiopVerifier
 }
 
 impl<F: PrimeField, C: Commitment<F>, Jubjub: TECurveConfig<BaseField = F>> VerifierPiop<F, C>
-    for PiopVerifier<F, C, Affine<Jubjub>>
+    for PiopVerifier<F, C, TeAffine<Jubjub>>
+{
+    const N_CONSTRAINTS: usize = 7;
+    const N_COLUMNS: usize = 7;
+
+    fn precommitted_columns(&self) -> Vec<C> {
+        self.fixed_columns_committed.as_vec()
+    }
+
+    fn evaluate_constraints_main(&self) -> Vec<F> {
+        vec![
+            self.inner_prod.evaluate_constraints_main(),
+            self.cond_add.evaluate_constraints_main(),
+            self.booleanity.evaluate_constraints_main(),
+            self.cond_add_acc_x.evaluate_constraints_main(),
+            self.cond_add_acc_y.evaluate_constraints_main(),
+            self.inner_prod_acc.evaluate_constraints_main(),
+        ]
+        .concat()
+    }
+
+    fn lin_poly_commitment(&self, agg_coeffs: &[F]) -> (Vec<F>, Vec<C>) {
+        assert_eq!(agg_coeffs.len(), Self::N_CONSTRAINTS);
+
+        let inner_prod_acc = self.witness_columns_committed.inn_prod_acc.clone();
+        let inner_prod_coeff = agg_coeffs[0] * self.inner_prod.not_last;
+
+        let cond_add_acc_x = self.witness_columns_committed.cond_add_acc[0].clone();
+        let cond_add_acc_y = self.witness_columns_committed.cond_add_acc[1].clone();
+        let (c_acc_x, c_acc_y) = self.cond_add.acc_coeffs_1();
+        let mut cond_add_x_coeff = agg_coeffs[1] * c_acc_x;
+        let mut cond_add_y_coeff = agg_coeffs[1] * c_acc_y;
+        let (c_acc_x, c_acc_y) = self.cond_add.acc_coeffs_2();
+        cond_add_x_coeff += agg_coeffs[2] * c_acc_x;
+        cond_add_y_coeff += agg_coeffs[2] * c_acc_y;
+
+        (
+            vec![inner_prod_coeff, cond_add_x_coeff, cond_add_y_coeff],
+            vec![inner_prod_acc.clone(), cond_add_acc_x, cond_add_acc_y],
+        )
+    }
+
+    fn domain_evaluated(&self) -> &EvaluatedDomain<F> {
+        &self.domain_evals
+    }
+}
+
+impl<F: PrimeField, C: Commitment<F>, Jubjub: SWCurveConfig<BaseField = F>> VerifierPiop<F, C>
+    for PiopVerifier<F, C, SwAffine<Jubjub>>
 {
     const N_CONSTRAINTS: usize = 7;
     const N_COLUMNS: usize = 7;