Skip to content

Commit

Permalink
TMP
Browse files Browse the repository at this point in the history
  • Loading branch information
@dannywillems
dannywillems committed Feb 29, 2024
1 parent 8afa154 commit 988918e
Show file tree
Hide file tree
Showing 6 changed files with 64 additions and 52 deletions.
19 changes: 11 additions & 8 deletions msm/src/constraint.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ use o1_utils::field_helpers::FieldHelpers;
use o1_utils::foreign_field::ForeignElement;

use crate::columns::{Column, ColumnIndexer, MSMColumnIndexer};
use crate::proof::{Witness, WitnessColumns};
use crate::proof::ProofInputs;
use crate::witness::Witness;
use crate::{BN254G1Affine, Ff1, Fp, LIMBS_NUM};

/// Used to represent constraints as multi variate polynomials. The variables
Expand Down Expand Up @@ -72,6 +73,8 @@ pub struct BuilderEnv<G: KimchiCurve> {
pub(crate) witness_raw: Vec<WitnessColumnsIndexer<G::ScalarField>>,
}

const N: usize = 3 * LIMBS_NUM;

impl BuilderEnv<BN254G1Affine> {
pub fn empty() -> Self {
BuilderEnv {
Expand All @@ -83,8 +86,8 @@ impl BuilderEnv<BN254G1Affine> {
/// Each WitnessColumn stands for both one row and multirow. This
/// function converts from a vector of one-row instantiation to a
/// single multi-row form (which is a `Witness`).
pub fn get_witness(&self) -> Witness<BN254G1Affine> {
let mut x: Vec<Vec<Fp>> = vec![vec![]; 3 * LIMBS_NUM];
pub fn get_witness(&self) -> ProofInputs<N, BN254G1Affine> {
let mut cols: [Vec<Fp>; N] = std::array::from_fn(|_| vec![]);

for wc in &self.witness_raw {
let WitnessColumnsIndexer {
Expand All @@ -93,14 +96,14 @@ impl BuilderEnv<BN254G1Affine> {
c: wc_c,
} = wc;
for i in 0..LIMBS_NUM {
x[i].push(wc_a[i]);
x[LIMBS_NUM + i].push(wc_b[i]);
x[2 * LIMBS_NUM + i].push(wc_c[i]);
cols[i].push(wc_a[i]);
cols[LIMBS_NUM + i].push(wc_b[i]);
cols[2 * LIMBS_NUM + i].push(wc_c[i]);
}
}

Witness {
evaluations: WitnessColumns { x },
ProofInputs {
evaluations: Witness { cols },
mvlookups: vec![],
}
}
Expand Down
43 changes: 23 additions & 20 deletions msm/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,13 @@ mod tests {
use poly_commitment::pairing_proof::PairingSRS;

use crate::{
columns::Column, mvlookup::Lookup, proof::Witness, prover::prove, verifier::verify,
columns::Column, mvlookup::Lookup, proof::ProofInputs, prover::prove, verifier::verify,
BaseSponge, Fp, OpeningProof, ScalarSponge, BN254,
};

// Number of columns
const N: usize = 10;

#[test]
fn test_completeness() {
let mut rng = o1_utils::tests::make_test_rng();
Expand All @@ -67,20 +70,20 @@ mod tests {
let mut srs: PairingSRS<BN254> = PairingSRS::create(x, domain.d1.size as usize);
srs.full_srs.add_lagrange_basis(domain.d1);

let witness = Witness::random(domain);
let inputs = ProofInputs::random(domain);
let constraints: Vec<_> = vec![];

// generate the proof
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _, N>(
domain,
&srs,
witness,
inputs,
constraints,
&mut rng,
);

// verify the proof
let verifies = verify::<_, OpeningProof, BaseSponge, ScalarSponge>(domain, &srs, &proof);
let verifies = verify::<_, OpeningProof, BaseSponge, ScalarSponge, N>(domain, &srs, &proof);
assert!(verifies);
}

Expand All @@ -98,22 +101,22 @@ mod tests {
let mut srs: PairingSRS<BN254> = PairingSRS::create(x, domain.d1.size as usize);
srs.full_srs.add_lagrange_basis(domain.d1);

let witness = Witness::random(domain);
let inputs = ProofInputs::random(domain);
let constraints = vec![];
// generate the proof
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _, N>(
domain,
&srs,
witness,
inputs,
constraints.clone(),
&mut rng,
);

let witness_prime = Witness::random(domain);
let proof_prime = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
let inputs_prime = ProofInputs::random(domain);
let proof_prime = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _, N>(
domain,
&srs,
witness_prime,
inputs_prime,
constraints,
&mut rng,
);
Expand All @@ -123,7 +126,7 @@ mod tests {
let mut proof_clone = proof.clone();
proof_clone.opening_proof = proof_prime.opening_proof;
let verifies =
verify::<_, OpeningProof, BaseSponge, ScalarSponge>(domain, &srs, &proof_clone);
verify::<_, OpeningProof, BaseSponge, ScalarSponge, N>(domain, &srs, &proof_clone);
assert!(!verifies);
}

Expand All @@ -134,7 +137,7 @@ mod tests {
let mut proof_clone = proof.clone();
proof_clone.commitments = proof_prime.commitments;
let verifies =
verify::<_, OpeningProof, BaseSponge, ScalarSponge>(domain, &srs, &proof_clone);
verify::<_, OpeningProof, BaseSponge, ScalarSponge, N>(domain, &srs, &proof_clone);
assert!(!verifies);
}

Expand All @@ -146,7 +149,7 @@ mod tests {
let mut proof_clone = proof.clone();
proof_clone.zeta_evaluations = proof_prime.zeta_evaluations;
let verifies =
verify::<_, OpeningProof, BaseSponge, ScalarSponge>(domain, &srs, &proof_clone);
verify::<_, OpeningProof, BaseSponge, ScalarSponge, N>(domain, &srs, &proof_clone);
assert!(!verifies);
}
}
Expand All @@ -166,27 +169,27 @@ mod tests {
let mut srs: PairingSRS<BN254> = PairingSRS::create(x, domain.d1.size as usize);
srs.full_srs.add_lagrange_basis(domain.d1);

let mut witness = Witness::random(domain);
let mut inputs = ProofInputs::random(domain);
let constraints = vec![];
// Take one random f_i (FIXME: taking first one for now)
let looked_up_values = witness.mvlookups[0].f[0].clone();
let looked_up_values = inputs.mvlookups[0].f[0].clone();
// We change a random looked up element (FIXME: first one for now)
let wrong_looked_up_value = Lookup {
table_id: looked_up_values[0].table_id,
numerator: looked_up_values[0].numerator,
value: vec![Fp::rand(&mut rng)],
};
// Overwriting the first looked up value
witness.mvlookups[0].f[0][0] = wrong_looked_up_value;
inputs.mvlookups[0].f[0][0] = wrong_looked_up_value;
// generate the proof
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _, N>(
domain,
&srs,
witness,
inputs,
constraints,
&mut rng,
);
let verifies = verify::<_, OpeningProof, BaseSponge, ScalarSponge>(domain, &srs, &proof);
let verifies = verify::<_, OpeningProof, BaseSponge, ScalarSponge, N>(domain, &srs, &proof);
// FIXME: At the moment, it does verify. It should not. We are missing constraints.
assert!(!verifies);
}
Expand Down
5 changes: 2 additions & 3 deletions msm/src/proof.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ use crate::witness::Witness;
use ark_ff::UniformRand;
use kimchi::{circuits::domains::EvaluationDomains, curve::KimchiCurve};
use poly_commitment::{commitment::PolyComm, OpenProof};
use rand::{prelude::*, thread_rng};
use rand::thread_rng;

use crate::mvlookup::{LookupProof, LookupWitness};

#[derive(Debug)]
pub struct ProofInputs<const N: usize, G: KimchiCurve> {
pub evaluations: Witness<N, G::ScalarField>,
pub evaluations: Witness<N, Vec<G::ScalarField>>,
pub mvlookups: Vec<LookupWitness<G::ScalarField>>,
}

Expand All @@ -19,7 +19,6 @@ pub struct ProofInputs<const N: usize, G: KimchiCurve> {
impl<const N: usize, G: KimchiCurve> ProofInputs<N, G> {
pub fn random(domain: EvaluationDomains<G::ScalarField>) -> Self {
let mut rng = thread_rng();
let random_n = rng.gen_range(1..1000);
let cols: [Vec<G::ScalarField>; N] = std::array::from_fn(|_| {
(0..domain.d1.size as usize)
.map(|_| G::ScalarField::rand(&mut rng))
Expand Down
25 changes: 15 additions & 10 deletions msm/src/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ where
.into_par_iter()
.map(|evals| {
Evaluations::<G::ScalarField, D<G::ScalarField>>::from_vec_and_domain(evals, domain.d1)
}
})
.collect::<Witness<N, Evaluations<G::ScalarField, D<G::ScalarField>>>>();

let polys: Witness<N, DensePolynomial<G::ScalarField>> = {
Expand All @@ -54,20 +54,23 @@ where
evaluations
.into_par_iter()
.map(interpolate)
.collect::<Witness<N, _>>()
.collect::<Witness<N, DensePolynomial<G::ScalarField>>>()
};

let commitments: Witness<N, PolyComm<G>> = {
let comm = |poly: &DensePolynomial<G::ScalarField>| srs.commit_non_hiding(poly, 1);
(&polys).into_par_iter().map(comm).collect::<Witness<_>>()
(&polys)
.into_par_iter()
.map(comm)
.collect::<Witness<N, PolyComm<G>>>()
};

let mut fq_sponge = EFqSponge::new(G::other_curve_sponge_params());

// Do not use parallelism
commitments
.into_iter()
.for_each(|comm| absorb_commitment(&mut fq_sponge, comm));
.for_each(|comm| absorb_commitment(&mut fq_sponge, &comm));

// -- Start MVLookup
let lookup_env = if !inputs.mvlookups.is_empty() {
Expand Down Expand Up @@ -96,10 +99,12 @@ where
// TODO: Parallelize
let (zeta_evaluations, zeta_omega_evaluations) = {
let evals = |point| {
let Witness { cols } = &polys;
let comm = |poly: &DensePolynomial<G::ScalarField>| poly.evaluate(point);
let x = cols.iter().map(comm).collect::<Vec<_>>();
Witness { cols }
let Witness { cols: polys } = &polys;
let mut evals: [G::ScalarField; N] = [G::ScalarField::zero(); N];
for (i, poly) in polys.iter().enumerate() {
evals[i] = poly.evaluate(point)
}
Witness { cols: evals }
};
(evals(&zeta), evals(&zeta_omega))
};
Expand Down Expand Up @@ -188,8 +193,8 @@ where
.into_iter()
.zip(zeta_omega_evaluations.into_iter())
{
fr_sponge.absorb(zeta_eval);
fr_sponge.absorb(zeta_omega_eval);
fr_sponge.absorb(&zeta_eval);
fr_sponge.absorb(&zeta_omega_eval);
}
if lookup_env.is_some() {
// MVLookup FS
Expand Down
8 changes: 5 additions & 3 deletions msm/src/serialization/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ use kimchi_msm::serialization::witness::deserialize_field_element;
use kimchi_msm::verifier::verify;
use kimchi_msm::{BaseSponge, Fp, OpeningProof, ScalarSponge, BN254, DOMAIN_SIZE, LIMBS_NUM};

const N: usize = 3 + 19 + LIMBS_NUM;

pub fn main() {
// FIXME: use a proper RNG
let mut rng = o1_utils::tests::make_test_rng();
Expand All @@ -19,7 +21,7 @@ pub fn main() {
let srs: PairingSRS<BN254> = get_bn254_srs(domain);

let mut env = witness::Env::<Fp>::create();
let mut witness: Witness<DOMAIN_SIZE, Vec<Fp>> = Witness {
let mut witness: Witness<N, Vec<Fp>> = Witness {
cols: std::array::from_fn(|_| Vec::with_capacity(DOMAIN_SIZE)),
};

Expand All @@ -45,7 +47,7 @@ pub fn main() {
};

println!("Generating the proof");
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _, N>(
domain,
&srs,
proof_inputs,
Expand All @@ -54,6 +56,6 @@ pub fn main() {
);

println!("Verifying the proof");
let verifies = verify::<_, OpeningProof, BaseSponge, ScalarSponge>(domain, &srs, &proof);
let verifies = verify::<_, OpeningProof, BaseSponge, ScalarSponge, N>(domain, &srs, &proof);
println!("Proof verification result: {verifies}")
}
16 changes: 8 additions & 8 deletions msm/src/verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ pub fn verify<
let mut fq_sponge = EFqSponge::new(G::other_curve_sponge_params());
commitments
.into_iter()
.for_each(|comm| absorb_commitment(&mut fq_sponge, comm));
.for_each(|comm| absorb_commitment(&mut fq_sponge, &comm));
if let Some(mvlookup_commitments) = mvlookup_commitments {
mvlookup_commitments
.into_iter()
Expand All @@ -53,8 +53,8 @@ pub fn verify<

let mut es: Vec<_> = zeta_evaluations
.into_iter()
.zip(zeta_omega_evaluations)
.map(|(zeta, zeta_omega)| vec![vec![*zeta], vec![*zeta_omega]])
.zip(*zeta_omega_evaluations)
.map(|(zeta, zeta_omega)| vec![vec![zeta], vec![zeta_omega]])
.collect();

if mvlookup_commitments.is_some() {
Expand All @@ -71,10 +71,10 @@ pub fn verify<

let mut evaluations: Vec<_> = commitments
.into_iter()
.zip(zeta_evaluations.into_iter().zip(zeta_omega_evaluations))
.zip(zeta_evaluations.into_iter().zip(*zeta_omega_evaluations))
.map(|(commitment, (zeta_eval, zeta_omega_eval))| Evaluation {
commitment: commitment.clone(),
evaluations: vec![vec![*zeta_eval], vec![*zeta_omega_eval]],
evaluations: vec![vec![zeta_eval], vec![zeta_omega_eval]],
})
.collect();

Expand Down Expand Up @@ -102,9 +102,9 @@ pub fn verify<
let mut fr_sponge = EFrSponge::new(G::sponge_params());
fr_sponge.absorb(&fq_sponge.digest());

for (zeta_eval, zeta_omega_eval) in zeta_evaluations.into_iter().zip(zeta_omega_evaluations) {
fr_sponge.absorb(zeta_eval);
fr_sponge.absorb(zeta_omega_eval);
for (zeta_eval, zeta_omega_eval) in zeta_evaluations.into_iter().zip(*zeta_omega_evaluations) {
fr_sponge.absorb(&zeta_eval);
fr_sponge.absorb(&zeta_omega_eval);
}
if mvlookup_commitments.is_some() {
// MVLookup FS
Expand Down

0 comments on commit 988918e

Please sign in to comment.