feat(ivc): impl cyclefold zero step

**Motivation** Part of #373 and testing of #369 **Overview** The first part of the implementation of the zero step cyclefold __Temporarily commented out part of cyclefold step folding circuit concerning pairing check__
snarkify · Dec 16, 2024 · ddd13b6 · ddd13b6
1 parent 8681bd5
commit ddd13b6
Show file tree

Hide file tree

Showing 8 changed files with 805 additions and 222 deletions.
diff --git a/src/ivc/cyclefold/incrementally_verifiable_computation/mod.rs b/src/ivc/cyclefold/incrementally_verifiable_computation/mod.rs
@@ -1,23 +1,151 @@
 use std::marker::PhantomData;
 
+use public_params::PublicParams;
+use tracing::info_span;
+
+use super::{
+    ro,
+    support_circuit::{self, SupportCircuit},
+};
 use crate::{
     halo2_proofs::halo2curves::{
-        ff::{FromUniformBytes, PrimeFieldBits},
+        ff::{Field, FromUniformBytes, PrimeFieldBits},
         group::prime::PrimeCurveAffine,
         CurveAffine,
     },
-    ivc::StepCircuit,
+    ivc::{
+        cyclefold::sfc::{self, StepFoldingCircuit},
+        StepCircuit,
+    },
+    nifs::{
+        self,
+        protogalaxy::{AccumulatorArgs, ProtoGalaxy},
+        sangria::{FoldablePlonkTrace, VanillaFS},
+    },
+    table::CircuitRunner,
 };
 
 mod public_params;
 
-pub struct IVC<const A1: usize, const A2: usize, C1, C2, SC>
+pub struct IVC<const ARITY: usize, C1, C2, SC>
 where
     C1: CurveAffine<Base = <C2 as PrimeCurveAffine>::Scalar>,
     C2: CurveAffine<Base = <C1 as PrimeCurveAffine>::Scalar>,
-    SC: StepCircuit<A1, C1::Scalar>,
+    SC: StepCircuit<ARITY, C1::Scalar>,
     C1::Scalar: PrimeFieldBits + FromUniformBytes<64>,
     C2::Scalar: PrimeFieldBits + FromUniformBytes<64>,
 {
     _p: PhantomData<(C1, C2, SC)>,
 }
+
+impl<const ARITY: usize, CMain, CSup, SC> IVC<ARITY, CMain, CSup, SC>
+where
+    CMain: CurveAffine<Base = <CSup as PrimeCurveAffine>::Scalar>,
+    CSup: CurveAffine<Base = <CMain as PrimeCurveAffine>::Scalar>,
+    SC: StepCircuit<ARITY, CMain::Scalar>,
+    CMain::Scalar: PrimeFieldBits + FromUniformBytes<64>,
+    CSup::Scalar: PrimeFieldBits + FromUniformBytes<64>,
+{
+    pub fn new(
+        pp: &PublicParams<ARITY, ARITY, CMain, CSup, SC>,
+        sc: &SC,
+        z_0: [CMain::ScalarExt; ARITY],
+    ) -> Self {
+        let _primary_span = info_span!("primary").entered();
+
+        let initial_self_acc = ProtoGalaxy::<CMain, 1>::new_accumulator(
+            AccumulatorArgs::from(&pp.primary_S),
+            &nifs::protogalaxy::ProverParam {
+                S: pp.primary_S.clone(),
+                pp_digest: pp.cmain_pp_digest(),
+            },
+            &mut ro(),
+        );
+
+        let (_new_acc, self_proof) = ProtoGalaxy::prove(
+            &pp.primary_ck,
+            &nifs::protogalaxy::ProverParam {
+                S: pp.primary_S.clone(),
+                pp_digest: pp.cmain_pp_digest(),
+            },
+            &mut ro(),
+            initial_self_acc.clone(),
+            &[pp.primary_initial_trace.clone()],
+        )
+        .unwrap();
+
+        let mut acc_ptr = nifs::sangria::accumulator::RelaxedPlonkTrace::from_regular(
+            pp.support_initial_trace.clone(),
+            SupportCircuit::<CMain>::MIN_K_TABLE_SIZE as usize,
+        );
+        let mut paired_incoming = vec![];
+
+        for _ in 0..initial_self_acc.W_commitment_len() {
+            let (new_acc, paired_proof) =
+                VanillaFS::<CSup, { support_circuit::INSTANCES_LEN }>::prove(
+                    &pp.support_ck,
+                    &nifs::sangria::ProverParam {
+                        S: pp.support_S.clone(),
+                        pp_digest: pp.csup_pp_digest(),
+                    },
+                    &mut ro(),
+                    acc_ptr,
+                    &[pp.support_initial_trace.clone()],
+                )
+                .unwrap();
+
+            paired_incoming.push((pp.support_initial_trace.u.clone(), paired_proof));
+
+            acc_ptr = new_acc;
+        }
+
+        let _primary_sfc = StepFoldingCircuit::<'_, ARITY, CMain, CSup, SC> {
+            sc,
+            input: sfc::InputBuilder {
+                pp_digest: pp.csup_pp_digest(),
+                step: 0,
+                self_incoming: &pp.primary_initial_trace.u,
+                self_proof,
+                paired_acc: &pp.support_initial_trace.u.clone().into(),
+                paired_incoming: paired_incoming.as_slice(),
+                self_acc: &initial_self_acc.into(),
+                z_i: z_0,
+                z_0,
+            }
+            .build(),
+            _p: PhantomData,
+        };
+
+        let _initial_support_trace: FoldablePlonkTrace<CSup> = {
+            let _support_span = info_span!("support").entered();
+
+            let support_circuit_instances: Vec<Vec<CMain::Base>> = support_circuit::InstanceInput {
+                p0: CMain::identity(),
+                l0: CMain::Base::ZERO,
+                p1: CMain::identity(),
+                l1: CMain::Base::ZERO,
+            }
+            .into_instance();
+
+            let support_cr = CircuitRunner::<CMain::Base, _>::new(
+                SupportCircuit::<CMain>::MIN_K_TABLE_SIZE,
+                SupportCircuit::<CMain>::default(),
+                support_circuit_instances.clone(),
+            );
+
+            VanillaFS::<CSup, { support_circuit::INSTANCES_LEN }>::generate_plonk_trace(
+                &pp.support_ck,
+                &support_circuit_instances,
+                &support_cr.try_collect_witness().unwrap(),
+                &nifs::sangria::ProverParam {
+                    S: support_cr.try_collect_plonk_structure().unwrap(),
+                    pp_digest: CSup::identity(),
+                },
+                &mut ro(),
+            )
+            .unwrap()
+        };
+
+        todo!()
+    }
+}
diff --git a/src/ivc/cyclefold/incrementally_verifiable_computation/public_params.rs b/src/ivc/cyclefold/incrementally_verifiable_computation/public_params.rs
@@ -24,22 +24,22 @@ use crate::{
     table::CircuitRunner,
 };
 
-pub struct PublicParams<const A1: usize, const A2: usize, C1, C2, SC>
+pub struct PublicParams<const A1: usize, const A2: usize, CMain, CSup, SC>
 where
-    C1: CurveAffine<Base = <C2 as PrimeCurveAffine>::Scalar>,
-    C2: CurveAffine<Base = <C1 as PrimeCurveAffine>::Scalar>,
-    SC: StepCircuit<A1, C1::Scalar>,
-    C1::Scalar: PrimeFieldBits + FromUniformBytes<64>,
-    C2::Scalar: PrimeFieldBits + FromUniformBytes<64>,
+    CMain: CurveAffine<Base = <CSup as PrimeCurveAffine>::Scalar>,
+    CSup: CurveAffine<Base = <CMain as PrimeCurveAffine>::Scalar>,
+    SC: StepCircuit<A1, CMain::Scalar>,
+    CMain::Scalar: PrimeFieldBits + FromUniformBytes<64>,
+    CSup::Scalar: PrimeFieldBits + FromUniformBytes<64>,
 {
-    ck1: CommitmentKey<C1>,
-    primary_S: PlonkStructure<C1::ScalarExt>,
-    primary_k_table_size: u32,
-    initial_primary_trace: PlonkTrace<C1>,
+    pub primary_ck: CommitmentKey<CMain>,
+    pub primary_S: PlonkStructure<CMain::ScalarExt>,
+    pub primary_k_table_size: u32,
+    pub primary_initial_trace: PlonkTrace<CMain>,
 
-    ck2: CommitmentKey<C2>,
-    secondary_S: PlonkStructure<C2::ScalarExt>,
-    initial_secondary_trace: FoldablePlonkTrace<C2>,
+    pub support_ck: CommitmentKey<CSup>,
+    pub support_S: PlonkStructure<CSup::ScalarExt>,
+    pub support_initial_trace: FoldablePlonkTrace<CSup>,
 
     _p: PhantomData<SC>,
 }
@@ -61,18 +61,14 @@ where
     CMain::Scalar: PrimeFieldBits + FromUniformBytes<64>,
     CSup::Scalar: PrimeFieldBits + FromUniformBytes<64>,
 {
-    /// StepFoldingCircuit {
-    ///     step == 0 => init(acc, incoming) => output_trace,
-    ///     step != 0 => fold(acc, incoming) => output_trace,
-    /// }
     pub fn new(
-        primary_sfc: &SC,
+        primary_sc: &SC,
         ck1: CommitmentKey<CMain>,
         ck2: CommitmentKey<CSup>,
         k_table_size: u32,
     ) -> Self {
         // Trace in C1::Base or C2::Scalar
-        let (support_plonk_structure, initial_support_trace): (
+        let (support_S, support_initial_trace): (
             PlonkStructure<CMain::Base>,
             FoldablePlonkTrace<CSup>,
         ) = {
@@ -111,16 +107,16 @@ where
             )
         };
 
-        let (primary_plonk_structure, initial_primary_trace) = {
+        let (primary_S, primary_initial_trace) = {
             let mut mock_sfc = StepFoldingCircuit::<A1, CMain, CSup, SC> {
-                sc: primary_sfc,
+                sc: primary_sc,
                 input: sfc::Input::<A1, CMain::ScalarExt>::new_initial::<CMain, CSup>(
                     &PlonkStructure {
                         k: k_table_size as usize,
                         ..Default::default()
                     },
-                    &support_plonk_structure,
-                    &initial_support_trace.u,
+                    &support_S,
+                    &support_initial_trace.u,
                 ),
                 _p: PhantomData,
             };
@@ -134,25 +130,24 @@ where
                     num_io: mock_instances.iter().map(|col| col.len()).collect(),
                     ..Default::default()
                 },
-                &support_plonk_structure,
-                &initial_support_trace.u,
+                &support_S,
+                &support_initial_trace.u,
             );
 
             let mock_S = CircuitRunner::new(k_table_size, mock_sfc, mock_instances)
                 .try_collect_plonk_structure()
                 .unwrap();
 
             let sfc = StepFoldingCircuit::<A1, CMain, CSup, SC> {
-                sc: primary_sfc,
+                sc: primary_sc,
                 input: sfc::Input::<A1, CMain::ScalarExt>::new_initial::<CMain, CSup>(
                     &mock_S,
-                    &support_plonk_structure,
-                    &initial_support_trace.u,
+                    &support_S,
+                    &support_initial_trace.u,
                 ),
                 _p: PhantomData,
             };
 
-            // TODO #369 Use expected out marker, instead of zero
             let primary_instances = sfc.initial_instances();
             let primary_cr = CircuitRunner::new(k_table_size, sfc, primary_instances.clone());
 
@@ -173,17 +168,33 @@ where
         };
 
         Self {
-            ck1,
-            ck2,
+            primary_ck: ck1,
+            support_ck: ck2,
             primary_k_table_size: k_table_size,
 
-            initial_primary_trace,
-            initial_secondary_trace: initial_support_trace,
+            primary_initial_trace,
+            support_initial_trace,
 
-            primary_S: primary_plonk_structure,
-            secondary_S: support_plonk_structure,
+            primary_S,
+            support_S,
 
             _p: PhantomData,
         }
     }
+
+    pub fn cmain_pp_digest(&self) -> CMain {
+        todo!()
+    }
+
+    pub fn csup_pp_digest(&self) -> CSup {
+        todo!()
+    }
+
+    pub fn cmain_pp_digest_coordinates(&self) -> (CMain::Scalar, CMain::Scalar) {
+        todo!()
+    }
+
+    pub fn csup_pp_digest_coordinates(&self) -> (CMain::Base, CMain::Base) {
+        todo!()
+    }
 }
diff --git a/src/ivc/cyclefold/mod.rs b/src/ivc/cyclefold/mod.rs
@@ -20,11 +20,11 @@ pub const RATE: usize = T - 1;
 pub const R_F: usize = 10;
 pub const R_P: usize = 10;
 
-/// Safety: because 32 != 0
-pub const DEFAULT_LIMB_WIDTH: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(32) };
+/// Safety: because 64 != 0
+pub const DEFAULT_LIMB_WIDTH: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(64) };
 
 /// Safety: because 10 != 0
-pub const DEFAULT_LIMBS_COUNT_LIMIT: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(10) };
+pub const DEFAULT_LIMBS_COUNT_LIMIT: NonZeroUsize = unsafe { NonZeroUsize::new_unchecked(20) };
 
 pub fn ro_const<F: PrimeFieldBits + FromUniformBytes<64>>() -> Spec<F, T, RATE> {
     Spec::<F, T, RATE>::new(R_F, R_P)