Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixing a bug for rescue/solidity transcript #70

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

fixing a bug for rescue/solidity transcript #70

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6151981
add a disclaimer for bug
zhenfeizhang May 23, 2022
8b64887
fix bug in solidity transcript
zhenfeizhang May 23, 2022
3c6ccda
clean up
zhenfeizhang May 23, 2022
8db2575
Merge branch 'main' of https://github.com/EspressoSystems/jellyfish i…
mrain Jan 17, 2023
20487d2
Fixes rescue transcript
mrain Jan 17, 2023
5284b9c
"Fix" the gadget for rescue transcript.
mrain Jan 18, 2023
3248574
Merge branch 'main' of https://github.com/EspressoSystems/jellyfish i…
mrain Feb 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 43 additions & 17 deletions plonk/src/circuit/plonk_verifier/gadgets.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@

//! Circuits for the building blocks in Plonk verifiers.
use crate::{
circuit::{plonk_verifier::*, transcript::RescueTranscriptVar},
circuit::{
plonk_verifier::*,
transcript::{RescueTranscriptLabelVar, RescueTranscriptVar},
},
constants::EXTRA_TRANSCRIPT_MSG_LABEL,
errors::PlonkError,
};
Expand Down Expand Up @@ -205,42 +208,65 @@ where
public_inputs.len(),
)));
}
let mut transcript_var = RescueTranscriptVar::new(circuit);
let extra_transcript_msg_label_var =
RescueTranscriptLabelVar::new(circuit, EXTRA_TRANSCRIPT_MSG_LABEL)?;
let mut transcript_var = RescueTranscriptVar::new(circuit, &extra_transcript_msg_label_var);
if let Some(msg) = extra_transcript_init_msg {
let msg_fs = bytes_to_field_elements::<_, F>(msg);
let msg_vars = msg_fs
.iter()
.map(|x| circuit.create_variable(*x))
.collect::<Result<Vec<_>, _>>()?;
transcript_var.append_message_vars(EXTRA_TRANSCRIPT_MSG_LABEL, &msg_vars)?;
transcript_var.append_message_vars(&extra_transcript_msg_label_var, &msg_vars)?;
}
for (&vk, &pi) in verify_keys.iter().zip(public_inputs.iter()) {
transcript_var.append_vk_and_pub_input_vars::<E>(circuit, vk, pi)?;
}
let witness_poly_comms_label_var =
RescueTranscriptLabelVar::new(circuit, b"witness_poly_comms")?;
for wires_poly_comms in batch_proof.wires_poly_comms_vec.iter() {
transcript_var.append_commitments_vars::<E, P>(b"witness_poly_comms", wires_poly_comms)?;
transcript_var
.append_commitments_vars::<E, P>(&witness_poly_comms_label_var, wires_poly_comms)?;
}
let tau = transcript_var.get_and_append_challenge_var::<E>(b"tau", circuit)?;

let beta = transcript_var.get_and_append_challenge_var::<E>(b"beta", circuit)?;
let gamma = transcript_var.get_and_append_challenge_var::<E>(b"gamma", circuit)?;
let tau_label_var = RescueTranscriptLabelVar::new(circuit, b"tau")?;
let tau = transcript_var.get_and_append_challenge_var::<E>(&tau_label_var, circuit)?;

let beta_label_var = RescueTranscriptLabelVar::new(circuit, b"beta")?;
let gamma_label_var = RescueTranscriptLabelVar::new(circuit, b"gamma")?;
let beta = transcript_var.get_and_append_challenge_var::<E>(&beta_label_var, circuit)?;
let gamma = transcript_var.get_and_append_challenge_var::<E>(&gamma_label_var, circuit)?;
let perm_poly_comms_label_var = RescueTranscriptLabelVar::new(circuit, b"perm_poly_comms")?;
for prod_perm_poly_comm in batch_proof.prod_perm_poly_comms_vec.iter() {
transcript_var.append_commitment_var::<E, P>(b"perm_poly_comms", prod_perm_poly_comm)?;
transcript_var
.append_commitment_var::<E, P>(&perm_poly_comms_label_var, prod_perm_poly_comm)?;
}

let alpha = transcript_var.get_and_append_challenge_var::<E>(b"alpha", circuit)?;
transcript_var
.append_commitments_vars::<E, P>(b"quot_poly_comms", &batch_proof.split_quot_poly_comms)?;
let zeta = transcript_var.get_and_append_challenge_var::<E>(b"zeta", circuit)?;
let alpha_label_var = RescueTranscriptLabelVar::new(circuit, b"alpha")?;
let zeta_label_var = RescueTranscriptLabelVar::new(circuit, b"zeta")?;
let alpha = transcript_var.get_and_append_challenge_var::<E>(&alpha_label_var, circuit)?;
let quot_poly_comms_label_var = RescueTranscriptLabelVar::new(circuit, b"quot_poly_comms")?;
transcript_var.append_commitments_vars::<E, P>(
&quot_poly_comms_label_var,
&batch_proof.split_quot_poly_comms,
)?;
let zeta = transcript_var.get_and_append_challenge_var::<E>(&zeta_label_var, circuit)?;
for poly_evals in batch_proof.poly_evals_vec.iter() {
transcript_var.append_proof_evaluations_vars::<E>(circuit, poly_evals)?;
}

let v = transcript_var.get_and_append_challenge_var::<E>(b"v", circuit)?;
transcript_var.append_commitment_var::<E, P>(b"open_proof", &batch_proof.opening_proof)?;
let v_label_var = RescueTranscriptLabelVar::new(circuit, b"v")?;
let v = transcript_var.get_and_append_challenge_var::<E>(&v_label_var, circuit)?;
let open_proof_label_var = RescueTranscriptLabelVar::new(circuit, b"open_proof")?;
let shifted_open_proof_label_var =
RescueTranscriptLabelVar::new(circuit, b"shifted_open_proof")?;
transcript_var
.append_commitment_var::<E, P>(b"shifted_open_proof", &batch_proof.shifted_opening_proof)?;
let u = transcript_var.get_and_append_challenge_var::<E>(b"u", circuit)?;
.append_commitment_var::<E, P>(&open_proof_label_var, &batch_proof.opening_proof)?;
transcript_var.append_commitment_var::<E, P>(
&shifted_open_proof_label_var,
&batch_proof.shifted_opening_proof,
)?;
let u_label_var = RescueTranscriptLabelVar::new(circuit, b"u")?;
let u = transcript_var.get_and_append_challenge_var::<E>(&u_label_var, circuit)?;

// convert challenge vars into FpElemVars
let challenge_var = ChallengesVar {
Expand Down
73 changes: 56 additions & 17 deletions plonk/src/circuit/transcript.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ use jf_relation::{
},
Circuit, PlonkCircuit, Variable,
};
use jf_utils::bytes_to_field_elements;

/// Struct of variables representing a Rescue transcript type, including
/// `STATE_SIZE` variables for the state, and a vector of variables for
Expand All @@ -33,14 +34,44 @@ pub struct RescueTranscriptVar<F: RescueParameter> {
_phantom: PhantomData<F>,
}

/// Variable for Rescue transcript label
pub struct RescueTranscriptLabelVar<F: RescueParameter> {
vars: Vec<Variable>,
_phantom: PhantomData<F>,
}

impl<F: RescueParameter> AsRef<[Variable]> for RescueTranscriptLabelVar<F> {
fn as_ref(&self) -> &[Variable] {
&self.vars
}
}

impl<F: RescueParameter> RescueTranscriptLabelVar<F> {
/// create a new RescueTranscriptLabelVar for a given circuit
pub(crate) fn new(
circuit: &mut PlonkCircuit<F>,
label: &'static [u8],
) -> Result<Self, CircuitError> {
let vars_result: Result<Vec<Variable>, CircuitError> = bytes_to_field_elements(label)
.into_iter()
.map(|f| circuit.create_public_variable(f))
.collect();
let vars = vars_result?;
Ok(Self {
vars,
_phantom: PhantomData::default(),
})
}
}

impl<F> RescueTranscriptVar<F>
where
F: RescueParameter + SWToTEConParam,
{
/// create a new RescueTranscriptVar for a given circuit.
pub(crate) fn new(circuit: &mut PlonkCircuit<F>) -> Self {
pub(crate) fn new(circuit: &mut PlonkCircuit<F>, label: &RescueTranscriptLabelVar<F>) -> Self {
Self {
transcript_var: Vec::new(),
transcript_var: label.as_ref().to_vec(),
state_var: [circuit.zero(); STATE_SIZE],
_phantom: PhantomData::default(),
}
Expand Down Expand Up @@ -84,23 +115,25 @@ where
// For efficiency purpose, label is not used for rescue FS.
pub(crate) fn append_variable(
&mut self,
_label: &'static [u8],
label: &RescueTranscriptLabelVar<F>,
var: &Variable,
) -> Result<(), CircuitError> {
self.transcript_var.extend_from_slice(label.as_ref());
self.transcript_var.push(*var);

Ok(())
}

// Append the message variables to the transcript.
// For efficiency purpose, label is not used for rescue FS.
// TODO(Chengyu): fix the bug here.
pub(crate) fn append_message_vars(
&mut self,
_label: &'static [u8],
label: &RescueTranscriptLabelVar<F>,
msg_vars: &[Variable],
) -> Result<(), CircuitError> {
for e in msg_vars.iter() {
self.append_variable(_label, e)?;
self.append_variable(label, e)?;
}

Ok(())
Expand All @@ -112,13 +145,14 @@ where
// For efficiency purpose, label is not used for rescue FS.
pub(crate) fn append_commitment_var<E, P>(
&mut self,
_label: &'static [u8],
label: &RescueTranscriptLabelVar<F>,
poly_comm_var: &PointVariable,
) -> Result<(), CircuitError>
where
E: PairingEngine<G1Affine = GroupAffine<P>>,
P: SWModelParameters<BaseField = F>,
{
self.transcript_var.extend_from_slice(label.as_ref());
// push the x and y coordinate of comm to the transcript
self.transcript_var.push(poly_comm_var.get_x());
self.transcript_var.push(poly_comm_var.get_y());
Expand All @@ -132,13 +166,14 @@ where
// transcript For efficiency purpose, label is not used for rescue FS.
pub(crate) fn append_commitments_vars<E, P>(
&mut self,
_label: &'static [u8],
label: &RescueTranscriptLabelVar<F>,
poly_comm_vars: &[PointVariable],
) -> Result<(), CircuitError>
where
E: PairingEngine<G1Affine = GroupAffine<P>>,
P: SWModelParameters<BaseField = F>,
{
self.transcript_var.extend_from_slice(label.as_ref());
for poly_comm_var in poly_comm_vars.iter() {
// push the x and y coordinate of comm to the transcript
self.transcript_var.push(poly_comm_var.get_x());
Expand All @@ -151,10 +186,10 @@ where
// For efficiency purpose, label is not used for rescue FS.
pub(crate) fn append_challenge_var(
&mut self,
_label: &'static [u8],
label: &RescueTranscriptLabelVar<F>,
challenge_var: &Variable,
) -> Result<(), CircuitError> {
self.append_variable(_label, challenge_var)
self.append_variable(label, challenge_var)
}

// Append the proof evaluation to the transcript
Expand Down Expand Up @@ -183,7 +218,7 @@ where
// curve due to its decomposition method.
pub(crate) fn get_and_append_challenge_var<E>(
&mut self,
_label: &'static [u8],
label: &RescueTranscriptLabelVar<F>,
circuit: &mut PlonkCircuit<F>,
) -> Result<Variable, CircuitError>
where
Expand Down Expand Up @@ -220,7 +255,7 @@ where
// finish and update the states
self.state_var.copy_from_slice(&res_var[0..STATE_SIZE]);
self.transcript_var = Vec::new();
self.append_challenge_var(_label, &challenge_var)?;
self.append_challenge_var(label, &challenge_var)?;

Ok(challenge_var)
}
Expand Down Expand Up @@ -254,8 +289,9 @@ mod tests {
let mut circuit = PlonkCircuit::<F>::new_ultra_plonk(RANGE_BIT_LEN_FOR_TEST);

let label = "testing".as_ref();
let label_var = RescueTranscriptLabelVar::new(&mut circuit, &label).unwrap();

let mut transcipt_var = RescueTranscriptVar::new(&mut circuit);
let mut transcipt_var = RescueTranscriptVar::new(&mut circuit, &label_var);
let mut transcript = RescueTranscript::<F>::new(label);

for _ in 0..10 {
Expand All @@ -270,16 +306,18 @@ mod tests {
transcript.append_message(label, msg.as_bytes()).unwrap();

transcipt_var
.append_message_vars(label, &message_vars)
.append_message_vars(&label_var, &message_vars)
.unwrap();
}

let challenge = transcript.get_and_append_challenge::<E>(label).unwrap();

let challenge_var = transcipt_var
.get_and_append_challenge_var::<E>(label, &mut circuit)
.get_and_append_challenge_var::<E>(&label_var, &mut circuit)
.unwrap();

ark_std::println!("{:?}", field_switching::<_, F>(&challenge).into_repr());
ark_std::println!("{:?}", circuit.witness(challenge_var).unwrap().into_repr());
assert_eq!(
circuit.witness(challenge_var).unwrap().into_repr(),
field_switching::<_, F>(&challenge).into_repr()
Expand All @@ -302,8 +340,9 @@ mod tests {
let mut rng = test_rng();

let label = "testing".as_ref();
let label_var = RescueTranscriptLabelVar::new(&mut circuit, label).unwrap();

let mut transcript_var = RescueTranscriptVar::new(&mut circuit);
let mut transcript_var = RescueTranscriptVar::new(&mut circuit, &label_var);
let mut transcript = RescueTranscript::<F>::new(label);

let open_key: UnivariateVerifierParam<E> = UnivariateVerifierParam {
Expand Down Expand Up @@ -334,7 +373,7 @@ mod tests {
let challenge = transcript.get_and_append_challenge::<E>(label).unwrap();

let challenge_var = transcript_var
.get_and_append_challenge_var::<E>(label, &mut circuit)
.get_and_append_challenge_var::<E>(&label_var, &mut circuit)
.unwrap();

assert_eq!(
Expand Down Expand Up @@ -402,7 +441,7 @@ mod tests {
let challenge = transcript.get_and_append_challenge::<E>(label).unwrap();

let challenge_var = transcript_var
.get_and_append_challenge_var::<E>(label, &mut circuit)
.get_and_append_challenge_var::<E>(&label_var, &mut circuit)
.unwrap();

assert_eq!(
Expand Down
Loading