From 5bffeaa943b088ec4f397eaae4b292a80dcfb5f7 Mon Sep 17 00:00:00 2001
From: Vasiliy Olekhov <vasiliy.olekhov@nil.foundation>
Date: Mon, 26 Feb 2024 07:36:22 +0300
Subject: [PATCH] more debug output #296

---
 .../crypto3/zk/commitments/polynomial/kzg.hpp | 148 ++++++++++++++++--
 test/commitment/kzg.cpp                       |   3 +-
 .../systems/plonk/placeholder/placeholder.cpp |   2 +
 3 files changed, 142 insertions(+), 11 deletions(-)

diff --git a/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp b/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
index f78459685..ff6842dac 100644
--- a/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
+++ b/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
@@ -58,6 +58,90 @@ using namespace nil::crypto3::math;
 
 using namespace nil::crypto3;
 
+template<typename FieldParams>
+void print_field_element(std::ostream &os, const typename fields::detail::element_fp<FieldParams> &e) {
+    os << std::hex << std::setw((FieldParams::modulus_bits+7)/4) << std::setfill('0') << e.data;
+}
+
+template<typename FieldParams>
+void print_field_element(std::ostream &os, const typename fields::detail::element_fp2<FieldParams> &e) {
+    os << "[";
+    print_field_element(os, e.data[0]);
+    os << ", ";
+    print_field_element(os, e.data[1]);
+    os << "]";
+}
+
+template<typename FieldParams>
+void print_field_element(std::ostream &os, const typename fields::detail::element_fp3<FieldParams> &e) {
+    os << "[";
+    print_field_element(os, e.data[0]);
+    os << ", ";
+    print_field_element(os, e.data[1]);
+    os << ", ";
+    print_field_element(os, e.data[2]);
+    os << "]";
+}
+
+template<typename FieldParams>
+void print_field_element(std::ostream &os, const typename fields::detail::element_fp4<FieldParams> &e) {
+    os << "[";
+    print_field_element(os, e.data[0]);
+    os << ", ";
+    print_field_element(os, e.data[1]);
+    os << "]";
+}
+
+template<typename FieldParams>
+void print_field_element(std::ostream &os, const typename fields::detail::element_fp6_2over3<FieldParams> &e) {
+    os << "[";
+    print_field_element(os, e.data[0]);
+    os << ", ";
+    print_field_element(os, e.data[1]);
+    os << "]";
+}
+
+template<typename FieldParams>
+void print_field_element(std::ostream &os, const typename fields::detail::element_fp6_3over2<FieldParams> &e) {
+    os << "[";
+    print_field_element(os, e.data[0]);
+    os << ", ";
+    print_field_element(os, e.data[1]);
+    os << ", ";
+    print_field_element(os, e.data[3]);
+    os << "]";
+}
+
+template<typename CurveGroupValue>
+void print_curve_group_element(std::ostream &os, const CurveGroupValue &e) {
+    auto a = e.to_affine();
+
+    os << "affine: (";
+    print_field_element(os, a.X);
+    os << ",";
+    print_field_element(os, a.Y);
+    os << ")";
+    os << " projective: (";
+    print_field_element(os, e.X);
+    os << ",";
+    print_field_element(os, e.Y);
+    os << ",";
+    print_field_element(os, e.Z);
+    os << ")";
+}
+
+
+template<typename FieldParams>
+void print_field_element(std::ostream &os, const fields::detail::element_fp12_2over3over2<FieldParams> &e) {
+    os << "[[[" << e.data[0].data[0].data[0].data << "," << e.data[0].data[0].data[1].data << "],["
+       << e.data[0].data[1].data[0].data << "," << e.data[0].data[1].data[1].data << "],["
+       << e.data[0].data[2].data[0].data << "," << e.data[0].data[2].data[1].data << "]],"
+       << "[[" << e.data[1].data[0].data[0].data << "," << e.data[1].data[0].data[1].data << "],["
+       << e.data[1].data[1].data[0].data << "," << e.data[1].data[1].data[1].data << "],["
+       << e.data[1].data[2].data[0].data << "," << e.data[1].data[2].data[1].data << "]]]";
+}
+
+
 namespace nil {
     namespace crypto3 {
         namespace zk {
@@ -135,7 +219,7 @@ namespace nil {
             void dump_vector(std::vector<uint8_t> const& x, std::string label = "") {
                 std::cout << label << "[" << std::dec << x.size() << "] ";
                 for(auto v: x) {
-                    std::cout << std::hex << std::setw(2) << std::setfill('0') << int(v);
+                    std::cout << std::hex << std::setw(2) << std::setfill('0') << int(v) <<" ";
                 }
                 std::cout << "" << std::endl;
             }
@@ -227,9 +311,15 @@ namespace nil {
                             public_key.eval * KZG::curve_type::template g1_type<>::value_type::one() - public_key.commit,
                             KZG::curve_type::template g2_type<>::value_type::one());
 
+                    std::cout << "left:" << std::endl;
+                    print_field_element(std::cout, left);
+                    std::cout << "right:" << std::endl;
+                    print_field_element(std::cout, right);
+
+                    /*
                     dump_gt(left, "left");
                     dump_gt(right, "right");
-
+                    */
                     std::cout << "left*right == 1?" << (left*right == KZG::gt_value_type::one()) << std::endl;
 
                     return gt_4 == KZG::gt_value_type::one();
@@ -592,6 +682,7 @@ namespace nil {
                     std::cout << "accumulator: " << accum << std::endl;
 
                     //verify without pairing
+                    /*
                     {
                         typename math::polynomial<typename KZG::scalar_value_type> right_side({{0}});
                         factor = KZG::scalar_value_type::one();
@@ -600,7 +691,7 @@ namespace nil {
                             factor = factor * gamma;
                         }
                         assert(accum * create_polynom_by_zeros<KZG>(public_key.T) == right_side);
-                    }
+                    }*/
 
                     return commit_one<KZG>(params, accum);
                 }
@@ -638,8 +729,11 @@ namespace nil {
                     auto right = commit_g2<KZG>(params, create_polynom_by_zeros<KZG>(public_key.T));
                     auto right_side_pairing = algebra::pair_reduced<typename KZG::curve_type>(proof, right);
 
-                    dump_gt(left_side_pairing, "left");
-                    dump_gt(right_side_pairing, "right");
+                    std::cout << "left:" << std::endl;
+                    print_field_element(std::cout, left_side_pairing);
+                    std::cout << "right:" << std::endl;
+                    print_field_element(std::cout, right_side_pairing);
+
 
                     return left_side_pairing == right_side_pairing;
                 }
@@ -700,6 +794,7 @@ namespace nil {
                             return typename math::polynomial<typename KZGScheme::scalar_value_type>({{1}});
                         }
                         BOOST_ASSERT(this->get_V(result) * this->get_V(points) == this->get_V(merged_points));
+                        //return zk::algorithms::create_polynom_by_zeros<KZGScheme>(result);
                         return this->get_V(result);
                     }
 
@@ -744,20 +839,25 @@ namespace nil {
 
                     // Differs from static, because we pack the result into byte blob.
                     commitment_type commit(std::size_t index){
-                        std::cout << "commiting to " << index << std::endl;
+                        std::cout << "~-~-~-~ commiting to batch: " << index << "~-~-~-~" <<std::endl;
                         this->_ind_commitments[index] = {};
                         this->state_commited(index);
 
-                        std::cout << "array has " << this->_polys[index].size() << " elements" << std::endl;
+                        std::cout << "batch has " << this->_polys[index].size() << " elements" << std::endl;
                         std::vector<std::uint8_t> result = {};
                         for (std::size_t i = 0; i < this->_polys[index].size(); ++i) {
                             BOOST_ASSERT(this->_polys[index][i].degree() <= _params.commitment_key.size());
+                            std::cout << "commiting to poly: " <<  this->_polys[index][i] << std::endl;
                             auto single_commitment = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, this->_polys[index][i]);
                             this->_ind_commitments[index].push_back(single_commitment);
+                            std::cout << "commitment value: ";
+                            print_curve_group_element(std::cout, single_commitment);
+                            std::cout << std::endl;
                             nil::marshalling::status_type status;
                             std::vector<uint8_t> single_commitment_bytes =
                                 nil::marshalling::pack<endianness>(single_commitment, status);
                             BOOST_ASSERT(status == nil::marshalling::status_type::success);
+                            dump_vector(single_commitment_bytes, "single commitment marshalled:");
 
                             result.insert(result.end(), single_commitment_bytes.begin(), single_commitment_bytes.end());
                         }
@@ -799,6 +899,10 @@ namespace nil {
                         for( auto const &it: this->_polys ){
                             auto k = it.first;
                             for (std::size_t i = 0; i < this->_z.get_batch_size(k); ++i) {
+                                auto polys_k_i=math::polynomial<typename KZGScheme::scalar_value_type>(this->_polys[k][i].coefficients());
+                                std::cout << "polys_k_i:" << polys_k_i << std::endl;
+                                std::cout << "U(k,i) (" << std::dec << k << "," <<i << "): " << this->get_U(k,i) << std::endl;
+
                                 accum += factor * (math::polynomial<typename KZGScheme::scalar_value_type>(this->_polys[k][i].coefficients()) - this->get_U(k, i))/this->get_V(this->_points[k][i]);
                                 factor *= gamma;
                             }
@@ -812,6 +916,7 @@ namespace nil {
 
                         //verify without pairing. It's only for debug
                         //if something goes wrong, it may be useful to place here verification with pairings
+                        /*
                         {
                             typename math::polynomial<typename KZGScheme::scalar_value_type> right_side({{0}});
                             factor = KZGScheme::scalar_value_type::one();
@@ -824,7 +929,7 @@ namespace nil {
                                 }
                             }
                             assert(accum * this->get_V(this->_merged_points) == right_side);
-                        }
+                        }*/
                         auto res_commit = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, accum);
                         nil::marshalling::status_type status;
                         std::vector<std::uint8_t> res_bytes = 
@@ -853,6 +958,7 @@ namespace nil {
 
                         for (const auto &it: this->_commitments) {
                             auto k = it.first;
+                            std::cout << "~=~=~=~= batch "<<std::dec << k <<" (size: "<< this->_points.at(k).size() << " ) ~=~=~=~=" << std::endl;
                             for (std::size_t i = 0; i < this->_points.at(k).size(); ++i) {
                                 std::size_t blob_size = this->_commitments.at(k).size() / this->_points.at(k).size();
                                 std::vector<std::uint8_t> byteblob(blob_size);
@@ -861,15 +967,33 @@ namespace nil {
                                     byteblob[j] = this->_commitments.at(k)[i * blob_size + j];
                                 }
                                 nil::marshalling::status_type status;
+//                                dump_vector(byteblob, "demarshalling:");
                                 typename curve_type::template g1_type<>::value_type
                                     i_th_commitment = nil::marshalling::pack(byteblob, status);
+//                                std::cout << std::dec << i << " commitment unpacked: ";
+//                                print_curve_group_element(std::cout, i_th_commitment);
+//                                std::cout << std::endl;
                                 BOOST_ASSERT(status == nil::marshalling::status_type::success);
+                                std::cout << "U(k,i) (" << std::dec << k << "," <<i << "): " << this->get_U(k,i) << std::endl;
                                 auto U_commit = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, this->get_U(k,i));
+                                std::cout << "U_commit: ";
+                                print_curve_group_element(std::cout, U_commit);
+                                std::cout << std::endl;
+
+                                auto diffpoly = set_difference_polynom(_merged_points, this->_points.at(k)[i]);
+                                std::cout << "diffpoly: " << diffpoly << std::endl;
+                                auto cg2 = commit_g2(diffpoly);
+                                std::cout << "cg2:";
+                                print_curve_group_element(std::cout, cg2);
+                                std::cout << std::endl;
 
                                 auto left_side_pairing = nil::crypto3::algebra::pair_reduced<curve_type>(
                                     factor*(i_th_commitment - U_commit),
                                     commit_g2(set_difference_polynom(_merged_points, this->_points.at(k)[i]))
                                 );
+                                std::cout << "lsp:";
+                                print_field_element(std::cout, left_side_pairing);
+                                std::cout << std::endl;
 
                                 left_side_accum = left_side_accum * left_side_pairing;
                                 factor *= gamma;
@@ -884,8 +1008,12 @@ namespace nil {
                             commit_g2(this->get_V(this->_merged_points))
                         );
 
-                        dump_gt(left_side_accum, "left");
-                        dump_gt(right_side_pairing, "right");
+                        std::cout << "left:" << std::endl;
+                        print_field_element(std::cout, left_side_accum);
+                        std::cout << std::endl;
+                        std::cout << "right:" << std::endl;
+                        print_field_element(std::cout, right_side_pairing);
+                        std::cout << std::endl;
 
                         return left_side_accum == right_side_pairing;
                     }
diff --git a/test/commitment/kzg.cpp b/test/commitment/kzg.cpp
index 3bd6b7912..5d28629b6 100644
--- a/test/commitment/kzg.cpp
+++ b/test/commitment/kzg.cpp
@@ -72,7 +72,8 @@ BOOST_AUTO_TEST_SUITE(kzg_test_suite)
 
 BOOST_AUTO_TEST_CASE(kzg_basic_test) {
 
-    typedef algebra::curves::bls12<381> curve_type;
+    typedef algebra::curves::mnt6_298 curve_type;
+    //typedef algebra::curves::bls12<381> curve_type;
     typedef typename curve_type::scalar_field_type::value_type scalar_value_type;
 
     typedef zk::commitments::kzg<curve_type> kzg_type;
diff --git a/test/systems/plonk/placeholder/placeholder.cpp b/test/systems/plonk/placeholder/placeholder.cpp
index dea9722ba..5b8706d2e 100644
--- a/test/systems/plonk/placeholder/placeholder.cpp
+++ b/test/systems/plonk/placeholder/placeholder.cpp
@@ -1339,6 +1339,7 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit2_kzg)
         selector_columns_t,
         usable_rows_t,
         4, true>*/
+        /*
     , placeholder_kzg_test_fixture<
         algebra::curves::mnt4_298,
         hashes::keccak_1600<256>,
@@ -1349,6 +1350,7 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit2_kzg)
         selector_columns_t,
         usable_rows_t,
         4, true>
+        */
     , placeholder_kzg_test_fixture<
         algebra::curves::mnt6_298,
         hashes::keccak_1600<256>,