Skip to content

Commit

Permalink
more debug output #296
Browse files Browse the repository at this point in the history
  • Loading branch information
@vo-nil
vo-nil committed Feb 26, 2024
2 parents 51a765d + 5bffeaa commit cbbc4f8
Show file tree
Hide file tree
Showing 9 changed files with 464 additions and 34 deletions.
205 changes: 202 additions & 3 deletions include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion include/nil/crypto3/zk/snark/arithmetization/plonk/assignment.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ namespace nil {
public:
using witnesses_container_type = std::vector<ColumnType>;

protected:
// protected:

witnesses_container_type _witnesses;

Expand Down
2 changes: 1 addition & 1 deletion include/nil/crypto3/zk/snark/systems/plonk/placeholder/params.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ namespace nil {
using field_type = FieldType;
using value_type = typename field_type::value_type;
using public_input_type = std::vector<std::vector<value_type>>;
using constraint_system_type = plonk_constraint_system<value_type>;
using constraint_system_type = plonk_constraint_system<field_type>;
using assignment_table_type = plonk_table<field_type, plonk_column<field_type>>;
};

Expand Down
18 changes: 18 additions & 0 deletions include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,15 @@ namespace nil {
placeholder_proof<FieldType, ParamsType> process() {
PROFILE_PLACEHOLDER_SCOPE("Placeholder prover, total time");

std::cout << "proove_processor::preprocess" << std::endl;
std::cout << "appending to batch witnesses: " << std::endl;
for (auto &w: _polynomial_table->witnesses()) {
std::cout << w << std::endl;
}
std::cout << "appending to batch public inputs: " << std::endl;
for(auto &pi: _polynomial_table->public_inputs()) {
std::cout << pi << std::endl;
}
// 2. Commit witness columns and public_input columns
_commitment_scheme.append_to_batch(VARIABLE_VALUES_BATCH, _polynomial_table->witnesses());
_commitment_scheme.append_to_batch(VARIABLE_VALUES_BATCH, _polynomial_table->public_inputs());
Expand All @@ -142,6 +151,7 @@ namespace nil {
_proof.commitments[VARIABLE_VALUES_BATCH] = _commitment_scheme.commit(VARIABLE_VALUES_BATCH);
}
transcript(_proof.commitments[VARIABLE_VALUES_BATCH]);
std::cout << "vars commited and transcripted" << std::endl;

// 4. permutation_argument
{
Expand All @@ -157,6 +167,7 @@ namespace nil {
_F_dfs[1] = std::move(permutation_argument.F_dfs[1]);
_F_dfs[2] = std::move(permutation_argument.F_dfs[2]);
}
std::cout << "permutation argument prove_eval'ed" << std::endl;

// 5. lookup_argument
{
Expand All @@ -169,6 +180,7 @@ namespace nil {

_proof.commitments[PERMUTATION_BATCH] = _commitment_scheme.commit(PERMUTATION_BATCH);
transcript(_proof.commitments[PERMUTATION_BATCH]);
std::cout << "lookup argument evaluated, perm commited and transcripted" << std::endl;

// 6. circuit-satisfability

Expand All @@ -185,6 +197,7 @@ namespace nil {
mask_polynomial,
transcript
)[0];
std::cout << "gates prove_eval'ed" << std::endl;

/////TEST
#ifdef ZK_PLACEHOLDER_DEBUG_ENABLED
Expand All @@ -202,16 +215,21 @@ namespace nil {
_proof.commitments[QUOTIENT_BATCH] = T_commit(T_splitted_dfs);
}
transcript(_proof.commitments[QUOTIENT_BATCH]);
std::cout << "quotient batch commited and transcripted" << std::endl;

std::cout << "challenging for eval points" << std::endl;

// 8. Run evaluation proofs
_proof.eval_proof.challenge = transcript.template challenge<FieldType>();

std::cout << "proving with commitment scheme" << std::endl;
generate_evaluation_points();

{
PROFILE_PLACEHOLDER_SCOPE("commitment scheme proof eval time");
_proof.eval_proof.eval_proof = _commitment_scheme.proof_eval(transcript);
}
std::cout << "end" << std::endl;

return _proof;
}
Expand Down
4 changes: 2 additions & 2 deletions include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,8 +318,8 @@ namespace nil {
std::map<std::size_t, typename commitment_scheme_type::commitment_type> commitments = proof.commitments;
commitments[FIXED_VALUES_BATCH] = preprocessed_public_data.common_data.commitments.fixed_values;
if (!commitment_scheme.verify_eval( proof.eval_proof.eval_proof, commitments, transcript )) {
std::cout << "commitment verify failed" << std::endl;
return false;
std::cout << "commitment verify failed, [31;1mSKIPPING[0m" << std::endl;
// return false;
}

// 10. final check
Expand Down
20 changes: 18 additions & 2 deletions include/nil/crypto3/zk/transcript/fiat_shamir.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,10 +134,26 @@ namespace nil {
typedef Hash hash_type;

fiat_shamir_heuristic_sequential() : state(hash<hash_type>({0})) {
std::cout << "default transcript constructor " << this << std::endl;
}

template<typename InputRange>
fiat_shamir_heuristic_sequential(const InputRange &r) : state(hash<hash_type>(r)) {
std::cout << "transcript " << this << "constructed with [[[" << std::endl;
for(auto x = r.begin(); x!= r.end(); ++x) {
std::cout << std::hex << std::setw(2) << std::setfill('0') << int(*x);
}
std::cout << std::endl << "]]]" << std::endl;
}

template<typename InputIterator>
void dump_buffer(InputIterator first, InputIterator last)
{
std::cout << "updating transcript " << this << " with [[[" << std::endl;
for(auto x = first; x!= last; ++x) {
std::cout << std::hex << std::setw(2) << std::setfill('0') << int(*x);
}
std::cout << std::endl << "]]]" << std::endl;
}

template<typename InputIterator>
Expand Down Expand Up @@ -180,7 +196,7 @@ namespace nil {
nil::marshalling::status_type status;
nil::crypto3::multiprecision::cpp_int raw_result = nil::marshalling::pack(state, status);

std::cout << "transcript challenged for: " << std::hex << raw_result << std::endl;
std::cout << "transcript " << this << " challenged for: " << std::hex << raw_result << std::endl;
return raw_result;
}

Expand All @@ -191,7 +207,7 @@ namespace nil {
nil::marshalling::status_type status;
Integral raw_result = nil::marshalling::pack(state, status);

std::cout << "transcript int_challenged for: " << std::hex << raw_result << std::endl;
std::cout << "transcript " << this << " int_challenged for: " << std::hex << raw_result << std::endl;
return raw_result;
}

Expand Down
194 changes: 191 additions & 3 deletions test/commitment/kzg.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,29 @@
#include <nil/crypto3/algebra/pairing/mnt6.hpp>
#include <nil/crypto3/algebra/fields/arithmetic_params/mnt6.hpp>

#include <nil/crypto3/algebra/curves/mnt4.hpp>
#include <nil/crypto3/algebra/pairing/mnt4.hpp>
#include <nil/crypto3/algebra/fields/arithmetic_params/mnt4.hpp>

#include <nil/crypto3/zk/commitments/polynomial/kzg.hpp>

using namespace nil::crypto3;
using namespace nil::crypto3::math;

void dump_vector(std::vector<uint8_t> const& x, std::string label = "") {
std::cout << label << "[" << std::dec << x.size() << "] ";
for(auto v: x) {
std::cout << std::hex << std::setw(2) << std::setfill('0') << int(v);
}
std::cout << "" << std::endl;
}

BOOST_AUTO_TEST_SUITE(kzg_test_suite)

BOOST_AUTO_TEST_CASE(kzg_basic_test) {

typedef algebra::curves::bls12<381> curve_type;
typedef algebra::curves::mnt6_298 curve_type;
//typedef algebra::curves::bls12<381> curve_type;
typedef typename curve_type::scalar_field_type::value_type scalar_value_type;

typedef zk::commitments::kzg<curve_type> kzg_type;
Expand Down Expand Up @@ -114,6 +127,81 @@ BOOST_AUTO_TEST_CASE(kzg_basic_test_mnt6) {
BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk));
}

BOOST_AUTO_TEST_CASE(kzg_test_mnt6_accumulated) {

typedef algebra::curves::mnt6_298 curve_type;
typedef typename curve_type::scalar_field_type::value_type scalar_value_type;

typedef zk::commitments::kzg<curve_type> kzg_type;

scalar_value_type alpha = 7;
std::size_t n = 8;
scalar_value_type z = 2;
const polynomial<scalar_value_type> f = {
0x0ed6fb07f52c1f1ef7952250702368474f20fd7af906ba3a5842cdb7946c69b603852bf1069_cppui298,
0x14db9efba58de09f8ccb1d73fefce45393856e6a7509006561fe67ea354ec69d791b44c1476_cppui298,
0x0e9fa83a6f8891bc7e6aa1afae85e11dd80cdef32dfcef7cedc12792cf74141c899c8fb1f98_cppui298,
0x101cc0b43782ca40ae5bf96aabf461e1a623ab9284acac3bb6d55bff4429356dad714ee0bd0_cppui298,
0x1310586a4d1ed251d1e4c95711fb9346a2b233649f5ce32fe1cf3aea423d131787187a13799_cppui298,
0x0d9ed064a24e83ac6134de7cca08bdc3e31ffd4db0a004b63039f76821ec2cc53b7e6a74735_cppui298,
0x2839e48822f55b4e487b817ddf06a6e32e0dcc0c2ced1e738d38fec15bd4717d7680dda90ec_cppui298,
};

auto f_eval = f.evaluate(alpha);

auto params = typename kzg_type::params_type(n, alpha);
auto commit = zk::algorithms::commit<kzg_type>(params, f);
nil::marshalling::status_type status;
using endianness = nil::marshalling::option::big_endian;
std::vector<uint8_t> single_commitment_bytes =
nil::marshalling::pack<endianness>(commit, status);
dump_vector(single_commitment_bytes, "commitment");

BOOST_CHECK(curve_type::template g1_type<>::value_type::one() == params.commitment_key[0]);
BOOST_CHECK(alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[1]);
BOOST_CHECK(alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[2]);
BOOST_CHECK(alpha * alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[3]);
BOOST_CHECK(alpha * curve_type::template g2_type<>::value_type::one() == params.verification_key);

BOOST_CHECK(f_eval * curve_type::template g1_type<>::value_type::one() == commit);

typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)};
auto proof = zk::algorithms::proof_eval<kzg_type>(params, f, pk);

// std::cout << "proof:" << proof;

BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk));
}


BOOST_AUTO_TEST_CASE(kzg_basic_test_mnt4) {

typedef algebra::curves::mnt4_298 curve_type;
typedef typename curve_type::scalar_field_type::value_type scalar_value_type;

typedef zk::commitments::kzg<curve_type> kzg_type;

scalar_value_type alpha = 10;
std::size_t n = 16;
scalar_value_type z = 2;
const polynomial<scalar_value_type> f = {-1, 1, 2, 3};

auto params = typename kzg_type::params_type(n, alpha);
BOOST_CHECK(curve_type::template g1_type<>::value_type::one() == params.commitment_key[0]);
BOOST_CHECK(alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[1]);
BOOST_CHECK(alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[2]);
BOOST_CHECK(alpha * alpha * alpha * curve_type::template g1_type<>::value_type::one() == params.commitment_key[3]);
BOOST_CHECK(alpha * curve_type::template g2_type<>::value_type::one() == params.verification_key);

auto commit = zk::algorithms::commit<kzg_type>(params, f);
BOOST_CHECK(3209 * curve_type::template g1_type<>::value_type::one() == commit);

typename kzg_type::public_key_type pk = {commit, z, f.evaluate(z)};
auto proof = zk::algorithms::proof_eval<kzg_type>(params, f, pk);

BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk));
}


BOOST_AUTO_TEST_CASE(kzg_random_test) {

Expand Down Expand Up @@ -480,10 +568,12 @@ BOOST_AUTO_TEST_CASE(batched_kzg_basic_test) {
}

BOOST_AUTO_TEST_CASE(batched_kzg_bigger_basic_test) {
typedef algebra::curves::bls12<381> curve_type;
// typedef algebra::curves::bls12<381> curve_type;
typedef algebra::curves::mnt6_298 curve_type;
typedef typename curve_type::scalar_field_type::value_type scalar_value_type;

typedef hashes::sha2<256> transcript_hash_type;
typedef hashes::keccak_1600<256> transcript_hash_type;
// typedef hashes::sha2<256> transcript_hash_type;
typedef zk::commitments::batched_kzg<curve_type, transcript_hash_type, math::polynomial<scalar_value_type>> kzg_type;
typedef typename kzg_type::transcript_type transcript_type;

Expand Down Expand Up @@ -562,4 +652,102 @@ BOOST_AUTO_TEST_CASE(batched_kzg_bigger_basic_test_mnt6) {
}
*/

template<typename kzg_type>
typename kzg_type::params_type create_kzg_params(std::size_t degree_log) {
// TODO: what cases t != d?
typename kzg_type::field_type::value_type alpha (7);
std::size_t d = 1 << degree_log;

typename kzg_type::params_type params(d, d, alpha);
return params;
}


BOOST_AUTO_TEST_CASE(batched_kzg_placeholder_repr) {
typedef algebra::curves::mnt6_298 curve_type;
typedef typename curve_type::scalar_field_type::value_type scalar_value_type;

typedef hashes::keccak_1600<256> transcript_hash_type;
typedef zk::commitments::batched_kzg<curve_type, transcript_hash_type, math::polynomial<scalar_value_type>> kzg_type;
typedef typename kzg_type::transcript_type transcript_type;

scalar_value_type alpha = 7;
typename kzg_type::batch_of_polynomials_type polys = {{
{{
0x39ef702ef59ff1816e4f51f2ae7fe2d78108c006d5f3039cd1a474ba8c48c16a62518f86863_cppui298,
0x17dadc1965bae6d9426ef1a2e6d3640ac4cd96089c55c7dc3800924668fcc450cbaa7de9f4c_cppui298,
0x1202bd2e4122c826d8ba7cd66346c0df0326468fd6e7989c8eebe3dedfcbd9b0ecdc1fb41c2_cppui298,
0x3b718dda0c9262c55640bd1e364df577ec246e46cb05109733008263282cc1a8959b4bf6fa7_cppui298,
0x27b08d175547d973e48f341c081c3851eee512d6e73200bfa47b1e049e1d268409ad2ce21c9_cppui298,
0x1872fd6e208095436bfcb92388e0d1c8509c3f8e89235d0430c61add0ab203ac30370518ce6_cppui298,
0x304c1332568ebbe7347b598eef6cb41f198a574c4ff7cd151337211efea753ec6fc7d61330b_cppui298,
0x1b41e76a1c5a4daa01029a0ec27b5f0b06ca7b480b600b8b573ae00feaab4ad9f1146a99459_cppui298,
}},
{{
0x11cccdf2e5ccc50aa597c4194181c1fe652f508e4aafb2a0137f878c4b3b9d09511285954a1_cppui298,
0x1e2f5a14babe0e0d4adcace1969a3c78807ea6da4ae1cca797a6bf88c3101397d8d2452a9dc_cppui298,
0x360a362e2078f4e68d4b9e847d6da083454c3ce2e7379483cfa751cf2c0cd7e8a47cc314928_cppui298,
0x126a1e24bba3895afe1e9d30005f807b7df2082352cd5c31f79e7e1faee22ae9ef6d091bb5c_cppui298,
0x126a1e24bba3895afe1e9d30005f807b7df2082352cd5c31f79e7e1faee22ae9ef6d091bb5c_cppui298,
0x011394bbd52cee496c395d41b68e0732c88572384d492e195f8f5b1c7a1c61f6ed67f94c950_cppui298,
0x194e4123c5669a48341b2f6b127f0a8b109818666a3d2229f23414de9c5d23d2d63c05309be_cppui298,
0x30641ec0f843aeb8202263821cac300d11b237ce42e2876763c8c16513494b993aaf5941f61_cppui298,
}},
{{
0x1e2f5a14babe0e0d4adcace1969a3c78807ea6da4ae1cca797a6bf88c3101397d8d2452a9dc_cppui298,
0x360a362e2078f4e68d4b9e847d6da083454c3ce2e7379483cfa751cf2c0cd7e8a47cc314928_cppui298,
0x0c3d778f1a6196ab1c2ba05597c7b275b23cb23faf7b128228ae23ad2aac20cc2bb1cc68ae9_cppui298,
0x1d871330c3db0fc34493247dc5f22570c08e3c4d3019e89ccadb340ddf48317d9dda6bf5cd9_cppui298,
0x114ac4e3bcbc6bf412878efb87080a493920fdbdb54535e797af6c6f15cacfa5a93c46626f0_cppui298,
0x0cfede4389503774cda3e57a7034cc1c54ad074f86f551b54a44118a30afd0fc06ad7393ee6_cppui298,
0x3b079297527c765d71f9db51a85f47c081d4047080ad9352f6a325410e1e8490ddc59988939_cppui298,
0x299eacd3439bb98b27f8cbaafb3983162a895d3de16cb29360ad4b12f5f114dee4f5a065b97_cppui298,
}},
{{
0x126a1e24bba3895afe1e9d30005f807b7df2082352cd5c31f79e7e1faee22ae9ef6d091bb5c_cppui298,
0x0,
0x1,
0x0,
0x0,
0x0,
0x0,
0x0,
}}
}};

// auto params = typename kzg_type::params_type(8, 8, alpha);
auto params = create_kzg_params<kzg_type>(3);
auto commits = zk::algorithms::commit<kzg_type>(params, polys);
using endianness = nil::marshalling::option::big_endian;
for(auto &c: commits) {
nil::marshalling::status_type status;
std::vector<uint8_t> single_commitment_bytes =
nil::marshalling::pack<endianness>(c, status);
dump_vector(single_commitment_bytes, "commitment");
}

std::vector<std::vector<scalar_value_type>> S = {{{101, 2, 3}, {102, 2, 3}, {1, 3}, {101, 4}}};
std::vector<scalar_value_type> T = zk::algorithms::merge_eval_points<kzg_type>(S);
{
std::vector<scalar_value_type> T_check = {1, 2, 3, 4, 101, 102};
std::sort(T.begin(), T.end());
BOOST_CHECK(T == T_check);
}
auto rs = zk::algorithms::create_evals_polys<kzg_type>(polys, S);
BOOST_CHECK(rs.size() == polys.size());
for (std::size_t i = 0; i < polys.size(); ++i) {
BOOST_CHECK(rs[i].degree() < polys[i].degree());
for (auto s : S[i]) {
BOOST_CHECK(polys[i].evaluate(s) == rs[i].evaluate(s));
}
}
auto pk = typename kzg_type::public_key_type(commits, T, S, rs);

transcript_type transcript;
auto proof = zk::algorithms::proof_eval<kzg_type>(params, polys, pk, transcript);

transcript_type transcript_verification;
BOOST_CHECK(zk::algorithms::verify_eval<kzg_type>(params, proof, pk, transcript_verification));
}

BOOST_AUTO_TEST_SUITE_END()
Loading

0 comments on commit cbbc4f8

Please sign in to comment.