From 1b10915948b171994abf8a8b1d7e036bd5396596 Mon Sep 17 00:00:00 2001 From: Mikhail Komarov Date: Fri, 7 Jun 2024 08:27:09 +0300 Subject: [PATCH] Minor formatting changes #254 --- .../test/commitment/fold_polynomial.cpp | 40 +- libs/parallel-zk/test/commitment/fri.cpp | 93 +- .../test/commitment/kimchi_pedersen.cpp | 181 ++-- libs/parallel-zk/test/commitment/lpc.cpp | 948 +++++++++--------- .../test/commitment/lpc_performance.cpp | 514 +++++----- .../test/commitment/powers_of_tau.cpp | 322 +++--- .../test/commitment/proof_of_knowledge.cpp | 26 +- .../test/commitment/proof_of_work.cpp | 100 +- .../test/commitment/r1cs_gg_ppzksnark_mpc.cpp | 238 ++--- 9 files changed, 1254 insertions(+), 1208 deletions(-) diff --git a/libs/parallel-zk/test/commitment/fold_polynomial.cpp b/libs/parallel-zk/test/commitment/fold_polynomial.cpp index 42b3205c..a9475c36 100644 --- a/libs/parallel-zk/test/commitment/fold_polynomial.cpp +++ b/libs/parallel-zk/test/commitment/fold_polynomial.cpp @@ -60,7 +60,7 @@ void test_fold_polynomial() { std::size_t d_log = boost::static_log2::value; std::vector>> D = - math::calculate_domain_set(d_log, 1); + math::calculate_domain_set(d_log, 1); math::polynomial f = {{1u, 3u, 4u, 3u}}; @@ -70,12 +70,12 @@ void test_fold_polynomial() { typename FieldType::value_type alpha = algebra::random_element(); math::polynomial f_next = - zk::commitments::detail::fold_polynomial(f, alpha); + zk::commitments::detail::fold_polynomial(f, alpha); BOOST_CHECK_EQUAL(f_next.degree(), f.degree() / 2); - std::vector> interpolation_points { - std::make_pair(omega, f.evaluate(omega)), - std::make_pair(-omega, f.evaluate(-omega)), + std::vector> interpolation_points{ + std::make_pair(omega, f.evaluate(omega)), + std::make_pair(-omega, f.evaluate(-omega)), }; math::polynomial interpolant = math::lagrange_interpolation(interpolation_points); @@ -94,7 +94,7 @@ void test_fold_polynomial_dfs() { std::size_t d_log = boost::static_log2::value; std::vector>> D = - math::calculate_domain_set(d_log, 2); + math::calculate_domain_set(d_log, 2); math::polynomial f = {{1u, 3u, 4u, 3u}}; @@ -114,7 +114,7 @@ void test_fold_polynomial_dfs() { } math::polynomial_dfs f_next_dfs = - zk::commitments::detail::fold_polynomial(f_dfs, alpha, D[0]); + zk::commitments::detail::fold_polynomial(f_dfs, alpha, D[0]); std::vector f_next_vector(f_next_dfs.begin(), f_next_dfs.end()); D[1]->inverse_fft(f_next_vector); math::polynomial f_next(f_next_vector.size()); @@ -123,9 +123,9 @@ void test_fold_polynomial_dfs() { } BOOST_CHECK_EQUAL(f_next.degree(), f.degree() / 2); - std::vector> interpolation_points { - std::make_pair(omega, f.evaluate(omega)), - std::make_pair(-omega, f.evaluate(-omega)), + std::vector> interpolation_points{ + std::make_pair(omega, f.evaluate(omega)), + std::make_pair(-omega, f.evaluate(-omega)), }; math::polynomial interpolant = math::lagrange_interpolation(interpolation_points); @@ -136,21 +136,21 @@ void test_fold_polynomial_dfs() { BOOST_AUTO_TEST_SUITE(fold_polynomial_test_suite) -BOOST_AUTO_TEST_CASE(fold_polynomial_test) { - test_fold_polynomial>(); + BOOST_AUTO_TEST_CASE(fold_polynomial_test) { + test_fold_polynomial>(); - test_fold_polynomial(); + test_fold_polynomial(); - test_fold_polynomial(); -} + test_fold_polynomial(); + } -BOOST_AUTO_TEST_CASE(fold_polynomial_dfs_test) { + BOOST_AUTO_TEST_CASE(fold_polynomial_dfs_test) { - test_fold_polynomial_dfs>(); + test_fold_polynomial_dfs>(); - test_fold_polynomial_dfs(); + test_fold_polynomial_dfs(); - test_fold_polynomial_dfs(); -} + test_fold_polynomial_dfs(); + } BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/parallel-zk/test/commitment/fri.cpp b/libs/parallel-zk/test/commitment/fri.cpp index 1ba05529..c505644b 100644 --- a/libs/parallel-zk/test/commitment/fri.cpp +++ b/libs/parallel-zk/test/commitment/fri.cpp @@ -80,67 +80,70 @@ inline std::vector generate_random_step_list(const std::size_t r, c BOOST_AUTO_TEST_SUITE(fri_test_suite) -BOOST_AUTO_TEST_CASE(fri_basic_test) { + BOOST_AUTO_TEST_CASE(fri_basic_test) { - // setup - using curve_type = algebra::curves::pallas; - using FieldType = typename curve_type::base_field_type; + // setup + using curve_type = algebra::curves::pallas; + using FieldType = typename curve_type::base_field_type; - typedef hashes::sha2<256> merkle_hash_type; - typedef hashes::sha2<256> transcript_hash_type; + typedef hashes::sha2<256> merkle_hash_type; + typedef hashes::sha2<256> transcript_hash_type; - constexpr static const std::size_t d = 16; + constexpr static const std::size_t d = 16; - constexpr static const std::size_t r = boost::static_log2::value; - constexpr static const std::size_t m = 2; - constexpr static const std::size_t lambda = 40; + constexpr static const std::size_t r = boost::static_log2::value; + constexpr static const std::size_t m = 2; + constexpr static const std::size_t lambda = 40; - typedef zk::commitments::fri fri_type; + typedef zk::commitments::fri fri_type; - static_assert(zk::is_commitment::value); - static_assert(!zk::is_commitment::value); + static_assert(zk::is_commitment::value); + static_assert(!zk::is_commitment::value); - typedef typename fri_type::proof_type proof_type; - typedef typename fri_type::params_type params_type; + typedef typename fri_type::proof_type proof_type; + typedef typename fri_type::params_type params_type; - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); - params_type params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1), - 2, //expand_factor - lambda, - true, - 0xFFFFF - ); + params_type params( + d - 1, // max_degree + D, + generate_random_step_list(r, 1), + 2, //expand_factor + lambda, + true, + 0xFFFFF + ); - BOOST_CHECK(D[1]->m == D[0]->m / 2); - BOOST_CHECK(D[1]->get_domain_element(1) == D[0]->get_domain_element(1).squared()); + BOOST_CHECK(D[1]->m == D[0]->m / 2); + BOOST_CHECK(D[1]->get_domain_element(1) == D[0]->get_domain_element(1).squared()); - // commit - math::polynomial f = {{1u, 3u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}}; + // commit + math::polynomial f = { + {1u, 3u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}}; - typename fri_type::merkle_tree_type tree = zk::algorithms::precommit(f, params.D[0], params.step_list[0]); - auto root = zk::algorithms::commit(tree); + typename fri_type::merkle_tree_type tree = zk::algorithms::precommit(f, params.D[0], + params.step_list[0]); + auto root = zk::algorithms::commit(tree); - // eval - std::vector init_blob {0u, 1u, 2u, 3u, 4u, 5u, 6u, 7u, 8u, 9u}; - zk::transcript::fiat_shamir_heuristic_sequential transcript(init_blob); + // eval + std::vector init_blob{0u, 1u, 2u, 3u, 4u, 5u, 6u, 7u, 8u, 9u}; + zk::transcript::fiat_shamir_heuristic_sequential transcript(init_blob); - proof_type proof = zk::algorithms::proof_eval(f, tree, params, transcript); + proof_type proof = zk::algorithms::proof_eval(f, tree, params, transcript); - // verify - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(init_blob); + // verify + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(init_blob); - BOOST_CHECK(zk::algorithms::verify_eval(proof, root, params, transcript_verifier)); + BOOST_CHECK(zk::algorithms::verify_eval(proof, root, params, transcript_verifier)); + + typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); + typename FieldType::value_type prover_next_challenge = transcript.template challenge(); + BOOST_CHECK(verifier_next_challenge == prover_next_challenge); + } - typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); - typename FieldType::value_type prover_next_challenge = transcript.template challenge(); - BOOST_CHECK(verifier_next_challenge == prover_next_challenge); -} BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/parallel-zk/test/commitment/kimchi_pedersen.cpp b/libs/parallel-zk/test/commitment/kimchi_pedersen.cpp index 0259665a..6c757c18 100644 --- a/libs/parallel-zk/test/commitment/kimchi_pedersen.cpp +++ b/libs/parallel-zk/test/commitment/kimchi_pedersen.cpp @@ -88,10 +88,11 @@ struct aggregated_evaluation_proof { batchproof_type verify_type() { std::vector coms; - for (auto &eval_com : eval_commitments) { + for (auto &eval_com: eval_commitments) { assert(eval_points.size() == eval_com.chunked_evals.size()); coms.push_back( - evaluation_type({eval_com.commit.chunked_commitment, eval_com.chunked_evals, (int)eval_com.commit.bound})); + evaluation_type( + {eval_com.commit.chunked_commitment, eval_com.chunked_evals, (int) eval_com.commit.bound})); } return batchproof_type({fq_sponge, coms, eval_points, polymask, evalmask, proof}); @@ -103,14 +104,14 @@ struct chunked_polynomial { unsigned int chunk_size; chunked_polynomial(math::polynomial &big_polynomial, unsigned int chunk_size) : - chunk_size(chunk_size) { + chunk_size(chunk_size) { unsigned int number_of_chunks = - big_polynomial.size() / chunk_size + (big_polynomial.size() % chunk_size ? 1 : 0); + big_polynomial.size() / chunk_size + (big_polynomial.size() % chunk_size ? 1 : 0); for (unsigned int i = 0; i < number_of_chunks; ++i) { auto iter_chunk_begin = big_polynomial.begin() + i * chunk_size; auto iter_chunk_end = - big_polynomial.begin() + (i == number_of_chunks - 1 ? big_polynomial.size() : (i + 1) * chunk_size); + big_polynomial.begin() + (i == number_of_chunks - 1 ? big_polynomial.size() : (i + 1) * chunk_size); chunked_polynomials.emplace_back(iter_chunk_begin, iter_chunk_end); } } @@ -118,7 +119,7 @@ struct chunked_polynomial { std::vector evaluate_chunks(scalar_value_type &point) { std::vector result; - for (auto &a : chunked_polynomials) { + for (auto &a: chunked_polynomials) { result.push_back(a.evaluate(point)); } @@ -128,122 +129,124 @@ struct chunked_polynomial { BOOST_AUTO_TEST_SUITE(kimchi_commitment_test_suite) -BOOST_AUTO_TEST_CASE(kimchi_commitment_test_opening_proof) { - snark::group_map g_map; - sponge_type fq_sponge; - params_type params = kimchi_pedersen::setup(20); + BOOST_AUTO_TEST_CASE(kimchi_commitment_test_opening_proof) { + snark::group_map g_map; + sponge_type fq_sponge; + params_type params = kimchi_pedersen::setup(20); - std::vector coeffs; - for (int i = 0; i < 10; ++i) { - coeffs.emplace_back(i); - } + std::vector coeffs; + for (int i = 0; i < 10; ++i) { + coeffs.emplace_back(i); + } - math::polynomial poly1(coeffs); - math::polynomial poly2(coeffs.begin(), coeffs.begin() + 5); + math::polynomial poly1(coeffs); + math::polynomial poly2(coeffs.begin(), coeffs.begin() + 5); - blinded_commitment_type commitment = kimchi_pedersen::commitment(params, poly1, -1); - blinded_commitment_type bounded_commitment = kimchi_pedersen::commitment(params, poly2, poly2.degree() + 1); + blinded_commitment_type commitment = kimchi_pedersen::commitment(params, poly1, -1); + blinded_commitment_type bounded_commitment = kimchi_pedersen::commitment(params, poly2, poly2.degree() + 1); - scalar_value_type u = algebra::random_element(); - scalar_value_type v = algebra::random_element(); + scalar_value_type u = algebra::random_element(); + scalar_value_type v = algebra::random_element(); - polynomial_type polys {{poly1, -1, std::get<1>(commitment)}, - {poly2, static_cast(poly2.degree() + 1), std::get<1>(bounded_commitment)}}; + polynomial_type polys{{poly1, -1, std::get<1>(commitment)}, + {poly2, static_cast(poly2.degree() + 1), std::get<1>(bounded_commitment)}}; - std::vector elm {algebra::random_element(), - algebra::random_element()}; + std::vector elm{algebra::random_element(), + algebra::random_element()}; - proof_type proof = kimchi_pedersen::proof_eval(params, g_map, polys, elm, v, u, fq_sponge); + proof_type proof = kimchi_pedersen::proof_eval(params, g_map, polys, elm, v, u, fq_sponge); - chunked_polynomial poly1_chunked(poly1, params.g.size()); - chunked_polynomial poly2_chunked(poly2, params.g.size()); + chunked_polynomial poly1_chunked(poly1, params.g.size()); + chunked_polynomial poly2_chunked(poly2, params.g.size()); - std::vector> poly1_chunked_evals = {poly1_chunked.evaluate_chunks(elm[0]), - poly1_chunked.evaluate_chunks(elm[1])}; - std::vector> poly2_chunked_evals = {poly2_chunked.evaluate_chunks(elm[0]), - poly2_chunked.evaluate_chunks(elm[1])}; + std::vector> poly1_chunked_evals = {poly1_chunked.evaluate_chunks(elm[0]), + poly1_chunked.evaluate_chunks(elm[1])}; + std::vector> poly2_chunked_evals = {poly2_chunked.evaluate_chunks(elm[0]), + poly2_chunked.evaluate_chunks(elm[1])}; - std::vector evals; - evals.emplace_back(std::get<0>(commitment), poly1_chunked_evals, -1); - evals.emplace_back(std::get<0>(bounded_commitment), poly2_chunked_evals, poly2.degree() + 1); - sponge_type new_fq_sponge; - std::vector batch; - batch.emplace_back(new_fq_sponge, evals, elm, v, u, proof); + std::vector evals; + evals.emplace_back(std::get<0>(commitment), poly1_chunked_evals, -1); + evals.emplace_back(std::get<0>(bounded_commitment), poly2_chunked_evals, poly2.degree() + 1); + sponge_type new_fq_sponge; + std::vector batch; + batch.emplace_back(new_fq_sponge, evals, elm, v, u, proof); - BOOST_CHECK(kimchi_pedersen::verify_eval(params, g_map, batch)); -} + BOOST_CHECK(kimchi_pedersen::verify_eval(params, g_map, batch)); + } -BOOST_AUTO_TEST_CASE(kimchi_commitment_test_case) { + BOOST_AUTO_TEST_CASE(kimchi_commitment_test_case) { - snark::group_map g_map; - sponge_type fq_sponge; - params_type params = kimchi_pedersen::setup(1 << 7); + snark::group_map g_map; + sponge_type fq_sponge; + params_type params = kimchi_pedersen::setup(1 << 7); + + std::vector proofs; - std::vector proofs; + std::size_t count_eval_proofs = 1; + for (std::size_t i = 0; i < count_eval_proofs; ++i) { + std::vector eval_points(7); - std::size_t count_eval_proofs = 1; - for (std::size_t i = 0; i < count_eval_proofs; ++i) { - std::vector eval_points(7); - - // Random_element is called with the default parameter, yet we need to wrap it in a lamda. - std::generate(eval_points.begin(), eval_points.end(), - [](){return algebra::random_element();}); + // Random_element is called with the default parameter, yet we need to wrap it in a lamda. + std::generate(eval_points.begin(), eval_points.end(), + []() { return algebra::random_element(); }); - std::vector commitments; + std::vector commitments; - for (unsigned int i = 0; i < 3; ++i) { - unsigned int len = std::rand() % 500; - std::vector polynom_coeffs(len); + for (unsigned int i = 0; i < 3; ++i) { + unsigned int len = std::rand() % 500; + std::vector polynom_coeffs(len); - // Random_element is called with the default parameter, yet we need to wrap it in a lamda. - std::generate(polynom_coeffs.begin(), polynom_coeffs.end(), [](){return algebra::random_element();}); - unsigned int bound = polynom_coeffs.size(); + // Random_element is called with the default parameter, yet we need to wrap it in a lamda. + std::generate(polynom_coeffs.begin(), polynom_coeffs.end(), + []() { return algebra::random_element(); }); + unsigned int bound = polynom_coeffs.size(); - math::polynomial poly(polynom_coeffs.begin(), polynom_coeffs.end()); + math::polynomial poly(polynom_coeffs.begin(), polynom_coeffs.end()); - blinded_commitment_type blinded_commitment = kimchi_pedersen::commitment(params, poly, bound); + blinded_commitment_type blinded_commitment = kimchi_pedersen::commitment(params, poly, bound); - std::vector> chunked_evals; + std::vector> chunked_evals; - chunked_polynomial chunked_poly(poly, params.g.size()); + chunked_polynomial chunked_poly(poly, params.g.size()); - for (auto &point : eval_points) { - chunked_evals.emplace_back(chunked_poly.evaluate_chunks(point)); + for (auto &point: eval_points) { + chunked_evals.emplace_back(chunked_poly.evaluate_chunks(point)); + } + + Commitment commit{std::get<0>(blinded_commitment), bound}; + evaluated_commitment eval_commit{commit, chunked_evals}; + commitments.emplace_back(CommitmentAndSecrets({eval_commit, poly, std::get<1>(blinded_commitment)})); } - Commitment commit {std::get<0>(blinded_commitment), bound}; - evaluated_commitment eval_commit {commit, chunked_evals}; - commitments.emplace_back(CommitmentAndSecrets({eval_commit, poly, std::get<1>(blinded_commitment)})); - } + polynomial_type polynomials; - polynomial_type polynomials; + for (auto &c: commitments) { + polynomials.emplace_back(c.poly, c.eval_commit.commit.bound, c.chunked_blinding); + } - for (auto &c : commitments) { - polynomials.emplace_back(c.poly, c.eval_commit.commit.bound, c.chunked_blinding); - } + scalar_value_type polymask = algebra::random_element(); + scalar_value_type evalmask = algebra::random_element(); - scalar_value_type polymask = algebra::random_element(); - scalar_value_type evalmask = algebra::random_element(); + proof_type proof = + kimchi_pedersen::proof_eval(params, g_map, polynomials, eval_points, polymask, evalmask, fq_sponge); - proof_type proof = - kimchi_pedersen::proof_eval(params, g_map, polynomials, eval_points, polymask, evalmask, fq_sponge); + std::vector eval_commitments; + for (auto &c: commitments) { + eval_commitments.emplace_back(c.eval_commit); + } - std::vector eval_commitments; - for (auto &c : commitments) { - eval_commitments.emplace_back(c.eval_commit); + sponge_type new_fq_sponge; + proofs.emplace_back( + aggregated_evaluation_proof( + {eval_points, eval_commitments, polymask, evalmask, new_fq_sponge, proof})); } - sponge_type new_fq_sponge; - proofs.emplace_back( - aggregated_evaluation_proof({eval_points, eval_commitments, polymask, evalmask, new_fq_sponge, proof})); - } + std::vector batch; + for (auto &proof: proofs) { + batch.emplace_back(proof.verify_type()); + } - std::vector batch; - for (auto &proof : proofs) { - batch.emplace_back(proof.verify_type()); + BOOST_CHECK(kimchi_pedersen::verify_eval(params, g_map, batch)); } - BOOST_CHECK(kimchi_pedersen::verify_eval(params, g_map, batch)); -} - BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/parallel-zk/test/commitment/lpc.cpp b/libs/parallel-zk/test/commitment/lpc.cpp index 8ab0adc7..47e66d62 100644 --- a/libs/parallel-zk/test/commitment/lpc.cpp +++ b/libs/parallel-zk/test/commitment/lpc.cpp @@ -58,7 +58,8 @@ using namespace nil::crypto3; using dist_type = std::uniform_int_distribution; -inline std::vector generate_random_step_list(const std::size_t r, const std::size_t max_step, boost::random::mt11213b &rnd) { +inline std::vector +generate_random_step_list(const std::size_t r, const std::size_t max_step, boost::random::mt11213b &rnd) { std::vector step_list; std::size_t steps_sum = 0; while (steps_sum != r) { @@ -77,51 +78,51 @@ inline std::vector generate_random_step_list(const std::size_t r, c return step_list; } -template +template inline math::polynomial generate_random_polynomial( - std::size_t degree, - nil::crypto3::random::algebraic_engine &rnd -){ + std::size_t degree, + nil::crypto3::random::algebraic_engine &rnd +) { math::polynomial result(degree); std::generate(std::begin(result), std::end(result), [&rnd]() { return rnd(); }); return result; } -template +template inline math::polynomial_dfs generate_random_polynomial_dfs( - std::size_t degree, - nil::crypto3::random::algebraic_engine &rnd -){ + std::size_t degree, + nil::crypto3::random::algebraic_engine &rnd +) { math::polynomial data = generate_random_polynomial(degree, rnd); math::polynomial_dfs result; result.from_coefficients(data); return result; } -template +template inline std::vector> generate_random_polynomial_batch( - std::size_t batch_size, - std::size_t degree, - nil::crypto3::random::algebraic_engine &rnd -){ + std::size_t batch_size, + std::size_t degree, + nil::crypto3::random::algebraic_engine &rnd +) { std::vector> result; - for( std::size_t i = 0; i < batch_size; i++ ){ + for (std::size_t i = 0; i < batch_size; i++) { result.push_back(generate_random_polynomial(degree, rnd)); } return result; } -template +template inline std::vector> generate_random_polynomial_dfs_batch( - std::size_t batch_size, - std::size_t degree, - nil::crypto3::random::algebraic_engine &rnd -){ + std::size_t batch_size, + std::size_t degree, + nil::crypto3::random::algebraic_engine &rnd +) { auto data = generate_random_polynomial_batch(batch_size, degree, rnd); std::vector> result; - for( std::size_t i = 0; i < data.size(); i++ ){ + for (std::size_t i = 0; i < data.size(); i++) { math::polynomial_dfs dfs; dfs.from_coefficients(data[i]); result.push_back(dfs); @@ -131,514 +132,527 @@ inline std::vector> generat std::size_t test_global_seed = 0; boost::random::mt11213b test_global_rnd_engine; -template +template nil::crypto3::random::algebraic_engine test_global_alg_rnd_engine; struct test_fixture { // Enumerate all fields used in tests; using field1_type = algebra::curves::bls12<381>::scalar_field_type; - test_fixture(){ + test_fixture() { test_global_seed = 0; - for( std::size_t i = 0; i < std::size_t(boost::unit_test::framework::master_test_suite().argc - 1); i++){ - if(std::string(boost::unit_test::framework::master_test_suite().argv[i]) == "--seed"){ - if(std::string(boost::unit_test::framework::master_test_suite().argv[i+1]) == "random"){ + for (std::size_t i = 0; i < std::size_t(boost::unit_test::framework::master_test_suite().argc - 1); i++) { + if (std::string(boost::unit_test::framework::master_test_suite().argv[i]) == "--seed") { + if (std::string(boost::unit_test::framework::master_test_suite().argv[i + 1]) == "random") { std::random_device rd; test_global_seed = rd(); std::cout << "Random seed=" << test_global_seed << std::endl; break; } - if(std::regex_match( boost::unit_test::framework::master_test_suite().argv[i+1], std::regex( ( "((\\+|-)?[[:digit:]]+)(\\.(([[:digit:]]+)?))?" ) ) ) ){ - test_global_seed = atoi(boost::unit_test::framework::master_test_suite().argv[i+1]); + if (std::regex_match(boost::unit_test::framework::master_test_suite().argv[i + 1], + std::regex(("((\\+|-)?[[:digit:]]+)(\\.(([[:digit:]]+)?))?")))) { + test_global_seed = atoi(boost::unit_test::framework::master_test_suite().argv[i + 1]); break; } } } BOOST_TEST_MESSAGE("test_global_seed = " << test_global_seed); - test_global_rnd_engine = boost::random::mt11213b(test_global_seed); + test_global_rnd_engine = boost::random::mt11213b(test_global_seed); test_global_alg_rnd_engine = nil::crypto3::random::algebraic_engine(test_global_seed); } - ~test_fixture(){} + + ~test_fixture() {} }; BOOST_AUTO_TEST_SUITE(lpc_math_polynomial_suite); -BOOST_FIXTURE_TEST_CASE(lpc_basic_test, test_fixture) { - // Setup types. - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - typedef hashes::sha2<256> merkle_hash_type; - typedef hashes::sha2<256> transcript_hash_type; - typedef typename containers::merkle_tree merkle_tree_type; + BOOST_FIXTURE_TEST_CASE(lpc_basic_test, test_fixture) { + // Setup types. + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; + typedef hashes::sha2<256> merkle_hash_type; + typedef hashes::sha2<256> transcript_hash_type; + typedef typename containers::merkle_tree merkle_tree_type; - constexpr static const std::size_t lambda = 10; - constexpr static const std::size_t k = 1; + constexpr static const std::size_t lambda = 10; + constexpr static const std::size_t k = 1; - constexpr static const std::size_t d = 16; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + constexpr static const std::size_t d = 16; + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - constexpr static const std::size_t m = 2; + constexpr static const std::size_t m = 2; - typedef zk::commitments::fri fri_type; + typedef zk::commitments::fri fri_type; - typedef zk::commitments:: + typedef zk::commitments:: list_polynomial_commitment_params - lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - static_assert(zk::is_commitment::value); - static_assert(zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - - // Setup params - typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor - lambda, - true, - 0xFFF - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - // Generate polynomials - lpc_scheme_prover.append_to_batch(0, {1u, 13u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}); - lpc_scheme_prover.append_to_batch(1, {0u, 1u}); - lpc_scheme_prover.append_to_batch(1, {0u, 1u, 2u}); - lpc_scheme_prover.append_to_batch(1, {0u, 1u, 3u}); - lpc_scheme_prover.append_to_batch(2, {0u}); - lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(4, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(9, test_global_alg_rnd_engine)); - - // Commit - std::map commitments; - commitments[0] = lpc_scheme_prover.commit(0); - commitments[1] = lpc_scheme_prover.commit(1); - commitments[2] = lpc_scheme_prover.commit(2); - commitments[3] = lpc_scheme_prover.commit(3); - - // Generate evaluation points. Choose poin1ts outside the domain - auto point = algebra::fields::arithmetic_params::multiplicative_generator; - lpc_scheme_prover.append_eval_point(0, point); - lpc_scheme_prover.append_eval_point(1, point); - lpc_scheme_prover.append_eval_point(2, point); - lpc_scheme_prover.append_eval_point(3, point); - - std::array x_data {}; - - // Prove - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - auto proof = lpc_scheme_prover.proof_eval(transcript); - - // Verify - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); - lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); - lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); - - lpc_scheme_verifier.append_eval_point(0, point); - lpc_scheme_verifier.append_eval_point(1, point); - lpc_scheme_verifier.append_eval_point(2, point); - lpc_scheme_verifier.append_eval_point(3, point); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - - // Check transcript state - typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); - typename FieldType::value_type prover_next_challenge = transcript.template challenge(); - BOOST_CHECK(verifier_next_challenge == prover_next_challenge); -} + lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + static_assert(zk::is_commitment::value); + static_assert(zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); + + + // Setup params + typename fri_type::params_type fri_params( + d - 1, // max_degree + D, + generate_random_step_list(r, 1, test_global_rnd_engine), + 2, //expand_factor + lambda, + true, + 0xFFF + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + // Generate polynomials + lpc_scheme_prover.append_to_batch(0, {1u, 13u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}); + lpc_scheme_prover.append_to_batch(1, {0u, 1u}); + lpc_scheme_prover.append_to_batch(1, {0u, 1u, 2u}); + lpc_scheme_prover.append_to_batch(1, {0u, 1u, 3u}); + lpc_scheme_prover.append_to_batch(2, {0u}); + lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(4, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(9, test_global_alg_rnd_engine)); + + // Commit + std::map commitments; + commitments[0] = lpc_scheme_prover.commit(0); + commitments[1] = lpc_scheme_prover.commit(1); + commitments[2] = lpc_scheme_prover.commit(2); + commitments[3] = lpc_scheme_prover.commit(3); + + // Generate evaluation points. Choose poin1ts outside the domain + auto point = algebra::fields::arithmetic_params::multiplicative_generator; + lpc_scheme_prover.append_eval_point(0, point); + lpc_scheme_prover.append_eval_point(1, point); + lpc_scheme_prover.append_eval_point(2, point); + lpc_scheme_prover.append_eval_point(3, point); + + std::array x_data{}; + + // Prove + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + auto proof = lpc_scheme_prover.proof_eval(transcript); + + // Verify + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); + lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); + lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); + + lpc_scheme_verifier.append_eval_point(0, point); + lpc_scheme_verifier.append_eval_point(1, point); + lpc_scheme_verifier.append_eval_point(2, point); + lpc_scheme_verifier.append_eval_point(3, point); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + + // Check transcript state + typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); + typename FieldType::value_type prover_next_challenge = transcript.template challenge(); + BOOST_CHECK(verifier_next_challenge == prover_next_challenge); + } -BOOST_FIXTURE_TEST_CASE(lpc_basic_skipping_layers_test, test_fixture) { - // Setup types - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; + BOOST_FIXTURE_TEST_CASE(lpc_basic_skipping_layers_test, test_fixture) { + // Setup types + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; - typedef hashes::sha2<256> merkle_hash_type; - typedef hashes::sha2<256> transcript_hash_type; + typedef hashes::sha2<256> merkle_hash_type; + typedef hashes::sha2<256> transcript_hash_type; - typedef typename containers::merkle_tree merkle_tree_type; + typedef typename containers::merkle_tree merkle_tree_type; - constexpr static const std::size_t lambda = 10; - constexpr static const std::size_t k = 1; + constexpr static const std::size_t lambda = 10; + constexpr static const std::size_t k = 1; - constexpr static const std::size_t d = 2048; + constexpr static const std::size_t d = 2048; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - constexpr static const std::size_t m = 2; + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + constexpr static const std::size_t m = 2; - typedef zk::commitments::fri fri_type; + typedef zk::commitments::fri fri_type; - typedef zk::commitments:: + typedef zk::commitments:: list_polynomial_commitment_params - lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - static_assert(zk::is_commitment::value); - static_assert(zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - typedef zk::commitments::fri fri_type; - - // Setup params - typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 5, test_global_rnd_engine), - 2, //expand_factor - lambda - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - // Generate polynomials - lpc_scheme_prover.append_to_batch(0, generate_random_polynomial_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(1, generate_random_polynomial_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(2, generate_random_polynomial_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(3, generate_random_polynomial_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - - std::map commitments; - commitments[0] = lpc_scheme_prover.commit(0); - commitments[1] = lpc_scheme_prover.commit(1); - commitments[2] = lpc_scheme_prover.commit(2); - commitments[3] = lpc_scheme_prover.commit(3); - - // Generate evaluation points. Choose poin1ts outside the domain - auto point = algebra::fields::arithmetic_params::multiplicative_generator; - lpc_scheme_prover.append_eval_point(0, point); - lpc_scheme_prover.append_eval_point(1, point); - lpc_scheme_prover.append_eval_point(2, point); - lpc_scheme_prover.append_eval_point(3, point); - - std::array x_data {}; - - // Prove - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - auto proof = lpc_scheme_prover.proof_eval(transcript); - - // Verify - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); - lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); - lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); - - lpc_scheme_verifier.append_eval_point(0, point); - lpc_scheme_verifier.append_eval_point(1, point); - lpc_scheme_verifier.append_eval_point(2, point); - lpc_scheme_verifier.append_eval_point(3, point); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - - // Check transcript state - typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); - typename FieldType::value_type prover_next_challenge = transcript.template challenge(); - BOOST_CHECK(verifier_next_challenge == prover_next_challenge); -} + lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + static_assert(zk::is_commitment::value); + static_assert(zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); + + typedef zk::commitments::fri fri_type; + + // Setup params + typename fri_type::params_type fri_params( + d - 1, // max_degree + D, + generate_random_step_list(r, 5, test_global_rnd_engine), + 2, //expand_factor + lambda + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + // Generate polynomials + lpc_scheme_prover.append_to_batch(0, generate_random_polynomial_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(1, generate_random_polynomial_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(2, generate_random_polynomial_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(3, generate_random_polynomial_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + + std::map commitments; + commitments[0] = lpc_scheme_prover.commit(0); + commitments[1] = lpc_scheme_prover.commit(1); + commitments[2] = lpc_scheme_prover.commit(2); + commitments[3] = lpc_scheme_prover.commit(3); + + // Generate evaluation points. Choose poin1ts outside the domain + auto point = algebra::fields::arithmetic_params::multiplicative_generator; + lpc_scheme_prover.append_eval_point(0, point); + lpc_scheme_prover.append_eval_point(1, point); + lpc_scheme_prover.append_eval_point(2, point); + lpc_scheme_prover.append_eval_point(3, point); + + std::array x_data{}; + + // Prove + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + auto proof = lpc_scheme_prover.proof_eval(transcript); + + // Verify + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); + lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); + lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); + + lpc_scheme_verifier.append_eval_point(0, point); + lpc_scheme_verifier.append_eval_point(1, point); + lpc_scheme_verifier.append_eval_point(2, point); + lpc_scheme_verifier.append_eval_point(3, point); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + + // Check transcript state + typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); + typename FieldType::value_type prover_next_challenge = transcript.template challenge(); + BOOST_CHECK(verifier_next_challenge == prover_next_challenge); + } -BOOST_FIXTURE_TEST_CASE(lpc_dfs_basic_test, test_fixture) { - // Setup types - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; + BOOST_FIXTURE_TEST_CASE(lpc_dfs_basic_test, test_fixture) { + // Setup types + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; - typedef hashes::sha2<256> merkle_hash_type; - typedef hashes::sha2<256> transcript_hash_type; + typedef hashes::sha2<256> merkle_hash_type; + typedef hashes::sha2<256> transcript_hash_type; - typedef typename containers::merkle_tree merkle_tree_type; + typedef typename containers::merkle_tree merkle_tree_type; - constexpr static const std::size_t lambda = 10; - constexpr static const std::size_t k = 1; + constexpr static const std::size_t lambda = 10; + constexpr static const std::size_t k = 1; - constexpr static const std::size_t d = 16; + constexpr static const std::size_t d = 16; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - constexpr static const std::size_t m = 2; + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + constexpr static const std::size_t m = 2; - typedef zk::commitments::fri fri_type; + typedef zk::commitments::fri fri_type; - typedef zk::commitments:: + typedef zk::commitments:: list_polynomial_commitment_params - lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - static_assert(zk::is_commitment::value); - static_assert(zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - - // Setup params - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r+1); - - // Setup params - typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor - lambda, - true - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - // Generate polynomials - std::array>,4> f; - lpc_scheme_prover.append_to_batch(0, generate_random_polynomial_dfs_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(1, generate_random_polynomial_dfs_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(2, generate_random_polynomial_dfs_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(3, generate_random_polynomial_dfs_batch(dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); - - std::map commitments; - commitments[0] = lpc_scheme_prover.commit(0); - commitments[1] = lpc_scheme_prover.commit(1); - commitments[2] = lpc_scheme_prover.commit(2); - commitments[3] = lpc_scheme_prover.commit(3); - - // Generate evaluation points. Choose poin1ts outside the domain - auto point = algebra::fields::arithmetic_params::multiplicative_generator; - lpc_scheme_prover.append_eval_point(0, point); - lpc_scheme_prover.append_eval_point(1, point); - lpc_scheme_prover.append_eval_point(2, point); - lpc_scheme_prover.append_eval_point(3, point); - - std::array x_data {}; - - // Prove - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - auto proof = lpc_scheme_prover.proof_eval(transcript); - - // Verify - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); - lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); - lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); - - lpc_scheme_verifier.append_eval_point(0, point); - lpc_scheme_verifier.append_eval_point(1, point); - lpc_scheme_verifier.append_eval_point(2, point); - lpc_scheme_verifier.append_eval_point(3, point); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - - // Check transcript state - typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); - typename FieldType::value_type prover_next_challenge = transcript.template challenge(); - BOOST_CHECK(verifier_next_challenge == prover_next_challenge); -} + lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + static_assert(zk::is_commitment::value); + static_assert(zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + + // Setup params + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r + 1); + + // Setup params + typename fri_type::params_type fri_params( + d - 1, // max_degree + D, + generate_random_step_list(r, 1, test_global_rnd_engine), + 2, //expand_factor + lambda, + true + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + // Generate polynomials + std::array>, 4> f; + lpc_scheme_prover.append_to_batch(0, generate_random_polynomial_dfs_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(1, generate_random_polynomial_dfs_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(2, generate_random_polynomial_dfs_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(3, generate_random_polynomial_dfs_batch( + dist_type(1, 10)(test_global_rnd_engine), d, test_global_alg_rnd_engine)); + + std::map commitments; + commitments[0] = lpc_scheme_prover.commit(0); + commitments[1] = lpc_scheme_prover.commit(1); + commitments[2] = lpc_scheme_prover.commit(2); + commitments[3] = lpc_scheme_prover.commit(3); + + // Generate evaluation points. Choose poin1ts outside the domain + auto point = algebra::fields::arithmetic_params::multiplicative_generator; + lpc_scheme_prover.append_eval_point(0, point); + lpc_scheme_prover.append_eval_point(1, point); + lpc_scheme_prover.append_eval_point(2, point); + lpc_scheme_prover.append_eval_point(3, point); + + std::array x_data{}; + + // Prove + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + auto proof = lpc_scheme_prover.proof_eval(transcript); + + // Verify + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); + lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); + lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); + + lpc_scheme_verifier.append_eval_point(0, point); + lpc_scheme_verifier.append_eval_point(1, point); + lpc_scheme_verifier.append_eval_point(2, point); + lpc_scheme_verifier.append_eval_point(3, point); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + + // Check transcript state + typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); + typename FieldType::value_type prover_next_challenge = transcript.template challenge(); + BOOST_CHECK(verifier_next_challenge == prover_next_challenge); + } + BOOST_AUTO_TEST_SUITE_END() BOOST_AUTO_TEST_SUITE(lpc_params_test_suite) -BOOST_FIXTURE_TEST_CASE(lpc_batches_num_3_test, test_fixture){ - // Setup types. - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - typedef hashes::sha2<256> merkle_hash_type; - typedef hashes::sha2<256> transcript_hash_type; - typedef typename containers::merkle_tree merkle_tree_type; - constexpr static const std::size_t lambda = 40; - constexpr static const std::size_t k = 1; + BOOST_FIXTURE_TEST_CASE(lpc_batches_num_3_test, test_fixture) { + // Setup types. + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; + typedef hashes::sha2<256> merkle_hash_type; + typedef hashes::sha2<256> transcript_hash_type; + typedef typename containers::merkle_tree merkle_tree_type; + + constexpr static const std::size_t lambda = 40; + constexpr static const std::size_t k = 1; - constexpr static const std::size_t d = 16; + constexpr static const std::size_t d = 16; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - constexpr static const std::size_t m = 2; + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + constexpr static const std::size_t m = 2; - typedef zk::commitments::fri fri_type; + typedef zk::commitments::fri fri_type; - typedef zk::commitments:: + typedef zk::commitments:: list_polynomial_commitment_params - lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - static_assert(zk::is_commitment::value); - static_assert(zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor - lambda, - true, - 0xFF - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - // Generate polynomials - lpc_scheme_prover.append_to_batch(0, {1u, 13u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}); - lpc_scheme_prover.append_to_batch(2, {0u, 1u}); - lpc_scheme_prover.append_to_batch(2, {0u, 1u, 2u}); - lpc_scheme_prover.append_to_batch(2, {0u, 1u, 3u}); - lpc_scheme_prover.append_to_batch(3, {0u}); - - // Commit - std::map commitments; - commitments[0] = lpc_scheme_prover.commit(0); - commitments[2] = lpc_scheme_prover.commit(2); - commitments[3] = lpc_scheme_prover.commit(3); - - // Generate evaluation points. Generate points outside of the basic domain - // Generate evaluation points. Choose poin1ts outside the domain - auto point = algebra::fields::arithmetic_params::multiplicative_generator; - lpc_scheme_prover.append_eval_point(0, point); - lpc_scheme_prover.append_eval_point(2, point); - lpc_scheme_prover.append_eval_point(3, point); - - std::array x_data {}; - - // Prove - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - auto proof = lpc_scheme_prover.proof_eval(transcript); - - // Verify - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); - lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); - - lpc_scheme_verifier.append_eval_point(0, point); - lpc_scheme_verifier.append_eval_point(2, point); - lpc_scheme_verifier.append_eval_point(3, point); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - - // Check transcript state - typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); - typename FieldType::value_type prover_next_challenge = transcript.template challenge(); - BOOST_CHECK(verifier_next_challenge == prover_next_challenge); -} + lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + static_assert(zk::is_commitment::value); + static_assert(zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); + + typename fri_type::params_type fri_params( + d - 1, // max_degree + D, + generate_random_step_list(r, 1, test_global_rnd_engine), + 2, //expand_factor + lambda, + true, + 0xFF + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + // Generate polynomials + lpc_scheme_prover.append_to_batch(0, {1u, 13u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}); + lpc_scheme_prover.append_to_batch(2, {0u, 1u}); + lpc_scheme_prover.append_to_batch(2, {0u, 1u, 2u}); + lpc_scheme_prover.append_to_batch(2, {0u, 1u, 3u}); + lpc_scheme_prover.append_to_batch(3, {0u}); + + // Commit + std::map commitments; + commitments[0] = lpc_scheme_prover.commit(0); + commitments[2] = lpc_scheme_prover.commit(2); + commitments[3] = lpc_scheme_prover.commit(3); + + // Generate evaluation points. Generate points outside of the basic domain + // Generate evaluation points. Choose poin1ts outside the domain + auto point = algebra::fields::arithmetic_params::multiplicative_generator; + lpc_scheme_prover.append_eval_point(0, point); + lpc_scheme_prover.append_eval_point(2, point); + lpc_scheme_prover.append_eval_point(3, point); + + std::array x_data{}; + + // Prove + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + auto proof = lpc_scheme_prover.proof_eval(transcript); + + // Verify + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); + lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); + + lpc_scheme_verifier.append_eval_point(0, point); + lpc_scheme_verifier.append_eval_point(2, point); + lpc_scheme_verifier.append_eval_point(3, point); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + + // Check transcript state + typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); + typename FieldType::value_type prover_next_challenge = transcript.template challenge(); + BOOST_CHECK(verifier_next_challenge == prover_next_challenge); + } -BOOST_FIXTURE_TEST_CASE(lpc_different_hash_types_test, test_fixture) { - // Setup types. - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - typedef hashes::keccak_1600<256> merkle_hash_type; - typedef hashes::sha2<256> transcript_hash_type; - typedef typename containers::merkle_tree merkle_tree_type; + BOOST_FIXTURE_TEST_CASE(lpc_different_hash_types_test, test_fixture) { + // Setup types. + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; + typedef hashes::keccak_1600<256> merkle_hash_type; + typedef hashes::sha2<256> transcript_hash_type; + typedef typename containers::merkle_tree merkle_tree_type; - constexpr static const std::size_t lambda = 10; - constexpr static const std::size_t k = 1; + constexpr static const std::size_t lambda = 10; + constexpr static const std::size_t k = 1; - constexpr static const std::size_t d = 16; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + constexpr static const std::size_t d = 16; + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - constexpr static const std::size_t m = 2; + constexpr static const std::size_t m = 2; - typedef zk::commitments::fri fri_type; + typedef zk::commitments::fri fri_type; - typedef zk::commitments:: + typedef zk::commitments:: list_polynomial_commitment_params - lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - static_assert(zk::is_commitment::value); - static_assert(zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - static_assert(!zk::is_commitment::value); - - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor - lambda - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - // Generate polynomials - lpc_scheme_prover.append_to_batch(0, {1u, 13u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}); - lpc_scheme_prover.append_to_batch(1, {0u, 1u}); - lpc_scheme_prover.append_to_batch(1, {0u, 1u, 2u}); - lpc_scheme_prover.append_to_batch(1, {0u, 1u, 3u}); - lpc_scheme_prover.append_to_batch(2, {0u}); - lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(4, test_global_alg_rnd_engine)); - lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(9, test_global_alg_rnd_engine)); - - // Commit - std::map commitments; - commitments[0] = lpc_scheme_prover.commit(0); - commitments[1] = lpc_scheme_prover.commit(1); - commitments[2] = lpc_scheme_prover.commit(2); - commitments[3] = lpc_scheme_prover.commit(3); - - // Generate evaluation points. Choose poin1ts outside the domain - auto point = algebra::fields::arithmetic_params::multiplicative_generator; - lpc_scheme_prover.append_eval_point(0, point); - lpc_scheme_prover.append_eval_point(1, point); - lpc_scheme_prover.append_eval_point(2, point); - lpc_scheme_prover.append_eval_point(3, point); - - std::array x_data {}; - - // Prove - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - auto proof = lpc_scheme_prover.proof_eval(transcript); - - // Verify - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); - lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); - lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); - - lpc_scheme_verifier.append_eval_point(0, point); - lpc_scheme_verifier.append_eval_point(1, point); - lpc_scheme_verifier.append_eval_point(2, point); - lpc_scheme_verifier.append_eval_point(3, point); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - - // Check transcript state - typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); - typename FieldType::value_type prover_next_challenge = transcript.template challenge(); - BOOST_CHECK(verifier_next_challenge == prover_next_challenge); -} + lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + static_assert(zk::is_commitment::value); + static_assert(zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + static_assert(!zk::is_commitment::value); + + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); + + typename fri_type::params_type fri_params( + d - 1, // max_degree + D, + generate_random_step_list(r, 1, test_global_rnd_engine), + 2, //expand_factor + lambda + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + // Generate polynomials + lpc_scheme_prover.append_to_batch(0, {1u, 13u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}); + lpc_scheme_prover.append_to_batch(1, {0u, 1u}); + lpc_scheme_prover.append_to_batch(1, {0u, 1u, 2u}); + lpc_scheme_prover.append_to_batch(1, {0u, 1u, 3u}); + lpc_scheme_prover.append_to_batch(2, {0u}); + lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(4, test_global_alg_rnd_engine)); + lpc_scheme_prover.append_to_batch(3, generate_random_polynomial(9, test_global_alg_rnd_engine)); + + // Commit + std::map commitments; + commitments[0] = lpc_scheme_prover.commit(0); + commitments[1] = lpc_scheme_prover.commit(1); + commitments[2] = lpc_scheme_prover.commit(2); + commitments[3] = lpc_scheme_prover.commit(3); + + // Generate evaluation points. Choose poin1ts outside the domain + auto point = algebra::fields::arithmetic_params::multiplicative_generator; + lpc_scheme_prover.append_eval_point(0, point); + lpc_scheme_prover.append_eval_point(1, point); + lpc_scheme_prover.append_eval_point(2, point); + lpc_scheme_prover.append_eval_point(3, point); + + std::array x_data{}; + + // Prove + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + auto proof = lpc_scheme_prover.proof_eval(transcript); + + // Verify + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + lpc_scheme_verifier.set_batch_size(1, proof.z.get_batch_size(1)); + lpc_scheme_verifier.set_batch_size(2, proof.z.get_batch_size(2)); + lpc_scheme_verifier.set_batch_size(3, proof.z.get_batch_size(3)); + + lpc_scheme_verifier.append_eval_point(0, point); + lpc_scheme_verifier.append_eval_point(1, point); + lpc_scheme_verifier.append_eval_point(2, point); + lpc_scheme_verifier.append_eval_point(3, point); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + + // Check transcript state + typename FieldType::value_type verifier_next_challenge = transcript_verifier.template challenge(); + typename FieldType::value_type prover_next_challenge = transcript.template challenge(); + BOOST_CHECK(verifier_next_challenge == prover_next_challenge); + } + BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/parallel-zk/test/commitment/lpc_performance.cpp b/libs/parallel-zk/test/commitment/lpc_performance.cpp index cb524025..fbee5d86 100644 --- a/libs/parallel-zk/test/commitment/lpc_performance.cpp +++ b/libs/parallel-zk/test/commitment/lpc_performance.cpp @@ -59,22 +59,26 @@ namespace boost { namespace tt_detail { template<> struct print_log_value>>>> { - void operator()(std::ostream &, - const nil::crypto3::math::polynomial>>> &) { - } - }; - } // namespace tt_detail - } // namespace test_tools + algebra::fields::detail::element_fp < algebra::fields::params < algebra::fields::bls12_base_field < + 381>>>>> { + void operator()(std::ostream &, + const nil::crypto3::math::polynomial> + + >> &) { + } + }; +} // namespace tt_detail +} // namespace test_tools } // namespace boost template std::vector> generate(NumberType degree) { typedef boost::random::independent_bits_engine - random_polynomial_generator_type; + FieldType::modulus_bits, + typename FieldType::value_type::integral_type> + random_polynomial_generator_type; std::vector> res; @@ -121,266 +125,276 @@ inline std::vector generate_random_step_list(const std::size_t r, c BOOST_AUTO_TEST_SUITE(lpc_performance_test_suite) -BOOST_AUTO_TEST_CASE(step_list_1) { - PROFILE_PLACEHOLDER_SCOPE("LPC step list 1 test"); - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - - typedef hashes::keccak_1600<256> merkle_hash_type; - typedef hashes::keccak_1600<256> transcript_hash_type; - - constexpr static const std::size_t lambda = 40; - constexpr static const std::size_t k = 1; - - // It's important parameter - constexpr static const std::size_t d = 1 << 24; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - - constexpr static const std::size_t m = 2; - - typedef zk::commitments::fri fri_type; - typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - typename fri_type::params_type fri_params( - d - 1, - D, - generate_random_step_list(r, 1), - r, - lambda - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - typedef boost::random::independent_bits_engine< - boost::random::mt19937, FieldType::modulus_bits, - typename FieldType::value_type::integral_type - > random_polynomial_generator_type; - - std::vector> res; - - // Generate polys - boost::random::random_device rd; // Will be used to obtain a seed for the random number engine - boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() - boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), std::numeric_limits::max()); - - random_polynomial_generator_type polynomial_element_gen; - std::size_t height = 1; - res.reserve(height); - - for (int i = 0; i < height; i++) { - math::polynomial poly(fri_params.max_degree + 1); - for (int j = 0; j < fri_params.max_degree + 1; j++) { - poly[i] = typename FieldType::value_type(polynomial_element_gen()); - } + BOOST_AUTO_TEST_CASE(step_list_1) { + PROFILE_PLACEHOLDER_SCOPE("LPC step list 1 test"); + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; + + typedef hashes::keccak_1600<256> merkle_hash_type; + typedef hashes::keccak_1600<256> transcript_hash_type; + + constexpr static const std::size_t lambda = 40; + constexpr static const std::size_t k = 1; + + // It's important parameter + constexpr static const std::size_t d = 1 << 24; + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + + constexpr static const std::size_t m = 2; + + typedef zk::commitments::fri fri_type; + typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); + + typename fri_type::params_type fri_params( + d - 1, + D, + generate_random_step_list(r, 1), + r, + lambda + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + typedef boost::random::independent_bits_engine< + boost::random::mt19937, FieldType::modulus_bits, + typename FieldType::value_type::integral_type + > random_polynomial_generator_type; + + std::vector> res; + + // Generate polys + boost::random::random_device rd; // Will be used to obtain a seed for the random number engine + boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() + boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), + std::numeric_limits::max()); + + random_polynomial_generator_type polynomial_element_gen; + std::size_t height = 1; + res.reserve(height); + + for (int i = 0; i < height; i++) { + math::polynomial poly(fri_params.max_degree + 1); + for (int j = 0; j < fri_params.max_degree + 1; j++) { + poly[i] = typename FieldType::value_type(polynomial_element_gen()); + } - std::map commitments; - { - PROFILE_PLACEHOLDER_SCOPE("polynomial commitment"); - lpc_scheme_prover.append_to_batch(0,poly); - commitments[0] = lpc_scheme_prover.commit(0); - } + std::map commitments; + { + PROFILE_PLACEHOLDER_SCOPE("polynomial commitment"); + lpc_scheme_prover.append_to_batch(0, poly); + commitments[0] = lpc_scheme_prover.commit(0); + } - typename lpc_scheme_type::proof_type proof; - std::array x_data {}; - { - PROFILE_PLACEHOLDER_SCOPE("proof generation"); - lpc_scheme_prover.append_eval_point(0, algebra::fields::arithmetic_params::multiplicative_generator); - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - proof = lpc_scheme_prover.proof_eval(transcript); - } + typename lpc_scheme_type::proof_type proof; + std::array x_data{}; + { + PROFILE_PLACEHOLDER_SCOPE("proof generation"); + lpc_scheme_prover.append_eval_point(0, + algebra::fields::arithmetic_params::multiplicative_generator); + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + proof = lpc_scheme_prover.proof_eval(transcript); + } - { - PROFILE_PLACEHOLDER_SCOPE("verification"); - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + { + PROFILE_PLACEHOLDER_SCOPE("verification"); + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.append_eval_point(0, algebra::fields::arithmetic_params::multiplicative_generator); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + lpc_scheme_verifier.append_eval_point(0, + algebra::fields::arithmetic_params::multiplicative_generator); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + } } } -} - -BOOST_AUTO_TEST_CASE(step_list_3) { - PROFILE_PLACEHOLDER_SCOPE("LPC step list 3 test"); - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - - typedef hashes::keccak_1600<256> merkle_hash_type; - typedef hashes::keccak_1600<256> transcript_hash_type; - - constexpr static const std::size_t lambda = 40; - constexpr static const std::size_t k = 1; - - // It's important parameter - constexpr static const std::size_t d = 1 << 24; - - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - constexpr static const std::size_t m = 2; - - typedef zk::commitments::fri fri_type; - typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - typename fri_type::params_type fri_params( - d - 1, - D, - generate_random_step_list(r, 3), - r, - lambda - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - typedef boost::random::independent_bits_engine< - boost::random::mt19937, FieldType::modulus_bits, - typename FieldType::value_type::integral_type - > random_polynomial_generator_type; - - std::vector> res; - - // Generate polys - boost::random::random_device rd; // Will be used to obtain a seed for the random number engine - boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() - boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), std::numeric_limits::max()); - - random_polynomial_generator_type polynomial_element_gen; - std::size_t height = 1; - res.reserve(height); - for (int i = 0; i < height; i++) { - math::polynomial poly(fri_params.max_degree + 1); - for (int j = 0; j < fri_params.max_degree + 1; j++) { - poly[i] = typename FieldType::value_type(polynomial_element_gen()); - } + BOOST_AUTO_TEST_CASE(step_list_3) { + PROFILE_PLACEHOLDER_SCOPE("LPC step list 3 test"); + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; + + typedef hashes::keccak_1600<256> merkle_hash_type; + typedef hashes::keccak_1600<256> transcript_hash_type; + + constexpr static const std::size_t lambda = 40; + constexpr static const std::size_t k = 1; + + // It's important parameter + constexpr static const std::size_t d = 1 << 24; + + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + constexpr static const std::size_t m = 2; + + typedef zk::commitments::fri fri_type; + typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); + + typename fri_type::params_type fri_params( + d - 1, + D, + generate_random_step_list(r, 3), + r, + lambda + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + typedef boost::random::independent_bits_engine< + boost::random::mt19937, FieldType::modulus_bits, + typename FieldType::value_type::integral_type + > random_polynomial_generator_type; + + std::vector> res; + + // Generate polys + boost::random::random_device rd; // Will be used to obtain a seed for the random number engine + boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() + boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), + std::numeric_limits::max()); + + random_polynomial_generator_type polynomial_element_gen; + std::size_t height = 1; + res.reserve(height); + + for (int i = 0; i < height; i++) { + math::polynomial poly(fri_params.max_degree + 1); + for (int j = 0; j < fri_params.max_degree + 1; j++) { + poly[i] = typename FieldType::value_type(polynomial_element_gen()); + } - std::map commitments; - { - PROFILE_PLACEHOLDER_SCOPE("polynomial commitment"); - lpc_scheme_prover.append_to_batch(0,poly); - commitments[0] = lpc_scheme_prover.commit(0); - } + std::map commitments; + { + PROFILE_PLACEHOLDER_SCOPE("polynomial commitment"); + lpc_scheme_prover.append_to_batch(0, poly); + commitments[0] = lpc_scheme_prover.commit(0); + } - typename lpc_scheme_type::proof_type proof; - std::array x_data {}; - { - PROFILE_PLACEHOLDER_SCOPE("proof generation"); - lpc_scheme_prover.append_eval_point(0, algebra::fields::arithmetic_params::multiplicative_generator); - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - proof = lpc_scheme_prover.proof_eval(transcript); - } + typename lpc_scheme_type::proof_type proof; + std::array x_data{}; + { + PROFILE_PLACEHOLDER_SCOPE("proof generation"); + lpc_scheme_prover.append_eval_point(0, + algebra::fields::arithmetic_params::multiplicative_generator); + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + proof = lpc_scheme_prover.proof_eval(transcript); + } - { - PROFILE_PLACEHOLDER_SCOPE("verification"); - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + { + PROFILE_PLACEHOLDER_SCOPE("verification"); + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.append_eval_point(0, algebra::fields::arithmetic_params::multiplicative_generator); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + lpc_scheme_verifier.append_eval_point(0, + algebra::fields::arithmetic_params::multiplicative_generator); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + } } } -} - -BOOST_AUTO_TEST_CASE(step_list_5) { - PROFILE_PLACEHOLDER_SCOPE("LPC step list 5 test"); - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - - typedef hashes::keccak_1600<256> merkle_hash_type; - typedef hashes::keccak_1600<256> transcript_hash_type; - - constexpr static const std::size_t lambda = 40; - constexpr static const std::size_t k = 1; - - // It's important parameter - constexpr static const std::size_t d = 1 << 24; - constexpr static const std::size_t m = 2; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - - typedef zk::commitments::fri fri_type; - typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - typename fri_type::params_type fri_params( - d - 1, - D, - generate_random_step_list(r, 5), - r, - lambda - ); - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - typedef boost::random::independent_bits_engine< - boost::random::mt19937, FieldType::modulus_bits, - typename FieldType::value_type::integral_type - > random_polynomial_generator_type; - - std::vector> res; - - // Generate polys - boost::random::random_device rd; // Will be used to obtain a seed for the random number engine - boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() - boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), std::numeric_limits::max()); - - random_polynomial_generator_type polynomial_element_gen; - std::size_t height = 1; - res.reserve(height); - - for (int i = 0; i < height; i++) { - math::polynomial poly(fri_params.max_degree + 1); - for (int j = 0; j < fri_params.max_degree + 1; j++) { - poly[i] = typename FieldType::value_type(polynomial_element_gen()); - } + BOOST_AUTO_TEST_CASE(step_list_5) { + PROFILE_PLACEHOLDER_SCOPE("LPC step list 5 test"); + typedef algebra::curves::bls12<381> curve_type; + typedef typename curve_type::scalar_field_type FieldType; + + typedef hashes::keccak_1600<256> merkle_hash_type; + typedef hashes::keccak_1600<256> transcript_hash_type; + + constexpr static const std::size_t lambda = 40; + constexpr static const std::size_t k = 1; + + // It's important parameter + constexpr static const std::size_t d = 1 << 24; + constexpr static const std::size_t m = 2; + constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; + + typedef zk::commitments::fri fri_type; + typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; + typedef zk::commitments::list_polynomial_commitment lpc_type; + + constexpr static const std::size_t d_extended = d; + std::size_t extended_log = boost::static_log2::value; + std::vector>> D = + math::calculate_domain_set(extended_log, r); + + typename fri_type::params_type fri_params( + d - 1, + D, + generate_random_step_list(r, 5), + r, + lambda + ); + + using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; + lpc_scheme_type lpc_scheme_prover(fri_params); + lpc_scheme_type lpc_scheme_verifier(fri_params); + + typedef boost::random::independent_bits_engine< + boost::random::mt19937, FieldType::modulus_bits, + typename FieldType::value_type::integral_type + > random_polynomial_generator_type; + + std::vector> res; + + // Generate polys + boost::random::random_device rd; // Will be used to obtain a seed for the random number engine + boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() + boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), + std::numeric_limits::max()); + + random_polynomial_generator_type polynomial_element_gen; + std::size_t height = 1; + res.reserve(height); + + for (int i = 0; i < height; i++) { + math::polynomial poly(fri_params.max_degree + 1); + for (int j = 0; j < fri_params.max_degree + 1; j++) { + poly[i] = typename FieldType::value_type(polynomial_element_gen()); + } - std::map commitments; - { - PROFILE_PLACEHOLDER_SCOPE("polynomial commitment"); - lpc_scheme_prover.append_to_batch(0,poly); - commitments[0] = lpc_scheme_prover.commit(0); - } + std::map commitments; + { + PROFILE_PLACEHOLDER_SCOPE("polynomial commitment"); + lpc_scheme_prover.append_to_batch(0, poly); + commitments[0] = lpc_scheme_prover.commit(0); + } - typename lpc_scheme_type::proof_type proof; - std::array x_data {}; - { - PROFILE_PLACEHOLDER_SCOPE("proof generation"); - lpc_scheme_prover.append_eval_point(0, algebra::fields::arithmetic_params::multiplicative_generator); - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - proof = lpc_scheme_prover.proof_eval(transcript); - } + typename lpc_scheme_type::proof_type proof; + std::array x_data{}; + { + PROFILE_PLACEHOLDER_SCOPE("proof generation"); + lpc_scheme_prover.append_eval_point(0, + algebra::fields::arithmetic_params::multiplicative_generator); + zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); + proof = lpc_scheme_prover.proof_eval(transcript); + } - { - PROFILE_PLACEHOLDER_SCOPE("verification"); - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); + { + PROFILE_PLACEHOLDER_SCOPE("verification"); + zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); + lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - lpc_scheme_verifier.append_eval_point(0, algebra::fields::arithmetic_params::multiplicative_generator); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + lpc_scheme_verifier.append_eval_point(0, + algebra::fields::arithmetic_params::multiplicative_generator); + BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); + } } } -} + BOOST_AUTO_TEST_SUITE_END() \ No newline at end of file diff --git a/libs/parallel-zk/test/commitment/powers_of_tau.cpp b/libs/parallel-zk/test/commitment/powers_of_tau.cpp index aba83f99..ec820748 100644 --- a/libs/parallel-zk/test/commitment/powers_of_tau.cpp +++ b/libs/parallel-zk/test/commitment/powers_of_tau.cpp @@ -15,167 +15,175 @@ using namespace nil::crypto3::zk::commitments; BOOST_AUTO_TEST_SUITE(powers_of_tau_test_suite) -BOOST_AUTO_TEST_CASE(powers_of_tau_result_basic_test) { - using curve_type = curves::bls12<381>; - using g1_value_type = curve_type::g1_type<>::value_type; - using g2_value_type = curve_type::g2_type<>::value_type; - using scalar_field_type = curve_type::scalar_field_type; - - constexpr const unsigned tau_powers = 1 << 5; - - using scheme_type = powers_of_tau; - - auto acc1 = scheme_type::accumulator_type(); - auto acc2 = acc1; - auto sk = scheme_type::generate_private_key(); - auto pk = scheme_type::proof_eval(sk, acc1); - acc2.transform(sk); - - BOOST_CHECK(scheme_type::verify_eval(pk, acc1, acc2)); - auto result = scheme_type::result_type::from_accumulator(acc2, tau_powers); - - auto g1_generator = g1_value_type::one(); - auto g2_generator = g2_value_type::one(); - - BOOST_CHECK(result.alpha_g1 == g1_generator * sk.alpha); - BOOST_CHECK(result.beta_g1 == g1_generator * sk.beta); - BOOST_CHECK(result.beta_g2 == g2_generator * sk.beta); - - BOOST_CHECK_EQUAL(result.coeffs_g1.size(), tau_powers); - BOOST_CHECK_EQUAL(result.coeffs_g2.size(), tau_powers); - BOOST_CHECK_EQUAL(result.alpha_coeffs_g1.size(), tau_powers); - BOOST_CHECK_EQUAL(result.beta_coeffs_g1.size(), tau_powers); - - auto domain = nil::crypto3::math::make_evaluation_domain(tau_powers); - auto u = domain->evaluate_all_lagrange_polynomials(sk.tau); - - for (std::size_t i = 0; i < domain->m; ++i) { - BOOST_CHECK_MESSAGE(result.coeffs_g1[i] == g1_generator * u[i], std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result.coeffs_g2[i] == g2_generator * u[i], std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result.alpha_coeffs_g1[i] == g1_generator * (sk.alpha * u[i]), - std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result.beta_coeffs_g1[i] == g1_generator * (sk.beta * u[i]), - std::string("i=") + std::to_string(i)); + BOOST_AUTO_TEST_CASE(powers_of_tau_result_basic_test) { + using curve_type = curves::bls12<381>; + using g1_value_type = curve_type::g1_type<>::value_type; + using g2_value_type = curve_type::g2_type<>::value_type; + using scalar_field_type = curve_type::scalar_field_type; + + constexpr const unsigned tau_powers = 1 << 5; + + using scheme_type = powers_of_tau; + + auto acc1 = scheme_type::accumulator_type(); + auto acc2 = acc1; + auto sk = scheme_type::generate_private_key(); + auto pk = scheme_type::proof_eval(sk, acc1); + acc2.transform(sk); + + BOOST_CHECK(scheme_type::verify_eval(pk, acc1, acc2)); + auto result = scheme_type::result_type::from_accumulator(acc2, tau_powers); + + auto g1_generator = g1_value_type::one(); + auto g2_generator = g2_value_type::one(); + + BOOST_CHECK(result.alpha_g1 == g1_generator * sk.alpha); + BOOST_CHECK(result.beta_g1 == g1_generator * sk.beta); + BOOST_CHECK(result.beta_g2 == g2_generator * sk.beta); + + BOOST_CHECK_EQUAL(result.coeffs_g1.size(), tau_powers); + BOOST_CHECK_EQUAL(result.coeffs_g2.size(), tau_powers); + BOOST_CHECK_EQUAL(result.alpha_coeffs_g1.size(), tau_powers); + BOOST_CHECK_EQUAL(result.beta_coeffs_g1.size(), tau_powers); + + auto domain = nil::crypto3::math::make_evaluation_domain(tau_powers); + auto u = domain->evaluate_all_lagrange_polynomials(sk.tau); + + for (std::size_t i = 0; i < domain->m; ++i) { + BOOST_CHECK_MESSAGE(result.coeffs_g1[i] == g1_generator * u[i], std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result.coeffs_g2[i] == g2_generator * u[i], std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result.alpha_coeffs_g1[i] == g1_generator * (sk.alpha * u[i]), + std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result.beta_coeffs_g1[i] == g1_generator * (sk.beta * u[i]), + std::string("i=") + std::to_string(i)); + } + + BOOST_CHECK_EQUAL(result.h.size(), domain->m - 1); + auto Zt = domain->compute_vanishing_polynomial(sk.tau); + for (std::size_t i = 0; i < domain->m - 1; ++i) { + BOOST_CHECK_MESSAGE(result.h[i] == g1_generator * (sk.tau.pow(i) * Zt), + std::string("i=") + std::to_string(i)); + } + + auto result_16 = scheme_type::result_type::from_accumulator(acc2, 16); + auto domain_16 = nil::crypto3::math::make_evaluation_domain(16); + auto u_16 = domain_16->evaluate_all_lagrange_polynomials(sk.tau); + + BOOST_CHECK_EQUAL(u_16.size(), 16); + + BOOST_CHECK(result_16.alpha_g1 == g1_generator * sk.alpha); + BOOST_CHECK(result_16.beta_g1 == g1_generator * sk.beta); + BOOST_CHECK(result_16.beta_g2 == g2_generator * sk.beta); + + BOOST_CHECK_EQUAL(result_16.coeffs_g1.size(), 16); + BOOST_CHECK_EQUAL(result_16.coeffs_g2.size(), 16); + BOOST_CHECK_EQUAL(result_16.alpha_coeffs_g1.size(), 16); + BOOST_CHECK_EQUAL(result_16.beta_coeffs_g1.size(), 16); + + for (std::size_t i = 0; i < domain_16->m; ++i) { + BOOST_CHECK_MESSAGE(result_16.coeffs_g1[i] == g1_generator * u_16[i], + std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result_16.coeffs_g2[i] == g2_generator * u_16[i], + std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result_16.alpha_coeffs_g1[i] == g1_generator * (sk.alpha * u_16[i]), + std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result_16.beta_coeffs_g1[i] == g1_generator * (sk.beta * u_16[i]), + std::string("i=") + std::to_string(i)); + } + + BOOST_CHECK_EQUAL(result_16.h.size(), domain_16->m - 1); + auto Zt_16 = domain_16->compute_vanishing_polynomial(sk.tau); + for (std::size_t i = 0; i < domain_16->m - 1; ++i) { + BOOST_CHECK_MESSAGE(result_16.h[i] == g1_generator * (sk.tau.pow(i) * Zt_16), + std::string("i=") + std::to_string(i)); + } + + auto result_24 = scheme_type::result_type::from_accumulator(acc2, 24); + auto domain_24 = nil::crypto3::math::make_evaluation_domain(24); + auto u_24 = domain_24->evaluate_all_lagrange_polynomials(sk.tau); + + BOOST_CHECK_EQUAL(u_24.size(), 24); + + BOOST_CHECK(result_24.alpha_g1 == g1_generator * sk.alpha); + BOOST_CHECK(result_24.beta_g1 == g1_generator * sk.beta); + BOOST_CHECK(result_24.beta_g2 == g2_generator * sk.beta); + + BOOST_CHECK_EQUAL(result_24.coeffs_g1.size(), 24); + BOOST_CHECK_EQUAL(result_24.coeffs_g2.size(), 24); + BOOST_CHECK_EQUAL(result_24.alpha_coeffs_g1.size(), 24); + BOOST_CHECK_EQUAL(result_24.beta_coeffs_g1.size(), 24); + + for (std::size_t i = 0; i < domain_24->m; ++i) { + BOOST_CHECK_MESSAGE(result_24.coeffs_g1[i] == g1_generator * u_24[i], + std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result_24.coeffs_g2[i] == g2_generator * u_24[i], + std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result_24.alpha_coeffs_g1[i] == g1_generator * (sk.alpha * u_24[i]), + std::string("i=") + std::to_string(i)); + BOOST_CHECK_MESSAGE(result_24.beta_coeffs_g1[i] == g1_generator * (sk.beta * u_24[i]), + std::string("i=") + std::to_string(i)); + } + + BOOST_CHECK_EQUAL(result_24.h.size(), domain_24->m - 1); + auto Zt_24 = domain_24->compute_vanishing_polynomial(sk.tau); + for (std::size_t i = 0; i < domain_24->m - 1; ++i) { + BOOST_CHECK_MESSAGE(result_24.h[i] == g1_generator * (sk.tau.pow(i) * Zt_24), + std::string("i=") + std::to_string(i)); + } } - BOOST_CHECK_EQUAL(result.h.size(), domain->m - 1); - auto Zt = domain->compute_vanishing_polynomial(sk.tau); - for (std::size_t i = 0; i < domain->m - 1; ++i) { - BOOST_CHECK_MESSAGE(result.h[i] == g1_generator * (sk.tau.pow(i) * Zt), std::string("i=") + std::to_string(i)); + BOOST_AUTO_TEST_CASE(powers_of_tau_basic_test) { + using curve_type = curves::bls12<381>; + using scheme_type = powers_of_tau; + auto acc1 = scheme_type::accumulator_type(); + auto acc2 = acc1; + auto sk = scheme_type::generate_private_key(); + auto pubkey = scheme_type::proof_eval(sk, acc2); + acc2.transform(sk); + + BOOST_CHECK(acc1.tau_powers_g1[0] == acc2.tau_powers_g1[0]); + BOOST_CHECK(scheme_type::verify_eval(pubkey, acc1, acc2)); + auto acc3 = acc2; + std::vector beacon{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}; + auto rng = scheme_type::rng_from_beacon(beacon); + auto beacon_sk = scheme_type::generate_private_key(rng); + auto beacon_pubkey = scheme_type::proof_eval(beacon_sk, acc2, rng); + acc3.transform(beacon_sk); + BOOST_CHECK(scheme_type::verify_eval(beacon_pubkey, acc2, acc3)); + + // Check reproducibility + auto rng_reproduced = scheme_type::rng_from_beacon(beacon); + auto beacon_sk_reproduced = scheme_type::generate_private_key(rng_reproduced); + BOOST_CHECK(beacon_sk.tau == beacon_sk_reproduced.tau); + BOOST_CHECK(beacon_sk.alpha == beacon_sk_reproduced.alpha); + BOOST_CHECK(beacon_sk.beta == beacon_sk_reproduced.beta); + auto beacon_pubkey_reproduced = scheme_type::proof_eval(beacon_sk_reproduced, acc2, rng_reproduced); + BOOST_CHECK(scheme_type::verify_eval(beacon_pubkey_reproduced, acc2, acc3)); + + auto result = scheme_type::result_type::from_accumulator(acc3, 32); } - auto result_16 = scheme_type::result_type::from_accumulator(acc2, 16); - auto domain_16 = nil::crypto3::math::make_evaluation_domain(16); - auto u_16 = domain_16->evaluate_all_lagrange_polynomials(sk.tau); - - BOOST_CHECK_EQUAL(u_16.size(), 16); - - BOOST_CHECK(result_16.alpha_g1 == g1_generator * sk.alpha); - BOOST_CHECK(result_16.beta_g1 == g1_generator * sk.beta); - BOOST_CHECK(result_16.beta_g2 == g2_generator * sk.beta); - - BOOST_CHECK_EQUAL(result_16.coeffs_g1.size(), 16); - BOOST_CHECK_EQUAL(result_16.coeffs_g2.size(), 16); - BOOST_CHECK_EQUAL(result_16.alpha_coeffs_g1.size(), 16); - BOOST_CHECK_EQUAL(result_16.beta_coeffs_g1.size(), 16); - - for (std::size_t i = 0; i < domain_16->m; ++i) { - BOOST_CHECK_MESSAGE(result_16.coeffs_g1[i] == g1_generator * u_16[i], std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result_16.coeffs_g2[i] == g2_generator * u_16[i], std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result_16.alpha_coeffs_g1[i] == g1_generator * (sk.alpha * u_16[i]), - std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result_16.beta_coeffs_g1[i] == g1_generator * (sk.beta * u_16[i]), - std::string("i=") + std::to_string(i)); - } - - BOOST_CHECK_EQUAL(result_16.h.size(), domain_16->m - 1); - auto Zt_16 = domain_16->compute_vanishing_polynomial(sk.tau); - for (std::size_t i = 0; i < domain_16->m - 1; ++i) { - BOOST_CHECK_MESSAGE(result_16.h[i] == g1_generator * (sk.tau.pow(i) * Zt_16), - std::string("i=") + std::to_string(i)); - } - - auto result_24 = scheme_type::result_type::from_accumulator(acc2, 24); - auto domain_24 = nil::crypto3::math::make_evaluation_domain(24); - auto u_24 = domain_24->evaluate_all_lagrange_polynomials(sk.tau); - - BOOST_CHECK_EQUAL(u_24.size(), 24); - - BOOST_CHECK(result_24.alpha_g1 == g1_generator * sk.alpha); - BOOST_CHECK(result_24.beta_g1 == g1_generator * sk.beta); - BOOST_CHECK(result_24.beta_g2 == g2_generator * sk.beta); - - BOOST_CHECK_EQUAL(result_24.coeffs_g1.size(), 24); - BOOST_CHECK_EQUAL(result_24.coeffs_g2.size(), 24); - BOOST_CHECK_EQUAL(result_24.alpha_coeffs_g1.size(), 24); - BOOST_CHECK_EQUAL(result_24.beta_coeffs_g1.size(), 24); - - for (std::size_t i = 0; i < domain_24->m; ++i) { - BOOST_CHECK_MESSAGE(result_24.coeffs_g1[i] == g1_generator * u_24[i], std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result_24.coeffs_g2[i] == g2_generator * u_24[i], std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result_24.alpha_coeffs_g1[i] == g1_generator * (sk.alpha * u_24[i]), - std::string("i=") + std::to_string(i)); - BOOST_CHECK_MESSAGE(result_24.beta_coeffs_g1[i] == g1_generator * (sk.beta * u_24[i]), - std::string("i=") + std::to_string(i)); - } - - BOOST_CHECK_EQUAL(result_24.h.size(), domain_24->m - 1); - auto Zt_24 = domain_24->compute_vanishing_polynomial(sk.tau); - for (std::size_t i = 0; i < domain_24->m - 1; ++i) { - BOOST_CHECK_MESSAGE(result_24.h[i] == g1_generator * (sk.tau.pow(i) * Zt_24), - std::string("i=") + std::to_string(i)); + BOOST_AUTO_TEST_CASE(keypair_generation_basic_test) { + using curve_type = curves::bls12<381>; + using scheme_type = powers_of_tau; + auto sk = scheme_type::generate_private_key(); + auto acc = scheme_type::accumulator_type(); + + std::vector transcript = scheme_type::compute_transcript(acc); + + auto pubkey = scheme_type::proof_eval(sk, acc); + auto tau_gs2 = scheme_type::proof_of_knowledge_scheme_type::compute_g2_s(pubkey.tau_pok.g1_s, + pubkey.tau_pok.g1_s_x, + transcript, 0); + BOOST_CHECK(scheme_type::proof_of_knowledge_scheme_type::verify_eval(pubkey.tau_pok, tau_gs2)); + auto alpha_gs2 = scheme_type::proof_of_knowledge_scheme_type::compute_g2_s(pubkey.alpha_pok.g1_s, + pubkey.alpha_pok.g1_s_x, transcript, + 1); + BOOST_CHECK(scheme_type::proof_of_knowledge_scheme_type::verify_eval(pubkey.alpha_pok, alpha_gs2)); + auto beta_gs2 = scheme_type::proof_of_knowledge_scheme_type::compute_g2_s(pubkey.beta_pok.g1_s, + pubkey.beta_pok.g1_s_x, transcript, + 2); + BOOST_CHECK(scheme_type::proof_of_knowledge_scheme_type::verify_eval(pubkey.beta_pok, beta_gs2)); } -} - -BOOST_AUTO_TEST_CASE(powers_of_tau_basic_test) { - using curve_type = curves::bls12<381>; - using scheme_type = powers_of_tau; - auto acc1 = scheme_type::accumulator_type(); - auto acc2 = acc1; - auto sk = scheme_type::generate_private_key(); - auto pubkey = scheme_type::proof_eval(sk, acc2); - acc2.transform(sk); - - BOOST_CHECK(acc1.tau_powers_g1[0] == acc2.tau_powers_g1[0]); - BOOST_CHECK(scheme_type::verify_eval(pubkey, acc1, acc2)); - auto acc3 = acc2; - std::vector beacon {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}; - auto rng = scheme_type::rng_from_beacon(beacon); - auto beacon_sk = scheme_type::generate_private_key(rng); - auto beacon_pubkey = scheme_type::proof_eval(beacon_sk, acc2, rng); - acc3.transform(beacon_sk); - BOOST_CHECK(scheme_type::verify_eval(beacon_pubkey, acc2, acc3)); - - // Check reproducibility - auto rng_reproduced = scheme_type::rng_from_beacon(beacon); - auto beacon_sk_reproduced = scheme_type::generate_private_key(rng_reproduced); - BOOST_CHECK(beacon_sk.tau == beacon_sk_reproduced.tau); - BOOST_CHECK(beacon_sk.alpha == beacon_sk_reproduced.alpha); - BOOST_CHECK(beacon_sk.beta == beacon_sk_reproduced.beta); - auto beacon_pubkey_reproduced = scheme_type::proof_eval(beacon_sk_reproduced, acc2, rng_reproduced); - BOOST_CHECK(scheme_type::verify_eval(beacon_pubkey_reproduced, acc2, acc3)); - - auto result = scheme_type::result_type::from_accumulator(acc3, 32); -} - -BOOST_AUTO_TEST_CASE(keypair_generation_basic_test) { - using curve_type = curves::bls12<381>; - using scheme_type = powers_of_tau; - auto sk = scheme_type::generate_private_key(); - auto acc = scheme_type::accumulator_type(); - - std::vector transcript = scheme_type::compute_transcript(acc); - - auto pubkey = scheme_type::proof_eval(sk, acc); - auto tau_gs2 = scheme_type::proof_of_knowledge_scheme_type::compute_g2_s(pubkey.tau_pok.g1_s, pubkey.tau_pok.g1_s_x, - transcript, 0); - BOOST_CHECK(scheme_type::proof_of_knowledge_scheme_type::verify_eval(pubkey.tau_pok, tau_gs2)); - auto alpha_gs2 = scheme_type::proof_of_knowledge_scheme_type::compute_g2_s(pubkey.alpha_pok.g1_s, - pubkey.alpha_pok.g1_s_x, transcript, 1); - BOOST_CHECK(scheme_type::proof_of_knowledge_scheme_type::verify_eval(pubkey.alpha_pok, alpha_gs2)); - auto beta_gs2 = scheme_type::proof_of_knowledge_scheme_type::compute_g2_s(pubkey.beta_pok.g1_s, - pubkey.beta_pok.g1_s_x, transcript, 2); - BOOST_CHECK(scheme_type::proof_of_knowledge_scheme_type::verify_eval(pubkey.beta_pok, beta_gs2)); -} BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/parallel-zk/test/commitment/proof_of_knowledge.cpp b/libs/parallel-zk/test/commitment/proof_of_knowledge.cpp index 48050a8a..37088095 100644 --- a/libs/parallel-zk/test/commitment/proof_of_knowledge.cpp +++ b/libs/parallel-zk/test/commitment/proof_of_knowledge.cpp @@ -15,18 +15,18 @@ using namespace nil::crypto3::zk::commitments; BOOST_AUTO_TEST_SUITE(proof_of_knowledge_test_suite) -BOOST_AUTO_TEST_CASE(pok_basic_test) { - using curve_type = curves::bls12<381>; - using scalar_field_type = curve_type::scalar_field_type; - using scheme_type = proof_of_knowledge; - std::vector transcript(64, 1); - scalar_field_type::value_type a = random_element(); - - auto a_pok = scheme_type::proof_eval(a, transcript, 0); - - auto a_gs2 = scheme_type::compute_g2_s(a_pok.g1_s, a_pok.g1_s_x, transcript, 0); - BOOST_CHECK(scheme_type::verify_eval(a_pok, a_gs2)); - BOOST_CHECK(scheme_type::verify_eval(a_pok, transcript, 0)); -} + BOOST_AUTO_TEST_CASE(pok_basic_test) { + using curve_type = curves::bls12<381>; + using scalar_field_type = curve_type::scalar_field_type; + using scheme_type = proof_of_knowledge; + std::vector transcript(64, 1); + scalar_field_type::value_type a = random_element(); + + auto a_pok = scheme_type::proof_eval(a, transcript, 0); + + auto a_gs2 = scheme_type::compute_g2_s(a_pok.g1_s, a_pok.g1_s_x, transcript, 0); + BOOST_CHECK(scheme_type::verify_eval(a_pok, a_gs2)); + BOOST_CHECK(scheme_type::verify_eval(a_pok, transcript, 0)); + } BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/parallel-zk/test/commitment/proof_of_work.cpp b/libs/parallel-zk/test/commitment/proof_of_work.cpp index b9efa0b1..ae7f51fc 100644 --- a/libs/parallel-zk/test/commitment/proof_of_work.cpp +++ b/libs/parallel-zk/test/commitment/proof_of_work.cpp @@ -43,55 +43,55 @@ using namespace nil::crypto3::zk::commitments; BOOST_AUTO_TEST_SUITE(proof_of_knowledge_test_suite) -BOOST_AUTO_TEST_CASE(pow_poseidon_basic_test) { - using curve_type = curves::pallas; - using field_type = curve_type::base_field_type; - using integral_type = typename field_type::integral_type; - using policy = nil::crypto3::hashes::detail::mina_poseidon_policy; - using poseidon = nil::crypto3::hashes::poseidon; - using pow_type = nil::crypto3::zk::commitments::field_proof_of_work; - - const integral_type expected_mask = integral_type(0xFF80000000000000) << (field_type::modulus_bits - 64); - nil::crypto3::zk::transcript::fiat_shamir_heuristic_sequential transcript; - auto old_transcript_1 = transcript, old_transcript_2 = transcript; - - auto result = pow_type::generate(transcript, 9); - BOOST_ASSERT(pow_type::verify(old_transcript_1, result, 9)); - - // manually reimplement verify to ensure that changes in implementation didn't break it - old_transcript_2(result); - auto chal = old_transcript_2.template challenge(); - BOOST_ASSERT((integral_type(chal.data) & expected_mask) == 0); - - using hard_pow_type = nil::crypto3::zk::commitments::field_proof_of_work; - // check that random stuff doesn't pass verify - BOOST_ASSERT(!hard_pow_type::verify(old_transcript_1, result, 9)); -} - -BOOST_AUTO_TEST_CASE(pow_basic_test) { - using keccak = nil::crypto3::hashes::keccak_1600<512>; - const std::uint32_t mask = 0xFFFFF000; - using pow_type = nil::crypto3::zk::commitments::proof_of_work; - - nil::crypto3::zk::transcript::fiat_shamir_heuristic_sequential transcript; - auto old_transcript_1 = transcript, old_transcript_2 = transcript; - - auto result = pow_type::generate(transcript, mask); - BOOST_ASSERT(pow_type::verify(old_transcript_1, result, mask)); - - // manually reimplement verify to ensure that changes in implementation didn't break it - std::array bytes; - bytes[0] = std::uint8_t((result & 0xFF000000) >> 24); - bytes[1] = std::uint8_t((result & 0x00FF0000) >> 16); - bytes[2] = std::uint8_t((result & 0x0000FF00) >> 8); - bytes[3] = std::uint8_t(result & 0x000000FF); - old_transcript_2(bytes); - auto chal = old_transcript_2.template int_challenge(); - BOOST_ASSERT((chal & mask) == 0); - - // check that random stuff doesn't pass verify - using hard_pow_type = nil::crypto3::zk::commitments::proof_of_work; - BOOST_ASSERT(!hard_pow_type::verify(old_transcript_1, result, mask)); -} + BOOST_AUTO_TEST_CASE(pow_poseidon_basic_test) { + using curve_type = curves::pallas; + using field_type = curve_type::base_field_type; + using integral_type = typename field_type::integral_type; + using policy = nil::crypto3::hashes::detail::mina_poseidon_policy; + using poseidon = nil::crypto3::hashes::poseidon; + using pow_type = nil::crypto3::zk::commitments::field_proof_of_work; + + const integral_type expected_mask = integral_type(0xFF80000000000000) << (field_type::modulus_bits - 64); + nil::crypto3::zk::transcript::fiat_shamir_heuristic_sequential transcript; + auto old_transcript_1 = transcript, old_transcript_2 = transcript; + + auto result = pow_type::generate(transcript, 9); + BOOST_ASSERT(pow_type::verify(old_transcript_1, result, 9)); + + // manually reimplement verify to ensure that changes in implementation didn't break it + old_transcript_2(result); + auto chal = old_transcript_2.template challenge(); + BOOST_ASSERT((integral_type(chal.data) & expected_mask) == 0); + + using hard_pow_type = nil::crypto3::zk::commitments::field_proof_of_work; + // check that random stuff doesn't pass verify + BOOST_ASSERT(!hard_pow_type::verify(old_transcript_1, result, 9)); + } + + BOOST_AUTO_TEST_CASE(pow_basic_test) { + using keccak = nil::crypto3::hashes::keccak_1600<512>; + const std::uint32_t mask = 0xFFFFF000; + using pow_type = nil::crypto3::zk::commitments::proof_of_work; + + nil::crypto3::zk::transcript::fiat_shamir_heuristic_sequential transcript; + auto old_transcript_1 = transcript, old_transcript_2 = transcript; + + auto result = pow_type::generate(transcript, mask); + BOOST_ASSERT(pow_type::verify(old_transcript_1, result, mask)); + + // manually reimplement verify to ensure that changes in implementation didn't break it + std::array bytes; + bytes[0] = std::uint8_t((result & 0xFF000000) >> 24); + bytes[1] = std::uint8_t((result & 0x00FF0000) >> 16); + bytes[2] = std::uint8_t((result & 0x0000FF00) >> 8); + bytes[3] = std::uint8_t(result & 0x000000FF); + old_transcript_2(bytes); + auto chal = old_transcript_2.template int_challenge(); + BOOST_ASSERT((chal & mask) == 0); + + // check that random stuff doesn't pass verify + using hard_pow_type = nil::crypto3::zk::commitments::proof_of_work; + BOOST_ASSERT(!hard_pow_type::verify(old_transcript_1, result, mask)); + } BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/parallel-zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp b/libs/parallel-zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp index 67813352..aa17de0c 100644 --- a/libs/parallel-zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp +++ b/libs/parallel-zk/test/commitment/r1cs_gg_ppzksnark_mpc.cpp @@ -22,138 +22,142 @@ using namespace nil::crypto3::zk::commitments; BOOST_AUTO_TEST_SUITE(mpc_generator_test_suite) -BOOST_AUTO_TEST_CASE(mpc_generator_compare_keypairs_without_delta_contribution_test) { - - using curve_type = curves::bls12<381>; - using scalar_field_type = curve_type::scalar_field_type; - using scalar_field_value_type = scalar_field_type::value_type; - - using g1_value_type = curve_type::g1_type<>::value_type; - using g2_value_type = curve_type::g2_type<>::value_type; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - using proving_scheme_generator_type = r1cs_gg_ppzksnark_generator; - - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto sk = powers_of_tau_scheme_type::generate_private_key(); - auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); - acc.transform(sk); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 3); - - std::size_t m = r1cs_example.constraint_system.num_constraints() + r1cs_example.constraint_system.num_inputs() + 1; - - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, m); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, result); - auto g1_generator = g1_value_type::one(); - auto g2_generator = g2_value_type::one(); - - auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, L_query, r1cs_copy, - alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = - proving_scheme_generator_type::deterministic_basic_process( - r1cs_example.constraint_system, sk.tau, sk.alpha, sk.beta, scalar_field_value_type::one(), - scalar_field_value_type::one(), g1_generator, g2_generator); - - BOOST_CHECK(mpc_kp.first.alpha_g1 == alpha_g1); - BOOST_CHECK(mpc_kp.first.beta_g1 == beta_g1); - BOOST_CHECK(mpc_kp.first.beta_g2 == beta_g2); - BOOST_CHECK(mpc_kp.first.delta_g1 == delta_g1); - BOOST_CHECK(mpc_kp.first.delta_g2 == delta_g2); - - BOOST_CHECK_EQUAL(mpc_kp.first.A_query.size(), A_query.size()); - BOOST_CHECK_EQUAL(mpc_kp.first.B_query.domain_size(), B_query.domain_size()); - BOOST_CHECK_EQUAL(mpc_kp.first.H_query.size(), H_query.size()); - BOOST_CHECK_EQUAL(mpc_kp.first.L_query.size(), L_query.size()); - - for (std::size_t i = 0; i < A_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.A_query[i] == A_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < B_query.domain_size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.B_query[i] == B_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < H_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.H_query[i] == H_query[i], std::string("i=") + std::to_string(i)); - } - for (std::size_t i = 0; i < L_query.size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.first.L_query[i] == L_query[i], std::string("i=") + std::to_string(i)); + BOOST_AUTO_TEST_CASE(mpc_generator_compare_keypairs_without_delta_contribution_test) { + + using curve_type = curves::bls12<381>; + using scalar_field_type = curve_type::scalar_field_type; + using scalar_field_value_type = scalar_field_type::value_type; + + using g1_value_type = curve_type::g1_type<>::value_type; + using g2_value_type = curve_type::g2_type<>::value_type; + using powers_of_tau_scheme_type = powers_of_tau; + using proving_scheme_type = r1cs_gg_ppzksnark; + using proving_scheme_generator_type = r1cs_gg_ppzksnark_generator; + + auto acc = powers_of_tau_scheme_type::accumulator_type(); + auto sk = powers_of_tau_scheme_type::generate_private_key(); + auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); + acc.transform(sk); + + auto r1cs_example = generate_r1cs_example_with_field_input(20, 3); + + std::size_t m = + r1cs_example.constraint_system.num_constraints() + r1cs_example.constraint_system.num_inputs() + 1; + + auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, m); + + auto mpc_kp = + commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, + result); + auto g1_generator = g1_value_type::one(); + auto g2_generator = g2_value_type::one(); + + auto [alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, gamma_g2, A_query, B_query, H_query, L_query, r1cs_copy, + alpha_g1_beta_g2, gamma_ABC_g1, gamma_g1] = + proving_scheme_generator_type::deterministic_basic_process( + r1cs_example.constraint_system, sk.tau, sk.alpha, sk.beta, scalar_field_value_type::one(), + scalar_field_value_type::one(), g1_generator, g2_generator); + + BOOST_CHECK(mpc_kp.first.alpha_g1 == alpha_g1); + BOOST_CHECK(mpc_kp.first.beta_g1 == beta_g1); + BOOST_CHECK(mpc_kp.first.beta_g2 == beta_g2); + BOOST_CHECK(mpc_kp.first.delta_g1 == delta_g1); + BOOST_CHECK(mpc_kp.first.delta_g2 == delta_g2); + + BOOST_CHECK_EQUAL(mpc_kp.first.A_query.size(), A_query.size()); + BOOST_CHECK_EQUAL(mpc_kp.first.B_query.domain_size(), B_query.domain_size()); + BOOST_CHECK_EQUAL(mpc_kp.first.H_query.size(), H_query.size()); + BOOST_CHECK_EQUAL(mpc_kp.first.L_query.size(), L_query.size()); + + for (std::size_t i = 0; i < A_query.size(); ++i) { + BOOST_CHECK_MESSAGE(mpc_kp.first.A_query[i] == A_query[i], std::string("i=") + std::to_string(i)); + } + for (std::size_t i = 0; i < B_query.domain_size(); ++i) { + BOOST_CHECK_MESSAGE(mpc_kp.first.B_query[i] == B_query[i], std::string("i=") + std::to_string(i)); + } + for (std::size_t i = 0; i < H_query.size(); ++i) { + BOOST_CHECK_MESSAGE(mpc_kp.first.H_query[i] == H_query[i], std::string("i=") + std::to_string(i)); + } + for (std::size_t i = 0; i < L_query.size(); ++i) { + BOOST_CHECK_MESSAGE(mpc_kp.first.L_query[i] == L_query[i], std::string("i=") + std::to_string(i)); + } + + BOOST_CHECK(mpc_kp.second.alpha_g1_beta_g2 == alpha_g1_beta_g2); + BOOST_CHECK(mpc_kp.second.gamma_g2 == gamma_g2); + BOOST_CHECK(mpc_kp.second.delta_g2 == delta_g2); + + BOOST_CHECK(mpc_kp.second.gamma_ABC_g1.first == gamma_ABC_g1.first); + + BOOST_CHECK_EQUAL(mpc_kp.second.gamma_ABC_g1.rest.domain_size(), gamma_ABC_g1.rest.domain_size()); + + for (std::size_t i = 0; i < gamma_ABC_g1.rest.domain_size(); ++i) { + BOOST_CHECK_MESSAGE(mpc_kp.second.gamma_ABC_g1.rest[i] == gamma_ABC_g1.rest[i], + std::string("i=") + std::to_string(i)); + } + + auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); + auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); + BOOST_CHECK(verification_result); } - BOOST_CHECK(mpc_kp.second.alpha_g1_beta_g2 == alpha_g1_beta_g2); - BOOST_CHECK(mpc_kp.second.gamma_g2 == gamma_g2); - BOOST_CHECK(mpc_kp.second.delta_g2 == delta_g2); + BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_without_delta_contribution_test) { - BOOST_CHECK(mpc_kp.second.gamma_ABC_g1.first == gamma_ABC_g1.first); - - BOOST_CHECK_EQUAL(mpc_kp.second.gamma_ABC_g1.rest.domain_size(), gamma_ABC_g1.rest.domain_size()); - - for (std::size_t i = 0; i < gamma_ABC_g1.rest.domain_size(); ++i) { - BOOST_CHECK_MESSAGE(mpc_kp.second.gamma_ABC_g1.rest[i] == gamma_ABC_g1.rest[i], - std::string("i=") + std::to_string(i)); - } + using curve_type = curves::bls12<381>; + using powers_of_tau_scheme_type = powers_of_tau; + using proving_scheme_type = r1cs_gg_ppzksnark; - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); -} + auto acc = powers_of_tau_scheme_type::accumulator_type(); + auto sk = powers_of_tau_scheme_type::generate_private_key(); + auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); + acc.transform(sk); -BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_without_delta_contribution_test) { + auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); + auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); - using curve_type = curves::bls12<381>; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; + auto mpc_kp = + commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, + result); - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto sk = powers_of_tau_scheme_type::generate_private_key(); - auto pk = powers_of_tau_scheme_type::proof_eval(sk, acc); - acc.transform(sk); - - auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); - - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, result); - - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); -} + auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); + auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); + BOOST_CHECK(verification_result); + } -BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_with_delta_contribution_test) { + BOOST_AUTO_TEST_CASE(mpc_generator_proof_verification_with_delta_contribution_test) { - using curve_type = curves::bls12<381>; - using powers_of_tau_scheme_type = powers_of_tau; - using proving_scheme_type = r1cs_gg_ppzksnark; - using crs_mpc_type = r1cs_gg_ppzksnark_mpc; - using public_key_type = crs_mpc_type::public_key_type; + using curve_type = curves::bls12<381>; + using powers_of_tau_scheme_type = powers_of_tau; + using proving_scheme_type = r1cs_gg_ppzksnark; + using crs_mpc_type = r1cs_gg_ppzksnark_mpc; + using public_key_type = crs_mpc_type::public_key_type; - auto acc = powers_of_tau_scheme_type::accumulator_type(); - auto pot_sk = powers_of_tau_scheme_type::generate_private_key(); - auto pot_pk = powers_of_tau_scheme_type::proof_eval(pot_sk, acc); - acc.transform(pot_sk); - auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); + auto acc = powers_of_tau_scheme_type::accumulator_type(); + auto pot_sk = powers_of_tau_scheme_type::generate_private_key(); + auto pot_pk = powers_of_tau_scheme_type::proof_eval(pot_sk, acc); + acc.transform(pot_sk); + auto result = powers_of_tau_scheme_type::result_type::from_accumulator(acc, 32); - auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); + auto r1cs_example = generate_r1cs_example_with_field_input(20, 5); - auto mpc_kp = - commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, result); + auto mpc_kp = + commitments::detail::make_r1cs_gg_ppzksnark_keypair_from_powers_of_tau(r1cs_example.constraint_system, + result); - std::vector pks; + std::vector pks; - auto mpc_sk1 = crs_mpc_type::generate_private_key(); - pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk1, boost::none, mpc_kp)); - commitments::detail::transform_keypair(mpc_kp, mpc_sk1); - BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); + auto mpc_sk1 = crs_mpc_type::generate_private_key(); + pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk1, boost::none, mpc_kp)); + commitments::detail::transform_keypair(mpc_kp, mpc_sk1); + BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); - auto mpc_sk2 = crs_mpc_type::generate_private_key(); - pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk2, pks[0], mpc_kp)); - commitments::detail::transform_keypair(mpc_kp, mpc_sk2); - BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); + auto mpc_sk2 = crs_mpc_type::generate_private_key(); + pks.emplace_back(crs_mpc_type::proof_eval(mpc_sk2, pks[0], mpc_kp)); + commitments::detail::transform_keypair(mpc_kp, mpc_sk2); + BOOST_CHECK(crs_mpc_type::verify_eval(mpc_kp, pks, r1cs_example.constraint_system, result)); - auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); - auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); - BOOST_CHECK(verification_result); -} + auto proof = proving_scheme_type::prove(mpc_kp.first, r1cs_example.primary_input, r1cs_example.auxiliary_input); + auto verification_result = proving_scheme_type::verify(mpc_kp.second, r1cs_example.primary_input, proof); + BOOST_CHECK(verification_result); + } BOOST_AUTO_TEST_SUITE_END()