Skip to content
This repository has been archived by the owner on Feb 17, 2025. It is now read-only.

Update up to crypto3#37489fe #7

Merged
merged 4 commits into from
Jun 11, 2024
+4,735 −4,230
Merged

Update up to crypto3#37489fe #7

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b813e37
work on transcript #247
vo-nil Jun 4, 2024
06ecaf0
Initial patch #254
nemothenoone Jun 7, 2024
55804f8
Minor formatting changes #254
nemothenoone Jun 7, 2024
828b994
Fix equality checks for modular numbers in multiprecision.
Jun 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
work on transcript #247 
transcript specialization for points #247

Added support of field and curve elements to transcript #247

Add specialization for poseidon #247

Added minmal tests for transcript #247
@vo-nil @x-mass
vo-nil authored and x-mass committed Jun 11, 2024
commit b813e37cc5bbff2c8abf52f61da1efa318ca2508
61 changes: 6 additions & 55 deletions libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
View file
Original file line number Diff line number Diff line change
@@ -332,43 +332,17 @@ namespace nil {
/* The procedure of updating the transcript is subject to review and change
* #295 */

nil::marshalling::status_type status;

for (const auto &commit : public_key.commits) {
std::vector<uint8_t> byteblob =
nil::marshalling::pack<nil::marshalling::option::big_endian>(commit, status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZG::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);
transcript(commit);
}
for (const auto &S : public_key.S) {
for (const auto &s : S) {
std::vector<uint8_t> byteblob =
nil::marshalling::pack<nil::marshalling::option::big_endian>(s, status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZG::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);
transcript(s);
}
}
for (const auto &r : public_key.r) {
for (std::size_t i = 0; i < r.size(); ++i) {
std::vector<uint8_t> byteblob =
nil::marshalling::pack<nil::marshalling::option::big_endian>(r[i], status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZG::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);
transcript(r[i]);
}
}
}
@@ -697,43 +671,20 @@ namespace nil {
* #295 */

// Push commitments to transcript
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(_commitments[batch_ind])
>(_commitments[batch_ind])
);
transcript(_commitments[batch_ind]);

// Push evaluation points to transcript
for(std::size_t i = 0; i < this->_z.get_batch_size(batch_ind); i++) {
for(std::size_t j = 0; j < this->_z.get_poly_points_number(batch_ind, i); j++) {
nil::marshalling::status_type status;
std::vector<uint8_t> byteblob =
nil::marshalling::pack<endianness>(this->_z.get(batch_ind, i, j), status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);
transcript(this->_z.get(batch_ind, i, j));
}
}

// Push U polynomials to transcript
for (std::size_t i = 0; i < this->_points[batch_ind].size(); i++) {
auto poly = this->get_U(batch_ind, i);
for (std::size_t j = 0; j < poly.size(); ++j) {
nil::marshalling::status_type status;
std::vector<uint8_t> byteblob =
nil::marshalling::pack<endianness>(poly[j], status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);
transcript(poly[j]);
}
}
}
61 changes: 8 additions & 53 deletions libs/parallel-zk/include/nil/crypto3/zk/commitments/polynomial/kzg_v2.hpp
View file
Original file line number Diff line number Diff line change
@@ -151,43 +151,20 @@ namespace nil {
* #295 */

// Push commitments to transcript
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(_commitments[batch_ind])
>(_commitments[batch_ind])
);
transcript(_commitments[batch_ind]);

// Push evaluation points to transcript
for( std::size_t i = 0; i < this->_z.get_batch_size(batch_ind); i++){
for( std::size_t j = 0; j < this->_z.get_poly_points_number(batch_ind, i); j++ ) {
nil::marshalling::status_type status;
std::vector<uint8_t> byteblob =
nil::marshalling::pack<endianness>(this->_z.get(batch_ind, i, j), status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);
transcript(this->_z.get(batch_ind, i, j));
}
}

// Push U polynomials to transcript
for (std::size_t i = 0; i < this->_points[batch_ind].size(); i++) {
auto poly = this->get_U(batch_ind, i);
for (std::size_t j = 0; j < poly.size(); ++j) {
nil::marshalling::status_type status;
std::vector<uint8_t> byteblob =
nil::marshalling::pack<endianness>(poly[j], status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);
transcript(poly[j]);
}
}
}
@@ -279,16 +256,7 @@ namespace nil {

typename KZGScheme::single_commitment_type pi_1 = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, f);

nil::marshalling::status_type status;
std::vector<std::uint8_t> pi1_byteblob = nil::marshalling::pack<endianness>(pi_1, status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);

transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(pi1_byteblob)
>(pi1_byteblob)
);
transcript(pi_1);

auto theta_2 = transcript.template challenge<typename curve_type::scalar_field_type>();
math::polynomial<typename KZGScheme::scalar_value_type> theta_2_vanish = {{ -theta_2, KZGScheme::scalar_value_type::one() }};
@@ -319,14 +287,7 @@ namespace nil {
typename KZGScheme::single_commitment_type pi_2 = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, L);

/* TODO: Review the necessity of sending pi_2 to transcript */
std::vector<uint8_t> pi2_byteblob = nil::marshalling::pack<endianness>(pi_2, status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(pi2_byteblob)
>(pi2_byteblob)
);
transcript(pi_2);

return {this->_z, pi_1, pi_2};
}
@@ -346,15 +307,9 @@ namespace nil {
}

auto theta = transcript.template challenge<typename KZGScheme::curve_type::scalar_field_type>();
nil::marshalling::status_type status;
std::vector<std::uint8_t> byteblob = nil::marshalling::pack<endianness>(proof.pi_1, status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
transcript(
::nil::crypto3::hashes::conditional_block_to_field_elements_wrapper<
typename KZGScheme::transcript_hash_type::word_type,
decltype(byteblob)
>(byteblob)
);

transcript(proof.pi_1);

auto theta_2 = transcript.template challenge<typename KZGScheme::curve_type::scalar_field_type>();
auto theta_i = KZGScheme::scalar_value_type::one();

38 changes: 35 additions & 3 deletions libs/parallel-zk/include/nil/crypto3/zk/transcript/fiat_shamir.hpp
View file
Original file line number Diff line number Diff line change
@@ -29,6 +29,7 @@

#include <nil/marshalling/algorithms/pack.hpp>
#include <nil/crypto3/marshalling/algebra/types/field_element.hpp>
#include <nil/crypto3/marshalling/algebra/types/curve_element.hpp>

#include <nil/crypto3/hash/algorithm/hash.hpp>
#include <nil/crypto3/hash/keccak.hpp>
@@ -149,7 +150,10 @@ namespace nil {
}

template<typename InputRange>
void operator()(const InputRange &r) {
typename std::enable_if_t<
!algebra::is_group_element<InputRange>::value &&
!algebra::is_field_element<InputRange>::value>
operator()(const InputRange &r) {
auto acc_convertible = hash<hash_type>(state);
state = accumulators::extract::hash<hash_type>(
hash<hash_type>(r, static_cast<accumulator_set<hash_type> &>(acc_convertible)));
@@ -162,6 +166,21 @@ namespace nil {
hash<hash_type>(first, last, static_cast<accumulator_set<hash_type> &>(acc_convertible)));
}

template<typename element>
typename std::enable_if_t<
algebra::is_group_element<element>::value ||
algebra::is_field_element<element>::value
>
operator()(element const& data) {
nil::marshalling::status_type status;
std::vector<std::uint8_t> byte_data =
nil::marshalling::pack<nil::marshalling::option::big_endian>(data, status);
BOOST_ASSERT(status == nil::marshalling::status_type::success);
auto acc_convertible = hash<hash_type>(state);
state = accumulators::extract::hash<hash_type>(
hash<hash_type>(byte_data, static_cast<accumulator_set<hash_type> &>(acc_convertible)));
}

template<typename Field>
// typename std::enable_if<(Hash::digest_bits >= Field::modulus_bits),
// typename Field::value_type>::type
@@ -257,15 +276,28 @@ namespace nil {
sponge.absorb(hash<hash_type>(first, last));
}

void operator()(const typename hash_type::digest_type input) {
void operator()(const typename hash_type::digest_type &input) {
sponge.absorb(input);
}

template<typename InputRange>
void operator()(const InputRange &r) {
typename std::enable_if_t<
!algebra::is_group_element<InputRange>::value
>
operator()(const InputRange &r) {
sponge.absorb(static_cast<typename hash_type::digest_type>(hash<hash_type>(r)));
}

template<typename element>
typename std::enable_if_t<
algebra::is_group_element<element>::value
>
operator()(element const& data) {
auto affine = data.to_affine();
sponge.absorb(affine.X);
sponge.absorb(affine.Y);
}

template<typename InputIterator>
void operator()(InputIterator first, InputIterator last) {
sponge.absorb(hash<hash_type>(first, last));
2 changes: 2 additions & 0 deletions libs/parallel-zk/include/nil/crypto3/zk/transcript/transcript.hpp
View file
Original file line number Diff line number Diff line change
@@ -26,6 +26,8 @@
#ifndef CRYPTO3_ZK_TRANSCRIPT_HPP
#define CRYPTO3_ZK_TRANSCRIPT_HPP

#include <tuple>

namespace nil {
namespace crypto3 {
namespace zk {
50 changes: 50 additions & 0 deletions libs/parallel-zk/test/transcript/transcript.cpp
View file
Original file line number Diff line number Diff line change
@@ -35,6 +35,9 @@
#include <nil/crypto3/algebra/fields/arithmetic_params/bls12.hpp>
#include <nil/crypto3/algebra/curves/alt_bn128.hpp>
#include <nil/crypto3/algebra/fields/arithmetic_params/alt_bn128.hpp>
#include <nil/crypto3/algebra/curves/mnt4.hpp>
#include <nil/crypto3/algebra/curves/mnt6.hpp>
#include <nil/crypto3/algebra/curves/pallas.hpp>

#include <nil/crypto3/hash/block_to_field_elements_wrapper.hpp>
#include <nil/crypto3/hash/poseidon.hpp>
@@ -113,3 +116,50 @@ BOOST_AUTO_TEST_CASE(zk_poseidon_transcript_no_init_test) {
}

BOOST_AUTO_TEST_SUITE_END()

/* TODO: Write more elaborate tests for transcript of curve elements */
BOOST_AUTO_TEST_SUITE(transcript_test_curves)

template<typename curve_type, typename hash_type>
void test_transcript(typename curve_type::base_field_type::value_type const& expected_value)
{
using field_type = typename curve_type::base_field_type;
using g1_type = typename curve_type::template g1_type<>;

transcript::fiat_shamir_heuristic_sequential<hash_type> transcript;

transcript(g1_type::value_type::one());
auto challenge = transcript.template challenge<field_type>();

BOOST_CHECK_EQUAL(challenge, expected_value);
}

BOOST_AUTO_TEST_CASE(mnt4_keccak) {
test_transcript<algebra::curves::mnt4_298, hashes::keccak_1600<256>>
(0xb985b0419fda7e26db3867b38cbb55465717e8d3ff208768cac6949bd68c2b7_cppui_modular298);
}

BOOST_AUTO_TEST_CASE(mnt6_keccak) {
test_transcript<algebra::curves::mnt6_298, hashes::keccak_1600<256>>
(0x56d23a0a6f75fe3a7670906b341b29cdde80696fc418771e3c84910217546ef1_cppui_modular298);
}

BOOST_AUTO_TEST_CASE(bls12_keccak) {
test_transcript<algebra::curves::bls12_381, hashes::keccak_1600<256>>
(0x7cc24317960f68f067e0a1cfe610fe3db024d52b064ff2115ea0f594602f0784_cppui_modular381);
/* TODO: no marshalling for bls12-377 curve
test_transcript<algebra::curves::bls12_377, hashes::keccak_1600<256>>
(0x0_cppui_modular377);
*/
}

BOOST_AUTO_TEST_CASE(pallas_poseidon) {
using curve_type = algebra::curves::pallas;
using field_type = typename curve_type::base_field_type;
using hash_type = hashes::poseidon<nil::crypto3::hashes::detail::mina_poseidon_policy<field_type>>;

test_transcript<curve_type, hash_type>
(0xb4a4cca5ad2d998a81ce64953c1fe0b16e27e4d298808165644421eebd2bc3a_cppui_modular256);
}

BOOST_AUTO_TEST_SUITE_END()