Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
Add partial proof stage

Added partial prove step #13

Added merge-proof action #13

wip

theta power is saving now #13

rm debug prints

sync crypto3 and parallel-crypto3 #13

rm constructor, update readme

partial proof function added #13
  • Loading branch information
vo-nil committed Sep 17, 2024
1 parent c9b99a9 commit eaa097c
Show file tree
Hide file tree
Showing 15 changed files with 387 additions and 108 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1088,7 +1088,6 @@ namespace nil {
precommitments, fri_params, challenges, g, fri_trees, fs, final_polynomial);
}


template<typename FRI, typename PolynomialType,
typename std::enable_if<
std::is_base_of<
Expand Down Expand Up @@ -1117,7 +1116,6 @@ namespace nil {

std::vector<typename FRI::precommitment_type> fri_trees;
std::vector<PolynomialType> fs;
math::polynomial<typename FRI::field_type::value_type> final_polynomial;

// Contains fri_roots and final_polynomial.
typename FRI::commitments_part_of_proof commitments_proof;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ namespace nil {
}

proof_type proof_eval(transcript_type &transcript) {
PROFILE_SCOPE("LPC proof_eval");

this->eval_polys();

Expand Down Expand Up @@ -352,8 +353,9 @@ namespace nil {
}

// Computes and returns the maximal power of theta used to compute the value of Combined_Q.
std::size_t compute_theta_power_for_combined_Q() const {
std::size_t compute_theta_power_for_combined_Q() {
std::size_t theta_power = 0;
this->eval_polys();
this->build_points_map();

auto points = this->get_unique_points();
Expand All @@ -371,8 +373,9 @@ namespace nil {
}

for (std::size_t i: this->_z.get_batches()) {
if (!_batch_fixed.at(i))
if (!_batch_fixed[i]) {
continue;
}

theta_power += this->_z.get_batch_size(i);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
#define CRYPTO3_ZK_PLONK_PLACEHOLDER_PROOF_HPP

#include <map>
#include <vector>

namespace nil {
namespace crypto3 {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,14 +90,15 @@ namespace nil {
constexpr static const std::size_t permutation_parts = 3;
constexpr static const std::size_t lookup_parts = 6;
constexpr static const std::size_t f_parts = 8;
public:

public:

static inline placeholder_proof<FieldType, ParamsType> process(
const typename public_preprocessor_type::preprocessed_data_type &preprocessed_public_data,
typename private_preprocessor_type::preprocessed_data_type preprocessed_private_data,
const plonk_table_description<FieldType> &table_description,
const plonk_constraint_system<FieldType> &constraint_system,
commitment_scheme_type commitment_scheme,
const commitment_scheme_type& commitment_scheme,
bool skip_commitment_scheme_eval_proofs = false
) {
auto prover = placeholder_prover<FieldType, ParamsType>(
Expand Down Expand Up @@ -207,17 +208,20 @@ namespace nil {
}
transcript(_proof.commitments[QUOTIENT_BATCH]);

// 8. Run evaluation proofs
_proof.eval_proof.challenge = transcript.template challenge<FieldType>();
generate_evaluation_points();
if (!_skip_commitment_scheme_eval_proofs) {
// 8. Run evaluation proofs
_proof.eval_proof.challenge = transcript.template challenge<FieldType>();
generate_evaluation_points();

_proof.eval_proof.eval_proof = _commitment_scheme.proof_eval(transcript);
}

return _proof;
}

commitment_scheme_type& get_commitment_scheme() {
return _commitment_scheme;
}

private:
std::vector<polynomial_dfs_type> quotient_polynomial_split_dfs() {
PROFILE_SCOPE("quotient_polynomial_split_dfs");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -185,24 +185,6 @@ namespace nil {
, expand_factor(expand_factor)
{ }

params_type(
std::size_t max_degree,
std::vector<std::shared_ptr<math::evaluation_domain<FieldType>>> D,
std::vector<std::size_t> step_list_in,
std::size_t expand_factor,
std::size_t lambda,
bool use_grinding = false,
std::size_t grinding_parameter = 16
) : lambda(lambda)
, use_grinding(use_grinding)
, grinding_parameter(grinding_parameter)
, max_degree(max_degree)
, D(D)
, r(std::accumulate(step_list_in.begin(), step_list_in.end(), 0))
, step_list(step_list_in)
, expand_factor(expand_factor)
{}

bool operator==(const params_type &rhs) const {
if (D.size() != rhs.D.size()) {
return false;
Expand Down Expand Up @@ -256,7 +238,7 @@ namespace nil {
}

// For the last round it's final_polynomial's values

// Values for the next round.
polynomial_values_type y;

Expand Down Expand Up @@ -436,7 +418,7 @@ namespace nil {
if (f.size() != D->size()) {
throw std::runtime_error("Polynomial size does not match the domain size in FRI precommit.");
}

std::size_t domain_size = D->size();
std::size_t coset_size = 1 << fri_step;
std::size_t leafs_number = domain_size / coset_size;
Expand Down Expand Up @@ -782,7 +764,6 @@ namespace nil {
}
precommitment = precommit<FRI>(f, D, fri_params.step_list[i + 1]);
}

}
fs.push_back(f);
if constexpr (std::is_same<math::polynomial_dfs<typename FRI::field_type::value_type>, PolynomialType>::value) {
Expand Down Expand Up @@ -1159,7 +1140,7 @@ namespace nil {
std::vector<PolynomialType> fs;

// Contains fri_roots and final_polynomial.
typename FRI::commitments_part_of_proof commitments_proof;
typename FRI::commitments_part_of_proof commitments_proof;

std::tie(fs, fri_trees, commitments_proof) =
commit_phase<FRI, PolynomialType>(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ namespace nil {
BOOST_ASSERT(this->_points.size() == this->_z.get_batches_num());

// For each batch we have a merkle tree.
for(auto const& it: this->_trees) {
for (auto const& it: this->_trees) {
transcript(it.second.root());
}

Expand All @@ -168,15 +168,15 @@ namespace nil {

auto fri_proof = commit_and_fri_proof(combined_Q, transcript);
return proof_type({this->_z, fri_proof});
}
}

/** This function must be called for the cases where we want to skip the
* round proof for FRI. Must be called once per instance of prover for the aggregated FRI.
* \param[in] combined_Q - Polynomial combined_Q was already computed by the current
prover in the previous step of the aggregated FRI protocol.
* \param[in] transcript - This transcript is initialized from a challenge sent from the "Main" prover,
on which the round proof was created for the polynomial F(x) = Sum(combined_Q).
*/
*/
lpc_proof_type proof_eval_lpc_proof(
const polynomial_type& combined_Q, transcript_type &transcript) {

Expand Down Expand Up @@ -271,7 +271,9 @@ namespace nil {
);
return fri_proof;
}
/** \brief

/** \brief Computes polynomial combined_Q. In case this function changes,
the function 'compute_theta_power_for_combined_Q' below should be changed accordingly.
* \param theta The value of challenge. When called from aggregated FRI, this values is sent from
the "main prover" machine.
* \param starting_power When aggregated FRI is used, the value is not zero, it's the total degree of all
Expand All @@ -280,13 +282,12 @@ namespace nil {
polynomial_type prepare_combined_Q(
const typename field_type::value_type& theta,
std::size_t starting_power = 0) {
typename field_type::value_type theta_acc = theta.pow(starting_power);

polynomial_type combined_Q;
math::polynomial<value_type> V;

this->build_points_map();

typename field_type::value_type theta_acc = theta.pow(starting_power);
polynomial_type combined_Q;
math::polynomial<value_type> V;

auto points = this->get_unique_points();
math::polynomial<value_type> combined_Q_normal;

Expand Down Expand Up @@ -410,6 +411,7 @@ namespace nil {
Q_normal -= _fixed_polys_values[i][j] * theta_acc;
theta_acc *= theta;
}

Q_normal = Q_normal / V;
}, ThreadPool::PoolLevel::HIGH);

Expand All @@ -429,6 +431,37 @@ namespace nil {
return combined_Q;
}

// Computes and returns the maximal power of theta used to compute the value of Combined_Q.
std::size_t compute_theta_power_for_combined_Q() {
std::size_t theta_power = 0;
this->eval_polys();
this->build_points_map();

auto points = this->get_unique_points();

for (auto const &point: points) {
for (std::size_t i: this->_z.get_batches()) {
for (std::size_t j = 0; j < this->_z.get_batch_size(i); j++) {
auto iter = this->_points_map[i][j].find(point);
if (iter == this->_points_map[i][j].end())
continue;

theta_power++;
}
}
}

for (std::size_t i: this->_z.get_batches()) {
if (!_batch_fixed[i]) {
continue;
}

theta_power += this->_z.get_batch_size(i);
}

return theta_power;
}

bool verify_eval(
const proof_type &proof,
const std::map<std::size_t, commitment_type> &commitments,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
#define CRYPTO3_ZK_PLONK_PLACEHOLDER_PROOF_HPP

#include <map>
#include <vector>

namespace nil {
namespace crypto3 {
Expand Down Expand Up @@ -88,6 +89,7 @@ namespace nil {
using circuit_params_type = typename ParamsType::circuit_params_type;
using commitment_scheme_type = typename ParamsType::commitment_scheme_type;
using commitment_type = typename commitment_scheme_type::commitment_type;
using partial_proof_type = placeholder_partial_proof<FieldType, ParamsType>;

struct evaluation_proof {
// TODO: remove it!
Expand All @@ -105,6 +107,12 @@ namespace nil {

placeholder_proof() = default;

placeholder_proof(const partial_proof_type &partial_proof) :
placeholder_partial_proof<FieldType, ParamsType>(partial_proof) {}

placeholder_proof(const partial_proof_type &partial_proof, const evaluation_proof &eval_proof) :
placeholder_partial_proof<FieldType, ParamsType>(partial_proof), eval_proof(eval_proof) {}

bool operator==(const placeholder_proof &rhs) const {
return placeholder_partial_proof<FieldType, ParamsType>::operator==(rhs) &&
eval_proof == rhs.eval_proof;
Expand Down Expand Up @@ -141,7 +149,7 @@ namespace nil {

// This vector contains N partial proofs, one per prover.
std::vector<placeholder_partial_proof<FieldType, ParamsType>> partial_proofs;
typename commitment_type::aggregated_proof_type aggregated_proof;
typename commitment_scheme_type::aggregated_proof_type aggregated_proof;
};
} // namespace snark
} // namespace zk
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,14 +90,15 @@ namespace nil {
constexpr static const std::size_t permutation_parts = 3;
constexpr static const std::size_t lookup_parts = 6;
constexpr static const std::size_t f_parts = 8;
public:

public:

static inline placeholder_proof<FieldType, ParamsType> process(
const typename public_preprocessor_type::preprocessed_data_type &preprocessed_public_data,
typename private_preprocessor_type::preprocessed_data_type preprocessed_private_data,
const plonk_table_description<FieldType> &table_description,
const plonk_constraint_system<FieldType> &constraint_system,
commitment_scheme_type commitment_scheme,
const commitment_scheme_type& commitment_scheme,
bool skip_commitment_scheme_eval_proofs = false
) {
auto prover = placeholder_prover<FieldType, ParamsType>(
Expand Down Expand Up @@ -208,17 +209,19 @@ namespace nil {
transcript(_proof.commitments[QUOTIENT_BATCH]);

// 8. Run evaluation proofs
_proof.eval_proof.challenge = transcript.template challenge<FieldType>();
generate_evaluation_points();
if (!_skip_commitment_scheme_eval_proofs) {
// 8. Run evaluation proofs
_proof.eval_proof.challenge = transcript.template challenge<FieldType>();
generate_evaluation_points();

_proof.eval_proof.eval_proof = _commitment_scheme.proof_eval(transcript);
}

return _proof;
}

commitment_scheme_type& get_commitment_scheme() {
return _commitment_scheme;
}

private:
std::vector<polynomial_dfs_type> quotient_polynomial_split_dfs() {
PROFILE_SCOPE("quotient_polynomial_split_dfs");
Expand Down Expand Up @@ -396,7 +399,6 @@ namespace nil {

_commitment_scheme.append_eval_point(QUOTIENT_BATCH, _proof.eval_proof.challenge);


// fixed values' rotations (table columns)
std::size_t i = 0;
std::size_t start_index = preprocessed_public_data.identity_polynomials.size() +
Expand Down
Loading

0 comments on commit eaa097c

Please sign in to comment.