You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

169 lines
4.8 KiB

  1. #![allow(non_snake_case)]
  2. use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
  3. use core::marker::PhantomData;
  4. use criterion::*;
  5. use ff::PrimeField;
  6. use nova_snark::{
  7. traits::{
  8. circuit::{StepCircuit, TrivialTestCircuit},
  9. Group,
  10. },
  11. CompressedSNARK, PublicParams, RecursiveSNARK,
  12. };
  13. use std::time::Duration;
  14. type G1 = pasta_curves::pallas::Point;
  15. type G2 = pasta_curves::vesta::Point;
  16. type EE1 = nova_snark::provider::ipa_pc::EvaluationEngine<G1>;
  17. type EE2 = nova_snark::provider::ipa_pc::EvaluationEngine<G2>;
  18. type CC1 = nova_snark::spartan::spark::TrivialCompComputationEngine<G1, EE1>;
  19. type CC2 = nova_snark::spartan::spark::TrivialCompComputationEngine<G2, EE2>;
  20. type S1 = nova_snark::spartan::RelaxedR1CSSNARK<G1, EE1, CC1>;
  21. type S2 = nova_snark::spartan::RelaxedR1CSSNARK<G2, EE2, CC2>;
  22. type C1 = NonTrivialTestCircuit<<G1 as Group>::Scalar>;
  23. type C2 = TrivialTestCircuit<<G2 as Group>::Scalar>;
  24. criterion_group! {
  25. name = compressed_snark;
  26. config = Criterion::default().warm_up_time(Duration::from_millis(3000));
  27. targets = bench_compressed_snark
  28. }
  29. criterion_main!(compressed_snark);
  30. fn bench_compressed_snark(c: &mut Criterion) {
  31. let num_samples = 10;
  32. let num_cons_verifier_circuit_primary = 9819;
  33. // we vary the number of constraints in the step circuit
  34. for &num_cons_in_augmented_circuit in
  35. [9819, 16384, 32768, 65536, 131072, 262144, 524288, 1048576].iter()
  36. {
  37. // number of constraints in the step circuit
  38. let num_cons = num_cons_in_augmented_circuit - num_cons_verifier_circuit_primary;
  39. let mut group = c.benchmark_group(format!("CompressedSNARK-StepCircuitSize-{num_cons}"));
  40. group.sample_size(num_samples);
  41. // Produce public parameters
  42. let pp = PublicParams::<G1, G2, C1, C2>::setup(
  43. NonTrivialTestCircuit::new(num_cons),
  44. TrivialTestCircuit::default(),
  45. );
  46. // Produce prover and verifier keys for CompressedSNARK
  47. let (pk, vk) = CompressedSNARK::<_, _, _, _, S1, S2>::setup(&pp).unwrap();
  48. // produce a recursive SNARK
  49. let num_steps = 3;
  50. let mut recursive_snark: Option<RecursiveSNARK<G1, G2, C1, C2>> = None;
  51. for i in 0..num_steps {
  52. let res = RecursiveSNARK::prove_step(
  53. &pp,
  54. recursive_snark,
  55. NonTrivialTestCircuit::new(num_cons),
  56. TrivialTestCircuit::default(),
  57. vec![<G1 as Group>::Scalar::from(2u64)],
  58. vec![<G2 as Group>::Scalar::from(2u64)],
  59. );
  60. assert!(res.is_ok());
  61. let recursive_snark_unwrapped = res.unwrap();
  62. // verify the recursive snark at each step of recursion
  63. let res = recursive_snark_unwrapped.verify(
  64. &pp,
  65. i + 1,
  66. vec![<G1 as Group>::Scalar::from(2u64)],
  67. vec![<G2 as Group>::Scalar::from(2u64)],
  68. );
  69. assert!(res.is_ok());
  70. // set the running variable for the next iteration
  71. recursive_snark = Some(recursive_snark_unwrapped);
  72. }
  73. // Bench time to produce a compressed SNARK
  74. let recursive_snark = recursive_snark.unwrap();
  75. group.bench_function("Prove", |b| {
  76. b.iter(|| {
  77. assert!(CompressedSNARK::<_, _, _, _, S1, S2>::prove(
  78. black_box(&pp),
  79. black_box(&pk),
  80. black_box(&recursive_snark)
  81. )
  82. .is_ok());
  83. })
  84. });
  85. let res = CompressedSNARK::<_, _, _, _, S1, S2>::prove(&pp, &pk, &recursive_snark);
  86. assert!(res.is_ok());
  87. let compressed_snark = res.unwrap();
  88. // Benchmark the verification time
  89. group.bench_function("Verify", |b| {
  90. b.iter(|| {
  91. assert!(black_box(&compressed_snark)
  92. .verify(
  93. black_box(&vk),
  94. black_box(num_steps),
  95. black_box(vec![<G1 as Group>::Scalar::from(2u64)]),
  96. black_box(vec![<G2 as Group>::Scalar::from(2u64)]),
  97. )
  98. .is_ok());
  99. })
  100. });
  101. group.finish();
  102. }
  103. }
  104. #[derive(Clone, Debug, Default)]
  105. struct NonTrivialTestCircuit<F: PrimeField> {
  106. num_cons: usize,
  107. _p: PhantomData<F>,
  108. }
  109. impl<F> NonTrivialTestCircuit<F>
  110. where
  111. F: PrimeField,
  112. {
  113. pub fn new(num_cons: usize) -> Self {
  114. Self {
  115. num_cons,
  116. _p: Default::default(),
  117. }
  118. }
  119. }
  120. impl<F> StepCircuit<F> for NonTrivialTestCircuit<F>
  121. where
  122. F: PrimeField,
  123. {
  124. fn arity(&self) -> usize {
  125. 1
  126. }
  127. fn synthesize<CS: ConstraintSystem<F>>(
  128. &self,
  129. cs: &mut CS,
  130. z: &[AllocatedNum<F>],
  131. ) -> Result<Vec<AllocatedNum<F>>, SynthesisError> {
  132. // Consider a an equation: `x^2 = y`, where `x` and `y` are respectively the input and output.
  133. let mut x = z[0].clone();
  134. let mut y = x.clone();
  135. for i in 0..self.num_cons {
  136. y = x.square(cs.namespace(|| format!("x_sq_{i}")))?;
  137. x = y.clone();
  138. }
  139. Ok(vec![y])
  140. }
  141. fn output(&self, z: &[F]) -> Vec<F> {
  142. let mut x = z[0];
  143. let mut y = x;
  144. for _i in 0..self.num_cons {
  145. y = x * x;
  146. x = y;
  147. }
  148. vec![y]
  149. }
  150. }