You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

154 lines
4.1 KiB

  1. #![allow(non_snake_case)]
  2. use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
  3. use core::marker::PhantomData;
  4. use criterion::*;
  5. use ff::PrimeField;
  6. use nova_snark::{
  7. traits::{
  8. circuit::{StepCircuit, TrivialTestCircuit},
  9. Group,
  10. },
  11. PublicParams, RecursiveSNARK,
  12. };
  13. use std::time::Duration;
  14. type G1 = pasta_curves::pallas::Point;
  15. type G2 = pasta_curves::vesta::Point;
  16. type C1 = NonTrivialTestCircuit<<G1 as Group>::Scalar>;
  17. type C2 = TrivialTestCircuit<<G2 as Group>::Scalar>;
  18. criterion_group! {
  19. name = recursive_snark;
  20. config = Criterion::default().warm_up_time(Duration::from_millis(3000));
  21. targets = bench_recursive_snark
  22. }
  23. criterion_main!(recursive_snark);
  24. fn bench_recursive_snark(c: &mut Criterion) {
  25. // we vary the number of constraints in the step circuit
  26. for &log_num_cons_in_step_circuit in [0, 15, 16, 17, 18, 19, 20].iter() {
  27. let num_cons = 1 << log_num_cons_in_step_circuit;
  28. let mut group = c.benchmark_group(format!("RecursiveSNARK-StepCircuitSize-{}", num_cons));
  29. group.sample_size(10);
  30. // Produce public parameters
  31. let pp = PublicParams::<G1, G2, C1, C2>::setup(
  32. NonTrivialTestCircuit::new(num_cons),
  33. TrivialTestCircuit::default(),
  34. );
  35. // Bench time to produce a recursive SNARK;
  36. // we execute a certain number of warm-up steps since executing
  37. // the first step is cheaper than other steps owing to the presence of
  38. // a lot of zeros in the satisfying assignment
  39. let num_warmup_steps = 10;
  40. let mut recursive_snark: Option<RecursiveSNARK<G1, G2, C1, C2>> = None;
  41. for i in 0..num_warmup_steps {
  42. let res = RecursiveSNARK::prove_step(
  43. &pp,
  44. recursive_snark,
  45. NonTrivialTestCircuit::new(num_cons),
  46. TrivialTestCircuit::default(),
  47. <G1 as Group>::Scalar::one(),
  48. <G2 as Group>::Scalar::one(),
  49. );
  50. assert!(res.is_ok());
  51. let recursive_snark_unwrapped = res.unwrap();
  52. // verify the recursive snark at each step of recursion
  53. let res = recursive_snark_unwrapped.verify(
  54. &pp,
  55. i + 1,
  56. <G1 as Group>::Scalar::one(),
  57. <G2 as Group>::Scalar::one(),
  58. );
  59. assert!(res.is_ok());
  60. // set the running variable for the next iteration
  61. recursive_snark = Some(recursive_snark_unwrapped);
  62. }
  63. group.bench_function("Prove", |b| {
  64. b.iter(|| {
  65. // produce a recursive SNARK for a step of the recursion
  66. assert!(RecursiveSNARK::prove_step(
  67. black_box(&pp),
  68. black_box(recursive_snark.clone()),
  69. black_box(NonTrivialTestCircuit::new(num_cons)),
  70. black_box(TrivialTestCircuit::default()),
  71. black_box(<G1 as Group>::Scalar::one()),
  72. black_box(<G2 as Group>::Scalar::one()),
  73. )
  74. .is_ok());
  75. })
  76. });
  77. let recursive_snark = recursive_snark.unwrap();
  78. // Benchmark the verification time
  79. group.bench_function("Verify", |b| {
  80. b.iter(|| {
  81. assert!(black_box(&recursive_snark)
  82. .verify(
  83. black_box(&pp),
  84. black_box(num_warmup_steps),
  85. black_box(<G1 as Group>::Scalar::one()),
  86. black_box(<G2 as Group>::Scalar::one()),
  87. )
  88. .is_ok());
  89. });
  90. });
  91. group.finish();
  92. }
  93. }
  94. #[derive(Clone, Debug, Default)]
  95. struct NonTrivialTestCircuit<F: PrimeField> {
  96. num_cons: usize,
  97. _p: PhantomData<F>,
  98. }
  99. impl<F> NonTrivialTestCircuit<F>
  100. where
  101. F: PrimeField,
  102. {
  103. pub fn new(num_cons: usize) -> Self {
  104. Self {
  105. num_cons,
  106. _p: Default::default(),
  107. }
  108. }
  109. }
  110. impl<F> StepCircuit<F> for NonTrivialTestCircuit<F>
  111. where
  112. F: PrimeField,
  113. {
  114. fn synthesize<CS: ConstraintSystem<F>>(
  115. &self,
  116. cs: &mut CS,
  117. z: AllocatedNum<F>,
  118. ) -> Result<AllocatedNum<F>, SynthesisError> {
  119. // Consider a an equation: `x^2 = y`, where `x` and `y` are respectively the input and output.
  120. let mut x = z;
  121. let mut y = x.clone();
  122. for i in 0..self.num_cons {
  123. y = x.square(cs.namespace(|| format!("x_sq_{}", i)))?;
  124. x = y.clone();
  125. }
  126. Ok(y)
  127. }
  128. fn compute(&self, z: &F) -> F {
  129. let mut x = *z;
  130. let mut y = x;
  131. for _i in 0..self.num_cons {
  132. y = x * x;
  133. x = y;
  134. }
  135. y
  136. }
  137. }