You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

161 lines
4.4 KiB

  1. #![allow(non_snake_case)]
  2. use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
  3. use core::marker::PhantomData;
  4. use criterion::*;
  5. use ff::PrimeField;
  6. use nova_snark::{
  7. traits::{
  8. circuit::{StepCircuit, TrivialTestCircuit},
  9. Group,
  10. },
  11. PublicParams, RecursiveSNARK,
  12. };
  13. use std::time::Duration;
  14. type G1 = pasta_curves::pallas::Point;
  15. type G2 = pasta_curves::vesta::Point;
  16. type C1 = NonTrivialTestCircuit<<G1 as Group>::Scalar>;
  17. type C2 = TrivialTestCircuit<<G2 as Group>::Scalar>;
  18. criterion_group! {
  19. name = recursive_snark;
  20. config = Criterion::default().warm_up_time(Duration::from_millis(3000));
  21. targets = bench_recursive_snark
  22. }
  23. criterion_main!(recursive_snark);
  24. fn bench_recursive_snark(c: &mut Criterion) {
  25. let num_cons_verifier_circuit_primary = 9819;
  26. // we vary the number of constraints in the step circuit
  27. for &num_cons_in_augmented_circuit in
  28. [9819, 16384, 32768, 65536, 131072, 262144, 524288, 1048576].iter()
  29. {
  30. // number of constraints in the step circuit
  31. let num_cons = num_cons_in_augmented_circuit - num_cons_verifier_circuit_primary;
  32. let mut group = c.benchmark_group(format!("RecursiveSNARK-StepCircuitSize-{num_cons}"));
  33. group.sample_size(10);
  34. let c_primary = NonTrivialTestCircuit::new(num_cons);
  35. let c_secondary = TrivialTestCircuit::default();
  36. // Produce public parameters
  37. let pp = PublicParams::<G1, G2, C1, C2>::setup(c_primary.clone(), c_secondary.clone());
  38. // Bench time to produce a recursive SNARK;
  39. // we execute a certain number of warm-up steps since executing
  40. // the first step is cheaper than other steps owing to the presence of
  41. // a lot of zeros in the satisfying assignment
  42. let num_warmup_steps = 10;
  43. let mut recursive_snark: RecursiveSNARK<G1, G2, C1, C2> = RecursiveSNARK::new(
  44. &pp,
  45. &c_primary,
  46. &c_secondary,
  47. vec![<G1 as Group>::Scalar::from(2u64)],
  48. vec![<G2 as Group>::Scalar::from(2u64)],
  49. );
  50. for i in 0..num_warmup_steps {
  51. let res = recursive_snark.prove_step(
  52. &pp,
  53. &c_primary,
  54. &c_secondary,
  55. vec![<G1 as Group>::Scalar::from(2u64)],
  56. vec![<G2 as Group>::Scalar::from(2u64)],
  57. );
  58. assert!(res.is_ok());
  59. // verify the recursive snark at each step of recursion
  60. let res = recursive_snark.verify(
  61. &pp,
  62. i + 1,
  63. &[<G1 as Group>::Scalar::from(2u64)],
  64. &[<G2 as Group>::Scalar::from(2u64)],
  65. );
  66. assert!(res.is_ok());
  67. }
  68. group.bench_function("Prove", |b| {
  69. b.iter(|| {
  70. // produce a recursive SNARK for a step of the recursion
  71. assert!(black_box(&mut recursive_snark.clone())
  72. .prove_step(
  73. black_box(&pp),
  74. black_box(&c_primary),
  75. black_box(&c_secondary),
  76. black_box(vec![<G1 as Group>::Scalar::from(2u64)]),
  77. black_box(vec![<G2 as Group>::Scalar::from(2u64)]),
  78. )
  79. .is_ok());
  80. })
  81. });
  82. // Benchmark the verification time
  83. group.bench_function("Verify", |b| {
  84. b.iter(|| {
  85. assert!(black_box(&recursive_snark)
  86. .verify(
  87. black_box(&pp),
  88. black_box(num_warmup_steps),
  89. black_box(&vec![<G1 as Group>::Scalar::from(2u64)][..]),
  90. black_box(&vec![<G2 as Group>::Scalar::from(2u64)][..]),
  91. )
  92. .is_ok());
  93. });
  94. });
  95. group.finish();
  96. }
  97. }
  98. #[derive(Clone, Debug, Default)]
  99. struct NonTrivialTestCircuit<F: PrimeField> {
  100. num_cons: usize,
  101. _p: PhantomData<F>,
  102. }
  103. impl<F> NonTrivialTestCircuit<F>
  104. where
  105. F: PrimeField,
  106. {
  107. pub fn new(num_cons: usize) -> Self {
  108. Self {
  109. num_cons,
  110. _p: Default::default(),
  111. }
  112. }
  113. }
  114. impl<F> StepCircuit<F> for NonTrivialTestCircuit<F>
  115. where
  116. F: PrimeField,
  117. {
  118. fn arity(&self) -> usize {
  119. 1
  120. }
  121. fn synthesize<CS: ConstraintSystem<F>>(
  122. &self,
  123. cs: &mut CS,
  124. z: &[AllocatedNum<F>],
  125. ) -> Result<Vec<AllocatedNum<F>>, SynthesisError> {
  126. // Consider a an equation: `x^2 = y`, where `x` and `y` are respectively the input and output.
  127. let mut x = z[0].clone();
  128. let mut y = x.clone();
  129. for i in 0..self.num_cons {
  130. y = x.square(cs.namespace(|| format!("x_sq_{i}")))?;
  131. x = y.clone();
  132. }
  133. Ok(vec![y])
  134. }
  135. fn output(&self, z: &[F]) -> Vec<F> {
  136. let mut x = z[0];
  137. let mut y = x;
  138. for _i in 0..self.num_cons {
  139. y = x * x;
  140. x = y;
  141. }
  142. vec![y]
  143. }
  144. }