You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

161 lines
4.3 KiB

  1. #![allow(non_snake_case)]
  2. use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
  3. use core::marker::PhantomData;
  4. use criterion::*;
  5. use ff::PrimeField;
  6. use nova_snark::{
  7. traits::{
  8. circuit::{StepCircuit, TrivialTestCircuit},
  9. Group,
  10. },
  11. CompressedSNARK, PublicParams, RecursiveSNARK,
  12. };
  13. use std::time::Duration;
  14. type G1 = pasta_curves::pallas::Point;
  15. type G2 = pasta_curves::vesta::Point;
  16. type S1 = nova_snark::spartan_with_ipa_pc::RelaxedR1CSSNARK<G1>;
  17. type S2 = nova_snark::spartan_with_ipa_pc::RelaxedR1CSSNARK<G2>;
  18. type C1 = NonTrivialTestCircuit<<G1 as Group>::Scalar>;
  19. type C2 = TrivialTestCircuit<<G2 as Group>::Scalar>;
  20. criterion_group! {
  21. name = compressed_snark;
  22. config = Criterion::default().warm_up_time(Duration::from_millis(3000));
  23. targets = bench_compressed_snark
  24. }
  25. criterion_main!(compressed_snark);
  26. fn bench_compressed_snark(c: &mut Criterion) {
  27. let num_samples = 10;
  28. let num_cons_verifier_circuit_primary = 9819;
  29. // we vary the number of constraints in the step circuit
  30. for &num_cons_in_augmented_circuit in
  31. [9819, 16384, 32768, 65536, 131072, 262144, 524288, 1048576].iter()
  32. {
  33. // number of constraints in the step circuit
  34. let num_cons = num_cons_in_augmented_circuit - num_cons_verifier_circuit_primary;
  35. let mut group = c.benchmark_group(format!("CompressedSNARK-StepCircuitSize-{num_cons}"));
  36. group.sample_size(num_samples);
  37. // Produce public parameters
  38. let pp = PublicParams::<G1, G2, C1, C2>::setup(
  39. NonTrivialTestCircuit::new(num_cons),
  40. TrivialTestCircuit::default(),
  41. );
  42. // produce a recursive SNARK
  43. let num_steps = 3;
  44. let mut recursive_snark: Option<RecursiveSNARK<G1, G2, C1, C2>> = None;
  45. for i in 0..num_steps {
  46. let res = RecursiveSNARK::prove_step(
  47. &pp,
  48. recursive_snark,
  49. NonTrivialTestCircuit::new(num_cons),
  50. TrivialTestCircuit::default(),
  51. vec![<G1 as Group>::Scalar::from(2u64)],
  52. vec![<G2 as Group>::Scalar::from(2u64)],
  53. );
  54. assert!(res.is_ok());
  55. let recursive_snark_unwrapped = res.unwrap();
  56. // verify the recursive snark at each step of recursion
  57. let res = recursive_snark_unwrapped.verify(
  58. &pp,
  59. i + 1,
  60. vec![<G1 as Group>::Scalar::from(2u64)],
  61. vec![<G2 as Group>::Scalar::from(2u64)],
  62. );
  63. assert!(res.is_ok());
  64. // set the running variable for the next iteration
  65. recursive_snark = Some(recursive_snark_unwrapped);
  66. }
  67. // Bench time to produce a compressed SNARK
  68. let recursive_snark = recursive_snark.unwrap();
  69. group.bench_function("Prove", |b| {
  70. b.iter(|| {
  71. assert!(CompressedSNARK::<_, _, _, _, S1, S2>::prove(
  72. black_box(&pp),
  73. black_box(&recursive_snark)
  74. )
  75. .is_ok());
  76. })
  77. });
  78. let res = CompressedSNARK::<_, _, _, _, S1, S2>::prove(&pp, &recursive_snark);
  79. assert!(res.is_ok());
  80. let compressed_snark = res.unwrap();
  81. // Benchmark the verification time
  82. group.bench_function("Verify", |b| {
  83. b.iter(|| {
  84. assert!(black_box(&compressed_snark)
  85. .verify(
  86. black_box(&pp),
  87. black_box(num_steps),
  88. black_box(vec![<G1 as Group>::Scalar::from(2u64)]),
  89. black_box(vec![<G2 as Group>::Scalar::from(2u64)]),
  90. )
  91. .is_ok());
  92. })
  93. });
  94. group.finish();
  95. }
  96. }
  97. #[derive(Clone, Debug, Default)]
  98. struct NonTrivialTestCircuit<F: PrimeField> {
  99. num_cons: usize,
  100. _p: PhantomData<F>,
  101. }
  102. impl<F> NonTrivialTestCircuit<F>
  103. where
  104. F: PrimeField,
  105. {
  106. pub fn new(num_cons: usize) -> Self {
  107. Self {
  108. num_cons,
  109. _p: Default::default(),
  110. }
  111. }
  112. }
  113. impl<F> StepCircuit<F> for NonTrivialTestCircuit<F>
  114. where
  115. F: PrimeField,
  116. {
  117. fn arity(&self) -> usize {
  118. 1
  119. }
  120. fn synthesize<CS: ConstraintSystem<F>>(
  121. &self,
  122. cs: &mut CS,
  123. z: &[AllocatedNum<F>],
  124. ) -> Result<Vec<AllocatedNum<F>>, SynthesisError> {
  125. // Consider a an equation: `x^2 = y`, where `x` and `y` are respectively the input and output.
  126. let mut x = z[0].clone();
  127. let mut y = x.clone();
  128. for i in 0..self.num_cons {
  129. y = x.square(cs.namespace(|| format!("x_sq_{i}")))?;
  130. x = y.clone();
  131. }
  132. Ok(vec![y])
  133. }
  134. fn output(&self, z: &[F]) -> Vec<F> {
  135. let mut x = z[0];
  136. let mut y = x;
  137. for _i in 0..self.num_cons {
  138. y = x * x;
  139. x = y;
  140. }
  141. vec![y]
  142. }
  143. }