Support non-determinism with a minimal API (#85)

* support non-determinism with small changes to the interface * update benches to use the new API * add an example that exercises non-deterministic advice at each step of recursion * tiny rename * Address clippy; update version
2026-01-11 00:21:29 +01:00 · 2022-07-07 12:17:56 -07:00
parent 6667d2f8b5
commit 63f08c0e4a
5 changed files with 623 additions and 343 deletions
--- a/benches/compressed-snark.rs
+++ b/benches/compressed-snark.rs
@@ -10,6 +10,31 @@ type G2 = pasta_curves::vesta::Point;
 type S1 = nova_snark::spartan_with_ipa_pc::RelaxedR1CSSNARK<G1>;
 type S2 = nova_snark::spartan_with_ipa_pc::RelaxedR1CSSNARK<G2>;

+#[derive(Clone, Debug)]
+struct TrivialTestCircuit<F: PrimeField> {
+  _p: PhantomData<F>,
+}
+
+impl<F> StepCircuit<F> for TrivialTestCircuit<F>
+where
+  F: PrimeField,
+{
+  fn synthesize<CS: ConstraintSystem<F>>(
+    &self,
+    _cs: &mut CS,
+    z: AllocatedNum<F>,
+  ) -> Result<AllocatedNum<F>, SynthesisError> {
+    Ok(z)
+  }
+
+  fn compute(&self, z: &F) -> F {
+    *z
+  }
+}
+
+type C1 = TrivialTestCircuit<<G1 as Group>::Scalar>;
+type C2 = TrivialTestCircuit<<G2 as Group>::Scalar>;
+
 use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
 use core::marker::PhantomData;
 use criterion::*;
@@ -18,8 +43,7 @@ use std::time::Duration;

 fn compressed_snark_benchmark(c: &mut Criterion) {
  let num_samples = 10;
-  let num_steps = 3;
-  bench_compressed_snark(c, num_samples, num_steps);
+  bench_compressed_snark(c, num_samples);
 }

 fn set_duration() -> Criterion {
@@ -34,16 +58,12 @@ targets = compressed_snark_benchmark

 criterion_main!(compressed_snark);

-fn bench_compressed_snark(c: &mut Criterion, num_samples: usize, num_steps: usize) {
+fn bench_compressed_snark(c: &mut Criterion, num_samples: usize) {
  let mut group = c.benchmark_group("CompressedSNARK");
  group.sample_size(num_samples);
+
  // Produce public parameters
-  let pp = PublicParams::<
-    G1,
-    G2,
-    TrivialTestCircuit<<G1 as Group>::Scalar>,
-    TrivialTestCircuit<<G2 as Group>::Scalar>,
-  >::setup(
+  let pp = PublicParams::<G1, G2, C1, C2>::setup(
    TrivialTestCircuit {
      _p: Default::default(),
    },
@@ -53,15 +73,40 @@ fn bench_compressed_snark(c: &mut Criterion, num_samples: usize, num_steps: usiz
  );

  // produce a recursive SNARK
-  let res = RecursiveSNARK::prove(
-    &pp,
-    num_steps,
-    <G1 as Group>::Scalar::zero(),
-    <G2 as Group>::Scalar::zero(),
-  );
-  assert!(res.is_ok());
-  let recursive_snark = res.unwrap();
+  let num_steps = 3;
+  let mut recursive_snark: Option<RecursiveSNARK<G1, G2, C1, C2>> = None;
+
+  for i in 0..num_steps {
+    let res = RecursiveSNARK::prove_step(
+      &pp,
+      recursive_snark,
+      TrivialTestCircuit {
+        _p: Default::default(),
+      },
+      TrivialTestCircuit {
+        _p: Default::default(),
+      },
+      <G1 as Group>::Scalar::one(),
+      <G2 as Group>::Scalar::zero(),
+    );
+    assert!(res.is_ok());
+    let recursive_snark_unwrapped = res.unwrap();
+
+    // verify the recursive snark at each step of recursion
+    let res = recursive_snark_unwrapped.verify(
+      &pp,
+      i + 1,
+      <G1 as Group>::Scalar::one(),
+      <G2 as Group>::Scalar::zero(),
+    );
+    assert!(res.is_ok());
+
+    // set the running variable for the next iteration
+    recursive_snark = Some(recursive_snark_unwrapped);
+  }
+
  // Bench time to produce a compressed SNARK
+  let recursive_snark = recursive_snark.unwrap();
  group.bench_function("Prove", |b| {
    b.iter(|| {
      assert!(CompressedSNARK::<_, _, _, _, S1, S2>::prove(
@@ -92,25 +137,3 @@ fn bench_compressed_snark(c: &mut Criterion, num_samples: usize, num_steps: usiz

  group.finish();
 }
-
-#[derive(Clone, Debug)]
-struct TrivialTestCircuit<F: PrimeField> {
-  _p: PhantomData<F>,
-}
-
-impl<F> StepCircuit<F> for TrivialTestCircuit<F>
-where
-  F: PrimeField,
-{
-  fn synthesize<CS: ConstraintSystem<F>>(
-    &self,
-    _cs: &mut CS,
-    z: AllocatedNum<F>,
-  ) -> Result<AllocatedNum<F>, SynthesisError> {
-    Ok(z)
-  }
-
-  fn compute(&self, z: &F) -> F {
-    *z
-  }
-}
--- a/benches/recursive-snark.rs
+++ b/benches/recursive-snark.rs
@@ -8,87 +8,6 @@ use nova_snark::{
 type G1 = pasta_curves::pallas::Point;
 type G2 = pasta_curves::vesta::Point;

-use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
-use core::marker::PhantomData;
-use criterion::*;
-use ff::PrimeField;
-use std::time::Duration;
-
-fn recursive_snark_benchmark(c: &mut Criterion) {
-  let num_samples = 10;
-  for num_steps in 1..10 {
-    bench_recursive_snark(c, num_samples, num_steps);
-  }
-}
-
-fn set_duration() -> Criterion {
-  Criterion::default().warm_up_time(Duration::from_millis(3000))
-}
-
-criterion_group! {
-name = recursive_snark;
-config = set_duration();
-targets = recursive_snark_benchmark
-}
-
-criterion_main!(recursive_snark);
-
-fn bench_recursive_snark(c: &mut Criterion, num_samples: usize, num_steps: usize) {
-  let mut group = c.benchmark_group(format!("RecursiveSNARK-NumSteps-{}", num_steps));
-  group.sample_size(num_samples);
-  // Produce public parameters
-  let pp = PublicParams::<
-    G1,
-    G2,
-    TrivialTestCircuit<<G1 as Group>::Scalar>,
-    TrivialTestCircuit<<G2 as Group>::Scalar>,
-  >::setup(
-    TrivialTestCircuit {
-      _p: Default::default(),
-    },
-    TrivialTestCircuit {
-      _p: Default::default(),
-    },
-  );
-  // Bench time to produce a recursive SNARK
-  group.bench_function("Prove", |b| {
-    b.iter(|| {
-      // produce a recursive SNARK
-      assert!(RecursiveSNARK::prove(
-        black_box(&pp),
-        black_box(num_steps),
-        black_box(<G1 as Group>::Scalar::zero()),
-        black_box(<G2 as Group>::Scalar::zero()),
-      )
-      .is_ok());
-    })
-  });
-  let res = RecursiveSNARK::prove(
-    &pp,
-    num_steps,
-    <G1 as Group>::Scalar::zero(),
-    <G2 as Group>::Scalar::zero(),
-  );
-  assert!(res.is_ok());
-  let recursive_snark = res.unwrap();
-
-  // Benchmark the verification time
-  let name = "Verify";
-  group.bench_function(name, |b| {
-    b.iter(|| {
-      assert!(black_box(&recursive_snark)
-        .verify(
-          black_box(&pp),
-          black_box(num_steps),
-          black_box(<G1 as Group>::Scalar::zero()),
-          black_box(<G2 as Group>::Scalar::zero()),
-        )
-        .is_ok());
-    });
-  });
-  group.finish();
-}
-
 #[derive(Clone, Debug)]
 struct TrivialTestCircuit<F: PrimeField> {
  _p: PhantomData<F>,
@@ -110,3 +29,117 @@ where
    *z
  }
 }
+
+type C1 = TrivialTestCircuit<<G1 as Group>::Scalar>;
+type C2 = TrivialTestCircuit<<G2 as Group>::Scalar>;
+
+use bellperson::{gadgets::num::AllocatedNum, ConstraintSystem, SynthesisError};
+use core::marker::PhantomData;
+use criterion::*;
+use ff::PrimeField;
+use std::time::Duration;
+
+fn recursive_snark_benchmark(c: &mut Criterion) {
+  let num_samples = 10;
+  bench_recursive_snark(c, num_samples);
+}
+
+fn set_duration() -> Criterion {
+  Criterion::default().warm_up_time(Duration::from_millis(3000))
+}
+
+criterion_group! {
+name = recursive_snark;
+config = set_duration();
+targets = recursive_snark_benchmark
+}
+
+criterion_main!(recursive_snark);
+
+fn bench_recursive_snark(c: &mut Criterion, num_samples: usize) {
+  let mut group = c.benchmark_group("RecursiveSNARK".to_string());
+  group.sample_size(num_samples);
+
+  // Produce public parameters
+  let pp = PublicParams::<G1, G2, C1, C2>::setup(
+    TrivialTestCircuit {
+      _p: Default::default(),
+    },
+    TrivialTestCircuit {
+      _p: Default::default(),
+    },
+  );
+
+  // Bench time to produce a recursive SNARK;
+  // we execute a certain number of warm-up steps since executing
+  // the first step is cheaper than other steps owing to the presence of
+  // a lot of zeros in the satisfying assignment
+  let num_warmup_steps = 10;
+  let mut recursive_snark: Option<RecursiveSNARK<G1, G2, C1, C2>> = None;
+
+  for i in 0..num_warmup_steps {
+    let res = RecursiveSNARK::prove_step(
+      &pp,
+      recursive_snark,
+      TrivialTestCircuit {
+        _p: Default::default(),
+      },
+      TrivialTestCircuit {
+        _p: Default::default(),
+      },
+      <G1 as Group>::Scalar::one(),
+      <G2 as Group>::Scalar::zero(),
+    );
+    assert!(res.is_ok());
+    let recursive_snark_unwrapped = res.unwrap();
+
+    // verify the recursive snark at each step of recursion
+    let res = recursive_snark_unwrapped.verify(
+      &pp,
+      i + 1,
+      <G1 as Group>::Scalar::one(),
+      <G2 as Group>::Scalar::zero(),
+    );
+    assert!(res.is_ok());
+
+    // set the running variable for the next iteration
+    recursive_snark = Some(recursive_snark_unwrapped);
+  }
+
+  group.bench_function("Prove", |b| {
+    b.iter(|| {
+      // produce a recursive SNARK for a step of the recursion
+      assert!(RecursiveSNARK::prove_step(
+        black_box(&pp),
+        black_box(recursive_snark.clone()),
+        black_box(TrivialTestCircuit {
+          _p: Default::default(),
+        }),
+        black_box(TrivialTestCircuit {
+          _p: Default::default(),
+        }),
+        black_box(<G1 as Group>::Scalar::zero()),
+        black_box(<G2 as Group>::Scalar::zero()),
+      )
+      .is_ok());
+    })
+  });
+
+  let recursive_snark = recursive_snark.unwrap();
+
+  // Benchmark the verification time
+  let name = "Verify";
+  group.bench_function(name, |b| {
+    b.iter(|| {
+      assert!(black_box(&recursive_snark)
+        .verify(
+          black_box(&pp),
+          black_box(num_warmup_steps),
+          black_box(<G1 as Group>::Scalar::zero()),
+          black_box(<G2 as Group>::Scalar::zero()),
+        )
+        .is_ok());
+    });
+  });
+  group.finish();
+}