arnaucube/fri-commitment
1
1
Fork 0
mirror of https://github.com/arnaucube/fri-commitment.git synced 2026-01-12 17:01:34 +01:00
Code Issues Projects Releases Wiki Activity

FRI-PCS add check for commitmnt of evaluation at r

Browse Source
This commit is contained in:
arnaucube
2023-03-25 09:21:17 +01:00
parent ead8e36753
commit acff8a302b
2 changed files with 37 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.toml
View File

@@ -12,10 +12,11 @@ repository = "https://github.com/arnaucube/fri-commitment"
ark-std = "0.4.0" ark-std = "0.4.0"
ark-ff = "0.4.0" ark-ff = "0.4.0"
ark-poly = "0.4.0" ark-poly = "0.4.0"
ark-bn254 = { version = "0.4.0", default-features = false }
ark-ed-on-bn254 = { version = "0.4.0", default-features = true }
ark-crypto-primitives = { version = "0.4.0", default-features = true }
ark-serialize = { version = "0.4.0", default-features = false, features = [ "derive" ] } ark-serialize = { version = "0.4.0", default-features = false, features = [ "derive" ] }
rand = { version = "0.8", features = [ "std", "std_rng" ] } rand = { version = "0.8", features = [ "std", "std_rng" ] }
sha3 = "0.10.6" sha3 = "0.10.6"
merlin = { version = "3.0.0" } merlin = { version = "3.0.0" }
[dev-dependencies]
ark-bn254 = { version = "0.4.0", default-features = false }
ark-ed-on-bn254 = { version = "0.4.0", default-features = true }

42
src/lib.rs
View File

@@ -16,6 +16,7 @@ use ark_std::cfg_into_iter;
use ark_std::marker::PhantomData; use ark_std::marker::PhantomData;
use ark_std::ops::Div; use ark_std::ops::Div;
use ark_std::ops::Mul; use ark_std::ops::Mul;
use ark_std::{rand::Rng, UniformRand};
// rho^-1 // rho^-1
const rho1: usize = 8; // WIP TODO parametrize const rho1: usize = 8; // WIP TODO parametrize
@@ -237,6 +238,7 @@ impl<F: PrimeField, P: DenseUVPolynomial<F>, H: Hash<F>> FRI_LDT<F, P, H> {
pub struct FRI_PCS_Proof<F: PrimeField> { pub struct FRI_PCS_Proof<F: PrimeField> {
p_proof: LDTProof<F>, p_proof: LDTProof<F>,
g_proof: LDTProof<F>, g_proof: LDTProof<F>,
mtproof_y_index: F, // TODO maybe include index in the mtproof, this would be done at the MerkleTree impl level
mtproof_y: Vec<F>, mtproof_y: Vec<F>,
} }
@@ -252,11 +254,21 @@ where
for<'a, 'b> &'a P: Div<&'b P, Output = P>, for<'a, 'b> &'a P: Div<&'b P, Output = P>,
{ {
pub fn commit(p: &P) -> F { pub fn commit(p: &P) -> F {
let (cm, _) = Self::tree_from_domain_evals(p); let (cm, _, _) = Self::tree_from_domain_evals(p);
cm cm
} }
fn tree_from_domain_evals(p: &P) -> (F, MerkleTree<F, H>) { pub fn rand_in_eval_domain<R: Rng>(rng: &mut R, deg: usize) -> F {
let sub_order = deg * rho1;
let eval_domain: GeneralEvaluationDomain<F> =
GeneralEvaluationDomain::new(sub_order).unwrap();
let size = eval_domain.size();
let c = usize::rand(rng);
let pos = c % size;
eval_domain.element(pos)
}
fn tree_from_domain_evals(p: &P) -> (F, MerkleTree<F, H>, Vec<F>) {
let d = p.degree(); let d = p.degree();
let sub_order = d * rho1; let sub_order = d * rho1;
let eval_sub_domain: GeneralEvaluationDomain<F> = let eval_sub_domain: GeneralEvaluationDomain<F> =
@@ -264,7 +276,8 @@ where
let subdomain_evaluations: Vec<F> = cfg_into_iter!(0..eval_sub_domain.size()) let subdomain_evaluations: Vec<F> = cfg_into_iter!(0..eval_sub_domain.size())
.map(|k| p.evaluate(&eval_sub_domain.element(k))) .map(|k| p.evaluate(&eval_sub_domain.element(k)))
.collect(); .collect();
MerkleTree::<F, H>::commit(&subdomain_evaluations) let (cm, mt) = MerkleTree::<F, H>::commit(&subdomain_evaluations);
(cm, mt, subdomain_evaluations)
} }
pub fn open(p: &P, r: F) -> (F, FRI_PCS_Proof<F>) { pub fn open(p: &P, r: F) -> (F, FRI_PCS_Proof<F>) {
@@ -282,10 +295,17 @@ where
panic!("ERR p.deg: {}, g.deg: {}", p.degree(), g.degree()); // TODO err panic!("ERR p.deg: {}, g.deg: {}", p.degree(), g.degree()); // TODO err
} }
// TODO proof for commitment // proof for commitment
// reconstruct commitment_mt // reconstruct commitment_mt
let (_, commitment_mt) = Self::tree_from_domain_evals(&p); let (_, commitment_mt, subdomain_evaluations) = Self::tree_from_domain_evals(&p);
let y_eval_index = F::from(3_u32); // TODO find y in subdomain_evaluations // find y in subdomain_evaluations
let mut y_eval_index: F = F::zero();
for i in 0..subdomain_evaluations.len() {
if y == subdomain_evaluations[i] {
y_eval_index = F::from(i as u64);
break;
}
}
let mtproof_y = commitment_mt.open(y_eval_index); let mtproof_y = commitment_mt.open(y_eval_index);
let p_proof = FRI_LDT::<F, P, H>::prove(p); let p_proof = FRI_LDT::<F, P, H>::prove(p);
@@ -296,6 +316,7 @@ where
FRI_PCS_Proof { FRI_PCS_Proof {
p_proof, p_proof,
g_proof, g_proof,
mtproof_y_index: y_eval_index,
mtproof_y, mtproof_y,
}, },
) )
@@ -323,7 +344,10 @@ where
return false; return false;
} }
// TODO check commitment // check that commitment was for the given y
if !MerkleTree::<F, H>::verify(commitment, proof.mtproof_y_index, y, proof.mtproof_y) {
return false;
}
// check FRI-LDT for p(x) // check FRI-LDT for p(x)
if !FRI_LDT::<F, P, H>::verify(proof.p_proof, deg_p) { if !FRI_LDT::<F, P, H>::verify(proof.p_proof, deg_p) {
@@ -397,8 +421,8 @@ mod tests {
let commitment = PCS::commit(&p); let commitment = PCS::commit(&p);
// Verifier // Verifier set challenge in evaluation domain for the degree
let r = Fr::rand(&mut rng); let r = PCS::rand_in_eval_domain(&mut rng, deg);
let (claimed_y, proof) = PCS::open(&p, r); let (claimed_y, proof) = PCS::open(&p, r);