mirror of
https://github.com/arnaucube/gnark-plonky2-verifier.git
synced 2026-01-12 00:51:33 +01:00
Revert "Range check optimizations"
This commit is contained in:
puma314
GitHub
73
fri/fri.go
73
fri/fri.go
@@ -11,67 +11,28 @@ import (
|
||||
gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/types"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/variables"
|
||||
)
|
||||
|
||||
type Chip struct {
|
||||
api frontend.API `gnark:"-"`
|
||||
gl gl.Chip `gnark:"-"`
|
||||
poseidonBN254Chip *poseidon.BN254Chip `gnark:"-"`
|
||||
commonData *types.CommonCircuitData `gnark:"-"`
|
||||
friParams *types.FriParams `gnark:"-"`
|
||||
api frontend.API `gnark:"-"`
|
||||
gl gl.Chip `gnark:"-"`
|
||||
poseidonBN254Chip *poseidon.BN254Chip
|
||||
friParams *types.FriParams `gnark:"-"`
|
||||
}
|
||||
|
||||
func NewChip(
|
||||
api frontend.API,
|
||||
commonData *types.CommonCircuitData,
|
||||
friParams *types.FriParams,
|
||||
) *Chip {
|
||||
poseidonBN254Chip := poseidon.NewBN254Chip(api)
|
||||
return &Chip{
|
||||
api: api,
|
||||
poseidonBN254Chip: poseidonBN254Chip,
|
||||
commonData: commonData,
|
||||
friParams: friParams,
|
||||
gl: *gl.New(api),
|
||||
gl: *gl.NewChip(api),
|
||||
}
|
||||
}
|
||||
|
||||
func (f *Chip) GetInstance(zeta gl.QuadraticExtensionVariable) InstanceInfo {
|
||||
zetaBatch := BatchInfo{
|
||||
Point: zeta,
|
||||
Polynomials: friAllPolys(f.commonData),
|
||||
}
|
||||
|
||||
g := gl.PrimitiveRootOfUnity(f.commonData.DegreeBits)
|
||||
zetaNext := f.gl.MulExtension(
|
||||
gl.NewVariable(g.Uint64()).ToQuadraticExtension(),
|
||||
zeta,
|
||||
)
|
||||
|
||||
zetaNextBath := BatchInfo{
|
||||
Point: zetaNext,
|
||||
Polynomials: friZSPolys(f.commonData),
|
||||
}
|
||||
|
||||
return InstanceInfo{
|
||||
Oracles: friOracles(f.commonData),
|
||||
Batches: []BatchInfo{zetaBatch, zetaNextBath},
|
||||
}
|
||||
}
|
||||
|
||||
func (f *Chip) ToOpenings(c variables.OpeningSet) Openings {
|
||||
values := c.Constants // num_constants + 1
|
||||
values = append(values, c.PlonkSigmas...) // num_routed_wires
|
||||
values = append(values, c.Wires...) // num_wires
|
||||
values = append(values, c.PlonkZs...) // num_challenges
|
||||
values = append(values, c.PartialProducts...) // num_challenges * num_partial_products
|
||||
values = append(values, c.QuotientPolys...) // num_challenges * quotient_degree_factor
|
||||
zetaBatch := OpeningBatch{Values: values}
|
||||
zetaNextBatch := OpeningBatch{Values: c.PlonkZsNext}
|
||||
return Openings{Batches: []OpeningBatch{zetaBatch, zetaNextBatch}}
|
||||
}
|
||||
|
||||
func (f *Chip) assertLeadingZeros(powWitness gl.Variable, friConfig types.FriConfig) {
|
||||
// Asserts that powWitness'es big-endian bit representation has at least `leading_zeros` leading zeros.
|
||||
// Note that this is assuming that the Goldilocks field is being used. Specfically that the
|
||||
@@ -100,8 +61,8 @@ func (f *Chip) verifyMerkleProofToCapWithCapIndex(
|
||||
leafData []gl.Variable,
|
||||
leafIndexBits []frontend.Variable,
|
||||
capIndexBits []frontend.Variable,
|
||||
merkleCap variables.FriMerkleCap,
|
||||
proof *variables.FriMerkleProof,
|
||||
merkleCap types.FriMerkleCap,
|
||||
proof *types.FriMerkleProof,
|
||||
) {
|
||||
currentDigest := f.poseidonBN254Chip.HashOrNoop(leafData)
|
||||
for i, sibling := range proof.Siblings {
|
||||
@@ -139,7 +100,7 @@ func (f *Chip) verifyMerkleProofToCapWithCapIndex(
|
||||
f.api.AssertIsEqual(currentDigest, merkleCapEntry)
|
||||
}
|
||||
|
||||
func (f *Chip) verifyInitialProof(xIndexBits []frontend.Variable, proof *variables.FriInitialTreeProof, initialMerkleCaps []variables.FriMerkleCap, capIndexBits []frontend.Variable) {
|
||||
func (f *Chip) verifyInitialProof(xIndexBits []frontend.Variable, proof *types.FriInitialTreeProof, initialMerkleCaps []types.FriMerkleCap, capIndexBits []frontend.Variable) {
|
||||
if len(proof.EvalsProofs) != len(initialMerkleCaps) {
|
||||
panic("length of eval proofs in fri proof should equal length of initial merkle caps")
|
||||
}
|
||||
@@ -226,7 +187,7 @@ func (f *Chip) calculateSubgroupX(
|
||||
|
||||
func (f *Chip) friCombineInitial(
|
||||
instance InstanceInfo,
|
||||
proof variables.FriInitialTreeProof,
|
||||
proof types.FriInitialTreeProof,
|
||||
friAlpha gl.QuadraticExtensionVariable,
|
||||
subgroupX_QE gl.QuadraticExtensionVariable,
|
||||
precomputedReducedEval []gl.QuadraticExtensionVariable,
|
||||
@@ -267,7 +228,7 @@ func (f *Chip) friCombineInitial(
|
||||
return sum
|
||||
}
|
||||
|
||||
func (f *Chip) finalPolyEval(finalPoly variables.PolynomialCoeffs, point gl.QuadraticExtensionVariable) gl.QuadraticExtensionVariable {
|
||||
func (f *Chip) finalPolyEval(finalPoly types.PolynomialCoeffs, point gl.QuadraticExtensionVariable) gl.QuadraticExtensionVariable {
|
||||
ret := gl.ZeroExtension()
|
||||
for i := len(finalPoly.Coeffs) - 1; i >= 0; i-- {
|
||||
ret = f.gl.MulAddExtension(ret, point, finalPoly.Coeffs[i])
|
||||
@@ -394,14 +355,14 @@ func (f *Chip) computeEvaluation(
|
||||
|
||||
func (f *Chip) verifyQueryRound(
|
||||
instance InstanceInfo,
|
||||
challenges *variables.FriChallenges,
|
||||
challenges *types.FriChallenges,
|
||||
precomputedReducedEval []gl.QuadraticExtensionVariable,
|
||||
initialMerkleCaps []variables.FriMerkleCap,
|
||||
proof *variables.FriProof,
|
||||
initialMerkleCaps []types.FriMerkleCap,
|
||||
proof *types.FriProof,
|
||||
xIndex gl.Variable,
|
||||
n uint64,
|
||||
nLog uint64,
|
||||
roundProof *variables.FriQueryRound,
|
||||
roundProof *types.FriQueryRound,
|
||||
) {
|
||||
f.assertNoncanonicalIndicesOK()
|
||||
xIndex = f.gl.Reduce(xIndex)
|
||||
@@ -507,9 +468,9 @@ func (f *Chip) verifyQueryRound(
|
||||
func (f *Chip) VerifyFriProof(
|
||||
instance InstanceInfo,
|
||||
openings Openings,
|
||||
friChallenges *variables.FriChallenges,
|
||||
initialMerkleCaps []variables.FriMerkleCap,
|
||||
friProof *variables.FriProof,
|
||||
friChallenges *types.FriChallenges,
|
||||
initialMerkleCaps []types.FriMerkleCap,
|
||||
friProof *types.FriProof,
|
||||
) {
|
||||
// TODO: Check fri config
|
||||
/* if let Some(max_arity_bits) = params.max_arity_bits() {
|
||||
|
||||
@@ -11,23 +11,23 @@ import (
|
||||
gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/types"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/variables"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/verifier"
|
||||
)
|
||||
|
||||
type TestFriCircuit struct {
|
||||
ProofWithPis variables.ProofWithPublicInputs
|
||||
VerifierOnlyCircuitData variables.VerifierOnlyCircuitData
|
||||
CommonCircuitData types.CommonCircuitData
|
||||
proofWithPIsFilename string `gnark:"-"`
|
||||
commonCircuitDataFilename string `gnark:"-"`
|
||||
verifierOnlyCircuitDataFilename string `gnark:"-"`
|
||||
}
|
||||
|
||||
func (circuit *TestFriCircuit) Define(api frontend.API) error {
|
||||
commonCircuitData := circuit.CommonCircuitData
|
||||
verifierOnlyCircuitData := circuit.VerifierOnlyCircuitData
|
||||
proofWithPis := circuit.ProofWithPis
|
||||
proofWithPis := verifier.DeserializeProofWithPublicInputs(circuit.proofWithPIsFilename)
|
||||
commonCircuitData := verifier.DeserializeCommonCircuitData(circuit.commonCircuitDataFilename)
|
||||
verifierOnlyCircuitData := verifier.DeserializeVerifierOnlyCircuitData(circuit.verifierOnlyCircuitDataFilename)
|
||||
|
||||
glApi := gl.New(api)
|
||||
glApi := gl.NewChip(api)
|
||||
poseidonChip := poseidon.NewGoldilocksChip(api)
|
||||
friChip := fri.NewChip(api, &commonCircuitData, &commonCircuitData.FriParams)
|
||||
friChip := fri.NewChip(api, &commonCircuitData.FriParams)
|
||||
challengerChip := challenger.NewChip(api)
|
||||
|
||||
challengerChip.ObserveBN254Hash(verifierOnlyCircuitData.CircuitDigest)
|
||||
@@ -46,7 +46,7 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
|
||||
plonkZeta := challengerChip.GetExtensionChallenge()
|
||||
glApi.AssertIsEqual(plonkZeta[0], gl.NewVariable("3892795992421241388"))
|
||||
|
||||
challengerChip.ObserveOpenings(friChip.ToOpenings(proofWithPis.Proof.Openings))
|
||||
challengerChip.ObserveOpenings(fri.ToOpenings(proofWithPis.Proof.Openings))
|
||||
|
||||
friChallenges := challengerChip.GetFriChallenges(
|
||||
proofWithPis.Proof.OpeningProof.CommitPhaseMerkleCaps,
|
||||
@@ -67,7 +67,7 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
|
||||
x = 11890500485816111017
|
||||
api.AssertIsEqual(friChallenges.FriQueryIndices[0].Limb, x)
|
||||
|
||||
initialMerkleCaps := []variables.FriMerkleCap{
|
||||
initialMerkleCaps := []types.FriMerkleCap{
|
||||
verifierOnlyCircuitData.ConstantSigmasCap,
|
||||
proofWithPis.Proof.WiresCap,
|
||||
proofWithPis.Proof.PlonkZsPartialProductsCap,
|
||||
@@ -94,8 +94,8 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
|
||||
}
|
||||
|
||||
friChip.VerifyFriProof(
|
||||
friChip.GetInstance(plonkZeta),
|
||||
friChip.ToOpenings(proofWithPis.Proof.Openings),
|
||||
fri.GetInstance(&commonCircuitData, glApi, plonkZeta, commonCircuitData.DegreeBits),
|
||||
fri.ToOpenings(proofWithPis.Proof.Openings),
|
||||
&friChallenges,
|
||||
initialMerkleCaps,
|
||||
&proofWithPis.Proof.OpeningProof,
|
||||
@@ -107,24 +107,16 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
|
||||
func TestDecodeBlockFriVerification(t *testing.T) {
|
||||
assert := test.NewAssert(t)
|
||||
|
||||
proofWithPIsFilename := "../testdata/decode_block/proof_with_public_inputs.json"
|
||||
commonCircuitDataFilename := "../testdata/decode_block/common_circuit_data.json"
|
||||
verifierOnlyCircuitDataFilename := "../testdata/decode_block/verifier_only_circuit_data.json"
|
||||
|
||||
proofWithPis := variables.DeserializeProofWithPublicInputs(types.ReadProofWithPublicInputs(proofWithPIsFilename))
|
||||
commonCircuitData := types.ReadCommonCircuitData(commonCircuitDataFilename)
|
||||
verifierOnlyCircuitData := variables.DeserializeVerifierOnlyCircuitData(types.ReadVerifierOnlyCircuitData(verifierOnlyCircuitDataFilename))
|
||||
|
||||
testCase := func() {
|
||||
circuit := TestFriCircuit{
|
||||
proofWithPis,
|
||||
verifierOnlyCircuitData,
|
||||
commonCircuitData,
|
||||
proofWithPIsFilename: "../../data/decode_block/proof_with_public_inputs.json",
|
||||
commonCircuitDataFilename: "../../data/decode_block//common_circuit_data.json",
|
||||
verifierOnlyCircuitDataFilename: "../../data/decode_block//verifier_only_circuit_data.json",
|
||||
}
|
||||
witness := TestFriCircuit{
|
||||
proofWithPis,
|
||||
verifierOnlyCircuitData,
|
||||
commonCircuitData,
|
||||
proofWithPIsFilename: "../../data/dummy_2^14_gates/proof_with_public_inputs.json",
|
||||
commonCircuitDataFilename: "../../data/dummy_2^14_gates/common_circuit_data.json",
|
||||
verifierOnlyCircuitDataFilename: ".../../data/dummy_2^14_gates/verifier_only_circuit_data.json",
|
||||
}
|
||||
err := test.IsSolved(&circuit, &witness, ecc.BN254.ScalarField())
|
||||
assert.NoError(err)
|
||||
|
||||
@@ -1,9 +1,30 @@
|
||||
package fri
|
||||
|
||||
import (
|
||||
gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
|
||||
"github.com/succinctlabs/gnark-plonky2-verifier/types"
|
||||
)
|
||||
|
||||
type OpeningBatch struct {
|
||||
Values []gl.QuadraticExtensionVariable
|
||||
}
|
||||
|
||||
type Openings struct {
|
||||
Batches []OpeningBatch
|
||||
}
|
||||
|
||||
func ToOpenings(c types.OpeningSet) Openings {
|
||||
values := c.Constants // num_constants + 1
|
||||
values = append(values, c.PlonkSigmas...) // num_routed_wires
|
||||
values = append(values, c.Wires...) // num_wires
|
||||
values = append(values, c.PlonkZs...) // num_challenges
|
||||
values = append(values, c.PartialProducts...) // num_challenges * num_partial_products
|
||||
values = append(values, c.QuotientPolys...) // num_challenges * quotient_degree_factor
|
||||
zetaBatch := OpeningBatch{Values: values}
|
||||
zetaNextBatch := OpeningBatch{Values: c.PlonkZsNext}
|
||||
return Openings{Batches: []OpeningBatch{zetaBatch, zetaNextBatch}}
|
||||
}
|
||||
|
||||
type PolynomialInfo struct {
|
||||
OracleIndex uint64
|
||||
PolynomialInfo uint64
|
||||
@@ -14,6 +35,16 @@ type OracleInfo struct {
|
||||
Blinding bool
|
||||
}
|
||||
|
||||
type BatchInfo struct {
|
||||
Point gl.QuadraticExtensionVariable
|
||||
Polynomials []PolynomialInfo
|
||||
}
|
||||
|
||||
type InstanceInfo struct {
|
||||
Oracles []OracleInfo
|
||||
Batches []BatchInfo
|
||||
}
|
||||
|
||||
type PlonkOracle struct {
|
||||
index uint64
|
||||
blinding bool
|
||||
@@ -146,3 +177,26 @@ func friAllPolys(c *types.CommonCircuitData) []PolynomialInfo {
|
||||
|
||||
return returnArr
|
||||
}
|
||||
|
||||
func GetInstance(c *types.CommonCircuitData, glApi *gl.Chip, zeta gl.QuadraticExtensionVariable, degreeBits uint64) InstanceInfo {
|
||||
zetaBatch := BatchInfo{
|
||||
Point: zeta,
|
||||
Polynomials: friAllPolys(c),
|
||||
}
|
||||
|
||||
g := gl.PrimitiveRootOfUnity(degreeBits)
|
||||
zetaNext := glApi.MulExtension(
|
||||
gl.NewVariable(g.Uint64()).ToQuadraticExtension(),
|
||||
zeta,
|
||||
)
|
||||
|
||||
zetaNextBath := BatchInfo{
|
||||
Point: zetaNext,
|
||||
Polynomials: friZSPolys(c),
|
||||
}
|
||||
|
||||
return InstanceInfo{
|
||||
Oracles: friOracles(c),
|
||||
Batches: []BatchInfo{zetaBatch, zetaNextBath},
|
||||
}
|
||||
}
|
||||
|
||||
21
fri/vars.go
21
fri/vars.go
@@ -1,21 +0,0 @@
|
||||
package fri
|
||||
|
||||
import gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
|
||||
|
||||
type BatchInfo struct {
|
||||
Point gl.QuadraticExtensionVariable
|
||||
Polynomials []PolynomialInfo
|
||||
}
|
||||
|
||||
type InstanceInfo struct {
|
||||
Oracles []OracleInfo
|
||||
Batches []BatchInfo
|
||||
}
|
||||
|
||||
type OpeningBatch struct {
|
||||
Values []gl.QuadraticExtensionVariable
|
||||
}
|
||||
|
||||
type Openings struct {
|
||||
Batches []OpeningBatch
|
||||
}
|
||||
Reference in New Issue
Block a user