arnaucube
/
gnark-plonky2-verifier
mirror of https://github.com/arnaucube/gnark-plonky2-verifier.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

small refactor of names

main
jtguibas 3 years ago
parent
7367106b04
commit
a058df6099
10 changed files with 245 additions and 332 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -20
      goldilocks/goldilocks.go
  2. +20
    -21
      plonky2_verifier/challenger.go
  3. +32
    -39
      plonky2_verifier/challenger_test.go
  4. +111
    -0
      plonky2_verifier/proof.go
  5. +0
    -162
      plonky2_verifier/structs.go
  6. +41
    -45
      plonky2_verifier/verifier.go
  7. +21
    -24
      poseidon/poseidon.go
  8. +9
    -10
      poseidon/poseidon_test.go
  9. +8
    -8
      poseidon/public_inputs_hash_test.go
  10. +3
    -3
      utils/utils.go

+ 0
- 20
goldilocks/goldilocks.go
View File

@ -1,20 +0,0 @@
package goldilocks
import (
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/std/math/emulated"
)
type GoldilocksElement = emulated.Element[emulated.Goldilocks]
func NewGoldilocksElement(x uint64) GoldilocksElement {
return GoldilocksElement(emulated.NewElement[emulated.Goldilocks](x))
}
func NewGoldilocksAPI(api frontend.API) frontend.API {
goldilocks, err := emulated.NewField[emulated.Goldilocks](api)
if err != nil {
panic(err)
}
return goldilocks
}

+ 20
- 21
plonky2_verifier/challenger.go
View File

@ -2,9 +2,8 @@ package plonky2_verifier
import ( import (
"fmt" "fmt"
. "gnark-ed25519/goldilocks"
. "gnark-ed25519/field"
"gnark-ed25519/poseidon" "gnark-ed25519/poseidon"
. "gnark-ed25519/poseidon"
"github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend"
) )
@ -12,16 +11,16 @@ import (
type ChallengerChip struct { type ChallengerChip struct {
api frontend.API api frontend.API
field frontend.API field frontend.API
poseidonChip PoseidonChip
spongeState [SPONGE_WIDTH]GoldilocksElement
inputBuffer []GoldilocksElement
outputBuffer []GoldilocksElement
poseidonChip poseidon.PoseidonChip
spongeState [poseidon.SPONGE_WIDTH]F
inputBuffer []F
outputBuffer []F
} }
func NewChallengerChip(api frontend.API, field frontend.API, poseidonChip PoseidonChip) *ChallengerChip {
var spongeState [SPONGE_WIDTH]GoldilocksElement
var inputBuffer []GoldilocksElement
var outputBuffer []GoldilocksElement
func NewChallengerChip(api frontend.API, field frontend.API, poseidonChip poseidon.PoseidonChip) *ChallengerChip {
var spongeState [poseidon.SPONGE_WIDTH]F
var inputBuffer []F
var outputBuffer []F
return &ChallengerChip{ return &ChallengerChip{
api: api, api: api,
field: field, field: field,
@ -32,31 +31,31 @@ func NewChallengerChip(api frontend.API, field frontend.API, poseidonChip Poseid
} }
} }
func (c *ChallengerChip) ObserveElement(element GoldilocksElement) {
func (c *ChallengerChip) ObserveElement(element F) {
c.outputBuffer = clearBuffer(c.outputBuffer) c.outputBuffer = clearBuffer(c.outputBuffer)
c.inputBuffer = append(c.inputBuffer, element) c.inputBuffer = append(c.inputBuffer, element)
if len(c.inputBuffer) == SPONGE_RATE {
if len(c.inputBuffer) == poseidon.SPONGE_RATE {
c.duplexing() c.duplexing()
} }
} }
func (c *ChallengerChip) ObserveElements(elements []GoldilocksElement) {
func (c *ChallengerChip) ObserveElements(elements []F) {
for i := 0; i < len(elements); i++ { for i := 0; i < len(elements); i++ {
c.ObserveElement(elements[i]) c.ObserveElement(elements[i])
} }
} }
func (c *ChallengerChip) ObserveHash(hash HashOutput) {
func (c *ChallengerChip) ObserveHash(hash Hash) {
c.ObserveElements(hash[:]) c.ObserveElements(hash[:])
} }
func (c *ChallengerChip) ObserveCap(cap []HashOutput) {
func (c *ChallengerChip) ObserveCap(cap []Hash) {
for i := 0; i < len(cap); i++ { for i := 0; i < len(cap); i++ {
c.ObserveHash(cap[i]) c.ObserveHash(cap[i])
} }
} }
func (c *ChallengerChip) GetChallenge() GoldilocksElement {
func (c *ChallengerChip) GetChallenge() F {
if len(c.inputBuffer) != 0 || len(c.outputBuffer) == 0 { if len(c.inputBuffer) != 0 || len(c.outputBuffer) == 0 {
c.duplexing() c.duplexing()
} }
@ -67,20 +66,20 @@ func (c *ChallengerChip) GetChallenge() GoldilocksElement {
return challenge return challenge
} }
func (c *ChallengerChip) GetNChallenges(n int) []GoldilocksElement {
challenges := make([]GoldilocksElement, n)
func (c *ChallengerChip) GetNChallenges(n int) []F {
challenges := make([]F, n)
for i := 0; i < n; i++ { for i := 0; i < n; i++ {
challenges[i] = c.GetChallenge() challenges[i] = c.GetChallenge()
} }
return challenges return challenges
} }
func clearBuffer(buffer []GoldilocksElement) []GoldilocksElement {
return make([]GoldilocksElement, 0)
func clearBuffer(buffer []F) []F {
return make([]F, 0)
} }
func (c *ChallengerChip) duplexing() { func (c *ChallengerChip) duplexing() {
if len(c.inputBuffer) > SPONGE_RATE {
if len(c.inputBuffer) > poseidon.SPONGE_RATE {
fmt.Println(len(c.inputBuffer)) fmt.Println(len(c.inputBuffer))
panic("something went wrong") panic("something went wrong")
} }

+ 32
- 39
plonky2_verifier/challenger_test.go
View File

@ -3,20 +3,18 @@ package plonky2_verifier
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
. "gnark-ed25519/goldilocks"
"gnark-ed25519/field"
. "gnark-ed25519/field"
. "gnark-ed25519/poseidon" . "gnark-ed25519/poseidon"
"gnark-ed25519/utils" "gnark-ed25519/utils"
"io/ioutil" "io/ioutil"
"os" "os"
"testing" "testing"
"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test" "github.com/consensys/gnark/test"
) )
var testCurve = ecc.BN254
type TestChallengerCircuit struct { type TestChallengerCircuit struct {
PublicInputs [3]frontend.Variable PublicInputs [3]frontend.Variable
CircuitDigest [4]frontend.Variable CircuitDigest [4]frontend.Variable
@ -24,53 +22,48 @@ type TestChallengerCircuit struct {
} }
func (circuit *TestChallengerCircuit) Define(api frontend.API) error { func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
goldilocksApi := NewGoldilocksAPI(api)
poseidonChip := NewPoseidonChip(api, goldilocksApi)
challengerChip := NewChallengerChip(api, goldilocksApi, *poseidonChip)
field := field.NewFieldAPI(api)
poseidon := NewPoseidonChip(api, field)
challenger := NewChallengerChip(api, field, *poseidon)
var circuitDigestGoldilocks [4]GoldilocksElement
for i := 0; i < 4; i++ {
circuitDigestGoldilocks[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.CircuitDigest[i], 64)).(GoldilocksElement)
var circuitDigest [4]F
for i := 0; i < len(circuitDigest); i++ {
circuitDigest[i] = field.FromBinary(api.ToBinary(circuit.CircuitDigest[i], 64)).(F)
} }
var publicInputsGoldilocks [3]GoldilocksElement
for i := 0; i < 3; i++ {
publicInputsGoldilocks[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.PublicInputs[i], 64)).(GoldilocksElement)
var publicInputs [3]F
for i := 0; i < len(publicInputs); i++ {
publicInputs[i] = field.FromBinary(api.ToBinary(circuit.PublicInputs[i], 64)).(F)
} }
var wiresCapGoldilocks [16][4]GoldilocksElement
for i := 0; i < 16; i++ {
for j := 0; j < 4; j++ {
wiresCapGoldilocks[i][j] = goldilocksApi.FromBinary(api.ToBinary(circuit.WiresCap[i][j], 64)).(GoldilocksElement)
var wiresCap [16][4]F
for i := 0; i < len(wiresCap); i++ {
for j := 0; j < len(wiresCap[0]); j++ {
wiresCap[i][j] = field.FromBinary(api.ToBinary(circuit.WiresCap[i][j], 64)).(F)
} }
} }
publicInputHash := poseidonChip.HashNoPad(publicInputsGoldilocks[:])
challengerChip.ObserveHash(circuitDigestGoldilocks)
challengerChip.ObserveHash(publicInputHash)
challengerChip.ObserveCap(wiresCapGoldilocks[:])
publicInputHash := poseidon.HashNoPad(publicInputs[:])
challenger.ObserveHash(circuitDigest)
challenger.ObserveHash(publicInputHash)
challenger.ObserveCap(wiresCap[:])
nbChallenges := 2 nbChallenges := 2
plonkBetas := challengerChip.GetNChallenges(nbChallenges)
plonkGammas := challengerChip.GetNChallenges(nbChallenges)
var expectedPlonkBetas [2]frontend.Variable
expectedPlonkBetas[0] = frontend.Variable("4678728155650926271")
expectedPlonkBetas[1] = frontend.Variable("13611962404289024887")
plonkBetas := challenger.GetNChallenges(nbChallenges)
plonkGammas := challenger.GetNChallenges(nbChallenges)
var expectedPlonkGammas [2]frontend.Variable
expectedPlonkGammas[0] = frontend.Variable("13237663823305715949")
expectedPlonkGammas[1] = frontend.Variable("15389314098328235145")
expectedPlonkBetas := [2]frontend.Variable{
frontend.Variable("4678728155650926271"),
frontend.Variable("13611962404289024887"),
}
expectedPlonkGammas := [2]frontend.Variable{
frontend.Variable("13237663823305715949"),
frontend.Variable("15389314098328235145"),
}
for i := 0; i < 2; i++ { for i := 0; i < 2; i++ {
goldilocksApi.AssertIsEqual(
plonkBetas[i],
goldilocksApi.FromBinary(api.ToBinary(expectedPlonkBetas[i])).(GoldilocksElement),
)
goldilocksApi.AssertIsEqual(
plonkGammas[i],
goldilocksApi.FromBinary(api.ToBinary(expectedPlonkGammas[i])).(GoldilocksElement),
)
field.AssertIsEqual(plonkBetas[i], field.FromBinary(api.ToBinary(expectedPlonkBetas[i])).(F))
field.AssertIsEqual(plonkGammas[i], field.FromBinary(api.ToBinary(expectedPlonkGammas[i])).(F))
} }
return nil return nil
@ -98,7 +91,7 @@ func TestChallengerWitness(t *testing.T) {
testCase := func(publicInputs [3]frontend.Variable, circuitDigest [4]frontend.Variable, wiresCap [16][4]frontend.Variable) { testCase := func(publicInputs [3]frontend.Variable, circuitDigest [4]frontend.Variable, wiresCap [16][4]frontend.Variable) {
circuit := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap} circuit := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap}
witness := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap} witness := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap}
err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
assert.NoError(err) assert.NoError(err)
} }

+ 111
- 0
plonky2_verifier/proof.go
View File

@ -0,0 +1,111 @@
package plonky2_verifier
import (
. "gnark-ed25519/field"
)
type QuadraticExtension = [2]F
type MerkleCap = []Hash
type MerkleProof struct {
Siblings []Hash
}
type EvalProof struct {
Elements []F
MerkleProof MerkleProof
}
type FriInitialTreeProof struct {
EvalsProofs []EvalProof
}
type FriQueryStep struct {
Evals []QuadraticExtension
MerkleProof MerkleProof
}
type FriQueryRound struct {
InitialTreesProof FriInitialTreeProof
Steps []FriQueryStep
}
type PolynomialCoeffs struct {
Coeffs []F
}
type FriProof struct {
CommitPhaseMerkleCaps []MerkleCap
QueryRoundProofs FriQueryRound
FinalPoly PolynomialCoeffs
PowWitness F
}
type OpeningSet struct {
Constants []QuadraticExtension
PlonkSigmas []QuadraticExtension
Wires []QuadraticExtension
PlonkZs []QuadraticExtension
PlonkZsNext []QuadraticExtension
PartialProducts []QuadraticExtension
QuotientPolys []QuadraticExtension
}
type Proof struct {
WiresCap MerkleCap
PlonkZsPartialProductsCap MerkleCap
QuotientPolysCap MerkleCap
Openings OpeningSet
OpeningProof FriProof
}
type ProofWithPublicInputs struct {
Proof Proof
PublicInputs []F
}
type VerifierOnlyCircuitData struct {
ConstantSigmasCap MerkleCap
}
type FriConfig struct {
RateBits uint64
CapHeight uint64
ProofOfWorkBits uint64
NumQueryRounds uint64
// TODO: add FriReductionStrategy
}
type FriParams struct {
Config FriConfig
Hiding bool
DegreeBits uint64
ReductionArityBits []uint64
}
type CircuitConfig struct {
NumWires uint64
NumRoutedWires uint64
NumConstants uint64
UseBaseArithmeticGate bool
SecurityBits uint64
NumChallenges uint64
ZeroKnowledge bool
MaxQuotientDegreeFactor uint64
FriConfig FriConfig
}
type CommonCircuitData struct {
Config CircuitConfig
FriParams FriParams
DegreeBits uint64
QuotientDegreeFactor uint64
NumGateConstraints uint64
NumConstants uint64
NumPublicInputs uint64
KIs []F
NumPartialProducts uint64
CircuitDigest Hash
// TODO: add SelectorsInfo and Gates
}

+ 0
- 162
plonky2_verifier/structs.go
View File

@ -1,162 +0,0 @@
package plonky2_verifier
import (
. "gnark-ed25519/goldilocks"
)
type Hash = [4]GoldilocksElement
type QuadraticExtension = [2]GoldilocksElement
type MerkleCap = []Hash
type MerkleProof struct {
Siblings []Hash
}
type EvalProof struct {
Elements []GoldilocksElement
MerkleProof MerkleProof
}
type FriInitialTreeProof struct {
EvalsProofs []EvalProof
}
type FriQueryStep struct {
Evals []QuadraticExtension
MerkleProof MerkleProof
}
type FriQueryRound struct {
InitialTreesProof FriInitialTreeProof
Steps []FriQueryStep
}
type PolynomialCoeffs struct {
Coeffs []GoldilocksElement
}
type FriProof struct {
CommitPhaseMerkleCaps []MerkleCap
QueryRoundProofs FriQueryRound
FinalPoly PolynomialCoeffs
PowWitness GoldilocksElement
}
type OpeningSet struct {
Constants []QuadraticExtension
PlonkSigmas []QuadraticExtension
Wires []QuadraticExtension
PlonkZs []QuadraticExtension
PlonkZsNext []QuadraticExtension
PartialProducts []QuadraticExtension
QuotientPolys []QuadraticExtension
}
type Proof struct {
WiresCap MerkleCap
PlonkZsPartialProductsCap MerkleCap
QuotientPolysCap MerkleCap
Openings OpeningSet
OpeningProof FriProof
}
type ProofWithPublicInputs struct {
Proof Proof
PublicInputs []GoldilocksElement
}
type ProofWithPublicInputsRaw struct {
Proof struct {
WiresCap []struct {
Elements []uint64 `json:"elements"`
} `json:"wires_cap"`
PlonkZsPartialProductsCap []struct {
Elements []uint64 `json:"elements"`
} `json:"plonk_zs_partial_products_cap"`
QuotientPolysCap []struct {
Elements []uint64 `json:"elements"`
} `json:"quotient_polys_cap"`
Openings struct {
Constants [][]uint64 `json:"constants"`
PlonkSigmas [][]uint64 `json:"plonk_sigmas"`
Wires [][]uint64 `json:"wires"`
PlonkZs [][]uint64 `json:"plonk_zs"`
PlonkZsNext [][]uint64 `json:"plonk_zs_next"`
PartialProducts [][]uint64 `json:"partial_products"`
QuotientPolys [][]uint64 `json:"quotient_polys"`
} `json:"openings"`
OpeningProof struct {
CommitPhaseMerkleCaps []interface{} `json:"commit_phase_merkle_caps"`
QueryRoundProofs []struct {
InitialTreesProof struct {
EvalsProofs [][]interface{} `json:"evals_proofs"`
} `json:"initial_trees_proof"`
Steps []interface{} `json:"steps"`
} `json:"query_round_proofs"`
FinalPoly struct {
Coeffs [][]uint64 `json:"coeffs"`
} `json:"final_poly"`
PowWitness uint64 `json:"pow_witness"`
} `json:"opening_proof"`
} `json:"proof"`
PublicInputs []uint64 `json:"public_inputs"`
}
type CommonCircuitData struct {
Config struct {
NumWires uint64 `json:"num_wires"`
NumRoutedWires uint64 `json:"num_routed_wires"`
NumConstants uint64 `json:"num_constants"`
UseBaseArithmeticGate bool `json:"use_base_arithmetic_gate"`
SecurityBits uint64 `json:"security_bits"`
NumChallenges uint64 `json:"num_challenges"`
ZeroKnowledge bool `json:"zero_knowledge"`
MaxQuotientDegreeFactor uint64 `json:"max_quotient_degree_factor"`
FriConfig struct {
RateBits uint64 `json:"rate_bits"`
CapHeight uint64 `json:"cap_height"`
ProofOfWorkBits uint64 `json:"proof_of_work_bits"`
ReductionStrategy struct {
ConstantArityBits []uint64 `json:"ConstantArityBits"`
} `json:"reduction_strategy"`
NumQueryRounds uint64 `json:"num_query_rounds"`
} `json:"fri_config"`
} `json:"config"`
FriParams struct {
Config struct {
RateBits uint64 `json:"rate_bits"`
CapHeight uint64 `json:"cap_height"`
ProofOfWorkBits uint64 `json:"proof_of_work_bits"`
ReductionStrategy struct {
ConstantArityBits []uint64 `json:"ConstantArityBits"`
} `json:"reduction_strategy"`
NumQueryRounds uint64 `json:"num_query_rounds"`
} `json:"config"`
Hiding bool `json:"hiding"`
DegreeBits uint64 `json:"degree_bits"`
ReductionArityBits []interface{} `json:"reduction_arity_bits"`
} `json:"fri_params"`
DegreeBits uint64 `json:"degree_bits"`
SelectorsInfo struct {
SelectorIndices []uint64 `json:"selector_indices"`
Groups []struct {
Start uint64 `json:"start"`
End uint64 `json:"end"`
} `json:"groups"`
} `json:"selectors_info"`
QuotientDegreeFactor uint64 `json:"quotient_degree_factor"`
NumGateConstraints uint64 `json:"num_gate_constraints"`
NumConstants uint64 `json:"num_constants"`
NumPublicInputs uint64 `json:"num_public_inputs"`
KIs []interface{} `json:"k_is"`
NumPartialProducts uint64 `json:"num_partial_products"`
CircuitDigest struct {
Elements []uint64 `json:"elements"`
} `json:"circuit_digest"`
}
type VerifierOnlyCircuitData struct {
ConstantsSigmasCap []struct {
Elements []uint64 `json:"elements"`
} `json:"constants_sigmas_cap"`
}

+ 41
- 45
plonky2_verifier/verifier.go
View File

@ -1,47 +1,43 @@
package plonky2_verifier package plonky2_verifier
import (
. "gnark-ed25519/goldilocks"
"gnark-ed25519/poseidon"
"gnark-ed25519/utils"
"github.com/consensys/gnark/frontend"
)
type VerifierChip struct {
api frontend.API
field frontend.API
poseidonChip poseidon.PoseidonChip
}
func (c *VerifierChip) GetPublicInputsHash(publicInputs []GoldilocksElement) poseidon.HashOutput {
return c.poseidonChip.HashNoPad(publicInputs)
}
func (c *VerifierChip) GetChallenges(proofWithPis ProofWithPublicInputs, publicInputsHash Hash, commonData CommonCircuitData) {
config := commonData.Config
numChallenges := int(config.NumChallenges)
challenger := NewChallengerChip(c.api, c.field, c.poseidonChip)
var circuitDigest Hash
copy(circuitDigest[:], utils.Uint64ArrayToGoldilocksElementArray(commonData.CircuitDigest.Elements))
challenger.ObserveHash(circuitDigest)
challenger.ObserveHash(publicInputsHash)
challenger.ObserveCap(proofWithPis.Proof.WiresCap)
plonkBetas := challenger.GetNChallenges(numChallenges)
plonkGammas := challenger.GetNChallenges(numChallenges)
challenger.ObserveCap(proofWithPis.Proof.PlonkZsPartialProductsCap)
plonkAlphas := challenger.GetNChallenges(numChallenges)
challenger.ObserveCap(proofWithPis.Proof.QuotientPolysCap)
plonkZeta := challenger.GetNChallenges(numChallenges)
challenger.ObserveOpenings(proofWithPis.Proof.Openings)
}
func (c *VerifierChip) Verify(proofWithPis ProofWithPublicInputs, verifierData VerifierOnlyCircuitData, commonData CommonCircuitData) {
publicInputsHash := c.GetPublicInputsHash(proofWithPis.PublicInputs)
challenges := c.GetChallenges(proofWithPis, publicInputsHash, commonData)
}
// import (
// . "gnark-ed25519/field"
// "gnark-ed25519/poseidon"
// "github.com/consensys/gnark/frontend"
// )
// type VerifierChip struct {
// api frontend.API
// field frontend.API
// poseidonChip poseidon.PoseidonChip
// }
// func (c *VerifierChip) GetPublicInputsHash(publicInputs []F) poseidon.HashOutput {
// return c.poseidonChip.HashNoPad(publicInputs)
// }
// func (c *VerifierChip) GetChallenges(proofWithPis ProofWithPublicInputs, publicInputsHash Hash, commonData CommonCircuitData) {
// config := commonData.Config
// numChallenges := int(config.NumChallenges)
// challenger := NewChallengerChip(c.api, c.field, c.poseidonChip)
// challenger.ObserveHash(commonData.CircuitDigest)
// challenger.ObserveHash(publicInputsHash)
// challenger.ObserveCap(proofWithPis.Proof.WiresCap)
// plonkBetas := challenger.GetNChallenges(numChallenges)
// plonkGammas := challenger.GetNChallenges(numChallenges)
// challenger.ObserveCap(proofWithPis.Proof.PlonkZsPartialProductsCap)
// plonkAlphas := challenger.GetNChallenges(numChallenges)
// challenger.ObserveCap(proofWithPis.Proof.QuotientPolysCap)
// plonkZeta := challenger.GetNChallenges(numChallenges)
// challenger.ObserveOpenings(proofWithPis.Proof.Openings)
// }
// func (c *VerifierChip) Verify(proofWithPis ProofWithPublicInputs, verifierData VerifierOnlyCircuitData, commonData CommonCircuitData) {
// publicInputsHash := c.GetPublicInputsHash(proofWithPis.PublicInputs)
// challenges := c.GetChallenges(proofWithPis, publicInputsHash, commonData)
// }

+ 21
- 24
poseidon/poseidon.go
View File

@ -1,13 +1,11 @@
package poseidon package poseidon
import ( import (
. "gnark-ed25519/goldilocks"
. "gnark-ed25519/field"
"github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend"
) )
/* Note: This package assumes usage of the BN254 curve in various places. */
const HALF_N_FULL_ROUNDS = 4 const HALF_N_FULL_ROUNDS = 4
const N_FULL_ROUNDS_TOTAL = 2 * HALF_N_FULL_ROUNDS const N_FULL_ROUNDS_TOTAL = 2 * HALF_N_FULL_ROUNDS
const N_PARTIAL_ROUNDS = 22 const N_PARTIAL_ROUNDS = 22
@ -17,8 +15,7 @@ const WIDTH = 12
const SPONGE_WIDTH = 12 const SPONGE_WIDTH = 12
const SPONGE_RATE = 8 const SPONGE_RATE = 8
type PoseidonState = [WIDTH]GoldilocksElement
type HashOutput = [4]GoldilocksElement
type PoseidonState = [WIDTH]F
type PoseidonChip struct { type PoseidonChip struct {
api frontend.API api frontend.API
field frontend.API field frontend.API
@ -37,7 +34,7 @@ func (c *PoseidonChip) Poseidon(input PoseidonState) PoseidonState {
return state return state
} }
func (c *PoseidonChip) HashNToMNoPad(input []GoldilocksElement, nbOutputs int) []GoldilocksElement {
func (c *PoseidonChip) HashNToMNoPad(input []F, nbOutputs int) []F {
var state PoseidonState var state PoseidonState
for i := 0; i < len(input); i += SPONGE_RATE { for i := 0; i < len(input); i += SPONGE_RATE {
@ -49,7 +46,7 @@ func (c *PoseidonChip) HashNToMNoPad(input []GoldilocksElement, nbOutputs int) [
state = c.Poseidon(state) state = c.Poseidon(state)
} }
var outputs []GoldilocksElement
var outputs []F
for { for {
for i := 0; i < SPONGE_RATE; i++ { for i := 0; i < SPONGE_RATE; i++ {
@ -62,8 +59,8 @@ func (c *PoseidonChip) HashNToMNoPad(input []GoldilocksElement, nbOutputs int) [
} }
} }
func (c *PoseidonChip) HashNoPad(input []GoldilocksElement) HashOutput {
var hash [4]GoldilocksElement
func (c *PoseidonChip) HashNoPad(input []F) Hash {
var hash Hash
copy(hash[:], c.HashNToMNoPad(input, 4)) copy(hash[:], c.HashNToMNoPad(input, 4))
return hash return hash
} }
@ -87,7 +84,7 @@ func (c *PoseidonChip) partialRounds(state PoseidonState, roundCounter *int) Pos
for i := 0; i < N_PARTIAL_ROUNDS; i++ { for i := 0; i < N_PARTIAL_ROUNDS; i++ {
state[0] = c.sBoxMonomial(state[0]) state[0] = c.sBoxMonomial(state[0])
state[0] = c.field.Add(state[0], FAST_PARTIAL_ROUND_CONSTANTS[i]).(GoldilocksElement)
state[0] = c.field.Add(state[0], FAST_PARTIAL_ROUND_CONSTANTS[i]).(F)
state = c.mdsPartialLayerFast(state, i) state = c.mdsPartialLayerFast(state, i)
} }
@ -99,8 +96,8 @@ func (c *PoseidonChip) partialRounds(state PoseidonState, roundCounter *int) Pos
func (c *PoseidonChip) constantLayer(state PoseidonState, roundCounter *int) PoseidonState { func (c *PoseidonChip) constantLayer(state PoseidonState, roundCounter *int) PoseidonState {
for i := 0; i < 12; i++ { for i := 0; i < 12; i++ {
if i < WIDTH { if i < WIDTH {
roundConstant := NewGoldilocksElement(ALL_ROUND_CONSTANTS[i+WIDTH*(*roundCounter)])
state[i] = c.field.Add(state[i], roundConstant).(GoldilocksElement)
roundConstant := NewFieldElement(ALL_ROUND_CONSTANTS[i+WIDTH*(*roundCounter)])
state[i] = c.field.Add(state[i], roundConstant).(F)
} }
} }
return state return state
@ -115,11 +112,11 @@ func (c *PoseidonChip) sBoxLayer(state PoseidonState) PoseidonState {
return state return state
} }
func (c *PoseidonChip) sBoxMonomial(x GoldilocksElement) GoldilocksElement {
func (c *PoseidonChip) sBoxMonomial(x F) F {
x2 := c.field.Mul(x, x) x2 := c.field.Mul(x, x)
x4 := c.field.Mul(x2, x2) x4 := c.field.Mul(x2, x2)
x3 := c.field.Mul(x2, x) x3 := c.field.Mul(x2, x)
return c.field.Mul(x3, x4).(GoldilocksElement)
return c.field.Mul(x3, x4).(F)
} }
func (c *PoseidonChip) mdsRowShf(r int, v [WIDTH]frontend.Variable) frontend.Variable { func (c *PoseidonChip) mdsRowShf(r int, v [WIDTH]frontend.Variable) frontend.Variable {
@ -139,7 +136,7 @@ func (c *PoseidonChip) mdsRowShf(r int, v [WIDTH]frontend.Variable) frontend.Var
func (c *PoseidonChip) mdsLayer(state_ PoseidonState) PoseidonState { func (c *PoseidonChip) mdsLayer(state_ PoseidonState) PoseidonState {
var result PoseidonState var result PoseidonState
for i := 0; i < WIDTH; i++ { for i := 0; i < WIDTH; i++ {
result[i] = NewGoldilocksElement(0)
result[i] = NewFieldElement(0)
} }
var state [WIDTH]frontend.Variable var state [WIDTH]frontend.Variable
@ -151,7 +148,7 @@ func (c *PoseidonChip) mdsLayer(state_ PoseidonState) PoseidonState {
if r < WIDTH { if r < WIDTH {
sum := c.mdsRowShf(r, state) sum := c.mdsRowShf(r, state)
bits := c.api.ToBinary(sum) bits := c.api.ToBinary(sum)
result[r] = c.field.FromBinary(bits).(GoldilocksElement)
result[r] = c.field.FromBinary(bits).(F)
} }
} }
@ -161,7 +158,7 @@ func (c *PoseidonChip) mdsLayer(state_ PoseidonState) PoseidonState {
func (c *PoseidonChip) partialFirstConstantLayer(state PoseidonState) PoseidonState { func (c *PoseidonChip) partialFirstConstantLayer(state PoseidonState) PoseidonState {
for i := 0; i < 12; i++ { for i := 0; i < 12; i++ {
if i < WIDTH { if i < WIDTH {
state[i] = c.field.Add(state[i], NewGoldilocksElement(FAST_PARTIAL_FIRST_ROUND_CONSTANT[i])).(GoldilocksElement)
state[i] = c.field.Add(state[i], NewFieldElement(FAST_PARTIAL_FIRST_ROUND_CONSTANT[i])).(F)
} }
} }
return state return state
@ -170,7 +167,7 @@ func (c *PoseidonChip) partialFirstConstantLayer(state PoseidonState) PoseidonSt
func (c *PoseidonChip) mdsPartialLayerInit(state PoseidonState) PoseidonState { func (c *PoseidonChip) mdsPartialLayerInit(state PoseidonState) PoseidonState {
var result PoseidonState var result PoseidonState
for i := 0; i < 12; i++ { for i := 0; i < 12; i++ {
result[i] = NewGoldilocksElement(0)
result[i] = NewFieldElement(0)
} }
result[0] = state[0] result[0] = state[0]
@ -179,8 +176,8 @@ func (c *PoseidonChip) mdsPartialLayerInit(state PoseidonState) PoseidonState {
if r < WIDTH { if r < WIDTH {
for d := 1; d < 12; d++ { for d := 1; d < 12; d++ {
if d < WIDTH { if d < WIDTH {
t := NewGoldilocksElement(FAST_PARTIAL_ROUND_INITIAL_MATRIX[r-1][d-1])
result[d] = c.field.Add(result[d], c.field.Mul(state[r], t)).(GoldilocksElement)
t := NewFieldElement(FAST_PARTIAL_ROUND_INITIAL_MATRIX[r-1][d-1])
result[d] = c.field.Add(result[d], c.field.Mul(state[r], t)).(F)
} }
} }
} }
@ -206,15 +203,15 @@ func (c *PoseidonChip) mdsPartialLayerFast(state PoseidonState, r int) PoseidonS
var result PoseidonState var result PoseidonState
for i := 0; i < WIDTH; i++ { for i := 0; i < WIDTH; i++ {
result[i] = NewGoldilocksElement(0)
result[i] = NewFieldElement(0)
} }
result[0] = d.(GoldilocksElement)
result[0] = d.(F)
for i := 1; i < 12; i++ { for i := 1; i < 12; i++ {
if i < WIDTH { if i < WIDTH {
t := NewGoldilocksElement(FAST_PARTIAL_ROUND_VS[r][i-1])
result[i] = c.field.Add(state[i], c.field.Mul(state[0], t)).(GoldilocksElement)
t := NewFieldElement(FAST_PARTIAL_ROUND_VS[r][i-1])
result[i] = c.field.Add(state[i], c.field.Mul(state[0], t)).(F)
} }
} }

+ 9
- 10
poseidon/poseidon_test.go
View File

@ -1,7 +1,8 @@
package poseidon package poseidon
import ( import (
. "gnark-ed25519/goldilocks"
"gnark-ed25519/field"
. "gnark-ed25519/field"
"gnark-ed25519/utils" "gnark-ed25519/utils"
"testing" "testing"
@ -17,22 +18,20 @@ type TestPoseidonCircuit struct {
} }
func (circuit *TestPoseidonCircuit) Define(api frontend.API) error { func (circuit *TestPoseidonCircuit) Define(api frontend.API) error {
goldilocksApi := NewGoldilocksAPI(api)
goldilocksApi := field.NewFieldAPI(api)
// BN254 -> Binary(64) -> GoldilocksElement
var input PoseidonState var input PoseidonState
for i := 0; i < 12; i++ { for i := 0; i < 12; i++ {
input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(GoldilocksElement)
input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(F)
} }
chip := NewPoseidonChip(api, goldilocksApi) chip := NewPoseidonChip(api, goldilocksApi)
output := chip.Poseidon(input) output := chip.Poseidon(input)
// Check that output is correct
for i := 0; i < 12; i++ { for i := 0; i < 12; i++ {
goldilocksApi.AssertIsEqual( goldilocksApi.AssertIsEqual(
output[i], output[i],
goldilocksApi.FromBinary(api.ToBinary(circuit.Out[i])).(GoldilocksElement),
goldilocksApi.FromBinary(api.ToBinary(circuit.Out[i])).(F),
) )
} }
@ -45,7 +44,7 @@ func TestPoseidonWitness(t *testing.T) {
testCase := func(in [12]frontend.Variable, out [12]frontend.Variable) { testCase := func(in [12]frontend.Variable, out [12]frontend.Variable) {
circuit := TestPoseidonCircuit{In: in, Out: out} circuit := TestPoseidonCircuit{In: in, Out: out}
witness := TestPoseidonCircuit{In: in, Out: out} witness := TestPoseidonCircuit{In: in, Out: out}
err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
assert.NoError(err) assert.NoError(err)
} }
@ -79,12 +78,12 @@ func TestPoseidonProof(t *testing.T) {
circuit := TestPoseidonCircuit{In: in, Out: out} circuit := TestPoseidonCircuit{In: in, Out: out}
assignment := TestPoseidonCircuit{In: in, Out: out} assignment := TestPoseidonCircuit{In: in, Out: out}
r1cs, err := frontend.Compile(testCurve.ScalarField(), r1cs.NewBuilder, &circuit)
r1cs, err := frontend.Compile(TEST_CURVE.ScalarField(), r1cs.NewBuilder, &circuit)
if err != nil { if err != nil {
panic(err) panic(err)
} }
witness, err := frontend.NewWitness(&assignment, testCurve.ScalarField())
witness, err := frontend.NewWitness(&assignment, TEST_CURVE.ScalarField())
if err != nil { if err != nil {
panic(err) panic(err)
} }
@ -94,7 +93,7 @@ func TestPoseidonProof(t *testing.T) {
panic(err) panic(err)
} }
err = test.IsSolved(&circuit, &assignment, testCurve.ScalarField())
err = test.IsSolved(&circuit, &assignment, TEST_CURVE.ScalarField())
if err != nil { if err != nil {
panic(err) panic(err)
} }

+ 8
- 8
poseidon/public_inputs_hash_test.go
View File

@ -1,7 +1,7 @@
package poseidon package poseidon
import ( import (
. "gnark-ed25519/goldilocks"
. "gnark-ed25519/field"
"gnark-ed25519/utils" "gnark-ed25519/utils"
"testing" "testing"
@ -18,22 +18,22 @@ type TestPublicInputsHashCircuit struct {
} }
func (circuit *TestPublicInputsHashCircuit) Define(api frontend.API) error { func (circuit *TestPublicInputsHashCircuit) Define(api frontend.API) error {
goldilocksApi := NewGoldilocksAPI(api)
field := NewFieldAPI(api)
// BN254 -> Binary(64) -> GoldilocksElement
var input [3]GoldilocksElement
// BN254 -> Binary(64) -> F
var input [3]F
for i := 0; i < 3; i++ { for i := 0; i < 3; i++ {
input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(GoldilocksElement)
input[i] = field.FromBinary(api.ToBinary(circuit.In[i], 64)).(F)
} }
poseidonChip := &PoseidonChip{api: api, field: goldilocksApi}
poseidonChip := &PoseidonChip{api: api, field: field}
output := poseidonChip.HashNoPad(input[:]) output := poseidonChip.HashNoPad(input[:])
// Check that output is correct // Check that output is correct
for i := 0; i < 4; i++ { for i := 0; i < 4; i++ {
goldilocksApi.AssertIsEqual(
field.AssertIsEqual(
output[i], output[i],
goldilocksApi.FromBinary(api.ToBinary(circuit.Out[i])).(GoldilocksElement),
field.FromBinary(api.ToBinary(circuit.Out[i])).(F),
) )
} }

+ 3
- 3
utils/utils.go
View File

@ -1,7 +1,7 @@
package utils package utils
import ( import (
. "gnark-ed25519/goldilocks"
. "gnark-ed25519/field"
"math/big" "math/big"
"github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend"
@ -26,8 +26,8 @@ func StrArrayToFrontendVariableArray(input []string) []frontend.Variable {
return output return output
} }
func Uint64ArrayToGoldilocksElementArray(input []uint64) []GoldilocksElement {
var output []GoldilocksElement
func Uint64ArrayToFArray(input []uint64) []F {
var output []F
for i := 0; i < len(input); i++ { for i := 0; i < len(input); i++ {
output = append(output, emulated.NewElement[emulated.Goldilocks](input[i])) output = append(output, emulated.NewElement[emulated.Goldilocks](input[i]))
} }

Write Preview
Loading…
Cancel
Save