added public inputs hash test, challenger test

3 years ago · cae5d3b45f
6 changed files with 317 additions and 95 deletions
--- a/plonky2_verifier/challenger.go
+++ b/plonky2_verifier/challenger.go
@ -1,79 +1,97 @@
 package plonky2_verifier

 import (
 	"fmt"
 	. "gnark-ed25519/goldilocks"
 	"gnark-ed25519/poseidon"
 	. "gnark-ed25519/poseidon"

 	"github.com/consensys/gnark/frontend"
 )

 type V = frontend.Variable

 type Challenger struct {
 	sponge_state: [SPONGE_WIDTH]V
 	input_buffer: []V
 	output_buffer: []V
 type ChallengerChip struct {
 	api          frontend.API
 	field        frontend.API
 	poseidonChip PoseidonChip
 	spongeState  [SPONGE_WIDTH]GoldilocksElement
 	inputBuffer  []GoldilocksElement
 	outputBuffer []GoldilocksElement
 }

 func NewChallenger() Challenger {
 	var sponge_state [SPONGE_WIDTH]V
 	for i := 0; i < SPONGE_WIDTH; i++ {
 		sponge_state[i] = 0
 	}
 	return Challenger {
 		sponge_state: sponge_state,
 		input_buffer: []V{},
 		output_buffer: []V{},
 func NewChallengerChip(api frontend.API, field frontend.API, poseidonChip PoseidonChip) *ChallengerChip {
 	var spongeState [SPONGE_WIDTH]GoldilocksElement
 	var inputBuffer []GoldilocksElement
 	var outputBuffer []GoldilocksElement
 	return &ChallengerChip{
 		api:          api,
 		field:        field,
 		poseidonChip: poseidonChip,
 		spongeState:  spongeState,
 		inputBuffer:  inputBuffer,
 		outputBuffer: outputBuffer,
 	}
 }

 func (c *Challenger) observe_elements(elements []V) {
 	for _, element := range elements {
 		c.observe_element(element)
 func (c *ChallengerChip) ObserveElement(element GoldilocksElement) {
 	c.outputBuffer = clearBuffer(c.outputBuffer)
 	c.inputBuffer = append(c.inputBuffer, element)
 	if len(c.inputBuffer) == SPONGE_RATE {
 		c.duplexing()
 	}
 }

 func (c *Challenger) observe_hash(hash []V) {
 	c.observe_elements(hash)
 func (c *ChallengerChip) ObserveElements(elements []GoldilocksElement) {
 	for i := 0; i < len(elements); i++ {
 		c.ObserveElement(elements[i])
 	}
 }

 func (c *Challenger) observe_element(element V) {
 	c.output_buffer = V[]{}
 	c.input_buffer = append(c.input_buffer, element)
 	if len(c.input_buffer) == SPONGE_RATE {
 		c.duplexing()
 	}
 func (c *ChallengerChip) ObserveHash(hash HashOutput) {
 	c.ObserveElements(hash[:])
 }

 func (c *Challenger) observe_cap(cap [][]V) {
 	for _, hash := range cap {
 		c.observe_hash(hash)
 func (c *ChallengerChip) ObserveCap(cap []HashOutput) {
 	for i := 0; i < len(cap); i++ {
 		c.ObserveHash(cap[i])
 	}
 }

 func (c *Challenger) duplexing() {
 	if len(c.input_buffer) > SPONGE_RATE { panic("buffer too large") }

 	for i, input := range c.input_buffer {
 		c.sponge_state[i] = input
 func (c *ChallengerChip) GetChallenge() GoldilocksElement {
 	if len(c.inputBuffer) != 0 || len(c.outputBuffer) == 0 {
 		c.duplexing()
 	}
 	c.input_buffer = V[]{}

 	c.sponge_state = poseidon(c.sponge_state)
 	challenge := c.outputBuffer[len(c.outputBuffer)-1]
 	c.outputBuffer = c.outputBuffer[:len(c.outputBuffer)-1]

 	c.output_buffer = c.sponge_state[:SPONGE_RATE]
 	return challenge
 }

 func (c *Challenger) get_challenge() V {
 	if len(c.input_buffer) > 0 || len(c.output_buffer) == 0 {
 		c.duplexing()
 func (c *ChallengerChip) GetNChallenges(n int) []GoldilocksElement {
 	challenges := make([]GoldilocksElement, n)
 	for i := 0; i < n; i++ {
 		challenges[i] = c.GetChallenge()
 	}
 	result := c.output_buffer[len(c.output_buffer) - 1]
 	c.output_buffer = c.output_buffer[:len(c.output_buffer) - 1]
 	return result
 	return challenges
 }

 func (c *Challenger) get_n_challenges(n int) []V {
 	result := make([]V, n)
 	for i := 0; i < n; i++ {
 		result[i] = c.get_challenge()
 func clearBuffer(buffer []GoldilocksElement) []GoldilocksElement {
 	return make([]GoldilocksElement, 0)
 }

 func (c *ChallengerChip) duplexing() {
 	if len(c.inputBuffer) > SPONGE_RATE {
 		fmt.Println(len(c.inputBuffer))
 		panic("something went wrong")
 	}
 	for i := 0; i < len(c.inputBuffer); i++ {
 		c.spongeState[i] = c.inputBuffer[i]
 	}
 	c.inputBuffer = clearBuffer(c.inputBuffer)
 	c.spongeState = c.poseidonChip.Poseidon(c.spongeState)
 	clearBuffer(c.outputBuffer)
 	for i := 0; i < poseidon.SPONGE_RATE; i++ {
 		c.outputBuffer = append(c.outputBuffer, c.spongeState[i])
 		// c.outputBuffer[i] = c.spongeState[i]
 	}
 	return result
 }
--- a/plonky2_verifier/challenger_test.go
+++ b/plonky2_verifier/challenger_test.go
@ -0,0 +1,117 @@
 package plonky2_verifier

 import (
 	. "gnark-ed25519/goldilocks"
 	. "gnark-ed25519/poseidon"
 	"gnark-ed25519/utils"
 	"testing"

 	"github.com/consensys/gnark-crypto/ecc"
 	"github.com/consensys/gnark/frontend"
 	"github.com/consensys/gnark/test"
 )

 var testCurve = ecc.BN254

 type TestChallengerCircuit struct {
 	PublicInputs  [3]frontend.Variable
 	CircuitDigest [4]frontend.Variable
 	WiresCap      [16][4]frontend.Variable
 }

 func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
 	goldilocksApi := NewGoldilocksAPI(api)
 	poseidonChip := NewPoseidonChip(api, goldilocksApi)
 	challengerChip := NewChallengerChip(api, goldilocksApi, *poseidonChip)

 	var circuitDigestGoldilocks [4]GoldilocksElement
 	for i := 0; i < 4; i++ {
 		circuitDigestGoldilocks[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.CircuitDigest[i], 64)).(GoldilocksElement)
 	}

 	var publicInputsGoldilocks [3]GoldilocksElement
 	for i := 0; i < 3; i++ {
 		publicInputsGoldilocks[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.PublicInputs[i], 64)).(GoldilocksElement)
 	}

 	var wiresCapGoldilocks [16][4]GoldilocksElement
 	for i := 0; i < 16; i++ {
 		for j := 0; j < 4; j++ {
 			wiresCapGoldilocks[i][j] = goldilocksApi.FromBinary(api.ToBinary(circuit.WiresCap[i][j], 64)).(GoldilocksElement)
 		}
 	}

 	publicInputHash := poseidonChip.HashNoPad(publicInputsGoldilocks[:])
 	challengerChip.ObserveHash(circuitDigestGoldilocks)
 	challengerChip.ObserveHash(publicInputHash)
 	challengerChip.ObserveCap(wiresCapGoldilocks[:])

 	nbChallenges := 2
 	plonkBetas := challengerChip.GetNChallenges(nbChallenges)
 	plonkGammas := challengerChip.GetNChallenges(nbChallenges)

 	var expectedPlonkBetas [2]frontend.Variable
 	expectedPlonkBetas[0] = frontend.Variable("4678728155650926271")
 	expectedPlonkBetas[1] = frontend.Variable("13611962404289024887")

 	var expectedPlonkGammas [2]frontend.Variable
 	expectedPlonkGammas[0] = frontend.Variable("13237663823305715949")
 	expectedPlonkGammas[1] = frontend.Variable("15389314098328235145")

 	for i := 0; i < 2; i++ {
 		goldilocksApi.AssertIsEqual(
 			plonkBetas[i],
 			goldilocksApi.FromBinary(api.ToBinary(expectedPlonkBetas[i])).(GoldilocksElement),
 		)
 		goldilocksApi.AssertIsEqual(
 			plonkGammas[i],
 			goldilocksApi.FromBinary(api.ToBinary(expectedPlonkGammas[i])).(GoldilocksElement),
 		)
 	}

 	return nil
 }

 func TestChallengerWitness(t *testing.T) {
 	assert := test.NewAssert(t)

 	testCase := func(publicInputs [3]frontend.Variable, circuitDigest [4]frontend.Variable, wiresCap [16][4]frontend.Variable) {
 		circuit := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap}
 		witness := TestChallengerCircuit{PublicInputs: publicInputs, CircuitDigest: circuitDigest, WiresCap: wiresCap}
 		err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
 		assert.NoError(err)
 	}

 	publicInputsStr := []string{"0", "1", "3736710860384812976"}
 	circuitDigestStr := []string{"7754113318730736048", "18436136620016916513", "18054530212389526288", "5893739326632906028"}
 	wiresCapStr := [][]string{
 		{"13884351014873073118", "5174249846243191862", "2208632528791973868", "1071582828677910652"},
 		{"11475361245556894879", "14867351574926692044", "17013374066934071379", "1027671036932569748"},
 		{"5604634992452399010", "3684464596850094189", "5565599237356852406", "4136295609943151014"},
 		{"8463721840990025805", "5922588965472526198", "8096699027533803435", "2210089353004111478"},
 		{"17531628199677307555", "11513452064460680964", "1482441508929181375", "5139566233781982440"},
 		{"13271417993289093233", "17257193898955790413", "16883807866578566670", "7423179920948669117"},
 		{"13462567520785358202", "15555103598281658890", "5859961276885232601", "4464568704709749394"},
 		{"153012620162729043", "14072764618167122665", "3025694603779494447", "15948104906680148838"},
 		{"18050235253694287284", "11467396424826912141", "11302553396166323353", "10976271719722841224"},
 		{"15208241660644051470", "8520722208187871063", "10775022596056682771", "16048513824198271730"},
 		{"6929477084755896240", "11382029470138215117", "13205948643259905511", "9421863267852221772"},
 		{"15449187573546292268", "10216729601353604194", "9493934392442974211", "9848643714440191835"},
 		{"2172475758127444753", "16681095938683502188", "9983383760611275566", "2603547977557388755"},
 		{"17440301588003279095", "11799356585691460705", "1386003375936412946", "11059100806278290279"},
 		{"10758265002546797581", "1374136260999724547", "7200401521491969338", "219493657547391496"},
 		{"5995963332181008902", "4442996285152250372", "2005936434281221193", "6869325719052666642"},
 	}

 	var publicInputs [3]frontend.Variable
 	var circuitDigest [4]frontend.Variable
 	var wiresCap [16][4]frontend.Variable

 	copy(publicInputs[:], utils.StrArrayToFrontendVariableArray(publicInputsStr))
 	copy(circuitDigest[:], utils.StrArrayToFrontendVariableArray(circuitDigestStr))
 	for i := 0; i < len(wiresCapStr); i++ {
 		copy(wiresCap[i][:], utils.StrArrayToFrontendVariableArray(wiresCapStr[i]))
 	}

 	testCase(publicInputs, circuitDigest, wiresCap)
 }
--- a/poseidon/poseidon.go
+++ b/poseidon/poseidon.go
@ -18,14 +18,14 @@ const SPONGE_WIDTH = 12
 const SPONGE_RATE = 8

 type PoseidonState = [WIDTH]GoldilocksElement
 type HashOutput = [4]GoldilocksElement
 type PoseidonChip struct {
 	api   frontend.API
 	field frontend.API
 }

 func Poseidon(api frontend.API, field frontend.API, input PoseidonState) PoseidonState {
 	chip := &PoseidonChip{api: api, field: field}
 	return chip.Poseidon(input)
 func NewPoseidonChip(api frontend.API, field frontend.API) *PoseidonChip {
 	return &PoseidonChip{api: api, field: field}
 }

 func (c *PoseidonChip) Poseidon(input PoseidonState) PoseidonState {
@ -37,6 +37,37 @@ func (c *PoseidonChip) Poseidon(input PoseidonState) PoseidonState {
 	return state
 }

 func (c *PoseidonChip) HashNToMNoPad(input []GoldilocksElement, nbOutputs int) []GoldilocksElement {
 	var state PoseidonState

 	for i := 0; i < len(input); i += SPONGE_RATE {
 		for j := 0; j < SPONGE_RATE; j++ {
 			if i+j < len(input) {
 				state[j] = input[i+j]
 			}
 		}
 		state = c.Poseidon(state)
 	}

 	var outputs []GoldilocksElement

 	for {
 		for i := 0; i < SPONGE_RATE; i++ {
 			outputs = append(outputs, state[i])
 			if len(outputs) == nbOutputs {
 				return outputs
 			}
 		}
 		state = c.Poseidon(state)
 	}
 }

 func (c *PoseidonChip) HashNoPad(input []GoldilocksElement) HashOutput {
 	var hash [4]GoldilocksElement
 	copy(hash[:], c.HashNToMNoPad(input, 4))
 	return hash
 }

 func (c *PoseidonChip) fullRounds(state PoseidonState, roundCounter *int) PoseidonState {
 	for i := 0; i < HALF_N_FULL_ROUNDS; i++ {
 		state = c.constantLayer(state, roundCounter)
--- a/poseidon/poseidon_test.go
+++ b/poseidon/poseidon_test.go
@ -2,18 +2,15 @@ package poseidon

 import (
 	. "gnark-ed25519/goldilocks"
 	"math/big"
 	"gnark-ed25519/utils"
 	"testing"

 	"github.com/consensys/gnark-crypto/ecc"
 	"github.com/consensys/gnark/backend/groth16"
 	"github.com/consensys/gnark/frontend"
 	"github.com/consensys/gnark/frontend/cs/r1cs"
 	"github.com/consensys/gnark/test"
 )

 var testCurve = ecc.BN254

 type TestPoseidonCircuit struct {
 	In  [12]frontend.Variable
 	Out [12]frontend.Variable
@ -28,7 +25,8 @@ func (circuit *TestPoseidonCircuit) Define(api frontend.API) error {
 		input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(GoldilocksElement)
 	}

 	output := Poseidon(api, goldilocksApi, input)
 	chip := NewPoseidonChip(api, goldilocksApi)
 	output := chip.Poseidon(input)

 	// Check that output is correct
 	for i := 0; i < 12; i++ {
@ -44,66 +42,39 @@ func (circuit *TestPoseidonCircuit) Define(api frontend.API) error {
 func TestPoseidonWitness(t *testing.T) {
 	assert := test.NewAssert(t)

 	testCase := func(inBigInt [12]big.Int, outBigInt [12]big.Int) {
 		var in [12]frontend.Variable
 		var out [12]frontend.Variable

 		for i := 0; i < 12; i++ {
 			in[i] = inBigInt[i]
 			out[i] = outBigInt[i]
 		}

 	testCase := func(in [12]frontend.Variable, out [12]frontend.Variable) {
 		circuit := TestPoseidonCircuit{In: in, Out: out}
 		witness := TestPoseidonCircuit{In: in, Out: out}
 		err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
 		assert.NoError(err)
 	}

 	inStr := [12]string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"}
 	outStr := [12]string{
 	inStr := []string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"}
 	outStr := []string{
 		"4330397376401421145", "14124799381142128323", "8742572140681234676",
 		"14345658006221440202", "15524073338516903644", "5091405722150716653",
 		"15002163819607624508", "2047012902665707362", "16106391063450633726",
 		"4680844749859802542", "15019775476387350140", "1698615465718385111",
 	}

 	var inBigInt [12]big.Int
 	var outBigInt [12]big.Int

 	for i := 0; i < 12; i++ {
 		inTmp := new(big.Int)
 		inTmp, _ = inTmp.SetString(inStr[i], 10)
 		inBigInt[i] = *inTmp

 		outTmp := new(big.Int)
 		outTmp, _ = outTmp.SetString(outStr[i], 10)
 		outBigInt[i] = *outTmp
 	}

 	testCase(inBigInt, outBigInt)
 	var in [12]frontend.Variable
 	var out [12]frontend.Variable
 	copy(in[:], utils.StrArrayToFrontendVariableArray(inStr))
 	copy(out[:], utils.StrArrayToFrontendVariableArray(outStr))
 	testCase(in, out)
 }

 func TestPoseidonProof(t *testing.T) {
 	inStr := [12]string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"}
 	outStr := [12]string{
 	inStr := []string{"0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0", "0"}
 	outStr := []string{
 		"4330397376401421145", "14124799381142128323", "8742572140681234676",
 		"14345658006221440202", "15524073338516903644", "5091405722150716653",
 		"15002163819607624508", "2047012902665707362", "16106391063450633726",
 		"4680844749859802542", "15019775476387350140", "1698615465718385111",
 	}

 	var in [12]frontend.Variable
 	var out [12]frontend.Variable

 	for i := 0; i < 12; i++ {
 		inTmp := new(big.Int)
 		inTmp, _ = inTmp.SetString(inStr[i], 10)
 		in[i] = *inTmp

 		outTmp := new(big.Int)
 		outTmp, _ = outTmp.SetString(outStr[i], 10)
 		out[i] = *outTmp
 	}
 	copy(in[:], utils.StrArrayToFrontendVariableArray(inStr))
 	copy(out[:], utils.StrArrayToFrontendVariableArray(outStr))

 	circuit := TestPoseidonCircuit{In: in, Out: out}
 	assignment := TestPoseidonCircuit{In: in, Out: out}
--- a/poseidon/public_inputs_hash_test.go
+++ b/poseidon/public_inputs_hash_test.go
@ -0,0 +1,60 @@
 package poseidon

 import (
 	. "gnark-ed25519/goldilocks"
 	"gnark-ed25519/utils"
 	"testing"

 	"github.com/consensys/gnark-crypto/ecc"
 	"github.com/consensys/gnark/frontend"
 	"github.com/consensys/gnark/test"
 )

 var testCurve = ecc.BN254

 type TestPublicInputsHashCircuit struct {
 	In  [3]frontend.Variable
 	Out [4]frontend.Variable
 }

 func (circuit *TestPublicInputsHashCircuit) Define(api frontend.API) error {
 	goldilocksApi := NewGoldilocksAPI(api)

 	// BN254 -> Binary(64) -> GoldilocksElement
 	var input [3]GoldilocksElement
 	for i := 0; i < 3; i++ {
 		input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(GoldilocksElement)
 	}

 	poseidonChip := &PoseidonChip{api: api, field: goldilocksApi}
 	output := poseidonChip.HashNoPad(input[:])

 	// Check that output is correct
 	for i := 0; i < 4; i++ {
 		goldilocksApi.AssertIsEqual(
 			output[i],
 			goldilocksApi.FromBinary(api.ToBinary(circuit.Out[i])).(GoldilocksElement),
 		)
 	}

 	return nil
 }

 func TestPublicInputsHashWitness(t *testing.T) {
 	assert := test.NewAssert(t)

 	testCase := func(in [3]frontend.Variable, out [4]frontend.Variable) {
 		circuit := TestPublicInputsHashCircuit{In: in, Out: out}
 		witness := TestPublicInputsHashCircuit{In: in, Out: out}
 		err := test.IsSolved(&circuit, &witness, testCurve.ScalarField())
 		assert.NoError(err)
 	}

 	inStr := []string{"0", "1", "3736710860384812976"}
 	outStr := []string{"8416658900775745054", "12574228347150446423", "9629056739760131473", "3119289788404190010"}
 	var in [3]frontend.Variable
 	var out [4]frontend.Variable
 	copy(in[:], utils.StrArrayToFrontendVariableArray(inStr))
 	copy(out[:], utils.StrArrayToFrontendVariableArray(outStr))
 	testCase(in, out)
 }
--- a/utils/utils.go
+++ b/utils/utils.go
@ -0,0 +1,25 @@
 package utils

 import (
 	"math/big"

 	"github.com/consensys/gnark/frontend"
 )

 func StrArrayToBigIntArray(input []string) []big.Int {
 	var output []big.Int
 	for i := 0; i < len(input); i++ {
 		a := new(big.Int)
 		a, _ = a.SetString(input[i], 10)
 		output = append(output, *a)
 	}
 	return output
 }

 func StrArrayToFrontendVariableArray(input []string) []frontend.Variable {
 	var output []frontend.Variable
 	for i := 0; i < len(input); i++ {
 		output = append(output, frontend.Variable(input[i]))
 	}
 	return output
 }