mirror of
https://github.com/arnaucube/go-circom-prover-verifier.git
synced 2026-02-06 19:06:43 +01:00
Use fft on calculateH polynomial multiplication
For a circuit arround 22500 constraints: - before: the proof was generated aprox in `80 seconds` - now: the proof is generated aprox in `16 seconds`
This commit is contained in:
arnaucube
@@ -48,7 +48,7 @@ func (roots rootsT) setRoots(n int) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func fft(roots rootsT, pall []*ff.Element, bits, offset, step int) []*ff.Element {
|
func fftroots(roots rootsT, pall []*ff.Element, bits, offset, step int) []*ff.Element {
|
||||||
n := 1 << bits
|
n := 1 << bits
|
||||||
if n == 1 {
|
if n == 1 {
|
||||||
return []*ff.Element{pall[offset]}
|
return []*ff.Element{pall[offset]}
|
||||||
@@ -60,19 +60,18 @@ func fft(roots rootsT, pall []*ff.Element, bits, offset, step int) []*ff.Element
|
|||||||
}
|
}
|
||||||
|
|
||||||
ndiv2 := n >> 1
|
ndiv2 := n >> 1
|
||||||
p1 := fft(roots, pall, bits-1, offset, step*2)
|
p1 := fftroots(roots, pall, bits-1, offset, step*2)
|
||||||
p2 := fft(roots, pall, bits-1, offset+step, step*2)
|
p2 := fftroots(roots, pall, bits-1, offset+step, step*2)
|
||||||
|
|
||||||
out := make([]*ff.Element, n)
|
out := make([]*ff.Element, n)
|
||||||
for i := 0; i < ndiv2; i++ {
|
for i := 0; i < ndiv2; i++ {
|
||||||
// fmt.Println(i, len(roots.roots))
|
|
||||||
out[i] = ff.NewElement().Add(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
|
out[i] = ff.NewElement().Add(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
|
||||||
out[i+ndiv2] = ff.NewElement().Sub(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
|
out[i+ndiv2] = ff.NewElement().Sub(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
|
||||||
}
|
}
|
||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
func ifft(p []*ff.Element) []*ff.Element {
|
func fft(p []*ff.Element) []*ff.Element {
|
||||||
if len(p) <= 1 {
|
if len(p) <= 1 {
|
||||||
return p
|
return p
|
||||||
}
|
}
|
||||||
@@ -81,7 +80,14 @@ func ifft(p []*ff.Element) []*ff.Element {
|
|||||||
roots.setRoots(int(bits))
|
roots.setRoots(int(bits))
|
||||||
m := 1 << int(bits)
|
m := 1 << int(bits)
|
||||||
ep := extend(p, m)
|
ep := extend(p, m)
|
||||||
res := fft(roots, ep, int(bits), 0, 1)
|
res := fftroots(roots, ep, int(bits), 0, 1)
|
||||||
|
return res
|
||||||
|
}
|
||||||
|
|
||||||
|
func ifft(p []*ff.Element) []*ff.Element {
|
||||||
|
res := fft(p)
|
||||||
|
bits := math.Log2(float64(len(p)-1)) + 1
|
||||||
|
m := 1 << int(bits)
|
||||||
|
|
||||||
twoinvm := ff.NewElement().SetBigInt(fInv(fMul(big.NewInt(1), big.NewInt(int64(m)))))
|
twoinvm := ff.NewElement().SetBigInt(fInv(fMul(big.NewInt(1), big.NewInt(int64(m)))))
|
||||||
|
|
||||||
|
|||||||
@@ -2,10 +2,12 @@ package prover
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
|
"math"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
|
||||||
bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare"
|
bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare"
|
||||||
"github.com/iden3/go-circom-prover-verifier/types"
|
"github.com/iden3/go-circom-prover-verifier/types"
|
||||||
|
"github.com/iden3/go-iden3-crypto/ff"
|
||||||
"github.com/iden3/go-iden3-crypto/utils"
|
"github.com/iden3/go-iden3-crypto/utils"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -111,7 +113,6 @@ func calculateH(pk *types.Pk, w types.Witness) []*big.Int {
|
|||||||
m := pk.DomainSize
|
m := pk.DomainSize
|
||||||
polAT := arrayOfZeroes(m)
|
polAT := arrayOfZeroes(m)
|
||||||
polBT := arrayOfZeroes(m)
|
polBT := arrayOfZeroes(m)
|
||||||
polCT := arrayOfZeroes(m)
|
|
||||||
|
|
||||||
for i := 0; i < pk.NVars; i++ {
|
for i := 0; i < pk.NVars; i++ {
|
||||||
for j := range pk.PolsA[i] {
|
for j := range pk.PolsA[i] {
|
||||||
@@ -120,22 +121,32 @@ func calculateH(pk *types.Pk, w types.Witness) []*big.Int {
|
|||||||
for j := range pk.PolsB[i] {
|
for j := range pk.PolsB[i] {
|
||||||
polBT[j] = fAdd(polBT[j], fMul(w[i], pk.PolsB[i][j]))
|
polBT[j] = fAdd(polBT[j], fMul(w[i], pk.PolsB[i][j]))
|
||||||
}
|
}
|
||||||
for j := range pk.PolsC[i] {
|
|
||||||
polCT[j] = fAdd(polCT[j], fMul(w[i], pk.PolsC[i][j]))
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
polATe := utils.BigIntArrayToElementArray(polAT)
|
polATe := utils.BigIntArrayToElementArray(polAT)
|
||||||
polBTe := utils.BigIntArrayToElementArray(polBT)
|
polBTe := utils.BigIntArrayToElementArray(polBT)
|
||||||
polCTe := utils.BigIntArrayToElementArray(polCT)
|
|
||||||
|
|
||||||
polASe := ifft(polATe)
|
polASe := ifft(polATe)
|
||||||
polBSe := ifft(polBTe)
|
polBSe := ifft(polBTe)
|
||||||
polABSe := polynomialMulE(polASe, polBSe)
|
|
||||||
|
|
||||||
polCSe := ifft(polCTe)
|
r := int(math.Log2(float64(m))) + 1
|
||||||
|
roots := newRootsT()
|
||||||
|
roots.setRoots(r)
|
||||||
|
for i := 0; i < len(polASe); i++ {
|
||||||
|
polASe[i] = ff.NewElement().Mul(polASe[i], roots.roots[r][i])
|
||||||
|
polBSe[i] = ff.NewElement().Mul(polBSe[i], roots.roots[r][i])
|
||||||
|
}
|
||||||
|
|
||||||
polABCSe := polynomialSubE(polABSe, polCSe)
|
polATodd := fft(polASe)
|
||||||
|
polBTodd := fft(polBSe)
|
||||||
|
|
||||||
hSe := polABCSe[m:]
|
polABT := arrayOfZeroesE(len(polASe) * 2)
|
||||||
|
for i := 0; i < len(polASe); i++ {
|
||||||
|
polABT[2*i] = ff.NewElement().Mul(polATe[i], polBTe[i])
|
||||||
|
polABT[2*i+1] = ff.NewElement().Mul(polATodd[i], polBTodd[i])
|
||||||
|
}
|
||||||
|
|
||||||
|
hSeFull := ifft(polABT)
|
||||||
|
|
||||||
|
hSe := hSeFull[m:]
|
||||||
return ElementArrayToBigIntArray(hSe)
|
return ElementArrayToBigIntArray(hSe)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ package prover
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"math/big"
|
"math/big"
|
||||||
"testing"
|
"testing"
|
||||||
@@ -13,7 +14,7 @@ import (
|
|||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSmallCircuitGenerateProf(t *testing.T) {
|
func TestSmallCircuitGenerateProof(t *testing.T) {
|
||||||
provingKeyJson, err := ioutil.ReadFile("../testdata/small/proving_key.json")
|
provingKeyJson, err := ioutil.ReadFile("../testdata/small/proving_key.json")
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
pk, err := parsers.ParsePk(provingKeyJson)
|
pk, err := parsers.ParsePk(provingKeyJson)
|
||||||
@@ -52,7 +53,7 @@ func TestSmallCircuitGenerateProf(t *testing.T) {
|
|||||||
// snarkjs verify --vk testdata/small/verification_key.json -p testdata/small/proof.json --pub testdata/small/public.json
|
// snarkjs verify --vk testdata/small/verification_key.json -p testdata/small/proof.json --pub testdata/small/public.json
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBigCircuitGenerateProf(t *testing.T) {
|
func TestBigCircuitGenerateProof(t *testing.T) {
|
||||||
provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json")
|
provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json")
|
||||||
require.Nil(t, err)
|
require.Nil(t, err)
|
||||||
pk, err := parsers.ParsePk(provingKeyJson)
|
pk, err := parsers.ParsePk(provingKeyJson)
|
||||||
@@ -89,6 +90,50 @@ func TestBigCircuitGenerateProf(t *testing.T) {
|
|||||||
// snarkjs verify --vk testdata/big/verification_key.json -p testdata/big/proof.json --pub testdata/big/public.json
|
// snarkjs verify --vk testdata/big/verification_key.json -p testdata/big/proof.json --pub testdata/big/public.json
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIdStateCircuitGenerateProof(t *testing.T) {
|
||||||
|
// this test is to execute the proof generation for a bigger circuit
|
||||||
|
// (arround 22500 constraints)
|
||||||
|
//
|
||||||
|
// to see the time needed to execute this
|
||||||
|
// test Will need the ../testdata/idstate-circuit compiled &
|
||||||
|
// trustedsetup files (generated in
|
||||||
|
// https://github.com/iden3/go-zksnark-full-flow-example)
|
||||||
|
if false {
|
||||||
|
fmt.Println("TestIdStateCircuitGenerateProof activated")
|
||||||
|
provingKeyJson, err := ioutil.ReadFile("../testdata/idstate-circuit/proving_key.json")
|
||||||
|
require.Nil(t, err)
|
||||||
|
pk, err := parsers.ParsePk(provingKeyJson)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
witnessJson, err := ioutil.ReadFile("../testdata/idstate-circuit/witness.json")
|
||||||
|
require.Nil(t, err)
|
||||||
|
w, err := parsers.ParseWitness(witnessJson)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
proof, pubSignals, err := GenerateProof(pk, w)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
|
||||||
|
proofStr, err := parsers.ProofToJson(proof)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
|
||||||
|
err = ioutil.WriteFile("../testdata/idstate-circuit/proof.json", proofStr, 0644)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
publicStr, err := json.Marshal(parsers.ArrayBigIntToString(pubSignals))
|
||||||
|
assert.Nil(t, err)
|
||||||
|
err = ioutil.WriteFile("../testdata/idstate-circuit/public.json", publicStr, 0644)
|
||||||
|
assert.Nil(t, err)
|
||||||
|
|
||||||
|
// verify the proof
|
||||||
|
vkJson, err := ioutil.ReadFile("../testdata/idstate-circuit/verification_key.json")
|
||||||
|
require.Nil(t, err)
|
||||||
|
vk, err := parsers.ParseVk(vkJson)
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
v := verifier.Verify(vk, proof, pubSignals)
|
||||||
|
assert.True(t, v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func BenchmarkGenerateProof(b *testing.B) {
|
func BenchmarkGenerateProof(b *testing.B) {
|
||||||
provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json")
|
provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json")
|
||||||
require.Nil(b, err)
|
require.Nil(b, err)
|
||||||
|
|||||||
Reference in New Issue
Block a user