Browse Source

Merge pull request #3 from iden3/feature/calculateH-mul

Use fft on calculateH polynomial multiplication
ed255-patch-1
arnau 4 years ago
committed by GitHub
parent
commit
e6fe08e699
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 79 additions and 17 deletions
  1. +12
    -6
      prover/ifft.go
  2. +20
    -9
      prover/prover.go
  3. +47
    -2
      prover/prover_test.go

+ 12
- 6
prover/ifft.go

@ -48,7 +48,7 @@ func (roots rootsT) setRoots(n int) {
} }
} }
func fft(roots rootsT, pall []*ff.Element, bits, offset, step int) []*ff.Element {
func fftroots(roots rootsT, pall []*ff.Element, bits, offset, step int) []*ff.Element {
n := 1 << bits n := 1 << bits
if n == 1 { if n == 1 {
return []*ff.Element{pall[offset]} return []*ff.Element{pall[offset]}
@ -60,19 +60,18 @@ func fft(roots rootsT, pall []*ff.Element, bits, offset, step int) []*ff.Element
} }
ndiv2 := n >> 1 ndiv2 := n >> 1
p1 := fft(roots, pall, bits-1, offset, step*2)
p2 := fft(roots, pall, bits-1, offset+step, step*2)
p1 := fftroots(roots, pall, bits-1, offset, step*2)
p2 := fftroots(roots, pall, bits-1, offset+step, step*2)
out := make([]*ff.Element, n) out := make([]*ff.Element, n)
for i := 0; i < ndiv2; i++ { for i := 0; i < ndiv2; i++ {
// fmt.Println(i, len(roots.roots))
out[i] = ff.NewElement().Add(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i])) out[i] = ff.NewElement().Add(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
out[i+ndiv2] = ff.NewElement().Sub(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i])) out[i+ndiv2] = ff.NewElement().Sub(p1[i], ff.NewElement().Mul(roots.roots[bits][i], p2[i]))
} }
return out return out
} }
func ifft(p []*ff.Element) []*ff.Element {
func fft(p []*ff.Element) []*ff.Element {
if len(p) <= 1 { if len(p) <= 1 {
return p return p
} }
@ -81,7 +80,14 @@ func ifft(p []*ff.Element) []*ff.Element {
roots.setRoots(int(bits)) roots.setRoots(int(bits))
m := 1 << int(bits) m := 1 << int(bits)
ep := extend(p, m) ep := extend(p, m)
res := fft(roots, ep, int(bits), 0, 1)
res := fftroots(roots, ep, int(bits), 0, 1)
return res
}
func ifft(p []*ff.Element) []*ff.Element {
res := fft(p)
bits := math.Log2(float64(len(p)-1)) + 1
m := 1 << int(bits)
twoinvm := ff.NewElement().SetBigInt(fInv(fMul(big.NewInt(1), big.NewInt(int64(m))))) twoinvm := ff.NewElement().SetBigInt(fInv(fMul(big.NewInt(1), big.NewInt(int64(m)))))

+ 20
- 9
prover/prover.go

@ -2,10 +2,12 @@ package prover
import ( import (
"crypto/rand" "crypto/rand"
"math"
"math/big" "math/big"
bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare" bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare"
"github.com/iden3/go-circom-prover-verifier/types" "github.com/iden3/go-circom-prover-verifier/types"
"github.com/iden3/go-iden3-crypto/ff"
"github.com/iden3/go-iden3-crypto/utils" "github.com/iden3/go-iden3-crypto/utils"
) )
@ -111,7 +113,6 @@ func calculateH(pk *types.Pk, w types.Witness) []*big.Int {
m := pk.DomainSize m := pk.DomainSize
polAT := arrayOfZeroes(m) polAT := arrayOfZeroes(m)
polBT := arrayOfZeroes(m) polBT := arrayOfZeroes(m)
polCT := arrayOfZeroes(m)
for i := 0; i < pk.NVars; i++ { for i := 0; i < pk.NVars; i++ {
for j := range pk.PolsA[i] { for j := range pk.PolsA[i] {
@ -120,22 +121,32 @@ func calculateH(pk *types.Pk, w types.Witness) []*big.Int {
for j := range pk.PolsB[i] { for j := range pk.PolsB[i] {
polBT[j] = fAdd(polBT[j], fMul(w[i], pk.PolsB[i][j])) polBT[j] = fAdd(polBT[j], fMul(w[i], pk.PolsB[i][j]))
} }
for j := range pk.PolsC[i] {
polCT[j] = fAdd(polCT[j], fMul(w[i], pk.PolsC[i][j]))
}
} }
polATe := utils.BigIntArrayToElementArray(polAT) polATe := utils.BigIntArrayToElementArray(polAT)
polBTe := utils.BigIntArrayToElementArray(polBT) polBTe := utils.BigIntArrayToElementArray(polBT)
polCTe := utils.BigIntArrayToElementArray(polCT)
polASe := ifft(polATe) polASe := ifft(polATe)
polBSe := ifft(polBTe) polBSe := ifft(polBTe)
polABSe := polynomialMulE(polASe, polBSe)
polCSe := ifft(polCTe)
r := int(math.Log2(float64(m))) + 1
roots := newRootsT()
roots.setRoots(r)
for i := 0; i < len(polASe); i++ {
polASe[i] = ff.NewElement().Mul(polASe[i], roots.roots[r][i])
polBSe[i] = ff.NewElement().Mul(polBSe[i], roots.roots[r][i])
}
polATodd := fft(polASe)
polBTodd := fft(polBSe)
polABT := arrayOfZeroesE(len(polASe) * 2)
for i := 0; i < len(polASe); i++ {
polABT[2*i] = ff.NewElement().Mul(polATe[i], polBTe[i])
polABT[2*i+1] = ff.NewElement().Mul(polATodd[i], polBTodd[i])
}
polABCSe := polynomialSubE(polABSe, polCSe)
hSeFull := ifft(polABT)
hSe := polABCSe[m:]
hSe := hSeFull[m:]
return ElementArrayToBigIntArray(hSe) return ElementArrayToBigIntArray(hSe)
} }

+ 47
- 2
prover/prover_test.go

@ -2,6 +2,7 @@ package prover
import ( import (
"encoding/json" "encoding/json"
"fmt"
"io/ioutil" "io/ioutil"
"math/big" "math/big"
"testing" "testing"
@ -13,7 +14,7 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
func TestSmallCircuitGenerateProf(t *testing.T) {
func TestSmallCircuitGenerateProof(t *testing.T) {
provingKeyJson, err := ioutil.ReadFile("../testdata/small/proving_key.json") provingKeyJson, err := ioutil.ReadFile("../testdata/small/proving_key.json")
require.Nil(t, err) require.Nil(t, err)
pk, err := parsers.ParsePk(provingKeyJson) pk, err := parsers.ParsePk(provingKeyJson)
@ -52,7 +53,7 @@ func TestSmallCircuitGenerateProf(t *testing.T) {
// snarkjs verify --vk testdata/small/verification_key.json -p testdata/small/proof.json --pub testdata/small/public.json // snarkjs verify --vk testdata/small/verification_key.json -p testdata/small/proof.json --pub testdata/small/public.json
} }
func TestBigCircuitGenerateProf(t *testing.T) {
func TestBigCircuitGenerateProof(t *testing.T) {
provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json") provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json")
require.Nil(t, err) require.Nil(t, err)
pk, err := parsers.ParsePk(provingKeyJson) pk, err := parsers.ParsePk(provingKeyJson)
@ -89,6 +90,50 @@ func TestBigCircuitGenerateProf(t *testing.T) {
// snarkjs verify --vk testdata/big/verification_key.json -p testdata/big/proof.json --pub testdata/big/public.json // snarkjs verify --vk testdata/big/verification_key.json -p testdata/big/proof.json --pub testdata/big/public.json
} }
func TestIdStateCircuitGenerateProof(t *testing.T) {
// this test is to execute the proof generation for a bigger circuit
// (arround 22500 constraints)
//
// to see the time needed to execute this
// test Will need the ../testdata/idstate-circuit compiled &
// trustedsetup files (generated in
// https://github.com/iden3/go-zksnark-full-flow-example)
if false {
fmt.Println("TestIdStateCircuitGenerateProof activated")
provingKeyJson, err := ioutil.ReadFile("../testdata/idstate-circuit/proving_key.json")
require.Nil(t, err)
pk, err := parsers.ParsePk(provingKeyJson)
require.Nil(t, err)
witnessJson, err := ioutil.ReadFile("../testdata/idstate-circuit/witness.json")
require.Nil(t, err)
w, err := parsers.ParseWitness(witnessJson)
require.Nil(t, err)
proof, pubSignals, err := GenerateProof(pk, w)
assert.Nil(t, err)
proofStr, err := parsers.ProofToJson(proof)
assert.Nil(t, err)
err = ioutil.WriteFile("../testdata/idstate-circuit/proof.json", proofStr, 0644)
assert.Nil(t, err)
publicStr, err := json.Marshal(parsers.ArrayBigIntToString(pubSignals))
assert.Nil(t, err)
err = ioutil.WriteFile("../testdata/idstate-circuit/public.json", publicStr, 0644)
assert.Nil(t, err)
// verify the proof
vkJson, err := ioutil.ReadFile("../testdata/idstate-circuit/verification_key.json")
require.Nil(t, err)
vk, err := parsers.ParseVk(vkJson)
require.Nil(t, err)
v := verifier.Verify(vk, proof, pubSignals)
assert.True(t, v)
}
}
func BenchmarkGenerateProof(b *testing.B) { func BenchmarkGenerateProof(b *testing.B) {
provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json") provingKeyJson, err := ioutil.ReadFile("../testdata/big/proving_key.json")
require.Nil(b, err) require.Nil(b, err)

Loading…
Cancel
Save