arnaucube
/
go-snark-study
mirror of https://github.com/arnaucube/go-snark-study.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
1 Branch
4 Tags
109 MiB
Tree: 705e500a5d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '705e500a5d'
${ noResults }
go-snark-study/circuitcompiler/Programm.go

382 lines
9.5 KiB
Raw Normal View History

-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
  1. package circuitcompiler
  3. import (
  4. "fmt"
  5. "github.com/mottla/go-snark/r1csqap"
  6. "math/big"
  7. )
  9. type Program struct {
  10. functions map[string]*Circuit
  11. signals []string
  12. globalInputs []*Constraint
  13. R1CS struct {
  14. A [][]*big.Int
  15. B [][]*big.Int
  16. C [][]*big.Int
  17. }
  18. }
  20. func (p *Program) PrintContraintTrees() {
  21. for k, v := range p.functions {
  22. fmt.Println(k)
  23. PrintTree(v.root)
  24. }
  25. }
  27. func (p *Program) BuildConstraintTrees() {
  29. functionRootMap := make(map[string]*gate)
  30. for _, circuit := range p.functions {
  31. circuit.addConstraint(p.oneConstraint())
  32. fName := composeNewFunction(circuit.Name, circuit.Inputs)
  33. root := &gate{value: circuit.constraintMap[fName]}
  34. functionRootMap[fName] = root
  35. circuit.root = root
  36. }
  38. for _, circuit := range p.functions {
  40. buildTree(circuit.constraintMap, circuit.root)
  42. }
  44. return
  46. }
  48. func buildTree(con map[string]*Constraint, g *gate) {
  49. if _, ex := con[g.value.Out]; ex {
  50. if g.OperationType()&(IN|CONST) != 0 {
  51. return
  52. }
  53. } else {
  54. panic(fmt.Sprintf("undefined variable %s", g.value.Out))
  55. }
  56. if g.OperationType() == FUNC {
  57. g.funcInputs = []*gate{}
  58. for _, in := range g.value.Inputs {
  59. if constr, ex := con[in]; ex {
  60. newGate := &gate{value: constr}
  61. g.funcInputs = append(g.funcInputs, newGate)
  62. buildTree(con, newGate)
  63. } else {
  64. panic(fmt.Sprintf("undefined value %s", g.value.V1))
  65. }
  66. }
  67. return
  68. }
  69. if constr, ex := con[g.value.V1]; ex {
  70. g.addLeft(constr)
  71. buildTree(con, g.left)
  72. } else {
  73. panic(fmt.Sprintf("undefined value %s", g.value.V1))
  74. }
  76. if constr, ex := con[g.value.V2]; ex {
  77. g.addRight(constr)
  78. buildTree(con, g.right)
  79. } else {
  80. panic(fmt.Sprintf("undefined value %s", g.value.V2))
  81. }
  82. }
  84. func (p *Program) ReduceCombinedTree() (orderedmGates []gate) {
  85. mGatesUsed := make(map[string]bool)
  86. orderedmGates = []gate{}
  87. functionRootMap := make(map[string]*gate)
  88. for k, v := range p.functions {
  89. functionRootMap[k] = v.root
  90. }
  92. functionRenamer := func(c *Constraint) *gate {
  94. if c.Op != FUNC {
  95. panic("not a function")
  96. }
  97. if b, name, in := isFunction(c.Out); b {
  99. if k, v := p.functions[name]; v {
  100. //fmt.Println("unrenamed thing")
  101. //PrintTree(k.root)
  102. k.renameInputs(in)
  103. //fmt.Println("renamed thing")
  104. //PrintTree(k.root)
  105. return k.root
  106. }
  107. } else {
  108. panic("not a function dude")
  109. }
  110. return nil
  111. }
  113. traverseCombinedMultiplicationGates(p.getMainCircut().root, mGatesUsed, &orderedmGates, functionRootMap, functionRenamer, false, false)
  115. //for _, g := range mGates {
  116. // orderedmGates[len(orderedmGates)-1-g.index] = g
  117. //}
  119. return orderedmGates
  120. }
  122. func traverseCombinedMultiplicationGates(root *gate, mGatesUsed map[string]bool, orderedmGates *[]gate, functionRootMap map[string]*gate, functionRenamer func(c *Constraint) *gate, negate bool, inverse bool) {
  123. //if root == nil {
  124. // return
  125. //}
  126. if root.OperationType() == FUNC {
  127. //if a input has already been built, we let this subroutine know
  128. newMap := make(map[string]bool)
  129. for _, in := range root.funcInputs {
  131. if _, ex := mGatesUsed[in.value.Out]; ex {
  132. newMap[in.value.Out] = true
  133. } else {
  134. traverseCombinedMultiplicationGates(in, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
  135. }
  136. }
  137. //mGatesUsed[root.value.Out] = true
  138. traverseCombinedMultiplicationGates(functionRenamer(root.value), newMap, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
  139. } else {
  140. if _, alreadyComputed := mGatesUsed[root.value.V1]; !alreadyComputed && root.OperationType()&(IN|CONST) == 0 {
  141. traverseCombinedMultiplicationGates(root.left, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
  142. }
  144. if _, alreadyComputed := mGatesUsed[root.value.V2]; !alreadyComputed && root.OperationType()&(IN|CONST) == 0 {
  145. traverseCombinedMultiplicationGates(root.right, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
  146. }
  147. }
  149. if root.OperationType() == MULTIPLY {
  151. root.leftIns = make(map[string]int)
  152. collectAtomsInSubtree(root.left, root.leftIns, functionRootMap, negate, inverse)
  153. root.rightIns = make(map[string]int)
  154. collectAtomsInSubtree(root.right, root.rightIns, functionRootMap, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
  155. root.index = len(mGatesUsed)
  156. mGatesUsed[root.value.Out] = true
  157. rootGate := cloneGate(root)
  158. *orderedmGates = append(*orderedmGates, *rootGate)
  159. }
  161. //TODO optimize if output is not a multipication gate
  162. }
  164. //copies a gate neglecting its references to other gates
  165. func cloneGate(in *gate) (out *gate) {
  166. constr := &Constraint{Inputs: in.value.Inputs, Out: in.value.Out, Op: in.value.Op, invert: in.value.invert, negate: in.value.negate, V2: in.value.V2, V1: in.value.V1}
  167. nRightins := make(map[string]int)
  168. nLeftInst := make(map[string]int)
  169. for k, v := range in.rightIns {
  170. nRightins[k] = v
  171. }
  172. for k, v := range in.leftIns {
  173. nLeftInst[k] = v
  174. }
  175. return &gate{value: constr, leftIns: nLeftInst, rightIns: nRightins, index: in.index}
  176. }
  178. func (p *Program) getMainCircut() *Circuit {
  179. return p.functions["main"]
  180. }
  182. func (p *Program) addGlobalInput(c *Constraint) {
  183. p.globalInputs = append(p.globalInputs, c)
  184. }
  186. func NewProgramm() *Program {
  187. return &Program{functions: map[string]*Circuit{}, signals: []string{}, globalInputs: []*Constraint{{Op: CONST, Out: "one"}}}
  188. }
  190. func (p *Program) oneConstraint() *Constraint {
  191. if p.globalInputs[0].Out != "one" {
  192. panic("'one' should be first global input")
  193. }
  194. return p.globalInputs[0]
  195. }
  197. func (p *Program) addSignal(name string) {
  198. p.signals = append(p.signals, name)
  199. }
  201. func (p *Program) addFunction(constraint *Constraint) (c *Circuit) {
  202. name := constraint.Out
  203. fmt.Println("try to add function ", name)
  205. b, name2, _ := isFunction(name)
  206. if !b {
  207. panic(fmt.Sprintf("not a function: %v", constraint))
  208. }
  209. name = name2
  211. if _, ex := p.functions[name]; ex {
  212. panic("function already declared")
  213. }
  215. c = newCircuit(name)
  217. p.functions[name] = c
  219. //if constraint.Literal == "main" {
  220. for _, in := range constraint.Inputs {
  221. newConstr := &Constraint{
  222. Op: IN,
  223. Out: in,
  224. }
  225. if name == "main" {
  226. p.addGlobalInput(newConstr)
  227. }
  228. c.addConstraint(newConstr)
  229. }
  231. c.Inputs = constraint.Inputs
  232. return
  234. }
  236. // GenerateR1CS generates the R1CS polynomials from the Circuit
  237. func (p *Program) GenerateReducedR1CS(mGates []gate) (a, b, c [][]*big.Int) {
  238. // from flat code to R1CS
  240. offset := len(p.globalInputs)
  241. // one + in1 +in2+... + gate1 + gate2 .. + out
  242. size := offset + len(mGates)
  243. indexMap := make(map[string]int)
  245. //circ.Signals = []string{"one"}
  246. for i, v := range p.globalInputs {
  247. indexMap[v.Out] = i
  248. //circ.Signals = append(circ.Signals, v)
  250. }
  251. for i, v := range mGates {
  252. indexMap[v.value.Out] = i + offset
  253. //circ.Signals = append(circ.Signals, v.value.Out)
  254. }
  255. //circ.NVars = len(circ.Signals)
  256. //circ.NSignals = len(circ.Signals)
  258. for _, gate := range mGates {
  260. if gate.OperationType() == MULTIPLY {
  261. aConstraint := r1csqap.ArrayOfBigZeros(size)
  262. bConstraint := r1csqap.ArrayOfBigZeros(size)
  263. cConstraint := r1csqap.ArrayOfBigZeros(size)
  265. for leftInput, val := range gate.leftIns {
  266. insertVar3(aConstraint, val, leftInput, indexMap[leftInput])
  267. }
  268. for rightInput, val := range gate.rightIns {
  269. insertVar3(bConstraint, val, rightInput, indexMap[rightInput])
  270. }
  271. cConstraint[indexMap[gate.value.Out]] = big.NewInt(int64(1))
  273. if gate.value.invert {
  274. a = append(a, cConstraint)
  275. b = append(b, bConstraint)
  276. c = append(c, aConstraint)
  277. } else {
  278. a = append(a, aConstraint)
  279. b = append(b, bConstraint)
  280. c = append(c, cConstraint)
  281. }
  283. } else {
  284. panic("not a m gate")
  285. }
  286. }
  287. p.R1CS.A = a
  288. p.R1CS.B = b
  289. p.R1CS.C = c
  290. return a, b, c
  291. }
  293. func insertVar3(arr []*big.Int, val int, input string, index int) {
  294. isVal, value := isValue(input)
  295. var valueBigInt *big.Int
  296. if isVal {
  297. valueBigInt = big.NewInt(int64(value))
  298. arr[0] = new(big.Int).Add(arr[0], valueBigInt)
  299. } else {
  300. //if !indexMap[leftInput] {
  301. // panic(errors.New("using variable before it's set"))
  302. //}
  303. valueBigInt = big.NewInt(int64(val))
  304. arr[index] = new(big.Int).Add(arr[index], valueBigInt)
  305. }
  307. }
  309. func (p *Program) CalculateWitness(input []*big.Int) (witness []*big.Int) {
  311. if len(p.globalInputs)-1 != len(input) {
  312. panic("input do not match the required inputs")
  313. }
  315. witness = r1csqap.ArrayOfBigZeros(len(p.R1CS.A[0]))
  316. set := make([]bool, len(witness))
  317. witness[0] = big.NewInt(int64(1))
  318. set[0] = true
  320. for i := range input {
  321. witness[i+1] = input[i]
  322. set[i+1] = true
  323. }
  325. zero := big.NewInt(int64(0))
  327. for i := 0; i < len(p.R1CS.A); i++ {
  328. gatesLeftInputs := p.R1CS.A[i]
  329. gatesRightInputs := p.R1CS.B[i]
  330. gatesOutputs := p.R1CS.C[i]
  332. sumLeft := big.NewInt(int64(0))
  333. sumRight := big.NewInt(int64(0))
  334. sumOut := big.NewInt(int64(0))
  336. index := -1
  337. division := false
  338. for j, val := range gatesLeftInputs {
  339. if val.Cmp(zero) != 0 {
  340. if !set[j] {
  341. index = j
  342. division = true
  343. break
  344. }
  345. sumLeft.Add(sumLeft, new(big.Int).Mul(val, witness[j]))
  346. }
  347. }
  348. for j, val := range gatesRightInputs {
  349. if val.Cmp(zero) != 0 {
  350. sumRight.Add(sumRight, new(big.Int).Mul(val, witness[j]))
  351. }
  352. }
  354. for j, val := range gatesOutputs {
  355. if val.Cmp(zero) != 0 {
  356. if !set[j] {
  357. if index != -1 {
  358. panic("invalid R1CS form")
  359. }
  361. index = j
  362. break
  363. }
  364. sumOut.Add(sumOut, new(big.Int).Mul(val, witness[j]))
  365. }
  366. }
  368. if !division {
  369. set[index] = true
  370. witness[index] = new(big.Int).Mul(sumLeft, sumRight)
  372. } else {
  373. b := sumRight.Int64()
  374. c := sumOut.Int64()
  375. set[index] = true
  376. witness[index] = big.NewInt(c / b)
  377. }
  379. }
  381. return
  382. }