arnaucube
/
go-snark-study
mirror of https://github.com/arnaucube/go-snark-study.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 Commits
1 Branch
4 Tags
109 MiB
Tree: de0e081494
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'de0e081494'
${ noResults }
go-snark-study/circuitcompiler/Programm.go

471 lines
12 KiB
Raw Normal View History

-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
reducing multiplication gates with constants
5 years ago
-initial commit, -extending flat code compiler to a more general compiler -reducing all gates to multiplication gates only in the R1CS description of a program.
5 years ago
  1. package circuitcompiler
  3. import (
  4. "fmt"
  5. "github.com/mottla/go-snark/r1csqap"
  6. "math/big"
  7. )
  9. type Program struct {
  10. functions map[string]*Circuit
  11. signals []string
  12. globalInputs []*Constraint
  13. R1CS struct {
  14. A [][]*big.Int
  15. B [][]*big.Int
  16. C [][]*big.Int
  17. }
  18. }
  20. func (p *Program) PrintContraintTrees() {
  21. for k, v := range p.functions {
  22. fmt.Println(k)
  23. PrintTree(v.root)
  24. }
  25. }
  27. func (p *Program) BuildConstraintTrees() {
  29. functionRootMap := make(map[string]*gate)
  30. for _, circuit := range p.functions {
  31. //circuit.addConstraint(p.oneConstraint())
  32. fName := composeNewFunction(circuit.Name, circuit.Inputs)
  33. root := &gate{value: circuit.constraintMap[fName]}
  34. functionRootMap[fName] = root
  35. circuit.root = root
  36. }
  38. for _, circuit := range p.functions {
  40. buildTree(circuit.constraintMap, circuit.root)
  42. }
  44. return
  46. }
  48. func buildTree(con map[string]*Constraint, g *gate) {
  49. if _, ex := con[g.value.Out]; ex {
  50. if g.OperationType()&(IN|CONST) != 0 {
  51. return
  52. }
  53. } else {
  54. panic(fmt.Sprintf("undefined variable %s", g.value.Out))
  55. }
  56. if g.OperationType() == FUNC {
  57. g.funcInputs = []*gate{}
  58. for _, in := range g.value.Inputs {
  59. if constr, ex := con[in]; ex {
  60. newGate := &gate{value: constr}
  61. g.funcInputs = append(g.funcInputs, newGate)
  62. buildTree(con, newGate)
  63. } else {
  64. panic(fmt.Sprintf("undefined value %s", g.value.V1))
  65. }
  66. }
  67. return
  68. }
  69. if constr, ex := con[g.value.V1]; ex {
  70. g.addLeft(constr)
  71. buildTree(con, g.left)
  72. } else {
  73. panic(fmt.Sprintf("undefined value %s", g.value.V1))
  74. }
  76. if constr, ex := con[g.value.V2]; ex {
  77. g.addRight(constr)
  78. buildTree(con, g.right)
  79. } else {
  80. panic(fmt.Sprintf("undefined value %s", g.value.V2))
  81. }
  82. }
  84. func (p *Program) ReduceCombinedTree() (orderedmGates []gate) {
  85. mGatesUsed := make(map[string]bool)
  86. orderedmGates = []gate{}
  87. functionRootMap := make(map[string]*gate)
  88. for k, v := range p.functions {
  89. functionRootMap[k] = v.root
  90. }
  92. functionRenamer := func(c *Constraint) *gate {
  94. if c.Op != FUNC {
  95. panic("not a function")
  96. }
  97. if b, name, in := isFunction(c.Out); b {
  99. if k, v := p.functions[name]; v {
  100. //fmt.Println("unrenamed thing")
  101. //PrintTree(k.root)
  102. k.renameInputs(in)
  103. //fmt.Println("renamed thing")
  104. //PrintTree(k.root)
  105. return k.root
  106. }
  107. } else {
  108. panic("not a function dude")
  109. }
  110. return nil
  111. }
  113. traverseCombinedMultiplicationGates(p.getMainCircut().root, mGatesUsed, &orderedmGates, functionRootMap, functionRenamer, false, false)
  115. //for _, g := range mGates {
  116. // orderedmGates[len(orderedmGates)-1-g.index] = g
  117. //}
  119. return orderedmGates
  120. }
  122. func traverseCombinedMultiplicationGates(root *gate, mGatesUsed map[string]bool, orderedmGates *[]gate, functionRootMap map[string]*gate, functionRenamer func(c *Constraint) *gate, negate bool, inverse bool) {
  123. //if root == nil {
  124. // return
  125. //}
  126. //fmt.Printf("\n%p",mGatesUsed)
  127. if root.OperationType() == FUNC {
  128. //if a input has already been built, we let this subroutine know
  129. //newMap := make(map[string]bool)
  130. for _, in := range root.funcInputs {
  132. if _, ex := mGatesUsed[in.value.Out]; ex {
  133. //newMap[in.value.Out] = true
  134. } else {
  135. traverseCombinedMultiplicationGates(in, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
  136. }
  137. }
  138. //mGatesUsed[root.value.Out] = true
  139. traverseCombinedMultiplicationGates(functionRenamer(root.value), mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
  140. } else {
  141. if _, alreadyComputed := mGatesUsed[root.value.V1]; !alreadyComputed && root.OperationType()&(IN|CONST) == 0 {
  142. traverseCombinedMultiplicationGates(root.left, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
  143. }
  145. if _, alreadyComputed := mGatesUsed[root.value.V2]; !alreadyComputed && root.OperationType()&(IN|CONST) == 0 {
  146. traverseCombinedMultiplicationGates(root.right, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
  147. }
  148. }
  150. if root.OperationType() == MULTIPLY {
  152. _, n, _ := isFunction(root.value.Out)
  153. if (root.left.OperationType()|root.right.OperationType())&CONST != 0 && n != "main" {
  154. return
  155. }
  157. root.leftIns = make(map[string]int)
  158. collectAtomsInSubtree(root.left, mGatesUsed, 1, root.leftIns, functionRootMap, negate, inverse)
  159. root.rightIns = make(map[string]int)
  160. //if root.left.value.Out== root.right.value.Out{
  161. // //note this is not a full copy, but shouldnt be a problem
  162. // root.rightIns= root.leftIns
  163. //}else{
  164. // collectAtomsInSubtree(root.right, mGatesUsed, 1, root.rightIns, functionRootMap, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
  165. //}
  166. collectAtomsInSubtree(root.right, mGatesUsed, 1, root.rightIns, functionRootMap, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
  167. root.index = len(mGatesUsed)
  168. mGatesUsed[root.value.Out] = true
  170. rootGate := cloneGate(root)
  171. *orderedmGates = append(*orderedmGates, *rootGate)
  172. }
  174. //TODO optimize if output is not a multipication gate
  175. }
  177. func collectAtomsInSubtree(g *gate, mGatesUsed map[string]bool, multiplicative int, in map[string]int, functionRootMap map[string]*gate, negate bool, invert bool) {
  178. if g == nil {
  179. return
  180. }
  181. if _, ex := mGatesUsed[g.value.Out]; ex {
  182. addToMap(g.value.Out, multiplicative, in, negate)
  183. return
  184. }
  186. if g.OperationType()&(IN|CONST) != 0 {
  187. addToMap(g.value.Out, multiplicative, in, negate)
  188. return
  189. }
  191. if g.OperationType()&(MULTIPLY) != 0 {
  192. b1, v1 := isValue(g.value.V1)
  193. b2, v2 := isValue(g.value.V2)
  195. if b1 && !b2 {
  196. multiplicative *= v1
  197. collectAtomsInSubtree(g.right, mGatesUsed, multiplicative, in, functionRootMap, Xor(negate, g.value.negate), invert)
  198. return
  199. } else if !b1 && b2 {
  200. multiplicative *= v2
  201. collectAtomsInSubtree(g.left, mGatesUsed, multiplicative, in, functionRootMap, negate, invert)
  202. return
  203. } else if b1 && b2 {
  204. panic("multiply constants not supported yet")
  205. } else {
  206. panic("werird")
  207. }
  208. }
  209. if g.OperationType() == FUNC {
  210. if b, name, _ := isFunction(g.value.Out); b {
  211. collectAtomsInSubtree(functionRootMap[name], mGatesUsed, multiplicative, in, functionRootMap, negate, invert)
  213. } else {
  214. panic("function expected")
  215. }
  217. }
  218. collectAtomsInSubtree(g.left, mGatesUsed, multiplicative, in, functionRootMap, negate, invert)
  219. collectAtomsInSubtree(g.right, mGatesUsed, multiplicative, in, functionRootMap, Xor(negate, g.value.negate), invert)
  221. }
  223. func addOneToMap(value string, in map[string]int, negate bool) {
  224. addToMap(value, 1, in, negate)
  225. }
  226. func addToMap(value string, val int, in map[string]int, negate bool) {
  227. if negate {
  228. in[value] = (in[value] - 1) * val
  229. } else {
  230. in[value] = (in[value] + 1) * val
  231. }
  232. }
  234. //copies a gate neglecting its references to other gates
  235. func cloneGate(in *gate) (out *gate) {
  236. constr := &Constraint{Inputs: in.value.Inputs, Out: in.value.Out, Op: in.value.Op, invert: in.value.invert, negate: in.value.negate, V2: in.value.V2, V1: in.value.V1}
  237. nRightins := make(map[string]int)
  238. nLeftInst := make(map[string]int)
  239. for k, v := range in.rightIns {
  240. nRightins[k] = v
  241. }
  242. for k, v := range in.leftIns {
  243. nLeftInst[k] = v
  244. }
  245. return &gate{value: constr, leftIns: nLeftInst, rightIns: nRightins, index: in.index}
  246. }
  248. func (p *Program) getMainCircut() *Circuit {
  249. return p.functions["main"]
  250. }
  252. func (p *Program) addGlobalInput(c *Constraint) {
  253. p.globalInputs = append(p.globalInputs, c)
  254. }
  256. func NewProgramm() *Program {
  257. //return &Program{functions: map[string]*Circuit{}, signals: []string{}, globalInputs: []*Constraint{{Op: PLUS, V1:"1",V2:"0", Out: "one"}}}
  258. return &Program{functions: map[string]*Circuit{}, signals: []string{}, globalInputs: []*Constraint{{Op: IN, Out: "one"}}}
  259. }
  261. //func (p *Program) oneConstraint() *Constraint {
  262. // if p.globalInputs[0].Out != "one" {
  263. // panic("'one' should be first global input")
  264. // }
  265. // return p.globalInputs[0]
  266. //}
  268. func (p *Program) addSignal(name string) {
  269. p.signals = append(p.signals, name)
  270. }
  272. func (p *Program) addFunction(constraint *Constraint) (c *Circuit) {
  273. name := constraint.Out
  274. fmt.Println("try to add function ", name)
  276. b, name2, _ := isFunction(name)
  277. if !b {
  278. panic(fmt.Sprintf("not a function: %v", constraint))
  279. }
  280. name = name2
  282. if _, ex := p.functions[name]; ex {
  283. panic("function already declared")
  284. }
  286. c = newCircuit(name)
  288. p.functions[name] = c
  290. //if constraint.Literal == "main" {
  291. for _, in := range constraint.Inputs {
  292. newConstr := &Constraint{
  293. Op: IN,
  294. Out: in,
  295. }
  296. if name == "main" {
  297. p.addGlobalInput(newConstr)
  298. }
  299. c.addConstraint(newConstr)
  300. }
  302. c.Inputs = constraint.Inputs
  303. return
  305. }
  307. // GenerateR1CS generates the R1CS polynomials from the Circuit
  308. func (p *Program) GenerateReducedR1CS(mGates []gate) (a, b, c [][]*big.Int) {
  309. // from flat code to R1CS
  311. offset := len(p.globalInputs)
  312. // one + in1 +in2+... + gate1 + gate2 .. + out
  313. size := offset + len(mGates)
  314. indexMap := make(map[string]int)
  316. //circ.Signals = []string{"one"}
  317. for i, v := range p.globalInputs {
  318. indexMap[v.Out] = i
  319. //circ.Signals = append(circ.Signals, v)
  321. }
  322. for i, v := range mGates {
  323. indexMap[v.value.Out] = i + offset
  324. //circ.Signals = append(circ.Signals, v.value.Out)
  325. }
  326. //circ.NVars = len(circ.Signals)
  327. //circ.NSignals = len(circ.Signals)
  329. for _, gate := range mGates {
  331. if gate.OperationType() == MULTIPLY {
  332. aConstraint := r1csqap.ArrayOfBigZeros(size)
  333. bConstraint := r1csqap.ArrayOfBigZeros(size)
  334. cConstraint := r1csqap.ArrayOfBigZeros(size)
  336. //if len(gate.leftIns)>=len(gate.rightIns){
  337. // for leftInput, _ := range gate.leftIns {
  338. // if v, ex := gate.rightIns[leftInput]; ex {
  339. // gate.leftIns[leftInput] *= v
  340. // gate.rightIns[leftInput] = 1
  341. //
  342. // }
  343. // }
  344. //}else{
  345. // for rightInput, _ := range gate.rightIns {
  346. // if v, ex := gate.leftIns[rightInput]; ex {
  347. // gate.rightIns[rightInput] *= v
  348. // gate.leftIns[rightInput] = 1
  349. // }
  350. // }
  351. //}
  353. for leftInput, val := range gate.leftIns {
  355. insertVar3(aConstraint, val, leftInput, indexMap[leftInput])
  356. }
  357. for rightInput, val := range gate.rightIns {
  358. insertVar3(bConstraint, val, rightInput, indexMap[rightInput])
  359. }
  360. cConstraint[indexMap[gate.value.Out]] = big.NewInt(int64(1))
  362. if gate.value.invert {
  363. a = append(a, cConstraint)
  364. b = append(b, bConstraint)
  365. c = append(c, aConstraint)
  366. } else {
  367. a = append(a, aConstraint)
  368. b = append(b, bConstraint)
  369. c = append(c, cConstraint)
  370. }
  372. } else {
  373. panic("not a m gate")
  374. }
  375. }
  376. p.R1CS.A = a
  377. p.R1CS.B = b
  378. p.R1CS.C = c
  379. return a, b, c
  380. }
  382. func insertVar3(arr []*big.Int, val int, input string, index int) {
  383. isVal, value := isValue(input)
  384. var valueBigInt *big.Int
  385. if isVal {
  386. valueBigInt = big.NewInt(int64(value))
  387. arr[0] = new(big.Int).Add(arr[0], valueBigInt)
  388. } else {
  389. //if !indexMap[leftInput] {
  390. // panic(errors.New("using variable before it's set"))
  391. //}
  392. valueBigInt = big.NewInt(int64(val))
  393. arr[index] = new(big.Int).Add(arr[index], valueBigInt)
  394. }
  396. }
  398. func (p *Program) CalculateWitness(input []*big.Int) (witness []*big.Int) {
  400. if len(p.globalInputs)-1 != len(input) {
  401. panic("input do not match the required inputs")
  402. }
  404. witness = r1csqap.ArrayOfBigZeros(len(p.R1CS.A[0]))
  405. set := make([]bool, len(witness))
  406. witness[0] = big.NewInt(int64(1))
  407. set[0] = true
  409. for i := range input {
  410. witness[i+1] = input[i]
  411. set[i+1] = true
  412. }
  414. zero := big.NewInt(int64(0))
  416. for i := 0; i < len(p.R1CS.A); i++ {
  417. gatesLeftInputs := p.R1CS.A[i]
  418. gatesRightInputs := p.R1CS.B[i]
  419. gatesOutputs := p.R1CS.C[i]
  421. sumLeft := big.NewInt(int64(0))
  422. sumRight := big.NewInt(int64(0))
  423. sumOut := big.NewInt(int64(0))
  425. index := -1
  426. division := false
  427. for j, val := range gatesLeftInputs {
  428. if val.Cmp(zero) != 0 {
  429. if !set[j] {
  430. index = j
  431. division = true
  432. break
  433. }
  434. sumLeft.Add(sumLeft, new(big.Int).Mul(val, witness[j]))
  435. }
  436. }
  437. for j, val := range gatesRightInputs {
  438. if val.Cmp(zero) != 0 {
  439. sumRight.Add(sumRight, new(big.Int).Mul(val, witness[j]))
  440. }
  441. }
  443. for j, val := range gatesOutputs {
  444. if val.Cmp(zero) != 0 {
  445. if !set[j] {
  446. if index != -1 {
  447. panic("invalid R1CS form")
  448. }
  450. index = j
  451. break
  452. }
  453. sumOut.Add(sumOut, new(big.Int).Mul(val, witness[j]))
  454. }
  455. }
  457. if !division {
  458. set[index] = true
  459. witness[index] = new(big.Int).Mul(sumLeft, sumRight)
  461. } else {
  462. b := sumRight.Int64()
  463. c := sumOut.Int64()
  464. set[index] = true
  465. witness[index] = big.NewInt(c / b)
  466. }
  468. }
  470. return
  471. }