reducing multiplication gates with constants

5 years ago · de0e081494
6 changed files with 130 additions and 70 deletions
--- a/README.md
+++ b/README.md
@ -11,7 +11,7 @@ UNDER CONSTRUCTION!

 Implementation of the zkSNARK [Pinocchio protocol](https://eprint.iacr.org/2013/279.pdf) from scratch in Go to understand the concepts. Do not use in production.

 This forked aims to extend its functionalities s.t. one can prove set-membership in zero knowledge. 
 This fork aims to extend its functionalities s.t. one can prove set-membership in zero knowledge. 

 Current implementation status:
 - [x] Finite Fields (1, 2, 6, 12) operations
--- a/circuitcompiler/Programm.go
+++ b/circuitcompiler/Programm.go
@ -28,7 +28,7 @@ func (p *Program) BuildConstraintTrees() {

 	functionRootMap := make(map[string]*gate)
 	for _, circuit := range p.functions {
 		circuit.addConstraint(p.oneConstraint())
 		//circuit.addConstraint(p.oneConstraint())
 		fName := composeNewFunction(circuit.Name, circuit.Inputs)
 		root := &gate{value: circuit.constraintMap[fName]}
 		functionRootMap[fName] = root
@ -123,19 +123,20 @@ func traverseCombinedMultiplicationGates(root *gate, mGatesUsed map[string]bool,
 	//if root == nil {
 	//	return
 	//}
 	//fmt.Printf("\n%p",mGatesUsed)
 	if root.OperationType() == FUNC {
 		//if a input has already been built, we let this subroutine know
 		newMap := make(map[string]bool)
 		//newMap := make(map[string]bool)
 		for _, in := range root.funcInputs {

 			if _, ex := mGatesUsed[in.value.Out]; ex {
 				newMap[in.value.Out] = true
 				//newMap[in.value.Out] = true
 			} else {
 				traverseCombinedMultiplicationGates(in, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
 			}
 		}
 		//mGatesUsed[root.value.Out] = true
 		traverseCombinedMultiplicationGates(functionRenamer(root.value), newMap, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
 		traverseCombinedMultiplicationGates(functionRenamer(root.value), mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
 	} else {
 		if _, alreadyComputed := mGatesUsed[root.value.V1]; !alreadyComputed && root.OperationType()&(IN|CONST) == 0 {
 			traverseCombinedMultiplicationGates(root.left, mGatesUsed, orderedmGates, functionRootMap, functionRenamer, negate, inverse)
@ -148,12 +149,24 @@ func traverseCombinedMultiplicationGates(root *gate, mGatesUsed map[string]bool,

 	if root.OperationType() == MULTIPLY {

 		_, n, _ := isFunction(root.value.Out)
 		if (root.left.OperationType()|root.right.OperationType())&CONST != 0 && n != "main" {
 			return
 		}

 		root.leftIns = make(map[string]int)
 		collectAtomsInSubtree(root.left, root.leftIns, functionRootMap, negate, inverse)
 		collectAtomsInSubtree(root.left, mGatesUsed, 1, root.leftIns, functionRootMap, negate, inverse)
 		root.rightIns = make(map[string]int)
 		collectAtomsInSubtree(root.right, root.rightIns, functionRootMap, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
 		//if root.left.value.Out== root.right.value.Out{
 		//	//note this is not a full copy, but shouldnt be a problem
 		//	root.rightIns= root.leftIns
 		//}else{
 		//	collectAtomsInSubtree(root.right, mGatesUsed, 1, root.rightIns, functionRootMap, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
 		//}
 		collectAtomsInSubtree(root.right, mGatesUsed, 1, root.rightIns, functionRootMap, Xor(negate, root.value.negate), Xor(inverse, root.value.invert))
 		root.index = len(mGatesUsed)
 		mGatesUsed[root.value.Out] = true

 		rootGate := cloneGate(root)
 		*orderedmGates = append(*orderedmGates, *rootGate)
 	}
@ -161,6 +174,63 @@ func traverseCombinedMultiplicationGates(root *gate, mGatesUsed map[string]bool,
 	//TODO optimize if output is not a multipication gate
 }

 func collectAtomsInSubtree(g *gate, mGatesUsed map[string]bool, multiplicative int, in map[string]int, functionRootMap map[string]*gate, negate bool, invert bool) {
 	if g == nil {
 		return
 	}
 	if _, ex := mGatesUsed[g.value.Out]; ex {
 		addToMap(g.value.Out, multiplicative, in, negate)
 		return
 	}

 	if g.OperationType()&(IN|CONST) != 0 {
 		addToMap(g.value.Out, multiplicative, in, negate)
 		return
 	}

 	if g.OperationType()&(MULTIPLY) != 0 {
 		b1, v1 := isValue(g.value.V1)
 		b2, v2 := isValue(g.value.V2)

 		if b1 && !b2 {
 			multiplicative *= v1
 			collectAtomsInSubtree(g.right, mGatesUsed, multiplicative, in, functionRootMap, Xor(negate, g.value.negate), invert)
 			return
 		} else if !b1 && b2 {
 			multiplicative *= v2
 			collectAtomsInSubtree(g.left, mGatesUsed, multiplicative, in, functionRootMap, negate, invert)
 			return
 		} else if b1 && b2 {
 			panic("multiply constants not supported yet")
 		} else {
 			panic("werird")
 		}
 	}
 	if g.OperationType() == FUNC {
 		if b, name, _ := isFunction(g.value.Out); b {
 			collectAtomsInSubtree(functionRootMap[name], mGatesUsed, multiplicative, in, functionRootMap, negate, invert)

 		} else {
 			panic("function expected")
 		}

 	}
 	collectAtomsInSubtree(g.left, mGatesUsed, multiplicative, in, functionRootMap, negate, invert)
 	collectAtomsInSubtree(g.right, mGatesUsed, multiplicative, in, functionRootMap, Xor(negate, g.value.negate), invert)

 }

 func addOneToMap(value string, in map[string]int, negate bool) {
 	addToMap(value, 1, in, negate)
 }
 func addToMap(value string, val int, in map[string]int, negate bool) {
 	if negate {
 		in[value] = (in[value] - 1) * val
 	} else {
 		in[value] = (in[value] + 1) * val
 	}
 }

 //copies a gate neglecting its references to other gates
 func cloneGate(in *gate) (out *gate) {
 	constr := &Constraint{Inputs: in.value.Inputs, Out: in.value.Out, Op: in.value.Op, invert: in.value.invert, negate: in.value.negate, V2: in.value.V2, V1: in.value.V1}
@ -184,15 +254,16 @@ func (p *Program) addGlobalInput(c *Constraint) {
 }

 func NewProgramm() *Program {
 	return &Program{functions: map[string]*Circuit{}, signals: []string{}, globalInputs: []*Constraint{{Op: CONST, Out: "one"}}}
 	//return &Program{functions: map[string]*Circuit{}, signals: []string{}, globalInputs: []*Constraint{{Op: PLUS, V1:"1",V2:"0", Out: "one"}}}
 	return &Program{functions: map[string]*Circuit{}, signals: []string{}, globalInputs: []*Constraint{{Op: IN, Out: "one"}}}
 }

 func (p *Program) oneConstraint() *Constraint {
 	if p.globalInputs[0].Out != "one" {
 		panic("'one' should be first global input")
 	}
 	return p.globalInputs[0]
 }
 //func (p *Program) oneConstraint() *Constraint {
 //	if p.globalInputs[0].Out != "one" {
 //		panic("'one' should be first global input")
 //	}
 //	return p.globalInputs[0]
 //}

 func (p *Program) addSignal(name string) {
 	p.signals = append(p.signals, name)
@ -262,7 +333,25 @@ func (p *Program) GenerateReducedR1CS(mGates []gate) (a, b, c [][]*big.Int) {
 			bConstraint := r1csqap.ArrayOfBigZeros(size)
 			cConstraint := r1csqap.ArrayOfBigZeros(size)

 			//if len(gate.leftIns)>=len(gate.rightIns){
 			//	for leftInput, _ := range gate.leftIns {
 			//		if v, ex := gate.rightIns[leftInput]; ex {
 			//			gate.leftIns[leftInput] *= v
 			//			gate.rightIns[leftInput] = 1
 			//
 			//		}
 			//	}
 			//}else{
 			//	for rightInput, _ := range gate.rightIns {
 			//		if v, ex := gate.leftIns[rightInput]; ex {
 			//			gate.rightIns[rightInput] *= v
 			//			gate.leftIns[rightInput] = 1
 			//		}
 			//	}
 			//}

 			for leftInput, val := range gate.leftIns {

 				insertVar3(aConstraint, val, leftInput, indexMap[leftInput])
 			}
 			for rightInput, val := range gate.rightIns {
--- a/circuitcompiler/Programm_test.go
+++ b/circuitcompiler/Programm_test.go
@ -17,29 +17,30 @@ func TestNewProgramm(t *testing.T) {

 	flat := `
 	func do(x):
 		e = x * x
 		b = e * e
 		c = b * b
 		d = c * c
 		e = x * 5
 		b = e * 6
 		c = b * 7
 		f = c * 1
 		d = c / f
 		out = d * 1
 	
 	func add(x ,k):
 		z = k * x
 		out = do(x) + mul(x,z)
 	
 	func main(a,b):
 		out = do(5) + 4
 	func main(x,z):	
 		out = do(x) + 4
 	
 	func mul(a,b):
 		out = a * b
 	`

 	//flat := `
 	//func do(x):
 	//	b = x - 2
 	//	out = x * b
 	//func main(a,b):
 	//	out = do(a) + 4
 	//	e = 4 * a
 	//	c = a * e
 	//	d = c * 70
 	//	out = a * d
 	//`
 	parser := NewParser(strings.NewReader(flat))
 	program, err := parser.Parse()
--- a/circuitcompiler/circuit.go
+++ b/circuitcompiler/circuit.go
@ -109,13 +109,15 @@ func (circ *Circuit) addConstraint(constraint *Constraint) {
 			//the main functions output must be a multiplication gate
 			//if its not, then we simple create one where outNew = 1 * outOld
 			if constraint.Op&(MINUS|PLUS) != 0 {
 				newOut := &Constraint{Out: constraint.Out, V1: "one", V2: "out2", Op: MULTIPLY}
 				newOut := &Constraint{Out: constraint.Out, V1: "1", V2: "out2", Op: MULTIPLY}
 				//TODO reachable?
 				delete(circ.constraintMap, constraint.Out)
 				circ.addConstraint(newOut)
 				constraint.Out = "out2"
 				circ.addConstraint(constraint)
 			}
 		}

 	}

 	addConstantsAndFunctions := func(constraint string) {
@ -274,35 +276,6 @@ func printTree(g *gate, d int) {
 	}
 }

 func addToMap(value string, in map[string]int, negate bool) {
 	if negate {
 		in[value] = in[value] - 1
 	} else {
 		in[value] = in[value] + 1
 	}
 }

 func collectAtomsInSubtree(g *gate, in map[string]int, functionRootMap map[string]*gate, negate bool, invert bool) {
 	if g == nil {
 		return
 	}
 	if g.OperationType()&(MULTIPLY|IN|CONST) != 0 {
 		addToMap(g.value.Out, in, negate)
 		return
 	}
 	if g.OperationType() == FUNC {
 		if b, name, _ := isFunction(g.value.Out); b {
 			collectAtomsInSubtree(functionRootMap[name], in, functionRootMap, negate, invert)
 		} else {
 			panic("function expected")
 		}

 	}

 	collectAtomsInSubtree(g.left, in, functionRootMap, negate, invert)
 	collectAtomsInSubtree(g.right, in, functionRootMap, Xor(negate, g.value.negate), invert)
 }

 func Xor(a, b bool) bool {
 	return (a && !b) || (!a && b)
 }
--- a/r1csqap/r1csqap.go
+++ b/r1csqap/r1csqap.go
@ -2,6 +2,7 @@ package r1csqap

 import (
 	"bytes"
 	"fmt"
 	"math/big"

 	"github.com/mottla/go-snark/fields"
@ -162,6 +163,9 @@ func (pf PolynomialField) R1CSToQAP(a, b, c [][]*big.Int) ([][]*big.Int, [][]*bi
 	aT := Transpose(a)
 	bT := Transpose(b)
 	cT := Transpose(c)
 	fmt.Println(aT)
 	fmt.Println(bT)
 	fmt.Println(cT)
 	var alphas [][]*big.Int
 	for i := 0; i < len(aT); i++ {
 		alphas = append(alphas, pf.LagrangeInterpolation(aT[i]))
--- a/snark_test.go
+++ b/snark_test.go
@ -3,7 +3,6 @@ package snark
 import (
 	"fmt"
 	"github.com/mottla/go-snark/circuitcompiler"
 	"github.com/mottla/go-snark/r1csqap"
 	"github.com/stretchr/testify/assert"
 	"math/big"
 	"strings"
@ -13,16 +12,10 @@ import (
 func TestNewProgramm(t *testing.T) {

 	flat := `

 	func add(x ,k):
 		z = k * x
 		out = x + mul(x,z)
 	
 	func main(a,b):
 		out = add(a,b) * a

 	func mul(a,b):
 		out = a * b	
 	func main(a,b,c,d):
 		e = a + b
 		f = c * d
 		out = e * f
 	`

 	parser := circuitcompiler.NewParser(strings.NewReader(flat))
@ -35,7 +28,7 @@ func TestNewProgramm(t *testing.T) {
 	fmt.Println(flat)

 	program.BuildConstraintTrees()
 	program.PrintConstraintTrees()
 	program.PrintContraintTrees()
 	fmt.Println("\nReduced gates")
 	//PrintTree(froots["mul"])
 	gates := program.ReduceCombinedTree()
@ -50,7 +43,7 @@ func TestNewProgramm(t *testing.T) {
 	fmt.Println(c)
 	a1 := big.NewInt(int64(6))
 	a2 := big.NewInt(int64(5))
 	inputs := []*big.Int{a1, a2}
 	inputs := []*big.Int{a1, a2, a1, a2}
 	w := program.CalculateWitness(inputs)
 	fmt.Println("witness")
 	fmt.Println(w)
@ -82,9 +75,9 @@ func TestNewProgramm(t *testing.T) {
 	hzQAP := Utils.PF.Mul(hxQAP, zxQAP)
 	assert.Equal(t, abc, hzQAP)

 	div, rem := Utils.PF.Div(px, zxQAP)
 	assert.Equal(t, hxQAP, div)
 	assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(4))
 	//div, rem := Utils.PF.Div(px, zxQAP)
 	//assert.Equal(t, hxQAP, div)
 	//assert.Equal(t, rem, r1csqap.ArrayOfBigZeros(4))

 	// calculate trusted setup
 	//setup, err := GenerateTrustedSetup(len(w), *circuit, alphas, betas, gammas)