arnaucube
/
hyperplonk
mirror of https://github.com/arnaucube/hyperplonk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

remove identity polynomial commitments and PCS evaluations (#104) 

* remove sid pcs evals

* minor optimization + more timers
main
chancharles92 1 year ago
committed by GitHub
parent
94092ca6a4
commit
366a2674bc
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 40 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +15
    -29
      hyperplonk/src/snark.rs
  2. +21
    -7
      hyperplonk/src/structs.rs
  3. +9
    -4
      subroutines/src/pcs/multilinear_kzg/batching.rs

+ 15
- 29
hyperplonk/src/snark.rs
View File

@ -5,7 +5,7 @@ use crate::{
witness::WitnessColumn, witness::WitnessColumn,
HyperPlonkSNARK, HyperPlonkSNARK,
}; };
use arithmetic::{evaluate_opt, identity_permutation_mles, VPAuxInfo};
use arithmetic::{evaluate_opt, gen_eval_point, VPAuxInfo};
use ark_ec::PairingEngine; use ark_ec::PairingEngine;
use ark_poly::DenseMultilinearExtension; use ark_poly::DenseMultilinearExtension;
use ark_std::{end_timer, log2, start_timer, One, Zero}; use ark_std::{end_timer, log2, start_timer, One, Zero};
@ -51,13 +51,6 @@ where
let (pcs_prover_param, pcs_verifier_param) = let (pcs_prover_param, pcs_verifier_param) =
PCS::trim(pcs_srs, None, Some(supported_ml_degree))?; PCS::trim(pcs_srs, None, Some(supported_ml_degree))?;
// build identity oracles
let id_oracles = identity_permutation_mles(num_vars, index.num_witness_columns());
let mut id_comms = vec![];
for id_oracle in id_oracles.iter() {
id_comms.push(PCS::commit(&pcs_prover_param, id_oracle)?);
}
// build permutation oracles // build permutation oracles
let mut permutation_oracles = vec![]; let mut permutation_oracles = vec![];
let mut perm_comms = vec![]; let mut perm_comms = vec![];
@ -87,12 +80,10 @@ where
Ok(( Ok((
Self::ProvingKey { Self::ProvingKey {
params: index.params.clone(), params: index.params.clone(),
id_oracles,
permutation_oracles, permutation_oracles,
selector_oracles, selector_oracles,
selector_commitments: selector_commitments.clone(), selector_commitments: selector_commitments.clone(),
permutation_commitments: perm_comms.clone(), permutation_commitments: perm_comms.clone(),
id_commitments: id_comms.clone(),
pcs_param: pcs_prover_param, pcs_param: pcs_prover_param,
}, },
Self::VerifyingKey { Self::VerifyingKey {
@ -100,7 +91,6 @@ where
pcs_param: pcs_verifier_param, pcs_param: pcs_verifier_param,
selector_commitments, selector_commitments,
perm_commitments: perm_comms, perm_commitments: perm_comms,
id_commitments: id_comms,
}, },
)) ))
} }
@ -290,11 +280,6 @@ where
&perm_check_point_1, &perm_check_point_1,
); );
// s_id(x)'s points
for (s_id, s_com) in pk.id_oracles.iter().zip(pk.id_commitments.iter()) {
pcs_acc.insert_poly_and_points(s_id, s_com, perm_check_point);
}
// perms(x)'s points // perms(x)'s points
for (perm, pcom) in pk for (perm, pcom) in pk
.permutation_oracles .permutation_oracles
@ -414,15 +399,13 @@ where
// Extract evaluations from openings // Extract evaluations from openings
let prod_evals = &proof.batch_openings.f_i_eval_at_point_i[0..4]; let prod_evals = &proof.batch_openings.f_i_eval_at_point_i[0..4];
let frac_evals = &proof.batch_openings.f_i_eval_at_point_i[4..7]; let frac_evals = &proof.batch_openings.f_i_eval_at_point_i[4..7];
let id_evals = &proof.batch_openings.f_i_eval_at_point_i[7..7 + num_witnesses];
let perm_evals =
&proof.batch_openings.f_i_eval_at_point_i[7 + num_witnesses..7 + 2 * num_witnesses];
let perm_evals = &proof.batch_openings.f_i_eval_at_point_i[7..7 + num_witnesses];
let witness_perm_evals = let witness_perm_evals =
&proof.batch_openings.f_i_eval_at_point_i[7 + 2 * num_witnesses..7 + 3 * num_witnesses];
&proof.batch_openings.f_i_eval_at_point_i[7 + num_witnesses..7 + 2 * num_witnesses];
let witness_gate_evals = let witness_gate_evals =
&proof.batch_openings.f_i_eval_at_point_i[7 + 3 * num_witnesses..7 + 4 * num_witnesses];
&proof.batch_openings.f_i_eval_at_point_i[7 + 2 * num_witnesses..7 + 3 * num_witnesses];
let selector_evals = &proof.batch_openings.f_i_eval_at_point_i let selector_evals = &proof.batch_openings.f_i_eval_at_point_i
[7 + 4 * num_witnesses..7 + 4 * num_witnesses + num_selectors];
[7 + 3 * num_witnesses..7 + 3 * num_witnesses + num_selectors];
let pi_eval = proof.batch_openings.f_i_eval_at_point_i.last().unwrap(); let pi_eval = proof.batch_openings.f_i_eval_at_point_i.last().unwrap();
// ======================================================================= // =======================================================================
@ -491,12 +474,18 @@ where
let alpha = perm_check_sub_claim.product_check_sub_claim.alpha; let alpha = perm_check_sub_claim.product_check_sub_claim.alpha;
let (beta, gamma) = perm_check_sub_claim.challenges; let (beta, gamma) = perm_check_sub_claim.challenges;
let mut id_evals = vec![];
for i in 0..num_witnesses {
let ith_point = gen_eval_point(i, log2(num_witnesses) as usize, &perm_check_point[..]);
id_evals.push(vk.params.eval_id_oracle(&ith_point[..])?);
}
// check evaluation subclaim // check evaluation subclaim
let perm_gate_eval = eval_perm_gate( let perm_gate_eval = eval_perm_gate(
prod_evals, prod_evals,
frac_evals, frac_evals,
witness_perm_evals, witness_perm_evals,
id_evals,
&id_evals[..],
perm_evals, perm_evals,
alpha, alpha,
beta, beta,
@ -546,12 +535,6 @@ where
points.push(perm_check_point_0); points.push(perm_check_point_0);
points.push(perm_check_point_1); points.push(perm_check_point_1);
// s_id's points
for &id_com in vk.id_commitments.iter() {
comms.push(id_com);
points.push(perm_check_point.clone());
}
// perms' points // perms' points
for &pcom in vk.perm_commitments.iter() { for &pcom in vk.perm_commitments.iter() {
comms.push(pcom); comms.push(pcom);
@ -559,6 +542,7 @@ where
} }
// witnesses' points // witnesses' points
// TODO: merge points
for &wcom in proof.witness_commits.iter() { for &wcom in proof.witness_commits.iter() {
comms.push(wcom); comms.push(wcom);
points.push(perm_check_point.clone()); points.push(perm_check_point.clone());
@ -579,6 +563,7 @@ where
let r_pi = transcript.get_and_append_challenge_vectors(b"r_pi", ell)?; let r_pi = transcript.get_and_append_challenge_vectors(b"r_pi", ell)?;
// check public evaluation // check public evaluation
let pi_step = start_timer!(|| "check public evaluation");
let pi_poly = DenseMultilinearExtension::from_evaluations_slice(ell as usize, pub_input); let pi_poly = DenseMultilinearExtension::from_evaluations_slice(ell as usize, pub_input);
let expect_pi_eval = evaluate_opt(&pi_poly, &r_pi[..]); let expect_pi_eval = evaluate_opt(&pi_poly, &r_pi[..]);
if expect_pi_eval != *pi_eval { if expect_pi_eval != *pi_eval {
@ -592,6 +577,7 @@ where
comms.push(proof.witness_commits[0]); comms.push(proof.witness_commits[0]);
points.push(r_pi_padded); points.push(r_pi_padded);
assert_eq!(comms.len(), proof.batch_openings.f_i_eval_at_point_i.len()); assert_eq!(comms.len(), proof.batch_openings.f_i_eval_at_point_i.len());
end_timer!(pi_step);
end_timer!(step); end_timer!(step);
let step = start_timer!(|| "PCS batch verify"); let step = start_timer!(|| "PCS batch verify");

+ 21
- 7
hyperplonk/src/structs.rs
View File

@ -1,6 +1,6 @@
//! Main module for the HyperPlonk PolyIOP. //! Main module for the HyperPlonk PolyIOP.
use crate::{custom_gate::CustomizedGates, selectors::SelectorColumn};
use crate::{custom_gate::CustomizedGates, prelude::HyperPlonkErrors, selectors::SelectorColumn};
use ark_ec::PairingEngine; use ark_ec::PairingEngine;
use ark_ff::PrimeField; use ark_ff::PrimeField;
use ark_poly::DenseMultilinearExtension; use ark_poly::DenseMultilinearExtension;
@ -66,6 +66,26 @@ impl HyperPlonkParams {
pub fn num_witness_columns(&self) -> usize { pub fn num_witness_columns(&self) -> usize {
self.gate_func.num_witness_columns() self.gate_func.num_witness_columns()
} }
/// evaluate the identical polynomial
pub fn eval_id_oracle<F: PrimeField>(&self, point: &[F]) -> Result<F, HyperPlonkErrors> {
let len = self.num_variables() + (log2(self.num_witness_columns()) as usize);
if point.len() != len {
return Err(HyperPlonkErrors::InvalidParameters(format!(
"ID oracle point length = {}, expected {}",
point.len(),
len,
)));
}
let mut res = F::zero();
let mut base = F::one();
for &v in point.iter() {
res += base * v;
base += base;
}
Ok(res)
}
} }
/// The HyperPlonk index, consists of the following: /// The HyperPlonk index, consists of the following:
@ -107,16 +127,12 @@ pub struct HyperPlonkProvingKey
pub params: HyperPlonkParams, pub params: HyperPlonkParams,
/// The preprocessed permutation polynomials /// The preprocessed permutation polynomials
pub permutation_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>, pub permutation_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>,
/// The preprocessed identity polynomials
pub id_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>,
/// The preprocessed selector polynomials /// The preprocessed selector polynomials
pub selector_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>, pub selector_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>,
/// Commitments to the preprocessed selector polynomials /// Commitments to the preprocessed selector polynomials
pub selector_commitments: Vec<PCS::Commitment>, pub selector_commitments: Vec<PCS::Commitment>,
/// Commitments to the preprocessed permutation polynomials /// Commitments to the preprocessed permutation polynomials
pub permutation_commitments: Vec<PCS::Commitment>, pub permutation_commitments: Vec<PCS::Commitment>,
/// Commitments to the preprocessed identity polynomials
pub id_commitments: Vec<PCS::Commitment>,
/// The parameters for PCS commitment /// The parameters for PCS commitment
pub pcs_param: PCS::ProverParam, pub pcs_param: PCS::ProverParam,
} }
@ -135,6 +151,4 @@ pub struct HyperPlonkVerifyingKey
pub selector_commitments: Vec<PCS::Commitment>, pub selector_commitments: Vec<PCS::Commitment>,
/// Permutation oracles' commitments /// Permutation oracles' commitments
pub perm_commitments: Vec<PCS::Commitment>, pub perm_commitments: Vec<PCS::Commitment>,
/// Commitments to the preprocessed identity polynomials
pub id_commitments: Vec<PCS::Commitment>,
} }

+ 9
- 4
subroutines/src/pcs/multilinear_kzg/batching.rs
View File

@ -14,7 +14,8 @@ use crate::{
IOPProof, IOPProof,
}; };
use arithmetic::{build_eq_x_r_vec, DenseMultilinearExtension, VPAuxInfo, VirtualPolynomial}; use arithmetic::{build_eq_x_r_vec, DenseMultilinearExtension, VPAuxInfo, VirtualPolynomial};
use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ec::{msm::VariableBaseMSM, PairingEngine, ProjectiveCurve};
use ark_ff::PrimeField;
use ark_std::{end_timer, log2, start_timer, One, Zero}; use ark_std::{end_timer, log2, start_timer, One, Zero};
use std::{marker::PhantomData, rc::Rc}; use std::{marker::PhantomData, rc::Rc};
use transcript::IOPTranscript; use transcript::IOPTranscript;
@ -189,15 +190,19 @@ where
let a2 = &proof.sum_check_proof.point[..num_var]; let a2 = &proof.sum_check_proof.point[..num_var];
// build g' commitment // build g' commitment
let step = start_timer!(|| "build homomorphic commitment");
let eq_t_list = build_eq_x_r_vec(t.as_ref())?; let eq_t_list = build_eq_x_r_vec(t.as_ref())?;
let mut g_prime_commit = E::G1Affine::zero().into_projective();
let mut scalars = vec![];
let mut bases = vec![];
for (i, point) in points.iter().enumerate() { for (i, point) in points.iter().enumerate() {
let eq_i_a2 = eq_eval(a2, point)?; let eq_i_a2 = eq_eval(a2, point)?;
let tmp = eq_i_a2 * eq_t_list[i];
g_prime_commit += &f_i_commitments[i].0.mul(tmp);
scalars.push((eq_i_a2 * eq_t_list[i]).into_repr());
bases.push(f_i_commitments[i].0);
} }
let g_prime_commit = VariableBaseMSM::multi_scalar_mul(&bases, &scalars);
end_timer!(step);
// ensure \sum_i eq(t, <i>) * f_i_evals matches the sum via SumCheck // ensure \sum_i eq(t, <i>) * f_i_evals matches the sum via SumCheck
let mut sum = E::Fr::zero(); let mut sum = E::Fr::zero();

Write Preview
Loading…
Cancel
Save