arnaucube
/
hyperplonk
mirror of https://github.com/arnaucube/hyperplonk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

hyperplonk PolyIOP sketch (#36)

main
chancharles92 2 years ago
committed by GitHub
parent
d41a0cf623
commit
88d0ee89ef
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 163 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +128
    -0
      poly-iop/src/hyperplonk/mod.rs
  2. +2
    -0
      poly-iop/src/lib.rs
  3. +30
    -0
      poly-iop/src/perm_check/mod.rs
  4. +3
    -0
      poly-iop/src/perm_check/util.rs

+ 128
- 0
poly-iop/src/hyperplonk/mod.rs
View File

@ -0,0 +1,128 @@
//! Main module for the HyperPlonk PolyIOP.
use crate::{
errors::PolyIOPErrors, perm_check::PermutationCheck, transcript::IOPTranscript,
zero_check::ZeroCheck,
};
use ark_ff::PrimeField;
use ark_poly::DenseMultilinearExtension;
use std::rc::Rc;
/// A trait for HyperPlonk Poly-IOPs
pub trait HyperPlonkPIOP<F: PrimeField> {
type Parameters;
type ProvingKey;
type Proof;
type SubClaim;
/// Generate the preprocessed polynomials output by the indexer.
///
/// Inputs:
/// - `params`: HyperPlonk instance parameters
/// - `permutation`: the permutation for the copy constraints
/// - `selectors`: the list of selector vectors for custom gates
/// Outputs:
/// - The HyperPlonk proving key, which includes the preprocessed
/// polynomials.
fn preprocess(
params: &Self::Parameters,
permutation: &[F],
selectors: &[&[F]],
) -> Result<Self::ProvingKey, PolyIOPErrors>;
/// Generate HyperPlonk PIOP proof.
///
/// Inputs:
/// - `pk`: circuit proving key
/// - `pub_input`: online public input
/// - `witness`: witness assignement
/// - `transcript`: the transcript used for generating pseudorandom
/// challenges
/// Outputs:
/// - The HyperPlonk PIOP proof.
fn prove(
pk: &Self::ProvingKey,
pub_input: &[F],
witness: &[&[F]],
transcript: &mut IOPTranscript<F>,
) -> Result<Self::Proof, PolyIOPErrors>;
/// Verify the HyperPlonk proof and generate the evaluation subclaims to be
/// checked later by the SNARK verifier.
///
/// Inputs:
/// - `params`: instance parameter
/// - `pub_input`: online public input
/// - `proof`: HyperPlonk PIOP proof
/// - `transcript`: the transcript used for generating pseudorandom
/// challenges
/// Outputs:
/// - Return error if the verification fails, otherwise return the
/// evaluation subclaim
fn verify(
params: &Self::Parameters,
pub_input: &[F],
proof: &Self::Proof,
transcript: &mut IOPTranscript<F>,
) -> Result<Self::SubClaim, PolyIOPErrors>;
}
/// The sub-claim for the HyperPlonk PolyIOP, consists of the following:
/// - the SubClaim for the zero-check PIOP
/// - the SubClaim for the permutation-check PIOP
/// - the SubClaim for public input consistency
#[derive(Clone, Debug, Default, PartialEq)]
pub struct HyperPlonkSubClaim<F: PrimeField, ZC: ZeroCheck<F>, PC: PermutationCheck<F>> {
/// the SubClaim for the custom gate zerocheck
pub zero_check_sub_claim: ZC::ZeroCheckSubClaim,
/// the SubClaim for the permutation check
pub perm_check_sub_claim: PC::PermutationCheckSubClaim,
/// the public input consistency check
pub pub_input_sub_claim: (Vec<F>, F), // (point, expected_eval)
}
/// The proof for the HyperPlonk PolyIOP, consists of the following:
/// - the zero-check proof for checking custom gate-satisfiability
/// - the permutation-check proof for checking the copy constraints
#[derive(Clone, Debug, Default, PartialEq)]
pub struct HyperPlonkProof<F: PrimeField, ZC: ZeroCheck<F>, PC: PermutationCheck<F>> {
/// the custom gate zerocheck proof
pub zero_check_proof: ZC::Proof,
/// the permutation check proof for copy constraints
pub perm_check_proof: PC::Proof,
}
/// The HyperPlonk instance parameters, consists of the following:
/// - the number of variables in the poly-IOP
/// - binary log of the number of public input variables
/// - binary log of the number of selectors
/// - binary log of the number of witness wires
/// - the customized gate function
#[derive(Clone, Debug, Default, PartialEq)]
pub struct HyperPlonkParams {
/// the number of variables in polys
pub nv: usize,
/// binary log of the public input length
pub log_pub_input_len: usize,
// binary log of the number of selectors
pub log_n_selectors: usize,
/// binary log of the number of witness wires
pub log_n_wires: usize,
/// customized gate function
// TODO: define a struct for it.
pub gate_func: Vec<Vec<usize>>,
}
/// The HyperPlonk proving key, consists of the following:
/// - the hyperplonk instance parameters
/// - the preprocessed polynomials output by the indexer
#[derive(Clone, Debug, Default, PartialEq)]
pub struct HyperPlonkProvingKey<F: PrimeField> {
/// hyperplonk instance parameters
pub params: HyperPlonkParams,
/// the preprocessed index polynomials
pub index_oracles: Vec<Rc<DenseMultilinearExtension<F>>>,
}
#[cfg(test)]
mod test {}

+ 2
- 0
poly-iop/src/lib.rs
View File

@ -2,6 +2,7 @@ use ark_ff::PrimeField;
use std::marker::PhantomData;
mod errors;
mod hyperplonk;
mod perm_check;
mod structs;
mod sum_check;
@ -11,6 +12,7 @@ mod virtual_poly;
mod zero_check;
pub use errors::PolyIOPErrors;
pub use hyperplonk::HyperPlonkPIOP;
pub use perm_check::{
util::{identity_permutation_mle, random_permutation_mle},
PermutationCheck,

+ 30
- 0
poly-iop/src/perm_check/mod.rs
View File

@ -31,6 +31,18 @@ pub trait PermutationCheck: ZeroCheck {
type PermutationCheckSubClaim;
type PermutationChallenge;
/// Generate the preprocessed polynomial for the permutation check.
///
/// The algorithm takes as input a permutation and outputs a merged
/// multilinear polynomial s(X0, X1, ..., Xn) such that
/// - s(0, X1, ..., Xn) = s_id(X1, ..., Xn) (identity permutation
/// polynomial)
/// - s(1, X1, ..., Xn) = s_perm(X1, ..., Xn) (permutation polynomial)
fn preprocess(
permutation: &[F],
aux_info: &Self::VPAuxInfo,
) -> Result<DenseMultilinearExtension<F>, PolyIOPErrors>;
/// Initialize the system with a transcript
///
/// This function is optional -- in the case where a PermutationCheck is
@ -81,6 +93,8 @@ pub trait PermutationCheck: ZeroCheck {
///
/// The caller needs to check num_vars matches in f/g/s_id/s_perm
/// Cost: linear in N.
///
/// TODO: replace argument `s_perm` with the merged polynomial `s`.
fn compute_products(
challenge: &Self::PermutationChallenge,
fx: &DenseMultilinearExtension<F>,
@ -162,6 +176,20 @@ impl PermutationCheck for PolyIOP {
type PermutationChallenge = PermutationChallenge<F>;
/// Generate the preprocessed polynomial for the permutation check.
///
/// The algorithm takes as input a permutation and outputs a merged
/// multilinear polynomial s(X0, X1, ..., Xn) such that
/// - s(0, X1, ..., Xn) = s_id(X1, ..., Xn) (identity permutation
/// polynomial)
/// - s(1, X1, ..., Xn) = s_perm(X1, ..., Xn) (permutation polynomial)
fn preprocess(
_permutation: &[F],
_aux_info: &Self::VPAuxInfo,
) -> Result<DenseMultilinearExtension<F>, PolyIOPErrors> {
unimplemented!();
}
/// Initialize the system with a transcript
///
/// This function is optional -- in the case where a PermutationCheck is
@ -229,6 +257,8 @@ impl PermutationCheck for PolyIOP {
///
/// The caller needs to check num_vars matches in f/g/s_id/s_perm
/// Cost: linear in N.
///
/// TODO: replace argument `s_perm` with the merged polynomial `s`.
fn compute_products(
challenge: &Self::PermutationChallenge,
fx: &DenseMultilinearExtension<F>,

+ 3
- 0
poly-iop/src/perm_check/util.rs
View File

@ -25,6 +25,8 @@ use ark_std::{end_timer, rand::RngCore, start_timer};
///
/// The caller needs to check num_vars matches in f/g/s_id/s_perm
/// Cost: linear in N.
///
/// TODO: replace `s_perm` with the merged poly `s`.
#[allow(clippy::type_complexity)]
pub(super) fn compute_prod_0<F: PrimeField>(
beta: &F,
@ -47,6 +49,7 @@ pub(super) fn compute_prod_0(
let mut numerator_evals = vec![];
let mut denominator_evals = vec![];
// TODO: remove this line after replacing `s_perm` with `s`.
let s_id = identity_permutation_mle::<F>(num_vars);
for (&fi, (&gi, (&s_id_i, &s_perm_i))) in

Write Preview
Loading…
Cancel
Save