arnaucube
/
math
mirror of https://github.com/arnaucube/math.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 Commits
2 Branches
0 Tags
44 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
math/ccs-r1cs.sage

112 lines
2.3 KiB
Raw Permalink Normal View History

add R1CS to CCS Sage impl (CCS: https://eprint.iacr.org/2023/552)
1 year ago
hypernova: add multifolding diagram also add some more notes to spartan
1 year ago
add R1CS to CCS Sage impl (CCS: https://eprint.iacr.org/2023/552)
1 year ago
  1. # R1CS-to-CCS (https://eprint.iacr.org/2023/552) Sage prototype
  3. # utils
  4. def matrix_vector_product(M, v):
  5. n = M.nrows()
  6. r = [F(0)] * n
  7. for i in range(0, n):
  8. for j in range(0, M.ncols()):
  9. r[i] += M[i][j] * v[j]
  10. return r
  11. def hadamard_product(a, b):
  12. n = len(a)
  13. r = [None] * n
  14. for i in range(0, n):
  15. r[i] = a[i] * b[i]
  16. return r
  17. def vec_add(a, b):
  18. n = len(a)
  19. r = [None] * n
  20. for i in range(0, n):
  21. r[i] = a[i] + b[i]
  22. return r
  23. def vec_elem_mul(a, s):
  24. r = [None] * len(a)
  25. for i in range(0, len(a)):
  26. r[i] = a[i] * s
  27. return r
  28. # end of utils
  31. # can use any finite field, using a small one for the example
  32. F = GF(101)
  34. # R1CS matrices for: x^3 + x + 5 = y (example from article
  35. # https://www.vitalik.ca/general/2016/12/10/qap.html )
  36. A = matrix([
  37. [F(0), 1, 0, 0, 0, 0],
  38. [0, 0, 0, 1, 0, 0],
  39. [0, 1, 0, 0, 1, 0],
  40. [5, 0, 0, 0, 0, 1],
  41. ])
  42. B = matrix([
  43. [F(0), 1, 0, 0, 0, 0],
  44. [0, 1, 0, 0, 0, 0],
  45. [1, 0, 0, 0, 0, 0],
  46. [1, 0, 0, 0, 0, 0],
  47. ])
  48. C = matrix([
  49. [F(0), 0, 0, 1, 0, 0],
  50. [0, 0, 0, 0, 1, 0],
  51. [0, 0, 0, 0, 0, 1],
  52. [0, 0, 1, 0, 0, 0],
  53. ])
  55. print("R1CS matrices:")
  56. print("A:", A)
  57. print("B:", B)
  58. print("C:", C)
  61. z = [F(1), 3, 35, 9, 27, 30]
  62. print("z:", z)
  64. assert len(z) == A.ncols()
  66. n = A.ncols() # == len(z)
  67. m = A.nrows()
  68. # l = len(io) # not used for now
  70. # check R1CS relation
  71. Az = matrix_vector_product(A, z)
  72. Bz = matrix_vector_product(B, z)
  73. Cz = matrix_vector_product(C, z)
  74. print("\nR1CS relation check (Az ∘ Bz == Cz):", hadamard_product(Az, Bz) == Cz)
  75. assert hadamard_product(Az, Bz) == Cz
  78. # Translate R1CS into CCS:
  79. print("\ntranslate R1CS into CCS:")
  81. # fixed parameters (and n, m, l are direct from R1CS)
  82. t=3
  83. q=2
  84. d=2
  85. S1=[0,1]
  86. S2=[2]
  87. S = [S1, S2]
  88. c0=1
  89. c1=-1
  90. c = [c0, c1]
  92. M = [A, B, C]
  94. print("CCS values:")
  95. print("n: %s, m: %s, t: %s, q: %s, d: %s" % (n, m, t, q, d))
  96. print("M:", M)
  97. print("z:", z)
  98. print("S:", S)
  99. print("c:", c)
  101. # check CCS relation (this is agnostic to R1CS, for any CCS instance)
  102. r = [F(0)] * m
  103. for i in range(0, q):
  104. hadamard_output = [F(1)]*m
  105. for j in S[i]:
  106. hadamard_output = hadamard_product(hadamard_output,
  107. matrix_vector_product(M[j], z))
  109. r = vec_add(r, vec_elem_mul(hadamard_output, c[i]))
  111. print("\nCCS relation check (∑ cᵢ ⋅ ◯ Mⱼ z == 0):", r == [0]*m)
  112. assert r == [0]*m