arnaucube/nova-study
1
0
Fork 0
mirror of https://github.com/arnaucube/nova-study.git synced 2026-01-09 23:51:29 +01:00
Code Issues Projects Releases Wiki Activity

hypernova-study: start multifolding scheme

Browse Source
This commit is contained in:
arnaucube
2023-05-21 23:43:41 +02:00
parent 26099a0676
commit 654c216200
6 changed files with 295 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/hypernova/README.md Normal file
View File

@@ -0,0 +1,5 @@
### hypernova-study
https://eprint.iacr.org/2023/573.pdf
> Warning: Implementation just to learn the internals of HyperNova. Do not use.

16
src/hypernova/ccs.rs
View File

@@ -4,14 +4,14 @@ use crate::nifs::R1CS;
use crate::utils::{hadamard_product, matrix_vector_product, vec_add, vector_elem_product}; use crate::utils::{hadamard_product, matrix_vector_product, vec_add, vector_elem_product};
pub struct CCS<F: PrimeField> { pub struct CCS<F: PrimeField> {
m: usize, pub m: usize,
n: usize, pub n: usize,
t: usize, pub t: usize,
q: usize, pub q: usize,
d: usize, pub d: usize,
S: Vec<Vec<usize>>, pub S: Vec<Vec<usize>>,
c: Vec<F>, pub c: Vec<F>,
M: Vec<Vec<Vec<F>>>, pub M: Vec<Vec<Vec<F>>>,
} }
impl<F: PrimeField> R1CS<F> { impl<F: PrimeField> R1CS<F> {

2
src/hypernova/mod.rs
View File

@@ -1 +1,3 @@
pub mod ccs; pub mod ccs;
pub mod multifolding;
pub mod sumcheck;

198
src/hypernova/multifolding.rs Normal file
View File

@@ -0,0 +1,198 @@
use ark_crypto_primitives::sponge::{poseidon::PoseidonConfig, Absorb};
use ark_ec::{CurveGroup, Group};
use ark_ff::fields::PrimeField;
use ark_poly::{
evaluations::multivariate::multilinear::{MultilinearExtension, SparseMultilinearExtension},
multivariate::{SparsePolynomial, SparseTerm, Term},
univariate::DensePolynomial,
DenseMVPolynomial, DenseUVPolynomial, Polynomial,
};
use ark_std::log2;
use std::marker::PhantomData;
use crate::hypernova::ccs::CCS;
use crate::hypernova::sumcheck::{Point, SumCheck};
use crate::pedersen::Commitment;
use crate::transcript::Transcript;
use ark_std::{One, Zero};
// Committed CCS instance
pub struct CCCS<C: CurveGroup> {
C: Commitment<C>,
x: Vec<C::ScalarField>,
}
// Linearized Committed CCS instance
pub struct LCCCS<C: CurveGroup> {
C: Commitment<C>,
u: C::ScalarField,
x: Vec<C::ScalarField>,
r: Vec<C::ScalarField>,
v: Vec<C::ScalarField>,
}
// NIMFS: Non Interactive Multifolding Scheme
pub struct NIMFS<C: CurveGroup> {
_c: PhantomData<C>,
}
impl<C: CurveGroup> NIMFS<C>
where
<C as Group>::ScalarField: Absorb,
<C as CurveGroup>::BaseField: Absorb,
{
// proof method folds and returns the proof of the multifolding
pub fn proof(
tr: &mut Transcript<C::ScalarField, C>,
poseidon_config: &PoseidonConfig<C::ScalarField>,
ccs: CCS<C::ScalarField>,
lcccs: LCCCS<C>,
cccs: CCCS<C>,
z1: Vec<C::ScalarField>,
z2: Vec<C::ScalarField>,
) -> LCCCS<C> {
let s = log2(ccs.m) as usize; // s
let s_ = log2(ccs.n) as usize; // s'
let gamma = tr.get_challenge();
let beta = tr.get_challenge_vec(s);
// get MLE of M_i
let mut MLEs: Vec<SparseMultilinearExtension<C::ScalarField>> = Vec::new();
let n_vars = (s + s_) as usize;
for i in 0..ccs.M.len() {
let M_i_MLE = matrix_to_mle(n_vars, ccs.m, ccs.n, &ccs.M[i]);
MLEs.push(M_i_MLE);
}
// get MLE of z1 & z2
let z1_MLE = vector_to_mle(s_, ccs.n, z1);
let z2_MLE = vector_to_mle(s_, ccs.n, z2);
// compute Lj = eq(r_x,x) * \sum Mj * z1
let mut Lj_evals: Vec<(usize, C::ScalarField)> = Vec::new();
for i in 0..s_ {}
// compute Q = eq(beta, x) * ( \sum c_i * \prod( \sum Mj * z1 ) )
// compute g
// let g: SparsePolynomial<C::ScalarField, SparseTerm>;
// let proof = SC::<C>::prove(&poseidon_config, g);
// fold C, u, x, v, w
unimplemented!();
}
}
fn matrix_to_mle<F: PrimeField>(
n_vars: usize, // log2(m) + log2(n)
m: usize,
n: usize,
M: &Vec<Vec<F>>,
) -> SparseMultilinearExtension<F> {
let mut M_evals: Vec<(usize, F)> = Vec::new();
for i in 0..m {
for j in 0..n {
if !M[i][j].is_zero() {
M_evals.push((i * n + j, M[i][j]));
}
}
}
SparseMultilinearExtension::<F>::from_evaluations(n_vars, M_evals.iter())
}
fn vector_to_mle<F: PrimeField>(s: usize, n: usize, z: Vec<F>) -> SparseMultilinearExtension<F> {
let mut z_evals: Vec<(usize, F)> = Vec::new();
for i in 0..n {
if !z[i].is_zero() {
z_evals.push((i, z[i]));
}
}
SparseMultilinearExtension::<F>::from_evaluations(s, z_evals.iter())
}
type SC<C: CurveGroup> = SumCheck<
C::ScalarField,
C,
DensePolynomial<C::ScalarField>,
SparsePolynomial<C::ScalarField, SparseTerm>,
>;
#[cfg(test)]
mod tests {
use super::*;
use crate::transcript::poseidon_test_config;
use ark_mnt4_298::{Fr, G1Projective};
use ark_std::One;
use ark_std::UniformRand;
use crate::nifs::gen_test_values;
type P = Point<Fr>;
#[test]
fn test_cccs_mles() {
let (r1cs, ws, _) = gen_test_values(2);
let z1: Vec<Fr> = ws[0].clone();
println!("z1 {:?}", z1);
let ccs = r1cs.to_ccs();
let s = log2(ccs.m) as usize; // s
let s_ = log2(ccs.n) as usize; // s'
let pow_s_ = (2 as usize).pow(s_ as u32);
let mut M_MLEs: Vec<SparseMultilinearExtension<Fr>> = Vec::new();
let n_vars = (s + s_) as usize;
for i in 0..ccs.M.len() {
let M_i_MLE = matrix_to_mle(n_vars, ccs.m, ccs.n, &ccs.M[i]);
println!("i:{}, M_i_mle: {:?}", i, M_i_MLE);
M_MLEs.push(M_i_MLE);
}
let z1_MLE = vector_to_mle(s_, ccs.n, z1);
println!("z1_MLE: {:?}", z1_MLE);
let beta = Point::<Fr>::point_normal(s, 2); // imagine that this comes from random
println!("beta: {:?}", beta);
// check Committed CCS relation
let mut r: Fr = Fr::zero();
for i in 0..ccs.q {
let mut prod_res = Fr::one();
// for j in 0..ccs.S.len() {
for j in ccs.S[i].clone() {
let mut Mj_z_eval = Fr::zero();
// for k in 0..s_ {
// over the boolean hypercube un s' vars, but only the combinations that lead to
// some non-zero z()
for k in 0..ccs.n {
// over the whole boolean hypercube on s' vars
// for k in 0..pow_s_ {
let point_in_s_ = Point::<Fr>::point_normal(s_, k);
// println!("point_in_s {:?}", point_in_s_);
let z_eval = z1_MLE.evaluate(&point_in_s_).unwrap();
// println!(" ===================================z_eval {:?}", z_eval);
// let point_in_s_plus_s_ = Point::<Fr>::point_complete(beta.clone(), s + s_, k);
let mut point_in_s_plus_s_ = Point::<Fr>::point_normal(s_, k);
point_in_s_plus_s_.append(&mut beta.clone());
// println!("point_in_s_plus_s_ {:?}", point_in_s_plus_s_);
// println!("j: {}, Mj {:?}", j, M_MLEs[j]);
let Mj_eval = M_MLEs[j].evaluate(&point_in_s_plus_s_).unwrap();
if Mj_eval * z_eval != Fr::zero() {
println!(" j: {}, Mj_eval {:?}", j, Mj_eval);
println!(" z_eval {:?}", z_eval);
println!(" =(Mj*z)_eval {:?}", Mj_eval * z_eval);
}
Mj_z_eval += Mj_eval * z_eval;
}
println!("j: {}, {:?}\n", j, Mj_z_eval);
prod_res += Mj_z_eval;
}
println!("i:{}, c: {:?}, {:?}\n", i, ccs.c[i], prod_res);
r += ccs.c[i] * prod_res;
}
println!("r {:?}", r);
// assert!(r.is_zero());
}
}

135
src/sumcheck.rs → src/hypernova/sumcheck.rs
View File

@@ -14,6 +14,59 @@ use ark_crypto_primitives::sponge::{poseidon::PoseidonConfig, Absorb};
use crate::transcript::Transcript; use crate::transcript::Transcript;
pub struct Point<F: PrimeField> {
_f: PhantomData<F>,
}
impl<F: PrimeField> Point<F> {
pub fn point_normal(n_elems: usize, iter_num: usize) -> Vec<F> {
let p = Self::point(vec![], false, n_elems, iter_num);
let mut r = vec![F::zero(); n_elems];
for i in 0..n_elems {
r[i] = p[i].unwrap();
}
r
}
pub fn point_complete(challenges: Vec<F>, n_elems: usize, iter_num: usize) -> Vec<F> {
let p = Self::point(challenges, false, n_elems, iter_num);
let mut r = vec![F::zero(); n_elems];
for i in 0..n_elems {
r[i] = p[i].unwrap();
}
r
}
fn point(challenges: Vec<F>, none: bool, n_elems: usize, iter_num: usize) -> Vec<Option<F>> {
let mut n_vars = n_elems - challenges.len();
assert!(n_vars >= log2(iter_num + 1) as usize);
if none {
// WIP
if n_vars == 0 {
panic!("err"); // or return directly challenges vector
}
n_vars -= 1;
}
let none_pos = if none {
challenges.len() + 1
} else {
challenges.len()
};
let mut p: Vec<Option<F>> = vec![None; n_elems];
for i in 0..challenges.len() {
p[i] = Some(challenges[i]);
}
for i in 0..n_vars {
let k = F::from(iter_num as u64).into_bigint().to_bytes_le();
let bit = k[i / 8] & (1 << (i % 8));
if bit == 0 {
p[none_pos + i] = Some(F::zero());
} else {
p[none_pos + i] = Some(F::one());
}
}
p
}
}
pub struct SumCheck< pub struct SumCheck<
F: PrimeField + Absorb, F: PrimeField + Absorb,
C: CurveGroup, C: CurveGroup,
@@ -84,46 +137,6 @@ where
UV::from_coefficients_vec(univ_coeffs) UV::from_coefficients_vec(univ_coeffs)
} }
fn point_complete(challenges: Vec<F>, n_elems: usize, iter_num: usize) -> Vec<F> {
let p = Self::point(challenges, false, n_elems, iter_num);
let mut r = vec![F::zero(); n_elems];
for i in 0..n_elems {
r[i] = p[i].unwrap();
}
r
}
fn point(challenges: Vec<F>, none: bool, n_elems: usize, iter_num: usize) -> Vec<Option<F>> {
let mut n_vars = n_elems - challenges.len();
assert!(n_vars >= log2(iter_num + 1) as usize);
if none {
// WIP
if n_vars == 0 {
panic!("err"); // or return directly challenges vector
}
n_vars -= 1;
}
let none_pos = if none {
challenges.len() + 1
} else {
challenges.len()
};
let mut p: Vec<Option<F>> = vec![None; n_elems];
for i in 0..challenges.len() {
p[i] = Some(challenges[i]);
}
for i in 0..n_vars {
let k = F::from(iter_num as u64).into_bigint().to_bytes_le();
let bit = k[i / 8] & (1 << (i % 8));
if bit == 0 {
p[none_pos + i] = Some(F::zero());
} else {
p[none_pos + i] = Some(F::one());
}
}
p
}
pub fn prove(poseidon_config: &PoseidonConfig<F>, g: MV) -> (F, Vec<UV>, F) pub fn prove(poseidon_config: &PoseidonConfig<F>, g: MV) -> (F, Vec<UV>, F)
where where
<MV as Polynomial<F>>::Point: From<Vec<F>>, <MV as Polynomial<F>>::Point: From<Vec<F>>,
@@ -133,14 +146,14 @@ where
let v = g.num_vars(); let v = g.num_vars();
// compute H // compute T
let mut H = F::zero(); let mut T = F::zero();
for i in 0..(2_u64.pow(v as u32) as usize) { for i in 0..(2_u64.pow(v as u32) as usize) {
let p = Self::point_complete(vec![], v, i); let p = Point::<F>::point_complete(vec![], v, i);
H += g.evaluate(&p.into()); T += g.evaluate(&p.into());
} }
transcript.add(&H); transcript.add(&T);
let mut ss: Vec<UV> = Vec::new(); let mut ss: Vec<UV> = Vec::new();
let mut r: Vec<F> = vec![]; let mut r: Vec<F> = vec![];
@@ -153,7 +166,7 @@ where
let mut s_i = UV::zero(); let mut s_i = UV::zero();
for j in 0..n_points { for j in 0..n_points {
let point = Self::point(r[..i].to_vec(), true, v, j); let point = Point::<F>::point(r[..i].to_vec(), true, v, j);
s_i = s_i + Self::partial_evaluate(&g, &point); s_i = s_i + Self::partial_evaluate(&g, &point);
} }
transcript.add_vec(s_i.coeffs()); transcript.add_vec(s_i.coeffs());
@@ -161,7 +174,8 @@ where
} }
let last_g_eval = g.evaluate(&r.into()); let last_g_eval = g.evaluate(&r.into());
(H, ss, last_g_eval) // ss: intermediate univariate polynomials
(T, ss, last_g_eval)
} }
pub fn verify(poseidon_config: &PoseidonConfig<F>, proof: (F, Vec<UV>, F)) -> bool { pub fn verify(poseidon_config: &PoseidonConfig<F>, proof: (F, Vec<UV>, F)) -> bool {
@@ -218,45 +232,46 @@ mod tests {
let f1 = Fr::from(1); let f1 = Fr::from(1);
let f0 = Fr::from(0); let f0 = Fr::from(0);
type SC = SumCheck<Fr, G1Projective, DensePolynomial<Fr>, SparsePolynomial<Fr, SparseTerm>>; type SC = SumCheck<Fr, G1Projective, DensePolynomial<Fr>, SparsePolynomial<Fr, SparseTerm>>;
type P = Point<Fr>;
let p = SC::point(vec![Fr::from(4_u32)], true, 5, 0); let p = P::point(vec![Fr::from(4_u32)], true, 5, 0);
assert_eq!(vec![Some(f4), None, Some(f0), Some(f0), Some(f0),], p); assert_eq!(vec![Some(f4), None, Some(f0), Some(f0), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], true, 5, 1); let p = P::point(vec![Fr::from(4_u32)], true, 5, 1);
assert_eq!(vec![Some(f4), None, Some(f1), Some(f0), Some(f0),], p); assert_eq!(vec![Some(f4), None, Some(f1), Some(f0), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], true, 5, 2); let p = P::point(vec![Fr::from(4_u32)], true, 5, 2);
assert_eq!(vec![Some(f4), None, Some(f0), Some(f1), Some(f0),], p); assert_eq!(vec![Some(f4), None, Some(f0), Some(f1), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], true, 5, 3); let p = P::point(vec![Fr::from(4_u32)], true, 5, 3);
assert_eq!(vec![Some(f4), None, Some(f1), Some(f1), Some(f0),], p); assert_eq!(vec![Some(f4), None, Some(f1), Some(f1), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], true, 5, 4); let p = P::point(vec![Fr::from(4_u32)], true, 5, 4);
assert_eq!(vec![Some(f4), None, Some(f0), Some(f0), Some(f1),], p); assert_eq!(vec![Some(f4), None, Some(f0), Some(f0), Some(f1),], p);
// without None // without None
let p = SC::point(vec![], false, 4, 0); let p = P::point(vec![], false, 4, 0);
assert_eq!(vec![Some(f0), Some(f0), Some(f0), Some(f0),], p); assert_eq!(vec![Some(f0), Some(f0), Some(f0), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], false, 5, 0); let p = P::point(vec![Fr::from(4_u32)], false, 5, 0);
assert_eq!(vec![Some(f4), Some(f0), Some(f0), Some(f0), Some(f0),], p); assert_eq!(vec![Some(f4), Some(f0), Some(f0), Some(f0), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], false, 5, 1); let p = P::point(vec![Fr::from(4_u32)], false, 5, 1);
assert_eq!(vec![Some(f4), Some(f1), Some(f0), Some(f0), Some(f0),], p); assert_eq!(vec![Some(f4), Some(f1), Some(f0), Some(f0), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], false, 5, 3); let p = P::point(vec![Fr::from(4_u32)], false, 5, 3);
assert_eq!(vec![Some(f4), Some(f1), Some(f1), Some(f0), Some(f0),], p); assert_eq!(vec![Some(f4), Some(f1), Some(f1), Some(f0), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], false, 5, 4); let p = P::point(vec![Fr::from(4_u32)], false, 5, 4);
assert_eq!(vec![Some(f4), Some(f0), Some(f0), Some(f1), Some(f0),], p); assert_eq!(vec![Some(f4), Some(f0), Some(f0), Some(f1), Some(f0),], p);
let p = SC::point(vec![Fr::from(4_u32)], false, 5, 10); let p = P::point(vec![Fr::from(4_u32)], false, 5, 10);
assert_eq!(vec![Some(f4), Some(f0), Some(f1), Some(f0), Some(f1),], p); assert_eq!(vec![Some(f4), Some(f0), Some(f1), Some(f0), Some(f1),], p);
let p = SC::point(vec![Fr::from(4_u32)], false, 5, 15); let p = P::point(vec![Fr::from(4_u32)], false, 5, 15);
assert_eq!(vec![Some(f4), Some(f1), Some(f1), Some(f1), Some(f1),], p); assert_eq!(vec![Some(f4), Some(f1), Some(f1), Some(f1), Some(f1),], p);
// let p = SC::point(vec![Fr::from(4_u32)], false, 4, 16); // TODO expect error // let p = P::point(vec![Fr::from(4_u32)], false, 4, 16); // TODO expect error
} }
#[test] #[test]

15
src/lib.rs
View File

@@ -5,13 +5,12 @@
// #![allow(unused)] // TMP // #![allow(unused)] // TMP
#![allow(dead_code)] // TMP #![allow(dead_code)] // TMP
mod circuits; pub mod circuits;
mod ivc; pub mod ivc;
mod nifs; pub mod nifs;
mod pedersen; pub mod pedersen;
mod sumcheck; pub mod transcript;
mod transcript; pub mod utils;
mod utils;
// hypernova related: // hypernova related:
mod hypernova; pub mod hypernova;