arnaucube
/
protogalaxy-poc
mirror of https://github.com/arnaucube/protogalaxy-poc.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
176 KiB
Tree: f9591ecd63
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f9591ecd63'
${ noResults }
protogalaxy-poc/README.md

80 lines
2.7 KiB
Raw Normal View History

Add README.md
1 year ago
add folding verifier impl, add last steps of folding prover (except G(X) & K(X))
1 year ago
Add README.md
1 year ago
implement K(X) & G(X) computation. Folding works - implement G(X) & K(X) computation - update e* and phi* usage of L_i(X) - extend readme.md with this commit, prover & verifier folding works, and outputed instances satisfy the relation check.
1 year ago
  1. # protogalaxy-poc
  3. Proof of concept implementation of ProtoGalaxy (https://eprint.iacr.org/2023/1106.pdf) using [arkworks](https://github.com/arkworks-rs).
  5. > Do not use in production.
  7. Thanks to [Liam Eagen](https://twitter.com/LiamEagen) and [Ariel Gabizon](https://twitter.com/rel_zeta_tech) for their kind explanations.
  9. This code has been done in the context of the research on folding schemes in [0xPARC](https://0xparc.org).
  11. ![protogalaxy img from Wikipedia](https://upload.wikimedia.org/wikipedia/commons/thumb/4/49/Stellar_Fireworks_Finale.jpg/303px-Stellar_Fireworks_Finale.jpg)
  13. (img: protogalaxies colliding, [from Wikipedia](https://en.wikipedia.org/wiki/File:Stellar_Fireworks_Finale.jpg))
  15. ## Details
  16. Implementation of ProtoGalaxy's scheme described in section 4 of the paper.
  18. Current version implements the folding on prover & verifier and it works, but it is not optimized.
  19. Next steps in terms of implementation include: F(X) O(n) construction following Claim 4.4, compute K(X) in O(kd log(kd)M + ndkC) as described in Claim 4.5, add tests folding in multiple iterations and also in a tree approach, add the decider and integrate with some existing R1CS tooling for the R1CS & witness generation.
  21. ### Usage
  23. Example of folding k+1 instances:
  24. ```rust
  25. // assume we have:
  26. // an R1CS instance 'r1cs'
  27. // a valid witness 'w' from our running instance
  28. // k valid 'witnesses' to be fold
  30. // compute the committed instance for our running witness
  31. let phi = Pedersen::<G1Projective>::commit(&pedersen_params, &witness.w, &witness.r_w);
  32. let instance = CommittedInstance::<G1Projective> {
  33. phi,
  34. betas: betas.clone(),
  35. e: Fr::zero(),
  36. };
  38. // compute the k committed instances to be fold
  39. let mut instances: Vec<CommittedInstance<G1Projective>> = Vec::new();
  40. for i in 0..k {
  41. let phi_i =
  42. Pedersen::<G1Projective>::commit(&pedersen_params, &witnesses[i].w, &witnesses[i].r_w);
  43. let instance_i = CommittedInstance::<G1Projective> {
  44. phi: phi_i,
  45. betas: betas.clone(),
  46. e: Fr::zero(),
  47. };
  48. witnesses.push(witness_i);
  49. instances.push(instance_i);
  50. }
  52. // set the initial random betas
  53. let beta = Fr::rand(&mut rng);
  54. let betas = powers_of_beta(beta, t);
  56. // Prover folds the instances and witnesses
  57. let (F_coeffs, K_coeffs, folded_instance, folded_witness) = Folding::<G1Projective>::prover(
  58. &mut transcript_p,
  59. &r1cs,
  60. instance.clone(),
  61. witness,
  62. instances.clone(),
  63. witnesses,
  64. );
  66. // verifier folds the instances
  67. let folded_instance_v = Folding::<G1Projective>::verifier(
  68. &mut transcript_v,
  69. &r1cs,
  70. instance,
  71. instances,
  72. F_coeffs,
  73. K_coeffs,
  74. );
  76. // check that the folded instance satisfies the relation
  77. assert!(check_instance(&r2cs, folded_instance, folded_witness));
  79. ```
  80. (see the actual code for more details)