Optimize Lagrange calculation and recalculate H powers length

6 years ago · 6068572655
5 changed files with 68 additions and 9 deletions
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "zksnark",
  "version": "0.0.4",
  "version": "0.0.5",
  "description": "zkSnark implementation in javascript",
  "main": "index.js",
  "scripts": {
--- a/src/prover.js
+++ b/src/prover.js
@ -95,7 +95,7 @@ module.exports = function genProof(vk_proof, witness) {

    const h = PolF.div(polFull, vk_proof.polZ );

    console.log(h.length + "/" + vk_proof.hExps.length);
    //    console.log(h.length + "/" + vk_proof.hExps.length);

    for (let i = 0; i < h.length; i++) {
        proof.pi_h = G1.add( proof.pi_h, G1.mulScalar( vk_proof.hExps[i], h[i]));
--- a/src/setup.js
+++ b/src/setup.js
@ -54,6 +54,7 @@ module.exports = function setup(circuit) {
 function calculatePolynomials(setup, circuit) {
    // Calculate the points that must cross each polynomial

 /*
    setup.toxic.aExtra = [];
    setup.toxic.bExtra = [];
    setup.toxic.cExtra = [];
@ -74,8 +75,8 @@ function calculatePolynomials(setup, circuit) {
        setup.toxic.bExtra[s] = F.random();
        setup.toxic.cExtra[s] = F.random();
        aPoints[s].push([[bigInt(circuit.nConstraints), F.one], [setup.toxic.aExtra[s], F.one]]);
        bPoints[s].push([[bigInt(circuit.nConstraints), F.one], [setup.toxic.aExtra[s], F.one]]);
        cPoints[s].push([[bigInt(circuit.nConstraints), F.one], [setup.toxic.aExtra[s], F.one]]);
        bPoints[s].push([[bigInt(circuit.nConstraints), F.one], [setup.toxic.bExtra[s], F.one]]);
        cPoints[s].push([[bigInt(circuit.nConstraints), F.one], [setup.toxic.cExtra[s], F.one]]);
    }

    // Calculate the polynomials using Lagrange
@ -93,6 +94,64 @@ function calculatePolynomials(setup, circuit) {
        setup.vk_proof.polsC.push( unrat(pC) );

    }
 */

    setup.toxic.aExtra = [];
    setup.toxic.bExtra = [];
    setup.toxic.cExtra = [];

    let allZerosPol = [bigInt(1)];

    for (let c=0; c<=circuit.nConstraints; c++) {
        allZerosPol = PolF.mul(allZerosPol, [F.neg(bigInt(c)), F.one]);
    }

    setup.vk_proof.polsA = [];
    setup.vk_proof.polsB = [];
    setup.vk_proof.polsC = [];
    for (let s = 0; s<circuit.nVars; s++) {
        setup.vk_proof.polsA.push([]);
        setup.vk_proof.polsB.push([]);
        setup.vk_proof.polsC.push([]);
    }

    for (let c=0; c<circuit.nConstraints; c++) {
        const mpol = PolF.ruffini(allZerosPol, bigInt(c));
        const normalizer = PolF.F.inverse(PolF.eval(mpol, bigInt(c)));
        for (let s = 0; s<circuit.nVars; s++) {
            const factorA = PolF.F.mul(normalizer, circuit.a(c, s));
            const spolA = PolF.mulScalar(mpol, factorA);
            setup.vk_proof.polsA[s] = PolF.add(setup.vk_proof.polsA[s], spolA);

            const factorB = PolF.F.mul(normalizer, circuit.b(c, s));
            const spolB = PolF.mulScalar(mpol, factorB);
            setup.vk_proof.polsB[s] = PolF.add(setup.vk_proof.polsB[s], spolB);

            const factorC = PolF.F.mul(normalizer, circuit.c(c, s));
            const spolC = PolF.mulScalar(mpol, factorC);
            setup.vk_proof.polsC[s] = PolF.add(setup.vk_proof.polsC[s], spolC);
        }
    }
    const mpol = PolF.ruffini(allZerosPol, bigInt(circuit.nConstraints));
    const normalizer = PolF.F.inverse(PolF.eval(mpol, bigInt(circuit.nConstraints)));
    for (let s = 0; s<circuit.nVars; s++) {
        setup.toxic.aExtra[s] = F.random();
        const factorA = PolF.F.mul(normalizer, setup.toxic.aExtra[s]);
        const spolA = PolF.mulScalar(mpol, factorA);
        setup.vk_proof.polsA[s] = PolF.add(setup.vk_proof.polsA[s], spolA);

        setup.toxic.bExtra[s] = F.random();
        const factorB = PolF.F.mul(normalizer, setup.toxic.bExtra[s]);
        const spolB = PolF.mulScalar(mpol, factorB);
        setup.vk_proof.polsB[s] = PolF.add(setup.vk_proof.polsB[s], spolB);

        setup.toxic.cExtra[s] = F.random();
        const factorC = PolF.F.mul(normalizer, setup.toxic.cExtra[s]);
        const spolC = PolF.mulScalar(mpol, factorC);
        setup.vk_proof.polsC[s] = PolF.add(setup.vk_proof.polsC[s], spolC);
    }



    // Calculate Z polynomial
    // Z = 1
@ -193,7 +252,7 @@ function calculateHexps(setup, circuit) {
        maxC = Math.max(maxC, setup.vk_proof.polsC[s].length);
    }

    let maxFull = Math.max(maxA * maxB - 1, maxC);
    let maxFull = Math.max(maxA + maxB - 1, maxC);

    const maxH = maxFull - setup.vk_proof.polZ.length + 1;

@ -205,7 +264,7 @@ function calculateHexps(setup, circuit) {
        eT = F.mul(eT, setup.toxic.t);
    }
 }

 /*
 function unrat(p) {
    const res = new Array(p.length);
    for (let i=0; i<p.length; i++) {
@ -213,4 +272,4 @@ function unrat(p) {
    }
    return res;
 }

 */
--- a/vk_proof.json
+++ b/vk_proof.json
--- a/vk_verifier.json
+++ b/vk_verifier.json
@ -1 +1 @@
 {"nPublic":2,"A":[["7559813907775723910670319421928739634379937035892657657562479304265059086780","970960312695840147348504079795243376479803119482361867814374144094546957508","1"],["6973738609394859571398416156724493442033611890199277059249583291969417717849","3566359670559241499529101146674872093352640304889544678479415554439250149453","1"],["917696927483309689117074878224833164515430647966986490907621758137336830083","9785459660648352808157967203734173436836921183818082159560695948453336354107","1"]],"vk_a":[["14173322464222160748867825178553686053742177877199697197001753437846780322574","20929520998793141284734486851428954593918465263669466084818841775936957034700"],["12459132747044835077513637640609148094697658877114211454408567071334700110100","16497576268193395686080258584782429839073278395044680422229545733004220296143"],["1","0"]],"vk_b":["5054885722739272954661509195093773675818509566706746284511706586413060821448","9774934244703224067043544536075788704669138609703398536138463247802074148524","1"],"vk_c":[["21263505884594647802386794908896323519340619724437148822939927895407972021389","7354903322601286413990407706248837003750855485687253449610737919361487248296"],["14355381479112554907026745395820596069065373225865392322686666867582915335036","12762193123590326915235274102717931734657214301290947368796282990655826008450"],["1","0"]],"vk_gb_1":["8625647618648544361404193953333806597571991012817697513442939891453840508913","15330443152542054691454091701138661594215090976943419833484524346078268723484","1"],"vk_gb_2":[["12099899901013584654324512573082695366371599717431790594016098502204090222111","12535588892984112335163393703775266665605315636122229419358636994263960191261"],["15509629249244637815294561938176289971187499438084139112275639204023705550096","12197041279414775684771566991909284859152386473146541423102298811918761766203"],["1","0"]],"vk_g":[["13260250285752060017351578376881818620651573656520442907886598252210817074973","20954865159283819473112404503935266627608151337368912124833828220647750820493"],["4187445456319188311291966543590362043291114872169107461963560060304097806675","6444096450444458337845188957170338911350159715030565564473115266155745351252"],["1","0"]],"vk_z":[["10641310987945237968514444777640652268453932722894250096723040386697198963159","12428630308125323684574621578475712350731714696274595115927889300003835126922"],["11267801154937225428272884612886816176035757554631982377376923514790062493058","18302653587396410799110456472651661669828795411757501774008089457234683583568"],["1","0"]]}
 {"nPublic":2,"A":[["8869480890407400540469055963359590507987597393199097673027091987650264364061","5571907540423363476841022818006679599665853137083440200184777102165277098817","1"],["6633468076564780863514337919192698659670454271838273855072390679308886530310","429493619176981385766703804751832373350001551268095165774411888948969491950","1"],["19426274234765689814302294909820181848270118587988082067156950064905560926931","1695477578673085121076028646361009269587800426136069029657833948839317064337","1"]],"vk_a":[["9558065993096722619194348013003368448455409149209998185448725231242350559037","13239868567274065766518626919165092515693823482301378347535196751087568534444"],["15755283830213584683068171246338843258532229236358958552014038612487929896062","3153284277012109552592951624813624632174752658107256746771368513013038228043"],["1","0"]],"vk_b":["17354262195547823174876699589198990688681878796536601531562937007514516671853","7162052175129872674271805560925971314168271233337491952757123238320537067879","1"],"vk_c":[["7693684659995323340441116715427481225095994411375752825539273279038259454951","10648716232561230073794574427969376323946394300393013505624550867362612174214"],["11734707860058618049534410500192734768105180910065417858398014404265709352271","21506229572548609231162936645658298292512149586246110033845868713358599629278"],["1","0"]],"vk_gb_1":["15199098438219395704649974705700501004072202950326097683120792370668183201506","13299363141613092755383156216642793279087604636332222643379319320134567293629","1"],"vk_gb_2":[["2495211911722558402361816493871854939721351321264743350228722750619762019851","11072264826888167640230080860242406855142747886036602311071889683947024413374"],["1870380426396851921468082138410047376113205220686247333524259418069006545584","5795709345107136167474523802037689880174609756763741663153027030192574284600"],["1","0"]],"vk_g":[["16502879486405452648347881982387306429485452949136993847302940683378115949680","21851496291674945989844013109262365122606457776299303431809616926117687307476"],["19775694068609122229399084459362866576707393855951866590081960512562438426082","4788247667758387200027229334961625040838388285858126172643675111850793702743"],["1","0"]],"vk_z":[["13149164608723998054087483988287670870065310147853196434398655904923682722297","13041349085808911888919639829378875740211950179957717170427958580861863453491"],["11051209221709485835318728113780202233394218312574766047108621841112894950486","6100918243225388259690002723108589237985714117354432529032595467352126024985"],["1","0"]]}