arnaucube/sonobe
1
1
Fork 0
mirror of https://github.com/arnaucube/sonobe.git synced 2026-01-23 20:43:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add IPA commitment scheme and the respective circuit verifier gadget (#72)

Browse Source 
* Add IPA commitment native implementation

* Add IPA Gadget verifier

* polish Pedersen & IPA, add blind bool param to IPA

* Optimize IPA gadget constraints (and native):

- optimize <s,b> computation from linear to log time
- optimize s computation from k*2^k to k*(2^k)/2

* add small optimization: delegate u_i^-1 to prover and just check u_i*u_i^-1==1 in verifier circuit

* IPA polish and document

* Add 'BLIND' parameter to CommitmentProver trait (and to Pedersen and KZG impls). Fit IPA into CommitmentProver trait.

* rename 'BLIND' to 'H' (hiding) in commitment

* IPA: rm u_invs from Proof and compute them incircuit

* Update IPA's build_s & gadget to use Halo2 approach following @han0110 's suggestion.

This reduced further the amount of constraints needed.
- for k=4: -9k constraints (-7%)
- for k=8: -473k constr (-31%)
- for k=9: -1123k constr (-35%)
- for k=10: -2578k constr (-39%)
And now IPA verification (without amortizing) is very close to Pedersen
verification (in-circuits).

* rm dbg!(cs.num_constraints()) from multiple tests

* IPA::prove remove intermediate v_lo,v_hi vectors, add doc to build_s_gadget

* move powers_of into utils/mod.rs, update iters to cfg_iter
This commit is contained in:
arnaucube
2024-03-01 09:52:07 +01:00
committed by GitHub
parent 9159c5c84c
commit b25037e34c
18 changed files with 796 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
folding-schemes/src/utils/bit.rs
View File

@@ -1,9 +0,0 @@
pub fn bit_decompose(input: u64, n: usize) -> Vec<bool> {
let mut res = Vec::with_capacity(n);
let mut i = input;
for _ in 0..n {
res.push(i & 1 == 1);
i >>= 1;
}
res
}

13
folding-schemes/src/utils/mod.rs
View File

@@ -1,4 +1,5 @@
pub mod bit;
use ark_ff::PrimeField;
pub mod gadgets;
pub mod hypercube;
pub mod lagrange_poly;
@@ -10,3 +11,13 @@ pub mod espresso;
pub use crate::utils::espresso::multilinear_polynomial;
pub use crate::utils::espresso::sum_check;
pub use crate::utils::espresso::virtual_polynomial;
/// For a given x, returns [1, x^1, x^2, ..., x^n-1];
pub fn powers_of<F: PrimeField>(x: F, n: usize) -> Vec<F> {
let mut c: Vec<F> = vec![F::zero(); n];
c[0] = F::one();
for i in 1..n {
c[i] = c[i - 1] * x;
}
c
}