mirror of
https://github.com/arnaucube/testudo.git
synced 2026-01-12 08:41:29 +01:00
PST/SQRT + Benches (#35)
* first version of the sqrt PST without the MIPP * snarkpack integration * snarkpack integration * adding mipp as submodule directly * snarkpack integration * finalizing * snarkpack integration * update mipp with latestest optimisations and add preliminary documentation * improve codebase documentation * remove unused imports and apply cargo fix changes * passing v0.4 * adding gh action * correct workflow item * correct working dir and msrv * remove unnecessary stuff * wip * wip * remove circuit in fq as it's not needed now * done for tonight * wip * wip * sip * prallelise commitment and groth16 verification * finalise comments for mipp * wip * finalise comments * wip * compiling but test failing * putting back non random blinds * using absorb when we can * absorbing scalar * with bls12-381 * stuff * trying to bring ark-blst to testudo * correcting random implementation * with square in place * works with blst * works with blst * fix: don't require nightly Rust With removing the `test` feature, it can also be built with a stable Rust release and don't require a nightly Rust version. * using ark-blst main branch * started cleanup and added testudo benchmark * add testudo snark and nizk in separate files * rename functions that perform setups and add comments * prototyping * explain testudo-nizk * add support for odd case in sqrt_pst * add missing constraints and correct proof size for benchmarks * add support for odd case in sqrt_pst * fix typo in comment * Documentation #31 * fix typo in comment * Fix Cargo.toml and add benchmark for sqrt pst (#34) * add benchmark for sqrt pst * fix typo in comment * add README * comment from readme not executing --------- Co-authored-by: Mara Mihali <maramihali@google.com> Co-authored-by: Mara Mihali <mihalimara22@gmail.com> Co-authored-by: Volker Mische <volker.mische@gmail.com>
This commit is contained in:
Nicolas Gailly
GitHub
@@ -8,143 +8,163 @@
|
||||
//! `(Z3 + 5) * 1 - I0 = 0`
|
||||
//!
|
||||
//! [here]: https://medium.com/@VitalikButerin/quadratic-arithmetic-programs-from-zero-to-hero-f6d558cea649
|
||||
use ark_bls12_377::Fr as Scalar;
|
||||
use ark_ec::pairing::Pairing;
|
||||
use ark_ff::{BigInteger, PrimeField};
|
||||
use ark_std::{One, UniformRand, Zero};
|
||||
use libspartan::{
|
||||
parameters::poseidon_params, poseidon_transcript::PoseidonTranscript, InputsAssignment,
|
||||
Instance, SNARKGens, VarsAssignment, SNARK,
|
||||
use libtestudo::testudo_snark::{TestudoSnark, TestudoSnarkGens};
|
||||
use libtestudo::{
|
||||
parameters::poseidon_params, poseidon_transcript::PoseidonTranscript, InputsAssignment, Instance,
|
||||
VarsAssignment,
|
||||
};
|
||||
|
||||
#[allow(non_snake_case)]
|
||||
fn produce_r1cs() -> (
|
||||
usize,
|
||||
usize,
|
||||
usize,
|
||||
usize,
|
||||
Instance,
|
||||
VarsAssignment,
|
||||
InputsAssignment,
|
||||
fn produce_r1cs<E: Pairing>() -> (
|
||||
usize,
|
||||
usize,
|
||||
usize,
|
||||
usize,
|
||||
Instance<E::ScalarField>,
|
||||
VarsAssignment<E::ScalarField>,
|
||||
InputsAssignment<E::ScalarField>,
|
||||
) {
|
||||
// parameters of the R1CS instance
|
||||
let num_cons = 4;
|
||||
let num_vars = 4;
|
||||
let num_inputs = 1;
|
||||
let num_non_zero_entries = 8;
|
||||
// parameters of the R1CS instance
|
||||
let num_cons = 4;
|
||||
let num_vars = 4;
|
||||
let num_inputs = 1;
|
||||
let num_non_zero_entries = 8;
|
||||
|
||||
// We will encode the above constraints into three matrices, where
|
||||
// the coefficients in the matrix are in the little-endian byte order
|
||||
let mut A: Vec<(usize, usize, Vec<u8>)> = Vec::new();
|
||||
let mut B: Vec<(usize, usize, Vec<u8>)> = Vec::new();
|
||||
let mut C: Vec<(usize, usize, Vec<u8>)> = Vec::new();
|
||||
// We will encode the above constraints into three matrices, where
|
||||
// the coefficients in the matrix are in the little-endian byte order
|
||||
let mut A: Vec<(usize, usize, Vec<u8>)> = Vec::new();
|
||||
let mut B: Vec<(usize, usize, Vec<u8>)> = Vec::new();
|
||||
let mut C: Vec<(usize, usize, Vec<u8>)> = Vec::new();
|
||||
|
||||
let one = Scalar::one().into_repr().to_bytes_le();
|
||||
let one = E::ScalarField::one().into_bigint().to_bytes_le();
|
||||
|
||||
// R1CS is a set of three sparse matrices A B C, where is a row for every
|
||||
// constraint and a column for every entry in z = (vars, 1, inputs)
|
||||
// An R1CS instance is satisfiable iff:
|
||||
// Az \circ Bz = Cz, where z = (vars, 1, inputs)
|
||||
// R1CS is a set of three sparse matrices A B C, where is a row for every
|
||||
// constraint and a column for every entry in z = (vars, 1, inputs)
|
||||
// An R1CS instance is satisfiable iff:
|
||||
// Az \circ Bz = Cz, where z = (vars, 1, inputs)
|
||||
|
||||
// constraint 0 entries in (A,B,C)
|
||||
// constraint 0 is Z0 * Z0 - Z1 = 0.
|
||||
A.push((0, 0, one.clone()));
|
||||
B.push((0, 0, one.clone()));
|
||||
C.push((0, 1, one.clone()));
|
||||
// constraint 0 entries in (A,B,C)
|
||||
// constraint 0 is Z0 * Z0 - Z1 = 0.
|
||||
A.push((0, 0, one.clone()));
|
||||
B.push((0, 0, one.clone()));
|
||||
C.push((0, 1, one.clone()));
|
||||
|
||||
// constraint 1 entries in (A,B,C)
|
||||
// constraint 1 is Z1 * Z0 - Z2 = 0.
|
||||
A.push((1, 1, one.clone()));
|
||||
B.push((1, 0, one.clone()));
|
||||
C.push((1, 2, one.clone()));
|
||||
// constraint 1 entries in (A,B,C)
|
||||
// constraint 1 is Z1 * Z0 - Z2 = 0.
|
||||
A.push((1, 1, one.clone()));
|
||||
B.push((1, 0, one.clone()));
|
||||
C.push((1, 2, one.clone()));
|
||||
|
||||
// constraint 2 entries in (A,B,C)
|
||||
// constraint 2 is (Z2 + Z0) * 1 - Z3 = 0.
|
||||
A.push((2, 2, one.clone()));
|
||||
A.push((2, 0, one.clone()));
|
||||
B.push((2, num_vars, one.clone()));
|
||||
C.push((2, 3, one.clone()));
|
||||
// constraint 2 entries in (A,B,C)
|
||||
// constraint 2 is (Z2 + Z0) * 1 - Z3 = 0.
|
||||
A.push((2, 2, one.clone()));
|
||||
A.push((2, 0, one.clone()));
|
||||
B.push((2, num_vars, one.clone()));
|
||||
C.push((2, 3, one.clone()));
|
||||
|
||||
// constraint 3 entries in (A,B,C)
|
||||
// constraint 3 is (Z3 + 5) * 1 - I0 = 0.
|
||||
A.push((3, 3, one.clone()));
|
||||
A.push((3, num_vars, Scalar::from(5u32).into_repr().to_bytes_le()));
|
||||
B.push((3, num_vars, one.clone()));
|
||||
C.push((3, num_vars + 1, one));
|
||||
// constraint 3 entries in (A,B,C)
|
||||
// constraint 3 is (Z3 + 5) * 1 - I0 = 0.
|
||||
A.push((3, 3, one.clone()));
|
||||
A.push((
|
||||
3,
|
||||
num_vars,
|
||||
E::ScalarField::from(5u32).into_bigint().to_bytes_le(),
|
||||
));
|
||||
B.push((3, num_vars, one.clone()));
|
||||
C.push((3, num_vars + 1, one));
|
||||
|
||||
let inst = Instance::new(num_cons, num_vars, num_inputs, &A, &B, &C).unwrap();
|
||||
let inst = Instance::<E::ScalarField>::new(num_cons, num_vars, num_inputs, &A, &B, &C).unwrap();
|
||||
|
||||
// compute a satisfying assignment
|
||||
let mut rng = ark_std::rand::thread_rng();
|
||||
let z0 = Scalar::rand(&mut rng);
|
||||
let z1 = z0 * z0; // constraint 0
|
||||
let z2 = z1 * z0; // constraint 1
|
||||
let z3 = z2 + z0; // constraint 2
|
||||
let i0 = z3 + Scalar::from(5u32); // constraint 3
|
||||
// compute a satisfying assignment
|
||||
let mut rng = ark_std::rand::thread_rng();
|
||||
let z0 = E::ScalarField::rand(&mut rng);
|
||||
let z1 = z0 * z0; // constraint 0
|
||||
let z2 = z1 * z0; // constraint 1
|
||||
let z3 = z2 + z0; // constraint 2
|
||||
let i0 = z3 + E::ScalarField::from(5u32); // constraint 3
|
||||
|
||||
// create a VarsAssignment
|
||||
let mut vars = vec![Scalar::zero().into_repr().to_bytes_le(); num_vars];
|
||||
vars[0] = z0.into_repr().to_bytes_le();
|
||||
vars[1] = z1.into_repr().to_bytes_le();
|
||||
vars[2] = z2.into_repr().to_bytes_le();
|
||||
vars[3] = z3.into_repr().to_bytes_le();
|
||||
let assignment_vars = VarsAssignment::new(&vars).unwrap();
|
||||
// create a VarsAssignment
|
||||
let mut vars = vec![E::ScalarField::zero().into_bigint().to_bytes_le(); num_vars];
|
||||
vars[0] = z0.into_bigint().to_bytes_le();
|
||||
vars[1] = z1.into_bigint().to_bytes_le();
|
||||
vars[2] = z2.into_bigint().to_bytes_le();
|
||||
vars[3] = z3.into_bigint().to_bytes_le();
|
||||
let assignment_vars = VarsAssignment::new(&vars).unwrap();
|
||||
|
||||
// create an InputsAssignment
|
||||
let mut inputs = vec![Scalar::zero().into_repr().to_bytes_le(); num_inputs];
|
||||
inputs[0] = i0.into_repr().to_bytes_le();
|
||||
let assignment_inputs = InputsAssignment::new(&inputs).unwrap();
|
||||
// create an InputsAssignment
|
||||
let mut inputs = vec![E::ScalarField::zero().into_bigint().to_bytes_le(); num_inputs];
|
||||
inputs[0] = i0.into_bigint().to_bytes_le();
|
||||
let assignment_inputs = InputsAssignment::new(&inputs).unwrap();
|
||||
|
||||
// check if the instance we created is satisfiable
|
||||
let res = inst.is_sat(&assignment_vars, &assignment_inputs);
|
||||
assert!(res.unwrap(), "should be satisfied");
|
||||
// check if the instance we created is satisfiable
|
||||
let res = inst.is_sat(&assignment_vars, &assignment_inputs);
|
||||
assert!(res.unwrap(), "should be satisfied");
|
||||
|
||||
(
|
||||
num_cons,
|
||||
num_vars,
|
||||
num_inputs,
|
||||
num_non_zero_entries,
|
||||
inst,
|
||||
assignment_vars,
|
||||
assignment_inputs,
|
||||
)
|
||||
(
|
||||
num_cons,
|
||||
num_vars,
|
||||
num_inputs,
|
||||
num_non_zero_entries,
|
||||
inst,
|
||||
assignment_vars,
|
||||
assignment_inputs,
|
||||
)
|
||||
}
|
||||
|
||||
type E = ark_bls12_377::Bls12_377;
|
||||
fn main() {
|
||||
// produce an R1CS instance
|
||||
let (
|
||||
num_cons,
|
||||
num_vars,
|
||||
num_inputs,
|
||||
num_non_zero_entries,
|
||||
inst,
|
||||
assignment_vars,
|
||||
assignment_inputs,
|
||||
) = produce_r1cs();
|
||||
// produce an R1CS instance
|
||||
let (
|
||||
num_cons,
|
||||
num_vars,
|
||||
num_inputs,
|
||||
num_non_zero_entries,
|
||||
inst,
|
||||
assignment_vars,
|
||||
assignment_inputs,
|
||||
) = produce_r1cs::<E>();
|
||||
|
||||
let params = poseidon_params();
|
||||
let params = poseidon_params();
|
||||
|
||||
// produce public parameters
|
||||
let gens = SNARKGens::new(num_cons, num_vars, num_inputs, num_non_zero_entries);
|
||||
// produce public parameters
|
||||
let gens = TestudoSnarkGens::<E>::setup(
|
||||
num_cons,
|
||||
num_vars,
|
||||
num_inputs,
|
||||
num_non_zero_entries,
|
||||
params.clone(),
|
||||
);
|
||||
|
||||
// create a commitment to the R1CS instance
|
||||
let (comm, decomm) = SNARK::encode(&inst, &gens);
|
||||
// create a commitment to the R1CS instance
|
||||
let (comm, decomm) = TestudoSnark::encode(&inst, &gens);
|
||||
|
||||
// produce a proof of satisfiability
|
||||
let mut prover_transcript = PoseidonTranscript::new(¶ms);
|
||||
let proof = SNARK::prove(
|
||||
&inst,
|
||||
&comm,
|
||||
&decomm,
|
||||
assignment_vars,
|
||||
&assignment_inputs,
|
||||
&gens,
|
||||
&mut prover_transcript,
|
||||
);
|
||||
// produce a proof of satisfiability
|
||||
let mut prover_transcript = PoseidonTranscript::new(¶ms);
|
||||
let proof = TestudoSnark::prove(
|
||||
&inst,
|
||||
&comm,
|
||||
&decomm,
|
||||
assignment_vars,
|
||||
&assignment_inputs,
|
||||
&gens,
|
||||
&mut prover_transcript,
|
||||
params.clone(),
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
// verify the proof of satisfiability
|
||||
let mut verifier_transcript = PoseidonTranscript::new(¶ms);
|
||||
assert!(proof
|
||||
.verify(&comm, &assignment_inputs, &mut verifier_transcript, &gens)
|
||||
.is_ok());
|
||||
println!("proof verification successful!");
|
||||
// verify the proof of satisfiability
|
||||
let mut verifier_transcript = PoseidonTranscript::new(¶ms);
|
||||
assert!(proof
|
||||
.verify(
|
||||
&gens,
|
||||
&comm,
|
||||
&assignment_inputs,
|
||||
&mut verifier_transcript,
|
||||
params
|
||||
)
|
||||
.is_ok());
|
||||
println!("proof verification successful!");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user