Skip to content

Commit

Permalink
206 additional point (#213)
Browse files Browse the repository at this point in the history 
* Add gate argument multiplication on mask #207

* Padding rows >= usable_rows with random numbers #211

* Derandomize placeholder_placeholder_test #211

* crypto3_zk_systems_plonk_plonk_constraint_test updated #211

* Add some includes #211

* Fixed polys values in _etha points is memorized in preprocessor #206

* Move commitment_scheme preprocessed data outside of commitment scheme object #206

* Minor changes in LPC#206
  • Loading branch information
@ETatuzova @martun
ETatuzova authored and martun committed Nov 6, 2023
1 parent f474237 commit e5431cd
Show file tree
Hide file tree
Showing 12 changed files with 478 additions and 504 deletions.
29 changes: 21 additions & 8 deletions include/nil/crypto3/zk/commitments/batched_commitment.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,14 @@ namespace nil {
namespace zk {
namespace commitments {

template<typename FieldType, typename CommitmentType>
template<typename FieldType, typename CommitmentType>
struct commitment_scheme_params_type{
using commitment_type = CommitmentType;
using field_type = FieldType;
};

// Placeholder commitment scheme works with polynomial_dfs
template<typename ParamsType, typename TranscriptType, typename PolynomialType = typename math::polynomial_dfs<typename ParamsType::field_type::value_type>>
template<typename ParamsType, typename TranscriptType, typename PolynomialType = typename math::polynomial_dfs<typename ParamsType::field_type::value_type>>
class polys_evaluator{
public:
using params_type = ParamsType;
Expand Down Expand Up @@ -156,7 +156,7 @@ namespace nil {
_z.set(k, i, j, poly[i].evaluate(point[i][j]));
}
}
}
}
}
public:
boost::property_tree::ptree get_params() const{
Expand Down Expand Up @@ -214,15 +214,28 @@ namespace nil {

namespace algorithms{
// TODO check, that SchemeType has commitment_type and commit functions
// Is called from preprocessor
template<typename FieldType, typename SchemeType>
static typename SchemeType::preprocessed_data_type preprocess(
SchemeType &scheme, typename SchemeType::transcript_type &transcript
){
return scheme.preprocess(transcript);
}

// Is called from prover and verifier. Checks, that transcript is well-initialized
template<typename FieldType, typename SchemeType>
static void setup(SchemeType &scheme, typename SchemeType::transcript_type &transcript ){
return scheme.setup(transcript);
static void setup(
SchemeType &scheme,
typename SchemeType::transcript_type &transcript,
const typename SchemeType::preprocessed_data_type preprocessed_data
){
return scheme.setup(transcript, preprocessed_data);
}

// TODO check, that SchemeType has commitment_type and commit functions
template<typename FieldType, typename SchemeType>
static typename SchemeType::commitment_type commit(
SchemeType &scheme,
SchemeType &scheme,
const std::vector<math::polynomial_dfs<typename FieldType::value_type>> &polynomials,
std::size_t index
){
Expand All @@ -232,7 +245,7 @@ namespace nil {
// TODO check, that SchemeType has proof_type and proof_eval functions
template<typename FieldType, typename SchemeType>
static typename SchemeType::proof_type proof_eval(
SchemeType &scheme,
SchemeType &scheme,
const std::vector<std::vector<std::vector<FieldType>>> &evaluation_points,
typename SchemeType::transcript_type &transcript
){
Expand All @@ -242,7 +255,7 @@ namespace nil {
// TODO check, that SchemeType has proof_type and verify_eval functions
template<typename FieldType, typename SchemeType>
static bool verify_eval(
SchemeType &scheme,
SchemeType &scheme,
const typename SchemeType::proof_type &proof,
const std::map<std::size_t, std::vector<std::vector<FieldType>>> &evaluation_points,
const std::map<std::size_t, typename SchemeType::commitment_type> &commitments,
Expand Down
44 changes: 25 additions & 19 deletions include/nil/crypto3/zk/commitments/polynomial/kzg.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ namespace nil {
* <https://eprint.iacr.org/2020/081.pdf>
*/
template<
typename CurveType, typename TranscriptHashType,
typename CurveType, typename TranscriptHashType,
typename PolynomialType = math::polynomial_dfs<typename CurveType::scalar_field_type::value_type>
>
struct batched_kzg {
Expand Down Expand Up @@ -315,7 +315,7 @@ namespace nil {
KZG>::value,
bool>::type = true>
static void setup_transcript(
const typename KZG::params_type &params,
const typename KZG::params_type &params,
typename KZG::transcript_type &transcript
) {
for (const auto &g1_elem : params.commitment_key) {
Expand Down Expand Up @@ -387,13 +387,13 @@ namespace nil {
KZG>::value,
bool>::type = true>
static typename KZG::single_commitment_type commit_one(
const typename KZG::params_type &params,
const typename KZG::params_type &params,
const typename math::polynomial<typename KZG::field_type::value_type> &poly
) {
BOOST_ASSERT(poly.size() <= params.commitment_key.size());
return algebra::multiexp<typename KZG::multiexp_method>(
params.commitment_key.begin(),
params.commitment_key.begin() + poly.size(),
params.commitment_key.begin() + poly.size(),
poly.begin(), poly.end(), 1
);
}
Expand All @@ -405,7 +405,7 @@ namespace nil {
KZG>::value,
bool>::type = true>
static typename KZG::single_commitment_type commit_one(
const typename KZG::params_type &params,
const typename KZG::params_type &params,
const typename math::polynomial_dfs<typename KZG::field_type::value_type> &poly
) {
auto poly_normal = poly.coefficients();
Expand All @@ -419,7 +419,7 @@ namespace nil {
typename std::enable_if<
std::is_base_of<
commitments::batched_kzg<
typename KZG::curve_type, typename KZG::transcript_hash_type,
typename KZG::curve_type, typename KZG::transcript_hash_type,
math::polynomial<typename KZG::field_type::value_type>>,
KZG>::value,
bool>::type = true>
Expand Down Expand Up @@ -451,7 +451,7 @@ namespace nil {
}
return commitments;
}

template<typename KZG,
typename std::enable_if<
std::is_base_of<
Expand All @@ -475,7 +475,7 @@ namespace nil {
KZG>::value,
bool>::type = true>
static typename KZG::verification_key_type commit_g2(
typename KZG::params_type &params,
typename KZG::params_type &params,
typename math::polynomial<typename KZG::scalar_value_type> poly
) {
BOOST_ASSERT(poly.size() <= params.verification_key.size());
Expand Down Expand Up @@ -533,7 +533,7 @@ namespace nil {
KZG>::value,
bool>::type = true>
static typename KZG::single_commitment_type
proof_eval(const typename KZG::params_type &params,
proof_eval(const typename KZG::params_type &params,
const typename KZG::batch_of_polynomials_type &polys,
typename KZG::public_key_type &public_key,
typename KZG::transcript_type &transcript
Expand Down Expand Up @@ -567,7 +567,7 @@ namespace nil {
}
assert(accum * create_polynom_by_zeros<KZG>(public_key.T) == right_side);
}

return commit_one<KZG>(params, accum);
}

Expand All @@ -587,7 +587,7 @@ namespace nil {
auto gamma = transcript.template challenge<typename KZG::curve_type::scalar_field_type>();
auto factor = KZG::scalar_value_type::one();
auto left_side_pairing = KZG::gt_value_type::one();

for (std::size_t i = 0; i < public_key.commits.size(); ++i) {
auto r_commit = commit_one<KZG>(params, public_key.r[i]);
auto left = factor * (public_key.commits[i] - r_commit);
Expand All @@ -601,7 +601,7 @@ namespace nil {

auto right = commit_g2<KZG>(params, create_polynom_by_zeros<KZG>(public_key.T));
auto right_side_pairing = algebra::pair_reduced<typename KZG::curve_type>(proof, right);

return left_side_pairing == right_side_pairing;
// return true;
}
Expand Down Expand Up @@ -706,7 +706,7 @@ namespace nil {
auto single_commitment = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, this->_polys[index][i]);
this->_ind_commitments[index].push_back(single_commitment);
auto single_commitment_bytes = KZGScheme::serializer::point_to_octets(single_commitment);

result.insert(result.end(), single_commitment_bytes.begin(), single_commitment_bytes.end());
}
_commitments[index] = result;
Expand All @@ -715,11 +715,17 @@ namespace nil {
return result;
}

void setup(transcript_type& transcript){
using preprocessed_data_type = bool;
preprocessed_data_type preprocess(transcript_type& transcript) const{
return true;
}

void setup(transcript_type& transcript, preprocessed_data_type b = true){
nil::crypto3::zk::algorithms::setup_transcript<KZGScheme>(_params, transcript);
}

proof_type proof_eval(transcript_type &transcript){

this->eval_polys();
this->merge_eval_points();

Expand All @@ -739,7 +745,7 @@ namespace nil {
factor *= gamma;
}
}

//verify without pairing. It's only for debug
//if something goes wrong, it may be useful to place here verification with pairings
/*{
Expand All @@ -748,7 +754,7 @@ namespace nil {
for( auto const &it: this->_polys ){
auto k = it.first;
for (std::size_t i = 0; i < this->_points[k].size(); ++i) {
right_side = right_side + (factor * (math::polynomial<typename KZGScheme::scalar_value_type>(this->_polys[k][i].coefficients()) - this->get_U(k, i)) *
right_side = right_side + (factor * (math::polynomial<typename KZGScheme::scalar_value_type>(this->_polys[k][i].coefficients()) - this->get_U(k, i)) *
set_difference_polynom(this->_merged_points, this->_points[k][i]));
factor = factor * gamma;
}
Expand Down Expand Up @@ -784,13 +790,13 @@ namespace nil {
for( std::size_t j = 0; j < KZGScheme::g1_blob_size; j++){
byteblob[j] = this->_commitments.at(k)[i * KZGScheme::g1_blob_size + j];
}
auto i_th_commitment = KZGScheme::serializer::octets_to_g1_point(byteblob);
auto i_th_commitment = KZGScheme::serializer::octets_to_g1_point(byteblob);
auto U_commit = nil::crypto3::zk::algorithms::commit_one<KZGScheme>(_params, this->get_U(k,i));
auto poly_commit = factor*(i_th_commitment - U_commit);

auto result_bytes = KZGScheme::serializer::point_to_octets(poly_commit);
auto left_side_pairing = nil::crypto3::algebra::pair_reduced<curve_type>(
factor*(i_th_commitment - U_commit),
factor*(i_th_commitment - U_commit),
commit_g2(set_difference_polynom(_merged_points, this->_points.at(k)[i]))
);

Expand All @@ -800,7 +806,7 @@ namespace nil {
}

auto right_side_pairing = algebra::pair_reduced<typename KZGScheme::curve_type>(
proof.kzg_proof,
proof.kzg_proof,
commit_g2(this->get_V(this->_merged_points))
);

Expand Down
51 changes: 36 additions & 15 deletions include/nil/crypto3/zk/commitments/polynomial/lpc.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
namespace nil {
namespace crypto3 {
namespace zk {
namespace commitments {
namespace commitments {

// Placeholder-friendly class.
template<typename LPCScheme, typename PolynomialType = typename math::polynomial_dfs<
Expand All @@ -65,21 +65,37 @@ namespace nil {
using poly_type = PolynomialType;
using lpc = LPCScheme;
using eval_storage_type = typename LPCScheme::eval_storage_type;
using preprocessed_data_type = std::map<std::size_t, std::vector<typename field_type::value_type>>;

private:
std::map<std::size_t, precommitment_type> _trees;
typename fri_type::params_type _fri_params;
value_type _etha;
std::map<std::size_t, bool> _batch_fixed;
preprocessed_data_type _fixed_polys_values;

public:
lpc_commitment_scheme(const typename fri_type::params_type &fri_params)
: _fri_params(fri_params), _etha(0) {
}

preprocessed_data_type preprocess(transcript_type& transcript) const{
auto etha = transcript.template challenge<field_type>();

lpc_commitment_scheme(const typename fri_type::params_type &fri_params)
: _fri_params(fri_params) {
preprocessed_data_type result;
for(auto const&[index, fixed]: _batch_fixed) {
if(!fixed) continue;
result[index] = {};
for (const auto& poly: this->_polys.at(index)){
result[index].push_back(poly.evaluate(etha));
}
}
return result;
}

void setup(transcript_type& transcript) {
void setup(transcript_type& transcript, const preprocessed_data_type &preprocessed_data) {
_etha = transcript.template challenge<field_type>();
_fixed_polys_values = preprocessed_data;
}

commitment_type commit(std::size_t index) {
Expand Down Expand Up @@ -189,18 +205,18 @@ namespace nil {

precommitment_type combined_Q_precommitment = nil::crypto3::zk::algorithms::precommit<fri_type>(
combined_Q,
_fri_params.D[0],
_fri_params.D[0],
_fri_params.step_list.front()
);

typename fri_type::proof_type fri_proof = nil::crypto3::zk::algorithms::proof_eval<
fri_type, poly_type
>(
this->_polys,
combined_Q,
combined_Q,
this->_trees,
combined_Q_precommitment,
this->_fri_params,
combined_Q_precommitment,
this->_fri_params,
transcript
);
return proof_type({this->_z, fri_proof});
Expand All @@ -211,9 +227,13 @@ namespace nil {
const std::map<std::size_t, commitment_type> &commitments,
transcript_type &transcript
) {
for (auto const&it: _batch_fixed) {
if(it.second) {
this->append_eval_point(it.first, _etha);
for (auto const&[b_ind, fixed]: _batch_fixed) {
if(!fixed) continue;
this->append_eval_point(b_ind, _etha);
for( std::size_t i = 0; i < proof.z.get_batch_size(b_ind); i++) {
if(this->_fixed_polys_values[b_ind][i] != proof.z.get(b_ind, i, proof.z.get_poly_points_number(b_ind, i) - 1)) {
return false;
}
}
}

Expand Down Expand Up @@ -255,7 +275,7 @@ namespace nil {

if (!nil::crypto3::zk::algorithms::verify_eval<fri_type>(
proof.fri_proof,
_fri_params,
_fri_params,
commitments,
theta,
eval_map,
Expand All @@ -265,6 +285,7 @@ namespace nil {
)) {
return false;
}

return true;
}

Expand All @@ -279,7 +300,7 @@ namespace nil {
params.put("m", fri_type::m);
params.put("lambda", fri_type::lambda);
params.put("max_degree", _fri_params.max_degree);

boost::property_tree::ptree step_list_node;
for( std::size_t j = 0; j < _fri_params.step_list.size(); j++){
boost::property_tree::ptree step_node;
Expand Down Expand Up @@ -341,10 +362,10 @@ namespace nil {
typename LPCParams::grinding_type
> {
using fri_type = typename detail::basic_batched_fri<
FieldType,
FieldType,
typename LPCParams::merkle_hash_type,
typename LPCParams::transcript_hash_type,
LPCParams::lambda,
LPCParams::lambda,
LPCParams::m,
LPCParams::use_grinding,
typename LPCParams::grinding_type
Expand Down
Loading

0 comments on commit e5431cd

Please sign in to comment.