From 71613cf65979547c8aa7aaa06d88c335b44411df Mon Sep 17 00:00:00 2001 From: Vasiliy Olekhov Date: Wed, 11 Sep 2024 12:04:10 +0300 Subject: [PATCH] Synchronize with parallel-crypto3 sources --- libs/containers/CMakeLists.txt | 5 +- .../algorithms/make_evaluation_domain.hpp | 2 - .../math/domains/basic_radix2_domain.hpp | 2 - .../math/domains/extended_radix2_domain.hpp | 2 - .../math/polynomial/basic_operations.hpp | 1 - .../crypto3/math/polynomial/basis_change.hpp | 0 .../nil/crypto3/math/polynomial/evaluate.hpp | 0 .../crypto3/math/polynomial/polynomial.hpp | 130 +++--- .../math/polynomial/polynomial_dfs.hpp | 11 +- .../math/polynomial/polynomial_view.hpp | 1 - .../nil/crypto3/math/polynomial/shift.hpp | 4 +- .../nil/crypto3/math/polynomial/xgcd.hpp | 0 .../include/nil/crypto3/math/type_traits.hpp | 2 - libs/math/test/polynomial_dfs.cpp | 11 +- libs/zk/CMakeLists.txt | 19 +- libs/zk/README.md | 4 +- .../detail/polynomial/basic_fri.hpp | 8 +- .../arithmetization/plonk/constraint.hpp | 4 +- .../plonk/constraint_system.hpp | 2 +- .../plonk/lookup_table_definition.hpp | 1 + .../plonk/placeholder/lookup_argument.hpp | 150 ++++--- .../placeholder/permutation_argument.hpp | 9 +- .../plonk/placeholder/preprocessor.hpp | 2 - .../systems/plonk/placeholder/prover.hpp | 11 +- .../systems/plonk/placeholder/verifier.hpp | 5 +- libs/zk/test/CMakeLists.txt | 2 - libs/zk/test/commitment/lpc_performance.cpp | 390 ------------------ libs/zk/test/commitment/proof_of_work.cpp | 9 +- libs/zk/test/math/expression.cpp | 6 +- .../placeholder/placeholder_gate_argument.cpp | 1 + 30 files changed, 217 insertions(+), 577 deletions(-) mode change 100755 => 100644 libs/math/include/nil/crypto3/math/polynomial/basic_operations.hpp mode change 100755 => 100644 libs/math/include/nil/crypto3/math/polynomial/basis_change.hpp mode change 100755 => 100644 libs/math/include/nil/crypto3/math/polynomial/evaluate.hpp mode change 100755 => 100644 libs/math/include/nil/crypto3/math/polynomial/xgcd.hpp delete mode 100644 libs/zk/test/commitment/lpc_performance.cpp diff --git a/libs/containers/CMakeLists.txt b/libs/containers/CMakeLists.txt index 50947bd2c..ee84981e2 100644 --- a/libs/containers/CMakeLists.txt +++ b/libs/containers/CMakeLists.txt @@ -57,8 +57,9 @@ target_include_directories(${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} INTER cm_deploy(TARGETS ${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} INCLUDE include NAMESPACE ${CMAKE_WORKSPACE_NAME}::) -include(CMTest) -cm_add_test_subdirectory(test) +if (BUILD_TESTS) + add_subdirectory(test) +endif () if (BUILD_EXAMPLES) add_subdirectory(example) diff --git a/libs/math/include/nil/crypto3/math/algorithms/make_evaluation_domain.hpp b/libs/math/include/nil/crypto3/math/algorithms/make_evaluation_domain.hpp index 393f7e97b..e18ff409c 100644 --- a/libs/math/include/nil/crypto3/math/algorithms/make_evaluation_domain.hpp +++ b/libs/math/include/nil/crypto3/math/algorithms/make_evaluation_domain.hpp @@ -26,8 +26,6 @@ #ifndef CRYPTO3_MATH_MAKE_EVALUATION_DOMAIN_HPP #define CRYPTO3_MATH_MAKE_EVALUATION_DOMAIN_HPP -#include - #include #include #include diff --git a/libs/math/include/nil/crypto3/math/domains/basic_radix2_domain.hpp b/libs/math/include/nil/crypto3/math/domains/basic_radix2_domain.hpp index 96f02314e..53fe99286 100755 --- a/libs/math/include/nil/crypto3/math/domains/basic_radix2_domain.hpp +++ b/libs/math/include/nil/crypto3/math/domains/basic_radix2_domain.hpp @@ -28,8 +28,6 @@ #include -#include - #include #include diff --git a/libs/math/include/nil/crypto3/math/domains/extended_radix2_domain.hpp b/libs/math/include/nil/crypto3/math/domains/extended_radix2_domain.hpp index de5974d4b..57d4ca95a 100755 --- a/libs/math/include/nil/crypto3/math/domains/extended_radix2_domain.hpp +++ b/libs/math/include/nil/crypto3/math/domains/extended_radix2_domain.hpp @@ -28,8 +28,6 @@ #include -#include - #include #include #include diff --git a/libs/math/include/nil/crypto3/math/polynomial/basic_operations.hpp b/libs/math/include/nil/crypto3/math/polynomial/basic_operations.hpp old mode 100755 new mode 100644 index e9f896c64..6d1057674 --- a/libs/math/include/nil/crypto3/math/polynomial/basic_operations.hpp +++ b/libs/math/include/nil/crypto3/math/polynomial/basic_operations.hpp @@ -308,7 +308,6 @@ namespace nil { */ template void division(Range &q, Range &r, const Range &a, const Range &b) { - typedef typename std::iterator_traits()))>::value_type value_type; diff --git a/libs/math/include/nil/crypto3/math/polynomial/basis_change.hpp b/libs/math/include/nil/crypto3/math/polynomial/basis_change.hpp old mode 100755 new mode 100644 diff --git a/libs/math/include/nil/crypto3/math/polynomial/evaluate.hpp b/libs/math/include/nil/crypto3/math/polynomial/evaluate.hpp old mode 100755 new mode 100644 diff --git a/libs/math/include/nil/crypto3/math/polynomial/polynomial.hpp b/libs/math/include/nil/crypto3/math/polynomial/polynomial.hpp index 53c9917c0..80be1e775 100644 --- a/libs/math/include/nil/crypto3/math/polynomial/polynomial.hpp +++ b/libs/math/include/nil/crypto3/math/polynomial/polynomial.hpp @@ -64,19 +64,19 @@ namespace nil { } } - explicit polynomial(size_type n, const allocator_type &a) : val(n, FieldValueType::zero(), a) { + explicit polynomial(size_type n, const allocator_type& a) : val(n, FieldValueType::zero(), a) { if (val.empty()) { val.push_back(FieldValueType::zero()); } } - polynomial(size_type n, const value_type &x) : val(n, x) { + polynomial(size_type n, const value_type& x) : val(n, x) { if (val.empty()) { val.push_back(FieldValueType::zero()); } } - polynomial(size_type n, const value_type &x, const allocator_type &a) : val(n, x, a) { + polynomial(size_type n, const value_type& x, const allocator_type& a) : val(n, x, a) { } template @@ -87,7 +87,7 @@ namespace nil { } template - polynomial(InputIterator first, InputIterator last, const allocator_type &a) : val(first, last, a) { + polynomial(InputIterator first, InputIterator last, const allocator_type& a) : val(first, last, a) { if (val.empty()) { val.push_back(FieldValueType::zero()); } @@ -95,73 +95,73 @@ namespace nil { ~polynomial() = default; - polynomial(const polynomial &x) : val(x.val) { + polynomial(const polynomial& x) : val(x.val) { } - polynomial(const polynomial &x, const allocator_type &a) : val(x.val, a) { + polynomial(const polynomial& x, const allocator_type& a) : val(x.val, a) { } polynomial(std::initializer_list il) : val(il) { } - polynomial(std::initializer_list il, const allocator_type &a) : val(il, a) { + polynomial(std::initializer_list il, const allocator_type& a) : val(il, a) { } - polynomial(polynomial &&x) BOOST_NOEXCEPT - (std::is_nothrow_move_constructible::value): - val(x.val) { + polynomial(polynomial&& x) BOOST_NOEXCEPT + (std::is_nothrow_move_constructible::value) : + val(std::move(x.val)) { } - polynomial(polynomial &&x, const allocator_type &a) : val(x.val, a) { + polynomial(polynomial&& x, const allocator_type& a) : val(std::move(x.val), a) { } - polynomial(const container_type &c) : val(c) { + explicit polynomial(const container_type &c) : val(c) { if (val.empty()) { val.push_back(FieldValueType::zero()); } } - polynomial(container_type &&c) : val(std::forward(c)) { + explicit polynomial(container_type &&c) : val(std::forward(c)) { if (val.empty()) { val.push_back(FieldValueType::zero()); } } - polynomial(const FieldValueType &value, std::size_t power = 0) : val(power + 1, - FieldValueType::zero()) { + polynomial(const FieldValueType& value, std::size_t power = 0) + : val(power + 1, FieldValueType::zero()) { this->operator[](power) = value; } - polynomial &operator=(const polynomial &x) { + polynomial& operator=(const polynomial& x) { val = x.val; return *this; } - polynomial &operator=(polynomial &&x) { + polynomial& operator=(polynomial&& x) { val = x.val; return *this; } - polynomial &operator=(const container_type &x) { + polynomial& operator=(const container_type& x) { val = x; return *this; } - polynomial &operator=(container_type &&x) { + polynomial& operator=(container_type&& x) { val = x; return *this; } - polynomial &operator=(std::initializer_list il) { + polynomial& operator=(std::initializer_list il) { val.assign(il.begin(), il.end()); return *this; } - bool operator==(const polynomial &rhs) const { + bool operator==(const polynomial& rhs) const { return val == rhs.val; } - bool operator!=(const polynomial &rhs) const { + bool operator!=(const polynomial& rhs) const { return !(rhs == *this); } @@ -183,7 +183,7 @@ namespace nil { return this->val.__alloc(); } - container_type &get_storage() { + container_type& get_storage() { return val; } @@ -295,11 +295,11 @@ namespace nil { return val.back(); } - value_type *data() BOOST_NOEXCEPT { + value_type* data() BOOST_NOEXCEPT { return val.data(); } - const value_type *data() const BOOST_NOEXCEPT { + const value_type* data() const BOOST_NOEXCEPT { return val.data(); } @@ -307,12 +307,12 @@ namespace nil { val.push_back(_x); } - void push_back(value_type &&_x) { + void push_back(value_type&& _x) { val.push_back(_x); } template - reference emplace_back(Args &&... _args) { + reference emplace_back(Args&&... _args) { return val.template emplace_back(_args...); } @@ -324,12 +324,12 @@ namespace nil { return val.insert(_position, _x); } - iterator insert(const_iterator _position, value_type &&_x) { + iterator insert(const_iterator _position, value_type&& _x) { return val.insert(_position, _x); } template - iterator emplace(const_iterator _position, Args &&... _args) { + iterator emplace(const_iterator _position, Args&&... _args) { return val.template emplace(_position, _args...); } @@ -366,12 +366,12 @@ namespace nil { return val.resize(_sz, _x); } - void swap(polynomial &other) { + void swap(polynomial& other) { val.swap(other.val); } template - FieldValueType evaluate(const Range &values) const { + FieldValueType evaluate(const Range& values) const { assert(values.size() + 1 == this->size()); @@ -383,7 +383,7 @@ namespace nil { return result; } - FieldValueType evaluate(const FieldValueType &value) const { + FieldValueType evaluate(const FieldValueType& value) const { FieldValueType result = FieldValueType::zero(); auto end = this->end(); while (end != this->begin()) { @@ -405,8 +405,8 @@ namespace nil { */ bool is_one() const { return (*this->begin() == FieldValueType(1)) && - std::all_of(++this->begin(), this->end(), - [](FieldValueType i) { return i == FieldValueType::zero(); }); + std::all_of(++this->begin(), this->end(), + [](FieldValueType i) { return i == FieldValueType::zero(); }); } inline static polynomial zero() { @@ -444,13 +444,13 @@ namespace nil { * Computes the standard polynomial addition, polynomial A + polynomial B, and stores result in * polynomial C. */ - polynomial operator+(const polynomial &other) const { + polynomial operator+(const polynomial& other) const { polynomial result; addition(result, *this, other); return result; } - polynomial &operator+=(const polynomial &other) { + polynomial& operator+=(const polynomial& other) { addition(*this, *this, other); return *this; } @@ -465,13 +465,13 @@ namespace nil { * Computes the standard polynomial subtraction, polynomial A - polynomial B, and stores result in * polynomial C. */ - polynomial operator-(const polynomial &other) const { + polynomial operator-(const polynomial& other) const { polynomial result; subtraction(result, *this, other); return result; } - polynomial &operator-=(const polynomial &other) { + polynomial& operator-=(const polynomial& other) { subtraction(*this, *this, other); return *this; } @@ -480,13 +480,13 @@ namespace nil { * Perform the multiplication of two polynomials, polynomial A * polynomial B, and stores result in * polynomial C. */ - polynomial operator*(const polynomial &other) const { + polynomial operator*(const polynomial& other) const { polynomial result; multiplication(result, *this, other); return result; } - polynomial &operator*=(const polynomial &other) { + polynomial& operator*=(const polynomial& other) { multiplication(*this, *this, other); return *this; } @@ -496,13 +496,13 @@ namespace nil { * Input: Polynomial A, Polynomial B, where A / B * Output: Polynomial Q, such that A = (Q * B) + R. */ - polynomial operator/(const polynomial &other) const { + polynomial operator/(const polynomial& other) const { polynomial r, q; division(q, r, *this, other); return q; } - polynomial &operator/=(const polynomial &other) { + polynomial& operator/=(const polynomial& other) { polynomial r, q; // Can't pass *this to the following function call instead of q. division(q, r, *this, other); @@ -515,13 +515,13 @@ namespace nil { * Input: Polynomial A, Polynomial B, where A / B * Output: Polynomial R, such that A = (Q * B) + R. */ - polynomial operator%(const polynomial &other) const { + polynomial operator%(const polynomial& other) const { polynomial r, q; division(q, r, *this, other); return r; } - polynomial &operator%=(const polynomial &other) { + polynomial& operator%=(const polynomial& other) { polynomial q, r; // Can't pass *this to the following function call instead of r. division(q, r, *this, other); @@ -531,33 +531,33 @@ namespace nil { }; template, - typename = typename std::enable_if::value>::type> - polynomial operator+(const polynomial &A, - const FieldValueType &B) { + typename = typename std::enable_if::value>::type> + polynomial operator+(const polynomial& A, + const FieldValueType& B) { return A + polynomial(B); } template, - typename = typename std::enable_if::value>::type> - polynomial operator+(const FieldValueType &A, - const polynomial &B) { + typename = typename std::enable_if::value>::type> + polynomial operator+(const FieldValueType& A, + const polynomial& B) { return polynomial(A) + B; } template, - typename = typename std::enable_if::value>::type> - polynomial operator-(const polynomial &A, - const FieldValueType &B) { + typename = typename std::enable_if::value>::type> + polynomial operator-(const polynomial& A, + const FieldValueType& B) { return A - polynomial(B); } template, - typename = typename std::enable_if::value>::type> - polynomial operator-(const FieldValueType &A, - const polynomial &B) { + typename = typename std::enable_if::value>::type> + polynomial operator-(const FieldValueType& A, + const polynomial& B) { return polynomial(A) - B; } @@ -567,7 +567,7 @@ namespace nil { polynomial operator*(const polynomial& A, const FieldValueType& B) { polynomial result(A); - for( auto it = result.begin(); it != result.end(); it++ ){ + for (auto it = result.begin(); it != result.end(); ++it) { *it *= B; } return result; @@ -587,16 +587,16 @@ namespace nil { const FieldValueType& B) { polynomial result(A); FieldValueType B_inversed = B.inversed(); - for( auto it = result.begin(); it != result.end(); it++ ){ + for (auto it = result.begin(); it != result.end(); ++it) { *it *= B_inversed; } return result; } template, - typename = typename std::enable_if::value>::type> - polynomial operator/(const FieldValueType &A, - const polynomial &B) { + typename = typename std::enable_if::value>::type> + polynomial operator/(const FieldValueType& A, + const polynomial& B) { return polynomial(A) / B; } @@ -604,15 +604,15 @@ namespace nil { // Used in the unit tests, so we can use BOOST_CHECK_EQUALS, and see // the values of polynomials, when the check fails. template, - typename = typename std::enable_if::value>::type> - std::ostream &operator<<(std::ostream &os, - const polynomial &poly) { + typename = typename std::enable_if::value>::type> + std::ostream& operator<<(std::ostream& os, + const polynomial& poly) { if (poly.degree() == 0) { // If all it contains is a constant, print the constant, so it's more readable. os << *poly.begin(); } else { os << "[Polynomial, size " << poly.size() << " values "; - for (auto it = poly.begin(); it != poly.end(); it++) { + for (auto it = poly.begin(); it != poly.end(); ++it) { os << "0x" << std::hex << it->data << ", "; } os << "]"; diff --git a/libs/math/include/nil/crypto3/math/polynomial/polynomial_dfs.hpp b/libs/math/include/nil/crypto3/math/polynomial/polynomial_dfs.hpp index 2b5a9c6e4..16c9a2c20 100644 --- a/libs/math/include/nil/crypto3/math/polynomial/polynomial_dfs.hpp +++ b/libs/math/include/nil/crypto3/math/polynomial/polynomial_dfs.hpp @@ -73,11 +73,11 @@ namespace nil { polynomial_dfs() : val(1, FieldValueType::zero()), _d(0) { } - explicit polynomial_dfs(size_t d, size_type n) : val(n), _d(d) { + explicit polynomial_dfs(size_t d, size_type n) : val(n, FieldValueType::zero()), _d(d) { BOOST_ASSERT_MSG(n == detail::power_of_two(n), "DFS optimal polynomial size must be a power of two"); } - explicit polynomial_dfs(size_t d, size_type n, const allocator_type& a) : val(n, a), _d(d) { + explicit polynomial_dfs(size_t d, size_type n, const allocator_type& a) : val(n, FieldValueType::zero(), a), _d(d) { BOOST_ASSERT_MSG(n == detail::power_of_two(n), "DFS optimal polynomial size must be a power of two"); } @@ -340,6 +340,7 @@ namespace nil { return; } BOOST_ASSERT_MSG(_sz >= _d, "Resizing DFS polynomial to a size less than degree is prohibited: can't restore the polynomial in the future."); + if (this->degree() == 0) { // Here we cannot write this->val.resize(_sz, this->val[0]), it will segfault. auto value = this->val[0]; @@ -436,6 +437,7 @@ namespace nil { this->resize(other.size()); } this->_d = std::max(this->_d, other._d); + if (this->size() > other.size()) { polynomial_dfs tmp(other); tmp.resize(this->size()); @@ -512,7 +514,6 @@ namespace nil { polynomial_dfs operator*(const polynomial_dfs& other) const { polynomial_dfs result = *this; result *= other; - return result; } @@ -711,7 +712,7 @@ namespace nil { polynomial_dfs operator*(const polynomial_dfs& A, const FieldValueType& B) { polynomial_dfs result(A); - for( auto it = result.begin(); it != result.end(); it++ ){ + for ( auto it = result.begin(); it != result.end(); ++it) { *it *= B; } return result; @@ -731,7 +732,7 @@ namespace nil { const FieldValueType& B) { polynomial_dfs result(A); FieldValueType B_inversed = B.inversed(); - for( auto it = result.begin(); it != result.end(); it++ ){ + for ( auto it = result.begin(); it != result.end(); ++it) { *it *= B_inversed; } return result; diff --git a/libs/math/include/nil/crypto3/math/polynomial/polynomial_view.hpp b/libs/math/include/nil/crypto3/math/polynomial/polynomial_view.hpp index d4bb38aea..3b105d30e 100644 --- a/libs/math/include/nil/crypto3/math/polynomial/polynomial_view.hpp +++ b/libs/math/include/nil/crypto3/math/polynomial/polynomial_view.hpp @@ -350,7 +350,6 @@ namespace nil { return *this; } -// polynomial_view operator-() const { void neg() { std::transform(this->begin(), this->end(), this->begin(), std::negate()); } diff --git a/libs/math/include/nil/crypto3/math/polynomial/shift.hpp b/libs/math/include/nil/crypto3/math/polynomial/shift.hpp index 1eec617f7..284640452 100644 --- a/libs/math/include/nil/crypto3/math/polynomial/shift.hpp +++ b/libs/math/include/nil/crypto3/math/polynomial/shift.hpp @@ -39,7 +39,7 @@ namespace nil { polynomial f_shifted(f); FieldValueType x_power = x; for (std::size_t i = 1; i < f.size(); i++) { - f_shifted[i] = f_shifted[i] * x_power; + f_shifted[i] *= x_power; x_power *= x; } @@ -74,4 +74,4 @@ namespace nil { } // namespace crypto3 } // namespace nil -#endif // CRYPTO3_ZK_PLONK_REDSHIFT_POLYNOMIAL_SHIFT_HPP \ No newline at end of file +#endif // CRYPTO3_ZK_PLONK_REDSHIFT_POLYNOMIAL_SHIFT_HPP diff --git a/libs/math/include/nil/crypto3/math/polynomial/xgcd.hpp b/libs/math/include/nil/crypto3/math/polynomial/xgcd.hpp old mode 100755 new mode 100644 diff --git a/libs/math/include/nil/crypto3/math/type_traits.hpp b/libs/math/include/nil/crypto3/math/type_traits.hpp index a5094230a..ff9443e53 100755 --- a/libs/math/include/nil/crypto3/math/type_traits.hpp +++ b/libs/math/include/nil/crypto3/math/type_traits.hpp @@ -39,8 +39,6 @@ #include #include -#include - namespace nil { namespace crypto3 { namespace math { diff --git a/libs/math/test/polynomial_dfs.cpp b/libs/math/test/polynomial_dfs.cpp index 6d19cf635..2f049dbd5 100644 --- a/libs/math/test/polynomial_dfs.cpp +++ b/libs/math/test/polynomial_dfs.cpp @@ -1246,7 +1246,7 @@ BOOST_AUTO_TEST_CASE(polynomial_dfs_pow_eq_test) { }}; polynomial_dfs res = a; - for (int i = 1; i < 7; ++i) + for (std::size_t i = 1; i < 7; ++i) res *= a; BOOST_CHECK_EQUAL(res, a.pow(7)); @@ -1345,7 +1345,7 @@ BOOST_AUTO_TEST_CASE(polynomial_dfs_multiplication_perf_test, *boost::unit_test: poly4[i] *= poly; } - for (int i = 1; i < poly4.size(); ++i) { + for (std::size_t i = 1; i < poly4.size(); ++i) { BOOST_CHECK(poly4[i] == poly4[0]); } @@ -1360,8 +1360,8 @@ BOOST_AUTO_TEST_CASE(polynomial_dfs_multiplication_perf_test, *boost::unit_test: BOOST_AUTO_TEST_CASE(polynomial_dfs_resize_perf_test, *boost::unit_test::disabled()) { std::vector values; - size_t size = 131072 * 16; - for (int i = 0; i < size; i++) { + std::size_t size = 131072 * 16; + for (std::size_t i = 0; i < size; i++) { values.push_back(nil::crypto3::algebra::random_element()); } @@ -1369,10 +1369,9 @@ BOOST_AUTO_TEST_CASE(polynomial_dfs_resize_perf_test, *boost::unit_test::disable size - 1, values}; auto start = std::chrono::high_resolution_clock::now(); - for (int i = 0; i < 10; ++i) { + for (std::size_t i = 0; i < 10; ++i) { auto poly2 = poly; poly2.resize(8 * size); - BOOST_CHECK(poly2.size() == 8 * size); } diff --git a/libs/zk/CMakeLists.txt b/libs/zk/CMakeLists.txt index 2ebcef509..a9eb134ae 100644 --- a/libs/zk/CMakeLists.txt +++ b/libs/zk/CMakeLists.txt @@ -39,15 +39,18 @@ target_link_libraries(${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} INTERFACE Boost::container Boost::log - ${CMAKE_WORKSPACE_NAME}::algebra - ${CMAKE_WORKSPACE_NAME}::block - ${CMAKE_WORKSPACE_NAME}::math - ${CMAKE_WORKSPACE_NAME}::hash - ${CMAKE_WORKSPACE_NAME}::multiprecision + # Containers and math implementation could be replaced with namespace change ${CMAKE_WORKSPACE_NAME}::containers - ${CMAKE_WORKSPACE_NAME}::marshalling-zk - ${CMAKE_WORKSPACE_NAME}::benchmark_tools - ) + ${CMAKE_WORKSPACE_NAME}::math + + crypto3::algebra + crypto3::block + crypto3::hash + crypto3::multiprecision + crypto3::marshalling-zk + + crypto3::benchmark_tools +) cm_deploy(TARGETS ${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} INCLUDE include diff --git a/libs/zk/README.md b/libs/zk/README.md index d72cb7908..96ff29821 100644 --- a/libs/zk/README.md +++ b/libs/zk/README.md @@ -1,7 +1,7 @@ # Zero-Knowledge Cryptography Schemes for =nil; Foundation's Cryptography Suite -Zero-Knowledge cryptography schemes for =nil; Foundation's cryptography suite. -SNARK-alike schemes for now. More trivial Pedersen commitment schemes, STARKs, +Zero-Knowledge cryptography schemes for =nil; Foundation's cryptography suite. +SNARK-alike schemes for now. More trivial Pedersen commitment schemes, STARKs, IOP-based SNARKs, Bulletproofs etc in future. [![Run tests](https://github.com/NilFoundation/crypto3-zk/actions/workflows/run_tests.yml/badge.svg)](https://github.com/NilFoundation/crypto3-zk/actions/workflows/run_tests.yml) diff --git a/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp b/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp index 4d1e0f510..cdf02d4d9 100644 --- a/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp +++ b/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp @@ -235,7 +235,7 @@ namespace nil { } // For the last round it's final_polynomial's values - + // Values for the next round. polynomial_values_type y; @@ -441,6 +441,7 @@ namespace nil { ) { PROFILE_SCOPE("Basic FRI Precommit time"); + // Resize uses low level thread pool, so we need to use the high level one here. for (std::size_t i = 0; i < poly.size(); ++i) { if (poly[i].size() != D->size()) { poly[i].resize(D->size(), nullptr, D); @@ -743,6 +744,7 @@ namespace nil { } } } + return std::move(g_coeffs); } @@ -911,6 +913,7 @@ namespace nil { return std::move(round_proofs); } + template static std::vector query_phase( @@ -957,9 +960,11 @@ namespace nil { typename FRI::query_proof_type query_proof = {std::move(initial_proof), std::move(round_proofs)}; query_proofs[query_id] = std::move(query_proof); } + return std::move(query_proofs); } + template(fri_params)); diff --git a/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint.hpp b/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint.hpp index 7a28b46c8..63df5e2e1 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint.hpp @@ -180,7 +180,9 @@ namespace nil { return evaluator.evaluate(); } - typename VariableType::assignment_type evaluate(detail::plonk_evaluation_map &assignments) const { + typename VariableType::assignment_type + evaluate(detail::plonk_evaluation_map &assignments) const { + math::expression_evaluator evaluator( *this, [&assignments](const VariableType &var) -> const typename VariableType::assignment_type& { diff --git a/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint_system.hpp b/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint_system.hpp index 6300afef3..7aea3b4fc 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint_system.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/constraint_system.hpp @@ -290,7 +290,7 @@ namespace nil { } } for (const auto& table : _lookup_tables) { - for (std::size_t i = 0; i < table.lookup_options.size(); ++i) { + for( const auto &lookup_options: table.lookup_options ){ // +3 because now any lookup option is lookup_column * lookup_selector * (1-q_last-q_blind) -- three polynomials degree rows_amount-1 if( lookup_chunk + 3 >= max_quotient_chunks ){ lookup_parts.push_back(lookup_part); diff --git a/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/lookup_table_definition.hpp b/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/lookup_table_definition.hpp index 6f61974af..101a9b4ca 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/lookup_table_definition.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/arithmetization/plonk/lookup_table_definition.hpp @@ -134,6 +134,7 @@ namespace nil { const std::vector &constant_columns_ids, std::size_t usable_rows ){ + // std::cout << "Packing lookup tables" << std::endl; // std::cout << "Usable rows before: " << usable_rows << std::endl; std::size_t usable_rows_after = usable_rows; diff --git a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/lookup_argument.hpp b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/lookup_argument.hpp index ddc6d14f5..9cfc0830c 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/lookup_argument.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/lookup_argument.hpp @@ -5,6 +5,7 @@ // Copyright (c) 2022 Alisa Cherniaeva // Copyright (c) 2023 Elena Tatuzova // Copyright (c) 2023 Martun Karapetyan +// Copyright (c) 2024 Vasiliy Olekhov // // MIT License // @@ -124,7 +125,7 @@ namespace nil { public: struct prover_lookup_result { - std::array, argument_size> F_dfs; + std::array F_dfs; typename commitment_scheme_type::commitment_type lookup_commitment; }; @@ -155,32 +156,31 @@ namespace nil { PROFILE_SCOPE("Lookup argument prove eval time"); // Construct lookup gates - math::polynomial_dfs one_polynomial( + polynomial_dfs_type one_polynomial( 0, basic_domain->m, FieldType::value_type::one()); - math::polynomial_dfs zero_polynomial( + polynomial_dfs_type zero_polynomial( 0, basic_domain->m, FieldType::value_type::zero()); - math::polynomial_dfs mask_assignment = + polynomial_dfs_type mask_assignment = one_polynomial - preprocessed_data.q_last - preprocessed_data.q_blind; - std::unique_ptr>> lookup_value_ptr = + std::unique_ptr> lookup_value_ptr = prepare_lookup_value(mask_assignment); auto& lookup_value = *lookup_value_ptr; - std::unique_ptr>> lookup_input_ptr = + std::unique_ptr> lookup_input_ptr = prepare_lookup_input(); auto& lookup_input = *lookup_input_ptr; - // 3. Lookup_input and lookup_value are ready // Now sort them! // Reduce value and input: - auto reduced_value_ptr = std::make_unique>>(); + auto reduced_value_ptr = std::make_unique>(); auto& reduced_value = *reduced_value_ptr; for( std::size_t i = 0; i < lookup_value.size(); i++ ){ reduced_value.push_back(reduce_dfs_polynomial_domain(lookup_value[i], basic_domain->m)); } - auto reduced_input_ptr = std::make_unique>>(); + auto reduced_input_ptr = std::make_unique>(); auto& reduced_input = *reduced_input_ptr; for( std::size_t i = 0; i < lookup_input.size(); i++ ){ @@ -208,7 +208,7 @@ namespace nil { lookup_alphas.push_back(transcript.template challenge()); } - math::polynomial_dfs V_L = compute_V_L( + polynomial_dfs_type V_L = compute_V_L( sorted, reduced_input, reduced_value, beta, gamma); // We don't use reduced_input and reduced_value after this line. @@ -221,18 +221,18 @@ namespace nil { BOOST_ASSERT(std::accumulate(part_sizes.begin(), part_sizes.end(), 0) == sorted.size()); // Compute gs and hs products for each part - std::vector> gs = compute_gs( + std::vector gs = compute_gs( std::move(lookup_input_ptr), std::move(lookup_value_ptr), beta, gamma, part_sizes ); - std::vector> hs = compute_hs( + std::vector hs = compute_hs( sorted, beta, gamma, part_sizes ); - math::polynomial_dfs V_L_shifted = + polynomial_dfs_type V_L_shifted = math::polynomial_shift(V_L, 1, basic_domain->m); - std::array, argument_size> F_dfs; + std::array F_dfs; F_dfs[0] = preprocessed_data.common_data.lagrange_0 * (one_polynomial - V_L); F_dfs[1] = preprocessed_data.q_last * ( V_L * V_L - V_L ); @@ -247,16 +247,18 @@ namespace nil { g *= V_L; h *= V_L_shifted; g -= h; - h = math::polynomial_dfs(); // just clean the memory of h. + h = polynomial_dfs_type(); // just clean the memory of h. g *= (preprocessed_data.q_last + preprocessed_data.q_blind) - one_polynomial; F_dfs[2] = std::move(g); } else { - math::polynomial_dfs current_poly = V_L; - math::polynomial_dfs previous_poly = V_L; - std::vector> parts; + std::vector parts; BOOST_ASSERT(part_sizes.size() == gs.size()); BOOST_ASSERT(part_sizes.size() == hs.size()); BOOST_ASSERT(part_sizes.size() == lookup_alphas.size() + 1); + + polynomial_dfs_type current_poly = V_L; + polynomial_dfs_type previous_poly = V_L; + for( std::size_t i = 0; i < lookup_alphas.size(); i ++ ){ auto &g = gs[i]; auto &h = hs[i]; @@ -279,13 +281,20 @@ namespace nil { F_dfs[3] = zero_polynomial; - std::vector> F_dfs_3_parts(std::next(sorted.begin(), 1), sorted.end()); + std::vector alpha_challenges(sorted.size() - 1); + for (std::size_t i = 0; i < sorted.size() - 1; ++i) { + alpha_challenges[i] = transcript.template challenge(); + } + + std::vector F_dfs_3_parts(std::next(sorted.begin(), 1), sorted.end()); for (std::size_t i = 0; i < F_dfs_3_parts.size(); i++) { - typename FieldType::value_type alpha = transcript.template challenge(); - math::polynomial_dfs sorted_shifted = math::polynomial_shift(sorted[i], preprocessed_data.common_data.desc.usable_rows_amount , basic_domain->m); + polynomial_dfs_type sorted_shifted = math::polynomial_shift( + sorted[i], preprocessed_data.common_data.desc.usable_rows_amount, + basic_domain->m); F_dfs_3_parts[i] -= sorted_shifted; - F_dfs_3_parts[i] *= alpha * preprocessed_data.common_data.lagrange_0; + F_dfs_3_parts[i] *= alpha_challenges[i] * preprocessed_data.common_data.lagrange_0; } + F_dfs[3] = polynomial_sum(std::move(F_dfs_3_parts)); return { @@ -294,29 +303,31 @@ namespace nil { }; } - std::vector> compute_gs( - std::unique_ptr>> lookup_input_ptr, - std::unique_ptr>> lookup_value_ptr, + std::vector compute_gs( + std::unique_ptr> lookup_input_ptr, + std::unique_ptr> lookup_value_ptr, const typename FieldType::value_type& beta, const typename FieldType::value_type& gamma, - std::vector lookup_part_sizes + const std::vector& lookup_part_sizes ) { - std::vector> result; + PROFILE_SCOPE("Lookup argument compute_gs"); + + std::vector result; auto& lookup_value = *lookup_value_ptr; auto& lookup_input = *lookup_input_ptr; - auto g = math::polynomial_dfs::one(); + auto g = polynomial_dfs_type::one(); auto one = FieldType::value_type::one(); std::size_t current_part = 0; - std::vector> g_multipliers; + std::vector g_multipliers; for (std::size_t i = 0; i < lookup_input.size(); i++) { g_multipliers.push_back((one + beta) * (gamma + lookup_input[i])); if( g_multipliers.size() == lookup_part_sizes[current_part] ){ g *= math::polynomial_product(std::move(g_multipliers)); result.push_back(g); g_multipliers.clear(); - g = math::polynomial_dfs::one(); + g = polynomial_dfs_type::one(); current_part++; } } @@ -333,7 +344,7 @@ namespace nil { result.push_back(g); g_multipliers.clear(); g.clear(); - g = math::polynomial_dfs::one(); + g = polynomial_dfs_type::one(); current_part++; } } @@ -344,17 +355,20 @@ namespace nil { return std::move(result); } - std::vector> compute_hs( - const std::vector>& sorted, + std::vector compute_hs( + const std::vector& sorted, const typename FieldType::value_type& beta, const typename FieldType::value_type& gamma, const std::vector &lookup_part_sizes ) { + PROFILE_SCOPE("Lookup argument compute_hs"); + auto one = FieldType::value_type::one(); - std::vector> result; - std::vector> h_multipliers; - math::polynomial_dfs h = math::polynomial_dfs::one(); + std::vector result; + + std::vector h_multipliers; + polynomial_dfs_type h = polynomial_dfs_type::one(); std::size_t current_part = 0; for (std::size_t i = 0; i < sorted.size(); i++) { @@ -365,23 +379,25 @@ namespace nil { result.push_back(h); h_multipliers.clear(); h.clear(); - h = math::polynomial_dfs::one(); + h = polynomial_dfs_type::one(); current_part++; } } BOOST_ASSERT(h_multipliers.size() == 0); + return std::move(result); } - math::polynomial_dfs compute_V_L( - const std::vector>& sorted, - const std::vector>& reduced_input, - const std::vector>& reduced_value, + polynomial_dfs_type compute_V_L( + const std::vector& sorted, + const std::vector& reduced_input, + const std::vector& reduced_value, const typename FieldType::value_type& beta, const typename FieldType::value_type& gamma) { + PROFILE_SCOPE("Lookup argument compute poly V_L"); - math::polynomial_dfs V_L( - basic_domain->m-1,basic_domain->m, FieldType::value_type::zero()); + polynomial_dfs_type V_L( + basic_domain->m - 1, basic_domain->m, FieldType::value_type::zero()); V_L[0] = FieldType::value_type::one(); auto one = FieldType::value_type::one(); @@ -406,23 +422,26 @@ namespace nil { } V_L[k] *= h_tmp.inversed(); } + return V_L; } - std::unique_ptr>> prepare_lookup_value( - const math::polynomial_dfs& mask_assignment) { + std::unique_ptr> prepare_lookup_value( + const polynomial_dfs_type& mask_assignment) { + PROFILE_SCOPE("Lookup argument preparing lookup value"); + typename FieldType::value_type theta_acc; // Prepare lookup value - auto lookup_value_ptr = std::make_unique>>(); + auto lookup_value_ptr = std::make_unique>(); for (std::size_t t_id = 0; t_id < lookup_tables.size(); t_id++) { const plonk_lookup_table &l_table = lookup_tables[t_id]; - const math::polynomial_dfs &lookup_tag = plonk_columns.selector(l_table.tag_index); + const polynomial_dfs_type &lookup_tag = plonk_columns.selector(l_table.tag_index); for (std::size_t o_id = 0; o_id < l_table.lookup_options.size(); o_id++) { - math::polynomial_dfs v = (typename FieldType::value_type(t_id + 1)) * lookup_tag; + polynomial_dfs_type v = (typename FieldType::value_type(t_id + 1)) * lookup_tag; theta_acc = theta; for (std::size_t i = 0; i < l_table.columns_number; i++) { - math::polynomial_dfs c; + polynomial_dfs_type c; c = plonk_columns.get_variable_value_without_rotation(l_table.lookup_options[o_id][i]); v += theta_acc * lookup_tag * c; theta_acc *= theta; @@ -434,7 +453,8 @@ namespace nil { return std::move(lookup_value_ptr); } - std::unique_ptr>> prepare_lookup_input() { + std::unique_ptr> prepare_lookup_input() { + PROFILE_SCOPE("Lookup argument preparing lookup input"); auto value_type_to_polynomial_dfs = []( const typename VariableType::assignment_type& coeff) { @@ -447,12 +467,12 @@ namespace nil { typename FieldType::value_type theta_acc; // Prepare lookup input - auto lookup_input_ptr = std::make_unique>>(); + auto lookup_input_ptr = std::make_unique>(); for (const auto &gate : lookup_gates) { math::expression expr; - math::polynomial_dfs lookup_selector = plonk_columns.selector(gate.tag_index); + polynomial_dfs_type lookup_selector = plonk_columns.selector(gate.tag_index); for (const auto &constraint : gate.constraints) { - math::polynomial_dfs l = lookup_selector * (typename FieldType::value_type(constraint.table_id)); + polynomial_dfs_type l = lookup_selector * (typename FieldType::value_type(constraint.table_id)); theta_acc = theta; for(std::size_t k = 0; k < constraint.lookup_input.size(); k++){ expr = converter.convert(constraint.lookup_input[k]); @@ -491,11 +511,11 @@ namespace nil { private: - math::polynomial_dfs reduce_dfs_polynomial_domain( - const math::polynomial_dfs &polynomial, + polynomial_dfs_type reduce_dfs_polynomial_domain( + const polynomial_dfs_type &polynomial, const std::size_t &new_domain_size ) { - math::polynomial_dfs reduced( + polynomial_dfs_type reduced( new_domain_size - 1, new_domain_size, FieldType::value_type::zero()); BOOST_ASSERT(new_domain_size <= polynomial.size()); @@ -512,13 +532,13 @@ namespace nil { return reduced; }; - math::polynomial_dfs get_constraint_tag_from_gate_tag_column( - math::polynomial_dfs tag_column, + polynomial_dfs_type get_constraint_tag_from_gate_tag_column( + polynomial_dfs_type tag_column, std::size_t constraints_num, std::size_t constraint_id, std::size_t table_id ){ - math::polynomial_dfs result = tag_column; + polynomial_dfs_type result = tag_column; for (std::size_t i = 1; i <= constraints_num; i++) { if (i != constraint_id) { auto tmp = tag_column - typename FieldType::value_type(i); @@ -557,12 +577,14 @@ namespace nil { // similar values only with negligible probability. // So similar values in compressed lookup tables vectors repeated values may be only in one column // near each other. - std::vector> sort_polynomials( - const std::vector>& reduced_input, - const std::vector>& reduced_value, + std::vector sort_polynomials( + const std::vector& reduced_input, + const std::vector& reduced_value, std::size_t domain_size, std::size_t usable_rows_amount ) { + PROFILE_SCOPE("Sort Polynomials"); + // Build sorting map std::unordered_map sorting_map; for (std::size_t i = 0; i < reduced_value.size(); i++) { @@ -582,9 +604,9 @@ namespace nil { } } - math::polynomial_dfs zero_poly( + polynomial_dfs_type zero_poly( domain_size-1, domain_size, FieldType::value_type::zero()); - std::vector> sorted( + std::vector sorted( reduced_input.size() + reduced_value.size(), zero_poly ); std::size_t i1 = 0; diff --git a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/permutation_argument.hpp b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/permutation_argument.hpp index 56a6fe7e3..7f8dfa4d3 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/permutation_argument.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/permutation_argument.hpp @@ -105,6 +105,7 @@ namespace nil { std::vector> h_v = S_sigma; BOOST_ASSERT(global_indices.size() == S_id.size()); BOOST_ASSERT(global_indices.size() == S_sigma.size()); + for (std::size_t i = 0; i < S_id.size(); i++) { BOOST_ASSERT(column_polynomials[global_indices[i]].size() == basic_domain->size()); BOOST_ASSERT(S_id[i].size() == basic_domain->size()); @@ -122,6 +123,7 @@ namespace nil { } V_P[0] = FieldType::value_type::one(); + for (std::size_t j = 1; j < basic_domain->size(); j++) { typename FieldType::value_type nom = FieldType::value_type::one(); typename FieldType::value_type denom = FieldType::value_type::one(); @@ -191,16 +193,19 @@ namespace nil { F_dfs[1] -= preprocessed_data.q_blind; F_dfs[1] *= V_P_shifted; } else { + PROFILE_SCOPE("PERMUTATION ARGUMENT else block"); math::polynomial_dfs previous_poly = V_P; math::polynomial_dfs current_poly = V_P; for( std::size_t i = 0; i < preprocessed_data.common_data.permutation_parts-1; i++ ){ - auto g = gs[i]; - auto h = hs[i]; + const auto& g = gs[i]; + const auto& h = hs[i]; auto reduced_g = reduce_dfs_polynomial_domain(g, basic_domain->m); auto reduced_h = reduce_dfs_polynomial_domain(h, basic_domain->m); + for(std::size_t j = 0; j < preprocessed_data.common_data.desc.usable_rows_amount; j++){ current_poly[j] = (previous_poly[j] * reduced_g[j]) * reduced_h[j].inversed(); } + commitment_scheme.append_to_batch(PERMUTATION_BATCH, current_poly); auto part = permutation_alphas[i] * (previous_poly * g - current_poly * h); F_dfs[1] += part; diff --git a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/preprocessor.hpp b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/preprocessor.hpp index 91462c147..fd66fb36d 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/preprocessor.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/preprocessor.hpp @@ -34,8 +34,6 @@ #include #include -#include - #include #include #include diff --git a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp index e05a6ef97..679ee8b5c 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp @@ -218,13 +218,13 @@ namespace nil { private: std::vector quotient_polynomial_split_dfs() { + PROFILE_SCOPE("quotient_polynomial_split_dfs"); + // TODO: pass max_degree parameter placeholder std::vector T_splitted = detail::split_polynomial( quotient_polynomial(), table_description.rows_amount - 1 ); - PROFILE_SCOPE("split_polynomial_dfs_conversion_time"); - std::size_t split_polynomial_size = std::max( (preprocessed_public_data.identity_polynomials.size() + 2) * (preprocessed_public_data.common_data.desc.rows_amount -1 ), (constraint_system.lookup_poly_degree_bound() + 1) * (preprocessed_public_data.common_data.desc.rows_amount -1 )//, @@ -237,7 +237,8 @@ namespace nil { (split_polynomial_size / preprocessed_public_data.common_data.desc.rows_amount + 1): (split_polynomial_size / preprocessed_public_data.common_data.desc.rows_amount); - if( preprocessed_public_data.common_data.max_quotient_chunks != 0 && split_polynomial_size > preprocessed_public_data.common_data.max_quotient_chunks){ + if (preprocessed_public_data.common_data.max_quotient_chunks != 0 && + split_polynomial_size > preprocessed_public_data.common_data.max_quotient_chunks) { split_polynomial_size = preprocessed_public_data.common_data.max_quotient_chunks; } @@ -312,7 +313,7 @@ namespace nil { } commitment_type T_commit(const std::vector& T_splitted_dfs) { - PROFILE_SCOPE("T_splitted_precommit_time"); + PROFILE_SCOPE("T_split_precommit_time"); _commitment_scheme.append_to_batch(QUOTIENT_BATCH, T_splitted_dfs); return _commitment_scheme.commit(QUOTIENT_BATCH); } @@ -392,7 +393,7 @@ namespace nil { std::size_t start_index = preprocessed_public_data.identity_polynomials.size() + preprocessed_public_data.permutation_polynomials.size() + 2; - for( i = 0; i < start_index; i++) { + for (i = 0; i < start_index; i++) { _commitment_scheme.append_eval_point(FIXED_VALUES_BATCH, i, _proof.eval_proof.challenge); } diff --git a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp index 0a46ee832..ed3ee9b5d 100644 --- a/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp +++ b/libs/zk/include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp @@ -73,6 +73,7 @@ namespace nil { typename FieldType::value_type challenge, bool _is_lookup_enabled ) { + PROFILE_SCOPE("evaluation_points_generated_time"); const std::size_t witness_columns = table_description.witness_columns; const std::size_t public_input_columns = table_description.public_input_columns; @@ -119,7 +120,7 @@ namespace nil { std::size_t i = 0; std::size_t start_index = common_data.permuted_columns.size() * 2 + 2; - for( i = 0; i < start_index; i++) { + for (i = 0; i < start_index; i++) { _commitment_scheme.append_eval_point(FIXED_VALUES_BATCH, i, challenge); } @@ -426,7 +427,7 @@ namespace nil { // Z is polynomial -1, 0 ...., 0, 1 typename FieldType::value_type Z_at_challenge = common_data.Z.evaluate(challenge); if (F_consolidated != Z_at_challenge * T_consolidated) { - BOOST_LOG_TRIVIAL(info) << "Verification failed because: F consoludated polynomial does not match."; + BOOST_LOG_TRIVIAL(info) << "Verification failed because: F consolidated polynomial does not match."; return false; } return true; diff --git a/libs/zk/test/CMakeLists.txt b/libs/zk/test/CMakeLists.txt index b5a4aff45..4173028d7 100644 --- a/libs/zk/test/CMakeLists.txt +++ b/libs/zk/test/CMakeLists.txt @@ -107,6 +107,4 @@ foreach(TEST_NAME ${TESTS_NAMES}) define_zk_test(${TEST_NAME}) endforeach() -# string(CONCAT TEST_DATA ${CMAKE_CURRENT_SOURCE_DIR} "/systems/plonk/pickles/data/kimchi") -# target_compile_definitions(crypto3_zk_systems_plonk_pickles_kimchi_test PRIVATE TEST_DATA="${TEST_DATA}") diff --git a/libs/zk/test/commitment/lpc_performance.cpp b/libs/zk/test/commitment/lpc_performance.cpp deleted file mode 100644 index 2216ad4ce..000000000 --- a/libs/zk/test/commitment/lpc_performance.cpp +++ /dev/null @@ -1,390 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2021 Mikhail Komarov -// Copyright (c) 2021 Nikita Kaskov -// Copyright (c) 2022 Ilia Shirobokov -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#define BOOST_TEST_MODULE lpc_test - -// Do it manually for all performance tests -#define PROFILING_ENABLED - -#include - -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#include -#include -#include - -#include - -using namespace nil::crypto3; -using namespace nil::crypto3::zk::snark; - -namespace boost { - namespace test_tools { - namespace tt_detail { - template<> - struct print_log_value>>>> { - void operator()(std::ostream &, - const nil::crypto3::math::polynomial> - - >> &) { - } - }; -} // namespace tt_detail -} // namespace test_tools -} // namespace boost - -template -std::vector> generate(NumberType degree) { - typedef boost::random::independent_bits_engine - random_polynomial_generator_type; - - std::vector> res; - - boost::random::random_device rd; // Will be used to obtain a seed for the random number engine - boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() - boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), std::numeric_limits::max()); - - random_polynomial_generator_type polynomial_element_gen; - std::size_t height = 1; - res.reserve(height); - - for (int i = 0; i < height; i++) { - math::polynomial poly; - for (int j = 0; j < degree; j++) { - poly.push_back(typename FieldType::value_type(polynomial_element_gen())); - } - res.push_back(poly); - } - - return res; -} - -inline std::vector generate_random_step_list(const std::size_t r, const int max_step) { - using dist_type = std::uniform_int_distribution; - static std::random_device random_engine; - - std::vector step_list; - std::size_t steps_sum = 0; - while (steps_sum != r) { - if (r - steps_sum <= max_step) { - while (r - steps_sum != 1) { - step_list.emplace_back(r - steps_sum - 1); - steps_sum += step_list.back(); - } - step_list.emplace_back(1); - steps_sum += step_list.back(); - } else { - step_list.emplace_back(dist_type(1, max_step)(random_engine)); - steps_sum += step_list.back(); - } - } - return step_list; -} - -BOOST_AUTO_TEST_SUITE(lpc_performance_test_suite) - -// TODO(martun): move this to bench folder. -BOOST_AUTO_TEST_CASE(step_list_1, *boost::unit_test::disabled()) { - PROFILE_SCOPE("LPC step list 1 test"); - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - - typedef hashes::keccak_1600<256> merkle_hash_type; - typedef hashes::keccak_1600<256> transcript_hash_type; - - constexpr static const std::size_t lambda = 40; - constexpr static const std::size_t k = 1; - - // It's important parameter - constexpr static const std::size_t d = 1 << 24; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - - constexpr static const std::size_t m = 2; - - typedef zk::commitments::fri fri_type; - typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - // Setup params - std::size_t degree_log = std::ceil(std::log2(d - 1)); - typename fri_type::params_type fri_params( - 1, /*max_step*/ - degree_log, - lambda, - 4, //expand_factor - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - typedef boost::random::independent_bits_engine< - boost::random::mt19937, FieldType::modulus_bits, - typename FieldType::value_type::integral_type - > random_polynomial_generator_type; - - std::vector> res; - - // Generate polys - boost::random::random_device rd; // Will be used to obtain a seed for the random number engine - boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() - boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), - std::numeric_limits::max()); - - random_polynomial_generator_type polynomial_element_gen; - std::size_t height = 1; - res.reserve(height); - - for (int i = 0; i < height; i++) { - math::polynomial poly(fri_params.max_degree + 1); - for (int j = 0; j < fri_params.max_degree + 1; j++) { - poly[i] = typename FieldType::value_type(polynomial_element_gen()); - } - - std::map commitments; - { - PROFILE_SCOPE("polynomial commitment"); - lpc_scheme_prover.append_to_batch(0, poly); - commitments[0] = lpc_scheme_prover.commit(0); - } - - - typename lpc_scheme_type::proof_type proof; - std::array x_data{}; - { - PROFILE_SCOPE("proof generation"); - lpc_scheme_prover.append_eval_point(0, - algebra::fields::arithmetic_params::multiplicative_generator); - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - proof = lpc_scheme_prover.proof_eval(transcript); - } - - { - PROFILE_SCOPE("verification"); - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - - lpc_scheme_verifier.append_eval_point(0, - algebra::fields::arithmetic_params::multiplicative_generator); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - } - } -} - -BOOST_AUTO_TEST_CASE(step_list_3, *boost::unit_test::disabled()) { - PROFILE_SCOPE("LPC step list 3 test"); - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - - typedef hashes::keccak_1600<256> merkle_hash_type; - typedef hashes::keccak_1600<256> transcript_hash_type; - - constexpr static const std::size_t lambda = 40; - constexpr static const std::size_t k = 1; - - // It's important parameter - constexpr static const std::size_t d = 1 << 24; - - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - constexpr static const std::size_t m = 2; - - typedef zk::commitments::fri fri_type; - typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - // Setup params - std::size_t degree_log = std::ceil(std::log2(d - 1)); - typename fri_type::params_type fri_params( - 3, /*max_step*/ - degree_log, - lambda, - 4, //expand_factor - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - typedef boost::random::independent_bits_engine< - boost::random::mt19937, FieldType::modulus_bits, - typename FieldType::value_type::integral_type - > random_polynomial_generator_type; - - std::vector> res; - - // Generate polys - boost::random::random_device rd; // Will be used to obtain a seed for the random number engine - boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() - boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), - std::numeric_limits::max()); - - random_polynomial_generator_type polynomial_element_gen; - std::size_t height = 1; - res.reserve(height); - - for (int i = 0; i < height; i++) { - math::polynomial poly(fri_params.max_degree + 1); - for (int j = 0; j < fri_params.max_degree + 1; j++) { - poly[i] = typename FieldType::value_type(polynomial_element_gen()); - } - - std::map commitments; - { - PROFILE_SCOPE("polynomial commitment"); - lpc_scheme_prover.append_to_batch(0, poly); - commitments[0] = lpc_scheme_prover.commit(0); - } - - - typename lpc_scheme_type::proof_type proof; - std::array x_data{}; - { - PROFILE_SCOPE("proof generation"); - lpc_scheme_prover.append_eval_point(0, - algebra::fields::arithmetic_params::multiplicative_generator); - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - proof = lpc_scheme_prover.proof_eval(transcript); - } - - { - PROFILE_SCOPE("verification"); - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - - lpc_scheme_verifier.append_eval_point(0, - algebra::fields::arithmetic_params::multiplicative_generator); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - } - } -} - -BOOST_AUTO_TEST_CASE(step_list_5, *boost::unit_test::disabled()) { - PROFILE_SCOPE("LPC step list 5 test"); - typedef algebra::curves::bls12<381> curve_type; - typedef typename curve_type::scalar_field_type FieldType; - - typedef hashes::keccak_1600<256> merkle_hash_type; - typedef hashes::keccak_1600<256> transcript_hash_type; - - constexpr static const std::size_t lambda = 40; - constexpr static const std::size_t k = 1; - - // It's important parameter - constexpr static const std::size_t d = 1 << 24; - constexpr static const std::size_t m = 2; - constexpr static const std::size_t r = boost::static_log2<(d - k)>::value; - - typedef zk::commitments::fri fri_type; - typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; - typedef zk::commitments::list_polynomial_commitment lpc_type; - - // Setup params - std::size_t degree_log = std::ceil(std::log2(d - 1)); - typename fri_type::params_type fri_params( - 5, /*max_step*/ - degree_log, - lambda, - 4, //expand_factor - ); - - using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; - lpc_scheme_type lpc_scheme_prover(fri_params); - lpc_scheme_type lpc_scheme_verifier(fri_params); - - typedef boost::random::independent_bits_engine< - boost::random::mt19937, FieldType::modulus_bits, - typename FieldType::value_type::integral_type - > random_polynomial_generator_type; - - std::vector> res; - - // Generate polys - boost::random::random_device rd; // Will be used to obtain a seed for the random number engine - boost::random::mt19937 gen(rd()); // Standard mersenne_twister_engine seeded with rd() - boost::random::uniform_int_distribution<> distrib(std::numeric_limits::min(), - std::numeric_limits::max()); - - random_polynomial_generator_type polynomial_element_gen; - std::size_t height = 1; - res.reserve(height); - - for (int i = 0; i < height; i++) { - math::polynomial poly(fri_params.max_degree + 1); - for (int j = 0; j < fri_params.max_degree + 1; j++) { - poly[i] = typename FieldType::value_type(polynomial_element_gen()); - } - - std::map commitments; - { - PROFILE_SCOPE("polynomial commitment"); - lpc_scheme_prover.append_to_batch(0, poly); - commitments[0] = lpc_scheme_prover.commit(0); - } - - - typename lpc_scheme_type::proof_type proof; - std::array x_data{}; - { - PROFILE_SCOPE("proof generation"); - lpc_scheme_prover.append_eval_point(0, - algebra::fields::arithmetic_params::multiplicative_generator); - zk::transcript::fiat_shamir_heuristic_sequential transcript(x_data); - proof = lpc_scheme_prover.proof_eval(transcript); - } - - { - PROFILE_SCOPE("verification"); - zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(x_data); - lpc_scheme_verifier.set_batch_size(0, proof.z.get_batch_size(0)); - - lpc_scheme_verifier.append_eval_point(0, - algebra::fields::arithmetic_params::multiplicative_generator); - BOOST_CHECK(lpc_scheme_verifier.verify_eval(proof, commitments, transcript_verifier)); - } - } -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/zk/test/commitment/proof_of_work.cpp b/libs/zk/test/commitment/proof_of_work.cpp index 66825f2a9..3c7d02df1 100644 --- a/libs/zk/test/commitment/proof_of_work.cpp +++ b/libs/zk/test/commitment/proof_of_work.cpp @@ -73,10 +73,10 @@ BOOST_AUTO_TEST_SUITE(proof_of_knowledge_test_suite) BOOST_AUTO_TEST_CASE(pow_basic_test) { using keccak = nil::crypto3::hashes::keccak_1600<512>; - const std::uint32_t grinding_bits = 20; - const uint64_t expected_mask = (1ULL << grinding_bits) - 1; + const std::uint64_t grinding_bits = 16; + const uint64_t expected_mask = (1ull << grinding_bits) - 1; - using pow_type = nil::crypto3::zk::commitments::proof_of_work; + using pow_type = nil::crypto3::zk::commitments::proof_of_work; nil::crypto3::zk::transcript::fiat_shamir_heuristic_sequential transcript; auto old_transcript_1 = transcript, old_transcript_2 = transcript; @@ -85,7 +85,8 @@ BOOST_AUTO_TEST_SUITE(proof_of_knowledge_test_suite) BOOST_ASSERT(pow_type::verify(old_transcript_1, result, grinding_bits)); // manually reimplement verify to ensure that changes in implementation didn't break it - old_transcript_2(pow_type::to_byte_array(result)); + auto bytes = pow_type::to_byte_array(result); + old_transcript_2(bytes); auto chal = old_transcript_2.template int_challenge(); BOOST_ASSERT( (chal & expected_mask) == 0); diff --git a/libs/zk/test/math/expression.cpp b/libs/zk/test/math/expression.cpp index 6d337a686..699e87ed9 100644 --- a/libs/zk/test/math/expression.cpp +++ b/libs/zk/test/math/expression.cpp @@ -81,7 +81,7 @@ BOOST_AUTO_TEST_CASE(expression_evaluation_test) { variable_type w3(6, 2, variable_type::column_type::constant); expression expr = (w0 + w1) * (w2 + w3); - + variable_type::assignment_type w0_value(1u); variable_type::assignment_type w1_value(2u); variable_type::assignment_type w2_value(3u); @@ -115,7 +115,7 @@ BOOST_AUTO_TEST_CASE(expression_max_degree_visitor_test) { variable_type w3(6, 2, variable_type::column_type::constant); expression expr = (w0 + w1) * (w2 + w3) + w0 * w1 * (w2 + w3); - + expression_max_degree_visitor visitor; BOOST_CHECK_EQUAL(visitor.compute_max_degree(expr), 3); @@ -134,7 +134,7 @@ BOOST_AUTO_TEST_CASE(expression_for_each_variable_visitor_test) { variable_type w3(6, 2, variable_type::column_type::constant); expression expr = (w0 + w1) * (w2 + w3) + w0 * w1 * (w2 + w3); - + std::set variable_indices; std::set variable_rotations; diff --git a/libs/zk/test/systems/plonk/placeholder/placeholder_gate_argument.cpp b/libs/zk/test/systems/plonk/placeholder/placeholder_gate_argument.cpp index f7eb1a23d..e6d00985e 100644 --- a/libs/zk/test/systems/plonk/placeholder/placeholder_gate_argument.cpp +++ b/libs/zk/test/systems/plonk/placeholder/placeholder_gate_argument.cpp @@ -36,6 +36,7 @@ #include #include +#include #include #include