Public input gate added#180

Author: ETatuzova

include/nil/crypto3/zk/snark/systems/plonk/placeholder/prover.hpp

@@ -45,6 +45,7 @@
 #include <nil/crypto3/zk/snark/systems/plonk/placeholder/gates_argument.hpp>
 #include <nil/crypto3/zk/snark/systems/plonk/placeholder/params.hpp>
 #include <nil/crypto3/zk/snark/systems/plonk/placeholder/preprocessor.hpp>
+#include <nil/crypto3/zk/snark/systems/plonk/placeholder/public_input.hpp>
 
 namespace nil {
     namespace crypto3 {
@@ -92,7 +93,7 @@ namespace nil {
                     constexpr static const std::size_t gate_parts = 1;
                     constexpr static const std::size_t permutation_parts = 3;
                     constexpr static const std::size_t lookup_parts = 6;
-                    constexpr static const std::size_t f_parts = 8;
+                    constexpr static const std::size_t f_parts = 9;
 
               public:
 
@@ -184,6 +185,12 @@ namespace nil {
                             transcript
                         )[0];
 
+                        _F_dfs[8] = public_input_processor<ParamsType>::prove(
+                            constraint_system.public_input_gate(),
+                            preprocessed_public_data.common_data,
+                            _polynomial_table, transcript
+                        );
+
                         /////TEST
 #ifdef ZK_PLACEHOLDER_DEBUG_ENABLED
                         placeholder_debug_output();

include/nil/crypto3/zk/snark/systems/plonk/placeholder/public_input.hpp

@@ -0,0 +1,127 @@
+//---------------------------------------------------------------------------//
+// Copyright (c) 2021 Mikhail Komarov <[email protected]>
+// Copyright (c) 2021 Nikita Kaskov <[email protected]>
+// Copyright (c) 2022 Ilia Shirobokov <[email protected]>
+// Copyright (c) 2022 Alisa Cherniaeva <[email protected]>
+// Copyright (c) 2023 Elena Tatuzova <[email protected]>
+//
+// MIT License
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+//---------------------------------------------------------------------------//
+
+#ifndef CRYPTO3_ZK_PLONK_PLACEHOLDER_PUBLIC_INPUT_HPP
+#define CRYPTO3_ZK_PLONK_PLACEHOLDER_PUBLIC_INPUT_HPP
+
+#include <nil/crypto3/math/polynomial/polynomial.hpp>
+#include <nil/crypto3/math/polynomial/shift.hpp>
+#include <nil/crypto3/math/domains/evaluation_domain.hpp>
+#include <nil/crypto3/math/algorithms/make_evaluation_domain.hpp>
+
+#include <nil/crypto3/hash/sha2.hpp>
+
+#include <nil/crypto3/container/merkle/tree.hpp>
+
+#include <nil/crypto3/zk/transcript/fiat_shamir.hpp>
+#include <nil/crypto3/zk/snark/arithmetization/plonk/lookup_constraint.hpp>
+#include <nil/crypto3/zk/snark/systems/plonk/placeholder/params.hpp>
+#include <nil/crypto3/zk/snark/systems/plonk/placeholder/detail/placeholder_policy.hpp>
+#include <nil/crypto3/zk/snark/systems/plonk/placeholder/preprocessor.hpp>
+
+namespace nil {
+    namespace crypto3 {
+        namespace zk {
+            namespace snark {
+                template<typename PlaceholderParams>
+                struct public_input_processor{
+                    using field_type = typename PlaceholderParams::field_type;
+                    using public_input_gate_type = typename PlaceholderParams::constraint_system_type::public_input_gate_type;
+                    using common_data_type = const typename placeholder_public_preprocessor<field_type, PlaceholderParams>::preprocessed_data_type::common_data_type;
+                    using policy_type = detail::placeholder_policy<field_type, PlaceholderParams>;
+                    using assignment_type = plonk_polynomial_dfs_table<field_type, typename PlaceholderParams::arithmetization_params>;
+                    using transcript_type = typename transcript::fiat_shamir_heuristic_sequential<typename PlaceholderParams::transcript_hash_type>;
+                    using variable_type = plonk_variable<typename field_type::value_type>;
+                    using proof_type = placeholder_proof<field_type, PlaceholderParams>;
+
+                    static inline math::polynomial_dfs<typename field_type::value_type> prove(
+                        const public_input_gate_type &public_input_gate,
+                        const common_data_type &common_data,
+                        const assignment_type &assignments,
+                        transcript_type &transcript
+                    ){
+                        math::polynomial_dfs<typename field_type::value_type> result;
+                        if(public_input_gate.size() == 0){
+                            return result;
+                        }
+                        auto alpha = transcript.template challenge<field_type>();
+                        for(std::size_t i = 0; i < public_input_gate.size(); i++){
+                            const auto &var = public_input_gate[i];
+                            math::polynomial_dfs<typename field_type::value_type> l;
+
+                            if(var.type == variable_type::witness){
+                                l = assignments.witness(var.index);
+                            } else if (var.type == variable_type::public_input){
+                                l = assignments.public_input(var.index);
+                            } else if (var.type == variable_type::constant){
+                                l = assignments.constant(var.index);
+                            } else if (var.type == variable_type::selector){
+                                l = assignments.selector(var.index);
+                            } else {
+                            }
+                            l -=  typename field_type::value_type(l[0]);
+                            l *=  math::polynomial_shift(common_data.lagrange_0, var.rotation, common_data.basic_domain->m);
+                            result *= alpha;
+                            result += l;
+                        }
+                        return result;
+                    }
+
+                    static inline typename field_type::value_type verify(
+                        const std::vector<typename field_type::value_type> &public_input,
+                        typename policy_type::evaluation_map &columns_at_y,
+                        typename field_type::value_type challenge,
+                        const public_input_gate_type &public_input_gate,
+                        const common_data_type &common_data,
+                        transcript_type &transcript
+                    ){
+                        if(public_input_gate.size() == 0){
+                            return field_type::value_type::zero();
+                        }
+                        BOOST_ASSERT(public_input_gate.size() == public_input.size());
+
+                        typename field_type::value_type result;
+                        auto alpha = transcript.template challenge<field_type>();
+
+                        for(std::size_t i = 0; i < public_input_gate.size(); i++){
+                            const auto &var = public_input_gate[i];
+                            auto key = std::tuple(var.index, var.rotation, var.type);
+                            auto value = columns_at_y[key] - public_input[i];
+                            value *= math::polynomial_shift(common_data.lagrange_0, var.rotation, common_data.basic_domain->m).evaluate(challenge);
+                            result *= alpha;
+                            result += value;
+                        }
+                        return result;
+                    }
+                };
+            }    // namespace snark
+        }        // namespace zk
+    }            // namespace crypto3
+}    // namespace nil
+
+#endif    // #ifndef CRYPTO3_ZK_PLONK_PLACEHOLDER_PUBLIC_INPUT_ARGUMENT_HPP

include/nil/crypto3/zk/snark/systems/plonk/placeholder/verifier.hpp

@@ -36,6 +36,7 @@
 #include <nil/crypto3/zk/snark/systems/plonk/placeholder/permutation_argument.hpp>
 #include <nil/crypto3/zk/snark/systems/plonk/placeholder/params.hpp>
 #include <nil/crypto3/zk/snark/systems/plonk/placeholder/preprocessor.hpp>
+#include <nil/crypto3/zk/snark/systems/plonk/placeholder/public_input.hpp>
 
 namespace nil {
     namespace crypto3 {
@@ -59,7 +60,7 @@ namespace nil {
                     constexpr static const std::size_t gate_parts = 1;
                     constexpr static const std::size_t permutation_parts = 3;
                     constexpr static const std::size_t lookup_parts = 4;
-                    constexpr static const std::size_t f_parts = 8;
+                    constexpr static const std::size_t f_parts = 9;
 
                 public:
                     static void generate_evaluation_points(
@@ -138,6 +139,8 @@ namespace nil {
                         commitment_scheme_type commitment_scheme,
                         const std::array<std::vector<typename FieldType::value_type>, ParamsType::arithmetization_params::public_input_columns> public_input
                     ){
+                        BOOST_ASSERT(constraint_system.public_input_gate().size() == 0);
+
                         // TODO: process rotations for public input.
                         auto omega = preprocessed_public_data.common_data.basic_domain->get_domain_element(1);
                         auto challenge = proof.eval_proof.challenge;
@@ -157,12 +160,13 @@ namespace nil {
                         }
                         return process(preprocessed_public_data, proof, constraint_system, commitment_scheme);
                     }
-                    
+                                       
                     static inline bool process(
                         const typename public_preprocessor_type::preprocessed_data_type &preprocessed_public_data,
                         const placeholder_proof<FieldType, ParamsType> &proof,
                         const plonk_constraint_system<FieldType, typename ParamsType::arithmetization_params> &constraint_system,
-                        commitment_scheme_type commitment_scheme
+                        commitment_scheme_type commitment_scheme,
+                        const std::vector<typename FieldType::value_type> public_input = {}
                     ) {                        
                         // 1. Add circuit definition to transcript
                         // transcript(short_description); 
@@ -283,6 +287,13 @@ namespace nil {
                             placeholder_gates_argument<FieldType, ParamsType>::verify_eval(
                                 constraint_system.gates(), columns_at_y, proof.eval_proof.challenge, transcript);
 
+                        // 7. public input argument
+                        typename FieldType::value_type public_input_argument = public_input_processor<ParamsType>::verify(
+                            public_input, columns_at_y, 
+                            proof.eval_proof.challenge, constraint_system.public_input_gate(), 
+                            preprocessed_public_data.common_data, transcript
+                        );
+
                         std::array<typename FieldType::value_type, f_parts> alphas =
                             transcript.template challenges<FieldType, f_parts>();
 
@@ -318,6 +329,7 @@ namespace nil {
                         F[5] = lookup_argument[2];
                         F[6] = lookup_argument[3];
                         F[7] = gate_argument[0];
+                        F[8] = public_input_argument;
 
                         typename FieldType::value_type F_consolidated = FieldType::value_type::zero();
                         for (std::size_t i = 0; i < f_parts; i++) {

test/systems/plonk/placeholder/placeholder.cpp

@@ -707,8 +707,11 @@ BOOST_FIXTURE_TEST_CASE(prover_test, test_initializer) {
         preprocessed_public_data, preprocessed_private_data, desc, constraint_system, assignments, lpc_scheme);
 
     bool verifier_res = placeholder_verifier<field_type, lpc_placeholder_params_type>::process(
-        preprocessed_public_data, proof, constraint_system, lpc_scheme);
+        preprocessed_public_data, proof, constraint_system, lpc_scheme, {1,0}); // check with correct public input for public_input gate
     BOOST_CHECK(verifier_res);
+    verifier_res = placeholder_verifier<field_type, lpc_placeholder_params_type>::process(
+        preprocessed_public_data, proof, constraint_system, lpc_scheme, {0,1}); // check with incorrect public input for public_input gate
+    BOOST_CHECK(!verifier_res);
 }
 
 BOOST_AUTO_TEST_CASE(lookup_test) {