diff --git a/libs/marshalling/zk/include/nil/crypto3/marshalling/math/types/polynomial.hpp b/libs/marshalling/zk/include/nil/crypto3/marshalling/math/types/polynomial.hpp index 9dd1ce520..739dd0835 100644 --- a/libs/marshalling/zk/include/nil/crypto3/marshalling/math/types/polynomial.hpp +++ b/libs/marshalling/zk/include/nil/crypto3/marshalling/math/types/polynomial.hpp @@ -47,19 +47,25 @@ namespace nil { /////////////////////////////////////////////// // math::polynomial marshalling. /////////////////////////////////////////////// + template + struct polynomial; + template - using polynomial = nil::marshalling::types::array_list< - TTypeBase, - field_element, - nil::marshalling::option::sequence_size_field_prefix> - >; + struct polynomial>::value>> { + using type = nil::marshalling::types::array_list< + TTypeBase, + field_element, + nil::marshalling::option::sequence_size_field_prefix> + >; + }; template - polynomial, PolynomialType> + typename polynomial, PolynomialType, std::enable_if_t< + std::is_same>::value>>::type fill_polynomial(const PolynomialType &f) { using TTypeBase = nil::marshalling::field_type; - using result_type = polynomial, PolynomialType>; std::vector val; for( auto it=f.begin(); it != f.end(); it++){ val.push_back(*it); } @@ -70,7 +76,13 @@ namespace nil { template PolynomialType - make_polynomial(const polynomial, PolynomialType> &filled_polynomial) { + make_polynomial( + const typename polynomial< + nil::marshalling::field_type, + PolynomialType, + std::enable_if_t< + std::is_same>::value> + >::type &filled_polynomial) { auto val = nil::crypto3::marshalling::types::make_field_element_vector< typename PolynomialType::value_type, Endianness @@ -80,19 +92,76 @@ namespace nil { } /////////////////////////////////////////////// - // vector marshalling. + // math::polynomial_dfs marshalling. + /////////////////////////////////////////////// + template + struct polynomial>::value>> { + using type = nil::marshalling::types::bundle< + TTypeBase, + std::tuple< + // degree + nil::marshalling::types::integral, + // values + nil::marshalling::types::array_list< + TTypeBase, + field_element, + nil::marshalling::option::sequence_size_field_prefix> + > + > + >; + }; + + template + typename polynomial, PolynomialDFSType, std::enable_if_t< + std::is_same>::value>>::type + fill_polynomial(const PolynomialDFSType &f) { + using TTypeBase = nil::marshalling::field_type; + using result_type = typename polynomial, PolynomialDFSType>::type; + + std::vector val; + for( auto it=f.begin(); it != f.end(); it++){ val.push_back(*it); } + + return result_type(std::make_tuple( + nil::marshalling::types::integral(f.degree()), + nil::crypto3::marshalling::types::fill_field_element_vector< + typename PolynomialDFSType::value_type, + Endianness + >(val) + )); + } + + template + PolynomialDFSType + make_polynomial(const typename polynomial< + nil::marshalling::field_type, + PolynomialDFSType, + std::enable_if_t< + std::is_same>::value> + >::type &filled_polynomial) { + auto val = nil::crypto3::marshalling::types::make_field_element_vector< + typename PolynomialDFSType::value_type, + Endianness + >(std::get<1>(filled_polynomial.value())); + + return PolynomialDFSType(std::get<0>(filled_polynomial.value()).value(), val.begin(), val.end()); + } + + /////////////////////////////////////////////// + // Polynomial vector marshalling, regardless of the form of the polynomial. /////////////////////////////////////////////// template using polynomial_vector = nil::marshalling::types::array_list< TTypeBase, - polynomial, - nil::marshalling::option::sequence_size_field_prefix> + typename polynomial::type, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> >; template polynomial_vector, PolynomialType> - fill_polynomial_vector(const std::vector &f){ + fill_polynomial_vector(const std::vector &f) { polynomial_vector, PolynomialType> result; for (auto it=f.begin(); it != f.end(); it++) { result.value().push_back(fill_polynomial(*it)); diff --git a/libs/marshalling/zk/include/nil/crypto3/marshalling/math/types/polynomial_dfs.hpp b/libs/marshalling/zk/include/nil/crypto3/marshalling/math/types/polynomial_dfs.hpp deleted file mode 100644 index 50a459f6f..000000000 --- a/libs/marshalling/zk/include/nil/crypto3/marshalling/math/types/polynomial_dfs.hpp +++ /dev/null @@ -1,134 +0,0 @@ -//---------------------------------------------------------------------------// -// Copyright (c) 2024 Martun Karapetyan -// -// MIT License -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in all -// copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -// SOFTWARE. -//---------------------------------------------------------------------------// - -#ifndef CRYPTO3_MARSHALLING_POLYNOMIAL_DFS_HPP -#define CRYPTO3_MARSHALLING_POLYNOMIAL_DFS_HPP - -#include -#include -#include - -#include - -#include -#include -#include -#include -#include - -#include - -namespace nil { - namespace crypto3 { - namespace marshalling { - namespace types { - - /////////////////////////////////////////////// - // math::polynomial_dfs marshalling. - /////////////////////////////////////////////// - template - using polynomial_dfs = nil::marshalling::types::bundle< - TTypeBase, - std::tuple< - // degree - nil::marshalling::types::integral, - // values - nil::marshalling::types::array_list< - TTypeBase, - field_element, - nil::marshalling::option::sequence_size_field_prefix> - > - > - >; - - template - polynomial_dfs, PolynomialDFSType> - fill_polynomial_dfs(const PolynomialDFSType &f) { - using TTypeBase = nil::marshalling::field_type; - using result_type = polynomial_dfs, PolynomialDFSType>; - - std::vector val; - for( auto it=f.begin(); it != f.end(); it++){ val.push_back(*it); } - - return result_type(std::make_tuple( - nil::marshalling::types::integral(f.degree()), - nil::crypto3::marshalling::types::fill_field_element_vector< - typename PolynomialDFSType::value_type, - Endianness - >(val) - )); - } - - template - PolynomialDFSType - make_polynomial_dfs(const polynomial_dfs, PolynomialDFSType> &filled_polynomial) { - auto val = nil::crypto3::marshalling::types::make_field_element_vector< - typename PolynomialDFSType::value_type, - Endianness - >(std::get<1>(filled_polynomial.value())); - - return PolynomialDFSType(std::get<0>(filled_polynomial.value()).value(), val.begin(), val.end()); - } - - /////////////////////////////////////////////// - // vector marshalling. - /////////////////////////////////////////////// - template - using polynomial_dfs_vector = nil::marshalling::types::array_list< - TTypeBase, - polynomial_dfs, - nil::marshalling::option::sequence_size_field_prefix> - >; - - template - polynomial_dfs_vector, PolynomialDFSType> - fill_polynomial_dfs_vector(const std::vector &f){ - polynomial_dfs_vector, PolynomialDFSType> result; - for (auto it=f.begin(); it != f.end(); it++) { - result.value().push_back(fill_polynomial_dfs(*it)); - } - return result; - } - - template - std::vector make_polynomial_dfs_vector( - const polynomial_dfs_vector, PolynomialDFSType> &filled_polynomial_dfs_vector) { - std::vector result; - result.reserve(filled_polynomial_dfs_vector.value().size()); - for (std::size_t i = 0; i < filled_polynomial_dfs_vector.value().size(); i++) { - result.push_back(make_polynomial_dfs( - filled_polynomial_dfs_vector.value()[i])); - } - - return result; - } - - } // namespace types - } // namespace marshalling - } // namespace crypto3 -} // namespace nil - -#endif // CRYPTO3_MARSHALLING_POLYNOMIAL_DFS_HPP diff --git a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp index e8b43689c..7dbaa9276 100644 --- a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp +++ b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/fri.hpp @@ -146,7 +146,7 @@ namespace nil { // std::select_container final_polynomials // May be different size, because real degree may be less than before. So put int in the end - polynomial, + typename polynomial::type, // proof of work. TODO: how to do it optional? nil::marshalling::types::integral //proof of work*/ diff --git a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/lpc.hpp b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/lpc.hpp index 5d753ede0..02f7ced5c 100644 --- a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/lpc.hpp +++ b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/lpc.hpp @@ -3,6 +3,7 @@ // Copyright (c) 2021-2022 Nikita Kaskov // Copyright (c) 2021-2022 Ilias Khairullin // Copyright (c) 2022-2023 Elena Tatuzova +// Copyright (c) 2024 Martun Karapetyan // // MIT License // @@ -220,7 +221,7 @@ namespace nil { return proof; } - template + template struct precommitment_type; // Will be used to store precommitment type of a commitment scheme. It's useful only for LPC for now, diff --git a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/polys_evaluator.hpp b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/polys_evaluator.hpp new file mode 100644 index 000000000..52ceced68 --- /dev/null +++ b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/commitments/polys_evaluator.hpp @@ -0,0 +1,374 @@ +//---------------------------------------------------------------------------// +// Copyright (c) 2024 Martun Karapetyan +// +// MIT License +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. +//---------------------------------------------------------------------------// + +#ifndef CRYPTO3_MARSHALLING_POLYS_EVALUATOR_HPP +#define CRYPTO3_MARSHALLING_POLYS_EVALUATOR_HPP + +#include +#include +#include + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +namespace nil { + namespace crypto3 { + namespace marshalling { + namespace types { + + // * PolysEvaluator is like lpc_commitment_scheme + template + struct polys_evaluator { + using polynomial_type = typename PolysEvaluator::polynomial_type; + + using type = nil::marshalling::types::bundle< + TTypeBase, + std::tuple< + // std::map> _polys; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + >, + nil::marshalling::types::array_list< + TTypeBase, + typename precommitment_type, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + >, + > + >; + }; + + template + typename commitment_preprocessed_data< + nil::marshalling::field_type, PolysEvaluator, + std::enable_if_t> + >::type + fill_commitment_preprocessed_data(const typename PolysEvaluator::preprocessed_data_type& lpc_data){ + using TTypeBase = nil::marshalling::field_type; + using field_marshalling_type = field_element; + + using result_type = typename commitment_preprocessed_data< + nil::marshalling::field_type, PolysEvaluator + >::type; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix> + > filled_map_ids; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix> + > filled_sizes; + nil::marshalling::types::array_list< + TTypeBase, + field_element, + nil::marshalling::option::sequence_size_field_prefix> + > filled_values; + + for (const auto&[k, v]: lpc_data) { + filled_map_ids.value().push_back(nil::marshalling::types::integral(k)); + filled_sizes.value().push_back(nil::marshalling::types::integral(v.size())); + for (std::size_t i = 0; i < v.size(); i++) { + filled_values.value().push_back(field_marshalling_type((v[i]))); + } + } + + return result_type( + std::make_tuple( + filled_map_ids, + filled_sizes, + filled_values + ) + ); + } + + template + typename PolysEvaluator::preprocessed_data_type + make_commitment_preprocessed_data(typename commitment_preprocessed_data< + nil::marshalling::field_type, PolysEvaluator, + std::enable_if_t> + >::type const& filled_commitment_preprocessed_data + ) { + using TTypeBase = nil::marshalling::field_type; + + typename PolysEvaluator::preprocessed_data_type result; + for(std::size_t i = 0; i < std::get<0>(filled_commitment_preprocessed_data.value()).value().size(); i++){ + std::size_t k = std::get<0>(filled_commitment_preprocessed_data.value()).value()[i].value(); + std::size_t size = std::get<1>(filled_commitment_preprocessed_data.value()).value()[i].value(); + std::vector v; + for(std::size_t j = 0; j < size; j++){ + v.push_back(std::get<2>(filled_commitment_preprocessed_data.value()).value()[i*size + j].value()); + } + result[k] = v; + } + + return result; + } + + // FOR LPC only because of basic_fri field + template + struct eval_proof> > { + using type = nil::marshalling::types::bundle< + TTypeBase, + std::tuple< + // Evaluation points storage z + eval_storage, + + // One fri proof + typename fri_proof::type + > + >; + }; + + template + typename eval_proof, PolysEvaluator,std::enable_if_t>>::type + fill_eval_proof( const typename PolysEvaluator::proof_type &proof, const typename PolysEvaluator::fri_type::params_type& fri_params){ + using TTypeBase = nil::marshalling::field_type; + + nil::crypto3::marshalling::types::batch_info_type batch_info = proof.z.get_batch_info(); + + auto filled_z = fill_eval_storage(proof.z); + + typename fri_proof::type filled_fri_proof = fill_fri_proof( + proof.fri_proof, batch_info, fri_params + ); + + return typename eval_proof::type( + std::tuple( filled_z, filled_fri_proof) + ); + } + + template + typename PolysEvaluator::proof_type make_eval_proof( + const typename eval_proof, PolysEvaluator, std::enable_if_t>>::type &filled_proof + ){ + typename PolysEvaluator::proof_type proof; + + proof.z = make_eval_storage(std::get<0>(filled_proof.value())); + auto batch_info = proof.z.get_batch_info(); + proof.fri_proof = make_fri_proof(std::get<1>(filled_proof.value()), batch_info); + + return proof; + } + + template + struct precommitment_type; + + // Will be used to store precommitment type of a commitment scheme. It's useful only for LPC for now, + // and in practive precommitment contains a merkle tree. The following check checks that statement, + // that the precommitment is a merkle tree. + template + struct precommitment_type && + std::is_same< + typename PolysEvaluator::precommitment_type, + nil::crypto3::containers::merkle_tree< + typename PolysEvaluator::precommitment_type::hash_type, + PolysEvaluator::precommitment_type::arity + > + >::value>> { + using type = merkle_tree; + }; + + template + struct commitment_scheme_state; + + // We need the ability to save the whole state of a commitment scheme, every sinlge field, + // so we can resume our program's execution from where it was stopped. + // This will allow us to separate the preprocessor from prover, because LPC has a preprocess step, which + // changes the state of the 'lpc_commitment_scheme' class. + template + struct commitment_scheme_state> > { + using type = nil::marshalling::types::bundle< + TTypeBase, + std::tuple< + // std::map _trees; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + >, + nil::marshalling::types::array_list< + TTypeBase, + typename precommitment_type::type, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + >, + // typename fri_type::params_type _fri_params; + typename commitment_params::type, + + // value_type _etha; + field_element, + + //std::map _batch_fixed; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + >, + // TODO(martun): next value was supposed to be a vector of bool, but our marshalling core + // does not allow us to create an array_list of bools. + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + >, + // preprocessed_data_type _fixed_polys_values; + typename commitment_preprocessed_data< + TTypeBase, PolysEvaluator, + std::enable_if_t> + >::type + > + >; + }; + + template + typename commitment_scheme_state, PolysEvaluator, + std::enable_if_t>>::type + fill_commitment_scheme(const PolysEvaluator &scheme) { + using TTypeBase = nil::marshalling::field_type; + using result_type = typename commitment_scheme_state, PolysEvaluator>::type; + + // std::map _trees; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + > filled_trees_keys; + nil::marshalling::types::array_list< + TTypeBase, + typename precommitment_type::type, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + > filled_trees_values; + for (const auto&[key, value]: scheme.get_trees()) { + filled_trees_keys.value().push_back(nil::marshalling::types::integral(key)); + // Precommitment for LPC is a merkle tree. We may want to abstract away this part into a separate + // fill_precommitment function. + filled_trees_values.value().push_back( + fill_merkle_tree(value)); + } + + //std::map _batch_fixed; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + > filled_batch_fixed_keys; + nil::marshalling::types::array_list< + TTypeBase, + nil::marshalling::types::integral, + nil::marshalling::option::sequence_size_field_prefix< + nil::marshalling::types::integral> + > filled_batch_fixed_values; + for (const auto&[key, value]: scheme.get_batch_fixed()) { + filled_batch_fixed_keys.value().push_back( + nil::marshalling::types::integral(key)); + // Here we convert the value, that is a 'bool' into size_t, which is not good. + filled_batch_fixed_values.value().push_back( + nil::marshalling::types::integral(value)); + } + + return result_type(std::make_tuple( + filled_trees_keys, + filled_trees_values, + fill_commitment_params(scheme.get_fri_params()), + field_element(scheme.get_etha()), + filled_batch_fixed_keys, + filled_batch_fixed_values, + fill_commitment_preprocessed_data(scheme.get_fixed_polys_values()) + )); + } + + template + PolysEvaluator make_commitment_scheme( + typename commitment_scheme_state< + nil::marshalling::field_type, PolysEvaluator, + std::enable_if_t>>::type& filled_commitment_scheme + ) { + using TTypeBase = typename nil::marshalling::field_type; + + std::map trees; + // TODO(martun): this check must be made in release mode as well, maybe we need to start returning statuses + // from make_ functions. + const auto& filled_tree_keys = std::get<0>(filled_commitment_scheme.value()).value(); + const auto& filled_tree_values = std::get<1>(filled_commitment_scheme.value()).value(); + BOOST_ASSERT(filled_tree_keys.size() == filled_tree_values.size()); + + for (std::size_t i = 0; i < filled_tree_keys.size(); i++) { + trees[std::size_t(filled_tree_keys[i].value())] = + make_merkle_tree( + filled_tree_values[i]); + } + + typename PolysEvaluator::fri_type::params_type fri_params = make_commitment_params( + std::get<2>(filled_commitment_scheme.value())); + typename PolysEvaluator::value_type etha = std::get<3>(filled_commitment_scheme.value()).value(); + + std::map batch_fixed; + const auto& batch_fixed_keys = std::get<4>(filled_commitment_scheme.value()).value(); + const auto& batch_fixed_values = std::get<5>(filled_commitment_scheme.value()).value(); + BOOST_ASSERT(batch_fixed_keys.size() == batch_fixed_values.size()); + + for (std::size_t i = 0; i < batch_fixed_keys.size(); i++) { + // Here we convert the value from type size_t back into a 'bool', which is not good. + batch_fixed[std::size_t(batch_fixed_keys[i].value())] = bool(batch_fixed_values[i].value()); + } + + typename PolysEvaluator::preprocessed_data_type fixed_polys_values = + make_commitment_preprocessed_data( + std::get<6>(filled_commitment_scheme.value())); + + return PolysEvaluator(trees, fri_params, etha, batch_fixed, fixed_polys_values); + } + } // namespace types + } // namespace marshalling + } // namespace crypto3 +} // namespace nil + +#endif // CRYPTO3_MARSHALLING_POLYS_EVALUATOR_HPP diff --git a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/placeholder/preprocessed_public_data.hpp b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/placeholder/preprocessed_public_data.hpp index a45c35a56..aac2322dc 100644 --- a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/placeholder/preprocessed_public_data.hpp +++ b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/placeholder/preprocessed_public_data.hpp @@ -37,7 +37,7 @@ #include -#include +#include #include #include @@ -79,10 +79,10 @@ namespace nil { return result_type(std::make_tuple( fill_plonk_public_table( preprocessed_public_data.public_polynomial_table), - fill_polynomial_dfs_vector(preprocessed_public_data.permutation_polynomials), - fill_polynomial_dfs_vector(preprocessed_public_data.identity_polynomials), - fill_polynomial_dfs(preprocessed_public_data.q_last), - fill_polynomial_dfs(preprocessed_public_data.q_blind), + fill_polynomial_vector(preprocessed_public_data.permutation_polynomials), + fill_polynomial_vector(preprocessed_public_data.identity_polynomials), + fill_polynomial(preprocessed_public_data.q_last), + fill_polynomial(preprocessed_public_data.q_blind), fill_placeholder_common_data( preprocessed_public_data.common_data) )); @@ -98,10 +98,10 @@ namespace nil { return PreprocessedPublicDataType({ make_plonk_public_table( std::get<0>(filled_preprocessed_public_data.value())), - make_polynomial_dfs_vector(std::get<1>(filled_preprocessed_public_data.value())), - make_polynomial_dfs_vector(std::get<2>(filled_preprocessed_public_data.value())), - make_polynomial_dfs(std::get<3>(filled_preprocessed_public_data.value())), - make_polynomial_dfs(std::get<4>(filled_preprocessed_public_data.value())), + make_polynomial_vector(std::get<1>(filled_preprocessed_public_data.value())), + make_polynomial_vector(std::get<2>(filled_preprocessed_public_data.value())), + make_polynomial(std::get<3>(filled_preprocessed_public_data.value())), + make_polynomial(std::get<4>(filled_preprocessed_public_data.value())), make_placeholder_common_data( std::get<5>(filled_preprocessed_public_data.value())) }); diff --git a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/plonk/plonk_public_polynomial_dfs_table.hpp b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/plonk/plonk_public_polynomial_dfs_table.hpp index ecd341be9..f3577c07f 100644 --- a/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/plonk/plonk_public_polynomial_dfs_table.hpp +++ b/libs/marshalling/zk/include/nil/crypto3/marshalling/zk/types/plonk/plonk_public_polynomial_dfs_table.hpp @@ -37,7 +37,7 @@ #include #include #include -#include +#include namespace nil { namespace crypto3 { @@ -64,9 +64,9 @@ namespace nil { using PolynomialType = typename PlonkPublicTable::column_type; using result_type = plonk_public_polynomial_table, PlonkPublicTable>; return result_type(std::make_tuple( - fill_polynomial_dfs_vector(public_table.public_inputs()), - fill_polynomial_dfs_vector(public_table.constants()), - fill_polynomial_dfs_vector(public_table.selectors()) + fill_polynomial_vector(public_table.public_inputs()), + fill_polynomial_vector(public_table.constants()), + fill_polynomial_vector(public_table.selectors()) )); } @@ -77,9 +77,9 @@ namespace nil { using PolynomialType = typename PlonkPublicTable::column_type; return PlonkPublicTable( - make_polynomial_dfs_vector(std::get<0>(filled_public_table.value())), - make_polynomial_dfs_vector(std::get<1>(filled_public_table.value())), - make_polynomial_dfs_vector(std::get<2>(filled_public_table.value())) + make_polynomial_vector(std::get<0>(filled_public_table.value())), + make_polynomial_vector(std::get<1>(filled_public_table.value())), + make_polynomial_vector(std::get<2>(filled_public_table.value())) ); } diff --git a/libs/marshalling/zk/test/fri_commitment.cpp b/libs/marshalling/zk/test/fri_commitment.cpp index 168946353..4031c64e7 100644 --- a/libs/marshalling/zk/test/fri_commitment.cpp +++ b/libs/marshalling/zk/test/fri_commitment.cpp @@ -380,8 +380,11 @@ BOOST_FIXTURE_TEST_SUITE(marshalling_fri_proof_elements, zk::test_tools::random_ batch_info[3] = 6; batch_info[4] = 3; - typename FRI::params_type fri_params ( - 1, 11, lambda, 4 + typename FRI::params_type fri_params( + 1, // max_step + 11, // degree_log + lambda, + 4 // expand_factor ); auto proof = generate_random_fri_proof( @@ -444,42 +447,33 @@ BOOST_AUTO_TEST_CASE(marshalling_fri_basic_test) { typedef typename fri_type::proof_type proof_type; typedef typename fri_type::params_type params_type; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - - params_type params( - d - 1, // max_degree - D, - generate_random_step_list(r, 3, generic_random_engine), - 2, //expand_factor - lambda - ); - - BOOST_CHECK(D[1]->m == D[0]->m / 2); - BOOST_CHECK(D[1]->get_domain_element(1) == D[0]->get_domain_element(1).squared()); + // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); + typename fri_type::params_type fri_params( + 3, /*max_step*/ + degree_log, + lambda, + 2 //expand_factor + ); // commit - math::polynomial f = {{1u, 3u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}}; + math::polynomial f = {{ + 1u, 3u, 4u, 1u, 5u, 6u, 7u, 2u, 8u, 7u, 5u, 6u, 1u, 2u, 1u, 1u}}; std::array>, 1> fs; fs[0].resize(1); fs[0][0] = f; - typename fri_type::merkle_tree_type tree = zk::algorithms::precommit(fs[0], params.D[0], - params.step_list[0]); + typename fri_type::merkle_tree_type tree = zk::algorithms::precommit( + fs[0], fri_params.D[0], fri_params.step_list[0]); auto root = zk::algorithms::commit(tree); // eval std::vector init_blob{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}; zk::transcript::fiat_shamir_heuristic_sequential transcript(init_blob); - proof_type proof = zk::algorithms::proof_eval(f, tree, params, transcript); + proof_type proof = zk::algorithms::proof_eval(f, tree, fri_params, transcript); nil::crypto3::marshalling::types::batch_info_type batch_info; batch_info[0] = 1; - test_fri_proof(proof, batch_info, params); - - // verify - //zk::transcript::fiat_shamir_heuristic_sequential transcript_verifier(init_blob); - - //BOOST_CHECK(zk::algorithms::verify_eval(proof, root, params, transcript_verifier)); + test_fri_proof(proof, batch_info, fri_params); } + BOOST_AUTO_TEST_SUITE_END() diff --git a/libs/marshalling/zk/test/placeholder_proof.cpp b/libs/marshalling/zk/test/placeholder_proof.cpp index 19bd0d939..1613efd67 100644 --- a/libs/marshalling/zk/test/placeholder_proof.cpp +++ b/libs/marshalling/zk/test/placeholder_proof.cpp @@ -323,7 +323,12 @@ BOOST_FIXTURE_TEST_CASE(proof_marshalling_test, test_tools::random_test_initiali typename policy_type::variable_assignment_type assignments = circuit.table; typename lpc_type::fri_type::params_type fri_params( - 1, table_rows_log, placeholder_test_params::lambda, 4, true, 0xFFFF8000 + 1, /*max_step*/ + table_rows_log, + placeholder_test_params::lambda, + 4, // expand_factor + true, // use_grinding + 19 // grinding_parameter ); lpc_scheme_type lpc_scheme(fri_params); diff --git a/libs/zk/include/nil/crypto3/zk/commitments/batched_commitment.hpp b/libs/zk/include/nil/crypto3/zk/commitments/batched_commitment.hpp index 8a39bb230..740d982fc 100644 --- a/libs/zk/include/nil/crypto3/zk/commitments/batched_commitment.hpp +++ b/libs/zk/include/nil/crypto3/zk/commitments/batched_commitment.hpp @@ -68,8 +68,12 @@ namespace nil { polys_evaluator() = default; protected: + std::map> _polys; - std::map _locked; // _locked[batch] is true after it is commited + + // _locked[batch] is true after it is commited + std::map _locked; + std::map>> _points; // We frequently search over the this->_points structure, and it's better to keep a hashmap that maps point to @@ -217,27 +221,39 @@ namespace nil { } void append_to_batch(std::size_t index, const polynomial_type& poly){ - if( _locked.find(index) == _locked.end() ) _locked[index] = false; - BOOST_ASSERT(!_locked[index]); // We cannot modify batch after commitment + if (_locked.find(index) == _locked.end()) + _locked[index] = false; + + // We cannot modify batch after commitment + BOOST_ASSERT(!_locked[index]); + _polys[index].push_back(poly); } template void append_to_batch(std::size_t index, const container_type& polys){ - if( _locked.find(index) == _locked.end() ) _locked[index] = false; + if (_locked.find(index) == _locked.end()) + _locked[index] = false; + BOOST_ASSERT(!_locked[index]); // We cannot modify batch after commitment _polys[index].insert(std::end(_polys[index]), std::begin(polys), std::end(polys)); } - void append_eval_point(std::size_t batch_id, typename field_type::value_type point){ - BOOST_ASSERT(_locked[batch_id]); // We can add points only after polynomails are commited. + void append_eval_point(std::size_t batch_id, typename field_type::value_type point) { + // We can add points only after polynomails are commited. + BOOST_ASSERT(_locked[batch_id]); + for(std::size_t i = 0; i < _points[batch_id].size(); i++){ _points[batch_id][i].push_back(point); } } - void append_eval_point(std::size_t batch_id, std::size_t poly_id, typename field_type::value_type point){ - BOOST_ASSERT(_locked[batch_id]); // We can add points only after polynomails are commited. + void append_eval_point( + std::size_t batch_id, std::size_t poly_id, + const typename field_type::value_type& point) { + // We can add points only after polynomails are commited. + BOOST_ASSERT(_locked[batch_id]); + _points[batch_id][poly_id].push_back(point); } diff --git a/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp b/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp index 65d3427ed..f99d49e71 100644 --- a/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp +++ b/libs/zk/include/nil/crypto3/zk/commitments/detail/polynomial/basic_fri.hpp @@ -144,8 +144,6 @@ namespace nil { return step_list; } - //params_type(const params_type &other){} - // TODO when marshalling will be fine params_type( std::size_t max_step, std::size_t degree_log, @@ -184,37 +182,24 @@ namespace nil { bool operator==(const params_type &rhs) const { if (D.size() != rhs.D.size()) { -std::cout << "D.size() != rhs.D.size()" << std::endl; return false; } for (std::size_t i = 0; i < D.size(); i++) { if (D[i]->get_domain_element(1) != rhs.D[i]->get_domain_element(1)) { -std::cout << "(D[i]->get_domain_element(1) != rhs.D[i]->get_domain_element(1))" << " for " << i << std::endl; -std::cout << D[i]->get_domain_element(1) << " VS " << rhs.D[i]->get_domain_element(1) << std::endl; return false; } } if (use_grinding != rhs.use_grinding) { -std::cout << "use_grinding != rhs.use_grinding" << std::endl; return false; } if (use_grinding && grinding_parameter != rhs.grinding_parameter) { -std::cout << "use_grinding && grinding_parameter != rhs.grinding_parameter" << std::endl; return false; } -if (r != rhs.r) { -std::cout << "r != rhs.r" << std::endl; -} - -if (max_degree != rhs.max_degree) { -std::cout << "max_degree != rhs.max_degree" << std::endl; -} return r == rhs.r && max_degree == rhs.max_degree && step_list == rhs.step_list && expand_factor == rhs.expand_factor - && lambda == rhs.lambda - && use_grinding == rhs.use_grinding; + && lambda == rhs.lambda; } bool operator!=(const params_type &rhs) const { @@ -248,8 +233,12 @@ std::cout << "max_degree != rhs.max_degree" << std::endl; } // For the last round it's final_polynomial's values - polynomial_values_type y; // Values for the next round. - merkle_proof_type p; // Merkle proof(values[i-1], T_i) + + // Values for the next round. + polynomial_values_type y; + + // Merkle proof(values[i-1], T_i). + merkle_proof_type p; }; struct initial_proof_type { @@ -279,6 +268,7 @@ std::cout << "max_degree != rhs.max_degree" << std::endl; struct proof_type { bool operator==(const proof_type &rhs) const { + // TODO(martun): check if the following comment can be deleted. // if( FRI::use_grinding && proof_of_work != rhs.proof_of_work ){ // return false; // } diff --git a/libs/zk/test/commitment/fri.cpp b/libs/zk/test/commitment/fri.cpp index 2aae7eda1..a6064750d 100644 --- a/libs/zk/test/commitment/fri.cpp +++ b/libs/zk/test/commitment/fri.cpp @@ -108,14 +108,14 @@ void fri_basic_test() std::vector>> D = math::calculate_domain_set(extended_log, r); + std::size_t degree_log = std::ceil(std::log2(d - 1)); params_type params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1), - 2, //expand_factor + 1, /*max_step*/ + degree_log, lambda, - true, - 16 + 2, //expand_factor + true, // use_grinding + 16 // grinding_parameter ); BOOST_CHECK(D[1]->m == D[0]->m / 2); diff --git a/libs/zk/test/commitment/lpc.cpp b/libs/zk/test/commitment/lpc.cpp index a6e92d652..d7a763ea6 100644 --- a/libs/zk/test/commitment/lpc.cpp +++ b/libs/zk/test/commitment/lpc.cpp @@ -203,15 +203,15 @@ BOOST_AUTO_TEST_SUITE(lpc_math_polynomial_suite); // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor + 1, /*max_step*/ + degree_log, lambda, - true, - 12 - ); + 2, //expand_factor + true, // use_grinding + 12 // grinding_parameter + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; lpc_scheme_type lpc_scheme_prover(fri_params); @@ -304,13 +304,13 @@ BOOST_AUTO_TEST_SUITE(lpc_math_polynomial_suite); typedef zk::commitments::fri fri_type; // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 5, test_global_rnd_engine), - 2, //expand_factor - lambda - ); + 5, /*max_step*/ + degree_log, + lambda, + 2 //expand_factor + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; lpc_scheme_type lpc_scheme_prover(fri_params); @@ -396,20 +396,14 @@ BOOST_AUTO_TEST_SUITE(lpc_math_polynomial_suite); static_assert(!zk::is_commitment::value); // Setup params - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r + 1); - - // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor + 1, /*max_step*/ + degree_log, lambda, - true - ); + 2, //expand_factor + true // use_grinding + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme; lpc_scheme_type lpc_scheme_prover(fri_params); @@ -498,20 +492,16 @@ BOOST_AUTO_TEST_SUITE(lpc_params_test_suite) static_assert(!zk::is_commitment::value); static_assert(!zk::is_commitment::value); - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - + // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor + 1, /*max_step*/ + degree_log, lambda, - true, + 2, // expand_factor + true, // use_grinding 8 - ); + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; lpc_scheme_type lpc_scheme_prover(fri_params); @@ -595,13 +585,14 @@ BOOST_AUTO_TEST_SUITE(lpc_params_test_suite) std::vector>> D = math::calculate_domain_set(extended_log, r); + // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, // max_degree - D, - generate_random_step_list(r, 1, test_global_rnd_engine), - 2, //expand_factor - lambda - ); + 1, /*max_step*/ + degree_log, + lambda, + 2 //expand_factor + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; lpc_scheme_type lpc_scheme_prover(fri_params); diff --git a/libs/zk/test/commitment/lpc_performance.cpp b/libs/zk/test/commitment/lpc_performance.cpp index a9c8ef128..2216ad4ce 100644 --- a/libs/zk/test/commitment/lpc_performance.cpp +++ b/libs/zk/test/commitment/lpc_performance.cpp @@ -148,18 +148,14 @@ BOOST_AUTO_TEST_CASE(step_list_1, *boost::unit_test::disabled()) { typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; typedef zk::commitments::list_polynomial_commitment lpc_type; - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - + // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, - D, - generate_random_step_list(r, 1), - r, - lambda - ); + 1, /*max_step*/ + degree_log, + lambda, + 4, //expand_factor + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; lpc_scheme_type lpc_scheme_prover(fri_params); @@ -239,18 +235,14 @@ BOOST_AUTO_TEST_CASE(step_list_3, *boost::unit_test::disabled()) { typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; typedef zk::commitments::list_polynomial_commitment lpc_type; - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - + // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, - D, - generate_random_step_list(r, 3), - r, - lambda - ); + 3, /*max_step*/ + degree_log, + lambda, + 4, //expand_factor + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; lpc_scheme_type lpc_scheme_prover(fri_params); @@ -329,18 +321,14 @@ BOOST_AUTO_TEST_CASE(step_list_5, *boost::unit_test::disabled()) { typedef zk::commitments::list_polynomial_commitment_params lpc_params_type; typedef zk::commitments::list_polynomial_commitment lpc_type; - constexpr static const std::size_t d_extended = d; - std::size_t extended_log = boost::static_log2::value; - std::vector>> D = - math::calculate_domain_set(extended_log, r); - + // Setup params + std::size_t degree_log = std::ceil(std::log2(d - 1)); typename fri_type::params_type fri_params( - d - 1, - D, - generate_random_step_list(r, 5), - r, - lambda - ); + 5, /*max_step*/ + degree_log, + lambda, + 4, //expand_factor + ); using lpc_scheme_type = nil::crypto3::zk::commitments::lpc_commitment_scheme>; lpc_scheme_type lpc_scheme_prover(fri_params);