Skip to content

Commit

Permalink
modify proof and vk structure to support fri proof (step 1)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kunxian-xia
kunxian-xia committed Jan 31, 2024
1 parent dcd7234 commit 1721eb7
Show file tree
Hide file tree
Showing 21 changed files with 332 additions and 84 deletions.
3 changes: 2 additions & 1 deletion halo2_proofs/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,8 @@ logup_skip_inv = []
phase-check = []
multiphase-mock-prover = []

fri = []
fri = ["ff/fri"]

[lib]
bench = false

Expand Down
24 changes: 15 additions & 9 deletions halo2_proofs/src/plonk.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

use blake2b_simd::Params as Blake2bParams;
use group::ff::{Field, FromUniformBytes, PrimeField};
use std::fs::read;

Check warning on line 10 in halo2_proofs/src/plonk.rs

View workflow job for this annotation

GitHub Actions / Clippy (beta)

unused import: `std::fs::read` 

warning: unused import: `std::fs::read`
  --> halo2_proofs/src/plonk.rs:10:5
   |
10 | use std::fs::read;
   |     ^^^^^^^^^^^^^
   |
   = note: `#[warn(unused_imports)]` on by default

use crate::arithmetic::CurveAffine;
use crate::helpers::{
Expand All @@ -22,8 +23,8 @@ mod circuit;
mod error;
mod evaluation;
mod keygen;
#[allow(dead_code)]
mod lookup;
// #[allow(dead_code)]
// mod lookup;
mod mv_lookup;
pub mod permutation;
mod shuffle;
Expand All @@ -39,6 +40,7 @@ pub use keygen::*;
pub use prover::*;
pub use verifier::*;

use crate::poly::commitment::{Commitment, CommitmentItem};
use evaluation::Evaluator;
use std::io;

Expand All @@ -47,7 +49,7 @@ use std::io;
#[derive(Clone, Debug)]
pub struct VerifyingKey<C: CurveAffine> {
domain: EvaluationDomain<C::Scalar>,
fixed_commitments: Vec<C>,
fixed_commitments: Commitment<C>,
permutation: permutation::VerifyingKey<C>,
cs: ConstraintSystem<C::Scalar>,
/// Cached maximum degree of `cs` (which doesn't change after construction).
Expand Down Expand Up @@ -117,9 +119,13 @@ where
reader.read_exact(&mut num_fixed_columns)?;
let num_fixed_columns = u32::from_be_bytes(num_fixed_columns);

let fixed_commitments: Vec<_> = (0..num_fixed_columns)
.map(|_| C::read(reader, format))
.collect::<Result<_, _>>()?;
let fixed_commitments: Vec<_> = if cfg!(fri) {
vec![CommitmentItem::<C::Scalar, C>::read(reader, format)?]
} else {
(0..num_fixed_columns)
.map(|_| CommitmentItem::<C::Scalar, C>::read(reader, format))
.collect::<Result<Vec<_>, _>>()?
};

let permutation = permutation::VerifyingKey::read(reader, &cs.permutation, format)?;

Expand Down Expand Up @@ -178,7 +184,7 @@ where

fn from_parts(
domain: EvaluationDomain<C::Scalar>,
fixed_commitments: Vec<C>,
fixed_commitments: Vec<CommitmentItem<C::Scalar, C>>,
permutation: permutation::VerifyingKey<C>,
cs: ConstraintSystem<C::Scalar>,
// selectors: Vec<Vec<bool>>,
Expand Down Expand Up @@ -240,7 +246,7 @@ where
}

/// Returns commitments of fixed polynomials
pub fn fixed_commitments(&self) -> &Vec<C> {
pub fn fixed_commitments(&self) -> &Vec<CommitmentItem<C::Scalar, C>> {
&self.fixed_commitments
}

Expand Down Expand Up @@ -269,7 +275,7 @@ pub struct PinnedVerificationKey<'a, C: CurveAffine> {
scalar_modulus: &'static str,
domain: PinnedEvaluationDomain<'a, C::Scalar>,
cs: PinnedConstraintSystem<'a, C::Scalar>,
fixed_commitments: &'a Vec<C>,
fixed_commitments: &'a Commitment<C>,
permutation: &'a permutation::VerifyingKey<C>,
}
/// This is a proving key which allows for the creation of proofs for a
Expand Down
1 change: 1 addition & 0 deletions halo2_proofs/src/plonk/keygen.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ use super::{
permutation, Assigned, Challenge, Error, LagrangeCoeff, Polynomial, ProvingKey, VerifyingKey,
};
use crate::helpers::CopyCell;
use crate::poly::commitment::CommitmentItem;

Check warning on line 18 in halo2_proofs/src/plonk/keygen.rs

View workflow job for this annotation

GitHub Actions / Clippy (beta)

unused import: `crate::poly::commitment::CommitmentItem` 

warning: unused import: `crate::poly::commitment::CommitmentItem`
  --> halo2_proofs/src/plonk/keygen.rs:18:5
   |
18 | use crate::poly::commitment::CommitmentItem;
   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
use crate::{
arithmetic::{parallelize, CurveAffine},
circuit::Value,
Expand Down
11 changes: 6 additions & 5 deletions halo2_proofs/src/plonk/mv_lookup/verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ use std::iter;

use super::super::{circuit::Expression, ChallengeBeta, ChallengeTheta, ChallengeX};
use super::Argument;
use crate::poly::commitment::CommitmentItem;
use crate::{
arithmetic::CurveAffine,
plonk::{Error, VerifyingKey},
Expand All @@ -11,12 +12,12 @@ use crate::{
use ff::{BatchInvert, Field, PrimeField, WithSmallOrderMulGroup};

pub struct PreparedCommitments<C: CurveAffine> {
m_commitment: C,
m_commitment: Vec<CommitmentItem<C::Scalar, C>>,
}

pub struct Committed<C: CurveAffine> {
prepared: PreparedCommitments<C>,
phi_commitment: C,
phi_commitment: Vec<CommitmentItem<C::Scalar, C>>,
}

pub struct Evaluated<C: CurveAffine> {
Expand Down Expand Up @@ -170,17 +171,17 @@ impl<C: CurveAffine> Evaluated<C> {
let x_next = vk.domain.rotate_omega(*x, Rotation::next());

iter::empty()
.chain(Some(VerifierQuery::new_commitment(
.chain(Some(VerifierQuery::new_general_commitment(
&self.committed.phi_commitment,
*x,
self.phi_eval,
)))
.chain(Some(VerifierQuery::new_commitment(
.chain(Some(VerifierQuery::new_general_commitment(
&self.committed.phi_commitment,
x_next,
self.phi_next_eval,
)))
.chain(Some(VerifierQuery::new_commitment(
.chain(Some(VerifierQuery::new_general_commitment(
&self.committed.prepared.m_commitment,
*x,
self.m_eval,
Expand Down
8 changes: 6 additions & 2 deletions halo2_proofs/src/plonk/permutation.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ pub(crate) mod verifier;

pub use keygen::Assembly;

use crate::poly::commitment::{Commitment, CommitmentItem};
use std::io;

/// A permutation argument.
Expand Down Expand Up @@ -84,18 +85,21 @@ impl Argument {
/// The verifying key for a single permutation argument.
#[derive(Debug, Clone)]
pub struct VerifyingKey<C: CurveAffine> {
pub commitments: Vec<C>,
// hash-based: merkle cap of tree built from permutation sigma polys
// pairing-based: ec points
pub commitments: Commitment<C>,
}

impl<C: CurveAffine> VerifyingKey<C> {
/// Returns commitments of sigma polynomials
pub fn commitments(&self) -> &Vec<C> {
pub fn commitments(&self) -> &Vec<CommitmentItem<C::Scalar, C>> {
&self.commitments
}

pub(crate) fn write<W: io::Write>(&self, writer: &mut W, format: SerdeFormat) -> io::Result<()>
where
C: SerdeCurveAffine,
C::Scalar: SerdePrimeField,
{
for commitment in &self.commitments {
commitment.write(writer, format)?;
Expand Down
31 changes: 22 additions & 9 deletions halo2_proofs/src/plonk/permutation/verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use std::iter;

use super::super::{circuit::Any, ChallengeBeta, ChallengeGamma, ChallengeX};
use super::{Argument, VerifyingKey};
use crate::poly::commitment::CommitmentItem;
use crate::{
arithmetic::CurveAffine,
plonk::{self, Error},
Expand All @@ -12,12 +13,12 @@ use crate::{

#[derive(Debug)]
pub struct Committed<C: CurveAffine> {
permutation_product_commitments: Vec<C>,
permutation_product_commitments: Vec<CommitmentItem<C::Scalar, C>>,
}

#[derive(Debug)]
pub struct EvaluatedSet<C: CurveAffine> {
pub permutation_product_commitment: C,
pub permutation_product_commitment: Vec<CommitmentItem<C::Scalar, C>>,
pub permutation_product_eval: C::Scalar,
pub permutation_product_next_eval: C::Scalar,
pub permutation_product_last_eval: Option<C::Scalar>,
Expand Down Expand Up @@ -221,20 +222,20 @@ impl<C: CurveAffine> Evaluated<C> {
iter::empty()
// Open permutation product commitments at x and \omega^{-1} x
// Open permutation product commitments at x and \omega x
.chain(Some(VerifierQuery::new_commitment(
.chain(Some(VerifierQuery::new_general_commitment(
&set.permutation_product_commitment,
*x,
set.permutation_product_eval,
)))
.chain(Some(VerifierQuery::new_commitment(
.chain(Some(VerifierQuery::new_general_commitment(
&set.permutation_product_commitment,
x_next,
set.permutation_product_next_eval,
)))
}))
// Open it at \omega^{last} x for all but the last set
.chain(self.sets.iter().rev().skip(1).flat_map(move |set| {
Some(VerifierQuery::new_commitment(
Some(VerifierQuery::new_general_commitment(
&set.permutation_product_commitment,
x_last,
set.permutation_product_last_eval.unwrap(),
Expand All @@ -250,9 +251,21 @@ impl<C: CurveAffine> CommonEvaluated<C> {
x: ChallengeX<C>,
) -> impl Iterator<Item = VerifierQuery<'r, C, M>> + Clone {
// Open permutation commitments for each permutation argument at x
vkey.commitments
.iter()
.zip(self.permutation_evals.iter())
.map(move |(commitment, &eval)| VerifierQuery::new_commitment(commitment, *x, eval))
let ret = if cfg!(fri) {
self.permutation_evals
.iter()
.map(|&eval| {
VerifierQuery::new_general_commitment(vkey.commitments.as_slice(), *x, eval)
})
.collect::<Vec<_>>()
} else {
vkey.commitments
.iter()
.zip(self.permutation_evals.iter())
.map(move |(commitment, &eval)| VerifierQuery::new_commitment(commitment, *x, eval))
.collect::<Vec<_>>()
};

ret.into_iter()
}
}
6 changes: 5 additions & 1 deletion halo2_proofs/src/plonk/shuffle/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ use crate::{
use ff::WithSmallOrderMulGroup;
use group::{ff::BatchInvert, Curve};
use rand_core::RngCore;
use std::ops::Deref;
use std::{
iter,
ops::{Mul, MulAssign},
Expand Down Expand Up @@ -187,7 +188,10 @@ impl<F: WithSmallOrderMulGroup<3>> Argument<F> {
}

let product_blind = Blind(C::Scalar::random(rng));
let product_commitment = params.commit_lagrange(&z, product_blind).to_affine();
let product_commitment = params.commit_lagrange(&z, product_blind)[0]
.deref()
.unwrap()
.to_affine();
let z = pk.vk.domain.lagrange_to_coeff(z);

// Hash product commitment
Expand Down
48 changes: 33 additions & 15 deletions halo2_proofs/src/plonk/shuffle/verifier.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
use std::io::Read;

Check warning on line 1 in halo2_proofs/src/plonk/shuffle/verifier.rs

View workflow job for this annotation

GitHub Actions / Clippy (beta)

unused import: `std::io::Read` 

warning: unused import: `std::io::Read`
 --> halo2_proofs/src/plonk/shuffle/verifier.rs:1:5
  |
1 | use std::io::Read;
  |     ^^^^^^^^^^^^^
use std::iter;

use super::super::{circuit::Expression, ChallengeGamma, ChallengeTheta, ChallengeX};
use super::Argument;
use crate::poly::commitment::Commitment;
use crate::{
arithmetic::CurveAffine,
plonk::{Error, VerifyingKey},
Expand All @@ -11,7 +13,7 @@ use crate::{
use ff::Field;

pub struct Committed<C: CurveAffine> {
product_commitment: C,
product_commitment: Commitment<C>,
}

pub struct Evaluated<C: CurveAffine> {
Expand All @@ -31,7 +33,9 @@ impl<F: Field> Argument<F> {
) -> Result<Committed<C>, Error> {
let product_commitment = transcript.read_point()?;

Ok(Committed { product_commitment })
Ok(Committed {
product_commitment: vec![product_commitment.into()],

Check failure on line 37 in halo2_proofs/src/plonk/shuffle/verifier.rs

View workflow job for this annotation

GitHub Actions / Clippy (beta)

the trait bound `C: group::Curve` is not satisfied 

error[E0277]: the trait bound `C: group::Curve` is not satisfied
  --> halo2_proofs/src/plonk/shuffle/verifier.rs:37:57
   |
37 |             product_commitment: vec![product_commitment.into()],
   |                                                         ^^^^ the trait `group::Curve` is not implemented for `C`
   |
note: required for `poly::commitment::CommitmentItem<F, C>` to implement `std::convert::From<C>`
  --> halo2_proofs/src/poly/commitment.rs:31:16
   |
31 | impl<C: Curve> From<C> for CommitmentItem<C::Scalar, C> {
   |         -----  ^^^^^^^     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |         |
   |         unsatisfied trait bound introduced here
   = note: required for `C` to implement `std::convert::Into<poly::commitment::CommitmentItem<F, C>>`
help: consider further restricting this bound
   |
27 |         C: CurveAffine<ScalarExt = F> + group::Curve,
   |                                       ++++++++++++++
})
}
}

Expand Down Expand Up @@ -121,18 +125,32 @@ impl<C: CurveAffine> Evaluated<C> {
) -> impl Iterator<Item = VerifierQuery<'r, C, M>> + Clone {
let x_next = vk.domain.rotate_omega(*x, Rotation::next());

iter::empty()
// Open shuffle product commitment at x
.chain(Some(VerifierQuery::new_commitment(
&self.committed.product_commitment,
*x,
self.product_eval,
)))
// Open shuffle product commitment at \omega x
.chain(Some(VerifierQuery::new_commitment(
&self.committed.product_commitment,
x_next,
self.product_next_eval,
)))
if cfg!(fri) {
iter::empty()
// Open shuffle product commitment at x
.chain(Some(VerifierQuery::new_general_commitment(
&self.committed.product_commitment,
*x,
self.product_eval,
)))
// Open shuffle product commitment at \omega x
.chain(Some(VerifierQuery::new_general_commitment(
&self.committed.product_commitment,
x_next,
self.product_next_eval,
)))
} else {
iter::empty()
.chain(Some(VerifierQuery::new_commitment(
&self.committed.product_commitment[0],
*x,
self.product_eval,
)))
.chain(Some(VerifierQuery::new_commitment(
&self.committed.product_commitment[0],
x_next,
self.product_next_eval,
)))
}
}
}
Loading

0 comments on commit 1721eb7

Please sign in to comment.