-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add hashing to stdlib transcript #4161
Changes from 76 commits
29a0d28
61c9eca
a8204fb
05085c5
99bd01d
029350c
a045b6d
86065bc
d50ac92
5f46e2d
d157087
f769528
e8702c7
86eae85
4a04326
2d16e5d
2c6406d
c0c715c
dd3366c
b37bed8
09f7ea2
7346629
1484030
97c2f88
e2f7526
f67148d
0a8b2fc
6bc91fb
c0b5fb6
d3e110b
330c0c8
7fd7553
bbfb92b
a53a144
e12cb61
fe43adf
1b9416d
b1d5678
cab1312
54bb864
c75735d
cc5fce9
cd5049e
c4375d3
4c022f0
610d6b6
9cc55d1
87078b3
1fbf9e2
2d6eca7
f75cca3
0c9bb81
e86d026
850ec4d
85c92df
adfa3d3
9f6293c
777e8b1
de5b619
efb5d18
407d802
6a0ee73
2ca5fee
ab52a67
22b3f56
7fb693c
f376c16
1586230
81279e9
33940e4
8d89cc1
be52ead
38d6909
123abba
cdbb894
a8765e4
69d9bde
4b007e1
c3f3d94
a7e6559
5963b98
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -36,12 +36,12 @@ template <typename Curve> class IPA { | |
static void compute_opening_proof(const std::shared_ptr<CK>& ck, | ||
const OpeningPair<Curve>& opening_pair, | ||
const Polynomial& polynomial, | ||
const std::shared_ptr<BaseTranscript>& transcript) | ||
const std::shared_ptr<NativeTranscript>& transcript) | ||
{ | ||
ASSERT(opening_pair.challenge != 0 && "The challenge point should not be zero"); | ||
auto poly_degree = static_cast<size_t>(polynomial.size()); | ||
transcript->send_to_verifier("IPA:poly_degree", static_cast<uint64_t>(poly_degree)); | ||
const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge"); | ||
transcript->send_to_verifier("IPA:poly_degree", static_cast<uint32_t>(poly_degree)); | ||
const Fr generator_challenge = transcript->template get_challenge<Fr>("IPA:generator_challenge"); | ||
auto aux_generator = Commitment::one() * generator_challenge; | ||
// Checks poly_degree is greater than zero and a power of two | ||
// In the future, we might want to consider if non-powers of two are needed | ||
|
@@ -138,7 +138,7 @@ template <typename Curve> class IPA { | |
transcript->send_to_verifier("IPA:R_" + index, Commitment(R_elements[i])); | ||
|
||
// Generate the round challenge. | ||
const Fr round_challenge = transcript->get_challenge("IPA:round_challenge_" + index); | ||
const Fr round_challenge = transcript->get_challenge<Fr>("IPA:round_challenge_" + index); | ||
const Fr round_challenge_inv = round_challenge.invert(); | ||
|
||
auto G_lo = GroupElement::batch_mul_with_endomorphism( | ||
|
@@ -183,10 +183,12 @@ template <typename Curve> class IPA { | |
*/ | ||
static bool verify(const std::shared_ptr<VK>& vk, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Will we ever need a recursive verify for IPA? If so, this would require changes since it just treats the output of receive_from_prover as a native type. It would throw a compile error if we ever tried to instantiate IPA with a stdlib curve. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Compile errors are good, no need for a github issue here. |
||
const OpeningClaim<Curve>& opening_claim, | ||
const std::shared_ptr<BaseTranscript>& transcript) | ||
const std::shared_ptr<NativeTranscript>& transcript) | ||
{ | ||
auto poly_degree = static_cast<size_t>(transcript->template receive_from_prover<uint64_t>("IPA:poly_degree")); | ||
const Fr generator_challenge = transcript->get_challenge("IPA:generator_challenge"); | ||
auto poly_degree = static_cast<uint32_t>(transcript->template receive_from_prover<typename Curve::BaseField>( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If it always has to be There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. not sure what to do about this, since I don't hardcoded and just use FF in most cases. I don't feel great about hardcoding bb::fr everywhere. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. When I wrote this I thought that something would break if we were to replace bb::fr with another field, but I don't recall now where that thought came from. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We also can't hardcode bb::fr everywhere since we want field_ct in the circuit case, not bb::fr. |
||
"IPA:poly_degree")); // note this is base field because this is a uint32_t, which should map to a bb::fr, | ||
// not a grumpkin::fr, which is a BaseField element for Grumpkin | ||
const Fr generator_challenge = transcript->template get_challenge<Fr>("IPA:generator_challenge"); | ||
auto aux_generator = Commitment::one() * generator_challenge; | ||
|
||
auto log_poly_degree = static_cast<size_t>(numeric::get_msb(poly_degree)); | ||
|
@@ -204,7 +206,7 @@ template <typename Curve> class IPA { | |
std::string index = std::to_string(i); | ||
auto element_L = transcript->template receive_from_prover<Commitment>("IPA:L_" + index); | ||
auto element_R = transcript->template receive_from_prover<Commitment>("IPA:R_" + index); | ||
round_challenges[i] = transcript->get_challenge("IPA:round_challenge_" + index); | ||
round_challenges[i] = transcript->template get_challenge<Fr>("IPA:round_challenge_" + index); | ||
round_challenges_inv[i] = round_challenges[i].invert(); | ||
|
||
msm_elements[2 * i] = element_L; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,7 +31,7 @@ template <typename Curve> class KZG { | |
static void compute_opening_proof(std::shared_ptr<CK> ck, | ||
const OpeningPair<Curve>& opening_pair, | ||
const Polynomial& polynomial, | ||
const std::shared_ptr<BaseTranscript>& prover_trancript) | ||
const std::shared_ptr<NativeTranscript>& prover_trancript) | ||
{ | ||
Polynomial quotient = polynomial; | ||
quotient[0] -= opening_pair.evaluation; | ||
|
@@ -55,7 +55,7 @@ template <typename Curve> class KZG { | |
*/ | ||
static bool verify(const std::shared_ptr<VK>& vk, | ||
const OpeningClaim<Curve>& claim, | ||
const std::shared_ptr<BaseTranscript>& verifier_transcript) | ||
const std::shared_ptr<NativeTranscript>& verifier_transcript) | ||
{ | ||
auto quotient_commitment = verifier_transcript->template receive_from_prover<Commitment>("KZG:W"); | ||
auto lhs = claim.commitment - (GroupElement::one() * claim.opening_pair.evaluation) + | ||
|
@@ -82,7 +82,7 @@ template <typename Curve> class KZG { | |
|
||
GroupElement P_0; | ||
if constexpr (Curve::is_stdlib_type) { | ||
auto builder = verifier_transcript->builder; | ||
auto builder = quotient_commitment.get_context(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we no longer store the builder in the transcript, so I get the builder from another stdlib type. |
||
auto one = Fr(builder, 1); | ||
std::vector<GroupElement> commitments = { claim.commitment, | ||
quotient_commitment, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed poly degree to uint32_t