Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove identity polynomial commitments and PCS evaluations #104

Merged
merged 2 commits into from
Dec 6, 2022
Merged

remove identity polynomial commitments and PCS evaluations #104

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
14b3e9b
remove sid pcs evals
chancharles92 Dec 5, 2022
66339bd
minor optimization + more timers
chancharles92 Dec 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 15 additions & 29 deletions hyperplonk/src/snark.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use crate::{
witness::WitnessColumn,
HyperPlonkSNARK,
};
use arithmetic::{evaluate_opt, identity_permutation_mles, VPAuxInfo};
use arithmetic::{evaluate_opt, gen_eval_point, VPAuxInfo};
use ark_ec::PairingEngine;
use ark_poly::DenseMultilinearExtension;
use ark_std::{end_timer, log2, start_timer, One, Zero};
Expand Down Expand Up @@ -51,13 +51,6 @@ where
let (pcs_prover_param, pcs_verifier_param) =
PCS::trim(pcs_srs, None, Some(supported_ml_degree))?;

// build identity oracles
let id_oracles = identity_permutation_mles(num_vars, index.num_witness_columns());
let mut id_comms = vec![];
for id_oracle in id_oracles.iter() {
id_comms.push(PCS::commit(&pcs_prover_param, id_oracle)?);
}

// build permutation oracles
let mut permutation_oracles = vec![];
let mut perm_comms = vec![];
Expand Down Expand Up @@ -87,20 +80,17 @@ where
Ok((
Self::ProvingKey {
params: index.params.clone(),
id_oracles,
permutation_oracles,
selector_oracles,
selector_commitments: selector_commitments.clone(),
permutation_commitments: perm_comms.clone(),
id_commitments: id_comms.clone(),
pcs_param: pcs_prover_param,
},
Self::VerifyingKey {
params: index.params.clone(),
pcs_param: pcs_verifier_param,
selector_commitments,
perm_commitments: perm_comms,
id_commitments: id_comms,
},
))
}
Expand Down Expand Up @@ -290,11 +280,6 @@ where
&perm_check_point_1,
);

// s_id(x)'s points
for (s_id, s_com) in pk.id_oracles.iter().zip(pk.id_commitments.iter()) {
pcs_acc.insert_poly_and_points(s_id, s_com, perm_check_point);
}

// perms(x)'s points
for (perm, pcom) in pk
.permutation_oracles
Expand Down Expand Up @@ -414,15 +399,13 @@ where
// Extract evaluations from openings
let prod_evals = &proof.batch_openings.f_i_eval_at_point_i[0..4];
let frac_evals = &proof.batch_openings.f_i_eval_at_point_i[4..7];
let id_evals = &proof.batch_openings.f_i_eval_at_point_i[7..7 + num_witnesses];
let perm_evals =
&proof.batch_openings.f_i_eval_at_point_i[7 + num_witnesses..7 + 2 * num_witnesses];
let perm_evals = &proof.batch_openings.f_i_eval_at_point_i[7..7 + num_witnesses];
let witness_perm_evals =
&proof.batch_openings.f_i_eval_at_point_i[7 + 2 * num_witnesses..7 + 3 * num_witnesses];
&proof.batch_openings.f_i_eval_at_point_i[7 + num_witnesses..7 + 2 * num_witnesses];
let witness_gate_evals =
&proof.batch_openings.f_i_eval_at_point_i[7 + 3 * num_witnesses..7 + 4 * num_witnesses];
&proof.batch_openings.f_i_eval_at_point_i[7 + 2 * num_witnesses..7 + 3 * num_witnesses];
let selector_evals = &proof.batch_openings.f_i_eval_at_point_i
[7 + 4 * num_witnesses..7 + 4 * num_witnesses + num_selectors];
[7 + 3 * num_witnesses..7 + 3 * num_witnesses + num_selectors];
let pi_eval = proof.batch_openings.f_i_eval_at_point_i.last().unwrap();

// =======================================================================
Expand Down Expand Up @@ -491,12 +474,18 @@ where
let alpha = perm_check_sub_claim.product_check_sub_claim.alpha;
let (beta, gamma) = perm_check_sub_claim.challenges;

let mut id_evals = vec![];
for i in 0..num_witnesses {
let ith_point = gen_eval_point(i, log2(num_witnesses) as usize, &perm_check_point[..]);
id_evals.push(vk.params.eval_id_oracle(&ith_point[..])?);
}

// check evaluation subclaim
let perm_gate_eval = eval_perm_gate(
prod_evals,
frac_evals,
witness_perm_evals,
id_evals,
&id_evals[..],
perm_evals,
alpha,
beta,
Expand Down Expand Up @@ -546,19 +535,14 @@ where
points.push(perm_check_point_0);
points.push(perm_check_point_1);

// s_id's points
for &id_com in vk.id_commitments.iter() {
comms.push(id_com);
points.push(perm_check_point.clone());
}

// perms' points
for &pcom in vk.perm_commitments.iter() {
comms.push(pcom);
points.push(perm_check_point.clone());
}

// witnesses' points
// TODO: merge points
for &wcom in proof.witness_commits.iter() {
comms.push(wcom);
points.push(perm_check_point.clone());
Expand All @@ -579,6 +563,7 @@ where
let r_pi = transcript.get_and_append_challenge_vectors(b"r_pi", ell)?;

// check public evaluation
let pi_step = start_timer!(|| "check public evaluation");
let pi_poly = DenseMultilinearExtension::from_evaluations_slice(ell as usize, pub_input);
let expect_pi_eval = evaluate_opt(&pi_poly, &r_pi[..]);
if expect_pi_eval != *pi_eval {
Expand All @@ -592,6 +577,7 @@ where
comms.push(proof.witness_commits[0]);
points.push(r_pi_padded);
assert_eq!(comms.len(), proof.batch_openings.f_i_eval_at_point_i.len());
end_timer!(pi_step);

end_timer!(step);
let step = start_timer!(|| "PCS batch verify");
Expand Down
28 changes: 21 additions & 7 deletions hyperplonk/src/structs.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
//! Main module for the HyperPlonk PolyIOP.

use crate::{custom_gate::CustomizedGates, selectors::SelectorColumn};
use crate::{custom_gate::CustomizedGates, prelude::HyperPlonkErrors, selectors::SelectorColumn};
use ark_ec::PairingEngine;
use ark_ff::PrimeField;
use ark_poly::DenseMultilinearExtension;
Expand Down Expand Up @@ -66,6 +66,26 @@ impl HyperPlonkParams {
pub fn num_witness_columns(&self) -> usize {
self.gate_func.num_witness_columns()
}

/// evaluate the identical polynomial
pub fn eval_id_oracle<F: PrimeField>(&self, point: &[F]) -> Result<F, HyperPlonkErrors> {
let len = self.num_variables() + (log2(self.num_witness_columns()) as usize);
if point.len() != len {
return Err(HyperPlonkErrors::InvalidParameters(format!(
"ID oracle point length = {}, expected {}",
point.len(),
len,
)));
}

let mut res = F::zero();
let mut base = F::one();
for &v in point.iter() {
res += base * v;
base += base;
}
Ok(res)
}
}

/// The HyperPlonk index, consists of the following:
Expand Down Expand Up @@ -107,16 +127,12 @@ pub struct HyperPlonkProvingKey<E: PairingEngine, PCS: PolynomialCommitmentSchem
pub params: HyperPlonkParams,
/// The preprocessed permutation polynomials
pub permutation_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>,
/// The preprocessed identity polynomials
pub id_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>,
/// The preprocessed selector polynomials
pub selector_oracles: Vec<Rc<DenseMultilinearExtension<E::Fr>>>,
/// Commitments to the preprocessed selector polynomials
pub selector_commitments: Vec<PCS::Commitment>,
/// Commitments to the preprocessed permutation polynomials
pub permutation_commitments: Vec<PCS::Commitment>,
/// Commitments to the preprocessed identity polynomials
pub id_commitments: Vec<PCS::Commitment>,
/// The parameters for PCS commitment
pub pcs_param: PCS::ProverParam,
}
Expand All @@ -135,6 +151,4 @@ pub struct HyperPlonkVerifyingKey<E: PairingEngine, PCS: PolynomialCommitmentSch
pub selector_commitments: Vec<PCS::Commitment>,
/// Permutation oracles' commitments
pub perm_commitments: Vec<PCS::Commitment>,
/// Commitments to the preprocessed identity polynomials
pub id_commitments: Vec<PCS::Commitment>,
}
13 changes: 9 additions & 4 deletions subroutines/src/pcs/multilinear_kzg/batching.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ use crate::{
IOPProof,
};
use arithmetic::{build_eq_x_r_vec, DenseMultilinearExtension, VPAuxInfo, VirtualPolynomial};
use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve};
use ark_ec::{msm::VariableBaseMSM, PairingEngine, ProjectiveCurve};
use ark_ff::PrimeField;
use ark_std::{end_timer, log2, start_timer, One, Zero};
use std::{marker::PhantomData, rc::Rc};
use transcript::IOPTranscript;
Expand Down Expand Up @@ -189,15 +190,19 @@ where
let a2 = &proof.sum_check_proof.point[..num_var];

// build g' commitment
let step = start_timer!(|| "build homomorphic commitment");
let eq_t_list = build_eq_x_r_vec(t.as_ref())?;

let mut g_prime_commit = E::G1Affine::zero().into_projective();
let mut scalars = vec![];
let mut bases = vec![];

for (i, point) in points.iter().enumerate() {
let eq_i_a2 = eq_eval(a2, point)?;
let tmp = eq_i_a2 * eq_t_list[i];
g_prime_commit += &f_i_commitments[i].0.mul(tmp);
scalars.push((eq_i_a2 * eq_t_list[i]).into_repr());
bases.push(f_i_commitments[i].0);
}
let g_prime_commit = VariableBaseMSM::multi_scalar_mul(&bases, &scalars);
end_timer!(step);

// ensure \sum_i eq(t, <i>) * f_i_evals matches the sum via SumCheck
let mut sum = E::Fr::zero();
Expand Down