Ethereum Verkle tries - IPA refactoring (part 1) #392
Conversation
…ity for optimized Lagrange polynomial
…cialized to roots of unity domain
…nsparent IPA setup
… impl as IPA backend
| @@ -1,6 +1,6 @@ | |||
| # Trusted Setups | |||
| # Reference Strings & Trusted Setups | |||
There was a problem hiding this comment.
With IPA, we now need to support transparent setups, CRS / URS for Common/Universal Reference Strings. Those are opposed to SRS, (hidden) structured reference strings, which have a toxic secret that no one should have access to, i.e. a trusted setup.
The folder likely should be named protocol_setups but since those setups are related to the polynomial commitments, it's nice to have both close to each other
| type | ||
| IPASettings* = object | ||
| SRS*: array[VerkleDomain,EC_P] |
There was a problem hiding this comment.
IPA has no trusted setup (SRS), it uses a transparent setup (CRS).
| type | ||
| PrecomputedWeights* = object | ||
| barycentricWeights*: array[512,Fr[Banderwagon]] | ||
| invertedDomain*: array[510,Fr[Banderwagon]] |
There was a problem hiding this comment.
Those are now integrated in the polynomial evaluation domain.
| type | ||
| IPASettings* = object | ||
| SRS*: array[VerkleDomain,EC_P] | ||
| Q_val*: EC_P |
There was a problem hiding this comment.
We can inline the generator at compile-time with Nim. And store it in affine coordinates instead of projective to reduce memory cost.
| Q_val*: EC_P | ||
| precompWeights*: PrecomputedWeights | ||
| crs*: array[EthVerkleDomain, ECP_TwEdwards_Aff[Fp[Banderwagon]]] | ||
| domain*: PolyEvalLinearDomain[EthVerkleDomain, Fr[Banderwagon]] | ||
| numRounds*: uint32 |
There was a problem hiding this comment.
Note that numRounds is actually unused in the code
| for degree, root in enumerate(roots): | ||
| print(f'degree: {2**degree}, root: {hex(root)}') | ||
| print(f' check root^{2**degree} (mod r) = {hex(pow(root, 2**degree, r))}') | ||
|
|
There was a problem hiding this comment.
Unfortunately, the biggest power of 2 that factorizes p-1 is 32, so not large enough for a domain of size 256.
| doAssert (abs == 100).bool() == true, "Absolute value should be 100!" | ||
| doAssert (abs < 0).bool() == false, "Value was negative!" | ||
|
|
||
| testAbsInteger() |
There was a problem hiding this comment.
Negative precomputations are not needed.
| discard x_fr | ||
| points[k] = point | ||
|
|
||
| discard lagrange_values |
| var arr_byte {.noInit.}: array[256, array[32, byte]] | ||
| discard arr_byte.serializeBatch(ipaConfig.SRS) | ||
|
|
||
| doAssert arr_byte[0].toHex() == "0x01587ad1336675eb912550ec2a28eb8923b824b490dd2ba82e48f14590a298a0", "Failed to generate the 1st point!" |
There was a problem hiding this comment.
already tested line 183 (old) 193 (new)
| tmpc *= x | ||
|
|
||
| res.prod(tmpa, tmpb) | ||
| res *= tmpc |
There was a problem hiding this comment.
moved directly in the test as too much context is missing here.
This PR is a follow-up to the Verkle Tries and IPA PRs from @agnxsh and @advaita-saha:
It addresses part of the cleanup mentioned in #367 and #361.
Part 1 focuses on Lagrange polynomials.
The new proc are generic to any size of polynomials and any field and any domain with specialization for linear [0, ..., N-1] domains like Ethereum Verkle Tries.
barycentric_form.nim.Implementation removes duplication with KZG-4844 Lagrange polynomial (that uses roots of unity instead of a generic domain) where it makes sense. Address
evalInDomain / evalOutside domain and the Lagrange form of IPA are duplicates of KZG the polynomial functions (used in EIP-4844) need to be deduplicated and parallelized.from IPA / Verkle tree cleanups #367PolyEvalDomain,PolyEvalRootsDomainandPolyEvalLinearDomaintypes to specialize for different kinds of evaluation domains for KZG and IPA commitments.multiScalarMul_reference_vartimenow supports the same range as input as the optimized impl (openArrays, pointer+length, field elements ...) to workaround MSM - optimized MSM wrong result in IPA verifier. #390. AddressscalarMul needs an overload for field element and not just big intsfrom IPA / Verkle tree cleanups #367trusted_setupsfolder tocommitments_setupsas inner product argument setup is transparent and is not trusted. Note: we might want to useprotocols_setupif we have some non-commitment setup that appear in the future.finite_fields.niminstead of codecs_banderwagonA follow-up PR will generalize the current Verkle-only IPA implementation.