Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dynamic lagrange commitment selection #11185

Merged
merged 16 commits into from
Jun 7, 2022
Merged
Show file tree
Hide file tree
Changes from 11 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,7 @@ fn generate_kimchi_bindings(mut w: impl std::io::Write, env: &mut Env) {
decl_func!(w, env, caml_fp_srs_write => "write");
decl_func!(w, env, caml_fp_srs_read => "read");
decl_func!(w, env, caml_fp_srs_lagrange_commitment => "lagrange_commitment");
decl_func!(w, env, caml_fp_srs_add_lagrange_basis=> "add_lagrange_basis");
decl_func!(w, env, caml_fp_srs_commit_evaluations => "commit_evaluations");
decl_func!(w, env, caml_fp_srs_b_poly_commitment => "b_poly_commitment");
decl_func!(w, env, caml_fp_srs_batch_accumulator_check => "batch_accumulator_check");
Expand All @@ -347,6 +348,7 @@ fn generate_kimchi_bindings(mut w: impl std::io::Write, env: &mut Env) {
decl_func!(w, env, caml_fq_srs_write => "write");
decl_func!(w, env, caml_fq_srs_read => "read");
decl_func!(w, env, caml_fq_srs_lagrange_commitment => "lagrange_commitment");
decl_func!(w, env, caml_fq_srs_add_lagrange_basis=> "add_lagrange_basis");
decl_func!(w, env, caml_fq_srs_commit_evaluations => "commit_evaluations");
decl_func!(w, env, caml_fq_srs_b_poly_commitment => "b_poly_commitment");
decl_func!(w, env, caml_fq_srs_batch_accumulator_check => "batch_accumulator_check");
Expand Down
6 changes: 6 additions & 0 deletions src/lib/crypto/kimchi_bindings/stubs/kimchi_bindings.ml
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,9 @@ module Protocol = struct
-> Pasta_bindings.Fq.t Kimchi_types.or_infinity Kimchi_types.poly_comm
= "caml_fp_srs_lagrange_commitment"

external add_lagrange_basis : t -> int -> unit
= "caml_fp_srs_add_lagrange_basis"

external commit_evaluations :
t
-> int
Expand Down Expand Up @@ -144,6 +147,9 @@ module Protocol = struct
-> Pasta_bindings.Fp.t Kimchi_types.or_infinity Kimchi_types.poly_comm
= "caml_fq_srs_lagrange_commitment"

external add_lagrange_basis : t -> int -> unit
= "caml_fq_srs_add_lagrange_basis"

external commit_evaluations :
t
-> int
Expand Down
12 changes: 12 additions & 0 deletions src/lib/crypto/kimchi_bindings/stubs/src/srs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,18 @@ macro_rules! impl_srs {
Ok(srs.commit_non_hiding(&p, None).into())
}

#[ocaml_gen::func]
#[ocaml::func]
pub fn [<$name:snake _add_lagrange_basis>](
srs: $name,
log2_size: ocaml::Int,
) {
let ptr: &mut commitment_dlog::srs::SRS<GAffine> =
unsafe { &mut *(std::sync::Arc::as_ptr(&srs) as *mut _) };
let domain = EvaluationDomain::<$F>::new(1 << (log2_size as usize)).expect("invalid domain size");
ptr.add_lagrange_basis(domain);
}

#[ocaml_gen::func]
#[ocaml::func]
pub fn [<$name:snake _commit_evaluations>](
Expand Down
11 changes: 11 additions & 0 deletions src/lib/crypto/kimchi_bindings/wasm/src/srs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,17 @@ macro_rules! impl_srs {
Arc::new(SRS::create(depth as usize)).into()
}

#[wasm_bindgen]
pub fn [<$name:snake _add_lagrange_basis>](
srs: &[<Wasm $field_name:camel Srs>],
log2_size: i32,
) {
let ptr: &mut commitment_dlog::srs::SRS<$G> =
unsafe { &mut *(std::sync::Arc::as_ptr(&srs) as *mut _) };
let domain = EvaluationDomain::<$F>::new(1 << (log2_size as usize)).expect("invalid domain size");
ptr.add_lagrange_basis(domain);
}

#[wasm_bindgen]
pub fn [<$name:snake _write>](
append: Option<bool>,
Expand Down
54 changes: 7 additions & 47 deletions src/lib/pickles/composition_types/branch_data.ml
Original file line number Diff line number Diff line change
Expand Up @@ -4,46 +4,7 @@ open Pickles_types
(** Data specific to a branch of a proof-system that's necessary for
finalizing the deferred-values in a wrap proof of that branch. *)

(** Inside the circuit, we will represent a value of this type
as a sequence of 2 bits:
00: N0
10: N1
11: N2 *)
module Proofs_verified = struct
[%%versioned
module Stable = struct
module V1 = struct
type t = N0 | N1 | N2
[@@deriving sexp, sexp, compare, yojson, hash, equal]

let to_latest = Fn.id
end
end]

module Checked = struct
type 'f boolean = 'f Snarky_backendless.Cvar.t Snarky_backendless.Boolean.t

type 'f t = ('f boolean, Nat.N2.n) Vector.t
end

let to_mask : t -> (bool, Nat.N2.n) Vector.t = function
| N0 ->
[ false; false ]
| N1 ->
[ true; false ]
| N2 ->
[ true; true ]

let of_mask_exn : (bool, Nat.N2.n) Vector.t -> t = function
| [ false; false ] ->
N0
| [ true; false ] ->
N1
| [ true; true ] ->
N2
| [ false; true ] ->
failwith "Invalid mask"
end
module Proofs_verified = Pickles_base.Proofs_verified

module Domain_log2 = struct
[%%versioned
Expand Down Expand Up @@ -98,22 +59,23 @@ let pack (type f)
(* shift domain_log2 over by 2 bits (multiply by 4) *)
times4 domain_log2
+ project
(Pickles_types.Vector.to_list (Proofs_verified.to_mask proofs_verified))
(Pickles_types.Vector.to_list
(Proofs_verified.Prefix_mask.there proofs_verified) )

let unpack (type f)
(module Impl : Snarky_backendless.Snark_intf.Run with type field = f) (x : f)
: t =
match Impl.Field.Constant.unpack x with
| x0 :: x1 :: y0 :: y1 :: y2 :: y3 :: y4 :: y5 :: y6 :: y7 :: _ ->
{ proofs_verified = Proofs_verified.of_mask_exn [ x0; x1 ]
{ proofs_verified = Proofs_verified.Prefix_mask.back [ x0; x1 ]
; domain_log2 = Domain_log2.of_bits_msb [ y7; y6; y5; y4; y3; y2; y1; y0 ]
}
| _ ->
assert false

module Checked = struct
type 'f t =
{ proofs_verified_mask : 'f Proofs_verified.Checked.t
{ proofs_verified_mask : 'f Proofs_verified.Prefix_mask.Checked.t
; domain_log2 : 'f Snarky_backendless.Cvar.t
}
[@@deriving hlist]
Expand Down Expand Up @@ -141,10 +103,8 @@ let typ (type f)
(assert_16_bits : Impl.Field.t -> unit) : (f Checked.t, t) Impl.Typ.t =
let open Impl in
let proofs_verified_mask :
(f Proofs_verified.Checked.t, Proofs_verified.t) Typ.t =
Typ.transport
(Vector.typ Boolean.typ Nat.N2.n)
~there:Proofs_verified.to_mask ~back:Proofs_verified.of_mask_exn
(f Proofs_verified.Prefix_mask.Checked.t, Proofs_verified.t) Typ.t =
Proofs_verified.Prefix_mask.typ (module Impl)
in
let domain_log2 : (Field.t, Domain_log2.t) Typ.t =
let (Typ t) =
Expand Down
21 changes: 2 additions & 19 deletions src/lib/pickles/composition_types/branch_data.mli
Original file line number Diff line number Diff line change
@@ -1,22 +1,5 @@
open Core_kernel

module Proofs_verified : sig
[%%versioned:
module Stable : sig
module V1 : sig
type t = N0 | N1 | N2
[@@deriving sexp, sexp, compare, yojson, hash, equal]
end
end]

module Checked : sig
type 'f boolean = 'f Snarky_backendless.Cvar.t Snarky_backendless.Boolean.t

open Pickles_types

type 'f t = ('f boolean, Nat.N2.n) Vector.t
end
end
module Proofs_verified = Pickles_base.Proofs_verified

module Domain_log2 : sig
[%%versioned:
Expand All @@ -42,7 +25,7 @@ end]

module Checked : sig
type 'f t =
{ proofs_verified_mask : 'f Proofs_verified.Checked.t
{ proofs_verified_mask : 'f Proofs_verified.Prefix_mask.Checked.t
; domain_log2 : 'f Snarky_backendless.Cvar.t
}

Expand Down
9 changes: 6 additions & 3 deletions src/lib/pickles/one_hot_vector/one_hot_vector.ml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,13 @@ module Constant = struct
type t = int
end

(* TODO: Optimization(?) Have this have length n - 1 since the last one is
determined by the remaining ones. *)
type ('f, 'n) t =
('f Snarky_backendless.Cvar.t Snarky_backendless.Boolean.t, 'n) Vector.t

module T (Impl : Snarky_backendless.Snark_intf.Run) = struct
(* TODO: Optimization. Have this have length n - 1 since the last one is
determined by the remaining ones. *)
type 'n t = (Impl.Boolean.var, 'n) Vector.t
type nonrec 'n t = (Impl.field, 'n) t
end

module Make (Impl : Snarky_backendless.Snark_intf.Run) = struct
Expand Down
6 changes: 5 additions & 1 deletion src/lib/pickles/one_hot_vector/one_hot_vector.mli
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,12 @@ module Constant : sig
type t = int
end

type ('f, 'n) t =
private
('f Snarky_backendless.Cvar.t Snarky_backendless.Boolean.t, 'n) Vector.t

module T (Impl : Snarky_backendless.Snark_intf.Run) : sig
type 'n t = private (Impl.Boolean.var, 'n) Vector.t
type nonrec 'n t = (Impl.field, 'n) t
end

module Make (Impl : Snarky_backendless.Snark_intf.Run) : sig
Expand Down
46 changes: 44 additions & 2 deletions src/lib/pickles/pickles.ml

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions src/lib/pickles/pickles.mli
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,8 @@ module Side_loaded : sig
(* Must be called immediately before calling the prover for the inductive rule
for which this tag is used as a predecessor. *)
val in_prover : ('var, 'value, 'n1, 'n2) Tag.t -> Verification_key.t -> unit

val srs_precomputation : unit -> unit
end

(** This compiles a series of inductive rules defining a set into a proof
Expand Down
45 changes: 29 additions & 16 deletions src/lib/pickles/side_loaded_verification_key.ml
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,11 @@ end
module Stable = struct
module V2 = struct
module T = struct
type t = (Backend.Tock.Curve.Affine.t, Vk.t) Poly.Stable.V2.t
type t =
( Backend.Tock.Curve.Affine.t
, Pickles_base.Proofs_verified.Stable.V1.t
, Vk.t )
Poly.Stable.V2.t
[@@deriving hash]

let to_latest = Fn.id
Expand All @@ -187,13 +191,17 @@ module Stable = struct

let version_byte = Base58_check.Version_bytes.verification_key

let to_repr { Poly.max_width; wrap_index; wrap_vk = _ } =
{ Repr.Stable.V2.max_width; wrap_index }
let to_repr { Poly.max_proofs_verified; wrap_index; wrap_vk = _ } =
{ Repr.Stable.V2.max_proofs_verified; wrap_index }

let of_repr ({ Repr.Stable.V2.max_width; wrap_index = c } : R.Stable.V2.t)
: t =
let of_repr
({ Repr.Stable.V2.max_proofs_verified; wrap_index = c } :
R.Stable.V2.t ) : t =
let d =
(Common.wrap_domains ~proofs_verified:(Width.to_int max_width)).h
(Common.wrap_domains
~proofs_verified:
(Pickles_base.Proofs_verified.to_int max_proofs_verified) )
.h
in
let log2_size = Import.Domain.log2_size d in
let max_quot_size = Common.max_quot_size_int (Import.Domain.size d) in
Expand Down Expand Up @@ -231,7 +239,7 @@ module Stable = struct
; lookup_index = None
} )
in
{ Poly.max_width; wrap_index = c; wrap_vk }
{ Poly.max_proofs_verified; wrap_index = c; wrap_vk }

(* Proxy derivers to [R.t]'s, ignoring [wrap_vk] *)

Expand Down Expand Up @@ -277,7 +285,7 @@ Stable.Latest.
, compare )]

let dummy : t =
{ max_width = Width.zero
{ max_proofs_verified = N2
; wrap_index =
(let g = Backend.Tock.Curve.(to_affine_exn one) in
{ sigma_comm = Vector.init Plonk_types.Permuts.n ~f:(fun _ -> g)
Expand All @@ -297,8 +305,8 @@ module Checked = struct
open Impl

type t =
{ (* TODO: Not sure this is used *)
max_width : Width.Checked.t
{ max_proofs_verified :
Impl.field Pickles_base.Proofs_verified.One_hot.Checked.t
(** The maximum of all of the [step_widths]. *)
; wrap_index : Inner_curve.t Plonk_verification_key_evals.t
(** The plonk verification key for the 'wrapping' proof that this key
Expand All @@ -312,10 +320,13 @@ module Checked = struct

let to_input =
let open Random_oracle_input.Chunked in
fun { max_width; wrap_index } : _ Random_oracle_input.Chunked.t ->
let width w = (Width.Checked.to_field w, width_size) in
fun { max_proofs_verified; wrap_index } : _ Random_oracle_input.Chunked.t ->
let max_proofs_verified =
Pickles_base.Proofs_verified.One_hot.Checked.to_input
max_proofs_verified
in
List.reduce_exn ~f:append
[ packed (width max_width)
[ max_proofs_verified
; wrap_index_to_input
(Fn.compose Array.of_list Inner_curve.to_field_elements)
wrap_index
Expand All @@ -339,9 +350,11 @@ let typ : (Checked.t, t) Impls.Step.Typ.t =
let open Step_main_inputs in
let open Impl in
Typ.of_hlistable
[ Width.typ; Plonk_verification_key_evals.typ Inner_curve.typ ]
[ Pickles_base.Proofs_verified.One_hot.typ (module Impls.Step)
; Plonk_verification_key_evals.typ Inner_curve.typ
]
~var_to_hlist:Checked.to_hlist ~var_of_hlist:Checked.of_hlist
~value_of_hlist:(fun _ ->
failwith "Side_loaded_verification_key: value_of_hlist" )
~value_to_hlist:(fun { Poly.wrap_index; max_width; _ } ->
[ max_width; wrap_index ] )
~value_to_hlist:(fun { Poly.wrap_index; max_proofs_verified; _ } ->
[ max_proofs_verified; wrap_index ] )
11 changes: 4 additions & 7 deletions src/lib/pickles/step_main.ml
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,8 @@ let verify_one
sponge
in
(* TODO: Refactor args into an "unfinalized proof" struct *)
finalize_other_proof d.max_proofs_verified ~max_width:d.max_width
~step_domains:d.step_domains ~sponge ~prev_challenges
proof_state.deferred_values prev_proof_evals )
finalize_other_proof d.max_proofs_verified ~step_domains:d.step_domains
~sponge ~prev_challenges proof_state.deferred_values prev_proof_evals )
in
let branch_data = proof_state.deferred_values.branch_data in
let statement =
Expand Down Expand Up @@ -78,8 +77,7 @@ let verify_one
in
let verified =
with_label __LOC__ (fun () ->
verify ~proofs_verified:d.max_proofs_verified
~wrap_domain:d.wrap_domains.h
verify ~proofs_verified:d.max_proofs_verified ~wrap_domain:d.wrap_domain
~is_base_case:(Boolean.not should_verify)
~sg_old:prev_challenge_polynomial_commitments ~proof:wrap_proof
~wrap_verification_key:d.wrap_key statement unfinalized )
Expand Down Expand Up @@ -295,11 +293,10 @@ let step_main :
`Known
(Vector.map basic.proofs_verifieds ~f:Field.of_int)
; max_proofs_verified = (module Max_proofs_verified)
; max_width = None
; typ = basic.typ
; var_to_field_elements = basic.var_to_field_elements
; value_to_field_elements = basic.value_to_field_elements
; wrap_domains = basic.wrap_domains
; wrap_domain = `Known basic.wrap_domains.h
; step_domains = `Known basic.step_domains
; wrap_key = dlog_plonk_index
}
Expand Down
Loading