Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feat] Universal verifier circuit #26

Merged
merged 15 commits into from
Aug 18, 2023
Merged

[Feat] Universal verifier circuit #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
df44945
feat: add example with different vkey as private witness
jonathanpwang Jul 24, 2023
aa79228
fix: save break points when generating agg circuit for first time (#23)
rpalakkal Jul 26, 2023
34f01a8
feat: allow circuit size (number of rows) to be loaded as witness
jonathanpwang Aug 7, 2023
debda9e
chore: clippy fix
jonathanpwang Aug 7, 2023
253b5b5
fix(n_as_witness): computation of shifts depends on `omega`
jonathanpwang Aug 10, 2023
8643efb
chore: merge feat/universal-verifier
rpalakkal Aug 11, 2023
69f648e
fix: temp remove pow_var
rpalakkal Aug 11, 2023
d395044
add universal verifier range check test
rpalakkal Aug 11, 2023
4cb51b5
chore: do not serialize domain_as_witness if none
jonathanpwang Aug 11, 2023
b88e2d2
Revert "fix: temp remove pow_var"
jonathanpwang Aug 12, 2023
f8baf1a
fix: halo2_lib example
jonathanpwang Aug 12, 2023
8c4ab8a
test: halo2_lib with variable lookup table passes
jonathanpwang Aug 12, 2023
ac4c8ba
Merge branch 'develop' into feat/universal-verifier
jonathanpwang Aug 18, 2023
5016704
Bump version to 0.1.3
jonathanpwang Aug 18, 2023
e796d70
Merge branch 'feat/vkey-witness' into feat/universal-verifier
jonathanpwang Aug 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,7 @@
/target
testdata

Cargo.lock
params
agg.pk
break_points.json
2 changes: 1 addition & 1 deletion snark-verifier-sdk/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "snark-verifier-sdk"
version = "0.1.2"
version = "0.1.3"
edition = "2021"

[dependencies]
Expand Down
3 changes: 2 additions & 1 deletion snark-verifier-sdk/benches/read_pk.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use halo2_proofs::{halo2curves::bn256::Bn256, poly::kzg::commitment::ParamsKZG};
use pprof::criterion::{Output, PProfProfiler};
use rand::rngs::OsRng;

use snark_verifier_sdk::halo2::aggregation::AggregationConfigParams;
use snark_verifier_sdk::halo2::aggregation::{AggregationConfigParams, VerifierUniversality};
use snark_verifier_sdk::{
gen_pk,
halo2::{aggregation::AggregationCircuit, gen_snark_shplonk},
Expand Down Expand Up @@ -190,6 +190,7 @@ fn bench(c: &mut Criterion) {
None,
&params,
snarks,
VerifierUniversality::None,
);

std::fs::remove_file("examples/agg.pk").ok();
Expand Down
5 changes: 4 additions & 1 deletion snark-verifier-sdk/benches/standard_plonk.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use halo2_proofs::{
use pprof::criterion::{Output, PProfProfiler};
use rand::rngs::OsRng;
use snark_verifier_sdk::evm::{evm_verify, gen_evm_proof_shplonk, gen_evm_verifier_shplonk};
use snark_verifier_sdk::halo2::aggregation::AggregationConfigParams;
use snark_verifier_sdk::halo2::aggregation::{AggregationConfigParams, VerifierUniversality};
use snark_verifier_sdk::{
gen_pk,
halo2::{aggregation::AggregationCircuit, gen_proof_shplonk, gen_snark_shplonk},
Expand Down Expand Up @@ -193,6 +193,7 @@ fn bench(c: &mut Criterion) {
None,
&params,
snarks.clone(),
VerifierUniversality::None,
);

let start0 = start_timer!(|| "gen vk & pk");
Expand All @@ -213,6 +214,7 @@ fn bench(c: &mut Criterion) {
Some(break_points.clone()),
params,
snarks.clone(),
VerifierUniversality::None,
);
let instances = agg_circuit.instances();
gen_proof_shplonk(params, pk, agg_circuit, instances, None)
Expand All @@ -230,6 +232,7 @@ fn bench(c: &mut Criterion) {
Some(break_points),
&params,
snarks.clone(),
VerifierUniversality::None,
);
let num_instances = agg_circuit.num_instance();
let instances = agg_circuit.instances();
Expand Down
188 changes: 188 additions & 0 deletions snark-verifier-sdk/examples/n_as_witness.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
use halo2_base::gates::builder::CircuitBuilderStage;
use halo2_base::halo2_proofs;
use halo2_base::halo2_proofs::arithmetic::Field;
use halo2_base::halo2_proofs::halo2curves::bn256::Fr;
use halo2_base::halo2_proofs::poly::commitment::Params;
use halo2_base::utils::fs::gen_srs;
use halo2_proofs::halo2curves as halo2_curves;

use rand::rngs::StdRng;
use rand::SeedableRng;
use snark_verifier_sdk::halo2::aggregation::{AggregationConfigParams, VerifierUniversality};
use snark_verifier_sdk::SHPLONK;
use snark_verifier_sdk::{
gen_pk,
halo2::{aggregation::AggregationCircuit, gen_snark_shplonk},
Snark,
};

mod application {
use super::halo2_curves::bn256::Fr;
use super::halo2_proofs::{
circuit::{Layouter, SimpleFloorPlanner, Value},
plonk::{Advice, Circuit, Column, ConstraintSystem, Error, Fixed, Instance},
poly::Rotation,
};

use snark_verifier_sdk::CircuitExt;

#[derive(Clone, Copy)]
pub struct StandardPlonkConfig {
a: Column<Advice>,
b: Column<Advice>,
c: Column<Advice>,
q_a: Column<Fixed>,
q_b: Column<Fixed>,
q_c: Column<Fixed>,
q_ab: Column<Fixed>,
constant: Column<Fixed>,
#[allow(dead_code)]
instance: Column<Instance>,
}

impl StandardPlonkConfig {
fn configure(meta: &mut ConstraintSystem<Fr>) -> Self {
let [a, b, c] = [(); 3].map(|_| meta.advice_column());
let [q_a, q_b, q_c, q_ab, constant] = [(); 5].map(|_| meta.fixed_column());
let instance = meta.instance_column();

[a, b, c].map(|column| meta.enable_equality(column));

meta.create_gate(
"q_a·a + q_b·b + q_c·c + q_ab·a·b + constant + instance = 0",
|meta| {
let [a, b, c] =
[a, b, c].map(|column| meta.query_advice(column, Rotation::cur()));
let [q_a, q_b, q_c, q_ab, constant] = [q_a, q_b, q_c, q_ab, constant]
.map(|column| meta.query_fixed(column, Rotation::cur()));
let instance = meta.query_instance(instance, Rotation::cur());
Some(
q_a * a.clone()
+ q_b * b.clone()
+ q_c * c
+ q_ab * a * b
+ constant
+ instance,
)
},
);

StandardPlonkConfig { a, b, c, q_a, q_b, q_c, q_ab, constant, instance }
}
}

#[derive(Clone)]
pub struct StandardPlonk(pub Fr, pub usize);

impl CircuitExt<Fr> for StandardPlonk {
fn num_instance(&self) -> Vec<usize> {
vec![1]
}

fn instances(&self) -> Vec<Vec<Fr>> {
vec![vec![self.0]]
}
}

impl Circuit<Fr> for StandardPlonk {
type Config = StandardPlonkConfig;
type FloorPlanner = SimpleFloorPlanner;

fn without_witnesses(&self) -> Self {
Self(Fr::zero(), self.1)
}

fn configure(meta: &mut ConstraintSystem<Fr>) -> Self::Config {
meta.set_minimum_degree(4);
StandardPlonkConfig::configure(meta)
}

fn synthesize(
&self,
config: Self::Config,
mut layouter: impl Layouter<Fr>,
) -> Result<(), Error> {
layouter.assign_region(
|| "",
|mut region| {
region.assign_advice(config.a, 0, Value::known(self.0));
region.assign_fixed(config.q_a, 0, -Fr::one());
region.assign_advice(config.a, 1, Value::known(-Fr::from(5u64)));
for (idx, column) in (1..).zip([
config.q_a,
config.q_b,
config.q_c,
config.q_ab,
config.constant,
]) {
region.assign_fixed(column, 1, Fr::from(idx as u64));
}
let a = region.assign_advice(config.a, 2, Value::known(Fr::one()));
a.copy_advice(&mut region, config.b, 3);
a.copy_advice(&mut region, config.c, 4);

// assuming <= 10 blinding factors
// fill in most of circuit with a computation
let n = self.1;
for offset in 5..n - 10 {
region.assign_advice(config.a, offset, Value::known(-Fr::from(5u64)));
for (idx, column) in (1..).zip([
config.q_a,
config.q_b,
config.q_c,
config.q_ab,
config.constant,
]) {
region.assign_fixed(column, offset, Fr::from(idx as u64));
}
}

Ok(())
},
)
}
}
}

fn gen_application_snark(k: u32) -> Snark {
let rng = StdRng::seed_from_u64(0);
let params = gen_srs(k);
let circuit = application::StandardPlonk(Fr::random(rng), params.n() as usize);

let pk = gen_pk(&params, &circuit, None);
gen_snark_shplonk(&params, &pk, circuit, None::<&str>)
}

fn main() {
let dummy_snark = gen_application_snark(8);

let k = 15u32;
let params = gen_srs(k);
let lookup_bits = k as usize - 1;
let mut agg_circuit = AggregationCircuit::new::<SHPLONK>(
CircuitBuilderStage::Keygen,
AggregationConfigParams { degree: k, lookup_bits, ..Default::default() },
None,
&params,
vec![dummy_snark],
VerifierUniversality::Full,
);
let agg_config = agg_circuit.config(Some(10));

let pk = gen_pk(&params, &agg_circuit, None);
let break_points = agg_circuit.break_points();

let snarks = [8, 12, 15, 20].map(|k| (k, gen_application_snark(k)));
for (k, snark) in snarks {
let agg_circuit = AggregationCircuit::new::<SHPLONK>(
CircuitBuilderStage::Prover,
agg_config,
Some(break_points.clone()),
&params,
vec![snark],
VerifierUniversality::Full,
);
let _snark = gen_snark_shplonk(&params, &pk, agg_circuit, None::<&str>);
println!("snark with k = {k} success");
}
}
90 changes: 90 additions & 0 deletions snark-verifier-sdk/examples/range_check.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
use ark_std::{end_timer, start_timer};
use halo2_base::gates::builder::{
BaseConfigParams, CircuitBuilderStage, GateThreadBuilder, RangeWithInstanceCircuitBuilder,
};
use halo2_base::gates::flex_gate::GateStrategy;
use halo2_base::halo2_proofs::halo2curves::bn256::Fr;
use halo2_base::halo2_proofs::plonk::Circuit;
use halo2_base::safe_types::{GateInstructions, RangeChip, RangeInstructions};
use halo2_base::utils::fs::gen_srs;

use itertools::Itertools;
use snark_verifier_sdk::halo2::aggregation::{AggregationConfigParams, VerifierUniversality};
use snark_verifier_sdk::SHPLONK;
use snark_verifier_sdk::{
gen_pk,
halo2::{aggregation::AggregationCircuit, gen_snark_shplonk},
Snark,
};

fn generate_circuit(k: u32) -> Snark {
let mut builder = GateThreadBuilder::new(false);
let ctx = builder.main(0);
let lookup_bits = k as usize - 1;
let range = RangeChip::<Fr>::default(lookup_bits);

let x = ctx.load_witness(Fr::from(14));
range.range_check(ctx, x, 2 * lookup_bits + 1);
range.gate().add(ctx, x, x);

let circuit = RangeWithInstanceCircuitBuilder::<Fr>::keygen(
builder.clone(),
BaseConfigParams {
strategy: GateStrategy::Vertical,
k: k as usize,
num_advice_per_phase: vec![1],
num_lookup_advice_per_phase: vec![1],
num_fixed: 1,
lookup_bits: Some(lookup_bits),
},
vec![],
);
let params = gen_srs(k);

let pk = gen_pk(&params, &circuit, None);
let breakpoints = circuit.break_points();

let circuit = RangeWithInstanceCircuitBuilder::<Fr>::prover(
builder.clone(),
circuit.params(),
breakpoints,
vec![],
);
gen_snark_shplonk(&params, &pk, circuit, None::<&str>)
}

fn main() {
let dummy_snark = generate_circuit(13);

let k = 14u32;
let lookup_bits = k as usize - 1;
let params = gen_srs(k);
let mut agg_circuit = AggregationCircuit::new::<SHPLONK>(
CircuitBuilderStage::Keygen,
AggregationConfigParams { degree: k, lookup_bits, ..Default::default() },
None,
&params,
vec![dummy_snark],
VerifierUniversality::Full,
);
let agg_config = agg_circuit.config(Some(10));

let start0 = start_timer!(|| "gen vk & pk");
let pk = gen_pk(&params, &agg_circuit, None);
end_timer!(start0);
let break_points = agg_circuit.break_points();

let snarks = (14..17).map(generate_circuit).collect_vec();
for (i, snark) in snarks.into_iter().enumerate() {
let agg_circuit = AggregationCircuit::new::<SHPLONK>(
CircuitBuilderStage::Prover,
agg_config,
Some(break_points.clone()),
&params,
vec![snark],
VerifierUniversality::Full,
);
let _snark = gen_snark_shplonk(&params, &pk, agg_circuit, None::<&str>);
println!("snark {i} success");
}
}
Loading