feat: add tool to split phase2 parameters #1235
Conversation
vmx
requested review from
cryptonemo,
dignifiedquire and
porcuquine
as code owners
|
It already works like the other commands. It creates the .params and .vk file in the directory the program was run from. The log file is created in the directory of the source file. I'm now looking for ideas on how to verify that it does the right thing. |
filecoin-proofs/src/bin/phase2.rs
Outdated
| let porep_config = PoRepConfig { | ||
| sector_size: SectorSize(sector_size), | ||
| partitions: PoRepProofPartitions(n_partitions), | ||
| porep_id: [0; 32], |
There was a problem hiding this comment.
I'm not certain that setting the porep-id to all zeroes will produce the correct identifier for mainnet params which have a nonzero porep-id. It may, but idk
There was a problem hiding this comment.
I got them from
. I used the parameter of the initial files.There was a problem hiding this comment.
The phase2 initial parameter gen won't be affected by the porep-id, that's why it's set to all zeros. But, I didn't know whether or not the porep-id will affect the identifier
There was a problem hiding this comment.
rust-fil-proofs/storage-proofs/porep/src/stacked/vanilla/params.rs
Lines 84 to 91 in 5e760a7
Example output: layered_drgporep::PublicParams{ graph: stacked_graph::StackedGraph{expansion_degree: 8 base_graph: drgraph::BucketGraph{size: 1073741824; degree: 6; hasher: poseidon_hasher} }, challenges: LayerChallenges { layers: 11, max_count: 18 }, tree: merkletree-poseidon_hasher-8-8-0 }
So it doesn't look like the porep_id is part of it.
There was a problem hiding this comment.
It's possible that there is a bug (no reason to expect it, and a scan of code suggests not), but for reference:
- The identifier used to derive the working file for the parameters should not depend on
porep_id. - There should be a 1-1 relationship between distinct groth params and file names.
porep_idis intentionally decoupled from the concrete circuit (by design, it can be used to change the graphs without changing the circuit).- This explains both why phase2 does not require
porep_idand also why it must not affect the generated filename. - If the generated filename does depend on
porep_id, that is a bug — and we should fix it. - Here is the code which I think shows that it does not (even though it 'could'): https://github.com/filecoin-project/rust-fil-proofs/blob/master/storage-proofs/porep/src/stacked/vanilla/params.rs#L84-L91
So I think it should be safe to assume an arbitrary porep_id can be supplied. However, it would be worth verifying that choice of porep_id doesn't affect the final filenames — as an independent check on this important logic.
|
Even if this would work, I want to make one more change, which is extracting the contributions into yet another file (that's purely for the verification process). |
|
One quick note, bearing in mind that I haven't had a chance to review this overall yet: Ideally, this tool would be general-purpose in the sense that it could be used for any circuits created by phase2. That can and will change in the future when we perform more trusted setups. I think (based on cursory discussion) it's the case that you currently extract the circuit parameters by parsing the filenames. In a perfect world, you would get all the circuit specification in the same way the initial phase2 parameters were created. Then, as long as the commands used to create initial parameters for a circuit were saved, they could be used verbatim to also perform this final splitting. I think, if designed correctly, that will allow for the final phase to happen correctly without need of any manual intervention or decision-making, and even with new, not-yet-supported circuits. In other words, we can/should reuse the circuit-selection logic used for creating initial phase2 params. This might require more refactoring than is convenient now, though — in which case it could be added as a follow-up but prior to the next trusted setup. |
No I don't, I copy and pasted the parameters from earlier in the file.
I actually thought about refactoring the code to do that. Though I hesitated as I don't know how much we want to refactor the original trusted setup code. It's a matter of e.g. taking rust-fil-proofs/filecoin-proofs/src/bin/phase2.rs Lines 338 to 355 in 5e760a7 and splitting it into two functions, one that generates the parameters (which will then be re-used by my code) and the |
|
If I should do the refactoring mentioned above, let me know. |
|
@vmx I think what you're describing is the same thing I have believed is the 'right thing'. If you think this can be done practically in such a way as to be usable for the current trusted setup, then I think it's probably worth doing now. Unless @DrPeterVanNostrand sees a problem with the original code being refactored in what will be used in the last step of this trusted setup, I would proceed. If we decide we don't want to touch it now, we should still do it in a separate step for next time. This all makes me think it's probably better to do it now, fwiw. |
| // Writing the contributions to disk is not needed for the final parameters, | ||
| // they won't be published, they are only there for verification purpose. | ||
| let contribs_path = | ||
| format!("v{}-{}.contribs", parameter_cache::VERSION, &identifier); |
There was a problem hiding this comment.
There is a subtlety here. If we use the current value of VERSION when running the tool, then we will end up with the version corresponding to the current (untrusted) parameters.
That would imply a sequence like the following:
- Bump
VERSION. - Run split tool to create trusted parameters.
- Publish parameters.
- Release.
Note that in this sequence, the version must be bumped before the tool is run. We could bump the version here/now, but then the trusted parameters would need to be included in the very next release. For that reason, something like the sequence above is probably better. It's also possible that I'm seeing something wrong, so please let me know if so or explicitly confirm below otherwise (cc: @cryptonemo @vmx ).
There was a problem hiding this comment.
I would use the sequence then @cryptonemo would use when he publishes new parameters. I'd expect it to be what @porcuquine outlined above, but @cryptonemo would know best.
There was a problem hiding this comment.
@cryptonemo Can you confirm that we're not missing anything here and that my sequence above is workable (or propose an alternative)?
|
@DrPeterVanNostrand I've made the refactoring that @porcuquine proposed. If you look at the commit in isolation a6b2f94 it shows quite nicely that is is just a basic refactoring for the existing code, but makes the new code more robust as there's less duplicated code. |
There was a problem hiding this comment.
Approved contingent on @cryptonemo's confirmation that we don't need any more sophistication here to best handle the version bump.
|
@DrPeterVanNostrand could you please approve or request changes? I especially would like to know if you are OK with the refactoring that also changes other parts of the code. I'd then make any needed changes (and the rebase that's needed anyway) my tomorrow and then we can hopefully merge it. |
|
@DrPeterVanNostrand just confirmed through a side-channel that the refactoring is OK. So I'll go with that. |
vmx
dismissed stale reviews from DrPeterVanNostrand, cryptonemo, and porcuquine
via
0f6f28f
Those functions will be used by subsequent commits for splitting the trusted setup results into the correct parameter files.
The `phase2` CLI has a new command called `split-keys` which allows to split phase2 parameter output into parameters that can be used for rust-fil-proofs. Some auxiliary files for verification purpose are created as well.
The
phase2CLI has a new command calledsplit-keyswhich allows tosplit phase2 parameter output into parameters that can be used for
rust-fil-proofs.
I'm not done yet, the path handling is not robust enough. Though it would
be good to get early review.