New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor/break kzg srs #378

Merged

Tabaie merged 21 commits into develop from refactor/break-kzg-srs

Apr 20, 2023

Contributor

Tabaie commented Apr 7, 2023

The KZG SRS breaks up naturally into a prover component (G1[:]) and a verifier component (G1[0], G2[0:2]), which only have one G1 point in common (which is usually standardized and can be omitted anyway).
Treating it as a single object results in very long Plonk verifying keys for example, which can be problematic in Smart Contracts.

This PR implements the break-up.

WARNING: I've removed pretty much all pass-by-pointers I encountered. In case some of that was performance-critical, lmk and I'll add it back in.

Tabaie added 9 commits

April 7, 2023 15:20


          refactor: break up kzg srs; NewSRS for bn254

edc6ee1


          refactor: marshal pk, vk separately

b7f7e86


          build: generify marshal changes

b905afe


          refactor: kzg.NewSRS to return two structs

3ef5152


          refactor: kzg tests

470abeb


          build: generify bn254 kzg changes

23ad550


          fix: generation mistake

568162a


          refactor: reflect kzg changes in permutation

85d04b3


          refactor: reflect kzg changes in plookup

fa6decf

Tabaie requested review from gbotrel and ThomasPiellard

April 7, 2023 21:55

Tabaie added 4 commits

April 8, 2023 17:49


          revert: limited revival of kzg.Srs

527b79b


          revert: reflect kzg.srs revival in other packages

ee78c9d


          revert: revive whole SRS serialization

c6122ac


          revert: NewSRS to return a pointer again

7fda254

Tabaie mentioned this pull request

Commitments SRS breakup companion Consensys/gnark#632

Merged

Tabaie added 2 commits

April 9, 2023 18:43


          feat: kzg.Vk.WriteRawTo

ab1a13b


          fix: minor errors

d5f1511

gbotrel requested changes

View reviewed changes

internal/generator/kzg/template/marshal.go.tmpl Outdated

+              	// encode the ProvingKey
+              	enc := {{ .CurvePackage }}.NewEncoder(w)
+              	toEncode := []interface{}{

Collaborator

gbotrel Apr 11, 2023

no need for slice and for loop, just enc.Encode(pk.G1)

internal/generator/kzg/template/marshal.go.tmpl Outdated

+              	return enc.BytesWritten(), nil
+              }
+              // WriteRawTo writes binary encoding of Proof to w without point compression

Collaborator

gbotrel Apr 11, 2023

Proof -> VerifyingKey

internal/generator/kzg/template/marshal.go.tmpl Outdated

               func (srs *SRS) WriteTo(w io.Writer) (int64, error) {
-              	// encode the SRS
+              	// encode the VerifyingKey

Collaborator

gbotrel Apr 11, 2023

bad comment.

Here I would rather call srs.Pk.WriteTo, srs.Vk.WriteTo, easier to maintain for future changes.

There is a duplicate point but it's not a crazy overhead.

internal/generator/kzg/template/marshal.go.tmpl Outdated

+              	dec := {{ .CurvePackage }}.NewDecoder(r)
+              	toDecode := []interface{}{
+              		&pk.G1,

Collaborator

gbotrel Apr 11, 2023

just dec.Decode(&pk.G1)

internal/generator/kzg/template/marshal.go.tmpl Outdated

-              		&srs.G2[0],
-              		&srs.G2[1],
-              		&srs.G1,
+              		&srs.Vk.G2[0],

Collaborator

gbotrel Apr 11, 2023

same srs.Pk.ReadFrom... srs.Vk.ReadFrom(...)

Tabaie added 2 commits

April 11, 2023 15:56


          style: no loop when serializing one object only

238509e


          chore: PR feedback

f6dc436

Contributor

ThomasPiellard commented Apr 13, 2023

Could you modify

        _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config)
	if err != nil {
		return nil
	}

to

        _, err := foldedQuotients.MultiExp(quotients, randomNumbers, config)
 	if err != nil {
		return err
	}

in BatchVerifyMultiPoints in the kzg.go files (e.g. l.419 for bls377) ? (Spotted by @kevaundray )


          fix: don't ignore multiexp error

92f62d5

Tabaie requested a review from gbotrel

April 16, 2023 19:14

gbotrel approved these changes

View reviewed changes

Collaborator

gbotrel left a comment

minor comment on godoc format but lgtm 👍

internal/generator/kzg/template/kzg.go.tmpl

    
              // SRS stores the result of the MPC

              type SRS struct {

              // Proving and Verifying keys together constitute the SRS (result of the MPC)

              type ProvingKey struct {

Collaborator

gbotrel Apr 17, 2023

godoc format: struct doc should be // ProvingKey ...

(else it isn't render properly in godoc)

ThomasPiellard approved these changes

View reviewed changes

Tabaie added 3 commits

April 19, 2023 20:57


          docs: make comments more godoc friendly

f240f4a


          refactor: move roundtrip func to utils

f0a38e9


          fix: import utils

8e64cd2

Tabaie merged commit eaeb6db into develop

5 checks passed

Tabaie deleted the refactor/break-kzg-srs branch

April 20, 2023 02:56

Tabaie mentioned this pull request

Refactor/breakup pedersen #383

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment