Skip to content

Commit

Permalink
Redshift prover and verifier updated to use LPC. #20
Browse files Browse the repository at this point in the history
  • Loading branch information
@nkaskov
nkaskov committed Nov 15, 2021
1 parent f5c32f3 commit 63366e5
Show file tree
Hide file tree
Showing 4 changed files with 147 additions and 45 deletions.
32 changes: 17 additions & 15 deletions include/nil/crypto3/zk/snark/commitments/list_polynomial_commitment.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ namespace nil {
typedef typename merkletree::MerkleTree<Hash> merkle_tree_type;
typedef typename merkletree::MerkleProof<Hash> merkle_proof_type;

constexpr static const math::polynom<...> q = {0, 0, 1};
constexpr static const math::polynomial::polynom<...> q = {0, 0, 1};

struct transcript_round_manifest {
enum challenges_ids {x, y};
Expand All @@ -80,7 +80,7 @@ namespace nil {
// result.root();
// should be called
template <...>
static merkle_tree_type commit (const math::polynom<...> &f,
static merkle_tree_type commit (const math::polynomial::polynom<...> &f,
const std::vector<...> &D){

std::vector<...> y;
Expand All @@ -94,7 +94,7 @@ namespace nil {
template <...>
static proof_type proof_eval (std::array<..., k> evaluation_points,
const merkle_tree_type &T,
const math::polynom<...> &f,
const math::polynomial::polynom<...> &f,
const std::vector<...> &D){

proof_type proof;
Expand All @@ -111,16 +111,16 @@ namespace nil {
U_interpolation_points[j] = std::make_pair(evaluation_points[j], z_j);
}

math::polynom<...> U = math::polynomial::Lagrange_interpolation(U_interpolation_points);
math::polynomial::polynom<...> U = math::polynomial::Lagrange_interpolation(U_interpolation_points);

math::polynom<...> Q = (f - U);
math::polynomial::polynom<...> Q = (f - U);
for (std::size_t j = 0; j < k; j++){
Q = Q/(x - U_interpolation_points[j]);
}

for (std::size_t round_id = 0; round_id < lambda; round_id++){

math::polynom<...> f_i = Q;
math::polynomial::polynom<...> f_i = Q;

... x_i = transcript.get_challenge<transcript_round_manifest::challenges_ids::x>();

Expand All @@ -132,7 +132,7 @@ namespace nil {

... y_i = transcript.get_challenge<transcript_round_manifest::challenges_ids::y, i>();

math::polynom<...> sqr_polynom = {y_i, 0, -1};
math::polynomial::polynom<...> sqr_polynom = {y_i, 0, -1};
std::array<..., m> s = math::polynomial::get_roots<m>(sqr_polynom);

std::array<std::pair<..., ...>, m> p_i_j_interpolation_points;
Expand All @@ -144,14 +144,15 @@ namespace nil {
p_i_j_interpolation_points[j] = std::make_pair(s[j], alpha_i_j);
}

math::polynom<...> p_i_j = math::polynomial::Lagrange_interpolation(p_i_j_interpolation_points);
math::polynomial::polynom<...> p_i_j = math::polynomial::Lagrange_interpolation(p_i_j_interpolation_points);

f_i = p_i_j;

x = q.evaluate(x);

if (i < r - 1){
f_commitments[i] = commit(f_i, D_ip1).root();
transcript(f_commitments[i]);
} else {
f_ip1_coefficients = math::polynomial::get_coefficients(f_i);
}
Expand All @@ -163,9 +164,9 @@ namespace nil {
};

template <...>
static bool verify_eval (proof_type proof,
static bool verify_eval (std::array<..., k> evaluation_points,
commitment_type T,
std::array<..., k> evaluation_points,
proof_type proof,
const std::vector<...> &D){

fiat_shamir_heuristic<transcript_round_manifest, transcript_hash_type> transcript;
Expand All @@ -182,16 +183,16 @@ namespace nil {
U_interpolation_points[j] = std::make_pair(evaluation_points[j], z_j);
}

math::polynom<...> U = math::polynomial::Lagrange_interpolation(U_interpolation_points);
math::polynomial::polynom<...> U = math::polynomial::Lagrange_interpolation(U_interpolation_points);

math::polynom<...> Q = (f - U);
math::polynomial::polynom<...> Q = (f - U);
for (std::size_t j = 0; j < k; j++){
Q = Q/(x - U_interpolation_points[j]);
}

for (std::size_t round_id = 0; round_id < lambda; round_id++){

math::polynom<...> f_i = Q;
math::polynomial::polynom<...> f_i = Q;

... x_i = transcript.get_challenge<transcript_round_manifest::challenges_ids::x>();

Expand All @@ -203,7 +204,7 @@ namespace nil {

... y_i = transcript.get_challenge<transcript_round_manifest::challenges_ids::y, i>();

math::polynom<...> sqr_polynom = {y_i, 0, -1};
math::polynomial::polynom<...> sqr_polynom = {y_i, 0, -1};
std::array<..., m> s = math::polynomial::get_roots<m>(sqr_polynom);

std::array<std::pair<..., ...>, m> p_i_j_interpolation_points;
Expand All @@ -216,7 +217,7 @@ namespace nil {
p_i_j_interpolation_points[j] = std::make_pair(s[j], alpha_i_j);
}

math::polynom<...> p_i_j = math::polynomial::Lagrange_interpolation(p_i_j_interpolation_points);
math::polynomial::polynom<...> p_i_j = math::polynomial::Lagrange_interpolation(p_i_j_interpolation_points);

x = q.evaluate(x);

Expand All @@ -226,6 +227,7 @@ namespace nil {
}

f_commitments[i] = commit(f_i, D_ip1).root();
transcript(f_commitments[i]);
} else {
if (f_i != p_i_j){
return false;
Expand Down
26 changes: 20 additions & 6 deletions include/nil/crypto3/zk/snark/systems/plonk/redshift/proof.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,21 +26,35 @@
#ifndef CRYPTO3_ZK_PLONK_REDSHIFT_PROOF_HPP
#define CRYPTO3_ZK_PLONK_REDSHIFT_PROOF_HPP

#include <nil/crypto3/zk/snark/commitments/list_polynomial_commitment.hpp>
#include <nil/crypto3/zk/snark/commitments/fri_commitment.hpp>

namespace nil {
namespace crypto3 {
namespace zk {
namespace snark {

template<typename TCurve>
struct redshift_proof {
std::vector<std::fri_commitment_cheme<...>> f_commitments;
template<typename CurveType, typename Hash>
class redshift_proof {

std::fri_commitment_cheme<...> P_commitment;
std::fri_commitment_cheme<...> Q_commitment;
typedef list_polynomial_commitment_scheme<typename CurveType::scalar_field_type, Hash> lpc;

public:

std::vector<typename lpc::commitment_type> f_commitments;

typename lpc::commitment_type P_commitment;
typename lpc::commitment_type Q_commitment;

std::vector<typename lpc::commitment_type> T_commitments;

std::vector<typename lpc::proof_type> f_lpc_proofs;

typename lpc::proof_type P_lpc_proof;
typename lpc::proof_type Q_lpc_proof;

std::vector<typename lpc::proof_type> T_lpc_proofs;

std::vector<math::polynomial::polynom<...>> T;
};
} // namespace snark
} // namespace zk
Expand Down
84 changes: 64 additions & 20 deletions include/nil/crypto3/zk/snark/systems/plonk/redshift/prover.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,20 +26,35 @@
#ifndef CRYPTO3_ZK_PLONK_REDSHIFT_PROVER_HPP
#define CRYPTO3_ZK_PLONK_REDSHIFT_PROVER_HPP

#include <nil/crypto3/zk/snark/commitments/fri_commitment.hpp>
#include <nil/crypto3/zk/snark/commitments/list_polynomial_commitment.hpp>
#include <nil/crypto3/zk/snark/transcript/fiat_shamir.hpp>

namespace nil {
namespace crypto3 {
namespace zk {
namespace snark {

template<typename TCurve>
template<typename CurveType>
class redshift_prover {

using types_policy = redshift_types_policy<TCurve>;
using transcript_manifest = types_policy::prover_fiat_shamir_heuristic_manifest<6>;

typedef hashes::sha2<256> merkle_hash_type;
typedef hashes::sha2<256> transcript_hash_type;

typedef typename merkletree::MerkleTree<Hash> merkle_tree_type;

constexpr static const std::size_t lambda = ...;
constexpr static const std::size_t k = ...;
constexpr static const std::size_t r = ...;
constexpr static const std::size_t m = 2;

constexpr static const typename TCurve::scalar_field_type::value_type omega =
algebra::get_root_of_unity<typename TCurve::scalar_field_type>()
typedef list_polynomial_commitment_scheme<typename CurveType::scalar_field_type,
Hash, lambda, k, r, m> lpc;

public:
static inline typename types_policy::proof_type
process(const types_policy::proving_key_type &proving_key,
Expand All @@ -51,24 +66,27 @@ namespace nil {
std::size_t N_sel = ...;
std::size_t N_const = ...;

fiat_shamir_heuristic<transcript_manifest, hashes::sha2> transcript;
fiat_shamir_heuristic<transcript_manifest, transcript_hash_type> transcript;

... setup_values = ...;
transcript(setup_values);

std::vector<math::polynomial::polynom<...>> f(N_wires);
std::vector<std::fri_commitment_cheme<...>> f_commitments(N_wires);

std::vector<merkle_tree_type> f_trees;
std::vector<typename lpc::commitment_type> f_commitments;

for (std::size_t i = 0; i < N_wires; i++) {
f.push_back(proving_key.f[i] + choose_h_i() * proving_key.Z(x));
f_commitments[i].commit(f[i]);
f_trees.push_back(lpc::commit(f[i]));
f_commitments[i].push_back(f_trees[i].root());
transcript(f_commitments[i]);
}

hashes::sha2::digest_type beta_bytes =
typename transcript_hash_type::digest_type beta_bytes =
transcript.get_challenge<transcript_manifest::challenges_ids::beta>();

hashes::sha2::digest_type gamma_bytes =
typename transcript_hash_type::digest_type gamma_bytes =
transcript.get_challenge<transcript_manifest::challenges_ids::gamma>();

typename TCurve::scalar_field_type::value_type beta =
Expand Down Expand Up @@ -117,17 +135,17 @@ namespace nil {
math::polynomial::polynom<...> Q =
math::polynomial::Lagrange_interpolation(Q_interpolation_points);

std::fri_commitment_cheme<...> P_commitment();
std::fri_commitment_cheme<...> Q_commitment();
merkle_tree_type P_tree = lpc::commit(P);
merkle_tree_type Q_tree = lpc::commit(Q);
typename lpc::commitment_type P_commitment = P_tree.root();
typename lpc::commitment_type Q_commitment = Q_tree.root();

P_commitment.commit(P);
Q_commitment.commit(Q);
transcript(P_commitment);
transcript(Q_commitment);

std::array<typename TCurve::scalar_field_type::value_type, 6> alphas;
for (std::size_t i = 0; i < 6; i++) {
hashes::sha2::digest_type alpha_bytes =
typename transcript_hash_type::digest_type alpha_bytes =
transcript.get_challenge<transcript_manifest::challenges_ids::alpha, i>();
alphas[i] = (algebra::marshalling<typename TCurve::scalar_field_type>(alpha_bytes));
}
Expand Down Expand Up @@ -155,19 +173,45 @@ namespace nil {

math::polynomial::polynom<...> T_consolidated = F_consolidated / Z;

std::vector<math::polynomial::polynom<...>> T(N_perm + 2);
std::vector<math::polynomial::polynom<...>> T(N_perm + 1);
T = separate_T(T_consolidated);

std::vector<std::fri_commitment_cheme<...>> T_commitments(N_perm + 2);
for (std::size_t i = 0; i < N_perm + 2) {
T_commitments[i].commit(T[i]);
std::vector<merkle_tree_type> T_trees;
std::vector<typename lpc::commitment_type> T_commitments;

for (std::size_t i = 0; i < N_perm + 1) {
T_trees.push_back(lpc::commit(T[i]));
T_commitments.push_back(T_trees[i].root());
}

typename transcript_hash_type::digest_type upsilon_bytes =
transcript.get_challenge<transcript_manifest::challenges_ids::upsilon>();

typename TCurve::scalar_field_type::value_type upsilon =
algebra::marshalling<TCurve::scalar_field_type>(upsilon_bytes);

std::array<..., k> fT_evaluation_points = {upsilon};
std::vector<lpc::proof> f_lpc_proofs(N_wires);

for (std::size_t i = 0; i < N_wires; i++){
f_lpc_proofs.push_back(lpc::proof_eval(fT_evaluation_points, f_trees[i], f[i], ...));
}

...
std::array<..., k> PQ_evaluation_points = {upsilon, upsilon * omega};
lpc::proof P_lpc_proof = lpc::proof_eval(PQ_evaluation_points, P_tree, P, ...);
lpc::proof Q_lpc_proof = lpc::proof_eval(PQ_evaluation_points, Q_tree, Q, ...);

std::vector<lpc::proof> T_lpc_proofs(N_perm + 1);

for (std::size_t i = 0; i < N_perm + 1; i++){
T_lpc_proofs.push_back(lpc::proof_eval(fT_evaluation_points, T_trees[i], T[i], ...));
}

typename types_policy::proof_type proof =
typename types_policy::proof_type(std::move(f_commitments), std::move(P_commitment),
std::move(Q_commitment), std::move(T_commitments));
typename types_policy::proof_type proof =
typename types_policy::proof_type(std::move(f_commitments), std::move(P_commitment),
std::move(Q_commitment), std::move(T_commitments),
std::move(f_lpc_proofs), std::move(P_lpc_proof),
std::move(Q_lpc_proof), std::move(T_lpc_proofs));

return proof;
}
Expand Down
Loading

0 comments on commit 63366e5

Please sign in to comment.