Skip to content

Commit

Permalink
verifier public evaluations check, common public data #20
Browse files Browse the repository at this point in the history
  • Loading branch information
@SK0M0R0H
SK0M0R0H committed Mar 14, 2022
1 parent 658872f commit 6a09432
Show file tree
Hide file tree
Showing 7 changed files with 124 additions and 31 deletions.
22 changes: 15 additions & 7 deletions include/nil/crypto3/zk/snark/systems/plonk/redshift/detail/redshift_policy.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ namespace nil {
std::array<typename CommitmentSchemeTypePublic::precommitment_type, public_input_columns> public_input;
std::array<typename CommitmentSchemeTypePublic::precommitment_type, constant_columns> constant;
std::array<typename CommitmentSchemeTypePublic::precommitment_type, selector_columns> selector;
std::array<typename CommitmentSchemeTypePublic::precommitment_type, 2> special_selectors;
};

struct public_commitments {
Expand All @@ -101,9 +102,19 @@ namespace nil {
std::array<typename CommitmentSchemeTypePublic::commitment_type, public_input_columns> public_input;
std::array<typename CommitmentSchemeTypePublic::commitment_type, constant_columns> constant;
std::array<typename CommitmentSchemeTypePublic::commitment_type, selector_columns> selector;
std::array<typename CommitmentSchemeTypePublic::commitment_type, 2> special_selectors;
};

std::shared_ptr<math::evaluation_domain<FieldType>> basic_domain;
// both prover and verifier use this data
// fields outside of the common_data_type are used by prover
struct common_data_type {
std::shared_ptr<math::evaluation_domain<FieldType>> basic_domain;

math::polynomial<typename FieldType::value_type> Z;
math::polynomial<typename FieldType::value_type> lagrange_0;

public_commitments commitments;
};

plonk_public_polynomial_table<FieldType, public_input_columns,
constant_columns, selector_columns> public_polynomial_table;
Expand All @@ -113,15 +124,12 @@ namespace nil {
// S_id
std::vector<math::polynomial<typename FieldType::value_type>> identity_polynomials;

math::polynomial<typename FieldType::value_type> lagrange_0;

math::polynomial<typename FieldType::value_type> q_last;
math::polynomial<typename FieldType::value_type> q_last; // TODO: move to common data
math::polynomial<typename FieldType::value_type> q_blind;

math::polynomial<typename FieldType::value_type> Z;

public_precommitments precommitments;
public_commitments commitments;

common_data_type common_data;
};

struct preprocessed_private_data_type {
Expand Down
6 changes: 3 additions & 3 deletions include/nil/crypto3/zk/snark/systems/plonk/redshift/permutation_argument.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ namespace nil {
preprocessed_data.permutation_polynomials;
const std::vector<math::polynomial<typename FieldType::value_type>> &S_id =
preprocessed_data.identity_polynomials;
std::shared_ptr<math::evaluation_domain<FieldType>> domain = preprocessed_data.basic_domain;
std::shared_ptr<math::evaluation_domain<FieldType>> domain = preprocessed_data.common_data.basic_domain;

// 1. $\beta_1, \gamma_1 = \challenge$
typename FieldType::value_type beta = transcript.template challenge<FieldType>();
Expand Down Expand Up @@ -143,7 +143,7 @@ namespace nil {
math::polynomial_shift<FieldType>(V_P, domain->get_domain_element(1));


F[0] = preprocessed_data.lagrange_0 * (one_polynomial - V_P);
F[0] = preprocessed_data.common_data.lagrange_0 * (one_polynomial - V_P);
F[1] = (one_polynomial - (preprocessed_data.q_last + preprocessed_data.q_blind)) *
(V_P_shifted * h - V_P * g);
F[2] = preprocessed_data.q_last * (V_P * V_P - V_P);
Expand Down Expand Up @@ -189,7 +189,7 @@ namespace nil {

std::array<typename FieldType::value_type, argument_size> F;
typename FieldType::value_type one = FieldType::value_type::one();
F[0] = preprocessed_data.lagrange_0.evaluate(challenge) * (one - perm_polynomial_value);
F[0] = preprocessed_data.common_data.lagrange_0.evaluate(challenge) * (one - perm_polynomial_value);
F[1] = (one - preprocessed_data.q_last.evaluate(challenge) -
preprocessed_data.q_blind.evaluate(challenge)) *
(perm_polynomial_shifted_value * h - perm_polynomial_value * g);
Expand Down
33 changes: 26 additions & 7 deletions include/nil/crypto3/zk/snark/systems/plonk/redshift/preprocessor.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,8 +272,10 @@ namespace nil {
static inline public_precommitments_type precommitments(
const plonk_public_polynomial_table<FieldType, ParamsType::public_input_columns,
ParamsType::constant_columns, ParamsType::selector_columns> &public_table,
std::vector<math::polynomial<typename FieldType::value_type>> id_perm_polys,
std::vector<math::polynomial<typename FieldType::value_type>> sigma_perm_polys,
std::vector<math::polynomial<typename FieldType::value_type>> &id_perm_polys,
std::vector<math::polynomial<typename FieldType::value_type>> &sigma_perm_polys,
math::polynomial<typename FieldType::value_type> &q_last,
math::polynomial<typename FieldType::value_type> &q_blind,
const typename CommitmentSchemeTypePublic::params_type &commitment_params
) {

Expand Down Expand Up @@ -301,12 +303,20 @@ namespace nil {
selector_precommitments = CommitmentSchemeTypePublic::template precommit<ParamsType::selector_columns>(
public_table.selectors(), commitment_params.D[0]);

std::array<typename CommitmentSchemeTypePublic::precommitment_type, 2>
special_selector_precommitments;
special_selector_precommitments[0] = CommitmentSchemeTypePublic::precommit(
q_last, commitment_params.D[0]);
special_selector_precommitments[1] = CommitmentSchemeTypePublic::precommit(
q_blind, commitment_params.D[0]);

return public_precommitments_type {
id_permutation,
sigma_permutation,
public_input_precommitments,
constant_precommitments,
selector_precommitments
selector_precommitments,
special_selector_precommitments
};
}

Expand Down Expand Up @@ -344,12 +354,19 @@ namespace nil {
selector_commitments[i] = CommitmentSchemeTypePublic::commit(precommitments.selector[i]);
}

std::array<typename CommitmentSchemeTypePublic::commitment_type, 2>
special_selector_commitments;
for (std::size_t i = 0; i < ParamsType::selector_columns; i++) {
special_selector_commitments[i] = CommitmentSchemeTypePublic::commit(precommitments.special_selectors[i]);
}

return public_commitments_type {
id_permutation,
sigma_permutation,
public_input_commitments,
constant_commitments,
selector_commitments
selector_commitments,
special_selector_commitments
};
}

Expand Down Expand Up @@ -407,15 +424,17 @@ namespace nil {
// prepare commitments for short verifier
public_precommitments_type public_precommitments =
precommitments(public_polynomial_table, _identity_polynomials,
_permutation_polynomials, commitment_params);
_permutation_polynomials, q_last, q_blind, commitment_params);

public_commitments_type public_commitments =
commitments(public_precommitments);

typename policy_type::preprocessed_public_data_type<CommitmentSchemeTypePublic>::common_data_type
common_data {basic_domain, Z, lagrange_0, public_commitments};

return typename policy_type::preprocessed_public_data_type<CommitmentSchemeTypePublic>(
{basic_domain, public_polynomial_table, _permutation_polynomials, _identity_polynomials,
lagrange_0, q_last, q_blind, Z, public_precommitments, public_commitments});
{public_polynomial_table, _permutation_polynomials, _identity_polynomials,
q_last, q_blind, public_precommitments, common_data});
}
};

Expand Down
4 changes: 3 additions & 1 deletion include/nil/crypto3/zk/snark/systems/plonk/redshift/proof.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,13 @@ namespace nil {
std::vector<typename commitment_scheme_type_public::proof_type> public_input;
std::vector<typename commitment_scheme_type_public::proof_type> constant;
std::vector<typename commitment_scheme_type_public::proof_type> selector;
std::vector<typename commitment_scheme_type_public::proof_type> special_selectors;

bool operator==(const evaluation_proof &rhs) const {
return witness == rhs.witness && permutation == rhs.permutation &&
quotient == rhs.quotient && public_input == rhs.public_input &&
constant == rhs.constant && selector == rhs.selector;
constant == rhs.constant && selector == rhs.selector &&
special_selectors == rhs.special_selectors;
}
bool operator!=(const evaluation_proof &rhs) const {
return !(rhs == *this);
Expand Down
13 changes: 11 additions & 2 deletions include/nil/crypto3/zk/snark/systems/plonk/redshift/prover.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ namespace nil {
}

math::polynomial<typename FieldType::value_type> T_consolidated =
F_consolidated / preprocessed_public_data.Z;
F_consolidated / preprocessed_public_data.common_data.Z;

return T_consolidated;
}
Expand Down Expand Up @@ -220,7 +220,7 @@ namespace nil {
proof.eval_proof.challenge = challenge;

typename FieldType::value_type omega =
preprocessed_public_data.basic_domain->get_domain_element(1);
preprocessed_public_data.common_data.basic_domain->get_domain_element(1);

// witness polynomials (table columns)
std::array<typename commitment_scheme_witness_type::proof_type, witness_columns>
Expand Down Expand Up @@ -307,6 +307,15 @@ namespace nil {
}
proof.eval_proof.selector = selector_evals;

std::vector<typename commitment_scheme_public_input_type::proof_type> special_selector_evals(2);
special_selector_evals[0] = commitment_scheme_quotient_type::proof_eval(
evaluation_points_public, preprocessed_public_data.precommitments.special_selectors[0],
preprocessed_public_data.q_last, fri_params, transcript);
special_selector_evals[1] = commitment_scheme_quotient_type::proof_eval(
evaluation_points_public, preprocessed_public_data.precommitments.special_selectors[1],
preprocessed_public_data.q_blind, fri_params, transcript);
proof.eval_proof.special_selectors = special_selector_evals;

return proof;
}
};
Expand Down
75 changes: 65 additions & 10 deletions include/nil/crypto3/zk/snark/systems/plonk/redshift/verifier.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,16 +103,20 @@ namespace nil {

// 4. prepare evaluaitons of the polynomials that are copy-constrained
std::vector<std::size_t> rotation_gates = {0};
std::vector<typename FieldType::value_type> f(preprocessed_public_data.identity_polynomials.size());
std::size_t permutation_size = preprocessed_public_data.common_data.commitments.id_permutation.size();
std::vector<typename FieldType::value_type> f(permutation_size);

std::size_t witness_columns_amount = proof.eval_proof.witness.size();

for (std::size_t i = 0; i < witness_columns_amount; i++) {
f[i] = proof.eval_proof.witness[i].z[0]; // TODO: organize permutation evaluations inside the proof
}

for (std::size_t i = witness_columns_amount; i < preprocessed_public_data.identity_polynomials.size(); i++) {
f[i] = preprocessed_public_data.public_polynomial_table[i - witness_columns_amount].evaluate(proof.eval_proof.challenge); // TODO: add public evaluations to the proof
for (std::size_t i = 0; i < permutation_size; i++) {
if (i < witness_columns_amount) {
f[i] = proof.eval_proof.witness[i].z[0]; // TODO: organize permutation evaluations inside the proof
} else if (i < witness_columns_amount + proof.eval_proof.public_input.size()) {
f[i] = proof.eval_proof.public_input[i - witness_columns_amount].z[0];
} else {
std::size_t idx = i - witness_columns_amount - proof.eval_proof.public_input.size();
f[i] = proof.eval_proof.constant[idx].z[0];
}
}

// 5. permutation argument
Expand Down Expand Up @@ -158,7 +162,7 @@ namespace nil {
}

typename FieldType::value_type omega =
preprocessed_public_data.basic_domain->get_domain_element(1);
preprocessed_public_data.common_data.basic_domain->get_domain_element(1);

// witnesses
for (std::size_t i = 0; i < proof.eval_proof.witness.size(); i++) {
Expand Down Expand Up @@ -190,7 +194,7 @@ namespace nil {

// quotient
std::array<typename FieldType::value_type, 1> evaluation_points_quotient = {challenge};
for (std::size_t i = 0; i < proof.eval_proof.permutation.size(); i++) {
for (std::size_t i = 0; i < proof.eval_proof.quotient.size(); i++) {
if (!commitment_scheme_quotient_type::verify_eval(evaluation_points_quotient,
proof.eval_proof.quotient[i],
fri_params,
Expand All @@ -199,6 +203,57 @@ namespace nil {
}
}

// public data
std::array<typename FieldType::value_type, 1> evaluation_points_public = {challenge};
for (std::size_t i = 0; i < proof.eval_proof.id_permutation.size(); i++) {
if (!commitment_scheme_public_input_type::verify_eval(evaluation_points_public,
proof.eval_proof.id_permutation[i],
fri_params,
transcript)) {
return false;
}
}
for (std::size_t i = 0; i < proof.eval_proof.sigma_permutation.size(); i++) {
if (!commitment_scheme_public_input_type::verify_eval(evaluation_points_public,
proof.eval_proof.sigma_permutation[i],
fri_params,
transcript)) {
return false;
}
}
for (std::size_t i = 0; i < proof.eval_proof.public_input.size(); i++) {
if (!commitment_scheme_public_input_type::verify_eval(evaluation_points_public,
proof.eval_proof.public_input[i],
fri_params,
transcript)) {
return false;
}
}
for (std::size_t i = 0; i < proof.eval_proof.constant.size(); i++) {
if (!commitment_scheme_public_input_type::verify_eval(evaluation_points_public,
proof.eval_proof.constant[i],
fri_params,
transcript)) {
return false;
}
}
for (std::size_t i = 0; i < proof.eval_proof.selector.size(); i++) {
if (!commitment_scheme_public_input_type::verify_eval(evaluation_points_public,
proof.eval_proof.selector[i],
fri_params,
transcript)) {
return false;
}
}
for (std::size_t i = 0; i < proof.eval_proof.special_selectors.size(); i++) {
if (!commitment_scheme_public_input_type::verify_eval(evaluation_points_public,
proof.eval_proof.special_selectors[i],
fri_params,
transcript)) {
return false;
}
}

// 10. final check
std::array<typename FieldType::value_type, f_parts> F;
F[0] = permutation_argument[0];
Expand All @@ -216,7 +271,7 @@ namespace nil {
T_consolidated = T_consolidated + proof.eval_proof.quotient[i].z[0] * challenge.pow((fri_params.max_degree + 1) * i);
}

typename FieldType::value_type Z_at_challenge = preprocessed_public_data.Z.evaluate(challenge);
typename FieldType::value_type Z_at_challenge = preprocessed_public_data.common_data.Z.evaluate(challenge);

if (F_consolidated != Z_at_challenge * T_consolidated) {
return false;
Expand Down
Loading

0 comments on commit 6a09432

Please sign in to comment.