Skip to content

Commit

Permalink
More PLONK prover draft done #20
Browse files Browse the repository at this point in the history
  • Loading branch information
@nemothenoone
nemothenoone committed Jul 22, 2021
1 parent 13c69d9 commit eba2d04
Show file tree
Hide file tree
Showing 14 changed files with 90 additions and 166 deletions.
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ target_link_libraries(${CMAKE_WORKSPACE_NAME}_${CURRENT_PROJECT_NAME} INTERFACE
${Boost_LIBRARIES}

${CMAKE_WORKSPACE_NAME}::algebra
${CMAKE_WORKSPACE_NAME}::fft
${CMAKE_WORKSPACE_NAME}::math
${CMAKE_WORKSPACE_NAME}::hash
${CMAKE_WORKSPACE_NAME}::multiprecision
nil::marshalling)
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ library in a project it is required to:

* [Multiprecision](https://github.com/nilfoundation/crypto3-multiprecision.git)
* [Algebra](https://github.com/nilfoundation/crypto3-algebra.git)
* [FFT](https://github.com/nilfoundation/crypto3-fft.git)
* [FFT](https://github.com/nilfoundation/crypto3-math.git)

### External

Expand Down
65 changes: 35 additions & 30 deletions include/nil/crypto3/zk/snark/reductions/r1cs_to_qap.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,8 @@
#ifndef CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP
#define CRYPTO3_ZK_R1CS_TO_QAP_BASIC_POLICY_HPP

#include <nil/crypto3/fft/coset.hpp>
#include <nil/crypto3/fft/domains/evaluation_domain.hpp>
#include <nil/crypto3/fft/make_evaluation_domain.hpp>
#include <nil/crypto3/math/coset.hpp>
#include <nil/crypto3/math/evaluation_domain.hpp>

#include <nil/crypto3/zk/snark/relations/arithmetic_programs/qap.hpp>
#include <nil/crypto3/zk/snark/relations/constraint_satisfaction_problems/r1cs.hpp>
Expand Down Expand Up @@ -80,12 +79,15 @@ namespace nil {
*/
static qap_instance<FieldType> instance_map(const r1cs_constraint_system<FieldType> &cs) {

const std::shared_ptr<fft::evaluation_domain<FieldType>> domain =
fft::make_evaluation_domain<FieldType>(cs.num_constraints() + cs.num_inputs() + 1);
const std::shared_ptr<math::evaluation_domain<FieldType>> domain =
math::make_evaluation_domain<FieldType>(cs.num_constraints() + cs.num_inputs() + 1);

std::vector<std::map<std::size_t, typename FieldType::value_type>> A_in_Lagrange_basis(cs.num_variables() + 1);
std::vector<std::map<std::size_t, typename FieldType::value_type>> B_in_Lagrange_basis(cs.num_variables() + 1);
std::vector<std::map<std::size_t, typename FieldType::value_type>> C_in_Lagrange_basis(cs.num_variables() + 1);
std::vector<std::map<std::size_t, typename FieldType::value_type>> A_in_Lagrange_basis(
cs.num_variables() + 1);
std::vector<std::map<std::size_t, typename FieldType::value_type>> B_in_Lagrange_basis(
cs.num_variables() + 1);
std::vector<std::map<std::size_t, typename FieldType::value_type>> C_in_Lagrange_basis(
cs.num_variables() + 1);

/**
* add and process the constraints
Expand Down Expand Up @@ -136,8 +138,8 @@ namespace nil {
static qap_instance_evaluation<FieldType>
instance_map_with_evaluation(const r1cs_constraint_system<FieldType> &cs,
const typename FieldType::value_type &t) {
const std::shared_ptr<fft::evaluation_domain<FieldType>> domain =
fft::make_evaluation_domain<FieldType>(cs.num_constraints() + cs.num_inputs() + 1);
const std::shared_ptr<math::evaluation_domain<FieldType>> domain =
math::make_evaluation_domain<FieldType>(cs.num_constraints() + cs.num_inputs() + 1);

std::vector<typename FieldType::value_type> At, Bt, Ct, Ht;

Expand Down Expand Up @@ -224,8 +226,8 @@ namespace nil {
/* sanity check */
assert(cs.is_satisfied(primary_input, auxiliary_input));

const std::shared_ptr<fft::evaluation_domain<FieldType>> domain =
fft::make_evaluation_domain<FieldType>(cs.num_constraints() + cs.num_inputs() + 1);
const std::shared_ptr<math::evaluation_domain<FieldType>> domain =
math::make_evaluation_domain<FieldType>(cs.num_constraints() + cs.num_inputs() + 1);

r1cs_variable_assignment<FieldType> full_variable_assignment = primary_input;
full_variable_assignment.insert(full_variable_assignment.end(), auxiliary_input.begin(),
Expand All @@ -245,9 +247,9 @@ namespace nil {
aB[i] += cs.constraints[i].b.evaluate(full_variable_assignment);
}

domain->iFFT(aA);
domain->inverse_fft(aA);

domain->iFFT(aB);
domain->inverse_fft(aB);

std::vector<typename FieldType::value_type> coefficients_for_H(
domain->m + 1, FieldType::value_type::zero());
Expand All @@ -259,17 +261,19 @@ namespace nil {
coefficients_for_H[i] = d2 * aA[i] + d1 * aB[i];
}
coefficients_for_H[0] -= d3;
domain->add_poly_Z(d1 * d2, coefficients_for_H);
domain->add_poly_z(d1 * d2, coefficients_for_H);

fft::multiply_by_coset(aA,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->FFT(aA);
math::multiply_by_coset(
aA,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->fft(aA);

fft::multiply_by_coset(aB,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->FFT(aB);
math::multiply_by_coset(
aB,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->fft(aB);

std::vector<typename FieldType::value_type> &H_tmp = aA;
// can overwrite aA because it is not used later
Expand All @@ -286,12 +290,13 @@ namespace nil {
aC[i] += cs.constraints[i].c.evaluate(full_variable_assignment);
}

domain->iFFT(aC);
domain->inverse_fft(aC);

fft::multiply_by_coset(aC,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->FFT(aC);
math::multiply_by_coset(
aC,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->fft(aC);

#ifdef MULTICORE
#pragma omp parallel for
Expand All @@ -300,9 +305,9 @@ namespace nil {
H_tmp[i] = (H_tmp[i] - aC[i]);
}

domain->divide_by_Z_on_coset(H_tmp);
domain->divide_by_z_on_coset(H_tmp);

domain->iFFT(H_tmp);
domain->inverse_fft(H_tmp);

multiply_by_coset(H_tmp,
typename FieldType::value_type(
Expand Down
34 changes: 17 additions & 17 deletions include/nil/crypto3/zk/snark/reductions/r1cs_to_sap.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,9 @@
#ifndef CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP
#define CRYPTO3_ZK_R1CS_TO_SAP_BASIC_POLICY_HPP

#include <nil/crypto3/fft/coset.hpp>
#include <nil/crypto3/fft/domains/evaluation_domain.hpp>
#include <nil/crypto3/fft/make_evaluation_domain.hpp>
#include <nil/crypto3/math/coset.hpp>
#include <nil/crypto3/math/domains/evaluation_domain.hpp>
#include <nil/crypto3/math/evaluation_domain.hpp>

#include <nil/crypto3/zk/snark/relations/arithmetic_programs/sap.hpp>
#include <nil/crypto3/zk/snark/relations/constraint_satisfaction_problems/r1cs.hpp>
Expand All @@ -78,7 +78,7 @@ namespace nil {
* Helper function to find evaluation domain that will be used by the reduction
* for a given R1CS instance.
*/
static std::shared_ptr<fft::evaluation_domain<FieldType>>
static std::shared_ptr<math::evaluation_domain<FieldType>>
get_domain(const r1cs_constraint_system<FieldType> &cs) {
/*
* the SAP instance will have:
Expand All @@ -88,15 +88,15 @@ namespace nil {
* see comments in instance_map for details on where these
* constraints come from.
*/
return fft::make_evaluation_domain<FieldType>(2 * cs.num_constraints() +
return math::make_evaluation_domain<FieldType>(2 * cs.num_constraints() +
2 * cs.num_inputs() + 1);
}

/**
* Instance map for the R1CS-to-SAP reduction.
*/
static sap_instance<FieldType> instance_map(const r1cs_constraint_system<FieldType> &cs) {
const std::shared_ptr<fft::evaluation_domain<FieldType>> domain = get_domain(cs);
const std::shared_ptr<math::evaluation_domain<FieldType>> domain = get_domain(cs);

std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs();

Expand Down Expand Up @@ -205,7 +205,7 @@ namespace nil {
instance_map_with_evaluation(const r1cs_constraint_system<FieldType> &cs,
const typename FieldType::value_type &t) {

const std::shared_ptr<fft::evaluation_domain<FieldType>> domain = get_domain(cs);
const std::shared_ptr<math::evaluation_domain<FieldType>> domain = get_domain(cs);

std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs();

Expand Down Expand Up @@ -319,7 +319,7 @@ namespace nil {
/* sanity check */
assert(cs.is_satisfied(primary_input, auxiliary_input));

const std::shared_ptr<fft::evaluation_domain<FieldType>> domain = get_domain(cs);
const std::shared_ptr<math::evaluation_domain<FieldType>> domain = get_domain(cs);

std::size_t sap_num_variables = cs.num_variables() + cs.num_constraints() + cs.num_inputs();

Expand Down Expand Up @@ -382,7 +382,7 @@ namespace nil {
aA[extra_constr_offset + 2 * i] -= FieldType::value_type::one();
}

domain->iFFT(aA);
domain->inverse_fft(aA);

std::vector<typename FieldType::value_type> coefficients_for_H(
domain->m + 1, FieldType::value_type::zero());
Expand All @@ -394,12 +394,12 @@ namespace nil {
coefficients_for_H[i] = (d1 * aA[i]) + (d1 * aA[i]);
}
coefficients_for_H[0] -= d2;
domain->add_poly_Z(d1 * d1, coefficients_for_H);
domain->add_poly_z(d1 * d1, coefficients_for_H);

fft::multiply_by_coset(aA,
math::multiply_by_coset(aA,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->FFT(aA);
domain->fft(aA);

std::vector<typename FieldType::value_type> &H_tmp =
aA; // can overwrite aA because it is not used later
Expand Down Expand Up @@ -431,12 +431,12 @@ namespace nil {
aC[extra_constr_offset + 2 * i] += full_variable_assignment[extra_var_offset2 + i - 1];
}

domain->iFFT(aC);
domain->inverse_fft(aC);

fft::multiply_by_coset(aC,
math::multiply_by_coset(aC,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->FFT(aC);
domain->fft(aC);

#ifdef MULTICORE
#pragma omp parallel for
Expand All @@ -445,9 +445,9 @@ namespace nil {
H_tmp[i] = (H_tmp[i] - aC[i]);
}

domain->divide_by_Z_on_coset(H_tmp);
domain->divide_by_z_on_coset(H_tmp);

domain->iFFT(H_tmp);
domain->inverse_fft(H_tmp);
multiply_by_coset(H_tmp,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator)
Expand Down
22 changes: 11 additions & 11 deletions include/nil/crypto3/zk/snark/reductions/uscs_to_ssp.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,9 @@
#ifndef CRYPTO3_ZK_USCS_TO_SSP_REDUCTION_HPP
#define CRYPTO3_ZK_USCS_TO_SSP_REDUCTION_HPP

#include <nil/crypto3/fft/coset.hpp>
#include <nil/crypto3/fft/domains/evaluation_domain.hpp>
#include <nil/crypto3/fft/make_evaluation_domain.hpp>
#include <nil/crypto3/math/coset.hpp>
#include <nil/crypto3/math/domains/evaluation_domain.hpp>
#include <nil/crypto3/math/evaluation_domain.hpp>

#include <nil/crypto3/zk/snark/relations/arithmetic_programs/ssp.hpp>
#include <nil/crypto3/zk/snark/relations/constraint_satisfaction_problems/uscs.hpp>
Expand All @@ -76,7 +76,7 @@ namespace nil {
*/
static ssp_instance<FieldType> instance_map(const uscs_constraint_system<FieldType> &cs) {
const std::shared_ptr<evaluation_domain<FieldType>> domain =
fft::make_evaluation_domain<FieldType>(cs.num_constraints());
math::make_evaluation_domain<FieldType>(cs.num_constraints());
std::vector<std::map<std::size_t, typename FieldType::value_type>> V_in_Lagrange_basis(cs.num_variables() + 1);
for (std::size_t i = 0; i < cs.num_constraints(); ++i) {
for (std::size_t j = 0; j < cs.constraints[i].terms.size(); ++j) {
Expand Down Expand Up @@ -109,7 +109,7 @@ namespace nil {
instance_map_with_evaluation(const uscs_constraint_system<FieldType> &cs,
const typename FieldType::value_type &t) {
const std::shared_ptr<evaluation_domain<FieldType>> domain =
fft::make_evaluation_domain<FieldType>(cs.num_constraints());
math::make_evaluation_domain<FieldType>(cs.num_constraints());

std::vector<typename FieldType::value_type> Vt(cs.num_variables() + 1,
FieldType::value_type::zero());
Expand Down Expand Up @@ -194,7 +194,7 @@ namespace nil {
aA[i] += FieldType::value_type::one();
}

domain->iFFT(aA);
domain->inverse_fft(aA);

std::vector<typename FieldType::value_type> coefficients_for_H(
domain->m + 1, FieldType::value_type::zero());
Expand All @@ -205,12 +205,12 @@ namespace nil {
for (std::size_t i = 0; i < domain->m; ++i) {
coefficients_for_H[i] = typename FieldType::value_type(2) * d * aA[i];
}
domain->add_poly_Z(d.squared(), coefficients_for_H);
domain->add_poly_z(d.squared(), coefficients_for_H);

fft::multiply_by_coset(aA,
math::multiply_by_coset(aA,
typename FieldType::value_type(
fields::arithmetic_params<FieldType>::multiplicative_generator));
domain->FFT(aA);
domain->fft(aA);

std::vector<typename FieldType::value_type> &H_tmp =
aA; // can overwrite aA because it is not used later
Expand All @@ -221,9 +221,9 @@ namespace nil {
H_tmp[i] = aA[i].squared() - FieldType::value_type::one();
}

domain->divide_by_Z_on_coset(H_tmp);
domain->divide_by_z_on_coset(H_tmp);

domain->iFFT(H_tmp);
domain->inverse_fft(H_tmp);
multiply_by_coset(H_tmp, typename FieldType::value_type(fields::arithmetic_params<FieldType>::multiplicative_generator).inversed());

#ifdef MULTICORE
Expand Down
6 changes: 3 additions & 3 deletions include/nil/crypto3/zk/snark/relations/arithmetic_programs/qap.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,15 @@
#include <nil/crypto3/algebra/random_element.hpp>
#include <nil/crypto3/algebra/multiexp/inner_product.hpp>

#include <nil/crypto3/fft/domains/evaluation_domain.hpp>
#include <nil/crypto3/fft/make_evaluation_domain.hpp>
#include <nil/crypto3/math/domains/evaluation_domain.hpp>
#include <nil/crypto3/math/evaluation_domain.hpp>

namespace nil {
namespace crypto3 {
namespace zk {
namespace snark {

using namespace nil::crypto3::fft;
using namespace nil::crypto3::math;

template<typename FieldType>
struct qap_witness;
Expand Down
6 changes: 3 additions & 3 deletions include/nil/crypto3/zk/snark/relations/arithmetic_programs/sap.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,15 @@
#include <nil/crypto3/algebra/random_element.hpp>
#include <nil/crypto3/algebra/multiexp/inner_product.hpp>

#include <nil/crypto3/fft/domains/evaluation_domain.hpp>
#include <nil/crypto3/fft/make_evaluation_domain.hpp>
#include <nil/crypto3/math/domains/evaluation_domain.hpp>
#include <nil/crypto3/math/evaluation_domain.hpp>

namespace nil {
namespace crypto3 {
namespace zk {
namespace snark {

using namespace nil::crypto3::fft;
using namespace nil::crypto3::math;

template<typename FieldType>
struct sap_witness;
Expand Down
Loading

0 comments on commit eba2d04

Please sign in to comment.