Substitute ChallengeGenerator by the generic sponge
#139
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
autquis
requested review from
Pratyush,
mmagician and
weikengchen
and removed request for
a team
autquis
changed the title
ChallengeGenerator with the generic spongeChallengeGenerator by the generic sponge
autquis
commented
Jan 5, 2024
autquis
commented
Jan 8, 2024
|
|
||
| for challenge_gen in challenge_generators { | ||
| for __ in 0..1 { |
There was a problem hiding this comment.
By deleting this for loop, the diff gets unnecessarily complicated. As soon as the PR gets a review, I will delete this for loop, and then please merge it.
|
Thanks for this PR! It looks pretty good overall. Since you're looking into this code, could you double check that the way we're deriving these challenges is not vulnerable to https://blog.openzeppelin.com/the-last-challenge-attack ? Essentially, when we're doing batch verification, we need to ensure that we absorb all the proofs in the batch before we squeeze the |
|
Of course!
Thanks! |
|
True, there was only ever squeezes from a sponge... Regarding the second point for IOP-based schemes, we anyway planned to improve the |
|
Thanks for the answer! Regarding |
|
Ok seems like the blog post and what this PR aim to achieve are two different things; this PR talks about how to generate challenges for batch proving, and the blog post talks about batching pairings within a batch proof verification. That is, the blog post talks about replacing this line with a squeeze from a sponge instead of a We should change that in a separate PR (it's not a soundness bug atm.) |
|
Having resolved that confusion (sorry about that!), let's return our focus to the topic of this PR. I think the reason why the current code is "sound" is that it assumes the sponge inside the challenge generator already absorbed the requisite commitments. For example, see the We can think about whether we want to change that or not; my inclination is that the answer is yes. |
|
That makes sense @Pratyush. In any case we can tackle this separately as this PR doesn't alter the old behavior (regarding what is assumed to be absorbed) right? |
Pratyush
approved these changes
Jan 14, 2024
This was referenced Jan 15, 2024
autquis
added a commit
to HungryCatsStudio/poly-commit
that referenced
this pull request
Jan 17, 2024
* Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Complete the merge * Simplify `hash_column` * Delete comments * Add `CommitmentState` * Make `fmt` happy * Refactor, remove `hash_columns` * Rename all params * remove cfg(benches) attributes as that feature is no longer used * Brakedown+++ (#46) * conversion to `into_iter` is a no-op * remove explicit casts to vecs * rename to use singular of `labeled_commitment` * simplify the iterators even further by zipping two iters * Apply suggestions from code review * Maybe `empty` not return `Self` * Make `empty` return `Self` * Rename `rand` to `state` * Add the type `Randomness` * Rename nonnative to emulated, as in `r1cs-std` (arkworks-rs#137) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Substitute `ChallengeGenerator` by the generic sponge (arkworks-rs#139) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Substitute `ChallengeGenerator` with the generic sponge * Run `fmt` * Remove the extra file * Update modules * Delete the unnecessary loop * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Update README * Make the diff more readable * Bring the whitespace back * Make diff more readable, 2 * Fix according to breaking changes in `ark-ec` (arkworks-rs#141) * Fix for KZG10 * Fix the breaking changes in `ark-ec` * Remove the extra loop * Fix the loop range * re-use the preprocessing table * also re-use the preprocessing table for multilinear_pc --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> * Auxiliary opening data (arkworks-rs#134) * Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Put `Randomness` in `CommitmentState` * Add a comment * Remove the extra loop * Update the comment for `CommitmentState` Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * cargo fmt --------- Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * `batch_mul_with_preprocessing` no longer takes `self` as argument (arkworks-rs#142) * batch_mul_with_preprocessing no longer takes `self` as argument * Apply suggestions from code review Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * fix variable name --------- Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * Remove `ChallengeGenerator` for Brakedown (#53) * Squash and merge `delete-chalgen` onto here * Fix Brakedown for `ChallengeGenerator` and `AsRef` for Merkle tree * Remove `IOPTranscript` (#52) * Replace the `IOPTranscript` with `CryptographicSponge` * Delete extra comments * Delete TODOs and do not absorb what you just squeezed * Remove the extra loop * Revert the incorrect changes in `bench-tamplates` --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> Co-authored-by: Pratyush Mishra <pratyush795@gmail.com>
autquis
added a commit
to HungryCatsStudio/poly-commit
that referenced
this pull request
Jan 18, 2024
* Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Change `Randomness` to `CommitmentState` * Maybe `empty` not return `Self` * Make `empty` return `Self` * Rename `rand` to `state` * Partially integrate the new design into Hyrax * Update Hyrax with the shared state * Rename nonnative to emulated, as in `r1cs-std` (arkworks-rs#137) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Substitute `ChallengeGenerator` by the generic sponge (arkworks-rs#139) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Substitute `ChallengeGenerator` with the generic sponge * Run `fmt` * Remove the extra file * Update modules * Delete the unnecessary loop * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Update README * Make the diff more readable * Bring the whitespace back * Make diff more readable, 2 * Fix according to breaking changes in `ark-ec` (arkworks-rs#141) * Fix for KZG10 * Fix the breaking changes in `ark-ec` * Remove the extra loop * Fix the loop range * re-use the preprocessing table * also re-use the preprocessing table for multilinear_pc --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> * Auxiliary opening data (arkworks-rs#134) * Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Put `Randomness` in `CommitmentState` * Add a comment * Remove the extra loop * Update the comment for `CommitmentState` Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * cargo fmt --------- Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * `batch_mul_with_preprocessing` no longer takes `self` as argument (arkworks-rs#142) * batch_mul_with_preprocessing no longer takes `self` as argument * Apply suggestions from code review Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * fix variable name --------- Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * Remove ChallengeGenerator for Ligero (#56) * Squash and merge `delete-chalgen` onto here * Fix for `ChallengeGenerator` * Delete `IOPTranscript` for Hyrax (#55) * Use the sponge generic and rearrange `use`s * Use sponge instead of `IOPTransript` * Fix benches * Remove the extra loop --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> Co-authored-by: Pratyush Mishra <pratyush795@gmail.com>
autquis
added a commit
to HungryCatsStudio/poly-commit
that referenced
this pull request
Jan 18, 2024
* Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Simplify `hash_column` * Delete comments * Add `CommitmentState` * Make `fmt` happy * Refactor, remove `hash_columns` * Rename all params * Maybe `empty` not return `Self` * Make `empty` return `Self` * Rename `rand` to `state` * Add type `Randomness` * Ligero+++ (#46) * conversion to `into_iter` is a no-op * remove explicit casts to vecs * rename to use singular of `labeled_commitment` * simplify the iterators even further by zipping two iters * Apply suggestions from code review * Fix tests: sponge config for univariate ligero * Rename nonnative to emulated, as in `r1cs-std` (arkworks-rs#137) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Substitute `ChallengeGenerator` by the generic sponge (arkworks-rs#139) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Substitute `ChallengeGenerator` with the generic sponge * Run `fmt` * Remove the extra file * Update modules * Delete the unnecessary loop * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Update README * Make the diff more readable * Bring the whitespace back * Make diff more readable, 2 * Fix according to breaking changes in `ark-ec` (arkworks-rs#141) * Fix for KZG10 * Fix the breaking changes in `ark-ec` * Remove the extra loop * Fix the loop range * re-use the preprocessing table * also re-use the preprocessing table for multilinear_pc --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> * Auxiliary opening data (arkworks-rs#134) * Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Put `Randomness` in `CommitmentState` * Add a comment * Remove the extra loop * Update the comment for `CommitmentState` Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * cargo fmt --------- Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * `batch_mul_with_preprocessing` no longer takes `self` as argument (arkworks-rs#142) * batch_mul_with_preprocessing no longer takes `self` as argument * Apply suggestions from code review Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * fix variable name --------- Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * Remove `ChallengeGenerator` and `IOPTranscript` for Ligero (#57) * Squash and merge `delete-chalgen` onto here * Fix Ligero for `ChallengeGenerator` and `AsRef` for Merkle tree * Fix tests: sponge config for univariate ligero * Delete `IOPTranscript` for Ligero (#54) * Replace the `IOPTranscript` with `CryptographicSponge` * Delete extra comments * Run fmt * Fix tests: sponge config for univariate ligero * Delete TODOs and do not absorb what you just squeezed * Fix unused import * Revert "Fix unused import" This reverts commit e85af90. * Try to fix * Remove the extra loop --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> Co-authored-by: Pratyush Mishra <pratyush795@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
In this PR, we are removing
ChallengeGeneratorand using only the sponge on which the PCS is generic. As a consequence, we are dropping the two strategies of generating challenges. However, as far as I noticed, theUnivariatestrategy was only used in a few tests and bench templates. So, I am not sure how big of an issue it is.Closes #138
Notice that this PR is on top of #137
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
Pendingsection inCHANGELOG.mdFiles changedin the Github PR explorer