Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BASE] Anemoi hash r1cs #65

Open
wants to merge 120 commits into
base: develop
Choose a base branch
from
Open

[BASE] Anemoi hash r1cs #65

wants to merge 120 commits into from

Conversation

vesselinux
Copy link
Collaborator

@vesselinux vesselinux commented Jul 29, 2022
edited by dtebbs
Loading

Related to Issue #54. See also https://eprint.iacr.org/2022/840 for details.
This PR and branch are the destination for future anemoi-related changes.

@vesselinux vesselinux requested a review from dtebbs July 29, 2022 08:07
@dtebbs
Copy link
Contributor

dtebbs commented Jul 29, 2022

This PR includes all the plonk changes, so it's almost impossible to review.
Could you poinit it at the relevant branch so I can take a look at this.

@vesselinux vesselinux changed the base branch from develop to plonk July 29, 2022 13:32
@vesselinux
Copy link
Collaborator Author

This PR includes all the plonk changes, so it's almost impossible to review. Could you poinit it at the relevant branch so I can take a look at this.

Done. This branch now points to plonk which is the correct branch it is based on. Sorry!

dtebbs
dtebbs suggested changes Aug 2, 2022
View reviewed changes
Copy link
Contributor

@dtebbs dtebbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good firs attempt. You've got the constraints being formed correctly. I think there are a couple of optimizations to do here, and these simple examples are great to use to discuss that. Also some intermediate values can potentially be removed.

Let's discuss this on a call.

libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
@vesselinux vesselinux requested a review from dtebbs August 31, 2022 12:54
@vesselinux vesselinux mentioned this pull request Aug 31, 2022
Open
dtebbs
dtebbs suggested changes Aug 31, 2022
View reviewed changes
Copy link
Contributor

@dtebbs dtebbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, functionally this looks correct. I think we can improve the clarity a bit.

libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc Outdated Show resolved Hide resolved
dtebbs
dtebbs reviewed Sep 6, 2022
View reviewed changes
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated
void generate_r1cs_constraints();
void generate_r1cs_witness();
};

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion for how to reuse the gadget

class anemoi_power_two_round_1_gadget : public anemoi_power_two_gadget
{
anemoi_power_two_round_1_gadget(
rotoboard<FieldT> &pb,
        const pb_variable<FieldT> &input,
        const pb_variable<FieldT> &output,
        const std::string &annotation_prefix = "")
  : anemoi_power_two_gadget(..., ...ALPHA, ... BETA, ...)
  {
  }
}

class anemoi_power_two_round_2_gadget : public anemoi_power_two_gadget
{
anemoi_power_two_round_2_gadget(
rotoboard<FieldT> &pb,
        const pb_variable<FieldT> &input,
        const pb_variable<FieldT> &output,
        const std::string &annotation_prefix = "")
  : anemoi_power_two_gadget(..., anemoi_constants_selector<ppT>::BETA, ... anemoi_constants_selector<ppT>::GAMMA, ...)
  {
  }
}

dtebbs
dtebbs reviewed Oct 11, 2022
View reviewed changes
Copy link
Contributor

@dtebbs dtebbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick intermediate review.

libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp Outdated Show resolved Hide resolved
libsnark/gadgetlib1/pb_variable.tcc Outdated Show resolved Hide resolved
libsnark/gadgetlib1/pb_variable.tcc Outdated Show resolved Hide resolved
libsnark/gadgetlib1/protoboard.tcc Outdated Show resolved Hide resolved
@vesselinux vesselinux force-pushed the anemoi-hash-r1cs branch 2 times, most recently from 9d20eef to 96c4c2a Compare October 21, 2022 21:47
vesselinux pushed a commit that referenced this pull request Oct 31, 2022
anemoi: removed default value "" for annotation_prefix (cf. PR #65 #6…
64ba5d0 
…5 (comment))
vesselinux pushed a commit that referenced this pull request Oct 31, 2022
anemoi: set member variables representing intermediate values to be o…
703e198 
…f type const in several classes. resp. added their initialization in the initialization list of the constructor (cf. #65 (comment))
vesselinux pushed a commit that referenced this pull request Oct 31, 2022
anemoi: added formal reference to the eprint version of the Anemoi pa…
2274160 
…per (cf. #65 (comment))
vesselinux pushed a commit that referenced this pull request Oct 31, 2022
anemoi: removed redundant comment (#65 (comment))
8c0c139
vesselinux pushed a commit that referenced this pull request Oct 31, 2022
anemoi: changed comments in allocate() to match variable names (#65 (…
ebf6923 
…comment))
vesselinux pushed a commit that referenced this pull request Oct 31, 2022
anemoi: removed redundant asserts in pb_variable added earlier for de…
17a5468 
…bug (#65 (comment), #65 (comment))
vesselinux pushed a commit that referenced this pull request Oct 31, 2022
anemoi: removed redundant "== true" in if-statement (#65 (comment)).
4a8ede2
vesselinux pushed a commit that referenced this pull request Jan 12, 2023
anemoi: removed duplicate gadgets for the flystel Q-functions for pri…
eb1d516 
…me and binary fields (#77, #65 (comment), #65 (comment)) - resolved conflicts after rebase onto anemoi-hash-r1cs
vesselinux pushed a commit that referenced this pull request Jan 12, 2023
anemoi: implemeneted separate mds matrix generation function for each…
d9f917c 
… allowed dimension (addresses #77 , #65 (comment)) - fixed conflicts after rebase onto anemoi-hash-r1cs
@vesselinux vesselinux mentioned this pull request Jan 12, 2023
Merged
Vesselin Velichkov and others added 24 commits January 13, 2023 16:18
anemoi: fixed improper use of types in anemoi_parameters class (#101 …
f744943 
…(comment))
anemoi: replaced libff::bigint<libff::Fr<libff::bls12_381_pp>::num_li…
ceb06f4 
…mbs> with anemoi_parameters<libff::bls12_381_pp>::BignumT for improved readability (#101 (comment))
@dtebbs
Merge pull request #101 from clearmatics/anemoi-hash-r1cs-permutation…
8a455ea 
…-round

Anemoi hash r1cs permutation round
anemoi: removed duplicate gadgets for the flystel Q-functions for pri…
5ac46aa 
…me and binary fields (#77, #65 (comment), #65 (comment)) - resolved conflicts after rebase onto anemoi-hash-r1cs
anemoi: implemented function for generating the mds matrix for differ…
3592255 
…ent number of columns using class specialization (#102 (comment))
anemoi: added a TODO note regarding the removal of the input g parame…
c84efa4 
…ter from all anemoi_permutation_mds::permutation_mds functions (#102 (comment))
anemoi: defined the types of the mds matrices (#102 (comment))
85bb953
anemoi: fixed compilation errors related to method anemoi_permutation…
2c62e4d 
…_mds::permutation_mds after rebase onto anemoi-hash-r1cs
@dtebbs
Merge pull request #102 from clearmatics/anemoi-hash-r1cs-numstatecol…
eefd98d 
…umns

Anemoi hash r1cs numstatecolumns
Merge branch 'develop' into anemoi-hash-r1cs
0fdd0c3
anemoi: added support for generating anemoi parameters for all curves…
8a77138 
… of interest, namely Mnt4, Mnt6, BW6_761, BN128, ALT_BN128, BLS12_377, BLS12_381 (#82)
anemoi: added description of the C,D round constants in comments
5bb5dec
@dtebbs
WIP: anemoi test tweaks
3e3fb66
anemoi: added tests for gadget instatiations for all curves (#106 (co…
bb7fee5 
…mment))
anemoi: removed test_curve_parameters as obsolete now that we have te…
bbafbdd 
…st_for_curve (#106 (comment)); removed template specialization for test_intermediate_gadgets_bls12_381 (#106 (comment)).
@dtebbs
Merge pull request #106 from clearmatics/82-anemoi-parameters-all-curves
9e56d98 
Anemoi: parameters struct for all curves of interest
anemoi: added the number of rounds for each instance and for each cur…
644dde8 
…ve inside the parameters class; modified the SAGE script accordingly
anemoi: implemented gadget for the full anemoi permutation (#104)
f2e9f87
anemoi: renamed NumStateColumns_L to NumStateColumns
5ebc5b3
anemoi: renamed test_anemoi_permutation_round_prime_field_gadget to t…
2099655 
…est_anemoi_round_prime_field_gadget
anemoi: added the round index as a member of the anemoi_round_prime_f…
e7630b2 
…ield_gadget class. it is used to extract the round constants C,D, which arenow removed from the class. removed two unused functions from the same class.
anemoi: added output test values for anemoi with 128-bit security; ou…
bb2eff3 
…tput number of r1cs constraints and variables
anemoi: added minor variable renaming Round -> Rounds (#110 (comment))
af1afbb
@dtebbs
Merge pull request #110 from clearmatics/104-anemoi-permutation-all-r…
42aeac3 
…ounds

Anemoi circuit to run all rounds
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dtebbs dtebbs dtebbs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vesselinux @dtebbs