2022-10-10 16:41:42 -07:00
|
|
|
package plonky2_verifier
|
|
|
|
|
|
2022-10-10 20:45:34 -07:00
|
|
|
import (
|
2023-03-28 10:59:36 -07:00
|
|
|
. "gnark-plonky2-verifier/field"
|
|
|
|
|
"gnark-plonky2-verifier/poseidon"
|
2022-10-10 20:45:34 -07:00
|
|
|
|
|
|
|
|
"github.com/consensys/gnark/frontend"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type VerifierChip struct {
|
2022-11-22 17:57:26 -08:00
|
|
|
api frontend.API `gnark:"-"`
|
|
|
|
|
fieldAPI frontend.API `gnark:"-"`
|
|
|
|
|
qeAPI *QuadraticExtensionAPI `gnark:"-"`
|
2022-11-21 14:49:54 -08:00
|
|
|
poseidonChip *poseidon.PoseidonChip
|
|
|
|
|
plonkChip *PlonkChip
|
|
|
|
|
friChip *FriChip
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewVerifierChip(api frontend.API, fieldAPI frontend.API, qeAPI *QuadraticExtensionAPI, poseidonChip *poseidon.PoseidonChip, plonkChip *PlonkChip, friChip *FriChip) *VerifierChip {
|
|
|
|
|
return &VerifierChip{
|
|
|
|
|
api: api,
|
|
|
|
|
fieldAPI: fieldAPI,
|
|
|
|
|
qeAPI: qeAPI,
|
|
|
|
|
poseidonChip: poseidonChip,
|
|
|
|
|
plonkChip: plonkChip,
|
|
|
|
|
friChip: friChip,
|
|
|
|
|
}
|
2022-10-10 20:45:34 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *VerifierChip) GetPublicInputsHash(publicInputs []F) Hash {
|
|
|
|
|
return c.poseidonChip.HashNoPad(publicInputs)
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-01 10:26:45 -07:00
|
|
|
func (c *VerifierChip) GetChallenges(proofWithPis ProofWithPublicInputs, publicInputsHash Hash, commonData CommonCircuitData, verifierData VerifierOnlyCircuitData) ProofChallenges {
|
2022-10-10 20:45:34 -07:00
|
|
|
config := commonData.Config
|
|
|
|
|
numChallenges := config.NumChallenges
|
2022-11-21 14:49:54 -08:00
|
|
|
challenger := NewChallengerChip(c.api, c.fieldAPI, c.poseidonChip)
|
2022-10-10 20:45:34 -07:00
|
|
|
|
2023-05-01 10:26:45 -07:00
|
|
|
var circuitDigest = verifierData.CircuitDigest
|
2022-10-10 22:44:59 -07:00
|
|
|
|
2022-10-10 21:23:30 -07:00
|
|
|
challenger.ObserveHash(circuitDigest)
|
2022-10-10 20:45:34 -07:00
|
|
|
challenger.ObserveHash(publicInputsHash)
|
|
|
|
|
challenger.ObserveCap(proofWithPis.Proof.WiresCap)
|
|
|
|
|
plonkBetas := challenger.GetNChallenges(numChallenges)
|
|
|
|
|
plonkGammas := challenger.GetNChallenges(numChallenges)
|
|
|
|
|
|
|
|
|
|
challenger.ObserveCap(proofWithPis.Proof.PlonkZsPartialProductsCap)
|
|
|
|
|
plonkAlphas := challenger.GetNChallenges(numChallenges)
|
|
|
|
|
|
|
|
|
|
challenger.ObserveCap(proofWithPis.Proof.QuotientPolysCap)
|
|
|
|
|
plonkZeta := challenger.GetExtensionChallenge()
|
|
|
|
|
|
|
|
|
|
challenger.ObserveOpenings(proofWithPis.Proof.Openings.ToFriOpenings())
|
|
|
|
|
|
|
|
|
|
return ProofChallenges{
|
|
|
|
|
PlonkBetas: plonkBetas,
|
|
|
|
|
PlonkGammas: plonkGammas,
|
|
|
|
|
PlonkAlphas: plonkAlphas,
|
|
|
|
|
PlonkZeta: plonkZeta,
|
|
|
|
|
FriChallenges: challenger.GetFriChallenges(
|
|
|
|
|
proofWithPis.Proof.OpeningProof.CommitPhaseMerkleCaps,
|
|
|
|
|
proofWithPis.Proof.OpeningProof.FinalPoly,
|
|
|
|
|
proofWithPis.Proof.OpeningProof.PowWitness,
|
2022-10-10 21:23:30 -07:00
|
|
|
commonData.DegreeBits,
|
|
|
|
|
config.FriConfig,
|
2022-10-10 20:45:34 -07:00
|
|
|
),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-28 15:18:13 -07:00
|
|
|
func (c *VerifierChip) Verify(proofWithPis ProofWithPublicInputs, verifierData VerifierOnlyCircuitData, commonData CommonCircuitData) {
|
2022-11-01 16:35:21 -07:00
|
|
|
// TODO: Verify shape of the proof?
|
|
|
|
|
|
2022-10-10 20:45:34 -07:00
|
|
|
publicInputsHash := c.GetPublicInputsHash(proofWithPis.PublicInputs)
|
2023-05-01 10:26:45 -07:00
|
|
|
proofChallenges := c.GetChallenges(proofWithPis, publicInputsHash, commonData, verifierData)
|
2022-11-21 14:49:54 -08:00
|
|
|
|
2023-04-05 14:26:08 -07:00
|
|
|
c.plonkChip.Verify(proofChallenges, proofWithPis.Proof.Openings, publicInputsHash)
|
2022-11-21 14:49:54 -08:00
|
|
|
|
|
|
|
|
initialMerkleCaps := []MerkleCap{
|
|
|
|
|
verifierData.ConstantSigmasCap,
|
|
|
|
|
proofWithPis.Proof.WiresCap,
|
|
|
|
|
proofWithPis.Proof.PlonkZsPartialProductsCap,
|
|
|
|
|
proofWithPis.Proof.QuotientPolysCap,
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-22 16:50:43 -08:00
|
|
|
// Seems like there is a bug in the emulated field code.
|
|
|
|
|
// Add ZERO to all of the fri challenges values to reduce them.
|
|
|
|
|
proofChallenges.PlonkZeta[0] = c.fieldAPI.Add(proofChallenges.PlonkZeta[0], ZERO_F).(F)
|
|
|
|
|
proofChallenges.PlonkZeta[1] = c.fieldAPI.Add(proofChallenges.PlonkZeta[1], ZERO_F).(F)
|
|
|
|
|
|
|
|
|
|
proofChallenges.FriChallenges.FriAlpha[0] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriAlpha[0], ZERO_F).(F)
|
|
|
|
|
proofChallenges.FriChallenges.FriAlpha[1] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriAlpha[1], ZERO_F).(F)
|
|
|
|
|
|
|
|
|
|
for i := 0; i < len(proofChallenges.FriChallenges.FriBetas); i++ {
|
|
|
|
|
proofChallenges.FriChallenges.FriBetas[i][0] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriBetas[i][0], ZERO_F).(F)
|
|
|
|
|
proofChallenges.FriChallenges.FriBetas[i][1] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriBetas[i][1], ZERO_F).(F)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proofChallenges.FriChallenges.FriPowResponse = c.fieldAPI.Add(proofChallenges.FriChallenges.FriPowResponse, ZERO_F).(F)
|
|
|
|
|
|
2023-04-26 16:05:23 -07:00
|
|
|
for i := 0; i < len(proofChallenges.FriChallenges.FriQueryIndices); i++ {
|
|
|
|
|
proofChallenges.FriChallenges.FriQueryIndices[i] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriQueryIndices[i], ZERO_F).(F)
|
2022-11-22 16:50:43 -08:00
|
|
|
}
|
|
|
|
|
|
2022-11-21 14:49:54 -08:00
|
|
|
c.friChip.VerifyFriProof(
|
|
|
|
|
commonData.GetFriInstance(c.qeAPI, proofChallenges.PlonkZeta, commonData.DegreeBits),
|
|
|
|
|
proofWithPis.Proof.Openings.ToFriOpenings(),
|
|
|
|
|
&proofChallenges.FriChallenges,
|
|
|
|
|
initialMerkleCaps,
|
|
|
|
|
&proofWithPis.Proof.OpeningProof,
|
|
|
|
|
)
|
2022-10-10 20:45:34 -07:00
|
|
|
}
|
