logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-07 16:23:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Working with blindings

Browse Source
This commit is contained in:
wborgeaud 2021-05-31 18:19:44 +02:00
parent 6ee9ceacd5
commit d882283761
2 changed files with 21 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/fri/verifier.rs
View File

@ -141,44 +141,6 @@ fn fri_verify_initial_proof<F: Field>(
Ok(()) Ok(())
} }
// fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
// proof: &FriInitialTreeProof<F>,
// alpha: F::Extension,
// opening_set: &OpeningSet<F, D>,
// zeta: F::Extension,
// subgroup_x: F,
// config: &FriConfig,
// ) -> F::Extension {
// let e = proof
// .evals_proofs
// .iter()
// .enumerate()
// .flat_map(|(i, (v, _))| &v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }])
// .rev()
// .fold(F::Extension::ZERO, |acc, &e| alpha * acc + e.into());
// let numerator = e - interpolant.eval(subgroup_x.into());
// let denominator = points
// .iter()
// .map(|&(x, _)| F::Extension::from_basefield(subgroup_x) - x)
// .product();
// let quotient = numerator / denominator;
// let quotient = if config.check_basefield[0] {
// let alpha_conj = alpha.frobenius();
// let comp_conj = proof
// .evals_proofs
// .iter()
// .enumerate()
// .flat_map(|(i, (v, _))| &v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }])
// .rev()
// .fold(F::Extension::ZERO, |acc, &e| alpha_conj * acc + e.into());
// let numerator = comp_conj - points[0].1.frobenius();
// let denominator = F::Extension::from_basefield(subgroup_x) - points[0].0.frobenius();
// quotient + (numerator / denominator) * alpha.exp(proof.evals_proofs[0].0.len() as u64)
// } else {
// quotient
// };
// quotient
// }
fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>( fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
proof: &FriInitialTreeProof<F>, proof: &FriInitialTreeProof<F>,
alpha: F::Extension, alpha: F::Extension,
@ -196,9 +158,10 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
let ev = [0, 1, 4] let ev = [0, 1, 4]
.iter() .iter()
.map(|&i| &proof.evals_proofs[i]) .flat_map(|&i| {
.enumerate() let v = &proof.evals_proofs[i].0;
.flat_map(|(j, (v, _))| &v[..v.len() - if config.blinding[j] { SALT_SIZE } else { 0 }]) &v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }]
})
.rev() .rev()
.fold(F::Extension::ZERO, |acc, &e| { .fold(F::Extension::ZERO, |acc, &e| {
poly_count += 1; poly_count += 1;
@ -213,7 +176,6 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
let denominator = F::Extension::from_basefield(subgroup_x) - zeta; let denominator = F::Extension::from_basefield(subgroup_x) - zeta;
e += cur_alpha * numerator / denominator; e += cur_alpha * numerator / denominator;
cur_alpha = alpha.exp(poly_count); cur_alpha = alpha.exp(poly_count);
dbg!(e);
let ev = proof.evals_proofs[3].0 let ev = proof.evals_proofs[3].0
[..proof.evals_proofs[3].0.len() - if config.blinding[3] { SALT_SIZE } else { 0 }] [..proof.evals_proofs[3].0.len() - if config.blinding[3] { SALT_SIZE } else { 0 }]
@ -224,7 +186,6 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
alpha * acc + e.into() alpha * acc + e.into()
}); });
let zeta_right = F::Extension::primitive_root_of_unity(degree_log) * zeta; let zeta_right = F::Extension::primitive_root_of_unity(degree_log) * zeta;
dbg!(degree_log);
let zs_interpol = interpolant(&[ let zs_interpol = interpolant(&[
(zeta, reduce_with_powers(&os.plonk_zs, alpha)), (zeta, reduce_with_powers(&os.plonk_zs, alpha)),
(zeta_right, reduce_with_powers(&os.plonk_zs_right, alpha)), (zeta_right, reduce_with_powers(&os.plonk_zs_right, alpha)),
@ -233,8 +194,6 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
let denominator = (F::Extension::from_basefield(subgroup_x) - zeta) let denominator = (F::Extension::from_basefield(subgroup_x) - zeta)
* (F::Extension::from_basefield(subgroup_x) - zeta_right); * (F::Extension::from_basefield(subgroup_x) - zeta_right);
e += cur_alpha * numerator / denominator; e += cur_alpha * numerator / denominator;
dbg!(e);
dbg!(cur_alpha);
cur_alpha = alpha.exp(poly_count); cur_alpha = alpha.exp(poly_count);
if D > 1 { if D > 1 {

47
src/polynomial/commitment.rs
View File

@ -315,7 +315,6 @@ impl<F: Field> ListPolynomialCommitment<F> {
F: Extendable<D>, F: Extendable<D>,
{ {
let g = F::Extension::primitive_root_of_unity(degree_log); let g = F::Extension::primitive_root_of_unity(degree_log);
dbg!(degree_log);
for &p in &[zeta, g * zeta] { for &p in &[zeta, g * zeta] {
assert_ne!( assert_ne!(
p.exp(1 << degree_log as u64), p.exp(1 << degree_log as u64),
@ -336,7 +335,6 @@ impl<F: Field> ListPolynomialCommitment<F> {
challenger.observe_opening_set(&os); challenger.observe_opening_set(&os);
let alpha = challenger.get_extension_challenge(); let alpha = challenger.get_extension_challenge();
dbg!(alpha);
let mut cur_alpha = F::Extension::ONE; let mut cur_alpha = F::Extension::ONE;
// Final low-degree polynomial that goes into FRI. // Final low-degree polynomial that goes into FRI.
@ -360,15 +358,6 @@ impl<F: Field> ListPolynomialCommitment<F> {
let quotient = Self::compute_quotient(&[zeta], &[composition_eval], &composition_poly); let quotient = Self::compute_quotient(&[zeta], &[composition_eval], &composition_poly);
final_poly = &final_poly + &(&quotient * cur_alpha); final_poly = &final_poly + &(&quotient * cur_alpha);
{
let lde_final_poly = final_poly.lde(config.rate_bits);
let lde_final_values = lde_final_poly
.clone()
.coset_fft(F::Extension::from_basefield(
F::MULTIPLICATIVE_GROUP_GENERATOR,
));
dbg!(lde_final_values);
}
cur_alpha = alpha.exp(poly_count); cur_alpha = alpha.exp(poly_count);
let zs_composition_poly = let zs_composition_poly =
@ -391,16 +380,6 @@ impl<F: Field> ListPolynomialCommitment<F> {
&zs_composition_poly, &zs_composition_poly,
); );
final_poly = &final_poly + &(&zs_quotient * cur_alpha); final_poly = &final_poly + &(&zs_quotient * cur_alpha);
{
let lde_final_poly = final_poly.lde(config.rate_bits);
let lde_final_values = lde_final_poly
.clone()
.coset_fft(F::Extension::from_basefield(
F::MULTIPLICATIVE_GROUP_GENERATOR,
));
dbg!(lde_final_values);
dbg!(cur_alpha);
}
cur_alpha = alpha.exp(poly_count); cur_alpha = alpha.exp(poly_count);
if D > 1 { if D > 1 {
@ -425,7 +404,6 @@ impl<F: Field> ListPolynomialCommitment<F> {
final_poly = &final_poly + &(&wires_quotient * cur_alpha); final_poly = &final_poly + &(&wires_quotient * cur_alpha);
} }
dbg!(final_poly.coeffs.len());
let lde_final_poly = final_poly.lde(config.rate_bits); let lde_final_poly = final_poly.lde(config.rate_bits);
let lde_final_values = lde_final_poly let lde_final_values = lde_final_poly
.clone() .clone()
@ -470,7 +448,6 @@ impl<F: Field> ListPolynomialCommitment<F> {
.collect::<Vec<_>>(); .collect::<Vec<_>>();
debug_assert!(pairs.iter().all(|&(x, e)| poly.eval(x) == e)); debug_assert!(pairs.iter().all(|&(x, e)| poly.eval(x) == e));
dbg!(&pairs);
let interpolant = interpolant(&pairs); let interpolant = interpolant(&pairs);
let denominator = points.iter().fold(PolynomialCoeffs::one(), |acc, &x| { let denominator = points.iter().fold(PolynomialCoeffs::one(), |acc, &x| {
&acc * &PolynomialCoeffs::new(vec![-x, F::Extension::ONE]) &acc * &PolynomialCoeffs::new(vec![-x, F::Extension::ONE])
@ -501,7 +478,6 @@ impl<F: Field + Extendable<D>, const D: usize> OpeningProof<F, D> {
challenger.observe_opening_set(os); challenger.observe_opening_set(os);
let alpha = challenger.get_extension_challenge(); let alpha = challenger.get_extension_challenge();
dbg!(alpha);
verify_fri_proof( verify_fri_proof(
log2_strict(self.quotient_degree), log2_strict(self.quotient_degree),
@ -523,6 +499,7 @@ mod tests {
use crate::field::crandall_field::CrandallField; use crate::field::crandall_field::CrandallField;
use super::*; use super::*;
use rand::Rng;
use std::convert::TryInto; use std::convert::TryInto;
fn gen_random_test_case<F: Field + Extendable<D>, const D: usize>( fn gen_random_test_case<F: Field + Extendable<D>, const D: usize>(
@ -549,6 +526,17 @@ mod tests {
point point
} }
fn random_blindings() -> Vec<bool> {
let mut rng = rand::thread_rng();
vec![
rng.gen_bool(0.5),
rng.gen_bool(0.5),
rng.gen_bool(0.5),
rng.gen_bool(0.5),
rng.gen_bool(0.5),
]
}
fn check_batch_polynomial_commitment<F: Field + Extendable<D>, const D: usize>() -> Result<()> { fn check_batch_polynomial_commitment<F: Field + Extendable<D>, const D: usize>() -> Result<()> {
let ks = [1, 2, 3, 5, 8]; let ks = [1, 2, 3, 5, 8];
let degree_log = 11; let degree_log = 11;
@ -557,17 +545,16 @@ mod tests {
rate_bits: 2, rate_bits: 2,
reduction_arity_bits: vec![2, 3, 1, 2], reduction_arity_bits: vec![2, 3, 1, 2],
num_query_rounds: 3, num_query_rounds: 3,
blinding: vec![false, false, false, false, false], blinding: random_blindings(),
check_basefield: vec![false, false, false], check_basefield: vec![false, false, false],
}; };
let lpcs = ks let lpcs = (0..5)
.iter() .map(|i| {
.map(|&k| {
ListPolynomialCommitment::<F>::new( ListPolynomialCommitment::<F>::new(
gen_random_test_case(k, degree_log), gen_random_test_case(ks[i], degree_log),
fri_config.rate_bits, fri_config.rate_bits,
false, fri_config.blinding[i],
) )
}) })
.collect::<Vec<_>>(); .collect::<Vec<_>>();