Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add PCS for multiple polynomials #8

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

Add PCS for multiple polynomials #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
a9f6476
batch-commit
chaosma Dec 9, 2024
93e5442
(wip) add batch_commit
chaosma Dec 11, 2024
b02ed3f
add util horizontal_stack
chaosma Dec 12, 2024
f73718a
add unit test; minor fixes
chaosma Dec 12, 2024
656bfd1
add comments
chaosma Dec 12, 2024
5478a47
rename commitment type
chaosma Dec 14, 2024
59bc2d3
wip
chaosma Dec 14, 2024
8792e97
continued
chaosma Dec 14, 2024
59bb65a
add util gen_rand
chaosma Dec 14, 2024
ed7b216
add validate_witnesses
chaosma Dec 14, 2024
1309776
batch verify (wip)
chaosma Dec 15, 2024
49ade78
modify parsed_commitment
chaosma Dec 15, 2024
b103403
simplify simple_batch_prove
chaosma Dec 16, 2024
7d83421
add batch-verify
chaosma Dec 16, 2024
6157e84
add unit test; debug wip
chaosma Dec 17, 2024
3021229
fix transcript setup
chaosma Dec 18, 2024
4fb4b2b
debugging
chaosma Dec 18, 2024
6bd396f
correct initial stir evaluation in prover
chaosma Dec 18, 2024
7f6ccb9
bug fixes; last remaining
chaosma Dec 18, 2024
84b4b5f
bug fixed
chaosma Dec 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ rayon = { version = "1.10.0", optional = true }

goldilocks = { git = "https://github.com/scroll-tech/ceno-Goldilocks" }
thiserror = "1"
itertools = { version = "0.13", default-features = false }

[profile.release]
debug = true
Expand Down
2 changes: 1 addition & 1 deletion src/bin/benchmark.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ fn run_whir<F, MerkleConfig>(

let num_coeffs = 1 << num_variables;

let mv_params = MultivariateParameters::<F>::new(num_variables);
let mv_params = MultivariateParameters::<F>::new(num_variables, 1);

let whir_params = WhirParameters::<MerkleConfig, PowStrategy> {
initial_statement: true,
Expand Down
4 changes: 2 additions & 2 deletions src/bin/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ fn run_whir_as_ldt<F, MerkleConfig>(

let num_coeffs = 1 << num_variables;

let mv_params = MultivariateParameters::<F>::new(num_variables);
let mv_params = MultivariateParameters::<F>::new(num_variables, 1);

let whir_params = WhirParameters::<MerkleConfig, PowStrategy> {
initial_statement: false,
Expand Down Expand Up @@ -337,7 +337,7 @@ fn run_whir_pcs<F, MerkleConfig>(

let num_coeffs = 1 << num_variables;

let mv_params = MultivariateParameters::<F>::new(num_variables);
let mv_params = MultivariateParameters::<F>::new(num_variables, 1);

let whir_params = WhirParameters::<MerkleConfig, PowStrategy> {
initial_statement: true,
Expand Down
24 changes: 13 additions & 11 deletions src/ceno_binding/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,31 +8,34 @@ use std::fmt::Debug;
pub enum Error {
#[error(transparent)]
ProofError(#[from] nimue::ProofError),
#[error("InvalidPcsParams")]
InvalidPcsParam,
}

pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
type Param: Clone;
type CommitmentWithData;
type CommitmentWithWitness;
type Proof: Clone + CanonicalSerialize + CanonicalDeserialize;
type Poly: Clone;
type Transcript;

fn setup(poly_size: usize) -> Self::Param;
fn setup(poly_size: usize, num_polys: usize) -> Self::Param;

fn commit_and_write(
pp: &Self::Param,
poly: &Self::Poly,
transcript: &mut Self::Transcript,
) -> Result<Self::CommitmentWithData, Error>;
) -> Result<Self::CommitmentWithWitness, Error>;

fn batch_commit(
fn batch_commit_and_write(
pp: &Self::Param,
polys: &[Self::Poly],
) -> Result<Self::CommitmentWithData, Error>;
transcript: &mut Self::Transcript,
) -> Result<Self::CommitmentWithWitness, Error>;

fn open(
pp: &Self::Param,
comm: Self::CommitmentWithData,
comm: Self::CommitmentWithWitness,
point: &[E],
eval: &E,
transcript: &mut Self::Transcript,
Expand All @@ -42,10 +45,9 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
/// 1. Open at one point
/// 2. All the polynomials share the same commitment.
/// 3. The point is already a random point generated by a sum-check.
fn batch_open(
fn simple_batch_open(
pp: &Self::Param,
polys: &[Self::Poly],
comm: Self::CommitmentWithData,
comm: Self::CommitmentWithWitness,
point: &[E],
evals: &[E],
transcript: &mut Self::Transcript,
Expand All @@ -59,11 +61,11 @@ pub trait PolynomialCommitmentScheme<E: FftField>: Clone {
transcript: &Self::Transcript,
) -> Result<(), Error>;

fn batch_verify(
fn simple_batch_verify(
vp: &Self::Param,
point: &[E],
evals: &[E],
proof: &Self::Proof,
transcript: &mut Self::Transcript,
transcript: &Self::Transcript,
) -> Result<(), Error>;
}
127 changes: 97 additions & 30 deletions src/ceno_binding/pcs.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use crate::parameters::{
};
use crate::poly_utils::{coeffs::CoefficientList, MultilinearPoint};
use crate::whir::{
committer::{Committer, Witness},
committer::{Committer, Witnesses},
iopattern::WhirIOPattern,
parameters::WhirConfig,
prover::Prover,
Expand Down Expand Up @@ -34,14 +34,14 @@ where
E: FftField + CanonicalSerialize + CanonicalDeserialize,
{
type Param = WhirPCSConfig<E>;
type CommitmentWithData = Witness<E, MerkleTreeParams<E>>;
type CommitmentWithWitness = Witnesses<E, MerkleTreeParams<E>>;
type Proof = WhirProof<MerkleTreeParams<E>, E>;
// TODO: support both base and extension fields
type Poly = CoefficientList<E::BasePrimeField>;
type Transcript = Merlin<DefaultHash>;

fn setup(poly_size: usize) -> Self::Param {
let mv_params = MultivariateParameters::<E>::new(poly_size);
fn setup(poly_size: usize, num_polys: usize) -> Self::Param {
let mv_params = MultivariateParameters::<E>::new(poly_size, num_polys);
let starting_rate = 1;
let pow_bits = default_max_pow(poly_size, starting_rate);
let mut rng = ChaCha8Rng::from_seed([0u8; 32]);
Expand All @@ -67,22 +67,41 @@ where
pp: &Self::Param,
poly: &Self::Poly,
transcript: &mut Self::Transcript,
) -> Result<Self::CommitmentWithData, Error> {
) -> Result<Self::CommitmentWithWitness, Error> {
let committer = Committer::new(pp.clone());
let witness = committer.commit(transcript, poly.clone())?;
Ok(witness)
Ok(witness.into())
}

fn batch_commit(
_pp: &Self::Param,
_polys: &[Self::Poly],
) -> Result<Self::CommitmentWithData, Error> {
todo!()
// Assumption:
// 1. there must be at least one polynomial
// 2. all polynomials are in base field
// (TODO: this assumption is from the whir implementation,
// if we are going to support extension field, need modify whir's implementation)
// 3. all polynomials must have the same number of variables
fn batch_commit_and_write(
pp: &Self::Param,
polys: &[Self::Poly],
transcript: &mut Self::Transcript,
) -> Result<Self::CommitmentWithWitness, Error> {
if polys.is_empty() {
return Err(Error::InvalidPcsParam);
}

for i in 1..polys.len() {
if polys[i].num_variables() != polys[0].num_variables() {
return Err(Error::InvalidPcsParam);
}
}

let committer = Committer::new(pp.clone());
let witness = committer.batch_commit(transcript, polys)?;
Ok(witness)
}

fn open(
pp: &Self::Param,
witness: Self::CommitmentWithData,
witness: Self::CommitmentWithWitness,
point: &[E],
eval: &E,
transcript: &mut Self::Transcript,
Expand All @@ -93,19 +112,21 @@ where
evaluations: vec![eval.clone()],
};

let proof = prover.prove(transcript, statement, witness)?;
let proof = prover.prove(transcript, statement, witness.into())?;
Ok(proof)
}

fn batch_open(
_pp: &Self::Param,
_polys: &[Self::Poly],
_comm: Self::CommitmentWithData,
_point: &[E],
_evals: &[E],
_transcript: &mut Self::Transcript,
fn simple_batch_open(
pp: &Self::Param,
witnesses: Self::CommitmentWithWitness,
point: &[E],
evals: &[E],
transcript: &mut Self::Transcript,
) -> Result<Self::Proof, Error> {
todo!()
assert_eq!(witnesses.polys.len(), evals.len());
let prover = Prover(pp.clone());
let proof = prover.simple_batch_prove(transcript, point, evals, witnesses)?;
Ok(proof)
}

fn verify(
Expand Down Expand Up @@ -134,14 +155,24 @@ where
Ok(())
}

fn batch_verify(
_vp: &Self::Param,
_point: &[E],
_evals: &[E],
_proof: &Self::Proof,
_transcript: &mut Self::Transcript,
fn simple_batch_verify(
vp: &Self::Param,
point: &[E],
evals: &[E],
proof: &Self::Proof,
transcript: &Self::Transcript,
) -> Result<(), Error> {
todo!()
let reps = 1000;
let verifier = Verifier::new(vp.clone());
let io = IOPattern::<DefaultHash>::new("🌪️")
.commit_statement(&vp)
.add_whir_proof(&vp);

for _ in 0..reps {
let mut arthur = io.to_arthur(transcript.transcript());
verifier.simple_batch_verify(&mut arthur, point, evals, proof)?;
}
Ok(())
}
}

Expand All @@ -154,10 +185,10 @@ mod tests {
use crate::crypto::fields::Field64_2 as F;

#[test]
fn single_point_verify() {
fn single_poly_verify() {
let poly_size = 10;
let num_coeffs = 1 << poly_size;
let pp = Whir::<F>::setup(poly_size);
let pp = Whir::<F>::setup(poly_size, 1);

let poly = CoefficientList::new(
(0..num_coeffs)
Expand All @@ -179,4 +210,40 @@ mod tests {
let proof = Whir::<F>::open(&pp, witness, &point, &eval, &mut merlin).unwrap();
Whir::<F>::verify(&pp, &point, &eval, &proof, &merlin).unwrap();
}

#[test]
fn simple_batch_polys_verify() {
let poly_size = 10;
let num_coeffs = 1 << poly_size;
let num_polys = 1 << 3;
let pp = Whir::<F>::setup(poly_size, num_polys);

let mut polys = Vec::new();
for _ in 0..num_polys {
let poly = CoefficientList::new(
(0..num_coeffs)
.map(<F as Field>::BasePrimeField::from)
.collect(),
);
polys.push(poly);
}

let io = IOPattern::<DefaultHash>::new("🌪️")
.commit_statement(&pp)
.add_whir_proof(&pp);
let mut merlin = io.to_merlin();

let witness = Whir::<F>::batch_commit_and_write(&pp, &polys, &mut merlin).unwrap();

let mut rng = rand::thread_rng();
let point: Vec<F> = (0..poly_size).map(|_| F::from(rng.gen::<u64>())).collect();
let evals = polys
.iter()
.map(|poly| poly.evaluate_at_extension(&MultilinearPoint(point.clone())))
.collect::<Vec<_>>();

let proof =
Whir::<F>::simple_batch_open(&pp, witness, &point, &evals, &mut merlin).unwrap();
Whir::<F>::simple_batch_verify(&pp, &point, &evals, &proof, &merlin).unwrap();
}
}
8 changes: 4 additions & 4 deletions src/fs_utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,18 @@ use ark_ff::Field;
use nimue::plugins::ark::FieldIOPattern;
use nimue_pow::PoWIOPattern;
pub trait OODIOPattern<F: Field> {
fn add_ood(self, num_samples: usize) -> Self;
fn add_ood(self, num_samples: usize, num_answers: usize) -> Self;
}

impl<F, IOPattern> OODIOPattern<F> for IOPattern
where
F: Field,
IOPattern: FieldIOPattern<F>,
{
fn add_ood(self, num_samples: usize) -> Self {
fn add_ood(self, num_samples: usize, num_answers: usize) -> Self {
if num_samples > 0 {
self.challenge_scalars(num_samples, "ood_query")
.add_scalars(num_samples, "ood_ans")
.add_scalars(num_answers, "ood_ans")
} else {
self
}
Expand All @@ -24,7 +24,7 @@ pub trait WhirPoWIOPattern {
fn pow(self, bits: f64) -> Self;
}

impl <IOPattern> WhirPoWIOPattern for IOPattern
impl<IOPattern> WhirPoWIOPattern for IOPattern
where
IOPattern: PoWIOPattern,
{
Expand Down
10 changes: 8 additions & 2 deletions src/parameters.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,21 +46,27 @@ impl FromStr for SoundnessType {
#[derive(Debug, Clone, Copy)]
pub struct MultivariateParameters<F> {
pub(crate) num_variables: usize,
pub(crate) num_polys: usize,
_field: PhantomData<F>,
}

impl<F> MultivariateParameters<F> {
pub fn new(num_variables: usize) -> Self {
pub fn new(num_variables: usize, num_polys: usize) -> Self {
Self {
num_variables,
num_polys,
_field: PhantomData,
}
}
}

impl<F> Display for MultivariateParameters<F> {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(f, "Number of variables: {}", self.num_variables)
write!(
f,
"Number of polynomials: {}, Number of variables: {}",
self.num_polys, self.num_variables
)
}
}

Expand Down
15 changes: 15 additions & 0 deletions src/poly_utils/coeffs.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,21 @@ impl<F> CoefficientList<F>
where
F: Field,
{
fn coeff_at(&self, index: usize) -> F {
self.coeffs[index]
}

pub fn combine(polys: Vec<Self>, coeffs: Vec<F>) -> Self {
let mut combined_coeffs = vec![F::ZERO; polys[0].coeffs.len()];
polys.iter().enumerate().for_each(|(poly_index, poly)| {
for i in 0..combined_coeffs.len() {
combined_coeffs[i] += poly.coeff_at(i) * coeffs[poly_index];
}
});

Self::new(combined_coeffs)
}

/// Evaluate the given polynomial at `point` from {0,1}^n
pub fn evaluate_hypercube(&self, point: BinaryHypercubePoint) -> F {
assert_eq!(self.coeffs.len(), 1 << self.num_variables);
Expand Down
Loading