Skip to content

Commit

Permalink
Cg/pow zeta (#103)
Browse files Browse the repository at this point in the history
* Pow zeta in arithmetic relation
* Pow in init relation.
* Prover uses real powers of zeta.
* pow is temprarily a witness.
* Split out biggroup tests to save time.
* Hide more biggroup tests to save time.
* Include pow_zeta in grand product.
* Respond to Luke's review.

---------

Co-authored-by: codygunton <[email protected]>
  • Loading branch information
dbanks12 and codygunton authored Jan 30, 2023
1 parent c9554f0 commit 71bdb62
Show file tree
Hide file tree
Showing 18 changed files with 167 additions and 101 deletions.
16 changes: 15 additions & 1 deletion barretenberg/.circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,19 @@ jobs:
- *setup_env
- run:
name: "Test"
command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 stdlib_primitives_tests
command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 stdlib_primitives_tests --gtest_filter=-stdlib_biggroup*
- *save_logs

stdlib-biggroup-tests:
docker:
- image: aztecprotocol/alpine-build-image
resource_class: small
steps:
- *checkout
- *setup_env
- run:
name: "Test"
command: cond_spot_run_tests barretenberg-x86_64-linux-clang-assert 1 stdlib_primitives_tests --gtest_filter=stdlib_biggroup*
- *save_logs

stdlib-recursion-turbo-tests:
Expand Down Expand Up @@ -286,6 +298,7 @@ workflows:
- honk-tests: *bb_test
- barretenberg-tests: *bb_test
- stdlib-primitives-tests: *bb_test
- stdlib-biggroup-tests: *bb_test
- stdlib-recursion-turbo-tests: *bb_test
- stdlib-recursion-ultra-tests: *bb_test
- tx-rollup-tests: *bb_test
Expand All @@ -297,6 +310,7 @@ workflows:
requires:
- barretenberg-tests
- stdlib-primitives-tests
- stdlib-biggroup-tests
- stdlib-recursion-turbo-tests
- stdlib-recursion-ultra-tests
- tx-rollup-tests
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ template <size_t program_width_> class CircuitConstructorBase {

// Enum values spaced in increments of 30-bits (multiples of 2 ** 30).
// TODO(Adrian): This is unused, and this type of hard coded data should be avoided
// Cody: This is used by compute_wire_copy_cycles in Plonk.
// enum WireType { LEFT = 0U, RIGHT = (1U << 30U), OUTPUT = (1U << 31U), FOURTH = 0xc0000000 };

CircuitConstructorBase(std::vector<std::string> selector_names, size_t num_selectors = 0, size_t size_hint = 0)
Expand Down Expand Up @@ -197,7 +198,7 @@ template <size_t program_width_> class CircuitConstructorBase {
virtual void assert_equal(const uint32_t a_idx, const uint32_t b_idx, std::string const& msg = "assert_equal");

// TODO(Adrian): This method should belong in the ComposerHelper, where the number of reserved gates can be
// correctly set
// correctly set. Cody: I don't know, this method is about circuit construction, seems like it should be here.
size_t get_circuit_subgroup_size(const size_t num_gates) const
{
auto log2_n = static_cast<size_t>(numeric::get_msb(num_gates));
Expand Down Expand Up @@ -237,6 +238,7 @@ template <size_t program_width_> class CircuitConstructorBase {

} // namespace honk

// TODO(Cody): This may need updating, to deal with the new gate we used to ensure that non multivariate is zero?
/**
* Composer Example: Pythagorean triples.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -216,9 +216,6 @@ std::shared_ptr<waffle::proving_key> ComposerHelper<CircuitConstructor>::compute

compute_first_and_last_lagrange_polynomials(circuit_proving_key.get());

// TODO(Cody): this is a workaround
circuit_proving_key->polynomial_cache.put("z_perm_lagrange", Polynomial<barretenberg::fr>(1));

return circuit_proving_key;
}

Expand Down Expand Up @@ -251,6 +248,7 @@ std::shared_ptr<waffle::verification_key> ComposerHelper<CircuitConstructor>::co
*
* @return The verifier.
* */
// TODO(Cody): This should go away altogether.
template <typename CircuitConstructor>
StandardVerifier ComposerHelper<CircuitConstructor>::create_verifier(const CircuitConstructor& circuit_constructor)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
#include <utility>

namespace honk {
// TODO: change initializations to specify this parameter
// TODO(Kesha): change initializations to specify this parameter
// Cody: What does this mean?
template <typename CircuitConstructor> class ComposerHelper {
public:
static constexpr size_t NUM_RANDOMIZED_GATES = 2; // equal to the number of multilinear evaluations leaked
Expand Down Expand Up @@ -70,6 +71,7 @@ template <typename CircuitConstructor> class ComposerHelper {
StandardUnrolledProver create_unrolled_prover(const CircuitConstructor& circuit_constructor);

// TODO(Adrian): Seems error prone to provide the number of randomized gates
// Cody: Where should this go? In the flavor (or whatever that becomes)?
std::shared_ptr<waffle::proving_key> compute_proving_key_base(
const CircuitConstructor& circuit_constructor,
const size_t minimum_ciricut_size = 0,
Expand Down
14 changes: 12 additions & 2 deletions barretenberg/cpp/src/aztec/honk/proof_system/prover.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
#include <honk/sumcheck/sumcheck.hpp> // will need
#include <array>
#include <honk/sumcheck/polynomials/univariate.hpp> // will go away
#include <honk/utils/power_polynomial.hpp>
#include <honk/pcs/commitment_key.hpp>
#include <memory>
#include <vector>
Expand Down Expand Up @@ -56,7 +57,6 @@ Prover<settings>::Prover(std::shared_ptr<waffle::proving_key> input_key, const t
* */
template <typename settings> void Prover<settings>::compute_wire_commitments()
{
// TODO(luke): Compute wire commitments
for (size_t i = 0; i < settings::program_width; ++i) {
std::string wire_tag = "w_" + std::to_string(i + 1) + "_lagrange";
std::string commit_tag = "W_" + std::to_string(i + 1);
Expand Down Expand Up @@ -176,7 +176,7 @@ void Prover<settings>::compute_grand_product_polynomial(barretenberg::fr beta, b
aligned_free(denominator_accumulator[k]);
}

// TODO(luke): Commit to z_perm here? This would match Plonk but maybe best to do separately?
// Commit to z_perm here? This would match Plonk but maybe best to do separately?

key->polynomial_cache.put("z_perm_lagrange", std::move(z_perm));
}
Expand All @@ -194,6 +194,7 @@ void Prover<settings>::compute_grand_product_polynomial(barretenberg::fr beta, b
template <typename settings> void Prover<settings>::execute_preamble_round()
{
// Add some initial data to transcript (circuit size and PI size)

// queue.flush_queue(); // NOTE: Don't remove; we may reinstate the queue

transcript.add_element("circuit_size",
Expand Down Expand Up @@ -299,6 +300,15 @@ template <typename settings> void Prover<settings>::execute_relation_check_round
sumcheck::GrandProductInitializationRelation>;

// Compute alpha challenge
transcript.apply_fiat_shamir("zeta");

// TODO(Cody): This is just temporary of course. Very inefficient, e.g., no commitment needed.
Fr zeta_challenge = transcript.get_challenge_field_element("zeta");
barretenberg::polynomial pow_zeta = power_polynomial::generate_vector(zeta_challenge, key->n);
auto commitment = commitment_key->commit(pow_zeta);
transcript.add_element("POW_ZETA", commitment.to_buffer());
key->polynomial_cache.put("pow_zeta", std::move(pow_zeta));

transcript.apply_fiat_shamir("alpha");

auto multivariates = Multivariates(key);
Expand Down
1 change: 1 addition & 0 deletions barretenberg/cpp/src/aztec/honk/proof_system/verifier.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,7 @@ template <typename program_settings> bool Verifier<program_settings>::verify_pro
transcript.apply_fiat_shamir("init");
transcript.apply_fiat_shamir("eta");
transcript.apply_fiat_shamir("beta");
transcript.apply_fiat_shamir("zeta");
transcript.apply_fiat_shamir("alpha");
for (size_t idx = 0; idx < log_n; idx++) {
transcript.apply_fiat_shamir("u_" + std::to_string(log_n - idx));
Expand Down
6 changes: 5 additions & 1 deletion barretenberg/cpp/src/aztec/honk/proof_system/verifier.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,11 @@ template <typename program_settings> class Verifier {
Verifier& operator=(const Verifier& other) = delete;
Verifier& operator=(Verifier&& other);

// TODO: plonk_proof is just an std::vector<uint8_t>; probably shouldn't even exist
// TODO(luke): plonk_proof is just an std::vector<uint8_t>; probably shouldn't even exist
// Cody: Idk, what's wrong with an informative alias?
// An improvement would be to template by flavor and then have proof contain even more info,
// so it's easy to extract particular elements without looking at the manifest and counting
// numbers of bytes, for instance.
bool verify_proof(const waffle::plonk_proof& proof);
transcript::Manifest manifest;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ namespace honk::sumcheck {
template <typename FF> class ArithmeticRelation : public Relation<FF> {
public:
// 1 + polynomial degree of this relation
static constexpr size_t RELATION_LENGTH = 4;
static constexpr size_t RELATION_LENGTH = 5;
using MULTIVARIATE = StandardHonk::MULTIVARIATE; // could just get from StandardArithmetization

// FUTURE OPTIMIZATION: successively extend as needed?
Expand Down Expand Up @@ -66,11 +66,14 @@ template <typename FF> class ArithmeticRelation : public Relation<FF> {
auto q_r = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::Q_R]);
auto q_o = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::Q_O]);
auto q_c = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::Q_C]);
auto pow_zeta = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::POW_ZETA]);

evals += w_l * (q_m * w_r + q_l);
evals += q_r * w_r;
evals += q_o * w_o;
evals += q_c;
auto tmp = w_l * (q_m * w_r + q_l);
tmp += q_r * w_r;
tmp += q_o * w_o;
tmp += q_c;
tmp *= pow_zeta;
evals += tmp;
};

template <typename T>
Expand All @@ -84,11 +87,13 @@ template <typename FF> class ArithmeticRelation : public Relation<FF> {
auto q_r = purported_evaluations[MULTIVARIATE::Q_R];
auto q_o = purported_evaluations[MULTIVARIATE::Q_O];
auto q_c = purported_evaluations[MULTIVARIATE::Q_C];
auto pow_zeta = purported_evaluations[MULTIVARIATE::POW_ZETA];

full_honk_relation_value += w_l * (q_m * w_r + q_l);
full_honk_relation_value += q_r * w_r;
full_honk_relation_value += q_o * w_o;
full_honk_relation_value += q_c;
full_honk_relation_value *= pow_zeta;
};
};
} // namespace honk::sumcheck
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ namespace honk::sumcheck {
template <typename FF> class GrandProductComputationRelation : public Relation<FF> {
public:
// 1 + polynomial degree of this relation
static constexpr size_t RELATION_LENGTH = 5;
static constexpr size_t RELATION_LENGTH = 6;
using MULTIVARIATE = StandardHonk::MULTIVARIATE;

public:
Expand Down Expand Up @@ -73,12 +73,13 @@ template <typename FF> class GrandProductComputationRelation : public Relation<F
auto z_perm_shift = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::Z_PERM_SHIFT]);
auto lagrange_first = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::LAGRANGE_FIRST]);
auto lagrange_last = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::LAGRANGE_LAST]);
auto pow_zeta = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::POW_ZETA]);

// Contribution (1)
evals += ((z_perm + lagrange_first) * (w_1 + id_1 * beta + gamma) * (w_2 + id_2 * beta + gamma) *
(w_3 + id_3 * beta + gamma)) -
((z_perm_shift + lagrange_last * public_input_delta) * (w_1 + sigma_1 * beta + gamma) *
(w_2 + sigma_2 * beta + gamma) * (w_3 + sigma_3 * beta + gamma));
evals += pow_zeta * (((z_perm + lagrange_first) * (w_1 + id_1 * beta + gamma) * (w_2 + id_2 * beta + gamma) *
(w_3 + id_3 * beta + gamma)) -
((z_perm_shift + lagrange_last * public_input_delta) * (w_1 + sigma_1 * beta + gamma) *
(w_2 + sigma_2 * beta + gamma) * (w_3 + sigma_3 * beta + gamma)));
};

void add_full_relation_value_contribution(auto& purported_evaluations,
Expand All @@ -98,16 +99,18 @@ template <typename FF> class GrandProductComputationRelation : public Relation<F
auto z_perm_shift = purported_evaluations[MULTIVARIATE::Z_PERM_SHIFT];
auto lagrange_first = purported_evaluations[MULTIVARIATE::LAGRANGE_FIRST];
auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST];
auto pow_zeta = purported_evaluations[MULTIVARIATE::POW_ZETA];

// Contribution (1)
full_honk_relation_value += (z_perm + lagrange_first) *
(w_1 + relation_parameters.beta * id_1 + relation_parameters.gamma) *
(w_2 + relation_parameters.beta * id_2 + relation_parameters.gamma) *
(w_3 + relation_parameters.beta * id_3 + relation_parameters.gamma) -
(z_perm_shift + lagrange_last * relation_parameters.public_input_delta) *
(w_1 + relation_parameters.beta * sigma_1 + relation_parameters.gamma) *
(w_2 + relation_parameters.beta * sigma_2 + relation_parameters.gamma) *
(w_3 + relation_parameters.beta * sigma_3 + relation_parameters.gamma);
full_honk_relation_value +=
pow_zeta *
((z_perm + lagrange_first) * (w_1 + relation_parameters.beta * id_1 + relation_parameters.gamma) *
(w_2 + relation_parameters.beta * id_2 + relation_parameters.gamma) *
(w_3 + relation_parameters.beta * id_3 + relation_parameters.gamma) -
(z_perm_shift + lagrange_last * relation_parameters.public_input_delta) *
(w_1 + relation_parameters.beta * sigma_1 + relation_parameters.gamma) *
(w_2 + relation_parameters.beta * sigma_2 + relation_parameters.gamma) *
(w_3 + relation_parameters.beta * sigma_3 + relation_parameters.gamma));
};
};
} // namespace honk::sumcheck
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ namespace honk::sumcheck {
template <typename FF> class GrandProductInitializationRelation : public Relation<FF> {
public:
// 1 + polynomial degree of this relation
static constexpr size_t RELATION_LENGTH = 3;
static constexpr size_t RELATION_LENGTH = 4;
using MULTIVARIATE = StandardHonk::MULTIVARIATE; // could just get from StandardArithmetization

GrandProductInitializationRelation() = default;
Expand Down Expand Up @@ -42,8 +42,9 @@ template <typename FF> class GrandProductInitializationRelation : public Relatio
{
auto z_perm_shift = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::Z_PERM_SHIFT]);
auto lagrange_last = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::LAGRANGE_LAST]);
auto pow_zeta = UnivariateView<FF, RELATION_LENGTH>(extended_edges[MULTIVARIATE::POW_ZETA]);

evals += lagrange_last * z_perm_shift;
evals += pow_zeta * (lagrange_last * z_perm_shift);
}
/**
* @brief A version of `add_edge_contribution` used for testing the relation
Expand All @@ -65,8 +66,9 @@ template <typename FF> class GrandProductInitializationRelation : public Relatio
{
auto z_perm_shift = purported_evaluations[MULTIVARIATE::Z_PERM_SHIFT];
auto lagrange_last = purported_evaluations[MULTIVARIATE::LAGRANGE_LAST];
auto pow_zeta = purported_evaluations[MULTIVARIATE::POW_ZETA];

full_honk_relation_value += lagrange_last * z_perm_shift;
full_honk_relation_value += pow_zeta * (lagrange_last * z_perm_shift);
};
};
} // namespace honk::sumcheck
Loading

0 comments on commit 71bdb62

Please sign in to comment.