Skip to content

Commit

Permalink
Lde/gemini interface (#187)
Browse files Browse the repository at this point in the history
* pcs updated to new paradigm; still many duplicate functions

* removing redundant functions, renaming etc

* some gemini cleanup

* general cleanup

* update gemini interface to take batched polys

* update gemini verifier to take batched commiitments

* general cleanup and comment correction

* send batched evaluation to gemini

* removing some types, evaluate a pos directly in prover, cleanup

* woops, missed commented out include
  • Loading branch information
ledwards2225 authored Feb 28, 2023
1 parent 5fe1763 commit f7d7dfa
Show file tree
Hide file tree
Showing 13 changed files with 589 additions and 1,228 deletions.
80 changes: 19 additions & 61 deletions barretenberg/cpp/src/aztec/honk/pcs/claim.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,21 @@
#include "polynomials/polynomial.hpp"

namespace honk::pcs {
/**
* @brief Opening pair (r,v) for some witness polynomial p(X) such that p(r) = v
*
* @tparam Params for the given commitment scheme
*/
template <typename Params> class OpeningPair {
using Fr = typename Params::Fr;

public:
Fr query; // r
Fr evaluation; // v = p(r)

bool operator==(const OpeningPair& other) const = default;
};

/**
* @brief Unverified claim (C,r,v) for some witness polynomial p(X) such that
* - C = Commit(p(X))
Expand All @@ -16,12 +31,10 @@ template <typename Params> class OpeningClaim {
using Fr = typename Params::Fr;

public:
// (query r, evaluation v = p(r))
OpeningPair<Params> opening_pair;
// commitment to univariate polynomial p(X)
Commitment commitment;
// query r
Fr opening_point;
// evaluation v = p(r)
Fr eval;

/**
* @brief inefficiently check that the claim is correct by recomputing the commitment
Expand All @@ -33,8 +46,8 @@ template <typename Params> class OpeningClaim {
*/
bool verify(CK* ck, const barretenberg::Polynomial<Fr>& polynomial) const
{
Fr real_eval = polynomial.evaluate(opening_point);
if (real_eval != eval) {
Fr real_eval = polynomial.evaluate(opening_pair.query);
if (real_eval != opening_pair.evaluation) {
return false;
}
// Note: real_commitment is a raw type, while commitment may be a linear combination.
Expand All @@ -49,61 +62,6 @@ template <typename Params> class OpeningClaim {
bool operator==(const OpeningClaim& other) const = default;
};

/**
* @brief A claim for multiple polynomials opened at various points.
*
* @details Each polynomial pⱼ(X) is opened at mⱼ points.
* This gives a triple (Cⱼ, {xʲ₁, …, xʲₘⱼ}, {yʲ₁, …, yʲₘⱼ}) for each j,
* where yʲᵢ = pⱼ(xʲᵢ).
* We refer to 'queries' the set of opening points Ωⱼ = {xʲ₁, …, xʲₘⱼ},
* and 'evals' is Yⱼ = {yʲ₁, …, yʲₘⱼ}.
*
* This structure groups all the triples by their common opening points sets.
* A 'SubClaim' is indexed by k, and is defined by Ωₖ = {xᵏ₁, …, xᵏₘₖ},
* and a vector of pairs [(Cⱼ, Yⱼ)]ⱼ for all j such that Ωₖ = Ωⱼ.
* We refer to the latter as an 'Opening' of a 'SubClaim'.
* For Shplonk, it is also necessary to include a vector 'all_queries' which we
* define as Ω = ⋃ₖ Ωₖ.
*
* @invariant the following conditions are assumed to hold when BatchOpeningClaim
* is consumed by functions:
* - Each opening query set 'queries' Ωₖ is unique among all 'SubClaims'
* - Each commitment Cⱼ belongs to a single 'SubClaim'
* - The set 'all_queries' Ω is exactly the union of all 'queries' Ωₖ,
* and does not contain additional elements.
* The order is not important.
* - All 'evals' vectors must follow the same order defined by Ωₖ.
*
* SubClaim is a pair (Ωₖ, [(Cⱼ, Yⱼ)]ⱼ) where
* - 'queries' = Ωₖ = {xᵏ₁, …, xᵏₘₖ}
* - 'openings' = [(Cⱼ, Yⱼ)]ⱼ is a vector of pairs
* - 'commitment' = Cⱼ = Commit(pⱼ(X)) for each j
* - 'evals' = Yⱼ = {yʲ₁, …, yʲₘₖ}, and yʲᵢ = pⱼ(xʲᵢ)
* and follows the same order as 'queries'
*
* @tparam Params for the given commitment scheme
*/
template <typename Params> class MultiOpeningClaim {
using Fr = typename Params::Fr;
using Commitment = typename Params::Commitment;

public:
struct Opening {
// Cⱼ = Commit(pⱼ(X)) for each j
Commitment commitment;
// Yⱼ = {yʲ₁, …, yʲₘₖ}
std::vector<Fr> evals;

bool operator==(const Opening& other) const = default;
};
// Ωₖ = {xᵏ₁, …, xᵏₘₖ}
std::vector<Fr> queries;
// [(Cⱼ, Yⱼ)]ⱼ
std::vector<Opening> openings;

bool operator==(const MultiOpeningClaim&) const = default;
};

/**
* @brief stores a claim of the form (C, v) for u=(u₀,…,uₘ₋₁)
* where C is a univariate commitment to a polynomial
Expand Down
94 changes: 39 additions & 55 deletions barretenberg/cpp/src/aztec/honk/pcs/commitment_key.test.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,17 @@ template <typename CK> inline std::shared_ptr<CK> CreateCommitmentKey()
return std::make_shared<CK>();
}

template <class VK> inline VK* CreateVerificationKey();
template <class VK> inline std::shared_ptr<VK> CreateVerificationKey();

template <> inline kzg::VerificationKey* CreateVerificationKey<kzg::VerificationKey>()
template <> inline std::shared_ptr<kzg::VerificationKey> CreateVerificationKey<kzg::VerificationKey>()
{
return new kzg::VerificationKey(kzg_srs_path);
return std::make_shared<kzg::VerificationKey>(kzg_srs_path);
}

template <typename VK> inline VK* CreateVerificationKey()
template <typename VK> inline std::shared_ptr<VK> CreateVerificationKey()
// requires std::default_initializable<VK>
{
return new VK();
return std::make_shared<VK>();
}

template <typename Params> class CommitmentTest : public ::testing::Test {
Expand All @@ -66,7 +66,7 @@ template <typename Params> class CommitmentTest : public ::testing::Test {
{}

std::shared_ptr<CK> ck() { return commitment_key; }
VK* vk() { return verification_key; }
std::shared_ptr<VK> vk() { return verification_key; }

Commitment commit(const Polynomial& polynomial) { return commitment_key->commit(polynomial); }

Expand All @@ -81,7 +81,7 @@ template <typename Params> class CommitmentTest : public ::testing::Test {

Fr random_element() { return Fr::random_element(engine); }

std::pair<Fr, Fr> random_eval(const Polynomial& polynomial)
OpeningPair<Params> random_eval(const Polynomial& polynomial)
{
Fr x{ random_element() };
Fr y{ polynomial.evaluate(x) };
Expand All @@ -90,10 +90,11 @@ template <typename Params> class CommitmentTest : public ::testing::Test {

std::pair<OpeningClaim<Params>, Polynomial> random_claim(const size_t n)
{
auto p = random_polynomial(n);
auto [x, y] = random_eval(p);
auto c = commit(p);
return { { c, x, y }, p };
auto polynomial = random_polynomial(n);
auto opening_pair = random_eval(polynomial);
auto commitment = commit(polynomial);
auto opening_claim = OpeningClaim<Params>{ opening_pair, commitment };
return { opening_claim, polynomial };
};

std::vector<Fr> random_evaluation_point(const size_t num_variables)
Expand All @@ -107,48 +108,19 @@ template <typename Params> class CommitmentTest : public ::testing::Test {

void verify_opening_claim(const OpeningClaim<Params>& claim, const Polynomial& witness)
{
auto& [c, x, y] = claim;
auto& commitment = claim.commitment;
auto& [x, y] = claim.opening_pair;
Fr y_expected = witness.evaluate(x);
EXPECT_EQ(y, y_expected) << "OpeningClaim: evaluations mismatch";
Commitment c_expected = commit(witness);
EXPECT_EQ(c, c_expected) << "OpeningClaim: commitment mismatch";
Commitment commitment_expected = commit(witness);
EXPECT_EQ(commitment, commitment_expected) << "OpeningClaim: commitment mismatch";
}

/**
* @brief Ensures that a 'BatchOpeningClaim' is correct by checking that
* - all evaluations are correct by recomputing them from each witness polynomial.
* - commitments are correct by recomputing a commitment from each witness polynomial.
* - each 'queries' is a subset of 'all_queries' and 'all_queries' is the union of all 'queries'
* - each 'commitment' of each 'SubClaim' appears only once.
*/
void verify_batch_opening_claim(std::span<const MultiOpeningClaim<Params>> multi_claims,
std::span<const Polynomial> witnesses)
void verify_opening_pair(const OpeningPair<Params>& opening_pair, const Polynomial& witness)
{
size_t idx = 0;

for (const auto& [queries, openings] : multi_claims) {
const size_t num_queries = queries.size();

for (const auto& [commitment, evals] : openings) {
// compare commitment against recomputed commitment from witness
Commitment commitment_expected = commit(witnesses[idx]);
EXPECT_EQ(commitment, commitment_expected)
<< "BatchOpeningClaim idx=" << idx << ": commitment mismatch";
EXPECT_EQ(evals.size(), num_queries)
<< "BatchOpeningClaim idx=" << idx << ": evaluation/query size mismatch";

// check evaluations for each point in queries
for (size_t i = 0; i < num_queries; ++i) {

// check evaluation
Fr eval_expected = witnesses[idx].evaluate(queries[i]);
EXPECT_EQ(evals[i], eval_expected)
<< "BatchOpeningClaim idx=" << idx << ": evaluation " << i << " mismatch";
}

++idx;
}
}
auto& [x, y] = opening_pair;
Fr y_expected = witness.evaluate(x);
EXPECT_EQ(y, y_expected) << "OpeningPair: evaluations mismatch";
}

/**
Expand All @@ -169,6 +141,21 @@ template <typename Params> class CommitmentTest : public ::testing::Test {
}
}

/**
* @brief Ensures that a set of opening pairs is correct by checking that evaluations are
* correct by recomputing them from each witness polynomial.
*/
void verify_batch_opening_pair(std::span<const OpeningPair<Params>> opening_pairs,
std::span<const Polynomial> witnesses)
{
const size_t num_pairs = opening_pairs.size();
ASSERT_EQ(witnesses.size(), num_pairs);

for (size_t j = 0; j < num_pairs; ++j) {
this->verify_opening_pair(opening_pairs[j], witnesses[j]);
}
}

numeric::random::Engine* engine;

// Per-test-suite set-up.
Expand All @@ -188,19 +175,16 @@ template <typename Params> class CommitmentTest : public ::testing::Test {
// Per-test-suite tear-down.
// Called after the last test in this test suite.
// Can be omitted if not needed.
static void TearDownTestSuite()
{
delete verification_key;
verification_key = nullptr;
}
static void TearDownTestSuite() {}

static typename std::shared_ptr<typename Params::CK> commitment_key;
static typename Params::VK* verification_key;
static typename std::shared_ptr<typename Params::VK> verification_key;
};

template <typename Params>
typename std::shared_ptr<typename Params::CK> CommitmentTest<Params>::commitment_key = nullptr;
template <typename Params> typename Params::VK* CommitmentTest<Params>::verification_key = nullptr;
template <typename Params>
typename std::shared_ptr<typename Params::VK> CommitmentTest<Params>::verification_key = nullptr;

using CommitmentSchemeParams = ::testing::Types<kzg::Params>;
// IMPROVEMENT: reinstate typed-tests for multiple field types, i.e.:
Expand Down
Loading

0 comments on commit f7d7dfa

Please sign in to comment.