Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: take the PCS out of Zeromorph and refactor tests #7078

Merged
merged 11 commits into from
Jun 21, 2024
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ BB_PROFILE static void test_round_inner(State& state, MegaProver& prover, size_t

DeciderProver_<MegaFlavor> decider_prover(prover.instance, prover.transcript);
time_if_index(RELATION_CHECK, [&] { decider_prover.execute_relation_check_rounds(); });
time_if_index(ZEROMORPH, [&] { decider_prover.execute_zeromorph_rounds(); });
time_if_index(ZEROMORPH, [&] { decider_prover.execute_pcs_rounds(); });
}
BB_PROFILE static void test_round(State& state, size_t index) noexcept
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,13 @@ template <class FF> inline std::vector<FF> powers_of_challenge(const FF challeng
/**
* @brief Prover for ZeroMorph multilinear PCS
*
* @tparam PCS - The univariate PCS used inside ZeroMorph as a building block
* @tparam Curve - The curve used for arithmetising ZeroMorph
*/
template <typename PCS> class ZeroMorphProver_ {
using Curve = typename PCS::Curve;
template <typename Curve> class ZeroMorphProver_ {
using FF = typename Curve::ScalarField;
using Commitment = typename Curve::AffineElement;
using Polynomial = bb::Polynomial<FF>;
using OpeningClaim = ProverOpeningClaim<Curve>;

// TODO(#742): Set this N_max to be the number of G1 elements in the mocked zeromorph SRS once it's in place.
// (Then, eventually, set it based on the real SRS). For now we set it to be larger then the Client IVC recursive
Expand Down Expand Up @@ -310,8 +310,8 @@ template <typename PCS> class ZeroMorphProver_ {
}

/**
* @brief Prove a set of multilinear evaluation claims for unshifted polynomials f_i and to-be-shifted
* polynomials g_i
* @brief Returns a univariate opening claim about a set of multilinear evaluation claims for unshifted polynomials
maramihali marked this conversation as resolved.
Show resolved Hide resolved
* f_i and to-be-shifted polynomials g_i to be subsequently proved with a univariate PCS
*
* @param f_polynomials Unshifted polynomials
* @param g_polynomials To-be-shifted polynomials (of which the shifts h_i were evaluated by sumcheck)
Expand All @@ -320,16 +320,16 @@ template <typename PCS> class ZeroMorphProver_ {
* @param commitment_key
* @param transcript
*/
static void prove(RefSpan<Polynomial> f_polynomials,
RefSpan<Polynomial> g_polynomials,
RefSpan<FF> f_evaluations,
RefSpan<FF> g_shift_evaluations,
std::span<FF> multilinear_challenge,
const std::shared_ptr<CommitmentKey<Curve>>& commitment_key,
const std::shared_ptr<NativeTranscript>& transcript,
RefSpan<Polynomial> concatenated_polynomials = {},
RefSpan<FF> concatenated_evaluations = {},
const std::vector<RefVector<Polynomial>>& concatenation_groups = {})
static OpeningClaim prove(RefSpan<Polynomial> f_polynomials,
RefSpan<Polynomial> g_polynomials,
maramihali marked this conversation as resolved.
Show resolved Hide resolved
RefSpan<FF> f_evaluations,
RefSpan<FF> g_shift_evaluations,
std::span<FF> multilinear_challenge,
const std::shared_ptr<CommitmentKey<Curve>>& commitment_key,
const std::shared_ptr<NativeTranscript>& transcript,
RefSpan<Polynomial> concatenated_polynomials = {},
RefSpan<FF> concatenated_evaluations = {},
const std::vector<RefVector<Polynomial>>& concatenation_groups = {})
{
// Generate batching challenge \rho and powers 1,...,\rho^{m-1}
const FF rho = transcript->template get_challenge<FF>("rho");
Expand Down Expand Up @@ -428,22 +428,20 @@ template <typename PCS> class ZeroMorphProver_ {

// Compute batched degree-check and ZM-identity quotient polynomial pi
auto pi_polynomial = compute_batched_evaluation_and_degree_check_polynomial(zeta_x, Z_x, z_challenge);
// Compute opening proof for x_challenge using the underlying univariate PCS
PCS::compute_opening_proof(
commitment_key, { .challenge = x_challenge, .evaluation = FF(0) }, pi_polynomial, transcript);

// Returns the claim used to generate an opening proof for the univariate polynomial at x_challenge
return { pi_polynomial, { .challenge = x_challenge, .evaluation = FF(0) } };
}
};

/**
* @brief Verifier for ZeroMorph multilinear PCS
*
* @tparam Curve
* @tparam Curve - The Curve used to arithmetise ZeroMorph
*/
template <typename PCS> class ZeroMorphVerifier_ {
using Curve = typename PCS::Curve;
template <typename Curve> class ZeroMorphVerifier_ {
using FF = typename Curve::ScalarField;
using Commitment = typename Curve::AffineElement;
using VerifierAccumulator = typename PCS::VerifierAccumulator;

public:
/**
Expand Down Expand Up @@ -625,7 +623,7 @@ template <typename PCS> class ZeroMorphVerifier_ {
}

/**
* @brief Compute the univariate opening claim used in the last step of Zeromorph to verify the univariate PCS
* @brief Compute the univariate opening claim used to verify the univariate PCS
* evaluation.
*
* @param unshifted_commitments
Expand Down Expand Up @@ -716,79 +714,34 @@ template <typename PCS> class ZeroMorphVerifier_ {
}

/**
* @brief Verify a set of multilinear evaluation claims for unshifted polynomials f_i and to-be-shifted
* polynomials g_i
*
* @param commitments Commitments to polynomials f_i and g_i (unshifted and to-be-shifted)
* @param claimed_evaluations Claimed evaluations v_i = f_i(u) and w_i = h_i(u) = g_i_shifted(u)
* @param multivariate_challenge Challenge point u
* @param transcript
* @return VerifierAccumulator Inputs to the final PCS verification check that will be accumulated
*/
static VerifierAccumulator verify(RefSpan<Commitment> unshifted_commitments,
RefSpan<Commitment> to_be_shifted_commitments,
RefSpan<FF> unshifted_evaluations,
RefSpan<FF> shifted_evaluations,
std::span<FF> multivariate_challenge,
auto& transcript,
const std::vector<RefVector<Commitment>>& concatenation_group_commitments = {},
RefSpan<FF> concatenated_evaluations = {})
{
Commitment first_g1;

if constexpr (Curve::is_stdlib_type) {
auto builder = multivariate_challenge[0].get_context();
first_g1 = Commitment::one(builder);
} else {
first_g1 = Commitment::one();
}
auto opening_claim = compute_univariate_evaluation_opening_claim(unshifted_commitments,
to_be_shifted_commitments,
unshifted_evaluations,
shifted_evaluations,
multivariate_challenge,
first_g1,
transcript,
concatenation_group_commitments,
concatenated_evaluations);
return PCS::reduce_verify(opening_claim, transcript);
}

/**
* @brief Verify a set of multilinear evaluation claims for unshifted polynomials f_i and to-be-shifted
* polynomials g_i.
*
* @details Identical purpose as the function above but used when the verification of the PCS evaluation protocol
* requires the verification key prior to the last step that is accumulated.
* @brief Return the univariate opening claim used to verify, in a subsequent PCS, a set of multilinear evaluation
* claims for unshifted polynomials f_i and to-be-shifted polynomials g_i
*
* @param commitments Commitments to polynomials f_i and g_i (unshifted and to-be-shifted)
* @param claimed_evaluations Claimed evaluations v_i = f_i(u) and w_i = h_i(u) = g_i_shifted(u)
* @param multivariate_challenge Challenge point u
* @param transcript
* @return VerifierAccumulator Inputs to the final PCS verification check that will be accumulated
*/
static VerifierAccumulator verify(RefSpan<Commitment> unshifted_commitments,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We used to have separate verify functions when the PCS is KZG or IPA which is not needed anymore

static OpeningClaim<Curve> verify(RefSpan<Commitment> unshifted_commitments,
maramihali marked this conversation as resolved.
Show resolved Hide resolved
RefSpan<Commitment> to_be_shifted_commitments,
RefSpan<FF> unshifted_evaluations,
RefSpan<FF> shifted_evaluations,
std::span<FF> multivariate_challenge,
const std::shared_ptr<VerifierCommitmentKey<Curve>>& vk,
Commitment first_g1,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: a Commitment is 512 bits, it could be passed with const ref

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

auto& transcript,
const std::vector<RefVector<Commitment>>& concatenation_group_commitments = {},
RefSpan<FF> concatenated_evaluations = {})
{
Commitment first_g1 = vk->get_first_g1();

auto opening_claim = compute_univariate_evaluation_opening_claim(unshifted_commitments,
to_be_shifted_commitments,
unshifted_evaluations,
shifted_evaluations,
multivariate_challenge,
first_g1,
transcript,
concatenation_group_commitments,
concatenated_evaluations);
return PCS::reduce_verify(vk, opening_claim, transcript);
return compute_univariate_evaluation_opening_claim(unshifted_commitments,
to_be_shifted_commitments,
unshifted_evaluations,
shifted_evaluations,
multivariate_challenge,
first_g1,
transcript,
concatenation_group_commitments,
concatenated_evaluations);
}
};

Expand Down
Loading
Loading