Skip to content

Commit

Permalink
refactor: Refactor testing setup and remove dependencies in provider …
Browse files Browse the repository at this point in the history
…module

- Removal of the redundant `src/provider/util/fb_msm.rs` file which included functions for scalar multiplication
- Update of `kzg_commitment.rs` with the removal of `ff::PrimeFieldBits` dependency, transitional update of requirements, and improved method setups.
  • Loading branch information
huitseeker committed Jan 26, 2024
1 parent 4abe0b3 commit 70979e6
Show file tree
Hide file tree
Showing 9 changed files with 39 additions and 295 deletions.
2 changes: 1 addition & 1 deletion benches/pcs.rs
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ fn bench_pcs(c: &mut Criterion) {
bench_pcs_proving_internal,
bench_pcs_verifying_internal,
(ipa_assets, IPAEvaluationEngine<Bn256Engine>),
(mlkzg_assets, MLEvaluationEngine<Bn256, Bn256EngineKZG>),
(hyperkzg_assets, MLEvaluationEngine<Bn256, Bn256EngineKZG>),
(zm_assets, ZMPCS<Bn256, Bn256EngineZM>)
);
}
Expand Down
27 changes: 16 additions & 11 deletions src/provider/hyperkzg.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
//! This module implements Nova's evaluation engine using multilinear KZG
//! This module implements Nova's evaluation engine using `HyperKZG`, a KZG-based polynomial commitment for multilinear polynomials
//! HyperKZG is based on the transformation from univariate PCS to multilinear PCS in the Gemini paper (section 2.4.2 in https://eprint.iacr.org/2022/420.pdf).
//! However, there are some key differences:
//! (1) HyperKZG works with multilinear polynomials represented in evaluation form (rather than in coefficient form in Gemini's transformation).
//! This means that Spartan's polynomial IOP can use commit to its polynomials as-is without incurring any interpolations or FFTs.
//! (2) HyperKZG is specialized to use KZG as the univariate commitment scheme, so it includes several optimizations (both during the transformation of multilinear-to-univariate claims
//! and within the KZG commitment scheme implementation itself).
#![allow(non_snake_case)]
use crate::{
errors::NovaError,
Expand All @@ -17,7 +23,7 @@ use crate::{
zip_with,
};
use core::marker::PhantomData;
use ff::{Field, PrimeFieldBits};
use ff::Field;
use group::{Curve, Group as _};
use halo2curves::pairing::{Engine, MillerLoopResult, MultiMillerLoop};
use itertools::Itertools as _;
Expand Down Expand Up @@ -51,7 +57,7 @@ where
NE: NovaEngine<GE = E::G1, Scalar = E::Fr>,
E::G1: DlogGroup<PreprocessedGroupElement = E::G1Affine, Scalar = E::Fr>,
E::Fr: TranscriptReprTrait<E::G1>,
E::G1Affine: TranscriptReprTrait<E::G1>, // TODO: this bound on DlogGroup is really unusable!
E::G1Affine: TranscriptReprTrait<E::G1>,
{
fn compute_challenge(
com: &[E::G1Affine],
Expand Down Expand Up @@ -106,7 +112,6 @@ where
E::G2Affine: Serialize + DeserializeOwned,
E::G1: DlogGroup<PreprocessedGroupElement = E::G1Affine, Scalar = E::Fr>,
<E::G1 as Group>::Base: TranscriptReprTrait<E::G1>, // Note: due to the move of the bound TranscriptReprTrait<G> on G::Base from Group to Engine
E::Fr: PrimeFieldBits, // TODO due to use of gen_srs_for_testing, make optional
E::Fr: TranscriptReprTrait<E::G1>,
E::G1Affine: TranscriptReprTrait<E::G1>,
{
Expand Down Expand Up @@ -297,7 +302,7 @@ where
assert!(t == 3);
assert!(W.len() == 3);
// We write a special case for t=3, since this what is required for
// mlkzg. Following the paper directly, we must compute:
// hyperkzg. Following the paper directly, we must compute:
// let L0 = C_B - vk.G * B_u[0] + W[0] * u[0];
// let L1 = C_B - vk.G * B_u[1] + W[1] * u[1];
// let L2 = C_B - vk.G * B_u[2] + W[2] * u[2];
Expand Down Expand Up @@ -419,7 +424,7 @@ where
#[cfg(test)]
mod tests {
use super::*;
use crate::provider::util::test_utils::prove_verify_from_num_vars;
use crate::provider::test_utils::prove_verify_from_num_vars;
use crate::{
provider::keccak::Keccak256Transcript, traits::commitment::CommitmentTrait, CommitmentKey,
};
Expand All @@ -430,7 +435,7 @@ mod tests {
type Fr = <NE as NovaEngine>::Scalar;

#[test]
fn test_mlkzg_eval() {
fn test_hyperkzg_eval() {
// Test with poly(X1, X2) = 1 + X1 + X2 + X1*X2
let n = 4;
let ck: CommitmentKey<NE> =
Expand Down Expand Up @@ -467,7 +472,7 @@ mod tests {
}

#[test]
fn test_mlkzg_alternative() {
fn test_hyperkzg_alternative() {
fn test_inner(n: usize, poly: &[Fr], point: &[Fr], eval: Fr) -> Result<(), NovaError> {
let ck: CommitmentKey<NE> =
<KZGCommitmentEngine<E> as CommitmentEngineTrait<NE>>::setup(b"test", n);
Expand Down Expand Up @@ -515,7 +520,7 @@ mod tests {
}

#[test]
fn test_mlkzg() {
fn test_hyperkzg() {
let n = 4;

// poly = [1, 2, 1, 4]
Expand Down Expand Up @@ -584,8 +589,8 @@ mod tests {
}

#[test]
fn test_mlkzg_more() {
// test the mlkzg prover and verifier with random instances (derived from a seed)
fn test_hyperkzg_more() {
// test the hyperkzg prover and verifier with random instances (derived from a seed)
for num_vars in [4, 5, 6] {
prove_verify_from_num_vars::<_, EvaluationEngine<E, NE>>(num_vars);
}
Expand Down
2 changes: 1 addition & 1 deletion src/provider/ipa_pc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -411,7 +411,7 @@ where
#[cfg(test)]
mod test {
use crate::provider::ipa_pc::EvaluationEngine;
use crate::provider::util::test_utils::prove_verify_from_num_vars;
use crate::provider::test_utils::prove_verify_from_num_vars;
use crate::provider::GrumpkinEngine;

#[test]
Expand Down
2 changes: 0 additions & 2 deletions src/provider/kzg_commitment.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
use std::marker::PhantomData;

use ff::PrimeFieldBits;
use group::{prime::PrimeCurveAffine, Curve};
use halo2curves::pairing::Engine;
use rand::rngs::StdRng;
Expand Down Expand Up @@ -33,7 +32,6 @@ where
E::G1: DlogGroup<PreprocessedGroupElement = E::G1Affine, Scalar = E::Fr>,
E::G1Affine: Serialize + for<'de> Deserialize<'de>,
E::G2Affine: Serialize + for<'de> Deserialize<'de>,
E::Fr: PrimeFieldBits, // TODO due to use of gen_srs_for_testing, make optional
{
type CommitmentKey = UniversalKZGParam<E>;
type Commitment = Commitment<NE>;
Expand Down
3 changes: 2 additions & 1 deletion src/provider/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ pub(crate) mod traits;
// a non-hiding variant of {kzg, zeromorph}
pub(crate) mod kzg_commitment;
pub(crate) mod non_hiding_kzg;
pub(crate) mod util;
#[cfg(test)]
pub(crate) mod test_utils;

// crate-private modules
mod keccak;
Expand Down
39 changes: 17 additions & 22 deletions src/provider/non_hiding_kzg.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
//! Non-hiding variant of KZG10 scheme for univariate polynomials.
use ff::{Field, PrimeField, PrimeFieldBits};
use ff::Field;
use group::{prime::PrimeCurveAffine, Curve, Group as _};
use halo2curves::pairing::{Engine, MillerLoopResult, MultiMillerLoop};
use rand_core::{CryptoRng, RngCore};
Expand All @@ -9,7 +9,6 @@ use std::{borrow::Borrow, marker::PhantomData, ops::Mul};
use crate::{
errors::{NovaError, PCSError},
provider::traits::DlogGroup,
provider::util::fb_msm,
traits::{commitment::Len, Group, TranscriptReprTrait},
};

Expand Down Expand Up @@ -119,10 +118,7 @@ impl<E: Engine> UniversalKZGParam<E> {
}
}

impl<E: Engine> UniversalKZGParam<E>
where
E::Fr: PrimeFieldBits,
{
impl<E: Engine> UniversalKZGParam<E> {
/// Build SRS for testing.
/// WARNING: THIS FUNCTION IS FOR TESTING PURPOSE ONLY.
/// THE OUTPUT SRS SHOULD NOT BE USED IN PRODUCTION.
Expand All @@ -131,25 +127,24 @@ where
let g = E::G1::random(&mut rng);
let h = E::G2::random(rng);

let nz_powers_of_beta = (0..=max_degree)
.scan(beta, |acc, _| {
let val = *acc;
*acc *= beta;
Some(val)
})
.collect::<Vec<E::Fr>>();

let window_size = fb_msm::get_mul_window_size(max_degree);
let scalar_bits = E::Fr::NUM_BITS as usize;

let (powers_of_g_projective, powers_of_h_projective) = rayon::join(
|| {
let g_table = fb_msm::get_window_table(scalar_bits, window_size, g);
fb_msm::multi_scalar_mul::<E::G1>(scalar_bits, window_size, &g_table, &nz_powers_of_beta)
(0..=max_degree)
.scan(g, |acc, _| {
let val = *acc;
*acc *= beta;
Some(val)
})
.collect::<Vec<E::G1>>()
},
|| {
let h_table = fb_msm::get_window_table(scalar_bits, window_size, h);
fb_msm::multi_scalar_mul::<E::G2>(scalar_bits, window_size, &h_table, &nz_powers_of_beta)
(0..=max_degree)
.scan(h, |acc, _| {
let val = *acc;
*acc *= beta;
Some(val)
})
.collect::<Vec<E::G2>>()
},
);

Expand Down Expand Up @@ -306,6 +301,7 @@ where
mod tests {
use super::*;
use crate::spartan::polys::univariate::UniPoly;
use ff::PrimeField;
use rand::{thread_rng, Rng};
use rand_core::{CryptoRng, RngCore};

Expand All @@ -318,7 +314,6 @@ mod tests {
where
E: MultiMillerLoop,
E::G1: DlogGroup<PreprocessedGroupElement = E::G1Affine, Scalar = E::Fr>,
E::Fr: PrimeFieldBits,
{
for _ in 0..100 {
let mut rng = &mut thread_rng();
Expand Down
5 changes: 2 additions & 3 deletions src/provider/non_hiding_zeromorph.rs
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ use crate::{
},
Commitment,
};
use ff::{BatchInvert, Field, PrimeField, PrimeFieldBits};
use ff::{BatchInvert, Field, PrimeField};
use group::{Curve, Group as _};
use halo2curves::pairing::{Engine, MillerLoopResult, MultiMillerLoop};
use itertools::Itertools as _;
Expand Down Expand Up @@ -463,7 +463,6 @@ where
E::G1Affine: Serialize + DeserializeOwned,
E::G2Affine: Serialize + DeserializeOwned,
<E::G1 as Group>::Base: TranscriptReprTrait<E::G1>, // Note: due to the move of the bound TranscriptReprTrait<G> on G::Base from Group to Engine
E::Fr: PrimeFieldBits, // TODO due to use of gen_srs_for_testing, make optional
{
type ProverKey = ZMProverKey<E>;
type VerifierKey = ZMVerifierKey<E>;
Expand Down Expand Up @@ -529,8 +528,8 @@ mod test {
non_hiding_zeromorph::{
batched_lifted_degree_quotient, eval_and_quotient_scalars, trim, ZMEvaluation, ZMPCS,
},
test_utils::prove_verify_from_num_vars,
traits::DlogGroup,
util::test_utils::prove_verify_from_num_vars,
Bn256Engine, Bn256EngineZM,
},
spartan::polys::multilinear::MultilinearPolynomial,
Expand Down
130 changes: 0 additions & 130 deletions src/provider/util/fb_msm.rs

This file was deleted.

Loading

0 comments on commit 70979e6

Please sign in to comment.