Skip to content

Commit

Permalink
separate permutation fingerprint challenges to alpha and gamma
Browse files Browse the repository at this point in the history
  • Loading branch information
hero78119 committed Oct 12, 2023
1 parent 4ca6ea0 commit aad19bc
Show file tree
Hide file tree
Showing 3 changed files with 113 additions and 75 deletions.
111 changes: 65 additions & 46 deletions src/gadgets/lookup.rs
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ impl<G: Group> LookupTrace<G> {
mut cs: CS,
ro_const: ROConstantsCircuit<G2>,
prev_intermediate_gamma: &AllocatedNum<G::Scalar>,
gamma: &AllocatedNum<G::Scalar>,
challanges: &(AllocatedNum<G::Scalar>, AllocatedNum<G::Scalar>),
prev_R: &AllocatedNum<G::Scalar>,
prev_W: &AllocatedNum<G::Scalar>,
prev_rw_counter: &AllocatedNum<G::Scalar>,
Expand Down Expand Up @@ -189,7 +189,7 @@ impl<G: Group> LookupTrace<G> {
let (next_R, next_W, next_rw_counter) = self.rw_operation_circuit(
cs.namespace(|| format!("{}th read ", i)),
addr,
gamma,
challanges,
read_value,
read_value,
&prev_R,
Expand All @@ -213,7 +213,7 @@ impl<G: Group> LookupTrace<G> {
let (next_R, next_W, next_rw_counter) = self.rw_operation_circuit(
cs.namespace(|| format!("{}th write ", i)),
addr,
gamma,
challanges,
read_value,
write_value,
&prev_R,
Expand Down Expand Up @@ -245,8 +245,7 @@ impl<G: Group> LookupTrace<G> {
&mut self,
mut cs: CS,
addr: &AllocatedNum<F>,
// challenges: &(AllocatedNum<G::Base>, AllocatedNum<G::Base>),
gamma: &AllocatedNum<F>,
challenges: &(AllocatedNum<F>, AllocatedNum<F>),
read_value: &AllocatedNum<F>,
write_value: &AllocatedNum<F>,
prev_R: &AllocatedNum<F>,
Expand All @@ -257,27 +256,28 @@ impl<G: Group> LookupTrace<G> {
where
F: Ord,
{
let (alpha, gamma) = challenges;
// update R
let gamma_square = gamma.mul(cs.namespace(|| "gamme^2"), gamma)?;
// read_value_term = gamma * value
let read_value_term = gamma.mul(cs.namespace(|| "read_value_term"), read_value)?;
// counter_term = gamma^2 * counter
let read_counter_term = gamma_square.mul(cs.namespace(|| "read_counter_term"), read_counter)?;
// new_R = R * (gamma - (addr + gamma * value + gamma^2 * counter))
// new_R = R * (alpha - (addr + gamma * value + gamma^2 * counter))
let new_R = AllocatedNum::alloc(cs.namespace(|| "new_R"), || {
prev_R
.get_value()
.zip(gamma.get_value())
.zip(alpha.get_value())
.zip(addr.get_value())
.zip(read_value_term.get_value())
.zip(read_counter_term.get_value())
.map(|((((R, gamma), addr), value_term), counter_term)| {
R * (gamma - (addr + value_term + counter_term))
.map(|((((R, alpha), addr), value_term), counter_term)| {
R * (alpha - (addr + value_term + counter_term))
})
.ok_or(SynthesisError::AssignmentMissing)
})?;
let mut r_blc = LinearCombination::<F>::zero();
r_blc = r_blc + gamma.get_variable()
r_blc = r_blc + alpha.get_variable()
- addr.get_variable()
- read_value_term.get_variable()
- read_counter_term.get_variable();
Expand Down Expand Up @@ -324,21 +324,21 @@ impl<G: Group> LookupTrace<G> {
let new_W = AllocatedNum::alloc(cs.namespace(|| "new_W"), || {
prev_W
.get_value()
.zip(gamma.get_value())
.zip(alpha.get_value())
.zip(addr.get_value())
.zip(write_value_term.get_value())
.zip(write_counter_term.get_value())
.zip(gamma_square.get_value())
.map(
|(((((W, gamma), addr), value_term), write_counter_term), gamma_square)| {
W * (gamma - (addr + value_term + write_counter_term + gamma_square))
|(((((W, alpha), addr), value_term), write_counter_term), gamma_square)| {
W * (alpha - (addr + value_term + write_counter_term + gamma_square))
},
)
.ok_or(SynthesisError::AssignmentMissing)
})?;
// new_W = W * (gamma - (addr + gamma * value + gamma^2 * counter + gamma^2)))
// new_W = W * (alpha - (addr + gamma * value + gamma^2 * counter + gamma^2)))
let mut w_blc = LinearCombination::<F>::zero();
w_blc = w_blc + gamma.get_variable()
w_blc = w_blc + alpha.get_variable()
- addr.get_variable()
- write_value_term.get_variable()
- write_counter_term.get_variable()
Expand Down Expand Up @@ -471,7 +471,7 @@ impl<'a, G: Group> LookupTraceBuilder<'a, G> {
ck: &<<G as Group>::CE as CommitmentEngineTrait<G>>::CommitmentKey,
final_table: &Lookup<G::Scalar>,
intermediate_gamma: G::Scalar,
) -> G::Scalar
) -> (G::Scalar, G::Scalar)
where
G: Group<Base = <G2 as Group>::Scalar>,
G2: Group<Base = <G as Group>::Scalar>,
Expand All @@ -495,12 +495,19 @@ impl<'a, G: Group> LookupTraceBuilder<'a, G> {
|| G::CE::commit(ck, &final_counters),
);

let mut hasher = <G as Group>::RO::new(ro_consts, 7);
// gamma
let mut hasher = <G as Group>::RO::new(ro_consts.clone(), 7);
let intermediate_gamma: G2::Scalar = scalar_as_base::<G>(intermediate_gamma);
hasher.absorb(intermediate_gamma);
comm_final_value.absorb_in_ro(&mut hasher);
comm_final_counter.absorb_in_ro(&mut hasher);
hasher.squeeze(NUM_CHALLENGE_BITS)
let gamma = hasher.squeeze(NUM_CHALLENGE_BITS);

// alpha
let mut hasher = <G as Group>::RO::new(ro_consts, 1);
hasher.absorb(scalar_as_base::<G>(gamma));
let alpha = hasher.squeeze(NUM_CHALLENGE_BITS);
(alpha, gamma)
}
}

Expand Down Expand Up @@ -734,10 +741,17 @@ mod test {
];
let mut lookup = Lookup::<<G1 as Group>::Scalar>::new(1024, TableType::ReadOnly, initial_table);
let mut lookup_trace_builder = LookupTraceBuilder::<G1>::new(&mut lookup);
let gamma = AllocatedNum::alloc(cs.namespace(|| "gamma"), || {
Ok(<G1 as Group>::Scalar::from(2))
})
.unwrap();
let challenges = (
AllocatedNum::alloc(cs.namespace(|| "alpha"), || {
Ok(<G1 as Group>::Scalar::from(5))
})
.unwrap(),
AllocatedNum::alloc(cs.namespace(|| "gamma"), || {
Ok(<G1 as Group>::Scalar::from(7))
})
.unwrap(),
);
let (alpha, gamma) = &challenges;
let zero = alloc_zero(cs.namespace(|| "zero")).unwrap();
let one = alloc_one(cs.namespace(|| "one")).unwrap();
let prev_intermediate_gamma = &one;
Expand Down Expand Up @@ -774,7 +788,7 @@ mod test {
cs.namespace(|| "commit"),
ro_consts.clone(),
prev_intermediate_gamma,
&gamma,
&challenges,
prev_W,
prev_R,
prev_rw_counter,
Expand All @@ -789,25 +803,27 @@ mod test {
next_R.get_value(),
prev_R
.get_value()
.zip(alpha.get_value())
.zip(gamma.get_value())
.zip(addr.get_value())
.zip(read_value.get_value())
.map(|(((prev_R, gamma), addr), read_value)| prev_R
* (gamma - (addr + gamma * read_value + gamma * gamma * <G1 as Group>::Scalar::ZERO))
* (gamma - (addr + gamma * read_value + gamma * gamma * <G1 as Group>::Scalar::ONE)))
.map(|((((prev_R, alpha), gamma), addr), read_value)| prev_R
* (alpha - (addr + gamma * read_value + gamma * gamma * <G1 as Group>::Scalar::ZERO))
* (alpha - (addr + gamma * read_value + gamma * gamma * <G1 as Group>::Scalar::ONE)))
);
// next_W check
assert_eq!(
next_W.get_value(),
prev_W
.get_value()
.zip(alpha.get_value())
.zip(gamma.get_value())
.zip(addr.get_value())
.zip(read_value.get_value())
.map(|(((prev_W, gamma), addr), read_value)| {
.map(|((((prev_W, alpha), gamma), addr), read_value)| {
prev_W
* (gamma - (addr + gamma * read_value + gamma * gamma * (<G1 as Group>::Scalar::ONE)))
* (gamma
* (alpha - (addr + gamma * read_value + gamma * gamma * (<G1 as Group>::Scalar::ONE)))
* (alpha
- (addr + gamma * read_value + gamma * gamma * (<G1 as Group>::Scalar::from(2))))
}),
);
Expand All @@ -825,12 +841,6 @@ mod test {
scalar_as_base::<G2>(res),
next_intermediate_gamma.get_value().unwrap()
);
// TODO check rics is_sat
// let (_, _) = cs.r1cs_shape_with_commitmentkey();
// let (U1, W1) = cs.r1cs_instance_and_witness(&shape, &ck).unwrap();

// // Make sure that the first instance is satisfiable
// assert!(shape.is_sat(&ck, &U1, &W1).is_ok());
}

#[test]
Expand All @@ -849,10 +859,17 @@ mod test {
let mut lookup =
Lookup::<<G1 as Group>::Scalar>::new(1024, TableType::ReadWrite, initial_table);
let mut lookup_trace_builder = LookupTraceBuilder::<G1>::new(&mut lookup);
let gamma = AllocatedNum::alloc(cs.namespace(|| "gamma"), || {
Ok(<G1 as Group>::Scalar::from(2))
})
.unwrap();
let challenges = (
AllocatedNum::alloc(cs.namespace(|| "alpha"), || {
Ok(<G1 as Group>::Scalar::from(5))
})
.unwrap(),
AllocatedNum::alloc(cs.namespace(|| "gamma"), || {
Ok(<G1 as Group>::Scalar::from(7))
})
.unwrap(),
);
let (alpha, gamma) = &challenges;
let zero = alloc_zero(cs.namespace(|| "zero")).unwrap();
let one = alloc_one(cs.namespace(|| "one")).unwrap();
let prev_intermediate_gamma = &one;
Expand Down Expand Up @@ -890,7 +907,7 @@ mod test {
cs.namespace(|| "commit"),
ro_consts.clone(),
prev_intermediate_gamma,
&gamma,
&challenges,
prev_W,
prev_R,
prev_rw_counter,
Expand All @@ -905,28 +922,30 @@ mod test {
next_R.get_value(),
prev_R
.get_value()
.zip(alpha.get_value())
.zip(gamma.get_value())
.zip(addr.get_value())
.zip(read_value.get_value())
.map(|(((prev_R, gamma), addr), read_value)| prev_R
* (gamma
.map(|((((prev_R, alpha), gamma), addr), read_value)| prev_R
* (alpha
- (addr
+ gamma * <G1 as Group>::Scalar::ZERO
+ gamma * gamma * <G1 as Group>::Scalar::ZERO))
* (gamma - (addr + gamma * read_value + gamma * gamma * <G1 as Group>::Scalar::ONE)))
* (alpha - (addr + gamma * read_value + gamma * gamma * <G1 as Group>::Scalar::ONE)))
);
// next_W check
assert_eq!(
next_W.get_value(),
prev_W
.get_value()
.zip(alpha.get_value())
.zip(gamma.get_value())
.zip(addr.get_value())
.zip(read_value.get_value())
.map(|(((prev_W, gamma), addr), read_value)| {
.map(|((((prev_W, alpha), gamma), addr), read_value)| {
prev_W
* (gamma - (addr + gamma * read_value + gamma * gamma * (<G1 as Group>::Scalar::ONE)))
* (gamma
* (alpha - (addr + gamma * read_value + gamma * gamma * (<G1 as Group>::Scalar::ONE)))
* (alpha
- (addr + gamma * read_value + gamma * gamma * (<G1 as Group>::Scalar::from(2))))
}),
);
Expand Down
40 changes: 23 additions & 17 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1790,9 +1790,12 @@ mod tests {
<G1 as Group>::Scalar::from(0),
);

let (alpha, gamma) =
LookupTraceBuilder::<G1>::get_challenge::<G2>(ck, final_table, intermediate_gamma);
vec![
initial_intermediate_gamma,
LookupTraceBuilder::<G1>::get_challenge::<G2>(ck, final_table, intermediate_gamma),
alpha,
gamma,
init_prev_R,
init_prev_W,
init_rw_counter,
Expand All @@ -1809,7 +1812,7 @@ mod tests {
G2: Group<Base = <G1 as Group>::Scalar>,
{
fn arity(&self) -> usize {
6
7
}

fn synthesize<CS: ConstraintSystem<F>>(
Expand All @@ -1819,11 +1822,12 @@ mod tests {
) -> Result<Vec<AllocatedNum<F>>, SynthesisError> {
let mut lookup_trace = self.lookup_trace.clone();
let prev_intermediate_gamma = &z[0];
let gamma = &z[1];
let prev_R = &z[2];
let prev_W = &z[3];
let prev_rw_counter = &z[4];
let index = &z[5];
let alpha = &z[1];
let gamma = &z[2];
let prev_R = &z[3];
let prev_W = &z[4];
let prev_rw_counter = &z[5];
let index = &z[6];

let left_child_index = AllocatedNum::alloc(cs.namespace(|| "left_child_index"), || {
index
Expand Down Expand Up @@ -1921,7 +1925,7 @@ mod tests {
cs.namespace(|| "commit"),
self.ro_consts.clone(),
prev_intermediate_gamma,
gamma,
&(alpha.clone(), gamma.clone()),
prev_W,
prev_R,
prev_rw_counter,
Expand All @@ -1941,6 +1945,7 @@ mod tests {
);
Ok(vec![
next_intermediate_gamma,
alpha.clone(),
gamma.clone(),
next_R,
next_W,
Expand Down Expand Up @@ -2062,25 +2067,26 @@ mod tests {
assert!(res.is_ok());
let (zn_primary, _) = res.unwrap();

assert_eq!(<G1 as Group>::Scalar::from(1).neg(), zn_primary[5]);
assert_eq!(<G1 as Group>::Scalar::from(1).neg(), zn_primary[6]);

let number_of_iterated_nodes = (heap_size - 4) / 2 + 1;
assert_eq!(
<G1 as Group>::Scalar::from((number_of_iterated_nodes * 7) as u64),
zn_primary[4]
zn_primary[5]
); // rw counter = number_of_iterated_nodes * (3r + 4w) operations

assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_cons, 12598);
assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_vars, 12604);
assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_cons, 12599);
assert_eq!(pp.circuit_shape_primary.r1cs_shape.num_vars, 12607);
assert_eq!(pp.circuit_shape_secondary.r1cs_shape.num_cons, 10347);
assert_eq!(pp.circuit_shape_secondary.r1cs_shape.num_vars, 10329);

println!("zn_primary {:?}", zn_primary);

let intermediate_gamma = zn_primary[0];
let gamma = zn_primary[1];
let read_row = zn_primary[2];
let write_row = zn_primary[3];
let alpha = zn_primary[1];
let gamma = zn_primary[2];
let read_row = zn_primary[3];
let write_row = zn_primary[4];
assert_eq!(
expected_intermediate_gamma, intermediate_gamma,
"expected_intermediate_gamma != intermediate_gamma"
Expand All @@ -2093,15 +2099,15 @@ mod tests {
let snark_proof = LookupSNARK::<G1, EE>::prove(
&pp.ck_primary,
&pk,
gamma,
(alpha, gamma),
read_row,
write_row,
initial_table.get_table(),
final_table.get_table(),
)
.unwrap();

let res = snark_proof.verify::<G2>(&vk, expected_intermediate_gamma, gamma);
let res = snark_proof.verify::<G2>(&vk, expected_intermediate_gamma, (alpha, gamma));
let _ = res.clone().map_err(|err| println!("{:?}", err));
res.unwrap()
}
Expand Down
Loading

0 comments on commit aad19bc

Please sign in to comment.