Skip to content

Commit

Permalink
rollback sumcheck under ppsnark module to private
Browse files Browse the repository at this point in the history
  • Loading branch information
@hero78119
hero78119 committed Oct 9, 2023
1 parent caaf6a5 commit bf1f00a
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 83 deletions.
79 changes: 14 additions & 65 deletions src/spartan/lookupsnark.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ use crate::spartan::ppsnark::vec_to_arr;
use once_cell::sync::OnceCell;
use rayon::prelude::*;
use serde::{Deserialize, Serialize};
use std::ops::Deref;

use super::ppsnark::{IdentityPolynomial, ProductSumcheckInstance, SumcheckEngine};

Expand Down Expand Up @@ -84,55 +83,6 @@ impl<G: Group, EE: EvaluationEngineTrait<G>> VerifierKey<G, EE> {

impl<G: Group, EE: EvaluationEngineTrait<G>> SimpleDigestible for VerifierKey<G, EE> {}

/// MemoryOfflineSumcheckInstance
pub struct MemoryOfflineSumcheckInstance<G: Group>(ProductSumcheckInstance<G>);

impl<G: Group> Deref for MemoryOfflineSumcheckInstance<G> {
type Target = ProductSumcheckInstance<G>;

fn deref(&self) -> &Self::Target {
&self.0
}
}

impl<G: Group> MemoryOfflineSumcheckInstance<G> {
/// new a productsumcheck instance
pub fn new(
ck: &CommitmentKey<G>,
input_vec: Vec<Vec<G::Scalar>>, // list of input vectors
transcript: &mut G::TE,
) -> Result<Self, NovaError> {
let inner = ProductSumcheckInstance::new(ck, input_vec, transcript)?;
Ok(MemoryOfflineSumcheckInstance(inner))
}
}

impl<G: Group> SumcheckEngine<G> for MemoryOfflineSumcheckInstance<G> {
fn initial_claims(&self) -> Vec<G::Scalar> {
vec![G::Scalar::ZERO; 2]
}

fn degree(&self) -> usize {
self.0.degree()
}

fn size(&self) -> usize {
self.0.size()
}

fn evaluation_points(&self) -> Vec<Vec<G::Scalar>> {
self.0.evaluation_points()
}

fn bound(&mut self, r: &G::Scalar) {
self.0.bound(r)
}

fn final_claims(&self) -> Vec<Vec<G::Scalar>> {
self.0.final_claims()
}
}

#[allow(unused)]
/// LookupSNARK
pub struct LookupSNARK<G: Group, EE: EvaluationEngineTrait<G>> {
Expand Down Expand Up @@ -247,12 +197,11 @@ where
// add commitment into the challenge
transcript.absorb(b"e", &[comm_final_value, comm_final_counter].as_slice());

let mut memory_offline_sc_inst =
MemoryOfflineSumcheckInstance::<G>::new(ck, vec![initial_row, audit_row], &mut transcript)
.unwrap();
let mut product_sc_inst =
ProductSumcheckInstance::<G>::new(ck, vec![initial_row, audit_row], &mut transcript).unwrap();

// sanity check: claimed_prod_init_row * write_row - claimed_prod_audit_row * read_row = 0
let prod_claims = memory_offline_sc_inst.claims.clone();
let prod_claims = product_sc_inst.claims.clone();
let (claimed_prod_init_row, claimed_prod_audit_row) = (prod_claims[0], prod_claims[1]);
assert_eq!(claimed_prod_init_row * write_row - read_row * claimed_prod_audit_row, <G as Group>::Scalar::ZERO, "claimed_prod_init_row {:?} * write_row {:?} - claimed_prod_audit_row {:?} * read_row {:?} = {:?}",
claimed_prod_init_row,
Expand All @@ -263,7 +212,7 @@ where
);

// generate sumcheck proof
let initial_claims = memory_offline_sc_inst.initial_claims();
let initial_claims = product_sc_inst.initial_claims();
let num_claims = initial_claims.len();
let coeffs = {
let s = transcript.squeeze(b"r").unwrap();
Expand All @@ -282,11 +231,11 @@ where
let mut e = claim;
let mut r_sat: Vec<G::Scalar> = Vec::new();
let mut cubic_polys: Vec<CompressedUniPoly<G::Scalar>> = Vec::new();
let num_rounds = memory_offline_sc_inst.size().log_2();
let num_rounds = product_sc_inst.size().log_2();

for _i in 0..num_rounds {
let mut evals: Vec<Vec<G::Scalar>> = Vec::new();
evals.extend(memory_offline_sc_inst.evaluation_points());
evals.extend(product_sc_inst.evaluation_points());

let evals_combined_0 = (0..evals.len()).map(|i| evals[i][0] * coeffs[i]).sum();
let evals_combined_2 = (0..evals.len()).map(|i| evals[i][1] * coeffs[i]).sum();
Expand All @@ -307,12 +256,12 @@ where
let r_i = transcript.squeeze(b"c").unwrap();
r_sat.push(r_i);

memory_offline_sc_inst.bound(&r_i);
product_sc_inst.bound(&r_i);

e = poly.evaluate(&r_i);
cubic_polys.push(poly.compress());
}
let final_claims = memory_offline_sc_inst.final_claims();
let final_claims = product_sc_inst.final_claims();

let sc_sat = SumcheckProof::<G>::new(cubic_polys);

Expand Down Expand Up @@ -347,13 +296,13 @@ where
};
let r_prod = rand_ext[1..].to_vec();

let eval_input_vec = memory_offline_sc_inst
let eval_input_vec = product_sc_inst
.input_vec
.iter()
.map(|i| MultilinearPolynomial::evaluate_with(i, &r_prod))
.collect::<Vec<G::Scalar>>();

let eval_output2_vec = memory_offline_sc_inst
let eval_output2_vec = product_sc_inst
.output_vec
.iter()
.map(|o| MultilinearPolynomial::evaluate_with(o, &r_prod))
Expand All @@ -371,7 +320,7 @@ where
let powers_of_rho = {
let s = transcript.squeeze(b"r")?;
let mut s_vec = vec![s];
for i in 1..memory_offline_sc_inst.initial_claims().len() {
for i in 1..product_sc_inst.initial_claims().len() {
s_vec.push(s_vec[i - 1] * s);
}
s_vec
Expand All @@ -392,7 +341,7 @@ where
.map(|(e, p)| *e * p)
.sum();

let comm_output = memory_offline_sc_inst
let comm_output = product_sc_inst
.comm_output_vec
.iter()
.zip(powers_of_rho.iter())
Expand All @@ -410,7 +359,7 @@ where
p
};

let poly_output = weighted_sum(&memory_offline_sc_inst.output_vec, &powers_of_rho);
let poly_output = weighted_sum(&product_sc_inst.output_vec, &powers_of_rho);

let eval_output2: <G as Group>::Scalar = eval_output2_vec
.iter()
Expand Down Expand Up @@ -584,7 +533,7 @@ where
write_row,

comm_output_arr: vec_to_arr(
memory_offline_sc_inst
product_sc_inst
.comm_output_vec
.iter()
.map(|c| c.compress())
Expand Down
31 changes: 13 additions & 18 deletions src/spartan/ppsnark.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,8 +321,7 @@ pub trait SumcheckEngine<G: Group> {
fn final_claims(&self) -> Vec<Vec<G::Scalar>>;
}

/// ProductSumcheckInstance
pub struct ProductSumcheckInstance<G: Group> {
pub(crate) struct ProductSumcheckInstance<G: Group> {
pub(crate) claims: Vec<G::Scalar>, // claimed products
pub(crate) comm_output_vec: Vec<Commitment<G>>,

Expand All @@ -336,7 +335,6 @@ pub struct ProductSumcheckInstance<G: Group> {
}

impl<G: Group> ProductSumcheckInstance<G> {
/// new a productsumcheck instance
pub fn new(
ck: &CommitmentKey<G>,
input_vec: Vec<Vec<G::Scalar>>, // list of input vectors
Expand Down Expand Up @@ -448,7 +446,7 @@ impl<G: Group> ProductSumcheckInstance<G> {

impl<G: Group> SumcheckEngine<G> for ProductSumcheckInstance<G> {
fn initial_claims(&self) -> Vec<G::Scalar> {
vec![G::Scalar::ZERO; 8]
vec![G::Scalar::ZERO; self.claims.len()]
}

fn degree(&self) -> usize {
Expand Down Expand Up @@ -1021,7 +1019,6 @@ where
let comm_vec = vec![comm_Az, comm_Bz, comm_Cz];
let poly_vec = vec![&Az, &Bz, &Cz];
transcript.absorb(b"e", &eval_vec.as_slice()); // c_vec is already in the transcript
// note: c is used for RLC
let c = transcript.squeeze(b"c")?;
let w = PolyEvalWitness::batch(&poly_vec, &c);
let u = PolyEvalInstance::batch(&comm_vec, &tau, &eval_vec, &c);
Expand Down Expand Up @@ -1132,7 +1129,6 @@ where
&mut transcript,
)?;

// r_sat is the sumcheck challenge
let (sc_sat, r_sat, claims_mem, claims_outer, claims_inner) = Self::prove_inner(
&mut mem_sc_inst,
&mut outer_sc_inst,
Expand All @@ -1149,7 +1145,7 @@ where
let eval_right_vec = claims_mem[2].clone();
let eval_output_vec = claims_mem[3].clone();

// claims from the end of sum-check, i.e. final claims
// claims from the end of sum-check
let (eval_Az, eval_Bz): (G::Scalar, G::Scalar) = (claims_outer[0][1], claims_outer[0][2]);
let eval_Cz = MultilinearPolynomial::evaluate_with(&Cz, &r_sat);
let eval_E = MultilinearPolynomial::evaluate_with(&E, &r_sat);
Expand Down Expand Up @@ -1181,17 +1177,16 @@ where
r.extend(&[c]);
r
};
let r_prod = rand_ext[1..].to_vec();
let eval_input_vec = mem_sc_inst
.input_vec
.iter()
.map(|i| MultilinearPolynomial::evaluate_with(i, &r_prod))
.map(|i| MultilinearPolynomial::evaluate_with(i, &rand_ext[1..]))
.collect::<Vec<G::Scalar>>();

let eval_output2_vec = mem_sc_inst
.output_vec
.iter()
.map(|o| MultilinearPolynomial::evaluate_with(o, &r_prod))
.map(|o| MultilinearPolynomial::evaluate_with(o, &rand_ext[1..]))
.collect::<Vec<G::Scalar>>();

// add claimed evaluations to the transcript
Expand All @@ -1212,8 +1207,7 @@ where
s_vec
};

// take weighted sum (random linear combination) of input, output, and their commitments
// product is `initial claim`
// take weighted sum of input, output, and their commitments
let product = mem_sc_inst
.claims
.iter()
Expand Down Expand Up @@ -1282,16 +1276,17 @@ where
},
));

// eval_output2 = output(r_prod)
// eval_output2 = output(rand_ext[1..])
w_u_vec.push((
PolyEvalWitness { p: poly_output },
PolyEvalInstance {
c: comm_output,
x: r_prod.clone(),
x: rand_ext[1..].to_vec(),
e: eval_output2,
},
));

let r_prod = rand_ext[1..].to_vec();
// row-related and col-related claims of polynomial evaluations to aid the final check of the sum-check
let evals = [
&pk.S_repr.row,
Expand All @@ -1304,7 +1299,7 @@ where
&pk.S_repr.col_audit_ts,
]
.into_par_iter()
.map(|p| MultilinearPolynomial::evaluate_with(p, &r_prod.clone()))
.map(|p| MultilinearPolynomial::evaluate_with(p, &r_prod))
.collect::<Vec<G::Scalar>>();

let eval_row = evals[0];
Expand Down Expand Up @@ -1704,7 +1699,6 @@ where
r.extend(&[c]);
r
};
let r_prod = rand_ext[1..].to_vec();

// add claimed evaluations to the transcript
let evals = self
Expand Down Expand Up @@ -1771,13 +1765,14 @@ where
e: product,
});

// eval_output2 = output(r_prod)
// eval_output2 = output(rand_ext[1..])
u_vec.push(PolyEvalInstance {
c: comm_output,
x: r_prod.clone(),
x: rand_ext[1..].to_vec(),
e: eval_output2,
});

let r_prod = rand_ext[1..].to_vec();
// row-related and col-related claims of polynomial evaluations to aid the final check of the sum-check
// we can batch all the claims
transcript.absorb(
Expand Down

0 comments on commit bf1f00a

Please sign in to comment.