From bf1f00a7899850475a12a16b8c502457ecd09824 Mon Sep 17 00:00:00 2001 From: "sm.wu" Date: Mon, 9 Oct 2023 17:01:40 +0800 Subject: [PATCH] rollback sumcheck under ppsnark module to private --- src/spartan/lookupsnark.rs | 79 +++++++------------------------------- src/spartan/ppsnark.rs | 31 +++++++-------- 2 files changed, 27 insertions(+), 83 deletions(-) diff --git a/src/spartan/lookupsnark.rs b/src/spartan/lookupsnark.rs index 704284bb9..d4f3739dc 100644 --- a/src/spartan/lookupsnark.rs +++ b/src/spartan/lookupsnark.rs @@ -31,7 +31,6 @@ use crate::spartan::ppsnark::vec_to_arr; use once_cell::sync::OnceCell; use rayon::prelude::*; use serde::{Deserialize, Serialize}; -use std::ops::Deref; use super::ppsnark::{IdentityPolynomial, ProductSumcheckInstance, SumcheckEngine}; @@ -84,55 +83,6 @@ impl> VerifierKey { impl> SimpleDigestible for VerifierKey {} -/// MemoryOfflineSumcheckInstance -pub struct MemoryOfflineSumcheckInstance(ProductSumcheckInstance); - -impl Deref for MemoryOfflineSumcheckInstance { - type Target = ProductSumcheckInstance; - - fn deref(&self) -> &Self::Target { - &self.0 - } -} - -impl MemoryOfflineSumcheckInstance { - /// new a productsumcheck instance - pub fn new( - ck: &CommitmentKey, - input_vec: Vec>, // list of input vectors - transcript: &mut G::TE, - ) -> Result { - let inner = ProductSumcheckInstance::new(ck, input_vec, transcript)?; - Ok(MemoryOfflineSumcheckInstance(inner)) - } -} - -impl SumcheckEngine for MemoryOfflineSumcheckInstance { - fn initial_claims(&self) -> Vec { - vec![G::Scalar::ZERO; 2] - } - - fn degree(&self) -> usize { - self.0.degree() - } - - fn size(&self) -> usize { - self.0.size() - } - - fn evaluation_points(&self) -> Vec> { - self.0.evaluation_points() - } - - fn bound(&mut self, r: &G::Scalar) { - self.0.bound(r) - } - - fn final_claims(&self) -> Vec> { - self.0.final_claims() - } -} - #[allow(unused)] /// LookupSNARK pub struct LookupSNARK> { @@ -247,12 +197,11 @@ where // add commitment into the challenge transcript.absorb(b"e", &[comm_final_value, comm_final_counter].as_slice()); - let mut memory_offline_sc_inst = - MemoryOfflineSumcheckInstance::::new(ck, vec![initial_row, audit_row], &mut transcript) - .unwrap(); + let mut product_sc_inst = + ProductSumcheckInstance::::new(ck, vec![initial_row, audit_row], &mut transcript).unwrap(); // sanity check: claimed_prod_init_row * write_row - claimed_prod_audit_row * read_row = 0 - let prod_claims = memory_offline_sc_inst.claims.clone(); + let prod_claims = product_sc_inst.claims.clone(); let (claimed_prod_init_row, claimed_prod_audit_row) = (prod_claims[0], prod_claims[1]); assert_eq!(claimed_prod_init_row * write_row - read_row * claimed_prod_audit_row, ::Scalar::ZERO, "claimed_prod_init_row {:?} * write_row {:?} - claimed_prod_audit_row {:?} * read_row {:?} = {:?}", claimed_prod_init_row, @@ -263,7 +212,7 @@ where ); // generate sumcheck proof - let initial_claims = memory_offline_sc_inst.initial_claims(); + let initial_claims = product_sc_inst.initial_claims(); let num_claims = initial_claims.len(); let coeffs = { let s = transcript.squeeze(b"r").unwrap(); @@ -282,11 +231,11 @@ where let mut e = claim; let mut r_sat: Vec = Vec::new(); let mut cubic_polys: Vec> = Vec::new(); - let num_rounds = memory_offline_sc_inst.size().log_2(); + let num_rounds = product_sc_inst.size().log_2(); for _i in 0..num_rounds { let mut evals: Vec> = Vec::new(); - evals.extend(memory_offline_sc_inst.evaluation_points()); + evals.extend(product_sc_inst.evaluation_points()); let evals_combined_0 = (0..evals.len()).map(|i| evals[i][0] * coeffs[i]).sum(); let evals_combined_2 = (0..evals.len()).map(|i| evals[i][1] * coeffs[i]).sum(); @@ -307,12 +256,12 @@ where let r_i = transcript.squeeze(b"c").unwrap(); r_sat.push(r_i); - memory_offline_sc_inst.bound(&r_i); + product_sc_inst.bound(&r_i); e = poly.evaluate(&r_i); cubic_polys.push(poly.compress()); } - let final_claims = memory_offline_sc_inst.final_claims(); + let final_claims = product_sc_inst.final_claims(); let sc_sat = SumcheckProof::::new(cubic_polys); @@ -347,13 +296,13 @@ where }; let r_prod = rand_ext[1..].to_vec(); - let eval_input_vec = memory_offline_sc_inst + let eval_input_vec = product_sc_inst .input_vec .iter() .map(|i| MultilinearPolynomial::evaluate_with(i, &r_prod)) .collect::>(); - let eval_output2_vec = memory_offline_sc_inst + let eval_output2_vec = product_sc_inst .output_vec .iter() .map(|o| MultilinearPolynomial::evaluate_with(o, &r_prod)) @@ -371,7 +320,7 @@ where let powers_of_rho = { let s = transcript.squeeze(b"r")?; let mut s_vec = vec![s]; - for i in 1..memory_offline_sc_inst.initial_claims().len() { + for i in 1..product_sc_inst.initial_claims().len() { s_vec.push(s_vec[i - 1] * s); } s_vec @@ -392,7 +341,7 @@ where .map(|(e, p)| *e * p) .sum(); - let comm_output = memory_offline_sc_inst + let comm_output = product_sc_inst .comm_output_vec .iter() .zip(powers_of_rho.iter()) @@ -410,7 +359,7 @@ where p }; - let poly_output = weighted_sum(&memory_offline_sc_inst.output_vec, &powers_of_rho); + let poly_output = weighted_sum(&product_sc_inst.output_vec, &powers_of_rho); let eval_output2: ::Scalar = eval_output2_vec .iter() @@ -584,7 +533,7 @@ where write_row, comm_output_arr: vec_to_arr( - memory_offline_sc_inst + product_sc_inst .comm_output_vec .iter() .map(|c| c.compress()) diff --git a/src/spartan/ppsnark.rs b/src/spartan/ppsnark.rs index cb1e9c8a5..d9ea2a14f 100644 --- a/src/spartan/ppsnark.rs +++ b/src/spartan/ppsnark.rs @@ -321,8 +321,7 @@ pub trait SumcheckEngine { fn final_claims(&self) -> Vec>; } -/// ProductSumcheckInstance -pub struct ProductSumcheckInstance { +pub(crate) struct ProductSumcheckInstance { pub(crate) claims: Vec, // claimed products pub(crate) comm_output_vec: Vec>, @@ -336,7 +335,6 @@ pub struct ProductSumcheckInstance { } impl ProductSumcheckInstance { - /// new a productsumcheck instance pub fn new( ck: &CommitmentKey, input_vec: Vec>, // list of input vectors @@ -448,7 +446,7 @@ impl ProductSumcheckInstance { impl SumcheckEngine for ProductSumcheckInstance { fn initial_claims(&self) -> Vec { - vec![G::Scalar::ZERO; 8] + vec![G::Scalar::ZERO; self.claims.len()] } fn degree(&self) -> usize { @@ -1021,7 +1019,6 @@ where let comm_vec = vec![comm_Az, comm_Bz, comm_Cz]; let poly_vec = vec![&Az, &Bz, &Cz]; transcript.absorb(b"e", &eval_vec.as_slice()); // c_vec is already in the transcript - // note: c is used for RLC let c = transcript.squeeze(b"c")?; let w = PolyEvalWitness::batch(&poly_vec, &c); let u = PolyEvalInstance::batch(&comm_vec, &tau, &eval_vec, &c); @@ -1132,7 +1129,6 @@ where &mut transcript, )?; - // r_sat is the sumcheck challenge let (sc_sat, r_sat, claims_mem, claims_outer, claims_inner) = Self::prove_inner( &mut mem_sc_inst, &mut outer_sc_inst, @@ -1149,7 +1145,7 @@ where let eval_right_vec = claims_mem[2].clone(); let eval_output_vec = claims_mem[3].clone(); - // claims from the end of sum-check, i.e. final claims + // claims from the end of sum-check let (eval_Az, eval_Bz): (G::Scalar, G::Scalar) = (claims_outer[0][1], claims_outer[0][2]); let eval_Cz = MultilinearPolynomial::evaluate_with(&Cz, &r_sat); let eval_E = MultilinearPolynomial::evaluate_with(&E, &r_sat); @@ -1181,17 +1177,16 @@ where r.extend(&[c]); r }; - let r_prod = rand_ext[1..].to_vec(); let eval_input_vec = mem_sc_inst .input_vec .iter() - .map(|i| MultilinearPolynomial::evaluate_with(i, &r_prod)) + .map(|i| MultilinearPolynomial::evaluate_with(i, &rand_ext[1..])) .collect::>(); let eval_output2_vec = mem_sc_inst .output_vec .iter() - .map(|o| MultilinearPolynomial::evaluate_with(o, &r_prod)) + .map(|o| MultilinearPolynomial::evaluate_with(o, &rand_ext[1..])) .collect::>(); // add claimed evaluations to the transcript @@ -1212,8 +1207,7 @@ where s_vec }; - // take weighted sum (random linear combination) of input, output, and their commitments - // product is `initial claim` + // take weighted sum of input, output, and their commitments let product = mem_sc_inst .claims .iter() @@ -1282,16 +1276,17 @@ where }, )); - // eval_output2 = output(r_prod) + // eval_output2 = output(rand_ext[1..]) w_u_vec.push(( PolyEvalWitness { p: poly_output }, PolyEvalInstance { c: comm_output, - x: r_prod.clone(), + x: rand_ext[1..].to_vec(), e: eval_output2, }, )); + let r_prod = rand_ext[1..].to_vec(); // row-related and col-related claims of polynomial evaluations to aid the final check of the sum-check let evals = [ &pk.S_repr.row, @@ -1304,7 +1299,7 @@ where &pk.S_repr.col_audit_ts, ] .into_par_iter() - .map(|p| MultilinearPolynomial::evaluate_with(p, &r_prod.clone())) + .map(|p| MultilinearPolynomial::evaluate_with(p, &r_prod)) .collect::>(); let eval_row = evals[0]; @@ -1704,7 +1699,6 @@ where r.extend(&[c]); r }; - let r_prod = rand_ext[1..].to_vec(); // add claimed evaluations to the transcript let evals = self @@ -1771,13 +1765,14 @@ where e: product, }); - // eval_output2 = output(r_prod) + // eval_output2 = output(rand_ext[1..]) u_vec.push(PolyEvalInstance { c: comm_output, - x: r_prod.clone(), + x: rand_ext[1..].to_vec(), e: eval_output2, }); + let r_prod = rand_ext[1..].to_vec(); // row-related and col-related claims of polynomial evaluations to aid the final check of the sum-check // we can batch all the claims transcript.absorb(