diff --git a/benches/end2end.rs b/benches/end2end.rs index 078450bbe9..97f2ce114c 100644 --- a/benches/end2end.rs +++ b/benches/end2end.rs @@ -345,12 +345,12 @@ fn verify_benchmark(c: &mut Criterion) { let ptr = go_base(&store, state.clone(), s.0, s.1); let prover = NovaProver::new(reduction_count, lang_pallas_rc.clone()); let (frames, _) = evaluate::>(None, ptr, &store, limit).unwrap(); - let (proof, z0, zi, num_steps) = prover.prove(&pp, &frames, &store).unwrap(); + let (proof, z0, zi, _num_steps) = prover.prove(&pp, &frames, &store).unwrap(); b.iter_batched( || z0.clone(), |z0| { - let result = proof.verify(&pp, &z0, &zi[..], num_steps).unwrap(); + let result = proof.verify(&pp, &z0, &zi[..]).unwrap(); black_box(result); }, BatchSize::LargeInput, @@ -397,16 +397,14 @@ fn verify_compressed_benchmark(c: &mut Criterion) { let ptr = go_base(&store, state.clone(), s.0, s.1); let prover = NovaProver::new(reduction_count, lang_pallas_rc.clone()); let (frames, _) = evaluate::>(None, ptr, &store, limit).unwrap(); - let (proof, z0, zi, num_steps) = prover.prove(&pp, &frames, &store).unwrap(); + let (proof, z0, zi, _num_steps) = prover.prove(&pp, &frames, &store).unwrap(); let compressed_proof = proof.compress(&pp).unwrap(); b.iter_batched( || z0.clone(), |z0| { - let result = compressed_proof - .verify(&pp, &z0, &zi[..], num_steps) - .unwrap(); + let result = compressed_proof.verify(&pp, &z0, &zi[..]).unwrap(); black_box(result); }, BatchSize::LargeInput, diff --git a/examples/circom.rs b/examples/circom.rs index 1f479c392b..e79fb5b81a 100644 --- a/examples/circom.rs +++ b/examples/circom.rs @@ -127,7 +127,7 @@ fn main() { println!("Beginning proof step..."); let proof_start = Instant::now(); - let (proof, z0, zi, num_steps) = nova_prover + let (proof, z0, zi, _num_steps) = nova_prover .evaluate_and_prove(&pp, ptr, store.intern_nil(), store, 10000) .unwrap(); let proof_end = proof_start.elapsed(); @@ -137,7 +137,7 @@ fn main() { println!("Verifying proof..."); let verify_start = Instant::now(); - let res = proof.verify(&pp, &z0, &zi, num_steps).unwrap(); + let res = proof.verify(&pp, &z0, &zi).unwrap(); let verify_end = verify_start.elapsed(); println!("Verify took {verify_end:?}"); diff --git a/examples/sha256_ivc.rs b/examples/sha256_ivc.rs index 8505198971..a694934c1c 100644 --- a/examples/sha256_ivc.rs +++ b/examples/sha256_ivc.rs @@ -87,7 +87,7 @@ fn main() { println!("Beginning proof step..."); let proof_start = Instant::now(); - let (proof, z0, zi, num_steps) = tracing_texray::examine(tracing::info_span!("bang!")) + let (proof, z0, zi, _num_steps) = tracing_texray::examine(tracing::info_span!("bang!")) .in_scope(|| { nova_prover .evaluate_and_prove(&pp, call, store.intern_nil(), store, 10000) @@ -100,7 +100,7 @@ fn main() { println!("Verifying proof..."); let verify_start = Instant::now(); - assert!(proof.verify(&pp, &z0, &zi, num_steps).unwrap()); + assert!(proof.verify(&pp, &z0, &zi).unwrap()); let verify_end = verify_start.elapsed(); println!("Verify took {:?}", verify_end); @@ -113,7 +113,7 @@ fn main() { println!("Compression took {:?}", compress_end); let compressed_verify_start = Instant::now(); - let res = compressed_proof.verify(&pp, &z0, &zi, num_steps).unwrap(); + let res = compressed_proof.verify(&pp, &z0, &zi).unwrap(); let compressed_verify_end = compressed_verify_start.elapsed(); println!("Final verification took {:?}", compressed_verify_end); diff --git a/examples/sha256_nivc.rs b/examples/sha256_nivc.rs index 446740c510..17a8518567 100644 --- a/examples/sha256_nivc.rs +++ b/examples/sha256_nivc.rs @@ -95,9 +95,8 @@ fn main() { println!("Beginning proof step..."); let proof_start = Instant::now(); - let ((proof, last_circuit_index), z0, zi, _num_steps) = - tracing_texray::examine(tracing::info_span!("bang!")) - .in_scope(|| supernova_prover.prove(&pp, &frames, store).unwrap()); + let (proof, z0, zi, _num_steps) = tracing_texray::examine(tracing::info_span!("bang!")) + .in_scope(|| supernova_prover.prove(&pp, &frames, store).unwrap()); let proof_end = proof_start.elapsed(); println!("Proofs took {:?}", proof_end); @@ -105,7 +104,7 @@ fn main() { println!("Verifying proof..."); let verify_start = Instant::now(); - assert!(proof.verify(&pp, &z0, &zi, last_circuit_index).unwrap()); + assert!(proof.verify(&pp, &z0, &zi).unwrap()); let verify_end = verify_start.elapsed(); println!("Verify took {:?}", verify_end); @@ -118,9 +117,7 @@ fn main() { println!("Compression took {:?}", compress_end); let compressed_verify_start = Instant::now(); - let res = compressed_proof - .verify(&pp, &z0, &zi, last_circuit_index) - .unwrap(); + let res = compressed_proof.verify(&pp, &z0, &zi).unwrap(); let compressed_verify_end = compressed_verify_start.elapsed(); println!("Final verification took {:?}", compressed_verify_end); diff --git a/src/cli/lurk_proof.rs b/src/cli/lurk_proof.rs index 4690b7b134..08bf4552bc 100644 --- a/src/cli/lurk_proof.rs +++ b/src/cli/lurk_proof.rs @@ -139,7 +139,6 @@ pub(crate) enum LurkProof< proof: nova::Proof<'a, F, C, M>, public_inputs: Vec, public_outputs: Vec, - num_steps: usize, rc: usize, lang: Lang, }, @@ -209,7 +208,6 @@ where proof, public_inputs, public_outputs, - num_steps, rc, lang, } => { @@ -217,7 +215,7 @@ where let instance = Instance::new(*rc, Arc::new(lang.clone()), true, Kind::NovaPublicParams); let pp = public_params(&instance)?; - Ok(proof.verify(&pp, public_inputs, public_outputs, *num_steps)?) + Ok(proof.verify(&pp, public_inputs, public_outputs)?) } } } diff --git a/src/cli/repl/meta_cmd.rs b/src/cli/repl/meta_cmd.rs index f2fb03ff3e..b23fd59c54 100644 --- a/src/cli/repl/meta_cmd.rs +++ b/src/cli/repl/meta_cmd.rs @@ -860,7 +860,6 @@ enum ProtocolProof< Nova { args: LurkData, proof: nova::Proof<'a, F, C, M>, - num_steps: usize, }, } @@ -1074,21 +1073,8 @@ impl MetaCmd { match load::>>>(&proof_path( &proof_key, ))? { - LurkProof::Nova { - proof, - public_inputs: _, - public_outputs: _, - num_steps, - .. - } => { - dump( - ProtocolProof::Nova { - args, - proof, - num_steps, - }, - &path, - )?; + LurkProof::Nova { proof, .. } => { + dump(ProtocolProof::Nova { args, proof }, &path)?; println!("Protocol proof saved at {path}"); Ok(()) } @@ -1122,7 +1108,6 @@ impl MetaCmd { ProtocolProof::Nova { args: LurkData { z_ptr, z_dag }, proof, - num_steps, } => { let args = z_dag.populate_store(&z_ptr, &repl.store, &mut Default::default())?; @@ -1141,7 +1126,6 @@ impl MetaCmd { &pp, &repl.store.to_scalar_vector(&cek_io[..3]), &repl.store.to_scalar_vector(&cek_io[3..]), - num_steps, )? { bail!("Proof verification failed") } diff --git a/src/cli/repl/mod.rs b/src/cli/repl/mod.rs index b64fbf187b..69659eb82a 100644 --- a/src/cli/repl/mod.rs +++ b/src/cli/repl/mod.rs @@ -317,13 +317,12 @@ impl Repl { info!("Compressing proof"); let proof = proof.compress(&pp)?; assert_eq!(self.rc * num_steps, pad(n_frames, self.rc)); - assert!(proof.verify(&pp, &public_inputs, &public_outputs, num_steps)?); + assert!(proof.verify(&pp, &public_inputs, &public_outputs)?); let lurk_proof = LurkProof::Nova { proof, public_inputs, public_outputs, - num_steps, rc: self.rc, lang: (*self.lang).clone(), }; diff --git a/src/proof/mod.rs b/src/proof/mod.rs index ff679ef1a2..8730d9c63a 100644 --- a/src/proof/mod.rs +++ b/src/proof/mod.rs @@ -180,12 +180,6 @@ pub trait RecursiveSNARKTrait< /// Associated type for public parameters type PublicParams; - /// Main output of `prove_recursively`, encoding the actual proof - type ProveOutput; - - /// Extra input for `verify` to be defined as needed - type ExtraVerifyInput; - /// Type for error potentially thrown during verification type ErrorType; @@ -197,20 +191,13 @@ pub trait RecursiveSNARKTrait< store: &'a M::Store, reduction_count: usize, lang: Arc>, - ) -> Result; + ) -> Result; /// Compress a proof fn compress(self, pp: &Self::PublicParams) -> Result; /// Verify the proof given the public parameters, the input and output values - /// and the extra custom argument defined by who implements this trait. - fn verify( - &self, - pp: &Self::PublicParams, - z0: &[F], - zi: &[F], - extra: Self::ExtraVerifyInput, - ) -> Result; + fn verify(&self, pp: &Self::PublicParams, z0: &[F], zi: &[F]) -> Result; /// Return the `z0_secondary` #[inline] @@ -257,18 +244,8 @@ pub trait Prover<'a, F: CurveCycleEquipped, C: Coprocessor + 'a, M: MultiFram /// Associated type for public parameters type PublicParams; - /// Main output of `prove`, encoding the actual proof - type ProveOutput; - /// Assiciated proof type, which must implement `RecursiveSNARKTrait` - type RecursiveSnark: RecursiveSNARKTrait< - 'a, - F, - C, - M, - PublicParams = Self::PublicParams, - ProveOutput = Self::ProveOutput, - >; + type RecursiveSnark: RecursiveSNARKTrait<'a, F, C, M, PublicParams = Self::PublicParams>; /// Returns a reference to the prover's FoldingMode fn folding_mode(&self) -> &FoldingMode; @@ -285,7 +262,7 @@ pub trait Prover<'a, F: CurveCycleEquipped, C: Coprocessor + 'a, M: MultiFram pp: &Self::PublicParams, frames: &[M::EvalFrame], store: &'a M::Store, - ) -> Result<(Self::ProveOutput, Vec, Vec, usize), ProofError> { + ) -> Result<(Self::RecursiveSnark, Vec, Vec, usize), ProofError> { store.hydrate_z_cache(); let z0 = M::io_to_scalar_vector(store, frames[0].input()); let zi = M::io_to_scalar_vector(store, frames.last().unwrap().output()); @@ -318,7 +295,7 @@ pub trait Prover<'a, F: CurveCycleEquipped, C: Coprocessor + 'a, M: MultiFram env: M::Ptr, store: &'a M::Store, limit: usize, - ) -> Result<(Self::ProveOutput, Vec, Vec, usize), ProofError> { + ) -> Result<(Self::RecursiveSnark, Vec, Vec, usize), ProofError> { let eval_config = self.folding_mode().eval_config(self.lang()); let frames = M::build_frames(expr, env, store, limit, &eval_config)?; self.prove(pp, &frames, store) diff --git a/src/proof/nova.rs b/src/proof/nova.rs index 642db31792..74bb4a6728 100644 --- a/src/proof/nova.rs +++ b/src/proof/nova.rs @@ -157,14 +157,18 @@ where < as Engine>::Scalar as ff::PrimeField>::Repr: Abomonation, < as Engine>::Scalar as ff::PrimeField>::Repr: Abomonation, { - /// A proof for the intermediate steps of a recursive computation + /// A proof for the intermediate steps of a recursive computation along with + /// the number of steps used for verification Recursive( Box, E2, M, C2>>, + usize, PhantomData<&'a C>, ), - /// A proof for the final step of a recursive computation + /// A proof for the final step of a recursive computation along with the number + /// of steps used for verification Compressed( Box, E2, M, C2, SS1, SS2>>, + usize, PhantomData<&'a C>, ), } @@ -235,11 +239,6 @@ where { type PublicParams = PublicParams; - type ProveOutput = Self; - - /// The number of steps - type ExtraVerifyInput = usize; - type ErrorType = NovaError; #[tracing::instrument(skip_all, name = "nova::prove_recursively")] @@ -261,7 +260,8 @@ where let (_circuit_primary, circuit_secondary): (M, TrivialCircuit< as Engine>::Scalar>) = circuits(reduction_count, lang); - tracing::debug!("steps.len: {}", steps.len()); + let num_steps = steps.len(); + tracing::debug!("steps.len: {num_steps}"); // produce a recursive SNARK let mut recursive_snark: Option, E2, M, C2>> = None; @@ -353,38 +353,38 @@ where Ok(Self::Recursive( Box::new(recursive_snark.unwrap()), + num_steps, PhantomData, )) } fn compress(self, pp: &PublicParams) -> Result { - match &self { - Self::Recursive(recursive_snark, _) => Ok(Self::Compressed( + match self { + Self::Recursive(recursive_snark, num_steps, _) => Ok(Self::Compressed( Box::new(CompressedSNARK::<_, _, _, _, SS1, SS2>::prove( &pp.pp, &pp.pk, - recursive_snark, + &recursive_snark, )?), + num_steps, PhantomData, )), Self::Compressed(..) => Ok(self), } } - fn verify( - &self, - pp: &Self::PublicParams, - z0: &[F], - zi: &[F], - num_steps: usize, - ) -> Result { + fn verify(&self, pp: &Self::PublicParams, z0: &[F], zi: &[F]) -> Result { let (z0_primary, zi_primary) = (z0, zi); let z0_secondary = Self::z0_secondary(); let zi_secondary = &z0_secondary; let (zi_primary_verified, zi_secondary_verified) = match self { - Self::Recursive(p, _) => p.verify(&pp.pp, num_steps, z0_primary, &z0_secondary)?, - Self::Compressed(p, _) => p.verify(&pp.vk, num_steps, z0_primary, &z0_secondary)?, + Self::Recursive(p, num_steps, _) => { + p.verify(&pp.pp, *num_steps, z0_primary, &z0_secondary)? + } + Self::Compressed(p, num_steps, _) => { + p.verify(&pp.vk, *num_steps, z0_primary, &z0_secondary)? + } }; Ok(zi_primary == zi_primary_verified && zi_secondary == &zi_secondary_verified) @@ -428,7 +428,6 @@ where < as Engine>::Scalar as ff::PrimeField>::Repr: Abomonation, { type PublicParams = PublicParams; - type ProveOutput = Proof<'a, F, C, M>; type RecursiveSnark = Proof<'a, F, C, M>; #[inline] diff --git a/src/proof/supernova.rs b/src/proof/supernova.rs index 462adc5516..f8e28ed7aa 100644 --- a/src/proof/supernova.rs +++ b/src/proof/supernova.rs @@ -192,12 +192,6 @@ where { type PublicParams = PublicParams; - /// Proving with SuperNova outputs the proof and the index of the last circuit - type ProveOutput = (Self, usize); - - /// The index of the last circuit - type ExtraVerifyInput = usize; - type ErrorType = SuperNovaError; #[tracing::instrument(skip_all, name = "supernova::prove_recursively")] @@ -208,14 +202,12 @@ where _store: &'a ::Store, _reduction_count: usize, _lang: Arc>, - ) -> Result<(Self, usize), ProofError> { + ) -> Result { let mut recursive_snark_option: Option, E2>> = None; let z0_primary = z0; let z0_secondary = Self::z0_secondary(); - let mut last_circuit_index = 0; - for (i, step) in steps.iter().enumerate() { info!("prove_recursively, step {i}"); @@ -239,17 +231,12 @@ where .unwrap(); recursive_snark_option = Some(recursive_snark); - - last_circuit_index = step.circuit_index(); } // This probably should be made unnecessary. - Ok(( - Self::Recursive(Box::new( - recursive_snark_option.expect("RecursiveSNARK missing"), - )), - last_circuit_index, - )) + Ok(Self::Recursive(Box::new( + recursive_snark_option.expect("RecursiveSNARK missing"), + ))) } fn compress(self, pp: &PublicParams) -> Result { @@ -266,13 +253,7 @@ where } } - fn verify( - &self, - pp: &Self::PublicParams, - z0: &[F], - zi: &[F], - _last_circuit_idx: usize, - ) -> Result { + fn verify(&self, pp: &Self::PublicParams, z0: &[F], zi: &[F]) -> Result { let (z0_primary, zi_primary) = (z0, zi); let z0_secondary = Self::z0_secondary(); let zi_secondary = &z0_secondary; @@ -297,7 +278,6 @@ where < as Engine>::Scalar as ff::PrimeField>::Repr: Abomonation, { type PublicParams = PublicParams; - type ProveOutput = (Proof<'a, F, C, M>, usize); type RecursiveSnark = Proof<'a, F, C, M>; #[inline] diff --git a/src/proof/tests/mod.rs b/src/proof/tests/mod.rs index e9ea32fbad..902646af84 100644 --- a/src/proof/tests/mod.rs +++ b/src/proof/tests/mod.rs @@ -139,16 +139,16 @@ where if check_nova { let pp = public_params::<_, _, M>(reduction_count, lang.clone()); - let (proof, z0, zi, num_steps) = nova_prover.prove(&pp, &frames, s).unwrap(); + let (proof, z0, zi, _num_steps) = nova_prover.prove(&pp, &frames, s).unwrap(); - let res = proof.verify(&pp, &z0, &zi, num_steps); + let res = proof.verify(&pp, &z0, &zi); if res.is_err() { tracing::debug!("{:?}", &res); } assert!(res.unwrap()); let compressed = proof.compress(&pp).unwrap(); - let res2 = compressed.verify(&pp, &z0, &zi, num_steps); + let res2 = compressed.verify(&pp, &z0, &zi); assert!(res2.unwrap()); }