Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Integrate ZeroMorph into Honk #2774

Merged
merged 7 commits into from
Oct 11, 2023
Merged

Conversation

ledwards2225
Copy link
Contributor

@ledwards2225 ledwards2225 commented Oct 10, 2023

This PR integrates ZeroMorph into Honk. Anywhere we used to use Gemini+Shplonk+KZG, we now use ZeroMorph.

Note: Charlie has confirmed that the work_queue is no longer needed so it has not been incorporated into the ZeroMorph rounds. (I'll remove the work_queue altogether in a follow on). This also means that it doesn't make sense to define the ZM protocol across multiple rounds split up in the Prover/Verifier (like we used to for Gemini/Shplonk). Instead, the entire protocol is defined via prove and verify functions in the ZeroMorphProver/Verifier classes and those methods are called from the main Honk Prover/Verifier (similar to Sumcheck).

Checklist:

Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge.

  • If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag.
  • I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code.
  • Every change is related to the PR description.
  • I have linked this pull request to relevant issues (if any exist).

@ledwards2225 ledwards2225 changed the title feat: Integrate ZeroMorph into Honk 2 feat: Integrate ZeroMorph into Honk Oct 10, 2023
@ledwards2225 ledwards2225 force-pushed the lde/zeromorph_in_honk branch from 574524b to 38cd777 Compare October 10, 2023 23:37
@ledwards2225 ledwards2225 marked this pull request as ready for review October 11, 2023 15:58
Copy link
Contributor

@maramihali maramihali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work again! Just a couple of things that are slightly unclear to me but other than that it's ready to merge.

@@ -60,7 +60,7 @@ template <typename Builder> class Transcript {
*/
std::array<field_ct, num_challenges> challenges;
for (size_t i = 0; i < num_challenges; ++i) {
challenges[i] = native_challenges[i];
challenges[i] = field_ct::from_witness(builder, native_challenges[i]);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this better?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In various places we need to extract a builder from an existing stdlib element (e.g. I need a builder in a ZM method so I get it via auto builder = foo_challenge.get_context(). We were already using this from_witness method for single challenges but not in the multiple challenges method. I never noticed simply because we were never explicitly extracting a builder from a challenge generated via the plural method get_challenges().

/**
* @brief
* @brief Compute powers of a given challenge
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like we do somethig like this in several places in the codebase (or at least PG) so evntually I think it can be retrieved from a Utils file. No need to do it now tho

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, it's very general. We'll find a place for it

auto& transcript)
{
size_t log_N = multivariate_challenge.size();
FF rho = transcript.get_challenge("rho");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you call it rho here (I assume because alpha is a clashing name) can you modify the writeup as well and comments?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I'll make sure this is consistent everywhere

auto scalar = x_challenge * alpha_pow;
result = result + (commitment * scalar);
scalars.emplace_back(x_challenge * alpha_pow);
commitments.emplace_back(commitment);
alpha_pow *= alpha;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and it should be rho here as well

* @brief Utility for native batch multiplication of group elements
*
*/
static Commitment batch_mul_native(std::vector<Commitment> points, std::vector<FF> scalars)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add a note on why we dont use projective form here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a comment saying this is used for native verification only and is not optimized but it's also the case that projective form is used under the hood in the + operator for affine elements

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, good to know


// Compute batch mul to get the result
if constexpr (Curve::is_stdlib_type) {
return GroupElement::batch_mul(commitments, scalars);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

have you tested this if clause branch? it looks a bit funny to me that the return value is projective but the signature is affine? (unless conversion happens magically)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looked at tests, don't see it tested

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code is run and tested in all of the honk recursive verifier tests (stdlib/recursion/honk/verifier/verifier.test.cpp) which are now set up to use ZM. For stdlib values (biggroup) there is no distinction (it's all affine), we just define aliases for Group Element and AffineElement (see stdlib/primitives/curves/bn254.hpp) that all reference element (defined in biggroup).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can change the alias used to avoid confusion

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, didn't know that it's all affine. But yeah I think if there is no concept of projective we should just not expose Element to avoid confusion

@ledwards2225 ledwards2225 force-pushed the lde/zeromorph_in_honk branch from 38cd777 to b2dc1a1 Compare October 11, 2023 21:11
@ledwards2225 ledwards2225 self-assigned this Oct 11, 2023
@AztecBot
Copy link
Collaborator

Benchmark results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

This benchmark source data is available in JSON format on S3 here.

Values are compared against data from master at commit 9a354c94 and shown if the difference exceeds 1%.

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric 8 txs 32 txs 128 txs
l1_rollup_calldata_size_in_bytes 45,444 179,588 716,132
l1_rollup_calldata_gas 222,792 868,160 3,449,300
l1_rollup_execution_gas 841,879 3,595,268 22,204,669
l2_block_processing_time_in_ms 1,049 (+2%) 3,823 (-1%) 15,384
note_successful_decrypting_time_in_ms 331 (+2%) 967 (-2%) 3,642
note_trial_decrypting_time_in_ms ⚠️ 36.0 (+33%) ⚠️ 76.0 (-16%) 137 (+1%)
l2_block_building_time_in_ms 9,068 (+1%) 35,368 (-1%) 150,934 (+1%)
l2_block_rollup_simulation_time_in_ms 6,727 (+1%) 26,303 (-1%) 105,763 (+1%)
l2_block_public_tx_process_time_in_ms 2,296 (+1%) 8,937 (-2%) 44,311 (+2%)

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 16 txs.

Metric 5 blocks 10 blocks
node_history_sync_time_in_ms 16,349 (+10%) 35,266 (+9%)
note_history_successful_decrypting_time_in_ms 2,599 (+8%) 5,323 (+8%)
note_history_trial_decrypting_time_in_ms 124 (+2%) 152 (+3%)
node_database_size_in_bytes 1,645,526 1,089,005 (-9%)
pxe_database_size_in_bytes 27,188 54,187

Circuits stats

Stats on running time and I/O sizes collected for every circuit run across all benchmarks.

Circuit circuit_simulation_time_in_ms circuit_input_size_in_bytes circuit_output_size_in_bytes
private-kernel-init 45.6 (+4%) 56,577 14,745
private-kernel-ordering 22.2 (+2%) 20,137 8,089
base-rollup 867 (+2%) 631,605 811
root-rollup 38.9 (+2%) 4,072 1,097
private-kernel-inner 39.0 (+5%) 72,288 14,745
public-kernel-private-input 48.0 (+1%) 37,359 14,745
public-kernel-non-first-iteration 29.1 (+3%) 37,401 14,745
merge-rollup 1.02 (+9%) 2,592 873

@ledwards2225 ledwards2225 merged commit ea86869 into master Oct 11, 2023
@ledwards2225 ledwards2225 deleted the lde/zeromorph_in_honk branch October 11, 2023 21:37
PhilWindle pushed a commit that referenced this pull request Oct 13, 2023
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-packages: 0.8.11</summary>

##
[0.8.11](aztec-packages-v0.8.10...aztec-packages-v0.8.11)
(2023-10-13)


### Features

* **archiver:** Use registry to fetch searchStartBlock
([#2830](#2830))
([e5bc067](e5bc067))
* Configure sandbox for network
([#2818](#2818))
([d393a59](d393a59))
* **docker-sandbox:** Allow forks in sandbox
([#2831](#2831))
([ed8431c](ed8431c)),
closes
[#2726](#2726)
* Goblin Translator Decomposition relation (Goblin Translator part 4)
([#2802](#2802))
([3c3cd9f](3c3cd9f))
* Goblin Translator GenPermSort relation (Goblin Translator part 3)
([#2795](#2795))
([b36fdc4](b36fdc4))
* Goblin translator opcode constraint and accumulator transfer relations
(Goblin Translator part 5)
([#2805](#2805))
([b3d1f28](b3d1f28))
* Goblin Translator Permutation relation (Goblin Translator part 2)
([#2790](#2790))
([9a354c9](9a354c9))
* Integrate ZeroMorph into Honk
([#2774](#2774))
([ea86869](ea86869))
* Purge non native token + reorder params in token portal
([#2723](#2723))
([447dade](447dade))
* Throw compile error if read/write public state from private
([#2804](#2804))
([a3649df](a3649df))
* Unencrypted log filtering
([#2600](#2600))
([7ae554a](7ae554a)),
closes
[#1498](#1498)
[#1500](#1500)
* Update goblin translator circuit builder (Goblin Translator part 1)
([#2764](#2764))
([32c69ae](32c69ae))


### Bug Fixes

* Outdated `noir:clean`
([#2821](#2821))
([2ea199f](2ea199f))


### Miscellaneous

* Benchmark tx sizes in p2p pool
([#2810](#2810))
([f63219c](f63219c))
* Change acir_tests branch to point to master
([#2815](#2815))
([73f229d](73f229d))
* Fix typo
([#2839](#2839))
([5afdf91](5afdf91))
* From &lt; genesis allowed in getBlocks
([#2816](#2816))
([5622b50](5622b50))
* Remove Ultra Grumpkin flavor
([#2825](#2825))
([bde77b8](bde77b8))
* Remove work queue from honk
([#2814](#2814))
([bca7d12](bca7d12))
* Spell check
([#2817](#2817))
([4777a11](4777a11))


### Documentation

* Slight changes to update portal page
([#2799](#2799))
([eb65819](eb65819))
* Update aztec_connect_sunset.mdx
([#2808](#2808))
([5f659a7](5f659a7))
</details>

<details><summary>barretenberg.js: 0.8.11</summary>

##
[0.8.11](barretenberg.js-v0.8.10...barretenberg.js-v0.8.11)
(2023-10-13)


### Miscellaneous

* **barretenberg.js:** Synchronize aztec-packages versions
</details>

<details><summary>barretenberg: 0.8.11</summary>

##
[0.8.11](barretenberg-v0.8.10...barretenberg-v0.8.11)
(2023-10-13)


### Features

* Goblin Translator Decomposition relation (Goblin Translator part 4)
([#2802](#2802))
([3c3cd9f](3c3cd9f))
* Goblin Translator GenPermSort relation (Goblin Translator part 3)
([#2795](#2795))
([b36fdc4](b36fdc4))
* Goblin translator opcode constraint and accumulator transfer relations
(Goblin Translator part 5)
([#2805](#2805))
([b3d1f28](b3d1f28))
* Goblin Translator Permutation relation (Goblin Translator part 2)
([#2790](#2790))
([9a354c9](9a354c9))
* Integrate ZeroMorph into Honk
([#2774](#2774))
([ea86869](ea86869))
* Update goblin translator circuit builder (Goblin Translator part 1)
([#2764](#2764))
([32c69ae](32c69ae))


### Miscellaneous

* Change acir_tests branch to point to master
([#2815](#2815))
([73f229d](73f229d))
* Remove Ultra Grumpkin flavor
([#2825](#2825))
([bde77b8](bde77b8))
* Remove work queue from honk
([#2814](#2814))
([bca7d12](bca7d12))
* Spell check
([#2817](#2817))
([4777a11](4777a11))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
AztecBot added a commit to AztecProtocol/barretenberg that referenced this pull request Oct 14, 2023
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-packages: 0.8.11</summary>

##
[0.8.11](AztecProtocol/aztec-packages@aztec-packages-v0.8.10...aztec-packages-v0.8.11)
(2023-10-13)


### Features

* **archiver:** Use registry to fetch searchStartBlock
([#2830](AztecProtocol/aztec-packages#2830))
([e5bc067](AztecProtocol/aztec-packages@e5bc067))
* Configure sandbox for network
([#2818](AztecProtocol/aztec-packages#2818))
([d393a59](AztecProtocol/aztec-packages@d393a59))
* **docker-sandbox:** Allow forks in sandbox
([#2831](AztecProtocol/aztec-packages#2831))
([ed8431c](AztecProtocol/aztec-packages@ed8431c)),
closes
[#2726](AztecProtocol/aztec-packages#2726)
* Goblin Translator Decomposition relation (Goblin Translator part 4)
([#2802](AztecProtocol/aztec-packages#2802))
([3c3cd9f](AztecProtocol/aztec-packages@3c3cd9f))
* Goblin Translator GenPermSort relation (Goblin Translator part 3)
([#2795](AztecProtocol/aztec-packages#2795))
([b36fdc4](AztecProtocol/aztec-packages@b36fdc4))
* Goblin translator opcode constraint and accumulator transfer relations
(Goblin Translator part 5)
([#2805](AztecProtocol/aztec-packages#2805))
([b3d1f28](AztecProtocol/aztec-packages@b3d1f28))
* Goblin Translator Permutation relation (Goblin Translator part 2)
([#2790](AztecProtocol/aztec-packages#2790))
([9a354c9](AztecProtocol/aztec-packages@9a354c9))
* Integrate ZeroMorph into Honk
([#2774](AztecProtocol/aztec-packages#2774))
([ea86869](AztecProtocol/aztec-packages@ea86869))
* Purge non native token + reorder params in token portal
([#2723](AztecProtocol/aztec-packages#2723))
([447dade](AztecProtocol/aztec-packages@447dade))
* Throw compile error if read/write public state from private
([#2804](AztecProtocol/aztec-packages#2804))
([a3649df](AztecProtocol/aztec-packages@a3649df))
* Unencrypted log filtering
([#2600](AztecProtocol/aztec-packages#2600))
([7ae554a](AztecProtocol/aztec-packages@7ae554a)),
closes
[#1498](AztecProtocol/aztec-packages#1498)
[#1500](AztecProtocol/aztec-packages#1500)
* Update goblin translator circuit builder (Goblin Translator part 1)
([#2764](AztecProtocol/aztec-packages#2764))
([32c69ae](AztecProtocol/aztec-packages@32c69ae))


### Bug Fixes

* Outdated `noir:clean`
([#2821](AztecProtocol/aztec-packages#2821))
([2ea199f](AztecProtocol/aztec-packages@2ea199f))


### Miscellaneous

* Benchmark tx sizes in p2p pool
([#2810](AztecProtocol/aztec-packages#2810))
([f63219c](AztecProtocol/aztec-packages@f63219c))
* Change acir_tests branch to point to master
([#2815](AztecProtocol/aztec-packages#2815))
([73f229d](AztecProtocol/aztec-packages@73f229d))
* Fix typo
([#2839](AztecProtocol/aztec-packages#2839))
([5afdf91](AztecProtocol/aztec-packages@5afdf91))
* From &lt; genesis allowed in getBlocks
([#2816](AztecProtocol/aztec-packages#2816))
([5622b50](AztecProtocol/aztec-packages@5622b50))
* Remove Ultra Grumpkin flavor
([#2825](AztecProtocol/aztec-packages#2825))
([bde77b8](AztecProtocol/aztec-packages@bde77b8))
* Remove work queue from honk
([#2814](AztecProtocol/aztec-packages#2814))
([bca7d12](AztecProtocol/aztec-packages@bca7d12))
* Spell check
([#2817](AztecProtocol/aztec-packages#2817))
([4777a11](AztecProtocol/aztec-packages@4777a11))


### Documentation

* Slight changes to update portal page
([#2799](AztecProtocol/aztec-packages#2799))
([eb65819](AztecProtocol/aztec-packages@eb65819))
* Update aztec_connect_sunset.mdx
([#2808](AztecProtocol/aztec-packages#2808))
([5f659a7](AztecProtocol/aztec-packages@5f659a7))
</details>

<details><summary>barretenberg.js: 0.8.11</summary>

##
[0.8.11](AztecProtocol/aztec-packages@barretenberg.js-v0.8.10...barretenberg.js-v0.8.11)
(2023-10-13)


### Miscellaneous

* **barretenberg.js:** Synchronize aztec-packages versions
</details>

<details><summary>barretenberg: 0.8.11</summary>

##
[0.8.11](AztecProtocol/aztec-packages@barretenberg-v0.8.10...barretenberg-v0.8.11)
(2023-10-13)


### Features

* Goblin Translator Decomposition relation (Goblin Translator part 4)
([#2802](AztecProtocol/aztec-packages#2802))
([3c3cd9f](AztecProtocol/aztec-packages@3c3cd9f))
* Goblin Translator GenPermSort relation (Goblin Translator part 3)
([#2795](AztecProtocol/aztec-packages#2795))
([b36fdc4](AztecProtocol/aztec-packages@b36fdc4))
* Goblin translator opcode constraint and accumulator transfer relations
(Goblin Translator part 5)
([#2805](AztecProtocol/aztec-packages#2805))
([b3d1f28](AztecProtocol/aztec-packages@b3d1f28))
* Goblin Translator Permutation relation (Goblin Translator part 2)
([#2790](AztecProtocol/aztec-packages#2790))
([9a354c9](AztecProtocol/aztec-packages@9a354c9))
* Integrate ZeroMorph into Honk
([#2774](AztecProtocol/aztec-packages#2774))
([ea86869](AztecProtocol/aztec-packages@ea86869))
* Update goblin translator circuit builder (Goblin Translator part 1)
([#2764](AztecProtocol/aztec-packages#2764))
([32c69ae](AztecProtocol/aztec-packages@32c69ae))


### Miscellaneous

* Change acir_tests branch to point to master
([#2815](AztecProtocol/aztec-packages#2815))
([73f229d](AztecProtocol/aztec-packages@73f229d))
* Remove Ultra Grumpkin flavor
([#2825](AztecProtocol/aztec-packages#2825))
([bde77b8](AztecProtocol/aztec-packages@bde77b8))
* Remove work queue from honk
([#2814](AztecProtocol/aztec-packages#2814))
([bca7d12](AztecProtocol/aztec-packages@bca7d12))
* Spell check
([#2817](AztecProtocol/aztec-packages#2817))
([4777a11](AztecProtocol/aztec-packages@4777a11))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants